From 95f000738bc8f04559b0f3d8ba98ae369a9c640c Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Sun, 3 Jun 2012 12:40:09 -0400
Subject: [PATCH 01/60] ElasticSearch log writer implementation test 1 - writes
 out JSON to file instead of sending it over HTTP for now.

---
 src/logging/Manager.cc               |   9 +
 src/logging/writers/ElasticSearch.cc | 242 +++++++++++++++++++++++++++
 src/logging/writers/ElasticSearch.h  |  67 ++++++++
 3 files changed, 318 insertions(+)
 create mode 100644 src/logging/writers/ElasticSearch.cc
 create mode 100644 src/logging/writers/ElasticSearch.h

diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc
index baf832e6a9..d338ac97f8 100644
--- a/src/logging/Manager.cc
+++ b/src/logging/Manager.cc
@@ -17,6 +17,10 @@
 #include "writers/Ascii.h"
 #include "writers/None.h"
 
+#ifdef USE_ELASTICSEARCH
+#include "writers/ElasticSearch.h"
+#endif
+
 #ifdef USE_DATASERIES
 #include "writers/DataSeries.h"
 #endif
@@ -35,6 +39,11 @@ struct WriterDefinition {
 WriterDefinition log_writers[] = {
 	{ BifEnum::Log::WRITER_NONE,  "None", 0, writer::None::Instantiate },
 	{ BifEnum::Log::WRITER_ASCII, "Ascii", 0, writer::Ascii::Instantiate },
+
+#ifdef USE_ELASTICSEARCH
+	{ BifEnum::Log::WRITER_ASCII, "ElasticSearch", 0, writer::ElasticSearch::Instantiate },
+#endif
+
 #ifdef USE_DATASERIES
 	{ BifEnum::Log::WRITER_DATASERIES, "DataSeries", 0, writer::DataSeries::Instantiate },
 #endif
diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
new file mode 100644
index 0000000000..eb83f26542
--- /dev/null
+++ b/src/logging/writers/ElasticSearch.cc
@@ -0,0 +1,242 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include "config.h"
+
+#ifdef USE_ELASTICSEARCH
+
+#include <string>
+#include <errno.h>
+
+#include "util.h"
+
+#include "NetVar.h"
+#include "threading/SerialTypes.h"
+
+#include "ElasticSearch.h"
+
+using namespace logging;
+using namespace writer;
+using threading::Value;
+using threading::Field;
+
+#define MAX_EVENT_SIZE 1024
+
+ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend)
+	{
+	cluster_name_len = BifConst::LogElasticSearch::cluster_name->Len();
+	cluster_name = new char[cluster_name_len];
+	memcpy(cluster_name, BifConst::LogElasticSearch::cluster_name->Bytes(), cluster_name_len);
+
+	server_host_len = BifConst::LogElasticSearch::server_host->Len();
+	server_host = new char[server_host_len];
+	memcpy(server_host, BifConst::LogElasticSearch::server_host->Bytes(), server_host_len);
+
+	index_name_len = BifConst::LogElasticSearch::index_name->Len();
+	index_name = new char[index_name_len];
+	memcpy(index_name, BifConst::LogElasticSearch::index_name->Bytes(), index_name_len);
+
+	type_prefix_len = BifConst::LogElasticSearch::type_prefix->Len();
+	type_prefix = new char[type_prefix_len];
+	memcpy(type_prefix, BifConst::LogElasticSearch::type_prefix->Bytes(), type_prefix_len);
+
+	server_port = BifConst::LogElasticSearch::server_port;
+	batch_size = BifConst::LogElasticSearch::batch_size;
+
+	buffer = safe_malloc(MAX_EVENT_SIZE * batch_size);
+	current_offset = 0;
+	buffer[current_offset] = "\0";
+	counter = 0;
+	}
+
+ElasticSearch::~ElasticSearch()
+	{
+	delete [] cluster_name;
+	delete [] server_host;
+	delete [] index_name;
+	delete [] type_prefix;
+	delete [] buffer;
+	}
+
+bool ElasticSearch::DoInit(string path, int num_fields, const Field* const * fields)
+	{
+	  //TODO: Determine what, if anything, needs to be done here.
+	return true;
+	}
+
+bool ElasticSearch::DoFlush()
+	{
+	  //TODO: Send flush command to ElasticSearch
+	return true;
+	}
+
+bool ElasticSearch::DoFinish()
+	{
+	return WriterBackend::DoFinish();
+	}
+
+char* ElasticSearch::FormatField(const char* field_name, const char* field_value)
+{
+  char* result = new char[MAX_EVENT_SIZE];
+  strcpy(result, "\"");
+  strcpy(result, field_name);
+  strcpy(result, "\":\"");
+  strcpy(result, field_value);
+  strcpy(result, "\"");
+  return result;
+  
+}
+
+bool ElasticSearch::BatchIndex()
+{
+  file = fopen("/tmp/batch.test", 'w');
+  fwrite(buffer, current_offset, 1, file);
+  fclose(file);
+  file = 0;
+}
+
+char* ElasticSearch::AddFieldToBuffer(Value* val, const Field* field)
+	{
+    	if ( ! val->present )
+		{
+		  return "";
+		}
+
+	switch ( val->type ) {
+
+	case TYPE_BOOL:
+		return FormatField(field->name, val->val.int_val ? "T" : "F");
+
+	case TYPE_INT:
+		return FormatField(field->name, val->val.int_val);
+
+	case TYPE_COUNT:
+	case TYPE_COUNTER:
+		return FormatField(field->name, val->val.uint_val);
+
+	case TYPE_PORT:
+		return FormatField(field->name, val->val.port_val.port);
+
+	case TYPE_SUBNET:
+	        return FormatField(field->name, Render(val->val.subnet_val));
+
+	case TYPE_ADDR:
+	        return FormatField(field->name, Render(val->val.addr_val));
+
+	case TYPE_INTERVAL:
+	case TYPE_TIME:	
+	case TYPE_DOUBLE:
+		return FormatField(field->name, val->val.double_val);
+
+	case TYPE_ENUM:
+	case TYPE_STRING:
+	case TYPE_FILE:
+	case TYPE_FUNC:
+		{
+		int size = val->val.string_val->size();
+		const char* data = val->val.string_val->data();
+
+		if ( ! size )
+			  return "";
+		return FormatField(field->name, val->val.string_val->data());
+		}
+
+	case TYPE_TABLE:
+		{
+		if ( ! val->val.set_val.size )
+		  return "";
+		
+		char* tmp = new char[MAX_EVENT_SIZE];
+		strcpy(tmp, "{");
+		for ( int j = 0; j < val->val.set_val.size; j++ )
+			{
+			  char* result = AddFieldToBuffer(val->val.set_val.vals[j], field);
+			  bool resultSeen = false;
+			  if ( result ){
+			    if ( resultSeen )
+			      strcpy(tmp, ",");
+			    strcpy(tmp, result);
+			  }
+			}
+		return FormatField(field->name, tmp);
+		}
+
+	case TYPE_VECTOR:
+		{
+		if ( ! val->val.vector_val.size )
+		  return "";
+		
+		char* tmp = new char[MAX_EVENT_SIZE];
+		strcpy(tmp, "{");
+		for ( int j = 0; j < val->val.vector_val.size; j++ )
+			{
+			  char* result = AddFieldToBuffer(val->val.vector_val.vals[j], field);
+			  bool resultSeen = false;
+			  if ( result ){
+			    if ( resultSeen )
+			      strcpy(tmp, ",");
+			    strcpy(tmp, result);
+			  }
+			}
+		return FormatField(field->name, tmp);
+		}
+
+	default:
+	  return "";
+	}
+
+	}
+
+bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields,
+			     Value** vals)
+	{
+	  // Our action line looks like:
+	  //   {"index":"$index_name","type":"$type_prefix$path"}\n{
+	  
+	  bool resultSeen = false;
+
+	  for ( int i = 0; i < num_fields; i++ )
+		{
+		char* result = DoWriteOne(vals[i], fields[i]);
+		if ( result ) {
+		  if ( ! resultSeen ) {
+		    strcpy(buffer[current_offset], "{\"index\":\"");
+		    strcat(buffer[current_offset], index_name);
+		    strcat(buffer[current_offset], "\",\"type\":\"");
+		    strcat(buffer[current_offset], type_prefix);
+		    strcat(buffer[current_offset], Path());
+		    strcat(buffer[current_offset], "\"}\n{");
+		    current_offset = strlen(buffer);
+		    resultSeen = true;
+		  }
+		  else {
+		    strcat(buffer[current_offset], ",");
+		    current_offset += 1;
+		  }
+		  strcat(buffer[current_offset], result);
+		  current_offset += strlen(result);
+		}
+	      }
+
+	  if ( resultSeen ) {
+	    strcat(buffer[current_offset], "}\n");
+	    current_offset += 2;
+	    counter += 1;
+	    if ( counter >= batch_size )
+	      BatchIndex();
+	  }
+	return true;
+	}
+
+bool ElasticSearch::DoRotate(string rotated_path, double open, double close, bool terminating)
+	{
+	  //TODO: Determine what, if anything, needs to be done here.
+	return true;
+	}
+
+bool ElasticSearch::DoSetBuf(bool enabled)
+	{
+	// Nothing to do.
+	return true;
+	}
+
+#endif
diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h
new file mode 100644
index 0000000000..870290a6e0
--- /dev/null
+++ b/src/logging/writers/ElasticSearch.h
@@ -0,0 +1,67 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+//
+// Log writer for writing to an ElasticSearch database
+
+#ifndef LOGGING_WRITER_ELASTICSEARCH_H
+#define LOGGING_WRITER_ELASTICSEARCH_H
+
+#include "../WriterBackend.h"
+
+namespace logging { namespace writer {
+
+class ElasticSearch : public WriterBackend {
+public:
+	ElasticSearch(WriterFrontend* frontend);
+	~ElasticSearch();
+
+	static WriterBackend* Instantiate(WriterFrontend* frontend)
+		{ return new ElasticSearch(frontend); }
+	static string LogExt();
+
+protected:
+	// Overidden from WriterBackend.
+
+	virtual bool DoInit(string path, int num_fields,
+			    const threading::Field* const * fields);
+
+	virtual bool DoWrite(int num_fields, const threading::Field* const* fields,
+			     threading::Value** vals);
+	virtual bool DoSetBuf(bool enabled);
+	virtual bool DoRotate(string rotated_path, double open,
+			      double close, bool terminating);
+	virtual bool DoFlush();
+	virtual bool DoFinish();
+
+private:
+	char* AddFieldToBuffer(threading::Value* val, const threading::Field* field);
+	char* FormatField(const char* field_name, const char* field_value);
+	bool BatchIndex();
+	
+	char* buffer;
+	int current_offset;
+	int counter;
+
+	// From scripts
+	char* cluster_name;
+	int cluster_name_len;
+
+	char* server_host;
+	int server_host_len;
+
+	uint64 server_port;
+
+	char* index_name;
+	int index_name_len;
+
+	char* type_prefix;
+	int type_prefix_len;
+	
+	uint64 batch_size;
+
+};
+
+}
+}
+
+
+#endif

From 7bee0b0d8e91d1b8c09934c671ebb7cd9607cdca Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Sun, 3 Jun 2012 22:07:20 -0400
Subject: [PATCH 02/60] Added sending messages to ElasticSearch over HTTP.

---
 CMakeLists.txt                                |  10 +
 config.h.in                                   |   3 +
 configure                                     |   5 +
 scripts/base/frameworks/logging/__load__.bro  |   1 +
 .../logging/writers/elasticsearch.bro         |  25 ++
 src/CMakeLists.txt                            |   1 +
 src/logging.bif                               |  11 +
 src/logging/Manager.cc                        |   6 +-
 src/logging/writers/ElasticSearch.cc          | 317 +++++++++++-------
 src/logging/writers/ElasticSearch.h           |  13 +-
 src/types.bif                                 |   1 +
 11 files changed, 266 insertions(+), 127 deletions(-)
 create mode 100644 scripts/base/frameworks/logging/writers/elasticsearch.bro

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 28b702ab01..404cdfeeb5 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -122,6 +122,14 @@ if (LINTEL_FOUND AND DATASERIES_FOUND AND LIBXML2_FOUND)
 	list(APPEND OPTLIBS ${LibXML2_LIBRARIES})
 endif()
 
+set(USE_LIBCURL false)
+find_package(CURL)
+if (CURL_FOUND)
+  set(USE_LIBCURL true)
+  include_directories(BEFORE ${CURL_INCLUDE_DIR})
+  list(APPEND OPTLIBS ${CURL_LIBRARIES})
+endif()
+
 if (ENABLE_PERFTOOLS_DEBUG)
     # Just a no op to prevent CMake from complaining about manually-specified
     # ENABLE_PERFTOOLS_DEBUG not being used if google perftools weren't found
@@ -209,11 +217,13 @@ message(
     "\nBroccoli:          ${INSTALL_BROCCOLI}"
     "\nBroctl:            ${INSTALL_BROCTL}"
     "\nAux. Tools:        ${INSTALL_AUX_TOOLS}"
+    "\nElasticSearch:     ${INSTALL_ELASTICSEARCH}"
     "\n"
     "\nGeoIP:             ${USE_GEOIP}"
     "\nGoogle perftools:  ${USE_PERFTOOLS}"
     "\n       debugging:  ${USE_PERFTOOLS_DEBUG}"
     "\nDataSeries:        ${USE_DATASERIES}"
+    "\nlibCURL:           ${USE_LIBCURL}"
     "\n"
     "\n================================================================\n"
 )
diff --git a/config.h.in b/config.h.in
index c2cb3ec1dc..66121cefbf 100644
--- a/config.h.in
+++ b/config.h.in
@@ -117,6 +117,9 @@
 /* Use the DataSeries writer. */
 #cmakedefine USE_DATASERIES
 
+/* Build the ElasticSearch writer. */
+#cmakedefine INSTALL_ELASTICSEARCH
+
 /* Version number of package */
 #define VERSION "@VERSION@"
 
diff --git a/configure b/configure
index 3258d4abfc..7ea5613a6d 100755
--- a/configure
+++ b/configure
@@ -35,6 +35,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
     --disable-auxtools     don't build or install auxiliary tools
     --disable-python       don't try to build python bindings for broccoli
     --disable-ruby         don't try to build ruby bindings for broccoli
+    --enable-elasticsearch build the elasticsearch writer
 
   Required Packages in Non-Standard Locations:
     --with-openssl=PATH    path to OpenSSL install root
@@ -98,6 +99,7 @@ append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $prefix/share/bro
 append_cache_entry BRO_ETC_INSTALL_DIR  PATH   $prefix/etc
 append_cache_entry ENABLE_DEBUG         BOOL   false
 append_cache_entry ENABLE_PERFTOOLS_DEBUG BOOL false
+append_cache_entry INSTALL_ELASTICSEARCH BOOL false
 append_cache_entry BinPAC_SKIP_INSTALL  BOOL   true
 append_cache_entry BUILD_SHARED_LIBS    BOOL   true
 append_cache_entry INSTALL_AUX_TOOLS    BOOL   true
@@ -156,6 +158,9 @@ while [ $# -ne 0 ]; do
         --disable-auxtools)
             append_cache_entry INSTALL_AUX_TOOLS    BOOL   false
             ;;
+	--enable-elasticsearch)
+	    append_cache_entry INSTALL_ELASTICSEARCH BOOL true
+	    ;;
         --disable-python)
             append_cache_entry DISABLE_PYTHON_BINDINGS     BOOL   true
             ;;
diff --git a/scripts/base/frameworks/logging/__load__.bro b/scripts/base/frameworks/logging/__load__.bro
index 17e03e2ef7..7dafc45397 100644
--- a/scripts/base/frameworks/logging/__load__.bro
+++ b/scripts/base/frameworks/logging/__load__.bro
@@ -2,3 +2,4 @@
 @load ./postprocessors
 @load ./writers/ascii
 @load ./writers/dataseries
+@load ./writers/elasticsearch
\ No newline at end of file
diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro
new file mode 100644
index 0000000000..82dbcc43d4
--- /dev/null
+++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro
@@ -0,0 +1,25 @@
+module LogElasticSearch;
+
+export {
+        ## Name of the ES cluster
+	const cluster_name = "elasticsearch" &redef;
+
+	## ES Server
+	const server_host = "127.0.0.1" &redef;
+
+	## ES Port
+	const server_port = 9200 &redef;
+
+	## Name of the ES index
+	const index_name = "bro-logs" &redef;
+
+	## The ES type prefix comes before the name of the related log.
+	## e.g. prefix = "bro_" would create types of bro_dns, bro_software, etc.
+	const type_prefix = "" &redef;
+
+	## The batch size is the number of messages that will be queued up before 
+	## they are sent to be bulk indexed.
+	## Note: this is mainly a memory usage parameter.
+	const batch_size = 10000 &redef;
+}
+
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 6a68d1e7c5..fbbb01fd22 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -419,6 +419,7 @@ set(bro_SRCS
     logging/WriterFrontend.cc
     logging/writers/Ascii.cc
     logging/writers/DataSeries.cc
+    logging/writers/ElasticSearch.cc
     logging/writers/None.cc
 
     input/Manager.cc
diff --git a/src/logging.bif b/src/logging.bif
index efc6ed0b4b..308ea78b7a 100644
--- a/src/logging.bif
+++ b/src/logging.bif
@@ -81,3 +81,14 @@ const extent_size: count;
 const dump_schema: bool;
 const use_integer_for_time: bool;
 const num_threads: count;
+
+# Options for the ElasticSearch writer.
+
+module LogElasticSearch;
+
+const cluster_name: string;
+const server_host: string;
+const server_port: count;
+const index_name: string;
+const type_prefix: string;
+const batch_size: count;
diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc
index d338ac97f8..ddfed0f70f 100644
--- a/src/logging/Manager.cc
+++ b/src/logging/Manager.cc
@@ -17,7 +17,7 @@
 #include "writers/Ascii.h"
 #include "writers/None.h"
 
-#ifdef USE_ELASTICSEARCH
+#ifdef INSTALL_ELASTICSEARCH
 #include "writers/ElasticSearch.h"
 #endif
 
@@ -40,8 +40,8 @@ WriterDefinition log_writers[] = {
 	{ BifEnum::Log::WRITER_NONE,  "None", 0, writer::None::Instantiate },
 	{ BifEnum::Log::WRITER_ASCII, "Ascii", 0, writer::Ascii::Instantiate },
 
-#ifdef USE_ELASTICSEARCH
-	{ BifEnum::Log::WRITER_ASCII, "ElasticSearch", 0, writer::ElasticSearch::Instantiate },
+#ifdef INSTALL_ELASTICSEARCH
+	{ BifEnum::Log::WRITER_ELASTICSEARCH, "ElasticSearch", 0, writer::ElasticSearch::Instantiate },
 #endif
 
 #ifdef USE_DATASERIES
diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index eb83f26542..61f3734f87 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -2,7 +2,7 @@
 
 #include "config.h"
 
-#ifdef USE_ELASTICSEARCH
+#ifdef INSTALL_ELASTICSEARCH
 
 #include <string>
 #include <errno.h>
@@ -12,6 +12,9 @@
 #include "NetVar.h"
 #include "threading/SerialTypes.h"
 
+#include <curl/curl.h>
+#include <curl/easy.h>
+
 #include "ElasticSearch.h"
 
 using namespace logging;
@@ -24,28 +27,35 @@ using threading::Field;
 ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend)
 	{
 	cluster_name_len = BifConst::LogElasticSearch::cluster_name->Len();
-	cluster_name = new char[cluster_name_len];
+	cluster_name = new char[cluster_name_len + 1];
 	memcpy(cluster_name, BifConst::LogElasticSearch::cluster_name->Bytes(), cluster_name_len);
+	cluster_name[cluster_name_len] = 0;
 
 	server_host_len = BifConst::LogElasticSearch::server_host->Len();
-	server_host = new char[server_host_len];
+	server_host = new char[server_host_len + 1];
 	memcpy(server_host, BifConst::LogElasticSearch::server_host->Bytes(), server_host_len);
+	server_host[server_host_len] = 0;
 
 	index_name_len = BifConst::LogElasticSearch::index_name->Len();
-	index_name = new char[index_name_len];
+	index_name = new char[index_name_len + 1];
 	memcpy(index_name, BifConst::LogElasticSearch::index_name->Bytes(), index_name_len);
+	index_name[index_name_len] = 0;
 
 	type_prefix_len = BifConst::LogElasticSearch::type_prefix->Len();
-	type_prefix = new char[type_prefix_len];
+	type_prefix = new char[type_prefix_len + 1];
 	memcpy(type_prefix, BifConst::LogElasticSearch::type_prefix->Bytes(), type_prefix_len);
+	type_prefix[type_prefix_len] = 0;
 
 	server_port = BifConst::LogElasticSearch::server_port;
 	batch_size = BifConst::LogElasticSearch::batch_size;
 
-	buffer = safe_malloc(MAX_EVENT_SIZE * batch_size);
+	buffer = (char *)safe_malloc(MAX_EVENT_SIZE * batch_size);
 	current_offset = 0;
-	buffer[current_offset] = "\0";
+	buffer[current_offset] = 0;
 	counter = 0;
+
+	curl_handle = HTTPSetup();
+	curl_result = new char[1024];
 	}
 
 ElasticSearch::~ElasticSearch()
@@ -74,115 +84,129 @@ bool ElasticSearch::DoFinish()
 	return WriterBackend::DoFinish();
 	}
 
-char* ElasticSearch::FormatField(const char* field_name, const char* field_value)
-{
-  char* result = new char[MAX_EVENT_SIZE];
-  strcpy(result, "\"");
-  strcpy(result, field_name);
-  strcpy(result, "\":\"");
-  strcpy(result, field_value);
-  strcpy(result, "\"");
-  return result;
-  
-}
-
 bool ElasticSearch::BatchIndex()
 {
-  file = fopen("/tmp/batch.test", 'w');
-  fwrite(buffer, current_offset, 1, file);
-  fclose(file);
-  file = 0;
+  return HTTPSend();
+}
+
+char* ElasticSearch::FieldToString(Value* val, const Field* field)
+{
+  char* result = new char[MAX_EVENT_SIZE];
+
+  switch ( val->type ) {
+
+    // ElasticSearch defines bools as: 0 == false, everything else == true. So we treat it as an int.
+  case TYPE_BOOL:
+  case TYPE_INT:
+    sprintf(result, "%d", (int) val->val.int_val); return result;
+
+  case TYPE_COUNT:
+  case TYPE_COUNTER:
+    sprintf(result, "%d", (int) val->val.uint_val); return result;
+    
+  case TYPE_PORT:
+    sprintf(result, "%d", (int) val->val.port_val.port); return result;
+
+  case TYPE_SUBNET:
+    sprintf(result, "\"%s\"", Render(val->val.subnet_val).c_str()); return result;
+    
+  case TYPE_ADDR:
+    sprintf(result, "\"%s\"", Render(val->val.addr_val).c_str()); return result;
+
+  case TYPE_INTERVAL:
+  case TYPE_TIME:	
+    sprintf(result, "\"%d\"", (int) (val->val.double_val * 1000)); return result;
+  case TYPE_DOUBLE:
+    sprintf(result, "\"%s\"", Render(val->val.double_val).c_str()); return result;
+
+  case TYPE_ENUM:
+  case TYPE_STRING:
+  case TYPE_FILE:
+  case TYPE_FUNC:
+    {
+      int size = val->val.string_val->size();
+      const char* data = val->val.string_val->data();
+      
+      if ( ! size )
+	return 0;
+      sprintf(result, "\"%s\"", data); return result;
+    }
+
+  case TYPE_TABLE:
+    {
+      char* tmp = new char[MAX_EVENT_SIZE];
+      int tmp_offset = 0;
+      strcpy(tmp, "{");
+      tmp_offset = 1;
+      bool result_seen = false;
+      for ( int j = 0; j < val->val.set_val.size; j++ )
+	{
+	  char* sub_field = FieldToString(val->val.set_val.vals[j], field);
+	  if ( sub_field ){
+	    
+	    if ( result_seen ){
+	      strcpy(tmp + tmp_offset, ",");
+	      tmp_offset += 1;
+	    }
+	    else
+	      result_seen = true;
+	    
+	    sprintf(tmp + tmp_offset, "\"%s\":%s", field->name.c_str(), sub_field);
+	    tmp_offset = strlen(tmp);
+	  }
+	}
+      strcpy(tmp + tmp_offset, "}");
+      tmp_offset += 1;
+      sprintf(result, "%s", tmp); 
+      return result;
+    }
+    
+  case TYPE_VECTOR:
+    {
+      char* tmp = new char[MAX_EVENT_SIZE];
+      int tmp_offset = 0;
+      strcpy(tmp, "{");
+      tmp_offset = 1;
+      bool result_seen = false;
+      for ( int j = 0; j < val->val.vector_val.size; j++ )
+	{
+	  char* sub_field = FieldToString(val->val.vector_val.vals[j], field);
+	  if ( sub_field ){
+	    
+	    if ( result_seen ){
+	      strcpy(tmp + tmp_offset, ",");
+	      tmp_offset += 1;
+	    }
+	    else
+	      result_seen = true;
+	    
+	    sprintf(tmp + tmp_offset, "\"%s\":%s", field->name.c_str(), sub_field);
+	    tmp_offset = strlen(tmp);
+	  }
+	}
+      strcpy(tmp + tmp_offset, "}");
+      tmp_offset += 1;
+      sprintf(result, "%s", tmp); 
+      return result;
+    }
+
+  default:
+    {
+      return (char *)"{}";
+    }
+
+  }
+
 }
 
 char* ElasticSearch::AddFieldToBuffer(Value* val, const Field* field)
 	{
     	if ( ! val->present )
-		{
-		  return "";
-		}
-
-	switch ( val->type ) {
-
-	case TYPE_BOOL:
-		return FormatField(field->name, val->val.int_val ? "T" : "F");
-
-	case TYPE_INT:
-		return FormatField(field->name, val->val.int_val);
-
-	case TYPE_COUNT:
-	case TYPE_COUNTER:
-		return FormatField(field->name, val->val.uint_val);
-
-	case TYPE_PORT:
-		return FormatField(field->name, val->val.port_val.port);
-
-	case TYPE_SUBNET:
-	        return FormatField(field->name, Render(val->val.subnet_val));
-
-	case TYPE_ADDR:
-	        return FormatField(field->name, Render(val->val.addr_val));
-
-	case TYPE_INTERVAL:
-	case TYPE_TIME:	
-	case TYPE_DOUBLE:
-		return FormatField(field->name, val->val.double_val);
-
-	case TYPE_ENUM:
-	case TYPE_STRING:
-	case TYPE_FILE:
-	case TYPE_FUNC:
-		{
-		int size = val->val.string_val->size();
-		const char* data = val->val.string_val->data();
-
-		if ( ! size )
-			  return "";
-		return FormatField(field->name, val->val.string_val->data());
-		}
-
-	case TYPE_TABLE:
-		{
-		if ( ! val->val.set_val.size )
-		  return "";
-		
-		char* tmp = new char[MAX_EVENT_SIZE];
-		strcpy(tmp, "{");
-		for ( int j = 0; j < val->val.set_val.size; j++ )
-			{
-			  char* result = AddFieldToBuffer(val->val.set_val.vals[j], field);
-			  bool resultSeen = false;
-			  if ( result ){
-			    if ( resultSeen )
-			      strcpy(tmp, ",");
-			    strcpy(tmp, result);
-			  }
-			}
-		return FormatField(field->name, tmp);
-		}
-
-	case TYPE_VECTOR:
-		{
-		if ( ! val->val.vector_val.size )
-		  return "";
-		
-		char* tmp = new char[MAX_EVENT_SIZE];
-		strcpy(tmp, "{");
-		for ( int j = 0; j < val->val.vector_val.size; j++ )
-			{
-			  char* result = AddFieldToBuffer(val->val.vector_val.vals[j], field);
-			  bool resultSeen = false;
-			  if ( result ){
-			    if ( resultSeen )
-			      strcpy(tmp, ",");
-			    strcpy(tmp, result);
-			  }
-			}
-		return FormatField(field->name, tmp);
-		}
-
-	default:
-	  return "";
-	}
+	  return 0;
+	
+	char* result = new char[MAX_EVENT_SIZE];
+	sprintf(result, "\"%s\":%s", field->name.c_str(), FieldToString(val, field));
+	return result;
 
 	}
 
@@ -190,39 +214,37 @@ bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields,
 			     Value** vals)
 	{
 	  // Our action line looks like:
-	  //   {"index":"$index_name","type":"$type_prefix$path"}\n{
+	  //   {"index":{"_index":"$index_name","_type":"$type_prefix$path"}}\n{
 	  
 	  bool resultSeen = false;
 
 	  for ( int i = 0; i < num_fields; i++ )
 		{
-		char* result = DoWriteOne(vals[i], fields[i]);
+		char* result = AddFieldToBuffer(vals[i], fields[i]);
 		if ( result ) {
 		  if ( ! resultSeen ) {
-		    strcpy(buffer[current_offset], "{\"index\":\"");
-		    strcat(buffer[current_offset], index_name);
-		    strcat(buffer[current_offset], "\",\"type\":\"");
-		    strcat(buffer[current_offset], type_prefix);
-		    strcat(buffer[current_offset], Path());
-		    strcat(buffer[current_offset], "\"}\n{");
-		    current_offset = strlen(buffer);
+		    current_offset += sprintf(buffer + current_offset, "{\"index\":{\"_index\":\"%s\",\"_type\":\"%s%s\"}\n{", index_name, type_prefix, Path().c_str());
 		    resultSeen = true;
 		  }
 		  else {
-		    strcat(buffer[current_offset], ",");
+		    strcat(buffer, ",");
 		    current_offset += 1;
 		  }
-		  strcat(buffer[current_offset], result);
+		  strcat(buffer, result);
 		  current_offset += strlen(result);
 		}
 	      }
 
 	  if ( resultSeen ) {
-	    strcat(buffer[current_offset], "}\n");
+	    strcat(buffer, "}\n");
 	    current_offset += 2;
 	    counter += 1;
-	    if ( counter >= batch_size )
+	    if ( counter >= batch_size ){
 	      BatchIndex();
+	      current_offset = 0;
+	      buffer[current_offset] = 0;
+	      counter = 0;
+	    }
 	  }
 	return true;
 	}
@@ -239,4 +261,55 @@ bool ElasticSearch::DoSetBuf(bool enabled)
 	return true;
 	}
 
+// HTTP Functions start here.
+
+CURL* ElasticSearch::HTTPSetup()
+{
+  char URL[2048];
+  CURL* handle;
+  struct curl_slist *headers=NULL;
+  
+  handle = curl_easy_init();
+  if ( ! handle )
+    return handle;
+  
+  sprintf(URL, "http://%s:%d/_bulk", server_host, (int) server_port);
+  curl_easy_setopt(handle, CURLOPT_URL, URL);
+
+  headers = curl_slist_append(NULL, "Content-Type: text/json; charset=utf-8");
+  curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers);
+
+  curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, &logging::writer::ElasticSearch::HTTPReceive); // This gets called with the result.
+  curl_easy_setopt(handle, CURLOPT_POST, 1); // All requests are POSTs
+
+  // HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. The best (only?) way to disable that is to
+  // just use HTTP 1.0
+  curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
+  return handle;
+  
+}
+
+bool ElasticSearch::HTTPReceive(void* ptr, int size, int nmemb, void* userdata){
+  //TODO: Do some verification on the result?
+  return true;
+}
+
+bool ElasticSearch::HTTPSend(){
+  CURLcode return_code;
+  
+  curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, curl_result);
+  curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer);
+  curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE, current_offset);
+  
+  return_code = curl_easy_perform(curl_handle);
+  switch(return_code) {
+  case CURLE_COULDNT_CONNECT:
+  case CURLE_COULDNT_RESOLVE_HOST:
+  case CURLE_WRITE_ERROR:
+    return false;
+  default:
+    return true;
+  }
+}
+
 #endif
diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h
index 870290a6e0..ad3729f6da 100644
--- a/src/logging/writers/ElasticSearch.h
+++ b/src/logging/writers/ElasticSearch.h
@@ -5,6 +5,7 @@
 #ifndef LOGGING_WRITER_ELASTICSEARCH_H
 #define LOGGING_WRITER_ELASTICSEARCH_H
 
+#include <curl/curl.h>
 #include "../WriterBackend.h"
 
 namespace logging { namespace writer {
@@ -34,12 +35,20 @@ protected:
 
 private:
 	char* AddFieldToBuffer(threading::Value* val, const threading::Field* field);
-	char* FormatField(const char* field_name, const char* field_value);
+	char* FieldToString(threading::Value* val, const threading::Field* field);
 	bool BatchIndex();
 	
+	CURL* HTTPSetup();
+	bool HTTPReceive(void* ptr, int size, int nmemb, void* userdata);
+	bool HTTPSend();
+	
+	// Buffers, etc.
 	char* buffer;
 	int current_offset;
-	int counter;
+	uint64 counter;
+
+	CURL* curl_handle;
+	char* curl_result;
 
 	// From scripts
 	char* cluster_name;
diff --git a/src/types.bif b/src/types.bif
index 76bac3e0e2..9b387b2c52 100644
--- a/src/types.bif
+++ b/src/types.bif
@@ -163,6 +163,7 @@ enum Writer %{
 	WRITER_NONE,
 	WRITER_ASCII,
 	WRITER_DATASERIES,
+	WRITER_ELASTICSEARCH,
 %}
 
 enum ID %{

From c8e770a499b3b9457bcb9908f574c4a7b4a9ddae Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Sun, 3 Jun 2012 22:51:21 -0400
Subject: [PATCH 03/60] Some basic documentation in
 doc/logging-elasticsearch.rst

---
 doc/logging-elasticsearch.rst | 97 +++++++++++++++++++++++++++++++++++
 1 file changed, 97 insertions(+)
 create mode 100644 doc/logging-elasticsearch.rst

diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst
new file mode 100644
index 0000000000..a3fb759c85
--- /dev/null
+++ b/doc/logging-elasticsearch.rst
@@ -0,0 +1,97 @@
+
+========================================
+Indexed Logging Output with ElasticSearch
+========================================
+
+.. rst-class:: opening
+
+   Bro's default ASCII log format is not exactly the most efficient
+   way for storing and searching large volumes of data. ElasticSearch
+   is a new and exciting technology for dealing with tons of data.
+   ElasticSearch is a search engine built on top of Apache's Lucene
+   project. It scales very well, both for distributed indexing and 
+   distributed searching.
+
+.. contents::
+
+Installing ElasticSearch
+------------------------
+
+ElasticSearch requires a JRE to run. Please download the latest version
+from: <http://www.elasticsearch.org/download/>. Once extracted, start
+ElasticSearch with::
+
+# ./bin/elasticsearch
+
+Compiling Bro with ElasticSearch Support
+----------------------------------------
+
+First, ensure that you have libcurl installed. Secondly, set the 
+``--enable-elasticsearch`` option::
+
+    # ./configure --enable-elasticsearch
+    [...]
+    ====================|  Bro Build Summary  |=====================
+    [...]
+    ElasticSearch:     true
+    [...]
+    libCURL:           true
+    [...]
+    ================================================================
+
+Activating ElasticSearch
+------------------------
+
+The direct way to use ElasticSearch is to switch *all* log files over to
+ElasticSearch. To do that, just add ``redef
+Log::default_writer=Log::WRITER_ELASTICSEARCH;`` to your ``local.bro``.
+For testing, you can also just pass that on the command line::
+
+    bro -r trace.pcap Log::default_writer=Log::WRITER_ELASTICSEARCH
+
+With that, Bro will now write all its output into ElasticSearch. You can 
+inspect these using ElasticSearch's REST-ful interface. For more
+information, see: <http://www.elasticsearch.org/guide/reference/api/>.
+
+There is also a rudimentary web interface to ElasticSearch, available at:
+<http://mobz.github.com/elasticsearch-head/>.
+
+You can also switch only individual files over to ElasticSearch by adding
+code like this to your ``local.bro``::
+
+.. code:: bro
+
+    event bro_init()
+        {
+        local f = Log::get_filter(Conn::LOG, "default"); # Get default filter for connection log.
+        f$writer = Log::WRITER_ELASTICSEARCH;               # Change writer type.
+        Log::add_filter(Conn::LOG, f);                   # Replace filter with adapted version.
+        }
+
+Configuring ElasticSearch
+-------------------------
+
+Bro's ElasticSearch writer comes with a few configuraiton options::
+
+- cluster_name:: Currently unused.
+- server_host:: Where to send the data. Default localhost.
+- server_port:: What port to send the data to. Default 9200.
+- index_name:: ElasticSearch indexes are like databases in a standard DB model.
+This is the name of the index to which to send the data. Default bro-logs.
+- type_prefix:: ElasticSearch types are like tables in a standard DB model.
+This is a prefix that gets prepended to Bro log names.
+Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc.
+Default: none.
+- batch_size:: How many messages to buffer before sending to ElasticSearch.
+This is mainly a memory optimization - changing this doesn't seem to affect 
+indexing performance that much. Default: 10,000.
+
+TODO
+----
+
+Lots.
+
+- Perform multicast discovery for server.
+- Better error detection.
+- Dynamic index names.
+- Better defaults (don't index loaded-plugins, for instance).

From d09fc15b2d376da9bfab3c5b45eff0049589f217 Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Sun, 3 Jun 2012 22:54:19 -0400
Subject: [PATCH 04/60] Minor documentation formatting change

---
 doc/logging-elasticsearch.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst
index a3fb759c85..6c490a8b23 100644
--- a/doc/logging-elasticsearch.rst
+++ b/doc/logging-elasticsearch.rst
@@ -59,7 +59,7 @@ There is also a rudimentary web interface to ElasticSearch, available at:
 You can also switch only individual files over to ElasticSearch by adding
 code like this to your ``local.bro``::
 
-.. code:: bro
+.. code::bro
 
     event bro_init()
         {

From b3216906fe53e807070d6ce8587a7a01f9fea4f1 Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Sun, 3 Jun 2012 22:56:38 -0400
Subject: [PATCH 05/60] Minor documentation formatting change

---
 doc/logging-elasticsearch.rst | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst
index 6c490a8b23..7a16acb0f1 100644
--- a/doc/logging-elasticsearch.rst
+++ b/doc/logging-elasticsearch.rst
@@ -77,14 +77,14 @@ Bro's ElasticSearch writer comes with a few configuraiton options::
 - server_host:: Where to send the data. Default localhost.
 - server_port:: What port to send the data to. Default 9200.
 - index_name:: ElasticSearch indexes are like databases in a standard DB model.
-This is the name of the index to which to send the data. Default bro-logs.
+  This is the name of the index to which to send the data. Default bro-logs.
 - type_prefix:: ElasticSearch types are like tables in a standard DB model.
-This is a prefix that gets prepended to Bro log names.
-Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc.
-Default: none.
+  This is a prefix that gets prepended to Bro log names.
+  Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc.
+  Default: none.
 - batch_size:: How many messages to buffer before sending to ElasticSearch.
-This is mainly a memory optimization - changing this doesn't seem to affect 
-indexing performance that much. Default: 10,000.
+  This is mainly a memory optimization - changing this doesn't seem to affect 
+  indexing performance that much. Default: 10,000.
 
 TODO
 ----

From 360d7e2eda7e2a4b14f43021e197f6b65b28328e Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Sun, 3 Jun 2012 22:59:29 -0400
Subject: [PATCH 06/60] Minor documentation formatting change

---
 doc/logging-elasticsearch.rst | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst
index 7a16acb0f1..4229748854 100644
--- a/doc/logging-elasticsearch.rst
+++ b/doc/logging-elasticsearch.rst
@@ -73,18 +73,12 @@ Configuring ElasticSearch
 
 Bro's ElasticSearch writer comes with a few configuraiton options::
 
-- cluster_name:: Currently unused.
-- server_host:: Where to send the data. Default localhost.
-- server_port:: What port to send the data to. Default 9200.
-- index_name:: ElasticSearch indexes are like databases in a standard DB model.
-  This is the name of the index to which to send the data. Default bro-logs.
-- type_prefix:: ElasticSearch types are like tables in a standard DB model.
-  This is a prefix that gets prepended to Bro log names.
-  Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc.
-  Default: none.
-- batch_size:: How many messages to buffer before sending to ElasticSearch.
-  This is mainly a memory optimization - changing this doesn't seem to affect 
-  indexing performance that much. Default: 10,000.
+- cluster_name: Currently unused.
+- server_host:  Where to send the data. Default localhost.
+- server_port:  What port to send the data to. Default 9200.
+- index_name:   ElasticSearch indexes are like databases in a standard DB model. This is the name of the index to which to send the data. Default bro-logs.
+- type_prefix:  ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none.
+- batch_size:   How many messages to buffer before sending to ElasticSearch. This is mainly a memory optimization - changing this doesn't seem to affect indexing performance that much. Default: 10,000.
 
 TODO
 ----

From 3d8b86c00a7d5cb4a4dd52ef08e6d06d42ee88a3 Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Sun, 3 Jun 2012 23:00:10 -0400
Subject: [PATCH 07/60] Minor documentation formatting change

---
 doc/logging-elasticsearch.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst
index 4229748854..3b630c4bff 100644
--- a/doc/logging-elasticsearch.rst
+++ b/doc/logging-elasticsearch.rst
@@ -76,7 +76,8 @@ Bro's ElasticSearch writer comes with a few configuraiton options::
 - cluster_name: Currently unused.
 - server_host:  Where to send the data. Default localhost.
 - server_port:  What port to send the data to. Default 9200.
-- index_name:   ElasticSearch indexes are like databases in a standard DB model. This is the name of the index to which to send the data. Default bro-logs.
+- index_name:   ElasticSearch indexes are like databases in a standard DB model. 
+  This is the name of the index to which to send the data. Default bro-logs.
 - type_prefix:  ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none.
 - batch_size:   How many messages to buffer before sending to ElasticSearch. This is mainly a memory optimization - changing this doesn't seem to affect indexing performance that much. Default: 10,000.
 

From bf852b51f5bac6ba6b0dd14e4f6ab5fb73b68195 Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Sun, 3 Jun 2012 23:01:18 -0400
Subject: [PATCH 08/60] Minor documentation formatting change

---
 doc/logging-elasticsearch.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst
index 3b630c4bff..f891212ccd 100644
--- a/doc/logging-elasticsearch.rst
+++ b/doc/logging-elasticsearch.rst
@@ -76,8 +76,10 @@ Bro's ElasticSearch writer comes with a few configuraiton options::
 - cluster_name: Currently unused.
 - server_host:  Where to send the data. Default localhost.
 - server_port:  What port to send the data to. Default 9200.
+
 - index_name:   ElasticSearch indexes are like databases in a standard DB model. 
   This is the name of the index to which to send the data. Default bro-logs.
+
 - type_prefix:  ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none.
 - batch_size:   How many messages to buffer before sending to ElasticSearch. This is mainly a memory optimization - changing this doesn't seem to affect indexing performance that much. Default: 10,000.
 

From 5915a2d304fd4d90f799057bfeb7425ee29e95ef Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Sun, 3 Jun 2012 23:02:07 -0400
Subject: [PATCH 09/60] Minor documentation formatting change

---
 doc/logging-elasticsearch.rst | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst
index f891212ccd..b3cf062de4 100644
--- a/doc/logging-elasticsearch.rst
+++ b/doc/logging-elasticsearch.rst
@@ -71,16 +71,19 @@ code like this to your ``local.bro``::
 Configuring ElasticSearch
 -------------------------
 
-Bro's ElasticSearch writer comes with a few configuraiton options::
+Bro's ElasticSearch writer comes with a few configuration options::
 
 - cluster_name: Currently unused.
+
 - server_host:  Where to send the data. Default localhost.
+
 - server_port:  What port to send the data to. Default 9200.
 
 - index_name:   ElasticSearch indexes are like databases in a standard DB model. 
   This is the name of the index to which to send the data. Default bro-logs.
 
 - type_prefix:  ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none.
+
 - batch_size:   How many messages to buffer before sending to ElasticSearch. This is mainly a memory optimization - changing this doesn't seem to affect indexing performance that much. Default: 10,000.
 
 TODO

From 5db027e39f35c189130628bc03b0417dad951f17 Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Tue, 5 Jun 2012 17:23:50 -0400
Subject: [PATCH 10/60] Fix timestamp overflow bug.

---
 src/logging/writers/ElasticSearch.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index 61f3734f87..a073ea7e7c 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -115,7 +115,7 @@ char* ElasticSearch::FieldToString(Value* val, const Field* field)
 
   case TYPE_INTERVAL:
   case TYPE_TIME:	
-    sprintf(result, "\"%d\"", (int) (val->val.double_val * 1000)); return result;
+    sprintf(result, "\"%llu\"", (unsigned long long) (val->val.double_val * 1000)); return result;
   case TYPE_DOUBLE:
     sprintf(result, "\"%s\"", Render(val->val.double_val).c_str()); return result;
 

From a3b330dbc6ddb0502a004e37a8977d22395d8ef9 Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Tue, 5 Jun 2012 17:24:13 -0400
Subject: [PATCH 11/60] Make default index name 'bro'.

---
 doc/logging-elasticsearch.rst                             | 2 +-
 scripts/base/frameworks/logging/writers/elasticsearch.bro | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst
index b3cf062de4..4fce470d4a 100644
--- a/doc/logging-elasticsearch.rst
+++ b/doc/logging-elasticsearch.rst
@@ -80,7 +80,7 @@ Bro's ElasticSearch writer comes with a few configuration options::
 - server_port:  What port to send the data to. Default 9200.
 
 - index_name:   ElasticSearch indexes are like databases in a standard DB model. 
-  This is the name of the index to which to send the data. Default bro-logs.
+  This is the name of the index to which to send the data. Default bro.
 
 - type_prefix:  ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none.
 
diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro
index 82dbcc43d4..7f968d0042 100644
--- a/scripts/base/frameworks/logging/writers/elasticsearch.bro
+++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro
@@ -11,7 +11,7 @@ export {
 	const server_port = 9200 &redef;
 
 	## Name of the ES index
-	const index_name = "bro-logs" &redef;
+	const index_name = "bro" &redef;
 
 	## The ES type prefix comes before the name of the related log.
 	## e.g. prefix = "bro_" would create types of bro_dns, bro_software, etc.

From 894dec006909477bc9bae177fde6a739bdf73173 Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Tue, 5 Jun 2012 23:01:36 -0400
Subject: [PATCH 12/60] No quotes for times and doubles, since ES won't
 interpret them as numbers then.

---
 src/logging/writers/ElasticSearch.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index a073ea7e7c..3a7635a6a2 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -115,9 +115,9 @@ char* ElasticSearch::FieldToString(Value* val, const Field* field)
 
   case TYPE_INTERVAL:
   case TYPE_TIME:	
-    sprintf(result, "\"%llu\"", (unsigned long long) (val->val.double_val * 1000)); return result;
+    sprintf(result, "%llu", (unsigned long long) (val->val.double_val * 1000)); return result;
   case TYPE_DOUBLE:
-    sprintf(result, "\"%s\"", Render(val->val.double_val).c_str()); return result;
+    sprintf(result, "%s", Render(val->val.double_val).c_str()); return result;
 
   case TYPE_ENUM:
   case TYPE_STRING:

From 5e05e548ff0e5b640a448c29d6c64f1c378bdb10 Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Tue, 5 Jun 2012 23:20:28 -0400
Subject: [PATCH 13/60] Change time printf format to use the more compatible
 PRIu64.

---
 src/logging/writers/ElasticSearch.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index 3a7635a6a2..1817ce63ef 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -115,7 +115,7 @@ char* ElasticSearch::FieldToString(Value* val, const Field* field)
 
   case TYPE_INTERVAL:
   case TYPE_TIME:	
-    sprintf(result, "%llu", (unsigned long long) (val->val.double_val * 1000)); return result;
+    sprintf(result, "%"PRIu64"", (uint64) (val->val.double_val * 1000)); return result;
   case TYPE_DOUBLE:
     sprintf(result, "%s", Render(val->val.double_val).c_str()); return result;
 

From 22efa452796fff41e3ebf91d0e241f21bb7ae8e7 Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Fri, 15 Jun 2012 10:48:22 -0400
Subject: [PATCH 14/60] Merging in latest changes from Bro master.

---
 aux/binpac   | 2 +-
 aux/bro-aux  | 2 +-
 aux/broccoli | 2 +-
 aux/broctl   | 2 +-
 cmake        | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/aux/binpac b/aux/binpac
index 6f43a8115d..b4094cb75e 160000
--- a/aux/binpac
+++ b/aux/binpac
@@ -1 +1 @@
-Subproject commit 6f43a8115d8e6483a50957c5d21c5d69270ab3aa
+Subproject commit b4094cb75e0a7769123f7db1f5d73f3f9f1c3977
diff --git a/aux/bro-aux b/aux/bro-aux
index c6391412e9..2038e3de04 160000
--- a/aux/bro-aux
+++ b/aux/bro-aux
@@ -1 +1 @@
-Subproject commit c6391412e902e896836450ab98910309b2ca2d9b
+Subproject commit 2038e3de042115c3caa706426e16c830c1fd1e9e
diff --git a/aux/broccoli b/aux/broccoli
index 0d139c09d5..4e17842743 160000
--- a/aux/broccoli
+++ b/aux/broccoli
@@ -1 +1 @@
-Subproject commit 0d139c09d5a9c8623ecc2a5f395178f0ddcd7e16
+Subproject commit 4e17842743fef8df6abf0588c7ca86c6937a2b6d
diff --git a/aux/broctl b/aux/broctl
index 880f3e48d3..892b60edb9 160000
--- a/aux/broctl
+++ b/aux/broctl
@@ -1 +1 @@
-Subproject commit 880f3e48d33bb28d17184656f858a4a0e2e1574c
+Subproject commit 892b60edb967bb456872638f22ba994e84530137
diff --git a/cmake b/cmake
index 2a72c5e08e..96f3d92aca 160000
--- a/cmake
+++ b/cmake
@@ -1 +1 @@
-Subproject commit 2a72c5e08e018cf632033af3920432d5f684e130
+Subproject commit 96f3d92acadbe1ae64f410e974c5ff503903394b

From d3bb4617e96a8ec725e8d103b35813ff5d48f58a Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <vladg@cmu.edu>
Date: Fri, 15 Jun 2012 11:21:24 -0400
Subject: [PATCH 15/60] Configuration logic - if libcurl is found, enable
 elasticsearch plugin.

---
 CMakeLists.txt | 1 +
 configure      | 4 ----
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 404cdfeeb5..4b1cccf8dc 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -128,6 +128,7 @@ if (CURL_FOUND)
   set(USE_LIBCURL true)
   include_directories(BEFORE ${CURL_INCLUDE_DIR})
   list(APPEND OPTLIBS ${CURL_LIBRARIES})
+  set(INSTALL_ELASTICSEARCH true)
 endif()
 
 if (ENABLE_PERFTOOLS_DEBUG)
diff --git a/configure b/configure
index 7ea5613a6d..801fb1e801 100755
--- a/configure
+++ b/configure
@@ -35,7 +35,6 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
     --disable-auxtools     don't build or install auxiliary tools
     --disable-python       don't try to build python bindings for broccoli
     --disable-ruby         don't try to build ruby bindings for broccoli
-    --enable-elasticsearch build the elasticsearch writer
 
   Required Packages in Non-Standard Locations:
     --with-openssl=PATH    path to OpenSSL install root
@@ -158,9 +157,6 @@ while [ $# -ne 0 ]; do
         --disable-auxtools)
             append_cache_entry INSTALL_AUX_TOOLS    BOOL   false
             ;;
-	--enable-elasticsearch)
-	    append_cache_entry INSTALL_ELASTICSEARCH BOOL true
-	    ;;
         --disable-python)
             append_cache_entry DISABLE_PYTHON_BINDINGS     BOOL   true
             ;;

From 0bb8b69c95191b7e25296770010b201f67f9cc9c Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Fri, 15 Jun 2012 16:30:54 -0400
Subject: [PATCH 16/60] Reworked bulk operation string construction to use
 ODesc and added json escaping.

---
 src/logging/writers/ElasticSearch.cc | 410 ++++++++++++---------------
 src/logging/writers/ElasticSearch.h  |  20 +-
 2 files changed, 187 insertions(+), 243 deletions(-)

diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index 1817ce63ef..d8c4bee306 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -8,6 +8,7 @@
 #include <errno.h>
 
 #include "util.h"
+#include "BroString.h"
 
 #include "NetVar.h"
 #include "threading/SerialTypes.h"
@@ -22,38 +23,16 @@ using namespace writer;
 using threading::Value;
 using threading::Field;
 
-#define MAX_EVENT_SIZE 1024
-
 ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend)
 	{
 	cluster_name_len = BifConst::LogElasticSearch::cluster_name->Len();
 	cluster_name = new char[cluster_name_len + 1];
 	memcpy(cluster_name, BifConst::LogElasticSearch::cluster_name->Bytes(), cluster_name_len);
 	cluster_name[cluster_name_len] = 0;
-
-	server_host_len = BifConst::LogElasticSearch::server_host->Len();
-	server_host = new char[server_host_len + 1];
-	memcpy(server_host, BifConst::LogElasticSearch::server_host->Bytes(), server_host_len);
-	server_host[server_host_len] = 0;
-
-	index_name_len = BifConst::LogElasticSearch::index_name->Len();
-	index_name = new char[index_name_len + 1];
-	memcpy(index_name, BifConst::LogElasticSearch::index_name->Bytes(), index_name_len);
-	index_name[index_name_len] = 0;
-
-	type_prefix_len = BifConst::LogElasticSearch::type_prefix->Len();
-	type_prefix = new char[type_prefix_len + 1];
-	memcpy(type_prefix, BifConst::LogElasticSearch::type_prefix->Bytes(), type_prefix_len);
-	type_prefix[type_prefix_len] = 0;
-
-	server_port = BifConst::LogElasticSearch::server_port;
-	batch_size = BifConst::LogElasticSearch::batch_size;
-
-	buffer = (char *)safe_malloc(MAX_EVENT_SIZE * batch_size);
-	current_offset = 0;
-	buffer[current_offset] = 0;
+	
+	buffer.Clear();
 	counter = 0;
-
+	
 	curl_handle = HTTPSetup();
 	curl_result = new char[1024];
 	}
@@ -61,21 +40,17 @@ ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend)
 ElasticSearch::~ElasticSearch()
 	{
 	delete [] cluster_name;
-	delete [] server_host;
-	delete [] index_name;
-	delete [] type_prefix;
-	delete [] buffer;
 	}
 
 bool ElasticSearch::DoInit(string path, int num_fields, const Field* const * fields)
 	{
-	  //TODO: Determine what, if anything, needs to be done here.
+	//TODO: Determine what, if anything, needs to be done here.
 	return true;
 	}
 
 bool ElasticSearch::DoFlush()
 	{
-	  //TODO: Send flush command to ElasticSearch
+	//TODO: Send flush command to ElasticSearch
 	return true;
 	}
 
@@ -84,174 +59,155 @@ bool ElasticSearch::DoFinish()
 	return WriterBackend::DoFinish();
 	}
 
-bool ElasticSearch::BatchIndex()
-{
-  return HTTPSend();
-}
-
-char* ElasticSearch::FieldToString(Value* val, const Field* field)
-{
-  char* result = new char[MAX_EVENT_SIZE];
-
-  switch ( val->type ) {
-
-    // ElasticSearch defines bools as: 0 == false, everything else == true. So we treat it as an int.
-  case TYPE_BOOL:
-  case TYPE_INT:
-    sprintf(result, "%d", (int) val->val.int_val); return result;
-
-  case TYPE_COUNT:
-  case TYPE_COUNTER:
-    sprintf(result, "%d", (int) val->val.uint_val); return result;
-    
-  case TYPE_PORT:
-    sprintf(result, "%d", (int) val->val.port_val.port); return result;
-
-  case TYPE_SUBNET:
-    sprintf(result, "\"%s\"", Render(val->val.subnet_val).c_str()); return result;
-    
-  case TYPE_ADDR:
-    sprintf(result, "\"%s\"", Render(val->val.addr_val).c_str()); return result;
-
-  case TYPE_INTERVAL:
-  case TYPE_TIME:	
-    sprintf(result, "%"PRIu64"", (uint64) (val->val.double_val * 1000)); return result;
-  case TYPE_DOUBLE:
-    sprintf(result, "%s", Render(val->val.double_val).c_str()); return result;
-
-  case TYPE_ENUM:
-  case TYPE_STRING:
-  case TYPE_FILE:
-  case TYPE_FUNC:
-    {
-      int size = val->val.string_val->size();
-      const char* data = val->val.string_val->data();
-      
-      if ( ! size )
-	return 0;
-      sprintf(result, "\"%s\"", data); return result;
-    }
-
-  case TYPE_TABLE:
-    {
-      char* tmp = new char[MAX_EVENT_SIZE];
-      int tmp_offset = 0;
-      strcpy(tmp, "{");
-      tmp_offset = 1;
-      bool result_seen = false;
-      for ( int j = 0; j < val->val.set_val.size; j++ )
+bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field)
 	{
-	  char* sub_field = FieldToString(val->val.set_val.vals[j], field);
-	  if ( sub_field ){
-	    
-	    if ( result_seen ){
-	      strcpy(tmp + tmp_offset, ",");
-	      tmp_offset += 1;
-	    }
-	    else
-	      result_seen = true;
-	    
-	    sprintf(tmp + tmp_offset, "\"%s\":%s", field->name.c_str(), sub_field);
-	    tmp_offset = strlen(tmp);
-	  }
+	switch ( val->type ) 
+		{
+		// ElasticSearch defines bools as: 0 == false, everything else == true. So we treat it as an int.
+		case TYPE_BOOL:
+		case TYPE_INT:
+			buffer.Add(val->val.int_val);
+			break;
+		
+		case TYPE_COUNT:
+		case TYPE_COUNTER:
+			buffer.Add(val->val.uint_val);
+			break;
+		
+		case TYPE_PORT:
+			buffer.Add(val->val.port_val.port);
+			break;
+		
+		case TYPE_SUBNET:
+			buffer.AddRaw("\"", 1);
+			buffer.Add(Render(val->val.subnet_val));
+			buffer.AddRaw("\"", 1);
+			break;
+		
+		case TYPE_ADDR:
+			buffer.AddRaw("\"", 1);
+			buffer.Add(Render(val->val.addr_val));
+			buffer.AddRaw("\"", 1);
+			break;
+		
+		case TYPE_DOUBLE:
+			buffer.Add(val->val.double_val);
+			break;
+		
+		case TYPE_INTERVAL:
+		case TYPE_TIME:
+			// ElasticSearch uses milliseconds for timestamps
+			buffer.Add((uint64_t) (val->val.double_val * 1000));
+			break;
+		
+		case TYPE_ENUM:
+		case TYPE_STRING:
+		case TYPE_FILE:
+		case TYPE_FUNC:
+			{
+			buffer.AddRaw("\"", 1);
+			for ( uint i = 0; i < val->val.string_val->size(); ++i )
+				{
+				char c = val->val.string_val->data()[i];
+				// HTML entity encode special characters.
+				if ( c < 32 || c > 126 || c == '\n' || c == '"' || c == '\'' || c == '\\' )
+					{
+					buffer.AddRaw("&#", 2);
+					buffer.Add((uint8_t) c);
+					buffer.AddRaw(";", 1);
+					}
+				else
+					buffer.AddRaw(&c, 1);
+				}
+			buffer.AddRaw("\"", 1);
+			break;
+			}
+		
+		case TYPE_TABLE:
+			{
+			buffer.AddRaw("[", 1);
+			for ( int j = 0; j < val->val.set_val.size; j++ )
+				{
+				if ( j > 0 )
+					buffer.AddRaw(",", 1);
+				AddFieldValueToBuffer(val->val.set_val.vals[j], field);
+				}
+			buffer.AddRaw("]", 1);
+			break;
+			}
+			
+		case TYPE_VECTOR:
+			{
+			buffer.AddRaw("[", 1);
+			for ( int j = 0; j < val->val.vector_val.size; j++ )
+				{
+				if ( j > 0 )
+					buffer.AddRaw(",", 1);
+				AddFieldValueToBuffer(val->val.vector_val.vals[j], field);
+				}
+			buffer.AddRaw("]", 1);
+			break;
+			}
+		
+		default:
+			return false;
+		}
+	return true;
 	}
-      strcpy(tmp + tmp_offset, "}");
-      tmp_offset += 1;
-      sprintf(result, "%s", tmp); 
-      return result;
-    }
-    
-  case TYPE_VECTOR:
-    {
-      char* tmp = new char[MAX_EVENT_SIZE];
-      int tmp_offset = 0;
-      strcpy(tmp, "{");
-      tmp_offset = 1;
-      bool result_seen = false;
-      for ( int j = 0; j < val->val.vector_val.size; j++ )
+
+bool ElasticSearch::AddFieldToBuffer(Value* val, const Field* field)
 	{
-	  char* sub_field = FieldToString(val->val.vector_val.vals[j], field);
-	  if ( sub_field ){
-	    
-	    if ( result_seen ){
-	      strcpy(tmp + tmp_offset, ",");
-	      tmp_offset += 1;
-	    }
-	    else
-	      result_seen = true;
-	    
-	    sprintf(tmp + tmp_offset, "\"%s\":%s", field->name.c_str(), sub_field);
-	    tmp_offset = strlen(tmp);
-	  }
-	}
-      strcpy(tmp + tmp_offset, "}");
-      tmp_offset += 1;
-      sprintf(result, "%s", tmp); 
-      return result;
-    }
-
-  default:
-    {
-      return (char *)"{}";
-    }
-
-  }
-
-}
-
-char* ElasticSearch::AddFieldToBuffer(Value* val, const Field* field)
-	{
-    	if ( ! val->present )
-	  return 0;
+	if ( ! val->present )
+		return false;
 	
-	char* result = new char[MAX_EVENT_SIZE];
-	sprintf(result, "\"%s\":%s", field->name.c_str(), FieldToString(val, field));
-	return result;
-
+	buffer.AddRaw("\"", 1);
+	buffer.Add(field->name);
+	buffer.AddRaw("\":", 2);
+	AddFieldValueToBuffer(val, field);
+	return true;
 	}
 
 bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields,
 			     Value** vals)
 	{
-	  // Our action line looks like:
-	  //   {"index":{"_index":"$index_name","_type":"$type_prefix$path"}}\n{
-	  
-	  bool resultSeen = false;
-
-	  for ( int i = 0; i < num_fields; i++ )
+	// Our action line looks like:
+	//   {"index":{"_index":"$index_name","_type":"$type_prefix$path"}}\n
+	if ( counter == 0 )
 		{
-		char* result = AddFieldToBuffer(vals[i], fields[i]);
-		if ( result ) {
-		  if ( ! resultSeen ) {
-		    current_offset += sprintf(buffer + current_offset, "{\"index\":{\"_index\":\"%s\",\"_type\":\"%s%s\"}\n{", index_name, type_prefix, Path().c_str());
-		    resultSeen = true;
-		  }
-		  else {
-		    strcat(buffer, ",");
-		    current_offset += 1;
-		  }
-		  strcat(buffer, result);
-		  current_offset += strlen(result);
+		buffer.AddRaw("{\"index\":{\"_index\":\"", 20);
+		buffer.AddN((const char*) BifConst::LogElasticSearch::index_name->Bytes(),
+		            BifConst::LogElasticSearch::index_name->Len());
+		buffer.AddRaw("\",\"_type\":\"", 11);
+		buffer.AddN((const char*) BifConst::LogElasticSearch::type_prefix->Bytes(),
+		            BifConst::LogElasticSearch::type_prefix->Len());
+		buffer.Add(Path());
+		buffer.AddRaw("\"}\n", 3);
+		}
+	
+	for ( int i = 0; i < num_fields; i++ )
+		{
+		if ( i == 0 )
+			buffer.AddRaw("{", 1);
+		else if ( buffer.Bytes()[buffer.Len()] != ',' && vals[i]->present )
+			buffer.AddRaw(",", 1);
+		AddFieldToBuffer(vals[i], fields[i]);
+		}
+		
+	buffer.AddRaw("}\n", 2);
+	
+	counter++;
+	if ( counter >= BifConst::LogElasticSearch::batch_size )
+		{
+		HTTPSend();
+		buffer.Clear();
+		counter = 0;
 		}
-	      }
-
-	  if ( resultSeen ) {
-	    strcat(buffer, "}\n");
-	    current_offset += 2;
-	    counter += 1;
-	    if ( counter >= batch_size ){
-	      BatchIndex();
-	      current_offset = 0;
-	      buffer[current_offset] = 0;
-	      counter = 0;
-	    }
-	  }
 	return true;
 	}
 
 bool ElasticSearch::DoRotate(string rotated_path, double open, double close, bool terminating)
 	{
-	  //TODO: Determine what, if anything, needs to be done here.
+	//TODO: Determine what, if anything, needs to be done here.
 	return true;
 	}
 
@@ -264,52 +220,54 @@ bool ElasticSearch::DoSetBuf(bool enabled)
 // HTTP Functions start here.
 
 CURL* ElasticSearch::HTTPSetup()
-{
-  char URL[2048];
-  CURL* handle;
-  struct curl_slist *headers=NULL;
-  
-  handle = curl_easy_init();
-  if ( ! handle )
-    return handle;
-  
-  sprintf(URL, "http://%s:%d/_bulk", server_host, (int) server_port);
-  curl_easy_setopt(handle, CURLOPT_URL, URL);
+	{
+	const char *URL = fmt("http://%s:%d/_bulk", BifConst::LogElasticSearch::server_host->CheckString(),
+	                                            (int) BifConst::LogElasticSearch::server_port);;
+	CURL* handle;
+	struct curl_slist *headers=NULL;
+	
+	handle = curl_easy_init();
+	if ( ! handle )
+		return handle;
+	
+	//sprintf(URL, "http://%s:%d/_bulk", BifConst::LogElasticSearch::server_host->CheckString(), (int) BifConst::LogElasticSearch::server_port);
+	curl_easy_setopt(handle, CURLOPT_URL, URL);
+	
+	headers = curl_slist_append(NULL, "Content-Type: text/json; charset=utf-8");
+	curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers);
+	
+	curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, &logging::writer::ElasticSearch::HTTPReceive); // This gets called with the result.
+	curl_easy_setopt(handle, CURLOPT_POST, 1); // All requests are POSTs
+	
+	// HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. The best (only?) way to disable that is to
+	// just use HTTP 1.0
+	curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
+	return handle;
+	}
 
-  headers = curl_slist_append(NULL, "Content-Type: text/json; charset=utf-8");
-  curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers);
-
-  curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, &logging::writer::ElasticSearch::HTTPReceive); // This gets called with the result.
-  curl_easy_setopt(handle, CURLOPT_POST, 1); // All requests are POSTs
-
-  // HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. The best (only?) way to disable that is to
-  // just use HTTP 1.0
-  curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
-  return handle;
-  
-}
-
-bool ElasticSearch::HTTPReceive(void* ptr, int size, int nmemb, void* userdata){
-  //TODO: Do some verification on the result?
-  return true;
-}
+bool ElasticSearch::HTTPReceive(void* ptr, int size, int nmemb, void* userdata)
+	{
+	//TODO: Do some verification on the result?
+	return true;
+	}
 
 bool ElasticSearch::HTTPSend(){
-  CURLcode return_code;
-  
-  curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, curl_result);
-  curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer);
-  curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE, current_offset);
-  
-  return_code = curl_easy_perform(curl_handle);
-  switch(return_code) {
-  case CURLE_COULDNT_CONNECT:
-  case CURLE_COULDNT_RESOLVE_HOST:
-  case CURLE_WRITE_ERROR:
-    return false;
-  default:
-    return true;
-  }
+	CURLcode return_code;
+	
+	curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, curl_result);
+	curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer.Bytes());
+	curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE, buffer.Len());
+	
+	return_code = curl_easy_perform(curl_handle);
+	switch(return_code) {
+	case CURLE_COULDNT_CONNECT:
+	case CURLE_COULDNT_RESOLVE_HOST:
+	case CURLE_WRITE_ERROR:
+		return false;
+	
+	default:
+		return true;
+	}
 }
 
 #endif
diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h
index ad3729f6da..21e9bdfe08 100644
--- a/src/logging/writers/ElasticSearch.h
+++ b/src/logging/writers/ElasticSearch.h
@@ -34,17 +34,15 @@ protected:
 	virtual bool DoFinish();
 
 private:
-	char* AddFieldToBuffer(threading::Value* val, const threading::Field* field);
-	char* FieldToString(threading::Value* val, const threading::Field* field);
-	bool BatchIndex();
+	bool AddFieldToBuffer(threading::Value* val, const threading::Field* field);
+	bool AddFieldValueToBuffer(threading::Value* val, const threading::Field* field);
 	
 	CURL* HTTPSetup();
 	bool HTTPReceive(void* ptr, int size, int nmemb, void* userdata);
 	bool HTTPSend();
 	
 	// Buffers, etc.
-	char* buffer;
-	int current_offset;
+	ODesc buffer;
 	uint64 counter;
 
 	CURL* curl_handle;
@@ -54,19 +52,7 @@ private:
 	char* cluster_name;
 	int cluster_name_len;
 
-	char* server_host;
-	int server_host_len;
-
-	uint64 server_port;
-
-	char* index_name;
-	int index_name_len;
-
-	char* type_prefix;
-	int type_prefix_len;
-	
 	uint64 batch_size;
-
 };
 
 }

From a4df914ab7cab585abb1b456a048a5ae5e0f5e65 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Fri, 15 Jun 2012 20:53:09 -0400
Subject: [PATCH 17/60] Reduce the batch size to 1000 and add a maximum time
 interval for batches.

---
 .../logging/writers/elasticsearch.bro         |  7 ++-
 src/logging.bif                               |  1 +
 src/logging/writers/ElasticSearch.cc          | 53 +++++++++++++------
 src/logging/writers/ElasticSearch.h           |  9 ++--
 4 files changed, 50 insertions(+), 20 deletions(-)

diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro
index 7f968d0042..e2d14a68e3 100644
--- a/scripts/base/frameworks/logging/writers/elasticsearch.bro
+++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro
@@ -20,6 +20,11 @@ export {
 	## The batch size is the number of messages that will be queued up before 
 	## they are sent to be bulk indexed.
 	## Note: this is mainly a memory usage parameter.
-	const batch_size = 10000 &redef;
+	const batch_size = 1000 &redef;
+	
+	## The maximum amount of wall-clock time that is allowed to pass without
+	## finishing a bulk log send.  This represents the maximum delay you 
+	## would like to have with your logs before they show up in ElasticSearch.
+	const max_batch_interval = 1min &redef;
 }
 
diff --git a/src/logging.bif b/src/logging.bif
index 308ea78b7a..5434ac3705 100644
--- a/src/logging.bif
+++ b/src/logging.bif
@@ -92,3 +92,4 @@ const server_port: count;
 const index_name: string;
 const type_prefix: string;
 const batch_size: count;
+const max_batch_interval: interval;
diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index d8c4bee306..ed1c046143 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -32,6 +32,7 @@ ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend)
 	
 	buffer.Clear();
 	counter = 0;
+	last_send = current_time();
 	
 	curl_handle = HTTPSetup();
 	curl_result = new char[1024];
@@ -58,12 +59,21 @@ bool ElasticSearch::DoFinish()
 	{
 	return WriterBackend::DoFinish();
 	}
+	
+bool ElasticSearch::BatchIndex()
+	{
+	HTTPSend();
+	buffer.Clear();
+	counter = 0;
+	last_send = current_time();
+	return true;
+	}
 
 bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field)
 	{
 	switch ( val->type ) 
 		{
-		// ElasticSearch defines bools as: 0 == false, everything else == true. So we treat it as an int.
+		// ES treats 0 as false and any other value as true so bool types go here.
 		case TYPE_BOOL:
 		case TYPE_INT:
 			buffer.Add(val->val.int_val);
@@ -197,11 +207,8 @@ bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields,
 	
 	counter++;
 	if ( counter >= BifConst::LogElasticSearch::batch_size )
-		{
-		HTTPSend();
-		buffer.Clear();
-		counter = 0;
-		}
+		BatchIndex();
+	
 	return true;
 	}
 
@@ -217,6 +224,18 @@ bool ElasticSearch::DoSetBuf(bool enabled)
 	return true;
 	}
 
+bool ElasticSearch::DoHeartbeat(double network_time, double current_time)
+	{
+	if ( last_send > 0 &&
+	     current_time-last_send > BifConst::LogElasticSearch::max_batch_interval )
+		{
+		BatchIndex();
+		}
+	
+	return true;
+	}
+
+
 // HTTP Functions start here.
 
 CURL* ElasticSearch::HTTPSetup()
@@ -251,7 +270,8 @@ bool ElasticSearch::HTTPReceive(void* ptr, int size, int nmemb, void* userdata)
 	return true;
 	}
 
-bool ElasticSearch::HTTPSend(){
+bool ElasticSearch::HTTPSend()
+	{
 	CURLcode return_code;
 	
 	curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, curl_result);
@@ -259,15 +279,16 @@ bool ElasticSearch::HTTPSend(){
 	curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE, buffer.Len());
 	
 	return_code = curl_easy_perform(curl_handle);
-	switch(return_code) {
-	case CURLE_COULDNT_CONNECT:
-	case CURLE_COULDNT_RESOLVE_HOST:
-	case CURLE_WRITE_ERROR:
-		return false;
-	
-	default:
-		return true;
+	switch ( return_code ) 
+		{
+		case CURLE_COULDNT_CONNECT:
+		case CURLE_COULDNT_RESOLVE_HOST:
+		case CURLE_WRITE_ERROR:
+			return false;
+		
+		default:
+			return true;
+		}
 	}
-}
 
 #endif
diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h
index 21e9bdfe08..a366dd7020 100644
--- a/src/logging/writers/ElasticSearch.h
+++ b/src/logging/writers/ElasticSearch.h
@@ -32,10 +32,12 @@ protected:
 			      double close, bool terminating);
 	virtual bool DoFlush();
 	virtual bool DoFinish();
+	virtual bool DoHeartbeat(double network_time, double current_time);
 
 private:
 	bool AddFieldToBuffer(threading::Value* val, const threading::Field* field);
 	bool AddFieldValueToBuffer(threading::Value* val, const threading::Field* field);
+	bool BatchIndex();
 	
 	CURL* HTTPSetup();
 	bool HTTPReceive(void* ptr, int size, int nmemb, void* userdata);
@@ -44,14 +46,15 @@ private:
 	// Buffers, etc.
 	ODesc buffer;
 	uint64 counter;
-
+	double last_send;
+	
 	CURL* curl_handle;
 	char* curl_result;
-
+	
 	// From scripts
 	char* cluster_name;
 	int cluster_name_len;
-
+	
 	uint64 batch_size;
 };
 

From ca5eb5382ab9d67ce340e64b1692ef681c3167da Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Fri, 15 Jun 2012 21:06:06 -0400
Subject: [PATCH 18/60] Flush logs to ES daemon as Bro is shutting down.

---
 src/logging/writers/ElasticSearch.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index ed1c046143..5e1efa504e 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -51,12 +51,12 @@ bool ElasticSearch::DoInit(string path, int num_fields, const Field* const * fie
 
 bool ElasticSearch::DoFlush()
 	{
-	//TODO: Send flush command to ElasticSearch
 	return true;
 	}
 
 bool ElasticSearch::DoFinish()
 	{
+	BatchIndex();
 	return WriterBackend::DoFinish();
 	}
 	
@@ -120,7 +120,7 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field)
 				{
 				char c = val->val.string_val->data()[i];
 				// HTML entity encode special characters.
-				if ( c < 32 || c > 126 || c == '\n' || c == '"' || c == '\'' || c == '\\' )
+				if ( c < 32 || c > 126 || c == '\n' || c == '"' || c == '\'' || c == '\\' || c == '&' )
 					{
 					buffer.AddRaw("&#", 2);
 					buffer.Add((uint8_t) c);

From 8334dceadb748a93effda4828db2439554fb532f Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Fri, 15 Jun 2012 22:19:51 -0400
Subject: [PATCH 19/60] Changed the escaping method.

---
 src/logging/writers/ElasticSearch.cc | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index 5e1efa504e..a2019df9fe 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -122,9 +122,13 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field)
 				// HTML entity encode special characters.
 				if ( c < 32 || c > 126 || c == '\n' || c == '"' || c == '\'' || c == '\\' || c == '&' )
 					{
-					buffer.AddRaw("&#", 2);
-					buffer.Add((uint8_t) c);
-					buffer.AddRaw(";", 1);
+					static const char hex_chars[] = "0123456789abcdef";
+					buffer.AddRaw("\\u00", 4);
+					buffer.AddRaw(&hex_chars[(c & 0xf0) >> 4], 1);
+					buffer.AddRaw(&hex_chars[c & 0x0f], 1);
+					//buffer.AddRaw("&#//", 2);
+					//buffer.Add((uint8_t) c);
+					//buffer.AddRaw(";", 1);
 					}
 				else
 					buffer.AddRaw(&c, 1);

From b1561437e9d3bd8dfcf3fded3ff7ceca274d70e4 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Sat, 16 Jun 2012 00:35:40 -0400
Subject: [PATCH 20/60] Forgot to call the parent method for DoHeartBeat.

---
 src/logging/writers/ElasticSearch.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index a2019df9fe..46282404a6 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -236,7 +236,7 @@ bool ElasticSearch::DoHeartbeat(double network_time, double current_time)
 		BatchIndex();
 		}
 	
-	return true;
+	return WriterBackend::DoHeartbeat(network_time, current_time);
 	}
 
 

From cd8169dda3150918a29eca21ca1fd7e7dcfc6ed2 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Sat, 16 Jun 2012 22:22:40 -0400
Subject: [PATCH 21/60] Bug fix and feature.

- Fixed bug with how data is sent to elasticsearch.

- Added a feature to only allow data of a certain
  size to be buffered before sending to the
  elasticsearch server.  Configured with the
  LogElasticSearch::max_byte_size variable.
---
 .../logging/writers/elasticsearch.bro         |  6 +++-
 src/logging.bif                               |  3 +-
 src/logging/writers/ElasticSearch.cc          | 29 +++++++++----------
 3 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro
index e2d14a68e3..b262201c85 100644
--- a/scripts/base/frameworks/logging/writers/elasticsearch.bro
+++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro
@@ -20,11 +20,15 @@ export {
 	## The batch size is the number of messages that will be queued up before 
 	## they are sent to be bulk indexed.
 	## Note: this is mainly a memory usage parameter.
-	const batch_size = 1000 &redef;
+	const max_batch_size = 1000 &redef;
 	
 	## The maximum amount of wall-clock time that is allowed to pass without
 	## finishing a bulk log send.  This represents the maximum delay you 
 	## would like to have with your logs before they show up in ElasticSearch.
 	const max_batch_interval = 1min &redef;
+	
+	## The maximum byte size for a buffered JSON string to send to the bulk
+	## insert API.
+	const max_byte_size = 1024 * 1024 &redef;
 }
 
diff --git a/src/logging.bif b/src/logging.bif
index 5434ac3705..cbae66efdb 100644
--- a/src/logging.bif
+++ b/src/logging.bif
@@ -91,5 +91,6 @@ const server_host: string;
 const server_port: count;
 const index_name: string;
 const type_prefix: string;
-const batch_size: count;
+const max_batch_size: count;
 const max_batch_interval: interval;
+const max_byte_size: count;
diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index 46282404a6..fd028e9b68 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -186,31 +186,27 @@ bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields,
 	{
 	// Our action line looks like:
 	//   {"index":{"_index":"$index_name","_type":"$type_prefix$path"}}\n
-	if ( counter == 0 )
-		{
-		buffer.AddRaw("{\"index\":{\"_index\":\"", 20);
-		buffer.AddN((const char*) BifConst::LogElasticSearch::index_name->Bytes(),
-		            BifConst::LogElasticSearch::index_name->Len());
-		buffer.AddRaw("\",\"_type\":\"", 11);
-		buffer.AddN((const char*) BifConst::LogElasticSearch::type_prefix->Bytes(),
-		            BifConst::LogElasticSearch::type_prefix->Len());
-		buffer.Add(Path());
-		buffer.AddRaw("\"}\n", 3);
-		}
+	buffer.AddRaw("{\"index\":{\"_index\":\"", 20);
+	buffer.AddN((const char*) BifConst::LogElasticSearch::index_name->Bytes(),
+	            BifConst::LogElasticSearch::index_name->Len());
+	buffer.AddRaw("\",\"_type\":\"", 11);
+	buffer.AddN((const char*) BifConst::LogElasticSearch::type_prefix->Bytes(),
+	            BifConst::LogElasticSearch::type_prefix->Len());
+	buffer.Add(Path());
+	buffer.AddRaw("\"}\n", 3);
 	
+	buffer.AddRaw("{", 1);
 	for ( int i = 0; i < num_fields; i++ )
 		{
-		if ( i == 0 )
-			buffer.AddRaw("{", 1);
-		else if ( buffer.Bytes()[buffer.Len()] != ',' && vals[i]->present )
+		if ( i > 0 && buffer.Bytes()[buffer.Len()] != ',' && vals[i]->present )
 			buffer.AddRaw(",", 1);
 		AddFieldToBuffer(vals[i], fields[i]);
 		}
-		
 	buffer.AddRaw("}\n", 2);
 	
 	counter++;
-	if ( counter >= BifConst::LogElasticSearch::batch_size )
+	if ( counter >= BifConst::LogElasticSearch::max_batch_size ||
+	     uint(buffer.Len()) >= BifConst::LogElasticSearch::max_byte_size )
 		BatchIndex();
 	
 	return true;
@@ -219,6 +215,7 @@ bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields,
 bool ElasticSearch::DoRotate(string rotated_path, double open, double close, bool terminating)
 	{
 	//TODO: Determine what, if anything, needs to be done here.
+	
 	return true;
 	}
 

From 57980c86e62dc4dbbd95efe8cc761f84ac1c2d85 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Sun, 17 Jun 2012 21:41:29 -0400
Subject: [PATCH 22/60] Bug fixes.

