Projects
Mega:24.09
stunnel
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 2
View file
_service:tar_scm:stunnel.spec
Changed
@@ -1,5 +1,5 @@ Name: stunnel -Version: 5.69 +Version: 5.72 Release: 1 Summary: Secure traffic running between a TCP client and server License: GPLv2 @@ -36,8 +36,7 @@ %prep %autosetup -n %{name}-%{version} -p1 change_date=`date +%Y.%m.%d` -sed -i "s/2018\.07\.02/${change_date}/g" `grep "2018\.07\.02" -lr ./` -sed -i '/yes).*result: no/,+1{s/result: no/result: yes/;s/as_echo "no"/as_echo "yes"/}' configure +sed -i "s/2024\.02\.04/${change_date}/g" `grep "2024\.02\.04" -lr ./` sed -i 's/-fstack-protector/-fstack-protector-strong/' configure %build @@ -88,6 +87,9 @@ %exclude %{_datadir}/doc/stunnel %changelog +* Thu Jul 04 2024 Ge Wang <wang__ge@126.com> - 5.72-1 +- Update to 5.72 + * Wed Apr 19 2023 yaoxin <yao_xin001@hoperun.com> - 5.69-1 - Update to 5.69
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="scm">git</param> <param name="url">git@gitee.com:src-openeuler/stunnel.git</param> - <param name="revision">master</param> + <param name="revision">openEuler-24.09</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
View file
_service:tar_scm:stunnel-5.69.tar.gz.asc
Deleted
@@ -1,18 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmQDL5FfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC -QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW -4BQqyxAAwj4fnDEJmQ86U22gRITMom39zKFG+5E/trHwNPTL4dJ2Q2EEP2W7YNhD -FxkpRxvUSU0Ns6JzOR5v8ydwALDflzc6fVK2+dv2W7hrmR24IcNQRdZngOPMVN6Y -chnV+ViwQapGuBmO5UWfgkgglQhJwH94G3BwbTZbTHiAa4wTQHh38m/BfNn1uZ0p -+tgMl/pWSWOU+8e0wrwrG2ELtn/zY6Qmnb0hVkGu1yn6PR24fqoq3+pnoEiNgMvV -OWm8Uw9C1AF1euMSO8WwDV0MqyUMgntq2X6sKi/Kawi+XliDAWU/NJLVLQ8GFyBA -kERU8aNCqdwTRK49fnUho5yIA6IX3ttR8mnh1LKZBCxu7r3UDZD377pGPCEveyrc -B9KbuJ+j1IaUbsfa79n3IYORQ3AaSTYnG1NPL+MD/3GeJ+hWr5ai63AclPzqmSG0 -UvgOrdMRifbMrKhakA8TYvRNz7QJMvAPKTEOi0pwCK6br/OzKssmgvSVDnPoWk6n -nYwktvMDI/AsaDPuIXQVVffJbgpN9cLNzi7fK8j7oWp2dVPTIDG3EBLPeFVwsIcB -lcRE9PBxtBw5NAv96o8/CnLswKcUpsDpMammqv/OBQ8dCbutHRnvt+JsWCzxB66t -av9nRDmnnhBPz8hnaws5FmA9nzPFvRs3l/mA7txXYmXJNzG7vrE= -=rfrY ------END PGP SIGNATURE-----
View file
_service:tar_scm:stunnel-5.69.tar.gz/tests/certs/openssltest.cnf
Deleted
@@ -1,58 +0,0 @@ -# OpenSSL root CA configuration file - - ca -default_ca = CA_default - - CA_default -# Directory and file locations. -dir = . -certs = $dir/demoCA -crl_dir = $dir/demoCA -new_certs_dir = $dir/demoCA -database = $dir/demoCA/index.txt -serial = $dir/demoCA/serial -crl_extensions = crl_ext -default_md = sha256 -preserve = no -policy = policy_match -x509_extensions = usr_cert -private_key = $dir/demoCA/CA.key -certificate = $dir/tmp/CACert.pem - - req -encrypt_key = no -default_bits = 2048 -default_md = sha256 -string_mask = utf8only -x509_extensions = ca_extensions -distinguished_name = req_distinguished_name - - crl_ext -authorityKeyIdentifier = keyid:always - - usr_cert -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid, issuer - - ca_extensions -basicConstraints = critical, CA:true -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer -keyUsage = critical, digitalSignature, cRLSign, keyCertSign - - policy_match -countryName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - - req_distinguished_name -countryName = Country Name (2 letter code) -stateOrProvinceName = State or Province Name -localityName = Locality Name -0.organizationName = Organization Name -organizationalUnitName = Organizational Unit Name -commonName = Common Name -emailAddress = Email Address
View file
_service:tar_scm:stunnel-5.69.tar.gz/tools/stunnel.spec
Deleted
@@ -1,126 +0,0 @@ -Name: stunnel -Version: 5.69 -Release: 1%{?dist} -Summary: An TLS-encrypting socket wrapper -Group: Applications/Internet -License: GPLv2 -URL: https://www.stunnel.org/ -Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -# util-linux is needed for rename -BuildRequires: openssl-devel, util-linux -%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 -BuildRequires: systemd-units -Requires(post): systemd-units -Requires(preun): systemd-units -Requires(postun): systemd-units -%endif - -%description -Stunnel is a socket wrapper which can provide TLS (Transport Layer Security) support to ordinary applications. For example, it can be used -in conjunction with imapd to create an TLS secure IMAP server. - -# Do not generate provides for private libraries -%global __provides_exclude_from ^%{_libdir}/stunnel/.*$ - -%prep -%setup -q - -%build -%configure --enable-fips --enable-ipv6 --with-ssl=%{_prefix} \ - CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"'" -make V=1 - -%install -make install DESTDIR=%{buildroot} -# Move the translated man pages to the right subdirectories, and strip off the -# language suffixes. -for lang in pl ; do - mkdir -p %{buildroot}/%{_mandir}/${lang}/man8 - mv %{buildroot}/%{_mandir}/man8/*.${lang}.8* %{buildroot}/%{_mandir}/${lang}/man8/ - rename ".${lang}" "" %{buildroot}/%{_mandir}/${lang}/man8/* -done -%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 -mkdir -p %{buildroot}%{_unitdir} -cp tools/%{name}.service %{buildroot}%{_unitdir}/%{name}.service -mkdir -p %{buildroot}%{_datadir}/bash-completion/completions -cp tools/%{name}.bash %{buildroot}%{_datadir}/bash-completion/completions/%{name}.bash -%endif - -%post -/sbin/ldconfig -%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 -%systemd_post %{name}.service -%endif - -%preun -%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 -%systemd_preun %{name}.service -%endif - -%postun -/sbin/ldconfig -%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 -%systemd_postun_with_restart %{name}.service -%endif - -%files -%{!?_licensedir:%global license %%doc} -%doc COPYING.md COPYRIGHT.md README.md NEWS.md AUTHORS.md BUGS.md CREDITS.md PORTS.md TODO.md -%license COPY* -%lang(en) %doc doc/en/* -%lang(pl) %doc doc/pl/* -%{_bindir}/stunnel -%exclude %{_bindir}/stunnel3 -%exclude %{_datadir}/doc/stunnel -%{_libdir}/stunnel -%exclude %{_libdir}/stunnel/libstunnel.la -%{_mandir}/man8/stunnel.8* -%lang(pl) %{_mandir}/pl/man8/stunnel.8* -%dir %{_sysconfdir}/%{name} -%config %{_sysconfdir}/%{name}/*-sample -%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 -%{_unitdir}/%{name}*.service -%endif -%config(noreplace) %{_datarootdir}/bash-completion/* - -%changelog -* Fri Feb 24 2023 Małgorzata Olszówka <Malgorzata.Olszowka@stunnel.org> -- Fixed bash completion support -- Removed excluding pem files - -* Wed Mar 02 2022 Małgorzata Olszówka <Malgorzata.Olszowka@stunnel.org> -- bash completion support - -* Fri Sep 24 2021 Michał Trojnara <Michal.Trojnara@stunnel.org> -- Added systemd startup for Fedora >= 15 or RHEL >= 7 -- Removed obsolete init startup -- Removed obsolete logrotate configuration (replaced with journalctl) -- Removed obsolete tcp_wrappers-devel support -- Removed creating a dedicated user -- Simplified the .spec file - -* Wed Apr 27 2016 Andrew Colin Kissa <andrew@topdog.za.net> - 5.32-1 -- Added init script that actually works on Redhat -- Lots of changes and cleanup to improve spec - -* Tue May 26 2015 Bill Quayle <Bill.Quayle@citadel.com> -- updated license specification -- the manual page is no longer marked as compressed -- removed outdated documentation files -- updated minimum required version of OpenSSL - -* Fri Sep 09 2005 neeo <neeo@irc.pl> -- lots of changes and cleanups - -* Wed Mar 17 2004 neeo <neeo@irc.pl> -- updated for 4.05 - -* Sat Jun 24 2000 Brian Hatch <bri@stunnel.org> -- updated for 3.8p3 - -* Wed Jul 14 1999 Dirk O. Siebnich <dok@vossnet.de> -- updated for 3.5. - -* Mon Jun 07 1999 Dirk O. Siebnich <dok@vossnet.de> -- adapted from sslwrap RPM spec file
View file
_service:tar_scm:stunnel-5.72.tar.gz.asc
Added
@@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmXAl5kACgkQLvx/8NQW +4BSnAxAAxC0u/yksf+byWhqkl1txYaZ7tKv6sg8QramWhyCpnlEtBgxCP3I3baae +PQm5HkVgOHNSFNhzrIApEeaXJle4rgH7T+uRkl5mThWYMf47h55Ll70BBg3Mpsjz +iwubuWllA4cyEbd2yWYl1MTzcSxY8F05otQdg+vwIxrHNF26k+pvnYUfBJiw6/7V +1exig3ZF03umSGM/8JTRdkJw4oKxgWR0nvAY6s6C28Hs6ok+700r40pDinmQgYyC +Sb1DC2/SAjFhs8vlxUBtgWCLTQk/uGKWXUjPoG2KqQyhKMfY3ntZT3D9iOWpvC/p +vvZbd3k27a8/D4CyBiBSh+L/bZtOgdZrDPCDxbf2EG1zC8mBjA8A8NIzMVL0D3UL +FHKpPBpw5RMy7Zbrwn59ggVoTSJS8Bcr1khmUjpyTpCnbTOSdsIhFDG5EtPOkJoT +k/6qXMxFAUL8EX3PlPjMSSs8aPWB7BqSEowRYbMGxG7Iqr+z56LiTdGjra+JY6Pv +FrLHHqGB9Hh3YIYbbf5O61DkXNeDVEZlqd03CI5Q9v5r9OKnIdzg4NM3XJ2hBUf4 +PuYKWMhg2gZTwTuQtEV7Py+52sbqdiKCiWyQy3P8vRV/RwKuu/+2vPsxUIxULFEV +0FSBp+BPuM/FPiYwqNam/C67qHZ03jndiOgsTRapsJnAFKT/nXQ= +=vtS5 +-----END PGP SIGNATURE-----
View file
_service:tar_scm:stunnel-5.69.tar.gz/COPYING.md -> _service:tar_scm:stunnel-5.72.tar.gz/COPYING.md
Changed
@@ -1,7 +1,7 @@ # stunnel license (see COPYRIGHT.md for detailed GPL conditions) -_Copyright (C) 1998-2023 Michal Trojnara_ +_Copyright (C) 1998-2024 Michal Trojnara_ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software
View file
_service:tar_scm:stunnel-5.69.tar.gz/Makefile.am -> _service:tar_scm:stunnel-5.72.tar.gz/Makefile.am
Changed
@@ -1,5 +1,5 @@ ## Process this file with automake to produce Makefile.in -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 AM_DISTCHECK_CONFIGURE_FLAGS = --with-bashcompdir='$$(datarootdir)/bash-completion/completions' @@ -21,7 +21,7 @@ distcleancheck_listfiles = find . -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';' distclean-local: - rm -rf autom4te.cache + rm -rf autom4te.cache version.txt sign: cp -f $(distdir).tar.gz $(distdir)-win64-installer.exe $(distdir)-android.zip ../dist
View file
_service:tar_scm:stunnel-5.69.tar.gz/Makefile.in -> _service:tar_scm:stunnel-5.72.tar.gz/Makefile.in
Changed
@@ -14,7 +14,7 @@ @SET_MAKE@ -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 VPATH = @srcdir@ am__is_gnu_make = { \ @@ -192,8 +192,8 @@ $(top_srcdir)/auto/config.guess $(top_srcdir)/auto/config.sub \ $(top_srcdir)/auto/install-sh $(top_srcdir)/auto/ltmain.sh \ $(top_srcdir)/auto/missing AUTHORS.md NEWS.md README.md \ - auto/compile auto/config.guess auto/config.sub auto/install-sh \ - auto/ltmain.sh auto/missing + auto/compile auto/config.guess auto/config.sub auto/depcomp \ + auto/install-sh auto/ltmain.sh auto/missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -266,6 +266,7 @@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FILECMD = @FILECMD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -879,7 +880,7 @@ $(SHELL) ./config.status libtool distclean-local: - rm -rf autom4te.cache + rm -rf autom4te.cache version.txt sign: cp -f $(distdir).tar.gz $(distdir)-win64-installer.exe $(distdir)-android.zip ../dist
View file
_service:tar_scm:stunnel-5.69.tar.gz/NEWS.md -> _service:tar_scm:stunnel-5.72.tar.gz/NEWS.md
Changed
@@ -1,6 +1,46 @@ # stunnel change log +### Version 5.72, 2024.02.04, urgency: MEDIUM +* Security bugfixes + - OpenSSL DLLs updated to version 3.2.1. +* Bugfixes + - Fixed SSL_CTX_new() errors handling. + - Fixed OPENSSL_NO_PSK builds. + - Android build updated for NDK r23c. + - stunnel.nsi updated for Debian 12. + - Fixed tests with OpenSSL older than 1.0.2. + +### Version 5.71, 2023.09.19, urgency: MEDIUM +* Security bugfixes + - OpenSSL DLLs updated to version 3.1.3. +* Bugfixes + - Fixed the console output of tstunnel.exe. +* Features sponsored by SAE IT-systems + - OCSP stapling is requested and verified in the client mode. + - Using "verifyChain" automatically enables OCSP + stapling in the client mode. + - OCSP stapling is always available in the server mode. + - An inconclusive OCSP verification breaks TLS negotiation. + This can be disabled with "OCSPrequire = no". + - Added the "TIMEOUTocsp" option to control the maximum + time allowed for connecting an OCSP responder. +* Features + - Added support for Red Hat OpenSSL 3.x patches. + +### Version 5.70, 2023.07.12, urgency: HIGH +* Security bugfixes + - OpenSSL DLLs updated to version 3.0.9. + - OpenSSL FIPS Provider updated to version 3.0.8. +* Bugfixes + - Fixed TLS socket EOF handling with OpenSSL 3.x. + This bug caused major interoperability issues between + stunnel built with OpenSSL 3.x and Microsoft's + Schannel Security Support Provider (SSP). + - Fixed reading certificate chains from PKCS#12 files. +* Features + - Added configurable delay for the "retry" option. + ### Version 5.69, 2023.03.04, urgency: MEDIUM * New features - Improved logging performance with the "output" option.
View file
_service:tar_scm:stunnel-5.69.tar.gz/TODO.md -> _service:tar_scm:stunnel-5.72.tar.gz/TODO.md
Changed
@@ -1,6 +1,11 @@ # stunnel TODO +### Updated defaults planned for stunnel 6.xx +More secure defaults planned for the next major version. + +* OCSPaia = yes + ### High priority features These features will likely be supported some day. A sponsor could allocate my time to get them faster. @@ -17,6 +22,8 @@ * MSI installer for Windows. * Add 'leastconn' failover strategy to order defined 'connect' targets by the number of active connections. +* MariaDB (formerly MySQL) protocol negotiation: + MariaDB Handshake Protocol(https://mariadb.com/kb/en/connection/) ### Low priority features These features will unlikely ever be supported.
View file
_service:tar_scm:stunnel-5.69.tar.gz/auto/ltmain.sh -> _service:tar_scm:stunnel-5.72.tar.gz/auto/ltmain.sh
Changed
@@ -1,12 +1,12 @@ -#! /bin/sh +#! /usr/bin/env sh ## DO NOT EDIT - This file generated from ./build-aux/ltmain.in -## by inline-source v2014-01-03.01 +## by inline-source v2019-02-19.15 -# libtool (GNU libtool) 2.4.6 +# libtool (GNU libtool) 2.4.7 # Provide generalized library-building support services. # Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996 -# Copyright (C) 1996-2015 Free Software Foundation, Inc. +# Copyright (C) 1996-2019, 2021-2022 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -31,8 +31,8 @@ PROGRAM=libtool PACKAGE=libtool -VERSION="2.4.6 Debian-2.4.6-15build2" -package_revision=2.4.6 +VERSION="2.4.7 Debian-2.4.7-5" +package_revision=2.4.7 ## ------ ## @@ -64,34 +64,25 @@ # libraries, which are installed to $pkgauxdir. # Set a version string for this script. -scriptversion=2015-01-20.17; # UTC +scriptversion=2019-02-19.15; # UTC # General shell script boiler plate, and helper functions. # Written by Gary V. Vaughan, 2004 -# Copyright (C) 2004-2015 Free Software Foundation, Inc. -# This is free software; see the source for copying conditions. There is NO -# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. - -# As a special exception to the GNU General Public License, if you distribute -# this file as part of a program or library that is built using GNU Libtool, -# you may include this file under the same distribution terms that you use -# for the rest of that program. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# This is free software. There is NO warranty; not even for +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Copyright (C) 2004-2019, 2021 Bootstrap Authors +# +# This file is dual licensed under the terms of the MIT license +# <https://opensource.org/license/MIT>, and GPL version 2 or later +# <http://www.gnu.org/licenses/gpl-2.0.html>. You must apply one of +# these licenses when using or redistributing this software or any of +# the files within it. See the URLs above, or the file `LICENSE` +# included in the Bootstrap distribution for the full license texts. -# Please report bugs or propose patches to gary@gnu.org. +# Please report bugs or propose patches to: +# <https://github.com/gnulib-modules/bootstrap/issues> ## ------ ## @@ -139,9 +130,12 @@ _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\" fi" done - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH +# These NLS vars are set unconditionally (bootstrap issue #24). Unset those +# in case the environment reset is needed later and the $save_* variant is not +# defined (see the code above). +LC_ALL=C +LANGUAGE=C +export LANGUAGE LC_ALL # Make sure IFS has a sensible default sp=' ' @@ -159,6 +153,26 @@ fi +# func_unset VAR +# -------------- +# Portably unset VAR. +# In some shells, an 'unset VAR' statement leaves a non-zero return +# status if VAR is already unset, which might be problematic if the +# statement is used at the end of a function (thus poisoning its return +# value) or when 'set -e' is active (causing even a spurious abort of +# the script in this case). +func_unset () +{ + { eval $1=; (eval unset $1) >/dev/null 2>&1 && eval unset $1 || : ; } +} + + +# Make sure CDPATH doesn't cause `cd` commands to output the target dir. +func_unset CDPATH + +# Make sure ${,E,F}GREP behave sanely. +func_unset GREP_OPTIONS + ## ------------------------- ## ## Locate command utilities. ## @@ -259,7 +273,7 @@ rm -f conftest.in conftest.tmp conftest.nl conftest.out } - func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin + func_path_progs "sed gsed" func_check_prog_sed "$PATH:/usr/xpg4/bin" rm -f conftest.sed SED=$func_path_progs_result } @@ -295,7 +309,7 @@ rm -f conftest.in conftest.tmp conftest.nl conftest.out } - func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin + func_path_progs "grep ggrep" func_check_prog_grep "$PATH:/usr/xpg4/bin" GREP=$func_path_progs_result } @@ -360,6 +374,35 @@ s/\\(^$_G_bs\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g s/\n//g" +# require_check_ifs_backslash +# --------------------------- +# Check if we can use backslash as IFS='\' separator, and set +# $check_ifs_backshlash_broken to ':' or 'false'. +require_check_ifs_backslash=func_require_check_ifs_backslash +func_require_check_ifs_backslash () +{ + _G_save_IFS=$IFS + IFS='\' + _G_check_ifs_backshlash='a\\b' + for _G_i in $_G_check_ifs_backshlash + do + case $_G_i in + a) + check_ifs_backshlash_broken=false + ;; + '') + break + ;; + *) + check_ifs_backshlash_broken=: + break + ;; + esac + done + IFS=$_G_save_IFS + require_check_ifs_backslash=: +} + ## ----------------- ## ## Global variables. ## @@ -580,16 +623,16 @@ { $debug_cmd - func_quote_for_eval "$2" - eval "$1+=\\ \$func_quote_for_eval_result" + func_quote_arg pretty "$2" + eval "$1+=\\ \$func_quote_arg_result" }' else func_append_quoted () { $debug_cmd - func_quote_for_eval "$2" - eval "$1=\$$1\\ \$func_quote_for_eval_result" + func_quote_arg pretty "$2" + eval "$1=\$$1\\ \$func_quote_arg_result" } fi @@ -1091,85 +1134,203 @@ } -# func_quote_for_eval ARG... -# -------------------------- -# Aesthetically quote ARGs to be evaled later. -# This function returns two values: -# i) func_quote_for_eval_result -# double-quoted, suitable for a subsequent eval -# ii) func_quote_for_eval_unquoted_result -# has all characters that are still active within double -# quotes backslashified. -func_quote_for_eval () +# func_quote_portable EVAL ARG +# ---------------------------- +# Internal function to portably implement func_quote_arg. Note that we still +# keep attention to performance here so we as much as possible try to avoid +# calling sed binary (so far O(N) complexity as long as func_append is O(1)). +func_quote_portable () { $debug_cmd - func_quote_for_eval_unquoted_result= - func_quote_for_eval_result= - while test 0 -lt $#; do - case $1 in - *\\\`\"\$*) - _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;; - *) - _G_unquoted_arg=$1 ;; - esac - if test -n "$func_quote_for_eval_unquoted_result"; then - func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg" - else - func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg" + $require_check_ifs_backslash + + func_quote_portable_result=$2 + + # one-time-loop (easy break) + while true + do + if $1; then + func_quote_portable_result=`$ECHO "$2" | $SED \ + -e "$sed_double_quote_subst" -e "$sed_double_backslash"` + break fi - case $_G_unquoted_arg in - # Double-quote args containing shell metacharacters to delay - # word splitting, command substitution and variable expansion - # for a subsequent eval. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, so we specify it separately. - *\\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ *|**|"") - _G_quoted_arg=\"$_G_unquoted_arg\" + # Quote for eval. + case $func_quote_portable_result in + *\\\`\"\$*) + # Fallback to sed for $func_check_bs_ifs_broken=:, or when the string + # contains the shell wildcard characters. + case $check_ifs_backshlash_broken$func_quote_portable_result in + :*|*\\*\?*) + func_quote_portable_result=`$ECHO "$func_quote_portable_result" \ + | $SED "$sed_quote_subst"` + break + ;; + esac + + func_quote_portable_old_IFS=$IFS + for _G_char in '\' '`' '"' '$' + do + # STATE($1) PREV($2) SEPARATOR($3) + set start "" "" + func_quote_portable_result=dummy"$_G_char$func_quote_portable_result$_G_char"dummy + IFS=$_G_char + for _G_part in $func_quote_portable_result + do + case $1 in + quote) + func_append func_quote_portable_result "$3$2" + set quote "$_G_part" "\\$_G_char" + ;; + start) + set first "" "" + func_quote_portable_result= + ;; + first) + set quote "$_G_part" "" + ;; + esac + done + done + IFS=$func_quote_portable_old_IFS ;; - *) - _G_quoted_arg=$_G_unquoted_arg - ;; + *) ;; esac - - if test -n "$func_quote_for_eval_result"; then - func_append func_quote_for_eval_result " $_G_quoted_arg" - else - func_append func_quote_for_eval_result "$_G_quoted_arg" - fi - shift + break done + + func_quote_portable_unquoted_result=$func_quote_portable_result + case $func_quote_portable_result in + # double-quote args containing shell metacharacters to delay + # word splitting, command substitution and variable expansion + # for a subsequent eval. + # many bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *\\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ *|**|"") + func_quote_portable_result=\"$func_quote_portable_result\" + ;; + esac } -# func_quote_for_expand ARG -# ------------------------- -# Aesthetically quote ARG to be evaled later; same as above, -# but do not quote variable references. -func_quote_for_expand () -{ - $debug_cmd +# func_quotefast_eval ARG +# ----------------------- +# Quote one ARG (internal). This is equivalent to 'func_quote_arg eval ARG', +# but optimized for speed. Result is stored in $func_quotefast_eval. +if test xyes = `(x=; printf -v x %q yes; echo x"$x") 2>/dev/null`; then + printf -v _GL_test_printf_tilde %q '~' + if test '\~' = "$_GL_test_printf_tilde"; then + func_quotefast_eval () + { + printf -v func_quotefast_eval_result %q "$1" + } + else + # Broken older Bash implementations. Make those faster too if possible. + func_quotefast_eval () + { + case $1 in + '~'*) + func_quote_portable false "$1" + func_quotefast_eval_result=$func_quote_portable_result + ;; + *) + printf -v func_quotefast_eval_result %q "$1" + ;; + esac + } + fi +else + func_quotefast_eval () + { + func_quote_portable false "$1" + func_quotefast_eval_result=$func_quote_portable_result + } +fi - case $1 in - *\\\`\"*) - _G_arg=`$ECHO "$1" | $SED \ - -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;; - *) - _G_arg=$1 ;; + +# func_quote_arg MODEs ARG +# ------------------------ +# Quote one ARG to be evaled later. MODEs argument may contain zero or more +# specifiers listed below separated by ',' character. This function returns two +# values: +# i) func_quote_arg_result +# double-quoted (when needed), suitable for a subsequent eval +# ii) func_quote_arg_unquoted_result +# has all characters that are still active within double +# quotes backslashified. Available only if 'unquoted' is specified. +# +# Available modes: +# ---------------- +# 'eval' (default) +# - escape shell special characters +# 'expand' +# - the same as 'eval'; but do not quote variable references +# 'pretty' +# - request aesthetic output, i.e. '"a b"' instead of 'a\ b'. This might +# be used later in func_quote to get output like: 'echo "a b"' instead +# of 'echo a\ b'. This is slower than default on some shells. +# 'unquoted' +# - produce also $func_quote_arg_unquoted_result which does not contain +# wrapping double-quotes. +# +# Examples for 'func_quote_arg pretty,unquoted string': +# +# string | *_result | *_unquoted_result +# ------------+-----------------------+------------------- +# " | \" | \" +# a b | "a b" | a b +# "a b" | "\"a b\"" | \"a b\" +# * | "*" | * +# z="${x-$y}" | "z=\"\${x-\$y}\"" | z=\"\${x-\$y}\" +# +# Examples for 'func_quote_arg pretty,unquoted,expand string': +# +# string | *_result | *_unquoted_result +# --------------+---------------------+-------------------- +# z="${x-$y}" | "z=\"${x-$y}\"" | z=\"${x-$y}\" +func_quote_arg () +{ + _G_quote_expand=false + case ,$1, in + *,expand,*) + _G_quote_expand=: + ;; esac - case $_G_arg in - # Double-quote args containing shell metacharacters to delay - # word splitting and command substitution for a subsequent eval. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, so we specify it separately. - *\\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ *|**|"") - _G_arg=\"$_G_arg\" + case ,$1, in + *,pretty,*|*,expand,*|*,unquoted,*) + func_quote_portable $_G_quote_expand "$2" + func_quote_arg_result=$func_quote_portable_result + func_quote_arg_unquoted_result=$func_quote_portable_unquoted_result + ;; + *) + # Faster quote-for-eval for some shells. + func_quotefast_eval "$2" + func_quote_arg_result=$func_quotefast_eval_result ;; esac +} + - func_quote_for_expand_result=$_G_arg +# func_quote MODEs ARGs... +# ------------------------ +# Quote all ARGs to be evaled later and join them into single command. See +# func_quote_arg's description for more info. +func_quote () +{ + $debug_cmd + _G_func_quote_mode=$1 ; shift + func_quote_result= + while test 0 -lt $#; do + func_quote_arg "$_G_func_quote_mode" "$1" + if test -n "$func_quote_result"; then + func_append func_quote_result " $func_quote_arg_result" + else + func_append func_quote_result "$func_quote_arg_result" + fi + shift + done } @@ -1215,8 +1376,8 @@ _G_cmd=$1 _G_fail_exp=${2-':'} - func_quote_for_expand "$_G_cmd" - eval "func_notquiet $func_quote_for_expand_result" + func_quote_arg pretty,expand "$_G_cmd" + eval "func_notquiet $func_quote_arg_result" $opt_dry_run || { eval "$_G_cmd" @@ -1241,8 +1402,8 @@ _G_fail_exp=${2-':'} $opt_quiet || { - func_quote_for_expand "$_G_cmd" - eval "func_echo $func_quote_for_expand_result" + func_quote_arg expand,pretty "$_G_cmd" + eval "func_echo $func_quote_arg_result" } $opt_dry_run || { @@ -1369,30 +1530,26 @@ # End: #! /bin/sh -# Set a version string for this script. -scriptversion=2015-10-07.11; # UTC - # A portable, pluggable option parser for Bourne shell. # Written by Gary V. Vaughan, 2010 -# Copyright (C) 2010-2015 Free Software Foundation, Inc. -# This is free software; see the source for copying conditions. There is NO -# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This is free software. There is NO warranty; not even for +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Copyright (C) 2010-2019, 2021 Bootstrap Authors +# +# This file is dual licensed under the terms of the MIT license +# <https://opensource.org/license/MIT>, and GPL version 2 or later +# <http://www.gnu.org/licenses/gpl-2.0.html>. You must apply one of +# these licenses when using or redistributing this software or any of +# the files within it. See the URLs above, or the file `LICENSE` +# included in the Bootstrap distribution for the full license texts. -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# Please report bugs or propose patches to: +# <https://github.com/gnulib-modules/bootstrap/issues> -# Please report bugs or propose patches to gary@gnu.org. +# Set a version string for this script. +scriptversion=2019-02-19.15; # UTC ## ------ ## @@ -1415,7 +1572,7 @@ # # In order for the '--version' option to work, you will need to have a # suitably formatted comment like the one at the top of this file -# starting with '# Written by ' and ending with '# warranty; '. +# starting with '# Written by ' and ending with '# Copyright'. # # For '-h' and '--help' to work, you will also need a one line # description of your script's purpose in a comment directly above the @@ -1427,7 +1584,7 @@ # to display verbose messages only when your user has specified # '--verbose'. # -# After sourcing this file, you can plug processing for additional +# After sourcing this file, you can plug in processing for additional # options by amending the variables from the 'Configuration' section # below, and following the instructions in the 'Option parsing' # section further down. @@ -1476,8 +1633,8 @@ ## ------------------------- ## # This section contains functions for adding, removing, and running hooks -# to the main code. A hook is just a named list of of function, that can -# be run in order later on. +# in the main code. A hook is just a list of function names that can be +# run in order later on. # func_hookable FUNC_NAME # ----------------------- @@ -1510,7 +1667,8 @@ # func_remove_hook FUNC_NAME HOOK_FUNC # ------------------------------------ -# Remove HOOK_FUNC from the list of functions called by FUNC_NAME. +# Remove HOOK_FUNC from the list of hook functions to be called by +# FUNC_NAME. func_remove_hook () { $debug_cmd @@ -1519,10 +1677,28 @@ } +# func_propagate_result FUNC_NAME_A FUNC_NAME_B +# --------------------------------------------- +# If the *_result variable of FUNC_NAME_A _is set_, assign its value to +# *_result variable of FUNC_NAME_B. +func_propagate_result () +{ + $debug_cmd + + func_propagate_result_result=: + if eval "test \"\${${1}_result+set}\" = set" + then + eval "${2}_result=\$${1}_result" + else + func_propagate_result_result=false + fi +} + + # func_run_hooks FUNC_NAME ARG... # --------------------------------- # Run all hook functions registered to FUNC_NAME. -# It is assumed that the list of hook functions contains nothing more +# It's assumed that the list of hook functions contains nothing more # than a whitespace-delimited list of legal shell function names, and # no effort is wasted trying to catch shell meta-characters or preserve # whitespace. @@ -1534,22 +1710,19 @@ case " $hookable_fns " in *" $1 "*) ;; - *) func_fatal_error "'$1' does not support hook funcions.n" ;; + *) func_fatal_error "'$1' does not support hook functions." ;; esac eval _G_hook_fns=\$$1_hooks; shift for _G_hook in $_G_hook_fns; do - if eval $_G_hook '"$@"'; then - # store returned options list back into positional - # parameters for next 'cmd' execution. - eval _G_hook_result=\$${_G_hook}_result - eval set dummy "$_G_hook_result"; shift - _G_rc_run_hooks=: + func_unset "${_G_hook}_result" + eval $_G_hook '${1+"$@"}' + func_propagate_result $_G_hook func_run_hooks + if $func_propagate_result_result; then + eval set dummy "$func_run_hooks_result"; shift fi done - - $_G_rc_run_hooks && func_run_hooks_result=$_G_hook_result } @@ -1559,14 +1732,16 @@ ## --------------- ## # In order to add your own option parsing hooks, you must accept the -# full positional parameter list in your hook function, you may remove/edit -# any options that you action, and then pass back the remaining unprocessed -# options in '<hooked_function_name>_result', escaped suitably for -# 'eval'. In this case you also must return $EXIT_SUCCESS to let the -# hook's caller know that it should pay attention to -# '<hooked_function_name>_result'. Returning $EXIT_FAILURE signalizes that -# arguments are left untouched by the hook and therefore caller will ignore the -# result variable. +# full positional parameter list from your hook function. You may remove +# or edit any options that you action, and then pass back the remaining +# unprocessed options in '<hooked_function_name>_result', escaped +# suitably for 'eval'. +# +# The '<hooked_function_name>_result' variable is automatically unset +# before your hook gets called; for best performance, only set the +# *_result variable when necessary (i.e. don't call the 'func_quote' +# function unnecessarily because it can be an expensive operation on some +# machines). # # Like this: # @@ -1578,11 +1753,8 @@ # usage_message=$usage_message' # -s, --silent don'\''t print informational messages # ' -# # No change in '$@' (ignored completely by this hook). There is -# # no need to do the equivalent (but slower) action: -# # func_quote_for_eval ${1+"$@"} -# # my_options_prep_result=$func_quote_for_eval_result -# false +# # No change in '$@' (ignored completely by this hook). Leave +# # my_options_prep_result variable intact. # } # func_add_hook func_options_prep my_options_prep # @@ -1593,7 +1765,7 @@ # # args_changed=false # -# # Note that for efficiency, we parse as many options as we can +# # Note that, for efficiency, we parse as many options as we can # # recognise in a loop before passing the remainder back to the # # caller on the first unrecognised argument we encounter. # while test $# -gt 0; do @@ -1610,18 +1782,17 @@ # args_changed=: # ;; # *) # Make sure the first unrecognised option "$_G_opt" -# # is added back to "$@", we could need that later -# # if $args_changed is true. +# # is added back to "$@" in case we need it later, +# # if $args_changed was set to 'true'. # set dummy "$_G_opt" ${1+"$@"}; shift; break ;; # esac # done # +# # Only call 'func_quote' here if we processed at least one argument. # if $args_changed; then -# func_quote_for_eval ${1+"$@"} -# my_silent_option_result=$func_quote_for_eval_result +# func_quote eval ${1+"$@"} +# my_silent_option_result=$func_quote_result # fi -# -# $args_changed # } # func_add_hook func_parse_options my_silent_option # @@ -1632,8 +1803,6 @@ # # $opt_silent && $opt_verbose && func_fatal_help "\ # '--silent' and '--verbose' options are mutually exclusive." -# -# false # } # func_add_hook func_validate_options my_option_validation # @@ -1649,13 +1818,8 @@ { $debug_cmd - _G_func_options_finish_exit=false - if func_run_hooks func_options ${1+"$@"}; then - func_options_finish_result=$func_run_hooks_result - _G_func_options_finish_exit=: - fi - - $_G_func_options_finish_exit + func_run_hooks func_options ${1+"$@"} + func_propagate_result func_run_hooks func_options_finish } @@ -1668,28 +1832,27 @@ { $debug_cmd - _G_rc_options=false + _G_options_quoted=false for my_func in options_prep parse_options validate_options options_finish do - if eval func_$my_func '${1+"$@"}'; then - eval _G_res_var='$'"func_${my_func}_result" - eval set dummy "$_G_res_var" ; shift - _G_rc_options=: + func_unset func_${my_func}_result + func_unset func_run_hooks_result + eval func_$my_func '${1+"$@"}' + func_propagate_result func_$my_func func_options + if $func_propagate_result_result; then + eval set dummy "$func_options_result"; shift + _G_options_quoted=: fi done - # Save modified positional parameters for caller. As a top-level - # options-parser function we always need to set the 'func_options_result' - # variable (regardless the $_G_rc_options value). - if $_G_rc_options; then - func_options_result=$_G_res_var - else - func_quote_for_eval ${1+"$@"} - func_options_result=$func_quote_for_eval_result - fi - - $_G_rc_options + $_G_options_quoted || { + # As we (func_options) are top-level options-parser function and + # nobody quoted "$@" for us yet, we need to do it explicitly for + # caller. + func_quote eval ${1+"$@"} + func_options_result=$func_quote_result + } } @@ -1699,8 +1862,7 @@ # Note that when calling hook functions, we pass through the list of # positional parameters. If a hook function modifies that list, and # needs to propagate that back to rest of this script, then the complete -# modified list must be put in 'func_run_hooks_result' before -# returning $EXIT_SUCCESS (otherwise $EXIT_FAILURE is returned). +# modified list must be put in 'func_run_hooks_result' before returning. func_hookable func_options_prep func_options_prep () { @@ -1710,14 +1872,8 @@ opt_verbose=false opt_warning_types= - _G_rc_options_prep=false - if func_run_hooks func_options_prep ${1+"$@"}; then - _G_rc_options_prep=: - # save modified positional parameters for caller - func_options_prep_result=$func_run_hooks_result - fi - - $_G_rc_options_prep + func_run_hooks func_options_prep ${1+"$@"} + func_propagate_result func_run_hooks func_options_prep } @@ -1729,27 +1885,32 @@ { $debug_cmd - func_parse_options_result= - - _G_rc_parse_options=false + _G_parse_options_requote=false # this just eases exit handling while test $# -gt 0; do # Defer to hook functions for initial option parsing, so they # get priority in the event of reusing an option name. - if func_run_hooks func_parse_options ${1+"$@"}; then - eval set dummy "$func_run_hooks_result"; shift - _G_rc_parse_options=: + func_run_hooks func_parse_options ${1+"$@"} + func_propagate_result func_run_hooks func_parse_options + if $func_propagate_result_result; then + eval set dummy "$func_parse_options_result"; shift + # Even though we may have changed "$@", we passed the "$@" array + # down into the hook and it quoted it for us (because we are in + # this if-branch). No need to quote it again. + _G_parse_options_requote=false fi # Break out of the loop if we already parsed every option. test $# -gt 0 || break + # We expect that one of the options parsed in this function matches + # and thus we remove _G_opt from "$@" and need to re-quote. _G_match_parse_options=: _G_opt=$1 shift case $_G_opt in --debug|-x) debug_cmd='set -x' - func_echo "enabling shell trace mode" + func_echo "enabling shell trace mode" >&2 $debug_cmd ;; @@ -1760,7 +1921,7 @@ --warnings|--warning|-W) if test $# = 0 && func_missing_arg $_G_opt; then - _G_rc_parse_options=: + _G_parse_options_requote=: break fi case " $warning_categories $1" in @@ -1815,7 +1976,7 @@ shift ;; - --) _G_rc_parse_options=: ; break ;; + --) _G_parse_options_requote=: ; break ;; -*) func_fatal_help "unrecognised option: '$_G_opt'" ;; *) set dummy "$_G_opt" ${1+"$@"}; shift _G_match_parse_options=false @@ -1823,17 +1984,16 @@ ;; esac - $_G_match_parse_options && _G_rc_parse_options=: + if $_G_match_parse_options; then + _G_parse_options_requote=: + fi done - - if $_G_rc_parse_options; then + if $_G_parse_options_requote; then # save modified positional parameters for caller - func_quote_for_eval ${1+"$@"} - func_parse_options_result=$func_quote_for_eval_result + func_quote eval ${1+"$@"} + func_parse_options_result=$func_quote_result fi - - $_G_rc_parse_options } @@ -1846,21 +2006,14 @@ { $debug_cmd - _G_rc_validate_options=false - # Display all warnings if -W was not given. test -n "$opt_warning_types" || opt_warning_types=" $warning_categories" - if func_run_hooks func_validate_options ${1+"$@"}; then - # save modified positional parameters for caller - func_validate_options_result=$func_run_hooks_result - _G_rc_validate_options=: - fi + func_run_hooks func_validate_options ${1+"$@"} + func_propagate_result func_run_hooks func_validate_options # Bail if the options were screwed! $exit_cmd $EXIT_FAILURE - - $_G_rc_validate_options } @@ -1916,8 +2069,8 @@ # func_split_equals STRING # ------------------------ -# Set func_split_equals_lhs and func_split_equals_rhs shell variables after -# splitting STRING at the '=' sign. +# Set func_split_equals_lhs and func_split_equals_rhs shell variables +# after splitting STRING at the '=' sign. test -z "$_G_HAVE_XSI_OPS" \ && (eval 'x=a/b/c; test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ @@ -1932,8 +2085,9 @@ func_split_equals_lhs=${1%%=*} func_split_equals_rhs=${1#*=} - test "x$func_split_equals_lhs" = "x$1" \ - && func_split_equals_rhs= + if test "x$func_split_equals_lhs" = "x$1"; then + func_split_equals_rhs= + fi }' else # ...otherwise fall back to using expr, which is often a shell builtin. @@ -1943,7 +2097,7 @@ func_split_equals_lhs=`expr "x$1" : 'x\(^=*\)'` func_split_equals_rhs= - test "x$func_split_equals_lhs" = "x$1" \ + test "x$func_split_equals_lhs=" = "x$1" \ || func_split_equals_rhs=`expr "x$1" : 'x^=*=\(.*\)$'` } fi #func_split_equals @@ -1969,7 +2123,7 @@ { $debug_cmd - func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'` + func_split_short_opt_name=`expr "x$1" : 'x\(-.\)'` func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'` } fi #func_split_short_opt @@ -2011,31 +2165,44 @@ # func_version # ------------ # Echo version message to standard output and exit. +# The version message is extracted from the calling file's header +# comments, with leading '# ' stripped: +# 1. First display the progname and version +# 2. Followed by the header comment line matching /^# Written by / +# 3. Then a blank line followed by the first following line matching +# /^# Copyright / +# 4. Immediately followed by any lines between the previous matches, +# except lines preceding the intervening completely blank line. +# For example, see the header comments of this file. func_version () { $debug_cmd printf '%s\n' "$progname $scriptversion" $SED -n ' - /(C)/!b go - :more - /\./!{ - N - s|\n# | | - b more - } - :go - /^# Written by /,/# warranty; / { - s|^# || - s|^# *$|| - s|\((C)\) 0-9,-* ,-\(1-90-9* \)|\1 \2| - p + /^# Written by /!b + s|^# ||; p; n + + :fwd2blnk + /./ { + n + b fwd2blnk } - /^# Written by / { - s|^# || - p + p; n + + :holdwrnt + s|^# || + s|^# *$|| + /^Copyright /!{ + /./H + n + b holdwrnt } - /^warranty; /q' < "$progpath" + + s|\((C)\) 0-9,-* ,-\(1-90-9* \)|\1 \2| + G + s|\(\n\)\n*|\1|g + p; q' < "$progpath" exit $? } @@ -2045,12 +2212,12 @@ # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'before-save-hook 'time-stamp) -# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" +# time-stamp-pattern: "30/scriptversion=%:y-%02m-%02d.%02H; # UTC" # time-stamp-time-zone: "UTC" # End: # Set a version string. -scriptversion='(GNU libtool) 2.4.6' +scriptversion='(GNU libtool) 2.4.7' # func_echo ARG... @@ -2141,7 +2308,7 @@ compiler: $LTCC compiler flags: $LTCFLAGS linker: $LD (gnu? $with_gnu_ld) - version: $progname $scriptversion Debian-2.4.6-15build2 + version: $progname $scriptversion Debian-2.4.7-5 automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` @@ -2197,7 +2364,7 @@ # a configuration failure hint, and exit. func_fatal_configuration () { - func__fatal_error ${1+"$@"} \ + func_fatal_error ${1+"$@"} \ "See the $PACKAGE documentation for more information." \ "Fatal configuration error." } @@ -2345,6 +2512,8 @@ _G_rc_lt_options_prep=: + _G_rc_lt_options_prep=: + # Shorthand for --mode=foo, only valid as the first argument case $1 in clean|clea|cle|cl) @@ -2375,11 +2544,9 @@ if $_G_rc_lt_options_prep; then # Pass back the list of options. - func_quote_for_eval ${1+"$@"} - libtool_options_prep_result=$func_quote_for_eval_result + func_quote eval ${1+"$@"} + libtool_options_prep_result=$func_quote_result fi - - $_G_rc_lt_options_prep } func_add_hook func_options_prep libtool_options_prep @@ -2482,11 +2649,9 @@ if $_G_rc_lt_parse_options; then # save modified positional parameters for caller - func_quote_for_eval ${1+"$@"} - libtool_parse_options_result=$func_quote_for_eval_result + func_quote eval ${1+"$@"} + libtool_parse_options_result=$func_quote_result fi - - $_G_rc_lt_parse_options } func_add_hook func_parse_options libtool_parse_options @@ -2543,8 +2708,8 @@ } # Pass back the unparsed argument list - func_quote_for_eval ${1+"$@"} - libtool_validate_options_result=$func_quote_for_eval_result + func_quote eval ${1+"$@"} + libtool_validate_options_result=$func_quote_result } func_add_hook func_validate_options libtool_validate_options @@ -3510,8 +3675,8 @@ esac done - func_quote_for_eval "$libobj" - test "X$libobj" != "X$func_quote_for_eval_result" \ + func_quote_arg pretty "$libobj" + test "X$libobj" != "X$func_quote_arg_result" \ && $ECHO "X$libobj" | $GREP '~#^*{};<>?"'"'"' &()|`$' \ && func_warning "libobj name '$libobj' may not contain shell special characters." func_dirname_and_basename "$obj" "/" "" @@ -3584,8 +3749,8 @@ func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 srcfile=$func_to_tool_file_result - func_quote_for_eval "$srcfile" - qsrcfile=$func_quote_for_eval_result + func_quote_arg pretty "$srcfile" + qsrcfile=$func_quote_arg_result # Only build a PIC object if we are building libtool libraries. if test yes = "$build_libtool_libs"; then @@ -3740,7 +3905,8 @@ -prefer-non-pic try to build non-PIC objects only -shared do not build a '.o' file suitable for static linking -static only build a '.o' file suitable for static linking - -Wc,FLAG pass FLAG directly to the compiler + -Wc,FLAG + -Xcompiler FLAG pass FLAG directly to the compiler COMPILE-COMMAND is a command to be used in creating a 'standard' object file from the given SOURCEFILE. @@ -3846,6 +4012,8 @@ -weak LIBNAME declare that the target provides the LIBNAME interface -Wc,FLAG -Xcompiler FLAG pass linker-specific FLAG directly to the compiler + -Wa,FLAG + -Xassembler FLAG pass linker-specific FLAG directly to the assembler -Wl,FLAG -Xlinker FLAG pass linker-specific FLAG directly to the linker -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) @@ -4188,8 +4356,8 @@ case $nonopt in *shtool*) :;; *) false;; esac then # Aesthetically quote it. - func_quote_for_eval "$nonopt" - install_prog="$func_quote_for_eval_result " + func_quote_arg pretty "$nonopt" + install_prog="$func_quote_arg_result " arg=$1 shift else @@ -4199,8 +4367,8 @@ # The real first argument should be the name of the installation program. # Aesthetically quote it. - func_quote_for_eval "$arg" - func_append install_prog "$func_quote_for_eval_result" + func_quote_arg pretty "$arg" + func_append install_prog "$func_quote_arg_result" install_shared_prog=$install_prog case " $install_prog " in *\\\ /cp\ *) install_cp=: ;; @@ -4257,12 +4425,12 @@ esac # Aesthetically quote the argument. - func_quote_for_eval "$arg" - func_append install_prog " $func_quote_for_eval_result" + func_quote_arg pretty "$arg" + func_append install_prog " $func_quote_arg_result" if test -n "$arg2"; then - func_quote_for_eval "$arg2" + func_quote_arg pretty "$arg2" fi - func_append install_shared_prog " $func_quote_for_eval_result" + func_append install_shared_prog " $func_quote_arg_result" done test -z "$install_prog" && \ @@ -4273,8 +4441,8 @@ if test -n "$install_override_mode" && $no_mode; then if $install_cp; then :; else - func_quote_for_eval "$install_override_mode" - func_append install_shared_prog " -m $func_quote_for_eval_result" + func_quote_arg pretty "$install_override_mode" + func_append install_shared_prog " -m $func_quote_arg_result" fi fi @@ -4570,8 +4738,8 @@ relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` $opt_quiet || { - func_quote_for_expand "$relink_command" - eval "func_echo $func_quote_for_expand_result" + func_quote_arg expand,pretty "$relink_command" + eval "func_echo $func_quote_arg_result" } if eval "$relink_command"; then : else @@ -5350,7 +5518,8 @@ if test \"\$libtool_execute_magic\" != \"$magic\"; then file=\"\$0\"" - qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` + func_quote_arg pretty "$ECHO" + qECHO=$func_quote_arg_result $ECHO "\ # A function that is used when there is no print builtin or printf. @@ -5360,7 +5529,7 @@ \$1 _LTECHO_EOF' } - ECHO=\"$qECHO\" + ECHO=$qECHO fi # Very basic option parsing. These options are (a) specific to @@ -6703,9 +6872,9 @@ while test "$#" -gt 0; do arg=$1 shift - func_quote_for_eval "$arg" - qarg=$func_quote_for_eval_unquoted_result - func_append libtool_args " $func_quote_for_eval_result" + func_quote_arg pretty,unquoted "$arg" + qarg=$func_quote_arg_unquoted_result + func_append libtool_args " $func_quote_arg_result" # If the previous option needs an argument, assign it. if test -n "$prev"; then @@ -6941,6 +7110,13 @@ prev= continue ;; + xassembler) + func_append compiler_flags " -Xassembler $qarg" + prev= + func_append compile_command " -Xassembler $qarg" + func_append finalize_command " -Xassembler $qarg" + continue + ;; xcclinker) func_append linker_flags " $qarg" func_append compiler_flags " $qarg" @@ -7111,7 +7287,7 @@ # These systems don't actually have a C library (as such) test X-lc = "X$arg" && continue ;; - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig* | *-*-midnightbsd*) # Do not include libc due to us having libc/libc_r. test X-lc = "X$arg" && continue ;; @@ -7131,7 +7307,7 @@ esac elif test X-lc_r = "X$arg"; then case $host in - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig* | *-*-midnightbsd*) # Do not include libc_r directly, use -pthread flag. continue ;; @@ -7161,8 +7337,20 @@ prev=xcompiler continue ;; - - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + # Solaris ld rejects as of 11.4. Refer to Oracle bug 22985199. + -pthread) + case $host in + *solaris2*) ;; + *) + case "$new_inherited_linker_flags " in + *" $arg "*) ;; + * ) func_append new_inherited_linker_flags " $arg" ;; + esac + ;; + esac + continue + ;; + -mt|-mthreads|-kthread|-Kthread|-pthreads|--thread-safe \ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) func_append compiler_flags " $arg" func_append compile_command " $arg" @@ -7303,9 +7491,9 @@ save_ifs=$IFS; IFS=, for flag in $args; do IFS=$save_ifs - func_quote_for_eval "$flag" - func_append arg " $func_quote_for_eval_result" - func_append compiler_flags " $func_quote_for_eval_result" + func_quote_arg pretty "$flag" + func_append arg " $func_quote_arg_result" + func_append compiler_flags " $func_quote_arg_result" done IFS=$save_ifs func_stripname ' ' '' "$arg" @@ -7319,16 +7507,21 @@ save_ifs=$IFS; IFS=, for flag in $args; do IFS=$save_ifs - func_quote_for_eval "$flag" - func_append arg " $wl$func_quote_for_eval_result" - func_append compiler_flags " $wl$func_quote_for_eval_result" - func_append linker_flags " $func_quote_for_eval_result" + func_quote_arg pretty "$flag" + func_append arg " $wl$func_quote_arg_result" + func_append compiler_flags " $wl$func_quote_arg_result" + func_append linker_flags " $func_quote_arg_result" done IFS=$save_ifs func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; + -Xassembler) + prev=xassembler + continue + ;; + -Xcompiler) prev=xcompiler continue @@ -7346,8 +7539,8 @@ # -msg_* for osf cc -msg_*) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result ;; # Flags to be passed through unchanged, with rationale: @@ -7370,12 +7563,13 @@ # -fuse-ld=* Linker select flags for GCC # -static-* direct GCC to link specific libraries statically # -fcilkplus Cilk Plus language extension features for C/C++ + # -Wa,* Pass flags directly to the assembler -64|-mips0-9|-r0-90-9*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ -t45*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \ - -specs=*|-fsanitize=*|-fuse-ld=*|-static-*|-fcilkplus) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + -specs=*|-fsanitize=*|-fuse-ld=*|-static-*|-fcilkplus|-Wa,*) + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result func_append compile_command " $arg" func_append finalize_command " $arg" func_append compiler_flags " $arg" @@ -7396,15 +7590,15 @@ continue else # Otherwise treat like 'Some other compiler flag' below - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result fi ;; # Some other compiler flag. -* | +*) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result ;; *.$objext) @@ -7524,8 +7718,8 @@ *) # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result ;; esac # arg @@ -8733,7 +8927,7 @@ test CXX = "$tagname" && { case $host_os in linux*) - case `$CC -V 2>&1 | sed 5q` in + case `$CC -V 2>&1 | $SED 5q` in *Sun\ C*) # Sun C++ 5.9 func_suncc_cstd_abi @@ -8906,7 +9100,7 @@ # case $version_type in # correct linux to gnu/linux during the next big refactor - darwin|freebsd-elf|linux|osf|windows|none) + darwin|freebsd-elf|linux|midnightbsd-elf|osf|windows|none) func_arith $number_major + $number_minor current=$func_arith_result age=$number_minor @@ -9000,7 +9194,7 @@ versuffix=.$current.$revision ;; - freebsd-elf) + freebsd-elf | midnightbsd-elf) func_arith $current - $age major=.$func_arith_result versuffix=$major.$age.$revision @@ -9226,7 +9420,7 @@ *-*-netbsd*) # Don't link with libc until the a.out ld.so is fixed. ;; - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-midnightbsd*) # Do not include libc due to us having libc/libc_r. ;; *-*-sco3.2v5* | *-*-sco5v6*) @@ -10037,8 +10231,8 @@ for cmd in $concat_cmds; do IFS=$save_ifs $opt_quiet || { - func_quote_for_expand "$cmd" - eval "func_echo $func_quote_for_expand_result" + func_quote_arg expand,pretty "$cmd" + eval "func_echo $func_quote_arg_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? @@ -10131,8 +10325,8 @@ eval cmd=\"$cmd\" IFS=$save_ifs $opt_quiet || { - func_quote_for_expand "$cmd" - eval "func_echo $func_quote_for_expand_result" + func_quote_arg expand,pretty "$cmd" + eval "func_echo $func_quote_arg_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? @@ -10606,12 +10800,13 @@ elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else - func_quote_for_eval "$var_value" - relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + func_quote_arg pretty "$var_value" + relink_command="$var=$func_quote_arg_result; export $var; $relink_command" fi done - relink_command="(cd `pwd`; $relink_command)" - relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + func_quote eval cd "`pwd`" + func_quote_arg pretty,unquoted "($func_quote_result; $relink_command)" + relink_command=$func_quote_arg_unquoted_result fi # Only actually do things if not in dry run mode. @@ -10851,13 +11046,15 @@ elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else - func_quote_for_eval "$var_value" - relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + func_quote_arg pretty,unquoted "$var_value" + relink_command="$var=$func_quote_arg_unquoted_result; export $var; $relink_command" fi done # Quote the link command for shipping. - relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" - relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + func_quote eval cd "`pwd`" + relink_command="($func_quote_result; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" + func_quote_arg pretty,unquoted "$relink_command" + relink_command=$func_quote_arg_unquoted_result if test yes = "$hardcode_automatic"; then relink_command= fi
View file
_service:tar_scm:stunnel-5.69.tar.gz/configure -> _service:tar_scm:stunnel-5.72.tar.gz/configure
Changed
