diff --git a/.gitmodules b/.gitmodules
index 24375ce23d..91f39e3d04 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -22,3 +22,6 @@
 [submodule "aux/plugins"]
 	path = aux/plugins
 	url = git://git.bro.org/bro-plugins
+[submodule "aux/broker"]
+	path = aux/broker
+	url = git://git.bro.org/broker
diff --git a/CHANGES b/CHANGES
index cad5e26988..6dbaea2555 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,601 @@
 
+2.4-beta | 2015-05-07 21:55:31 -0700
+
+  * Release 2.4-beta.
+
+  * Update local-compat.test (Johanna Amann)
+
+2.3-913 | 2015-05-06 09:58:00 -0700
+
+  * Add /sbin to PATH in btest.cfg and remove duplicate default_path.
+    (Daniel Thayer)
+
+2.3-911 | 2015-05-04 09:58:09 -0700
+
+  * Update usage output and list of command line options. (Daniel
+    Thayer)
+
+  * Fix to ssh/geo-data.bro for unset directions. (Vlad Grigorescu)
+
+  * Improve SIP logging and remove reporter messages. (Seth Hall)
+
+2.3-905 | 2015-04-29 17:01:30 -0700
+
+  * Improve SIP logging and remove reporter messages. (Seth Hall)
+
+2.3-903 | 2015-04-27 17:27:59 -0700
+
+  * BIT-1350: Improve record coercion type checking. (Jon Siwek)
+
+2.3-901 | 2015-04-27 17:25:27 -0700
+
+  * BIT-1384: Remove -O (optimize scripts) command-line option, which
+    hadn't been working for a while already. (Jon Siwek)
+
+2.3-899 | 2015-04-27 17:22:42 -0700
+
+  * Fix the -J/--set-seed cmd-line option. (Daniel Thayer)
+
+  * Remove unused -l, -L, and -Z cmd-line options. (Daniel Thayer)
+
+2.3-892 | 2015-04-27 08:22:22 -0700
+
+  * Fix typos in the Broker BIF documentation. (Daniel Thayer)
+
+  * Update installation instructions and remove outdated references.
+    (Johanna Amann)
+
+  * Easier support for systems with tcmalloc_minimal installed. (Seth
+    Hall)
+
+2.3-884 | 2015-04-23 12:30:15 -0500
+
+  * Fix some outdated documentation unit tests. (Jon Siwek)
+
+2.3-883 | 2015-04-23 07:10:36 -0700
+
+  * Fix -N option to work with builtin plugins as well. (Robin Sommer)
+
+2.3-882 | 2015-04-23 06:59:40 -0700
+
+  * Add missing .pac dependencies for some binpac analyzer targets.
+    (Jon Siwek)
+
+2.3-879 | 2015-04-22 10:38:07 -0500
+
+  * Fix compile errors. (Jon Siwek)
+
+2.3-878 | 2015-04-22 08:21:23 -0700
+
+  * Fix another compiler warning in DTLS. (Johanna Amann)
+
+2.3-877 | 2015-04-21 20:14:16 -0700
+
+  * Adding missing include. (Robin Sommer)
+
+2.3-876 | 2015-04-21 16:40:10 -0700
+
+  * Attempt at fixing a potential std::length_error exception in RDP
+    analyzer. Addresses BIT-1337. (Robin Sommer)
+
+  * Fixing compile problem caused by overeager factorization. (Robin
+    Sommer)
+
+2.3-874 | 2015-04-21 16:09:20 -0700
+
+  * Change details of escaping when logging/printing. (Seth Hall/Robin
+    Sommer)
+
+        - Log files now escape non-printable characters consistently
+          as "\xXX'. Furthermore, backslashes are escaped as "\\",
+          making the representation fully reversible.
+
+        - When escaping via script-level functions (escape_string,
+          clean), we likewise now escape consistently with "\xXX" and
+          "\\".
+
+        - There's no "alternative" output style anymore, i.e., fmt()
+          '%A' qualifier is gone.
+
+    Addresses BIT-1333.
+
+  * Remove several BroString escaping methods that are no longer
+    useful. (Seth Hall)
+
+2.3-864 | 2015-04-21 15:24:02 -0700
+
+  * A SIP protocol analyzer. (Vlad Grigorescu)
+
+	Activity gets logged into sip.log. It generates the following
+    events:
+
+	    event sip_request(c: connection, method: string, original_URI: string, version: string);
+        event sip_reply(c: connection, version: string, code: count, reason: string);
+        event sip_header(c: connection, is_orig: bool, name: string, value: string);
+        event sip_all_headers(c: connection, is_orig: bool, hlist: mime_header_list);
+        event sip_begin_entity(c: connection, is_orig: bool);
+        event sip_end_entity(c: connection, is_orig: bool);
+
+    The analyzer support SIP over UDP currently.
+
+  * BIT-1343: Factor common ASN.1 code from RDP, SNMP, and Kerberos
+    analyzers. (Jon Siwek/Robin Sommer)
+
+2.3-838 | 2015-04-21 13:40:12 -0700
+
+  * BIT-1373: Fix vector index assignment reference count bug. (Jon Siwek)
+
+2.3-836 | 2015-04-21 13:37:31 -0700
+
+  * Fix SSH direction field being unset. Addresses BIT-1365. (Vlad
+    Grigorescu)
+
+2.3-835 | 2015-04-21 16:36:00 -0500
+
+  * Clarify Broker examples. (Jon Siwek)
+
+2.3-833 | 2015-04-21 12:38:32 -0700
+
+  * A Kerberos protocol analyzer. (Vlad Grigorescu)
+
+	Activity gets logged into kerberos.log. It generates the following
+    events:
+
+        event krb_as_request(c: connection, msg: KRB::KDC_Request);
+        event krb_as_response(c: connection, msg: KRB::KDC_Response);
+        event krb_tgs_request(c: connection, msg: KRB::KDC_Request);
+        event krb_tgs_response(c: connection, msg: KRB::KDC_Response);
+        event krb_ap_request(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options);
+        event krb_priv(c: connection, is_orig: bool);
+        event krb_safe(c: connection, is_orig: bool, msg: KRB::SAFE_Msg);
+        event krb_cred(c: connection, is_orig: bool, tickets: KRB::Ticket_Vector);
+        event krb_error(c: connection, msg: KRB::Error_Msg);
+
+2.3-793 | 2015-04-20 20:51:00 -0700
+
+  * Add decoding of PROXY-AUTHORIZATION header to HTTP analyze,
+    treating it the same as AUTHORIZATION. (Josh Liburdi)
+
+  * Remove deprecated fields "hot" and "addl" from the connection
+    record. Remove the functions append_addl() and
+    append_addl_marker(). (Robin Sommer)
+
+  * Removing the NetFlow analyzer, which hasn't been used anymore
+    since then corresponding command-line option went away. (Robin
+    Sommer)
+
+2.3-787 | 2015-04-20 19:15:23 -0700
+
+  * A file analyzer for Portable Executables. (Vlad Grigorescu/Seth
+    Hall).
+
+	Activity gets logged into pe.log. It generates the following
+	events:
+
+        event pe_dos_header(f: fa_file, h: PE::DOSHeader);
+        event pe_dos_code(f: fa_file, code: string);
+        event pe_file_header(f: fa_file, h: PE::FileHeader);
+        event pe_optional_header(f: fa_file, h: PE::OptionalHeader);
+        event pe_section_header(f: fa_file, h: PE::SectionHeader);
+
+2.3-741 | 2015-04-20 13:12:39 -0700
+
+  * API changes to file analysis mime type detection. Removed
+    "file_mime_type" and "file_mime_types" event, replacing them with
+    a new event called "file_metadata_inferred". Addresses BIT-1368.
+    (Jon Siwek)
+
+  * A large series of improvements for file type identification. This
+    inludes a many signature updates (new types, cleanup, performance
+    improvments) and splitting out signatures into subfiles. (Seth
+    Hall)
+
+  * Fix an issue with files having gaps before the bof_buffer is
+    filled, which could lead to file type identification not working
+    correctly. (Seth Hall)
+
+  * Fix an issue with packet loss in HTTP file reporting for file type
+    identification wasn't working correctly zero-length bodies. (Seth
+    Hall)
+
+  * X.509 certificates are now populating files.log with the mime type
+    application/pkix-cert. (Seth Hall)
+
+  * Normalized some FILE_ANALYSIS debug messages. (Seth Hall)
+
+2.3-725 | 2015-04-20 12:54:54 -0700
+
+  * Updating submodule(s).
+
+2.3-724 | 2015-04-20 14:11:02 -0500
+
+  * Fix uninitialized field in raw input reader. (Jon Siwek)
+
+2.3-722 | 2015-04-20 12:59:03 -0500
+
+  * Remove unneeded documentation cross-referencing. (Jon Siwek)
+
+2.3-721 | 2015-04-20 12:47:05 -0500
+
+  * BIT-1380: Improve Broxygen output of &default expressions.
+    (Jon Siwek)
+
+2.3-720 | 2015-04-17 14:18:26 -0700
+
+  * Updating NEWS.
+
+2.3-716 | 2015-04-17 13:06:37 -0700
+
+  * Add seeking functionality to raw reader. One can now add an option
+    "offset" to the config map. Positive offsets are interpreted to be
+    from the beginning of the file, negative from the end of the file
+    (-1 is end of file). Only works for raw reader in streaming or
+    manual mode. Does not work with executables. Addresses BIT-985.
+    (Johanna Amann)
+
+  * Allow setting packet and byte thresholds for connections. (Johanna Amann)
+
+    This extends the ConnSize analyzer to be able to raise events when
+    each direction of a connection crosses a certain amount of bytes
+    or packets.
+
+    Thresholds are set using:
+        - set_conn_bytes_threshold(c$id, [num-bytes], [direction]);
+        - set_conn_packets_threshold(c$id, [num-packets], [direction]);
+
+    They raise the events, respectively:
+        - event conn_bytes_threshold_crossed(c: connection, threshold: count, is_orig: bool)
+        - event conn_packets_threshold_crossed(c: connection, threshold: count, is_orig: bool)
+
+    Current thresholds can be examined using get_conn_bytes_threshold()
+    and get_conn_packets_threshold().
+
+    Only one threshold can be set per connection.
+
+  * Add high-level API for packet/bytes thresholding in
+    base/protocols/conn/thresholds.bro that holds lists of thresholds
+    and raises an event for each threshold exactly once. (Johanna
+    Amann)
+
+  * Fix a bug where child packet analyzers of the TCP analyzer
+    where not found using FindChild.
+
+  * Update GridFTP analyzer to use connection thresholding instead of
+    polling. (Johanna Amann)
+
+2.3-709 | 2015-04-17 12:37:32 -0700
+
+  * Fix addressing the dreaded "internal error: unknown msg type 115
+  in Poll()". (Jon Siwek)
+
+    This patch removes the error handling code for overload conditions
+    in the main process that could cause trouble down the road. The
+    "chunked_io_buffer_soft_cap" script variable can now tune when the
+    client process begins shutting down peer connections, and the
+    default setting is now double what it used to be. Addresses
+    BIT-1376.
+
+2.3-707 | 2015-04-17 10:57:59 -0500
+
+  * Add more info about Broker to NEWS. (Jon Siwek)
+
+2.3-705 | 2015-04-16 08:16:45 -0700
+
+  * Update Mozilla CA list. (Johanna Amann)
+
+  * Update tests to have them keep using older certificates where
+    appropiate. (Johanna Amann)
+
+2.3-699 | 2015-04-16 09:51:58 -0500
+
+  * Fix the to_count function to use strtoull versus strtoll.
+    (Jon Siwek)
+
+2.3-697 | 2015-04-15 09:51:15 -0700
+
+  * Removing error check verifying that an ASCII writer has been
+    properly finished. Instead of aborting, we now just clean up in
+    that case and proceed. Addresses BIT-1331. (Robin Sommer)
+
+2.3-696 | 2015-04-14 15:56:36 -0700
+
+  * Update sqlite to 3.8.9
+
+2.3-695 | 2015-04-13 10:34:42 -0500
+
+  * Fix iterator invalidation in broker::Manager dtor. (Jon Siwek)
+
+  * Add paragraph to plugin documentation. (Robin Sommer)
+
+2.3-693 | 2015-04-11 10:56:31 -0700
+
+  * BIT-1367: improve coercion of anonymous records in set constructor.
+    (Jon Siwek)
+
+  * Allow to specify ports for sftp log rotator. (Johanna Amann)
+
+2.3-690 | 2015-04-10 21:51:10 -0700
+
+  * Make sure to always delete the remote serializer. Addresses
+    BIT-1306 and probably also BIT-1356. (Robin Sommer)
+
+  * Cleaning up --help. -D and -Y/y were still listed, even though
+    they had no effect anymore. Removing some dead code along with -D.
+    Addresses BIT-1372. (Robin Sommer)
+
+2.3-688 | 2015-04-10 08:10:44 -0700
+
+  * Update SQLite to 3.8.8.3.
+
+2.3-687 | 2015-04-10 07:32:52 -0700
+
+  * Remove stale signature benchmarking code (-L command-line option).
+    (Jon Siwek)
+
+  * BIT-844: fix UDP payload signatures to match packet-wise. (Jon
+    Siwek)
+
+2.3-682 | 2015-04-09 12:07:00 -0700
+
+  * Fixing input readers' component type. (Robin Sommer)
+
+  * Tiny spelling correction. (Seth Hall)
+
+2.3-680 | 2015-04-06 16:02:43 -0500
+
+  * BIT-1371: remove CMake version check from binary package scripts.
+    (Jon Siwek)
+
+2.3-679 | 2015-04-06 10:16:36 -0500
+
+  * Increase some unit test timeouts. (Jon Siwek)
+
+  * Fix Coverity warning in RDP analyzer. (Jon Siwek)
+
+2.3-676 | 2015-04-02 10:10:39 -0500
+
+  * BIT-1366: improve checksum offloading warning.
+    (Frank Meier, Jon Siwek)
+
+2.3-675 | 2015-03-30 17:05:05 -0500
+
+  * Add an RDP analyzer. (Josh Liburdi, Seth Hall, Johanna Amann)
+
+2.3-640 | 2015-03-30 13:51:51 -0500
+
+  * BIT-1359: Limit maximum number of DTLS fragments to 30. (Johanna Amann)
+
+2.3-637 | 2015-03-30 12:02:07 -0500
+
+  * Increase timeout duration in some broker tests. (Jon Siwek)
+
+2.3-636 | 2015-03-30 11:26:32 -0500
+
+  * Updates related to SSH analysis. (Jon Siwek)
+
+    - Some scripts used wrong SSH module/namespace scoping on events.
+    - Fix outdated notice documentation related to SSH password guessing.
+    - Add a unit test for SSH pasword guessing notice.
+
+2.3-635 | 2015-03-30 11:02:45 -0500
+
+  * Fix outdated documentation unit tests. (Jon Siwek)
+
+2.3-634 | 2015-03-30 10:22:45 -0500
+
+  * Add a canonifier to a unit test's output. (Jon Siwek)
+
+2.3-633 | 2015-03-25 18:32:59 -0700
+
+  * Log::write in signature framework was missing timestamp.
+    (Andrew Benson/Michel Laterman)
+
+2.3-631 | 2015-03-25 11:03:12 -0700
+
+  * New SSH analyzer. (Vlad Grigorescu)
+
+2.3-600 | 2015-03-25 10:23:46 -0700
+
+  * Add defensive checks in code to calculate log rotation intervals.
+    (Pete Nelson).
+
+2.3-597 | 2015-03-23 12:50:04 -0700
+
+  * DTLS analyzer. (Johanna Amann)
+
+  * Implement correct parsing of TLS record fragmentation. (Johanna
+    Amann)
+
+2.3-582 | 2015-03-23 11:34:25 -0700
+
+  * BIT-1313: In debug builds, "bro -B <x>" now supports "all" and
+    "help" for "<x>". "all" enables all debug streams. "help" prints a
+    list of available debug streams. (John Donnelly/Robin Sommer).
+
+  * BIT-1324: Allow logging filters to inherit default path from
+    stream. This allows the path for the default filter to be
+    specified explicitly through $path="..." when creating a stream.
+    Adapted the existing Log::create_stream calls to explicitly
+    specify a path value. (Jon Siwek)
+
+  * BIT-1199: Change the way the input framework deals with values it
+    cannot convert into BroVals, raising error messages instead of
+    aborting execution. (Johanna Amann)
+
+  * BIT-788: Use DNS QR field to better identify flow direction. (Jon
+    Siwek)
+
+2.3-572 | 2015-03-23 13:04:53 -0500
+
+  * BIT-1226: Fix an example in quickstart docs. (Jon siwek)
+
+2.3-570 | 2015-03-23 09:51:20 -0500
+
+  * Correct a spelling error (Daniel Thayer)
+
+  * Improvement to SSL analyzer failure mode. (Johanna Amann)
+
+2.3-565 | 2015-03-20 16:27:41 -0500
+
+  * BIT-978: Improve documentation of 'for' loop iterator invalidation.
+    (Jon Siwek)
+
+2.3-564 | 2015-03-20 11:12:02 -0500
+
+  * BIT-725: Remove "unmatched_HTTP_reply" weird. (Jon Siwek)
+
+2.3-562 | 2015-03-20 10:31:02 -0500
+
+  * BIT-1207: Add unit test to catch breaking changes to local.bro
+    (Jon Siwek)
+
+  * Fix failing sqlite leak test (Johanna Amann)
+
+2.3-560 | 2015-03-19 13:17:39 -0500
+
+  * BIT-1255: Increase default values of
+    "tcp_max_above_hole_without_any_acks" and "tcp_max_initial_window"
+    from 4096 to 16384 bytes. (Jon Siwek)
+
+2.3-559 | 2015-03-19 12:14:33 -0500
+
+  * BIT-849: turn SMTP reporter warnings into weirds,
+    "smtp_nested_mail_transaction" and "smtp_unmatched_end_of_data".
+    (Jon Siwek)
+
+2.3-558 | 2015-03-18 22:50:55 -0400
+
+  * DNS: Log the type number for the DNS_RR_unknown_type weird. (Vlad Grigorescu)
+
+2.3-555 | 2015-03-17 15:57:13 -0700
+
+  * Splitting test-all Makefile target into Bro tests and test-aux.
+    (Robin Sommer)
+
+2.3-554 | 2015-03-17 15:40:39 -0700
+
+  * Deprecate &rotate_interval, &rotate_size, &encrypt. Addresses
+    BIT-1305. (Jon Siwek)
+
+2.3-549 | 2015-03-17 09:12:18 -0700
+
+  * BIT-1077: Fix HTTP::log_server_header_names. Before, it just
+    re-logged fields from the client side. (Jon Siwek)
+
+2.3-547 | 2015-03-17 09:07:51 -0700
+
+  * Update certificate validation script to cache valid intermediate
+    chains that it encounters on the wire and use those to try to
+    validate chains that might be missing intermediate certificates.
+    (Johanna Amann)
+
+2.3-541 | 2015-03-13 15:44:08 -0500
+
+  * Make INSTALL a symlink to doc/install/install.rst (Jon siwek)
+
+  * Fix Broxygen coverage. (Jon Siwek)
+
+2.3-539 | 2015-03-13 14:19:27 -0500
+
+  * BIT-1335: Include timestamp in default extracted file names.
+    And add a policy script to extract all files. (Jon Siwek)
+
+  * BIT-1311: Identify GRE tunnels as Tunnel::GRE, not Tunnel::IP.
+    (Jon Siwek)
+
+  * BIT-1309: Add Connection class getter methods for flow labels.
+    (Jon Siwek)
+
+2.3-536 | 2015-03-12 16:16:24 -0500
+
+  * Fix Broker leak tests. (Jon Siwek)
+
+2.3-534 | 2015-03-12 10:59:49 -0500
+
+  * Update NEWS file. (Jon Siwek)
+
+2.3-533 | 2015-03-12 10:18:53 -0500
+
+  * Give broker python bindings default install path within --prefix.
+    (Jon Siwek)
+
+2.3-530 | 2015-03-10 13:22:39 -0500
+
+  * Fix broker data stores in absence of --enable-debug. (Jon Siwek)
+
+2.3-529 | 2015-03-09 13:14:27 -0500
+
+  * Fix format specifier in SSL protocol violation. (Jon Siwek)
+
+2.3-526 | 2015-03-06 12:48:49 -0600
+
+  * Fix build warnings, clarify broker requirements, update submodule.
+    (Jon Siwek)
+
+  * Rename comm/ directories to broker/ (Jon Siwek)
+
+  * Rename broker-related namespaces. (Jon Siwek)
+
+  * Improve remote logging via broker by only sending fields w/ &log.
+    (Jon Siwek)
+
+  * Disable a stream's remote logging via broker if it fails. (Jon Siwek)
+
+  * Improve some broker communication unit tests. (Jon Siwek)
+
+2.3-518 | 2015-03-04 13:13:50 -0800
+
+  * Add bytes_recvd to stats.log recording the number of bytes
+    received, according to packet headers. (Mike Smiley)
+
+2.3-516 | 2015-03-04 12:30:06 -0800
+
+  * Extract most specific Common Name from SSL certificates (Johanna
+    Amann)
+
+  * Send CN and SAN fields of SSL certificates to the Intel framework.
+    (Johanna Amann)
+
+2.3-511 | 2015-03-02 18:07:17 -0800
+
+  * Changes to plugin meta hooks for function calls. (Gilbert Clark)
+
+        - Add frame argument.
+
+        - Change return value to tuple unambigiously whether hook
+          returned a result.
+
+2.3-493 | 2015-03-02 17:17:32 -0800
+
+  * Extend the SSL weak-keys policy file to also alert when
+    encountering SSL connections with old versions as well as unsafe
+    cipher suites. (Johanna Amann)
+
+  * Make the notice suppression handling of other SSL policy files a
+    tad more robust. (Johanna Amann)
+
+2.3-491 | 2015-03-02 17:12:56 -0800
+
+  * Updating docs for recent addition of local_resp. (Robin Sommer)
+
+2.3-489 | 2015-03-02 15:29:30 -0800
+
+  * Integrate Broker, Bro's new communication library. (Jon Siwek)
+
+    See aux/broker/README for more information on Broker, and
+    doc/frameworks/comm.rst for the corresponding Bro script API.
+
+    Broker support is by default off for now; it can be enabled at
+    configure time with --enable-broker. It requires CAF
+    (https://github.com/actor-framework/actor-framework); for now iot
+    needs CAF's "develop" branch. Broker also requires a C++11
+    compiler.
+
+    Broker will become a mandatory dependency in future Bro versions.
+
+  * Add --enable-c++11 configure flag to compile Bro's source code in
+    C++11 mode with a corresponding compiler. (Jon Siwek)
+
 2.3-451 | 2015-02-24 16:37:08 -0800
 
   * Updating submodule(s).
@@ -245,7 +842,7 @@
 
 2.3-328 | 2014-12-02 08:13:10 -0500
 
-  * Update windows-version-detection.bro to add support for 
+  * Update windows-version-detection.bro to add support for
     Windows 10. (Michal Purzynski)
 
 2.3-326 | 2014-12-01 12:10:27 -0600
@@ -315,7 +912,7 @@
 
 2.3-280 | 2014-11-05 09:46:33 -0500
 
-  * Add Windows detection based on CryptoAPI HTTP traffic as a 
+  * Add Windows detection based on CryptoAPI HTTP traffic as a
     software framework policy script. (Vlad Grigorescu)
 
 2.3-278 | 2014-11-03 18:55:18 -0800
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 04ac197f74..2b1e060f77 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,7 +113,7 @@ if (NOT DISABLE_PERFTOOLS)
    find_package(GooglePerftools)
 endif ()
 
-if (GOOGLEPERFTOOLS_FOUND)
+if (GOOGLEPERFTOOLS_FOUND OR TCMALLOC_FOUND)
     set(HAVE_PERFTOOLS true)
     # Non-Linux systems may not be well-supported by gperftools, so
     # require explicit request from user to enable it in that case.
@@ -177,6 +177,17 @@ include_directories(${CMAKE_CURRENT_BINARY_DIR})
 ########################################################################
 ## Recurse on sub-directories
 
+if ( ENABLE_CXX11 )
+    include(RequireCXX11)
+endif ()
+
+if ( ENABLE_BROKER )
+    add_subdirectory(aux/broker)
+    set(brodeps ${brodeps} broker)
+    add_definitions(-DENABLE_BROKER)
+    include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/aux/broker)
+endif ()
+
 add_subdirectory(src)
 add_subdirectory(scripts)
 add_subdirectory(doc)
@@ -224,6 +235,7 @@ message(
     "\nCXXFLAGS:          ${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS_${BuildType}}"
     "\nCPP:               ${CMAKE_CXX_COMPILER}"
     "\n"
+    "\nBroker:            ${ENABLE_BROKER}"
     "\nBroccoli:          ${INSTALL_BROCCOLI}"
     "\nBroctl:            ${INSTALL_BROCTL}"
     "\nAux. Tools:        ${INSTALL_AUX_TOOLS}"
diff --git a/INSTALL b/INSTALL
deleted file mode 100644
index 385dac93df..0000000000
--- a/INSTALL
+++ /dev/null
@@ -1,3 +0,0 @@
-
-See doc/install/install.rst for installation instructions.
-
diff --git a/INSTALL b/INSTALL
new file mode 120000
index 0000000000..95fcc60eda
--- /dev/null
+++ b/INSTALL
@@ -0,0 +1 @@
+doc/install/install.rst
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 207ce72780..3efddc4dbc 100644
--- a/Makefile
+++ b/Makefile
@@ -51,13 +51,15 @@ distclean:
 	$(MAKE) -C testing $@
 
 test:
-	@( cd testing && make )
+	-@( cd testing && make )
 
-test-all: test
-	test -d aux/broctl && ( cd aux/broctl && make test-all )
-	test -d aux/btest  && ( cd aux/btest && make test )
-	test -d aux/bro-aux && ( cd aux/bro-aux && make test )
-	test -d aux/plugins && ( cd aux/plugins && make test-all )
+test-aux:
+	-test -d aux/broctl && ( cd aux/broctl && make test-all )
+	-test -d aux/btest  && ( cd aux/btest && make test )
+	-test -d aux/bro-aux && ( cd aux/bro-aux && make test )
+	-test -d aux/plugins && ( cd aux/plugins && make test-all )
+
+test-all: test test-aux
 
 configured:
 	@test -d $(BUILD) || ( echo "Error: No build/ directory found. Did you run configure?" && exit 1 )
diff --git a/NEWS b/NEWS
index 8af6c38201..54deaf1e25 100644
--- a/NEWS
+++ b/NEWS
@@ -7,29 +7,57 @@ their own ``CHANGES``.)
 Bro 2.4 (in progress)
 =====================
 
-Dependencies
-------------
-
 New Functionality
 -----------------
 
 - Bro now has support for external plugins that can extend its core
   functionality, like protocol/file analysis, via shared libraries.
   Plugins can be developed and distributed externally, and will be
-  pulled in dynamically at startup. Currently, a plugin can provide
-  custom protocol analyzers, file analyzers, log writers[TODO], input
-  readers[TODO], packet sources[TODO], and new built-in functions. A
-  plugin can furthermore hook into Bro's processing a number of places
-  to add custom logic.
+  pulled in dynamically at startup (the environment variables
+  BRO_PLUGIN_PATH and BRO_PLUGIN_ACTIVATE can be used to specify the
+  locations and names of plugins to activate). Currently, a plugin
+  can provide custom protocol analyzers, file analyzers, log writers,
+  input readers, packet sources and dumpers, and new built-in functions.
+  A plugin can furthermore hook into Bro's processing at a number of
+  places to add custom logic.
 
   See https://www.bro.org/sphinx-git/devel/plugins.html for more
   information on writing plugins.
 
-- Bro now has supoprt for the MySQL wire protocol. Activity gets
+- Bro now has support for the MySQL wire protocol. Activity gets
   logged into mysql.log.
 
+- Bro now parses DTLS traffic. Activity gets logged into ssl.log.
+
+- Bro now has support for the Kerberos KRB5 protocol over TCP and
+  UDP. Activity gets logged into kerberos.log.
+
+- Bro now has an RDP analyzer. Activity gets logged into rdp.log.
+
+- Bro now has a file analyzer for Portable Executables. Activity gets
+  logged into pe.log.
+
+- Bro now has support for the SIP protocol over UDP. Activity gets
+  logged into sip.log.
+
+- Bro now features a completely rewritten, enhanced SSH analyzer.  The
+  new analyzer is able to determine if logins failed or succeeded in
+  most circumstances, logs a lot more more information about SSH
+  sessions, supports v1, and introduces the intelligence type
+  ``Intel::PUBKEY_HASH`` and location ``SSH::IN_SERVER_HOST_KEY``. The
+  analayzer also generates a set of additional events
+  (``ssh_auth_successful``, ``ssh_auth_failed``, ``ssh_capabilities``,
+  ``ssh2_server_host_key``, ``ssh1_server_host_key``,
+  ``ssh_encrypted_packet``, ``ssh2_dh_server_params``,
+  ``ssh2_gss_error``, ``ssh2_ecc_key``). See next section for
+  incompatible SSH changes.
+
 - Bro's file analysis now supports reassembly of files that are not
-  transferred/seen sequentially.
+  transferred/seen sequentially.  The default file reassembly buffer
+  size is set with the ``Files::reassembly_buffer_size`` variable.
+
+- Bro's file type identification has been greatly improved (new file types,
+  bug fixes, and performance improvements).
 
 - Bro's scripting language now has a ``while`` statement::
 
@@ -39,6 +67,70 @@ New Functionality
   ``next`` and ``break`` can be used inside the loop's body just like
   with ``for`` loops.
 
+- Bro now integrates Broker, a new communication library. See
+  aux/broker/README for more information on Broker, and
+  doc/frameworks/broker.rst for the corresponding Bro script API.
+
+  With Broker, Bro has the similar capabilities of exchanging events and
+  logs with remote peers (either another Bro process or some other
+  application that uses Broker).  It also includes a key-value store
+  API that can be used to share state between peers and optionally
+  allow data to persist on disk for longer-term storage.
+
+  Broker support is by default off for now; it can be enabled at
+  configure time with --enable-broker. It requires CAF version 0.13+
+  (https://github.com/actor-framework/actor-framework) as well as a
+  C++11 compiler (e.g. GCC 4.8+ or Clang 3.3+).
+
+  Broker will become a mandatory dependency in future Bro versions and
+  replace the current communication and serialization system.
+
+- Add --enable-c++11 configure flag to compile Bro's source code in
+  C++11 mode with a corresponding compiler. Note that 2.4 will be the
+  last version of Bro that compiles without C++11 support.
+
+- The SSL analysis now alerts when encountering SSL connections with
+  old protocol versions or unsafe cipher suites. It also gained
+  extended reporting of weak keys, caching of already validated
+  certificates, and full support for TLS record defragmentation. SSL generally
+  became much more robust and added several fields to ssl.log (while
+  removing some others).
+
+- A new icmp_sent_payload event provides access to ICMP payload.
+
+- The input framework's raw reader now supports seeking by adding an
+  option "offset" to the config map. Positive offsets are interpreted
+  to be from the beginning of the file, negative from the end of the
+  file (-1 is end of file).
+
+- One can now raise events when a connection crosses a given size
+  threshold in terms of packets or bytes. The primary API for that
+  functionality is in base/protocols/conn/thresholds.bro.
+
+- There is a new command-line option -Q/--time that prints Bro's execution
+  time and memory usage to stderr.
+
+- BroControl now has a new command "deploy" which is equivalent to running
+  the "check", "install", "stop", and "start" commands (in that order).
+
+- BroControl now has a new option "StatusCmdShowAll" that controls whether
+  or not the broctl "status" command gathers all of the status information.
+  This option can be used to make the "status" command run significantly
+  faster (in this case, the "Peers" column will not be shown in the output).
+
+- BroControl now has a new option "StatsLogEnable" that controls whether
+  or not broctl will record information to the "stats.log" file.  This option
+  can be used to make the "broctl cron" command run slightly faster (in this
+  case, "broctl cron" will also no longer send email about not seeing any
+  packets on the monitoring interfaces).
+
+- BroControl now has a new option "MailHostUpDown" which controls whether or
+  not the "broctl cron" command will send email when it notices that a host
+  in the cluster is up or down.
+
+- BroControl now has a new option "CommandTimeout" which specifies the number
+  of seconds to wait for a command that broctl ran to return results.
+
 Changed Functionality
 ---------------------
 
@@ -47,9 +139,17 @@ Changed Functionality
 - File analysis
 
     * Removed ``fa_file`` record's ``mime_type`` and ``mime_types``
-      fields.  The events ``file_mime_type`` and ``file_mime_types``
-      have been added which contain the same information.  The
-      ``mime_type`` field of ``Files::Info`` also still has this info.
+      fields.  The event ``file_sniff`` has been added which provides
+      the same information.  The ``mime_type`` field of ``Files::Info``
+      also still has this info.
+
+    * The earliest point that new mime type information is available is
+      in the ``file_sniff`` event which comes after the ``file_new`` and
+      ``file_over_new_connection`` events.  Scripts which inspected mime
+      type info within those events will need to be adapted.  (Note: for
+      users that worked w/ versions of Bro from git, for a while there was
+      also an event called ``file_mime_type`` which is now replaced with
+      the ``file_sniff`` event).
 
     * Removed ``Files::add_analyzers_for_mime_type`` function.
 
@@ -58,15 +158,83 @@ Changed Functionality
       reassembly for non-sequential files, "offset" can be obtained
       with other information already available -- adding together
       ``seen_bytes`` and ``missed_bytes`` fields of the ``fa_file``
-      record gives the how many bytes have been written so far (i.e.
+      record gives how many bytes have been written so far (i.e.
       the "offset").
 
-- has_valid_octets: now uses a string_vec parameter instead of
+- The SSH changes come with a few incompatibilities. The following
+  events have been renamed:
+
+    * ``SSH::heuristic_failed_login`` to ``SSH::ssh_auth_failed``
+    * ``SSH::heuristic_successful_login`` to ``SSH::ssh_auth_successful``
+
+  The ``SSH::Info`` status field has been removed and replaced with
+  the ``auth_success`` field.  This field has been changed from a
+  string that was previously ``success``, ``failure`` or
+  ``undetermined`` to a boolean. a boolean that is ``T``, ``F``, or
+  unset.
+
+- The has_valid_octets function now uses a string_vec parameter instead of
   string_array.
 
 - conn.log gained a new field local_resp that works like local_orig,
   just for the responder address of the connection.
 
+- GRE tunnels are now identified as ``Tunnel::GRE`` instead of
+  ``Tunnel::IP``.
+
+- The default name for extracted files changed from extract-protocol-id
+  to extract-timestamp-protocol-id.
+
+- The weird named "unmatched_HTTP_reply" has been removed since it can
+  be detected at the script-layer and is handled correctly by the
+  default HTTP scripts.
+
+- When adding a logging filter to a stream, the filter can now inherit
+  a default ``path`` field from the associated ``Log::Stream`` record.
+
+- When adding a logging filter to a stream, the
+  ``Log::default_path_func`` is now only automatically added to the
+  filter if it has neither a ``path`` nor a ``path_func`` already
+  explicitly set.  Before, the default path function would always be set
+  for all filters which didn't specify their own ``path_func``.
+
+- BroControl now establishes only one ssh connection from the manager to
+  each remote host in a cluster configuration (previously, there would be
+  one ssh connection per remote Bro process).
+
+- BroControl now uses SQLite to record state information instead of a
+  plain text file (the file "spool/broctl.dat" is no longer used).
+  On FreeBSD, this means that there is a new dependency on the package
+  "py27-sqlite3".
+
+- BroControl now records the expected running state of each Bro node right
+  before each start or stop.  The "broctl cron" command uses this info to
+  either start or stop Bro nodes as needed so that the actual state matches
+  the expected state (previously, "broctl cron" could only start nodes in
+  the "crashed" state, and could never stop a node).
+
+- BroControl now sends all normal command output (i.e., not error messages)
+  to stdout.  Error messages are still sent to stderr, however.
+
+- The capability of processing NetFlow input has been removed for the
+  time being.  Therefore, the -y/--flowfile and -Y/--netflow command-line
+  options have been removed, and the netflow_v5_header and netflow_v5_record
+  events have been removed.
+
+- The -D/--dfa-size command-line option has been removed.
+
+- The -L/--rule-benchmark command-line option has been removed.
+
+- The -O/--optimize command-line option has been removed.
+
+- The deprecated fields "hot" and "addl" have been removed from the
+  connection record. Likewise, the functions append_addl() and
+  append_addl_marker() have been removed.
+
+- Log files now escape non-printable characters consistently as "\xXX'.
+  Furthermore, backslashes are escaped as "\\", making the
+  representation fully reversible.
+
 Deprecated Functionality
 ------------------------
 
@@ -76,7 +244,7 @@ Deprecated Functionality
   concatenation/extraction functions. Note that the new functions use
   0-based indexing, rather than 1-based.
 
-  The full list of now deprecation functions is:
+  The full list of now deprecated functions is:
 
     * split: use split_string instead.
 
diff --git a/VERSION b/VERSION
index a8a700226f..0a8901319c 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.3-451
+2.4-beta
diff --git a/aux/binpac b/aux/binpac
index 33cb1f8e6b..4f33233aef 160000
--- a/aux/binpac
+++ b/aux/binpac
@@ -1 +1 @@
-Subproject commit 33cb1f8e6bf2e33c2773e86b157e1f343ee85dc6
+Subproject commit 4f33233aef5539ae4f12c6d0e4338247833c3900
diff --git a/aux/bro-aux b/aux/bro-aux
index c9d340847c..a2d290a832 160000
--- a/aux/bro-aux
+++ b/aux/bro-aux
@@ -1 +1 @@
-Subproject commit c9d340847c668590a450f1881e6e3d763abe1138
+Subproject commit a2d290a832c35ad11f3fabb19812bcae2ff089cd
diff --git a/aux/broccoli b/aux/broccoli
index 1d55a0a84c..74bb4bbd94 160000
--- a/aux/broccoli
+++ b/aux/broccoli
@@ -1 +1 @@
-Subproject commit 1d55a0a84c5b1d0aa1727829300b388c92f92daa
+Subproject commit 74bb4bbd949e61e099178f8a97499d3f1355de8b
diff --git a/aux/broctl b/aux/broctl
index 76f99ea52c..97c17d2172 160000
--- a/aux/broctl
+++ b/aux/broctl
@@ -1 +1 @@
-Subproject commit 76f99ea52c3e021cade3d03eda7865d4f4d1793e
+Subproject commit 97c17d21725e42b36f4b49579077ecdc28ddb86a
diff --git a/aux/broker b/aux/broker
new file mode 160000
index 0000000000..8fc6938017
--- /dev/null
+++ b/aux/broker
@@ -0,0 +1 @@
+Subproject commit 8fc6938017dc15acfb26fa29e6ad0933019781c5
diff --git a/aux/btest b/aux/btest
index 93d4989ed1..80b42ee3e4 160000
--- a/aux/btest
+++ b/aux/btest
@@ -1 +1 @@
-Subproject commit 93d4989ed1537e4d143cf09d44077159f869a4b2
+Subproject commit 80b42ee3e4503783b6720855b28e83ff1658c22b
diff --git a/aux/plugins b/aux/plugins
index 71d820e9d8..e1ea9f67cf 160000
--- a/aux/plugins
+++ b/aux/plugins
@@ -1 +1 @@
-Subproject commit 71d820e9d8ca753fea8fb34ea3987993b28d79e4
+Subproject commit e1ea9f67cfe3d6a81e0c1479ced0b9aa73e77c87
diff --git a/cmake b/cmake
index ff08be5aa1..6406fb79d3 160000
--- a/cmake
+++ b/cmake
@@ -1 +1 @@
-Subproject commit ff08be5aa1b8eaadbe2775cbc11b499c5f93349e
+Subproject commit 6406fb79d30df8d7956110ce65a97d18e4bc8c3b
diff --git a/configure b/configure
index 2b1c568b26..b139ee2bec 100755
--- a/configure
+++ b/configure
@@ -41,6 +41,9 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
     --enable-perftools-debug use Google's perftools for debugging
     --enable-jemalloc      link against jemalloc
     --enable-ruby          build ruby bindings for broccoli (deprecated)
+    --enable-c++11         build using the C++11 standard
+    --enable-broker        enable use of the Broker communication library
+                           (requires C++ Actor Framework and C++11)
     --disable-broccoli     don't build or install the Broccoli library
     --disable-broctl       don't install Broctl
     --disable-auxtools     don't build or install auxiliary tools
@@ -55,6 +58,8 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
     --with-flex=PATH       path to flex executable
     --with-bison=PATH      path to bison executable
     --with-perl=PATH       path to perl executable
+    --with-libcaf=PATH     path to C++ Actor Framework installation
+                           (a required Broker dependency)
 
   Optional Packages in Non-Standard Locations:
     --with-geoip=PATH      path to the libGeoIP install root
@@ -67,6 +72,8 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
     --with-ruby-lib=PATH   path to ruby library
     --with-ruby-inc=PATH   path to ruby headers
     --with-swig=PATH       path to SWIG executable
+    --with-rocksdb=PATH    path to RocksDB installation
+                           (an optional Broker dependency)
 
   Packaging Options (for developers):
     --binary-package       toggle special logic for binary packaging
@@ -142,6 +149,10 @@ while [ $# -ne 0 ]; do
             append_cache_entry CMAKE_INSTALL_PREFIX PATH   $optarg
             append_cache_entry BRO_ROOT_DIR         PATH   $optarg
             append_cache_entry PY_MOD_INSTALL_DIR   PATH   $optarg/lib/broctl
+
+            if [ -n "$user_enabled_broker" ]; then
+                append_cache_entry BROKER_PYTHON_HOME   PATH   $prefix
+            fi
             ;;
         --scriptdir=*)
             append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $optarg
@@ -176,6 +187,15 @@ while [ $# -ne 0 ]; do
         --enable-jemalloc)
             append_cache_entry ENABLE_JEMALLOC     BOOL   true
             ;;
+        --enable-c++11)
+            append_cache_entry ENABLE_CXX11         BOOL   true
+            ;;
+        --enable-broker)
+            append_cache_entry ENABLE_CXX11         BOOL   true
+            append_cache_entry ENABLE_BROKER        BOOL   true
+            append_cache_entry BROKER_PYTHON_HOME   PATH   $prefix
+            user_enabled_broker="true"
+            ;;
         --disable-broccoli)
             append_cache_entry INSTALL_BROCCOLI     BOOL   false
             ;;
@@ -248,6 +268,12 @@ while [ $# -ne 0 ]; do
         --with-swig=*)
             append_cache_entry SWIG_EXECUTABLE      PATH    $optarg
             ;;
+        --with-libcaf=*)
+            append_cache_entry LIBCAF_ROOT_DIR      PATH   $optarg
+            ;;
+        --with-rocksdb=*)
+            append_cache_entry ROCKSDB_ROOT_DIR     PATH   $optarg
+            ;;
         --binary-package)
             append_cache_entry BINARY_PACKAGING_MODE BOOL true
             ;;
diff --git a/doc/components/broker/README.rst b/doc/components/broker/README.rst
new file mode 120000
index 0000000000..eafa3b8e77
--- /dev/null
+++ b/doc/components/broker/README.rst
@@ -0,0 +1 @@
+../../../aux/broker/README
\ No newline at end of file
diff --git a/doc/components/broker/broker-manual.rst b/doc/components/broker/broker-manual.rst
new file mode 120000
index 0000000000..90bf8f0833
--- /dev/null
+++ b/doc/components/broker/broker-manual.rst
@@ -0,0 +1 @@
+../../../aux/broker/broker-manual.rst
\ No newline at end of file
diff --git a/doc/components/index.rst b/doc/components/index.rst
index fe05f13683..c1feda4a61 100644
--- a/doc/components/index.rst
+++ b/doc/components/index.rst
@@ -17,6 +17,8 @@ current, independent component releases.
    Broccoli - User Manual <broccoli/broccoli-manual>
    Broccoli Python Bindings <broccoli-python/README>
    Broccoli Ruby Bindings <broccoli-ruby/README>
+   Broker - Bro's (New) Messaging Library (README) <broker/README>
+   Broker - User Manual <broker/broker-manual.rst>
    BroControl - Interactive Bro management shell <broctl/README>
    Bro-Aux - Small auxiliary tools for Bro <bro-aux/README>
    BTest - A unit testing framework <btest/README>
diff --git a/doc/devel/plugins.rst b/doc/devel/plugins.rst
index 5e488cfe01..5c963a1552 100644
--- a/doc/devel/plugins.rst
+++ b/doc/devel/plugins.rst
@@ -245,13 +245,26 @@ VERSION). You can find a full list of files installed in
 copies over the binary tarball in ``build/dist``. 
 
 ``init-plugin`` will never overwrite existing files. If its target
-directory already exists, it will be default decline to do anything.
+directory already exists, it will by default decline to do anything.
 You can run it with ``-u`` instead to update an existing plugin,
 however it will never overwrite any existing files; it will only put
 in place files it doesn't find yet. To revert a file back to what
 ``init-plugin`` created originally, delete it first and then rerun
 with ``-u``.
 
+``init-plugin`` puts a ``configure`` script in place that wraps
+``cmake`` with a more familiar configure-style configuration. By
+default, the script provides two options for specifying paths to the
+Bro source (``--bro-dist``) and to the plugin's installation directory
+(``--install-root``). To extend ``configure`` with plugin-specific
+options (such as search paths for its dependencies) don't edit the
+script directly but instead extend ``configure.plugin``, which
+``configure`` includes. That way you will be able to more easily
+update ``configure`` in the future when the distribution version
+changes. In ``configure.plugin`` you can use the predefined shell
+function ``append_cache_entry`` to seed values into the CMake cache;
+see the installed skeleton version and existing plugins for examples.
+
 Activating a Plugin
 ===================
 
diff --git a/doc/frameworks/broker.rst b/doc/frameworks/broker.rst
new file mode 100644
index 0000000000..3cd8dab6e3
--- /dev/null
+++ b/doc/frameworks/broker.rst
@@ -0,0 +1,202 @@
+
+.. _brokercomm-framework:
+
+======================================
+Broker-Enabled Communication Framework
+======================================
+
+.. rst-class:: opening
+
+    Bro can now use the `Broker Library
+    <../components/broker/README.html>`_ to exchange information with
+    other Bro processes.  To enable it run Bro's ``configure`` script
+    with the ``--enable-broker`` option.  Note that a C++11 compatible
+    compiler (e.g. GCC 4.8+ or Clang 3.3+) is required as well as the
+    `C++ Actor Framework <http://actor-framework.org/>`_.
+
+.. contents::
+
+Connecting to Peers
+===================
+
+Communication via Broker must first be turned on via
+:bro:see:`BrokerComm::enable`.
+
+Bro can accept incoming connections by calling :bro:see:`BrokerComm::listen`
+and then monitor connection status updates via
+:bro:see:`BrokerComm::incoming_connection_established` and
+:bro:see:`BrokerComm::incoming_connection_broken`.
+
+.. btest-include:: ${DOC_ROOT}/frameworks/broker/connecting-listener.bro
+
+Bro can initiate outgoing connections by calling :bro:see:`BrokerComm::connect`
+and then monitor connection status updates via
+:bro:see:`BrokerComm::outgoing_connection_established`,
+:bro:see:`BrokerComm::outgoing_connection_broken`, and
+:bro:see:`BrokerComm::outgoing_connection_incompatible`.
+
+.. btest-include:: ${DOC_ROOT}/frameworks/broker/connecting-connector.bro
+
+Remote Printing
+===============
+
+To receive remote print messages, first use
+:bro:see:`BrokerComm::subscribe_to_prints` to advertise to peers a topic
+prefix of interest and then create an event handler for
+:bro:see:`BrokerComm::print_handler` to handle any print messages that are
+received.
+
+.. btest-include:: ${DOC_ROOT}/frameworks/broker/printing-listener.bro
+
+To send remote print messages, just call :bro:see:`BrokerComm::print`.
+
+.. btest-include:: ${DOC_ROOT}/frameworks/broker/printing-connector.bro
+
+Notice that the subscriber only used the prefix "bro/print/", but is
+able to receive messages with full topics of "bro/print/hi",
+"bro/print/stuff", and "bro/print/bye".  The model here is that the
+publisher of a message checks for all subscribers who advertised
+interest in a prefix of that message's topic and sends it to them.
+
+Message Format
+--------------
+
+For other applications that want to exchange print messages with Bro,
+the Broker message format is simply:
+
+.. code:: c++
+
+    broker::message{std::string{}};
+
+Remote Events
+=============
+
+Receiving remote events is similar to remote prints.  Just use
+:bro:see:`BrokerComm::subscribe_to_events` and possibly define any new events
+along with handlers that peers may want to send.
+
+.. btest-include:: ${DOC_ROOT}/frameworks/broker/events-listener.bro
+
+To send events, there are two choices.  The first is to use call
+:bro:see:`BrokerComm::event` directly.  The second option is to use
+:bro:see:`BrokerComm::auto_event` to make it so a particular event is
+automatically sent to peers whenever it is called locally via the normal
+event invocation syntax.
+
+.. btest-include:: ${DOC_ROOT}/frameworks/broker/events-connector.bro
+
+Again, the subscription model is prefix-based.
+
+Message Format
+--------------
+
+For other applications that want to exchange event messages with Bro,
+the Broker message format is:
+
+.. code:: c++
+
+    broker::message{std::string{}, ...};
+
+The first parameter is the name of the event and the remaining ``...``
+are its arguments, which are any of the support Broker data types as
+they correspond to the Bro types for the event named in the first
+parameter of the message.
+
+Remote Logging
+==============
+
+.. btest-include:: ${DOC_ROOT}/frameworks/broker/testlog.bro
+
+Use :bro:see:`BrokerComm::subscribe_to_logs` to advertise interest in logs
+written by peers.  The topic names that Bro uses are implicitly of the
+form "bro/log/<stream-name>".
+
+.. btest-include:: ${DOC_ROOT}/frameworks/broker/logs-listener.bro
+
+To send remote logs either use :bro:see:`Log::enable_remote_logging` or
+:bro:see:`BrokerComm::enable_remote_logs`.  The former allows any log stream
+to be sent to peers while the later toggles remote logging for
+particular streams.
+
+.. btest-include:: ${DOC_ROOT}/frameworks/broker/logs-connector.bro
+
+Message Format
+--------------
+
+For other applications that want to exchange logs messages with Bro,
+the Broker message format is:
+
+.. code:: c++
+
+    broker::message{broker::enum_value{}, broker::record{}};
+
+The enum value corresponds to the stream's :bro:see:`Log::ID` value, and
+the record corresponds to a single entry of that log's columns record,
+in this case a ``Test::INFO`` value.
+
+Tuning Access Control
+=====================
+
+By default, endpoints do not restrict the message topics that it sends
+to peers and do not restrict what message topics and data store
+identifiers get advertised to peers.  These are the default
+:bro:see:`BrokerComm::EndpointFlags` supplied to :bro:see:`BrokerComm::enable`.
+
+If not using the ``auto_publish`` flag, one can use the
+:bro:see:`BrokerComm::publish_topic` and :bro:see:`BrokerComm::unpublish_topic`
+functions to manipulate the set of message topics (must match exactly)
+that are allowed to be sent to peer endpoints.  These settings take
+precedence over the per-message ``peers`` flag supplied to functions
+that take a :bro:see:`BrokerComm::SendFlags` such as :bro:see:`BrokerComm::print`,
+:bro:see:`BrokerComm::event`, :bro:see:`BrokerComm::auto_event` or
+:bro:see:`BrokerComm::enable_remote_logs`.
+
+If not using the ``auto_advertise`` flag, one can use the
+:bro:see:`BrokerComm::advertise_topic` and :bro:see:`BrokerComm::unadvertise_topic`
+to manupulate the set of topic prefixes that are allowed to be
+advertised to peers.  If an endpoint does not advertise a topic prefix,
+the only way a peers can send messages to it is via the ``unsolicited``
+flag of :bro:see:`BrokerComm::SendFlags`  and choosing a topic with a matching
+prefix (i.e. full topic may be longer than receivers prefix, just the
+prefix needs to match).
+
+Distributed Data Stores
+=======================
+
+There are three flavors of key-value data store interfaces: master,
+clone, and frontend.
+
+A frontend is the common interface to query and modify data stores.
+That is, a clone is a specific type of frontend and a master is also a
+specific type of frontend, but a standalone frontend can also exist to
+e.g. query and modify the contents of a remote master store without
+actually "owning" any of the contents itself.
+
+A master data store can be be cloned from remote peers which may then
+perform lightweight, local queries against the clone, which
+automatically stays synchronized with the master store.  Clones cannot
+modify their content directly, instead they send modifications to the
+centralized master store which applies them and then broadcasts them to
+all clones.
+
+Master and clone stores get to choose what type of storage backend to
+use.  E.g. In-memory versus SQLite for persistence.  Note that if clones
+are used, data store sizes should still be able to fit within memory
+regardless of the storage backend as a single snapshot of the master
+store is sent in a single chunk to initialize the clone.
+
+Data stores also support expiration on a per-key basis either using an
+absolute point in time or a relative amount of time since the entry's
+last modification time.
+
+.. btest-include:: ${DOC_ROOT}/frameworks/broker/stores-listener.bro
+
+.. btest-include:: ${DOC_ROOT}/frameworks/broker/stores-connector.bro
+
+In the above example, if a local copy of the store contents isn't
+needed, just replace the :bro:see:`BrokerStore::create_clone` call with
+:bro:see:`BrokerStore::create_frontend`.  Queries will then be made against
+the remote master store instead of the local clone.
+
+Note that all queries are made within Bro's asynchrounous ``when``
+statements and must specify a timeout block.
diff --git a/doc/frameworks/broker/connecting-connector.bro b/doc/frameworks/broker/connecting-connector.bro
new file mode 100644
index 0000000000..a7e621e4a6
--- /dev/null
+++ b/doc/frameworks/broker/connecting-connector.bro
@@ -0,0 +1,19 @@
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "connector";
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::connect("127.0.0.1", broker_port, 1sec);
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established",
+		  peer_address, peer_port, peer_name;
+	terminate();
+	}
diff --git a/doc/frameworks/broker/connecting-listener.bro b/doc/frameworks/broker/connecting-listener.bro
new file mode 100644
index 0000000000..c37af3ae4d
--- /dev/null
+++ b/doc/frameworks/broker/connecting-listener.bro
@@ -0,0 +1,21 @@
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "listener";
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established", peer_name;
+	}
+
+event BrokerComm::incoming_connection_broken(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_broken", peer_name;
+	terminate();
+	}
diff --git a/doc/frameworks/broker/events-connector.bro b/doc/frameworks/broker/events-connector.bro
new file mode 100644
index 0000000000..1ad458c245
--- /dev/null
+++ b/doc/frameworks/broker/events-connector.bro
@@ -0,0 +1,31 @@
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "connector";
+global my_event: event(msg: string, c: count);
+global my_auto_event: event(msg: string, c: count);
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::connect("127.0.0.1", broker_port, 1sec);
+	BrokerComm::auto_event("bro/event/my_auto_event", my_auto_event);
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established",
+	      peer_address, peer_port, peer_name;
+	BrokerComm::event("bro/event/my_event", BrokerComm::event_args(my_event, "hi", 0));
+	event my_auto_event("stuff", 88);
+	BrokerComm::event("bro/event/my_event", BrokerComm::event_args(my_event, "...", 1));
+	event my_auto_event("more stuff", 51);
+	BrokerComm::event("bro/event/my_event", BrokerComm::event_args(my_event, "bye", 2));
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
diff --git a/doc/frameworks/broker/events-listener.bro b/doc/frameworks/broker/events-listener.bro
new file mode 100644
index 0000000000..aa6ea9ee4e
--- /dev/null
+++ b/doc/frameworks/broker/events-listener.bro
@@ -0,0 +1,37 @@
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "listener";
+global msg_count = 0;
+global my_event: event(msg: string, c: count);
+global my_auto_event: event(msg: string, c: count);
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_events("bro/event/");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established", peer_name;
+	}
+
+event my_event(msg: string, c: count)
+	{
+	++msg_count;
+	print "got my_event", msg, c;
+
+	if ( msg_count == 5 )
+		terminate();
+	}
+
+event my_auto_event(msg: string, c: count)
+	{
+	++msg_count;
+	print "got my_auto_event", msg, c;
+
+	if ( msg_count == 5 )
+		terminate();
+	}
diff --git a/doc/frameworks/broker/logs-connector.bro b/doc/frameworks/broker/logs-connector.bro
new file mode 100644
index 0000000000..6089419cab
--- /dev/null
+++ b/doc/frameworks/broker/logs-connector.bro
@@ -0,0 +1,40 @@
+@load ./testlog
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "connector";
+redef Log::enable_local_logging = F;
+redef Log::enable_remote_logging = F;
+global n = 0;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::enable_remote_logs(Test::LOG);
+	BrokerComm::connect("127.0.0.1", broker_port, 1sec);
+	}
+
+event do_write()
+	{
+	if ( n == 6 )
+		return;
+
+	Log::write(Test::LOG, [$msg = "ping", $num = n]);
+	++n;
+	event do_write();
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established",
+	      peer_address, peer_port, peer_name;
+	event do_write();
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
diff --git a/doc/frameworks/broker/logs-listener.bro b/doc/frameworks/broker/logs-listener.bro
new file mode 100644
index 0000000000..5c807f08b7
--- /dev/null
+++ b/doc/frameworks/broker/logs-listener.bro
@@ -0,0 +1,25 @@
+@load ./testlog
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "listener";
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_logs("bro/log/Test::LOG");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established", peer_name;
+	}
+
+event Test::log_test(rec: Test::Info)
+	{
+	print "wrote log", rec;
+
+	if ( rec$num == 5 )
+		terminate();
+	}
diff --git a/doc/frameworks/broker/printing-connector.bro b/doc/frameworks/broker/printing-connector.bro
new file mode 100644
index 0000000000..2a504ffba0
--- /dev/null
+++ b/doc/frameworks/broker/printing-connector.bro
@@ -0,0 +1,26 @@
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "connector";
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::connect("127.0.0.1", broker_port, 1sec);
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established",
+	      peer_address, peer_port, peer_name;
+	BrokerComm::print("bro/print/hi", "hello");
+	BrokerComm::print("bro/print/stuff", "...");
+	BrokerComm::print("bro/print/bye", "goodbye");
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
diff --git a/doc/frameworks/broker/printing-listener.bro b/doc/frameworks/broker/printing-listener.bro
new file mode 100644
index 0000000000..080d09e8f5
--- /dev/null
+++ b/doc/frameworks/broker/printing-listener.bro
@@ -0,0 +1,26 @@
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "listener";
+global msg_count = 0;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_prints("bro/print/");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established", peer_name;
+	}
+
+event BrokerComm::print_handler(msg: string)
+	{
+	++msg_count;
+	print "got print message", msg;
+
+	if ( msg_count == 3 )
+		terminate();
+	}
diff --git a/doc/frameworks/broker/stores-connector.bro b/doc/frameworks/broker/stores-connector.bro
new file mode 100644
index 0000000000..5db8657a68
--- /dev/null
+++ b/doc/frameworks/broker/stores-connector.bro
@@ -0,0 +1,53 @@
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+
+global h: opaque of BrokerStore::Handle;
+
+function dv(d: BrokerComm::Data): BrokerComm::DataVector
+	{
+	local rval: BrokerComm::DataVector;
+	rval[0] = d;
+	return rval;
+	}
+
+global ready: event();
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	local myset: set[string] = {"a", "b", "c"};
+	local myvec: vector of string = {"alpha", "beta", "gamma"};
+	h = BrokerStore::create_master("mystore");
+	BrokerStore::insert(h, BrokerComm::data("one"), BrokerComm::data(110));
+	BrokerStore::insert(h, BrokerComm::data("two"), BrokerComm::data(223));
+	BrokerStore::insert(h, BrokerComm::data("myset"), BrokerComm::data(myset));
+	BrokerStore::insert(h, BrokerComm::data("myvec"), BrokerComm::data(myvec));
+	BrokerStore::increment(h, BrokerComm::data("one"));
+	BrokerStore::decrement(h, BrokerComm::data("two"));
+	BrokerStore::add_to_set(h, BrokerComm::data("myset"), BrokerComm::data("d"));
+	BrokerStore::remove_from_set(h, BrokerComm::data("myset"), BrokerComm::data("b"));
+	BrokerStore::push_left(h, BrokerComm::data("myvec"), dv(BrokerComm::data("delta")));
+	BrokerStore::push_right(h, BrokerComm::data("myvec"), dv(BrokerComm::data("omega")));
+
+	when ( local res = BrokerStore::size(h) )
+		{
+		print "master size", res;
+		event ready();
+		}
+	timeout 10sec
+		{ print "timeout"; }
+	}
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::connect("127.0.0.1", broker_port, 1secs);
+	BrokerComm::auto_event("bro/event/ready", ready);
+	}
diff --git a/doc/frameworks/broker/stores-listener.bro b/doc/frameworks/broker/stores-listener.bro
new file mode 100644
index 0000000000..454e41a8c2
--- /dev/null
+++ b/doc/frameworks/broker/stores-listener.bro
@@ -0,0 +1,43 @@
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+
+global h: opaque of BrokerStore::Handle;
+global expected_key_count = 4;
+global key_count = 0;
+
+function do_lookup(key: string)
+	{
+	when ( local res = BrokerStore::lookup(h, BrokerComm::data(key)) )
+		{
+		++key_count;
+		print "lookup", key, res;
+
+		if ( key_count == expected_key_count )
+			terminate();
+		}
+	timeout 10sec
+		{ print "timeout", key; }
+	}
+
+event ready()
+	{
+	h = BrokerStore::create_clone("mystore");
+
+	when ( local res = BrokerStore::keys(h) )
+		{
+		print "clone keys", res;
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 0)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 1)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 2)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 3)));
+		}
+	timeout 10sec
+		{ print "timeout"; }
+	}
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_events("bro/event/ready");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
diff --git a/doc/frameworks/broker/testlog.bro b/doc/frameworks/broker/testlog.bro
new file mode 100644
index 0000000000..f63c19ac48
--- /dev/null
+++ b/doc/frameworks/broker/testlog.bro
@@ -0,0 +1,19 @@
+
+module Test;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Info: record {
+		msg: string &log;
+		num: count &log;
+	};
+
+	global log_test: event(rec: Test::Info);
+}
+
+event bro_init() &priority=5
+	{
+	BrokerComm::enable();
+	Log::create_stream(Test::LOG, [$columns=Test::Info, $ev=log_test, $path="test"]);
+	}
diff --git a/doc/frameworks/file_analysis_02.bro b/doc/frameworks/file_analysis_02.bro
index 141b11fca6..fd4f0e775e 100644
--- a/doc/frameworks/file_analysis_02.bro
+++ b/doc/frameworks/file_analysis_02.bro
@@ -1,7 +1,8 @@
-event file_mime_type(f: fa_file, mime_type: string)
+event file_sniff(f: fa_file, meta: fa_metadata)
     {
+	if ( ! meta?$mime_type ) return;
     print "new file", f$id;
-    if ( mime_type == "text/plain" )
+    if ( meta$mime_type == "text/plain" )
         Files::add_analyzer(f, Files::ANALYZER_MD5);
     }
 
diff --git a/doc/frameworks/index.rst b/doc/frameworks/index.rst
index f8c681d795..028f95af21 100644
--- a/doc/frameworks/index.rst
+++ b/doc/frameworks/index.rst
@@ -14,4 +14,4 @@ Frameworks
    notice
    signatures
    sumstats
-
+   broker
diff --git a/doc/frameworks/logging.rst b/doc/frameworks/logging.rst
index c64ab02489..765d7bed23 100644
--- a/doc/frameworks/logging.rst
+++ b/doc/frameworks/logging.rst
@@ -344,7 +344,7 @@ example for the ``Foo`` module:
     event bro_init() &priority=5
         {
         # Create the stream. This also adds a default filter automatically.
-        Log::create_stream(Foo::LOG, [$columns=Info, $ev=log_foo]);
+        Log::create_stream(Foo::LOG, [$columns=Info, $ev=log_foo, $path="foo"]);
         }
 