- The curl handle is now cleaned up correctly.

- Interval values are now treated as doubles.  Treating them as uint64_t
  was wrong because intervals can be negative.  There is also no obvious
  benefit in elasticsearch to converting the value to milliseconds.
---
 src/logging/writers/ElasticSearch.cc | 7 +++----
 src/logging/writers/ElasticSearch.h  | 1 -
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index fd028e9b68..402a2f21ad 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -35,8 +35,7 @@ ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend)
 	last_send = current_time();
 	
 	curl_handle = HTTPSetup();
-	curl_result = new char[1024];
-	}
+}
 
 ElasticSearch::~ElasticSearch()
 	{
@@ -57,6 +56,7 @@ bool ElasticSearch::DoFlush()
 bool ElasticSearch::DoFinish()
 	{
 	BatchIndex();
+	curl_easy_cleanup(curl_handle);
 	return WriterBackend::DoFinish();
 	}
 	
@@ -101,10 +101,10 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field)
 			break;
 		
 		case TYPE_DOUBLE:
+		case TYPE_INTERVAL:
 			buffer.Add(val->val.double_val);
 			break;
 		
-		case TYPE_INTERVAL:
 		case TYPE_TIME:
 			// ElasticSearch uses milliseconds for timestamps
 			buffer.Add((uint64_t) (val->val.double_val * 1000));
@@ -275,7 +275,6 @@ bool ElasticSearch::HTTPSend()
 	{
 	CURLcode return_code;
 	
-	curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, curl_result);
 	curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer.Bytes());
 	curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE, buffer.Len());
 	
diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h
index a366dd7020..bd1351214b 100644
--- a/src/logging/writers/ElasticSearch.h
+++ b/src/logging/writers/ElasticSearch.h
@@ -49,7 +49,6 @@ private:
 	double last_send;
 	
 	CURL* curl_handle;
-	char* curl_result;
 	
 	// From scripts
 	char* cluster_name;

From cb7eac212e33ec60e21886a793e73b346aba0ba1 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Sun, 17 Jun 2012 22:55:11 -0400
Subject: [PATCH 23/60] Small updates and a little standardization for
 config.h.in naming.

---
 CMakeLists.txt                       | 11 ++++++-----
 config.h.in                          |  7 +++++--
 configure                            |  1 -
 doc/logging-elasticsearch.rst        |  9 ++++-----
 src/logging/Manager.cc               |  4 ++--
 src/logging/writers/ElasticSearch.cc |  6 +++---
 src/main.cc                          | 12 ++++++++++++
 7 files changed, 32 insertions(+), 18 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4b1cccf8dc..14cf66ac19 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -122,13 +122,13 @@ if (LINTEL_FOUND AND DATASERIES_FOUND AND LIBXML2_FOUND)
 	list(APPEND OPTLIBS ${LibXML2_LIBRARIES})
 endif()
 
-set(USE_LIBCURL false)
+set(USE_CURL false)
 find_package(CURL)
 if (CURL_FOUND)
-  set(USE_LIBCURL true)
+  set(USE_CURL true)
   include_directories(BEFORE ${CURL_INCLUDE_DIR})
   list(APPEND OPTLIBS ${CURL_LIBRARIES})
-  set(INSTALL_ELASTICSEARCH true)
+  set(USE_ELASTICSEARCH true)
 endif()
 
 if (ENABLE_PERFTOOLS_DEBUG)
@@ -218,13 +218,14 @@ message(
     "\nBroccoli:          ${INSTALL_BROCCOLI}"
     "\nBroctl:            ${INSTALL_BROCTL}"
     "\nAux. Tools:        ${INSTALL_AUX_TOOLS}"
-    "\nElasticSearch:     ${INSTALL_ELASTICSEARCH}"
     "\n"
     "\nGeoIP:             ${USE_GEOIP}"
     "\nGoogle perftools:  ${USE_PERFTOOLS}"
     "\n       debugging:  ${USE_PERFTOOLS_DEBUG}"
+    "\ncURL:              ${USE_CURL}"
+    "\n"
     "\nDataSeries:        ${USE_DATASERIES}"
-    "\nlibCURL:           ${USE_LIBCURL}"
+    "\nElasticSearch:     ${USE_ELASTICSEARCH}"
     "\n"
     "\n================================================================\n"
 )
diff --git a/config.h.in b/config.h.in
index 66121cefbf..aa286736fd 100644
--- a/config.h.in
+++ b/config.h.in
@@ -114,11 +114,14 @@
 /* Analyze Mobile IPv6 traffic */
 #cmakedefine ENABLE_MOBILE_IPV6
 
+/* Use libCurl. */
+#cmakedefine USE_CURL
+
 /* Use the DataSeries writer. */
 #cmakedefine USE_DATASERIES
 
-/* Build the ElasticSearch writer. */
-#cmakedefine INSTALL_ELASTICSEARCH
+/* Use the ElasticSearch writer. */
+#cmakedefine USE_ELASTICSEARCH
 
 /* Version number of package */
 #define VERSION "@VERSION@"
diff --git a/configure b/configure
index 801fb1e801..3258d4abfc 100755
--- a/configure
+++ b/configure
@@ -98,7 +98,6 @@ append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $prefix/share/bro
 append_cache_entry BRO_ETC_INSTALL_DIR  PATH   $prefix/etc
 append_cache_entry ENABLE_DEBUG         BOOL   false
 append_cache_entry ENABLE_PERFTOOLS_DEBUG BOOL false
-append_cache_entry INSTALL_ELASTICSEARCH BOOL false
 append_cache_entry BinPAC_SKIP_INSTALL  BOOL   true
 append_cache_entry BUILD_SHARED_LIBS    BOOL   true
 append_cache_entry INSTALL_AUX_TOOLS    BOOL   true
diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst
index 4fce470d4a..26b49f3a0b 100644
--- a/doc/logging-elasticsearch.rst
+++ b/doc/logging-elasticsearch.rst
@@ -26,16 +26,15 @@ ElasticSearch with::
 Compiling Bro with ElasticSearch Support
 ----------------------------------------
 
-First, ensure that you have libcurl installed. Secondly, set the 
-``--enable-elasticsearch`` option::
+First, ensure that you have libcurl installed the run configure.::
 
-    # ./configure --enable-elasticsearch
+    # ./configure
     [...]
     ====================|  Bro Build Summary  |=====================
     [...]
-    ElasticSearch:     true
+    cURL:              true
     [...]
-    libCURL:           true
+    ElasticSearch:     true
     [...]
     ================================================================
 
diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc
index 5c1203fd91..5562b3b867 100644
--- a/src/logging/Manager.cc
+++ b/src/logging/Manager.cc
@@ -17,7 +17,7 @@
 #include "writers/Ascii.h"
 #include "writers/None.h"
 
-#ifdef INSTALL_ELASTICSEARCH
+#ifdef USE_ELASTICSEARCH
 #include "writers/ElasticSearch.h"
 #endif
 
@@ -40,7 +40,7 @@ WriterDefinition log_writers[] = {
 	{ BifEnum::Log::WRITER_NONE,  "None", 0, writer::None::Instantiate },
 	{ BifEnum::Log::WRITER_ASCII, "Ascii", 0, writer::Ascii::Instantiate },
 
-#ifdef INSTALL_ELASTICSEARCH
+#ifdef USE_ELASTICSEARCH
 	{ BifEnum::Log::WRITER_ELASTICSEARCH, "ElasticSearch", 0, writer::ElasticSearch::Instantiate },
 #endif
 
diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index 402a2f21ad..494c48f286 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -2,7 +2,7 @@
 
 #include "config.h"
 
-#ifdef INSTALL_ELASTICSEARCH
+#ifdef USE_ELASTICSEARCH
 
 #include <string>
 #include <errno.h>
@@ -261,7 +261,7 @@ CURL* ElasticSearch::HTTPSetup()
 	
 	// HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. The best (only?) way to disable that is to
 	// just use HTTP 1.0
-	curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
+	//curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
 	return handle;
 	}
 
@@ -275,8 +275,8 @@ bool ElasticSearch::HTTPSend()
 	{
 	CURLcode return_code;
 	
+	curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE_LARGE, buffer.Len());
 	curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer.Bytes());
-	curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE, buffer.Len());
 	
 	return_code = curl_easy_perform(curl_handle);
 	switch ( return_code ) 
diff --git a/src/main.cc b/src/main.cc
index b1d0a4d723..04aa83b832 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -12,6 +12,10 @@
 #include <getopt.h>
 #endif
 
+#ifdef USE_CURL
+#include <curl/curl.h>
+#endif
+
 #ifdef USE_IDMEF
 extern "C" {
 #include <libidmef/idmefxml.h>
@@ -716,6 +720,10 @@ int main(int argc, char** argv)
 	SSL_library_init();
 	SSL_load_error_strings();
 
+#ifdef USE_CURL
+	curl_global_init(CURL_GLOBAL_ALL);
+#endif
+
 	// FIXME: On systems that don't provide /dev/urandom, OpenSSL doesn't
 	// seed the PRNG. We should do this here (but at least Linux, FreeBSD
 	// and Solaris provide /dev/urandom).
@@ -1066,6 +1074,10 @@ int main(int argc, char** argv)
 		done_with_network();
 		net_delete();
 
+#ifdef USE_CURL
+		curl_global_cleanup();
+#endif
+		
 		terminate_bro();
 
 		// Close files after net_delete(), because net_delete()

From 52ceee8c869ac04d0bbf74ec8296ef983e182742 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Mon, 18 Jun 2012 01:31:52 -0400
Subject: [PATCH 24/60] Fixed a bug with messed up time value passing to
 elasticsearch.

---
 src/logging/writers/ElasticSearch.cc | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index 494c48f286..75a4e0514f 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -106,9 +106,19 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field)
 			break;
 		
 		case TYPE_TIME:
-			// ElasticSearch uses milliseconds for timestamps
-			buffer.Add((uint64_t) (val->val.double_val * 1000));
+			{
+			// ElasticSearch uses milliseconds for timestamps and json only
+			// supports signed ints (uints can be too large).
+			uint64_t ts = (uint64_t) (val->val.double_val * 1000);
+			if ( ts >= INT64_MAX )
+				{
+				Error(Fmt("time value too large: %" PRIu64, ts));
+				buffer.AddRaw("null", 4);
+				}
+			else
+				buffer.Add(ts);
 			break;
+			}
 		
 		case TYPE_ENUM:
 		case TYPE_STRING:
@@ -261,7 +271,7 @@ CURL* ElasticSearch::HTTPSetup()
 	
 	// HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. The best (only?) way to disable that is to
 	// just use HTTP 1.0
-	//curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
+	curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
 	return handle;
 	}
 

From 95f4390cb632f2c445ed45a6670b6ad8266e49c5 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Mon, 18 Jun 2012 02:03:43 -0400
Subject: [PATCH 25/60] Adding an extra header.

---
 src/logging/writers/ElasticSearch.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index 75a4e0514f..c137505811 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -6,6 +6,7 @@
 
 #include <string>
 #include <errno.h>
+#include <stdint.h>
 
 #include "util.h"
 #include "BroString.h"

From 7fc96a8c0f012d22f6cba7a38869108c7f9fef4d Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Mon, 18 Jun 2012 15:49:00 -0400
Subject: [PATCH 26/60] Adding a define to make the stdint C macros available.

---
 src/logging/writers/ElasticSearch.cc | 1 -
 src/util.h                           | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index c137505811..75a4e0514f 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -6,7 +6,6 @@
 
 #include <string>
 #include <errno.h>
-#include <stdint.h>
 
 #include "util.h"
 #include "BroString.h"
diff --git a/src/util.h b/src/util.h
index 6b237edfd8..559a155626 100644
--- a/src/util.h
+++ b/src/util.h
@@ -13,6 +13,7 @@
 // Expose C99 functionality from inttypes.h, which would otherwise not be
 // available in C++.
 #define __STDC_FORMAT_MACROS
+#define __STDC_LIMIT_MACROS
 #include <inttypes.h>
 
 #if __STDC__

From 84e91b8b8d18e310c0f61372a19434c19dfdd709 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Mon, 9 Jul 2012 16:38:05 -0400
Subject: [PATCH 27/60] Bringing elasticsearch branch up to date with master.

---
 scripts/base/frameworks/logging/__load__.bro  |   3 +-
 .../logging/writers/elasticsearch.bro         |   2 +-
 src/logging.bif                               |   2 +-
 src/logging/writers/ElasticSearch.cc          | 221 ++++++++++++------
 src/logging/writers/ElasticSearch.h           |  22 +-
 5 files changed, 167 insertions(+), 83 deletions(-)

diff --git a/scripts/base/frameworks/logging/__load__.bro b/scripts/base/frameworks/logging/__load__.bro
index 2c2a6d2f59..b65cb1dea3 100644
--- a/scripts/base/frameworks/logging/__load__.bro
+++ b/scripts/base/frameworks/logging/__load__.bro
@@ -2,4 +2,5 @@
 @load ./postprocessors
 @load ./writers/ascii
 @load ./writers/dataseries
-@load ./writers/elasticsearch@load ./writers/none
+@load ./writers/elasticsearch
+@load ./writers/none
diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro
index b262201c85..93c6c98705 100644
--- a/scripts/base/frameworks/logging/writers/elasticsearch.bro
+++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro
@@ -11,7 +11,7 @@ export {
 	const server_port = 9200 &redef;
 
 	## Name of the ES index
-	const index_name = "bro" &redef;
+	const index_prefix = "bro" &redef;
 
 	## The ES type prefix comes before the name of the related log.
 	## e.g. prefix = "bro_" would create types of bro_dns, bro_software, etc.
diff --git a/src/logging.bif b/src/logging.bif
index 23b9378b26..3cdb414d80 100644
--- a/src/logging.bif
+++ b/src/logging.bif
@@ -89,7 +89,7 @@ module LogElasticSearch;
 const cluster_name: string;
 const server_host: string;
 const server_port: count;
-const index_name: string;
+const index_prefix: string;
 const type_prefix: string;
 const max_batch_size: count;
 const max_batch_interval: interval;
diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index 75a4e0514f..6d2f8363cc 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -30,8 +30,17 @@ ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend)
 	memcpy(cluster_name, BifConst::LogElasticSearch::cluster_name->Bytes(), cluster_name_len);
 	cluster_name[cluster_name_len] = 0;
 	
+	index_prefix = string((const char*) BifConst::LogElasticSearch::index_prefix->Bytes(), BifConst::LogElasticSearch::index_prefix->Len());
+	
+	es_server = string(Fmt("http://%s:%d", BifConst::LogElasticSearch::server_host->Bytes(),
+	                                       (int) BifConst::LogElasticSearch::server_port));
+	bulk_url = string(Fmt("%s/_bulk", es_server.c_str()));
+	
+	http_headers = curl_slist_append(NULL, "Content-Type: text/json; charset=utf-8");
 	buffer.Clear();
 	counter = 0;
+	current_index = string();
+	prev_index = string();
 	last_send = current_time();
 	
 	curl_handle = HTTPSetup();
@@ -42,67 +51,84 @@ ElasticSearch::~ElasticSearch()
 	delete [] cluster_name;
 	}
 
-bool ElasticSearch::DoInit(string path, int num_fields, const Field* const * fields)
+bool ElasticSearch::DoInit(const WriterInfo& info, int num_fields, const threading::Field* const* fields)
 	{
-	//TODO: Determine what, if anything, needs to be done here.
 	return true;
 	}
 
 bool ElasticSearch::DoFlush()
 	{
+	BatchIndex();
 	return true;
 	}
 
 bool ElasticSearch::DoFinish()
 	{
 	BatchIndex();
+	curl_slist_free_all(http_headers);
 	curl_easy_cleanup(curl_handle);
 	return WriterBackend::DoFinish();
 	}
 	
 bool ElasticSearch::BatchIndex()
 	{
-	HTTPSend();
+	curl_easy_reset(curl_handle);
+	curl_easy_setopt(curl_handle, CURLOPT_URL, bulk_url.c_str());
+	curl_easy_setopt(curl_handle, CURLOPT_POST, 1);
+	curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE_LARGE, (curl_off_t)buffer.Len());
+	curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer.Bytes());
+	HTTPSend(curl_handle);
+	
 	buffer.Clear();
 	counter = 0;
 	last_send = current_time();
+	
 	return true;
 	}
 
-bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field)
+bool ElasticSearch::AddValueToBuffer(ODesc* b, Value* val)
 	{
 	switch ( val->type ) 
 		{
 		// ES treats 0 as false and any other value as true so bool types go here.
 		case TYPE_BOOL:
 		case TYPE_INT:
-			buffer.Add(val->val.int_val);
+			b->Add(val->val.int_val);
 			break;
 		
 		case TYPE_COUNT:
 		case TYPE_COUNTER:
-			buffer.Add(val->val.uint_val);
+			{
+			// ElasticSearch doesn't seem to support unsigned 64bit ints.
+			if ( val->val.uint_val >= INT64_MAX )
+				{
+				Error(Fmt("count value too large: %" PRIu64, val->val.uint_val));
+				b->AddRaw("null", 4);
+				}
+			else
+				b->Add(val->val.uint_val);
 			break;
+			}
 		
 		case TYPE_PORT:
-			buffer.Add(val->val.port_val.port);
+			b->Add(val->val.port_val.port);
 			break;
 		
 		case TYPE_SUBNET:
-			buffer.AddRaw("\"", 1);
-			buffer.Add(Render(val->val.subnet_val));
-			buffer.AddRaw("\"", 1);
+			b->AddRaw("\"", 1);
+			b->Add(Render(val->val.subnet_val));
+			b->AddRaw("\"", 1);
 			break;
 		
 		case TYPE_ADDR:
-			buffer.AddRaw("\"", 1);
-			buffer.Add(Render(val->val.addr_val));
-			buffer.AddRaw("\"", 1);
+			b->AddRaw("\"", 1);
+			b->Add(Render(val->val.addr_val));
+			b->AddRaw("\"", 1);
 			break;
 		
 		case TYPE_DOUBLE:
 		case TYPE_INTERVAL:
-			buffer.Add(val->val.double_val);
+			b->Add(val->val.double_val);
 			break;
 		
 		case TYPE_TIME:
@@ -113,10 +139,10 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field)
 			if ( ts >= INT64_MAX )
 				{
 				Error(Fmt("time value too large: %" PRIu64, ts));
-				buffer.AddRaw("null", 4);
+				b->AddRaw("null", 4);
 				}
 			else
-				buffer.Add(ts);
+				b->Add(ts);
 			break;
 			}
 		
@@ -125,51 +151,48 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field)
 		case TYPE_FILE:
 		case TYPE_FUNC:
 			{
-			buffer.AddRaw("\"", 1);
+			b->AddRaw("\"", 1);
 			for ( uint i = 0; i < val->val.string_val->size(); ++i )
 				{
 				char c = val->val.string_val->data()[i];
-				// HTML entity encode special characters.
+				// 2byte Unicode escape special characters.
 				if ( c < 32 || c > 126 || c == '\n' || c == '"' || c == '\'' || c == '\\' || c == '&' )
 					{
 					static const char hex_chars[] = "0123456789abcdef";
-					buffer.AddRaw("\\u00", 4);
-					buffer.AddRaw(&hex_chars[(c & 0xf0) >> 4], 1);
-					buffer.AddRaw(&hex_chars[c & 0x0f], 1);
-					//buffer.AddRaw("&#//", 2);
-					//buffer.Add((uint8_t) c);
-					//buffer.AddRaw(";", 1);
+					b->AddRaw("\\u00", 4);
+					b->AddRaw(&hex_chars[(c & 0xf0) >> 4], 1);
+					b->AddRaw(&hex_chars[c & 0x0f], 1);
 					}
 				else
-					buffer.AddRaw(&c, 1);
+					b->AddRaw(&c, 1);
 				}
-			buffer.AddRaw("\"", 1);
+			b->AddRaw("\"", 1);
 			break;
 			}
 		
 		case TYPE_TABLE:
 			{
-			buffer.AddRaw("[", 1);
+			b->AddRaw("[", 1);
 			for ( int j = 0; j < val->val.set_val.size; j++ )
 				{
 				if ( j > 0 )
-					buffer.AddRaw(",", 1);
-				AddFieldValueToBuffer(val->val.set_val.vals[j], field);
+					b->AddRaw(",", 1);
+				AddValueToBuffer(b, val->val.set_val.vals[j]);
 				}
-			buffer.AddRaw("]", 1);
+			b->AddRaw("]", 1);
 			break;
 			}
 			
 		case TYPE_VECTOR:
 			{
-			buffer.AddRaw("[", 1);
+			b->AddRaw("[", 1);
 			for ( int j = 0; j < val->val.vector_val.size; j++ )
 				{
 				if ( j > 0 )
-					buffer.AddRaw(",", 1);
-				AddFieldValueToBuffer(val->val.vector_val.vals[j], field);
+					b->AddRaw(",", 1);
+				AddValueToBuffer(b, val->val.vector_val.vals[j]);
 				}
-			buffer.AddRaw("]", 1);
+			b->AddRaw("]", 1);
 			break;
 			}
 		
@@ -179,38 +202,37 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field)
 	return true;
 	}
 
-bool ElasticSearch::AddFieldToBuffer(Value* val, const Field* field)
+bool ElasticSearch::AddFieldToBuffer(ODesc *b, Value* val, const Field* field)
 	{
 	if ( ! val->present )
 		return false;
 	
-	buffer.AddRaw("\"", 1);
-	buffer.Add(field->name);
-	buffer.AddRaw("\":", 2);
-	AddFieldValueToBuffer(val, field);
+	b->AddRaw("\"", 1);
+	b->Add(field->name);
+	b->AddRaw("\":", 2);
+	AddValueToBuffer(b, val);
 	return true;
 	}
 
 bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields,
 			     Value** vals)
 	{
+	if ( current_index.empty() )
+		UpdateIndex(network_time, Info().rotation_interval, Info().rotation_base);
+	
 	// Our action line looks like:
-	//   {"index":{"_index":"$index_name","_type":"$type_prefix$path"}}\n
 	buffer.AddRaw("{\"index\":{\"_index\":\"", 20);
-	buffer.AddN((const char*) BifConst::LogElasticSearch::index_name->Bytes(),
-	            BifConst::LogElasticSearch::index_name->Len());
+	buffer.Add(current_index);
 	buffer.AddRaw("\",\"_type\":\"", 11);
-	buffer.AddN((const char*) BifConst::LogElasticSearch::type_prefix->Bytes(),
-	            BifConst::LogElasticSearch::type_prefix->Len());
-	buffer.Add(Path());
-	buffer.AddRaw("\"}\n", 3);
+	buffer.Add(Info().path);
+	buffer.AddRaw("\"}}\n", 4);
 	
 	buffer.AddRaw("{", 1);
 	for ( int i = 0; i < num_fields; i++ )
 		{
 		if ( i > 0 && buffer.Bytes()[buffer.Len()] != ',' && vals[i]->present )
 			buffer.AddRaw(",", 1);
-		AddFieldToBuffer(vals[i], fields[i]);
+		AddFieldToBuffer(&buffer, vals[i], fields[i]);
 		}
 	buffer.AddRaw("}\n", 2);
 	
@@ -221,10 +243,63 @@ bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields,
 	
 	return true;
 	}
+	
+bool ElasticSearch::UpdateIndex(double now, double rinterval, double rbase)
+	{
+	if ( rinterval == 0 )
+		{
+		// if logs aren't being rotated, don't use a rotation oriented index name.
+		current_index = index_prefix;
+		}
+	else
+		{
+		double nr = calc_next_rotate(now, rinterval, rbase);
+		double interval_beginning = now - (rinterval - nr);
+		
+		struct tm tm;
+		char buf[128];
+		time_t teatime = (time_t)interval_beginning;
+		gmtime_r(&teatime, &tm);
+		strftime(buf, sizeof(buf), "%Y%m%d%H%M", &tm);
+		
+		prev_index = current_index;
+		current_index = index_prefix + "-" + buf;
+		}
+	
+		//printf("%s - prev:%s current:%s\n", Info().path.c_str(), prev_index.c_str(), current_index.c_str());
+	return true;
+	}
+	
 
 bool ElasticSearch::DoRotate(string rotated_path, double open, double close, bool terminating)
 	{
-	//TODO: Determine what, if anything, needs to be done here.
+	// Update the currently used index to the new rotation interval.
+	UpdateIndex(close, Info().rotation_interval, Info().rotation_base);
+	
+	// Only do this stuff if there was a previous index.
+	if ( ! prev_index.empty() )
+		{
+		// FIXME: I think this section is taking too long and causing the thread to die.
+		
+		// Compress the previous index
+		//curl_easy_reset(curl_handle);
+		//curl_easy_setopt(curl_handle, CURLOPT_URL, Fmt("%s/%s/_settings", es_server.c_str(), prev_index.c_str()));
+		//curl_easy_setopt(curl_handle, CURLOPT_CUSTOMREQUEST, "PUT");
+		//curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, "{\"index\":{\"store.compress.stored\":\"true\"}}");
+		//curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE_LARGE, (curl_off_t) 42);
+		//HTTPSend(curl_handle);
+		
+		// Optimize the previous index.
+		// TODO: make this into variables.
+		//curl_easy_reset(curl_handle);
+		//curl_easy_setopt(curl_handle, CURLOPT_URL, Fmt("%s/%s/_optimize?max_num_segments=1&wait_for_merge=false", es_server.c_str(), prev_index.c_str()));
+		//HTTPSend(curl_handle);
+		}
+	
+	//if ( ! FinishedRotation(current_index, prev_index, open, close, terminating) )
+	//	{
+	//	Error(Fmt("error rotating %s to %s", prev_index.c_str(), current_index.c_str()));
+	//	}
 	
 	return true;
 	}
@@ -237,7 +312,7 @@ bool ElasticSearch::DoSetBuf(bool enabled)
 
 bool ElasticSearch::DoHeartbeat(double network_time, double current_time)
 	{
-	if ( last_send > 0 &&
+	if ( last_send > 0 && buffer.Len() > 0 &&
 	     current_time-last_send > BifConst::LogElasticSearch::max_batch_interval )
 		{
 		BatchIndex();
@@ -247,31 +322,15 @@ bool ElasticSearch::DoHeartbeat(double network_time, double current_time)
 	}
 
 
-// HTTP Functions start here.
-
 CURL* ElasticSearch::HTTPSetup()
 	{
-	const char *URL = fmt("http://%s:%d/_bulk", BifConst::LogElasticSearch::server_host->CheckString(),
-	                                            (int) BifConst::LogElasticSearch::server_port);;
-	CURL* handle;
-	struct curl_slist *headers=NULL;
-	
-	handle = curl_easy_init();
+	CURL* handle = curl_easy_init();
 	if ( ! handle )
-		return handle;
+		{
+		Error("cURL did not initialize correctly.");
+		return 0;
+		}
 	
-	//sprintf(URL, "http://%s:%d/_bulk", BifConst::LogElasticSearch::server_host->CheckString(), (int) BifConst::LogElasticSearch::server_port);
-	curl_easy_setopt(handle, CURLOPT_URL, URL);
-	
-	headers = curl_slist_append(NULL, "Content-Type: text/json; charset=utf-8");
-	curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers);
-	
-	curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, &logging::writer::ElasticSearch::HTTPReceive); // This gets called with the result.
-	curl_easy_setopt(handle, CURLOPT_POST, 1); // All requests are POSTs
-	
-	// HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. The best (only?) way to disable that is to
-	// just use HTTP 1.0
-	curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
 	return handle;
 	}
 
@@ -281,14 +340,16 @@ bool ElasticSearch::HTTPReceive(void* ptr, int size, int nmemb, void* userdata)
 	return true;
 	}
 
-bool ElasticSearch::HTTPSend()
+bool ElasticSearch::HTTPSend(CURL *handle)
 	{
-	CURLcode return_code;
+	curl_easy_setopt(handle, CURLOPT_HTTPHEADER, http_headers);
+	curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, &logging::writer::ElasticSearch::HTTPReceive); // This gets called with the result.
+	// HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. 
+	// The best (only?) way to disable that is to just use HTTP 1.0
+	curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
 	
-	curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE_LARGE, buffer.Len());
-	curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer.Bytes());
+	CURLcode return_code = curl_easy_perform(handle);
 	
-	return_code = curl_easy_perform(curl_handle);
 	switch ( return_code ) 
 		{
 		case CURLE_COULDNT_CONNECT:
@@ -296,6 +357,16 @@ bool ElasticSearch::HTTPSend()
 		case CURLE_WRITE_ERROR:
 			return false;
 		
+		case CURLE_OK:
+			{
+			uint http_code = 0;
+			curl_easy_getinfo(curl_handle, CURLINFO_RESPONSE_CODE, &http_code);
+			if ( http_code != 200 )
+				Error(Fmt("Received a non-successful status code back from ElasticSearch server."));
+			
+			return true;
+			}
+		
 		default:
 			return true;
 		}
diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h
index bd1351214b..375845b002 100644
--- a/src/logging/writers/ElasticSearch.h
+++ b/src/logging/writers/ElasticSearch.h
@@ -22,8 +22,8 @@ public:
 protected:
 	// Overidden from WriterBackend.
 
-	virtual bool DoInit(string path, int num_fields,
-			    const threading::Field* const * fields);
+	virtual bool DoInit(const WriterInfo& info, int num_fields,
+			    const threading::Field* const* fields);
 
 	virtual bool DoWrite(int num_fields, const threading::Field* const* fields,
 			     threading::Value** vals);
@@ -35,18 +35,22 @@ protected:
 	virtual bool DoHeartbeat(double network_time, double current_time);
 
 private:
-	bool AddFieldToBuffer(threading::Value* val, const threading::Field* field);
-	bool AddFieldValueToBuffer(threading::Value* val, const threading::Field* field);
+	bool AddFieldToBuffer(ODesc *b, threading::Value* val, const threading::Field* field);
+	bool AddValueToBuffer(ODesc *b, threading::Value* val);
 	bool BatchIndex();
+	bool SendMappings();
+	bool UpdateIndex(double now, double rinterval, double rbase);
 	
 	CURL* HTTPSetup();
 	bool HTTPReceive(void* ptr, int size, int nmemb, void* userdata);
-	bool HTTPSend();
+	bool HTTPSend(CURL *handle);
 	
 	// Buffers, etc.
 	ODesc buffer;
 	uint64 counter;
 	double last_send;
+	string current_index;
+	string prev_index;
 	
 	CURL* curl_handle;
 	
@@ -54,6 +58,14 @@ private:
 	char* cluster_name;
 	int cluster_name_len;
 	
+	string es_server;
+	string bulk_url;
+	
+	struct curl_slist *http_headers;
+	
+	string path;
+	string index_prefix;
+	
 	uint64 batch_size;
 };
 

From 9b70ee8799ec9b52528eb750abfd34bed2278422 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Mon, 9 Jul 2012 16:50:42 -0400
Subject: [PATCH 28/60] Tiny updates.

---
 doc/logging-elasticsearch.rst        | 3 +--
 src/logging/writers/ElasticSearch.cc | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst
index 26b49f3a0b..b6d22cf5fa 100644
--- a/doc/logging-elasticsearch.rst
+++ b/doc/logging-elasticsearch.rst
@@ -78,7 +78,7 @@ Bro's ElasticSearch writer comes with a few configuration options::
 
 - server_port:  What port to send the data to. Default 9200.
 
-- index_name:   ElasticSearch indexes are like databases in a standard DB model. 
+- index_prefix:   ElasticSearch indexes are like databases in a standard DB model. 
   This is the name of the index to which to send the data. Default bro.
 
 - type_prefix:  ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none.
@@ -92,5 +92,4 @@ Lots.
 
 - Perform multicast discovery for server.
 - Better error detection.
-- Dynamic index names.
 - Better defaults (don't index loaded-plugins, for instance).
diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index 6d2f8363cc..4461508083 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -266,7 +266,7 @@ bool ElasticSearch::UpdateIndex(double now, double rinterval, double rbase)
 		current_index = index_prefix + "-" + buf;
 		}
 	
-		//printf("%s - prev:%s current:%s\n", Info().path.c_str(), prev_index.c_str(), current_index.c_str());
+	//printf("%s - prev:%s current:%s\n", Info().path.c_str(), prev_index.c_str(), current_index.c_str());
 	return true;
 	}
 	

From 6e5382da548a4d8ffbd73089a3a502778d477176 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Tue, 10 Jul 2012 23:49:31 -0400
Subject: [PATCH 29/60] Re-adding the needed call to FinishedRotation in the ES
 writer plugin.

---
 src/logging/writers/ElasticSearch.cc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index 4461508083..1b8dfa495d 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -296,10 +296,10 @@ bool ElasticSearch::DoRotate(string rotated_path, double open, double close, boo
 		//HTTPSend(curl_handle);
 		}
 	
-	//if ( ! FinishedRotation(current_index, prev_index, open, close, terminating) )
-	//	{
-	//	Error(Fmt("error rotating %s to %s", prev_index.c_str(), current_index.c_str()));
-	//	}
+	if ( ! FinishedRotation(current_index, prev_index, open, close, terminating) )
+		{
+		Error(Fmt("error rotating %s to %s", prev_index.c_str(), current_index.c_str()));
+		}
 	
 	return true;
 	}

From ce05600a717e31f36170d6c47dabd91bd914cd2d Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Fri, 13 Jul 2012 22:24:34 -0400
Subject: [PATCH 30/60] Mozilla's current certificate bundle.