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for stunnel 5.69. +# Generated by GNU Autoconf 2.71 for stunnel 5.72. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, @@ -618,8 +618,8 @@ # Identity of this package. PACKAGE_NAME='stunnel' PACKAGE_TARNAME='stunnel' -PACKAGE_VERSION='5.69' -PACKAGE_STRING='stunnel 5.69' +PACKAGE_VERSION='5.72' +PACKAGE_STRING='stunnel 5.72' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -676,6 +676,7 @@ AR DLLTOOL OBJDUMP +FILECMD LN_S NM ac_ct_DUMPBIN @@ -1369,7 +1370,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures stunnel 5.69 to adapt to many kinds of systems. +\`configure' configures stunnel 5.72 to adapt to many kinds of systems. Usage: $0 OPTION... VAR=VALUE... @@ -1440,7 +1441,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of stunnel 5.69:";; + short | recursive ) echo "Configuration of stunnel 5.72:";; esac cat <<\_ACEOF @@ -1561,7 +1562,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -stunnel configure 5.69 +stunnel configure 5.72 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2071,7 +2072,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by stunnel $as_me 5.69, which was +It was created by stunnel $as_me 5.72, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -3347,7 +3348,7 @@ # Define the identity of the package. PACKAGE='stunnel' - VERSION='5.69' + VERSION='5.72' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -3528,23 +3529,23 @@ -printf "%s\n" "#define HOST \"$host\"" >>confdefs.h +printf "%s\n" "#define HOST \"${host}\"" >>confdefs.h cat >>confdefs.h <<_ACEOF -#define `echo CPU_$host_cpu | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 +#define `echo CPU_${host_cpu} | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 _ACEOF cat >>confdefs.h <<_ACEOF -#define `echo VENDOR_$host_vendor | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 +#define `echo VENDOR_${host_vendor} | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 _ACEOF cat >>confdefs.h <<_ACEOF -#define `echo OS_$host_os | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 +#define `echo OS_${host_os} | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 _ACEOF -case "$host_os" in +case "${host_os}" in *darwin*) # OSX does not declare ucontext without _XOPEN_SOURCE @@ -4588,9 +4589,9 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for bashcompdir" >&5 printf %s "checking for bashcompdir... " >&6; } -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_bashcompdir" >&5 -printf "%s\n" "$with_bashcompdir" >&6; } -bashcompdir=$with_bashcompdir +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${with_bashcompdir}" >&5 +printf "%s\n" "${with_bashcompdir}" >&6; } +bashcompdir=${with_bashcompdir} { printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** thread model" >&5 @@ -4953,7 +4954,7 @@ if test ${with_threads+y} then : withval=$with_threads; - case "$withval" in + case "${withval}" in ucontext) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: UCONTEXT mode selected" >&5 printf "%s\n" "$as_me: UCONTEXT mode selected" >&6;} @@ -5727,9 +5728,9 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu - LIBS="$PTHREAD_LIBS $LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - CC="$PTHREAD_CC" + LIBS="${PTHREAD_LIBS} ${LIBS}" + CFLAGS="${CFLAGS} ${PTHREAD_CFLAGS}" + CC="${PTHREAD_CC}" printf "%s\n" "#define USE_PTHREAD 1" >>confdefs.h @@ -6500,9 +6501,9 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: PTHREAD thread model detected" >&5 printf "%s\n" "$as_me: PTHREAD thread model detected" >&6;} - LIBS="$PTHREAD_LIBS $LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - CC="$PTHREAD_CC" + LIBS="${PTHREAD_LIBS} ${LIBS}" + CFLAGS="${CFLAGS} ${PTHREAD_CFLAGS}" + CC="${PTHREAD_CC}" printf "%s\n" "#define USE_PTHREAD 1" >>confdefs.h @@ -6531,7 +6532,7 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** compiler/linker flags" >&5 printf "%s\n" "$as_me: **************************************** compiler/linker flags" >&6;} -if test "$GCC" = yes; then +if test "${GCC}" = yes; then @@ -6931,85 +6932,6 @@ -for flag in -Wno-long-long; do - as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags__$flag" | $as_tr_sh` -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 -printf %s "checking whether C compiler accepts $flag... " >&6; } -if eval test \${$as_CACHEVAR+y} -then : - printf %s "(cached) " >&6 -else $as_nop - - ax_check_save_flags=$CFLAGS - CFLAGS="$CFLAGS $flag" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main (void) -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - eval "$as_CACHEVAR=yes" -else $as_nop - eval "$as_CACHEVAR=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - CFLAGS=$ax_check_save_flags -fi -eval ac_res=\$$as_CACHEVAR - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -printf "%s\n" "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes" -then : - -if test ${CFLAGS+y} -then : - - case " $CFLAGS " in #( - *" $flag "*) : - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 - (: CFLAGS already contains $flag) 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } ;; #( - *) : - - as_fn_append CFLAGS " $flag" - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 - (: CFLAGS="$CFLAGS") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac - -else $as_nop - - CFLAGS=$flag - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 - (: CFLAGS="$CFLAGS") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - -fi - -else $as_nop - : -fi - -done - - - - - for flag in -Wno-deprecated-declarations; do as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags__$flag" | $as_tr_sh` { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 @@ -7660,8 +7582,8 @@ -macro_version='2.4.6' -macro_revision='2.4.6' +macro_version='2.4.7' +macro_revision='2.4.7' @@ -8072,13 +7994,13 @@ mingw*) lt_bad_file=conftest.nm/nofile ;; *) lt_bad_file=/dev/null ;; esac - case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in + case `"$tmp_nm" -B $lt_bad_file 2>&1 | $SED '1q'` in *$lt_bad_file* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break 2 ;; *) - case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + case `"$tmp_nm" -p /dev/null 2>&1 | $SED '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break 2 @@ -8216,7 +8138,7 @@ fi fi - case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in + case `$DUMPBIN -symbols -headers /dev/null 2>&1 | $SED '1q'` in *COFF*) DUMPBIN="$DUMPBIN -symbols -headers" ;; @@ -8320,7 +8242,7 @@ lt_cv_sys_max_cmd_len=8192; ;; - bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) + bitrig* | darwin* | dragonfly* | freebsd* | midnightbsd* | netbsd* | openbsd*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` @@ -8363,7 +8285,7 @@ sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then - lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.* //'` + lt_cv_sys_max_cmd_len=`echo $kargmax | $SED 's/.* //'` else lt_cv_sys_max_cmd_len=32768 fi @@ -8569,6 +8491,114 @@ if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}file", so it can be a program name with args. +set dummy ${ac_tool_prefix}file; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_FILECMD+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$FILECMD"; then + ac_cv_prog_FILECMD="$FILECMD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_FILECMD="${ac_tool_prefix}file" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +FILECMD=$ac_cv_prog_FILECMD +if test -n "$FILECMD"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $FILECMD" >&5 +printf "%s\n" "$FILECMD" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_FILECMD"; then + ac_ct_FILECMD=$FILECMD + # Extract the first word of "file", so it can be a program name with args. +set dummy file; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_FILECMD+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$ac_ct_FILECMD"; then + ac_cv_prog_ac_ct_FILECMD="$ac_ct_FILECMD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_FILECMD="file" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_FILECMD=$ac_cv_prog_ac_ct_FILECMD +if test -n "$ac_ct_FILECMD"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_FILECMD" >&5 +printf "%s\n" "$ac_ct_FILECMD" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_ct_FILECMD" = x; then + FILECMD=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + FILECMD=$ac_ct_FILECMD + fi +else + FILECMD="$ac_cv_prog_FILECMD" +fi + + + + + + + +if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. set dummy ${ac_tool_prefix}objdump; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 @@ -8711,7 +8741,7 @@ bsdi45*) lt_cv_deplibs_check_method='file_magic ELF 0-90-9*-bit MLSB (shared object|dynamic lib)' - lt_cv_file_magic_cmd='/usr/bin/file -L' + lt_cv_file_magic_cmd='$FILECMD -L' lt_cv_file_magic_test_file=/shlib/libc.so ;; @@ -8745,14 +8775,14 @@ lt_cv_deplibs_check_method=pass_all ;; -freebsd* | dragonfly*) +freebsd* | dragonfly* | midnightbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i3-986 (compact )?demand paged shared library' - lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_cmd=$FILECMD lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac @@ -8766,7 +8796,7 @@ ;; hpux10.20* | hpux11*) - lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_cmd=$FILECMD case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s0-90-90-9|ELF-0-90-9) shared object file - IA64' @@ -8813,7 +8843,7 @@ newos6*) lt_cv_deplibs_check_method='file_magic ELF 0-90-9*-bit MLSB (executable|dynamic lib)' - lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_cmd=$FILECMD lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; @@ -9186,13 +9216,29 @@ fi : ${AR=ar} -: ${AR_FLAGS=cr} +# Use ARFLAGS variable as AR's operation code to sync the variable naming with +# Automake. If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have +# higher priority because thats what people were doing historically (setting +# ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS +# variable obsoleted/removed. + +test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr} +lt_ar_flags=$AR_FLAGS + + + + + + +# Make AR_FLAGS overridable by 'make ARFLAGS='. Don't try to run-time override +# by AR_FLAGS because that was never working and AR_FLAGS is about to die. + @@ -9609,7 +9655,7 @@ if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Gets list of data symbols to import. - lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" + lt_cv_sys_global_symbol_to_import="$SED -n -e 's/^I .* \(.*\)$/\1/p'" # Adjust the below global symbol transforms to fixup imported variables. lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" @@ -9627,20 +9673,20 @@ # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. -lt_cv_sys_global_symbol_to_cdecl="sed -n"\ +lt_cv_sys_global_symbol_to_cdecl="$SED -n"\ $lt_cdecl_hook\ " -e 's/^T .* \(.*\)$/extern int \1();/p'"\ " -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address -lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ +lt_cv_sys_global_symbol_to_c_name_address="$SED -n"\ $lt_c_name_hook\ " -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ " -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" # Transform an extracted symbol line into symbol name with lib prefix and # symbol address. -lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="$SED -n"\ $lt_c_name_lib_hook\ " -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ " -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ @@ -9664,7 +9710,7 @@ if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function, # D for any global variable and I for any imported variable. - # Also find C++ and __fastcall symbols from MSVC++, + # Also find C++ and __fastcall symbols from MSVC++ or ICC, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK '"\ " {last_section=section; section=\$ 3};"\ @@ -9682,9 +9728,9 @@ " s1~prfx {split(s1,t,\"@\"); print f,t1,substr(t1,length(prfx))}"\ " ' prfx=^$ac_symprfx" else - lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.* \($symcode$symcode*\) *$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + lt_cv_sys_global_symbol_pipe="$SED -n -e 's/^.* \($symcode$symcode*\) *$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" fi - lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" + lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | $SED '/ __gnu_lto/d'" # Check to see that the pipe works correctly. pipe_works=no @@ -9884,7 +9930,7 @@ fi ;; #( /*) - lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` + lt_sysroot=`echo "$with_sysroot" | $SED -e "$sed_quote_subst"` ;; #( no|'') ;; #( @@ -10009,7 +10055,7 @@ ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE=32 ;; @@ -10030,7 +10076,7 @@ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then if test yes = "$lt_cv_prog_gnu_ld"; then - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; @@ -10042,7 +10088,7 @@ ;; esac else - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; @@ -10068,7 +10114,7 @@ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then emul=elf - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *32-bit*) emul="${emul}32" ;; @@ -10076,7 +10122,7 @@ emul="${emul}64" ;; esac - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *MSB*) emul="${emul}btsmip" ;; @@ -10084,7 +10130,7 @@ emul="${emul}ltsmip" ;; esac - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *N32*) emul="${emul}n32" ;; @@ -10108,14 +10154,14 @@ ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - case `/usr/bin/file conftest.o` in + case `$FILECMD conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) - case `/usr/bin/file conftest.o` in + case `$FILECMD conftest.o` in *x86-64*) LD="${LD-ld} -m elf32_x86_64" ;; @@ -10223,7 +10269,7 @@ ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - case `/usr/bin/file conftest.o` in + case `$FILECMD conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) @@ -11006,8 +11052,8 @@ _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 - echo "$AR cr libconftest.a conftest.o" >&5 - $AR cr libconftest.a conftest.o 2>&5 + echo "$AR $AR_FLAGS libconftest.a conftest.o" >&5 + $AR $AR_FLAGS libconftest.a conftest.o 2>&5 echo "$RANLIB libconftest.a" >&5 $RANLIB libconftest.a 2>&5 cat > conftest.c << _LT_EOF @@ -11034,17 +11080,12 @@ _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - darwin*) # darwin 5.x on - # if running on 10.5 or later, the deployment target defaults - # to the OS version, if on x86, and 10.4, the deployment - # target defaults to 10.4. Don't you love it? - case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in - 10.0,*86*-darwin8*|10.0,*-darwin912*) - _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; - 10.012,.*) - _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - 10.*|11.*) - _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + darwin*) + case $MACOSX_DEPLOYMENT_TARGET,$host in + 10.012,*|,*powerpc*-darwin5-8*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; + *) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; esac ;; esac @@ -11431,8 +11472,8 @@ ofile=libtool can_build_shared=yes -# All known linkers require a '.a' archive for static linking (except MSVC, -# which needs '.lib'). +# All known linkers require a '.a' archive for static linking (except MSVC and +# ICC, which need '.lib'). libext=a with_gnu_ld=$lt_cv_prog_gnu_ld @@ -11950,7 +11991,7 @@ lt_prog_compiler_static='-qstaticlink' ;; *) - case `$CC -V 2>&1 | sed 5q` in + case `$CC -V 2>&1 | $SED 5q` in *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ 1-7.* | *Sun*Fortran*\ 8.0-3*) # Sun Fortran 8.3 passes all unrecognized flags to the linker lt_prog_compiler_pic='-KPIC' @@ -12373,15 +12414,15 @@ case $host_os in cygwin* | mingw* | pw32* | cegcc*) - # FIXME: the MSVC++ port hasn't been tested in a loooong time + # FIXME: the MSVC++ and ICC port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. + # Microsoft Visual C++ or Intel C++ Compiler. if test yes != "$GCC"; then with_gnu_ld=no fi ;; interix*) - # we just hope/assume this is gcc and not c89 (= MSVC++) + # we just hope/assume this is gcc and not c89 (= MSVC++ or ICC) with_gnu_ld=yes ;; openbsd* | bitrig*) @@ -12436,7 +12477,7 @@ whole_archive_flag_spec= fi supports_anon_versioning=no - case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in + case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ 01.* | *\ 2.0-9.* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... @@ -12548,6 +12589,7 @@ emximp -o $lib $output_objdir/$libname.def' old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' enable_shared_with_static_runtimes=yes + file_list_spec='@' ;; interix3-9*) @@ -12562,7 +12604,7 @@ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) @@ -12605,7 +12647,7 @@ compiler_needs_object=yes ;; esac - case `$CC -V 2>&1 | sed 5q` in + case `$CC -V 2>&1 | $SED 5q` in *Sun\ C*) # Sun C 5.9 whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' compiler_needs_object=yes @@ -12617,13 +12659,14 @@ if test yes = "$supports_anon_versioning"; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' fi case $cc_basename in tcc*) + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' export_dynamic_flag_spec='-rdynamic' ;; xlf* | bgf* | bgxlf* | mpixlf*) @@ -12633,7 +12676,7 @@ archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test yes = "$supports_anon_versioning"; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi @@ -12765,7 +12808,7 @@ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\(^B*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\(^B*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no @@ -13036,12 +13079,12 @@ cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. + # Microsoft Visual C++ or Intel C++ Compiler. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. case $cc_basename in - cl*) - # Native MSVC + cl* | icl*) + # Native MSVC or ICC hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported always_export_symbols=yes @@ -13082,7 +13125,7 @@ fi' ;; *) - # Assume MSVC wrapper + # Assume MSVC and ICC wrapper hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported # Tell ltmain to make .lib files, not .a files. @@ -13123,8 +13166,8 @@ output_verbose_link_cmd=func_echo_all archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" - archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" - module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" + archive_expsym_cmds="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" + module_expsym_cmds="$SED -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" else ld_shlibs=no @@ -13158,7 +13201,7 @@ ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. - freebsd* | dragonfly*) + freebsd* | dragonfly* | midnightbsd*) archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes @@ -13339,6 +13382,7 @@ # Fabrice Bellard et al's Tiny C Compiler ld_shlibs=yes archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ;; esac ;; @@ -13410,6 +13454,7 @@ emximp -o $lib $output_objdir/$libname.def' old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' enable_shared_with_static_runtimes=yes + file_list_spec='@' ;; osf3*) @@ -14102,7 +14147,7 @@ case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' - soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/./-/g'`$versuffix$shared_ext' + soname_spec='`echo $libname | $SED -e 's/^lib/cyg/'``echo $release | $SED -e 's/./-/g'`$versuffix$shared_ext' sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" ;; @@ -14112,14 +14157,14 @@ ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' - library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/./-/g'`$versuffix$shared_ext' + library_names_spec='`echo $libname | $SED -e 's/^lib/pw/'``echo $release | $SED -e 's/./-/g'`$versuffix$shared_ext' ;; esac dynamic_linker='Win32 ld.exe' ;; - *,cl*) - # Native MSVC + *,cl* | *,icl*) + # Native MSVC or ICC libname_spec='$name' soname_spec='$libname`echo $release | $SED -e 's/./-/g'`$versuffix$shared_ext' library_names_spec='$libname.dll.lib' @@ -14138,7 +14183,7 @@ done IFS=$lt_save_ifs # Convert to MSYS style. - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\(a-zA-Z\\):| /\\1|g' -e 's|^ ||'` + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's|\\\\|/|g' -e 's| \\(a-zA-Z\\):| /\\1|g' -e 's|^ ||'` ;; cygwin*) # Convert to unix form, then to dos form, then back to unix form @@ -14175,7 +14220,7 @@ ;; *) - # Assume MSVC wrapper + # Assume MSVC and ICC wrapper library_names_spec='$libname`echo $release | $SED -e 's/./-/g'`$versuffix$shared_ext $libname.lib' dynamic_linker='Win32 ld.exe' ;; @@ -14208,7 +14253,7 @@ shlibpath_var=LD_LIBRARY_PATH ;; -freebsd* | dragonfly*) +freebsd* | dragonfly* | midnightbsd*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then @@ -15373,30 +15418,41 @@ old_striplib= { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 printf %s "checking whether stripping libraries is possible... " >&6; } -if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then - test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" - test -z "$striplib" && striplib="$STRIP --strip-unneeded" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -printf "%s\n" "yes" >&6; } +if test -z "$STRIP"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } else -# FIXME - insert some real tests, host_os isn't really good enough - case $host_os in - darwin*) - if test -n "$STRIP"; then + if $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + old_striplib="$STRIP --strip-debug" + striplib="$STRIP --strip-unneeded" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + else + case $host_os in + darwin*) + # FIXME - insert some real tests, host_os isn't really good enough striplib="$STRIP -x" old_striplib="$STRIP -S" { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } - else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 + ;; + freebsd*) + if $STRIP -V 2>&1 | $GREP "elftoolchain" >/dev/null; then + old_striplib="$STRIP --strip-debug" + striplib="$STRIP --strip-unneeded" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - fi - ;; - *) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 + fi + ;; + *) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - ;; - esac + ;; + esac + fi fi @@ -15667,7 +15723,7 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** PTY device files" >&5 printf "%s\n" "$as_me: **************************************** PTY device files" >&6;} -if test "x$cross_compiling" = "xno"; then +if test "x${cross_compiling}" = "xno"; then as_ac_File=`printf "%s\n" "ac_cv_file_"/dev/ptmx"" | $as_tr_sh` { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptmx\"" >&5 printf %s "checking for \"/dev/ptmx\"... " >&6; } @@ -15726,18 +15782,18 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** entropy sources" >&5 printf "%s\n" "$as_me: **************************************** entropy sources" >&6;} -if test "x$cross_compiling" = "xno"; then +if test "x${cross_compiling}" = "xno"; then # Check whether --with-egd-socket was given. if test ${with_egd_socket+y} then : - withval=$with_egd_socket; EGD_SOCKET="$withval" + withval=$with_egd_socket; EGD_SOCKET="${withval}" fi - if test -n "$EGD_SOCKET"; then + if test -n "${EGD_SOCKET}"; then -printf "%s\n" "#define EGD_SOCKET \"$EGD_SOCKET\"" >>confdefs.h +printf "%s\n" "#define EGD_SOCKET \"${EGD_SOCKET}\"" >>confdefs.h fi @@ -15746,7 +15802,7 @@ # Check whether --with-random was given. if test ${with_random+y} then : - withval=$with_random; RANDOM_FILE="$withval" + withval=$with_random; RANDOM_FILE="${withval}" else $as_nop # Check for random device @@ -15777,10 +15833,10 @@ fi - if test -n "$RANDOM_FILE"; then + if test -n "${RANDOM_FILE}"; then -printf "%s\n" "#define RANDOM_FILE \"$RANDOM_FILE\"" >>confdefs.h +printf "%s\n" "#define RANDOM_FILE \"${RANDOM_FILE}\"" >>confdefs.h fi else @@ -15791,7 +15847,7 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** default group" >&5 printf "%s\n" "$as_me: **************************************** default group" >&6;} DEFAULT_GROUP=nobody -if test "x$cross_compiling" = "xno"; then +if test "x${cross_compiling}" = "xno"; then grep '^nogroup:' /etc/group >/dev/null && DEFAULT_GROUP=nogroup else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross-compilation: assuming nogroup is not available" >&5 @@ -15799,8 +15855,8 @@ fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for default group" >&5 printf %s "checking for default group... " >&6; } -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DEFAULT_GROUP" >&5 -printf "%s\n" "$DEFAULT_GROUP" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${DEFAULT_GROUP}" >&5 +printf "%s\n" "${DEFAULT_GROUP}" >&6; } # Check whether --enable-largefile was given. @@ -16561,8 +16617,8 @@ # Add BeOS libraries -if test "x$host_os" = "xbeos"; then - LIBS="$LIBS -lbe -lroot -lbind" +if test "x${host_os}" = "xbeos"; then + LIBS="${LIBS} -lbe -lroot -lbind" fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** library functions" >&5 @@ -16709,7 +16765,7 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo" >&5 printf %s "checking for getaddrinfo... " >&6; } -case "$host_os" in +case "${host_os}" in *androideabi*) # http://stackoverflow.com/questions/7818246/segmentation-fault-in-getaddrinfo { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no (buggy Android implementation)" >&5 @@ -16753,7 +16809,7 @@ # poll() is not recommended on Mac OS X <= 10.3 and broken on Mac OS X 10.4 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for broken poll() implementation" >&5 printf %s "checking for broken poll() implementation... " >&6; } -case "$host_os" in +case "${host_os}" in darwin0-8.*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes (poll() disabled)" >&5 printf "%s\n" "yes (poll() disabled)" >&6; } @@ -16790,7 +16846,7 @@ if test ${enable_ipv6+y} then : enableval=$enable_ipv6; - case "$enableval" in + case "${enableval}" in yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } @@ -16824,7 +16880,7 @@ if test ${enable_fips+y} then : enableval=$enable_fips; - case "$enableval" in + case "${enableval}" in yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } use_fips="yes" @@ -16859,7 +16915,7 @@ if test ${enable_systemd+y} then : enableval=$enable_systemd; - case "$enableval" in + case "${enableval}" in yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing sd_listen_fds" >&5 @@ -17036,13 +17092,13 @@ if test ${enable_libwrap+y} then : enableval=$enable_libwrap; - case "$enableval" in + case "${enableval}" in yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } printf "%s\n" "#define USE_LIBWRAP 1" >>confdefs.h - LIBS="$LIBS -lwrap" + LIBS="${LIBS} -lwrap" ;; no) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } @@ -17059,8 +17115,8 @@ printf "%s\n" "autodetecting" >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for hosts_access in -lwrap" >&5 printf %s "checking for hosts_access in -lwrap... " >&6; } - valid_LIBS="$LIBS" - LIBS="$valid_LIBS -lwrap" + valid_LIBS="${LIBS}" + LIBS="${valid_LIBS} -lwrap" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -17089,7 +17145,7 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - LIBS="$valid_LIBS" + LIBS="${valid_LIBS}" { printf "%s\n" "$as_me:${as_lineno-$LINENO}: libwrap library not found" >&5 printf "%s\n" "$as_me: libwrap library not found" >&6;} @@ -17118,7 +17174,7 @@ # - empty prefix for main_dir in "/usr/local" "/opt" "/opt/local" "/usr/local/opt" "/opt/csw" "/usr/pkg" "/usr/lib" "/usr" ""; do for sub_dir in "/ssl" "/openssl" "/ossl" ""; do - check_ssl_dir "$1$main_dir$sub_dir" && return 0 + check_ssl_dir "$1${main_dir}${sub_dir}" && return 0 done done return 1 @@ -17126,21 +17182,21 @@ find_ssl_dir() { : # try Android *first* - case "$host_os" in + case "${host_os}" in *androideabi*) - iterate_ssl_dir "$ANDROID_NDK/sysroot" && return + iterate_ssl_dir "${ANDROID_NDK}/sysroot" && return ;; esac - test -d "$lt_sysroot" && iterate_ssl_dir "$lt_sysroot" && return - test "$prefix" != "NONE" && iterate_ssl_dir "$prefix" && return - test -d "$ac_default_prefix" && iterate_ssl_dir "$ac_default_prefix" && return + test -d "${lt_sysroot}" && iterate_ssl_dir "${lt_sysroot}" && return + test "${prefix}" != "NONE" && iterate_ssl_dir "${prefix}" && return + test -d "${ac_default_prefix}" && iterate_ssl_dir "${ac_default_prefix}" && return iterate_ssl_dir "" && return # try Xcode *last* if test -x "/usr/bin/xcrun"; then sdk_path=`/usr/bin/xcrun --sdk macosx --show-sdk-path` - check_ssl_dir "$sdk_path/usr" && return + check_ssl_dir "${sdk_path}/usr" && return fi check_ssl_dir "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/swift-migrator/sdk/MacOSX.sdk/usr" } @@ -17152,13 +17208,13 @@ # Check whether --with-ssl was given. if test ${with_ssl+y} then : - withval=$with_ssl; check_ssl_dir "$withval" + withval=$with_ssl; check_ssl_dir "${withval}" else $as_nop find_ssl_dir fi -if test -z "$SSLDIR"; then +if test -z "${SSLDIR}"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: not found" >&5 printf "%s\n" "not found" >&6; } as_fn_error $? " @@ -17166,15 +17222,15 @@ Use --with-ssl option to fix this problem " "$LINENO" 5 fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SSLDIR" >&5 -printf "%s\n" "$SSLDIR" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${SSLDIR}" >&5 +printf "%s\n" "${SSLDIR}" >&6; } -printf "%s\n" "#define SSLDIR \"$SSLDIR\"" >>confdefs.h +printf "%s\n" "#define SSLDIR \"${SSLDIR}\"" >>confdefs.h -valid_CPPFLAGS="$CPPFLAGS"; CPPFLAGS="$CPPFLAGS -I$SSLDIR/include" -valid_LIBS="$LIBS"; LIBS="$LIBS -L$SSLDIR/lib64 -L$SSLDIR/lib -lssl -lcrypto" +valid_CPPFLAGS="${CPPFLAGS}"; CPPFLAGS="${CPPFLAGS} -I${SSLDIR}/include" +valid_LIBS="${LIBS}"; LIBS="${LIBS} -L${SSLDIR}/lib64 -L${SSLDIR}/lib -lssl -lcrypto" ac_fn_c_check_func "$LINENO" "FIPS_mode_set" "ac_cv_func_FIPS_mode_set" if test "x$ac_cv_func_FIPS_mode_set" = xyes @@ -17189,8 +17245,8 @@ fi -if test "x$use_fips" = "xauto"; then - if test "x$ac_cv_func_FIPS_mode_set" = "xyes" -o "x$ac_cv_func_OSSL_PROVIDER_available" = "xyes"; then +if test "x${use_fips}" = "xauto"; then + if test "x${ac_cv_func_FIPS_mode_set}" = "xyes" -o "x${ac_cv_func_OSSL_PROVIDER_available}" = "xyes"; then printf "%s\n" "#define USE_FIPS 1" >>confdefs.h @@ -17205,21 +17261,22 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether DH parameters need to be updated" >&5 printf %s "checking whether DH parameters need to be updated... " >&6; } # only build src/dhparam.c if sources are located in the current directory -if test -f src/stunnel.c && ! grep -q " built for $PACKAGE_STRING " src/dhparam.c; then +if test -f src/stunnel.c && ! grep -q " built for ${PACKAGE_STRING} " src/dhparam.c; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } - $(dirname $0)/makedh.sh "$PACKAGE_STRING" >src/dhparam.c - # also update trusted CA certificates - curl 'https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites' | - sed -e 's/\r//' -e 's/ $//' >tools/ca-certs.pem + $(dirname $0)/makedh.sh "${PACKAGE_STRING}" >src/dhparam.c else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi -SYSROOT="$lt_sysroot" -CPPFLAGS="$valid_CPPFLAGS" -LIBS="$valid_LIBS" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating version.txt" >&5 +printf "%s\n" "$as_me: updating version.txt" >&6;} +echo "${PACKAGE_VERSION}" >version.txt + +SYSROOT="${lt_sysroot}" +CPPFLAGS="${valid_CPPFLAGS}" +LIBS="${valid_LIBS}" { printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** write the results" >&5 printf "%s\n" "$as_me: **************************************** write the results" >&6;} @@ -17748,7 +17805,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by stunnel $as_me 5.69, which was +This file was extended by stunnel $as_me 5.72, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -17816,7 +17873,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -stunnel config.status 5.69 +stunnel config.status 5.72 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" @@ -17979,6 +18036,7 @@ lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`' reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`' reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`' +FILECMD='`$ECHO "$FILECMD" | $SED "$delay_single_quote_subst"`' OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`' deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`' file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`' @@ -17987,6 +18045,7 @@ DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`' sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`' AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`' +lt_ar_flags='`$ECHO "$lt_ar_flags" | $SED "$delay_single_quote_subst"`' AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`' archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`' STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`' @@ -18107,6 +18166,7 @@ lt_SP2NL \ lt_NL2SP \ reload_flag \ +FILECMD \ OBJDUMP \ deplibs_check_method \ file_magic_cmd \ @@ -18115,7 +18175,6 @@ DLLTOOL \ sharedlib_from_linklib_cmd \ AR \ -AR_FLAGS \ archiver_list_spec \ STRIP \ RANLIB \ @@ -19062,6 +19121,9 @@ # convert \$build files to toolchain format. to_tool_file_cmd=$lt_cv_to_tool_file_cmd +# A file(cmd) program that detects file types. +FILECMD=$lt_FILECMD + # An object symbol dumper. OBJDUMP=$lt_OBJDUMP @@ -19086,8 +19148,11 @@ # The archiver. AR=$lt_AR +# Flags to create an archive (by configure). +lt_ar_flags=$lt_ar_flags + # Flags to create an archive. -AR_FLAGS=$lt_AR_FLAGS +AR_FLAGS=\${ARFLAGS-"\$lt_ar_flags"} # How to feed a file listing to the archiver. archiver_list_spec=$lt_archiver_list_spec @@ -19463,7 +19528,7 @@ # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? - sed '$q' "$ltmain" >> "$cfgfile" \ + $SED '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) mv -f "$cfgfile" "$ofile" ||
View file
_service:tar_scm:stunnel-5.69.tar.gz/configure.ac -> _service:tar_scm:stunnel-5.72.tar.gz/configure.ac
Changed
@@ -1,6 +1,6 @@ # Process this file with autoconf to produce a configure script. -AC_INIT(stunnel,5.69) +AC_INIT(stunnel,5.72) AC_MSG_NOTICE(**************************************** initialization) AC_CONFIG_AUX_DIR(auto) AC_CONFIG_MACRO_DIR(m4) @@ -10,13 +10,13 @@ AC_CANONICAL_HOST AC_SUBST(host) -AC_DEFINE_UNQUOTED(HOST, "$host", Host description) +AC_DEFINE_UNQUOTED(HOST, "${host}", Host description) define(esc, `echo $1 | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_`) -AC_DEFINE_UNQUOTED(esc(CPU_$host_cpu)) -AC_DEFINE_UNQUOTED(esc(VENDOR_$host_vendor)) -AC_DEFINE_UNQUOTED(esc(OS_$host_os)) +AC_DEFINE_UNQUOTED(esc(CPU_${host_cpu})) +AC_DEFINE_UNQUOTED(esc(VENDOR_${host_vendor})) +AC_DEFINE_UNQUOTED(esc(OS_${host_os})) -case "$host_os" in +case "${host_os}" in *darwin*) # OSX does not declare ucontext without _XOPEN_SOURCE AC_DEFINE(_XOPEN_SOURCE, 500, Use X/Open 5 with POSIX 1995) @@ -44,8 +44,8 @@ PKG_CHECK_VAR(with_bashcompdir, bash-completion, completionsdir, , with_bashcompdir="${datarootdir}/bash-completion/completions")) AC_MSG_CHECKING(for bashcompdir) -AC_MSG_RESULT($with_bashcompdir) -AC_SUBST(bashcompdir, $with_bashcompdir) +AC_MSG_RESULT(${with_bashcompdir}) +AC_SUBST(bashcompdir, ${with_bashcompdir}) AC_MSG_NOTICE(**************************************** thread model) # thread detection should be done first, as it may change the CC variable @@ -53,7 +53,7 @@ AC_ARG_WITH(threads, --with-threads=model select threading model (ucontext/pthread/fork), - case "$withval" in + case "${withval}" in ucontext) AC_MSG_NOTICE(UCONTEXT mode selected) AC_DEFINE(USE_UCONTEXT, 1, Define to 1 to select UCONTEXT mode) @@ -61,9 +61,9 @@ pthread) AC_MSG_NOTICE(PTHREAD mode selected) AX_PTHREAD() - LIBS="$PTHREAD_LIBS $LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - CC="$PTHREAD_CC" + LIBS="${PTHREAD_LIBS} ${LIBS}" + CFLAGS="${CFLAGS} ${PTHREAD_CFLAGS}" + CC="${PTHREAD_CC}" AC_DEFINE(USE_PTHREAD, 1, Define to 1 to select PTHREAD mode) ;; fork) @@ -71,16 +71,16 @@ AC_DEFINE(USE_FORK, 1, Define to 1 to select FORK mode) ;; *) - AC_MSG_ERROR(Unknown thread model \"${withval}\") + AC_MSG_ERROR(Unknown thread model "${withval}") ;; esac , # do not attempt to autodetect UCONTEXT threading AX_PTHREAD( AC_MSG_NOTICE(PTHREAD thread model detected) - LIBS="$PTHREAD_LIBS $LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - CC="$PTHREAD_CC" + LIBS="${PTHREAD_LIBS} ${LIBS}" + CFLAGS="${CFLAGS} ${PTHREAD_CFLAGS}" + CC="${PTHREAD_CC}" AC_DEFINE(USE_PTHREAD, 1, Define to 1 to select PTHREAD mode) , AC_MSG_NOTICE(FORK thread model detected) @@ -89,13 +89,12 @@ ) AC_MSG_NOTICE(**************************************** compiler/linker flags) -if test "$GCC" = yes; then +if test "${GCC}" = yes; then AX_APPEND_COMPILE_FLAGS(-Wall) AX_APPEND_COMPILE_FLAGS(-Wextra) AX_APPEND_COMPILE_FLAGS(-Wpedantic) AX_APPEND_COMPILE_FLAGS(-Wformat=2) AX_APPEND_COMPILE_FLAGS(-Wconversion) - AX_APPEND_COMPILE_FLAGS(-Wno-long-long) AX_APPEND_COMPILE_FLAGS(-Wno-deprecated-declarations) AX_APPEND_COMPILE_FLAGS(-fPIE) case "${host}" in @@ -137,7 +136,7 @@ AC_CHECK_TYPES(struct addrinfo, , , #include <netdb.h>) AC_MSG_NOTICE(**************************************** PTY device files) -if test "x$cross_compiling" = "xno"; then +if test "x${cross_compiling}" = "xno"; then AC_CHECK_FILE("/dev/ptmx", AC_DEFINE(HAVE_DEV_PTMX, 1, Define to 1 if you have '/dev/ptmx' device.)) AC_CHECK_FILE("/dev/ptc", AC_DEFINE(HAVE_DEV_PTS_AND_PTC, 1, @@ -148,28 +147,28 @@ AC_MSG_NOTICE(**************************************** entropy sources) -if test "x$cross_compiling" = "xno"; then +if test "x${cross_compiling}" = "xno"; then AC_ARG_WITH(egd-socket, --with-egd-socket=FILE Entropy Gathering Daemon socket path, - EGD_SOCKET="$withval" + EGD_SOCKET="${withval}" ) - if test -n "$EGD_SOCKET"; then - AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET", + if test -n "${EGD_SOCKET}"; then + AC_DEFINE_UNQUOTED(EGD_SOCKET, "${EGD_SOCKET}", Entropy Gathering Daemon socket path) fi # Check for user-specified random device AC_ARG_WITH(random, --with-random=FILE read randomness from file (default=/dev/urandom), - RANDOM_FILE="$withval", + RANDOM_FILE="${withval}", # Check for random device AC_CHECK_FILE("/dev/urandom", RANDOM_FILE="/dev/urandom") ) - if test -n "$RANDOM_FILE"; then + if test -n "${RANDOM_FILE}"; then AC_SUBST(RANDOM_FILE) - AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE", Random file path) + AC_DEFINE_UNQUOTED(RANDOM_FILE, "${RANDOM_FILE}", Random file path) fi else AC_MSG_WARN(cross-compilation: assuming entropy sources are not available) @@ -177,13 +176,13 @@ AC_MSG_NOTICE(**************************************** default group) DEFAULT_GROUP=nobody -if test "x$cross_compiling" = "xno"; then +if test "x${cross_compiling}" = "xno"; then grep '^nogroup:' /etc/group >/dev/null && DEFAULT_GROUP=nogroup else AC_MSG_WARN(cross-compilation: assuming nogroup is not available) fi AC_MSG_CHECKING(for default group) -AC_MSG_RESULT($DEFAULT_GROUP) +AC_MSG_RESULT(${DEFAULT_GROUP}) AC_SUBST(DEFAULT_GROUP) AC_SYS_LARGEFILE @@ -223,8 +222,8 @@ AC_SEARCH_LIBS(shl_load, dld) # Add BeOS libraries -if test "x$host_os" = "xbeos"; then - LIBS="$LIBS -lbe -lroot -lbind" +if test "x${host_os}" = "xbeos"; then + LIBS="${LIBS} -lbe -lroot -lbind" fi AC_MSG_NOTICE(**************************************** library functions) @@ -243,7 +242,7 @@ # sockets AC_CHECK_FUNCS(poll gethostbyname2 endhostent getnameinfo) AC_MSG_CHECKING(for getaddrinfo) -case "$host_os" in +case "${host_os}" in *androideabi*) # http://stackoverflow.com/questions/7818246/segmentation-fault-in-getaddrinfo AC_MSG_RESULT(no (buggy Android implementation)) @@ -268,7 +267,7 @@ esac # poll() is not recommended on Mac OS X <= 10.3 and broken on Mac OS X 10.4 AC_MSG_CHECKING(for broken poll() implementation) -case "$host_os" in +case "${host_os}" in darwin0-8.*) AC_MSG_RESULT(yes (poll() disabled)) AC_DEFINE(BROKEN_POLL, 1, Define to 1 if you have a broken 'poll' implementation.) @@ -286,7 +285,7 @@ AC_ARG_ENABLE(ipv6, --disable-ipv6 disable IPv6 support, - case "$enableval" in + case "${enableval}" in yes) AC_MSG_RESULT(yes) AC_DEFINE(USE_IPv6, 1, Define to 1 to enable IPv6 support) @@ -294,7 +293,7 @@ no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(error) - AC_MSG_ERROR(bad value \"${enableval}\") + AC_MSG_ERROR(bad value "${enableval}") ;; esac , @@ -310,7 +309,7 @@ AC_ARG_ENABLE(fips, --disable-fips disable OpenSSL FIPS support, - case "$enableval" in + case "${enableval}" in yes) AC_MSG_RESULT(yes) use_fips="yes" AC_DEFINE(USE_FIPS, 1, @@ -320,7 +319,7 @@ use_fips="no" ;; *) AC_MSG_RESULT(error) - AC_MSG_ERROR(bad value \"${enableval}\") + AC_MSG_ERROR(bad value "${enableval}") ;; esac , @@ -335,7 +334,7 @@ AC_ARG_ENABLE(systemd, --disable-systemd disable systemd socket activation support, - case "$enableval" in + case "${enableval}" in yes) AC_MSG_RESULT(yes) AC_SEARCH_LIBS(sd_listen_fds, systemd systemd-daemon) AC_DEFINE(USE_SYSTEMD, 1, @@ -344,7 +343,7 @@ no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(error) - AC_MSG_ERROR(Bad value \"${enableval}\") + AC_MSG_ERROR(Bad value "${enableval}") ;; esac , @@ -370,24 +369,24 @@ AC_ARG_ENABLE(libwrap, --disable-libwrap disable TCP wrappers support, - case "$enableval" in + case "${enableval}" in yes) AC_MSG_RESULT(yes) AC_DEFINE(USE_LIBWRAP, 1, Define to 1 to enable TCP wrappers support) - LIBS="$LIBS -lwrap" + LIBS="${LIBS} -lwrap" ;; no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(error) - AC_MSG_ERROR(Bad value \"${enableval}\") + AC_MSG_ERROR(Bad value "${enableval}") ;; esac , AC_MSG_RESULT(autodetecting) AC_MSG_CHECKING(for hosts_access in -lwrap) - valid_LIBS="$LIBS" - LIBS="$valid_LIBS -lwrap" + valid_LIBS="${LIBS}" + LIBS="${valid_LIBS} -lwrap" AC_LINK_IFELSE( AC_LANG_PROGRAM( @@ -400,7 +399,7 @@ AC_MSG_NOTICE(libwrap support enabled) , AC_MSG_RESULT(no) - LIBS="$valid_LIBS" + LIBS="${valid_LIBS}" AC_MSG_NOTICE(libwrap library not found) ) @@ -422,7 +421,7 @@ # - empty prefix for main_dir in "/usr/local" "/opt" "/opt/local" "/usr/local/opt" "/opt/csw" "/usr/pkg" "/usr/lib" "/usr" ""; do for sub_dir in "/ssl" "/openssl" "/ossl" ""; do - check_ssl_dir "$1$main_dir$sub_dir" && return 0 + check_ssl_dir "$1${main_dir}${sub_dir}" && return 0 done done return 1 @@ -430,21 +429,21 @@ find_ssl_dir() { : # try Android *first* - case "$host_os" in + case "${host_os}" in *androideabi*) - iterate_ssl_dir "$ANDROID_NDK/sysroot" && return + iterate_ssl_dir "${ANDROID_NDK}/sysroot" && return ;; esac - test -d "$lt_sysroot" && iterate_ssl_dir "$lt_sysroot" && return - test "$prefix" != "NONE" && iterate_ssl_dir "$prefix" && return - test -d "$ac_default_prefix" && iterate_ssl_dir "$ac_default_prefix" && return + test -d "${lt_sysroot}" && iterate_ssl_dir "${lt_sysroot}" && return + test "${prefix}" != "NONE" && iterate_ssl_dir "${prefix}" && return + test -d "${ac_default_prefix}" && iterate_ssl_dir "${ac_default_prefix}" && return iterate_ssl_dir "" && return # try Xcode *last* if test -x "/usr/bin/xcrun"; then sdk_path=`/usr/bin/xcrun --sdk macosx --show-sdk-path` - check_ssl_dir "$sdk_path/usr" && return + check_ssl_dir "${sdk_path}/usr" && return fi check_ssl_dir "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/swift-migrator/sdk/MacOSX.sdk/usr" } @@ -453,26 +452,26 @@ AC_MSG_CHECKING(for TLS directory) AC_ARG_WITH(ssl, --with-ssl=DIR location of installed TLS libraries/include files, - check_ssl_dir "$withval", + check_ssl_dir "${withval}", find_ssl_dir ) -if test -z "$SSLDIR"; then +if test -z "${SSLDIR}"; then AC_MSG_RESULT(not found) AC_MSG_ERROR( Could not find your TLS library installation dir Use --with-ssl option to fix this problem ) fi -AC_MSG_RESULT($SSLDIR) +AC_MSG_RESULT(${SSLDIR}) AC_SUBST(SSLDIR) -AC_DEFINE_UNQUOTED(SSLDIR, "$SSLDIR", TLS directory) +AC_DEFINE_UNQUOTED(SSLDIR, "${SSLDIR}", TLS directory) -valid_CPPFLAGS="$CPPFLAGS"; CPPFLAGS="$CPPFLAGS -I$SSLDIR/include" -valid_LIBS="$LIBS"; LIBS="$LIBS -L$SSLDIR/lib64 -L$SSLDIR/lib -lssl -lcrypto" +valid_CPPFLAGS="${CPPFLAGS}"; CPPFLAGS="${CPPFLAGS} -I${SSLDIR}/include" +valid_LIBS="${LIBS}"; LIBS="${LIBS} -L${SSLDIR}/lib64 -L${SSLDIR}/lib -lssl -lcrypto" AC_CHECK_FUNCS(FIPS_mode_set OSSL_PROVIDER_available) -if test "x$use_fips" = "xauto"; then - if test "x$ac_cv_func_FIPS_mode_set" = "xyes" -o "x$ac_cv_func_OSSL_PROVIDER_available" = "xyes"; then +if test "x${use_fips}" = "xauto"; then + if test "x${ac_cv_func_FIPS_mode_set}" = "xyes" -o "x${ac_cv_func_OSSL_PROVIDER_available}" = "xyes"; then AC_DEFINE(USE_FIPS, 1, Define to 1 to enable OpenSSL FIPS support) AC_MSG_NOTICE(FIPS support enabled) else @@ -482,19 +481,19 @@ AC_MSG_CHECKING(whether DH parameters need to be updated) # only build src/dhparam.c if sources are located in the current directory -if test -f src/stunnel.c && ! grep -q " built for $PACKAGE_STRING " src/dhparam.c; then +if test -f src/stunnel.c && ! grep -q " built for ${PACKAGE_STRING} " src/dhparam.c; then AC_MSG_RESULT(yes) - $(dirname $0)/makedh.sh "$PACKAGE_STRING" >src/dhparam.c - # also update trusted CA certificates - curl 'https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites' | - sed -e 's/\r//' -e 's/ $//' >tools/ca-certs.pem + $(dirname $0)/makedh.sh "${PACKAGE_STRING}" >src/dhparam.c else AC_MSG_RESULT(no) fi -SYSROOT="$lt_sysroot" -CPPFLAGS="$valid_CPPFLAGS" -LIBS="$valid_LIBS" +AC_MSG_NOTICE(updating version.txt) +echo "${PACKAGE_VERSION}" >version.txt + +SYSROOT="${lt_sysroot}" +CPPFLAGS="${valid_CPPFLAGS}" +LIBS="${valid_LIBS}" AC_MSG_NOTICE(**************************************** write the results) AC_CONFIG_FILES(Makefile src/Makefile doc/Makefile tools/Makefile tests/Makefile tests/certs/Makefile)
View file
_service:tar_scm:stunnel-5.69.tar.gz/doc/Makefile.am -> _service:tar_scm:stunnel-5.72.tar.gz/doc/Makefile.am
Changed
@@ -1,5 +1,5 @@ ## Process this file with automake to produce Makefile.in -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 EXTRA_DIST = stunnel.pod.in stunnel.8.in stunnel.html.in en EXTRA_DIST += stunnel.pl.pod.in stunnel.pl.8.in stunnel.pl.html.in pl
View file
_service:tar_scm:stunnel-5.69.tar.gz/doc/Makefile.in -> _service:tar_scm:stunnel-5.72.tar.gz/doc/Makefile.in
Changed
@@ -14,7 +14,7 @@ @SET_MAKE@ -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 VPATH = @srcdir@ am__is_gnu_make = { \ @@ -186,6 +186,7 @@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FILECMD = @FILECMD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@
View file
_service:tar_scm:stunnel-5.72.tar.gz/doc/en/PKCS#11-notes.txt
Added
@@ -0,0 +1,14 @@ +Based on https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM + +Create a keypair: + +pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so --login --pin 123456 --id 05 --keypairgen --key-type EC:prime256v1 --label ecc + +Save the public key: + +pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so -l --pin 123456 --id 05 --read-object --type pubkey --output-file pubkey.spki + +Delete the private key: + +pkcs11-tool -l --pin 123456 --delete-object --type privkey --id 05 +
View file
_service:tar_scm:stunnel-5.69.tar.gz/doc/stunnel.8.in -> _service:tar_scm:stunnel-5.72.tar.gz/doc/stunnel.8.in
Changed
@@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== @@ -71,7 +71,7 @@ .\" ======================================================================== .\" .IX Title "stunnel 8" -.TH stunnel 8 "2023.02.07" "5.69" "stunnel TLS Proxy" +.TH stunnel 8 "2024.01.16" "5.72" "stunnel TLS Proxy" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,7 +163,8 @@ .IP "\(bu" 4 A port number. .IP "\(bu" 4 -A colon-separated pair of \s-1IP\s0 address (either IPv4, IPv6, or domain name) and port number. +A colon-separated pair of \s-1IP\s0 address (either IPv4, IPv6, or domain name) and +port number. .IP "\(bu" 4 A Unix socket path (Unix only). .SS "\s-1GLOBAL OPTIONS\s0" @@ -176,7 +177,8 @@ and \fIexec\fR are located inside the jail and the patches have to be relative to the directory specified with \fBchroot\fR. .Sp -Several functions of the operating system also need their files to be located within the chroot jail, e.g.: +Several functions of the operating system also need their files to be located +within the chroot jail, e.g.: .RS 4 .IP "\(bu" 4 Delayed resolver typically needs /etc/nsswitch.conf and /etc/resolv.conf. @@ -225,7 +227,8 @@ .Sp default: software-only cryptography .Sp -See Examples section for an engine configuration to use the certificate and the corresponding private key from a cryptographic device. +See Examples section for an engine configuration to use the certificate and the +corresponding private key from a cryptographic device. .IP "\fBengineCtrl\fR = COMMAND:PARAMETER" 4 .IX Item "engineCtrl = COMMAND:PARAMETER" control hardware engine @@ -278,8 +281,8 @@ .IX Item "log = append | overwrite" log file handling .Sp -This option allows you to choose whether the log file (specified with the \fIoutput\fR -option) is appended or overwritten when opened or re-opened. +This option allows you to choose whether the log file (specified with the +\&\fIoutput\fR option) is appended or overwritten when opened or re-opened. .Sp default: append .IP "\fBoutput\fR = \s-1FILE\s0" 4 @@ -395,32 +398,33 @@ engine is enabled. .IP "\fBcheckEmail\fR = \s-1EMAIL\s0" 4 .IX Item "checkEmail = EMAIL" -email address of the peer certificate subject +verify the email address of the end-entity (leaf) peer certificate subject .Sp Certificates are accepted if no subject checks were specified, or the email -address of the peer certificate matches any of the email addresses specified -with \fIcheckEmail\fR. +address of the end-entity (leaf) peer certificate matches any of the email +addresses specified with \fIcheckEmail\fR. .Sp Multiple \fIcheckEmail\fR options are allowed in a single service section. .Sp This option requires OpenSSL 1.0.2 or later. .IP "\fBcheckHost\fR = \s-1HOST\s0" 4 .IX Item "checkHost = HOST" -host of the peer certificate subject +verify the host of the end-entity (leaf) peer certificate subject .Sp Certificates are accepted if no subject checks were specified, or the host name -of the peer certificate matches any of the hosts specified with \fIcheckHost\fR. +of the end-entity (leaf) peer certificate matches any of the hosts specified +with \fIcheckHost\fR. .Sp Multiple \fIcheckHost\fR options are allowed in a single service section. .Sp This option requires OpenSSL 1.0.2 or later. .IP "\fBcheckIP\fR = \s-1IP\s0" 4 .IX Item "checkIP = IP" -\&\s-1IP\s0 address of the peer certificate subject +verify the \s-1IP\s0 address of the end-entity (leaf) peer certificate subject .Sp Certificates are accepted if no subject checks were specified, or the \s-1IP\s0 -address of the peer certificate matches any of the \s-1IP\s0 addresses specified with -\&\fIcheckIP\fR. +address of the end-entity (leaf) peer certificate matches any of the \s-1IP\s0 +addresses specified with \fIcheckIP\fR. .Sp Multiple \fIcheckIP\fR options are allowed in a single service section. .Sp @@ -458,7 +462,8 @@ .Sp Several \fIconfig\fR lines can be used to specify multiple configuration commands. .Sp -Use \fIcurves\fR option instead of enabling \fIconfig = Curves:list_curves\fR to support elliptic curves. +Use \fIcurves\fR option instead of enabling \fIconfig = Curves:list_curves\fR to +support elliptic curves. .Sp This option requires OpenSSL 1.0.2 or later. .IP "\fBconnect\fR = \s-1HOST:\s0PORT" 4 @@ -610,7 +615,8 @@ .IX Item "include = DIRECTORY" include all configuration file parts located in \s-1DIRECTORY\s0 .Sp -The files are included in the ascending alphabetical order of their names. The recommended filename convention is +The files are included in the ascending alphabetical order of their names. The +recommended filename convention is .Sp for global options: .Sp @@ -652,7 +658,7 @@ remote connections. Use this option to bind a static local \s-1IP\s0 address instead. .IP "\fB\s-1OCSP\s0\fR = \s-1URL\s0" 4 .IX Item "OCSP = URL" -select \s-1OCSP\s0 responder for certificate verification +select \s-1OCSP\s0 responder for the end-entity (leaf) peer certificate verification .IP "\fBOCSPaia\fR = yes | no" 4 .IX Item "OCSPaia = yes | no" validate certificates with their \s-1AIA OCSP\s0 responders @@ -675,6 +681,15 @@ This option protects the \s-1OCSP\s0 protocol against replay attacks. Due to its computational overhead, the nonce extension is usually only supported on internal (e.g. corporate) responders, and not on public \s-1OCSP\s0 responders. +.IP "\fBOCSPrequire\fR = yes | no" 4 +.IX Item "OCSPrequire = yes | no" +require a conclusive \s-1OCSP\s0 response +.Sp +Disable this option to allow a connection even though no conclusive \s-1OCSP\s0 +response was retrieved from stapling and a direct request to the \s-1OCSP\s0 +responder. +.Sp +default: yes .IP "\fBoptions\fR = \s-1SSL_OPTIONS\s0" 4 .IX Item "options = SSL_OPTIONS" \&\fBOpenSSL\fR library options @@ -702,8 +717,8 @@ \& options = NO_SSLv3 .Ve .Sp -Use \fIsslVersionMax\fR or \fIsslVersionMin\fR option instead of disabling specific \s-1TLS\s0 protocol -versions when compiled with \fBOpenSSL 1.1.0\fR or later. +Use \fIsslVersionMax\fR or \fIsslVersionMin\fR option instead of disabling specific +\&\s-1TLS\s0 protocol versions when compiled with \fBOpenSSL 1.1.0\fR or later. .IP "\fBprotocol\fR = \s-1PROTO\s0" 4 .IX Item "protocol = PROTO" application protocol to negotiate \s-1TLS\s0 @@ -872,10 +887,13 @@ This option is not supported on some platforms. .Sp default: yes -.IP "\fBretry\fR = yes | no" 4 -.IX Item "retry = yes | no" +.IP "\fBretry\fR = yes | no | \s-1DELAY\s0" 4 +.IX Item "retry = yes | no | DELAY" reconnect a connect+exec section after it was disconnected .Sp +The \s-1DELAY\s0 value specifies the number of milliseconds before retrying. +\&\*(L"retry = yes\*(R" has the same effect as \*(L"retry = 1000\*(R". +.Sp default: no .IP "\fBsecurityLevel\fR = \s-1LEVEL\s0" 4 .IX Item "securityLevel = LEVEL" @@ -888,19 +906,35 @@ Everything is permitted. .IP "level 1" 4 .IX Item "level 1" -The security level corresponds to a minimum of 80 bits of security. Any parameters offering below 80 bits of security are excluded. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 1024 bits and \s-1ECC\s0 keys shorter than 160 bits are prohibited. All export cipher suites are prohibited since they all offer less than 80 bits of security. \s-1SSL\s0 version 2 is prohibited. Any cipher suite using \s-1MD5\s0 for the \s-1MAC\s0 is also prohibited. +The security level corresponds to a minimum of 80 bits of security. Any +parameters offering below 80 bits of security are excluded. As a result \s-1RSA, +DSA\s0 and \s-1DH\s0 keys shorter than 1024 bits and \s-1ECC\s0 keys shorter than 160 bits are +prohibited. All export cipher suites are prohibited since they all offer less +than 80 bits of security. \s-1SSL\s0 version 2 is prohibited. Any cipher suite using +\&\s-1MD5\s0 for the \s-1MAC\s0 is also prohibited. .IP "level 2" 4 .IX Item "level 2" -Security level set to 112 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 2048 bits and \s-1ECC\s0 keys shorter than 224 bits are prohibited. In addition to the level 1 exclusions any cipher suite using \s-1RC4\s0 is also prohibited. \s-1SSL\s0 version 3 is also not allowed. Compression is disabled. +Security level set to 112 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 2048 bits and \s-1ECC\s0 keys shorter than 224 bits are prohibited. In +addition to the level 1 exclusions any cipher suite using \s-1RC4\s0 is also +prohibited. \s-1SSL\s0 version 3 is also not allowed. Compression is disabled. .IP "level 3" 4 .IX Item "level 3" -Security level set to 128 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 3072 bits and \s-1ECC\s0 keys shorter than 256 bits are prohibited. In addition to the level 2 exclusions cipher suites not offering forward secrecy are prohibited. \s-1TLS\s0 versions below 1.1 are not permitted. Session tickets are disabled. +Security level set to 128 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 3072 bits and \s-1ECC\s0 keys shorter than 256 bits are prohibited. In +addition to the level 2 exclusions cipher suites not offering forward secrecy +are prohibited. \s-1TLS\s0 versions below 1.1 are not permitted. Session tickets are +disabled. .IP "level 4" 4 .IX Item "level 4" -Security level set to 192 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 7680 bits and \s-1ECC\s0 keys shorter than 384 bits are prohibited. Cipher suites using \s-1SHA1\s0 for the \s-1MAC\s0 are prohibited. \s-1TLS\s0 versions below 1.2 are not permitted. +Security level set to 192 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 7680 bits and \s-1ECC\s0 keys shorter than 384 bits are prohibited. +Cipher suites using \s-1SHA1\s0 for the \s-1MAC\s0 are prohibited. \s-1TLS\s0 versions below 1.2 are +not permitted. .IP "level 5" 4 .IX Item "level 5" -Security level set to 256 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 15360 bits and \s-1ECC\s0 keys shorter than 512 bits are prohibited. +Security level set to 256 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 15360 bits and \s-1ECC\s0 keys shorter than 512 bits are prohibited. .IP "default: 2" 4 .IX Item "default: 2" .RE @@ -922,16 +956,19 @@ .IX Item "setgid = GROUP (Unix only)" Unix group id .Sp -As a global option: \fBsetgid()\fR to the specified group in daemon mode and clear all other groups. +As a global option: \fBsetgid()\fR to the specified group in daemon mode and clear +all other groups. .Sp -As a service-level option: set the group of the Unix socket specified with \*(L"accept\*(R". +As a service-level option: set the group of the Unix socket specified with +\&\*(L"accept\*(R". .IP "\fBsetuid\fR = \s-1USER\s0 (Unix only)" 4 .IX Item "setuid = USER (Unix only)" Unix user id .Sp As a global option: \fBsetuid()\fR to the specified user in daemon mode. .Sp -As a service-level option: set the owner of the Unix socket specified with \*(L"accept\*(R". +As a service-level option: set the owner of the Unix socket specified with +\&\*(L"accept\*(R". .IP "\fBsessionCacheSize\fR = \s-1NUM_ENTRIES\s0" 4 .IX Item "sessionCacheSize = NUM_ENTRIES" session cache size @@ -1045,7 +1082,8 @@ .Sp Availability of specific protocols depends on the linked OpenSSL library. .Sp -The \fIsslVersionMax\fR option is only available when compiled with \fBOpenSSL 1.1.0\fR and later. +The \fIsslVersionMax\fR option is only available when compiled with +\&\fBOpenSSL 1.1.0\fR and later. .Sp default: all .IP "\fBsslVersionMin\fR = \s-1SSL_VERSION\s0" 4 @@ -1059,7 +1097,8 @@ .Sp Availability of specific protocols depends on the linked OpenSSL library. .Sp -The \fIsslVersionMin\fR option is only available when compiled with \fBOpenSSL 1.1.0\fR and later. +The \fIsslVersionMin\fR option is only available when compiled with +\&\fBOpenSSL 1.1.0\fR and later. .Sp default: TLSv1 .IP "\fBstack\fR = \s-1BYTES\s0 (except for \s-1FORK\s0 model)" 4 @@ -1114,10 +1153,13 @@ time to wait for close_notify (set to 0 for buggy \s-1MSIE\s0) .IP "\fBTIMEOUTconnect\fR = \s-1SECONDS\s0" 4 .IX Item "TIMEOUTconnect = SECONDS" -time to wait to connect to a remote host +time to wait to connect a remote host .IP "\fBTIMEOUTidle\fR = \s-1SECONDS\s0" 4 .IX Item "TIMEOUTidle = SECONDS" time to keep an idle connection +.IP "\fBTIMEOUTocsp\fR = \s-1SECONDS\s0" 4 +.IX Item "TIMEOUTocsp = SECONDS" +time to wait to connect an \s-1OCSP\s0 responder .IP "\fBtransparent\fR = none | source | destination | both (Unix only)" 4 .IX Item "transparent = none | source | destination | both (Unix only)" enable transparent proxy support on selected platforms @@ -1231,19 +1273,21 @@ .RS 4 .IP "level 0" 4 .IX Item "level 0" -Request and ignore the peer certificate. +Request and ignore the peer certificate chain. .IP "level 1" 4 .IX Item "level 1" -Verify the peer certificate if present. +Verify the peer certificate chain if present. .IP "level 2" 4 .IX Item "level 2" -Verify the peer certificate. +Verify the peer certificate chain. .IP "level 3" 4 .IX Item "level 3" -Verify the peer against a locally installed certificate. +Verify the peer certificate chain and the end-entity (leaf) peer certificate +against a locally installed certificate. .IP "level 4" 4 .IX Item "level 4" -Ignore the chain and only verify the peer certificate. +Ignore the peer certificate chain and only verify the end-entity (leaf) peer +certificate against a locally installed certificate. .IP "default" 4 .IX Item "default" No verify. @@ -1263,9 +1307,9 @@ default: no .IP "\fBverifyPeer\fR = yes | no" 4 .IX Item "verifyPeer = yes | no" -verify the peer certificate +verify the end-entity (leaf) peer certificate .Sp -The peer certificate needs to be stored either in the file +The end-entity (leaf) peer certificate needs to be stored either in the file specified with \fICAfile\fR, or in the directory specified with \fICApath\fR. .Sp default: no @@ -1429,7 +1473,8 @@ \& connect = example.com:8443 .Ve .PP -An example of advanced engine configuration to use the certificate and the corresponding private key from a pkcs11 engine: +An example of advanced engine configuration to use the certificate and the +corresponding private key from a pkcs11 engine: .PP .Vb 3 \& engine = pkcs11 @@ -1445,7 +1490,8 @@ \& key = pkcs11:token=MyToken;object=MyKey .Ve .PP -An example of advanced engine configuration to use the certificate and the corresponding private key from a SoftHSM token: +An example of advanced engine configuration to use the certificate and the +corresponding private key from a SoftHSM token: .PP .Vb 3 \& engine = pkcs11
View file
_service:tar_scm:stunnel-5.69.tar.gz/doc/stunnel.html.in -> _service:tar_scm:stunnel-5.72.tar.gz/doc/stunnel.html.in
Changed