 You can also add the state to the :bro:type:`connection` record to make
diff --git a/doc/frameworks/notice.rst b/doc/frameworks/notice.rst
index d8197c13af..eacf9c917f 100644
--- a/doc/frameworks/notice.rst
+++ b/doc/frameworks/notice.rst
@@ -88,15 +88,15 @@ directly make modifications to the :bro:see:`Notice::Info` record
 given as the argument to the hook.
 
 Here's a simple example which tells Bro to send an email for all notices of
-type :bro:see:`SSH::Password_Guessing` if the server is 10.0.0.1:
+type :bro:see:`SSH::Password_Guessing` if the guesser attempted to log in to
+the server at 192.168.56.103:
 
-.. code:: bro
+.. btest-include:: ${DOC_ROOT}/frameworks/notice_ssh_guesser.bro
 
-    hook Notice::policy(n: Notice::Info)
-      {
-      if ( n$note == SSH::Password_Guessing && n$id$resp_h == 10.0.0.1 )
-        add n$actions[Notice::ACTION_EMAIL];
-      }
+.. btest:: notice_ssh_guesser.bro
+
+    @TEST-EXEC: btest-rst-cmd bro -C -r ${TRACES}/ssh/sshguess.pcap ${DOC_ROOT}/frameworks/notice_ssh_guesser.bro
+    @TEST-EXEC: btest-rst-cmd cat notice.log
 
 .. note::
 
@@ -111,10 +111,9 @@ a hook body to run before default hook bodies might look like this:
 .. code:: bro
 
     hook Notice::policy(n: Notice::Info) &priority=5
-      {
-      if ( n$note == SSH::Password_Guessing && n$id$resp_h == 10.0.0.1 )
-        add n$actions[Notice::ACTION_EMAIL];
-      }
+        {
+        # Insert your code here.
+        }
 
 Hooks can also abort later hook bodies with the ``break`` keyword. This
 is primarily useful if one wants to completely preempt processing by
diff --git a/doc/frameworks/notice_ssh_guesser.bro b/doc/frameworks/notice_ssh_guesser.bro
new file mode 100644
index 0000000000..34ffe2e95e
--- /dev/null
+++ b/doc/frameworks/notice_ssh_guesser.bro
@@ -0,0 +1,10 @@
+
+@load protocols/ssh/detect-bruteforcing
+
+redef SSH::password_guesses_limit=10;
+
+hook Notice::policy(n: Notice::Info)
+	{
+	if ( n$note == SSH::Password_Guessing && /192\.168\.56\.103/ in n$sub )
+		add n$actions[Notice::ACTION_EMAIL];
+	}
diff --git a/doc/httpmonitor/file_extraction.bro b/doc/httpmonitor/file_extraction.bro
index 3860cb361e..c387156b62 100644
--- a/doc/httpmonitor/file_extraction.bro
+++ b/doc/httpmonitor/file_extraction.bro
@@ -7,15 +7,18 @@ global mime_to_ext: table[string] of string = {
 	["text/html"] = "html",
 };
 
-event file_mime_type(f: fa_file, mime_type: string)
+event file_sniff(f: fa_file, meta: fa_metadata)
 	{
 	if ( f$source != "HTTP" )
 		return;
 
-	if ( mime_type !in mime_to_ext )
+	if ( ! meta?$mime_type )
 		return;
 
-	local fname = fmt("%s-%s.%s", f$source, f$id, mime_to_ext[mime_type]);
+	if ( meta$mime_type !in mime_to_ext )
+		return;
+
+	local fname = fmt("%s-%s.%s", f$source, f$id, mime_to_ext[meta$mime_type]);
 	print fmt("Extracting file %s", fname);
 	Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);
-	}
\ No newline at end of file
+	}
diff --git a/doc/install/install.rst b/doc/install/install.rst
index a3531f70c3..18bacd7758 100644
--- a/doc/install/install.rst
+++ b/doc/install/install.rst
@@ -68,7 +68,7 @@ that ``bash`` and ``python`` are in your ``PATH``):
 
   .. console::
 
-      sudo pkg_add -r bash cmake swig bison python perl
+      sudo pkg_add -r bash cmake swig bison python perl py27-sqlite3
 
 * Mac OS X:
 
@@ -113,19 +113,15 @@ Using Pre-Built Binary Release Packages
 =======================================
 
 See the `bro downloads page`_ for currently supported/targeted
-platforms for binary releases.
+platforms for binary releases and for installation instructions.
 
-* RPM
+* Linux Packages
 
-  .. console::
-
-      sudo yum localinstall Bro-*.rpm
-
-* DEB
-
-  .. console::
-
-      sudo gdebi Bro-*.deb
+  Linux based binary installations are usually performed by adding
+  information about the Bro packages to the respective system packaging
+  tool. Theen the usual system utilities such as ``apt``, ``yum``
+  or ``zyppper`` are used to perforn the installation. By default,
+  installations of binary packages will go into ``/opt/bro``.
 
 * MacOS Disk Image with Installer
 
@@ -133,8 +129,6 @@ platforms for binary releases.
   Everything installed by the package will go into ``/opt/bro``.
 
 The primary install prefix for binary packages is ``/opt/bro``.
-Non-MacOS packages that include BroControl also put variable/runtime
-data (e.g. Bro logs) in ``/var/opt/bro``.
 
 Installing from Source
 ==========================
diff --git a/doc/mimestats/mimestats.bro b/doc/mimestats/mimestats.bro
index b854b26c2d..dc2eeab087 100644
--- a/doc/mimestats/mimestats.bro
+++ b/doc/mimestats/mimestats.bro
@@ -30,7 +30,7 @@ export {
 
 event bro_init() &priority=3
 	{
-	Log::create_stream(MimeMetrics::LOG, [$columns=Info]);
+	Log::create_stream(MimeMetrics::LOG, [$columns=Info, $path="mime_metrics"]);
 	local r1: SumStats::Reducer = [$stream="mime.bytes",
 	                               $apply=set(SumStats::SUM)];
 	local r2: SumStats::Reducer = [$stream="mime.hits", 
diff --git a/doc/quickstart/conditional-notice.bro b/doc/quickstart/conditional-notice.bro
new file mode 100644
index 0000000000..8cc01787c9
--- /dev/null
+++ b/doc/quickstart/conditional-notice.bro
@@ -0,0 +1,24 @@
+@load protocols/ssl/expiring-certs
+
+const watched_servers: set[addr] = {
+	87.98.220.10,
+} &redef;
+
+# Site::local_nets usually isn't something you need to modify if
+# BroControl automatically sets it up from networks.cfg.  It's
+# shown here for completeness.
+redef Site::local_nets += {
+	87.98.0.0/16,
+};
+
+hook Notice::policy(n: Notice::Info)
+	{
+	if ( n$note != SSL::Certificate_Expired )
+		return;
+
+	if ( n$id$resp_h !in watched_servers )
+		return;
+
+	add n$actions[Notice::ACTION_EMAIL];
+	}
+
diff --git a/doc/quickstart/index.rst b/doc/quickstart/index.rst
index bb642ee75a..616c94c261 100644
--- a/doc/quickstart/index.rst
+++ b/doc/quickstart/index.rst
@@ -156,9 +156,11 @@ changes we want to make:
    notice that means an SSL connection was established and the server's
    certificate couldn't be validated using Bro's default trust roots, but
    we want to ignore it.
-2) ``SSH::Login`` is a notice type that is triggered when an SSH connection
-   attempt looks like it may have been successful, and we want email when
-   that happens, but only for certain servers.
+2) ``SSL::Certificate_Expired`` is a notice type that is triggered when
+   an SSL connection was established using an expired certificate.  We
+   want email when that happens, but only for certain servers on the
+   local network (Bro can also proactively monitor for certs that will
+   soon expire, but this is just for demonstration purposes).
 
 We've defined *what* we want to do, but need to know *where* to do it.
 The answer is to use a script written in the Bro programming language, so
@@ -203,7 +205,7 @@ the variable's value may not change at run-time, but whose initial value can be
 modified via the ``redef`` operator at parse-time.
 
 Let's continue on our path to modify the behavior for the two SSL
-and SSH notices.  Looking at :doc:`/scripts/base/frameworks/notice/main.bro`,
+notices.  Looking at :doc:`/scripts/base/frameworks/notice/main.bro`,
 we see that it advertises:
 
 .. code:: bro
@@ -216,7 +218,7 @@ we see that it advertises:
         const ignored_types: set[Notice::Type] = {} &redef;
     }
 
-That's exactly what we want to do for the SSL notice.  Add to ``local.bro``:
+That's exactly what we want to do for the first notice.  Add to ``local.bro``:
 
 .. code:: bro
 
@@ -248,38 +250,30 @@ is valid before installing it and then restarting the Bro instance:
    stopping bro ...
    starting bro ...
 
-Now that the SSL notice is ignored, let's look at how to send an email on
-the SSH notice.  The notice framework has a similar option called
-``emailed_types``, but using that would generate email for all SSH servers and
-we only want email for logins to certain ones.  There is a ``policy`` hook
-that is actually what is used to implement the simple functionality of
-``ignored_types`` and
-``emailed_types``, but it's extensible such that the condition and action taken
-on notices can be user-defined.
+Now that the SSL notice is ignored, let's look at how to send an email
+on the other notice.  The notice framework has a similar option called
+``emailed_types``, but using that would generate email for all SSL
+servers with expired certificates and we only want email for connections
+to certain ones.  There is a ``policy`` hook that is actually what is
+used to implement the simple functionality of ``ignored_types`` and
+``emailed_types``, but it's extensible such that the condition and
+action taken on notices can be user-defined.
 
-In ``local.bro``, let's define a new ``policy`` hook handler body
-that takes the email action for SSH logins only for a defined set of servers:
+In ``local.bro``, let's define a new ``policy`` hook handler body:
 
-.. code:: bro
+.. btest-include:: ${DOC_ROOT}/quickstart/conditional-notice.bro
 
-    const watched_servers: set[addr] = {
-        192.168.1.100,
-        192.168.1.101,
-        192.168.1.102,
-    } &redef;
+.. btest:: conditional-notice
 
-   hook Notice::policy(n: Notice::Info)
-       {
-       if ( n$note == SSH::SUCCESSFUL_LOGIN && n$id$resp_h in watched_servers )
-            add n$actions[Notice::ACTION_EMAIL];
-       }
+    @TEST-EXEC: btest-rst-cmd bro -r ${TRACES}/tls/tls-expired-cert.trace ${DOC_ROOT}/quickstart/conditional-notice.bro
+    @TEST-EXEC: btest-rst-cmd cat notice.log
 
 You'll just have to trust the syntax for now, but what we've done is
 first declare our own variable to hold a set of watched addresses,
-``watched_servers``; then added a hook handler body to the policy that will
-generate an email whenever the notice type is an SSH login and the responding
-host stored
-inside the ``Info`` record's connection field is in the set of watched servers.
+``watched_servers``; then added a hook handler body to the policy that
+will generate an email whenever the notice type is an SSL expired
+certificate and the responding host stored inside the ``Info`` record's
+connection field is in the set of watched servers.
 
 .. note:: Record field member access is done with the '$' character
    instead of a '.' as might be expected from other languages, in
diff --git a/doc/script-reference/attributes.rst b/doc/script-reference/attributes.rst
index ef6c6a54a1..40646f64f4 100644
--- a/doc/script-reference/attributes.rst
+++ b/doc/script-reference/attributes.rst
@@ -43,8 +43,6 @@ The Bro scripting language supports the following attributes.
 +-----------------------------+-----------------------------------------------+
 | :bro:attr:`&mergeable`      |Prefer set union for synchronized state.       |
 +-----------------------------+-----------------------------------------------+
-| :bro:attr:`&group`          |Group event handlers to activate/deactivate.   |
-+-----------------------------+-----------------------------------------------+
 | :bro:attr:`&error_handler`  |Used internally for reporter framework events. |
 +-----------------------------+-----------------------------------------------+
 | :bro:attr:`&type_column`    |Used by input framework for "port" type.       |
@@ -198,11 +196,6 @@ Here is a more detailed explanation of each attribute:
     inconsistencies and can be avoided by unifying the two sets, rather
     than merely overwriting the old value.
 
-.. bro:attr:: &group
-
-    Groups event handlers such that those in the same group can be
-    jointly activated or deactivated.
-
 .. bro:attr:: &error_handler
 
     Internally set on the events that are associated with the reporter
diff --git a/doc/script-reference/statements.rst b/doc/script-reference/statements.rst
index 2eeb1940e7..bf607ad0f9 100644
--- a/doc/script-reference/statements.rst
+++ b/doc/script-reference/statements.rst
@@ -294,7 +294,10 @@ Here are the statements that the Bro scripting language supports.
 .. bro:keyword:: for
 
     A "for" loop iterates over each element in a string, set, vector, or
-    table and executes a statement for each iteration.
+    table and executes a statement for each iteration.  Currently,
+    modifying a container's membership while iterating over it may
+    result in undefined behavior, so avoid adding or removing elements
+    inside the loop.
 
     For each iteration of the loop, a loop variable will be assigned to an
     element if the expression evaluates to a string or set, or an index if
diff --git a/doc/scripting/framework_logging_factorial_02.bro b/doc/scripting/framework_logging_factorial_02.bro
index 02a451265c..f947314065 100644
--- a/doc/scripting/framework_logging_factorial_02.bro
+++ b/doc/scripting/framework_logging_factorial_02.bro
@@ -23,7 +23,7 @@ function factorial(n: count): count
 event bro_init()
     {
     # Create the logging stream.
-    Log::create_stream(LOG, [$columns=Info]);
+    Log::create_stream(LOG, [$columns=Info, $path="factor"]);
     }
 
 event bro_done()
diff --git a/doc/scripting/framework_logging_factorial_03.bro b/doc/scripting/framework_logging_factorial_03.bro
index c99cca2c1d..20cb14bd59 100644
--- a/doc/scripting/framework_logging_factorial_03.bro
+++ b/doc/scripting/framework_logging_factorial_03.bro
@@ -37,7 +37,7 @@ function mod5(id: Log::ID, path: string, rec: Factor::Info) : string
 
 event bro_init()
     {
-    Log::create_stream(LOG, [$columns=Info]);
+    Log::create_stream(LOG, [$columns=Info, $path="factor"]);
     
     local filter: Log::Filter = [$name="split-mod5s", $path_func=mod5];
     Log::add_filter(Factor::LOG, filter);
diff --git a/doc/scripting/framework_logging_factorial_04.bro b/doc/scripting/framework_logging_factorial_04.bro
index a563069c46..719d8e27e1 100644
--- a/doc/scripting/framework_logging_factorial_04.bro
+++ b/doc/scripting/framework_logging_factorial_04.bro
@@ -22,7 +22,7 @@ function factorial(n: count): count
 
 event bro_init()
     {
-    Log::create_stream(LOG, [$columns=Info, $ev=log_factor]);
+    Log::create_stream(LOG, [$columns=Info, $ev=log_factor, $path="factor"]);
     }
 
 event bro_done()
diff --git a/doc/scripting/index.rst b/doc/scripting/index.rst
index fb1c1b67a1..2b5cfbb49c 100644
--- a/doc/scripting/index.rst
+++ b/doc/scripting/index.rst
@@ -363,7 +363,7 @@ decrypted from HTTP streams is stored in
 excerpt from :doc:`/scripts/base/protocols/http/main.bro` below.
 
 .. btest-include:: ${BRO_SRC_ROOT}/scripts/base/protocols/http/main.bro
-   :lines: 9-11,20-22,121
+   :lines: 9-11,20-22,125
 
 Because the constant was declared with the ``&redef`` attribute, if we
 needed to turn this option on globally, we could do so by adding the
@@ -826,7 +826,7 @@ example of the ``record`` data type in the earlier sections, the
 ``conn.log``, is shown by the excerpt below.
 
 .. btest-include:: ${BRO_SRC_ROOT}/scripts/base/protocols/conn/main.bro
-   :lines: 10-12,16-17,19,21,23,25,28,31,35,38,57,63,69,92,95,99,102,106,110-111,116
+   :lines: 10-12,16-17,19,21,23,25,28,31,35,38,57,63,69,75,98,101,105,108,112,116-117,122
 
 Looking at the structure of the definition, a new collection of data
 types is being defined as a type called ``Info``.  Since this type
diff --git a/pkg/check-cmake b/pkg/check-cmake
deleted file mode 100755
index 17531af2f7..0000000000
--- a/pkg/check-cmake
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-
-# CMake/CPack versions before 2.8.3 have bugs that can create bad packages
-# Since packages will be built on several different systems, a single
-# version of CMake is required to obtain consistency, but can be increased
-# as new versions of CMake come out that also produce working packages.
-
-CMAKE_PACK_REQ="cmake version 2.8.6"
-CMAKE_VER=`cmake -version`
-
-if [ "${CMAKE_VER}" != "${CMAKE_PACK_REQ}" ]; then
-    echo "Package creation requires ${CMAKE_PACK_REQ}" >&2
-    exit 1
-fi
diff --git a/pkg/make-deb-packages b/pkg/make-deb-packages
index 0a435a756f..36bd62c19c 100755
--- a/pkg/make-deb-packages
+++ b/pkg/make-deb-packages
@@ -3,8 +3,6 @@
 # This script generates binary DEB packages.
 # They can be found in ../build/ after running.
 
-./check-cmake || { exit 1; }
-
 # The DEB CPack generator depends on `dpkg-shlibdeps` to automatically
 # determine what dependencies to set for the packages
 type dpkg-shlibdeps > /dev/null 2>&1 || {
diff --git a/pkg/make-mac-packages b/pkg/make-mac-packages
index 2930f8f393..b3d200842f 100755
--- a/pkg/make-mac-packages
+++ b/pkg/make-mac-packages
@@ -3,14 +3,6 @@
 # This script creates binary packages for Mac OS X.
 # They can be found in ../build/ after running.
 
-cmake -P /dev/stdin << "EOF"
-if ( ${CMAKE_VERSION} VERSION_LESS 2.8.9 )
-    message(FATAL_ERROR "CMake >= 2.8.9 required to build package")
-endif ()
-EOF
-
-[ $? -ne 0 ] && exit 1;
-
 type sw_vers > /dev/null 2>&1 || {
     echo "Unable to get Mac OS X version" >&2;
     exit 1;
diff --git a/pkg/make-rpm-packages b/pkg/make-rpm-packages
index 43b962f417..ee09511e44 100755
--- a/pkg/make-rpm-packages
+++ b/pkg/make-rpm-packages
@@ -3,8 +3,6 @@
 # This script generates binary RPM packages.
 # They can be found in ../build/ after running.
 
-./check-cmake || { exit 1; }
-
 # The RPM CPack generator depends on `rpmbuild` to create packages
 type rpmbuild > /dev/null 2>&1 || {
     echo "\
diff --git a/scripts/base/files/extract/main.bro b/scripts/base/files/extract/main.bro
index 765263a4d8..7f68a8bcce 100644
--- a/scripts/base/files/extract/main.bro
+++ b/scripts/base/files/extract/main.bro
@@ -53,7 +53,8 @@ function set_limit(f: fa_file, args: Files::AnalyzerArgs, n: count): bool
 function on_add(f: fa_file, args: Files::AnalyzerArgs)
 	{
 	if ( ! args?$extract_filename )
-		args$extract_filename = cat("extract-", f$source, "-", f$id);
+		args$extract_filename = cat("extract-", f$last_active, "-", f$source,
+		                            "-", f$id);
 
 	f$info$extracted = args$extract_filename;
 	args$extract_filename = build_path_compressed(prefix, args$extract_filename);
diff --git a/scripts/base/files/pe/__load__.bro b/scripts/base/files/pe/__load__.bro
new file mode 100644
index 0000000000..0098b81a7a
--- /dev/null
+++ b/scripts/base/files/pe/__load__.bro
@@ -0,0 +1,2 @@
+@load ./consts
+@load ./main
\ No newline at end of file
diff --git a/scripts/base/files/pe/consts.bro b/scripts/base/files/pe/consts.bro
new file mode 100644
index 0000000000..35ad9c3c61
--- /dev/null
+++ b/scripts/base/files/pe/consts.bro
@@ -0,0 +1,184 @@
+
+module PE;
+
+export {
+	const machine_types: table[count] of string = {
+		[0x00]   = "UNKNOWN",
+		[0x1d3]  = "AM33",
+		[0x8664] = "AMD64",
+		[0x1c0]  = "ARM",
+		[0x1c4]  = "ARMNT",
+		[0xaa64] = "ARM64",
+		[0xebc]  = "EBC",
+		[0x14c]  = "I386",
+		[0x200]  = "IA64",
+		[0x9041] = "M32R",
+		[0x266]  = "MIPS16",
+		[0x366]  = "MIPSFPU",
+		[0x466]  = "MIPSFPU16",
+		[0x1f0]  = "POWERPC",
+		[0x1f1]  = "POWERPCFP",
+		[0x166]  = "R4000",
+		[0x1a2]  = "SH3",
+		[0x1a3]  = "SH3DSP",
+		[0x1a6]  = "SH4",
+		[0x1a8]  = "SH5",
+		[0x1c2]  = "THUMB",
+		[0x169]  = "WCEMIPSV2"
+	} &default=function(i: count):string { return fmt("unknown-%d", i); };
+
+	const file_characteristics: table[count] of string = {
+		[0x1]    = "RELOCS_STRIPPED",
+		[0x2]    = "EXECUTABLE_IMAGE",
+		[0x4]    = "LINE_NUMS_STRIPPED",
+		[0x8]    = "LOCAL_SYMS_STRIPPED",
+		[0x10]   = "AGGRESSIVE_WS_TRIM",
+		[0x20]   = "LARGE_ADDRESS_AWARE",
+		[0x80]   = "BYTES_REVERSED_LO",
+		[0x100]  = "32BIT_MACHINE",
+		[0x200]  = "DEBUG_STRIPPED",
+		[0x400]  = "REMOVABLE_RUN_FROM_SWAP",
+		[0x800]  = "NET_RUN_FROM_SWAP",
+		[0x1000] = "SYSTEM",
+		[0x2000] = "DLL",
+		[0x4000] = "UP_SYSTEM_ONLY",
+		[0x8000] = "BYTES_REVERSED_HI"
+	} &default=function(i: count):string { return fmt("unknown-%d", i); };
+
+	const dll_characteristics: table[count] of string = {
+		[0x40]   = "DYNAMIC_BASE",
+		[0x80]   = "FORCE_INTEGRITY",
+		[0x100]  = "NX_COMPAT",
+		[0x200]  = "NO_ISOLATION",
+		[0x400]  = "NO_SEH",
+		[0x800]  = "NO_BIND",
+		[0x2000] = "WDM_DRIVER",
+		[0x8000] = "TERMINAL_SERVER_AWARE"
+	} &default=function(i: count):string { return fmt("unknown-%d", i); };
+
+	const windows_subsystems: table[count] of string = {
+		[0]  = "UNKNOWN",
+		[1]  = "NATIVE",
+		[2]  = "WINDOWS_GUI",
+		[3]  = "WINDOWS_CUI",
+		[7]  = "POSIX_CUI",
+		[9]  = "WINDOWS_CE_GUI",
+		[10] = "EFI_APPLICATION",
+		[11] = "EFI_BOOT_SERVICE_DRIVER",
+		[12] = "EFI_RUNTIME_
DRIVER",
+		[13] = "EFI_ROM",
+		[14] = "XBOX"
+	} &default=function(i: count):string { return fmt("unknown-%d", i); };
+
+	const directories: table[count] of string = {
+		[0]  = "Export Table",
+		[1]  = "Import Table",
+		[2]  = "Resource Table",
+		[3]  = "Exception Table",
+		[4]  = "Certificate Table",
+		[5]  = "Base Relocation Table",
+		[6]  = "Debug",
+		[7]  = "Architecture",
+		[8]  = "Global Ptr",
+		[9]  = "TLS Table",
+		[10] = "Load Config Table",
+		[11] = "Bound Import",
+		[12] = "IAT",
+		[13] = "Delay Import Descriptor",
+		[14] = "CLR Runtime Header",
+		[15] = "Reserved"
+	} &default=function(i: count):string { return fmt("unknown-%d", i); };
+
+	const section_characteristics: table[count] of string = {
+		[0x8]        = "TYPE_NO_PAD",
+		[0x20]       = "CNT_CODE",
+		[0x40]       = "CNT_INITIALIZED_DATA",
+		[0x80]       = "CNT_UNINITIALIZED_DATA",
+		[0x100]      = "LNK_OTHER",
+		[0x200]      = "LNK_INFO",
+		[0x800]      = "LNK_REMOVE",
+		[0x1000]     = "LNK_COMDAT",
+		[0x8000]     = "GPREL",
+		[0x20000]    = "MEM_16BIT",
+		[0x40000]    = "MEM_LOCKED",
+		[0x80000]    = "MEM_PRELOAD",
+		[0x100000]   = "ALIGN_1BYTES",
+		[0x200000]   = "ALIGN_2BYTES",
+		[0x300000]   = "ALIGN_4BYTES",
+		[0x400000]   = "ALIGN_8BYTES",
+		[0x500000]   = "ALIGN_16BYTES",
+		[0x600000]   = "ALIGN_32BYTES",
+		[0x700000]   = "ALIGN_64BYTES",
+		[0x800000]   = "ALIGN_128BYTES",
+		[0x900000]   = "ALIGN_256BYTES",
+		[0xa00000]   = "ALIGN_512BYTES",
+		[0xb00000]   = "ALIGN_1024BYTES",
+		[0xc00000]   = "ALIGN_2048BYTES",
+		[0xd00000]   = "ALIGN_4096BYTES",
+		[0xe00000]   = "ALIGN_8192BYTES",
+		[0x1000000]  = "LNK_NRELOC_OVFL",
+		[0x2000000]  = "MEM_DISCARDABLE",
+		[0x4000000]  = "MEM_NOT_CACHED",
+		[0x8000000]  = "MEM_NOT_PAGED",
+		[0x10000000] = "MEM_SHARED",
+		[0x20000000] = "MEM_EXECUTE",
+		[0x40000000] = "MEM_READ",
+		[0x80000000] = "MEM_WRITE"
+	} &default=function(i: count):string { return fmt("unknown-%d", i); };
+
+	const os_versions: table[count, count] of string = {
+		[10,0] = "Windows 10",
+		[6,4]  = "Windows 10 Technical Preview",
+		[6,3]  = "Windows 8.1 or Server 2012 R2",
+		[6,2]  = "Windows 8 or Server 2012",
+		[6,1]  = "Windows 7 or Server 2008 R2",
+		[6,0]  = "Windows Vista or Server 2008",
+		[5,2]  = "Windows XP x64 or Server 2003",
+		[5,1]  = "Windows XP",
+		[5,0]  = "Windows 2000",
+		[4,90] = "Windows Me",
+		[4,10] = "Windows 98",
+		[4,0]  = "Windows 95 or NT 4.0",
+		[3,51] = "Windows NT 3.51",
+		[3,50] = "Windows NT 3.5",
+		[3,2]  = "Windows 3.2",
+		[3,11] = "Windows for Workgroups 3.11",
+		[3,10] = "Windows 3.1 or NT 3.1",
+		[3,0]  = "Windows 3.0",
+		[2,11] = "Windows 2.11",
+		[2,10] = "Windows 2.10",
+		[2,0] = "Windows 2.0",
+		[1,4] = "Windows 1.04",
+		[1,3] = "Windows 1.03",
+		[1,1] = "Windows 1.01",
+		[1,0] = "Windows 1.0",
+	} &default=function(i: count, j: count):string { return fmt("unknown-%d.%d", i, j); };
+
+	const section_descs: table[string] of string = {
+		[".bss"]      = "Uninitialized data",
+		[".cormeta"]  = "CLR metadata that indicates that the object file contains managed code",
+		[".data"]     = "Initialized data",
+		[".debug$F"]  = "Generated FPO debug information",
+		[".debug$P"]  = "Precompiled debug types",
+		[".debug$S"]  = "Debug symbols",
+		[".debug$T"]  = "Debug types",
+		[".drective"] = "Linker options",
+		[".edata"]    = "Export tables",
+		[".idata"]    = "Import tables",
+		[".idlsym"]   = "Includes registered SEH to support IDL attributes",
+		[".pdata"]    = "Exception information",
+		[".rdata"]    = "Read-only initialized data",
+		[".reloc"]    = "Image relocations",
+		[".rsrc"]     = "Resource directory",
+		[".sbss"]     = "GP-relative uninitialized data",
+		[".sdata"]    = "GP-relative initialized data",
+		[".srdata"]   = "GP-relative read-only data",
+		[".sxdata"]   = "Registered exception handler data",
+		[".text"]     = "Executable code",
+		[".tls"]      = "Thread-local storage",
+		[".tls$"]     = "Thread-local storage",
+		[".vsdata"]   = "GP-relative initialized data",
+		[".xdata"]    = "Exception information",
+	} &default=function(i: string):string { return fmt("unknown-%s", i); };
+
+}
diff --git a/scripts/base/files/pe/main.bro b/scripts/base/files/pe/main.bro
new file mode 100644
index 0000000000..b2723e4138
--- /dev/null
+++ b/scripts/base/files/pe/main.bro
@@ -0,0 +1,137 @@
+module PE;
+
+@load ./consts.bro
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Info: record {
+		## Current timestamp.
+		ts:                  time              &log;
+		## File id of this portable executable file.
+		id:                  string            &log;
+		## The target machine that the file was compiled for.
+		machine:             string            &log &optional;
+		## The time that the file was created at.
+		compile_ts:          time              &log &optional;
+		## The required operating system.
+		os:                  string            &log &optional;
+		## The subsystem that is required to run this file.
+		subsystem:           string            &log &optional;
+		## Is the file an executable, or just an object file?
+		is_exe:              bool              &log &default=T;
+		## Is the file a 64-bit executable?
+		is_64bit:            bool              &log &default=T;
+		## Does the file support Address Space Layout Randomization?
+		uses_aslr:           bool              &log &default=F;
+		## Does the file support Data Execution Prevention?
+		uses_dep:            bool              &log &default=F;
+		## Does the file enforce code integrity checks?
+		uses_code_integrity: bool              &log &default=F;
+		## Does the file use structured exception handing?
+		uses_seh:            bool              &log &default=T;
+		## Does the file have an import table?
+		has_import_table:    bool              &log &optional;
+		## Does the file have an export table?
+		has_export_table:    bool              &log &optional;
+		## Does the file have an attribute certificate table?
+		has_cert_table:      bool              &log &optional;
+		## Does the file have a debug table?
+		has_debug_data:      bool              &log &optional;
+		## The names of the sections, in order.
+		section_names:       vector of string  &log &optional;
+	};
+
+	## Event for accessing logged records.
+	global log_pe: event(rec: Info);
+
+	## A hook that gets called when we first see a PE file.
+	global set_file: hook(f: fa_file);
+}
+
+redef record fa_file += {
+	pe: Info &optional;
+};
+
+const pe_mime_types = { "application/x-dosexec" };
+
+event bro_init() &priority=5
+	{
+	Files::register_for_mime_types(Files::ANALYZER_PE, pe_mime_types);
+	Log::create_stream(LOG, [$columns=Info, $ev=log_pe, $path="pe"]);
+	}
+
+hook set_file(f: fa_file) &priority=5
+	{
+	if ( ! f?$pe )
+		f$pe = [$ts=network_time(), $id=f$id];
+	}
+
+event pe_dos_header(f: fa_file, h: PE::DOSHeader) &priority=5
+	{
+	hook set_file(f);
+	}
+
+event pe_file_header(f: fa_file, h: PE::FileHeader) &priority=5
+	{
+	hook set_file(f);
+
+	f$pe$machine    = machine_types[h$machine];
+	f$pe$compile_ts = h$ts;
+	f$pe$is_exe     = ( h$optional_header_size > 0 );
+
+	for ( c in h$characteristics )
+		{
+		if ( file_characteristics[c] == "32BIT_MACHINE" )
+			f$pe$is_64bit = F;
+		}
+	}
+
+event pe_optional_header(f: fa_file, h: PE::OptionalHeader) &priority=5
+	{
+	hook set_file(f);
+
+	# Only EXEs have optional headers
+	if ( ! f$pe$is_exe )
+		return;
+
+	f$pe$os        = os_versions[h$os_version_major, h$os_version_minor];
+	f$pe$subsystem = windows_subsystems[h$subsystem];
+
+	for ( c in h$dll_characteristics )
+		{
+		if ( dll_characteristics[c] == "DYNAMIC_BASE" )
+			f$pe$uses_aslr = T;
+		if ( dll_characteristics[c] == "FORCE_INTEGRITY" )
+			f$pe$uses_code_integrity = T;
+		if ( dll_characteristics[c] == "NX_COMPAT" )
+			f$pe$uses_dep = T;
+		if ( dll_characteristics[c] == "NO_SEH" )
+			f$pe$uses_seh = F;
+		}
+
+	f$pe$has_export_table = (|h$table_sizes| > 0 && h$table_sizes[0] > 0);
+	f$pe$has_import_table = (|h$table_sizes| > 1 && h$table_sizes[1] > 0);
+	f$pe$has_cert_table   = (|h$table_sizes| > 4 && h$table_sizes[4] > 0);
+	f$pe$has_debug_data   = (|h$table_sizes| > 6 && h$table_sizes[6] > 0);
+	}
+
+event pe_section_header(f: fa_file, h: PE::SectionHeader) &priority=5
+	{
+	hook set_file(f);
+
+	# Only EXEs have section headers
+	if ( ! f$pe$is_exe )
+		return;
+
+	if ( ! f$pe?$section_names )
+		f$pe$section_names = vector();
+	f$pe$section_names[|f$pe$section_names|] = h$name;
+	}
+
+event file_state_remove(f: fa_file) &priority=-5
+	{
+	if ( f?$pe && f$pe?$machine )
+		Log::write(LOG, f$pe);
+	}
+
diff --git a/scripts/base/files/unified2/main.bro b/scripts/base/files/unified2/main.bro
index 73f98aa5f8..9d9ef15d79 100644
--- a/scripts/base/files/unified2/main.bro
+++ b/scripts/base/files/unified2/main.bro
@@ -195,7 +195,7 @@ event Input::end_of_data(name: string, source: string)
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Unified2::LOG, [$columns=Info, $ev=log_unified2]);
+	Log::create_stream(Unified2::LOG, [$columns=Info, $ev=log_unified2, $path="unified2"]);
 
 	if ( sid_msg == "" )
 		{
diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.bro
index 10445ad846..c097b84560 100644
--- a/scripts/base/files/x509/main.bro
+++ b/scripts/base/files/x509/main.bro
@@ -36,7 +36,7 @@ export {
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(X509::LOG, [$columns=Info, $ev=log_x509]);
+	Log::create_stream(X509::LOG, [$columns=Info, $ev=log_x509, $path="x509"]);
 	}
 
 redef record Files::Info += {
@@ -47,6 +47,9 @@ redef record Files::Info += {
 
 event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) &priority=5
 	{
+	if ( ! f$info?$mime_type )
+		f$info$mime_type = "application/pkix-cert";
+
 	f$info$x509 = [$ts=f$info$ts, $id=f$id, $certificate=cert, $handle=cert_ref];
 	}
 
diff --git a/scripts/base/frameworks/broker/__load__.bro b/scripts/base/frameworks/broker/__load__.bro
new file mode 100644
index 0000000000..a10fe855df
--- /dev/null
+++ b/scripts/base/frameworks/broker/__load__.bro
@@ -0,0 +1 @@
+@load ./main
diff --git a/scripts/base/frameworks/broker/main.bro b/scripts/base/frameworks/broker/main.bro
new file mode 100644
index 0000000000..e8b57d57d9
--- /dev/null
+++ b/scripts/base/frameworks/broker/main.bro
@@ -0,0 +1,103 @@
+##! Various data structure definitions for use with Bro's communication system.
+
+module BrokerComm;
+
+export {
+
+	## A name used to identify this endpoint to peers.
+	## .. bro:see:: BrokerComm::connect BrokerComm::listen
+	const endpoint_name = "" &redef;
+
+	## Change communication behavior.
+	type EndpointFlags: record {
+		## Whether to restrict message topics that can be published to peers.
+		auto_publish: bool &default = T;
+		## Whether to restrict what message topics or data store identifiers
+		## the local endpoint advertises to peers (e.g. subscribing to
+		## events or making a master data store available).
+		auto_advertise: bool &default = T;
+	};
+
+	## Fine-grained tuning of communication behavior for a particular message.
+	type SendFlags: record {
+		## Send the message to the local endpoint.
+		self: bool &default = F;
+		## Send the message to peer endpoints that advertise interest in
+		## the topic associated with the message.
+		peers: bool &default = T;
+		## Send the message to peer endpoints even if they don't advertise
+		## interest in the topic associated with the message.
+		unsolicited: bool &default = F;
+	};
+
+	## Opaque communication data.
+	type Data: record {
+		d: opaque of BrokerComm::Data &optional;
+	};
+
+	## Opaque communication data.
+	type DataVector: vector of BrokerComm::Data;
+
+	## Opaque event communication data.
+	type EventArgs: record {
+		## The name of the event.  Not set if invalid event or arguments.
+		name: string &optional;
+		## The arguments to the event.
+		args: DataVector;
+	};
+
+	## Opaque communication data used as a convenient way to wrap key-value
+	## pairs that comprise table entries.
+	type TableItem : record {
+		key: BrokerComm::Data;
+		val: BrokerComm::Data;
+	};
+}
+
+module BrokerStore;
+
+export {
+
+	## Whether a data store query could be completed or not.
+	type QueryStatus: enum {
+		SUCCESS,
+		FAILURE,
+	};
+
+	## An expiry time for a key-value pair inserted in to a data store.
+	type ExpiryTime: record {
+		## Absolute point in time at which to expire the entry.
+		absolute: time &optional;
+		## A point in time relative to the last modification time at which
+		## to expire the entry.  New modifications will delay the expiration.
+		since_last_modification: interval &optional;
+	};
+
+	## The result of a data store query.
+	type QueryResult: record {
+		## Whether the query completed or not.
+		status: BrokerStore::QueryStatus;
+		## The result of the query.  Certain queries may use a particular
+		## data type (e.g. querying store size always returns a count, but
+		## a lookup may return various data types).
+		result: BrokerComm::Data;
+	};
+
+	## Options to tune the SQLite storage backend.
+	type SQLiteOptions: record {
+		## File system path of the database.
+		path: string &default = "store.sqlite";
+	};
+
+	## Options to tune the RocksDB storage backend.
+	type RocksDBOptions: record {
+		## File system path of the database.
+		path: string &default = "store.rocksdb";
+	};
+
+	## Options to tune the particular storage backends.
+	type BackendOptions: record {
+		sqlite: SQLiteOptions &default = SQLiteOptions();
+		rocksdb: RocksDBOptions &default = RocksDBOptions();
+	};
+}
diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.bro
index 12cc9e27d4..218e309bad 100644
--- a/scripts/base/frameworks/cluster/main.bro
+++ b/scripts/base/frameworks/cluster/main.bro
@@ -159,5 +159,5 @@ event bro_init() &priority=5
 		terminate();
 		}
 	
-	Log::create_stream(Cluster::LOG, [$columns=Info]);
+	Log::create_stream(Cluster::LOG, [$columns=Info, $path="cluster"]);
 	}
diff --git a/scripts/base/frameworks/communication/main.bro b/scripts/base/frameworks/communication/main.bro
index 92d527101d..af4eb9fca5 100644
--- a/scripts/base/frameworks/communication/main.bro
+++ b/scripts/base/frameworks/communication/main.bro
@@ -164,7 +164,7 @@ const src_names = {
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Communication::LOG, [$columns=Info]);
+	Log::create_stream(Communication::LOG, [$columns=Info, $path="communication"]);
 	}
 
 function do_script_log_common(level: count, src: count, msg: string)
diff --git a/scripts/base/frameworks/dpd/main.bro b/scripts/base/frameworks/dpd/main.bro
index 9df8a45e5e..4586e2c02e 100644
--- a/scripts/base/frameworks/dpd/main.bro
+++ b/scripts/base/frameworks/dpd/main.bro
@@ -38,7 +38,7 @@ redef record connection += {
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(DPD::LOG, [$columns=Info]);
+	Log::create_stream(DPD::LOG, [$columns=Info, $path="dpd"]);
 	}
 
 event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &priority=10
diff --git a/scripts/base/frameworks/files/magic/__load__.bro b/scripts/base/frameworks/files/magic/__load__.bro
index c6ee799a53..34115f0a55 100644
--- a/scripts/base/frameworks/files/magic/__load__.bro
+++ b/scripts/base/frameworks/files/magic/__load__.bro
@@ -1,3 +1,9 @@
+@load-sigs ./archive
+@load-sigs ./audio
+@load-sigs ./font
 @load-sigs ./general
+@load-sigs ./image
 @load-sigs ./msoffice
-@load-sigs ./libmagic
+@load-sigs ./video
+
+@load-sigs ./libmagic
\ No newline at end of file
diff --git a/scripts/base/frameworks/files/magic/archive.sig b/scripts/base/frameworks/files/magic/archive.sig
new file mode 100644
index 0000000000..9b95f33b25
--- /dev/null
+++ b/scripts/base/frameworks/files/magic/archive.sig
@@ -0,0 +1,176 @@
+
+signature file-tar {
+    file-magic /^[[:print:]\x00]{100}([[:digit:]\x20]{7}\x00){3}([[:digit:]\x20]{11}\x00){2}([[:digit:]\x00\x20]{7}[\x20\x00])[0-7\x00]/
+    file-mime "application/x-tar", 100
+}
+
+# This is low priority so that files using zip as a
+# container will be identified correctly.
+signature file-zip {
+	file-mime "application/zip", 10
+	file-magic /^PK\x03\x04.{2}/
+}
+
+# Multivolume Zip archive
+signature file-multi-zip {
+	file-mime "application/zip", 10
+	file-magic /^PK\x07\x08PK\x03\x04/
+}
+
+# RAR
+signature file-rar {
+	file-mime "application/x-rar", 70
+	file-magic /^Rar!/
+}
+
+# GZIP
+signature file-gzip {
+	file-mime "application/x-gzip", 100
+	file-magic /\x1f\x8b/
+}
+
+# Microsoft Cabinet
+signature file-ms-cab {
+	file-mime "application/vnd.ms-cab-compressed", 110
+	file-magic /^MSCF\x00\x00\x00\x00/
+}
+
+# Mac OS X DMG files
+signature file-dmg {
+	file-magic /^(\x78\x01\x73\x0D\x62\x62\x60|\x78\xDA\x63\x60\x18\x05|\x78\x01\x63\x60\x18\x05|\x78\xDA\x73\x0D|\x78[\x01\xDA]\xED[\xD0-\xD9])/
+	file-mime "application/x-dmg", 100
+}
+
+# XAR (eXtensible ARchive) format.
+# Mac OS X uses this for the .pkg format.
+signature file-xar {
+	file-magic /^xar\!/
+	file-mime "application/x-xar", 100
+}
+
+# RPM
+signature file-magic-auto352 {
+	file-mime "application/x-rpm", 70
+	file-magic /^(drpm|\xed\xab\xee\xdb)/
+}
+
+# StuffIt
+signature file-stuffit {
+	file-mime "application/x-stuffit", 70
+	file-magic /^(SIT\x21|StuffIt)/
+}
+
+# Archived data
+signature file-x-archive {
+	file-mime "application/x-archive", 70
+	file-magic /^!?<ar(ch)?>/
+}
+
+# ARC archive data
+signature file-arc {
+	file-mime "application/x-arc", 70
+	file-magic /^[\x00-\x7f]{2}[\x02-\x0a\x14\x48]\x1a/
+}
+
+# EET archive
+signature file-eet {
+	file-mime "application/x-eet", 70
+	file-magic /^\x1e\xe7\xff\x00/
+}
+
+# Zoo archive
+signature file-zoo {
+	file-mime "application/x-zoo", 70
+	file-magic /^.{20}\xdc\xa7\xc4\xfd/
+}
+
+# LZ4 compressed data (legacy format)
+signature file-lz4-legacy {
+	file-mime "application/x-lz4", 70
+	file-magic /(\x02\x21\x4c\x18)/
+}
+
+# LZ4 compressed data
+signature file-lz4 {
+	file-mime "application/x-lz4", 70
+	file-magic /^\x04\x22\x4d\x18/
+}
+
+# LRZIP compressed data
+signature file-lrzip {
+	file-mime "application/x-lrzip", 1
+	file-magic /^LRZI/
+}
+
+# LZIP compressed data
+signature file-lzip {
+	file-mime "application/x-lzip", 70
+	file-magic /^LZIP/
+}
+
+# Self-extracting PKZIP archive
+signature file-magic-auto434 {
+	file-mime "application/zip", 340
+	file-magic /^MZ.{28}(Copyright 1989\x2d1990 PKWARE Inc|PKLITE Copr)\x2e/
+}
+
+# LHA archive (LZH)
+signature file-lzh {
+	file-mime "application/x-lzh", 80
+	file-magic /^.{2}-(lh[ abcdex0-9]|lz[s2-8]|lz[s2-8]|pm[s012]|pc1)-/
+}
+
+# WARC Archive
+signature file-warc {
+	file-mime "application/warc", 50
+	file-magic /^WARC\x2f/
+}
+
+# 7-zip archive data
+signature file-7zip {
+	file-mime "application/x-7z-compressed", 50
+	file-magic /^7z\xbc\xaf\x27\x1c/
+}
+
+# XZ compressed data
+signature file-xz {
+	file-mime "application/x-xz", 90
+	file-magic /^\xfd7zXZ\x00/
+}
+
+# LHa self-extracting archive
+signature file-magic-auto436 {
+	file-mime "application/x-lha", 120
+	file-magic /^MZ.{34}LH[aA]\x27s SFX/
+}
+
+# ARJ archive data
+signature file-arj {
+	file-mime "application/x-arj", 50
+	file-magic /^\x60\xea/
+}
+
+# Byte-swapped cpio archive
+signature file-bs-cpio {
+	file-mime "application/x-cpio", 50
+	file-magic /(\x71\xc7|\xc7\x71)/
+}
+
+# CPIO archive
+signature file-cpio {
+	file-mime "application/x-cpio", 50
+	file-magic /^(\xc7\x71|\x71\xc7)/
+}
+
+# Compress'd data
+signature file-compress {
+	file-mime "application/x-compress", 50
+	file-magic /^\x1f\x9d/
+}
+
+# LZMA compressed data
+signature file-lzma {
+	file-mime "application/x-lzma", 71
+	file-magic /^\x5d\x00\x00/
+}
+
diff --git a/scripts/base/frameworks/files/magic/audio.sig b/scripts/base/frameworks/files/magic/audio.sig
new file mode 100644
index 0000000000..efba99ed0d
--- /dev/null
+++ b/scripts/base/frameworks/files/magic/audio.sig
@@ -0,0 +1,13 @@
+
+# MPEG v3 audio
+signature file-mpeg-audio {
+	file-mime "audio/mpeg", 20
+	file-magic /^\xff[\xe2\xe3\xf2\xf3\xf6\xf7\xfa\xfb\xfc\xfd]/
+}
+
+# MPEG v4 audio
+signature file-m4a {
+	file-mime "audio/m4a", 70
+	file-magic /^....ftyp(m4a)/
+}
+
diff --git a/scripts/base/frameworks/files/magic/font.sig b/scripts/base/frameworks/files/magic/font.sig
new file mode 100644
index 0000000000..8f2857f6e3
--- /dev/null
+++ b/scripts/base/frameworks/files/magic/font.sig
@@ -0,0 +1,41 @@
+
+# Web Open Font Format
+signature file-woff {
+	file-magic /^wOFF/
+	file-mime "application/font-woff", 70
+}
+
+# TrueType font
+signature file-ttf {
+	file-mime "application/x-font-ttf", 80
+	file-magic /^\x00\x01\x00\x00\x00/
+}
+
+signature file-embedded-opentype {
+	file-mime "application/vnd.ms-fontobject", 50
+	file-magic /^.{34}LP/
+}
+
+# X11 SNF font
+signature file-snf {
+	file-mime "application/x-font-sfn", 70
+	file-magic /^(\x04\x00\x00\x00|\x00\x00\x00\x04).{100}(\x04\x00\x00\x00|\x00\x00\x00\x04)/
+}
+
+# OpenType font
+signature file-opentype {
+	file-mime "application/vnd.ms-opentype", 70
+	file-magic /^OTTO/
+}
+
+# FrameMaker Font file
+signature file-maker-screen-font {
+	file-mime "application/x-mif", 190
+	file-magic /^\x3cMakerScreenFont/
+}
+
+# >0  string,=SplineFontDB: (len=13), ["Spline Font Database "], swap_endian=0
+signature file-spline-font-db {
+	file-mime "application/vnd.font-fontforge-sfd", 160
+	file-magic /^SplineFontDB\x3a/
+}
diff --git a/scripts/base/frameworks/files/magic/general.sig b/scripts/base/frameworks/files/magic/general.sig
index 500c4f7be0..eb38d39c8c 100644
--- a/scripts/base/frameworks/files/magic/general.sig
+++ b/scripts/base/frameworks/files/magic/general.sig
@@ -1,18 +1,87 @@
 # General purpose file magic signatures.
 