---
 scripts/base/protocols/ssl/mozilla-ca-list.bro | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/scripts/base/protocols/ssl/mozilla-ca-list.bro b/scripts/base/protocols/ssl/mozilla-ca-list.bro
index 4c4dccb755..ad8e445912 100644
--- a/scripts/base/protocols/ssl/mozilla-ca-list.bro
+++ b/scripts/base/protocols/ssl/mozilla-ca-list.bro
@@ -1,5 +1,5 @@
 # Don't edit!  This file is automatically generated.
-# Generated at: 2011-10-25 11:03:20 -0500
+# Generated at: Fri Jul 13 22:22:40 -0400 2012
 @load base/protocols/ssl
 module SSL;
 redef root_certs += {
@@ -11,7 +11,6 @@ redef root_certs += {
 	["OU=DSTCA E2,O=Digital Signature Trust Co.,C=US"] = "\x30\x82\x03\x29\x30\x82\x02\x92\xA0\x03\x02\x01\x02\x02\x04\x36\x6E\xD3\xCE\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x46\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6F\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x0B\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x30\x1E\x17\x0D\x39\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5A\x17\x0D\x31\x38\x31\x32\x30\x39\x31\x39\x34\x37\x32\x36\x5A\x30\x46\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6F\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x0B\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x30\x81\x9D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8B\x00\x30\x81\x87\x02\x81\x81\x00\xBF\x93\x8F\x17\x92\xEF\x33\x13\x18\xEB\x10\x7F\x4E\x16\xBF\xFF\x06\x8F\x2A\x85\xBC\x5E\xF9\x24\xA6\x24\x88\xB6\x03\xB7\xC1\xC3\x5F\x03\x5B\xD1\x6F\xAE\x7E\x42\xEA\x66\x23\xB8\x63\x83\x56\xFB\x28\x2D\xE1\x38\x8B\xB4\xEE\xA8\x01\xE1\xCE\x1C\xB6\x88\x2A\x22\x46\x85\xFB\x9F\xA7\x70\xA9\x47\x14\x3F\xCE\xDE\x65\xF0\xA8\x71\xF7\x4F\x26\x6C\x8C\xBC\xC6\xB5\xEF\xDE\x49\x27\xFF\x48\x2A\x7D\xE8\x4D\x03\xCC\xC7\xB2\x52\xC6\x17\x31\x13\x3B\xB5\x4D\xDB\xC8\xC4\xF6\xC3\x0F\x24\x2A\xDA\x0C\x9D\xE7\x91\x5B\x80\xCD\x94\x9D\x02\x01\x03\xA3\x82\x01\x24\x30\x82\x01\x20\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x68\x06\x03\x55\x1D\x1F\x04\x61\x30\x5F\x30\x5D\xA0\x5B\xA0\x59\xA4\x57\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6F\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x0B\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x2B\x06\x03\x55\x1D\x10\x04\x24\x30\x22\x80\x0F\x31\x39\x39\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5A\x81\x0F\x32\x30\x31\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x1E\x82\x4D\x28\x65\x80\x3C\xC9\x41\x6E\xAC\x35\x2E\x5A\xCB\xDE\xEE\xF8\x39\x5B\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x1E\x82\x4D\x28\x65\x80\x3C\xC9\x41\x6E\xAC\x35\x2E\x5A\xCB\xDE\xEE\xF8\x39\x5B\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x19\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x0C\x30\x0A\x1B\x04\x56\x34\x2E\x30\x03\x02\x04\x90\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x47\x8D\x83\xAD\x62\xF2\xDB\xB0\x9E\x45\x22\x05\xB9\xA2\xD6\x03\x0E\x38\x72\xE7\x9E\xFC\x7B\xE6\x93\xB6\x9A\xA5\xA2\x94\xC8\x34\x1D\x91\xD1\xC5\xD7\xF4\x0A\x25\x0F\x3D\x78\x81\x9E\x0F\xB1\x67\xC4\x90\x4C\x63\xDD\x5E\xA7\xE2\xBA\x9F\xF5\xF7\x4D\xA5\x31\x7B\x9C\x29\x2D\x4C\xFE\x64\x3E\xEC\xB6\x53\xFE\xEA\x9B\xED\x82\xDB\x74\x75\x4B\x07\x79\x6E\x1E\xD8\x19\x83\x73\xDE\xF5\x3E\xD0\xB5\xDE\xE7\x4B\x68\x7D\x43\x2E\x2A\x20\xE1\x7E\xA0\x78\x44\x9E\x08\xF5\x98\xF9\xC7\x7F\x1B\x1B\xD6\x06\x20\x02\x58\xA1\xC3\xA2\x03",
 	["OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x02\x3C\x30\x82\x01\xA5\x02\x10\x70\xBA\xE4\x1D\x10\xD9\x29\x34\xB6\x38\xCA\x7B\x03\xCC\xBA\xBF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x36\x30\x31\x32\x39\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xC9\x5C\x59\x9E\xF2\x1B\x8A\x01\x14\xB4\x10\xDF\x04\x40\xDB\xE3\x57\xAF\x6A\x45\x40\x8F\x84\x0C\x0B\xD1\x33\xD9\xD9\x11\xCF\xEE\x02\x58\x1F\x25\xF7\x2A\xA8\x44\x05\xAA\xEC\x03\x1F\x78\x7F\x9E\x93\xB9\x9A\x00\xAA\x23\x7D\xD6\xAC\x85\xA2\x63\x45\xC7\x72\x27\xCC\xF4\x4C\xC6\x75\x71\xD2\x39\xEF\x4F\x42\xF0\x75\xDF\x0A\x90\xC6\x8E\x20\x6F\x98\x0F\xF8\xAC\x23\x5F\x70\x29\x36\xA4\xC9\x86\xE7\xB1\x9A\x20\xCB\x53\xA5\x85\xE7\x3D\xBE\x7D\x9A\xFE\x24\x45\x33\xDC\x76\x15\xED\x0F\xA2\x71\x64\x4C\x65\x2E\x81\x68\x45\xA7\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x03\x81\x81\x00\xBB\x4C\x12\x2B\xCF\x2C\x26\x00\x4F\x14\x13\xDD\xA6\xFB\xFC\x0A\x11\x84\x8C\xF3\x28\x1C\x67\x92\x2F\x7C\xB6\xC5\xFA\xDF\xF0\xE8\x95\xBC\x1D\x8F\x6C\x2C\xA8\x51\xCC\x73\xD8\xA4\xC0\x53\xF0\x4E\xD6\x26\xC0\x76\x01\x57\x81\x92\x5E\x21\xF1\xD1\xB1\xFF\xE7\xD0\x21\x58\xCD\x69\x17\xE3\x44\x1C\x9C\x19\x44\x39\x89\x5C\xDC\x9C\x00\x0F\x56\x8D\x02\x99\xED\xA2\x90\x45\x4C\xE4\xBB\x10\xA4\x3D\xF0\x32\x03\x0E\xF1\xCE\xF8\xE8\xC9\x51\x8C\xE6\x62\x9F\xE6\x9F\xC0\x7D\xB7\x72\x9C\xC9\x36\x3A\x6B\x9F\x4E\xA8\xFF\x64\x0D\x64",
 	["OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x03\x02\x30\x82\x02\x6B\x02\x10\x7D\xD9\xFE\x07\xCF\xA8\x1E\xB7\x10\x79\x67\xFB\xA7\x89\x34\xC6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xC1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x0B\x13\x33\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x30\x1E\x17\x0D\x39\x38\x30\x35\x31\x38\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xC1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x0B\x13\x33\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xCC\x5E\xD1\x11\x5D\x5C\x69\xD0\xAB\xD3\xB9\x6A\x4C\x99\x1F\x59\x98\x30\x8E\x16\x85\x20\x46\x6D\x47\x3F\xD4\x85\x20\x84\xE1\x6D\xB3\xF8\xA4\xED\x0C\xF1\x17\x0F\x3B\xF9\xA7\xF9\x25\xD7\xC1\xCF\x84\x63\xF2\x7C\x63\xCF\xA2\x47\xF2\xC6\x5B\x33\x8E\x64\x40\x04\x68\xC1\x80\xB9\x64\x1C\x45\x77\xC7\xD8\x6E\xF5\x95\x29\x3C\x50\xE8\x34\xD7\x78\x1F\xA8\xBA\x6D\x43\x91\x95\x8F\x45\x57\x5E\x7E\xC5\xFB\xCA\xA4\x04\xEB\xEA\x97\x37\x54\x30\x6F\xBB\x01\x47\x32\x33\xCD\xDC\x57\x9B\x64\x69\x61\xF8\x9B\x1D\x1C\x89\x4F\x5C\x67\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x51\x4D\xCD\xBE\x5C\xCB\x98\x19\x9C\x15\xB2\x01\x39\x78\x2E\x4D\x0F\x67\x70\x70\x99\xC6\x10\x5A\x94\xA4\x53\x4D\x54\x6D\x2B\xAF\x0D\x5D\x40\x8B\x64\xD3\xD7\xEE\xDE\x56\x61\x92\x5F\xA6\xC4\x1D\x10\x61\x36\xD3\x2C\x27\x3C\xE8\x29\x09\xB9\x11\x64\x74\xCC\xB5\x73\x9F\x1C\x48\xA9\xBC\x61\x01\xEE\xE2\x17\xA6\x0C\xE3\x40\x08\x3B\x0E\xE7\xEB\x44\x73\x2A\x9A\xF1\x69\x92\xEF\x71\x14\xC3\x39\xAC\x71\xA7\x91\x09\x6F\xE4\x71\x06\xB3\xBA\x59\x57\x26\x79\x00\xF6\xF8\x0D\xA2\x33\x30\x28\xD4\xAA\x58\xA0\x9D\x9D\x69\x91\xFD",
-	["OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 4 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x03\x02\x30\x82\x02\x6B\x02\x10\x32\x88\x8E\x9A\xD2\xF5\xEB\x13\x47\xF8\x7F\xC4\x20\x37\x25\xF8\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xC1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x0B\x13\x33\x43\x6C\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x30\x1E\x17\x0D\x39\x38\x30\x35\x31\x38\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xC1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x0B\x13\x33\x43\x6C\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xBA\xF0\xE4\xCF\xF9\xC4\xAE\x85\x54\xB9\x07\x57\xF9\x8F\xC5\x7F\x68\x11\xF8\xC4\x17\xB0\x44\xDC\xE3\x30\x73\xD5\x2A\x62\x2A\xB8\xD0\xCC\x1C\xED\x28\x5B\x7E\xBD\x6A\xDC\xB3\x91\x24\xCA\x41\x62\x3C\xFC\x02\x01\xBF\x1C\x16\x31\x94\x05\x97\x76\x6E\xA2\xAD\xBD\x61\x17\x6C\x4E\x30\x86\xF0\x51\x37\x2A\x50\xC7\xA8\x62\x81\xDC\x5B\x4A\xAA\xC1\xA0\xB4\x6E\xEB\x2F\xE5\x57\xC5\xB1\x2B\x40\x70\xDB\x5A\x4D\xA1\x8E\x1F\xBD\x03\x1F\xD8\x03\xD4\x8F\x4C\x99\x71\xBC\xE2\x82\xCC\x58\xE8\x98\x3A\x86\xD3\x86\x38\xF3\x00\x29\x1F\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x85\x8C\x12\xC1\xA7\xB9\x50\x15\x7A\xCB\x3E\xAC\xB8\x43\x8A\xDC\xAA\xDD\x14\xBA\x89\x81\x7E\x01\x3C\x23\x71\x21\x88\x2F\x82\xDC\x63\xFA\x02\x45\xAC\x45\x59\xD7\x2A\x58\x44\x5B\xB7\x9F\x81\x3B\x92\x68\x3D\xE2\x37\x24\xF5\x7B\x6C\x8F\x76\x35\x96\x09\xA8\x59\x9D\xB9\xCE\x23\xAB\x74\xD6\x83\xFD\x32\x73\x27\xD8\x69\x3E\x43\x74\xF6\xAE\xC5\x89\x9A\xE7\x53\x7C\xE9\x7B\xF6\x4B\xF3\xC1\x65\x83\xDE\x8D\x8A\x9C\x3C\x88\x8D\x39\x59\xFC\xAA\x3F\x22\x8D\xA1\xC1\x66\x50\x81\x72\x4C\xED\x22\x64\x4F\x4F\xCA\x80\x91\xB6\x29",
 	["CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE"] = "\x30\x82\x03\x75\x30\x82\x02\x5D\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x15\x4B\x5A\xC3\x94\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x39\x38\x30\x39\x30\x31\x31\x32\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x31\x32\x38\x31\x32\x30\x30\x30\x30\x5A\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDA\x0E\xE6\x99\x8D\xCE\xA3\xE3\x4F\x8A\x7E\xFB\xF1\x8B\x83\x25\x6B\xEA\x48\x1F\xF1\x2A\xB0\xB9\x95\x11\x04\xBD\xF0\x63\xD1\xE2\x67\x66\xCF\x1C\xDD\xCF\x1B\x48\x2B\xEE\x8D\x89\x8E\x9A\xAF\x29\x80\x65\xAB\xE9\xC7\x2D\x12\xCB\xAB\x1C\x4C\x70\x07\xA1\x3D\x0A\x30\xCD\x15\x8D\x4F\xF8\xDD\xD4\x8C\x50\x15\x1C\xEF\x50\xEE\xC4\x2E\xF7\xFC\xE9\x52\xF2\x91\x7D\xE0\x6D\xD5\x35\x30\x8E\x5E\x43\x73\xF2\x41\xE9\xD5\x6A\xE3\xB2\x89\x3A\x56\x39\x38\x6F\x06\x3C\x88\x69\x5B\x2A\x4D\xC5\xA7\x54\xB8\x6C\x89\xCC\x9B\xF9\x3C\xCA\xE5\xFD\x89\xF5\x12\x3C\x92\x78\x96\xD6\xDC\x74\x6E\x93\x44\x61\xD1\x8D\xC7\x46\xB2\x75\x0E\x86\xE8\x19\x8A\xD5\x6D\x6C\xD5\x78\x16\x95\xA2\xE9\xC8\x0A\x38\xEB\xF2\x24\x13\x4F\x73\x54\x93\x13\x85\x3A\x1B\xBC\x1E\x34\xB5\x8B\x05\x8C\xB9\x77\x8B\xB1\xDB\x1F\x20\x91\xAB\x09\x53\x6E\x90\xCE\x7B\x37\x74\xB9\x70\x47\x91\x22\x51\x63\x16\x79\xAE\xB1\xAE\x41\x26\x08\xC8\x19\x2B\xD1\x46\xAA\x48\xD6\x64\x2A\xD7\x83\x34\xFF\x2C\x2A\xC1\x6C\x19\x43\x4A\x07\x85\xE7\xD3\x7C\xF6\x21\x68\xEF\xEA\xF2\x52\x9F\x7F\x93\x90\xCF\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x60\x7B\x66\x1A\x45\x0D\x97\xCA\x89\x50\x2F\x7D\x04\xCD\x34\xA8\xFF\xFC\xFD\x4B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xD6\x73\xE7\x7C\x4F\x76\xD0\x8D\xBF\xEC\xBA\xA2\xBE\x34\xC5\x28\x32\xB5\x7C\xFC\x6C\x9C\x2C\x2B\xBD\x09\x9E\x53\xBF\x6B\x5E\xAA\x11\x48\xB6\xE5\x08\xA3\xB3\xCA\x3D\x61\x4D\xD3\x46\x09\xB3\x3E\xC3\xA0\xE3\x63\x55\x1B\xF2\xBA\xEF\xAD\x39\xE1\x43\xB9\x38\xA3\xE6\x2F\x8A\x26\x3B\xEF\xA0\x50\x56\xF9\xC6\x0A\xFD\x38\xCD\xC4\x0B\x70\x51\x94\x97\x98\x04\xDF\xC3\x5F\x94\xD5\x15\xC9\x14\x41\x9C\xC4\x5D\x75\x64\x15\x0D\xFF\x55\x30\xEC\x86\x8F\xFF\x0D\xEF\x2C\xB9\x63\x46\xF6\xAA\xFC\xDF\xBC\x69\xFD\x2E\x12\x48\x64\x9A\xE0\x95\xF0\xA6\xEF\x29\x8F\x01\xB1\x15\xB5\x0C\x1D\xA5\xFE\x69\x2C\x69\x24\x78\x1E\xB3\xA7\x1C\x71\x62\xEE\xCA\xC8\x97\xAC\x17\x5D\x8A\xC2\xF8\x47\x86\x6E\x2A\xC4\x56\x31\x95\xD0\x67\x89\x85\x2B\xF9\x6C\xA6\x5D\x46\x9D\x0C\xAA\x82\xE4\x99\x51\xDD\x70\xB7\xDB\x56\x3D\x61\xE4\x6A\xE1\x5C\xD6\xF6\xFE\x3D\xDE\x41\xCC\x07\xAE\x63\x52\xBF\x53\x53\xF4\x2B\xE9\xC7\xFD\xB6\xF7\x82\x5F\x85\xD2\x41\x18\xDB\x81\xB3\x04\x1C\xC5\x1F\xA4\x80\x6F\x15\x20\xC9\xDE\x0C\x88\x0A\x1D\xD6\x66\x55\xE2\xFC\x48\xC9\x29\x26\x69\xE0",
 	["CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2"] = "\x30\x82\x03\xBA\x30\x82\x02\xA2\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x0F\x86\x26\xE6\x0D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x32\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x1E\x17\x0D\x30\x36\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5A\x17\x0D\x32\x31\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5A\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x32\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA6\xCF\x24\x0E\xBE\x2E\x6F\x28\x99\x45\x42\xC4\xAB\x3E\x21\x54\x9B\x0B\xD3\x7F\x84\x70\xFA\x12\xB3\xCB\xBF\x87\x5F\xC6\x7F\x86\xD3\xB2\x30\x5C\xD6\xFD\xAD\xF1\x7B\xDC\xE5\xF8\x60\x96\x09\x92\x10\xF5\xD0\x53\xDE\xFB\x7B\x7E\x73\x88\xAC\x52\x88\x7B\x4A\xA6\xCA\x49\xA6\x5E\xA8\xA7\x8C\x5A\x11\xBC\x7A\x82\xEB\xBE\x8C\xE9\xB3\xAC\x96\x25\x07\x97\x4A\x99\x2A\x07\x2F\xB4\x1E\x77\xBF\x8A\x0F\xB5\x02\x7C\x1B\x96\xB8\xC5\xB9\x3A\x2C\xBC\xD6\x12\xB9\xEB\x59\x7D\xE2\xD0\x06\x86\x5F\x5E\x49\x6A\xB5\x39\x5E\x88\x34\xEC\xBC\x78\x0C\x08\x98\x84\x6C\xA8\xCD\x4B\xB4\xA0\x7D\x0C\x79\x4D\xF0\xB8\x2D\xCB\x21\xCA\xD5\x6C\x5B\x7D\xE1\xA0\x29\x84\xA1\xF9\xD3\x94\x49\xCB\x24\x62\x91\x20\xBC\xDD\x0B\xD5\xD9\xCC\xF9\xEA\x27\x0A\x2B\x73\x91\xC6\x9D\x1B\xAC\xC8\xCB\xE8\xE0\xA0\xF4\x2F\x90\x8B\x4D\xFB\xB0\x36\x1B\xF6\x19\x7A\x85\xE0\x6D\xF2\x61\x13\x88\x5C\x9F\xE0\x93\x0A\x51\x97\x8A\x5A\xCE\xAF\xAB\xD5\xF7\xAA\x09\xAA\x60\xBD\xDC\xD9\x5F\xDF\x72\xA9\x60\x13\x5E\x00\x01\xC9\x4A\xFA\x3F\xA4\xEA\x07\x03\x21\x02\x8E\x82\xCA\x03\xC2\x9B\x8F\x02\x03\x01\x00\x01\xA3\x81\x9C\x30\x81\x99\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x9B\xE2\x07\x57\x67\x1C\x1E\xC0\x6A\x06\xDE\x59\xB4\x9A\x2D\xDF\xDC\x19\x86\x2E\x30\x36\x06\x03\x55\x1D\x1F\x04\x2F\x30\x2D\x30\x2B\xA0\x29\xA0\x27\x86\x25\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x67\x6C\x6F\x62\x61\x6C\x73\x69\x67\x6E\x2E\x6E\x65\x74\x2F\x72\x6F\x6F\x74\x2D\x72\x32\x2E\x63\x72\x6C\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x9B\xE2\x07\x57\x67\x1C\x1E\xC0\x6A\x06\xDE\x59\xB4\x9A\x2D\xDF\xDC\x19\x86\x2E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x99\x81\x53\x87\x1C\x68\x97\x86\x91\xEC\xE0\x4A\xB8\x44\x0B\xAB\x81\xAC\x27\x4F\xD6\xC1\xB8\x1C\x43\x78\xB3\x0C\x9A\xFC\xEA\x2C\x3C\x6E\x61\x1B\x4D\x4B\x29\xF5\x9F\x05\x1D\x26\xC1\xB8\xE9\x83\x00\x62\x45\xB6\xA9\x08\x93\xB9\xA9\x33\x4B\x18\x9A\xC2\xF8\x87\x88\x4E\xDB\xDD\x71\x34\x1A\xC1\x54\xDA\x46\x3F\xE0\xD3\x2A\xAB\x6D\x54\x22\xF5\x3A\x62\xCD\x20\x6F\xBA\x29\x89\xD7\xDD\x91\xEE\xD3\x5C\xA2\x3E\xA1\x5B\x41\xF5\xDF\xE5\x64\x43\x2D\xE9\xD5\x39\xAB\xD2\xA2\xDF\xB7\x8B\xD0\xC0\x80\x19\x1C\x45\xC0\x2D\x8C\xE8\xF8\x2D\xA4\x74\x56\x49\xC5\x05\xB5\x4F\x15\xDE\x6E\x44\x78\x39\x87\xA8\x7E\xBB\xF3\x79\x18\x91\xBB\xF4\x6F\x9D\xC1\xF0\x8C\x35\x8C\x5D\x01\xFB\xC3\x6D\xB9\xEF\x44\x6D\x79\x46\x31\x7E\x0A\xFE\xA9\x82\xC1\xFF\xEF\xAB\x6E\x20\xC4\x50\xC9\x5F\x9D\x4D\x9B\x17\x8C\x0C\xE5\x01\xC9\xA0\x41\x6A\x73\x53\xFA\xA5\x50\xB4\x6E\x25\x0F\xFB\x4C\x18\xF4\xFD\x52\xD9\x8E\x69\xB1\xE8\x11\x0F\xDE\x88\xD8\xFB\x1D\x49\xF7\xAA\xDE\x95\xCF\x20\x78\xC2\x60\x12\xDB\x25\x40\x8C\x6A\xFC\x7E\x42\x38\x40\x64\x12\xF7\x9E\x81\xE1\x93\x2E",
 	["emailAddress=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 1 Policy Validation Authority,O=ValiCert\, Inc.,L=ValiCert Validation Network"] = "\x30\x82\x02\xE7\x30\x82\x02\x50\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xBB\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1B\x56\x61\x6C\x69\x43\x65\x72\x74\x20\x56\x61\x6C\x69\x64\x61\x74\x69\x6F\x6E\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x61\x6C\x69\x43\x65\x72\x74\x2C\x20\x49\x6E\x63\x2E\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x56\x61\x6C\x69\x43\x65\x72\x74\x20\x43\x6C\x61\x73\x73\x20\x31\x20\x50\x6F\x6C\x69\x63\x79\x20\x56\x61\x6C\x69\x64\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x76\x61\x6C\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x2F\x31\x20\x30\x1E\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x11\x69\x6E\x66\x6F\x40\x76\x61\x6C\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x30\x1E\x17\x0D\x39\x39\x30\x36\x32\x35\x32\x32\x32\x33\x34\x38\x5A\x17\x0D\x31\x39\x30\x36\x32\x35\x32\x32\x32\x33\x34\x38\x5A\x30\x81\xBB\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1B\x56\x61\x6C\x69\x43\x65\x72\x74\x20\x56\x61\x6C\x69\x64\x61\x74\x69\x6F\x6E\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x61\x6C\x69\x43\x65\x72\x74\x2C\x20\x49\x6E\x63\x2E\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x56\x61\x6C\x69\x43\x65\x72\x74\x20\x43\x6C\x61\x73\x73\x20\x31\x20\x50\x6F\x6C\x69\x63\x79\x20\x56\x61\x6C\x69\x64\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x76\x61\x6C\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x2F\x31\x20\x30\x1E\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x11\x69\x6E\x66\x6F\x40\x76\x61\x6C\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xD8\x59\x82\x7A\x89\xB8\x96\xBA\xA6\x2F\x68\x6F\x58\x2E\xA7\x54\x1C\x06\x6E\xF4\xEA\x8D\x48\xBC\x31\x94\x17\xF0\xF3\x4E\xBC\xB2\xB8\x35\x92\x76\xB0\xD0\xA5\xA5\x01\xD7\x00\x03\x12\x22\x19\x08\xF8\xFF\x11\x23\x9B\xCE\x07\xF5\xBF\x69\x1A\x26\xFE\x4E\xE9\xD1\x7F\x9D\x2C\x40\x1D\x59\x68\x6E\xA6\xF8\x58\xB0\x9D\x1A\x8F\xD3\x3F\xF1\xDC\x19\x06\x81\xA8\x0E\xE0\x3A\xDD\xC8\x53\x45\x09\x06\xE6\x0F\x70\xC3\xFA\x40\xA6\x0E\xE2\x56\x05\x0F\x18\x4D\xFC\x20\x82\xD1\x73\x55\x74\x8D\x76\x72\xA0\x1D\x9D\x1D\xC0\xDD\x3F\x71\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x50\x68\x3D\x49\xF4\x2C\x1C\x06\x94\xDF\x95\x60\x7F\x96\x7B\x17\xFE\x4F\x71\xAD\x64\xC8\xDD\x77\xD2\xEF\x59\x55\xE8\x3F\xE8\x8E\x05\x2A\x21\xF2\x07\xD2\xB5\xA7\x52\xFE\x9C\xB1\xB6\xE2\x5B\x77\x17\x40\xEA\x72\xD6\x23\xCB\x28\x81\x32\xC3\x00\x79\x18\xEC\x59\x17\x89\xC9\xC6\x6A\x1E\x71\xC9\xFD\xB7\x74\xA5\x25\x45\x69\xC5\x48\xAB\x19\xE1\x45\x8A\x25\x6B\x19\xEE\xE5\xBB\x12\xF5\x7F\xF7\xA6\x8D\x51\xC3\xF0\x9D\x74\xB7\xA9\x3E\xA0\xA5\xFF\xB6\x49\x03\x13\xDA\x22\xCC\xED\x71\x82\x2B\x99\xCF\x3A\xB7\xF5\x2D\x72\xC8",
@@ -38,8 +37,6 @@ redef root_certs += {
 	["CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US"] = "\x30\x82\x03\xA4\x30\x82\x02\x8C\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x31\x30\x1E\x17\x0D\x30\x32\x30\x35\x32\x38\x30\x36\x30\x30\x30\x30\x5A\x17\x0D\x33\x37\x31\x31\x31\x39\x32\x30\x34\x33\x30\x30\x5A\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA8\x2F\xE8\xA4\x69\x06\x03\x47\xC3\xE9\x2A\x98\xFF\x19\xA2\x70\x9A\xC6\x50\xB2\x7E\xA5\xDF\x68\x4D\x1B\x7C\x0F\xB6\x97\x68\x7D\x2D\xA6\x8B\x97\xE9\x64\x86\xC9\xA3\xEF\xA0\x86\xBF\x60\x65\x9C\x4B\x54\x88\xC2\x48\xC5\x4A\x39\xBF\x14\xE3\x59\x55\xE5\x19\xB4\x74\xC8\xB4\x05\x39\x5C\x16\xA5\xE2\x95\x05\xE0\x12\xAE\x59\x8B\xA2\x33\x68\x58\x1C\xA6\xD4\x15\xB7\xD8\x9F\xD7\xDC\x71\xAB\x7E\x9A\xBF\x9B\x8E\x33\x0F\x22\xFD\x1F\x2E\xE7\x07\x36\xEF\x62\x39\xC5\xDD\xCB\xBA\x25\x14\x23\xDE\x0C\xC6\x3D\x3C\xCE\x82\x08\xE6\x66\x3E\xDA\x51\x3B\x16\x3A\xA3\x05\x7F\xA0\xDC\x87\xD5\x9C\xFC\x72\xA9\xA0\x7D\x78\xE4\xB7\x31\x55\x1E\x65\xBB\xD4\x61\xB0\x21\x60\xED\x10\x32\x72\xC5\x92\x25\x1E\xF8\x90\x4A\x18\x78\x47\xDF\x7E\x30\x37\x3E\x50\x1B\xDB\x1C\xD3\x6B\x9A\x86\x53\x07\xB0\xEF\xAC\x06\x78\xF8\x84\x99\xFE\x21\x8D\x4C\x80\xB6\x0C\x82\xF6\x66\x70\x79\x1A\xD3\x4F\xA3\xCF\xF1\xCF\x46\xB0\x4B\x0F\x3E\xDD\x88\x62\xB8\x8C\xA9\x09\x28\x3B\x7A\xC7\x97\xE1\x1E\xE5\xF4\x9F\xC0\xC0\xAE\x24\xA0\xC8\xA1\xD9\x0F\xD6\x7B\x26\x82\x69\x32\x3D\xA7\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x00\xAD\xD9\xA3\xF6\x79\xF6\x6E\x74\xA9\x7F\x33\x3D\x81\x17\xD7\x4C\xCF\x33\xDE\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x00\xAD\xD9\xA3\xF6\x79\xF6\x6E\x74\xA9\x7F\x33\x3D\x81\x17\xD7\x4C\xCF\x33\xDE\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7C\x8A\xD1\x1F\x18\x37\x82\xE0\xB8\xB0\xA3\xED\x56\x95\xC8\x62\x61\x9C\x05\xA2\xCD\xC2\x62\x26\x61\xCD\x10\x16\xD7\xCC\xB4\x65\x34\xD0\x11\x8A\xAD\xA8\xA9\x05\x66\xEF\x74\xF3\x6D\x5F\x9D\x99\xAF\xF6\x8B\xFB\xEB\x52\xB2\x05\x98\xA2\x6F\x2A\xC5\x54\xBD\x25\xBD\x5F\xAE\xC8\x86\xEA\x46\x2C\xC1\xB3\xBD\xC1\xE9\x49\x70\x18\x16\x97\x08\x13\x8C\x20\xE0\x1B\x2E\x3A\x47\xCB\x1E\xE4\x00\x30\x95\x5B\xF4\x45\xA3\xC0\x1A\xB0\x01\x4E\xAB\xBD\xC0\x23\x6E\x63\x3F\x80\x4A\xC5\x07\xED\xDC\xE2\x6F\xC7\xC1\x62\xF1\xE3\x72\xD6\x04\xC8\x74\x67\x0B\xFA\x88\xAB\xA1\x01\xC8\x6F\xF0\x14\xAF\xD2\x99\xCD\x51\x93\x7E\xED\x2E\x38\xC7\xBD\xCE\x46\x50\x3D\x72\xE3\x79\x25\x9D\x9B\x88\x2B\x10\x20\xDD\xA5\xB8\x32\x9F\x8D\xE0\x29\xDF\x21\x74\x86\x82\xDB\x2F\x82\x30\xC6\xC7\x35\x86\xB3\xF9\x96\x5F\x46\xDB\x0C\x45\xFD\xF3\x50\xC3\x6F\xC6\xC3\x48\xAD\x46\xA6\xE1\x27\x47\x0A\x1D\x0E\x9B\xB6\xC2\x77\x7F\x63\xF2\xE0\x7D\x1A\xBE\xFC\xE0\xDF\xD7\xC7\xA7\x6C\xB0\xF9\xAE\xBA\x3C\xFD\x74\xB4\x11\xE8\x58\x0D\x80\xBC\xD3\xA8\x80\x3A\x99\xED\x75\xCC\x46\x7B",
 	["CN=America Online Root Certification Authority 2,O=America Online Inc.,C=US"] = "\x30\x82\x05\xA4\x30\x82\x03\x8C\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x32\x30\x1E\x17\x0D\x30\x32\x30\x35\x32\x38\x30\x36\x30\x30\x30\x30\x5A\x17\x0D\x33\x37\x30\x39\x32\x39\x31\x34\x30\x38\x30\x30\x5A\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xCC\x41\x45\x1D\xE9\x3D\x4D\x10\xF6\x8C\xB1\x41\xC9\xE0\x5E\xCB\x0D\xB7\xBF\x47\x73\xD3\xF0\x55\x4D\xDD\xC6\x0C\xFA\xB1\x66\x05\x6A\xCD\x78\xB4\xDC\x02\xDB\x4E\x81\xF3\xD7\xA7\x7C\x71\xBC\x75\x63\xA0\x5D\xE3\x07\x0C\x48\xEC\x25\xC4\x03\x20\xF4\xFF\x0E\x3B\x12\xFF\x9B\x8D\xE1\xC6\xD5\x1B\xB4\x6D\x22\xE3\xB1\xDB\x7F\x21\x64\xAF\x86\xBC\x57\x22\x2A\xD6\x47\x81\x57\x44\x82\x56\x53\xBD\x86\x14\x01\x0B\xFC\x7F\x74\xA4\x5A\xAE\xF1\xBA\x11\xB5\x9B\x58\x5A\x80\xB4\x37\x78\x09\x33\x7C\x32\x47\x03\x5C\xC4\xA5\x83\x48\xF4\x57\x56\x6E\x81\x36\x27\x18\x4F\xEC\x9B\x28\xC2\xD4\xB4\xD7\x7C\x0C\x3E\x0C\x2B\xDF\xCA\x04\xD7\xC6\x8E\xEA\x58\x4E\xA8\xA4\xA5\x18\x1C\x6C\x45\x98\xA3\x41\xD1\x2D\xD2\xC7\x6D\x8D\x19\xF1\xAD\x79\xB7\x81\x3F\xBD\x06\x82\x27\x2D\x10\x58\x05\xB5\x78\x05\xB9\x2F\xDB\x0C\x6B\x90\x90\x7E\x14\x59\x38\xBB\x94\x24\x13\xE5\xD1\x9D\x14\xDF\xD3\x82\x4D\x46\xF0\x80\x39\x52\x32\x0F\xE3\x84\xB2\x7A\x43\xF2\x5E\xDE\x5F\x3F\x1D\xDD\xE3\xB2\x1B\xA0\xA1\x2A\x23\x03\x6E\x2E\x01\x15\x87\x5C\xA6\x75\x75\xC7\x97\x61\xBE\xDE\x86\xDC\xD4\x48\xDB\xBD\x2A\xBF\x4A\x55\xDA\xE8\x7D\x50\xFB\xB4\x80\x17\xB8\x94\xBF\x01\x3D\xEA\xDA\xBA\x7C\xE0\x58\x67\x17\xB9\x58\xE0\x88\x86\x46\x67\x6C\x9D\x10\x47\x58\x32\xD0\x35\x7C\x79\x2A\x90\xA2\x5A\x10\x11\x23\x35\xAD\x2F\xCC\xE4\x4A\x5B\xA7\xC8\x27\xF2\x83\xDE\x5E\xBB\x5E\x77\xE7\xE8\xA5\x6E\x63\xC2\x0D\x5D\x61\xD0\x8C\xD2\x6C\x5A\x21\x0E\xCA\x28\xA3\xCE\x2A\xE9\x95\xC7\x48\xCF\x96\x6F\x1D\x92\x25\xC8\xC6\xC6\xC1\xC1\x0C\x05\xAC\x26\xC4\xD2\x75\xD2\xE1\x2A\x67\xC0\x3D\x5B\xA5\x9A\xEB\xCF\x7B\x1A\xA8\x9D\x14\x45\xE5\x0F\xA0\x9A\x65\xDE\x2F\x28\xBD\xCE\x6F\x94\x66\x83\x48\x29\xD8\xEA\x65\x8C\xAF\x93\xD9\x64\x9F\x55\x57\x26\xBF\x6F\xCB\x37\x31\x99\xA3\x60\xBB\x1C\xAD\x89\x34\x32\x62\xB8\x43\x21\x06\x72\x0C\xA1\x5C\x6D\x46\xC5\xFA\x29\xCF\x30\xDE\x89\xDC\x71\x5B\xDD\xB6\x37\x3E\xDF\x50\xF5\xB8\x07\x25\x26\xE5\xBC\xB5\xFE\x3C\x02\xB3\xB7\xF8\xBE\x43\xC1\x87\x11\x94\x9E\x23\x6C\x17\x8A\xB8\x8A\x27\x0C\x54\x47\xF0\xA9\xB3\xC0\x80\x8C\xA0\x27\xEB\x1D\x19\xE3\x07\x8E\x77\x70\xCA\x2B\xF4\x7D\x76\xE0\x78\x67\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4D\x45\xC1\x68\x38\xBB\x73\xA9\x69\xA1\x20\xE7\xED\xF5\x22\xA1\x23\x14\xD7\x9E\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x4D\x45\xC1\x68\x38\xBB\x73\xA9\x69\xA1\x20\xE7\xED\xF5\x22\xA1\x23\x14\xD7\x9E\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x67\x6B\x06\xB9\x5F\x45\x3B\x2A\x4B\x33\xB3\xE6\x1B\x6B\x59\x4E\x22\xCC\xB9\xB7\xA4\x25\xC9\xA7\xC4\xF0\x54\x96\x0B\x64\xF3\xB1\x58\x4F\x5E\x51\xFC\xB2\x97\x7B\x27\x65\xC2\xE5\xCA\xE7\x0D\x0C\x25\x7B\x62\xE3\xFA\x9F\xB4\x87\xB7\x45\x46\xAF\x83\xA5\x97\x48\x8C\xA5\xBD\xF1\x16\x2B\x9B\x76\x2C\x7A\x35\x60\x6C\x11\x80\x97\xCC\xA9\x92\x52\xE6\x2B\xE6\x69\xED\xA9\xF8\x36\x2D\x2C\x77\xBF\x61\x48\xD1\x63\x0B\xB9\x5B\x52\xED\x18\xB0\x43\x42\x22\xA6\xB1\x77\xAE\xDE\x69\xC5\xCD\xC7\x1C\xA1\xB1\xA5\x1C\x10\xFB\x18\xBE\x1A\x70\xDD\xC1\x92\x4B\xBE\x29\x5A\x9D\x3F\x35\xBE\xE5\x7D\x51\xF8\x55\xE0\x25\x75\x23\x87\x1E\x5C\xDC\xBA\x9D\xB0\xAC\xB3\x69\xDB\x17\x83\xC9\xF7\xDE\x0C\xBC\x08\xDC\x91\x9E\xA8\xD0\xD7\x15\x37\x73\xA5\x35\xB8\xFC\x7E\xC5\x44\x40\x06\xC3\xEB\xF8\x22\x80\x5C\x47\xCE\x02\xE3\x11\x9F\x44\xFF\xFD\x9A\x32\xCC\x7D\x64\x51\x0E\xEB\x57\x26\x76\x3A\xE3\x1E\x22\x3C\xC2\xA6\x36\xDD\x19\xEF\xA7\xFC\x12\xF3\x26\xC0\x59\x31\x85\x4C\x9C\xD8\xCF\xDF\xA4\xCC\xCC\x29\x93\xFF\x94\x6D\x76\x5C\x13\x08\x97\xF2\xED\xA5\x0B\x4D\xDD\xE8\xC9\x68\x0E\x66\xD3\x00\x0E\x33\x12\x5B\xBC\x95\xE5\x32\x90\xA8\xB3\xC6\x6C\x83\xAD\x77\xEE\x8B\x7E\x7E\xB1\xA9\xAB\xD3\xE1\xF1\xB6\xC0\xB1\xEA\x88\xC0\xE7\xD3\x90\xE9\x28\x92\x94\x7B\x68\x7B\x97\x2A\x0A\x67\x2D\x85\x02\x38\x10\xE4\x03\x61\xD4\xDA\x25\x36\xC7\x08\x58\x2D\xA1\xA7\x51\xAF\x30\x0A\x49\xF5\xA6\x69\x87\x07\x2D\x44\x46\x76\x8E\x2A\xE5\x9A\x3B\xD7\x18\xA2\xFC\x9C\x38\x10\xCC\xC6\x3B\xD2\xB5\x17\x3A\x6F\xFD\xAE\x25\xBD\xF5\x72\x59\x64\xB1\x74\x2A\x38\x5F\x18\x4C\xDF\xCF\x71\x04\x5A\x36\xD4\xBF\x2F\x99\x9C\xE8\xD9\xBA\xB1\x95\xE6\x02\x4B\x21\xA1\x5B\xD5\xC1\x4F\x8F\xAE\x69\x6D\x53\xDB\x01\x93\xB5\x5C\x1E\x18\xDD\x64\x5A\xCA\x18\x28\x3E\x63\x04\x11\xFD\x1C\x8D\x00\x0F\xB8\x37\xDF\x67\x8A\x9D\x66\xA9\x02\x6A\x91\xFF\x13\xCA\x2F\x5D\x83\xBC\x87\x93\x6C\xDC\x24\x51\x16\x04\x25\x66\xFA\xB3\xD9\xC2\xBA\x29\xBE\x9A\x48\x38\x82\x99\xF4\xBF\x3B\x4A\x31\x19\xF9\xBF\x8E\x21\x33\x14\xCA\x4F\x54\x5F\xFB\xCE\xFB\x8F\x71\x7F\xFD\x5E\x19\xA0\x0F\x4B\x91\xB8\xC4\x54\xBC\x06\xB0\x45\x8F\x26\x91\xA2\x8E\xFE\xA9",
 	["CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US"] = "\x30\x82\x03\xA2\x30\x82\x02\x8A\xA0\x03\x02\x01\x02\x02\x10\x13\x86\x35\x4D\x1D\x3F\x06\xF2\xC1\xF9\x65\x05\xD5\x90\x1C\x62\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x6B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x56\x49\x53\x41\x31\x2F\x30\x2D\x06\x03\x55\x04\x0B\x13\x26\x56\x69\x73\x61\x20\x49\x6E\x74\x65\x72\x6E\x61\x74\x69\x6F\x6E\x61\x6C\x20\x53\x65\x72\x76\x69\x63\x65\x20\x41\x73\x73\x6F\x63\x69\x61\x74\x69\x6F\x6E\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x56\x69\x73\x61\x20\x65\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x32\x30\x36\x32\x36\x30\x32\x31\x38\x33\x36\x5A\x17\x0D\x32\x32\x30\x36\x32\x34\x30\x30\x31\x36\x31\x32\x5A\x30\x6B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x56\x49\x53\x41\x31\x2F\x30\x2D\x06\x03\x55\x04\x0B\x13\x26\x56\x69\x73\x61\x20\x49\x6E\x74\x65\x72\x6E\x61\x74\x69\x6F\x6E\x61\x6C\x20\x53\x65\x72\x76\x69\x63\x65\x20\x41\x73\x73\x6F\x63\x69\x61\x74\x69\x6F\x6E\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x56\x69\x73\x61\x20\x65\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAF\x57\xDE\x56\x1E\x6E\xA1\xDA\x60\xB1\x94\x27\xCB\x17\xDB\x07\x3F\x80\x85\x4F\xC8\x9C\xB6\xD0\xF4\x6F\x4F\xCF\x99\xD8\xE1\xDB\xC2\x48\x5C\x3A\xAC\x39\x33\xC7\x1F\x6A\x8B\x26\x3D\x2B\x35\xF5\x48\xB1\x91\xC1\x02\x4E\x04\x96\x91\x7B\xB0\x33\xF0\xB1\x14\x4E\x11\x6F\xB5\x40\xAF\x1B\x45\xA5\x4A\xEF\x7E\xB6\xAC\xF2\xA0\x1F\x58\x3F\x12\x46\x60\x3C\x8D\xA1\xE0\x7D\xCF\x57\x3E\x33\x1E\xFB\x47\xF1\xAA\x15\x97\x07\x55\x66\xA5\xB5\x2D\x2E\xD8\x80\x59\xB2\xA7\x0D\xB7\x46\xEC\x21\x63\xFF\x35\xAB\xA5\x02\xCF\x2A\xF4\x4C\xFE\x7B\xF5\x94\x5D\x84\x4D\xA8\xF2\x60\x8F\xDB\x0E\x25\x3C\x9F\x73\x71\xCF\x94\xDF\x4A\xEA\xDB\xDF\x72\x38\x8C\xF3\x96\xBD\xF1\x17\xBC\xD2\xBA\x3B\x45\x5A\xC6\xA7\xF6\xC6\x17\x8B\x01\x9D\xFC\x19\xA8\x2A\x83\x16\xB8\x3A\x48\xFE\x4E\x3E\xA0\xAB\x06\x19\xE9\x53\xF3\x80\x13\x07\xED\x2D\xBF\x3F\x0A\x3C\x55\x20\x39\x2C\x2C\x00\x69\x74\x95\x4A\xBC\x20\xB2\xA9\x79\xE5\x18\x89\x91\xA8\xDC\x1C\x4D\xEF\xBB\x7E\x37\x0B\x5D\xFE\x39\xA5\x88\x52\x8C\x00\x6C\xEC\x18\x7C\x41\xBD\xF6\x8B\x75\x77\xBA\x60\x9D\x84\xE7\xFE\x2D\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x15\x38\x83\x0F\x3F\x2C\x3F\x70\x33\x1E\xCD\x46\xFE\x07\x8C\x20\xE0\xD7\xC3\xB7\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5F\xF1\x41\x7D\x7C\x5C\x08\xB9\x2B\xE0\xD5\x92\x47\xFA\x67\x5C\xA5\x13\xC3\x03\x21\x9B\x2B\x4C\x89\x46\xCF\x59\x4D\xC9\xFE\xA5\x40\xB6\x63\xCD\xDD\x71\x28\x95\x67\x11\xCC\x24\xAC\xD3\x44\x6C\x71\xAE\x01\x20\x6B\x03\xA2\x8F\x18\xB7\x29\x3A\x7D\xE5\x16\x60\x53\x78\x3C\xC0\xAF\x15\x83\xF7\x8F\x52\x33\x24\xBD\x64\x93\x97\xEE\x8B\xF7\xDB\x18\xA8\x6D\x71\xB3\xF7\x2C\x17\xD0\x74\x25\x69\xF7\xFE\x6B\x3C\x94\xBE\x4D\x4B\x41\x8C\x4E\xE2\x73\xD0\xE3\x90\x22\x73\x43\xCD\xF3\xEF\xEA\x73\xCE\x45\x8A\xB0\xA6\x49\xFF\x4C\x7D\x9D\x71\x88\xC4\x76\x1D\x90\x5B\x1D\xEE\xFD\xCC\xF7\xEE\xFD\x60\xA5\xB1\x7A\x16\x71\xD1\x16\xD0\x7C\x12\x3C\x6C\x69\x97\xDB\xAE\x5F\x39\x9A\x70\x2F\x05\x3C\x19\x46\x04\x99\x20\x36\xD0\x60\x6E\x61\x06\xBB\x16\x42\x8C\x70\xF7\x30\xFB\xE0\xDB\x66\xA3\x00\x01\xBD\xE6\x2C\xDA\x91\x5F\xA0\x46\x8B\x4D\x6A\x9C\x3D\x3D\xDD\x05\x46\xFE\x76\xBF\xA0\x0A\x3C\xE4\x00\xE6\x27\xB7\xFF\x84\x2D\xDE\xBA\x22\x27\x96\x10\x71\xEB\x22\xED\xDF\xDF\x33\x9C\xCF\xE3\xAD\xAE\x8E\xD4\x8E\xE6\x4F\x51\xAF\x16\x92\xE0\x5C\xF6\x07\x0F",
-	["emailAddress=certificate@trustcenter.de,OU=TC TrustCenter Class 2 CA,O=TC TrustCenter for Security in Data Networks GmbH,L=Hamburg,ST=Hamburg,C=DE"] = "\x30\x82\x03\x5C\x30\x82\x02\xC5\xA0\x03\x02\x01\x02\x02\x02\x03\xEA\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x81\xBC\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x3A\x30\x38\x06\x03\x55\x04\x0A\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x66\x6F\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6E\x20\x44\x61\x74\x61\x20\x4E\x65\x74\x77\x6F\x72\x6B\x73\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x1A\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x30\x1E\x17\x0D\x39\x38\x30\x33\x30\x39\x31\x31\x35\x39\x35\x39\x5A\x17\x0D\x31\x31\x30\x31\x30\x31\x31\x31\x35\x39\x35\x39\x5A\x30\x81\xBC\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x3A\x30\x38\x06\x03\x55\x04\x0A\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x66\x6F\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6E\x20\x44\x61\x74\x61\x20\x4E\x65\x74\x77\x6F\x72\x6B\x73\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x1A\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xDA\x38\xE8\xED\x32\x00\x29\x71\x83\x01\x0D\xBF\x8C\x01\xDC\xDA\xC6\xAD\x39\xA4\xA9\x8A\x2F\xD5\x8B\x5C\x68\x5F\x50\xC6\x62\xF5\x66\xBD\xCA\x91\x22\xEC\xAA\x1D\x51\xD7\x3D\xB3\x51\xB2\x83\x4E\x5D\xCB\x49\xB0\xF0\x4C\x55\xE5\x6B\x2D\xC7\x85\x0B\x30\x1C\x92\x4E\x82\xD4\xCA\x02\xED\xF7\x6F\xBE\xDC\xE0\xE3\x14\xB8\x05\x53\xF2\x9A\xF4\x56\x8B\x5A\x9E\x85\x93\xD1\xB4\x82\x56\xAE\x4D\xBB\xA8\x4B\x57\x16\xBC\xFE\xF8\x58\x9E\xF8\x29\x8D\xB0\x7B\xCD\x78\xC9\x4F\xAC\x8B\x67\x0C\xF1\x9C\xFB\xFC\x57\x9B\x57\x5C\x4F\x0D\x02\x03\x01\x00\x01\xA3\x6B\x30\x69\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x33\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x08\x04\x26\x16\x24\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x2F\x67\x75\x69\x64\x65\x6C\x69\x6E\x65\x73\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x84\x52\xFB\x28\xDF\xFF\x1F\x75\x01\xBC\x01\xBE\x04\x56\x97\x6A\x74\x42\x24\x31\x83\xF9\x46\xB1\x06\x8A\x89\xCF\x96\x2C\x33\xBF\x8C\xB5\x5F\x7A\x72\xA1\x85\x06\xCE\x86\xF8\x05\x8E\xE8\xF9\x25\xCA\xDA\x83\x8C\x06\xAC\xEB\x36\x6D\x85\x91\x34\x04\x36\xF4\x42\xF0\xF8\x79\x2E\x0A\x48\x5C\xAB\xCC\x51\x4F\x78\x76\xA0\xD9\xAC\x19\xBD\x2A\xD1\x69\x04\x28\x91\xCA\x36\x10\x27\x80\x57\x5B\xD2\x5C\xF5\xC2\x5B\xAB\x64\x81\x63\x74\x51\xF4\x97\xBF\xCD\x12\x28\xF7\x4D\x66\x7F\xA7\xF0\x1C\x01\x26\x78\xB2\x66\x47\x70\x51\x64",
-	["emailAddress=certificate@trustcenter.de,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter for Security in Data Networks GmbH,L=Hamburg,ST=Hamburg,C=DE"] = "\x30\x82\x03\x5C\x30\x82\x02\xC5\xA0\x03\x02\x01\x02\x02\x02\x03\xEB\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x81\xBC\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x3A\x30\x38\x06\x03\x55\x04\x0A\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x66\x6F\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6E\x20\x44\x61\x74\x61\x20\x4E\x65\x74\x77\x6F\x72\x6B\x73\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x1A\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x30\x1E\x17\x0D\x39\x38\x30\x33\x30\x39\x31\x31\x35\x39\x35\x39\x5A\x17\x0D\x31\x31\x30\x31\x30\x31\x31\x31\x35\x39\x35\x39\x5A\x30\x81\xBC\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x3A\x30\x38\x06\x03\x55\x04\x0A\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x66\x6F\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6E\x20\x44\x61\x74\x61\x20\x4E\x65\x74\x77\x6F\x72\x6B\x73\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x1A\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xB6\xB4\xC1\x35\x05\x2E\x0D\x8D\xEC\xA0\x40\x6A\x1C\x0E\x27\xA6\x50\x92\x6B\x50\x1B\x07\xDE\x2E\xE7\x76\xCC\xE0\xDA\xFC\x84\xA8\x5E\x8C\x63\x6A\x2B\x4D\xD9\x4E\x02\x76\x11\xC1\x0B\xF2\x8D\x79\xCA\x00\xB6\xF1\xB0\x0E\xD7\xFB\xA4\x17\x3D\xAF\xAB\x69\x7A\x96\x27\xBF\xAF\x33\xA1\x9A\x2A\x59\xAA\xC4\xB5\x37\x08\xF2\x12\xA5\x31\xB6\x43\xF5\x32\x96\x71\x28\x28\xAB\x8D\x28\x86\xDF\xBB\xEE\xE3\x0C\x7D\x30\xD6\xC3\x52\xAB\x8F\x5D\x27\x9C\x6B\xC0\xA3\xE7\x05\x6B\x57\x49\x44\xB3\x6E\xEA\x64\xCF\xD2\x8E\x7A\x50\x77\x77\x02\x03\x01\x00\x01\xA3\x6B\x30\x69\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x33\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x08\x04\x26\x16\x24\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x2F\x67\x75\x69\x64\x65\x6C\x69\x6E\x65\x73\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x16\x3D\xC6\xCD\xC1\xBB\x85\x71\x85\x46\x9F\x3E\x20\x8F\x51\x28\x99\xEC\x2D\x45\x21\x63\x23\x5B\x04\xBB\x4C\x90\xB8\x88\x92\x04\x4D\xBD\x7D\x01\xA3\x3F\xF6\xEC\xCE\xF1\xDE\xFE\x7D\xE5\xE1\x3E\xBB\xC6\xAB\x5E\x0B\xDD\x3D\x96\xC4\xCB\xA9\xD4\xF9\x26\xE6\x06\x4E\x9E\x0C\xA5\x7A\xBA\x6E\xC3\x7C\x82\x19\xD1\xC7\xB1\xB1\xC3\xDB\x0D\x8E\x9B\x40\x7C\x37\x0B\xF1\x5D\xE8\xFD\x1F\x90\x88\xA5\x0E\x4E\x37\x64\x21\xA8\x4E\x8D\xB4\x9F\xF1\xDE\x48\xAD\xD5\x56\x18\x52\x29\x8B\x47\x34\x12\x09\xD4\xBB\x92\x35\xEF\x0F\xDB\x34",
 	["CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL"] = "\x30\x82\x03\x0C\x30\x82\x01\xF4\xA0\x03\x02\x01\x02\x02\x03\x01\x00\x20\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x3E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4C\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x55\x6E\x69\x7A\x65\x74\x6F\x20\x53\x70\x2E\x20\x7A\x20\x6F\x2E\x6F\x2E\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13\x09\x43\x65\x72\x74\x75\x6D\x20\x43\x41\x30\x1E\x17\x0D\x30\x32\x30\x36\x31\x31\x31\x30\x34\x36\x33\x39\x5A\x17\x0D\x32\x37\x30\x36\x31\x31\x31\x30\x34\x36\x33\x39\x5A\x30\x3E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4C\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x55\x6E\x69\x7A\x65\x74\x6F\x20\x53\x70\x2E\x20\x7A\x20\x6F\x2E\x6F\x2E\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13\x09\x43\x65\x72\x74\x75\x6D\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCE\xB1\xC1\x2E\xD3\x4F\x7C\xCD\x25\xCE\x18\x3E\x4F\xC4\x8C\x6F\x80\x6A\x73\xC8\x5B\x51\xF8\x9B\xD2\xDC\xBB\x00\x5C\xB1\xA0\xFC\x75\x03\xEE\x81\xF0\x88\xEE\x23\x52\xE9\xE6\x15\x33\x8D\xAC\x2D\x09\xC5\x76\xF9\x2B\x39\x80\x89\xE4\x97\x4B\x90\xA5\xA8\x78\xF8\x73\x43\x7B\xA4\x61\xB0\xD8\x58\xCC\xE1\x6C\x66\x7E\x9C\xF3\x09\x5E\x55\x63\x84\xD5\xA8\xEF\xF3\xB1\x2E\x30\x68\xB3\xC4\x3C\xD8\xAC\x6E\x8D\x99\x5A\x90\x4E\x34\xDC\x36\x9A\x8F\x81\x88\x50\xB7\x6D\x96\x42\x09\xF3\xD7\x95\x83\x0D\x41\x4B\xB0\x6A\x6B\xF8\xFC\x0F\x7E\x62\x9F\x67\xC4\xED\x26\x5F\x10\x26\x0F\x08\x4F\xF0\xA4\x57\x28\xCE\x8F\xB8\xED\x45\xF6\x6E\xEE\x25\x5D\xAA\x6E\x39\xBE\xE4\x93\x2F\xD9\x47\xA0\x72\xEB\xFA\xA6\x5B\xAF\xCA\x53\x3F\xE2\x0E\xC6\x96\x56\x11\x6E\xF7\xE9\x66\xA9\x26\xD8\x7F\x95\x53\xED\x0A\x85\x88\xBA\x4F\x29\xA5\x42\x8C\x5E\xB6\xFC\x85\x20\x00\xAA\x68\x0B\xA1\x1A\x85\x01\x9C\xC4\x46\x63\x82\x88\xB6\x22\xB1\xEE\xFE\xAA\x46\x59\x7E\xCF\x35\x2C\xD5\xB6\xDA\x5D\xF7\x48\x33\x14\x54\xB6\xEB\xD9\x6F\xCE\xCD\x88\xD6\xAB\x1B\xDA\x96\x3B\x1D\x59\x02\x03\x01\x00\x01\xA3\x13\x30\x11\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xB8\x8D\xCE\xEF\xE7\x14\xBA\xCF\xEE\xB0\x44\x92\x6C\xB4\x39\x3E\xA2\x84\x6E\xAD\xB8\x21\x77\xD2\xD4\x77\x82\x87\xE6\x20\x41\x81\xEE\xE2\xF8\x11\xB7\x63\xD1\x17\x37\xBE\x19\x76\x24\x1C\x04\x1A\x4C\xEB\x3D\xAA\x67\x6F\x2D\xD4\xCD\xFE\x65\x31\x70\xC5\x1B\xA6\x02\x0A\xBA\x60\x7B\x6D\x58\xC2\x9A\x49\xFE\x63\x32\x0B\x6B\xE3\x3A\xC0\xAC\xAB\x3B\xB0\xE8\xD3\x09\x51\x8C\x10\x83\xC6\x34\xE0\xC5\x2B\xE0\x1A\xB6\x60\x14\x27\x6C\x32\x77\x8C\xBC\xB2\x72\x98\xCF\xCD\xCC\x3F\xB9\xC8\x24\x42\x14\xD6\x57\xFC\xE6\x26\x43\xA9\x1D\xE5\x80\x90\xCE\x03\x54\x28\x3E\xF7\x3F\xD3\xF8\x4D\xED\x6A\x0A\x3A\x93\x13\x9B\x3B\x14\x23\x13\x63\x9C\x3F\xD1\x87\x27\x79\xE5\x4C\x51\xE3\x01\xAD\x85\x5D\x1A\x3B\xB1\xD5\x73\x10\xA4\xD3\xF2\xBC\x6E\x64\xF5\x5A\x56\x90\xA8\xC7\x0E\x4C\x74\x0F\x2E\x71\x3B\xF7\xC8\x47\xF4\x69\x6F\x15\xF2\x11\x5E\x83\x1E\x9C\x7C\x52\xAE\xFD\x02\xDA\x12\xA8\x59\x67\x18\xDB\xBC\x70\xDD\x9B\xB1\x69\xED\x80\xCE\x89\x40\x48\x6A\x0E\x35\xCA\x29\x66\x15\x21\x94\x2C\xE8\x60\x2A\x9B\x85\x4A\x40\xF3\x6B\x8A\x24\xEC\x06\x16\x2C\x73",
 	["CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB"] = "\x30\x82\x04\x32\x30\x82\x03\x1A\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x0C\x18\x41\x41\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x1E\x17\x0D\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x7B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x0C\x18\x41\x41\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBE\x40\x9D\xF4\x6E\xE1\xEA\x76\x87\x1C\x4D\x45\x44\x8E\xBE\x46\xC8\x83\x06\x9D\xC1\x2A\xFE\x18\x1F\x8E\xE4\x02\xFA\xF3\xAB\x5D\x50\x8A\x16\x31\x0B\x9A\x06\xD0\xC5\x70\x22\xCD\x49\x2D\x54\x63\xCC\xB6\x6E\x68\x46\x0B\x53\xEA\xCB\x4C\x24\xC0\xBC\x72\x4E\xEA\xF1\x15\xAE\xF4\x54\x9A\x12\x0A\xC3\x7A\xB2\x33\x60\xE2\xDA\x89\x55\xF3\x22\x58\xF3\xDE\xDC\xCF\xEF\x83\x86\xA2\x8C\x94\x4F\x9F\x68\xF2\x98\x90\x46\x84\x27\xC7\x76\xBF\xE3\xCC\x35\x2C\x8B\x5E\x07\x64\x65\x82\xC0\x48\xB0\xA8\x91\xF9\x61\x9F\x76\x20\x50\xA8\x91\xC7\x66\xB5\xEB\x78\x62\x03\x56\xF0\x8A\x1A\x13\xEA\x31\xA3\x1E\xA0\x99\xFD\x38\xF6\xF6\x27\x32\x58\x6F\x07\xF5\x6B\xB8\xFB\x14\x2B\xAF\xB7\xAA\xCC\xD6\x63\x5F\x73\x8C\xDA\x05\x99\xA8\x38\xA8\xCB\x17\x78\x36\x51\xAC\xE9\x9E\xF4\x78\x3A\x8D\xCF\x0F\xD9\x42\xE2\x98\x0C\xAB\x2F\x9F\x0E\x01\xDE\xEF\x9F\x99\x49\xF1\x2D\xDF\xAC\x74\x4D\x1B\x98\xB5\x47\xC5\xE5\x29\xD1\xF9\x90\x18\xC7\x62\x9C\xBE\x83\xC7\x26\x7B\x3E\x8A\x25\xC7\xC0\xDD\x9D\xE6\x35\x68\x10\x20\x9D\x8F\xD8\xDE\xD2\xC3\x84\x9C\x0D\x5E\xE8\x2F\xC9\x02\x03\x01\x00\x01\xA3\x81\xC0\x30\x81\xBD\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA0\x11\x0A\x23\x3E\x96\xF1\x07\xEC\xE2\xAF\x29\xEF\x82\xA5\x7F\xD0\x30\xA4\xB4\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x7B\x06\x03\x55\x1D\x1F\x04\x74\x30\x72\x30\x38\xA0\x36\xA0\x34\x86\x32\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x63\x61\x2E\x63\x6F\x6D\x2F\x41\x41\x41\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x36\xA0\x34\xA0\x32\x86\x30\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x2E\x6E\x65\x74\x2F\x41\x41\x41\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x08\x56\xFC\x02\xF0\x9B\xE8\xFF\xA4\xFA\xD6\x7B\xC6\x44\x80\xCE\x4F\xC4\xC5\xF6\x00\x58\xCC\xA6\xB6\xBC\x14\x49\x68\x04\x76\xE8\xE6\xEE\x5D\xEC\x02\x0F\x60\xD6\x8D\x50\x18\x4F\x26\x4E\x01\xE3\xE6\xB0\xA5\xEE\xBF\xBC\x74\x54\x41\xBF\xFD\xFC\x12\xB8\xC7\x4F\x5A\xF4\x89\x60\x05\x7F\x60\xB7\x05\x4A\xF3\xF6\xF1\xC2\xBF\xC4\xB9\x74\x86\xB6\x2D\x7D\x6B\xCC\xD2\xF3\x46\xDD\x2F\xC6\xE0\x6A\xC3\xC3\x34\x03\x2C\x7D\x96\xDD\x5A\xC2\x0E\xA7\x0A\x99\xC1\x05\x8B\xAB\x0C\x2F\xF3\x5C\x3A\xCF\x6C\x37\x55\x09\x87\xDE\x53\x40\x6C\x58\xEF\xFC\xB6\xAB\x65\x6E\x04\xF6\x1B\xDC\x3C\xE0\x5A\x15\xC6\x9E\xD9\xF1\x59\x48\x30\x21\x65\x03\x6C\xEC\xE9\x21\x73\xEC\x9B\x03\xA1\xE0\x37\xAD\xA0\x15\x18\x8F\xFA\xBA\x02\xCE\xA7\x2C\xA9\x10\x13\x2C\xD4\xE5\x08\x26\xAB\x22\x97\x60\xF8\x90\x5E\x74\xD4\xA2\x9A\x53\xBD\xF2\xA9\x68\xE0\xA2\x6E\xC2\xD7\x6C\xB1\xA3\x0F\x9E\xBF\xEB\x68\xE7\x56\xF2\xAE\xF2\xE3\x2B\x38\x3A\x09\x81\xB5\x6B\x85\xD7\xBE\x2D\xED\x3F\x1A\xB7\xB2\x63\xE2\xF5\x62\x2C\x82\xD4\x6A\x00\x41\x50\xF1\x39\x83\x9F\x95\xE9\x36\x96\x98\x6E",
 	["CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB"] = "\x30\x82\x04\x3F\x30\x82\x03\x27\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x24\x30\x22\x06\x03\x55\x04\x03\x0C\x1B\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x1E\x17\x0D\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x7E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x24\x30\x22\x06\x03\x55\x04\x03\x0C\x1B\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC0\x71\x33\x82\x8A\xD0\x70\xEB\x73\x87\x82\x40\xD5\x1D\xE4\xCB\xC9\x0E\x42\x90\xF9\xDE\x34\xB9\xA1\xBA\x11\xF4\x25\x85\xF3\xCC\x72\x6D\xF2\x7B\x97\x6B\xB3\x07\xF1\x77\x24\x91\x5F\x25\x8F\xF6\x74\x3D\xE4\x80\xC2\xF8\x3C\x0D\xF3\xBF\x40\xEA\xF7\xC8\x52\xD1\x72\x6F\xEF\xC8\xAB\x41\xB8\x6E\x2E\x17\x2A\x95\x69\x0C\xCD\xD2\x1E\x94\x7B\x2D\x94\x1D\xAA\x75\xD7\xB3\x98\xCB\xAC\xBC\x64\x53\x40\xBC\x8F\xAC\xAC\x36\xCB\x5C\xAD\xBB\xDD\xE0\x94\x17\xEC\xD1\x5C\xD0\xBF\xEF\xA5\x95\xC9\x90\xC5\xB0\xAC\xFB\x1B\x43\xDF\x7A\x08\x5D\xB7\xB8\xF2\x40\x1B\x2B\x27\x9E\x50\xCE\x5E\x65\x82\x88\x8C\x5E\xD3\x4E\x0C\x7A\xEA\x08\x91\xB6\x36\xAA\x2B\x42\xFB\xEA\xC2\xA3\x39\xE5\xDB\x26\x38\xAD\x8B\x0A\xEE\x19\x63\xC7\x1C\x24\xDF\x03\x78\xDA\xE6\xEA\xC1\x47\x1A\x0B\x0B\x46\x09\xDD\x02\xFC\xDE\xCB\x87\x5F\xD7\x30\x63\x68\xA1\xAE\xDC\x32\xA1\xBA\xBE\xFE\x44\xAB\x68\xB6\xA5\x17\x15\xFD\xBD\xD5\xA7\xA7\x9A\xE4\x44\x33\xE9\x88\x8E\xFC\xED\x51\xEB\x93\x71\x4E\xAD\x01\xE7\x44\x8E\xAB\x2D\xCB\xA8\xFE\x01\x49\x48\xF0\xC0\xDD\xC7\x68\xD8\x92\xFE\x3D\x02\x03\x01\x00\x01\xA3\x81\xC7\x30\x81\xC4\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x3C\xD8\x93\x88\xC2\xC0\x82\x09\xCC\x01\x99\x06\x93\x20\xE9\x9E\x70\x09\x63\x4F\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x81\x06\x03\x55\x1D\x1F\x04\x7A\x30\x78\x30\x3B\xA0\x39\xA0\x37\x86\x35\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x63\x61\x2E\x63\x6F\x6D\x2F\x53\x65\x63\x75\x72\x65\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x39\xA0\x37\xA0\x35\x86\x33\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x2E\x6E\x65\x74\x2F\x53\x65\x63\x75\x72\x65\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x87\x01\x6D\x23\x1D\x7E\x5B\x17\x7D\xC1\x61\x32\xCF\x8F\xE7\xF3\x8A\x94\x59\x66\xE0\x9E\x28\xA8\x5E\xD3\xB7\xF4\x34\xE6\xAA\x39\xB2\x97\x16\xC5\x82\x6F\x32\xA4\xE9\x8C\xE7\xAF\xFD\xEF\xC2\xE8\xB9\x4B\xAA\xA3\xF4\xE6\xDA\x8D\x65\x21\xFB\xBA\x80\xEB\x26\x28\x85\x1A\xFE\x39\x8C\xDE\x5B\x04\x04\xB4\x54\xF9\xA3\x67\x9E\x41\xFA\x09\x52\xCC\x05\x48\xA8\xC9\x3F\x21\x04\x1E\xCE\x48\x6B\xFC\x85\xE8\xC2\x7B\xAF\x7F\xB7\xCC\xF8\x5F\x3A\xFD\x35\xC6\x0D\xEF\x97\xDC\x4C\xAB\x11\xE1\x6B\xCB\x31\xD1\x6C\xFB\x48\x80\xAB\xDC\x9C\x37\xB8\x21\x14\x4B\x0D\x71\x3D\xEC\x83\x33\x6E\xD1\x6E\x32\x16\xEC\x98\xC7\x16\x8B\x59\xA6\x34\xAB\x05\x57\x2D\x93\xF7\xAA\x13\xCB\xD2\x13\xE2\xB7\x2E\x3B\xCD\x6B\x50\x17\x09\x68\x3E\xB5\x26\x57\xEE\xB6\xE0\xB6\xDD\xB9\x29\x80\x79\x7D\x8F\xA3\xF0\xA4\x28\xA4\x15\xC4\x85\xF4\x27\xD4\x6B\xBF\xE5\x5C\xE4\x65\x02\x76\x54\xB4\xE3\x37\x66\x24\xD3\x19\x61\xC8\x52\x10\xE5\x8B\x37\x9A\xB9\xA9\xF9\x1D\xBF\xEA\x99\x92\x61\x96\xFF\x01\xCD\xA1\x5F\x0D\xBC\x71\xBC\x0E\xAC\x0B\x1D\x47\x45\x1D\xC1\xEC\x7C\xEC\xFD\x29",
@@ -51,7 +48,6 @@ redef root_certs += {
 	["CN=Sonera Class2 CA,O=Sonera,C=FI"] = "\x30\x82\x03\x20\x30\x82\x02\x08\xA0\x03\x02\x01\x02\x02\x01\x1D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x39\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x49\x31\x0F\x30\x0D\x06\x03\x55\x04\x0A\x13\x06\x53\x6F\x6E\x65\x72\x61\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x6F\x6E\x65\x72\x61\x20\x43\x6C\x61\x73\x73\x32\x20\x43\x41\x30\x1E\x17\x0D\x30\x31\x30\x34\x30\x36\x30\x37\x32\x39\x34\x30\x5A\x17\x0D\x32\x31\x30\x34\x30\x36\x30\x37\x32\x39\x34\x30\x5A\x30\x39\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x49\x31\x0F\x30\x0D\x06\x03\x55\x04\x0A\x13\x06\x53\x6F\x6E\x65\x72\x61\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x6F\x6E\x65\x72\x61\x20\x43\x6C\x61\x73\x73\x32\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x90\x17\x4A\x35\x9D\xCA\xF0\x0D\x96\xC7\x44\xFA\x16\x37\xFC\x48\xBD\xBD\x7F\x80\x2D\x35\x3B\xE1\x6F\xA8\x67\xA9\xBF\x03\x1C\x4D\x8C\x6F\x32\x47\xD5\x41\x68\xA4\x13\x04\xC1\x35\x0C\x9A\x84\x43\xFC\x5C\x1D\xFF\x89\xB3\xE8\x17\x18\xCD\x91\x5F\xFB\x89\xE3\xEA\xBF\x4E\x5D\x7C\x1B\x26\xD3\x75\x79\xED\xE6\x84\xE3\x57\xE5\xAD\x29\xC4\xF4\x3A\x28\xE7\xA5\x7B\x84\x36\x69\xB3\xFD\x5E\x76\xBD\xA3\x2D\x99\xD3\x90\x4E\x23\x28\x7D\x18\x63\xF1\x54\x3B\x26\x9D\x76\x5B\x97\x42\xB2\xFF\xAE\xF0\x4E\xEC\xDD\x39\x95\x4E\x83\x06\x7F\xE7\x49\x40\xC8\xC5\x01\xB2\x54\x5A\x66\x1D\x3D\xFC\xF9\xE9\x3C\x0A\x9E\x81\xB8\x70\xF0\x01\x8B\xE4\x23\x54\x7C\xC8\xAE\xF8\x90\x1E\x00\x96\x72\xD4\x54\xCF\x61\x23\xBC\xEA\xFB\x9D\x02\x95\xD1\xB6\xB9\x71\x3A\x69\x08\x3F\x0F\xB4\xE1\x42\xC7\x88\xF5\x3F\x98\xA8\xA7\xBA\x1C\xE0\x71\x71\xEF\x58\x57\x81\x50\x7A\x5C\x6B\x74\x46\x0E\x83\x03\x98\xC3\x8E\xA8\x6E\xF2\x76\x32\x6E\x27\x83\xC2\x73\xF3\xDC\x18\xE8\xB4\x93\xEA\x75\x44\x6B\x04\x60\x20\x71\x57\x87\x9D\xF3\xBE\xA0\x90\x23\x3D\x8A\x24\xE1\xDA\x21\xDB\xC3\x02\x03\x01\x00\x01\xA3\x33\x30\x31\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x11\x06\x03\x55\x1D\x0E\x04\x0A\x04\x08\x4A\xA0\xAA\x58\x84\xD3\x5E\x3C\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5A\xCE\x87\xF9\x16\x72\x15\x57\x4B\x1D\xD9\x9B\xE7\xA2\x26\x30\xEC\x93\x67\xDF\xD6\x2D\xD2\x34\xAF\xF7\x38\xA5\xCE\xAB\x16\xB9\xAB\x2F\x7C\x35\xCB\xAC\xD0\x0F\xB4\x4C\x2B\xFC\x80\xEF\x6B\x8C\x91\x5F\x36\x76\xF7\xDB\xB3\x1B\x19\xEA\xF4\xB2\x11\xFD\x61\x71\x44\xBF\x28\xB3\x3A\x1D\xBF\xB3\x43\xE8\x9F\xBF\xDC\x31\x08\x71\xB0\x9D\x8D\xD6\x34\x47\x32\x90\xC6\x65\x24\xF7\xA0\x4A\x7C\x04\x73\x8F\x39\x6F\x17\x8C\x72\xB5\xBD\x4B\xC8\x7A\xF8\x7B\x83\xC3\x28\x4E\x9C\x09\xEA\x67\x3F\xB2\x67\x04\x1B\xC3\x14\xDA\xF8\xE7\x49\x24\x91\xD0\x1D\x6A\xFA\x61\x39\xEF\x6B\xE7\x21\x75\x06\x07\xD8\x12\xB4\x21\x20\x70\x42\x71\x81\xDA\x3C\x9A\x36\xBE\xA6\x5B\x0D\x6A\x6C\x9A\x1F\x91\x7B\xF9\xF9\xEF\x42\xBA\x4E\x4E\x9E\xCC\x0C\x8D\x94\xDC\xD9\x45\x9C\x5E\xEC\x42\x50\x63\xAE\xF4\x5D\xC4\xB1\x12\xDC\xCA\x3B\xA8\x2E\x9D\x14\x5A\x05\x75\xB7\xEC\xD7\x63\xE2\xBA\x35\xB6\x04\x08\x91\xE8\xDA\x9D\x9C\xF6\x66\xB5\x18\xAC\x0A\xA6\x54\x26\x34\x33\xD2\x1B\xC1\xD4\x7F\x1A\x3A\x8E\x0B\xAA\x32\x6E\xDB\xFC\x4F\x25\x9F\xD9\x32\xC7\x96\x5A\x70\xAC\xDF\x4C",
 	["CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL"] = "\x30\x82\x03\xBA\x30\x82\x02\xA2\xA0\x03\x02\x01\x02\x02\x04\x00\x98\x96\x8A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4C\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x32\x31\x32\x31\x37\x30\x39\x32\x33\x34\x39\x5A\x17\x0D\x31\x35\x31\x32\x31\x36\x30\x39\x31\x35\x33\x38\x5A\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4C\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x98\xD2\xB5\x51\x11\x7A\x81\xA6\x14\x98\x71\x6D\xBE\xCC\xE7\x13\x1B\xD6\x27\x0E\x7A\xB3\x6A\x18\x1C\xB6\x61\x5A\xD5\x61\x09\xBF\xDE\x90\x13\xC7\x67\xEE\xDD\xF3\xDA\xC5\x0C\x12\x9E\x35\x55\x3E\x2C\x27\x88\x40\x6B\xF7\xDC\xDD\x22\x61\xF5\xC2\xC7\x0E\xF5\xF6\xD5\x76\x53\x4D\x8F\x8C\xBC\x18\x76\x37\x85\x9D\xE8\xCA\x49\xC7\xD2\x4F\x98\x13\x09\xA2\x3E\x22\x88\x9C\x7F\xD6\xF2\x10\x65\xB4\xEE\x5F\x18\xD5\x17\xE3\xF8\xC5\xFD\xE2\x9D\xA2\xEF\x53\x0E\x85\x77\xA2\x0F\xE1\x30\x47\xEE\x00\xE7\x33\x7D\x44\x67\x1A\x0B\x51\xE8\x8B\xA0\x9E\x50\x98\x68\x34\x52\x1F\x2E\x6D\x01\xF2\x60\x45\xF2\x31\xEB\xA9\x31\x68\x29\xBB\x7A\x41\x9E\xC6\x19\x7F\x94\xB4\x51\x39\x03\x7F\xB2\xDE\xA7\x32\x9B\xB4\x47\x8E\x6F\xB4\x4A\xAE\xE5\xAF\xB1\xDC\xB0\x1B\x61\xBC\x99\x72\xDE\xE4\x89\xB7\x7A\x26\x5D\xDA\x33\x49\x5B\x52\x9C\x0E\xF5\x8A\xAD\xC3\xB8\x3D\xE8\x06\x6A\xC2\xD5\x2A\x0B\x6C\x7B\x84\xBD\x56\x05\xCB\x86\x65\x92\xEC\x44\x2B\xB0\x8E\xB9\xDC\x70\x0B\x46\xDA\xAD\xBC\x63\x88\x39\xFA\xDB\x6A\xFE\x23\xFA\xBC\xE4\x48\xF4\x67\x2B\x6A\x11\x10\x21\x49\x02\x03\x01\x00\x01\xA3\x81\x91\x30\x81\x8E\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x4F\x06\x03\x55\x1D\x20\x04\x48\x30\x46\x30\x44\x06\x04\x55\x1D\x20\x00\x30\x3C\x30\x3A\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x2E\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x70\x6B\x69\x6F\x76\x65\x72\x68\x65\x69\x64\x2E\x6E\x6C\x2F\x70\x6F\x6C\x69\x63\x69\x65\x73\x2F\x72\x6F\x6F\x74\x2D\x70\x6F\x6C\x69\x63\x79\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA8\x7D\xEB\xBC\x63\xA4\x74\x13\x74\x00\xEC\x96\xE0\xD3\x34\xC1\x2C\xBF\x6C\xF8\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x05\x84\x87\x55\x74\x36\x61\xC1\xBB\xD1\xD4\xC6\x15\xA8\x13\xB4\x9F\xA4\xFE\xBB\xEE\x15\xB4\x2F\x06\x0C\x29\xF2\xA8\x92\xA4\x61\x0D\xFC\xAB\x5C\x08\x5B\x51\x13\x2B\x4D\xC2\x2A\x61\xC8\xF8\x09\x58\xFC\x2D\x02\xB2\x39\x7D\x99\x66\x81\xBF\x6E\x5C\x95\x45\x20\x6C\xE6\x79\xA7\xD1\xD8\x1C\x29\xFC\xC2\x20\x27\x51\xC8\xF1\x7C\x5D\x34\x67\x69\x85\x11\x30\xC6\x00\xD2\xD7\xF3\xD3\x7C\xB6\xF0\x31\x57\x28\x12\x82\x73\xE9\x33\x2F\xA6\x55\xB4\x0B\x91\x94\x47\x9C\xFA\xBB\x7A\x42\x32\xE8\xAE\x7E\x2D\xC8\xBC\xAC\x14\xBF\xD9\x0F\xD9\x5B\xFC\xC1\xF9\x7A\x95\xE1\x7D\x7E\x96\xFC\x71\xB0\xC2\x4C\xC8\xDF\x45\x34\xC9\xCE\x0D\xF2\x9C\x64\x08\xD0\x3B\xC3\x29\xC5\xB2\xED\x90\x04\xC1\xB1\x29\x91\xC5\x30\x6F\xC1\xA9\x72\x33\xCC\xFE\x5D\x16\x17\x2C\x11\x69\xE7\x7E\xFE\xC5\x83\x08\xDF\xBC\xDC\x22\x3A\x2E\x20\x69\x23\x39\x56\x60\x67\x90\x8B\x2E\x76\x39\xFB\x11\x88\x97\xF6\x7C\xBD\x4B\xB8\x20\x16\x67\x05\x8D\xE2\x3B\xC1\x72\x3F\x94\x95\x37\xC7\x5D\xB9\x9E\xD8\x93\xA1\x17\x8F\xFF\x0C\x66\x15\xC1\x24\x7C\x32\x7C\x03\x1D\x3B\xA1\x58\x45\x32\x93",
 	["OU=TDC Internet Root CA,O=TDC Internet,C=DK"] = "\x30\x82\x04\x2B\x30\x82\x03\x13\xA0\x03\x02\x01\x02\x02\x04\x3A\xCC\xA5\x4C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x43\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x31\x30\x34\x30\x35\x31\x36\x33\x33\x31\x37\x5A\x17\x0D\x32\x31\x30\x34\x30\x35\x31\x37\x30\x33\x31\x37\x5A\x30\x43\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC4\xB8\x40\xBC\x91\xD5\x63\x1F\xD7\x99\xA0\x8B\x0C\x40\x1E\x74\xB7\x48\x9D\x46\x8C\x02\xB2\xE0\x24\x5F\xF0\x19\x13\xA7\x37\x83\x6B\x5D\xC7\x8E\xF9\x84\x30\xCE\x1A\x3B\xFA\xFB\xCE\x8B\x6D\x23\xC6\xC3\x6E\x66\x9F\x89\xA5\xDF\xE0\x42\x50\x67\xFA\x1F\x6C\x1E\xF4\xD0\x05\xD6\xBF\xCA\xD6\x4E\xE4\x68\x60\x6C\x46\xAA\x1C\x5D\x63\xE1\x07\x86\x0E\x65\x00\xA7\x2E\xA6\x71\xC6\xBC\xB9\x81\xA8\x3A\x7D\x1A\xD2\xF9\xD1\xAC\x4B\xCB\xCE\x75\xAF\xDC\x7B\xFA\x81\x73\xD4\xFC\xBA\xBD\x41\x88\xD4\x74\xB3\xF9\x5E\x38\x3A\x3C\x43\xA8\xD2\x95\x4E\x77\x6D\x13\x0C\x9D\x8F\x78\x01\xB7\x5A\x20\x1F\x03\x37\x35\xE2\x2C\xDB\x4B\x2B\x2C\x78\xB9\x49\xDB\xC4\xD0\xC7\x9C\x9C\xE4\x8A\x20\x09\x21\x16\x56\x66\xFF\x05\xEC\x5B\xE3\xF0\xCF\xAB\x24\x24\x5E\xC3\x7F\x70\x7A\x12\xC4\xD2\xB5\x10\xA0\xB6\x21\xE1\x8D\x78\x69\x55\x44\x69\xF5\xCA\x96\x1C\x34\x85\x17\x25\x77\xE2\xF6\x2F\x27\x98\x78\xFD\x79\x06\x3A\xA2\xD6\x5A\x43\xC1\xFF\xEC\x04\x3B\xEE\x13\xEF\xD3\x58\x5A\xFF\x92\xEB\xEC\xAE\xDA\xF2\x37\x03\x47\x41\xB6\x97\xC9\x2D\x0A\x41\x22\xBB\xBB\xE6\xA7\x02\x03\x01\x00\x01\xA3\x82\x01\x25\x30\x82\x01\x21\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x65\x06\x03\x55\x1D\x1F\x04\x5E\x30\x5C\x30\x5A\xA0\x58\xA0\x56\xA4\x54\x30\x52\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x52\x6F\x6F\x74\x20\x43\x41\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x2B\x06\x03\x55\x1D\x10\x04\x24\x30\x22\x80\x0F\x32\x30\x30\x31\x30\x34\x30\x35\x31\x36\x33\x33\x31\x37\x5A\x81\x0F\x32\x30\x32\x31\x30\x34\x30\x35\x31\x37\x30\x33\x31\x37\x5A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x6C\x64\x01\xC7\xFD\x85\x6D\xAC\xC8\xDA\x9E\x50\x08\x85\x08\xB5\x3C\x56\xA8\x50\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x6C\x64\x01\xC7\xFD\x85\x6D\xAC\xC8\xDA\x9E\x50\x08\x85\x08\xB5\x3C\x56\xA8\x50\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x10\x30\x0E\x1B\x08\x56\x35\x2E\x30\x3A\x34\x2E\x30\x03\x02\x04\x90\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4E\x43\xCC\xD1\xDD\x1D\x10\x1B\x06\x7F\xB7\xA4\xFA\xD3\xD9\x4D\xFB\x23\x9F\x23\x54\x5B\xE6\x8B\x2F\x04\x28\x8B\xB5\x27\x6D\x89\xA1\xEC\x98\x69\xDC\xE7\x8D\x26\x83\x05\x79\x74\xEC\xB4\xB9\xA3\x97\xC1\x35\x00\xFD\x15\xDA\x39\x81\x3A\x95\x31\x90\xDE\x97\xE9\x86\xA8\x99\x77\x0C\xE5\x5A\xA0\x84\xFF\x12\x16\xAC\x6E\xB8\x8D\xC3\x7B\x92\xC2\xAC\x2E\xD0\x7D\x28\xEC\xB6\xF3\x60\x38\x69\x6F\x3E\xD8\x04\x55\x3E\x9E\xCC\x55\xD2\xBA\xFE\xBB\x47\x04\xD7\x0A\xD9\x16\x0A\x34\x29\xF5\x58\x13\xD5\x4F\xCF\x8F\x56\x4B\xB3\x1E\xEE\xD3\x98\x79\xDA\x08\x1E\x0C\x6F\xB8\xF8\x16\x27\xEF\xC2\x6F\x3D\xF6\xA3\x4B\x3E\x0E\xE4\x6D\x6C\xDB\x3B\x41\x12\x9B\xBD\x0D\x47\x23\x7F\x3C\x4A\xD0\xAF\xC0\xAF\xF6\xEF\x1B\xB5\x15\xC4\xEB\x83\xC4\x09\x5F\x74\x8B\xD9\x11\xFB\xC2\x56\xB1\x3C\xF8\x70\xCA\x34\x8D\x43\x40\x13\x8C\xFD\x99\x03\x54\x79\xC6\x2E\xEA\x86\xA1\xF6\x3A\xD4\x09\xBC\xF4\xBC\x66\xCC\x3D\x58\xD0\x57\x49\x0A\xEE\x25\xE2\x41\xEE\x13\xF9\x9B\x38\x34\xD1\x00\xF5\x7E\xE7\x94\x1D\xFC\x69\x03\x62\xB8\x99\x05\x05\x3D\x6B\x78\x12\xBD\xB0\x6F\x65",
-	["CN=TDC OCES CA,O=TDC,C=DK"] = "\x30\x82\x05\x19\x30\x82\x04\x01\xA0\x03\x02\x01\x02\x02\x04\x3E\x48\xBD\xC4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x31\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x0C\x30\x0A\x06\x03\x55\x04\x0A\x13\x03\x54\x44\x43\x31\x14\x30\x12\x06\x03\x55\x04\x03\x13\x0B\x54\x44\x43\x20\x4F\x43\x45\x53\x20\x43\x41\x30\x1E\x17\x0D\x30\x33\x30\x32\x31\x31\x30\x38\x33\x39\x33\x30\x5A\x17\x0D\x33\x37\x30\x32\x31\x31\x30\x39\x30\x39\x33\x30\x5A\x30\x31\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x0C\x30\x0A\x06\x03\x55\x04\x0A\x13\x03\x54\x44\x43\x31\x14\x30\x12\x06\x03\x55\x04\x03\x13\x0B\x54\x44\x43\x20\x4F\x43\x45\x53\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAC\x62\xF6\x61\x20\xB2\xCF\xC0\xC6\x85\xD7\xE3\x79\xE6\xCC\xED\xF2\x39\x92\xA4\x97\x2E\x64\xA3\x84\x5B\x87\x9C\x4C\xFD\xA4\xF3\xC4\x5F\x21\xBD\x56\x10\xEB\xDB\x2E\x61\xEC\x93\x69\xE3\xA3\xCC\xBD\x99\xC3\x05\xFC\x06\xB8\xCA\x36\x1C\xFE\x90\x8E\x49\x4C\xC4\x56\x9A\x2F\x56\xBC\xCF\x7B\x0C\xF1\x6F\x47\xA6\x0D\x43\x4D\xE2\xE9\x1D\x39\x34\xCD\x8D\x2C\xD9\x12\x98\xF9\xE3\xE1\xC1\x4A\x7C\x86\x38\xC4\xA9\xC4\x61\x88\xD2\x5E\xAF\x1A\x26\x4D\xD5\xE4\xA0\x22\x47\x84\xD9\x64\xB7\x19\x96\xFC\xEC\x19\xE4\xB2\x97\x26\x4E\x4A\x4C\xCB\x8F\x24\x8B\x54\x18\x1C\x48\x61\x7B\xD5\x88\x68\xDA\x5D\xB5\xEA\xCD\x1A\x30\xC1\x80\x83\x76\x50\xAA\x4F\xD1\xD4\xDD\x38\xF0\xEF\x16\xF4\xE1\x0C\x50\x06\xBF\xEA\xFB\x7A\x49\xA1\x28\x2B\x1C\xF6\xFC\x15\x32\xA3\x74\x6A\x8F\xA9\xC3\x62\x29\x71\x31\xE5\x3B\xA4\x60\x17\x5E\x74\xE6\xDA\x13\xED\xE9\x1F\x1F\x1B\xD1\xB2\x68\x73\xC6\x10\x34\x75\x46\x10\x10\xE3\x90\x00\x76\x40\xCB\x8B\xB7\x43\x09\x21\xFF\xAB\x4E\x93\xC6\x58\xE9\xA5\x82\xDB\x77\xC4\x3A\x99\xB1\x72\x95\x49\x04\xF0\xB7\x2B\xFA\x7B\x59\x8E\xDD\x02\x03\x01\x00\x01\xA3\x82\x02\x37\x30\x82\x02\x33\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x81\xEC\x06\x03\x55\x1D\x20\x04\x81\xE4\x30\x81\xE1\x30\x81\xDE\x06\x08\x2A\x81\x50\x81\x29\x01\x01\x01\x30\x81\xD1\x30\x2F\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x65\x72\x74\x69\x66\x69\x6B\x61\x74\x2E\x64\x6B\x2F\x72\x65\x70\x6F\x73\x69\x74\x6F\x72\x79\x30\x81\x9D\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x81\x90\x30\x0A\x16\x03\x54\x44\x43\x30\x03\x02\x01\x01\x1A\x81\x81\x43\x65\x72\x74\x69\x66\x69\x6B\x61\x74\x65\x72\x20\x66\x72\x61\x20\x64\x65\x6E\x6E\x65\x20\x43\x41\x20\x75\x64\x73\x74\x65\x64\x65\x73\x20\x75\x6E\x64\x65\x72\x20\x4F\x49\x44\x20\x31\x2E\x32\x2E\x32\x30\x38\x2E\x31\x36\x39\x2E\x31\x2E\x31\x2E\x31\x2E\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x73\x20\x66\x72\x6F\x6D\x20\x74\x68\x69\x73\x20\x43\x41\x20\x61\x72\x65\x20\x69\x73\x73\x75\x65\x64\x20\x75\x6E\x64\x65\x72\x20\x4F\x49\x44\x20\x31\x2E\x32\x2E\x32\x30\x38\x2E\x31\x36\x39\x2E\x31\x2E\x31\x2E\x31\x2E\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x81\x81\x06\x03\x55\x1D\x1F\x04\x7A\x30\x78\x30\x48\xA0\x46\xA0\x44\xA4\x42\x30\x40\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x0C\x30\x0A\x06\x03\x55\x04\x0A\x13\x03\x54\x44\x43\x31\x14\x30\x12\x06\x03\x55\x04\x03\x13\x0B\x54\x44\x43\x20\x4F\x43\x45\x53\x20\x43\x41\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x2C\xA0\x2A\xA0\x28\x86\x26\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x6F\x63\x65\x73\x2E\x63\x65\x72\x74\x69\x66\x69\x6B\x61\x74\x2E\x64\x6B\x2F\x6F\x63\x65\x73\x2E\x63\x72\x6C\x30\x2B\x06\x03\x55\x1D\x10\x04\x24\x30\x22\x80\x0F\x32\x30\x30\x33\x30\x32\x31\x31\x30\x38\x33\x39\x33\x30\x5A\x81\x0F\x32\x30\x33\x37\x30\x32\x31\x31\x30\x39\x30\x39\x33\x30\x5A\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x60\xB5\x85\xEC\x56\x64\x7E\x12\x19\x27\x67\x1D\x50\x15\x4B\x73\xAE\x3B\xF9\x12\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x60\xB5\x85\xEC\x56\x64\x7E\x12\x19\x27\x67\x1D\x50\x15\x4B\x73\xAE\x3B\xF9\x12\x30\x1D\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x10\x30\x0E\x1B\x08\x56\x36\x2E\x30\x3A\x34\x2E\x30\x03\x02\x04\x90\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x0A\xBA\x26\x26\x46\xD3\x73\xA8\x09\xF3\x6B\x0B\x30\x99\xFD\x8A\xE1\x57\x7A\x11\xD3\xB8\x94\xD7\x09\x10\x6E\xA3\xB1\x38\x03\xD1\xB6\xF2\x43\x41\x29\x62\xA7\x72\xD8\xFB\x7C\x05\xE6\x31\x70\x27\x54\x18\x4E\x8A\x7C\x4E\xE5\xD1\xCA\x8C\x78\x88\xCF\x1B\xD3\x90\x8B\xE6\x23\xF8\x0B\x0E\x33\x43\x7D\x9C\xE2\x0A\x19\x8F\xC9\x01\x3E\x74\x5D\x74\xC9\x8B\x1C\x03\xE5\x18\xC8\x01\x4C\x3F\xCB\x97\x05\x5D\x98\x71\xA6\x98\x6F\xB6\x7C\xBD\x37\x7F\xBE\xE1\x93\x25\x6D\x6F\xF0\x0A\xAD\x17\x18\xE1\x03\xBC\x07\x29\xC8\xAD\x26\xE8\xF8\x61\xF0\xFD\x21\x09\x7E\x9A\x8E\xA9\x68\x7D\x48\x62\x72\xBD\x00\xEA\x01\x99\xB8\x06\x82\x51\x81\x4E\xF1\xF5\xB4\x91\x54\xB9\x23\x7A\x00\x9A\x9F\x5D\x8D\xE0\x3C\x64\xB9\x1A\x12\x92\x2A\xC7\x82\x44\x72\x39\xDC\xE2\x3C\xC6\xD8\x55\xF5\x15\x4E\xC8\x05\x0E\xDB\xC6\xD0\x62\xA6\xEC\x15\xB4\xB5\x02\x82\xDB\xAC\x8C\xA2\x81\xF0\x9B\x99\x31\xF5\x20\x20\xA8\x88\x61\x0A\x07\x9F\x94\xFC\xD0\xD7\x1B\xCC\x2E\x17\xF3\x04\x27\x76\x67\xEB\x54\x83\xFD\xA4\x90\x7E\x06\x3D\x04\xA3\x43\x2D\xDA\xFC\x0B\x62\xEA\x2F\x5F\x62\x53",
 	["CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US"] = "\x30\x82\x04\x5E\x30\x82\x03\x46\xA0\x03\x02\x01\x02\x02\x10\x44\xBE\x0C\x8B\x50\x00\x21\xB4\x11\xD3\x2A\x68\x06\xA9\xAD\x69\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x93\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x55\x54\x4E\x20\x2D\x20\x44\x41\x54\x41\x43\x6F\x72\x70\x20\x53\x47\x43\x30\x1E\x17\x0D\x39\x39\x30\x36\x32\x34\x31\x38\x35\x37\x32\x31\x5A\x17\x0D\x31\x39\x30\x36\x32\x34\x31\x39\x30\x36\x33\x30\x5A\x30\x81\x93\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x55\x54\x4E\x20\x2D\x20\x44\x41\x54\x41\x43\x6F\x72\x70\x20\x53\x47\x43\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDF\xEE\x58\x10\xA2\x2B\x6E\x55\xC4\x8E\xBF\x2E\x46\x09\xE7\xE0\x08\x0F\x2E\x2B\x7A\x13\x94\x1B\xBD\xF6\xB6\x80\x8E\x65\x05\x93\x00\x1E\xBC\xAF\xE2\x0F\x8E\x19\x0D\x12\x47\xEC\xAC\xAD\xA3\xFA\x2E\x70\xF8\xDE\x6E\xFB\x56\x42\x15\x9E\x2E\x5C\xEF\x23\xDE\x21\xB9\x05\x76\x27\x19\x0F\x4F\xD6\xC3\x9C\xB4\xBE\x94\x19\x63\xF2\xA6\x11\x0A\xEB\x53\x48\x9C\xBE\xF2\x29\x3B\x16\xE8\x1A\xA0\x4C\xA6\xC9\xF4\x18\x59\x68\xC0\x70\xF2\x53\x00\xC0\x5E\x50\x82\xA5\x56\x6F\x36\xF9\x4A\xE0\x44\x86\xA0\x4D\x4E\xD6\x47\x6E\x49\x4A\xCB\x67\xD7\xA6\xC4\x05\xB9\x8E\x1E\xF4\xFC\xFF\xCD\xE7\x36\xE0\x9C\x05\x6C\xB2\x33\x22\x15\xD0\xB4\xE0\xCC\x17\xC0\xB2\xC0\xF4\xFE\x32\x3F\x29\x2A\x95\x7B\xD8\xF2\xA7\x4E\x0F\x54\x7C\xA1\x0D\x80\xB3\x09\x03\xC1\xFF\x5C\xDD\x5E\x9A\x3E\xBC\xAE\xBC\x47\x8A\x6A\xAE\x71\xCA\x1F\xB1\x2A\xB8\x5F\x42\x05\x0B\xEC\x46\x30\xD1\x72\x0B\xCA\xE9\x56\x6D\xF5\xEF\xDF\x78\xBE\x61\xBA\xB2\xA5\xAE\x04\x4C\xBC\xA8\xAC\x69\x15\x97\xBD\xEF\xEB\xB4\x8C\xBF\x35\xF8\xD4\xC3\xD1\x28\x0E\x5C\x3A\x9F\x70\x18\x33\x20\x77\xC4\xA2\xAF\x02\x03\x01\x00\x01\xA3\x81\xAB\x30\x81\xA8\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\xC6\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x53\x32\xD1\xB3\xCF\x7F\xFA\xE0\xF1\xA0\x5D\x85\x4E\x92\xD2\x9E\x45\x1D\xB4\x4F\x30\x3D\x06\x03\x55\x1D\x1F\x04\x36\x30\x34\x30\x32\xA0\x30\xA0\x2E\x86\x2C\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x2F\x55\x54\x4E\x2D\x44\x41\x54\x41\x43\x6F\x72\x70\x53\x47\x43\x2E\x63\x72\x6C\x30\x2A\x06\x03\x55\x1D\x25\x04\x23\x30\x21\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x03\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x04\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x27\x35\x97\x00\x8A\x8B\x28\xBD\xC6\x33\x30\x1E\x29\xFC\xE2\xF7\xD5\x98\xD4\x40\xBB\x60\xCA\xBF\xAB\x17\x2C\x09\x36\x7F\x50\xFA\x41\xDC\xAE\x96\x3A\x0A\x23\x3E\x89\x59\xC9\xA3\x07\xED\x1B\x37\xAD\xFC\x7C\xBE\x51\x49\x5A\xDE\x3A\x0A\x54\x08\x16\x45\xC2\x99\xB1\x87\xCD\x8C\x68\xE0\x69\x03\xE9\xC4\x4E\x98\xB2\x3B\x8C\x16\xB3\x0E\xA0\x0C\x98\x50\x9B\x93\xA9\x70\x09\xC8\x2C\xA3\x8F\xDF\x02\xE4\xE0\x71\x3A\xF1\xB4\x23\x72\xA0\xAA\x01\xDF\xDF\x98\x3E\x14\x50\xA0\x31\x26\xBD\x28\xE9\x5A\x30\x26\x75\xF9\x7B\x60\x1C\x8D\xF3\xCD\x50\x26\x6D\x04\x27\x9A\xDF\xD5\x0D\x45\x47\x29\x6B\x2C\xE6\x76\xD9\xA9\x29\x7D\x32\xDD\xC9\x36\x3C\xBD\xAE\x35\xF1\x11\x9E\x1D\xBB\x90\x3F\x12\x47\x4E\x8E\xD7\x7E\x0F\x62\x73\x1D\x52\x26\x38\x1C\x18\x49\xFD\x30\x74\x9A\xC4\xE5\x22\x2F\xD8\xC0\x8D\xED\x91\x7A\x4C\x00\x8F\x72\x7F\x5D\xDA\xDD\x1B\x8B\x45\x6B\xE7\xDD\x69\x97\xA8\xC5\x56\x4C\x0F\x0C\xF6\x9F\x7A\x91\x37\xF6\x97\x82\xE0\xDD\x71\x69\xFF\x76\x3F\x60\x4D\x3C\xCF\xF7\x99\xF9\xC6\x57\xF4\xC9\x55\x39\x78\xBA\x2C\x79\xC9\xA6\x88\x2B\xF4\x08",
 	["CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US"] = "\x30\x82\x04\x74\x30\x82\x03\x5C\xA0\x03\x02\x01\x02\x02\x10\x44\xBE\x0C\x8B\x50\x00\x24\xB4\x11\xD3\x36\x2A\xFE\x65\x0A\xFD\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x97\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x13\x16\x55\x54\x4E\x2D\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2D\x48\x61\x72\x64\x77\x61\x72\x65\x30\x1E\x17\x0D\x39\x39\x30\x37\x30\x39\x31\x38\x31\x30\x34\x32\x5A\x17\x0D\x31\x39\x30\x37\x30\x39\x31\x38\x31\x39\x32\x32\x5A\x30\x81\x97\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x13\x16\x55\x54\x4E\x2D\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2D\x48\x61\x72\x64\x77\x61\x72\x65\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB1\xF7\xC3\x38\x3F\xB4\xA8\x7F\xCF\x39\x82\x51\x67\xD0\x6D\x9F\xD2\xFF\x58\xF3\xE7\x9F\x2B\xEC\x0D\x89\x54\x99\xB9\x38\x99\x16\xF7\xE0\x21\x79\x48\xC2\xBB\x61\x74\x12\x96\x1D\x3C\x6A\x72\xD5\x3C\x10\x67\x3A\x39\xED\x2B\x13\xCD\x66\xEB\x95\x09\x33\xA4\x6C\x97\xB1\xE8\xC6\xEC\xC1\x75\x79\x9C\x46\x5E\x8D\xAB\xD0\x6A\xFD\xB9\x2A\x55\x17\x10\x54\xB3\x19\xF0\x9A\xF6\xF1\xB1\x5D\xB6\xA7\x6D\xFB\xE0\x71\x17\x6B\xA2\x88\xFB\x00\xDF\xFE\x1A\x31\x77\x0C\x9A\x01\x7A\xB1\x32\xE3\x2B\x01\x07\x38\x6E\xC3\xA5\x5E\x23\xBC\x45\x9B\x7B\x50\xC1\xC9\x30\x8F\xDB\xE5\x2B\x7A\xD3\x5B\xFB\x33\x40\x1E\xA0\xD5\x98\x17\xBC\x8B\x87\xC3\x89\xD3\x5D\xA0\x8E\xB2\xAA\xAA\xF6\x8E\x69\x88\x06\xC5\xFA\x89\x21\xF3\x08\x9D\x69\x2E\x09\x33\x9B\x29\x0D\x46\x0F\x8C\xCC\x49\x34\xB0\x69\x51\xBD\xF9\x06\xCD\x68\xAD\x66\x4C\xBC\x3E\xAC\x61\xBD\x0A\x88\x0E\xC8\xDF\x3D\xEE\x7C\x04\x4C\x9D\x0A\x5E\x6B\x91\xD6\xEE\xC7\xED\x28\x8D\xAB\x4D\x87\x89\x73\xD0\x6E\xA4\xD0\x1E\x16\x8B\x14\xE1\x76\x44\x03\x7F\x63\xAC\xE4\xCD\x49\x9C\xC5\x92\xF4\xAB\x32\xA1\x48\x5B\x02\x03\x01\x00\x01\xA3\x81\xB9\x30\x81\xB6\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\xC6\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA1\x72\x5F\x26\x1B\x28\x98\x43\x95\x5D\x07\x37\xD5\x85\x96\x9D\x4B\xD2\xC3\x45\x30\x44\x06\x03\x55\x1D\x1F\x04\x3D\x30\x3B\x30\x39\xA0\x37\xA0\x35\x86\x33\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x2F\x55\x54\x4E\x2D\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2D\x48\x61\x72\x64\x77\x61\x72\x65\x2E\x63\x72\x6C\x30\x31\x06\x03\x55\x1D\x25\x04\x2A\x30\x28\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x05\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x06\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x07\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x47\x19\x0F\xDE\x74\xC6\x99\x97\xAF\xFC\xAD\x28\x5E\x75\x8E\xEB\x2D\x67\xEE\x4E\x7B\x2B\xD7\x0C\xFF\xF6\xDE\xCB\x55\xA2\x0A\xE1\x4C\x54\x65\x93\x60\x6B\x9F\x12\x9C\xAD\x5E\x83\x2C\xEB\x5A\xAE\xC0\xE4\x2D\xF4\x00\x63\x1D\xB8\xC0\x6C\xF2\xCF\x49\xBB\x4D\x93\x6F\x06\xA6\x0A\x22\xB2\x49\x62\x08\x4E\xFF\xC8\xC8\x14\xB2\x88\x16\x5D\xE7\x01\xE4\x12\x95\xE5\x45\x34\xB3\x8B\x69\xBD\xCF\xB4\x85\x8F\x75\x51\x9E\x7D\x3A\x38\x3A\x14\x48\x12\xC6\xFB\xA7\x3B\x1A\x8D\x0D\x82\x40\x07\xE8\x04\x08\x90\xA1\x89\xCB\x19\x50\xDF\xCA\x1C\x01\xBC\x1D\x04\x19\x7B\x10\x76\x97\x3B\xEE\x90\x90\xCA\xC4\x0E\x1F\x16\x6E\x75\xEF\x33\xF8\xD3\x6F\x5B\x1E\x96\xE3\xE0\x74\x77\x74\x7B\x8A\xA2\x6E\x2D\xDD\x76\xD6\x39\x30\x82\xF0\xAB\x9C\x52\xF2\x2A\xC7\xAF\x49\x5E\x7E\xC7\x68\xE5\x82\x81\xC8\x6A\x27\xF9\x27\x88\x2A\xD5\x58\x50\x95\x1F\xF0\x3B\x1C\x57\xBB\x7D\x14\x39\x62\x2B\x9A\xC9\x94\x92\x2A\xA3\x22\x0C\xFF\x89\x26\x7D\x5F\x23\x2B\x47\xD7\x15\x1D\xA9\x6A\x9E\x51\x0D\x2A\x51\x9E\x81\xF9\xD4\x3B\x5E\x70\x12\x7F\x10\x32\x9C\x1E\xBB\x9D\xF8\x66\xA8",
 	["CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU"] = "\x30\x82\x04\xBD\x30\x82\x03\xA5\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0A\x13\x1E\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0B\x13\x1A\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x43\x68\x61\x6D\x62\x65\x72\x73\x20\x6F\x66\x20\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x33\x30\x39\x33\x30\x31\x36\x31\x33\x34\x33\x5A\x17\x0D\x33\x37\x30\x39\x33\x30\x31\x36\x31\x33\x34\x34\x5A\x30\x7F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0A\x13\x1E\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0B\x13\x1A\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x43\x68\x61\x6D\x62\x65\x72\x73\x20\x6F\x66\x20\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x82\x01\x20\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0D\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xB7\x36\x55\xE5\xA5\x5D\x18\x30\xE0\xDA\x89\x54\x91\xFC\xC8\xC7\x52\xF8\x2F\x50\xD9\xEF\xB1\x75\x73\x65\x47\x7D\x1B\x5B\xBA\x75\xC5\xFC\xA1\x88\x24\xFA\x2F\xED\xCA\x08\x4A\x39\x54\xC4\x51\x7A\xB5\xDA\x60\xEA\x38\x3C\x81\xB2\xCB\xF1\xBB\xD9\x91\x23\x3F\x48\x01\x70\x75\xA9\x05\x2A\xAD\x1F\x71\xF3\xC9\x54\x3D\x1D\x06\x6A\x40\x3E\xB3\x0C\x85\xEE\x5C\x1B\x79\xC2\x62\xC4\xB8\x36\x8E\x35\x5D\x01\x0C\x23\x04\x47\x35\xAA\x9B\x60\x4E\xA0\x66\x3D\xCB\x26\x0A\x9C\x40\xA1\xF4\x5D\x98\xBF\x71\xAB\xA5\x00\x68\x2A\xED\x83\x7A\x0F\xA2\x14\xB5\xD4\x22\xB3\x80\xB0\x3C\x0C\x5A\x51\x69\x2D\x58\x18\x8F\xED\x99\x9E\xF1\xAE\xE2\x95\xE6\xF6\x47\xA8\xD6\x0C\x0F\xB0\x58\x58\xDB\xC3\x66\x37\x9E\x9B\x91\x54\x33\x37\xD2\x94\x1C\x6A\x48\xC9\xC9\xF2\xA5\xDA\xA5\x0C\x23\xF7\x23\x0E\x9C\x32\x55\x5E\x71\x9C\x84\x05\x51\x9A\x2D\xFD\xE6\x4E\x2A\x34\x5A\xDE\xCA\x40\x37\x67\x0C\x54\x21\x55\x77\xDA\x0A\x0C\xCC\x97\xAE\x80\xDC\x94\x36\x4A\xF4\x3E\xCE\x36\x13\x1E\x53\xE4\xAC\x4E\x3A\x05\xEC\xDB\xAE\x72\x9C\x38\x8B\xD0\x39\x3B\x89\x0A\x3E\x77\xFE\x75\x02\x01\x03\xA3\x82\x01\x44\x30\x82\x01\x40\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x0C\x30\x3C\x06\x03\x55\x1D\x1F\x04\x35\x30\x33\x30\x31\xA0\x2F\xA0\x2D\x86\x2B\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x2F\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x2E\x63\x72\x6C\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE3\x94\xF5\xB1\x4D\xE9\xDB\xA1\x29\x5B\x57\x8B\x4D\x76\x06\x76\xE1\xD1\xA2\x8A\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x27\x06\x03\x55\x1D\x11\x04\x20\x30\x1E\x81\x1C\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x40\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x30\x27\x06\x03\x55\x1D\x12\x04\x20\x30\x1E\x81\x1C\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x40\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x30\x58\x06\x03\x55\x1D\x20\x04\x51\x30\x4F\x30\x4D\x06\x0B\x2B\x06\x01\x04\x01\x81\x87\x2E\x0A\x03\x01\x30\x3E\x30\x3C\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x30\x68\x74\x74\x70\x3A\x2F\x2F\x63\x70\x73\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x2F\x63\x70\x73\x2F\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x2E\x68\x74\x6D\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x0C\x41\x97\xC2\x1A\x86\xC0\x22\x7C\x9F\xFB\x90\xF3\x1A\xD1\x03\xB1\xEF\x13\xF9\x21\x5F\x04\x9C\xDA\xC9\xA5\x8D\x27\x6C\x96\x87\x91\xBE\x41\x90\x01\x72\x93\xE7\x1E\x7D\x5F\xF6\x89\xC6\x5D\xA7\x40\x09\x3D\xAC\x49\x45\x45\xDC\x2E\x8D\x30\x68\xB2\x09\xBA\xFB\xC3\x2F\xCC\xBA\x0B\xDF\x3F\x77\x7B\x46\x7D\x3A\x12\x24\x8E\x96\x8F\x3C\x05\x0A\x6F\xD2\x94\x28\x1D\x6D\x0C\xC0\x2E\x88\x22\xD5\xD8\xCF\x1D\x13\xC7\xF0\x48\xD7\xD7\x05\xA7\xCF\xC7\x47\x9E\x3B\x3C\x34\xC8\x80\x4F\xD4\x14\xBB\xFC\x0D\x50\xF7\xFA\xB3\xEC\x42\x5F\xA9\xDD\x6D\xC8\xF4\x75\xCF\x7B\xC1\x72\x26\xB1\x01\x1C\x5C\x2C\xFD\x7A\x4E\xB4\x01\xC5\x05\x57\xB9\xE7\x3C\xAA\x05\xD9\x88\xE9\x07\x46\x41\xCE\xEF\x41\x81\xAE\x58\xDF\x83\xA2\xAE\xCA\xD7\x77\x1F\xE7\x00\x3C\x9D\x6F\x8E\xE4\x32\x09\x1D\x4D\x78\x34\x78\x34\x3C\x94\x9B\x26\xED\x4F\x71\xC6\x19\x7A\xBD\x20\x22\x48\x5A\xFE\x4B\x7D\x03\xB7\xE7\x58\xBE\xC6\x32\x4E\x74\x1E\x68\xDD\xA8\x68\x5B\xB3\x3E\xEE\x62\x7D\xD9\x80\xE8\x0A\x75\x7A\xB7\xEE\xB4\x65\x9A\x21\x90\xE0\xAA\xD0\x98\xBC\x38\xB5\x73\x3C\x8B\xF8\xDC",
@@ -139,4 +135,12 @@ redef root_certs += {
 	["CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES"] = "\x30\x82\x06\x8B\x30\x82\x05\x73\xA0\x03\x02\x01\x02\x02\x04\x3B\x45\xE5\x68\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x68\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x1F\x30\x1D\x06\x03\x55\x04\x0A\x13\x16\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x31\x0F\x30\x0D\x06\x03\x55\x04\x0B\x13\x06\x50\x4B\x49\x47\x56\x41\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x52\x6F\x6F\x74\x20\x43\x41\x20\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x30\x1E\x17\x0D\x30\x31\x30\x37\x30\x36\x31\x36\x32\x32\x34\x37\x5A\x17\x0D\x32\x31\x30\x37\x30\x31\x31\x35\x32\x32\x34\x37\x5A\x30\x68\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x1F\x30\x1D\x06\x03\x55\x04\x0A\x13\x16\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x31\x0F\x30\x0D\x06\x03\x55\x04\x0B\x13\x06\x50\x4B\x49\x47\x56\x41\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x52\x6F\x6F\x74\x20\x43\x41\x20\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC6\x2A\xAB\x57\x11\x37\x2F\x22\x8A\xCA\x03\x74\x1D\xCA\xED\x2D\xA2\x0B\xBC\x33\x52\x40\x26\x47\xBE\x5A\x69\xA6\x3B\x72\x36\x17\x4C\xE8\xDF\xB8\xBB\x2F\x76\xE1\x40\x46\x74\x65\x02\x90\x52\x08\xB4\xFF\xA8\x8C\xC1\xE0\xC7\x89\x56\x10\x39\x33\xEF\x68\xB4\x5F\x5F\xDA\x6D\x23\xA1\x89\x5E\x22\xA3\x4A\x06\xF0\x27\xF0\x57\xB9\xF8\xE9\x4E\x32\x77\x0A\x3F\x41\x64\xF3\xEB\x65\xEE\x76\xFE\x54\xAA\x7D\x1D\x20\xAE\xF3\xD7\x74\xC2\x0A\x5F\xF5\x08\x28\x52\x08\xCC\x55\x5D\xD2\x0F\xDB\x9A\x81\xA5\xBB\xA1\xB3\xC1\x94\xCD\x54\xE0\x32\x75\x31\x91\x1A\x62\xB2\xDE\x75\xE2\xCF\x4F\x89\xD9\x91\x90\x0F\x41\x1B\xB4\x5A\x4A\x77\xBD\x67\x83\xE0\x93\xE7\x5E\xA7\x0C\xE7\x81\xD3\xF4\x52\xAC\x53\xB2\x03\xC7\x44\x26\xFB\x79\xE5\xCB\x34\x60\x50\x10\x7B\x1B\xDB\x6B\xD7\x47\xAB\x5F\x7C\x68\xCA\x6E\x9D\x41\x03\x10\xEE\x6B\x99\x7B\x5E\x25\xA8\xC2\xAB\xE4\xC0\xF3\x5C\x9C\xE3\xBE\xCE\x31\x4C\x64\x1E\x5E\x80\xA2\xF5\x83\x7E\x0C\xD6\xCA\x8C\x55\x8E\xBE\xE0\xBE\x49\x07\x0F\xA3\x24\x41\x7A\x58\x1D\x84\xEA\x58\x12\xC8\xE1\xB7\xED\xEF\x93\xDE\x94\x08\x31\x02\x03\x01\x00\x01\xA3\x82\x03\x3B\x30\x82\x03\x37\x30\x32\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x01\x04\x26\x30\x24\x30\x22\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x01\x86\x16\x68\x74\x74\x70\x3A\x2F\x2F\x6F\x63\x73\x70\x2E\x70\x6B\x69\x2E\x67\x76\x61\x2E\x65\x73\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x02\x30\x82\x02\x34\x06\x03\x55\x1D\x20\x04\x82\x02\x2B\x30\x82\x02\x27\x30\x82\x02\x23\x06\x0A\x2B\x06\x01\x04\x01\xBF\x55\x02\x01\x00\x30\x82\x02\x13\x30\x82\x01\xE8\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x82\x01\xDA\x1E\x82\x01\xD6\x00\x41\x00\x75\x00\x74\x00\x6F\x00\x72\x00\x69\x00\x64\x00\x61\x00\x64\x00\x20\x00\x64\x00\x65\x00\x20\x00\x43\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x52\x00\x61\x00\xED\x00\x7A\x00\x20\x00\x64\x00\x65\x00\x20\x00\x6C\x00\x61\x00\x20\x00\x47\x00\x65\x00\x6E\x00\x65\x00\x72\x00\x61\x00\x6C\x00\x69\x00\x74\x00\x61\x00\x74\x00\x20\x00\x56\x00\x61\x00\x6C\x00\x65\x00\x6E\x00\x63\x00\x69\x00\x61\x00\x6E\x00\x61\x00\x2E\x00\x0D\x00\x0A\x00\x4C\x00\x61\x00\x20\x00\x44\x00\x65\x00\x63\x00\x6C\x00\x61\x00\x72\x00\x61\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x64\x00\x65\x00\x20\x00\x50\x00\x72\x00\xE1\x00\x63\x00\x74\x00\x69\x00\x63\x00\x61\x00\x73\x00\x20\x00\x64\x00\x65\x00\x20\x00\x43\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x71\x00\x75\x00\x65\x00\x20\x00\x72\x00\x69\x00\x67\x00\x65\x00\x20\x00\x65\x00\x6C\x00\x20\x00\x66\x00\x75\x00\x6E\x00\x63\x00\x69\x00\x6F\x00\x6E\x00\x61\x00\x6D\x00\x69\x00\x65\x00\x6E\x00\x74\x00\x6F\x00\x20\x00\x64\x00\x65\x00\x20\x00\x6C\x00\x61\x00\x20\x00\x70\x00\x72\x00\x65\x00\x73\x00\x65\x00\x6E\x00\x74\x00\x65\x00\x20\x00\x41\x00\x75\x00\x74\x00\x6F\x00\x72\x00\x69\x00\x64\x00\x61\x00\x64\x00\x20\x00\x64\x00\x65\x00\x20\x00\x43\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x73\x00\x65\x00\x20\x00\x65\x00\x6E\x00\x63\x00\x75\x00\x65\x00\x6E\x00\x74\x00\x72\x00\x61\x00\x20\x00\x65\x00\x6E\x00\x20\x00\x6C\x00\x61\x00\x20\x00\x64\x00\x69\x00\x72\x00\x65\x00\x63\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x77\x00\x65\x00\x62\x00\x20\x00\x68\x00\x74\x00\x74\x00\x70\x00\x3A\x00\x2F\x00\x2F\x00\x77\x00\x77\x00\x77\x00\x2E\x00\x70\x00\x6B\x00\x69\x00\x2E\x00\x67\x00\x76\x00\x61\x00\x2E\x00\x65\x00\x73\x00\x2F\x00\x63\x00\x70\x00\x73\x30\x25\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x19\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x70\x6B\x69\x2E\x67\x76\x61\x2E\x65\x73\x2F\x63\x70\x73\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x7B\x35\xD3\x40\xD2\x1C\x78\x19\x66\xEF\x74\x10\x28\xDC\x3E\x4F\xB2\x78\x04\xFC\x30\x81\x95\x06\x03\x55\x1D\x23\x04\x81\x8D\x30\x81\x8A\x80\x14\x7B\x35\xD3\x40\xD2\x1C\x78\x19\x66\xEF\x74\x10\x28\xDC\x3E\x4F\xB2\x78\x04\xFC\xA1\x6C\xA4\x6A\x30\x68\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x1F\x30\x1D\x06\x03\x55\x04\x0A\x13\x16\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x31\x0F\x30\x0D\x06\x03\x55\x04\x0B\x13\x06\x50\x4B\x49\x47\x56\x41\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x52\x6F\x6F\x74\x20\x43\x41\x20\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x82\x04\x3B\x45\xE5\x68\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x24\x61\x4E\xF5\xB5\xC8\x42\x02\x2A\xB3\x5C\x75\xAD\xC5\x6D\xCA\xE7\x94\x3F\xA5\x68\x95\x88\xC1\x54\xC0\x10\x69\xA2\x12\x2F\x18\x3F\x25\x50\xA8\x7C\x4A\xEA\xC6\x09\xD9\xF4\x75\xC6\x40\xDA\xAF\x50\x9D\x3D\xA5\x16\xBB\x6D\x31\xC6\xC7\x73\x0A\x48\xFE\x20\x72\xED\x6F\xCC\xE8\x83\x61\x16\x46\x90\x01\x95\x4B\x7D\x8E\x9A\x52\x09\x2F\xF6\x6F\x1C\xE4\xA1\x71\xCF\x8C\x2A\x5A\x17\x73\x83\x47\x4D\x0F\x36\xFB\x04\x4D\x49\x51\xE2\x14\xC9\x64\x61\xFB\xD4\x14\xE0\xF4\x9E\xB7\x34\x8F\x0A\x26\xBD\x97\x5C\xF4\x79\x3A\x4A\x30\x19\xCC\xAD\x4F\xA0\x98\x8A\xB4\x31\x97\x2A\xE2\x73\x6D\x7E\x78\xB8\xF8\x88\x89\x4F\xB1\x22\x91\x64\x4B\xF5\x50\xDE\x03\xDB\xE5\xC5\x76\xE7\x13\x66\x75\x7E\x65\xFB\x01\x9F\x93\x87\x88\x9D\xF9\x46\x57\x7C\x4D\x60\xAF\x98\x73\x13\x23\xA4\x20\x91\x81\xFA\xD0\x61\x66\xB8\x7D\xD1\xAF\xD6\x6F\x1E\x6C\x3D\xE9\x11\xFD\xA9\xF9\x82\x22\x86\x99\x33\x71\x5A\xEA\x19\x57\x3D\x91\xCD\xA9\xC0\xA3\x6E\x07\x13\xA6\xC9\xED\xF8\x68\xA3\x9E\xC3\x5A\x72\x09\x87\x28\xD1\xC4\x73\xC4\x73\x18\x5F\x50\x75\x16\x31\x9F\xB7\xE8\x7C\xC3",
 	["CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT"] = "\x30\x82\x03\xCF\x30\x82\x02\xB7\xA0\x03\x02\x01\x02\x02\x03\x01\x6C\x1E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x8D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x41\x54\x31\x48\x30\x46\x06\x03\x55\x04\x0A\x0C\x3F\x41\x2D\x54\x72\x75\x73\x74\x20\x47\x65\x73\x2E\x20\x66\x2E\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x73\x79\x73\x74\x65\x6D\x65\x20\x69\x6D\x20\x65\x6C\x65\x6B\x74\x72\x2E\x20\x44\x61\x74\x65\x6E\x76\x65\x72\x6B\x65\x68\x72\x20\x47\x6D\x62\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x0C\x10\x41\x2D\x54\x72\x75\x73\x74\x2D\x6E\x51\x75\x61\x6C\x2D\x30\x33\x31\x19\x30\x17\x06\x03\x55\x04\x03\x0C\x10\x41\x2D\x54\x72\x75\x73\x74\x2D\x6E\x51\x75\x61\x6C\x2D\x30\x33\x30\x1E\x17\x0D\x30\x35\x30\x38\x31\x37\x32\x32\x30\x30\x30\x30\x5A\x17\x0D\x31\x35\x30\x38\x31\x37\x32\x32\x30\x30\x30\x30\x5A\x30\x81\x8D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x41\x54\x31\x48\x30\x46\x06\x03\x55\x04\x0A\x0C\x3F\x41\x2D\x54\x72\x75\x73\x74\x20\x47\x65\x73\x2E\x20\x66\x2E\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x73\x79\x73\x74\x65\x6D\x65\x20\x69\x6D\x20\x65\x6C\x65\x6B\x74\x72\x2E\x20\x44\x61\x74\x65\x6E\x76\x65\x72\x6B\x65\x68\x72\x20\x47\x6D\x62\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x0C\x10\x41\x2D\x54\x72\x75\x73\x74\x2D\x6E\x51\x75\x61\x6C\x2D\x30\x33\x31\x19\x30\x17\x06\x03\x55\x04\x03\x0C\x10\x41\x2D\x54\x72\x75\x73\x74\x2D\x6E\x51\x75\x61\x6C\x2D\x30\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAD\x3D\x61\x6E\x03\xF3\x90\x3B\xC0\x41\x0B\x84\x80\xCD\xEC\x2A\xA3\x9D\x6B\xBB\x6E\xC2\x42\x84\xF7\x51\x14\xE1\xA0\xA8\x2D\x51\xA3\x51\xF2\xDE\x23\xF0\x34\x44\xFF\x94\xEB\xCC\x05\x23\x95\x40\xB9\x07\x78\xA5\x25\xF6\x0A\xBD\x45\x86\xE8\xD9\xBD\xC0\x04\x8E\x85\x44\x61\xEF\x7F\xA7\xC9\xFA\xC1\x25\xCC\x85\x2C\x63\x3F\x05\x60\x73\x49\x05\xE0\x60\x78\x95\x10\x4B\xDC\xF9\x11\x59\xCE\x71\x7F\x40\x9B\x8A\xAA\x24\xDF\x0B\x42\xE2\xDB\x56\xBC\x4A\xD2\xA5\x0C\x9B\xB7\x43\x3E\xDD\x83\xD3\x26\x10\x02\xCF\xEA\x23\xC4\x49\x4E\xE5\xD3\xE9\xB4\x88\xAB\x0C\xAE\x62\x92\xD4\x65\x87\xD9\x6A\xD7\xF4\x85\x9F\xE4\x33\x22\x25\xA5\xE5\xC8\x33\xBA\xC3\xC7\x41\xDC\x5F\xC6\x6A\xCC\x00\x0E\x6D\x32\xA8\xB6\x87\x36\x00\x62\x77\x9B\x1E\x1F\x34\xCB\x90\x3C\x78\x88\x74\x05\xEB\x79\xF5\x93\x71\x65\xCA\x9D\xC7\x6B\x18\x2D\x3D\x5C\x4E\xE7\xD5\xF8\x3F\x31\x7D\x8F\x87\xEC\x0A\x22\x2F\x23\xE9\xFE\xBB\x7D\xC9\xE0\xF4\xEC\xEB\x7C\xC4\xB0\xC3\x2D\x62\xB5\x9A\x71\xD6\xB1\x6A\xE8\xEC\xD9\xED\xD5\x72\xEC\xBE\x57\x01\xCE\x05\x55\x9F\xDE\xD1\x60\x88\x10\xB3\x02\x03\x01\x00\x01\xA3\x36\x30\x34\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x11\x06\x03\x55\x1D\x0E\x04\x0A\x04\x08\x44\x6A\x95\x67\x55\x79\x11\x4F\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x55\xD4\x54\xD1\x59\x48\x5C\xB3\x93\x85\xAA\xBF\x63\x2F\xE4\x80\xCE\x34\xA3\x34\x62\x3E\xF6\xD8\xEE\x67\x88\x31\x04\x03\x6F\x0B\xD4\x07\xFB\x4E\x75\x0F\xD3\x2E\xD3\xC0\x17\xC7\xC6\x28\xEC\x06\x0D\x11\x24\x0E\x0E\xA5\x5D\xBF\x8C\xB2\x13\x96\x71\xDC\xD4\xCE\x0E\x0D\x0A\x68\x32\x6C\xB9\x41\x31\x19\xAB\xB1\x07\x7B\x4D\x98\xD3\x5C\xB0\xD1\xF0\xA7\x42\xA0\xB5\xC4\x8E\xAF\xFE\xF1\x3F\xF4\xEF\x4F\x46\x00\x76\xEB\x02\xFB\xF9\x9D\xD2\x40\x96\xC7\x88\x3A\xB8\x9F\x11\x79\xF3\x80\x65\xA8\xBD\x1F\xD3\x78\x81\xA0\x51\x4C\x37\xB4\xA6\x5D\x25\x70\xD1\x66\xC9\x68\xF9\x2E\x11\x14\x68\xF1\x54\x98\x08\xAC\x26\x92\x0F\xDE\x89\x9E\xD4\xFA\xB3\x79\x2B\xD2\xA3\x79\xD4\xEC\x8B\xAC\x87\x53\x68\x42\x4C\x51\x51\x74\x1E\x1B\x27\x2E\xE3\xF5\x1F\x29\x74\x4D\xED\xAF\xF7\xE1\x92\x99\x81\xE8\xBE\x3A\xC7\x17\x50\xF6\xB7\xC6\xFC\x9B\xB0\x8A\x6B\xD6\x88\x03\x91\x8F\x06\x77\x3A\x85\x02\xDD\x98\xD5\x43\x78\x3F\xC6\x30\x15\xAC\x9B\x6B\xCB\x57\xB7\x89\x51\x8B\x3A\xE8\xC9\x84\x0C\xDB\xB1\x50\x20\x0A\x1A\x4A\xBA\x6A\x1A\xBD\xEC\x1B\xC8\xC5\x84\x9A\xCD",
 	["CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW"] = "\x30\x82\x03\x7B\x30\x82\x02\x63\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x0C\x09\x54\x41\x49\x57\x41\x4E\x2D\x43\x41\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x0C\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x0C\x21\x54\x57\x43\x41\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x38\x30\x38\x32\x38\x30\x37\x32\x34\x33\x33\x5A\x17\x0D\x33\x30\x31\x32\x33\x31\x31\x35\x35\x39\x35\x39\x5A\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x0C\x09\x54\x41\x49\x57\x41\x4E\x2D\x43\x41\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x0C\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x0C\x21\x54\x57\x43\x41\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB0\x7E\x72\xB8\xA4\x03\x94\xE6\xA7\xDE\x09\x38\x91\x4A\x11\x40\x87\xA7\x7C\x59\x64\x14\x7B\xB5\x11\x10\xDD\xFE\xBF\xD5\xC0\xBB\x56\xE2\x85\x25\xF4\x35\x72\x0F\xF8\x53\xD0\x41\xE1\x44\x01\xC2\xB4\x1C\xC3\x31\x42\x16\x47\x85\x33\x22\x76\xB2\x0A\x6F\x0F\xE5\x25\x50\x4F\x85\x86\xBE\xBF\x98\x2E\x10\x67\x1E\xBE\x11\x05\x86\x05\x90\xC4\x59\xD0\x7C\x78\x10\xB0\x80\x5C\xB7\xE1\xC7\x2B\x75\xCB\x7C\x9F\xAE\xB5\xD1\x9D\x23\x37\x63\xA7\xDC\x42\xA2\x2D\x92\x04\x1B\x50\xC1\x7B\xB8\x3E\x1B\xC9\x56\x04\x8B\x2F\x52\x9B\xAD\xA9\x56\xE9\xC1\xFF\xAD\xA9\x58\x87\x30\xB6\x81\xF7\x97\x45\xFC\x19\x57\x3B\x2B\x6F\xE4\x47\xF4\x99\x45\xFE\x1D\xF1\xF8\x97\xA3\x88\x1D\x37\x1C\x5C\x8F\xE0\x76\x25\x9A\x50\xF8\xA0\x54\xFF\x44\x90\x76\x23\xD2\x32\xC6\xC3\xAB\x06\xBF\xFC\xFB\xBF\xF3\xAD\x7D\x92\x62\x02\x5B\x29\xD3\x35\xA3\x93\x9A\x43\x64\x60\x5D\xB2\xFA\x32\xFF\x3B\x04\xAF\x4D\x40\x6A\xF9\xC7\xE3\xEF\x23\xFD\x6B\xCB\xE5\x0F\x8B\x38\x0D\xEE\x0A\xFC\xFE\x0F\x98\x9F\x30\x31\xDD\x6C\x52\x65\xF9\x8B\x81\xBE\x22\xE1\x1C\x58\x03\xBA\x91\x1B\x89\x07\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x6A\x38\x5B\x26\x8D\xDE\x8B\x5A\xF2\x4F\x7A\x54\x83\x19\x18\xE3\x08\x35\xA6\xBA\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3C\xD5\x77\x3D\xDA\xDF\x89\xBA\x87\x0C\x08\x54\x6A\x20\x50\x92\xBE\xB0\x41\x3D\xB9\x26\x64\x83\x0A\x2F\xE8\x40\xC0\x97\x28\x27\x82\x30\x4A\xC9\x93\xFF\x6A\xE7\xA6\x00\x7F\x89\x42\x9A\xD6\x11\xE5\x53\xCE\x2F\xCC\xF2\xDA\x05\xC4\xFE\xE2\x50\xC4\x3A\x86\x7D\xCC\xDA\x7E\x10\x09\x3B\x92\x35\x2A\x53\xB2\xFE\xEB\x2B\x05\xD9\x6C\x5D\xE6\xD0\xEF\xD3\x6A\x66\x9E\x15\x28\x85\x7A\xE8\x82\x00\xAC\x1E\xA7\x09\x69\x56\x42\xD3\x68\x51\x18\xBE\x54\x9A\xBF\x44\x41\xBA\x49\xBE\x20\xBA\x69\x5C\xEE\xB8\x77\xCD\xCE\x6C\x1F\xAD\x83\x96\x18\x7D\x0E\xB5\x14\x39\x84\xF1\x28\xE9\x2D\xA3\x9E\x7B\x1E\x7A\x72\x5A\x83\xB3\x79\x6F\xEF\xB4\xFC\xD0\x0A\xA5\x58\x4F\x46\xDF\xFB\x6D\x79\x59\xF2\x84\x22\x52\xAE\x0F\xCC\xFB\x7C\x3B\xE7\x6A\xCA\x47\x61\xC3\x7A\xF8\xD3\x92\x04\x1F\xB8\x20\x84\xE1\x36\x54\x16\xC7\x40\xDE\x3B\x8A\x73\xDC\xDF\xC6\x09\x4C\xDF\xEC\xDA\xFF\xD4\x53\x42\xA1\xC9\xF2\x62\x1D\x22\x83\x3C\x97\xC5\xF9\x19\x62\x27\xAC\x65\x22\xD7\xD3\x3C\xC6\xE5\x8E\xB2\x53\xCC\x49\xCE\xBC\x30\xFE\x7B\x0E\x33\x90\xFB\xED\xD2\x14\x91\x1F\x07\xAF",
+	["OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP"] = "\x30\x82\x03\x77\x30\x82\x02\x5F\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x5D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x45\x43\x4F\x4D\x20\x54\x72\x75\x73\x74\x20\x53\x79\x73\x74\x65\x6D\x73\x20\x43\x4F\x2E\x2C\x4C\x54\x44\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6F\x6D\x6D\x75\x6E\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x43\x41\x32\x30\x1E\x17\x0D\x30\x39\x30\x35\x32\x39\x30\x35\x30\x30\x33\x39\x5A\x17\x0D\x32\x39\x30\x35\x32\x39\x30\x35\x30\x30\x33\x39\x5A\x30\x5D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x45\x43\x4F\x4D\x20\x54\x72\x75\x73\x74\x20\x53\x79\x73\x74\x65\x6D\x73\x20\x43\x4F\x2E\x2C\x4C\x54\x44\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6F\x6D\x6D\x75\x6E\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x43\x41\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xD0\x15\x39\x52\xB1\x52\xB3\xBA\xC5\x59\x82\xC4\x5D\x52\xAE\x3A\x43\x65\x80\x4B\xC7\xF2\x96\xBC\xDB\x36\x97\xD6\xA6\x64\x8C\xA8\x5E\xF0\xE3\x0A\x1C\xF7\xDF\x97\x3D\x4B\xAE\xF6\x5D\xEC\x21\xB5\x41\xAB\xCD\xB9\x7E\x76\x9F\xBE\xF9\x3E\x36\x34\xA0\x3B\xC1\xF6\x31\x11\x45\x74\x93\x3D\x57\x80\xC5\xF9\x89\x99\xCA\xE5\xAB\x6A\xD4\xB5\xDA\x41\x90\x10\xC1\xD6\xD6\x42\x89\xC2\xBF\xF4\x38\x12\x95\x4C\x54\x05\xF7\x36\xE4\x45\x83\x7B\x14\x65\xD6\xDC\x0C\x4D\xD1\xDE\x7E\x0C\xAB\x3B\xC4\x15\xBE\x3A\x56\xA6\x5A\x6F\x76\x69\x52\xA9\x7A\xB9\xC8\xEB\x6A\x9A\x5D\x52\xD0\x2D\x0A\x6B\x35\x16\x09\x10\x84\xD0\x6A\xCA\x3A\x06\x00\x37\x47\xE4\x7E\x57\x4F\x3F\x8B\xEB\x67\xB8\x88\xAA\xC5\xBE\x53\x55\xB2\x91\xC4\x7D\xB9\xB0\x85\x19\x06\x78\x2E\xDB\x61\x1A\xFA\x85\xF5\x4A\x91\xA1\xE7\x16\xD5\x8E\xA2\x39\xDF\x94\xB8\x70\x1F\x28\x3F\x8B\xFC\x40\x5E\x63\x83\x3C\x83\x2A\x1A\x99\x6B\xCF\xDE\x59\x6A\x3B\xFC\x6F\x16\xD7\x1F\xFD\x4A\x10\xEB\x4E\x82\x16\x3A\xAC\x27\x0C\x53\xF1\xAD\xD5\x24\xB0\x6B\x03\x50\xC1\x2D\x3C\x16\xDD\x44\x34\x27\x1A\x75\xFB\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x0A\x85\xA9\x77\x65\x05\x98\x7C\x40\x81\xF8\x0F\x97\x2C\x38\xF1\x0A\xEC\x3C\xCF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x4C\x3A\xA3\x44\xAC\xB9\x45\xB1\xC7\x93\x7E\xC8\x0B\x0A\x42\xDF\x64\xEA\x1C\xEE\x59\x6C\x08\xBA\x89\x5F\x6A\xCA\x4A\x95\x9E\x7A\x8F\x07\xC5\xDA\x45\x72\x82\x71\x0E\x3A\xD2\xCC\x6F\xA7\xB4\xA1\x23\xBB\xF6\x24\x9F\xCB\x17\xFE\x8C\xA6\xCE\xC2\xD2\xDB\xCC\x8D\xFC\x71\xFC\x03\x29\xC1\x6C\x5D\x33\x5F\x64\xB6\x65\x3B\x89\x6F\x18\x76\x78\xF5\xDC\xA2\x48\x1F\x19\x3F\x8E\x93\xEB\xF1\xFA\x17\xEE\xCD\x4E\xE3\x04\x12\x55\xD6\xE5\xE4\xDD\xFB\x3E\x05\x7C\xE2\x1D\x5E\xC6\xA7\xBC\x97\x4F\x68\x3A\xF5\xE9\x2E\x0A\x43\xB6\xAF\x57\x5C\x62\x68\x7C\xB7\xFD\xA3\x8A\x84\xA0\xAC\x62\xBE\x2B\x09\x87\x34\xF0\x6A\x01\xBB\x9B\x29\x56\x3C\xFE\x00\x37\xCF\x23\x6C\xF1\x4E\xAA\xB6\x74\x46\x12\x6C\x91\xEE\x34\xD5\xEC\x9A\x91\xE7\x44\xBE\x90\x31\x72\xD5\x49\x02\xF6\x02\xE5\xF4\x1F\xEB\x7C\xD9\x96\x55\xA9\xFF\xEC\x8A\xF9\x99\x47\xFF\x35\x5A\x02\xAA\x04\xCB\x8A\x5B\x87\x71\x29\x91\xBD\xA4\xB4\x7A\x0D\xBD\x9A\xF5\x57\x23\x00\x07\x21\x17\x3F\x4A\x39\xD1\x05\x49\x0B\xA7\xB6\x37\x81\xA5\x5D\x8C\xAA\x33\x5E\x81\x28\x7C\xA7\x7D\x27\xEB\x00\xAE\x8D\x37",
+	["CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES"] = "\x30\x82\x05\x56\x30\x82\x04\x3E\xA0\x03\x02\x01\x02\x02\x10\xEE\x2B\x3D\xEB\xD4\x21\xDE\x14\xA8\x62\xAC\x04\xF3\xDD\xC4\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xF3\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x3B\x30\x39\x06\x03\x55\x04\x0A\x13\x32\x41\x67\x65\x6E\x63\x69\x61\x20\x43\x61\x74\x61\x6C\x61\x6E\x61\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x20\x28\x4E\x49\x46\x20\x51\x2D\x30\x38\x30\x31\x31\x37\x36\x2D\x49\x29\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x53\x65\x72\x76\x65\x69\x73\x20\x50\x75\x62\x6C\x69\x63\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x56\x65\x67\x65\x75\x20\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x2F\x76\x65\x72\x61\x72\x72\x65\x6C\x20\x28\x63\x29\x30\x33\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x4A\x65\x72\x61\x72\x71\x75\x69\x61\x20\x45\x6E\x74\x69\x74\x61\x74\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x20\x43\x61\x74\x61\x6C\x61\x6E\x65\x73\x31\x0F\x30\x0D\x06\x03\x55\x04\x03\x13\x06\x45\x43\x2D\x41\x43\x43\x30\x1E\x17\x0D\x30\x33\x30\x31\x30\x37\x32\x33\x30\x30\x30\x30\x5A\x17\x0D\x33\x31\x30\x31\x30\x37\x32\x32\x35\x39\x35\x39\x5A\x30\x81\xF3\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x3B\x30\x39\x06\x03\x55\x04\x0A\x13\x32\x41\x67\x65\x6E\x63\x69\x61\x20\x43\x61\x74\x61\x6C\x61\x6E\x61\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x20\x28\x4E\x49\x46\x20\x51\x2D\x30\x38\x30\x31\x31\x37\x36\x2D\x49\x29\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x53\x65\x72\x76\x65\x69\x73\x20\x50\x75\x62\x6C\x69\x63\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x56\x65\x67\x65\x75\x20\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x2F\x76\x65\x72\x61\x72\x72\x65\x6C\x20\x28\x63\x29\x30\x33\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x4A\x65\x72\x61\x72\x71\x75\x69\x61\x20\x45\x6E\x74\x69\x74\x61\x74\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x20\x43\x61\x74\x61\x6C\x61\x6E\x65\x73\x31\x0F\x30\x0D\x06\x03\x55\x04\x03\x13\x06\x45\x43\x2D\x41\x43\x43\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB3\x22\xC7\x4F\xE2\x97\x42\x95\x88\x47\x83\x40\xF6\x1D\x17\xF3\x83\x73\x24\x1E\x51\xF3\x98\x8A\xC3\x92\xB8\xFF\x40\x90\x05\x70\x87\x60\xC9\x00\xA9\xB5\x94\x65\x19\x22\x15\x17\xC2\x43\x6C\x66\x44\x9A\x0D\x04\x3E\x39\x6F\xA5\x4B\x7A\xAA\x63\xB7\x8A\x44\x9D\xD9\x63\x91\x84\x66\xE0\x28\x0F\xBA\x42\xE3\x6E\x8E\xF7\x14\x27\x93\x69\xEE\x91\x0E\xA3\x5F\x0E\xB1\xEB\x66\xA2\x72\x4F\x12\x13\x86\x65\x7A\x3E\xDB\x4F\x07\xF4\xA7\x09\x60\xDA\x3A\x42\x99\xC7\xB2\x7F\xB3\x16\x95\x1C\xC7\xF9\x34\xB5\x94\x85\xD5\x99\x5E\xA0\x48\xA0\x7E\xE7\x17\x65\xB8\xA2\x75\xB8\x1E\xF3\xE5\x42\x7D\xAF\xED\xF3\x8A\x48\x64\x5D\x82\x14\x93\xD8\xC0\xE4\xFF\xB3\x50\x72\xF2\x76\xF6\xB3\x5D\x42\x50\x79\xD0\x94\x3E\x6B\x0C\x00\xBE\xD8\x6B\x0E\x4E\x2A\xEC\x3E\xD2\xCC\x82\xA2\x18\x65\x33\x13\x77\x9E\x9A\x5D\x1A\x13\xD8\xC3\xDB\x3D\xC8\x97\x7A\xEE\x70\xED\xA7\xE6\x7C\xDB\x71\xCF\x2D\x94\x62\xDF\x6D\xD6\xF5\x38\xBE\x3F\xA5\x85\x0A\x19\xB8\xA8\xD8\x09\x75\x42\x70\xC4\xEA\xEF\xCB\x0E\xC8\x34\xA8\x12\x22\x98\x0C\xB8\x13\x94\xB6\x4B\xEC\xF0\xD0\x90\xE7\x27\x02\x03\x01\x00\x01\xA3\x81\xE3\x30\x81\xE0\x30\x1D\x06\x03\x55\x1D\x11\x04\x16\x30\x14\x81\x12\x65\x63\x5F\x61\x63\x63\x40\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA0\xC3\x8B\x44\xAA\x37\xA5\x45\xBF\x97\x80\x5A\xD1\xF1\x78\xA2\x9B\xE9\x5D\x8D\x30\x7F\x06\x03\x55\x1D\x20\x04\x78\x30\x76\x30\x74\x06\x0B\x2B\x06\x01\x04\x01\xF5\x78\x01\x03\x01\x0A\x30\x65\x30\x2C\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x20\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x2F\x76\x65\x72\x61\x72\x72\x65\x6C\x30\x35\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x29\x1A\x27\x56\x65\x67\x65\x75\x20\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x2F\x76\x65\x72\x61\x72\x72\x65\x6C\x20\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xA0\x48\x5B\x82\x01\xF6\x4D\x48\xB8\x39\x55\x35\x9C\x80\x7A\x53\x99\xD5\x5A\xFF\xB1\x71\x3B\xCC\x39\x09\x94\x5E\xD6\xDA\xEF\xBE\x01\x5B\x5D\xD3\x1E\xD8\xFD\x7D\x4F\xCD\xA0\x41\xE0\x34\x93\xBF\xCB\xE2\x86\x9C\x37\x92\x90\x56\x1C\xDC\xEB\x29\x05\xE5\xC4\x9E\xC7\x35\xDF\x8A\x0C\xCD\xC5\x21\x43\xE9\xAA\x88\xE5\x35\xC0\x19\x42\x63\x5A\x02\x5E\xA4\x48\x18\x3A\x85\x6F\xDC\x9D\xBC\x3F\x9D\x9C\xC1\x87\xB8\x7A\x61\x08\xE9\x77\x0B\x7F\x70\xAB\x7A\xDD\xD9\x97\x2C\x64\x1E\x85\xBF\xBC\x74\x96\xA1\xC3\x7A\x12\xEC\x0C\x1A\x6E\x83\x0C\x3C\xE8\x72\x46\x9F\xFB\x48\xD5\x5E\x97\xE6\xB1\xA1\xF8\xE4\xEF\x46\x25\x94\x9C\x89\xDB\x69\x38\xBE\xEC\x5C\x0E\x56\xC7\x65\x51\xE5\x50\x88\x88\xBF\x42\xD5\x2B\x3D\xE5\xF9\xBA\x9E\x2E\xB3\xCA\xF4\x73\x92\x02\x0B\xBE\x4C\x66\xEB\x20\xFE\xB9\xCB\xB5\x99\x7F\xE6\xB6\x13\xFA\xCA\x4B\x4D\xD9\xEE\x53\x46\x06\x3B\xC6\x4E\xAD\x93\x5A\x81\x7E\x6C\x2A\x4B\x6A\x05\x45\x8C\xF2\x21\xA4\x31\x90\x87\x6C\x65\x9C\x9D\xA5\x60\x95\x3A\x52\x7F\xF5\xD1\xAB\x08\x6E\xF3\xEE\x5B\xF9\x88\x3D\x7E\xB8\x6F\x6E\x03\xE4\x42",
+	["CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR"] = "\x30\x82\x04\x31\x30\x82\x03\x19\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x95\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x52\x31\x44\x30\x42\x06\x03\x55\x04\x0A\x13\x3B\x48\x65\x6C\x6C\x65\x6E\x69\x63\x20\x41\x63\x61\x64\x65\x6D\x69\x63\x20\x61\x6E\x64\x20\x52\x65\x73\x65\x61\x72\x63\x68\x20\x49\x6E\x73\x74\x69\x74\x75\x74\x69\x6F\x6E\x73\x20\x43\x65\x72\x74\x2E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x40\x30\x3E\x06\x03\x55\x04\x03\x13\x37\x48\x65\x6C\x6C\x65\x6E\x69\x63\x20\x41\x63\x61\x64\x65\x6D\x69\x63\x20\x61\x6E\x64\x20\x52\x65\x73\x65\x61\x72\x63\x68\x20\x49\x6E\x73\x74\x69\x74\x75\x74\x69\x6F\x6E\x73\x20\x52\x6F\x6F\x74\x43\x41\x20\x32\x30\x31\x31\x30\x1E\x17\x0D\x31\x31\x31\x32\x30\x36\x31\x33\x34\x39\x35\x32\x5A\x17\x0D\x33\x31\x31\x32\x30\x31\x31\x33\x34\x39\x35\x32\x5A\x30\x81\x95\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x52\x31\x44\x30\x42\x06\x03\x55\x04\x0A\x13\x3B\x48\x65\x6C\x6C\x65\x6E\x69\x63\x20\x41\x63\x61\x64\x65\x6D\x69\x63\x20\x61\x6E\x64\x20\x52\x65\x73\x65\x61\x72\x63\x68\x20\x49\x6E\x73\x74\x69\x74\x75\x74\x69\x6F\x6E\x73\x20\x43\x65\x72\x74\x2E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x40\x30\x3E\x06\x03\x55\x04\x03\x13\x37\x48\x65\x6C\x6C\x65\x6E\x69\x63\x20\x41\x63\x61\x64\x65\x6D\x69\x63\x20\x61\x6E\x64\x20\x52\x65\x73\x65\x61\x72\x63\x68\x20\x49\x6E\x73\x74\x69\x74\x75\x74\x69\x6F\x6E\x73\x20\x52\x6F\x6F\x74\x43\x41\x20\x32\x30\x31\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA9\x53\x00\xE3\x2E\xA6\xF6\x8E\xFA\x60\xD8\x2D\x95\x3E\xF8\x2C\x2A\x54\x4E\xCD\xB9\x84\x61\x94\x58\x4F\x8F\x3D\x8B\xE4\x43\xF3\x75\x89\x8D\x51\xE4\xC3\x37\xD2\x8A\x88\x4D\x79\x1E\xB7\x12\xDD\x43\x78\x4A\x8A\x92\xE6\xD7\x48\xD5\x0F\xA4\x3A\x29\x44\x35\xB8\x07\xF6\x68\x1D\x55\xCD\x38\x51\xF0\x8C\x24\x31\x85\xAF\x83\xC9\x7D\xE9\x77\xAF\xED\x1A\x7B\x9D\x17\xF9\xB3\x9D\x38\x50\x0F\xA6\x5A\x79\x91\x80\xAF\x37\xAE\xA6\xD3\x31\xFB\xB5\x26\x09\x9D\x3C\x5A\xEF\x51\xC5\x2B\xDF\x96\x5D\xEB\x32\x1E\x02\xDA\x70\x49\xEC\x6E\x0C\xC8\x9A\x37\x8D\xF7\xF1\x36\x60\x4B\x26\x2C\x82\x9E\xD0\x78\xF3\x0D\x0F\x63\xA4\x51\x30\xE1\xF9\x2B\x27\x12\x07\xD8\xEA\xBD\x18\x62\x98\xB0\x59\x37\x7D\xBE\xEE\xF3\x20\x51\x42\x5A\x83\xEF\x93\xBA\x69\x15\xF1\x62\x9D\x9F\x99\x39\x82\xA1\xB7\x74\x2E\x8B\xD4\xC5\x0B\x7B\x2F\xF0\xC8\x0A\xDA\x3D\x79\x0A\x9A\x93\x1C\xA5\x28\x72\x73\x91\x43\x9A\xA7\xD1\x4D\x85\x84\xB9\xA9\x74\x8F\x14\x40\xC7\xDC\xDE\xAC\x41\x64\x6C\xB4\x19\x9B\x02\x63\x6D\x24\x64\x8F\x44\xB2\x25\xEA\xCE\x5D\x74\x0C\x63\x32\x5C\x8D\x87\xE5\x02\x03\x01\x00\x01\xA3\x81\x89\x30\x81\x86\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA6\x91\x42\xFD\x13\x61\x4A\x23\x9E\x08\xA4\x29\xE5\xD8\x13\x04\x23\xEE\x41\x25\x30\x47\x06\x03\x55\x1D\x1E\x04\x40\x30\x3E\xA0\x3C\x30\x05\x82\x03\x2E\x67\x72\x30\x05\x82\x03\x2E\x65\x75\x30\x06\x82\x04\x2E\x65\x64\x75\x30\x06\x82\x04\x2E\x6F\x72\x67\x30\x05\x81\x03\x2E\x67\x72\x30\x05\x81\x03\x2E\x65\x75\x30\x06\x81\x04\x2E\x65\x64\x75\x30\x06\x81\x04\x2E\x6F\x72\x67\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x1F\xEF\x79\x41\xE1\x7B\x6E\x3F\xB2\x8C\x86\x37\x42\x4A\x4E\x1C\x37\x1E\x8D\x66\xBA\x24\x81\xC9\x4F\x12\x0F\x21\xC0\x03\x97\x86\x25\x6D\x5D\xD3\x22\x29\xA8\x6C\xA2\x0D\xA9\xEB\x3D\x06\x5B\x99\x3A\xC7\xCC\xC3\x9A\x34\x7F\xAB\x0E\xC8\x4E\x1C\xE1\xFA\xE4\xDC\xCD\x0D\xBE\xBF\x24\xFE\x6C\xE7\x6B\xC2\x0D\xC8\x06\x9E\x4E\x8D\x61\x28\xA6\x6A\xFD\xE5\xF6\x62\xEA\x18\x3C\x4E\xA0\x53\x9D\xB2\x3A\x9C\xEB\xA5\x9C\x91\x16\xB6\x4D\x82\xE0\x0C\x05\x48\xA9\x6C\xF5\xCC\xF8\xCB\x9D\x49\xB4\xF0\x02\xA5\xFD\x70\x03\xED\x8A\x21\xA5\xAE\x13\x86\x49\xC3\x33\x73\xBE\x87\x3B\x74\x8B\x17\x45\x26\x4C\x16\x91\x83\xFE\x67\x7D\xCD\x4D\x63\x67\xFA\xF3\x03\x12\x96\x78\x06\x8D\xB1\x67\xED\x8E\x3F\xBE\x9F\x4F\x02\xF5\xB3\x09\x2F\xF3\x4C\x87\xDF\x2A\xCB\x95\x7C\x01\xCC\xAC\x36\x7A\xBF\xA2\x73\x7A\xF7\x8F\xC1\xB5\x9A\xA1\x14\xB2\x8F\x33\x9F\x0D\xEF\x22\xDC\x66\x7B\x84\xBD\x45\x17\x06\x3D\x3C\xCA\xB9\x77\x34\x8F\xCA\xEA\xCF\x3F\x31\x3E\xE3\x88\xE3\x80\x49\x25\xC8\x97\xB5\x9D\x9A\x99\x4D\xB0\x3C\xF8\x4A\x00\x9B\x64\xDD\x9F\x39\x4B\xD1\x27\xD7\xB8",
+	["CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT"] = "\x30\x82\x05\xBB\x30\x82\x03\xA3\xA0\x03\x02\x01\x02\x02\x08\x57\x0A\x11\x97\x42\xC4\xE3\xCC\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x6B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x54\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x0C\x05\x4D\x69\x6C\x61\x6E\x31\x23\x30\x21\x06\x03\x55\x04\x0A\x0C\x1A\x41\x63\x74\x61\x6C\x69\x73\x20\x53\x2E\x70\x2E\x41\x2E\x2F\x30\x33\x33\x35\x38\x35\x32\x30\x39\x36\x37\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x41\x63\x74\x61\x6C\x69\x73\x20\x41\x75\x74\x68\x65\x6E\x74\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x31\x31\x30\x39\x32\x32\x31\x31\x32\x32\x30\x32\x5A\x17\x0D\x33\x30\x30\x39\x32\x32\x31\x31\x32\x32\x30\x32\x5A\x30\x6B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x54\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x0C\x05\x4D\x69\x6C\x61\x6E\x31\x23\x30\x21\x06\x03\x55\x04\x0A\x0C\x1A\x41\x63\x74\x61\x6C\x69\x73\x20\x53\x2E\x70\x2E\x41\x2E\x2F\x30\x33\x33\x35\x38\x35\x32\x30\x39\x36\x37\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x41\x63\x74\x61\x6C\x69\x73\x20\x41\x75\x74\x68\x65\x6E\x74\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA7\xC6\xC4\xA5\x29\xA4\x2C\xEF\xE5\x18\xC5\xB0\x50\xA3\x6F\x51\x3B\x9F\x0A\x5A\xC9\xC2\x48\x38\x0A\xC2\x1C\xA0\x18\x7F\x91\xB5\x87\xB9\x40\x3F\xDD\x1D\x68\x1F\x08\x83\xD5\x2D\x1E\x88\xA0\xF8\x8F\x56\x8F\x6D\x99\x02\x92\x90\x16\xD5\x5F\x08\x6C\x89\xD7\xE1\xAC\xBC\x20\xC2\xB1\xE0\x83\x51\x8A\x69\x4D\x00\x96\x5A\x6F\x2F\xC0\x44\x7E\xA3\x0E\xE4\x91\xCD\x58\xEE\xDC\xFB\xC7\x1E\x45\x47\xDD\x27\xB9\x08\x01\x9F\xA6\x21\x1D\xF5\x41\x2D\x2F\x4C\xFD\x28\xAD\xE0\x8A\xAD\x22\xB4\x56\x65\x8E\x86\x54\x8F\x93\x43\x29\xDE\x39\x46\x78\xA3\x30\x23\xBA\xCD\xF0\x7D\x13\x57\xC0\x5D\xD2\x83\x6B\x48\x4C\xC4\xAB\x9F\x80\x5A\x5B\x3A\xBD\xC9\xA7\x22\x3F\x80\x27\x33\x5B\x0E\xB7\x8A\x0C\x5D\x07\x37\x08\xCB\x6C\xD2\x7A\x47\x22\x44\x35\xC5\xCC\xCC\x2E\x8E\xDD\x2A\xED\xB7\x7D\x66\x0D\x5F\x61\x51\x22\x55\x1B\xE3\x46\xE3\xE3\x3D\xD0\x35\x62\x9A\xDB\xAF\x14\xC8\x5B\xA1\xCC\x89\x1B\xE1\x30\x26\xFC\xA0\x9B\x1F\x81\xA7\x47\x1F\x04\xEB\xA3\x39\x92\x06\x9F\x99\xD3\xBF\xD3\xEA\x4F\x50\x9C\x19\xFE\x96\x87\x1E\x3C\x65\xF6\xA3\x18\x24\x83\x86\x10\xE7\x54\x3E\xA8\x3A\x76\x24\x4F\x81\x21\xC5\xE3\x0F\x02\xF8\x93\x94\x47\x20\xBB\xFE\xD4\x0E\xD3\x68\xB9\xDD\xC4\x7A\x84\x82\xE3\x53\x54\x79\xDD\xDB\x9C\xD2\xF2\x07\x9B\x2E\xB6\xBC\x3E\xED\x85\x6D\xEF\x25\x11\xF2\x97\x1A\x42\x61\xF7\x4A\x97\xE8\x8B\xB1\x10\x07\xFA\x65\x81\xB2\xA2\x39\xCF\xF7\x3C\xFF\x18\xFB\xC6\xF1\x5A\x8B\x59\xE2\x02\xAC\x7B\x92\xD0\x4E\x14\x4F\x59\x45\xF6\x0C\x5E\x28\x5F\xB0\xE8\x3F\x45\xCF\xCF\xAF\x9B\x6F\xFB\x84\xD3\x77\x5A\x95\x6F\xAC\x94\x84\x9E\xEE\xBC\xC0\x4A\x8F\x4A\x93\xF8\x44\x21\xE2\x31\x45\x61\x50\x4E\x10\xD8\xE3\x35\x7C\x4C\x19\xB4\xDE\x05\xBF\xA3\x06\x9F\xC8\xB5\xCD\xE4\x1F\xD7\x17\x06\x0D\x7A\x95\x74\x55\x0D\x68\x1A\xFC\x10\x1B\x62\x64\x9D\x6D\xE0\x95\xA0\xC3\x94\x07\x57\x0D\x14\xE6\xBD\x05\xFB\xB8\x9F\xE6\xDF\x8B\xE2\xC6\xE7\x7E\x96\xF6\x53\xC5\x80\x34\x50\x28\x58\xF0\x12\x50\x71\x17\x30\xBA\xE6\x78\x63\xBC\xF4\xB2\xAD\x9B\x2B\xB2\xFE\xE1\x39\x8C\x5E\xBA\x0B\x20\x94\xDE\x7B\x83\xB8\xFF\xE3\x56\x8D\xB7\x11\xE9\x3B\x8C\xF2\xB1\xC1\x5D\x9D\xA4\x0B\x4C\x2B\xD9\xB2\x18\xF5\xB5\x9F\x4B\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x52\xD8\x88\x3A\xC8\x9F\x78\x66\xED\x89\xF3\x7B\x38\x70\x94\xC9\x02\x02\x36\xD0\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x52\xD8\x88\x3A\xC8\x9F\x78\x66\xED\x89\xF3\x7B\x38\x70\x94\xC9\x02\x02\x36\xD0\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x0B\x7B\x72\x87\xC0\x60\xA6\x49\x4C\x88\x58\xE6\x1D\x88\xF7\x14\x64\x48\xA6\xD8\x58\x0A\x0E\x4F\x13\x35\xDF\x35\x1D\xD4\xED\x06\x31\xC8\x81\x3E\x6A\xD5\xDD\x3B\x1A\x32\xEE\x90\x3D\x11\xD2\x2E\xF4\x8E\xC3\x63\x2E\x23\x66\xB0\x67\xBE\x6F\xB6\xC0\x13\x39\x60\xAA\xA2\x34\x25\x93\x75\x52\xDE\xA7\x9D\xAD\x0E\x87\x89\x52\x71\x6A\x16\x3C\x19\x1D\x83\xF8\x9A\x29\x65\xBE\xF4\x3F\x9A\xD9\xF0\xF3\x5A\x87\x21\x71\x80\x4D\xCB\xE0\x38\x9B\x3F\xBB\xFA\xE0\x30\x4D\xCF\x86\xD3\x65\x10\x19\x18\xD1\x97\x02\xB1\x2B\x72\x42\x68\xAC\xA0\xBD\x4E\x5A\xDA\x18\xBF\x6B\x98\x81\xD0\xFD\x9A\xBE\x5E\x15\x48\xCD\x11\x15\xB9\xC0\x29\x5C\xB4\xE8\x88\xF7\x3E\x36\xAE\xB7\x62\xFD\x1E\x62\xDE\x70\x78\x10\x1C\x48\x5B\xDA\xBC\xA4\x38\xBA\x67\xED\x55\x3E\x5E\x57\xDF\xD4\x03\x40\x4C\x81\xA4\xD2\x4F\x63\xA7\x09\x42\x09\x14\xFC\x00\xA9\xC2\x80\x73\x4F\x2E\xC0\x40\xD9\x11\x7B\x48\xEA\x7A\x02\xC0\xD3\xEB\x28\x01\x26\x58\x74\xC1\xC0\x73\x22\x6D\x93\x95\xFD\x39\x7D\xBB\x2A\xE3\xF6\x82\xE3\x2C\x97\x5F\x4E\x1F\x91\x94\xFA\xFE\x2C\xA3\xD8\x76\x1A\xB8\x4D\xB2\x38\x4F\x9B\xFA\x1D\x48\x60\x79\x26\xE2\xF3\xFD\xA9\xD0\x9A\xE8\x70\x8F\x49\x7A\xD6\xE5\xBD\x0A\x0E\xDB\x2D\xF3\x8D\xBF\xEB\xE3\xA4\x7D\xCB\xC7\x95\x71\xE8\xDA\xA3\x7C\xC5\xC2\xF8\x74\x92\x04\x1B\x86\xAC\xA4\x22\x53\x40\xB6\xAC\xFE\x4C\x76\xCF\xFB\x94\x32\xC0\x35\x9F\x76\x3F\x6E\xE5\x90\x6E\xA0\xA6\x26\xA2\xB8\x2C\xBE\xD1\x2B\x85\xFD\xA7\x68\xC8\xBA\x01\x2B\xB1\x6C\x74\x1D\xB8\x73\x95\xE7\xEE\xB7\xC7\x25\xF0\x00\x4C\x00\xB2\x7E\xB6\x0B\x8B\x1C\xF3\xC0\x50\x9E\x25\xB9\xE0\x08\xDE\x36\x66\xFF\x37\xA5\xD1\xBB\x54\x64\x2C\xC9\x27\xB5\x4B\x92\x7E\x65\xFF\xD3\x2D\xE1\xB9\x4E\xBC\x7F\xA4\x41\x21\x90\x41\x77\xA6\x39\x1F\xEA\x9E\xE3\x9F\xD0\x66\x6F\x05\xEC\xAA\x76\x7E\xBF\x6B\x16\xA0\xEB\xB5\xC7\xFC\x92\x54\x2F\x2B\x11\x27\x25\x37\x78\x4C\x51\x6A\xB0\xF3\xCC\x58\x5D\x14\xF1\x6A\x48\x15\xFF\xC2\x07\xB6\xB1\x8D\x0F\x8E\x5C\x50\x46\xB3\x3D\xBF\x01\x98\x4F\xB2\x59\x54\x47\x3E\x34\x7B\x78\x6D\x56\x93\x2E\x73\xEA\x66\x28\x78\xCD\x1D\x14\xBF\xA0\x8F\x2F\x2E\xB8\x2E\x8E\xF2\x14\x8A\xCC\xE9\xB5\x7C\xFB\x6C\x9D\x0C\xA5\xE1\x96",
+	["OU=Trustis FPS Root CA,O=Trustis Limited,C=GB"] = "\x30\x82\x03\x67\x30\x82\x02\x4F\xA0\x03\x02\x01\x02\x02\x10\x1B\x1F\xAD\xB6\x20\xF9\x24\xD3\x36\x6B\xF7\xC7\xF1\x8C\xA0\x59\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x54\x72\x75\x73\x74\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1C\x30\x1A\x06\x03\x55\x04\x0B\x13\x13\x54\x72\x75\x73\x74\x69\x73\x20\x46\x50\x53\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x33\x31\x32\x32\x33\x31\x32\x31\x34\x30\x36\x5A\x17\x0D\x32\x34\x30\x31\x32\x31\x31\x31\x33\x36\x35\x34\x5A\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x54\x72\x75\x73\x74\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1C\x30\x1A\x06\x03\x55\x04\x0B\x13\x13\x54\x72\x75\x73\x74\x69\x73\x20\x46\x50\x53\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC5\x50\x7B\x9E\x3B\x35\xD0\xDF\xC4\x8C\xCD\x8E\x9B\xED\xA3\xC0\x36\x99\xF4\x42\xEA\xA7\x3E\x80\x83\x0F\xA6\xA7\x59\x87\xC9\x90\x45\x43\x7E\x00\xEA\x86\x79\x2A\x03\xBD\x3D\x37\x99\x89\x66\xB7\xE5\x8A\x56\x86\x93\x9C\x68\x4B\x68\x04\x8C\x93\x93\x02\x3E\x30\xD2\x37\x3A\x22\x61\x89\x1C\x85\x4E\x7D\x8F\xD5\xAF\x7B\x35\xF6\x7E\x28\x47\x89\x31\xDC\x0E\x79\x64\x1F\x99\xD2\x5B\xBA\xFE\x7F\x60\xBF\xAD\xEB\xE7\x3C\x38\x29\x6A\x2F\xE5\x91\x0B\x55\xFF\xEC\x6F\x58\xD5\x2D\xC9\xDE\x4C\x66\x71\x8F\x0C\xD7\x04\xDA\x07\xE6\x1E\x18\xE3\xBD\x29\x02\xA8\xFA\x1C\xE1\x5B\xB9\x83\xA8\x41\x48\xBC\x1A\x71\x8D\xE7\x62\xE5\x2D\xB2\xEB\xDF\x7C\xCF\xDB\xAB\x5A\xCA\x31\xF1\x4C\x22\xF3\x05\x13\xF7\x82\xF9\x73\x79\x0C\xBE\xD7\x4B\x1C\xC0\xD1\x15\x3C\x93\x41\x64\xD1\xE6\xBE\x23\x17\x22\x00\x89\x5E\x1F\x6B\xA5\xAC\x6E\xA7\x4B\x8C\xED\xA3\x72\xE6\xAF\x63\x4D\x2F\x85\xD2\x14\x35\x9A\x2E\x4E\x8C\xEA\x32\x98\x28\x86\xA1\x91\x09\x41\x3A\xB4\xE1\xE3\xF2\xFA\xF0\xC9\x0A\xA2\x41\xDD\xA9\xE3\x03\xC7\x88\x15\x3B\x1C\xD4\x1A\x94\xD7\x9F\x64\x59\x12\x6D\x02\x03\x01\x00\x01\xA3\x53\x30\x51\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xBA\xFA\x71\x25\x79\x8B\x57\x41\x25\x21\x86\x0B\x71\xEB\xB2\x64\x0E\x8B\x21\x67\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xBA\xFA\x71\x25\x79\x8B\x57\x41\x25\x21\x86\x0B\x71\xEB\xB2\x64\x0E\x8B\x21\x67\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7E\x58\xFF\xFD\x35\x19\x7D\x9C\x18\x4F\x9E\xB0\x2B\xBC\x8E\x8C\x14\xFF\x2C\xA0\xDA\x47\x5B\xC3\xEF\x81\x2D\xAF\x05\xEA\x74\x48\x5B\xF3\x3E\x4E\x07\xC7\x6D\xC5\xB3\x93\xCF\x22\x35\x5C\xB6\x3F\x75\x27\x5F\x09\x96\xCD\xA0\xFE\xBE\x40\x0C\x5C\x12\x55\xF8\x93\x82\xCA\x29\xE9\x5E\x3F\x56\x57\x8B\x38\x36\xF7\x45\x1A\x4C\x28\xCD\x9E\x41\xB8\xED\x56\x4C\x84\xA4\x40\xC8\xB8\xB0\xA5\x2B\x69\x70\x04\x6A\xC3\xF8\xD4\x12\x32\xF9\x0E\xC3\xB1\xDC\x32\x84\x44\x2C\x6F\xCB\x46\x0F\xEA\x66\x41\x0F\x4F\xF1\x58\xA5\xA6\x0D\x0D\x0F\x61\xDE\xA5\x9E\x5D\x7D\x65\xA1\x3C\x17\xE7\xA8\x55\x4E\xEF\xA0\xC7\xED\xC6\x44\x7F\x54\xF5\xA3\xE0\x8F\xF0\x7C\x55\x22\x8F\x29\xB6\x81\xA3\xE1\x6D\x4E\x2C\x1B\x80\x67\xEC\xAD\x20\x9F\x0C\x62\x61\xD5\x97\xFF\x43\xED\x2D\xC1\xDA\x5D\x29\x2A\x85\x3F\xAC\x65\xEE\x86\x0F\x05\x8D\x90\x5F\xDF\xEE\x9F\xF4\xBF\xEE\x1D\xFB\x98\xE4\x7F\x90\x2B\x84\x78\x10\x0E\x6C\x49\x53\xEF\x15\x5B\x65\x46\x4A\x5D\xAF\xBA\xFB\x3A\x72\x1D\xCD\xF6\x25\x88\x1E\x97\xCC\x21\x9C\x29\x01\x0D\x65\xEB\x57\xD9\xF3\x57\x96\xBB\x48\xCD\x81",
+	["CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL"] = "\x30\x82\x05\x63\x30\x82\x03\x4B\xA0\x03\x02\x01\x02\x02\x01\x3B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4C\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x4C\x74\x64\x2E\x31\x2C\x30\x2A\x06\x03\x55\x04\x03\x13\x23\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x47\x32\x30\x1E\x17\x0D\x31\x30\x30\x31\x30\x31\x30\x31\x30\x30\x30\x31\x5A\x17\x0D\x33\x39\x31\x32\x33\x31\x32\x33\x35\x39\x30\x31\x5A\x30\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4C\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x4C\x74\x64\x2E\x31\x2C\x30\x2A\x06\x03\x55\x04\x03\x13\x23\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x47\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xB6\x89\x36\x5B\x07\xB7\x20\x36\xBD\x82\xBB\xE1\x16\x20\x03\x95\x7A\xAF\x0E\xA3\x55\xC9\x25\x99\x4A\xC5\xD0\x56\x41\x87\x90\x4D\x21\x60\xA4\x14\x87\x3B\xCD\xFD\xB2\x3E\xB4\x67\x03\x6A\xED\xE1\x0F\x4B\xC0\x91\x85\x70\x45\xE0\x42\x9E\xDE\x29\x23\xD4\x01\x0D\xA0\x10\x79\xB8\xDB\x03\xBD\xF3\xA9\x2F\xD1\xC6\xE0\x0F\xCB\x9E\x8A\x14\x0A\xB8\xBD\xF6\x56\x62\xF1\xC5\x72\xB6\x32\x25\xD9\xB2\xF3\xBD\x65\xC5\x0D\x2C\x6E\xD5\x92\x6F\x18\x8B\x00\x41\x14\x82\x6F\x40\x20\x26\x7A\x28\x0F\xF5\x1E\x7F\x27\xF7\x94\xB1\x37\x3D\xB7\xC7\x91\xF7\xE2\x01\xEC\xFD\x94\x89\xE1\xCC\x6E\xD3\x36\xD6\x0A\x19\x79\xAE\xD7\x34\x82\x65\xFF\x7C\x42\xBB\xB6\xDD\x0B\xA6\x34\xAF\x4B\x60\xFE\x7F\x43\x49\x06\x8B\x8C\x43\xB8\x56\xF2\xD9\x7F\x21\x43\x17\xEA\xA7\x48\x95\x01\x75\x75\xEA\x2B\xA5\x43\x95\xEA\x15\x84\x9D\x08\x8D\x26\x6E\x55\x9B\xAB\xDC\xD2\x39\xD2\x31\x1D\x60\xE2\xAC\xCC\x56\x45\x24\xF5\x1C\x54\xAB\xEE\x86\xDD\x96\x32\x85\xF8\x4C\x4F\xE8\x95\x76\xB6\x05\xDD\x36\x23\x67\xBC\xFF\x15\xE2\xCA\x3B\xE6\xA6\xEC\x3B\xEC\x26\x11\x34\x48\x8D\xF6\x80\x2B\x1A\x23\x02\xEB\x8A\x1C\x3A\x76\x2A\x7B\x56\x16\x1C\x72\x2A\xB3\xAA\xE3\x60\xA5\x00\x9F\x04\x9B\xE2\x6F\x1E\x14\x58\x5B\xA5\x6C\x8B\x58\x3C\xC3\xBA\x4E\x3A\x5C\xF7\xE1\x96\x2B\x3E\xEF\x07\xBC\xA4\xE5\x5D\xCC\x4D\x9F\x0D\xE1\xDC\xAA\xBB\xE1\x6E\x1A\xEC\x8F\xE1\xB6\x4C\x4D\x79\x72\x5D\x17\x35\x0B\x1D\xD7\xC1\x47\xDA\x96\x24\xE0\xD0\x72\xA8\x5A\x5F\x66\x2D\x10\xDC\x2F\x2A\x13\xAE\x26\xFE\x0A\x1C\x19\xCC\xD0\x3E\x0B\x9C\xC8\x09\x2E\xF9\x5B\x96\x7A\x47\x9C\xE9\x7A\xF3\x05\x50\x74\x95\x73\x9E\x30\x09\xF3\x97\x82\x5E\xE6\x8F\x39\x08\x1E\x59\xE5\x35\x14\x42\x13\xFF\x00\x9C\xF7\xBE\xAA\x50\xCF\xE2\x51\x48\xD7\xB8\x6F\xAF\xF8\x4E\x7E\x33\x98\x92\x14\x62\x3A\x75\x63\xCF\x7B\xFA\xDE\x82\x3B\xA9\xBB\x39\xE2\xC4\xBD\x2C\x00\x0E\xC8\x17\xAC\x13\xEF\x4D\x25\x8E\xD8\xB3\x90\x2F\xA9\xDA\x29\x7D\x1D\xAF\x74\x3A\xB2\x27\xC0\xC1\x1E\x3E\x75\xA3\x16\xA9\xAF\x7A\x22\x5D\x9F\x13\x1A\xCF\xA7\xA0\xEB\xE3\x86\x0A\xD3\xFD\xE6\x96\x95\xD7\x23\xC8\x37\xDD\xC4\x7C\xAA\x36\xAC\x98\x1A\x12\xB1\xE0\x4E\xE8\xB1\x3B\xF5\xD6\x6F\xF1\x30\xD7\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4B\xC5\xB4\x40\x6B\xAD\x1C\xB3\xA5\x1C\x65\x6E\x46\x36\x89\x87\x05\x0C\x0E\xB6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x73\x57\x3F\x2C\xD5\x95\x32\x7E\x37\xDB\x96\x92\xEB\x19\x5E\x7E\x53\xE7\x41\xEC\x11\xB6\x47\xEF\xB5\xDE\xED\x74\x5C\xC5\xF1\x8E\x49\xE0\xFC\x6E\x99\x13\xCD\x9F\x8A\xDA\xCD\x3A\x0A\xD8\x3A\x5A\x09\x3F\x5F\x34\xD0\x2F\x03\xD2\x66\x1D\x1A\xBD\x9C\x90\x37\xC8\x0C\x8E\x07\x5A\x94\x45\x46\x2A\xE6\xBE\x7A\xDA\xA1\xA9\xA4\x69\x12\x92\xB0\x7D\x36\xD4\x44\x87\xD7\x51\xF1\x29\x63\xD6\x75\xCD\x16\xE4\x27\x89\x1D\xF8\xC2\x32\x48\xFD\xDB\x99\xD0\x8F\x5F\x54\x74\xCC\xAC\x67\x34\x11\x62\xD9\x0C\x0A\x37\x87\xD1\xA3\x17\x48\x8E\xD2\x17\x1D\xF6\xD7\xFD\xDB\x65\xEB\xFD\xA8\xD4\xF5\xD6\x4F\xA4\x5B\x75\xE8\xC5\xD2\x60\xB2\xDB\x09\x7E\x25\x8B\x7B\xBA\x52\x92\x9E\x3E\xE8\xC5\x77\xA1\x3C\xE0\x4A\x73\x6B\x61\xCF\x86\xDC\x43\xFF\xFF\x21\xFE\x23\x5D\x24\x4A\xF5\xD3\x6D\x0F\x62\x04\x05\x57\x82\xDA\x6E\xA4\x33\x25\x79\x4B\x2E\x54\x19\x8B\xCC\x2C\x3D\x30\xE9\xD1\x06\xFF\xE8\x32\x46\xBE\xB5\x33\x76\x77\xA8\x01\x5D\x96\xC1\xC1\xD5\xBE\xAE\x25\xC0\xC9\x1E\x0A\x09\x20\x88\xA1\x0E\xC9\xF3\x6F\x4D\x82\x54\x00\x20\xA7\xD2\x8F\xE4\x39\x54\x17\x2E\x8D\x1E\xB8\x1B\xBB\x1B\xBD\x9A\x4E\x3B\x10\x34\xDC\x9C\x88\x53\xEF\xA2\x31\x5B\x58\x4F\x91\x62\xC8\xC2\x9A\x9A\xCD\x15\x5D\x38\xA9\xD6\xBE\xF8\x13\xB5\x9F\x12\x69\xF2\x50\x62\xAC\xFB\x17\x37\xF4\xEE\xB8\x75\x67\x60\x10\xFB\x83\x50\xF9\x44\xB5\x75\x9C\x40\x17\xB2\xFE\xFD\x79\x5D\x6E\x58\x58\x5F\x30\xFC\x00\xAE\xAF\x33\xC1\x0E\x4E\x6C\xBA\xA7\xA6\xA1\x7F\x32\xDB\x38\xE0\xB1\x72\x17\x0A\x2B\x91\xEC\x6A\x63\x26\xED\x89\xD4\x78\xCC\x74\x1E\x05\xF8\x6B\xFE\x8C\x6A\x76\x39\x29\xAE\x65\x23\x12\x95\x08\x22\x1C\x97\xCE\x5B\x06\xEE\x0C\xE2\xBB\xBC\x1F\x44\x93\xF6\xD8\x38\x45\x05\x21\xED\xE4\xAD\xAB\x12\xB6\x03\xA4\x42\x2E\x2D\xC4\x09\x3A\x03\x67\x69\x84\x9A\xE1\x59\x90\x8A\x28\x85\xD5\x5D\x74\xB1\xD1\x0E\x20\x58\x9B\x13\xA5\xB0\x63\xA6\xED\x7B\x47\xFD\x45\x55\x30\xA4\xEE\x9A\xD4\xE6\xE2\x87\xEF\x98\xC9\x32\x82\x11\x29\x22\xBC\x00\x0A\x31\x5E\x2D\x0F\xC0\x8E\xE9\x6B\xB2\x8F\x2E\x06\xD8\xD1\x91\xC7\xC6\x12\xF4\x4C\xFD\x30\x17\xC3\xC1\xDA\x38\x5B\xE3\xA9\xEA\xE6\xA1\xBA\x79\xEF\x73\xD8\xB6\x53\x57\x2D\xF6\xD0\xE1\xD7\x48",
+	["CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO"] = "\x30\x82\x05\x59\x30\x82\x03\x41\xA0\x03\x02\x01\x02\x02\x01\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x31\x30\x31\x30\x32\x36\x30\x38\x33\x38\x30\x33\x5A\x17\x0D\x34\x30\x31\x30\x32\x36\x30\x38\x33\x38\x30\x33\x5A\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xD7\xC7\x5E\xF7\xC1\x07\xD4\x77\xFB\x43\x21\xF4\xF4\xF5\x69\xE4\xEE\x32\x01\xDB\xA3\x86\x1F\xE4\x59\x0D\xBA\xE7\x75\x83\x52\xEB\xEA\x1C\x61\x15\x48\xBB\x1D\x07\xCA\x8C\xAE\xB0\xDC\x96\x9D\xEA\xC3\x60\x92\x86\x82\x28\x73\x9C\x56\x06\xFF\x4B\x64\xF0\x0C\x2A\x37\x49\xB5\xE5\xCF\x0C\x7C\xEE\xF1\x4A\xBB\x73\x30\x65\xF3\xD5\x2F\x83\xB6\x7E\xE3\xE7\xF5\x9E\xAB\x60\xF9\xD3\xF1\x9D\x92\x74\x8A\xE4\x1C\x96\xAC\x5B\x80\xE9\xB5\xF4\x31\x87\xA3\x51\xFC\xC7\x7E\xA1\x6F\x8E\x53\x77\xD4\x97\xC1\x55\x33\x92\x3E\x18\x2F\x75\xD4\xAD\x86\x49\xCB\x95\xAF\x54\x06\x6C\xD8\x06\x13\x8D\x5B\xFF\xE1\x26\x19\x59\xC0\x24\xBA\x81\x71\x79\x90\x44\x50\x68\x24\x94\x5F\xB8\xB3\x11\xF1\x29\x41\x61\xA3\x41\xCB\x23\x36\xD5\xC1\xF1\x32\x50\x10\x4E\x7F\xF4\x86\x93\xEC\x84\xD3\x8E\xBC\x4B\xBF\x5C\x01\x4E\x07\x3D\xDC\x14\x8A\x94\x0A\xA4\xEA\x73\xFB\x0B\x51\xE8\x13\x07\x18\xFA\x0E\xF1\x2B\xD1\x54\x15\x7D\x3C\xE1\xF7\xB4\x19\x42\x67\x62\x5E\x77\xE0\xA2\x55\xEC\xB6\xD9\x69\x17\xD5\x3A\xAF\x44\xED\x4A\xC5\x9E\xE4\x7A\x27\x7C\xE5\x75\xD7\xAA\xCB\x25\xE7\xDF\x6B\x0A\xDB\x0F\x4D\x93\x4E\xA8\xA0\xCD\x7B\x2E\xF2\x59\x01\x6A\xB7\x0D\xB8\x07\x81\x7E\x8B\x38\x1B\x38\xE6\x0A\x57\x99\x3D\xEE\x21\xE8\xA3\xF5\x0C\x16\xDD\x8B\xEC\x34\x8E\x9C\x2A\x1C\x00\x15\x17\x8D\x68\x83\xD2\x70\x9F\x18\x08\xCD\x11\x68\xD5\xC9\x6B\x52\xCD\xC4\x46\x8F\xDC\xB5\xF3\xD8\x57\x73\x1E\xE9\x94\x39\x04\xBF\xD3\xDE\x38\xDE\xB4\x53\xEC\x69\x1C\xA2\x7E\xC4\x8F\xE4\x1B\x70\xAD\xF2\xA2\xF9\xFB\xF7\x16\x64\x66\x69\x9F\x49\x51\xA2\xE2\x15\x18\x67\x06\x4A\x7F\xD5\x6C\xB5\x4D\xB3\x33\xE0\x61\xEB\x5D\xBE\xE9\x98\x0F\x32\xD7\x1D\x4B\x3C\x2E\x5A\x01\x52\x91\x09\xF2\xDF\xEA\x8D\xD8\x06\x40\x63\xAA\x11\xE4\xFE\xC3\x37\x9E\x14\x52\x3F\xF4\xE2\xCC\xF2\x61\x93\xD1\xFD\x67\x6B\xD7\x52\xAE\xBF\x68\xAB\x40\x43\xA0\x57\x35\x53\x78\xF0\x53\xF8\x61\x42\x07\x64\xC6\xD7\x6F\x9B\x4C\x38\x0D\x63\xAC\x62\xAF\x36\x8B\xA2\x73\x0A\x0D\xF5\x21\xBD\x74\xAA\x4D\xEA\x72\x03\x49\xDB\xC7\x5F\x1D\x62\x63\xC7\xFD\xDD\x91\xEC\x33\xEE\xF5\x6D\xB4\x6E\x30\x68\xDE\xC8\xD6\x26\xB0\x75\x5E\x7B\xB4\x07\x20\x98\xA1\x76\x32\xB8\x4D\x6C\x4F\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xC9\x80\x77\xE0\x62\x92\x82\xF5\x46\x9C\xF3\xBA\xF7\x4C\xC3\xDE\xB8\xA3\xAD\x39\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x53\x5F\x21\xF5\xBA\xB0\x3A\x52\x39\x2C\x92\xB0\x6C\x00\xC9\xEF\xCE\x20\xEF\x06\xF2\x96\x9E\xE9\xA4\x74\x7F\x7A\x16\xFC\xB7\xF5\xB6\xFB\x15\x1B\x3F\xAB\xA6\xC0\x72\x5D\x10\xB1\x71\xEE\xBC\x4F\xE3\xAD\xAC\x03\x6D\x2E\x71\x2E\xAF\xC4\xE3\xAD\xA3\xBD\x0C\x11\xA7\xB4\xFF\x4A\xB2\x7B\x10\x10\x1F\xA7\x57\x41\xB2\xC0\xAE\xF4\x2C\x59\xD6\x47\x10\x88\xF3\x21\x51\x29\x30\xCA\x60\x86\xAF\x46\xAB\x1D\xED\x3A\x5B\xB0\x94\xDE\x44\xE3\x41\x08\xA2\xC1\xEC\x1D\xD6\xFD\x4F\xB6\xD6\x47\xD0\x14\x0B\xCA\xE6\xCA\xB5\x7B\x77\x7E\x41\x1F\x5E\x83\xC7\xB6\x8C\x39\x96\xB0\x3F\x96\x81\x41\x6F\x60\x90\xE2\xE8\xF9\xFB\x22\x71\xD9\x7D\xB3\x3D\x46\xBF\xB4\x84\xAF\x90\x1C\x0F\x8F\x12\x6A\xAF\xEF\xEE\x1E\x7A\xAE\x02\x4A\x8A\x17\x2B\x76\xFE\xAC\x54\x89\x24\x2C\x4F\x3F\xB6\xB2\xA7\x4E\x8C\xA8\x91\x97\xFB\x29\xC6\x7B\x5C\x2D\xB9\xCB\x66\xB6\xB7\xA8\x5B\x12\x51\x85\xB5\x09\x7E\x62\x78\x70\xFE\xA9\x6A\x60\xB6\x1D\x0E\x79\x0C\xFD\xCA\xEA\x24\x80\x72\xC3\x97\x3F\xF2\x77\xAB\x43\x22\x0A\xC7\xEB\xB6\x0C\x84\x82\x2C\x80\x6B\x41\x8A\x08\xC0\xEB\xA5\x6B\xDF\x99\x12\xCB\x8A\xD5\x5E\x80\x0C\x91\xE0\x26\x08\x36\x48\xC5\xFA\x38\x11\x35\xFF\x25\x83\x2D\xF2\x7A\xBF\xDA\xFD\x8E\xFE\xA5\xCB\x45\x2C\x1F\xC4\x88\x53\xAE\x77\x0E\xD9\x9A\x76\xC5\x8E\x2C\x1D\xA3\xBA\xD5\xEC\x32\xAE\xC0\xAA\xAC\xF7\xD1\x7A\x4D\xEB\xD4\x07\xE2\x48\xF7\x22\x8E\xB0\xA4\x9F\x6A\xCE\x8E\xB2\xB2\x60\xF4\xA3\x22\xD0\x23\xEB\x94\x5A\x7A\x69\xDD\x0F\xBF\x40\x57\xAC\x6B\x59\x50\xD9\xA3\x99\xE1\x6E\xFE\x8D\x01\x79\x27\x23\x15\xDE\x92\x9D\x7B\x09\x4D\x5A\xE7\x4B\x48\x30\x5A\x18\xE6\x0A\x6D\xE6\x8F\xE0\xD2\xBB\xE6\xDF\x7C\x6E\x21\x82\xC1\x68\x39\x4D\xB4\x98\x58\x66\x62\xCC\x4A\x90\x5E\xC3\xFA\x27\x04\xB1\x79\x15\x74\x99\xCC\xBE\xAD\x20\xDE\x26\x60\x1C\xEB\x56\x51\xA6\xA3\xEA\xE4\xA3\x3F\xA7\xFF\x61\xDC\xF1\x5A\x4D\x6C\x32\x23\x43\xEE\xAC\xA8\xEE\xEE\x4A\x12\x09\x3C\x5D\x71\xC2\xBE\x79\xFA\xC2\x87\x68\x1D\x0B\xFD\x5C\x69\xCC\x06\xD0\x9A\x7D\x54\x99\x2A\xC9\x39\x1A\x19\xAF\x4B\x2A\x43\xF3\x63\x5D\x5A\x58\xE2\x2F\xE3\x1D\xE4\xA9\xD6\xD0\x0A\xD0\x9E\xBF\xD7\x81\x09\xF1\xC9\xC7\x26\x0D\xAC\x98\x16\x56\xA0",
+	["CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO"] = "\x30\x82\x05\x59\x30\x82\x03\x41\xA0\x03\x02\x01\x02\x02\x01\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x31\x30\x31\x30\x32\x36\x30\x38\x32\x38\x35\x38\x5A\x17\x0D\x34\x30\x31\x30\x32\x36\x30\x38\x32\x38\x35\x38\x5A\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA5\xDA\x0A\x95\x16\x50\xE3\x95\xF2\x5E\x9D\x76\x31\x06\x32\x7A\x9B\xF1\x10\x76\xB8\x00\x9A\xB5\x52\x36\xCD\x24\x47\xB0\x9F\x18\x64\xBC\x9A\xF6\xFA\xD5\x79\xD8\x90\x62\x4C\x22\x2F\xDE\x38\x3D\xD6\xE0\xA8\xE9\x1C\x2C\xDB\x78\x11\xE9\x8E\x68\x51\x15\x72\xC7\xF3\x33\x87\xE4\xA0\x5D\x0B\x5C\xE0\x57\x07\x2A\x30\xF5\xCD\xC4\x37\x77\x28\x4D\x18\x91\xE6\xBF\xD5\x52\xFD\x71\x2D\x70\x3E\xE7\xC6\xC4\x8A\xE3\xF0\x28\x0B\xF4\x76\x98\xA1\x8B\x87\x55\xB2\x3A\x13\xFC\xB7\x3E\x27\x37\x8E\x22\xE3\xA8\x4F\x2A\xEF\x60\xBB\x3D\xB7\x39\xC3\x0E\x01\x47\x99\x5D\x12\x4F\xDB\x43\xFA\x57\xA1\xED\xF9\x9D\xBE\x11\x47\x26\x5B\x13\x98\xAB\x5D\x16\x8A\xB0\x37\x1C\x57\x9D\x45\xFF\x88\x96\x36\xBF\xBB\xCA\x07\x7B\x6F\x87\x63\xD7\xD0\x32\x6A\xD6\x5D\x6C\x0C\xF1\xB3\x6E\x39\xE2\x6B\x31\x2E\x39\x00\x27\x14\xDE\x38\xC0\xEC\x19\x66\x86\x12\xE8\x9D\x72\x16\x13\x64\x52\xC7\xA9\x37\x1C\xFD\x82\x30\xED\x84\x18\x1D\xF4\xAE\x5C\xFF\x70\x13\x00\xEB\xB1\xF5\x33\x7A\x4B\xD6\x55\xF8\x05\x8D\x4B\x69\xB0\xF5\xB3\x28\x36\x5C\x14\xC4\x51\x73\x4D\x6B\x0B\xF1\x34\x07\xDB\x17\x39\xD7\xDC\x28\x7B\x6B\xF5\x9F\xF3\x2E\xC1\x4F\x17\x2A\x10\xF3\xCC\xCA\xE8\xEB\xFD\x6B\xAB\x2E\x9A\x9F\x2D\x82\x6E\x04\xD4\x52\x01\x93\x2D\x3D\x86\xFC\x7E\xFC\xDF\xEF\x42\x1D\xA6\x6B\xEF\xB9\x20\xC6\xF7\xBD\xA0\xA7\x95\xFD\xA7\xE6\x89\x24\xD8\xCC\x8C\x34\x6C\xE2\x23\x2F\xD9\x12\x1A\x21\xB9\x55\x91\x6F\x0B\x91\x79\x19\x0C\xAD\x40\x88\x0B\x70\xE2\x7A\xD2\x0E\xD8\x68\x48\xBB\x82\x13\x39\x10\x58\xE9\xD8\x2A\x07\xC6\x12\xDB\x58\xDB\xD2\x3B\x55\x10\x47\x05\x15\x67\x62\x7E\x18\x63\xA6\x46\x3F\x09\x0E\x54\x32\x5E\xBF\x0D\x62\x7A\x27\xEF\x80\xE8\xDB\xD9\x4B\x06\x5A\x37\x5A\x25\xD0\x08\x12\x77\xD4\x6F\x09\x50\x97\x3D\xC8\x1D\xC3\xDF\x8C\x45\x30\x56\xC6\xD3\x64\xAB\x66\xF3\xC0\x5E\x96\x9C\xC3\xC4\xEF\xC3\x7C\x6B\x8B\x3A\x79\x7F\xB3\x49\xCF\x3D\xE2\x89\x9F\xA0\x30\x4B\x85\xB9\x9C\x94\x24\x79\x8F\x7D\x6B\xA9\x45\x68\x0F\x2B\xD0\xF1\xDA\x1C\xCB\x69\xB8\xCA\x49\x62\x6D\xC8\xD0\x63\x62\xDD\x60\x0F\x58\xAA\x8F\xA1\xBC\x05\xA5\x66\xA2\xCF\x1B\x76\xB2\x84\x64\xB1\x4C\x39\x52\xC0\x30\xBA\xF0\x8C\x4B\x02\xB0\xB6\xB7\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x47\xB8\xCD\xFF\xE5\x6F\xEE\xF8\xB2\xEC\x2F\x4E\x0E\xF9\x25\xB0\x8E\x3C\x6B\xC3\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x00\x20\x23\x41\x35\x04\x90\xC2\x40\x62\x60\xEF\xE2\x35\x4C\xD7\x3F\xAC\xE2\x34\x90\xB8\xA1\x6F\x76\xFA\x16\x16\xA4\x48\x37\x2C\xE9\x90\xC2\xF2\x3C\xF8\x0A\x9F\xD8\x81\xE5\xBB\x5B\xDA\x25\x2C\xA4\xA7\x55\x71\x24\x32\xF6\xC8\x0B\xF2\xBC\x6A\xF8\x93\xAC\xB2\x07\xC2\x5F\x9F\xDB\xCC\xC8\x8A\xAA\xBE\x6A\x6F\xE1\x49\x10\xCC\x31\xD7\x80\xBB\xBB\xC8\xD8\xA2\x0E\x64\x57\xEA\xA2\xF5\xC2\xA9\x31\x15\xD2\x20\x6A\xEC\xFC\x22\x01\x28\xCF\x86\xB8\x80\x1E\xA9\xCC\x11\xA5\x3C\xF2\x16\xB3\x47\x9D\xFC\xD2\x80\x21\xC4\xCB\xD0\x47\x70\x41\xA1\xCA\x83\x19\x08\x2C\x6D\xF2\x5D\x77\x9C\x8A\x14\x13\xD4\x36\x1C\x92\xF0\xE5\x06\x37\xDC\xA6\xE6\x90\x9B\x38\x8F\x5C\x6B\x1B\x46\x86\x43\x42\x5F\x3E\x01\x07\x53\x54\x5D\x65\x7D\xF7\x8A\x73\xA1\x9A\x54\x5A\x1F\x29\x43\x14\x27\xC2\x85\x0F\xB5\x88\x7B\x1A\x3B\x94\xB7\x1D\x60\xA7\xB5\x9C\xE7\x29\x69\x57\x5A\x9B\x93\x7A\x43\x30\x1B\x03\xD7\x62\xC8\x40\xA6\xAA\xFC\x64\xE4\x4A\xD7\x91\x53\x01\xA8\x20\x88\x6E\x9C\x5F\x44\xB9\xCB\x60\x81\x34\xEC\x6F\xD3\x7D\xDA\x48\x5F\xEB\xB4\x90\xBC\x2D\xA9\x1C\x0B\xAC\x1C\xD5\xA2\x68\x20\x80\x04\xD6\xFC\xB1\x8F\x2F\xBB\x4A\x31\x0D\x4A\x86\x1C\xEB\xE2\x36\x29\x26\xF5\xDA\xD8\xC4\xF2\x75\x61\xCF\x7E\xAE\x76\x63\x4A\x7A\x40\x65\x93\x87\xF8\x1E\x80\x8C\x86\xE5\x86\xD6\x8F\x0E\xFC\x53\x2C\x60\xE8\x16\x61\x1A\xA2\x3E\x43\x7B\xCD\x39\x60\x54\x6A\xF5\xF2\x89\x26\x01\x68\x83\x48\xA2\x33\xE8\xC9\x04\x91\xB2\x11\x34\x11\x3E\xEA\xD0\x43\x19\x1F\x03\x93\x90\x0C\xFF\x51\x3D\x57\xF4\x41\x6E\xE1\xCB\xA0\xBE\xEB\xC9\x63\xCD\x6D\xCC\xE4\xF8\x36\xAA\x68\x9D\xED\xBD\x5D\x97\x70\x44\x0D\xB6\x0E\x35\xDC\xE1\x0C\x5D\xBB\xA0\x51\x94\xCB\x7E\x16\xEB\x11\x2F\xA3\x92\x45\xC8\x4C\x71\xD9\xBC\xC9\x99\x52\x57\x46\x2F\x50\xCF\xBD\x35\x69\xF4\x3D\x15\xCE\x06\xA5\x2C\x0F\x3E\xF6\x81\xBA\x94\xBB\xC3\xBB\xBF\x65\x78\xD2\x86\x79\xFF\x49\x3B\x1A\x83\x0C\xF0\xDE\x78\xEC\xC8\xF2\x4D\x4C\x1A\xDE\x82\x29\xF8\xC1\x5A\xDA\xED\xEE\xE6\x27\x5E\xE8\x45\xD0\x9D\x1C\x51\xA8\x68\xAB\x44\xE3\xD0\x8B\x6A\xE3\xF8\x3B\xBB\xDC\x4D\xD7\x64\xF2\x51\xBE\xE6\xAA\xAB\x5A\xE9\x31\xEE\x06\xBC\x73\xBF\x13\x62\x0A\x9F\xC7\xB9\x97",
 };