@@ -478,9 +478,9 @@ <dt id="checkEmail-EMAIL"><b>checkEmail</b> = EMAIL</dt> <dd> -<p>email address of the peer certificate subject</p> +<p>verify the email address of the end-entity (leaf) peer certificate subject</p> -<p>Certificates are accepted if no subject checks were specified, or the email address of the peer certificate matches any of the email addresses specified with <i>checkEmail</i>.</p> +<p>Certificates are accepted if no subject checks were specified, or the email address of the end-entity (leaf) peer certificate matches any of the email addresses specified with <i>checkEmail</i>.</p> <p>Multiple <i>checkEmail</i> options are allowed in a single service section.</p> @@ -490,9 +490,9 @@ <dt id="checkHost-HOST"><b>checkHost</b> = HOST</dt> <dd> -<p>host of the peer certificate subject</p> +<p>verify the host of the end-entity (leaf) peer certificate subject</p> -<p>Certificates are accepted if no subject checks were specified, or the host name of the peer certificate matches any of the hosts specified with <i>checkHost</i>.</p> +<p>Certificates are accepted if no subject checks were specified, or the host name of the end-entity (leaf) peer certificate matches any of the hosts specified with <i>checkHost</i>.</p> <p>Multiple <i>checkHost</i> options are allowed in a single service section.</p> @@ -502,9 +502,9 @@ <dt id="checkIP-IP"><b>checkIP</b> = IP</dt> <dd> -<p>IP address of the peer certificate subject</p> +<p>verify the IP address of the end-entity (leaf) peer certificate subject</p> -<p>Certificates are accepted if no subject checks were specified, or the IP address of the peer certificate matches any of the IP addresses specified with <i>checkIP</i>.</p> +<p>Certificates are accepted if no subject checks were specified, or the IP address of the end-entity (leaf) peer certificate matches any of the IP addresses specified with <i>checkIP</i>.</p> <p>Multiple <i>checkIP</i> options are allowed in a single service section.</p> @@ -778,7 +778,7 @@ <dt id="OCSP-URL"><b>OCSP</b> = URL</dt> <dd> -<p>select OCSP responder for certificate verification</p> +<p>select OCSP responder for the end-entity (leaf) peer certificate verification</p> </dd> <dt id="OCSPaia-yes-no"><b>OCSPaia</b> = yes | no</dt> @@ -807,6 +807,16 @@ <p>This option protects the OCSP protocol against replay attacks. Due to its computational overhead, the nonce extension is usually only supported on internal (e.g. corporate) responders, and not on public OCSP responders.</p> </dd> +<dt id="OCSPrequire-yes-no"><b>OCSPrequire</b> = yes | no</dt> +<dd> + +<p>require a conclusive OCSP response</p> + +<p>Disable this option to allow a connection even though no conclusive OCSP response was retrieved from stapling and a direct request to the OCSP responder.</p> + +<p>default: yes</p> + +</dd> <dt id="options-SSL_OPTIONS"><b>options</b> = SSL_OPTIONS</dt> <dd> @@ -1044,11 +1054,13 @@ <p>default: yes</p> </dd> -<dt id="retry-yes-no"><b>retry</b> = yes | no</dt> +<dt id="retry-yes-no-DELAY"><b>retry</b> = yes | no | DELAY</dt> <dd> <p>reconnect a connect+exec section after it was disconnected</p> +<p>The DELAY value specifies the number of milliseconds before retrying. "retry = yes" has the same effect as "retry = 1000".</p> + <p>default: no</p> </dd> @@ -1326,7 +1338,7 @@ <dt id="TIMEOUTconnect-SECONDS"><b>TIMEOUTconnect</b> = SECONDS</dt> <dd> -<p>time to wait to connect to a remote host</p> +<p>time to wait to connect a remote host</p> </dd> <dt id="TIMEOUTidle-SECONDS"><b>TIMEOUTidle</b> = SECONDS</dt> @@ -1335,6 +1347,12 @@ <p>time to keep an idle connection</p> </dd> +<dt id="TIMEOUTocsp-SECONDS"><b>TIMEOUTocsp</b> = SECONDS</dt> +<dd> + +<p>time to wait to connect an OCSP responder</p> + +</dd> <dt id="transparent-none-source-destination-both-Unix-only"><b>transparent</b> = none | source | destination | both (Unix only)</dt> <dd> @@ -1468,31 +1486,31 @@ <dt id="level-01">level 0</dt> <dd> -<p>Request and ignore the peer certificate.</p> +<p>Request and ignore the peer certificate chain.</p> </dd> <dt id="level-11">level 1</dt> <dd> -<p>Verify the peer certificate if present.</p> +<p>Verify the peer certificate chain if present.</p> </dd> <dt id="level-21">level 2</dt> <dd> -<p>Verify the peer certificate.</p> +<p>Verify the peer certificate chain.</p> </dd> <dt id="level-31">level 3</dt> <dd> -<p>Verify the peer against a locally installed certificate.</p> +<p>Verify the peer certificate chain and the end-entity (leaf) peer certificate against a locally installed certificate.</p> </dd> <dt id="level-41">level 4</dt> <dd> -<p>Ignore the chain and only verify the peer certificate.</p> +<p>Ignore the peer certificate chain and only verify the end-entity (leaf) peer certificate against a locally installed certificate.</p> </dd> <dt id="default">default</dt> @@ -1519,9 +1537,9 @@ <dt id="verifyPeer-yes-no"><b>verifyPeer</b> = yes | no</dt> <dd> -<p>verify the peer certificate</p> +<p>verify the end-entity (leaf) peer certificate</p> -<p>The peer certificate needs to be stored either in the file specified with <i>CAfile</i>, or in the directory specified with <i>CApath</i>.</p> +<p>The end-entity (leaf) peer certificate needs to be stored either in the file specified with <i>CAfile</i>, or in the directory specified with <i>CApath</i>.</p> <p>default: no</p>
View file
_service:tar_scm:stunnel-5.69.tar.gz/doc/stunnel.pl.8.in -> _service:tar_scm:stunnel-5.72.tar.gz/doc/stunnel.pl.8.in
Changed
@@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== @@ -71,7 +71,7 @@ .\" ======================================================================== .\" .IX Title "stunnel 8" -.TH stunnel 8 "2023.02.07" "5.69" "stunnel TLS Proxy" +.TH stunnel 8 "2024.01.16" "5.72" "stunnel TLS Proxy" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -664,7 +664,7 @@ serwera, do którego nawiązywane jest połączenie. .IP "\fB\s-1OCSP\s0\fR = \s-1URL\s0" 4 .IX Item "OCSP = URL" -responder \s-1OCSP\s0 do weryfikacji certyfikatów +responder \s-1OCSP\s0 do weryfikacji certyfikatu drugiej strony połączenia .IP "\fBOCSPaia\fR = yes | no" 4 .IX Item "OCSPaia = yes | no" weryfikuj certyfikaty przy użyciu respondertów \s-1AIA\s0 @@ -687,6 +687,18 @@ Ze względu na złożoność obliczeniową rozszerzenie nonce jest zwykle wspierane jedynie przez wewnętrzne (np. korporacyjne), a nie przez publiczne respondery \&\s-1OCSP.\s0 +.IP "\fBOCSPrequire\fR = yes | no" 4 +.IX Item "OCSPrequire = yes | no" +wymagaj rozstrzygającej odpowiedzi respondera \s-1OCSP\s0 +.IP "\fBOCSPrequire\fR = yes | no" 4 +.IX Item "OCSPrequire = yes | no" +Wyłączenie tej opcji pozwala na zaakceptowanie połączenia pomimo braku +otrzymania rozstrzygającej odpowiedzi \s-1OCSP\s0 ze staplingu i bezpośredniego +żądania wysłanego do respondera. +.Sp +default: yes +.Sp +domyślnie: yes .IP "\fBoptions\fR = \s-1OPCJE_SSL\s0" 4 .IX Item "options = OPCJE_SSL" opcje biblioteki \fBOpenSSL\fR @@ -879,10 +891,14 @@ Opcja nie jest wspierana na niektórych platformach. .Sp domyślnie: yes -.IP "\fBretry\fR = yes | no" 4 -.IX Item "retry = yes | no" +.IP "\fBretry\fR = yes | no | OPÓŹNIENIE" 4 +.IX Item "retry = yes | no | OPÓŹNIENIE" połącz ponownie sekcję connect+exec po rozłączeniu .Sp +Wartość parametru OPÓŹNIENIE określa liczbę milisekund oczekiwania +przed wykonaniem ponownego połączenia. +\&\*(L"retry = yes\*(R" jest synonimem dla \*(L"retry = 1000\*(R". +.Sp domyślnie: no .IP "\fBsecurityLevel\fR = \s-1POZIOM\s0" 4 .IX Item "securityLevel = POZIOM" @@ -1128,6 +1144,9 @@ .IP "\fBTIMEOUTidle\fR = \s-1LICZBA_SEKUND\s0" 4 .IX Item "TIMEOUTidle = LICZBA_SEKUND" maksymalny czas utrzymywania bezczynnego połączenia +.IP "\fBTIMEOUTocsp\fR = \s-1LICZBA_SEKUND\s0" 4 +.IX Item "TIMEOUTocsp = LICZBA_SEKUND" +czas oczekiwania na nawiązanie połączenia z serwerem \s-1OCSP\s0 .IP "\fBtransparent\fR = none | source | destination | both (tylko Unix)" 4 .IX Item "transparent = none | source | destination | both (tylko Unix)" tryb przezroczystego proxy na wspieranych platformach
View file
_service:tar_scm:stunnel-5.69.tar.gz/doc/stunnel.pl.html.in -> _service:tar_scm:stunnel-5.72.tar.gz/doc/stunnel.pl.html.in
Changed
@@ -768,7 +768,7 @@ <dt id="OCSP-URL"><b>OCSP</b> = URL</dt> <dd> -<p>responder OCSP do weryfikacji certyfikatów</p> +<p>responder OCSP do weryfikacji certyfikatu drugiej strony połączenia</p> </dd> <dt id="OCSPaia-yes-no"><b>OCSPaia</b> = yes | no</dt> @@ -797,6 +797,22 @@ <p>Opcja <b>OCSPnonce</b> zabezpiecza protokół OCSP przed atakami powtórzeniowymi. Ze względu na złożoność obliczeniową rozszerzenie nonce jest zwykle wspierane jedynie przez wewnętrzne (np. korporacyjne), a nie przez publiczne respondery OCSP.</p> </dd> +<dt id="OCSPrequire-yes-no"><b>OCSPrequire</b> = yes | no</dt> +<dd> + +<p>wymagaj rozstrzygającej odpowiedzi respondera OCSP</p> + +</dd> +<dt id="OCSPrequire-yes-no1"><b>OCSPrequire</b> = yes | no</dt> +<dd> + +<p>Wyłączenie tej opcji pozwala na zaakceptowanie połączenia pomimo braku otrzymania rozstrzygającej odpowiedzi OCSP ze staplingu i bezpośredniego żądania wysłanego do respondera.</p> + +<p>default: yes</p> + +<p>domyślnie: yes</p> + +</dd> <dt id="options-OPCJE_SSL"><b>options</b> = OPCJE_SSL</dt> <dd> @@ -1034,11 +1050,13 @@ <p>domyślnie: yes</p> </dd> -<dt id="retry-yes-no"><b>retry</b> = yes | no</dt> +<dt id="retry-yes-no-OPNIENIE"><b>retry</b> = yes | no | OPÓŹNIENIE</dt> <dd> <p>połącz ponownie sekcję connect+exec po rozłączeniu</p> +<p>Wartość parametru OPÓŹNIENIE określa liczbę milisekund oczekiwania przed wykonaniem ponownego połączenia. "retry = yes" jest synonimem dla "retry = 1000".</p> + <p>domyślnie: no</p> </dd> @@ -1327,6 +1345,12 @@ <p>maksymalny czas utrzymywania bezczynnego połączenia</p> </dd> +<dt id="TIMEOUTocsp-LICZBA_SEKUND"><b>TIMEOUTocsp</b> = LICZBA_SEKUND</dt> +<dd> + +<p>czas oczekiwania na nawiązanie połączenia z serwerem OCSP</p> + +</dd> <dt id="transparent-none-source-destination-both-tylko-Unix"><b>transparent</b> = none | source | destination | both (tylko Unix)</dt> <dd>
View file
_service:tar_scm:stunnel-5.69.tar.gz/doc/stunnel.pl.pod.in -> _service:tar_scm:stunnel-5.72.tar.gz/doc/stunnel.pl.pod.in
Changed
@@ -698,7 +698,7 @@ =item B<OCSP> = URL -responder OCSP do weryfikacji certyfikatów +responder OCSP do weryfikacji certyfikatu drugiej strony połączenia =item B<OCSPaia> = yes | no @@ -725,6 +725,20 @@ jedynie przez wewnętrzne (np. korporacyjne), a nie przez publiczne respondery OCSP. +=item B<OCSPrequire> = yes | no + +wymagaj rozstrzygającej odpowiedzi respondera OCSP + +=item B<OCSPrequire> = yes | no + +Wyłączenie tej opcji pozwala na zaakceptowanie połączenia pomimo braku +otrzymania rozstrzygającej odpowiedzi OCSP ze staplingu i bezpośredniego +żądania wysłanego do respondera. + +default: yes + +domyślnie: yes + =item B<options> = OPCJE_SSL opcje biblioteki B<OpenSSL> @@ -937,10 +951,14 @@ domyślnie: yes -=item B<retry> = yes | no +=item B<retry> = yes | no | OPÓŹNIENIE połącz ponownie sekcję connect+exec po rozłączeniu +Wartość parametru OPÓŹNIENIE określa liczbę milisekund oczekiwania +przed wykonaniem ponownego połączenia. +"retry = yes" jest synonimem dla "retry = 1000". + domyślnie: no =item B<securityLevel> = POZIOM @@ -1208,6 +1226,10 @@ maksymalny czas utrzymywania bezczynnego połączenia +=item B<TIMEOUTocsp> = LICZBA_SEKUND + +czas oczekiwania na nawiązanie połączenia z serwerem OCSP + =item B<transparent> = none | source | destination | both (tylko Unix) tryb przezroczystego proxy na wspieranych platformach
View file
_service:tar_scm:stunnel-5.69.tar.gz/doc/stunnel.pod.in -> _service:tar_scm:stunnel-5.72.tar.gz/doc/stunnel.pod.in
Changed
@@ -136,7 +136,8 @@ =item * -A colon-separated pair of IP address (either IPv4, IPv6, or domain name) and port number. +A colon-separated pair of IP address (either IPv4, IPv6, or domain name) and +port number. =item * @@ -156,7 +157,8 @@ and I<exec> are located inside the jail and the patches have to be relative to the directory specified with B<chroot>. -Several functions of the operating system also need their files to be located within the chroot jail, e.g.: +Several functions of the operating system also need their files to be located +within the chroot jail, e.g.: =over 4 @@ -215,7 +217,8 @@ default: software-only cryptography -See Examples section for an engine configuration to use the certificate and the corresponding private key from a cryptographic device. +See Examples section for an engine configuration to use the certificate and the +corresponding private key from a cryptographic device. =item B<engineCtrl> = COMMAND:PARAMETER @@ -276,8 +279,8 @@ log file handling -This option allows you to choose whether the log file (specified with the I<output> -option) is appended or overwritten when opened or re-opened. +This option allows you to choose whether the log file (specified with the +I<output> option) is appended or overwritten when opened or re-opened. default: append @@ -412,11 +415,11 @@ =item B<checkEmail> = EMAIL -email address of the peer certificate subject +verify the email address of the end-entity (leaf) peer certificate subject Certificates are accepted if no subject checks were specified, or the email -address of the peer certificate matches any of the email addresses specified -with I<checkEmail>. +address of the end-entity (leaf) peer certificate matches any of the email +addresses specified with I<checkEmail>. Multiple I<checkEmail> options are allowed in a single service section. @@ -424,10 +427,11 @@ =item B<checkHost> = HOST -host of the peer certificate subject +verify the host of the end-entity (leaf) peer certificate subject Certificates are accepted if no subject checks were specified, or the host name -of the peer certificate matches any of the hosts specified with I<checkHost>. +of the end-entity (leaf) peer certificate matches any of the hosts specified +with I<checkHost>. Multiple I<checkHost> options are allowed in a single service section. @@ -435,11 +439,11 @@ =item B<checkIP> = IP -IP address of the peer certificate subject +verify the IP address of the end-entity (leaf) peer certificate subject Certificates are accepted if no subject checks were specified, or the IP -address of the peer certificate matches any of the IP addresses specified with -I<checkIP>. +address of the end-entity (leaf) peer certificate matches any of the IP +addresses specified with I<checkIP>. Multiple I<checkIP> options are allowed in a single service section. @@ -481,7 +485,8 @@ Several I<config> lines can be used to specify multiple configuration commands. -Use I<curves> option instead of enabling I<config = Curves:list_curves> to support elliptic curves. +Use I<curves> option instead of enabling I<config = Curves:list_curves> to +support elliptic curves. This option requires OpenSSL 1.0.2 or later. @@ -648,7 +653,8 @@ include all configuration file parts located in DIRECTORY -The files are included in the ascending alphabetical order of their names. The recommended filename convention is +The files are included in the ascending alphabetical order of their names. The +recommended filename convention is for global options: @@ -688,7 +694,7 @@ =item B<OCSP> = URL -select OCSP responder for certificate verification +select OCSP responder for the end-entity (leaf) peer certificate verification =item B<OCSPaia> = yes | no @@ -715,6 +721,16 @@ computational overhead, the nonce extension is usually only supported on internal (e.g. corporate) responders, and not on public OCSP responders. +=item B<OCSPrequire> = yes | no + +require a conclusive OCSP response + +Disable this option to allow a connection even though no conclusive OCSP +response was retrieved from stapling and a direct request to the OCSP +responder. + +default: yes + =item B<options> = SSL_OPTIONS B<OpenSSL> library options @@ -738,8 +754,8 @@ options = NO_SSLv2 options = NO_SSLv3 -Use I<sslVersionMax> or I<sslVersionMin> option instead of disabling specific TLS protocol -versions when compiled with B<OpenSSL 1.1.0> or later. +Use I<sslVersionMax> or I<sslVersionMin> option instead of disabling specific +TLS protocol versions when compiled with B<OpenSSL 1.1.0> or later. =item B<protocol> = PROTO @@ -932,10 +948,13 @@ default: yes -=item B<retry> = yes | no +=item B<retry> = yes | no | DELAY reconnect a connect+exec section after it was disconnected +The DELAY value specifies the number of milliseconds before retrying. +"retry = yes" has the same effect as "retry = 1000". + default: no =item B<securityLevel> = LEVEL @@ -952,23 +971,39 @@ =item level 1 -The security level corresponds to a minimum of 80 bits of security. Any parameters offering below 80 bits of security are excluded. As a result RSA, DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits are prohibited. All export cipher suites are prohibited since they all offer less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite using MD5 for the MAC is also prohibited. +The security level corresponds to a minimum of 80 bits of security. Any +parameters offering below 80 bits of security are excluded. As a result RSA, +DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits are +prohibited. All export cipher suites are prohibited since they all offer less +than 80 bits of security. SSL version 2 is prohibited. Any cipher suite using +MD5 for the MAC is also prohibited. =item level 2 -Security level set to 112 bits of security. As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. In addition to the level 1 exclusions any cipher suite using RC4 is also prohibited. SSL version 3 is also not allowed. Compression is disabled. +Security level set to 112 bits of security. As a result RSA, DSA and DH keys +shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. In +addition to the level 1 exclusions any cipher suite using RC4 is also +prohibited. SSL version 3 is also not allowed. Compression is disabled. =item level 3 -Security level set to 128 bits of security. As a result RSA, DSA and DH keys shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. In addition to the level 2 exclusions cipher suites not offering forward secrecy are prohibited. TLS versions below 1.1 are not permitted. Session tickets are disabled. +Security level set to 128 bits of security. As a result RSA, DSA and DH keys +shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. In +addition to the level 2 exclusions cipher suites not offering forward secrecy +are prohibited. TLS versions below 1.1 are not permitted. Session tickets are +disabled. =item level 4 -Security level set to 192 bits of security. As a result RSA, DSA and DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are prohibited. Cipher suites using SHA1 for the MAC are prohibited. TLS versions below 1.2 are not permitted. +Security level set to 192 bits of security. As a result RSA, DSA and DH keys +shorter than 7680 bits and ECC keys shorter than 384 bits are prohibited. +Cipher suites using SHA1 for the MAC are prohibited. TLS versions below 1.2 are +not permitted. =item level 5 -Security level set to 256 bits of security. As a result RSA, DSA and DH keys shorter than 15360 bits and ECC keys shorter than 512 bits are prohibited. +Security level set to 256 bits of security. As a result RSA, DSA and DH keys +shorter than 15360 bits and ECC keys shorter than 512 bits are prohibited. =item default: 2 @@ -991,9 +1026,11 @@ Unix group id -As a global option: setgid() to the specified group in daemon mode and clear all other groups. +As a global option: setgid() to the specified group in daemon mode and clear +all other groups. -As a service-level option: set the group of the Unix socket specified with "accept". +As a service-level option: set the group of the Unix socket specified with +"accept". =item B<setuid> = USER (Unix only) @@ -1001,7 +1038,8 @@ As a global option: setuid() to the specified user in daemon mode. -As a service-level option: set the owner of the Unix socket specified with "accept". +As a service-level option: set the owner of the Unix socket specified with +"accept". =item B<sessionCacheSize> = NUM_ENTRIES @@ -1118,7 +1156,8 @@ Availability of specific protocols depends on the linked OpenSSL library. -The I<sslVersionMax> option is only available when compiled with B<OpenSSL 1.1.0> and later. +The I<sslVersionMax> option is only available when compiled with +B<OpenSSL 1.1.0> and later. default: all @@ -1133,7 +1172,8 @@ Availability of specific protocols depends on the linked OpenSSL library. -The I<sslVersionMin> option is only available when compiled with B<OpenSSL 1.1.0> and later. +The I<sslVersionMin> option is only available when compiled with +B<OpenSSL 1.1.0> and later. default: TLSv1 @@ -1194,12 +1234,16 @@ =item B<TIMEOUTconnect> = SECONDS -time to wait to connect to a remote host +time to wait to connect a remote host =item B<TIMEOUTidle> = SECONDS time to keep an idle connection +=item B<TIMEOUTocsp> = SECONDS + +time to wait to connect an OCSP responder + =item B<transparent> = none | source | destination | both (Unix only) enable transparent proxy support on selected platforms @@ -1320,23 +1364,25 @@ =item level 0 -Request and ignore the peer certificate. +Request and ignore the peer certificate chain. =item level 1 -Verify the peer certificate if present. +Verify the peer certificate chain if present. =item level 2 -Verify the peer certificate. +Verify the peer certificate chain. =item level 3 -Verify the peer against a locally installed certificate. +Verify the peer certificate chain and the end-entity (leaf) peer certificate +against a locally installed certificate. =item level 4 -Ignore the chain and only verify the peer certificate. +Ignore the peer certificate chain and only verify the end-entity (leaf) peer +certificate against a locally installed certificate. =item default @@ -1358,9 +1404,9 @@ =item B<verifyPeer> = yes | no -verify the peer certificate +verify the end-entity (leaf) peer certificate -The peer certificate needs to be stored either in the file +The end-entity (leaf) peer certificate needs to be stored either in the file specified with I<CAfile>, or in the directory specified with I<CApath>. default: no @@ -1530,7 +1576,8 @@ accept = 127.0.0.1:8080 connect = example.com:8443 -An example of advanced engine configuration to use the certificate and the corresponding private key from a pkcs11 engine: +An example of advanced engine configuration to use the certificate and the +corresponding private key from a pkcs11 engine: engine = pkcs11 engineCtrl = MODULE_PATH:opensc-pkcs11.so @@ -1544,7 +1591,8 @@ cert = pkcs11:token=MyToken;object=MyCert key = pkcs11:token=MyToken;object=MyKey -An example of advanced engine configuration to use the certificate and the corresponding private key from a SoftHSM token: +An example of advanced engine configuration to use the certificate and the +corresponding private key from a SoftHSM token: engine = pkcs11 engineCtrl = MODULE_PATH:softhsm2.dll
View file
_service:tar_scm:stunnel-5.69.tar.gz/m4/libtool.m4 -> _service:tar_scm:stunnel-5.72.tar.gz/m4/libtool.m4
Changed
@@ -1,6 +1,7 @@ # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # -# Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc. +# Copyright (C) 1996-2001, 2003-2019, 2021-2022 Free Software +# Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives @@ -31,7 +32,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. ) -# serial 58 LT_INIT +# serial 59 LT_INIT # LT_PREREQ(VERSION) @@ -181,6 +182,7 @@ m4_require(_LT_CHECK_SHELL_FEATURES)dnl m4_require(_LT_PATH_CONVERSION_FUNCTIONS)dnl m4_require(_LT_CMD_RELOAD)dnl +m4_require(_LT_DECL_FILECMD)dnl m4_require(_LT_CHECK_MAGIC_METHOD)dnl m4_require(_LT_CHECK_SHAREDLIB_FROM_LINKLIB)dnl m4_require(_LT_CMD_OLD_ARCHIVE)dnl @@ -219,8 +221,8 @@ ofile=libtool can_build_shared=yes -# All known linkers require a '.a' archive for static linking (except MSVC, -# which needs '.lib'). +# All known linkers require a '.a' archive for static linking (except MSVC and +# ICC, which need '.lib'). libext=a with_gnu_ld=$lt_cv_prog_gnu_ld @@ -777,7 +779,7 @@ # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? - sed '$q' "$ltmain" >> "$cfgfile" \ + $SED '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) mv -f "$cfgfile" "$ofile" || @@ -1041,8 +1043,8 @@ _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD - echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD - $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD + echo "$AR $AR_FLAGS libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD + $AR $AR_FLAGS libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD cat > conftest.c << _LT_EOF @@ -1066,17 +1068,12 @@ _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - darwin*) # darwin 5.x on - # if running on 10.5 or later, the deployment target defaults - # to the OS version, if on x86, and 10.4, the deployment - # target defaults to 10.4. Don't you love it? - case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in - 10.0,*86*-darwin8*|10.0,*-darwin912*) - _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; - 10.012,.*) - _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - 10.*|11.*) - _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + darwin*) + case $MACOSX_DEPLOYMENT_TARGET,$host in + 10.012,*|,*powerpc*-darwin5-8*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; + *) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; esac ;; esac @@ -1125,12 +1122,12 @@ output_verbose_link_cmd=func_echo_all _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" - _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" - _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" + _LT_TAGVAR(archive_expsym_cmds, $1)="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" + _LT_TAGVAR(module_expsym_cmds, $1)="$SED -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" m4_if($1, CXX, if test yes != "$lt_cv_apple_cc_single_mod"; then _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil" - _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil" + _LT_TAGVAR(archive_expsym_cmds, $1)="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil" fi ,) else @@ -1244,7 +1241,8 @@ # _LT_WITH_SYSROOT # ---------------- AC_DEFUN(_LT_WITH_SYSROOT, -AC_MSG_CHECKING(for sysroot) +m4_require(_LT_DECL_SED)dnl +AC_MSG_CHECKING(for sysroot) AC_ARG_WITH(sysroot, AS_HELP_STRING(--with-sysroot@<:@=DIR@:>@, Search for dependent libraries within DIR (or the compiler's sysroot @@ -1261,7 +1259,7 @@ fi ;; #( /*) - lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` + lt_sysroot=`echo "$with_sysroot" | $SED -e "$sed_quote_subst"` ;; #( no|'') ;; #( @@ -1291,7 +1289,7 @@ # options accordingly. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE=32 ;; @@ -1308,7 +1306,7 @@ echo '#line '$LINENO' "configure"' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then if test yes = "$lt_cv_prog_gnu_ld"; then - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; @@ -1320,7 +1318,7 @@ ;; esac else - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; @@ -1342,7 +1340,7 @@ echo '#line '$LINENO' "configure"' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then emul=elf - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *32-bit*) emul="${emul}32" ;; @@ -1350,7 +1348,7 @@ emul="${emul}64" ;; esac - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *MSB*) emul="${emul}btsmip" ;; @@ -1358,7 +1356,7 @@ emul="${emul}ltsmip" ;; esac - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *N32*) emul="${emul}n32" ;; @@ -1378,14 +1376,14 @@ # not appear in the list. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.o` in + case `$FILECMD conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) - case `/usr/bin/file conftest.o` in + case `$FILECMD conftest.o` in *x86-64*) LD="${LD-ld} -m elf32_x86_64" ;; @@ -1453,7 +1451,7 @@ # options accordingly. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.o` in + case `$FILECMD conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) @@ -1492,9 +1490,22 @@ m4_defun(_LT_PROG_AR, AC_CHECK_TOOLS(AR, ar, false) : ${AR=ar} -: ${AR_FLAGS=cr} _LT_DECL(, AR, 1, The archiver) -_LT_DECL(, AR_FLAGS, 1, Flags to create an archive) + +# Use ARFLAGS variable as AR's operation code to sync the variable naming with +# Automake. If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have +# higher priority because thats what people were doing historically (setting +# ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS +# variable obsoleted/removed. + +test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr} +lt_ar_flags=$AR_FLAGS +_LT_DECL(, lt_ar_flags, 0, Flags to create an archive (by configure)) + +# Make AR_FLAGS overridable by 'make ARFLAGS='. Don't try to run-time override +# by AR_FLAGS because that was never working and AR_FLAGS is about to die. +_LT_DECL(, AR_FLAGS, \@S|@{ARFLAGS-"\@S|@lt_ar_flags"}, + Flags to create an archive) AC_CACHE_CHECK(for archiver @FILE support, lt_cv_ar_at_file, lt_cv_ar_at_file=no @@ -1713,7 +1724,7 @@ lt_cv_sys_max_cmd_len=8192; ;; - bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) + bitrig* | darwin* | dragonfly* | freebsd* | midnightbsd* | netbsd* | openbsd*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` @@ -1756,7 +1767,7 @@ sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then - lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.* //'` + lt_cv_sys_max_cmd_len=`echo $kargmax | $SED 's/.* //'` else lt_cv_sys_max_cmd_len=32768 fi @@ -2206,26 +2217,35 @@ striplib= old_striplib= AC_MSG_CHECKING(whether stripping libraries is possible) -if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then - test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" - test -z "$striplib" && striplib="$STRIP --strip-unneeded" - AC_MSG_RESULT(yes) +if test -z "$STRIP"; then + AC_MSG_RESULT(no) else -# FIXME - insert some real tests, host_os isn't really good enough - case $host_os in - darwin*) - if test -n "$STRIP"; then + if $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + old_striplib="$STRIP --strip-debug" + striplib="$STRIP --strip-unneeded" + AC_MSG_RESULT(yes) + else + case $host_os in + darwin*) + # FIXME - insert some real tests, host_os isn't really good enough striplib="$STRIP -x" old_striplib="$STRIP -S" AC_MSG_RESULT(yes) - else + ;; + freebsd*) + if $STRIP -V 2>&1 | $GREP "elftoolchain" >/dev/null; then + old_striplib="$STRIP --strip-debug" + striplib="$STRIP --strip-unneeded" + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(no) + fi + ;; + *) AC_MSG_RESULT(no) - fi - ;; - *) - AC_MSG_RESULT(no) - ;; - esac + ;; + esac + fi fi _LT_DECL(, old_striplib, 1, Commands to strip libraries) _LT_DECL(, striplib, 1) @@ -2548,7 +2568,7 @@ case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' - soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/./-/g'`$versuffix$shared_ext' + soname_spec='`echo $libname | $SED -e 's/^lib/cyg/'``echo $release | $SED -e 's/./-/g'`$versuffix$shared_ext' m4_if($1, , sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api") ;; @@ -2558,14 +2578,14 @@ ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' - library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/./-/g'`$versuffix$shared_ext' + library_names_spec='`echo $libname | $SED -e 's/^lib/pw/'``echo $release | $SED -e 's/./-/g'`$versuffix$shared_ext' ;; esac dynamic_linker='Win32 ld.exe' ;; - *,cl*) - # Native MSVC + *,cl* | *,icl*) + # Native MSVC or ICC libname_spec='$name' soname_spec='$libname`echo $release | $SED -e 's/./-/g'`$versuffix$shared_ext' library_names_spec='$libname.dll.lib' @@ -2584,7 +2604,7 @@ done IFS=$lt_save_ifs # Convert to MSYS style. - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\(a-zA-Z\\):| /\\1|g' -e 's|^ ||'` + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's|\\\\|/|g' -e 's| \\(a-zA-Z\\):| /\\1|g' -e 's|^ ||'` ;; cygwin*) # Convert to unix form, then to dos form, then back to unix form @@ -2621,7 +2641,7 @@ ;; *) - # Assume MSVC wrapper + # Assume MSVC and ICC wrapper library_names_spec='$libname`echo $release | $SED -e 's/./-/g'`$versuffix$shared_ext $libname.lib' dynamic_linker='Win32 ld.exe' ;; @@ -2654,7 +2674,7 @@ shlibpath_var=LD_LIBRARY_PATH ;; -freebsd* | dragonfly*) +freebsd* | dragonfly* | midnightbsd*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then @@ -3465,7 +3485,7 @@ bsdi45*) lt_cv_deplibs_check_method='file_magic ELF 0-90-9*-bit MLSB (shared object|dynamic lib)' - lt_cv_file_magic_cmd='/usr/bin/file -L' + lt_cv_file_magic_cmd='$FILECMD -L' lt_cv_file_magic_test_file=/shlib/libc.so ;; @@ -3499,14 +3519,14 @@ lt_cv_deplibs_check_method=pass_all ;; -freebsd* | dragonfly*) +freebsd* | dragonfly* | midnightbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i3-986 (compact )?demand paged shared library' - lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_cmd=$FILECMD lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac @@ -3520,7 +3540,7 @@ ;; hpux10.20* | hpux11*) - lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_cmd=$FILECMD case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s0-90-90-9|ELF-0-90-9) shared object file - IA64' @@ -3567,7 +3587,7 @@ newos6*) lt_cv_deplibs_check_method='file_magic ELF 0-90-9*-bit MLSB (executable|dynamic lib)' - lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_cmd=$FILECMD lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; @@ -3694,13 +3714,13 @@ mingw*) lt_bad_file=conftest.nm/nofile ;; *) lt_bad_file=/dev/null ;; esac - case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in + case `"$tmp_nm" -B $lt_bad_file 2>&1 | $SED '1q'` in *$lt_bad_file* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break 2 ;; *) - case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + case `"$tmp_nm" -p /dev/null 2>&1 | $SED '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break 2 @@ -3726,7 +3746,7 @@ # Let the user override the test. else AC_CHECK_TOOLS(DUMPBIN, dumpbin "link -dump", :) - case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in + case `$DUMPBIN -symbols -headers /dev/null 2>&1 | $SED '1q'` in *COFF*) DUMPBIN="$DUMPBIN -symbols -headers" ;; @@ -3966,7 +3986,7 @@ if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Gets list of data symbols to import. - lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" + lt_cv_sys_global_symbol_to_import="$SED -n -e 's/^I .* \(.*\)$/\1/p'" # Adjust the below global symbol transforms to fixup imported variables. lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" @@ -3984,20 +4004,20 @@ # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. -lt_cv_sys_global_symbol_to_cdecl="sed -n"\ +lt_cv_sys_global_symbol_to_cdecl="$SED -n"\ $lt_cdecl_hook\ " -e 's/^T .* \(.*\)$/extern int \1();/p'"\ " -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address -lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ +lt_cv_sys_global_symbol_to_c_name_address="$SED -n"\ $lt_c_name_hook\ " -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ " -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" # Transform an extracted symbol line into symbol name with lib prefix and # symbol address. -lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="$SED -n"\ $lt_c_name_lib_hook\ " -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ " -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ @@ -4021,7 +4041,7 @@ if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function, # D for any global variable and I for any imported variable. - # Also find C++ and __fastcall symbols from MSVC++, + # Also find C++ and __fastcall symbols from MSVC++ or ICC, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK '"\ " {last_section=section; section=\$ 3};"\ @@ -4039,9 +4059,9 @@ " s1~prfx {split(s1,t,\"@\"); print f,t1,substr(t1,length(prfx))}"\ " ' prfx=^$ac_symprfx" else - lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.* \($symcode$symcode*\) *$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + lt_cv_sys_global_symbol_pipe="$SED -n -e 's/^.* \($symcode$symcode*\) *$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" fi - lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" + lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | $SED '/ __gnu_lto/d'" # Check to see that the pipe works correctly. pipe_works=no @@ -4329,7 +4349,7 @@ ;; esac ;; - freebsd* | dragonfly*) + freebsd* | dragonfly* | midnightbsd*) # FreeBSD uses GNU C++ ;; hpux9* | hpux10* | hpux11*) @@ -4412,7 +4432,7 @@ _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' ;; *) - case `$CC -V 2>&1 | sed 5q` in + case `$CC -V 2>&1 | $SED 5q` in *Sun\ C*) # Sun C++ 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' @@ -4754,7 +4774,7 @@ _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' ;; *) - case `$CC -V 2>&1 | sed 5q` in + case `$CC -V 2>&1 | $SED 5q` in *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ 1-7.* | *Sun*Fortran*\ 8.0-3*) # Sun Fortran 8.3 passes all unrecognized flags to the linker _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' @@ -4937,7 +4957,7 @@ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\(^B*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\(^B*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi ;; pw32*) @@ -4945,7 +4965,7 @@ ;; cygwin* | mingw* | cegcc*) case $cc_basename in - cl*) + cl* | icl*) _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' ;; *) @@ -5005,15 +5025,15 @@ case $host_os in cygwin* | mingw* | pw32* | cegcc*) - # FIXME: the MSVC++ port hasn't been tested in a loooong time + # FIXME: the MSVC++ and ICC port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. + # Microsoft Visual C++ or Intel C++ Compiler. if test yes != "$GCC"; then with_gnu_ld=no fi ;; interix*) - # we just hope/assume this is gcc and not c89 (= MSVC++) + # we just hope/assume this is gcc and not c89 (= MSVC++ or ICC) with_gnu_ld=yes ;; openbsd* | bitrig*) @@ -5068,7 +5088,7 @@ _LT_TAGVAR(whole_archive_flag_spec, $1)= fi supports_anon_versioning=no - case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in + case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ 01.* | *\ 2.0-9.* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... @@ -5180,6 +5200,7 @@ emximp -o $lib $output_objdir/$libname.def' _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='@' ;; interix3-9*) @@ -5194,7 +5215,7 @@ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) @@ -5237,7 +5258,7 @@ _LT_TAGVAR(compiler_needs_object, $1)=yes ;; esac - case `$CC -V 2>&1 | sed 5q` in + case `$CC -V 2>&1 | $SED 5q` in *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes @@ -5249,13 +5270,14 @@ if test yes = "$supports_anon_versioning"; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' fi case $cc_basename in tcc*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic' ;; xlf* | bgf* | bgxlf* | mpixlf*) @@ -5265,7 +5287,7 @@ _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test yes = "$supports_anon_versioning"; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi @@ -5397,7 +5419,7 @@ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\(^B*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\(^B*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no @@ -5580,12 +5602,12 @@ cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. + # Microsoft Visual C++ or Intel C++ Compiler. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. case $cc_basename in - cl*) - # Native MSVC + cl* | icl*) + # Native MSVC or ICC _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes @@ -5626,7 +5648,7 @@ fi' ;; *) - # Assume MSVC wrapper + # Assume MSVC and ICC wrapper _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Tell ltmain to make .lib files, not .a files. @@ -5674,7 +5696,7 @@ ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. - freebsd* | dragonfly*) + freebsd* | dragonfly* | midnightbsd*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes @@ -5815,6 +5837,7 @@ # Fabrice Bellard et al's Tiny C Compiler _LT_TAGVAR(ld_shlibs, $1)=yes _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' ;; esac ;; @@ -5886,6 +5909,7 @@ emximp -o $lib $output_objdir/$libname.def' _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='@' ;; osf3*) @@ -6656,8 +6680,8 @@ cygwin* | mingw* | pw32* | cegcc*) case $GXX,$cc_basename in - ,cl* | no,cl*) - # Native MSVC + ,cl* | no,cl* | ,icl* | no,icl*) + # Native MSVC or ICC # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' @@ -6755,6 +6779,7 @@ emximp -o $lib $output_objdir/$libname.def' _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='@' ;; dgux*) @@ -6785,7 +6810,7 @@ _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; - freebsd* | dragonfly*) + freebsd* | dragonfly* | midnightbsd*) # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF # conventions _LT_TAGVAR(ld_shlibs, $1)=yes @@ -6922,7 +6947,7 @@ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; irix5* | irix6*) case $cc_basename in @@ -7062,13 +7087,13 @@ _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' if test yes = "$supports_anon_versioning"; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' fi ;; *) - case `$CC -V 2>&1 | sed 5q` in + case `$CC -V 2>&1 | $SED 5q` in *Sun\ C*) # Sun C++ 5.9 _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' @@ -8214,6 +8239,14 @@ AC_SUBST(DLLTOOL) ) +# _LT_DECL_FILECMD +# ---------------- +# Check for a file(cmd) program that can be used to detect file type and magic +m4_defun(_LT_DECL_FILECMD, +AC_CHECK_TOOL(FILECMD, file, :) +_LT_DECL(, FILECMD, 1, A file(cmd) program that detects file types) +)# _LD_DECL_FILECMD + # _LT_DECL_SED # ------------ # Check for a fully-functional sed program, that truncates
View file
_service:tar_scm:stunnel-5.69.tar.gz/m4/ltoptions.m4 -> _service:tar_scm:stunnel-5.72.tar.gz/m4/ltoptions.m4
Changed
@@ -1,7 +1,7 @@ # Helper functions for option handling. -*- Autoconf -*- # -# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software -# Foundation, Inc. +# Copyright (C) 2004-2005, 2007-2009, 2011-2019, 2021-2022 Free +# Software Foundation, Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives
View file
_service:tar_scm:stunnel-5.69.tar.gz/m4/ltsugar.m4 -> _service:tar_scm:stunnel-5.72.tar.gz/m4/ltsugar.m4
Changed
@@ -1,6 +1,6 @@ # ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- # -# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software +# Copyright (C) 2004-2005, 2007-2008, 2011-2019, 2021-2022 Free Software # Foundation, Inc. # Written by Gary V. Vaughan, 2004 #
View file
_service:tar_scm:stunnel-5.69.tar.gz/m4/ltversion.m4 -> _service:tar_scm:stunnel-5.72.tar.gz/m4/ltversion.m4
Changed
@@ -1,6 +1,7 @@ # ltversion.m4 -- version numbers -*- Autoconf -*- # -# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc. +# Copyright (C) 2004, 2011-2019, 2021-2022 Free Software Foundation, +# Inc. # Written by Scott James Remnant, 2004 # # This file is free software; the Free Software Foundation gives @@ -9,15 +10,15 @@ # @configure_input@ -# serial 4179 ltversion.m4 +# serial 4245 ltversion.m4 # This file is part of GNU Libtool -m4_define(LT_PACKAGE_VERSION, 2.4.6) -m4_define(LT_PACKAGE_REVISION, 2.4.6) +m4_define(LT_PACKAGE_VERSION, 2.4.7) +m4_define(LT_PACKAGE_REVISION, 2.4.7) AC_DEFUN(LTVERSION_VERSION, -macro_version='2.4.6' -macro_revision='2.4.6' +macro_version='2.4.7' +macro_revision='2.4.7' _LT_DECL(, macro_version, 0, Which release of libtool.m4 was used?) _LT_DECL(, macro_revision, 0) )
View file
_service:tar_scm:stunnel-5.69.tar.gz/m4/lt~obsolete.m4 -> _service:tar_scm:stunnel-5.72.tar.gz/m4/lt~obsolete.m4
Changed
@@ -1,7 +1,7 @@ # lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- # -# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software -# Foundation, Inc. +# Copyright (C) 2004-2005, 2007, 2009, 2011-2019, 2021-2022 Free +# Software Foundation, Inc. # Written by Scott James Remnant, 2004. # # This file is free software; the Free Software Foundation gives
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/Makefile.am -> _service:tar_scm:stunnel-5.72.tar.gz/src/Makefile.am
Changed
@@ -1,5 +1,5 @@ ## Process this file with automake to produce Makefile.in -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 ############################################################################### # File lists # @@ -8,7 +8,7 @@ common_headers = common.h prototypes.h version.h common_sources = tls.c str.c file.c client.c log.c options.c protocol.c common_sources += network.c resolver.c ssl.c ctx.c verify.c sthreads.c -common_sources += fd.c dhparam.c cron.c stunnel.c +common_sources += ocsp.c fd.c dhparam.c cron.c stunnel.c unix_sources = pty.c libwrap.c ui_unix.c shared_sources = env.c win32_gui_sources = ui_win_gui.c resources.h resources.rc @@ -37,12 +37,14 @@ # TLS library stunnel_LDFLAGS = -L$(SSLDIR)/lib64 -L$(SSLDIR)/lib -lssl -lcrypto -# stunnel3 script +# Apply substitutions edit = sed \ - -e 's|@bindir@|$(bindir)|g' -stunnel3: Makefile + -e 's|@bindir@|$(bindir)|g' \ + -e 's|@PACKAGE_VERSION@|$(PACKAGE_VERSION)|g' +stunnel3 os2.mak: Makefile $(edit) '$(srcdir)/$@.in' >$@ stunnel3: $(srcdir)/stunnel3.in +os2.mak: $(srcdir)/os2.mak.in # Unix shared library pkglib_LTLIBRARIES = libstunnel.la @@ -64,7 +66,14 @@ clean-local: rm -rf ../obj ../bin -# Remaining files to be included +############################################################################### +# Remaining files to be included # +############################################################################### + +dist_noinst_DATA = os2.mak +EXTRA_DIST += os2.mak.in +CLEANFILES += os2.mak + EXTRA_DIST += $(win32_gui_sources) $(win32_cli_sources) EXTRA_DIST += make.bat makece.bat makew32.bat -EXTRA_DIST += mingw.mk mingw.mak evc.mak vc.mak os2.mak +EXTRA_DIST += mingw.mk mingw.mak evc.mak vc.mak
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/Makefile.in -> _service:tar_scm:stunnel-5.72.tar.gz/src/Makefile.in
Changed
@@ -14,7 +14,7 @@ @SET_MAKE@ -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 ############################################################################### # File lists # @@ -22,6 +22,7 @@ + VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ @@ -105,7 +106,8 @@ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_noinst_DATA) \ + $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = @@ -159,9 +161,9 @@ stunnel-protocol.$(OBJEXT) stunnel-network.$(OBJEXT) \ stunnel-resolver.$(OBJEXT) stunnel-ssl.$(OBJEXT) \ stunnel-ctx.$(OBJEXT) stunnel-verify.$(OBJEXT) \ - stunnel-sthreads.$(OBJEXT) stunnel-fd.$(OBJEXT) \ - stunnel-dhparam.$(OBJEXT) stunnel-cron.$(OBJEXT) \ - stunnel-stunnel.$(OBJEXT) + stunnel-sthreads.$(OBJEXT) stunnel-ocsp.$(OBJEXT) \ + stunnel-fd.$(OBJEXT) stunnel-dhparam.$(OBJEXT) \ + stunnel-cron.$(OBJEXT) stunnel-stunnel.$(OBJEXT) am__objects_4 = stunnel-pty.$(OBJEXT) stunnel-libwrap.$(OBJEXT) \ stunnel-ui_unix.$(OBJEXT) am_stunnel_OBJECTS = $(am__objects_2) $(am__objects_3) \ @@ -192,12 +194,13 @@ ./$(DEPDIR)/stunnel-ctx.Po ./$(DEPDIR)/stunnel-dhparam.Po \ ./$(DEPDIR)/stunnel-fd.Po ./$(DEPDIR)/stunnel-file.Po \ ./$(DEPDIR)/stunnel-libwrap.Po ./$(DEPDIR)/stunnel-log.Po \ - ./$(DEPDIR)/stunnel-network.Po ./$(DEPDIR)/stunnel-options.Po \ - ./$(DEPDIR)/stunnel-protocol.Po ./$(DEPDIR)/stunnel-pty.Po \ - ./$(DEPDIR)/stunnel-resolver.Po ./$(DEPDIR)/stunnel-ssl.Po \ - ./$(DEPDIR)/stunnel-sthreads.Po ./$(DEPDIR)/stunnel-str.Po \ - ./$(DEPDIR)/stunnel-stunnel.Po ./$(DEPDIR)/stunnel-tls.Po \ - ./$(DEPDIR)/stunnel-ui_unix.Po ./$(DEPDIR)/stunnel-verify.Po + ./$(DEPDIR)/stunnel-network.Po ./$(DEPDIR)/stunnel-ocsp.Po \ + ./$(DEPDIR)/stunnel-options.Po ./$(DEPDIR)/stunnel-protocol.Po \ + ./$(DEPDIR)/stunnel-pty.Po ./$(DEPDIR)/stunnel-resolver.Po \ + ./$(DEPDIR)/stunnel-ssl.Po ./$(DEPDIR)/stunnel-sthreads.Po \ + ./$(DEPDIR)/stunnel-str.Po ./$(DEPDIR)/stunnel-stunnel.Po \ + ./$(DEPDIR)/stunnel-tls.Po ./$(DEPDIR)/stunnel-ui_unix.Po \ + ./$(DEPDIR)/stunnel-verify.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -224,6 +227,7 @@ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +DATA = $(dist_noinst_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) \ config.h.in # Read a list of newline-separated strings from the standard input, @@ -274,6 +278,7 @@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FILECMD = @FILECMD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -377,7 +382,7 @@ common_headers = common.h prototypes.h version.h common_sources = tls.c str.c file.c client.c log.c options.c \ protocol.c network.c resolver.c ssl.c ctx.c verify.c \ - sthreads.c fd.c dhparam.c cron.c stunnel.c + sthreads.c ocsp.c fd.c dhparam.c cron.c stunnel.c unix_sources = pty.c libwrap.c ui_unix.c shared_sources = env.c win32_gui_sources = ui_win_gui.c resources.h resources.rc stunnel.ico \ @@ -385,12 +390,10 @@ win32_cli_sources = ui_win_cli.c stunnel_SOURCES = $(common_headers) $(common_sources) $(unix_sources) bin_SCRIPTS = stunnel3 - -# Remaining files to be included -EXTRA_DIST = stunnel3.in $(win32_gui_sources) $(win32_cli_sources) \ - make.bat makece.bat makew32.bat mingw.mk mingw.mak evc.mak \ - vc.mak os2.mak -CLEANFILES = stunnel3 +EXTRA_DIST = stunnel3.in os2.mak.in $(win32_gui_sources) \ + $(win32_cli_sources) make.bat makece.bat makew32.bat mingw.mk \ + mingw.mak evc.mak vc.mak +CLEANFILES = stunnel3 os2.mak # Red Hat "by design" bug #82369 @@ -402,15 +405,21 @@ # TLS library stunnel_LDFLAGS = -L$(SSLDIR)/lib64 -L$(SSLDIR)/lib -lssl -lcrypto -# stunnel3 script +# Apply substitutions edit = sed \ - -e 's|@bindir@|$(bindir)|g' + -e 's|@bindir@|$(bindir)|g' \ + -e 's|@PACKAGE_VERSION@|$(PACKAGE_VERSION)|g' # Unix shared library pkglib_LTLIBRARIES = libstunnel.la libstunnel_la_SOURCES = $(shared_sources) libstunnel_la_LDFLAGS = -avoid-version + +############################################################################### +# Remaining files to be included # +############################################################################### +dist_noinst_DATA = os2.mak all: config.h $(MAKE) $(AM_MAKEFLAGS) all-am @@ -603,6 +612,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-libwrap.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-log.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-network.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-ocsp.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-options.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-protocol.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-pty.Po@am__quote@ # am--include-marker @@ -824,6 +834,20 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o stunnel-sthreads.obj `if test -f 'sthreads.c'; then $(CYGPATH_W) 'sthreads.c'; else $(CYGPATH_W) '$(srcdir)/sthreads.c'; fi` +stunnel-ocsp.o: ocsp.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT stunnel-ocsp.o -MD -MP -MF $(DEPDIR)/stunnel-ocsp.Tpo -c -o stunnel-ocsp.o `test -f 'ocsp.c' || echo '$(srcdir)/'`ocsp.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/stunnel-ocsp.Tpo $(DEPDIR)/stunnel-ocsp.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ocsp.c' object='stunnel-ocsp.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o stunnel-ocsp.o `test -f 'ocsp.c' || echo '$(srcdir)/'`ocsp.c + +stunnel-ocsp.obj: ocsp.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT stunnel-ocsp.obj -MD -MP -MF $(DEPDIR)/stunnel-ocsp.Tpo -c -o stunnel-ocsp.obj `if test -f 'ocsp.c'; then $(CYGPATH_W) 'ocsp.c'; else $(CYGPATH_W) '$(srcdir)/ocsp.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/stunnel-ocsp.Tpo $(DEPDIR)/stunnel-ocsp.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ocsp.c' object='stunnel-ocsp.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o stunnel-ocsp.obj `if test -f 'ocsp.c'; then $(CYGPATH_W) 'ocsp.c'; else $(CYGPATH_W) '$(srcdir)/ocsp.c'; fi` + stunnel-fd.o: fd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT stunnel-fd.o -MD -MP -MF $(DEPDIR)/stunnel-fd.Tpo -c -o stunnel-fd.o `test -f 'fd.c' || echo '$(srcdir)/'`fd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/stunnel-fd.Tpo $(DEPDIR)/stunnel-fd.Po @@ -1014,7 +1038,8 @@ done check-am: all-am check: check-am -all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(SCRIPTS) config.h +all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(SCRIPTS) $(DATA) \ + config.h installdirs: for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(pkglibdir)" "$(DESTDIR)$(bindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ @@ -1066,6 +1091,7 @@ -rm -f ./$(DEPDIR)/stunnel-libwrap.Po -rm -f ./$(DEPDIR)/stunnel-log.Po -rm -f ./$(DEPDIR)/stunnel-network.Po + -rm -f ./$(DEPDIR)/stunnel-ocsp.Po -rm -f ./$(DEPDIR)/stunnel-options.Po -rm -f ./$(DEPDIR)/stunnel-protocol.Po -rm -f ./$(DEPDIR)/stunnel-pty.Po @@ -1133,6 +1159,7 @@ -rm -f ./$(DEPDIR)/stunnel-libwrap.Po -rm -f ./$(DEPDIR)/stunnel-log.Po -rm -f ./$(DEPDIR)/stunnel-network.Po + -rm -f ./$(DEPDIR)/stunnel-ocsp.Po -rm -f ./$(DEPDIR)/stunnel-options.Po -rm -f ./$(DEPDIR)/stunnel-protocol.Po -rm -f ./$(DEPDIR)/stunnel-pty.Po @@ -1184,9 +1211,10 @@ .PRECIOUS: Makefile -stunnel3: Makefile +stunnel3 os2.mak: Makefile $(edit) '$(srcdir)/$@.in' >$@ stunnel3: $(srcdir)/stunnel3.in +os2.mak: $(srcdir)/os2.mak.in ############################################################################### # Win32 executables #
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/client.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/client.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -60,7 +60,6 @@ #endif NOEXPORT void print_cipher(CLI *); NOEXPORT void transfer(CLI *); -NOEXPORT int parse_socket_error(CLI *, const char *); NOEXPORT void auth_user(CLI *); NOEXPORT SOCKET connect_local(CLI *); @@ -176,7 +175,7 @@ void client_main(CLI *c) { s_log(LOG_DEBUG, "Service %s started", c->opt->servname); if(c->opt->exec_name && c->opt->connect_addr.names) { - if(c->opt->option.retry) + if(c->opt->retry >= 0) exec_connect_loop(c); else exec_connect_once(c); @@ -202,7 +201,7 @@ NOEXPORT void exec_connect_loop(CLI *c) { unsigned long long seq=0; const char *fresh_id=c->tls->id; - unsigned retry; + long retry; do { /* make sure c->tls->id is valid in str_printf() */ @@ -213,19 +212,20 @@ exec_connect_once(c); /* retry is asynchronously changed in the main thread, * so we make sure to use the same value for both checks */ - retry=c->opt->option.retry; - if(retry) { + retry=c->opt->retry; + if(retry >= 0) { s_log(LOG_INFO, "Retrying an exec+connect section"); /* c and id are detached, so it is safe to call str_stats() */ str_stats(); /* client thread allocation tracking */ - s_poll_sleep(1, 0); + if(retry) + s_poll_sleep((int)(retry/1000), (int)(retry%1000)); c->rr++; } /* make sure c->tls->id is valid in str_free() */ c->tls->id=fresh_id; str_free(id); - } while(retry); /* retry is disabled on config reload */ + } while(retry >= 0); /* retry is disabled on config reload */ } #ifdef __GNUC__ #if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) @@ -415,17 +415,21 @@ NOEXPORT void client_try(CLI *c) { local_start(c); - protocol(c, c->opt, PROTOCOL_EARLY); + if(c->opt->protocol_early) + c->opt->protocol_early(c); if(c->opt->option.connect_before_ssl) { remote_start(c); - protocol(c, c->opt, PROTOCOL_MIDDLE); + if(c->opt->protocol_middle) + c->opt->protocol_middle(c); ssl_start(c); } else { ssl_start(c); - protocol(c, c->opt, PROTOCOL_MIDDLE); + if(c->opt->protocol_middle) + c->opt->protocol_middle(c); remote_start(c); } - protocol(c, c->opt, PROTOCOL_LATE); + if(c->opt->protocol_late) + c->opt->protocol_late(c); transfer(c); } @@ -549,6 +553,12 @@ } if(c->opt->option.client) { #ifndef OPENSSL_NO_TLSEXT +#ifndef OPENSSL_NO_OCSP + if(!SSL_set_tlsext_status_type(c->ssl, TLSEXT_STATUSTYPE_ocsp)) { + sslerror("OCSP: SSL_set_tlsext_status_type"); + throw_exception(c, 1); + } +#endif /* !defined(OPENSSL_NO_OCSP) */ /* c->opt->sni should always be initialized at this point, * either explicitly with "sni" * or implicitly with "protocolHost" or "connect" */ @@ -659,7 +669,7 @@ } } if(SSL_session_reused(c->ssl)) { - print_session_id(sess); + print_session_id(sess); /* otherwise printed from sess_new_cb() */ } else { /* a new session was negotiated */ /* SSL_SESS_CACHE_NO_INTERNAL_STORE prevented automatic caching */ if(!c->opt->option.client) @@ -682,7 +692,7 @@ if(c->opt->connect_session) { sess=c->opt->connect_sessionc->idx; } else { - s_log(LOG_ERR, "INTERNAL ERROR: Uninitialized client session cache"); + s_log(LOG_ERR, "INTERNAL ERROR: Uninitialized client session cache (retrieve)"); sess=NULL; } } @@ -746,12 +756,21 @@ if(c->opt->log_level<LOG_INFO) /* performance optimization */ return; - s_log(LOG_INFO, "TLS %s: %s", - c->opt->option.client ? "connected" : "accepted", - SSL_session_reused(c->ssl) && !c->flag.psk ? - "previous session reused" : "new session negotiated"); +#ifndef OPENSSL_NO_PSK + if(c->flag.psk_found) { + if(c->opt->option.client) { + s_log(LOG_ERR, "INTERNAL ERROR: PSK found on a client"); + } else { + s_log(LOG_INFO, "TLS accepted: PSK"); + } + } else +#endif /* !defined(OPENSSL_NO_PSK) */ + s_log(LOG_INFO, "TLS %s: %s", + c->opt->option.client ? "connected" : "accepted", + SSL_session_reused(c->ssl) ? + "previous session reused" : "new session negotiated"); - cipher=SSL_get_current_cipher(c->ssl); + cipher=(SSL_CIPHER *)SSL_get_current_cipher(c->ssl); s_log(LOG_INFO, "%s ciphersuite: %s (%d-bit encryption)", SSL_get_version(c->ssl), SSL_CIPHER_get_name(cipher), SSL_CIPHER_get_bits(cipher, NULL)); @@ -971,7 +990,7 @@ shutdown_wants_read=shutdown_wants_write=0; break; case SSL_ERROR_SYSCALL: /* socket error */ - if(parse_socket_error(c, "SSL_shutdown")) + if(socket_needs_retry(c, "transfer: SSL_shutdown")) break; /* a non-critical error: retry */ SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); shutdown_wants_read=shutdown_wants_write=0; @@ -987,7 +1006,7 @@ ssize_t num=writesocket(c->sock_wfd->fd, c->ssl_buff, c->ssl_ptr); switch(num) { case -1: /* error */ - if(parse_socket_error(c, "writesocket")) + if(socket_needs_retry(c, "transfer: writesocket")) break; /* a non-critical error: retry */ sock_open_rd=sock_open_wr=0; break; @@ -1009,7 +1028,7 @@ c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr); switch(num) { case -1: - if(parse_socket_error(c, "readsocket")) + if(socket_needs_retry(c, "transfer: readsocket")) break; /* a non-critical error: retry */ sock_open_rd=sock_open_wr=0; break; @@ -1067,7 +1086,7 @@ case SSL_ERROR_ZERO_RETURN: /* a buffered close_notify alert */ /* fall through */ case SSL_ERROR_SYSCALL: /* socket error */ - if(parse_socket_error(c, "SSL_write") && num) /* always log the error */ + if(socket_needs_retry(c, "transfer: SSL_write") && num) break; /* a non-critical error: retry */ /* EOF -> buggy (e.g. Microsoft) peer: * TLS socket closed without close_notify alert */ @@ -1118,6 +1137,24 @@ "SSL_read returned WANT_X509_LOOKUP: retrying"); break; case SSL_ERROR_SSL: +#ifdef SSL_R_UNEXPECTED_EOF_WHILE_READING + /* OpenSSL 3.0 changed the method of reporting socket EOF */ + if(ERR_GET_REASON(ERR_peek_error())== + SSL_R_UNEXPECTED_EOF_WHILE_READING) { + /* EOF -> buggy (e.g. Microsoft) peer: + * TLS socket closed without close_notify alert */ + if(c->sock_ptr || write_wants_write) { + s_log(LOG_ERR, + "TLS socket closed (SSL_read) with %ld unsent byte(s)", + (long)c->sock_ptr); + throw_exception(c, 1); /* reset the sockets */ + } + s_log(LOG_INFO, "TLS socket closed (SSL_read)"); + SSL_set_shutdown(c->ssl, + SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + break; + } +#endif /* SSL_R_UNEXPECTED_EOF_WHILE_READING */ sslerror("SSL_read"); throw_exception(c, 1); case SSL_ERROR_ZERO_RETURN: /* received a close_notify alert */ @@ -1127,7 +1164,7 @@ SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); break; case SSL_ERROR_SYSCALL: - if(parse_socket_error(c, "SSL_read") && num) /* always log the error */ + if(socket_needs_retry(c, "transfer: SSL_read") && num) break; /* a non-critical error: retry */ /* EOF -> buggy (e.g. Microsoft) peer: * TLS socket closed without close_notify alert */ @@ -1259,48 +1296,6 @@ shutdown_wants_read || shutdown_wants_write); } - /* returns 0 on close and 1 on non-critical errors */ -NOEXPORT int parse_socket_error(CLI *c, const char *text) { - switch(get_last_socket_error()) { - /* http://tangentsoft.net/wskfaq/articles/bsd-compatibility.html */ - case 0: /* close on read, or close on write on WIN32 */ - /* fall through */ -#ifndef USE_WIN32 - case EPIPE: /* close on write on Unix */ - /* fall through */ -#endif - case S_ECONNABORTED: - s_log(LOG_INFO, "%s: Socket is closed", text); - return 0; - case S_EINTR: - s_log(LOG_DEBUG, "%s: Interrupted by a signal: retrying", text); - return 1; - case S_EWOULDBLOCK: - s_log(LOG_NOTICE, "%s: Would block: retrying", text); - s_poll_sleep(1, 0); /* Microsoft bug KB177346 */ - return 1; -#if S_EAGAIN!=S_EWOULDBLOCK - case S_EAGAIN: - s_log(LOG_DEBUG, - "%s: Temporary lack of resources: retrying", text); - return 1; -#endif -#ifdef USE_WIN32 - case S_ECONNRESET: - /* dying "exec" processes on Win32 cause reset instead of close */ - if(c->opt->exec_name) { - s_log(LOG_INFO, "%s: Socket is closed (exec)", text); - return 0; - } -#endif - /* fall through */ - default: - sockerror(text); - throw_exception(c, 1); - return -1; /* some C compilers require a return value */ - } -} - NOEXPORT void auth_user(CLI *c) { #ifndef _WIN32_WCE struct servent *s_ent; /* structure for getservbyname */ @@ -1332,7 +1327,7 @@ s_log(LOG_WARNING, "Unknown service 'auth': using default 113"); ident.in.sin_port=htons(113); } - if(s_connect(c, &ident, addr_len(&ident))) + if(s_connect(c, &ident, addr_len(&ident), c->opt->timeout_connect)) throw_exception(c, 1); s_log(LOG_DEBUG, "IDENT server connected"); remote_port=ntohs(c->peer_addr.in.sin_port); @@ -1568,7 +1563,8 @@ c->idx=(idx_start+idx_try)%c->connect_addr.num; if(!connect_init(c, c->connect_addr.addrc->idx.sa.sa_family) && !s_connect(c, &c->connect_addr.addrc->idx, - addr_len(&c->connect_addr.addrc->idx))) { + addr_len(&c->connect_addr.addrc->idx), + c->opt->timeout_connect)) { if(c->ssl) { SSL_SESSION *sess=SSL_get1_session(c->ssl); if(sess) {
