diff -Nru stunnel4-5.49/build-android.sh stunnel4-5.50/build-android.sh --- stunnel4-5.49/build-android.sh 2018-08-09 05:43:52.000000000 +0000 +++ stunnel4-5.50/build-android.sh 2018-12-01 14:03:29.000000000 +0000 @@ -1,18 +1,34 @@ #!/bin/sh set -ev -VERSION=5.49 +VERSION=5.50 DST=stunnel-$VERSION-android -# to build OpenSSL: -# ./Configure threads no-shared no-dso --cross-compile-prefix=arm-linux-androideabi- --prefix=/opt/androideabi/sysroot linux-armv4 -# make install +# install Android NDK on Arch Linux: +# aurman -S android-ndk-14b +# install Android NDK on Debian: +# sudo apt install google-android-ndk-installer + +# build OpenSSL: +# export ANDROID_NDK=/usr/lib/android-ndk +# export PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin:$PATH +# ./Configure no-shared --prefix=/opt/openssl-android android-arm +# make && sudo make install + +# Debian does not deploy /etc/profile.d/android-ndk.sh +test -d "$ANDROID_NDK" || ANDROID_NDK=/usr/lib/android-ndk + +ANDROID_SYSROOT=$ANDROID_NDK/platforms/android-23/arch-arm +export CPPFLAGS="--sysroot=$ANDROID_SYSROOT" +export CFLAGS="--sysroot=$ANDROID_SYSROOT" +export PATH="$ANDROID_NDK/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin:$PATH" test -f Makefile && make distclean mkdir -p bin/android cd bin/android -../../configure --with-sysroot --build=i686-pc-linux-gnu --host=arm-linux-androideabi --prefix=/data/local +../../configure --with-ssl=/opt/openssl-android --prefix=/data/local/tmp \ + --build=x86_64-pc-linux-gnu --host=arm-linux-androideabi make clean -make +make V=1 cd ../.. mkdir $DST cp bin/android/src/stunnel $DST diff -Nru stunnel4-5.49/ChangeLog stunnel4-5.50/ChangeLog --- stunnel4-5.49/ChangeLog 2018-09-03 20:15:38.000000000 +0000 +++ stunnel4-5.50/ChangeLog 2018-12-02 22:51:10.000000000 +0000 @@ -1,5 +1,24 @@ stunnel change log +Version 5.50, 2018.12.02, urgency: MEDIUM +* New features + - 32-bit Windows builds replaced with 64-bit builds. + - OpenSSL DLLs updated to version 1.1.1. + - Check whether "output" is not a relative file name. + - Major code cleanup in the configuration file parser. + - Added sslVersion, sslVersionMin and sslVersionMax + for OpenSSL 1.1.0 and later. +* Bugfixes + - Fixed PSK session resumption with TLS 1.3. + - Fixed a memory leak in WIN32 logging subsystem. + - Allow for zero value (ignored) TLS options. + - Partially refactored configuration file parsing + and logging subsystems for clearer code and minor + bugfixes. +* Caveats + - We removed FIPS support from our standard builds. + FIPS will still be available with bespoke builds. + Version 5.49, 2018.09.03, urgency: MEDIUM * New features - Performance optimizations. diff -Nru stunnel4-5.49/configure stunnel4-5.50/configure --- stunnel4-5.49/configure 2018-08-31 14:51:17.000000000 +0000 +++ stunnel4-5.50/configure 2018-11-09 15:53:57.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for stunnel 5.49. +# Generated by GNU Autoconf 2.69 for stunnel 5.50. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='stunnel' PACKAGE_TARNAME='stunnel' -PACKAGE_VERSION='5.49' -PACKAGE_STRING='stunnel 5.49' +PACKAGE_VERSION='5.50' +PACKAGE_STRING='stunnel 5.50' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -689,8 +689,6 @@ build_vendor build_cpu build -AUTHOR_TESTS_FALSE -AUTHOR_TESTS_TRUE AM_BACKSLASH AM_DEFAULT_VERBOSITY AM_DEFAULT_V @@ -1340,7 +1338,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures stunnel 5.49 to adapt to many kinds of systems. +\`configure' configures stunnel 5.50 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1411,7 +1409,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of stunnel 5.49:";; + short | recursive ) echo "Configuration of stunnel 5.50:";; esac cat <<\_ACEOF @@ -1530,7 +1528,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -stunnel configure 5.49 +stunnel configure 5.50 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2136,7 +2134,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by stunnel $as_me 5.49, which was +It was created by stunnel $as_me 5.50, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3005,7 +3003,7 @@ # Define the identity of the package. PACKAGE='stunnel' - VERSION='5.49' + VERSION='5.50' cat >>confdefs.h <<_ACEOF @@ -3099,14 +3097,6 @@ fi - if test -d ".git"; then - AUTHOR_TESTS_TRUE= - AUTHOR_TESTS_FALSE='#' -else - AUTHOR_TESTS_TRUE='#' - AUTHOR_TESTS_FALSE= -fi - # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 @@ -16256,39 +16246,39 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** TLS" >&5 $as_echo "$as_me: **************************************** TLS" >&6;} -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for compiler sysroot" >&5 -$as_echo_n "checking for compiler sysroot... " >&6; } -if test "x$GCC" = "xyes"; then - sysroot=`$CC --print-sysroot 2>/dev/null` -fi -if test -z "$sysroot" -o "x$sysroot" = "x/"; then - sysroot="" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: /" >&5 -$as_echo "/" >&6; } -else - SYSROOT="$sysroot" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sysroot" >&5 -$as_echo "$sysroot" >&6; } -fi - check_ssl_dir() { : test -n "$1" -a -f "$1/include/openssl/ssl.h" && SSLDIR="$1" } -find_ssl_dir() { : - stunnel_prefix="$prefix" - test "x$stunnel_prefix" = "xNONE" && stunnel_prefix=$ac_default_prefix +iterate_ssl_dir() { : # OpenSSL directory search order: # - the user-specified prefix # - common locations for packages built from sources # - common locations for non-OS-default package managers # - common locations for OS-default package managers # - empty prefix - for main_dir in "$stunnel_prefix" "/usr/local" "/opt" "/opt/local" "/usr/local/opt" "/opt/csw" "/usr/pkg" "/usr/lib" "/usr" ""; do + for main_dir in "/usr/local" "/opt" "/opt/local" "/usr/local/opt" "/opt/csw" "/usr/pkg" "/usr/lib" "/usr" ""; do for sub_dir in "/ssl" "/openssl" "/ossl" ""; do - check_ssl_dir "$sysroot$main_dir$sub_dir" && return + check_ssl_dir "$1$main_dir$sub_dir" && return 0 done done + return 1 +} + +find_ssl_dir() { : + # try Android *first* + case "$host_os" in + *androideabi*) + iterate_ssl_dir "$ANDROID_NDK/sysroot" && return + ;; + esac + + test -d "$lt_sysroot" && iterate_ssl_dir "$lt_sysroot" && return + test "$prefix" != "NONE" && iterate_ssl_dir "$prefix" && return + test -d "$ac_default_prefix" && iterate_ssl_dir "$ac_default_prefix" && return + iterate_ssl_dir "" && return + + # try Xcode *last* if test -x "/usr/bin/xcrun"; then sdk_path=`/usr/bin/xcrun --sdk macosx --show-sdk-path` check_ssl_dir "$sdk_path/usr" && return @@ -16353,6 +16343,7 @@ fi +SYSROOT="$lt_sysroot" CPPFLAGS="$valid_CPPFLAGS" LIBS="$valid_LIBS" @@ -16485,10 +16476,6 @@ am__EXEEXT_FALSE= fi -if test -z "${AUTHOR_TESTS_TRUE}" && test -z "${AUTHOR_TESTS_FALSE}"; then - as_fn_error $? "conditional \"AUTHOR_TESTS\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then as_fn_error $? "conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -16894,7 +16881,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by stunnel $as_me 5.49, which was +This file was extended by stunnel $as_me 5.50, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -16960,7 +16947,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -stunnel config.status 5.49 +stunnel config.status 5.50 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru stunnel4-5.49/configure.ac stunnel4-5.50/configure.ac --- stunnel4-5.49/configure.ac 2018-08-31 14:49:02.000000000 +0000 +++ stunnel4-5.50/configure.ac 2018-11-09 15:53:43.000000000 +0000 @@ -1,6 +1,6 @@ # Process this file with autoconf to produce a configure script. -AC_INIT([stunnel],[5.49]) +AC_INIT([stunnel],[5.50]) AC_MSG_NOTICE([**************************************** initialization]) AC_CONFIG_AUX_DIR(auto) AC_CONFIG_MACRO_DIR([m4]) @@ -8,7 +8,6 @@ AC_CONFIG_SRCDIR([src/stunnel.c]) AM_INIT_AUTOMAKE -AM_CONDITIONAL([AUTHOR_TESTS], [test -d ".git"]) AC_CANONICAL_HOST AC_SUBST([host]) AC_DEFINE_UNQUOTED([HOST], ["$host"], [Host description]) @@ -397,36 +396,39 @@ AC_MSG_NOTICE([**************************************** TLS]) -AC_MSG_CHECKING([for compiler sysroot]) -if test "x$GCC" = "xyes"; then - sysroot=`$CC --print-sysroot 2>/dev/null` -fi -if test -z "$sysroot" -o "x$sysroot" = "x/"; then - sysroot="" - AC_MSG_RESULT([/]) -else - SYSROOT="$sysroot" - AC_MSG_RESULT([$sysroot]) -fi - check_ssl_dir() { : test -n "$1" -a -f "$1/include/openssl/ssl.h" && SSLDIR="$1" } -find_ssl_dir() { : - stunnel_prefix="$prefix" - test "x$stunnel_prefix" = "xNONE" && stunnel_prefix=$ac_default_prefix +iterate_ssl_dir() { : # OpenSSL directory search order: # - the user-specified prefix # - common locations for packages built from sources # - common locations for non-OS-default package managers # - common locations for OS-default package managers # - empty prefix - for main_dir in "$stunnel_prefix" "/usr/local" "/opt" "/opt/local" "/usr/local/opt" "/opt/csw" "/usr/pkg" "/usr/lib" "/usr" ""; do + for main_dir in "/usr/local" "/opt" "/opt/local" "/usr/local/opt" "/opt/csw" "/usr/pkg" "/usr/lib" "/usr" ""; do for sub_dir in "/ssl" "/openssl" "/ossl" ""; do - check_ssl_dir "$sysroot$main_dir$sub_dir" && return + check_ssl_dir "$1$main_dir$sub_dir" && return 0 done done + return 1 +} + +find_ssl_dir() { : + # try Android *first* + case "$host_os" in + *androideabi*) + iterate_ssl_dir "$ANDROID_NDK/sysroot" && return + ;; + esac + + test -d "$lt_sysroot" && iterate_ssl_dir "$lt_sysroot" && return + test "$prefix" != "NONE" && iterate_ssl_dir "$prefix" && return + test -d "$ac_default_prefix" && iterate_ssl_dir "$ac_default_prefix" && return + iterate_ssl_dir "" && return + + # try Xcode *last* if test -x "/usr/bin/xcrun"; then sdk_path=`/usr/bin/xcrun --sdk macosx --show-sdk-path` check_ssl_dir "$sdk_path/usr" && return @@ -464,6 +466,7 @@ ]) fi +SYSROOT="$lt_sysroot" CPPFLAGS="$valid_CPPFLAGS" LIBS="$valid_LIBS" diff -Nru stunnel4-5.49/debian/changelog stunnel4-5.50/debian/changelog --- stunnel4-5.49/debian/changelog 2018-11-19 01:42:28.000000000 +0000 +++ stunnel4-5.50/debian/changelog 2018-12-06 15:05:38.000000000 +0000 @@ -1,8 +1,10 @@ -stunnel4 (3:5.49-1ubuntu1) disco; urgency=medium +stunnel4 (3:5.50-1) unstable; urgency=medium - * debian/tests/upstream: Force soft link to fix test failure. + * New upstream version: + - drop the 05-author-tests and 07-path-max patches, integrated upstream + - refresh the 02-rename-binary and 04-restore-pidfile-default patches - -- Logan Rosen Sun, 18 Nov 2018 20:42:28 -0500 + -- Peter Pentchev Thu, 06 Dec 2018 17:05:38 +0200 stunnel4 (3:5.49-1) unstable; urgency=medium diff -Nru stunnel4-5.49/debian/control stunnel4-5.50/debian/control --- stunnel4-5.49/debian/control 2018-11-19 01:42:28.000000000 +0000 +++ stunnel4-5.50/debian/control 2018-08-26 20:29:02.000000000 +0000 @@ -15,8 +15,7 @@ net-tools, openssl, procps -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Peter Pentchev +Maintainer: Peter Pentchev Uploaders: Laszlo Boszormenyi (GCS) Standards-Version: 4.2.1 Vcs-Browser: https://salsa.debian.org/debian/stunnel/ diff -Nru stunnel4-5.49/debian/patches/02-rename-binary.patch stunnel4-5.50/debian/patches/02-rename-binary.patch --- stunnel4-5.49/debian/patches/02-rename-binary.patch 2018-09-10 08:47:12.000000000 +0000 +++ stunnel4-5.50/debian/patches/02-rename-binary.patch 2018-12-06 09:57:19.000000000 +0000 @@ -2,7 +2,7 @@ Forwarded: not-needed Author: Julien Lemoine Author: Luis Rodrigo Gallardo Cruz -Last-Update: 2018-09-10 +Last-Update: 2018-12-06 --- a/src/stunnel3.in +++ b/src/stunnel3.in @@ -92,9 +92,9 @@ .\" ======================================================================== .\" -.IX Title "stunnel 8" --.TH stunnel 8 "2018.07.02" "5.48" "stunnel TLS Proxy" +-.TH stunnel 8 "2018.12.02" "5.50" "stunnel TLS Proxy" +.IX Title "stunnel4 8" -+.TH stunnel 8 "2018.07.02" "5.48" "stunnel4 TLS Proxy" ++.TH stunnel 8 "2018.12.02" "5.50" "stunnel4 TLS Proxy" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -Nru stunnel4-5.49/debian/patches/04-restore-pidfile-default.patch stunnel4-5.50/debian/patches/04-restore-pidfile-default.patch --- stunnel4-5.49/debian/patches/04-restore-pidfile-default.patch 2018-09-10 08:47:48.000000000 +0000 +++ stunnel4-5.50/debian/patches/04-restore-pidfile-default.patch 2018-12-06 10:01:32.000000000 +0000 @@ -8,7 +8,7 @@ Forwarded: not-needed Author: Peter Pentchev Bug-Debian: https://bugs.debian.org/744851 -Last-Update: 2017-07-03 +Last-Update: 2018-12-06 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -44,6 +44,7 @@ @@ -21,22 +21,22 @@ stunnel_LDFLAGS = -L$(SSLDIR)/lib64 -L$(SSLDIR)/lib -lssl -lcrypto --- a/src/options.c +++ b/src/options.c -@@ -1028,7 +1028,7 @@ +@@ -1025,7 +1025,7 @@ #ifndef USE_WIN32 switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: - new_global_options.pidfile=NULL; /* do not create a pid file */ + new_global_options.pidfile=PIDFILE; break; - case CMD_EXEC: - if(strcasecmp(opt, "pid")) -@@ -1048,9 +1048,10 @@ - str_free(tmp); + case CMD_SET_COPY: /* not used for global options */ break; - case CMD_DEFAULT: +@@ -1049,9 +1049,10 @@ + return "Pid file must include full path name"; + break; + case CMD_PRINT_DEFAULTS: + s_log(LOG_NOTICE, "%-22s = %s", "pid", PIDFILE); break; - case CMD_HELP: + case CMD_PRINT_HELP: - s_log(LOG_NOTICE, "%-22s = pid file", "pid"); + s_log(LOG_NOTICE, "%-22s = pid file (empty to disable creating)", "pid"); break; diff -Nru stunnel4-5.49/debian/patches/05-author-tests.patch stunnel4-5.50/debian/patches/05-author-tests.patch --- stunnel4-5.49/debian/patches/05-author-tests.patch 2018-05-23 10:34:48.000000000 +0000 +++ stunnel4-5.50/debian/patches/05-author-tests.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ -Description: Only build the Win32 executables if requested. -Author: Peter Pentchev -Forwarded: not yet -Last-Update: 2015-11-11 - ---- a/configure.ac -+++ b/configure.ac -@@ -8,7 +8,7 @@ - AC_CONFIG_SRCDIR([src/stunnel.c]) - AM_INIT_AUTOMAKE - --AM_CONDITIONAL([AUTHOR_TESTS], [test -d ".git"]) -+AM_CONDITIONAL([AUTHOR_TESTS], [test -n "$AUTHOR_TESTS"]) - AC_CANONICAL_HOST - AC_SUBST([host]) - AC_DEFINE_UNQUOTED([HOST], ["$host"], [Host description]) diff -Nru stunnel4-5.49/debian/patches/07-path-max.patch stunnel4-5.50/debian/patches/07-path-max.patch --- stunnel4-5.49/debian/patches/07-path-max.patch 2018-06-25 08:12:58.000000000 +0000 +++ stunnel4-5.50/debian/patches/07-path-max.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,71 +0,0 @@ -Description: Allocate the config filename dynamically. - Avoid the use of PATH_MAX which may not be defined. -Forwarded: not-yet -Author: Peter Pentchev -Last-Update: 2017-07-03 - ---- a/src/common.h -+++ b/src/common.h -@@ -102,7 +102,6 @@ - typedef int ssize_t; - #endif /* _WIN64 */ - #endif /* !__MINGW32__ */ --#define PATH_MAX MAX_PATH - #define USE_IPv6 - #define _CRT_SECURE_NO_DEPRECATE - #define _CRT_NONSTDC_NO_DEPRECATE ---- a/src/options.c -+++ b/src/options.c -@@ -244,7 +244,7 @@ - NOEXPORT void arg_free(char **arg); - #endif - --char configuration_file[PATH_MAX]; -+char *configuration_file; - - GLOBAL_OPTIONS global_options; - SERVICE_OPTIONS service_options; -@@ -322,17 +322,27 @@ - } - - #ifdef HAVE_REALPATH -+ char *nconf; - if(type==CONF_FILE) { -- if(!realpath(name, configuration_file)) { -+ nconf = realpath(name, NULL); -+ if(nconf == NULL) { - s_log(LOG_ERR, "Invalid configuration file name \"%s\"", name); - ioerror("realpath"); - return 1; - } -- return options_parse(type); -- } -+ free(configuration_file); -+ } else - #endif -- strncpy(configuration_file, name, PATH_MAX-1); -- configuration_file[PATH_MAX-1]='\0'; -+ { -+ size_t sz = strlen(name) + 1; -+ nconf = realloc(configuration_file, sz); -+ if(nconf == NULL) { -+ s_log(LOG_ERR, "Could not allocate memory"); -+ return 1; -+ } -+ snprintf(nconf, sz, "%s", name); -+ } -+ configuration_file = nconf; - return options_parse(type); - } - ---- a/src/prototypes.h -+++ b/src/prototypes.h -@@ -435,7 +435,7 @@ - - /**************************************** prototypes for options.c */ - --extern char configuration_file[PATH_MAX]; -+extern char *configuration_file; - extern unsigned number_of_sections; - - int options_cmdline(char *, char *); diff -Nru stunnel4-5.49/debian/patches/series stunnel4-5.50/debian/patches/series --- stunnel4-5.49/debian/patches/series 2018-09-10 08:47:37.000000000 +0000 +++ stunnel4-5.50/debian/patches/series 2018-12-06 14:41:27.000000000 +0000 @@ -2,5 +2,3 @@ 02-rename-binary.patch 03-runas-user.patch 04-restore-pidfile-default.patch -05-author-tests.patch -07-path-max.patch diff -Nru stunnel4-5.49/debian/tests/upstream stunnel4-5.50/debian/tests/upstream --- stunnel4-5.49/debian/tests/upstream 2018-11-19 01:42:27.000000000 +0000 +++ stunnel4-5.50/debian/tests/upstream 2018-05-23 10:34:48.000000000 +0000 @@ -2,7 +2,7 @@ set -e -ln -sf /usr/bin/stunnel4 src/stunnel +ln -s /usr/bin/stunnel4 src/stunnel cd tests if ! ./make_test; then diff -Nru stunnel4-5.49/doc/stunnel.8.in stunnel4-5.50/doc/stunnel.8.in --- stunnel4-5.49/doc/stunnel.8.in 2018-07-02 21:31:41.000000000 +0000 +++ stunnel4-5.50/doc/stunnel.8.in 2018-12-02 22:47:20.000000000 +0000 @@ -67,7 +67,7 @@ .\" ======================================================================== .\" .IX Title "stunnel 8" -.TH stunnel 8 "2018.07.02" "5.48" "stunnel TLS Proxy" +.TH stunnel 8 "2018.12.02" "5.50" "stunnel TLS Proxy" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -653,6 +653,9 @@ \& options = NO_SSLv2 \& options = NO_SSLv3 .Ve +.Sp +Use \fIsslVersionMax\fR or \fIsslVersionMin\fR option instead of disabling specific \s-1TLS\s0 protocol +versions when compiled with \fBOpenSSL 1.1.0\fR or later. .IP "\fBprotocol\fR = \s-1PROTO\s0" 4 .IX Item "protocol = PROTO" application protocol to negotiate \s-1TLS\s0 @@ -907,29 +910,64 @@ .IX Item "sslVersion = SSL_VERSION" select the \s-1TLS\s0 protocol version .Sp -Supported versions: all, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2 +Supported versions: all, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 .Sp -sslVersion is obsolete and it will be removed in future releases of stunnel. -Use the following options instead: +Availability of specific protocols depends on the linked OpenSSL library. +Older versions of OpenSSL do not support TLSv1.1, TLSv1.2 and TLSv1.3. +Newer versions of OpenSSL do not support SSLv2. .Sp -.Vb 6 -\& options = NO_SSLv2 -\& options = NO_SSLv3 -\& options = NO_TLSv1 -\& options = NO_TLSv1.1 -\& options = NO_TLSv1.2 -\& options = NO_TLSv1.3 +Obsolete SSLv2 and SSLv3 are currently disabled by default. +.Sp +Setting the option +.Sp +.Vb 1 +\& sslVersion = SSL_VERSION .Ve .Sp +is equivalent to options +.Sp +.Vb 2 +\& sslVersionMax = SSL_VERSION +\& sslVersionMin = SSL_VERSION +.Ve +.Sp +when compiled with \fBOpenSSL 1.1.0\fR and later. +.IP "\fBsslVersionMax\fR = \s-1SSL_VERSION\s0" 4 +.IX Item "sslVersionMax = SSL_VERSION" +maximum supported protocol versions +.Sp +Supported versions: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 +.Sp +\&\fIall\fR enable protocol versions up to the highest version supported by the +linked OpenSSL library. +.Sp Availability of specific protocols depends on the linked OpenSSL library. -Older versions of OpenSSL do not support TLSv1.1 and TLSv1.2. -Newer versions of OpenSSL do not support SSLv2. .Sp -Obsolete SSLv2 and SSLv3 are currently disabled by default. -See the \fBoptions\fR option documentation for details. +The \fIsslVersionMax\fR option is only available when compiled with \fBOpenSSL 1.1.0\fR and later. +.Sp +default: all +.IP "\fBsslVersionMin\fR = \s-1SSL_VERSION\s0" 4 +.IX Item "sslVersionMin = SSL_VERSION" +minimum supported protocol versions +.Sp +Supported versions: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 +.Sp +\&\fIall\fR enable protocol versions down to the lowest version supported by the +linked OpenSSL library. +.Sp +Availability of specific protocols depends on the linked OpenSSL library. +.Sp +The \fIsslVersionMin\fR option is only available when compiled with \fBOpenSSL 1.1.0\fR and later. +.Sp +default: TLSv1 .IP "\fBstack\fR = \s-1BYTES \s0(except for \s-1FORK\s0 model)" 4 .IX Item "stack = BYTES (except for FORK model)" -thread stack size +\&\s-1CPU\s0 stack size of created threads +.Sp +Excessive thread stack size increases virtual memory usage. +Insufficient thread stack size may cause application crashes. +.Sp +default: 65536 bytes (sufficient for all platforms we tested) .IP "\fBTIMEOUTbusy\fR = \s-1SECONDS\s0" 4 .IX Item "TIMEOUTbusy = SECONDS" time to wait for expected data @@ -1319,21 +1357,17 @@ generate them with the free \fBOpenSSL\fR package. You can find more information on certificates generation on pages listed below. .PP -The order of contents of the \fI.pem\fR file is important. It should contain the -unencrypted private key first, then a signed certificate (not certificate -request). There should also be empty lines after the certificate and the private key. -Any plaintext certificate information appended on the top of generated certificate -should be discarded. So the file should look like this: +The \fI.pem\fR file should contain the unencrypted private key and +a signed certificate (not certificate request). +So the file should look like this: .PP -.Vb 8 +.Vb 6 \& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- \& [encoded key] \& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- -\& [empty line] \& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- \& [encoded certificate] \& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- -\& [empty line] .Ve .SS "\s-1RANDOMNESS\s0" .IX Subsection "RANDOMNESS" diff -Nru stunnel4-5.49/doc/stunnel.html.in stunnel4-5.50/doc/stunnel.html.in --- stunnel4-5.49/doc/stunnel.html.in 2018-07-02 21:31:41.000000000 +0000 +++ stunnel4-5.50/doc/stunnel.html.in 2018-12-02 22:47:21.000000000 +0000 @@ -781,6 +781,8 @@ 
    options = NO_SSLv2
     options = NO_SSLv3
+

Use sslVersionMax or sslVersionMin option instead of disabling specific TLS protocol versions when compiled with OpenSSL 1.1.0 or later.

+
protocol = PROTO
@@ -1085,26 +1087,64 @@

select the TLS protocol version

-

Supported versions: all, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2

+

Supported versions: all, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3

-

sslVersion is obsolete and it will be removed in future releases of stunnel. Use the following options instead:

+

Availability of specific protocols depends on the linked OpenSSL library. Older versions of OpenSSL do not support TLSv1.1, TLSv1.2 and TLSv1.3. Newer versions of OpenSSL do not support SSLv2.

-
    options = NO_SSLv2
-    options = NO_SSLv3
-    options = NO_TLSv1
-    options = NO_TLSv1.1
-    options = NO_TLSv1.2
-    options = NO_TLSv1.3
+

Obsolete SSLv2 and SSLv3 are currently disabled by default.

+ +

Setting the option

+ +
    sslVersion = SSL_VERSION
-

Availability of specific protocols depends on the linked OpenSSL library. Older versions of OpenSSL do not support TLSv1.1 and TLSv1.2. Newer versions of OpenSSL do not support SSLv2.

+

is equivalent to options

-

Obsolete SSLv2 and SSLv3 are currently disabled by default. See the options option documentation for details.

+
    sslVersionMax = SSL_VERSION
+    sslVersionMin = SSL_VERSION
+ +

when compiled with OpenSSL 1.1.0 and later.

+ +
+
sslVersionMax = SSL_VERSION
+
+ +

maximum supported protocol versions

+ +

Supported versions: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3

+ +

all enable protocol versions up to the highest version supported by the linked OpenSSL library.

+ +

Availability of specific protocols depends on the linked OpenSSL library.

+ +

The sslVersionMax option is only available when compiled with OpenSSL 1.1.0 and later.

+ +

default: all

+ +
+
sslVersionMin = SSL_VERSION
+
+ +

minimum supported protocol versions

+ +

Supported versions: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3

+ +

all enable protocol versions down to the lowest version supported by the linked OpenSSL library.

+ +

Availability of specific protocols depends on the linked OpenSSL library.

+ +

The sslVersionMin option is only available when compiled with OpenSSL 1.1.0 and later.

+ +

default: TLSv1

stack = BYTES (except for FORK model)
-

thread stack size

+

CPU stack size of created threads

+ +

Excessive thread stack size increases virtual memory usage. Insufficient thread stack size may cause application crashes.

+ +

default: 65536 bytes (sufficient for all platforms we tested)

TIMEOUTbusy = SECONDS
@@ -1516,16 +1556,14 @@

Each TLS-enabled daemon needs to present a valid X.509 certificate to the peer. It also needs a private key to decrypt the incoming data. The easiest way to obtain a certificate and a key is to generate them with the free OpenSSL package. You can find more information on certificates generation on pages listed below.

-

The order of contents of the .pem file is important. It should contain the unencrypted private key first, then a signed certificate (not certificate request). There should also be empty lines after the certificate and the private key. Any plaintext certificate information appended on the top of generated certificate should be discarded. So the file should look like this:

+

The .pem file should contain the unencrypted private key and a signed certificate (not certificate request). So the file should look like this:

    -----BEGIN RSA PRIVATE KEY-----
     [encoded key]
     -----END RSA PRIVATE KEY-----
-    [empty line]
     -----BEGIN CERTIFICATE-----
     [encoded certificate]
-    -----END CERTIFICATE-----
-    [empty line]
+ -----END CERTIFICATE-----

RANDOMNESS

diff -Nru stunnel4-5.49/doc/stunnel.pl.8.in stunnel4-5.50/doc/stunnel.pl.8.in --- stunnel4-5.49/doc/stunnel.pl.8.in 2018-07-02 21:31:41.000000000 +0000 +++ stunnel4-5.50/doc/stunnel.pl.8.in 2018-12-02 22:47:20.000000000 +0000 @@ -67,7 +67,7 @@ .\" ======================================================================== .\" .IX Title "stunnel 8" -.TH stunnel 8 "2018.07.02" "5.48" "stunnel TLS Proxy" +.TH stunnel 8 "2018.12.02" "5.50" "stunnel TLS Proxy" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -530,7 +530,7 @@ .Sp Opóźnione rozwijanie adresu automatycznie aktywuje \fIfailover = prio\fR. .Sp -default: no +domyślnie: no .IP "\fBengineId\fR = NUMER_URZĄDZENIA" 4 .IX Item "engineId = NUMER_URZĄDZENIA" wybierz urządzenie dla usługi @@ -670,6 +670,9 @@ \& options = NO_SSLv2 \& options = NO_SSLv3 .Ve +.Sp +Począwszy od \fBOpenSSL 1.1.0\fR, zamiast wyłączać określone wersje protokołów \s-1TLS\s0 +użyj opcji \fIsslVersionMax\fR lub \fIsslVersionMin\fR. .IP "\fBprotocol\fR = PROTOKÓŁ" 4 .IX Item "protocol = PROTOKÓŁ" negocjuj \s-1TLS\s0 podanym protokołem aplikacyjnym @@ -924,29 +927,62 @@ .IX Item "sslVersion = WERSJA_SSL" wersja protokołu \s-1TLS\s0 .Sp -Wspierane wersje: all, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2 +Wspierane wersje: all, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 .Sp -Ocja \fIsslVersion\fR jest przestarzała i zostanie usunięta w przyszłych wersjach stunnela. -Zamiast niej należy używać następujących opcji: +Dostępność konkretnych protokołów zależy od użytej wersji OpenSSL. +Starsze wersje OpenSSL nie wspierają TLSv1.1, TLSv1.2, TLSv1.3. +Nowsze wersje OpenSSL nie wspierają SSLv2. .Sp -.Vb 6 -\& options = NO_SSLv2 -\& options = NO_SSLv3 -\& options = NO_TLSv1 -\& options = NO_TLSv1.1 -\& options = NO_TLSv1.2 -\& options = NO_TLSv1.3 +Przestarzałe protokoły SSLv2 i SSLv3 są domyślnie wyłączone. +.Sp +Począwszy od \fBOpenSSL 1.1.0\fR, ustawienie +.Sp +.Vb 1 +\& sslVersion = WERSJA_SSL +.Ve +.Sp +jest równoważne opcjom +.Sp +.Vb 2 +\& sslVersionMax = WERSJA_SSL +\& sslVersionMin = WERSJA_SSL .Ve +.IP "\fBsslVersionMax\fR = \s-1WERSJA_SSL\s0" 4 +.IX Item "sslVersionMax = WERSJA_SSL" +maksymalna wspierana wersja protokołu \s-1TLS\s0 +.Sp +Wspierane wersje: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 +.Sp +\&\fIall\fR włącza wszystkie wersje protokołów aż do maksymalnej wersji wspieranej +przez bibliotekę użytej wersji OpenSSL. .Sp Dostępność konkretnych protokołów zależy od użytej wersji OpenSSL. -Starsze wersje OpenSSL nie wspierają TLSv1.1 i TLSv1.2. -Nowsze wersje OpenSSL nie wspierają SSLv2. .Sp -Przestarzałe protokoły SSLv2 i SSLv3 są domyślnie wyłączone. -Szczegółowe informacje dostępne są w opisie opcji \fBoptions\fR. +Opcja \fIsslVersionMax\fR jest dostępna począwszy od \fBOpenSSL 1.1.0\fR. +.Sp +domyślnie: all +.IP "\fBsslVersionMin\fR = \s-1WERSJA_SSL\s0" 4 +.IX Item "sslVersionMin = WERSJA_SSL" +minimalna wspierana wersja protokołu \s-1TLS\s0 +.Sp +Wspierane wersje: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 +.Sp +\&\fIall\fR włącza wszystkie wersje protokołów aż do minimalnej wersji wspieranej +przez bibliotekę użytej wersji OpenSSL. +.Sp +Dostępność konkretnych protokołów zależy od użytej wersji OpenSSL. +.Sp +Opcja \fIsslVersionMin\fR jest dostępna począwszy od \fBOpenSSL 1.1.0\fR. +.Sp +domyślnie: TLSv1 .IP "\fBstack\fR = LICZBA_BAJTÓW (z wyjątkiem modelu \s-1FORK\s0)" 4 .IX Item "stack = LICZBA_BAJTÓW (z wyjątkiem modelu FORK)" -rozmiar stosu procesora wątku +rozmiar stosu procesora tworzonych wątków +.Sp +Zbyt duży stos zwiększa zużycie pamięci wirtualnej. +Zbyt mały stos może powodować problemy ze stabilnością aplikacji. +.Sp +domyślnie: 65536 bytes (wystarczający dla testowanych platform) .IP "\fBTIMEOUTbusy\fR = \s-1LICZBA_SEKUND\s0" 4 .IX Item "TIMEOUTbusy = LICZBA_SEKUND" czas oczekiwania na spodziewane dane @@ -1342,23 +1378,17 @@ wolnego pakietu \fBOpenSSL\fR. Więcej informacji na temat generowania certyfikatów można znaleźć na umieszczonych poniżej stronach. .PP -Istotną kwestią jest kolejność zawartości pliku \fI.pem\fR. -W pierwszej kolejności powinien on zawierać klucz prywatny, -a dopiero za nim podpisany certyfikat (nie żądanie certyfikatu). -Po certyfikacie i kluczu prywatnym powinny znajdować się puste linie. -Jeżeli przed certyfikatem znajdują się dodatkowe informacje tekstowe, -to powinny one zostać usunięte. Otrzymany plik powinien mieć -następującą postać: +Plik \fI.pem\fR powinien zawierać klucz prywatny oraz podpisany certyfikat +(nie żądanie certyfikatu). +Otrzymany plik powinien mieć następującą postać: .PP -.Vb 8 +.Vb 6 \& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- \& [zakodowany klucz] \& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- -\& [pusta linia] \& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- \& [zakodowany certyfikat] \& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- -\& [pusta linia] .Ve .SS "LOSOWOŚĆ" .IX Subsection "LOSOWOŚĆ" diff -Nru stunnel4-5.49/doc/stunnel.pl.html.in stunnel4-5.50/doc/stunnel.pl.html.in --- stunnel4-5.49/doc/stunnel.pl.html.in 2018-07-02 21:31:41.000000000 +0000 +++ stunnel4-5.50/doc/stunnel.pl.html.in 2018-12-02 22:47:21.000000000 +0000 @@ -616,7 +616,7 @@

Opóźnione rozwijanie adresu automatycznie aktywuje failover = prio.

-

default: no

+

domyślnie: no

engineId = NUMER_URZĄDZENIA
@@ -779,6 +779,8 @@ 
    options = NO_SSLv2
     options = NO_SSLv3
+

Począwszy od OpenSSL 1.1.0, zamiast wyłączać określone wersje protokołów TLS użyj opcji sslVersionMax lub sslVersionMin.

+
protocol = PROTOKÓŁ
@@ -1087,26 +1089,62 @@

wersja protokołu TLS

-

Wspierane wersje: all, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2

+

Wspierane wersje: all, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3

-

Ocja sslVersion jest przestarzała i zostanie usunięta w przyszłych wersjach stunnela. Zamiast niej należy używać następujących opcji:

+

Dostępność konkretnych protokołów zależy od użytej wersji OpenSSL. Starsze wersje OpenSSL nie wspierają TLSv1.1, TLSv1.2, TLSv1.3. Nowsze wersje OpenSSL nie wspierają SSLv2.

-
    options = NO_SSLv2
-    options = NO_SSLv3
-    options = NO_TLSv1
-    options = NO_TLSv1.1
-    options = NO_TLSv1.2
-    options = NO_TLSv1.3
+

Przestarzałe protokoły SSLv2 i SSLv3 są domyślnie wyłączone.

+ +

Począwszy od OpenSSL 1.1.0, ustawienie

-

Dostępność konkretnych protokołów zależy od użytej wersji OpenSSL. Starsze wersje OpenSSL nie wspierają TLSv1.1 i TLSv1.2. Nowsze wersje OpenSSL nie wspierają SSLv2.

+
    sslVersion = WERSJA_SSL
-

Przestarzałe protokoły SSLv2 i SSLv3 są domyślnie wyłączone. Szczegółowe informacje dostępne są w opisie opcji options.

+

jest równoważne opcjom

+ +
    sslVersionMax = WERSJA_SSL
+    sslVersionMin = WERSJA_SSL
+ +
+
sslVersionMax = WERSJA_SSL
+
+ +

maksymalna wspierana wersja protokołu TLS

+ +

Wspierane wersje: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3

+ +

all włącza wszystkie wersje protokołów aż do maksymalnej wersji wspieranej przez bibliotekę użytej wersji OpenSSL.

+ +

Dostępność konkretnych protokołów zależy od użytej wersji OpenSSL.

+ +

Opcja sslVersionMax jest dostępna począwszy od OpenSSL 1.1.0.

+ +

domyślnie: all

+ +
+
sslVersionMin = WERSJA_SSL
+
+ +

minimalna wspierana wersja protokołu TLS

+ +

Wspierane wersje: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3

+ +

all włącza wszystkie wersje protokołów aż do minimalnej wersji wspieranej przez bibliotekę użytej wersji OpenSSL.

+ +

Dostępność konkretnych protokołów zależy od użytej wersji OpenSSL.

+ +

Opcja sslVersionMin jest dostępna począwszy od OpenSSL 1.1.0.

+ +

domyślnie: TLSv1

stack = LICZBA_BAJTÓW (z wyjątkiem modelu FORK)
-

rozmiar stosu procesora wątku

+

rozmiar stosu procesora tworzonych wątków

+ +

Zbyt duży stos zwiększa zużycie pamięci wirtualnej. Zbyt mały stos może powodować problemy ze stabilnością aplikacji.

+ +

domyślnie: 65536 bytes (wystarczający dla testowanych platform)

TIMEOUTbusy = LICZBA_SEKUND
@@ -1517,16 +1555,14 @@

Protokół TLS wymaga, aby każdy serwer przedstawiał się nawiązującemu połączenie klientowi prawidłowym certyfikatem X.509. Potwierdzenie tożsamości serwera polega na wykazaniu, że posiada on odpowiadający certyfikatowi klucz prywatny. Najprostszą metodą uzyskania certyfikatu jest wygenerowanie go przy pomocy wolnego pakietu OpenSSL. Więcej informacji na temat generowania certyfikatów można znaleźć na umieszczonych poniżej stronach.

-

Istotną kwestią jest kolejność zawartości pliku .pem. W pierwszej kolejności powinien on zawierać klucz prywatny, a dopiero za nim podpisany certyfikat (nie żądanie certyfikatu). Po certyfikacie i kluczu prywatnym powinny znajdować się puste linie. Jeżeli przed certyfikatem znajdują się dodatkowe informacje tekstowe, to powinny one zostać usunięte. Otrzymany plik powinien mieć następującą postać:

+

Plik .pem powinien zawierać klucz prywatny oraz podpisany certyfikat (nie żądanie certyfikatu). Otrzymany plik powinien mieć następującą postać:

    -----BEGIN RSA PRIVATE KEY-----
     [zakodowany klucz]
     -----END RSA PRIVATE KEY-----
-    [pusta linia]
     -----BEGIN CERTIFICATE-----
     [zakodowany certyfikat]
-    -----END CERTIFICATE-----
-    [pusta linia]
+ -----END CERTIFICATE-----