From 750e1ddf69d9f3375801615e872ec42b8a8d5a6d Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Mon, 16 Jul 2012 15:51:47 -0400
Subject: [PATCH 31/60] Fixed a couple of init-time mem leaks.

---
 src/DPM.cc   |  1 +
 src/Scope.cc | 11 +++++------
 src/scan.l   |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/DPM.cc b/src/DPM.cc
index d7e5cd25ef..6ecf3b1336 100644
--- a/src/DPM.cc
+++ b/src/DPM.cc
@@ -117,6 +117,7 @@ void DPM::AddConfig(const Analyzer::Config& cfg)
 				desc.SP();
 #endif
 				}
+			Unref(plist);
 			}
 		}
 
diff --git a/src/Scope.cc b/src/Scope.cc
index 4916cdbfce..731ced93b7 100644
--- a/src/Scope.cc
+++ b/src/Scope.cc
@@ -50,7 +50,7 @@ Scope::~Scope()
 
 ID* Scope::GenerateTemporary(const char* name)
 	{
-	return new ID(copy_string(name), SCOPE_FUNCTION, false);
+	return new ID(name, SCOPE_FUNCTION, false);
 	}
 
 id_list* Scope::GetInits()
@@ -166,16 +166,15 @@ ID* install_ID(const char* name, const char* module_name,
 	else
 		scope = SCOPE_FUNCTION;
 
-	string full_name_str = make_full_var_name(module_name, name);
-	char* full_name = copy_string(full_name_str.c_str());
+	string full_name = make_full_var_name(module_name, name);
 
-	ID* id = new ID(full_name, scope, is_export);
+	ID* id = new ID(full_name.c_str(), scope, is_export);
 	if ( SCOPE_FUNCTION != scope )
-		global_scope()->Insert(full_name, id);
+		global_scope()->Insert(full_name.c_str(), id);
 	else
 		{
 		id->SetOffset(top_scope->Length());
-		top_scope->Insert(full_name, id);
+		top_scope->Insert(full_name.c_str(), id);
 		}
 
 	return id;
diff --git a/src/scan.l b/src/scan.l
index 645ce659cd..d90501dd55 100644
--- a/src/scan.l
+++ b/src/scan.l
@@ -776,7 +776,7 @@ void add_input_file(const char* file)
 	if ( ! filename )
 		(void) load_files(file);
 	else
-		input_files.append(copy_string(file));
+		input_files.append((char*) file);
 	}
 
 void add_to_name_list(char* s, char delim, name_list& nl)

From 5d04d583854efd592495d6678895a042cf03e698 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Tue, 17 Jul 2012 13:57:23 -0400
Subject: [PATCH 32/60] Fixed small elasticsearch problem in configure output.

---
 CMakeLists.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 14cf66ac19..bd6bf95737 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -122,13 +122,15 @@ if (LINTEL_FOUND AND DATASERIES_FOUND AND LIBXML2_FOUND)
 	list(APPEND OPTLIBS ${LibXML2_LIBRARIES})
 endif()
 
+set(USE_ELASTICSEARCH false)
 set(USE_CURL false)
 find_package(CURL)
+
 if (CURL_FOUND)
+  set(USE_ELASTICSEARCH true)
   set(USE_CURL true)
   include_directories(BEFORE ${CURL_INCLUDE_DIR})
   list(APPEND OPTLIBS ${CURL_LIBRARIES})
-  set(USE_ELASTICSEARCH true)
 endif()
 
 if (ENABLE_PERFTOOLS_DEBUG)

From 81edec8b2eeef682c4bb2639a0b191e12bc2f561 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Tue, 17 Jul 2012 14:16:15 -0700
Subject: [PATCH 33/60] Fix bug, where in dns.log rcode always was set to
 0/NOERROR when no reply package was seen.

In the fixed version rcode is only set when a reply packet was seen.

Updates for the baseline have been commited separately in the
topic/bernhard/dns-fix branch.
---
 scripts/base/protocols/dns/main.bro | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro
index 600de4beaf..c951ff4fd2 100644
--- a/scripts/base/protocols/dns/main.bro
+++ b/scripts/base/protocols/dns/main.bro
@@ -162,11 +162,11 @@ function set_session(c: connection, msg: dns_msg, is_query: bool)
 
 	c$dns = c$dns_state$pending[msg$id];
 
-	c$dns$rcode = msg$rcode;
-	c$dns$rcode_name = base_errors[msg$rcode];
-
 	if ( ! is_query )
 		{
+		c$dns$rcode = msg$rcode;
+		c$dns$rcode_name = base_errors[msg$rcode];
+
 		if ( ! c$dns?$total_answers )
 			c$dns$total_answers = msg$num_answers;
 

From 1fa182c16918d258cbda6bfc69b3394103d4313f Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Wed, 18 Jul 2012 00:00:31 -0400
Subject: [PATCH 34/60] Some better elasticsearch reliability.

 - Added a configurable option for timing out ES HTTP requests.