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/common.h -> _service:tar_scm:stunnel-5.72.tar.gz/src/common.h
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -250,6 +250,10 @@ #include <shlobj.h> /* SHGetFolderPath */ #include <tchar.h> +#ifndef alloca +#define alloca _alloca +#endif + #include "resources.h" #ifndef PRIX64
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/cron.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/cron.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/ctx.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/ctx.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -140,18 +140,29 @@ #endif int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ + s_log(LOG_DEBUG, "Initializing context %s", section->servname); + /* create a new TLS context */ -#if OPENSSL_VERSION_NUMBER>=0x10100000L #if OPENSSL_VERSION_NUMBER>=0x30000000L section->ctx=SSL_CTX_new_ex(NULL, EVP_default_properties_is_fips_enabled(NULL) ? "fips=yes" : "provider!=fips", section->option.client ? TLS_client_method() : TLS_server_method()); -#else /* OPENSSL_VERSION_NUMBER<0x30000000L */ +#elif OPENSSL_VERSION_NUMBER>=0x10100000L section->ctx=SSL_CTX_new(section->option.client ? TLS_client_method() : TLS_server_method()); -#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ +#else /* OPENSSL_VERSION_NUMBER<0x10100000L */ + section->ctx=SSL_CTX_new(section->option.client ? + section->client_method : section->server_method); +#endif + if(!section->ctx) { + sslerror("SSL_CTX_new"); + return 1; /* FAILED */ + } + + /* set supported protocol versions */ +#if OPENSSL_VERSION_NUMBER>=0x10100000L if(section->min_proto_version && !SSL_CTX_set_min_proto_version(section->ctx, section->min_proto_version)) { @@ -166,16 +177,7 @@ section->max_proto_version); return 1; /* FAILED */ } -#else /* OPENSSL_VERSION_NUMBER<0x10100000L */ - if(section->option.client) - section->ctx=SSL_CTX_new(section->client_method); - else /* server mode */ - section->ctx=SSL_CTX_new(section->server_method); -#endif /* OPENSSL_VERSION_NUMBER<0x10100000L */ - if(!section->ctx) { - sslerror("SSL_CTX_new"); - return 1; /* FAILED */ - } +#endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */ /* allow callbacks to access their SERVICE_OPTIONS structure */ if(!SSL_CTX_set_ex_data(section->ctx, index_ssl_ctx_opt, section)) { @@ -325,6 +327,12 @@ if(verify_init(section)) return 1; /* FAILED */ + /* OCSP stapling */ +#ifndef OPENSSL_NO_OCSP + if(ocsp_init(section)) + return 1; /* FAILED */ +#endif /* OPENSSL_NO_OCSP */ + /* initialize the DH/ECDH key agreement */ #ifndef OPENSSL_NO_TLSEXT if(!section->option.client) @@ -341,6 +349,25 @@ return 0; /* OK */ } +/**************************************** cleanup TLS context */ + +/* + * free anything allocate from context_init() and callbacks + * also free any cached data allocated in client.c + */ +void context_cleanup(SERVICE_OPTIONS *section) { + s_log(LOG_DEBUG, "Cleaning up context %s", section->servname); + +#ifndef OPENSSL_NO_OCSP + ocsp_cleanup(section); +#endif /* !defined(OPENSSL_NO_OCSP) */ + str_free(section->chain); + if(section->session) + SSL_SESSION_free(section->session); + if(section->ctx) + SSL_CTX_free(section->ctx); +} + /**************************************** SNI callback */ #ifndef OPENSSL_NO_TLSEXT @@ -713,7 +740,13 @@ c=SSL_get_ex_data(ssl, index_ssl_cli); found=psk_find(&c->opt->psk_sorted, identity); if(!found) { - s_log(LOG_INFO, "PSK identity not found (session resumption?)"); + const char *c=identity; + while(*c && isprint(*c)) + c++; + if(*c) + s_log(LOG_INFO, "PSK identity not found (session resumption?)"); + else + s_log(LOG_INFO, "PSK identity not found: %s", identity); return 0; } if(found->key_len>max_psk_len) { @@ -722,7 +755,7 @@ } memcpy(psk, found->key_val, found->key_len); s_log(LOG_NOTICE, "Key configured for PSK identity \"%s\"", identity); - c->flag.psk=1; + c->flag.psk_found=1; return found->key_len; } @@ -841,6 +874,21 @@ sslerror("SSL_CTX_use_PrivateKey"); return 1; /* FAILED */ } +#if OPENSSL_VERSION_NUMBER>=0x10002000L + if(!SSL_CTX_set0_chain(section->ctx, ca)) { + sslerror("SSL_CTX_set0_chain"); + return 1; /* FAILED */ + } +#else /* OPENSSL_VERSION_NUMBER>=0x10002000L */ + /* FIXME: implement for OpenSSL older than 1.0.2 */ +#if 0 + /* struct cert_st is private, so the following code won't build */ + if(section->ctx->cert->key->chain) + sk_X509_pop_free(section->ctx->cert->key->chain, X509_free); + section->ctx->cert->key->chain=ca; +#endif + sk_X509_pop_free(ca, X509_free); /* just free the memory */ +#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ s_log(LOG_INFO, "Certificate and private key loaded from file: %s", section->cert); return 0; /* OK */ @@ -1359,7 +1407,7 @@ old=c->opt->connect_sessionc->idx; c->opt->connect_sessionc->idx=sess; } else { - s_log(LOG_ERR, "INTERNAL ERROR: Uninitialized client session cache"); + s_log(LOG_ERR, "INTERNAL ERROR: Uninitialized client session cache (save)"); old=NULL; } }
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/dhparam.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/dhparam.c
Changed
@@ -4,28 +4,28 @@ #define DN_new DH_new DH *get_dh2048(void) { static unsigned char dhp_2048 = { - 0x9f, 0x7e, 0x7a, 0xda, 0x97, 0xce, 0x22, 0xe2, 0x35, 0x68, 0xc9, 0xe9, - 0xc8, 0xe7, 0x19, 0x11, 0x02, 0xbe, 0x30, 0x88, 0x48, 0x89, 0xf1, 0x7d, - 0x0b, 0xcc, 0xc7, 0x38, 0x58, 0x16, 0xb3, 0xca, 0xd3, 0xd0, 0x45, 0xd4, - 0x36, 0x50, 0x25, 0xb3, 0x7e, 0xf8, 0x24, 0x29, 0x7c, 0x4a, 0xbc, 0xee, - 0xe5, 0x1d, 0x2f, 0xef, 0xf3, 0x07, 0xd1, 0x2a, 0x3f, 0xec, 0x31, 0x91, - 0xb2, 0x80, 0xda, 0x96, 0x59, 0x7d, 0xe6, 0x7d, 0x4d, 0x38, 0x40, 0x4a, - 0x00, 0x50, 0x64, 0x96, 0x47, 0x90, 0x4c, 0xc8, 0xe1, 0x3c, 0x1f, 0xda, - 0xb4, 0x89, 0x56, 0x99, 0x1d, 0xff, 0x82, 0xc5, 0x1f, 0x41, 0xfd, 0x1f, - 0xb3, 0xf1, 0x4f, 0xb0, 0x8c, 0xde, 0xda, 0xee, 0xba, 0x3b, 0x25, 0x32, - 0x7a, 0x04, 0x26, 0x7a, 0x44, 0xf2, 0x46, 0xd9, 0xb7, 0x28, 0xa3, 0xdc, - 0xe9, 0x50, 0x00, 0xe7, 0x92, 0x94, 0x5a, 0xe1, 0x4e, 0xc6, 0xc8, 0x82, - 0x42, 0xe2, 0xf1, 0x21, 0x8f, 0xcf, 0xcc, 0x56, 0xff, 0xba, 0x8c, 0xc3, - 0xc8, 0xd8, 0xfe, 0x09, 0x63, 0x2f, 0x33, 0x8f, 0x95, 0xf8, 0x5b, 0x44, - 0xfb, 0xdd, 0x81, 0x67, 0x02, 0x9d, 0xe3, 0x47, 0xf4, 0x93, 0x3d, 0xe5, - 0x34, 0x09, 0xa5, 0x77, 0x2e, 0x92, 0x0f, 0x97, 0x83, 0x71, 0xff, 0xa7, - 0x51, 0x95, 0x4e, 0x4f, 0x28, 0xcf, 0x47, 0x45, 0xe0, 0xe8, 0x3d, 0x7a, - 0x9c, 0xdf, 0x50, 0x2d, 0x91, 0x64, 0x8c, 0xba, 0x5e, 0x1a, 0x11, 0xa2, - 0xd8, 0x26, 0x67, 0x78, 0x61, 0xa1, 0x44, 0x2a, 0xfb, 0xcb, 0xfa, 0x6f, - 0x4f, 0x01, 0x80, 0x5e, 0x00, 0x45, 0x0d, 0x50, 0x1e, 0xaf, 0xd9, 0xf4, - 0x9c, 0x92, 0x1d, 0x6e, 0x64, 0xd3, 0x4d, 0xbd, 0xd3, 0x15, 0xaf, 0x64, - 0x3c, 0x00, 0xf1, 0x89, 0x8f, 0xa5, 0x13, 0xa7, 0x06, 0x92, 0x05, 0xdd, - 0x10, 0x92, 0x61, 0xc7 + 0xeb, 0x81, 0x74, 0xe2, 0x58, 0x37, 0x8a, 0x6d, 0x69, 0x9a, 0xcf, 0x9c, + 0xae, 0xd5, 0xc0, 0x80, 0xf9, 0x1b, 0xf8, 0x6e, 0xbf, 0x2f, 0x41, 0x0c, + 0xba, 0x30, 0x29, 0x60, 0x8f, 0x2c, 0xa8, 0x6a, 0x09, 0xb3, 0xd3, 0x65, + 0xba, 0x65, 0x78, 0xf8, 0x78, 0x30, 0x00, 0xa2, 0xc9, 0xff, 0x92, 0x37, + 0xbb, 0x31, 0x3a, 0x18, 0xd3, 0x8d, 0xf7, 0x54, 0xc0, 0x96, 0xfb, 0xd7, + 0x38, 0xb3, 0x5e, 0xe1, 0xdf, 0x2b, 0xca, 0xbf, 0xa5, 0xce, 0x5d, 0x64, + 0xb4, 0xaa, 0xf0, 0x5a, 0x95, 0xdb, 0xc6, 0x27, 0x28, 0x72, 0xcc, 0x3e, + 0xaf, 0x37, 0xb8, 0x43, 0x07, 0x5b, 0xf8, 0x11, 0x07, 0xb0, 0xd1, 0xb3, + 0x83, 0x69, 0x89, 0x35, 0xa3, 0xb0, 0x04, 0xf4, 0x20, 0x55, 0x7f, 0xd4, + 0xb3, 0xac, 0x5e, 0x91, 0x1d, 0x18, 0x44, 0x83, 0x0b, 0xef, 0x1a, 0xa5, + 0x8c, 0xf9, 0x5a, 0xd3, 0x58, 0x09, 0x4b, 0x07, 0x18, 0x85, 0x6f, 0x32, + 0xe8, 0xc9, 0x2c, 0xa9, 0x99, 0x91, 0xb4, 0x3b, 0x84, 0x2e, 0xb9, 0x27, + 0xd7, 0xe9, 0x3f, 0xe2, 0xa6, 0xb4, 0xfc, 0x9b, 0x1b, 0x07, 0xa9, 0x2f, + 0xc3, 0xc9, 0x4b, 0xc4, 0x77, 0x46, 0x55, 0x75, 0x45, 0x4e, 0xd1, 0x73, + 0xb8, 0x9b, 0x15, 0xd4, 0xb6, 0x49, 0x98, 0x1a, 0x0d, 0xd8, 0x1f, 0x6a, + 0xea, 0x3f, 0xe4, 0x63, 0x01, 0x85, 0x53, 0x40, 0xb1, 0xad, 0xe0, 0x1b, + 0x29, 0x1f, 0x5f, 0xe4, 0x0b, 0x41, 0x7f, 0x9a, 0x5c, 0x8e, 0xa5, 0x6d, + 0xc8, 0xc4, 0xd3, 0x58, 0x81, 0x06, 0x2d, 0x35, 0xac, 0x5e, 0xc4, 0xd9, + 0x65, 0x4b, 0xe7, 0x6b, 0x9d, 0x89, 0x48, 0x6b, 0x04, 0x5f, 0x98, 0xca, + 0xf2, 0x82, 0xc5, 0xdb, 0x38, 0xa3, 0x89, 0x46, 0x7f, 0x08, 0x41, 0x21, + 0xd2, 0x48, 0x03, 0xea, 0x07, 0xb5, 0x1e, 0x9a, 0xf8, 0xca, 0x85, 0xa9, + 0x90, 0xbd, 0x10, 0x7f }; static unsigned char dhg_2048 = { 0x02 @@ -47,4 +47,4 @@ return dh; } #endif /* OPENSSL_NO_DH */ -/* built for stunnel 5.69 */ +/* built for stunnel 5.72 */
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/env.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/env.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/evc.mak -> _service:tar_scm:stunnel-5.72.tar.gz/src/evc.mak
Changed
@@ -1,4 +1,4 @@ -# wce.mak for stunnel.exe by Michal Trojnara 1998-2023 +# wce.mak for stunnel.exe by Michal Trojnara 1998-2024 # with help of Pierre Delaage <delaage.pierre@free.fr> # pdelaage 20140610 : added UNICODE optional FLAG, always ACTIVE on WCE because of poor ANSI support # pdelaage 20140610 : added _WIN32_WCE flag for RC compilation, to preprocess out "HELP" unsupported menu flag on WCE @@ -116,7 +116,7 @@ $(OBJ)\file.obj $(OBJ)\client.obj $(OBJ)\protocol.obj $(OBJ)\sthreads.obj \ $(OBJ)\log.obj $(OBJ)\options.obj $(OBJ)\network.obj $(OBJ)\resolver.obj \ $(OBJ)\str.obj $(OBJ)\tls.obj $(OBJ)\fd.obj $(OBJ)\dhparam.obj \ - $(OBJ)\cron.obj + $(OBJ)\ocsp.obj $(OBJ)\cron.obj GUIOBJS=$(OBJ)\ui_win_gui.obj $(OBJ)\resources.res CLIOBJS=$(OBJ)\ui_win_cli.obj
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/fd.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/fd.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/file.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/file.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/libwrap.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/libwrap.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/log.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/log.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -198,11 +198,7 @@ len=vsnprintf(NULL, 0, format, ap); if(len>1024) len=1024; -#ifdef USE_WIN32 - text=_alloca((size_t)len+1); -#else text=alloca((size_t)len+1); -#endif len=vsnprintf(text, (size_t)len+1, format, aq); va_end(aq); while(len>0 && textlen-1=='\n') @@ -288,11 +284,7 @@ switch(log_mode) { case LOG_MODE_CONFIGURED: size=strlen(stamp)+strlen(id)+strlen(text)+4; -#ifdef USE_WIN32 - line=_alloca(size); -#else line=alloca(size); -#endif snprintf(line, size, "%s %s: %s", stamp, id, text); if(level<=opt->log_level) { #if !defined(USE_WIN32) && !defined(__vms) @@ -310,11 +302,7 @@ case LOG_MODE_ERROR: /* don't log the id or the time stamp */ size=strlen(text)+5; -#ifdef USE_WIN32 - line=_alloca(size); -#else line=alloca(size); -#endif if(level>=0 && level<=7) /* just in case */ snprintf(line, size, "%c %s", "***!:. "level, text); else
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/mingw.mak -> _service:tar_scm:stunnel-5.72.tar.gz/src/mingw.mak
Changed
@@ -1,4 +1,4 @@ -# Simple Makefile.w32 for stunnel.exe by Michal Trojnara 1998-2023 +# Simple Makefile.w32 for stunnel.exe by Michal Trojnara 1998-2024 # # Modified by Brian Hatch (bri@stunnel.org) # 20101030 pdelaage: @@ -73,13 +73,13 @@ $(OBJ)/file.o $(OBJ)/client.o $(OBJ)/protocol.o $(OBJ)/sthreads.o \ $(OBJ)/log.o $(OBJ)/options.o $(OBJ)/network.o $(OBJ)/resolver.o \ $(OBJ)/ui_win_gui.o $(OBJ)/resources.o $(OBJ)/str.o $(OBJ)/tls.o \ - $(OBJ)/fd.o $(OBJ)/dhparam.o $(OBJ)/cron.o + $(OBJ)/fd.o $(OBJ)/dhparam.o $(OBJ)/ocsp.o $(OBJ)/cron.o TOBJS=$(OBJ)/stunnel.o $(OBJ)/ssl.o $(OBJ)/ctx.o $(OBJ)/verify.o \ $(OBJ)/file.o $(OBJ)/client.o $(OBJ)/protocol.o $(OBJ)/sthreads.o \ $(OBJ)/log.o $(OBJ)/options.o $(OBJ)/network.o $(OBJ)/resolver.o \ $(OBJ)/ui_win_cli.o $(OBJ)/str.o $(OBJ)/tls.o \ - $(OBJ)/fd.o $(OBJ)/dhparam.o $(OBJ)/cron.o + $(OBJ)/fd.o $(OBJ)/dhparam.o $(OBJ)/ocsp.o $(OBJ)/cron.o CC=gcc RC=windres
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/mingw.mk -> _service:tar_scm:stunnel-5.72.tar.gz/src/mingw.mk
Changed
@@ -1,5 +1,5 @@ ## mingw/mingw64 Makefile -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 # 32-bit Windows #win32_arch=win32 @@ -20,7 +20,7 @@ win32_cppflags = -I$(win32_ssl_dir)/include win32_cflags = -g -mthreads -O2 win32_cflags += -fstack-protector -win32_cflags += -Wall -Wextra -Wpedantic -Wconversion -Wno-long-long -ansi +win32_cflags += -Wall -Wextra -Wpedantic -Wconversion -std=c99 win32_cflags += -D_FORTIFY_SOURCE=2 -DUNICODE -D_UNICODE win32_ldflags = -g -mthreads -pipe win32_ldflags += -fstack-protector @@ -50,7 +50,7 @@ common_headers = common.h prototypes.h version.h win32_common = tls str file client log options protocol network resolver -win32_common += ssl ctx verify sthreads fd dhparam cron stunnel +win32_common += ssl ctx verify ocsp sthreads fd dhparam cron stunnel win32_gui = ui_win_gui resources win32_cli = ui_win_cli win32_common_objs = $(addsuffix .o, $(addprefix $(objdir)/, $(win32_common)))
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/network.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/network.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -597,7 +597,7 @@ /**************************************** simulate blocking I/O */ -int s_connect(CLI *c, SOCKADDR_UNION *addr, socklen_t addrlen) { +int s_connect(CLI *c, SOCKADDR_UNION *addr, socklen_t addrlen, int timeout) { int error; char *dst; @@ -618,11 +618,11 @@ } s_log(LOG_DEBUG, "s_connect: s_poll_wait %s: waiting %d seconds", - dst, c->opt->timeout_connect); + dst, timeout); s_poll_init(c->fds, 0); s_poll_add(c->fds, c->fd, 1, 1); s_poll_dump(c->fds, LOG_DEBUG); - switch(s_poll_wait(c->fds, c->opt->timeout_connect, 0)) { + switch(s_poll_wait(c->fds, timeout, 0)) { case -1: error=get_last_socket_error(); s_log(LOG_ERR, "s_connect: s_poll_wait %s: %s (%d)", @@ -679,22 +679,13 @@ } num=writesocket(fd, (const void *)ptr, len); - if(num==-1) { /* error */ - int error=get_last_socket_error(); - if(error==S_EINPROGRESS) { - s_log(LOG_DEBUG, "s_write: EINPROGRESS: Retrying"); - continue; /* retry */ - } - if(error==S_EWOULDBLOCK) { - s_log(LOG_DEBUG, "s_write: EWOULDBLOCK: Retrying"); - continue; /* retry */ - } - s_log(LOG_ERR, "s_write: writesocket: %s (%d)", - s_strerror(error), error); - throw_exception(c, 1); + if(num>=0) { + ptr+=(size_t)num; + len-=(size_t)num; + } else { /* error */ + if(!socket_needs_retry(c, "s_write: writesocket")) + throw_exception(c, 1); } - ptr+=(size_t)num; - len-=(size_t)num; } } @@ -724,26 +715,16 @@ } num=readsocket(fd, (char *)ptr+total, len); - if(num==-1) { /* error */ - int error=get_last_socket_error(); - if(error==S_EINPROGRESS) { - s_log(LOG_DEBUG, "s_read_eof: EINPROGRESS: Retrying"); - continue; /* retry */ - } - if(error==S_EWOULDBLOCK) { - s_log(LOG_DEBUG, "s_ssl_eof: EWOULDBLOCK: Retrying"); - continue; /* retry */ - } - s_log(LOG_ERR, "s_read_eof: readsocket: %s (%d)", - s_strerror(error), error); - throw_exception(c, 1); - } - if(num==0) { /* EOF */ + if(num>0) { + total+=(size_t)num; + len-=(size_t)num; + } else if(num==0) { /* EOF */ s_log(LOG_DEBUG, "s_read_eof: EOF"); - break; + break; /* EOF */ + } else { /* error */ + if(!socket_needs_retry(c, "s_read_eof: readsocket")) + break; /* EOF */ } - total+=(size_t)num; - len-=(size_t)num; } return total; } @@ -751,8 +732,10 @@ void s_read(CLI *c, SOCKET fd, void *ptr, size_t len) { /* simulate a blocking read */ /* throw an exception on EOF */ - if(s_read_eof(c, fd, ptr, len)!=len) { - s_log(LOG_ERR, "s_read: Unexpected socket close"); + size_t received=s_read_eof(c, fd, ptr, len); + if(received!=len) { + s_log(LOG_ERR, "s_read: Received %llu out of requested %llu byte(s)", + (unsigned long long)received, (unsigned long long)len); throw_exception(c, 1); } } @@ -848,18 +831,11 @@ sslerror("s_ssl_write: SSL_write"); throw_exception(c, 1); } else if(err==SSL_ERROR_SYSCALL) { - int error=get_last_socket_error(); - if(error==S_EINPROGRESS) { - s_log(LOG_DEBUG, "s_ssl_write: EINPROGRESS: Retrying"); - continue; /* retry */ + if(!socket_needs_retry(c, "s_ssl_write: SSL_write")) { + SSL_set_shutdown(c->ssl, + SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + break; /* EOF */ } - if(error==S_EWOULDBLOCK) { - s_log(LOG_DEBUG, "s_ssl_write: EWOULDBLOCK: Retrying"); - continue; /* retry */ - } - s_log(LOG_ERR, "s_ssl_write: SSL_write: %s (%d)", - s_strerror(error), error); - throw_exception(c, 1); } else { s_log(LOG_ERR, "s_ssl_write: Unhandled error %d", err); throw_exception(c, 1); @@ -905,21 +881,26 @@ } else if(err==SSL_ERROR_WANT_READ) { s_log(LOG_DEBUG, "s_ssl_read_eof: SSL_ERROR_WANT_READ: Retrying"); } else if(err==SSL_ERROR_SSL) { +#ifdef SSL_R_UNEXPECTED_EOF_WHILE_READING + /* OpenSSL 3.0 changed the method of reporting socket EOF */ + if(ERR_GET_REASON(ERR_peek_error())== + SSL_R_UNEXPECTED_EOF_WHILE_READING) { + /* EOF -> buggy (e.g. Microsoft) peer: + * TLS socket closed without close_notify alert */ + s_log(LOG_DEBUG, "s_ssl_read_eof: TLS socket closed"); + SSL_set_shutdown(c->ssl, + SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + break; /* EOF */ + } +#endif /* SSL_R_UNEXPECTED_EOF_WHILE_READING */ sslerror("s_ssl_read_eof: SSL_read"); throw_exception(c, 1); } else if(err==SSL_ERROR_SYSCALL) { - int error=get_last_socket_error(); - if(error==S_EINPROGRESS) { - s_log(LOG_DEBUG, "s_ssl_read_eof: EINPROGRESS: Retrying"); - continue; /* retry */ - } - if(error==S_EWOULDBLOCK) { - s_log(LOG_DEBUG, "s_ssl_read_eof: EWOULDBLOCK: Retrying"); - continue; /* retry */ + if(!socket_needs_retry(c, "s_ssl_read_eof: SSL_read")) { + SSL_set_shutdown(c->ssl, + SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + break; /* EOF */ } - s_log(LOG_ERR, "s_ssl_read_eof: SSL_read: %s (%d)", - s_strerror(error), error); - throw_exception(c, 1); } else { s_log(LOG_ERR, "s_ssl_read_oef: Unhandled error %d", err); throw_exception(c, 1); @@ -931,8 +912,10 @@ void s_ssl_read(CLI *c, void *ptr, int len) { /* simulate a blocking SSL_read */ /* throw an exception on EOF */ - if(s_ssl_read_eof(c, ptr, len)!=(size_t)len) { - s_log(LOG_ERR, "s_ssl_read: Unexpected socket close"); + size_t received=s_ssl_read_eof(c, ptr, len); + if(received!=(size_t)len) { + s_log(LOG_ERR, "s_ssl_read: Received %llu out of requested %d byte(s)", + (unsigned long long)received, len); throw_exception(c, 1); } } @@ -1108,4 +1091,46 @@ return -1; /* failed */ } + /* returns 0 on close and 1 on non-critical errors */ +int socket_needs_retry(CLI *c, const char *text) { + switch(get_last_socket_error()) { + /* http://tangentsoft.net/wskfaq/articles/bsd-compatibility.html */ + case 0: /* close on read, or close on write on WIN32 */ + /* fall through */ +#ifndef USE_WIN32 + case EPIPE: /* close on write on Unix */ + /* fall through */ +#endif + case S_ECONNABORTED: + s_log(LOG_INFO, "%s: Socket is closed", text); + return 0; + case S_EINTR: + s_log(LOG_DEBUG, "%s: Interrupted by a signal: retrying", text); + return 1; + case S_EWOULDBLOCK: + s_log(LOG_NOTICE, "%s: Would block: retrying", text); + s_poll_sleep(1, 0); /* Microsoft bug KB177346 */ + return 1; +#if S_EAGAIN!=S_EWOULDBLOCK + case S_EAGAIN: + s_log(LOG_DEBUG, + "%s: Temporary lack of resources: retrying", text); + return 1; +#endif +#ifdef USE_WIN32 + case S_ECONNRESET: + /* dying "exec" processes on Win32 cause reset instead of close */ + if(c->opt->exec_name) { + s_log(LOG_INFO, "%s: Socket is closed (exec)", text); + return 0; + } +#endif + /* fall through */ + default: + sockerror(text); + throw_exception(c, 1); + return -1; /* some C compilers require a return value */ + } +} + /* end of network.c */
View file
_service:tar_scm:stunnel-5.72.tar.gz/src/ocsp.c
Added
@@ -0,0 +1,913 @@ +/* + * stunnel TLS offloading and load-balancing proxy + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see <http://www.gnu.org/licenses>. + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "prototypes.h" + +#ifndef OPENSSL_NO_OCSP + +#define INVALID_TIME ((time_t)-1) +#ifdef DEFINE_STACK_OF +/* defined in openssl/safestack.h: + * DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char) */ +#else /* DEFINE_STACK_OF */ +#ifndef sk_OPENSSL_STRING_num +#define sk_OPENSSL_STRING_num(st) sk_num(st) +#endif /* sk_OPENSSL_STRING_num */ +#ifndef sk_OPENSSL_STRING_value +#define sk_OPENSSL_STRING_value(st, i) sk_value((st),(i)) +#endif /* sk_OPENSSL_STRING_value */ +#endif /* DEFINE_STACK_OF */ + +typedef struct { + /* OCSP request and validation parameters */ + int depth; + int nonce; + int aia; + long leeway; + unsigned long flags; + char *url; + STACK_OF(X509) *chain_to_verify; + X509 *root_ca; + OCSP_CERTID *cert_id; + + /* OCSP validation results */ + int requested; + int callback_ctx_error; + + /* OCSP single request and result */ + OCSP_REQUEST *request; + OCSP_RESPONSE *response; + ASN1_GENERALIZEDTIME *revoked_at, *this_update, *next_update; +} OCSP_PARAMS; + +/**************************************** OCSP stapling callbacks */ + +NOEXPORT int ocsp_client_cb(SSL *, void *); +#if OPENSSL_VERSION_NUMBER>=0x10002000L +NOEXPORT int ocsp_server_cb(SSL *, void *); +#endif /* OpenSSL version 1.0.2 or later */ + +/**************************************** OCSP utility functions */ + +NOEXPORT void ocsp_params_free(OCSP_PARAMS *); +NOEXPORT void ocsp_params_cleanup(OCSP_PARAMS *); +NOEXPORT int ocsp_verify(CLI *, OCSP_PARAMS *); +NOEXPORT int check_aia(CLI *, OCSP_PARAMS *); +NOEXPORT int ocsp_request(CLI *, OCSP_PARAMS *); +NOEXPORT int ocsp_get_response(CLI *, OCSP_PARAMS *); +NOEXPORT int ocsp_response_validate(CLI *, OCSP_PARAMS *); +NOEXPORT void ocsp_params_setup_cert_id(OCSP_PARAMS *); +NOEXPORT int ocsp_params_append_root_ca(CLI *, OCSP_PARAMS *); +NOEXPORT void log_time(const int, const char *, ASN1_GENERALIZEDTIME *); +#if OPENSSL_VERSION_NUMBER>=0x10101000L +NOEXPORT time_t time_t_get_asn1_time(const ASN1_TIME *); +#endif /* OpenSSL version 1.1.1 or later */ + +/**************************************** OCSP initialization */ + +int ocsp_init(SERVICE_OPTIONS *section) { + section->ocsp_response_lock=CRYPTO_THREAD_lock_new(); + if(section->option.client) { + if(!SSL_CTX_set_tlsext_status_cb(section->ctx, ocsp_client_cb)) { + sslerror("OCSP: SSL_CTX_set_tlsext_status_cb"); + return 1; /* FAILED */ + } + s_log(LOG_DEBUG, "OCSP: Client OCSP stapling enabled"); + } else { +#if OPENSSL_VERSION_NUMBER>=0x10002000L +#if !defined(OPENSSL_NO_PSK) + if(!section->psk_keys) { +#endif /* !defined(OPENSSL_NO_PSK) */ + if(SSL_CTX_set_tlsext_status_cb(section->ctx, ocsp_server_cb)==TLSEXT_STATUSTYPE_ocsp) + s_log(LOG_DEBUG, "OCSP: Server OCSP stapling enabled"); +#if !defined(OPENSSL_NO_PSK) + } else { + s_log(LOG_NOTICE, "OCSP: Server OCSP stapling is incompatible with PSK"); + } +#endif /* !defined(OPENSSL_NO_PSK) */ +#else /* OpenSSL version 1.0.2 or later */ + s_log(LOG_NOTICE, "OCSP: Server OCSP stapling not supported"); +#endif /* OpenSSL version 1.0.2 or later */ + } + + return 0; /* OK */ +} + +/* free all of the OCSP_PARAMS values */ +NOEXPORT void ocsp_params_free(OCSP_PARAMS *params) { + ocsp_params_cleanup(params); + if(params->chain_to_verify) { + sk_X509_free(params->chain_to_verify); + params->chain_to_verify=NULL; + } + if(params->root_ca) { + X509_free(params->root_ca); + params->root_ca=NULL; + } + if(params->cert_id) { + OCSP_CERTID_free(params->cert_id); + params->cert_id=NULL; + } +} + +/* free the OCSP_PARAMS values required to reuse it for a next request */ +NOEXPORT void ocsp_params_cleanup(OCSP_PARAMS *params) { + if(params->response) { + OCSP_RESPONSE_free(params->response); + params->response=NULL; + } + if(params->request) { + OCSP_REQUEST_free(params->request); + params->request=NULL; + } + params->revoked_at=NULL; + params->this_update=NULL; + params->next_update=NULL; +} + +/**************************************** OCSP cleanup */ + +void ocsp_cleanup(SERVICE_OPTIONS *section) { + if(section->ocsp_response_len) { + OPENSSL_free(section->ocsp_response_der); + section->ocsp_response_len=0; + } + if(section->ocsp_response_lock) + CRYPTO_THREAD_lock_free(section->ocsp_response_lock); +} + +/**************************************** OCSP verify.c callback */ + +int ocsp_check(CLI *c, X509_STORE_CTX *callback_ctx) { + OCSP_PARAMS params; + int ret=0; /* failed */ + + /* initial checks */ + if(!c->opt->option.verify_chain) { + s_log(LOG_INFO, "OCSP: Certificate chain verification disabled"); + return 1; /* accept */ + } + if(c->opt->option.client && + !X509_STORE_CTX_get_error_depth(callback_ctx) && + !c->opt->stapling_cb_flag) { + /* for client peer certificate verification, + * tlsext_status_ocsp_resp is needed for oscp_verify_ssl() */ + c->opt->verify_cb_flag=1; + /* ocsp_verify() will be invoked from ocsp_client_cb() */ + s_log(LOG_DEBUG, "OCSP: Waiting for OCSP stapling response"); + return 1; /* accept */ + } + + /* initialize the OCSP_PARAMS structure */ + memset(¶ms, 0, sizeof(OCSP_PARAMS)); + params.depth=X509_STORE_CTX_get_error_depth(callback_ctx); + params.nonce=c->opt->option.nonce; + params.aia=c->opt->option.aia; + params.leeway=60; /* allow for one minute leeway */ + params.flags=c->opt->ocsp_flags; + params.url=c->opt->ocsp_url; + params.callback_ctx_error=X509_V_ERR_APPLICATION_VERIFICATION; + + /* get the client certificate chain */ + params.chain_to_verify=sk_X509_dup(X509_STORE_CTX_get0_chain(callback_ctx)); + if(!params.chain_to_verify) { + s_log(LOG_ERR, "OCSP: sk_X509_dup"); + goto cleanup; + } + ocsp_params_append_root_ca(c, ¶ms); /* ignore failures */ + + ret=ocsp_verify(c, ¶ms); + +cleanup: + if(!ret) + X509_STORE_CTX_set_error(callback_ctx, params.callback_ctx_error); + ocsp_params_free(¶ms); + return ret; +} + +/**************************************** OCSP stapling client callback */ + +/* + * Returns 0 if the response is not acceptable (the handshake will fail) + * or 1 if it is acceptable. + */ +NOEXPORT int ocsp_client_cb(SSL *ssl, void *arg) { + CLI *c; + OCSP_PARAMS params; + int ret=0; /* failed */ + + (void)arg; /* squash the unused parameter warning */ + s_log(LOG_DEBUG, "OCSP stapling: Client callback called"); + + c=SSL_get_ex_data(ssl, index_ssl_cli); + + /* initial checks */ + if(!c->opt->option.verify_chain) { + s_log(LOG_INFO, "OCSP: Certificate chain verification disabled"); + return 1; /* accept */ + } + if(SSL_session_reused(ssl)) { + s_log(LOG_DEBUG, "OCSP: Skipped OCSP stapling (previous session reused)"); + return 1; /* accept: there is nothing we can do at session resumption */ + } + if(!c->opt->option.client) { /* just in case */ + s_log(LOG_DEBUG, "OCSP: Client callback ignored on a server"); + return 1; /* accept */ + } + if(!c->opt->verify_cb_flag) { + /* for client peer certificate verification, + * peer certificates are needed for oscp_verify_ssl() */ + c->opt->stapling_cb_flag=1; + /* ocsp_verify() will be invoked from ocsp_check() */ + s_log(LOG_DEBUG, "OCSP: Waiting for OCSP peer certificates"); + return 1; /* accept */ + } + + /* initialize the OCSP_PARAMS structure */ + memset(¶ms, 0, sizeof(OCSP_PARAMS)); + params.depth=0; /* peer (leaf) certificate */ + params.nonce=c->opt->option.nonce; + params.aia=c->opt->option.aia; + params.leeway=60; /* allow for one minute leeway */ + params.flags=c->opt->ocsp_flags; + params.url=c->opt->ocsp_url; + + /* get the client certificate chain */ + params.chain_to_verify=sk_X509_dup(SSL_get_peer_cert_chain(ssl)); + if(!params.chain_to_verify) { + s_log(LOG_ERR, "OCSP: sk_X509_dup"); + goto cleanup; + } + ocsp_params_append_root_ca(c, ¶ms); /* ignore failures */ + + ret=ocsp_verify(c, ¶ms); + +cleanup: + ocsp_params_free(¶ms); + return ret; +} + +/**************************************** OCSP stapling server callback */ + +#if OPENSSL_VERSION_NUMBER>=0x10002000L +/* + * This is called when a client includes a certificate status request extension. + * The response is either obtained from a cache, or from an OCSP responder. + * Returns one of: + * SSL_TLSEXT_ERR_OK - the OCSP response that has been set should be returned + * SSL_TLSEXT_ERR_NOACK - the OCSP response should not be returned + * SSL_TLSEXT_ERR_ALERT_FATAL - a fatal error has occurred + */ +NOEXPORT int ocsp_server_cb(SSL *ssl, void *arg) { + CLI *c; + OCSP_PARAMS params; + X509 *cert; + STACK_OF(X509) *chain=NULL; + unsigned char *response_der=NULL; + const unsigned char *response_tmp; + int response_len=0, ret=SSL_TLSEXT_ERR_ALERT_FATAL; + int ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; + + (void)arg; /* squash the unused parameter warning */ + s_log(LOG_DEBUG, "OCSP stapling: Server callback called"); + + c=SSL_get_ex_data(ssl, index_ssl_cli); + + /* initialize the OCSP_PARAMS structure */ + memset(¶ms, 0, sizeof(OCSP_PARAMS)); + params.depth=0; /* peer (leaf) certificate */ + params.nonce=0; /* disable nonce */ + params.aia=1; /* enable AIA */ + params.leeway=30; /* allow for 30 second leeway */ + /* OCSP_basic_verify() returns success if the signer certificate + * was found in a set of untrusted intermediate certificates */ + params.flags=OCSP_TRUSTOTHER; + params.url=NULL; /* to be set in check_aia() */ + + /* get the server certificate chain */ + cert=SSL_get_certificate(ssl); + if(!cert) { + s_log(LOG_ERR, "OCSP: SSL_get_certificate"); + goto cleanup; + } + if(!SSL_CTX_get0_chain_certs(c->opt->ctx, &chain)) { + s_log(LOG_ERR, "OCSP: SSL_CTX_get0_chain_certs"); + goto cleanup; + } + if(chain) { + params.chain_to_verify=sk_X509_dup(chain); + if(!params.chain_to_verify) { + s_log(LOG_ERR, "OCSP: sk_X509_dup"); + goto cleanup; + } + } else { + params.chain_to_verify=sk_X509_new_null(); + if(!params.chain_to_verify) { + s_log(LOG_ERR, "OCSP: sk_X509_new_null"); + goto cleanup; + } + } + /* insert the server certificate into the chain */ + if (!sk_X509_unshift(params.chain_to_verify, cert)) { + s_log(LOG_ERR, "OCSP: sk_X509_unshift"); + goto cleanup; + } + ocsp_params_append_root_ca(c, ¶ms); /* ignore failures */ + + /* retrieve the cached response */ + CRYPTO_THREAD_read_lock(c->opt->ocsp_response_lock); + if(c->opt->ocsp_response_len) { + response_len=c->opt->ocsp_response_len; + response_der=OPENSSL_malloc((size_t)response_len); + memcpy(response_der, c->opt->ocsp_response_der, (size_t)response_len); + } + CRYPTO_THREAD_unlock(c->opt->ocsp_response_lock); + + if(response_len) { /* found a cached response */ + /* decode */ + response_tmp=response_der; + params.response=d2i_OCSP_RESPONSE(NULL, &response_tmp, response_len); + + /* validate */ + ocsp_status=ocsp_response_validate(c, ¶ms); + if(ocsp_status!=V_OCSP_CERTSTATUS_UNKNOWN) { + s_log(LOG_DEBUG, "OCSP: Use the cached OCSP response"); + goto success; + } + + /* cleanup */ + ERR_clear_error(); /* silence any cached errors */ + if(response_der) { + OPENSSL_free(response_der); + response_der=NULL; + } + response_len=0; + } + + /* try fetching response from the OCSP responder */ + ocsp_status=check_aia(c, ¶ms); + if(ocsp_status==V_OCSP_CERTSTATUS_UNKNOWN) { /* no useful response */ + s_log(LOG_INFO, "OCSP: No OCSP stapling response to send"); + ret=SSL_TLSEXT_ERR_NOACK; + goto cleanup; + } + + /* encode */ + response_len=i2d_OCSP_RESPONSE(params.response, &response_der); + + if(params.next_update) { + /* cache the newly fetched OCSP response */ + CRYPTO_THREAD_write_lock(c->opt->ocsp_response_lock); + if(c->opt->ocsp_response_len) + OPENSSL_free(c->opt->ocsp_response_der); + c->opt->ocsp_response_len=response_len; + c->opt->ocsp_response_der=OPENSSL_malloc((size_t)response_len); + memcpy(c->opt->ocsp_response_der, response_der, (size_t)response_len); + CRYPTO_THREAD_unlock(c->opt->ocsp_response_lock); + s_log(LOG_DEBUG, "OCSP: Response cached"); + } + +success: + SSL_set_tlsext_status_ocsp_resp(ssl, response_der, response_len); + s_log(LOG_DEBUG, "OCSP stapling: OCSP response sent back"); + ret=SSL_TLSEXT_ERR_OK; + +cleanup: + ocsp_params_free(¶ms); + return ret; +} +#endif /* OpenSSL version 1.0.2 or later */ + +/**************************************** OCSP utility functions */ + +/* + * Issue an OCSP client-driven request and the validate reponse. + * Returns the error code of X509_STORE_CTX. + * Returns 0 if the response is not acceptable (the handshake will fail) + * or 1 if it is acceptable. + */ +NOEXPORT int ocsp_verify(CLI *c, OCSP_PARAMS *params) { + int ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; + + /* ignoring the root certificate */ + if(params->depth==sk_X509_num(params->chain_to_verify)-1) { + s_log(LOG_DEBUG, "OCSP: Ignoring the root certificate"); + return 1; /* accept */ + } + + if(!params->depth) { /* peer (leaf) certificate */ + const unsigned char *resp_der; + long resp_der_len; + + if(c->opt->option.client) { /* no stapling on the server */ + /* process the stapling response if available */ + resp_der_len=SSL_get_tlsext_status_ocsp_resp(c->ssl, &resp_der); + if(resp_der_len>0 && resp_der) { + s_log(LOG_INFO, "OCSP: OCSP stapling response received"); + params->response=d2i_OCSP_RESPONSE(NULL, &resp_der, resp_der_len); + + /* validate */ + ocsp_status=ocsp_response_validate(c, params); + if(ocsp_status!=V_OCSP_CERTSTATUS_UNKNOWN) { + params->requested=1; + goto cleanup; + } + } else { + s_log(LOG_ERR, "OCSP: No OCSP stapling response received"); + } + } + + if(params->url) { /* a responder URL was configured */ + s_log(LOG_NOTICE, "OCSP: Connecting the configured responder \"%s\"", + params->url); + ocsp_status=ocsp_request(c, params); + if(ocsp_status!=V_OCSP_CERTSTATUS_UNKNOWN) + goto cleanup; + } + } + + /* client-driven checks (configured url, aia) */ + ocsp_status=check_aia(c, params); + +cleanup: + if(!params->requested) /* neither url or aia verification was needed */ + return 1; /* accept */ + switch(ocsp_status) { + case V_OCSP_CERTSTATUS_GOOD: + s_log(LOG_NOTICE, "OCSP: Accepted (good)"); + return 1; /* accept */ + case V_OCSP_CERTSTATUS_REVOKED: + s_log(LOG_ERR, "OCSP: Rejected (revoked)"); + return 0; /* reject */ + default: /* V_OCSP_CERTSTATUS_UNKNOWN */ + if(c->opt->option.ocsp_require) { + s_log(LOG_ERR, "OCSP: Rejected (OCSPrequire = yes)"); + return 0; /* reject */ + } else { + s_log(LOG_NOTICE, "OCSP: Accepted (OCSPrequire = no)"); + return 1; /* accept */ + } + } +} + +/* + * OCSP AIA checks + * Returns one of: + * - V_OCSP_CERTSTATUS_GOOD + * - V_OCSP_CERTSTATUS_REVOKED + * - V_OCSP_CERTSTATUS_UNKNOWN + */ +NOEXPORT int check_aia(CLI *c, OCSP_PARAMS *params) { + int ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; + STACK_OF(OPENSSL_STRING) *aia; + int i, num; + + if(!params->aia) + goto cleanup; + aia=X509_get1_ocsp(sk_X509_value(params->chain_to_verify, params->depth)); + if(!aia) { + s_log(LOG_INFO, "OCSP: No AIA responder URL"); + goto cleanup; + } + num=sk_OPENSSL_STRING_num(aia); + if(!num) { + s_log(LOG_INFO, "OCSP: Empty AIA responder URL list"); + goto cleanup; + } + for(i=0; i<num; i++) { + params->url=sk_OPENSSL_STRING_value(aia, i); + s_log(LOG_NOTICE, "OCSP: Connecting the AIA responder \"%s\"", params->url); + ocsp_status=ocsp_request(c, params); + if(ocsp_status!=V_OCSP_CERTSTATUS_UNKNOWN) + break; /* we received a definitive response */ + } + X509_email_free(aia); + +cleanup: + return ocsp_status; +} + +/* + * OCSP request handling. + * Returns one of: + * - V_OCSP_CERTSTATUS_GOOD + * - V_OCSP_CERTSTATUS_REVOKED + * - V_OCSP_CERTSTATUS_UNKNOWN + */ +NOEXPORT int ocsp_request(CLI *c, OCSP_PARAMS *params) { + int ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; + + /* prepare params for reuse */ + ocsp_params_cleanup(params); + + /* build request */ + params->requested=1; + params->request=OCSP_REQUEST_new(); + if(!params->request) { + sslerror("OCSP: OCSP_REQUEST_new"); + goto cleanup; + } + ocsp_params_setup_cert_id(params); + if(!params->cert_id) + goto cleanup; + if(!OCSP_request_add0_id(params->request, + OCSP_CERTID_dup(params->cert_id))) { + sslerror("OCSP: OCSP_request_add0_id"); + goto cleanup; + } + if(params->nonce) { + OCSP_request_add1_nonce(params->request, NULL, -1); + } + + /* send the request and get a response */ + if(!ocsp_get_response(c, params)) { + goto cleanup; + } + + /* validate */ + ocsp_status=ocsp_response_validate(c, params); + if(ocsp_status==V_OCSP_CERTSTATUS_REVOKED) + params->callback_ctx_error=X509_V_ERR_CERT_REVOKED; + +cleanup: + return ocsp_status; +} + +/* + * Sends the OCSP request to the specified URL and retrieves the OCSP response. + * Returns 0 on error or 1 if response received. + */ +NOEXPORT int ocsp_get_response(CLI *c, OCSP_PARAMS *params) { + BIO *bio=NULL; + OCSP_REQ_CTX *req_ctx=NULL; + char *host=NULL, *port=NULL, *path=NULL; + SOCKADDR_UNION addr; + int ssl, ret=0; + + /* parse the OCSP URL */ + if(!OCSP_parse_url(params->url, &host, &port, &path, &ssl)) { + s_log(LOG_ERR, "OCSP: Failed to parse the OCSP URL"); + goto cleanup; + } + if(ssl) { + s_log(LOG_ERR, "OCSP: TLS not supported for OCSP" + " - an additional stunnel service needs to be defined"); + goto cleanup; + } + if(!hostport2addr(&addr, host, port, 0)) { + s_log(LOG_ERR, "OCSP: Failed to resolve the OCSP responder address"); + goto cleanup; + } + + /* connect specified OCSP responder */ + c->fd=s_socket(addr.sa.sa_family, SOCK_STREAM, 0, 1, "OCSP: socket"); + if(c->fd==INVALID_SOCKET) + goto cleanup; + if(s_connect(c, &addr, addr_len(&addr), c->opt->timeout_ocsp)) + goto cleanup; + bio=BIO_new_socket((int)c->fd, BIO_NOCLOSE); + if(!bio) { + sslerror("OCSP: BIO_new_socket"); + goto cleanup; + } + s_log(LOG_DEBUG, "OCSP: Connected %s:%s", host, port); + + /* initialize an HTTP request with the POST method */ +#if OPENSSL_VERSION_NUMBER>=0x10000000L + req_ctx=OCSP_sendreq_new(bio, path, NULL, -1); +#else /* OpenSSL version >= 1.0.0 */ + /* there is no way to send the Host header with older OpenSSL versions */ + req_ctx=OCSP_sendreq_new(bio, path, params->request, -1); +#endif /* OpenSSL version 1.0.0 or later */ + if(!req_ctx) { + sslerror("OCSP: OCSP_sendreq_new"); + goto cleanup; + } +#if OPENSSL_VERSION_NUMBER>=0x10000000L + /* add the HTTP headers */ + if(!OCSP_REQ_CTX_add1_header(req_ctx, "Host", host)) { + sslerror("OCSP: OCSP_REQ_CTX_add1_header"); + goto cleanup; + } + if(!OCSP_REQ_CTX_add1_header(req_ctx, "User-Agent", "stunnel")) { + sslerror("OCSP: OCSP_REQ_CTX_add1_header"); + goto cleanup; + } + /* add the remaining HTTP headers and the OCSP request body */ + if(!OCSP_REQ_CTX_set1_req(req_ctx, params->request)) { + sslerror("OCSP: OCSP_REQ_CTX_set1_req"); + goto cleanup; + } +#endif /* OpenSSL version 1.0.0 or later */ + + /* OCSP protocol communication loop */ + while(OCSP_sendreq_nbio(¶ms->response, req_ctx)==-1) { + s_poll_init(c->fds, 0); + s_poll_add(c->fds, c->fd, BIO_should_read(bio), BIO_should_write(bio)); + switch(s_poll_wait(c->fds, c->opt->timeout_busy, 0)) { + case -1: + sockerror("OCSP: s_poll_wait"); + goto cleanup; + case 0: + s_log(LOG_INFO, "OCSP: s_poll_wait: TIMEOUTbusy exceeded"); + goto cleanup; + } + } +#if 0 + s_log(LOG_DEBUG, "OCSP: context state: 0x%x", *(int *)req_ctx); +#endif + /* http://www.mail-archive.com/openssl-users@openssl.org/msg61691.html */ + if(params->response) { + s_log(LOG_DEBUG, "OCSP: Response received"); + ret=1; + } else { + if(ERR_peek_error()) + sslerror("OCSP: OCSP_sendreq_nbio"); + else /* OpenSSL error: OCSP_sendreq_nbio does not use OCSPerr */ + s_log(LOG_ERR, "OCSP: OCSP_sendreq_nbio: OpenSSL internal error"); + } + +cleanup: + if(req_ctx) + OCSP_REQ_CTX_free(req_ctx); + if(bio) + BIO_free_all(bio); + if(c->fd!=INVALID_SOCKET) { + closesocket(c->fd); + c->fd=INVALID_SOCKET; /* avoid double close on cleanup */ + } + if(host) + OPENSSL_free(host); + if(port) + OPENSSL_free(port); + if(path) + OPENSSL_free(path); + return ret; +} + +/* + * Validates the cached or fetched OCSP response. + * Returns one of: + * - V_OCSP_CERTSTATUS_GOOD + * - V_OCSP_CERTSTATUS_REVOKED + * - V_OCSP_CERTSTATUS_UNKNOWN + */ +NOEXPORT int ocsp_response_validate(CLI *c, OCSP_PARAMS *params) { + int response_status, reason; + OCSP_BASICRESP *basic_response=NULL; + int ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; + + s_log(LOG_DEBUG, "OCSP: Validate the OCSP response"); + if(!params->response) { + s_log(LOG_ERR, "OCSP: No OCSP response"); + goto cleanup; + } + response_status=OCSP_response_status(params->response); + if(response_status!=OCSP_RESPONSE_STATUS_SUCCESSFUL) { + s_log(LOG_ERR, "OCSP: OCSP responder error: %d: %s", + response_status, OCSP_response_status_str(response_status)); + goto cleanup; + } + basic_response=OCSP_response_get1_basic(params->response); + if(!basic_response) { + s_log(LOG_WARNING, "OCSP: OCSP_response_get1_basic"); + goto cleanup; + } + if(params->request && params->nonce && + OCSP_check_nonce(params->request, basic_response)<=0) { + s_log(LOG_ERR, "OCSP: Invalid or unsupported nonce"); + goto cleanup; + } + if(OCSP_basic_verify(basic_response, params->chain_to_verify, + SSL_CTX_get_cert_store(c->opt->ctx), params->flags)<=0) { + sslerror("OCSP: OCSP_basic_verify"); + goto cleanup; + } + ocsp_params_setup_cert_id(params); + if(!params->cert_id) + goto cleanup; + if(!OCSP_resp_find_status(basic_response, params->cert_id, &ocsp_status, &reason, + ¶ms->revoked_at, ¶ms->this_update, ¶ms->next_update)) { + s_log(LOG_WARNING, "OCSP: OCSP_resp_find_status"); + goto cleanup; + } + s_log(LOG_INFO, "OCSP: Status: %s", OCSP_cert_status_str(ocsp_status)); + log_time(LOG_INFO, "OCSP: This update", params->this_update); + if(params->next_update) + log_time(LOG_INFO, "OCSP: Next update", params->next_update); + if(!OCSP_check_validity(params->this_update, params->next_update, params->leeway, -1)) { + sslerror("OCSP: OCSP_check_validity"); + ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; /* override an invalid response */ + } + switch(ocsp_status) { + case V_OCSP_CERTSTATUS_GOOD: + s_log(LOG_NOTICE, "OCSP: Certificate accepted"); + break; + case V_OCSP_CERTSTATUS_REVOKED: + if(reason==-1) + s_log(LOG_ERR, "OCSP: Certificate revoked"); + else + s_log(LOG_ERR, "OCSP: Certificate revoked: %d: %s", + reason, OCSP_crl_reason_str(reason)); + log_time(LOG_NOTICE, "OCSP: Revoked at", params->revoked_at); + break; + case V_OCSP_CERTSTATUS_UNKNOWN: + s_log(LOG_WARNING, "OCSP: Unknown verification status"); + } + +cleanup: + if(basic_response) + OCSP_BASICRESP_free(basic_response); + return ocsp_status; +} + +/* + * Create an OCSP_CERTID object from params->chain_to_verify at params->depth. + */ +NOEXPORT void ocsp_params_setup_cert_id(OCSP_PARAMS *params) { + X509 *subject, *issuer=NULL; + int chain_len; + + if(params->cert_id) /* already set */ + return; /* nothing to do */ + chain_len=sk_X509_num(params->chain_to_verify); + if(params->depth<0 || params->depth>chain_len-1) { /* sanity check */ + s_log(LOG_ERR, "OCSP: INTERNAL ERROR: Invalid verification depth"); + return; + } + subject=sk_X509_value(params->chain_to_verify, params->depth); + issuer=params->depth==chain_len-1 ? subject /* root CA certificate */ : + sk_X509_value(params->chain_to_verify, params->depth+1); + /* if dgst is NULL then SHA1 is used */ + params->cert_id=OCSP_cert_to_id(NULL, subject, issuer); + if(!params->cert_id) + s_log(LOG_ERR, "OCSP: Can't create an OCSP_CERTID object"); +} + +#if OPENSSL_VERSION_NUMBER<0x10100000L +#define X509_OBJECT_new() str_alloc(sizeof(X509_OBJECT)) +#define X509_OBJECT_free(x) X509_OBJECT_free_contents(x); str_free(x) +#define X509_OBJECT_get0_X509(x) ((x)->data.x509) +#endif /* OpenSSL older than 1.1.0 */ + +NOEXPORT int ocsp_params_append_root_ca(CLI *c, OCSP_PARAMS *params) { + int chain_len; + X509 *cert; + X509_STORE_CTX *store_ctx=NULL; + X509_OBJECT *obj=NULL; + int ret=0; /* failure */ + + chain_len=sk_X509_num(params->chain_to_verify); + if(!chain_len) { /* empty chain */ + s_log(LOG_ERR, "OCSP: Empty verification chain"); + goto cleanup; + } + cert=sk_X509_value(params->chain_to_verify, chain_len-1); + store_ctx=X509_STORE_CTX_new(); + if(!store_ctx) { + s_log(LOG_ERR, "OCSP: X509_STORE_CTX_new"); + goto cleanup; + } + if(!X509_STORE_CTX_init(store_ctx, + SSL_CTX_get_cert_store(c->opt->ctx), NULL, NULL)) { + s_log(LOG_ERR, "OCSP: X509_STORE_CTX_init"); + goto cleanup; + } + obj=X509_OBJECT_new(); + if(X509_STORE_get_by_subject(store_ctx, + X509_LU_X509, X509_get_subject_name(cert), obj)>0) { + goto success; /* the certificate is already trusted */ + } + if(X509_STORE_get_by_subject(store_ctx, + X509_LU_X509, X509_get_issuer_name(cert), obj)<=0) { + s_log(LOG_INFO, "OCSP: The root CA certificate was not found"); + goto cleanup; + } + /* append the root CA certificate into the verified chain */ + params->root_ca=X509_dup(X509_OBJECT_get0_X509(obj)); + if(!params->root_ca) { + s_log(LOG_ERR, "OCSP: X509_dup"); + goto cleanup; + } + if(!sk_X509_push(params->chain_to_verify, params->root_ca)) { + s_log(LOG_ERR, "OCSP: sk_X509_push"); + goto cleanup; + } + +success: + ret=1; /* success: a trusted root CA certificate appended to the chain */ + +cleanup: + if(obj) + X509_OBJECT_free(obj); + if(store_ctx) + X509_STORE_CTX_free(store_ctx); + return ret; +} + +/* Logs the time structure in a human-readable format */ +NOEXPORT void log_time(const int level, const char *txt, ASN1_GENERALIZEDTIME *t) { + char *cp; + BIO *bio; + int n; +#if OPENSSL_VERSION_NUMBER>=0x10101000L + time_t posix_time; + struct tm *timeptr; +#if defined(HAVE_LOCALTIME_R) && defined(_REENTRANT) + struct tm timestruct; +#endif /* defined(HAVE_LOCALTIME_R) && defined(_REENTRANT) */ +#endif /* OpenSSL version 1.1.1 or later */ + + if(!t) + return; + bio=BIO_new(BIO_s_mem()); + if(!bio) + return; +#if OPENSSL_VERSION_NUMBER>=0x10101000L + posix_time = time_t_get_asn1_time(t); + if(posix_time==INVALID_TIME) { + BIO_free(bio); + return; + } +#if defined(HAVE_LOCALTIME_R) && defined(_REENTRANT) + timeptr=localtime_r(&posix_time, ×truct); +#else /* defined(HAVE_LOCALTIME_R) && defined(_REENTRANT) */ + timeptr=localtime(&posix_time); +#endif /* defined(HAVE_LOCALTIME_R) && defined(_REENTRANT) */ + BIO_printf(bio, "%04d.%02d.%02d %02d:%02d:%02d", + timeptr->tm_year + 1900, timeptr->tm_mon + 1, timeptr->tm_mday, + timeptr->tm_hour, timeptr->tm_min, timeptr->tm_sec); +#else /* OpenSSL version 1.1.1 or later */ + ASN1_TIME_print(bio, t); +#endif /* OpenSSL version 1.1.1 or later */ + + n=BIO_pending(bio); + cp=str_alloc((size_t)n+1); + n=BIO_read(bio, cp, n); + if(n<0) { + BIO_free(bio); + str_free(cp); + return; + } + cpn='\0'; + BIO_free(bio); + s_log(level, "%s: %s", txt, cp); + str_free(cp); +} + +#if OPENSSL_VERSION_NUMBER>=0x10101000L +/* Converts ASN1_TIME structure to time_t */ +NOEXPORT time_t time_t_get_asn1_time(const ASN1_TIME *s) { + struct tm tm; + + if ((!s) || (!ASN1_TIME_check(s))) { + return INVALID_TIME; + } + /* The ASN1_TIME_to_tm() function was added in OpenSSL 1.1.1 */ + if (ASN1_TIME_to_tm(s, &tm)) { +#ifdef _WIN32 + return _mkgmtime(&tm); +#else /* defined _WIN32 */ + return timegm(&tm); +#endif /* defined _WIN32 */ + } else { + return INVALID_TIME; + } +} +#endif /* OpenSSL version 1.1.0 or later */ + +#endif /* !defined(OPENSSL_NO_OCSP) */
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/options.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/options.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -39,8 +39,14 @@ #if OPENSSL_VERSION_NUMBER >= 0x10101000L #define DEFAULT_CURVES "X25519:P-256:X448:P-521:P-384" +#ifdef SSL_SYSTEM_DEFAULT_CIPHER_LIST /* Red Hat OpenSSL */ +#define DEFAULT_CURVES_FIPS "P-256:P-521:P-384" +#else /* standard OpenSSL */ +#define DEFAULT_CURVES_FIPS DEFAULT_CURVES +#endif /* Red Hat OpenSSL */ #else /* OpenSSL version < 1.1.1 */ #define DEFAULT_CURVES "prime256v1" +#define DEFAULT_CURVES_FIPS DEFAULT_CURVES #endif /* OpenSSL version >= 1.1.1 */ #if defined(_WIN32_WCE) && !defined(CONFDIR) @@ -696,8 +702,9 @@ #endif if(ref<0) fatal("Negative section reference counter"); - if(ref==0) + if(ref==0) { parse_service_option(CMD_FREE, §ion, NULL, NULL); + } } /**************************************** global options */ @@ -1929,7 +1936,7 @@ /* curves */ switch(cmd) { case CMD_SET_DEFAULTS: - section->curves=str_dup_detached(DEFAULT_CURVES); + section->curves = NULL; break; case CMD_SET_COPY: section->curves=str_dup_detached(new_service_options.curves); @@ -1944,9 +1951,26 @@ section->curves=str_dup_detached(arg); return NULL; /* OK */ case CMD_INITIALIZE: + if(!section->curves) { + /* this is only executed for global options, because + * section->curves is no longer NULL in sections */ +#ifdef USE_FIPS + if(new_global_options.option.fips) + section->curves=str_dup_detached(DEFAULT_CURVES_FIPS); + else +#endif /* USE_FIPS */ + section->curves=str_dup_detached(DEFAULT_CURVES); + } break; case CMD_PRINT_DEFAULTS: - s_log(LOG_NOTICE, "%-22s = %s", "curves", DEFAULT_CURVES); + if(fips_available()) { + s_log(LOG_NOTICE, "%-22s = %s %s", "curves", + DEFAULT_CURVES_FIPS, "(with \"fips = yes\")"); + s_log(LOG_NOTICE, "%-22s = %s %s", "curves", + DEFAULT_CURVES, "(with \"fips = no\")"); + } else { + s_log(LOG_NOTICE, "%-22s = %s", "curves", DEFAULT_CURVES); + } break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = ECDH curve names", "curves"); @@ -2387,6 +2411,9 @@ section->ocsp_url=str_dup_detached(arg); return NULL; /* OK */ case CMD_INITIALIZE: + if((section->ocsp_url || section->option.aia) && + !section->option.verify_chain) + return "\"verifyChain\" has to be enabled for OCSP support"; break; case CMD_PRINT_DEFAULTS: break; @@ -2486,6 +2513,37 @@ break; } + /* OCSPrequire */ + switch(cmd) { + case CMD_SET_DEFAULTS: + section->option.ocsp_require=1; /* enabled by default */ + break; + case CMD_SET_COPY: + section->option.ocsp_require=new_service_options.option.ocsp_require; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: + if(strcasecmp(opt, "OCSPrequire")) + break; + if(!strcasecmp(arg, "yes")) + section->option.ocsp_require=1; + else if(!strcasecmp(arg, "no")) + section->option.ocsp_require=0; + else + return "The argument needs to be either 'yes' or 'no'"; + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: + break; + case CMD_PRINT_HELP: + s_log(LOG_NOTICE, + "%-22s = yes|no require a conclusive OCSP response", + "OCSPrequire"); + break; + } + #endif /* !defined(OPENSSL_NO_OCSP) */ /* options */ @@ -2552,11 +2610,11 @@ section->protocol=str_dup_detached(arg); return NULL; /* OK */ case CMD_INITIALIZE: - /* PROTOCOL_CHECK also initializes: + /* protocol_init() also initializes: section->option.connect_before_ssl section->option.protocol_endpoint */ { - const char *tmp_str=protocol(NULL, section, PROTOCOL_CHECK); + const char *tmp_str=protocol_init(section); if(tmp_str) return tmp_str; } @@ -2993,22 +3051,26 @@ /* retry */ switch(cmd) { case CMD_SET_DEFAULTS: - section->option.retry=0; + section->retry=-1; break; case CMD_SET_COPY: - section->option.retry=new_service_options.option.retry; + section->retry=new_service_options.retry; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, "retry")) break; - if(!strcasecmp(arg, "yes")) - section->option.retry=1; - else if(!strcasecmp(arg, "no")) - section->option.retry=0; - else - return "The argument needs to be either 'yes' or 'no'"; + if(!strcasecmp(arg, "yes")) { + section->retry=1000; /* 1 second */ + } else if(!strcasecmp(arg, "no")) { + section->retry=-1; /* disabled */ + } else { + char *tmp_str; + section->retry=(long)strtol(arg, &tmp_str, 10); + if(tmp_str==arg || *tmp_str || section->retry < 0) + return "Illegal retry delay"; + } return NULL; /* OK */ case CMD_INITIALIZE: break; @@ -3714,6 +3776,36 @@ break; } + /* TIMEOUTocsp */ + switch(cmd) { + case CMD_SET_DEFAULTS: + section->timeout_ocsp=5; /* 5 seconds */ + break; + case CMD_SET_COPY: + section->timeout_ocsp=new_service_options.timeout_ocsp; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: + if(strcasecmp(opt, "TIMEOUTocsp")) + break; + { + char *tmp_str; + section->timeout_ocsp=(int)strtol(arg, &tmp_str, 5); + if(tmp_str==arg || *tmp_str) /* not a number */ + return "Illegal OCSP connect timeout"; + } + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: + s_log(LOG_NOTICE, "%-22s = %d seconds", "TIMEOUTocsp", 5); + break; + case CMD_PRINT_HELP: + s_log(LOG_NOTICE, "%-22s = seconds to connect OCSP responder", "TIMEOUTocsp"); + break; + } + /* transparent */ #ifndef USE_WIN32 switch(cmd) { @@ -3876,11 +3968,7 @@ case CMD_SET_COPY: break; case CMD_FREE: - str_free(section->chain); - if(section->session) - SSL_SESSION_free(section->session); - if(section->ctx) - SSL_CTX_free(section->ctx); + context_cleanup(section); str_free(section->servname); if(section==&service_options || section==&new_service_options) memset(section, 0, sizeof(SERVICE_OPTIONS));
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/os2.mak -> _service:tar_scm:stunnel-5.72.tar.gz/src/os2.mak
Changed
@@ -1,11 +1,11 @@ prefix=. DEFS = -DPACKAGE_NAME=\"stunnel\" \ -DPACKAGE_TARNAME=\"stunnel\" \ - -DPACKAGE_VERSION=\"5.69\" \ - -DPACKAGE_STRING=\"stunnel\ 5.69\" \ + -DPACKAGE_VERSION=\"5.72\" \ + -DPACKAGE_STRING=\"stunnel\ 5.72\" \ -DPACKAGE_BUGREPORT=\"\" \ -DPACKAGE=\"stunnel\" \ - -DVERSION=\"5.69\" \ + -DVERSION=\"5.72\" \ -DSTDC_HEADERS=1 \ -DHAVE_SYS_TYPES_H=1 \ -DHAVE_SYS_STAT_H=1 \ @@ -41,7 +41,7 @@ #SYSLOGDIR = /unixos2/workdir/syslog INCLUDES = -I$(OPENSSLDIR)/outinc LIBS = -lsocket -L$(OPENSSLDIR)/out -lssl -lcrypto -lz -lsyslog -OBJS = file.o client.o log.o options.o protocol.o network.o ssl.o ctx.o verify.o sthreads.o stunnel.o pty.o resolver.o str.o tls.o fd.o dhparam.o cron.o +OBJS = file.o client.o log.o options.o protocol.o network.o ssl.o ctx.o verify.o ocsp.o sthreads.o stunnel.o pty.o resolver.o str.o tls.o fd.o dhparam.o cron.o LIBDIR = . CFLAGS = -O2 -Wall -Wshadow -Wcast-align -Wpointer-arith @@ -64,6 +64,7 @@ ssl.o: ssl.c common.h prototypes.h ctx.o: ctx.c common.h prototypes.h verify.o: verify.c common.h prototypes.h +ocsp.o: ocsp.c common.h prototypes.h sthreads.o: sthreads.c common.h prototypes.h stunnel.o: stunnel.c common.h prototypes.h resolver.o: resolver.c common.h prototypes.h
View file
_service:tar_scm:stunnel-5.72.tar.gz/src/os2.mak.in
Added
@@ -0,0 +1,78 @@ +prefix=. +DEFS = -DPACKAGE_NAME=\"stunnel\" \ + -DPACKAGE_TARNAME=\"stunnel\" \ + -DPACKAGE_VERSION=\"@PACKAGE_VERSION@\" \ + -DPACKAGE_STRING=\"stunnel\ @PACKAGE_VERSION@\" \ + -DPACKAGE_BUGREPORT=\"\" \ + -DPACKAGE=\"stunnel\" \ + -DVERSION=\"@PACKAGE_VERSION@\" \ + -DSTDC_HEADERS=1 \ + -DHAVE_SYS_TYPES_H=1 \ + -DHAVE_SYS_STAT_H=1 \ + -DHAVE_STDLIB_H=1 \ + -DHAVE_STRING_H=1 \ + -DHAVE_MEMORY_H=1 \ + -DHAVE_STRINGS_H=1 \ + -DHAVE_UNISTD_H=1 \ + -DSSLDIR=\"/usr\" \ + -DHOST=\"i386-pc-os2-emx\" \ + -DHAVE_LIBSOCKET=1 \ + -DHAVE_GRP_H=1 \ + -DHAVE_UNISTD_H=1 \ + -DHAVE_SYS_SELECT_H=1 \ + -DHAVE_SYS_IOCTL_H=1 \ + -DHAVE_SYS_RESOURCE_H=1 \ + -DHAVE_SNPRINTF=1 \ + -DHAVE_VSNPRINTF=1 \ + -DHAVE_WAITPID=1 \ + -DHAVE_SYSCONF=1 \ + -DHAVE_ENDHOSTENT=1 \ + -DUSE_OS2=1 \ + -DSIZEOF_UNSIGNED_CHAR=1 \ + -DSIZEOF_UNSIGNED_SHORT=2 \ + -DSIZEOF_UNSIGNED_INT=4 \ + -DSIZEOF_UNSIGNED_LONG=4 \ + -DLIBDIR=\"$(prefix)/lib\" \ + -DCONFDIR=\"$(prefix)/etc\" + +CC = gcc +.SUFFIXES = .c .o +OPENSSLDIR = u:/extras +#SYSLOGDIR = /unixos2/workdir/syslog +INCLUDES = -I$(OPENSSLDIR)/outinc +LIBS = -lsocket -L$(OPENSSLDIR)/out -lssl -lcrypto -lz -lsyslog +OBJS = file.o client.o log.o options.o protocol.o network.o ssl.o ctx.o verify.o ocsp.o sthreads.o stunnel.o pty.o resolver.o str.o tls.o fd.o dhparam.o cron.o +LIBDIR = . +CFLAGS = -O2 -Wall -Wshadow -Wcast-align -Wpointer-arith + +all: stunnel.exe + +stunnel.exe: $(OBJS) + $(CC) -Zmap $(CFLAGS) -o $@ $(OBJS) $(LIBS) + +.c.o: + $(CC) $(CFLAGS) $(DEFS) $(INCLUDES) -o $@ -c $< + +client.o: client.c common.h prototypes.h +#env.o: env.c common.h prototypes.h +#gui.o: gui.c common.h prototypes.h +file.o: file.c common.h prototypes.h +network.o: network.c common.h prototypes.h +options.o: options.c common.h prototypes.h +protocol.o: protocol.c common.h prototypes.h +pty.o: pty.c common.h prototypes.h +ssl.o: ssl.c common.h prototypes.h +ctx.o: ctx.c common.h prototypes.h +verify.o: verify.c common.h prototypes.h +ocsp.o: ocsp.c common.h prototypes.h +sthreads.o: sthreads.c common.h prototypes.h +stunnel.o: stunnel.c common.h prototypes.h +resolver.o: resolver.c common.h prototypes.h +str.o: str.c common.h prototypes.h +tls.o: tls.c common.h prototypes.h +fd.o: fd.c common.h prototypes.h +dhparam.o: dhparam.c common.h prototypes.h +cron.o: cron.c common.h prototypes.h + +clean: + rm -f *.o *.exe