+# Plaintext
+# (Including BOMs for UTF-8, 16, and 32)
 signature file-plaintext {
-    file-magic /^([[:print:][:space:]]{10})/
-    file-mime "text/plain", -20
+	file-mime "text/plain", -20
+	file-magic /^(\xef\xbb\xbf|(\x00\x00)?\xfe\xff|\xff\xfe(\x00\x00)?)?[[:space:]\x20-\x7E]{10}/
 }
 
-signature file-tar {
-    file-magic /^[[:print:]\x00]{100}([[:digit:]\x20]{7}\x00){3}([[:digit:]\x20]{11}\x00){2}([[:digit:]\x00\x20]{7}[\x20\x00])[0-7\x00]/
-    file-mime "application/x-tar", 100
+signature file-json {
+	file-mime "text/json", 1
+	file-magic /^(\xef\xbb\xbf)?[\x0d\x0a[:blank:]]*\{[\x0d\x0a[:blank:]]*(["][^"]{1,}["]|[a-zA-Z][a-zA-Z0-9\\_]*)[\x0d\x0a[:blank:]]*:[\x0d\x0a[:blank:]]*(["]|\[|\{|[0-9]|true|false)/
 }
 
-signature file-zip {
-	file-mime "application/zip", 10
-	file-magic /^PK\x03\x04.{2}/
+signature file-json2 {
+	file-mime "text/json", 1
+	file-magic /^(\xef\xbb\xbf)?[\x0d\x0a[:blank:]]*\[[\x0d\x0a[:blank:]]*(((["][^"]{1,}["]|[0-9]{1,}(\.[0-9]{1,})?|true|false)[\x0d\x0a[:blank:]]*,)|\{|\[)[\x0d\x0a[:blank:]]*/
+}
+
+# Match empty JSON documents.
+signature file-json3 {
+	file-mime "text/json", 0
+	file-magic /^(\xef\xbb\xbf)?[\x0d\x0a[:blank:]]*(\[\]|\{\})[\x0d\x0a[:blank:]]*$/
+}
+
+signature file-xml {
+	file-mime "application/xml", 10
+	file-magic /^(\xef\xbb\xbf)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*<\?xml /
+}
+
+signature file-xhtml {
+	file-mime "text/html", 100
+	file-magic /^(\xef\xbb\xbf)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*(<\?xml .*\?>)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*<(![dD][oO][cC][tT][yY][pP][eE] {1,}[hH][tT][mM][lL]|[hH][tT][mM][lL]|[mM][eE][tT][aA] {1,}[hH][tT][tT][pP]-[eE][qQ][uU][iI][vV])/
+}
+
+signature file-html {
+	file-mime "text/html", 49
+	file-magic /^(\xef\xbb\xbf)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*(<\?xml .*\?>)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*<![dD][oO][cC][tT][yY][pP][eE] {1,}[hH][tT][mM][lL]/
+}
+
+signature file-html2 {
+	file-mime "text/html", 20
+	file-magic /^(\xef\xbb\xbf)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*(<\?xml .*\?>)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*<([hH][eE][aA][dD]|[hH][tT][mM][lL]|[tT][iI][tT][lL][eE]|[bB][oO][dD][yY])/
+}
+
+signature file-rss {
+	file-mime "text/rss", 90
+	file-magic /^(\xef\xbb\xbf)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*(<\?xml .*\?>)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*<[rR][sS][sS]/
+}
+
+signature file-atom {
+	file-mime "text/atom", 100
+	file-magic /^(\xef\xbb\xbf)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*(<\?xml .*\?>)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*<([rR][sS][sS][^>]*xmlns:atom|[fF][eE][eE][dD][^>]*xmlns=["']?http:\/\/www.w3.org\/2005\/Atom["']?)/
+}
+
+signature file-soap {
+	file-mime "application/soap+xml", 49
+	file-magic /^(\xef\xbb\xbf)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*(<\?xml .*\?>)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*<[sS][oO][aA][pP](-[eE][nN][vV])?:[eE][nN][vV][eE][lL][oO][pP][eE]/
+}
+
+signature file-cross-domain-policy {
+	file-mime "text/x-cross-domain-policy", 49
+	file-magic /^([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*(<\?xml .*\?>)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*<![dD][oO][cC][tT][yY][pP][eE] {1,}[cC][rR][oO][sS][sS]-[dD][oO][mM][aA][iI][nN]-[pP][oO][lL][iI][cC][yY]/
+}
+
+signature file-cross-domain-policy2 {
+	file-mime "text/x-cross-domain-policy", 49
+	file-magic /^([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*(<\?xml .*\?>)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*<[cC][rR][oO][sS][sS]-[dD][oO][mM][aA][iI][nN]-[pP][oO][lL][iI][cC][yY]/
+}
+
+signature file-xmlrpc {
+	file-mime "application/xml-rpc", 49
+	file-magic /^(\xef\xbb\xbf)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*(<\?xml .*\?>)?([\x0d\x0a[:blank:]]*(<!--.*-->)?[\x0d\x0a[:blank:]]*)*<[mM][eE][tT][hH][oO][dD][rR][eE][sS][pP][oO][nN][sS][eE]>/
+}
+
+signature file-coldfusion {
+	file-mime "magnus-internal/cold-fusion", 20
+	file-magic /^([\x0d\x0a[:blank:]]*(<!--.*-->)?)*<(CFPARAM|CFSET|CFIF)/
+}
+
+# Microsoft LNK files
+signature file-lnk {
+	file-mime "application/x-ms-shortcut", 49
+	file-magic /^\x4C\x00\x00\x00\x01\x14\x02\x00\x00\x00\x00\x00\xC0\x00\x00\x00\x00\x10\x00\x00\x00\x46/
 }
 
 signature file-jar {
@@ -21,8 +90,20 @@ signature file-jar {
 }
 
 signature file-java-applet {
-	file-magic /^\xca\xfe\xba\xbe...[\x2e-\x34]/
 	file-mime "application/x-java-applet", 71
+	file-magic /^\xca\xfe\xba\xbe...[\x2d-\x34]/
+}
+
+# OCSP requests over HTTP.
+signature file-ocsp-request {
+	file-magic /^.{11,19}\x06\x05\x2b\x0e\x03\x02\x1a/
+	file-mime "application/ocsp-request", 71
+}
+
+# OCSP responses over HTTP.
+signature file-ocsp-response {
+	file-magic /^.{11,19}\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01/
+	file-mime "application/ocsp-response", 71
 }
 
 # Shockwave flash
@@ -37,12 +118,6 @@ signature file-tnef {
 	file-mime "application/vnd.ms-tnef", 100
 }
 
-# Mac OS X DMG files
-signature file-dmg {
-	file-magic /^(\x78\x01\x73\x0D\x62\x62\x60|\x78\xDA\x63\x60\x18\x05|\x78\x01\x63\x60\x18\x05|\x78\xDA\x73\x0D|\x78[\x01\xDA]\xED[\xD0-\xD9])/
-	file-mime "application/x-dmg", 100
-}
-
 # Mac OS X Mach-O executable
 signature file-mach-o {
 	file-magic /^[\xce\xcf]\xfa\xed\xfe/
@@ -55,13 +130,6 @@ signature file-mach-o-universal {
 	file-mime "application/x-mach-o-executable", 100
 }
 
-# XAR (eXtensible ARchive) format. 
-# Mac OS X uses this for the .pkg format.
-signature file-xar {
-	file-magic /^xar\!/
-	file-mime "application/x-xar", 100
-}
-
 signature file-pkcs7 {
 	file-magic /^MIME-Version:.*protocol=\"application\/pkcs7-signature\"/
 	file-mime "application/pkcs7-signature", 100
@@ -79,16 +147,6 @@ signature file-jnlp {
 	file-mime "application/x-java-jnlp-file", 100
 }
 
-signature file-ico {
-	file-magic /^\x00\x00\x01\x00/
-	file-mime "image/x-icon", 70
-}
-
-signature file-cur {
-	file-magic /^\x00\x00\x02\x00/
-	file-mime "image/x-cursor", 70
-}
-
 signature file-pcap {
 	file-magic /^(\xa1\xb2\xc3\xd4|\xd4\xc3\xb2\xa1)/
 	file-mime "application/vnd.tcpdump.pcap", 70
@@ -119,7 +177,58 @@ signature file-python {
 	file-mime "text/x-python", 60
 }
 
+signature file-awk {
+	file-mime "text/x-awk", 60
+	file-magic /^\x23\x21[^\n]{1,15}bin\/(env[[:space:]]+)?(g|n)?awk/
+}
+
+signature file-tcl {
+	file-mime "text/x-tcl", 60
+	file-magic /^\x23\x21[^\n]{1,15}bin\/(env[[:space:]]+)?(wish|tcl)/
+}
+
+signature file-lua {
+	file-mime "text/x-lua", 49
+	file-magic /^\x23\x21[^\n]{1,15}bin\/(env[[:space:]]+)?lua/
+}
+
+signature file-javascript {
+	file-mime "application/javascript", 60
+	file-magic /^\x23\x21[^\n]{1,15}bin\/(env[[:space:]]+)?node(js)?/
+}
+
+signature file-javascript2 {
+	file-mime "application/javascript", 60
+	file-magic /^[\x0d\x0a[:blank:]]*<[sS][cC][rR][iI][pP][tT][[:blank:]]+([tT][yY][pP][eE]|[lL][aA][nN][gG][uU][aA][gG][eE])=['"]?([tT][eE][xX][tT]\/)?[jJ][aA][vV][aA][sS][cC][rR][iI][pP][tT]/
+}
+
+signature file-javascript3 {
+	file-mime "application/javascript", 60
+	# This seems to be a somewhat common idiom in javascript.
+	file-magic /^[\x0d\x0a[:blank:]]*for \(;;\);/
+}
+
+signature file-javascript4 {
+	file-mime "application/javascript", 60
+	file-magic /^[\x0d\x0a[:blank:]]*document\.write(ln)?[:blank:]?\(/
+}
+
+signature file-javascript5 {
+	file-mime "application/javascript", 60
+	file-magic /^\(function\(\)[[:blank:]\n]*\{/
+}
+
+signature file-javascript6 {
+	file-mime "application/javascript", 60
+	file-magic /^[\x0d\x0a[:blank:]]*<script>[\x0d\x0a[:blank:]]*(var|function) /
+}
+
 signature file-php {
+	file-mime "text/x-php", 60
+	file-magic /^\x23\x21[^\n]{1,15}bin\/(env[[:space:]]+)?php/
+}
+
+signature file-php2 {
 	file-magic /^.*<\?php/
 	file-mime "text/x-php", 40
 }
@@ -135,3 +244,23 @@ signature file-skp {
 	file-magic /^\xFF\xFE\xFF\x0E\x53\x00\x6B\x00\x65\x00\x74\x00\x63\x00\x68\x00\x55\x00\x70\x00\x20\x00\x4D\x00\x6F\x00\x64\x00\x65\x00\x6C\x00/
 	file-mime "application/skp", 100
 }
+
+signature file-elf-object {
+	file-mime "application/x-object", 50
+	file-magic /\x7fELF[\x01\x02](\x01.{10}\x01\x00|\x02.{10}\x00\x01)/
+}
+
+signature file-elf {
+	file-mime "application/x-executable", 50
+	file-magic /\x7fELF[\x01\x02](\x01.{10}\x02\x00|\x02.{10}\x00\x02)/
+}
+
+signature file-elf-sharedlib {
+	file-mime "application/x-sharedlib", 50
+	file-magic /\x7fELF[\x01\x02](\x01.{10}\x03\x00|\x02.{10}\x00\x03)/
+}
+
+signature file-elf-coredump {
+	file-mime "application/x-coredump", 50
+	file-magic /\x7fELF[\x01\x02](\x01.{10}\x04\x00|\x02.{10}\x00\x04)/
+}
diff --git a/scripts/base/frameworks/files/magic/image.sig b/scripts/base/frameworks/files/magic/image.sig
new file mode 100644
index 0000000000..c6c0d13a50
--- /dev/null
+++ b/scripts/base/frameworks/files/magic/image.sig
@@ -0,0 +1,166 @@
+
+signature file-tiff {
+	file-mime "image/tiff", 70
+	file-magic /^(MM\x00[\x2a\x2b]|II[\x2a\x2b]\x00)/
+}
+
+signature file-gif {
+	file-mime "image/gif", 70
+	file-magic /^GIF8/
+}
+
+# JPEG image
+signature file-jpeg {
+	file-mime "image/jpeg", 52
+	file-magic /^\xff\xd8/
+}
+
+signature file-bmp {
+	file-mime "image/x-ms-bmp", 50
+	file-magic /BM.{12}[\x0c\x28\x40\x6c\x7c\x80]\x00/
+}
+
+signature file-ico {
+	file-magic /^\x00\x00\x01\x00/
+	file-mime "image/x-icon", 70
+}
+
+signature file-cur {
+	file-magic /^\x00\x00\x02\x00/
+	file-mime "image/x-cursor", 70
+}
+
+signature file-magic-auto289 {
+	file-mime "image/vnd.adobe.photoshop", 70
+	file-magic /^8BPS/
+}
+
+signature file-png {
+	file-mime "image/png", 110
+	file-magic /^\x89PNG/
+}
+
+# JPEG 2000
+signature file-jp2 {
+	file-mime "image/jp2", 60
+	file-magic /.{4}ftypjp2/
+}
+
+# JPEG 2000
+signature file-jp22 {
+	file-mime "image/jp2", 70
+	file-magic /\x00\x00\x00\x0cjP  \x0d\x0a\x87\x0a.{8}jp2 /
+}
+
+# JPEG 2000
+signature file-jpx {
+	file-mime "image/jpx", 70
+	file-magic /\x00\x00\x00\x0cjP  \x0d\x0a\x87\x0a.{8}jpx /
+}
+
+# JPEG 2000
+signature file-jpm {
+	file-mime "image/jpm", 70
+	file-magic /\x00\x00\x00\x0cjP  \x0d\x0a\x87\x0a.{8}jpm /
+}
+
+# Xcursor image
+signature file-x-cursor {
+	file-mime "image/x-xcursor", 70
+	file-magic /^Xcur/
+}
+
+# NIFF image
+signature file-niff {
+	file-mime "image/x-niff", 70
+	file-magic /^IIN1/
+}
+
+# OpenEXR image
+signature file-openexr {
+	file-mime "image/x-exr", 70
+	file-magic /^\x76\x2f\x31\x01/
+}
+
+# DPX image
+signature file-dpx {
+	file-mime "image/x-dpx", 70
+	file-magic /^SDPX/
+}
+
+# Cartesian Perceptual Compression image
+signature file-cpi {
+	file-mime "image/x-cpi", 70
+	file-magic /(CPC\xb2)/
+}
+
+signature file-orf {
+	file-mime "image/x-olympus-orf", 70
+	file-magic /IIR[OS]|MMOR/
+}
+
+# Foveon X3F raw image
+signature file-x3r {
+	file-mime "image/x-x3f", 70
+	file-magic /^FOVb/
+}
+
+# Paint.NET image
+signature file-paint-net {
+	file-mime "image/x-paintnet", 70
+	file-magic /^PDN3/
+}
+
+# Corel Draw Picture
+signature file-coreldraw {
+	file-mime "image/x-coreldraw", 70
+	file-magic /^RIFF....CDR[A6]/
+}
+
+# Netpbm PAM image
+signature file-netbpm{
+	file-mime "image/x-portable-pixmap", 50
+	file-magic /^P7/
+}
+
+# JPEG 2000 image
+signature file-jpeg-2000 {
+	file-mime "image/jp2", 50
+	file-magic /^....jP/
+}
+
+# DjVU Images
+signature file-djvu {
+	file-mime "image/vnd.djvu", 70
+	file-magic /AT\x26TFORM.{4}(DJV[MUI]|THUM)/
+}
+
+# DWG AutoDesk AutoCAD
+signature file-dwg {
+	file-mime "image/vnd.dwg", 90
+	file-magic /^(AC[12]\.|AC10)/
+}
+
+# GIMP XCF image
+signature file-gimp-xcf {
+	file-mime "image/x-xcf", 110
+	file-magic /^gimp xcf/
+}
+
+# Polar Monitor Bitmap text
+signature file-polar-monitor-bitmap {
+	file-mime "image/x-polar-monitor-bitmap", 160
+	file-magic /^\x5bBitmapInfo2\x5d/
+}
+
+# Award BIOS bitmap
+signature file-award-bitmap {
+	file-mime "image/x-award-bmp", 20
+	file-magic /^AWBM/
+}
+
+# Award BIOS Logo, 136 x 84
+signature file-award-bios-logo {
+	file-mime "image/x-award-bioslogo", 50
+	file-magic /^\x11[\x06\x09]/
+}
diff --git a/scripts/base/frameworks/files/magic/libmagic.sig b/scripts/base/frameworks/files/magic/libmagic.sig
index 72ec40dff8..80ab9bfaa9 100644
--- a/scripts/base/frameworks/files/magic/libmagic.sig
+++ b/scripts/base/frameworks/files/magic/libmagic.sig
@@ -56,42 +56,18 @@ signature file-magic-auto11 {
 	file-magic /(\x3cmap ?version\x3d\x22freeplane)/
 }
 
-# >0  string/wt,=#! /usr/local/bin/nawk (len=22), ["new awk script text executable"], swap_endian=0
-signature file-magic-auto12 {
-	file-mime "text/x-nawk", 250
-	file-magic /(\x23\x21 ?\x2fusr\x2flocal\x2fbin\x2fnawk)/
-}
-
-# >0  string/wt,=#! /usr/local/bin/gawk (len=22), ["GNU awk script text executable"], swap_endian=0
-signature file-magic-auto13 {
-	file-mime "text/x-gawk", 250
-	file-magic /(\x23\x21 ?\x2fusr\x2flocal\x2fbin\x2fgawk)/
-}
-
 # >0  string,=# PaCkAgE DaTaStReAm (len=20), ["pkg Datastream (SVR4)"], swap_endian=0
 signature file-magic-auto19 {
 	file-mime "application/x-svr4-package", 230
 	file-magic /(\x23 PaCkAgE DaTaStReAm)/
 }
 
-# >0  string,=Creative Voice File (len=19), ["Creative Labs voice data"], swap_endian=0
-signature file-magic-auto20 {
-	file-mime "audio/x-unknown", 220
-	file-magic /(Creative Voice File)/
-}
-
 # >0  string/t,=[KDE Desktop Entry] (len=19), ["KDE desktop entry"], swap_endian=0
 signature file-magic-auto21 {
 	file-mime "application/x-kdelnk", 220
 	file-magic /(\x5bKDE Desktop Entry\x5d)/
 }
 
-# >0  string,=!<arch>\n__________E (len=19), ["MIPS archive"], swap_endian=0
-signature file-magic-auto23 {
-	file-mime "application/x-archive", 220
-	file-magic /(\x21\x3carch\x3e\x0a\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x5fE)/
-}
-
 # >0  string/t,=# KDE Config File (len=17), ["KDE config file"], swap_endian=0
 signature file-magic-auto26 {
 	file-mime "application/x-kdelnk", 200
@@ -111,18 +87,6 @@ signature file-magic-auto28 {
 	file-magic /(riff\x2e\x91\xcf\x11\xa5\xd6\x28\xdb\x04\xc1\x00\x00)(.{8})(wave\xf3\xac\xd3\x11\x8c\xd1\x00\xc0O\x8e\xdb\x8a)/
 }
 
-# >0  string/wt,=#! /usr/bin/nawk (len=16), ["new awk script text executable"], swap_endian=0
-signature file-magic-auto29 {
-	file-mime "text/x-nawk", 190
-	file-magic /(\x23\x21 ?\x2fusr\x2fbin\x2fnawk)/
-}
-
-# >0  string/wt,=#! /usr/bin/gawk (len=16), ["GNU awk script text executable"], swap_endian=0
-signature file-magic-auto31 {
-	file-mime "text/x-gawk", 190
-	file-magic /(\x23\x21 ?\x2fusr\x2fbin\x2fgawk)/
-}
-
 # >369  string,=MICROSOFT PIFEX\000 (len=16), ["Windows Program Information File"], swap_endian=0
 signature file-magic-auto32 {
 	file-mime "application/x-dosexec", 190
@@ -135,36 +99,12 @@ signature file-magic-auto34 {
 	file-magic /(\x23VRML ?V1\x2e0 ?ascii)/
 }
 
-# >0  string,=<MakerScreenFont (len=16), ["FrameMaker Font file"], swap_endian=0
-signature file-magic-auto35 {
-	file-mime "application/x-mif", 190
-	file-magic /(\x3cMakerScreenFont)/
-}
-
 # >0  string,=Extended Module: (len=16), ["Fasttracker II module sound data"], swap_endian=0
 signature file-magic-auto36 {
 	file-mime "audio/x-mod", 190
 	file-magic /(Extended Module\x3a)/
 }
 
-# >0  string/t,=<?xml version " (len=15), ["XML"], swap_endian=0
-signature file-magic-auto37 {
-	file-mime "application/xml", 185
-	file-magic /(\x3c\x3fxml version \x22)/
-}
-
-# >0  string/t,=<?xml version=" (len=15), ["XML"], swap_endian=0
-signature file-magic-auto38 {
-	file-mime "application/xml", 185
-	file-magic /(\x3c\x3fxml version\x3d\x22)/
-}
-
-# >0  string,=<?xml version=' (len=15), ["XML"], swap_endian=0
-signature file-magic-auto39 {
-	file-mime "application/xml", 185
-	file-magic /(\x3c\x3fxml version\x3d\x27)/
-}
-
 # >0  string/t,=<?xml version=" (len=15), [""], swap_endian=0
 # >>20  search/wc/1000,=<!DOCTYPE X3D (len=13), ["X3D (Extensible 3D) model xml text"], swap_endian=0
 signature file-magic-auto40 {
@@ -172,22 +112,6 @@ signature file-magic-auto40 {
 	file-magic /(\x3c\x3fxml version\x3d\x22)(.{5})(.*)(\x3c\x21DOCTYPE ?X3D)/
 }
 
-# >0  string/t,=<?xml version=' (len=15), [""], swap_endian=0
-# >>15  string,>\000 (len=1), [""], swap_endian=0
-# >>>19  search/Wctb/4096,=<!doctype html (len=14), ["XHTML document text"], swap_endian=0
-signature file-magic-auto41 {
-	file-mime "text/html", 44
-	file-magic /(\x3c\x3fxml version\x3d\x27)([^\x00])(.{3})(.*)(\x3c\x21[dD][oO][cC][tT][yY][pP][eE] {1,}[hH][tT][mM][lL])/
-}
-
-# >0  string/t,=<?xml version=" (len=15), [""], swap_endian=0
-# >>15  string,>\000 (len=1), [""], swap_endian=0
-# >>>19  search/Wctb/4096,=<!doctype html (len=14), ["XHTML document text"], swap_endian=0
-signature file-magic-auto42 {
-	file-mime "text/html", 44
-	file-magic /(\x3c\x3fxml version\x3d\x22)([^\x00])(.{3})(.*)(\x3c\x21[dD][oO][cC][tT][yY][pP][eE] {1,}[hH][tT][mM][lL])/
-}
-
 # >0  string/t,=<?xml version=" (len=15), [""], swap_endian=0
 # >>15  string,>\000 (len=1), [""], swap_endian=0
 # >>>19  search/4096,=<urlset (len=7), ["XML Sitemap document text"], swap_endian=0
@@ -212,44 +136,18 @@ signature file-magic-auto45 {
 	file-magic /(\x3c\x3fxml version\x3d\x22)([^\x00])(.{3})(.*)(\x3cgnc\x2dv2)/
 }
 
-# >0  string/t,=<?xml version=" (len=15), [""], swap_endian=0
-# >>15  string,>\000 (len=1), [""], swap_endian=0
-# >>>19  search/Wctb/4096,=<html (len=5), ["broken XHTML document text"], swap_endian=0
-signature file-magic-auto46 {
-	file-mime "text/html", 40
-	file-magic /(\x3c\x3fxml version\x3d\x22)([^\x00])(.{3})(.*)(\x3c[hH][tT][mM][lL])/
-}
-
 # >0  string/c,=BEGIN:VCALENDAR (len=15), ["vCalendar calendar file"], swap_endian=0
 signature file-magic-auto47 {
 	file-mime "text/calendar", 180
 	file-magic /(BEGIN\x3aVCALENDAR)/
 }
 
-# >4  string,=Standard Jet DB (len=15), ["Microsoft Access Database"], swap_endian=0
-signature file-magic-auto48 {
-	file-mime "application/x-msaccess", 180
-	file-magic /(.{4})(Standard Jet DB)/
-}
-
-# >4  string,=Standard ACE DB (len=15), ["Microsoft Access Database"], swap_endian=0
-signature file-magic-auto49 {
-	file-mime "application/x-msaccess", 180
-	file-magic /(.{4})(Standard ACE DB)/
-}
-
 # >0  string/w,=#VRML V2.0 utf8 (len=15), ["ISO/IEC 14772 VRML 97 file"], swap_endian=0
 signature file-magic-auto50 {
 	file-mime "model/vrml", 180
 	file-magic /(\x23VRML ?V2\x2e0 ?utf8)/
 }
 
-# >0  string/wt,=#! /usr/bin/awk (len=15), ["awk script text executable"], swap_endian=0
-signature file-magic-auto51 {
-	file-mime "text/x-awk", 180
-	file-magic /(\x23\x21 ?\x2fusr\x2fbin\x2fawk)/
-}
-
 # >0  string,=MAS_UTrack_V00 (len=14), [""], swap_endian=0
 # >>14  string,>/0 (len=2), ["ultratracker V1.%.1s module sound data"], swap_endian=0
 signature file-magic-auto53 {
@@ -309,18 +207,6 @@ signature file-magic-auto61 {
 	file-magic /(.{39})(\x3cgmr\x3aWorkbook)/
 }
 
-# >0  string/t,=[BitmapInfo2] (len=13), ["Polar Monitor Bitmap text"], swap_endian=0
-signature file-magic-auto62 {
-	file-mime "image/x-polar-monitor-bitmap", 160
-	file-magic /(\x5bBitmapInfo2\x5d)/
-}
-
-# >0  string,=SplineFontDB: (len=13), ["Spline Font Database "], swap_endian=0
-signature file-magic-auto63 {
-	file-mime "application/vnd.font-fontforge-sfd", 160
-	file-magic /(SplineFontDB\x3a)/
-}
-
 # >0  string/ct,=delivered-to: (len=13), ["SMTP mail text"], swap_endian=0
 signature file-magic-auto64 {
 	file-mime "message/rfc822", 160
@@ -333,33 +219,6 @@ signature file-magic-auto65 {
 	file-magic /([rR][eE][tT][uU][rR][nN]\x2d[pP][aA][tT][hH]\x3a)/
 }
 
-# >0  string,=\000\000\000\fjP  \r\n\207\n (len=12), ["JPEG 2000"], swap_endian=0
-# >>20  string,=jp2  (len=4), ["Part 1 (JP2)"], swap_endian=0
-signature file-magic-auto66 {
-	file-mime "image/jp2", 70
-	file-magic /(\x00\x00\x00\x0cjP  \x0d\x0a\x87\x0a)(.{8})(jp2 )/
-}
-
-# >0  string,=\000\000\000\fjP  \r\n\207\n (len=12), ["JPEG 2000"], swap_endian=0
-# >>20  string,=jpx  (len=4), ["Part 2 (JPX)"], swap_endian=0
-signature file-magic-auto67 {
-	file-mime "image/jpx", 70
-	file-magic /(\x00\x00\x00\x0cjP  \x0d\x0a\x87\x0a)(.{8})(jpx )/
-}
-
-# >0  string,=\000\000\000\fjP  \r\n\207\n (len=12), ["JPEG 2000"], swap_endian=0
-# >>20  string,=jpm  (len=4), ["Part 6 (JPM)"], swap_endian=0
-signature file-magic-auto68 {
-	file-mime "image/jpm", 70
-	file-magic /(\x00\x00\x00\x0cjP  \x0d\x0a\x87\x0a)(.{8})(jpm )/
-}
-
-# >0  string,=\000\000\000\fjP  \r\n\207\n (len=12), ["JPEG 2000"], swap_endian=0
-# >>20  string,=mjp2 (len=4), ["Part 3 (MJ2)"], swap_endian=0
-signature file-magic-auto69 {
-	file-mime "video/mj2", 70
-	file-magic /(\x00\x00\x00\x0cjP  \x0d\x0a\x87\x0a)(.{8})(mjp2)/
-}
 
 # >0  string/w,=<map version (len=12), ["Freemind document"], swap_endian=0
 signature file-magic-auto70 {
@@ -367,24 +226,6 @@ signature file-magic-auto70 {
 	file-magic /(\x3cmap ?version)/
 }
 
-# >0  string/wt,=#! /bin/nawk (len=12), ["new awk script text executable"], swap_endian=0
-signature file-magic-auto72 {
-	file-mime "text/x-nawk", 150
-	file-magic /(\x23\x21 ?\x2fbin\x2fnawk)/
-}
-
-# >0  string/wt,=#! /bin/gawk (len=12), ["GNU awk script text executable"], swap_endian=0
-signature file-magic-auto73 {
-	file-mime "text/x-gawk", 150
-	file-magic /(\x23\x21 ?\x2fbin\x2fgawk)/
-}
-
-# >0  string/wt,=#! /bin/awk (len=11), ["awk script text executable"], swap_endian=0
-signature file-magic-auto75 {
-	file-mime "text/x-awk", 140
-	file-magic /(\x23\x21 ?\x2fbin\x2fawk)/
-}
-
 # >0  string,=filedesc:// (len=11), ["Internet Archive File"], swap_endian=0
 signature file-magic-auto76 {
 	file-mime "application/x-ia-arc", 140
@@ -447,12 +288,6 @@ signature file-magic-auto88 {
 	file-magic /(.*)(\x2d\x2d\x2d )(.*)(\x0a)(.*)(\x2b\x2b\x2b )(.*)(\x0a)(.*)(\x40\x40)/
 }
 
-# >0  string/t,=Received: (len=9), ["RFC 822 mail text"], swap_endian=0
-signature file-magic-auto89 {
-	file-mime "message/rfc822", 120
-	file-magic /(Received\x3a)/
-}
-
 # >0  string,=<BookFile (len=9), ["FrameMaker Book file"], swap_endian=0
 signature file-magic-auto90 {
 	file-mime "application/x-mif", 120
@@ -484,46 +319,12 @@ signature file-magic-auto94 {
 	file-magic /(LPKSHHRH)(.{8})([\x00\x01\x02\x03])(.{7})([^\x00]{8})([^\x00]{8})([^\x00]{8})([^\x00]{8})([^\x00]{8})([^\x00]{8})/
 }
 
-# >0  string,=AT&TFORM (len=8), [""], swap_endian=0
-# >>12  string,=DJVM (len=4), ["DjVu multiple page document"], swap_endian=0
-signature file-magic-auto95 {
-	file-mime "image/vnd.djvu", 70
-	file-magic /(AT\x26TFORM)(.{4})(DJVM)/
-}
-
-# >0  string,=AT&TFORM (len=8), [""], swap_endian=0
-# >>12  string,=DJVU (len=4), ["DjVu image or single page document"], swap_endian=0
-signature file-magic-auto96 {
-	file-mime "image/vnd.djvu", 70
-	file-magic /(AT\x26TFORM)(.{4})(DJVU)/
-}
-
-# >0  string,=AT&TFORM (len=8), [""], swap_endian=0
-# >>12  string,=DJVI (len=4), ["DjVu shared document"], swap_endian=0
-signature file-magic-auto97 {
-	file-mime "image/vnd.djvu", 70
-	file-magic /(AT\x26TFORM)(.{4})(DJVI)/
-}
-
-# >0  string,=AT&TFORM (len=8), [""], swap_endian=0
-# >>12  string,=THUM (len=4), ["DjVu page thumbnails"], swap_endian=0
-signature file-magic-auto98 {
-	file-mime "image/vnd.djvu", 70
-	file-magic /(AT\x26TFORM)(.{4})(THUM)/
-}
-
 # >0  string/t,=#! rnews (len=8), ["batched news text"], swap_endian=0
 signature file-magic-auto99 {
 	file-mime "message/rfc822", 110
 	file-magic /(\x23\x21 rnews)/
 }
 
-# >0  string/b,=MSCF\000\000\000\000 (len=8), ["Microsoft Cabinet archive data"], swap_endian=0
-signature file-magic-auto100 {
-	file-mime "application/vnd.ms-cab-compressed", 110
-	file-magic /(MSCF\x00\x00\x00\x00)/
-}
-
 # >21  string/c,=!SCREAM! (len=8), ["Screamtracker 2 module sound data"], swap_endian=0
 signature file-magic-auto102 {
 	file-mime "audio/x-mod", 110
@@ -543,82 +344,49 @@ signature file-magic-auto104 {
 	file-magic /(ITOLITLS)(.{4})/
 }
 
-# >4096  string,=\211HDF\r\n\032\n (len=8), ["Hierarchical Data Format (version 5) with 4k user block"], swap_endian=0
-signature file-magic-auto105 {
-	file-mime "application/x-hdf", 110
-	file-magic /(.{4096})(\x89HDF\x0d\x0a\x1a\x0a)/
-}
-
-# >2048  string,=\211HDF\r\n\032\n (len=8), ["Hierarchical Data Format (version 5) with 2k user block"], swap_endian=0
-signature file-magic-auto106 {
-	file-mime "application/x-hdf", 110
-	file-magic /(.{2048})(\x89HDF\x0d\x0a\x1a\x0a)/
-}
-
-# >1024  string,=\211HDF\r\n\032\n (len=8), ["Hierarchical Data Format (version 5) with 1k user block"], swap_endian=0
-signature file-magic-auto107 {
-	file-mime "application/x-hdf", 110
-	file-magic /(.{1024})(\x89HDF\x0d\x0a\x1a\x0a)/
-}
-
-# >512  string,=\211HDF\r\n\032\n (len=8), ["Hierarchical Data Format (version 5) with 512 bytes user block"], swap_endian=0
-signature file-magic-auto108 {
-	file-mime "application/x-hdf", 110
-	file-magic /(.{512})(\x89HDF\x0d\x0a\x1a\x0a)/
-}
-
 # >0  string,=\211HDF\r\n\032\n (len=8), ["Hierarchical Data Format (version 5) data"], swap_endian=0
 signature file-magic-auto109 {
 	file-mime "application/x-hdf", 110
 	file-magic /(\x89HDF\x0d\x0a\x1a\x0a)/
 }
 
-# >0  string,=\211PNG\r\n\032\n (len=8), ["PNG image data"], swap_endian=0
-signature file-magic-auto110 {
-	file-mime "image/png", 110
-	file-magic /(\x89PNG\x0d\x0a\x1a\x0a)/
-}
+# Find a way to do the following to generically detect ICC profiles.
+# An ICC parser should deal with the difference in these formats.
+## >36  string,=acspSUNW (len=8), ["Sun KCMS ICC Profile"], swap_endian=0
+#signature file-magic-auto111 {
+#	file-mime "application/vnd.iccprofile", 110
+#	file-magic /(.{36})(acspSUNW)/
+#}
+#
+## >36  string,=acspSGI  (len=8), ["SGI ICC Profile"], swap_endian=0
+#signature file-magic-auto112 {
+#	file-mime "application/vnd.iccprofile", 110
+#	file-magic /(.{36})(acspSGI )/
+#}
+#
+## >36  string,=acspMSFT (len=8), ["Microsoft ICM Color Profile"], swap_endian=0
+#signature file-magic-auto113 {
+#	file-mime "application/vnd.iccprofile", 110
+#	file-magic /(.{36})(acspMSFT)/
+#}
+#
+## >36  string,=acspAPPL (len=8), ["ColorSync ICC Profile"], swap_endian=0
+#signature file-magic-auto114 {
+#	file-mime "application/vnd.iccprofile", 110
+#	file-magic /(.{36})(acspAPPL)/
+#}
+#
+## >36  string,=acsp (len=4), ["ICC Profile"], swap_endian=0
+#signature file-magic-auto277 {
+#	file-mime "application/vnd.iccprofile", 70
+#	file-magic /(.{36})(acsp)/
+#}
 
-# >36  string,=acspSUNW (len=8), ["Sun KCMS ICC Profile"], swap_endian=0
-signature file-magic-auto111 {
-	file-mime "application/vnd.iccprofile", 110
-	file-magic /(.{36})(acspSUNW)/
-}
-
-# >36  string,=acspSGI  (len=8), ["SGI ICC Profile"], swap_endian=0
-signature file-magic-auto112 {
-	file-mime "application/vnd.iccprofile", 110
-	file-magic /(.{36})(acspSGI )/
-}
-
-# >36  string,=acspMSFT (len=8), ["Microsoft ICM Color Profile"], swap_endian=0
-signature file-magic-auto113 {
-	file-mime "application/vnd.iccprofile", 110
-	file-magic /(.{36})(acspMSFT)/
-}
-
-# >36  string,=acspAPPL (len=8), ["ColorSync ICC Profile"], swap_endian=0
-signature file-magic-auto114 {
-	file-mime "application/vnd.iccprofile", 110
-	file-magic /(.{36})(acspAPPL)/
-}
-
-# >0  string,=gimp xcf (len=8), ["GIMP XCF image data,"], swap_endian=0
-signature file-magic-auto115 {
-	file-mime "image/x-xcf", 110
-	file-magic /(gimp xcf)/
-}
 
 # >512  string,=R\000o\000o\000t\000 (len=8), ["Hangul (Korean) Word Processor File 2000"], swap_endian=0
-signature file-magic-auto116 {
-	file-mime "application/x-hwp", 110
-	file-magic /(.{512})(R\x00o\x00o\x00t\x00)/
-}
-
-# >257  string,=ustar  \000 (len=8), ["GNU tar archive"], swap_endian=0
-#signature file-magic-auto117 {
-#	file-mime "application/x-tar", 110
-#	file-magic /(.{257})(ustar  \x00)/
+#signature file-magic-auto116 {
+#	file-mime "application/x-hwp", 110
+#	file-magic /(.{512})(R\x00o\x00o\x00t\x00)/
 #}
 
 # >0  string,=<MIFFile (len=8), ["FrameMaker MIF (ASCII) file"], swap_endian=0
@@ -627,12 +395,6 @@ signature file-magic-auto118 {
 	file-magic /(\x3cMIFFile)/
 }
 
-# >0  string,=PK\a\bPK\003\004 (len=8), ["Zip multi-volume archive data, at least PKZIP v2.50 to extract"], swap_endian=0
-signature file-magic-auto119 {
-	file-mime "application/zip", 110
-	file-magic /(PK\x07\x08PK\x03\x04)/
-}
-
 # >0  string/b,=WordPro\000 (len=8), ["Lotus WordPro"], swap_endian=0
 signature file-magic-auto121 {
 	file-mime "application/vnd.lotus-wordpro", 110
@@ -645,12 +407,6 @@ signature file-magic-auto122 {
 	file-magic /(Article)/
 }
 
-# >0  string,=\037\213 (len=2), ["gzip compressed data"], swap_endian=0
-signature file-magic-auto123 {
-	file-mime "application/x-gzip", 100
-	file-magic /(\x1f\x8b)/
-}
-
 # >0  string/t,=Pipe to (len=7), ["mail piping text"], swap_endian=0
 signature file-magic-auto124 {
 	file-mime "message/rfc822", 100
@@ -663,18 +419,6 @@ signature file-magic-auto125 {
 	file-magic /(\x2eRMF\x00\x00\x00)/
 }
 
-# >0  string,=StuffIt (len=7), ["StuffIt Archive"], swap_endian=0
-signature file-magic-auto126 {
-	file-mime "application/x-stuffit", 100
-	file-magic /(StuffIt)/
-}
-
-# >0  string,=!<arch> (len=7), ["current ar archive"], swap_endian=0
-signature file-magic-auto127 {
-	file-mime "application/x-archive", 100
-	file-magic /(\x21\x3carch\x3e)/
-}
-
 # >0  string,=P5 (len=2), [""], swap_endian=0
 # >>3  regex,=[0-9]{1,50}  (len=12), [", size = %sx"], swap_endian=0
 # >>>3  regex,= [0-9]{1,50} (len=12), ["%s"], swap_endian=0
@@ -699,151 +443,12 @@ signature file-magic-auto130 {
 	file-magic /(P4)(.{1})([0-9]{1,50} )( [0-9]{1,50})/
 }
 
-# >257  string,=ustar\000 (len=6), ["POSIX tar archive"], swap_endian=0
-#signature file-magic-auto131 {
-#	file-mime "application/x-tar", 90
-#	file-magic /(.{257})(ustar\x00)/
-#}
-
-# >0  string,=AC1.40 (len=6), ["DWG AutoDesk AutoCAD Release 1.40"], swap_endian=0
-signature file-magic-auto132 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1\x2e40)/
-}
-
-# >0  string,=AC1.50 (len=6), ["DWG AutoDesk AutoCAD Release 2.05"], swap_endian=0
-signature file-magic-auto133 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1\x2e50)/
-}
-
-# >0  string,=AC2.10 (len=6), ["DWG AutoDesk AutoCAD Release 2.10"], swap_endian=0
-signature file-magic-auto134 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC2\x2e10)/
-}
-
-# >0  string,=AC2.21 (len=6), ["DWG AutoDesk AutoCAD Release 2.21"], swap_endian=0
-signature file-magic-auto135 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC2\x2e21)/
-}
-
-# >0  string,=AC2.22 (len=6), ["DWG AutoDesk AutoCAD Release 2.22"], swap_endian=0
-signature file-magic-auto136 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC2\x2e22)/
-}
-
-# >0  string,=AC1001 (len=6), ["DWG AutoDesk AutoCAD Release 2.22"], swap_endian=0
-signature file-magic-auto137 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1001)/
-}
-
-# >0  string,=AC1002 (len=6), ["DWG AutoDesk AutoCAD Release 2.50"], swap_endian=0
-signature file-magic-auto138 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1002)/
-}
-
-# >0  string,=AC1003 (len=6), ["DWG AutoDesk AutoCAD Release 2.60"], swap_endian=0
-signature file-magic-auto139 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1003)/
-}
-
-# >0  string,=AC1004 (len=6), ["DWG AutoDesk AutoCAD Release 9"], swap_endian=0
-signature file-magic-auto140 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1004)/
-}
-
-# >0  string,=AC1006 (len=6), ["DWG AutoDesk AutoCAD Release 10"], swap_endian=0
-signature file-magic-auto141 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1006)/
-}
-
-# >0  string,=AC1009 (len=6), ["DWG AutoDesk AutoCAD Release 11/12"], swap_endian=0
-signature file-magic-auto142 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1009)/
-}
-
-# >0  string,=AC1012 (len=6), ["DWG AutoDesk AutoCAD Release 13"], swap_endian=0
-signature file-magic-auto143 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1012)/
-}
-
-# >0  string,=AC1014 (len=6), ["DWG AutoDesk AutoCAD Release 14"], swap_endian=0
-signature file-magic-auto144 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1014)/
-}
-
-# >0  string,=AC1015 (len=6), ["DWG AutoDesk AutoCAD 2000/2002"], swap_endian=0
-signature file-magic-auto145 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1015)/
-}
-
-# >0  string,=AC1018 (len=6), ["DWG AutoDesk AutoCAD 2004/2005/2006"], swap_endian=0
-signature file-magic-auto146 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1018)/
-}
-
-# >0  string,=AC1021 (len=6), ["DWG AutoDesk AutoCAD 2007/2008/2009"], swap_endian=0
-signature file-magic-auto147 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1021)/
-}
-
-# >0  string,=AC1024 (len=6), ["DWG AutoDesk AutoCAD 2010/2011/2012"], swap_endian=0
-signature file-magic-auto148 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1024)/
-}
-
-# >0  string,=AC1027 (len=6), ["DWG AutoDesk AutoCAD 2013/2014"], swap_endian=0
-signature file-magic-auto149 {
-	file-mime "image/vnd.dwg", 90
-	file-magic /(AC1027)/
-}
-
-# >0  string,=7z\274\257'\034 (len=6), ["7-zip archive data,"], swap_endian=0
-# >>7  byte&,x, [".%d"], swap_endian=0
-signature file-magic-auto150 {
-	file-mime "application/x-7z-compressed", 1
-	file-magic /(7z\xbc\xaf\x27\x1c)(.{1})(.{1})/
-}
-
-# >0  ustring,=\3757zXZ\000 (len=6), ["XZ compressed data"], swap_endian=0
-signature file-magic-auto151 {
-	file-mime "application/x-xz", 90
-	file-magic /(\xfd7zXZ\x00)/
-}
-
 # >0  string,=<Maker (len=6), ["Intermediate Print File	FrameMaker IPL file"], swap_endian=0
 signature file-magic-auto152 {
 	file-mime "application/x-mif", 90
 	file-magic /(\x3cMaker)/
 }
 
-# >0  string,=GIF94z (len=6), ["ZIF image (GIF+deflate alpha)"], swap_endian=0
-signature file-magic-auto153 {
-	file-mime "image/x-unknown", 90
-	file-magic /(GIF94z)/
-}
-
-# >0  string,=FGF95a (len=6), ["FGF image (GIF+deflate beta)"], swap_endian=0
-signature file-magic-auto154 {
-	file-mime "image/x-unknown", 90
-	file-magic /(FGF95a)/
-}
-
 # >0  string/t,=# xmcd (len=6), ["xmcd database file for kscd"], swap_endian=0
 signature file-magic-auto155 {
 	file-mime "text/x-xmcd", 90
@@ -896,159 +501,6 @@ signature file-magic-auto162 {
 	file-magic /(\x3c\x3fxml)(.{15})(.*)( xmlns\x3d)(['"]http:\x2f\x2fwww.opengis.net\x2fkml)/
 }
 
-# >60  string,=RINEX (len=5), [""], swap_endian=0
-# >>80  search/256,=XXRINEXB (len=8), ["RINEX Data, GEO SBAS Broadcast"], swap_endian=0
-# >>>5  string,x, [", version %6.6s"], swap_endian=0
-signature file-magic-auto166 {
-	file-mime "rinex/broadcast", 1
-	file-magic /(.{60})(RINEX)(.{15})(.*)(XXRINEXB)/
-}
-
-# >60  string,=RINEX (len=5), [""], swap_endian=0
-# >>80  search/256,=XXRINEXD (len=8), ["RINEX Data, Observation (Hatanaka comp)"], swap_endian=0
-# >>>5  string,x, [", version %6.6s"], swap_endian=0
-signature file-magic-auto167 {
-	file-mime "rinex/observation", 1
-	file-magic /(.{60})(RINEX)(.{15})(.*)(XXRINEXD)/
-}
-
-# >60  string,=RINEX (len=5), [""], swap_endian=0
-# >>80  search/256,=XXRINEXC (len=8), ["RINEX Data, Clock"], swap_endian=0
-# >>>5  string,x, [", version %6.6s"], swap_endian=0
-signature file-magic-auto168 {
-	file-mime "rinex/clock", 1
-	file-magic /(.{60})(RINEX)(.{15})(.*)(XXRINEXC)/
-}
-
-# >60  string,=RINEX (len=5), [""], swap_endian=0
-# >>80  search/256,=XXRINEXH (len=8), ["RINEX Data, GEO SBAS Navigation"], swap_endian=0
-# >>>5  string,x, [", version %6.6s"], swap_endian=0
-signature file-magic-auto169 {
-	file-mime "rinex/navigation", 1
-	file-magic /(.{60})(RINEX)(.{15})(.*)(XXRINEXH)/
-}
-
-# >60  string,=RINEX (len=5), [""], swap_endian=0
-# >>80  search/256,=XXRINEXG (len=8), ["RINEX Data, GLONASS Navigation"], swap_endian=0
-# >>>5  string,x, [", version %6.6s"], swap_endian=0
-signature file-magic-auto170 {
-	file-mime "rinex/navigation", 1
-	file-magic /(.{60})(RINEX)(.{15})(.*)(XXRINEXG)/
-}
-
-# >60  string,=RINEX (len=5), [""], swap_endian=0
-# >>80  search/256,=XXRINEXL (len=8), ["RINEX Data, Galileo Navigation"], swap_endian=0
-# >>>5  string,x, [", version %6.6s"], swap_endian=0
-signature file-magic-auto171 {
-	file-mime "rinex/navigation", 1
-	file-magic /(.{60})(RINEX)(.{15})(.*)(XXRINEXL)/
-}
-
-# >60  string,=RINEX (len=5), [""], swap_endian=0
-# >>80  search/256,=XXRINEXM (len=8), ["RINEX Data, Meteorological"], swap_endian=0
-# >>>5  string,x, [", version %6.6s"], swap_endian=0
-signature file-magic-auto172 {
-	file-mime "rinex/meteorological", 1
-	file-magic /(.{60})(RINEX)(.{15})(.*)(XXRINEXM)/
-}
-
-# >60  string,=RINEX (len=5), [""], swap_endian=0
-# >>80  search/256,=XXRINEXN (len=8), ["RINEX Data, Navigation	"], swap_endian=0
-# >>>5  string,x, [", version %6.6s"], swap_endian=0
-signature file-magic-auto173 {
-	file-mime "rinex/navigation", 1
-	file-magic /(.{60})(RINEX)(.{15})(.*)(XXRINEXN)/
-}
-
-# >60  string,=RINEX (len=5), [""], swap_endian=0
-# >>80  search/256,=XXRINEXO (len=8), ["RINEX Data, Observation"], swap_endian=0
-# >>>5  string,x, [", version %6.6s"], swap_endian=0
-signature file-magic-auto174 {
-	file-mime "rinex/observation", 1
-	file-magic /(.{60})(RINEX)(.{15})(.*)(XXRINEXO)/
-}
-
-# Doubt it's going to be common to have this many bytes buffered.
-# >37633  string,=CD001 (len=5), ["ISO 9660 CD-ROM filesystem data (raw 2352 byte sectors)"], swap_endian=0
-#signature file-magic-auto175 {
-#	file-mime "application/x-iso9660-image", 80
-#	file-magic /(.{37633})(CD001)/
-#}
-
-# >2  string,=-lhd- (len=5), ["LHa 2.x? archive data [lhd]"], swap_endian=0
-signature file-magic-auto176 {
-	file-mime "application/x-lha", 80
-	file-magic /(.{2})(\x2dlhd\x2d)/
-}
-
-# >0  string,=WARC/ (len=5), ["WARC Archive"], swap_endian=0
-# >>5  string,x, ["version %.4s"], swap_endian=0
-signature file-magic-auto177 {
-	file-mime "application/warc", 1
-	file-magic /(WARC\x2f)(.{0})/
-}
-
-# >0  string,=AC1.3 (len=5), ["DWG AutoDesk AutoCAD Release 1.3"], swap_endian=0
-signature file-magic-auto178 {
-	file-mime "image/vnd.dwg", 80
-	file-magic /(AC1\x2e3)/
-}
-
-# >2  string,=-lh - (len=5), ["LHa 2.x? archive data [lh ]"], swap_endian=0
-signature file-magic-auto179 {
-	file-mime "application/x-lha", 80
-	file-magic /(.{2})(\x2dlh \x2d)/
-}
-
-# >0  string,=AC1.2 (len=5), ["DWG AutoDesk AutoCAD Release 1.2"], swap_endian=0
-signature file-magic-auto180 {
-	file-mime "image/vnd.dwg", 80
-	file-magic /(AC1\x2e2)/
-}
-
-# >0  string,=MC0.0 (len=5), ["DWG AutoDesk AutoCAD Release 1.0"], swap_endian=0
-signature file-magic-auto181 {
-	file-mime "image/vnd.dwg", 80
-	file-magic /(MC0\x2e0)/
-}
-
-# >2  string,=-lzs- (len=5), ["LHa/LZS archive data [lzs]"], swap_endian=0
-signature file-magic-auto182 {
-	file-mime "application/x-lha", 80
-	file-magic /(.{2})(\x2dlzs\x2d)/
-}
-
-# >2  string,=-lz5- (len=5), ["LHarc 1.x archive data [lz5]"], swap_endian=0
-signature file-magic-auto183 {
-	file-mime "application/x-lharc", 80
-	file-magic /(.{2})(\x2dlz5\x2d)/
-}
-
-# Doubt it's going to be common to have this many bytes buffered.
-# >32769  string,=CD001 (len=5), ["#"], swap_endian=0
-#signature file-magic-auto184 {
-#	file-mime "application/x-iso9660-image", 80
-#	file-magic /(.{32769})(CD001)/
-#}
-
-# >2  string,=-lh3- (len=5), ["LHa 2.x? archive data [lh3]"], swap_endian=0
-signature file-magic-auto185 {
-	file-mime "application/x-lha", 80
-	file-magic /(.{2})(\x2dlh3\x2d)/
-}
-
-# >2  string,=-lh2- (len=5), ["LHa 2.x? archive data [lh2]"], swap_endian=0
-signature file-magic-auto186 {
-	file-mime "application/x-lha", 80
-	file-magic /(.{2})(\x2dlh2\x2d)/
-}
-
-# >0  string,=\000\001\000\000\000 (len=5), ["TrueType font data"], swap_endian=0
-signature file-magic-auto187 {
-	file-mime "application/x-font-ttf", 80
-	file-magic /(\x00\x01\x00\x00\x00)/
-}
-
 # >0  string,=%PDF- (len=5), ["PDF document"], swap_endian=0
 signature file-magic-auto189 {
 	file-mime "application/pdf", 80
@@ -1073,66 +525,18 @@ signature file-magic-auto194 {
 	file-magic /(From\x3a)/
 }
 
-# >2  string,=-lh7- (len=5), ["LHa (2.x)/LHark archive data [lh7]"], swap_endian=0
-signature file-magic-auto195 {
-	file-mime "application/x-lha", 80
-	file-magic /(.{2})(\x2dlh7\x2d)/
-}
-
 # >0  string,={\rtf (len=5), ["Rich Text Format data,"], swap_endian=0
 signature file-magic-auto196 {
 	file-mime "text/rtf", 80
 	file-magic /(\x7b\x5crtf)/
 }
 