 - Stop sending reporter messages after one message for one failure.
---
 .../logging/writers/elasticsearch.bro         |  3 ++
 src/logging.bif                               |  1 +
 src/logging/writers/ElasticSearch.cc          | 38 ++++++++++++++-----
 src/logging/writers/ElasticSearch.h           |  2 +
 4 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro
index 93c6c98705..adc675e487 100644
--- a/scripts/base/frameworks/logging/writers/elasticsearch.bro
+++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro
@@ -17,6 +17,9 @@ export {
 	## e.g. prefix = "bro_" would create types of bro_dns, bro_software, etc.
 	const type_prefix = "" &redef;
 
+	## The time before an ElasticSearch transfer will timeout.
+	const transfer_timeout = 2secs;
+
 	## The batch size is the number of messages that will be queued up before 
 	## they are sent to be bulk indexed.
 	## Note: this is mainly a memory usage parameter.
diff --git a/src/logging.bif b/src/logging.bif
index 3cdb414d80..7e50a9d285 100644
--- a/src/logging.bif
+++ b/src/logging.bif
@@ -91,6 +91,7 @@ const server_host: string;
 const server_port: count;
 const index_prefix: string;
 const type_prefix: string;
+const transfer_timeout: interval;
 const max_batch_size: count;
 const max_batch_interval: interval;
 const max_byte_size: count;
diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index 1b8dfa495d..71be036a72 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -42,7 +42,10 @@ ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend)
 	current_index = string();
 	prev_index = string();
 	last_send = current_time();
+	failing = false;
 	
+	transfer_timeout = BifConst::LogElasticSearch::transfer_timeout * 1000;
+
 	curl_handle = HTTPSetup();
 }
 
@@ -77,12 +80,13 @@ bool ElasticSearch::BatchIndex()
 	curl_easy_setopt(curl_handle, CURLOPT_POST, 1);
 	curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE_LARGE, (curl_off_t)buffer.Len());
 	curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer.Bytes());
-	HTTPSend(curl_handle);
-	
+	failing = ! HTTPSend(curl_handle);
+
+	// We are currently throwing the data out regardless of if the send failed.  Fire and forget!
 	buffer.Clear();
 	counter = 0;
 	last_send = current_time();
-	
+
 	return true;
 	}
 
@@ -347,6 +351,8 @@ bool ElasticSearch::HTTPSend(CURL *handle)
 	// HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. 
 	// The best (only?) way to disable that is to just use HTTP 1.0
 	curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
+
+	curl_easy_setopt(handle, CURLOPT_TIMEOUT_MS, transfer_timeout);
 	
 	CURLcode return_code = curl_easy_perform(handle);
 	
@@ -355,21 +361,35 @@ bool ElasticSearch::HTTPSend(CURL *handle)
 		case CURLE_COULDNT_CONNECT:
 		case CURLE_COULDNT_RESOLVE_HOST:
 		case CURLE_WRITE_ERROR:
-			return false;
+		case CURLE_RECV_ERROR:
+			{
+			if ( ! failing )
+				Error(Fmt("ElasticSearch server may not be accessible."));
+			}
+
+		case CURLE_OPERATION_TIMEDOUT:
+			{
+			if ( ! failing )
+				Warning(Fmt("HTTP operation with elasticsearch server timed out at %" PRIu64 " msecs.", transfer_timeout));
+			}
 		
 		case CURLE_OK:
 			{
 			uint http_code = 0;
 			curl_easy_getinfo(curl_handle, CURLINFO_RESPONSE_CODE, &http_code);
-			if ( http_code != 200 )
-				Error(Fmt("Received a non-successful status code back from ElasticSearch server."));
-			
-			return true;
+			if ( http_code == 200 )
+				// Hopefully everything goes through here.
+				return true;
+			else if ( ! failing )
+				Error(Fmt("Received a non-successful status code back from ElasticSearch server, check the elasticsearch server log."));
 			}
 		
 		default:
-			return true;
+			{
+			}
 		}
+		// The "successful" return happens above
+		return false;
 	}
 
 #endif
diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h
index 375845b002..60977f7737 100644
--- a/src/logging/writers/ElasticSearch.h
+++ b/src/logging/writers/ElasticSearch.h
@@ -65,6 +65,8 @@ private:
 	
 	string path;
 	string index_prefix;
+	uint64 transfer_timeout;
+	bool failing;
 	
 	uint64 batch_size;
 };

From 50f5f8131df7691643209ccf2d058ab98a4ba6ad Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Wed, 18 Jul 2012 07:29:01 -0700
Subject: [PATCH 35/60] Revert "Fixed a couple of init-time mem leaks."

This reverts commit 750e1ddf69d9f3375801615e872ec42b8a8d5a6d.
---
 src/DPM.cc   |  1 -
 src/Scope.cc | 11 ++++++-----
 src/scan.l   |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/DPM.cc b/src/DPM.cc
index 6ecf3b1336..d7e5cd25ef 100644
--- a/src/DPM.cc
+++ b/src/DPM.cc
@@ -117,7 +117,6 @@ void DPM::AddConfig(const Analyzer::Config& cfg)
 				desc.SP();
 #endif
 				}
-			Unref(plist);
 			}
 		}
 
diff --git a/src/Scope.cc b/src/Scope.cc
index 731ced93b7..4916cdbfce 100644
--- a/src/Scope.cc
+++ b/src/Scope.cc
@@ -50,7 +50,7 @@ Scope::~Scope()
 
 ID* Scope::GenerateTemporary(const char* name)
 	{
-	return new ID(name, SCOPE_FUNCTION, false);
+	return new ID(copy_string(name), SCOPE_FUNCTION, false);
 	}
 
 id_list* Scope::GetInits()
@@ -166,15 +166,16 @@ ID* install_ID(const char* name, const char* module_name,
 	else
 		scope = SCOPE_FUNCTION;
 
-	string full_name = make_full_var_name(module_name, name);
+	string full_name_str = make_full_var_name(module_name, name);
+	char* full_name = copy_string(full_name_str.c_str());
 
-	ID* id = new ID(full_name.c_str(), scope, is_export);
+	ID* id = new ID(full_name, scope, is_export);
 	if ( SCOPE_FUNCTION != scope )
-		global_scope()->Insert(full_name.c_str(), id);
+		global_scope()->Insert(full_name, id);
 	else
 		{
 		id->SetOffset(top_scope->Length());
-		top_scope->Insert(full_name.c_str(), id);
+		top_scope->Insert(full_name, id);
 		}
 
 	return id;
diff --git a/src/scan.l b/src/scan.l
index d90501dd55..645ce659cd 100644
--- a/src/scan.l
+++ b/src/scan.l
@@ -776,7 +776,7 @@ void add_input_file(const char* file)
 	if ( ! filename )
 		(void) load_files(file);
 	else
-		input_files.append((char*) file);
+		input_files.append(copy_string(file));
 	}
 
 void add_to_name_list(char* s, char delim, name_list& nl)

From 43507b1bb9b2ff484716e2e8f151a5fdc8974951 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Wed, 18 Jul 2012 11:28:41 -0400
Subject: [PATCH 36/60] New script for easily duplicating logs to
 ElasticSearch.

---
 .../policy/tuning/logs-to-elasticsearch.bro   | 45 +++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 scripts/policy/tuning/logs-to-elasticsearch.bro

diff --git a/scripts/policy/tuning/logs-to-elasticsearch.bro b/scripts/policy/tuning/logs-to-elasticsearch.bro
new file mode 100644
index 0000000000..c3cc9d5002
--- /dev/null
+++ b/scripts/policy/tuning/logs-to-elasticsearch.bro
@@ -0,0 +1,45 @@
+##! Load this script to enable global log output to an ElasticSearch database.
+
+module LogElasticSearch;
+
+export {
+	## An elasticsearch specific rotation interval.
+	const rotation_interval = 24hr &redef;
+
+	## Optionally ignore any :bro:enum:`Log::ID` from being sent to
+	## ElasticSearch with this script.
+	const excluded_log_ids: set[string] = set("Communication::LOG") &redef;
+
+	## If you want to explicitly only send certain :bro:enum:`Log::ID` 
+	## streams, add them to this set.  If the set remains empty, all will 
+	## be sent.  The :bro:id:`excluded_log_ids` option will remain in 
+	## effect as well.
+	const send_logs: set[string] = set() &redef;
+}
+
+module Log;
+
+event bro_init() &priority=-5
+	{
+	local my_filters: table[ID, string] of Filter = table();
+
+	for ( [id, name] in filters )
+		{
+		local filter = filters[id, name];
+		if ( fmt("%s", id) in LogElasticSearch::excluded_log_ids ||
+		     (|LogElasticSearch::send_logs| > 0 && fmt("%s", id) !in LogElasticSearch::send_logs) )
+			next;
+
+		filter$name = cat(name, "-es");
+		filter$writer = Log::WRITER_ELASTICSEARCH;
+		filter$interv = LogElasticSearch::rotation_interval;
+		my_filters[id, name] = filter;
+		}
+
+	# This had to be done separately to avoid an ever growing filters list
+	# where the for loop would never end.
+	for ( [id, name] in my_filters )
+		{
+		Log::add_filter(id, filter);
+		}
+	}
\ No newline at end of file

From 6335dbb5e1cf694afea3c306012a258614d13880 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Wed, 18 Jul 2012 11:32:14 -0400
Subject: [PATCH 37/60] Fixing calc_next_rotate to use UTC based time
 functions.

---
 src/util.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/util.cc b/src/util.cc
index 3cfa5fca1c..abbea3e906 100644
--- a/src/util.cc
+++ b/src/util.cc
@@ -1112,9 +1112,9 @@ double calc_next_rotate(double current, double interval, double base)
 	time_t teatime = time_t(current);
 
 	struct tm t;
-	t = *localtime_r(&teatime, &t);
+	t = *gmtime_r(&teatime, &t);
 	t.tm_hour = t.tm_min = t.tm_sec = 0;
-	double startofday = mktime(&t);
+	double startofday = timegm(&t);
 
 	if ( base < 0 )
 		// No base time given. To get nice timestamps, we round

From 18268273594900cdeabc811d1a9cf6562caf2687 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Wed, 18 Jul 2012 15:42:23 -0400
Subject: [PATCH 38/60] Changed ES index names to localtime and added a meta
 index.

---
 src/logging/writers/ElasticSearch.cc | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index 71be036a72..2095ed62df 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -263,11 +263,28 @@ bool ElasticSearch::UpdateIndex(double now, double rinterval, double rbase)
 		struct tm tm;
 		char buf[128];
 		time_t teatime = (time_t)interval_beginning;
-		gmtime_r(&teatime, &tm);
+		localtime_r(&teatime, &tm);
 		strftime(buf, sizeof(buf), "%Y%m%d%H%M", &tm);
 		
 		prev_index = current_index;
 		current_index = index_prefix + "-" + buf;
+
+		// Send some metadata about this index.
+		buffer.AddRaw("{\"index\":{\"_index\":\"@", 21);
+		buffer.Add(index_prefix);
+		buffer.AddRaw("-meta\",\"_type\":\"index\",\"_id\":\"", 30);
+		buffer.Add(current_index);
+		buffer.AddRaw("-", 1);
+		buffer.Add(Info().rotation_base);
+		buffer.AddRaw("-", 1);
+		buffer.Add(Info().rotation_interval);
+		buffer.AddRaw("\"}}\n{\"name\":\"", 13);
+		buffer.Add(current_index);
+		buffer.AddRaw("\",\"start\":", 10);
+		buffer.Add(interval_beginning);
+		buffer.AddRaw(",\"end\":", 7);
+		buffer.Add(interval_beginning+rinterval);
+		buffer.AddRaw("}\n", 2);
 		}
 	
 	//printf("%s - prev:%s current:%s\n", Info().path.c_str(), prev_index.c_str(), current_index.c_str());

From 0c4c5ff33571c9f5cec67d432dd401fc1770e0d4 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Thu, 19 Jul 2012 12:14:13 -0400
Subject: [PATCH 39/60] Temporarily removing the ES timeout because it works
 with signals and is incompatible with Bro threads.

---
 src/logging/writers/ElasticSearch.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc
index 2095ed62df..1ae81dfde8 100644
--- a/src/logging/writers/ElasticSearch.cc
+++ b/src/logging/writers/ElasticSearch.cc
@@ -369,7 +369,7 @@ bool ElasticSearch::HTTPSend(CURL *handle)
 	// The best (only?) way to disable that is to just use HTTP 1.0
 	curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
 
-	curl_easy_setopt(handle, CURLOPT_TIMEOUT_MS, transfer_timeout);
+	//curl_easy_setopt(handle, CURLOPT_TIMEOUT_MS, transfer_timeout);
 	
 	CURLcode return_code = curl_easy_perform(handle);
 	

From f73eb3b086c1ae88c122434613501af950a9dba0 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Thu, 12 Jul 2012 13:44:24 -0700
Subject: [PATCH 40/60] Reworking thread termination logic.

Turns out the finish methods weren't called correctly, caused by a
mess up with method names which all sounded too similar and the wrong
one ended up being called. I've reworked this by changing the
thread/writer/reader interfaces, which actually also simplifies them
by getting rid of the requirement for writer backends to call their
parent methods (i.e., less opportunity for errors).

This commit also includes the following (because I noticed the problem
above when working on some of these):

     - The ASCII log writer now includes "#start <timestamp>" and
      "#end <timestamp> lines in the each file. The latter supersedes
      Bernhard's "EOF" patch.

      This required a number of tests updates. The standard canonifier
      removes the timestamps, but some tests compare files directly,
      which doesn't work if they aren't printing out the same
      timestamps (like the comm tests).

     - The above required yet another change to the writer API to
       network_time to methods.

     - Renamed ASCII logger "header" options to "meta".

     - Fixes #763 "Escape # when first character in log file line".

All btests pass for me on Linux FC15. Will try MacOS next.
---
 NEWS                                          |  5 +
 .../base/frameworks/logging/writers/ascii.bro | 11 ++-
 src/input/Manager.cc                          |  2 -
 src/input/ReaderBackend.cc                    |  9 +-
 src/input/ReaderBackend.h                     | 25 ++---
 src/input/ReaderFrontend.cc                   | 26 -----
 src/input/readers/Ascii.cc                    |  2 -
 src/input/readers/Benchmark.cc                |  1 -
 src/input/readers/Raw.cc                      |  2 -
 src/logging.bif                               |  4 +-
 src/logging/Manager.cc                        |  3 +-
 src/logging/WriterBackend.cc                  | 16 +--
 src/logging/WriterBackend.h                   | 32 ++++--
 src/logging/WriterFrontend.cc                 | 33 ++-----
 src/logging/WriterFrontend.h                  |  8 +-
 src/logging/writers/Ascii.cc                  | 97 ++++++++++++++-----
 src/logging/writers/Ascii.h                   | 13 ++-
 src/logging/writers/DataSeries.cc             | 14 ++-
 src/logging/writers/DataSeries.h              |  5 +-
 src/logging/writers/None.h                    |  5 +-
 src/threading/BasicThread.cc                  | 35 ++-----
 src/threading/BasicThread.h                   |  8 ++
 src/threading/MsgThread.cc                    | 31 ++++--
 src/threading/MsgThread.h                     | 34 ++++---
 .../ssh-filtered.log                          | 12 +++
 .../ssh.log                                   | 12 ---
 .../test.log                                  | 12 +++
 testing/btest/core/expr-exception.bro         |  2 +-
 testing/btest/istate/events-ssl.bro           |  9 +-
 testing/btest/istate/events.bro               |  9 +-
 .../base/frameworks/logging/ascii-empty.bro   |  5 +-
 .../logging/ascii-line-like-comment.bro       | 23 +++++
 .../base/frameworks/logging/ascii-options.bro |  2 +-
 .../base/frameworks/logging/remote-types.bro  |  8 +-
 .../base/frameworks/logging/remote.bro        |  8 +-
 .../notice/default-policy-order.test          |  6 +-
 testing/scripts/diff-remove-timestamps        |  7 +-
 37 files changed, 313 insertions(+), 223 deletions(-)
 create mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log
 delete mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log
 create mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log
 create mode 100644 testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.bro

diff --git a/NEWS b/NEWS
index d9410e1c7c..0798920d8a 100644
--- a/NEWS
+++ b/NEWS
@@ -140,6 +140,11 @@ the full set.
   Bro now supports decapsulating tunnels directly for protocols it
   understands.
 
+- ASCII logs now record the time when they were opened/closed at the
+  beginning and end of the file, respectively. The options
+  LogAscii::header_prefix and LogAscii::include_header have been
+  renamed to LogAscii::meta_prefix and LogAscii::include_meta,
+  respectively.
 
 Bro 2.0
 -------
diff --git a/scripts/base/frameworks/logging/writers/ascii.bro b/scripts/base/frameworks/logging/writers/ascii.bro
index fa1fcd6797..bacb0996d0 100644
--- a/scripts/base/frameworks/logging/writers/ascii.bro
+++ b/scripts/base/frameworks/logging/writers/ascii.bro
@@ -8,12 +8,13 @@ export {
 	## into files. This is primarily for debugging purposes.
 	const output_to_stdout = F &redef;
 
-	## If true, include a header line with column names and description
-	## of the other ASCII logging options that were used.
-	const include_header = T &redef;
+	## If true, include lines with log meta information such as column names with
+	## types, the values of ASCII logging options that in use, and the time when the
+	## file was opened and closes (the latter at the end). 
+	const include_meta = T &redef;
 
-	## Prefix for the header line if included.
-	const header_prefix = "#" &redef;
+	## Prefix for lines with meta information.
+	const meta_prefix = "#" &redef;
 
 	## Separator between fields.
 	const separator = "\t" &redef;
diff --git a/src/input/Manager.cc b/src/input/Manager.cc
index fc68343813..1c6b69e8ec 100644
--- a/src/input/Manager.cc
+++ b/src/input/Manager.cc
@@ -726,8 +726,6 @@ bool Manager::RemoveStream(Stream *i)
 
 	i->removed = true;
 
-	i->reader->Close();
-
 	DBG_LOG(DBG_INPUT, "Successfully queued removal of stream %s",
 		i->name.c_str());
 
diff --git a/src/input/ReaderBackend.cc b/src/input/ReaderBackend.cc
index dea554251e..84106a3c94 100644
--- a/src/input/ReaderBackend.cc
+++ b/src/input/ReaderBackend.cc
@@ -207,7 +207,7 @@ bool ReaderBackend::Init(const ReaderInfo& arg_info, const int arg_num_fields,
 	return success;
 	}
 
-void ReaderBackend::Close()
+bool ReaderBackend::OnFinish(double network_time)
 	{
 	DoClose();
 	disabled = true; // frontend disables itself when it gets the Close-message.
@@ -221,6 +221,8 @@ void ReaderBackend::Close()
 		delete [] (fields);
 		fields = 0;
 		}
+
+	return true;
 	}
 
 bool ReaderBackend::Update()
@@ -243,10 +245,9 @@ void ReaderBackend::DisableFrontend()
 	SendOut(new DisableMessage(frontend));
 	}
 
-bool ReaderBackend::DoHeartbeat(double network_time, double current_time)
+bool ReaderBackend::OnHeartbeat(double network_time, double current_time)
 	{
-	MsgThread::DoHeartbeat(network_time, current_time);
-	return true;
+	return DoHeartbeat(network_time, current_time);
 	}
 
 TransportProto ReaderBackend::StringToProto(const string &proto)
diff --git a/src/input/ReaderBackend.h b/src/input/ReaderBackend.h
index 820633254a..1e77a61f37 100644
--- a/src/input/ReaderBackend.h
+++ b/src/input/ReaderBackend.h
@@ -108,15 +108,6 @@ public:
 	 */
 	bool Init(const ReaderInfo& info, int num_fields, const threading::Field* const* fields);
 
-	/**
-	 * Finishes reading from this input stream in a regular fashion. Must
-	 * not be called if an error has been indicated earlier. After
-	 * calling this, no further reading from the stream can be performed.
-	 *
-	 * @return False if an error occured.
-	 */
-	void Close();
-
 	/**
 	 * Force trigger an update of the input stream. The action that will
 	 * be taken depends on the current read mode and the individual input
@@ -149,6 +140,9 @@ public:
 	 */
 	int NumFields() const	{ return num_fields; }
 
+	// Overridden from MsgThread.
+	virtual bool OnHeartbeat(double network_time, double current_time);
+	virtual bool OnFinish(double network_time);
 
 protected:
 	// Methods that have to be overwritten by the individual readers
@@ -200,6 +194,11 @@ protected:
 	 */
 	virtual bool DoUpdate() = 0;
 
+	/**
+	 * Triggered by regular heartbeat messages from the main thread.
+	 */
+	virtual bool DoHeartbeat(double network_time, double current_time) = 0;
+
 	/**
 	 * Method allowing a reader to send a specified Bro event. Vals must
 	 * match the values expected by the bro event.
@@ -271,14 +270,6 @@ protected:
 	 */
 	void EndCurrentSend();
 
-	/**
-	 * Triggered by regular heartbeat messages from the main thread.
-	 *
-	 * This method can be overridden but once must call
-	 * ReaderBackend::DoHeartbeat().
-	 */
-	virtual bool DoHeartbeat(double network_time, double current_time);
-
 	/**
 	 *  Convert a string into a TransportProto. This is just a utility
 	 *  function for Readers.
diff --git a/src/input/ReaderFrontend.cc b/src/input/ReaderFrontend.cc
index e489147d36..7e4ef201b1 100644
--- a/src/input/ReaderFrontend.cc
+++ b/src/input/ReaderFrontend.cc
@@ -37,17 +37,6 @@ public:
 	virtual bool Process() { return Object()->Update(); }
 };
 
-class CloseMessage : public threading::InputMessage<ReaderBackend>
-{
-public:
-	CloseMessage(ReaderBackend* backend)
-		: threading::InputMessage<ReaderBackend>("Close", backend)
-		 { }
-
-	virtual bool Process() { Object()->Close(); return true; }
-};
-
-
 ReaderFrontend::ReaderFrontend(bro_int_t type)
 	{
 	disabled = initialized = false;
@@ -93,21 +82,6 @@ void ReaderFrontend::Update()
 	backend->SendIn(new UpdateMessage(backend));
 	}
 
-void ReaderFrontend::Close()
-	{
-	if ( disabled )
-		return;
-
-	if ( ! initialized )
-		{
-		reporter->Error("Tried to call finish on uninitialized reader");
-		return;
-		}
-
-	disabled = true;
-	backend->SendIn(new CloseMessage(backend));
-	}
-
 string ReaderFrontend::Name() const
 	{
 	if ( ! info.source.size() )
diff --git a/src/input/readers/Ascii.cc b/src/input/readers/Ascii.cc
index dd1e742e5e..7f93a3138c 100644
--- a/src/input/readers/Ascii.cc
+++ b/src/input/readers/Ascii.cc
@@ -506,8 +506,6 @@ bool Ascii::DoUpdate()
 
 bool Ascii::DoHeartbeat(double network_time, double current_time)
 {
-	ReaderBackend::DoHeartbeat(network_time, current_time);
-
 	switch ( Info().mode  ) {
 		case MODE_MANUAL:
 			// yay, we do nothing :)
diff --git a/src/input/readers/Benchmark.cc b/src/input/readers/Benchmark.cc
index d71901fa66..28afdc1c89 100644
--- a/src/input/readers/Benchmark.cc
+++ b/src/input/readers/Benchmark.cc
@@ -222,7 +222,6 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype)
 
 bool Benchmark::DoHeartbeat(double network_time, double current_time)
 {
-	ReaderBackend::DoHeartbeat(network_time, current_time);
 	num_lines = (int) ( (double) num_lines*multiplication_factor);
 	num_lines += add;
 	heartbeatstarttime = CurrTime();
diff --git a/src/input/readers/Raw.cc b/src/input/readers/Raw.cc
index 1bae6cfa0c..f62e966883 100644
--- a/src/input/readers/Raw.cc
+++ b/src/input/readers/Raw.cc
@@ -252,8 +252,6 @@ bool Raw::DoUpdate()
 
 bool Raw::DoHeartbeat(double network_time, double current_time)
 	{
-	ReaderBackend::DoHeartbeat(network_time, current_time);
-
 	switch ( Info().mode ) {
 		case MODE_MANUAL:
 			// yay, we do nothing :)
diff --git a/src/logging.bif b/src/logging.bif
index d25e89c33c..48e0edbb06 100644
--- a/src/logging.bif
+++ b/src/logging.bif
@@ -65,8 +65,8 @@ function Log::__flush%(id: Log::ID%): bool
 module LogAscii;
 
 const output_to_stdout: bool;
-const include_header: bool;
-const header_prefix: string;
+const include_meta: bool;
+const meta_prefix: string;
 const separator: string;
 const set_separator: string;
 const empty_field: string;
diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc
index 0fea3d577d..1808b83738 100644
--- a/src/logging/Manager.cc
+++ b/src/logging/Manager.cc
@@ -771,6 +771,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns)
 
 			WriterBackend::WriterInfo info;
 			info.path = path;
+			info.network_time = network_time;
 
 			HashKey* k;
 			IterCookie* c = filter->config->AsTable()->InitForIteration();
@@ -1156,7 +1157,7 @@ bool Manager::Flush(EnumVal* id)
 
 	for ( Stream::WriterMap::iterator i = stream->writers.begin();
 	      i != stream->writers.end(); i++ )
-		i->second->writer->Flush();
+		i->second->writer->Flush(network_time);
 
 	RemoveDisabledWriters(stream);
 
diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc
index 00590208d5..68b0b506a1 100644
--- a/src/logging/WriterBackend.cc
+++ b/src/logging/WriterBackend.cc
@@ -18,7 +18,7 @@ namespace logging  {
 class RotationFinishedMessage : public threading::OutputMessage<WriterFrontend>
 {
 public:
-        RotationFinishedMessage(WriterFrontend* writer, string new_name, string old_name,
+	RotationFinishedMessage(WriterFrontend* writer, string new_name, string old_name,
 				double open, double close, bool terminating)
 		: threading::OutputMessage<WriterFrontend>("RotationFinished", writer),
 		new_name(new_name), old_name(old_name), open(open),
@@ -260,9 +260,9 @@ bool WriterBackend::Rotate(string rotated_path, double open,
 	return true;
 	}
 
-bool WriterBackend::Flush()
+bool WriterBackend::Flush(double network_time)
 	{
-	if ( ! DoFlush() )
+	if ( ! DoFlush(network_time) )
 		{
 		DisableFrontend();
 		return false;
@@ -271,13 +271,15 @@ bool WriterBackend::Flush()
 	return true;
 	}
 
-bool WriterBackend::DoHeartbeat(double network_time, double current_time)
+bool WriterBackend::OnFinish(double network_time)
 	{
-	MsgThread::DoHeartbeat(network_time, current_time);
+	return DoFinish(network_time);
+	}
 
+bool WriterBackend::OnHeartbeat(double network_time, double current_time)
+	{
 	SendOut(new FlushWriteBufferMessage(frontend));
-
-	return true;
+	return DoHeartbeat(network_time, current_time);
 	}
 
 string WriterBackend::Render(const threading::Value::addr_t& addr) const
diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h
index 6e65a8151a..33cde8679e 100644
--- a/src/logging/WriterBackend.h
+++ b/src/logging/WriterBackend.h
@@ -67,6 +67,11 @@ public:
 		 */
 		double rotation_base;
 
+		/**
+		 * The network time when the writer is created.
+		 */
+		double network_time;
+
 		/**
 		 * A map of key/value pairs corresponding to the relevant
 		 * filter's "config" table.
@@ -129,9 +134,11 @@ public:
 	 * Flushes any currently buffered output, assuming the writer
 	 * supports that. (If not, it will be ignored).
 	 *
+	 * @param network_time The network time when the flush was triggered.
+	 *
 	 * @return False if an error occured.
 	 */
-	bool Flush();
+	bool Flush(double network_time);
 
 	/**
 	 * Triggers rotation, if the writer supports that. (If not, it will
@@ -213,6 +220,10 @@ public:
 	  */
 	string Render(double d) const;
 
+	// Overridden from MsgThread.
+	virtual bool OnHeartbeat(double network_time, double current_time);
+	virtual bool OnFinish(double network_time);
+
 protected:
 	friend class FinishMessage;
 
@@ -272,8 +283,10 @@ protected:
 	 * will then be disabled and eventually deleted. When returning
 	 * false, an implementation should also call Error() to indicate what
 	 * happened.
+	 *
+	 * @param network_time The network time when the flush was triggered.
 	 */
-	virtual bool DoFlush() = 0;
+	virtual bool DoFlush(double network_time) = 0;
 
 	/**
 	 * Writer-specific method implementing log rotation.  Most directly
@@ -314,20 +327,19 @@ protected:
 
 	/**
 	 * Writer-specific method called just before the threading system is
-	 * going to shutdown.
+	 * going to shutdown. It is assumed that once this messages returns,
+	 * the thread can be safely terminated.
 	 *
-	 * This method can be overridden but one must call
-	 * WriterBackend::DoFinish().
+	 * @param network_time The network time when the finish is triggered.
 	 */
-	virtual bool DoFinish() { return MsgThread::DoFinish(); }
-
+	virtual bool DoFinish(double network_time) = 0;
 	/**
 	 * Triggered by regular heartbeat messages from the main thread.
 	 *
-	 * This method can be overridden but one must call
-	 * WriterBackend::DoHeartbeat().
+	 * This method can be overridden. Default implementation does
+	 * nothing.
 	 */
-	virtual bool DoHeartbeat(double network_time, double current_time);
+	virtual bool DoHeartbeat(double network_time, double current_time) = 0;
 
 private:
 	/**
diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc
index 21bde0d43c..577003926b 100644
--- a/src/logging/WriterFrontend.cc
+++ b/src/logging/WriterFrontend.cc
@@ -81,19 +81,13 @@ private:
 class FlushMessage : public threading::InputMessage<WriterBackend>
 {
 public:
-	FlushMessage(WriterBackend* backend)
-		: threading::InputMessage<WriterBackend>("Flush", backend)	{}
+	FlushMessage(WriterBackend* backend, double network_time)
+		: threading::InputMessage<WriterBackend>("Flush", backend),
+		network_time(network_time) {}
 
-	virtual bool Process() { return Object()->Flush(); }
-};
-
-class FinishMessage : public threading::InputMessage<WriterBackend>
-{
-public:
-	FinishMessage(WriterBackend* backend)
-		: threading::InputMessage<WriterBackend>("Finish", backend)	{}
-
-	virtual bool Process() { return Object()->DoFinish(); }
+	virtual bool Process() { return Object()->Flush(network_time); }
+private:
+	double network_time;
 };
 
 }
@@ -240,7 +234,7 @@ void WriterFrontend::SetBuf(bool enabled)
 		FlushWriteBuffer();
 	}
 
-void WriterFrontend::Flush()
+void WriterFrontend::Flush(double network_time)
 	{
 	if ( disabled )
 		return;
@@ -248,7 +242,7 @@ void WriterFrontend::Flush()
 	FlushWriteBuffer();
 
 	if ( backend )
-		backend->SendIn(new FlushMessage(backend));
+		backend->SendIn(new FlushMessage(backend, network_time));
 	}
 
 void WriterFrontend::Rotate(string rotated_path, double open, double close, bool terminating)
@@ -266,17 +260,6 @@ void WriterFrontend::Rotate(string rotated_path, double open, double close, bool
 		log_mgr->FinishedRotation(0, "", rotated_path, open, close, terminating);
 	}
 
-void WriterFrontend::Finish()
-	{
-	if ( disabled )
-		return;
-
-	FlushWriteBuffer();
-
-	if ( backend )
-		backend->SendIn(new FinishMessage(backend));
-	}
-
 void WriterFrontend::DeleteVals(Value** vals)
 	{
 	// Note this code is duplicated in Manager::DeleteVals().
diff --git a/src/logging/WriterFrontend.h b/src/logging/WriterFrontend.h
index 8a0dce4645..6581fb1c1b 100644
--- a/src/logging/WriterFrontend.h
+++ b/src/logging/WriterFrontend.h
@@ -114,8 +114,10 @@ public:
 	 * message back that will asynchronously call Disable().
 	 *
 	 * This method must only be called from the main thread.
+	 *
+	 * @param network_time The network time when the flush was triggered.
 	 */
-	void Flush();
+	void Flush(double network_time);
 
 	/**
 	 * Triggers log rotation.
@@ -138,8 +140,10 @@ public:
 	 * sends a message back that will asynchronously call Disable().
 	 *
 	 * This method must only be called from the main thread.
+	 *
+	 * @param network_time The network time when the finish was triggered.
 	 */
-	void Finish();
+	void Finish(double network_time);
 
 	/**
 	 * Explicitly triggers a transfer of all potentially buffered Write()
diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc
index 6e5ceef678..ab68cd77d8 100644
--- a/src/logging/writers/Ascii.cc
+++ b/src/logging/writers/Ascii.cc
@@ -18,7 +18,7 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend)
 	file = 0;
 
 	output_to_stdout = BifConst::LogAscii::output_to_stdout;
-	include_header = BifConst::LogAscii::include_header;
+	include_meta = BifConst::LogAscii::include_meta;
 
 	separator_len = BifConst::LogAscii::separator->Len();
 	separator = new char[separator_len];
@@ -40,10 +40,10 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend)
 	memcpy(unset_field, BifConst::LogAscii::unset_field->Bytes(),
 	       unset_field_len);
 
-	header_prefix_len = BifConst::LogAscii::header_prefix->Len();
-	header_prefix = new char[header_prefix_len];
-	memcpy(header_prefix, BifConst::LogAscii::header_prefix->Bytes(),
-	       header_prefix_len);
+	meta_prefix_len = BifConst::LogAscii::meta_prefix->Len();
+	meta_prefix = new char[meta_prefix_len];
+	memcpy(meta_prefix, BifConst::LogAscii::meta_prefix->Bytes(),
+	       meta_prefix_len);
 
 	desc.EnableEscaping();
 	desc.AddEscapeSequence(separator, separator_len);
@@ -51,24 +51,39 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend)
 
 Ascii::~Ascii()
 	{
+	// Normally, the file will be closed here already via the Finish()
+	// message. But when we terminate abnormally, we may still have it
+	// open.
 	if ( file )
-		fclose(file);
+		CloseFile(0);
 
 	delete [] separator;
 	delete [] set_separator;
 	delete [] empty_field;
 	delete [] unset_field;
-	delete [] header_prefix;
+	delete [] meta_prefix;
 	}
 
 bool Ascii::WriteHeaderField(const string& key, const string& val)
 	{
-	string str = string(header_prefix, header_prefix_len) +
+	string str = string(meta_prefix, meta_prefix_len) +
 		key + string(separator, separator_len) + val + "\n";
 
 	return (fwrite(str.c_str(), str.length(), 1, file) == 1);
 	}
 
+void Ascii::CloseFile(double t)
+	{
+	if ( ! file )
+		return;
+
+	if ( include_meta )
+		WriteHeaderField("end", t ? Timestamp(t) : "<abnormal termination>");
+
+	fclose(file);
+	file = 0;
+	}
+
 bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * fields)
 	{
 	string path = info.path;
@@ -81,17 +96,17 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const *
 	if ( ! (file = fopen(fname.c_str(), "w")) )
 		{
 		Error(Fmt("cannot open %s: %s", fname.c_str(),
-			  strerror(errno)));
+			  Strerror(errno)));
 
 		return false;
 		}
 
-	if ( include_header )
+	if ( include_meta )
 		{
 		string names;
 		string types;
 
-		string str = string(header_prefix, header_prefix_len)
+		string str = string(meta_prefix, meta_prefix_len)
 			+ "separator " // Always use space as separator here.
 			+ get_escaped_string(string(separator, separator_len), false)
 			+ "\n";
@@ -105,8 +120,9 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const *
 		            string(empty_field, empty_field_len), false)) &&
 		        WriteHeaderField("unset_field", get_escaped_string(
 		            string(unset_field, unset_field_len), false)) &&
-		        WriteHeaderField("path", get_escaped_string(path, false))) )
-			goto write_error;
+		        WriteHeaderField("path", get_escaped_string(path, false)) &&
+			WriteHeaderField("start", Timestamp(info.network_time))) )
+		goto write_error;
 
 		for ( int i = 0; i < num_fields; ++i )
 			{
@@ -128,21 +144,23 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const *
 	return true;
 
 write_error:
-	Error(Fmt("error writing to %s: %s", fname.c_str(), strerror(errno)));
+	Error(Fmt("error writing to %s: %s", fname.c_str(), Strerror(errno)));
 	return false;
 	}
 
-bool Ascii::DoFlush()
+bool Ascii::DoFlush(double network_time)
 	{
 	fflush(file);
 	return true;
 	}
 
-bool Ascii::DoFinish()
+bool Ascii::DoFinish(double network_time)
 	{
-	return WriterBackend::DoFinish();
+	CloseFile(network_time);
+	return true;
 	}
 
+
 bool Ascii::DoWriteOne(ODesc* desc, Value* val, const Field* field)
 	{
 	if ( ! val->present )
@@ -307,16 +325,33 @@ bool Ascii::DoWrite(int num_fields, const Field* const * fields,
 
 	desc.AddRaw("\n", 1);
 
-	if ( fwrite(desc.Bytes(), desc.Len(), 1, file) != 1 )
+	const char* bytes = (const char*)desc.Bytes();
+	int len = desc.Len();
+
+	// Make sure the line doesn't look like meta information.
+	if ( strncmp(bytes, meta_prefix, meta_prefix_len) == 0 )
 		{
-		Error(Fmt("error writing to %s: %s", fname.c_str(), strerror(errno)));
-		return false;
+		// It would so escape the first character.
+		char buf[16];
+		snprintf(buf, sizeof(buf), "\\x%02x", bytes[0]);
+		if ( fwrite(buf, strlen(buf), 1, file) != 1 )
+			goto write_error;
+
+		++bytes;
+		--len;
 		}
 
+	if ( fwrite(bytes, len, 1, file) != 1 )
+		goto write_error;
+
 	if ( IsBuf() )
 		fflush(file);
 
 	return true;
+
+write_error:
+	Error(Fmt("error writing to %s: %s", fname.c_str(), Strerror(errno)));
+	return false;
 	}
 
 bool Ascii::DoRotate(string rotated_path, double open, double close, bool terminating)
@@ -325,8 +360,7 @@ bool Ascii::DoRotate(string rotated_path, double open, double close, bool termin
 	if ( ! file || IsSpecial(Info().path) )
 		return true;
 
-	fclose(file);
-	file = 0;
+	CloseFile(close);
 
 	string nname = rotated_path + "." + LogExt();
 	rename(fname.c_str(), nname.c_str());
@@ -346,9 +380,28 @@ bool Ascii::DoSetBuf(bool enabled)
 	return true;
 	}
 
+bool Ascii::DoHeartbeat(double network_time, double current_time)
+	{
+	// Nothing to do.
+	return true;
+	}
+
 string Ascii::LogExt()
 	{
 	const char* ext = getenv("BRO_LOG_SUFFIX");
 	if ( ! ext ) ext = "log";
 	return ext;
 	}
+
+string Ascii::Timestamp(double t)
+	{
+	struct tm tm;
+	char buf[128];
+	const char* const date_fmt = "%Y-%m-%d-%H-%M-%S";
+	time_t teatime = time_t(t);
+
+	localtime_r(&teatime, &tm);
+	strftime(buf, sizeof(buf), date_fmt, &tm);
+	return buf;
+	}
+
diff --git a/src/logging/writers/Ascii.h b/src/logging/writers/Ascii.h
index a95e644d49..857954ce37 100644
--- a/src/logging/writers/Ascii.h
+++ b/src/logging/writers/Ascii.h
@@ -26,13 +26,16 @@ protected:
 	virtual bool DoSetBuf(bool enabled);
 	virtual bool DoRotate(string rotated_path, double open,
 			      double close, bool terminating);
-	virtual bool DoFlush();
-	virtual bool DoFinish();
+	virtual bool DoFlush(double network_time);
+	virtual bool DoFinish(double network_time);
+	virtual bool DoHeartbeat(double network_time, double current_time);
 
 private:
 	bool IsSpecial(string path) 	{ return path.find("/dev/") == 0; }
 	bool DoWriteOne(ODesc* desc, threading::Value* val, const threading::Field* field);
 	bool WriteHeaderField(const string& key, const string& value);
+	void CloseFile(double t);
+	string Timestamp(double t);
 
 	FILE* file;
 	string fname;
@@ -40,7 +43,7 @@ private:
 
 	// Options set from the script-level.
 	bool output_to_stdout;
-	bool include_header;
+	bool include_meta;
 
 	char* separator;
 	int separator_len;
@@ -54,8 +57,8 @@ private:
 	char* unset_field;
 	int unset_field_len;
 
-	char* header_prefix;
-	int header_prefix_len;
+	char* meta_prefix;
+	int meta_prefix_len;
 };
 
 }
diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc
index b34ea3412a..1978a8b781 100644
--- a/src/logging/writers/DataSeries.cc
+++ b/src/logging/writers/DataSeries.cc
@@ -311,7 +311,7 @@ bool DataSeries::DoInit(const WriterInfo& info, int num_fields, const threading:
 			}
 
 		else
-			Error(Fmt("cannot dump schema: %s", strerror(errno)));
+			Error(Fmt("cannot dump schema: %s", Strerror(errno)));
 		}
 
 	compress_type = Extent::compress_all;
@@ -343,7 +343,7 @@ bool DataSeries::DoInit(const WriterInfo& info, int num_fields, const threading:
 	return OpenLog(info.path);
 	}
 
-bool DataSeries::DoFlush()
+bool DataSeries::DoFlush(double network_time)
 {
 	// Flushing is handled by DataSeries automatically, so this function
 	// doesn't do anything.
@@ -366,11 +366,10 @@ void DataSeries::CloseLog()
 	log_file = 0;
 	}
 
-bool DataSeries::DoFinish()
+bool DataSeries::DoFinish(double network_time)
 {
 	CloseLog();
-
-	return WriterBackend::DoFinish();
+	return true;
 }
 
 bool DataSeries::DoWrite(int num_fields, const threading::Field* const * fields,
@@ -420,4 +419,9 @@ bool DataSeries::DoSetBuf(bool enabled)
 	return true;
 }
 
+bool DataSeries::DoHeartbeat(double network_time, double current_time)
+{
+	return true;
+}
+
 #endif /* USE_DATASERIES */
diff --git a/src/logging/writers/DataSeries.h b/src/logging/writers/DataSeries.h
index 0ae3572b76..31d17a1a7b 100644
--- a/src/logging/writers/DataSeries.h
+++ b/src/logging/writers/DataSeries.h
@@ -34,8 +34,9 @@ protected:
 	virtual bool DoSetBuf(bool enabled);
 	virtual bool DoRotate(string rotated_path, double open,
 			      double close, bool terminating);
-	virtual bool DoFlush();
-	virtual bool DoFinish();
+	virtual bool DoFlush(double network_time);
+	virtual bool DoFinish(double network_time);
+	virtual bool DoHeartbeat(double network_time, double current_time);
 
 private:
 	static const size_t ROW_MIN = 2048;			// Minimum extent size.
diff --git a/src/logging/writers/None.h b/src/logging/writers/None.h
index 7e2e4ef4eb..c6d7cba56a 100644
--- a/src/logging/writers/None.h
+++ b/src/logging/writers/None.h
@@ -26,8 +26,9 @@ protected:
 	virtual bool DoSetBuf(bool enabled)	{ return true; }
 	virtual bool DoRotate(string rotated_path, double open,
 			      double close, bool terminating);
-	virtual bool DoFlush()	{ return true; }
-	virtual bool DoFinish()	{ WriterBackend::DoFinish(); return true; }
+	virtual bool DoFlush(double network_time)	{ return true; }
+	virtual bool DoFinish(double network_time)	{ return true; }
+	virtual bool DoHeartbeat(double network_time, double current_time)	{ return true; }
 };
 
 }
diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc
index dfa4c28eda..88c4ac0965 100644
--- a/src/threading/BasicThread.cc
+++ b/src/threading/BasicThread.cc
@@ -78,24 +78,22 @@ const char* BasicThread::Fmt(const char* format, ...)
 	return buf;
 	}
 
+const char* BasicThread::Strerror(int err)
+	{
+	static char buf[128] = "<not set>";
+	strerror_r(err, buf, sizeof(buf));
+	return buf;
+	}
+
 void BasicThread::Start()
 	{
 
 	if ( started )
 		return;
 
-	int err = pthread_mutex_init(&terminate, 0);
-	if ( err != 0  )
-		reporter->FatalError("Cannot create terminate mutex for thread %s: %s", name.c_str(), strerror(err));
-
-	// We use this like a binary semaphore and acquire it immediately.
-	err = pthread_mutex_lock(&terminate);
+	int err = pthread_create(&pthread, 0, BasicThread::launcher, this);
 	if ( err != 0 )
-		reporter->FatalError("Cannot aquire terminate mutex for thread %s: %s", name.c_str(), strerror(err));
-
-	err = pthread_create(&pthread, 0, BasicThread::launcher, this);
-	if ( err != 0 )
-		reporter->FatalError("Cannot create thread %s:%s", name.c_str(), strerror(err));
+		reporter->FatalError("Cannot create thread %s:%s", name.c_str(), Strerror(err));
 
 	DBG_LOG(DBG_THREADING, "Started thread %s", name.c_str());
 
@@ -114,12 +112,6 @@ void BasicThread::Stop()
 
 	DBG_LOG(DBG_THREADING, "Signaling thread %s to terminate ...", name.c_str());
 
-	// Signal that it's ok for the thread to exit now by unlocking the
-	// mutex.
-	int err = pthread_mutex_unlock(&terminate);
-	if ( err != 0 )
-		reporter->FatalError("Failure flagging terminate condition for thread %s: %s", name.c_str(), strerror(err));
-
 	terminating = true;
 
 	OnStop();
@@ -130,16 +122,13 @@ void BasicThread::Join()
 	if ( ! started )
 		return;
 
-	if ( ! terminating )
-		Stop();
+	assert(terminating);
 
 	DBG_LOG(DBG_THREADING, "Joining thread %s ...", name.c_str());
 
 	if ( pthread_join(pthread, 0) != 0  )
 		reporter->FatalError("Failure joining thread %s", name.c_str());
 
-	pthread_mutex_destroy(&terminate);
-
 	DBG_LOG(DBG_THREADING, "Done with thread %s", name.c_str());
 
 	pthread = 0;
@@ -178,10 +167,6 @@ void* BasicThread::launcher(void *arg)
 	// Run thread's main function.
 	thread->Run();
 
-	// Wait until somebody actually wants us to terminate.
-	if ( pthread_mutex_lock(&thread->terminate) != 0 )
-		reporter->FatalError("Failure acquiring terminate mutex at end of thread %s", thread->Name().c_str());
-
 	return 0;
 	}
 
diff --git a/src/threading/BasicThread.h b/src/threading/BasicThread.h
index cc87ae03bc..d47eb5c3c3 100644
--- a/src/threading/BasicThread.h
+++ b/src/threading/BasicThread.h
@@ -96,6 +96,14 @@ public:
 	 */
 	const char* Fmt(const char* format, ...);
 
+	/**
+	 * A version of strerror() that the thread can safely use. This is
+	 * essentially a wrapper around strerror_r(). Note that it keeps a
+	 * single static buffer internally so the result remains valid only
+	 * until the next call.
+	 */
+	const char* Strerror(int err);
+
 protected:
 	friend class Manager;
 
diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc
index 6a3d496325..81ef123661 100644
--- a/src/threading/MsgThread.cc
+++ b/src/threading/MsgThread.cc
@@ -16,9 +16,17 @@ namespace threading  {
 class FinishMessage : public InputMessage<MsgThread>
 {
 public:
-	FinishMessage(MsgThread* thread) : InputMessage<MsgThread>("Finish", thread)	{ }
+	FinishMessage(MsgThread* thread, double network_time) : InputMessage<MsgThread>("Finish", thread),
+		network_time(network_time) { }
 
-	virtual bool Process()	{ return Object()->DoFinish(); }
+	virtual bool Process()	{
+		bool result = Object()->OnFinish(network_time);
+		Object()->Finished();
+		return result;
+	}
+
+private:
+	double network_time;
 };
 
 // A dummy message that's only purpose is unblock the current read operation
@@ -39,7 +47,10 @@ public:
 		: InputMessage<MsgThread>("Heartbeat", thread)
 		{ network_time = arg_network_time; current_time = arg_current_time; }
 
-	virtual bool Process()	{ return Object()->DoHeartbeat(network_time, current_time); }
+	virtual bool Process()	{
+		Object()->HeartbeatInChild();
+		return Object()->OnHeartbeat(network_time, current_time);
+	}
 
 private:
 	double network_time;
@@ -146,8 +157,11 @@ MsgThread::MsgThread() : BasicThread()
 
 void MsgThread::OnStop()
 	{
+	if ( finished )
+		return;
+
 	// Signal thread to terminate and wait until it has acknowledged.
-	SendIn(new FinishMessage(this), true);
+	SendIn(new FinishMessage(this, network_time), true);
 
 	int cnt = 0;
 	while ( ! finished )
@@ -161,6 +175,8 @@ void MsgThread::OnStop()
 		usleep(1000);
 		}
 
+	Finished();
+
 	// One more message to make sure the current queue read operation unblocks.
 	SendIn(new UnblockMessage(this), true);
 	}
@@ -170,7 +186,7 @@ void MsgThread::Heartbeat()
 	SendIn(new HeartbeatMessage(this, network_time, current_time()));
 	}
 
-bool MsgThread::DoHeartbeat(double network_time, double current_time)
+void MsgThread::HeartbeatInChild()
 	{
 	string n = Name();
 
@@ -179,16 +195,13 @@ bool MsgThread::DoHeartbeat(double network_time, double current_time)
 		cnt_sent_out - queue_out.Size());
 
 	SetOSName(n.c_str());
-
-	return true;
 	}
 
-bool MsgThread::DoFinish()
+void MsgThread::Finished()
 	{
 	// This is thread-safe "enough", we're the only one ever writing
 	// there.
 	finished = true;
-	return true;
 	}
 
 void MsgThread::Info(const char* msg)
diff --git a/src/threading/MsgThread.h b/src/threading/MsgThread.h
index a917f54396..67ab9517c5 100644
--- a/src/threading/MsgThread.h
+++ b/src/threading/MsgThread.h
@@ -189,39 +189,45 @@ protected:
 	 *
 	 * This is method is called regularly by the threading::Manager.
 	 *
-	 * Can be overriden in derived classed to hook into the heart beat,
-	 * but must call the parent implementation. Note that this method is
-	 * always called by the main thread and must not access data of the
-	 * child thread directly. See DoHeartbeat() if you want to do
-	 * something on the child-side.
+	 * Can be overriden in derived classed to hook into the heart beat
+	 * sending, but must call the parent implementation. Note that this
+	 * method is always called by the main thread and must not access
+	 * data of the child thread directly. Implement OnHeartbeat() if you
+	 * want to do something on the child-side.
 	 */
 	virtual void Heartbeat();
 
-	/**
-	 * Overriden from BasicThread.
-	 *
+	/** Flags that the child process has finished processing. Called from child.
 	 */
-	virtual void Run();
-	virtual void OnStop();
+	void Finished();
+
+	/** Internal heartbeat processing. Called from child.
+	 */
+	void HeartbeatInChild();
 
 	/**
 	 * Regulatly triggered for execution in the child thread.
 	 *
-	 * When overriding, one must call the parent class' implementation.
-	 *
 	 * network_time: The network_time when the heartbeat was trigger by
 	 * the main thread.
 	 *
 	 * current_time: Wall clock when the heartbeat was trigger by the
 	 * main thread.
 	 */
-	virtual bool DoHeartbeat(double network_time, double current_time);
+	virtual bool OnHeartbeat(double network_time, double current_time) = 0;
 
 	/** Triggered for execution in the child thread just before shutting threads down.
 	 *  The child thread should finish its operations and then *must*
 	 *  call this class' implementation.
 	 */
-	virtual bool DoFinish();
+	virtual bool OnFinish(double network_time) = 0;
+
+	/**
+	 * Overriden from BasicThread.
+	 *
+	 */
+	virtual void Run();
+	virtual void OnStop();
 
 private:
 	/**
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log
new file mode 100644
index 0000000000..a2610bb522
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log
@@ -0,0 +1,12 @@
+PREFIX<>separator |
+PREFIX<>set_separator|,
+PREFIX<>empty_field|EMPTY
+PREFIX<>unset_field|NOT-SET
+PREFIX<>path|ssh
+PREFIX<>fields|t|id.orig_h|id.orig_p|id.resp_h|id.resp_p|status|country|b
+PREFIX<>types|time|addr|port|addr|port|string|string|bool
+1342126762.852986|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET
+1342126762.852986|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET
+1342126762.852986|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET
+1342126762.852986|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET
+1342126762.852986|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log
deleted file mode 100644
index 10275205a5..0000000000
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log
+++ /dev/null
@@ -1,12 +0,0 @@
-PREFIX<>separator |
-PREFIX<>set_separator|,
-PREFIX<>empty_field|EMPTY
-PREFIX<>unset_field|NOT-SET
-PREFIX<>path|ssh
-PREFIX<>fields|t|id.orig_h|id.orig_p|id.resp_h|id.resp_p|status|country|b
-PREFIX<>types|time|addr|port|addr|port|string|string|bool
-1324314313.345323|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET
-1324314313.345323|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET
-1324314313.345323|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET
-1324314313.345323|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET
-1324314313.345323|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log
new file mode 100644
index 0000000000..72df0d73d4
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log
@@ -0,0 +1,12 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	test
+#start	2012-07-12-21-00-27
+#fields	data	c
+#types	string	count
+Test1	42
+\x23Kaputt	42
+Test2	42
+#end	2012-07-12-21-00-27
diff --git a/testing/btest/core/expr-exception.bro b/testing/btest/core/expr-exception.bro
index 66f9b78c4b..9e84717935 100644
--- a/testing/btest/core/expr-exception.bro
+++ b/testing/btest/core/expr-exception.bro
@@ -2,7 +2,7 @@
 # shouldn't abort Bro entirely, but just return from the function body.
 #
 # @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT >output
-# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff reporter.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log
 # @TEST-EXEC: btest-diff output
 
 event connection_established(c: connection)
diff --git a/testing/btest/istate/events-ssl.bro b/testing/btest/istate/events-ssl.bro
index d87d014a21..afbee3f6d9 100644
--- a/testing/btest/istate/events-ssl.bro
+++ b/testing/btest/istate/events-ssl.bro
@@ -6,10 +6,13 @@
 # 
 # @TEST-EXEC: btest-diff sender/http.log
 # @TEST-EXEC: btest-diff receiver/http.log
-# @TEST-EXEC: cmp sender/http.log receiver/http.log
 # 
-# @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g'  >events.snd.log
-# @TEST-EXEC: bro -x receiver/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g'  >events.rec.log
+# @TEST-EXEC: cat sender/http.log   $SCRIPTS/diff-remove-timestamps >sender.http.log
+# @TEST-EXEC: cat receiver/http.log $SCRIPTS/diff-remove-timestamps >receiver.http.log
+# @TEST-EXEC: cmp sender.http.log receiver.http.log
+# 
+# @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' | $SCRIPTS/diff-remove-timestamps >events.snd.log
+# @TEST-EXEC: bro -x receiver/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' | $SCRIPTS/diff-remove-timestamps  >events.rec.log
 # @TEST-EXEC: btest-diff events.rec.log
 # @TEST-EXEC: btest-diff events.snd.log
 # @TEST-EXEC: cmp events.rec.log events.snd.log
diff --git a/testing/btest/istate/events.bro b/testing/btest/istate/events.bro
index fe588b5c3b..1f05dfc729 100644
--- a/testing/btest/istate/events.bro
+++ b/testing/btest/istate/events.bro
@@ -1,12 +1,15 @@
 # @TEST-SERIALIZE: comm
 #
-# @TEST-EXEC: btest-bg-run sender   bro -C -r $TRACES/web.trace --pseudo-realtime ../sender.bro
-# @TEST-EXEC: btest-bg-run receiver bro ../receiver.bro
+# @TEST-EXEC: btest-bg-run sender   bro -Bthreading,logging,comm -C -r $TRACES/web.trace --pseudo-realtime ../sender.bro
+# @TEST-EXEC: btest-bg-run receiver bro -Bthreading,logging,comm  ../receiver.bro
 # @TEST-EXEC: btest-bg-wait -k 20
 # 
 # @TEST-EXEC: btest-diff sender/http.log
 # @TEST-EXEC: btest-diff receiver/http.log
-# @TEST-EXEC: cmp sender/http.log receiver/http.log
+# 
+# @TEST-EXEC: cat sender/http.log   $SCRIPTS/diff-remove-timestamps >sender.http.log
+# @TEST-EXEC: cat receiver/http.log $SCRIPTS/diff-remove-timestamps >receiver.http.log
+# @TEST-EXEC: cmp sender.http.log receiver.http.log
 # 
 # @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g'  >events.snd.log
 # @TEST-EXEC: bro -x receiver/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g'  >events.rec.log
diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro b/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro
index 9dace5d52a..0bb5900e30 100644
--- a/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro
@@ -1,12 +1,13 @@
 #
 # @TEST-EXEC: bro -b %INPUT
-# @TEST-EXEC: btest-diff ssh.log
+# @TEST-EXEC: cat ssh.log | grep -v PREFIX.*20..- >ssh-filtered.log
+# @TEST-EXEC: btest-diff ssh-filtered.log
 
 redef LogAscii::output_to_stdout = F;
 redef LogAscii::separator = "|";
 redef LogAscii::empty_field = "EMPTY";
 redef LogAscii::unset_field = "NOT-SET";
-redef LogAscii::header_prefix = "PREFIX<>";
+redef LogAscii::meta_prefix = "PREFIX<>";
 
 module SSH;
 
diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.bro b/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.bro
new file mode 100644
index 0000000000..4670811b2a
--- /dev/null
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.bro
@@ -0,0 +1,23 @@
+#
+# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: btest-diff test.log
+
+module Test;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Info: record {
+		data: string &log;
+		c: count &log &default=42;
+	};
+}
+
+event bro_init()
+{
+	Log::create_stream(Test::LOG, [$columns=Info]);
+	Log::write(Test::LOG, [$data="Test1"]);
+	Log::write(Test::LOG, [$data="#Kaputt"]);
+	Log::write(Test::LOG, [$data="Test2"]);
+}
+
diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-options.bro b/testing/btest/scripts/base/frameworks/logging/ascii-options.bro
index 8c228c1384..474b179536 100644
--- a/testing/btest/scripts/base/frameworks/logging/ascii-options.bro
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-options.bro
@@ -4,7 +4,7 @@
 
 redef LogAscii::output_to_stdout = F;
 redef LogAscii::separator = "|";
-redef LogAscii::include_header = F;
+redef LogAscii::include_meta = F;
 
 module SSH;
 
diff --git a/testing/btest/scripts/base/frameworks/logging/remote-types.bro b/testing/btest/scripts/base/frameworks/logging/remote-types.bro
index f1ef4f0c31..3f102e6319 100644
--- a/testing/btest/scripts/base/frameworks/logging/remote-types.bro
+++ b/testing/btest/scripts/base/frameworks/logging/remote-types.bro
@@ -1,10 +1,12 @@
 # @TEST-SERIALIZE: comm
 #
-# @TEST-EXEC: btest-bg-run sender bro --pseudo-realtime %INPUT ../sender.bro
-# @TEST-EXEC: btest-bg-run receiver bro --pseudo-realtime %INPUT ../receiver.bro
+# @TEST-EXEC: btest-bg-run sender bro -B threading,logging --pseudo-realtime %INPUT ../sender.bro
+# @TEST-EXEC: btest-bg-run receiver bro -B threading,logging --pseudo-realtime %INPUT ../receiver.bro
 # @TEST-EXEC: btest-bg-wait -k 10
 # @TEST-EXEC: btest-diff receiver/test.log
-# @TEST-EXEC: cmp receiver/test.log sender/test.log
+# @TEST-EXEC: cat receiver/test.log | egrep -v '#start|#end' >r.log
+# @TEST-EXEC: cat sender/test.log   | egrep -v '#start|#end' >s.log
+# @TEST-EXEC: cmp r.log s.log
 
 # Remote version testing all types.
 
diff --git a/testing/btest/scripts/base/frameworks/logging/remote.bro b/testing/btest/scripts/base/frameworks/logging/remote.bro
index 8375d7915a..48683148f5 100644
--- a/testing/btest/scripts/base/frameworks/logging/remote.bro
+++ b/testing/btest/scripts/base/frameworks/logging/remote.bro
@@ -8,9 +8,11 @@
 # @TEST-EXEC: btest-diff sender/test.log
 # @TEST-EXEC: btest-diff sender/test.failure.log
 # @TEST-EXEC: btest-diff sender/test.success.log
-# @TEST-EXEC: cmp receiver/test.log sender/test.log
-# @TEST-EXEC: cmp receiver/test.failure.log sender/test.failure.log
-# @TEST-EXEC: cmp receiver/test.success.log sender/test.success.log
+# @TEST-EXEC: ( cd sender && for i in *.log; do cat $i | $SCRIPTS/diff-remove-timestamps >c.$i; done )
+# @TEST-EXEC: ( cd receiver && for i in *.log; do cat $i | $SCRIPTS/diff-remove-timestamps >c.$i; done )
+# @TEST-EXEC: cmp receiver/c.test.log sender/c.test.log
+# @TEST-EXEC: cmp receiver/c.test.failure.log sender/c.test.failure.log
+# @TEST-EXEC: cmp receiver/c.test.success.log sender/c.test.success.log
 
 # This is the common part loaded by both sender and receiver.
 module Test;
diff --git a/testing/btest/scripts/base/frameworks/notice/default-policy-order.test b/testing/btest/scripts/base/frameworks/notice/default-policy-order.test
index 6e53bd3b54..d5d3f4c3fa 100644
--- a/testing/btest/scripts/base/frameworks/notice/default-policy-order.test
+++ b/testing/btest/scripts/base/frameworks/notice/default-policy-order.test
@@ -1,10 +1,10 @@
 # This test checks that the default notice policy ordering does not
 # change from run to run.
 # @TEST-EXEC: bro -e ''
-# @TEST-EXEC: mv notice_policy.log notice_policy.log.1
+# @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.1
 # @TEST-EXEC: bro -e ''
-# @TEST-EXEC: mv notice_policy.log notice_policy.log.2
+# @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.2
 # @TEST-EXEC: bro -e ''
-# @TEST-EXEC: mv notice_policy.log notice_policy.log.3
+# @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.3
 # @TEST-EXEC: diff notice_policy.log.1 notice_policy.log.2
 # @TEST-EXEC: diff notice_policy.log.1 notice_policy.log.3
diff --git a/testing/scripts/diff-remove-timestamps b/testing/scripts/diff-remove-timestamps
index 063f1e4900..2b029789de 100755
--- a/testing/scripts/diff-remove-timestamps
+++ b/testing/scripts/diff-remove-timestamps
@@ -1,5 +1,8 @@
 #! /usr/bin/env bash
 #
-# Replace anything which looks like timestamps with XXXs.
+# Replace anything which looks like timestamps with XXXs (including the #start/end markers in logs).
+
+sed 's/[0-9]\{10\}\.[0-9]\{2,8\}/XXXXXXXXXX.XXXXXX/g' | \
+sed 's/^#\(start\|end\).20..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g' | \
+grep -v '#start' | grep -v '#end'
 
-sed 's/[0-9]\{10\}\.[0-9]\{2,8\}/XXXXXXXXXX.XXXXXX/g'

From 1ca0d970fc8c3972511067cfbdf9314a6c35d0eb Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Mon, 16 Jul 2012 13:39:19 -0700
Subject: [PATCH 41/60] Removing the thread kill functionality.

Wasn't really used and has potential for trouble.
---
 src/main.cc              | 6 ------
 src/threading/Manager.cc | 8 --------
 src/threading/Manager.h  | 9 ---------
 3 files changed, 23 deletions(-)

diff --git a/src/main.cc b/src/main.cc
index d94a32df63..d3937b3449 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -361,12 +361,6 @@ RETSIGTYPE sig_handler(int signo)
 	set_processing_status("TERMINATING", "sig_handler");
 	signal_val = signo;
 
-	if ( thread_mgr->Terminating() && (signal_val == SIGTERM || signal_val == SIGINT) )
-		// If the thread manager is already terminating (i.e.,
-		// waiting for child threads to exit), another term signal
-		// will send the threads a kill.
-		thread_mgr->KillThreads();
-
 	return RETSIGVAL;
 	}
 
diff --git a/src/threading/Manager.cc b/src/threading/Manager.cc
index d8f3936037..8e0610a056 100644
--- a/src/threading/Manager.cc
+++ b/src/threading/Manager.cc
@@ -48,14 +48,6 @@ void Manager::Terminate()
 	terminating = false;
 	}
 
-void Manager::KillThreads()
-	{
-	DBG_LOG(DBG_THREADING, "Killing threads ...");
-
-	for ( all_thread_list::iterator i = all_threads.begin(); i != all_threads.end(); i++ )
-		(*i)->Kill();
-	}
-
 void Manager::AddThread(BasicThread* thread)
 	{
 	DBG_LOG(DBG_THREADING, "Adding thread %s ...", thread->Name().c_str());
diff --git a/src/threading/Manager.h b/src/threading/Manager.h
index 1afd115da0..1c7914fcde 100644
--- a/src/threading/Manager.h
+++ b/src/threading/Manager.h
@@ -49,15 +49,6 @@ public:
 	 */
 	bool Terminating() const	{ return terminating; }
 
-	/**
-	 * Immediately kills all child threads. It does however not yet join
-	 * them, one still needs to call Terminate() for that.
-	 *
-	 * This method is safe to call from a signal handler, and can in fact
-	 * be called while Terminate() is already in progress.
-	 */
-	void KillThreads();
-
 	typedef std::list<std::pair<string, MsgThread::Stats> > msg_stats_list;
 
 	/**

From c8789cff94c5200674ad08199a1f800882aabf72 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Mon, 16 Jul 2012 13:40:19 -0700
Subject: [PATCH 42/60] If a thread doesn't terminate, we log that but not
 longer proceed (because it could hang later still).

Also logging to stderr as well to make sure one sees it.

Also adding code to the ASCII writer to catch termination
inconsistencies.
---
 aux/binpac                   |  2 +-
 aux/bro-aux                  |  2 +-
 aux/broccoli                 |  2 +-
 aux/broctl                   |  2 +-
 cmake                        |  2 +-
 src/logging/writers/Ascii.cc | 14 ++++++++++++++
 src/logging/writers/Ascii.h  |  1 +
 src/threading/MsgThread.cc   |  8 +++-----
 8 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/aux/binpac b/aux/binpac
index 4ad8d15b63..b4094cb75e 160000
--- a/aux/binpac
+++ b/aux/binpac
@@ -1 +1 @@
-Subproject commit 4ad8d15b6395925c9875c9d2912a6cc3b4918e0a
+Subproject commit b4094cb75e0a7769123f7db1f5d73f3f9f1c3977
diff --git a/aux/bro-aux b/aux/bro-aux
index c691c01e9c..2038e3de04 160000
--- a/aux/bro-aux
+++ b/aux/bro-aux
@@ -1 +1 @@
-Subproject commit c691c01e9cefae5a79bcd4b0f84ca387c8c587a7
+Subproject commit 2038e3de042115c3caa706426e16c830c1fd1e9e
diff --git a/aux/broccoli b/aux/broccoli
index 8234b8903c..07866915a1 160000
--- a/aux/broccoli
+++ b/aux/broccoli
@@ -1 +1 @@
-Subproject commit 8234b8903cbc775f341bdb6a1c0159981d88d27b
+Subproject commit 07866915a1450ddd25b888917f494b4824b0cc3f
diff --git a/aux/broctl b/aux/broctl
index d5ecd1a42c..892b60edb9 160000
--- a/aux/broctl
+++ b/aux/broctl
@@ -1 +1 @@
-Subproject commit d5ecd1a42c04b0dca332edc31811e5a6d0f7f2fb
+Subproject commit 892b60edb967bb456872638f22ba994e84530137
diff --git a/cmake b/cmake
index 2a72c5e08e..96f3d92aca 160000
--- a/cmake
+++ b/cmake
@@ -1 +1 @@
-Subproject commit 2a72c5e08e018cf632033af3920432d5f684e130
+Subproject commit 96f3d92acadbe1ae64f410e974c5ff503903394b
diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc
index ab68cd77d8..a0d4504d64 100644
--- a/src/logging/writers/Ascii.cc
+++ b/src/logging/writers/Ascii.cc
@@ -16,6 +16,7 @@ using threading::Field;
 Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend)
 	{
 	file = 0;
+	ascii_done = false;
 
 	output_to_stdout = BifConst::LogAscii::output_to_stdout;
 	include_meta = BifConst::LogAscii::include_meta;
@@ -51,6 +52,12 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend)
 
 Ascii::~Ascii()
 	{
+	if ( ! ascii_done )
+		{
+		fprintf(stderr, "missing finish message\n");
+		abort();
+		}
+
 	// Normally, the file will be closed here already via the Finish()
 	// message. But when we terminate abnormally, we may still have it
 	// open.
@@ -156,6 +163,13 @@ bool Ascii::DoFlush(double network_time)
 
 bool Ascii::DoFinish(double network_time)
 	{
+	if ( ascii_done )
+		{
+		fprintf(stderr, "duplicate finish message\n");
+		abort();
+		}
+
+	ascii_done = true;
 	CloseFile(network_time);
 	return true;
 	}
diff --git a/src/logging/writers/Ascii.h b/src/logging/writers/Ascii.h
index 857954ce37..c2cd33f203 100644
--- a/src/logging/writers/Ascii.h
+++ b/src/logging/writers/Ascii.h
@@ -40,6 +40,7 @@ private:
 	FILE* file;
 	string fname;
 	ODesc desc;
+	bool ascii_done;
 
 	// Options set from the script-level.
 	bool output_to_stdout;
diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc
index 81ef123661..e4cda1e84d 100644
--- a/src/threading/MsgThread.cc
+++ b/src/threading/MsgThread.cc
@@ -166,17 +166,15 @@ void MsgThread::OnStop()
 	int cnt = 0;
 	while ( ! finished )
 		{
-		if ( ++cnt > 1000 ) // Insurance against broken threads ...
+		if ( ++cnt % 2000 == 0 ) // Insurance against broken threads ...
 			{
-			reporter->Warning("thread %s didn't finish in time", Name().c_str());
-			break;
+			reporter->Warning("thread %s has not yet terminated ...", Name().c_str());
+			fprintf(stderr, "warning: thread %s has not yet terminated ...", Name().c_str());
 			}
 
 		usleep(1000);
 		}
 
-	Finished();
-
 	// One more message to make sure the current queue read operation unblocks.
 	SendIn(new UnblockMessage(this), true);
 	}

From f7a6407ab1213d95f074e47c39061f541f630944 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Thu, 12 Jul 2012 13:44:24 -0700
Subject: [PATCH 43/60] Reworking thread termination logic.

Turns out the finish methods weren't called correctly, caused by a
mess up with method names which all sounded too similar and the wrong
one ended up being called. I've reworked this by changing the
thread/writer/reader interfaces, which actually also simplifies them
by getting rid of the requirement for writer backends to call their
parent methods (i.e., less opportunity for errors).

This commit also includes the following (because I noticed the problem
above when working on some of these):

     - The ASCII log writer now includes "#start <timestamp>" and
      "#end <timestamp> lines in the each file. The latter supersedes
      Bernhard's "EOF" patch.

      This required a number of tests updates. The standard canonifier
      removes the timestamps, but some tests compare files directly,
      which doesn't work if they aren't printing out the same
      timestamps (like the comm tests).

     - The above required yet another change to the writer API to
       network_time to methods.

     - Renamed ASCII logger "header" options to "meta".

     - Fixes #763 "Escape # when first character in log file line".

All btests pass for me on Linux FC15. Will try MacOS next.
---
 src/logging/writers/Ascii.cc | 7 +------
 src/threading/MsgThread.cc   | 2 ++
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc
index a0d4504d64..3bc4ef4b38 100644
--- a/src/logging/writers/Ascii.cc
+++ b/src/logging/writers/Ascii.cc
@@ -52,12 +52,6 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend)
 
 Ascii::~Ascii()
 	{
-	if ( ! ascii_done )
-		{
-		fprintf(stderr, "missing finish message\n");
-		abort();
-		}
-
 	// Normally, the file will be closed here already via the Finish()
 	// message. But when we terminate abnormally, we may still have it
 	// open.
@@ -170,6 +164,7 @@ bool Ascii::DoFinish(double network_time)
 		}
 
 	ascii_done = true;
+
 	CloseFile(network_time);
 	return true;
 	}
diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc
index e4cda1e84d..45fbf6afa5 100644
--- a/src/threading/MsgThread.cc
+++ b/src/threading/MsgThread.cc
@@ -175,6 +175,8 @@ void MsgThread::OnStop()
 		usleep(1000);
 		}
 
+	Finished();
+
 	// One more message to make sure the current queue read operation unblocks.
 	SendIn(new UnblockMessage(this), true);
 	}

From f6b883bafc71840e146768b966d37a9229559c18 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Tue, 17 Jul 2012 17:09:49 -0700
Subject: [PATCH 44/60] Further reworking the thread API.

---
 src/logging/WriterFrontend.cc   |  3 ---
 src/logging/WriterFrontend.h    |  2 +-
 src/threading/MsgThread.cc      | 13 +++++--------
 src/threading/MsgThread.h       |  1 +
 src/util.cc                     | 22 ++++++++++++++++++++++
 src/util.h                      |  6 ++++++
 testing/scripts/diff-canonifier |  2 +-
 7 files changed, 36 insertions(+), 13 deletions(-)

diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc
index 577003926b..b816327e9c 100644
--- a/src/logging/WriterFrontend.cc
+++ b/src/logging/WriterFrontend.cc
@@ -141,9 +141,6 @@ void WriterFrontend::Stop()
 	{
 	FlushWriteBuffer();
 	SetDisable();
-
-	if ( backend )
-		backend->Stop();
 	}
 
 void WriterFrontend::Init(const WriterBackend::WriterInfo& arg_info, int arg_num_fields, const Field* const * arg_fields)
diff --git a/src/logging/WriterFrontend.h b/src/logging/WriterFrontend.h
index 6581fb1c1b..e8f3d06d6c 100644
--- a/src/logging/WriterFrontend.h
+++ b/src/logging/WriterFrontend.h
@@ -50,7 +50,7 @@ public:
 
 	/**
 	 * Stops all output to this writer. Calling this methods disables all
-	 * message forwarding to the backend and stops the backend thread.
+	 * message forwarding to the backend.
 	 *
 	 * This method must only be called from the main thread.
 	 */
diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc
index 45fbf6afa5..f101d0ca3c 100644
--- a/src/threading/MsgThread.cc
+++ b/src/threading/MsgThread.cc
@@ -152,12 +152,13 @@ MsgThread::MsgThread() : BasicThread()
 	{
 	cnt_sent_in = cnt_sent_out = 0;
 	finished = false;
+	stopped = false;
 	thread_mgr->AddMsgThread(this);
 	}
 
 void MsgThread::OnStop()
 	{
-	if ( finished )
+	if ( stopped )
 		return;
 
 	// Signal thread to terminate and wait until it has acknowledged.
@@ -303,13 +304,8 @@ BasicInputMessage* MsgThread::RetrieveIn()
 
 void MsgThread::Run()
 	{
-	while ( true )
+	while ( ! finished )
 		{
-		// When requested to terminate, we only do so when
-		// all input has been processed.
-		if ( Terminating() && ! queue_in.Ready() )
-			break;
-
 		BasicInputMessage* msg = RetrieveIn();
 
 		bool result = msg->Process();
@@ -318,12 +314,13 @@ void MsgThread::Run()
 			{
 			string s = msg->Name() + " failed, terminating thread (MsgThread)";
 			Error(s.c_str());
-			Stop();
 			break;
 			}
 
 		delete msg;
 		}
+
+    Finished();
 	}
 
 void MsgThread::GetStats(Stats* stats)
diff --git a/src/threading/MsgThread.h b/src/threading/MsgThread.h
index 67ab9517c5..d929c1f806 100644
--- a/src/threading/MsgThread.h
+++ b/src/threading/MsgThread.h
@@ -293,6 +293,7 @@ private:
 	uint64_t cnt_sent_out;	// Counts message sent by child.
 
 	bool finished;	// Set to true by Finished message.
+	bool stopped;   // Set to true by OnStop().
 };
 
 /**
diff --git a/src/util.cc b/src/util.cc
index 3cfa5fca1c..b7a4683597 100644
--- a/src/util.cc
+++ b/src/util.cc
@@ -1290,6 +1290,28 @@ uint64 calculate_unique_id(size_t pool)
 	return HashKey::HashBytes(&(uid_pool[pool].key), sizeof(uid_pool[pool].key));
 	}
 
+bool safe_write(int fd, const char* data, int len)
+	{
+    return true;
+	while ( len > 0 )
+		{
+		int n = write(fd, data, len);
+
+		if ( n < 0 )
+			{
+			if ( errno == EINTR )
+				continue;
+
+			return false;
+			}
+
+		data += n;
+		len -= n;
+		}
+
+	return true;
+	}
+
 void out_of_memory(const char* where)
 	{
 	reporter->FatalError("out of memory in %s.\n", where);
diff --git a/src/util.h b/src/util.h
index e4c995f45f..075c2af7c2 100644
--- a/src/util.h
+++ b/src/util.h
@@ -289,6 +289,11 @@ inline size_t pad_size(size_t size)
 
 #define padded_sizeof(x) (pad_size(sizeof(x)))
 
+// Like write() but handles interrupted system calls by restarting. Returns
+// true if the write was successful, otherwise sets errno. This function is
+// thread-safe as long as no two threads write to the same descriptor.
+extern bool safe_write(int fd, const char* data, int len);
+
 extern void out_of_memory(const char* where);
 
 inline void* safe_realloc(void* ptr, size_t size)
@@ -338,4 +343,5 @@ inline int safe_vsnprintf(char* str, size_t size, const char* format, va_list al
 // handed out by malloc.
 extern void get_memory_usage(unsigned int* total,
 			     unsigned int* malloced);
+
 #endif
diff --git a/testing/scripts/diff-canonifier b/testing/scripts/diff-canonifier
index 3cb213a3f7..4d04b3372c 100755
--- a/testing/scripts/diff-canonifier
+++ b/testing/scripts/diff-canonifier
@@ -2,4 +2,4 @@
 #
 # Default canonifier used with the tests in testing/btest/*.
 
-`dirname $0`/diff-remove-timestamps
+`dirname $0`/diff-remove-timestamps | grep -v XXX

From e90918aa509c6c44078707d147144e62dc4bc4d4 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Tue, 17 Jul 2012 19:02:36 -0700
Subject: [PATCH 45/60] Moving the ASCII writer over to use UNIX I/O rather
 than stdio.

---
 src/logging/writers/Ascii.cc | 40 +++++++++++++++++++-----------------
 src/logging/writers/Ascii.h  |  2 +-
 src/threading/BasicThread.cc |  5 ++---
 src/util.cc                  |  1 -
 4 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc
index 3bc4ef4b38..c1f307fb4e 100644
--- a/src/logging/writers/Ascii.cc
+++ b/src/logging/writers/Ascii.cc
@@ -15,7 +15,7 @@ using threading::Field;
 
 Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend)
 	{
-	file = 0;
+	fd = 0;
 	ascii_done = false;
 
 	output_to_stdout = BifConst::LogAscii::output_to_stdout;
@@ -53,9 +53,8 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend)
 Ascii::~Ascii()
 	{
 	// Normally, the file will be closed here already via the Finish()
-	// message. But when we terminate abnormally, we may still have it
-	// open.
-	if ( file )
+	// message. But when we terminate abnormally, we may still have it open.
+	if ( fd )
 		CloseFile(0);
 
 	delete [] separator;
@@ -70,23 +69,25 @@ bool Ascii::WriteHeaderField(const string& key, const string& val)
 	string str = string(meta_prefix, meta_prefix_len) +
 		key + string(separator, separator_len) + val + "\n";
 
-	return (fwrite(str.c_str(), str.length(), 1, file) == 1);
+	return safe_write(fd, str.c_str(), str.length());
 	}
 
 void Ascii::CloseFile(double t)
 	{
-	if ( ! file )
+	if ( ! fd)
 		return;
 
 	if ( include_meta )
 		WriteHeaderField("end", t ? Timestamp(t) : "<abnormal termination>");
 
-	fclose(file);
-	file = 0;
+	close(fd);
+	fd = 0;
 	}
 
 bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * fields)
 	{
+    assert(! fd);
+
 	string path = info.path;
 
 	if ( output_to_stdout )
@@ -94,11 +95,13 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const *
 
 	fname = IsSpecial(path) ? path : path + "." + LogExt();
 
-	if ( ! (file = fopen(fname.c_str(), "w")) )
+	fd = open(fname.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0777);
+
+	if ( fd < 0 )
 		{
 		Error(Fmt("cannot open %s: %s", fname.c_str(),
 			  Strerror(errno)));
-
+		fd = 0;
 		return false;
 		}
 
@@ -112,7 +115,7 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const *
 			+ get_escaped_string(string(separator, separator_len), false)
 			+ "\n";
 
-		if( fwrite(str.c_str(), str.length(), 1, file) != 1 )
+		if ( ! safe_write(fd, str.c_str(), str.length()) )
 			goto write_error;
 
 		if ( ! (WriteHeaderField("set_separator", get_escaped_string(
@@ -151,7 +154,7 @@ write_error:
 
 bool Ascii::DoFlush(double network_time)
 	{
-	fflush(file);
+	fsync(fd);
 	return true;
 	}
 
@@ -318,7 +321,7 @@ bool Ascii::DoWriteOne(ODesc* desc, Value* val, const Field* field)
 bool Ascii::DoWrite(int num_fields, const Field* const * fields,
 			     Value** vals)
 	{
-	if ( ! file )
+	if ( ! fd )
 		DoInit(Info(), NumFields(), Fields());
 
 	desc.Clear();
@@ -337,24 +340,23 @@ bool Ascii::DoWrite(int num_fields, const Field* const * fields,
 	const char* bytes = (const char*)desc.Bytes();
 	int len = desc.Len();
 
-	// Make sure the line doesn't look like meta information.
 	if ( strncmp(bytes, meta_prefix, meta_prefix_len) == 0 )
 		{
 		// It would so escape the first character.
 		char buf[16];
 		snprintf(buf, sizeof(buf), "\\x%02x", bytes[0]);
-		if ( fwrite(buf, strlen(buf), 1, file) != 1 )
+		if ( ! safe_write(fd, buf, strlen(buf)) )
 			goto write_error;
 
 		++bytes;
 		--len;
 		}
 
-	if ( fwrite(bytes, len, 1, file) != 1 )
+	if ( ! safe_write(fd, bytes, len) )
 		goto write_error;
 
-	if ( IsBuf() )
-		fflush(file);
+        if ( IsBuf() )
+		fsync(fd);
 
 	return true;
 
@@ -366,7 +368,7 @@ write_error:
 bool Ascii::DoRotate(string rotated_path, double open, double close, bool terminating)
 	{
 	// Don't rotate special files or if there's not one currently open.
-	if ( ! file || IsSpecial(Info().path) )
+	if ( ! fd || IsSpecial(Info().path) )
 		return true;
 
 	CloseFile(close);
diff --git a/src/logging/writers/Ascii.h b/src/logging/writers/Ascii.h
index c2cd33f203..371ded4344 100644
--- a/src/logging/writers/Ascii.h
+++ b/src/logging/writers/Ascii.h
@@ -37,7 +37,7 @@ private:
 	void CloseFile(double t);
 	string Timestamp(double t);
 
-	FILE* file;
+	int fd;
 	string fname;
 	ODesc desc;
 	bool ascii_done;
diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc
index 88c4ac0965..075581e9db 100644
--- a/src/threading/BasicThread.cc
+++ b/src/threading/BasicThread.cc
@@ -87,18 +87,17 @@ const char* BasicThread::Strerror(int err)
 
 void BasicThread::Start()
 	{
-
 	if ( started )
 		return;
 
+	started = true;
+
 	int err = pthread_create(&pthread, 0, BasicThread::launcher, this);
 	if ( err != 0 )
 		reporter->FatalError("Cannot create thread %s:%s", name.c_str(), Strerror(err));
 
 	DBG_LOG(DBG_THREADING, "Started thread %s", name.c_str());
 
-	started = true;
-
 	OnStart();
 	}
 
diff --git a/src/util.cc b/src/util.cc
index b7a4683597..553944c69c 100644
--- a/src/util.cc
+++ b/src/util.cc
@@ -1292,7 +1292,6 @@ uint64 calculate_unique_id(size_t pool)
 
 bool safe_write(int fd, const char* data, int len)
 	{
-    return true;
 	while ( len > 0 )
 		{
 		int n = write(fd, data, len);

From 490859cfeff6b8747a09e31122ec0afc60e318d0 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Tue, 17 Jul 2012 19:36:30 -0700
Subject: [PATCH 46/60] Reworking forceful thread termination.