LOSOWOŚĆ

diff -Nru stunnel4-5.49/doc/stunnel.pl.pod.in stunnel4-5.50/doc/stunnel.pl.pod.in --- stunnel4-5.49/doc/stunnel.pl.pod.in 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/doc/stunnel.pl.pod.in 2018-12-02 22:47:18.000000000 +0000 @@ -562,7 +562,7 @@ Opóźnione rozwijanie adresu automatycznie aktywuje I. -default: no +domyślnie: no =item B = NUMER_URZĄDZENIA @@ -709,6 +709,9 @@ options = NO_SSLv2 options = NO_SSLv3 +Począwszy od B, zamiast wyłączać określone wersje protokołów TLS +użyj opcji I lub I. + =item B = PROTOKÓŁ negocjuj TLS podanym protokołem aplikacyjnym @@ -990,28 +993,61 @@ wersja protokołu TLS -Wspierane wersje: all, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2 - -Ocja I jest przestarzała i zostanie usunięta w przyszłych wersjach stunnela. -Zamiast niej należy używać następujących opcji: - - options = NO_SSLv2 - options = NO_SSLv3 - options = NO_TLSv1 - options = NO_TLSv1.1 - options = NO_TLSv1.2 - options = NO_TLSv1.3 +Wspierane wersje: all, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 Dostępność konkretnych protokołów zależy od użytej wersji OpenSSL. -Starsze wersje OpenSSL nie wspierają TLSv1.1 i TLSv1.2. +Starsze wersje OpenSSL nie wspierają TLSv1.1, TLSv1.2, TLSv1.3. Nowsze wersje OpenSSL nie wspierają SSLv2. Przestarzałe protokoły SSLv2 i SSLv3 są domyślnie wyłączone. -Szczegółowe informacje dostępne są w opisie opcji B. + +Począwszy od B, ustawienie + + sslVersion = WERSJA_SSL + +jest równoważne opcjom + + sslVersionMax = WERSJA_SSL + sslVersionMin = WERSJA_SSL + +=item B = WERSJA_SSL + +maksymalna wspierana wersja protokołu TLS + +Wspierane wersje: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 + +I włącza wszystkie wersje protokołów aż do maksymalnej wersji wspieranej +przez bibliotekę użytej wersji OpenSSL. + +Dostępność konkretnych protokołów zależy od użytej wersji OpenSSL. + +Opcja I jest dostępna począwszy od B. + +domyślnie: all + +=item B = WERSJA_SSL + +minimalna wspierana wersja protokołu TLS + +Wspierane wersje: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 + +I włącza wszystkie wersje protokołów aż do minimalnej wersji wspieranej +przez bibliotekę użytej wersji OpenSSL. + +Dostępność konkretnych protokołów zależy od użytej wersji OpenSSL. + +Opcja I jest dostępna począwszy od B. + +domyślnie: TLSv1 =item B = LICZBA_BAJTÓW (z wyjątkiem modelu FORK) -rozmiar stosu procesora wątku +rozmiar stosu procesora tworzonych wątków + +Zbyt duży stos zwiększa zużycie pamięci wirtualnej. +Zbyt mały stos może powodować problemy ze stabilnością aplikacji. + +domyślnie: 65536 bytes (wystarczający dla testowanych platform) =item B = LICZBA_SEKUND @@ -1427,22 +1463,16 @@ wolnego pakietu B. Więcej informacji na temat generowania certyfikatów można znaleźć na umieszczonych poniżej stronach. -Istotną kwestią jest kolejność zawartości pliku I<.pem>. -W pierwszej kolejności powinien on zawierać klucz prywatny, -a dopiero za nim podpisany certyfikat (nie żądanie certyfikatu). -Po certyfikacie i kluczu prywatnym powinny znajdować się puste linie. -Jeżeli przed certyfikatem znajdują się dodatkowe informacje tekstowe, -to powinny one zostać usunięte. Otrzymany plik powinien mieć -następującą postać: +Plik I<.pem> powinien zawierać klucz prywatny oraz podpisany certyfikat +(nie żądanie certyfikatu). +Otrzymany plik powinien mieć następującą postać: -----BEGIN RSA PRIVATE KEY----- [zakodowany klucz] -----END RSA PRIVATE KEY----- - [pusta linia] -----BEGIN CERTIFICATE----- [zakodowany certyfikat] -----END CERTIFICATE----- - [pusta linia] =head2 LOSOWOŚĆ diff -Nru stunnel4-5.49/doc/stunnel.pod.in stunnel4-5.50/doc/stunnel.pod.in --- stunnel4-5.49/doc/stunnel.pod.in 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/doc/stunnel.pod.in 2018-12-02 22:47:18.000000000 +0000 @@ -694,6 +694,9 @@ options = NO_SSLv2 options = NO_SSLv3 +Use I or I option instead of disabling specific TLS protocol +versions when compiled with B or later. + =item B = PROTO application protocol to negotiate TLS @@ -975,28 +978,63 @@ select the TLS protocol version -Supported versions: all, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2 - -sslVersion is obsolete and it will be removed in future releases of stunnel. -Use the following options instead: - - options = NO_SSLv2 - options = NO_SSLv3 - options = NO_TLSv1 - options = NO_TLSv1.1 - options = NO_TLSv1.2 - options = NO_TLSv1.3 +Supported versions: all, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 Availability of specific protocols depends on the linked OpenSSL library. -Older versions of OpenSSL do not support TLSv1.1 and TLSv1.2. +Older versions of OpenSSL do not support TLSv1.1, TLSv1.2 and TLSv1.3. Newer versions of OpenSSL do not support SSLv2. Obsolete SSLv2 and SSLv3 are currently disabled by default. -See the B option documentation for details. + +Setting the option + + sslVersion = SSL_VERSION + +is equivalent to options + + sslVersionMax = SSL_VERSION + sslVersionMin = SSL_VERSION + +when compiled with B and later. + +=item B = SSL_VERSION + +maximum supported protocol versions + +Supported versions: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 + +I enable protocol versions up to the highest version supported by the +linked OpenSSL library. + +Availability of specific protocols depends on the linked OpenSSL library. + +The I option is only available when compiled with B and later. + +default: all + +=item B = SSL_VERSION + +minimum supported protocol versions + +Supported versions: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 + +I enable protocol versions down to the lowest version supported by the +linked OpenSSL library. + +Availability of specific protocols depends on the linked OpenSSL library. + +The I option is only available when compiled with B and later. + +default: TLSv1 =item B = BYTES (except for FORK model) -thread stack size +CPU stack size of created threads + +Excessive thread stack size increases virtual memory usage. +Insufficient thread stack size may cause application crashes. + +default: 65536 bytes (sufficient for all platforms we tested) =item B = SECONDS @@ -1408,20 +1446,16 @@ generate them with the free B package. You can find more information on certificates generation on pages listed below. -The order of contents of the I<.pem> file is important. It should contain the -unencrypted private key first, then a signed certificate (not certificate -request). There should also be empty lines after the certificate and the private key. -Any plaintext certificate information appended on the top of generated certificate -should be discarded. So the file should look like this: +The I<.pem> file should contain the unencrypted private key and +a signed certificate (not certificate request). +So the file should look like this: -----BEGIN RSA PRIVATE KEY----- [encoded key] -----END RSA PRIVATE KEY----- - [empty line] -----BEGIN CERTIFICATE----- [encoded certificate] -----END CERTIFICATE----- - [empty line] =head2 RANDOMNESS diff -Nru stunnel4-5.49/Makefile.am stunnel4-5.50/Makefile.am --- stunnel4-5.49/Makefile.am 2018-06-08 17:30:06.000000000 +0000 +++ stunnel4-5.50/Makefile.am 2018-12-02 22:55:32.000000000 +0000 @@ -22,25 +22,35 @@ distclean-local: rm -rf autom4te.cache -# rm -f $(distdir)-win32-installer.exe + rm -f $(distdir)-win64-installer.exe -#dist-hook: -# makensis -NOCD -DVERSION=${VERSION} \ -# -DSTUNNEL_DIR=$(srcdir) \ -# -DROOT_DIR=/usr/src \ -# $(srcdir)/tools/stunnel.nsi - -sign: dist - cp -f $(distdir).tar.gz $(distdir)-win32-installer.exe $(distdir)-android.zip ../dist - gpg-agent --daemon /bin/sh -c "cd ../dist; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir).tar.gz; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir)-win32-installer.exe; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir)-android.zip" +dist-hook: + $(MAKE) -C src mingw64 + $(MAKE) -C doc stunnel.html + makensis -NOCD -DARCH=win64 -DVERSION=${VERSION} \ + -DSTUNNEL_DIR=$(srcdir) \ + -DDEST_DIR=. \ + -DOPENSSL_DIR=/opt/openssl-mingw64 \ + $(srcdir)/tools/stunnel.nsi + -$(srcdir)/sign/sign.sh $(distdir)-win64-installer.exe + +sign: + cp -f $(distdir).tar.gz $(distdir)-win64-installer.exe $(distdir)-android.zip ../dist + gpg-agent --daemon /bin/sh -c "cd ../dist; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir).tar.gz; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir)-win64-installer.exe; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir)-android.zip" sha256sum $(distdir).tar.gz >../dist/$(distdir).tar.gz.sha256 - sha256sum $(distdir)-win32-installer.exe >../dist/$(distdir)-win32-installer.exe.sha256 + sha256sum $(distdir)-win64-installer.exe >../dist/$(distdir)-win64-installer.exe.sha256 sha256sum $(distdir)-android.zip >../dist/$(distdir)-android.zip.sha256 cat ../dist/$(distdir)*.sha256 | tac cert: $(MAKE) -C tools cert +mingw: + $(MAKE) -C src mingw + +mingw64: + $(MAKE) -C src mingw64 + test: check install-data-hook: diff -Nru stunnel4-5.49/Makefile.in stunnel4-5.50/Makefile.in --- stunnel4-5.49/Makefile.in 2018-08-31 14:51:16.000000000 +0000 +++ stunnel4-5.50/Makefile.in 2018-12-02 22:55:36.000000000 +0000 @@ -600,6 +600,9 @@ || exit 1; \ fi; \ done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook -test -n "$(am__skip_mode_fix)" \ || find "$(distdir)" -type d ! -perm -755 \ -exec chmod u+rwx,go+rx {} \; -o \ @@ -846,19 +849,20 @@ .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ am--refresh check check-am clean clean-cscope clean-generic \ clean-libtool cscope cscopelist-am ctags ctags-am dist \ - dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \ - dist-xz dist-zip distcheck distclean distclean-generic \ - distclean-libtool distclean-local distclean-tags \ - distcleancheck distdir distuninstallcheck dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-data-hook install-docDATA install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - installdirs-am maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ - ps ps-am tags tags-am uninstall uninstall-am uninstall-docDATA + dist-all dist-bzip2 dist-gzip dist-hook dist-lzip dist-shar \ + dist-tarZ dist-xz dist-zip distcheck distclean \ + distclean-generic distclean-libtool distclean-local \ + distclean-tags distcleancheck distdir distuninstallcheck dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-data-hook install-docDATA \ + install-dvi install-dvi-am install-exec install-exec-am \ + install-html install-html-am install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-docDATA .PRECIOUS: Makefile @@ -867,25 +871,35 @@ distclean-local: rm -rf autom4te.cache -# rm -f $(distdir)-win32-installer.exe + rm -f $(distdir)-win64-installer.exe -#dist-hook: -# makensis -NOCD -DVERSION=${VERSION} \ -# -DSTUNNEL_DIR=$(srcdir) \ -# -DROOT_DIR=/usr/src \ -# $(srcdir)/tools/stunnel.nsi - -sign: dist - cp -f $(distdir).tar.gz $(distdir)-win32-installer.exe $(distdir)-android.zip ../dist - gpg-agent --daemon /bin/sh -c "cd ../dist; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir).tar.gz; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir)-win32-installer.exe; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir)-android.zip" +dist-hook: + $(MAKE) -C src mingw64 + $(MAKE) -C doc stunnel.html + makensis -NOCD -DARCH=win64 -DVERSION=${VERSION} \ + -DSTUNNEL_DIR=$(srcdir) \ + -DDEST_DIR=. \ + -DOPENSSL_DIR=/opt/openssl-mingw64 \ + $(srcdir)/tools/stunnel.nsi + -$(srcdir)/sign/sign.sh $(distdir)-win64-installer.exe + +sign: + cp -f $(distdir).tar.gz $(distdir)-win64-installer.exe $(distdir)-android.zip ../dist + gpg-agent --daemon /bin/sh -c "cd ../dist; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir).tar.gz; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir)-win64-installer.exe; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir)-android.zip" sha256sum $(distdir).tar.gz >../dist/$(distdir).tar.gz.sha256 - sha256sum $(distdir)-win32-installer.exe >../dist/$(distdir)-win32-installer.exe.sha256 + sha256sum $(distdir)-win64-installer.exe >../dist/$(distdir)-win64-installer.exe.sha256 sha256sum $(distdir)-android.zip >../dist/$(distdir)-android.zip.sha256 cat ../dist/$(distdir)*.sha256 | tac cert: $(MAKE) -C tools cert +mingw: + $(MAKE) -C src mingw + +mingw64: + $(MAKE) -C src mingw64 + test: check install-data-hook: diff -Nru stunnel4-5.49/src/client.c stunnel4-5.50/src/client.c --- stunnel4-5.49/src/client.c 2018-08-26 17:36:09.000000000 +0000 +++ stunnel4-5.50/src/client.c 2018-11-05 07:19:29.000000000 +0000 @@ -96,12 +96,15 @@ #endif client_thread(void *arg) { CLI *c=arg; +#ifdef DEBUG_STACK_SIZE + size_t stack_size=c->opt->stack_size; +#endif /* initialize */ c->tls=NULL; /* do not reuse */ tls_alloc(c, NULL, NULL); #ifdef DEBUG_STACK_SIZE - stack_info(1); /* initialize */ + stack_info(stack_size, 1); /* initialize */ #endif /* execute */ @@ -109,7 +112,7 @@ /* cleanup */ #ifdef DEBUG_STACK_SIZE - stack_info(0); /* display computed value */ + stack_info(stack_size, 0); /* display computed value */ #endif str_stats(); /* client thread allocation tracking */ tls_cleanup(); @@ -129,6 +132,12 @@ #endif } +#ifdef DEBUG_STACK_SIZE +void ignore_value(void *ptr) { + (void)ptr; /* squash the unused parameter warning */ +} +#endif + void client_main(CLI *c) { s_log(LOG_DEBUG, "Service [%s] started", c->opt->servname); if(c->opt->exec_name && c->opt->connect_addr.names) { @@ -594,7 +603,7 @@ s_log(LOG_INFO, "TLS %s: %s", c->opt->option.client ? "connected" : "accepted", - SSL_session_reused(c->ssl) ? + SSL_session_reused(c->ssl) && !c->flag.psk ? "previous session reused" : "new session negotiated"); cipher=(SSL_CIPHER *)SSL_get_current_cipher(c->ssl); @@ -1287,7 +1296,7 @@ /* dup2() does not copy FD_CLOEXEC flag */ dup2(fd[1], 0); dup2(fd[1], 1); - if(!global_options.option.log_stderr) + if(!c->opt->option.log_stderr) dup2(fd[1], 2); closesocket(fd[1]); /* not really needed due to FD_CLOEXEC */ #ifdef HAVE_PTHREAD_SIGMASK diff -Nru stunnel4-5.49/src/common.h stunnel4-5.50/src/common.h --- stunnel4-5.49/src/common.h 2018-06-08 17:30:15.000000000 +0000 +++ stunnel4-5.50/src/common.h 2018-11-06 17:42:50.000000000 +0000 @@ -102,7 +102,6 @@ typedef int ssize_t; #endif /* _WIN64 */ #endif /* !__MINGW32__ */ -#define PATH_MAX MAX_PATH #define USE_IPv6 #define _CRT_SECURE_NO_DEPRECATE #define _CRT_NONSTDC_NO_DEPRECATE diff -Nru stunnel4-5.49/src/cron.c stunnel4-5.50/src/cron.c --- stunnel4-5.49/src/cron.c 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/src/cron.c 2018-11-05 07:19:29.000000000 +0000 @@ -165,7 +165,7 @@ SERVICE_OPTIONS *opt; DH *dh; - if(!dh_needed) + if(!dh_temp_params || !service_options.next) return; s_log(LOG_NOTICE, "Updating DH parameters"); @@ -196,9 +196,11 @@ CRYPTO_THREAD_unlock(stunnel_locks[LOCK_DH]); /* set for all sections that require it */ + CRYPTO_THREAD_read_lock(stunnel_locks[LOCK_SECTIONS]); for(opt=service_options.next; opt; opt=opt->next) - if(opt->option.dh_needed) + if(opt->option.dh_temp_params) SSL_CTX_set_tmp_dh(opt->ctx, dh); + CRYPTO_THREAD_unlock(stunnel_locks[LOCK_SECTIONS]); s_log(LOG_NOTICE, "DH parameters updated"); } #endif /* OPENSSL_NO_DH */ diff -Nru stunnel4-5.49/src/ctx.c stunnel4-5.50/src/ctx.c --- stunnel4-5.49/src/ctx.c 2018-08-09 05:43:52.000000000 +0000 +++ stunnel4-5.50/src/ctx.c 2018-11-05 07:19:29.000000000 +0000 @@ -46,7 +46,7 @@ #ifndef OPENSSL_NO_DH DH *dh_params=NULL; -int dh_needed=0; +int dh_temp_params=0; #endif /* OPENSSL_NO_DH */ /**************************************** prototypes */ @@ -126,10 +126,29 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ /* create TLS context */ +#if OPENSSL_VERSION_NUMBER>=0x10100000L + if(section->option.client) + section->ctx=SSL_CTX_new(TLS_client_method()); + else /* server mode */ + section->ctx=SSL_CTX_new(TLS_server_method()); + if(!SSL_CTX_set_min_proto_version(section->ctx, + section->min_proto_version)) { + s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X", + section->min_proto_version); + return 1; /* FAILED */ + } + if(!SSL_CTX_set_max_proto_version(section->ctx, + section->max_proto_version)) { + s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X", + section->max_proto_version); + return 1; /* FAILED */ + } +#else /* OPENSSL_VERSION_NUMBER<0x10100000L */ if(section->option.client) section->ctx=SSL_CTX_new(section->client_method); else /* server mode */ section->ctx=SSL_CTX_new(section->server_method); +#endif /* OPENSSL_VERSION_NUMBER<0x10100000L */ if(!section->ctx) { sslerror("SSL_CTX_new"); return 1; /* FAILED */ @@ -323,8 +342,9 @@ char description[128]; STACK_OF(SSL_CIPHER) *ciphers; + section->option.dh_temp_params=0; /* disable by default */ + /* check if DH is actually enabled for this section */ - section->option.dh_needed=0; ciphers=SSL_CTX_get_ciphers(section->ctx); if(!ciphers) return 1; /* ERROR (unlikely) */ @@ -335,12 +355,15 @@ description, sizeof description); /* s_log(LOG_INFO, "Ciphersuite: %s", description); */ if(strstr(description, " Kx=DH")) { - section->option.dh_needed=1; /* update this context */ + s_log(LOG_INFO, "DH initialization needed for %s", + SSL_CIPHER_get_name(sk_SSL_CIPHER_value(ciphers, i))); break; } } - if(!section->option.dh_needed) /* no DH ciphers found */ + if(i==n) { /* no DH ciphers found */ + s_log(LOG_INFO, "DH initialization not needed"); return 0; /* OK */ + } s_log(LOG_DEBUG, "DH initialization"); #ifndef OPENSSL_NO_ENGINE @@ -356,8 +379,8 @@ CRYPTO_THREAD_read_lock(stunnel_locks[LOCK_DH]); SSL_CTX_set_tmp_dh(section->ctx, dh_params); CRYPTO_THREAD_unlock(stunnel_locks[LOCK_DH]); - dh_needed=1; /* generate temporary DH parameters in cron */ - section->option.dh_needed=1; /* update this context */ + dh_temp_params=1; /* generate temporary DH parameters in cron */ + section->option.dh_temp_params=1; /* update this section in cron */ s_log(LOG_INFO, "Using dynamic DH parameters"); return 0; /* OK */ } @@ -577,33 +600,21 @@ unsigned char *psk, unsigned max_psk_len) { CLI *c; PSK_KEYS *found; - size_t len; c=SSL_get_ex_data(ssl, index_ssl_cli); found=psk_find(&c->opt->psk_sorted, identity); - if(found) { - len=found->key_len; - } else { - s_log(LOG_ERR, "No key found for PSK identity \"%s\"", identity); - len=0; - } - if(len>max_psk_len) { - s_log(LOG_ERR, "PSK too long (%lu>%d bytes)", - (long unsigned)len, max_psk_len); - len=0; + if(!found) { + s_log(LOG_INFO, "PSK identity not found (session resumption?)"); + return 0; } - if(len) { - memcpy(psk, found->key_val, len); - s_log(LOG_NOTICE, "Key configured for PSK identity \"%s\"", identity); - } else { /* block identity probes if possible */ - if(max_psk_len>=32 && RAND_bytes(psk, 32)>0) { - len=32; /* 256 random bits */ - s_log(LOG_ERR, "Configured random PSK"); - } else { - s_log(LOG_ERR, "Rejecting with unknown_psk_identity alert"); - } + if(found->key_len>max_psk_len) { + s_log(LOG_ERR, "PSK too long (%u>%u)", found->key_len, max_psk_len); + return 0; } - return (unsigned)len; + memcpy(psk, found->key_val, found->key_len); + s_log(LOG_NOTICE, "Key configured for PSK identity \"%s\"", identity); + c->flag.psk=1; + return found->key_len; } NOEXPORT int psk_compar(const void *a, const void *b) { diff -Nru stunnel4-5.49/src/dhparam.c stunnel4-5.50/src/dhparam.c --- stunnel4-5.49/src/dhparam.c 2018-08-09 05:43:52.000000000 +0000 +++ stunnel4-5.50/src/dhparam.c 2018-10-09 14:37:38.000000000 +0000 @@ -8,32 +8,32 @@ DH *get_dh2048() { static unsigned char dhp_2048[] = { - 0xAB, 0xF7, 0x30, 0x6D, 0xD2, 0x87, 0x0A, 0x6D, 0x5F, 0x2D, - 0x95, 0xED, 0xC5, 0x32, 0x8C, 0x0D, 0x59, 0x14, 0x18, 0x14, - 0xFD, 0x49, 0xCD, 0x1A, 0x83, 0x2D, 0xBA, 0xF3, 0xD3, 0xBE, - 0x7B, 0x7B, 0x22, 0xE8, 0xD1, 0x73, 0x8D, 0x39, 0x74, 0x5E, - 0x74, 0x94, 0xD3, 0x4D, 0xA6, 0x69, 0x70, 0xB4, 0x6E, 0xAA, - 0xD7, 0x58, 0x8B, 0xEF, 0x79, 0xCC, 0x8B, 0xB0, 0x35, 0xCB, - 0x49, 0xDB, 0x31, 0xE4, 0x8E, 0x12, 0x65, 0x0C, 0x42, 0x28, - 0x29, 0x41, 0xAB, 0x2E, 0xE7, 0x36, 0x24, 0x32, 0x2F, 0xFA, - 0x44, 0x6A, 0x2A, 0x93, 0x73, 0x66, 0xE9, 0x65, 0x98, 0x9C, - 0xE7, 0xB6, 0x52, 0xD9, 0xEA, 0x96, 0xF9, 0x66, 0x46, 0x5A, - 0x88, 0x5A, 0x3F, 0x8C, 0xEE, 0xBB, 0x71, 0xCC, 0x6E, 0xCC, - 0x6A, 0x21, 0xDF, 0xDA, 0x5E, 0xB1, 0x5D, 0x1E, 0x3B, 0x40, - 0x68, 0xD8, 0xEF, 0x38, 0xFC, 0x42, 0x19, 0x46, 0x8E, 0x13, - 0x9B, 0x3F, 0x2D, 0x49, 0x13, 0xC6, 0xA7, 0x2D, 0x97, 0x4A, - 0x05, 0x58, 0xCF, 0xC7, 0xEB, 0xC6, 0x29, 0x50, 0x99, 0xF4, - 0x6D, 0x61, 0x0D, 0x4D, 0x43, 0xC6, 0xEA, 0x86, 0x4B, 0xB4, - 0x16, 0x10, 0x13, 0xAD, 0xBC, 0x48, 0x3B, 0x8F, 0x10, 0x25, - 0xFA, 0x53, 0xA5, 0x3C, 0xDE, 0x85, 0xDB, 0x9B, 0x79, 0xDC, - 0x32, 0xA6, 0xFD, 0x19, 0x2E, 0x7C, 0xAE, 0x32, 0x9D, 0x72, - 0xAD, 0x03, 0x14, 0x9C, 0x04, 0x61, 0x83, 0x20, 0x9C, 0x07, - 0x5A, 0x0E, 0x91, 0xC7, 0xED, 0xDB, 0x60, 0xE2, 0xC9, 0x0B, - 0x21, 0xD9, 0xDF, 0xA7, 0x14, 0x4A, 0x5E, 0x6B, 0xD6, 0xE6, - 0xEB, 0x5A, 0x14, 0xE6, 0xD4, 0x13, 0x8E, 0x9D, 0x26, 0x88, - 0x1F, 0x3B, 0x65, 0x01, 0x0F, 0x66, 0xC6, 0x45, 0xE2, 0xBD, - 0x51, 0x41, 0x43, 0x92, 0xE2, 0x38, 0x5C, 0x56, 0x6B, 0x79, - 0x92, 0xD9, 0xA0, 0x09, 0x0D, 0x3B + 0x96, 0xB4, 0xED, 0x78, 0xAF, 0xD4, 0xDD, 0xBF, 0x55, 0xDB, + 0xAD, 0x85, 0xA0, 0x5C, 0x22, 0xC3, 0x8C, 0x14, 0x79, 0xE5, + 0x0A, 0xB1, 0x48, 0xAC, 0x22, 0x77, 0xDA, 0x86, 0x57, 0xCF, + 0x3C, 0xEC, 0x12, 0xD2, 0x28, 0x41, 0x7A, 0xCD, 0xD0, 0x55, + 0x1B, 0x80, 0xEB, 0x9E, 0x60, 0xFA, 0x36, 0x7B, 0xB0, 0x33, + 0x2A, 0xD3, 0x32, 0xD3, 0x19, 0xB6, 0x51, 0x26, 0x4C, 0x6F, + 0x62, 0xE5, 0x90, 0x32, 0x75, 0xEB, 0x85, 0x6E, 0x4E, 0x0A, + 0xC5, 0x1E, 0x16, 0x73, 0x00, 0xB0, 0xB3, 0x46, 0xCA, 0x9D, + 0xD9, 0xD2, 0x72, 0x43, 0xBB, 0xDB, 0xED, 0x82, 0xDF, 0xD7, + 0x6E, 0x61, 0x65, 0x62, 0x73, 0x27, 0x0E, 0xD6, 0x92, 0x4E, + 0x7F, 0x11, 0x7A, 0xDE, 0x8E, 0x3A, 0xB6, 0x5C, 0x67, 0x73, + 0xD0, 0x5D, 0xC6, 0xC8, 0x86, 0x01, 0xAA, 0x93, 0x19, 0x7E, + 0x59, 0xDE, 0xEB, 0x51, 0x83, 0x10, 0x76, 0x46, 0x50, 0x60, + 0xEE, 0xBD, 0x6F, 0xB3, 0x6F, 0x6A, 0x0D, 0x9C, 0x4E, 0x4D, + 0xB8, 0x51, 0x89, 0x8D, 0x4C, 0x15, 0xCD, 0x91, 0x01, 0x13, + 0x3C, 0x79, 0x57, 0x0A, 0x17, 0x33, 0x68, 0x85, 0x71, 0xA3, + 0xF9, 0x7C, 0x22, 0x91, 0x7E, 0x75, 0xB1, 0x7B, 0x60, 0x33, + 0x84, 0xFB, 0xB2, 0x42, 0x4D, 0x51, 0x6F, 0x2C, 0x41, 0xD6, + 0xC4, 0x5E, 0x3A, 0xFF, 0x49, 0x93, 0x8A, 0xEE, 0xCC, 0x2A, + 0xCB, 0x0F, 0x1C, 0x17, 0x85, 0x57, 0x2F, 0x65, 0xC3, 0x54, + 0x1F, 0xE0, 0x98, 0x1C, 0x2F, 0x3D, 0x67, 0xA1, 0x53, 0x67, + 0xD7, 0xFC, 0xAC, 0x31, 0x68, 0xBF, 0x43, 0x71, 0xA7, 0xBF, + 0xE5, 0x1F, 0x9D, 0xD9, 0x72, 0x74, 0xD6, 0x92, 0x1D, 0x36, + 0x1B, 0xBC, 0x49, 0x09, 0x84, 0x06, 0xC8, 0x4B, 0xD9, 0xB7, + 0x17, 0xF3, 0x2F, 0x82, 0x9F, 0x3F, 0x50, 0x51, 0x34, 0x25, + 0x84, 0x1A, 0xC5, 0x75, 0x1C, 0x93 }; static unsigned char dhg_2048[] = { 0x02 diff -Nru stunnel4-5.49/src/log.c stunnel4-5.50/src/log.c --- stunnel4-5.49/src/log.c 2018-08-20 12:40:35.000000000 +0000 +++ stunnel4-5.50/src/log.c 2018-10-09 14:37:38.000000000 +0000 @@ -293,7 +293,7 @@ level<=opt->log_level #else (level<=opt->log_level && - global_options.option.log_stderr) + opt->option.log_stderr) #endif ) ui_new_log(line); diff -Nru stunnel4-5.49/src/Makefile.am stunnel4-5.50/src/Makefile.am --- stunnel4-5.49/src/Makefile.am 2018-06-08 17:30:06.000000000 +0000 +++ stunnel4-5.50/src/Makefile.am 2018-10-09 14:37:38.000000000 +0000 @@ -64,15 +64,12 @@ # Win32 executables # ############################################################################### -if AUTHOR_TESTS -# Just check if the programs can be built, don't perform any actual tests -#check-local: mingw mingw64 -endif - mingw: - $(MAKE) -f $(srcdir)/mingw.mk srcdir=$(srcdir) win32_targetcpu=i686 win32_mingw=mingw + $(MAKE) -f $(srcdir)/mingw.mk srcdir=$(srcdir) win32_arch=win32 win32_targetcpu=i686 win32_mingw=mingw + mingw64: - $(MAKE) -f $(srcdir)/mingw.mk srcdir=$(srcdir) win32_targetcpu=x86_64 win32_mingw=mingw64 + $(MAKE) -f $(srcdir)/mingw.mk srcdir=$(srcdir) win32_arch=win64 win32_targetcpu=x86_64 win32_mingw=mingw64 + .PHONY: mingw mingw64 clean-local: diff -Nru stunnel4-5.49/src/Makefile.in stunnel4-5.50/src/Makefile.in --- stunnel4-5.49/src/Makefile.in 2018-08-31 14:51:16.000000000 +0000 +++ stunnel4-5.50/src/Makefile.in 2018-11-09 15:53:56.000000000 +0000 @@ -1141,13 +1141,12 @@ # Win32 executables # ############################################################################### -# Just check if the programs can be built, don't perform any actual tests -#check-local: mingw mingw64 - mingw: - $(MAKE) -f $(srcdir)/mingw.mk srcdir=$(srcdir) win32_targetcpu=i686 win32_mingw=mingw + $(MAKE) -f $(srcdir)/mingw.mk srcdir=$(srcdir) win32_arch=win32 win32_targetcpu=i686 win32_mingw=mingw + mingw64: - $(MAKE) -f $(srcdir)/mingw.mk srcdir=$(srcdir) win32_targetcpu=x86_64 win32_mingw=mingw64 + $(MAKE) -f $(srcdir)/mingw.mk srcdir=$(srcdir) win32_arch=win64 win32_targetcpu=x86_64 win32_mingw=mingw64 + .PHONY: mingw mingw64 clean-local: diff -Nru stunnel4-5.49/src/mingw.mk stunnel4-5.50/src/mingw.mk --- stunnel4-5.49/src/mingw.mk 2018-04-06 14:25:10.000000000 +0000 +++ stunnel4-5.50/src/mingw.mk 2018-11-28 21:03:38.000000000 +0000 @@ -2,28 +2,34 @@ # by Michal Trojnara 1998-2018 # 32-bit Windows +#win32_arch=win32 #win32_targetcpu=i686 #win32_mingw=mingw # 64-bit Windows +#win32_arch=win64 #win32_targetcpu=x86_64 #win32_mingw=mingw64 -bindir = ../bin/$(win32_mingw) -objdir = ../obj/$(win32_mingw) +bindir = ../bin/$(win32_arch) +objdir = ../obj/$(win32_arch) win32_ssl_dir = /opt/openssl-$(win32_mingw) win32_cppflags = -I$(win32_ssl_dir)/include -win32_cflags = -mthreads -fstack-protector -O2 +win32_cflags = -mthreads -O2 +#win32_cflags += -fstack-protector win32_cflags += -Wall -Wextra -Wpedantic -Wformat=2 -Wconversion -Wno-long-long win32_cflags += -D_FORTIFY_SOURCE=2 -DUNICODE -D_UNICODE -win32_ldflags = -mthreads -fstack-protector -s +win32_ldflags = -s -mthreads +#win32_ldflags += -fstack-protector +# -fstack-protector is broken (at least in x86_64-w64-mingw32-gcc 8.2.0) win32_common_libs = -lws2_32 -lkernel32 win32_ssl_libs = -L$(win32_ssl_dir)/lib -lcrypto -lssl win32_gui_libs = $(win32_common_libs) -lgdi32 -lpsapi $(win32_ssl_libs) win32_cli_libs = $(win32_common_libs) $(win32_ssl_libs) +common_headers = common.h prototypes.h version.h win32_common = tls str file client log options protocol network resolver win32_common += ssl ctx verify sthreads fd dhparam cron stunnel win32_gui = ui_win_gui resources @@ -43,12 +49,20 @@ $(bindir)/stunnel.exe: $(win32_common_objs) $(win32_gui_objs) $(win32_cc) -mwindows $(win32_ldflags) -o $(bindir)/stunnel.exe $(win32_common_objs) $(win32_gui_objs) $(win32_gui_libs) + -$(srcdir)/../sign/sign.sh $(bindir)/stunnel.exe $(bindir)/tstunnel.exe: $(win32_common_objs) $(win32_cli_objs) $(win32_cc) $(win32_ldflags) -o $(bindir)/tstunnel.exe $(win32_common_objs) $(win32_cli_objs) $(win32_cli_libs) + -$(srcdir)/../sign/sign.sh $(bindir)/tstunnel.exe -$(objdir)/%.o: $(srcdir)/%.c $(common_headers) +$(objdir)/%.o: $(srcdir)/%.c $(win32_cc) -c $(win32_cppflags) $(win32_cflags) -o $@ $< -$(objdir)/resources.o: $(srcdir)/resources.rc $(srcdir)/resources.h $(srcdir)/version.h +$(objdir)/%.o: $(common_headers) + +$(win32_gui_objs): $(srcdir)/resources.h + +$(objdir)/resources.o: $(srcdir)/resources.rc $(win32_windres) --include-dir $(srcdir) $< $@ + +$(objdir)/resources.o: $(srcdir)/version.h diff -Nru stunnel4-5.49/src/options.c stunnel4-5.50/src/options.c --- stunnel4-5.49/src/options.c 2018-08-19 07:10:47.000000000 +0000 +++ stunnel4-5.50/src/options.c 2018-11-05 14:37:18.000000000 +0000 @@ -44,18 +44,20 @@ #define CONFLINELEN (16*1024) +#define INVALID_SSL_OPTION ((long unsigned)-1) + typedef enum { - CMD_BEGIN, /* initialize defaults */ - CMD_EXEC, /* process command */ - CMD_END, /* end of section */ - CMD_DUP, /* duplicate new_service_options */ - CMD_FREE, /* deallocate memory */ - CMD_DEFAULT, /* print default value */ - CMD_HELP /* print help */ + CMD_SET_DEFAULTS, /* set default values */ + CMD_SET_COPY, /* duplicate from new_service_options */ + CMD_FREE, /* deallocate memory */ + CMD_SET_VALUE, /* set a user-specified value */ + CMD_INITIALIZE, /* initialize the global options or a section */ + CMD_PRINT_DEFAULTS, /* print default values */ + CMD_PRINT_HELP /* print help */ } CMD; NOEXPORT int options_file(char *, CONF_TYPE, SERVICE_OPTIONS **); -NOEXPORT int options_include(char *, SERVICE_OPTIONS **); +NOEXPORT int init_section(int, SERVICE_OPTIONS **); #ifdef USE_WIN32 struct dirent { char d_name[MAX_PATH]; @@ -66,15 +68,19 @@ int alphasort(const struct dirent **, const struct dirent **); #endif NOEXPORT char *parse_global_option(CMD, char *, char *); -NOEXPORT char *parse_service_option(CMD, SERVICE_OPTIONS *, char *, char *); +NOEXPORT char *parse_service_option(CMD, SERVICE_OPTIONS **, char *, char *); #ifndef OPENSSL_NO_TLSEXT NOEXPORT char *sni_init(SERVICE_OPTIONS *); NOEXPORT void sni_free(SERVICE_OPTIONS *); #endif /* !defined(OPENSSL_NO_TLSEXT) */ +#if OPENSSL_VERSION_NUMBER>=0x10100000L +NOEXPORT int str_to_proto_version(const char *); +#else /* OPENSSL_VERSION_NUMBER<0x10100000L */ NOEXPORT char *tls_methods_set(SERVICE_OPTIONS *, const char *); NOEXPORT char *tls_methods_check(SERVICE_OPTIONS *); +#endif /* OPENSSL_VERSION_NUMBER<0x10100000L */ NOEXPORT char *parse_debug_level(char *, SERVICE_OPTIONS *); @@ -233,6 +239,8 @@ NOEXPORT ENGINE *engine_get_by_num(const int); #endif /* !defined(OPENSSL_NO_ENGINE) */ +NOEXPORT char *include_config(char *, SERVICE_OPTIONS **); + NOEXPORT void print_syntax(void); NOEXPORT void name_list_append(NAME_LIST **, char *); @@ -244,7 +252,7 @@ NOEXPORT void arg_free(char **arg); #endif -char configuration_file[PATH_MAX]; +char *configuration_file=NULL; GLOBAL_OPTIONS global_options; SERVICE_OPTIONS service_options; @@ -287,13 +295,13 @@ "stunnel.conf"; type=CONF_FILE; } else if(!strcasecmp(arg1, "-help")) { - parse_global_option(CMD_HELP, NULL, NULL); - parse_service_option(CMD_HELP, NULL, NULL, NULL); + parse_global_option(CMD_PRINT_HELP, NULL, NULL); + parse_service_option(CMD_PRINT_HELP, NULL, NULL, NULL); log_flush(LOG_MODE_INFO); return 2; } else if(!strcasecmp(arg1, "-version")) { - parse_global_option(CMD_DEFAULT, NULL, NULL); - parse_service_option(CMD_DEFAULT, NULL, NULL, NULL); + parse_global_option(CMD_PRINT_DEFAULTS, NULL, NULL); + parse_service_option(CMD_PRINT_DEFAULTS, NULL, NULL, NULL); log_flush(LOG_MODE_INFO); return 2; } else if(!strcasecmp(arg1, "-sockets")) { @@ -321,18 +329,24 @@ type=CONF_FILE; } -#ifdef HAVE_REALPATH if(type==CONF_FILE) { - if(!realpath(name, configuration_file)) { +#ifdef HAVE_REALPATH + char *real_path=realpath(name, NULL); + if(!real_path) { s_log(LOG_ERR, "Invalid configuration file name \"%s\"", name); ioerror("realpath"); return 1; } - return options_parse(type); - } + configuration_file=str_dup(real_path); + free(real_path); +#else + configuration_file=str_dup(name); #endif - strncpy(configuration_file, name, PATH_MAX-1); - configuration_file[PATH_MAX-1]='\0'; +#ifndef USE_WIN32 + } else if(type==CONF_FD) { + configuration_file=str_dup(name); +#endif + } return options_parse(type); } @@ -340,40 +354,20 @@ int options_parse(CONF_TYPE type) { SERVICE_OPTIONS *section; - char *errstr; options_defaults(); section=&new_service_options; if(options_file(configuration_file, type, §ion)) return 1; - - if(new_service_options.next) { /* daemon mode: initialize sections */ - for(section=new_service_options.next; section; section=section->next) { - s_log(LOG_INFO, "Initializing service [%s]", section->servname); - errstr=parse_service_option(CMD_END, section, NULL, NULL); - if(errstr) - break; - } - } else { /* inetd mode: need to initialize global options */ - errstr=parse_global_option(CMD_END, NULL, NULL); - if(errstr) { - s_log(LOG_ERR, "Global options: %s", errstr); - return 1; - } - s_log(LOG_INFO, "Initializing inetd mode configuration"); - section=&new_service_options; - errstr=parse_service_option(CMD_END, section, NULL, NULL); - } - if(errstr) { - s_log(LOG_ERR, "Service [%s]: %s", section->servname, errstr); + if(init_section(1, §ion)) return 1; - } s_log(LOG_NOTICE, "Configuration successful"); return 0; } -NOEXPORT int options_file(char *path, CONF_TYPE type, SERVICE_OPTIONS **section) { +NOEXPORT int options_file(char *path, CONF_TYPE type, + SERVICE_OPTIONS **section_ptr) { DISK_FILE *df; char line_text[CONFLINELEN], *errstr; char config_line[CONFLINELEN], *config_opt, *config_arg; @@ -427,15 +421,9 @@ continue; if(config_opt[0]=='[' && config_opt[strlen(config_opt)-1]==']') { /* new section */ - /* initialize global options */ - if(!new_service_options.next) { - errstr=parse_global_option(CMD_END, NULL, NULL); - if(errstr) { - s_log(LOG_ERR, "%s:%d: \"%s\": %s", - path, line_number, line_text, errstr); - file_close(df); - return 1; - } + if(init_section(0, section_ptr)) { + file_close(df); + return 1; } /* append a new SERVICE_OPTIONS structure to the list */ @@ -443,16 +431,16 @@ SERVICE_OPTIONS *new_section; new_section=str_alloc_detached(sizeof(SERVICE_OPTIONS)); new_section->next=NULL; - (*section)->next=new_section; - *section=new_section; + (*section_ptr)->next=new_section; + *section_ptr=new_section; } /* initialize the newly allocated section */ ++config_opt; config_opt[strlen(config_opt)-1]='\0'; - (*section)->servname=str_dup_detached(config_opt); - (*section)->session=NULL; - parse_service_option(CMD_DUP, *section, NULL, NULL); + (*section_ptr)->servname=str_dup_detached(config_opt); + (*section_ptr)->session=NULL; + parse_service_option(CMD_SET_COPY, section_ptr, NULL, NULL); continue; } @@ -469,22 +457,12 @@ while(isspace((unsigned char)*config_arg)) ++config_arg; /* remove initial whitespaces */ - if(!strcasecmp(config_opt, "include")) { - if(options_include(config_arg, section)) { - s_log(LOG_ERR, "%s:%d: Failed to include directory \"%s\"", - path, line_number, config_arg); - file_close(df); - return 1; - } - continue; - } - errstr=option_not_found; /* try global options first (e.g. for 'debug') */ if(!new_service_options.next) - errstr=parse_global_option(CMD_EXEC, config_opt, config_arg); + errstr=parse_global_option(CMD_SET_VALUE, config_opt, config_arg); if(errstr==option_not_found) - errstr=parse_service_option(CMD_EXEC, *section, config_opt, config_arg); + errstr=parse_service_option(CMD_SET_VALUE, section_ptr, config_opt, config_arg); if(errstr) { s_log(LOG_ERR, "%s:%d: \"%s\": %s", path, line_number, line_text, errstr); @@ -496,35 +474,40 @@ return 0; } -NOEXPORT int options_include(char *directory, SERVICE_OPTIONS **section) { - struct dirent **namelist; - int i, num, err=0; +NOEXPORT int init_section(int eof, SERVICE_OPTIONS **section_ptr) { + char *errstr; - num=scandir(directory, &namelist, NULL, alphasort); - if(num<0) { - ioerror("scandir"); - return 1; +#ifndef USE_WIN32 + (*section_ptr)->option.log_stderr=new_global_options.option.log_stderr; +#endif /* USE_WIN32 */ + + if(*section_ptr==&new_service_options) { + /* end of global options or inetd mode -> initialize globals */ + errstr=parse_global_option(CMD_INITIALIZE, NULL, NULL); + if(errstr) { + s_log(LOG_ERR, "Global options: %s", errstr); + return 1; + } } - for(i=0; id_name); - if(!stat(name, &sb) && S_ISREG(sb.st_mode)) - err=options_file(name, CONF_FILE, section); + + if(*section_ptr!=&new_service_options || eof) { + /* end service section or inetd mode -> initialize service */ + if(*section_ptr==&new_service_options) + s_log(LOG_INFO, "Initializing inetd mode configuration"); + else + s_log(LOG_INFO, "Initializing service [%s]", + (*section_ptr)->servname); + errstr=parse_service_option(CMD_INITIALIZE, section_ptr, NULL, NULL); + if(errstr) { + if(*section_ptr==&new_service_options) + s_log(LOG_ERR, "Inetd mode: %s", errstr); else - s_log(LOG_DEBUG, "\"%s\" is not a file", name); - str_free(name); + s_log(LOG_ERR, "Service [%s]: %s", + (*section_ptr)->servname, errstr); + return 1; } - free(namelist[i]); } - free(namelist); - return err; + return 0; } #ifdef USE_WIN32 @@ -579,19 +562,24 @@ #endif void options_defaults() { + SERVICE_OPTIONS *service; + /* initialize globals *before* opening the config file */ memset(&new_global_options, 0, sizeof(GLOBAL_OPTIONS)); memset(&new_service_options, 0, sizeof(SERVICE_OPTIONS)); new_service_options.next=NULL; - parse_global_option(CMD_BEGIN, NULL, NULL); - parse_service_option(CMD_BEGIN, &new_service_options, NULL, NULL); + parse_global_option(CMD_SET_DEFAULTS, NULL, NULL); + service=&new_service_options; + parse_service_option(CMD_SET_DEFAULTS, &service, NULL, NULL); } void options_apply() { /* apply default/validated configuration */ unsigned num=0; SERVICE_OPTIONS *section; + CRYPTO_THREAD_write_lock(stunnel_locks[LOCK_SECTIONS]); + memcpy(&global_options, &new_global_options, sizeof(GLOBAL_OPTIONS)); /* service_options are used for inetd mode and to enumerate services */ @@ -599,10 +587,11 @@ section->section_number=num++; memcpy(&service_options, &new_service_options, sizeof(SERVICE_OPTIONS)); number_of_sections=num; + + CRYPTO_THREAD_unlock(stunnel_locks[LOCK_SECTIONS]); } void options_free() { - /* FIXME: this operation may be unsafe, as client() threads use it */ parse_global_option(CMD_FREE, NULL, NULL); } @@ -624,8 +613,10 @@ #else ref=--(section->ref); #endif + if(ref<0) + fatal("Negative section reference counter"); if(ref==0) - parse_service_option(CMD_FREE, section, NULL, NULL); + parse_service_option(CMD_FREE, §ion, NULL, NULL); } /**************************************** global options */ @@ -633,7 +624,7 @@ NOEXPORT char *parse_global_option(CMD cmd, char *opt, char *arg) { void *tmp; - if(cmd==CMD_DEFAULT || cmd==CMD_HELP) { + if(cmd==CMD_PRINT_DEFAULTS || cmd==CMD_PRINT_HELP) { s_log(LOG_NOTICE, " "); s_log(LOG_NOTICE, "Global options:"); } @@ -641,26 +632,26 @@ /* chroot */ #ifdef HAVE_CHROOT switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: new_global_options.chroot_dir=NULL; break; - case CMD_EXEC: - if(strcasecmp(opt, "chroot")) - break; - new_global_options.chroot_dir=str_dup(arg); - return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: /* not used for global options */ + case CMD_SET_COPY: /* not used for global options */ break; case CMD_FREE: tmp=global_options.chroot_dir; global_options.chroot_dir=NULL; str_free(tmp); break; - case CMD_DEFAULT: + case CMD_SET_VALUE: + if(strcasecmp(opt, "chroot")) + break; + new_global_options.chroot_dir=str_dup(arg); + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = directory to chroot stunnel process", "chroot"); break; } @@ -669,10 +660,14 @@ /* compression */ #ifndef OPENSSL_NO_COMP switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: new_global_options.compression=COMP_NONE; break; - case CMD_EXEC: + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "compression")) break; /* only allow compression with OpenSSL 0.9.8 or later @@ -686,15 +681,11 @@ else return "Specified compression type is not available"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: /* not used for global options */ - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = compression type", "compression"); break; @@ -703,33 +694,33 @@ /* EGD */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: #ifdef EGD_SOCKET new_global_options.egd_sock=EGD_SOCKET; #else new_global_options.egd_sock=NULL; #endif break; - case CMD_EXEC: - if(strcasecmp(opt, "EGD")) - break; - new_global_options.egd_sock=str_dup(arg); - return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: /* not used for global options */ + case CMD_SET_COPY: /* not used for global options */ break; case CMD_FREE: tmp=global_options.egd_sock; global_options.egd_sock=NULL; str_free(tmp); break; - case CMD_DEFAULT: + case CMD_SET_VALUE: + if(strcasecmp(opt, "EGD")) + break; + new_global_options.egd_sock=str_dup(arg); + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: #ifdef EGD_SOCKET s_log(LOG_NOTICE, "%-22s = %s", "EGD", EGD_SOCKET); #endif break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = path to Entropy Gathering Daemon socket", "EGD"); break; } @@ -738,27 +729,27 @@ /* engine */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: engine_reset_list(); break; - case CMD_EXEC: + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + /* FIXME: investigate if we can free it */ + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "engine")) break; if(!strcasecmp(arg, "auto")) return engine_auto(); else return engine_open(arg); - case CMD_END: + case CMD_INITIALIZE: engine_init(); break; - case CMD_DUP: /* not used for global options */ - break; - case CMD_FREE: - /* FIXME: investigate if we can free it */ + case CMD_PRINT_DEFAULTS: break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = auto|engine_id", "engine"); break; @@ -766,9 +757,13 @@ /* engineCtrl */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: + break; + case CMD_SET_COPY: /* not used for global options */ break; - case CMD_EXEC: + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "engineCtrl")) break; { @@ -777,15 +772,11 @@ *tmp_str++='\0'; return engine_ctrl(arg, tmp_str); } - case CMD_END: - break; - case CMD_DUP: /* not used for global options */ - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = cmd[:arg]", "engineCtrl"); break; @@ -793,21 +784,21 @@ /* engineDefault */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: + break; + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: break; - case CMD_EXEC: + case CMD_SET_VALUE: if(strcasecmp(opt, "engineDefault")) break; return engine_default(arg); - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: /* not used for global options */ + case CMD_PRINT_DEFAULTS: break; - case CMD_FREE: - break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = TASK_LIST", "engineDefault"); break; @@ -817,12 +808,16 @@ /* fips */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: #ifdef USE_FIPS new_global_options.option.fips=0; #endif /* USE_FIPS */ break; - case CMD_EXEC: + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "fips")) break; #ifdef USE_FIPS @@ -837,15 +832,11 @@ return "FIPS support is not available"; #endif /* USE_FIPS */ return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: /* not used for global options */ - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: #ifdef USE_FIPS s_log(LOG_NOTICE, "%-22s = yes|no FIPS 140-2 mode", "fips"); @@ -856,11 +847,15 @@ /* foreground */ #ifndef USE_WIN32 switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: new_global_options.option.foreground=0; new_global_options.option.log_stderr=0; break; - case CMD_EXEC: + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "foreground")) break; if(!strcasecmp(arg, "yes")) { @@ -875,15 +870,11 @@ } else return "The argument needs to be either 'yes', 'quiet' or 'no'"; return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: /* not used for global options */ + case CMD_PRINT_DEFAULTS: break; - case CMD_FREE: - break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|quiet|no foreground mode (don't fork, log to stderr)", "foreground"); break; @@ -894,75 +885,75 @@ /* iconActive */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: new_global_options.icon[ICON_ACTIVE]=load_icon_default(ICON_ACTIVE); break; - case CMD_EXEC: + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + /* FIXME: investigate if we can free it */ + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "iconActive")) break; if(!(new_global_options.icon[ICON_ACTIVE]=load_icon_file(arg))) return "Failed to load the specified icon"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: /* not used for global options */ + case CMD_INITIALIZE: break; - case CMD_FREE: - /* FIXME: investigate if we can free it */ + case CMD_PRINT_DEFAULTS: break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = icon when connections are established", "iconActive"); break; } /* iconError */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: new_global_options.icon[ICON_ERROR]=load_icon_default(ICON_ERROR); break; - case CMD_EXEC: + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + /* FIXME: investigate if we can free it */ + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "iconError")) break; if(!(new_global_options.icon[ICON_ERROR]=load_icon_file(arg))) return "Failed to load the specified icon"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: /* not used for global options */ + case CMD_INITIALIZE: break; - case CMD_FREE: - /* FIXME: investigate if we can free it */ + case CMD_PRINT_DEFAULTS: break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = icon for invalid configuration file", "iconError"); break; } /* iconIdle */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: new_global_options.icon[ICON_IDLE]=load_icon_default(ICON_IDLE); break; - case CMD_EXEC: + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + /* FIXME: investigate if we can free it */ + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "iconIdle")) break; if(!(new_global_options.icon[ICON_IDLE]=load_icon_file(arg))) return "Failed to load the specified icon"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: /* not used for global options */ + case CMD_INITIALIZE: break; - case CMD_FREE: - /* FIXME: investigate if we can free it */ + case CMD_PRINT_DEFAULTS: break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = icon when no connections were established", "iconIdle"); break; } @@ -971,10 +962,14 @@ /* log */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: new_global_options.log_file_mode=FILE_MODE_APPEND; break; - case CMD_EXEC: + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "log")) break; if(!strcasecmp(arg, "append")) @@ -984,15 +979,11 @@ else return "The argument needs to be either 'append' or 'overwrite'"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: /* not used for global options */ - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = append|overwrite log file", "log"); break; @@ -1000,26 +991,32 @@ /* output */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: new_global_options.output_file=NULL; break; - case CMD_EXEC: - if(strcasecmp(opt, "output")) - break; - new_global_options.output_file=str_dup(arg); - return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: /* not used for global options */ + case CMD_SET_COPY: /* not used for global options */ break; case CMD_FREE: tmp=global_options.output_file; global_options.output_file=NULL; str_free(tmp); break; - case CMD_DEFAULT: + case CMD_SET_VALUE: + if(strcasecmp(opt, "output")) + break; + new_global_options.output_file=str_dup(arg); + return NULL; /* OK */ + case CMD_INITIALIZE: +#ifndef USE_WIN32 + if(!new_global_options.option.foreground /* daemonize() used */ && + new_global_options.output_file /* log file enabled */ && + new_global_options.output_file[0]!='/' /* relative path */) + return "Log file must include full path name"; +#endif + break; + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = file to append log messages", "output"); break; } @@ -1027,10 +1024,17 @@ /* pid */ #ifndef USE_WIN32 switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: new_global_options.pidfile=NULL; /* do not create a pid file */ break; - case CMD_EXEC: + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + tmp=global_options.pidfile; + global_options.pidfile=NULL; + str_free(tmp); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "pid")) break; if(arg[0]) /* is argument not empty? */ @@ -1038,18 +1042,15 @@ else new_global_options.pidfile=NULL; /* empty -> do not create a pid file */ return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: /* not used for global options */ - break; - case CMD_FREE: - tmp=global_options.pidfile; - global_options.pidfile=NULL; - str_free(tmp); + case CMD_INITIALIZE: + if(!new_global_options.option.foreground /* daemonize() used */ && + new_global_options.pidfile /* pid file enabled */ && + new_global_options.pidfile[0]!='/' /* relative path */) + return "Pid file must include full path name"; break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = pid file", "pid"); break; } @@ -1057,10 +1058,14 @@ /* RNDbytes */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: new_global_options.random_bytes=RANDOM_BYTES; break; - case CMD_EXEC: + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "RNDbytes")) break; { @@ -1070,59 +1075,59 @@ return "Illegal number of bytes to read from random seed files"; } return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: /* not used for global options */ - break; - case CMD_FREE: - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = %d", "RNDbytes", RANDOM_BYTES); break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = bytes to read from random seed files", "RNDbytes"); break; } /* RNDfile */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: #ifdef RANDOM_FILE new_global_options.rand_file=str_dup(RANDOM_FILE); #else new_global_options.rand_file=NULL; #endif break; - case CMD_EXEC: - if(strcasecmp(opt, "RNDfile")) - break; - new_global_options.rand_file=str_dup(arg); - return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: /* not used for global options */ + case CMD_SET_COPY: /* not used for global options */ break; case CMD_FREE: tmp=global_options.rand_file; global_options.rand_file=NULL; str_free(tmp); break; - case CMD_DEFAULT: + case CMD_SET_VALUE: + if(strcasecmp(opt, "RNDfile")) + break; + new_global_options.rand_file=str_dup(arg); + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: #ifdef RANDOM_FILE s_log(LOG_NOTICE, "%-22s = %s", "RNDfile", RANDOM_FILE); #endif break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = path to file with random seed data", "RNDfile"); break; } /* RNDoverwrite */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: new_global_options.option.rand_write=1; break; - case CMD_EXEC: + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "RNDoverwrite")) break; if(!strcasecmp(arg, "yes")) @@ -1132,16 +1137,12 @@ else return "The argument needs to be either 'yes' or 'no'"; return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: /* not used for global options */ - break; - case CMD_FREE: - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = yes", "RNDoverwrite"); break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no overwrite seed datafiles with new random data", "RNDoverwrite"); break; @@ -1150,10 +1151,14 @@ /* syslog */ #ifndef USE_WIN32 switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: new_global_options.option.log_syslog=1; break; - case CMD_EXEC: + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "syslog")) break; if(!strcasecmp(arg, "yes")) @@ -1163,15 +1168,11 @@ else return "The argument needs to be either 'yes' or 'no'"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: /* not used for global options */ - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no send logging messages to syslog", "syslog"); break; @@ -1181,10 +1182,14 @@ /* taskbar */ #ifdef USE_WIN32 switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: new_global_options.option.taskbar=1; break; - case CMD_EXEC: + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "taskbar")) break; if(!strcasecmp(arg, "yes")) @@ -1194,16 +1199,12 @@ else return "The argument needs to be either 'yes' or 'no'"; return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: /* not used for global options */ - break; - case CMD_FREE: - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = yes", "taskbar"); break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no enable the taskbar icon", "taskbar"); break; } @@ -1211,21 +1212,21 @@ /* final checks */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: + break; + case CMD_SET_COPY: break; - case CMD_EXEC: + case CMD_FREE: + break; + case CMD_SET_VALUE: return option_not_found; - case CMD_END: + case CMD_INITIALIZE: /* FIPS needs to be initialized as early as possible */ if(ssl_configure(&new_global_options)) /* configure global TLS settings */ return "Failed to initialize TLS"; - case CMD_DUP: - break; - case CMD_FREE: + case CMD_PRINT_DEFAULTS: break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: break; } return NULL; /* OK */ @@ -1233,37 +1234,53 @@ /**************************************** service-level options */ -NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section, +NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr, char *opt, char *arg) { + SERVICE_OPTIONS *section; int endpoints=0; #ifndef USE_WIN32 struct group *gr; struct passwd *pw; #endif - if(cmd==CMD_DEFAULT || cmd==CMD_HELP) { - s_log(LOG_NOTICE, " "); - s_log(LOG_NOTICE, "Service-level options:"); + section=section_ptr ? *section_ptr : NULL; + + if(cmd==CMD_SET_DEFAULTS || cmd==CMD_SET_COPY) { + section->ref=1; } else if(cmd==CMD_FREE) { - if(section==&service_options) + if(section==&service_options || section==&new_service_options) s_log(LOG_DEBUG, "Deallocating section defaults"); else s_log(LOG_DEBUG, "Deallocating section [%s]", section->servname); + } else if(cmd==CMD_PRINT_DEFAULTS || cmd==CMD_PRINT_HELP) { + s_log(LOG_NOTICE, " "); + s_log(LOG_NOTICE, "Service-level options:"); } /* accept */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: + addrlist_clear(§ion->local_addr, 1); + section->local_fd=NULL; + break; + case CMD_SET_COPY: addrlist_clear(§ion->local_addr, 1); section->local_fd=NULL; + name_list_dup(§ion->local_addr.names, + new_service_options.local_addr.names); + break; + case CMD_FREE: + name_list_free(section->local_addr.names); + str_free(section->local_addr.addr); + str_free(section->local_fd); break; - case CMD_EXEC: + case CMD_SET_VALUE: if(strcasecmp(opt, "accept")) break; section->option.accept=1; name_list_append(§ion->local_addr.names, arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: if(section->local_addr.names) { unsigned i; if(!addrlist_resolve(§ion->local_addr)) @@ -1274,20 +1291,9 @@ ++endpoints; } break; - case CMD_DUP: - addrlist_clear(§ion->local_addr, 1); - section->local_fd=NULL; - name_list_dup(§ion->local_addr.names, - new_service_options.local_addr.names); - break; - case CMD_FREE: - name_list_free(section->local_addr.names); - str_free(section->local_addr.addr); - str_free(section->local_fd); + case CMD_PRINT_DEFAULTS: break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = [host:]port accept connections on specified host:port", "accept"); break; @@ -1295,13 +1301,19 @@ /* CApath */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: #if 0 section->ca_dir=(char *)X509_get_default_cert_dir(); #endif section->ca_dir=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->ca_dir=str_dup_detached(new_service_options.ca_dir); + break; + case CMD_FREE: + str_free(section->ca_dir); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "CApath")) break; str_free(section->ca_dir); @@ -1310,21 +1322,15 @@ else section->ca_dir=NULL; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->ca_dir=str_dup_detached(new_service_options.ca_dir); + case CMD_INITIALIZE: break; - case CMD_FREE: - str_free(section->ca_dir); - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: #if 0 s_log(LOG_NOTICE, "%-22s = %s", "CApath", section->ca_dir ? section->ca_dir : "(none)"); #endif break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = CA certificate directory for 'verify' option", "CApath"); break; @@ -1332,14 +1338,20 @@ /* CAfile */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: #if 0 section->ca_file=(char *)X509_get_default_certfile(); #endif section->ca_file=NULL; break; - case CMD_EXEC: - if(strcasecmp(opt, "CAfile")) + case CMD_SET_COPY: + section->ca_file=str_dup_detached(new_service_options.ca_file); + break; + case CMD_FREE: + str_free(section->ca_file); + break; + case CMD_SET_VALUE: + if(strcasecmp(opt, "CAfile")) break; str_free(section->ca_file); if(arg[0]) /* not empty */ @@ -1347,21 +1359,15 @@ else section->ca_file=NULL; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->ca_file=str_dup_detached(new_service_options.ca_file); + case CMD_INITIALIZE: break; - case CMD_FREE: - str_free(section->ca_file); - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: #if 0 s_log(LOG_NOTICE, "%-22s = %s", "CAfile", section->ca_file ? section->ca_file : "(none)"); #endif break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = CA certificate file for 'verify' option", "CAfile"); break; @@ -1369,16 +1375,22 @@ /* cert */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->cert=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->cert=str_dup_detached(new_service_options.cert); + break; + case CMD_FREE: + str_free(section->cert); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "cert")) break; str_free(section->cert); section->cert=str_dup_detached(arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: #ifndef OPENSSL_NO_PSK if(section->psk_keys) break; @@ -1390,15 +1402,9 @@ if(!section->option.client && !section->cert) return "TLS server needs a certificate"; break; - case CMD_DUP: - section->cert=str_dup_detached(new_service_options.cert); - break; - case CMD_FREE: - str_free(section->cert); - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; /* no default certificate */ - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = certificate chain", "cert"); break; } @@ -1407,28 +1413,28 @@ /* checkEmail */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->check_email=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + name_list_dup(§ion->check_email, + new_service_options.check_email); + break; + case CMD_FREE: + name_list_free(section->check_email); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "checkEmail")) break; name_list_append(§ion->check_email, arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: if(section->check_email && !section->option.verify_chain && !section->option.verify_peer) return "Either \"verifyChain\" or \"verifyPeer\" has to be enabled"; break; - case CMD_DUP: - name_list_dup(§ion->check_email, - new_service_options.check_email); + case CMD_PRINT_DEFAULTS: break; - case CMD_FREE: - name_list_free(section->check_email); - break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = peer certificate email address", "checkEmail"); break; @@ -1436,28 +1442,28 @@ /* checkHost */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->check_host=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + name_list_dup(§ion->check_host, + new_service_options.check_host); + break; + case CMD_FREE: + name_list_free(section->check_host); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "checkHost")) break; name_list_append(§ion->check_host, arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: if(section->check_host && !section->option.verify_chain && !section->option.verify_peer) return "Either \"verifyChain\" or \"verifyPeer\" has to be enabled"; break; - case CMD_DUP: - name_list_dup(§ion->check_host, - new_service_options.check_host); + case CMD_PRINT_DEFAULTS: break; - case CMD_FREE: - name_list_free(section->check_host); - break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = peer certificate host name pattern", "checkHost"); break; @@ -1465,28 +1471,28 @@ /* checkIP */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->check_ip=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + name_list_dup(§ion->check_ip, + new_service_options.check_ip); + break; + case CMD_FREE: + name_list_free(section->check_ip); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "checkIP")) break; name_list_append(§ion->check_ip, arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: if(section->check_ip && !section->option.verify_chain && !section->option.verify_peer) return "Either \"verifyChain\" or \"verifyPeer\" has to be enabled"; break; - case CMD_DUP: - name_list_dup(§ion->check_ip, - new_service_options.check_ip); + case CMD_PRINT_DEFAULTS: break; - case CMD_FREE: - name_list_free(section->check_ip); - break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = peer certificate IP address", "checkIP"); break; @@ -1496,16 +1502,22 @@ /* ciphers */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->cipher_list=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->cipher_list=str_dup_detached(new_service_options.cipher_list); + break; + case CMD_FREE: + str_free(section->cipher_list); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "ciphers")) break; str_free(section->cipher_list); section->cipher_list=str_dup_detached(arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: if(!section->cipher_list) { /* this is only executed for global options, * because section->cipher_list is no longer NULL */ @@ -1517,13 +1529,7 @@ section->cipher_list=str_dup_detached(stunnel_cipher_list); } break; - case CMD_DUP: - section->cipher_list=str_dup_detached(new_service_options.cipher_list); - break; - case CMD_FREE: - str_free(section->cipher_list); - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: #ifdef USE_FIPS s_log(LOG_NOTICE, "%-22s = %s %s", "ciphers", "FIPS", "(with \"fips = yes\")"); @@ -1533,17 +1539,22 @@ s_log(LOG_NOTICE, "%-22s = %s", "ciphers", stunnel_cipher_list); #endif /* USE_FIPS */ break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = list of permitted TLS ciphers", "ciphers"); break; } /* client */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.client=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.client=new_service_options.option.client; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "client")) break; if(!strcasecmp(arg, "yes")) @@ -1553,16 +1564,11 @@ else return "The argument needs to be either 'yes' or 'no'"; return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: - section->option.client=new_service_options.option.client; + case CMD_PRINT_DEFAULTS: break; - case CMD_FREE: - break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no client mode (remote service uses TLS)", "client"); break; @@ -1572,25 +1578,25 @@ /* config */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->config=NULL; break; - case CMD_EXEC: - if(strcasecmp(opt, "config")) - break; - name_list_append(§ion->config, arg); - return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: + case CMD_SET_COPY: name_list_dup(§ion->config, new_service_options.config); break; case CMD_FREE: name_list_free(section->config); break; - case CMD_DEFAULT: + case CMD_SET_VALUE: + if(strcasecmp(opt, "config")) + break; + name_list_append(§ion->config, arg); + return NULL; /* OK */ + case CMD_INITIALIZE: break; - case CMD_HELP: + case CMD_PRINT_DEFAULTS: + break; + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = command[:parameter] to execute", "config"); break; @@ -1600,16 +1606,27 @@ /* connect */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: + addrlist_clear(§ion->connect_addr, 0); + section->connect_session=NULL; + break; + case CMD_SET_COPY: addrlist_clear(§ion->connect_addr, 0); section->connect_session=NULL; + name_list_dup(§ion->connect_addr.names, + new_service_options.connect_addr.names); + break; + case CMD_FREE: + name_list_free(section->connect_addr.names); + str_free(section->connect_addr.addr); + str_free(section->connect_session); break; - case CMD_EXEC: + case CMD_SET_VALUE: if(strcasecmp(opt, "connect")) break; name_list_append(§ion->connect_addr.names, arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: if(section->connect_addr.names) { if(!section->option.delayed_lookup && !addrlist_resolve(§ion->connect_addr)) { @@ -1625,20 +1642,9 @@ ++endpoints; } break; - case CMD_DUP: - addrlist_clear(§ion->connect_addr, 0); - section->connect_session=NULL; - name_list_dup(§ion->connect_addr.names, - new_service_options.connect_addr.names); + case CMD_PRINT_DEFAULTS: break; - case CMD_FREE: - name_list_free(section->connect_addr.names); - str_free(section->connect_addr.addr); - str_free(section->connect_session); - break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = [host:]port to connect", "connect"); break; @@ -1646,10 +1652,16 @@ /* CRLpath */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->crl_dir=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->crl_dir=str_dup_detached(new_service_options.crl_dir); + break; + case CMD_FREE: + str_free(section->crl_dir); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "CRLpath")) break; str_free(section->crl_dir); @@ -1658,27 +1670,27 @@ else section->crl_dir=NULL; return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: - section->crl_dir=str_dup_detached(new_service_options.crl_dir); - break; - case CMD_FREE: - str_free(section->crl_dir); + case CMD_PRINT_DEFAULTS: break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = CRL directory", "CRLpath"); break; } /* CRLfile */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->crl_file=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->crl_file=str_dup_detached(new_service_options.crl_file); + break; + case CMD_FREE: + str_free(section->crl_file); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "CRLfile")) break; str_free(section->crl_file); @@ -1687,17 +1699,11 @@ else section->crl_file=NULL; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->crl_file=str_dup_detached(new_service_options.crl_file); - break; - case CMD_FREE: - str_free(section->crl_file); + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = CRL file", "CRLfile"); break; } @@ -1707,27 +1713,27 @@ /* curve */ #define DEFAULT_CURVE NID_X9_62_prime256v1 switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->curve=DEFAULT_CURVE; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->curve=new_service_options.curve; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "curve")) break; section->curve=OBJ_txt2nid(arg); if(section->curve==NID_undef) return "Curve name not supported"; return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: - section->curve=new_service_options.curve; - break; - case CMD_FREE: - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = %s", "curve", OBJ_nid2ln(DEFAULT_CURVE)); break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = ECDH curve name", "curve"); break; } @@ -1736,31 +1742,31 @@ /* debug */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->log_level=LOG_NOTICE; #if !defined (USE_WIN32) && !defined (__vms) new_global_options.log_facility=LOG_DAEMON; #endif break; - case CMD_EXEC: - if(strcasecmp(opt, "debug")) - break; - return parse_debug_level(arg, section); - case CMD_END: - break; - case CMD_DUP: + case CMD_SET_COPY: section->log_level=new_service_options.log_level; break; case CMD_FREE: break; - case CMD_DEFAULT: + case CMD_SET_VALUE: + if(strcasecmp(opt, "debug")) + break; + return parse_debug_level(arg, section); + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: #if !defined (USE_WIN32) && !defined (__vms) s_log(LOG_NOTICE, "%-22s = %s", "debug", "daemon.notice"); #else s_log(LOG_NOTICE, "%-22s = %s", "debug", "notice"); #endif break; - case CMD_HELP: + case CMD_PRINT_HELP: #if !defined (USE_WIN32) && !defined (__vms) s_log(LOG_NOTICE, "%-22s = [facility].level (e.g. daemon.info)", "debug"); #else @@ -1771,10 +1777,15 @@ /* delay */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.delayed_lookup=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.delayed_lookup=new_service_options.option.delayed_lookup; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "delay")) break; if(!strcasecmp(arg, "yes")) @@ -1784,16 +1795,11 @@ else return "The argument needs to be either 'yes' or 'no'"; return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: - section->option.delayed_lookup=new_service_options.option.delayed_lookup; - break; - case CMD_FREE: - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no delay DNS lookup for 'connect' option", "delay"); @@ -1804,25 +1810,25 @@ /* engineId */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: break; - case CMD_EXEC: + case CMD_SET_COPY: + section->engine=new_service_options.engine; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "engineId")) break; section->engine=engine_get_by_id(arg); if(!section->engine) return "Engine ID not found"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->engine=new_service_options.engine; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = ID of engine to read the key from", "engineId"); break; @@ -1830,9 +1836,14 @@ /* engineNum */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: + break; + case CMD_SET_COPY: + section->engine=new_service_options.engine; break; - case CMD_EXEC: + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "engineNum")) break; { @@ -1845,16 +1856,11 @@ if(!section->engine) return "Illegal engine number"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->engine=new_service_options.engine; + case CMD_INITIALIZE: break; - case CMD_FREE: + case CMD_PRINT_DEFAULTS: break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = number of engine to read the key from", "engineNum"); break; @@ -1864,10 +1870,16 @@ /* exec */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->exec_name=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->exec_name=str_dup_detached(new_service_options.exec_name); + break; + case CMD_FREE: + str_free(section->exec_name); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "exec")) break; str_free(section->exec_name); @@ -1882,19 +1894,13 @@ } #endif return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: if(section->exec_name) ++endpoints; break; - case CMD_DUP: - section->exec_name=str_dup_detached(new_service_options.exec_name); - break; - case CMD_FREE: - str_free(section->exec_name); - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = file execute local inetd-type program", "exec"); break; @@ -1902,39 +1908,39 @@ /* execArgs */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->exec_args=NULL; break; - case CMD_EXEC: - if(strcasecmp(opt, "execArgs")) - break; + case CMD_SET_COPY: #ifdef USE_WIN32 - str_free(section->exec_args); - section->exec_args=str_dup_detached(arg); + section->exec_args=str_dup_detached(new_service_options.exec_args); #else - arg_free(section->exec_args); - section->exec_args=arg_alloc(arg); + section->exec_args=arg_dup(new_service_options.exec_args); #endif - return NULL; /* OK */ - case CMD_END: break; - case CMD_DUP: + case CMD_FREE: #ifdef USE_WIN32 - section->exec_args=str_dup_detached(new_service_options.exec_args); + str_free(section->exec_args); #else - section->exec_args=arg_dup(new_service_options.exec_args); + arg_free(section->exec_args); #endif break; - case CMD_FREE: + case CMD_SET_VALUE: + if(strcasecmp(opt, "execArgs")) + break; #ifdef USE_WIN32 str_free(section->exec_args); + section->exec_args=str_dup_detached(arg); #else arg_free(section->exec_args); + section->exec_args=arg_alloc(arg); #endif + return NULL; /* OK */ + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = arguments for 'exec' (including $0)", "execArgs"); break; @@ -1942,11 +1948,17 @@ /* failover */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->failover=FAILOVER_PRIO; section->rr=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->failover=new_service_options.failover; + section->rr=new_service_options.rr; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "failover")) break; if(!strcasecmp(arg, "rr")) @@ -1956,19 +1968,13 @@ else return "The argument needs to be either 'rr' or 'prio'"; return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: if(section->option.delayed_lookup) section->failover=FAILOVER_PRIO; break; - case CMD_DUP: - section->failover=new_service_options.failover; - section->rr=new_service_options.rr; - break; - case CMD_FREE: - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = rr|prio failover strategy", "failover"); break; @@ -1976,54 +1982,76 @@ /* ident */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->username=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->username=str_dup_detached(new_service_options.username); + break; + case CMD_FREE: + str_free(section->username); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "ident")) break; str_free(section->username); section->username=str_dup_detached(arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: - section->username=str_dup_detached(new_service_options.username); + case CMD_PRINT_DEFAULTS: + break; + case CMD_PRINT_HELP: + s_log(LOG_NOTICE, "%-22s = username for IDENT (RFC 1413) checking", "ident"); + break; + } + + /* include */ + switch(cmd) { + case CMD_SET_DEFAULTS: + break; + case CMD_SET_COPY: break; case CMD_FREE: - str_free(section->username); break; - case CMD_DEFAULT: + case CMD_SET_VALUE: + if(strcasecmp(opt, "include")) + break; + return include_config(arg, section_ptr); + case CMD_INITIALIZE: break; - case CMD_HELP: - s_log(LOG_NOTICE, "%-22s = username for IDENT (RFC 1413) checking", "ident"); + case CMD_PRINT_DEFAULTS: + break; + case CMD_PRINT_HELP: + s_log(LOG_NOTICE, "%-22s = directory with configuration file snippets", + "include"); break; } /* key */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->key=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->key=str_dup_detached(new_service_options.key); + break; + case CMD_FREE: + str_free(section->key); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "key")) break; str_free(section->key); section->key=str_dup_detached(arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: if(section->cert && !section->key) section->key=str_dup_detached(section->cert); break; - case CMD_DUP: - section->key=str_dup_detached(new_service_options.key); - break; - case CMD_FREE: - str_free(section->key); + case CMD_PRINT_DEFAULTS: break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = certificate private key", "key"); break; } @@ -2031,10 +2059,15 @@ /* libwrap */ #ifdef USE_LIBWRAP switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.libwrap=0; /* disable libwrap by default */ break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.libwrap=new_service_options.option.libwrap; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "libwrap")) break; if(!strcasecmp(arg, "yes")) @@ -2044,16 +2077,11 @@ else return "The argument needs to be either 'yes' or 'no'"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->option.libwrap=new_service_options.option.libwrap; + case CMD_INITIALIZE: break; - case CMD_FREE: + case CMD_PRINT_DEFAULTS: break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no use /etc/hosts.allow and /etc/hosts.deny", "libwrap"); break; @@ -2062,28 +2090,28 @@ /* local */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.local=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.local=new_service_options.option.local; + memcpy(§ion->source_addr, &new_service_options.source_addr, + sizeof(SOCKADDR_UNION)); + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "local")) break; if(!hostport2addr(§ion->source_addr, arg, "0", 1)) return "Failed to resolve local address"; section->option.local=1; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->option.local=new_service_options.option.local; - memcpy(§ion->source_addr, &new_service_options.source_addr, - sizeof(SOCKADDR_UNION)); + case CMD_INITIALIZE: break; - case CMD_FREE: - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = IP address to be used as source for remote" " connections", "local"); break; @@ -2091,10 +2119,15 @@ /* logId */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->log_id=LOG_ID_SEQUENTIAL; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->log_id=new_service_options.log_id; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "logId")) break; if(!strcasecmp(arg, "sequential")) @@ -2108,17 +2141,12 @@ else return "Invalid connection identifier type"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->log_id=new_service_options.log_id; + case CMD_INITIALIZE: break; - case CMD_FREE: - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = %s", "logId", "sequential"); break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = connection identifier type", "logId"); break; @@ -2128,36 +2156,41 @@ /* OCSP */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->ocsp_url=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->ocsp_url=str_dup_detached(new_service_options.ocsp_url); + break; + case CMD_FREE: + str_free(section->ocsp_url); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "ocsp")) break; str_free(section->ocsp_url); section->ocsp_url=str_dup_detached(arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: - section->ocsp_url=str_dup_detached(new_service_options.ocsp_url); + case CMD_PRINT_DEFAULTS: break; - case CMD_FREE: - str_free(section->ocsp_url); - break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = OCSP responder URL", "OCSP"); break; } /* OCSPaia */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.aia=0; /* disable AIA by default */ break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.aia=new_service_options.option.aia; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "OCSPaia")) break; if(!strcasecmp(arg, "yes")) @@ -2167,16 +2200,11 @@ else return "The argument needs to be either 'yes' or 'no'"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->option.aia=new_service_options.option.aia; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no check the AIA responders from certificates", "OCSPaia"); @@ -2185,10 +2213,15 @@ /* OCSPflag */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->ocsp_flags=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->ocsp_flags=new_service_options.ocsp_flags; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "OCSPflag")) break; { @@ -2198,26 +2231,26 @@ section->ocsp_flags|=tmp_ulong; } return NULL; - case CMD_END: - break; - case CMD_DUP: - section->ocsp_flags=new_service_options.ocsp_flags; + case CMD_INITIALIZE: break; - case CMD_FREE: + case CMD_PRINT_DEFAULTS: break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = OCSP responder flags", "OCSPflag"); break; } /* OCSPnonce */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.nonce=0; /* disable OCSP nonce by default */ break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.nonce=new_service_options.option.nonce; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "OCSPnonce")) break; if(!strcasecmp(arg, "yes")) @@ -2227,16 +2260,11 @@ else return "The argument needs to be either 'yes' or 'no'"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->option.nonce=new_service_options.option.nonce; + case CMD_INITIALIZE: break; - case CMD_FREE: - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no send and verify the OCSP nonce extension", "OCSPnonce"); @@ -2247,19 +2275,27 @@ /* options */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->ssl_options_set=0; #if OPENSSL_VERSION_NUMBER>=0x009080dfL section->ssl_options_clear=0; #endif /* OpenSSL 0.9.8m or later */ break; - case CMD_EXEC: + case CMD_SET_COPY: + section->ssl_options_set=new_service_options.ssl_options_set; +#if OPENSSL_VERSION_NUMBER>=0x009080dfL + section->ssl_options_clear=new_service_options.ssl_options_clear; +#endif /* OpenSSL 0.9.8m or later */ + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "options")) break; #if OPENSSL_VERSION_NUMBER>=0x009080dfL if(*arg=='-') { long unsigned tmp=parse_ssl_option(arg+1); - if(!tmp) + if(tmp==INVALID_SSL_OPTION) return "Illegal TLS option"; section->ssl_options_clear|=tmp; return NULL; /* OK */ @@ -2267,42 +2303,40 @@ #endif /* OpenSSL 0.9.8m or later */ { long unsigned tmp=parse_ssl_option(arg); - if(!tmp) + if(tmp==INVALID_SSL_OPTION) return "Illegal TLS option"; section->ssl_options_set|=tmp; } return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: - section->ssl_options_set=new_service_options.ssl_options_set; -#if OPENSSL_VERSION_NUMBER>=0x009080dfL - section->ssl_options_clear=new_service_options.ssl_options_clear; -#endif /* OpenSSL 0.9.8m or later */ - break; - case CMD_FREE: - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = %s", "options", "NO_SSLv2"); s_log(LOG_NOTICE, "%-22s = %s", "options", "NO_SSLv3"); break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = TLS option to set/reset", "options"); break; } /* protocol */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->protocol=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->protocol=str_dup_detached(new_service_options.protocol); + break; + case CMD_FREE: + str_free(section->protocol); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "protocol")) break; str_free(section->protocol); section->protocol=str_dup_detached(arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: /* PROTOCOL_CHECK also initializes: section->option.connect_before_ssl section->option.protocol_endpoint */ @@ -2319,15 +2353,9 @@ section->ssl_options_set|=SSL_OP_NO_TICKET; #endif break; - case CMD_DUP: - section->protocol=str_dup_detached(new_service_options.protocol); - break; - case CMD_FREE: - str_free(section->protocol); - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = protocol to negotiate before TLS initialization", "protocol"); s_log(LOG_NOTICE, "%25scurrently supported: cifs, connect, imap,", ""); @@ -2337,27 +2365,27 @@ /* protocolAuthentication */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->protocol_authentication=str_dup_detached("basic"); break; - case CMD_EXEC: - if(strcasecmp(opt, "protocolAuthentication")) - break; - str_free(section->protocol_authentication); - section->protocol_authentication=str_dup_detached(arg); - return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: + case CMD_SET_COPY: section->protocol_authentication= str_dup_detached(new_service_options.protocol_authentication); break; case CMD_FREE: str_free(section->protocol_authentication); break; - case CMD_DEFAULT: + case CMD_SET_VALUE: + if(strcasecmp(opt, "protocolAuthentication")) + break; + str_free(section->protocol_authentication); + section->protocol_authentication=str_dup_detached(arg); + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = authentication type for protocol negotiations", "protocolAuthentication"); break; @@ -2365,27 +2393,27 @@ /* protocolDomain */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->protocol_domain=NULL; break; - case CMD_EXEC: - if(strcasecmp(opt, "protocolDomain")) - break; - str_free(section->protocol_domain); - section->protocol_domain=str_dup_detached(arg); - return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: + case CMD_SET_COPY: section->protocol_domain= str_dup_detached(new_service_options.protocol_domain); break; case CMD_FREE: str_free(section->protocol_domain); break; - case CMD_DEFAULT: + case CMD_SET_VALUE: + if(strcasecmp(opt, "protocolDomain")) + break; + str_free(section->protocol_domain); + section->protocol_domain=str_dup_detached(arg); + return NULL; /* OK */ + case CMD_INITIALIZE: break; - case CMD_HELP: + case CMD_PRINT_DEFAULTS: + break; + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = domain for protocol negotiations", "protocolDomain"); break; @@ -2393,27 +2421,27 @@ /* protocolHost */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->protocol_host=NULL; break; - case CMD_EXEC: - if(strcasecmp(opt, "protocolHost")) - break; - str_free(section->protocol_host); - section->protocol_host=str_dup_detached(arg); - return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: + case CMD_SET_COPY: section->protocol_host= str_dup_detached(new_service_options.protocol_host); break; case CMD_FREE: str_free(section->protocol_host); break; - case CMD_DEFAULT: + case CMD_SET_VALUE: + if(strcasecmp(opt, "protocolHost")) + break; + str_free(section->protocol_host); + section->protocol_host=str_dup_detached(arg); + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = host:port for protocol negotiations", "protocolHost"); break; @@ -2421,27 +2449,27 @@ /* protocolPassword */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->protocol_password=NULL; break; - case CMD_EXEC: - if(strcasecmp(opt, "protocolPassword")) - break; - str_free(section->protocol_password); - section->protocol_password=str_dup_detached(arg); - return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: + case CMD_SET_COPY: section->protocol_password= str_dup_detached(new_service_options.protocol_password); break; case CMD_FREE: str_free(section->protocol_password); break; - case CMD_DEFAULT: + case CMD_SET_VALUE: + if(strcasecmp(opt, "protocolPassword")) + break; + str_free(section->protocol_password); + section->protocol_password=str_dup_detached(arg); + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = password for protocol negotiations", "protocolPassword"); break; @@ -2449,27 +2477,27 @@ /* protocolUsername */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->protocol_username=NULL; break; - case CMD_EXEC: - if(strcasecmp(opt, "protocolUsername")) - break; - str_free(section->protocol_username); - section->protocol_username=str_dup_detached(arg); - return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: + case CMD_SET_COPY: section->protocol_username= str_dup_detached(new_service_options.protocol_username); break; case CMD_FREE: str_free(section->protocol_username); break; - case CMD_DEFAULT: + case CMD_SET_VALUE: + if(strcasecmp(opt, "protocolUsername")) + break; + str_free(section->protocol_username); + section->protocol_username=str_dup_detached(arg); + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = username for protocol negotiations", "protocolUsername"); break; @@ -2479,19 +2507,27 @@ /* PSKidentity */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->psk_identity=NULL; section->psk_selected=NULL; section->psk_sorted.val=NULL; section->psk_sorted.num=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->psk_identity= + str_dup_detached(new_service_options.psk_identity); + break; + case CMD_FREE: + str_free(section->psk_identity); + str_free(section->psk_sorted.val); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "PSKidentity")) break; str_free(section->psk_identity); section->psk_identity=str_dup_detached(arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: if(!section->psk_keys) /* PSK not configured */ break; psk_sort(§ion->psk_sorted, section->psk_keys); @@ -2510,17 +2546,9 @@ "PSK identity is ignored in the server mode"); } break; - case CMD_DUP: - section->psk_identity= - str_dup_detached(new_service_options.psk_identity); + case CMD_PRINT_DEFAULTS: break; - case CMD_FREE: - str_free(section->psk_identity); - str_free(section->psk_sorted.val); - break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = identity for PSK authentication", "PSKidentity"); break; @@ -2528,27 +2556,27 @@ /* PSKsecrets */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->psk_keys=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->psk_keys=psk_dup(new_service_options.psk_keys); + break; + case CMD_FREE: + psk_free(section->psk_keys); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "PSKsecrets")) break; section->psk_keys=psk_read(arg); if(!section->psk_keys) return "Failed to read PSK secrets"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->psk_keys=psk_dup(new_service_options.psk_keys); - break; - case CMD_FREE: - psk_free(section->psk_keys); + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = secrets for PSK authentication", "PSKsecrets"); break; @@ -2559,10 +2587,15 @@ /* pty */ #ifndef USE_WIN32 switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.pty=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.pty=new_service_options.option.pty; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "pty")) break; if(!strcasecmp(arg, "yes")) @@ -2572,16 +2605,11 @@ else return "The argument needs to be either 'yes' or 'no'"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->option.pty=new_service_options.option.pty; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no allocate pseudo terminal for 'exec' option", "pty"); break; @@ -2590,10 +2618,19 @@ /* redirect */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: + addrlist_clear(§ion->redirect_addr, 0); + break; + case CMD_SET_COPY: addrlist_clear(§ion->redirect_addr, 0); + name_list_dup(§ion->redirect_addr.names, + new_service_options.redirect_addr.names); break; - case CMD_EXEC: + case CMD_FREE: + name_list_free(section->redirect_addr.names); + str_free(section->redirect_addr.addr); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "redirect")) break; #ifdef SSL_OP_NO_TICKET @@ -2603,7 +2640,7 @@ #endif name_list_append(§ion->redirect_addr.names, arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: if(section->redirect_addr.names) { if(!section->option.delayed_lookup && !addrlist_resolve(§ion->redirect_addr)) { @@ -2617,18 +2654,9 @@ return "Either \"verifyChain\" or \"verifyPeer\" has to be enabled for \"redirect\" to work"; } break; - case CMD_DUP: - addrlist_clear(§ion->redirect_addr, 0); - name_list_dup(§ion->redirect_addr.names, - new_service_options.redirect_addr.names); + case CMD_PRINT_DEFAULTS: break; - case CMD_FREE: - name_list_free(section->redirect_addr.names); - str_free(section->redirect_addr.addr); - break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = [host:]port to redirect on authentication failures", "redirect"); @@ -2637,10 +2665,15 @@ /* renegotiation */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.renegotiation=1; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.renegotiation=new_service_options.option.renegotiation; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "renegotiation")) break; if(!strcasecmp(arg, "yes")) @@ -2650,16 +2683,11 @@ else return "The argument needs to be either 'yes' or 'no'"; return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: - section->option.renegotiation=new_service_options.option.renegotiation; + case CMD_PRINT_DEFAULTS: break; - case CMD_FREE: - break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no support renegotiation", "renegotiation"); break; @@ -2667,10 +2695,15 @@ /* requireCert */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.require_cert=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.require_cert=new_service_options.option.require_cert; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "requireCert")) break; if(!strcasecmp(arg, "yes")) { @@ -2682,16 +2715,11 @@ return "The argument needs to be either 'yes' or 'no'"; } return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->option.require_cert=new_service_options.option.require_cert; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no require client certificate", "requireCert"); break; @@ -2699,10 +2727,15 @@ /* reset */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.reset=1; /* enabled by default */ break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.reset=new_service_options.option.reset; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "reset")) break; if(!strcasecmp(arg, "yes")) @@ -2712,16 +2745,11 @@ else return "The argument needs to be either 'yes' or 'no'"; return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: - section->option.reset=new_service_options.option.reset; + case CMD_PRINT_DEFAULTS: break; - case CMD_FREE: - break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no send TCP RST on error", "reset"); break; @@ -2729,10 +2757,15 @@ /* retry */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.retry=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.retry=new_service_options.option.retry; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "retry")) break; if(!strcasecmp(arg, "yes")) @@ -2742,16 +2775,11 @@ else return "The argument needs to be either 'yes' or 'no'"; return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: - section->option.retry=new_service_options.option.retry; - break; - case CMD_FREE: - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no retry connect+exec section", "retry"); break; @@ -2760,26 +2788,26 @@ #ifndef USE_WIN32 /* service */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->servname=str_dup_detached("stunnel"); break; - case CMD_EXEC: + case CMD_SET_COPY: + /* servname is *not* copied from the global section */ + break; + case CMD_FREE: + /* deallocation is performed at the end CMD_FREE */ + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "service")) break; str_free(section->servname); section->servname=str_dup_detached(arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: - /* servname is *not* copied from the global section */ + case CMD_PRINT_DEFAULTS: break; - case CMD_FREE: - /* deallocation is performed at the end CMD_FREE */ - break; - case CMD_DEFAULT: - break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = service name", "service"); break; } @@ -2788,10 +2816,15 @@ #ifndef USE_WIN32 /* setgid */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->gid=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->gid=new_service_options.gid; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "setgid")) break; gr=getgrnam(arg); @@ -2806,16 +2839,11 @@ return "Illegal GID"; } return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->gid=new_service_options.gid; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = groupname for setgid()", "setgid"); break; } @@ -2824,10 +2852,15 @@ #ifndef USE_WIN32 /* setuid */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->uid=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->uid=new_service_options.uid; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "setuid")) break; pw=getpwnam(arg); @@ -2842,16 +2875,11 @@ return "Illegal UID"; } return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->uid=new_service_options.uid; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = username for setuid()", "setuid"); break; } @@ -2859,10 +2887,15 @@ /* sessionCacheSize */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->session_size=1000L; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->session_size=new_service_options.session_size; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "sessionCacheSize")) break; { @@ -2872,27 +2905,27 @@ return "Illegal session cache size"; } return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->session_size=new_service_options.session_size; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = %ld", "sessionCacheSize", 1000L); break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = session cache size", "sessionCacheSize"); break; } /* sessionCacheTimeout */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->session_timeout=300L; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->session_timeout=new_service_options.session_timeout; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "sessionCacheTimeout") && strcasecmp(opt, "session")) break; { @@ -2902,17 +2935,12 @@ return "Illegal session cache timeout"; } return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->session_timeout=new_service_options.session_timeout; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = %ld seconds", "sessionCacheTimeout", 300L); break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = session cache timeout (in seconds)", "sessionCacheTimeout"); break; @@ -2920,12 +2948,19 @@ /* sessiond */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.sessiond=0; memset(§ion->sessiond_addr, 0, sizeof(SOCKADDR_UNION)); section->sessiond_addr.in.sin_family=AF_INET; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.sessiond=new_service_options.option.sessiond; + memcpy(§ion->sessiond_addr, &new_service_options.sessiond_addr, + sizeof(SOCKADDR_UNION)); + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "sessiond")) break; section->option.sessiond=1; @@ -2937,18 +2972,11 @@ if(!name2addr(§ion->sessiond_addr, arg, 0)) return "Failed to resolve sessiond server address"; return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->option.sessiond=new_service_options.option.sessiond; - memcpy(§ion->sessiond_addr, &new_service_options.sessiond_addr, - sizeof(SOCKADDR_UNION)); - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = [host:]port use sessiond at host:port", "sessiond"); break; @@ -2957,17 +2985,25 @@ #ifndef OPENSSL_NO_TLSEXT /* sni */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->servername_list_head=NULL; section->servername_list_tail=NULL; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->sni= + str_dup_detached(new_service_options.sni); + break; + case CMD_FREE: + str_free(section->sni); + sni_free(section); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "sni")) break; str_free(section->sni); section->sni=str_dup_detached(arg); return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: { char *tmp_str=sni_init(section); if(tmp_str) @@ -2976,17 +3012,9 @@ if(!section->option.client && section->sni) ++endpoints; break; - case CMD_DUP: - section->sni= - str_dup_detached(new_service_options.sni); - break; - case CMD_FREE: - str_free(section->sni); - sni_free(section); - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = master_service:host_name for an SNI virtual service", "sni"); break; @@ -2995,74 +3023,180 @@ /* socket */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->sock_opts=socket_options_init(); break; - case CMD_EXEC: + case CMD_SET_COPY: + section->sock_opts=socket_options_dup(new_service_options.sock_opts); + break; + case CMD_FREE: + socket_options_free(section->sock_opts); + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "socket")) break; if(socket_option_parse(section->sock_opts, arg)) return "Illegal socket option"; return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: break; - case CMD_DUP: - section->sock_opts=socket_options_dup(new_service_options.sock_opts); + case CMD_PRINT_DEFAULTS: + break; + case CMD_PRINT_HELP: + s_log(LOG_NOTICE, "%-22s = a|l|r:option=value[:value]", "socket"); + s_log(LOG_NOTICE, "%25sset an option on accept/local/remote socket", ""); + break; + } + +#if OPENSSL_VERSION_NUMBER>=0x10100000L + + /* sslVersion */ + switch(cmd) { + case CMD_SET_DEFAULTS: + /* handled in sslVersionMax and sslVersionMin */ + break; + case CMD_SET_COPY: + /* handled in sslVersionMax and sslVersionMin */ break; case CMD_FREE: - socket_options_free(section->sock_opts); break; - case CMD_DEFAULT: + case CMD_SET_VALUE: + if(strcasecmp(opt, "sslVersion")) + break; + section->max_proto_version= + section->min_proto_version=str_to_proto_version(arg); + if(section->max_proto_version==-1) + return "Invalid protocol version"; + return NULL; /* OK */ + case CMD_INITIALIZE: + if(section->max_proto_version && section->min_proto_version && + section->max_proto_versionmin_proto_version) + return "Invalid protocol version range"; break; - case CMD_HELP: - s_log(LOG_NOTICE, "%-22s = a|l|r:option=value[:value]", "socket"); - s_log(LOG_NOTICE, "%25sset an option on accept/local/remote socket", ""); + case CMD_PRINT_DEFAULTS: + break; + case CMD_PRINT_HELP: + s_log(LOG_NOTICE, "%-22s = all" + "|SSLv3|TLSv1|TLSv1.1|TLSv1.2" +#ifdef TLS1_3_VERSION + "|TLSv1.3" +#endif + " TLS version", "sslVersion"); + break; + } + + /* sslVersionMax */ + switch(cmd) { + case CMD_SET_DEFAULTS: + section->max_proto_version=0; /* highest supported */ + break; + case CMD_SET_COPY: + section->max_proto_version=new_service_options.max_proto_version; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: + if(strcasecmp(opt, "sslVersionMax")) + break; + section->max_proto_version=str_to_proto_version(arg); + if(section->max_proto_version==-1) + return "Invalid protocol version"; + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: + break; + case CMD_PRINT_HELP: + s_log(LOG_NOTICE, "%-22s = all" + "|SSLv3|TLSv1|TLSv1.1|TLSv1.2" +#ifdef TLS1_3_VERSION + "|TLSv1.3" +#endif + " TLS version", "sslVersionMax"); + break; + } + + /* sslVersionMin */ + switch(cmd) { + case CMD_SET_DEFAULTS: + section->min_proto_version=TLS1_VERSION; + break; + case CMD_SET_COPY: + section->min_proto_version=new_service_options.min_proto_version; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: + if(strcasecmp(opt, "sslVersionMin")) + break; + section->min_proto_version=str_to_proto_version(arg); + if(section->min_proto_version==-1) + return "Invalid protocol version"; + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: + break; + case CMD_PRINT_HELP: + s_log(LOG_NOTICE, "%-22s = all" + "|SSLv3|TLSv1|TLSv1.1|TLSv1.2" +#ifdef TLS1_3_VERSION + "|TLSv1.3" +#endif + " TLS version", "sslVersionMin"); break; } +#else /* OPENSSL_VERSION_NUMBER<0x10100000L */ + /* sslVersion */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: tls_methods_set(section, NULL); break; - case CMD_EXEC: + case CMD_SET_COPY: + section->client_method=new_service_options.client_method; + section->server_method=new_service_options.server_method; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "sslVersion")) break; return tls_methods_set(section, arg); - case CMD_END: + case CMD_INITIALIZE: { char *tmp_str=tls_methods_check(section); if(tmp_str) return tmp_str; } break; - case CMD_DUP: - section->client_method=new_service_options.client_method; - section->server_method=new_service_options.server_method; - break; - case CMD_FREE: - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = all" -#if OPENSSL_VERSION_NUMBER<0x10100000L "|SSLv2|SSLv3|TLSv1" #if OPENSSL_VERSION_NUMBER>=0x10001000L "|TLSv1.1|TLSv1.2" #endif /* OPENSSL_VERSION_NUMBER>=0x10001000L */ -#endif /* OPENSSL_VERSION_NUMBER<0x10100000L */ " TLS method", "sslVersion"); break; } +#endif /* OPENSSL_VERSION_NUMBER<0x10100000L */ + #ifndef USE_FORK /* stack */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->stack_size=DEFAULT_STACK_SIZE; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->stack_size=new_service_options.stack_size; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "stack")) break; { @@ -3072,17 +3206,12 @@ return "Illegal thread stack size"; } return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->stack_size=new_service_options.stack_size; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = %d bytes", "stack", DEFAULT_STACK_SIZE); break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = thread stack size (in bytes)", "stack"); break; } @@ -3090,10 +3219,15 @@ /* TIMEOUTbusy */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->timeout_busy=300; /* 5 minutes */ break; - case CMD_EXEC: + case CMD_SET_COPY: + section->timeout_busy=new_service_options.timeout_busy; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "TIMEOUTbusy")) break; { @@ -3103,27 +3237,27 @@ return "Illegal busy timeout"; } return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->timeout_busy=new_service_options.timeout_busy; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = %d seconds", "TIMEOUTbusy", 300); break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = seconds to wait for expected data", "TIMEOUTbusy"); break; } /* TIMEOUTclose */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->timeout_close=60; /* 1 minute */ break; - case CMD_EXEC: + case CMD_SET_COPY: + section->timeout_close=new_service_options.timeout_close; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "TIMEOUTclose")) break; { @@ -3133,17 +3267,12 @@ return "Illegal close timeout"; } return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->timeout_close=new_service_options.timeout_close; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = %d seconds", "TIMEOUTclose", 60); break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = seconds to wait for close_notify", "TIMEOUTclose"); break; @@ -3151,10 +3280,15 @@ /* TIMEOUTconnect */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->timeout_connect=10; /* 10 seconds */ break; - case CMD_EXEC: + case CMD_SET_COPY: + section->timeout_connect=new_service_options.timeout_connect; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "TIMEOUTconnect")) break; { @@ -3164,27 +3298,27 @@ return "Illegal connect timeout"; } return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->timeout_connect=new_service_options.timeout_connect; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = %d seconds", "TIMEOUTconnect", 10); break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = seconds to connect remote host", "TIMEOUTconnect"); break; } /* TIMEOUTidle */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->timeout_idle=43200; /* 12 hours */ break; - case CMD_EXEC: + case CMD_SET_COPY: + section->timeout_idle=new_service_options.timeout_idle; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "TIMEOUTidle")) break; { @@ -3194,17 +3328,12 @@ return "Illegal idle timeout"; return NULL; /* OK */ } - case CMD_END: - break; - case CMD_DUP: - section->timeout_idle=new_service_options.timeout_idle; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = %d seconds", "TIMEOUTidle", 43200); break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = seconds to keep an idle connection", "TIMEOUTidle"); break; } @@ -3212,11 +3341,17 @@ /* transparent */ #ifndef USE_WIN32 switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.transparent_src=0; section->option.transparent_dst=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.transparent_src=new_service_options.option.transparent_src; + section->option.transparent_dst=new_service_options.option.transparent_dst; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "transparent")) break; if(!strcasecmp(arg, "none") || !strcasecmp(arg, "no")) { @@ -3234,19 +3369,13 @@ } else return "Selected transparent proxy mode is not available"; return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: if(section->option.transparent_dst) ++endpoints; break; - case CMD_DUP: - section->option.transparent_src=new_service_options.option.transparent_src; - section->option.transparent_dst=new_service_options.option.transparent_dst; - break; - case CMD_FREE: - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = none|source|destination|both transparent proxy mode", "transparent"); @@ -3256,10 +3385,15 @@ /* verify */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.request_cert=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.request_cert=new_service_options.option.request_cert; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "verify")) break; { @@ -3273,20 +3407,15 @@ section->option.verify_peer=(tmp_int>=3); } return NULL; /* OK */ - case CMD_END: + case CMD_INITIALIZE: if((section->option.verify_chain || section->option.verify_peer) && !section->ca_file && !section->ca_dir) return "Either \"CAfile\" or \"CApath\" has to be configured"; break; - case CMD_DUP: - section->option.request_cert=new_service_options.option.request_cert; - break; - case CMD_FREE: - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = none", "verify"); break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = level of peer certificate verification", "verify"); s_log(LOG_NOTICE, @@ -3304,10 +3433,15 @@ /* verifyChain */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.verify_chain=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.verify_chain=new_service_options.option.verify_chain; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "verifyChain")) break; if(!strcasecmp(arg, "yes")) { @@ -3320,16 +3454,11 @@ return "The argument needs to be either 'yes' or 'no'"; } return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->option.verify_chain=new_service_options.option.verify_chain; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no verify certificate chain", "verifyChain"); break; @@ -3337,10 +3466,15 @@ /* verifyPeer */ switch(cmd) { - case CMD_BEGIN: + case CMD_SET_DEFAULTS: section->option.verify_peer=0; break; - case CMD_EXEC: + case CMD_SET_COPY: + section->option.verify_peer=new_service_options.option.verify_peer; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: if(strcasecmp(opt, "verifyPeer")) break; if(!strcasecmp(arg, "yes")) { @@ -3353,16 +3487,11 @@ return "The argument needs to be either 'yes' or 'no'"; } return NULL; /* OK */ - case CMD_END: - break; - case CMD_DUP: - section->option.verify_peer=new_service_options.option.verify_peer; - break; - case CMD_FREE: + case CMD_INITIALIZE: break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = yes|no verify peer certificate", "verifyPeer"); break; @@ -3370,13 +3499,26 @@ /* final checks */ switch(cmd) { - case CMD_BEGIN: - section->ref=1; + case CMD_SET_DEFAULTS: + break; + case CMD_SET_COPY: + break; + case CMD_FREE: + str_free(section->chain); + if(section->session) + SSL_SESSION_free(section->session); + if(section->ctx) + SSL_CTX_free(section->ctx); + str_free(section->servname); + if(section==&service_options) + memset(section, 0, sizeof(SERVICE_OPTIONS)); + else + str_free(section); break; - case CMD_EXEC: + case CMD_SET_VALUE: return option_not_found; - case CMD_END: - if(new_service_options.next) { /* daemon mode checks */ + case CMD_INITIALIZE: + if(section!