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/protocol.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/protocol.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -40,42 +40,63 @@ #define CAPWIN_BUFFER_SIZE 100 /* protocol-specific function prototypes */ -NOEXPORT char *socks_client(CLI *, SERVICE_OPTIONS *, const PHASE); +NOEXPORT void socks_client_late(CLI *); NOEXPORT void socks5_client_method(CLI *); NOEXPORT void socks5_client_address(CLI *); -NOEXPORT char *socks_server(CLI *, SERVICE_OPTIONS *, const PHASE); +NOEXPORT const char *socks_server_init(SERVICE_OPTIONS *); +NOEXPORT void socks_server_middle(CLI *); +NOEXPORT void socks_server_late(CLI *); NOEXPORT void socks4_server(CLI *); NOEXPORT void socks5_server_method(CLI *); NOEXPORT void socks5_server(CLI *); -NOEXPORT int validate(CLI *); -NOEXPORT char *proxy_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *cifs_client(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *cifs_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *pgsql_client(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *pgsql_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *smtp_client(CLI *, SERVICE_OPTIONS *, const PHASE); +NOEXPORT int validate_connect_addr(CLI *); + +NOEXPORT void proxy_server_late(CLI *); + +NOEXPORT void cifs_client_middle(CLI *); +NOEXPORT void cifs_server_early(CLI *); + +NOEXPORT void pgsql_client_middle(CLI *); +NOEXPORT void pgsql_server_early(CLI *); + +NOEXPORT void smtp_client_middle(CLI *); +NOEXPORT void smtp_client_late(CLI *); NOEXPORT void smtp_client_negotiate(CLI *); NOEXPORT void smtp_client_plain(CLI *, const char *, const char *); NOEXPORT void smtp_client_login(CLI *, const char *, const char *); -NOEXPORT char *smtp_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *pop3_client(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *pop3_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *imap_client(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *imap_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *nntp_client(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *ldap_client(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *connect_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *connect_client(CLI *, SERVICE_OPTIONS *, const PHASE); +NOEXPORT const char *smtp_server_init(SERVICE_OPTIONS *); +NOEXPORT void smtp_server_middle(CLI *); + +NOEXPORT void pop3_client_middle(CLI *); +NOEXPORT const char *pop3_server_init(SERVICE_OPTIONS *); +NOEXPORT void pop3_server_middle(CLI *); + +NOEXPORT void imap_client_middle(CLI *); +NOEXPORT const char *imap_server_init(SERVICE_OPTIONS *); +NOEXPORT void imap_server_middle(CLI *); + +NOEXPORT void nntp_client_middle(CLI *); + +NOEXPORT void ldap_client_middle(CLI *); + +NOEXPORT void connect_server_early(CLI *); +NOEXPORT void connect_client_middle(CLI *); #ifndef OPENSSL_NO_MD4 -NOEXPORT void ntlm(CLI *, SERVICE_OPTIONS *); +NOEXPORT void ntlm(CLI *); NOEXPORT char *ntlm1(void); NOEXPORT char *ntlm3(char *, char *, char *, char *); -NOEXPORT void crypt_DES(DES_cblock, DES_cblock, unsigned char7); +NOEXPORT void crypt_DES(DES_cblock, const_DES_cblock, unsigned char7); #endif NOEXPORT char *base64(int, const char *, int); -NOEXPORT char *capwin_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *capwin_client(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *capwinctrl_client(CLI *, SERVICE_OPTIONS *, const PHASE); + +NOEXPORT void capwin_server_middle(CLI *); +NOEXPORT void capwin_server_late(CLI *); +NOEXPORT void capwin_client_late(CLI *); +NOEXPORT const char *capwinctrl_client_init(SERVICE_OPTIONS *); +NOEXPORT void capwinctrl_client_early(CLI *); +NOEXPORT int capwin_decode(const char *, char **, char **, char **, char **); +NOEXPORT int ldap_auth(CLI *, const char *, const char *); +NOEXPORT char *ldap_escape_dn(const char *); /* global state */ NOEXPORT char capwin_authCAPWIN_BUFFER_SIZE={0}; @@ -84,61 +105,87 @@ LONG capwin_connectivity=0; #endif -/**************************************** framework */ - -const char *protocol(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - if(phase==PROTOCOL_CHECK) /* default to be overridden by protocols */ - opt->option.connect_before_ssl=opt->option.client; - if(!opt->protocol) /* no protocol specified */ - return NULL; /* skip further actions */ - if(!strcasecmp(opt->protocol, "socks")) - return opt->option.client ? - socks_client(c, opt, phase) : - socks_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "proxy")) - return opt->option.client ? - "The 'proxy' protocol is not supported in the client mode" : - proxy_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "cifs")) - return opt->option.client ? - cifs_client(c, opt, phase) : - cifs_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "pgsql")) - return opt->option.client ? - pgsql_client(c, opt, phase) : - pgsql_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "smtp")) - return opt->option.client ? - smtp_client(c, opt, phase) : - smtp_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "pop3")) - return opt->option.client ? - pop3_client(c, opt, phase) : - pop3_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "imap")) - return opt->option.client ? - imap_client(c, opt, phase) : - imap_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "nntp")) - return opt->option.client ? - nntp_client(c, opt, phase) : - "The 'nntp' protocol is not supported in the server mode"; - if(!strcasecmp(opt->protocol, "ldap")) - return opt->option.client ? - ldap_client(c, opt, phase) : - "The 'ldap' protocol is not supported in the server mode"; - if(!strcasecmp(opt->protocol, "connect")) - return opt->option.client ? - connect_client(c, opt, phase) : - connect_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "capwin")) - return opt->option.client ? - capwin_client(c, opt, phase) : - capwin_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "capwinctrl")) - return opt->option.client ? - capwinctrl_client(c, opt, phase) : - "The 'capwinctrl' protocol is not supported in the server mode"; +/**************************************** public interface */ + +const char *protocol_init(SERVICE_OPTIONS *opt) { + typedef struct { + const char *(*init)(SERVICE_OPTIONS *); + void (*early)(CLI *); + void (*middle)(CLI *); + void (*late)(CLI *); + } MODE; + typedef struct { + const char *name; + MODE client, server; + } PROTOCOLS; + const PROTOCOLS protocols = { + {.name="socks", + .client={.late=socks_client_late}, + .server={.init=socks_server_init, .middle=socks_server_middle, .late=socks_server_late}}, + {.name="proxy", + .server={.late=proxy_server_late}}, + {.name="cifs", + .client={.middle=cifs_client_middle}, + .server={.early=cifs_server_early}}, + {.name="pgsql", + .client={.middle=pgsql_client_middle}, + .server={.early=pgsql_server_early}}, + {.name="smtp", + .client={.middle=smtp_client_middle, .late=smtp_client_late}, + .server={.init=smtp_server_init, .middle=smtp_server_middle}}, + {.name="pop3", + .client={.middle=pop3_client_middle}, + .server={.init=pop3_server_init, .middle=pop3_server_middle}}, + {.name="imap", + .client={.middle=imap_client_middle}, + .server={.init=imap_server_init, .middle=imap_server_middle}}, + {.name="nntp", + .client={.middle=nntp_client_middle}}, + {.name="ldap", + .client={.middle=ldap_client_middle}}, + {.name="connect", + .client={.middle=connect_client_middle}, + .server={.early=connect_server_early}}, + {.name="capwin", + .client={.late=capwin_client_late}, + .server={.middle=capwin_server_middle, .late=capwin_server_late}}, + {.name="capwinctrl", + .client={.init=capwinctrl_client_init, .early=capwinctrl_client_early}}, + {.name=NULL} + }, *p; + + /* the default values to be overridden in protocol initialization */ + opt->option.connect_before_ssl=opt->option.client; + opt->option.protocol_endpoint=0; + + if(!opt->protocol) { /* no protocol specified */ + opt->protocol_early=NULL; + opt->protocol_middle=NULL; + opt->protocol_late=NULL; + return NULL; + } + + for(p=protocols; p->name; p++) { + if(!strcasecmp(p->name, opt->protocol)) { + const MODE *m=opt->option.client ? &p->client : &p->server; + if(!m->init && !m->early && !m->middle && !m->late) { + if(opt->option.client) + return "The configured protocol is not supported in the client mode"; + else + return "The configured protocol is not supported in the server mode"; + } + if(m->init) { + const char *err=m->init(opt); + if(err) + return err; + } + opt->protocol_early=m->early; + opt->protocol_middle=m->middle; + opt->protocol_late=m->late; + return NULL; /* success */ + } + } + return "Protocol not supported"; } @@ -161,13 +208,9 @@ } v6; } SOCKS5_UNION; -NOEXPORT char *socks_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_LATE) - return NULL; +NOEXPORT void socks_client_late(CLI *c) { socks5_client_method(c); socks5_client_address(c); - return NULL; } NOEXPORT void socks5_client_method(CLI *c) { @@ -276,38 +319,35 @@ throw_exception(c, 2); /* don't reset */ } -NOEXPORT char *socks_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT const char *socks_server_init(SERVICE_OPTIONS *opt) { + opt->option.protocol_endpoint=1; + return NULL; +} + +NOEXPORT void socks_server_middle(CLI *c) { uint8_t version; - switch(phase) { - case PROTOCOL_CHECK: - opt->option.protocol_endpoint=1; + s_log(LOG_DEBUG, "Waiting for the SOCKS request"); + s_ssl_read(c, &version, sizeof version); + switch(version) { + case 4: + socks4_server(c); break; - case PROTOCOL_MIDDLE: - s_log(LOG_DEBUG, "Waiting for the SOCKS request"); - s_ssl_read(c, &version, sizeof version); - switch(version) { - case 4: - socks4_server(c); - break; - case 5: - socks5_server_method(c); - socks5_server(c); - break; - default: - s_log(LOG_ERR, "Unsupported SOCKS version 0x%02x", version); - throw_exception(c, 1); - } - break; - case PROTOCOL_LATE: - /* TODO: send the SOCKS reply *after* the target is connected */ - /* FIXME: the SOCKS replies do not report CONNECT failures */ - /* FIXME: the SOCKS replies do not contain the bound IP address */ + case 5: + socks5_server_method(c); + socks5_server(c); break; default: - break; + s_log(LOG_ERR, "Unsupported SOCKS version 0x%02x", version); + throw_exception(c, 1); } - return NULL; +} + +NOEXPORT void socks_server_late(CLI *c) { + (void)c; /* squash the unused parameter warning */ + /* TODO: send the SOCKS reply *after* the target is connected */ + /* FIXME: the SOCKS replies do not report CONNECT failures */ + /* FIXME: the SOCKS replies do not contain the bound IP address */ } /* SOCKS4 or SOCKS4a */ @@ -339,7 +379,7 @@ if(c->connect_addr.num) { s_log(LOG_INFO, "SOCKS4a resolved \"%s\" to %u host(s)", host_name, c->connect_addr.num); - if(validate(c)) { + if(validate_connect_addr(c)) { socks.cd=90; /* access granted */ close_connection=0; } else { @@ -357,7 +397,7 @@ c->connect_addr.addr0.in.sin_port=socks.sin_port; c->connect_addr.addr0.in.sin_addr.s_addr=socks.sin_addr.s_addr; s_log(LOG_INFO, "SOCKS4 address received"); - if(validate(c)) { + if(validate_connect_addr(c)) { socks.cd=90; /* access granted */ close_connection=0; } else { @@ -435,7 +475,7 @@ memcpy(&c->connect_addr.addr0.in.sin_addr, &socks.v4.addr, 4); memcpy(&c->connect_addr.addr0.in.sin_port, &socks.v4.port, 2); s_log(LOG_INFO, "SOCKS5 IPv4 address received"); - if(validate(c)) { + if(validate_connect_addr(c)) { socks.resp.rep=0x00; /* succeeded */ close_connection=0; } else { @@ -453,7 +493,7 @@ if(c->connect_addr.num) { s_log(LOG_INFO, "SOCKS5 resolved \"%s\" to %u host(s)", host_name, c->connect_addr.num); - if(validate(c)) { + if(validate_connect_addr(c)) { socks.resp.rep=0x00; /* succeeded */ close_connection=0; } else { @@ -473,7 +513,7 @@ memcpy(&c->connect_addr.addr0.in6.sin6_addr, &socks.v6.addr, 16); memcpy(&c->connect_addr.addr0.in6.sin6_port, &socks.v6.port, 2); s_log(LOG_INFO, "SOCKS5 IPv6 address received"); - if(validate(c)) { + if(validate_connect_addr(c)) { socks.resp.rep=0x00; /* succeeded */ close_connection=0; } else { @@ -535,7 +575,7 @@ } /* validate the allocated address */ -NOEXPORT int validate(CLI *c) { +NOEXPORT int validate_connect_addr(CLI *c) { #ifdef USE_IPv6 const unsigned char ipv6_loopback16={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1}; #endif @@ -583,7 +623,7 @@ #define IP_LEN 40 #define PORT_LEN 6 -NOEXPORT char *proxy_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void proxy_server_late(CLI *c) { SOCKADDR_UNION addr; socklen_t addrlen; char src_hostIP_LEN, dst_hostIP_LEN; @@ -591,9 +631,6 @@ const char *proto; int err; - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_LATE) - return NULL; addrlen=sizeof addr; if(getpeername(c->local_rfd.fd, &addr.sa, &addrlen)) { sockerror("getpeername"); @@ -632,18 +669,14 @@ } fd_printf(c, c->remote_fd.fd, "PROXY %s %s %s %s %s", proto, src_host, dst_host, src_port, dst_port); - return NULL; } /**************************************** cifs */ -NOEXPORT char *cifs_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void cifs_client_middle(CLI *c) { uint8_t buffer5; uint8_t request_dummy4 = {0x81, 0, 0, 0}; /* a zero-length request */ - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; s_write(c, c->remote_fd.fd, request_dummy, 4); s_read(c, c->remote_fd.fd, buffer, 5); if(buffer0!=0x83) { /* NB_SSN_NEGRESP */ @@ -658,18 +691,14 @@ s_log(LOG_ERR, "Remote server does not require TLS"); throw_exception(c, 1); } - return NULL; } -NOEXPORT char *cifs_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void cifs_server_early(CLI *c) { uint8_t buffer128; uint8_t response_access_denied5 = {0x83, 0, 0, 1, 0x81}; uint8_t response_use_ssl5 = {0x83, 0, 0, 1, 0x8e}; uint16_t len; - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_EARLY) - return NULL; s_read(c, c->local_rfd.fd, buffer, 4); /* NetBIOS header */ len=(uint16_t)(((uint16_t)(buffer2)<<8)|buffer3); if(len>sizeof buffer-4) { @@ -683,7 +712,6 @@ throw_exception(c, 1); } s_write(c, c->local_wfd.fd, response_use_ssl, 5); - return NULL; } /**************************************** pgsql */ @@ -691,12 +719,9 @@ /* http://www.postgresql.org/docs/8.3/static/protocol-flow.html#AEN73982 */ static const uint8_t ssl_request8={0, 0, 0, 8, 0x04, 0xd2, 0x16, 0x2f}; -NOEXPORT char *pgsql_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void pgsql_client_middle(CLI *c) { uint8_t buffer1; - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; s_write(c, c->remote_fd.fd, ssl_request, sizeof ssl_request); s_read(c, c->remote_fd.fd, buffer, 1); /* S - accepted, N - rejected, non-TLS preferred */ @@ -704,10 +729,9 @@ s_log(LOG_ERR, "PostgreSQL server rejected TLS"); throw_exception(c, 1); } - return NULL; } -NOEXPORT char *pgsql_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void pgsql_server_early(CLI *c) { uint8_t buffer8, ssl_ok1={'S'}; /* https://www.postgresql.org/docs/current/protocol-message-formats.html */ static const uint8_t gss_request8={0, 0, 0, 8, 0x04, 0xd2, 0x16, 0x30}; @@ -717,9 +741,6 @@ ' ', 'b', 'u', 't', ' ', 'n', 'o', 't', ' ', 'r', 'e', 'q', 'u', 'e', 's', 't', 'e', 'd', ' ', 'b', 'y', ' ', 'c', 'l', 'i', 'e', 'n', 't', 0, 0}; - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_EARLY) - return NULL; s_log(LOG_DEBUG, "Started server-side psql protocol negotiation"); memset(buffer, 0, sizeof buffer); s_read(c, c->local_rfd.fd, buffer, sizeof buffer); @@ -735,39 +756,31 @@ } s_log(LOG_DEBUG, "SSLRequest received"); s_write(c, c->local_wfd.fd, ssl_ok, sizeof ssl_ok); - return NULL; } /**************************************** smtp */ -NOEXPORT char *smtp_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - (void)opt; /* squash the unused parameter warning */ - switch(phase) { - case PROTOCOL_MIDDLE: - smtp_client_negotiate(c); - break; - case PROTOCOL_LATE: - if(opt->protocol_username && opt->protocol_password) { - char *line; - - if(opt->protocol_host) - ssl_printf(c, "HELO %s", opt->protocol_host); - else - ssl_putline(c, "HELO localhost"); - line=ssl_getline(c); /* ignore the reply */ - str_free(line); - if(!strcasecmp(c->opt->protocol_authentication, "LOGIN")) - smtp_client_login(c, - opt->protocol_username, opt->protocol_password); - else /* use PLAIN by default */ - smtp_client_plain(c, - opt->protocol_username, opt->protocol_password); - } - break; - default: - break; +NOEXPORT void smtp_client_middle(CLI *c) { + smtp_client_negotiate(c); +} + +NOEXPORT void smtp_client_late(CLI *c) { + if(c->opt->protocol_username && c->opt->protocol_password) { + char *line; + + if(c->opt->protocol_host) + ssl_printf(c, "HELO %s", c->opt->protocol_host); + else + ssl_putline(c, "HELO localhost"); + line=ssl_getline(c); /* ignore the reply */ + str_free(line); + if(!strcasecmp(c->opt->protocol_authentication, "LOGIN")) + smtp_client_login(c, + c->opt->protocol_username, c->opt->protocol_password); + else /* use PLAIN by default */ + smtp_client_plain(c, + c->opt->protocol_username, c->opt->protocol_password); } - return NULL; } NOEXPORT void smtp_client_negotiate(CLI *c) { @@ -877,13 +890,13 @@ str_free(line); } -NOEXPORT char *smtp_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - char *line, *domain, *greeting; +NOEXPORT const char *smtp_server_init(SERVICE_OPTIONS *opt) { + opt->option.connect_before_ssl=1; /* c->remote_fd needed */ + return NULL; +} - if(phase==PROTOCOL_CHECK) - opt->option.connect_before_ssl=1; /* c->remote_fd needed */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; +NOEXPORT void smtp_server_middle(CLI *c) { + char *line, *domain, *greeting; /* detect RFC 2487 */ s_poll_init(c->fds, 0); @@ -894,7 +907,7 @@ break; case 1: /* fd ready to read */ s_log(LOG_DEBUG, "RFC 2487 not detected"); - return NULL; /* return if RFC 2487 is not used */ + return; /* return if RFC 2487 is not used */ default: /* -1 */ sockerror("RFC2487 (s_poll_wait)"); throw_exception(c, 1); @@ -946,18 +959,13 @@ } fd_putline(c, c->local_wfd.fd, "220 Go ahead"); str_free(line); - - return NULL; } /**************************************** pop3 */ -NOEXPORT char *pop3_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void pop3_client_middle(CLI *c) { char *line; - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; line=fd_getline(c, c->remote_fd.fd); if(!is_prefix(line, "+OK ")) { s_log(LOG_ERR, "Unknown server welcome"); @@ -974,17 +982,15 @@ throw_exception(c, 1); } str_free(line); - return NULL; } -NOEXPORT char *pop3_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - char *line; +NOEXPORT const char *pop3_server_init(SERVICE_OPTIONS *opt) { + opt->option.connect_before_ssl=1; /* c->remote_fd needed */ + return NULL; +} - if(phase==PROTOCOL_CHECK) - opt->option.connect_before_ssl=1; /* c->remote_fd needed */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; - line=fd_getline(c, c->remote_fd.fd); +NOEXPORT void pop3_server_middle(CLI *c) { + char *line=fd_getline(c, c->remote_fd.fd); fd_printf(c, c->local_wfd.fd, "%s + stunnel", line); str_free(line); line=fd_getline(c, c->local_rfd.fd); @@ -1002,18 +1008,12 @@ } str_free(line); fd_putline(c, c->local_wfd.fd, "+OK Stunnel starts TLS negotiation"); - return NULL; } /**************************************** imap */ -NOEXPORT char *imap_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - char *line; - - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; - line=fd_getline(c, c->remote_fd.fd); +NOEXPORT void imap_client_middle(CLI *c) { + char *line=fd_getline(c, c->remote_fd.fd); if(!is_prefix(line, "* OK")) { s_log(LOG_ERR, "Unknown server welcome"); str_free(line); @@ -1031,16 +1031,16 @@ throw_exception(c, 2); /* don't reset */ } str_free(line); +} + +NOEXPORT const char *imap_server_init(SERVICE_OPTIONS *opt) { + opt->option.connect_before_ssl=1; /* c->remote_fd needed */ return NULL; } -NOEXPORT char *imap_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void imap_server_middle(CLI *c) { char *line, *id, *tail, *capa; - if(phase==PROTOCOL_CHECK) - opt->option.connect_before_ssl=1; /* c->remote_fd needed */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; s_poll_init(c->fds, 0); s_poll_add(c->fds, c->local_rfd.fd, 1, 0); switch(s_poll_wait(c->fds, 0, 200)) { @@ -1049,7 +1049,7 @@ break; case 1: /* fd ready to read */ s_log(LOG_DEBUG, "RFC 2595 not detected"); - return NULL; /* return if RFC 2595 is not used */ + return; /* return if RFC 2595 is not used */ default: /* -1 */ sockerror("RFC2595 (s_poll_wait)"); throw_exception(c, 1); @@ -1086,7 +1086,7 @@ "%s OK Begin TLS negotiation now", id); str_free(line); str_free(id); - return NULL; /* success */ + return; /* success */ } else if(is_prefix(tail, "CAPABILITY")) { fd_putline(c, c->remote_fd.fd, line); /* send it to server */ str_free(line); @@ -1132,18 +1132,12 @@ } str_free(line); throw_exception(c, 2); /* don't reset */ - return NULL; /* some C compilers require a return value */ } /**************************************** nntp */ -NOEXPORT char *nntp_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - char *line; - - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; - line=fd_getline(c, c->remote_fd.fd); +NOEXPORT void nntp_client_middle(CLI *c) { + char *line=fd_getline(c, c->remote_fd.fd); if(!is_prefix(line, "200 ") && !is_prefix(line, "201 ")) { s_log(LOG_ERR, "Unknown server welcome"); str_free(line); @@ -1159,7 +1153,6 @@ throw_exception(c, 1); } str_free(line); - return NULL; } /**************************************** LDAP, RFC 2830 */ @@ -1205,18 +1198,13 @@ * https://ldap.com/ldapv3-wire-protocol-reference-extended/ */ -NOEXPORT char *ldap_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void ldap_client_middle(CLI *c) { uint8_t buffer_8; uint32_t buffer_32; size_t resp_len; uint8_t ldap_response128; size_t resp_idx; - (void)opt; /* squash the unused parameter warning */ - - if(phase!=PROTOCOL_MIDDLE) - return NULL; - s_log(LOG_DEBUG, "Sending LDAP Start TLS request"); s_write(c, c->remote_fd.fd, ldap_starttls_message, sizeof(ldap_starttls_message)); @@ -1285,17 +1273,13 @@ /* any remaining data is ignored */ s_log(LOG_INFO, "LDAP Start TLS successfully negotiated"); - return NULL; } /**************************************** connect */ -NOEXPORT char *connect_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void connect_server_early(CLI *c) { char *request, *proto, *header; - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_EARLY) - return NULL; request=fd_getline(c, c->local_rfd.fd); if(!is_prefix(request, "CONNECT ")) { fd_putline(c, c->local_wfd.fd, "HTTP/1.0 400 Bad Request Method"); @@ -1332,34 +1316,30 @@ fd_putline(c, c->local_wfd.fd, "HTTP/1.0 200 OK"); fd_putline(c, c->local_wfd.fd, "Server: stunnel/" STUNNEL_VERSION); fd_putline(c, c->local_wfd.fd, ""); - return NULL; } -NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void connect_client_middle(CLI *c) { char *line, *encoded; NAME_LIST *ptr; - if(phase!=PROTOCOL_MIDDLE) - return NULL; - - if(!opt->protocol_host) { + if(!c->opt->protocol_host) { s_log(LOG_ERR, "protocolHost not specified"); throw_exception(c, 1); } fd_printf(c, c->remote_fd.fd, "CONNECT %s HTTP/1.1", - opt->protocol_host); - fd_printf(c, c->remote_fd.fd, "Host: %s", opt->protocol_host); - if(opt->protocol_username && opt->protocol_password) { - if(!strcasecmp(opt->protocol_authentication, "ntlm")) { + c->opt->protocol_host); + fd_printf(c, c->remote_fd.fd, "Host: %s", c->opt->protocol_host); + if(c->opt->protocol_username && c->opt->protocol_password) { + if(!strcasecmp(c->opt->protocol_authentication, "ntlm")) { #ifndef OPENSSL_NO_MD4 - ntlm(c, opt); + ntlm(c); #else s_log(LOG_ERR, "NTLM authentication is not available"); throw_exception(c, 1); #endif } else { /* basic authentication */ line=str_printf("%s:%s", - opt->protocol_username, opt->protocol_password); + c->opt->protocol_username, c->opt->protocol_password); encoded=base64(1, line, (int)strlen(line)); str_free(line); if(!encoded) { @@ -1371,7 +1351,7 @@ str_free(encoded); } } - for(ptr=opt->protocol_header; ptr; ptr=ptr->next) + for(ptr=c->opt->protocol_header; ptr; ptr=ptr->next) fd_putline(c, c->remote_fd.fd, ptr->name); /* custom header */ fd_putline(c, c->remote_fd.fd, ""); /* empty line */ @@ -1392,7 +1372,6 @@ line=fd_getline(c, c->remote_fd.fd); /* read all headers */ } while(*line); str_free(line); - return NULL; } #ifndef OPENSSL_NO_MD4 @@ -1405,7 +1384,7 @@ #define s_min(a, b) ((a)>(b)?(b):(a)) -NOEXPORT void ntlm(CLI *c, SERVICE_OPTIONS *opt) { +NOEXPORT void ntlm(CLI *c) { char *line, bufBUFSIZ, *ntlm1_txt, *ntlm2_txt, *ntlm3_txt, *tmpstr; long content_length=0; /* no HTTP content */ @@ -1463,10 +1442,10 @@ } /* send Proxy-Authorization (phase 3) */ - fd_printf(c, c->remote_fd.fd, "CONNECT %s HTTP/1.1", opt->protocol_host); - fd_printf(c, c->remote_fd.fd, "Host: %s", opt->protocol_host); - ntlm3_txt=ntlm3(opt->protocol_domain, - opt->protocol_username, opt->protocol_password, ntlm2_txt); + fd_printf(c, c->remote_fd.fd, "CONNECT %s HTTP/1.1", c->opt->protocol_host); + fd_printf(c, c->remote_fd.fd, "Host: %s", c->opt->protocol_host); + ntlm3_txt=ntlm3(c->opt->protocol_domain, + c->opt->protocol_username, c->opt->protocol_password, ntlm2_txt); str_free(ntlm2_txt); if(!ntlm3_txt) { s_log(LOG_ERR, "Proxy-Authenticate: Failed to build NTLM response"); @@ -1621,6 +1600,111 @@ /**************************************** capwin authentication support */ +NOEXPORT void capwin_server_middle(CLI *c) { + char *buffer, *user, *pass, *esc_user, *dn; + const char *failure="FAILED"; + int i; + + buffer=str_alloc(CAPWIN_BUFFER_SIZE); + for(i=0; i<CAPWIN_BUFFER_SIZE - 1; ++i) { + s_ssl_read(c, buffer+i, 1); + if(bufferi == '\x1c') + break; + } + if(capwin_decode(buffer, NULL, &user, &pass, NULL)) { + /* malformed request: reset instead of sending "FAILED" */ + str_free(buffer); + throw_exception(c, 1); + } + str_free(buffer); + esc_user=ldap_escape_dn(user); + str_free(user); + dn=str_printf("uid=%s,ou=people,O=CAPWIN,C=US", esc_user); + str_free(esc_user); + if(ldap_auth(c, dn, pass)) { + str_free(dn); + str_free(pass); + s_log(LOG_ERR, "CapWIN: Authentication failed"); + s_ssl_write(c, failure, (int)strlen(failure)); + throw_exception(c, 2); /* don't reset */ + } + str_free(dn); + str_free(pass); + s_log(LOG_NOTICE, "CapWIN: Authentication succeeded"); +} + +NOEXPORT void capwin_server_late(CLI *c) { + const char *success="BINGO"; + s_ssl_write(c, success, (int)strlen(success)); +} + +NOEXPORT void capwin_client_late(CLI *c) { + char *cmd, *user, *pass, *ctrl, *req, resp5; + + /* we extract the username and the password to work around a bug in the + * original server-side code that required unused units to be empty */ + /* otherwise, we could simply forward capwin_auth directly */ + if(!capwin_auth0) { + s_log(LOG_ERR, "CapWIN: No credentials set"); + throw_exception(c, 1); + } + if(capwin_decode(capwin_auth, &cmd, &user, &pass, &ctrl)) + throw_exception(c, 1); + if(strcmp(cmd, "AUTH")) { + s_log(LOG_ERR, "CapWIN: Invalid authentication request"); + str_free(cmd); + str_free(user); + str_free(pass); + str_free(ctrl); + throw_exception(c, 1); + } + str_free(cmd); + req=str_printf("\x1f%s\x1f%s\x1f\x1c", user, pass); + str_free(user); + str_free(pass); +#ifdef USE_WIN32 + capwin_hwnd=(HWND)(uintptr_t)atoi(ctrl); +#endif + str_free(ctrl); + + s_log(LOG_DEBUG, "CapWIN: Sending credentials"); + s_ssl_write(c, req, (int)strlen(req)); + str_free(req); + + s_log(LOG_DEBUG, "CapWIN: Waiting for response"); + s_ssl_read(c, resp, sizeof resp); +#ifdef USE_WIN32 + /* we received a response, so network is up */ + if(!InterlockedExchange(&capwin_connectivity, 1)) + PostMessage(capwin_hwnd, WM_CAPWIN_NET_UP, 0, 0); +#endif + if(memcmp(resp, "BINGO", sizeof resp)) { + s_log(LOG_ERR, "CapWIN: Authentication failed"); +#ifdef USE_WIN32 + PostMessage(capwin_hwnd, WM_CAPWIN_AUTH_FAIL, 0, 0); +#endif + throw_exception(c, 1); + } + s_log(LOG_NOTICE, "CapWIN: Authentication succeeded"); +#ifdef USE_WIN32 + PostMessage(capwin_hwnd, WM_CAPWIN_AUTH_OK, 0, 0); +#endif +} + +NOEXPORT const char *capwinctrl_client_init(SERVICE_OPTIONS *opt) { + opt->option.protocol_endpoint=1; + return NULL; +} + +NOEXPORT void capwinctrl_client_early(CLI *c) { + s_log(LOG_DEBUG, "CapWIN: Setting credentials"); + memset(capwin_auth, 0, CAPWIN_BUFFER_SIZE); + s_read_eof(c, c->local_rfd.fd, capwin_auth, CAPWIN_BUFFER_SIZE - 1); + s_log(LOG_NOTICE, "CapWIN: Credentials set"); + /* skip connecting a remote host */ + throw_exception(c, 2); /* don't reset */ +} + NOEXPORT int capwin_decode(const char *src, char **cmd, char **user, char **pass, char **ctrl) { char *us1, *us2, *us3, *fs; @@ -1696,7 +1780,7 @@ if(c->fd==INVALID_SOCKET) return 1; /* FAILED */ s_log(LOG_DEBUG, "LDAP: Connecting the server"); - if(s_connect(c, &addr, addr_len(&addr))) { + if(s_connect(c, &addr, addr_len(&addr), c->opt->timeout_connect)) { closesocket(c->fd); c->fd=INVALID_SOCKET; /* avoid double close on cleanup */ return 1; /* FAILED */ @@ -1746,124 +1830,4 @@ return dst; } -NOEXPORT char *capwin_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - char *buffer, *user, *pass, *esc_user, *dn; - const char *success="BINGO", *failure="FAILED"; - int i; - - (void)opt; /* squash the unused parameter warning */ - switch(phase) { - case PROTOCOL_MIDDLE: /* TLS is established */ - buffer=str_alloc(CAPWIN_BUFFER_SIZE); - for(i=0; i<CAPWIN_BUFFER_SIZE - 1; ++i) { - s_ssl_read(c, buffer+i, 1); - if(bufferi == '\x1c') - break; - } - if(capwin_decode(buffer, NULL, &user, &pass, NULL)) { - /* malformed request: reset instead of sending "FAILED" */ - str_free(buffer); - throw_exception(c, 1); - } - str_free(buffer); - esc_user=ldap_escape_dn(user); - str_free(user); - dn=str_printf("uid=%s,ou=people,O=CAPWIN,C=US", esc_user); - str_free(esc_user); - if(ldap_auth(c, dn, pass)) { - str_free(dn); - str_free(pass); - s_log(LOG_ERR, "CapWIN: Authentication failed"); - s_ssl_write(c, failure, (int)strlen(failure)); - throw_exception(c, 2); /* don't reset */ - } - str_free(dn); - str_free(pass); - s_log(LOG_NOTICE, "CapWIN: Authentication succeeded"); - break; - case PROTOCOL_LATE: /* remote host is connected */ - s_ssl_write(c, success, (int)strlen(success)); - break; - default: - break; - } - return NULL; -} - -NOEXPORT char *capwin_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - char *cmd, *user, *pass, *ctrl, *req, resp5; - - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_LATE) - return NULL; - - /* we extract the username and the password to work around a bug in the - * original server-side code that required unused units to be empty */ - /* otherwise, we could simply forward capwin_auth directly */ - if(!capwin_auth0) { - s_log(LOG_ERR, "CapWIN: No credentials set"); - throw_exception(c, 1); - } - if(capwin_decode(capwin_auth, &cmd, &user, &pass, &ctrl)) - throw_exception(c, 1); - if(strcmp(cmd, "AUTH")) { - s_log(LOG_ERR, "CapWIN: Invalid authentication request"); - str_free(cmd); - str_free(user); - str_free(pass); - str_free(ctrl); - throw_exception(c, 1); - } - str_free(cmd); - req=str_printf("\x1f%s\x1f%s\x1f\x1c", user, pass); - str_free(user); - str_free(pass); -#ifdef USE_WIN32 - capwin_hwnd=(HWND)(uintptr_t)atoi(ctrl); -#endif - str_free(ctrl); - - s_log(LOG_DEBUG, "CapWIN: Sending credentials"); - s_ssl_write(c, req, (int)strlen(req)); - str_free(req); - - s_log(LOG_DEBUG, "CapWIN: Waiting for response"); - s_ssl_read(c, resp, sizeof resp); -#ifdef USE_WIN32 - /* we received a response, so network is up */ - if(!InterlockedExchange(&capwin_connectivity, 1)) - PostMessage(capwin_hwnd, WM_CAPWIN_NET_UP, 0, 0); -#endif - if(memcmp(resp, "BINGO", sizeof resp)) { - s_log(LOG_ERR, "CapWIN: Authentication failed"); -#ifdef USE_WIN32 - PostMessage(capwin_hwnd, WM_CAPWIN_AUTH_FAIL, 0, 0); -#endif - throw_exception(c, 1); - } - s_log(LOG_NOTICE, "CapWIN: Authentication succeeded"); -#ifdef USE_WIN32 - PostMessage(capwin_hwnd, WM_CAPWIN_AUTH_OK, 0, 0); -#endif - return NULL; -} - -NOEXPORT char *capwinctrl_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - switch(phase) { - case PROTOCOL_CHECK: - opt->option.protocol_endpoint=1; - break; - case PROTOCOL_EARLY: - s_log(LOG_DEBUG, "CapWIN: Setting credentials"); - memset(capwin_auth, 0, CAPWIN_BUFFER_SIZE); - s_read_eof(c, c->local_rfd.fd, capwin_auth, CAPWIN_BUFFER_SIZE - 1); - s_log(LOG_NOTICE, "CapWIN: Credentials set"); - /* skip connecting a remote host */ - throw_exception(c, 2); /* don't reset */ - default: - break; - } - return NULL; -} - /* end of protocol.c */
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/prototypes.h -> _service:tar_scm:stunnel-5.72.tar.gz/src/prototypes.h
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -56,6 +56,12 @@ typedef struct tls_data_struct TLS_DATA; typedef struct sock_opt_struct SOCK_OPT; +typedef struct client_data_struct CLI; +typedef struct global_options_struct GLOBAL_OPTIONS; +typedef struct service_options_struct SERVICE_OPTIONS; +#ifndef OPENSSL_NO_TLSEXT +typedef struct servername_list_struct SERVERNAME_LIST; +#endif /* !defined(OPENSSL_NO_TLSEXT) */ /**************************************** data structures */ @@ -66,6 +72,55 @@ typedef HANDLE THREAD_ID; #endif +#if OPENSSL_VERSION_NUMBER<0x10100004L + +#ifdef USE_OS_THREADS + +struct CRYPTO_dynlock_value { +#ifdef USE_PTHREAD + pthread_rwlock_t rwlock; +#endif +#ifdef USE_WIN32 + CRITICAL_SECTION critical_section; +#endif +#ifdef DEBUG_LOCKS + const char *init_file, *read_lock_file, *write_lock_file, + *unlock_file, *destroy_file; + int init_line, read_lock_line, write_lock_line, unlock_line, destroy_line; +#endif +}; + +typedef struct CRYPTO_dynlock_value CRYPTO_RWLOCK; + +#else /* USE_OS_THREADS */ + +typedef void CRYPTO_RWLOCK; + +#endif /* USE_OS_THREADS */ + +#endif /* OPENSSL_VERSION_NUMBER<0x10100004L */ + +typedef enum { + LOCK_THREAD_LIST, /* sthreads.c */ + LOCK_SESSION, LOCK_ADDR, + LOCK_CLIENTS, LOCK_SSL, /* client.c */ + LOCK_REF, /* options.c */ + LOCK_INET, /* resolver.c */ +#ifndef USE_WIN32 + LOCK_LIBWRAP, /* libwrap.c */ +#endif + LOCK_LOG_BUFFER, LOCK_LOG_MODE, /* log.c */ + LOCK_LEAK_HASH, LOCK_LEAK_RESULTS, /* str.c */ +#ifndef OPENSSL_NO_DH + LOCK_DH, /* ctx.c */ +#endif /* OPENSSL_NO_DH */ +#ifdef USE_WIN32 + LOCK_WIN_LOG, /* ui_win_gui.c */ +#endif + LOCK_SECTIONS, /* traversing section list */ + STUNNEL_LOCKS /* number of locks */ +} LOCK_TYPE; + #if defined (USE_WIN32) #define ICON_IMAGE HICON #elif defined(__APPLE__) @@ -124,6 +179,7 @@ NAME_LIST *names; /* a list of unresolved names */ } SOCKADDR_LIST; +extern GLOBAL_OPTIONS global_options; #ifndef OPENSSL_NO_COMP typedef enum { COMP_NONE, /* empty compression algorithms set */ @@ -133,7 +189,7 @@ } COMP_TYPE; #endif /* !defined(OPENSSL_NO_COMP) */ -typedef struct { +struct global_options_struct { /* some data for TLS initialization in ssl.c */ #ifndef OPENSSL_NO_COMP COMP_TYPE compression; /* compression type */ @@ -176,13 +232,7 @@ unsigned fips:1; /* enable FIPS 140-2 mode */ #endif } option; -} GLOBAL_OPTIONS; - -extern GLOBAL_OPTIONS global_options; - -#ifndef OPENSSL_NO_TLSEXT -typedef struct servername_list_struct SERVERNAME_LIST;/* forward declaration */ -#endif /* !defined(OPENSSL_NO_TLSEXT) */ +}; #ifndef OPENSSL_NO_PSK typedef struct psk_keys_struct { @@ -204,7 +254,7 @@ } TICKET_KEY; #endif /* OpenSSL 1.0.0 or later */ -typedef struct service_options_struct { +struct service_options_struct { struct service_options_struct *next; /* next node in the services list */ SSL_CTX *ctx; /* TLS context */ char *servname; /* service name for logging & permission checking */ @@ -240,6 +290,11 @@ #ifndef OPENSSL_NO_OCSP char *ocsp_url; unsigned long ocsp_flags; + CRYPTO_RWLOCK *ocsp_response_lock; /* protect the OCSP response cache */ + unsigned char *ocsp_response_der; /* OCSP response data */ + int ocsp_response_len; /* OCSP response length */ + unsigned stapling_cb_flag:1; /* OCSP stapling callback executed */ + unsigned verify_cb_flag:1; /* verify callback executed at depth 0 */ #endif /* !defined(OPENSSL_NO_OCSP) */ #if OPENSSL_VERSION_NUMBER>=0x10002000L NAME_LIST *check_host, *check_email, *check_ip; /* cert subject checks */ @@ -301,14 +356,19 @@ SSL_SESSION *session; /* previous client session for delayed resolver */ int timeout_busy; /* maximum waiting for data time */ int timeout_close; /* maximum close_notify time */ - int timeout_connect; /* maximum connect() time */ + int timeout_connect; /* maximum s_connect() time */ int timeout_idle; /* maximum idle connection time */ + int timeout_ocsp; /* maximum s_connect() time for OCSP */ enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */ unsigned rr; /* per-service sequential number for round-robin failover */ - char *username; + char *username; /* ident client username */ + long retry; /* retry delay for remote+program loop or -1 if disabled */ /* service-specific data for protocol.c */ char *protocol; + void (*protocol_early)(CLI *); + void (*protocol_middle)(CLI *); + void (*protocol_late)(CLI *); NAME_LIST *protocol_header; char *protocol_host; char *protocol_domain; @@ -336,7 +396,6 @@ unsigned libwrap:1; #endif unsigned local:1; /* outgoing interface specified */ - unsigned retry:1; /* loop remote+program */ unsigned session_resume:1; /* enable session resumption */ unsigned sessiond:1; #ifndef USE_WIN32 @@ -351,6 +410,7 @@ #ifndef OPENSSL_NO_OCSP unsigned aia:1; /* Authority Information Access */ unsigned nonce:1; /* send and verify OCSP nonce */ + unsigned ocsp_require:1; /* require a conclusive OCSP response */ #endif /* !defined(OPENSSL_NO_OCSP) */ #ifndef OPENSSL_NO_DH unsigned dh_temp_params:1; @@ -359,7 +419,7 @@ unsigned log_stderr:1; /* a copy of the global switch */ #endif /* USE_WIN32 */ } option; -} SERVICE_OPTIONS; +}; extern SERVICE_OPTIONS service_options; @@ -430,7 +490,7 @@ RENEG_DETECTED /* renegotiation detected */ } RENEG_STATE; -typedef struct client_data_struct { +struct client_data_struct { jmp_buf *exception_pointer; SSL *ssl; /* TLS connection */ @@ -467,10 +527,12 @@ FD *ssl_rfd, *ssl_wfd; /* read and write TLS descriptors */ uint64_t sock_bytes, ssl_bytes; /* bytes written to socket and TLS */ s_poll_set *fds; /* file descriptors */ +#ifndef OPENSSL_NO_PSK struct { - unsigned psk:1; /* PSK identity was found */ + unsigned psk_found:1; /* PSK identity was found */ } flag; -} CLI; +#endif /* !defined(OPENSSL_NO_PSK) */ +}; /**************************************** prototypes for stunnel.c */ @@ -580,6 +642,7 @@ #endif /* OPENSSL_NO_DH */ int context_init(SERVICE_OPTIONS *); +void context_cleanup(SERVICE_OPTIONS *); #ifndef OPENSSL_NO_PSK void psk_sort(PSK_TABLE *, PSK_KEYS *); PSK_KEYS *psk_find(const PSK_TABLE *, const char *); @@ -599,6 +662,14 @@ void print_CA_list(const char *, const STACK_OF(X509_NAME) *); char *X509_NAME2text(X509_NAME *); +/**************************************** prototypes for ocsp.c */ + +#ifndef OPENSSL_NO_OCSP +int ocsp_check(CLI *, X509_STORE_CTX *); /* OCSP client-driven checking */ +int ocsp_init(SERVICE_OPTIONS *); /* OCSP stapling initialization */ +void ocsp_cleanup(SERVICE_OPTIONS *); +#endif /* !defined(OPENSSL_NO_OCSP) */ + /**************************************** prototypes for network.c */ s_poll_set *s_poll_alloc(void); @@ -630,6 +701,7 @@ int socket_options_set(SERVICE_OPTIONS *, SOCKET, int); int make_sockets(SOCKET2); int original_dst(const SOCKET, SOCKADDR_UNION *); +int socket_needs_retry(CLI *, const char *); /**************************************** prototypes for client.c */ @@ -647,7 +719,7 @@ /**************************************** prototypes for network.c */ int get_socket_error(const SOCKET); -int s_connect(CLI *, SOCKADDR_UNION *, socklen_t); +int s_connect(CLI *, SOCKADDR_UNION *, socklen_t, int); void s_write(CLI *, SOCKET fd, const void *, size_t); size_t s_read_eof(CLI *, SOCKET fd, void *, size_t); void s_read(CLI *, SOCKET fd, void *, size_t); @@ -675,19 +747,12 @@ /**************************************** prototype for protocol.c */ -typedef enum { - PROTOCOL_CHECK, - PROTOCOL_EARLY, - PROTOCOL_MIDDLE, - PROTOCOL_LATE -} PHASE; - #ifdef USE_WIN32 extern HWND capwin_hwnd; extern LONG capwin_connectivity; #endif -const char *protocol(CLI *, SERVICE_OPTIONS *opt, const PHASE); +const char *protocol_init(SERVICE_OPTIONS *); /**************************************** prototypes for resolver.c */ @@ -733,55 +798,6 @@ extern CLI *thread_head; #endif -#if OPENSSL_VERSION_NUMBER<0x10100004L - -#ifdef USE_OS_THREADS - -struct CRYPTO_dynlock_value { -#ifdef USE_PTHREAD - pthread_rwlock_t rwlock; -#endif -#ifdef USE_WIN32 - CRITICAL_SECTION critical_section; -#endif -#ifdef DEBUG_LOCKS - const char *init_file, *read_lock_file, *write_lock_file, - *unlock_file, *destroy_file; - int init_line, read_lock_line, write_lock_line, unlock_line, destroy_line; -#endif -}; - -typedef struct CRYPTO_dynlock_value CRYPTO_RWLOCK; - -#else /* USE_OS_THREADS */ - -typedef void CRYPTO_RWLOCK; - -#endif /* USE_OS_THREADS */ - -#endif /* OPENSSL_VERSION_NUMBER<0x10100004L */ - -typedef enum { - LOCK_THREAD_LIST, /* sthreads.c */ - LOCK_SESSION, LOCK_ADDR, - LOCK_CLIENTS, LOCK_SSL, /* client.c */ - LOCK_REF, /* options.c */ - LOCK_INET, /* resolver.c */ -#ifndef USE_WIN32 - LOCK_LIBWRAP, /* libwrap.c */ -#endif - LOCK_LOG_BUFFER, LOCK_LOG_MODE, /* log.c */ - LOCK_LEAK_HASH, LOCK_LEAK_RESULTS, /* str.c */ -#ifndef OPENSSL_NO_DH - LOCK_DH, /* ctx.c */ -#endif /* OPENSSL_NO_DH */ -#ifdef USE_WIN32 - LOCK_WIN_LOG, /* ui_win_gui.c */ -#endif - LOCK_SECTIONS, /* traversing section list */ - STUNNEL_LOCKS /* number of locks */ -} LOCK_TYPE; - extern CRYPTO_RWLOCK *stunnel_locksSTUNNEL_LOCKS; #if OPENSSL_VERSION_NUMBER<0x10100004L
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/pty.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/pty.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/resolver.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/resolver.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/resources.rc -> _service:tar_scm:stunnel-5.72.tar.gz/src/resources.rc
Changed
@@ -19,7 +19,7 @@ VALUE "FileDescription", "stunnel - TLS offloading and load-balancing proxy" VALUE "FileVersion", STUNNEL_VERSION VALUE "InternalName", "stunnel" - VALUE "LegalCopyright", "© by Michal Trojnara, 1998-2023" + VALUE "LegalCopyright", "© by Michal Trojnara, 1998-2024" VALUE "OriginalFilename", "stunnel.exe" VALUE "ProductName", STUNNEL_PRODUCTNAME VALUE "ProductVersion", STUNNEL_VERSION @@ -107,7 +107,7 @@ ICON IDI_STUNNEL_MAIN, -1, 6, 6, 20, 20 LTEXT "stunnel version", -1, 30, 4, 49, 8 LTEXT STUNNEL_VERSION, -1, 79, 4, 57, 8 - LTEXT "© by Michal Trojnara, 1998-2023", -1, 30, 12, 106, 8 + LTEXT "© by Michal Trojnara, 1998-2024", -1, 30, 12, 106, 8 LTEXT "All Rights Reserved", -1, 30, 20, 106, 8 LTEXT "Licensed under the GNU GPL version 2", -1, 4, 28, 132, 8 LTEXT "with a special exception for OpenSSL", -1, 4, 36, 132, 8
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/ssl.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/ssl.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -38,8 +38,13 @@ #include "prototypes.h" /* global OpenSSL initialization: compression, engine, entropy */ +#if OPENSSL_VERSION_NUMBER>=0x10100000L NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp); +#else /* OPENSSL_VERSION_NUMBER>=0x10100000L */ +NOEXPORT int cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +#endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */ #if OPENSSL_VERSION_NUMBER>=0x30000000L NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, void **from_d, int idx, long argl, void *argp); @@ -232,8 +237,13 @@ #endif #endif +#if OPENSSL_VERSION_NUMBER>=0x10100000L NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) { +#else /* OPENSSL_VERSION_NUMBER>=0x10100000L */ +NOEXPORT int cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp) { +#endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */ (void)parent; /* squash the unused parameter warning */ (void)ptr; /* squash the unused parameter warning */ (void)argl; /* squash the unused parameter warning */ @@ -241,6 +251,9 @@ (char *)argp); if(!CRYPTO_set_ex_data(ad, idx, (void *)(-1))) sslerror("CRYPTO_set_ex_data"); +#if OPENSSL_VERSION_NUMBER<0x10100000L + return 1; /* success */ +#endif /* OPENSSL_VERSION_NUMBER<0x10100000L */ } #if OPENSSL_VERSION_NUMBER>=0x30000000L
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/sthreads.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/sthreads.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/str.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/str.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -107,7 +107,9 @@ NOEXPORT void str_leak_debug(const ALLOC_LIST *, int); NOEXPORT LEAK_ENTRY *leak_search(const ALLOC_LIST *); +#if OPENSSL_VERSION_NUMBER >= 0x10101000L NOEXPORT int leak_cmp(const LEAK_ENTRY *const *, const LEAK_ENTRY *const *); +#endif /* OpenSSL version >= 1.1.1 */ NOEXPORT void leak_report(void); NOEXPORT long leak_threshold(void); @@ -163,6 +165,7 @@ for(;;) { va_copy(ap, start_ap); n=vsnprintf(p, size, format, ap); + va_end(ap); if(n>-1 && n<(int)size) return p; if(n>-1) /* glibc 2.1 */ @@ -589,6 +592,7 @@ #endif /* OpenSSL version >= 1.1.1 */ } +#if OPENSSL_VERSION_NUMBER >= 0x10101000L NOEXPORT int leak_cmp(const LEAK_ENTRY *const *a, const LEAK_ENTRY *const *b) { int64_t d = (*a)->total - (*b)->total; if(d>0) @@ -597,6 +601,7 @@ return -1; return 0; } +#endif /* OpenSSL version >= 1.1.1 */ /* report identified leaks */ NOEXPORT void leak_report() {
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/stunnel.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/stunnel.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -450,7 +450,6 @@ #endif if(create_client(fd, s, alloc_client_session(opt, s, s))) { s_log(LOG_ERR, "Connection rejected: create_client failed"); - closesocket(s); #ifndef USE_FORK service_free(opt); #endif @@ -506,7 +505,7 @@ /* FIXME: this is just a crude workaround */ /* is it better to kill the service? */ /* FIXME: this won't work with FORK threads */ - opt->option.retry=0; + opt->retry=-1; /* disable */ } s_log(LOG_DEBUG, "Service %s closed", opt->servname);
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/tls.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/tls.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/ui_unix.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/ui_unix.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/ui_win_cli.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/ui_win_cli.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -93,8 +93,8 @@ RETAILMSG(TRUE, (TEXT("%s\r\n"), tstr)); #else /* use UTF-16 or native codepage rather than UTF-8 */ - _ftprintf(stderr, TEXT("%s\r\n"), tstr); - fflush(stderr); + _putts(tstr); + fflush(stdout); #endif str_free(tstr); }
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/ui_win_gui.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/ui_win_gui.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/vc.mak -> _service:tar_scm:stunnel-5.72.tar.gz/src/vc.mak
Changed
@@ -1,4 +1,4 @@ -# vc.mak by Michal Trojnara 1998-2023 +# vc.mak by Michal Trojnara 1998-2024 # with help of David Gillingham <dgillingham@gmail.com> # with help of Pierre Delaage <delaage.pierre@free.fr> @@ -43,7 +43,7 @@ $(OBJ)\protocol.obj $(OBJ)\sthreads.obj $(OBJ)\log.obj \ $(OBJ)\options.obj $(OBJ)\network.obj $(OBJ)\resolver.obj \ $(OBJ)\str.obj $(OBJ)\tls.obj $(OBJ)\fd.obj $(OBJ)\dhparam.obj \ - $(OBJ)\cron.obj + $(OBJ)\cron.obj $(OBJ)\ocsp.obj GUIOBJS=$(OBJ)\ui_win_gui.obj $(OBJ)\resources.res CLIOBJS=$(OBJ)\ui_win_cli.obj
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/verify.c -> _service:tar_scm:stunnel-5.72.tar.gz/src/verify.c
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -55,26 +55,19 @@ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ NOEXPORT int cert_check_local(X509_STORE_CTX *); NOEXPORT int compare_pubkeys(X509 *, X509 *); -#ifndef OPENSSL_NO_OCSP -NOEXPORT int ocsp_check(CLI *, X509_STORE_CTX *); -NOEXPORT int ocsp_request(CLI *, X509_STORE_CTX *, OCSP_CERTID *, char *); -NOEXPORT OCSP_RESPONSE *ocsp_get_response(CLI *, OCSP_REQUEST *, char *); -#endif - -/* utility functions */ -#ifndef OPENSSL_NO_OCSP -NOEXPORT X509 *get_current_issuer(X509_STORE_CTX *); -NOEXPORT void log_time(const int, const char *, ASN1_TIME *); -#endif /**************************************** verify initialization */ int verify_init(SERVICE_OPTIONS *section) { int verify_mode=0; - if(init_ca(section)) - if(section->option.verify_chain || section->option.verify_peer) + if(init_ca(section)) { + if(section->option.verify_chain || section->option.verify_peer) { + s_log(LOG_ERR, "No trusted certificates found"); return 1; /* FAILED */ + } + s_log(LOG_INFO, "No trusted certificates found"); + } if(init_crl(section)) return 1; /* FAILED */ @@ -97,6 +90,14 @@ NAME_LIST *ptr; #endif + /* CA initialization with the file and/or directory */ + if(section->ca_file || section->ca_dir) { + if(!SSL_CTX_load_verify_locations(section->ctx, + section->ca_file, section->ca_dir)) { + sslerror("SSL_CTX_load_verify_locations"); + } + } + ca_dn=sk_X509_NAME_new_null(); #ifndef OPENSSL_NO_ENGINE @@ -121,7 +122,6 @@ SSL_add_dir_cert_subjects_to_stack(ca_dn, section->ca_dir); if(!sk_X509_NAME_num(ca_dn)) { - s_log(LOG_ERR, "No trusted certificates found"); sk_X509_NAME_pop_free(ca_dn, X509_NAME_free); return 1; /* FAILED */ } @@ -134,14 +134,6 @@ SSL_CTX_set_client_CA_list(section->ctx, ca_dn); } - /* CA initialization with the file and/or directory */ - if(section->ca_file || section->ca_dir) { - if(!SSL_CTX_load_verify_locations(section->ctx, - section->ca_file, section->ca_dir)) { - sslerror("SSL_CTX_load_verify_locations"); - } - } - return 0; /* OK */ } @@ -248,7 +240,7 @@ c=SSL_get_ex_data(ssl, index_ssl_cli); if(!c->opt->option.verify_chain && !c->opt->option.verify_peer) { - s_log(LOG_INFO, "Certificate verification disabled"); + s_log(LOG_INFO, "CERT: Certificate verification disabled"); return 1; /* accept */ } if(verify_checks(c, preverify_ok, callback_ctx)) @@ -289,8 +281,7 @@ return 0; /* reject */ } #ifndef OPENSSL_NO_OCSP - if((c->opt->ocsp_url || c->opt->option.aia) && - !ocsp_check(c, callback_ctx)) { + if(!ocsp_check(c, callback_ctx)) { s_log(LOG_WARNING, "Rejected by OCSP at depth=%d: %s", depth, subject); str_free(subject); return 0; /* reject */ @@ -449,331 +440,6 @@ return 1; /* accept */ } -/**************************************** OCSP checking */ - -#ifndef OPENSSL_NO_OCSP - -#ifdef DEFINE_STACK_OF -/* defined in openssl/safestack.h: - * DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char) */ -#else /* DEFINE_STACK_OF */ -#ifndef sk_OPENSSL_STRING_num -#define sk_OPENSSL_STRING_num(st) sk_num(st) -#endif /* sk_OPENSSL_STRING_num */ -#ifndef sk_OPENSSL_STRING_value -#define sk_OPENSSL_STRING_value(st, i) sk_value((st),(i)) -#endif /* sk_OPENSSL_STRING_value */ -#endif /* DEFINE_STACK_OF */ - -NOEXPORT int ocsp_check(CLI *c, X509_STORE_CTX *callback_ctx) { - X509 *cert; - OCSP_CERTID *cert_id; - STACK_OF(OPENSSL_STRING) *aia; - int i, ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN, saved_error; - char *url; - - /* the original error code is restored unless we report our own error */ - saved_error=X509_STORE_CTX_get_error(callback_ctx); - - /* get the current certificate ID */ - cert=X509_STORE_CTX_get_current_cert(callback_ctx); - if(!cert) { - s_log(LOG_ERR, "OCSP: Failed to get the current certificate"); - X509_STORE_CTX_set_error(callback_ctx, - X509_V_ERR_APPLICATION_VERIFICATION); - return 0; /* reject */ - } - if(!X509_NAME_cmp(X509_get_subject_name(cert), - X509_get_issuer_name(cert))) { - s_log(LOG_DEBUG, "OCSP: Ignoring root certificate"); - return 1; /* accept */ - } - cert_id=OCSP_cert_to_id(NULL, cert, get_current_issuer(callback_ctx)); - if(!cert_id) { - sslerror("OCSP: OCSP_cert_to_id"); - X509_STORE_CTX_set_error(callback_ctx, - X509_V_ERR_APPLICATION_VERIFICATION); - return 0; /* reject */ - } - - /* use the responder specified in the configuration file */ - if(c->opt->ocsp_url) { - s_log(LOG_NOTICE, "OCSP: Connecting the configured responder \"%s\"", - c->opt->ocsp_url); - if(ocsp_request(c, callback_ctx, cert_id, c->opt->ocsp_url)!= - V_OCSP_CERTSTATUS_GOOD) { - OCSP_CERTID_free(cert_id); - return 0; /* reject */ - } - } - - /* use the responder from AIA (Authority Information Access) */ - if(c->opt->option.aia && (aia=X509_get1_ocsp(cert))!=NULL) { - for(i=0; i<sk_OPENSSL_STRING_num(aia); i++) { - url=sk_OPENSSL_STRING_value(aia, i); - s_log(LOG_NOTICE, "OCSP: Connecting the AIA responder \"%s\"", url); - ocsp_status=ocsp_request(c, callback_ctx, cert_id, url); - if(ocsp_status!=V_OCSP_CERTSTATUS_UNKNOWN) - break; /* we received a definitive response */ - } - X509_email_free(aia); - if(ocsp_status!=V_OCSP_CERTSTATUS_GOOD) { - OCSP_CERTID_free(cert_id); - return 0; /* reject */ - } - } - - OCSP_CERTID_free(cert_id); - X509_STORE_CTX_set_error(callback_ctx, saved_error); - return 1; /* accept */ -} - -/* returns one of: - * V_OCSP_CERTSTATUS_GOOD - * V_OCSP_CERTSTATUS_REVOKED - * V_OCSP_CERTSTATUS_UNKNOWN */ -NOEXPORT int ocsp_request(CLI *c, X509_STORE_CTX *callback_ctx, - OCSP_CERTID *cert_id, char *url) { - int ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; - int response_status; - int reason; - int ctx_err=X509_V_ERR_APPLICATION_VERIFICATION; - OCSP_REQUEST *request=NULL; - OCSP_RESPONSE *response=NULL; - OCSP_BASICRESP *basic_response=NULL; - ASN1_GENERALIZEDTIME *revoked_at=NULL, - *this_update=NULL, *next_update=NULL; - - /* build request */ - request=OCSP_REQUEST_new(); - if(!request) { - sslerror("OCSP: OCSP_REQUEST_new"); - goto cleanup; - } - if(!OCSP_request_add0_id(request, OCSP_CERTID_dup(cert_id))) { - sslerror("OCSP: OCSP_request_add0_id"); - goto cleanup; - } - if(c->opt->option.nonce) - OCSP_request_add1_nonce(request, NULL, -1); - - /* send the request and get a response */ - response=ocsp_get_response(c, request, url); - if(!response) - goto cleanup; - response_status=OCSP_response_status(response); - if(response_status!=OCSP_RESPONSE_STATUS_SUCCESSFUL) { - s_log(LOG_ERR, "OCSP: Responder error: %d: %s", - response_status, OCSP_response_status_str(response_status)); - goto cleanup; - } - - /* verify the response */ - basic_response=OCSP_response_get1_basic(response); - if(!basic_response) { - sslerror("OCSP: OCSP_response_get1_basic"); - goto cleanup; - } - if(c->opt->option.nonce && OCSP_check_nonce(request, basic_response)<=0) { - s_log(LOG_ERR, "OCSP: Invalid or unsupported nonce"); - goto cleanup; - } - if(OCSP_basic_verify(basic_response, - X509_STORE_CTX_get0_chain(callback_ctx), - SSL_CTX_get_cert_store(c->opt->ctx), c->opt->ocsp_flags)<=0) { - sslerror("OCSP: OCSP_basic_verify"); - goto cleanup; - } - if(!OCSP_resp_find_status(basic_response, cert_id, &ocsp_status, &reason, - &revoked_at, &this_update, &next_update)) { - sslerror("OCSP: OCSP_resp_find_status"); - goto cleanup; - } - s_log(LOG_INFO, "OCSP: Status: %s", OCSP_cert_status_str(ocsp_status)); - log_time(LOG_INFO, "OCSP: This update", this_update); - log_time(LOG_INFO, "OCSP: Next update", next_update); - /* check if the response is valid for at least one minute */ - if(!OCSP_check_validity(this_update, next_update, 60, -1)) { - sslerror("OCSP: OCSP_check_validity"); - ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; - goto cleanup; - } - switch(ocsp_status) { - case V_OCSP_CERTSTATUS_GOOD: - s_log(LOG_NOTICE, "OCSP: Certificate accepted"); - break; - case V_OCSP_CERTSTATUS_REVOKED: - if(reason==-1) - s_log(LOG_ERR, "OCSP: Certificate revoked"); - else - s_log(LOG_ERR, "OCSP: Certificate revoked: %d: %s", - reason, OCSP_crl_reason_str(reason)); - log_time(LOG_NOTICE, "OCSP: Revoked at", revoked_at); - ctx_err=X509_V_ERR_CERT_REVOKED; - break; - case V_OCSP_CERTSTATUS_UNKNOWN: - s_log(LOG_WARNING, "OCSP: Unknown verification status"); - } -cleanup: - if(request) - OCSP_REQUEST_free(request); - if(response) - OCSP_RESPONSE_free(response); - if(basic_response) - OCSP_BASICRESP_free(basic_response); - if(ocsp_status!=V_OCSP_CERTSTATUS_GOOD) - X509_STORE_CTX_set_error(callback_ctx, ctx_err); - return ocsp_status; -} - -NOEXPORT OCSP_RESPONSE *ocsp_get_response(CLI *c, - OCSP_REQUEST *req, char *url) { - BIO *bio=NULL; - OCSP_REQ_CTX *req_ctx=NULL; - OCSP_RESPONSE *resp=NULL; - char *host=NULL, *port=NULL, *path=NULL; - SOCKADDR_UNION addr; - int ssl; - - /* parse the OCSP URL */ - if(!OCSP_parse_url(url, &host, &port, &path, &ssl)) { - s_log(LOG_ERR, "OCSP: Failed to parse the OCSP URL"); - goto cleanup; - } - if(ssl) { - s_log(LOG_ERR, "OCSP: TLS not supported for OCSP" - " - an additional stunnel service needs to be defined"); - goto cleanup; - } - if(!hostport2addr(&addr, host, port, 0)) { - s_log(LOG_ERR, "OCSP: Failed to resolve the OCSP responder address"); - goto cleanup; - } - - /* connect specified OCSP responder */ - c->fd=s_socket(addr.sa.sa_family, SOCK_STREAM, 0, 1, "OCSP: socket"); - if(c->fd==INVALID_SOCKET) - goto cleanup; - if(s_connect(c, &addr, addr_len(&addr))) - goto cleanup; - bio=BIO_new_socket((int)c->fd, BIO_NOCLOSE); - if(!bio) { - sslerror("OCSP: BIO_new_socket"); - goto cleanup; - } - s_log(LOG_DEBUG, "OCSP: Connected %s:%s", host, port); - - /* initialize an HTTP request with the POST method */ -#if OPENSSL_VERSION_NUMBER>=0x10000000L - req_ctx=OCSP_sendreq_new(bio, path, NULL, -1); -#else - /* there is no way to send the Host header with older OpenSSL versions */ - req_ctx=OCSP_sendreq_new(bio, path, req, -1); -#endif - if(!req_ctx) { - sslerror("OCSP: OCSP_sendreq_new"); - goto cleanup; - } -#if OPENSSL_VERSION_NUMBER>=0x10000000L - /* add the HTTP headers */ - if(!OCSP_REQ_CTX_add1_header(req_ctx, "Host", host)) { - sslerror("OCSP: OCSP_REQ_CTX_add1_header"); - goto cleanup; - } - if(!OCSP_REQ_CTX_add1_header(req_ctx, "User-Agent", "stunnel")) { - sslerror("OCSP: OCSP_REQ_CTX_add1_header"); - goto cleanup; - } - /* add the remaining HTTP headers and the OCSP request body */ - if(!OCSP_REQ_CTX_set1_req(req_ctx, req)) { - sslerror("OCSP: OCSP_REQ_CTX_set1_req"); - goto cleanup; - } -#endif - - /* OCSP protocol communication loop */ - while(OCSP_sendreq_nbio(&resp, req_ctx)==-1) { - s_poll_init(c->fds, 0); - s_poll_add(c->fds, c->fd, BIO_should_read(bio), BIO_should_write(bio)); - switch(s_poll_wait(c->fds, c->opt->timeout_busy, 0)) { - case -1: - sockerror("OCSP: s_poll_wait"); - goto cleanup; - case 0: - s_log(LOG_INFO, "OCSP: s_poll_wait: TIMEOUTbusy exceeded"); - goto cleanup; - } - } -#if 0 - s_log(LOG_DEBUG, "OCSP: context state: 0x%x", *(int *)req_ctx); -#endif - /* http://www.mail-archive.com/openssl-users@openssl.org/msg61691.html */ - if(resp) { - s_log(LOG_DEBUG, "OCSP: Response received"); - } else { - if(ERR_peek_error()) - sslerror("OCSP: OCSP_sendreq_nbio"); - else /* OpenSSL error: OCSP_sendreq_nbio does not use OCSPerr */ - s_log(LOG_ERR, "OCSP: OCSP_sendreq_nbio: OpenSSL internal error"); - } - -cleanup: - if(req_ctx) - OCSP_REQ_CTX_free(req_ctx); - if(bio) - BIO_free_all(bio); - if(c->fd!=INVALID_SOCKET) { - closesocket(c->fd); - c->fd=INVALID_SOCKET; /* avoid double close on cleanup */ - } - if(host) - OPENSSL_free(host); - if(port) - OPENSSL_free(port); - if(path) - OPENSSL_free(path); - return resp; -} - -/* find the issuer certificate without lookups */ -NOEXPORT X509 *get_current_issuer(X509_STORE_CTX *callback_ctx) { - STACK_OF(X509) *chain; - int depth; - - chain=X509_STORE_CTX_get0_chain(callback_ctx); - depth=X509_STORE_CTX_get_error_depth(callback_ctx); - if(depth<sk_X509_num(chain)-1) /* not the root CA cert */ - ++depth; /* index of the issuer cert */ - return sk_X509_value(chain, depth); -} - -NOEXPORT void log_time(const int level, const char *txt, ASN1_TIME *t) { - char *cp; - BIO *bio; - int n; - - if(!t) - return; - bio=BIO_new(BIO_s_mem()); - if(!bio) - return; - ASN1_TIME_print(bio, t); - n=BIO_pending(bio); - cp=str_alloc((size_t)n+1); - n=BIO_read(bio, cp, n); - if(n<0) { - BIO_free(bio); - str_free(cp); - return; - } - cpn='\0'; - BIO_free(bio); - s_log(level, "%s: %s", txt, cp); - str_free(cp); -} - -#endif /* !defined(OPENSSL_NO_OCSP) */ - #ifndef OPENSSL_NO_ENGINE X509 *engine_get_cert(ENGINE *engine, const char *id) {