Ctrl-C now kills a thread even if it hangs at termination. And readded
a (rather long) timeout to kill threads automatically that don't
shutdown.
---
 src/logging/WriterBackend.cc |  4 +---
 src/logging/writers/Ascii.cc |  1 +
 src/threading/BasicThread.cc | 10 +++++-----
 src/threading/Manager.cc     |  8 ++++++++
 src/threading/Manager.h      |  7 +++++++
 src/threading/MsgThread.cc   | 32 ++++++++++++++++++++++++++++----
 6 files changed, 50 insertions(+), 12 deletions(-)

diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc
index 68b0b506a1..a284c56201 100644
--- a/src/logging/WriterBackend.cc
+++ b/src/logging/WriterBackend.cc
@@ -162,9 +162,7 @@ bool WriterBackend::Init(const WriterInfo& arg_info, int arg_num_fields, const F
 	num_fields = arg_num_fields;
 	fields = arg_fields;
 
-	string name = Fmt("%s/%s", info.path.c_str(), frontend_name.c_str());
-
-	SetName(name);
+	SetName(frontend->Name());
 
 	if ( ! DoInit(arg_info, arg_num_fields, arg_fields) )
 		{
diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc
index c1f307fb4e..20963d1535 100644
--- a/src/logging/writers/Ascii.cc
+++ b/src/logging/writers/Ascii.cc
@@ -169,6 +169,7 @@ bool Ascii::DoFinish(double network_time)
 	ascii_done = true;
 
 	CloseFile(network_time);
+
 	return true;
 	}
 
diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc
index 075581e9db..e7fb3f4c84 100644
--- a/src/threading/BasicThread.cc
+++ b/src/threading/BasicThread.cc
@@ -125,7 +125,7 @@ void BasicThread::Join()
 
 	DBG_LOG(DBG_THREADING, "Joining thread %s ...", name.c_str());
 
-	if ( pthread_join(pthread, 0) != 0  )
+	if ( pthread && pthread_join(pthread, 0) != 0  )
 		reporter->FatalError("Failure joining thread %s", name.c_str());
 
 	DBG_LOG(DBG_THREADING, "Done with thread %s", name.c_str());
@@ -135,13 +135,13 @@ void BasicThread::Join()
 
 void BasicThread::Kill()
 	{
+	terminating = true;
+
 	if ( ! (started && pthread) )
 		return;
 
-	// I believe this is safe to call from a signal handler ... Not error
-	// checking so that killing doesn't bail out if we have already
-	// terminated.
-	pthread_kill(pthread, SIGKILL);
+	pthread = 0;
+	pthread_kill(pthread, SIGTERM);
 	}
 
 void* BasicThread::launcher(void *arg)
diff --git a/src/threading/Manager.cc b/src/threading/Manager.cc
index 8e0610a056..f1f9307b03 100644
--- a/src/threading/Manager.cc
+++ b/src/threading/Manager.cc
@@ -83,6 +83,14 @@ double Manager::NextTimestamp(double* network_time)
 	return -1.0;
 	}
 
+void Manager::KillThreads()
+	{
+        DBG_LOG(DBG_THREADING, "Killing threads ...");
+	
+        for ( all_thread_list::iterator i = all_threads.begin(); i != all_threads.end(); i++ )
+                (*i)->Kill();
+        }
+
 void Manager::Process()
 	{
 	bool do_beat = false;
diff --git a/src/threading/Manager.h b/src/threading/Manager.h
index 1c7914fcde..be81c69ba0 100644
--- a/src/threading/Manager.h
+++ b/src/threading/Manager.h
@@ -106,6 +106,13 @@ protected:
 	 */
 	virtual double NextTimestamp(double* network_time);
 
+	/**
+	 * Kills all thread immediately. Note that this may cause race conditions
+	 * if a child thread currently holds a lock that might block somebody
+	 * else.
+	 */
+	virtual void KillThreads();
+
 	/**
 	 * Part of the IOSource interface.
 	 */
diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc
index f101d0ca3c..3913624654 100644
--- a/src/threading/MsgThread.cc
+++ b/src/threading/MsgThread.cc
@@ -156,6 +156,9 @@ MsgThread::MsgThread() : BasicThread()
 	thread_mgr->AddMsgThread(this);
 	}
 
+// Set by Bro's main signal handler.
+extern int signal_val;
+
 void MsgThread::OnStop()
 	{
 	if ( stopped )
@@ -164,13 +167,31 @@ void MsgThread::OnStop()
 	// Signal thread to terminate and wait until it has acknowledged.
 	SendIn(new FinishMessage(this, network_time), true);
 
+	int old_signal_val = signal_val;
+	signal_val = 0;
+
 	int cnt = 0;
+	bool aborted = 0;
+
 	while ( ! finished )
 		{
-		if ( ++cnt % 2000 == 0 ) // Insurance against broken threads ...
+                // Terminate if we get another kill signal.
+		if ( signal_val == SIGTERM || signal_val == SIGINT )
 			{
-			reporter->Warning("thread %s has not yet terminated ...", Name().c_str());
-			fprintf(stderr, "warning: thread %s has not yet terminated ...", Name().c_str());
+			// Abort all threads here so that we won't hang next
+			// on another one.
+                        fprintf(stderr, "received signal while waiting for thread %s, aborting all ...\n", Name().c_str());
+			thread_mgr->KillThreads();
+			aborted = true;
+			break;
+			}
+
+		if ( ++cnt % 10000 == 0 ) // Insurance against broken threads ...
+			{
+                        fprintf(stderr, "killing thread %s ...\n", Name().c_str());
+			Kill();
+			aborted = true;
+			break;
 			}
 
 		usleep(1000);
@@ -178,8 +199,11 @@ void MsgThread::OnStop()
 
 	Finished();
 
+	signal_val = old_signal_val;
+
 	// One more message to make sure the current queue read operation unblocks.
-	SendIn(new UnblockMessage(this), true);
+	if ( ! aborted )
+		SendIn(new UnblockMessage(this), true);
 	}
 
 void MsgThread::Heartbeat()

From 87e10b5f97a897f8c5fac2f983379a8c8966dcae Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Wed, 18 Jul 2012 12:47:13 -0700
Subject: [PATCH 47/60] Further threading and API restructuring for logging and
 input frameworks.

There were a number of cases that weren't thread-safe. In particular,
we don't use std::string anymore for anything that's passed between
threads (but instead plain old const char*, with manual memmory
managmenet).

This is still a check-point commit, I'll do more testing.
---
 src/RemoteSerializer.cc                |   4 +-
 src/input/Manager.cc                   |  68 ++++++------
 src/input/ReaderBackend.cc             |  21 ++--
 src/input/ReaderBackend.h              |  49 +++++++--
 src/input/ReaderFrontend.cc            |  30 +++---
 src/input/ReaderFrontend.h             |  27 ++---
 src/input/readers/Ascii.cc             |  23 +++--
 src/input/readers/Benchmark.cc         |   8 +-
 src/input/readers/Raw.cc               |  10 +-
 src/logging/Manager.cc                 |  89 +++++++++-------
 src/logging/Manager.h                  |   6 +-
 src/logging/WriterBackend.cc           |  40 +++++---
 src/logging/WriterBackend.h            |  51 +++++++--
 src/logging/WriterFrontend.cc          |  46 ++++-----
 src/logging/WriterFrontend.h           |  18 ++--
 src/logging/writers/Ascii.cc           |  45 ++++----
 src/logging/writers/Ascii.h            |   2 +-
 src/logging/writers/DataSeries.cc      |  15 +--
 src/logging/writers/DataSeries.h       |   2 +-
 src/logging/writers/None.cc            |  21 +++-
 src/logging/writers/None.h             |   2 +-
 src/threading/BasicThread.cc           |  95 ++++++++++++-----
 src/threading/BasicThread.h            |  55 ++++++++--
 src/threading/Manager.cc               |  19 +++-
 src/threading/MsgThread.cc             | 137 +++++++++++++------------
 src/threading/MsgThread.h              |  18 ++--
 src/threading/Queue.h                  |  82 ++++++++++++---
 src/threading/SerialTypes.cc           |  48 +++++++--
 src/threading/SerialTypes.h            |  34 ++++--
 testing/btest/istate/events.bro        |   4 +-
 testing/scripts/diff-remove-timestamps |   4 +-
 31 files changed, 692 insertions(+), 381 deletions(-)

diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc
index 9409a34634..7ed8b9318e 100644
--- a/src/RemoteSerializer.cc
+++ b/src/RemoteSerializer.cc
@@ -2692,12 +2692,12 @@ bool RemoteSerializer::ProcessLogCreateWriter()
 
 	int id, writer;
 	int num_fields;
-	logging::WriterBackend::WriterInfo info;
+	logging::WriterBackend::WriterInfo* info = new logging::WriterBackend::WriterInfo();
 
 	bool success = fmt.Read(&id, "id") &&
 		fmt.Read(&writer, "writer") &&
 		fmt.Read(&num_fields, "num_fields") &&
-		info.Read(&fmt);
+		info->Read(&fmt);
 
 	if ( ! success )
 		goto error;
diff --git a/src/input/Manager.cc b/src/input/Manager.cc
index 1c6b69e8ec..f38613a6f8 100644
--- a/src/input/Manager.cc
+++ b/src/input/Manager.cc
@@ -71,7 +71,7 @@ declare(PDict, InputHash);
 class Manager::Stream {
 public:
 	string name;
-	ReaderBackend::ReaderInfo info;
+	ReaderBackend::ReaderInfo* info;
 	bool removed;
 
 	StreamType stream_type; // to distinguish between event and table streams
@@ -257,7 +257,6 @@ ReaderBackend* Manager::CreateBackend(ReaderFrontend* frontend, bro_int_t type)
 
 	assert(ir->factory);
 
-	frontend->SetTypeName(ir->name);
 	ReaderBackend* backend = (*ir->factory)(frontend);
 	assert(backend);
 
@@ -291,9 +290,6 @@ bool Manager::CreateStream(Stream* info, RecordVal* description)
 
 	EnumVal* reader = description->LookupWithDefault(rtype->FieldOffset("reader"))->AsEnumVal();
 
-	ReaderFrontend* reader_obj = new ReaderFrontend(reader->InternalInt());
-	assert(reader_obj);
-
 	// get the source ...
 	Val* sourceval = description->LookupWithDefault(rtype->FieldOffset("source"));
 	assert ( sourceval != 0 );
@@ -301,21 +297,22 @@ bool Manager::CreateStream(Stream* info, RecordVal* description)
 	string source((const char*) bsource->Bytes(), bsource->Len());
 	Unref(sourceval);
 
-	EnumVal* mode = description->LookupWithDefault(rtype->FieldOffset("mode"))->AsEnumVal();
-	Val* config = description->LookupWithDefault(rtype->FieldOffset("config"));
+	ReaderBackend::ReaderInfo* rinfo = new ReaderBackend::ReaderInfo();
+	rinfo->source = copy_string(source.c_str());
 
+	EnumVal* mode = description->LookupWithDefault(rtype->FieldOffset("mode"))->AsEnumVal();
 	switch ( mode->InternalInt() )
 		{
 		case 0:
-			info->info.mode = MODE_MANUAL;
+			rinfo->mode = MODE_MANUAL;
 			break;
 
 		case 1:
-			info->info.mode = MODE_REREAD;
+			rinfo->mode = MODE_REREAD;
 			break;
 
 		case 2:
-			info->info.mode = MODE_STREAM;
+			rinfo->mode = MODE_STREAM;
 			break;
 
 		default:
@@ -324,12 +321,16 @@ bool Manager::CreateStream(Stream* info, RecordVal* description)
 
 	Unref(mode);
 
+	Val* config = description->LookupWithDefault(rtype->FieldOffset("config"));
+
+	ReaderFrontend* reader_obj = new ReaderFrontend(*rinfo, reader);
+	assert(reader_obj);
+
 	info->reader = reader_obj;
 	info->type = reader->AsEnumVal(); // ref'd by lookupwithdefault
 	info->name = name;
 	info->config = config->AsTableVal(); // ref'd by LookupWithDefault
-
-	info->info.source = source;
+	info->info = rinfo;
 
 	Ref(description);
 	info->description = description;
@@ -344,7 +345,7 @@ bool Manager::CreateStream(Stream* info, RecordVal* description)
 			ListVal* index = info->config->RecoverIndex(k);
 			string key = index->Index(0)->AsString()->CheckString();
 			string value = v->Value()->AsString()->CheckString();
-			info->info.config.insert(std::make_pair(key, value));
+			info->info->config.insert(std::make_pair(copy_string(key.c_str()), copy_string(value.c_str())));
 			Unref(index);
 			delete k;
 			}
@@ -475,7 +476,7 @@ bool Manager::CreateEventStream(RecordVal* fval)
 
 	assert(stream->reader);
 
-	stream->reader->Init(stream->info, stream->num_fields, logf );
+	stream->reader->Init(stream->num_fields, logf );
 
 	readers[stream->reader] = stream;
 
@@ -652,7 +653,7 @@ bool Manager::CreateTableStream(RecordVal* fval)
 
 
 	assert(stream->reader);
-	stream->reader->Init(stream->info, fieldsV.size(), fields );
+	stream->reader->Init(fieldsV.size(), fields );
 
 	readers[stream->reader] = stream;
 
@@ -791,17 +792,19 @@ bool Manager::UnrollRecordType(vector<Field*> *fields,
 
 		else
 			{
-			Field* field = new Field();
-			field->name = nameprepend + rec->FieldName(i);
-			field->type = rec->FieldType(i)->Tag();
+			string name = nameprepend + rec->FieldName(i);
+			const char* secondary = 0;
+			TypeTag ty = rec->FieldType(i)->Tag();
+			TypeTag st = TYPE_VOID;
+			bool optional = false;
 
-			if ( field->type == TYPE_TABLE )
-				field->subtype = rec->FieldType(i)->AsSetType()->Indices()->PureType()->Tag();
+			if ( ty == TYPE_TABLE )
+				st = rec->FieldType(i)->AsSetType()->Indices()->PureType()->Tag();
 
-			else if ( field->type == TYPE_VECTOR )
-				field->subtype = rec->FieldType(i)->AsVectorType()->YieldType()->Tag();
+			else if ( ty == TYPE_VECTOR )
+				st = rec->FieldType(i)->AsVectorType()->YieldType()->Tag();
 
-			else if ( field->type == TYPE_PORT &&
+			else if ( ty == TYPE_PORT &&
 				  rec->FieldDecl(i)->FindAttr(ATTR_TYPE_COLUMN) )
 				{
 				// we have an annotation for the second column
@@ -811,12 +814,13 @@ bool Manager::UnrollRecordType(vector<Field*> *fields,
 				assert(c);
 				assert(c->Type()->Tag() == TYPE_STRING);
 
-				field->secondary_name = c->AsStringVal()->AsString()->CheckString();
+				secondary = c->AsStringVal()->AsString()->CheckString();
 				}
 
 			if ( rec->FieldDecl(i)->FindAttr(ATTR_OPTIONAL ) )
-				field->optional = true;
+				optional = true;
 
+			Field* field = new Field(name.c_str(), secondary, ty, st, optional);
 			fields->push_back(field);
 			}
 		}
@@ -1230,7 +1234,7 @@ void Manager::EndCurrentSend(ReaderFrontend* reader)
 #endif
 
 	// Send event that the current update is indeed finished.
-	SendEvent(update_finished, 2, new StringVal(i->name.c_str()), new StringVal(i->info.source.c_str()));
+	SendEvent(update_finished, 2, new StringVal(i->name.c_str()), new StringVal(i->info->source));
 	}
 
 void Manager::Put(ReaderFrontend* reader, Value* *vals)
@@ -1707,7 +1711,7 @@ int Manager::GetValueLength(const Value* val) {
 	case TYPE_STRING:
 	case TYPE_ENUM:
 		{
-		length += val->val.string_val->size();
+		length += val->val.string_val.length;
 		break;
 		}
 
@@ -1806,8 +1810,8 @@ int Manager::CopyValue(char *data, const int startpos, const Value* val)
 	case TYPE_STRING:
 	case TYPE_ENUM:
 		{
-		memcpy(data+startpos, val->val.string_val->c_str(), val->val.string_val->length());
-		return val->val.string_val->size();
+		memcpy(data+startpos, val->val.string_val.data, val->val.string_val.length);
+		return val->val.string_val.length;
 		}
 
 	case TYPE_ADDR:
@@ -1955,7 +1959,7 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type)
 
 	case TYPE_STRING:
 		{
-		BroString *s = new BroString(*(val->val.string_val));
+		BroString *s = new BroString((const u_char*)val->val.string_val.data, val->val.string_val.length, 0);
 		return new StringVal(s);
 		}
 
@@ -2039,8 +2043,8 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type)
 	case TYPE_ENUM: {
 		// well, this is kind of stupid, because EnumType just mangles the module name and the var name together again...
 		// but well
-		string module = extract_module_name(val->val.string_val->c_str());
-		string var = extract_var_name(val->val.string_val->c_str());
+		string module = extract_module_name(val->val.string_val.data);
+		string var = extract_var_name(val->val.string_val.data);
 		bro_int_t index = request_type->AsEnumType()->Lookup(module, var.c_str());
 		if ( index == -1 )
 			reporter->InternalError("Value not found in enum mappimg. Module: %s, var: %s",
diff --git a/src/input/ReaderBackend.cc b/src/input/ReaderBackend.cc
index 84106a3c94..88a78c3cd7 100644
--- a/src/input/ReaderBackend.cc
+++ b/src/input/ReaderBackend.cc
@@ -56,22 +56,24 @@ private:
 
 class SendEventMessage : public threading::OutputMessage<ReaderFrontend> {
 public:
-	SendEventMessage(ReaderFrontend* reader, const string& name, const int num_vals, Value* *val)
+	SendEventMessage(ReaderFrontend* reader, const char* name, const int num_vals, Value* *val)
 		: threading::OutputMessage<ReaderFrontend>("SendEvent", reader),
-		name(name), num_vals(num_vals), val(val) {}
+		name(copy_string(name)), num_vals(num_vals), val(val) {}
+
+	virtual ~SendEventMessage()	{ delete [] name; }
 
 	virtual bool Process()
 		{
 		bool success = input_mgr->SendEvent(name, num_vals, val);
 
 		if ( ! success )
-			reporter->Error("SendEvent for event %s failed", name.c_str());
+			reporter->Error("SendEvent for event %s failed", name);
 
 		return true; // We do not want to die if sendEvent fails because the event did not return.
 		}
 
 private:
-	const string name;
+	const char* name;
 	const int num_vals;
 	Value* *val;
 };
@@ -146,12 +148,14 @@ ReaderBackend::ReaderBackend(ReaderFrontend* arg_frontend) : MsgThread()
 	{
 	disabled = true; // disabled will be set correcty in init.
 	frontend = arg_frontend;
+	info = new ReaderInfo(frontend->Info());
 
 	SetName(frontend->Name());
 	}
 
 ReaderBackend::~ReaderBackend()
 	{
+	delete info;
 	}
 
 void ReaderBackend::Put(Value* *val)
@@ -169,7 +173,7 @@ void ReaderBackend::Clear()
 	SendOut(new ClearMessage(frontend));
 	}
 
-void ReaderBackend::SendEvent(const string& name, const int num_vals, Value* *vals)
+void ReaderBackend::SendEvent(const char* name, const int num_vals, Value* *vals)
 	{
 	SendOut(new SendEventMessage(frontend, name, num_vals, vals));
 	}
@@ -184,17 +188,14 @@ void ReaderBackend::SendEntry(Value* *vals)
 	SendOut(new SendEntryMessage(frontend, vals));
 	}
 
-bool ReaderBackend::Init(const ReaderInfo& arg_info, const int arg_num_fields,
+bool ReaderBackend::Init(const int arg_num_fields,
 		         const threading::Field* const* arg_fields)
 	{
-	info = arg_info;
 	num_fields = arg_num_fields;
 	fields = arg_fields;
 
-	SetName("InputReader/"+info.source);
-
 	// disable if DoInit returns error.
-	int success = DoInit(arg_info, arg_num_fields, arg_fields);
+	int success = DoInit(*info, arg_num_fields, arg_fields);
 
 	if ( ! success )
 		{
diff --git a/src/input/ReaderBackend.h b/src/input/ReaderBackend.h
index 1e77a61f37..7626cc25ed 100644
--- a/src/input/ReaderBackend.h
+++ b/src/input/ReaderBackend.h
@@ -34,7 +34,10 @@ enum ReaderMode {
 	 * for new appended data. When new data is appended is has to be sent
 	 * using the Put api functions.
 	 */
-	MODE_STREAM
+	MODE_STREAM,
+
+	/** Internal dummy mode for initialization. */
+	MODE_NONE
 };
 
 class ReaderFrontend;
@@ -70,14 +73,17 @@ public:
 	 */
 	struct ReaderInfo
 		{
-		typedef std::map<string, string> config_map;
+		// Structure takes ownership of the strings.
+		typedef std::map<const char*, const char*> config_map;
 
 		/**
 		 * A string left to the interpretation of the reader
 		 * implementation; it corresponds to the value configured on
 		 * the script-level for the logging filter.
+		 *
+		 * Structure takes ownership of the string.
 		 */
-		string source;
+		const char* source;
 
 		/**
 		 * A map of key/value pairs corresponding to the relevant
@@ -89,6 +95,35 @@ public:
 		 * The opening mode for the input source.
 		 */
 		ReaderMode mode;
+
+		ReaderInfo()
+			{
+			source = 0;
+			mode = MODE_NONE;
+			}
+
+		ReaderInfo(const ReaderInfo& other)
+			{
+			source = other.source ? copy_string(other.source) : 0;
+			mode = other.mode;
+
+			for ( config_map::const_iterator i = other.config.begin(); i != other.config.end(); i++ )
+				config.insert(std::make_pair(copy_string(i->first), copy_string(i->second)));
+			}
+
+		~ReaderInfo()
+			{
+			delete [] source;
+
+			for ( config_map::iterator i = config.begin(); i != config.end(); i++ )
+				{
+				delete [] i->first;
+				delete [] i->second;
+				}
+			}
+
+		private:
+		const ReaderInfo& operator=(const ReaderInfo& other); // Disable.
 		};
 
 	/**
@@ -106,7 +141,7 @@ public:
 	 *
 	 * @return False if an error occured.
 	 */
-	bool Init(const ReaderInfo& info, int num_fields, const threading::Field* const* fields);
+	bool Init(int num_fields, const threading::Field* const* fields);
 
 	/**
 	 * Force trigger an update of the input stream. The action that will
@@ -133,7 +168,7 @@ public:
 	/**
 	 * Returns the additional reader information into the constructor.
 	 */
-	const ReaderInfo& Info() const	{ return info; }
+	const ReaderInfo& Info() const	{ return *info; }
 
 	/**
 	 * Returns the number of log fields as passed into the constructor.
@@ -209,7 +244,7 @@ protected:
 	 *
 	 * @param vals the values to be given to the event
 	 */
-	void SendEvent(const string& name, const int num_vals, threading::Value* *vals);
+	void SendEvent(const char* name, const int num_vals, threading::Value* *vals);
 
 	// Content-sending-functions (simple mode). Include table-specific
 	// functionality that simply is not used if we have no table.
@@ -291,7 +326,7 @@ private:
 	// from this class, it's running in a different thread!
 	ReaderFrontend* frontend;
 
-	ReaderInfo info;
+	ReaderInfo* info;
 	unsigned int num_fields;
 	const threading::Field* const * fields; // raw mapping
 
diff --git a/src/input/ReaderFrontend.cc b/src/input/ReaderFrontend.cc
index 7e4ef201b1..a8528c002d 100644
--- a/src/input/ReaderFrontend.cc
+++ b/src/input/ReaderFrontend.cc
@@ -11,18 +11,17 @@ namespace input {
 class InitMessage : public threading::InputMessage<ReaderBackend>
 {
 public:
-	InitMessage(ReaderBackend* backend, const ReaderBackend::ReaderInfo& info,
+	InitMessage(ReaderBackend* backend,
 		    const int num_fields, const threading::Field* const* fields)
 		: threading::InputMessage<ReaderBackend>("Init", backend),
-		info(info), num_fields(num_fields), fields(fields) { }
+		num_fields(num_fields), fields(fields) { }
 
 	virtual bool Process()
 		{
-		return Object()->Init(info, num_fields, fields);
+		return Object()->Init(num_fields, fields);
 		}
 
 private:
-	const ReaderBackend::ReaderInfo info;
 	const int num_fields;
 	const threading::Field* const* fields;
 };
@@ -37,21 +36,26 @@ public:
 	virtual bool Process() { return Object()->Update(); }
 };
 
-ReaderFrontend::ReaderFrontend(bro_int_t type)
+ReaderFrontend::ReaderFrontend(const ReaderBackend::ReaderInfo& arg_info, EnumVal* type)
 	{
 	disabled = initialized = false;
-	ty_name = "<not set>";
-	backend = input_mgr->CreateBackend(this, type);
+	info = new ReaderBackend::ReaderInfo(arg_info);
 
+	const char* t = type->Type()->AsEnumType()->Lookup(type->InternalInt());
+	name = copy_string(fmt("%s/%s", arg_info.source, t));
+
+	backend = input_mgr->CreateBackend(this, type->InternalInt());
 	assert(backend);
 	backend->Start();
 	}
 
 ReaderFrontend::~ReaderFrontend()
 	{
+	delete [] name;
+	delete info;
 	}
 
-void ReaderFrontend::Init(const ReaderBackend::ReaderInfo& arg_info, const int arg_num_fields,
+void ReaderFrontend::Init(const int arg_num_fields,
 		          const threading::Field* const* arg_fields)
 	{
 	if ( disabled )
@@ -60,12 +64,11 @@ void ReaderFrontend::Init(const ReaderBackend::ReaderInfo& arg_info, const int a
 	if ( initialized )
 		reporter->InternalError("reader initialize twice");
 
-	info = arg_info;
 	num_fields = arg_num_fields;
 	fields = arg_fields;
 	initialized = true;
 
-	backend->SendIn(new InitMessage(backend, info, num_fields, fields));
+	backend->SendIn(new InitMessage(backend, num_fields, fields));
 	}
 
 void ReaderFrontend::Update()
@@ -82,12 +85,9 @@ void ReaderFrontend::Update()
 	backend->SendIn(new UpdateMessage(backend));
 	}
 
-string ReaderFrontend::Name() const
+const char* ReaderFrontend::Name() const
 	{
-	if ( ! info.source.size() )
-		return ty_name;
-
-	return ty_name + "/" + info.source;
+	return name;
 	}
 
 }
diff --git a/src/input/ReaderFrontend.h b/src/input/ReaderFrontend.h
index 93e416e65b..a93f7703ac 100644
--- a/src/input/ReaderFrontend.h
+++ b/src/input/ReaderFrontend.h
@@ -4,10 +4,11 @@
 #define INPUT_READERFRONTEND_H
 
 #include "ReaderBackend.h"
-
 #include "threading/MsgThread.h"
 #include "threading/SerialTypes.h"
 
+#include "Val.h"
+
 namespace input {
 
 class Manager;
@@ -25,6 +26,8 @@ public:
 	/**
 	 * Constructor.
 	 *
+	 * info: The meta information struct for the writer.
+	 *
 	 * type: The backend writer type, with the value corresponding to the
 	 * script-level \c Input::Reader enum (e.g., \a READER_ASCII). The
 	 * frontend will internally instantiate a ReaderBackend of the
@@ -32,7 +35,7 @@ public:
 	 *
 	 * Frontends must only be instantiated by the main thread.
 	 */
-	ReaderFrontend(bro_int_t type);
+	ReaderFrontend(const ReaderBackend::ReaderInfo& info, EnumVal* type);
 
 	/**
 	 * Destructor.
@@ -52,7 +55,7 @@ public:
 	 *
 	 * This method must only be called from the main thread.
 	 */
-	void Init(const ReaderBackend::ReaderInfo& info, const int arg_num_fields, const threading::Field* const* fields);
+	void Init(const int arg_num_fields, const threading::Field* const* fields);
 
 	/**
 	 * Force an update of the current input source. Actual action depends
@@ -100,12 +103,12 @@ public:
 	 *
 	 * This method is safe to call from any thread.
 	 */
-	string Name() const;
+	const char* Name() const;
 
 	/**
 	 * Returns the additional reader information passed into the constructor.
 	 */
-	const ReaderBackend::ReaderInfo& Info() const	{ return info; }
+	const ReaderBackend::ReaderInfo& Info() const	{ assert(info); return *info; }
 
 	/**
 	 * Returns the number of log fields as passed into the constructor.
@@ -120,24 +123,14 @@ public:
 protected:
 	friend class Manager;
 
-	/**
-	 * Returns the name of the backend's type.
-	 */
-	const string& TypeName() const	{ return ty_name; }
-
-	/**
-	 * Sets the name of the backend's type.
-	 */
-	void SetTypeName(const string& name)	{ ty_name = name; }
-
 private:
 	ReaderBackend* backend;	// The backend we have instanatiated.
-	ReaderBackend::ReaderInfo info;	// Meta information as passed to Init().
+	ReaderBackend::ReaderInfo* info;	// Meta information.
 	const threading::Field* const*  fields;	// The input fields.
 	int num_fields;		// Information as passed to Init().
-	string ty_name;		// Backend type, set by manager.
 	bool disabled;		// True if disabled.
 	bool initialized;	// True if initialized.
+	const char* name;	// Descriptive name.
 };
 
 }
diff --git a/src/input/readers/Ascii.cc b/src/input/readers/Ascii.cc
index 7f93a3138c..73821d7cb6 100644
--- a/src/input/readers/Ascii.cc
+++ b/src/input/readers/Ascii.cc
@@ -87,10 +87,10 @@ bool Ascii::DoInit(const ReaderInfo& info, int num_fields, const Field* const* f
 	{
 	mtime = 0;
 
-	file = new ifstream(info.source.c_str());
+	file = new ifstream(info.source);
 	if ( ! file->is_open() )
 		{
-		Error(Fmt("Init: cannot open %s", info.source.c_str()));
+		Error(Fmt("Init: cannot open %s", info.source));
 		delete(file);
 		file = 0;
 		return false;
@@ -98,7 +98,7 @@ bool Ascii::DoInit(const ReaderInfo& info, int num_fields, const Field* const* f
 
 	if ( ReadHeader(false) == false )
 		{
-		Error(Fmt("Init: cannot open %s; headers are incorrect", info.source.c_str()));
+		Error(Fmt("Init: cannot open %s; headers are incorrect", info.source));
 		file->close();
 		delete(file);
 		file = 0;
@@ -164,20 +164,20 @@ bool Ascii::ReadHeader(bool useCached)
 				}
 
 			Error(Fmt("Did not find requested field %s in input data file %s.",
-				  field->name.c_str(), Info().source.c_str()));
+				  field->name, Info().source));
 			return false;
 			}
 
 
 		FieldMapping f(field->name, field->type, field->subtype, ifields[field->name]);
 
-		if ( field->secondary_name != "" )
+		if ( field->secondary_name && strlen(field->secondary_name) != 0 )
 			{
 			map<string, uint32_t>::iterator fit2 = ifields.find(field->secondary_name);
 			if ( fit2 == ifields.end() )
 				{
 				Error(Fmt("Could not find requested port type field %s in input data file.",
-					  field->secondary_name.c_str()));
+					  field->secondary_name));
 				return false;
 				}
 
@@ -220,7 +220,8 @@ Value* Ascii::EntryToVal(string s, FieldMapping field)
 	switch ( field.type ) {
 	case TYPE_ENUM:
 	case TYPE_STRING:
-		val->val.string_val = new string(s);
+		val->val.string_val.length = s.size();
+		val->val.string_val.data = copy_string(s.c_str());
 		break;
 
 	case TYPE_BOOL:
@@ -367,9 +368,9 @@ bool Ascii::DoUpdate()
 			{
 			// check if the file has changed
 			struct stat sb;
-			if ( stat(Info().source.c_str(), &sb) == -1 )
+			if ( stat(Info().source, &sb) == -1 )
 				{
-				Error(Fmt("Could not get stat for %s", Info().source.c_str()));
+				Error(Fmt("Could not get stat for %s", Info().source));
 				return false;
 				}
 
@@ -403,10 +404,10 @@ bool Ascii::DoUpdate()
 				file = 0;
 				}
 
-			file = new ifstream(Info().source.c_str());
+			file = new ifstream(Info().source);
 			if ( ! file->is_open() )
 				{
-				Error(Fmt("cannot open %s", Info().source.c_str()));
+				Error(Fmt("cannot open %s", Info().source));
 				return false;
 				}
 
diff --git a/src/input/readers/Benchmark.cc b/src/input/readers/Benchmark.cc
index 28afdc1c89..b8cec0f14d 100644
--- a/src/input/readers/Benchmark.cc
+++ b/src/input/readers/Benchmark.cc
@@ -38,7 +38,7 @@ void Benchmark::DoClose()
 
 bool Benchmark::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fields)
 	{
-	num_lines = atoi(info.source.c_str());
+	num_lines = atoi(info.source);
 
 	if ( autospread != 0.0 )
 		autospread_time = (int) ( (double) 1000000 / (autospread * (double) num_lines) );
@@ -126,8 +126,12 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype)
 		assert(false); // no enums, please.
 
 	case TYPE_STRING:
-		val->val.string_val = new string(RandomString(10));
+		{
+		string rnd = RandomString(10);
+		val->val.string_val.data = copy_string(rnd.c_str());
+		val->val.string_val.length = rnd.size();
 		break;
+		}
 
 	case TYPE_BOOL:
 		val->val.int_val = 1; // we never lie.
diff --git a/src/input/readers/Raw.cc b/src/input/readers/Raw.cc
index f62e966883..ac96e5c0f5 100644
--- a/src/input/readers/Raw.cc
+++ b/src/input/readers/Raw.cc
@@ -108,7 +108,7 @@ bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fie
 	firstrun = true;
 	bool result;
 
-	if ( info.source.length() == 0 )
+	if ( ! info.source || strlen(info.source) == 0 )
 		{
 		Error("No source path provided");
 		return false;
@@ -129,11 +129,12 @@ bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fie
 		}
 
 	// do Initialization
-	char last = info.source[info.source.length()-1];
+	string source = string(info.source);
+	char last = info.source[source.length() - 1];
 	if ( last == '|' )
 		{
 		execute = true;
-		fname = info.source.substr(0, fname.length() - 1);
+		fname = source.substr(0, fname.length() - 1);
 
 		if ( (info.mode != MODE_MANUAL) )
 			{
@@ -237,7 +238,8 @@ bool Raw::DoUpdate()
 
 		// filter has exactly one text field. convert to it.
 		Value* val = new Value(TYPE_STRING, true);
-		val->val.string_val = new string(line);
+		val->val.string_val.data = copy_string(line.c_str());
+		val->val.string_val.length = line.size();
 		fields[0] = val;
 
 		Put(fields);
diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc
index 1808b83738..fd970c48b2 100644
--- a/src/logging/Manager.cc
+++ b/src/logging/Manager.cc
@@ -6,6 +6,7 @@
 #include "../EventHandler.h"
 #include "../NetVar.h"
 #include "../Net.h"
+#include "../Type.h"
 
 #include "threading/Manager.h"
 #include "threading/SerialTypes.h"
@@ -75,7 +76,7 @@ struct Manager::WriterInfo {
 	double interval;
 	Func* postprocessor;
 	WriterFrontend* writer;
-	WriterBackend::WriterInfo info;
+	WriterBackend::WriterInfo* info;
 	};
 
 struct Manager::Stream {
@@ -118,6 +119,7 @@ Manager::Stream::~Stream()
 
 		Unref(winfo->type);
 		delete winfo->writer;
+		delete winfo->info;
 		delete winfo;
 		}
 
@@ -193,7 +195,6 @@ WriterBackend* Manager::CreateBackend(WriterFrontend* frontend, bro_int_t type)
 
 	assert(ld->factory);
 
-	frontend->ty_name = ld->name;
 	WriterBackend* backend = (*ld->factory)(frontend);
 	assert(backend);
 
@@ -476,18 +477,17 @@ bool Manager::TraverseRecord(Stream* stream, Filter* filter, RecordType* rt,
 			return false;
 			}
 
-		threading::Field* field = new threading::Field();
-		field->name = new_path;
-		field->type = t->Tag();
-		field->optional = rt->FieldDecl(i)->FindAttr(ATTR_OPTIONAL);
+		TypeTag st = TYPE_VOID;
 
-		if ( field->type == TYPE_TABLE )
-			field->subtype = t->AsSetType()->Indices()->PureType()->Tag();
+		if ( t->Tag() == TYPE_TABLE )
+			st = t->AsSetType()->Indices()->PureType()->Tag();
 
-		else if ( field->type == TYPE_VECTOR )
-			field->subtype = t->AsVectorType()->YieldType()->Tag();
+		else if ( t->Tag() == TYPE_VECTOR )
+			st = t->AsVectorType()->YieldType()->Tag();
 
-		filter->fields[filter->num_fields - 1] = field;
+		bool optional = rt->FieldDecl(i)->FindAttr(ATTR_OPTIONAL);
+
+		filter->fields[filter->num_fields - 1] = new threading::Field(new_path.c_str(), 0, t->Tag(), st, optional);
 		}
 
 	return true;
@@ -594,7 +594,7 @@ bool Manager::AddFilter(EnumVal* id, RecordVal* fval)
 		{
 		threading::Field* field = filter->fields[i];
 		DBG_LOG(DBG_LOGGING, "   field %10s: %s",
-			field->name.c_str(), type_name(field->type));
+			field->name, type_name(field->type));
 		}
 #endif
 
@@ -769,9 +769,9 @@ bool Manager::Write(EnumVal* id, RecordVal* columns)
 			for ( int j = 0; j < filter->num_fields; ++j )
 				arg_fields[j] = new threading::Field(*filter->fields[j]);
 
-			WriterBackend::WriterInfo info;
-			info.path = path;
-			info.network_time = network_time;
+			WriterBackend::WriterInfo* info = new WriterBackend::WriterInfo;
+			info->path = copy_string(path.c_str());
+			info->network_time = network_time;
 
 			HashKey* k;
 			IterCookie* c = filter->config->AsTable()->InitForIteration();
@@ -782,7 +782,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns)
 				ListVal* index = filter->config->RecoverIndex(k);
 				string key = index->Index(0)->AsString()->CheckString();
 				string value = v->Value()->AsString()->CheckString();
-				info.config.insert(std::make_pair(key, value));
+				info->config.insert(std::make_pair(copy_string(key.c_str()), copy_string(value.c_str())));
 				Unref(index);
 				delete k;
 				}
@@ -844,11 +844,16 @@ threading::Value* Manager::ValToLogVal(Val* val, BroType* ty)
 			val->Type()->AsEnumType()->Lookup(val->InternalInt());
 
 		if ( s )
-			lval->val.string_val = new string(s);
+			{
+			lval->val.string_val.data = copy_string(s);
+			lval->val.string_val.length = strlen(s);
+			}
+
 		else
 			{
 			val->Type()->Error("enum type does not contain value", val);
-			lval->val.string_val = new string();
+			lval->val.string_val.data = copy_string("");
+			lval->val.string_val.length = 0;
 			}
 		break;
 		}
@@ -880,15 +885,20 @@ threading::Value* Manager::ValToLogVal(Val* val, BroType* ty)
 	case TYPE_STRING:
 		{
 		const BroString* s = val->AsString();
-		lval->val.string_val =
-			new string((const char*) s->Bytes(), s->Len());
+		char* buf = new char[s->Len()];
+		memcpy(buf, s->Bytes(), s->Len());
+
+		lval->val.string_val.data = buf;
+		lval->val.string_val.length = s->Len();
 		break;
 		}
 
 	case TYPE_FILE:
 		{
 		const BroFile* f = val->AsFile();
-		lval->val.string_val = new string(f->Name());
+		string s = f->Name();
+		lval->val.string_val.data = copy_string(s.c_str());
+		lval->val.string_val.length = s.size();
 		break;
 		}
 
@@ -897,7 +907,9 @@ threading::Value* Manager::ValToLogVal(Val* val, BroType* ty)
 		ODesc d;
 		const Func* f = val->AsFunc();
 		f->Describe(&d);
-		lval->val.string_val = new string(d.Description());
+		const char* s = d.Description();
+		lval->val.string_val.data = copy_string(s);
+		lval->val.string_val.length = strlen(s);
 		break;
 		}
 
@@ -977,7 +989,7 @@ threading::Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter,
 	return vals;
 	}
 
-WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const WriterBackend::WriterInfo& info,
+WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, WriterBackend::WriterInfo* info,
 				int num_fields, const threading::Field* const*  fields, bool local, bool remote)
 	{
 	Stream* stream = FindStream(id);
@@ -987,7 +999,7 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const Writer
 		return 0;
 
 	Stream::WriterMap::iterator w =
-		stream->writers.find(Stream::WriterPathPair(writer->AsEnum(), info.path));
+		stream->writers.find(Stream::WriterPathPair(writer->AsEnum(), info->path));
 
 	if ( w != stream->writers.end() )
 		// If we already have a writer for this. That's fine, we just
@@ -1013,7 +1025,7 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const Writer
 		{
 		Filter* f = *it;
 		if ( f->writer->AsEnum() == writer->AsEnum() &&
-		     f->path == info.path )
+		     f->path == info->path )
 			{
 			found_filter_match = true;
 			winfo->interval = f->interval;
@@ -1030,7 +1042,7 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const Writer
 		}
 
 	stream->writers.insert(
-		Stream::WriterMap::value_type(Stream::WriterPathPair(writer->AsEnum(), info.path),
+		Stream::WriterMap::value_type(Stream::WriterPathPair(writer->AsEnum(), info->path),
 		winfo));
 
 	// Still need to set the WriterInfo's rotation parameters, which we
@@ -1038,11 +1050,11 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const Writer
 	const char* base_time = log_rotate_base_time ?
 		log_rotate_base_time->AsString()->CheckString() : 0;
 
-	winfo->info.rotation_interval = winfo->interval;
-	winfo->info.rotation_base = parse_rotate_base_time(base_time);
+	winfo->info->rotation_interval = winfo->interval;
+	winfo->info->rotation_base = parse_rotate_base_time(base_time);
 
-	winfo->writer = new WriterFrontend(id, writer, local, remote);
-	winfo->writer->Init(winfo->info, num_fields, fields);
+	winfo->writer = new WriterFrontend(*winfo->info, id, writer, local, remote);
+	winfo->writer->Init(num_fields, fields);
 
 	InstallRotationTimer(winfo);
 
@@ -1124,7 +1136,7 @@ void Manager::SendAllWritersTo(RemoteSerializer::PeerID peer)
 			EnumVal writer_val(i->first.first, BifType::Enum::Log::Writer);
 			remote_serializer->SendLogCreateWriter(peer, (*s)->id,
 							       &writer_val,
-							       i->second->info,
+							       *i->second->info,
 							       writer->NumFields(),
 							       writer->Fields());
 			}
@@ -1260,14 +1272,14 @@ void Manager::InstallRotationTimer(WriterInfo* winfo)
 		timer_mgr->Add(winfo->rotation_timer);
 
 		DBG_LOG(DBG_LOGGING, "Scheduled rotation timer for %s to %.6f",
-			winfo->writer->Name().c_str(), winfo->rotation_timer->Time());
+			winfo->writer->Name(), winfo->rotation_timer->Time());
 		}
 	}
 
 void Manager::Rotate(WriterInfo* winfo)
 	{
 	DBG_LOG(DBG_LOGGING, "Rotating %s at %.6f",
-		winfo->writer->Name().c_str(), network_time);
+		winfo->writer->Name(), network_time);
 
 	// Build a temporary path for the writer to move the file to.
 	struct tm tm;
@@ -1278,15 +1290,14 @@ void Manager::Rotate(WriterInfo* winfo)
 	localtime_r(&teatime, &tm);
 	strftime(buf, sizeof(buf), date_fmt, &tm);
 
-	string tmp = string(fmt("%s-%s", winfo->writer->Info().path.c_str(), buf));
-
 	// Trigger the rotation.
+	const char* tmp = fmt("%s-%s", winfo->writer->Info().path, buf);
 	winfo->writer->Rotate(tmp, winfo->open_time, network_time, terminating);
 
 	++rotations_pending;
 	}
 
-bool Manager::FinishedRotation(WriterFrontend* writer, string new_name, string old_name,
+bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, const char* old_name,
 		      double open, double close, bool terminating)
 	{
 	--rotations_pending;
@@ -1296,7 +1307,7 @@ bool Manager::FinishedRotation(WriterFrontend* writer, string new_name, string o
 		return true;
 
 	DBG_LOG(DBG_LOGGING, "Finished rotating %s at %.6f, new name %s",
-		writer->Name().c_str(), network_time, new_name.c_str());
+		writer->Name(), network_time, new_name);
 
 	WriterInfo* winfo = FindWriter(writer);
 	if ( ! winfo )
@@ -1305,8 +1316,8 @@ bool Manager::FinishedRotation(WriterFrontend* writer, string new_name, string o
 	// Create the RotationInfo record.
 	RecordVal* info = new RecordVal(BifType::Record::Log::RotationInfo);
 	info->Assign(0, winfo->type->Ref());
-	info->Assign(1, new StringVal(new_name.c_str()));
-	info->Assign(2, new StringVal(winfo->writer->Info().path.c_str()));
+	info->Assign(1, new StringVal(new_name));
+	info->Assign(2, new StringVal(winfo->writer->Info().path));
 	info->Assign(3, new Val(open, TYPE_TIME));
 	info->Assign(4, new Val(close, TYPE_TIME));
 	info->Assign(5, new Val(terminating, TYPE_BOOL));
diff --git a/src/logging/Manager.h b/src/logging/Manager.h
index 38dd9258b3..ae7a1796ba 100644
--- a/src/logging/Manager.h
+++ b/src/logging/Manager.h
@@ -162,8 +162,8 @@ protected:
 
 	//// Function also used by the RemoteSerializer.
 
-	// Takes ownership of fields.
-	WriterFrontend* CreateWriter(EnumVal* id, EnumVal* writer, const WriterBackend::WriterInfo& info,
+	// Takes ownership of fields and info.
+	WriterFrontend* CreateWriter(EnumVal* id, EnumVal* writer, WriterBackend::WriterInfo* info,
 				int num_fields, const threading::Field* const* fields,
 				bool local, bool remote);
 
@@ -175,7 +175,7 @@ protected:
 	void SendAllWritersTo(RemoteSerializer::PeerID peer);
 
 	// Signals that a file has been rotated.
-	bool FinishedRotation(WriterFrontend* writer, string new_name, string old_name,
+	bool FinishedRotation(WriterFrontend* writer, const char* new_name, const char* old_name,
 			      double open, double close, bool terminating);
 
 	// Deletes the values as passed into Write().
diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc
index a284c56201..8f119d6f8f 100644
--- a/src/logging/WriterBackend.cc
+++ b/src/logging/WriterBackend.cc
@@ -18,20 +18,26 @@ namespace logging  {
 class RotationFinishedMessage : public threading::OutputMessage<WriterFrontend>
 {
 public:
-	RotationFinishedMessage(WriterFrontend* writer, string new_name, string old_name,
+	RotationFinishedMessage(WriterFrontend* writer, const char* new_name, const char* old_name,
 				double open, double close, bool terminating)
 		: threading::OutputMessage<WriterFrontend>("RotationFinished", writer),
-		new_name(new_name), old_name(old_name), open(open),
+		new_name(copy_string(new_name)), old_name(copy_string(old_name)), open(open),
 		close(close), terminating(terminating)	{ }
 
+	virtual ~RotationFinishedMessage()
+		{
+		delete [] new_name;
+		delete [] old_name;
+		}
+
 	virtual bool Process()
 		{
 		return log_mgr->FinishedRotation(Object(), new_name, old_name, open, close, terminating);
 		}
 
 private:
-        string new_name;
-        string old_name;
+        const char* new_name;
+        const char* old_name;
         double open;
         double close;
         bool terminating;
@@ -65,12 +71,16 @@ bool WriterBackend::WriterInfo::Read(SerializationFormat* fmt)
 	{
 	int size;
 
-	if ( ! (fmt->Read(&path, "path") &&
+	string tmp_path;
+
+	if ( ! (fmt->Read(&tmp_path, "path") &&
 		fmt->Read(&rotation_base, "rotation_base") &&
 		fmt->Read(&rotation_interval, "rotation_interval") &&
 		fmt->Read(&size, "config_size")) )
 		return false;
 
+	path = copy_string(tmp_path.c_str());
+
 	config.clear();
 
 	while ( size )
@@ -81,7 +91,7 @@ bool WriterBackend::WriterInfo::Read(SerializationFormat* fmt)
 		if ( ! (fmt->Read(&value, "config-value") && fmt->Read(&value, "config-key")) )
 			return false;
 
-		config.insert(std::make_pair(value, key));
+		config.insert(std::make_pair(copy_string(value.c_str()), copy_string(key.c_str())));
 		}
 
 	return true;
@@ -98,7 +108,7 @@ bool WriterBackend::WriterInfo::Write(SerializationFormat* fmt) const
 		fmt->Write(size, "config_size")) )
 		return false;
 
-	for ( config_map::const_iterator i = config.begin(); i != config.end(); ++i ) 
+	for ( config_map::const_iterator i = config.begin(); i != config.end(); ++i )
 		{
 		if ( ! (fmt->Write(i->first, "config-value") && fmt->Write(i->second, "config-key")) )
 			return false;
@@ -113,8 +123,7 @@ WriterBackend::WriterBackend(WriterFrontend* arg_frontend) : MsgThread()
 	fields = 0;
 	buffering = true;
 	frontend = arg_frontend;
-
-	info.path = "<path not yet set>";
+	info = new WriterInfo(frontend->Info());
 
 	SetName(frontend->Name());
 	}
@@ -128,6 +137,8 @@ WriterBackend::~WriterBackend()
 
 		delete [] fields;
 		}
+
+	delete info;
 	}
 
 void WriterBackend::DeleteVals(int num_writes, Value*** vals)
@@ -144,7 +155,7 @@ void WriterBackend::DeleteVals(int num_writes, Value*** vals)
 	delete [] vals;
 	}
 
-bool WriterBackend::FinishedRotation(string new_name, string old_name,
+bool WriterBackend::FinishedRotation(const char* new_name, const char* old_name,
 				     double open, double close, bool terminating)
 	{
 	SendOut(new RotationFinishedMessage(frontend, new_name, old_name, open, close, terminating));
@@ -156,15 +167,12 @@ void WriterBackend::DisableFrontend()
 	SendOut(new DisableMessage(frontend));
 	}
 
-bool WriterBackend::Init(const WriterInfo& arg_info, int arg_num_fields, const Field* const* arg_fields, const string& frontend_name)
+bool WriterBackend::Init(int arg_num_fields, const Field* const* arg_fields)
 	{
-	info = arg_info;
 	num_fields = arg_num_fields;
 	fields = arg_fields;
 
-	SetName(frontend->Name());
-
-	if ( ! DoInit(arg_info, arg_num_fields, arg_fields) )
+	if ( ! DoInit(*info, arg_num_fields, arg_fields) )
 		{
 		DisableFrontend();
 		return false;
@@ -246,7 +254,7 @@ bool WriterBackend::SetBuf(bool enabled)
 	return true;
 	}
 
-bool WriterBackend::Rotate(string rotated_path, double open,
+bool WriterBackend::Rotate(const char* rotated_path, double open,
 			   double close, bool terminating)
 	{
 	if ( ! DoRotate(rotated_path, open, close, terminating) )
diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h
index 33cde8679e..a59cd1893e 100644
--- a/src/logging/WriterBackend.h
+++ b/src/logging/WriterBackend.h
@@ -48,14 +48,17 @@ public:
 	 */
 	struct WriterInfo
 		{
-		typedef std::map<string, string> config_map;
+		// Structure takes ownership of these strings.
+		typedef std::map<const char*, const char*> config_map;
 
 		/**
 		 * A string left to the interpretation of the writer
 		 * implementation; it corresponds to the 'path' value configured
 		 * on the script-level for the logging filter.
+		 *
+		 * Structure takes ownership of string.
 		 */
-		string path;
+		const char* path;
 
 		/**
 		 * The rotation interval as configured for this writer.
@@ -76,9 +79,38 @@ public:
 		 * A map of key/value pairs corresponding to the relevant
 		 * filter's "config" table.
 		 */
-		std::map<string, string> config;
+		config_map config;
+
+		WriterInfo()
+			{
+			path = 0;
+			}
+
+		WriterInfo(const WriterInfo& other)
+			{
+			path = other.path ? copy_string(other.path) : 0;
+			rotation_interval = other.rotation_interval;
+			rotation_base = other.rotation_base;
+			network_time = other.network_time;
+
+			for ( config_map::const_iterator i = other.config.begin(); i != other.config.end(); i++ )
+				config.insert(std::make_pair(copy_string(i->first), copy_string(i->second)));
+			}
+
+		~WriterInfo()
+			{
+			delete [] path;
+
+			for ( config_map::iterator i = config.begin(); i != config.end(); i++ )
+				{
+				delete [] i->first;
+				delete [] i->second;
+				}
+			}
 
 		private:
+		const WriterInfo& operator=(const WriterInfo& other); // Disable.
+
 		friend class ::RemoteSerializer;
 
 		// Note, these need to be adapted when changing the struct's
@@ -90,7 +122,6 @@ public:
 	/**
 	 * One-time initialization of the writer to define the logged fields.
 	 *
-	 * @param info Meta information for the writer.
 	 * @param num_fields
 	 *
 	 * @param fields An array of size \a num_fields with the log fields.
@@ -100,7 +131,7 @@ public:
 	 *
 	 * @return False if an error occured.
 	 */
-	bool Init(const WriterInfo& info, int num_fields, const threading::Field* const* fields, const string& frontend_name);
+	bool Init(int num_fields, const threading::Field* const* fields);
 
 	/**
 	 * Writes one log entry.
@@ -146,7 +177,7 @@ public:
 	 *
 	 * @return False if an error occured.
 	 */
-	bool Rotate(string rotated_path, double open, double close, bool terminating);
+	bool Rotate(const char* rotated_path, double open, double close, bool terminating);
 
 	/**
 	 * Disables the frontend that has instantiated this backend. Once
@@ -157,7 +188,7 @@ public:
 	/**
 	 * Returns the additional writer information passed into the constructor.
 	 */
-	const WriterInfo& Info() const	{ return info; }
+	const WriterInfo& Info() const	{ return *info; }
 
 	/**
 	 * Returns the number of log fields as passed into the constructor.
@@ -193,7 +224,7 @@ public:
 	 * @param terminating: True if the original rotation request occured
 	 * due to the main Bro process shutting down.
 	 */
-	bool FinishedRotation(string new_name, string old_name,
+	bool FinishedRotation(const char* new_name, const char* old_name,
 			      double open, double close, bool terminating);
 
 	/** Helper method to render an IP address as a string.
@@ -322,7 +353,7 @@ protected:
 	 * due the main Bro prcoess terminating (and not because we've
 	 * reached a regularly scheduled time for rotation).
 	 */
-	virtual bool DoRotate(string rotated_path, double open, double close,
+	virtual bool DoRotate(const char* rotated_path, double open, double close,
 			      bool terminating) = 0;
 
 	/**
@@ -351,7 +382,7 @@ private:
 	// this class, it's running in a different thread!
 	WriterFrontend* frontend;
 
-	WriterInfo info;	// Meta information as passed to Init().
+	const WriterInfo* info;	// Meta information.
 	int num_fields;	// Number of log fields.
 	const threading::Field* const*  fields;	// Log fields.
 	bool buffering;	// True if buffering is enabled.
diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc
index b816327e9c..fc237d6f6e 100644
--- a/src/logging/WriterFrontend.cc
+++ b/src/logging/WriterFrontend.cc
@@ -16,35 +16,36 @@ namespace logging  {
 class InitMessage : public threading::InputMessage<WriterBackend>
 {
 public:
-	InitMessage(WriterBackend* backend, const WriterBackend::WriterInfo& info, const int num_fields, const Field* const* fields, const string& frontend_name)
+	InitMessage(WriterBackend* backend, const int num_fields, const Field* const* fields)
 		: threading::InputMessage<WriterBackend>("Init", backend),
-		info(info), num_fields(num_fields), fields(fields),
-		frontend_name(frontend_name) { }
+		num_fields(num_fields), fields(fields)
+			{}
 
-	virtual bool Process() { return Object()->Init(info, num_fields, fields, frontend_name); }
+
+	virtual bool Process() { return Object()->Init(num_fields, fields); }
 
 private:
-	WriterBackend::WriterInfo info;
 	const int num_fields;
 	const Field * const* fields;
-	const string frontend_name;
 };
 
 class RotateMessage : public threading::InputMessage<WriterBackend>
 {
 public:
-	RotateMessage(WriterBackend* backend, WriterFrontend* frontend, const string rotated_path, const double open,
+	RotateMessage(WriterBackend* backend, WriterFrontend* frontend, const char* rotated_path, const double open,
 		      const double close, const bool terminating)
 		: threading::InputMessage<WriterBackend>("Rotate", backend),
 		frontend(frontend),
-		rotated_path(rotated_path), open(open),
+		rotated_path(copy_string(rotated_path)), open(open),
 		close(close), terminating(terminating) { }
 
+	virtual ~RotateMessage()	{ delete [] rotated_path; }
+
 	virtual bool Process() { return Object()->Rotate(rotated_path, open, close, terminating); }
 
 private:
 	WriterFrontend* frontend;
-	const string rotated_path;
+	const char* rotated_path;
 	const double open;
 	const double close;
 	const bool terminating;
@@ -96,7 +97,7 @@ private:
 
 using namespace logging;
 
-WriterFrontend::WriterFrontend(EnumVal* arg_stream, EnumVal* arg_writer, bool arg_local, bool arg_remote)
+WriterFrontend::WriterFrontend(const WriterBackend::WriterInfo& arg_info, EnumVal* arg_stream, EnumVal* arg_writer, bool arg_local, bool arg_remote)
 	{
 	stream = arg_stream;
 	writer = arg_writer;
@@ -109,7 +110,10 @@ WriterFrontend::WriterFrontend(EnumVal* arg_stream, EnumVal* arg_writer, bool ar
 	remote = arg_remote;
 	write_buffer = 0;
 	write_buffer_pos = 0;
-	ty_name = "<not set>";
+	info = new WriterBackend::WriterInfo(arg_info);
+
+	const char* w = arg_writer->Type()->AsEnumType()->Lookup(arg_stream->InternalInt());
+	name = copy_string(fmt("%s/%s", arg_info.path, w));
 
 	if ( local )
 		{
@@ -127,14 +131,7 @@ WriterFrontend::~WriterFrontend()
 	{
 	Unref(stream);
 	Unref(writer);
-	}
-
-string WriterFrontend::Name() const
-	{
-	if ( ! info.path.size() )
-		return ty_name;
-
-	return ty_name + "/" + info.path;
+	delete info;
 	}
 
 void WriterFrontend::Stop()
@@ -143,7 +140,7 @@ void WriterFrontend::Stop()
 	SetDisable();
 	}
 
-void WriterFrontend::Init(const WriterBackend::WriterInfo& arg_info, int arg_num_fields, const Field* const * arg_fields)
+void WriterFrontend::Init(int arg_num_fields, const Field* const * arg_fields)
 	{
 	if ( disabled )
 		return;
@@ -151,19 +148,18 @@ void WriterFrontend::Init(const WriterBackend::WriterInfo& arg_info, int arg_num
 	if ( initialized )
 		reporter->InternalError("writer initialize twice");
 
-	info = arg_info;
 	num_fields = arg_num_fields;
 	fields = arg_fields;
 
 	initialized = true;
 
 	if ( backend )
-		backend->SendIn(new InitMessage(backend, arg_info, arg_num_fields, arg_fields, Name()));
+		backend->SendIn(new InitMessage(backend, arg_num_fields, arg_fields));
 
 	if ( remote )
 		remote_serializer->SendLogCreateWriter(stream,
 						       writer,
-						       arg_info,
+						       *info,
 						       arg_num_fields,
 						       arg_fields);
 
@@ -177,7 +173,7 @@ void WriterFrontend::Write(int num_fields, Value** vals)
 	if ( remote )
 		remote_serializer->SendLogWrite(stream,
 						writer,
-						info.path,
+						info->path,
 						num_fields,
 						vals);
 
@@ -242,7 +238,7 @@ void WriterFrontend::Flush(double network_time)
 		backend->SendIn(new FlushMessage(backend, network_time));
 	}
 
-void WriterFrontend::Rotate(string rotated_path, double open, double close, bool terminating)
+void WriterFrontend::Rotate(const char* rotated_path, double open, double close, bool terminating)
 	{
 	if ( disabled )
 		return;
diff --git a/src/logging/WriterFrontend.h b/src/logging/WriterFrontend.h
index e8f3d06d6c..549d602bd5 100644
--- a/src/logging/WriterFrontend.h
+++ b/src/logging/WriterFrontend.h
@@ -31,6 +31,10 @@ public:
 	 * script-level \c Log::Writer enum (e.g., \a WRITER_ASCII). The
 	 * frontend will internally instantiate a WriterBackend of the
 	 * corresponding type.
+	 *
+	 * info: The meta information struct for the writer.
+	 *
+	 * writer_name: A descriptive name for the writer's type.
 	 * 
 	 * local: If true, the writer will instantiate a local backend.
 	 *
@@ -39,7 +43,7 @@ public:
 	 *
 	 * Frontends must only be instantiated by the main thread.
 	 */
-	WriterFrontend(EnumVal* stream, EnumVal* writer, bool local, bool remote);
+	WriterFrontend(const WriterBackend::WriterInfo& info, EnumVal* stream, EnumVal* writer, bool local, bool remote);
 
 	/**
 	 * Destructor.
@@ -68,7 +72,7 @@ public:
 	 *
 	 * This method must only be called from the main thread.
 	 */
-	void Init(const WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const*  fields);
+	void Init(int num_fields, const threading::Field* const*  fields);
 
 	/**
 	 * Write out a record.
@@ -130,7 +134,7 @@ public:
 	 *
 	 * This method must only be called from the main thread.
 	 */
-	void Rotate(string rotated_path, double open, double close, bool terminating);
+	void Rotate(const char* rotated_path, double open, double close, bool terminating);
 
 	/**
 	 * Finalizes writing to this tream.
@@ -175,7 +179,7 @@ public:
 	/**
 	 * Returns the additional writer information as passed into the constructor.
 	 */
-	const WriterBackend::WriterInfo& Info() const	{ return info; }
+	const WriterBackend::WriterInfo& Info() const	{ return *info; }
 
 	/**
 	 * Returns the number of log fields as passed into the constructor.
@@ -188,7 +192,7 @@ public:
 	 *
 	 * This method is safe to call from any thread.
 	 */
-	string Name() const;
+	const char* Name() const	{ return name; }
 
 	/**
 	 * Returns the log fields as passed into the constructor.
@@ -210,8 +214,8 @@ protected:
 	bool local;	// True if logging locally.
 	bool remote;	// True if loggin remotely.
 
-	string ty_name;	// Name of the backend type. Set by the manager.
-	WriterBackend::WriterInfo info;	// The writer information.
+	const char* name;	// Descriptive name of the
+	WriterBackend::WriterInfo* info;	// The writer information.
 	int num_fields;	// The number of log fields.
 	const threading::Field* const*  fields;	// The log fields.
 
diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc
index 20963d1535..99fd3f3c6e 100644
--- a/src/logging/writers/Ascii.cc
+++ b/src/logging/writers/Ascii.cc
@@ -52,6 +52,8 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend)
 
 Ascii::~Ascii()
 	{
+	//fprintf(stderr, "DTOR %p\n", this);
+
 	// Normally, the file will be closed here already via the Finish()
 	// message. But when we terminate abnormally, we may still have it open.
 	if ( fd )
@@ -78,7 +80,10 @@ void Ascii::CloseFile(double t)
 		return;
 
 	if ( include_meta )
-		WriteHeaderField("end", t ? Timestamp(t) : "<abnormal termination>");
+		{
+		string ts = t ? Timestamp(t) : string("<abnormal termination>");
+		WriteHeaderField("end", ts);
+		}
 
 	close(fd);
 	fd = 0;
@@ -118,6 +123,8 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const *
 		if ( ! safe_write(fd, str.c_str(), str.length()) )
 			goto write_error;
 
+		string ts = Timestamp(info.network_time);
+
 		if ( ! (WriteHeaderField("set_separator", get_escaped_string(
 		            string(set_separator, set_separator_len), false)) &&
 		        WriteHeaderField("empty_field", get_escaped_string(
@@ -125,8 +132,8 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const *
 		        WriteHeaderField("unset_field", get_escaped_string(
 		            string(unset_field, unset_field_len), false)) &&
 		        WriteHeaderField("path", get_escaped_string(path, false)) &&
-			WriteHeaderField("start", Timestamp(info.network_time))) )
-		goto write_error;
+		        WriteHeaderField("start", ts)) )
+			goto write_error;
 
 		for ( int i = 0; i < num_fields; ++i )
 			{
@@ -136,8 +143,8 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const *
 				types += string(separator, separator_len);
 				}
 
-			names += fields[i]->name;
-			types += fields[i]->TypeName();
+			names += string(fields[i]->name);
+			types += fields[i]->TypeName().c_str();
 			}
 
 		if ( ! (WriteHeaderField("fields", names)
@@ -229,8 +236,8 @@ bool Ascii::DoWriteOne(ODesc* desc, Value* val, const Field* field)
 	case TYPE_FILE:
 	case TYPE_FUNC:
 		{
-		int size = val->val.string_val->size();
-		const char* data = val->val.string_val->data();
+		int size = val->val.string_val.length;
+		const char* data = val->val.string_val.data;
 
 		if ( ! size )
 			{
@@ -311,8 +318,7 @@ bool Ascii::DoWriteOne(ODesc* desc, Value* val, const Field* field)
 		}
 
 	default:
-		Error(Fmt("unsupported field format %d for %s", val->type,
-			  field->name.c_str()));
+		Error(Fmt("unsupported field format %d for %s", val->type, field->name));
 		return false;
 	}
 
@@ -366,7 +372,7 @@ write_error:
 	return false;
 	}
 
-bool Ascii::DoRotate(string rotated_path, double open, double close, bool terminating)
+bool Ascii::DoRotate(const char* rotated_path, double open, double close, bool terminating)
 	{
 	// Don't rotate special files or if there's not one currently open.
 	if ( ! fd || IsSpecial(Info().path) )
@@ -374,10 +380,10 @@ bool Ascii::DoRotate(string rotated_path, double open, double close, bool termin
 
 	CloseFile(close);
 
-	string nname = rotated_path + "." + LogExt();
+	string nname = string(rotated_path) + "." + LogExt();
 	rename(fname.c_str(), nname.c_str());
 
-	if ( ! FinishedRotation(nname, fname, open, close, terminating) )
+	if ( ! FinishedRotation(nname.c_str(), fname.c_str(), open, close, terminating) )
 		{
 		Error(Fmt("error rotating %s to %s", fname.c_str(), nname.c_str()));
 		return false;
@@ -401,19 +407,22 @@ bool Ascii::DoHeartbeat(double network_time, double current_time)
 string Ascii::LogExt()
 	{
 	const char* ext = getenv("BRO_LOG_SUFFIX");
-	if ( ! ext ) ext = "log";
+	if ( ! ext )
+		ext = "log";
+
 	return ext;
 	}
 
 string Ascii::Timestamp(double t)
 	{
-	struct tm tm;
-	char buf[128];
-	const char* const date_fmt = "%Y-%m-%d-%H-%M-%S";
 	time_t teatime = time_t(t);
 
-	localtime_r(&teatime, &tm);
-	strftime(buf, sizeof(buf), date_fmt, &tm);
+	struct tm tmbuf;
+	struct tm* tm = localtime_r(&teatime, &tmbuf);
+
+	char buf[128];
+	const char* const date_fmt = "%Y-%m-%d-%H-%M-%S";
+	strftime(buf, sizeof(buf), date_fmt, tm);
 	return buf;
 	}
 
diff --git a/src/logging/writers/Ascii.h b/src/logging/writers/Ascii.h
index 371ded4344..cb82860cb7 100644
--- a/src/logging/writers/Ascii.h
+++ b/src/logging/writers/Ascii.h
@@ -24,7 +24,7 @@ protected:
 	virtual bool DoWrite(int num_fields, const threading::Field* const* fields,
 			     threading::Value** vals);
 	virtual bool DoSetBuf(bool enabled);
-	virtual bool DoRotate(string rotated_path, double open,
+	virtual bool DoRotate(const char* rotated_path, double open,
 			      double close, bool terminating);
 	virtual bool DoFlush(double network_time);
 	virtual bool DoFinish(double network_time);
diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc
index 1978a8b781..7d3053e341 100644
--- a/src/logging/writers/DataSeries.cc
+++ b/src/logging/writers/DataSeries.cc
@@ -78,10 +78,10 @@ std::string DataSeries::LogValueToString(threading::Value *val)
 	case TYPE_STRING:
 	case TYPE_FILE:
 	case TYPE_FUNC:
-		if ( ! val->val.string_val->size() )
+		if ( ! val->val.string_val.length )
 			return "";
 
-		return string(val->val.string_val->data(), val->val.string_val->size());
+		return string(val->val.string_val.data, val->val.string_val.length);
 
 	case TYPE_TABLE:
 		{
@@ -302,7 +302,8 @@ bool DataSeries::DoInit(const WriterInfo& info, int num_fields, const threading:
 
 	if( ds_dump_schema )
 		{
-		FILE* pFile = fopen ( string(info.path + ".ds.xml").c_str() , "wb" );
+		string name = string(info.path) + ".ds.xml";
+		FILE* pFile = fopen(name.c_str(), "wb" );
 
 		if( pFile )
 			{
@@ -394,17 +395,17 @@ bool DataSeries::DoWrite(int num_fields, const threading::Field* const * fields,
 	return true;
 }
 
-bool DataSeries::DoRotate(string rotated_path, double open, double close, bool terminating)
+bool DataSeries::DoRotate(const char* rotated_path, double open, double close, bool terminating)
 {
 	// Note that if DS files are rotated too often, the aggregate log
 	// size will be (much) larger.
 	CloseLog();
 
-	string dsname = Info().path + ".ds";
-	string nname = rotated_path + ".ds";
+	string dsname = string(Info().path) + ".ds";
+	string nname = string(rotated_path) + ".ds";
 	rename(dsname.c_str(), nname.c_str());
 
-	if ( ! FinishedRotation(nname, dsname, open, close, terminating) )
+	if ( ! FinishedRotation(nname.c_str(), dsname.c_str(), open, close, terminating) )
 		{
 		Error(Fmt("error rotating %s to %s", dsname.c_str(), nname.c_str()));
 		return false;
diff --git a/src/logging/writers/DataSeries.h b/src/logging/writers/DataSeries.h
index 31d17a1a7b..9773c7ce1b 100644
--- a/src/logging/writers/DataSeries.h
+++ b/src/logging/writers/DataSeries.h
@@ -32,7 +32,7 @@ protected:
 	virtual bool DoWrite(int num_fields, const threading::Field* const* fields,
 			     threading::Value** vals);
 	virtual bool DoSetBuf(bool enabled);
-	virtual bool DoRotate(string rotated_path, double open,
+	virtual bool DoRotate(const char* rotated_path, double open,
 			      double close, bool terminating);
 	virtual bool DoFlush(double network_time);
 	virtual bool DoFinish(double network_time);
diff --git a/src/logging/writers/None.cc b/src/logging/writers/None.cc
index acf9355cf7..9b91b82199 100644
--- a/src/logging/writers/None.cc
+++ b/src/logging/writers/None.cc
@@ -1,4 +1,6 @@
 
+#include <algorithm>
+
 #include "None.h"
 #include "NetVar.h"
 
@@ -15,8 +17,17 @@ bool None::DoInit(const WriterInfo& info, int num_fields,
 		std::cout << "  rotation_interval=" << info.rotation_interval << std::endl;
 		std::cout << "  rotation_base=" << info.rotation_base << std::endl;
 
-		for ( std::map<string,string>::const_iterator i = info.config.begin(); i != info.config.end(); i++ )
-			std::cout << "  config[" << i->first << "] = " << i->second << std::endl;
+		// Output the config sorted by keys.
+
+		std::vector<std::pair<string, string> > keys;
+
+		for ( WriterInfo::config_map::const_iterator i = info.config.begin(); i != info.config.end(); i++ )
+			keys.push_back(std::make_pair(i->first, i->second));
+
+		std::sort(keys.begin(), keys.end());
+
+		for ( std::vector<std::pair<string,string> >::const_iterator i = keys.begin(); i != keys.end(); i++ )
+			std::cout << "  config[" << (*i).first << "] = " << (*i).second << std::endl;
 
 		for ( int i = 0; i < num_fields; i++ )
 			{
@@ -31,11 +42,11 @@ bool None::DoInit(const WriterInfo& info, int num_fields,
 	return true;
 	}
 
-bool None::DoRotate(string rotated_path, double open, double close, bool terminating)
+bool None::DoRotate(const char* rotated_path, double open, double close, bool terminating)
 	{
-	if ( ! FinishedRotation(string("/dev/null"), Info().path, open, close, terminating))
+	if ( ! FinishedRotation("/dev/null", Info().path, open, close, terminating))
 		{
-		Error(Fmt("error rotating %s", Info().path.c_str()));
+		Error(Fmt("error rotating %s", Info().path));
 		return false;
 		}
 
diff --git a/src/logging/writers/None.h b/src/logging/writers/None.h
index c6d7cba56a..2a6f71a06a 100644
--- a/src/logging/writers/None.h
+++ b/src/logging/writers/None.h
@@ -24,7 +24,7 @@ protected:
 	virtual bool DoWrite(int num_fields, const threading::Field* const* fields,
 			     threading::Value** vals)	{ return true; }
 	virtual bool DoSetBuf(bool enabled)	{ return true; }
-	virtual bool DoRotate(string rotated_path, double open,
+	virtual bool DoRotate(const char* rotated_path, double open,
 			      double close, bool terminating);
 	virtual bool DoFlush(double network_time)	{ return true; }
 	virtual bool DoFinish(double network_time)	{ return true; }
diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc
index e7fb3f4c84..af57c26939 100644
--- a/src/threading/BasicThread.cc
+++ b/src/threading/BasicThread.cc
@@ -12,18 +12,23 @@
 
 using namespace threading;
 
+static const int STD_FMT_BUF_LEN = 2048;
+
 uint64_t BasicThread::thread_counter = 0;
 
 BasicThread::BasicThread()
 	{
 	started = false;
 	terminating = false;
+	killed = false;
 	pthread = 0;
 
-	buf_len = 2048;
+	buf_len = STD_FMT_BUF_LEN;
 	buf = (char*) malloc(buf_len);
 
-	name = Fmt("thread-%d", ++thread_counter);
+	strerr_buffer = 0;
+
+	name = copy_string(fmt("thread-%" PRIu64, ++thread_counter));
 
 	thread_mgr->AddThread(this);
 	}
@@ -32,31 +37,41 @@ BasicThread::~BasicThread()
 	{
         if ( buf )
 		free(buf);
+
+	delete [] name;
+	delete [] strerr_buffer;
 	}
 
-void BasicThread::SetName(const string& arg_name)
+void BasicThread::SetName(const char* name)
 	{
-	// Slight race condition here with reader threads, but shouldn't matter.
-	name = arg_name;
+	delete [] name;
+	name = copy_string(name);
 	}
 
-void BasicThread::SetOSName(const string& name)
+void BasicThread::SetOSName(const char* name)
 	{
 #ifdef HAVE_LINUX
-	prctl(PR_SET_NAME, name.c_str(), 0, 0, 0);
+	prctl(PR_SET_NAME, name, 0, 0, 0);
 #endif
 
 #ifdef __APPLE__
-	pthread_setname_np(name.c_str());
+	pthread_setname_np(name);
 #endif
 
 #ifdef FREEBSD
-	pthread_set_name_np(pthread_self(), name, name.c_str());
+	pthread_set_name_np(pthread_self(), name, name);
 #endif
 	}
 
 const char* BasicThread::Fmt(const char* format, ...)
 	{
+	if ( buf_len > 10 * STD_FMT_BUF_LEN )
+		{
+		// Shrink back to normal.
+		buf = (char*) safe_realloc(buf, STD_FMT_BUF_LEN);
+		buf_len = STD_FMT_BUF_LEN;
+		}
+
 	va_list al;
 	va_start(al, format);
 	int n = safe_vsnprintf(buf, buf_len, format, al);
@@ -64,15 +79,13 @@ const char* BasicThread::Fmt(const char* format, ...)
 
 	if ( (unsigned int) n >= buf_len )
 		{ // Not enough room, grow the buffer.
-		int tmp_len = n + 32;
-		char* tmp = (char*) malloc(tmp_len);
+		buf_len = n + 32;
+		buf = (char*) safe_realloc(buf, buf_len);
 
 		// Is it portable to restart?
 		va_start(al, format);
-		n = safe_vsnprintf(tmp, tmp_len, format, al);
+		n = safe_vsnprintf(buf, buf_len, format, al);
 		va_end(al);
-
-		free(tmp);
 		}
 
 	return buf;
@@ -94,14 +107,14 @@ void BasicThread::Start()
 
 	int err = pthread_create(&pthread, 0, BasicThread::launcher, this);
 	if ( err != 0 )
-		reporter->FatalError("Cannot create thread %s:%s", name.c_str(), Strerror(err));
+		reporter->FatalError("Cannot create thread %s: %s", name, Strerror(err));
 
-	DBG_LOG(DBG_THREADING, "Started thread %s", name.c_str());
+	DBG_LOG(DBG_THREADING, "Started thread %s", name);
 
 	OnStart();
 	}
 
-void BasicThread::Stop()
+void BasicThread::PrepareStop()
 	{
 	if ( ! started )
 		return;
@@ -109,11 +122,28 @@ void BasicThread::Stop()
 	if ( terminating )
 		return;
 
-	DBG_LOG(DBG_THREADING, "Signaling thread %s to terminate ...", name.c_str());
+	DBG_LOG(DBG_THREADING, "Preparing thread %s to terminate ...", name);
 
-	terminating = true;
+	OnPrepareStop();
+	}
+
+void BasicThread::Stop()
+	{
+	// XX fprintf(stderr, "stop1 %s %d %d\n", name, started, terminating);
+
+	if ( ! started )
+		return;
+
+	if ( terminating )
+		return;
+
+	// XX fprintf(stderr, "stop2 %s\n", name);
+
+	DBG_LOG(DBG_THREADING, "Signaling thread %s to terminate ...", name);
 
 	OnStop();
+
+	terminating = true;
 	}
 
 void BasicThread::Join()
@@ -123,25 +153,33 @@ void BasicThread::Join()
 
 	assert(terminating);
 
-	DBG_LOG(DBG_THREADING, "Joining thread %s ...", name.c_str());
+	DBG_LOG(DBG_THREADING, "Joining thread %s ...", name);
 
 	if ( pthread && pthread_join(pthread, 0) != 0  )
-		reporter->FatalError("Failure joining thread %s", name.c_str());
+		reporter->FatalError("Failure joining thread %s", name);
 
-	DBG_LOG(DBG_THREADING, "Done with thread %s", name.c_str());
+	DBG_LOG(DBG_THREADING, "Joined with thread %s", name);
 
 	pthread = 0;
 	}
 
 void BasicThread::Kill()
 	{
+	// We don't *really* kill the thread here because that leads to race
+	// conditions. Instead we set a flag that parts of the the code need
+	// to check and get out of any loops they might be in.
 	terminating = true;
+	killed = true;
+	OnKill();
+	}
 
-	if ( ! (started && pthread) )
-		return;
+void BasicThread::Done()
+	{
+	// XX fprintf(stderr, "DONE from thread %s\n", name);
+	DBG_LOG(DBG_THREADING, "Thread %s has finished", name);
 
-	pthread = 0;
-	pthread_kill(pthread, SIGTERM);
+	terminating = true;
+	killed = true;
 	}
 
 void* BasicThread::launcher(void *arg)
@@ -161,11 +199,12 @@ void* BasicThread::launcher(void *arg)
 	sigdelset(&mask_set, SIGSEGV);
 	sigdelset(&mask_set, SIGBUS);
 	int res = pthread_sigmask(SIG_BLOCK, &mask_set, 0);
-	assert(res == 0);  //
+	assert(res == 0);
 
 	// Run thread's main function.
 	thread->Run();
 
+	thread->Done();
+
 	return 0;
 	}
-
diff --git a/src/threading/BasicThread.h b/src/threading/BasicThread.h
index d47eb5c3c3..037420b077 100644
--- a/src/threading/BasicThread.h
+++ b/src/threading/BasicThread.h
@@ -5,7 +5,6 @@
 #include <pthread.h>
 #include <semaphore.h>
 
-#include "Queue.h"
 #include "util.h"
 
 using namespace std;
@@ -42,22 +41,25 @@ public:
 	 *
 	 * This method is safe to call from any thread.
 	 */
-	const string& Name() const { return name; }
+	const char* Name() const { return name; }
 
 	/**
 	* Sets a descriptive name for the thread. This should be a string
 	* that's useful in output presented to the user and uniquely
 	* identifies the thread.
 	*
-	* This method must be called only from the thread itself.
+	* This method must be called only from main thread at initialization
+	* time.
 	*/
-	void SetName(const string& name);
+	void SetName(const char* name);
 
 	/**
 	 * Set the name shown by the OS as the thread's description. Not
 	 * supported on all OSs.
+	 *
+	 * Must be called only from the child thread.
 	 */
-	void SetOSName(const string& name);
+	void SetOSName(const char* name);
 
 	/**
 	 * Starts the thread. Calling this methods will spawn a new OS thread
@@ -68,6 +70,18 @@ public:
 	 */
 	void Start();
 
+	/**
+	 * Signals the thread to prepare for stopping. This must be called
+	 * before Stop() and allows the thread to trigger shutting down
+	 * without yet blocking for doing so.
+	 *
+	 * Calling this method has no effect if Start() hasn't been executed
+	 * yet.
+	 *
+	 * Only Bro's main thread must call this method.
+	 */
+	void PrepareStop();
+
 	/**
 	 * Signals the thread to stop. The method lets Terminating() now
 	 * return true. It does however not force the thread to terminate.
@@ -88,6 +102,13 @@ public:
 	 */
 	bool Terminating()  const { return terminating; }
 
+	/**
+	 * Returns true if Kill() has been called.
+	 *
+	 * This method is safe to call from any thread.
+	 */
+	bool Killed()  const { return killed; }
+
 	/**
 	 * A version of fmt() that the thread can safely use.
 	 *
@@ -124,12 +145,24 @@ protected:
 	virtual void OnStart()	{}
 
 	/**
-	 * Executed with Stop(). This is a hook into stopping the thread. It
-	 * will be called from Bro's main thread after the thread has been
-	 * signaled to stop.
+	 * Executed with PrepareStop() (and before OnStop()). This is a hook
+	 * into preparing the thread for stopping. It will be called from
+	 * Bro's main thread before the thread has been signaled to stop.
+	 */
+	virtual void OnPrepareStop()	{}
+
+	/**
+	 * Executed with Stop() (and after OnPrepareStop()). This is a hook
+	 * into stopping the thread. It will be called from Bro's main thread
+	 * after the thread has been signaled to stop.
 	 */
 	virtual void OnStop()	{}
 
+	/**
+	 * Executed with Kill(). This is a hook into killing the thread.
+	 */
+	virtual void OnKill()	{}
+
 	/**
 	 * Destructor. This will be called by the manager.
 	 *
@@ -153,14 +186,18 @@ protected:
 	 */
 	void Kill();
 
+	/** Called by child thread's launcher when it's done processing. */
+	void Done();
+
 private:
 	// pthread entry function.
 	static void* launcher(void *arg);
 
-	string name;
+	const char* name;
 	pthread_t pthread;
 	bool started; 		// Set to to true once running.
 	bool terminating;	// Set to to true to signal termination.
+	bool killed;	// Set to true once forcefully killed.
 