-# >2  string,=-lh6- (len=5), ["LHa (2.x) archive data [lh6]"], swap_endian=0
-signature file-magic-auto197 {
-	file-mime "application/x-lha", 80
-	file-magic /(.{2})(\x2dlh6\x2d)/
-}
-
-# >2  string,=-lh5- (len=5), ["LHa (2.x) archive data [lh5]"], swap_endian=0
-signature file-magic-auto198 {
-	file-mime "application/x-lha", 80
-	file-magic /(.{2})(\x2dlh5\x2d)/
-}
-
-# >2  string,=-lh4- (len=5), ["LHa (2.x) archive data [lh4]"], swap_endian=0
-signature file-magic-auto199 {
-	file-mime "application/x-lha", 80
-	file-magic /(.{2})(\x2dlh4\x2d)/
-}
-
-# >2  string,=-lz4- (len=5), ["LHarc 1.x archive data [lz4]"], swap_endian=0
-signature file-magic-auto200 {
-	file-mime "application/x-lharc", 80
-	file-magic /(.{2})(\x2dlz4\x2d)/
-}
-
-# >2  string,=-lh1- (len=5), ["LHarc 1.x/ARX archive data [lh1]"], swap_endian=0
-signature file-magic-auto201 {
-	file-mime "application/x-lharc", 80
-	file-magic /(.{2})(\x2dlh1\x2d)/
-}
-
-# >2  string,=-lh0- (len=5), ["LHarc 1.x/ARX archive data [lh0]"], swap_endian=0
-signature file-magic-auto202 {
-	file-mime "application/x-lharc", 80
-	file-magic /(.{2})(\x2dlh0\x2d)/
-}
-
 # >0  string,=%FDF- (len=5), ["FDF document"], swap_endian=0
 signature file-magic-auto203 {
 	file-mime "application/vnd.fdf", 80
 	file-magic /(\x25FDF\x2d)/
 }
 
-# >0  belong&,=443 (0x000001bb), [""], swap_endian=0
-signature file-magic-auto204 {
-	file-mime "video/mpeg", 71
-	file-magic /(\x00\x00\x01\xbb)/
-}
-
 # The non-sequential offsets and use of bitmask and relational operators
 # made this difficult to autogenerate.  Can see about manually creating
 # the correct character class later.
@@ -1145,31 +549,6 @@ signature file-magic-auto204 {
 #	file-magic /(.{4})(.*)([\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff])(.*)([\x00\x01\x02\x03\x04\x05])(.*)([\x00\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff])/
 #}
 
-# >0  belong&,=432 (0x000001b0), [""], swap_endian=0
-signature file-magic-auto206 {
-	file-mime "video/mp4v-es", 71
-	file-magic /(\x00\x00\x01\xb0)/
-}
-
-# >0  belong&,=437 (0x000001b5), [""], swap_endian=0
-signature file-magic-auto207 {
-	file-mime "video/mp4v-es", 71
-	file-magic /(\x00\x00\x01\xb5)/
-}
-
-# >0  string,=AWBM (len=4), [""], swap_endian=0
-# >>4  leshort&,<1981 (0x07bd), ["Award BIOS bitmap"], swap_endian=0
-signature file-magic-auto208 {
-	file-mime "image/x-award-bmp", 20
-	file-magic /(AWBM)(.{2})/
-}
-
-# >0  belong&,=435 (0x000001b3), [""], swap_endian=0
-signature file-magic-auto209 {
-	file-mime "video/mpv", 71
-	file-magic /(\x00\x00\x01\xb3)/
-}
-
 # Converting bitmask to character class might make the regex
 # unfriendly to humans.
 # >0  belong&ffffffffff5fff10,=1195376656 (0x47400010), [""], swap_endian=0
@@ -1178,54 +557,6 @@ signature file-magic-auto209 {
 #	file-magic /(.{4})/
 #}
 
-# >0  belong&,=1 (0x00000001), [""], swap_endian=0
-# >>4  byte&0000001f,=0x07, [""], swap_endian=0
-signature file-magic-auto211 {
-	file-mime "video/h264", 41
-	file-magic /(\x00\x00\x00\x01)([\x07\x27\x47\x67\x87\xa7\xc7\xe7])/
-}
-
-# >0  belong&ffffffffffffff00,=256 (0x00000100), [""], swap_endian=0
-# >>3  byte&,=0xba, ["MPEG sequence"], swap_endian=0
-signature file-magic-auto213 {
-	file-mime "video/mpeg", 40
-	file-magic /(\x00\x00\x01\xba)/
-}
-
-# >0  belong&ffffffffffffff00,=256 (0x00000100), [""], swap_endian=0
-# >>3  byte&,=0xb0, ["MPEG sequence, v4"], swap_endian=0
-signature file-magic-auto214 {
-	file-mime "video/mpeg4-generic", 40
-	file-magic /(\x00\x00\x01\xb0)/
-}
-
-# >0  belong&ffffffffffffff00,=256 (0x00000100), [""], swap_endian=0
-# >>3  byte&,=0xb5, ["MPEG sequence, v4"], swap_endian=0
-signature file-magic-auto215 {
-	file-mime "video/mpeg4-generic", 40
-	file-magic /(\x00\x00\x01\xb5)/
-}
-
-# >0  belong&ffffffffffffff00,=256 (0x00000100), [""], swap_endian=0
-# >>3  byte&,=0xb3, ["MPEG sequence"], swap_endian=0
-signature file-magic-auto216 {
-	file-mime "video/mpeg", 40
-	file-magic /(\x00\x00\x01\xb3)/
-}
-
-# >0  lelong&,=4 (0x00000004), [""], swap_endian=0
-# >>104  lelong&,=4 (0x00000004), ["X11 SNF font data, LSB first"], swap_endian=0
-signature file-magic-auto217 {
-	file-mime "application/x-font-sfn", 70
-	file-magic /(\x04\x00\x00\x00)(.{100})(\x04\x00\x00\x00)/
-}
-
-# >0  lelong&00ffffff,=93 (0x0000005d), [""], swap_endian=0
-signature file-magic-auto218 {
-	file-mime "application/x-lzma", 71
-	file-magic /(\x5d\x00\x00.)/
-}
-
 # This didn't auto-generate correctly due to non-sequential offsets and
 # use of bitwise/relational comparisons.  At a glance: may not be
 # that common/useful, leaving for later.
@@ -1285,22 +616,6 @@ signature file-magic-auto223 {
 	file-magic /(\x3bELC)([\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff])/
 }
 
-# >0  belong&,=440786851 (0x1a45dfa3), [""], swap_endian=0
-# >>4  search/4096,=B\202 (len=2), [""], swap_endian=0
-# >>>&1  string,=webm (len=4), ["WebM"], swap_endian=0
-signature file-magic-auto224 {
-	file-mime "video/webm", 70
-	file-magic /(\x1a\x45\xdf\xa3)(.*)(B\x82)(.{1})(webm)/
-}
-
-# >0  belong&,=440786851 (0x1a45dfa3), [""], swap_endian=0
-# >>4  search/4096,=B\202 (len=2), [""], swap_endian=0
-# >>>&1  string,=matroska (len=8), ["Matroska data"], swap_endian=0
-signature file-magic-auto225 {
-	file-mime "video/x-matroska", 110
-	file-magic /(\x1a\x45\xdf\xa3)(.*)(B\x82)(.{1})(matroska)/
-}
-
 # >0  string,=PK\003\004 (len=4), [""], swap_endian=0
 # >>4  byte&,=0x14, [""], swap_endian=0
 # >>>30  string,=doc.kml (len=7), ["Compressed Google KML Document, including resources."], swap_endian=0
@@ -1502,152 +817,39 @@ signature file-magic-auto245 {
 	file-magic /(PK\x03\x04)(.{22})(\x08\x00\x00\x00mimetypeapplication\x2f)(epub\x2bzip)/
 }
 
-# >0  belong&,=442 (0x000001ba), [""], swap_endian=0
-# >>4  byte&,&0x40, [""], swap_endian=0
-signature file-magic-auto250 {
-	file-mime "video/mp2p", 21
-	file-magic /(\x00\x00\x01\xba)([\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff])/
-}
-
-# >0  belong&,=442 (0x000001ba), [""], swap_endian=0
-# >>4  byte&,^0x40, [""], swap_endian=0
-signature file-magic-auto251 {
-	file-mime "video/mpeg", 21
-	file-magic /(\x00\x00\x01\xba)([\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf])/
-}
-
-# >0  string,=MOVI (len=4), ["Silicon Graphics movie file"], swap_endian=0
-signature file-magic-auto252 {
-	file-mime "video/x-sgi-movie", 70
-	file-magic /(MOVI)/
-}
-
-# >4  string,=moov (len=4), ["Apple QuickTime"], swap_endian=0
-signature file-magic-auto253 {
-	file-mime "video/quicktime", 70
-	file-magic /(.{4})(moov)/
-}
-
-# >4  string,=mdat (len=4), ["Apple QuickTime movie (unoptimized)"], swap_endian=0
-signature file-magic-auto254 {
-	file-mime "video/quicktime", 70
-	file-magic /(.{4})(mdat)/
-}
 
 # >4  string,=idsc (len=4), ["Apple QuickTime image (fast start)"], swap_endian=0
 signature file-magic-auto255 {
 	file-mime "image/x-quicktime", 70
-	file-magic /(.{4})(idsc)/
+	file-magic /....(idsc)/
 }
 
 # >4  string,=pckg (len=4), ["Apple QuickTime compressed archive"], swap_endian=0
 signature file-magic-auto256 {
 	file-mime "application/x-quicktime-player", 70
-	file-magic /(.{4})(pckg)/
+	file-magic /....(pckg)/
 }
 
-# >4  string,=ftyp (len=4), ["ISO Media"], swap_endian=0
-# >>8  string,=isom (len=4), [", MPEG v4 system, version 1"], swap_endian=0
-signature file-magic-auto257 {
-	file-mime "video/mp4", 70
-	file-magic /(.{4})(ftyp)(isom)/
-}
-
-# >4  string,=ftyp (len=4), ["ISO Media"], swap_endian=0
-# >>8  string,=mp41 (len=4), [", MPEG v4 system, version 1"], swap_endian=0
-signature file-magic-auto258 {
-	file-mime "video/mp4", 70
-	file-magic /(.{4})(ftyp)(mp41)/
-}
-
-# >4  string,=ftyp (len=4), ["ISO Media"], swap_endian=0
-# >>8  string,=mp42 (len=4), [", MPEG v4 system, version 2"], swap_endian=0
-signature file-magic-auto259 {
-	file-mime "video/mp4", 70
-	file-magic /(.{4})(ftyp)(mp42)/
-}
-
-# >4  string,=ftyp (len=4), ["ISO Media"], swap_endian=0
-# >>8  string/W,=jp2 (len=3), [", JPEG 2000"], swap_endian=0
-signature file-magic-auto260 {
-	file-mime "image/jp2", 60
-	file-magic /(.{4})(ftyp)(jp2)/
-}
-
-# >4  string,=ftyp (len=4), ["ISO Media"], swap_endian=0
-# >>8  string,=3ge (len=3), [", MPEG v4 system, 3GPP"], swap_endian=0
-signature file-magic-auto261 {
-	file-mime "video/3gpp", 60
-	file-magic /(.{4})(ftyp)(3ge)/
-}
-
-# >4  string,=ftyp (len=4), ["ISO Media"], swap_endian=0
-# >>8  string,=3gg (len=3), [", MPEG v4 system, 3GPP"], swap_endian=0
-signature file-magic-auto262 {
-	file-mime "video/3gpp", 60
-	file-magic /(.{4})(ftyp)(3gg)/
-}
-
-# >4  string,=ftyp (len=4), ["ISO Media"], swap_endian=0
-# >>8  string,=3gp (len=3), [", MPEG v4 system, 3GPP"], swap_endian=0
-signature file-magic-auto263 {
-	file-mime "video/3gpp", 60
-	file-magic /(.{4})(ftyp)(3gp)/
-}
-
-# >4  string,=ftyp (len=4), ["ISO Media"], swap_endian=0
-# >>8  string,=3gs (len=3), [", MPEG v4 system, 3GPP"], swap_endian=0
-signature file-magic-auto264 {
-	file-mime "video/3gpp", 60
-	file-magic /(.{4})(ftyp)(3gs)/
-}
-
-# >4  string,=ftyp (len=4), ["ISO Media"], swap_endian=0
-# >>8  string,=3g2 (len=3), [", MPEG v4 system, 3GPP2"], swap_endian=0
-signature file-magic-auto265 {
-	file-mime "video/3gpp2", 60
-	file-magic /(.{4})(ftyp)(3g2)/
-}
-
-# >4  string,=ftyp (len=4), ["ISO Media"], swap_endian=0
-# >>8  string,=mmp4 (len=4), [", MPEG v4 system, 3GPP Mobile"], swap_endian=0
-signature file-magic-auto266 {
-	file-mime "video/mp4", 70
-	file-magic /(.{4})(ftyp)(mmp4)/
-}
-
-# >4  string,=ftyp (len=4), ["ISO Media"], swap_endian=0
-# >>8  string,=avc1 (len=4), [", MPEG v4 system, 3GPP JVT AVC"], swap_endian=0
-signature file-magic-auto267 {
-	file-mime "video/3gpp", 70
-	file-magic /(.{4})(ftyp)(avc1)/
-}
 
 # >4  string,=ftyp (len=4), ["ISO Media"], swap_endian=0
 # >>8  string/W,=M4A (len=3), [", MPEG v4 system, iTunes AAC-LC"], swap_endian=0
 signature file-magic-auto268 {
 	file-mime "audio/mp4", 60
-	file-magic /(.{4})(ftyp)(M4A)/
+	file-magic /....(ftyp)(M4A)/
 }
 
 # >4  string,=ftyp (len=4), ["ISO Media"], swap_endian=0
 # >>8  string/W,=M4V (len=3), [", MPEG v4 system, iTunes AVC-LC"], swap_endian=0
 signature file-magic-auto269 {
 	file-mime "video/mp4", 60
-	file-magic /(.{4})(ftyp)(M4V)/
+	file-magic /....(ftyp)(M4V)/
 }
 
 # >4  string,=ftyp (len=4), ["ISO Media"], swap_endian=0
 # >>8  string/W,=qt (len=2), [", Apple QuickTime movie"], swap_endian=0
 signature file-magic-auto270 {
 	file-mime "video/quicktime", 50
-	file-magic /(.{4})(ftyp)(qt)/
-}
-
-# >0  string,=Xcur (len=4), ["Xcursor data"], swap_endian=0
-signature file-magic-auto271 {
-	file-mime "image/x-xcursor", 70
-	file-magic /(Xcur)/
+	file-magic /....(ftyp)(qt)/
 }
 
 # >0  string,=ADIF (len=4), ["MPEG ADIF, AAC"], swap_endian=0
@@ -1662,17 +864,6 @@ signature file-magic-auto273 {
 	file-magic /(\x30\x26\xb2\x75)/
 }
 
-# >0  string,=\212MNG (len=4), ["MNG video data,"], swap_endian=0
-signature file-magic-auto274 {
-	file-mime "video/x-mng", 70
-	file-magic /(\x8aMNG)/
-}
-
-# >0  string,=\213JNG (len=4), ["JNG video data,"], swap_endian=0
-signature file-magic-auto275 {
-	file-mime "video/x-jng", 70
-	file-magic /(\x8bJNG)/
-}
 
 # >0  string,=MAC  (len=4), ["Monkey's Audio compressed format"], swap_endian=0
 signature file-magic-auto276 {
@@ -1680,11 +871,6 @@ signature file-magic-auto276 {
 	file-magic /(MAC )/
 }
 
-# >36  string,=acsp (len=4), ["ICC Profile"], swap_endian=0
-signature file-magic-auto277 {
-	file-mime "application/vnd.iccprofile", 70
-	file-magic /(.{36})(acsp)/
-}
 
 # >0  string,=FORM (len=4), ["IFF data"], swap_endian=0
 # >>8  string,=AIFF (len=4), [", AIFF audio"], swap_endian=0
@@ -1713,114 +899,24 @@ signature file-magic-auto281 {
 	file-magic /(fLaC)/
 }
 
-# >0  string,=IIN1 (len=4), ["NIFF image data"], swap_endian=0
-signature file-magic-auto282 {
-	file-mime "image/x-niff", 70
-	file-magic /(IIN1)/
-}
-
-# >0  string,=MM\000* (len=4), ["TIFF image data, big-endian"], swap_endian=0
-signature file-magic-auto283 {
-	file-mime "image/tiff", 70
-	file-magic /(MM\x00\x2a)/
-}
-
-# >0  string,=II*\000 (len=4), ["TIFF image data, little-endian"], swap_endian=0
-signature file-magic-auto284 {
-	file-mime "image/tiff", 70
-	file-magic /(II\x2a\x00)/
-}
-
-# >0  string,=MM\000+ (len=4), ["Big TIFF image data, big-endian"], swap_endian=0
-signature file-magic-auto285 {
-	file-mime "image/tiff", 70
-	file-magic /(MM\x00\x2b)/
-}
-
-# >0  string,=II+\000 (len=4), ["Big TIFF image data, little-endian"], swap_endian=0
-signature file-magic-auto286 {
-	file-mime "image/tiff", 70
-	file-magic /(II\x2b\x00)/
-}
-
-# >0  string,=GIF8 (len=4), ["GIF image data"], swap_endian=0
-signature file-magic-auto287 {
-	file-mime "image/gif", 70
-	file-magic /(GIF8)/
-}
-
 # >128  string,=DICM (len=4), ["DICOM medical imaging data"], swap_endian=0
 signature file-magic-auto288 {
 	file-mime "application/dicom", 70
 	file-magic /(.{128})(DICM)/
 }
 
-# >0  string,=8BPS (len=4), ["Adobe Photoshop Image"], swap_endian=0
-signature file-magic-auto289 {
-	file-mime "image/vnd.adobe.photoshop", 70
-	file-magic /(8BPS)/
-}
-
 # >0  string,=IMPM (len=4), ["Impulse Tracker module sound data -"], swap_endian=0
 signature file-magic-auto290 {
 	file-mime "audio/x-mod", 70
 	file-magic /(IMPM)/
 }
 
-# >0  lelong&,=20000630 (0x01312f76), ["OpenEXR image data,"], swap_endian=0
-signature file-magic-auto291 {
-	file-mime "image/x-exr", 70
-	file-magic /(\x76\x2f\x31\x01)/
-}
-
-# >0  string,=SDPX (len=4), ["DPX image data, big-endian,"], swap_endian=0
-signature file-magic-auto292 {
-	file-mime "image/x-dpx", 70
-	file-magic /(SDPX)/
-}
-
 # >0  belong&,=235082497 (0x0e031301), ["Hierarchical Data Format (version 4) data"], swap_endian=0
 signature file-magic-auto293 {
 	file-mime "application/x-hdf", 70
 	file-magic /(\x0e\x03\x13\x01)/
 }
 
-# >0  string,=CPC\262 (len=4), ["Cartesian Perceptual Compression image"], swap_endian=0
-signature file-magic-auto294 {
-	file-mime "image/x-cpi", 70
-	file-magic /(CPC\xb2)/
-}
-
-# >0  string,=MMOR (len=4), ["Olympus ORF raw image data, big-endian"], swap_endian=0
-signature file-magic-auto295 {
-	file-mime "image/x-olympus-orf", 70
-	file-magic /(MMOR)/
-}
-
-# >0  string,=IIRO (len=4), ["Olympus ORF raw image data, little-endian"], swap_endian=0
-signature file-magic-auto296 {
-	file-mime "image/x-olympus-orf", 70
-	file-magic /(IIRO)/
-}
-
-# >0  string,=IIRS (len=4), ["Olympus ORF raw image data, little-endian"], swap_endian=0
-signature file-magic-auto297 {
-	file-mime "image/x-olympus-orf", 70
-	file-magic /(IIRS)/
-}
-
-# >0  string,=FOVb (len=4), ["Foveon X3F raw image data"], swap_endian=0
-signature file-magic-auto298 {
-	file-mime "image/x-x3f", 70
-	file-magic /(FOVb)/
-}
-
-# >0  string,=PDN3 (len=4), ["Paint.NET image data"], swap_endian=0
-signature file-magic-auto299 {
-	file-mime "image/x-paintnet", 70
-	file-magic /(PDN3)/
-}
-
 # >0  belong&,=-17957139 (0xfeedfeed), ["Java KeyStore"], swap_endian=0
 signature file-magic-auto302 {
 	file-mime "application/x-java-keystore", 70
@@ -1833,71 +929,71 @@ signature file-magic-auto303 {
 	file-magic /(\xce\xce\xce\xce)/
 }
 
-# >1080  string,=32CN (len=4), ["32-channel Taketracker module sound data"], swap_endian=0
-signature file-magic-auto304 {
-	file-mime "audio/x-mod", 70
-	file-magic /(.{1080})(32CN)/
-}
-
-# >1080  string,=16CN (len=4), ["16-channel Taketracker module sound data"], swap_endian=0
-signature file-magic-auto305 {
-	file-mime "audio/x-mod", 70
-	file-magic /(.{1080})(16CN)/
-}
-
-# >1080  string,=OKTA (len=4), ["8-channel Octalyzer module sound data"], swap_endian=0
-signature file-magic-auto306 {
-	file-mime "audio/x-mod", 70
-	file-magic /(.{1080})(OKTA)/
-}
-
-# >1080  string,=CD81 (len=4), ["8-channel Octalyser module sound data"], swap_endian=0
-signature file-magic-auto307 {
-	file-mime "audio/x-mod", 70
-	file-magic /(.{1080})(CD81)/
-}
-
-# >1080  string,=8CHN (len=4), ["8-channel Fasttracker module sound data"], swap_endian=0
-signature file-magic-auto308 {
-	file-mime "audio/x-mod", 70
-	file-magic /(.{1080})(8CHN)/
-}
-
-# >1080  string,=6CHN (len=4), ["6-channel Fasttracker module sound data"], swap_endian=0
-signature file-magic-auto309 {
-	file-mime "audio/x-mod", 70
-	file-magic /(.{1080})(6CHN)/
-}
-
-# >1080  string,=4CHN (len=4), ["4-channel Fasttracker module sound data"], swap_endian=0
-signature file-magic-auto310 {
-	file-mime "audio/x-mod", 70
-	file-magic /(.{1080})(4CHN)/
-}
-
-# >1080  string,=FLT8 (len=4), ["8-channel Startracker module sound data"], swap_endian=0
-signature file-magic-auto311 {
-	file-mime "audio/x-mod", 70
-	file-magic /(.{1080})(FLT8)/
-}
-
-# >1080  string,=FLT4 (len=4), ["4-channel Startracker module sound data"], swap_endian=0
-signature file-magic-auto312 {
-	file-mime "audio/x-mod", 70
-	file-magic /(.{1080})(FLT4)/
-}
-
-# >1080  string,=M!K! (len=4), ["4-channel Protracker module sound data"], swap_endian=0
-signature file-magic-auto313 {
-	file-mime "audio/x-mod", 70
-	file-magic /(.{1080})(M\x21K\x21)/
-}
-
-# >1080  string,=M.K. (len=4), ["4-channel Protracker module sound data"], swap_endian=0
-signature file-magic-auto314 {
-	file-mime "audio/x-mod", 70
-	file-magic /(.{1080})(M\x2eK\x2e)/
-}
+## >1080  string,=32CN (len=4), ["32-channel Taketracker module sound data"], swap_endian=0
+#signature file-magic-auto304 {
+#	file-mime "audio/x-mod", 70
+#	file-magic /(.{1080})(32CN)/
+#}
+#
+## >1080  string,=16CN (len=4), ["16-channel Taketracker module sound data"], swap_endian=0
+#signature file-magic-auto305 {
+#	file-mime "audio/x-mod", 70
+#	file-magic /(.{1080})(16CN)/
+#}
+#
+## >1080  string,=OKTA (len=4), ["8-channel Octalyzer module sound data"], swap_endian=0
+#signature file-magic-auto306 {
+#	file-mime "audio/x-mod", 70
+#	file-magic /(.{1080})(OKTA)/
+#}
+#
+## >1080  string,=CD81 (len=4), ["8-channel Octalyser module sound data"], swap_endian=0
+#signature file-magic-auto307 {
+#	file-mime "audio/x-mod", 70
+#	file-magic /(.{1080})(CD81)/
+#}
+#
+## >1080  string,=8CHN (len=4), ["8-channel Fasttracker module sound data"], swap_endian=0
+#signature file-magic-auto308 {
+#	file-mime "audio/x-mod", 70
+#	file-magic /(.{1080})(8CHN)/
+#}
+#
+## >1080  string,=6CHN (len=4), ["6-channel Fasttracker module sound data"], swap_endian=0
+#signature file-magic-auto309 {
+#	file-mime "audio/x-mod", 70
+#	file-magic /(.{1080})(6CHN)/
+#}
+#
+## >1080  string,=4CHN (len=4), ["4-channel Fasttracker module sound data"], swap_endian=0
+#signature file-magic-auto310 {
+#	file-mime "audio/x-mod", 70
+#	file-magic /(.{1080})(4CHN)/
+#}
+#
+## >1080  string,=FLT8 (len=4), ["8-channel Startracker module sound data"], swap_endian=0
+#signature file-magic-auto311 {
+#	file-mime "audio/x-mod", 70
+#	file-magic /(.{1080})(FLT8)/
+#}
+#
+## >1080  string,=FLT4 (len=4), ["4-channel Startracker module sound data"], swap_endian=0
+#signature file-magic-auto312 {
+#	file-mime "audio/x-mod", 70
+#	file-magic /(.{1080})(FLT4)/
+#}
+#
+## >1080  string,=M!K! (len=4), ["4-channel Protracker module sound data"], swap_endian=0
+#signature file-magic-auto313 {
+#	file-mime "audio/x-mod", 70
+#	file-magic /(.{1080})(M\x21K\x21)/
+#}
+#
+## >1080  string,=M.K. (len=4), ["4-channel Protracker module sound data"], swap_endian=0
+#signature file-magic-auto314 {
+#	file-mime "audio/x-mod", 70
+#	file-magic /(.{1080})(M\x2eK\x2e)/
+#}
 
 # >0  lelong&,=336851773 (0x1413f33d), ["SYSLINUX' LSS16 image data"], swap_endian=0
 signature file-magic-auto315 {
@@ -1911,12 +1007,6 @@ signature file-magic-auto316 {
 	file-magic /(\x2e\x72\x61\xfd)/
 }
 
-# >0  string,=CTMF (len=4), ["Creative Music (CMF) data"], swap_endian=0
-signature file-magic-auto317 {
-	file-mime "audio/x-unknown", 70
-	file-magic /(CTMF)/
-}
-
 # >0  string,=MThd (len=4), ["Standard MIDI data"], swap_endian=0
 signature file-magic-auto318 {
 	file-mime "audio/midi", 70
@@ -2035,36 +1125,6 @@ signature file-magic-auto334 {
 	file-magic /(\x2esnd)(.{8})(\x00\x00\x00\x17)/
 }
 
-# >0  string,=SIT! (len=4), ["StuffIt Archive (data)"], swap_endian=0
-signature file-magic-auto335 {
-	file-mime "application/x-stuffit", 70
-	file-magic /(SIT\x21)/
-}
-
-# >0  string,=<ar> (len=4), ["System V Release 1 ar archive"], swap_endian=0
-signature file-magic-auto337 {
-	file-mime "application/x-archive", 70
-	file-magic /(\x3car\x3e)/
-}
-
-# >0  lelong&ffffffff8080ffff,=2074 (0x0000081a), ["ARC archive data, dynamic LZW"], swap_endian=0
-signature file-magic-auto338 {
-	file-mime "application/x-arc", 70
-	file-magic /([\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f]{2})(\x08\x1a)/
-}
-
-# >0  lelong&ffffffff8080ffff,=2330 (0x0000091a), ["ARC archive data, squashed"], swap_endian=0
-signature file-magic-auto339 {
-	file-mime "application/x-arc", 70
-	file-magic /([\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f]{2})(\x09\x1a)/
-}
-
-# >0  lelong&ffffffff8080ffff,=538 (0x0000021a), ["ARC archive data, uncompressed"], swap_endian=0
-signature file-magic-auto340 {
-	file-mime "application/x-arc", 70
-	file-magic /([\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f]{2})(\x02\x1a)/
-}
-
 # >0  lelong&,=270539386 (0x10201a7a), ["Symbian installation file (Symbian OS 9.x)"], swap_endian=0
 signature file-magic-auto341 {
 	file-mime "x-epoc/x-sisx-app", 70
@@ -2077,72 +1137,6 @@ signature file-magic-auto342 {
 	file-magic /(.{8})(\x19\x04\x00\x10)/
 }
 
-# >0  lelong&ffffffff8080ffff,=794 (0x0000031a), ["ARC archive data, packed"], swap_endian=0
-signature file-magic-auto343 {
-	file-mime "application/x-arc", 70
-	file-magic /([\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f]{2})(\x03\x1a)/
-}
-
-# >0  belong&,=518520576 (0x1ee7ff00), ["EET archive"], swap_endian=0
-signature file-magic-auto344 {
-	file-mime "application/x-eet", 70
-	file-magic /(\x1e\xe7\xff\x00)/
-}
-
-# >0  lelong&ffffffff8080ffff,=1050 (0x0000041a), ["ARC archive data, squeezed"], swap_endian=0
-signature file-magic-auto345 {
-	file-mime "application/x-arc", 70
-	file-magic /([\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f]{2})(\x04\x1a)/
-}
-
-# >0  lelong&ffffffff8080ffff,=1562 (0x0000061a), ["ARC archive data, crunched"], swap_endian=0
-signature file-magic-auto346 {
-	file-mime "application/x-arc", 70
-	file-magic /([\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f]{2})(\x06\x1a)/
-}
-
-# >0  lelong&ffffffff8080ffff,=2586 (0x00000a1a), ["PAK archive data"], swap_endian=0
-signature file-magic-auto347 {
-	file-mime "application/x-arc", 70
-	file-magic /([\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f]{2})(\x0a\x1a)/
-}
-
-# >0  lelong&ffffffff8080ffff,=5146 (0x0000141a), ["ARC+ archive data"], swap_endian=0
-signature file-magic-auto348 {
-	file-mime "application/x-arc", 70
-	file-magic /([\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f]{2})(\x14\x1a)/
-}
-
-# >20  lelong&,=-37443620 (0xfdc4a7dc), ["Zoo archive data"], swap_endian=0
-signature file-magic-auto349 {
-	file-mime "application/x-zoo", 70
-	file-magic /(.{20})(\xdc\xa7\xc4\xfd)/
-}
-
-# >0  string,=Rar! (len=4), ["RAR archive data,"], swap_endian=0
-signature file-magic-auto350 {
-	file-mime "application/x-rar", 70
-	file-magic /(Rar\x21)/
-}
-
-# >0  lelong&ffffffff8080ffff,=18458 (0x0000481a), ["HYP archive data"], swap_endian=0
-signature file-magic-auto351 {
-	file-mime "application/x-arc", 70
-	file-magic /([\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f]{2})(\x48\x1a)/
-}
-
-# >0  string,=drpm (len=4), ["Delta RPM"], swap_endian=0
-signature file-magic-auto352 {
-	file-mime "application/x-rpm", 70
-	file-magic /(drpm)/
-}
-
-# >0  belong&,=-307499301 (0xedabeedb), ["RPM"], swap_endian=0
-signature file-magic-auto353 {
-	file-mime "application/x-rpm", 70
-	file-magic /(\xed\xab\xee\xdb)/
-}
-
 # >0  string,=RIFF (len=4), ["RIFF (little-endian) data"], swap_endian=0
 # >>8  string,=WAVE (len=4), [", WAVE audio"], swap_endian=0
 signature file-magic-auto354 {
@@ -2150,20 +1144,6 @@ signature file-magic-auto354 {
 	file-magic /(RIFF)(.{4})(WAVE)/
 }
 
-# >0  string,=RIFF (len=4), ["RIFF (little-endian) data"], swap_endian=0
-# >>8  string,=CDRA (len=4), [", Corel Draw Picture"], swap_endian=0
-signature file-magic-auto355 {
-	file-mime "image/x-coreldraw", 70
-	file-magic /(RIFF)(.{4})(CDRA)/
-}
-
-# >0  string,=RIFF (len=4), ["RIFF (little-endian) data"], swap_endian=0
-# >>8  string,=CDR6 (len=4), [", Corel Draw Picture, version 6"], swap_endian=0
-signature file-magic-auto356 {
-	file-mime "image/x-coreldraw", 70
-	file-magic /(RIFF)(.{4})(CDR6)/
-}
-
 # >0  string,=RIFF (len=4), ["RIFF (little-endian) data"], swap_endian=0
 # >>8  string,=AVI  (len=4), [", AVI"], swap_endian=0
 signature file-magic-auto357 {
@@ -2272,54 +1252,18 @@ signature file-magic-auto378 {
 	file-magic /(\x13\x57\x9a\xce)/
 }
 
-# >0  belong&,=4 (0x00000004), ["X11 SNF font data, MSB first"], swap_endian=0
-signature file-magic-auto379 {
-	file-mime "application/x-font-sfn", 70
-	file-magic /(\x00\x00\x00\x04)/
-}
-
-# >0  string,=OTTO (len=4), ["OpenType font data"], swap_endian=0
-signature file-magic-auto380 {
-	file-mime "application/vnd.ms-opentype", 70
-	file-magic /(OTTO)/
-}
-
 # >0  string,=<MML (len=4), ["FrameMaker MML file"], swap_endian=0
 signature file-magic-auto381 {
 	file-mime "application/x-mif", 70
 	file-magic /(\x3cMML)/
 }
 
-# >0  lelong&,=407642370 (0x184c2102), ["LZ4 compressed data, legacy format"], swap_endian=0
-signature file-magic-auto382 {
-	file-mime "application/x-lz4", 70
-	file-magic /(\x02\x21\x4c\x18)/
-}
-
-# >0  lelong&,=407708164 (0x184d2204), ["LZ4 compressed data"], swap_endian=0
-signature file-magic-auto383 {
-	file-mime "application/x-lz4", 70
-	file-magic /(\x04\x22\x4d\x18)/
-}
-
-# >0  string,=LRZI (len=4), ["LRZIP compressed data"], swap_endian=0
-# >>5  byte&,x, [".%d"], swap_endian=0
-signature file-magic-auto384 {
-	file-mime "application/x-lrzip", 1
-	file-magic /(LRZI)(.{1})(.{1})/
-}
-
 # >0  string,=OggS (len=4), ["Ogg data"], swap_endian=0
 signature file-magic-auto385 {
 	file-mime "application/ogg", 70
 	file-magic /(OggS)/
 }
 
-# >0  string,=LZIP (len=4), ["lzip compressed data"], swap_endian=0
-signature file-magic-auto386 {
-	file-mime "application/x-lzip", 70
-	file-magic /(LZIP)/
-}
 
 # >0  belong&,=-889270259 (0xcafed00d), ["JAR compressed with pack200,"], swap_endian=0
 # >>4  byte&,x, ["%d"], swap_endian=0
@@ -2335,18 +1279,11 @@ signature file-magic-auto388 {
 	file-magic /(\xca\xfe\xd0\x0d)(.{1})/
 }
 
-# >0  regex,=^( |\t){0,50}def {1,50}[a-zA-Z]{1,100} (len=38), [""], swap_endian=0
-# >>&0  regex,= {0,50}\(([a-zA-Z]|,| ){1,500}\):$ (len=34), ["Python script text executable"], swap_endian=0
-signature file-magic-auto389 {
-	file-mime "text/x-python", 64
-	file-magic /(.*)(( |\t){0,50}def {1,50}[a-zA-Z]{1,100})( {0,50}\(([a-zA-Z]|,| ){1,500}\):$)/
-}
-
-# >0  search/4096,=\documentstyle (len=14), ["LaTeX document text"], swap_endian=0
-signature file-magic-auto390 {
-	file-mime "text/x-tex", 62
-	file-magic /(.*)(\x5cdocumentstyle)/
-}
+## >0  search/4096,=\documentstyle (len=14), ["LaTeX document text"], swap_endian=0
+#signature file-magic-auto390 {
+#	file-mime "text/x-tex", 62
+#	file-magic /(.*)(\x5cdocumentstyle)/
+#}
 
 # >0  string,=DOC (len=3), [""], swap_endian=0
 # >>43  byte&,=0x14, ["Just System Word Processor Ichitaro v4"], swap_endian=0
@@ -2383,56 +1320,12 @@ signature file-magic-auto395 {
 	file-magic /(DOC)(.{40})([\x16])/
 }
 
-# >0  search/w/1,=#! /usr/local/bin/php (len=21), ["PHP script text executable"], swap_endian=0
-signature file-magic-auto396 {
-	file-mime "text/x-php", 61
-	file-magic /(.*)(\x23\x21 ?\x2fusr\x2flocal\x2fbin\x2fphp)/
-}
-
-# >0  search/1,=eval '(exit $?0)' && eval 'exec (len=31), ["Perl script text"], swap_endian=0
-signature file-magic-auto397 {
-	file-mime "text/x-perl", 61
-	file-magic /(.*)(eval \x27\x28exit \x24\x3f0\x29\x27 \x26\x26 eval \x27exec)/
-}
-
-# >0  regex,=^[ \t]*require[ \t]'[A-Za-z_/]+' (len=30), [""], swap_endian=0
-# >>0  regex,=include [A-Z]|def [a-z]| do$ (len=28), [""], swap_endian=0
-# >>>0  regex,=^[ \t]*end([ \t]*[;#].*)?$ (len=24), ["Ruby script text"], swap_endian=0
-signature file-magic-auto398 {
-	file-mime "text/x-ruby", 54
-	file-magic /(.*)([ \x09]*require[ \x09]'[A-Za-z_\x2f]+')(include [A-Z]|def [a-z]| do$)(^[ \x09]*end([ \x09]*[;#].*)?$)/
-}
-
-# >0  search/1,=eval "exec /usr/local/bin/perl (len=30), ["Perl script text"], swap_endian=0
-signature file-magic-auto399 {
-	file-mime "text/x-perl", 60
-	file-magic /(.*)(eval \x22exec \x2fusr\x2flocal\x2fbin\x2fperl)/
-}
-
-# >0  string,=FLV (len=3), ["Macromedia Flash Video"], swap_endian=0
-signature file-magic-auto400 {
-	file-mime "video/x-flv", 60
-	file-magic /(FLV)/
-}
-
 # >0  string,=MP+ (len=3), ["Musepack audio"], swap_endian=0
 signature file-magic-auto401 {
 	file-mime "audio/x-musepack", 60
 	file-magic /(MP\x2b)/
 }
 
-# >0  string,=PBF (len=3), ["PBF image (deflate compression)"], swap_endian=0
-signature file-magic-auto402 {
-	file-mime "image/x-unknown", 60
-	file-magic /(PBF)/
-}
-
-# >0  string,=SBI (len=3), ["SoundBlaster instrument data"], swap_endian=0
-signature file-magic-auto403 {
-	file-mime "audio/x-unknown", 60
-	file-magic /(SBI)/
-}
-
 # >0  string,=\004%! (len=3), ["PostScript document text"], swap_endian=0
 signature file-magic-auto405 {
 	file-mime "application/postscript", 60
@@ -2445,126 +1338,47 @@ signature file-magic-auto406 {
 	file-magic /(BZh)/
 }
 
-# >0  regex,=^[ \t]*(class|module)[ \t][A-Z] (len=29), [""], swap_endian=0
-# >>0  regex,=(modul|includ)e [A-Z]|def [a-z] (len=31), [""], swap_endian=0
-# >>>0  regex,=^[ \t]*end([ \t]*[;#].*)?$ (len=24), ["Ruby module source text"], swap_endian=0
-signature file-magic-auto407 {
-	file-mime "text/x-ruby", 54
-	file-magic /(.*)([ \x09]*(class|module)[ \x09][A-Z])((modul|includ)e [A-Z]|def [a-z])(^[ \x09]*end([ \x09]*[;#].*)?$)/
-}
-
-# >0  regex/20,=^\.[A-Za-z0-9][A-Za-z0-9][ \t] (len=29), ["troff or preprocessor input text"], swap_endian=0
-#signature file-magic-auto411 {
-#	file-mime "text/troff", 59
-#	file-magic /(^\.[A-Za-z0-9][A-Za-z0-9][ \x09])/
+## >0  search/4096,=\documentclass (len=14), ["LaTeX 2e document text"], swap_endian=0
+#signature file-magic-auto412 {
+#	file-mime "text/x-tex", 59
+#	file-magic /(.*)(\x5cdocumentclass)/
 #}
-
-# >0  search/4096,=\documentclass (len=14), ["LaTeX 2e document text"], swap_endian=0
-signature file-magic-auto412 {
-	file-mime "text/x-tex", 59
-	file-magic /(.*)(\x5cdocumentclass)/
-}
-
-# >0  regex,=^from\s+(\w|\.)+\s+import.*$ (len=28), ["Python script text executable"], swap_endian=0
-signature file-magic-auto413 {
-	file-mime "text/x-python", 58
-	file-magic /(.*)(from\s+(\w|\.)+\s+import.*$)/
-}
-
-# >0  search/4096,=\contentsline (len=13), ["LaTeX table of contents"], swap_endian=0
-signature file-magic-auto414 {
-	file-mime "text/x-tex", 58
-	file-magic /(.*)(\x5ccontentsline)/
-}
-
-# >0  search/4096,=\chapter (len=8), ["LaTeX document text"], swap_endian=0
-signature file-magic-auto415 {
-	file-mime "text/x-tex", 56
-	file-magic /(.*)(\x5cchapter)/
-}
-
-# >0  search/4096,=\section (len=8), ["LaTeX document text"], swap_endian=0
-signature file-magic-auto416 {
-	file-mime "text/x-tex", 56
-	file-magic /(.*)(\x5csection)/
-}
-
-# >0  regex/20,=^\.[A-Za-z0-9][A-Za-z0-9]$ (len=26), ["troff or preprocessor input text"], swap_endian=0
-#signature file-magic-auto417 {
-#	file-mime "text/troff", 56
-#	file-magic /(^\.[A-Za-z0-9][A-Za-z0-9]$)/
+#
+## >0  search/4096,=\contentsline (len=13), ["LaTeX table of contents"], swap_endian=0
+#signature file-magic-auto414 {
+#	file-mime "text/x-tex", 58
+#	file-magic /(.*)(\x5ccontentsline)/
 #}
-
-# >0  search/w/1,=#! /usr/bin/php (len=15), ["PHP script text executable"], swap_endian=0
-signature file-magic-auto418 {
-	file-mime "text/x-php", 55
-	file-magic /(.*)(\x23\x21 ?\x2fusr\x2fbin\x2fphp)/
-}
-
-# >0  search/4096,=\setlength (len=10), ["LaTeX document text"], swap_endian=0
-signature file-magic-auto419 {
-	file-mime "text/x-tex", 55
-	file-magic /(.*)(\x5csetlength)/
-}
-
-# >0  search/1,=eval "exec /usr/bin/perl (len=24), ["Perl script text"], swap_endian=0
-signature file-magic-auto420 {
-	file-mime "text/x-perl", 54
-	file-magic /(.*)(eval \x22exec \x2fusr\x2fbin\x2fperl)/
-}
-
-# >0  search/1,=Common subdirectories:  (len=23), ["diff output text"], swap_endian=0
-signature file-magic-auto422 {
-	file-mime "text/x-diff", 53
-	file-magic /(.*)(Common subdirectories\x3a )/
-}
-
-# >0  search/w/1,=#! /usr/local/bin/wish (len=22), ["Tcl/Tk script text executable"], swap_endian=0
-signature file-magic-auto425 {
-	file-mime "text/x-tcl", 52
-	file-magic /(.*)(\x23\x21 ?\x2fusr\x2flocal\x2fbin\x2fwish)/
-}
-
-# >0  search/4096,=(custom-set-variables  (len=22), ["Lisp/Scheme program text"], swap_endian=0
-signature file-magic-auto426 {
-	file-mime "text/x-lisp", 52
-	file-magic /(.*)(\x28custom\x2dset\x2dvariables )/
-}
-
-# >0  beshort&,=-40 (0xffd8), ["JPEG image data"], swap_endian=0
-signature file-magic-auto427 {
-	file-mime "image/jpeg", 52
-	file-magic /(\xff\xd8)/
-}
-
-# >0  search/1,=#!/usr/bin/env nodejs (len=21), ["Node.js script text executable"], swap_endian=0
-signature file-magic-auto429 {
-	file-mime "application/javascript", 51
-	file-magic /(.*)(\x23\x21\x2fusr\x2fbin\x2fenv nodejs)/
-}
-
-# >0  search/w/1,=#! /usr/local/bin/tcl (len=21), ["Tcl script text executable"], swap_endian=0
-signature file-magic-auto430 {
-	file-mime "text/x-tcl", 51
-	file-magic /(.*)(\x23\x21 ?\x2fusr\x2flocal\x2fbin\x2ftcl)/
-}
-
-# This didn't autogenerate well due to indirect offset, bitmasking, and
-# relational comparisons.
-# >0  leshort&fffffffffffffefe,=0 (0x0000), [""], swap_endian=0
-# >>4  ulelong&fcfffe00,=0 (0x00000000), [""], swap_endian=0
-# >>>68  ulelong&,>87 (0x00000057), [""], swap_endian=0
-# >>>>68 (lelong,-1), ubelong&ffe0c519,=4194328 (0x00400018), ["Windows Precompiled iNF"], swap_endian=0
-#signature file-magic-auto431 {
-#	file-mime "application/x-pnf", 70
-#	file-magic /(.{2})(.{2})(.{4})(.{60})(.{4})(.{4})/
+#
+## >0  search/4096,=\chapter (len=8), ["LaTeX document text"], swap_endian=0
+#signature file-magic-auto415 {
+#	file-mime "text/x-tex", 56
+#	file-magic /(.*)(\x5cchapter)/
+#}
+#
+## >0  search/4096,=\section (len=8), ["LaTeX document text"], swap_endian=0
+#signature file-magic-auto416 {
+#	file-mime "text/x-tex", 56
+#	file-magic /(.*)(\x5csection)/
+#}
+#
+## >0  search/4096,=\setlength (len=10), ["LaTeX document text"], swap_endian=0
+#signature file-magic-auto419 {
+#	file-mime "text/x-tex", 55
+#	file-magic /(.*)(\x5csetlength)/
+#}
+#
+## >0  search/1,=Common subdirectories:  (len=23), ["diff output text"], swap_endian=0
+#signature file-magic-auto422 {
+#	file-mime "text/x-diff", 53
+#	file-magic /(.*)(Common subdirectories\x3a )/
+#}
+#
+## >0  search/4096,=(custom-set-variables  (len=22), ["Lisp/Scheme program text"], swap_endian=0
+#signature file-magic-auto426 {
+#	file-mime "text/x-lisp", 52
+#	file-magic /(.*)(\x28custom\x2dset\x2dvariables )/
 #}
-
-# >0  search/w/1,=#! /usr/local/bin/lua (len=21), ["Lua script text executable"], swap_endian=0
-signature file-magic-auto432 {
-	file-mime "text/x-lua", 51
-	file-magic /(.*)(\x23\x21 ?\x2fusr\x2flocal\x2fbin\x2flua)/
-}
 
 # >0  string/b,=MZ (len=2), [""], swap_endian=0
 signature file-magic-auto433 {
@@ -2572,190 +1386,6 @@ signature file-magic-auto433 {
 	file-magic /(MZ)/
 }
 
-# >0  string/b,=MZ (len=2), [""], swap_endian=0
-# >>30  string,=Copyright 1989-1990 PKWARE Inc. (len=31), ["Self-extracting PKZIP archive"], swap_endian=0
-signature file-magic-auto434 {
-	file-mime "application/zip", 340
-	file-magic /(MZ)(.{28})(Copyright 1989\x2d1990 PKWARE Inc\x2e)/
-}
-
-# >0  string/b,=MZ (len=2), [""], swap_endian=0
-# >>30  string,=PKLITE Copr. (len=12), ["Self-extracting PKZIP archive"], swap_endian=0
-signature file-magic-auto435 {
-	file-mime "application/zip", 150
-	file-magic /(MZ)(.{28})(PKLITE Copr\x2e)/
-}
-
-# >0  string/b,=MZ (len=2), [""], swap_endian=0
-# >>36  string,=LHa's SFX (len=9), [", LHa self-extracting archive"], swap_endian=0
-signature file-magic-auto436 {
-	file-mime "application/x-lha", 120
-	file-magic /(MZ)(.{34})(LHa\x27s SFX)/
-}
-
-# >0  string/b,=MZ (len=2), [""], swap_endian=0
-# >>36  string,=LHA's SFX (len=9), [", LHa self-extracting archive"], swap_endian=0
-signature file-magic-auto437 {
-	file-mime "application/x-lha", 120
-	file-magic /(MZ)(.{34})(LHA\x27s SFX)/
-}
-
-# >0  beshort&fffffffffffffffe,=-6 (0xfffa), [""], swap_endian=0
-# >>2  byte&fffffffffffffff0,=0x10, ["MPEG ADTS, layer III, v1,  32 kbps"], swap_endian=0
-signature file-magic-auto438 {
-	file-mime "audio/mpeg", 40
-	file-magic /(\xff[\xfa\xfb])([\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f])/
-}
-
-# >0  beshort&fffffffffffffffe,=-6 (0xfffa), [""], swap_endian=0
-# >>2  byte&fffffffffffffff0,=0x20, ["MPEG ADTS, layer III, v1,  40 kbps"], swap_endian=0
-signature file-magic-auto439 {
-	file-mime "audio/mpeg", 40
-	file-magic /(\xff[\xfa\xfb])([\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f])/
-}
-
-# >0  beshort&fffffffffffffffe,=-6 (0xfffa), [""], swap_endian=0
-# >>2  byte&fffffffffffffff0,=0x30, ["MPEG ADTS, layer III, v1,  48 kbps"], swap_endian=0
-signature file-magic-auto440 {
-	file-mime "audio/mpeg", 40
-	file-magic /(\xff[\xfa\xfb])([\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f])/
-}
-
-# >0  beshort&fffffffffffffffe,=-6 (0xfffa), [""], swap_endian=0
-# >>2  byte&fffffffffffffff0,=0x40, ["MPEG ADTS, layer III, v1,  56 kbps"], swap_endian=0
-signature file-magic-auto441 {
-	file-mime "audio/mpeg", 40
-	file-magic /(\xff[\xfa\xfb])([\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f])/
-}
-
-# >0  beshort&fffffffffffffffe,=-6 (0xfffa), [""], swap_endian=0
-# >>2  byte&fffffffffffffff0,=0x50, ["MPEG ADTS, layer III, v1,  64 kbps"], swap_endian=0
-signature file-magic-auto442 {
-	file-mime "audio/mpeg", 40
-	file-magic /(\xff[\xfa\xfb])([\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f])/
-}
-
-# >0  beshort&fffffffffffffffe,=-6 (0xfffa), [""], swap_endian=0
-# >>2  byte&fffffffffffffff0,=0x60, ["MPEG ADTS, layer III, v1,  80 kbps"], swap_endian=0
-signature file-magic-auto443 {
-	file-mime "audio/mpeg", 40
-	file-magic /(\xff[\xfa\xfb])([\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f])/
-}
-
-# >0  beshort&fffffffffffffffe,=-6 (0xfffa), [""], swap_endian=0
-# >>2  byte&fffffffffffffff0,=0x70, ["MPEG ADTS, layer III, v1,  96 kbps"], swap_endian=0
-signature file-magic-auto444 {
-	file-mime "audio/mpeg", 40
-	file-magic /(\xff[\xfa\xfb])([\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f])/
-}
-
-# >0  beshort&fffffffffffffffe,=-6 (0xfffa), [""], swap_endian=0
-# >>2  byte&fffffffffffffff0,=0x80, ["MPEG ADTS, layer III, v1, 112 kbps"], swap_endian=0
-signature file-magic-auto445 {
-	file-mime "audio/mpeg", 40
-	file-magic /(\xff[\xfa\xfb])([\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f])/
-}
-
-# >0  beshort&fffffffffffffffe,=-6 (0xfffa), [""], swap_endian=0
-# >>2  byte&fffffffffffffff0,=0x90, ["MPEG ADTS, layer III, v1, 128 kbps"], swap_endian=0
-signature file-magic-auto446 {
-	file-mime "audio/mpeg", 40
-	file-magic /(\xff[\xfa\xfb])([\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f])/
-}
-
-# >0  beshort&fffffffffffffffe,=-6 (0xfffa), [""], swap_endian=0
-# >>2  byte&fffffffffffffff0,=0xa0, ["MPEG ADTS, layer III, v1, 160 kbps"], swap_endian=0
-signature file-magic-auto447 {
-	file-mime "audio/mpeg", 40
-	file-magic /(\xff[\xfa\xfb])([\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf])/
-}
-
-# >0  beshort&fffffffffffffffe,=-6 (0xfffa), [""], swap_endian=0
-# >>2  byte&fffffffffffffff0,=0xb0, ["MPEG ADTS, layer III, v1, 192 kbps"], swap_endian=0
-signature file-magic-auto448 {
-	file-mime "audio/mpeg", 40
-	file-magic /(\xff[\xfa\xfb])([\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf])/
-}
-
-# >0  beshort&fffffffffffffffe,=-6 (0xfffa), [""], swap_endian=0
-# >>2  byte&fffffffffffffff0,=0xc0, ["MPEG ADTS, layer III, v1, 224 kbps"], swap_endian=0
-signature file-magic-auto449 {
-	file-mime "audio/mpeg", 40
-	file-magic /(\xff[\xfa\xfb])([\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf])/
-}
-
-# >0  beshort&fffffffffffffffe,=-6 (0xfffa), [""], swap_endian=0
-# >>2  byte&fffffffffffffff0,=0xd0, ["MPEG ADTS, layer III, v1, 256 kbps"], swap_endian=0
-signature file-magic-auto450 {
-	file-mime "audio/mpeg", 40
-	file-magic /(\xff[\xfa\xfb])([\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf])/
-}
-
-# >0  beshort&fffffffffffffffe,=-6 (0xfffa), [""], swap_endian=0
-# >>2  byte&fffffffffffffff0,=0xe0, ["MPEG ADTS, layer III, v1, 320 kbps"], swap_endian=0
-signature file-magic-auto451 {
-	file-mime "audio/mpeg", 40
-	file-magic /(\xff[\xfa\xfb])([\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef])/
-}
-
-# >4  leshort&,=-20719 (0xaf11), [""], swap_endian=0
-# >>8  leshort&,=320 (0x0140), [""], swap_endian=0
-# >>>10  leshort&,=200 (0x00c8), [""], swap_endian=0
-# >>>>12  leshort&,=8 (0x0008), ["FLI animation, 320x200x8"], swap_endian=0
-signature file-magic-auto452 {
-	file-mime "video/x-fli", 50
-	file-magic /(.{4})(\x11\xaf)(.{2})(\x40\x01)(\xc8\x00)(\x08\x00)/
-}
-
-# >4  leshort&,=-20718 (0xaf12), [""], swap_endian=0
-# >>12  leshort&,=8 (0x0008), ["FLC animation"], swap_endian=0
-signature file-magic-auto453 {
-	file-mime "video/x-flc", 50
-	file-magic /(.{4})(\x12\xaf)(.{6})(\x08\x00)/
-}
-
-# >0  string,=BM (len=2), [""], swap_endian=0
-# >>14  leshort&,=12 (0x000c), ["PC bitmap, OS/2 1.x format"], swap_endian=0
-signature file-magic-auto454 {
-	file-mime "image/x-ms-bmp", 50
-	file-magic /(BM)(.{12})(\x0c\x00)/
-}
-
-# >0  string,=BM (len=2), [""], swap_endian=0
-# >>14  leshort&,=64 (0x0040), ["PC bitmap, OS/2 2.x format"], swap_endian=0
-signature file-magic-auto455 {
-	file-mime "image/x-ms-bmp", 50
-	file-magic /(BM)(.{12})(\x40\x00)/
-}
-
-# >0  string,=BM (len=2), [""], swap_endian=0
-# >>14  leshort&,=40 (0x0028), ["PC bitmap, Windows 3.x format"], swap_endian=0
-signature file-magic-auto456 {
-	file-mime "image/x-ms-bmp", 50
-	file-magic /(BM)(.{12})(\x28\x00)/
-}
-
-# >0  string,=BM (len=2), [""], swap_endian=0
-# >>14  leshort&,=124 (0x007c), ["PC bitmap, Windows 98/2000 and newer format"], swap_endian=0
-signature file-magic-auto457 {
-	file-mime "image/x-ms-bmp", 50
-	file-magic /(BM)(.{12})(\x7c\x00)/
-}
-
-# >0  string,=BM (len=2), [""], swap_endian=0
-# >>14  leshort&,=108 (0x006c), ["PC bitmap, Windows 95/NT4 and newer format"], swap_endian=0
-signature file-magic-auto458 {
-	file-mime "image/x-ms-bmp", 50
-	file-magic /(BM)(.{12})(\x6c\x00)/
-}
-
-# >0  string,=BM (len=2), [""], swap_endian=0
-# >>14  leshort&,=128 (0x0080), ["PC bitmap, Windows NT/2000 format"], swap_endian=0
-signature file-magic-auto459 {
-	file-mime "image/x-ms-bmp", 50
-	file-magic /(BM)(.{12})(\x80\x00)/
-}
-
 # >20  string,=45 (len=2), [""], swap_endian=0
 # >>0  regex/1,=(^[0-9]{5})[acdnp][^bhlnqsu-z] (len=30), ["MARC21 Bibliographic"], swap_endian=0
 signature file-magic-auto460 {
@@ -2777,47 +1407,17 @@ signature file-magic-auto462 {
 	file-magic /(.{20})(45)(.*)((^[0-9]{5})[cdn][uvxy])/
 }
 