=&new_service_options) { /* daemon mode checks */ if(endpoints!=2) return "Each service must define two endpoints"; } else { /* inetd mode checks */ @@ -3390,24 +3532,9 @@ if(context_init(section)) /* initialize TLS context */ return "Failed to initialize TLS context"; break; - case CMD_DUP: - section->ref=1; - break; - case CMD_FREE: - str_free(section->chain); - if(section->session) - SSL_SESSION_free(section->session); - if(section->ctx) - SSL_CTX_free(section->ctx); - str_free(section->servname); - if(section==&service_options) - memset(section, 0, sizeof(SERVICE_OPTIONS)); - else - str_free(section); - break; - case CMD_DEFAULT: + case CMD_PRINT_DEFAULTS: break; - case CMD_HELP: + case CMD_PRINT_HELP: break; } @@ -3492,7 +3619,31 @@ #endif /* !defined(OPENSSL_NO_TLSEXT) */ -/**************************************** (deprecated) TLS methods */ +/**************************************** modern TLS version handling */ + +#if OPENSSL_VERSION_NUMBER>=0x10100000L + +NOEXPORT int str_to_proto_version(const char *name) { + if(!strcasecmp(name, "all")) + return 0; + if(!strcasecmp(name, "SSLv3")) + return SSL3_VERSION; + if(!strcasecmp(name, "TLSv1")) + return TLS1_VERSION; + if(!strcasecmp(name, "TLSv1.1")) + return TLS1_1_VERSION; + if(!strcasecmp(name, "TLSv1.2")) + return TLS1_2_VERSION; +#ifdef TLS1_3_VERSION + if(!strcasecmp(name, "TLSv1.3")) + return TLS1_3_VERSION; +#endif + return -1; +} + +/**************************************** deprecated TLS version handling */ + +#else /* OPENSSL_VERSION_NUMBER<0x10100000L */ #ifdef __GNUC__ #pragma GCC diagnostic push @@ -3501,22 +3652,11 @@ NOEXPORT char *tls_methods_set(SERVICE_OPTIONS *section, const char *arg) { if(!arg) { /* defaults */ -#if OPENSSL_VERSION_NUMBER>=0x10100000L - section->client_method=(SSL_METHOD *)TLS_client_method(); - section->server_method=(SSL_METHOD *)TLS_server_method(); -#else section->client_method=(SSL_METHOD *)SSLv23_client_method(); section->server_method=(SSL_METHOD *)SSLv23_server_method(); -#endif } else if(!strcasecmp(arg, "all")) { -#if OPENSSL_VERSION_NUMBER>=0x10100000L - section->client_method=(SSL_METHOD *)TLS_client_method(); - section->server_method=(SSL_METHOD *)TLS_server_method(); -#else section->client_method=(SSL_METHOD *)SSLv23_client_method(); section->server_method=(SSL_METHOD *)SSLv23_server_method(); -#endif -#if OPENSSL_API_COMPAT<0x10100000L } else if(!strcasecmp(arg, "SSLv2")) { #ifndef OPENSSL_NO_SSL2 section->client_method=(SSL_METHOD *)SSLv2_client_method(); @@ -3552,7 +3692,6 @@ #else /* OPENSSL_NO_TLS1_2 */ return "TLSv1.2 not supported"; #endif /* !OPENSSL_NO_TLS1_2 */ -#endif /* OPENSSL_API_COMPAT<0x10100000L */ } else return "Incorrect version of TLS protocol"; return NULL; /* OK */ @@ -3583,6 +3722,8 @@ #pragma GCC diagnostic pop #endif /* __GNUC__ */ +#endif /* OPENSSL_VERSION_NUMBER<0x10100000L */ + /**************************************** facility/debug level */ typedef struct { @@ -3669,7 +3810,7 @@ for(option=(SSL_OPTION *)ssl_opts; option->name; ++option) if(!strcasecmp(option->name, arg)) return option->value; - return 0; /* FAILED */ + return INVALID_SSL_OPTION; /* FAILED */ } NOEXPORT void print_ssl_options(void) { @@ -3688,7 +3829,7 @@ NOEXPORT PSK_KEYS *psk_read(char *key_file) { DISK_FILE *df; char line[CONFLINELEN], *key_val; - size_t key_len; + unsigned key_len; PSK_KEYS *head=NULL, *tail=NULL, *curr; int line_number=0; @@ -3713,7 +3854,7 @@ return NULL; } *key_val++='\0'; - key_len=strlen(key_val); + key_len=(unsigned)strlen(key_val); if(strlen(line)+1>PSK_MAX_IDENTITY_LEN) { /* with the trailing '\0' */ s_log(LOG_ERR, "PSKsecrets line %d: Identity longer than %d characters", @@ -4244,6 +4385,41 @@ #endif /* !defined(OPENSSL_NO_ENGINE) */ +/**************************************** include config directory */ + +NOEXPORT char *include_config(char *directory, SERVICE_OPTIONS **section_ptr) { + struct dirent **namelist; + int i, num, err=0; + + num=scandir(directory, &namelist, NULL, alphasort); + if(num<0) { + ioerror("scandir"); + return "Failed to include directory"; + } + for(i=0; id_name); + if(!stat(name, &sb) && S_ISREG(sb.st_mode)) + err=options_file(name, CONF_FILE, section_ptr); + else + s_log(LOG_DEBUG, "\"%s\" is not a file", name); + str_free(name); + } + free(namelist[i]); + } + free(namelist); + if(err) + return "Failed to include a file"; + return NULL; +} + /**************************************** fatal error */ NOEXPORT void print_syntax(void) { diff -Nru stunnel4-5.49/src/os2.mak stunnel4-5.50/src/os2.mak --- stunnel4-5.49/src/os2.mak 2018-08-09 05:43:52.000000000 +0000 +++ stunnel4-5.50/src/os2.mak 2018-10-09 14:37:38.000000000 +0000 @@ -1,11 +1,11 @@ prefix=. DEFS = -DPACKAGE_NAME=\"stunnel\" \ -DPACKAGE_TARNAME=\"stunnel\" \ - -DPACKAGE_VERSION=\"5.49\" \ - -DPACKAGE_STRING=\"stunnel\ 5.49\" \ + -DPACKAGE_VERSION=\"5.50\" \ + -DPACKAGE_STRING=\"stunnel\ 5.50\" \ -DPACKAGE_BUGREPORT=\"\" \ -DPACKAGE=\"stunnel\" \ - -DVERSION=\"5.49\" \ + -DVERSION=\"5.50\" \ -DSTDC_HEADERS=1 \ -DHAVE_SYS_TYPES_H=1 \ -DHAVE_SYS_STAT_H=1 \ diff -Nru stunnel4-5.49/src/prototypes.h stunnel4-5.50/src/prototypes.h --- stunnel4-5.49/src/prototypes.h 2018-08-19 07:10:47.000000000 +0000 +++ stunnel4-5.50/src/prototypes.h 2018-11-05 07:19:29.000000000 +0000 @@ -166,7 +166,7 @@ typedef struct psk_keys_struct { char *identity; unsigned char *key_val; - size_t key_len; + unsigned key_len; struct psk_keys_struct *next; } PSK_KEYS; typedef struct psk_table_struct { @@ -223,7 +223,11 @@ #if OPENSSL_VERSION_NUMBER>=0x009080dfL long unsigned ssl_options_clear; #endif /* OpenSSL 0.9.8m or later */ +#if OPENSSL_VERSION_NUMBER>=0x10100000L + int min_proto_version, max_proto_version; +#else /* OPENSSL_VERSION_NUMBER<0x10100000L */ SSL_METHOD *client_method, *server_method; +#endif /* OPENSSL_VERSION_NUMBER<0x10100000L */ SOCKADDR_UNION sessiond_addr; #ifndef OPENSSL_NO_TLSEXT char *sni; @@ -305,8 +309,11 @@ unsigned nonce:1; /* send and verify OCSP nonce */ #endif /* !defined(OPENSSL_NO_OCSP) */ #ifndef OPENSSL_NO_DH - unsigned dh_needed:1; + unsigned dh_temp_params:1; #endif /* OPENSSL_NO_DH */ +#ifndef USE_WIN32 + unsigned log_stderr:1; /* a copy of the global switch */ +#endif /* USE_WIN32 */ } option; } SERVICE_OPTIONS; @@ -411,6 +418,9 @@ FD *ssl_rfd, *ssl_wfd; /* read and write TLS descriptors */ uint64_t sock_bytes, ssl_bytes; /* bytes written to socket and TLS */ s_poll_set *fds; /* file descriptors */ + struct { + unsigned psk:1; /* PSK identity was found */ + } flag; } CLI; /**************************************** prototypes for stunnel.c */ @@ -435,7 +445,7 @@ /**************************************** prototypes for options.c */ -extern char configuration_file[PATH_MAX]; +extern char *configuration_file; extern unsigned number_of_sections; int options_cmdline(char *, char *); @@ -507,7 +517,7 @@ #ifndef OPENSSL_NO_DH extern DH *dh_params; -extern int dh_needed; +extern int dh_temp_params; #endif /* OPENSSL_NO_DH */ int context_init(SERVICE_OPTIONS *); @@ -692,6 +702,10 @@ #ifndef OPENSSL_NO_DH LOCK_DH, /* ctx.c */ #endif /* OPENSSL_NO_DH */ +#ifdef USE_WIN32 + LOCK_WIN_LOG, /* ui_win_gui.c */ +#endif + LOCK_SECTIONS, /* traversing section list */ STUNNEL_LOCKS /* number of locks */ } LOCK_TYPE; @@ -730,7 +744,8 @@ void _endthread(void); #endif #ifdef DEBUG_STACK_SIZE -void stack_info(int); +void stack_info(size_t, int); +void ignore_value(void *); #endif /**************************************** prototypes for file.c */ diff -Nru stunnel4-5.49/src/resources.h stunnel4-5.50/src/resources.h --- stunnel4-5.49/src/resources.h 2014-09-01 10:33:24.000000000 +0000 +++ stunnel4-5.50/src/resources.h 2018-10-09 14:37:38.000000000 +0000 @@ -2,9 +2,8 @@ #define WM_VALID_CONFIG (WM_APP+0) #define WM_INVALID_CONFIG (WM_APP+1) -#define WM_LOG (WM_APP+2) -#define WM_NEW_CHAIN (WM_APP+3) -#define WM_CLIENTS (WM_APP+4) +#define WM_NEW_CHAIN (WM_APP+2) +#define WM_CLIENTS (WM_APP+3) #define IDI_STUNNEL_MAIN 10 #define IDI_STUNNEL_ACTIVE 11 diff -Nru stunnel4-5.49/src/sthreads.c stunnel4-5.50/src/sthreads.c --- stunnel4-5.49/src/sthreads.c 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/src/sthreads.c 2018-11-06 13:25:39.000000000 +0000 @@ -567,7 +567,7 @@ (void)ls; /* this parameter is only used with USE_FORK */ s_log(LOG_DEBUG, "Creating a new thread"); thread=(HANDLE)_beginthreadex(NULL, (unsigned)arg->opt->stack_size, - client_thread, arg, 0, NULL); + client_thread, arg, STACK_SIZE_PARAM_IS_A_RESERVATION, NULL); if(!thread) { ioerror("_beginthreadex"); str_free(arg); @@ -623,7 +623,7 @@ void *arglist, unsigned initflag, unsigned *thrdaddr) { return CreateThread(NULL, stack_size, (LPTHREAD_START_ROUTINE)start_address, arglist, - STACK_SIZE_PARAM_IS_A_RESERVATION, NULL); + (DWORD)initflag, (LPDWORD)thrdaddr); } void _endthreadex(unsigned retval) { @@ -634,47 +634,93 @@ #ifdef DEBUG_STACK_SIZE -#define STACK_RESERVE (STACK_SIZE/8) -#define VERIFY_AREA ((STACK_SIZE-STACK_RESERVE)/sizeof(uint32_t)) -#define TEST_VALUE 0xdeadbeef +#define STACK_RESERVE 16384 /* some heuristic to determine the usage of client stack size */ -void stack_info(int init) { /* 1-initialize, 0-display */ - uint32_t table[VERIFY_AREA]; - int i, num; - static int min_num=VERIFY_AREA; +NOEXPORT size_t stack_num(size_t stack_size, int init) { +#ifdef _WIN64 + typedef unsigned long long TL; +#else + typedef unsigned long TL; +#endif + size_t verify_area, verify_num, i; + TL test_value, *table; + + if(stack_size=16) + return stack_size-i*sizeof(TL); /* the stack grows up */ - for(i=0; inum) /* use the higher value */ - num=i; - if(num<64) { - s_log(LOG_NOTICE, "STACK_RESERVE is too high"); - return; - } - if(num=16) + return stack_size-(i*sizeof(TL)+STACK_RESERVE); + return 0; /* not enough samples for meaningful results */ } } +#ifdef __GNUC__ +#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) +#pragma GCC diagnostic push +#endif /* __GNUC__>=4.6 */ +#pragma GCC diagnostic ignored "-Wformat" +#endif /* __GNUC__ */ +void stack_info(size_t stack_size, int init) { /* 1-initialize, 0-display */ + static size_t max_num=0; + size_t num; + +#ifdef USE_WIN32 + SYSTEM_INFO si; + GetSystemInfo(&si); + stack_size&=~((size_t)si.dwPageSize-1); +#elif defined(_SC_PAGESIZE) + stack_size&=~((size_t)sysconf(_SC_PAGESIZE)-1); +#elif defined(_SC_PAGE_SIZE) + stack_size&=~((size_t)sysconf(_SC_PAGE_SIZE)-1); +#else + stack_size&=~(4096-1); /* just a guess */ +#endif + num=stack_num(stack_size, init); + if(init) + return; + if(!num) { + s_log(LOG_NOTICE, "STACK_RESERVE is too high"); + return; + } + if(num>max_num) + max_num=num; + s_log(LOG_NOTICE, +#ifdef USE_WIN32 + "stack_info: size=%Iu, current=%Iu (%Iu%%), maximum=%Iu (%Iu%%)", +#else + "stack_info: size=%zu, current=%zu (%zu%%), maximum=%zu (%zu%%)", +#endif + stack_size, + num, num*100/stack_size, + max_num, max_num*100/stack_size); +} +#ifdef __GNUC__ +#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) +#pragma GCC diagnostic pop +#endif /* __GNUC__>=4.6 */ +#endif /* __GNUC__ */ + #endif /* DEBUG_STACK_SIZE */ /* end of sthreads.c */ diff -Nru stunnel4-5.49/src/stunnel.c stunnel4-5.50/src/stunnel.c --- stunnel4-5.49/src/stunnel.c 2018-08-25 07:15:03.000000000 +0000 +++ stunnel4-5.50/src/stunnel.c 2018-10-23 11:24:33.000000000 +0000 @@ -403,6 +403,8 @@ s_poll_init(fds); s_poll_add(fds, signal_pipe[0], 1, 0); + CRYPTO_THREAD_write_lock(stunnel_locks[LOCK_SECTIONS]); + opt=service_options.next; service_options.next=NULL; service_free(&service_options); @@ -435,6 +437,8 @@ service_free(garbage); } } + + CRYPTO_THREAD_unlock(stunnel_locks[LOCK_SECTIONS]); } NOEXPORT void unbind_port(SERVICE_OPTIONS *opt, unsigned i) { @@ -747,7 +751,9 @@ else #endif /* HAVE_CHROOT */ log_close(SINK_SYSLOG|SINK_OUTFILE); - options_free(); /* FIXME: the pattern should be copy-apply-free */ + /* there is no race condition here: + * client threads are not allowed to use global options */ + options_free(); options_apply(); /* we hope that a sane openlog(3) implementation won't * attempt to reopen /dev/log if it's already open */ diff -Nru stunnel4-5.49/src/ui_unix.c stunnel4-5.50/src/ui_unix.c --- stunnel4-5.49/src/ui_unix.c 2018-06-08 17:30:06.000000000 +0000 +++ stunnel4-5.50/src/ui_unix.c 2018-10-09 14:37:38.000000000 +0000 @@ -124,6 +124,7 @@ set_nonblock(1, 1); /* stdout */ c=alloc_client_session(&service_options, 0, 1); tls_alloc(c, ui_tls, NULL); + service_up_ref(&service_options); client_main(c); } return 0; @@ -182,11 +183,6 @@ s_log(LOG_DEBUG, "No pid file being created"); return 0; } - if(global_options.pidfile[0]!='/') { - /* to prevent creating pid file relative to '/' after daemonize() */ - s_log(LOG_ERR, "Pid file (%s) must be full path name", global_options.pidfile); - return 1; - } /* silently remove the old pid file */ unlink(global_options.pidfile); diff -Nru stunnel4-5.49/src/ui_win_gui.c stunnel4-5.50/src/ui_win_gui.c --- stunnel4-5.49/src/ui_win_gui.c 2018-08-19 07:10:47.000000000 +0000 +++ stunnel4-5.50/src/ui_win_gui.c 2018-10-23 11:24:33.000000000 +0000 @@ -69,6 +69,7 @@ NOEXPORT void CALLBACK timer_proc(HWND, UINT, UINT_PTR, DWORD); NOEXPORT LRESULT CALLBACK window_proc(HWND, UINT, WPARAM, LPARAM); +NOEXPORT void save_peer_certificate(WPARAM wParam); NOEXPORT LRESULT CALLBACK about_proc(HWND, UINT, WPARAM, LPARAM); NOEXPORT LRESULT CALLBACK pass_proc(HWND, UINT, WPARAM, LPARAM); NOEXPORT int pin_cb(UI *, UI_STRING *); @@ -84,6 +85,7 @@ NOEXPORT void valid_config(void); NOEXPORT void invalid_config(void); NOEXPORT void update_peer_menu(void); +NOEXPORT void update_peer_menu_unlocked(void); NOEXPORT void tray_update(const int); NOEXPORT void tray_delete(void); NOEXPORT void error_box(LPCTSTR); @@ -135,7 +137,7 @@ static BOOL visible=FALSE; static HANDLE main_initialized=NULL; /* global initialization performed */ static HANDLE config_ready=NULL; /* reload without a valid configuration */ -static LONG new_logs=0; +static BOOL new_logs=FALSE; static struct { char *config_file; @@ -424,15 +426,11 @@ POINT pt; RECT rect; PAINTSTRUCT ps; - SERVICE_OPTIONS *section; - unsigned section_number; - LPTSTR txt; #if 0 switch(message) { case WM_CTLCOLORSTATIC: case WM_TIMER: - case WM_LOG: break; default: s_log(LOG_DEBUG, "Window message: 0x%x(0x%hx,0x%lx)", @@ -526,24 +524,6 @@ return 0; case WM_COMMAND: - if(wParam>=IDM_PEER_MENU && wParamnext, ++section_number) - ; - if(!section) - return 0; - if(save_text_file(section->file, section->chain)) - return 0; -#ifndef _WIN32_WCE - if(main_menu_handle) - CheckMenuItem(main_menu_handle, (UINT)wParam, MF_CHECKED); -#endif - if(tray_menu_handle) - CheckMenuItem(tray_menu_handle, (UINT)wParam, MF_CHECKED); - message_box(section->help, MB_ICONINFORMATION); - return 0; - } switch(wParam) { case IDM_ABOUT: DialogBox(ghInst, TEXT("AboutBox"), main_window_handle, @@ -598,6 +578,9 @@ TEXT("http://www.stunnel.org/"), NULL, NULL, SW_SHOWNORMAL); #endif break; + default: + if(wParam>=IDM_PEER_MENU && wParamnext, ++section_number) + ; + if(section && !save_text_file(section->file, section->chain)) { +#ifndef _WIN32_WCE + if(main_menu_handle) + CheckMenuItem(main_menu_handle, (UINT)wParam, MF_CHECKED); +#endif + if(tray_menu_handle) + CheckMenuItem(tray_menu_handle, (UINT)wParam, MF_CHECKED); + message_box(section->help, MB_ICONINFORMATION); + } + CRYPTO_THREAD_unlock(stunnel_locks[LOCK_SECTIONS]); +} + NOEXPORT LRESULT CALLBACK about_proc(HWND dialog_handle, UINT message, WPARAM wParam, LPARAM lParam) { (void)lParam; /* squash the unused parameter warning */ @@ -814,7 +812,9 @@ if(!GetSaveFileName(&ofn)) return; + CRYPTO_THREAD_write_lock(stunnel_locks[LOCK_WIN_LOG]); txt=log_txt(); /* need to convert the result to UTF-8 */ + CRYPTO_THREAD_unlock(stunnel_locks[LOCK_WIN_LOG]); str=tstr2str(txt); str_free(txt); save_text_file(file_name, str); @@ -846,34 +846,49 @@ static size_t log_len=0; txt_len=_tcslen(txt); - curr=str_alloc(sizeof(struct LIST)+txt_len*sizeof(TCHAR)); + curr=str_alloc_detached(sizeof(struct LIST)+txt_len*sizeof(TCHAR)); curr->len=txt_len; _tcscpy(curr->txt, txt); curr->next=NULL; + + /* this critical section is performance critical */ + CRYPTO_THREAD_write_lock(stunnel_locks[LOCK_WIN_LOG]); if(tail) tail->next=curr; tail=curr; if(!head) head=tail; log_len++; - while(log_len>LOG_LINES) { + new_logs=TRUE; + if(log_len>LOG_LINES) { curr=head; head=head->next; - str_free(curr); log_len--; + } else { + curr=NULL; } - new_logs=1; + CRYPTO_THREAD_unlock(stunnel_locks[LOCK_WIN_LOG]); + + str_free(curr); } NOEXPORT void update_logs(void) { LPTSTR txt; - if(!InterlockedExchange(&new_logs, 0)) - return; - txt=log_txt(); - SetWindowText(edit_handle, txt); - str_free(txt); - SendMessage(edit_handle, WM_VSCROLL, (WPARAM)SB_BOTTOM, (LPARAM)0); + CRYPTO_THREAD_write_lock(stunnel_locks[LOCK_WIN_LOG]); + if(new_logs) { + txt=log_txt(); + new_logs=FALSE; + } else { + txt=NULL; + } + CRYPTO_THREAD_unlock(stunnel_locks[LOCK_WIN_LOG]); + + if(txt) { + SetWindowText(edit_handle, txt); + str_free(txt); + SendMessage(edit_handle, WM_VSCROLL, (WPARAM)SB_BOTTOM, (LPARAM)0); + } } NOEXPORT LPTSTR log_txt(void) { @@ -965,6 +980,12 @@ } NOEXPORT void update_peer_menu(void) { + CRYPTO_THREAD_read_lock(stunnel_locks[LOCK_SECTIONS]); + update_peer_menu_unlocked(); + CRYPTO_THREAD_unlock(stunnel_locks[LOCK_SECTIONS]); +} + +NOEXPORT void update_peer_menu_unlocked(void) { SERVICE_OPTIONS *section; #ifndef _WIN32_WCE HMENU main_peer_list=NULL; @@ -1162,9 +1183,10 @@ void ui_new_log(const char *line) { LPTSTR txt; + txt=str2tstr(line); - str_detach(txt); /* this allocation will be freed in the GUI thread */ - PostMessage(hwnd, WM_LOG, (WPARAM)txt, 0); + win_log(txt); + str_free(txt); } void ui_config_reloaded(void) { diff -Nru stunnel4-5.49/src/version.h stunnel4-5.50/src/version.h --- stunnel4-5.49/src/version.h 2018-08-09 05:43:52.000000000 +0000 +++ stunnel4-5.50/src/version.h 2018-10-09 14:37:38.000000000 +0000 @@ -65,7 +65,7 @@ /* START CUSTOMIZE */ #define VERSION_MAJOR 5 -#define VERSION_MINOR 49 +#define VERSION_MINOR 50 /* END CUSTOMIZE */ /* all the following macros are ABSOLUTELY NECESSARY to have proper string diff -Nru stunnel4-5.49/tests/certs/CACertCRL.pem stunnel4-5.50/tests/certs/CACertCRL.pem --- stunnel4-5.49/tests/certs/CACertCRL.pem 2018-08-31 14:52:52.000000000 +0000 +++ stunnel4-5.50/tests/certs/CACertCRL.pem 2018-10-09 14:49:40.000000000 +0000 @@ -1,13 +1,13 @@ -----BEGIN X509 CRL----- MIIB7TCB1gIBATANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJQTDEbMBkGA1UE CgwSU3R1bm5lbCBEZXZlbG9wZXJzMRAwDgYDVQQLDAdSb290IENBMQswCQYDVQQD -DAJDQTEdMBsGCSqGSIb3DQEJARYOQ0FAZXhhbXBsZS5jb20XDTE4MDgzMTE0NTI1 -MVoXDTIyMDgzMTE0NTI1MVowFTATAgIQABcNMTgwODMxMTQ1MjUxWqAjMCEwHwYD -VR0jBBgwFoAURxFszWdqm1f0uM4OjK2EU+2Y3JswDQYJKoZIhvcNAQELBQADggEB -AF5ek7J4dLGcByBVk47iw4nbXxzUG8+rpiXPEqzXYZ/HaNZhrDJ/pU0866k82DsV -Uk7+jwAK4thVMR4vSfAjc2QnLc0XU90WiEuU+eRncIkAzIvEk6NepiEBQ38Lasaf -LCQ+vd43r2UBUic/1ffoIuLcCEg5SWLrgjStR6m9844ZumMnXKBM5NrGLx8irdBL -sIwbRxfwYdwHhjX0hN4GsLgchK1puh30lEEONIXwC93/anjFkkUeZT3bIlz0vsO2 -4J4om2yDBKYUtU9X9Xz7ls3Bwyren7s6MwUN38jkZjswWrR16qmCMAIsWGpGeSvJ -RXksMpYNlZwOUQD25me0EdY= +DAJDQTEdMBsGCSqGSIb3DQEJARYOQ0FAZXhhbXBsZS5jb20XDTE4MTAwOTE0NDkz +OVoXDTIyMTAwOTE0NDkzOVowFTATAgIQABcNMTgxMDA5MTQ0OTM5WqAjMCEwHwYD +VR0jBBgwFoAUMrsPuqQ8kOHXNhiDndXEGCYNvBowDQYJKoZIhvcNAQELBQADggEB +AE9wjD43V31VT6MkVISh9VHmKY4Ah/lR5LI8FprLKuga9Rr1RMNGb43bpWRLvhMA +dRrXx+uQdm6dZOscAjnIERj2JkkJXG1ydELftzJNc3OGJtUCD07h8qLa7wA+7uzh +FtgmmNPdzpx+1YoqsqIh+TqAu+RwWG01vfXRI5VWmAdjzgv21eeI1i9ZBYeWqTbB +V1e2NiAM6DVprzmddIcr6VXmC21M2XYfhzTORrJf9FO5Y3JisYl3kKl2nPa0q9EH ++4887dUXmzFPUjDQtFkhcho2DBOcUZy4XGrSWvOru0X7AbgjpJ/GrXQnoGcBHESm +zYNNznz/O97dVwkMssW8LxY= -----END X509 CRL----- diff -Nru stunnel4-5.49/tests/certs/CACert.pem stunnel4-5.50/tests/certs/CACert.pem --- stunnel4-5.49/tests/certs/CACert.pem 2018-08-31 14:52:52.000000000 +0000 +++ stunnel4-5.50/tests/certs/CACert.pem 2018-10-09 14:49:40.000000000 +0000 @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIDtjCCAp6gAwIBAgIJAMwoDh67DqKyMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV +MIIDtjCCAp6gAwIBAgIJAKCwzlHufIcDMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV BAYTAlBMMRswGQYDVQQKDBJTdHVubmVsIERldmVsb3BlcnMxEDAOBgNVBAsMB1Jv b3QgQ0ExCzAJBgNVBAMMAkNBMR0wGwYJKoZIhvcNAQkBFg5DQUBleGFtcGxlLmNv -bTAeFw0xODA4MzExNDUyNTFaFw0xODA5MzAxNDUyNTFaMGgxCzAJBgNVBAYTAlBM +bTAeFw0xODEwMDkxNDQ5MzlaFw0yMjEwMDkxNDQ5MzlaMGgxCzAJBgNVBAYTAlBM MRswGQYDVQQKDBJTdHVubmVsIERldmVsb3BlcnMxEDAOBgNVBAsMB1Jvb3QgQ0Ex CzAJBgNVBAMMAkNBMR0wGwYJKoZIhvcNAQkBFg5DQUBleGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLiq1ZejziUKMasKUB/w9/KggdO -eCFtxFNadyDyCwDKZ1ZruwTIGRUyTEa6Dm2IP61YXIDGgN1pMaQsxPeYIA6mrvI0 -k6fD+9uVmjLMsSPqHIJlCH2vVFyO7+sCpSzTBJ++MJDs9VTYKTFkLikTR29JHYyM -2VUEAdcLDJMCw4luiUlvAC8bNWfhAqduyZKrDqDfdEB+1jLdCpazZHzTtePCM1jQ -fyrns6AkD1CiAOfCEu23oIYNnTvPszVZdYokBaHkvWNfuXtRyogKp1xfq/SX8mBE -lh1+oqKBsyKnRCiJvwWAR0tu5j1R45AhqmSM3s9RrUUxjIAD4PEadFnkZfUCAwEA -AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQURxFszWdqm1f0uM4OjK2E -U+2Y3JswHwYDVR0jBBgwFoAURxFszWdqm1f0uM4OjK2EU+2Y3JswDgYDVR0PAQH/ -BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAxy0BfXLCde9QU95NquYAXelBCtDMd -Qdth4cniUPw4tITnqEgib4BTAn91KNBlCtaw1OByciMw8eMF2T3h1ZdMz3OFXgHY -PYgHvNavSlEyHpgOkR8hjKNvm9Gg9vZXd4xkgh3ROUTKXh8mliBFUYpD7jxJLMf/ -JS5oPbo8p+RBWDAwoJQZ2utJE+FrMZlXogYLGkEfcULMVj0wglmBIv+GZ4oqbyY4 -ef/ebvutDO2tLevHOBqFFn9riLAyFQ2GHeay6WiJ8do9YQlrVu4GduSkv5NxMZ86 -WyGuISRlQSL80V2HCOUyX+IQjnnk5ktWIiAZD0yPpjJKIsXyf8XYA6i0 +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMuQxz8urfZRBvBj8K6+29NpbXZE +qsCxq60ZkBrNwbxb/V07eRk87pvfZfQ+cPN5SaJ6S9r35uoJNDdW42kQXNer9NOo +QeqBUBGLjnJZ6wcplLc+0/PXsgmIzSmlNTx+k9FuuEg06Fw0AG+Lirlnzt6VtILW +FF9vOoy13UOnySAjzkLQMNThuqerL6d91/9BOYyDUbXPfGbBoVusGX3R2qWxzgsH +MLvvCX/h6TJD4YDoaefWNswfjS3u40D7WlOXEKvltwyb2C5vfIV/eZZmoc1jza6t +nvcqtpo9c7QXR7MxIl2IA80Wykmyv4anGZ2yGB02/gZFzmBRcioKKIUJpVsCAwEA +AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUMrsPuqQ8kOHXNhiDndXE +GCYNvBowHwYDVR0jBBgwFoAUMrsPuqQ8kOHXNhiDndXEGCYNvBowDgYDVR0PAQH/ +BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAosqQoiY+OM4ZWE3W6gHWEBNvYioCK +M0a7faso0ice5AxlzOrMyOP7AwWJ5Abeho6j7xFYVEREIGpViEJLp4QSJyDiPUGh +I9CwtJd0Pp3wzpXzvG7awZVef3uWiUEXQlPWm+a/Z2aJlF0jPx7GQhW/vCxgesnz +Z75kVYP9eAlka/6bbPQOwvx2D/4hS9829RLKkCLEBj1D9GHK7DhJJAlmokowtq+8 +CfTeLSkJb0lnK/KSsZWFnJiBw/yq4XF7VQEAVhYTmnn78Ew7YACvGAoVPploArfS +Mf22wB95jYzuqxjXY9mxjKmwsoisAqcdh9nZoqrK9l33wPWwAmsof4Fi -----END CERTIFICATE----- diff -Nru stunnel4-5.49/tests/certs/client_cert.pem stunnel4-5.50/tests/certs/client_cert.pem --- stunnel4-5.49/tests/certs/client_cert.pem 2018-08-31 14:52:52.000000000 +0000 +++ stunnel4-5.50/tests/certs/client_cert.pem 2018-10-09 14:49:40.000000000 +0000 @@ -2,48 +2,48 @@ MIIDoDCCAoigAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCUEwx GzAZBgNVBAoMElN0dW5uZWwgRGV2ZWxvcGVyczEQMA4GA1UECwwHUm9vdCBDQTEL MAkGA1UEAwwCQ0ExHTAbBgkqhkiG9w0BCQEWDkNBQGV4YW1wbGUuY29tMB4XDTE4 -MDgzMTE0NTI1MVoXDTIyMDgzMTE0NTI1MVowbzELMAkGA1UEBhMCUEwxGzAZBgNV +MTAwOTE0NDk0MFoXDTIyMTAwOTE0NDk0MFowbzELMAkGA1UEBhMCUEwxGzAZBgNV BAoMElN0dW5uZWwgRGV2ZWxvcGVyczEPMA0GA1UECwwGY2xpZW50MQ8wDQYDVQQD DAZjbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQPrlToMIdTnwvc5H1japRuWNkL -G5gBQmxvheasgiHI3MU9Iaaqfg162Wj7UbF/7+u3fonCmOUk9qJGopIh0RukpvQY -KGhBGAoHXvPOwP15016X5ayCnbl3406wpnWeDnerhuSeaPHdan2/eGjOxeHL3nEA -6beUJ+LM5OJCAaIo36LB/7sym4OgtVakBBKtnGcp9/LdeSJPgNd6vOqM1O3BZzOB -yR2eVJmbGc3GrZRNHb5RC/3MTp2gaBkIZZcaRyZVzme54NHnxRZyMLqXo1zTz9Gc -w5K2uno7SBRvQtBVhgcI4CgKIG07zSvjqI7/echMkNFxN/AYK28OhX4P9a8CAwEA -AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUZgW1rnb1qNhMp7oanHEpsUiRhOIw -HwYDVR0jBBgwFoAURxFszWdqm1f0uM4OjK2EU+2Y3JswDQYJKoZIhvcNAQELBQAD -ggEBABpxDuFkaknN3i40/pd5GvX42C34iezOtXOVeo+c4y0/0Dsn8GtUE1EyjjMy -Zd29Aw9OkfNbqxwf1OAWQG1ICUx5xVyjQKUoebkw128SIwdjhQJ/o/bDUA8vaupS -tyATbKTSuXzN/jUO6G7eBibsHlPHcTM4BvjO5vkBQ85wvWmzBCXCS9YcdNs2RBJk -IrQoVrmrBTcBY10k/ndccy95ZWhOvgkWZY0EouLLFmlxu6q+8Nl7aqrg4HsY9cZe -TJffpIrT/0WepbX/2DR519Sazs2VLlDX4Fa4t/h3ZF1ITTU+h11A6fBTTNf7pZw/ -vKHLqotxaGbttLsuBq2InId1TAw= +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPOsVd02IKUGn2+RMaxEjy+4M5k +IulcufKLK61NvOTsghPYkpuLieNlLQL5DnxTIll9AXoN5Gg9HVp5l7d1Xst9rd5/ +HhBLpJxsfoLCJmQUybGaxBfkGPUriZLTjZJgvAhtHD4q2KjtQIZq/KXvvlDmr/CN +f+cblpBQdAolGRX7xGIO+5ygTSZ0D4qghUXBmYSplWDvVpZMCHeXG/hlqlxaOSmq +VNDgHRMO2ocyHwRtc5bPI6iPLP9V0bKFfLPcsd5IWuPlx1BD3rRPWUWM2BFiMmUN +rnyEknRs3phgdGlCA4Sg1pNcNEzxfQJhgMdDX7rH7xEM9ucv5jVzBEGY/ZsCAwEA +AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUvw7F5zODR/W7L2kuYkKS8MK0ad8w +HwYDVR0jBBgwFoAUMrsPuqQ8kOHXNhiDndXEGCYNvBowDQYJKoZIhvcNAQELBQAD +ggEBAHPHEPqacyq4XnMAURVUDydWoLf6h1rK8cnZI7hNydaigO20R30rkSpQcfHk +susDGO822ozCzTMd0nUOCe2y/a6tLOpQXXX2zgo4C6utqGJCRwwTjqvUfeLnPkGD +eJoBighsfcGWwoZBOOPgdJ2hhsamF2h7TBIneochNovPW0mH6w/G3Hjy2VHeEq29 +mDTA3NRic2R9iazHQIBW8U+o0CYtwgzB0ZrbL8ak/uH3yPhCuhlrYH4eXiou5kzb +nOuS3VonBp8lFLhfE040rf1Y6piwsl4FYE5udyRXli1A6D4g62/O2KXjoKzz7T6E +YAJGZqVcWZrLJgJaONqlYDEL9ZE= -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA5A+uVOgwh1OfC9zkfWNqlG5Y2QsbmAFCbG+F5qyCIcjcxT0h -pqp+DXrZaPtRsX/v67d+icKY5ST2okaikiHRG6Sm9BgoaEEYCgde887A/XnTXpfl -rIKduXfjTrCmdZ4Od6uG5J5o8d1qfb94aM7F4cvecQDpt5Qn4szk4kIBoijfosH/ -uzKbg6C1VqQEEq2cZyn38t15Ik+A13q86ozU7cFnM4HJHZ5UmZsZzcatlE0dvlEL -/cxOnaBoGQhllxpHJlXOZ7ng0efFFnIwupejXNPP0ZzDkra6ejtIFG9C0FWGBwjg -KAogbTvNK+Oojv95yEyQ0XE38Bgrbw6Ffg/1rwIDAQABAoIBAED0nmicgUXp8UDF -t2ZnLHH+Q9v9p+xRX4PW98JNm/rXZNngoXcA1EoulUGrYwc1MzZl2uqNvFJ3hq+N -grwwWYiQCuU3BDs9XwVsOAUk/B611hf5F3dc9GNg3CMLeT3CuMgo2JDA9Y79y1jp -cfgX/JBlKoPxCKA62GlmhkJTHnf6toyw72zXvPkwMKbzqGsD1O/LUcHGN2f8WiOB -FY9oVq+NRQd9N4zNzpYGcvMzL0wRYGI+GmSlkIG3M3EMKDL6GJoxvvXIu3U34nGZ -l2VxbU21MtLb7Jhr/+FMVWpoKBCP0Z3Wr41mHXeO3uvzACCSiBdHodxTzixwxO4d -ctE2V6ECgYEA+nfT/aiWPMyrzdCuQO4HL+ncO9ii1cQusd9KbWXBsXtRDN67tRX4 -MKjAI1N6YIYsN5GijVFQllbsLKU5cXcnbSsXbh5O9Vear/8BinDt+tmhXVpcp7uQ -wwsSCPjcHc2tHzeJs+XRixYZROlAIPPfhZruL6lJyt0wvz3c46zwSAcCgYEA6Rkp -lV9XvmdXE7JWNpW9G9MEegJ5tb4iiOqYJPD6H77btEMiFxMDfdRskqqZgiRBQoH0 -EyrE/urKp1tYxR9XVOqr4vCv8Wc4GnmOGGFnyicp/dWnFjZuLzVIJlspj8+q+j/D -A7d1oTHFbgbC2mvv3FfxcO3s94HmAUJ4JAQSaxkCgYBxFDBtUPOjN3RJU3GYdt5f -z2FS05eQkyXRwFHF2i78hgQtn1F3jBelQEqeqE2Tzn+gBuwwiQmtFklCTsYEaBsw -uke1u5FCSu7XjnWPnzSSEDc+AlHamF/e7tyRmGkoO3dxpI1S3usftDZsWjJNrky3 -8R6f/foG0J31eWSElctVeQKBgCDRbRxdtxHUpNreEetPe7eOJyQycwZWhbA3L0KM -Nvr/ORmRFhyfja9KmBqyMDi1eAawGzgTnnaxgeS8JKxkNDx9acPi1TKssKZxlMLz -+9PnXa8iRIsJEMxOuSDFVv2rZEwlbAR68PHH+x75jreH2NZx/0lCBkn2nPZycE3J -0PoJAoGAAXjmmnCwqDaIXRJfyP1IBN2vg2iWQtnHzXe7Xat9Vtz2j/O2pzI2L5WP -k0uZqw6OfZ9xO4wbVPKbSmpMKqM91TNr0xnIfHiJUKxAxT5PmymvGslU5HTUTSU/ -tmv5Pq6R5pdi5++fgtzdaBqva3V69J9Cp1kVyFlF9DARAaVS1iY= +MIIEpAIBAAKCAQEAs86xV3TYgpQafb5ExrESPL7gzmQi6Vy58osrrU285OyCE9iS +m4uJ42UtAvkOfFMiWX0Beg3kaD0dWnmXt3Vey32t3n8eEEuknGx+gsImZBTJsZrE +F+QY9SuJktONkmC8CG0cPirYqO1Ahmr8pe++UOav8I1/5xuWkFB0CiUZFfvEYg77 +nKBNJnQPiqCFRcGZhKmVYO9WlkwId5cb+GWqXFo5KapU0OAdEw7ahzIfBG1zls8j +qI8s/1XRsoV8s9yx3kha4+XHUEPetE9ZRYzYEWIyZQ2ufISSdGzemGB0aUIDhKDW +k1w0TPF9AmGAx0NfusfvEQz25y/mNXMEQZj9mwIDAQABAoIBABhj/1Z3uS7tXDKW +bsntFyY6VlBo8Ptq4qZuDnyxwN/k3ThH9os3AHtiLBrtIfPnaw9sj5i47bTeJW8y +c0wllbhQ0hcOc0uOl0PIy9h88aw9zaZT8imzfVc0krLiE6A5kwgplN0x/rXbiRcy +yBbSUKS0xkUBTMpSybfF0hfWNHLwu69vxmvucmkirlERrqMgMgY30Ac7G4PZGARd +SOM5kdNz6iATU9ccUm8Yl5YB4TNXvh1QF3inBJKgFpw9NBAjd8sXhebWEZVG8Zng +glkCxcXEwyIYJxmxPA3M1OZCKLjEDI0APdQkHSn9oniqghYithUTpJ1hN9R15F96 +b88q0LECgYEA58ncXPezCsy6Wf/gAXf1C7srJDY1GaMYZ7q4Zgp5at7t54kFLfn9 +ecTpf89Q7bReSRwhuc6sOKabk5dFPz2Bmo9kO73G8KdakTdxR/CFuf3lrwZ9s8I6 +choLYff909HUHbqeVGthhMx7xQRJijKBCxV2403ttHipTe2K9au4BuUCgYEAxpbU +v12LV3EE4i8Bt+bxcA6q5Ygq+7o5kFbkqgzzwyzbtyn2TWn4/z142CNc+3xg598d +AXi2oV2alqy8WAgUQP0+g4XXLlW7bvuvAga6F+XqQlKLzF61FWFwcNifeYRYCDMJ +R827pDXpaMs2AUZaMlOZreoAhxd0FWP9CpC8Kn8CgYBn6dqOH0o4TEI7OPhvEB1e +rgGQUXEK1lCJqG8k6As4+0qC463bx9h4b+wSrZnlh1hBxIfmKh6RozfaOhYEXQmu +hhx0oAcBOrXipo11qAH7uTTwe6N9JFVZdA2oVSqJfOdwkIqM5Dsq8xWF5P8nIq8x +jeTn0LcBkpqsYhNLQjnVdQKBgQCplATpwJyLN6Re7JsACgJjmPLP/B4QRO6A1eJ/ +X34MTVL1rqx3YKXSdxCpKFFvIr+xYLFpH0Z8tuyZ+7j9RzDcaiQmtXSRSX47gEnq +Zgok/By1M73S75CcSE923VQYtS1jGwmyufigebTt2pEsN4Iv9XmGrAp1UU68MVzT +19IGSwKBgQCtE2zXTIs6FfjwJvExPGAX6jj//E5uGiLT/afQGUWpFLKikaJsrhUb +2H0TneIM31zvvtbyG6gHARUP8MFH4KZaFgSmRkn86WrN3nxO499kxqCQV+GZ7+M1 +OoKU++aVv9+0VlpUyCAEUJq2flSOCex+9V2gODPKQfu8h0U4IEptZA== -----END RSA PRIVATE KEY----- diff -Nru stunnel4-5.49/tests/certs/maketestcert.sh stunnel4-5.50/tests/certs/maketestcert.sh --- stunnel4-5.49/tests/certs/maketestcert.sh 2018-08-31 14:49:02.000000000 +0000 +++ stunnel4-5.50/tests/certs/maketestcert.sh 2018-10-23 11:19:35.000000000 +0000 @@ -1,5 +1,7 @@ #!/bin/sh +ddays=1461 + result_path=$(pwd) cd $(dirname "$0") script_path=$(pwd) @@ -42,13 +44,13 @@ echo 1000 > "demoCA/serial" # generate a self-signed certificate -$OPENSSL req -config $CONF -new -x509 -keyout tmp/stunnel.pem -out tmp/stunnel.pem \ +$OPENSSL req -config $CONF -new -x509 -days $ddays -keyout tmp/stunnel.pem -out tmp/stunnel.pem \ -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=Stunnel Developers/OU=Provisional CA/CN=localhost/emailAddress=stunnel@example.com" \ 1>&2 2>> "maketestcert.log" # generate root CA certificate $OPENSSL genrsa -out demoCA/CA.key 1>&2 2>> "maketestcert.log" -$OPENSSL req -config $CONF -new -x509 -key demoCA/CA.key -out tmp/CACert.pem \ +$OPENSSL req -config $CONF -new -x509 -days $ddays -key demoCA/CA.key -out tmp/CACert.pem \ -subj "/C=PL/O=Stunnel Developers/OU=Root CA/CN=CA/emailAddress=CA@example.com" \ 1>&2 2>> "maketestcert.log" @@ -58,14 +60,14 @@ -subj "/C=PL/O=Stunnel Developers/OU=revoked/CN=revoked/emailAddress=revoked@example.com" \ 1>&2 2>> "maketestcert.log" -$OPENSSL ca -config $CONF -batch -in demoCA/revoked.csr -out demoCA/revoked.cer 1>&2 2>> "maketestcert.log" +$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/revoked.csr -out demoCA/revoked.cer 1>&2 2>> "maketestcert.log" $OPENSSL x509 -in demoCA/revoked.cer -out tmp/revoked_cert.pem 1>&2 2>> "maketestcert.log" cat demoCA/revoked.key >> tmp/revoked_cert.pem 2>> "maketestcert.log" # revoke above certificate and generate CRL file $OPENSSL ca -config $CONF -revoke demoCA/1000.pem 1>&2 2>> "maketestcert.log" -$OPENSSL ca -config $CONF -gencrl -out tmp/CACertCRL.pem 1>&2 2>> "maketestcert.log" +$OPENSSL ca -config $CONF -gencrl -crldays $ddays -out tmp/CACertCRL.pem 1>&2 2>> "maketestcert.log" # generate a client certificate $OPENSSL genrsa -out demoCA/client.key 1>&2 2>> "maketestcert.log" @@ -73,7 +75,7 @@ -subj "/C=PL/O=Stunnel Developers/OU=client/CN=client/emailAddress=client@example.com" \ 1>&2 2>> "maketestcert.log" -$OPENSSL ca -config $CONF -batch -in demoCA/client.csr -out demoCA/client.cer 1>&2 2>> "maketestcert.log" +$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/client.csr -out demoCA/client.cer 1>&2 2>> "maketestcert.log" $OPENSSL x509 -in demoCA/client.cer -out tmp/client_cert.pem 1>&2 2>> "maketestcert.log" cat tmp/client_cert.pem > tmp/PeerCerts.pem 2>> "maketestcert.log" @@ -85,7 +87,7 @@ -subj "/C=PL/O=Stunnel Developers/OU=server/CN=server/emailAddress=server@example.com" \ 1>&2 2>> "maketestcert.log" -$OPENSSL ca -config $CONF -batch -in demoCA/server.csr -out demoCA/server.cer 1>&2 2>> "maketestcert.log" +$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/server.csr -out demoCA/server.cer 1>&2 2>> "maketestcert.log" $OPENSSL x509 -in demoCA/server.cer -out tmp/server_cert.pem 1>&2 2>> "maketestcert.log" cat tmp/server_cert.pem >> tmp/PeerCerts.pem 2>> "maketestcert.log" diff -Nru stunnel4-5.49/tests/certs/openssltest.cnf stunnel4-5.50/tests/certs/openssltest.cnf --- stunnel4-5.49/tests/certs/openssltest.cnf 2018-08-31 14:49:02.000000000 +0000 +++ stunnel4-5.50/tests/certs/openssltest.cnf 2018-10-23 11:19:35.000000000 +0000 @@ -1,7 +1,7 @@ # OpenSSL root CA configuration file [ ca ] -default_ca = CA_default +default_ca = CA_default [ CA_default ] # Directory and file locations. @@ -12,8 +12,6 @@ database = $dir/demoCA/index.txt serial = $dir/demoCA/serial crl_extensions = crl_ext -default_crl_days = 1461 -default_days = 1461 default_md = sha256 preserve = no policy = policy_match diff -Nru stunnel4-5.49/tests/certs/PeerCerts.pem stunnel4-5.50/tests/certs/PeerCerts.pem --- stunnel4-5.49/tests/certs/PeerCerts.pem 2018-08-31 14:52:52.000000000 +0000 +++ stunnel4-5.50/tests/certs/PeerCerts.pem 2018-10-09 14:49:40.000000000 +0000 @@ -2,43 +2,43 @@ MIIDoDCCAoigAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCUEwx GzAZBgNVBAoMElN0dW5uZWwgRGV2ZWxvcGVyczEQMA4GA1UECwwHUm9vdCBDQTEL MAkGA1UEAwwCQ0ExHTAbBgkqhkiG9w0BCQEWDkNBQGV4YW1wbGUuY29tMB4XDTE4 -MDgzMTE0NTI1MVoXDTIyMDgzMTE0NTI1MVowbzELMAkGA1UEBhMCUEwxGzAZBgNV +MTAwOTE0NDk0MFoXDTIyMTAwOTE0NDk0MFowbzELMAkGA1UEBhMCUEwxGzAZBgNV BAoMElN0dW5uZWwgRGV2ZWxvcGVyczEPMA0GA1UECwwGY2xpZW50MQ8wDQYDVQQD DAZjbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQPrlToMIdTnwvc5H1japRuWNkL -G5gBQmxvheasgiHI3MU9Iaaqfg162Wj7UbF/7+u3fonCmOUk9qJGopIh0RukpvQY -KGhBGAoHXvPOwP15016X5ayCnbl3406wpnWeDnerhuSeaPHdan2/eGjOxeHL3nEA -6beUJ+LM5OJCAaIo36LB/7sym4OgtVakBBKtnGcp9/LdeSJPgNd6vOqM1O3BZzOB -yR2eVJmbGc3GrZRNHb5RC/3MTp2gaBkIZZcaRyZVzme54NHnxRZyMLqXo1zTz9Gc -w5K2uno7SBRvQtBVhgcI4CgKIG07zSvjqI7/echMkNFxN/AYK28OhX4P9a8CAwEA -AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUZgW1rnb1qNhMp7oanHEpsUiRhOIw -HwYDVR0jBBgwFoAURxFszWdqm1f0uM4OjK2EU+2Y3JswDQYJKoZIhvcNAQELBQAD -ggEBABpxDuFkaknN3i40/pd5GvX42C34iezOtXOVeo+c4y0/0Dsn8GtUE1EyjjMy -Zd29Aw9OkfNbqxwf1OAWQG1ICUx5xVyjQKUoebkw128SIwdjhQJ/o/bDUA8vaupS -tyATbKTSuXzN/jUO6G7eBibsHlPHcTM4BvjO5vkBQ85wvWmzBCXCS9YcdNs2RBJk -IrQoVrmrBTcBY10k/ndccy95ZWhOvgkWZY0EouLLFmlxu6q+8Nl7aqrg4HsY9cZe -TJffpIrT/0WepbX/2DR519Sazs2VLlDX4Fa4t/h3ZF1ITTU+h11A6fBTTNf7pZw/ -vKHLqotxaGbttLsuBq2InId1TAw= +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPOsVd02IKUGn2+RMaxEjy+4M5k +IulcufKLK61NvOTsghPYkpuLieNlLQL5DnxTIll9AXoN5Gg9HVp5l7d1Xst9rd5/ +HhBLpJxsfoLCJmQUybGaxBfkGPUriZLTjZJgvAhtHD4q2KjtQIZq/KXvvlDmr/CN +f+cblpBQdAolGRX7xGIO+5ygTSZ0D4qghUXBmYSplWDvVpZMCHeXG/hlqlxaOSmq +VNDgHRMO2ocyHwRtc5bPI6iPLP9V0bKFfLPcsd5IWuPlx1BD3rRPWUWM2BFiMmUN +rnyEknRs3phgdGlCA4Sg1pNcNEzxfQJhgMdDX7rH7xEM9ucv5jVzBEGY/ZsCAwEA +AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUvw7F5zODR/W7L2kuYkKS8MK0ad8w +HwYDVR0jBBgwFoAUMrsPuqQ8kOHXNhiDndXEGCYNvBowDQYJKoZIhvcNAQELBQAD +ggEBAHPHEPqacyq4XnMAURVUDydWoLf6h1rK8cnZI7hNydaigO20R30rkSpQcfHk +susDGO822ozCzTMd0nUOCe2y/a6tLOpQXXX2zgo4C6utqGJCRwwTjqvUfeLnPkGD +eJoBighsfcGWwoZBOOPgdJ2hhsamF2h7TBIneochNovPW0mH6w/G3Hjy2VHeEq29 +mDTA3NRic2R9iazHQIBW8U+o0CYtwgzB0ZrbL8ak/uH3yPhCuhlrYH4eXiou5kzb +nOuS3VonBp8lFLhfE040rf1Y6piwsl4FYE5udyRXli1A6D4g62/O2KXjoKzz7T6E +YAJGZqVcWZrLJgJaONqlYDEL9ZE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDoDCCAoigAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCUEwx GzAZBgNVBAoMElN0dW5uZWwgRGV2ZWxvcGVyczEQMA4GA1UECwwHUm9vdCBDQTEL MAkGA1UEAwwCQ0ExHTAbBgkqhkiG9w0BCQEWDkNBQGV4YW1wbGUuY29tMB4XDTE4 -MDgzMTE0NTI1MloXDTIyMDgzMTE0NTI1MlowbzELMAkGA1UEBhMCUEwxGzAZBgNV +MTAwOTE0NDk0MFoXDTIyMTAwOTE0NDk0MFowbzELMAkGA1UEBhMCUEwxGzAZBgNV BAoMElN0dW5uZWwgRGV2ZWxvcGVyczEPMA0GA1UECwwGc2VydmVyMQ8wDQYDVQQD DAZzZXJ2ZXIxITAfBgkqhkiG9w0BCQEWEnNlcnZlckBleGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMg7Y842yNncXINmTFbn+An6fizD -FZcg8Uy1azXPO/LytEW5DGWCt1SsoQ1lrtXgvo2gjcnl7dEHJniG1skD4VKbbFEz -qI+dk8RBe4pS6PSIWfIiGqWG16cvcXdK2LeNQVJlwiNzB6H4JpoNgF3gAwRCGQNu -E3tI6144PqEpzFN6NfExAim/GUkt95nrNeyc0oRzTRsy6nU1IOg/GvlCkFK4ItwG -9i3hxiT/nxBP83mEUe+wAE8PUEHnu7E3kMolLBWDt0FKpll+bvy0jOWR5qhBwwdt -4iJqTUtO8Ju6UvnaAZL0J3+iAsdQ1FQKrmEEuZA3yjsaxppfXm1I8B97WKECAwEA -AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUT37WyP68DIvymyi4O8LKnlNoMKgw -HwYDVR0jBBgwFoAURxFszWdqm1f0uM4OjK2EU+2Y3JswDQYJKoZIhvcNAQELBQAD -ggEBAKJxBm0QtjAHQI1tLiPbbVgixqkHok7fCmOevZ3Z/okjchyC4gZvdfSelrOE -gBrn90XH407X9zyHgyVNoVUXfZTKOUDl/VkF/tQ9zdCloukQs/+v3sa+MBFF3G0T -WQ/WLvY7wqJ7he1LhE9gUWI5DXO8XH5c9PvEkjxMPwOzeho+60l1Gtvn0Yj/Ho9L -2oD71+CTEo24k3zdFQhVf46vI7Wk/C90McOO0/rwNQRnNNH9ELtJizrBoxMamHSw -HXLT71ZTjeSB3DMJfWE59i1ty1V7/fLvz8T+FQfaVdpDUNAQlZaUVqz6o2w7IcnG -QAlePz5YHNF7pw7jEgXr7HnkYRA= +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvRSOWnuJnrrnlt+qUaiY9CJOp0 +Lox6vCEzwgMH+ftMZQwP6m427b3LEfPrxH6WkYMLwpAXGjREXRj+yB0ZcPvQ94VI +OyHgvgWJ14t+yLcq3w6zsWzJx/SmWLG7ga67wODxhCHAAHPKsv+cC+6wgt3kWu+G +jUQ27X03rQO2wNpV5cxdp9Ax6JQVnKleQEIShfELYYjJpp4s6n5VY8R8jRwJHl7k +XCjp5+8LSD64MUcXzo7u6XL8SxEGjQU+drKfNdleFfyVgjtAeyaWBrY8ciM4yIqn +M37zs6jyjLcNO0PtD+64VO4jJPmFY4M0O33AJu0EtuR1G/NSj1D85nKBZYUCAwEA +AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUSLKfbW2zrTXPv2dTLXpT9jHEYLkw +HwYDVR0jBBgwFoAUMrsPuqQ8kOHXNhiDndXEGCYNvBowDQYJKoZIhvcNAQELBQAD +ggEBABYai56PR5tsnmv8+mIxZM980x+oYLACVA6YaQEWxtdPQl+tGJIVnJergfRO +UrG4OjqBZp0DjMJRNIIiM50YTsEQdrVoL6HaP5AgDwqWoRJIEdVZUQWyTTTE7nBd +0k6qNKUsJVEM1Zvv+cseQYIpT75P0FPl5egSPQHVuPWSco7gGF/zF2gA4QfzRsLe +frgfzXzxEF712CuS+OXj5lab4N1L9A1GzfeQ+bNlrUky79R+vMPfjoayUJ/fTafl +wTd6YBZurwxdy6Ktql9eisuli0PRdxed1eOpUxZAbS7N3ZIDTEOcLnBrIhQY7E8P +YxSm0/qri7nS4z/DmzTe2z0ttqM= -----END CERTIFICATE----- diff -Nru stunnel4-5.49/tests/certs/psk1.txt stunnel4-5.50/tests/certs/psk1.txt --- stunnel4-5.49/tests/certs/psk1.txt 2018-08-31 14:52:52.000000000 +0000 +++ stunnel4-5.50/tests/certs/psk1.txt 2018-10-09 14:49:40.000000000 +0000 @@ -1 +1 @@ -test1:kdQkBOkGfSarEJYFO0pyA6RGsuj3rH81dMfvCH1zU3zEMjCZtd +test1:H9kpiYb8TWGo19hvd4txGMffBG6yzbJcz0FpPD4rB590vVFvyE diff -Nru stunnel4-5.49/tests/certs/psk2.txt stunnel4-5.50/tests/certs/psk2.txt --- stunnel4-5.49/tests/certs/psk2.txt 2018-08-31 14:52:52.000000000 +0000 +++ stunnel4-5.50/tests/certs/psk2.txt 2018-10-09 14:49:40.000000000 +0000 @@ -1 +1 @@ -test2:6K21l1viOWhLT2YBQBB5zQ7hwWa9NOJoy9biCZtohcsMyJUcg3 +test2:gTcg0XYgwmBISqC8KpeHUQuGdGqkcTUJBZZLUefskgjXdc5cdL diff -Nru stunnel4-5.49/tests/certs/revoked_cert.pem stunnel4-5.50/tests/certs/revoked_cert.pem --- stunnel4-5.49/tests/certs/revoked_cert.pem 2018-08-31 14:52:52.000000000 +0000 +++ stunnel4-5.50/tests/certs/revoked_cert.pem 2018-10-09 14:49:40.000000000 +0000 @@ -2,48 +2,48 @@ MIIDozCCAougAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCUEwx GzAZBgNVBAoMElN0dW5uZWwgRGV2ZWxvcGVyczEQMA4GA1UECwwHUm9vdCBDQTEL MAkGA1UEAwwCQ0ExHTAbBgkqhkiG9w0BCQEWDkNBQGV4YW1wbGUuY29tMB4XDTE4 -MDgzMTE0NTI1MVoXDTIyMDgzMTE0NTI1MVowcjELMAkGA1UEBhMCUEwxGzAZBgNV +MTAwOTE0NDkzOVoXDTIyMTAwOTE0NDkzOVowcjELMAkGA1UEBhMCUEwxGzAZBgNV BAoMElN0dW5uZWwgRGV2ZWxvcGVyczEQMA4GA1UECwwHcmV2b2tlZDEQMA4GA1UE AwwHcmV2b2tlZDEiMCAGCSqGSIb3DQEJARYTcmV2b2tlZEBleGFtcGxlLmNvbTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6vZCsJmdsIUhP9a5R0+tWn -WXiZjK3F5A6LTHGOVsK2Gla9+WzTVJP6MlrG0CsoRWckHBpujfKwOWDzQdJVkRgp -hF19uaMO6JTMJeScV5/Y9aTeMXkfNDaGr48NTrGkcogHjcQOSAGDMwmnN52R2bEa -kx1lUqGPN8puWfhwO3CV5S1vRajuLq+Ti4HD7CdvTsWV2omyBMX6FYQEcr4nuVrP -zrt9ZBQjDp5x7m9eBbHOYDjGyIpGFQmKMdZlUxefQRQew+lgPu2R+0MbZF4w402y -+F5L/izkAdM84eVL6EB3JJhkDlzhzVBbF8jMk7kwllse5NdQddMPWNMBUNS0rGUC -AwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUo26K1Us+OAZSasqx0Kfj/pU7 -FJkwHwYDVR0jBBgwFoAURxFszWdqm1f0uM4OjK2EU+2Y3JswDQYJKoZIhvcNAQEL -BQADggEBAEeQgKUhKt35LufM0y7ZeDJBmPd0z318wrKIOVm5Vh9Bot6hVZhPTfYJ -iYUWGKTWNYlr/z/i+PJDucghdQ0mwOtAWOfMG8/1ZgMHjY+Ix1+NAKQBREfjA63+ -pd+40Xjr+0oX5r9U8y34Hdib0ZGMPwkbPHrq4MvrRFh/a9LZsv0lPTJ1nDAyrpw8 -P3/rbzhVBqqTLMCtCXKKDRKzf5E7MXfBgL9imsZQXgvVxtQTIFotK2DV8ti6kbfB -b8Aj5PoZ3CU5Ynhd2rLG/3ncZmHXM9meq77j6iqb+dwWQIGzPPSdokrTKLYy3/pP -MvZwgXm9s/UrK/0WDG1xETgRrdUMnQ4= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPX7XgEBeUeMJc5Xkw0Fe39d +OB0kuJhPTTkK05F2Bwu1hCMc2LbSFY3ohzMRIocjWdcGb8idzkmxZmeoxAaVR9JA +OXKsmfbEU6hA5NcvH6QvJbZH5qIlvUk0AfSrtAbxXgq0JEKIHNQ63qTFUef28BfT +YsnOFxL1GX0RUzrLz8dcCkNPM8xZaShJxENxWWijI2m4Gc/eDqTrPJhYK+WRNfHp +7fLWt5y13drOyFG5sNIsykp1zMSiufG2NZ9IOxY0NOY0sc6kasvGlv30fqGu1+6Y +7PRRfmQcEP/kDZ0Kv1NEgHtizEArySpZEKzNaS5Q6oCvL+UHYfPmmSgBeYinDHkC +AwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUZED9hULxiuarUg6QXT3PAib8 +K88wHwYDVR0jBBgwFoAUMrsPuqQ8kOHXNhiDndXEGCYNvBowDQYJKoZIhvcNAQEL +BQADggEBADb/u5h5l7LPo1rAyQUMVm1DfA6bjNAucIJbQeqnAynsQe7Qc6CCyJH8 +YZeJsq9oHE6h0PYfBWvZ4wK/ebG86p8Ovt2mCANgWzCcnxFaaWr6fCmPjsr4XOcq +PN7qiHRN8Yeski2/JMMKRY1LGwH8jpHjWH7JVK2UV8Y6053YgCf1UcQSjgBF6lKw +ZwHW23NrYJ06AKu6yAXQpX/LiVMbWVRwfeL26UoMK3C7FKwWWOjIxsX+ihxuJM3C +i7wgDrvBkTR/JKSL6qG/Q5TUVCU7YVCZjdP8uCUz+9ac3pgy2ax5xZaGCOavnkCn +OeQQWHFGnp97t/44yES505D9KGB0LXE= -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAzq9kKwmZ2whSE/1rlHT61adZeJmMrcXkDotMcY5WwrYaVr35 -bNNUk/oyWsbQKyhFZyQcGm6N8rA5YPNB0lWRGCmEXX25ow7olMwl5JxXn9j1pN4x -eR80Noavjw1OsaRyiAeNxA5IAYMzCac3nZHZsRqTHWVSoY83ym5Z+HA7cJXlLW9F -qO4ur5OLgcPsJ29OxZXaibIExfoVhARyvie5Ws/Ou31kFCMOnnHub14Fsc5gOMbI -ikYVCYox1mVTF59BFB7D6WA+7ZH7QxtkXjDjTbL4Xkv+LOQB0zzh5UvoQHckmGQO -XOHNUFsXyMyTuTCWWx7k11B10w9Y0wFQ1LSsZQIDAQABAoIBAQCNtYeSUoTgvnW4 -KvsF0KbislkP7QedZZ8VscB540PtQHoSmzJWwRauVs8LmmDEFlpvezyhisdcbCML -K/4nPm+7B0wv5bHP8LraupYIhoE1ocXaglWdXB2qfPIFvPQFrGCyj6tNjxUjpFbr -+XCSYpvFaBkSAJSFHPL9omehhSHb8E1U/THB6K7lPDyWIXJrVZwqNGeRkGTQL0Dx -Oi4YZcZuIOPyxutw+4IkZ2KxmpxdOYbLDNjFe69RRM1j3kWgBCgG68M0pynHyJmW -EFbq4nh1p/Oa2NwFiGcnC4nIOhVt98VeCFXgRWiKY05dmFHimmP3nrSiR+rUo+6y -RF/XHQUJAoGBAPz365LHQleQcQ04dnniAu8BfVoqU8ulC4AyT8sKcqXRmw0WXNxR -IuB2lkfaT500WL2aYEttkrEqNLdtHwwIg+zMfodnSjE0qyP+Zr6W6YxrRCH7qD78 -VFe8B5fmiBLnV0TjF1++jVTki52kSjg12456SD/LvsQkpLw5+jey6rUzAoGBANEp -epceRqn/+csPcOz5V5foX111wil9+p7u8XipiGTQO1eNhi3nw+t5w6i4AdQuKnc2 -vyliLoab1/m6vFPOzCj5fr9Krx0CHtwbdUEipKcRGjnmdbgz3+Oc+byaL8OSi7/Q -7tCX6FUCGspX4hAQmXZ8Cfm2RzmI3gTVWv7En2gHAoGAZROCcxFe9rHmGgw3epfN -6EXGGmLTPIljwQNZUp2IFa1csKwAyp84uktn3KnkKcIiuw+V7k2H0XY1vhzBzQMS -A2nqHJwuzt5mi2k5EGooQ00Q2is9nH0iDjQ5LH6WXEdHXWUHj+AJhKQVDRX5+d+7 -LIC7oZH9VU327KaVze+VTHUCgYBk2Gjg35oWcPKQ8xrxRq7y8Pi56QL6WmExq+cE -1EiMwtE5v2SIUYxmxkiN2loXYULcQ6sbWtkv0YfqQhx3E+ffgZuYw3t2swUJ/rsj -8n4MhvRsIi9z5p718UN/qZ+J3eg/TY83R2afReqA0KqQMFCtjdSJb1cb6F+TWQMM -fuSUlQKBgFPqd4zTmhcBb219EEpIB2iNMXQNKnqQfg20+yiyJv/lQzUWZNhuQxvK -FGqaeHnWM9rkhdEUYY3kHBCYiD8qfU72I9icnKvyDQDBG1RGKeLwhJMDTp2OKeEQ -+iJqzFmz/TW+w7XEIuHneXcRx6pRhc4k1M1/tlsLsvzhkUZQTaOq +MIIEpgIBAAKCAQEA9fteAQF5R4wlzleTDQV7f104HSS4mE9NOQrTkXYHC7WEIxzY +ttIVjeiHMxEihyNZ1wZvyJ3OSbFmZ6jEBpVH0kA5cqyZ9sRTqEDk1y8fpC8ltkfm +oiW9STQB9Ku0BvFeCrQkQogc1DrepMVR5/bwF9Niyc4XEvUZfRFTOsvPx1wKQ08z +zFlpKEnEQ3FZaKMjabgZz94OpOs8mFgr5ZE18ent8ta3nLXd2s7IUbmw0izKSnXM +xKK58bY1n0g7FjQ05jSxzqRqy8aW/fR+oa7X7pjs9FF+ZBwQ/+QNnQq/U0SAe2LM +QCvJKlkQrM1pLlDqgK8v5Qdh8+aZKAF5iKcMeQIDAQABAoIBAQC62ho7W1o8PjqN +trpufsakJjS09qr+j+bSOOYjreuGOnlIjuYUYhubc5IX+aEn1HOvQiVx2GXWVtq6 +TVmywn0POlgpQvGloNcHjVwIFbTMbEASaiXI8DAMRmRh7nhPedP8/4A3xdtYX+u2 +cGlacptJDfsR3upqLSMSfTGjDSUlgsjNkQ23ZUcabQ52KPD8Z4dFcuXZcfCGEYGd +YJmBSUiwMh67NwUsqwzcqcTRz82zLC599gU+ppf2a61Ue+dRaKS0FfDJETWa1lAB +8PIK8xKfEog1kFwyEN1Q5QqwPC61W4H6DeWHyx7awCO9gcWAg7SSQlxaL5TvSJUo +hqJzSK89AoGBAPwZtWQ9Rq8+8Csy8NrTEfZajBeIukuaYdfDep6jom7MA1H4lEsa +C1ER1FPc4pfpr9Q31pTvMNiAd/rQSnFjTKApTWhkzHpX+P9bqnUEYkUK2fqQpBL1 +YzC7QrRNz2vhkSiAhBcBUq0Y+RzYq8yGdLsNqMHe4Kqt/SsfjM5dVF4DAoGBAPnJ +bhBJvpR01vU5VcLU0KD0+d/6E/hQxoRgBUWLGpXghYsUBMP2V2vxS8c2wPpBQrSk +Ivk3q0lL6WXvtKEQCY5D3t1D7JEZHmZFgwJmez4WQMC+tCw54SDOL3ggQI+lyodW +eyJgmqMu1H2CyEeQdiQIlvt54SJ0gkR7iBYNfzDTAoGBAMV9LkhUaGcomuR8h4ol +B1FCJbTZ+3b2feeUzx4vejPpxkAUx7b9tBfSK892nlv7SS6qf4M0zcMNAPCO84JY +E9L0CBvbuwOsnvcMTEBXKtSDZ7eOT7o6WXX3fI3a1r7geeKMqu2Kr8XCZoReiFc0 +jYVrceROQRn0Kvv5P0j6e/kZAoGBAPXJ56vPZODgN8UFrgYRM1mutVJX2d62XSFU ++tr7jiV80OuRvz604EEvJsnYbvvRy7nE6UUiKkHtmLTdsnfqN/ztfBduBxKgDPHF +5Kwv+4WUkBMZlGEQcx68xKkH03+GPEwAJRomxQNdyWnXjwwccqPyb970hzxIOQb6 +J2bL0SRRAoGBAJjDixE61RuenxLeHXzicqfBincEmswKgpl5CM28ZF9W4id7EcND +4Vu7Y+QRexxbWMz637nVKLiYwfS/rra33i/igfhk6/Nb7dMG9KooCoS19PhM2V+I +h/XLqvSe93n2ocqviJO4ZahXJFotlXq2nK2/bF2g45mvRcbFPtENqgcb -----END RSA PRIVATE KEY----- diff -Nru stunnel4-5.49/tests/certs/secrets.txt stunnel4-5.50/tests/certs/secrets.txt --- stunnel4-5.49/tests/certs/secrets.txt 2018-08-31 14:52:52.000000000 +0000 +++ stunnel4-5.50/tests/certs/secrets.txt 2018-10-09 14:49:40.000000000 +0000 @@ -1,2 +1,2 @@ -test1:kdQkBOkGfSarEJYFO0pyA6RGsuj3rH81dMfvCH1zU3zEMjCZtd -test2:ufCA3QI9rVV6RJNULutu6cqtqgtko2aTedkefMHzcVJMVnUsSy +test1:H9kpiYb8TWGo19hvd4txGMffBG6yzbJcz0FpPD4rB590vVFvyE +test2:xomqBFaKDSLSIZEFk4TxPvSdMTiOq7iwfN1Np06SThYetP2Jpm Binary files /tmp/tmplSASDf/TUlQUP504X/stunnel4-5.49/tests/certs/server_cert.p12 and /tmp/tmplSASDf/9jhPVAWuKM/stunnel4-5.50/tests/certs/server_cert.p12 differ diff -Nru stunnel4-5.49/tests/certs/server_cert.pem stunnel4-5.50/tests/certs/server_cert.pem --- stunnel4-5.49/tests/certs/server_cert.pem 2018-08-31 14:52:52.000000000 +0000 +++ stunnel4-5.50/tests/certs/server_cert.pem 2018-10-09 14:49:40.000000000 +0000 @@ -2,48 +2,48 @@ MIIDoDCCAoigAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCUEwx GzAZBgNVBAoMElN0dW5uZWwgRGV2ZWxvcGVyczEQMA4GA1UECwwHUm9vdCBDQTEL MAkGA1UEAwwCQ0ExHTAbBgkqhkiG9w0BCQEWDkNBQGV4YW1wbGUuY29tMB4XDTE4 -MDgzMTE0NTI1MloXDTIyMDgzMTE0NTI1MlowbzELMAkGA1UEBhMCUEwxGzAZBgNV +MTAwOTE0NDk0MFoXDTIyMTAwOTE0NDk0MFowbzELMAkGA1UEBhMCUEwxGzAZBgNV BAoMElN0dW5uZWwgRGV2ZWxvcGVyczEPMA0GA1UECwwGc2VydmVyMQ8wDQYDVQQD DAZzZXJ2ZXIxITAfBgkqhkiG9w0BCQEWEnNlcnZlckBleGFtcGxlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMg7Y842yNncXINmTFbn+An6fizD -FZcg8Uy1azXPO/LytEW5DGWCt1SsoQ1lrtXgvo2gjcnl7dEHJniG1skD4VKbbFEz -qI+dk8RBe4pS6PSIWfIiGqWG16cvcXdK2LeNQVJlwiNzB6H4JpoNgF3gAwRCGQNu -E3tI6144PqEpzFN6NfExAim/GUkt95nrNeyc0oRzTRsy6nU1IOg/GvlCkFK4ItwG -9i3hxiT/nxBP83mEUe+wAE8PUEHnu7E3kMolLBWDt0FKpll+bvy0jOWR5qhBwwdt -4iJqTUtO8Ju6UvnaAZL0J3+iAsdQ1FQKrmEEuZA3yjsaxppfXm1I8B97WKECAwEA -AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUT37WyP68DIvymyi4O8LKnlNoMKgw -HwYDVR0jBBgwFoAURxFszWdqm1f0uM4OjK2EU+2Y3JswDQYJKoZIhvcNAQELBQAD -ggEBAKJxBm0QtjAHQI1tLiPbbVgixqkHok7fCmOevZ3Z/okjchyC4gZvdfSelrOE -gBrn90XH407X9zyHgyVNoVUXfZTKOUDl/VkF/tQ9zdCloukQs/+v3sa+MBFF3G0T -WQ/WLvY7wqJ7he1LhE9gUWI5DXO8XH5c9PvEkjxMPwOzeho+60l1Gtvn0Yj/Ho9L -2oD71+CTEo24k3zdFQhVf46vI7Wk/C90McOO0/rwNQRnNNH9ELtJizrBoxMamHSw -HXLT71ZTjeSB3DMJfWE59i1ty1V7/fLvz8T+FQfaVdpDUNAQlZaUVqz6o2w7IcnG -QAlePz5YHNF7pw7jEgXr7HnkYRA= +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvRSOWnuJnrrnlt+qUaiY9CJOp0 +Lox6vCEzwgMH+ftMZQwP6m427b3LEfPrxH6WkYMLwpAXGjREXRj+yB0ZcPvQ94VI +OyHgvgWJ14t+yLcq3w6zsWzJx/SmWLG7ga67wODxhCHAAHPKsv+cC+6wgt3kWu+G +jUQ27X03rQO2wNpV5cxdp9Ax6JQVnKleQEIShfELYYjJpp4s6n5VY8R8jRwJHl7k +XCjp5+8LSD64MUcXzo7u6XL8SxEGjQU+drKfNdleFfyVgjtAeyaWBrY8ciM4yIqn +M37zs6jyjLcNO0PtD+64VO4jJPmFY4M0O33AJu0EtuR1G/NSj1D85nKBZYUCAwEA +AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUSLKfbW2zrTXPv2dTLXpT9jHEYLkw +HwYDVR0jBBgwFoAUMrsPuqQ8kOHXNhiDndXEGCYNvBowDQYJKoZIhvcNAQELBQAD +ggEBABYai56PR5tsnmv8+mIxZM980x+oYLACVA6YaQEWxtdPQl+tGJIVnJergfRO +UrG4OjqBZp0DjMJRNIIiM50YTsEQdrVoL6HaP5AgDwqWoRJIEdVZUQWyTTTE7nBd +0k6qNKUsJVEM1Zvv+cseQYIpT75P0FPl5egSPQHVuPWSco7gGF/zF2gA4QfzRsLe +frgfzXzxEF712CuS+OXj5lab4N1L9A1GzfeQ+bNlrUky79R+vMPfjoayUJ/fTafl +wTd6YBZurwxdy6Ktql9eisuli0PRdxed1eOpUxZAbS7N3ZIDTEOcLnBrIhQY7E8P +YxSm0/qri7nS4z/DmzTe2z0ttqM= -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAyDtjzjbI2dxcg2ZMVuf4Cfp+LMMVlyDxTLVrNc878vK0RbkM -ZYK3VKyhDWWu1eC+jaCNyeXt0QcmeIbWyQPhUptsUTOoj52TxEF7ilLo9IhZ8iIa -pYbXpy9xd0rYt41BUmXCI3MHofgmmg2AXeADBEIZA24Te0jrXjg+oSnMU3o18TEC -Kb8ZSS33mes17JzShHNNGzLqdTUg6D8a+UKQUrgi3Ab2LeHGJP+fEE/zeYRR77AA -Tw9QQee7sTeQyiUsFYO3QUqmWX5u/LSM5ZHmqEHDB23iImpNS07wm7pS+doBkvQn -f6ICx1DUVAquYQS5kDfKOxrGml9ebUjwH3tYoQIDAQABAoIBAAC9R2cRiLhVOfo6 -PHntrVrME/8yUTgXpQx1dwnh1ATXpJbFUihlzSuA369e+sBLbiizuRJPyQsGjbvQ -M6bWXtShQksid7LgEBWfcEdYewe8ISjlu1d1IgK6CB86pYY3/U/ClG7xE8wjUHEt -L5YpJ5mybMk4dNX1tPjKGGEb+GcugKqsEoFNwLWBHZiLzYqeJvQdyzkXm76oljmK -WrS8nz+YWMS0XLdrexynjrw1ccDDYJrVGqApfIiekwbpiiZuB/d82tOXXx2DdBq+ -qUXTtfWhfplGcSnEPKLL4NnQM3baBY6zLcfT0BIBz+XbN95SOLqUQuLlF70NFnTA -PSEXoGECgYEA9/NoAUw9yY3eIbqaNLj6t3Dq6N0XXvvML6U/TukbO2VLhv9x18cr -DrKJUd/X4IkQ1ow8PHu21JMNnv9AT7/la9IE6RHR7s5HyEG3anXhZihcCTJzDm8E -TH8T71ZFwLgn/a/w3hXwhsuxNhuvspmXAv5YAE6uu+7x2Qv+5pzDtK0CgYEAzrtq -qsgTSA4CgZoiXdj7azBcqR+bt58kTjfO4BDdTDwiLLumqCcIqpwRZLWRgLx6f2Xg -PTJvBRd3DFALSYj/3EbbkFuxF+4MvcsavF25MMyj5XKOdmOi7sd0gIopK5beAx+W -4K3TcZhPUmfV/EQo5mJIBg5LotkZagvtEq5Y/kUCgYBFDtD/04k98rpUcJF0b7S8 -lMGIe9N/i+fRuVeJldkU0OCZR9ogPAOdA1LFr++DRQmgh8xbGCXSzOY1S2hRDeRL -BGKDu4fZ2DAb8VmxWAWgG0uO8DMlaPwshhQ6S6//vgq9WFxgroGgOWkw5cMonih2 -F/rQkxmNlD5dsj6bYjwLvQKBgQCvUF5nz94SF9dmQujr/ytPPicGQUjTkgC+2DL2 -7zZMBR7SIpx1Mwz1af6SEiv/KVcUnLdqDk/52GlbprG7vZOFIQ3nwOpQqc5iUVAt -96kpyhEfbmOD4ID2z2xr6T56uakyquJPTPnn9ksmTeo40TCCF0yO3iakRkl4Ff8I -/ZN4pQKBgQDWRHuMAo1/uaaW8S375IJ0YG3mbKU68FuR0ZDe1vWQqsyM8EGtwHh+ -hRwvh1Anj11J+yCG45lAGVsphO4EIaJnQScsBLP1v01zNpC3T+uOy5h33QM5/z8B -FNbak5bvtbMOG+HRb524Z5LfacvyCvI/yQodmdHZfR1RAH06ROeZkA== +MIIEpgIBAAKCAQEAu9FI5ae4meuueW36pRqJj0Ik6nQujHq8ITPCAwf5+0xlDA/q +bjbtvcsR8+vEfpaRgwvCkBcaNERdGP7IHRlw+9D3hUg7IeC+BYnXi37ItyrfDrOx +bMnH9KZYsbuBrrvA4PGEIcAAc8qy/5wL7rCC3eRa74aNRDbtfTetA7bA2lXlzF2n +0DHolBWcqV5AQhKF8QthiMmmnizqflVjxHyNHAkeXuRcKOnn7wtIPrgxRxfOju7p +cvxLEQaNBT52sp812V4V/JWCO0B7JpYGtjxyIzjIiqczfvOzqPKMtw07Q+0P7rhU +7iMk+YVjgzQ7fcAm7QS25HUb81KPUPzmcoFlhQIDAQABAoIBAQCFhYh8c9sh2dJE +03Hv9Ei9Brn1z7jT9+FM/V29B+uowqvHgn0X84baecZ+kSs1D1fNQQwFodboN32z +6lVbkp2m9+0v3KTlNcABcfhBXFXXGexPqGHHREAZ5jSBzhqonSPHBwv3bmcj6oOM +gmRdQTEYDGK1jANb7myxq2YdkMvTqyqYB3VlOrtNQV0KCQ/lan/CnTymYJlEi3D6 +9q0oniOoOsRWFFPJgfiUBTtOWofvWtiD5sj1wXX9wmJVX+w9Zxu5ep+vU9RymAA7 +km1e81fnc69hmJpGtQuEgSNiYW3UKHObZyShokANUVUW4sNo27oEynT8S8vbI/aL +dclhkz91AoGBAO2N+3bIBZSlobWdYQUoqzvNUuOjYh1bz+ejwr4QLUhh6XtjI7Kn +WoLN2jHnOdv9+mpguTP5L9nlwlWghkotQpRzbA5ovcGsVnIe75lZ+wLPH1XSbvyy +LjOJOEQvgH+Y7XXu6KuEye/ABfbzF2fcg+tKiC2IHPYGyvTkJzJGMK5fAoGBAMpm +pdsBGzstobtHq9V5Oj/MS7UwzOAeEUPPG4G2gufJ+SYyI+VQ490Iiz3DMcqc6LWn ++uDzpoqiqDZn3c8HNBAd/c29yplq8D1aHutKIWKyj0rPhFIfeYwMvBHWsgCAWmbI +4JcrrAZMIiaOA7QhmCzXILpmzqqUu2tUEZXHxW6bAoGBAJ4IDDdyzTOcFD3LmpVh +/rfj2baSJF0/jMmeiZkDDfzPFhH9W+wnpPDLnNIB7t3I0eQewFYw+YJNdMCd73g9 +L8OuHT5gs4u56DA3IFG2KGQwAbqIKUl2B4JFUOcbarJ3u9DuxF4GEoiqB83G3dU8 +P44xoPIZUJri3fWYKfMp+oylAoGBAJoQtKMWHoJXY8rI7ZXbZ2l0uxQ7B1h5yq6R +EeEU6mRBq7NVa1l8z1ZK0KK82EPgWIseSKu/C8BvvBddzMtwMkMqcS2REIzjh+dL +mEmF7g/Q154chB528vCWKPpzMJ+NFEM1GTA5AALzJPOwGkWdZNaNEs6QvzO9b0Rt +g809eZ2NAoGBALAWTTy1GEHB5cEjV49WbinkEOHrBkhl/FOVDkZmZgKbtzpM0K06 +H9UnQ2rzGGpXaE6t5phk42EhQ64+LGydtehOvAJFLUayOnDSqX06znIVOX2mUYVc +5yqja4x7YSOQCQEwGSvZ6c3RbFly0dFu0qCfzS0uJDHjLUpx0cwmt6JO -----END RSA PRIVATE KEY----- diff -Nru stunnel4-5.49/tests/certs/stunnel.pem stunnel4-5.50/tests/certs/stunnel.pem --- stunnel4-5.49/tests/certs/stunnel.pem 2018-08-31 14:52:52.000000000 +0000 +++ stunnel4-5.50/tests/certs/stunnel.pem 2018-10-09 14:49:40.000000000 +0000 @@ -1,53 +1,53 @@ -----BEGIN PRIVATE KEY----- -MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDtVGjHVrTx2Ypz -MTV0tJ5Q9WC4mkq9kC36fr+KakcQmS9gaW5W8IUXH8otQ8w9VBmZMDSLHO1q7Ps7 -cIA3KbXMhb0c9uqc/3GcNY9AnLH5BU8FyKOh2z51hjwTSzvZvbuZw/AZjCGDBvtl -6TWHNnqz71IkNuWsu/SAWbG54alMf8Beu3v6Qf+NxSa1/MPC361yi502fEaO50eB -SDo1kfgrgfbJ1r+oQwXFf1FgRriZp8QTa155LbKQPIGI5PG0PXyVuAN6t3M+53ci -aoflGTdDgqT0jfMDCS+/tpD9z1aD/Y1nIhs5eN7oZcDzpz4Zkc9R1pxEBtN+AJrm -2yq+T5YFAgMBAAECggEBAKxgv83xg3GacT4jwtDmk4r3/u12W8z92Pd1ckfl04IR -0WB0k4kgH3rhQybHdKQi3ojug2t7clJUmFHe77GhYQORK//KtDOeMfWkzUy/w2C8 -412vEnLwXJheDGpzHaCUd5tCvrS/nGOgAZ9O2OtBvbPNotrc6MsipX9IJpd9eUsu -pQkNoYiAsdQf+2P3OC3op71xjSbfxKxiOgoKKOzabj1h1jyzvcnaG+e3AZs2+2Qy -dWyw7zDFbeW6eA8dt6vqhlEdekEHRv5XOuh+G9YcZ3YtmmzF9rlsCC97oW45aHf6 -MQax8DhKcKCc75IP+qA9hMTiopRemCcx9khfMfums0ECgYEA9u/85nxkaRTxv2aN -pZY8m3uEoUXpsaEq83hJs0F3/OXwr1vUHDbBrqhynds7I+uOurTFXuU6bg0jGof6 -raPN0d0PW+H0AbbCllFgPling0HfS7sf2nNhLnyonFWtEK15Fp7t6oNU6NIBPE9l -TYkxWILDu2T/NfZH2CGv4zJp1xECgYEA9gonypab1CdWuiNCzVNcGRyhA2m1PCGM -V9di2sqsLBg2zmvEjT658gjA3SI/XNbEb8yNVdZ+qawSkWlhGwP+6OCTYe6p+9Xj -RSlXlCVtMXpwcTE12Cg2BP80x7wb2QLjWUSafITihZFf5bybO6KEIvaNP27oT/a+ -zZxLHDSoF7UCgYEAuBuJtNZ9jpMdApUVeqWenlXjNtKHP/ZnrYq7eDiRmy5c2oFe -jYKNuQjCG8t+NnPDwJRSq0PA4phM2dUUIy4DoDpu3xSB9l0qiyQ024cBra0JLM9h -Gl/3zs8Gbzi5hbuwkhsAS16LieI5JZwUbVCiR9mG0UqltLfgLNZA6uWFX+ECgYEA -2ybqkJocTRmJN51G2GsC4t9MUCTtKJVdU7TnOalDOLeMwcreNU2FBSBk4dOqisBG -EqspzSaUhf9ePqWVuCGUAcxfmuCiCk5W9HjBqJS5sVO1Ki3CHzqZ+1NyqOJWD7Nx -3EauMHGQ75YwzAp2XuUAO8BOygy44tkO1Uf84y/H9e0CgYEA3FWPwAEdSsYx7s1n -wm+OIX6EBlH/gCYVo7XCIZDnqdHvDf3ggiqckJs2072mGPskO6pIfaiifgBEdlKZ -O56kHyAK2hU3VxhxT7L3hu+BwAaAe6COGdW73yMWfWbGvXrAwOIz1PfEwcpEOqZu -Kw6SfxAgJ+sgBhivNoZbSIxzgMo= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBisv4Ys8pVJZ6 +CHKDy4UAi38KJp28husfNmrrQWlGStYvjhyEusVrA6WDP3yz2X/56m+8KnvsM29L +jDWhyQmXMxTh1XKWoh1URAI3FA7SAZ0dv8D8kFB34F2kuC+6o7GLsgz4qOOk3DhY +NFzMefiRjrqLFt5OgOiATI1flYTKh+sHxXFF/xu+31ND+RTGHtGGxjyeXfSw7n3p +o6e4U2ihcT/tU68PcGZCrDrVktfq/KvE6lFslPDcgnCrDyoTG1P3vwVlBDMzUSEn +916f6Wq6J6kK0KbLDZ+LXJZe2I5CYiFZXAluprNo+dUEwWZ42vE9kq6yy580ibOF +iKBzMG9PAgMBAAECggEBAIk/r1OuZnBNzwQtN2AlFGWFhwqgxd0q5FPXGE1Krqgt +a+R/Z9PsSxGPnXEMtZco12tYB/KtQgIHm5Y8kM/xK/7wN4/K+R6/SgM200dRzwy4 +Hj45fFbe1GGeV2n3P8mgScjh8/bmdcC0drR+NYy/tjkquTjnd7C+E6LgJqUw9+FS +89NU70UR+1irf/RysAwHCPlTfIIZon3atsvCUkiUE8G+8Kz4233H3TmVY5B+Zjq4 +uRLq47fcaOQ+irBkeicW7S4AbkKbXZsM/XxZB5BIBMv0t6OoF/uHvhyUzSxhvwhb +LGGGMSrtGnYAeNXj329xyjrOnA4jmsMPVNiVc/rdTkECgYEA5NrvStXvybPY8ngd +6ka4idu0K5EDixxrgoRQ2wV3WZecSsTSfr6B09UKch46HOIga9hpWg27NUGYuKfL +NOfF1cBNxU5yV5+zKCgX5bYX0QdpfUM6mO0btUEkXf5xMYTyzHfnLE+L3Vcnq0qg +KfZdto2LtEg3cznmtoJMqP3viaECgYEA2H+Zwkj84bxIuPwux6QeHueQ7K7Re59s +KxymutuTQ6N0oCHK5KwQvuUELFRiTj0frEIgJfNMrTrzJ6rIu7ExDzUafhnPi194 +zKfQVf0gtfCJvrDBbF1VEqAtfcfW+x7jI+sylWhltBJSlGvsju9LTEcnp4c6wtDS +hpsaXNe9su8CgYBZq8tdSExnfRfBkf0uwb0nDzYeZ/i6dk1N26iO2Sp1qWktBsfv +r5fRN8WbB2r/zD6l4ysMhRrYeDZuDBkcRsCGy43thJpa6RFa57LNaDcWyU+1LDV2 +nFliAP9N8RfLLmuwYD7tZtHHzZGWlWwCZS09DWMzJaTMemCDHLUK9kz4YQKBgHrM +nbVC2xVbS9CJUitxHpie9mgZnL7HJX6qqLOyWixyaXNu13uvUWxF0IEod/4y02VM +uJluEF7t4f/s8iDsF4ytrVI7Z6qBQ66pvRUZF9W7ExZzgbLqmZeP/V2r3XfhBCta +e/2dEpr6DZccRDiq6IXikk6G+MCJ2+/3yBNDV9lHAoGAXluoghrraKwg23U8eT5d +HrafIW/5F3OoLNMjxd64HI8mmX/IwwEmcVKdxFrUlgzjSI3Yu7YH8bMT/neppVOQ +srRJRXlqt3TZcup8/w6PIxvrCo3FnEXpizKR8fu66Vv0K7NG1aIao4Vu8SHm5Bfm +Vo6H4riZvNeRY5wfvR7ySVo= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIENjCCAx6gAwIBAgIJAKRmlerKkQXnMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYD +MIIENjCCAx6gAwIBAgIJAMrjqfDZWkd2MA0GCSqGSIb3DQEBCwUAMIGnMQswCQYD VQQGEwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQcm92aW5jZTEPMA0GA1UEBwwGV2Fy c2F3MRswGQYDVQQKDBJTdHVubmVsIERldmVsb3BlcnMxFzAVBgNVBAsMDlByb3Zp c2lvbmFsIENBMRIwEAYDVQQDDAlsb2NhbGhvc3QxIjAgBgkqhkiG9w0BCQEWE3N0 -dW5uZWxAZXhhbXBsZS5jb20wHhcNMTgwODMxMTQ1MjUxWhcNMTgwOTMwMTQ1MjUx +dW5uZWxAZXhhbXBsZS5jb20wHhcNMTgxMDA5MTQ0OTM5WhcNMjIxMDA5MTQ0OTM5 WjCBpzELMAkGA1UEBhMCUEwxGTAXBgNVBAgMEE1hem92aWEgUHJvdmluY2UxDzAN BgNVBAcMBldhcnNhdzEbMBkGA1UECgwSU3R1bm5lbCBEZXZlbG9wZXJzMRcwFQYD VQQLDA5Qcm92aXNpb25hbCBDQTESMBAGA1UEAwwJbG9jYWxob3N0MSIwIAYJKoZI hvcNAQkBFhNzdHVubmVsQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA7VRox1a08dmKczE1dLSeUPVguJpKvZAt+n6/impHEJkvYGlu -VvCFFx/KLUPMPVQZmTA0ixztauz7O3CANym1zIW9HPbqnP9xnDWPQJyx+QVPBcij -ods+dYY8E0s72b27mcPwGYwhgwb7Zek1hzZ6s+9SJDblrLv0gFmxueGpTH/AXrt7 -+kH/jcUmtfzDwt+tcoudNnxGjudHgUg6NZH4K4H2yda/qEMFxX9RYEa4mafEE2te -eS2ykDyBiOTxtD18lbgDerdzPud3ImqH5Rk3Q4Kk9I3zAwkvv7aQ/c9Wg/2NZyIb -OXje6GXA86c+GZHPUdacRAbTfgCa5tsqvk+WBQIDAQABo2MwYTAPBgNVHRMBAf8E -BTADAQH/MB0GA1UdDgQWBBRU9MEjhCItr8+HwI8qT9BLCbnOYTAfBgNVHSMEGDAW -gBRU9MEjhCItr8+HwI8qT9BLCbnOYTAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcN -AQELBQADggEBAA4bo30VUKew8DQWRIGgxHadb96BqlOr1wnmbAhybpiW9j7Eudzy -CFILW9YBQz2lb1J+pcOpNGIpfCf+VdPUDq2oDNeU8mtVEq3BLZ0i5yIdohMxLBSo -VcLDkyb7awa0pFQYkxj3Q/e9J47aeMILBMdwdydh1sSnr0gZ14g8GP88j3zM4OZQ -Kje47wGMwZl+H7sRIyL2ktnkJkDgO08ple6gxG8GBZ+qtlkZjNaJJUBjgoEUTVIt -+YriFV2e0EmJHQW1Oa4p4XDWUDyJGzXrzEGZng2lgu7SkMlbjIbTHH1BBHkmM875 -PaNtuJHQQZOHk2pPVtzL7crH0A84paMXOa4= +AQ8AMIIBCgKCAQEAwYrL+GLPKVSWeghyg8uFAIt/CiadvIbrHzZq60FpRkrWL44c +hLrFawOlgz98s9l/+epvvCp77DNvS4w1ockJlzMU4dVylqIdVEQCNxQO0gGdHb/A +/JBQd+BdpLgvuqOxi7IM+KjjpNw4WDRczHn4kY66ixbeToDogEyNX5WEyofrB8Vx +Rf8bvt9TQ/kUxh7RhsY8nl30sO596aOnuFNooXE/7VOvD3BmQqw61ZLX6vyrxOpR +bJTw3IJwqw8qExtT978FZQQzM1EhJ/den+lquiepCtCmyw2fi1yWXtiOQmIhWVwJ +bqazaPnVBMFmeNrxPZKussufNImzhYigczBvTwIDAQABo2MwYTAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRseoi9wT0pV/YquSn6CXXEDHd6OzAfBgNVHSMEGDAW +gBRseoi9wT0pV/YquSn6CXXEDHd6OzAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcN +AQELBQADggEBAI7stlWNcMCleOiS0YbR64BKOj/DhfVxR13OS3dfPfDKztu+tvjJ +p+HUN8ZryKWXDuR1qg4m63PdKLC7r1AhKhkYtWEJiijN6OEmCvK3LgtqY+jzPa82 +2YJdtQuMFbZJkCe7dqEqelhJ1VjYR0Vbl83dPLQStMgdGjiYSfLoo9pmy/MJv1f0 +I0n3AKFp/328ZYPfPG8WmU4aBI7HzUsWiJGC8wEUsakpAp882KLOXfVhpYwBVBtL +QDs6QrX1jquhfMNQX635YQcFhzTsG4KmCy6ueevwvyOtWLrvPkiuUGcvIlpJGI96 +4oSNsEzAchpxZ5tafzZ3ozP/Awi3m89KbbE= -----END CERTIFICATE----- diff -Nru stunnel4-5.49/tests/recipes/010_require_cert stunnel4-5.50/tests/recipes/010_require_cert --- stunnel4-5.49/tests/recipes/010_require_cert 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/010_require_cert 2018-10-11 09:19:45.000000000 +0000 @@ -12,12 +12,12 @@ client = yes accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} - cert = ${script_path}/certs/client_cert.pem + cert = ../certs/client_cert.pem [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem requireCert = yes EOT } diff -Nru stunnel4-5.49/tests/recipes/011_verify_peer stunnel4-5.50/tests/recipes/011_verify_peer --- stunnel4-5.49/tests/recipes/011_verify_peer 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/011_verify_peer 2018-10-11 09:19:45.000000000 +0000 @@ -12,14 +12,14 @@ client = yes accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} - cert = ${script_path}/certs/client_cert.pem + cert = ../certs/client_cert.pem [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem verifyPeer = yes - CAfile = ${script_path}/certs/PeerCerts.pem + CAfile = ../certs/PeerCerts.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/012_verify_chain stunnel4-5.50/tests/recipes/012_verify_chain --- stunnel4-5.49/tests/recipes/012_verify_chain 2018-08-31 14:49:02.000000000 +0000 +++ stunnel4-5.50/tests/recipes/012_verify_chain 2018-10-11 09:19:45.000000000 +0000 @@ -13,12 +13,12 @@ accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} verifyChain = yes - CAfile = ${script_path}/certs/CACert.pem + CAfile = ../certs/CACert.pem [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/013_CRL_file stunnel4-5.50/tests/recipes/013_CRL_file --- stunnel4-5.49/tests/recipes/013_CRL_file 2018-08-31 14:49:02.000000000 +0000 +++ stunnel4-5.50/tests/recipes/013_CRL_file 2018-10-11 09:19:45.000000000 +0000 @@ -13,13 +13,13 @@ accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} verifyChain = yes - CAfile = ${script_path}/certs/CACert.pem - CRLfile = ${script_path}/certs/CACertCRL.pem + CAfile = ../certs/CACert.pem + CRLfile = ../certs/CACertCRL.pem [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/014_PSK_secrets stunnel4-5.50/tests/recipes/014_PSK_secrets --- stunnel4-5.49/tests/recipes/014_PSK_secrets 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/014_PSK_secrets 2018-11-05 07:19:29.000000000 +0000 @@ -12,13 +12,12 @@ client = yes accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} - PSKsecrets = ${script_path}/certs/psk1.txt + PSKsecrets = ../certs/psk1.txt [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - ciphers = PSK - PSKsecrets = ${script_path}/certs/secrets.txt + PSKsecrets = ../certs/secrets.txt EOT } diff -Nru stunnel4-5.49/tests/recipes/015_p12_cert stunnel4-5.50/tests/recipes/015_p12_cert --- stunnel4-5.49/tests/recipes/015_p12_cert 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/015_p12_cert 2018-10-11 09:19:45.000000000 +0000 @@ -16,7 +16,7 @@ [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.p12 + cert = ../certs/server_cert.p12 EOT } diff -Nru stunnel4-5.49/tests/recipes/020_IPv6 stunnel4-5.50/tests/recipes/020_IPv6 --- stunnel4-5.49/tests/recipes/020_IPv6 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/020_IPv6 2018-10-11 09:19:45.000000000 +0000 @@ -16,7 +16,7 @@ [server] accept = ::1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/021_FIPS stunnel4-5.50/tests/recipes/021_FIPS --- stunnel4-5.49/tests/recipes/021_FIPS 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/021_FIPS 2018-10-11 09:19:45.000000000 +0000 @@ -17,7 +17,7 @@ [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/022_bind stunnel4-5.50/tests/recipes/022_bind --- stunnel4-5.49/tests/recipes/022_bind 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/022_bind 2018-10-11 09:19:45.000000000 +0000 @@ -17,7 +17,7 @@ accept = 127.0.0.1:${https1} accept = 127.0.0.1:${https1} connect = ${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/030_simple_execute stunnel4-5.50/tests/recipes/030_simple_execute --- stunnel4-5.49/tests/recipes/030_simple_execute 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/030_simple_execute 2018-10-11 09:19:45.000000000 +0000 @@ -17,7 +17,7 @@ accept = 127.0.0.1:${https1} exec = ${script_path}/execute execArgs = execute 030_simple_execute - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/031_redirect stunnel4-5.50/tests/recipes/031_redirect --- stunnel4-5.49/tests/recipes/031_redirect 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/031_redirect 2018-10-11 09:19:45.000000000 +0000 @@ -12,9 +12,9 @@ client = yes accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} - ;cert = ${script_path}/certs/client_cert.pem + ;cert = ../certs/client_cert.pem ;wrong certificate - cert = ${script_path}/certs/stunnel.pem + cert = ../certs/stunnel.pem [client_2] client = yes @@ -30,19 +30,19 @@ accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http2} redirect = ${http3} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem verifyPeer = yes - CAfile = ${script_path}/certs/PeerCerts.pem + CAfile = ../certs/PeerCerts.pem [server_2] accept = 127.0.0.1:${https2} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem exec = ${script_path}/execute execArgs = execute 031_redirect_error [server_3] accept = 127.0.0.1:${https3} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem exec = ${script_path}/execute execArgs = execute 031_redirect EOT diff -Nru stunnel4-5.49/tests/recipes/032_no_redirect stunnel4-5.50/tests/recipes/032_no_redirect --- stunnel4-5.49/tests/recipes/032_no_redirect 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/032_no_redirect 2018-10-11 09:19:45.000000000 +0000 @@ -13,7 +13,7 @@ accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} ;correct certificate - cert = ${script_path}/certs/client_cert.pem + cert = ../certs/client_cert.pem [client_2] client = yes @@ -29,19 +29,19 @@ accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http2} redirect = ${http3} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem verifyPeer = yes - CAfile = ${script_path}/certs/PeerCerts.pem + CAfile = ../certs/PeerCerts.pem [server_2] accept = 127.0.0.1:${https2} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem exec = ${script_path}/execute execArgs = execute 032_no_redirect [server_3] accept = 127.0.0.1:${https3} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem exec = ${script_path}/execute execArgs = execute 032_no_redirect_error EOT diff -Nru stunnel4-5.49/tests/recipes/033_redirect_exec stunnel4-5.50/tests/recipes/033_redirect_exec --- stunnel4-5.49/tests/recipes/033_redirect_exec 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/033_redirect_exec 2018-10-11 09:19:45.000000000 +0000 @@ -12,9 +12,9 @@ client = yes accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} - ;cert = ${script_path}/certs/client_cert.pem + ;cert = ../certs/client_cert.pem ;wrong certificate - cert = ${script_path}/certs/stunnel.pem + cert = ../certs/stunnel.pem [client_2] client = yes @@ -26,13 +26,13 @@ exec = ${script_path}/execute execArgs = execute 033_redirect_exec_error redirect = ${http2} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem verifyPeer = yes - CAfile = ${script_path}/certs/PeerCerts.pem + CAfile = ../certs/PeerCerts.pem [server_2] accept = 127.0.0.1:${https2} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem exec = ${script_path}/execute execArgs = execute 033_redirect_exec EOT diff -Nru stunnel4-5.49/tests/recipes/034_no_redirect_exec stunnel4-5.50/tests/recipes/034_no_redirect_exec --- stunnel4-5.49/tests/recipes/034_no_redirect_exec 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/034_no_redirect_exec 2018-10-11 09:19:45.000000000 +0000 @@ -13,7 +13,7 @@ accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} ;correct certificate - cert = ${script_path}/certs/client_cert.pem + cert = ../certs/client_cert.pem [client_2] client = yes @@ -25,13 +25,13 @@ exec = ${script_path}/execute execArgs = execute 034_no_redirect_exec redirect = ${http2} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem verifyPeer = yes - CAfile = ${script_path}/certs/PeerCerts.pem + CAfile = ../certs/PeerCerts.pem [server_2] accept = 127.0.0.1:${https2} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem exec = ${script_path}/execute execArgs = execute 034_no_redirect_exec_error EOT diff -Nru stunnel4-5.49/tests/recipes/035_SNI stunnel4-5.50/tests/recipes/035_SNI --- stunnel4-5.49/tests/recipes/035_SNI 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/035_SNI 2018-10-11 09:19:45.000000000 +0000 @@ -13,21 +13,21 @@ accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} sni = sni.mydomain.com - cert = ${script_path}/certs/client_cert.pem + cert = ../certs/client_cert.pem [server_virtual] accept = 127.0.0.1:${https1} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem exec = ${script_path}/execute execArgs = execute 035_SNI_error [sni] sni = server_virtual:*.mydomain.com - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem exec = ${script_path}/execute execArgs = execute 035_SNI verifyPeer = yes - CAfile = ${script_path}/certs/PeerCerts.pem + CAfile = ../certs/PeerCerts.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/036_no_SNI stunnel4-5.50/tests/recipes/036_no_SNI --- stunnel4-5.49/tests/recipes/036_no_SNI 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/036_no_SNI 2018-10-11 09:19:45.000000000 +0000 @@ -16,13 +16,13 @@ [server_virtual] accept = 127.0.0.1:${https1} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem exec = ${script_path}/execute execArgs = execute 036_no_SNI [sni] sni = server_virtual:sni.mydomain.com - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem exec = ${script_path}/execute execArgs = execute 036_no_SNI_error EOT diff -Nru stunnel4-5.49/tests/recipes/037_failover_prio1 stunnel4-5.50/tests/recipes/037_failover_prio1 --- stunnel4-5.49/tests/recipes/037_failover_prio1 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/037_failover_prio1 2018-10-11 09:19:45.000000000 +0000 @@ -18,12 +18,12 @@ [server_1] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem [server_2] accept = 127.0.0.1:${https2} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/038_failover_prio2 stunnel4-5.50/tests/recipes/038_failover_prio2 --- stunnel4-5.49/tests/recipes/038_failover_prio2 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/038_failover_prio2 2018-10-11 09:19:45.000000000 +0000 @@ -18,12 +18,12 @@ ;[server_1] ;accept = 127.0.0.1:${https_free} ;connect = 127.0.0.1:${http_nc} - ;cert = ${script_path}/certs/server_cert.pem + ;cert = ../certs/server_cert.pem [server_2] accept = 127.0.0.1:${https2} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/039_failover_rr stunnel4-5.50/tests/recipes/039_failover_rr --- stunnel4-5.49/tests/recipes/039_failover_rr 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/039_failover_rr 2018-10-11 09:19:45.000000000 +0000 @@ -19,17 +19,17 @@ [server_1] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem [server_2] accept = 127.0.0.1:${https2} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem [server_3] accept = 127.0.0.1:${https3} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/040_reload stunnel4-5.50/tests/recipes/040_reload --- stunnel4-5.49/tests/recipes/040_reload 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/040_reload 2018-10-11 09:19:45.000000000 +0000 @@ -16,7 +16,7 @@ [server_1] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem" > "stunnel.conf" + cert = ../certs/server_cert.pem" > "stunnel.conf" } change_config() { @@ -35,7 +35,7 @@ [server_2] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem" > "stunnel.conf" + cert = ../certs/server_cert.pem" > "stunnel.conf" } start() { diff -Nru stunnel4-5.49/tests/recipes/041_exec_connect stunnel4-5.50/tests/recipes/041_exec_connect --- stunnel4-5.49/tests/recipes/041_exec_connect 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/041_exec_connect 2018-10-11 09:19:45.000000000 +0000 @@ -18,7 +18,7 @@ accept = 127.0.0.1:${https1} exec = ${script_path}/execute_read execArgs = execute_read ${result_path}/temp.log - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/042_inetd stunnel4-5.50/tests/recipes/042_inetd --- stunnel4-5.49/tests/recipes/042_inetd 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/042_inetd 2018-10-11 09:19:45.000000000 +0000 @@ -12,7 +12,7 @@ accept = 127.0.0.1:${https1} exec = ${script_path}/execute execArgs = execute 042_inetd - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/043_session_delay stunnel4-5.50/tests/recipes/043_session_delay --- stunnel4-5.49/tests/recipes/043_session_delay 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/043_session_delay 2018-11-05 07:19:29.000000000 +0000 @@ -20,11 +20,11 @@ accept = 127.0.0.1:${https1} exec = ${script_path}/execute execArgs = execute 043_session_delay - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem EOT } -if ! grep -q "FORK" results.log +if ! grep -q "FORK" "results.log" then test_log_for "043_session_delay" "session" "1" "$1" "$2" "$3" 2>> "stderr.log" exit $? diff -Nru stunnel4-5.49/tests/recipes/044_session_nodelay stunnel4-5.50/tests/recipes/044_session_nodelay --- stunnel4-5.49/tests/recipes/044_session_nodelay 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/044_session_nodelay 2018-11-05 07:19:29.000000000 +0000 @@ -21,17 +21,17 @@ accept = 127.0.0.1:${https1} exec = ${script_path}/execute execArgs = execute 044_session_nodelay - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem [server_2] accept = 127.0.0.1:${https2} exec = ${script_path}/execute execArgs = execute 044_session_nodelay - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem EOT } -if ! grep -q "FORK" results.log +if ! grep -q "FORK" "results.log" then test_log_for "044_session_nodelay" "session" "2" "$1" "$2" "$3" 2>> "stderr.log" exit $? diff -Nru stunnel4-5.49/tests/recipes/045_include stunnel4-5.50/tests/recipes/045_include --- stunnel4-5.49/tests/recipes/045_include 2018-08-25 07:24:46.000000000 +0000 +++ stunnel4-5.50/tests/recipes/045_include 2018-10-11 09:19:45.000000000 +0000 @@ -17,7 +17,7 @@ [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem" > "${result_path}/conf.d/02-service.conf" + cert = ../certs/server_cert.pem" > "${result_path}/conf.d/02-service.conf" } start() { diff -Nru stunnel4-5.49/tests/recipes/046_resume_PSK stunnel4-5.50/tests/recipes/046_resume_PSK --- stunnel4-5.49/tests/recipes/046_resume_PSK 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tests/recipes/046_resume_PSK 2018-11-05 07:19:29.000000000 +0000 @@ -0,0 +1,36 @@ +#!/bin/sh +. $(dirname $0)/../test_library + +start() { + ../../src/stunnel -fd 0 <> "stderr.log" + exit $? + else + exit_logs "046_resume_PSK" "skipped" + exit 125 + fi +exit $? diff -Nru stunnel4-5.49/tests/recipes/110_failure_require_cert stunnel4-5.50/tests/recipes/110_failure_require_cert --- stunnel4-5.49/tests/recipes/110_failure_require_cert 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/110_failure_require_cert 2018-10-11 09:19:45.000000000 +0000 @@ -12,12 +12,12 @@ client = yes accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} - ;cert = ${script_path}/certs/client_cert.pem + ;cert = ../certs/client_cert.pem [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem requireCert = yes EOT } diff -Nru stunnel4-5.49/tests/recipes/111_failure_verify_peer stunnel4-5.50/tests/recipes/111_failure_verify_peer --- stunnel4-5.49/tests/recipes/111_failure_verify_peer 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/111_failure_verify_peer 2018-10-11 09:19:45.000000000 +0000 @@ -12,14 +12,14 @@ client = yes accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} - cert = ${script_path}/certs/stunnel.pem + cert = ../certs/stunnel.pem [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem verifyPeer = yes - CAfile = ${script_path}/certs/CACert.pem + CAfile = ../certs/CACert.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/112_failure_verify_chain stunnel4-5.50/tests/recipes/112_failure_verify_chain --- stunnel4-5.49/tests/recipes/112_failure_verify_chain 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/112_failure_verify_chain 2018-10-11 09:19:45.000000000 +0000 @@ -13,12 +13,12 @@ accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} verifyChain = yes - CAfile = ${script_path}/certs/CACert.pem + CAfile = ../certs/CACert.pem [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/stunnel.pem + cert = ../certs/stunnel.