View file
_service:tar_scm:stunnel-5.69.tar.gz/src/version.h -> _service:tar_scm:stunnel-5.72.tar.gz/src/version.h
Changed
@@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2023 Michal Trojnara <Michal.Trojnara@stunnel.org> + * Copyright (C) 1998-2024 Michal Trojnara <Michal.Trojnara@stunnel.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -65,7 +65,7 @@ /* START CUSTOMIZE */ #define VERSION_MAJOR 5 -#define VERSION_MINOR 69 +#define VERSION_MINOR 72 /* END CUSTOMIZE */ /* all the following macros are ABSOLUTELY NECESSARY to have proper string
View file
_service:tar_scm:stunnel-5.69.tar.gz/tests/Makefile.am -> _service:tar_scm:stunnel-5.72.tar.gz/tests/Makefile.am
Changed
@@ -1,5 +1,5 @@ ## Process this file with automake to produce Makefile.in -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 SUBDIRS = certs
View file
_service:tar_scm:stunnel-5.69.tar.gz/tests/Makefile.in -> _service:tar_scm:stunnel-5.72.tar.gz/tests/Makefile.in
Changed
@@ -14,7 +14,7 @@ @SET_MAKE@ -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ @@ -211,6 +211,7 @@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FILECMD = @FILECMD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@
View file
_service:tar_scm:stunnel-5.69.tar.gz/tests/certs/Makefile.am -> _service:tar_scm:stunnel-5.72.tar.gz/tests/certs/Makefile.am
Changed
@@ -1,7 +1,9 @@ ## Process this file with automake to produce Makefile.in -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 -EXTRA_DIST = maketestcert.sh openssltest.cnf +EXTRA_DIST = maketestcert.sh openssl_root.cnf openssl_intermediate.cnf + +CLEANFILES = makecerts.log check-local: $(srcdir)/maketestcert.sh
View file
_service:tar_scm:stunnel-5.69.tar.gz/tests/certs/Makefile.in -> _service:tar_scm:stunnel-5.72.tar.gz/tests/certs/Makefile.in
Changed
@@ -14,7 +14,7 @@ @SET_MAKE@ -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ @@ -153,6 +153,7 @@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FILECMD = @FILECMD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -253,7 +254,8 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -EXTRA_DIST = maketestcert.sh openssltest.cnf +EXTRA_DIST = maketestcert.sh openssl_root.cnf openssl_intermediate.cnf +CLEANFILES = makecerts.log all: all-am .SUFFIXES: @@ -358,6 +360,7 @@ mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
View file
_service:tar_scm:stunnel-5.69.tar.gz/tests/certs/maketestcert.sh -> _service:tar_scm:stunnel-5.72.tar.gz/tests/certs/maketestcert.sh
Changed
@@ -1,15 +1,14 @@ -#!/bin/sh +# How to run mini OCSP servers: +# openssl ocsp -index tests/certs/index.txt -port 19253 -rsigner tests/certs/inter_ocsp.pem -CA tests/certs/CACert.pem +# openssl ocsp -index tests/certs/index.txt -port 19254 -rsigner tests/certs/leaf_ocsp.pem -CA tests/certs/intermediateCA.pem -ddays=1461 +#!/bin/sh result_path=$(pwd) cd $(dirname "$0") script_path=$(pwd) cd "${result_path}" -mkdir "tmp/" - -# create new psk secrets gen_psk () { tr -c -d 'A-Za-z0-9' </dev/urandom 2>> "maketestcert.log" | head -c 50 > tmp/psk.txt if -s tmp/psk.txt @@ -21,84 +20,195 @@ rm -f tmp/psk.txt } + +################################################################################ +# OpenSSL settings +################################################################################ +TEMP_LD_LIBRARY_PATH=$LD_LIBRARY_PATH +LD_LIBRARY_PATH="" +OPENSSL=openssl + +mkdir "tmp/" export LC_ALL=C +mkdir "CA/" 2>> "maketestcert.log" 1>&2 +touch "CA/index.txt" +echo -n "unique_subject = no" > "CA/index.txt.attr" +"$OPENSSL" rand -hex 16 > "CA/serial" +echo 1001 > "CA/crlnumber" +date > "maketestcert.log" +"$OPENSSL" version 2>> "maketestcert.log" 1>&2 + + +################################################################################ +# Create new psk secrets +################################################################################ gen_psk 1 cat tmp/psk1.txt > tmp/secrets.txt 2>> "maketestcert.log" gen_psk 2 cat tmp/psk2.txt >> tmp/secrets.txt 2>> "maketestcert.log" gen_psk 2 -# OpenSSL settings -TEMP_LD_LIBRARY_PATH=$LD_LIBRARY_PATH -LD_LIBRARY_PATH="" -OPENSSL=openssl -CONF="${script_path}/openssltest.cnf" - -mkdir "demoCA/" -touch "demoCA/index.txt" -touch "demoCA/index.txt.attr" -echo 1000 > "demoCA/serial" -# generate a self-signed certificate -$OPENSSL req -config $CONF -new -x509 -days $ddays -keyout tmp/stunnel.pem -out tmp/stunnel.pem \ +################################################################################ +# self-signed certificate +################################################################################ +CONF="${script_path}/openssl_root.cnf" +"$OPENSSL" req -config $CONF -new -x509 -keyout tmp/stunnel.pem -out tmp/stunnel.pem \ -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=Stunnel Developers/OU=Provisional CA/CN=localhost/emailAddress=stunnel@example.com" \ - 1>&2 2>> "maketestcert.log" + 2>> "maketestcert.log" 1>&2 -# generate root CA certificate -$OPENSSL genrsa -out demoCA/CA.key 1>&2 2>> "maketestcert.log" -$OPENSSL req -config $CONF -new -x509 -days $ddays -key demoCA/CA.key -out tmp/CACert.pem \ - -subj "/C=PL/O=Stunnel Developers/OU=Root CA/CN=CA/emailAddress=CA@example.com" \ - 1>&2 2>> "maketestcert.log" -# generate a certificate to revoke -$OPENSSL genrsa -out demoCA/revoked.key 1>&2 2>> "maketestcert.log" -$OPENSSL req -config $CONF -new -key demoCA/revoked.key -out demoCA/revoked.csr \ +################################################################################ +# Root CA certificate +################################################################################ +"$OPENSSL" genrsa -out CA/CA.key \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" req -config $CONF -new -x509 -days 3600 -key CA/CA.key -out tmp/CACert.pem \ + -subj "/C=PL/O=Stunnel Developers/OU=Root CA/CN=CA/emailAddress=CA@example.com" \ + 2>> "maketestcert.log" 1>&2 + + +################################################################################ +# Intermediate CA certificate +################################################################################ +CONF="${script_path}/openssl_intermediate.cnf" +"$OPENSSL" genrsa -out CA/intermediateCA.key \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" req -config "$CONF" -new -key CA/intermediateCA.key -out CA/intermediateCA.csr \ + -subj "/C=PL/O=Stunnel Developers/OU=Intermediate CA/CN=Intermediate CA" \ + 2>> "maketestcert.log" 1>&2 + +CONF="${script_path}/openssl_root.cnf" +"$OPENSSL" ca -config "$CONF" -batch -in CA/intermediateCA.csr -out CA/intermediateCA.cer \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" x509 -in CA/intermediateCA.cer -out tmp/intermediateCA.pem \ + 2>> "maketestcert.log" 1>&2 + + +################################################################################ +# Revoked certificate chain +################################################################################ +CONF="${script_path}/openssl_intermediate.cnf" +"$OPENSSL" genrsa -out CA/revoked.key \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" req -config $CONF -new -key CA/revoked.key -out CA/revoked.csr \ -subj "/C=PL/O=Stunnel Developers/OU=revoked/CN=revoked/emailAddress=revoked@example.com" \ - 1>&2 2>> "maketestcert.log" - -$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/revoked.csr -out demoCA/revoked.cer 1>&2 2>> "maketestcert.log" - -$OPENSSL x509 -in demoCA/revoked.cer -out tmp/revoked_cert.pem 1>&2 2>> "maketestcert.log" -cat demoCA/revoked.key >> tmp/revoked_cert.pem 2>> "maketestcert.log" + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" ca -config $CONF -batch -in CA/revoked.csr -out CA/revoked.cer \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" x509 -in CA/revoked.cer -out tmp/revoked_cert.pem \ + 2>> "maketestcert.log" 1>&2 +cat CA/revoked.key >> tmp/revoked_cert.pem 2>> "maketestcert.log" +cat tmp/intermediateCA.pem >> tmp/revoked_cert.pem 2>> "maketestcert.log" # revoke above certificate and generate CRL file -$OPENSSL ca -config $CONF -revoke demoCA/1000.pem 1>&2 2>> "maketestcert.log" -$OPENSSL ca -config $CONF -gencrl -crldays $ddays -out tmp/CACertCRL.pem 1>&2 2>> "maketestcert.log" - -# generate a client certificate -$OPENSSL genrsa -out demoCA/client.key 1>&2 2>> "maketestcert.log" -$OPENSSL req -config $CONF -new -key demoCA/client.key -out demoCA/client.csr \ - -subj "/C=PL/O=Stunnel Developers/OU=client/CN=client/emailAddress=client@example.com" \ - 1>&2 2>> "maketestcert.log" - -$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/client.csr -out demoCA/client.cer 1>&2 2>> "maketestcert.log" - -$OPENSSL x509 -in demoCA/client.cer -out tmp/client_cert.pem 1>&2 2>> "maketestcert.log" -cat tmp/client_cert.pem > tmp/PeerCerts.pem 2>> "maketestcert.log" -cat demoCA/client.key >> tmp/client_cert.pem 2>> "maketestcert.log" - -# generate a server certificate -$OPENSSL genrsa -out demoCA/server.key 1>&2 2>> "maketestcert.log" -$OPENSSL req -config $CONF -new -key demoCA/server.key -out demoCA/server.csr \ +"$OPENSSL" ca -config $CONF -revoke CA/revoked.cer \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" ca -config $CONF -gencrl -crldays 1461 -out tmp/CACertCRL.pem \ + 2>> "maketestcert.log" 1>&2 + + +################################################################################ +# Server certificate chain +################################################################################ +"$OPENSSL" genrsa -out CA/server.key \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" req -config $CONF -new -key CA/server.key -out CA/server.csr \ -subj "/C=PL/O=Stunnel Developers/OU=server/CN=server/emailAddress=server@example.com" \ - 1>&2 2>> "maketestcert.log" - -$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/server.csr -out demoCA/server.cer 1>&2 2>> "maketestcert.log" - -$OPENSSL x509 -in demoCA/server.cer -out tmp/server_cert.pem 1>&2 2>> "maketestcert.log" + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" ca -config $CONF -batch -in CA/server.csr -out CA/server.cer \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" x509 -in CA/server.cer -out tmp/server_cert.pem \ + 2>> "maketestcert.log" 1>&2 cat tmp/server_cert.pem >> tmp/PeerCerts.pem 2>> "maketestcert.log" -cat demoCA/server.key >> tmp/server_cert.pem 2>> "maketestcert.log" +cat CA/server.key >> tmp/server_cert.pem 2>> "maketestcert.log" +cat tmp/intermediateCA.pem >> tmp/server_cert.pem 2>> "maketestcert.log" -# create a PKCS#12 file with a server certificate -$OPENSSL pkcs12 -export -certpbe pbeWithSHA1And3-KeyTripleDES-CBC -in tmp/server_cert.pem -out tmp/server_cert.p12 -passout pass: 1>&2 2>> "maketestcert.log" +# create a PKCS#12 file with a server certificate chain +"$OPENSSL" pkcs12 -export -certpbe pbeWithSHA1And3-KeyTripleDES-CBC \ + -in tmp/server_cert.pem -out tmp/server_cert.p12 -passout pass: \ + 2>> "maketestcert.log" 1>&2 -# copy new files -if -s tmp/stunnel.pem && -s tmp/CACert.pem && -s tmp/CACertCRL.pem && \ - -s tmp/revoked_cert.pem && -s tmp/client_cert.pem && -s tmp/server_cert.pem && \ - -s tmp/PeerCerts.pem && -s tmp/server_cert.p12 && \ - -s tmp/psk1.txt && -s tmp/psk2.txt && -s tmp/secrets.txt + +################################################################################ +# Client certificate chain +################################################################################ +"$OPENSSL" genrsa -out CA/client.key \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" req -config $CONF -new -key CA/client.key -out CA/client.csr \ + -subj "/C=PL/O=Stunnel Developers/OU=client/CN=client/emailAddress=client@example.com" \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" ca -config $CONF -batch -in CA/client.csr -out CA/client.cer \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" x509 -in CA/client.cer -out tmp/client_cert.pem \ + 2>> "maketestcert.log" 1>&2 +cat tmp/client_cert.pem > tmp/PeerCerts.pem 2>> "maketestcert.log" +cat CA/client.key >> tmp/client_cert.pem 2>> "maketestcert.log" +cat tmp/intermediateCA.pem >> tmp/client_cert.pem 2>> "maketestcert.log" + + +################################################################################ +# OCSP certificates with XKU_OCSP_SIGN +# openssl ocsp -port 19253 -index index.txt -rsigner inter_ocsp.pem -CA CACert.pem -nmin 1 +# openssl ocsp -port 19254 -index index.txt -rsigner leaf_ocsp.pem -CA intermediateCA.pem -nmin 1 +################################################################################ +CONF="${script_path}/openssl_root.cnf" +"$OPENSSL" genrsa -out CA/inter_ocsp.key \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" req -config $CONF -new -key CA/inter_ocsp.key -out CA/inter_ocsp.csr \ + -extensions v3_OCSP \ + -subj "/C=PL/O=Stunnel Developers/OU=Intermediate OCSP/CN=inter_ocsp/emailAddress=inter_ocsp@example.com" \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" ca -config $CONF -batch -in CA/inter_ocsp.csr -out CA/inter_ocsp.cer \ + -extensions v3_OCSP \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" x509 -in CA/inter_ocsp.cer -out tmp/inter_ocsp.pem \ + 2>> "maketestcert.log" 1>&2 +cat CA/inter_ocsp.key >> tmp/inter_ocsp.pem 2>> "maketestcert.log" + +CONF="${script_path}/openssl_intermediate.cnf" +"$OPENSSL" genrsa -out CA/leaf_ocsp.key \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" req -config $CONF -new -key CA/leaf_ocsp.key -out CA/leaf_ocsp.csr \ + -extensions v3_OCSP \ + -subj "/C=PL/O=Stunnel Developers/OU=Leaf OCSP/CN=leaf_ocsp/emailAddress=leaf_ocsp@example.com" \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" ca -config $CONF -batch -in CA/leaf_ocsp.csr -out CA/leaf_ocsp.cer \ + -extensions v3_OCSP \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" x509 -in CA/leaf_ocsp.cer -out tmp/leaf_ocsp.pem \ + 2>> "maketestcert.log" 1>&2 +cat CA/leaf_ocsp.key >> tmp/leaf_ocsp.pem 2>> "maketestcert.log" + + +################################################################################ +# OCSP certificates without XKU_OCSP_SIGN +# Don't include any certificates in the OCSP response +# openssl ocsp -port 19253 -index index.txt -rsigner CA_ocsp.pem -CA CACert.pem -nmin 1 -resp_no_certs +# openssl ocsp -port 19254 -index index.txt -rsigner interCA_ocsp.pem -CA intermediateCA.pem -nmin 1 -resp_no_certs +################################################################################ +cat tmp/CACert.pem >> tmp/CA_ocsp.pem 2>> "makecerts.log" +cat CA/CA.key >> tmp/CA_ocsp.pem 2>> "makecerts.log" +cat tmp/intermediateCA.pem >> tmp/interCA_ocsp.pem 2>> "makecerts.log" +cat CA/intermediateCA.key >> tmp/interCA_ocsp.pem 2>> "makecerts.log" + + +################################################################################ +# Copy new files +################################################################################ +if test -s tmp/CACert.pem -a -s tmp/CACertCRL.pem \ + -a -s tmp/intermediateCA.pem \ + -a -s tmp/stunnel.pem -a -s tmp/revoked_cert.pem \ + -a -s tmp/client_cert.pem -a -s tmp/server_cert.pem \ + -a -s tmp/server_cert.p12 \ + -a -s tmp/inter_ocsp.pem -a -s tmp/leaf_ocsp.pem \ + -a -s tmp/CA_ocsp.pem -a -s tmp/interCA_ocsp.pem \ + -a -s tmp/PeerCerts.pem -a -s tmp/secrets.txt \ + -a -s tmp/psk1.txt -a -s tmp/psk2.txt \ + -a -s CA/index.txt then - cp tmp/* ./ + cp tmp/* ../certs + cp CA/index.txt ../certs printf "%s\n" "keys & certificates successfully generated" printf "%s\n" "./maketestcert.sh finished" rm -f "maketestcert.log" @@ -107,8 +217,11 @@ printf "%s\n" "error logs ${result_path}/maketestcert.log" fi -# remove the working directory -rm -rf "demoCA/" + +################################################################################ +# Remove the working directory +################################################################################ +rm -rf "CA/" rm -rf "tmp/" # restore settings
View file
_service:tar_scm:stunnel-5.72.tar.gz/tests/certs/openssl_intermediate.cnf
Added
@@ -0,0 +1,74 @@ +# OpenSSL intermediate CA configuration file + + default +name = intermediateCA +default_ca = CA_default + + CA_default +# Directory and file locations. +dir = . +certs = $dir/CA +crl_dir = $dir/CA +new_certs_dir = $dir/CA +database = $dir/CA/index.txt +serial = $dir/CA/serial +rand_serial = yes +private_key = $dir/CA/$name.key +certificate = $dir/tmp/$name.pem +crlnumber = $dir/CA/crlnumber +crl_extensions = crl_ext +default_md = sha256 +preserve = no +policy = policy_loose +default_days = 2200 +x509_extensions = usr_cert + + crl_ext +authorityKeyIdentifier = keyid:always + + v3_OCSP +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = OCSPSigning + + req +# Options for the `req` tool +encrypt_key = no +default_bits = 2048 +default_md = sha256 +string_mask = utf8only +x509_extensions = usr_extensions +distinguished_name = req_distinguished_name + + usr_cert +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer +authorityInfoAccess = OCSP;URI:http://127.0.0.1:19254/ocsp + + usr_extensions +# Extension to add when the -x509 option is used +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +keyUsage = critical, digitalSignature, keyCertSign + + policy_loose +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + + req_distinguished_name +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address
View file
_service:tar_scm:stunnel-5.72.tar.gz/tests/certs/openssl_root.cnf
Added
@@ -0,0 +1,70 @@ +# OpenSSL root CA configuration file + + ca +default_ca = CA_default + + CA_default +# Directory and file locations. +dir = . +certs = $dir/CA +crl_dir = $dir/CA +new_certs_dir = $dir/CA +database = $dir/CA/index.txt +serial = $dir/CA/serial +rand_serial = yes +private_key = $dir/CA/CA.key +certificate = $dir/tmp/CACert.pem +crl_extensions = crl_ext +default_md = sha256 +preserve = no +policy = policy_match +default_days = 3000 +x509_extensions = v3_intermediate_ca + + crl_ext +authorityKeyIdentifier = keyid:always + + v3_OCSP +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = OCSPSigning + + req +# Options for the `req` tool +encrypt_key = no +default_bits = 2048 +default_md = sha256 +string_mask = utf8only +x509_extensions = ca_extensions +distinguished_name = req_distinguished_name + + ca_extensions +# Extension to add when the -x509 option is used +basicConstraints = critical, CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + + v3_intermediate_ca +# Extensions for a typical intermediate CA (`man x509v3_config`) +basicConstraints = critical, CA:true, pathlen:0 +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +keyUsage = critical, digitalSignature, cRLSign, keyCertSign +authorityInfoAccess = OCSP;URI:http://127.0.0.1:19254/ocsp + + policy_match +countryName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + + req_distinguished_name +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address
View file
_service:tar_scm:stunnel-5.69.tar.gz/tests/maketest.py -> _service:tar_scm:stunnel-5.72.tar.gz/tests/maketest.py
Changed
@@ -7,6 +7,7 @@ import asyncio import contextlib import dataclasses +import http.client import logging import os import pathlib @@ -17,6 +18,7 @@ import subprocess import sys import tempfile +import threading from typing import ( Any, @@ -28,7 +30,13 @@ Optional, TypeVar ) - +from datetime import datetime, timedelta, timezone +from functools import partial +from urllib.parse import urlparse +from http.server import SimpleHTTPRequestHandler, ThreadingHTTPServer +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.x509 import load_pem_x509_certificate, ocsp, ReasonFlags +from cryptography.x509 import SubjectKeyIdentifier, ExtensionNotFound, OCSPNonce from plugin_collection import PluginCollection EXIT_SUCCESS = 0 @@ -39,6 +47,8 @@ DEFAULT_CERTS = os.path.join(RESULT_PATH, "certs") DEFAULT_LOGS = os.path.join(RESULT_PATH, "logs") DEFAULT_LEVEL = logging.INFO +DEFAULT_PORT = 19254 +OCSP_INDEX=os.path.join(DEFAULT_CERTS, "index.txt") RE_STUNNEL_VERSION = re.compile( r""" ^ @@ -61,8 +71,18 @@ RE_LINE_IDX = re.compile(r" ^ Hello \s+ (?P<idx> 0 | 1-90-9* ) $ ", re.X) -class UnsupportedOpenSSL(Exception): - """Unsupported version of OpenSSL""" +class UnsupportedVersion(Exception): + """Unsupported version""" + + +class OutputError(Exception): + """Output error + Logging: Something went wrong + """ + + +class UnexpectedWarning(Exception): + """Unexpected warning""" @dataclasses.dataclass(frozen=True) @@ -73,7 +93,7 @@ log: str -TLogEvent = TypeVar("TEvent", bound=LogEvent) +TypeLogEvent = TypeVar("TypeLogEvent", bound=LogEvent) @dataclasses.dataclass(frozen=True) @@ -175,6 +195,7 @@ results: pathlib.Path summary: pathlib.Path debug: int + port: int class TestConnections(NamedTuple): @@ -245,17 +266,17 @@ if evt.etype == "client_send_data": conn = conns.by_id.get(evt.idx) if conn is None: - raise Exception("Listener reported unknown connection") + raise OutputError("Listener reported unknown connection") if conn.peer is not None: - raise Exception(f"Listener reported bad conn {conn!r}") + raise OutputError(f"Listener reported bad conn {conn!r}") conn.peer = peer return if evt.etype != "client_connected": - raise Exception(f"Expected 'client connected' first, got {evt.etype}") + raise OutputError(f"Expected 'client connected' first, got {evt.etype}") conns.pendingpeer = evt - except Exception as err: # pylint: disable=broad-except + except OutputError as err: await self.cfg.mainq.put( LogEvent( etype="fatal_event", @@ -272,7 +293,7 @@ conns = evt.conns conn = conns.by_id.get(evt.idx) if conn is None: - raise Exception("No connection") + raise OutputError("No connection") del conns.by_idevt.idx if conn.peer is None: await self.cfg.mainq.put( @@ -305,7 +326,7 @@ ) return num - except Exception as err: # pylint: disable=broad-except + except OutputError as err: await self.cfg.mainq.put( LogEvent( etype="fatal_event", @@ -326,14 +347,11 @@ while True: evt = await self.cfg.mainq.get() self.log_event(evt, logger) - if evt.etype == "cleanup_event" or evt.etype == "output_event" \ - or evt.etype == "fatal_event": + if evt.etype in "cleanup_event", "output_event", "fatal_event": await self.cfg.resq.put(evt) - elif evt.etype == "stunnel_event" or evt.etype == "result_event" \ - or evt.etype == "all_connections_event": + elif evt.etype in "stunnel_event", "result_event", "all_connections_event": await self.cfg.logsq.put(evt) - elif evt.etype == "client_connected" or evt.etype == "client_send_data" \ - or evt.etype == "client_done": + elif evt.etype in "client_connected", "client_send_data", "client_done": await self.process_client(evt) elif evt.etype == "connection_done_event": await self.cfg.logsq.put(evt) @@ -353,7 +371,7 @@ tag = "check_version" lines = p_err.splitlines() if not lines: - raise Exception(f"Expected at least one line of output from `{cmd_str}`") + raise OutputError(f"Expected at least one line of output from `{cmd_str}`") openssl_version = None stunnel_version = None for line in lines: @@ -364,15 +382,16 @@ if match: openssl_version = match.group("version") if not openssl_version: - raise Exception("Stunnel was compiled and run with different OpenSSL versions") - """TLSv1.1 and TLSv1.2 available only with OpenSSL version 1.0.1 and later""" + raise UnsupportedVersion("Stunnel was compiled and run with different OpenSSL versions") + #TLSv1.1 and TLSv1.2 available only with OpenSSL version 1.0.1 and later if openssl_version < "1.0.1": - raise UnsupportedOpenSSL(f"OpenSSL version {openssl_version} is deprecated and not supported") + raise UnsupportedVersion( + f"OpenSSL version {openssl_version} is deprecated and not supported") if not (sys.version_info.major == 3 and sys.version_info.minor >= 7): - raise Exception("Python 3.7 or higher is required.\n" - + "You are using Python {}.{}.".format(sys.version_info.major, sys.version_info.minor)) + raise UnsupportedVersion("Python 3.7 or higher is required.\n" + + "You are using Python {sys.version_info.major}.{sys.version_info.minor}.") if not stunnel_version: - raise Exception( + raise UnsupportedVersion( f"Could not find the version line in the `{cmd_str}` output:\n" + "\n".join(lines) ) @@ -422,16 +441,16 @@ ) b_out, b_err = await proc.communicate() if b_out is None or b_err is None: - raise Exception("proc.communicate() failed") + raise OutputError("proc.communicate() failed") p_out, p_err = b_out.decode("UTF-8"), b_err.decode("UTF-8") logger.info(p_err) rcode = await proc.wait() if rcode != 0: print(b_out.decode("UTF-8")) print(b_err.decode("UTF-8"), file=sys.stderr) - raise Exception(f"`{cmd_str}` exited with code {rcode}") + raise OutputError(f"`{cmd_str}` exited with code {rcode}") if p_out: - raise Exception(f"`{cmd_str}` produced output on its stdout stream:\n{p_out}") + raise OutputError(f"`{cmd_str}` produced output on its stdout stream:\n{p_out}") await self.check_version(cmd_str, p_err) await self.cfg.mainq.put( LogEvent( @@ -479,7 +498,7 @@ result = "UNKNOWN" while True: evt = await self.cfg.resq.get() - if evt.etype == "output_event" or evt.etype == "fatal_event": + if evt.etype in "output_event", "fatal_event": if result != "skipped": parsed = await self.parse_event(evt) if result == "UNKNOWN": @@ -523,11 +542,11 @@ ) - async def expect_event(self, msgq: asyncio.QueueLogEvent, pattern: str) -> TLogEvent: + async def expect_event(self, msgq: asyncio.QueueLogEvent, pattern: str) -> TypeLogEvent: """Make sure the next event in the logsq queue is of that etype.""" evt = await msgq.get() if evt.etype != pattern: - raise Exception(f"Expected {pattern}, got {evt.etype}") + raise OutputError(f"Expected {pattern}, got {evt.etype}") return evt @@ -559,8 +578,9 @@ async def test_stunnel(self, cfg: Config) -> None: """Make a single test of the given stunnel configuration""" + tag = "test_stunnel" + task = None try: - tag = "test_stunnel" self.logger.info(self.params.description) await self.cfg.mainq.put(LogEvent(etype="log", level=30, log="")) await self.cfg.mainq.put( @@ -585,12 +605,12 @@ if cfgnew is not os.devnull: port = await self.reload_stunnel(cfgfile, cfgnew) else: - raise Exception(f"Unknown '{service}' service") + raise OutputError(f"Unknown '{service}' service") cfgfile = await self.prepare_additional_server_cfgfile(cfg, ports, lport) await self.start_connections(cfgfile, port) - except Exception as err: # pylint: disable=broad-except + except OutputError as err: await cfg.mainq.put( LogEvent( etype="fatal_event", @@ -598,6 +618,14 @@ log=f"{tag} Something went wrong: {err}" ) ) + except asyncio.CancelledError: + await cfg.mainq.put( + LogEvent( + etype="fatal_event", + level=50, + log=f"{tag} Something went wrong: Cancelled task" + ) + ) finally: await self.cleanup_stunnels() await self.cleanup_tasks() @@ -625,12 +653,12 @@ LogEvent( etype="log", level=20, - log=f"{tag} Waiting for an EOF on the '{service}_output' reader socket" + log=f"{tag} Waiting for an EOF on the '{service}_output' reader" ) ) line = await p_out.read(1) if line: - raise Exception(f"Did not expect to read {line!r}") + raise OutputError(f"Did not expect to read {line!r}") return line = data.decode("UTF-8").rstrip("\r\n") @@ -694,7 +722,15 @@ ) ) - except Exception as err: # pylint: disable=broad-except + except OutputError as err: + await self.cfg.mainq.put( + LogEvent( + etype="fatal_event", + level=50, + log=f"{tag} Something went wrong: {err}" + ) + ) + except OSError as err: await self.cfg.mainq.put( StunnelEvent( etype="stunnel_event", @@ -726,14 +762,15 @@ ) ) self.cfg.childrenKeys(pid=proc.pid, service=service) = proc - self.cfg.tasksf"{service}_output" = asyncio.create_task(self.stunnel_output(proc.stderr, service)) + self.cfg.tasksf"{service}_output" = asyncio.create_task( + self.stunnel_output(proc.stderr, service)) async def check_listening_port(self, port:int, service: str) -> int: """Raise exception if configuration failed.""" tag = "check_listening_port" if port == -1: - raise Exception(f"stunnel \'{service}\' failed") + raise OutputError(f"stunnel \'{service}\' failed") await self.cfg.mainq.put( LogEvent( etype="log", @@ -944,7 +981,7 @@ try: match = RE_LINE_IDX.match(line.decode("UTF-8")) if not match: - raise Exception(f"Server received unexpected message: {line!r}") + raise OutputError(f"Server received unexpected message: {line!r}") idx = int(match.group("idx")) await self.cfg.mainq.put( ClientSendDataEvent( @@ -966,7 +1003,15 @@ log=f"{tag} The server sent data to the client #{idx}: {line!r}", ) ) - except Exception as err: # pylint: disable=broad-except + except OutputError as err: + await self.cfg.mainq.put( + LogEvent( + etype="fatal_event", + level=50, + log=f"{tag} Something went wrong: {err}" + ) + ) + except OSError as err: await self.cfg.mainq.put( LogEvent( etype="fatal_event", @@ -998,7 +1043,7 @@ ListenerClientEvent( etype="client_done", level=10, - log=f"{tag} The 'listener' task closed a connection to the client", + log=f"{tag} The 'listener' task closed a connection", peer=peer, conns=self.conns ) @@ -1020,9 +1065,9 @@ ) srv = await self.start_socket_server(self.client_connected_cb) if not srv: - raise Exception(f"The listening {protocol} socket server failed") + raise OutputError(f"The listening {protocol} socket server failed") if not srv.sockets: - raise Exception(f"Expected a listening socket, got {srv.sockets!r}") + raise OutputError(f"Expected a listening socket, got {srv.sockets!r}") hostname, port = srv.sockets0.getsockname():2 await self.cfg.mainq.put( LogEvent( @@ -1077,12 +1122,12 @@ ) ) - except Exception as err: # pylint: disable=broad-except + except asyncio.CancelledError: await self.cfg.mainq.put( LogEvent( etype="cleanup_event", level=20, - log=f"{tag} Cleanup '{name}' task failed: {err}" + log=f"{tag} Cleanup '{name}' task failed: Cancelled task" ) ) @@ -1099,6 +1144,8 @@ log=f"{tag} About to kill and wait for {num} stunnel process(es)" ) ) + await self.cleanup_stunnel("client") + waiters = asyncio.create_task(proc.wait()) for proc in self.cfg.children.values() children = for key, proc in self.cfg.children.items(): @@ -1120,7 +1167,7 @@ log=f"{tag} PID {key.pid} already finished" ) ) - except Exception as err: # pylint: disable=broad-except + except OSError as err: await self.cfg.mainq.put( LogEvent( etype="log", @@ -1140,7 +1187,7 @@ ) ) - except Exception as err: # pylint: disable=broad-except + except asyncio.CancelledError as err: await self.cfg.mainq.put( LogEvent( etype="fatal_event", @@ -1151,9 +1198,10 @@ async def cleanup_stunnel(self, service: str) -> None: - """Terminate and remove a stunnel processe.""" + """Terminate and remove a stunnel process.""" tag = f"cleanup_stunnel {service}" try: + children = for key, proc in self.cfg.children.items(): if key.service is service: await self.cfg.mainq.put( @@ -1163,7 +1211,7 @@ log=f"{tag} Waiting for the '{key.service}' PID {key.pid} to exit..." ) ) - finished = key + children.append(key) try: proc.terminate() except ProcessLookupError: @@ -1174,7 +1222,7 @@ log=f"{tag} - already finished, it seems" ) ) - except Exception as err: # pylint: disable=broad-except + except OSError as err: await self.cfg.mainq.put( LogEvent( etype="log", @@ -1190,9 +1238,10 @@ log=f"{tag} Got stunnel processes' exit status: {wait_res!r}", ) ) - self.cfg.children.pop(finished) + for key in children: + self.cfg.children.pop(key) - except Exception as err: # pylint: disable=broad-except + except OSError as err: await self.cfg.mainq.put( LogEvent( etype="fatal_event", @@ -1324,7 +1373,7 @@ return await asyncio.open_connection('127.0.0.1', conn.port, ssl=ctx) - except OSError as err: # pylint: disable=broad-except + except OSError as err: await self.cfg.mainq.put( LogEvent( etype="log", @@ -1341,7 +1390,7 @@ """Start a network connection and return a pair of (reader, writer) objects.""" client_reader, client_writer = await self.establish_connection(conn) if not client_reader or not client_writer: - raise Exception("Establish connection failed") + raise OutputError("Establish connection failed") return client_reader, client_writer @@ -1360,7 +1409,7 @@ ) client_reader, client_writer = await self.get_io_stream(conn) if client_writer.is_closing(): - raise Exception("Client writer is closing") + raise UnexpectedWarning("Client writer is closing") line = f"Hello {conn.idx}\n".encode("UTF-8") await self.cfg.mainq.put( @@ -1382,7 +1431,7 @@ ) ) if line != "There!\n".encode("UTF-8"): - raise Exception(f"Client received unexpected message: {line!r}") + raise UnexpectedWarning(f"Client received unexpected message: {line!r}") await self.cfg.mainq.put( LogEvent( @@ -1402,14 +1451,22 @@ ) line = await client_reader.read(1) if line: - raise Exception(f"Did not expect to read {line!r}") + raise UnexpectedWarning(f"Did not expect to read {line!r}") - except Exception as err: # pylint: disable=broad-except + except UnexpectedWarning as err: + await self.cfg.mainq.put( + LogEvent( + etype="fatal_event", + level=30, + log=f"{tag} Warning: {err}" + ) + ) + except OSError as err: await self.cfg.mainq.put( LogEvent( etype="fatal_event", level=30, - log=f"{tag} {err}", + log=f"{tag} Warning: {err}", ) ) finally: @@ -1482,7 +1539,8 @@ ) ) self.cfg.childrenKeys(pid=proc.pid, service=service) = proc - self.cfg.tasksf"{service}_output" = asyncio.create_task(self.stunnel_output(proc.stderr, service)) + self.cfg.tasksf"{service}_output" = asyncio.create_task( + self.stunnel_output(proc.stderr, service)) async def get_io_stream( @@ -1507,7 +1565,7 @@ async def check_listening_port(self, port:int, service: str) -> int: """Raise exception if configuration failed.""" if port == -1: - raise Exception(f"stunnel \'{service}\' failed") + raise OutputError(f"stunnel \'{service}\' failed") async def accepting_connections(self, port:int, service: str) -> int: @@ -1521,6 +1579,18 @@ ) -> None: """Handle a socket connection.""" tag = f"socket_connected_cb #{self.idx}" + if self.idx >= self.params.conn_num: + await self.cfg.mainq.put( + LogEvent( + etype="log", + level=10, + log=f"{tag} Skipping test connection #{self.idx}" + ) + ) + writer.close() + await writer.wait_closed() + return + conn = TestConnection(idx=self.idx, port=0, peer=None) self.conns.by_idself.idx = conn line = f"Hello {self.idx}\n".encode("UTF-8") @@ -1543,7 +1613,7 @@ ) ) if line != "There!\n".encode("UTF-8"): - raise Exception(f"Client received unexpected message: {line!r}") + raise UnexpectedWarning(f"Client received unexpected message: {line!r}") await self.cfg.mainq.put( LogEvent( etype="log", @@ -1562,14 +1632,22 @@ ) line = await reader.read(1) if line: - raise Exception(f"Did not expect to read {line!r}") + raise UnexpectedWarning(f"Did not expect to read {line!r}") - except Exception as err: # pylint: disable=broad-except + except UnexpectedWarning as err: await self.cfg.mainq.put( LogEvent( etype="fatal_event", - level=20, - log=f"{tag} {err}", + level=30, + log=f"{tag} Warning: {err}" + ) + ) + except IOError as err: + await self.cfg.mainq.put( + LogEvent( + etype="fatal_event", + level=30, + log=f"{tag} Warning: {err}" ) ) finally: @@ -1624,6 +1702,237 @@ await self.start_stunnel(cfgfile, service) +class OcspResponder(): + """Base class for OCSP responder""" + + def __init__(self, cfg: Config): + self.cfg = cfg + + + async def start_responder(self): + """Start OCSP responder""" + tag = "start_responder" + try: + server=HttpServerThread(self.cfg) + await server.start_server() + except OSError as err: + await self.cfg.mainq.put( + LogEvent( + etype="fatal_event", + level=50, + log=f"{tag} Something went wrong: {err}" + ) + ) + + + async def stop_responder(self): + """Stop OCSP responder""" + tag = "stop_responder" + conn = http.client.HTTPConnection('localhost', self.cfg.port) + conn.request('POST', '/kill_server') + response = conn.getresponse() + await self.cfg.mainq.put( + LogEvent( + etype="log", + level=10, + log=f"{tag} HTTP status code: '{response.getcode()}'" + ) + ) + try: + text = response.read().decode('UTF-8') + await self.cfg.mainq.put( + LogEvent( + etype="log", + level=10, + log=f"{tag} HTTP status code: '{text}'" + ) + ) + except OSError as err: + await self.cfg.mainq.put( + LogEvent( + etype="fatal_event", + level=50, + log=f"{tag} Something went wrong: {err}" + ) + ) + conn.close() + + +class OCSPHandler(SimpleHTTPRequestHandler): + """Handle the HTTP POST request that arrive at the server""" + + def __init__(self, cfg, database, request, client_address, server): + #pylint: disable=too-many-arguments + self.cfg=cfg + self.database = database + self.server=server + SimpleHTTPRequestHandler.__init__(self, request, client_address, server) + + + def log_message(self, format, *args): + """"Override log_message method to log to a file rather than to sys.stderr""" + # pylint: disable=redefined-builtin + with open(self.cfg.results, mode="a", encoding="utf-8", buffering=1) as file: + file.write(f"do_POST: {self.log_date_time_string()}:" + +f"{self.client_address0}: {format%args}\n") + + + def do_POST(self): # pylint: disable=invalid-name + """"Serves the POST request type""" + try: + url=urlparse(self.path) + if url.path == "/kill_server": + self.send_response(200) + self.send_header('Content-type', 'text/plain') + self.end_headers() + self.wfile.write(bytes('Shutting down HTTP server', 'utf-8')) + self.server.shutdown() + elif url.path == "/ocsp": + content_length=int(self.headers'Content-Length') + request_data=self.rfile.read(content_length) + request=ocsp.load_der_ocsp_request(request_data) + self.process_ocsp_request(request) + + except Exception as err: # pylint: disable=broad-except + self.send_error(404, f"{err}") + + + def process_ocsp_request(self, request: ocsp.OCSPRequest): + """Process OCSP request data""" + response=None + this_update=datetime.now(timezone.utc) + try: + issuer = self.database.get(request.issuer_key_hash) + if issuer is None: + response=ocsp.OCSPResponseBuilder.build_unsuccessful( + ocsp.OCSPResponseStatus.UNAUTHORIZED) + else: + serial=request.serial_number + subject_cert = issuer.get('certificates').get(serial) + if subject_cert is None: + response=ocsp.OCSPResponseBuilder.build_unsuccessful( + ocsp.OCSPResponseStatus.UNAUTHORIZED) + else: + ocsp_cert=issuer.get('ocsp_cert') + cert_info=issuer.get('revocations').get(serial) + revoked=cert_info is not None + if revoked: + cert_status=ocsp.OCSPCertStatus.REVOKED + else: + cert_status=ocsp.OCSPCertStatus.GOOD + + # create a OCSPResponse object + builder=ocsp.OCSPResponseBuilder() + + # add status information about the certificate that was requested + builder=builder.add_response( + cert=subject_cert, + issuer=ocsp_cert, + algorithm=request.hash_algorithm, + cert_status=cert_status, + this_update=this_update, + next_update=this_update + timedelta(seconds=60), + revocation_time=cert_info'revocation_time' if revoked else None, + revocation_reason=ReasonFlags.unspecified if revoked else None) + + # set the responderID on the OCSP response + # encode the X.509 NAME of the certificate or HASH of the public key + builder=builder.responder_id(ocsp.OCSPResponderEncoding.NAME, ocsp_cert) + + # add OCSP nonce if present + try: + nonce = request.extensions.get_extension_for_class(OCSPNonce) + builder = builder.add_extension(nonce.value, critical=nonce.critical) + except ExtensionNotFound: + pass + + # create the SUCCESSFUL response that can then be serialized and sent + response=builder.sign(issuer.get('ocsp_key'), hashes.SHA256()) + + except Exception: # pylint: disable=broad-except + response=ocsp.OCSPResponseBuilder.build_unsuccessful( + ocsp.OCSPResponseStatus.INTERNAL_ERROR) + + self.send_response(200) + self.end_headers() + # only DER encoding is supported + self.wfile.write(response.public_bytes(serialization.Encoding.DER)) + + +class HttpServerThread(): + """HTTP server thread handler""" + + def __init__(self, cfg: Config): + self.cfg = cfg + self.server=None + self.server_thread=None + + async def start_server(self) -> (int): + """Starting HTTP server on localhost and a given port""" + tag = "start_server" + database=self.load_database() + ocsp_handler = partial(OCSPHandler, self.cfg, database) + self.server=ThreadingHTTPServer(('localhost', self.cfg.port), ocsp_handler) + self.server_thread=threading.Thread(target=self.server.serve_forever) + self.server_thread.start() + hostname, port=self.server.server_address:2 + await self.cfg.mainq.put( + LogEvent( + etype="log", + level=10, + log=f"{tag} OCSP responder started, URL http://'{hostname}':'{port}'" + ) + ) + return port + + + def load_database(self): + """Create an in memory database of issuer/certificates and issuer/revocations""" + database = {} + for ca_cert, certs in ("CA_ocsp.pem", "intermediateCA.pem"), + ("interCA_ocsp.pem", "server_cert.pem", "client_cert.pem", "revoked_cert.pem"): + path = os.path.join(DEFAULT_CERTS, ca_cert) + ocsp_cert = self.load_certificate(path) + ocsp_sha1 = ocsp_cert.extensions.get_extension_for_class( + SubjectKeyIdentifier).value.digest + databaseocsp_sha1 = {} + databaseocsp_sha1'ocsp_cert' = ocsp_cert + databaseocsp_sha1'ocsp_key' = self.load_private_key(path) + + certificates = {} + for filename in certs: + path = os.path.join(DEFAULT_CERTS, filename) + cert = self.load_certificate(path) + certificatescert.serial_number = cert + databaseocsp_sha1'certificates' = certificates + + with open(OCSP_INDEX, mode="r", encoding="utf-8") as index: + revocations = {} + for line in index.readlines(): + tokens = line.split('\t') + if tokens0 == 'R': + certinfo = { + "revocation_time": datetime.strptime(tokens2, "%y%m%d%H%M%S%z"), + "serial_number": int(tokens3, 16), + } + revocationscertinfo"serial_number" = certinfo + databaseocsp_sha1'revocations' = revocations + + return database + + + def load_certificate(self, path): + """Deserialize a certificate from PEM encoded data""" + with open(path, mode="rb") as file: + return load_pem_x509_certificate(file.read()) + + + def load_private_key(self, path, password=None): + """Deserialize a private key from PEM encoded data""" + with open(path, mode="rb") as file: + return serialization.load_pem_private_key(file.read(), password) + + @contextlib.contextmanager def parse_args() -> Config: """Parse the command-line arguments.""" @@ -1667,6 +1976,14 @@ help="the logging level " "(default: INFO)", ) + parser.add_argument( + "--port", + type=int, + default=DEFAULT_PORT, + metavar="PORT", + help="OCSP responder port number" + f"(default: {DEFAULT_PORT})" + ) args = parser.parse_args() utf8_env = dict(os.environ) # environment can only contain strings @@ -1695,7 +2012,8 @@ utf8_env=utf8_env, results=os.path.join(args.logs, "results.log"), summary=os.path.join(args.logs, "summary.log"), - debug=args.debug + debug=args.debug, + port=args.port ) @@ -1714,7 +2032,7 @@ slogs = TestLogs(cfg) formats = "%(message)s" slogger = slogs.setup_logger("summary", formats, cfg.summary, DEFAULT_LEVEL) - except Exception as err: # pylint: disable=broad-except + except asyncio.CancelledError as err: # Logging is not available at this point. print(err) print("Framework initalization failed") @@ -1725,7 +2043,15 @@ await slogs.get_version(slogger) slogs.transcript_logs("summary", formats) + # Start OCSP responder. + responder = OcspResponder(cfg) + await responder.start_responder() + + # Check plugins. await PluginCollection(cfg, slogger, 'plugins') + + # Stop OCSP responder. + await responder.stop_responder() await cfg.mainq.put( LogEvent( etype="finish_event", @@ -1733,16 +2059,26 @@ log=f"{tag} Stunnel tests completed" ) ) - except UnsupportedOpenSSL as err: + + except UnsupportedVersion as err: await cfg.mainq.put( LogEvent( etype="finish_event", level=30, - log=f"{tag} Unsupported OpenSSL: {err}" + log=f"{tag} Unsupported version: {err}" ) ) print(err) - except Exception as err: # pylint: disable=broad-except + except OutputError as err: + await cfg.mainq.put( + LogEvent( + etype="finish_event", + level=50, + log=f"{tag} Something went wrong: {err}" + ) + ) + print(err) + except OSError as err: await cfg.mainq.put( LogEvent( etype="finish_event",
View file
_service:tar_scm:stunnel-5.69.tar.gz/tests/plugins/p14_resume_ticket.py -> _service:tar_scm:stunnel-5.72.tar.gz/tests/plugins/p14_resume_ticket.py
Changed
@@ -63,7 +63,7 @@ debug = debug syslog = no - retry = yes + retry = 10 {service} client = yes @@ -149,7 +149,7 @@ debug = debug syslog = no - retry = yes + retry = 10 {service} client = yes
View file
_service:tar_scm:stunnel-5.69.tar.gz/tests/plugins/p15_resume_secret.py -> _service:tar_scm:stunnel-5.72.tar.gz/tests/plugins/p15_resume_secret.py
Changed
@@ -61,7 +61,7 @@ debug = debug syslog = no - retry = yes + retry = 10 {service} client = yes
View file
_service:tar_scm:stunnel-5.69.tar.gz/tests/plugins/p24_delay.py -> _service:tar_scm:stunnel-5.72.tar.gz/tests/plugins/p24_delay.py
Changed
@@ -70,7 +70,7 @@ syslog = no delay = yes - retry = yes + retry = 10 {service} client = yes @@ -151,7 +151,7 @@ delay = no failover = rr - retry = yes + retry = 10 {service} client = yes
View file
_service:tar_scm:stunnel-5.72.tar.gz/tests/plugins/p27_ocsp.py
Added
@@ -0,0 +1,339 @@ +"""stunnel client-server tests""" + +import logging +import os +import pathlib +from plugin_collection import Plugin, ERR_CONN_RESET +from maketest import ( + Config, + StunnelAcceptConnect +) + + +class StunnelTest(StunnelAcceptConnect): + """Base class for stunnel client-server tests.""" + # pylint: disable=too-few-public-methods + + def __init__(self, cfg: Config, logger: logging.Logger): + super().__init__(cfg, logger) + self.params.services = 'server', 'client' + + +class VerifyOCSPStapling(StunnelTest): + """ Checking OCSP stapling certificate verification. + OCSP stapling is always available in the server mode. + Server OCSP stapling is supported in OpenSSL version 1.0.2 or later. + Using "verifyChain" automatically enables OCSP stapling in the client mode. + The success is expected because the server presents a valid certificate. + """ + + def __init__(self, cfg: Config, logger: logging.Logger): + super().__init__(cfg, logger) + self.params.description = '271. Test OCSP stapling' + self.events.skip = + "Server OCSP stapling not supported" + + self.events.count = 1 + self.events.success = + r"OCSP: Accepted \(good\)" + + self.events.failure = + "peer did not return a certificate", + "bad certificate", + "certificate verify failed", + "unsupported protocol", + "TLS accepted: previous session reused", + "Redirecting connection", + ERR_CONN_RESET, + "Connection lost", + "Client received unexpected message", + "Server received unexpected message", + "Something went wrong", + "INTERNAL ERROR" + + + + async def prepare_client_cfgfile( + self, cfg: Config, ports: list, service: str + ) -> (pathlib.Path, pathlib.Path): + """Create a configuration file for a stunnel client.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + {service} + client = yes + accept = 127.0.0.1:0 + connect = 127.0.0.1:{ports1} + CAfile = {cfg.certdir}/CACert.pem + verifyChain = yes + """ + cfgfile = cfg.tempd / "stunnel_client.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile, os.devnull + + + async def prepare_server_cfgfile( + self, cfg: Config, port: int, service: str + ) -> pathlib.Path: + """Create a configuration file for a stunnel server.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + {service} + accept = 127.0.0.1:0 + connect = 127.0.0.1:{port} + cert = {cfg.certdir}/server_cert.pem + """ + cfgfile = cfg.tempd / "stunnel_server.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile + + +class VerifyOCSPClientDriven(StunnelTest): + """ Checking OCSP stapling certificate verification. + Using "OCSPaia" enables stunnel to validate certificates with the list of OCSP + responder URLs retrieved from their AIA (Authority Information Access) extension. + The success is expected because the client presents a valid certificate. + """ + + def __init__(self, cfg: Config, logger: logging.Logger): + super().__init__(cfg, logger) + self.params.description = '272. Test OCSP client-driven' + self.events.count = 1 + self.events.success = + r"OCSP: Accepted \(good\)" + + self.events.failure = + "peer did not return a certificate", + "bad certificate", + "certificate verify failed", + "unsupported protocol", + "TLS accepted: previous session reused", + "Redirecting connection", + ERR_CONN_RESET, + "Connection lost", + "Client received unexpected message", + "Server received unexpected message", + "Something went wrong", + "INTERNAL ERROR" + + + + async def prepare_client_cfgfile( + self, cfg: Config, ports: list, service: str + ) -> (pathlib.Path, pathlib.Path): + """Create a configuration file for a stunnel client.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + {service} + client = yes + accept = 127.0.0.1:0 + connect = 127.0.0.1:{ports1} + cert = {cfg.certdir}/client_cert.pem + """ + cfgfile = cfg.tempd / "stunnel_client.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile, os.devnull + + + async def prepare_server_cfgfile( + self, cfg: Config, port: int, service: str + ) -> pathlib.Path: + """Create a configuration file for a stunnel server.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + {service} + accept = 127.0.0.1:0 + connect = 127.0.0.1:{port} + cert = {cfg.certdir}/server_cert.pem + CAfile = {cfg.certdir}/CACert.pem + verifyChain = yes + OCSPaia = yes + """ + cfgfile = cfg.tempd / "stunnel_server.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile + + +class FailureVerifyOCSPStapling(StunnelTest): + """ Checking OCSP stapling certificate verification. + OCSP stapling is always available in the server mode. + Server OCSP stapling is supported in OpenSSL version 1.0.2 or later. + Using "verifyChain" automatically enables OCSP stapling in the client mode. + The failure is expected because the server presents a revoked certificate. + """ + + def __init__(self, cfg: Config, logger: logging.Logger): + super().__init__(cfg, logger) + self.params.description = '273. Failure test OCSP stapling' + self.events.skip = + "Server OCSP stapling not supported" + + self.events.count = 1 + self.events.success = + r"OCSP: Rejected \(revoked\)" + + self.events.failure = + "peer did not return a certificate", + #"bad certificate", + "certificate verify failed", + "unsupported protocol", + "TLS accepted: previous session reused", + "Redirecting connection", + #ERR_CONN_RESET, + "Connection lost", + "Client received unexpected message", + "Server received unexpected message", + "Something went wrong", + "INTERNAL ERROR" + + + + async def prepare_client_cfgfile( + self, cfg: Config, ports: list, service: str + ) -> (pathlib.Path, pathlib.Path): + """Create a configuration file for a stunnel client.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + {service} + client = yes + accept = 127.0.0.1:0 + connect = 127.0.0.1:{ports1} + CAfile = {cfg.certdir}/CACert.pem + verifyChain = yes + """ + cfgfile = cfg.tempd / "stunnel_client.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile, os.devnull + + + async def prepare_server_cfgfile( + self, cfg: Config, port: int, service: str + ) -> pathlib.Path: + """Create a configuration file for a stunnel server.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + + {service} + accept = 127.0.0.1:0 + connect = 127.0.0.1:{port} + cert = {cfg.certdir}/revoked_cert.pem + """ + cfgfile = cfg.tempd / "stunnel_server.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile + + +class FailureVerifyOCSPClientDriven(StunnelTest): + """ Checking OCSP stapling certificate verification. + Using "OCSPaia" enables stunnel to validate certificates with the list of OCSP + responder URLs retrieved from their AIA (Authority Information Access) extension. + The failure is expected because client presents a revoked certificate. + """ + + def __init__(self, cfg: Config, logger: logging.Logger): + super().__init__(cfg, logger) + self.params.description = '274. Failure test OCSP client-driven' + self.events.count = 1 + self.events.success = + "Rejected by OCSP at depth=0" + + self.events.failure = + "peer did not return a certificate", + "bad certificate", + #"certificate verify failed", + "unsupported protocol", + "TLS accepted: previous session reused", + "Redirecting connection", + #ERR_CONN_RESET, + "Connection lost", + "Client received unexpected message", + "Server received unexpected message", + "Something went wrong", + "INTERNAL ERROR" + + + + async def prepare_client_cfgfile( + self, cfg: Config, ports: list, service: str + ) -> (pathlib.Path, pathlib.Path): + """Create a configuration file for a stunnel client.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + {service} + client = yes + accept = 127.0.0.1:0 + connect = 127.0.0.1:{ports1} + cert = {cfg.certdir}/revoked_cert.pem + """ + cfgfile = cfg.tempd / "stunnel_client.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile, os.devnull + + + async def prepare_server_cfgfile( + self, cfg: Config, port: int, service: str + ) -> pathlib.Path: + """Create a configuration file for a stunnel server.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + + {service} + accept = 127.0.0.1:0 + connect = 127.0.0.1:{port} + cert = {cfg.certdir}/server_cert.pem + CAfile = {cfg.certdir}/CACert.pem + verifyChain = yes + OCSPaia = yes + """ + cfgfile = cfg.tempd / "stunnel_server.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile + + +class StunnelClientServerTest(Plugin): + """Stunnel client-server tests + HTTP client --> stunnel client --> stunnel server --> HTTP server + """ + # pylint: disable=too-few-public-methods + + def __init__(self): + super().__init__() + self.description = 'OCSP certificate verification' + + + async def perform_operation(self, cfg: Config, logger: logging.Logger) -> None: + """Run tests""" + stunnel = VerifyOCSPStapling(cfg, logger) + await stunnel.test_stunnel(cfg) + + stunnel = VerifyOCSPClientDriven(cfg, logger) + await stunnel.test_stunnel(cfg) + + stunnel = FailureVerifyOCSPStapling(cfg, logger) + await stunnel.test_stunnel(cfg) + + stunnel = FailureVerifyOCSPClientDriven(cfg, logger) + await stunnel.test_stunnel(cfg)
View file
_service:tar_scm:stunnel-5.69.tar.gz/tools/Makefile.am -> _service:tar_scm:stunnel-5.72.tar.gz/tools/Makefile.am
Changed
@@ -1,10 +1,10 @@ ## Process this file with automake to produce Makefile.in -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh makecert.sh EXTRA_DIST += openssl.cnf stunnel.nsi ReplaceInFile3.nsh stunnel.license stunnel.conf EXTRA_DIST += stunnel.conf-sample.in stunnel.init.in stunnel.service.in -EXTRA_DIST += stunnel.logrotate stunnel.rh.init stunnel.spec +EXTRA_DIST += stunnel.logrotate stunnel.rh.init stunnel.spec.in EXTRA_DIST += ca-certs.pem confdir = $(sysconfdir)/stunnel @@ -20,7 +20,7 @@ bashcompdir = @bashcompdir@ dist_bashcomp_DATA = stunnel.bash -CLEANFILES = stunnel.conf-sample stunnel.init stunnel.service +CLEANFILES = stunnel.conf-sample stunnel.init stunnel.service stunnel.spec install-data-local: ${INSTALL} -d -m 1770 $(DESTDIR)$(localstatedir)/lib/stunnel @@ -36,11 +36,13 @@ -e 's|@bindir@|$(bindir)|g' \ -e 's|@localstatedir@|$(localstatedir)|g' \ -e 's|@sysconfdir@|$(sysconfdir)|g' \ - -e 's|@DEFAULT_GROUP@|$(DEFAULT_GROUP)|g' + -e 's|@DEFAULT_GROUP@|$(DEFAULT_GROUP)|g' \ + -e 's|@PACKAGE_VERSION@|$(PACKAGE_VERSION)|g' -stunnel.conf-sample stunnel.init stunnel.service: Makefile +stunnel.conf-sample stunnel.init stunnel.service stunnel.spec: Makefile $(edit) '$(srcdir)/$@.in' >$@ stunnel.conf-sample: $(srcdir)/stunnel.conf-sample.in stunnel.init: $(srcdir)/stunnel.init.in stunnel.service: $(srcdir)/stunnel.service.in +stunnel.spec: $(srcdir)/stunnel.spec.in
View file
_service:tar_scm:stunnel-5.69.tar.gz/tools/Makefile.in -> _service:tar_scm:stunnel-5.72.tar.gz/tools/Makefile.in
Changed
@@ -14,7 +14,7 @@ @SET_MAKE@ -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 VPATH = @srcdir@ am__is_gnu_make = { \ @@ -185,6 +185,7 @@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FILECMD = @FILECMD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -291,7 +292,7 @@ makecert.sh openssl.cnf stunnel.nsi ReplaceInFile3.nsh \ stunnel.license stunnel.conf stunnel.conf-sample.in \ stunnel.init.in stunnel.service.in stunnel.logrotate \ - stunnel.rh.init stunnel.spec ca-certs.pem + stunnel.rh.init stunnel.spec.in ca-certs.pem confdir = $(sysconfdir)/stunnel conf_DATA = stunnel.conf-sample examplesdir = $(docdir)/examples @@ -299,13 +300,14 @@ stunnel.rh.init stunnel.spec ca.html ca.pl importCA.html \ importCA.sh script.sh dist_bashcomp_DATA = stunnel.bash -CLEANFILES = stunnel.conf-sample stunnel.init stunnel.service +CLEANFILES = stunnel.conf-sample stunnel.init stunnel.service stunnel.spec edit = sed \ -e 's|@prefix@|$(prefix)|g' \ -e 's|@bindir@|$(bindir)|g' \ -e 's|@localstatedir@|$(localstatedir)|g' \ -e 's|@sysconfdir@|$(sysconfdir)|g' \ - -e 's|@DEFAULT_GROUP@|$(DEFAULT_GROUP)|g' + -e 's|@DEFAULT_GROUP@|$(DEFAULT_GROUP)|g' \ + -e 's|@PACKAGE_VERSION@|$(PACKAGE_VERSION)|g' all: all-am @@ -582,12 +584,13 @@ ${INSTALL} -b -m 600 stunnel.pem $(DESTDIR)$(confdir)/stunnel.pem rm -f stunnel.pem -stunnel.conf-sample stunnel.init stunnel.service: Makefile +stunnel.conf-sample stunnel.init stunnel.service stunnel.spec: Makefile $(edit) '$(srcdir)/$@.in' >$@ stunnel.conf-sample: $(srcdir)/stunnel.conf-sample.in stunnel.init: $(srcdir)/stunnel.init.in stunnel.service: $(srcdir)/stunnel.service.in +stunnel.spec: $(srcdir)/stunnel.spec.in # Tell versions 3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded.