-# >0  search/4096,=\relax (len=6), ["LaTeX auxiliary file"], swap_endian=0
-signature file-magic-auto463 {
-	file-mime "text/x-tex", 51
-	file-magic /(.*)(\x5crelax)/
-}
-
-# >0  search/4096,=\begin (len=6), ["LaTeX document text"], swap_endian=0
-signature file-magic-auto464 {
-	file-mime "text/x-tex", 51
-	file-magic /(.*)(\x5cbegin)/
-}
-
-# >0  search/4096,=\input (len=6), ["TeX document text"], swap_endian=0
-signature file-magic-auto465 {
-	file-mime "text/x-tex", 51
-	file-magic /(.*)(\x5cinput)/
-}
-
-# >0  leshort&,=-24712 (0x9f78), ["TNEF"], swap_endian=0
-signature file-magic-auto466 {
-	file-mime "application/vnd.ms-tnef", 50
-	file-magic /(\x78\x9f)/
-}
-
-# >0  leshort&,=-5536 (0xea60), ["ARJ archive data"], swap_endian=0
-signature file-magic-auto467 {
-	file-mime "application/x-arj", 50
-	file-magic /(\x60\xea)/
-}
-
-# >0  search/1,=eval "exec /bin/perl (len=20), ["Perl script text"], swap_endian=0
-signature file-magic-auto468 {
-	file-mime "text/x-perl", 50
-	file-magic /(.*)(eval \x22exec \x2fbin\x2fperl)/
-}
-
-# >0  search/1,=#! /usr/bin/env perl (len=20), ["Perl script text executable"], swap_endian=0
-signature file-magic-auto469 {
-	file-mime "text/x-perl", 50
-	file-magic /(.*)(\x23\x21 \x2fusr\x2fbin\x2fenv perl)/
-}
+## >0  search/4096,=\relax (len=6), ["LaTeX auxiliary file"], swap_endian=0
+#signature file-magic-auto463 {
+#	file-mime "text/x-tex", 51
+#	file-magic /(.*)(\x5crelax)/
+#}
+#
+## >0  search/4096,=\begin (len=6), ["LaTeX document text"], swap_endian=0
+#signature file-magic-auto464 {
+#	file-mime "text/x-tex", 51
+#	file-magic /.*\x5c(input|begin)/
+#}
 
 # >0  beshort&,=-26368 (0x9900), ["PGP key public ring"], swap_endian=0
 signature file-magic-auto470 {
@@ -2869,42 +1469,6 @@ signature file-magic-auto478 {
 	file-magic /((^[0-9]{5})[acdn][w])((^.{21})([^0]{2}))/
 }
 
-# >0  short&,=-14479 (0xc771), ["byte-swapped cpio archive"], swap_endian=0
-signature file-magic-auto479 {
-	file-mime "application/x-cpio", 50
-	file-magic /((\x71\xc7)|(\xc7\x71))/
-}
-
-# >0  short&,=29127 (0x71c7), ["cpio archive"], swap_endian=0
-signature file-magic-auto480 {
-	file-mime "application/x-cpio", 50
-	file-magic /((\xc7\x71)|(\x71\xc7))/
-}
-
-# >0  string,=\n( (len=2), ["Emacs v18 byte-compiled Lisp data"], swap_endian=0
-#signature file-magic-auto481 {
-#	file-mime "application/x-elc", 50
-#	file-magic /(\x0a\x28)/
-#}
-
-# >0  string,=\021\t (len=2), ["Award BIOS Logo, 136 x 126"], swap_endian=0
-signature file-magic-auto482 {
-	file-mime "image/x-award-bioslogo", 50
-	file-magic /(\x11\x09)/
-}
-
-# >0  string,=\021\006 (len=2), ["Award BIOS Logo, 136 x 84"], swap_endian=0
-signature file-magic-auto483 {
-	file-mime "image/x-award-bioslogo", 50
-	file-magic /(\x11\x06)/
-}
-
-# >0  string,=P7 (len=2), ["Netpbm PAM image file"], swap_endian=0
-signature file-magic-auto484 {
-	file-mime "image/x-portable-pixmap", 50
-	file-magic /(P7)/
-}
-
 # >0  beshort&ffffffffffffffe0,=22240 (0x56e0), ["MPEG-4 LOAS"], swap_endian=0
 signature file-magic-auto485 {
 	file-mime "audio/x-mp4a-latm", 50
@@ -2917,35 +1481,6 @@ signature file-magic-auto486 {
 	file-magic /(\xff[\xf0\xf1\xf8\xf9])/
 }
 
-# >0  beshort&fffffffffffffffe,=-30 (0xffe2), ["MPEG ADTS, layer III,  v2.5"], swap_endian=0
-signature file-magic-auto487 {
-	file-mime "audio/mpeg", 50
-	file-magic /(\xff[\xe2\xe3])/
-}
-
-# >0  beshort&fffffffffffffffe,=-10 (0xfff6), ["MPEG ADTS, layer I, v2"], swap_endian=0
-signature file-magic-auto488 {
-	file-mime "audio/mpeg", 50
-	file-magic /(\xff[\xf6\xf7])/
-}
-
-# >0  beshort&fffffffffffffffe,=-14 (0xfff2), ["MPEG ADTS, layer III, v2"], swap_endian=0
-signature file-magic-auto489 {
-	file-mime "audio/mpeg", 50
-	file-magic /(\xff[\xf2\xf3])/
-}
-
-# >0  beshort&fffffffffffffffe,=-4 (0xfffc), ["MPEG ADTS, layer II, v1"], swap_endian=0
-signature file-magic-auto490 {
-	file-mime "audio/mpeg", 50
-	file-magic /(\xff[\xfc\xfd])/
-}
-
-# >0  search/1,=#! /usr/bin/env wish (len=20), ["Tcl/Tk script text executable"], swap_endian=0
-signature file-magic-auto491 {
-	file-mime "text/x-tcl", 50
-	file-magic /(.*)(\x23\x21 \x2fusr\x2fbin\x2fenv wish)/
-}
 
 # >0  beshort&,=-26367 (0x9901), ["GPG key public ring"], swap_endian=0
 signature file-magic-auto492 {
@@ -2959,215 +1494,24 @@ signature file-magic-auto493 {
 	file-magic /(\xf7\x02)/
 }
 
-## >2  string,=\000\021 (len=2), ["TeX font metric data"], swap_endian=0
-#signature file-magic-auto494 {
-#	file-mime "application/x-tex-tfm", 50
-#	file-magic /(.{2})(\x00\x11)/
-#}
-#
-## >2  string,=\000\022 (len=2), ["TeX font metric data"], swap_endian=0
-#signature file-magic-auto495 {
-#	file-mime "application/x-tex-tfm", 50
-#	file-magic /(.{2})(\x00\x12)/
-#}
-
 # >0  beshort&,=-31486 (0x8502), ["GPG encrypted data"], swap_endian=0
 signature file-magic-auto496 {
 	file-mime "text/PGP", 50
 	file-magic /(\x85\x02)/
 }
 
-# >4  string/W,=jP (len=2), ["JPEG 2000 image"], swap_endian=0
-signature file-magic-auto497 {
-	file-mime "image/jp2", 50
-	file-magic /(.{4})(jP)/
-}
-
-# Not specific enough.
-# >0  regex,=^template[ \t\n]+ (len=15), ["C++ source text"], swap_endian=0
-#signature file-magic-auto498 {
-#	file-mime "text/x-c++", 50
-#	file-magic /(.*)(template[ \x09\x0a]+)/
-#}
-
-# >0  search/c/1,=<?php (len=5), ["PHP script text"], swap_endian=0
-signature file-magic-auto499 {
-	file-mime "text/x-php", 50
-	file-magic /(.*)(\x3c\x3f[pP][hH][pP])/
-}
-
-# >0  string,=\037\235 (len=2), ["compress'd data"], swap_endian=0
-signature file-magic-auto500 {
-	file-mime "application/x-compress", 50
-	file-magic /(\x1f\x9d)/
-}
-
-# >0  string,=\037\036 (len=2), ["packed data"], swap_endian=0
-#signature file-magic-auto501 {
-#	file-mime "application/octet-stream", 50
-#	file-magic /(\x1f\x1e)/
-#}
-
-# >0  short&,=7967 (0x1f1f), ["old packed data"], swap_endian=0
-#signature file-magic-auto502 {
-#	file-mime "application/octet-stream", 50
-#	file-magic /((\x1f\x1f)|(\x1f\x1f))/
-#}
-
-# >0  short&,=8191 (0x1fff), ["compacted data"], swap_endian=0
-#signature file-magic-auto503 {
-#	file-mime "application/octet-stream", 50
-#	file-magic /((\xff\x1f)|(\x1f\xff))/
-#}
-
-# >0  string,=\377\037 (len=2), ["compacted data"], swap_endian=0
-#signature file-magic-auto504 {
-#	file-mime "application/octet-stream", 50
-#	file-magic /(\xff\x1f)/
-#}
-
-# >0  short&,=-13563 (0xcb05), ["huf output"], swap_endian=0
-#signature file-magic-auto505 {
-#	file-mime "application/octet-stream", 50
-#	file-magic /((\x05\xcb)|(\xcb\x05))/
-#}
-
-# >34  string,=LP (len=2), ["Embedded OpenType (EOT)"], swap_endian=0
-signature file-magic-auto506 {
-	file-mime "application/vnd.ms-fontobject", 50
-	file-magic /(.{34})(LP)/
-}
-
 # >0  beshort&,=2935 (0x0b77), ["ATSC A/52 aka AC-3 aka Dolby Digital stream,"], swap_endian=0
 signature file-magic-auto507 {
 	file-mime "audio/vnd.dolby.dd-raw", 50
 	file-magic /(\x0b\x77)/
 }
 
-# >0  search/1,=#!/usr/bin/env node (len=19), ["Node.js script text executable"], swap_endian=0
-signature file-magic-auto508 {
-	file-mime "application/javascript", 49
-	file-magic /(.*)(\x23\x21\x2fusr\x2fbin\x2fenv node)/
-}
-
-# >0  search/1,=#!/usr/bin/env wish (len=19), ["Tcl/Tk script text executable"], swap_endian=0
-signature file-magic-auto509 {
-	file-mime "text/x-tcl", 49
-	file-magic /(.*)(\x23\x21\x2fusr\x2fbin\x2fenv wish)/
-}
-
-# >0  regex,=^[ \t]{0,50}\.asciiz (len=19), ["assembler source text"], swap_endian=0
-signature file-magic-auto510 {
-	file-mime "text/x-asm", 49
-	file-magic /(^[ \x09]{0,50}\.(asciiz|asciz|section|globl|align|even|byte|file|type))/
-}
-
-# >0  regex,=^[ \t]{0,50}\.globl (len=18), ["assembler source text"], swap_endian=0
-#signature file-magic-auto517 {
-#	file-mime "text/x-asm", 48
-#	file-magic /(^[ \x09]{0,50}\.globl)/
+## >0  search/1,=This is Info file (len=17), ["GNU Info text"], swap_endian=0
+#signature file-magic-auto528 {
+#	file-mime "text/x-info", 47
+#	file-magic /(.*)(This is Info file)/
 #}
 
-# >0  regex,=^[ \t]{0,50}\.text (len=17), ["assembler source text"], swap_endian=0
-#signature file-magic-auto523 {
-#	file-mime "text/x-asm", 47
-#	file-magic /(^[ \x09]{0,50}\.text)/
-#}
-
-# >0  regex,=^[ \t]{0,50}\.even (len=17), ["assembler source text"], swap_endian=0
-#signature file-magic-auto524 {
-#	file-mime "text/x-asm", 47
-#	file-magic /(^[ \x09]{0,50}\.even)/
-#}
-
-# >0  regex,=^[ \t]{0,50}\.byte (len=17), ["assembler source text"], swap_endian=0
-#signature file-magic-auto525 {
-#	file-mime "text/x-asm", 47
-#	file-magic /(^[ \x09]{0,50}\.byte)/
-#}
-
-# >0  regex,=^[ \t]{0,50}\.file (len=17), ["assembler source text"], swap_endian=0
-#signature file-magic-auto526 {
-#	file-mime "text/x-asm", 47
-#	file-magic /(^[ \x09]{0,50}\.file)/
-#}
-
-# >0  regex,=^[ \t]{0,50}\.type (len=17), ["assembler source text"], swap_endian=0
-#signature file-magic-auto527 {
-#	file-mime "text/x-asm", 47
-#	file-magic /(^[ \x09]{0,50}\.type)/
-#}
-
-
-# >0  search/1,=#!/usr/bin/env perl (len=19), ["Perl script text executable"], swap_endian=0
-signature file-magic-auto511 {
-	file-mime "text/x-perl", 49
-	file-magic /(.*)(\x23\x21\x2fusr\x2fbin\x2fenv perl)/
-}
-
-# >0  search/Wct/4096,=<!doctype html (len=14), ["HTML document text"], swap_endian=0
-signature file-magic-auto512 {
-	file-mime "text/html", 49
-	file-magic /(.*)(\x3c\x21[dD][oO][cC][tT][yY][pP][eE] {1,}[hH][tT][mM][lL])/
-}
-
-# This doesn't seem specific enough.
-# >0  regex,=^virtual[ \t\n]+ (len=14), ["C++ source text"], swap_endian=0
-#signature file-magic-auto513 {
-#	file-mime "text/x-c++", 49
-#	file-magic /(.*)(virtual[ \x09\x0a]+)/
-#}
-
-# >0  search/1,=#! /usr/bin/env lua (len=19), ["Lua script text executable"], swap_endian=0
-signature file-magic-auto514 {
-	file-mime "text/x-lua", 49
-	file-magic /(.*)(\x23\x21 \x2fusr\x2fbin\x2fenv lua)/
-}
-
-# >0  search/1,=#! /usr/bin/env tcl (len=19), ["Tcl script text executable"], swap_endian=0
-signature file-magic-auto516 {
-	file-mime "text/x-tcl", 49
-	file-magic /(.*)(\x23\x21 \x2fusr\x2fbin\x2fenv tcl)/
-}
-# >0  search/1,=#!/usr/bin/env tcl (len=18), ["Tcl script text executable"], swap_endian=0
-signature file-magic-auto518 {
-	file-mime "text/x-tcl", 48
-	file-magic /(.*)(\x23\x21\x2fusr\x2fbin\x2fenv tcl)/
-}
-
-# >0  search/1,=#!/usr/bin/env lua (len=18), ["Lua script text executable"], swap_endian=0
-signature file-magic-auto519 {
-	file-mime "text/x-lua", 48
-	file-magic /(.*)(\x23\x21\x2fusr\x2fbin\x2fenv lua)/
-}
-
-# >0  search/w/1,=#!/usr/bin/nodejs (len=17), ["Node.js script text executable"], swap_endian=0
-signature file-magic-auto521 {
-	file-mime "application/javascript", 47
-	file-magic /(.*)(\x23\x21\x2fusr\x2fbin\x2fnodejs)/
-}
-
-# >0  regex,=^class[ \t\n]+ (len=12), ["C++ source text"], swap_endian=0
-#signature file-magic-auto522 {
-#	file-mime "text/x-c++", 47
-#	file-magic /(.*)(class[ \x09\x0a]+[[:alnum:]_]+)(.*)(\x7b)(.*)(public:)/
-#}
-
-# >0  search/1,=This is Info file (len=17), ["GNU Info text"], swap_endian=0
-signature file-magic-auto528 {
-	file-mime "text/x-info", 47
-	file-magic /(.*)(This is Info file)/
-}
-
-# >0  regex/s,=\`(\r\n|;|[[]|\377\376) (len=15), [""], swap_endian=0
-# >>&0  search/8192,=[ (len=1), [""], swap_endian=0
-# >>>&0  regex/c,=^(autorun)]\r\n (len=13), [""], swap_endian=0
-# >>>>&0  ubyte&,=0x5b, ["INItialization configuration"], swap_endian=0
-signature file-magic-auto529 {
-	file-mime "application/x-wine-extension-ini", 40
-	file-magic /(\`(\x0d\x0a|;|[[]|\xff\xfe))(.*)(\x5b)(^([aA][uU][tT][oO][rR][uU][nN])]\x0d\x0a)([\x5b])/
-}
-
 # >0  regex/s,=\`(\r\n|;|[[]|\377\376) (len=15), [""], swap_endian=0
 # >>&0  search/8192,=[ (len=1), [""], swap_endian=0
 # >>>&0  regex/c,=^(autorun)]\r\n (len=13), [""], swap_endian=0
@@ -3185,70 +1529,6 @@ signature file-magic-auto531 {
 	file-magic /(\`(\x0d\x0a|;|[[]|\xff\xfe))(.*)(\x5b)(^([vV][eE][rR][sS][iI][oO][nN]|[sS][tT][rR][iI][nN][gG][sS])])/
 }
 
-# >0  regex/s,=\`(\r\n|;|[[]|\377\376) (len=15), [""], swap_endian=0
-# >>&0  search/8192,=[ (len=1), [""], swap_endian=0
-# >>>&0  regex/c,=^(WinsockCRCList|OEMCPL)] (len=25), ["Windows setup INFormation"], swap_endian=0
-signature file-magic-auto532 {
-	file-mime "text/inf", 55
-	file-magic /(\`(\x0d\x0a|;|[[]|\xff\xfe))(.*)(\x5b)(^([Ww][iI][nN][sS][oO][cC][kK][Cc][Rr][Cc][Ll][iI][sS][tT]|[Oo][Ee][Mm][Cc][Pp][Ll])])/
-}
-
-# >0  regex/s,=\`(\r\n|;|[[]|\377\376) (len=15), [""], swap_endian=0
-# >>&0  search/8192,=[ (len=1), [""], swap_endian=0
-# >>>&0  regex/c,=^(.ShellClassInfo|DeleteOnCopy|LocalizedFileNames)] (len=51), ["Windows desktop.ini"], swap_endian=0
-signature file-magic-auto533 {
-	file-mime "application/x-wine-extension-ini", 81
-	file-magic /(\`(\x0d\x0a|;|[[]|\xff\xfe))(.*)(\x5b)(^(.[Ss][hH][eE][lL][lL][Cc][lL][aA][sS][sS][Ii][nN][fF][oO]|[Dd][eE][lL][eE][tT][eE][Oo][nN][Cc][oO][pP][yY]|[Ll][oO][cC][aA][lL][iI][zZ][eE][dD][Ff][iI][lL][eE][Nn][aA][mM][eE][sS])])/
-}
-
-# >0  regex/s,=\`(\r\n|;|[[]|\377\376) (len=15), [""], swap_endian=0
-# >>&0  search/8192,=[ (len=1), [""], swap_endian=0
-# >>>&0  regex/c,=^(don't load)] (len=14), ["Windows CONTROL.INI"], swap_endian=0
-signature file-magic-auto534 {
-	file-mime "application/x-wine-extension-ini", 44
-	file-magic /(\`(\x0d\x0a|;|[[]|\xff\xfe))(.*)(\x5b)(^([dD][oO][nN]'[tT] [lL][oO][aA][dD])])/
-}
-
-# >0  regex/s,=\`(\r\n|;|[[]|\377\376) (len=15), [""], swap_endian=0
-# >>&0  search/8192,=[ (len=1), [""], swap_endian=0
-# >>>&0  regex/c,=^(ndishlp\$|protman\$|NETBEUI\$)] (len=33), ["Windows PROTOCOL.INI"], swap_endian=0
-signature file-magic-auto535 {
-	file-mime "application/x-wine-extension-ini", 63
-	file-magic /(\`(\x0d\x0a|;|[[]|\xff\xfe))(.*)(\x5b)(^([nN][dD][iI][sS][hH][lL][pP]\$|[pP][rR][oO][tT][mM][aA][nN]\$|[Nn][Ee][Tt][Bb][Ee][Uu][Ii]\$)])/
-}
-
-# >0  regex/s,=\`(\r\n|;|[[]|\377\376) (len=15), [""], swap_endian=0
-# >>&0  search/8192,=[ (len=1), [""], swap_endian=0
-# >>>&0  regex/c,=^(windows|Compatibility|embedding)] (len=35), ["Windows WIN.INI"], swap_endian=0
-signature file-magic-auto536 {
-	file-mime "application/x-wine-extension-ini", 65
-	file-magic /(\`(\x0d\x0a|;|[[]|\xff\xfe))(.*)(\x5b)(^([wW][iI][nN][dD][oO][wW][sS]|[Cc][oO][mM][pP][aA][tT][iI][bB][iI][lL][iI][tT][yY]|[eE][mM][bB][eE][dD][dD][iI][nN][gG])])/
-}
-
-# >0  regex/s,=\`(\r\n|;|[[]|\377\376) (len=15), [""], swap_endian=0
-# >>&0  search/8192,=[ (len=1), [""], swap_endian=0
-# >>>&0  regex/c,=^(boot|386enh|drivers)] (len=23), ["Windows SYSTEM.INI"], swap_endian=0
-signature file-magic-auto537 {
-	file-mime "application/x-wine-extension-ini", 53
-	file-magic /(\`(\x0d\x0a|;|[[]|\xff\xfe))(.*)(\x5b)(^([bB][oO][oO][tT]|386[eE][nN][hH]|[dD][rR][iI][vV][eE][rR][sS])])/
-}
-
-# >0  regex/s,=\`(\r\n|;|[[]|\377\376) (len=15), [""], swap_endian=0
-# >>&0  search/8192,=[ (len=1), [""], swap_endian=0
-# >>>&0  regex/c,=^(SafeList)] (len=12), ["Windows IOS.INI"], swap_endian=0
-signature file-magic-auto538 {
-	file-mime "application/x-wine-extension-ini", 42
-	file-magic /(\`(\x0d\x0a|;|[[]|\xff\xfe))(.*)(\x5b)(^([Ss][aA][fF][eE][Ll][iI][sS][tT])])/
-}
-
-# >0  regex/s,=\`(\r\n|;|[[]|\377\376) (len=15), [""], swap_endian=0
-# >>&0  search/8192,=[ (len=1), [""], swap_endian=0
-# >>>&0  regex/c,=^(boot loader)] (len=15), ["Windows boot.ini"], swap_endian=0
-signature file-magic-auto539 {
-	file-mime "application/x-wine-extension-ini", 45
-	file-magic /(\`(\x0d\x0a|;|[[]|\xff\xfe))(.*)(\x5b)(^([bB][oO][oO][tT] [lL][oO][aA][dD][eE][rR])])/
-}
-
 # >0  regex/s,=\`(\r\n|;|[[]|\377\376) (len=15), [""], swap_endian=0
 # >>&0  search/8192,=[ (len=1), [""], swap_endian=0
 # >>>&0  ubequad&ffdfffdfffdfffdf,=24207144355233875 (0x0056004500520053), [""], swap_endian=0
@@ -3288,136 +1568,24 @@ signature file-magic-auto543 {
 	file-magic /(\`(\x0d\x0a|;|[[]|\xff\xfe))(.*)(\x5b)(.*)(\x5b)(\x00[\x56\x76]\x00[\x45\x65]\x00[\x52\x72]\x00[\x53\x73])(\x00[\x49\x69]\x00[\x4f\x6f]\x00[\x4e\x6e]\x00\x5d)/
 }
 
-# >0  search/1,=<MakerDictionary (len=16), ["FrameMaker Dictionary text"], swap_endian=0
-signature file-magic-auto544 {
-	file-mime "application/x-mif", 46
-	file-magic /(.*)(\x3cMakerDictionary)/
+# >0  regex/s,=\`(\r\n|;|[[]|\377\376) (len=15), [""], swap_endian=0
+# >>&0  search/8192,=[ (len=1), [""], swap_endian=0
+# >>>&0  regex/c,=^(WinsockCRCList|OEMCPL)] (len=25), ["Windows setup INFormation"], swap_endian=0
+signature file-magic-auto532 {
+	file-mime "text/inf", 55
+	file-magic /(\`(\x0d\x0a|;|[[]|\xff\xfe))(.*)(\x5b)(^([Ww][iI][nN][sS][oO][cC][kK][Cc][Rr][Cc][Ll][iI][sS][tT]|[Oo][Ee][Mm][Cc][Pp][Ll])])/
 }
 
-# >0  search/w/1,=#! /usr/bin/wish (len=16), ["Tcl/Tk script text executable"], swap_endian=0
-signature file-magic-auto545 {
-	file-mime "text/x-tcl", 46
-	file-magic /(.*)(\x23\x21 ?\x2fusr\x2fbin\x2fwish)/
-}
-
-# >0  search/w/1,=#! /usr/bin/lua (len=15), ["Lua script text executable"], swap_endian=0
-signature file-magic-auto547 {
-	file-mime "text/x-lua", 45
-	file-magic /(.*)(\x23\x21 ?\x2fusr\x2fbin\x2flua)/
-}
-
-# >0  search/w/1,=#! /usr/bin/tcl (len=15), ["Tcl script text executable"], swap_endian=0
-signature file-magic-auto548 {
-	file-mime "text/x-tcl", 45
-	file-magic /(.*)(\x23\x21 ?\x2fusr\x2fbin\x2ftcl)/
-}
-
-# >0  search/wct/4096,=<head (len=5), ["HTML document text"], swap_endian=0
-signature file-magic-auto549 {
-	file-mime "text/html", 45
-	file-magic /(.*)(\x3c[hH][eE][aA][dD])/
-}
-
-# >0  search/wct/4096,=<html (len=5), ["HTML document text"], swap_endian=0
-signature file-magic-auto550 {
-	file-mime "text/html", 45
-	file-magic /(.*)(\x3c[hH][tT][mM][lL])/
-}
-
-# >0  search/w/1,=#!/usr/bin/node (len=15), ["Node.js script text executable"], swap_endian=0
-signature file-magic-auto551 {
-	file-mime "application/javascript", 45
-	file-magic /(.*)(\x23\x21\x2fusr\x2fbin\x2fnode)/
-}
-
-# >0  search/wct/1,=<?xml (len=5), ["XML document text"], swap_endian=0
-signature file-magic-auto552 {
-	file-mime "application/xml", 45
-	file-magic /(.*)(\x3c\x3f[xX][mM][lL])/
-}
-
-# >0  search/1,=\input texinfo (len=14), ["Texinfo source text"], swap_endian=0
-signature file-magic-auto553 {
-	file-mime "text/x-texinfo", 44
-	file-magic /(.*)(\x5cinput texinfo)/
-}
-
-# Not specific enough.
-# >0  regex,=^private: (len=9), ["C++ source text"], swap_endian=0
-#signature file-magic-auto554 {
-#	file-mime "text/x-c++", 44
-#	file-magic /(.*)(private:)/
+## >0  search/1,=<MakerDictionary (len=16), ["FrameMaker Dictionary text"], swap_endian=0
+#signature file-magic-auto544 {
+#	file-mime "application/x-mif", 46
+#	file-magic /(.*)(\x3cMakerDictionary)/
 #}
 
-# >0  search/4096,=def __init__ (len=12), [""], swap_endian=0
-# >>&0  search/64,=self (len=4), ["Python script text executable"], swap_endian=0
-signature file-magic-auto555 {
-	file-mime "text/x-python", 38
-	file-magic /(.*)(def \x5f\x5finit\x5f\x5f)(.*)(self)/
-}
-
-# >0  search/wct/4096,=<a href= (len=8), ["HTML document text"], swap_endian=0
-signature file-magic-auto556 {
-	file-mime "text/html", 43
-	file-magic /(.*)(\x3c[aA] ?[hH][rR][eE][fF]\x3d)/
-}
-
-# >0  regex,=^extern[ \t\n]+ (len=13), ["C source text"], swap_endian=0
-#signature file-magic-auto557 {
-#	file-mime "text/x-c", 43
-#	file-magic /(.*)(extern[ \x09\x0a]+)/
-#}
-
-# >0  search/4096,=% -*-latex-*- (len=13), ["LaTeX document text"], swap_endian=0
-signature file-magic-auto558 {
-	file-mime "text/x-tex", 43
-	file-magic /(.*)(\x25 \x2d\x2a\x2dlatex\x2d\x2a\x2d)/
-}
-
-# Doesn't seem specific enough.
-# >0  regex,=^double[ \t\n]+ (len=13), ["C source text"], swap_endian=0
-#signature file-magic-auto559 {
-#	file-mime "text/x-c", 43
-#	file-magic /(^double[ \x09\x0a]+)/
-#}
-
-# >0  regex,=^struct[ \t\n]+ (len=13), ["C source text"], swap_endian=0
-#signature file-magic-auto560 {
-#	file-mime "text/x-c", 43
-#	file-magic /(.*)(struct[ \x09\x0a]+)/
-#}
-
-# >0  search/w/1,=#!/bin/nodejs (len=13), ["Node.js script text executable"], swap_endian=0
-signature file-magic-auto561 {
-	file-mime "application/javascript", 43
-	file-magic /(.*)(\x23\x21\x2fbin\x2fnodejs)/
-}
-
-# Not specific enough.
-# >0  regex,=^public: (len=8), ["C++ source text"], swap_endian=0
-#signature file-magic-auto562 {
-#	file-mime "text/x-c++", 43
-#	file-magic /(.*)(public:)/
-#}
-
-# >0  search/wct/4096,=<script (len=7), ["HTML document text"], swap_endian=0
-signature file-magic-auto563 {
-	file-mime "text/html", 42
-	file-magic /(.*)(\x3c[sS][cC][rR][iI][pP][tT])/
-}
-
-# Doesn't seem specific enough.
-# >0  regex,=^float[ \t\n]+ (len=12), ["C source text"], swap_endian=0
-#signature file-magic-auto564 {
-#	file-mime "text/x-c", 42
-#	file-magic /(^float[ \x09\x0a]+)/
-#}
-
-# Doesn't seem specific enough.
-# >0  regex,=^union[ \t\n]+ (len=12), ["C source text"], swap_endian=0
-#signature file-magic-auto565 {
-#	file-mime "text/x-c", 42
-#	file-magic /(^union[ \x09\x0a]+)/
+## >0  search/4096,=% -*-latex-*- (len=13), ["LaTeX document text"], swap_endian=0
+#signature file-magic-auto558 {
+#	file-mime "text/x-tex", 43
+#	file-magic /(.*)(\x25 \x2d\x2a\x2dlatex\x2d\x2a\x2d)/
 #}
 
 # The use of non-sequential offsets and relational operations made the
@@ -3431,31 +1599,6 @@ signature file-magic-auto563 {
 #	file-magic /(.{4})(.{4})(.{4})(.{4})(.*)(\x00\x00\x00\x07)/
 #}
 
-# >0  search/wct/4096,=<title (len=6), ["HTML document text"], swap_endian=0
-signature file-magic-auto567 {
-	file-mime "text/html", 41
-	file-magic /(.*)(\x3c[tT][iI][tT][lL][eE])/
-}
-
-# >0  regex,=^char[ \t\n]+ (len=11), ["C source text"], swap_endian=0
-#signature file-magic-auto568 {
-#	file-mime "text/x-c", 41
-#	file-magic /(.*)(char[ \x09\x0a]+)/
-#}
-
-# >0  search/1,=#! (len=2), [""], swap_endian=0
-# >>0  regex,=^#!.*/bin/perl$ (len=15), ["Perl script text executable"], swap_endian=0
-signature file-magic-auto569 {
-	file-mime "text/x-perl", 45
-	file-magic /(^#!.*\x2fbin\x2fperl$)/
-}
-
-# >0  search/w/1,=#!/bin/node (len=11), ["Node.js script text executable"], swap_endian=0
-signature file-magic-auto570 {
-	file-mime "application/javascript", 41
-	file-magic /(.*)(\x23\x21\x2fbin\x2fnode)/
-}
-
 # Too much use of bitmasking and relational comparisons and non-sequential
 # offsets for this to be autogenerated.  (Also, the depth isn't displayed
 # correctly in the debug output below: it reached a depth that exceeded
@@ -3477,12 +1620,6 @@ signature file-magic-auto570 {
 #	file-magic /(.{4})(.*)([\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff])([\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff])(.*)([\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f])(.*)([\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff])(.{26})([\x00])(.*)(.{4})(.*)(.{4})(.*)(.{4})(.{12})([\x00\x01\x02\x03\x04\x05\x06\x07])(.*)(.{2})(.{22})([\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff])/
 #}
 
-# >0  search/wct/4096,=<table (len=6), ["HTML document text"], swap_endian=0
-signature file-magic-auto572 {
-	file-mime "text/html", 41
-	file-magic /(.*)(\x3c[tT][aA][bB][lL][eE])/
-}
-
 # >0  string/t,=@ (len=1), [""], swap_endian=0
 # >>1  string/Wc,= echo off (len=9), ["DOS batch file text"], swap_endian=0
 signature file-magic-auto573 {
@@ -3511,162 +1648,65 @@ signature file-magic-auto576 {
 	file-magic /(\x40)([sS][eE][tT] {1,})/
 }
 
-# >0  search/wct/4096,=<style (len=6), ["HTML document text"], swap_endian=0
-signature file-magic-auto577 {
-	file-mime "text/html", 41
-	file-magic /(.*)(\x3c[sS][tT][yY][lL][eE])/
-}
-
 # >0  regex,=^dnl  (len=5), ["M4 macro processor script text"], swap_endian=0
 signature file-magic-auto578 {
 	file-mime "text/x-m4", 40
 	file-magic /(^dnl )/
 }
 
-# >0  search/8192,=main( (len=5), ["C source text"], swap_endian=0
-#signature file-magic-auto581 {
-#	file-mime "text/x-c", 40
-#	file-magic /(.*)(main\x28)/
+## >0  search/4096,=(defparam  (len=10), ["Lisp/Scheme program text"], swap_endian=0
+#signature file-magic-auto583 {
+#	file-mime "text/x-lisp", 40
+#	file-magic /(.*)(\x28defparam )/
 #}
-
-# Not specific enough.
-# >0  search/1,=\" (len=2), ["troff or preprocessor input text"], swap_endian=0
-#signature file-magic-auto582 {
-#	file-mime "text/troff", 40
-#	file-magic /(.*)(\x5c\x22)/
+#
+## >0  search/4096,=(autoload  (len=10), ["Lisp/Scheme program text"], swap_endian=0
+#signature file-magic-auto584 {
+#	file-mime "text/x-lisp", 40
+#	file-magic /(.*)(\x28autoload )/
 #}
-
-# >0  search/4096,=(defparam  (len=10), ["Lisp/Scheme program text"], swap_endian=0
-signature file-magic-auto583 {
-	file-mime "text/x-lisp", 40
-	file-magic /(.*)(\x28defparam )/
-}
-
-# >0  search/4096,=(autoload  (len=10), ["Lisp/Scheme program text"], swap_endian=0
-signature file-magic-auto584 {
-	file-mime "text/x-lisp", 40
-	file-magic /(.*)(\x28autoload )/
-}
-
-#This signature seems too generic.
-# >0  search/1,=diff  (len=5), ["diff output text"], swap_endian=0
-#signature file-magic-auto585 {
-#	file-mime "text/x-diff", 40
-#	file-magic /(.*)(diff )/
+#
+## >0  search/1,=<TeXmacs| (len=9), ["TeXmacs document text"], swap_endian=0
+#signature file-magic-auto589 {
+#	file-mime "text/texmacs", 39
+#	file-magic /(.*)(\x3cTeXmacs\x7c)/
 #}
-
-# >0  regex,=^#include (len=9), ["C source text"], swap_endian=0
-#signature file-magic-auto586 {
-#	file-mime "text/x-c", 39
-#	file-magic /(.*)(#include)/
+#
+## >0  search/1,=/* XPM */ (len=9), ["X pixmap image text"], swap_endian=0
+#signature file-magic-auto590 {
+#	file-mime "image/x-xpmi", 39
+#	file-magic /(.*)(\x2f\x2a XPM \x2a\x2f)/
 #}
-
-# >0  search/1,=.\" (len=3), ["troff or preprocessor input text"], swap_endian=0
-#signature file-magic-auto587 {
-#	file-mime "text/troff", 39
-#	file-magic /(.*)(\x2e\x5c\x22)/
+#
+## >0  search/8192,="LIBHDR" (len=8), ["BCPL source text"], swap_endian=0
+#signature file-magic-auto596 {
+#	file-mime "text/x-bcpl", 38
+#	file-magic /(.*)(\x22LIBHDR\x22)/
 #}
-
-# >0  search/1,='\" (len=3), ["troff or preprocessor input text"], swap_endian=0
-#signature file-magic-auto588 {
-#	file-mime "text/troff", 39
-#	file-magic /(.*)(\x27\x5c\x22)/
+#
+## >0  search/4096,=(defvar  (len=8), ["Lisp/Scheme program text"], swap_endian=0
+#signature file-magic-auto598 {
+#	file-mime "text/x-lisp", 38
+#	file-magic /(.*)(\x28defvar )/
 #}
-
-# >0  search/1,=<TeXmacs| (len=9), ["TeXmacs document text"], swap_endian=0
-signature file-magic-auto589 {
-	file-mime "text/texmacs", 39
-	file-magic /(.*)(\x3cTeXmacs\x7c)/
-}
-
-# >0  search/1,=/* XPM */ (len=9), ["X pixmap image text"], swap_endian=0
-signature file-magic-auto590 {
-	file-mime "image/x-xpmi", 39
-	file-magic /(.*)(\x2f\x2a XPM \x2a\x2f)/
-}
-
-# >0  search/1,=<?\n (len=3), ["PHP script text"], swap_endian=0
-signature file-magic-auto591 {
-	file-mime "text/x-php", 39
-	file-magic /(.*)(\x3c\x3f\x0a)/
-}
-
-# >0  search/1,=<?\r (len=3), ["PHP script text"], swap_endian=0
-signature file-magic-auto592 {
-	file-mime "text/x-php", 39
-	file-magic /(.*)(\x3c\x3f\x0d)/
-}
-
-# >0  search/1,=''' (len=3), ["troff or preprocessor input text"], swap_endian=0
-#signature file-magic-auto593 {
-#	file-mime "text/troff", 39
-#	file-magic /(.*)(\x27\x27\x27)/
-#}
-
-# >0  search/4096,=try: (len=4), [""], swap_endian=0
-# >>&0  regex,=^\s*except.*: (len=13), ["Python script text executable"], swap_endian=0
-signature file-magic-auto594 {
-	file-mime "text/x-python", 43
-	file-magic /(.*)(try\x3a)(^\s*except.*:)/
-}
-
-# >0  search/4096,=try: (len=4), [""], swap_endian=0
-# >>&0  search/4096,=finally: (len=8), ["Python script text executable"], swap_endian=0
-signature file-magic-auto595 {
-	file-mime "text/x-python", 38
-	file-magic /(.*)(try\x3a)(.*)(finally\x3a)/
-}
-
-# >0  search/8192,="LIBHDR" (len=8), ["BCPL source text"], swap_endian=0
-signature file-magic-auto596 {
-	file-mime "text/x-bcpl", 38
-	file-magic /(.*)(\x22LIBHDR\x22)/
-}
-
-# >0  search/4096,=(defvar  (len=8), ["Lisp/Scheme program text"], swap_endian=0
-signature file-magic-auto598 {
-	file-mime "text/x-lisp", 38
-	file-magic /(.*)(\x28defvar )/
-}
-
-# Not specific enough.
-# >0  regex,=^program (len=8), ["Pascal source text"], swap_endian=0
-#signature file-magic-auto599 {
-#	file-mime "text/x-pascal", 38
-#	file-magic /(^program)/
-#}
-
-# >0  search/1,=Only in  (len=8), ["diff output text"], swap_endian=0
-signature file-magic-auto600 {
-	file-mime "text/x-diff", 38
-	file-magic /(.*)(Only in )/
-}
-
-# This signature doesn't seem specific enough.
-# >0  search/1,=***  (len=4), ["diff output text"], swap_endian=0
-#signature file-magic-auto601 {
+#
+## >0  search/1,=Only in  (len=8), ["diff output text"], swap_endian=0
+#signature file-magic-auto600 {
 #	file-mime "text/x-diff", 38
-#	file-magic /(.*)(\x2a\x2a\x2a )/
+#	file-magic /(.*)(Only in )/
 #}
-
-# >0  search/8192,="libhdr" (len=8), ["BCPL source text"], swap_endian=0
-signature file-magic-auto604 {
-	file-mime "text/x-bcpl", 38
-	file-magic /(.*)(\x22libhdr\x22)/
-}
-
-# Not specific enough.
-# >0  regex,=^record (len=7), ["Pascal source text"], swap_endian=0
-#signature file-magic-auto605 {
-#	file-mime "text/x-pascal", 37
-#	file-magic /(^record)/
+#
+## >0  search/8192,="libhdr" (len=8), ["BCPL source text"], swap_endian=0
+#signature file-magic-auto604 {
+#	file-mime "text/x-bcpl", 38
+#	file-magic /(.*)(\x22libhdr\x22)/
+#}
+#
+## >0  search/4096,=(defun  (len=7), ["Lisp/Scheme program text"], swap_endian=0
+#signature file-magic-auto607 {
+#	file-mime "text/x-lisp", 37
+#	file-magic /(.*)(\x28defun )/
 #}
-
-# >0  search/4096,=(defun  (len=7), ["Lisp/Scheme program text"], swap_endian=0
-signature file-magic-auto607 {
-	file-mime "text/x-lisp", 37
-	file-magic /(.*)(\x28defun )/
-}
 
 # >0  regex,=^msgid  (len=7), ["GNU gettext message catalogue text"], swap_endian=0
 signature file-magic-auto608 {
@@ -3674,126 +1714,8 @@ signature file-magic-auto608 {
 	file-magic /(^msgid )/
 }
 
-# >0  search/8192,=(input, (len=7), ["Pascal source text"], swap_endian=0
-signature file-magic-auto609 {
-	file-mime "text/x-pascal", 37
-	file-magic /(.*)(\x28input\x2c)/
-}
-
-# Not specific enough.
-# >0  search/1,=Index: (len=6), ["RCS/CVS diff output text"], swap_endian=0
-#signature file-magic-auto610 {
-#	file-mime "text/x-diff", 44
-#	file-magic /(.*)(Index\x3a)/
-#}
-
 # >0  search/4096,=(setq  (len=6), ["Lisp/Scheme program text"], swap_endian=0
-signature file-magic-auto611 {
-	file-mime "text/x-lisp", 36
-	file-magic /(.*)(\x28setq )/
-}
-
-# >0  regex/100,=^[Cc][ \t] (len=9), ["FORTRAN program"], swap_endian=0
-signature file-magic-auto612 {
-	file-mime "text/x-fortran", 34
-	file-magic /(^[Cc][ \x09])/
-}
-
-# >0  search/wt/1,=<?XML (len=5), ["broken XML document text"], swap_endian=0
-signature file-magic-auto613 {
-	file-mime "application/xml", 30
-	file-magic /(.*)(\x3c\x3fXML)/
-}
-
-# >0  search/wtb/1,=<?xml (len=5), ["XML document text"], swap_endian=0
-signature file-magic-auto614 {
-	file-mime "application/xml", 30
-	file-magic /(.*)(\x3c\x3fxml)/
-}
-
-# >0  regex,^import.*;$ (len=10), ["Java source"], swap_endian=0
-signature file-magic-auto615 {
-	file-mime "text/x-java", 20
-	file-magic /(import.*;$)/
-}
-
-# >0  string,=\177ELF (len=4), ["ELF"], swap_endian=0
-# >>5  byte&,=0x01, ["LSB"], swap_endian=0
-# >>>16  leshort&,=0 (0x0000), ["no file type,"], swap_endian=0
-#signature file-magic-auto616 {
-#	file-mime "application/octet-stream", 50
-#	file-magic /(\x7fELF)(.{1})([\x01])(.{10})(\x00\x00)/
+#signature file-magic-auto611 {
+#	file-mime "text/x-lisp", 36
+#	file-magic /(.*)(\x28setq )/
 #}
-
-# >0  string,=\177ELF (len=4), ["ELF"], swap_endian=0
-# >>5  byte&,=0x02, ["MSB"], swap_endian=0
-# >>>16  leshort&,=0 (0x0000), ["no file type,"], swap_endian=1
-#signature file-magic-auto617 {
-#	file-mime "application/octet-stream", 50
-#	file-magic /(\x7fELF)(.{1})([\x02])(.{10})(\x00\x00)/
-#}
-
-# >0  string,=\177ELF (len=4), ["ELF"], swap_endian=0
-# >>5  byte&,=0x01, ["LSB"], swap_endian=0
-# >>>16  leshort&,=1 (0x0001), ["relocatable,"], swap_endian=0
-signature file-magic-auto618 {
-	file-mime "application/x-object", 50
-	file-magic /(\x7fELF)([\x01\x02])([\x01])(.{10})(\x01\x00)/
-}
-
-# >0  string,=\177ELF (len=4), ["ELF"], swap_endian=0
-# >>5  byte&,=0x02, ["MSB"], swap_endian=0
-# >>>16  leshort&,=1 (0x0001), ["relocatable,"], swap_endian=1
-signature file-magic-auto619 {
-	file-mime "application/x-object", 50
-	file-magic /(\x7fELF)([\x01\x02])([\x02])(.{10})(\x00\x01)/
-}
-
-# >0  string,=\177ELF (len=4), ["ELF"], swap_endian=0
-# >>5  byte&,=0x01, ["LSB"], swap_endian=0
-# >>>16  leshort&,=2 (0x0002), ["executable,"], swap_endian=0
-signature file-magic-auto620 {
-	file-mime "application/x-executable", 50
-	file-magic /(\x7fELF)([\x01\x02])([\x01])(.{10})(\x02\x00)/
-}
-
-# >0  string,=\177ELF (len=4), ["ELF"], swap_endian=0
-# >>5  byte&,=0x02, ["MSB"], swap_endian=0
-# >>>16  leshort&,=2 (0x0002), ["executable,"], swap_endian=1
-signature file-magic-auto621 {
-	file-mime "application/x-executable", 50
-	file-magic /(\x7fELF)([\x01\x02])([\x02])(.{10})(\x00\x02)/
-}
-
-# >0  string,=\177ELF (len=4), ["ELF"], swap_endian=0
-# >>5  byte&,=0x01, ["LSB"], swap_endian=0
-# >>>16  leshort&,=3 (0x0003), ["shared object,"], swap_endian=0
-signature file-magic-auto622 {
-	file-mime "application/x-sharedlib", 50
-	file-magic /(\x7fELF)([\x01\x02])([\x01])(.{10})(\x03\x00)/
-}
-
-# >0  string,=\177ELF (len=4), ["ELF"], swap_endian=0
-# >>5  byte&,=0x02, ["MSB"], swap_endian=0
-# >>>16  leshort&,=3 (0x0003), ["shared object,"], swap_endian=1
-signature file-magic-auto623 {
-	file-mime "application/x-sharedlib", 50
-	file-magic /(\x7fELF)([\x01\x02])([\x02])(.{10})(\x00\x03)/
-}
-
-# >0  string,=\177ELF (len=4), ["ELF"], swap_endian=0
-# >>5  byte&,=0x01, ["LSB"], swap_endian=0
-# >>>16  leshort&,=4 (0x0004), ["core file"], swap_endian=0
-signature file-magic-auto624 {
-	file-mime "application/x-coredump", 50
-	file-magic /(\x7fELF)([\x01\x02])([\x01])(.{10})(\x04\x00)/
-}
-
-# >0  string,=\177ELF (len=4), ["ELF"], swap_endian=0
-# >>5  byte&,=0x02, ["MSB"], swap_endian=0
-# >>>16  leshort&,=4 (0x0004), ["core file"], swap_endian=1
-signature file-magic-auto625 {
-	file-mime "application/x-coredump", 50
-	file-magic /(\x7fELF)([\x01\x02])([\x02])(.{10})(\x00\x04)/
-}
-
diff --git a/scripts/base/frameworks/files/magic/msoffice.sig b/scripts/base/frameworks/files/magic/msoffice.sig
index 111ec77004..7ae866a088 100644
--- a/scripts/base/frameworks/files/magic/msoffice.sig
+++ b/scripts/base/frameworks/files/magic/msoffice.sig
@@ -26,3 +26,9 @@ signature file-pptx {
 	file-magic /^PK\x03\x04.{26}(\[Content_Types\]\.xml|_rels\x2f\.rels|ppt\x2f).*PK\x03\x04.{26}ppt\x2f/
 	file-mime "application/vnd.openxmlformats-officedocument.presentationml.presentation", 80
 }
+
+signature file-msaccess {
+	file-mime "application/x-msaccess", 180
+	file-magic /.{4}Standard (Jet|ACE) DB\x00/
+}
+
diff --git a/scripts/base/frameworks/files/magic/video.sig b/scripts/base/frameworks/files/magic/video.sig
new file mode 100644
index 0000000000..5d499f2119
--- /dev/null
+++ b/scripts/base/frameworks/files/magic/video.sig
@@ -0,0 +1,96 @@
+
+# Macromedia Flash Video
+signature file-flv {
+	file-mime "video/x-flv", 60
+	file-magic /^FLV/
+}
+
+# FLI animation
+signature file-fli {
+	file-mime "video/x-fli", 50
+	file-magic /^.{4}\x11\xaf/
+}
+
+# FLC animation
+signature file-flc {
+	file-mime "video/x-flc", 50
+	file-magic /^.{4}\x12\xaf/
+}
+
+# Motion JPEG 2000
+signature file-mj2 {
+	file-mime "video/mj2", 70
+	file-magic /\x00\x00\x00\x0cjP  \x0d\x0a\x87\x0a.{8}mjp2/
+}
+
+# MNG video
+signature file-mng {
+	file-mime "video/x-mng", 70
+	file-magic /^\x8aMNG/
+}
+
+# JNG video
+signature file-jng {
+	file-mime "video/x-jng", 70
+	file-magic /^\x8bJNG/
+}
+
+# Generic MPEG container
+signature file-mpeg {
+	file-mime "video/mpeg", 50
+	file-magic /(\x00\x00\x01[\xb0-\xbb])/
+}
+
+# MPV
+signature file-mpv {
+	file-mime "video/mpv", 71
+	file-magic /(\x00\x00\x01\xb3)/
+}
+
+# H.264
+signature file-h264 {
+	file-mime "video/h264", 41
+	file-magic /(\x00\x00\x00\x01)([\x07\x27\x47\x67\x87\xa7\xc7\xe7])/
+}
+
+# WebM video
+signature file-webm {
+	file-mime "video/webm", 70
+	file-magic /(\x1a\x45\xdf\xa3)(.*)(B\x82)(.{1})(webm)/
+}
+
+# Matroska video
+signature file-matroska {
+	file-mime "video/x-matroska", 110
+	file-magic /(\x1a\x45\xdf\xa3)(.*)(B\x82)(.{1})(matroska)/
+}
+
+# MP2P
+signature file-mp2p {
+	file-mime "video/mp2p", 21
+	file-magic /\x00\x00\x01\xba([\x40-\x7f\xc0-\xff])/
+}
+
+# Silicon Graphics video
+signature file-sgi-movie {
+	file-mime "video/x-sgi-movie", 70
+	file-magic /^MOVI/
+}
+
+# Apple QuickTime movie
+signature file-quicktime {
+	file-mime "video/quicktime", 70
+	file-magic /^....(mdat|moov)/
+}
+
+# MPEG v4 video
+signature file-mp4 {
+	file-mime "video/mp4", 70
+	file-magic /^....ftyp(isom|mp4[12])/
+}
+
+# 3GPP Video
+signature file-3gpp {
+	file-mime "video/3gpp", 60
+	file-magic /^....ftyp(3g[egps2]|avc1|mmp4)/
+}
diff --git a/scripts/base/frameworks/files/main.bro b/scripts/base/frameworks/files/main.bro
index 94a46578c0..ed73028236 100644
--- a/scripts/base/frameworks/files/main.bro
+++ b/scripts/base/frameworks/files/main.bro
@@ -129,12 +129,11 @@ export {
 	## files based on the detected mime type of the file.
 	const analyze_by_mime_type_automatically = T &redef;
 
-	## The default setting for if the file reassembler is enabled for 
-	## each file.
+	## The default setting for file reassembly.
 	const enable_reassembler = T &redef;
 
 	## The default per-file reassembly buffer size.
-	const reassembly_buffer_size = 1048576 &redef;
+	const reassembly_buffer_size = 524288 &redef;
 
 	## Allows the file reassembler to be used if it's necessary because the
 	## file is transferred out of order.
@@ -313,7 +312,7 @@ global analyzer_add_callbacks: table[Files::Tag] of function(f: fa_file, args: A
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Files::LOG, [$columns=Info, $ev=log_files]);
+	Log::create_stream(Files::LOG, [$columns=Info, $ev=log_files, $path="files"]);
 	}
 
 function set_info(f: fa_file)
@@ -484,16 +483,19 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
 	add f$info$rx_hosts[f$is_orig ? cid$resp_h : cid$orig_h];
 	}
 
-event file_mime_type(f: fa_file, mime_type: string) &priority=10
+event file_sniff(f: fa_file, meta: fa_metadata) &priority=10
 	{
 	set_info(f);
 
-	f$info$mime_type = mime_type;
+	if ( ! meta?$mime_type )
+		return;
+
+	f$info$mime_type = meta$mime_type;
 
 	if ( analyze_by_mime_type_automatically &&
-	     mime_type in mime_type_to_analyzers )
+	     meta$mime_type in mime_type_to_analyzers )
 		{
-		local analyzers = mime_type_to_analyzers[mime_type];
+		local analyzers = mime_type_to_analyzers[meta$mime_type];
 		for ( a in analyzers )
 			{
 			add f$info$analyzers[Files::analyzer_name(a)];
diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.bro
index 4866766df4..eba27ca56a 100644
--- a/scripts/base/frameworks/intel/main.bro
+++ b/scripts/base/frameworks/intel/main.bro
@@ -32,6 +32,8 @@ export {
 		FILE_NAME,
 		## Certificate SHA-1 hash.
 		CERT_HASH,
+		## Public key MD5 hash. (SSH server host keys are a good example.)
+		PUBKEY_HASH,
 	};
 	
 	## Data about an :bro:type:`Intel::Item`.
@@ -174,7 +176,7 @@ global min_data_store: MinDataStore &redef;
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(LOG, [$columns=Info, $ev=log_intel]);
+	Log::create_stream(LOG, [$columns=Info, $ev=log_intel, $path="intel"]);
 	}
 
 function find(s: Seen): bool
diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.bro
index aecc552146..1732cc5540 100644
--- a/scripts/base/frameworks/logging/main.bro
+++ b/scripts/base/frameworks/logging/main.bro
@@ -50,11 +50,17 @@ export {
 		## The event receives a single same parameter, an instance of
 		## type ``columns``.
 		ev: any &optional;
+
+		## A path that will be inherited by any filters added to the
+		## stream which do not already specify their own path.
+		path: string &optional;
 	};
 