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/113_failure_CRL_file stunnel4-5.50/tests/recipes/113_failure_CRL_file --- stunnel4-5.49/tests/recipes/113_failure_CRL_file 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/113_failure_CRL_file 2018-10-11 09:19:45.000000000 +0000 @@ -13,13 +13,13 @@ accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} verifyChain = yes - CAfile = ${script_path}/certs/CACert.pem - CRLfile = ${script_path}/certs/CACertCRL.pem + CAfile = ../certs/CACert.pem + CRLfile = ../certs/CACertCRL.pem [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/revoked_cert.pem + cert = ../certs/revoked_cert.pem EOT } diff -Nru stunnel4-5.49/tests/recipes/114_failure_PSK_secrets stunnel4-5.50/tests/recipes/114_failure_PSK_secrets --- stunnel4-5.49/tests/recipes/114_failure_PSK_secrets 2018-08-31 14:49:02.000000000 +0000 +++ stunnel4-5.50/tests/recipes/114_failure_PSK_secrets 2018-10-11 09:19:45.000000000 +0000 @@ -12,13 +12,13 @@ client = yes accept = 127.0.0.1:${http1} connect = 127.0.0.1:${https1} - PSKsecrets = ${script_path}/certs/psk2.txt + PSKsecrets = ../certs/psk2.txt [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} ciphers = PSK - PSKsecrets = ${script_path}/certs/secrets.txt + PSKsecrets = ../certs/secrets.txt EOT } diff -Nru stunnel4-5.49/tests/recipes/120_failure_no_cert stunnel4-5.50/tests/recipes/120_failure_no_cert --- stunnel4-5.49/tests/recipes/120_failure_no_cert 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/120_failure_no_cert 2018-10-11 09:19:45.000000000 +0000 @@ -16,7 +16,7 @@ [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem ;*** error*** requireCert = yes EOT diff -Nru stunnel4-5.49/tests/recipes/121_failure_wrong_config stunnel4-5.50/tests/recipes/121_failure_wrong_config --- stunnel4-5.49/tests/recipes/121_failure_wrong_config 2018-07-02 21:30:10.000000000 +0000 +++ stunnel4-5.50/tests/recipes/121_failure_wrong_config 2018-10-11 09:19:45.000000000 +0000 @@ -13,12 +13,12 @@ accept = 127.0.0.1:${http1} ;*** error*** ;connect = 127.0.0.1:${https1} - cert = ${script_path}/certs/client_cert.pem + cert = ../certs/client_cert.pem [server] accept = 127.0.0.1:${https1} connect = 127.0.0.1:${http_nc} - cert = ${script_path}/certs/server_cert.pem + cert = ../certs/server_cert.pem EOT } diff -Nru stunnel4-5.49/tools/ca-certs.pem stunnel4-5.50/tools/ca-certs.pem --- stunnel4-5.49/tools/ca-certs.pem 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/ca-certs.pem 2018-07-02 21:30:10.000000000 +0000 @@ -0,0 +1,3311 @@ +## +## Bundle of CA Root Certificates +## +## Certificate data from Mozilla as of: Sat Jun 23 03:45:55 2018 +## Conversion done with mk-ca-bundle.pl version 1.25. +## SHA1: 0df975deabcd0cd443b08e597700eafcbebeeb26 +## +## This is a bundle of X.509 certificates of public Certificate Authorities +## (CA). These were automatically extracted from Mozilla's root certificates +## file (certdata.txt), which can be found in the Mozilla source tree: +## http://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt +## +## This bundle is *only* supposed to be used with the "checkHost" option. +## Otherwise, stunnel will accept any certificate signed by a trusted CA. +## + + +GlobalSign Root CA +================== +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx +GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds +b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV +BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD +VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa +DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc +THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb +Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP +c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX +gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF +AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj +Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG +j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH +hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC +X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- + +GlobalSign Root CA - R2 +======================= +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4GA1UECxMXR2xv +YmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh +bFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT +aWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln +bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6 +ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozp +s6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjN +S7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo4KD0L5CL +TfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pazq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6C +ygPCm48CAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQUm+IHV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9i +YWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjAN +BgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4GsJ0/WwbgcQ3izDJr86iw8bmEbTUsp +9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu +01yiPqFbQfXf5WRDLenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7 +9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- + +Verisign Class 3 Public Primary Certification Authority - G3 +============================================================ +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV +UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv +cmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl +IG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy +dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhv +cml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkg +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMu6nFL8eB8aHm8bN3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1 +EUGO+i2tKmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGukxUc +cLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBmCC+Vk7+qRy+oRpfw +EuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJXwzw3sJ2zq/3avL6QaaiMxTJ5Xpj +055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWuimi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +ERSWwauSCPc/L8my/uRan2Te2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5f +j267Cz3qWhMeDGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC +/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565pF4ErWjfJXir0 +xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGtTxzhT5yvDwyd93gN2PQ1VoDa +t20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== +-----END CERTIFICATE----- + +Entrust.net Premium 2048 Secure Server CA +========================================= +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5u +ZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxp +bWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV +BAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQx +NzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3 +d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl +MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5u +ZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL +Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr +hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzW +nLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUi +VBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJ +KoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPy +T/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKT +J1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e +nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE= +-----END CERTIFICATE----- + +Baltimore CyberTrust Root +========================= +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UE +ChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3li +ZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMC +SUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFs +dGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKME +uyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsB +UnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/C +G9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9 +XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjpr +l3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoI +VDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB +BQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRh +cL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5 +hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsa +Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H +RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- + +AddTrust External Root +====================== +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChML +QWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYD +VQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEw +NDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRU +cnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0Eg +Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvtH7xsD821 ++iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfw +Tz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmo +aSYYkKtMsE8jqzpPhNjfzp/haW+710LXa0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy +2xSoRcRdKn23tNbE7qzNE0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv7 +7+ldU9U0WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0P +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6xCZU7wO94CTL +VBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRk +VHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENB +IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZl +j7DYd7usQWxHYINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvCNr4TDea9Y355 +e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0cQ+azcgOno4u +G+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- + +Entrust Root Certification Authority +==================================== +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV +BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw +b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG +A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0 +MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu +MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu +Y2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v +dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYsz +A9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOww +Cj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68 +j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94DkZfs0Nw4pgHBN +rziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1 +MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH +hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISM +Y/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTa +v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTS +W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0 +tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- + +GeoTrust Global CA +================== +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQK +Ew1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMDIwNTIxMDQw +MDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j +LjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjo +BbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet +8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+Vc +T4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagU +vTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVk +DBF9qn1luMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57Q +zxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWVYrmm3ok9Nns4 +d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2 +mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6p +XE0zX5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm +Mw== +-----END CERTIFICATE----- + +GeoTrust Universal CA +===================== +-----BEGIN CERTIFICATE----- +MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN +R2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVyc2FsIENBMB4XDTA0MDMwNDA1 +MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IElu +Yy4xHjAcBgNVBAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAKYVVaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9t +JPi8cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTTQjOgNB0e +RXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFhF7em6fgemdtzbvQKoiFs +7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2vc7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d +8Lsrlh/eezJS/R27tQahsiFepdaVaH/wmZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7V +qnJNk22CDtucvc+081xdVHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3Cga +Rr0BHdCXteGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZf9hB +Z3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfReBi9Fi1jUIxaS5BZu +KGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+nhutxx9z3SxPGWX9f5NAEC7S8O08 +ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0 +XG0D08DYj3rWMB8GA1UdIwQYMBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIB +hjANBgkqhkiG9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc +aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fXIwjhmF7DWgh2 +qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzynANXH/KttgCJwpQzgXQQpAvvL +oJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0zuzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsK +xr2EoyNB3tZ3b4XUhRxQ4K5RirqNPnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxF +KyDuSN/n3QmOGKjaQI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2 +DFKWkoRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9ER/frslK +xfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQtDF4JbAiXfKM9fJP/P6EU +p8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/SfuvmbJxPgWp6ZKy7PtXny3YuxadIwVyQD8vI +P/rmMuGNG2+k5o7Y+SlIis5z/iw= +-----END CERTIFICATE----- + +GeoTrust Universal CA 2 +======================= +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN +R2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwHhcNMDQwMzA0 +MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3Qg +SW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0 +DE81WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUGFF+3Qs17 +j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdqXbboW0W63MOhBW9Wjo8Q +JqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxLse4YuU6W3Nx2/zu+z18DwPw76L5GG//a +QMJS9/7jOvdqdzXQ2o3rXhhqMcceujwbKNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2 +WP0+GfPtDCapkzj4T8FdIgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP +20gaXT73y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRthAAn +ZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgocQIgfksILAAX/8sgC +SqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4Lt1ZrtmhN79UNdxzMk+MBB4zsslG +8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2 ++/CfXGJx7Tz0RzgQKzAfBgNVHSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8E +BAMCAYYwDQYJKoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z +dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQL1EuxBRa3ugZ +4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgrFg5fNuH8KrUwJM/gYwx7WBr+ +mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSoag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpq +A1Ihn0CoZ1Dy81of398j9tx4TuaYT1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpg +Y+RdM4kX2TGq2tbzGDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiP +pm8m1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJVOCiNUW7d +FGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH6aLcr34YEoP9VhdBLtUp +gn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwXQMAJKOSLakhT2+zNVVXxxvjpoixMptEm +X36vWkzaH6byHCx+rgIW0lbQL1dTR+iS +-----END CERTIFICATE----- + +Visa eCommerce Root +=================== +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQG +EwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2Ug +QXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2 +WhcNMjIwNjI0MDAxNjEyWjBrMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMm +VmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv +bW1lcmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h2mCxlCfL +F9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4ElpF7sDPwsRROEW+1QK8b +RaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdVZqW1LS7YgFmypw23RuwhY/81q6UCzyr0 +TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI +/k4+oKsGGelT84ATB+0tvz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzs +GHxBvfaLdXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG +MB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUFAAOCAQEAX/FBfXxc +CLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcRzCSs00Rsca4BIGsDoo8Ytyk6feUW +YFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pz +zkWKsKZJ/0x9nXGIxHYdkFsd7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBu +YQa7FkKMcPcw++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt +398znM/jra6O1I7mT1GvFpLgXPYHDw== +-----END CERTIFICATE----- + +Comodo AAA Services root +======================== +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS +R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg +TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw +MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl +c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV +BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG +C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs +i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW +Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH +Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK +Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f +BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl +cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz +LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm +7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z +8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C +12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- + +QuoVadis Root CA +================ +-----BEGIN CERTIFICATE----- +MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJCTTEZMBcGA1UE +ChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAz +MTkxODMzMzNaFw0yMTAzMTcxODMzMzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp +cyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQD +EyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMuk +J0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj182d6UajtL +F8HVj71lODqV0D1VNk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeL +YzcS19Dsw3sgQUSj7cugF+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWen +AScOospUxbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4w +PQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFkaXNvZmZzaG9y +ZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREwggENMIIBCQYJKwYBBAG+WAABMIH7 +MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmlj +YXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJs +ZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh +Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYIKwYBBQUHAgEW +Fmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3TKbkGGew5Oanwl4Rqy+/fMIGu +BgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkw +FwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6 +tlCLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lo +fFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10buYWnuul +LsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1RcHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2x +gI4JVrmcGmD+XcHXetwReNDWXcG31a0ymQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi +5upZIof4l/UO/erMkqQWxFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi +5nrQNiOKSnQ2+Q== +-----END CERTIFICATE----- + +QuoVadis Root CA 2 +================== +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT +EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx +ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6 +XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk +lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB +lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy +lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt +66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn +wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh +D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy +BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie +J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud +DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU +a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv +Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3 +UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm +VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK ++JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW +IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1 +WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X +f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II +4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8 +VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- + +QuoVadis Root CA 3 +================== +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT +EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx +OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg +DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij +KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K +DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv +BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp +p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8 +nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX +MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM +Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz +uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT +BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj +YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB +BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD +VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4 +ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE +AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV +qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s +hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z +POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2 +Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp +8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC +bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu +g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p +vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr +qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- + +Security Communication Root CA +============================== +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP +U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw +HhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP +U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw +8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uM +DPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX +5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819uZKAnDfd +DJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2 +JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g +0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94nK9NrvjVT8+a +mCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5Bw+SUEmK3TGXX8npN6o7WWWXlDLJ +s58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ +6rBK+1YWc26sTfcioU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi +FL39vmwLAw== +-----END CERTIFICATE----- + +Sonera Class 2 Root CA +====================== +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEPMA0GA1UEChMG +U29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAxMDQwNjA3Mjk0MFoXDTIxMDQw +NjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJh +IENsYXNzMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3 +/Ei9vX+ALTU74W+oZ6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybT +dXnt5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s3TmVToMG +f+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2EjvOr7nQKV0ba5cTppCD8P +tOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu8nYybieDwnPz3BjotJPqdURrBGAgcVeH +nfO+oJAjPYok4doh28MCAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITT +XjwwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt +0jSv9zilzqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/3DEI +cbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvDFNr450kkkdAdavph +Oe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6Tk6ezAyNlNzZRZxe7EJQY670XcSx +EtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLH +llpwrN9M +-----END CERTIFICATE----- + +XRamp Global CA Root +==================== +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE +BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj +dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx +HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg +U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu +IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx +foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE +zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs +AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry +xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap +oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC +AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc +/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n +nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz +8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- + +Go Daddy Class 2 CA +=================== +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY +VGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkG +A1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g +RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQAD +ggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv +2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32 +qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6j +YGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmY +vLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0O +BBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2o +atTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMu +MTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wim +PQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt +I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VI +Ls9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b +vZ8= +-----END CERTIFICATE----- + +Starfield Class 2 CA +==================== +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc +U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo +MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG +A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG +SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY +bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ +JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm +epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN +F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF +MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f +hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo +bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g +QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs +afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM +PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD +KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3 +QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- + +Taiwan GRCA +=========== +-----BEGIN CERTIFICATE----- +MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQG +EwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X +DTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1owPzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dv +dmVybm1lbnQgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qN +w8XRIePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1qgQdW8or5 +BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKyyhwOeYHWtXBiCAEuTk8O +1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAtsF/tnyMKtsc2AtJfcdgEWFelq16TheEfO +htX7MfP6Mb40qij7cEwdScevLJ1tZqa2jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wov +J5pGfaENda1UhhXcSTvxls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7 +Q3hub/FCVGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHKYS1t +B6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoHEgKXTiCQ8P8NHuJB +O9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThNXo+EHWbNxWCWtFJaBYmOlXqYwZE8 +lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1UdDgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNV +HRMEBTADAQH/MDkGBGcqBwAEMTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg2 +09yewDL7MTqKUWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ +TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyfqzvS/3WXy6Tj +Zwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaKZEk9GhiHkASfQlK3T8v+R0F2 +Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFEJPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlU +D7gsL0u8qV1bYH+Mh6XgUmMqvtg7hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6Qz +DxARvBMB1uUO07+1EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+Hbk +Z6MmnD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WXudpVBrkk +7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44VbnzssQwmSNOXfJIoRIM3BKQ +CZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDeLMDDav7v3Aun+kbfYNucpllQdSNpc5Oy ++fwC00fmcc4QAu4njIT/rEUNE1yDMuAlpYYsfPQS +-----END CERTIFICATE----- + +DigiCert Assured ID Root CA +=========================== +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw +IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx +MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL +ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO +9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy +UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW +/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy +oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf +GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF +66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq +hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc +EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn +SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i +8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- + +DigiCert Global Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw +HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw +MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 +dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn +TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5 +BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H +4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y +7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB +o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm +8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF +BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr +EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt +tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886 +UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- + +DigiCert High Assurance EV Root CA +================================== +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw +KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw +MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ +MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu +Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t +Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS +OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3 +MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ +NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe +h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB +Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY +JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ +V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp +myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK +mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K +-----END CERTIFICATE----- + +Certplus Class 2 Primary CA +=========================== +-----BEGIN CERTIFICATE----- +MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAwPTELMAkGA1UE +BhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFzcyAyIFByaW1hcnkgQ0EwHhcN +OTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2Vy +dHBsdXMxGzAZBgNVBAMTEkNsYXNzIDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANxQltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR +5aiRVhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyLkcAbmXuZ +Vg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCdEgETjdyAYveVqUSISnFO +YFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yasH7WLO7dDWWuwJKZtkIvEcupdM5i3y95e +e++U8Rs+yskhwcWYAqqi9lt3m/V+llU0HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRME +CDAGAQH/AgEKMAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJ +YIZIAYb4QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMuY29t +L0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/AN9WM2K191EBkOvD +P9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8yfFC82x/xXp8HVGIutIKPidd3i1R +TtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMRFcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+ +7UCmnYR0ObncHoUW2ikbhiMAybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW +//1IMwrh3KWBkJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 +l7+ijrRU +-----END CERTIFICATE----- + +DST Root CA X3 +============== +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK +ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X +DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1 +cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT +rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9 +UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy +xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d +utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ +MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug +dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE +GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw +RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS +fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- + +SwissSign Gold CA - G2 +====================== +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw +EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN +MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp +c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq +t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C +jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg +vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF +ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR +AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend +jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO +peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR +7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi +GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64 +OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm +5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr +44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf +Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m +Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp +mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk +vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf +KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br +NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj +viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- + +SwissSign Silver CA - G2 +======================== +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCQ0gxFTAT +BgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMB4X +DTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3 +aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644 +N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm ++/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH +6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2kUpCe2Uu +MGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5h +qAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5 +FZGkECwJMoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBs +ROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFusB3hB48IHpmc +celM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb65i/4z3GcRm25xBWNOHkDRUjvxF3X +CO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB +tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAHPGgeAn0i0P +4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39F +kWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L +3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx +/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFa +DGi8aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqP +e97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNVV4n+Ssuu +WxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJ +DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub +DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u +-----END CERTIFICATE----- + +GeoTrust Primary Certification Authority +======================================== +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMoR2VvVHJ1c3QgUHJpbWFyeSBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgx +CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQ +cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9AWbK7hWN +b6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjAZIVcFU2Ix7e64HXprQU9 +nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE07e9GceBrAqg1cmuXm2bgyxx5X9gaBGge +RwLmnWDiNpcB3841kt++Z8dtd1k7j53WkBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGt +tm/81w7a4DSwDRp35+MImO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJKoZI +hvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ16CePbJC/kRYkRj5K +Ts4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl4b7UVXGYNTq+k+qurUKykG/g/CFN +NWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6KoKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHa +Floxt/m0cYASSJlyc1pZU8FjUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG +1riR/aYNKxoUAT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= +-----END CERTIFICATE----- + +thawte Primary Root CA +====================== +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UE +BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2 +aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv +cml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3 +MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwg +SW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMv +KGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMT +FnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs +oPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ +1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGc +q/gcfomk6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/K +aAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR32HuHUETVPm4p +afs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUF +AAOCAQEAeRHAS7ORtvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE +uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX +xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2/qxAeeWsEG89 +jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVH +z7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA== +-----END CERTIFICATE----- + +VeriSign Class 3 Public Primary Certification Authority - G5 +============================================================ +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE +BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO +ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk +IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln +biBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBh +dXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKz +j/i5Vbext0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhD +Y2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/ +Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNHiDxpg8v+R70r +fk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/ +BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv +Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG +SIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzEp6B4Eq1iDkVwZMXnl2YtmAl+ +X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKE +KQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiC +Km0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vE +ZV8NhnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq +-----END CERTIFICATE----- + +SecureTrust CA +============== +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG +EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy +dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe +BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX +OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t +DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH +GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b +01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH +ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj +aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ +KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu +SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf +mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ +nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- + +Secure Global CA +================ +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG +EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH +bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg +MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx +YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ +bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g +8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV +HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi +0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn +oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA +MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+ +OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn +CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5 +3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- + +COMODO Certification Authority +============================== +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb +MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD +T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH ++7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww +xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV +4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA +1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI +rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k +b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC +AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP +OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc +IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN ++8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ== +-----END CERTIFICATE----- + +Network Solutions Certificate Authority +======================================= +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQG +EwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydOZXR3b3Jr +IFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMx +MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwzc7MEL7xx +jOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPPOCwGJgl6cvf6UDL4wpPT +aaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rlmGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXT +crA/vGp97Eh/jcOrqnErU2lBUzS1sLnFBgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc +/Qzpf14Dl847ABSHJ3A4qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMB +AAGjgZcwgZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwubmV0c29sc3NsLmNv +bS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3JpdHkuY3JsMA0GCSqGSIb3DQEBBQUA +A4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc86fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q +4LqILPxFzBiwmZVRDuwduIj/h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/ +GGUsyfJj4akH/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv +wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHNpGxlaKFJdlxD +ydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey +-----END CERTIFICATE----- + +COMODO ECC Certification Authority +================================== +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix +GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X +4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni +wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG +FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA +U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- + +OISTE WISeKey Global Root GA CA +=============================== +-----BEGIN CERTIFICATE----- +MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UE +BhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHlyaWdodCAoYykgMjAwNTEiMCAG +A1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBH +bG9iYWwgUm9vdCBHQSBDQTAeFw0wNTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYD +VQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIw +IAYDVQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5 +IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0+zAJs9 +Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxRVVuuk+g3/ytr6dTqvirdqFEr12bDYVxg +Asj1znJ7O7jyTmUIms2kahnBAbtzptf2w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbD +d50kc3vkDIzh2TbhmYsFmQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ +/yxViJGg4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t94B3R +LoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ +KoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOxSPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vIm +MMkQyh2I+3QZH4VFvbBsUfk2ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4 ++vg1YFkCExh8vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa +hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZiFj4A4xylNoEY +okxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ/L7fCg0= +-----END CERTIFICATE----- + +Certigna +======== +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw +EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3 +MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI +Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q +XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH +GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p +ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg +DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf +Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ +tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ +BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J +SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA +hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+ +ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu +PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY +1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- + +Deutsche Telekom Root CA 2 +========================== +-----BEGIN CERTIFICATE----- +MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEcMBoGA1UEChMT +RGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEG +A1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENBIDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5 +MjM1OTAwWjBxMQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0G +A1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBS +b290IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEUha88EOQ5 +bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhCQN/Po7qCWWqSG6wcmtoI +KyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1MjwrrFDa1sPeg5TKqAyZMg4ISFZbavva4VhY +AUlfckE8FQYBjl2tqriTtM2e66foai1SNNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aK +Se5TBY8ZTNXeWHmb0mocQqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTV +jlsB9WoHtxa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAPBgNV +HRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAlGRZrTlk5ynr +E/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756AbrsptJh6sTtU6zkXR34ajgv8HzFZMQSy +zhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpaIzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8 +rZ7/gFnkm0W09juwzTkZmDLl6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4G +dyd1Lx+4ivn+xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU +Cm26OWMohpLzGITY+9HPBVZkVw== +-----END CERTIFICATE----- + +Cybertrust Global Root +====================== +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYGA1UEChMPQ3li +ZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBSb290MB4XDTA2MTIxNTA4 +MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQD +ExZDeWJlcnRydXN0IEdsb2JhbCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA ++Mi8vRRQZhP/8NN57CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW +0ozSJ8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2yHLtgwEZL +AfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iPt3sMpTjr3kfb1V05/Iin +89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNzFtApD0mpSPCzqrdsxacwOUBdrsTiXSZT +8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAYXSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2 +MDSgMqAwhi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3JsMB8G +A1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUAA4IBAQBW7wojoFRO +lZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMjWqd8BfP9IjsO0QbE2zZMcwSO5bAi +5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUxXOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2 +hO0j9n0Hq0V+09+zv+mKts2oomcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+T +X3EJIrduPuocA06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW +WL1WMRJOEcgh4LMRkWXbtKaIOM5V +-----END CERTIFICATE----- + +ePKI Root Certification Authority +================================= +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG +EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg +Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx +MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq +MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs +IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi +lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv +qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX +12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O +WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+ +ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao +lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/ +vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi +Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi +MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0 +1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq +KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV +xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP +NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r +GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE +xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx +gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy +sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD +BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- + +certSIGN ROOT CA +================ +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD +VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa +Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE +CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I +JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH +rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2 +ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD +0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943 +AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B +Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB +AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8 +SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0 +x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt +vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz +TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- + +GeoTrust Primary Certification Authority - G3 +============================================= +-----BEGIN CERTIFICATE----- +MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UE +BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA4IEdlb1RydXN0 +IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFy +eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIz +NTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAo +YykgMjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT +LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5j +K/BGvESyiaHAKAxJcCGVn2TAppMSAmUmhsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdE +c5IiaacDiGydY8hS2pgn5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3C +IShwiP/WJmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exALDmKu +dlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZChuOl1UcCAwEAAaNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMR5yo6hTgMdHNxr +2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IBAQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9 +cr5HqQ6XErhK8WTTOd8lNNTBzU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbE +Ap7aDHdlDkQNkv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD +AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUHSJsMC8tJP33s +t/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2Gspki4cErx5z481+oghLrGREt +-----END CERTIFICATE----- + +thawte Primary Root CA - G2 +=========================== +-----BEGIN CERTIFICATE----- +MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDELMAkGA1UEBhMC +VVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMpIDIwMDcgdGhhd3RlLCBJbmMu +IC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3Qg +Q0EgLSBHMjAeFw0wNzExMDUwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEV +MBMGA1UEChMMdGhhd3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBG +b3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAt +IEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/BebfowJPDQfGAFG6DAJS +LSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6papu+7qzcMBniKI11KOasf2twu8x+qi5 +8/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU +mtgAMADna3+FGO6Lts6KDPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUN +G4k8VIZ3KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41oxXZ3K +rr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== +-----END CERTIFICATE----- + +thawte Primary Root CA - G3 +=========================== +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UE +BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2 +aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv +cml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0w +ODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh +d3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYD +VQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIG +A1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAsr8nLPvb2FvdeHsbnndmgcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2At +P0LMqmsywCPLLEHd5N/8YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC ++BsUa0Lfb1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS99irY +7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2SzhkGcuYMXDhpxwTW +vGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUkOQIDAQABo0IwQDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJ +KoZIhvcNAQELBQADggEBABpA2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweK +A3rD6z8KLFIWoCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu +t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7cKUGRIjxpp7sC +8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fMm7v/OeZWYdMKp8RcTGB7BXcm +er/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZuMdRAGmI0Nj81Aa6sY6A= +-----END CERTIFICATE----- + +GeoTrust Primary Certification Authority - G2 +============================================= +-----BEGIN CERTIFICATE----- +MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IElu +Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1 +OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg +MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdl +b1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqGSM49AgEG +BSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8lL33KSLjHUGMc +KiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+ +EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGTqQ7m +ndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBuczrD6ogRLQy7rQkgu2 +npaqBA+K +-----END CERTIFICATE----- + +VeriSign Universal Root Certification Authority +=============================================== +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCBvTELMAkGA1UE +BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO +ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk +IHVzZSBvbmx5MTgwNgYDVQQDEy9WZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTAeFw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJV +UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv +cmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl +IG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj +1mCOkdeQmIN65lgZOIzF9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGP +MiJhgsWHH26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+HLL72 +9fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN/BMReYTtXlT2NJ8I +AfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPTrJ9VAMf2CGqUuV/c4DPxhGD5WycR +tPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0G +CCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2O +a8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud +DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4sAPmLGd75JR3 +Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+seQxIcaBlVZaDrHC1LGmWazx +Y8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTx +P/jgdFcrGJ2BtMQo2pSXpXDrrB2+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+P +wGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4 +mJO37M2CYfE45k+XmCpajQ== +-----END CERTIFICATE----- + +VeriSign Class 3 Public Primary Certification Authority - G4 +============================================================ +-----BEGIN CERTIFICATE----- +MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjELMAkGA1UEBhMC +VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3 +b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVz +ZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU +cnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRo +b3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5 +IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8 +Utpkmw4tXNherJI9/gHmGUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGz +rl0Bp3vefLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEw +HzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24u +Y29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMD +A2gAMGUCMGYhDBgmYFo4e1ZC4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIx +AJw9SDkjOVgaFRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== +-----END CERTIFICATE----- + +NetLock Arany (Class Gold) Főtanúsítvány +============================================ +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G +A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610 +dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB +cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx +MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO +ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv +biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6 +c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu +0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw +/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk +H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw +fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1 +neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW +qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta +YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna +NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu +dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- + +Staat der Nederlanden Root CA - G2 +================================== +-----BEGIN CERTIFICATE----- +MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE +CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g +Um9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oXDTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMC +TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l +ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ +5291qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8SpuOUfiUtn +vWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPUZ5uW6M7XxgpT0GtJlvOj +CwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvEpMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiil +e7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCR +OME4HYYEhLoaJXhena/MUGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpI +CT0ugpTNGmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy5V65 +48r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv6q012iDTiIJh8BIi +trzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEKeN5KzlW/HdXZt1bv8Hb/C3m1r737 +qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMB +AAGjgZcwgZQwDwYDVR0TAQH/BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcC +ARYxaHR0cDovL3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqGSIb3DQEBCwUA +A4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLySCZa59sCrI2AGeYwRTlHSeYAz ++51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwj +f/ST7ZwaUb7dRUG/kSS0H4zpX897IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaN +kqbG9AclVMwWVxJKgnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfk +CpYL+63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxLvJxxcypF +URmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkmbEgeqmiSBeGCc1qb3Adb +CG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvkN1trSt8sV4pAWja63XVECDdCcAz+3F4h +oKOKwJCcaNpQ5kUQR3i2TtJlycM33+FCY7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoV +IPVVYpbtbZNQvOSqeK3Zywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm +66+KAQ== +-----END CERTIFICATE----- + +Hongkong Post Root CA 1 +======================= +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoT +DUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUx +NTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25n +IFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1 +ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqr +auh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqh +qZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMY +V18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNV +HRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7i +h9legYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio +l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5Lmei +IAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZvRZ+K88ps +T/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilT +c4afU9hDDl3WY4JxHYB0yvbiAmvZWg== +-----END CERTIFICATE----- + +SecureSign RootCA11 +=================== +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDErMCkGA1UEChMi +SmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBS +b290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSsw +KQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1 +cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvL +TJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGO +wvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMq +g6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rP +O7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitA +bpSACW22s293bzUIUPsCh8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZX +t94wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKCh +OBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbabfSVSSUOrTC4r +bnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQX5Ucv+2rIrVls4W6ng+4reV6G4pQ +Oh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01 +y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061 +lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I= +-----END CERTIFICATE----- + +Microsec e-Szigno Root CA 2009 +============================== +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER +MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv +c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE +BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt +U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA +fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG +0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA +pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm +1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC +AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf +QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE +FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o +lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX +I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02 +yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi +LXpUq3DDfSJlgnCW +-----END CERTIFICATE----- + +GlobalSign Root CA - R3 +======================= +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv +YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh +bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT +aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln +bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt +iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ +0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3 +rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl +OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2 +xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7 +lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8 +EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E +bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18 +YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r +kpeDMdmztcpHWD9f +-----END CERTIFICATE----- + +Autoridad de Certificacion Firmaprofesional CIF A62634068 +========================================================= +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UEBhMCRVMxQjBA +BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 +MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIw +QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB +NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD +Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P +B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY +7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH +ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI +plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX +MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX +LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK +bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU +vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1Ud +EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH +DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBvACAAZABlACAA +bABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAx +ADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx +51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qk +R71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaP +T481PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4f +Jl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzAKh3ntLFl +osS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2gHN99ZwExEWN57kci57q13XR +crHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoR +saS8I8nkvof/uZS2+F0gStRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTD +KCOM/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQBjLMi +6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +-----END CERTIFICATE----- + +Izenpe.com +========== +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG +EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz +MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu +QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ +03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK +ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU ++zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC +PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT +OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK +F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK +0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+ +0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB +leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID +AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+ +SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG +NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O +BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l +Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga +kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q +hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs +g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5 +aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5 +nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC +ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo +Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z +WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- + +Chambers of Commerce Root - 2008 +================================ +-----BEGIN CERTIFICATE----- +MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJFVTFD +MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv +bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu +QS4xKTAnBgNVBAMTIENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEy +Mjk1MFoXDTM4MDczMTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNl +ZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQF +EwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJl +cnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW928sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKA +XuFixrYp4YFs8r/lfTJqVKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorj +h40G072QDuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR5gN/ +ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfLZEFHcpOrUMPrCXZk +NNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05aSd+pZgvMPMZ4fKecHePOjlO+Bd5g +D2vlGts/4+EhySnB8esHnFIbAURRPHsl18TlUlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331 +lubKgdaX8ZSD6e2wsWsSaR6s+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ +0wlf2eOKNcx5Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj +ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAxhduub+84Mxh2 +EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQU+SSsD7K1+HnA+mCI +G8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJ +BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNh +bWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENh +bWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDiC +CQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUH +AgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAJASryI1 +wqM58C7e6bXpeHxIvj99RZJe6dqxGfwWPJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH +3qLPaYRgM+gQDROpI9CF5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbU +RWpGqOt1glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaHFoI6 +M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2pSB7+R5KBWIBpih1 +YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MDxvbxrN8y8NmBGuScvfaAFPDRLLmF +9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QGtjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcK +zBIKinmwPQN/aUv0NCB9szTqjktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvG +nrDQWzilm1DefhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg +OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ +-----END CERTIFICATE----- + +Global Chambersign Root - 2008 +============================== +-----BEGIN CERTIFICATE----- +MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYDVQQGEwJFVTFD +MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv +bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu +QS4xJzAlBgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMx +NDBaFw0zODA3MzExMjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUg +Y3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ +QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD +aGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDf +VtPkOpt2RbQT2//BthmLN0EYlVJH6xedKYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXf +XjaOcNFccUMd2drvXNL7G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0 +ZJJ0YPP2zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4ddPB +/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyGHoiMvvKRhI9lNNgA +TH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2Id3UwD2ln58fQ1DJu7xsepeY7s2M +H/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3VyJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfe +Ox2YItaswTXbo6Al/3K1dh3ebeksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSF +HTynyQbehP9r6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh +wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsogzCtLkykPAgMB +AAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBS5CcqcHtvTbDprru1U8VuT +BjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDprru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UE +BhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm +aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm +aXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiCCQDJzdPp +1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0 +dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAICIf3DekijZBZRG +/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZUohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6 +ReAJ3spED8IXDneRRXozX1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/s +dZ7LoR/xfxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVza2Mg +9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yydYhz2rXzdpjEetrHH +foUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMdSqlapskD7+3056huirRXhOukP9Du +qqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9OAP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETr +P3iZ8ntxPjzxmKfFGBI/5rsoM0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVq +c5iJWzouE4gev8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z +09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B +-----END CERTIFICATE----- + +Go Daddy Root Certificate Authority - G2 +======================================== +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu +MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G +A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq +9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD ++qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd +fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl +NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9 +BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac +vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r +5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV +N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1 +-----END CERTIFICATE----- + +Starfield Root Certificate Authority - G2 +========================================= +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s +b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 +eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw +DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg +VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv +W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs +bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk +N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf +ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU +JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol +TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx +4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw +F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ +c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- + +Starfield Services Root Certificate Authority - G2 +================================================== +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s +b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl +IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT +dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2 +h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa +hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP +LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB +rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG +SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP +E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy +xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza +YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6 +-----END CERTIFICATE----- + +AffirmTrust Commercial +====================== +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw +MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly +bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb +DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV +C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6 +BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww +MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV +HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG +hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi +qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv +0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh +sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- + +AffirmTrust Networking +====================== +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw +MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly +bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE +Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI +dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24 +/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb +h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV +HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu +UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6 +12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23 +WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9 +/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- + +AffirmTrust Premium +=================== +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy +OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy +dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn +BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV +5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs ++7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd +GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R +p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI +S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04 +6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5 +/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo ++Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv +MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC +6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S +L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK ++4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV +BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg +IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60 +g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb +zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw== +-----END CERTIFICATE----- + +AffirmTrust Premium ECC +======================= +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV +BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx +MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U +cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ +N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW +BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK +BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X +57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM +eQ== +-----END CERTIFICATE----- + +Certum Trusted Network CA +========================= +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK +ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy +MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU +ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC +l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J +J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4 +fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0 +cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB +Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj +jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1 +mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj +Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- + +TWCA Root Certification Authority +================================= +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ +VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG +EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB +IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx +QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC +oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP +4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r +y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG +9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC +mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW +QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY +T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny +Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- + +Security Communication RootCA2 +============================== +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc +U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh +dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC +SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy +aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++ ++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R +3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV +spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K +EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8 +QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj +u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk +3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q +tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29 +mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- + +EC-ACC +====== +-----BEGIN CERTIFICATE----- +MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB8zELMAkGA1UE +BhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0w +ODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYD +VQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UE +CxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMT +BkVDLUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQGEwJFUzE7 +MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8gKE5JRiBRLTA4MDExNzYt +SSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBDZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZl +Z2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQubmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJh +cnF1aWEgRW50aXRhdHMgZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUND +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R85iK +w5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm4CgPukLjbo73FCeT +ae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaVHMf5NLWUhdWZXqBIoH7nF2W4onW4 +HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNdQlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0a +E9jD2z3Il3rucO2n5nzbcc8tlGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw +0JDnJwIDAQABo4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4opvpXY0wfwYD +VR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBodHRwczovL3d3dy5jYXRjZXJ0 +Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5l +dC92ZXJhcnJlbCAwDQYJKoZIhvcNAQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJ +lF7W2u++AVtd0x7Y/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNa +Al6kSBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhyRp/7SNVe +l+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOSAgu+TGbrIP65y7WZf+a2 +E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xlnJ2lYJU6Un/10asIbvPuW/mIPX64b24D +5EI= +-----END CERTIFICATE----- + +Hellenic Academic and Research Institutions RootCA 2011 +======================================================= +-----BEGIN CERTIFICATE----- +MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1IxRDBCBgNVBAoT +O0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9y +aXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z +IFJvb3RDQSAyMDExMB4XDTExMTIwNjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYT +AkdSMUQwQgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z +IENlcnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNo +IEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPzdYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI +1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJfel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa +71HFK9+WXesyHgLacEnsbgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u +8yBRQlqD75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSPFEDH +3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNVHRMBAf8EBTADAQH/ +MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp5dgTBCPuQSUwRwYDVR0eBEAwPqA8 +MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQub3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQu +b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVt +XdMiKahsog2p6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 +TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7dIsXRSZMFpGD +/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8AcysNnq/onN694/BtZqhFLKPM58N +7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXIl7WdmplNsDz4SgCbZN2fOUvRJ9e4 +-----END CERTIFICATE----- + +Actalis Authentication Root CA +============================== +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM +BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE +AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky +MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz +IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ +wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa +by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6 +zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f +YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2 +oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l +EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7 +hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8 +EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5 +jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY +iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI +WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0 +JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx +K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+ +Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC +4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo +2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz +lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem +OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9 +vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- + +Trustis FPS Root CA +=================== +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQG +EwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQLExNUcnVzdGlzIEZQUyBSb290 +IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTExMzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNV +BAoTD1RydXN0aXMgTGltaXRlZDEcMBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQ +RUN+AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihHiTHcDnlk +H5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjjvSkCqPoc4Vu5g6hBSLwa +cY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zt +o3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlBOrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEA +AaNTMFEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAd +BgNVHQ4EFgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01GX2c +GE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmWzaD+vkAMXBJV+JOC +yinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP41BIy+Q7DsdwyhEQsb8tGD+pmQQ9P +8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZEf1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHV +l/9D7S3B2l0pKoU/rGXuhg8FjZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYl +iB6XzCGcKQENZetX2fNXlrtIzYE= +-----END CERTIFICATE----- + +Buypass Class 2 Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU +QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X +DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 +eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1 +g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn +9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b +/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU +CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff +awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI +zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn +Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX +Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs +M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF +AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI +osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S +aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd +DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD +LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0 +oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC +wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS +CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN +rJgWVqA= +-----END CERTIFICATE----- + +Buypass Class 3 Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU +QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X +DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 +eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH +sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR +5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh +7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ +ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH +2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV +/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ +RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA +Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq +j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF +AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G +uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG +Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8 +ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2 +KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz +6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug +UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe +eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi +Cp/HuZc= +-----END CERTIFICATE----- + +T-TeleSec GlobalRoot Class 3 +============================ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM +IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU +cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx +MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz +dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD +ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK +9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU +NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF +iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W +0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr +AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb +fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT +ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h +P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw== +-----END CERTIFICATE----- + +EE Certification Centre Root CA +=============================== +-----BEGIN CERTIFICATE----- +MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQG +EwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2Vy +dGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIw +MTAxMDMwMTAxMDMwWhgPMjAzMDEyMTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlB +UyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRy +ZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUyeuuOF0+W2Ap7kaJjbMeM +TC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvObntl8jixwKIy72KyaOBhU8E2lf/slLo2 +rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIwWFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw +93X2PaRka9ZP585ArQ/dMtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtN +P2MbRMNE1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/zQas8fElyalL1BSZ +MEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEF +BQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+Rj +xY6hUFaTlrg4wCQiZrxTFGGVv9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqM +lIpPnTX/dqQGE5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u +uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIWiAYLtqZLICjU +3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/vGVCJYMzpJJUPwssd8m92kMfM +dcGWxZ0= +-----END CERTIFICATE----- + +D-TRUST Root Class 3 CA 2 2009 +============================== +-----BEGIN CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe +Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE +LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD +ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA +BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv +KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z +p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC +AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ +4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y +eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw +MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G +PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw +OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm +2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV +dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph +X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I= +-----END CERTIFICATE----- + +D-TRUST Root Class 3 CA 2 EV 2009 +================================= +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw +OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw +OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS +egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh +zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T +7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60 +sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35 +11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv +cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v +ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El +MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp +b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh +c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+ +PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX +ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA +NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv +w9y4AyHqnxbxLFS1 +-----END CERTIFICATE----- + +CA Disig Root R2 +================ +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw +EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp +ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx +EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp +c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC +w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia +xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7 +A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S +GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV +g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa +5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE +koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A +Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i +Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u +Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV +sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je +dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8 +1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx +mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01 +utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0 +sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg +UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV +7+ZtsH8tZ/3zbBt1RqPlShfppNcL +-----END CERTIFICATE----- + +ACCVRAIZ1 +========= +-----BEGIN CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB +SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1 +MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH +UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM +jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0 +RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD +aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ +0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG +WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7 +8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR +5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J +9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK +Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw +Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu +Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM +Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA +QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh +AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA +YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj +AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA +IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk +aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0 +dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2 +MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI +hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E +R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN +YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49 +nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ +TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3 +sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg +Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd +3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p +EfbRD0tVNEYqi4Y7 +-----END CERTIFICATE----- + +TWCA Global Root CA +=================== +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT +CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD +QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK +EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C +nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV +r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR +Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV +tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W +KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99 +sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p +yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn +kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI +zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g +cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M +8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg +/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg +lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP +A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m +i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8 +EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3 +zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0= +-----END CERTIFICATE----- + +TeliaSonera Root CA v1 +====================== +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE +CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4 +MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW +VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+ +6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA +3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k +B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn +Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH +oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3 +F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ +oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7 +gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc +TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB +AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW +DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm +zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW +pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV +G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc +c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT +JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2 +qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6 +Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems +WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= +-----END CERTIFICATE----- + +E-Tugra Certification Authority +=============================== +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNVBAYTAlRSMQ8w +DQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamls +ZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN +ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMw +NTEyMDk0OFoXDTIzMDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmEx +QDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxl +cmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQD +DB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA4vU/kwVRHoViVF56C/UYB4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vd +hQd2h8y/L5VMzH2nPbxHD5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5K +CKpbknSFQ9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEoq1+g +ElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3Dk14opz8n8Y4e0ypQ +BaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcHfC425lAcP9tDJMW/hkd5s3kc91r0 +E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsutdEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gz +rt48Ue7LE3wBf4QOXVGUnhMMti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAq +jqFGOjGY5RH8zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn +rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUXU8u3Zg5mTPj5 +dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6Jyr+zE7S6E5UMA8GA1UdEwEB +/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQAFNzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAK +kEh47U6YA5n+KGCRHTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jO +XKqYGwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c77NCR807 +VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3+GbHeJAAFS6LrVE1Uweo +a2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WKvJUawSg5TB9D0pH0clmKuVb8P7Sd2nCc +dlqMQ1DujjByTd//SffGqWfZbawCEeI6FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEV +KV0jq9BgoRJP3vQXzTLlyb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gT +Dx4JnW2PAJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpDy4Q0 +8ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8dNL/+I5c30jn6PQ0G +C7TbO6Orb1wdtn7os4I07QZcJA== +-----END CERTIFICATE----- + +T-TeleSec GlobalRoot Class 2 +============================ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM +IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU +cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx +MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz +dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD +ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ +SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F +vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970 +2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV +WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy +YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4 +r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf +vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR +3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg== +-----END CERTIFICATE----- + +Atos TrustedRoot 2011 +===================== +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU +cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4 +MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG +A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV +hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr +54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+ +DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320 +HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR +z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R +l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ +bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h +k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh +TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9 +61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G +3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- + +QuoVadis Root CA 1 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakE +PBtVwedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWerNrwU8lm +PNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF34168Xfuw6cwI2H44g4hWf6 +Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh4Pw5qlPafX7PGglTvF0FBM+hSo+LdoIN +ofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXpUhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/l +g6AnhF4EwfWQvTA9xO+oabw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV +7qJZjqlc3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/GKubX +9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSthfbZxbGL0eUQMk1f +iyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KOTk0k+17kBL5yG6YnLUlamXrXXAkg +t3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOtzCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZI +hvcNAQELBQADggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC +MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2cDMT/uFPpiN3 +GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUNqXsCHKnQO18LwIE6PWThv6ct +Tr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP ++V04ikkwj+3x6xn0dxoxGE1nVGwvb2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh +3jRJjehZrJ3ydlo28hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fa +wx/kNSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNjZgKAvQU6 +O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhpq1467HxpvMc7hU6eFbm0 +FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFtnh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOV +hMJKzRwuJIczYOXD +-----END CERTIFICATE----- + +QuoVadis Root CA 2 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh +ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rjyduY +NM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy54ejiK2t +oIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+o +MiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+l +V0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZo +L1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz8eQQ +sSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43ehvNURG3YBZwjgQQvD +6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxh +lRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZI +hvcNAQELBQADggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 +AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7K +pVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9 +x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgz +dWqTHBLmYF5vHX/JHyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6X +U/IyAgkwo1jwDQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+Nw +mNtddbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWD +zYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN +JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd7Egr +O3jtZsSOeWmD3n+M +-----END CERTIFICATE----- + +QuoVadis Root CA 3 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286 +IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNuFoM7pmRL +Mon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXRU7Ox7sWTaYI+FrUoRqHe +6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1AdHkrAj80//ogaX3T7mH1urPnMNA3 +I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3U +VDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f7 +5li59wzweyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqi +Md5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DM +dyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/Yt +rQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZI +hvcNAQELBQADggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px +KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzS +t/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQ +TXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du +DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGib +Ih6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmD +hPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+DhcI00iX +0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlopNLk9hM6xZdRZkZFW +dSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWVjUTR939+J399roD1B0y2 +PpxxVJkES/1Y+Zj0 +-----END CERTIFICATE----- + +DigiCert Assured ID Root G2 +=========================== +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw +IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgw +MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL +ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH +35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i89vq +bFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfcgnDmCXRw +VWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OP +YLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+Rn +lTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTO +w0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPIQW5pJ6d1Ee88hjZv +0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I0jJmwYrA8y8678Dj1JGG0VDjA9tz +d29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAW +hsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0M +jomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5w== +-----END CERTIFICATE----- + +DigiCert Assured ID Root G3 +=========================== +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD +VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1 +MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJfZn4f5dwb +RXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17QRSAPWXYQ1qAk8C3eNvJs +KTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgF +UaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5Fy +YZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy +1vUhZscv6pZjamVFkpUBtA== +-----END CERTIFICATE----- + +DigiCert Global Root G2 +======================= +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw +HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUx +MjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 +dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJ +kTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO +3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauV +BJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM +UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQAB +o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu +5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsr +F9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0U +WTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBH +QRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/ +iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- + +DigiCert Global Root G3 +======================= +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYD +VQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAw +MDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5k +aWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0C +AQYFK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O +YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp +Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y +3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34 +VOKa5Vt8sycX +-----END CERTIFICATE----- + +DigiCert Trusted Root G4 +======================== +-----BEGIN CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEw +HwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1 +MTIwMDAwWjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEp +pz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9o +k3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa +vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGY +QJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6 +MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtm +mnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7 +f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFH +dL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8 +oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBhjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2SV1EY+CtnJYY +ZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd+SeuMIW59mdNOj6PWTkiU0Tr +yF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWcfFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy +7zBZLq7gcfJW5GqXb5JQbZaNaHqasjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iah +ixTXTBmyUEFxPT9NcCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN +5r5N0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie4u1Ki7wb +/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mIr/OSmbaz5mEP0oUA51Aa +5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tK +G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP +82Z+ +-----END CERTIFICATE----- + +COMODO RSA Certification Authority +================================== +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn +dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ +FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+ +5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG +x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX +2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL +OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3 +sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C +GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5 +WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt +rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+ +nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg +tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW +sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp +pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA +zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq +ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52 +7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I +LaZRfyHBNVOFBkpdn627G190 +-----END CERTIFICATE----- + +USERTrust RSA Certification Authority +===================================== +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK +ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK +ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAEmUXNg7D2wiz +0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2j +Y0K2dvKpOyuR+OJv0OwWIJAJPuLodMkYtJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFn +RghRy4YUVD+8M/5+bJz/Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O ++T23LLb2VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT79uq +/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6c0Plfg6lZrEpfDKE +Y1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmTYo61Zs8liM2EuLE/pDkP2QKe6xJM +lXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97lc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8 +yexDJtC/QV9AqURE9JnnV4eeUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+ +eLf8ZxXhyVeEHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPFUp/L+M+ZBn8b2kMVn54CVVeW +FPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KOVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ +7l8wXEskEVX/JJpuXior7gtNn3/3ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQ +Eg9zKC7F4iRO/Fjs8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM +8WcRiQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYzeSf7dNXGi +FSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZXHlKYC6SQK5MNyosycdi +yA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9c +J2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRBVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGw +sAvgnEzDHNb842m1R0aBL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gx +Q+6IHdfGjjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- + +USERTrust ECC Certification Authority +===================================== +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2EurxtW2 +0eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCjtHDix6Ez +nPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNV +HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBB +HU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbWRNZu +9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE----- + +GlobalSign ECC Root CA - R4 +=========================== +-----BEGIN CERTIFICATE----- +MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEkMCIGA1UECxMb +R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD +EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb +R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD +EwpHbG9iYWxTaWduMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprl +OQcJFspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAwDgYDVR0P +AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61FuOJAf/sKbvu+M8k8o4TV +MAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGXkPoUVy0D7O48027KqGx2vKLeuwIgJ6iF +JzWbVsaj8kfSt24bAgAXqmemFZHe+pTsewv4n4Q= +-----END CERTIFICATE----- + +GlobalSign ECC Root CA - R5 +=========================== +-----BEGIN CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMb +R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD +EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb +R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD +EwpHbG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6 +SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvRnkmS +h5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIxAOVpEslu28Yx +uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7 +yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3 +-----END CERTIFICATE----- + +Staat der Nederlanden Root CA - G3 +================================== +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE +CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g +Um9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloXDTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMC +TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l +ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4y +olQPcPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WWIkYFsO2t +x1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqXxz8ecAgwoNzFs21v0IJy +EavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFyKJLZWyNtZrVtB0LrpjPOktvA9mxjeM3K +Tj215VKb8b475lRgsGYeCasH/lSJEULR9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUur +mkVLoR9BvUhTFXFkC4az5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU5 +1nus6+N86U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7Ngzp +07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHPbMk7ccHViLVlvMDo +FxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXtBznaqB16nzaeErAMZRKQFWDZJkBE +41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTtXUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleu +yjWcLhL75LpdINyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD +U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwpLiniyMMB8jPq +KqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8Ipf3YF3qKS9Ysr1YvY2WTxB1 +v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixpgZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA +8KCWAg8zxXHzniN9lLf9OtMJgwYh/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b +8KKaa8MFSu1BYBQw0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0r +mj1AfsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq4BZ+Extq +1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR1VmiiXTTn74eS9fGbbeI +JG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/QFH1T/U67cjF68IeHRaVesd+QnGTbksV +tzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM94B7IWcnMFk= +-----END CERTIFICATE----- + +Staat der Nederlanden EV Root CA +================================ +-----BEGIN CERTIFICATE----- +MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJOTDEeMBwGA1UE +CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFhdCBkZXIgTmVkZXJsYW5kZW4g +RVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0yMjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5M +MR4wHAYDVQQKDBVTdGFhdCBkZXIgTmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRl +cmxhbmRlbiBFViBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkk +SzrSM4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nCUiY4iKTW +O0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3dZ//BYY1jTw+bbRcwJu+r +0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46prfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8 +Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13lpJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gV +XJrm0w912fxBmJc+qiXbj5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr +08C+eKxCKFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS/ZbV +0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0XcgOPvZuM5l5Tnrmd +74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH1vI4gnPah1vlPNOePqc7nvQDs/nx +fRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrPpx9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwa +ivsnuL8wbqg7MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI +eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u2dfOWBfoqSmu +c0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHSv4ilf0X8rLiltTMMgsT7B/Zq +5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTCwPTxGfARKbalGAKb12NMcIxHowNDXLldRqAN +b/9Zjr7dn3LDWyvfjFvO5QxGbJKyCqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tN +f1zuacpzEPuKqf2evTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi +5Dp6Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIaGl6I6lD4 +WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeLeG9QgkRQP2YGiqtDhFZK +DyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGy +eUN51q1veieQA6TqJIc/2b3Z6fJfUEkc7uzXLg== +-----END CERTIFICATE----- + +IdenTrust Commercial Root CA 1 +============================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG +EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS +b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES +MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB +IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld +hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/ +mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi +1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C +XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl +3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy +NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV +WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg +xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix +uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI +hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH +6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg +ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt +ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV +YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX +feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro +kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe +2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz +Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R +cGzM7vRX+Bi6hG6H +-----END CERTIFICATE----- + +IdenTrust Public Sector Root CA 1 +================================= +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG +EwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3Rv +ciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJV +UzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBS +b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTy +P4o7ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6 +Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXI +rcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESf +qy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoS +mJxZZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn +ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyh +LrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v +iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaOReyL +4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8B +Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMw +DQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj +t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHVDRDtfULAj+7A +mgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNt +GtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFt +m6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMx +NRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4 +Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDI +ajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vC +ZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ +3Wl9af0AVqW3rLatt8o+Ae+c +-----END CERTIFICATE----- + +Entrust Root Certification Authority - G2 +========================================= +-----BEGIN CERTIFICATE----- +MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNV +BAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVy +bXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ug +b25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIw +HhcNMDkwNzA3MTcyNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoT +DUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMx +OTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP +/vaCeb9zYQYKpSfYs1/TRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXz +HHfV1IWNcCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hWwcKU +s/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1U1+cPvQXLOZprE4y +TGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0jaWvYkxN4FisZDQSA/i2jZRjJKRx +AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ6 +0B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5Z +iXMRrEPR9RP/jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ +Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v1fN2D807iDgi +nWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4RnAuknZoh8/CbCzB428Hch0P+ +vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmHVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xO +e4pIb4tF9g== +-----END CERTIFICATE----- + +Entrust Root Certification Authority - EC1 +========================================== +-----BEGIN CERTIFICATE----- +MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkGA1UEBhMCVVMx +FjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVn +YWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEzMDEGA1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRUMxMB4XDTEyMTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYw +FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2Fs +LXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg +dXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt +IEVDMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHy +AsWfoPZb1YsGGYZPUxBtByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef +9eNi1KlHBz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVCR98crlOZF7ZvHH3h +vxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nXhTcGtXsI/esni0qU+eH6p44mCOh8 +kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G +-----END CERTIFICATE----- + +CFCA EV ROOT +============ +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDTjEwMC4GA1UE +CgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNB +IEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkxMjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEw +MC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQD +DAxDRkNBIEVWIFJPT1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnV +BU03sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpLTIpTUnrD +7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5/ZOkVIBMUtRSqy5J35DN +uF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp7hZZLDRJGqgG16iI0gNyejLi6mhNbiyW +ZXvKWfry4t3uMCz7zEasxGPrb382KzRzEpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7 +xzbh72fROdOXW3NiGUgthxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9f +py25IGvPa931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqotaK8K +gWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNgTnYGmE69g60dWIol +hdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfVPKPtl8MeNPo4+QgO48BdK4PRVmrJ +tqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hvcWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAf +BgNVHSMEGDAWgBTj/i39KNALtbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB +/wQEAwIBBjAdBgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObTej/tUxPQ4i9q +ecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdLjOztUmCypAbqTuv0axn96/Ua +4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBSESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sG +E5uPhnEFtC+NiWYzKXZUmhH4J/qyP5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfX +BDrDMlI1Dlb4pd19xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjn +aH9dCi77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN5mydLIhy +PDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe/v5WOaHIz16eGWRGENoX +kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C +ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su +-----END CERTIFICATE----- + +Certinomis - Root CA +==================== +-----BEGIN CERTIFICATE----- +MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjETMBEGA1UEChMK +Q2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAbBgNVBAMTFENlcnRpbm9taXMg +LSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMzMTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIx +EzARBgNVBAoTCkNlcnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRD +ZXJ0aW5vbWlzIC0gUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQos +P5L2fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJflLieY6pOo +d5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQVWZUKxkd8aRi5pwP5ynap +z8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDFTKWrteoB4owuZH9kb/2jJZOLyKIOSY00 +8B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09x +RLWtwHkziOC/7aOgFLScCbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE +6OXWk6RiwsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJwx3t +FvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SGm/lg0h9tkQPTYKbV +PZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4F2iw4lNVYC2vPsKD2NkJK/DAZNuH +i5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZngWVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGj +YzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I +6tNxIqSSaHh02TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF +AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/0KGRHCwPT5iV +WVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWwF6YSjNRieOpWauwK0kDDPAUw +Pk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZSg081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAX +lCOotQqSD7J6wWAsOMwaplv/8gzjqh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJ +y29SWwNyhlCVCNSNh4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9 +Iff/ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8Vbtaw5Bng +DwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwjY/M50n92Uaf0yKHxDHYi +I0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nM +cyrDflOR1m749fPH0FFNjkulW+YZFzvWgQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVr +hkIGuUE= +-----END CERTIFICATE----- + +OISTE WISeKey Global Root GB CA +=============================== +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQG +EwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl +ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAw +MzJaFw0zOTEyMDExNTEwMzFaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYD +VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEds +b2JhbCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3HEokKtaX +scriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGxWuR51jIjK+FTzJlFXHtP +rby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk +9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNku7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4o +Qnc/nSMbsrY9gBQHTC5P99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvg +GUpuuy9rM2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI +hvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrghcViXfa43FK8+5/ea4n32cZiZBKpD +dHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0 +VQreUGdNZtGn//3ZwLWoo4rOZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEui +HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic +Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= +-----END CERTIFICATE----- + +SZAFIR ROOT CA2 +=============== +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQELBQAwUTELMAkG +A1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNV +BAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJ +BgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYD +VQQDDA9TWkFGSVIgUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5Q +qEvNQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNK +DJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE +2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJ +ckm1/zuVnsHMyAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwi +ieDhZNRnvDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC +AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/cof5 +O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1zBLZpD67 +oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul +4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6 ++/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztw== +-----END CERTIFICATE----- + +Certum Trusted Network CA 2 +=========================== +-----BEGIN CERTIFICATE----- +MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UE +BhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1 +bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29y +ayBDQSAyMCIYDzIwMTExMDA2MDgzOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQ +TDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENB +IDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWADGSdhhuWZGc/IjoedQF9 +7/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+o +CgCXhVqqndwpyeI1B+twTUrWwbNWuKFBOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40b +Rr5HMNUuctHFY9rnY3lEfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2p +uTRZCr+ESv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1mo130 +GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02isx7QBlrd9pPPV3WZ +9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOWOZV7bIBaTxNyxtd9KXpEulKkKtVB +Rgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgezTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pye +hizKV/Ma5ciSixqClnrDvFASadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vM +BhBgu4M1t15n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI +hvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQF/xlhMcQSZDe28cmk4gmb3DW +Al45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTfCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuA +L55MYIR4PSFk1vtBHxgP58l1cb29XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMo +clm2q8KMZiYcdywmdjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tM +pkT/WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jbAoJnwTnb +w3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksqP/ujmv5zMnHCnsZy4Ypo +J/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Kob7a6bINDd82Kkhehnlt4Fj1F4jNy3eFm +ypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLX +is7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7 +zAYspsbiDrW5viSP +-----END CERTIFICATE----- + +Hellenic Academic and Research Institutions RootCA 2015 +======================================================= +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcT +BkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0 +aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl +YXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAx +MTIxWjCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg +QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV +BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIw +MTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8Zlrv +bTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+eh +iGsxr/CL0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+ +6PAQZe104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd +FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4vTwr +i5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn6npIQf1F +GQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2 +fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9mu +iNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswDQYJKoZI +hvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+ +D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrM +d/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+y +d+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn +82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7Hxjb +davYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7F +Jej6A7na+RZukYT1HCjI/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVt +J94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGa +JI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9q +p/UsQu0yrbYhnr68 +-----END CERTIFICATE----- + +Hellenic Academic and Research Institutions ECC RootCA 2015 +=========================================================== +-----BEGIN CERTIFICATE----- +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0 +aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u +cyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj +aCBJbnN0aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEw +MzcxMlowgaoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmlj +IEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUQwQgYD +VQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIEVDQyBSb290 +Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKgQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVP +dJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJajq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoK +Vlp8aQuqgAkkbH7BRqNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O +BBYEFLQiC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTA +GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn +dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR +-----END CERTIFICATE----- + +Certplus Root CA G1 +=================== +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUAMD4xCzAJBgNV +BAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMTAe +Fw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhD +ZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHN +r49aiZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt6kuJPKNx +Qv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP0FG7Yn2ksYyy/yARujVj +BYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTv +LRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDEEW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2 +z4QTd28n6v+WZxcIbekN1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc +4nBvCGrch2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCTmehd +4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV4EJQeIQEQWGw9CEj +jy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPOWftwenMGE9nTdDckQQoRb5fc5+R+ +ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G +A1UdDgQWBBSowcCbkahDFXxdBie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHY +lwuBsTANBgkqhkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh +66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7/SMNkPX0XtPG +YX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BSS7CTKtQ+FjPlnsZlFT5kOwQ/ +2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F +6ALEUz65noe8zDUa3qHpimOHZR4RKttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilX +CNQ314cnrUlZp5GrRHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWe +tUNy6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEVV/xuZDDC +VRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5g4VCXA9DO2pJNdWY9BW/ ++mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl++O/QmueD6i9a5jc2NvLi6Td11n0bt3+ +qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo= +-----END CERTIFICATE----- + +Certplus Root CA G2 +=================== +-----BEGIN CERTIFICATE----- +MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4xCzAJBgNVBAYT +AkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMjAeFw0x +NDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0 +cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BM0PW1aC3/BFGtat93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uN +Am8xIk0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0PAQH/BAQD +AgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMB8GA1Ud +IwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqGSM49BAMDA2gAMGUCMHD+sAvZ94OX7PNV +HdTcswYO/jOYnYs5kGuUIe22113WTNchp+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjl +vPl5adytRSv3tjFzzAalU5ORGpOucGpnutee5WEaXw== +-----END CERTIFICATE----- + +OpenTrust Root CA G1 +==================== +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESCzkFU5fX82bWTCp59rY45nMA0GCSqGSIb3DQEBCwUAMEAxCzAJBgNV +BAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEcx +MB4XDTE0MDUyNjA4NDU1MFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoM +CU9wZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzEwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQD4eUbalsUwXopxAy1wpLuwxQjczeY1wICkES3d5oeuXT2R0odsN7fa +Yp6bwiTXj/HbpqbfRm9RpnHLPhsxZ2L3EVs0J9V5ToybWL0iEA1cJwzdMOWo010hOHQX/uMftk87 +ay3bfWAfjH1MBcLrARYVmBSO0ZB3Ij/swjm4eTrwSSTilZHcYTSSjFR077F9jAHiOH3BX2pfJLKO +YheteSCtqx234LSWSE9mQxAGFiQD4eCcjsZGT44ameGPuY4zbGneWK2gDqdkVBFpRGZPTBKnjix9 +xNRbxQA0MMHZmf4yzgeEtE7NCv82TWLxp2NX5Ntqp66/K7nJ5rInieV+mhxNaMbBGN4zK1FGSxyO +9z0M+Yo0FMT7MzUj8czxKselu7Cizv5Ta01BG2Yospb6p64KTrk5M0ScdMGTHPjgniQlQ/GbI4Kq +3ywgsNw2TgOzfALU5nsaqocTvz6hdLubDuHAk5/XpGbKuxs74zD0M1mKB3IDVedzagMxbm+WG+Oi +n6+Sx+31QrclTDsTBM8clq8cIqPQqwWyTBIjUtz9GVsnnB47ev1CI9sjgBPwvFEVVJSmdz7QdFG9 +URQIOTfLHzSpMJ1ShC5VkLG631UAC9hWLbFJSXKAqWLXwPYYEQRVzXR7z2FwefR7LFxckvzluFqr +TJOVoSfupb7PcSNCupt2LQIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUl0YhVyE12jZVx/PxN3DlCPaTKbYwHwYDVR0jBBgwFoAUl0YhVyE12jZVx/Px +N3DlCPaTKbYwDQYJKoZIhvcNAQELBQADggIBAB3dAmB84DWn5ph76kTOZ0BP8pNuZtQ5iSas000E +PLuHIT839HEl2ku6q5aCgZG27dmxpGWX4m9kWaSW7mDKHyP7Rbr/jyTwyqkxf3kfgLMtMrpkZ2Cv +uVnN35pJ06iCsfmYlIrM4LvgBBuZYLFGZdwIorJGnkSI6pN+VxbSFXJfLkur1J1juONI5f6ELlgK +n0Md/rcYkoZDSw6cMoYsYPXpSOqV7XAp8dUv/TW0V8/bhUiZucJvbI/NeJWsZCj9VrDDb8O+WVLh +X4SPgPL0DTatdrOjteFkdjpY3H1PXlZs5VVZV6Xf8YpmMIzUUmI4d7S+KNfKNsSbBfD4Fdvb8e80 +nR14SohWZ25g/4/Ii+GOvUKpMwpZQhISKvqxnUOOBZuZ2mKtVzazHbYNeS2WuOvyDEsMpZTGMKcm +GS3tTAZQMPH9WD25SxdfGbRqhFS0OE85og2WaMMolP3tLR9Ka0OWLpABEPs4poEL0L9109S5zvE/ +bw4cHjdx5RiHdRk/ULlepEU0rbDK5uUTdg8xFKmOLZTW1YVNcxVPS/KyPu1svf0OnWZzsD2097+o +4BGkxK51CUpjAEggpsadCwmKtODmzj7HPiY46SvepghJAwSQiumPv+i2tCqjI40cHLI5kqiPAlxA +OXXUc0ECd97N4EOH1uS6SsNsEn/+KuYj1oxx +-----END CERTIFICATE----- + +OpenTrust Root CA G2 +==================== +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUAMEAxCzAJBgNV +BAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEcy +MB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoM +CU9wZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+ +Ntmh/LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78eCbY2albz +4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/61UWY0jUJ9gNDlP7ZvyCV +eYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fEFY8ElggGQgT4hNYdvJGmQr5J1WqIP7wt +UdGejeBSzFfdNTVY27SPJIjki9/ca1TSgSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz +3GIZ38i1MH/1PCZ1Eb3XG7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj +3CzMpSZyYhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaHvGOz +9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4t/bQWVyJ98LVtZR0 +0dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/gh7PU3+06yzbXfZqfUAkBXKJOAGT +y3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUajn6QiL35okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59 +M4PLuG53hq8wDQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz +Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0nXGEL8pZ0keI +mUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qTRmTFAHneIWv2V6CG1wZy7HBG +S4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpTwm+bREx50B1ws9efAvSyB7DH5fitIw6mVskp +EndI2S9G/Tvw/HRwkqWOOAgfZDC2t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ +6e18CL13zSdkzJTaTkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97kr +gCf2o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU3jg9CcCo +SmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eAiN1nE28daCSLT7d0geX0 +YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14fWKGVyasvc0rQLW6aWQ9VGHgtPFGml4vm +u7JwqkwR3v98KzfUetF3NI/n+UL3PIEMS1IK +-----END CERTIFICATE----- + +OpenTrust Root CA G3 +==================== +-----BEGIN CERTIFICATE----- +MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAxCzAJBgNVBAYT +AkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEczMB4X +DTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9w +ZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAARK7liuTcpm3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5B +ta1doYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4GA1UdDwEB +/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAf +BgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAKBggqhkjOPQQDAwNpADBmAjEAj6jcnboM +BBf6Fek9LykBl7+BFjNAk2z8+e2AcG+qj9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta +3U1fJAuwACEl74+nBCZx4nxp5V2a+EEfOzmTk51V6s2N8fvB +-----END CERTIFICATE----- + +ISRG Root X1 +============ +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UE +BhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQD +EwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQG +EwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMT +DElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54r +Vygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj1 +3Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8K +b4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCN +Aymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ +4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf +1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFu +hjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQH +usEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/r +OPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY +9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV +0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwt +hDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJw +TdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nx +e5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZA +JzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahD +YVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9n +JEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJ +m+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- + +AC RAIZ FNMT-RCM +================ +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYT +AkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTAeFw0wODEw +MjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJD +TTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBALpxgHpMhm5/yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcf +qQgfBBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAzWHFctPVr +btQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxFtBDXaEAUwED653cXeuYL +j2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z374jNUUeAlz+taibmSXaXvMiwzn15Cou +08YfxGyqxRxqAQVKL9LFwag0Jl1mpdICIfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mw +WsXmo8RZZUc1g16p6DULmbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnT +tOmlcYF7wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peSMKGJ +47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2ZSysV4999AeU14EC +ll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMetUqIJ5G+GR4of6ygnXYMgrwTJbFaa +i0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FPd9xf3E6Jobd2Sn9R2gzL+HYJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1o +dHRwOi8vd3d3LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1RXxlDPiyN8+s +D8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYMLVN0V2Ue1bLdI4E7pWYjJ2cJ +j+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrT +Qfv6MooqtyuGC2mDOL7Nii4LcK2NJpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW ++YJF1DngoABd15jmfZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7 +Ixjp6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp1txyM/1d +8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B9kiABdcPUXmsEKvU7ANm +5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wokRqEIr9baRRmW1FMdW4R58MD3R++Lj8UG +rp1MYp3/RgT408m2ECVAdf4WqslKYIYvuu8wd+RU4riEmViAqhOLUTpPSPaLtrM= +-----END CERTIFICATE----- + +Amazon Root CA 1 +================ +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYD +VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1 +MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv +bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgH +FzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQ +gLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0t +dHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcce +VOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3 +DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PM +CCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy +8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa +2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2 +xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5 +-----END CERTIFICATE----- + +Amazon Root CA 2 +================ +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwFADA5MQswCQYD +VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAyMB4XDTE1 +MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv +bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAK2Wny2cSkxKgXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4 +kHbZW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg1dKmSYXp +N+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K8nu+NQWpEjTj82R0Yiw9 +AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvd +fLC6HM783k81ds8P+HgfajZRRidhW+mez/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAEx +kv8LV/SasrlX6avvDXbR8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSS +btqDT6ZjmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz7Mt0 +Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6+XUyo05f7O0oYtlN +c/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI0u1ufm8/0i2BWSlmy5A5lREedCf+ +3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSw +DPBMMPQFWAJI/TPlUq9LhONmUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oA +A7CXDpO8Wqj2LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kSk5Nrp+gvU5LE +YFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl7uxMMne0nxrpS10gxdr9HIcW +xkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygmbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQ +gj9sAq+uEjonljYE1x2igGOpm/HlurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbW +aQbLU8uz/mtBzUF+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoV +Yh63n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE76KlXIx3 +KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H9jVlpNMKVv/1F2Rs76gi +JUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT4PsJYGw= +-----END CERTIFICATE----- + +Amazon Root CA 3 +================ +-----BEGIN CERTIFICATE----- +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5MQswCQYDVQQG +EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAzMB4XDTE1MDUy +NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ +MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZB +f8ANm+gBG1bG8lKlui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjr +Zt6jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSrttvXBp43 +rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkrBqWTrBqYaGFy+uGh0Psc +eGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteMYyRIHN8wfdVoOw== +-----END CERTIFICATE----- + +Amazon Root CA 4 +================ +-----BEGIN CERTIFICATE----- +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5MQswCQYDVQQG +EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSA0MB4XDTE1MDUy +NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ +MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN +/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri +83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gA +MGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1 +AE47xDqUEpHJWEadIRNyp4iciuRMStuW1KyLa2tJElMzrdfkviT8tQp21KW8EA== +-----END CERTIFICATE----- + +LuxTrust Global Root 2 +====================== +-----BEGIN CERTIFICATE----- +MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQELBQAwRjELMAkG +A1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNVBAMMFkx1eFRydXN0IEdsb2Jh +bCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUwMzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEW +MBQGA1UECgwNTHV4VHJ1c3QgUy5BLjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wm +Kb3FibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTemhfY7RBi2 +xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1EMShduxq3sVs35a0VkBC +wGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsnXpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm +1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkm +FRseTJIpgp7VkoGSQXAZ96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niF +wpN6cj5mj5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4gDEa/ +a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+8kPREd8vZS9kzl8U +ubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2jX5t/Lax5Gw5CMZdjpPuKadUiDTSQ +MC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmHhFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB +/zBCBgNVHSAEOzA5MDcGByuBKwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5 +Lmx1eHRydXN0Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT ++Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQELBQADggIBAGoZ +FO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9BzZAcg4atmpZ1gDlaCDdLnIN +H2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTOjFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW +7MM3LGVYvlcAGvI1+ut7MV3CwRI9loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIu +ZY+kt9J/Z93I055cqqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWA +VWe+2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/JEAdemrR +TxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKrezrnK+T+Tb/mjuuqlPpmt +/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQfLSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc +7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31I +iyBMz2TWuJdGsE7RKlY6oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrr +-----END CERTIFICATE----- + +TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 +============================================= +-----BEGIN CERTIFICATE----- +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIxGDAWBgNVBAcT +D0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNlbCB2ZSBUZWtub2xvamlr +IEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24g +TWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRp +ZmlrYXNpIC0gU3VydW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYD +VQQGEwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXllIEJpbGlt +c2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklUQUsxLTArBgNVBAsTJEth +bXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBTTTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11 +IFNNIFNTTCBLb2sgU2VydGlmaWthc2kgLSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAr3UwM6q7a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y8 +6Ij5iySrLqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INrN3wc +wv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2XYacQuFWQfw4tJzh0 +3+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/iSIzL+aFCr2lqBs23tPcLG07xxO9 +WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4fAJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQU +ZT/HiobGPN08VFw1+DrtUgxHV8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPfIPP54+M638yc +lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R +e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j +q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= +-----END CERTIFICATE----- + +GDCA TrustAUTH R5 ROOT +====================== +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw +BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD +DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow +YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs +AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p +OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr +pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ +9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ +xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM +R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ +D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4 +oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx +9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9 +H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35 +6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd ++PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ +HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD +F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ +8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv +/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT +aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- + +TrustCor RootCert CA-1 +====================== +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYDVQQGEwJQQTEP +MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig +U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkx +MjMxMTcyMzE2WjCBpDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFu +YW1hIENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUGA1UECwwe +VHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZUcnVzdENvciBSb290Q2Vy +dCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv463leLCJhJrMxnHQFgKq1mq +jQCj/IDHUHuO1CAmujIS2CNUSSUQIpidRtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4 +pQa81QBeCQryJ3pS/C3Vseq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0 +JEsq1pme9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CVEY4h +gLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorWhnAbJN7+KIor0Gqw +/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/DeOxCbeKyKsZn3MzUOcwHwYDVR0j +BBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwDQYJKoZIhvcNAQELBQADggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5 +mDo4Nvu7Zp5I/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf +ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZyonnMlo2HD6C +qFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djtsL1Ac59v2Z3kf9YKVmgenFK+P +3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdNzl/HHk484IkzlQsPpTLWPFp5LBk= +-----END CERTIFICATE----- + +TrustCor RootCert CA-2 +====================== +-----BEGIN CERTIFICATE----- +MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNVBAYTAlBBMQ8w +DQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYDVQQKDBtUcnVzdENvciBT +eXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0 +eTEfMB0GA1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEy +MzExNzI2MzlaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5h +bWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0 +IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnIG7CKqJiJJWQdsg4foDSq8Gb +ZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9Nk +RvRUqdw6VC0xK5mC8tkq1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1 +oYxOdqHp2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nKDOOb +XUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hapeaz6LMvYHL1cEksr1 +/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF3wP+TfSvPd9cW436cOGlfifHhi5q +jxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQP +eSghYA2FFn3XVDjxklb9tTNMg9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+Ctg +rKAmrhQhJ8Z3mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh +8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAdBgNVHQ4EFgQU +2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6UnrybPZx9mCAZ5YwwYrIwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/h +Osh80QA9z+LqBrWyOrsGS2h60COXdKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnp +kpfbsEZC89NiqpX+MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv +2wnL/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RXCI/hOWB3 +S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYaZH9bDTMJBzN7Bj8RpFxw +PIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dv +DDqPys/cA8GiCcjl/YBeyGBCARsaU1q7N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYU +RpFHmygk71dSTlxCnKr3Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANE +xdqtvArBAs8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp5KeX +RKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu1uwJ +-----END CERTIFICATE----- + +TrustCor ECA-1 +============== +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYDVQQGEwJQQTEP +MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig +U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkxFzAVBgNVBAMMDlRydXN0Q29yIEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3Mjgw +N1owgZwxCzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5 +MSQwIgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29y +IENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3IgRUNBLTEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb3w9U73NjKYKtR8aja+3+XzP4Q1HpGjOR +MRegdMTUpwHmspI+ap3tDvl0mEDTPwOABoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23 +xFUfJ3zSCNV2HykVh0A53ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmc +p0yJF4OuowReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/wZ0+ +fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZFZtS6mFjBAgMBAAGj +YzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAfBgNVHSMEGDAWgBREnkj1zG1I1KBL +f/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF +AAOCAQEABT41XBVwm8nHc2FvcivUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u +/ukZMjgDfxT2AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F +hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50soIipX1TH0Xs +J5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BIWJZpTdwHjFGTot+fDz2LYLSC +jaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1WitJ/X5g== +-----END CERTIFICATE----- + +SSL.com Root Certification Authority RSA +======================================== +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM +BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x +MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw +MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx +EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM +LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C +Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8 +P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge +oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp +k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z +fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ +gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2 +UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8 +1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s +bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr +dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf +ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl +u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq +erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj +MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ +vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI +Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y +wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI +WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- + +SSL.com Root Certification Authority ECC +======================================== +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv +BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy +MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO +BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+ +8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR +hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT +jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW +e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z +5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- + +SSL.com EV Root Certification Authority RSA R2 +============================================== +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w +DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u +MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI +DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD +VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh +hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w +cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO +Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+ +B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh +CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim +9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto +RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm +JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48 ++qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp +qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1 +++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx +Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G +guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz +OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7 +CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq +lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR +rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1 +hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX +9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- + +SSL.com EV Root Certification Authority ECC +=========================================== +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy +BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw +MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx +EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM +LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy +3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O +BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe +5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ +N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm +m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- diff -Nru stunnel4-5.49/tools/Makefile.am stunnel4-5.50/tools/Makefile.am --- stunnel4-5.49/tools/Makefile.am 2018-04-06 14:25:10.000000000 +0000 +++ stunnel4-5.50/tools/Makefile.am 2018-10-09 14:37:38.000000000 +0000 @@ -5,6 +5,7 @@ EXTRA_DIST += openssl.cnf stunnel.nsi stunnel.license stunnel.conf EXTRA_DIST += stunnel.conf-sample.in stunnel.init.in stunnel.service.in EXTRA_DIST += stunnel.logrotate stunnel.rh.init stunnel.spec +EXTRA_DIST += plugins ca-certs.pem confdir = $(sysconfdir)/stunnel conf_DATA = stunnel.conf-sample diff -Nru stunnel4-5.49/tools/Makefile.in stunnel4-5.50/tools/Makefile.in --- stunnel4-5.49/tools/Makefile.in 2018-08-31 14:51:16.000000000 +0000 +++ stunnel4-5.50/tools/Makefile.in 2018-11-09 15:53:56.000000000 +0000 @@ -282,7 +282,7 @@ makecert.sh openssl.cnf stunnel.nsi stunnel.license \ stunnel.conf stunnel.conf-sample.in stunnel.init.in \ stunnel.service.in stunnel.logrotate stunnel.rh.init \ - stunnel.spec + stunnel.spec plugins ca-certs.pem confdir = $(sysconfdir)/stunnel conf_DATA = stunnel.conf-sample examplesdir = $(docdir)/examples diff -Nru stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/build.bat stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/build.bat --- stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/build.bat 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/build.bat 2005-09-21 18:23:38.000000000 +0000 @@ -0,0 +1,9 @@ +@ECHO OFF +Set VCDIR=D:\Program Files\Microsoft Visual C++ Toolkit 2003 + +Set PATH=%VCDIR%\bin;%PATH% +Set INCLUDE=%VCDIR%\include;%INCLUDE% +Set LIB=%VCDIR%\lib;%LIB% + +cl /O1 ShellLink.cpp /LD /link kernel32.lib user32.lib uuid.lib ole32.lib /OPT:NOWIN98 /NODEFAULTLIB /ENTRY:DllMain +@PAUSE \ No newline at end of file diff -Nru stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/nsis_ansi/api.h stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/nsis_ansi/api.h --- stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/nsis_ansi/api.h 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/nsis_ansi/api.h 2009-02-01 14:44:30.000000000 +0000 @@ -0,0 +1,83 @@ +/* + * apih + * + * This file is a part of NSIS. + * + * Copyright (C) 1999-2009 Nullsoft and Contributors + * + * Licensed under the zlib/libpng license (the "License"); + * you may not use this file except in compliance with the License. + * + * Licence details can be found in the file COPYING. + * + * This software is provided 'as-is', without any express or implied + * warranty. + */ + +#ifndef _NSIS_EXEHEAD_API_H_ +#define _NSIS_EXEHEAD_API_H_ + +// Starting with NSIS 2.42, you can check the version of the plugin API in exec_flags->plugin_api_version +// The format is 0xXXXXYYYY where X is the major version and Y is the minor version (MAKELONG(y,x)) +// When doing version checks, always remember to use >=, ex: if (pX->exec_flags->plugin_api_version >= NSISPIAPIVER_1_0) {} + +#define NSISPIAPIVER_1_0 0x00010000 +#define NSISPIAPIVER_CURR NSISPIAPIVER_1_0 + +// NSIS Plug-In Callback Messages +enum NSPIM +{ + NSPIM_UNLOAD, // This is the last message a plugin gets, do final cleanup + NSPIM_GUIUNLOAD, // Called after .onGUIEnd +}; + +// Prototype for callbacks registered with extra_parameters->RegisterPluginCallback() +// Return NULL for unknown messages +// Should always be __cdecl for future expansion possibilities +typedef UINT_PTR (*NSISPLUGINCALLBACK)(enum NSPIM); + +// extra_parameters data structures containing other interesting stuff +// but the stack, variables and HWND passed on to plug-ins. +typedef struct +{ + int autoclose; + int all_user_var; + int exec_error; + int abort; + int exec_reboot; // NSIS_SUPPORT_REBOOT + int reboot_called; // NSIS_SUPPORT_REBOOT + int XXX_cur_insttype; // depreacted + int plugin_api_version; // see NSISPIAPIVER_CURR + // used to be XXX_insttype_changed + int silent; // NSIS_CONFIG_SILENT_SUPPORT + int instdir_error; + int rtl; + int errlvl; + int alter_reg_view; + int status_update; +} exec_flags_t; + +#ifndef NSISCALL +# define NSISCALL __stdcall +#endif + +typedef struct { + exec_flags_t *exec_flags; + int (NSISCALL *ExecuteCodeSegment)(int, HWND); + void (NSISCALL *validate_filename)(char *); + int (NSISCALL *RegisterPluginCallback)(HMODULE, NSISPLUGINCALLBACK); // returns 0 on success, 1 if already registered and < 0 on errors +} extra_parameters; + +// Definitions for page showing plug-ins +// See Ui.c to understand better how they're used + +// sent to the outer window to tell it to go to the next inner window +#define WM_NOTIFY_OUTER_NEXT (WM_USER+0x8) + +// custom pages should send this message to let NSIS know they're ready +#define WM_NOTIFY_CUSTOM_READY (WM_USER+0xd) + +// sent as wParam with WM_NOTIFY_OUTER_NEXT when user cancels - heed its warning +#define NOTIFY_BYE_BYE 'x' + +#endif /* _PLUGIN_H_ */ diff -Nru stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/nsis_ansi/pluginapi.h stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/nsis_ansi/pluginapi.h --- stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/nsis_ansi/pluginapi.h 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/nsis_ansi/pluginapi.h 2008-12-20 08:49:26.000000000 +0000 @@ -0,0 +1,74 @@ +#ifndef ___NSIS_PLUGIN__H___ +#define ___NSIS_PLUGIN__H___ + +#ifdef __cplusplus +extern "C" { +#endif + +#include "api.h" + +#ifndef NSISCALL +# define NSISCALL __stdcall +#endif + +#define EXDLL_INIT() { \ + g_stringsize=string_size; \ + g_stacktop=stacktop; \ + g_variables=variables; } + +typedef struct _stack_t { + struct _stack_t *next; + char text[1]; // this should be the length of string_size +} stack_t; + +enum +{ +INST_0, // $0 +INST_1, // $1 +INST_2, // $2 +INST_3, // $3 +INST_4, // $4 +INST_5, // $5 +INST_6, // $6 +INST_7, // $7 +INST_8, // $8 +INST_9, // $9 +INST_R0, // $R0 +INST_R1, // $R1 +INST_R2, // $R2 +INST_R3, // $R3 +INST_R4, // $R4 +INST_R5, // $R5 +INST_R6, // $R6 +INST_R7, // $R7 +INST_R8, // $R8 +INST_R9, // $R9 +INST_CMDLINE, // $CMDLINE +INST_INSTDIR, // $INSTDIR +INST_OUTDIR, // $OUTDIR +INST_EXEDIR, // $EXEDIR +INST_LANG, // $LANGUAGE +__INST_LAST +}; + +extern unsigned int g_stringsize; +extern stack_t **g_stacktop; +extern char *g_variables; + +int NSISCALL popstring(char *str); // 0 on success, 1 on empty stack +int NSISCALL popstringn(char *str, int maxlen); // with length limit, pass 0 for g_stringsize +int NSISCALL popint(); // pops an integer +int NSISCALL popint_or(); // with support for or'ing (2|4|8) +int NSISCALL myatoi(const char *s); // converts a string to an integer +unsigned NSISCALL myatou(const char *s); // converts a string to an unsigned integer, decimal only +int NSISCALL myatoi_or(const char *s); // with support for or'ing (2|4|8) +void NSISCALL pushstring(const char *str); +void NSISCALL pushint(int value); +char * NSISCALL getuservariable(const int varnum); +void NSISCALL setuservariable(const int varnum, const char *var); + +#ifdef __cplusplus +} +#endif + +#endif//!___NSIS_PLUGIN__H___ Binary files /tmp/tmplSASDf/TUlQUP504X/stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/nsis_ansi/pluginapi.lib and /tmp/tmplSASDf/9jhPVAWuKM/stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/nsis_ansi/pluginapi.lib differ diff -Nru stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/api.h stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/api.h --- stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/api.h 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/api.h 2009-09-08 15:33:04.000000000 +0000 @@ -0,0 +1,83 @@ +/* + * apih + * + * This file is a part of NSIS. + * + * Copyright (C) 1999-2009 Nullsoft and Contributors + * + * Licensed under the zlib/libpng license (the "License"); + * you may not use this file except in compliance with the License. + * + * Licence details can be found in the file COPYING. + * + * This software is provided 'as-is', without any express or implied + * warranty. + */ + +#ifndef _NSIS_EXEHEAD_API_H_ +#define _NSIS_EXEHEAD_API_H_ + +// Starting with NSIS 2.42, you can check the version of the plugin API in exec_flags->plugin_api_version +// The format is 0xXXXXYYYY where X is the major version and Y is the minor version (MAKELONG(y,x)) +// When doing version checks, always remember to use >=, ex: if (pX->exec_flags->plugin_api_version >= NSISPIAPIVER_1_0) {} + +#define NSISPIAPIVER_1_0 0x00010000 +#define NSISPIAPIVER_CURR NSISPIAPIVER_1_0 + +// NSIS Plug-In Callback Messages +enum NSPIM +{ + NSPIM_UNLOAD, // This is the last message a plugin gets, do final cleanup + NSPIM_GUIUNLOAD, // Called after .onGUIEnd +}; + +// Prototype for callbacks registered with extra_parameters->RegisterPluginCallback() +// Return NULL for unknown messages +// Should always be __cdecl for future expansion possibilities +typedef UINT_PTR (*NSISPLUGINCALLBACK)(enum NSPIM); + +// extra_parameters data structures containing other interesting stuff +// but the stack, variables and HWND passed on to plug-ins. +typedef struct +{ + int autoclose; + int all_user_var; + int exec_error; + int abort; + int exec_reboot; // NSIS_SUPPORT_REBOOT + int reboot_called; // NSIS_SUPPORT_REBOOT + int XXX_cur_insttype; // depreacted + int plugin_api_version; // see NSISPIAPIVER_CURR + // used to be XXX_insttype_changed + int silent; // NSIS_CONFIG_SILENT_SUPPORT + int instdir_error; + int rtl; + int errlvl; + int alter_reg_view; + int status_update; +} exec_flags_t; + +#ifndef NSISCALL +# define NSISCALL __stdcall +#endif + +typedef struct { + exec_flags_t *exec_flags; + int (NSISCALL *ExecuteCodeSegment)(int, HWND); + void (NSISCALL *validate_filename)(TCHAR *); + int (NSISCALL *RegisterPluginCallback)(HMODULE, NSISPLUGINCALLBACK); // returns 0 on success, 1 if already registered and < 0 on errors +} extra_parameters; + +// Definitions for page showing plug-ins +// See Ui.c to understand better how they're used + +// sent to the outer window to tell it to go to the next inner window +#define WM_NOTIFY_OUTER_NEXT (WM_USER+0x8) + +// custom pages should send this message to let NSIS know they're ready +#define WM_NOTIFY_CUSTOM_READY (WM_USER+0xd) + +// sent as wParam with WM_NOTIFY_OUTER_NEXT when user cancels - heed its warning +#define NOTIFY_BYE_BYE 'x' + +#endif /* _PLUGIN_H_ */ diff -Nru stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h --- stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h 2009-01-03 15:42:08.000000000 +0000 @@ -0,0 +1,214 @@ +/* + * nsis_tchar.h + * + * This file is a part of NSIS. + * + * Copyright (C) 1999-2007 Nullsoft and Contributors + * + * This software is provided 'as-is', without any express or implied + * warranty. + * + * For Unicode support by Jim Park -- 08/30/2007 + */ + +// Jim Park: Only those we use are listed here. + +#pragma once + +#ifdef _UNICODE + +#ifndef _T +#define __T(x) L ## x +#define _T(x) __T(x) +#define _TEXT(x) __T(x) +#endif +typedef wchar_t TCHAR; +typedef wchar_t _TUCHAR; + +// program +#define _tmain wmain +#define _tWinMain wWinMain +#define _tenviron _wenviron +#define __targv __wargv + +// printfs +#define _ftprintf fwprintf +#define _sntprintf _snwprintf +#define _stprintf _swprintf +#define _tprintf wprintf +#define _vftprintf vfwprintf +#define _vsntprintf _vsnwprintf +#define _vstprintf _vswprintf + +// scanfs +#define _tscanf wscanf +#define _stscanf swscanf + +// string manipulations +#define _tcscat wcscat +#define _tcschr wcschr +#define _tcsclen wcslen +#define _tcscpy wcscpy +#define _tcsdup _wcsdup +#define _tcslen wcslen +#define _tcsnccpy wcsncpy +#define _tcsncpy wcsncpy +#define _tcsrchr wcsrchr +#define _tcsstr wcsstr +#define _tcstok wcstok + +// string comparisons +#define _tcscmp wcscmp +#define _tcsicmp _wcsicmp +#define _tcsncicmp _wcsnicmp +#define _tcsncmp wcsncmp +#define _tcsnicmp _wcsnicmp + +// upper / lower +#define _tcslwr _wcslwr +#define _tcsupr _wcsupr +#define _totlower towlower +#define _totupper towupper + +// conversions to numbers +#define _tcstoi64 _wcstoi64 +#define _tcstol wcstol +#define _tcstoul wcstoul +#define _tstof _wtof +#define _tstoi _wtoi +#define _tstoi64 _wtoi64 +#define _ttoi _wtoi +#define _ttoi64 _wtoi64 +#define _ttol _wtol + +// conversion from numbers to strings +#define _itot _itow +#define _ltot _ltow +#define _i64tot _i64tow +#define _ui64tot _ui64tow + +// file manipulations +#define _tfopen _wfopen +#define _topen _wopen +#define _tremove _wremove +#define _tunlink _wunlink + +// reading and writing to i/o +#define _fgettc fgetwc +#define _fgetts fgetws +#define _fputts fputws +#define _gettchar getwchar + +// directory +#define _tchdir _wchdir + +// environment +#define _tgetenv _wgetenv +#define _tsystem _wsystem + +// time +#define _tcsftime wcsftime + +#else // ANSI + +#ifndef _T +#define _T(x) x +#define _TEXT(x) x +#endif +typedef char TCHAR; +typedef unsigned char _TUCHAR; + +// program +#define _tmain main +#define _tWinMain WinMain +#define _tenviron environ +#define __targv __argv + +// printfs +#define _ftprintf fprintf +#define _sntprintf _snprintf +#define _stprintf sprintf +#define _tprintf printf +#define _vftprintf vfprintf +#define _vsntprintf _vsnprintf +#define _vstprintf vsprintf + +// scanfs +#define _tscanf scanf +#define _stscanf sscanf + +// string manipulations +#define _tcscat strcat +#define _tcschr strchr +#define _tcsclen strlen +#define _tcscnlen strnlen +#define _tcscpy strcpy +#define _tcsdup _strdup +#define _tcslen strlen +#define _tcsnccpy strncpy +#define _tcsrchr strrchr +#define _tcsstr strstr +#define _tcstok strtok + +// string comparisons +#define _tcscmp strcmp +#define _tcsicmp _stricmp +#define _tcsncmp strncmp +#define _tcsncicmp _strnicmp +#define _tcsnicmp _strnicmp + +// upper / lower +#define _tcslwr _strlwr +#define _tcsupr _strupr + +#define _totupper toupper +#define _totlower tolower + +// conversions to numbers +#define _tcstol strtol +#define _tcstoul strtoul +#define _tstof atof +#define _tstoi atoi +#define _tstoi64 _atoi64 +#define _tstoi64 _atoi64 +#define _ttoi atoi +#define _ttoi64 _atoi64 +#define _ttol atol + +// conversion from numbers to strings +#define _i64tot _i64toa +#define _itot _itoa +#define _ltot _ltoa +#define _ui64tot _ui64toa + +// file manipulations +#define _tfopen fopen +#define _topen _open +#define _tremove remove +#define _tunlink _unlink + +// reading and writing to i/o +#define _fgettc fgetc +#define _fgetts fgets +#define _fputts fputs +#define _gettchar getchar + +// directory +#define _tchdir _chdir + +// environment +#define _tgetenv getenv +#define _tsystem system + +// time +#define _tcsftime strftime + +#endif + +// is functions (the same in Unicode / ANSI) +#define _istgraph isgraph +#define _istascii __isascii + +#define __TFILE__ _T(__FILE__) +#define __TDATE__ _T(__DATE__) +#define __TTIME__ _T(__TIME__) diff -Nru stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/pluginapi.h stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/pluginapi.h --- stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/pluginapi.h 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/pluginapi.h 2009-01-01 16:41:10.000000000 +0000 @@ -0,0 +1,101 @@ +#ifndef ___NSIS_PLUGIN__H___ +#define ___NSIS_PLUGIN__H___ + +#ifdef __cplusplus +extern "C" { +#endif + +#include "api.h" +#include "nsis_tchar.h" + +#ifndef NSISCALL +# define NSISCALL __stdcall +#endif + +#define EXDLL_INIT() { \ + g_stringsize=string_size; \ + g_stacktop=stacktop; \ + g_variables=variables; } + +typedef struct _stack_t { + struct _stack_t *next; + TCHAR text[1]; // this should be the length of string_size +} stack_t; + +enum +{ +INST_0, // $0 +INST_1, // $1 +INST_2, // $2 +INST_3, // $3 +INST_4, // $4 +INST_5, // $5 +INST_6, // $6 +INST_7, // $7 +INST_8, // $8 +INST_9, // $9 +INST_R0, // $R0 +INST_R1, // $R1 +INST_R2, // $R2 +INST_R3, // $R3 +INST_R4, // $R4 +INST_R5, // $R5 +INST_R6, // $R6 +INST_R7, // $R7 +INST_R8, // $R8 +INST_R9, // $R9 +INST_CMDLINE, // $CMDLINE +INST_INSTDIR, // $INSTDIR +INST_OUTDIR, // $OUTDIR +INST_EXEDIR, // $EXEDIR +INST_LANG, // $LANGUAGE +__INST_LAST +}; + +extern unsigned int g_stringsize; +extern stack_t **g_stacktop; +extern TCHAR *g_variables; + +int NSISCALL popstring(TCHAR *str); // 0 on success, 1 on empty stack +int NSISCALL popstringn(TCHAR *str, int maxlen); // with length limit, pass 0 for g_stringsize +int NSISCALL popint(); // pops an integer +int NSISCALL popint_or(); // with support for or'ing (2|4|8) +int NSISCALL myatoi(const TCHAR *s); // converts a string to an integer +unsigned NSISCALL myatou(const TCHAR *s); // converts a string to an unsigned integer, decimal only +int NSISCALL myatoi_or(const TCHAR *s); // with support for or'ing (2|4|8) +void NSISCALL pushstring(const TCHAR *str); +void NSISCALL pushint(int value); +TCHAR * NSISCALL getuservariable(const int varnum); +void NSISCALL setuservariable(const int varnum, const TCHAR *var); + +#ifdef _UNICODE +#define PopStringW(x) popstring(x) +#define PushStringW(x) pushstring(x) +#define SetUserVariableW(x,y) setuservariable(x,y) + +int NSISCALL PopStringA(char* ansiStr); +void NSISCALL PushStringA(const char* ansiStr); +void NSISCALL GetUserVariableW(const int varnum, wchar_t* wideStr); +void NSISCALL GetUserVariableA(const int varnum, char* ansiStr); +void NSISCALL SetUserVariableA(const int varnum, const char* ansiStr); + +#else +// ANSI defs + +#define PopStringA(x) popstring(x) +#define PushStringA(x) pushstring(x) +#define SetUserVariableA(x,y) setuservariable(x,y) + +int NSISCALL PopStringW(wchar_t* wideStr); +void NSISCALL PushStringW(wchar_t* wideStr); +void NSISCALL GetUserVariableW(const int varnum, wchar_t* wideStr); +void NSISCALL GetUserVariableA(const int varnum, char* ansiStr); +void NSISCALL SetUserVariableW(const int varnum, const wchar_t* wideStr); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif//!___NSIS_PLUGIN__H___ Binary files /tmp/tmplSASDf/TUlQUP504X/stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/pluginapi.lib and /tmp/tmplSASDf/9jhPVAWuKM/stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/pluginapi.lib differ diff -Nru stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.cpp stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.cpp --- stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.cpp 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.cpp 2010-06-03 15:23:16.000000000 +0000 @@ -0,0 +1,341 @@ +/* +Module : ShellLink.cpp +Purpose: NSIS Plug-in for retriving shell link information +Created: 12/16/2003 +Last Update: 01/14/2004 + +Copyright (c) 2004 Angelo Mandato. +See ShellLink.html for more information + + +Modified: 21/09/2005 +Author: Shengalts Aleksander aka Instructor (Shengalts@mail.ru) +Changes: -code has been rewritten + -added functions to change shell link information + -reduced dll size 44Kb -> 4Kb +*/ + +// Uncomment for debugging message boxes +//#define SHELLLINK_DEBUG + +#include +#include + +#define xatoi +#include "ConvFunc.h" + +#ifdef UNICODE +#include "nsis_unicode\pluginapi.h" +#else +#include "nsis_ansi\pluginapi.h" +#endif + +#define NSISFUNC(name) extern "C" void __declspec(dllexport) name(HWND hWndParent, int string_size, TCHAR* variables, stack_t** stacktop, extra_parameters* extra) + +#define SHELLLINKTYPE_GETARGS 1 +#define SHELLLINKTYPE_GETDESC 2 +#define SHELLLINKTYPE_GETHOTKEY 3 +#define SHELLLINKTYPE_GETICONLOC 4 +#define SHELLLINKTYPE_GETICONINDEX 5 +#define SHELLLINKTYPE_GETPATH 6 +#define SHELLLINKTYPE_GETSHOWMODE 7 +#define SHELLLINKTYPE_GETWORKINGDIR 8 +#define SHELLLINKTYPE_SETARGS 9 +#define SHELLLINKTYPE_SETDESC 10 +#define SHELLLINKTYPE_SETHOTKEY 11 +#define SHELLLINKTYPE_SETICONLOC 12 +#define SHELLLINKTYPE_SETICONINDEX 13 +#define SHELLLINKTYPE_SETPATH 14 +#define SHELLLINKTYPE_SETSHOWMODE 15 +#define SHELLLINKTYPE_SETWORKINGDIR 16 +#define SHELLLINKTYPE_SETRUNASADMIN 17 + +void ShortCutData(int nType); + +//Get +NSISFUNC(GetShortCutArgs) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_GETARGS); +} + +NSISFUNC(GetShortCutDescription) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_GETDESC); +} + +NSISFUNC(GetShortCutHotkey) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_GETHOTKEY); +} + +NSISFUNC(GetShortCutIconLocation) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_GETICONLOC); +} + +NSISFUNC(GetShortCutIconIndex) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_GETICONINDEX); +} + +NSISFUNC(GetShortCutTarget) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_GETPATH); +} + +NSISFUNC(GetShortCutShowMode) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_GETSHOWMODE); +} + +NSISFUNC(GetShortCutWorkingDirectory) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_GETWORKINGDIR); +} + +//Set +NSISFUNC(SetShortCutArgs) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_SETARGS); +} + +NSISFUNC(SetShortCutDescription) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_SETDESC); +} + +NSISFUNC(SetShortCutHotkey) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_SETHOTKEY); +} + +NSISFUNC(SetShortCutIconLocation) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_SETICONLOC); +} + +NSISFUNC(SetShortCutIconIndex) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_SETICONINDEX); +} + +NSISFUNC(SetShortCutTarget) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_SETPATH); +} + +NSISFUNC(SetShortCutShowMode) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_SETSHOWMODE); +} + +NSISFUNC(SetShortCutWorkingDirectory) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_SETWORKINGDIR); +} + +NSISFUNC(SetRunAsAdministrator) +{ + EXDLL_INIT(); + ShortCutData(SHELLLINKTYPE_SETRUNASADMIN); +} + +void ShortCutData(int nType) +{ + HRESULT hRes; + IShellLink* psl; + IPersistFile* ppf; + + int nBuf; + WORD wHotkey; + TCHAR* szBuf = (TCHAR*)LocalAlloc(LPTR, sizeof(TCHAR)*MAX_PATH); + TCHAR* szBuf2 = (TCHAR*)LocalAlloc(LPTR, sizeof(TCHAR)*MAX_PATH); + + popstring(szBuf); + if (nType > SHELLLINKTYPE_GETWORKINGDIR) popstring(szBuf2); + + hRes=CoCreateInstance(CLSID_ShellLink, NULL, CLSCTX_INPROC_SERVER, IID_IShellLink, (LPVOID*) &psl); + if (hRes == S_OK) + { + hRes=psl->QueryInterface(IID_IPersistFile, (LPVOID*) &ppf); + if (hRes == S_OK) + { +#ifdef UNICODE + hRes=ppf->Load(szBuf, STGM_READWRITE); +#else + WCHAR* wszPath = (WCHAR*)LocalAlloc(LPTR, sizeof(WCHAR)*MAX_PATH); + MultiByteToWideChar(CP_ACP, 0, szBuf, -1, wszPath, MAX_PATH); + hRes=ppf->Load(wszPath, STGM_READWRITE); + LocalFree(wszPath); +#endif + if (hRes == S_OK) + { + if (nType <= SHELLLINKTYPE_GETWORKINGDIR) + { + //Get + switch(nType) + { + case SHELLLINKTYPE_GETARGS: + { + hRes=psl->GetArguments(szBuf, MAX_PATH); + if (hRes != S_OK) szBuf[0]='\0'; + }; break; + case SHELLLINKTYPE_GETDESC: + { + hRes=psl->GetDescription(szBuf, MAX_PATH); + if (hRes != S_OK) szBuf[0]='\0'; + }; break; + case SHELLLINKTYPE_GETHOTKEY: + { + hRes=psl->GetHotkey(&wHotkey); + if (hRes == S_OK) wsprintf(szBuf, TEXT("%d"), wHotkey); + else szBuf[0]='\0'; + }; break; + case SHELLLINKTYPE_GETICONLOC: + { + hRes=psl->GetIconLocation(szBuf, MAX_PATH, &nBuf); + if (hRes != S_OK) szBuf[0]='\0'; + }; break; + case SHELLLINKTYPE_GETICONINDEX: + { + hRes=psl->GetIconLocation(szBuf, MAX_PATH, &nBuf); + if (hRes == S_OK) wsprintf(szBuf, TEXT("%d"), nBuf); + else szBuf[0]='\0'; + }; break; + case SHELLLINKTYPE_GETPATH: + { + WIN32_FIND_DATA fd; + + hRes=psl->GetPath(szBuf, MAX_PATH, &fd, SLGP_UNCPRIORITY); + if (hRes != S_OK) szBuf[0]='\0'; + }; break; + case SHELLLINKTYPE_GETSHOWMODE: + { + hRes=psl->GetShowCmd(&nBuf); + if (hRes == S_OK) wsprintf(szBuf, TEXT("%d"), nBuf); + else szBuf[0]='\0'; + }; break; + case SHELLLINKTYPE_GETWORKINGDIR: + { + hRes=psl->GetWorkingDirectory(szBuf, MAX_PATH); + if (hRes != S_OK) szBuf[0]='\0'; + }; break; + } + } + else + { + //Set + switch(nType) + { + case SHELLLINKTYPE_SETARGS: + { + hRes=psl->SetArguments(szBuf2); + }; break; + case SHELLLINKTYPE_SETDESC: + { + hRes=psl->SetDescription(szBuf2); + }; break; + case SHELLLINKTYPE_SETHOTKEY: + { + wHotkey=(unsigned short)myatoi(szBuf2); + hRes=psl->SetHotkey(wHotkey); + }; break; + case SHELLLINKTYPE_SETICONLOC: + { + hRes=psl->GetIconLocation(szBuf, MAX_PATH, &nBuf); + if (hRes == S_OK) + hRes=psl->SetIconLocation(szBuf2, nBuf); + }; break; + case SHELLLINKTYPE_SETICONINDEX: + { + int nBuf2; + nBuf=myatoi(szBuf2); + + hRes=psl->GetIconLocation(szBuf, MAX_PATH, &nBuf2); + if (hRes == S_OK) + hRes=psl->SetIconLocation(szBuf, nBuf); + }; break; + case SHELLLINKTYPE_SETPATH: + { + hRes=psl->SetPath(szBuf2); + }; break; + case SHELLLINKTYPE_SETSHOWMODE: + { + nBuf=myatoi(szBuf2); + hRes=psl->SetShowCmd(nBuf); + }; break; + case SHELLLINKTYPE_SETWORKINGDIR: + { + hRes=psl->SetWorkingDirectory(szBuf2); + }; break; + case SHELLLINKTYPE_SETRUNASADMIN: + { + IShellLinkDataList* pdl; + hRes=psl->QueryInterface(IID_IShellLinkDataList, (void**)&pdl); + if (hRes == S_OK) + { + DWORD dwFlags = 0; + hRes=pdl->GetFlags(&dwFlags); + if (hRes == S_OK && (dwFlags & SLDF_RUNAS_USER) != SLDF_RUNAS_USER) + hRes=pdl->SetFlags(dwFlags | SLDF_RUNAS_USER); + pdl->Release(); + } + }; break; + } + if (hRes == S_OK) hRes=ppf->Save(NULL, FALSE); + #ifdef SHELLLINK_DEBUG + else MessageBox(hwndParent, TEXT("ERROR: Save()"), TEXT("ShellLink plug-in"), MB_OK); + #endif + } + } + #ifdef SHELLLINK_DEBUG + else MessageBox(hwndParent, TEXT("ERROR: Load()"), TEXT("ShellLink plug-in"), MB_OK); + #endif + } + #ifdef SHELLLINK_DEBUG + else MessageBox(hwndParent, TEXT("CShellLink::Initialise, Failed in call to QueryInterface for IPersistFile, HRESULT was %x\n"), TEXT("ShellLink plug-in"), MB_OK); + #endif + + // Cleanup: + if (ppf) ppf->Release(); + if (psl) psl->Release(); + } + #ifdef SHELLLINK_DEBUG + else MessageBox(hwndParent, TEXT("ERROR: CoCreateInstance()"), TEXT("ShellLink plug-in"), MB_OK); + #endif + + if (hRes == S_OK) + { + if (nType <= SHELLLINKTYPE_GETWORKINGDIR) pushstring(szBuf); + else pushstring(TEXT("0")); + } + else + { + if (nType <= SHELLLINKTYPE_GETWORKINGDIR) pushstring(TEXT("")); + else pushstring(TEXT("-1")); + } + + LocalFree(szBuf); + LocalFree(szBuf2); +} + +BOOL WINAPI DllMain(HANDLE hInst, ULONG ul_reason_for_call, LPVOID lpReserved) +{ + return TRUE; +} diff -Nru stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.dsp stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.dsp --- stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.dsp 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.dsp 2005-09-21 18:24:08.000000000 +0000 @@ -0,0 +1,108 @@ +# Microsoft Developer Studio Project File - Name="ShellLink" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +CFG=ShellLink - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "ShellLink.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "ShellLink.mak" CFG="ShellLink - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "ShellLink - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "ShellLink - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +MTL=midl.exe +RSC=rc.exe + +!IF "$(CFG)" == "ShellLink - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "ShellLink_EXPORTS" /YX /FD /c +# ADD CPP /nologo /MT /W3 /GX /O1 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "ShellLink_EXPORTS" /YX /FD /c +# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32 +# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386 +# ADD LINK32 kernel32.lib user32.lib uuid.lib ole32.lib /nologo /entry:"DllMain" /dll /machine:I386 /nodefaultlib /out:"ShellLink.dll" /opt:nowin98 +# SUBTRACT LINK32 /pdb:none + +!ELSEIF "$(CFG)" == "ShellLink - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "ShellLink_EXPORTS" /YX /FD /GZ /c +# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "ShellLink_EXPORTS" /YX /FD /GZ /c +# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32 +# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "ShellLink - Win32 Release" +# Name "ShellLink - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=.\ShellLink.cpp +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff -Nru stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.dsw stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.dsw --- stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.dsw 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.dsw 2005-09-21 00:19:20.000000000 +0000 @@ -0,0 +1,29 @@ +Microsoft Developer Studio Workspace File, Format Version 6.00 +# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE! + +############################################################################### + +Project: "ShellLink"=.\ShellLink.dsp - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ +}}} + +############################################################################### + +Global: + +Package=<5> +{{{ +}}} + +Package=<3> +{{{ +}}} + +############################################################################### + diff -Nru stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.sln stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.sln --- stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.sln 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.sln 2010-06-03 10:44:26.000000000 +0000 @@ -0,0 +1,23 @@ + +Microsoft Visual Studio Solution File, Format Version 10.00 +# Visual Studio 2008 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ShellLink", "ShellLink.vcproj", "{30513246-84A4-47ED-8BCE-FFDDB6B607AE}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Release Unicode|Win32 = Release Unicode|Win32 + Release|Win32 = Release|Win32 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {30513246-84A4-47ED-8BCE-FFDDB6B607AE}.Debug|Win32.ActiveCfg = Debug|Win32 + {30513246-84A4-47ED-8BCE-FFDDB6B607AE}.Debug|Win32.Build.0 = Debug|Win32 + {30513246-84A4-47ED-8BCE-FFDDB6B607AE}.Release Unicode|Win32.ActiveCfg = Release Unicode|Win32 + {30513246-84A4-47ED-8BCE-FFDDB6B607AE}.Release Unicode|Win32.Build.0 = Release Unicode|Win32 + {30513246-84A4-47ED-8BCE-FFDDB6B607AE}.Release|Win32.ActiveCfg = Release|Win32 + {30513246-84A4-47ED-8BCE-FFDDB6B607AE}.Release|Win32.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff -Nru stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.vcproj stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.vcproj --- stunnel4-5.49/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.vcproj 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.vcproj 2010-06-03 12:01:44.000000000 +0000 @@ -0,0 +1,359 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff -Nru stunnel4-5.49/tools/plugins/ShellLink/Docs/ShellLink/Readme.html stunnel4-5.50/tools/plugins/ShellLink/Docs/ShellLink/Readme.html --- stunnel4-5.49/tools/plugins/ShellLink/Docs/ShellLink/Readme.html 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/ShellLink/Docs/ShellLink/Readme.html 2010-06-03 15:41:04.000000000 +0000 @@ -0,0 +1,240 @@ + +ShellLink + + + + + +
+ + + +
+ + + + + +
+