View file
_service:tar_scm:stunnel-5.69.tar.gz/tools/ca-certs.pem -> _service:tar_scm:stunnel-5.72.tar.gz/tools/ca-certs.pem
Changed
@@ -1,4 +1,84 @@ -----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV +BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE +CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy +MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G +A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD +DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq +M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf +OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa +4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9 +HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR +aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA +b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ +Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV +PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO +pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu +UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY +MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4 +9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW +s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5 +Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg +cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM +79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz +/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt +ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm +Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK +QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ +w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi +S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07 +mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQsw +CQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91 +bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwg +Um9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRaFw00MjA1MDkwOTU4MzNaMG0xCzAJ +BgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBGb3Vu +ZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2JhbCBS +b290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4ni +eUqjFqdrVCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4W +p2OQ0jnUsYd4XxiWD1AbNTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7T +rYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0EAwMDaAAwZQIwJsdpW9zV +57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtkAjEA2zQg +Mgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +BAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04g +Uk9PVCBDQSBHMjAeFw0xNzAyMDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJ +BgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJ +R04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDF +dRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05N0Iw +vlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZ +uIt4ImfkabBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhp +n+Sc8CnTXPnGFiWeI8MgwT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKs +cpc/I1mbySKEwQdPzH/iV8oScLumZfNpdWO9lfsbl83kqK/20U6o2YpxJM02PbyW +xPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91QqhngLjYl/rNUssuHLoPj1P +rCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732jcZZroiF +DsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fx +DTvf95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgy +LcsUDFDYg2WD7rlcz8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6C +eWRgKRM+o/1Pcmqr4tTluCRVLERLiohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSCIS1mxteg4BXrzkwJ +d8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOBywaK8SJJ6ejq +kX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC +b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQl +qiCA2ClV9+BB/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0 +OJD7uNGzcgbJceaBxXntC6Z58hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+c +NywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5BiKDUyUM/FHE5r7iOZULJK2v0ZXk +ltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklWatKcsWMy5WHgUyIO +pwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tUSxfj +03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZk +PuXaTH4MNMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE +1LlSVHJ7liXMvGnjSG4N0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MX +QRBdJ3NghVdJIgc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAw gb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg @@ -107,35 +187,53 @@ 0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV -BAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04g -Uk9PVCBDQSBHMjAeFw0xNzAyMDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJ -BgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJ -R04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDF -dRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05N0Iw -vlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZ -uIt4ImfkabBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhp -n+Sc8CnTXPnGFiWeI8MgwT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKs -cpc/I1mbySKEwQdPzH/iV8oScLumZfNpdWO9lfsbl83kqK/20U6o2YpxJM02PbyW -xPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91QqhngLjYl/rNUssuHLoPj1P -rCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732jcZZroiF -DsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fx -DTvf95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgy -LcsUDFDYg2WD7rlcz8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6C -eWRgKRM+o/1Pcmqr4tTluCRVLERLiohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSCIS1mxteg4BXrzkwJ -d8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOBywaK8SJJ6ejq -kX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC -b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQl -qiCA2ClV9+BB/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0 -OJD7uNGzcgbJceaBxXntC6Z58hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+c -NywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5BiKDUyUM/FHE5r7iOZULJK2v0ZXk -ltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklWatKcsWMy5WHgUyIO -pwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tUSxfj -03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZk -PuXaTH4MNMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE -1LlSVHJ7liXMvGnjSG4N0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MX -QRBdJ3NghVdJIgc= +MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQEL +BQAwbzELMAkGA1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJ +SG9uZyBLb25nMRYwFAYDVQQKEw1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25n +a29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2MDMwMjI5NDZaFw00MjA2MDMwMjI5 +NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtvbmcxEjAQBgNVBAcT +CUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMXSG9u +Z2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCziNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFO +dem1p+/l6TWZ5Mwc50tfjTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mI +VoBc+L0sPOFMV4i707mV78vH9toxdCim5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV +9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOesL4jpNrcyCse2m5FHomY +2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj0mRiikKY +vLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+Tt +bNe/JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZb +x39ri1UbSsUgYT2uy1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+ +l2oBlKN8W4UdKjk60FSh0Tlxnf0h+bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YK +TE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsGxVd7GYYKecsAyVKvQv83j+Gj +Hno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwIDAQABo2MwYTAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e +i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEw +DQYJKoZIhvcNAQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG +7BJ8dNVI0lkUmcDrudHr9EgwW62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCk +MpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWldy8joRTnU+kLBEUx3XZL7av9YROXr +gZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov+BS5gLNdTaqX4fnk +GMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDceqFS +3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJm +Ozj/2ZQw9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+ +l6mc1X5VTMbeRRAc6uk7nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6c +JfTzPV4e0hz5sy229zdcxsshTrD3mUcYhcErulWuBurQB7Lcq9CClnXO0lD+mefP +L5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB60PZ2Pierc+xYw5F9KBa +LJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fqdBb9HxEG +mpv0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNV +BAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRk +LjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJv +b3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZaFw00MjA4MjIxMjA3MDZaMHExCzAJ +BgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMg +THRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25v +IFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtv +xie+RJCxs1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+H +Wyx7xf58etqjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBSHERUI0arBeAyxr87GyZDvvzAEwDAfBgNVHSMEGDAWgBSHERUI0arB +eAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEAtVfd14pVCzbhhkT61Nlo +jbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxOsvxyqltZ ++efcMQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UE @@ -173,6 +271,39 @@ GbqEZycPvEJdvSRUDewdcAZfpLz6IHxV -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- +MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEM +BQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRG +T1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4NDJaFw0zNzA4MTgyMzU5NTlaMGkx +CzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVTUyBQTEFURk9STSBD +b3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVA +iQqrDZBbUGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH +38dq6SZeWYp34+hInDEW+j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lE +HoSTGEq0n+USZGnQJoViAbbJAh2+g1G7XNr4rRVqmfeSVPc0W+m/6imBEtRTkZaz +kVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2aacp+yPOiNgSnABIqKYP +szuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4Yb8Obtoq +vC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHf +nZ3zVHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaG +YQ5fG8Ir4ozVu53BA0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo +0es+nPxdGoMuK8u180SdOqcXYZaicdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3a +CJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejyYhbLgGvtPe31HzClrkvJE+2K +AQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNVHQ4EFgQU0p+I +36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoN +qo0hV4/GPnrK21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatj +cu3cvuzHV+YwIHHW1xDBE1UBjCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm ++LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bxhYTeodoS76TiEJd6eN4MUZeoIUCL +hr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTgE34h5prCy8VCZLQe +lHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTHD8z7 +p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8 +piKCk5XQA76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLR +LBT/DShycpWbXgnbiUSYqqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX +5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF4+KO +dh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul +9XXeifdy +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 @@ -300,40 +431,6 @@ GJTO -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV -BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE -CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy -dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy -MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G -A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD -DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq -M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf -OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa -4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9 -HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR -aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA -b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ -Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV -PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO -pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu -UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY -MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV -HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4 -9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW -s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5 -Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg -cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM -79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz -/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt -ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm -Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK -QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ -w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi -S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07 -mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIFajCCA1KgAwIBAgIQLd2szmKXlKFD6LDNdmpeYDANBgkqhkiG9w0BAQsFADBP MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 ZC4xGzAZBgNVBAMMEkhpUEtJIFJvb3QgQ0EgLSBHMTAeFw0xOTAyMjIwOTQ2MDRa @@ -365,69 +462,1221 @@ YDksswBVLuT1sw5XxJFBAJw/6KXf6vb/yPCtbVKoF6ubYfwSUTXkJf2vqmqGOQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQsw -CQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91 -bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwg -Um9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRaFw00MjA1MDkwOTU4MzNaMG0xCzAJ -BgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBGb3Vu -ZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2JhbCBS -b290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4ni -eUqjFqdrVCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4W -p2OQ0jnUsYd4XxiWD1AbNTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7T -rYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0EAwMDaAAwZQIwJsdpW9zV -57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtkAjEA2zQg -Mgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9 +MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUA +MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD +VQQDExNHbG9iYWxTaWduIFJvb3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMy +MDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt +c2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08EsCVeJ +OaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQG +vGIFAha/r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud +316HCkD7rRlr+/fKYIje2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo +0q3v84RLHIf8E6M6cqJaESvWJ3En7YEtbWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSE +y132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvjK8Cd+RTyG/FWaha/LIWF +zXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD412lPFzYE ++cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCN +I/onccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzs +x2sZy/N78CsHpdlseVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqa +ByFrgY/bxFn63iLABJzjqls2k+g9vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC +4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEMBQADggIBAHx4 +7PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg +JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti +2kM3S+LGteWygxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIk +pnnpHs6i58FZFZ8d4kuaPp92CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRF +FRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZmOUdkLG5NrmJ7v2B0GbhWrJKsFjLt +rWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qqJZ4d16GLuc1CLgSk +ZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwyeqiv5 +u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP +4vkYxboznxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6 +N3ec592kD3ZDZopD8p/7DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3 +vouXsXgxT7PntgMTzlSdriVZzH81Xwj3QEUxeCp6 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNV -BAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRk -LjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJv -b3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZaFw00MjA4MjIxMjA3MDZaMHExCzAJ -BgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMg -THRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25v -IFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtv -xie+RJCxs1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+H -Wyx7xf58etqjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G -A1UdDgQWBBSHERUI0arBeAyxr87GyZDvvzAEwDAfBgNVHSMEGDAWgBSHERUI0arB -eAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEAtVfd14pVCzbhhkT61Nlo -jbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxOsvxyqltZ -+efcMQ== +MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYx +CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQD +ExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAw +MDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex +HDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkBjtjq +R+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGdd +yXqBPCCjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ +7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZkvLtoURMMA/cVi4RguYv/Uo7njLwcAjA8 ++RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAezNIm8BZ/3Hobui3A= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE -BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h -cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy -MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg -Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi -MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 -thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM -cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG -L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i -NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h -X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b -m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy -Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja -EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T -KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF -6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh -OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD -VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD -VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp -cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv -ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl -AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF -661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 -am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 -ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 -PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS -3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k -SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF -3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM -ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g -StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz -Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB -jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNV +BAUTCUc2MzI4NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlk +YWQgZGUgQ2VydGlmaWNhY2lvbjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNV +BAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3QgQ0EwHhcNMTkwOTA0MTAwMDM4WhcN +MzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEwMQswCQYDVQQGEwJF +UzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQwEgYD +VQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9v +dCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCj +cqQZAZ2cC4Ffc0m6p6zzBE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9q +yGFOtibBTI3/TO80sh9l2Ll49a2pcbnvT1gdpd50IJeh7WhM3pIXS7yr/2WanvtH +2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcvB2VSAKduyK9o7PQUlrZX +H1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXsezx76W0OL +zc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyR +p1RMVwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQz +W7i1o0TJrH93PB0j7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/ +SiOL9V8BY9KHcyi1Swr1+KuCLH5zJTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJn +LNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe8TZBAQIvfXOn3kLMTOmJDVb3 +n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVOHj1tyRRM4y5B +u8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj +o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AgEATh65isagmD9uw2nAalxJUqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L +9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzxj6ptBZNscsdW699QIyjlRRA96Gej +rw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDtdD+4E5UGUcjohybK +pFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM5gf0 +vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjq +OknkJjCb5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ +/zo1PqVUSlJZS2Db7v54EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ9 +2zg/LFis6ELhDtjTO0wugumDLmsx2d1Hhk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI ++PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGyg77FGr8H6lnco4g175x2 +MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3r5+qPeoo +tt7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQEL +BQAwYTELMAkGA1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUg +Q2VydGlmaWNhdGlvbiBFbGVjdHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJv +b3QgQ0EwHhcNMTkwNDI2MDg1NzU2WhcNNDQwNDI2MDg1NzU2WjBhMQswCQYDVQQG +EwJUTjE3MDUGA1UECgwuQWdlbmNlIE5hdGlvbmFsZSBkZSBDZXJ0aWZpY2F0aW9u +IEVsZWN0cm9uaXF1ZTEZMBcGA1UEAwwQVHVuVHJ1c3QgUm9vdCBDQTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPN0/y9BFPdDCA61YguBUtB9YOCfvdZ +n56eY+hz2vYGqU8ftPkLHzmMmiDQfgbU7DTZhrx1W4eI8NLZ1KMKsmwb60ksPqxd +2JQDoOw05TDENX37Jk0bbjBU2PWARZw5rZzJJQRNmpA+TkBuimvNKWfGzC3gdOgF +VwpIUPp6Q9p+7FuaDmJ2/uqdHYVy7BG7NegfJ7/Boce7SBbdVtfMTqDhuazb1YMZ +GoXRlJfXyqNlC/M4+QKu3fZnz8k/9YosRxqZbwUN/dAdgjH8KcwAWJeRTIAAHDOF +li/LQcKLEITDCSSJH7UP2dl3RxiSlGBcx5kDPP73lad9UKGAwqmDrViWVSHbhlnU +r8a83YFuB9tgYv7sEG7aaAH0gxupPqJbI9dkxt/con3YS7qC0lH4Zr8GRuR5KiY2 +eY8fTpkdso8MDhz/yV3A/ZAQprE38806JG60hZC/gLkMjNWb1sjxVj8agIl6qeIb +MlEsPvLfe/ZdeikZjuXIvTZxi11Mwh0/rViizz1wTaZQmCXcI/m4WEEIcb9PuISg +jwBUFfyRbVinljvrS5YnzWuioYasDXxU5mZMZl+QviGaAkYt5IPCgLnPSz7ofzwB +7I9ezX/SKEIBlYrilz0QIX32nRzFNKHsLA4KUiwSVXAkPcvCFDVDXSdOvsC9qnyW +5/yeYa1E0wCXAgMBAAGjYzBhMB0GA1UdDgQWBBQGmpsfU33x9aTI04Y+oXNZtPdE +ITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFAaamx9TffH1pMjThj6hc1m0 +90QhMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAqgVutt0Vyb+z +xiD2BkewhpMl0425yAA/l/VSJ4hxyXT968pk21vvHl26v9Hr7lxpuhbI87mP0zYu +QEkHDVneixCwSQXi/5E/S7fdAo74gShczNxtr18UnH1YeA32gAm56Q6XKRm4t+v4 +FstVEuTGfbvE7Pi1HE4+Z7/FXxttbUcoqgRYYdZ2vyJ/0Adqp2RT8JeNnYA/u8EH +22Wv5psymsNUk8QcCMNE+3tjEUPRahphanltkE8pjkcFwRJpadbGNjHh/PqAulxP +xOu3Mqz4dWEX1xAZufHSCe96Qp1bWgvUxpVOKs7/B9dPfhgGiPEZtdmYu65xxBzn +dFlY7wyJz4sfdZMaBBSSSFCp61cpABbjNhzI+L/wM9VBD8TMPN3pM0MBkRArHtG5 +Xc0yGYuPjCB31yLEQtyEFpslbei0VXF/sHyz03FJuc9SpAQ/3D2gu68zngowYI7b +nV2UqL1g52KAdoGDDIzMMEZJ4gzSqK/rYXHv5yJiqfdcZGyfFoxnNidF9Ql7v/YQ +CvGwjVRDjAS6oz/v4jXH+XTgbzRB0L9zZVcg+ZtnemZoJE6AZb0QmQZZ8mWvuMZH +u/2QeItBcy6vVR/cO5JyboTT0GFMDcx2V+IthSIVNg3rAZ3r2OvEhJn7wAzMMujj +d9qDRIueVSjAi1jTkD5OGwDxFa2DK5o= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQsw +CQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScw +JQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMT +EENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2MDcyNDU0WhcNNDMwMzI2MDcyNDU0 +WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBT +LkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAX +BgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATE +KI6rGFtqvm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7Tm +Fy8as10CW4kjPMIRBSqniBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68Kj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI0GZnQkdjrzife81r1HfS+8 +EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjADVS2m5hjEfO/J +UG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0QoSZ/6vn +nvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6 +MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEu +MScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNV +BAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwHhcNMTgwMzE2MTIxMDEzWhcNNDMw +MzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEg +U3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZ +n0EGze2jusDbCSzBfN8pfktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/q +p1x4EaTByIVcJdPTsuclzxFUl6s1wB52HO8AU5853BSlLCIls3Jy/I2z5T4IHhQq +NwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2fJmItdUDmj0VDT06qKhF +8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGtg/BKEiJ3 +HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGa +mqi4NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi +7VdNIuJGmj8PkTQkfVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSF +ytKAQd8FqKPVhJBPC/PgP5sZ0jeJP/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0P +qafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSYnjYJdmZm/Bo/6khUHL4wvYBQ +v3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHKHRzQ+8S1h9E6 +Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1 +vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQAD +ggIBAEii1QALLtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4 +WxmB82M+w85bj/UvXgF2Ez8sALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvo +zMrnadyHncI013nR03e4qllY/p0m+jiGPp2Kh2RX5Rc64vmNueMzeMGQ2Ljdt4NR +5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8CYyqOhNf6DR5UMEQ +GfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA4kZf +5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq +0Uc9NneoWWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7D +P78v3DSk+yshzWePS/Tj6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTM +qJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmTOPQD8rv7gmsHINFSH5pkAnuYZttcTVoP +0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZckbxJF0WddCajJFdr60qZf +E2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkG +A1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkw +FwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYx +MDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9u +aXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWiD59b +RatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9Z +YybNpyrOVPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3 +QWPKzv9pj2gOlTblzLmMCcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPw +yJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCmfecqQjuCgGOlYx8ZzHyyZqjC0203b+J+ +BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKAA1GqtH6qRNdDYfOiaxaJ +SaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9ORJitHHmkH +r96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj0 +4KlGDfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9Me +dKZssCz3AwyIDMvUclOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIw +q7ejMZdnrY8XD2zHc+0klGvIg5rQmjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2 +nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1UdIwQYMBaAFNwu +H9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA +VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJC +XtzoRlgHNQIw4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd +6IwPS3BD0IL/qMy/pJTAvoe9iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf ++I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS8cE54+X1+NZK3TTN+2/BT+MAi1bi +kvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2HcqtbepBEX4tdJP7 +wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxSvTOB +TI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6C +MUO+1918oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn +4rnvyOL2NSl6dPrFf4IFYqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+I +aFvowdlxfv1k7/9nR4hYJS8+hge9+6jlgqispdNpQ80xiEmEU5LAsTkbOYMBMMTy +qfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYD +VQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw +MTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4MjMxNjA0WjBlMQswCQYDVQQGEwJV +UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNy +b3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZR +ogPZnZH6thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYb +hGBKia/teQ87zvH2RPUBeMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBTIy5lycFIM+Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3 +FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlfXu5gKcs68tvWMoQZP3zV +L8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaReNtUjGUB +iudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBl +MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw +NAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 +IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIwNzE4MjMwMDIzWjBlMQswCQYDVQQG +EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1N +aWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZ +Nt9GkMml7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0 +ZdDMbRnMlfl7rEqUrQ7eS0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1 +HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw71VdyvD/IybLeS2v4I2wDwAW9lcfNcztm +gGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+dkC0zVJhUXAoP8XFWvLJ +jEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49FyGcohJUc +aDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaG +YaRSMLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6 +W6IYZVcSn2i51BVrlMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4K +UGsTuqwPN1q3ErWQgR5WrlcihtnJ0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH ++FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJClTUFLkqqNfs+avNJVgyeY+Q +W5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZC +LgLNFgVZJ8og6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OC +gMNPOsduET/m4xaRhPtthH80dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6 +tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk+ONVFT24bcMKpBLBaYVu32TxU5nh +SnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex/2kskZGT4d9Mozd2 +TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDyAmH3 +pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGR +xpl/j8nWZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiApp +GWSZI1b7rCoucL5mxAyE7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9 +dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKTc0QWbej09+CVgI+WXTik9KveCjCHk9hN +AHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D5KbvtwEwXlGjefVwaaZB +RA+GsCyRxj3qrg+E +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBU +MQswCQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRI +T1JJVFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAz +MTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJF +SUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2Jh +bCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFmCL3Z +xRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZ +spDyRhySsTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O5 +58dnJCNPYwpj9mZ9S1WnP3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgR +at7GGPZHOiJBhyL8xIkoVNiMpTAK+BcWyqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll +5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRjeulumijWML3mG90Vr4Tq +nMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNnMoH1V6XK +V0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/ +pj+bOT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZO +z2nxbkRs1CTqjSShGL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXn +jSXWgXSHRtQpdaJCbPdzied9v3pKH9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+ +WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMBAAGjQjBAMB0GA1UdDgQWBBTF +7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4 +YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3Kli +awLwQ8hOnThJdMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u ++2D2/VnGKhs/I0qUJDAnyIm860Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88 +X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuhTaRjAv04l5U/BXCga99igUOLtFkN +SoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW4AB+dAb/OMRyHdOo +P2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmpGQrI ++pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRz +znfSxqxx4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9 +eVzYH6Eze9mCUAyTF6ps3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2 +YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4SSPfSKcOYKMryMguTjClPPGAyzQWWYezy +r/6zcCwupvI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQsw +CQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJ +VFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgy +MVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJ +TkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2JhbCBS +b290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jlSR9B +IgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK+ ++kpRuDCK/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJK +sVF/BvDRgh9Obl+rg/xI1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA +94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8gUXOQwKhbYdDFUDn9hf7B +43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYD +VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG +A1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw +WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz +IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout736G +jOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL2 +4CejQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA9uEglRR7 +VKOQFhG/hMjqb2sXnh5GmCCbn9MN2azTL818+FsuVbu/3ZL3pAzcMeGiAjEA/Jdm +ZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV11RZt+cRLInUue4X +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYD +VQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2Jh +bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgw +MTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0g +UjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wWTAT +BgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkWymOx +uYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNV +HQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/ ++wpu+74zyTyjhNUwCgYIKoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147 +bmF0774BxL4YSFlhgjICICadVGNA3jdgUM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw +MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp +Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf/vo +27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7w +Cl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjw +TcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0Pfybl +qAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaH +szVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4Zor8 +Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUspzBmk +MiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92 +wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70p +aDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrN +VjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQID +AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBAJ+qQibb +C5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe +QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuy +h6f88/qBVRRiClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM4 +7HLwEXWdyzRSjeZ2axfG34arJ45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8J +ZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYciNuaCp+0KueIHoI17eko8cdLiA6Ef +MgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5meLMFrUKTX5hgUvYU/ +Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJFfbdT +6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ +0E6yove+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm +2tIMPNuzjsmhDYAPexZ3FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bb +bP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3gm3c +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw +MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp +Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3LvCvpt +nfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY +6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAu +MC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7k +RXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXuPuWg +f9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1mKPV ++3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K8Yzo +dDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RW +Ir9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKa +G73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCq +gc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwID +AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBAB/Kzt3H +vqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8 +0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyC +B19m3H0Q/gxhswWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2u +NmSRXbBoGOqKYcl3qJfEycel/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMg +yALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVnjWQye+mew4K6Ki3pHrTgSAai/Gev +HyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y59PYjJbigapordwj6 +xLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M7YNR +TOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924Sg +JPFI/2R80L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV +7LXTWtiBmelDGDfrs7vRWGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl +6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjWHYbL +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYD +VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG +A1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw +WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz +IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzuhXyi +QHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvR +HYqjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D +9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/Cr8deVl5c1RxYIigL9zC2L7F8AjEA8GE8 +p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQx +CzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UE +AwwQVGVsaWEgUm9vdCBDQSB2MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1 +NTRaMEQxCzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZ +MBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2MjCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBALLQPwe84nvQa5n44ndp586dpAO8gm2h/oFlH0wnrI4AuhZ76zBq +AMCzdGh+sq/H1WKzej9Qyow2RCRj0jbpDIX2Q3bVTKFgcmfiKDOlyzG4OiIjNLh9 +vVYiQJ3q9HsDrWj8soFPmNB06o3lfc1jw6P23pLCWBnglrvFxKk9pXSW/q/5iaq9 +lRdU2HhE8Qx3FZLgmEKnpNaqIJLNwaCzlrI6hEKNfdWV5Nbb6WLEWLN5xYzTNTOD +n3WhUidhOPFZPY5Q4L15POdslv5e2QJltI5c0BE0312/UqeBAMN/mUWZFdUXyApT +7GPzmX3MaRKGwhfwAZ6/hLzRUssbkmbOpFPlob/E2wnW5olWK8jjfN7j/4nlNW4o +6GwLI1GpJQXrSPjdscr6bAhR77cYbETKJuFzxokGgeWKrLDiKca5JLNrRBH0pUPC +TEPlcDaMtjNXepUugqD0XBCzYYP2AgWGLnwtbNwDRm41k9V6lS/eINhbfpSQBGq6 +WT0EBXWdN6IOLj3rwaRSg/7Qa9RmjtzG6RJOHSpXqhC8fF6CfaamyfItufUXJ63R +DolUK5X6wK0dmBR4M0KGCqlztft0DbcbMBnEWg4cJ7faGND/isgFuvGqHKI3t+ZI +pEYslOqodmJHixBTB0hXbOKSTbauBcvcwUpej6w9GU7C7WB1K9vBykLVAgMBAAGj +YzBhMB8GA1UdIwQYMBaAFHKs5DN5qkWH9v2sHZ7Wxy+G2CQ5MB0GA1UdDgQWBBRy +rOQzeapFh/b9rB2e1scvhtgkOTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw +AwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAoDtZpwmUPjaE0n4vOaWWl/oRrfxn83EJ +8rKJhGdEr7nv7ZbsnGTbMjBvZ5qsfl+yqwE2foH65IRe0qw24GtixX1LDoJt0nZi +0f6X+J8wfBj5tFJ3gh1229MdqfDBmgC9bXXYfef6xzijnHDoRnkDry5023X4blMM +A8iZGok1GTzTyVR8qPAs5m4HeW9q4ebqkYJpCh3DflminmtGFZhb069GHWLIzoBS +SRE/yQQSwxN8PzuKlts8oB4KtItUsiRnDe+Cy748fdHif64W1lZYudogsYMVoe+K +TTJvQS8TUoKU1xrBeKJR3Stwbbca+few4GeXVtt8YVMJAygCQMez2P2ccGrGKMOF +6eLtGpOg3kuYooQ+BXcBlj37tCAPnHICehIv1aO6UXivKitEZU61/Qrowc15h2Er +3oBXRb9n8ZuRXqWk7FlIEA04x7D6w0RtBPV4UBySllva9bguulvP5fBqnUsvWHMt +Ty3EHD70sz+rFQ47GUGKpMFXEmZxTPpT41frYpUJnlTd0cI8Vzy9OK2YZLe4A5pT +VmBds9hCG1xLEooc6+t9xnppxyd/pPiL8uSUZodL6ZQHCRJ5irLrdATczvREWeAW +ysUsWNc8e89ihmpQfTU2Zqf7N+cox9jQraVplI/owd8k+BsHMYeB2F326CjYSlKA +rBPuUBQemMc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC2zCCAmCgAwIBAgIQfMmPK4TX3+oPyWWa00tNljAKBggqhkjOPQQDAzBIMQsw +CQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRS +VVNUIEJSIFJvb3QgQ0EgMSAyMDIwMB4XDTIwMDIxMTA5NDUwMFoXDTM1MDIxMTA5 +NDQ1OVowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAG +A1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDEgMjAyMDB2MBAGByqGSM49AgEGBSuB +BAAiA2IABMbLxyjR+4T1mu9CFCDhQ2tuda38KwOE1HaTJddZO0Flax7mNCq7dPYS +zuht56vkPE4/RAiLzRZxy7+SmfSk1zxQVFKQhYN4lGdnoxwJGT11NIXe7WB9xwy0 +QVK5buXuQqOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHOREKv/ +VbNafAkl1bK6CKBrqx9tMA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6g +PKA6hjhodHRwOi8vY3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X2JyX3Jvb3Rf +Y2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5l +dC9DTj1ELVRSVVNUJTIwQlIlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxPPUQtVHJ1 +c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjO +PQQDAwNpADBmAjEAlJAtE/rhY/hhY+ithXhUkZy4kzg+GkHaQBZTQgjKL47xPoFW +wKrY7RjEsK70PvomAjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHV +dWNbFJWcHwHP2NVypw87 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC2zCCAmCgAwIBAgIQXwJB13qHfEwDo6yWjfv/0DAKBggqhkjOPQQDAzBIMQsw +CQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRS +VVNUIEVWIFJvb3QgQ0EgMSAyMDIwMB4XDTIwMDIxMTEwMDAwMFoXDTM1MDIxMTA5 +NTk1OVowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAG +A1UEAxMZRC1UUlVTVCBFViBSb290IENBIDEgMjAyMDB2MBAGByqGSM49AgEGBSuB +BAAiA2IABPEL3YZDIBnfl4XoIkqbz52Yv7QFJsnL46bSj8WeeHsxiamJrSc8ZRCC +/N/DnU7wMyPE0jL1HLDfMxddxfCxivnvubcUyilKwg+pf3VlSSowZ/Rk99Yad9rD +wpdhQntJraOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFH8QARY3 +OqQo5FD4pPfsazK2/umLMA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6g +PKA6hjhodHRwOi8vY3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X2V2X3Jvb3Rf +Y2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5l +dC9DTj1ELVRSVVNUJTIwRVYlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxPPUQtVHJ1 +c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjO +PQQDAwNpADBmAjEAyjzGKnXCXnViOTYAYFqLwZOZzNnbQTs7h5kXO9XMT8oi96CA +y/m0sRtW9XLS/BnRAjEAkfcwkz8QRitxpNA7RJvAKQIFskF3UfN5Wp6OFKBOQtJb +gfM0agPnIjhQW+0ZT0MW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBs +MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0Eg +Um9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTUzOFoXDTQ1MDIxMzEwNTUzN1owbDEL +MAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl +YXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgUlNBIFJv +b3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvC569l +mwVnlskNJLnQDmT8zuIkGCyEf3dRywQRNrhe7Wlxp57kJQmXZ8FHws+RFjZiPTgE +4VGC/6zStGndLuwRo0Xua2s7TL+MjaQenRG56Tj5eg4MmOIjHdFOY9TnuEFE+2uv +a9of08WRiFukiZLRgeaMOVig1mlDqa2YUlhu2wr7a89o+uOkXjpFc5gH6l8Cct4M +pbOfrqkdtx2z/IpZ525yZa31MJQjB/OCFks1mJxTuy/K5FrZx40d/JiZ+yykgmvw +Kh+OC19xXFyuQnspiYHLA6OZyoieC0AJQTPb5lh6/a6ZcMBaD9YThnEvdmn8kN3b +LW7R8pv1GmuebxWMevBLKKAiOIAkbDakO/IwkfN4E8/BPzWr8R0RI7VDIp4BkrcY +AuUR0YLbFQDMYTfBKnya4dC6s1BG7oKsnTH4+yPiAwBIcKMJJnkVU2DzOFytOOqB +AGMUuTNe3QvboEUHGjMJ+E20pwKmafTCWQWIZYVWrkvL4N48fS0ayOn7H6NhStYq +E613TBoYm5EPWNgGVMWX+Ko/IIqmhaZ39qb8HOLubpQzKoNQhArlT4b4UEV4AIHr +W2jjJo3Me1xR9BQsQL4aYB16cmEdH2MtiKrOokWQCPxrvrNQKlr9qEgYRtaQQJKQ +CoReaDH46+0N0x3GfZkYVVYnZS6NRcUk7M7jAgMBAAGjQjBAMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFApII6ZgpJIKM+qTW8VX6iVNvRLuMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPpBIqm5iFSVmewzVjIuJndftTgfvnNAU +X15QvWiWkKQUEapobQk1OUAJ2vQJLDSle1mESSmXdMgHHkdt8s4cUCbjnj1AUz/3 +f5Z2EMVGpdAgS1D0NTsY9FVqQRtHBmg8uwkIYtlfVUKqrFOFrJVWNlar5AWMxaja +H6NpvVMPxP/cyuN+8kyIhkdGGvMA9YCRotxDQpSbIPDRzbLrLFPCU3hKTwSUQZqP +JzLB5UkZv/HywouoCjkxKLR9YjYsTewfM7Z+d21+UPCfDtcRj88YxeMn/ibvBZ3P +zzfF0HvaO7AWhAw6k9a+F9sPPg4ZeAnHqQJyIkv3N3a6dcSFA1pj1bF1BcK5vZSt +jBWZp5N99sXzqnTPBIWUmAD04vnKJGW/4GKvyMX6ssmeVkjaef2WdhW+o45WxLM0 +/L5H9MG0qPzVMIho7suuyWPEdr6sOBjhXlzPrjoiUevRi7PzKzMHVIf6tLITe7pT +BGIBnfHAT+7hOtSLIBD6Alfm78ELt5BGnBkpjNxvoEppaZS3JGWg/6w/zgH7IS79 +aPib8qXPMThcFarmlwDB31qlpzmq6YR/PFGoOtmUW4y/Twhx5duoXNTSpv4Ao8YW +xw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnnkf3/W9b3raYvAwtt41dU +63ZTGI0RmLo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQsw +CQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh +cmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9v +dCBDQSAyMDIxMB4XDTIxMDIxOTExMDExMFoXDTQ1MDIxMzExMDEwOVowbDELMAkG +A1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj +aCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgRUNDIFJvb3Qg +Q0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDgI/rGgltJ6rK9JOtDA4MM7 +KKrxcm1lAEeIhPyaJmuqS7psBAqIXhfyVYf8MLA04jRYVxqEU+kw2anylnTDUR9Y +STHMmE5gEYd103KUkE+bECUqqHgtvpBBWJAVcqeht6NCMEAwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUyRtTgRL+BNUW0aq8mm+3oJUZbsowDgYDVR0PAQH/BAQD +AgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAircJRQO9gcS3ujwLEXQNw +SaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/QwCZ61IygN +nxS2PFOiTAZpffpskcYqSUXm7LcT4Tps +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw +CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg +R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00 +MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT +ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw +EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW ++1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9 +ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI +zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW +tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1 +/q4AaOeMSQ+2b1tbFfLn +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBN +MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMT +HERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN +NDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQs +IEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS87IE+ +ajWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG0 +2C+JFvuUAT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgp +wgscONyfMXdcvyej/Cestyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZM +pG2T6T867jp8nVid9E6P/DsjyG244gXazOvswzH016cpVIDPRFtMbzCe88zdH5RD +nU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnVDdXifBBiqmvwPXbzP6Po +sMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9qTXeXAaDx +Zre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cd +Lvvyz6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvX +KyY//SovcfXWJL5/MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNe +XoVPzthwiHvOAbWWl9fNff2C+MIkwcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPL +tgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4EFgQUUTMc7TZArxfTJc1paPKv +TiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw +GXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7H +PNtQOa27PShNlnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLF +O4uJ+DQtpBflF+aZfTCIITfNMBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQ +REtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/u4cnYiWB39yhL/btp/96j1EuMPik +AdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9GOUrYU9DzLjtxpdRv +/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh47a+ +p6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilw +MUc/dNAUFvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WF +qUITVuwhd4GTWgzqltlJyqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCK +ovfepEWFJqgejF0pW8hL2JpqA15w8oVPbEtoL8pU9ozaMv7Da4M/OMZ+ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURp +Z2lDZXJ0IFRMUyBFQ0MgUDM4NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2 +MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ +bmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQgUm9vdCBHNTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1TzvdlHJS +7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp +0zVozptjn4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICIS +B4CIfBFqMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49 +BAMDA2gAMGUCMQCJao1H5+z8blUD2WdsJk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQ +LgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIxAJSdYsiJvRmEFOml+wG4 +DXZDjC5Ty3zfDBeWUA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAw +PTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2Vy +dGFpbmx5IFJvb3QgUjEwHhcNMjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9 +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0 +YWlubHkgUm9vdCBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANA2 +1B/q3avk0bbm+yLA3RMNansiExyXPGhjZjKcA7WNpIGD2ngwEc/csiu+kr+O5MQT +vqRoTNoCaBZ0vrLdBORrKt03H2As2/X3oXyVtwxwhi7xOu9S98zTm/mLvg7fMbed +aFySpvXl8wo0tf97ouSHocavFwDvA5HtqRxOcT3Si2yJ9HiG5mpJoM610rCrm/b0 +1C7jcvk2xusVtyWMOvwlDbMicyF0yEqWYZL1LwsYpfSt4u5BvQF5+paMjRcCMLT5 +r3gajLQ2EBAHBXDQ9DGQilHFhiZ5shGIXsXwClTNSaa/ApzSRKft43jvRl5tcdF5 +cBxGX1HpyTfcX35pe0HfNEXgO4T0oYoKNp43zGJS4YkNKPl6I7ENPT2a/Z2B7yyQ +wHtETrtJ4A5KVpK8y7XdeReJkd5hiXSSqOMyhb5OhaRLWcsrxXiOcVTQAjeZjOVJ +6uBUcqQRBi8LjMFbvrWhsFNunLhgkR9Za/kt9JQKl7XsxXYDVBtlUrpMklZRNaBA +2CnbrlJ2Oy0wQJuK0EJWtLeIAaSHO1OWzaMWj/Nmqhexx2DgwUMFDO6bW2BvBlyH +Wyf5QBGenDPBt+U1VwV/J84XIIwc/PH72jEpSe31C4SnT8H2TsIonPru4K8H+zMR +eiFPCyEQtkA6qyI6BJyLm4SGcprSp6XEtHWRqSsjAgMBAAGjQjBAMA4GA1UdDwEB +/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTgqj8ljZ9EXME66C6u +d0yEPmcM9DANBgkqhkiG9w0BAQsFAAOCAgEAuVevuBLaV4OPaAszHQNTVfSVcOQr +PbA56/qJYv331hgELyE03fFo8NWWWt7CgKPBjcZq91l3rhVkz1t5BXdm6ozTaw3d +8VkswTOlMIAVRQdFGjEitpIAq5lNOo93r6kiyi9jyhXWx8bwPWz8HA2YEGGeEaIi +1wrykXprOQ4vMMM2SZ/g6Q8CRFA3lFV96p/2O7qUpUzpvD5RtOjKkjZUbVwlKNrd +rRT90+7iIgXr0PK3aBLXWopBGsaSpVo7Y0VPv+E6dyIvXL9G+VoDhRNCX8reU9di +taY1BMJH/5n9hN9czulegChB8n3nHpDYT3Y+gjwN/KUD+nsa2UUeYNrEjvn8K8l7 +lcUq/6qJ34IxD3L/DCfXCh5WAFAeDJDBlrXYFIW7pw0WwfgHJBu6haEaBQmAupVj +yTrsJZ9/nbqkRxWbRHDxakvWOF5D8xh+UG7pWijmZeZ3Gzr9Hb4DJqPb1OG7fpYn +Kx3upPvaJVQTA945xsMfTZDsjxtK0hzthZU4UHlG1sGQUDGpXJpuHfUzVounmdLy +yCwzk5Iwx06MZTMQZBf9JBeW0Y3COmor6xOLRPIh80oat3df1+2IpHLlOR+Vnb5n +wXARPbv0+Em34yaXOp/SX3z7wJl8OSngex2/DaeP0ik0biQVy96QXr8axGbqwua6 +OV+KmalBWQewLK8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQsw +CQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlu +bHkgUm9vdCBFMTAeFw0yMTA0MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJ +BgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0YWlubHkxGjAYBgNVBAMTEUNlcnRhaW5s +eSBSb290IEUxMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3m/4fxzf7flHh4axpMCK ++IKXgOqPyEpeKn2IaKcBYhSRJHpcnqMXfYqGITQYUBsQ3tA3SybHGWCA6TS9YBk2 +QNYphwk8kXr2vBMj3VlOBF7PyAIcGFPBMdjaIOlEjeR2o0IwQDAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ygYy2R17ikq6+2uI1g4 +hevIIgcwCgYIKoZIzj0EAwMDaAAwZQIxALGOWiDDshliTd6wT99u0nCK8Z9+aozm +ut6Dacpps6kFtZaSF4fC0urQe87YQVt8rgIwRt7qy12a7DLCZRawTDBcMPPaTnOG +BtjOiQRINzf43TNRnXCve1XYAS59BWQOhriR +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFpTCCA42gAwIBAgIUZPYOZXdhaqs7tOqFhLuxibhxkw8wDQYJKoZIhvcNAQEM +BQAwWjELMAkGA1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dp +ZXMsIEluYy4xJDAiBgNVBAMMG1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHMzAe +Fw0yMTA1MjAwMjEwMTlaFw00NjA1MTkwMjEwMTlaMFoxCzAJBgNVBAYTAkNOMSUw +IwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSQwIgYDVQQDDBtU +cnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzMwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQDAMYJhkuSUGwoqZdC+BqmHO1ES6nBBruL7dOoKjbmzTNyPtxNS +T1QY4SxzlZHFZjtqz6xjbYdT8PfxObegQ2OwxANdV6nnRM7EoYNl9lA+sX4WuDqK +AtCWHwDNBSHvBm3dIZwZQ0WhxeiAysKtQGIXBsaqvPPW5vxQfmZCHzyLpnl5hkA1 +nyDvP+uLRx+PjsXUjrYsyUQE49RDdT/VP68czH5GX6zfZBCK70bwkPAPLfSIC7Ep +qq+FqklYqL9joDiR5rPmd2jE+SoZhLsO4fWvieylL1AgdB4SQXMeJNnKziyhWTXA +yB1GJ2Faj/lN03J5Zh6fFZAhLf3ti1ZwA0pJPn9pMRJpxx5cynoTi+jm9WAPzJMs +hH/x/Gr8m0ed262IPfN2dTPXS6TIi/n1Q1hPy8gDVI+lhXgEGvNz8teHHUGf59gX +zhqcD0r83ERoVGjiQTz+LISGNzzNPy+i2+f3VANfWdP3kXjHi3dqFuVJhZBFcnAv +kV34PmVACxmZySYgWmjBNb9Pp1Hx2BErW+Canig7CjoKH8GB5S7wprlppYiU5msT +f9FkPz2ccEblooV7WIQn3MSAPmeamseaMQ4w7OYXQJXZRe0Blqq/DPNL0WP3E1jA +uPP6Z92bfW1K/zJMtSU7/xxnD4UiWQWRkUF3gdCFTIcQcf+eQxuulXUtgQIDAQAB +o2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEDk5PIj7zjKsK5Xf/Ih +MBY027ySMB0GA1UdDgQWBBRA5OTyI+84yrCuV3/yITAWNNu8kjAOBgNVHQ8BAf8E +BAMCAQYwDQYJKoZIhvcNAQEMBQADggIBACY7UeFNOPMyGLS0XuFlXsSUT9SnYaP4 +wM8zAQLpw6o1D/GUE3d3NZ4tVlFEbuHGLige/9rsR82XRBf34EzC4Xx8MnpmyFq2 +XFNFV1pF1AWZLy4jVe5jaN/TG3inEpQGAHUNcoTpLrxaatXeL1nHo+zSh2bbt1S1 +JKv0Q3jbSwTEb93mPmY+KfJLaHEih6D4sTNjduMNhXJEIlU/HHzp/LgV6FL6qj6j +ITk1dImmasI5+njPtqzn59ZW/yOSLlALqbUHM/Q4X6RJpstlcHboCoWASzY9M/eV +VHUl2qzEc4Jl6VL1XP04lQJqaTDFHApXB64ipCz5xUG3uOyfT0gA+QEEVcys+TIx +xHWVBqB/0Y0n3bOppHKH/lmLmnp0Ft0WpWIp6zqW3IunaFnT63eROfjXy9mPX1on +AX1daBli2MjN9LdyR75bl87yraKZk62Uy5P2EgmVtqvXO9A/EcswFi55gORngS1d +7XB4tmBZrOFdRWOPyN9yaFvqHbgB8X7754qz41SgOAngPN5C8sLtLpvzHzW2Ntjj +gKGLzZlkD8Kqq7HK9W+eQ42EVJmzbsASZthwEPEGNTNDqJwuuhQxzhB/HIbjj9LV ++Hfsm6vxL2PZQl/gZ4FkkfGXL/xuJvYz+NO1+MRiqzFRJQJ6+N1rZdVtTTDIZbpo +FGWsJwt0ivKH +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICVTCCAdygAwIBAgIUTyNkuI6XY57GU4HBdk7LKnQV1tcwCgYIKoZIzj0EAwMw +WjELMAkGA1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMs +IEluYy4xJDAiBgNVBAMMG1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHNDAeFw0y +MTA1MjAwMjEwMjJaFw00NjA1MTkwMjEwMjJaMFoxCzAJBgNVBAYTAkNOMSUwIwYD +VQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSQwIgYDVQQDDBtUcnVz +dEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATx +s8045CVD5d4ZCbuBeaIVXxVjAd7Cq92zphtnS4CDr5nLrBfbK5bKfFJV4hrhPVbw +LxYI+hW8m7tH5j/uqOFMjPXTNvk4XatwmkcN4oFBButJ+bAp3TPsUKV/eSm4IJij +YzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUpbtKl86zK3+kMd6Xg1mD +pm9xy94wHQYDVR0OBBYEFKW7SpfOsyt/pDHel4NZg6ZvccveMA4GA1UdDwEB/wQE +AwIBBjAKBggqhkjOPQQDAwNnADBkAjBe8usGzEkxn0AAbbd+NvBNEU/zy4k6LHiR +UKNbwMp1JvK/kF0LgoxgKJ/GcJpo5PECMFxYDlZ2z1jD1xCMuo6u47xkdUfFVZDj +/bpV6wfEU6s3qe4hsiFbYI89MvHVI5TWWA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHTCCAaOgAwIBAgIUQ3CCd89NXTTxyq4yLzf39H91oJ4wCgYIKoZIzj0EAwMw +TjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29t +bVNjb3BlIFB1YmxpYyBUcnVzdCBFQ0MgUm9vdC0wMTAeFw0yMTA0MjgxNzM1NDNa +Fw00NjA0MjgxNzM1NDJaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21tU2Nv +cGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgRUNDIFJvb3QtMDEw +djAQBgcqhkjOPQIBBgUrgQQAIgNiAARLNumuV16ocNfQj3Rid8NeeqrltqLxeP0C +flfdkXmcbLlSiFS8LwS+uM32ENEp7LXQoMPwiXAZu1FlxUOcw5tjnSCDPgYLpkJE +hRGnSjot6dZoL0hOUysHP029uax3OVejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSOB2LAUN3GGQYARnQE9/OufXVNMDAKBggq +hkjOPQQDAwNoADBlAjEAnDPfQeMjqEI2Jpc1XHvr20v4qotzVRVcrHgpD7oh2MSg +2NED3W3ROT3Ek2DS43KyAjB8xX6I01D1HiXo+k515liWpDVfG2XqYZpwI7UNo5uS +Um9poIyNStDuiw7LR47QjRE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHDCCAaOgAwIBAgIUKP2ZYEFHpgE6yhR7H+/5aAiDXX0wCgYIKoZIzj0EAwMw +TjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29t +bVNjb3BlIFB1YmxpYyBUcnVzdCBFQ0MgUm9vdC0wMjAeFw0yMTA0MjgxNzQ0NTRa +Fw00NjA0MjgxNzQ0NTNaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21tU2Nv +cGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgRUNDIFJvb3QtMDIw +djAQBgcqhkjOPQIBBgUrgQQAIgNiAAR4MIHoYx7l63FRD/cHB8o5mXxO1Q/MMDAL +j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU +v4RDsNuESgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTmGHX/72DehKT1RsfeSlXjMjZ59TAKBggq +hkjOPQQDAwNnADBkAjAmc0l6tqvmSfR9Uj/UQQSugEODZXW5hYA4O9Zv5JOGq4/n +ich/m35rChJVYaoR4HkCMHfoMXGsPHED1oQmHhS48zs73u1Z/GtMMH9ZzkXpc2AV +mkzw5l4lIhVtwodZ0LKOag== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIUPgNJgXUWdDGOTKvVxZAplsU5EN0wDQYJKoZIhvcNAQEL +BQAwTjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwi +Q29tbVNjb3BlIFB1YmxpYyBUcnVzdCBSU0EgUm9vdC0wMTAeFw0yMTA0MjgxNjQ1 +NTRaFw00NjA0MjgxNjQ1NTNaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21t +U2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgUlNBIFJvb3Qt +MDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwSGWjDR1C45FtnYSk +YZYSwu3D2iM0GXb26v1VWvZVAVMP8syMl0+5UMuzAURWlv2bKOx7dAvnQmtVzslh +suitQDy6uUEKBU8bJoWPQ7VAtYXR1HHcg0Hz9kXHgKKEUJdGzqAMxGBWBB0HW0al +DrJLpA6lfO741GIDuZNqihS4cPgugkY4Iw50x2tBt9Apo52AsH53k2NC+zSDO3Oj +WiE260f6GBfZumbCk6SP/F2krfxQapWsvCQz0b2If4b19bJzKo98rwjyGpg/qYFl +P8GMicWWMJoKz/TUyDTtnS+8jTiGU+6Xn6myY5QXjQ/cZip8UlF1y5mO6D1cv547 +KI2DAg+pn3LiLCuz3GaXAEDQpFSOm117RTYm1nJD68/A6g3czhLmfTifBSeolz7p +UcZsBSjBAg/pGG3svZwG1KdJ9FQFa2ww8esD1eo9anbCyxooSU1/ZOD6K9pzg4H/ +kQO9lLvkuI6cMmPNn7togbGEW682v3fuHX/3SZtS7NJ3Wn2RnU3COS3kuoL4b/JO +Hg9O5j9ZpSPcPYeoKFgo0fEbNttPxP/hjFtyjMcmAyejOQoBqsCyMWCDIqFPEgkB +Ea801M/XrmLTBQe0MXXgDW1XT2mH+VepuhX2yFJtocucH+X8eKg1mp9BFM6ltM6U +CBwJrVbl2rZJmkrqYxhTnCwuwwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUN12mmnQywsL5x6YVEFm45P3luG0wDQYJ +KoZIhvcNAQELBQADggIBAK+nz97/4L1CjU3lIpbfaOp9TSp90K09FlxD533Ahuh6 +NWPxzIHIxgvoLlI1pKZJkGNRrDSsBTtXAOnTYtPZKdVUvhwQkZyybf5Z/Xn36lbQ +nmhUQo8mUuJM3y+Xpi/SB5io82BdS5pYV4jvguX6r2yBS5KPQJqTRlnLX3gWsWc+ +QgvfKNmwrZggvkN80V4aCRckjXtdlemrwWCrWxhkgPut4AZ9HcpZuPN4KWfGVh2v +trV0KnahP/t1MJ+UXjulYPPLXAziDslg+MkfFoom3ecnf+slpoq9uC02EJqxWE2a +aE9gVOX2RhOOiKy8IUISrcZKiX2bwdgt6ZYD9KJ0DLwAHb/WNyVntHKLr4W96ioD +j8z7PEQkguIBpQtZtjSNMgsSDesnwv1B10A8ckYpwIzqug/xBpMu95yo9GA+o/E4 +Xo4TwbM6l4c/ksp4qRyv0LAbJh6+cOx69TOY6lz/KwsETkPdY34Op054A5U+1C0w +lREQKC6/oAI+/15Z0wUOlV9TRe9rh9VIzRamloPh37MG88EU26fsHItdkJANclHn +YfkUyq+Dj7+vsQpZXdxc1+SWrVtgHdqul7I52Qb1dgAT+GhMIbA1xNxVssnBQVoc +icCMb3SgazNNtQEo/a2tiRc7ppqEvOuM6sRxJKi6KfkIsidWNTJf6jn7MZrVGczw +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIUVBa/O345lXGN0aoApYYNK496BU4wDQYJKoZIhvcNAQEL +BQAwTjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwi +Q29tbVNjb3BlIFB1YmxpYyBUcnVzdCBSU0EgUm9vdC0wMjAeFw0yMTA0MjgxNzE2 +NDNaFw00NjA0MjgxNzE2NDJaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21t +U2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgUlNBIFJvb3Qt +MDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDh+g77aAASyE3VrCLE +NQE7xVTlWXZjpX/rwcRqmL0yjReA61260WI9JSMZNRTpf4mnG2I81lDnNJUDMrG0 +kyI9p+Kx7eZ7Ti6Hmw0zdQreqjXnfuU2mKKuJZ6VszKWpCtYHu8//mI0SFHRtI1C +rWDaSWqVcN3SAOLMV2MCe5bdSZdbkk6V0/nLKR8YSvgBKtJjCW4k6YnS5cciTNxz +hkcAqg2Ijq6FfUrpuzNPDlJwnZXjfG2WWy09X6GDRl224yW4fKcZgBzqZUPckXk2 +LHR88mcGyYnJ27/aaL8j7dxrrSiDeS/sOKUNNwFnJ5rpM9kzXzehxfCrPfp4sOcs +n/Y+n2Dg70jpkEUeBVF4GiwSLFworA2iI540jwXmojPOEXcT1A6kHkIfhs1w/tku +FT0du7jyU1fbzMZ0KZwYszZ1OC4PVKH4kh+Jlk+71O6d6Ts2QrUKOyrUZHk2EOH5 +kQMreyBUzQ0ZGshBMjTRsJnhkB4BQDa1t/qp5Xd1pCKBXbCL5CcSD1SIxtuFdOa3 +wNemKfrb3vOTlycEVS8KbzfFPROvCgCpLIscgSjX74Yxqa7ybrjKaixUR9gqiC6v +wQcQeKwRoi9C8DfF8rhW3Q5iLc4tVn5V8qdE9isy9COoR+jUKgF4z2rDN6ieZdIs +5fq6M8EGRPbmz6UNp2YINIos8wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUR9DnsSL/nSz12Vdgs7GxcJXvYXowDQYJ +KoZIhvcNAQELBQADggIBAIZpsU0v6Z9PIpNojuQhmaPORVMbc0RTAIFhzTHjCLqB +KCh6krm2qMhDnscTJk3C2OVVnJJdUNjCK9v+5qiXz1I6JMNlZFxHMaNlNRPDk7n3 ++VGXu6TwYofF1gbTl4MgqX67tiHCpQ2EAOHyJxCDut0DgdXdaMNmEMjRdrSzbyme +APnCKfWxkxlSaRosTKCL4BWaMS/TiJVZbuXEs1DIFAhKm4sTg7GkcrI7djNB3Nyq +pgdvHSQSn8h2vS/ZjvQs7rfSOBAkNlEv41xdgSGn2rtO/+YHqP65DSdsu3BaVXoT +6fEqSWnHX4dXTEN5bTpl6TBcQe7rd6VzEojov32u5cSoHw2OHG1QAk8mGEPej1WF +sQs3BWDJVTkSBKEqz3EWnzZRSb9wO55nnPt7eck5HHisd5FUmrh1CoFSl+NmYWvt +PjgelmFV4ZFUjO2MJB+ByRCac5krFk5yAD9UG/iNuovnFNa2RU9g7Jauwy8CTl2d +lklyALKrdVwPaFsdZcJfMw8eD/A7hvWwTruc9+olBdytoptLFwG+Qt81IR2tq670 +v64fG9PiO/yzcnMcmyiQiRM9HcEARwmWmjgb3bHPDcK0RPOWlc4yOo80nOAXx17O +rg3bhzjlP1v9mxnhMUF6cKojawHhRUzNlM47ni3niAIi9G7oyOzWPPO5std3eqx7 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBM +MS4wLAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIx +MQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00 +MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBD +QSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BBl01Z +4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYv +Ye+W/CBGvevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZ +kmGbzSoXfduP9LVq6hdKZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDs +GY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt0xU6kGpn8bRrZtkh68rZYnxGEFzedUln +nkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVKPNe0OwANwI8f4UDErmwh +3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMYsluMWuPD +0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzy +geBYBr3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8 +ANSbhqRAvNncTFd+rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezB +c6eUWsuSZIKmAMFwoW4sKeFYV+xafJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lI +pw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +dEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +DAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS +4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPs +o0UvFJ/1TCplQ3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJ +qM7F78PRreBrAwA0JrRUITWXAdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuyw +xfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9GslA9hGCZcbUztVdF5kJHdWoOsAgM +rr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2VktafcxBPTy+av5EzH4 +AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9qTFsR +0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuY +o7Ey7Nmj1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5 +dDTedk+SKlOxJTnbPP/lPqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcE +oji2jbDwN/zIIX8/syQbPYtuzE2wFg2WHYMfRsCbvUOZ58SWLs5fyQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4w +LAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0w +CwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0 +MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBF +Q0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6KDP/X +tXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4 +AjJn8ZQSb+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2 +KCXWfeBmmnoJsmo7jjPXNtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMD +aAAwZQIwW5kp85wxtolrbNa9d+F851F+uDrNozZffPc8dz7kUK2o59JZDCaOMDtu +CCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGYa3cpetskz2VAv9LcjBHo +9H1/IISpQuQo +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw +CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT +U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2 +MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3Jh +dGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3QgQ0EgMjAyMjB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWyJGYm +acCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFN +SeR7T5v15wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME +GDAWgBSJjy+j6CugFFR781a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NW +uCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp +15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w7deedWo1dlJF4AIxAMeN +b0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO +MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD +DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX +DTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw +b3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMjCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u9nTP +L3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OY +t6/wNr/y7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0ins +S657Lb85/bRi3pZ7QcacoOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3 +PnxEX4MN8/HdIGkWCVDi1FW24IBydm5MR7d1VVm0U3TZlMZBrViKMWYPHqIbKUBO +L9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDGD6C1vBdOSHtRwvzpXGk3 +R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEWTO6Af77w +dr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS ++YCk8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYS +d66UNHsef8JmAOSqg+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoG +AtUjHBPW6dvbxrB6y3snm/vg1UYk7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2f +gTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j +BBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsuN+7jhHonLs0Z +NbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt +hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsM +QtfhWsSWTVTNj8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvf +R4iyrT7gJ4eLSYwfqUdYe5byiB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJ +DPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjUo3KUQyxi4U5cMj29TH0ZR6LDSeeW +P4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqoENjwuSfr98t67wVy +lrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7EgkaibMOlq +bLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2w +AgDHbICivRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3q +r5nsLFR+jM4uElZI7xc7P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sji +Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU +98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBf +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD +Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw +HhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEY +MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1Ymxp +YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDa +ef0rty2k1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnz +SDBh+oF8HqcIStw+KxwfGExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xf +iOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMPFF1bFOdLvt30yNoDN9HWOaEhUTCDsG3X +ME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vuZDCQOc2TZYEhMbUjUDM3 +IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5QazYw6A3OAS +VYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgE +SJ/AwSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu ++Zd4KKTIRJLpfSYFplhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt +8uaZFURww3y8nDnAtOFr94MlI1fZEoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+L +HaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW6aWWrL3DkJiy4Pmi1KZHQ3xt +zwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWIIUkwDgYDVR0P +AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c +mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQ +YKlJfp/imTYpE0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52 +gDY9hAaLMyZlbcp+nv4fjFg4exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZA +Fv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M0ejf5lG5Nkc/kLnHvALcWxxPDkjB +JYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI84HxZmduTILA7rpX +DhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9mpFui +TdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5 +dHn5HrwdVw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65 +LvKRRFHQV80MNNVIIb/bE/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp +0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmmJ1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAY +QqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQsw +CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T +ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcN +MjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYG +A1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT +ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccC +WvkEN/U0NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+ +6xnOQ6OjQjBAMB0GA1UdDgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8B +Af8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjAn7qRa +qCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RHlAFWovgzJQxC36oCMB3q +4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21USAGKcw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQsw +CQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBH +bWJIMSswKQYDVQQDDCJUZWxla29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIw +MB4XDTIwMDgyNTA3NDgyMFoXDTQ1MDgyNTIzNTk1OVowYzELMAkGA1UEBhMCREUx +JzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkgR21iSDErMCkGA1UE +AwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgRUNDIFJvb3QgMjAyMDB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABM6//leov9Wq9xCazbzREaK9Z0LMkOsVGJDZos0MKiXrPk/O +tdKPD/M12kOLAoC+b1EkHQ9rK8qfwm9QMuU3ILYg/4gND21Ju9sGpIeQkpT0CdDP +f8iAC8GXs7s1J8nCG6NCMEAwHQYDVR0OBBYEFONyzG6VmUex5rNhTNHLq+O6zd6f +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA +MGQCMHVSi7ekEE+uShCLsoRbQuHmKjYC2qBuGT8lv9pZMo7k+5Dck2TOrbRBR2Di +z6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdUga/sf+Rn +27iQ7t0l +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBj +MQswCQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0 +eSBHbWJIMSswKQYDVQQDDCJUZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAy +MDIzMB4XDTIzMDMyODEyMTY0NVoXDTQ4MDMyNzIzNTk1OVowYzELMAkGA1UEBhMC +REUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkgR21iSDErMCkG +A1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgUlNBIFJvb3QgMjAyMzCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAO01oYGA88tKaVvC+1GDrib94W7zgRJ9 +cUD/h3VCKSHtgVIs3xLBGYSJwb3FKNXVS2xE1kzbB5ZKVXrKNoIENqil/Cf2SfHV +cp6R+SPWcHu79ZvB7JPPGeplfohwoHP89v+1VmLhc2o0mD6CuKyVU/QBoCcHcqMA +U6DksquDOFczJZSfvkgdmOGjup5czQRxUX11eKvzWarE4GC+j4NSuHUaQTXtvPM6 +Y+mpFEXX5lLRbtLevOP1Czvm4MS9Q2QTps70mDdsipWol8hHD/BeEIvnHRz+sTug +BTNoBUGCwQMrAcjnj02r6LX2zWtEtefdi+zqJbQAIldNsLGyMcEWzv/9FIS3R/qy +8XDe24tsNlikfLMR0cN3f1+2JeANxdKz+bi4d9s3cXFH42AYTyS2dTd4uaNir73J +co4vzLuu2+QVUhkHM/tqty1LkCiCc/4YizWN26cEar7qwU02OxY2kTLvtkCJkUPg +8qKrBC7m8kwOFjQgrIfBLX7JZkcXFBGk8/ehJImr2BrIoVyxo/eMbcgByU/J7MT8 +rFEz0ciD0cmfHdRHNCk+y7AO+oMLKFjlKdw/fKifybYKu6boRhYPluV75Gp6SG12 +mAWl3G0eQh5C2hrgUve1g8Aae3g1LDj1H/1Joy7SWWO/gLCMk3PLNaaZlSJhZQNg ++y+TS/qanIA7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtqeX +gj10hZv3PJ+TmpV5dVKMbUcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS2 +p5eCPXSFm/c8n5OalXl1UoxtRzANBgkqhkiG9w0BAQwFAAOCAgEAqMxhpr51nhVQ +pGv7qHBFfLp+sVr8WyP6Cnf4mHGCDG3gXkaqk/QeoMPhk9tLrbKmXauw1GLLXrtm +9S3ul0A8Yute1hTWjOKWi0FpkzXmuZlrYrShF2Y0pmtjxrlO8iLpWA1WQdH6DErw +M807u20hOq6OcrXDSvvpfeWxm4bu4uB9tPcy/SKE8YXJN3nptT+/XOR0so8RYgDd +GGah2XsjX/GO1WfoVNpbOms2b/mBsTNHM3dA+VKq3dSDz4V4mZqTuXNnQkYRIer+ +CqkbGmVps4+uFrb2S1ayLfmlyOw7YqPta9BO1UAJpB+Y1zqlklkg5LB9zVtzaL1t +xKITDmcZuI1CfmwMmm6gJC3VRRvcxAIU/oVbZZfKTpBQCHpCNfnqwmbU+AGuHrS+ +w6jv/naaoqYfRvaE7fzbzsQCzndILIyy7MMAo+wsVRjBfhnu4S/yrYObnqsZ38aK +L4x35bcF7DvB7L6Gs4a8wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+lj +X273CXE2whJdV/LItM3z7gLfEdxquVeEHVlNjM7IDiPCtyaaEBRx/pOyiriA8A4Q +ntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0o82bNSQ3+pCTE4FCxpgm +dTdmQRCsu/WU48IxK63nI1bMNSWSs1A= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE +AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw +CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ +BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND +VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb +qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY +HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo +G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA +lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr +IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/ +0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH +k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47 +4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO +m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa +cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl +uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI +KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls +ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG +AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT +VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG +CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA +cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA +QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA +7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA +cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA +QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA +czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu +aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt +aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud +DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF +BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp +D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU +JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m +AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD +vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms +tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH +7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA +h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF +d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H +pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE +BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w +MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC +SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 +ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv +UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX +4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 +KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ +gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb +rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ +51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F +be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe +KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F +v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn +fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 +jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz +ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL +e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 +jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz +WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V +SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j +pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX +X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok +fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R +K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU +ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU +LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT +LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP +Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr +ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL +MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 +yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr +VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ +nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG +XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj +vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt +Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g +N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC +nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y +YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua +kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL +QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp +6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG +yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i +QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO +tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu +QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ +Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u +olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 +x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz +dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG +A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U +cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf +qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ +JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ ++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS +s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 +HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 +70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG +V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S +qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S +5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia +C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX +OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE +FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 +KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B +8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ +MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc +0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ +u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF +u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH +YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 +GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO +RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e +KeC2uAloGRwYQw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC +VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ +cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ +BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt +VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D +0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 +ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G +A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs +aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I +flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE +AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG +EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM +FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC +REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp +Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM +VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ +SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ +4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L +cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi +eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG +A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 +DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j +vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP +DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc +maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D +lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv +KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ +RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD +VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX +DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y +ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy +VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr +mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr +IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK +mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu +XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy +dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye +jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 +BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 +DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 +9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx +jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 +Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz +ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS +R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr +6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV +L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 +1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx +MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ +QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB +arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr +Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi +FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS +P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN +9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz +uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h +9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t +OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo ++fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 +KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 +DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us +H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ +I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 +5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h +3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz +Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y +ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E +N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 +tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX +0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c +/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X +KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY +zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS +O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D +34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP +K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv +Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj +QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS +IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 +HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa +O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv +033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u +dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE +kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 +3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD +u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq +4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV @@ -461,6 +1710,28 @@ L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV +BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X +DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ +BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 +QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny +gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw +zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q +130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 +JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw +ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT +AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj +AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG +9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h +bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc +fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu +HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w +t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP @@ -503,38 +1774,6 @@ 03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkG -A1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkw -FwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYx -MDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9u -aXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMIICIjANBgkq -hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWiD59b -RatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9Z -YybNpyrOVPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3 -QWPKzv9pj2gOlTblzLmMCcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPw -yJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCmfecqQjuCgGOlYx8ZzHyyZqjC0203b+J+ -BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKAA1GqtH6qRNdDYfOiaxaJ -SaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9ORJitHHmkH -r96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj0 -4KlGDfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9Me -dKZssCz3AwyIDMvUclOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIw -q7ejMZdnrY8XD2zHc+0klGvIg5rQmjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2 -nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1UdIwQYMBaAFNwu -H9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA -VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJC -XtzoRlgHNQIw4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd -6IwPS3BD0IL/qMy/pJTAvoe9iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf -+I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS8cE54+X1+NZK3TTN+2/BT+MAi1bi -kvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2HcqtbepBEX4tdJP7 -wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxSvTOB -TI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6C -MUO+1918oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn -4rnvyOL2NSl6dPrFf4IFYqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+I -aFvowdlxfv1k7/9nR4hYJS8+hge9+6jlgqispdNpQ80xiEmEU5LAsTkbOYMBMMTy -qfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV @@ -576,6 +1815,179 @@ GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c +JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP +mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ +wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 +VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ +AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB +AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun +pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC +dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf +fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm +NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx +H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA +n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc +biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp +EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA +bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu +YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW +BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI +QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I +0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni +lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 +B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv +ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg +RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf +Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q +RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD +AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY +JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv +6pZjamVFkpUBtA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB +CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 +nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt +43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P +T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 +gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR +TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw +DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr +hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg +06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF +PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls +YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI +2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx +1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ +q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz +tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ +vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV +5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY +1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 +NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG +Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 +8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe +pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe +Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw +EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x +IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG +fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO +Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd +BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx +AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ +oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 +sycX +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg +RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y +ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If +xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV +ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO +DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ +jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ +CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi +EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM +fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY +uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK +chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t +9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 +SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd ++SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc +fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa +sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N +cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N +0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie +4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI +r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 +/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm +gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha @@ -711,137 +2123,6 @@ hNQ+IIX3Sj0rnP0qCglN6oH4EZw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV -BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC -aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV -BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 -Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz -MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ -BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp -em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN -ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY -B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH -D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF -Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo -q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D -k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH -fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut -dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM -ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 -zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn -rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX -U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 -Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 -XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF -Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR -HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY -GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c -77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 -+GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK -vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 -FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl -yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P -AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD -y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d -NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 -MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g -Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG -A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg -Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl -ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j -QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr -ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr -BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM -YyRIHN8wfdVoOw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE -BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ -IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 -MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV -BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w -HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj -Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj -TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u -KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj -qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm -MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 -ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP -zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk -L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC -jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA -HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC -AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg -p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm -DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 -COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry -L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf -JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg -IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io -2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV -09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ -XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq -T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe -MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF -ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 -b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL -MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv -b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK -gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ -W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg -1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K -8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r -2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me -z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR -8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj -mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz -7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 -+XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI -0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB -Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm -UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 -LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY -+gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS -k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl -7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm -btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl -urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ -fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 -n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE -76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H -9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT -4PsJYGw= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF -ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 -b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL -MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv -b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj -ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM -9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw -IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 -VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L -93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm -jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA -A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI -U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs -N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv -o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU -5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy -rqXRfboQnoZsG4q5WTP468SQvvG5 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 @@ -931,24 +2212,38 @@ 4uJEvlz36hz1 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx -FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg -Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG -A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr -b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ -jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn -PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh -ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 -nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h -q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED -MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC -mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 -7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB -oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs -EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO -fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi -AmvZWg== +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 +ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD +VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j +b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq +scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO +xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H +LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX +uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD +yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ +JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q +rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN +BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L +hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB +QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ +HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu +Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg +QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB +BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA +A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb +laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 +awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo +JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw +LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT +VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk +LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb +UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ +QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ +naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls +QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD @@ -999,149 +2294,6 @@ XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 -MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g -Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG -A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg -Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi -9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk -M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB -/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB -MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw -CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW -1KyLa2tJElMzrdfkviT8tQp21KW8EA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix -DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k -IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT -N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v -dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG -A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh -ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx -QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 -dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC -AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA -4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0 -AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10 -4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C -ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV -9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD -gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6 -Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq -NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko -LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc -Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd -ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I -XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI -M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot -9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V -Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea -j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh -X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ -l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf -bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4 -pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK -e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0 -vm9qp/UsQu0yrbYhnr68 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUA -MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD -VQQDExNHbG9iYWxTaWduIFJvb3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMy -MDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt -c2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08EsCVeJ -OaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQG -vGIFAha/r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud -316HCkD7rRlr+/fKYIje2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo -0q3v84RLHIf8E6M6cqJaESvWJ3En7YEtbWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSE -y132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvjK8Cd+RTyG/FWaha/LIWF -zXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD412lPFzYE -+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCN -I/onccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzs -x2sZy/N78CsHpdlseVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqa -ByFrgY/bxFn63iLABJzjqls2k+g9vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC -4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV -HQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEMBQADggIBAHx4 -7PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg -JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti -2kM3S+LGteWygxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIk -pnnpHs6i58FZFZ8d4kuaPp92CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRF -FRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZmOUdkLG5NrmJ7v2B0GbhWrJKsFjLt -rWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qqJZ4d16GLuc1CLgSk -ZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwyeqiv5 -u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP -4vkYxboznxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6 -N3ec592kD3ZDZopD8p/7DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3 -vouXsXgxT7PntgMTzlSdriVZzH81Xwj3QEUxeCp6 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYx -CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQD -ExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAw -MDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex -HDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkBjtjq -R+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGdd -yXqBPCCjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud -DgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ -7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZkvLtoURMMA/cVi4RguYv/Uo7njLwcAjA8 -+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAezNIm8BZ/3Hobui3A= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF8zCCA9ugAwIBAgIUDU3FzRYilZYIfrgLfxUGNPt5EDQwDQYJKoZIhvcNAQEL -BQAwgYAxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUt -VHVncmEgRUJHIEEuUy4xHTAbBgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYw -JAYDVQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENBIFJTQSB2MzAeFw0yMDAzMTgw -OTA3MTdaFw00NTAzMTIwOTA3MTdaMIGAMQswCQYDVQQGEwJUUjEPMA0GA1UEBxMG -QW5rYXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1 -Z3JhIFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBD -QSBSU0EgdjMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCiZvCJt3J7 -7gnJY9LTQ91ew6aEOErxjYG7FL1H6EAX8z3DeEVypi6Q3po61CBxyryfHUuXCscx -uj7X/iWpKo429NEvx7epXTPcMHD4QGxLsqYxYdE0PD0xesevxKenhOGXpOhL9hd8 -7jwH7eKKV9y2+/hDJVDqJ4GohryPUkqWOmAalrv9c/SF/YP9f4RtNGx/ardLAQO/ -rWm31zLZ9Vdq6YaCPqVmMbMWPcLzJmAy01IesGykNz709a/r4d+ABs8qQedmCeFL -l+d3vSFtKbZnwy1+7dZ5ZdHPOrbRsV5WYVB6Ws5OUDGAA5hH5+QYfERaxqSzO8bG -wzrwbMOLyKSRBfP12baqBqG3q+Sx6iEUXIOk/P+2UNOMEiaZdnDpwA+mdPy70Bt4 -znKS4iicvObpCdg604nmvi533wEKb5b25Y08TVJ2Glbhc34XrD2tbKNSEhhw5oBO -M/J+JjKsBY04pOZ2PJ8QaQ5tndLBeSBrW88zjdGUdjXnXVXHt6woq0bM5zshtQoK -5EpZ3IE1S0SVEgpnpaH/WwAH0sDM+T/8nzPyAPiMbIedBi3x7+PmBvrFZhNb/FAH -nnGGstpvdDDPk1Po3CLW3iAfYY2jLqN4MpBs3KwytQXk9TwzDdbgh3cXTJ2w2Amo -DVf3RIXwyAS+XF1a4xeOVGNpf0l0ZAWMowIDAQABo2MwYTAPBgNVHRMBAf8EBTAD -AQH/MB8GA1UdIwQYMBaAFLK0ruYt9ybVqnUtdkvAG1Mh0EjvMB0GA1UdDgQWBBSy -tK7mLfcm1ap1LXZLwBtTIdBI7zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEL -BQADggIBAImocn+M684uGMQQgC0QDP/7FM0E4BQ8Tpr7nym/Ip5XuYJzEmMmtcyQ -6dIqKe6cLcwsmb5FJ+Sxce3kOJUxQfJ9emN438o2Fi+CiJ+8EUdPdk3ILY7r3y18 -Tjvarvbj2l0Upq7ohUSdBm6O++96SmotKygY/r+QLHUWnw/qln0F7psTpURs+APQ -3SPh/QMSEgj0GDSz4DcLdxEBSL9htLX4GdnLTeqjjO/98Aa1bZL0SmFQhO3sSdPk -vmjmLuMxC1QLGpLWgti2omU8ZgT5Vdps+9u1FGZNlIM7zR6mK7L+d0CGq+ffCsn9 -9t2HVhjYsCxVYJb6CH5SkPVLpi6HfMsg2wY+oF0Dd32iPBMbKaITVaA9FCKvb7jQ -mhty3QUBjYZgv6Rn7rWlDdF/5horYmbDB7rnoEgcOMPpRfunf/ztAmgayncSd6YA -VSgU7NbHEqIbZULpkejLPoeJVF3Zr52XnGnnCv8PWniLYypMfUeUP95L6VPQMPHF -9p5J3zugkaOj/s1YzOrfr28oO6Bpm4/srK4rVJ2bBLFHIK+WEj5jlB0E5y67hscM -moi/dkfv97ALl2bSRM9gUgfh1SxKOidhd8rXj+eHDjD/DLsE4mHDosiXYY60MGo8 -bcIHX0pzLz/5FooBZu+6kcpSV3uu1OYP3Qt6f4ueJiDPO++BcYNZ ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICpTCCAiqgAwIBAgIUJkYZdzHhT28oNt45UYbm1JeIIsEwCgYIKoZIzj0EAwMw -gYAxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUtVHVn -cmEgRUJHIEEuUy4xHTAbBgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYwJAYD -VQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENBIEVDQyB2MzAeFw0yMDAzMTgwOTQ2 -NThaFw00NTAzMTIwOTQ2NThaMIGAMQswCQYDVQQGEwJUUjEPMA0GA1UEBxMGQW5r -YXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1Z3Jh -IFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBF -Q0MgdjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASOmCm/xxAeJ9urA8woLNheSBkQ -KczLWYHMjLiSF4mDKpL2w6QdTGLVn9agRtwcvHbB40fQWxPa56WzZkjnIZpKT4YK -fWzqTTKACrJ6CZtpS5iB4i7sAnCWH/31Rs7K3IKjYzBhMA8GA1UdEwEB/wQFMAMB -Af8wHwYDVR0jBBgwFoAU/4Ixcj75xGZsrTie0bBRiKWQzPUwHQYDVR0OBBYEFP+C -MXI++cRmbK04ntGwUYilkMz1MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNp -ADBmAjEA5gVYaWHlLcoNy/EZCL3W/VGSGn5jVASQkZo1kTmZ+gepZpO6yGjUij/6 -7W4WAie3AjEA3VoXK3YdZUKWpqxdinlW2Iob35reX8dQj7FbcQwm32pAAOwzkSFx -vmjkI6TZraE3 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 @@ -1371,26 +2523,6 @@ 3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY -MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t -dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 -WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD -VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 -9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ -DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 -Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N -QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ -xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G -A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T -AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG -kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr -Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 -Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU -JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot -RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX @@ -1412,50 +2544,6 @@ SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAw -PTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2Vy -dGFpbmx5IFJvb3QgUjEwHhcNMjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9 -MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0 -YWlubHkgUm9vdCBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANA2 -1B/q3avk0bbm+yLA3RMNansiExyXPGhjZjKcA7WNpIGD2ngwEc/csiu+kr+O5MQT -vqRoTNoCaBZ0vrLdBORrKt03H2As2/X3oXyVtwxwhi7xOu9S98zTm/mLvg7fMbed -aFySpvXl8wo0tf97ouSHocavFwDvA5HtqRxOcT3Si2yJ9HiG5mpJoM610rCrm/b0 -1C7jcvk2xusVtyWMOvwlDbMicyF0yEqWYZL1LwsYpfSt4u5BvQF5+paMjRcCMLT5 -r3gajLQ2EBAHBXDQ9DGQilHFhiZ5shGIXsXwClTNSaa/ApzSRKft43jvRl5tcdF5 -cBxGX1HpyTfcX35pe0HfNEXgO4T0oYoKNp43zGJS4YkNKPl6I7ENPT2a/Z2B7yyQ -wHtETrtJ4A5KVpK8y7XdeReJkd5hiXSSqOMyhb5OhaRLWcsrxXiOcVTQAjeZjOVJ -6uBUcqQRBi8LjMFbvrWhsFNunLhgkR9Za/kt9JQKl7XsxXYDVBtlUrpMklZRNaBA -2CnbrlJ2Oy0wQJuK0EJWtLeIAaSHO1OWzaMWj/Nmqhexx2DgwUMFDO6bW2BvBlyH -Wyf5QBGenDPBt+U1VwV/J84XIIwc/PH72jEpSe31C4SnT8H2TsIonPru4K8H+zMR -eiFPCyEQtkA6qyI6BJyLm4SGcprSp6XEtHWRqSsjAgMBAAGjQjBAMA4GA1UdDwEB -/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTgqj8ljZ9EXME66C6u -d0yEPmcM9DANBgkqhkiG9w0BAQsFAAOCAgEAuVevuBLaV4OPaAszHQNTVfSVcOQr -PbA56/qJYv331hgELyE03fFo8NWWWt7CgKPBjcZq91l3rhVkz1t5BXdm6ozTaw3d -8VkswTOlMIAVRQdFGjEitpIAq5lNOo93r6kiyi9jyhXWx8bwPWz8HA2YEGGeEaIi -1wrykXprOQ4vMMM2SZ/g6Q8CRFA3lFV96p/2O7qUpUzpvD5RtOjKkjZUbVwlKNrd -rRT90+7iIgXr0PK3aBLXWopBGsaSpVo7Y0VPv+E6dyIvXL9G+VoDhRNCX8reU9di -taY1BMJH/5n9hN9czulegChB8n3nHpDYT3Y+gjwN/KUD+nsa2UUeYNrEjvn8K8l7 -lcUq/6qJ34IxD3L/DCfXCh5WAFAeDJDBlrXYFIW7pw0WwfgHJBu6haEaBQmAupVj -yTrsJZ9/nbqkRxWbRHDxakvWOF5D8xh+UG7pWijmZeZ3Gzr9Hb4DJqPb1OG7fpYn -Kx3upPvaJVQTA945xsMfTZDsjxtK0hzthZU4UHlG1sGQUDGpXJpuHfUzVounmdLy -yCwzk5Iwx06MZTMQZBf9JBeW0Y3COmor6xOLRPIh80oat3df1+2IpHLlOR+Vnb5n -wXARPbv0+Em34yaXOp/SX3z7wJl8OSngex2/DaeP0ik0biQVy96QXr8axGbqwua6 -OV+KmalBWQewLK8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQsw -CQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlu -bHkgUm9vdCBFMTAeFw0yMTA0MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJ -BgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0YWlubHkxGjAYBgNVBAMTEUNlcnRhaW5s -eSBSb290IEUxMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3m/4fxzf7flHh4axpMCK -+IKXgOqPyEpeKn2IaKcBYhSRJHpcnqMXfYqGITQYUBsQ3tA3SybHGWCA6TS9YBk2 -QNYphwk8kXr2vBMj3VlOBF7PyAIcGFPBMdjaIOlEjeR2o0IwQDAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ygYy2R17ikq6+2uI1g4 -hevIIgcwCgYIKoZIzj0EAwMDaAAwZQIxALGOWiDDshliTd6wT99u0nCK8Z9+aozm -ut6Dacpps6kFtZaSF4fC0urQe87YQVt8rgIwRt7qy12a7DLCZRawTDBcMPPaTnOG -BtjOiQRINzf43TNRnXCve1XYAS59BWQOhriR ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw @@ -1593,40 +2681,6 @@ tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNV -BAUTCUc2MzI4NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlk -YWQgZGUgQ2VydGlmaWNhY2lvbjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNV -BAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3QgQ0EwHhcNMTkwOTA0MTAwMDM4WhcN -MzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEwMQswCQYDVQQGEwJF -UzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQwEgYD -VQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9v -dCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCj -cqQZAZ2cC4Ffc0m6p6zzBE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9q -yGFOtibBTI3/TO80sh9l2Ll49a2pcbnvT1gdpd50IJeh7WhM3pIXS7yr/2WanvtH -2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcvB2VSAKduyK9o7PQUlrZX -H1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXsezx76W0OL -zc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyR -p1RMVwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQz -W7i1o0TJrH93PB0j7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/ -SiOL9V8BY9KHcyi1Swr1+KuCLH5zJTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJn -LNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe8TZBAQIvfXOn3kLMTOmJDVb3 -n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVOHj1tyRRM4y5B -u8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj -o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAO -BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC -AgEATh65isagmD9uw2nAalxJUqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L -9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzxj6ptBZNscsdW699QIyjlRRA96Gej -rw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDtdD+4E5UGUcjohybK -pFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM5gf0 -vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjq -OknkJjCb5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ -/zo1PqVUSlJZS2Db7v54EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ9 -2zg/LFis6ELhDtjTO0wugumDLmsx2d1Hhk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI -+PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGyg77FGr8H6lnco4g175x2 -MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3r5+qPeoo -tt7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD @@ -1755,71 +2809,6 @@ YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg -MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh -bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx -MjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjET -MBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiIwDQYJ -KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQssgrRI -xutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1k -ZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxD -aNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJw -LnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9CgYXfIWHSw -1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJDa38O+2HBNX -k7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05OWgtH8wY2 -SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/h -bguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4n -WUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpY -rZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZcIN5kZeR1Bonvzce -MgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD -AQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNVHSMEGDAWgBSu -bAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN -nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGt -Ixg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr61 -55wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLj -vUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944Hn+Xds+qkxV/ZoVqW/hpvvf -cDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr3TsTjxKM4kEaSHpz -oHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB10jZp -nOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfs -pA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+v -JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R -8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDfLRVpOoERIyNiwmcUVhAn21klJwGW4 -5hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQEL -BQAwYTELMAkGA1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUg -Q2VydGlmaWNhdGlvbiBFbGVjdHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJv -b3QgQ0EwHhcNMTkwNDI2MDg1NzU2WhcNNDQwNDI2MDg1NzU2WjBhMQswCQYDVQQG -EwJUTjE3MDUGA1UECgwuQWdlbmNlIE5hdGlvbmFsZSBkZSBDZXJ0aWZpY2F0aW9u -IEVsZWN0cm9uaXF1ZTEZMBcGA1UEAwwQVHVuVHJ1c3QgUm9vdCBDQTCCAiIwDQYJ -KoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPN0/y9BFPdDCA61YguBUtB9YOCfvdZ -n56eY+hz2vYGqU8ftPkLHzmMmiDQfgbU7DTZhrx1W4eI8NLZ1KMKsmwb60ksPqxd -2JQDoOw05TDENX37Jk0bbjBU2PWARZw5rZzJJQRNmpA+TkBuimvNKWfGzC3gdOgF -VwpIUPp6Q9p+7FuaDmJ2/uqdHYVy7BG7NegfJ7/Boce7SBbdVtfMTqDhuazb1YMZ -GoXRlJfXyqNlC/M4+QKu3fZnz8k/9YosRxqZbwUN/dAdgjH8KcwAWJeRTIAAHDOF -li/LQcKLEITDCSSJH7UP2dl3RxiSlGBcx5kDPP73lad9UKGAwqmDrViWVSHbhlnU -r8a83YFuB9tgYv7sEG7aaAH0gxupPqJbI9dkxt/con3YS7qC0lH4Zr8GRuR5KiY2 -eY8fTpkdso8MDhz/yV3A/ZAQprE38806JG60hZC/gLkMjNWb1sjxVj8agIl6qeIb -MlEsPvLfe/ZdeikZjuXIvTZxi11Mwh0/rViizz1wTaZQmCXcI/m4WEEIcb9PuISg -jwBUFfyRbVinljvrS5YnzWuioYasDXxU5mZMZl+QviGaAkYt5IPCgLnPSz7ofzwB -7I9ezX/SKEIBlYrilz0QIX32nRzFNKHsLA4KUiwSVXAkPcvCFDVDXSdOvsC9qnyW -5/yeYa1E0wCXAgMBAAGjYzBhMB0GA1UdDgQWBBQGmpsfU33x9aTI04Y+oXNZtPdE -ITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFAaamx9TffH1pMjThj6hc1m0 -90QhMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAqgVutt0Vyb+z -xiD2BkewhpMl0425yAA/l/VSJ4hxyXT968pk21vvHl26v9Hr7lxpuhbI87mP0zYu -QEkHDVneixCwSQXi/5E/S7fdAo74gShczNxtr18UnH1YeA32gAm56Q6XKRm4t+v4 -FstVEuTGfbvE7Pi1HE4+Z7/FXxttbUcoqgRYYdZ2vyJ/0Adqp2RT8JeNnYA/u8EH -22Wv5psymsNUk8QcCMNE+3tjEUPRahphanltkE8pjkcFwRJpadbGNjHh/PqAulxP -xOu3Mqz4dWEX1xAZufHSCe96Qp1bWgvUxpVOKs7/B9dPfhgGiPEZtdmYu65xxBzn -dFlY7wyJz4sfdZMaBBSSSFCp61cpABbjNhzI+L/wM9VBD8TMPN3pM0MBkRArHtG5 -Xc0yGYuPjCB31yLEQtyEFpslbei0VXF/sHyz03FJuc9SpAQ/3D2gu68zngowYI7b -nV2UqL1g52KAdoGDDIzMMEZJ4gzSqK/rYXHv5yJiqfdcZGyfFoxnNidF9Ql7v/YQ -CvGwjVRDjAS6oz/v4jXH+XTgbzRB0L9zZVcg+ZtnemZoJE6AZb0QmQZZ8mWvuMZH -u/2QeItBcy6vVR/cO5JyboTT0GFMDcx2V+IthSIVNg3rAZ3r2OvEhJn7wAzMMujj -d9qDRIueVSjAi1jTkD5OGwDxFa2DK5o= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY @@ -1845,349 +2834,6 @@ O+7ETPTsJ3xCwnR8gooJybQDJbw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN -BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl -c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl -bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv -b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ -BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj -YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5 -MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0 -dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg -QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa -jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC -MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi -C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep -lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof -TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIC2zCCAmCgAwIBAgIQXwJB13qHfEwDo6yWjfv/0DAKBggqhkjOPQQDAzBIMQsw -CQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRS -VVNUIEVWIFJvb3QgQ0EgMSAyMDIwMB4XDTIwMDIxMTEwMDAwMFoXDTM1MDIxMTA5 -NTk1OVowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAG -A1UEAxMZRC1UUlVTVCBFViBSb290IENBIDEgMjAyMDB2MBAGByqGSM49AgEGBSuB -BAAiA2IABPEL3YZDIBnfl4XoIkqbz52Yv7QFJsnL46bSj8WeeHsxiamJrSc8ZRCC -/N/DnU7wMyPE0jL1HLDfMxddxfCxivnvubcUyilKwg+pf3VlSSowZ/Rk99Yad9rD -wpdhQntJraOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFH8QARY3 -OqQo5FD4pPfsazK2/umLMA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6g -PKA6hjhodHRwOi8vY3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X2V2X3Jvb3Rf -Y2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5l -dC9DTj1ELVRSVVNUJTIwRVYlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxPPUQtVHJ1 -c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjO -PQQDAwNpADBmAjEAyjzGKnXCXnViOTYAYFqLwZOZzNnbQTs7h5kXO9XMT8oi96CA -y/m0sRtW9XLS/BnRAjEAkfcwkz8QRitxpNA7RJvAKQIFskF3UfN5Wp6OFKBOQtJb -gfM0agPnIjhQW+0ZT0MW ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD -VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk -MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U -cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDlRydXN0Q29y -IEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3MjgwN1owgZwxCzAJBgNV -BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw -IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy -dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3Ig -RUNBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb -3w9U73NjKYKtR8aja+3+XzP4Q1HpGjORMRegdMTUpwHmspI+ap3tDvl0mEDTPwOA -BoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23xFUfJ3zSCNV2HykVh0A5 -3ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmcp0yJF4Ou -owReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/ -wZ0+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZF -ZtS6mFjBAgMBAAGjYzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAf -BgNVHSMEGDAWgBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/ -MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABT41XBVwm8nHc2Fv -civUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u/ukZMjgDfxT2 -AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F -hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50 -soIipX1TH0XsJ5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BI -WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi -tJ/X5g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNV -BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw -IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy -dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3Ig -Um9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzExNzI2MzlaMIGk -MQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEg -Q2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYD -VQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRy -dXN0Q29yIFJvb3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQCnIG7CKqJiJJWQdsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+ -QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq -1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1oYxOdqHp -2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nK -DOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hape -az6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF -3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88 -oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNM -g9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3 -mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh -8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAd -BgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6U -nrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYw -DQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWyOrsGS2h60COX -dKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89NiqpX+ -MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL -/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RX -CI/hOWB3S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYa -ZH9bDTMJBzN7Bj8RpFxwPIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW -2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7 -N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYURpFHmygk71dSTlxCnKr3 -Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArB -As8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp -5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu -1uwJ ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBs -MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl -c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0Eg -Um9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTUzOFoXDTQ1MDIxMzEwNTUzN1owbDEL -MAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl -YXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgUlNBIFJv -b3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvC569l -mwVnlskNJLnQDmT8zuIkGCyEf3dRywQRNrhe7Wlxp57kJQmXZ8FHws+RFjZiPTgE -4VGC/6zStGndLuwRo0Xua2s7TL+MjaQenRG56Tj5eg4MmOIjHdFOY9TnuEFE+2uv -a9of08WRiFukiZLRgeaMOVig1mlDqa2YUlhu2wr7a89o+uOkXjpFc5gH6l8Cct4M -pbOfrqkdtx2z/IpZ525yZa31MJQjB/OCFks1mJxTuy/K5FrZx40d/JiZ+yykgmvw -Kh+OC19xXFyuQnspiYHLA6OZyoieC0AJQTPb5lh6/a6ZcMBaD9YThnEvdmn8kN3b -LW7R8pv1GmuebxWMevBLKKAiOIAkbDakO/IwkfN4E8/BPzWr8R0RI7VDIp4BkrcY -AuUR0YLbFQDMYTfBKnya4dC6s1BG7oKsnTH4+yPiAwBIcKMJJnkVU2DzOFytOOqB -AGMUuTNe3QvboEUHGjMJ+E20pwKmafTCWQWIZYVWrkvL4N48fS0ayOn7H6NhStYq -E613TBoYm5EPWNgGVMWX+Ko/IIqmhaZ39qb8HOLubpQzKoNQhArlT4b4UEV4AIHr -W2jjJo3Me1xR9BQsQL4aYB16cmEdH2MtiKrOokWQCPxrvrNQKlr9qEgYRtaQQJKQ -CoReaDH46+0N0x3GfZkYVVYnZS6NRcUk7M7jAgMBAAGjQjBAMA8GA1UdEwEB/wQF -MAMBAf8wHQYDVR0OBBYEFApII6ZgpJIKM+qTW8VX6iVNvRLuMA4GA1UdDwEB/wQE -AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPpBIqm5iFSVmewzVjIuJndftTgfvnNAU -X15QvWiWkKQUEapobQk1OUAJ2vQJLDSle1mESSmXdMgHHkdt8s4cUCbjnj1AUz/3 -f5Z2EMVGpdAgS1D0NTsY9FVqQRtHBmg8uwkIYtlfVUKqrFOFrJVWNlar5AWMxaja -H6NpvVMPxP/cyuN+8kyIhkdGGvMA9YCRotxDQpSbIPDRzbLrLFPCU3hKTwSUQZqP -JzLB5UkZv/HywouoCjkxKLR9YjYsTewfM7Z+d21+UPCfDtcRj88YxeMn/ibvBZ3P -zzfF0HvaO7AWhAw6k9a+F9sPPg4ZeAnHqQJyIkv3N3a6dcSFA1pj1bF1BcK5vZSt -jBWZp5N99sXzqnTPBIWUmAD04vnKJGW/4GKvyMX6ssmeVkjaef2WdhW+o45WxLM0 -/L5H9MG0qPzVMIho7suuyWPEdr6sOBjhXlzPrjoiUevRi7PzKzMHVIf6tLITe7pT -BGIBnfHAT+7hOtSLIBD6Alfm78ELt5BGnBkpjNxvoEppaZS3JGWg/6w/zgH7IS79 -aPib8qXPMThcFarmlwDB31qlpzmq6YR/PFGoOtmUW4y/Twhx5duoXNTSpv4Ao8YW -xw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnnkf3/W9b3raYvAwtt41dU -63ZTGI0RmLo= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQsw -CQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh -cmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9v -dCBDQSAyMDIxMB4XDTIxMDIxOTExMDExMFoXDTQ1MDIxMzExMDEwOVowbDELMAkG -A1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj -aCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgRUNDIFJvb3Qg -Q0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDgI/rGgltJ6rK9JOtDA4MM7 -KKrxcm1lAEeIhPyaJmuqS7psBAqIXhfyVYf8MLA04jRYVxqEU+kw2anylnTDUR9Y -STHMmE5gEYd103KUkE+bECUqqHgtvpBBWJAVcqeht6NCMEAwDwYDVR0TAQH/BAUw -AwEB/zAdBgNVHQ4EFgQUyRtTgRL+BNUW0aq8mm+3oJUZbsowDgYDVR0PAQH/BAQD -AgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAircJRQO9gcS3ujwLEXQNw -SaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/QwCZ61IygN -nxS2PFOiTAZpffpskcYqSUXm7LcT4Tps ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD -VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk -MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U -cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29y -IFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkxMjMxMTcyMzE2WjCB -pDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFuYW1h -IENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUG -A1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZU -cnVzdENvciBSb290Q2VydCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAv463leLCJhJrMxnHQFgKq1mqjQCj/IDHUHuO1CAmujIS2CNUSSUQIpid -RtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4pQa81QBeCQryJ3pS/C3V -seq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0JEsq1pme -9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CV -EY4hgLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorW -hnAbJN7+KIor0Gqw/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/ -DeOxCbeKyKsZn3MzUOcwHwYDVR0jBBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD -ggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5mDo4Nvu7Zp5I -/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf -ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZ -yonnMlo2HD6CqFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djts -L1Ac59v2Z3kf9YKVmgenFK+P3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdN -zl/HHk484IkzlQsPpTLWPFp5LBk= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBH -MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBF -eHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMx -MDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNV -BAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrsiWog -D4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvS -sPGP2KxFRv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aop -O2z6+I9tTcg1367r3CTueUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dk -sHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR59mzLC52LqGj3n5qiAno8geK+LLNEOfi -c0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH0mK1lTnj8/FtDw5lhIpj -VMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KRel7sFsLz -KuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/ -TuDvB0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41G -sx2VYVdWf6/wFlthWG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs -1+lvK9JKBZP8nm9rZ/+I8U6laUpSNwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQD -fwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS3H5aBZ8eNJr34RQwDwYDVR0T -AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBADaN -l8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR -ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQ -VBcZEhrxH9cMaVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5 -c6sq1WnIeJEmMX3ixzDx/BR4dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp -4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb+7lsq+KePRXBOy5nAliRn+/4Qh8s -t2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOWF3sGPjLtx7dCvHaj -2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwiGpWO -vpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2C -xR9GUeOcGMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmx -cmtpzyKEC2IPrNkZAJSidjzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbM -fjKaiJUINlK73nZfdklJrX+9ZSCyycErdhh2n1ax ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9 -MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBH -bG9iYWwgRzIgUm9vdDAeFw0xNjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0x -CzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEbMBkGA1UEAwwSVUNBIEds -b2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxeYr -b3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmToni9 -kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzm -VHqUwCoV8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/R -VogvGjqNO7uCEeBHANBSh6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDc -C/Vkw85DvG1xudLeJ1uK6NjGruFZfc8oLTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIj -tm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/R+zvWr9LesGtOxdQXGLY -D0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBeKW4bHAyv -j5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6Dl -NaBa4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6 -iIis7nCs+dwp4wwcOxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznP -O6Q0ibd5Ei9Hxeepl2n8pndntd978XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/ -BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIHEjMz15DD/pQwIX4wV -ZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo5sOASD0Ee/oj -L3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5 -1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl -1qnN3e92mI0ADs0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oU -b3n09tDh05S60FdRvScFDcH9yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LV -PtateJLbXDzz2K36uGt/xDYotgIVilQsnLAXc47QN6MUPJiVAAwpBVueSUmxX8fj -y88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHojhJi6IjMtX9Gl8Cb -EGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZkbxqg -DMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI -+Vg7RE+xygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGy -YiGqhkCyLmTTX8jjfhFnRR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bX -UB+K+wb1whnw0A== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC -VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T -U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx -NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv -dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv -bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49 -AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA -VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku -WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP -MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX -5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ -ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg -h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC -VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T -U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 -aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz -WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0 -b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS -b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB -BAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI -7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg -CemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud -EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD -VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T -kdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+ -gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE -BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK -DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz -OTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv -dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv -bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R -xFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX -qhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC -C52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3 -6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh -/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF -YD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E -JNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc -US4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8 -ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm -+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi -M+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV -HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G -A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV -cpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc -Hadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs -PgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/ -q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0 -cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr -a6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I -H37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y -K9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu -nLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf -oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY -Ic2wBlX7Jz9TkHCpBB5XJ7k= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYT -AkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYD -VQQDEyJTZWN1cml0eSBDb21tdW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYx -NjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTELMAkGA1UEBhMCSlAxJTAjBgNVBAoT -HFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNVBAMTIlNlY3VyaXR5 -IENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNi -AASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+Cnnfdl -dB9sELLo5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpK -ULGjQjBAMB0GA1UdDgQWBBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu -9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3LsnNdo4gIxwwCMQDAqy0O -be0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70eN9k= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFfzCCA2egAwIBAgIJAOF8N0D9G/5nMA0GCSqGSIb3DQEBDAUAMF0xCzAJBgNV -BAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScw -JQYDVQQDEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTMwHhcNMTYwNjE2 -MDYxNzE2WhcNMzgwMTE4MDYxNzE2WjBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc -U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UEAxMeU2VjdXJpdHkg -Q29tbXVuaWNhdGlvbiBSb290Q0EzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEA48lySfcw3gl8qUCBWNO0Ot26YQ+TUG5pPDXC7ltzkBtnTCHsXzW7OT4r -CmDvu20rhvtxosis5FaU+cmvsXLUIKx00rgVrVH+hXShuRD+BYD5UpOzQD11EKzA -lrenfna84xtSGc4RHwsENPXY9Wk8d/Nk9A2qhd7gCVAEF5aEt8iKvE1y/By7z/MG -TfmfZPd+pmaGNXHIEYBMwXFAWB6+oHP2/D5Q4eAvJj1+XCO1eXDe+uDRpdYMQXF7 -9+qMHIjH7Iv10S9VlkZ8WjtYO/u62C21Jdp6Ts9EriGmnpjKIG58u4iFW/vAEGK7 -8vknR+/RiTlDxN/e4UG/VHMgly1s2vPUB6PmudhvrvyMGS7TZ2crldtYXLVqAvO4 -g160a75BflcJdURQVc1aEWEhCmHCqYj9E7wtiS/NYeCVvsq1e+F7NGcLH7YMx3we -GVPKp7FKFSBWFHA9K4IsD50VHUeAR/94mQ4xr28+j+2GaR57GIgUssL8gjMunEst -+3A7caoreyYn8xrC3PsXuKHqy6C0rtOUfnrQq8PsOC0RLoi/1D+tEjtCrI8Cbn3M -0V9hvqG8OmpI6iZVIhZdXw3/JzOfGAN0iltSIEdrRU0id4xVJ/CvHozJgyJUt5rQ -T9nO/NkuHJYosQLTA70lUhw0Zk8jq/R3gpYd0VcwCBEF/VfR2ccCAwEAAaNCMEAw -HQYDVR0OBBYEFGQUfPxYchamCik0FW8qy7z8r6irMA4GA1UdDwEB/wQEAwIBBjAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQDcAiMI4u8hOscNtybS -YpOnpSNyByCCYN8Y11StaSWSntkUz5m5UoHPrmyKO1o5yGwBQ8IibQLwYs1OY0PA -FNr0Y/Dq9HHuTofjcan0yVflLl8cebsjqodEV+m9NU1Bu0soo5iyG9kLFwfl9+qd -9XbXv8S2gVj/yP9kaWJ5rW4OH3/uHWnlt3Jxs/6lATWUVCvAUm2PVcTJ0rjLyjQI -UYWg9by0F1jqClx6vWPGOi//lkkZhOpn2ASxYfQAW0q3nHE3GYV5v4GwxxMOdnE+ -OoAGrgYWp421wsTL/0ClXI2lyTrtcoHKXJg80jQDdwj98ClZXSEIx2C/pHF7uNke -gr4Jr2VvKKu/S7XuPghHJ6APbw+LP6yVGPO5DtxnVW5inkYO0QR4ynKudtml+LLf -iAlhi+8kTtFZP1rUPcmTPCtk9YENFpb3ksP+MW/oKjJ0DvRMmEoYDjBU1cXrvMUV -nuiZIesnKwkK2/HmcBhWuwzkvvnoEKQTkrgc4NtnHVMDpCKn3F2SEDzq//wbEBrD -2NCcnWXL0CsnMQMeNuE9dnUM/0Umud1RvCPHX9jYhxBAEg09ODfnRDwYwFMJZI// -1ZqmfHAuc1Uh6N//g7kdPjIe1qZ9LPFm6Vwdp6POXiUyK+OVrCoHzrQoeIY8Laad -TdJ0MN1kURXbg4NR16/9M51NZg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV @@ -2348,18 +2994,36 @@ 8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw -CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg -R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00 -MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT -ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw -EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW -+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9 -ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T -AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI -zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW -tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1 -/q4AaOeMSQ+2b1tbFfLn +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD +TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx +MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j +aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP +T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 +sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL +TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 +/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp +7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz +EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt +hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP +a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot +aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg +TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV +PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv +cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL +tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd +BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT +ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL +jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS +ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy +P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 +xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d +Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN +5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe +/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z +AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ +5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC @@ -2405,175 +3069,6 @@ hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx -CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ -WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ -BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG -Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/ -yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf -BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz -WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF -tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z -374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC -IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL -mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7 -wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS -MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2 -ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet -UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw -AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H -YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3 -LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD -nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1 -RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM -LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf -77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N -JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm -fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp -6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp -1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B -9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok -RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv -uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQsw -CQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScw -JQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMT -EENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2MDcyNDU0WhcNNDMwMzI2MDcyNDU0 -WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBT -LkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAX -BgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATE -KI6rGFtqvm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7Tm -Fy8as10CW4kjPMIRBSqniBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68Kj -QjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI0GZnQkdjrzife81r1HfS+8 -EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjADVS2m5hjEfO/J -UG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0QoSZ/6vn -nvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6 -MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEu -MScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNV -BAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwHhcNMTgwMzE2MTIxMDEzWhcNNDMw -MzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEg -U3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRo -b3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZ -n0EGze2jusDbCSzBfN8pfktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/q -p1x4EaTByIVcJdPTsuclzxFUl6s1wB52HO8AU5853BSlLCIls3Jy/I2z5T4IHhQq -NwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2fJmItdUDmj0VDT06qKhF -8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGtg/BKEiJ3 -HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGa -mqi4NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi -7VdNIuJGmj8PkTQkfVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSF -ytKAQd8FqKPVhJBPC/PgP5sZ0jeJP/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0P -qafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSYnjYJdmZm/Bo/6khUHL4wvYBQ -v3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHKHRzQ+8S1h9E6 -Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1 -vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQAD -ggIBAEii1QALLtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4 -WxmB82M+w85bj/UvXgF2Ez8sALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvo -zMrnadyHncI013nR03e4qllY/p0m+jiGPp2Kh2RX5Rc64vmNueMzeMGQ2Ljdt4NR -5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8CYyqOhNf6DR5UMEQ -GfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA4kZf -5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq -0Uc9NneoWWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7D -P78v3DSk+yshzWePS/Tj6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTM -qJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmTOPQD8rv7gmsHINFSH5pkAnuYZttcTVoP -0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZckbxJF0WddCajJFdr60qZf -E2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx -GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp -bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w -KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0 -BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy -dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG -EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll -IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU -QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT -TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg -LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7 -a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr -LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr -N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X -YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/ -iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f -AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH -V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh -AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf -IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4 -lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c -8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf -lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 -WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu -ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY -MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc -h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ -0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U -A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW -T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH -B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC -B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv -KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn -OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn -jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw -qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI -rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq -hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL -ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ -3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK -NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 -ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur -TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC -jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc -oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq -4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA -mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d -emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQx -CzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UE -AwwQVGVsaWEgUm9vdCBDQSB2MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1 -NTRaMEQxCzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZ -MBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2MjCCAiIwDQYJKoZIhvcNAQEBBQADggIP -ADCCAgoCggIBALLQPwe84nvQa5n44ndp586dpAO8gm2h/oFlH0wnrI4AuhZ76zBq -AMCzdGh+sq/H1WKzej9Qyow2RCRj0jbpDIX2Q3bVTKFgcmfiKDOlyzG4OiIjNLh9 -vVYiQJ3q9HsDrWj8soFPmNB06o3lfc1jw6P23pLCWBnglrvFxKk9pXSW/q/5iaq9 -lRdU2HhE8Qx3FZLgmEKnpNaqIJLNwaCzlrI6hEKNfdWV5Nbb6WLEWLN5xYzTNTOD -n3WhUidhOPFZPY5Q4L15POdslv5e2QJltI5c0BE0312/UqeBAMN/mUWZFdUXyApT -7GPzmX3MaRKGwhfwAZ6/hLzRUssbkmbOpFPlob/E2wnW5olWK8jjfN7j/4nlNW4o -6GwLI1GpJQXrSPjdscr6bAhR77cYbETKJuFzxokGgeWKrLDiKca5JLNrRBH0pUPC -TEPlcDaMtjNXepUugqD0XBCzYYP2AgWGLnwtbNwDRm41k9V6lS/eINhbfpSQBGq6 -WT0EBXWdN6IOLj3rwaRSg/7Qa9RmjtzG6RJOHSpXqhC8fF6CfaamyfItufUXJ63R -DolUK5X6wK0dmBR4M0KGCqlztft0DbcbMBnEWg4cJ7faGND/isgFuvGqHKI3t+ZI -pEYslOqodmJHixBTB0hXbOKSTbauBcvcwUpej6w9GU7C7WB1K9vBykLVAgMBAAGj -YzBhMB8GA1UdIwQYMBaAFHKs5DN5qkWH9v2sHZ7Wxy+G2CQ5MB0GA1UdDgQWBBRy -rOQzeapFh/b9rB2e1scvhtgkOTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw -AwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAoDtZpwmUPjaE0n4vOaWWl/oRrfxn83EJ -8rKJhGdEr7nv7ZbsnGTbMjBvZ5qsfl+yqwE2foH65IRe0qw24GtixX1LDoJt0nZi -0f6X+J8wfBj5tFJ3gh1229MdqfDBmgC9bXXYfef6xzijnHDoRnkDry5023X4blMM -A8iZGok1GTzTyVR8qPAs5m4HeW9q4ebqkYJpCh3DflminmtGFZhb069GHWLIzoBS -SRE/yQQSwxN8PzuKlts8oB4KtItUsiRnDe+Cy748fdHif64W1lZYudogsYMVoe+K -TTJvQS8TUoKU1xrBeKJR3Stwbbca+few4GeXVtt8YVMJAygCQMez2P2ccGrGKMOF -6eLtGpOg3kuYooQ+BXcBlj37tCAPnHICehIv1aO6UXivKitEZU61/Qrowc15h2Er -3oBXRb9n8ZuRXqWk7FlIEA04x7D6w0RtBPV4UBySllva9bguulvP5fBqnUsvWHMt -Ty3EHD70sz+rFQ47GUGKpMFXEmZxTPpT41frYpUJnlTd0cI8Vzy9OK2YZLe4A5pT -VmBds9hCG1xLEooc6+t9xnppxyd/pPiL8uSUZodL6ZQHCRJ5irLrdATczvREWeAW -ysUsWNc8e89ihmpQfTU2Zqf7N+cox9jQraVplI/owd8k+BsHMYeB2F326CjYSlKA -rBPuUBQemMc= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i @@ -2596,213 +3091,6 @@ Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj -YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM -GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua -BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe -3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 -YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR -rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm -ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU -oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v -QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t -b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF -AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q -GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz -Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 -G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi -l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 -smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE -AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw -CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ -BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND -VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb -qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY -HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo -G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA -lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr -IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/ -0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH -k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47 -4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO -m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa -cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl -uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI -KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls -ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG -AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 -VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT -VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG -CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA -cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA -QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA -7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA -cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA -QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA -czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu -aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt -aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud -DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF -BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp -D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU -JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m -AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD -vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms -tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH -7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h -I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA -h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF -d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H -pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE -BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w -MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 -IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC -SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 -ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv -UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX -4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 -KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ -gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb -rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ -51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F -be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe -KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F -v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn -fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 -jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz -ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt -ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL -e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 -jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz -WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V -SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j -pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX -X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok -fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R -K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU -ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU -LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT -LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE -BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz -dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL -MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp -cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP -Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr -ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL -MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 -yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr -VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ -nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ -KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG -XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj -vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt -Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g -N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC -nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE -BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz -dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL -MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp -cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y -YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua -kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL -QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp -6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG -yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i -QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ -KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO -tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu -QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ -Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u -olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 -x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE -BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz -dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG -A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U -cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf -qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ -JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ -+jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS -s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 -HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 -70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG -V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S -qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S -5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia -C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX -OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE -FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ -BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 -KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg -Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B -8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ -MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc -0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ -u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF -u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH -YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 -GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO -RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e -KeC2uAloGRwYQw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC -VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ -cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ -BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt -VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D -0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 -ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G -A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G -A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs -aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I -flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE -AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG -EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM -FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC -REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp -Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM -VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ -SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ -4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L -cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi -eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV -HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG -A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 -DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j -vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP -DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc -maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D -lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv -KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6 ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw @@ -2858,559 +3146,222 @@ DrW5viSP -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd -MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg -Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow -TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw -HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB -BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y -ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E -N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 -tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX -0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c -/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X -KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY -zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS -O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D -34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP -K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 -AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv -Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj -QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV -cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS -IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 -HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa -O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv -033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u -dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE -kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 -3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD -u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq -4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD -TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y -aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx -MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j -aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP -T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 -sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL -TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 -/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp -7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz -EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt -hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP -a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot -aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg -TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV -PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv -cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL -tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd -BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB -ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT -ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL -jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS -ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy -P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 -xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d -Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN -5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe -/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z -AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ -5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd -MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg -Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow -TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw -HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB -BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr -6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV -L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 -1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx -MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ -QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB -arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr -Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi -FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS -P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN -9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP -AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz -uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h -9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s -A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t -OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo -+fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 -KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 -DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us -H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ -I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 -5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h -3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz -Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQEL -BQAwbzELMAkGA1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJ -SG9uZyBLb25nMRYwFAYDVQQKEw1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25n -a29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2MDMwMjI5NDZaFw00MjA2MDMwMjI5 -NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtvbmcxEjAQBgNVBAcT -CUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMXSG9u -Z2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQCziNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFO -dem1p+/l6TWZ5Mwc50tfjTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mI -VoBc+L0sPOFMV4i707mV78vH9toxdCim5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV -9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOesL4jpNrcyCse2m5FHomY -2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj0mRiikKY -vLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+Tt -bNe/JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZb -x39ri1UbSsUgYT2uy1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+ -l2oBlKN8W4UdKjk60FSh0Tlxnf0h+bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YK -TE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsGxVd7GYYKecsAyVKvQv83j+Gj -Hno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwIDAQABo2MwYTAP -BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e -i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEw -DQYJKoZIhvcNAQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG -7BJ8dNVI0lkUmcDrudHr9EgwW62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCk -MpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWldy8joRTnU+kLBEUx3XZL7av9YROXr -gZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov+BS5gLNdTaqX4fnk -GMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDceqFS -3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJm -Ozj/2ZQw9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+ -l6mc1X5VTMbeRRAc6uk7nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6c -JfTzPV4e0hz5sy229zdcxsshTrD3mUcYhcErulWuBurQB7Lcq9CClnXO0lD+mefP -L5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB60PZ2Pierc+xYw5F9KBa -LJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fqdBb9HxEG -mpv0 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEM -BQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRG -T1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0 -aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4NDJaFw0zNzA4MTgyMzU5NTlaMGkx -CzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVTUyBQTEFURk9STSBD -b3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVA -iQqrDZBbUGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH -38dq6SZeWYp34+hInDEW+j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lE -HoSTGEq0n+USZGnQJoViAbbJAh2+g1G7XNr4rRVqmfeSVPc0W+m/6imBEtRTkZaz -kVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2aacp+yPOiNgSnABIqKYP -szuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4Yb8Obtoq -vC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHf -nZ3zVHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaG -YQ5fG8Ir4ozVu53BA0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo -0es+nPxdGoMuK8u180SdOqcXYZaicdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3a -CJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejyYhbLgGvtPe31HzClrkvJE+2K -AQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNVHQ4EFgQU0p+I -36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB -Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoN -qo0hV4/GPnrK21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatj -cu3cvuzHV+YwIHHW1xDBE1UBjCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm -+LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bxhYTeodoS76TiEJd6eN4MUZeoIUCL -hr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTgE34h5prCy8VCZLQe -lHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTHD8z7 -p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8 -piKCk5XQA76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLR -LBT/DShycpWbXgnbiUSYqqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX -5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF4+KO -dh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul -9XXeifdy ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ -RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD -VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX -DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y -ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy -VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr -mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr -IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK -mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu -XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy -dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye -jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 -BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 -DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 -9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx -jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 -Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz -ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS -R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv -b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl -cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c -JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP -mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ -wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 -VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ -AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB -AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW -BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun -pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC -dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf -fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm -NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx -H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe -+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv -b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl -cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA -n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc -biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp -EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA -bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu -YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB -AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW -BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI -QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I -0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni -lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 -B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv -ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo -IhNzbM8m9Yop5w== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw -CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu -ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg -RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV -UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu -Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq -hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf -Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q -RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD -AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY -JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv -6pZjamVFkpUBtA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD -QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT -MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j -b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB -CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 -nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt -43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P -T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 -gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO -BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR -TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw -DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr -hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg -06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF -PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls -YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk -CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH -MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT -MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j -b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI -2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx -1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ -q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz -tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ -vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP -BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV -5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY -1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 -NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG -Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 -8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe -pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl -MrY= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw -CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu -ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe -Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw -EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x -IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF -K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG -fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO -Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd -BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx -AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ -oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 -sycX ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j -ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL -MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 -LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug -RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm -+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW -PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM -xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB -Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 -hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg -EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF -MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA -FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec -nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z -eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF -hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 -Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe -vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep -+OkuE6N36B9K ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg -RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV -UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu -Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y -ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If -xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV -ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO -DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ -jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ -CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi -EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM -fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY -uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK -chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t -9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD -ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 -SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd -+SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc -fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa -sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N -cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N -0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie -4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI -r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 -/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm -gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 -MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 -ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD -VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j -b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq -scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO -xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H -LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX -uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD -yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ -JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q -rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN -BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L -hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB -QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ -HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu -Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg -QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB -BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx -MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA -A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb -laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 -awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo -JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw -LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT -VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk -LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb -UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ -QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ -naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls -QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl +ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr +ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr +BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM +YyRIHN8wfdVoOw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYD -VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG -A1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw -WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz -IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi -AATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzuhXyi -QHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvR -HYqjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW -BBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D -9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/Cr8deVl5c1RxYIigL9zC2L7F8AjEA8GE8 -p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlD +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE +BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 +MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV +BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w +HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj +Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj +TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u +KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj +qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm +MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 +ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP +zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk +L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC +jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA +HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC +AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm +DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 +COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry +L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf +JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg +IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io +2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV +09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ +XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq +T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe +MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQsw -CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU -MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw -MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp -Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf/vo -27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7w -Cl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjw -TcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0Pfybl -qAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaH -szVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4Zor8 -Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUspzBmk -MiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92 -wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70p -aDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrN -VjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQID -AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E -FgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBAJ+qQibb -C5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe -QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuy -h6f88/qBVRRiClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM4 -7HLwEXWdyzRSjeZ2axfG34arJ45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8J -ZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYciNuaCp+0KueIHoI17eko8cdLiA6Ef -MgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5meLMFrUKTX5hgUvYU/ -Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJFfbdT -6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ -0E6yove+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm -2tIMPNuzjsmhDYAPexZ3FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bb -bP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3gm3c +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK +gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ +W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg +1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K +8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r +2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me +z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR +8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj +mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz +7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 ++XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI +0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm +UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 +LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS +k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl +7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm +btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl +urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ +fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 +n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE +76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H +9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT +4PsJYGw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQsw -CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU -MBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw -MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp -Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3LvCvpt -nfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY -6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAu -MC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7k -RXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXuPuWg -f9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1mKPV -+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K8Yzo -dDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RW -Ir9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKa -G73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCq -gc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwID -AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E -FgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBAB/Kzt3H -vqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8 -0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyC -B19m3H0Q/gxhswWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2u -NmSRXbBoGOqKYcl3qJfEycel/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMg -yALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVnjWQye+mew4K6Ki3pHrTgSAai/Gev -HyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y59PYjJbigapordwj6 -xLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M7YNR -TOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924Sg -JPFI/2R80L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV -7LXTWtiBmelDGDfrs7vRWGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl -6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjWHYbL +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj +ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM +9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw +IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 +VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L +93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm +jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA +A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI +U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs +N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv +o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU +5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy +rqXRfboQnoZsG4q5WTP468SQvvG5 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYD -VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG -A1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw -WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz -IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNi -AAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout736G -jOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL2 -4CejQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW -BBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA9uEglRR7 -VKOQFhG/hMjqb2sXnh5GmCCbn9MN2azTL818+FsuVbu/3ZL3pAzcMeGiAjEA/Jdm -ZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV11RZt+cRLInUue4X +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi +9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk +M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB +MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw +CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW +1KyLa2tJElMzrdfkviT8tQp21KW8EA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYD -VQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2Jh -bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgw -MTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0g -UjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wWTAT -BgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkWymOx -uYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNV -HQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/ -+wpu+74zyTyjhNUwCgYIKoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147 -bmF0774BxL4YSFlhgjICICadVGNA3jdgUM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix +DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k +IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT +N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v +dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG +A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh +ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx +QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA +4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0 +AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10 +4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C +ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV +9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD +gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6 +Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq +NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko +LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd +ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I +XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI +M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot +9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V +Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea +j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh +X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ +l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf +bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4 +pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK +e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0 +vm9qp/UsQu0yrbYhnr68 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQsw -CQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYD -VQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw -MTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4MjMxNjA0WjBlMQswCQYDVQQGEwJV -UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNy -b3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQBgcq -hkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZR -ogPZnZH6thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYb -hGBKia/teQ87zvH2RPUBeMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E -BTADAQH/MB0GA1UdDgQWBBTIy5lycFIM+Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3 -FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlfXu5gKcs68tvWMoQZP3zV -L8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaReNtUjGUB -iudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M= +MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg +MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh +bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx +MjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjET +MBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQssgrRI +xutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1k +ZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxD +aNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJw +LnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9CgYXfIWHSw +1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJDa38O+2HBNX +k7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05OWgtH8wY2 +SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/h +bguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4n +WUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpY +rZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZcIN5kZeR1Bonvzce +MgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNVHSMEGDAWgBSu +bAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN +nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGt +Ixg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr61 +55wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLj +vUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944Hn+Xds+qkxV/ZoVqW/hpvvf +cDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr3TsTjxKM4kEaSHpz +oHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB10jZp +nOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfs +pA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+v +JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R +8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDfLRVpOoERIyNiwmcUVhAn21klJwGW4 +5hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBl -MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw -NAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 -IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIwNzE4MjMwMDIzWjBlMQswCQYDVQQG -EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1N -aWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwggIi -MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZ -Nt9GkMml7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0 -ZdDMbRnMlfl7rEqUrQ7eS0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1 -HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw71VdyvD/IybLeS2v4I2wDwAW9lcfNcztm -gGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+dkC0zVJhUXAoP8XFWvLJ -jEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49FyGcohJUc -aDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaG -YaRSMLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6 -W6IYZVcSn2i51BVrlMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4K -UGsTuqwPN1q3ErWQgR5WrlcihtnJ0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH -+FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJClTUFLkqqNfs+avNJVgyeY+Q -W5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/ -BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC -NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZC -LgLNFgVZJ8og6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OC -gMNPOsduET/m4xaRhPtthH80dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6 -tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk+ONVFT24bcMKpBLBaYVu32TxU5nh -SnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex/2kskZGT4d9Mozd2 -TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDyAmH3 -pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGR -xpl/j8nWZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiApp -GWSZI1b7rCoucL5mxAyE7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9 -dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKTc0QWbej09+CVgI+WXTik9KveCjCHk9hN -AHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D5KbvtwEwXlGjefVwaaZB -RA+GsCyRxj3qrg+E +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN +BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl +bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv +b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ +BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj +YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5 +MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0 +dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg +QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa +jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi +C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep +lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof +TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIC2zCCAmCgAwIBAgIQfMmPK4TX3+oPyWWa00tNljAKBggqhkjOPQQDAzBIMQsw -CQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRS -VVNUIEJSIFJvb3QgQ0EgMSAyMDIwMB4XDTIwMDIxMTA5NDUwMFoXDTM1MDIxMTA5 -NDQ1OVowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAG -A1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDEgMjAyMDB2MBAGByqGSM49AgEGBSuB -BAAiA2IABMbLxyjR+4T1mu9CFCDhQ2tuda38KwOE1HaTJddZO0Flax7mNCq7dPYS -zuht56vkPE4/RAiLzRZxy7+SmfSk1zxQVFKQhYN4lGdnoxwJGT11NIXe7WB9xwy0 -QVK5buXuQqOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHOREKv/ -VbNafAkl1bK6CKBrqx9tMA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6g -PKA6hjhodHRwOi8vY3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X2JyX3Jvb3Rf -Y2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5l -dC9DTj1ELVRSVVNUJTIwQlIlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxPPUQtVHJ1 -c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjO -PQQDAwNpADBmAjEAlJAtE/rhY/hhY+ithXhUkZy4kzg+GkHaQBZTQgjKL47xPoFW -wKrY7RjEsK70PvomAjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHV -dWNbFJWcHwHP2NVypw87 +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx +GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp +bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w +KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0 +BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy +dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG +EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll +IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU +QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT +TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg +LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7 +a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr +LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr +N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X +YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/ +iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f +AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH +V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf +IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4 +lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c +8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf +lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAw @@ -3449,69 +3400,239 @@ 3kAP+HwV96LOPNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV -BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X -DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ -BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 -QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny -gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw -zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q -130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 -JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw -DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw -ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT -AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj -AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG -9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h -bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc -fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu -HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w -t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw -WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBH +MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBF +eHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMx +MDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNV +BAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrsiWog +D4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvS +sPGP2KxFRv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aop +O2z6+I9tTcg1367r3CTueUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dk +sHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR59mzLC52LqGj3n5qiAno8geK+LLNEOfi +c0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH0mK1lTnj8/FtDw5lhIpj +VMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KRel7sFsLz +KuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/ +TuDvB0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41G +sx2VYVdWf6/wFlthWG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs +1+lvK9JKBZP8nm9rZ/+I8U6laUpSNwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQD +fwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS3H5aBZ8eNJr34RQwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBADaN +l8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR +ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQ +VBcZEhrxH9cMaVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5 +c6sq1WnIeJEmMX3ixzDx/BR4dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp +4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb+7lsq+KePRXBOy5nAliRn+/4Qh8s +t2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOWF3sGPjLtx7dCvHaj +2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwiGpWO +vpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2C +xR9GUeOcGMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmx +cmtpzyKEC2IPrNkZAJSidjzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbM +fjKaiJUINlK73nZfdklJrX+9ZSCyycErdhh2n1ax -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBN -MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMT -HERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN -NDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQs -IEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwggIi -MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS87IE+ -ajWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG0 -2C+JFvuUAT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgp -wgscONyfMXdcvyej/Cestyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZM -pG2T6T867jp8nVid9E6P/DsjyG244gXazOvswzH016cpVIDPRFtMbzCe88zdH5RD -nU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnVDdXifBBiqmvwPXbzP6Po -sMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9qTXeXAaDx -Zre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cd -Lvvyz6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvX -KyY//SovcfXWJL5/MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNe -XoVPzthwiHvOAbWWl9fNff2C+MIkwcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPL -tgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4EFgQUUTMc7TZArxfTJc1paPKv -TiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN -AQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw -GXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7H -PNtQOa27PShNlnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLF -O4uJ+DQtpBflF+aZfTCIITfNMBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQ -REtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/u4cnYiWB39yhL/btp/96j1EuMPik -AdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9GOUrYU9DzLjtxpdRv -/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh47a+ -p6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilw -MUc/dNAUFvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WF -qUITVuwhd4GTWgzqltlJyqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCK -ovfepEWFJqgejF0pW8hL2JpqA15w8oVPbEtoL8pU9ozaMv7Da4M/OMZ+ +MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9 +MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBH +bG9iYWwgRzIgUm9vdDAeFw0xNjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0x +CzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEbMBkGA1UEAwwSVUNBIEds +b2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxeYr +b3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmToni9 +kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzm +VHqUwCoV8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/R +VogvGjqNO7uCEeBHANBSh6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDc +C/Vkw85DvG1xudLeJ1uK6NjGruFZfc8oLTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIj +tm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/R+zvWr9LesGtOxdQXGLY +D0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBeKW4bHAyv +j5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6Dl +NaBa4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6 +iIis7nCs+dwp4wwcOxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznP +O6Q0ibd5Ei9Hxeepl2n8pndntd978XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIHEjMz15DD/pQwIX4wV +ZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo5sOASD0Ee/oj +L3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5 +1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl +1qnN3e92mI0ADs0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oU +b3n09tDh05S60FdRvScFDcH9yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LV +PtateJLbXDzz2K36uGt/xDYotgIVilQsnLAXc47QN6MUPJiVAAwpBVueSUmxX8fj +y88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHojhJi6IjMtX9Gl8Cb +EGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZkbxqg +DMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI ++Vg7RE+xygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGy +YiGqhkCyLmTTX8jjfhFnRR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bX +UB+K+wb1whnw0A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQsw -CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURp -Z2lDZXJ0IFRMUyBFQ0MgUDM4NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2 -MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ -bmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQgUm9vdCBHNTB2MBAG -ByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1TzvdlHJS -7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp -0zVozptjn4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICIS -B4CIfBFqMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49 -BAMDA2gAMGUCMQCJao1H5+z8blUD2WdsJk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQ -LgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIxAJSdYsiJvRmEFOml+wG4 -DXZDjC5Ty3zfDBeWUA== +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx +NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv +bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA +VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku +WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP +MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX +5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ +ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg +h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz +WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0 +b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS +b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI +7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg +CemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud +EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD +VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T +kdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+ +gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK +DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz +OTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R +xFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX +qhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC +C52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3 +6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh +/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF +YD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E +JNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc +US4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8 +ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm ++Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi +M+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G +A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV +cpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc +Hadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs +PgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/ +q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0 +cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr +a6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I +H37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y +K9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu +nLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf +oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY +Ic2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 +WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu +ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc +h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ +0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U +A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW +T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH +B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC +B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv +KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn +OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn +jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw +qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI +rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq +hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ +3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK +NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 +ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur +TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC +jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc +oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq +4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA +mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d +emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYT +AkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYD +VQQDEyJTZWN1cml0eSBDb21tdW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYx +NjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTELMAkGA1UEBhMCSlAxJTAjBgNVBAoT +HFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNVBAMTIlNlY3VyaXR5 +IENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+Cnnfdl +dB9sELLo5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpK +ULGjQjBAMB0GA1UdDgQWBBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu +9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3LsnNdo4gIxwwCMQDAqy0O +be0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70eN9k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFfzCCA2egAwIBAgIJAOF8N0D9G/5nMA0GCSqGSIb3DQEBDAUAMF0xCzAJBgNV +BAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScw +JQYDVQQDEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTMwHhcNMTYwNjE2 +MDYxNzE2WhcNMzgwMTE4MDYxNzE2WjBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc +U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UEAxMeU2VjdXJpdHkg +Q29tbXVuaWNhdGlvbiBSb290Q0EzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEA48lySfcw3gl8qUCBWNO0Ot26YQ+TUG5pPDXC7ltzkBtnTCHsXzW7OT4r +CmDvu20rhvtxosis5FaU+cmvsXLUIKx00rgVrVH+hXShuRD+BYD5UpOzQD11EKzA +lrenfna84xtSGc4RHwsENPXY9Wk8d/Nk9A2qhd7gCVAEF5aEt8iKvE1y/By7z/MG +TfmfZPd+pmaGNXHIEYBMwXFAWB6+oHP2/D5Q4eAvJj1+XCO1eXDe+uDRpdYMQXF7 +9+qMHIjH7Iv10S9VlkZ8WjtYO/u62C21Jdp6Ts9EriGmnpjKIG58u4iFW/vAEGK7 +8vknR+/RiTlDxN/e4UG/VHMgly1s2vPUB6PmudhvrvyMGS7TZ2crldtYXLVqAvO4 +g160a75BflcJdURQVc1aEWEhCmHCqYj9E7wtiS/NYeCVvsq1e+F7NGcLH7YMx3we +GVPKp7FKFSBWFHA9K4IsD50VHUeAR/94mQ4xr28+j+2GaR57GIgUssL8gjMunEst ++3A7caoreyYn8xrC3PsXuKHqy6C0rtOUfnrQq8PsOC0RLoi/1D+tEjtCrI8Cbn3M +0V9hvqG8OmpI6iZVIhZdXw3/JzOfGAN0iltSIEdrRU0id4xVJ/CvHozJgyJUt5rQ +T9nO/NkuHJYosQLTA70lUhw0Zk8jq/R3gpYd0VcwCBEF/VfR2ccCAwEAAaNCMEAw +HQYDVR0OBBYEFGQUfPxYchamCik0FW8qy7z8r6irMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQDcAiMI4u8hOscNtybS +YpOnpSNyByCCYN8Y11StaSWSntkUz5m5UoHPrmyKO1o5yGwBQ8IibQLwYs1OY0PA +FNr0Y/Dq9HHuTofjcan0yVflLl8cebsjqodEV+m9NU1Bu0soo5iyG9kLFwfl9+qd +9XbXv8S2gVj/yP9kaWJ5rW4OH3/uHWnlt3Jxs/6lATWUVCvAUm2PVcTJ0rjLyjQI +UYWg9by0F1jqClx6vWPGOi//lkkZhOpn2ASxYfQAW0q3nHE3GYV5v4GwxxMOdnE+ +OoAGrgYWp421wsTL/0ClXI2lyTrtcoHKXJg80jQDdwj98ClZXSEIx2C/pHF7uNke +gr4Jr2VvKKu/S7XuPghHJ6APbw+LP6yVGPO5DtxnVW5inkYO0QR4ynKudtml+LLf +iAlhi+8kTtFZP1rUPcmTPCtk9YENFpb3ksP+MW/oKjJ0DvRMmEoYDjBU1cXrvMUV +nuiZIesnKwkK2/HmcBhWuwzkvvnoEKQTkrgc4NtnHVMDpCKn3F2SEDzq//wbEBrD +2NCcnWXL0CsnMQMeNuE9dnUM/0Umud1RvCPHX9jYhxBAEg09ODfnRDwYwFMJZI// +1ZqmfHAuc1Uh6N//g7kdPjIe1qZ9LPFm6Vwdp6POXiUyK+OVrCoHzrQoeIY8Laad +TdJ0MN1kURXbg4NR16/9M51NZg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx +CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ +WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ +BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG +Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/ +yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf +BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz +WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF +tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z +374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC +IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL +mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7 +wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS +MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2 +ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet +UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H +YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3 +LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1 +RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM +LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf +77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N +JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm +fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp +6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp +1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B +9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok +RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv +uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= -----END CERTIFICATE-----
View file
_service:tar_scm:stunnel-5.69.tar.gz/tools/openssl.cnf -> _service:tar_scm:stunnel-5.72.tar.gz/tools/openssl.cnf
Changed
@@ -1,5 +1,5 @@ # OpenSSL configuration file to create a server certificate -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 # Use this in order to automatically load providers. openssl_conf = openssl_init
View file
_service:tar_scm:stunnel-5.69.tar.gz/tools/stunnel.bash -> _service:tar_scm:stunnel-5.72.tar.gz/tools/stunnel.bash
Changed
@@ -1,5 +1,5 @@ # bash completion for stunnel -*- shell-script -*- -# by Michal Trojnara 1998-2023 +# by Michal Trojnara 1998-2024 _comp_cmd_stunnel() {
View file
_service:tar_scm:stunnel-5.69.tar.gz/tools/stunnel.conf -> _service:tar_scm:stunnel-5.72.tar.gz/tools/stunnel.conf
Changed
@@ -1,4 +1,4 @@ -; Sample stunnel configuration file for Win64 by Michal Trojnara 2002-2023 +; Sample stunnel configuration file for Win64 by Michal Trojnara 2002-2024 ; Some options used here may be inadequate for your particular configuration ; This sample file does *not* represent stunnel.conf defaults ; Please consult the manual for detailed description of available options
View file
_service:tar_scm:stunnel-5.69.tar.gz/tools/stunnel.conf-sample.in -> _service:tar_scm:stunnel-5.72.tar.gz/tools/stunnel.conf-sample.in
Changed
@@ -1,4 +1,4 @@ -; Sample stunnel configuration file for Unix by Michal Trojnara 1998-2023 +; Sample stunnel configuration file for Unix by Michal Trojnara 1998-2024 ; Some options used here may be inadequate for your particular configuration ; This sample file does *not* represent stunnel.conf defaults ; Please consult the manual for detailed description of available options
View file
_service:tar_scm:stunnel-5.69.tar.gz/tools/stunnel.license -> _service:tar_scm:stunnel-5.72.tar.gz/tools/stunnel.license
Changed
@@ -1,4 +1,4 @@ -Copyright (C) 1998-2023 Michal Trojnara +Copyright (C) 1998-2024 Michal Trojnara This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
View file
_service:tar_scm:stunnel-5.69.tar.gz/tools/stunnel.nsi -> _service:tar_scm:stunnel-5.72.tar.gz/tools/stunnel.nsi
Changed
@@ -1,4 +1,4 @@ -# NSIS stunnel installer by Michal Trojnara 1998-2023 +# NSIS stunnel installer by Michal Trojnara 1998-2024 !define /ifndef VERSION testing !define /ifndef ARCH win32 @@ -365,6 +365,9 @@ !if /FileExists "/usr/i686-w64-mingw32/bin/libssp-0.dll" File "/usr/i686-w64-mingw32/bin/libssp-0.dll" !else + !if /FileExists "/usr/lib/gcc/i686-w64-mingw32/12-win32/libssp-0.dll" + File "/usr/lib/gcc/i686-w64-mingw32/12-win32/libssp-0.dll" + !else !if /FileExists "/usr/lib/gcc/i686-w64-mingw32/10-win32/libssp-0.dll" File "/usr/lib/gcc/i686-w64-mingw32/10-win32/libssp-0.dll" !else @@ -376,6 +379,9 @@ !else !if /FileExists "/usr/i686-w64-mingw32/sys-root/mingw/bin/libssp-0.dll" File "/usr/i686-w64-mingw32/sys-root/mingw/bin/libssp-0.dll" + !else + !error "32-bit libssp-0.dll not found" + !endif !endif !endif !endif @@ -387,6 +393,9 @@ !if /FileExists "/usr/x86_64-w64-mingw32/bin/libssp-0.dll" File "/usr/x86_64-w64-mingw32/bin/libssp-0.dll" !else + !if /FileExists "/usr/lib/gcc/x86_64-w64-mingw32/12-win32/libssp-0.dll" + File "/usr/lib/gcc/x86_64-w64-mingw32/12-win32/libssp-0.dll" + !else !if /FileExists "/usr/lib/gcc/x86_64-w64-mingw32/10-win32/libssp-0.dll" File "/usr/lib/gcc/x86_64-w64-mingw32/10-win32/libssp-0.dll" !else @@ -398,6 +407,9 @@ !else !if /FileExists "/usr/x86_64-w64-mingw32/sys-root/mingw/bin/libssp-0.dll" File "/usr/x86_64-w64-mingw32/sys-root/mingw/bin/libssp-0.dll" + !else + !error "64-bit libssp-0.dll not found" + !endif !endif !endif !endif
View file
_service:tar_scm:stunnel-5.72.tar.gz/tools/stunnel.spec.in
Added
@@ -0,0 +1,126 @@ +Name: stunnel +Version: @PACKAGE_VERSION@ +Release: 1%{?dist} +Summary: An TLS-encrypting socket wrapper +Group: Applications/Internet +License: GPLv2 +URL: https://www.stunnel.org/ +Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +# util-linux is needed for rename +BuildRequires: openssl-devel, util-linux +%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +BuildRequires: systemd-units +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%endif + +%description +Stunnel is a socket wrapper which can provide TLS (Transport Layer Security) support to ordinary applications. For example, it can be used +in conjunction with imapd to create an TLS secure IMAP server. + +# Do not generate provides for private libraries +%global __provides_exclude_from ^%{_libdir}/stunnel/.*$ + +%prep +%setup -q + +%build +%configure --enable-fips --enable-ipv6 --with-ssl=%{_prefix} \ + CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"'" +make V=1 + +%install +make install DESTDIR=%{buildroot} +# Move the translated man pages to the right subdirectories, and strip off the +# language suffixes. +for lang in pl ; do + mkdir -p %{buildroot}/%{_mandir}/${lang}/man8 + mv %{buildroot}/%{_mandir}/man8/*.${lang}.8* %{buildroot}/%{_mandir}/${lang}/man8/ + rename ".${lang}" "" %{buildroot}/%{_mandir}/${lang}/man8/* +done +%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +mkdir -p %{buildroot}%{_unitdir} +cp tools/%{name}.service %{buildroot}%{_unitdir}/%{name}.service +mkdir -p %{buildroot}%{_datadir}/bash-completion/completions +cp tools/%{name}.bash %{buildroot}%{_datadir}/bash-completion/completions/%{name}.bash +%endif + +%post +/sbin/ldconfig +%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +%systemd_post %{name}.service +%endif + +%preun +%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +%systemd_preun %{name}.service +%endif + +%postun +/sbin/ldconfig +%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +%systemd_postun_with_restart %{name}.service +%endif + +%files +%{!?_licensedir:%global license %%doc} +%doc COPYING.md COPYRIGHT.md README.md NEWS.md AUTHORS.md BUGS.md CREDITS.md PORTS.md TODO.md +%license COPY* +%lang(en) %doc doc/en/* +%lang(pl) %doc doc/pl/* +%{_bindir}/stunnel +%exclude %{_bindir}/stunnel3 +%exclude %{_datadir}/doc/stunnel +%{_libdir}/stunnel +%exclude %{_libdir}/stunnel/libstunnel.la +%{_mandir}/man8/stunnel.8* +%lang(pl) %{_mandir}/pl/man8/stunnel.8* +%dir %{_sysconfdir}/%{name} +%config %{_sysconfdir}/%{name}/*-sample +%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +%{_unitdir}/%{name}*.service +%endif +%config(noreplace) %{_datarootdir}/bash-completion/* + +%changelog +* Fri Feb 24 2023 Małgorzata Olszówka <Malgorzata.Olszowka@stunnel.org> +- Fixed bash completion support +- Removed excluding pem files + +* Wed Mar 02 2022 Małgorzata Olszówka <Malgorzata.Olszowka@stunnel.org> +- bash completion support + +* Fri Sep 24 2021 Michał Trojnara <Michal.Trojnara@stunnel.org> +- Added systemd startup for Fedora >= 15 or RHEL >= 7 +- Removed obsolete init startup +- Removed obsolete logrotate configuration (replaced with journalctl) +- Removed obsolete tcp_wrappers-devel support +- Removed creating a dedicated user +- Simplified the .spec file + +* Wed Apr 27 2016 Andrew Colin Kissa <andrew@topdog.za.net> - 5.32-1 +- Added init script that actually works on Redhat +- Lots of changes and cleanup to improve spec + +* Tue May 26 2015 Bill Quayle <Bill.Quayle@citadel.com> +- updated license specification +- the manual page is no longer marked as compressed +- removed outdated documentation files +- updated minimum required version of OpenSSL + +* Fri Sep 09 2005 neeo <neeo@irc.pl> +- lots of changes and cleanups + +* Wed Mar 17 2004 neeo <neeo@irc.pl> +- updated for 4.05 + +* Sat Jun 24 2000 Brian Hatch <bri@stunnel.org> +- updated for 3.8p3 + +* Wed Jul 14 1999 Dirk O. Siebnich <dok@vossnet.de> +- updated for 3.5. + +* Mon Jun 07 1999 Dirk O. Siebnich <dok@vossnet.de> +- adapted from sslwrap RPM spec file
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2