 	## Builds the default path values for log filters if not otherwise
 	## specified by a filter. The default implementation uses *id*
-	## to derive a name.
+	## to derive a name.  Upon adding a filter to a stream, if neither
+	## ``path`` nor ``path_func`` is explicitly set by them, then
+	## this function is used as the ``path_func``.
 	##
 	## id: The ID associated with the log stream.
 	##
@@ -144,7 +150,9 @@ export {
 		## to compute the string dynamically. It is ok to return
 		## different strings for separate calls, but be careful: it's
 		## easy to flood the disk by returning a new string for each
-		## connection.
+		## connection.  Upon adding a filter to a stream, if neither
+		## ``path`` nor ``path_func`` is explicitly set by them, then
+		## :bro:see:`default_path_func` is used.
 		##
 		## id: The ID associated with the log stream.
 		##
@@ -380,6 +388,8 @@ export {
 	global active_streams: table[ID] of Stream = table();
 }
 
+global all_streams: table[ID] of Stream = table();
+
 # We keep a script-level copy of all filters so that we can manipulate them.
 global filters: table[ID, string] of Filter;
 
@@ -464,6 +474,7 @@ function create_stream(id: ID, stream: Stream) : bool
 		return F;
 
 	active_streams[id] = stream;
+	all_streams[id] = stream;
 
 	return add_default_filter(id);
 	}
@@ -471,6 +482,7 @@ function create_stream(id: ID, stream: Stream) : bool
 function remove_stream(id: ID) : bool
 	{
 	delete active_streams[id];
+	delete all_streams[id];
 	return __remove_stream(id);
 	}
 
@@ -483,10 +495,12 @@ function disable_stream(id: ID) : bool
 
 function add_filter(id: ID, filter: Filter) : bool
 	{
-	# This is a work-around for the fact that we can't forward-declare
-	# the default_path_func and then use it as &default in the record
-	# definition.
-	if ( ! filter?$path_func )
+	local stream = all_streams[id];
+
+	if ( stream?$path && ! filter?$path )
+		filter$path = stream$path;
+
+	if ( ! filter?$path && ! filter?$path_func )
 		filter$path_func = default_path_func;
 
 	filters[id, filter$name] = filter;
diff --git a/scripts/base/frameworks/logging/postprocessors/sftp.bro b/scripts/base/frameworks/logging/postprocessors/sftp.bro
index b7f6827026..8c77899864 100644
--- a/scripts/base/frameworks/logging/postprocessors/sftp.bro
+++ b/scripts/base/frameworks/logging/postprocessors/sftp.bro
@@ -37,6 +37,8 @@ export {
 		user: string;
 		## The remote host to which to transfer logs.
 		host: string;
+		## The port to connect to. Defaults to 22
+		host_port: count &default=22;
 		## The path/directory on the remote host to send logs.
 		path: string;
 	};
@@ -63,8 +65,8 @@ function sftp_postprocessor(info: Log::RotationInfo): bool
 		{
 		local dst = fmt("%s/%s.%s.log", d$path, info$path,
 		                strftime(Log::sftp_rotation_date_format, info$open));
-		command += fmt("echo put %s %s | sftp -b - %s@%s;", info$fname, dst,
-		               d$user, d$host);
+		command += fmt("echo put %s %s | sftp -P %d -b - %s@%s;", info$fname, dst,
+		               d$host_port, d$user, d$host);
 		}
 
 	command += fmt("/bin/rm %s", info$fname);
diff --git a/scripts/base/frameworks/notice/main.bro b/scripts/base/frameworks/notice/main.bro
index d7d9bd61c9..2418b499e5 100644
--- a/scripts/base/frameworks/notice/main.bro
+++ b/scripts/base/frameworks/notice/main.bro
@@ -19,9 +19,9 @@ export {
 	## the :bro:id:`NOTICE` function.  The convention is to give a general
 	## category along with the specific notice separating words with
 	## underscores and using leading capitals on each word except for
-	## abbreviations which are kept in all capitals.  For example,
+	## abbreviations which are kept in all capitals. For example,
 	## SSH::Password_Guessing is for hosts that have crossed a threshold of
-	## heuristically determined failed SSH logins.
+	## failed SSH logins.
 	type Type: enum {
 		## Notice reporting a count of how often a notice occurred.
 		Tally,
@@ -349,9 +349,9 @@ function log_mailing_postprocessor(info: Log::RotationInfo): bool
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Notice::LOG, [$columns=Info, $ev=log_notice]);
+	Log::create_stream(Notice::LOG, [$columns=Info, $ev=log_notice, $path="notice"]);
 
-	Log::create_stream(Notice::ALARM_LOG, [$columns=Notice::Info]);
+	Log::create_stream(Notice::ALARM_LOG, [$columns=Notice::Info, $path="notice_alarm"]);
 	# If Bro is configured for mailing notices, set up mailing for alarms.
 	# Make sure that this alarm log is also output as text so that it can
 	# be packaged up and emailed later.
diff --git a/scripts/base/frameworks/notice/weird.bro b/scripts/base/frameworks/notice/weird.bro
index 474f021cef..627849a591 100644
--- a/scripts/base/frameworks/notice/weird.bro
+++ b/scripts/base/frameworks/notice/weird.bro
@@ -294,7 +294,7 @@ global current_conn: connection;
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Weird::LOG, [$columns=Info, $ev=log_weird]);
+	Log::create_stream(Weird::LOG, [$columns=Info, $ev=log_weird, $path="weird"]);
 	}
 
 function flow_id_string(src: addr, dst: addr): string
diff --git a/scripts/base/frameworks/packet-filter/main.bro b/scripts/base/frameworks/packet-filter/main.bro
index 8b1739acb4..b0a6f144e3 100644
--- a/scripts/base/frameworks/packet-filter/main.bro
+++ b/scripts/base/frameworks/packet-filter/main.bro
@@ -159,7 +159,7 @@ event filter_change_tracking()
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(PacketFilter::LOG, [$columns=Info]);
+	Log::create_stream(PacketFilter::LOG, [$columns=Info, $path="packet_filter"]);
 
 	# Preverify the capture and restrict filters to give more granular failure messages.
 	for ( id in capture_filters )
diff --git a/scripts/base/frameworks/reporter/main.bro b/scripts/base/frameworks/reporter/main.bro
index 873cb15a45..e87407c89a 100644
--- a/scripts/base/frameworks/reporter/main.bro
+++ b/scripts/base/frameworks/reporter/main.bro
@@ -45,7 +45,7 @@ export {
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Reporter::LOG, [$columns=Info]);
+	Log::create_stream(Reporter::LOG, [$columns=Info, $path="reporter"]);
 	}
 
 event reporter_info(t: time, msg: string, location: string) &priority=-5
diff --git a/scripts/base/frameworks/signatures/main.bro b/scripts/base/frameworks/signatures/main.bro
index 5b233d1db1..51d01f8f34 100644
--- a/scripts/base/frameworks/signatures/main.bro
+++ b/scripts/base/frameworks/signatures/main.bro
@@ -142,7 +142,7 @@ global did_sig_log: set[string] &read_expire = 1 hr;
 
 event bro_init()
 	{
-	Log::create_stream(Signatures::LOG, [$columns=Info, $ev=log_signature]);
+	Log::create_stream(Signatures::LOG, [$columns=Info, $ev=log_signature, $path="signatures"]);
 	}
 		
 # Returns true if the given signature has already been triggered for the given
@@ -277,7 +277,7 @@ event signature_match(state: signature_state, msg: string, data: string)
 				orig, sig_id, hcount);
 
 		Log::write(Signatures::LOG, 
-			[$note=Multiple_Sig_Responders,
+			[$ts=network_time(), $note=Multiple_Sig_Responders,
 		     $src_addr=orig, $sig_id=sig_id, $event_msg=msg,
 		     $host_count=hcount, $sub_msg=horz_scan_msg]);
 
diff --git a/scripts/base/frameworks/software/main.bro b/scripts/base/frameworks/software/main.bro
index f7b8ce9326..bcb791b4f4 100644
--- a/scripts/base/frameworks/software/main.bro
+++ b/scripts/base/frameworks/software/main.bro
@@ -105,7 +105,7 @@ export {
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Software::LOG, [$columns=Info, $ev=log_software]);
+	Log::create_stream(Software::LOG, [$columns=Info, $ev=log_software, $path="software"]);
 	}
 	
 type Description: record {
diff --git a/scripts/base/frameworks/tunnels/main.bro b/scripts/base/frameworks/tunnels/main.bro
index 04207618d7..7721ce3a02 100644
--- a/scripts/base/frameworks/tunnels/main.bro
+++ b/scripts/base/frameworks/tunnels/main.bro
@@ -89,7 +89,7 @@ redef likely_server_ports += { ayiya_ports, teredo_ports, gtpv1_ports };
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Tunnel::LOG, [$columns=Info]);
+	Log::create_stream(Tunnel::LOG, [$columns=Info, $path="tunnel"]);
 
 	Analyzer::register_for_ports(Analyzer::ANALYZER_AYIYA, ayiya_ports);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, teredo_ports);
diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index 4a1bcfbe72..23f4fd43dd 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -333,8 +333,6 @@ type connection: record {
 	## to parse the same data. If so, all will be recorded. Also note that
 	## the recorded services are independent of any transport-level protocols.
 	service: set[string];
-	addl: string;	##< Deprecated.
-	hot: count;	##< Deprecated.
 	history: string;	##< State history of connections. See *history* in :bro:see:`Conn::Info`.
 	## A globally unique connection identifier. For each connection, Bro
 	## creates an ID that is very likely unique across independent Bro runs.
@@ -414,6 +412,14 @@ type fa_file: record {
 	bof_buffer: string &optional;
 } &redef;
 
+## Metadata that's been inferred about a particular file.
+type fa_metadata: record {
+	## The strongest matching mime type if one was discovered.
+	mime_type: string &optional;
+	## All matching mime types if any were discovered.
+	mime_types: mime_matches &optional;
+};
+
 ## Fields of a SYN packet.
 ##
 ## .. bro:see:: connection_SYN_packet
@@ -440,6 +446,7 @@ type NetStats: record {
 	## packet capture system, this value may not be available and will then
 	## be always set to zero.
 	pkts_link:    count &default=0;
+	bytes_recvd:  count &default=0;	##< Bytes received by Bro.
 };
 
 ## Statistics about Bro's resource consumption.
@@ -928,7 +935,7 @@ const tcp_storm_interarrival_thresh = 1 sec &redef;
 ## seeing our peer's ACKs.  Set to zero to turn off this determination.
 ##
 ## .. bro:see:: tcp_max_above_hole_without_any_acks tcp_excessive_data_without_further_acks
-const tcp_max_initial_window = 4096 &redef;
+const tcp_max_initial_window = 16384 &redef;
 
 ## If we're not seeing our peer's ACKs, the maximum volume of data above a
 ## sequence hole that we'll tolerate before assuming that there's been a packet
@@ -936,7 +943,7 @@ const tcp_max_initial_window = 4096 &redef;
 ## don't ever give up.
 ##
 ## .. bro:see:: tcp_max_initial_window tcp_excessive_data_without_further_acks
-const tcp_max_above_hole_without_any_acks = 4096 &redef;
+const tcp_max_above_hole_without_any_acks = 16384 &redef;
 
 ## If we've seen this much data without any of it being acked, we give up
 ## on that connection to avoid memory exhaustion due to buffering all that
@@ -1080,27 +1087,6 @@ const ENDIAN_LITTLE = 1;	##< Little endian.
 const ENDIAN_BIG = 2;	##< Big endian.
 const ENDIAN_CONFUSED = 3;	##< Tried to determine endian, but failed.
 
-## Deprecated.
-function append_addl(c: connection, addl: string)
-	{
-	if ( c$addl == "" )
-		c$addl= addl;
-
-	else if ( addl !in c$addl )
-		c$addl = fmt("%s %s", c$addl, addl);
-	}
-
-## Deprecated.
-function append_addl_marker(c: connection, addl: string, marker: string)
-	{
-	if ( c$addl == "" )
-		c$addl= addl;
-
-	else if ( addl !in c$addl )
-		c$addl = fmt("%s%s%s", c$addl, marker, addl);
-	}
-
-
 # Values for :bro:see:`set_contents_file` *direction* argument.
 # todo:: these should go into an enum to make them autodoc'able
 const CONTENTS_NONE = 0;	##< Turn off recording of contents.
@@ -2215,6 +2201,41 @@ export {
 	const heartbeat_interval = 1.0 secs &redef;
 }
 
+module SSH;
+
+export {
+	## The client and server each have some preferences for the algorithms used
+	## in each direction.
+	type Algorithm_Prefs: record {
+		## The algorithm preferences for client to server communication
+		client_to_server: vector of string &optional;
+		## The algorithm preferences for server to client communication
+		server_to_client: vector of string &optional;
+	};
+
+	## This record lists the preferences of an SSH endpoint for
+	## algorithm selection. During the initial :abbr:`SSH (Secure Shell)`
+	## key exchange, each endpoint lists the algorithms
+	## that it supports, in order of preference. See
+	## :rfc:`4253#section-7.1` for details.
+	type Capabilities: record {
+		## Key exchange algorithms
+		kex_algorithms:             string_vec;
+		## The algorithms supported for the server host key
+		server_host_key_algorithms: string_vec;
+		## Symmetric encryption algorithm preferences
+		encryption_algorithms:      Algorithm_Prefs;
+		## Symmetric MAC algorithm preferences
+		mac_algorithms:             Algorithm_Prefs;
+		## Compression algorithm preferences
+		compression_algorithms:     Algorithm_Prefs;
+		## Language preferences
+		languages:                  Algorithm_Prefs &optional;
+		## Are these the capabilities of the server?
+		is_server:                  bool;
+	};
+}
+
 module GLOBAL;
 
 ## An NTP message.
@@ -2511,6 +2532,145 @@ type irc_join_info: record {
 ## .. bro:see:: irc_join_message
 type irc_join_list: set[irc_join_info];
 
+module PE;
+export {
+type PE::DOSHeader: record {
+	## The magic number of a portable executable file ("MZ").
+	signature                : string;
+	## The number of bytes in the last page that are used.
+	used_bytes_in_last_page  : count;
+	## The number of pages in the file that are part of the PE file itself.
+	file_in_pages            : count;
+	## Number of relocation entries stored after the header.
+	num_reloc_items          : count;
+	## Number of paragraphs in the header.
+	header_in_paragraphs     : count;
+	## Number of paragraps of additional memory that the program will need.
+	min_extra_paragraphs     : count;
+	## Maximum number of paragraphs of additional memory.
+	max_extra_paragraphs     : count;
+	## Relative value of the stack segment.
+	init_relative_ss         : count;
+	## Initial value of the SP register.
+	init_sp                  : count;
+	## Checksum. The 16-bit sum of all words in the file should be 0. Normally not set.
+	checksum                 : count;
+	## Initial value of the IP register.
+	init_ip                  : count;
+	## Initial value of the CS register (relative to the initial segment).
+	init_relative_cs         : count;
+	## Offset of the first relocation table.
+	addr_of_reloc_table      : count;
+	## Overlays allow you to append data to the end of the file. If this is the main program,
+	## this will be 0.
+	overlay_num              : count;
+	## OEM identifier.
+	oem_id                   : count;
+	## Additional OEM info, specific to oem_id.
+	oem_info                 : count;
+	## Address of the new EXE header.
+	addr_of_new_exe_header   : count;
+};
+
+type PE::FileHeader: record {
+	## The target machine that the file was compiled for.
+	machine              : count;
+	## The time that the file was created at.
+	ts                   : time;
+	## Pointer to the symbol table.
+	sym_table_ptr        : count;
+	## Number of symbols.
+	num_syms             : count;
+	## The size of the optional header.
+	optional_header_size : count;
+	## Bit flags that determine if this file is executable, non-relocatable, and/or a DLL.
+	characteristics      : set[count];
+};
+
+type PE::OptionalHeader: record {
+	## PE32 or PE32+ indicator.
+	magic                   : count;
+	## The major version of the linker used to create the PE.
+	major_linker_version    : count;
+	## The minor version of the linker used to create the PE.
+	minor_linker_version    : count;
+	## Size of the .text section.
+	size_of_code            : count;
+	## Size of the .data section.
+	size_of_init_data       : count;
+	## Size of the .bss section.
+	size_of_uninit_data     : count;
+	## The relative virtual address (RVA) of the entry point.
+	addr_of_entry_point     : count;
+	## The relative virtual address (RVA) of the .text section.
+	base_of_code            : count;
+	## The relative virtual address (RVA) of the .data section.
+	base_of_data            : count &optional;
+	## Preferred memory location for the image to be based at.
+	image_base              : count;
+	## The alignment (in bytes) of sections when they're loaded in memory.
+	section_alignment       : count;
+	## The alignment (in bytes) of the raw data of sections.
+	file_alignment          : count;
+	## The major version of the required OS.
+	os_version_major        : count;
+	## The minor version of the required OS.
+	os_version_minor        : count;
+	## The major version of this image.
+	major_image_version     : count;
+	## The minor version of this image.
+	minor_image_version     : count;
+	## The major version of the subsystem required to run this file.
+	major_subsys_version    : count;
+	## The minor version of the subsystem required to run this file.
+	minor_subsys_version    : count;
+	## The size (in bytes) of the iamge as the image is loaded in memory.
+	size_of_image           : count;
+	## The size (in bytes) of the headers, rounded up to file_alignment.
+	size_of_headers         : count;
+	## The image file checksum.
+	checksum                : count;
+	## The subsystem that's required to run this image.
+	subsystem               : count;
+	## Bit flags that determine how to execute or load this file.
+	dll_characteristics     : set[count];
+	## A vector with the sizes of various tables and strings that are
+	## defined in the optional header data directories. Examples include
+	## the import table, the resource table, and debug information.
+	table_sizes             : vector of count;
+
+};
+
+## Record for Portable Executable (PE) section headers.
+type PE::SectionHeader: record {
+	## The name of the section
+	name             : string;
+	## The total size of the section when loaded into memory.
+	virtual_size     : count;
+	## The relative virtual address (RVA) of the section.
+	virtual_addr     : count;
+	## The size of the initialized data for the section, as it is
+	## in the file on disk.
+	size_of_raw_data : count;
+	## The virtual address of the initialized dat for the section,
+	## as it is in the file on disk.
+	ptr_to_raw_data  : count;
+	## The file pointer to the beginning of relocation entries for
+	## the section.
+	ptr_to_relocs    : count;
+	## The file pointer to the beginning of line-number entries for
+	## the section.
+	ptr_to_line_nums : count;
+	## The number of relocation entries for the section.
+	num_of_relocs    : count;
+	## The number of line-number entrie for the section.
+	num_of_line_nums : count;
+	## Bit-flags that describe the characteristics of the section.
+	characteristics  : set[count];
+};
+}
+module GLOBAL;
+
 ## Deprecated.
 ##
 ## .. todo:: Remove. It's still declared internally but doesn't seem  used anywhere
@@ -2635,60 +2795,6 @@ global generate_OS_version_event: set[subnet] &redef;
 # number>``), which were seen during the sample.
 type load_sample_info: set[string];
 
-## ID for NetFlow header. This is primarily a means to sort together NetFlow
-## headers and flow records at the script level.
-type nfheader_id: record {
-	## Name of the NetFlow file (e.g., ``netflow.dat``) or the receiving
-	## socket address (e.g., ``127.0.0.1:5555``), or an explicit name if
-	## specified to ``-y`` or ``-Y``.
-	rcvr_id: string;
-	## A serial number, ignoring any overflows.
-	pdu_id: count;
-};
-
-## A NetFlow v5 header.
-##
-## .. bro:see:: netflow_v5_header
-type nf_v5_header: record {
-	h_id: nfheader_id;	##< ID for sorting.
-	cnt: count;	##< TODO.
-	sysuptime: interval;	##< Router's uptime.
-	exporttime: time;	##< When the data was exported.
-	flow_seq: count;	##< Sequence number.
-	eng_type: count;	##< Engine type.
-	eng_id: count;	##< Engine ID.
-	sample_int: count;	##< Sampling interval.
-	exporter: addr;	##< Exporter address.
-};
-
-## A NetFlow v5 record.
-##
-## .. bro:see:: netflow_v5_record
-type nf_v5_record: record {
-	h_id: nfheader_id;	##< ID for sorting.
-	id: conn_id;	##< Connection ID.
-	nexthop: addr;	##< Address of next hop.
-	input: count;	##< Input interface.
-	output: count;	##< Output interface.
-	pkts: count;	##< Number of packets.
-	octets: count;	##< Number of bytes.
-	first: time;	##< Timestamp of first packet.
-	last: time;	##< Timestamp of last packet.
-	tcpflag_fin: bool;	##< FIN flag for TCP flows.
-	tcpflag_syn: bool;	##< SYN flag for TCP flows.
-	tcpflag_rst: bool;	##< RST flag for TCP flows.
-	tcpflag_psh: bool;	##< PSH flag for TCP flows.
-	tcpflag_ack: bool;	##< ACK flag for TCP flows.
-	tcpflag_urg: bool;	##< URG flag for TCP flows.
-	proto: count;	##< IP protocol.
-	tos: count;	##< Type of service.
-	src_as: count;	##< Source AS.
-	dst_as: count;	##< Destination AS.
-	src_mask: count;	##< Source mask.
-	dst_mask: count;	##< Destination mask.
-};
-
-
 ## A BitTorrent peer.
 ##
 ## .. bro:see:: bittorrent_peer_set
@@ -2774,19 +2880,20 @@ export {
 module X509;
 export {
 	type Certificate: record {
-		version: count;	##< Version number.
-		serial: string;	##< Serial number.
-		subject: string;	##< Subject.
-		issuer: string;	##< Issuer.
-		not_valid_before: time;	##< Timestamp before when certificate is not valid.
-		not_valid_after: time;	##< Timestamp after when certificate is not valid.
-		key_alg: string;	##< Name of the key algorithm
-		sig_alg: string;	##< Name of the signature algorithm
-		key_type: string &optional;	##< Key type, if key parseable by openssl (either rsa, dsa or ec)
-		key_length: count &optional;	##< Key length in bits
-		exponent: string &optional;	##< Exponent, if RSA-certificate
-		curve: string &optional;	##< Curve, if EC-certificate
-	} &log;
+		version: count &log;	##< Version number.
+		serial: string &log;	##< Serial number.
+		subject: string &log;	##< Subject.
+		issuer: string &log;	##< Issuer.
+		cn: string &optional; ##< Last (most specific) common name.
+		not_valid_before: time &log;	##< Timestamp before when certificate is not valid.
+		not_valid_after: time &log;	##< Timestamp after when certificate is not valid.
+		key_alg: string &log;	##< Name of the key algorithm
+		sig_alg: string &log;	##< Name of the signature algorithm
+		key_type: string &optional &log;	##< Key type, if key parseable by openssl (either rsa, dsa or ec)
+		key_length: count &optional &log;	##< Key length in bits
+		exponent: string &optional &log;	##< Exponent, if RSA-certificate
+		curve: string &optional &log;	##< Curve, if EC-certificate
+	};
 
 	type Extension: record {
 		name: string;	##< Long name of extension. oid if name not known
@@ -2847,7 +2954,44 @@ export {
 		attributes    : RADIUS::Attributes &optional;
 	};
 }
-module GLOBAL;
+
+module RDP;
+export {
+	type RDP::EarlyCapabilityFlags: record {
+		support_err_info_pdu:       bool;
+		want_32bpp_session:         bool;
+		support_statusinfo_pdu:     bool;
+		strong_asymmetric_keys:     bool;
+		support_monitor_layout_pdu: bool;
+		support_netchar_autodetect: bool;
+		support_dynvc_gfx_protocol: bool;
+		support_dynamic_time_zone:  bool;
+		support_heartbeat_pdu:      bool;
+	};
+
+	type RDP::ClientCoreData: record {
+		version_major:          count;
+		version_minor:          count;
+		desktop_width:          count;
+		desktop_height:         count;
+		color_depth:            count;
+		sas_sequence:           count;
+		keyboard_layout:        count;
+		client_build:           count;
+		client_name:            string;
+		keyboard_type:          count;
+		keyboard_sub:           count;
+		keyboard_function_key:  count;
+		ime_file_name:          string;
+		post_beta2_color_depth: count  &optional;
+		client_product_id:      string &optional;
+		serial_number:          count  &optional;
+		high_color_depth:       count  &optional;
+		supported_color_depths: count  &optional;
+		ec_flags:               RDP::EarlyCapabilityFlags &optional;
+		dig_product_id:         string &optional;
+	};
+}
 
 @load base/bif/plugins/Bro_SNMP.types.bif
 
@@ -2971,6 +3115,186 @@ export {
 	};
 }
 
+@load base/bif/plugins/Bro_KRB.types.bif
+
+module KRB;
+export {
+	## KDC Options. See :rfc:`4120`
+	type KRB::KDC_Options: record {
+		## The ticket to be issued should have its forwardable flag set.
+		forwardable		: bool;
+		## A (TGT) request for forwarding.
+		forwarded		: bool;
+		## The ticket to be issued should have its proxiable flag set.
+		proxiable		: bool;
+		## A request for a proxy.
+		proxy			: bool;
+		## The ticket to be issued should have its may-postdate flag set.
+		allow_postdate		: bool;
+		## A request for a postdated ticket.
+		postdated		: bool;
+		## The ticket to be issued should have its renewable  flag set.
+		renewable		: bool;
+		## Reserved for opt_hardware_auth
+		opt_hardware_auth	: bool;
+		## Request that the KDC not check the transited field of a TGT against
+		## the policy of the local realm before it will issue derivative tickets
+		## based on the TGT.
+		disable_transited_check	: bool;
+		## If a ticket with the requested lifetime cannot be issued, a renewable
+		## ticket is acceptable
+		renewable_ok		: bool;
+		## The ticket for the end server is to be encrypted in the session key
+		## from the additional TGT provided
+		enc_tkt_in_skey		: bool;
+		## The request is for a renewal
+		renew			: bool;
+		## The request is to validate a postdated ticket.
+		validate		: bool;
+	};
+
+	## AP Options. See :rfc:`4120`
+	type KRB::AP_Options: record {
+		## Indicates that user-to-user-authentication is in use
+		use_session_key	: bool;
+		## Mutual authentication is required
+		mutual_required	: bool;
+	};
+
+	## Used in a few places in the Kerberos analyzer for elements
+	## that have a type and a string value.
+	type KRB::Type_Value: record {
+		## The data type
+		data_type	: count;
+		## The data value
+		val 		: string;
+	};
+
+	type KRB::Type_Value_Vector: vector of KRB::Type_Value;
+
+	## A Kerberos host address See :rfc:`4120`.
+	type KRB::Host_Address: record {
+		## IPv4 or IPv6 address
+		ip	: addr &log &optional;
+		## NetBIOS address
+		netbios : string &log &optional;
+		## Some other type that we don't support yet
+		unknown : KRB::Type_Value &optional;
+	};
+
+	type KRB::Host_Address_Vector: vector of KRB::Host_Address;
+
+	## The data from the SAFE message. See :rfc:`4120`.
+	type KRB::SAFE_Msg: record {
+		## Protocol version number (5 for KRB5)
+		pvno		: count;
+		## The message type (20 for SAFE_MSG)
+		msg_type	: count;
+		## The application-specific data that is being passed
+		## from the sender to the reciever
+		data		: string;
+		## Current time from the sender of the message
+		timestamp	: time &optional;
+		## Sequence number used to detect replays
+		seq		: count &optional;
+		## Sender address
+		sender		: Host_Address &optional;
+		## Recipient address
+		recipient    	: Host_Address &optional;
+	};
+
+	## The data from the ERROR_MSG message. See :rfc:`4120`.
+	type KRB::Error_Msg: record {
+		## Protocol version number (5 for KRB5)
+		pvno		: count;
+		## The message type (30 for ERROR_MSG)
+		msg_type	: count;
+		## Current time on the client
+		client_time	: time &optional;
+		## Current time on the server
+		server_time	: time;
+		## The specific error code
+		error_code	: count;
+		## Realm of the ticket
+		client_realm	: string &optional;
+		## Name on the ticket
+		client_name	: string &optional;
+		## Realm of the service
+		service_realm	: string;
+		## Name of the service
+		service_name	: string;
+		## Additional text to explain the error
+		error_text	: string &optional;
+		## Optional pre-authentication data
+		pa_data		: vector of KRB::Type_Value &optional;
+	};
+
+	## A Kerberos ticket. See :rfc:`4120`.
+	type KRB::Ticket: record {
+		## Protocol version number (5 for KRB5)
+		pvno		: count;
+		## Realm
+		realm		: string;
+		## Name of the service
+		service_name	: string;
+		## Cipher the ticket was encrypted with
+		cipher		: count;
+	};
+
+	type KRB::Ticket_Vector: vector of KRB::Ticket;
+
+	## The data from the AS_REQ and TGS_REQ messages. See :rfc:`4120`.
+	type KRB::KDC_Request: record {
+		## Protocol version number (5 for KRB5)
+		pvno			: count;
+		## The message type (10 for AS_REQ, 12 for TGS_REQ)
+		msg_type		: count;
+		## Optional pre-authentication data
+		pa_data			: vector of KRB::Type_Value &optional;
+		## Options specified in the request
+		kdc_options		: KRB::KDC_Options;
+		## Name on the ticket
+		client_name		: string &optional;
+
+		## Realm of the service
+		service_realm		: string;
+		## Name of the service
+		service_name		: string &optional;
+		## Time the ticket is good from
+		from			: time &optional;
+		## Time the ticket is good till
+		till			: time;
+		## The requested renew-till time
+		rtime			: time &optional;
+
+		## A random nonce generated by the client
+		nonce			: count;
+		## The desired encryption algorithms, in order of preference
+		encryption_types	: vector of count;
+		## Any additional addresses the ticket should be valid for
+		host_addrs		: vector of KRB::Host_Address &optional;
+		## Additional tickets may be included for certain transactions
+		additional_tickets	: vector of KRB::Ticket &optional;
+	};
+
+	## The data from the AS_REQ and TGS_REQ messages. See :rfc:`4120`.
+	type KRB::KDC_Response: record {
+		## Protocol version number (5 for KRB5)
+		pvno			: count;
+		## The message type (11 for AS_REP, 13 for TGS_REP)
+		msg_type		: count;
+		## Optional pre-authentication data
+		pa_data			: vector of KRB::Type_Value &optional;
+		## Realm on the ticket
+		client_realm		: string &optional;
+		## Name on the service
+		client_name		: string;
+
+		## The ticket that was issued
+		ticket			: KRB::Ticket;
+	};
+}
+
 module GLOBAL;
 
 @load base/bif/event.bif
@@ -3133,6 +3457,11 @@ const forward_remote_events = F &redef;
 ##    more sophisticated script-level communication framework.
 const forward_remote_state_changes = F &redef;
 
+## The number of IO chunks allowed to be buffered between the child
+## and parent process of remote communication before Bro starts dropping
+## connections to remote peers in an attempt to catch up.
+const chunked_io_buffer_soft_cap = 800000 &redef;
+
 ## Place-holder constant indicating "no peer".
 const PEER_ID_NONE = 0;
 
@@ -3358,6 +3687,7 @@ const bits_per_uid: count = 96 &redef;
 
 # Load these frameworks here because they use fairly deep integration with
 # BiFs and script-land defined types.
+@load base/frameworks/broker
 @load base/frameworks/logging
 @load base/frameworks/input
 @load base/frameworks/analyzer
diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.bro
index 04dc2a4910..473d94fc84 100644
--- a/scripts/base/init-default.bro
+++ b/scripts/base/init-default.bro
@@ -45,10 +45,13 @@
 @load base/protocols/ftp
 @load base/protocols/http
 @load base/protocols/irc
+@load base/protocols/krb
 @load base/protocols/modbus
 @load base/protocols/mysql
 @load base/protocols/pop3
 @load base/protocols/radius
+@load base/protocols/rdp
+@load base/protocols/sip
 @load base/protocols/snmp
 @load base/protocols/smtp
 @load base/protocols/socks
@@ -57,6 +60,7 @@
 @load base/protocols/syslog
 @load base/protocols/tunnels
 
+@load base/files/pe
 @load base/files/hash
 @load base/files/extract
 @load base/files/unified2
diff --git a/scripts/base/misc/find-checksum-offloading.bro b/scripts/base/misc/find-checksum-offloading.bro
index d7e6577827..fae017fff1 100644
--- a/scripts/base/misc/find-checksum-offloading.bro
+++ b/scripts/base/misc/find-checksum-offloading.bro
@@ -50,7 +50,7 @@ event ChecksumOffloading::check()
 			bad_checksum_msg += "UDP";
 			}
 
-		local message = fmt("Your %s invalid %s checksums, most likely from NIC checksum offloading.", packet_src, bad_checksum_msg);
+		local message = fmt("Your %s invalid %s checksums, most likely from NIC checksum offloading.  By default, packets with invalid checksums are discarded by Bro unless using the -C command-line option or toggling the 'ignore_checksums' variable.  Alternatively, disable checksum offloading by the network adapter to ensure Bro analyzes the actual checksums that are transmitted.", packet_src, bad_checksum_msg);
 		Reporter::warning(message);
 		done = T;
 		}
diff --git a/scripts/base/protocols/conn/__load__.bro b/scripts/base/protocols/conn/__load__.bro
index 719486d885..7452ffa9c8 100644
--- a/scripts/base/protocols/conn/__load__.bro
+++ b/scripts/base/protocols/conn/__load__.bro
@@ -2,3 +2,4 @@
 @load ./contents
 @load ./inactivity
 @load ./polling
+@load ./thresholds
diff --git a/scripts/base/protocols/conn/main.bro b/scripts/base/protocols/conn/main.bro
index 1d3e37c691..7ef204268b 100644
--- a/scripts/base/protocols/conn/main.bro
+++ b/scripts/base/protocols/conn/main.bro
@@ -127,7 +127,7 @@ redef record connection += {
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Conn::LOG, [$columns=Info, $ev=log_conn]);
+	Log::create_stream(Conn::LOG, [$columns=Info, $ev=log_conn, $path="conn"]);
 	}
 
 function conn_state(c: connection, trans: transport_proto): string
diff --git a/scripts/base/protocols/conn/thresholds.bro b/scripts/base/protocols/conn/thresholds.bro
new file mode 100644
index 0000000000..d4ae21e1ab
--- /dev/null
+++ b/scripts/base/protocols/conn/thresholds.bro
@@ -0,0 +1,256 @@
+##! Implements a generic API to throw events when a connection crosses a
+##! fixed threshold of bytes or packets.
+
+module ConnThreshold;
+
+export {
+
+	type Thresholds: record {
+		orig_byte: set[count] &default=count_set(); ##< current originator byte thresholds we watch for
+		resp_byte: set[count] &default=count_set(); ##< current responder byte thresholds we watch for
+		orig_packet: set[count] &default=count_set(); ##< corrent originator packet thresholds we watch for
+		resp_packet: set[count] &default=count_set(); ##< corrent responder packet thresholds we watch for
+	};
+
+	## Sets a byte threshold for connection sizes, adding it to potentially already existing thresholds.
+	## conn_bytes_threshold_crossed will be raised for each set threshold.
+	##
+	## cid: The connection id.
+	##
+	## threshold: Threshold in bytes.
+	##
+	## is_orig: If true, threshold is set for bytes from originator, otherwise for bytes from responder.
+	##
+	## Returns: T on success, F on failure.
+	global set_bytes_threshold: function(c: connection, threshold: count, is_orig: bool): bool;
+
+	## Sets a packet threshold for connection sizes, adding it to potentially already existing thresholds.
+	## conn_packets_threshold_crossed will be raised for each set threshold.
+	##
+	## cid: The connection id.
+	##
+	## threshold: Threshold in packets.
+	##
+	## is_orig: If true, threshold is set for packets from originator, otherwise for packets from responder.
+	##
+	## Returns: T on success, F on failure.
+	global set_packets_threshold: function(c: connection, threshold: count, is_orig: bool): bool;
+
+	## Deletes a byte threshold for connection sizes.
+	##
+	## cid: The connection id.
+	##
+	## threshold: Threshold in bytes to remove.
+	##
+	## is_orig: If true, threshold is removed for packets from originator, otherwhise for packets from responder.
+	##
+	## Returns: T on success, F on failure.
+	global delete_bytes_threshold: function(c: connection, threshold: count, is_orig: bool): bool;
+
+	## Deletes a packet threshold for connection sizes.
+	##
+	## cid: The connection id.
+	##
+	## threshold: Threshold in packets.
+	##
+	## is_orig: If true, threshold is removed for packets from originator, otherwise for packets from responder.
+	##
+	## Returns: T on success, F on failure.
+	global delete_packets_threshold: function(c: connection, threshold: count, is_orig: bool): bool;
+
+	## Generated for a connection that crossed a set byte threshold
+	##
+	## c: the connection
+	##
+	## threshold: the threshold that was set
+	##
+	## is_orig: True if the threshold was crossed by the originator of the connection
+	global bytes_threshold_crossed: event(c: connection, threshold: count, is_orig: bool);
+
+	## Generated for a connection that crossed a set byte threshold
+	##
+	## c: the connection
+	##
+	## threshold: the threshold that was set
+	##
+	## is_orig: True if the threshold was crossed by the originator of the connection
+	global packets_threshold_crossed: event(c: connection, threshold: count, is_orig: bool);
+}
+
+redef record connection += {
+	thresholds: ConnThreshold::Thresholds &optional;
+};
+
+function set_conn(c: connection)
+	{
+	if ( c?$thresholds )
+		return;
+
+	c$thresholds = Thresholds();
+	}
+
+function find_min_threshold(t: set[count]): count
+	{
+	if ( |t| == 0 )
+		return 0;
+
+	local first = T;
+	local min: count = 0;
+
+	for ( i in t )
+		{
+		if ( first )
+			{
+			min = i;
+			first = F;
+			}
+		else
+			{
+			if ( i < min )
+				min = i;
+			}
+		}
+
+	return min;
+	}
+
+function set_current_threshold(c: connection, bytes: bool, is_orig: bool): bool
+	{
+	local t: count = 0;
+	local cur: count = 0;
+
+	if ( bytes && is_orig )
+		{
+		t = find_min_threshold(c$thresholds$orig_byte);
+		cur = get_current_conn_bytes_threshold(c$id, is_orig);
+		}
+	else if ( bytes && ! is_orig )
+		{
+		t = find_min_threshold(c$thresholds$resp_byte);
+		cur = get_current_conn_bytes_threshold(c$id, is_orig);
+		}
+	else if ( ! bytes && is_orig )
+		{
+		t = find_min_threshold(c$thresholds$orig_packet);
+		cur = get_current_conn_packets_threshold(c$id, is_orig);
+		}
+	else if ( ! bytes && ! is_orig )
+		{
+		t = find_min_threshold(c$thresholds$resp_packet);
+		cur = get_current_conn_packets_threshold(c$id, is_orig);
+		}
+
+	if ( t == cur )
+		return T;
+
+	if ( bytes && is_orig )
+		return set_current_conn_bytes_threshold(c$id, t, T);
+	else if ( bytes && ! is_orig )
+		return set_current_conn_bytes_threshold(c$id, t, F);
+	else if ( ! bytes && is_orig )
+		return set_current_conn_packets_threshold(c$id, t, T);
+	else if ( ! bytes && ! is_orig )
+		return set_current_conn_packets_threshold(c$id, t, F);
+	}
+
+function set_bytes_threshold(c: connection, threshold: count, is_orig: bool): bool
+	{
+	set_conn(c);
+
+	if ( threshold == 0 )
+		return F;
+
+	if ( is_orig )
+		add c$thresholds$orig_byte[threshold];
+	else
+		add c$thresholds$resp_byte[threshold];
+
+	return set_current_threshold(c, T, is_orig);
+	}
+
+function set_packets_threshold(c: connection, threshold: count, is_orig: bool): bool
+	{
+	set_conn(c);
+
+	if ( threshold == 0 )
+		return F;
+
+	if ( is_orig )
+		add c$thresholds$orig_packet[threshold];
+	else
+		add c$thresholds$resp_packet[threshold];
+
+	return set_current_threshold(c, F, is_orig);
+	}
+
+function delete_bytes_threshold(c: connection, threshold: count, is_orig: bool): bool
+	{
+	set_conn(c);
+
+	if ( is_orig && threshold in c$thresholds$orig_byte )
+		{
+		delete c$thresholds$orig_byte[threshold];
+		set_current_threshold(c, T, is_orig);
+		return T;
+		}
+	else if ( ! is_orig && threshold in c$thresholds$resp_byte )
+		{
+		delete c$thresholds$resp_byte[threshold];
+		set_current_threshold(c, T, is_orig);
+		return T;
+		}
+
+	return F;
+	}
+
+function delete_packets_threshold(c: connection, threshold: count, is_orig: bool): bool
+	{
+	set_conn(c);
+
+	if ( is_orig && threshold in c$thresholds$orig_packet )
+		{
+		delete c$thresholds$orig_packet[threshold];
+		set_current_threshold(c, F, is_orig);
+		return T;
+		}
+	else if ( ! is_orig && threshold in c$thresholds$resp_packet )
+		{
+		delete c$thresholds$resp_packet[threshold];
+		set_current_threshold(c, F, is_orig);
+		return T;
+		}
+
+	return F;
+	}
+
+event conn_bytes_threshold_crossed(c: connection, threshold: count, is_orig: bool) &priority=5
+	{
+	if ( is_orig && threshold in c$thresholds$orig_byte )
+		{
+		delete c$thresholds$orig_byte[threshold];
+		event ConnThreshold::bytes_threshold_crossed(c, threshold, is_orig);
+		}
+	else if ( ! is_orig && threshold in c$thresholds$resp_byte )
+		{
+		delete c$thresholds$resp_byte[threshold];
+		event ConnThreshold::bytes_threshold_crossed(c, threshold, is_orig);
+		}
+
+	set_current_threshold(c, T, is_orig);
+	}
+
+event conn_packets_threshold_crossed(c: connection, threshold: count, is_orig: bool) &priority=5
+	{
+	if ( is_orig && threshold in c$thresholds$orig_packet )
+		{
+		delete c$thresholds$orig_packet[threshold];
+		event ConnThreshold::packets_threshold_crossed(c, threshold, is_orig);
+		}
+	else if ( ! is_orig && threshold in c$thresholds$resp_packet )
+		{
+		delete c$thresholds$resp_packet[threshold];
+		event ConnThreshold::packets_threshold_crossed(c, threshold, is_orig);
+		}
+
+	set_current_threshold(c, F, is_orig);
+	}
diff --git a/scripts/base/protocols/dhcp/main.bro b/scripts/base/protocols/dhcp/main.bro
index d6bb0defd2..bfc3d98117 100644
--- a/scripts/base/protocols/dhcp/main.bro
+++ b/scripts/base/protocols/dhcp/main.bro
@@ -49,7 +49,7 @@ redef likely_server_ports += { 67/udp };
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(DHCP::LOG, [$columns=Info, $ev=log_dhcp]);
+	Log::create_stream(DHCP::LOG, [$columns=Info, $ev=log_dhcp, $path="dhcp"]);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, ports);
 	}
 
diff --git a/scripts/base/protocols/dnp3/main.bro b/scripts/base/protocols/dnp3/main.bro
index c00934a65b..35dd012d75 100644
--- a/scripts/base/protocols/dnp3/main.bro
+++ b/scripts/base/protocols/dnp3/main.bro
@@ -36,7 +36,7 @@ redef likely_server_ports += { ports };
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(DNP3::LOG, [$columns=Info, $ev=log_dnp3]);
+	Log::create_stream(DNP3::LOG, [$columns=Info, $ev=log_dnp3, $path="dnp3"]);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, ports);
 	}
 
diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro
index 83c9682e8c..58a63293d0 100644
--- a/scripts/base/protocols/dns/main.bro
+++ b/scripts/base/protocols/dns/main.bro
@@ -150,7 +150,7 @@ redef likely_server_ports += { ports };
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(DNS::LOG, [$columns=Info, $ev=log_dns]);
+	Log::create_stream(DNS::LOG, [$columns=Info, $ev=log_dns, $path="dns"]);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, ports);
 	}
 
@@ -305,6 +305,9 @@ hook DNS::do_reply(c: connection, msg: dns_msg, ans: dns_answer, reply: string)
 
 	if ( ans$answer_type == DNS_ANS )
 		{
+		if ( ! c$dns?$query )
+			c$dns$query = ans$query;
+
 		c$dns$AA    = msg$AA;
 		c$dns$RA    = msg$RA;
 
diff --git a/scripts/base/protocols/ftp/files.bro b/scripts/base/protocols/ftp/files.bro
index 617b57348b..c114f11c8d 100644
--- a/scripts/base/protocols/ftp/files.bro
+++ b/scripts/base/protocols/ftp/files.bro
@@ -63,10 +63,13 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
 	f$ftp = ftp;
 	}
 
-event file_mime_type(f: fa_file, mime_type: string) &priority=5
+event file_sniff(f: fa_file, meta: fa_metadata) &priority=5
 	{
 	if ( ! f?$ftp )
 		return;
 
-	f$ftp$mime_type = mime_type;
+	if ( ! meta?$mime_type )
+		return;
+
+	f$ftp$mime_type = meta$mime_type;
 	}
diff --git a/scripts/base/protocols/ftp/gridftp.bro b/scripts/base/protocols/ftp/gridftp.bro
index 0e09db006d..570d13d8dc 100644
--- a/scripts/base/protocols/ftp/gridftp.bro
+++ b/scripts/base/protocols/ftp/gridftp.bro
@@ -11,13 +11,13 @@
 ##! GridFTP data channels are identified by a heuristic that relies on
 ##! the fact that default settings for GridFTP clients typically
 ##! mutually authenticate the data channel with TLS/SSL and negotiate a
-##! NULL bulk cipher (no encryption).  Connections with those
-##! attributes are then polled for two minutes with decreasing frequency
-##! to check if the transfer sizes are large enough to indicate a
-##! GridFTP data channel that would be undesirable to analyze further
-##! (e.g. stop TCP reassembly).  A side effect is that true connection
-##! sizes are not logged, but at the benefit of saving CPU cycles that
-##! would otherwise go to analyzing the large (and likely benign) connections.
+##! NULL bulk cipher (no encryption). Connections with those attributes
+##! are marked as GridFTP if the data transfer within the first two minutes
+##! is big enough to indicate a GripFTP data channel that would be
+##! undesirable to analyze further (e.g. stop TCP reassembly).  A side
+##! effect is that true connection sizes are not logged, but at the benefit
+##! of saving CPU cycles that would otherwise go to analyzing the large
+##! (and likely benign) connections.
 
 @load ./info
 @load ./main
@@ -32,23 +32,14 @@ export {
 	## GridFTP data channel.
 	const size_threshold = 1073741824 &redef;
 
-	## Max number of times to check whether a connection's size exceeds the
+	## Time during which we check whether a connection's size exceeds the
 	## :bro:see:`GridFTP::size_threshold`.
-	const max_poll_count = 15 &redef;
+	const max_time = 2 min &redef;
 
 	## Whether to skip further processing of the GridFTP data channel once
 	## detected, which may help performance.
 	const skip_data = T &redef;
 
-	## Base amount of time between checking whether a GridFTP data connection
-	## has transferred more than :bro:see:`GridFTP::size_threshold` bytes.
-	const poll_interval = 1sec &redef;
-
-	## The amount of time the base :bro:see:`GridFTP::poll_interval` is
-	## increased by each poll interval.  Can be used to make more frequent
-	## checks at the start of a connection and gradually slow down.
-	const poll_interval_increase = 1sec &redef;
-
 	## Raised when a GridFTP data channel is detected.
 	##
 	## c: The connection pertaining to the GridFTP data channel.
@@ -79,23 +70,27 @@ event ftp_request(c: connection, command: string, arg: string) &priority=4
 		c$ftp$last_auth_requested = arg;
 	}
 
-function size_callback(c: connection, cnt: count): interval
+event ConnThreshold::bytes_threshold_crossed(c: connection, threshold: count, is_orig: bool)
 	{
-	if ( c$orig$size > size_threshold || c$resp$size > size_threshold )
+	if ( threshold < size_threshold || "gridftp-data" in c$service || c$duration > max_time )
+		return;
+
+	add c$service["gridftp-data"];
+	event GridFTP::data_channel_detected(c);
+
+	if ( skip_data )
+		skip_further_processing(c$id);
+	}
+
+event gridftp_possibility_timeout(c: connection)
+	{
+	# only remove if we did not already detect it and the connection
+	# is not yet at its end.
+	if ( "gridftp-data" !in c$service && ! c$conn?$service )
 		{
-		add c$service["gridftp-data"];
-		event GridFTP::data_channel_detected(c);
-
-		if ( skip_data )
-			skip_further_processing(c$id);
-
-		return -1sec;
+		ConnThreshold::delete_bytes_threshold(c, size_threshold, T);
+		ConnThreshold::delete_bytes_threshold(c, size_threshold, F);
 		}
-
-	if ( cnt >= max_poll_count )
-		return -1sec;
-
-	return poll_interval + poll_interval_increase * cnt;
 	}
 
 event ssl_established(c: connection) &priority=5
@@ -118,5 +113,9 @@ event ssl_established(c: connection) &priority=-3
 	# By default GridFTP data channels do mutual authentication and
 	# negotiate a cipher suite with a NULL bulk cipher.
 	if ( data_channel_initial_criteria(c) )
-		ConnPolling::watch(c, size_callback, 0, 0secs);
+		{
+		ConnThreshold::set_bytes_threshold(c, size_threshold, T);
+		ConnThreshold::set_bytes_threshold(c, size_threshold, F);
+		schedule max_time { gridftp_possibility_timeout(c) };
+		}
 	}
diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro
index 24195c1d7e..f98e33b315 100644
--- a/scripts/base/protocols/ftp/main.bro
+++ b/scripts/base/protocols/ftp/main.bro
@@ -52,7 +52,7 @@ redef likely_server_ports += { ports };
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(FTP::LOG, [$columns=Info, $ev=log_ftp]);
+	Log::create_stream(FTP::LOG, [$columns=Info, $ev=log_ftp, $path="ftp"]);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, ports);
 	}
 
diff --git a/scripts/base/protocols/http/entities.bro b/scripts/base/protocols/http/entities.bro
index 9fcf7f24f7..b14b4d84b8 100644
--- a/scripts/base/protocols/http/entities.bro
+++ b/scripts/base/protocols/http/entities.bro
@@ -43,7 +43,7 @@ export {
 
 event http_begin_entity(c: connection, is_orig: bool) &priority=10
 	{
-	set_state(c, F, is_orig);
+	set_state(c, is_orig);
 
 	if ( is_orig )
 		++c$http$orig_mime_depth;
@@ -93,24 +93,27 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
 		}
 	}
 
-event file_mime_type(f: fa_file, mime_type: string) &priority=5
+event file_sniff(f: fa_file, meta: fa_metadata) &priority=5
 	{
 	if ( ! f?$http || ! f?$is_orig )
 		return;
 
+	if ( ! meta?$mime_type )
+		return;
+
 	if ( f$is_orig )
 		{
 		if ( ! f$http?$orig_mime_types )
-			f$http$orig_mime_types = string_vec(mime_type);
+			f$http$orig_mime_types = string_vec(meta$mime_type);
 		else
-			f$http$orig_mime_types[|f$http$orig_mime_types|] = mime_type;
+			f$http$orig_mime_types[|f$http$orig_mime_types|] = meta$mime_type;
 		}
 	else
 		{
 		if ( ! f$http?$resp_mime_types )
-			f$http$resp_mime_types = string_vec(mime_type);
+			f$http$resp_mime_types = string_vec(meta$mime_type);
 		else
-			f$http$resp_mime_types[|f$http$resp_mime_types|] = mime_type;
+			f$http$resp_mime_types[|f$http$resp_mime_types|] = meta$mime_type;
 		}
 	}
 
diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro
index 2349635844..916723ebcb 100644
--- a/scripts/base/protocols/http/main.bro
+++ b/scripts/base/protocols/http/main.bro
@@ -89,6 +89,10 @@ export {
 		current_request:  count                &default=0;
 		## Current response in the pending queue.
 		current_response: count                &default=0;
+		## Track the current deepest transaction.
+		## This is meant to cope with missing requests
+		## and responses.
+		trans_depth:      count                &default=0;
 	};
 
 	## A list of HTTP headers typically used to indicate proxied requests.
@@ -135,7 +139,7 @@ redef likely_server_ports += { ports };
 # Initialize the HTTP logging stream and ports.
 event bro_init() &priority=5
 	{
-	Log::create_stream(HTTP::LOG, [$columns=Info, $ev=log_http]);
+	Log::create_stream(HTTP::LOG, [$columns=Info, $ev=log_http, $path="http"]);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, ports);
 	}
 
@@ -150,13 +154,11 @@ function new_http_session(c: connection): Info
 	tmp$ts=network_time();
 	tmp$uid=c$uid;
 	tmp$id=c$id;
-	# $current_request is set prior to the Info record creation so we
-	# can use the value directly here.
-	tmp$trans_depth = c$http_state$current_request;
+	tmp$trans_depth = ++c$http_state$trans_depth;
 	return tmp;
 	}
 
-function set_state(c: connection, request: bool, is_orig: bool)
+function set_state(c: connection, is_orig: bool)
 	{
 	if ( ! c?$http_state )
 		{
@@ -165,15 +167,20 @@ function set_state(c: connection, request: bool, is_orig: bool)
 		}
 
 	# These deal with new requests and responses.
-	if ( request || c$http_state$current_request !in c$http_state$pending )
-		c$http_state$pending[c$http_state$current_request] = new_http_session(c);
-	if ( ! is_orig && c$http_state$current_response !in c$http_state$pending )
-		c$http_state$pending[c$http_state$current_response] = new_http_session(c);
-
 	if ( is_orig )
+		{
+		if ( c$http_state$current_request !in c$http_state$pending )
+			c$http_state$pending[c$http_state$current_request] = new_http_session(c);
+
 		c$http = c$http_state$pending[c$http_state$current_request];
+		}
 	else
+		{
+		if ( c$http_state$current_response !in c$http_state$pending )
+			c$http_state$pending[c$http_state$current_response] = new_http_session(c);
+
 		c$http = c$http_state$pending[c$http_state$current_response];
+		}
 	}
 
 event http_request(c: connection, method: string, original_URI: string,
@@ -186,7 +193,7 @@ event http_request(c: connection, method: string, original_URI: string,
 		}
 
 	++c$http_state$current_request;
-	set_state(c, T, T);
+	set_state(c, T);
 
 	c$http$method = method;
 	c$http$uri = unescaped_URI;
@@ -208,8 +215,10 @@ event http_reply(c: connection, version: string, code: count, reason: string) &p
 	if ( c$http_state$current_response !in c$http_state$pending ||
 	     (c$http_state$pending[c$http_state$current_response]?$status_code &&
 	       ! code_in_range(c$http_state$pending[c$http_state$current_response]$status_code, 100, 199)) )
+		{
 		++c$http_state$current_response;
-	set_state(c, F, F);
+		}
+	set_state(c, F);
 
 	c$http$status_code = code;
 	c$http$status_msg = reason;
@@ -233,7 +242,7 @@ event http_reply(c: connection, version: string, code: count, reason: string) &p
 
 event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=5
 	{
-	set_state(c, F, is_orig);
+	set_state(c, is_orig);
 
 	if ( is_orig ) # client headers
 		{
@@ -257,7 +266,7 @@ event http_header(c: connection, is_orig: bool, name: string, value: string) &pr
 				add c$http$proxied[fmt("%s -> %s", name, value)];
 				}
 