 	// Used as a semaphore to tell the pthread thread when it may
 	// terminate.
diff --git a/src/threading/Manager.cc b/src/threading/Manager.cc
index f1f9307b03..b997aeec47 100644
--- a/src/threading/Manager.cc
+++ b/src/threading/Manager.cc
@@ -30,6 +30,10 @@ void Manager::Terminate()
 	do Process(); while ( did_process );
 
 	// Signal all to stop.
+
+	for ( all_thread_list::iterator i = all_threads.begin(); i != all_threads.end(); i++ )
+		(*i)->PrepareStop();
+
 	for ( all_thread_list::iterator i = all_threads.begin(); i != all_threads.end(); i++ )
 		(*i)->Stop();
 
@@ -50,14 +54,14 @@ void Manager::Terminate()
 
 void Manager::AddThread(BasicThread* thread)
 	{
-	DBG_LOG(DBG_THREADING, "Adding thread %s ...", thread->Name().c_str());
+	DBG_LOG(DBG_THREADING, "Adding thread %s ...", thread->Name());
 	all_threads.push_back(thread);
 	idle = false;
 	}
 
 void Manager::AddMsgThread(MsgThread* thread)
 	{
-	DBG_LOG(DBG_THREADING, "%s is a MsgThread ...", thread->Name().c_str());
+	DBG_LOG(DBG_THREADING, "%s is a MsgThread ...", thread->Name());
 	msg_threads.push_back(thread);
 	}
 
@@ -114,6 +118,12 @@ void Manager::Process()
 			{
 			Message* msg = t->RetrieveOut();
 
+			if ( ! msg )
+				{
+				assert(t->Killed());
+				break;
+				}
+
 			if ( msg->Process() )
 				{
 				if ( network_time )
@@ -122,10 +132,9 @@ void Manager::Process()
 
 			else
 				{
-				string s = msg->Name() + " failed, terminating thread";
-				reporter->Error("%s", s.c_str());
+				reporter->Error("%s failed, terminating thread", msg->Name());
 				t->Stop();
-			}
+				}
 
 			delete msg;
 			}
diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc
index 3913624654..3e06a3fe1e 100644
--- a/src/threading/MsgThread.cc
+++ b/src/threading/MsgThread.cc
@@ -29,16 +29,6 @@ private:
 	double network_time;
 };
 
-// A dummy message that's only purpose is unblock the current read operation
-// so that the child's Run() methods can check the termination status.
-class UnblockMessage : public InputMessage<MsgThread>
-{
-public:
-	UnblockMessage(MsgThread* thread) : InputMessage<MsgThread>("Unblock", thread)	{ }
-
-	virtual bool Process()	{ return true; }
-};
-
 /// Sends a heartbeat to the child thread.
 class HeartbeatMessage : public InputMessage<MsgThread>
 {
@@ -66,14 +56,16 @@ public:
 		INTERNAL_WARNING, INTERNAL_ERROR
 	};
 
-	ReporterMessage(Type arg_type, MsgThread* thread, const string& arg_msg)
+	ReporterMessage(Type arg_type, MsgThread* thread, const char* arg_msg)
 		: OutputMessage<MsgThread>("ReporterMessage", thread)
-		{ type = arg_type; msg = arg_msg; }
+		{ type = arg_type; msg = copy_string(arg_msg); }
+
+	~ReporterMessage() 	 { delete [] msg; }
 
 	virtual bool Process();
 
 private:
-	string msg;
+	const char* msg;
 	Type type;
 };
 
@@ -82,18 +74,19 @@ private:
 class DebugMessage : public OutputMessage<MsgThread>
 {
 public:
-	DebugMessage(DebugStream arg_stream, MsgThread* thread, const string& arg_msg)
+	DebugMessage(DebugStream arg_stream, MsgThread* thread, const char* arg_msg)
 		: OutputMessage<MsgThread>("DebugMessage", thread)
-		{ stream = arg_stream; msg = arg_msg; }
+		{ stream = arg_stream; msg = copy_string(arg_msg); }
+
+	virtual ~DebugMessage()	{ delete [] msg; }
 
 	virtual bool Process()
 		{
-		string s = Object()->Name() + ": " + msg;
-		debug_logger.Log(stream, "%s", s.c_str());
+		debug_logger.Log(stream, "%s: %s", Object()->Name(), msg);
 		return true;
 		}
 private:
-	string msg;
+	const char* msg;
 	DebugStream stream;
 };
 #endif
@@ -104,41 +97,39 @@ private:
 
 Message::~Message()
 	{
+	delete [] name;
 	}
 
 bool ReporterMessage::Process()
 	{
-	string s = Object()->Name() + ": " + msg;
-	const char* cmsg = s.c_str();
-
 	switch ( type ) {
 
 	case INFO:
-		reporter->Info("%s", cmsg);
+		reporter->Info("%s: %s", Object()->Name(), msg);
 		break;
 
 	case WARNING:
-		reporter->Warning("%s", cmsg);
+		reporter->Warning("%s: %s", Object()->Name(), msg);
 		break;
 
 	case ERROR:
-		reporter->Error("%s", cmsg);
+		reporter->Error("%s: %s", Object()->Name(), msg);
 		break;
 
 	case FATAL_ERROR:
-		reporter->FatalError("%s", cmsg);
+		reporter->FatalError("%s: %s", Object()->Name(), msg);
 		break;
 
 	case FATAL_ERROR_WITH_CORE:
-		reporter->FatalErrorWithCore("%s", cmsg);
+		reporter->FatalErrorWithCore("%s: %s", Object()->Name(), msg);
 		break;
 
 	case INTERNAL_WARNING:
-		reporter->InternalWarning("%s", cmsg);
+		reporter->InternalWarning("%s: %s", Object()->Name(), msg);
 		break;
 
 	case INTERNAL_ERROR :
-		reporter->InternalError("%s", cmsg);
+		reporter->InternalError("%s: %s", Object()->Name(), msg);
 		break;
 
 	default:
@@ -148,62 +139,78 @@ bool ReporterMessage::Process()
 	return true;
 	}
 
-MsgThread::MsgThread() : BasicThread()
+MsgThread::MsgThread() : BasicThread(), queue_in(this, 0), queue_out(0, this)
 	{
 	cnt_sent_in = cnt_sent_out = 0;
 	finished = false;
-	stopped = false;
 	thread_mgr->AddMsgThread(this);
 	}
 
 // Set by Bro's main signal handler.
 extern int signal_val;
 
-void MsgThread::OnStop()
+void MsgThread::OnPrepareStop()
 	{
-	if ( stopped )
+	if ( finished || Killed() )
 		return;
 
+	// XX fprintf(stderr, "Sending FINISH to thread %s  ...\n", Name());
+
 	// Signal thread to terminate and wait until it has acknowledged.
 	SendIn(new FinishMessage(this, network_time), true);
+	}
 
+void MsgThread::OnStop()
+	{
+	int signal_count = 0;
 	int old_signal_val = signal_val;
 	signal_val = 0;
 
 	int cnt = 0;
-	bool aborted = 0;
+	uint64_t last_size = 0;
+	uint64_t cur_size = 0;
 
-	while ( ! finished )
+	// XX fprintf(stderr, "WAITING for thread %s to stop ...\n", Name());
+
+	while ( ! (finished || Killed() ) )
 		{
                 // Terminate if we get another kill signal.
 		if ( signal_val == SIGTERM || signal_val == SIGINT )
 			{
-			// Abort all threads here so that we won't hang next
-			// on another one.
-                        fprintf(stderr, "received signal while waiting for thread %s, aborting all ...\n", Name().c_str());
-			thread_mgr->KillThreads();
-			aborted = true;
-			break;
+			++signal_count;
+
+			if ( signal_count == 1 )
+				{
+				// Abort all threads here so that we won't hang next
+				// on another one.
+				fprintf(stderr, "received signal while waiting for thread %s, aborting all ...\n", Name());
+				thread_mgr->KillThreads();
+				}
+			else
+				{
+				// More than one signal. Abort processing
+				// right away. on another one.
+				fprintf(stderr, "received another signal while waiting for thread %s, aborting processing\n", Name());
+				exit(1);
+				}
+
+			signal_val = 0;
 			}
 
-		if ( ++cnt % 10000 == 0 ) // Insurance against broken threads ...
-			{
-                        fprintf(stderr, "killing thread %s ...\n", Name().c_str());
-			Kill();
-			aborted = true;
-			break;
-			}
+		queue_in.WakeUp();
 
 		usleep(1000);
 		}
 
-	Finished();
-
 	signal_val = old_signal_val;
+	}
 
-	// One more message to make sure the current queue read operation unblocks.
-	if ( ! aborted )
-		SendIn(new UnblockMessage(this), true);
+void MsgThread::OnKill()
+	{
+	// Send a message to unblock the reader if its currently waiting for
+	// input. This is just an optimization to make it terminate more
+	// quickly, even without the message it will eventually time out.
+	queue_in.WakeUp();
 	}
 
 void MsgThread::Heartbeat()
@@ -213,9 +220,7 @@ void MsgThread::Heartbeat()
 
 void MsgThread::HeartbeatInChild()
 	{
-	string n = Name();
-
-	n = Fmt("bro: %s (%" PRIu64 "/%" PRIu64 ")", n.c_str(),
+	string n = Fmt("bro: %s (%" PRIu64 "/%" PRIu64 ")", Name(),
 		cnt_sent_in - queue_in.Size(),
 		cnt_sent_out - queue_out.Size());
 
@@ -283,7 +288,7 @@ void MsgThread::SendIn(BasicInputMessage* msg, bool force)
 		return;
 		}
 
-	DBG_LOG(DBG_THREADING, "Sending '%s' to %s ...", msg->Name().c_str(), Name().c_str());
+	DBG_LOG(DBG_THREADING, "Sending '%s' to %s ...", msg->Name(), Name());
 
 	queue_in.Put(msg);
 	++cnt_sent_in;
@@ -306,9 +311,10 @@ void MsgThread::SendOut(BasicOutputMessage* msg, bool force)
 BasicOutputMessage* MsgThread::RetrieveOut()
 	{
 	BasicOutputMessage* msg = queue_out.Get();
-	assert(msg);
+	if ( ! msg )
+		return 0;
 
-	DBG_LOG(DBG_THREADING, "Retrieved '%s' from %s",  msg->Name().c_str(), Name().c_str());
+	DBG_LOG(DBG_THREADING, "Retrieved '%s' from %s",  msg->Name(), Name());
 
 	return msg;
 	}
@@ -316,10 +322,12 @@ BasicOutputMessage* MsgThread::RetrieveOut()
 BasicInputMessage* MsgThread::RetrieveIn()
 	{
 	BasicInputMessage* msg = queue_in.Get();
-	assert(msg);
+
+	if ( ! msg )
+		return 0;
 
 #ifdef DEBUG
-	string s = Fmt("Retrieved '%s' in %s",  msg->Name().c_str(), Name().c_str());
+	string s = Fmt("Retrieved '%s' in %s",  msg->Name(), Name());
 	Debug(DBG_THREADING, s.c_str());
 #endif
 
@@ -328,15 +336,18 @@ BasicInputMessage* MsgThread::RetrieveIn()
 
 void MsgThread::Run()
 	{
-	while ( ! finished )
+	while ( ! (finished || Killed() ) )
 		{
 		BasicInputMessage* msg = RetrieveIn();
 
+		if ( ! msg )
+			continue;
+
 		bool result = msg->Process();
 
 		if ( ! result )
 			{
-			string s = msg->Name() + " failed, terminating thread (MsgThread)";
+			string s = Fmt("%s failed, terminating thread (MsgThread)", Name());
 			Error(s.c_str());
 			break;
 			}
@@ -344,7 +355,7 @@ void MsgThread::Run()
 		delete msg;
 		}
 
-    Finished();
+	Finished();
 	}
 
 void MsgThread::GetStats(Stats* stats)
diff --git a/src/threading/MsgThread.h b/src/threading/MsgThread.h
index d929c1f806..1d9b17c7d9 100644
--- a/src/threading/MsgThread.h
+++ b/src/threading/MsgThread.h
@@ -228,6 +228,8 @@ protected:
 	 */
 	virtual void Run();
 	virtual void OnStop();
+	virtual void OnPrepareStop();
+	virtual void OnKill();
 
 private:
 	/**
@@ -293,7 +295,6 @@ private:
 	uint64_t cnt_sent_out;	// Counts message sent by child.
 
 	bool finished;	// Set to true by Finished message.
-	bool stopped;   // Set to true by OnStop().
 };
 
 /**
@@ -312,7 +313,7 @@ public:
 	 * what's passed into the constructor and used mainly for debugging
 	 * purposes.
 	 */
-	const string& Name() const { return name; }
+	const char* Name() const { return name; }
 
 	/**
 	 * Callback that must be overriden for processing a message.
@@ -326,10 +327,11 @@ protected:
 	 * @param arg_name A descriptive name for the type of message. Used
 	 * mainly for debugging purposes.
 	 */
-	Message(const string& arg_name)	{ name = arg_name; }
+	Message(const char* arg_name)
+		{ name = copy_string(arg_name); }
 
 private:
-	string name;
+	const char* name;
 };
 
 /**
@@ -344,7 +346,7 @@ protected:
 	 * @param name A descriptive name for the type of message. Used
 	 * mainly for debugging purposes.
 	 */
-	BasicInputMessage(const string& name) : Message(name)	{}
+	BasicInputMessage(const char* name) : Message(name)	{}
 };
 
 /**
@@ -359,7 +361,7 @@ protected:
 	 * @param name A descriptive name for the type of message. Used
 	 * mainly for debugging purposes.
 	 */
-	BasicOutputMessage(const string& name) : Message(name)	{}
+	BasicOutputMessage(const char* name) : Message(name)	{}
 };
 
 /**
@@ -384,7 +386,7 @@ protected:
 	 *
 	 * @param arg_object: An object to store with the message. 
 	 */
-	InputMessage(const string& name, O* arg_object) : BasicInputMessage(name)
+	InputMessage(const char* name, O* arg_object) : BasicInputMessage(name)
 		{ object = arg_object; }
 
 private:
@@ -413,7 +415,7 @@ protected:
 	 *
 	 * @param arg_object An object to store with the message. 
 	 */
-	OutputMessage(const string& name, O* arg_object) : BasicOutputMessage(name)
+	OutputMessage(const char* name, O* arg_object) : BasicOutputMessage(name)
 		{ object = arg_object; }
 
 private:
diff --git a/src/threading/Queue.h b/src/threading/Queue.h
index b2ccd2a0ce..29a8084352 100644
--- a/src/threading/Queue.h
+++ b/src/threading/Queue.h
@@ -1,4 +1,3 @@
-
 #ifndef THREADING_QUEUE_H
 #define THREADING_QUEUE_H
 
@@ -6,11 +5,28 @@
 #include <queue>
 #include <deque>
 #include <stdint.h>
+#include <sys/time.h>
 
 #include "Reporter.h"
+#include "BasicThread.h"
 
 #undef Queue // Defined elsewhere unfortunately.
 
+#if 1
+// We don't have pthread spinlocks on DARWIN.
+# define PTHREAD_MUTEX_T      pthread_mutex_t
+# define PTHREAD_MUTEX_LOCK(x)    pthread_mutex_lock(x)
+# define PTHREAD_MUTEX_UNLOCK(x)  pthread_mutex_unlock(x)
+# define PTHREAD_MUTEX_INIT(x)    pthread_mutex_init(x, 0)
+# define PTHREAD_MUTEX_DESTROY(x) pthread_mutex_destroy(x)
+#else
+# define PTHREAD_MUTEX_T          pthrea_spinlock_T
+# define PTHREAD_MUTEX_LOCK(x)    pthrea_spin_lock(x)
+# define PTHREAD_MUTEX_UNLOCK(x)  pthrea_spin_unlock(x)
+# define PTHREAD_MUTEX_INIT(x)    pthrea_spin_init(x, PTHREAD_PROCESS_PRIVATE)
+# define PTHREAD_MUTEX_DESTROY(x) pthrea_spin_destroy(x)
+#endif
+
 namespace threading {
 
 /**
@@ -30,8 +46,12 @@ class Queue
 public:
 	/**
 	 * Constructor.
+	 *
+	 * reader, writer: The corresponding threads. This is for checking
+	 * whether they have terminated so that we can abort I/O opeations.
+	 * Can be left null for the main thread.
 	 */
-	Queue();
+	Queue(BasicThread* arg_reader, BasicThread* arg_writer);
 
 	/**
 	 * Destructor.
@@ -39,7 +59,9 @@ public:
 	~Queue();
 
 	/**
-	 * Retrieves one elment.
+	 * Retrieves one elment. This may block for a little while of no
+	 * input is available and eventually return with a null element if
+	 * nothing shows up.
 	 */
 	T Get();
 
@@ -60,6 +82,11 @@ public:
 	 */
 	bool MaybeReady() { return ( ( read_ptr - write_ptr) != 0 ); }
 
+	/** Wake up the reader if it's currently blocked for input. This is
+	 primarily to give it a chance to check termination quickly.
+	**/
+	void WakeUp();
+
 	/**
 	 * Returns the number of queued items not yet retrieved.
 	 */
@@ -82,45 +109,50 @@ public:
 	void GetStats(Stats* stats);
 
 private:
-	static const int NUM_QUEUES = 8;
+	static const int NUM_QUEUES = 15;
 
-	pthread_mutex_t mutex[NUM_QUEUES];	// Mutex protected shared accesses.
+	PTHREAD_MUTEX_T mutex[NUM_QUEUES];	// Mutex protected shared accesses.
 	pthread_cond_t has_data[NUM_QUEUES];	// Signals when data becomes available
 	std::queue<T> messages[NUM_QUEUES];	// Actually holds the queued messages
 
 	int read_ptr;	// Where the next operation will read from
 	int write_ptr;	// Where the next operation will write to
 
+	BasicThread* reader;
+	BasicThread* writer;
+
 	// Statistics.
 	uint64_t num_reads;
 	uint64_t num_writes;
 };
 
-inline static void safe_lock(pthread_mutex_t* mutex)
+inline static void safe_lock(PTHREAD_MUTEX_T* mutex)
 	{
-	if ( pthread_mutex_lock(mutex) != 0 )
+	if ( PTHREAD_MUTEX_LOCK(mutex) != 0 )
 		reporter->FatalErrorWithCore("cannot lock mutex");
 	}
 
-inline static void safe_unlock(pthread_mutex_t* mutex)
+inline static void safe_unlock(PTHREAD_MUTEX_T* mutex)
 	{
-	if ( pthread_mutex_unlock(mutex) != 0 )
+	if ( PTHREAD_MUTEX_UNLOCK(mutex) != 0 )
 		reporter->FatalErrorWithCore("cannot unlock mutex");
 	}
 
 template<typename T>
-inline Queue<T>::Queue()
+inline Queue<T>::Queue(BasicThread* arg_reader, BasicThread* arg_writer)
 	{
 	read_ptr = 0;
 	write_ptr = 0;
 	num_reads = num_writes = 0;
+	reader = arg_reader;
+	writer = arg_writer;
 
 	for( int i = 0; i < NUM_QUEUES; ++i )
 		{
-		if ( pthread_cond_init(&has_data[i], NULL) != 0 )
+		if ( pthread_cond_init(&has_data[i], 0) != 0 )
 			reporter->FatalError("cannot init queue condition variable");
 
-		if ( pthread_mutex_init(&mutex[i], NULL) != 0 )
+		if ( PTHREAD_MUTEX_INIT(&mutex[i]) != 0 )
 			reporter->FatalError("cannot init queue mutex");
 		}
 	}
@@ -131,19 +163,30 @@ inline Queue<T>::~Queue()
 	for( int i = 0; i < NUM_QUEUES; ++i )
 		{
 		pthread_cond_destroy(&has_data[i]);
-		pthread_mutex_destroy(&mutex[i]);
+		PTHREAD_MUTEX_DESTROY(&mutex[i]);
 		}
 	}
 
 template<typename T>
 inline T Queue<T>::Get()
 	{
+	if ( (reader && reader->Killed()) || (writer && writer->Killed()) )
+		return 0;
+
 	safe_lock(&mutex[read_ptr]);
 
 	int old_read_ptr = read_ptr;
 
 	if ( messages[read_ptr].empty() )
-		pthread_cond_wait(&has_data[read_ptr], &mutex[read_ptr]);
+		{
+		struct timespec ts;
+		ts.tv_sec = time(0) + 5;
+		ts.tv_nsec = 0;
+
+		pthread_cond_timedwait(&has_data[read_ptr], &mutex[read_ptr], &ts);
+		safe_unlock(&mutex[read_ptr]);
+		return 0;
+		}
 
 	T data = messages[read_ptr].front();
 	messages[read_ptr].pop();
@@ -222,6 +265,17 @@ inline void Queue<T>::GetStats(Stats* stats)
 		safe_unlock(&mutex[i]);
 	}
 
+template<typename T>
+inline void Queue<T>::WakeUp()
+	{
+	for ( int i = 0; i < NUM_QUEUES; i++ )
+		{
+		safe_lock(&mutex[i]);
+		pthread_cond_signal(&has_data[i]);
+		safe_unlock(&mutex[i]);
+		}
+	}
+
 }
 
 
diff --git a/src/threading/SerialTypes.cc b/src/threading/SerialTypes.cc
index 4494e1b245..c0e26ccb32 100644
--- a/src/threading/SerialTypes.cc
+++ b/src/threading/SerialTypes.cc
@@ -11,23 +11,54 @@ bool Field::Read(SerializationFormat* fmt)
 	{
 	int t;
 	int st;
+	string tmp_name;
+	bool have_2nd;
 
-	bool success = (fmt->Read(&name, "name")
-			&& fmt->Read(&secondary_name, "secondary_name")
+	if ( ! fmt->Read(&have_2nd, "have_2nd") )
+		return false;
+
+	if ( have_2nd )
+		{
+		string tmp_secondary_name;
+		if ( ! fmt->Read(&tmp_secondary_name, "secondary_name") )
+			return false;
+
+		secondary_name = copy_string(tmp_secondary_name.c_str());
+		}
+	else
+		secondary_name = 0;
+
+	bool success = (fmt->Read(&tmp_name, "name")
 			&& fmt->Read(&t, "type")
 			&& fmt->Read(&st, "subtype")
 			&& fmt->Read(&optional, "optional"));
 
+	if ( ! success )
+		return false;
+
+	name = copy_string(tmp_name.c_str());
+
 	type = (TypeTag) t;
 	subtype = (TypeTag) st;
 
-	return success;
+	return true;
 	}
 
 bool Field::Write(SerializationFormat* fmt) const
 	{
+	assert(name);
+
+	if ( secondary_name )
+		{
+		if ( ! (fmt->Write(true, "have_2nd")
+			&& fmt->Write(secondary_name, "secondary_name")) )
+			return false;
+		}
+	else
+		if ( ! fmt->Write(false, "have_2nd") )
+			return false;
+
 	return (fmt->Write(name, "name")
-		&& fmt->Write(secondary_name, "secondary_name")
 		&& fmt->Write((int)type, "type")
 		&& fmt->Write((int)subtype, "subtype"),
 		fmt->Write(optional, "optional"));
@@ -51,7 +82,7 @@ Value::~Value()
 	{
 	if ( (type == TYPE_ENUM || type == TYPE_STRING || type == TYPE_FILE || type == TYPE_FUNC)
 	     && present )
-		delete val.string_val;
+		delete [] val.string_val.data;
 
 	if ( type == TYPE_TABLE && present )
 		{
@@ -224,10 +255,7 @@ bool Value::Read(SerializationFormat* fmt)
 	case TYPE_STRING:
 	case TYPE_FILE:
 	case TYPE_FUNC:
-		{
-		val.string_val = new string;
-		return fmt->Read(val.string_val, "string");
-		}
+		return fmt->Read(&val.string_val.data, &val.string_val.length, "string");
 
 	case TYPE_TABLE:
 		{
@@ -339,7 +367,7 @@ bool Value::Write(SerializationFormat* fmt) const
 	case TYPE_STRING:
 	case TYPE_FILE:
 	case TYPE_FUNC:
-		return fmt->Write(*val.string_val, "string");
+		return fmt->Write(val.string_val.data, val.string_val.length, "string");
 
 	case TYPE_TABLE:
 		{
diff --git a/src/threading/SerialTypes.h b/src/threading/SerialTypes.h
index 283d88bf4c..60aee2411e 100644
--- a/src/threading/SerialTypes.h
+++ b/src/threading/SerialTypes.h
@@ -12,6 +12,7 @@
 using namespace std;
 
 class SerializationFormat;
+class RemoteSerializer;
 
 namespace threading {
 
@@ -19,10 +20,10 @@ namespace threading {
  * Definition of a log file, i.e., one column of a log stream.
  */
 struct Field {
-	string name;	//! Name of the field.
+	const char* name;	//! Name of the field.
 	//! Needed by input framework. Port fields have two names (one for the
 	//! port, one for the type), and this specifies the secondary name.
-	string secondary_name;
+	const char* secondary_name;
 	TypeTag type;	//! Type of the field.
 	TypeTag subtype;	//! Inner type for sets.
 	bool optional;	//! True if field is optional.
@@ -30,13 +31,24 @@ struct Field {
 	/**
 	 * Constructor.
 	 */
-	Field() 	{ subtype = TYPE_VOID; optional = false; }
+	Field(const char* name, const char* secondary_name, TypeTag type, TypeTag subtype, bool optional)
+		: name(name ? copy_string(name) : 0),
+		  secondary_name(secondary_name ? copy_string(secondary_name) : 0),
+		  type(type), subtype(subtype), optional(optional)	{ }
 
 	/**
 	 * Copy constructor.
 	 */
 	Field(const Field& other)
-		: name(other.name), type(other.type), subtype(other.subtype), optional(other.optional) {  }
+		: name(other.name ? copy_string(other.name) : 0),
+		  secondary_name(other.secondary_name ? copy_string(other.secondary_name) : 0),
+		  type(other.type), subtype(other.subtype), optional(other.optional)	{ }
+
+	~Field()
+		{
+		delete [] name;
+		delete [] secondary_name;
+		}
 
 	/**
 	 * Unserializes a field.
@@ -63,6 +75,12 @@ struct Field {
 	 * thread-safe.
 	 */
 	string TypeName() const;
+
+private:
+	friend class ::RemoteSerializer;
+
+	// Force usage of constructor above.
+	Field()	{};
 };
 
 /**
@@ -102,7 +120,11 @@ struct Value {
 		vec_t vector_val;
 		addr_t addr_val;
 		subnet_t subnet_val;
-		string* string_val;
+
+		struct {
+			char* data;
+			int length;
+		} string_val;
 	} val;
 
 	/**
@@ -147,7 +169,7 @@ struct Value {
 	static bool IsCompatibleType(BroType* t, bool atomic_only=false);
 
 private:
-friend class ::IPAddr;
+	friend class ::IPAddr;
 	Value(const Value& other)	{ } // Disabled.
 };
 
diff --git a/testing/btest/istate/events.bro b/testing/btest/istate/events.bro
index 1f05dfc729..9298ac1c01 100644
--- a/testing/btest/istate/events.bro
+++ b/testing/btest/istate/events.bro
@@ -11,8 +11,8 @@
 # @TEST-EXEC: cat receiver/http.log $SCRIPTS/diff-remove-timestamps >receiver.http.log
 # @TEST-EXEC: cmp sender.http.log receiver.http.log
 # 
-# @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g'  >events.snd.log
-# @TEST-EXEC: bro -x receiver/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g'  >events.rec.log
+# @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' | $SCRIPTS/diff-remove-timestamps >events.snd.log
+# @TEST-EXEC: bro -x receiver/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' | $SCRIPTS/diff-remove-timestamps  >events.rec.log
 # @TEST-EXEC: btest-diff events.rec.log
 # @TEST-EXEC: btest-diff events.snd.log
 # @TEST-EXEC: cmp events.rec.log events.snd.log
diff --git a/testing/scripts/diff-remove-timestamps b/testing/scripts/diff-remove-timestamps
index 2b029789de..9398c1cb4b 100755
--- a/testing/scripts/diff-remove-timestamps
+++ b/testing/scripts/diff-remove-timestamps
@@ -3,6 +3,4 @@
 # Replace anything which looks like timestamps with XXXs (including the #start/end markers in logs).
 
 sed 's/[0-9]\{10\}\.[0-9]\{2,8\}/XXXXXXXXXX.XXXXXX/g' | \
-sed 's/^#\(start\|end\).20..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g' | \
-grep -v '#start' | grep -v '#end'
-
+sed 's/^#\(start\|end\).20..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g'

From 5cfb8d65c3a205a3a8c03dccc041a8b24d070a49 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Thu, 19 Jul 2012 18:57:15 -0700
Subject: [PATCH 48/60] Updating tests for the #start/#end change.

---
 aux/binpac                                    |  2 +-
 aux/bro-aux                                   |  2 +-
 aux/broccoli                                  |  2 +-
 aux/broctl                                    |  2 +-
 cmake                                         |  2 +-
 src/logging/writers/Ascii.cc                  |  1 +
 src/threading/BasicThread.cc                  |  8 +++--
 src/threading/BasicThread.h                   |  7 ++--
 src/threading/MsgThread.cc                    |  1 +
 testing/btest/Baseline/bifs.to_double/out     |  2 +-
 testing/btest/Baseline/core.checksums/bad.out | 20 ++++++++++++
 .../btest/Baseline/core.checksums/good.out    | 14 ++++++++
 .../core.disable-mobile-ipv6/weird.log        |  2 ++
 .../Baseline/core.expr-exception/reporter.log | 20 ++++++------
 testing/btest/Baseline/core.ipv6-frag/dns.log |  2 ++
 .../Baseline/core.print-bpf-filters/conn.log  |  2 ++
 .../Baseline/core.print-bpf-filters/output    | 16 +++++++---
 .../core.reporter-error-in-handler/output     |  2 +-
 .../Baseline/core.reporter-fmt-strings/output |  2 +-
 .../Baseline/core.reporter-parse-error/output |  2 +-
 .../core.reporter-runtime-error/output        |  2 +-
 .../core.reporter-type-mismatch/output        |  6 ++--
 .../Baseline/core.reporter/logger-test.log    | 12 +++----
 testing/btest/Baseline/core.reporter/output   |  6 ++--
 testing/btest/Baseline/core.truncation/output |  8 +++++
 .../Baseline/core.tunnels.ayiya/conn.log      |  2 ++
 .../Baseline/core.tunnels.ayiya/http.log      |  2 ++
 .../Baseline/core.tunnels.ayiya/tunnel.log    |  2 ++
 .../core.tunnels.false-teredo/dpd.log         |  2 ++
 .../core.tunnels.false-teredo/weird.log       |  2 ++
 .../Baseline/core.tunnels.teredo/conn.log     |  2 ++
 .../Baseline/core.tunnels.teredo/http.log     |  2 ++
 .../Baseline/core.tunnels.teredo/tunnel.log   |  2 ++
 .../conn.log                                  |  2 ++
 .../http.log                                  |  2 ++
 .../tunnel.log                                |  2 ++
 .../weird.log                                 |  2 ++
 .../btest/Baseline/core.vlan-mpls/conn.log    |  2 ++
 .../canonified_loaded_scripts.log             |  2 ++
 .../coverage.coverage-blacklist/output        | 10 +++---
 .../canonified_loaded_scripts.log             |  2 ++
 .../btest/Baseline/istate.broccoli/bro.log    |  6 ++--
 .../istate.events-ssl/receiver.http.log       |  4 ++-
 .../istate.events-ssl/sender.http.log         |  4 ++-
 .../Baseline/istate.events/receiver.http.log  |  4 ++-
 .../Baseline/istate.events/sender.http.log    |  4 ++-
 .../Baseline/istate.pybroccoli/bro..stdout    |  2 +-
 .../istate.pybroccoli/python..stdout.filtered |  6 ++--
 .../language.wrong-delete-field/output        |  2 +-
 .../send.log                                  | 32 ++++++++++---------
 .../ssh-new-default.log                       |  6 ++--
 .../ssh.log                                   |  2 ++
 .../ssh-filtered.log                          | 10 +++---
 .../test.log                                  |  2 ++
 .../http.log                                  |  2 ++
 .../test.log                                  |  2 ++
 .../ssh.log                                   | 10 +++---
 .../test.log                                  |  4 +--
 .../ssh.log                                   | 10 +++---
 .../test.log                                  |  2 ++
 .../ssh.log                                   |  2 ++
 .../ssh.log                                   |  2 ++
 .../ssh.ds.txt                                | 10 +++---
 .../ssh.log                                   | 12 ++++---
 .../output                                    |  4 +--
 .../ssh.log                                   |  2 ++
 .../ssh.log                                   |  4 ++-
 .../ssh.log                                   | 12 ++++---
 .../local.log                                 |  2 ++
 .../remote.log                                |  2 ++
 .../output                                    | 28 ++++++++++++----
 .../test.failure.log                          |  4 ++-
 .../test.success.log                          |  4 ++-
 .../receiver.test.log                         |  4 ++-
 .../sender.test.failure.log                   |  8 +++--
 .../sender.test.log                           | 12 ++++---
 .../sender.test.success.log                   |  6 ++--
 .../ssh.failure.log                           |  6 ++--
 .../ssh.log                                   |  8 +++--
 .../out                                       | 20 ++++++++++++
 .../out                                       | 20 ++++++++++++
 .../output                                    | 12 ++++---
 .../ssh.log                                   | 12 ++++---
 .../ssh.log                                   |  4 ++-
 .../testing.log                               |  2 ++
 .../ssh.log                                   |  2 ++
 .../manager-1.metrics.log                     |  8 +++--
 .../metrics.log                               |  8 +++--
 .../manager-1.notice.log                      |  4 ++-
 .../notice.log                                |  6 ++--
 .../manager-1.notice.log                      |  4 ++-
 .../manager-1.notice.log                      |  4 ++-
 .../notice.log                                |  4 ++-
 .../conn.log                                  |  2 ++
 .../ftp.log                                   |  2 ++
 .../conn.log                                  |  2 ++
 .../ftp.log                                   |  2 ++
 .../http.log                                  |  2 ++
 .../http.log                                  |  2 ++
 .../http.log                                  |  2 ++
 .../http.log                                  |  2 ++
 .../scripts.base.protocols.irc.basic/irc.log  |  2 ++
 .../irc.log                                   |  2 ++
 .../smtp.log                                  |  2 ++
 .../smtp_entities.log                         |  2 ++
 .../smtp_entities.log                         |  2 ++
 .../socks.log                                 |  2 ++
 .../tunnel.log                                |  2 ++
 .../socks.log                                 |  2 ++
 .../tunnel.log                                |  2 ++
 .../tunnel.log                                |  2 ++
 .../scripts.base.protocols.ssl.basic/ssl.log  |  2 ++
 .../knownhosts-all.log                        |  2 ++
 .../knownhosts-local.log                      |  2 ++
 .../knownhosts-remote.log                     |  2 ++
 .../knownservices-all.log                     |  2 ++
 .../knownservices-local.log                   |  2 ++
 .../knownservices-remote.log                  |  2 ++
 .../dns.log                                   |  2 ++
 testing/btest/istate/events-ssl.bro           |  4 +--
 testing/btest/istate/events.bro               |  4 +--
 .../base/frameworks/logging/ascii-escape.bro  |  1 +
 testing/scripts/diff-remove-timestamps        |  2 +-
 123 files changed, 442 insertions(+), 162 deletions(-)

diff --git a/aux/binpac b/aux/binpac
index b4094cb75e..4ad8d15b63 160000
--- a/aux/binpac
+++ b/aux/binpac
@@ -1 +1 @@
-Subproject commit b4094cb75e0a7769123f7db1f5d73f3f9f1c3977
+Subproject commit 4ad8d15b6395925c9875c9d2912a6cc3b4918e0a
diff --git a/aux/bro-aux b/aux/bro-aux
index 2038e3de04..c691c01e9c 160000
--- a/aux/bro-aux
+++ b/aux/bro-aux
@@ -1 +1 @@
-Subproject commit 2038e3de042115c3caa706426e16c830c1fd1e9e
+Subproject commit c691c01e9cefae5a79bcd4b0f84ca387c8c587a7
diff --git a/aux/broccoli b/aux/broccoli
index 07866915a1..8234b8903c 160000
--- a/aux/broccoli
+++ b/aux/broccoli
@@ -1 +1 @@
-Subproject commit 07866915a1450ddd25b888917f494b4824b0cc3f
+Subproject commit 8234b8903cbc775f341bdb6a1c0159981d88d27b
diff --git a/aux/broctl b/aux/broctl
index 892b60edb9..d5ecd1a42c 160000
--- a/aux/broctl
+++ b/aux/broctl
@@ -1 +1 @@
-Subproject commit 892b60edb967bb456872638f22ba994e84530137
+Subproject commit d5ecd1a42c04b0dca332edc31811e5a6d0f7f2fb
diff --git a/cmake b/cmake
index 96f3d92aca..2a72c5e08e 160000
--- a/cmake
+++ b/cmake
@@ -1 +1 @@
-Subproject commit 96f3d92acadbe1ae64f410e974c5ff503903394b
+Subproject commit 2a72c5e08e018cf632033af3920432d5f684e130
diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc
index 99fd3f3c6e..d3c210ce47 100644
--- a/src/logging/writers/Ascii.cc
+++ b/src/logging/writers/Ascii.cc
@@ -2,6 +2,7 @@
 
 #include <string>
 #include <errno.h>
+#include <fcntl.h>
 
 #include "NetVar.h"
 #include "threading/SerialTypes.h"
diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc
index af57c26939..d4a82316e8 100644
--- a/src/threading/BasicThread.cc
+++ b/src/threading/BasicThread.cc
@@ -93,9 +93,11 @@ const char* BasicThread::Fmt(const char* format, ...)
 
 const char* BasicThread::Strerror(int err)
 	{
-	static char buf[128] = "<not set>";
-	strerror_r(err, buf, sizeof(buf));
-	return buf;
+	if ( ! strerr_buffer )
+		strerr_buffer = new char[256];
+
+	strerror_r(err, strerr_buffer, 256);
+	return strerr_buffer;
 	}
 
 void BasicThread::Start()
diff --git a/src/threading/BasicThread.h b/src/threading/BasicThread.h
index 037420b077..e17324e948 100644
--- a/src/threading/BasicThread.h
+++ b/src/threading/BasicThread.h
@@ -120,8 +120,8 @@ public:
 	/**
 	 * A version of strerror() that the thread can safely use. This is
 	 * essentially a wrapper around strerror_r(). Note that it keeps a
-	 * single static buffer internally so the result remains valid only
-	 * until the next call.
+	 * single buffer per thread internally so the result remains valid
+	 * only until the next call.
 	 */
 	const char* Strerror(int err);
 
@@ -207,6 +207,9 @@ private:
 	char* buf;
 	unsigned int buf_len;
 
+	// For implementating Strerror().
+	char* strerr_buffer;
+
 	static uint64_t thread_counter;
 };
 
diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc
index 3e06a3fe1e..0e55b99ba1 100644
--- a/src/threading/MsgThread.cc
+++ b/src/threading/MsgThread.cc
@@ -5,6 +5,7 @@
 #include "Manager.h"
 
 #include <unistd.h>
+#include <signal.h>
 
 using namespace threading;
 
diff --git a/testing/btest/Baseline/bifs.to_double/out b/testing/btest/Baseline/bifs.to_double/out
index 8c2fef496a..8e172dcaa6 100644
--- a/testing/btest/Baseline/bifs.to_double/out
+++ b/testing/btest/Baseline/bifs.to_double/out
@@ -3,4 +3,4 @@
 -60.0
 3600.0
 86400.0
-1337982322.762159
+1342748947.655087
diff --git a/testing/btest/Baseline/core.checksums/bad.out b/testing/btest/Baseline/core.checksums/bad.out
index 44a27f7f0f..de4538e32b 100644
--- a/testing/btest/Baseline/core.checksums/bad.out
+++ b/testing/btest/Baseline/core.checksums/bad.out
@@ -3,81 +3,101 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-03-26-18-03-01
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1332784981.078396	-	-	-	-	-	bad_IP_checksum	-	F	bro
+#end	2012-03-26-18-03-01
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-03-26-18-01-25
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1332784885.686428	UWkUyAuUGXf	127.0.0.1	30000	127.0.0.1	80	bad_TCP_checksum	-	F	bro
+#end	2012-03-26-18-01-25
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-03-26-18-02-13
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1332784933.501023	UWkUyAuUGXf	127.0.0.1	30000	127.0.0.1	13000	bad_UDP_checksum	-	F	bro
+#end	2012-03-26-18-02-13
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-04-10-16-29-23
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334075363.536871	UWkUyAuUGXf	192.168.1.100	8	192.168.1.101	0	bad_ICMP_checksum	-	F	bro
+#end	2012-04-10-16-29-23
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-03-26-18-06-50
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1332785210.013051	-	-	-	-	-	routing0_hdr	-	F	bro
 1332785210.013051	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	80	bad_TCP_checksum	-	F	bro
+#end	2012-03-26-18-06-50
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-03-26-17-23-00
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1332782580.798420	-	-	-	-	-	routing0_hdr	-	F	bro
 1332782580.798420	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	13000	bad_UDP_checksum	-	F	bro
+#end	2012-03-26-17-23-00
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-04-10-16-25-11
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334075111.800086	-	-	-	-	-	routing0_hdr	-	F	bro
 1334075111.800086	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:78:1:32::1	129	bad_ICMP_checksum	-	F	bro
+#end	2012-04-10-16-25-11
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-03-26-18-07-30
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1332785250.469132	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	80	bad_TCP_checksum	-	F	bro
+#end	2012-03-26-18-07-30
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-03-26-17-02-22
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1332781342.923813	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	13000	bad_UDP_checksum	-	F	bro
+#end	2012-03-26-17-02-22
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-04-10-16-22-19
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334074939.467194	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	bro
+#end	2012-04-10-16-22-19
diff --git a/testing/btest/Baseline/core.checksums/good.out b/testing/btest/Baseline/core.checksums/good.out
index 0010974b7f..ed6c071ffc 100644
--- a/testing/btest/Baseline/core.checksums/good.out
+++ b/testing/btest/Baseline/core.checksums/good.out
@@ -3,54 +3,68 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-04-10-16-22-19
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334074939.467194	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	bro
+#end	2012-04-10-16-22-19
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-03-26-18-05-25
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1332785125.596793	-	-	-	-	-	routing0_hdr	-	F	bro
+#end	2012-03-26-18-05-25
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-03-26-17-21-48
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1332782508.592037	-	-	-	-	-	routing0_hdr	-	F	bro
+#end	2012-03-26-17-21-48
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-04-10-16-23-47
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#end	2012-04-10-16-23-47
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-04-10-16-23-47
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#end	2012-04-10-16-23-47
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-04-10-16-23-47
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#end	2012-04-10-16-23-47
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-04-10-16-23-47
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#end	2012-04-10-16-23-47
diff --git a/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log b/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log
index 478cfe8667..d29456f75f 100644
--- a/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log
+++ b/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-04-05-21-56-51
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1333663011.602839	-	-	-	-	-	unknown_protocol_135	-	F	bro
+#end	2012-04-05-21-56-51
diff --git a/testing/btest/Baseline/core.expr-exception/reporter.log b/testing/btest/Baseline/core.expr-exception/reporter.log
index 2d0441f48a..f9e33d9718 100644
--- a/testing/btest/Baseline/core.expr-exception/reporter.log
+++ b/testing/btest/Baseline/core.expr-exception/reporter.log
@@ -3,14 +3,16 @@
 #empty_field	(empty)
 #unset_field	-
 #path	reporter
+#start	2011-03-18-19-06-08
 #fields	ts	level	message	location
 #types	time	enum	string	string
-1300475168.783842	Reporter::ERROR	field value missing [c$ftp]	/home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
-1300475168.915940	Reporter::ERROR	field value missing [c$ftp]	/home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
-1300475168.916118	Reporter::ERROR	field value missing [c$ftp]	/home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
-1300475168.918295	Reporter::ERROR	field value missing [c$ftp]	/home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
-1300475168.952193	Reporter::ERROR	field value missing [c$ftp]	/home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
-1300475168.952228	Reporter::ERROR	field value missing [c$ftp]	/home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
-1300475168.954761	Reporter::ERROR	field value missing [c$ftp]	/home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
-1300475168.962628	Reporter::ERROR	field value missing [c$ftp]	/home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
-1300475169.780331	Reporter::ERROR	field value missing [c$ftp]	/home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
+1300475168.783842	Reporter::ERROR	field value missing [c$ftp]	/da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
+1300475168.915940	Reporter::ERROR	field value missing [c$ftp]	/da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
+1300475168.916118	Reporter::ERROR	field value missing [c$ftp]	/da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
+1300475168.918295	Reporter::ERROR	field value missing [c$ftp]	/da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
+1300475168.952193	Reporter::ERROR	field value missing [c$ftp]	/da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
+1300475168.952228	Reporter::ERROR	field value missing [c$ftp]	/da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
+1300475168.954761	Reporter::ERROR	field value missing [c$ftp]	/da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
+1300475168.962628	Reporter::ERROR	field value missing [c$ftp]	/da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
+1300475169.780331	Reporter::ERROR	field value missing [c$ftp]	/da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
+#end	2011-03-18-19-06-13
diff --git a/testing/btest/Baseline/core.ipv6-frag/dns.log b/testing/btest/Baseline/core.ipv6-frag/dns.log
index 251f35d789..2003d1f253 100644
--- a/testing/btest/Baseline/core.ipv6-frag/dns.log
+++ b/testing/btest/Baseline/core.ipv6-frag/dns.log
@@ -3,7 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dns
+#start	2012-03-07-01-37-58
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs
 #types	time	string	addr	port	addr	port	enum	count	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]
 1331084278.438444	UWkUyAuUGXf	2001:470:1f11:81f:d138:5f55:6d4:1fe2	51850	2607:f740:b::f93	53	udp	3903	txtpadding_323.n1.netalyzr.icsi.berkeley.edu	1	C_INTERNET	16	TXT	0	NOERROR	T	F	T	F	0	This TXT record should be ignored	1.000000
 1331084293.592245	arKYeMETxOg	2001:470:1f11:81f:d138:5f55:6d4:1fe2	51851	2607:f740:b::f93	53	udp	40849	txtpadding_3230.n1.netalyzr.icsi.berkeley.edu	1	C_INTERNET	16	TXT	0	NOERROR	T	F	T	F	0	This TXT record should be ignored	1.000000
+#end	2012-03-07-01-38-18
diff --git a/testing/btest/Baseline/core.print-bpf-filters/conn.log b/testing/btest/Baseline/core.print-bpf-filters/conn.log
index b563c4a3ed..4033b64e2a 100644
--- a/testing/btest/Baseline/core.print-bpf-filters/conn.log
+++ b/testing/btest/Baseline/core.print-bpf-filters/conn.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
+#start	2005-10-07-23-23-57
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	table[string]
 1128727435.450898	UWkUyAuUGXf	141.42.64.125	56730	125.190.109.199	80	tcp	http	1.733303	98	9417	SF	-	0	ShADdFaf	12	730	10	9945	(empty)
+#end	2005-10-07-23-23-57
diff --git a/testing/btest/Baseline/core.print-bpf-filters/output b/testing/btest/Baseline/core.print-bpf-filters/output
index d1c2d47893..e4bc04192a 100644
--- a/testing/btest/Baseline/core.print-bpf-filters/output
+++ b/testing/btest/Baseline/core.print-bpf-filters/output
@@ -3,30 +3,38 @@
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
+#start	1970-01-01-00-00-00
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1340229717.179155	-	ip or not ip	T	T
+1342748953.570646	-	ip or not ip	T	T
+#end	<abnormal termination>
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
+#start	1970-01-01-00-00-00
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1340229717.462355	-	(((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (tcp port 1080)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port 25 or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666)	T	T
+1342748953.898675	-	(((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (tcp port 1080)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port 25 or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666)	T	T
+#end	<abnormal termination>
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
+#start	1970-01-01-00-00-00
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1340229717.733007	-	port 42	T	T
+1342748954.278211	-	port 42	T	T
+#end	<abnormal termination>
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
+#start	1970-01-01-00-00-00
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1340229718.001009	-	port 56730	T	T
+1342748954.883780	-	port 56730	T	T
+#end	2005-10-07-23-23-57
diff --git a/testing/btest/Baseline/core.reporter-error-in-handler/output b/testing/btest/Baseline/core.reporter-error-in-handler/output
index 3d8aa6ff54..83b310ab61 100644
--- a/testing/btest/Baseline/core.reporter-error-in-handler/output
+++ b/testing/btest/Baseline/core.reporter-error-in-handler/output
@@ -1,2 +1,2 @@
-error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-error-in-handler/reporter-error-in-handler.bro, line 22: no such index (a[2])
+error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-error-in-handler/reporter-error-in-handler.bro, line 22: no such index (a[2])
 1st error printed on script level
diff --git a/testing/btest/Baseline/core.reporter-fmt-strings/output b/testing/btest/Baseline/core.reporter-fmt-strings/output
index 4842dd9fc5..bbd76f3447 100644
--- a/testing/btest/Baseline/core.reporter-fmt-strings/output
+++ b/testing/btest/Baseline/core.reporter-fmt-strings/output
@@ -1 +1 @@
-error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-fmt-strings/reporter-fmt-strings.bro, line 9: not an event (dont_interpret_this(%s))
+error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-fmt-strings/reporter-fmt-strings.bro, line 9: not an event (dont_interpret_this(%s))
diff --git a/testing/btest/Baseline/core.reporter-parse-error/output b/testing/btest/Baseline/core.reporter-parse-error/output
index 7606fe5667..76535f75d1 100644
--- a/testing/btest/Baseline/core.reporter-parse-error/output
+++ b/testing/btest/Baseline/core.reporter-parse-error/output
@@ -1 +1 @@
-error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-parse-error/reporter-parse-error.bro, line 7: unknown identifier TESTFAILURE, at or near "TESTFAILURE"
+error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-parse-error/reporter-parse-error.bro, line 7: unknown identifier TESTFAILURE, at or near "TESTFAILURE"
diff --git a/testing/btest/Baseline/core.reporter-runtime-error/output b/testing/btest/Baseline/core.reporter-runtime-error/output
index 3a96954101..59bcc3ac9b 100644
--- a/testing/btest/Baseline/core.reporter-runtime-error/output
+++ b/testing/btest/Baseline/core.reporter-runtime-error/output
@@ -1 +1 @@
-error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-runtime-error/reporter-runtime-error.bro, line 12: no such index (a[1])
+error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-runtime-error/reporter-runtime-error.bro, line 12: no such index (a[1])
diff --git a/testing/btest/Baseline/core.reporter-type-mismatch/output b/testing/btest/Baseline/core.reporter-type-mismatch/output
index 4c038ea8c5..23eefd13e8 100644
--- a/testing/btest/Baseline/core.reporter-type-mismatch/output
+++ b/testing/btest/Baseline/core.reporter-type-mismatch/output
@@ -1,3 +1,3 @@
-error in string and /Users/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11: arithmetic mixed with non-arithmetic (string and 42)
-error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11 and string: type mismatch (42 and string)
-error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11: argument type mismatch in event invocation (foo(42))
+error in string and /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11: arithmetic mixed with non-arithmetic (string and 42)
+error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11 and string: type mismatch (42 and string)
+error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11: argument type mismatch in event invocation (foo(42))
diff --git a/testing/btest/Baseline/core.reporter/logger-test.log b/testing/btest/Baseline/core.reporter/logger-test.log
index bc2abd142a..6f7ba1d8c7 100644
--- a/testing/btest/Baseline/core.reporter/logger-test.log
+++ b/testing/btest/Baseline/core.reporter/logger-test.log
@@ -1,6 +1,6 @@
-reporter_info|init test-info|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 8|0.000000
-reporter_warning|init test-warning|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 9|0.000000
-reporter_error|init test-error|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 10|0.000000
-reporter_info|done test-info|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 15|0.000000
-reporter_warning|done test-warning|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 16|0.000000
-reporter_error|done test-error|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 17|0.000000
+reporter_info|init test-info|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 8|0.000000
+reporter_warning|init test-warning|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 9|0.000000
+reporter_error|init test-error|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 10|0.000000
+reporter_info|done test-info|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 15|0.000000
+reporter_warning|done test-warning|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 16|0.000000
+reporter_error|done test-error|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 17|0.000000
diff --git a/testing/btest/Baseline/core.reporter/output b/testing/btest/Baseline/core.reporter/output
index 185cabb1eb..2735adc931 100644
--- a/testing/btest/Baseline/core.reporter/output
+++ b/testing/btest/Baseline/core.reporter/output
@@ -1,3 +1,3 @@
-/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 52: pre test-info
-warning in /Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 53: pre test-warning
-error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 54: pre test-error
+/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 52: pre test-info
+warning in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 53: pre test-warning
+error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 54: pre test-error
diff --git a/testing/btest/Baseline/core.truncation/output b/testing/btest/Baseline/core.truncation/output
index 95d9073648..836f9170d4 100644
--- a/testing/btest/Baseline/core.truncation/output
+++ b/testing/btest/Baseline/core.truncation/output
@@ -3,30 +3,38 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-04-11-16-01-35
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334160095.895421	-	-	-	-	-	truncated_IP	-	F	bro
+#end	2012-04-11-16-01-35
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-04-11-14-57-21
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334156241.519125	-	-	-	-	-	truncated_IP	-	F	bro
+#end	2012-04-11-14-57-21
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-04-10-21-50-48
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334094648.590126	-	-	-	-	-	truncated_IP	-	F	bro
+#end	2012-04-10-21-50-48
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-05-29-22-02-34
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1338328954.078361	-	-	-	-	-	internally_truncated_header	-	F	bro
+#end	2012-05-29-22-02-34
diff --git a/testing/btest/Baseline/core.tunnels.ayiya/conn.log b/testing/btest/Baseline/core.tunnels.ayiya/conn.log
index db54a8a475..82a3828f0d 100644
--- a/testing/btest/Baseline/core.tunnels.ayiya/conn.log
+++ b/testing/btest/Baseline/core.tunnels.ayiya/conn.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
+#start	2009-11-08-04-41-57
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	table[string]
 1257655301.595604	5OKnoww6xl4	2001:4978:f:4c::2	53382	2001:4860:b002::68	80	tcp	http	2.101052	2981	4665	S1	-	0	ShADad	10	3605	11	5329	k6kgXLOoSKl
@@ -13,3 +14,4 @@
 1257655296.585188	TEfuqmmG4bh	fe80::216:cbff:fe9a:4cb9	131	ff02::1:ff00:2	130	icmp	-	0.919988	32	0	OTH	-	0	-	2	144	0	0	k6kgXLOoSKl
 1257655296.585151	j4u32Pc5bif	fe80::216:cbff:fe9a:4cb9	131	ff02::2:f901:d225	130	icmp	-	0.719947	32	0	OTH	-	0	-	2	144	0	0	k6kgXLOoSKl
 1257655296.585034	nQcgTWjvg4c	fe80::216:cbff:fe9a:4cb9	131	ff02::1:ff9a:4cb9	130	icmp	-	4.922880	32	0	OTH	-	0	-	2	144	0	0	k6kgXLOoSKl
+#end	2009-11-08-04-41-57
diff --git a/testing/btest/Baseline/core.tunnels.ayiya/http.log b/testing/btest/Baseline/core.tunnels.ayiya/http.log
index 7cef1a1b8e..4fbcd508f4 100644
--- a/testing/btest/Baseline/core.tunnels.ayiya/http.log
+++ b/testing/btest/Baseline/core.tunnels.ayiya/http.log
@@ -3,8 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
+#start	2009-11-08-04-41-41
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	file
 1257655301.652206	5OKnoww6xl4	2001:4978:f:4c::2	53382	2001:4860:b002::68	80	1	GET	ipv6.google.com	/	-	Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre)	0	10102	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
 1257655302.514424	5OKnoww6xl4	2001:4978:f:4c::2	53382	2001:4860:b002::68	80	2	GET	ipv6.google.com	/csi?v=3&s=webhp&action=&tran=undefined&e=17259,19771,21517,21766,21887,22212&ei=BUz2Su7PMJTglQfz3NzCAw&rt=prt.77,xjs.565,ol.645	http://ipv6.google.com/	Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre)	0	0	204	No Content	-	-	-	(empty)	-	-	-	-	-	-
 1257655303.603569	5OKnoww6xl4	2001:4978:f:4c::2	53382	2001:4860:b002::68	80	3	GET	ipv6.google.com	/gen_204?atyp=i&ct=fade&cad=1254&ei=BUz2Su7PMJTglQfz3NzCAw&zx=1257655303600	http://ipv6.google.com/	Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre)	0	0	204	No Content	-	-	-	(empty)	-	-	-	-	-	-
+#end	2009-11-08-04-41-57
diff --git a/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log b/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log
index b4ef2781c6..123ea8a792 100644
--- a/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log
@@ -3,9 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
+#start	2009-11-08-04-41-33
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
 1257655293.629048	UWkUyAuUGXf	192.168.3.101	53796	216.14.98.22	5072	Tunnel::AYIYA	Tunnel::DISCOVER
 1257655296.585034	k6kgXLOoSKl	192.168.3.101	53859	216.14.98.22	5072	Tunnel::AYIYA	Tunnel::DISCOVER
 1257655317.464035	k6kgXLOoSKl	192.168.3.101	53859	216.14.98.22	5072	Tunnel::AYIYA	Tunnel::CLOSE
 1257655317.464035	UWkUyAuUGXf	192.168.3.101	53796	216.14.98.22	5072	Tunnel::AYIYA	Tunnel::CLOSE
+#end	2009-11-08-04-41-57
diff --git a/testing/btest/Baseline/core.tunnels.false-teredo/dpd.log b/testing/btest/Baseline/core.tunnels.false-teredo/dpd.log
index 4949f16e62..63a0437445 100644
--- a/testing/btest/Baseline/core.tunnels.false-teredo/dpd.log
+++ b/testing/btest/Baseline/core.tunnels.false-teredo/dpd.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dpd
+#start	2009-11-18-17-59-51
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	analyzer	failure_reason
 #types	time	string	addr	port	addr	port	enum	string	string
 1258567191.486869	UWkUyAuUGXf	192.168.1.105	57696	192.168.1.1	53	udp	TEREDO	Teredo payload length [c\x1d\x81\x80\x00\x01\x00\x02\x00\x02\x00\x00\x04amch\x0equestionmarket\x03com\x00\x00\x01\x00...]
@@ -11,3 +12,4 @@
 1258581768.898165	TEfuqmmG4bh	192.168.1.104	50798	192.168.1.1	53	udp	TEREDO	Teredo payload length [o\xe3\x81\x80\x00\x01\x00\x02\x00\x04\x00\x04\x03www\x0fnashuatelegraph\x03com\x00\x00\x01\x00...]
 1258584478.989528	FrJExwHcSal	192.168.1.104	64963	192.168.1.1	53	udp	TEREDO	Teredo payload length [e\xbd\x81\x80\x00\x01\x00\x08\x00\x06\x00\x06\x08wellness\x05blogs\x04time\x03com\x00\x00\x01\x00...]
 1258600683.934672	5OKnoww6xl4	192.168.1.103	59838	192.168.1.1	53	udp	TEREDO	Teredo payload length [h\xf0\x81\x80\x00\x01\x00\x01\x00\x02\x00\x00\x06update\x0csanasecurity\x03com\x00\x00\x01\x00...]
+#end	2009-11-19-03-18-03
diff --git a/testing/btest/Baseline/core.tunnels.false-teredo/weird.log b/testing/btest/Baseline/core.tunnels.false-teredo/weird.log
index 0ec1d0a7cf..eb4319c7eb 100644
--- a/testing/btest/Baseline/core.tunnels.false-teredo/weird.log
+++ b/testing/btest/Baseline/core.tunnels.false-teredo/weird.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2009-11-18-17-59-51
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1258567191.405770	-	-	-	-	-	truncated_header_in_tunnel	-	F	bro
@@ -11,3 +12,4 @@
 1258581768.568451	-	-	-	-	-	truncated_header_in_tunnel	-	F	bro
 1258584478.859853	-	-	-	-	-	truncated_header_in_tunnel	-	F	bro
 1258600683.934458	-	-	-	-	-	truncated_header_in_tunnel	-	F	bro
+#end	2009-11-19-03-18-03
diff --git a/testing/btest/Baseline/core.tunnels.teredo/conn.log b/testing/btest/Baseline/core.tunnels.teredo/conn.log
index cefc8f3e84..2342953339 100644
--- a/testing/btest/Baseline/core.tunnels.teredo/conn.log
+++ b/testing/btest/Baseline/core.tunnels.teredo/conn.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
+#start	2008-05-16-15-50-57
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	table[string]
 1210953047.736921	arKYeMETxOg	192.168.2.16	1576	75.126.130.163	80	tcp	-	0.000357	0	0	SHR	-	0	fA	1	40	1	40	(empty)
@@ -26,3 +27,4 @@
 1210953052.324629	FrJExwHcSal	fe80::8000:f227:bec8:61af	134	fe80::8000:ffff:ffff:fffd	133	icmp	-	-	-	-	OTH	-	0	-	1	88	0	0	TEfuqmmG4bh
 1210953060.829303	qCaWGmzFtM5	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.463615	4	4	OTH	-	0	-	1	52	1	52	GSxOnSLghOa,nQcgTWjvg4c
 1210953052.202579	j4u32Pc5bif	fe80::8000:ffff:ffff:fffd	133	ff02::2	134	icmp	-	-	-	-	OTH	-	0	-	1	64	0	0	nQcgTWjvg4c
+#end	2008-05-16-15-51-16
diff --git a/testing/btest/Baseline/core.tunnels.teredo/http.log b/testing/btest/Baseline/core.tunnels.teredo/http.log
index b3cf832083..c0db5fc146 100644
--- a/testing/btest/Baseline/core.tunnels.teredo/http.log
+++ b/testing/btest/Baseline/core.tunnels.teredo/http.log
@@ -3,9 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
+#start	2008-05-16-15-50-58
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	file
 1210953057.917183	3PKsZ2Uye21	192.168.2.16	1578	75.126.203.78	80	1	POST	download913.avast.com	/cgi-bin/iavs4stats.cgi	-	Syncer/4.80 (av_pro-1169;f)	589	0	204	<empty>	-	-	-	(empty)	-	-	-	text/plain	-	-
 1210953061.585996	70MGiRM1Qf4	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	1	GET	ipv6.google.com	/	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	6640	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
 1210953073.381474	70MGiRM1Qf4	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	2	GET	ipv6.google.com	/search?hl=en&q=Wireshark+!&btnG=Google+Search	http://ipv6.google.com/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	25119	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
 1210953074.674817	c4Zw9TmAE05	192.168.2.16	1580	67.228.110.120	80	1	GET	www.wireshark.org	/	http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	11845	200	OK	-	-	-	(empty)	-	-	-	text/xml	-	-
+#end	2008-05-16-15-51-16
diff --git a/testing/btest/Baseline/core.tunnels.teredo/tunnel.log b/testing/btest/Baseline/core.tunnels.teredo/tunnel.log
index 9cead25be1..ab14bf68bc 100644
--- a/testing/btest/Baseline/core.tunnels.teredo/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.teredo/tunnel.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
+#start	2008-05-16-15-50-52
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
 1210953052.202579	nQcgTWjvg4c	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::DISCOVER
@@ -11,3 +12,4 @@
 1210953076.058333	nQcgTWjvg4c	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::CLOSE
 1210953076.058333	GSxOnSLghOa	192.168.2.16	3797	83.170.1.38	32900	Tunnel::TEREDO	Tunnel::CLOSE
 1210953076.058333	TEfuqmmG4bh	192.168.2.16	3797	65.55.158.81	3544	Tunnel::TEREDO	Tunnel::CLOSE
+#end	2008-05-16-15-51-16
diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log
index 6ceb4efcb3..7b9ff58624 100644
--- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log
+++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
+#start	2012-06-19-17-39-37
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	table[string]
 1340127577.354166	FrJExwHcSal	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	tcp	http	0.052829	1675	10467	S1	-	0	ShADad	10	2279	12	11191	j4u32Pc5bif
@@ -12,3 +13,4 @@
 1340127577.339015	nQcgTWjvg4c	fe80::8000:f227:bec8:61af	134	fe80::8000:ffff:ffff:fffd	133	icmp	-	-	-	-	OTH	-	0	-	1	88	0	0	k6kgXLOoSKl
 1340127577.343969	TEfuqmmG4bh	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.007778	4	4	OTH	-	0	-	1	52	1	52	UWkUyAuUGXf,j4u32Pc5bif
 1340127577.336558	arKYeMETxOg	fe80::8000:ffff:ffff:fffd	133	ff02::2	134	icmp	-	-	-	-	OTH	-	0	-	1	64	0	0	UWkUyAuUGXf
+#end	2012-06-19-17-39-37
diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log
index 869476d7db..12f0d7be7a 100644
--- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log
+++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log
@@ -3,7 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
+#start	2012-06-19-17-39-37
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	file
 1340127577.361683	FrJExwHcSal	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	1	GET	ipv6.google.com	/	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	6640	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
 1340127577.379360	FrJExwHcSal	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	2	GET	ipv6.google.com	/search?hl=en&q=Wireshark+!&btnG=Google+Search	http://ipv6.google.com/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	25119	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
+#end	2012-06-19-17-39-37
diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log
index 30f88ed251..1a14b3edb7 100644
--- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
+#start	2012-06-19-17-39-37
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
 1340127577.336558	UWkUyAuUGXf	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::DISCOVER
@@ -11,3 +12,4 @@
 1340127577.406995	UWkUyAuUGXf	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::CLOSE
 1340127577.406995	j4u32Pc5bif	192.168.2.16	3797	83.170.1.38	32900	Tunnel::TEREDO	Tunnel::CLOSE
 1340127577.406995	k6kgXLOoSKl	192.168.2.16	3797	65.55.158.81	3544	Tunnel::TEREDO	Tunnel::CLOSE
+#end	2012-06-19-17-39-37
diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log
index e01fa49d45..8b252a5819 100644
--- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log
+++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log
@@ -3,7 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
+#start	2012-06-19-17-39-37
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1340127577.346849	UWkUyAuUGXf	192.168.2.16	3797	65.55.158.80	3544	Teredo_bubble_with_payload	-	F	bro
 1340127577.349292	j4u32Pc5bif	192.168.2.16	3797	83.170.1.38	32900	Teredo_bubble_with_payload	-	F	bro
+#end	2012-06-19-17-39-37
diff --git a/testing/btest/Baseline/core.vlan-mpls/conn.log b/testing/btest/Baseline/core.vlan-mpls/conn.log
index e165df621a..72e13ee9b4 100644
--- a/testing/btest/Baseline/core.vlan-mpls/conn.log
+++ b/testing/btest/Baseline/core.vlan-mpls/conn.log
@@ -3,8 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
+#start	2005-10-07-23-23-55
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	table[string]
 952109346.874907	UWkUyAuUGXf	10.1.2.1	11001	10.34.0.1	23	tcp	-	2.102560	26	0	SH	-	0	SADF	11	470	0	0	(empty)
 1128727435.450898	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	tcp	http	1.733303	98	9417	SF	-	0	ShADdFaf	12	730	10	9945	(empty)
 1278600802.069419	k6kgXLOoSKl	10.20.80.1	50343	10.0.0.15	80	tcp	-	0.004152	9	3429	SF	-	0	ShADadfF	7	381	7	3801	(empty)
+#end	2010-07-08-14-53-22
diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
index 0f12ce4ead..8f90296b63 100644
--- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
+#start	2012-07-20-01-49-31
 #fields	name
 #types	string
 scripts/base/init-bare.bro
@@ -28,3 +29,4 @@ scripts/base/init-bare.bro
     scripts/base/frameworks/input/./readers/raw.bro
     scripts/base/frameworks/input/./readers/benchmark.bro
 scripts/policy/misc/loaded-scripts.bro
+#end	2012-07-20-01-49-31
diff --git a/testing/btest/Baseline/coverage.coverage-blacklist/output b/testing/btest/Baseline/coverage.coverage-blacklist/output
index 6d3d243220..c54e4283b2 100644
--- a/testing/btest/Baseline/coverage.coverage-blacklist/output
+++ b/testing/btest/Baseline/coverage.coverage-blacklist/output
@@ -1,5 +1,5 @@
-1	/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 13	print cover me;
-1	/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 17	print always executed;
-0	/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 26	print also impossible, but included in code coverage analysis;
-1	/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 29	print success;
-1	/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 5	print first;
+1	/da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 13	print cover me;
+1	/da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 17	print always executed;
+0	/da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 26	print also impossible, but included in code coverage analysis;
+1	/da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 29	print success;
+1	/da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 5	print first;
diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index f1f9791fc3..6bc461ed65 100644
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
+#start	2012-07-20-01-49-33
 #fields	name
 #types	string
 scripts/base/init-bare.bro
@@ -108,3 +109,4 @@ scripts/base/init-default.bro
     scripts/base/protocols/syslog/./consts.bro
     scripts/base/protocols/syslog/./main.bro
 scripts/policy/misc/loaded-scripts.bro
+#end	2012-07-20-01-49-33
diff --git a/testing/btest/Baseline/istate.broccoli/bro.log b/testing/btest/Baseline/istate.broccoli/bro.log
index 4fbbfc81ae..70bf23f95a 100644
--- a/testing/btest/Baseline/istate.broccoli/bro.log
+++ b/testing/btest/Baseline/istate.broccoli/bro.log
@@ -1,3 +1,3 @@
-ping received, seq 0, 1324314397.698781 at src, 1324314397.699240 at dest, 
-ping received, seq 1, 1324314398.698905 at src, 1324314398.699094 at dest, 
-ping received, seq 2, 1324314399.699012 at src, 1324314399.699231 at dest, 
+ping received, seq 0, 1342749173.594568 at src, 1342749173.637317 at dest, 
+ping received, seq 1, 1342749174.594948 at src, 1342749174.596551 at dest, 
+ping received, seq 2, 1342749175.595486 at src, 1342749175.596581 at dest, 
diff --git a/testing/btest/Baseline/istate.events-ssl/receiver.http.log b/testing/btest/Baseline/istate.events-ssl/receiver.http.log
index 5a7912d23d..c9a996ef5b 100644
--- a/testing/btest/Baseline/istate.events-ssl/receiver.http.log
+++ b/testing/btest/Baseline/istate.events-ssl/receiver.http.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
+#start	2012-07-20-01-53-03
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	file
-1336588614.060989	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	1	GET	www.icir.org	/	-	Wget/1.10	0	9130	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
+1342749182.906082	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	1	GET	www.icir.org	/	-	Wget/1.10	0	9130	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
+#end	2012-07-20-01-53-04
diff --git a/testing/btest/Baseline/istate.events-ssl/sender.http.log b/testing/btest/Baseline/istate.events-ssl/sender.http.log
index 5a7912d23d..c9a996ef5b 100644
--- a/testing/btest/Baseline/istate.events-ssl/sender.http.log
+++ b/testing/btest/Baseline/istate.events-ssl/sender.http.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
+#start	2012-07-20-01-53-03
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	file
-1336588614.060989	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	1	GET	www.icir.org	/	-	Wget/1.10	0	9130	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
+1342749182.906082	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	1	GET	www.icir.org	/	-	Wget/1.10	0	9130	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
+#end	2012-07-20-01-53-04
diff --git a/testing/btest/Baseline/istate.events/receiver.http.log b/testing/btest/Baseline/istate.events/receiver.http.log
index 55a0189cec..566457b996 100644
--- a/testing/btest/Baseline/istate.events/receiver.http.log
+++ b/testing/btest/Baseline/istate.events/receiver.http.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
+#start	2012-07-20-01-53-12
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	file
-1336587178.164598	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	1	GET	www.icir.org	/	-	Wget/1.10	0	9130	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
+1342749191.765740	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	1	GET	www.icir.org	/	-	Wget/1.10	0	9130	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
+#end	2012-07-20-01-53-13
diff --git a/testing/btest/Baseline/istate.events/sender.http.log b/testing/btest/Baseline/istate.events/sender.http.log
index 55a0189cec..566457b996 100644
--- a/testing/btest/Baseline/istate.events/sender.http.log
+++ b/testing/btest/Baseline/istate.events/sender.http.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
+#start	2012-07-20-01-53-12
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	file
-1336587178.164598	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	1	GET	www.icir.org	/	-	Wget/1.10	0	9130	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
+1342749191.765740	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	1	GET	www.icir.org	/	-	Wget/1.10	0	9130	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
+#end	2012-07-20-01-53-13
diff --git a/testing/btest/Baseline/istate.pybroccoli/bro..stdout b/testing/btest/Baseline/istate.pybroccoli/bro..stdout
index a5d20b1f2a..b73d342967 100644
--- a/testing/btest/Baseline/istate.pybroccoli/bro..stdout
+++ b/testing/btest/Baseline/istate.pybroccoli/bro..stdout
@@ -1,7 +1,7 @@
 ==== atomic
 -10
 2
-1336411585.166009
+1342749196.619505
 2.0 mins
 F
 1.5
diff --git a/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered b/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered
index a44a95bd69..2f2a5978d8 100644
--- a/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered
+++ b/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered
@@ -1,7 +1,7 @@
 ==== atomic a 1 ====
 -4L -4
 42 42
-1336411585.1711
+1342749196.6624
 60.0
 True True
 3.14
@@ -14,7 +14,7 @@ True True
 ==== atomic a 2 ====
 -10L -10
 2 2
-1336411585.1660
+1342749196.6195
 120.0
 False False
 1.5
@@ -27,7 +27,7 @@ False False
 ==== atomic b 2 ====
 -10L -10
 <broccoli.count instance at > 2
-<broccoli.time instance at > 1336411585.1660
+<broccoli.time instance at > 1342749196.6195
 <broccoli.interval instance at > 120.0
 False False
 1.5
diff --git a/testing/btest/Baseline/language.wrong-delete-field/output b/testing/btest/Baseline/language.wrong-delete-field/output
index c2aae8aae3..1eefa1d2fe 100644
--- a/testing/btest/Baseline/language.wrong-delete-field/output
+++ b/testing/btest/Baseline/language.wrong-delete-field/output
@@ -1 +1 @@
-error in /Users/robin/bro/master/testing/btest/.tmp/language.wrong-delete-field/wrong-delete-field.bro, line 10: illegal delete statement (delete x$a)
+error in /da/home/robin/bro/master/testing/btest/.tmp/language.wrong-delete-field/wrong-delete-field.bro, line 10: illegal delete statement (delete x$a)
diff --git a/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log b/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log
index 94e0403238..7e21ff86b7 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log
@@ -3,20 +3,22 @@
 #empty_field	(empty)
 #unset_field	-
 #path	communication
+#start	2012-07-20-01-49-40
 #fields	ts	peer	src_name	connected_peer_desc	connected_peer_addr	connected_peer_port	level	message
 #types	time	string	string	string	addr	port	string	string
-1340904724.781527	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] added peer
-1340904724.784954	bro	child	-	-	-	info	[#1/127.0.0.1:47757] connected
-1340904724.786168	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] peer connected
-1340904724.786168	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] phase: version
-1340904724.786168	bro	script	-	-	-	info	connection established
-1340904724.786168	bro	script	-	-	-	info	requesting events matching /^?(NOTHING)$?/
-1340904724.786168	bro	script	-	-	-	info	accepting state
-1340904724.787645	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] phase: handshake
-1340904724.787645	bro	parent	-	-	-	info	warning: no events to request
-1340904724.788857	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] peer_description is bro
-1340904724.829480	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] peer supports keep-in-cache; using that
-1340904724.829480	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] phase: running
-1340904724.829480	bro	parent	-	-	-	info	terminating...
-1340904724.832952	bro	child	-	-	-	info	terminating
-1340904724.834082	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] closing connection
+1342748980.737451	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] added peer
+1342748980.747149	bro	child	-	-	-	info	[#1/127.0.0.1:47757] connected
+1342748980.748489	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] peer connected
+1342748980.748489	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] phase: version
+1342748980.750749	bro	script	-	-	-	info	connection established
+1342748980.750749	bro	script	-	-	-	info	requesting events matching /^?(NOTHING)$?/
+1342748980.750749	bro	script	-	-	-	info	accepting state
+1342748980.752225	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] phase: handshake
+1342748980.752225	bro	parent	-	-	-	info	warning: no events to request
+1342748980.753384	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] peer_description is bro
+1342748980.793108	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] peer supports keep-in-cache; using that
+1342748980.793108	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] phase: running
+1342748980.793108	bro	parent	-	-	-	info	terminating...
+1342748980.796454	bro	child	-	-	-	info	terminating
+1342748980.797536	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] closing connection
+#end	2012-07-20-01-49-40
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log b/testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log
index 485bfe3eba..a0359c2d70 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log
@@ -3,7 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh-new-default
+#start	2012-07-20-01-49-19
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314313.140603	1.2.3.4	1234	2.3.4.5	80	success	unknown
-1324314313.140603	1.2.3.4	1234	2.3.4.5	80	failure	US
+1342748959.430282	1.2.3.4	1234	2.3.4.5	80	success	unknown
+1342748959.430282	1.2.3.4	1234	2.3.4.5	80	failure	US
+#end	2012-07-20-01-49-19
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log
index 144a7a6426..0c826f9694 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log
@@ -3,8 +3,10 @@
 #empty_field|(empty)
 #unset_field|-
 #path|ssh
+#start|2012-07-20-01-49-19
 #fields|data|data2
 #types|string|string
 abc\x0a\xffdef|DATA2
 abc\x7c\xffdef|DATA2
 abc\xff\x7cdef|DATA2
+#end|2012-07-20-01-49-19
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log
index a2610bb522..b6e4889a21 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log
@@ -5,8 +5,8 @@ PREFIX<>unset_field|NOT-SET
 PREFIX<>path|ssh
 PREFIX<>fields|t|id.orig_h|id.orig_p|id.resp_h|id.resp_p|status|country|b
 PREFIX<>types|time|addr|port|addr|port|string|string|bool
-1342126762.852986|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET
-1342126762.852986|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET
-1342126762.852986|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET
-1342126762.852986|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET
-1342126762.852986|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T
+1342748959.659721|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET
+1342748959.659721|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET
+1342748959.659721|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET
+1342748959.659721|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET
+1342748959.659721|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-notset-str/test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-notset-str/test.log
index c9e69994fc..b1a4ba52e2 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-notset-str/test.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-notset-str/test.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	test
+#start	2012-07-20-01-49-19
 #fields	x	y	z
 #types	string	string	string
 \x2d	-	(empty)
+#end	2012-07-20-01-49-19
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log
index 97744b7df8..683f149317 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
+#start	2011-09-12-03-57-36
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	file
 1315799856.264750	UWkUyAuUGXf	10.0.1.104	64216	193.40.5.162	80	1	GET	lepo.it.da.ut.ee	/~cect/teoreetilised seminarid_2010/arheoloogia_uurimisr\xfchma_seminar/Joyce et al - The Languages of Archaeology ~ Dialogue, Narrative and Writing.pdf	-	Wget/1.12 (darwin10.8.0)	0	346	404	Not Found	-	-	-	(empty)	-	-	-	text/html	-	-
+#end	2011-09-12-03-57-37
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-set-separator/test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-set-separator/test.log
index b88627c806..a03c6f954b 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-set-separator/test.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-set-separator/test.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	test
+#start	2012-07-20-01-49-19
 #fields	ss
 #types	table[string]
 CC,AA,\x2c,\x2c\x2c
+#end	2012-07-20-01-49-19
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log
index 0ef81128d3..0c6a266de0 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log
@@ -5,8 +5,8 @@
 #path||ssh
 #fields||t||id.orig_h||id.orig_p||id.resp_h||id.resp_p||status||country
 #types||time||addr||port||addr||port||string||string
-1324314313.899736||1.2.3.4||1234||2.3.4.5||80||success||unknown
-1324314313.899736||1.2.3.4||1234||2.3.4.5||80||failure||US
-1324314313.899736||1.2.3.4||1234||2.3.4.5||80||fa\x7c\x7cure||UK
-1324314313.899736||1.2.3.4||1234||2.3.4.5||80||su\x7c\x7cess||BR
-1324314313.899736||1.2.3.4||1234||2.3.4.5||80||failure||MX
+1342759749.586006||1.2.3.4||1234||2.3.4.5||80||success||unknown
+1342759749.586006||1.2.3.4||1234||2.3.4.5||80||failure||US
+1342759749.586006||1.2.3.4||1234||2.3.4.5||80||fa\x7c\x7cure||UK
+1342759749.586006||1.2.3.4||1234||2.3.4.5||80||su\x7c\x7cess||BR
+1342759749.586006||1.2.3.4||1234||2.3.4.5||80||failure||MX
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log
index 72df0d73d4..21b81abf95 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log
@@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	test
-#start	2012-07-12-21-00-27
+#start	2012-07-20-01-49-22
 #fields	data	c
 #types	string	count
 Test1	42
 \x23Kaputt	42
 Test2	42
-#end	2012-07-12-21-00-27
+#end	2012-07-20-01-49-22
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-options/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-options/ssh.log
index f66dec7160..6e3263673a 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-options/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-options/ssh.log
@@ -1,5 +1,5 @@
-1324314313.990741|1.2.3.4|1234|2.3.4.5|80|success|unknown
-1324314313.990741|1.2.3.4|1234|2.3.4.5|80|failure|US
-1324314313.990741|1.2.3.4|1234|2.3.4.5|80|failure|UK
-1324314313.990741|1.2.3.4|1234|2.3.4.5|80|success|BR
-1324314313.990741|1.2.3.4|1234|2.3.4.5|80|failure|MX
+1342748960.098729|1.2.3.4|1234|2.3.4.5|80|success|unknown
+1342748960.098729|1.2.3.4|1234|2.3.4.5|80|failure|US
+1342748960.098729|1.2.3.4|1234|2.3.4.5|80|failure|UK
+1342748960.098729|1.2.3.4|1234|2.3.4.5|80|success|BR
+1342748960.098729|1.2.3.4|1234|2.3.4.5|80|failure|MX
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log
index 00ab6c8ca0..5fba268afa 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	test
+#start	2012-07-20-01-49-20
 #fields	data
 #types	time
 1234567890.000000
@@ -13,3 +14,4 @@
 1234567890.000010
 1234567890.000001
 1234567890.000000
+#end	2012-07-20-01-49-20
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log
index 5acaa7b2fc..7d3bbc0774 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
+#start	2012-07-20-01-49-20
 #fields	status	country	a1	b1	b2
 #types	string	string	count	count	count
 success	unknown	1	3	4
+#end	2012-07-20-01-49-20
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log
index 086a4836fe..c3163dba6f 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
+#start	2012-07-20-01-49-20
 #fields	status	country
 #types	string	string
 success	unknown
@@ -10,3 +11,4 @@ failure	US
 failure	UK
 success	BR
 failure	MX
+#end	2012-07-20-01-49-20
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt
index e9640dfd9d..e6abc3f1f6 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt
@@ -27,8 +27,8 @@
 