ShellLink

+
+

Introduction

+

ShellLink is a NSIS plugin that allows you to read and write shell link (.lnk) files.

+

How to use

+

Make sure you have a valid path (link.lnk) to the shell link file.

+ +

Get Shortcut Working Directory

+
ShellLink::GetShortCutWorkingDirectory link.lnk
+Pop $0
+
+$0=C:\Program Files\MyProgram
+
+

Get Shortcut Target

+
ShellLink::GetShortCutTarget link.lnk
+Pop $0
+
+$0=C:\Program Files\MyProgram\run.exe
+
+

Get Shortcut Arguments

+
ShellLink::GetShortCutArgs link.lnk
+Pop $0
+
+$0=/s /d=1
+
+

Get Shortcut Icon Location

+
ShellLink::GetShortCutIconLocation link.lnk
+Pop $0
+
+$0=C:\Program Files\MyProgram\run.dll
+
+

Get Shortcut Icon Index

+
ShellLink::GetShortCutIconIndex link.lnk
+Pop $0
+
+$0=3
+
+

Get Shortcut Show Mode

+
ShellLink::GetShortCutShowMode link.lnk
+Pop $0
+
+$0=0    (SW_HIDE)
+$0=1    (SW_SHOWNORMAL or SW_NORMAL)
+$0=2    (SW_SHOWMINIMIZED)
+$0=3    (SW_SHOWMAXIMIZED or SW_MAXIMIZE)
+$0=4    (SW_SHOWNOACTIVATE)
+$0=5    (SW_SHOW)
+$0=6    (SW_MINIMIZE)
+$0=7    (SW_SHOWMINNOACTIVE)
+$0=8    (SW_SHOWNA)
+$0=9    (SW_RESTORE)
+$0=10   (SW_SHOWDEFAULT)
+$0=11   (SW_FORCEMINIMIZE or SW_MAX)
+
+

Get Shortcut Hot Keys

+
ShellLink::GetShortCutHotkey link.lnk
+Pop $0
+
+$0=634
+
+

Get Shortcut Description

+
ShellLink::GetShortCutDescription link.lnk
+Pop $0
+
+$0=My Shortcut Description
+
+ +
+

Set Shortcut Working Directory

+
ShellLink::SetShortCutWorkingDirectory link.lnk directory
+Pop $0
+
+$0=0   -no errors
+$0=-1  -error
+
+

Set Shortcut Target

+
ShellLink::SetShortCutTarget link.lnk target.file
+Pop $0
+
+$0=0   -no errors
+$0=-1  -error
+
+

Set Shortcut Arguments

+
ShellLink::SetShortCutArgs link.lnk parameters
+Pop $0
+
+$0=0   -no errors
+$0=-1  -error
+
+

Set Shortcut Icon Location

+
ShellLink::SetShortCutIconLocation link.lnk icon.file
+Pop $0
+
+$0=0   -no errors
+$0=-1  -error
+
+

Set Shortcut Icon Index

+
ShellLink::SetShortCutIconIndex link.lnk icon_index_number
+Pop $0
+
+$0=0   -no errors
+$0=-1  -error
+
+

Set Shortcut Show Mode

+
ShellLink::SetShortCutShowMode link.lnk start_options
+Pop $0
+
+$0=0   -no errors
+$0=-1  -error
+
+

Set Shortcut Hot Keys

+
ShellLink::SetShortCutHotkey link.lnk keyboard_shortcut
+Pop $0
+
+$0=0   -no errors
+$0=-1  -error
+
+

Set Shortcut Description

+
ShellLink::SetShortCutDescription link.lnk description
+Pop $0
+
+$0=0   -no errors
+$0=-1  -error
+
+

Set Shortcut to Run As Administrator

+
ShellLink::SetRunAsAdministrator link.lnk
+Pop $0
+
+$0=0   -no errors
+$0=-1  -error
+
+ +

Source code

+

NSIS plug-in (C++)

+

A download link to the source and DLL of this NSIS plug-in +can be found below.

+

Version history

+
    +
  • 1.2 by Afrow UK +
         -added Unicode build +
         -added SetRunAsAdministrator +
         -cleaned up code
    • +
  • 1.1 by Shengalts Aleksander aka Instructor (Shengalts@mail.ru) +
         -code has been rewritten +
         -added functions to change shell link information +
         -reduced dll size 44Kb -> 4Kb +
         -documentation updated
    • +
  • 1.0 first release of ShellLink.
    • +
+

Credits

+

Written and documented by Angelo Mandato

+

License

+
© 2004 Angelo Mandato
+
+This software is provided 'as-is', without any express or implied
+warranty. In no event will the authors be held liable for any damages
+arising from the use of this software.
+
+Permission is granted to anyone to use this software for any purpose,
+including commercial applications, and to alter it and redistribute
+it freely, subject to the following restrictions:
+
+1. The origin of this software must not be misrepresented; 
+   you must not claim that you wrote the original software.
+   If you use this software in a product, an acknowledgment in the
+   product documentation would be appreciated but is not required.
+2. Altered versions must be plainly marked as such,
+   and must not be misrepresented as being the original software.
+3. This notice may not be removed or altered from any distribution.
+
+

Download

+

Original link: http://www.spaceblue.com/downloads/shelllink.zip
NSIS Wiki: http://nsis.sourceforge.net/ShellLink_plug-in