-		else if ( name == "AUTHORIZATION" )
+		else if ( name == "AUTHORIZATION" || name == "PROXY-AUTHORIZATION" )
 			{
 			if ( /^[bB][aA][sS][iI][cC] / in value )
 				{
@@ -278,12 +287,11 @@ event http_header(c: connection, is_orig: bool, name: string, value: string) &pr
 				}
 			}
 		}
-
 	}
 
 event http_message_done(c: connection, is_orig: bool, stat: http_message_stat) &priority = 5
 	{
-	set_state(c, F, is_orig);
+	set_state(c, is_orig);
 
 	if ( is_orig )
 		c$http$request_body_len = stat$body_length;
diff --git a/scripts/base/protocols/irc/files.bro b/scripts/base/protocols/irc/files.bro
index 518775abb4..759acdca81 100644
--- a/scripts/base/protocols/irc/files.bro
+++ b/scripts/base/protocols/irc/files.bro
@@ -42,8 +42,8 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
 	f$irc = irc;
 	}
 
-event file_mime_type(f: fa_file, mime_type: string) &priority=5
+event file_sniff(f: fa_file, meta: fa_metadata) &priority=5
 	{
-	if ( f?$irc )
-		f$irc$dcc_mime_type = mime_type;
-	}
\ No newline at end of file
+	if ( f?$irc && meta?$mime_type )
+		f$irc$dcc_mime_type = meta$mime_type;
+	}
diff --git a/scripts/base/protocols/irc/main.bro b/scripts/base/protocols/irc/main.bro
index d861e88ae9..c2de29da6a 100644
--- a/scripts/base/protocols/irc/main.bro
+++ b/scripts/base/protocols/irc/main.bro
@@ -43,7 +43,7 @@ redef likely_server_ports += { ports };
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(IRC::LOG, [$columns=Info, $ev=irc_log]);
+	Log::create_stream(IRC::LOG, [$columns=Info, $ev=irc_log, $path="irc"]);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, ports);
 	}
 	
diff --git a/scripts/base/protocols/krb/__load__.bro b/scripts/base/protocols/krb/__load__.bro
new file mode 100644
index 0000000000..99f7163caa
--- /dev/null
+++ b/scripts/base/protocols/krb/__load__.bro
@@ -0,0 +1,3 @@
+@load ./main
+@load ./files
+@load-sigs ./dpd.sig
\ No newline at end of file
diff --git a/scripts/base/protocols/krb/consts.bro b/scripts/base/protocols/krb/consts.bro
new file mode 100644
index 0000000000..5323c2a65c
--- /dev/null
+++ b/scripts/base/protocols/krb/consts.bro
@@ -0,0 +1,99 @@
+module KRB;
+
+export {
+
+	const error_msg: table[count] of string = {
+		[0] = "KDC_ERR_NONE",
+		[1] = "KDC_ERR_NAME_EXP",
+		[2] = "KDC_ERR_SERVICE_EXP",
+		[3] = "KDC_ERR_BAD_PVNO",
+		[4] = "KDC_ERR_C_OLD_MAST_KVNO",
+		[5] = "KDC_ERR_S_OLD_MAST_KVNO",
+		[6] = "KDC_ERR_C_PRINCIPAL_UNKNOWN",
+		[7] = "KDC_ERR_S_PRINCIPAL_UNKNOWN",
+		[8] = "KDC_ERR_PRINCIPAL_NOT_UNIQUE",
+		[9] = "KDC_ERR_NULL_KEY",
+		[10] = "KDC_ERR_CANNOT_POSTDATE",
+		[11] = "KDC_ERR_NEVER_VALID",
+		[12] = "KDC_ERR_POLICY",
+		[13] = "KDC_ERR_BADOPTION",
+		[14] = "KDC_ERR_ETYPE_NOSUPP",
+		[15] = "KDC_ERR_SUMTYPE_NOSUPP",
+		[16] = "KDC_ERR_PADATA_TYPE_NOSUPP",
+		[17] = "KDC_ERR_TRTYPE_NOSUPP",
+		[18] = "KDC_ERR_CLIENT_REVOKED",
+		[19] = "KDC_ERR_SERVICE_REVOKED",
+		[20] = "KDC_ERR_TGT_REVOKED",
+		[21] = "KDC_ERR_CLIENT_NOTYET",
+		[22] = "KDC_ERR_SERVICE_NOTYET",
+		[23] = "KDC_ERR_KEY_EXPIRED",
+		[24] = "KDC_ERR_PREAUTH_FAILED",
+		[25] = "KDC_ERR_PREAUTH_REQUIRED",
+		[26] = "KDC_ERR_SERVER_NOMATCH",
+		[27] = "KDC_ERR_MUST_USE_USER2USER",
+		[28] = "KDC_ERR_PATH_NOT_ACCEPTED",
+		[29] = "KDC_ERR_SVC_UNAVAILABLE",
+		[31] = "KRB_AP_ERR_BAD_INTEGRITY",
+		[32] = "KRB_AP_ERR_TKT_EXPIRED",
+		[33] = "KRB_AP_ERR_TKT_NYV",
+		[34] = "KRB_AP_ERR_REPEAT",
+		[35] = "KRB_AP_ERR_NOT_US",
+		[36] = "KRB_AP_ERR_BADMATCH",
+		[37] = "KRB_AP_ERR_SKEW",
+		[38] = "KRB_AP_ERR_BADADDR",
+		[39] = "KRB_AP_ERR_BADVERSION",
+		[40] = "KRB_AP_ERR_MSG_TYPE",
+		[41] = "KRB_AP_ERR_MODIFIED",
+		[42] = "KRB_AP_ERR_BADORDER",
+		[44] = "KRB_AP_ERR_BADKEYVER",
+		[45] = "KRB_AP_ERR_NOKEY",
+		[46] = "KRB_AP_ERR_MUT_FAIL",
+		[47] = "KRB_AP_ERR_BADDIRECTION",
+		[48] = "KRB_AP_ERR_METHOD",
+		[49] = "KRB_AP_ERR_BADSEQ",
+		[50] = "KRB_AP_ERR_INAPP_CKSUM",
+		[51] = "KRB_AP_PATH_NOT_ACCEPTED",
+		[52] = "KRB_ERR_RESPONSE_TOO_BIG",
+		[60] = "KRB_ERR_GENERIC",
+		[61] = "KRB_ERR_FIELD_TOOLONG",
+		[62] = "KDC_ERROR_CLIENT_NOT_TRUSTED",
+		[63] = "KDC_ERROR_KDC_NOT_TRUSTED",
+		[64] = "KDC_ERROR_INVALID_SIG",
+		[65] = "KDC_ERR_KEY_TOO_WEAK",
+		[66] = "KDC_ERR_CERTIFICATE_MISMATCH",
+		[67] = "KRB_AP_ERR_NO_TGT",
+		[68] = "KDC_ERR_WRONG_REALM",
+		[69] = "KRB_AP_ERR_USER_TO_USER_REQUIRED",
+		[70] = "KDC_ERR_CANT_VERIFY_CERTIFICATE",
+		[71] = "KDC_ERR_INVALID_CERTIFICATE",
+		[72] = "KDC_ERR_REVOKED_CERTIFICATE",
+		[73] = "KDC_ERR_REVOCATION_STATUS_UNKNOWN",
+		[74] = "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE",
+		[75] = "KDC_ERR_CLIENT_NAME_MISMATCH",
+		[76] = "KDC_ERR_KDC_NAME_MISMATCH",
+	};
+
+	const cipher_name: table[count] of string = {
+		[1] = "des-cbc-crc",
+		[2] = "des-cbc-md4",
+		[3] = "des-cbc-md5",
+		[5] = "des3-cbc-md5",
+		[7] = "des3-cbc-sha1",
+		[9] = "dsaWithSHA1-CmsOID",
+		[10] = "md5WithRSAEncryption-CmsOID",
+		[11] = "sha1WithRSAEncryption-CmsOID",
+		[12] = "rc2CBC-EnvOID",
+		[13] = "rsaEncryption-EnvOID",
+		[14] = "rsaES-OAEP-ENV-OID",
+		[15] = "des-ede3-cbc-Env-OID",
+		[16] = "des3-cbc-sha1-kd",
+		[17] = "aes128-cts-hmac-sha1-96",
+		[18] = "aes256-cts-hmac-sha1-96",
+		[23] = "rc4-hmac",
+		[24] = "rc4-hmac-exp",
+		[25] = "camellia128-cts-cmac",
+		[26] = "camellia256-cts-cmac",
+		[65] = "subkey-keymaterial",
+	};
+
+}
diff --git a/scripts/base/protocols/krb/dpd.sig b/scripts/base/protocols/krb/dpd.sig
new file mode 100644
index 0000000000..1d4986aedf
--- /dev/null
+++ b/scripts/base/protocols/krb/dpd.sig
@@ -0,0 +1,26 @@
+# This is the ASN.1 encoded version and message type headers
+
+signature dpd_krb_udp_requests {
+	ip-proto == udp
+	payload /(\x6a|\x6c).{1,4}\x30.{1,4}\xa1\x03\x02\x01\x05\xa2\x03\x02\x01/
+	enable "krb"
+}
+
+signature dpd_krb_udp_replies {
+	ip-proto == udp
+	payload /(\x6b|\x6d|\x7e).{1,4}\x30.{1,4}\xa0\x03\x02\x01\x05\xa1\x03\x02\x01/
+	enable "krb"
+}
+
+signature dpd_krb_tcp_requests {
+	ip-proto == tcp
+	payload /.{4}(\x6a|\x6c).{1,4}\x30.{1,4}\xa1\x03\x02\x01\x05\xa2\x03\x02\x01/
+	enable "krb_tcp"
+}
+
+signature dpd_krb_tcp_replies {
+	ip-proto == tcp
+	payload /.{4}(\x6b|\x6d|\x7e).{1,4}\x30.{1,4}\xa0\x03\x02\x01\x05\xa1\x03\x02\x01/
+	enable "krb_tcp"
+}
+
diff --git a/scripts/base/protocols/krb/files.bro b/scripts/base/protocols/krb/files.bro
new file mode 100644
index 0000000000..cd2127c605
--- /dev/null
+++ b/scripts/base/protocols/krb/files.bro
@@ -0,0 +1,142 @@
+@load ./main
+@load base/utils/conn-ids
+@load base/frameworks/files
+@load base/files/x509
+
+module KRB;
+
+export {
+	redef record Info += {
+		# Client certificate
+		client_cert:		Files::Info &optional;
+		# Subject of client certificate, if any
+		client_cert_subject:	string &log &optional;
+		# File unique ID of client cert, if any
+		client_cert_fuid:	string &log &optional;
+
+		# Server certificate
+		server_cert:		Files::Info &optional;
+		# Subject of server certificate, if any
+		server_cert_subject:	string &log &optional;
+		# File unique ID of server cert, if any
+		server_cert_fuid:	string &log &optional;
+	};
+
+	## Default file handle provider for KRB.
+	global get_file_handle: function(c: connection, is_orig: bool): string;
+
+	## Default file describer for KRB.
+	global describe_file: function(f: fa_file): string;
+}
+
+function get_file_handle(c: connection, is_orig: bool): string
+	{
+	# Unused.  File handles are generated in the analyzer.
+	return "";
+	}
+
+function describe_file(f: fa_file): string
+	{
+	if ( f$source != "KRB_TCP" && f$source != "KRB" )
+		return "";
+
+	if ( ! f?$info || ! f$info?$x509 || ! f$info$x509?$certificate )
+		return "";
+
+	# It is difficult to reliably describe a certificate - especially since
+	# we do not know when this function is called (hence, if the data structures
+	# are already populated).
+	#
+	# Just return a bit of our connection information and hope that that is good enough.
+	for ( cid in f$conns )
+		{
+		if ( f$conns[cid]?$krb )
+			{
+			local c = f$conns[cid];
+			return cat(c$id$resp_h, ":", c$id$resp_p);
+			}
+		}
+
+	return cat("Serial: ", f$info$x509$certificate$serial, " Subject: ",
+			       f$info$x509$certificate$subject, " Issuer: ",
+			       f$info$x509$certificate$issuer);
+	}
+
+event bro_init() &priority=5
+	{
+	Files::register_protocol(Analyzer::ANALYZER_KRB_TCP,
+	                         [$get_file_handle = KRB::get_file_handle,
+	                          $describe        = KRB::describe_file]);
+
+	Files::register_protocol(Analyzer::ANALYZER_KRB,
+	                         [$get_file_handle = KRB::get_file_handle,
+	                          $describe        = KRB::describe_file]);
+	}
+
+event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=5
+	{
+	if ( f$source != "KRB_TCP" && f$source != "KRB" )
+		return;
+
+	local info: Info;
+
+	if ( ! c?$krb )
+		{
+		info$ts  = network_time();
+		info$uid = c$uid;
+		info$id  = c$id;
+		}
+	else
+		info = c$krb;
+
+	if ( is_orig )
+		{
+		info$client_cert = f$info;
+		info$client_cert_fuid = f$id;
+		}
+	else
+		{
+		info$server_cert = f$info;
+		info$server_cert_fuid = f$id;
+		}
+
+	c$krb = info;
+
+	Files::add_analyzer(f, Files::ANALYZER_X509);
+	# Always calculate hashes. They are not necessary for base scripts
+	# but very useful for identification, and required for policy scripts
+	Files::add_analyzer(f, Files::ANALYZER_MD5);
+	Files::add_analyzer(f, Files::ANALYZER_SHA1);
+	}
+
+function fill_in_subjects(c: connection)
+	{
+	if ( !c?$krb )
+		return;
+
+	if ( c$krb?$client_cert && c$krb$client_cert?$x509 && c$krb$client_cert$x509?$certificate )
+		c$krb$client_cert_subject = c$krb$client_cert$x509$certificate$subject;
+
+	if ( c$krb?$server_cert && c$krb$server_cert?$x509 && c$krb$server_cert$x509?$certificate )
+		c$krb$server_cert_subject = c$krb$server_cert$x509$certificate$subject;
+	}
+
+event krb_error(c: connection, msg: Error_Msg)
+	{
+	fill_in_subjects(c);
+	}
+
+event krb_as_response(c: connection, msg: KDC_Response)
+	{
+	fill_in_subjects(c);
+	}
+
+event krb_tgs_response(c: connection, msg: KDC_Response)
+	{
+	fill_in_subjects(c);
+	}
+
+event connection_state_remove(c: connection)
+	{
+	fill_in_subjects(c);
+	}
diff --git a/scripts/base/protocols/krb/main.bro b/scripts/base/protocols/krb/main.bro
new file mode 100644
index 0000000000..6ab4fd2b2a
--- /dev/null
+++ b/scripts/base/protocols/krb/main.bro
@@ -0,0 +1,250 @@
+##! Implements base functionality for KRB analysis. Generates the krb.log file.
+
+module KRB;
+
+@load ./consts
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Info: record {
+		## Timestamp for when the event happened.
+		ts:			time    &log;
+		## Unique ID for the connection.
+		uid:			string  &log;
+		## The connection's 4-tuple of endpoint addresses/ports.
+		id:			conn_id &log;
+
+		## Request type - Authentication Service ("AS") or
+		## Ticket Granting Service ("TGS")
+		request_type:		string &log &optional;
+		## Client
+		client:			string &log &optional;
+		## Service
+		service:		string &log;
+
+		## Request result
+		success:		bool &log &optional;
+		## Error code
+		error_code: 		count &optional;
+		## Error message
+		error_msg: 		string &log &optional;
+
+		## Ticket valid from
+		from:			time &log &optional;
+		## Ticket valid till
+		till:			time &log &optional;
+		## Ticket encryption type
+		cipher:			string &log &optional;
+
+		## Forwardable ticket requested
+		forwardable: 		bool &log &optional;
+		## Renewable ticket requested
+		renewable:		bool &log &optional;
+
+		## We've already logged this
+		logged: 		bool &default=F;
+	};
+
+	## The server response error texts which are *not* logged.
+	const ignored_errors: set[string] = {
+		# This will significantly increase the noisiness of the log.
+		# However, one attack is to iterate over principals, looking
+		# for ones that don't require preauth, and then performn
+		# an offline attack on that ticket. To detect that attack,
+		# log NEEDED_PREAUTH.
+		"NEEDED_PREAUTH",
+		# This is a more specific version of NEEDED_PREAUTH that's used
+		# by Windows AD Kerberos.
+		"Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ",
+	} &redef;
+
+	## Event that can be handled to access the KRB record as it is sent on
+	## to the logging framework.
+	global log_krb: event(rec: Info);
+}
+
+redef record connection += {
+	krb: Info &optional;
+};
+
+const tcp_ports = { 88/tcp };
+const udp_ports = { 88/udp };
+redef likely_server_ports += { tcp_ports, udp_ports };
+
+event bro_init() &priority=5
+	{
+	Analyzer::register_for_ports(Analyzer::ANALYZER_KRB, udp_ports);
+	Analyzer::register_for_ports(Analyzer::ANALYZER_KRB_TCP, tcp_ports);
+	Log::create_stream(KRB::LOG, [$columns=Info, $ev=log_krb, $path="kerberos"]);
+	}
+
+event krb_error(c: connection, msg: Error_Msg) &priority=5
+	{
+	local info: Info;
+
+	if ( msg?$error_text && msg$error_text in ignored_errors )
+		{
+		if ( c?$krb ) delete c$krb;
+		return;
+		}
+
+	if ( c?$krb && c$krb$logged )
+		return;
+
+	if ( c?$krb )
+		info = c$krb;
+
+	if ( ! info?$ts )
+		{
+		info$ts  = network_time();
+		info$uid = c$uid;
+		info$id  = c$id;
+		}
+
+	if ( ! info?$client && ( msg?$client_name || msg?$client_realm ) )
+		info$client = fmt("%s%s", msg?$client_name ? msg$client_name + "/" : "",
+				 	  msg?$client_realm ? msg$client_realm : "");
+
+	info$service = msg$service_name;
+	info$success = F;
+
+	info$error_code = msg$error_code;
+
+	if ( msg?$error_text )			info$error_msg = msg$error_text;
+	else if ( msg$error_code in error_msg ) info$error_msg = error_msg[msg$error_code];
+
+	c$krb = info;
+	}
+
+event krb_error(c: connection, msg: Error_Msg) &priority=-5
+	{
+	if ( c?$krb )
+		{
+		Log::write(KRB::LOG, c$krb);
+		c$krb$logged = T;
+		}
+	}
+
+event krb_as_request(c: connection, msg: KDC_Request) &priority=5
+	{
+	if ( c?$krb && c$krb$logged )
+		return;
+
+	local info: Info;
+
+	if ( !c?$krb )
+		{
+		info$ts  = network_time();
+		info$uid = c$uid;
+		info$id  = c$id;
+		}
+	else
+		info = c$krb;
+
+	info$request_type = "AS";
+	info$client = fmt("%s/%s", msg$client_name, msg$service_realm);
+	info$service = msg$service_name;
+
+	if ( msg?$from )
+		info$from = msg$from;
+
+	info$till = msg$till;
+
+	info$forwardable = msg$kdc_options$forwardable;
+	info$renewable = msg$kdc_options$renewable;
+
+	c$krb = info;
+	}
+
+event krb_tgs_request(c: connection, msg: KDC_Request) &priority=5
+	{
+	if ( c?$krb && c$krb$logged )
+		return;
+
+	local info: Info;
+	info$ts  = network_time();
+	info$uid = c$uid;
+	info$id  = c$id;
+	info$request_type = "TGS";
+	info$service = msg$service_name;
+	if ( msg?$from ) info$from = msg$from;
+	info$till = msg$till;
+
+	info$forwardable = msg$kdc_options$forwardable;
+	info$renewable = msg$kdc_options$renewable;
+
+	c$krb = info;
+	}
+
+event krb_as_response(c: connection, msg: KDC_Response) &priority=5
+	{
+	local info: Info;
+
+	if ( c?$krb && c$krb$logged )
+		return;
+
+	if ( c?$krb )
+		info = c$krb;
+
+	if ( ! info?$ts )
+		{
+		info$ts  = network_time();
+		info$uid = c$uid;
+		info$id  = c$id;
+		}
+
+	if ( ! info?$client )
+		info$client = fmt("%s/%s", msg$client_name, msg$client_realm);
+
+	info$service = msg$ticket$service_name;
+	info$cipher  = cipher_name[msg$ticket$cipher];
+	info$success = T;
+
+	c$krb = info;
+	}
+
+event krb_as_response(c: connection, msg: KDC_Response) &priority=-5
+	{
+	Log::write(KRB::LOG, c$krb);
+	c$krb$logged = T;
+	}
+
+event krb_tgs_response(c: connection, msg: KDC_Response) &priority=5
+	{
+	local info: Info;
+
+	if ( c?$krb && c$krb$logged )
+		return;
+
+	if ( c?$krb )
+		info = c$krb;
+
+	if ( ! info?$ts )
+		{
+		info$ts  = network_time();
+		info$uid = c$uid;
+		info$id  = c$id;
+		}
+
+	if ( ! info?$client )
+		info$client = fmt("%s/%s", msg$client_name, msg$client_realm);
+
+	info$service = msg$ticket$service_name;
+	info$cipher  = cipher_name[msg$ticket$cipher];
+	info$success = T;
+
+	c$krb = info;
+	}
+
+event krb_tgs_response(c: connection, msg: KDC_Response) &priority=-5
+	{
+	Log::write(KRB::LOG, c$krb);
+	c$krb$logged = T;
+	}
+
+event connection_state_remove(c: connection) &priority=-5
+	{
+	if ( c?$krb && ! c$krb$logged )
+		Log::write(KRB::LOG, c$krb);
+	}
diff --git a/scripts/base/protocols/modbus/main.bro b/scripts/base/protocols/modbus/main.bro
index 707c2e47a7..5a30d170e5 100644
--- a/scripts/base/protocols/modbus/main.bro
+++ b/scripts/base/protocols/modbus/main.bro
@@ -34,7 +34,7 @@ redef likely_server_ports += { ports };
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Modbus::LOG, [$columns=Info, $ev=log_modbus]);
+	Log::create_stream(Modbus::LOG, [$columns=Info, $ev=log_modbus, $path="modbus"]);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_MODBUS, ports);
 	}
 
diff --git a/scripts/base/protocols/mysql/main.bro b/scripts/base/protocols/mysql/main.bro
index 748049965a..e4ba07cbca 100644
--- a/scripts/base/protocols/mysql/main.bro
+++ b/scripts/base/protocols/mysql/main.bro
@@ -39,7 +39,7 @@ const ports = { 1434/tcp, 3306/tcp };
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(mysql::LOG, [$columns=Info, $ev=log_mysql]);
+	Log::create_stream(mysql::LOG, [$columns=Info, $ev=log_mysql, $path="mysql"]);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_MYSQL, ports);
 	}
 
diff --git a/scripts/base/protocols/radius/main.bro b/scripts/base/protocols/radius/main.bro
index 96d4bc1701..d9c2d08ca8 100644
--- a/scripts/base/protocols/radius/main.bro
+++ b/scripts/base/protocols/radius/main.bro
@@ -59,7 +59,7 @@ const ports = { 1812/udp };
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(RADIUS::LOG, [$columns=Info, $ev=log_radius]);
+	Log::create_stream(RADIUS::LOG, [$columns=Info, $ev=log_radius, $path="radius"]);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_RADIUS, ports);
 	}
 
diff --git a/scripts/base/protocols/rdp/__load__.bro b/scripts/base/protocols/rdp/__load__.bro
new file mode 100644
index 0000000000..c98b4d92eb
--- /dev/null
+++ b/scripts/base/protocols/rdp/__load__.bro
@@ -0,0 +1,3 @@
+@load ./consts
+@load ./main
+@load-sigs ./dpd.sig
diff --git a/scripts/base/protocols/rdp/consts.bro b/scripts/base/protocols/rdp/consts.bro
new file mode 100644
index 0000000000..19a7c44c5a
--- /dev/null
+++ b/scripts/base/protocols/rdp/consts.bro
@@ -0,0 +1,323 @@
+module RDP;
+
+export {
+	# http://www.c-amie.co.uk/technical/mstsc-versions/
+	const builds = {
+		[0419] = "RDP 4.0",
+		[2195] = "RDP 5.0",
+		[2221] = "RDP 5.0",
+		[2600] = "RDP 5.1",
+		[3790] = "RDP 5.2",
+		[6000] = "RDP 6.0",
+		[6001] = "RDP 6.1",
+		[6002] = "RDP 6.2",
+		[7600] = "RDP 7.0",
+		[7601] = "RDP 7.1",
+		[9200] = "RDP 8.0",
+		[9600] = "RDP 8.1",
+		[25189] = "RDP 8.0 (Mac)",
+		[25282] = "RDP 8.0 (Mac)"
+	} &default = function(n: count): string { return fmt("client_build-%d", n); };
+
+	const security_protocols = {
+		[0x00] = "RDP",
+		[0x01] = "SSL",
+		[0x02] = "HYBRID",
+		[0x08] = "HYBRID_EX"
+	} &default = function(n: count): string { return fmt("security_protocol-%d", n); };
+
+	const failure_codes = {
+		[0x01] = "SSL_REQUIRED_BY_SERVER",
+		[0x02] = "SSL_NOT_ALLOWED_BY_SERVER",
+		[0x03] = "SSL_CERT_NOT_ON_SERVER",
+		[0x04] = "INCONSISTENT_FLAGS",
+		[0x05] = "HYBRID_REQUIRED_BY_SERVER",
+		[0x06] = "SSL_WITH_USER_AUTH_REQUIRED_BY_SERVER"
+	} &default = function(n: count): string { return fmt("failure_code-%d", n); };
+
+	const cert_types = {
+		[1] = "RSA",
+		[2] = "X.509"
+	} &default = function(n: count): string { return fmt("cert_type-%d", n); };
+
+	const encryption_methods = {
+		[0] = "None",
+		[1] = "40bit",
+		[2] = "128bit",
+		[8] = "56bit",
+		[10] = "FIPS"
+	} &default = function(n: count): string { return fmt("encryption_method-%d", n); };
+
+	const encryption_levels = {
+		[0] = "None",
+		[1] = "Low",
+		[2] = "Client compatible",
+		[3] = "High",
+		[4] = "FIPS"
+	} &default = function(n: count): string { return fmt("encryption_level-%d", n); };
+
+	const high_color_depths = {
+		[0x0004] = "4bit",
+		[0x0008] = "8bit",
+		[0x000F] = "15bit",
+		[0x0010] = "16bit",
+		[0x0018] = "24bit"
+	} &default = function(n: count): string { return fmt("high_color_depth-%d", n); };
+
+	const color_depths = {
+		[0x0001] = "24bit",
+		[0x0002] = "16bit",
+		[0x0004] = "15bit",
+		[0x0008] = "32bit"
+	} &default = function(n: count): string { return fmt("color_depth-%d", n); };
+
+	const results = {
+		[0] = "Success",
+		[1] = "User rejected",
+		[2] = "Resources not available",
+		[3] = "Rejected for symmetry breaking",
+		[4] = "Locked conference",
+	} &default = function(n: count): string { return fmt("result-%d", n); };
+
+	# http://msdn.microsoft.com/en-us/goglobal/bb964664.aspx
+	const languages = {
+		[1078] = "Afrikaans - South Africa",
+		[1052] = "Albanian - Albania",
+		[1156] = "Alsatian",
+		[1118] = "Amharic - Ethiopia",
+		[1025] = "Arabic - Saudi Arabia",
+		[5121] = "Arabic - Algeria",
+		[15361] = "Arabic - Bahrain",
+		[3073] = "Arabic - Egypt",
+		[2049] = "Arabic - Iraq",
+		[11265] = "Arabic - Jordan",
+		[13313] = "Arabic - Kuwait",
+		[12289] = "Arabic - Lebanon",
+		[4097] = "Arabic - Libya",
+		[6145] = "Arabic - Morocco",
+		[8193] = "Arabic - Oman",
+		[16385] = "Arabic - Qatar",
+		[10241] = "Arabic - Syria",
+		[7169] = "Arabic - Tunisia",
+		[14337] = "Arabic - U.A.E.",
+		[9217] = "Arabic - Yemen",
+		[1067] = "Armenian - Armenia",
+		[1101] = "Assamese",
+		[2092] = "Azeri (Cyrillic)",
+		[1068] = "Azeri (Latin)",
+		[1133] = "Bashkir",
+		[1069] = "Basque",
+		[1059] = "Belarusian",
+		[1093] = "Bengali (India)",
+		[2117] = "Bengali (Bangladesh)",
+		[5146] = "Bosnian (Bosnia/Herzegovina)",
+		[1150] = "Breton",
+		[1026] = "Bulgarian",
+		[1109] = "Burmese",
+		[1027] = "Catalan",
+		[1116] = "Cherokee - United States",
+		[2052] = "Chinese - People's Republic of China",
+		[4100] = "Chinese - Singapore",
+		[1028] = "Chinese - Taiwan",
+		[3076] = "Chinese - Hong Kong SAR",
+		[5124] = "Chinese - Macao SAR",
+		[1155] = "Corsican",
+		[1050] = "Croatian",
+		[4122] = "Croatian (Bosnia/Herzegovina)",
+		[1029] = "Czech",
+		[1030] = "Danish",
+		[1164] = "Dari",
+		[1125] = "Divehi",
+		[1043] = "Dutch - Netherlands",
+		[2067] = "Dutch - Belgium",
+		[1126] = "Edo",
+		[1033] = "English - United States",
+		[2057] = "English - United Kingdom",
+		[3081] = "English - Australia",
+		[10249] = "English - Belize",
+		[4105] = "English - Canada",
+		[9225] = "English - Caribbean",
+		[15369] = "English - Hong Kong SAR",
+		[16393] = "English - India",
+		[14345] = "English - Indonesia",
+		[6153] = "English - Ireland",
+		[8201] = "English - Jamaica",
+		[17417] = "English - Malaysia",
+		[5129] = "English - New Zealand",
+		[13321] = "English - Philippines",
+		[18441] = "English - Singapore",
+		[7177] = "English - South Africa",
+		[11273] = "English - Trinidad",
+		[12297] = "English - Zimbabwe",
+		[1061] = "Estonian",
+		[1080] = "Faroese",
+		[1065] = "Farsi",
+		[1124] = "Filipino",
+		[1035] = "Finnish",
+		[1036] = "French - France",
+		[2060] = "French - Belgium",
+		[11276] = "French - Cameroon",
+		[3084] = "French - Canada",
+		[9228] = "French - Democratic Rep. of Congo",
+		[12300] = "French - Cote d'Ivoire",
+		[15372] = "French - Haiti",
+		[5132] = "French - Luxembourg",
+		[13324] = "French - Mali",
+		[6156] = "French - Monaco",
+		[14348] = "French - Morocco",
+		[58380] = "French - North Africa",
+		[8204] = "French - Reunion",
+		[10252] = "French - Senegal",
+		[4108] = "French - Switzerland",
+		[7180] = "French - West Indies",
+		[1122] = "French - West Indies",
+		[1127] = "Fulfulde - Nigeria",
+		[1071] = "FYRO Macedonian",
+		[1110] = "Galician",
+		[1079] = "Georgian",
+		[1031] = "German - Germany",
+		[3079] = "German - Austria",
+		[5127] = "German - Liechtenstein",
+		[4103] = "German - Luxembourg",
+		[2055] = "German - Switzerland",
+		[1032] = "Greek",
+		[1135] = "Greenlandic",
+		[1140] = "Guarani - Paraguay",
+		[1095] = "Gujarati",
+		[1128] = "Hausa - Nigeria",
+		[1141] = "Hawaiian - United States",
+		[1037] = "Hebrew",
+		[1081] = "Hindi",
+		[1038] = "Hungarian",
+		[1129] = "Ibibio - Nigeria",
+		[1039] = "Icelandic",
+		[1136] = "Igbo - Nigeria",
+		[1057] = "Indonesian",
+		[1117] = "Inuktitut",
+		[2108] = "Irish",
+		[1040] = "Italian - Italy",
+		[2064] = "Italian - Switzerland",
+		[1041] = "Japanese",
+		[1158] = "K'iche",
+		[1099] = "Kannada",
+		[1137] = "Kanuri - Nigeria",
+		[2144] = "Kashmiri",
+		[1120] = "Kashmiri (Arabic)",
+		[1087] = "Kazakh",
+		[1107] = "Khmer",
+		[1159] = "Kinyarwanda",
+		[1111] = "Konkani",
+		[1042] = "Korean",
+		[1088] = "Kyrgyz (Cyrillic)",
+		[1108] = "Lao",
+		[1142] = "Latin",
+		[1062] = "Latvian",
+		[1063] = "Lithuanian",
+		[1134] = "Luxembourgish",
+		[1086] = "Malay - Malaysia",
+		[2110] = "Malay - Brunei Darussalam",
+		[1100] = "Malayalam",
+		[1082] = "Maltese",
+		[1112] = "Manipuri",
+		[1153] = "Maori - New Zealand",
+		[1146] = "Mapudungun",
+		[1102] = "Marathi",
+		[1148] = "Mohawk",
+		[1104] = "Mongolian (Cyrillic)",
+		[2128] = "Mongolian (Mongolian)",
+		[1121] = "Nepali",
+		[2145] = "Nepali - India",
+		[1044] = "Norwegian (Bokmål)",
+		[2068] = "Norwegian (Nynorsk)",
+		[1154] = "Occitan",
+		[1096] = "Oriya",
+		[1138] = "Oromo",
+		[1145] = "Papiamentu",
+		[1123] = "Pashto",
+		[1045] = "Polish",
+		[1046] = "Portuguese - Brazil",
+		[2070] = "Portuguese - Portugal",
+		[1094] = "Punjabi",
+		[2118] = "Punjabi (Pakistan)",
+		[1131] = "Quecha - Bolivia",
+		[2155] = "Quecha - Ecuador",
+		[3179] = "Quecha - Peru	CB",
+		[1047] = "Rhaeto-Romanic",
+		[1048] = "Romanian",
+		[2072] = "Romanian - Moldava",
+		[1049] = "Russian",
+		[2073] = "Russian - Moldava",
+		[1083] = "Sami (Lappish)",
+		[1103] = "Sanskrit",
+		[1084] = "Scottish Gaelic",
+		[1132] = "Sepedi",
+		[3098] = "Serbian (Cyrillic)",
+		[2074] = "Serbian (Latin)",
+		[1113] = "Sindhi - India",
+		[2137] = "Sindhi - Pakistan",
+		[1115] = "Sinhalese - Sri Lanka",
+		[1051] = "Slovak",
+		[1060] = "Slovenian",
+		[1143] = "Somali",
+		[1070] = "Sorbian",
+		[3082] = "Spanish - Spain (Modern Sort)",
+		[1034] = "Spanish - Spain (Traditional Sort)",
+		[11274] = "Spanish - Argentina",
+		[16394] = "Spanish - Bolivia",
+		[13322] = "Spanish - Chile",
+		[9226] = "Spanish - Colombia",
+		[5130] = "Spanish - Costa Rica",
+		[7178] = "Spanish - Dominican Republic",
+		[12298] = "Spanish - Ecuador",
+		[17418] = "Spanish - El Salvador",
+		[4106] = "Spanish - Guatemala",
+		[18442] = "Spanish - Honduras",
+		[22538] = "Spanish - Latin America",
+		[2058] = "Spanish - Mexico",
+		[19466] = "Spanish - Nicaragua",
+		[6154] = "Spanish - Panama",
+		[15370] = "Spanish - Paraguay",
+		[10250] = "Spanish - Peru",
+		[20490] = "Spanish - Puerto Rico",
+		[21514] = "Spanish - United States",
+		[14346] = "Spanish - Uruguay",
+		[8202] = "Spanish - Venezuela",
+		[1072] = "Sutu",
+		[1089] = "Swahili",
+		[1053] = "Swedish",
+		[2077] = "Swedish - Finland",
+		[1114] = "Syriac",
+		[1064] = "Tajik",
+		[1119] = "Tamazight (Arabic)",
+		[2143] = "Tamazight (Latin)",
+		[1097] = "Tamil",
+		[1092] = "Tatar",
+		[1098] = "Telugu",
+		[1054] = "Thai",
+		[2129] = "Tibetan - Bhutan",
+		[1105] = "Tibetan - People's Republic of China",
+		[2163] = "Tigrigna - Eritrea",
+		[1139] = "Tigrigna - Ethiopia",
+		[1073] = "Tsonga",
+		[1074] = "Tswana",
+		[1055] = "Turkish",
+		[1090] = "Turkmen",
+		[1152] = "Uighur - China",
+		[1058] = "Ukrainian",
+		[1056] = "Urdu",
+		[2080] = "Urdu - India",
+		[2115] = "Uzbek (Cyrillic)",
+		[1091] = "Uzbek (Latin)",
+		[1075] = "Venda",
+		[1066] = "Vietnamese",
+		[1106] = "Welsh",
+		[1160] = "Wolof",
+		[1076] = "Xhosa",
+		[1157] = "Yakut",
+		[1144] = "Yi",
+		[1085] = "Yiddish",
+		[1130] = "Yoruba",
+		[1077] = "Zulu",
+		[1279] = "HID (Human Interface Device)",
+	} &default = function(n: count): string { return fmt("keyboard-%d", n); };
+}
diff --git a/scripts/base/protocols/rdp/dpd.sig b/scripts/base/protocols/rdp/dpd.sig
new file mode 100644
index 0000000000..f8ebff34b9
--- /dev/null
+++ b/scripts/base/protocols/rdp/dpd.sig
@@ -0,0 +1,12 @@
+signature dpd_rdp_client {
+	ip-proto == tcp
+	# Client request
+	payload /.*(Cookie: mstshash\=|Duca.*(rdpdr|rdpsnd|drdynvc|cliprdr))/
+	requires-reverse-signature dpd_rdp_server
+	enable "rdp"
+}
+
+signature dpd_rdp_server {
+	ip-proto == tcp
+	payload /(.{5}\xd0|.*McDn)/
+}
diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro
new file mode 100644
index 0000000000..c6d550c3f7
--- /dev/null
+++ b/scripts/base/protocols/rdp/main.bro
@@ -0,0 +1,269 @@
+##! Implements base functionality for RDP analysis. Generates the rdp.log file.
+
+@load ./consts
+
+module RDP;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Info: record {
+		## Timestamp for when the event happened.
+		ts:                    time    &log;
+		## Unique ID for the connection.
+		uid:                   string  &log;
+		## The connection's 4-tuple of endpoint addresses/ports.
+		id:                    conn_id &log;
+		## Cookie value used by the client machine.
+		## This is typically a username.
+		cookie:                string  &log &optional;
+		## Status result for the connection.  It's a mix between
+		## RDP negotation failure messages and GCC server create
+		## response messages.
+		result:                string  &log &optional;
+		## Security protocol chosen by the server.
+		security_protocol:     string &log &optional;
+
+		## Keyboard layout (language) of the client machine.
+		keyboard_layout:       string  &log &optional;
+		## RDP client version used by the client machine.
+		client_build:          string  &log &optional;
+		## Name of the client machine.
+		client_name:           string  &log &optional;
+		## Product ID of the client machine.
+		client_dig_product_id: string  &log &optional;
+		## Desktop width of the client machine.
+		desktop_width:         count   &log &optional;
+		## Desktop height of the client machine.
+		desktop_height:        count   &log &optional;
+		## The color depth requested by the client in 
+		## the high_color_depth field.
+		requested_color_depth: string  &log &optional;
+
+		## If the connection is being encrypted with native
+		## RDP encryption, this is the type of cert 
+		## being used.
+		cert_type:             string  &log &optional;
+		## The number of certs seen.  X.509 can transfer an 
+		## entire certificate chain.
+		cert_count:            count   &log &default=0;
+		## Indicates if the provided certificate or certificate
+		## chain is permanent or temporary.
+		cert_permanent:        bool    &log &optional;
+		## Encryption level of the connection.
+		encryption_level:      string  &log &optional;
+		## Encryption method of the connection. 
+		encryption_method:     string  &log &optional;
+		};
+
+	## If true, detach the RDP analyzer from the connection to prevent
+	## continuing to process encrypted traffic.
+	const disable_analyzer_after_detection = F &redef;
+
+	## The amount of time to monitor an RDP session from when it is first 
+	## identified. When this interval is reached, the session is logged.
+	const rdp_check_interval = 10secs &redef;
+
+	## Event that can be handled to access the rdp record as it is sent on
+	## to the logging framework.
+	global log_rdp: event(rec: Info);
+}
+
+# Internal fields that aren't useful externally
+redef record Info += {
+	## The analyzer ID used for the analyzer instance attached
+	## to each connection.  It is not used for logging since it's a
+	## meaningless arbitrary number.
+	analyzer_id: count &optional;
+	## Track status of logging RDP connections.
+	done:        bool  &default=F;
+};
+
+redef record connection += {
+	rdp: Info &optional;
+};
+
+const ports = { 3389/tcp };
+redef likely_server_ports += { ports };
+
+event bro_init() &priority=5
+	{
+	Log::create_stream(RDP::LOG, [$columns=RDP::Info, $ev=log_rdp, $path="rdp"]);
+	Analyzer::register_for_ports(Analyzer::ANALYZER_RDP, ports);
+	}
+
+function write_log(c: connection)
+	{
+	local info = c$rdp;
+
+	if ( info$done )
+		return;
+
+	# Mark this record as fully logged and finished.
+	info$done = T;
+
+	# Verify that the RDP session contains
+	# RDP data before writing it to the log. 
+	if ( info?$cookie || info?$keyboard_layout || info?$result )
+		Log::write(RDP::LOG, info);
+	}
+
+event check_record(c: connection)
+	{
+	# If the record was logged, then stop processing.
+	if ( c$rdp$done )
+		return;
+
+	# If the value rdp_check_interval has passed since the 
+	# RDP session was started, then log the record. 
+	local diff = network_time() - c$rdp$ts;
+	if ( diff > rdp_check_interval )
+		{
+		write_log(c);
+
+		# Remove the analyzer if it is still attached.
+		if ( disable_analyzer_after_detection && 
+		     connection_exists(c$id) && 
+		     c$rdp?$analyzer_id )
+			{
+			disable_analyzer(c$id, c$rdp$analyzer_id);
+			}
+
+		return;
+		}
+	else
+		{
+		# If the analyzer is attached and the duration
+		# to monitor the RDP session was not met, then
+		# reschedule the logging event.
+		schedule rdp_check_interval { check_record(c) };
+		}
+	}
+
+function set_session(c: connection)
+	{
+	if ( ! c?$rdp )
+		{
+		c$rdp = [$ts=network_time(),$id=c$id,$uid=c$uid];
+		# The RDP session is scheduled to be logged from
+		# the time it is first initiated.
+		schedule rdp_check_interval { check_record(c) };
+		}
+	}
+
+event rdp_connect_request(c: connection, cookie: string) &priority=5
+	{
+	set_session(c);
+
+	c$rdp$cookie = cookie;
+	}
+
+event rdp_negotiation_response(c: connection, security_protocol: count) &priority=5
+	{
+	set_session(c);
+
+	c$rdp$security_protocol = security_protocols[security_protocol];
+	}
+
+event rdp_negotiation_failure(c: connection, failure_code: count) &priority=5
+	{
+	set_session(c);
+
+	c$rdp$result = failure_codes[failure_code];
+	}
+
+event rdp_client_core_data(c: connection, data: RDP::ClientCoreData) &priority=5
+	{
+	set_session(c);
+
+	c$rdp$keyboard_layout       = RDP::languages[data$keyboard_layout];
+	c$rdp$client_build          = RDP::builds[data$client_build];
+	c$rdp$client_name           = data$client_name;
+	c$rdp$client_dig_product_id = data$dig_product_id;
+	c$rdp$desktop_width         = data$desktop_width;
+	c$rdp$desktop_height        = data$desktop_height;
+
+	if ( data?$ec_flags && data$ec_flags$want_32bpp_session )
+		c$rdp$requested_color_depth = "32bit";
+	else
+		c$rdp$requested_color_depth = RDP::high_color_depths[data$high_color_depth];
+	}
+
+event rdp_gcc_server_create_response(c: connection, result: count) &priority=5
+	{
+	set_session(c);
+
+	c$rdp$result = RDP::results[result];
+	}
+
+event rdp_server_security(c: connection, encryption_method: count, encryption_level: count) &priority=5
+	{
+	set_session(c);
+
+	c$rdp$encryption_method = RDP::encryption_methods[encryption_method];
+	c$rdp$encryption_level = RDP::encryption_levels[encryption_level];
+	}
+
+event rdp_server_certificate(c: connection, cert_type: count, permanently_issued: bool) &priority=5
+	{
+	set_session(c);
+
+	c$rdp$cert_type = RDP::cert_types[cert_type];
+
+	# There are no events for proprietary/RSA certs right
+	# now so we manually count this one.
+	if ( c$rdp$cert_type == "RSA" )
+		++c$rdp$cert_count;
+	
+	c$rdp$cert_permanent = permanently_issued;
+	}
+
+event rdp_begin_encryption(c: connection, security_protocol: count) &priority=5
+	{
+	set_session(c);
+
+	if ( ! c$rdp?$result )
+		{
+		c$rdp$result = "encrypted";
+		}
+
+	c$rdp$security_protocol = security_protocols[security_protocol];
+	}
+
+event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=5
+	{
+	if ( c?$rdp && f$source == "RDP" )
+		{
+		# Count up X509 certs.
+		++c$rdp$cert_count;
+
+		Files::add_analyzer(f, Files::ANALYZER_X509);
+		Files::add_analyzer(f, Files::ANALYZER_MD5);
+		Files::add_analyzer(f, Files::ANALYZER_SHA1);
+		}
+	}
+
+event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &priority=5
+	{
+	if ( atype == Analyzer::ANALYZER_RDP )
+		{
+		set_session(c);
+		c$rdp$analyzer_id = aid;
+		}
+	}
+
+event protocol_violation(c: connection, atype: Analyzer::Tag, aid: count, reason: string) &priority=5
+	{
+	# If a protocol violation occurs, then log the record immediately.
+	if ( c?$rdp )
+		write_log(c);
+	}
+
+event connection_state_remove(c: connection) &priority=-5
+	{
+	# If the connection is removed, then log the record immediately.
+	if ( c?$rdp )
+		{
+		write_log(c);
+		}
+	}
diff --git a/scripts/base/protocols/sip/__load__.bro b/scripts/base/protocols/sip/__load__.bro
new file mode 100644
index 0000000000..0f3cb011f8
--- /dev/null
+++ b/scripts/base/protocols/sip/__load__.bro
@@ -0,0 +1,3 @@
+@load ./main
+
+@load-sigs ./dpd.sig
\ No newline at end of file
diff --git a/scripts/base/protocols/sip/dpd.sig b/scripts/base/protocols/sip/dpd.sig
new file mode 100644
index 0000000000..9b46abbb36
--- /dev/null
+++ b/scripts/base/protocols/sip/dpd.sig
@@ -0,0 +1,19 @@
+signature dpd_sip_udp_req {
+  ip-proto == udp
+  payload /.* SIP\/[0-9]\.[0-9]\x0d\x0a/
+  enable "sip"
+}
+
+signature dpd_sip_udp_resp {
+  ip-proto == udp
+  payload /^ ?SIP\/[0-9]\.[0-9](\x0d\x0a| [0-9][0-9][0-9] )/
+  enable "sip"
+}
+
+# We don't support SIP-over-TCP yet.
+#
+# signature dpd_sip_tcp {
+#   ip-proto == tcp
+#   payload /^( SIP\/[0-9]\.[0-9]\x0d\x0a|SIP\/[0-9]\.[0-9] [0-9][0-9][0-9] )/
+#   enable "sip_tcp"
+# }
diff --git a/scripts/base/protocols/sip/main.bro b/scripts/base/protocols/sip/main.bro
new file mode 100644
index 0000000000..0f396b8f74
--- /dev/null
+++ b/scripts/base/protocols/sip/main.bro
@@ -0,0 +1,272 @@
+##! Implements base functionality for SIP analysis.  The logging model is
+##! to log request/response pairs and all relevant metadata together in
+##! a single record.
+
+@load base/utils/numbers
+@load base/utils/files
+
+module SIP;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Info: record {
+		## Timestamp for when the request happened.
+		ts:                      time              &log;
+		## Unique ID for the connection.
+		uid:                     string            &log;
+		## The connection's 4-tuple of endpoint addresses/ports.
+		id:                      conn_id           &log;
+		## Represents the pipelined depth into the connection of this
+		## request/response transaction.
+		trans_depth:             count             &log;
+		## Verb used in the SIP request (INVITE, REGISTER etc.).
+		method:                  string            &log &optional;
+		## URI used in the request.
+		uri:                     string            &log &optional;
+		## Contents of the Date: header from the client
+		date:                    string            &log &optional;
+		## Contents of the request From: header
+		## Note: The tag= value that's usually appended to the sender
+		## is stripped off and not logged.
+		request_from:            string            &log &optional;
+		## Contents of the To: header
+		request_to:              string            &log &optional;
+		## Contents of the response From: header
+		## Note: The ``tag=`` value that's usually appended to the sender
+		## is stripped off and not logged.
+		response_from:            string            &log &optional;
+		## Contents of the response To: header
+		response_to:              string            &log &optional;
+
+		## Contents of the Reply-To: header
+		reply_to:                string            &log &optional;
+		## Contents of the Call-ID: header from the client
+		call_id:                 string            &log &optional;
+		## Contents of the CSeq: header from the client
+		seq:                     string            &log &optional;
+		## Contents of the Subject: header from the client
+		subject:                 string            &log &optional;
+		## The client message transmission path, as extracted from the headers.
+		request_path:            vector of string  &log &optional;
+		## The server message transmission path, as extracted from the headers.
+		response_path:           vector of string  &log &optional;
+		## Contents of the User-Agent: header from the client
+		user_agent:              string            &log &optional;
+		## Status code returned by the server.
+		status_code:             count             &log &optional;
+		## Status message returned by the server.
+		status_msg:              string            &log &optional;
+		## Contents of the Warning: header
+		warning:                 string            &log &optional;
+		## Contents of the Content-Length: header from the client
+		request_body_len:        string            &log &optional;
+		## Contents of the Content-Length: header from the server
+		response_body_len:       string            &log &optional;
+		## Contents of the Content-Type: header from the server
+		content_type:            string            &log &optional;
+	};
+
+	type State: record {
+		## Pending requests.
+		pending:          table[count] of Info;
+		## Current request in the pending queue.
+		current_request:  count                &default=0;
+		## Current response in the pending queue.
+		current_response: count                &default=0;
+	};
+
+	## A list of SIP methods. Other methods will generate a weird. Note
+	## that the SIP analyzer will only accept methods consisting solely
+	## of letters ``[A-Za-z]``.
+	const sip_methods: set[string] = {
+		"REGISTER", "INVITE", "ACK", "CANCEL", "BYE", "OPTIONS"
+	} &redef;
+
+	## Event that can be handled to access the SIP record as it is sent on
+	## to the logging framework.
+	global log_sip: event(rec: Info);
+}
+
+# Add the sip state tracking fields to the connection record.
+redef record connection += {
+	sip:        Info  &optional;
+	sip_state:  State &optional;
+};
+
+const ports = { 5060/udp };
+redef likely_server_ports += { ports };
+
+event bro_init() &priority=5
+	{
+	Log::create_stream(SIP::LOG, [$columns=Info, $ev=log_sip, $path="sip"]);
+	Analyzer::register_for_ports(Analyzer::ANALYZER_SIP, ports);
+	}
+
+function new_sip_session(c: connection): Info
+	{
+	local tmp: Info;
+	tmp$ts=network_time();
+	tmp$uid=c$uid;
+	tmp$id=c$id;
+	# $current_request is set prior to the Info record creation so we
+	# can use the value directly here.
+	tmp$trans_depth = c$sip_state$current_request;
+
+	tmp$request_path = vector();
+	tmp$response_path = vector();
+
+	return tmp;
+	}
+
+function set_state(c: connection, is_request: bool)
+	{
+	if ( ! c?$sip_state )
+		{
+		local s: State;
+		c$sip_state = s;
+		}
+
+	# These deal with new requests and responses.
+	if ( is_request && c$sip_state$current_request !in c$sip_state$pending )
+		c$sip_state$pending[c$sip_state$current_request] = new_sip_session(c);
+	if ( ! is_request && c$sip_state$current_response !in c$sip_state$pending )
+		c$sip_state$pending[c$sip_state$current_response] = new_sip_session(c);
+
+	if ( is_request )
+		c$sip = c$sip_state$pending[c$sip_state$current_request];
+	else
+		c$sip = c$sip_state$pending[c$sip_state$current_response];
+
+	if ( is_request )
+		{
+		if ( c$sip_state$current_request !in c$sip_state$pending )
+			c$sip_state$pending[c$sip_state$current_request] = new_sip_session(c);
+
+		c$sip = c$sip_state$pending[c$sip_state$current_request];
+		}
+	else
+		{
+		if ( c$sip_state$current_response !in c$sip_state$pending )
+			c$sip_state$pending[c$sip_state$current_response] = new_sip_session(c);
+
+		c$sip = c$sip_state$pending[c$sip_state$current_response];
+		}
+
+	}
+
+function flush_pending(c: connection)
+	{
+	# Flush all pending but incomplete request/response pairs.
+	if ( c?$sip_state )
+		{
+		for ( r in c$sip_state$pending )
+			{
+			# We don't use pending elements at index 0.
+			if ( r == 0 ) next;
+			Log::write(SIP::LOG, c$sip_state$pending[r]);
+			}
+		}
+	}
+
+event sip_request(c: connection, method: string, original_URI: string, version: string) &priority=5
+	{
+	set_state(c, T);
+
+	c$sip$method = method;
+	c$sip$uri = original_URI;
+
+	if ( method !in sip_methods )
+		event conn_weird("unknown_SIP_method", c, method);
+	}
+
+event sip_reply(c: connection, version: string, code: count, reason: string) &priority=5
+	{
+	set_state(c, F);
+
+	if ( c$sip_state$current_response !in c$sip_state$pending &&
+	     (code < 100 && 200 <= code) )
+		++c$sip_state$current_response;
+
+	c$sip$status_code = code;
+	c$sip$status_msg = reason;
+	}
+
+event sip_header(c: connection, is_request: bool, name: string, value: string) &priority=5
+	{
+	if ( ! c?$sip_state )
+		{
+		local s: State;
+		c$sip_state = s;
+		}
+
+	if ( is_request ) # from client
+		{
+		if ( c$sip_state$current_request !in c$sip_state$pending )
+			++c$sip_state$current_request;
+		set_state(c, is_request);
+		if ( name == "CALL-ID" )                            c$sip$call_id = value;
+		else if ( name == "CONTENT-LENGTH" || name == "L" ) c$sip$request_body_len = value;
+		else if ( name == "CSEQ" )                          c$sip$seq = value;
+		else if ( name == "DATE" )                          c$sip$date = value;
+		else if ( name == "FROM" || name == "F" )           c$sip$request_from = split_string1(value, /;[ ]?tag=/)[0];
+		else if ( name == "REPLY-TO" )                      c$sip$reply_to = value;
+		else if ( name == "SUBJECT" || name == "S" )        c$sip$subject = value;
+		else if ( name == "TO" || name == "T" )             c$sip$request_to = value;
+		else if ( name == "USER-AGENT" )                    c$sip$user_agent = value;
+		else if ( name == "VIA" || name == "V" )            c$sip$request_path[|c$sip$request_path|] = split_string1(value, /;[ ]?branch/)[0];
+
+		c$sip_state$pending[c$sip_state$current_request] = c$sip;
+		}
+	else # from server
+		{
+		if ( c$sip_state$current_response !in c$sip_state$pending )
+			++c$sip_state$current_response;
+		set_state(c, is_request);
+		if ( name == "CONTENT-LENGTH" || name == "L" )    c$sip$response_body_len = value;
+		else if ( name == "CONTENT-TYPE" || name == "C" ) c$sip$content_type = value;
+		else if ( name == "WARNING" )                     c$sip$warning = value;
+		else if ( name == "FROM" || name == "F" )         c$sip$response_from = split_string1(value, /;[ ]?tag=/)[0];
+		else if ( name == "TO" || name == "T" )           c$sip$response_to = value;
+		else if ( name == "VIA" || name == "V" )          c$sip$response_path[|c$sip$response_path|] = split_string1(value, /;[ ]?branch/)[0];
+
+		c$sip_state$pending[c$sip_state$current_response] = c$sip;
+		}
+	}
+
+event sip_end_entity(c: connection, is_request: bool) &priority = 5
+	{
+	set_state(c, is_request);
+	}
+
+event sip_end_entity(c: connection, is_request: bool) &priority = -5
+	{
+	# The reply body is done so we're ready to log.
+	if ( ! is_request )
+		{
+		Log::write(SIP::LOG, c$sip);
+
+		if ( c$sip$status_code < 100 || 200 <= c$sip$status_code )
+			delete c$sip_state$pending[c$sip_state$current_response];
+
+		if ( ! c$sip?$method || ( c$sip$method == "BYE" &&
+		     c$sip$status_code >= 200 && c$sip$status_code < 300 ) )
+			{
+			flush_pending(c);
+			delete c$sip;
+			delete c$sip_state;
+			}
+		}
+	}
+
+event connection_state_remove(c: connection) &priority=-5
+	{
+	if ( c?$sip_state )
+		{
+		for ( r in c$sip_state$pending )
+			{
+			Log::write(SIP::LOG, c$sip_state$pending[r]);
+			}
+		}
+	}
+
diff --git a/scripts/base/protocols/smtp/main.bro b/scripts/base/protocols/smtp/main.bro
index 925b0f4da5..5fb5cac4bc 100644
--- a/scripts/base/protocols/smtp/main.bro
+++ b/scripts/base/protocols/smtp/main.bro
@@ -92,7 +92,7 @@ redef likely_server_ports += { ports };
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(SMTP::LOG, [$columns=SMTP::Info, $ev=log_smtp]);
+	Log::create_stream(SMTP::LOG, [$columns=SMTP::Info, $ev=log_smtp, $path="smtp"]);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, ports);
 	}
 
diff --git a/scripts/base/protocols/snmp/main.bro b/scripts/base/protocols/snmp/main.bro
index 4921794408..ec45d59440 100644
--- a/scripts/base/protocols/snmp/main.bro
+++ b/scripts/base/protocols/snmp/main.bro
@@ -66,7 +66,7 @@ redef likely_server_ports += { ports };
 event bro_init() &priority=5
 	{
 	Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, ports);
-	Log::create_stream(SNMP::LOG, [$columns=SNMP::Info, $ev=log_snmp]);
+	Log::create_stream(SNMP::LOG, [$columns=SNMP::Info, $ev=log_snmp, $path="snmp"]);
 	}
 
 function init_state(c: connection, h: SNMP::Header): Info
diff --git a/scripts/base/protocols/socks/main.bro b/scripts/base/protocols/socks/main.bro
index e052962888..c63092f609 100644
--- a/scripts/base/protocols/socks/main.bro
+++ b/scripts/base/protocols/socks/main.bro
@@ -43,7 +43,7 @@ redef likely_server_ports += { ports };
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(SOCKS::LOG, [$columns=Info, $ev=log_socks]);
+	Log::create_stream(SOCKS::LOG, [$columns=Info, $ev=log_socks, $path="socks"]);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, ports);
 	}
 
diff --git a/scripts/base/protocols/ssh/README b/scripts/base/protocols/ssh/README
deleted file mode 100644
index c3f68d543f..0000000000
--- a/scripts/base/protocols/ssh/README
+++ /dev/null
@@ -1 +0,0 @@
-Support for Secure Shell (SSH) protocol analysis.
diff --git a/scripts/base/protocols/ssh/__load__.bro b/scripts/base/protocols/ssh/__load__.bro
index 0f3cb011f8..7b9b0d9a6c 100644
--- a/scripts/base/protocols/ssh/__load__.bro
+++ b/scripts/base/protocols/ssh/__load__.bro
@@ -1,3 +1,2 @@
 @load ./main
-
-@load-sigs ./dpd.sig
\ No newline at end of file
+@load-sigs ./dpd.sig
diff --git a/scripts/base/protocols/ssh/dpd.sig b/scripts/base/protocols/ssh/dpd.sig
index 95e22908ab..816e7929b3 100644
--- a/scripts/base/protocols/ssh/dpd.sig
+++ b/scripts/base/protocols/ssh/dpd.sig
@@ -1,6 +1,6 @@
 signature dpd_ssh_client {
   ip-proto == tcp
-  payload /^[sS][sS][hH]-/
+  payload /^[sS][sS][hH]-[12]\./
   requires-reverse-signature dpd_ssh_server
   enable "ssh"
   tcp-state originator
@@ -8,6 +8,6 @@ signature dpd_ssh_client {
 
 signature dpd_ssh_server {
   ip-proto == tcp
-  payload /^[sS][sS][hH]-/
+  payload /^[sS][sS][hH]-[12]\./
   tcp-state responder
-}
+}
\ No newline at end of file
diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro
index 33b0c84147..d9e1e2b3cf 100644
--- a/scripts/base/protocols/ssh/main.bro
+++ b/scripts/base/protocols/ssh/main.bro
@@ -1,15 +1,5 @@
-##! Base SSH analysis script.  The heuristic to blindly determine success or
-##! failure for SSH connections is implemented here.  At this time, it only
-##! uses the size of the data being returned from the server to make the
-##! heuristic determination about success of the connection.
-##! Requires that :bro:id:`use_conn_size_analyzer` is set to T!  The heuristic
-##! is not attempted if the connection size analyzer isn't enabled.
+##! Implements base functionality for SSH analysis. Generates the ssh.log file.
 