 # Extent, type='ssh'
 t id.orig_h id.orig_p id.resp_h id.resp_p status country
-1337216256.956476 1.2.3.4 1234 2.3.4.5 80 success unknown
-1337216256.956476 1.2.3.4 1234 2.3.4.5 80 failure US
-1337216256.956476 1.2.3.4 1234 2.3.4.5 80 failure UK
-1337216256.956476 1.2.3.4 1234 2.3.4.5 80 success BR
-1337216256.956476 1.2.3.4 1234 2.3.4.5 80 failure MX
+1342748962.493341 1.2.3.4 1234 2.3.4.5 80 success unknown
+1342748962.493341 1.2.3.4 1234 2.3.4.5 80 failure US
+1342748962.493341 1.2.3.4 1234 2.3.4.5 80 failure UK
+1342748962.493341 1.2.3.4 1234 2.3.4.5 80 success BR
+1342748962.493341 1.2.3.4 1234 2.3.4.5 80 failure MX
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log
index 16ba17c62c..42f945bf0c 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log
@@ -3,10 +3,12 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
+#start	2012-07-20-01-49-20
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314314.443785	1.2.3.4	1234	2.3.4.5	80	success	unknown
-1324314314.443785	1.2.3.4	1234	2.3.4.5	80	failure	US
-1324314314.443785	1.2.3.4	1234	2.3.4.5	80	failure	UK
-1324314314.443785	1.2.3.4	1234	2.3.4.5	80	success	BR
-1324314314.443785	1.2.3.4	1234	2.3.4.5	80	failure	MX
+1342748960.468458	1.2.3.4	1234	2.3.4.5	80	success	unknown
+1342748960.468458	1.2.3.4	1234	2.3.4.5	80	failure	US
+1342748960.468458	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1342748960.468458	1.2.3.4	1234	2.3.4.5	80	success	BR
+1342748960.468458	1.2.3.4	1234	2.3.4.5	80	failure	MX
+#end	2012-07-20-01-49-20
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.events/output b/testing/btest/Baseline/scripts.base.frameworks.logging.events/output
index 5da27764a5..6bd153946e 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.events/output
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.events/output
@@ -1,2 +1,2 @@
-[t=1324314314.738385, id=[orig_h=1.2.3.4, orig_p=1234/tcp, resp_h=2.3.4.5, resp_p=80/tcp], status=success, country=unknown]
-[t=1324314314.738385, id=[orig_h=1.2.3.4, orig_p=1234/tcp, resp_h=2.3.4.5, resp_p=80/tcp], status=failure, country=US]
+[t=1342748960.593451, id=[orig_h=1.2.3.4, orig_p=1234/tcp, resp_h=2.3.4.5, resp_p=80/tcp], status=success, country=unknown]
+[t=1342748960.593451, id=[orig_h=1.2.3.4, orig_p=1234/tcp, resp_h=2.3.4.5, resp_p=80/tcp], status=failure, country=US]
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log
index 4ccf4c836a..3fe01ff913 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
+#start	2012-07-20-01-49-20
 #fields	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	port	addr	port	string	string
 1234	2.3.4.5	80	success	unknown
@@ -10,3 +11,4 @@
 1234	2.3.4.5	80	failure	UK
 1234	2.3.4.5	80	success	BR
 1234	2.3.4.5	80	failure	MX
+#end	2012-07-20-01-49-20
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log
index 4aa3d8f0a7..205f37243f 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
+#start	2012-07-20-01-49-20
 #fields	t	f
 #types	time	file
-1324314314.940195	Foo.log
+1342748960.757056	Foo.log
+#end	2012-07-20-01-49-20
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log
index 00242d65c1..cafacf9c4e 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log
@@ -3,10 +3,12 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
+#start	2012-07-20-01-49-20
 #fields	t	id.orig_h
 #types	time	addr
-1324314315.040480	1.2.3.4
-1324314315.040480	1.2.3.4
-1324314315.040480	1.2.3.4
-1324314315.040480	1.2.3.4
-1324314315.040480	1.2.3.4
+1342748960.796093	1.2.3.4
+1342748960.796093	1.2.3.4
+1342748960.796093	1.2.3.4
+1342748960.796093	1.2.3.4
+1342748960.796093	1.2.3.4
+#end	2012-07-20-01-49-20
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log
index c2c69f3153..3240e9f824 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	local
+#start	2011-03-18-19-06-13
 #fields	ts	id.orig_h
 #types	time	addr
 1300475168.859163	141.142.220.118
@@ -35,3 +36,4 @@
 1300475168.902195	141.142.220.118
 1300475168.894787	141.142.220.118
 1300475168.901749	141.142.220.118
+#end	2011-03-18-19-06-13
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log
index b396c3fc2d..84980836c4 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log
@@ -3,9 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	remote
+#start	2011-03-18-19-06-13
 #fields	ts	id.orig_h
 #types	time	addr
 1300475169.780331	173.192.163.128
 1300475167.097012	fe80::217:f2ff:fed7:cf65
 1300475171.675372	fe80::3074:17d5:2052:c324
 1300475173.116749	fe80::3074:17d5:2052:c324
+#end	2011-03-18-19-06-13
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output
index a6b8a4e090..1c67ff52b6 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output
@@ -10,54 +10,68 @@ static-prefix-2-UK.log
 #empty_field	(empty)
 #unset_field	-
 #path	static-prefix-0-BR
+#start	2012-07-20-01-49-21
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314315.385189	1.2.3.4	1234	2.3.4.5	80	success	BR
+1342748961.180156	1.2.3.4	1234	2.3.4.5	80	success	BR
+#end	2012-07-20-01-49-21
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	static-prefix-0-MX3
+#start	2012-07-20-01-49-21
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314315.385189	1.2.3.4	1234	2.3.4.5	80	failure	MX3
+1342748961.180156	1.2.3.4	1234	2.3.4.5	80	failure	MX3
+#end	2012-07-20-01-49-21
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	static-prefix-0-unknown
+#start	2012-07-20-01-49-21
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314315.385189	1.2.3.4	1234	2.3.4.5	80	success	unknown
+1342748961.180156	1.2.3.4	1234	2.3.4.5	80	success	unknown
+#end	2012-07-20-01-49-21
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	static-prefix-1-MX
+#start	2012-07-20-01-49-21
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314315.385189	1.2.3.4	1234	2.3.4.5	80	failure	MX
+1342748961.180156	1.2.3.4	1234	2.3.4.5	80	failure	MX
+#end	2012-07-20-01-49-21
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	static-prefix-1-US
+#start	2012-07-20-01-49-21
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314315.385189	1.2.3.4	1234	2.3.4.5	80	failure	US
+1342748961.180156	1.2.3.4	1234	2.3.4.5	80	failure	US
+#end	2012-07-20-01-49-21
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	static-prefix-2-MX2
+#start	2012-07-20-01-49-21
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314315.385189	1.2.3.4	1234	2.3.4.5	80	failure	MX2
+1342748961.180156	1.2.3.4	1234	2.3.4.5	80	failure	MX2
+#end	2012-07-20-01-49-21
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	static-prefix-2-UK
+#start	2012-07-20-01-49-21
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314315.385189	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1342748961.180156	1.2.3.4	1234	2.3.4.5	80	failure	UK
+#end	2012-07-20-01-49-21
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.failure.log
index 733bb02847..96dede8965 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.failure.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.failure.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	test.failure
+#start	2012-07-20-01-49-21
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314315.498365	1.2.3.4	1234	2.3.4.5	80	failure	US
+1342748961.488370	1.2.3.4	1234	2.3.4.5	80	failure	US
+#end	2012-07-20-01-49-21
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.success.log b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.success.log
index 0261caeb06..85b5ca9f45 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.success.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.success.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	test.success
+#start	2012-07-20-01-49-21
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314315.498365	1.2.3.4	1234	2.3.4.5	80	success	unknown
+1342748961.488370	1.2.3.4	1234	2.3.4.5	80	success	unknown
+#end	2012-07-20-01-49-21
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log
index d9bd34309a..aa18822daf 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log
@@ -3,6 +3,8 @@
 #empty_field	EMPTY
 #unset_field	-
 #path	test
+#start	1970-01-01-00-00-00
 #fields	b	i	e	c	p	sn	a	d	t	iv	s	sc	ss	se	vc	ve
 #types	bool	int	enum	count	port	subnet	addr	double	time	interval	string	table[count]	table[string]	table[string]	vector[count]	vector[string]
-T	-42	Test::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1324314315.880694	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY
+T	-42	Test::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1342749004.579242	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY
+#end	2012-07-20-01-50-05
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log
index 6cb58bf4ac..36b88e496d 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log
@@ -3,8 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	test.failure
+#start	2012-07-20-01-50-18
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314321.061516	1.2.3.4	1234	2.3.4.5	80	failure	US
-1324314321.061516	1.2.3.4	1234	2.3.4.5	80	failure	UK
-1324314321.061516	1.2.3.4	1234	2.3.4.5	80	failure	MX
+1342749018.970682	1.2.3.4	1234	2.3.4.5	80	failure	US
+1342749018.970682	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1342749018.970682	1.2.3.4	1234	2.3.4.5	80	failure	MX
+#end	2012-07-20-01-50-18
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log
index f5b79ee2c4..22d354fce4 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log
@@ -3,10 +3,12 @@
 #empty_field	(empty)
 #unset_field	-
 #path	test
+#start	2012-07-20-01-50-18
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314321.061516	1.2.3.4	1234	2.3.4.5	80	success	unknown
-1324314321.061516	1.2.3.4	1234	2.3.4.5	80	failure	US
-1324314321.061516	1.2.3.4	1234	2.3.4.5	80	failure	UK
-1324314321.061516	1.2.3.4	1234	2.3.4.5	80	success	BR
-1324314321.061516	1.2.3.4	1234	2.3.4.5	80	failure	MX
+1342749018.970682	1.2.3.4	1234	2.3.4.5	80	success	unknown
+1342749018.970682	1.2.3.4	1234	2.3.4.5	80	failure	US
+1342749018.970682	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1342749018.970682	1.2.3.4	1234	2.3.4.5	80	success	BR
+1342749018.970682	1.2.3.4	1234	2.3.4.5	80	failure	MX
+#end	2012-07-20-01-50-18
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log
index c40e56af93..888dc424b5 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log
@@ -3,7 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	test.success
+#start	2012-07-20-01-50-18
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314321.061516	1.2.3.4	1234	2.3.4.5	80	success	unknown
-1324314321.061516	1.2.3.4	1234	2.3.4.5	80	success	BR
+1342749018.970682	1.2.3.4	1234	2.3.4.5	80	success	unknown
+1342749018.970682	1.2.3.4	1234	2.3.4.5	80	success	BR
+#end	2012-07-20-01-50-18
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log
index cb3d4aafb8..5a23ad2066 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log
@@ -3,7 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh.failure
+#start	2012-07-20-01-49-21
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314328.196443	1.2.3.4	1234	2.3.4.5	80	failure	US
-1324314328.196443	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1342748961.521536	1.2.3.4	1234	2.3.4.5	80	failure	US
+1342748961.521536	1.2.3.4	1234	2.3.4.5	80	failure	UK
+#end	2012-07-20-01-49-21
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log
index 38a5bb660c..cea1069748 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log
@@ -3,8 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
+#start	2012-07-20-01-49-21
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314328.196443	1.2.3.4	1234	2.3.4.5	80	failure	US
-1324314328.196443	1.2.3.4	1234	2.3.4.5	80	failure	UK
-1324314328.196443	1.2.3.4	1234	2.3.4.5	80	failure	BR
+1342748961.521536	1.2.3.4	1234	2.3.4.5	80	failure	US
+1342748961.521536	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1342748961.521536	1.2.3.4	1234	2.3.4.5	80	failure	BR
+#end	2012-07-20-01-49-21
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out
index 915915f43e..91b6f5de7a 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out
@@ -19,11 +19,31 @@ custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_11.59.55.log, pat
 custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.00.05.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F]
 custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.59.55.log, path=test2, open=1299502795.0, close=1299502795.0, terminating=T]
 #empty_field	(empty)
+#end	2011-03-07-03-59-55
+#end	2011-03-07-04-00-05
+#end	2011-03-07-04-59-55
+#end	2011-03-07-05-00-05
+#end	2011-03-07-05-59-55
+#end	2011-03-07-06-00-05
+#end	2011-03-07-06-59-55
+#end	2011-03-07-07-00-05
+#end	2011-03-07-07-59-55
+#end	2011-03-07-08-00-05
+#end	2011-03-07-08-59-55
+#end	2011-03-07-09-00-05
+#end	2011-03-07-09-59-55
+#end	2011-03-07-10-00-05
+#end	2011-03-07-10-59-55
+#end	2011-03-07-11-00-05
+#end	2011-03-07-11-59-55
+#end	2011-03-07-12-00-05
+#end	2011-03-07-12-59-55
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 #path	test
 #path	test2
 #separator \x09
 #set_separator	,
+#start	2011-03-07-03-00-05
 #types	time	addr	port	addr	port
 #unset_field	-
 1299466805.000000	10.0.0.1	20	10.0.0.2	1024
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out
index c335b5eeb9..4764ff23d0 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out
@@ -14,97 +14,117 @@ test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1 ascii
 #empty_field	(empty)
 #unset_field	-
 #path	test
+#start	2011-03-07-03-00-05
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 #types	time	addr	port	addr	port
 1299466805.000000	10.0.0.1	20	10.0.0.2	1024
 1299470395.000000	10.0.0.2	20	10.0.0.3	0
+#end	2011-03-07-04-00-05
 > test.2011-03-07-04-00-05.log
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	test
+#start	2011-03-07-03-00-05
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 #types	time	addr	port	addr	port
 1299470405.000000	10.0.0.1	20	10.0.0.2	1025
 1299473995.000000	10.0.0.2	20	10.0.0.3	1
+#end	2011-03-07-05-00-05
 > test.2011-03-07-05-00-05.log
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	test
+#start	2011-03-07-03-00-05
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 #types	time	addr	port	addr	port
 1299474005.000000	10.0.0.1	20	10.0.0.2	1026
 1299477595.000000	10.0.0.2	20	10.0.0.3	2
+#end	2011-03-07-06-00-05
 > test.2011-03-07-06-00-05.log
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	test
+#start	2011-03-07-03-00-05
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 #types	time	addr	port	addr	port
 1299477605.000000	10.0.0.1	20	10.0.0.2	1027
 1299481195.000000	10.0.0.2	20	10.0.0.3	3
+#end	2011-03-07-07-00-05
 > test.2011-03-07-07-00-05.log
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	test
+#start	2011-03-07-03-00-05
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 #types	time	addr	port	addr	port
 1299481205.000000	10.0.0.1	20	10.0.0.2	1028
 1299484795.000000	10.0.0.2	20	10.0.0.3	4
+#end	2011-03-07-08-00-05
 > test.2011-03-07-08-00-05.log
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	test
+#start	2011-03-07-03-00-05
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 #types	time	addr	port	addr	port
 1299484805.000000	10.0.0.1	20	10.0.0.2	1029
 1299488395.000000	10.0.0.2	20	10.0.0.3	5
+#end	2011-03-07-09-00-05
 > test.2011-03-07-09-00-05.log
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	test
+#start	2011-03-07-03-00-05
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 #types	time	addr	port	addr	port
 1299488405.000000	10.0.0.1	20	10.0.0.2	1030
 1299491995.000000	10.0.0.2	20	10.0.0.3	6
+#end	2011-03-07-10-00-05
 > test.2011-03-07-10-00-05.log
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	test
+#start	2011-03-07-03-00-05
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 #types	time	addr	port	addr	port
 1299492005.000000	10.0.0.1	20	10.0.0.2	1031
 1299495595.000000	10.0.0.2	20	10.0.0.3	7
+#end	2011-03-07-11-00-05
 > test.2011-03-07-11-00-05.log
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	test
+#start	2011-03-07-03-00-05
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 #types	time	addr	port	addr	port
 1299495605.000000	10.0.0.1	20	10.0.0.2	1032
 1299499195.000000	10.0.0.2	20	10.0.0.3	8
+#end	2011-03-07-12-00-05
 > test.2011-03-07-12-00-05.log
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	test
+#start	2011-03-07-03-00-05
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 #types	time	addr	port	addr	port
 1299499205.000000	10.0.0.1	20	10.0.0.2	1033
 1299502795.000000	10.0.0.2	20	10.0.0.3	9
+#end	2011-03-07-12-59-55
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output b/testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output
index 09afe2031c..110cef054a 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output
@@ -3,10 +3,12 @@
 #empty_field	(empty)
 #unset_field	-
 #path	/dev/stdout
+#start	2012-07-20-01-49-21
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314328.844271	1.2.3.4	1234	2.3.4.5	80	success	unknown
-1324314328.844271	1.2.3.4	1234	2.3.4.5	80	failure	US
-1324314328.844271	1.2.3.4	1234	2.3.4.5	80	failure	UK
-1324314328.844271	1.2.3.4	1234	2.3.4.5	80	success	BR
-1324314328.844271	1.2.3.4	1234	2.3.4.5	80	failure	MX
+1342748961.732599	1.2.3.4	1234	2.3.4.5	80	success	unknown
+1342748961.732599	1.2.3.4	1234	2.3.4.5	80	failure	US
+1342748961.732599	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1342748961.732599	1.2.3.4	1234	2.3.4.5	80	success	BR
+1342748961.732599	1.2.3.4	1234	2.3.4.5	80	failure	MX
+#end	2012-07-20-01-49-21
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log
index 53292324af..c9191b666e 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log
@@ -3,10 +3,12 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
+#start	2012-07-20-01-49-21
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1324314328.950525	1.2.3.4	1234	2.3.4.5	80	success	unknown
-1324314328.950525	1.2.3.4	1234	2.3.4.5	80	failure	US
-1324314328.950525	1.2.3.4	1234	2.3.4.5	80	failure	UK
-1324314328.950525	1.2.3.4	1234	2.3.4.5	80	success	BR
-1324314328.950525	1.2.3.4	1234	2.3.4.5	80	failure	MX
+1342748961.748481	1.2.3.4	1234	2.3.4.5	80	success	unknown
+1342748961.748481	1.2.3.4	1234	2.3.4.5	80	failure	US
+1342748961.748481	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1342748961.748481	1.2.3.4	1234	2.3.4.5	80	success	BR
+1342748961.748481	1.2.3.4	1234	2.3.4.5	80	failure	MX
+#end	2012-07-20-01-49-21
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log
index 74aa0312a1..1fc29dbb4e 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log
@@ -3,6 +3,8 @@
 #empty_field	EMPTY
 #unset_field	-
 #path	ssh
+#start	2012-07-20-01-49-22
 #fields	b	i	e	c	p	sn	a	d	t	iv	s	sc	ss	se	vc	ve	f
 #types	bool	int	enum	count	port	subnet	addr	double	time	interval	string	table[count]	table[string]	table[string]	vector[count]	vector[string]	func
-T	-42	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1324314329.051618	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
+T	-42	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1342748962.114672	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
+#end	2012-07-20-01-49-22
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log b/testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log
index 7956ad11a0..b4089aeee8 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log
@@ -3,7 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	testing
+#start	2012-07-20-01-49-22
 #fields	a.val1	a.val2	b
 #types	count	count	count
 -	-	6
 1	2	3
+#end	2012-07-20-01-49-22
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log
index 65ab5592bf..ae5d6d246e 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
+#start	2012-07-20-01-49-22
 #fields	vec
 #types	vector[string]
 -,2,-,-,5
+#end	2012-07-20-01-49-22
diff --git a/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log
index a22deb26e4..a3f476c1fb 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log
@@ -3,8 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	metrics
+#start	2012-07-20-01-50-41
 #fields	ts	metric_id	filter_name	index.host	index.str	index.network	value
 #types	time	enum	string	addr	string	subnet	count
-1328303679.867377	TEST_METRIC	foo-bar	6.5.4.3	-	-	4
-1328303679.867377	TEST_METRIC	foo-bar	7.2.1.5	-	-	2
-1328303679.867377	TEST_METRIC	foo-bar	1.2.3.4	-	-	6
+1342749041.601712	TEST_METRIC	foo-bar	6.5.4.3	-	-	4
+1342749041.601712	TEST_METRIC	foo-bar	7.2.1.5	-	-	2
+1342749041.601712	TEST_METRIC	foo-bar	1.2.3.4	-	-	6
+#end	2012-07-20-01-50-49
diff --git a/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log
index 4bfb6964ea..b497da5194 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log
@@ -3,8 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	metrics
+#start	2012-07-20-01-49-22
 #fields	ts	metric_id	filter_name	index.host	index.str	index.network	value
 #types	time	enum	string	addr	string	subnet	count
-1328303763.333948	TEST_METRIC	foo-bar	6.5.4.3	-	-	2
-1328303763.333948	TEST_METRIC	foo-bar	7.2.1.5	-	-	1
-1328303763.333948	TEST_METRIC	foo-bar	1.2.3.4	-	-	3
+1342748962.841548	TEST_METRIC	foo-bar	6.5.4.3	-	-	2
+1342748962.841548	TEST_METRIC	foo-bar	7.2.1.5	-	-	1
+1342748962.841548	TEST_METRIC	foo-bar	1.2.3.4	-	-	3
+#end	2012-07-20-01-49-22
diff --git a/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log
index 59d70896fb..8f3a9dc70c 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	notice
+#start	2012-07-20-01-50-59
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	policy_items	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude	metric_index.host	metric_index.str	metric_index.network
 #types	time	string	addr	port	addr	port	enum	enum	string	string	addr	addr	port	count	string	table[enum]	table[count]	interval	bool	string	string	string	double	double	addr	string	subnet
-1325633225.777902	-	-	-	-	-	-	Test_Notice	Threshold crossed by metric_index(host=1.2.3.4) 100/100	-	1.2.3.4	-	-	100	manager-1	Notice::ACTION_LOG	6	3600.000000	F	-	-	-	-	-	1.2.3.4	-	-
+1342749059.978651	-	-	-	-	-	-	Test_Notice	Threshold crossed by metric_index(host=1.2.3.4) 100/100	-	1.2.3.4	-	-	100	manager-1	Notice::ACTION_LOG	6	3600.000000	F	-	-	-	-	-	1.2.3.4	-	-
+#end	2012-07-20-01-51-08
diff --git a/testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log
index 58346b79e6..5a214b26cc 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log
@@ -3,7 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	notice
+#start	2012-07-20-01-49-23
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	policy_items	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude	metric_index.host	metric_index.str	metric_index.network
 #types	time	string	addr	port	addr	port	enum	enum	string	string	addr	addr	port	count	string	table[enum]	table[count]	interval	bool	string	string	string	double	double	addr	string	subnet
-1325633274.875473	-	-	-	-	-	-	Test_Notice	Threshold crossed by metric_index(host=1.2.3.4) 3/2	-	1.2.3.4	-	-	3	bro	Notice::ACTION_LOG	6	3600.000000	F	-	-	-	-	-	1.2.3.4	-	-
-1325633274.875473	-	-	-	-	-	-	Test_Notice	Threshold crossed by metric_index(host=6.5.4.3) 2/2	-	6.5.4.3	-	-	2	bro	Notice::ACTION_LOG	6	3600.000000	F	-	-	-	-	-	6.5.4.3	-	-
+1342748963.085888	-	-	-	-	-	-	Test_Notice	Threshold crossed by metric_index(host=1.2.3.4) 3/2	-	1.2.3.4	-	-	3	bro	Notice::ACTION_LOG	6	3600.000000	F	-	-	-	-	-	1.2.3.4	-	-
+1342748963.085888	-	-	-	-	-	-	Test_Notice	Threshold crossed by metric_index(host=6.5.4.3) 2/2	-	6.5.4.3	-	-	2	bro	Notice::ACTION_LOG	6	3600.000000	F	-	-	-	-	-	6.5.4.3	-	-
+#end	2012-07-20-01-49-23
diff --git a/testing/btest/Baseline/scripts.base.frameworks.notice.cluster/manager-1.notice.log b/testing/btest/Baseline/scripts.base.frameworks.notice.cluster/manager-1.notice.log
index 10888b21ec..4903ec0c01 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.notice.cluster/manager-1.notice.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.notice.cluster/manager-1.notice.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	notice
+#start	2012-07-20-01-51-18
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	policy_items	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude	metric_index.host	metric_index.str	metric_index.network
 #types	time	string	addr	port	addr	port	enum	enum	string	string	addr	addr	port	count	string	table[enum]	table[count]	interval	bool	string	string	string	double	double	addr	string	subnet
-1325633122.490990	-	-	-	-	-	-	Test_Notice	test notice!	-	-	-	-	-	worker-1	Notice::ACTION_LOG	6	3600.000000	F	-	-	-	-	-	-	-	-
+1342749078.270791	-	-	-	-	-	-	Test_Notice	test notice!	-	-	-	-	-	worker-1	Notice::ACTION_LOG	6	3600.000000	F	-	-	-	-	-	-	-	-
+#end	2012-07-20-01-51-27
diff --git a/testing/btest/Baseline/scripts.base.frameworks.notice.suppression-cluster/manager-1.notice.log b/testing/btest/Baseline/scripts.base.frameworks.notice.suppression-cluster/manager-1.notice.log
index 5deac88071..bd77a90c86 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.notice.suppression-cluster/manager-1.notice.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.notice.suppression-cluster/manager-1.notice.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	notice
+#start	2012-07-20-01-51-36
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	policy_items	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude	metric_index.host	metric_index.str	metric_index.network
 #types	time	string	addr	port	addr	port	enum	enum	string	string	addr	addr	port	count	string	table[enum]	table[count]	interval	bool	string	string	string	double	double	addr	string	subnet
-1325633150.723248	-	-	-	-	-	-	Test_Notice	test notice!	-	-	-	-	-	worker-2	Notice::ACTION_LOG	6	3600.000000	F	-	-	-	-	-	-	-	-
+1342749096.545663	-	-	-	-	-	-	Test_Notice	test notice!	-	-	-	-	-	worker-2	Notice::ACTION_LOG	6	3600.000000	F	-	-	-	-	-	-	-	-
+#end	2012-07-20-01-51-45
diff --git a/testing/btest/Baseline/scripts.base.frameworks.notice.suppression/notice.log b/testing/btest/Baseline/scripts.base.frameworks.notice.suppression/notice.log
index 1d168d7613..5a3cdfa69f 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.notice.suppression/notice.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.notice.suppression/notice.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	notice
+#start	2012-07-20-01-49-23
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	policy_items	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
 #types	time	string	addr	port	addr	port	enum	enum	string	string	addr	addr	port	count	string	table[enum]	table[count]	interval	bool	string	string	string	double	double
-1325633207.922993	-	-	-	-	-	-	Test_Notice	test	-	-	-	-	-	bro	Notice::ACTION_LOG	6	3600.000000	F	-	-	-	-	-
+1342748963.685754	-	-	-	-	-	-	Test_Notice	test	-	-	-	-	-	bro	Notice::ACTION_LOG	6	3600.000000	F	-	-	-	-	-
+#end	2012-07-20-01-49-23
diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log
index 4a20ec39b4..316056fa8c 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
+#start	2012-02-21-16-53-13
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	table[string]
 1329843175.736107	arKYeMETxOg	141.142.220.235	37604	199.233.217.249	56666	tcp	ftp-data	0.112432	0	342	SF	-	0	ShAdfFa	4	216	4	562	(empty)
@@ -10,3 +11,4 @@
 1329843194.151526	nQcgTWjvg4c	199.233.217.249	61920	141.142.220.235	33582	tcp	ftp-data	0.056211	342	0	SF	-	0	ShADaFf	5	614	3	164	(empty)
 1329843197.783443	j4u32Pc5bif	199.233.217.249	61918	141.142.220.235	37835	tcp	ftp-data	0.056005	77	0	SF	-	0	ShADaFf	5	349	3	164	(empty)
 1329843161.968492	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	tcp	ftp	38.055625	180	3146	SF	-	0	ShAdDfFa	38	2164	25	4458	(empty)
+#end	2012-02-21-16-53-20
diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/ftp.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/ftp.log
index debc093771..cee57182ed 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/ftp.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/ftp.log
@@ -3,7 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ftp
+#start	2012-02-21-16-53-13
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	user	password	command	arg	mime_type	mime_desc	file_size	reply_code	reply_msg	tags	extraction_file
 #types	time	string	addr	port	addr	port	string	string	string	string	string	string	count	count	string	table[string]	file
 1329843179.926563	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	RETR	ftp://199.233.217.249/./robots.txt	text/plain	ASCII text	77	226	Transfer complete.	-	-
 1329843197.727769	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	RETR	ftp://199.233.217.249/./robots.txt	text/plain	ASCII text, with CRLF line terminators	77	226	Transfer complete.	-	-
+#end	2012-02-21-16-53-20
diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log
index 9d19ffaf85..299bdbc4ba 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
+#start	2012-02-15-17-43-15
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	table[string]
 1329327783.316897	arKYeMETxOg	2001:470:1f11:81f:c999:d94:aa7c:2e3e	49186	2001:470:4867:99::21	57086	tcp	ftp-data	0.219721	0	342	SF	-	0	ShAdfFa	5	372	4	642	(empty)
@@ -11,3 +12,4 @@
 1329327795.571921	j4u32Pc5bif	2001:470:4867:99::21	55785	2001:470:1f11:81f:c999:d94:aa7c:2e3e	49189	tcp	ftp-data	0.109813	77	0	SF	-	0	ShADFaf	5	449	4	300	(empty)
 1329327777.822004	UWkUyAuUGXf	2001:470:1f11:81f:c999:d94:aa7c:2e3e	49185	2001:470:4867:99::21	21	tcp	ftp	26.658219	310	3448	SF	-	0	ShAdDfFa	57	4426	34	5908	(empty)
 1329327800.017649	TEfuqmmG4bh	2001:470:4867:99::21	55647	2001:470:1f11:81f:c999:d94:aa7c:2e3e	49190	tcp	ftp-data	0.109181	342	0	SF	-	0	ShADFaf	5	714	4	300	(empty)
+#end	2012-02-15-17-43-24
diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log
index 8bc2ef2cb7..096b91df65 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log
@@ -3,7 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ftp
+#start	2012-02-15-17-43-07
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	user	password	command	arg	mime_type	mime_desc	file_size	reply_code	reply_msg	tags	extraction_file
 #types	time	string	addr	port	addr	port	string	string	string	string	string	string	count	count	string	table[string]	file
 1329327787.396984	UWkUyAuUGXf	2001:470:1f11:81f:c999:d94:aa7c:2e3e	49185	2001:470:4867:99::21	21	anonymous	test	RETR	ftp://[2001:470:4867:99::21]/robots.txt	-	-	77	226	Transfer complete.	-	-
 1329327795.463946	UWkUyAuUGXf	2001:470:1f11:81f:c999:d94:aa7c:2e3e	49185	2001:470:4867:99::21	21	anonymous	test	RETR	ftp://[2001:470:4867:99::21]/robots.txt	-	-	77	226	Transfer complete.	-	-
+#end	2012-02-15-17-43-24
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log b/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log
index ddcea2e9c7..c457f9b64b 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
+#start	2009-03-19-05-21-36
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	file
 1237440095.634312	UWkUyAuUGXf	192.168.3.103	54102	128.146.216.51	80	1	POST	www.osu.edu	/	-	curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3	2001	60731	200	OK	100	Continue	-	(empty)	-	-	-	text/html	-	-
+#end	2009-03-19-05-21-36
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log
index cec098a50b..46ae431fc2 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
+#start	2005-10-07-23-23-56
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	file
 1128727435.634189	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	1	GET	www.icir.org	/	-	Wget/1.10	0	9130	200	OK	-	-	-	(empty)	-	-	-	text/html	-	http-item_141.42.64.125:56730-125.190.109.199:80_resp_1.dat
+#end	2005-10-07-23-23-57
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log
index d4e5679da1..69e6613a3c 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
+#start	2009-11-18-20-58-04
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	file
 1258577884.844956	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	1	GET	www.mozilla.org	/style/enhanced.css	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	2675	200	OK	-	-	-	(empty)	-	-	-	FAKE_MIME	-	-
@@ -10,3 +11,4 @@
 1258577885.317160	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	3	GET	www.mozilla.org	/images/template/screen/bullet_utility.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	94	200	OK	-	-	-	(empty)	-	-	-	FAKE_MIME	-	-
 1258577885.349639	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	4	GET	www.mozilla.org	/images/template/screen/key-point-top.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	2349	200	OK	-	-	-	(empty)	-	-	-	image/png	e0029eea80812e9a8e57b8d05d52938a	-
 1258577885.394612	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	5	GET	www.mozilla.org	/projects/calendar/images/header-sunbird.png	http://www.mozilla.org/projects/calendar/calendar.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	27579	200	OK	-	-	-	(empty)	-	-	-	image/png	30aa926344f58019d047e85ba049ca1e	-
+#end	2009-11-18-20-58-32
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log
index dfaf34acbf..6e7eb96454 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
+#start	2009-11-18-20-58-04
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	md5	extraction_file
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	file
 1258577884.844956	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	1	GET	www.mozilla.org	/style/enhanced.css	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	2675	200	OK	-	-	-	(empty)	-	-	-	-	-
@@ -10,3 +11,4 @@
 1258577885.317160	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	3	GET	www.mozilla.org	/images/template/screen/bullet_utility.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	94	200	OK	-	-	-	(empty)	-	-	-	-	-
 1258577885.349639	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	4	GET	www.mozilla.org	/images/template/screen/key-point-top.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	2349	200	OK	-	-	-	(empty)	-	-	-	-	-
 1258577885.394612	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	5	GET	www.mozilla.org	/projects/calendar/images/header-sunbird.png	http://www.mozilla.org/projects/calendar/calendar.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	27579	200	OK	-	-	-	(empty)	-	-	-	-	-
+#end	2009-11-18-20-58-32
diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log b/testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log
index b5c137bcf8..fe18751420 100644
--- a/testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log
+++ b/testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log
@@ -3,9 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	irc
+#start	2011-07-20-19-12-44
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	nick	user	command	value	addl	dcc_file_name	dcc_file_size	extraction_file
 #types	time	string	addr	port	addr	port	string	string	string	string	string	string	count	file
 1311189164.119437	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	-	-	NICK	bloed	-	-	-	-
 1311189164.119437	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	bloed	-	USER	sdkfje	sdkfje Montreal.QC.CA.Undernet.org dkdkrwq	-	-	-
 1311189174.474127	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	bloed	sdkfje	JOIN	#easymovies	(empty)	-	-	-
 1311189316.326025	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	bloed	sdkfje	DCC	#easymovies	(empty)	ladyvampress-default(2011-07-07)-OS.zip	42208	-
+#end	2011-07-20-19-15-42
diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log b/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log
index 7513bfb9b8..8bd6bd8394 100644
--- a/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log
+++ b/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log
@@ -3,9 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	irc
+#start	2011-07-20-19-12-44
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	nick	user	command	value	addl	dcc_file_name	dcc_file_size	dcc_mime_type	extraction_file
 #types	time	string	addr	port	addr	port	string	string	string	string	string	string	count	string	file
 1311189164.119437	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	-	-	NICK	bloed	-	-	-	-	-
 1311189164.119437	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	bloed	-	USER	sdkfje	sdkfje Montreal.QC.CA.Undernet.org dkdkrwq	-	-	-	-
 1311189174.474127	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	bloed	sdkfje	JOIN	#easymovies	(empty)	-	-	-	-
 1311189316.326025	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	bloed	sdkfje	DCC	#easymovies	(empty)	ladyvampress-default(2011-07-07)-OS.zip	42208	FAKE_MIME	irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat
+#end	2011-07-20-19-15-42
diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log b/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log
index 2c1380cb44..eca41f7d09 100644
--- a/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log
+++ b/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	smtp
+#start	2009-10-05-06-06-12
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	helo	mailfrom	rcptto	date	from	to	reply_to	msg_id	in_reply_to	subject	x_originating_ip	first_received	second_received	last_reply	path	user_agent
 #types	time	string	addr	port	addr	port	count	string	string	table[string]	string	string	table[string]	string	string	string	string	addr	string	string	string	vector[addr]	string
 1254722768.219663	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	GP	<gurpartap@patriots.in>	<raj_deol2002in@yahoo.co.in>	Mon, 5 Oct 2009 11:36:07 +0530	"Gurpartap Singh" <gurpartap@patriots.in>	<raj_deol2002in@yahoo.co.in>	-	<000301ca4581$ef9e57f0$cedb07d0$@in>	-	SMTP	-	-	-	250 OK id=1Mugho-0003Dg-Un	74.53.140.153,10.10.1.4	Microsoft Office Outlook 12.0
+#end	2009-10-05-06-06-16
diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log b/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log
index 453b55932e..9bae222897 100644
--- a/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log
+++ b/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log
@@ -3,8 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	smtp_entities
+#start	2009-10-05-06-06-10
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	filename	content_len	mime_type	md5	extraction_file	excerpt
 #types	time	string	addr	port	addr	port	count	string	count	string	string	file	string
 1254722770.692743	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	-	79	FAKE_MIME	-	smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat	(empty)
 1254722770.692743	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	-	1918	FAKE_MIME	-	-	(empty)
 1254722770.692804	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	NEWS.txt	10823	FAKE_MIME	-	smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat	(empty)
+#end	2009-10-05-06-06-16
diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log b/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log
index 2b471782d5..5cb4bb15ef 100644
--- a/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log
+++ b/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log
@@ -3,8 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	smtp_entities
+#start	2009-10-05-06-06-10
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	filename	content_len	mime_type	md5	extraction_file	excerpt
 #types	time	string	addr	port	addr	port	count	string	count	string	string	file	string
 1254722770.692743	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	-	79	FAKE_MIME	92bca2e6cdcde73647125da7dccbdd07	-	(empty)
 1254722770.692743	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	-	1918	FAKE_MIME	-	-	(empty)
 1254722770.692804	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	NEWS.txt	10823	FAKE_MIME	a968bb0f9f9d95835b2e74c845877e87	-	(empty)
+#end	2009-10-05-06-06-16
diff --git a/testing/btest/Baseline/scripts.base.protocols.socks.trace1/socks.log b/testing/btest/Baseline/scripts.base.protocols.socks.trace1/socks.log
index 08d31fdb69..960ea71720 100644
--- a/testing/btest/Baseline/scripts.base.protocols.socks.trace1/socks.log
+++ b/testing/btest/Baseline/scripts.base.protocols.socks.trace1/socks.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	socks
+#start	2012-06-20-17-23-38
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	user	status	request.host	request.name	request_p	bound.host	bound.name	bound_p
 #types	time	string	addr	port	addr	port	count	string	string	addr	string	port	addr	string	port
 1340213015.276495	UWkUyAuUGXf	10.0.0.55	53994	60.190.189.214	8124	5	-	succeeded	-	www.osnews.com	80	192.168.0.31	-	2688
+#end	2012-06-20-17-28-10
diff --git a/testing/btest/Baseline/scripts.base.protocols.socks.trace1/tunnel.log b/testing/btest/Baseline/scripts.base.protocols.socks.trace1/tunnel.log
index a7068cd0da..d914b3074e 100644
--- a/testing/btest/Baseline/scripts.base.protocols.socks.trace1/tunnel.log
+++ b/testing/btest/Baseline/scripts.base.protocols.socks.trace1/tunnel.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
+#start	2012-06-20-17-23-35
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
 1340213015.276495	-	10.0.0.55	0	60.190.189.214	8124	Tunnel::SOCKS	Tunnel::DISCOVER
+#end	2012-06-20-17-28-10
diff --git a/testing/btest/Baseline/scripts.base.protocols.socks.trace2/socks.log b/testing/btest/Baseline/scripts.base.protocols.socks.trace2/socks.log
index 8fd109f3a4..ef07cc31a5 100644
--- a/testing/btest/Baseline/scripts.base.protocols.socks.trace2/socks.log
+++ b/testing/btest/Baseline/scripts.base.protocols.socks.trace2/socks.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	socks
+#start	2012-06-19-13-41-02
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	user	status	request.host	request.name	request_p	bound.host	bound.name	bound_p
 #types	time	string	addr	port	addr	port	count	string	string	addr	string	port	addr	string	port
 1340113261.914619	UWkUyAuUGXf	10.0.0.50	59580	85.194.84.197	1080	5	-	succeeded	-	www.google.com	443	0.0.0.0	-	443
+#end	2012-06-19-13-41-05
diff --git a/testing/btest/Baseline/scripts.base.protocols.socks.trace2/tunnel.log b/testing/btest/Baseline/scripts.base.protocols.socks.trace2/tunnel.log
index 5eac3ae7ad..10f079b888 100644
--- a/testing/btest/Baseline/scripts.base.protocols.socks.trace2/tunnel.log
+++ b/testing/btest/Baseline/scripts.base.protocols.socks.trace2/tunnel.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
+#start	2012-06-19-13-41-01
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
 1340113261.914619	-	10.0.0.50	0	85.194.84.197	1080	Tunnel::SOCKS	Tunnel::DISCOVER
+#end	2012-06-19-13-41-05
diff --git a/testing/btest/Baseline/scripts.base.protocols.socks.trace3/tunnel.log b/testing/btest/Baseline/scripts.base.protocols.socks.trace3/tunnel.log
index 4723cb99c4..4299e302ce 100644
--- a/testing/btest/Baseline/scripts.base.protocols.socks.trace3/tunnel.log
+++ b/testing/btest/Baseline/scripts.base.protocols.socks.trace3/tunnel.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
+#start	2008-04-15-22-43-49
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
 1208299429.265774	-	127.0.0.1	0	127.0.0.1	1080	Tunnel::SOCKS	Tunnel::DISCOVER
+#end	2008-04-15-22-43-49
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log
index 74156362e5..b77925e498 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssl
+#start	2012-04-27-14-53-12
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	subject	issuer_subject	not_valid_before	not_valid_after	last_alert
 #types	time	string	addr	port	addr	port	string	string	string	string	string	string	time	time	string
 1335538392.319381	UWkUyAuUGXf	192.168.1.105	62045	74.125.224.79	443	TLSv10	TLS_ECDHE_RSA_WITH_RC4_128_SHA	ssl.gstatic.com	-	CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority,O=Google Inc,C=US	1334102677.000000	1365639277.000000	-
+#end	2012-04-27-14-53-16
diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log
index 0799292857..6951e4d51f 100644
--- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log
+++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log
@@ -3,9 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	known_hosts
+#start	2011-03-18-19-06-08
 #fields	ts	host
 #types	time	addr
 1300475168.783842	141.142.220.118
 1300475168.783842	208.80.152.118
 1300475168.915940	208.80.152.3
 1300475168.962628	208.80.152.2
+#end	2011-03-18-19-06-13
diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log
index 6fdba24d39..b70a701448 100644
--- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log
+++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	known_hosts
+#start	2011-03-18-19-06-08
 #fields	ts	host
 #types	time	addr
 1300475168.783842	141.142.220.118
+#end	2011-03-18-19-06-13
diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log
index 9ef6ee47b7..8e9d8c6c79 100644
--- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log
+++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log
@@ -3,8 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	known_hosts
+#start	2011-03-18-19-06-08
 #fields	ts	host
 #types	time	addr
 1300475168.783842	208.80.152.118
 1300475168.915940	208.80.152.3
 1300475168.962628	208.80.152.2
+#end	2011-03-18-19-06-13
diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log
index d53da6f693..25198e92d5 100644
--- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log
+++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log
@@ -3,6 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	known_services
+#start	2011-06-24-15-51-31
 #fields	ts	host	port_num	port_proto	service
 #types	time	addr	port	enum	table[string]
 1308930691.049431	172.16.238.131	22	tcp	SSH
@@ -10,3 +11,4 @@
 1308930716.462556	74.125.225.81	80	tcp	HTTP
 1308930718.361665	172.16.238.131	21	tcp	FTP
 1308930726.872485	141.142.192.39	22	tcp	SSH
+#end	2011-06-24-15-52-08
diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log
index ef1722d6a1..598f49fa65 100644
--- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log
+++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log
@@ -3,8 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	known_services
+#start	2011-06-24-15-51-31
 #fields	ts	host	port_num	port_proto	service
 #types	time	addr	port	enum	table[string]
 1308930691.049431	172.16.238.131	22	tcp	SSH
 1308930694.550308	172.16.238.131	80	tcp	HTTP
 1308930718.361665	172.16.238.131	21	tcp	FTP
+#end	2011-06-24-15-52-08
diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log
index 3fc68cdb91..c248b18146 100644
--- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log
+++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log
@@ -3,7 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	known_services
+#start	2011-06-24-15-51-56
 #fields	ts	host	port_num	port_proto	service
 #types	time	addr	port	enum	table[string]
 1308930716.462556	74.125.225.81	80	tcp	HTTP
 1308930726.872485	141.142.192.39	22	tcp	SSH
+#end	2011-06-24-15-52-08
diff --git a/testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log b/testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log
index f636093677..fb024db6d2 100644
--- a/testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log
+++ b/testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log
@@ -3,6 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dns
+#start	1999-06-28-23-40-27
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	auth	addl
 #types	time	string	addr	port	addr	port	enum	count	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	table[string]	table[string]
 930613226.529070	UWkUyAuUGXf	212.180.42.100	25000	131.243.64.3	53	tcp	34798	-	-	-	-	-	0	NOERROR	F	F	F	T	0	4.3.2.1	31337.000000	-	-
+#end	1999-06-28-23-40-27
diff --git a/testing/btest/istate/events-ssl.bro b/testing/btest/istate/events-ssl.bro
index afbee3f6d9..e09bf112fd 100644
--- a/testing/btest/istate/events-ssl.bro
+++ b/testing/btest/istate/events-ssl.bro
@@ -7,8 +7,8 @@
 # @TEST-EXEC: btest-diff sender/http.log
 # @TEST-EXEC: btest-diff receiver/http.log
 # 
-# @TEST-EXEC: cat sender/http.log   $SCRIPTS/diff-remove-timestamps >sender.http.log
-# @TEST-EXEC: cat receiver/http.log $SCRIPTS/diff-remove-timestamps >receiver.http.log
+# @TEST-EXEC: cat sender/http.log   | $SCRIPTS/diff-remove-timestamps >sender.http.log
+# @TEST-EXEC: cat receiver/http.log | $SCRIPTS/diff-remove-timestamps >receiver.http.log
 # @TEST-EXEC: cmp sender.http.log receiver.http.log
 # 
 # @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' | $SCRIPTS/diff-remove-timestamps >events.snd.log
diff --git a/testing/btest/istate/events.bro b/testing/btest/istate/events.bro
index 9298ac1c01..70726a9f20 100644
--- a/testing/btest/istate/events.bro
+++ b/testing/btest/istate/events.bro
@@ -7,8 +7,8 @@
 # @TEST-EXEC: btest-diff sender/http.log
 # @TEST-EXEC: btest-diff receiver/http.log
 # 
-# @TEST-EXEC: cat sender/http.log   $SCRIPTS/diff-remove-timestamps >sender.http.log
-# @TEST-EXEC: cat receiver/http.log $SCRIPTS/diff-remove-timestamps >receiver.http.log
+# @TEST-EXEC: cat sender/http.log   | $SCRIPTS/diff-remove-timestamps >sender.http.log
+# @TEST-EXEC: cat receiver/http.log | $SCRIPTS/diff-remove-timestamps >receiver.http.log
 # @TEST-EXEC: cmp sender.http.log receiver.http.log
 # 
 # @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' | $SCRIPTS/diff-remove-timestamps >events.snd.log
diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro
index f2c370a27a..1d0742216d 100644
--- a/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro
@@ -1,5 +1,6 @@
 #
 # @TEST-EXEC: bro -b %INPUT 
+# @TEST-EXEC: cat ssh.log | egrep -v '#start|#end' >ssh.log.tmp && mv ssh.log.tmp ssh.log
 # @TEST-EXEC: btest-diff ssh.log
 
 redef LogAscii::separator = "||";
diff --git a/testing/scripts/diff-remove-timestamps b/testing/scripts/diff-remove-timestamps
index 9398c1cb4b..cbb5aa5c0e 100755
--- a/testing/scripts/diff-remove-timestamps
+++ b/testing/scripts/diff-remove-timestamps
@@ -3,4 +3,4 @@
 # Replace anything which looks like timestamps with XXXs (including the #start/end markers in logs).
 
 sed 's/[0-9]\{10\}\.[0-9]\{2,8\}/XXXXXXXXXX.XXXXXX/g' | \
-sed 's/^#\(start\|end\).20..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g'
+sed 's/^#\(start\|end\).\(19\|20\)..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g'

From 7fde1165e931ae5007b3d2071fcd1a2e4a8f9b60 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Thu, 19 Jul 2012 09:41:44 -0700
Subject: [PATCH 49/60] Give configure a --disable-perftools option.

This disables Perftools support even if found. Linking in tcmalloc can
make debugging memory problems quite a bit hard (including confusing
valgrind).
---
 CMakeLists.txt | 4 +++-
 configure      | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 28b702ab01..bea83b0de6 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -91,7 +91,9 @@ endif ()
 set(USE_PERFTOOLS false)
 set(USE_PERFTOOLS_DEBUG false)
 
-find_package(GooglePerftools)
+if (NOT DISABLE_PERFTOOLS)
+   find_package(GooglePerftools)
+endif ()
 
 if (GOOGLEPERFTOOLS_FOUND)
     include_directories(BEFORE ${GooglePerftools_INCLUDE_DIR})
diff --git a/configure b/configure
index 3258d4abfc..2de4be62c4 100755
--- a/configure
+++ b/configure
@@ -33,6 +33,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
     --disable-broccoli     don't build or install the Broccoli library
     --disable-broctl       don't install Broctl
     --disable-auxtools     don't build or install auxiliary tools
+    --disable-perftools    don't try to build python with Google Perftools
     --disable-python       don't try to build python bindings for broccoli
     --disable-ruby         don't try to build ruby bindings for broccoli
 
@@ -105,6 +106,7 @@ append_cache_entry INSTALL_BROCCOLI     BOOL   true
 append_cache_entry INSTALL_BROCTL       BOOL   true
 append_cache_entry CPACK_SOURCE_IGNORE_FILES STRING
 append_cache_entry ENABLE_MOBILE_IPV6   BOOL   false
+append_cache_entry DISABLE_PERFTOOLS    BOOL   false
 
 # parse arguments
 while [ $# -ne 0 ]; do
@@ -156,6 +158,9 @@ while [ $# -ne 0 ]; do
         --disable-auxtools)
             append_cache_entry INSTALL_AUX_TOOLS    BOOL   false
             ;;
+        --disable-perftools)
+            append_cache_entry DISABLE_PERFTOOLS    BOOL   true
+            ;;
         --disable-python)
             append_cache_entry DISABLE_PYTHON_BINDINGS     BOOL   true
             ;;

From db3d89d290203a0adb7ba23885198c48bb8ea026 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Fri, 20 Jul 2012 08:51:39 -0400
Subject: [PATCH 50/60] Some documentation updates for elasticsearch plugin.

---
 .../frameworks/logging/writers/elasticsearch.bro  | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro
index adc675e487..2a58f95ae9 100644
--- a/scripts/base/frameworks/logging/writers/elasticsearch.bro
+++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro
@@ -1,7 +1,16 @@
+##! Log writer for sending logs to an ElasticSearch server.
+##!
+##! Note: This module is in testing and is not yet considered stable!
+##!
+##! There is one known memory issue.  If your elasticsearch server is 
+##! running slowly and taking too long to return from bulk insert 
+##! requests, the message queue to the writer thread will continue 
+##! growing larger and larger giving the appearance of a memory leak.
+
 module LogElasticSearch;
 
 export {
-        ## Name of the ES cluster
+	## Name of the ES cluster
 	const cluster_name = "elasticsearch" &redef;
 
 	## ES Server
@@ -18,16 +27,16 @@ export {
 	const type_prefix = "" &redef;
 
 	## The time before an ElasticSearch transfer will timeout.
+	## This is not working!
 	const transfer_timeout = 2secs;
 
 	## The batch size is the number of messages that will be queued up before 
 	## they are sent to be bulk indexed.
-	## Note: this is mainly a memory usage parameter.
 	const max_batch_size = 1000 &redef;
 	
 	## The maximum amount of wall-clock time that is allowed to pass without
 	## finishing a bulk log send.  This represents the maximum delay you 
-	## would like to have with your logs before they show up in ElasticSearch.
+	## would like to have with your logs before they are sent to ElasticSearch.
 	const max_batch_interval = 1min &redef;
 	
 	## The maximum byte size for a buffered JSON string to send to the bulk

From 0a681367b70e03fbb938146ec497546aa01d4ec8 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Fri, 20 Jul 2012 06:58:39 -0700
Subject: [PATCH 51/60] Revert "Fixing calc_next_rotate to use UTC based time
 functions."

This reverts commit 6335dbb5e1cf694afea3c306012a258614d13880.
---
 src/util.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/util.cc b/src/util.cc
index abbea3e906..3cfa5fca1c 100644
--- a/src/util.cc
+++ b/src/util.cc
@@ -1112,9 +1112,9 @@ double calc_next_rotate(double current, double interval, double base)
 	time_t teatime = time_t(current);
 
 	struct tm t;
-	t = *gmtime_r(&teatime, &t);
+	t = *localtime_r(&teatime, &t);
 	t.tm_hour = t.tm_min = t.tm_sec = 0;
-	double startofday = timegm(&t);
+	double startofday = mktime(&t);
 
 	if ( base < 0 )
 		// No base time given. To get nice timestamps, we round

From 7bd8367076eeba1e3ef4a8c7d4d29f22355d518f Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Fri, 20 Jul 2012 11:02:09 -0400
Subject: [PATCH 52/60] More documentation updates.

---
 doc/logging-elasticsearch.rst | 80 ++++++++++++++++-------------------
 1 file changed, 37 insertions(+), 43 deletions(-)

diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst
index b6d22cf5fa..7571c68219 100644
--- a/doc/logging-elasticsearch.rst
+++ b/doc/logging-elasticsearch.rst
@@ -1,28 +1,38 @@
 
-========================================
+=========================================
 Indexed Logging Output with ElasticSearch
-========================================
+=========================================
 
 .. rst-class:: opening
 
    Bro's default ASCII log format is not exactly the most efficient
-   way for storing and searching large volumes of data. ElasticSearch
-   is a new and exciting technology for dealing with tons of data.
-   ElasticSearch is a search engine built on top of Apache's Lucene
+   way for searching large volumes of data. ElasticSearch
+   is a new data storage technology for dealing with tons of data.
+   It's also a search engine built on top of Apache's Lucene
    project. It scales very well, both for distributed indexing and 
    distributed searching.
 
 .. contents::
 
+Warning
+-------
+
+This writer plugin is still in testing and is not yet recommended for
+production use!  The approach to how logs are handled in the plugin is "fire
+and forget" at this time, there is no error handling if the server fails to
+respond successfully to the insertion request.
+
 Installing ElasticSearch
 ------------------------
 
-ElasticSearch requires a JRE to run. Please download the latest version
-from: <http://www.elasticsearch.org/download/>. Once extracted, start
-ElasticSearch with::
+Download the latest version from: <http://www.elasticsearch.org/download/>.
+Once extracted, start ElasticSearch with::
 
 # ./bin/elasticsearch
 
+For more detailed information, refer to the ElasticSearch installation
+documentation: http://www.elasticsearch.org/guide/reference/setup/installation.html
+
 Compiling Bro with ElasticSearch Support
 ----------------------------------------
 
@@ -41,49 +51,32 @@ First, ensure that you have libcurl installed the run configure.::
 Activating ElasticSearch
 ------------------------
 
-The direct way to use ElasticSearch is to switch *all* log files over to
-ElasticSearch. To do that, just add ``redef
-Log::default_writer=Log::WRITER_ELASTICSEARCH;`` to your ``local.bro``.
-For testing, you can also just pass that on the command line::
+The easiest way to enable ElasticSearch output is to load the tuning/logs-to-
+elasticsearch.bro script.  If you are using BroControl, the following line in
+local.bro will enable it.
 
-    bro -r trace.pcap Log::default_writer=Log::WRITER_ELASTICSEARCH
+.. console::
 
-With that, Bro will now write all its output into ElasticSearch. You can 
-inspect these using ElasticSearch's REST-ful interface. For more
-information, see: <http://www.elasticsearch.org/guide/reference/api/>.
+    @load tuning/logs-to-elasticsearch
 
-There is also a rudimentary web interface to ElasticSearch, available at:
-<http://mobz.github.com/elasticsearch-head/>.
+With that, Bro will now write most of its logs into ElasticSearch in addition
+to maintaining the Ascii logs like it would do by default.  That script has
+some tunable options for choosing which logs to send to ElasticSearch, refer
+to the autogenerated script documentation for those options.
 
-You can also switch only individual files over to ElasticSearch by adding
-code like this to your ``local.bro``::
+There is an interface being written specifically to integrate with the data
+that Bro outputs into ElasticSearch named Brownian.  It can be found here::
 
-.. code::bro
+    https://github.com/grigorescu/Brownian
 
-    event bro_init()
-        {
-        local f = Log::get_filter(Conn::LOG, "default"); # Get default filter for connection log.
-        f$writer = Log::WRITER_ELASTICSEARCH;               # Change writer type.
-        Log::add_filter(Conn::LOG, f);                   # Replace filter with adapted version.
-        }
+Tuning
+------
 
-Configuring ElasticSearch
--------------------------
+A common problem encountered with ElasticSearch is too many files being held
+open.  The ElasticSearch website has some suggestions on how to increase the
+open file limit.
 
-Bro's ElasticSearch writer comes with a few configuration options::
-
-- cluster_name: Currently unused.
-
-- server_host:  Where to send the data. Default localhost.
-
-- server_port:  What port to send the data to. Default 9200.
-
-- index_prefix:   ElasticSearch indexes are like databases in a standard DB model. 
-  This is the name of the index to which to send the data. Default bro.
-
-- type_prefix:  ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none.
-
-- batch_size:   How many messages to buffer before sending to ElasticSearch. This is mainly a memory optimization - changing this doesn't seem to affect indexing performance that much. Default: 10,000.
+  - http://www.elasticsearch.org/tutorials/2011/04/06/too-many-open-files.html
 
 TODO
 ----
@@ -93,3 +86,4 @@ Lots.
 - Perform multicast discovery for server.
 - Better error detection.
 - Better defaults (don't index loaded-plugins, for instance).
+- 

From c5d1aebbfe8c49ba89dd9d0c906f5ae38669497b Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Fri, 20 Jul 2012 09:01:25 -0700
Subject: [PATCH 53/60] Temporarily removing tuning/logs-to-elasticsearch.bro
 from the test-all-policy.

Loading it in there can lead to some tests not terminating. We need to
fix that, it let's the coverage test fail.
---
 scripts/test-all-policy.bro | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro
index a7c43b14b3..c4acece25d 100644
--- a/scripts/test-all-policy.bro
+++ b/scripts/test-all-policy.bro
@@ -60,5 +60,5 @@
 @load tuning/defaults/__load__.bro
 @load tuning/defaults/packet-fragments.bro
 @load tuning/defaults/warnings.bro
-@load tuning/logs-to-elasticsearch.bro
+# @load tuning/logs-to-elasticsearch.bro
 @load tuning/track-all-assets.bro

From ce4b8dd4aca99c4e1013b5c843df30bfedc54cfd Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Fri, 20 Jul 2012 09:57:38 -0700
Subject: [PATCH 54/60] Changing HTTP DPD port 3138 to 3128.

Addresses #857.
---
 scripts/base/protocols/http/main.bro | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro
index f4377e03de..21b4fb6113 100644
--- a/scripts/base/protocols/http/main.bro
+++ b/scripts/base/protocols/http/main.bro
@@ -114,7 +114,7 @@ event bro_init() &priority=5
 
 # DPD configuration.
 const ports = {
-	80/tcp, 81/tcp, 631/tcp, 1080/tcp, 3138/tcp,
+	80/tcp, 81/tcp, 631/tcp, 1080/tcp, 3128/tcp,
 	8000/tcp, 8080/tcp, 8888/tcp,
 };
 redef dpd_config += { 

From 5ef83900d8b30a44fe86eb97501ba8cc53c06194 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Fri, 20 Jul 2012 12:28:34 -0700
Subject: [PATCH 55/60] Sed usage in canonifier script didn't work on non-Linux
 systems.

---
 testing/scripts/diff-remove-timestamps | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/testing/scripts/diff-remove-timestamps b/testing/scripts/diff-remove-timestamps
index cbb5aa5c0e..e235746f93 100755
--- a/testing/scripts/diff-remove-timestamps
+++ b/testing/scripts/diff-remove-timestamps
@@ -2,5 +2,13 @@
 #
 # Replace anything which looks like timestamps with XXXs (including the #start/end markers in logs).
 
+# Get us "modern" regexps with sed.
+if [ `uname` == "Linux" ]; then
+   sed="sed"
+else
+   sed="sed -E"
+fi
+
+# The first sed uses a "basic" regexp, the 2nd a "modern:.
 sed 's/[0-9]\{10\}\.[0-9]\{2,8\}/XXXXXXXXXX.XXXXXX/g' | \
-sed 's/^#\(start\|end\).\(19\|20\)..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g'
+$sed 's/^#(start|end).(19|20)..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g'

From 58e2b70fc806621a833d13a88fbee4562f6753ba Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Fri, 20 Jul 2012 14:37:14 -0700
Subject: [PATCH 56/60] make version_ok return true for TLSv12

I think it is a bug that this was missing...
---
 src/ssl-analyzer.pac | 1 +
 src/ssl-defs.pac     | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/ssl-analyzer.pac b/src/ssl-analyzer.pac
index d1ac470284..3d9564eaab 100644
--- a/src/ssl-analyzer.pac
+++ b/src/ssl-analyzer.pac
@@ -93,6 +93,7 @@ function version_ok(vers : uint16) : bool
 	case SSLv30:
 	case TLSv10:
 	case TLSv11:
+	case TLSv12:
 		return true;
 
 	default:
diff --git a/src/ssl-defs.pac b/src/ssl-defs.pac
index b13b7c4881..4f715bbddd 100644
--- a/src/ssl-defs.pac
+++ b/src/ssl-defs.pac
@@ -22,5 +22,6 @@ enum SSLVersions {
 	SSLv20		= 0x0002,
 	SSLv30		= 0x0300,
 	TLSv10		= 0x0301,
-	TLSv11		= 0x0302
+	TLSv11		= 0x0302,
+	TLSv12		= 0x0303
 };

From 053b307e24ee247137dcef031caaeadf681f126d Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Sun, 22 Jul 2012 13:42:31 -0700
Subject: [PATCH 57/60] Bug fix for BasicThread.

---
 src/threading/BasicThread.cc | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc
index d4a82316e8..9c113fb7ec 100644
--- a/src/threading/BasicThread.cc
+++ b/src/threading/BasicThread.cc
@@ -42,24 +42,24 @@ BasicThread::~BasicThread()
 	delete [] strerr_buffer;
 	}
 
-void BasicThread::SetName(const char* name)
+void BasicThread::SetName(const char* arg_name)
 	{
 	delete [] name;
-	name = copy_string(name);
+	name = copy_string(arg_name);
 	}
 
-void BasicThread::SetOSName(const char* name)
+void BasicThread::SetOSName(const char* arg_name)
 	{
 #ifdef HAVE_LINUX
-	prctl(PR_SET_NAME, name, 0, 0, 0);
+	prctl(PR_SET_NAME, arg_name, 0, 0, 0);
 #endif
 
 #ifdef __APPLE__
-	pthread_setname_np(name);
+	pthread_setname_np(arg_name);
 #endif
 
 #ifdef FREEBSD
-	pthread_set_name_np(pthread_self(), name, name);
+	pthread_set_name_np(pthread_self(), arg_name, arg_name);
 #endif
 	}
 

From 71fc2a1728d430b10610b324ed92379b1bad3875 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Sun, 22 Jul 2012 15:50:12 -0700
Subject: [PATCH 58/60] Another small change to MsgThread API.

Threads will now reliably get a call to DoFinish() no matter how the
thread terminates. This will always be called from within the thread,
whereas the destructor is called from the main thread after the child
thread has already terminated.

Also removing debugging code.

However, two problems remain with the ASCII writer (seeing them only
on MacOS):

    - the #start/#end timestamps contain only dummy values right now.
      The odd thing is that once I enable strftime() to print actual
      timestamps, I get crashes (even though strftime() is supposed to
      be thread-safe).

    - occassionally, there's still output missing in tests. In those
      cases, the file descriptor apparently goes bad: a write() will
      suddently return EBADF for reasons I don't understand yet.
---
 src/logging/writers/Ascii.cc    | 31 ++++++++++++++++++++-----------
 src/threading/BasicThread.cc    |  8 ++------
 src/threading/MsgThread.cc      | 11 ++++++++---
 src/threading/MsgThread.h       | 11 +++++------
 src/util.cc                     |  3 +++
 testing/scripts/diff-canonifier |  2 +-
 6 files changed, 39 insertions(+), 27 deletions(-)

diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc
index d3c210ce47..87fa5dfb3c 100644
--- a/src/logging/writers/Ascii.cc
+++ b/src/logging/writers/Ascii.cc
@@ -53,12 +53,11 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend)
 
 Ascii::~Ascii()
 	{
-	//fprintf(stderr, "DTOR %p\n", this);
-
-	// Normally, the file will be closed here already via the Finish()
-	// message. But when we terminate abnormally, we may still have it open.
-	if ( fd )
-		CloseFile(0);
+	if ( ! ascii_done )
+		{
+		fprintf(stderr, "internal error: finish missing\n");
+		abort();
+		}
 
 	delete [] separator;
 	delete [] set_separator;
@@ -77,7 +76,7 @@ bool Ascii::WriteHeaderField(const string& key, const string& val)
 
 void Ascii::CloseFile(double t)
 	{
-	if ( ! fd)
+	if ( ! fd )
 		return;
 
 	if ( include_meta )
@@ -170,7 +169,7 @@ bool Ascii::DoFinish(double network_time)
 	{
 	if ( ascii_done )
 		{
-		fprintf(stderr, "duplicate finish message\n");
+		fprintf(stderr, "internal error: duplicate finish\n");
 		abort();
 		}
 
@@ -353,6 +352,7 @@ bool Ascii::DoWrite(int num_fields, const Field* const * fields,
 		// It would so escape the first character.
 		char buf[16];
 		snprintf(buf, sizeof(buf), "\\x%02x", bytes[0]);
+
 		if ( ! safe_write(fd, buf, strlen(buf)) )
 			goto write_error;
 
@@ -416,14 +416,23 @@ string Ascii::LogExt()
 
 string Ascii::Timestamp(double t)
 	{
+#if 1
+	return "2012-01-01-00-00-00";
+#else
+    // Using the version below leads to occasional crashes at least on Mac OS.
+    // Not sure why, all the function should be thread-safe ...
+
 	time_t teatime = time_t(t);
 
 	struct tm tmbuf;
 	struct tm* tm = localtime_r(&teatime, &tmbuf);
 
-	char buf[128];
+        char tmp[128];
 	const char* const date_fmt = "%Y-%m-%d-%H-%M-%S";
-	strftime(buf, sizeof(buf), date_fmt, tm);
-	return buf;
+	strftime(tmp, sizeof(tmp), date_fmt, tm);
+
+	return tmp;
+#endif
 	}
 
+
diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc
index 9c113fb7ec..c708bb79ef 100644
--- a/src/threading/BasicThread.cc
+++ b/src/threading/BasicThread.cc
@@ -35,7 +35,7 @@ BasicThread::BasicThread()
 
 BasicThread::~BasicThread()
 	{
-        if ( buf )
+	if ( buf )
 		free(buf);
 
 	delete [] name;
@@ -50,6 +50,7 @@ void BasicThread::SetName(const char* arg_name)
 
 void BasicThread::SetOSName(const char* arg_name)
 	{
+
 #ifdef HAVE_LINUX
 	prctl(PR_SET_NAME, arg_name, 0, 0, 0);
 #endif
@@ -131,16 +132,12 @@ void BasicThread::PrepareStop()
 
 void BasicThread::Stop()
 	{
-	// XX fprintf(stderr, "stop1 %s %d %d\n", name, started, terminating);
-
 	if ( ! started )
 		return;
 
 	if ( terminating )
 		return;
 
-	// XX fprintf(stderr, "stop2 %s\n", name);
-
 	DBG_LOG(DBG_THREADING, "Signaling thread %s to terminate ...", name);
 
 	OnStop();
@@ -177,7 +174,6 @@ void BasicThread::Kill()
 
 void BasicThread::Done()
 	{
-	// XX fprintf(stderr, "DONE from thread %s\n", name);
 	DBG_LOG(DBG_THREADING, "Thread %s has finished", name);
 
 	terminating = true;
diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc
index 0e55b99ba1..121bec265c 100644
--- a/src/threading/MsgThread.cc
+++ b/src/threading/MsgThread.cc
@@ -155,8 +155,6 @@ void MsgThread::OnPrepareStop()
 	if ( finished || Killed() )
 		return;
 
-	// XX fprintf(stderr, "Sending FINISH to thread %s  ...\n", Name());
-
 	// Signal thread to terminate and wait until it has acknowledged.
 	SendIn(new FinishMessage(this, network_time), true);
 	}
@@ -356,7 +354,14 @@ void MsgThread::Run()
 		delete msg;
 		}
 
-	Finished();
+	// In case we haven't send the finish method yet, do it now. Reading
+	// global network_time here should be fine, it isn't changing
+	// anymore.
+	if ( ! finished )
+		{
+		OnFinish(network_time);
+		Finished();
+		}
 	}
 
 void MsgThread::GetStats(Stats* stats)
diff --git a/src/threading/MsgThread.h b/src/threading/MsgThread.h
index 1d9b17c7d9..da505de6be 100644
--- a/src/threading/MsgThread.h
+++ b/src/threading/MsgThread.h
@@ -197,10 +197,6 @@ protected:
 	 */
 	virtual void Heartbeat();
 
-	/** Flags that the child process has finished processing. Called from child.
-	 */
-	void Finished();
-
 	/** Internal heartbeat processing. Called from child.
 	 */
 	void HeartbeatInChild();
@@ -217,8 +213,7 @@ protected:
 	virtual bool OnHeartbeat(double network_time, double current_time) = 0;
 
 	/** Triggered for execution in the child thread just before shutting threads down.
-	 *  The child thread should finish its operations and then *must*
-	 *  call this class' implementation.
+	 *  The child thread should finish its operations.
 	 */
 	virtual bool OnFinish(double network_time) = 0;
 
@@ -288,6 +283,10 @@ private:
 	 */
 	bool MightHaveOut() { return queue_out.MaybeReady(); }
 
+	/** Flags that the child process has finished processing. Called from child.
+	 */
+	void Finished();
+
 	Queue<BasicInputMessage *> queue_in;
 	Queue<BasicOutputMessage *> queue_out;
 
diff --git a/src/util.cc b/src/util.cc
index 553944c69c..cd367cf825 100644
--- a/src/util.cc
+++ b/src/util.cc
@@ -1301,6 +1301,9 @@ bool safe_write(int fd, const char* data, int len)
 			if ( errno == EINTR )
 				continue;
 
+            fprintf(stderr, "safe_write error: %d\n", errno);
+            abort();
+
 			return false;
 			}
 
diff --git a/testing/scripts/diff-canonifier b/testing/scripts/diff-canonifier
index 4d04b3372c..3cb213a3f7 100755
--- a/testing/scripts/diff-canonifier
+++ b/testing/scripts/diff-canonifier
@@ -2,4 +2,4 @@
 #
 # Default canonifier used with the tests in testing/btest/*.
 
-`dirname $0`/diff-remove-timestamps | grep -v XXX
+`dirname $0`/diff-remove-timestamps

From 775961ee1525c9d245ec27d7a82816a3fc0c34b2 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Sun, 22 Jul 2012 15:57:26 -0700
Subject: [PATCH 59/60] Updating test base line.

(Due to removing the debugging helper in canonification script.)
---
 .../out                                       | 22 ++-----------------
 1 file changed, 2 insertions(+), 20 deletions(-)

diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out
index 91b6f5de7a..e2b8a8b377 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out
@@ -19,31 +19,13 @@ custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_11.59.55.log, pat
 custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.00.05.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F]
 custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.59.55.log, path=test2, open=1299502795.0, close=1299502795.0, terminating=T]
 #empty_field	(empty)
-#end	2011-03-07-03-59-55
-#end	2011-03-07-04-00-05
-#end	2011-03-07-04-59-55
-#end	2011-03-07-05-00-05
-#end	2011-03-07-05-59-55
-#end	2011-03-07-06-00-05
-#end	2011-03-07-06-59-55
-#end	2011-03-07-07-00-05
-#end	2011-03-07-07-59-55
-#end	2011-03-07-08-00-05
-#end	2011-03-07-08-59-55
-#end	2011-03-07-09-00-05
-#end	2011-03-07-09-59-55
-#end	2011-03-07-10-00-05
-#end	2011-03-07-10-59-55
-#end	2011-03-07-11-00-05
-#end	2011-03-07-11-59-55
-#end	2011-03-07-12-00-05
-#end	2011-03-07-12-59-55
+#end	2012-01-01-00-00-00
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 #path	test
 #path	test2
 #separator \x09
 #set_separator	,
-#start	2011-03-07-03-00-05
+#start	2012-01-01-00-00-00
 #types	time	addr	port	addr	port
 #unset_field	-
 1299466805.000000	10.0.0.1	20	10.0.0.2	1024

From f2e60a76a81360a64fec78d3693bea2a22ec389a Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Sun, 22 Jul 2012 21:04:59 -0700
Subject: [PATCH 60/60] Script fix for Linux.

---
 testing/scripts/diff-remove-timestamps | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testing/scripts/diff-remove-timestamps b/testing/scripts/diff-remove-timestamps
index e235746f93..84bd21aa60 100755
--- a/testing/scripts/diff-remove-timestamps
+++ b/testing/scripts/diff-remove-timestamps
@@ -4,7 +4,7 @@
 
 # Get us "modern" regexps with sed.
 if [ `uname` == "Linux" ]; then
-   sed="sed"
+   sed="sed -r"
 else
    sed="sed -E"
 fi