+
diff -Nru stunnel4-5.49/tools/plugins/ShellLink/Examples/ShellLink.nsi stunnel4-5.50/tools/plugins/ShellLink/Examples/ShellLink.nsi --- stunnel4-5.49/tools/plugins/ShellLink/Examples/ShellLink.nsi 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/ShellLink/Examples/ShellLink.nsi 2010-06-03 15:30:26.000000000 +0000 @@ -0,0 +1,119 @@ +; ShellLink.nsi +; demonstrates how to use the ShellLink NSIS plugin. +; +; Created 12/16/2003 +; Last Update: 03/06/2010 +; Copyright (c) 2004 Angelo Mandato. +; +; 01/14/2004 - First version +; 21/09/2005 - Shengalts Aleksander aka Instructor (Shengalts@mail.ru) +; 03/06/2010 - Afrow UK + + +!define SHELLLINKTEST "$EXEDIR\ShellLinkTest.lnk" + +Name "Shell Link Example" +OutFile "ShellLink.exe" +ShowInstDetails show + +Section "Shell Link Test" + + ; Create test shortcut + SetOutPath "${NSISDIR}" + CreateShortCut "${SHELLLINKTEST}" "${NSISDIR}\makensisw.exe" \ + "/parameter1 /parameter2" "${NSISDIR}\makensisw.exe" 2 SW_SHOWNORMAL \ + "ALT|CTRL|SHIFT|F5" "a description" + DetailPrint "" + + ; Get Shortcut Working Directory + ShellLink::GetShortCutWorkingDirectory "${SHELLLINKTEST}" + Pop $0 + DetailPrint "GetWorkingDirectory: $0" + + ; Get Shortcut Target + ShellLink::GetShortCutTarget "${SHELLLINKTEST}" + Pop $0 + DetailPrint "GetTarget: $0" + + ; Get Shortcut Arguments + ShellLink::GetShortCutArgs "${SHELLLINKTEST}" + Pop $0 + DetailPrint "GetArgs: $0" + + ; Get Shortcut Icon Location + ShellLink::GetShortCutIconLocation "${SHELLLINKTEST}" + Pop $0 + DetailPrint "GetIconLocation: $0" + + ; Get Shortcut Icon Index + ShellLink::GetShortCutIconIndex "${SHELLLINKTEST}" + Pop $0 + DetailPrint "GetIconIndex: $0" + + ; Get Shortcut Show Mode + ShellLink::GetShortCutShowMode "${SHELLLINKTEST}" + Pop $0 + DetailPrint "GetShowMode: $0" + + ; Get Shortcut Hotkey(s) + ShellLink::GetShortCutHotkey "${SHELLLINKTEST}" + Pop $0 + DetailPrint "GetHotkey: $0" + + ; Get Shortcut Description + ShellLink::GetShortCutDescription "${SHELLLINKTEST}" + Pop $0 + DetailPrint "GetDescriptions: $0" + DetailPrint "" + + + ; Set Shortcut Working Directory + ShellLink::SetShortCutWorkingDirectory "${SHELLLINKTEST}" "$TEMP" + Pop $0 + DetailPrint "SetWorkingDirectory: $0" + + ; Set Shortcut Target + ShellLink::SetShortCutTarget "${SHELLLINKTEST}" "${NSISDIR}\NSIS.exe" + Pop $0 + DetailPrint "SetTarget: $0" + + ; Set Shortcut Arguments + ShellLink::SetShortCutArgs "${SHELLLINKTEST}" "-a -b -c" + Pop $0 + DetailPrint "SetArgs: $0" + + ; Set Shortcut Icon Location + ShellLink::SetShortCutIconLocation "${SHELLLINKTEST}" "$SYSDIR\shell32.dll" + Pop $0 + DetailPrint "SetIconLocation: $0" + + ; Set Shortcut Icon Index + ShellLink::SetShortCutIconIndex "${SHELLLINKTEST}" "41" + Pop $0 + DetailPrint "SetIconIndex: $0" + + ; Set Shortcut Show Mode + ShellLink::SetShortCutShowMode "${SHELLLINKTEST}" "7" + Pop $0 + DetailPrint "SetShowMode: $0" + + ; Set Shortcut Hotkey(s) + ShellLink::SetShortCutHotkey "${SHELLLINKTEST}" "634" + Pop $0 + DetailPrint "SetHotkey: $0" + + ; Set Shortcut Description + ShellLink::SetShortCutDescription "${SHELLLINKTEST}" "Some Description" + Pop $0 + DetailPrint "SetDescriptions: $0" + DetailPrint "" + + ; Set Shortcut to Run As Administrator + ShellLink::SetRunAsAdministrator "${SHELLLINKTEST}" + Pop $0 + DetailPrint "SetRunAsAdministrator: $0" + DetailPrint "" + +SectionEnd + +; eof \ No newline at end of file Binary files /tmp/tmplSASDf/TUlQUP504X/stunnel4-5.49/tools/plugins/ShellLink/Plugins/ShellLink.dll and /tmp/tmplSASDf/9jhPVAWuKM/stunnel4-5.50/tools/plugins/ShellLink/Plugins/ShellLink.dll differ Binary files /tmp/tmplSASDf/TUlQUP504X/stunnel4-5.49/tools/plugins/ShellLink/Unicode/Plugins/ShellLink.dll and /tmp/tmplSASDf/9jhPVAWuKM/stunnel4-5.50/tools/plugins/ShellLink/Unicode/Plugins/ShellLink.dll differ diff -Nru stunnel4-5.49/tools/plugins/SimpleFC/License.txt stunnel4-5.50/tools/plugins/SimpleFC/License.txt --- stunnel4-5.49/tools/plugins/SimpleFC/License.txt 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/SimpleFC/License.txt 2007-04-17 16:15:12.000000000 +0000 @@ -0,0 +1,27 @@ +SimpleFC - NSIS Firewall Control Plugin - License Agreement + +This plugin is subject to the Mozilla Public License Version 1.1 (the "License"); +You may not use this plugin except in compliance with the License. You may +obtain a copy of the License at http://www.mozilla.org/MPL. + +Alternatively, you may redistribute this library, use and/or modify it +under the terms of the GNU Lesser General Public License as published +by the Free Software Foundation; either version 2.1 of the License, +or (at your option) any later version. You may obtain a copy +of the LGPL at www.gnu.org/copyleft. + +Software distributed under the License is distributed on an "AS IS" basis, +WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +for the specific language governing rights and limitations under the License. + +Copyright + +Portions of this software are Copyright (C) 2001 - Peter Windridge, 2003 by +Bernhard Mayer, Fixed and formatted by Brett Dever http://editor.nfscheats.com/ + +The original code is FirewallControl.pas, released April 16, 2007. + +The initial developer of the original code is Rainer Budde (http://www.speed-soft.de). + +SimpleFC - NSIS Firewall Plugin is written, published and maintaned by +Rainer Budde (rainer@speed-soft.de). \ No newline at end of file diff -Nru stunnel4-5.49/tools/plugins/SimpleFC/Readme.txt stunnel4-5.50/tools/plugins/SimpleFC/Readme.txt --- stunnel4-5.49/tools/plugins/SimpleFC/Readme.txt 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/SimpleFC/Readme.txt 2012-07-16 19:05:20.000000000 +0000 @@ -0,0 +1,321 @@ +NSIS Simple Firewall Plugin + +This plugin can be used to configurate the windows firewall. +This plugin contains functions to enable, check, add or remove +programs or ports to the firewall exception list. It also contains +functions for checking the firewall status, enable or disable +the firewall and so on. + + + + +== Short Reference == + + +SimpleFC::EnableDisableFirewall [status] +SimpleFC::IsFirewallEnabled + +SimpleFC::AllowDisallowExceptionsNotAllowed [status] +SimpleFC::AreExceptionsNotAllowed + +SimpleFC::EnableDisableNotifications [status] +SimpleFC::AreNotificationsEnabled + +SimpleFC::StartStopFirewallService [status] +SimpleFC::IsFirewallServiceRunning + +SimpleFC::AddPort [port] [name] [protocol] [scope] [ip_version] [remote_addresses] [status] +SimpleFC::IsPortAdded [port] [protocol] +SimpleFC::RemovePort [port] [protocol] + +SimpleFC::IsPortEnabled [port] [protocol] +SimpleFC::EnableDisablePort [port] [protocol] + +SimpleFC::AddApplication [name] [path] [scope] [ip_version] [remote_addresses] [status] +SimpleFC::IsApplicationAdded [path] +SimpleFC::RemoveApplication [path] + +SimpleFC::IsApplicationEnabled [path] +SimpleFC::EnableDisableApplication [path] + +SimpleFC::RestoreDefaults + +SimpleFC::AllowDisallowIcmpOutboundDestinationUnreachable [status] +SimpleFC::AllowDisallowIcmpRedirect [status] +SimpleFC::AllowDisallowIcmpInboundEchoRequest [status] +SimpleFC::AllowDisallowIcmpOutboundTimeExceeded [status] +SimpleFC::AllowDisallowIcmpOutboundParameterProblem [status] +SimpleFC::AllowDisallowIcmpOutboundSourceQuench [status] +SimpleFC::AllowDisallowIcmpInboundRouterRequest [status] +SimpleFC::AllowDisallowIcmpInboundTimestampRequest [status] +SimpleFC::AllowDisallowIcmpInboundMaskRequest [status] +SimpleFC::AllowDisallowIcmpOutboundPacketTooBig [status] +SimpleFC::IsIcmpTypeAllowed [ip_version] [local_address] [icmp_type] + +SimpleFC::AdvAddRule [name] [description] [protocol] [direction] + [status] [profile] [action] [application] [icmp_types_and_codes] + [group] [local_ports] [remote_ports] [local_address] [remote_address] +SimpleFC::AdvRemoveRule [name] +SimpleFC::AdvExistsRule [name] + + +Parameters: + +port - TCP/UDP port which should be opened/closed +name - The name of the application/port/rule +description - Description of the rule +protocol - One of the following protocol + 1 - ICMPv4 + 6 - TCP + 17 - UDP + 58 - ICMPv6 + 256 - ANY +scope - one of the following scope + 0 - All networks + 1 - Only local subnets + 2 - Custom scope + 3 - Max + NOTE: if you use custom you must define remote_addresses +ip_version + 0 - IPv4 + 1 - IPv6 + 2 - Any version +icmp_type + 3 - Outbound Destination Unreachable (ICMPv4) + 4 - Outbound Source Quench (ICMPv4) + 5 - Redirect (ICMPv4) + 8 - Inbound Echo Request (ICMPv4) + 9 - Inbound Router Request (ICMPv4) + 11 - Outbound Time Exceeded (ICMPv4) + 12 - Outbound Parameter Problem (ICMPv4) + 13 - Inbound Timespamp Request (ICMPv4) + 17 - Inbound Mask Request (ICMPv4) + 1 - Outbound Destination Unreachable (ICMPv6) + 2 - Outbound Packet Too Big (ICMPv6) + 3 - Outbound Time Exceeded (ICMPv6) + 4 - Outbound Parameter Problem (ICMPv6) + 128 - Inbound Echo Request (ICMPv6) + 137 - Redirect (ICMPv6) +direction + 1 - In + 2 - Out +profile + 1 - Domain + 2 - Private + 4 - Public + 2147483647 - All profiles +action + 0 - Block + 1 - Allow +application - Path of the application (can be empty) +icmp_types_and_codes - Specified icmp types and codes (can be empty) +group - Put the rule in this specified group (can be empty) + Note: On Vista the group must the a resource string in a exe/dll e.g. "@C:\Program Files\My Application\myapp.exe,-10000". + On all other operating systems it can be a string value. +local_ports - Local ports (The protocol property must be set before - Otherwise can be empty) +remote_ports - Remote ports (The protocol property must be set before - Otherwise can be empty) +local_address - Local addresses from which the application can listen for traffic. (can be empty) +remote_addresses - Remote addresses from which the port can listen for traffic (can be empty) +status - Status of the port, application, rule, firewall or service for example enabled/disabled, start/stop or allow/disallow + 0 - Disabled, stop or disallow + 1 - Enabled, start, or allow + + + + +== The Sample Script == + + +; Add the port 37/TCP to the firewall exception list - All Networks - All IP Version - Enabled + SimpleFC::AddPort 37 "My Application" 6 0 2 "" 1 + Pop $0 ; return error(1)/success(0) + +; Check if the port 37/TCP is added to the firewall exception list + SimpleFC::IsPortAdded 37 6 + Pop $0 ; return error(1)/success(0) + Pop $1 ; return 1=Added/0=Not added + +; Remove the port 37/TCP from the firewall exception list + SimpleFC::RemovePort 37 6 + Pop $0 ; return error(1)/success(0) + +; Check if the port 37/TCP is enabled/disabled + SimpleFC::IsPortEnabled 37 6 + Pop $0 ; return error(1)/success(0) + Pop $1 ; return 1=Enabled/0=Not enabled + +; Disable the port 37/TCP + SimpleFC::EnableDisablePort 37 6 0 + Pop $0 ; return error(1)/success(0) + +; Enable the port 37/TCP + SimpleFC::EnableDisablePort 37 6 1 + Pop $0 ; return error(1)/success(0) + +; Check if an application is enabled/disabled + SimpleFC::IsApplicationEnabled "PathToApplication" + Pop $0 ; return error(1)/success(0) + Pop $1 ; return 1=Enabled/0=Not enabled + +; Disable the application + SimpleFC::EnableDisableApplication "PathToApplication" 0 + Pop $0 ; return error(1)/success(0) + +; Enable the application + SimpleFC::EnableDisableApplication "PathToApplication" 1 + Pop $0 ; return error(1)/success(0) + +; Add an application to the firewall exception list - All Networks - All IP Version - Enabled + SimpleFC::AddApplication "My Application" "PathToApplication" 0 2 "" 1 + Pop $0 ; return error(1)/success(0) + +; Check if the application is added to the firewall exception list + SimpleFC::IsApplicationAdded "PathToApplication" + Pop $0 ; return error(1)/success(0) + Pop $1 ; return 1=Added/0=Not added + +; Remove an application from the firewall exception list + SimpleFC::RemoveApplication "PathToApplication" + Pop $0 ; return error(1)/success(0) + +; Disable the windows firewall + SimpleFC::EnableDisableFirewall 0 + Pop $0 ; return error(1)/success(0) + +; Enable the windows firewall + SimpleFC::EnableDisableFirewall 1 + Pop $0 ; return error(1)/success(0) + +; Check if the firewall is enabled + SimpleFC::IsFirewallEnabled + Pop $0 ; return error(1)/success(0) + Pop $1 ; return 1=Enabled/0=Disabled + +; Enable exceptions are not allowed on the windows firewall + SimpleFC::AllowDisallowExceptionsNotAllowed 1 + Pop $0 ; return error(1)/success(0) + +; Disable exceptions are not allowed on the windows firewall + SimpleFC::AllowDisallowExceptionsNotAllowed 0 + Pop $0 ; return error(1)/success(0) + +; Check if exceptions are not allowed + SimpleFC::AreExceptionsNotAllowed + Pop $0 ; return error(1)/success(0) + Pop $1 ; return 1=Exceptions are not allowed is activated/0=Exception are not allowed is deactivated + +; Enable notifications on the windows firewall + SimpleFC::EnableDisableNotifications 1 + +; Disable notifications on the windows firewall + SimpleFC::EnableDisableNotifications 0 + Pop $0 ; return error(1)/success(0) + +; Check if notifications are enabled/disabled + SimpleFC::AreNotificationsEnabled + Pop $0 ; return error(1)/success(0) + Pop $1 ; return 1=Enabled/0=Disabled + +; Starts the windows firewall service + SimpleFC::StartStopFirewallService 1 + Pop $0 ; return error(1)/success(0) + +; Stops the windows firewall service + SimpleFC::StartStopFirewallService 0 + Pop $0 ; return error(1)/success(0) + +; Check if windows firewall service is running + SimpleFC::IsFirewallServiceRunning + Pop $0 ; return error(1)/success(0) + Pop $1 ; return 1=IsRunning/0=Not Running + +; Sets the windows firewall to default settings + SimpleFC::RestoreDefaults + Pop $0 ; return error(1)/success(0) + +; Enable ICMP outbound destination unreachable state + SimpleFC::AllowDisallowIcmpOutboundDestinationUnreachable 1 + Pop $0 ; return error(1)/success(0) + +; Enable ICMP redirect state + SimpleFC::AllowDisallowIcmpRedirect 1 + Pop $0 ; return error(1)/success(0) + +; Enable ICMP inbound echo request + SimpleFC::AllowDisallowIcmpInboundEchoRequest 1 + Pop $0 ; return error(1)/success(0) + +; Enable ICMP outbound time exceeded + SimpleFC::AllowDisallowIcmpOutboundTimeExceeded 1 + Pop $0 ; return error(1)/success(0) + +; Enable ICMP outbound parameter problem + SimpleFC::AllowDisallowIcmpOutboundParameterProblem 1 + Pop $0 ; return error(1)/success(0) + +; Enable ICMP outbound source quench + SimpleFC::AllowDisallowIcmpOutboundSourceQuench 1 + Pop $0 ; return error(1)/success(0) + +; Enable ICMP inbound router request + SimpleFC::AllowDisallowIcmpInboundRouterRequest 1 + Pop $0 ; return error(1)/success(0) + +; Enable ICMP inbound timestamp request + SimpleFC::AllowDisallowIcmpInboundTimestampRequest 1 + Pop $0 ; return error(1)/success(0) + +; Enable ICMP inbound mask request + SimpleFC::AllowDisallowIcmpInboundMaskRequest 1 + Pop $0 ; return error(1)/success(0) + +; Enable ICMP outbound packet too big + SimpleFC::AllowDisallowIcmpOutboundPacketTooBig 1 + Pop $0 ; return error(1)/success(0) + +; Check if ICMPv4 echo request is allowed + SimpleFC::IsIcmpTypeAllowed "0" "" "8" + Pop $0 ; return error(1)/success(0) + Pop $1 ; return 1=Restricted/0=Not restricted + Pop $2 ; return 1=Allowed/0=Not allowed + + +; Some example rules for the windows firewall with advanced security. +; Please note this functions are very powerful, so for a detailed +; description please read the windows firewall with advanced +; security api reference: +; http://msdn2.microsoft.com/en-us/library/aa365309.aspx + +; Adds an ICMPv4 rule to allow incoming echo reply messages (IcmpCodeAndType = 0:0) + SimpleFC::AdvAddRule "Echo-Reply (ICMPv4 incoming)" "Allows incoming Echo Replies messages." "1" "1" "1" "7" "1" "" "0:0" "@PathToApplication,-10000" "" "" "" "" + Pop $0 ; return error(1)/success(0) + +; Adds an ICMPv4 rule to allow incoming echo request messages (IcmpCodeAndType = 8:0) + SimpleFC::AdvAddRule "Echo-Request (ICMPv4 incoming)" "Allows incoming ICMP Echo messages." "1" "1" "1" "7" "1" "" "8:0" "@PathToApplication,-10000" "" "" "" "" + Pop $0 ; return error(1)/success(0) + +; Add an application rule to allow incoming TCP access on this application + SimpleFC::AdvAddRule "Incoming requests (TCP incoming)" "Allows incoming requests." "6" "1" "1" "7" "1" "PathToApplication" "" "@PathToApplication,-10000" "" "" "" "" + Pop $0 ; return error(1)/success(0) + +; Add an application rule to allow incoming UDP access on this application + SimpleFC::AdvAddRule "Incoming requests (UDP incoming)" "Allows incoming requests." "17" "1" "1" "7" "1" "PathToApplication" "" "@PathToApplication,-10000" "" "" "" "" + Pop $0 ; return error(1)/success(0) + +; Removes a firewall rule + SimpleFC::AdvRemoveRule "Incoming requests (UDP incoming)" + Pop $0 ; return error(1)/success(0) + +; Check if the firewall exists + SimpleFC::AdvExistsRule "Incoming requests (UDP incoming)" + Pop $0 ; return error(1)/success(0) + Pop $1 ; return 1=Exists/0=Doesnt exists + + + + +== Important Note == + +- This plugin is running with Windows XP SP2, Windows 2003 and Windows Vista. +- It is recommend to check for windows firewall service is running (SimpleFC::IsFirewallServiceRunning). +- All functions with the prefix "Adv" are only for Windows Firewall with Advanced Security (Windows Vista). \ No newline at end of file Binary files /tmp/tmplSASDf/TUlQUP504X/stunnel4-5.49/tools/plugins/SimpleFC/SimpleFC.dll and /tmp/tmplSASDf/9jhPVAWuKM/stunnel4-5.50/tools/plugins/SimpleFC/SimpleFC.dll differ diff -Nru stunnel4-5.49/tools/plugins/SimpleFC/Source/FirewallControl.pas stunnel4-5.50/tools/plugins/SimpleFC/Source/FirewallControl.pas --- stunnel4-5.49/tools/plugins/SimpleFC/Source/FirewallControl.pas 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/SimpleFC/Source/FirewallControl.pas 2009-08-22 08:16:36.000000000 +0000 @@ -0,0 +1,1240 @@ +{ +License Agreement + +This content is subject to the Mozilla Public License Version 1.1 (the "License"); +You may not use this plugin except in compliance with the License. You may +obtain a copy of the License at http://www.mozilla.org/MPL. + +Alternatively, you may redistribute this library, use and/or modify it +under the terms of the GNU Lesser General Public License as published +by the Free Software Foundation; either version 2.1 of the License, +or (at your option) any later version. You may obtain a copy +of the LGPL at www.gnu.org/copyleft. + +Software distributed under the License is distributed on an "AS IS" basis, +WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +for the specific language governing rights and limitations under the License. + +The original code is FirewallControl.pas, released April 16, 2007. + +The initial developer of the original code is Rainer Budde (http://www.speed-soft.de). + +SimpleFC - NSIS Firewall Control Plugin is written, published and maintaned by +Rainer Budde (rainer@speed-soft.de). +} +unit FirewallControl; + +interface + +uses + NetFwTypeLib_TLB, ComObj, ActiveX, Variants, SysUtils, ServiceControl; + +type + NET_FW_IP_VERSION = ( + NET_FW_IP_VERSION_V4 = $00000000, + NET_FW_IP_VERSION_V6 = $00000001, + NET_FW_IP_VERSION_ANY = $00000002, + NET_FW_IP_VERSION_MAX = $00000003 + ); + + NET_FW_IP_PROTOCOL = ( + NET_FW_IP_PROTOCOL_ICMP_V4 = $00000001, + NET_FW_IP_PROTOCOL_ICMP_V6 = $0000003A, + NET_FW_IP_PROTOCOL_TCP = $00000006, + NET_FW_IP_PROTOCOL_UDP = $00000011, + NET_FW_IP_PROTOCOL_ANY = $00000100 + ); + + NET_FW_ACTION = ( + NET_FW_ACTION_BLOCK = $00000000, + NET_FW_ACTION_ALLOW = $00000001, + NET_FW_ACTION_MAX = $00000002 + ); + + NET_FW_SCOPE = ( + NET_FW_SCOPE_ALL = $00000000, + NET_FW_SCOPE_LOCAL_SUBNET = $00000001, + NET_FW_SCOPE_CUSTOM = $00000002, + NET_FW_SCOPE_MAX = $00000003 + ); + + NET_FW_PROFILE_TYPE2 = ( + NET_FW_PROFILE2_DOMAIN = $00000001, + NET_FW_PROFILE2_PRIVATE = $00000002, + NET_FW_PROFILE2_PUBLIC = $00000004, + NET_FW_PROFILE2_ALL = $7FFFFFFF + ); + + NET_FW_RULE_DIRECTION = ( + NET_FW_RULE_DIR_IN = $00000001, + NET_FW_RULE_DIR_OUT = $00000002, + NET_FW_RULE_DIR_MAX = $00000003 + ); + + NET_FW_ICMP_TYPE = ( + NET_FW_ICMP_V4_OUTBOUND_DESTINATION_UNREACHABLE = $00000003, + NET_FW_ICMP_V4_OUTBOUND_SOURCE_QUENCH = $00000004, + NET_FW_ICMP_V4_REDIRECT = $00000005, + NET_FW_ICMP_V4_INBOUND_ECHO_REQUEST = $00000008, + NET_FW_ICMP_V4_INBOUND_ROUTER_REQUEST = $00000009, + NET_FW_ICMP_V4_OUTBOUND_TIME_EXCEEDED = $0000000B, + NET_FW_ICMP_V4_OUTBOUND_PARAMETER_PROBLEM = $0000000C, + NET_FW_ICMP_V4_INBOUND_TIMESTAMP_REQUEST = $0000000D, + NET_FW_ICMP_V4_INBOUND_MASK_REQUEST = $00000011, + NET_FW_ICMP_V6_OUTBOUND_DESTINATION_UNREACHABLE = $00000001, + NET_FW_ICMP_V6_OUTBOUND_PACKET_TOO_BIG = $00000002, + NET_FW_ICMP_V6_OUTBOUND_TIME_EXCEEDED = $00000003, + NET_FW_ICMP_V6_OUTBOUND_PARAMETER_PROBLEM = $00000004, + NET_FW_ICMP_V6_INBOUND_ECHO_REQUEST = $00000080, + NET_FW_ICMP_V6_REDIRECT = $00000089 + ); + + { Functions for Windows Firewall } + function AddPort(Port: Integer; Name: String; Protocol: NET_FW_IP_PROTOCOL; + Scope: NET_FW_SCOPE; IpVersion: NET_FW_IP_VERSION; RemoteAddresses: String; + Enabled: Boolean): HRESULT; + function RemovePort(Port: Integer; Protocol: NET_FW_IP_PROTOCOL): HRESULT; + function AddApplication(Name: String; BinaryPath: String; Scope: NET_FW_SCOPE; + IpVersion: NET_FW_IP_VERSION; RemoteAdresses: String; Enabled: Boolean): HRESULT; + function RemoveApplication(BinaryPath: String): HRESULT; + function IsPortAdded(Port: Integer; Protocol: NET_FW_IP_PROTOCOL; + var Added: Boolean): HRESULT; + function IsApplicationAdded(BinaryPath: String; var Added: Boolean): HRESULT; + function IsPortEnabled(Port: Integer; Protocol: NET_FW_IP_PROTOCOL; + var Enabled: Boolean): HRESULT; + function IsApplicationEnabled(BinaryPath: String; var Enabled: Boolean): HRESULT; + function EnableDisablePort(Port: Integer; Protocol: NET_FW_IP_PROTOCOL; + Enabled: Boolean): HRESULT; + function EnableDisableApplication(BinaryPath: String; Enabled: Boolean): HRESULT; + function IsFirewallEnabled(var Enabled: Boolean): HRESULT; + function EnableDisableFirewall(Enabled: Boolean): HRESULT; + function AllowDisallowExceptionsNotAllowed(NotAllowed: Boolean): HRESULT; + function AreExceptionsNotAllowed(var NotAllowed: Boolean): HRESULT; + function EnableDisableNotifications(Enabled: Boolean): HRESULT; + function AreNotificationsEnabled(var Enabled: Boolean): HRESULT; + function IsFirewallServiceRunning(var IsRunning: Boolean): Boolean; + function StartStopFirewallService(StartService: Boolean): Boolean; + function RestoreDefaults: HRESULT; + function AllowDisallowIcmpOutboundDestinationUnreachable(Allow: Boolean): HRESULT; + function AllowDisallowIcmpRedirect(Allow: Boolean): HRESULT; + function AllowDisallowIcmpInboundEchoRequest(Allow: Boolean): HRESULT; + function AllowDisallowIcmpOutboundTimeExceeded(Allow: Boolean): HRESULT; + function AllowDisallowIcmpOutboundParameterProblem(Allow: Boolean): HRESULT; + function AllowDisallowIcmpOutboundSourceQuench(Allow: Boolean): HRESULT; + function AllowDisallowIcmpInboundRouterRequest(Allow: Boolean): HRESULT; + function AllowDisallowIcmpInboundTimestampRequest(Allow: Boolean): HRESULT; + function AllowDisallowIcmpInboundMaskRequest(Allow: Boolean): HRESULT; + function AllowDisallowIcmpOutboundPacketTooBig(Allow: Boolean): HRESULT; + function IsIcmpTypeAllowed(IpVersion: NET_FW_IP_VERSION; LocalAddress: String; + IcmpType: NET_FW_ICMP_TYPE; var Allowed: Boolean; var Restricted: Boolean): HRESULT; + + { Functions for Windows Firewall with advanced security } + function AdvAddRule(Name: String; Description: String; + Protocol: NET_FW_IP_PROTOCOL; Direction: NET_FW_RULE_DIRECTION; + Enabled: Boolean; Profile: NET_FW_PROFILE_TYPE2; Action: NET_FW_ACTION; + ApplicationName: String; IcmpTypesAndCodes: String; Group: String; + LocalPorts: String; RemotePorts: String; + LocalAddress: String; RemoteAddress: String): HRESULT; + function AdvRemoveRule(Name: String): HRESULT; + function AdvExistsRule(Name: String; var Exists: Boolean): HRESULT; + +implementation + +const + FW_MGR_CLASS_NAME = 'HNetCfg.FwMgr'; + FW_OPENPORT_CLASS_NAME = 'HNetCfg.FwOpenPort'; + FW_AUTHORIZED_APPLICATION = 'HNetCfg.FwAuthorizedApplication'; + FW_POLICY2_NAME = 'HNetCfg.FwPolicy2'; + FW_RULE_NAME = 'HNetCfg.FWRule'; + FW_SERVICE_XP_WIN2003 = 'SharedAccess'; + FW_SERVICE_VISTA = 'MpsSvc'; + +function CreateWideString(Value: String): PWideChar; +var + WideValue: PWideChar; +begin + GetMem(WideValue, Length(Value) * SizeOf(WideChar) + 1); + StringToWideChar(Value, WideValue, Length(Value) * SizeOf(WideChar) + 1); + + Result := WideValue; +end; + +procedure FreeWideString(Value: PWideChar); +begin + FreeMem(Value); +end; + +function AdvAddRule(Name: String; Description: String; + Protocol: NET_FW_IP_PROTOCOL; Direction: NET_FW_RULE_DIRECTION; + Enabled: Boolean; Profile: NET_FW_PROFILE_TYPE2; Action: NET_FW_ACTION; + ApplicationName: String; IcmpTypesAndCodes: String; Group: String; + LocalPorts: String; RemotePorts: String; + LocalAddress: String; RemoteAddress: String): HRESULT; +const + NET_FW_GROUPING = '@firewallapi.dll,-23255'; +var + FwPolicy2Disp: IDispatch; + FwPolicy2: INetFwPolicy2; + FwRuleDisp: IDispatch; + FwRule: INetFwRule; +begin + Result := S_OK; + + try + FwPolicy2Disp := CreateOleObject(FW_POLICY2_NAME); + try + FwPolicy2 := INetFwPolicy2(FwPolicy2Disp); + + FwRuleDisp := CreateOleObject(FW_RULE_NAME); + try + FwRule := INetFwRule(FwRuleDisp); + FwRule.Name := Name; + FwRule.Description := Description; + FwRule.Protocol := Integer(Protocol); + FwRule.Direction := Integer(Direction); + FwRule.Enabled := Enabled; + FwRule.Profiles := Integer(Profile); + FwRule.Action := TOleEnum(Action); + + if ApplicationName <> '' then + FwRule.ApplicationName := ApplicationName; + + if IcmpTypesAndCodes <> '' then + FwRule.IcmpTypesAndCodes := IcmpTypesAndCodes; + + if Group <> '' then + FwRule.Grouping := Group + else + FwRule.Grouping := NET_FW_GROUPING; + + if LocalPorts <> '' then + FwRule.LocalPorts := LocalPorts; + + if RemotePorts <> '' then + FwRule.RemotePorts := RemotePorts; + + if LocalAddress <> '' then + FwRule.LocalAddresses := LocalAddress; + + if RemoteAddress <> '' then + FwRule.RemoteAddresses := RemoteAddress; + + FwPolicy2.Rules.Add(FwRule); + finally + FwRuleDisp := Unassigned; + end; + finally + FwPolicy2Disp := Unassigned; + end; + + except + on E:EOleSysError do + begin + Result := E.ErrorCode; + end; + end; +end; + +function AdvRemoveRule(Name: String): HRESULT; +var + FwPolicy2Disp: IDispatch; + FwPolicy2: INetFwPolicy2; +begin + Result := S_OK; + + try + FwPolicy2Disp := CreateOleObject(FW_POLICY2_NAME); + try + FwPolicy2 := INetFwPolicy2(FwPolicy2Disp); + FwPolicy2.Rules.Remove(Name); + finally + FwPolicy2Disp := Unassigned; + end; + + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AdvExistsRule(Name: String; var Exists: Boolean): HRESULT; +var + FwPolicy2Disp: IDispatch; + FwPolicy2: INetFwPolicy2; + FwRule: INetFwRule; + FwRuleInstances: IEnumVariant; + TempFwRuleObj: OleVariant; + TempObjValue: Cardinal; + EnumerateNext: Boolean; +begin + Result := S_OK; + EnumerateNext := True; + + try + FwPolicy2Disp := CreateOleObject(FW_POLICY2_NAME); + try + FwPolicy2 := INetFwPolicy2(FwPolicy2Disp); + + FwRuleInstances := FwPolicy2.Rules.Get__NewEnum as IEnumVariant; + + while EnumerateNext and not Exists do + if FwRuleInstances.Next(1, TempFwRuleObj, TempObjValue) <> 0 then + EnumerateNext := False + else + begin + FwRule := IUnknown(TempFwRuleObj) as INetFwRule; + + Exists := LowerCase(FwRule.Name) = LowerCase(Name); + end; + finally + FwPolicy2Disp := Unassigned; + end; + + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AddPort(Port: Integer; Name: String; Protocol: NET_FW_IP_PROTOCOL; + Scope: NET_FW_SCOPE; IpVersion: NET_FW_IP_VERSION; RemoteAddresses: String; + Enabled: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; + FwOpenPortDisp: IDispatch; + FwOpenPort: INetFwOpenPort; + RemoteAddressesW: PWideChar; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + + FwOpenPortDisp := CreateOleObject(FW_OPENPORT_CLASS_NAME); + try + FwOpenPort := INetFwOpenPort(FwOpenPortDisp); + + GetMem(RemoteAddressesW, Length(RemoteAddresses) * SizeOf(WideChar) + 1); + try + StringToWideChar(RemoteAddresses, RemoteAddressesW, Length(RemoteAddresses) * SizeOf(WideChar) + 1); + + FwOpenPort.Port := Port; + FwOpenPort.Name := Name; + FwOpenPort.Protocol := TOleEnum(Protocol); + + if (Scope = NET_FW_SCOPE_ALL) or (Scope = NET_FW_SCOPE_LOCAL_SUBNET) then + FwOpenPort.Scope := TOleEnum(Scope) + else + FwOpenPort.RemoteAddresses := RemoteAddressesW; + + FwOpenPort.IpVersion := TOleEnum(IpVersion); + FwOpenPort.Enabled := Enabled; + + FwProfile.GloballyOpenPorts.Add(FwOpenPort); + + finally + FreeMem(RemoteAddressesW); + end; + + finally + FwOpenPortDisp := Unassigned; + end; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function RemovePort(Port: Integer; Protocol: NET_FW_IP_PROTOCOL): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.GloballyOpenPorts.Remove(Port, TOleEnum(Protocol)); + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AddApplication(Name: String; BinaryPath: String; Scope: NET_FW_SCOPE; + IpVersion: NET_FW_IP_VERSION; RemoteAdresses: String; + Enabled: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; + FwAppDisp: IDispatch; + FwApp: INetFwAuthorizedApplication; + RemoteAddressesW: PWideChar; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + + FwAppDisp := CreateOleObject(FW_AUTHORIZED_APPLICATION); + try + FwApp := INetFwAuthorizedApplication(FwAppDisp); + + GetMem(RemoteAddressesW, Length(RemoteAdresses) * SizeOf(WideChar) + 1); + try + StringToWideChar(RemoteAdresses, RemoteAddressesW, Length(RemoteAdresses) * SizeOf(WideChar) + 1); + + FwApp.Name := Name; + FwApp.ProcessImageFileName := BinaryPath; + + if (Scope = NET_FW_SCOPE_ALL) or (Scope = NET_FW_SCOPE_LOCAL_SUBNET) then + FwApp.Scope := TOleEnum(Scope) + else + FwApp.RemoteAddresses := RemoteAddressesW; + + FwApp.IpVersion := TOleEnum(IpVersion); + FwApp.Enabled := Enabled; + + FwProfile.AuthorizedApplications.Add(FwApp); + + finally + FreeMem(RemoteAddressesW) + end; + finally + FwAppDisp := Unassigned; + end; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function RemoveApplication(BinaryPath: String): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.AuthorizedApplications.Remove(BinaryPath); + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function IsPortAdded(Port: Integer; Protocol: NET_FW_IP_PROTOCOL; + var Added: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; + FwOpenPort: INetFwOpenPort; + FwOpenPortInstances: IEnumVariant; + TempFwPortObj: OleVariant; + TempObjValue: Cardinal; + EnumerateNext: Boolean; +begin + Result := S_OK; + Added := False; + EnumerateNext := True; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwOpenPortInstances := FwProfile.GloballyOpenPorts.Get__NewEnum as IEnumVariant; + + while EnumerateNext and not Added do + if FwOpenPortInstances.Next(1, TempFwPortObj, TempObjValue) <> 0 then + EnumerateNext := False + else + begin + FwOpenPort := IUnknown(TempFwPortObj) as INetFwOpenPort; + + Added := (FwOpenPort.Port = Port) and (FwOpenPort.Protocol = TOleEnum(Protocol)) + end; + + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function IsApplicationAdded(BinaryPath: String; var Added: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; + FwApp: INetFwAuthorizedApplication; + FwAppInstances: IEnumVariant; + TempFwApp: OleVariant; + TempObjValue: Cardinal; + EnumerateNext: Boolean; +begin + Result := S_OK; + Added := False; + EnumerateNext := True; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwAppInstances := FwProfile.AuthorizedApplications.Get__NewEnum as IEnumVariant; + + while EnumerateNext and not Added do + if FwAppInstances.Next(1, TempFwApp, TempObjValue) <> 0 then + EnumerateNext := False + else + begin + FwApp := IUnknown(TempFwApp) as INetFwAuthorizedApplication; + + Added := LowerCase(FwApp.ProcessImageFileName) = LowerCase(BinaryPath) + end; + + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function IsPortEnabled(Port: Integer; Protocol: NET_FW_IP_PROTOCOL; + var Enabled: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; + FwOpenPort: INetFwOpenPort; + FwOpenPortInstances: IEnumVariant; + TempFwPortObj: OleVariant; + TempObjValue: Cardinal; + EnumerateNext: Boolean; +begin + Result := S_OK; + Enabled := False; + EnumerateNext := True; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwOpenPortInstances := FwProfile.GloballyOpenPorts.Get__NewEnum as IEnumVariant; + + while EnumerateNext do + if FwOpenPortInstances.Next(1, TempFwPortObj, TempObjValue) <> 0 then + EnumerateNext := False + else + begin + FwOpenPort := IUnknown(TempFwPortObj) as INetFwOpenPort; + + if (FwOpenPort.Port = Port) and (FwOpenPort.Protocol = TOleEnum(Protocol)) then + begin + Enabled := FwOpenPort.Enabled; + EnumerateNext := False; + end; + + end; + + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function IsApplicationEnabled(BinaryPath: String; + var Enabled: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; + FwApp: INetFwAuthorizedApplication; + FwAppInstances: IEnumVariant; + TempFwApp: OleVariant; + TempObjValue: Cardinal; + EnumerateNext: Boolean; +begin + Result := S_OK; + Enabled := False; + EnumerateNext := True; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwAppInstances := FwProfile.AuthorizedApplications.Get__NewEnum as IEnumVariant; + + while EnumerateNext do + if FwAppInstances.Next(1, TempFwApp, TempObjValue) <> 0 then + EnumerateNext := False + else + begin + FwApp := IUnknown(TempFwApp) as INetFwAuthorizedApplication; + + if LowerCase(FwApp.ProcessImageFileName) = LowerCase(BinaryPath) then + begin + Enabled := FwApp.Enabled; + EnumerateNext := False; + end; + + end; + + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function EnableDisablePort(Port: Integer; Protocol: NET_FW_IP_PROTOCOL; + Enabled: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; + FwOpenPort: INetFwOpenPort; + FwOpenPortInstances: IEnumVariant; + TempFwPortObj: OleVariant; + TempObjValue: Cardinal; + EnumerateNext: Boolean; +begin + Result := S_FALSE; + EnumerateNext := True; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwOpenPortInstances := FwProfile.GloballyOpenPorts.Get__NewEnum as IEnumVariant; + + while EnumerateNext do + if FwOpenPortInstances.Next(1, TempFwPortObj, TempObjValue) <> 0 then + EnumerateNext := False + else + begin + FwOpenPort := IUnknown(TempFwPortObj) as INetFwOpenPort; + + if (FwOpenPort.Port = Port) and (FwOpenPort.Protocol = TOleEnum(Protocol)) then + begin + FwOpenPort.Enabled := Enabled; + EnumerateNext := False; + Result := S_OK; + end; + end; + + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function EnableDisableApplication(BinaryPath: String; Enabled: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; + FwApp: INetFwAuthorizedApplication; + FwAppInstances: IEnumVariant; + TempFwApp: OleVariant; + TempObjValue: Cardinal; + EnumerateNext: Boolean; +begin + Result := S_FALSE; + EnumerateNext := True; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwAppInstances := FwProfile.AuthorizedApplications.Get__NewEnum as IEnumVariant; + + while EnumerateNext do + if FwAppInstances.Next(1, TempFwApp, TempObjValue) <> 0 then + EnumerateNext := False + else + begin + FwApp := IUnknown(TempFwApp) as INetFwAuthorizedApplication; + + if LowerCase(FwApp.ProcessImageFileName) = LowerCase(BinaryPath) then + begin + FwApp.Enabled := Enabled; + EnumerateNext := False; + Result := S_OK; + end; + + end; + + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function IsFirewallEnabled(var Enabled: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + Enabled := FwProfile.FirewallEnabled + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function EnableDisableFirewall(Enabled: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.FirewallEnabled := Enabled; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AllowDisallowExceptionsNotAllowed(NotAllowed: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.ExceptionsNotAllowed := NotAllowed; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AreExceptionsNotAllowed(var NotAllowed: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + NotAllowed := FwProfile.ExceptionsNotAllowed; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function EnableDisableNotifications(Enabled: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.NotificationsDisabled := not Enabled; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AreNotificationsEnabled(var Enabled: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + Enabled := not FwProfile.NotificationsDisabled; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function IsFirewallServiceRunning(var IsRunning: Boolean): Boolean; +begin + IsRunning := False; + + try + if ServiceControl.ExistsService(FW_SERVICE_VISTA) = 0 then + if ServiceControl.ServiceIsRunning(FW_SERVICE_VISTA, IsRunning) = 0 then + begin + Result := True; + Exit; + end; + + if ServiceControl.ExistsService(FW_SERVICE_XP_WIN2003) = 0 then + if ServiceControl.ServiceIsRunning(FW_SERVICE_XP_WIN2003, IsRunning) = 0 then + begin + Result := True; + Exit; + end; + + Result := True; + except + Result := False; + end; +end; + +function StartStopFirewallService(StartService: Boolean): Boolean; +begin + Result := False; + + try + if ServiceControl.ExistsService(FW_SERVICE_VISTA) = 0 then + begin + if StartService then + begin + if ServiceControl.StartService(FW_SERVICE_VISTA, '') = 0 then + begin + Result := True; + Exit; + end; + end + else + if ServiceControl.StopService(FW_SERVICE_VISTA) = 0 then + begin + Result := True; + Exit; + end; + end; + + if ServiceControl.ExistsService(FW_SERVICE_XP_WIN2003) = 0 then + begin + if StartService then + begin + if ServiceControl.StartService(FW_SERVICE_XP_WIN2003, '') = 0 then + begin + Result := True; + Exit; + end; + end + else + if ServiceControl.StopService(FW_SERVICE_XP_WIN2003) = 0 then + begin + Result := True; + Exit; + end; + end; + + except + Result := False; + end; + +end; + +function RestoreDefaults: HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + FwMgr.RestoreDefaults; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AllowDisallowIcmpOutboundDestinationUnreachable(Allow: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.IcmpSettings.AllowOutboundDestinationUnreachable := Allow; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AllowDisallowIcmpRedirect(Allow: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.IcmpSettings.AllowRedirect := Allow; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AllowDisallowIcmpInboundEchoRequest(Allow: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.IcmpSettings.AllowInboundEchoRequest := Allow; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AllowDisallowIcmpOutboundTimeExceeded(Allow: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.IcmpSettings.AllowOutboundTimeExceeded := Allow; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AllowDisallowIcmpOutboundParameterProblem(Allow: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.IcmpSettings.AllowOutboundParameterProblem := Allow; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AllowDisallowIcmpOutboundSourceQuench(Allow: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.IcmpSettings.AllowOutboundSourceQuench := Allow; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AllowDisallowIcmpInboundRouterRequest(Allow: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.IcmpSettings.AllowInboundRouterRequest := Allow; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AllowDisallowIcmpInboundTimestampRequest(Allow: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.IcmpSettings.AllowInboundTimestampRequest := Allow; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AllowDisallowIcmpInboundMaskRequest(Allow: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.IcmpSettings.AllowInboundMaskRequest := Allow; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function AllowDisallowIcmpOutboundPacketTooBig(Allow: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + FwProfile: INetFwProfile; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + + FwProfile := FwMgr.LocalPolicy.CurrentProfile; + FwProfile.IcmpSettings.AllowOutboundPacketTooBig := Allow; + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +function IsIcmpTypeAllowed(IpVersion: NET_FW_IP_VERSION; LocalAddress: String; + IcmpType: NET_FW_ICMP_TYPE; var Allowed: Boolean; var Restricted: Boolean): HRESULT; +var + FwMgrDisp: IDispatch; + FwMgr: INetFwMgr; + TempAllowed: OleVariant; + Temprestricted: OleVariant; +begin + Result := S_OK; + + try + FwMgrDisp := CreateOleObject(FW_MGR_CLASS_NAME); + try + FwMgr := INetFwMgr(FwMgrDisp); + FwMgr.IsIcmpTypeAllowed(TOleEnum(IpVersion), LocalAddress, Byte(IcmpType), TempAllowed, TempRestricted); + + Allowed := Boolean(TempAllowed); + Restricted := Boolean(TempRestricted); + finally + FwMgrDisp := Unassigned; + end; + except + on E:EOleSysError do + Result := E.ErrorCode; + end; +end; + +end. Binary files /tmp/tmplSASDf/TUlQUP504X/stunnel4-5.49/tools/plugins/SimpleFC/Source/NetFwTypeLib_TLB.dcr and /tmp/tmplSASDf/9jhPVAWuKM/stunnel4-5.50/tools/plugins/SimpleFC/Source/NetFwTypeLib_TLB.dcr differ diff -Nru stunnel4-5.49/tools/plugins/SimpleFC/Source/NetFwTypeLib_TLB.pas stunnel4-5.50/tools/plugins/SimpleFC/Source/NetFwTypeLib_TLB.pas --- stunnel4-5.49/tools/plugins/SimpleFC/Source/NetFwTypeLib_TLB.pas 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/SimpleFC/Source/NetFwTypeLib_TLB.pas 2007-05-20 14:34:08.000000000 +0000 @@ -0,0 +1,850 @@ +unit NetFwTypeLib_TLB; + +// ************************************************************************ // +// WARNUNG +// ------- +// Die in dieser Datei deklarierten Typen wurden aus Daten einer Typbibliothek +// generiert. Wenn diese Typbibliothek explizit oder indirekt (ber eine +// andere Typbibliothek) reimportiert wird oder wenn die Anweisung +// 'Aktualisieren' im Typbibliotheks-Editor whrend des Bearbeitens der +// Typbibliothek aktiviert ist, wird der Inhalt dieser Datei neu generiert und +// alle manuell vorgenommenen nderungen gehen verloren. +// ************************************************************************ // + +// PASTLWTR : $Revision: 1.130.1.0.1.0.1.6 $ +// Datei generiert am 20.05.2007 16:34:09 aus der unten beschriebenen Typbibliothek. + +// ************************************************************************ // +// Type Lib: FirewallAPI.dll (1) +// LIBID: {58FBCF7C-E7A9-467C-80B3-FC65E8FCCA08} +// LCID: 0 +// Helpfile: +// DepndLst: +// (1) v2.0 stdole, (C:\WINDOWS\system32\stdole2.tlb) +// (2) v4.0 StdVCL, (C:\WINDOWS\system32\stdvcl40.dll) +// Fehler +// Hinweis: Element 'Type' von 'INetFwService' gendert in 'Type_' +// Hinweis: Parameter 'Type' im INetFwService.Type gendert in 'Type_' +// Hinweis: Element 'Type' von 'INetFwProfile' gendert in 'Type_' +// Hinweis: Parameter 'Type' im INetFwProfile.Type gendert in 'Type_' +// Hinweis: Parameter 'Type' im INetFwMgr.IsIcmpTypeAllowed gendert in 'Type_' +// Hinweis: Element 'Type' von 'INetFwService' gendert in 'Type_' +// Hinweis: Element 'Type' von 'INetFwProfile' gendert in 'Type_' +// ************************************************************************ // +// *************************************************************************// +// HINWEIS: +// Von $IFDEF_LIVE_SERVER_AT_DESIGN_TIME berwachte Eintrge, werden von +// Eigenschaften verwendet, die Objekte zurckgeben, die explizit mit einen Funktionsaufruf +// vor dem Zugriff ber die Eigenschaft erzeugt werden mssen. Diese Eintrge wurden deaktiviert, +// um deren unbeabsichtigte Benutzung im Objektinspektor zu verhindern. Sie knnen sie +// aktivieren, indem Sie LIVE_SERVER_AT_DESIGN_TIME definieren oder sie selektiv +// aus den $IFDEF-Blcken entfernen. Solche Eintrge mssen jedoch programmseitig +// mit einer Methode der geeigneten CoClass vor der Verwendung +// erzeugt werden. +{$TYPEDADDRESS OFF} // Unit mu ohne Typberprfung fr Zeiger compiliert werden. +{$WARN SYMBOL_PLATFORM OFF} +{$WRITEABLECONST ON} +{$VARPROPSETTER ON} +interface + +uses Windows, ActiveX, Classes, Graphics, StdVCL, Variants; + + +// *********************************************************************// +// In dieser Typbibliothek deklarierte GUIDS . Es werden folgende +// Prfixe verwendet: +// Typbibliotheken : LIBID_xxxx +// CoClasses : CLASS_xxxx +// DISPInterfaces : DIID_xxxx +// Nicht-DISP-Schnittstellen: IID_xxxx +// *********************************************************************// +const + // Haupt- und Nebenversionen der Typbibliothek + NetFwTypeLibMajorVersion = 1; + NetFwTypeLibMinorVersion = 0; + + LIBID_NetFwTypeLib: TGUID = '{58FBCF7C-E7A9-467C-80B3-FC65E8FCCA08}'; + + IID_INetFwRemoteAdminSettings: TGUID = '{D4BECDDF-6F73-4A83-B832-9C66874CD20E}'; + IID_INetFwIcmpSettings: TGUID = '{A6207B2E-7CDD-426A-951E-5E1CBC5AFEAD}'; + IID_INetFwOpenPort: TGUID = '{E0483BA0-47FF-4D9C-A6D6-7741D0B195F7}'; + IID_INetFwOpenPorts: TGUID = '{C0E9D7FA-E07E-430A-B19A-090CE82D92E2}'; + IID_INetFwService: TGUID = '{79FD57C8-908E-4A36-9888-D5B3F0A444CF}'; + IID_INetFwServices: TGUID = '{79649BB4-903E-421B-94C9-79848E79F6EE}'; + IID_INetFwAuthorizedApplication: TGUID = '{B5E64FFA-C2C5-444E-A301-FB5E00018050}'; + IID_INetFwAuthorizedApplications: TGUID = '{644EFD52-CCF9-486C-97A2-39F352570B30}'; + IID_INetFwServiceRestriction: TGUID = '{8267BBE3-F890-491C-B7B6-2DB1EF0E5D2B}'; + IID_INetFwRules: TGUID = '{9C4C6277-5027-441E-AFAE-CA1F542DA009}'; + IID_INetFwRule: TGUID = '{AF230D27-BABA-4E42-ACED-F524F22CFCE2}'; + IID_INetFwProfile: TGUID = '{174A0DDA-E9F9-449D-993B-21AB667CA456}'; + IID_INetFwPolicy: TGUID = '{D46D2478-9AC9-4008-9DC7-5563CE5536CC}'; + IID_INetFwPolicy2: TGUID = '{98325047-C671-4174-8D81-DEFCD3F03186}'; + IID_INetFwMgr: TGUID = '{F7898AF5-CAC4-4632-A2EC-DA06E5111AF2}'; + +// *********************************************************************// +// Deklaration von in der Typbibliothek definierten Enumerationen +// *********************************************************************// +// Konstanten fr enum NET_FW_IP_VERSION_ +type + NET_FW_IP_VERSION_ = TOleEnum; +const + NET_FW_IP_VERSION_V4 = $00000000; + NET_FW_IP_VERSION_V6 = $00000001; + NET_FW_IP_VERSION_ANY = $00000002; + NET_FW_IP_VERSION_MAX = $00000003; + +// Konstanten fr enum NET_FW_SCOPE_ +type + NET_FW_SCOPE_ = TOleEnum; +const + NET_FW_SCOPE_ALL = $00000000; + NET_FW_SCOPE_LOCAL_SUBNET = $00000001; + NET_FW_SCOPE_CUSTOM = $00000002; + NET_FW_SCOPE_MAX = $00000003; + +// Konstanten fr enum NET_FW_IP_PROTOCOL_ +type + NET_FW_IP_PROTOCOL_ = TOleEnum; +const + NET_FW_IP_PROTOCOL_TCP = $00000006; + NET_FW_IP_PROTOCOL_UDP = $00000011; + NET_FW_IP_PROTOCOL_ANY = $00000100; + +// Konstanten fr enum NET_FW_SERVICE_TYPE_ +type + NET_FW_SERVICE_TYPE_ = TOleEnum; +const + NET_FW_SERVICE_FILE_AND_PRINT = $00000000; + NET_FW_SERVICE_UPNP = $00000001; + NET_FW_SERVICE_REMOTE_DESKTOP = $00000002; + NET_FW_SERVICE_NONE = $00000003; + NET_FW_SERVICE_TYPE_MAX = $00000004; + +// Konstanten fr enum NET_FW_RULE_DIRECTION_ +type + NET_FW_RULE_DIRECTION_ = TOleEnum; +const + NET_FW_RULE_DIR_IN = $00000001; + NET_FW_RULE_DIR_OUT = $00000002; + NET_FW_RULE_DIR_MAX = $00000003; + +// Konstanten fr enum NET_FW_ACTION_ +type + NET_FW_ACTION_ = TOleEnum; +const + NET_FW_ACTION_BLOCK = $00000000; + NET_FW_ACTION_ALLOW = $00000001; + NET_FW_ACTION_MAX = $00000002; + +// Konstanten fr enum NET_FW_PROFILE_TYPE_ +type + NET_FW_PROFILE_TYPE_ = TOleEnum; +const + NET_FW_PROFILE_DOMAIN = $00000000; + NET_FW_PROFILE_STANDARD = $00000001; + NET_FW_PROFILE_CURRENT = $00000002; + NET_FW_PROFILE_TYPE_MAX = $00000003; + +// Konstanten fr enum NET_FW_PROFILE_TYPE2_ +type + NET_FW_PROFILE_TYPE2_ = TOleEnum; +const + NET_FW_PROFILE2_DOMAIN = $00000001; + NET_FW_PROFILE2_PRIVATE = $00000002; + NET_FW_PROFILE2_PUBLIC = $00000004; + NET_FW_PROFILE2_ALL = $7FFFFFFF; + +// Konstanten fr enum NET_FW_MODIFY_STATE_ +type + NET_FW_MODIFY_STATE_ = TOleEnum; +const + NET_FW_MODIFY_STATE_OK = $00000000; + NET_FW_MODIFY_STATE_GP_OVERRIDE = $00000001; + NET_FW_MODIFY_STATE_INBOUND_BLOCKED = $00000002; + +type + +// *********************************************************************// +// Forward-Deklaration von in der Typbibliothek definierten Typen +// *********************************************************************// + INetFwRemoteAdminSettings = interface; + INetFwRemoteAdminSettingsDisp = dispinterface; + INetFwIcmpSettings = interface; + INetFwIcmpSettingsDisp = dispinterface; + INetFwOpenPort = interface; + INetFwOpenPortDisp = dispinterface; + INetFwOpenPorts = interface; + INetFwOpenPortsDisp = dispinterface; + INetFwService = interface; + INetFwServiceDisp = dispinterface; + INetFwServices = interface; + INetFwServicesDisp = dispinterface; + INetFwAuthorizedApplication = interface; + INetFwAuthorizedApplicationDisp = dispinterface; + INetFwAuthorizedApplications = interface; + INetFwAuthorizedApplicationsDisp = dispinterface; + INetFwServiceRestriction = interface; + INetFwServiceRestrictionDisp = dispinterface; + INetFwRules = interface; + INetFwRulesDisp = dispinterface; + INetFwRule = interface; + INetFwRuleDisp = dispinterface; + INetFwProfile = interface; + INetFwProfileDisp = dispinterface; + INetFwPolicy = interface; + INetFwPolicyDisp = dispinterface; + INetFwPolicy2 = interface; + INetFwPolicy2Disp = dispinterface; + INetFwMgr = interface; + INetFwMgrDisp = dispinterface; + +// *********************************************************************// +// Schnittstelle: INetFwRemoteAdminSettings +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {D4BECDDF-6F73-4A83-B832-9C66874CD20E} +// *********************************************************************// + INetFwRemoteAdminSettings = interface(IDispatch) + ['{D4BECDDF-6F73-4A83-B832-9C66874CD20E}'] + function Get_IpVersion: NET_FW_IP_VERSION_; safecall; + procedure Set_IpVersion(IpVersion: NET_FW_IP_VERSION_); safecall; + function Get_Scope: NET_FW_SCOPE_; safecall; + procedure Set_Scope(Scope: NET_FW_SCOPE_); safecall; + function Get_RemoteAddresses: WideString; safecall; + procedure Set_RemoteAddresses(const remoteAddrs: WideString); safecall; + function Get_Enabled: WordBool; safecall; + procedure Set_Enabled(Enabled: WordBool); safecall; + property IpVersion: NET_FW_IP_VERSION_ read Get_IpVersion write Set_IpVersion; + property Scope: NET_FW_SCOPE_ read Get_Scope write Set_Scope; + property RemoteAddresses: WideString read Get_RemoteAddresses write Set_RemoteAddresses; + property Enabled: WordBool read Get_Enabled write Set_Enabled; + end; + +// *********************************************************************// +// DispIntf: INetFwRemoteAdminSettingsDisp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {D4BECDDF-6F73-4A83-B832-9C66874CD20E} +// *********************************************************************// + INetFwRemoteAdminSettingsDisp = dispinterface + ['{D4BECDDF-6F73-4A83-B832-9C66874CD20E}'] + property IpVersion: NET_FW_IP_VERSION_ dispid 1; + property Scope: NET_FW_SCOPE_ dispid 2; + property RemoteAddresses: WideString dispid 3; + property Enabled: WordBool dispid 4; + end; + +// *********************************************************************// +// Schnittstelle: INetFwIcmpSettings +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {A6207B2E-7CDD-426A-951E-5E1CBC5AFEAD} +// *********************************************************************// + INetFwIcmpSettings = interface(IDispatch) + ['{A6207B2E-7CDD-426A-951E-5E1CBC5AFEAD}'] + function Get_AllowOutboundDestinationUnreachable: WordBool; safecall; + procedure Set_AllowOutboundDestinationUnreachable(allow: WordBool); safecall; + function Get_AllowRedirect: WordBool; safecall; + procedure Set_AllowRedirect(allow: WordBool); safecall; + function Get_AllowInboundEchoRequest: WordBool; safecall; + procedure Set_AllowInboundEchoRequest(allow: WordBool); safecall; + function Get_AllowOutboundTimeExceeded: WordBool; safecall; + procedure Set_AllowOutboundTimeExceeded(allow: WordBool); safecall; + function Get_AllowOutboundParameterProblem: WordBool; safecall; + procedure Set_AllowOutboundParameterProblem(allow: WordBool); safecall; + function Get_AllowOutboundSourceQuench: WordBool; safecall; + procedure Set_AllowOutboundSourceQuench(allow: WordBool); safecall; + function Get_AllowInboundRouterRequest: WordBool; safecall; + procedure Set_AllowInboundRouterRequest(allow: WordBool); safecall; + function Get_AllowInboundTimestampRequest: WordBool; safecall; + procedure Set_AllowInboundTimestampRequest(allow: WordBool); safecall; + function Get_AllowInboundMaskRequest: WordBool; safecall; + procedure Set_AllowInboundMaskRequest(allow: WordBool); safecall; + function Get_AllowOutboundPacketTooBig: WordBool; safecall; + procedure Set_AllowOutboundPacketTooBig(allow: WordBool); safecall; + property AllowOutboundDestinationUnreachable: WordBool read Get_AllowOutboundDestinationUnreachable write Set_AllowOutboundDestinationUnreachable; + property AllowRedirect: WordBool read Get_AllowRedirect write Set_AllowRedirect; + property AllowInboundEchoRequest: WordBool read Get_AllowInboundEchoRequest write Set_AllowInboundEchoRequest; + property AllowOutboundTimeExceeded: WordBool read Get_AllowOutboundTimeExceeded write Set_AllowOutboundTimeExceeded; + property AllowOutboundParameterProblem: WordBool read Get_AllowOutboundParameterProblem write Set_AllowOutboundParameterProblem; + property AllowOutboundSourceQuench: WordBool read Get_AllowOutboundSourceQuench write Set_AllowOutboundSourceQuench; + property AllowInboundRouterRequest: WordBool read Get_AllowInboundRouterRequest write Set_AllowInboundRouterRequest; + property AllowInboundTimestampRequest: WordBool read Get_AllowInboundTimestampRequest write Set_AllowInboundTimestampRequest; + property AllowInboundMaskRequest: WordBool read Get_AllowInboundMaskRequest write Set_AllowInboundMaskRequest; + property AllowOutboundPacketTooBig: WordBool read Get_AllowOutboundPacketTooBig write Set_AllowOutboundPacketTooBig; + end; + +// *********************************************************************// +// DispIntf: INetFwIcmpSettingsDisp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {A6207B2E-7CDD-426A-951E-5E1CBC5AFEAD} +// *********************************************************************// + INetFwIcmpSettingsDisp = dispinterface + ['{A6207B2E-7CDD-426A-951E-5E1CBC5AFEAD}'] + property AllowOutboundDestinationUnreachable: WordBool dispid 1; + property AllowRedirect: WordBool dispid 2; + property AllowInboundEchoRequest: WordBool dispid 3; + property AllowOutboundTimeExceeded: WordBool dispid 4; + property AllowOutboundParameterProblem: WordBool dispid 5; + property AllowOutboundSourceQuench: WordBool dispid 6; + property AllowInboundRouterRequest: WordBool dispid 7; + property AllowInboundTimestampRequest: WordBool dispid 8; + property AllowInboundMaskRequest: WordBool dispid 9; + property AllowOutboundPacketTooBig: WordBool dispid 10; + end; + +// *********************************************************************// +// Schnittstelle: INetFwOpenPort +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {E0483BA0-47FF-4D9C-A6D6-7741D0B195F7} +// *********************************************************************// + INetFwOpenPort = interface(IDispatch) + ['{E0483BA0-47FF-4D9C-A6D6-7741D0B195F7}'] + function Get_Name: WideString; safecall; + procedure Set_Name(const Name: WideString); safecall; + function Get_IpVersion: NET_FW_IP_VERSION_; safecall; + procedure Set_IpVersion(IpVersion: NET_FW_IP_VERSION_); safecall; + function Get_Protocol: NET_FW_IP_PROTOCOL_; safecall; + procedure Set_Protocol(ipProtocol: NET_FW_IP_PROTOCOL_); safecall; + function Get_Port: Integer; safecall; + procedure Set_Port(portNumber: Integer); safecall; + function Get_Scope: NET_FW_SCOPE_; safecall; + procedure Set_Scope(Scope: NET_FW_SCOPE_); safecall; + function Get_RemoteAddresses: WideString; safecall; + procedure Set_RemoteAddresses(const remoteAddrs: WideString); safecall; + function Get_Enabled: WordBool; safecall; + procedure Set_Enabled(Enabled: WordBool); safecall; + function Get_BuiltIn: WordBool; safecall; + property Name: WideString read Get_Name write Set_Name; + property IpVersion: NET_FW_IP_VERSION_ read Get_IpVersion write Set_IpVersion; + property Protocol: NET_FW_IP_PROTOCOL_ read Get_Protocol write Set_Protocol; + property Port: Integer read Get_Port write Set_Port; + property Scope: NET_FW_SCOPE_ read Get_Scope write Set_Scope; + property RemoteAddresses: WideString read Get_RemoteAddresses write Set_RemoteAddresses; + property Enabled: WordBool read Get_Enabled write Set_Enabled; + property BuiltIn: WordBool read Get_BuiltIn; + end; + +// *********************************************************************// +// DispIntf: INetFwOpenPortDisp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {E0483BA0-47FF-4D9C-A6D6-7741D0B195F7} +// *********************************************************************// + INetFwOpenPortDisp = dispinterface + ['{E0483BA0-47FF-4D9C-A6D6-7741D0B195F7}'] + property Name: WideString dispid 1; + property IpVersion: NET_FW_IP_VERSION_ dispid 2; + property Protocol: NET_FW_IP_PROTOCOL_ dispid 3; + property Port: Integer dispid 4; + property Scope: NET_FW_SCOPE_ dispid 5; + property RemoteAddresses: WideString dispid 6; + property Enabled: WordBool dispid 7; + property BuiltIn: WordBool readonly dispid 8; + end; + +// *********************************************************************// +// Schnittstelle: INetFwOpenPorts +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {C0E9D7FA-E07E-430A-B19A-090CE82D92E2} +// *********************************************************************// + INetFwOpenPorts = interface(IDispatch) + ['{C0E9D7FA-E07E-430A-B19A-090CE82D92E2}'] + function Get_Count: Integer; safecall; + procedure Add(const Port: INetFwOpenPort); safecall; + procedure Remove(portNumber: Integer; ipProtocol: NET_FW_IP_PROTOCOL_); safecall; + function Item(portNumber: Integer; ipProtocol: NET_FW_IP_PROTOCOL_): INetFwOpenPort; safecall; + function Get__NewEnum: IUnknown; safecall; + property Count: Integer read Get_Count; + property _NewEnum: IUnknown read Get__NewEnum; + end; + +// *********************************************************************// +// DispIntf: INetFwOpenPortsDisp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {C0E9D7FA-E07E-430A-B19A-090CE82D92E2} +// *********************************************************************// + INetFwOpenPortsDisp = dispinterface + ['{C0E9D7FA-E07E-430A-B19A-090CE82D92E2}'] + property Count: Integer readonly dispid 1; + procedure Add(const Port: INetFwOpenPort); dispid 2; + procedure Remove(portNumber: Integer; ipProtocol: NET_FW_IP_PROTOCOL_); dispid 3; + function Item(portNumber: Integer; ipProtocol: NET_FW_IP_PROTOCOL_): INetFwOpenPort; dispid 4; + property _NewEnum: IUnknown readonly dispid -4; + end; + +// *********************************************************************// +// Schnittstelle: INetFwService +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {79FD57C8-908E-4A36-9888-D5B3F0A444CF} +// *********************************************************************// + INetFwService = interface(IDispatch) + ['{79FD57C8-908E-4A36-9888-D5B3F0A444CF}'] + function Get_Name: WideString; safecall; + function Get_Type_: NET_FW_SERVICE_TYPE_; safecall; + function Get_Customized: WordBool; safecall; + function Get_IpVersion: NET_FW_IP_VERSION_; safecall; + procedure Set_IpVersion(IpVersion: NET_FW_IP_VERSION_); safecall; + function Get_Scope: NET_FW_SCOPE_; safecall; + procedure Set_Scope(Scope: NET_FW_SCOPE_); safecall; + function Get_RemoteAddresses: WideString; safecall; + procedure Set_RemoteAddresses(const remoteAddrs: WideString); safecall; + function Get_Enabled: WordBool; safecall; + procedure Set_Enabled(Enabled: WordBool); safecall; + function Get_GloballyOpenPorts: INetFwOpenPorts; safecall; + property Name: WideString read Get_Name; + property Type_: NET_FW_SERVICE_TYPE_ read Get_Type_; + property Customized: WordBool read Get_Customized; + property IpVersion: NET_FW_IP_VERSION_ read Get_IpVersion write Set_IpVersion; + property Scope: NET_FW_SCOPE_ read Get_Scope write Set_Scope; + property RemoteAddresses: WideString read Get_RemoteAddresses write Set_RemoteAddresses; + property Enabled: WordBool read Get_Enabled write Set_Enabled; + property GloballyOpenPorts: INetFwOpenPorts read Get_GloballyOpenPorts; + end; + +// *********************************************************************// +// DispIntf: INetFwServiceDisp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {79FD57C8-908E-4A36-9888-D5B3F0A444CF} +// *********************************************************************// + INetFwServiceDisp = dispinterface + ['{79FD57C8-908E-4A36-9888-D5B3F0A444CF}'] + property Name: WideString readonly dispid 1; + property Type_: NET_FW_SERVICE_TYPE_ readonly dispid 2; + property Customized: WordBool readonly dispid 3; + property IpVersion: NET_FW_IP_VERSION_ dispid 4; + property Scope: NET_FW_SCOPE_ dispid 5; + property RemoteAddresses: WideString dispid 6; + property Enabled: WordBool dispid 7; + property GloballyOpenPorts: INetFwOpenPorts readonly dispid 8; + end; + +// *********************************************************************// +// Schnittstelle: INetFwServices +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {79649BB4-903E-421B-94C9-79848E79F6EE} +// *********************************************************************// + INetFwServices = interface(IDispatch) + ['{79649BB4-903E-421B-94C9-79848E79F6EE}'] + function Get_Count: Integer; safecall; + function Item(svcType: NET_FW_SERVICE_TYPE_): INetFwService; safecall; + function Get__NewEnum: IUnknown; safecall; + property Count: Integer read Get_Count; + property _NewEnum: IUnknown read Get__NewEnum; + end; + +// *********************************************************************// +// DispIntf: INetFwServicesDisp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {79649BB4-903E-421B-94C9-79848E79F6EE} +// *********************************************************************// + INetFwServicesDisp = dispinterface + ['{79649BB4-903E-421B-94C9-79848E79F6EE}'] + property Count: Integer readonly dispid 1; + function Item(svcType: NET_FW_SERVICE_TYPE_): INetFwService; dispid 2; + property _NewEnum: IUnknown readonly dispid -4; + end; + +// *********************************************************************// +// Schnittstelle: INetFwAuthorizedApplication +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {B5E64FFA-C2C5-444E-A301-FB5E00018050} +// *********************************************************************// + INetFwAuthorizedApplication = interface(IDispatch) + ['{B5E64FFA-C2C5-444E-A301-FB5E00018050}'] + function Get_Name: WideString; safecall; + procedure Set_Name(const Name: WideString); safecall; + function Get_ProcessImageFileName: WideString; safecall; + procedure Set_ProcessImageFileName(const imageFileName: WideString); safecall; + function Get_IpVersion: NET_FW_IP_VERSION_; safecall; + procedure Set_IpVersion(IpVersion: NET_FW_IP_VERSION_); safecall; + function Get_Scope: NET_FW_SCOPE_; safecall; + procedure Set_Scope(Scope: NET_FW_SCOPE_); safecall; + function Get_RemoteAddresses: WideString; safecall; + procedure Set_RemoteAddresses(const remoteAddrs: WideString); safecall; + function Get_Enabled: WordBool; safecall; + procedure Set_Enabled(Enabled: WordBool); safecall; + property Name: WideString read Get_Name write Set_Name; + property ProcessImageFileName: WideString read Get_ProcessImageFileName write Set_ProcessImageFileName; + property IpVersion: NET_FW_IP_VERSION_ read Get_IpVersion write Set_IpVersion; + property Scope: NET_FW_SCOPE_ read Get_Scope write Set_Scope; + property RemoteAddresses: WideString read Get_RemoteAddresses write Set_RemoteAddresses; + property Enabled: WordBool read Get_Enabled write Set_Enabled; + end; + +// *********************************************************************// +// DispIntf: INetFwAuthorizedApplicationDisp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {B5E64FFA-C2C5-444E-A301-FB5E00018050} +// *********************************************************************// + INetFwAuthorizedApplicationDisp = dispinterface + ['{B5E64FFA-C2C5-444E-A301-FB5E00018050}'] + property Name: WideString dispid 1; + property ProcessImageFileName: WideString dispid 2; + property IpVersion: NET_FW_IP_VERSION_ dispid 3; + property Scope: NET_FW_SCOPE_ dispid 4; + property RemoteAddresses: WideString dispid 5; + property Enabled: WordBool dispid 6; + end; + +// *********************************************************************// +// Schnittstelle: INetFwAuthorizedApplications +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {644EFD52-CCF9-486C-97A2-39F352570B30} +// *********************************************************************// + INetFwAuthorizedApplications = interface(IDispatch) + ['{644EFD52-CCF9-486C-97A2-39F352570B30}'] + function Get_Count: Integer; safecall; + procedure Add(const app: INetFwAuthorizedApplication); safecall; + procedure Remove(const imageFileName: WideString); safecall; + function Item(const imageFileName: WideString): INetFwAuthorizedApplication; safecall; + function Get__NewEnum: IUnknown; safecall; + property Count: Integer read Get_Count; + property _NewEnum: IUnknown read Get__NewEnum; + end; + +// *********************************************************************// +// DispIntf: INetFwAuthorizedApplicationsDisp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {644EFD52-CCF9-486C-97A2-39F352570B30} +// *********************************************************************// + INetFwAuthorizedApplicationsDisp = dispinterface + ['{644EFD52-CCF9-486C-97A2-39F352570B30}'] + property Count: Integer readonly dispid 1; + procedure Add(const app: INetFwAuthorizedApplication); dispid 2; + procedure Remove(const imageFileName: WideString); dispid 3; + function Item(const imageFileName: WideString): INetFwAuthorizedApplication; dispid 4; + property _NewEnum: IUnknown readonly dispid -4; + end; + +// *********************************************************************// +// Schnittstelle: INetFwServiceRestriction +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {8267BBE3-F890-491C-B7B6-2DB1EF0E5D2B} +// *********************************************************************// + INetFwServiceRestriction = interface(IDispatch) + ['{8267BBE3-F890-491C-B7B6-2DB1EF0E5D2B}'] + procedure RestrictService(const serviceName: WideString; const appName: WideString; + RestrictService: WordBool; serviceSidRestricted: WordBool); safecall; + function ServiceRestricted(const serviceName: WideString; const appName: WideString): WordBool; safecall; + function Get_Rules: INetFwRules; safecall; + property Rules: INetFwRules read Get_Rules; + end; + +// *********************************************************************// +// DispIntf: INetFwServiceRestrictionDisp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {8267BBE3-F890-491C-B7B6-2DB1EF0E5D2B} +// *********************************************************************// + INetFwServiceRestrictionDisp = dispinterface + ['{8267BBE3-F890-491C-B7B6-2DB1EF0E5D2B}'] + procedure RestrictService(const serviceName: WideString; const appName: WideString; + RestrictService: WordBool; serviceSidRestricted: WordBool); dispid 1; + function ServiceRestricted(const serviceName: WideString; const appName: WideString): WordBool; dispid 2; + property Rules: INetFwRules readonly dispid 3; + end; + +// *********************************************************************// +// Schnittstelle: INetFwRules +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {9C4C6277-5027-441E-AFAE-CA1F542DA009} +// *********************************************************************// + INetFwRules = interface(IDispatch) + ['{9C4C6277-5027-441E-AFAE-CA1F542DA009}'] + function Get_Count: Integer; safecall; + procedure Add(const rule: INetFwRule); safecall; + procedure Remove(const Name: WideString); safecall; + function Item(const Name: WideString): INetFwRule; safecall; + function Get__NewEnum: IUnknown; safecall; + property Count: Integer read Get_Count; + property _NewEnum: IUnknown read Get__NewEnum; + end; + +// *********************************************************************// +// DispIntf: INetFwRulesDisp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {9C4C6277-5027-441E-AFAE-CA1F542DA009} +// *********************************************************************// + INetFwRulesDisp = dispinterface + ['{9C4C6277-5027-441E-AFAE-CA1F542DA009}'] + property Count: Integer readonly dispid 1; + procedure Add(const rule: INetFwRule); dispid 2; + procedure Remove(const Name: WideString); dispid 3; + function Item(const Name: WideString): INetFwRule; dispid 4; + property _NewEnum: IUnknown readonly dispid -4; + end; + +// *********************************************************************// +// Schnittstelle: INetFwRule +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {AF230D27-BABA-4E42-ACED-F524F22CFCE2} +// *********************************************************************// + INetFwRule = interface(IDispatch) + ['{AF230D27-BABA-4E42-ACED-F524F22CFCE2}'] + function Get_Name: WideString; safecall; + procedure Set_Name(const Name: WideString); safecall; + function Get_Description: WideString; safecall; + procedure Set_Description(const desc: WideString); safecall; + function Get_ApplicationName: WideString; safecall; + procedure Set_ApplicationName(const imageFileName: WideString); safecall; + function Get_serviceName: WideString; safecall; + procedure Set_serviceName(const serviceName: WideString); safecall; + function Get_Protocol: Integer; safecall; + procedure Set_Protocol(Protocol: Integer); safecall; + function Get_LocalPorts: WideString; safecall; + procedure Set_LocalPorts(const portNumbers: WideString); safecall; + function Get_RemotePorts: WideString; safecall; + procedure Set_RemotePorts(const portNumbers: WideString); safecall; + function Get_LocalAddresses: WideString; safecall; + procedure Set_LocalAddresses(const localAddrs: WideString); safecall; + function Get_RemoteAddresses: WideString; safecall; + procedure Set_RemoteAddresses(const remoteAddrs: WideString); safecall; + function Get_IcmpTypesAndCodes: WideString; safecall; + procedure Set_IcmpTypesAndCodes(const IcmpTypesAndCodes: WideString); safecall; + function Get_Direction: NET_FW_RULE_DIRECTION_; safecall; + procedure Set_Direction(dir: NET_FW_RULE_DIRECTION_); safecall; + function Get_Interfaces: OleVariant; safecall; + procedure Set_Interfaces(Interfaces: OleVariant); safecall; + function Get_InterfaceTypes: WideString; safecall; + procedure Set_InterfaceTypes(const InterfaceTypes: WideString); safecall; + function Get_Enabled: WordBool; safecall; + procedure Set_Enabled(Enabled: WordBool); safecall; + function Get_Grouping: WideString; safecall; + procedure Set_Grouping(const context: WideString); safecall; + function Get_Profiles: Integer; safecall; + procedure Set_Profiles(profileTypesBitmask: Integer); safecall; + function Get_EdgeTraversal: WordBool; safecall; + procedure Set_EdgeTraversal(Enabled: WordBool); safecall; + function Get_Action: NET_FW_ACTION_; safecall; + procedure Set_Action(Action: NET_FW_ACTION_); safecall; + property Name: WideString read Get_Name write Set_Name; + property Description: WideString read Get_Description write Set_Description; + property ApplicationName: WideString read Get_ApplicationName write Set_ApplicationName; + property serviceName: WideString read Get_serviceName write Set_serviceName; + property Protocol: Integer read Get_Protocol write Set_Protocol; + property LocalPorts: WideString read Get_LocalPorts write Set_LocalPorts; + property RemotePorts: WideString read Get_RemotePorts write Set_RemotePorts; + property LocalAddresses: WideString read Get_LocalAddresses write Set_LocalAddresses; + property RemoteAddresses: WideString read Get_RemoteAddresses write Set_RemoteAddresses; + property IcmpTypesAndCodes: WideString read Get_IcmpTypesAndCodes write Set_IcmpTypesAndCodes; + property Direction: NET_FW_RULE_DIRECTION_ read Get_Direction write Set_Direction; + property Interfaces: OleVariant read Get_Interfaces write Set_Interfaces; + property InterfaceTypes: WideString read Get_InterfaceTypes write Set_InterfaceTypes; + property Enabled: WordBool read Get_Enabled write Set_Enabled; + property Grouping: WideString read Get_Grouping write Set_Grouping; + property Profiles: Integer read Get_Profiles write Set_Profiles; + property EdgeTraversal: WordBool read Get_EdgeTraversal write Set_EdgeTraversal; + property Action: NET_FW_ACTION_ read Get_Action write Set_Action; + end; + +// *********************************************************************// +// DispIntf: INetFwRuleDisp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {AF230D27-BABA-4E42-ACED-F524F22CFCE2} +// *********************************************************************// + INetFwRuleDisp = dispinterface + ['{AF230D27-BABA-4E42-ACED-F524F22CFCE2}'] + property Name: WideString dispid 1; + property Description: WideString dispid 2; + property ApplicationName: WideString dispid 3; + property serviceName: WideString dispid 4; + property Protocol: Integer dispid 5; + property LocalPorts: WideString dispid 6; + property RemotePorts: WideString dispid 7; + property LocalAddresses: WideString dispid 8; + property RemoteAddresses: WideString dispid 9; + property IcmpTypesAndCodes: WideString dispid 10; + property Direction: NET_FW_RULE_DIRECTION_ dispid 11; + property Interfaces: OleVariant dispid 12; + property InterfaceTypes: WideString dispid 13; + property Enabled: WordBool dispid 14; + property Grouping: WideString dispid 15; + property Profiles: Integer dispid 16; + property EdgeTraversal: WordBool dispid 17; + property Action: NET_FW_ACTION_ dispid 18; + end; + +// *********************************************************************// +// Schnittstelle: INetFwProfile +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {174A0DDA-E9F9-449D-993B-21AB667CA456} +// *********************************************************************// + INetFwProfile = interface(IDispatch) + ['{174A0DDA-E9F9-449D-993B-21AB667CA456}'] + function Get_Type_: NET_FW_PROFILE_TYPE_; safecall; + function Get_FirewallEnabled: WordBool; safecall; + procedure Set_FirewallEnabled(Enabled: WordBool); safecall; + function Get_ExceptionsNotAllowed: WordBool; safecall; + procedure Set_ExceptionsNotAllowed(notAllowed: WordBool); safecall; + function Get_NotificationsDisabled: WordBool; safecall; + procedure Set_NotificationsDisabled(disabled: WordBool); safecall; + function Get_UnicastResponsesToMulticastBroadcastDisabled: WordBool; safecall; + procedure Set_UnicastResponsesToMulticastBroadcastDisabled(disabled: WordBool); safecall; + function Get_RemoteAdminSettings: INetFwRemoteAdminSettings; safecall; + function Get_IcmpSettings: INetFwIcmpSettings; safecall; + function Get_GloballyOpenPorts: INetFwOpenPorts; safecall; + function Get_Services: INetFwServices; safecall; + function Get_AuthorizedApplications: INetFwAuthorizedApplications; safecall; + property Type_: NET_FW_PROFILE_TYPE_ read Get_Type_; + property FirewallEnabled: WordBool read Get_FirewallEnabled write Set_FirewallEnabled; + property ExceptionsNotAllowed: WordBool read Get_ExceptionsNotAllowed write Set_ExceptionsNotAllowed; + property NotificationsDisabled: WordBool read Get_NotificationsDisabled write Set_NotificationsDisabled; + property UnicastResponsesToMulticastBroadcastDisabled: WordBool read Get_UnicastResponsesToMulticastBroadcastDisabled write Set_UnicastResponsesToMulticastBroadcastDisabled; + property RemoteAdminSettings: INetFwRemoteAdminSettings read Get_RemoteAdminSettings; + property IcmpSettings: INetFwIcmpSettings read Get_IcmpSettings; + property GloballyOpenPorts: INetFwOpenPorts read Get_GloballyOpenPorts; + property Services: INetFwServices read Get_Services; + property AuthorizedApplications: INetFwAuthorizedApplications read Get_AuthorizedApplications; + end; + +// *********************************************************************// +// DispIntf: INetFwProfileDisp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {174A0DDA-E9F9-449D-993B-21AB667CA456} +// *********************************************************************// + INetFwProfileDisp = dispinterface + ['{174A0DDA-E9F9-449D-993B-21AB667CA456}'] + property Type_: NET_FW_PROFILE_TYPE_ readonly dispid 1; + property FirewallEnabled: WordBool dispid 2; + property ExceptionsNotAllowed: WordBool dispid 3; + property NotificationsDisabled: WordBool dispid 4; + property UnicastResponsesToMulticastBroadcastDisabled: WordBool dispid 5; + property RemoteAdminSettings: INetFwRemoteAdminSettings readonly dispid 6; + property IcmpSettings: INetFwIcmpSettings readonly dispid 7; + property GloballyOpenPorts: INetFwOpenPorts readonly dispid 8; + property Services: INetFwServices readonly dispid 9; + property AuthorizedApplications: INetFwAuthorizedApplications readonly dispid 10; + end; + +// *********************************************************************// +// Schnittstelle: INetFwPolicy +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {D46D2478-9AC9-4008-9DC7-5563CE5536CC} +// *********************************************************************// + INetFwPolicy = interface(IDispatch) + ['{D46D2478-9AC9-4008-9DC7-5563CE5536CC}'] + function Get_CurrentProfile: INetFwProfile; safecall; + function GetProfileByType(profileType: NET_FW_PROFILE_TYPE_): INetFwProfile; safecall; + property CurrentProfile: INetFwProfile read Get_CurrentProfile; + end; + +// *********************************************************************// +// DispIntf: INetFwPolicyDisp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {D46D2478-9AC9-4008-9DC7-5563CE5536CC} +// *********************************************************************// + INetFwPolicyDisp = dispinterface + ['{D46D2478-9AC9-4008-9DC7-5563CE5536CC}'] + property CurrentProfile: INetFwProfile readonly dispid 1; + function GetProfileByType(profileType: NET_FW_PROFILE_TYPE_): INetFwProfile; dispid 2; + end; + +// *********************************************************************// +// Schnittstelle: INetFwPolicy2 +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {98325047-C671-4174-8D81-DEFCD3F03186} +// *********************************************************************// + INetFwPolicy2 = interface(IDispatch) + ['{98325047-C671-4174-8D81-DEFCD3F03186}'] + function Get_CurrentProfileTypes: Integer; safecall; + function Get_FirewallEnabled(profileType: NET_FW_PROFILE_TYPE2_): WordBool; safecall; + procedure Set_FirewallEnabled(profileType: NET_FW_PROFILE_TYPE2_; Enabled: WordBool); safecall; + function Get_ExcludedInterfaces(profileType: NET_FW_PROFILE_TYPE2_): OleVariant; safecall; + procedure Set_ExcludedInterfaces(profileType: NET_FW_PROFILE_TYPE2_; Interfaces: OleVariant); safecall; + function Get_BlockAllInboundTraffic(profileType: NET_FW_PROFILE_TYPE2_): WordBool; safecall; + procedure Set_BlockAllInboundTraffic(profileType: NET_FW_PROFILE_TYPE2_; Block: WordBool); safecall; + function Get_NotificationsDisabled(profileType: NET_FW_PROFILE_TYPE2_): WordBool; safecall; + procedure Set_NotificationsDisabled(profileType: NET_FW_PROFILE_TYPE2_; disabled: WordBool); safecall; + function Get_UnicastResponsesToMulticastBroadcastDisabled(profileType: NET_FW_PROFILE_TYPE2_): WordBool; safecall; + procedure Set_UnicastResponsesToMulticastBroadcastDisabled(profileType: NET_FW_PROFILE_TYPE2_; + disabled: WordBool); safecall; + function Get_Rules: INetFwRules; safecall; + function Get_ServiceRestriction: INetFwServiceRestriction; safecall; + procedure EnableRuleGroup(profileTypesBitmask: Integer; const group: WideString; + enable: WordBool); safecall; + function IsRuleGroupEnabled(profileTypesBitmask: Integer; const group: WideString): WordBool; safecall; + procedure RestoreLocalFirewallDefaults; safecall; + function Get_DefaultInboundAction(profileType: NET_FW_PROFILE_TYPE2_): NET_FW_ACTION_; safecall; + procedure Set_DefaultInboundAction(profileType: NET_FW_PROFILE_TYPE2_; Action: NET_FW_ACTION_); safecall; + function Get_DefaultOutboundAction(profileType: NET_FW_PROFILE_TYPE2_): NET_FW_ACTION_; safecall; + procedure Set_DefaultOutboundAction(profileType: NET_FW_PROFILE_TYPE2_; Action: NET_FW_ACTION_); safecall; + function Get_IsRuleGroupCurrentlyEnabled(const group: WideString): WordBool; safecall; + function Get_LocalPolicyModifyState: NET_FW_MODIFY_STATE_; safecall; + property CurrentProfileTypes: Integer read Get_CurrentProfileTypes; + property FirewallEnabled[profileType: NET_FW_PROFILE_TYPE2_]: WordBool read Get_FirewallEnabled write Set_FirewallEnabled; + property ExcludedInterfaces[profileType: NET_FW_PROFILE_TYPE2_]: OleVariant read Get_ExcludedInterfaces write Set_ExcludedInterfaces; + property BlockAllInboundTraffic[profileType: NET_FW_PROFILE_TYPE2_]: WordBool read Get_BlockAllInboundTraffic write Set_BlockAllInboundTraffic; + property NotificationsDisabled[profileType: NET_FW_PROFILE_TYPE2_]: WordBool read Get_NotificationsDisabled write Set_NotificationsDisabled; + property UnicastResponsesToMulticastBroadcastDisabled[profileType: NET_FW_PROFILE_TYPE2_]: WordBool read Get_UnicastResponsesToMulticastBroadcastDisabled write Set_UnicastResponsesToMulticastBroadcastDisabled; + property Rules: INetFwRules read Get_Rules; + property ServiceRestriction: INetFwServiceRestriction read Get_ServiceRestriction; + property DefaultInboundAction[profileType: NET_FW_PROFILE_TYPE2_]: NET_FW_ACTION_ read Get_DefaultInboundAction write Set_DefaultInboundAction; + property DefaultOutboundAction[profileType: NET_FW_PROFILE_TYPE2_]: NET_FW_ACTION_ read Get_DefaultOutboundAction write Set_DefaultOutboundAction; + property IsRuleGroupCurrentlyEnabled[const group: WideString]: WordBool read Get_IsRuleGroupCurrentlyEnabled; + property LocalPolicyModifyState: NET_FW_MODIFY_STATE_ read Get_LocalPolicyModifyState; + end; + +// *********************************************************************// +// DispIntf: INetFwPolicy2Disp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {98325047-C671-4174-8D81-DEFCD3F03186} +// *********************************************************************// + INetFwPolicy2Disp = dispinterface + ['{98325047-C671-4174-8D81-DEFCD3F03186}'] + property CurrentProfileTypes: Integer readonly dispid 1; + property FirewallEnabled[profileType: NET_FW_PROFILE_TYPE2_]: WordBool dispid 2; + property ExcludedInterfaces[profileType: NET_FW_PROFILE_TYPE2_]: OleVariant dispid 3; + property BlockAllInboundTraffic[profileType: NET_FW_PROFILE_TYPE2_]: WordBool dispid 4; + property NotificationsDisabled[profileType: NET_FW_PROFILE_TYPE2_]: WordBool dispid 5; + property UnicastResponsesToMulticastBroadcastDisabled[profileType: NET_FW_PROFILE_TYPE2_]: WordBool dispid 6; + property Rules: INetFwRules readonly dispid 7; + property ServiceRestriction: INetFwServiceRestriction readonly dispid 8; + procedure EnableRuleGroup(profileTypesBitmask: Integer; const group: WideString; + enable: WordBool); dispid 9; + function IsRuleGroupEnabled(profileTypesBitmask: Integer; const group: WideString): WordBool; dispid 10; + procedure RestoreLocalFirewallDefaults; dispid 11; + property DefaultInboundAction[profileType: NET_FW_PROFILE_TYPE2_]: NET_FW_ACTION_ dispid 12; + property DefaultOutboundAction[profileType: NET_FW_PROFILE_TYPE2_]: NET_FW_ACTION_ dispid 13; + property IsRuleGroupCurrentlyEnabled[const group: WideString]: WordBool readonly dispid 14; + property LocalPolicyModifyState: NET_FW_MODIFY_STATE_ readonly dispid 15; + end; + +// *********************************************************************// +// Schnittstelle: INetFwMgr +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {F7898AF5-CAC4-4632-A2EC-DA06E5111AF2} +// *********************************************************************// + INetFwMgr = interface(IDispatch) + ['{F7898AF5-CAC4-4632-A2EC-DA06E5111AF2}'] + function Get_LocalPolicy: INetFwPolicy; safecall; + function Get_CurrentProfileType: NET_FW_PROFILE_TYPE_; safecall; + procedure RestoreDefaults; safecall; + procedure IsPortAllowed(const imageFileName: WideString; IpVersion: NET_FW_IP_VERSION_; + portNumber: Integer; const localAddress: WideString; + ipProtocol: NET_FW_IP_PROTOCOL_; out allowed: OleVariant; + out restricted: OleVariant); safecall; + procedure IsIcmpTypeAllowed(IpVersion: NET_FW_IP_VERSION_; const localAddress: WideString; + Type_: Byte; out allowed: OleVariant; out restricted: OleVariant); safecall; + property LocalPolicy: INetFwPolicy read Get_LocalPolicy; + property CurrentProfileType: NET_FW_PROFILE_TYPE_ read Get_CurrentProfileType; + end; + +// *********************************************************************// +// DispIntf: INetFwMgrDisp +// Flags: (4416) Dual OleAutomation Dispatchable +// GUID: {F7898AF5-CAC4-4632-A2EC-DA06E5111AF2} +// *********************************************************************// + INetFwMgrDisp = dispinterface + ['{F7898AF5-CAC4-4632-A2EC-DA06E5111AF2}'] + property LocalPolicy: INetFwPolicy readonly dispid 1; + property CurrentProfileType: NET_FW_PROFILE_TYPE_ readonly dispid 2; + procedure RestoreDefaults; dispid 3; + procedure IsPortAllowed(const imageFileName: WideString; IpVersion: NET_FW_IP_VERSION_; + portNumber: Integer; const localAddress: WideString; + ipProtocol: NET_FW_IP_PROTOCOL_; out allowed: OleVariant; + out restricted: OleVariant); dispid 4; + procedure IsIcmpTypeAllowed(IpVersion: NET_FW_IP_VERSION_; const localAddress: WideString; + Type_: Byte; out allowed: OleVariant; out restricted: OleVariant); dispid 5; + end; + +implementation + +uses ComObj; + +end. diff -Nru stunnel4-5.49/tools/plugins/SimpleFC/Source/NSIS.pas stunnel4-5.50/tools/plugins/SimpleFC/Source/NSIS.pas --- stunnel4-5.49/tools/plugins/SimpleFC/Source/NSIS.pas 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/SimpleFC/Source/NSIS.pas 2007-04-16 18:25:02.000000000 +0000 @@ -0,0 +1,126 @@ +{ + Original Code from + (C) 2001 - Peter Windridge + + Code in seperate unit and some changes + 2003 by Bernhard Mayer + + Fixed and formatted by Brett Dever + http://editor.nfscheats.com/ + + simply include this unit in your plugin project and export + functions as needed +} + + +unit nsis; + +interface + +uses + windows; + +type + VarConstants = ( + INST_0, // $0 + INST_1, // $1 + INST_2, // $2 + INST_3, // $3 + INST_4, // $4 + INST_5, // $5 + INST_6, // $6 + INST_7, // $7 + INST_8, // $8 + INST_9, // $9 + INST_R0, // $R0 + INST_R1, // $R1 + INST_R2, // $R2 + INST_R3, // $R3 + INST_R4, // $R4 + INST_R5, // $R5 + INST_R6, // $R6 + INST_R7, // $R7 + INST_R8, // $R8 + INST_R9, // $R9 + INST_CMDLINE, // $CMDLINE + INST_INSTDIR, // $INSTDIR + INST_OUTDIR, // $OUTDIR + INST_EXEDIR, // $EXEDIR + INST_LANG, // $LANGUAGE + __INST_LAST + ); + TVariableList = INST_0..__INST_LAST; + pstack_t = ^stack_t; + stack_t = record + next: pstack_t; + text: PChar; + end; + +var + g_stringsize: integer; + g_stacktop: ^pstack_t; + g_variables: PChar; + g_hwndParent: HWND; + +procedure Init(const hwndParent: HWND; const string_size: integer; const variables: PChar; const stacktop: pointer); +function PopString(): string; +procedure PushString(const str: string=''); +function GetUserVariable(const varnum: TVariableList): string; +procedure SetUserVariable(const varnum: TVariableList; const value: string); +procedure NSISDialog(const text, caption: string; const buttons: integer); + +implementation + +procedure Init(const hwndParent: HWND; const string_size: integer; const variables: PChar; const stacktop: pointer); +begin + g_stringsize := string_size; + g_hwndParent := hwndParent; + g_stacktop := stacktop; + g_variables := variables; +end; + +function PopString(): string; +var + th: pstack_t; +begin + if integer(g_stacktop^) <> 0 then begin + th := g_stacktop^; + Result := PChar(@th.text); + g_stacktop^ := th.next; + GlobalFree(HGLOBAL(th)); + end; +end; + +procedure PushString(const str: string=''); +var + th: pstack_t; +begin + if integer(g_stacktop) <> 0 then begin + th := pstack_t(GlobalAlloc(GPTR, SizeOf(stack_t) + g_stringsize)); + lstrcpyn(@th.text, PChar(str), g_stringsize); + th.next := g_stacktop^; + g_stacktop^ := th; + end; +end; + +function GetUserVariable(const varnum: TVariableList): string; +begin + if (integer(varnum) >= 0) and (integer(varnum) < integer(__INST_LAST)) then + Result := g_variables + integer(varnum) * g_stringsize + else + Result := ''; +end; + +procedure SetUserVariable(const varnum: TVariableList; const value: string); +begin + if (value <> '') and (integer(varnum) >= 0) and (integer(varnum) < integer(__INST_LAST)) then + lstrcpy(g_variables + integer(varnum) * g_stringsize, PChar(value)) +end; + +procedure NSISDialog(const text, caption: string; const buttons: integer); +begin + MessageBox(g_hwndParent, PChar(text), PChar(caption), buttons); +end; + +begin +end. diff -Nru stunnel4-5.49/tools/plugins/SimpleFC/Source/ServiceControl.pas stunnel4-5.50/tools/plugins/SimpleFC/Source/ServiceControl.pas --- stunnel4-5.49/tools/plugins/SimpleFC/Source/ServiceControl.pas 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/SimpleFC/Source/ServiceControl.pas 2009-05-21 19:57:28.000000000 +0000 @@ -0,0 +1,987 @@ +{ +License Agreement + +This content is subject to the Mozilla Public License Version 1.1 (the "License"); +You may not use this plugin except in compliance with the License. You may +obtain a copy of the License at http://www.mozilla.org/MPL. + +Alternatively, you may redistribute this library, use and/or modify it +under the terms of the GNU Lesser General Public License as published +by the Free Software Foundation; either version 2.1 of the License, +or (at your option) any later version. You may obtain a copy +of the LGPL at www.gnu.org/copyleft. + +Software distributed under the License is distributed on an "AS IS" basis, +WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +for the specific language governing rights and limitations under the License. + +The original code is ServiceControl.pas, released April 16, 2007. + +The initial developer of the original code is Rainer Budde (http://www.speed-soft.de). + +SimpleSC - NSIS Service Control Plugin is written, published and maintaned by +Rainer Budde (rainer@speed-soft.de). +} +unit ServiceControl; + +interface + +uses + Windows, SysUtils, WinSvc; + + function InstallService(ServiceName, DisplayName: String; ServiceType: DWORD; StartType: DWORD; BinaryPathName: String; Dependencies: String; Username: String; Password: String): Integer; + function RemoveService(ServiceName: String): Integer; + function GetServiceName(DisplayName: String; var Name: String): Integer; + function GetServiceDisplayName(ServiceName: String; var Name: String): Integer; + function GetServiceStatus(ServiceName: String; var Status: DWORD): Integer; + function GetServiceBinaryPath(ServiceName: String; var BinaryPath: String): Integer; + function GetServiceStartType(ServiceName: String; var StartType: DWORD): Integer; + function GetServiceDescription(ServiceName: String; var Description: String): Integer; + function GetServiceLogon(ServiceName: String; var Username: String): Integer; + function SetServiceStartType(ServiceName: String; StartType: DWORD): Integer; + function SetServiceDescription(ServiceName: String; Description: String): Integer; + function SetServiceLogon(ServiceName: String; Username: String; Password: String): Integer; + function SetServiceBinaryPath(ServiceName: String; BinaryPath: String): Integer; + function ServiceIsRunning(ServiceName: String; var IsRunning: Boolean): Integer; + function ServiceIsStopped(ServiceName: String; var IsStopped: Boolean): Integer; + function ServiceIsPaused(ServiceName: String; var IsPaused: Boolean): Integer; + function StartService(ServiceName: String; ServiceArguments: String): Integer; + function StopService(ServiceName: String): Integer; + function PauseService(ServiceName: String): Integer; + function ContinueService(ServiceName: String): Integer; + function RestartService(ServiceName: String; ServiceArguments: String): Integer; + function ExistsService(ServiceName: String): Integer; + function GetErrorMessage(ErrorCode: Integer): String; + +implementation + +function WaitForStatus(ServiceName: String; Status: DWord): Integer; +var + CurrentStatus: DWord; + StatusResult: Integer; + StatusReached: Boolean; + TimeOutReached: Boolean; + StartTickCount: Cardinal; +const + STATUS_TIMEOUT = 30000; + WAIT_TIMEOUT = 250; +begin + Result := 0; + + StatusReached := False; + TimeOutReached := False; + + StartTickCount := GetTickCount; + + while not StatusReached and not TimeOutReached do + begin + StatusResult := GetServiceStatus(ServiceName, CurrentStatus); + + if StatusResult = 0 then + begin + if Status = CurrentStatus then + StatusReached := True + else + Sleep(WAIT_TIMEOUT); + end + else + Result := StatusResult; + + if (StartTickCount + STATUS_TIMEOUT) < GetTickCount then + begin + TimeOutReached := True; + Result := ERROR_SERVICE_REQUEST_TIMEOUT; + end; + end; + +end; + +function ExistsService(ServiceName: String): Integer; +var + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; +begin + Result := 0; + + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_CONNECT); + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_QUERY_CONFIG); + + if ServiceHandle > 0 then + CloseServiceHandle(ServiceHandle) + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function StartService(ServiceName: String; ServiceArguments: String): Integer; +type + TArguments = Array of PChar; +var + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + ServiceArgVectors: TArguments; + NumServiceArgs: DWORD; +const + ArgDelimitterQuote: String = '"'; + ArgDelimitterWhiteSpace: String = ' '; + + procedure GetServiceArguments(ServiceArguments: String; var NumServiceArgs: DWORD; var ServiceArgVectors: TArguments); + var + Param: String; + Split: Boolean; + Quoted: Boolean; + CharIsDelimitter: Boolean; + begin + ServiceArgVectors := nil; + NumServiceArgs := 0; + + Quoted := False; + + while Length(ServiceArguments) > 0 do + begin + Split := False; + CharIsDelimitter := False; + + if ServiceArguments[1] = ' ' then + if not Quoted then + begin + CharIsDelimitter := True; + Split := True; + end; + + if ServiceArguments[1] = '"' then + begin + Quoted := not Quoted; + CharIsDelimitter := True; + + if not Quoted then + Split := True; + end; + + if not CharIsDelimitter then + Param := Param + ServiceArguments[1]; + + if Split or (Length(ServiceArguments) = 1) then + begin + SetLength(ServiceArgVectors, Length(ServiceArgVectors) + 1); + GetMem(ServiceArgVectors[Length(ServiceArgVectors) -1], Length(Param) + 1); + StrPCopy(ServiceArgVectors[Length(ServiceArgVectors) -1], Param); + + Param := ''; + + Delete(ServiceArguments, 1, 1); + ServiceArguments := Trim(ServiceArguments); + end + else + Delete(ServiceArguments, 1, 1); + + end; + + if Length(ServiceArgVectors) > 0 then + NumServiceArgs := Length(ServiceArgVectors); + end; + + procedure FreeServiceArguments(ServiceArgVectors: TArguments); + var + i: Integer; + begin + if Length(ServiceArgVectors) > 0 then + for i := 0 to Length(ServiceArgVectors) -1 do + FreeMem(ServiceArgVectors[i]); + end; + +begin + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_CONNECT); + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_START); + + if ServiceHandle > 0 then + begin + GetServiceArguments(ServiceArguments, NumServiceArgs, ServiceArgVectors); + + if WinSvc.StartService(ServiceHandle, NumServiceArgs, ServiceArgVectors[0]) then + Result := WaitForStatus(ServiceName, SERVICE_RUNNING) + else + Result := System.GetLastError; + + FreeServiceArguments(ServiceArgVectors); + + CloseServiceHandle(ServiceHandle); + end + else + Result := System.GetLastError; + + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function StopService(ServiceName: String): Integer; +var + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + ServiceStatus: TServiceStatus; + Dependencies: PEnumServiceStatus; + BytesNeeded: Cardinal; + ServicesReturned: Cardinal; + ServicesEnumerated: Boolean; + EnumerationSuccess: Boolean; + i: Cardinal; +begin + Result := 0; + + BytesNeeded := 0; + ServicesReturned := 0; + + Dependencies := nil; + ServicesEnumerated := False; + + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_CONNECT or SC_MANAGER_ENUMERATE_SERVICE); + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_STOP or SERVICE_ENUMERATE_DEPENDENTS); + + if ServiceHandle > 0 then + begin + if not EnumDependentServices(ServiceHandle, SERVICE_ACTIVE, Dependencies^, 0, BytesNeeded, ServicesReturned) then + begin + ServicesEnumerated := True; + GetMem(Dependencies, BytesNeeded); + + EnumerationSuccess := EnumDependentServices(ServiceHandle, SERVICE_ACTIVE, Dependencies^, BytesNeeded, BytesNeeded, ServicesReturned); + + if EnumerationSuccess and (ServicesReturned > 0) then + begin + for i := 1 to ServicesReturned do + begin + Result := StopService(Dependencies.lpServiceName); + + if Result <> 0 then + Break; + + Inc(Dependencies); + end; + end + else + Result := System.GetLastError; + end; + + if (ServicesEnumerated and (Result = 0)) or not ServicesEnumerated then + begin + if ControlService(ServiceHandle, SERVICE_CONTROL_STOP, ServiceStatus) then + Result := WaitForStatus(ServiceName, SERVICE_STOPPED) + else + Result := System.GetLastError + end; + + CloseServiceHandle(ServiceHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function PauseService(ServiceName: String): Integer; +var + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + ServiceStatus: TServiceStatus; +begin + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_CONNECT); + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_PAUSE_CONTINUE); + + if ServiceHandle > 0 then + begin + + if ControlService(ServiceHandle, SERVICE_CONTROL_PAUSE, ServiceStatus) then + Result := WaitForStatus(ServiceName, SERVICE_PAUSED) + else + Result := System.GetLastError; + + CloseServiceHandle(ServiceHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function ContinueService(ServiceName: String): Integer; +var + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + ServiceStatus: TServiceStatus; +begin + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_CONNECT); + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_PAUSE_CONTINUE); + + if ServiceHandle > 0 then + begin + + if ControlService(ServiceHandle, SERVICE_CONTROL_CONTINUE, ServiceStatus) then + Result := WaitForStatus(ServiceName, SERVICE_RUNNING) + else + Result := System.GetLastError; + + CloseServiceHandle(ServiceHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function GetServiceName(DisplayName: String; var Name: String): Integer; +var + ManagerHandle: SC_HANDLE; + ServiceName: PChar; + ServiceBuffer: Cardinal; +begin + Result := 0; + + ServiceBuffer := 255; + ServiceName := StrAlloc(ServiceBuffer+1); + + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_CONNECT); + + if ManagerHandle > 0 then + begin + if WinSvc.GetServiceKeyName(ManagerHandle, PChar(DisplayName), ServiceName, ServiceBuffer) then + Name := ServiceName + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function GetServiceDisplayName(ServiceName: String; var Name: String): Integer; +var + ManagerHandle: SC_HANDLE; + DisplayName: PChar; + ServiceBuffer: Cardinal; +begin + Result := 0; + + ServiceBuffer := 255; + DisplayName := StrAlloc(ServiceBuffer+1); + + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_CONNECT); + + if ManagerHandle > 0 then + begin + if WinSvc.GetServiceDisplayName(ManagerHandle, PChar(ServiceName), DisplayName, ServiceBuffer) then + Name := DisplayName + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function GetServiceStatus(ServiceName: String; var Status: DWORD): Integer; +var + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + ServiceStatus: TServiceStatus; +begin + Result := 0; + + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_CONNECT); + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_QUERY_STATUS); + + if ServiceHandle > 0 then + begin + if QueryServiceStatus(ServiceHandle, ServiceStatus) then + Status := ServiceStatus.dwCurrentState + else + Result := System.GetLastError; + + CloseServiceHandle(ServiceHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function GetServiceBinaryPath(ServiceName: String; var BinaryPath: String): Integer; +var + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + BytesNeeded: DWORD; + ServiceConfig: PQueryServiceConfig; +begin + Result := 0; + ServiceConfig := nil; + + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_CONNECT); + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_QUERY_CONFIG); + + if ServiceHandle > 0 then + begin + + if not QueryServiceConfig(ServiceHandle, ServiceConfig, 0, BytesNeeded) and (System.GetLastError = ERROR_INSUFFICIENT_BUFFER) then + begin + GetMem(ServiceConfig, BytesNeeded); + + if QueryServiceConfig(ServiceHandle, ServiceConfig, BytesNeeded, BytesNeeded) then + BinaryPath := ServiceConfig^.lpBinaryPathName + else + Result := System.GetLastError; + + FreeMem(ServiceConfig); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ServiceHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function GetServiceStartType(ServiceName: String; var StartType: DWORD): Integer; +var + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + BytesNeeded: DWORD; + ServiceConfig: PQueryServiceConfig; +begin + Result := 0; + ServiceConfig := nil; + + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_CONNECT); + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_QUERY_CONFIG); + + if ServiceHandle > 0 then + begin + + if not QueryServiceConfig(ServiceHandle, ServiceConfig, 0, BytesNeeded) and (System.GetLastError = ERROR_INSUFFICIENT_BUFFER) then + begin + GetMem(ServiceConfig, BytesNeeded); + + if QueryServiceConfig(ServiceHandle, ServiceConfig, BytesNeeded, BytesNeeded) then + StartType := ServiceConfig^.dwStartType + else + Result := System.GetLastError; + + FreeMem(ServiceConfig); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ServiceHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function GetServiceDescription(ServiceName: String; var Description: String): Integer; +const + SERVICE_CONFIG_DESCRIPTION = 1; +type + TServiceDescription = record + lpDescription: PAnsiChar; + end; + PServiceDescription = ^TServiceDescription; +var + QueryServiceConfig2: function(hService: SC_HANDLE; dwInfoLevel: DWORD; pBuffer: Pointer; cbBufSize: DWORD; var cbBytesNeeded: Cardinal): BOOL; stdcall; + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + LockHandle: SC_LOCK; + ServiceDescription: PServiceDescription; + BytesNeeded: Cardinal; +begin + Result := 0; + + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_LOCK); + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_QUERY_CONFIG); + + if ServiceHandle > 0 then + begin + LockHandle := LockServiceDatabase(ManagerHandle); + + if LockHandle <> nil then + begin + @QueryServiceConfig2 := GetProcAddress(GetModuleHandle(advapi32), 'QueryServiceConfig2A'); + + if Assigned(@QueryServiceConfig2) then + begin + + if not QueryServiceConfig2(ServiceHandle, SERVICE_CONFIG_DESCRIPTION, nil, 0, BytesNeeded) and (System.GetLastError = ERROR_INSUFFICIENT_BUFFER) then + begin + GetMem(ServiceDescription, BytesNeeded); + + if QueryServiceConfig2(ServiceHandle, SERVICE_CONFIG_DESCRIPTION, ServiceDescription, BytesNeeded, BytesNeeded) then + Description := ServiceDescription.lpDescription + else + Result := System.GetLastError; + + FreeMem(ServiceDescription); + end + else + Result := System.GetLastError; + + end + else + Result := System.GetLastError; + + UnlockServiceDatabase(LockHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ServiceHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function GetServiceLogon(ServiceName: String; var Username: String): Integer; +var + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + BytesNeeded: DWORD; + ServiceConfig: PQueryServiceConfig; +begin + Result := 0; + ServiceConfig := nil; + + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_CONNECT); + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_QUERY_CONFIG); + + if ServiceHandle > 0 then + begin + + if not QueryServiceConfig(ServiceHandle, ServiceConfig, 0, BytesNeeded) and (System.GetLastError = ERROR_INSUFFICIENT_BUFFER) then + begin + GetMem(ServiceConfig, BytesNeeded); + + if QueryServiceConfig(ServiceHandle, ServiceConfig, BytesNeeded, BytesNeeded) then + Username := ServiceConfig^.lpServiceStartName + else + Result := System.GetLastError; + + FreeMem(ServiceConfig); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ServiceHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function SetServiceDescription(ServiceName: String; Description: String): Integer; +const + SERVICE_CONFIG_DESCRIPTION = 1; +var + ChangeServiceConfig2: function(hService: SC_HANDLE; dwInfoLevel: DWORD; lpInfo: Pointer): BOOL; stdcall; + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + LockHandle: SC_LOCK; +begin + Result := 0; + + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_LOCK); + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_CHANGE_CONFIG); + + if ServiceHandle > 0 then + begin + LockHandle := LockServiceDatabase(ManagerHandle); + + if LockHandle <> nil then + begin + @ChangeServiceConfig2 := GetProcAddress(GetModuleHandle(advapi32), 'ChangeServiceConfig2A'); + + if Assigned(@ChangeServiceConfig2) then + begin + if not ChangeServiceConfig2(ServiceHandle, SERVICE_CONFIG_DESCRIPTION, @Description) then + Result := System.GetLastError; + end + else + Result := System.GetLastError; + + UnlockServiceDatabase(LockHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ServiceHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function SetServiceStartType(ServiceName: String; StartType: DWORD): Integer; +var + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + LockHandle: SC_LOCK; +begin + Result := 0; + + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_LOCK); + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_CHANGE_CONFIG); + + if ServiceHandle > 0 then + begin + LockHandle := LockServiceDatabase(ManagerHandle); + + if LockHandle <> nil then + begin + if not ChangeServiceConfig(ServiceHandle, SERVICE_NO_CHANGE, StartType, SERVICE_NO_CHANGE, nil, nil, nil, nil, nil, nil, nil) then + Result := System.GetLastError; + + UnlockServiceDatabase(LockHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ServiceHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function SetServiceLogon(ServiceName: String; Username: String; Password: String): Integer; +var + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + LockHandle: SC_LOCK; +begin + Result := 0; + + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_LOCK); + + if Pos('\', Username) = 0 then + Username := '.\' + Username; + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_CHANGE_CONFIG); + + if ServiceHandle > 0 then + begin + LockHandle := LockServiceDatabase(ManagerHandle); + + if LockHandle <> nil then + begin + if not ChangeServiceConfig(ServiceHandle, SERVICE_NO_CHANGE, SERVICE_NO_CHANGE, SERVICE_NO_CHANGE, nil, nil, nil, nil, PChar(Username), PChar(Password), nil) then + Result := System.GetLastError; + + UnlockServiceDatabase(LockHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ServiceHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function SetServiceBinaryPath(ServiceName: String; BinaryPath: String): Integer; +var + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + LockHandle: SC_LOCK; +begin + Result := 0; + + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_LOCK); + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_CHANGE_CONFIG); + + if ServiceHandle > 0 then + begin + LockHandle := LockServiceDatabase(ManagerHandle); + + if LockHandle <> nil then + begin + if not ChangeServiceConfig(ServiceHandle, SERVICE_NO_CHANGE, SERVICE_NO_CHANGE, SERVICE_NO_CHANGE, PChar(BinaryPath), nil, nil, nil, nil, nil, nil) then + Result := System.GetLastError; + + UnlockServiceDatabase(LockHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ServiceHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function ServiceIsRunning(ServiceName: String; var IsRunning: Boolean): Integer; +var + Status: DWORD; +begin + Result := GetServiceStatus(ServiceName, Status); + + if Result = 0 then + IsRunning := Status = SERVICE_RUNNING + else + IsRunning := False; +end; + +function ServiceIsStopped(ServiceName: String; var IsStopped: Boolean): Integer; +var + Status: DWORD; +begin + Result := GetServiceStatus(ServiceName, Status); + + if Result = 0 then + IsStopped := Status = SERVICE_STOPPED + else + IsStopped := False; +end; + +function ServiceIsPaused(ServiceName: String; var IsPaused: Boolean): Integer; +var + Status: DWORD; +begin + Result := GetServiceStatus(ServiceName, Status); + + if Result = 0 then + IsPaused := Status = SERVICE_PAUSED + else + IsPaused := False; +end; + +function RestartService(ServiceName: String; ServiceArguments: String): Integer; +begin + Result := StopService(ServiceName); + + if Result = 0 then + Result := StartService(ServiceName, ServiceArguments); +end; + +function InstallService(ServiceName, DisplayName: String; ServiceType: DWORD; + StartType: DWORD; BinaryPathName: String; Dependencies: String; + Username: String; Password: String): Integer; +var + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + PDependencies: PChar; + PUsername: PChar; + PPassword: PChar; +const + ReplaceDelimitter: String = '/'; + + function Replace(Value: String): String; + begin + while Pos(ReplaceDelimitter, Value) <> 0 do + begin + Result := Result + Copy(Value, 1, Pos(ReplaceDelimitter, Value) -1) + Chr(0); + Delete(Value, 1, Pos(ReplaceDelimitter, Value)); + end; + + Result := Result + Value + Chr(0) + Chr(0); + end; + +begin + Result := 0; + + if Dependencies = '' then + PDependencies := nil + else + PDependencies := PChar(Replace(Dependencies)); + + if UserName = '' then + PUsername := nil + else + PUsername := PChar(Username); + + if Password = '' then + PPassword := nil + else + PPassword := PChar(Password); + + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_ALL_ACCESS); + + if ManagerHandle > 0 then + begin + ServiceHandle := CreateService(ManagerHandle, + PChar(ServiceName), + PChar(DisplayName), + SERVICE_START or SERVICE_QUERY_STATUS or _DELETE, + ServiceType, + StartType, + SERVICE_ERROR_NORMAL, + PChar(BinaryPathName), + nil, + nil, + PDependencies, + PUsername, + PPassword); + + if ServiceHandle <> 0 then + CloseServiceHandle(ServiceHandle) + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; +end; + +function RemoveService(ServiceName: String): Integer; +var + ManagerHandle: SC_HANDLE; + ServiceHandle: SC_HANDLE; + LockHandle: SC_LOCK; + IsStopped: Boolean; + Deleted: Boolean; +begin + IsStopped := False; + + Result := ServiceIsStopped(ServiceName, IsStopped); + + if Result = 0 then + if not IsStopped then + Result := StopService(ServiceName); + + if Result = 0 then + begin + ManagerHandle := OpenSCManager('', nil, SC_MANAGER_ALL_ACCESS); + + if ManagerHandle > 0 then + begin + ServiceHandle := OpenService(ManagerHandle, PChar(ServiceName), SERVICE_ALL_ACCESS); + + if ServiceHandle > 0 then + begin + LockHandle := LockServiceDatabase(ManagerHandle); + + if LockHandle <> nil then + begin + Deleted := DeleteService(ServiceHandle); + + if not Deleted then + Result := System.GetLastError; + + UnlockServiceDatabase(LockHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ServiceHandle); + end + else + Result := System.GetLastError; + + CloseServiceHandle(ManagerHandle); + end + else + Result := System.GetLastError; + end; +end; + +function GetErrorMessage(ErrorCode: Integer): String; +begin + Result := SysErrorMessage(ErrorCode); +end; + +end. diff -Nru stunnel4-5.49/tools/plugins/SimpleFC/Source/SimpleFC.cfg stunnel4-5.50/tools/plugins/SimpleFC/Source/SimpleFC.cfg --- stunnel4-5.49/tools/plugins/SimpleFC/Source/SimpleFC.cfg 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/SimpleFC/Source/SimpleFC.cfg 2007-08-02 19:19:12.000000000 +0000 @@ -0,0 +1,35 @@ +-$A8 +-$B- +-$C+ +-$D+ +-$E- +-$F- +-$G+ +-$H+ +-$I+ +-$J- +-$K- +-$L+ +-$M- +-$N+ +-$O- +-$P+ +-$Q- +-$R- +-$S- +-$T- +-$U- +-$V+ +-$W- +-$X+ +-$YD +-$Z1 +-cg +-AWinTypes=Windows;WinProcs=Windows;DbiTypes=BDE;DbiProcs=BDE;DbiErrs=BDE; +-H+ +-W+ +-M +-$M16384,1048576 +-K$00400000 +-LE"c:\programme\borland\delphi6\Projects\Bpl" +-LN"c:\programme\borland\delphi6\Projects\Bpl" diff -Nru stunnel4-5.49/tools/plugins/SimpleFC/Source/SimpleFC.dof stunnel4-5.50/tools/plugins/SimpleFC/Source/SimpleFC.dof --- stunnel4-5.49/tools/plugins/SimpleFC/Source/SimpleFC.dof 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/SimpleFC/Source/SimpleFC.dof 2007-08-02 19:19:12.000000000 +0000 @@ -0,0 +1,90 @@ +[FileVersion] +Version=6.0 +[Compiler] +A=8 +B=0 +C=1 +D=1 +E=0 +F=0 +G=1 +H=1 +I=1 +J=0 +K=0 +L=1 +M=0 +N=1 +O=0 +P=1 +Q=0 +R=0 +S=0 +T=0 +U=0 +V=1 +W=0 +X=1 +Y=1 +Z=1 +ShowHints=1 +ShowWarnings=1 +UnitAliases=WinTypes=Windows;WinProcs=Windows;DbiTypes=BDE;DbiProcs=BDE;DbiErrs=BDE; +[Linker] +MapFile=0 +OutputObjs=0 +ConsoleApp=1 +DebugInfo=0 +RemoteSymbols=0 +MinStackSize=16384 +MaxStackSize=1048576 +ImageBase=4194304 +ExeDescription= +[Directories] +OutputDir= +UnitOutputDir= +PackageDLLOutputDir= +PackageDCPOutputDir= +SearchPath= +Packages=vcl;rtl;vclx;VclSmp;vclshlctrls;dbrtl;adortl;vcldb;qrpt;bdertl;vcldbx;dsnap;cds;bdecds;teeui;teedb;tee;teeqr;ibxpress;visualclx;visualdbclx;vclie;xmlrtl;inet;inetdbbde;inetdbxpress;inetdb;nmfast;dbexpress;dbxcds;dclOffice2k;soaprtl;Jcl;VirtualTreesD6;VirtualShellToolsD6;VirtualExplorerListviewExD6;ThemeManagerD6;JclVcl;JvCoreD6R;JvSystemD6R;JvStdCtrlsD6R;JvAppFrmD6R;JvBandsD6R;JvDBD6R;JvDlgsD6R;JvBDED6R;JvCmpD6R;JvCryptD6R;JvCtrlsD6R;JvCustomD6R;JvDockingD6R;JvDotNetCtrlsD6R;JvEDID6R;JvGlobusD6R;JvHMID6R;JvInterpreterD6R;JvJansD6R;JvManagedThreadsD6R;JvMMD6R;JvNetD6R;JvPageCompsD6R;JvPluginD6R;JvPrintPreviewD6R;JvRuntimeDesignD6R;JvTimeFrameworkD6R;JvUIBD6R;JvValidatorsD6R;JvWizardD6R;JvXPCtrlsD6R;FModPackage;NetBrowserPackage;ThreadCopyPackage;TMSMenusD6;DSPack_D6;SNTPServer +Conditionals= +DebugSourceDirs= +UsePackages=0 +[Parameters] +RunParams= +HostApplication= +Launcher= +UseLauncher=0 +DebugCWD= +[Language] +ActiveLang= +ProjectLang= +RootDir= +[Version Info] +IncludeVerInfo=0 +AutoIncBuild=0 +MajorVer=1 +MinorVer=0 +Release=0 +Build=0 +Debug=0 +PreRelease=0 +Special=0 +Private=0 +DLL=0 +Locale=1031 +CodePage=1252 +[Version Info Keys] +CompanyName= +FileDescription= +FileVersion=1.0.0.0 +InternalName= +LegalCopyright= +LegalTrademarks= +OriginalFilename= +ProductName= +ProductVersion=1.0.0.0 +Comments= +[HistoryLists\hlUnitAliases] +Count=1 +Item0=WinTypes=Windows;WinProcs=Windows;DbiTypes=BDE;DbiProcs=BDE;DbiErrs=BDE; diff -Nru stunnel4-5.49/tools/plugins/SimpleFC/Source/SimpleFC.dpr stunnel4-5.50/tools/plugins/SimpleFC/Source/SimpleFC.dpr --- stunnel4-5.49/tools/plugins/SimpleFC/Source/SimpleFC.dpr 1970-01-01 00:00:00.000000000 +0000 +++ stunnel4-5.50/tools/plugins/SimpleFC/Source/SimpleFC.dpr 2007-08-02 19:19:14.000000000 +0000 @@ -0,0 +1,626 @@ +library SimpleFC; + +uses + NSIS, Windows, FirewallControl, SysUtils; + +function ResultToStr(Value: Boolean): String; +begin + if Value then + result := '0' + else + result := '1'; +end; + +function BoolToStr(Value: Boolean): String; +begin + if Value then + result := '1' + else + result := '0'; +end; + +function StrToBool(Value: String): Boolean; +begin + if Value = '1' then + result := True + else + result := False; +end; + +procedure AddPort(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Port: Integer; + Name: String; + Protocol: NET_FW_IP_PROTOCOL; + Scope: NET_FW_SCOPE; + Enabled: Boolean; + IpVersion: NET_FW_IP_VERSION; + RemoteAddresses: String; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Port := StrToInt(PopString); + Name := PopString; + Protocol := NET_FW_IP_PROTOCOL(StrToInt(PopString)); + Scope := NET_FW_SCOPE(StrToInt(PopString)); + IpVersion := NET_FW_IP_VERSION(StrToInt(PopString)); + RemoteAddresses := PopString; + Enabled := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.AddPort(Port, + Name, + Protocol, + Scope, + IpVersion, + RemoteAddresses, + Enabled) = 0); + PushString(FirewallResult); +end; + +procedure RemovePort(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Port: Integer; + Protocol: NET_FW_IP_PROTOCOL; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Port := StrToInt(PopString); + Protocol := NET_FW_IP_PROTOCOL(StrToInt(PopString)); + + FirewallResult := ResultToStr(FirewallControl.RemovePort(Port, Protocol) = 0); + PushString(FirewallResult); +end; + +procedure AddApplication(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Name: String; + BinaryPath: String; + IpVersion: NET_FW_IP_VERSION; + Scope: NET_FW_SCOPE; + RemoteAdresses: String; + Enabled: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Name := PopString; + BinaryPath := PopString; + Scope := NET_FW_SCOPE(StrToInt(PopString)); + IpVersion := NET_FW_IP_VERSION(StrToInt(PopString)); + RemoteAdresses := PopString; + Enabled := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.AddApplication(Name, + BinaryPath, + Scope, + IpVersion, + RemoteAdresses, + Enabled) = 0); + PushString(FirewallResult); +end; + +procedure RemoveApplication(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + BinaryPath: String; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + BinaryPath := PopString; + + FirewallResult := ResultToStr(FirewallControl.RemoveApplication(BinaryPath) = 0); + PushString(FirewallResult); +end; + +procedure IsPortAdded(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Port: Integer; + Protocol: NET_FW_IP_PROTOCOL; + Added: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Port := StrToInt(PopString); + Protocol := NET_FW_IP_PROTOCOL(StrToInt(PopString)); + + FirewallResult := ResultToStr(FirewallControl.IsPortAdded(Port, Protocol, Added) = 0); + PushString(BoolToStr(Added)); + PushString(FirewallResult); +end; + +procedure IsApplicationAdded(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + BinaryPath: String; + Added: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + BinaryPath := PopString; + + FirewallResult := ResultToStr(FirewallControl.IsApplicationAdded(BinaryPath, Added) = 0); + PushString(BoolToStr(Added)); + PushString(FirewallResult); +end; + +procedure IsPortEnabled(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Port: Integer; + Protocol: NET_FW_IP_PROTOCOL; + Enabled: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Port := StrToInt(PopString); + Protocol := NET_FW_IP_PROTOCOL(StrToInt(PopString)); + + FirewallResult := ResultToStr(FirewallControl.IsPortEnabled(Port, Protocol, Enabled) = 0); + PushString(BoolToStr(Enabled)); + PushString(FirewallResult); +end; + +procedure IsApplicationEnabled(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + BinaryPath: String; + Enabled: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + BinaryPath := PopString; + + FirewallResult := ResultToStr(FirewallControl.IsApplicationEnabled(BinaryPath, Enabled) = 0); + PushString(BoolToStr(Enabled)); + PushString(FirewallResult); +end; + +procedure EnableDisablePort(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Port: Integer; + Protocol: NET_FW_IP_PROTOCOL; + Enabled: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Port := StrToInt(PopString); + Protocol := NET_FW_IP_PROTOCOL(StrToInt(PopString)); + Enabled := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.EnableDisablePort(Port, Protocol, Enabled) = 0); + PushString(FirewallResult); +end; + +procedure EnableDisableApplication(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + BinaryPath: String; + Enabled: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + BinaryPath := PopString; + Enabled := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.EnableDisableApplication(BinaryPath, Enabled) = 0); + PushString(FirewallResult); +end; + +procedure IsFirewallEnabled(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Enabled: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + FirewallResult := ResultToStr(FirewallControl.IsFirewallEnabled(Enabled) = 0); + PushString(BoolToStr(Enabled)); + PushString(FirewallResult); +end; + +procedure EnableDisableFirewall(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Enabled: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Enabled := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.EnableDisableFirewall(Enabled) = 0); + PushString(FirewallResult); +end; + +procedure AllowDisallowExceptionsNotAllowed(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + NotAllowed: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + NotAllowed := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.AllowDisallowExceptionsNotAllowed(NotAllowed) = 0); + PushString(FirewallResult); +end; + +procedure AreExceptionsNotAllowed(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + NotAllowed: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + FirewallResult := ResultToStr(FirewallControl.AreExceptionsNotAllowed(NotAllowed) = 0); + PushString(BoolToStr(NotAllowed)); + PushString(FirewallResult); +end; + +procedure EnableDisableNotifications(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Enabled: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Enabled := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.EnableDisableNotifications(Enabled) = 0); + PushString(BoolToStr(Enabled)); + PushString(FirewallResult); +end; + +procedure AreNotificationsEnabled(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Enabled: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + FirewallResult := ResultToStr(FirewallControl.AreNotificationsEnabled(Enabled) = 0); + PushString(BoolToStr(Enabled)); + PushString(FirewallResult); +end; + +procedure StartStopFirewallService(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Enabled: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Enabled := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.StartStopFirewallService(Enabled)); + PushString(FirewallResult); +end; + +procedure IsFirewallServiceRunning(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + IsRunning: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + FirewallResult := ResultToStr(FirewallControl.IsFirewallServiceRunning(IsRunning)); + PushString(BoolToStr(IsRunning)); + PushString(FirewallResult); +end; + +procedure RestoreDefaults(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + FirewallResult := ResultToStr(FirewallControl.RestoreDefaults = 0); + PushString(FirewallResult); +end; + +procedure AllowDisallowIcmpOutboundDestinationUnreachable(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Allow: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Allow := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.AllowDisallowIcmpOutboundDestinationUnreachable(Allow) = 0); + PushString(FirewallResult); +end; + +procedure AllowDisallowIcmpRedirect(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Allow: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Allow := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.AllowDisallowIcmpRedirect(Allow) = 0); + PushString(FirewallResult); +end; + +procedure AllowDisallowIcmpInboundEchoRequest(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Allow: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Allow := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.AllowDisallowIcmpInboundEchoRequest(Allow) = 0); + PushString(FirewallResult); +end; + +procedure AllowDisallowIcmpOutboundTimeExceeded(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Allow: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Allow := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.AllowDisallowIcmpOutboundTimeExceeded(Allow) = 0); + PushString(FirewallResult); +end; + +procedure AllowDisallowIcmpOutboundParameterProblem(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Allow: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Allow := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.AllowDisallowIcmpOutboundParameterProblem(Allow) = 0); + PushString(FirewallResult); +end; + +procedure AllowDisallowIcmpOutboundSourceQuench(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Allow: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Allow := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.AllowDisallowIcmpOutboundSourceQuench(Allow) = 0); + PushString(FirewallResult); +end; + +procedure AllowDisallowIcmpInboundRouterRequest(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Allow: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Allow := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.AllowDisallowIcmpInboundRouterRequest(Allow) = 0); + PushString(FirewallResult); +end; + +procedure AllowDisallowIcmpInboundTimestampRequest(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Allow: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Allow := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.AllowDisallowIcmpInboundTimestampRequest(Allow) = 0); + PushString(FirewallResult); +end; + +procedure AllowDisallowIcmpInboundMaskRequest(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Allow: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Allow := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.AllowDisallowIcmpInboundMaskRequest(Allow) = 0); + PushString(FirewallResult); +end; + +procedure AllowDisallowIcmpOutboundPacketTooBig(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Allow: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Allow := StrToBool(PopString); + + FirewallResult := ResultToStr(FirewallControl.AllowDisallowIcmpOutboundPacketTooBig(Allow) = 0); + PushString(FirewallResult); +end; + +procedure IsIcmpTypeAllowed(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + IpVersion: NET_FW_IP_VERSION; + LocalAddress: String; + IcmpType: NET_FW_ICMP_TYPE; + Allowed: Boolean; + Restricted: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + IpVersion := NET_FW_IP_VERSION(StrToInt(PopString)); + LocalAddress := PopString; + IcmpType := NET_FW_ICMP_TYPE(StrToInt(PopString)); + + FirewallResult := ResultToStr(FirewallControl.IsIcmpTypeAllowed(IpVersion, + LocalAddress, + IcmpType, + Allowed, + Restricted) = 0); + PushString(BoolToStr(Allowed)); + PushString(BoolToStr(Restricted)); + PushString(FirewallResult); +end; + +procedure AdvAddRule(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Name: String; + Description: String; + Protocol: NET_FW_IP_PROTOCOL; + IcmpTypesAndCodes: String; + ApplicationName: String; + Direction: NET_FW_RULE_DIRECTION; + Enabled: Boolean; + Group: String; + Profile: NET_FW_PROFILE_TYPE2; + Action: NET_FW_ACTION; + LocalPorts: String; + RemotePorts: String; + LocalAddress: String; + RemoteAddress: String; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Name := PopString; + Description := PopString; + Protocol := NET_FW_IP_PROTOCOL(StrToInt(PopString)); + Direction := NET_FW_RULE_DIRECTION(StrToInt(PopString)); + Enabled := StrToBool(PopString); + Profile := NET_FW_PROFILE_TYPE2(StrToInt(PopString)); + Action := NET_FW_ACTION(StrToInt(PopString)); + ApplicationName := PopString; + IcmpTypesAndCodes := PopString; + Group := PopString; + LocalPorts := PopString; + RemotePorts := PopString; + LocalAddress := PopString; + RemoteAddress := PopString; + + FirewallResult := ResultToStr(FirewallControl.AdvAddRule(Name, + Description, + Protocol, + Direction, + Enabled, + Profile, + Action, + ApplicationName, + IcmpTypesAndCodes, + Group, + LocalPorts, + RemotePorts, + LocalAddress, + RemoteAddress) = 0); + PushString(FirewallResult); +end; + +procedure AdvRemoveRule(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Name: String; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Name := PopString; + + FirewallResult := ResultToStr(FirewallControl.AdvRemoveRule(Name) = 0); + PushString(FirewallResult); +end; + +procedure AdvExistsRule(const hwndParent: HWND; const string_size: integer; + const variables: PChar; const stacktop: pointer); cdecl; +var + Name: String; + Exists: Boolean; + FirewallResult: String; +begin + Init(hwndParent, string_size, variables, stacktop); + + Name := PopString; + + FirewallResult := ResultToStr(FirewallControl.AdvExistsRule(Name, Exists) = 0); + PushString(BoolToStr(Exists)); + PushString(FirewallResult); +end; + +exports AddPort; +exports RemovePort; +exports AddApplication; +exports RemoveApplication; +exports IsPortAdded; +exports IsApplicationAdded; +exports IsPortEnabled; +exports IsApplicationEnabled; +exports EnableDisablePort; +exports EnableDisableApplication; +exports IsFirewallEnabled; +exports EnableDisableFirewall; +exports AllowDisallowExceptionsNotAllowed; +exports AreExceptionsNotAllowed; +exports EnableDisableNotifications; +exports AreNotificationsEnabled; +exports StartStopFirewallService; +exports IsFirewallServiceRunning; +exports RestoreDefaults; +exports AllowDisallowIcmpOutboundDestinationUnreachable; +exports AllowDisallowIcmpRedirect; +exports AllowDisallowIcmpInboundEchoRequest; +exports AllowDisallowIcmpOutboundTimeExceeded; +exports AllowDisallowIcmpOutboundParameterProblem; +exports AllowDisallowIcmpOutboundSourceQuench; +exports AllowDisallowIcmpInboundRouterRequest; +exports AllowDisallowIcmpInboundTimestampRequest; +exports AllowDisallowIcmpInboundMaskRequest; +exports AllowDisallowIcmpOutboundPacketTooBig; +exports IsIcmpTypeAllowed; +exports AdvAddRule; +exports AdvRemoveRule; +exports AdvExistsRule; + +end. diff -Nru stunnel4-5.49/tools/stunnel.conf stunnel4-5.50/tools/stunnel.conf --- stunnel4-5.49/tools/stunnel.conf 2018-04-06 14:25:10.000000000 +0000 +++ stunnel4-5.50/tools/stunnel.conf 2018-12-02 22:47:18.000000000 +0000 @@ -108,6 +108,9 @@ ;connect = 143 ;cert = stunnel.pem +; Either only expose this service to trusted networks, or require +; authentication when relaying emails originated from loopback. +; Otherwise the following configuration creates an open relay. ;[ssmtp] ;accept = 465 ;connect = 25 @@ -129,7 +132,6 @@ ;accept = 1337 ;exec = c:\windows\system32\cmd.exe ;execArgs = cmd.exe -;ciphers = PSK ;PSKsecrets = secrets.txt ; vim:ft=dosini diff -Nru stunnel4-5.49/tools/stunnel.conf-sample.in stunnel4-5.50/tools/stunnel.conf-sample.in --- stunnel4-5.49/tools/stunnel.conf-sample.in 2018-04-06 14:25:10.000000000 +0000 +++ stunnel4-5.50/tools/stunnel.conf-sample.in 2018-12-02 22:47:18.000000000 +0000 @@ -108,6 +108,9 @@ ;connect = 143 ;cert = @sysconfdir@/stunnel/stunnel.pem +; Either only expose this service to trusted networks, or require +; authentication when relaying emails originated from loopback. +; Otherwise the following configuration creates an open relay. ;[ssmtp] ;accept = 465 ;connect = 25 @@ -129,7 +132,6 @@ ;accept = 1337 ;exec = /bin/sh ;execArgs = sh -i -;ciphers = PSK ;PSKsecrets = @sysconfdir@/stunnel/secrets.txt ; Non-standard MySQL-over-TLS encapsulation connecting the Unix socket diff -Nru stunnel4-5.49/tools/stunnel.nsi stunnel4-5.50/tools/stunnel.nsi --- stunnel4-5.49/tools/stunnel.nsi 2018-08-09 05:43:52.000000000 +0000 +++ stunnel4-5.50/tools/stunnel.nsi 2018-10-09 14:37:38.000000000 +0000 @@ -30,18 +30,17 @@ !include "MUI2.nsh" # define SF_SELECTED !include "Sections.nsh" -# additional plugins -!addplugindir "plugins/SimpleFC" -!addplugindir "plugins/ShellLink/Plugins" !define /ifndef ROOT_DIR \devel !define /ifndef STUNNEL_DIR ${ROOT_DIR}\src\stunnel -!define /ifndef STUNNEL_BIN_DIR ${STUNNEL_DIR}\bin\${ARCH} !define /ifndef STUNNEL_TOOLS_DIR ${STUNNEL_DIR}\tools -!define /ifndef STUNNEL_DOC_DIR ${STUNNEL_DIR}\doc !define /ifndef STUNNEL_SRC_DIR ${STUNNEL_DIR}\src +!define /ifndef DEST_DIR ${STUNNEL_DIR} +!define /ifndef STUNNEL_BIN_DIR ${DEST_DIR}\bin\${ARCH} +!define /ifndef STUNNEL_DOC_DIR ${DEST_DIR}\doc + !define /ifndef BIN_DIR ${ROOT_DIR}\${ARCH} !define /ifndef OPENSSL_DIR ${BIN_DIR}\openssl !define /ifndef OPENSSL_BIN_DIR ${OPENSSL_DIR}\bin @@ -53,9 +52,13 @@ !define /ifndef ZLIB_DIR ${BIN_DIR}\zlib !define /ifndef REDIST_DIR ${BIN_DIR}\redist +# additional plugins +!addplugindir "${STUNNEL_TOOLS_DIR}/plugins/SimpleFC" +!addplugindir "${STUNNEL_TOOLS_DIR}/plugins/ShellLink/Plugins" + !define MUI_ICON ${STUNNEL_SRC_DIR}\stunnel.ico -!insertmacro MUI_PAGE_LICENSE "stunnel.license" +!insertmacro MUI_PAGE_LICENSE "${STUNNEL_TOOLS_DIR}\stunnel.license" !insertmacro MULTIUSER_PAGE_INSTALLMODE !insertmacro MUI_PAGE_COMPONENTS !insertmacro MUI_PAGE_DIRECTORY @@ -321,6 +324,7 @@ File "${STUNNEL_TOOLS_DIR}\ca-certs.pem" # write new executables/libraries files + # we assume Visual C++ 2008 for win32, and MinGW for win64 SetOutPath "$INSTDIR\bin" File "${STUNNEL_BIN_DIR}\stunnel.exe" !if ${ARCH} == win32 @@ -328,20 +332,20 @@ File "${OPENSSL_BIN_DIR}\ssleay32.dll" File "${REDIST_DIR}\msvcr90.dll" File "${REDIST_DIR}\Microsoft.VC90.CRT.Manifest" - # MINGW builds requires libssp-0.dll instead of msvcr90.dll !else File "${OPENSSL_BIN_DIR}\libcrypto-1_1-x64.dll" File "${OPENSSL_BIN_DIR}\libssl-1_1-x64.dll" - SetOutPath "$INSTDIR" - ReadRegStr $0 HKLM "SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" "Installed" - ${If} $0 == 1 - DetailPrint "VC 2017 Redistributable already installed" - ${Else} - DetailPrint "Installing VC 2017 Redistributable" - File "${REDIST_DIR}\VC_redist.x64.exe" - ExecWait '"$INSTDIR\VC_redist.x64.exe" /quiet' - Delete "$INSTDIR\VC_redist.x64.exe" - ${EndIf} + # TODO: add libssp-0.dll when -fstack-protector is fixed + #SetOutPath "$INSTDIR" + #ReadRegStr $0 HKLM "SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" "Installed" + #${If} $0 == 1 + # DetailPrint "VC 2017 Redistributable already installed" + #${Else} + # DetailPrint "Installing VC 2017 Redistributable" + # File "${REDIST_DIR}\VC_redist.x64.exe" + # ExecWait '"$INSTDIR\VC_redist.x64.exe" /quiet' + # Delete "$INSTDIR\VC_redist.x64.exe" + #${EndIf} !endif # write new engine libraries @@ -487,6 +491,7 @@ SectionGroupEnd +/* Section /o "Debugging Symbols" sectionDEBUG SetOutPath "$INSTDIR\bin" @@ -522,6 +527,7 @@ File "${OPENSSL_ENGINES_DIR}\pkcs11.pdb" SetOutPath "$INSTDIR" SectionEnd +*/ Section !insertmacro RestartStunnel @@ -559,8 +565,10 @@ "Installs the Start Menu shortcuts for managing stunnel." LangString DESC_sectionDESKTOP ${LANG_ENGLISH} \ "Installs the Desktop shortcut for stunnel." +/* LangString DESC_sectionDEBUG ${LANG_ENGLISH} \ "Installs the .PDB (program database) files for the executables and libraries." +*/ LangString DESC_groupTOOLS ${LANG_ENGLISH} \ "Installs optional (but useful) tools." LangString DESC_groupSHORTCUTS ${LANG_ENGLISH} \ @@ -572,7 +580,9 @@ !insertmacro MUI_DESCRIPTION_TEXT ${sectionTSTUNNEL} $(DESC_sectionTSTUNNEL) !insertmacro MUI_DESCRIPTION_TEXT ${sectionMENU} $(DESC_sectionMENU) !insertmacro MUI_DESCRIPTION_TEXT ${sectionDESKTOP} $(DESC_sectionDESKTOP) +/* !insertmacro MUI_DESCRIPTION_TEXT ${sectionDEBUG} $(DESC_sectionDEBUG) +*/ !insertmacro MUI_DESCRIPTION_TEXT ${groupTOOLS} $(DESC_groupTOOLS) !insertmacro MUI_DESCRIPTION_TEXT ${groupSHORTCUTS} $(DESC_groupSHORTCUTS) !insertmacro MUI_FUNCTION_DESCRIPTION_END diff -Nru stunnel4-5.49/tools/stunnel.service.in stunnel4-5.50/tools/stunnel.service.in --- stunnel4-5.49/tools/stunnel.service.in 2016-12-13 11:28:35.000000000 +0000 +++ stunnel4-5.50/tools/stunnel.service.in 2018-10-09 14:37:38.000000000 +0000 @@ -1,6 +1,6 @@ [Unit] Description=TLS tunnel for network daemons -After=syslog.target +After=syslog.target network.target [Service] ExecStart=@bindir@/stunnel diff -Nru stunnel4-5.49/tools/stunnel.spec stunnel4-5.50/tools/stunnel.spec --- stunnel4-5.49/tools/stunnel.spec 2018-08-09 05:43:52.000000000 +0000 +++ stunnel4-5.50/tools/stunnel.spec 2018-10-09 14:37:38.000000000 +0000 @@ -1,5 +1,5 @@ Name: stunnel -Version: 5.49 +Version: 5.50 Release: 1%{?dist} Summary: An TLS-encrypting socket wrapper Group: Applications/Internet