-@load base/protocols/conn
-@load base/frameworks/notice
-@load base/utils/site
-@load base/utils/thresholds
-@load base/utils/conn-ids
 @load base/utils/directions-and-hosts
 
 module SSH;
@@ -25,45 +15,63 @@ export {
 		uid:             string       &log;
 		## The connection's 4-tuple of endpoint addresses/ports.
 		id:              conn_id      &log;
-		## Indicates if the login was heuristically guessed to be
-		## "success", "failure", or "undetermined".
-		status:          string       &log &default="undetermined";
-		## Direction of the connection.  If the client was a local host
+		## SSH major version (1 or 2)
+		version:         count        &log;
+		## Authentication result (T=success, F=failure, unset=unknown)
+		auth_success:    bool         &log &optional;
+		## Direction of the connection. If the client was a local host
 		## logging into an external host, this would be OUTBOUND. INBOUND
 		## would be set for the opposite situation.
-		# TODO: handle local-local and remote-remote better.
+		# TODO - handle local-local and remote-remote better.
 		direction:       Direction    &log &optional;
-		## Software string from the client.
+		## The client's version string
 		client:          string       &log &optional;
-		## Software string from the server.
+		## The server's version string
 		server:          string       &log &optional;
-		## Indicate if the SSH session is done being watched.
-		done:            bool         &default=F;
+		## The encryption algorithm in use
+		cipher_alg:      string       &log &optional;
+		## The signing (MAC) algorithm in use
+		mac_alg:         string       &log &optional;
+		## The compression algorithm in use
+		compression_alg: string       &log &optional;
+		## The key exchange algorithm in use
+		kex_alg:         string       &log &optional;
+		## The server host key's algorithm
+		host_key_alg:    string       &log &optional;
+		## The server's key fingerprint
+		host_key:        string       &log &optional;
 	};
 
-	## The size in bytes of data sent by the server at which the SSH
-	## connection is presumed to be successful.
-	const authentication_data_size = 4000 &redef;
+	## The set of compression algorithms. We can't accurately determine
+	## authentication success or failure when compression is enabled.
+	const compression_algorithms = set("zlib", "zlib@openssh.com") &redef;
 
 	## If true, we tell the event engine to not look at further data
 	## packets after the initial SSH handshake. Helps with performance
 	## (especially with large file transfers) but precludes some
-	## kinds of analyses.
-	const skip_processing_after_detection = F &redef;
+	## kinds of analyses. Defaults to T.
+	const skip_processing_after_detection = T &redef;
 
-	## Event that is generated when the heuristic thinks that a login
-	## was successful.
-	global heuristic_successful_login: event(c: connection);
-
-	## Event that is generated when the heuristic thinks that a login
-	## failed.
-	global heuristic_failed_login: event(c: connection);
-
-	## Event that can be handled to access the :bro:type:`SSH::Info`
-	## record as it is sent on to the logging framework.
+	## Event that can be handled to access the SSH record as it is sent on
+	## to the logging framework.
 	global log_ssh: event(rec: Info);
+
+	## Event that can be handled when the analyzer sees an SSH server host
+	## key. This abstracts :bro:id:`ssh1_server_host_key` and
+	## :bro:id:`ssh2_server_host_key`.
+	global ssh_server_host_key: event(c: connection, hash: string);
 }
 
+redef record Info += {
+	# This connection has been logged (internal use)
+	logged:       bool         &default=F;
+	# Number of failures seen (internal use)
+	num_failures: count        &default=0;
+	# Store capabilities from the first host for
+	# comparison with the second (internal use)
+	capabilities: Capabilities &optional;
+};
+
 redef record connection += {
 	ssh: Info &optional;
 };
@@ -72,133 +80,156 @@ const ports = { 22/tcp };
 redef likely_server_ports += { ports };
 
 event bro_init() &priority=5
-{
-	Log::create_stream(SSH::LOG, [$columns=Info, $ev=log_ssh]);
+	{
 	Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, ports);
-}
+	Log::create_stream(SSH::LOG, [$columns=Info, $ev=log_ssh, $path="ssh"]);
+	}
 
 function set_session(c: connection)
 	{
 	if ( ! c?$ssh )
 		{
-		local info: Info;
-		info$ts=network_time();
-		info$uid=c$uid;
-		info$id=c$id;
+		local info: SSH::Info;
+		info$ts  = network_time();
+		info$uid = c$uid;
+		info$id  = c$id;
+
+		# If both hosts are local or non-local, we can't reliably set a direction.
+		if ( Site::is_local_addr(c$id$orig_h) != Site::is_local_addr(c$id$resp_h) )
+			info$direction = Site::is_local_addr(c$id$orig_h) ? OUTBOUND: INBOUND;
 		c$ssh = info;
 		}
 	}
 
-function check_ssh_connection(c: connection, done: bool)
-	{
-	# If already done watching this connection, just return.
-	if ( c$ssh$done )
-		return;
-
-	if ( done )
-		{
-		# If this connection is done, then we can look to see if
-		# this matches the conditions for a failed login.  Failed
-		# logins are only detected at connection state removal.
-
-		if ( # Require originators and responders to have sent at least 50 bytes.
-		     c$orig$size > 50 && c$resp$size > 50 &&
-		     # Responders must be below 4000 bytes.
-		     c$resp$size < authentication_data_size &&
-		     # Responder must have sent fewer than 40 packets.
-		     c$resp$num_pkts < 40 &&
-		     # If there was a content gap we can't reliably do this heuristic.
-		     c?$conn && c$conn$missed_bytes == 0 )# &&
-		     # Only "normal" connections can count.
-		     #c$conn?$conn_state && c$conn$conn_state in valid_states )
-			{
-			c$ssh$status = "failure";
-			event SSH::heuristic_failed_login(c);
-			}
-
-		if ( c$resp$size >= authentication_data_size )
-			{
-			c$ssh$status = "success";
-			event SSH::heuristic_successful_login(c);
-			}
-		}
-	else
-		{
-		# If this connection is still being tracked, then it's possible
-		# to watch for it to be a successful connection.
-		if ( c$resp$size >= authentication_data_size )
-			{
-			c$ssh$status = "success";
-			event SSH::heuristic_successful_login(c);
-			}
-		else
-			# This connection must be tracked longer.  Let the scheduled
-			# check happen again.
-			return;
-		}
-
-	# Set the direction for the log.
-	c$ssh$direction = Site::is_local_addr(c$id$orig_h) ? OUTBOUND : INBOUND;
-
-	# Set the "done" flag to prevent the watching event from rescheduling
-	# after detection is done.
-	c$ssh$done=T;
-
-	if ( skip_processing_after_detection )
-		{
-		# Stop watching this connection, we don't care about it anymore.
-		skip_further_processing(c$id);
-		set_record_packets(c$id, F);
-		}
-	}
-
-
-event heuristic_successful_login(c: connection) &priority=-5
-	{
-	Log::write(SSH::LOG, c$ssh);
-	}
-
-event heuristic_failed_login(c: connection) &priority=-5
-	{
-	Log::write(SSH::LOG, c$ssh);
-	}
-
-event connection_state_remove(c: connection) &priority=-5
-	{
-	if ( c?$ssh )
-		{
-		check_ssh_connection(c, T);
-		if ( c$ssh$status == "undetermined" )
-			Log::write(SSH::LOG, c$ssh);
-		}
-	}
-
-event ssh_watcher(c: connection)
-	{
-	local id = c$id;
-	# don't go any further if this connection is gone already!
-	if ( ! connection_exists(id) )
-		return;
-
-	lookup_connection(c$id);
-	check_ssh_connection(c, F);
-	if ( ! c$ssh$done )
-		schedule +15secs { ssh_watcher(c) };
-	}
-
-event ssh_server_version(c: connection, version: string) &priority=5
+event ssh_server_version(c: connection, version: string)
 	{
 	set_session(c);
 	c$ssh$server = version;
 	}
 
-event ssh_client_version(c: connection, version: string) &priority=5
+event ssh_client_version(c: connection, version: string)
 	{
 	set_session(c);
 	c$ssh$client = version;
 
-	# The heuristic detection for SSH relies on the ConnSize analyzer.
-	# Don't do the heuristics if it's disabled.
-	if ( use_conn_size_analyzer )
-		schedule +15secs { ssh_watcher(c) };
+	if ( ( |version| > 3 ) && ( version[4] == "1" ) )
+		c$ssh$version = 1;
+	if ( ( |version| > 3 ) && ( version[4] == "2" ) )
+		c$ssh$version = 2;
+	}
+
+event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=5
+	{
+	# TODO - what to do here?
+	if ( !c?$ssh || ( c$ssh?$auth_success && c$ssh$auth_success ) )
+		return;
+
+	# We can't accurately tell for compressed streams
+	if ( c$ssh?$compression_alg && ( c$ssh$compression_alg in compression_algorithms ) )
+		return;
+
+	c$ssh$auth_success = T;
+
+	if ( skip_processing_after_detection)
+		{
+		skip_further_processing(c$id);
+		set_record_packets(c$id, F);
+		}
+	}
+
+event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=-5
+	{
+	if ( c?$ssh && !c$ssh$logged )
+		{
+		c$ssh$logged = T;
+		Log::write(SSH::LOG, c$ssh);
+		}
+	}
+
+event ssh_auth_failed(c: connection) &priority=5
+	{
+	if ( !c?$ssh || ( c$ssh?$auth_success && !c$ssh$auth_success ) )
+		return;
+
+	# We can't accurately tell for compressed streams
+	if ( c$ssh?$compression_alg && ( c$ssh$compression_alg in compression_algorithms ) )
+		return;
+
+	c$ssh$auth_success = F;
+	c$ssh$num_failures += 1;
+	}
+
+# Determine the negotiated algorithm
+function find_alg(client_algorithms: vector of string, server_algorithms: vector of string): string
+	{
+	for ( i in client_algorithms )
+		for ( j in server_algorithms )
+			if ( client_algorithms[i] == server_algorithms[j] )
+				return client_algorithms[i];
+	return "Algorithm negotiation failed";
+	}
+
+# This is a simple wrapper around find_alg for cases where client to server and server to client
+# negotiate different algorithms. This is rare, but provided for completeness.
+function find_bidirectional_alg(client_prefs: Algorithm_Prefs, server_prefs: Algorithm_Prefs): string
+	{
+	local c_to_s = find_alg(client_prefs$client_to_server, server_prefs$client_to_server);
+	local s_to_c = find_alg(client_prefs$server_to_client, server_prefs$server_to_client);
+
+	# Usually these are the same, but if they're not, return the details
+	return c_to_s == s_to_c ? c_to_s : fmt("To server: %s, to client: %s", c_to_s, s_to_c);
+	}
+	
+event ssh_capabilities(c: connection, cookie: string, capabilities: Capabilities)
+	{
+	if ( !c?$ssh || ( c$ssh?$capabilities && c$ssh$capabilities$is_server == capabilities$is_server ) )
+		return;
+
+	if ( !c$ssh?$capabilities )
+		{
+		c$ssh$capabilities = capabilities;
+		return;
+		}
+
+	local client_caps = capabilities$is_server ? c$ssh$capabilities : capabilities;
+	local server_caps = capabilities$is_server ? capabilities : c$ssh$capabilities;
+
+	c$ssh$cipher_alg      = find_bidirectional_alg(client_caps$encryption_algorithms,
+	                                               server_caps$encryption_algorithms);
+	c$ssh$mac_alg         = find_bidirectional_alg(client_caps$mac_algorithms,
+	                                               server_caps$mac_algorithms);
+	c$ssh$compression_alg = find_bidirectional_alg(client_caps$compression_algorithms,
+	                                               server_caps$compression_algorithms);
+	c$ssh$kex_alg         = find_alg(client_caps$kex_algorithms, server_caps$kex_algorithms);	
+	c$ssh$host_key_alg    = find_alg(client_caps$server_host_key_algorithms,
+	                                 server_caps$server_host_key_algorithms);
+	}
+
+event connection_state_remove(c: connection) &priority=-5
+	{
+	if ( c?$ssh && !c$ssh$logged && c$ssh?$client && c$ssh?$server )
+		{
+		c$ssh$logged = T;
+		Log::write(SSH::LOG, c$ssh);
+		}
+	}
+
+function generate_fingerprint(c: connection, key: string)
+	{
+	if ( !c?$ssh )
+		return;
+
+	local lx = str_split(md5_hash(key), vector(2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30));
+	lx[0] = "";
+	c$ssh$host_key = sub(join_string_vec(lx, ":"), /:/, "");
+	}
+
+event ssh1_server_host_key(c: connection, p: string, e: string) &priority=5
+	{
+	generate_fingerprint(c, e + p);
+	}
+
+event ssh2_server_host_key(c: connection, key: string) &priority=5
+	{
+	generate_fingerprint(c, key);
 	}
diff --git a/scripts/base/protocols/ssl/consts.bro b/scripts/base/protocols/ssl/consts.bro
index 3d115419d4..05559ee5d0 100644
--- a/scripts/base/protocols/ssl/consts.bro
+++ b/scripts/base/protocols/ssl/consts.bro
@@ -6,6 +6,11 @@ export {
 	const TLSv10 = 0x0301;
 	const TLSv11 = 0x0302;
 	const TLSv12 = 0x0303;
+
+	const DTLSv10 = 0xFEFF;
+	# DTLSv11 does not exist
+	const DTLSv12 = 0xFEFD;
+
 	## Mapping between the constants and string values for SSL/TLS versions.
 	const version_strings: table[count] of string = {
 		[SSLv2] = "SSLv2",
@@ -13,6 +18,8 @@ export {
 		[TLSv10] = "TLSv10",
 		[TLSv11] = "TLSv11",
 		[TLSv12] = "TLSv12",
+		[DTLSv10] = "DTLSv10",
+		[DTLSv12] = "DTLSv12"
 	} &default=function(i: count):string { return fmt("unknown-%d", i); };
 
 	## TLS content types:
diff --git a/scripts/base/protocols/ssl/dpd.sig b/scripts/base/protocols/ssl/dpd.sig
index b888d84cec..e238575568 100644
--- a/scripts/base/protocols/ssl/dpd.sig
+++ b/scripts/base/protocols/ssl/dpd.sig
@@ -13,3 +13,10 @@ signature dpd_ssl_client {
   payload /^(\x16\x03[\x00\x01\x02\x03]..\x01...\x03[\x00\x01\x02\x03]|...?\x01[\x00\x03][\x00\x01\x02\x03]).*/
   tcp-state originator
 }
+
+signature dpd_dtls_client {
+  ip-proto == udp
+	# Client hello.
+	payload /^\x16\xfe[\xff\xfd]\x00\x00\x00\x00\x00\x00\x00...\x01...........\xfe[\xff\xfd].*/
+	enable "dtls"
+}
diff --git a/scripts/base/protocols/ssl/files.bro b/scripts/base/protocols/ssl/files.bro
index 65f43ed772..90273639e5 100644
--- a/scripts/base/protocols/ssl/files.bro
+++ b/scripts/base/protocols/ssl/files.bro
@@ -85,6 +85,10 @@ event bro_init() &priority=5
 	Files::register_protocol(Analyzer::ANALYZER_SSL,
 	                         [$get_file_handle = SSL::get_file_handle,
 	                          $describe        = SSL::describe_file]);
+
+	Files::register_protocol(Analyzer::ANALYZER_DTLS,
+	                         [$get_file_handle = SSL::get_file_handle,
+	                          $describe        = SSL::describe_file]);
 	}
 
 event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=5
diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro
index a1461db82d..8483f473f4 100644
--- a/scripts/base/protocols/ssl/main.bro
+++ b/scripts/base/protocols/ssl/main.bro
@@ -92,16 +92,22 @@ redef record Info += {
 		delay_tokens: set[string] &optional;
 };
 
-const ports = {
+const ssl_ports = {
 	443/tcp, 563/tcp, 585/tcp, 614/tcp, 636/tcp,
 	989/tcp, 990/tcp, 992/tcp, 993/tcp, 995/tcp, 5223/tcp
 };
-redef likely_server_ports += { ports };
+
+# There are no well known DTLS ports at the moment. Let's
+# just add 443 for now for good measure - who knows :)
+const dtls_ports = { 443/udp };
+
+redef likely_server_ports += { ssl_ports, dtls_ports };
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(SSL::LOG, [$columns=Info, $ev=log_ssl]);
-	Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, ports);
+	Log::create_stream(SSL::LOG, [$columns=Info, $ev=log_ssl, $path="ssl"]);
+	Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, ssl_ports);
+	Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, dtls_ports);
 	}
 
 function set_session(c: connection)
@@ -268,7 +274,7 @@ event connection_state_remove(c: connection) &priority=-5
 
 event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &priority=5
 	{
-	if ( atype == Analyzer::ANALYZER_SSL )
+	if ( atype == Analyzer::ANALYZER_SSL || atype == Analyzer::ANALYZER_DTLS )
 		{
 		set_session(c);
 		c$ssl$analyzer_id = aid;
@@ -278,6 +284,6 @@ event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &pr
 event protocol_violation(c: connection, atype: Analyzer::Tag, aid: count,
                          reason: string) &priority=5
 	{
-	if ( c?$ssl )
+	if ( c?$ssl && ( atype == Analyzer::ANALYZER_SSL || atype == Analyzer::ANALYZER_DTLS ) )
 		finish(c, T);
 	}
diff --git a/scripts/base/protocols/ssl/mozilla-ca-list.bro b/scripts/base/protocols/ssl/mozilla-ca-list.bro
index 7450692fdd..d8c0425ba5 100644
--- a/scripts/base/protocols/ssl/mozilla-ca-list.bro
+++ b/scripts/base/protocols/ssl/mozilla-ca-list.bro
@@ -1,5 +1,5 @@
 # Don't edit!  This file is automatically generated.
-# Generated at: 2014-02-28 03:34:22 -0800
+# Generated at: 2015-04-14 16:19:55 -0700
 # Generated from: http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1
 #
 # The original source file comes with this licensing statement:
@@ -11,19 +11,12 @@
 @load base/protocols/ssl
 module SSL;
 redef root_certs += {
-	["emailAddress=server-certs@thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA"] = "\x30\x82\x03\x13\x30\x82\x02\x7C\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x81\xC4\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5A\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0C\x57\x65\x73\x74\x65\x72\x6E\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6F\x77\x6E\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6F\x6E\x73\x75\x6C\x74\x69\x6E\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x54\x68\x61\x77\x74\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x26\x30\x24\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x17\x73\x65\x72\x76\x65\x72\x2D\x63\x65\x72\x74\x73\x40\x74\x68\x61\x77\x74\x65\x2E\x63\x6F\x6D\x30\x1E\x17\x0D\x39\x36\x30\x38\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x30\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xC4\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5A\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0C\x57\x65\x73\x74\x65\x72\x6E\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6F\x77\x6E\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6F\x6E\x73\x75\x6C\x74\x69\x6E\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x54\x68\x61\x77\x74\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x26\x30\x24\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x17\x73\x65\x72\x76\x65\x72\x2D\x63\x65\x72\x74\x73\x40\x74\x68\x61\x77\x74\x65\x2E\x63\x6F\x6D\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xD3\xA4\x50\x6E\xC8\xFF\x56\x6B\xE6\xCF\x5D\xB6\xEA\x0C\x68\x75\x47\xA2\xAA\xC2\xDA\x84\x25\xFC\xA8\xF4\x47\x51\xDA\x85\xB5\x20\x74\x94\x86\x1E\x0F\x75\xC9\xE9\x08\x61\xF5\x06\x6D\x30\x6E\x15\x19\x02\xE9\x52\xC0\x62\xDB\x4D\x99\x9E\xE2\x6A\x0C\x44\x38\xCD\xFE\xBE\xE3\x64\x09\x70\xC5\xFE\xB1\x6B\x29\xB6\x2F\x49\xC8\x3B\xD4\x27\x04\x25\x10\x97\x2F\xE7\x90\x6D\xC0\x28\x42\x99\xD7\x4C\x43\xDE\xC3\xF5\x21\x6D\x54\x9F\x5D\xC3\x58\xE1\xC0\xE4\xD9\x5B\xB0\xB8\xDC\xB4\x7B\xDF\x36\x3A\xC2\xB5\x66\x22\x12\xD6\x87\x0D\x02\x03\x01\x00\x01\xA3\x13\x30\x11\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x07\xFA\x4C\x69\x5C\xFB\x95\xCC\x46\xEE\x85\x83\x4D\x21\x30\x8E\xCA\xD9\xA8\x6F\x49\x1A\xE6\xDA\x51\xE3\x60\x70\x6C\x84\x61\x11\xA1\x1A\xC8\x48\x3E\x59\x43\x7D\x4F\x95\x3D\xA1\x8B\xB7\x0B\x62\x98\x7A\x75\x8A\xDD\x88\x4E\x4E\x9E\x40\xDB\xA8\xCC\x32\x74\xB9\x6F\x0D\xC6\xE3\xB3\x44\x0B\xD9\x8A\x6F\x9A\x29\x9B\x99\x18\x28\x3B\xD1\xE3\x40\x28\x9A\x5A\x3C\xD5\xB5\xE7\x20\x1B\x8B\xCA\xA4\xAB\x8D\xE9\x51\xD9\xE2\x4C\x2C\x59\xA9\xDA\xB9\xB2\x75\x1B\xF6\x42\xF2\xEF\xC7\xF2\x18\xF9\x89\xBC\xA3\xFF\x8A\x23\x2E\x70\x47",
-	["emailAddress=premium-server@thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA"] = "\x30\x82\x03\x27\x30\x82\x02\x90\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x81\xCE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5A\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0C\x57\x65\x73\x74\x65\x72\x6E\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6F\x77\x6E\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6F\x6E\x73\x75\x6C\x74\x69\x6E\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x54\x68\x61\x77\x74\x65\x20\x50\x72\x65\x6D\x69\x75\x6D\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x28\x30\x26\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x19\x70\x72\x65\x6D\x69\x75\x6D\x2D\x73\x65\x72\x76\x65\x72\x40\x74\x68\x61\x77\x74\x65\x2E\x63\x6F\x6D\x30\x1E\x17\x0D\x39\x36\x30\x38\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x30\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xCE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5A\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0C\x57\x65\x73\x74\x65\x72\x6E\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6F\x77\x6E\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6F\x6E\x73\x75\x6C\x74\x69\x6E\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x54\x68\x61\x77\x74\x65\x20\x50\x72\x65\x6D\x69\x75\x6D\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x28\x30\x26\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x19\x70\x72\x65\x6D\x69\x75\x6D\x2D\x73\x65\x72\x76\x65\x72\x40\x74\x68\x61\x77\x74\x65\x2E\x63\x6F\x6D\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xD2\x36\x36\x6A\x8B\xD7\xC2\x5B\x9E\xDA\x81\x41\x62\x8F\x38\xEE\x49\x04\x55\xD6\xD0\xEF\x1C\x1B\x95\x16\x47\xEF\x18\x48\x35\x3A\x52\xF4\x2B\x6A\x06\x8F\x3B\x2F\xEA\x56\xE3\xAF\x86\x8D\x9E\x17\xF7\x9E\xB4\x65\x75\x02\x4D\xEF\xCB\x09\xA2\x21\x51\xD8\x9B\xD0\x67\xD0\xBA\x0D\x92\x06\x14\x73\xD4\x93\xCB\x97\x2A\x00\x9C\x5C\x4E\x0C\xBC\xFA\x15\x52\xFC\xF2\x44\x6E\xDA\x11\x4A\x6E\x08\x9F\x2F\x2D\xE3\xF9\xAA\x3A\x86\x73\xB6\x46\x53\x58\xC8\x89\x05\xBD\x83\x11\xB8\x73\x3F\xAA\x07\x8D\xF4\x42\x4D\xE7\x40\x9D\x1C\x37\x02\x03\x01\x00\x01\xA3\x13\x30\x11\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x26\x48\x2C\x16\xC2\x58\xFA\xE8\x16\x74\x0C\xAA\xAA\x5F\x54\x3F\xF2\xD7\xC9\x78\x60\x5E\x5E\x6E\x37\x63\x22\x77\x36\x7E\xB2\x17\xC4\x34\xB9\xF5\x08\x85\xFC\xC9\x01\x38\xFF\x4D\xBE\xF2\x16\x42\x43\xE7\xBB\x5A\x46\xFB\xC1\xC6\x11\x1F\xF1\x4A\xB0\x28\x46\xC9\xC3\xC4\x42\x7D\xBC\xFA\xAB\x59\x6E\xD5\xB7\x51\x88\x11\xE3\xA4\x85\x19\x6B\x82\x4C\xA4\x0C\x12\xAD\xE9\xA4\xAE\x3F\xF1\xC3\x49\x65\x9A\x8C\xC5\xC8\x3E\x25\xB7\x94\x99\xBB\x92\x32\x71\x07\xF0\x86\x5E\xED\x50\x27\xA6\x0D\xA6\x23\xF9\xBB\xCB\xA6\x07\x14\x42",
-	["OU=Equifax Secure Certificate Authority,O=Equifax,C=US"] = "\x30\x82\x03\x20\x30\x82\x02\x89\xA0\x03\x02\x01\x02\x02\x04\x35\xDE\xF4\xCF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2D\x30\x2B\x06\x03\x55\x04\x0B\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5A\x17\x0D\x31\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5A\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2D\x30\x2B\x06\x03\x55\x04\x0B\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xC1\x5D\xB1\x58\x67\x08\x62\xEE\xA0\x9A\x2D\x1F\x08\x6D\x91\x14\x68\x98\x0A\x1E\xFE\xDA\x04\x6F\x13\x84\x62\x21\xC3\xD1\x7C\xCE\x9F\x05\xE0\xB8\x01\xF0\x4E\x34\xEC\xE2\x8A\x95\x04\x64\xAC\xF1\x6B\x53\x5F\x05\xB3\xCB\x67\x80\xBF\x42\x02\x8E\xFE\xDD\x01\x09\xEC\xE1\x00\x14\x4F\xFC\xFB\xF0\x0C\xDD\x43\xBA\x5B\x2B\xE1\x1F\x80\x70\x99\x15\x57\x93\x16\xF1\x0F\x97\x6A\xB7\xC2\x68\x23\x1C\xCC\x4D\x59\x30\xAC\x51\x1E\x3B\xAF\x2B\xD6\xEE\x63\x45\x7B\xC5\xD9\x5F\x50\xD2\xE3\x50\x0F\x3A\x88\xE7\xBF\x14\xFD\xE0\xC7\xB9\x02\x03\x01\x00\x01\xA3\x82\x01\x09\x30\x82\x01\x05\x30\x70\x06\x03\x55\x1D\x1F\x04\x69\x30\x67\x30\x65\xA0\x63\xA0\x61\xA4\x5F\x30\x5D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2D\x30\x2B\x06\x03\x55\x04\x0B\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x1A\x06\x03\x55\x1D\x10\x04\x13\x30\x11\x81\x0F\x32\x30\x31\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x48\xE6\x68\xF9\x2B\xD2\xB2\x95\xD7\x47\xD8\x23\x20\x10\x4F\x33\x98\x90\x9F\xD4\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x48\xE6\x68\xF9\x2B\xD2\xB2\x95\xD7\x47\xD8\x23\x20\x10\x4F\x33\x98\x90\x9F\xD4\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x1A\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x0D\x30\x0B\x1B\x05\x56\x33\x2E\x30\x63\x03\x02\x06\xC0\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x58\xCE\x29\xEA\xFC\xF7\xDE\xB5\xCE\x02\xB9\x17\xB5\x85\xD1\xB9\xE3\xE0\x95\xCC\x25\x31\x0D\x00\xA6\x92\x6E\x7F\xB6\x92\x63\x9E\x50\x95\xD1\x9A\x6F\xE4\x11\xDE\x63\x85\x6E\x98\xEE\xA8\xFF\x5A\xC8\xD3\x55\xB2\x66\x71\x57\xDE\xC0\x21\xEB\x3D\x2A\xA7\x23\x49\x01\x04\x86\x42\x7B\xFC\xEE\x7F\xA2\x16\x52\xB5\x67\x67\xD3\x40\xDB\x3B\x26\x58\xB2\x28\x77\x3D\xAE\x14\x77\x61\xD6\xFA\x2A\x66\x27\xA0\x0D\xFA\xA7\x73\x5C\xEA\x70\xF1\x94\x21\x65\x44\x5F\xFA\xFC\xEF\x29\x68\xA9\xA2\x87\x79\xEF\x79\xEF\x4F\xAC\x07\x77\x38",
-	["OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x02\x3C\x30\x82\x01\xA5\x02\x10\x70\xBA\xE4\x1D\x10\xD9\x29\x34\xB6\x38\xCA\x7B\x03\xCC\xBA\xBF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x36\x30\x31\x32\x39\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xC9\x5C\x59\x9E\xF2\x1B\x8A\x01\x14\xB4\x10\xDF\x04\x40\xDB\xE3\x57\xAF\x6A\x45\x40\x8F\x84\x0C\x0B\xD1\x33\xD9\xD9\x11\xCF\xEE\x02\x58\x1F\x25\xF7\x2A\xA8\x44\x05\xAA\xEC\x03\x1F\x78\x7F\x9E\x93\xB9\x9A\x00\xAA\x23\x7D\xD6\xAC\x85\xA2\x63\x45\xC7\x72\x27\xCC\xF4\x4C\xC6\x75\x71\xD2\x39\xEF\x4F\x42\xF0\x75\xDF\x0A\x90\xC6\x8E\x20\x6F\x98\x0F\xF8\xAC\x23\x5F\x70\x29\x36\xA4\xC9\x86\xE7\xB1\x9A\x20\xCB\x53\xA5\x85\xE7\x3D\xBE\x7D\x9A\xFE\x24\x45\x33\xDC\x76\x15\xED\x0F\xA2\x71\x64\x4C\x65\x2E\x81\x68\x45\xA7\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x03\x81\x81\x00\xBB\x4C\x12\x2B\xCF\x2C\x26\x00\x4F\x14\x13\xDD\xA6\xFB\xFC\x0A\x11\x84\x8C\xF3\x28\x1C\x67\x92\x2F\x7C\xB6\xC5\xFA\xDF\xF0\xE8\x95\xBC\x1D\x8F\x6C\x2C\xA8\x51\xCC\x73\xD8\xA4\xC0\x53\xF0\x4E\xD6\x26\xC0\x76\x01\x57\x81\x92\x5E\x21\xF1\xD1\xB1\xFF\xE7\xD0\x21\x58\xCD\x69\x17\xE3\x44\x1C\x9C\x19\x44\x39\x89\x5C\xDC\x9C\x00\x0F\x56\x8D\x02\x99\xED\xA2\x90\x45\x4C\xE4\xBB\x10\xA4\x3D\xF0\x32\x03\x0E\xF1\xCE\xF8\xE8\xC9\x51\x8C\xE6\x62\x9F\xE6\x9F\xC0\x7D\xB7\x72\x9C\xC9\x36\x3A\x6B\x9F\x4E\xA8\xFF\x64\x0D\x64",
-	["OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x03\x02\x30\x82\x02\x6B\x02\x10\x7D\xD9\xFE\x07\xCF\xA8\x1E\xB7\x10\x79\x67\xFB\xA7\x89\x34\xC6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xC1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x0B\x13\x33\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x30\x1E\x17\x0D\x39\x38\x30\x35\x31\x38\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xC1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x0B\x13\x33\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xCC\x5E\xD1\x11\x5D\x5C\x69\xD0\xAB\xD3\xB9\x6A\x4C\x99\x1F\x59\x98\x30\x8E\x16\x85\x20\x46\x6D\x47\x3F\xD4\x85\x20\x84\xE1\x6D\xB3\xF8\xA4\xED\x0C\xF1\x17\x0F\x3B\xF9\xA7\xF9\x25\xD7\xC1\xCF\x84\x63\xF2\x7C\x63\xCF\xA2\x47\xF2\xC6\x5B\x33\x8E\x64\x40\x04\x68\xC1\x80\xB9\x64\x1C\x45\x77\xC7\xD8\x6E\xF5\x95\x29\x3C\x50\xE8\x34\xD7\x78\x1F\xA8\xBA\x6D\x43\x91\x95\x8F\x45\x57\x5E\x7E\xC5\xFB\xCA\xA4\x04\xEB\xEA\x97\x37\x54\x30\x6F\xBB\x01\x47\x32\x33\xCD\xDC\x57\x9B\x64\x69\x61\xF8\x9B\x1D\x1C\x89\x4F\x5C\x67\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x51\x4D\xCD\xBE\x5C\xCB\x98\x19\x9C\x15\xB2\x01\x39\x78\x2E\x4D\x0F\x67\x70\x70\x99\xC6\x10\x5A\x94\xA4\x53\x4D\x54\x6D\x2B\xAF\x0D\x5D\x40\x8B\x64\xD3\xD7\xEE\xDE\x56\x61\x92\x5F\xA6\xC4\x1D\x10\x61\x36\xD3\x2C\x27\x3C\xE8\x29\x09\xB9\x11\x64\x74\xCC\xB5\x73\x9F\x1C\x48\xA9\xBC\x61\x01\xEE\xE2\x17\xA6\x0C\xE3\x40\x08\x3B\x0E\xE7\xEB\x44\x73\x2A\x9A\xF1\x69\x92\xEF\x71\x14\xC3\x39\xAC\x71\xA7\x91\x09\x6F\xE4\x71\x06\xB3\xBA\x59\x57\x26\x79\x00\xF6\xF8\x0D\xA2\x33\x30\x28\xD4\xAA\x58\xA0\x9D\x9D\x69\x91\xFD",
 	["CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE"] = "\x30\x82\x03\x75\x30\x82\x02\x5D\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x15\x4B\x5A\xC3\x94\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x39\x38\x30\x39\x30\x31\x31\x32\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x31\x32\x38\x31\x32\x30\x30\x30\x30\x5A\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDA\x0E\xE6\x99\x8D\xCE\xA3\xE3\x4F\x8A\x7E\xFB\xF1\x8B\x83\x25\x6B\xEA\x48\x1F\xF1\x2A\xB0\xB9\x95\x11\x04\xBD\xF0\x63\xD1\xE2\x67\x66\xCF\x1C\xDD\xCF\x1B\x48\x2B\xEE\x8D\x89\x8E\x9A\xAF\x29\x80\x65\xAB\xE9\xC7\x2D\x12\xCB\xAB\x1C\x4C\x70\x07\xA1\x3D\x0A\x30\xCD\x15\x8D\x4F\xF8\xDD\xD4\x8C\x50\x15\x1C\xEF\x50\xEE\xC4\x2E\xF7\xFC\xE9\x52\xF2\x91\x7D\xE0\x6D\xD5\x35\x30\x8E\x5E\x43\x73\xF2\x41\xE9\xD5\x6A\xE3\xB2\x89\x3A\x56\x39\x38\x6F\x06\x3C\x88\x69\x5B\x2A\x4D\xC5\xA7\x54\xB8\x6C\x89\xCC\x9B\xF9\x3C\xCA\xE5\xFD\x89\xF5\x12\x3C\x92\x78\x96\xD6\xDC\x74\x6E\x93\x44\x61\xD1\x8D\xC7\x46\xB2\x75\x0E\x86\xE8\x19\x8A\xD5\x6D\x6C\xD5\x78\x16\x95\xA2\xE9\xC8\x0A\x38\xEB\xF2\x24\x13\x4F\x73\x54\x93\x13\x85\x3A\x1B\xBC\x1E\x34\xB5\x8B\x05\x8C\xB9\x77\x8B\xB1\xDB\x1F\x20\x91\xAB\x09\x53\x6E\x90\xCE\x7B\x37\x74\xB9\x70\x47\x91\x22\x51\x63\x16\x79\xAE\xB1\xAE\x41\x26\x08\xC8\x19\x2B\xD1\x46\xAA\x48\xD6\x64\x2A\xD7\x83\x34\xFF\x2C\x2A\xC1\x6C\x19\x43\x4A\x07\x85\xE7\xD3\x7C\xF6\x21\x68\xEF\xEA\xF2\x52\x9F\x7F\x93\x90\xCF\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x60\x7B\x66\x1A\x45\x0D\x97\xCA\x89\x50\x2F\x7D\x04\xCD\x34\xA8\xFF\xFC\xFD\x4B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xD6\x73\xE7\x7C\x4F\x76\xD0\x8D\xBF\xEC\xBA\xA2\xBE\x34\xC5\x28\x32\xB5\x7C\xFC\x6C\x9C\x2C\x2B\xBD\x09\x9E\x53\xBF\x6B\x5E\xAA\x11\x48\xB6\xE5\x08\xA3\xB3\xCA\x3D\x61\x4D\xD3\x46\x09\xB3\x3E\xC3\xA0\xE3\x63\x55\x1B\xF2\xBA\xEF\xAD\x39\xE1\x43\xB9\x38\xA3\xE6\x2F\x8A\x26\x3B\xEF\xA0\x50\x56\xF9\xC6\x0A\xFD\x38\xCD\xC4\x0B\x70\x51\x94\x97\x98\x04\xDF\xC3\x5F\x94\xD5\x15\xC9\x14\x41\x9C\xC4\x5D\x75\x64\x15\x0D\xFF\x55\x30\xEC\x86\x8F\xFF\x0D\xEF\x2C\xB9\x63\x46\xF6\xAA\xFC\xDF\xBC\x69\xFD\x2E\x12\x48\x64\x9A\xE0\x95\xF0\xA6\xEF\x29\x8F\x01\xB1\x15\xB5\x0C\x1D\xA5\xFE\x69\x2C\x69\x24\x78\x1E\xB3\xA7\x1C\x71\x62\xEE\xCA\xC8\x97\xAC\x17\x5D\x8A\xC2\xF8\x47\x86\x6E\x2A\xC4\x56\x31\x95\xD0\x67\x89\x85\x2B\xF9\x6C\xA6\x5D\x46\x9D\x0C\xAA\x82\xE4\x99\x51\xDD\x70\xB7\xDB\x56\x3D\x61\xE4\x6A\xE1\x5C\xD6\xF6\xFE\x3D\xDE\x41\xCC\x07\xAE\x63\x52\xBF\x53\x53\xF4\x2B\xE9\xC7\xFD\xB6\xF7\x82\x5F\x85\xD2\x41\x18\xDB\x81\xB3\x04\x1C\xC5\x1F\xA4\x80\x6F\x15\x20\xC9\xDE\x0C\x88\x0A\x1D\xD6\x66\x55\xE2\xFC\x48\xC9\x29\x26\x69\xE0",
 	["CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2"] = "\x30\x82\x03\xBA\x30\x82\x02\xA2\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x0F\x86\x26\xE6\x0D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x32\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x1E\x17\x0D\x30\x36\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5A\x17\x0D\x32\x31\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5A\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x32\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA6\xCF\x24\x0E\xBE\x2E\x6F\x28\x99\x45\x42\xC4\xAB\x3E\x21\x54\x9B\x0B\xD3\x7F\x84\x70\xFA\x12\xB3\xCB\xBF\x87\x5F\xC6\x7F\x86\xD3\xB2\x30\x5C\xD6\xFD\xAD\xF1\x7B\xDC\xE5\xF8\x60\x96\x09\x92\x10\xF5\xD0\x53\xDE\xFB\x7B\x7E\x73\x88\xAC\x52\x88\x7B\x4A\xA6\xCA\x49\xA6\x5E\xA8\xA7\x8C\x5A\x11\xBC\x7A\x82\xEB\xBE\x8C\xE9\xB3\xAC\x96\x25\x07\x97\x4A\x99\x2A\x07\x2F\xB4\x1E\x77\xBF\x8A\x0F\xB5\x02\x7C\x1B\x96\xB8\xC5\xB9\x3A\x2C\xBC\xD6\x12\xB9\xEB\x59\x7D\xE2\xD0\x06\x86\x5F\x5E\x49\x6A\xB5\x39\x5E\x88\x34\xEC\xBC\x78\x0C\x08\x98\x84\x6C\xA8\xCD\x4B\xB4\xA0\x7D\x0C\x79\x4D\xF0\xB8\x2D\xCB\x21\xCA\xD5\x6C\x5B\x7D\xE1\xA0\x29\x84\xA1\xF9\xD3\x94\x49\xCB\x24\x62\x91\x20\xBC\xDD\x0B\xD5\xD9\xCC\xF9\xEA\x27\x0A\x2B\x73\x91\xC6\x9D\x1B\xAC\xC8\xCB\xE8\xE0\xA0\xF4\x2F\x90\x8B\x4D\xFB\xB0\x36\x1B\xF6\x19\x7A\x85\xE0\x6D\xF2\x61\x13\x88\x5C\x9F\xE0\x93\x0A\x51\x97\x8A\x5A\xCE\xAF\xAB\xD5\xF7\xAA\x09\xAA\x60\xBD\xDC\xD9\x5F\xDF\x72\xA9\x60\x13\x5E\x00\x01\xC9\x4A\xFA\x3F\xA4\xEA\x07\x03\x21\x02\x8E\x82\xCA\x03\xC2\x9B\x8F\x02\x03\x01\x00\x01\xA3\x81\x9C\x30\x81\x99\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x9B\xE2\x07\x57\x67\x1C\x1E\xC0\x6A\x06\xDE\x59\xB4\x9A\x2D\xDF\xDC\x19\x86\x2E\x30\x36\x06\x03\x55\x1D\x1F\x04\x2F\x30\x2D\x30\x2B\xA0\x29\xA0\x27\x86\x25\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x67\x6C\x6F\x62\x61\x6C\x73\x69\x67\x6E\x2E\x6E\x65\x74\x2F\x72\x6F\x6F\x74\x2D\x72\x32\x2E\x63\x72\x6C\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x9B\xE2\x07\x57\x67\x1C\x1E\xC0\x6A\x06\xDE\x59\xB4\x9A\x2D\xDF\xDC\x19\x86\x2E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x99\x81\x53\x87\x1C\x68\x97\x86\x91\xEC\xE0\x4A\xB8\x44\x0B\xAB\x81\xAC\x27\x4F\xD6\xC1\xB8\x1C\x43\x78\xB3\x0C\x9A\xFC\xEA\x2C\x3C\x6E\x61\x1B\x4D\x4B\x29\xF5\x9F\x05\x1D\x26\xC1\xB8\xE9\x83\x00\x62\x45\xB6\xA9\x08\x93\xB9\xA9\x33\x4B\x18\x9A\xC2\xF8\x87\x88\x4E\xDB\xDD\x71\x34\x1A\xC1\x54\xDA\x46\x3F\xE0\xD3\x2A\xAB\x6D\x54\x22\xF5\x3A\x62\xCD\x20\x6F\xBA\x29\x89\xD7\xDD\x91\xEE\xD3\x5C\xA2\x3E\xA1\x5B\x41\xF5\xDF\xE5\x64\x43\x2D\xE9\xD5\x39\xAB\xD2\xA2\xDF\xB7\x8B\xD0\xC0\x80\x19\x1C\x45\xC0\x2D\x8C\xE8\xF8\x2D\xA4\x74\x56\x49\xC5\x05\xB5\x4F\x15\xDE\x6E\x44\x78\x39\x87\xA8\x7E\xBB\xF3\x79\x18\x91\xBB\xF4\x6F\x9D\xC1\xF0\x8C\x35\x8C\x5D\x01\xFB\xC3\x6D\xB9\xEF\x44\x6D\x79\x46\x31\x7E\x0A\xFE\xA9\x82\xC1\xFF\xEF\xAB\x6E\x20\xC4\x50\xC9\x5F\x9D\x4D\x9B\x17\x8C\x0C\xE5\x01\xC9\xA0\x41\x6A\x73\x53\xFA\xA5\x50\xB4\x6E\x25\x0F\xFB\x4C\x18\xF4\xFD\x52\xD9\x8E\x69\xB1\xE8\x11\x0F\xDE\x88\xD8\xFB\x1D\x49\xF7\xAA\xDE\x95\xCF\x20\x78\xC2\x60\x12\xDB\x25\x40\x8C\x6A\xFC\x7E\x42\x38\x40\x64\x12\xF7\x9E\x81\xE1\x93\x2E",
 	["CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU=(c) 1999 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x04\x1A\x30\x82\x03\x02\x02\x11\x00\x9B\x7E\x06\x49\xA3\x3E\x62\xB9\xD5\xEE\x90\x48\x71\x29\xEF\x57\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x1E\x17\x0D\x39\x39\x31\x30\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCB\xBA\x9C\x52\xFC\x78\x1F\x1A\x1E\x6F\x1B\x37\x73\xBD\xF8\xC9\x6B\x94\x12\x30\x4F\xF0\x36\x47\xF5\xD0\x91\x0A\xF5\x17\xC8\xA5\x61\xC1\x16\x40\x4D\xFB\x8A\x61\x90\xE5\x76\x20\xC1\x11\x06\x7D\xAB\x2C\x6E\xA6\xF5\x11\x41\x8E\xFA\x2D\xAD\x2A\x61\x59\xA4\x67\x26\x4C\xD0\xE8\xBC\x52\x5B\x70\x20\x04\x58\xD1\x7A\xC9\xA4\x69\xBC\x83\x17\x64\xAD\x05\x8B\xBC\xD0\x58\xCE\x8D\x8C\xF5\xEB\xF0\x42\x49\x0B\x9D\x97\x27\x67\x32\x6E\xE1\xAE\x93\x15\x1C\x70\xBC\x20\x4D\x2F\x18\xDE\x92\x88\xE8\x6C\x85\x57\x11\x1A\xE9\x7E\xE3\x26\x11\x54\xA2\x45\x96\x55\x83\xCA\x30\x89\xE8\xDC\xD8\xA3\xED\x2A\x80\x3F\x7F\x79\x65\x57\x3E\x15\x20\x66\x08\x2F\x95\x93\xBF\xAA\x47\x2F\xA8\x46\x97\xF0\x12\xE2\xFE\xC2\x0A\x2B\x51\xE6\x76\xE6\xB7\x46\xB7\xE2\x0D\xA6\xCC\xA8\xC3\x4C\x59\x55\x89\xE6\xE8\x53\x5C\x1C\xEA\x9D\xF0\x62\x16\x0B\xA7\xC9\x5F\x0C\xF0\xDE\xC2\x76\xCE\xAF\xF7\x6A\xF2\xFA\x41\xA6\xA2\x33\x14\xC9\xE5\x7A\x63\xD3\x9E\x62\x37\xD5\x85\x65\x9E\x0E\xE6\x53\x24\x74\x1B\x5E\x1D\x12\x53\x5B\xC7\x2C\xE7\x83\x49\x3B\x15\xAE\x8A\x68\xB9\x57\x97\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x11\x14\x96\xC1\xAB\x92\x08\xF7\x3F\x2F\xC9\xB2\xFE\xE4\x5A\x9F\x64\xDE\xDB\x21\x4F\x86\x99\x34\x76\x36\x57\xDD\xD0\x15\x2F\xC5\xAD\x7F\x15\x1F\x37\x62\x73\x3E\xD4\xE7\x5F\xCE\x17\x03\xDB\x35\xFA\x2B\xDB\xAE\x60\x09\x5F\x1E\x5F\x8F\x6E\xBB\x0B\x3D\xEA\x5A\x13\x1E\x0C\x60\x6F\xB5\xC0\xB5\x23\x22\x2E\x07\x0B\xCB\xA9\x74\xCB\x47\xBB\x1D\xC1\xD7\xA5\x6B\xCC\x2F\xD2\x42\xFD\x49\xDD\xA7\x89\xCF\x53\xBA\xDA\x00\x5A\x28\xBF\x82\xDF\xF8\xBA\x13\x1D\x50\x86\x82\xFD\x8E\x30\x8F\x29\x46\xB0\x1E\x3D\x35\xDA\x38\x62\x16\x18\x4A\xAD\xE6\xB6\x51\x6C\xDE\xAF\x62\xEB\x01\xD0\x1E\x24\xFE\x7A\x8F\x12\x1A\x12\x68\xB8\xFB\x66\x99\x14\x14\x45\x5C\xAE\xE7\xAE\x69\x17\x81\x2B\x5A\x37\xC9\x5E\x2A\xF4\xC6\xE2\xA1\x5C\x54\x9B\xA6\x54\x00\xCF\xF0\xF1\xC1\xC7\x98\x30\x1A\x3B\x36\x16\xDB\xA3\x6E\xEA\xFD\xAD\xB2\xC2\xDA\xEF\x02\x47\x13\x8A\xC0\xF1\xB3\x31\xAD\x4F\x1C\xE1\x4F\x9C\xAF\x0F\x0C\x9D\xF7\x78\x0D\xD8\xF4\x35\x56\x80\xDA\xB7\x6D\x17\x8F\x9D\x1E\x81\x64\xE1\xFE\xC5\x45\xBA\xAD\x6B\xB9\x0A\x7A\x4E\x4F\x4B\x84\xEE\x4B\xF1\x7D\xDD\x11",
 	["CN=VeriSign Class 4 Public Primary Certification Authority - G3,OU=(c) 1999 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x04\x1A\x30\x82\x03\x02\x02\x11\x00\xEC\xA0\xA7\x8B\x6E\x75\x6A\x01\xCF\xC4\x7C\xCC\x2F\x94\x5E\xD7\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x1E\x17\x0D\x39\x39\x31\x30\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAD\xCB\xA5\x11\x69\xC6\x59\xAB\xF1\x8F\xB5\x19\x0F\x56\xCE\xCC\xB5\x1F\x20\xE4\x9E\x26\x25\x4B\xE0\x73\x65\x89\x59\xDE\xD0\x83\xE4\xF5\x0F\xB5\xBB\xAD\xF1\x7C\xE8\x21\xFC\xE4\xE8\x0C\xEE\x7C\x45\x22\x19\x76\x92\xB4\x13\xB7\x20\x5B\x09\xFA\x61\xAE\xA8\xF2\xA5\x8D\x85\xC2\x2A\xD6\xDE\x66\x36\xD2\x9B\x02\xF4\xA8\x92\x60\x7C\x9C\x69\xB4\x8F\x24\x1E\xD0\x86\x52\xF6\x32\x9C\x41\x58\x1E\x22\xBD\xCD\x45\x62\x95\x08\x6E\xD0\x66\xDD\x53\xA2\xCC\xF0\x10\xDC\x54\x73\x8B\x04\xA1\x46\x33\x33\x5C\x17\x40\xB9\x9E\x4D\xD3\xF3\xBE\x55\x83\xE8\xB1\x89\x8E\x5A\x7C\x9A\x96\x22\x90\x3B\x88\x25\xF2\xD2\x53\x88\x02\x0C\x0B\x78\xF2\xE6\x37\x17\x4B\x30\x46\x07\xE4\x80\x6D\xA6\xD8\x96\x2E\xE8\x2C\xF8\x11\xB3\x38\x0D\x66\xA6\x9B\xEA\xC9\x23\x5B\xDB\x8E\xE2\xF3\x13\x8E\x1A\x59\x2D\xAA\x02\xF0\xEC\xA4\x87\x66\xDC\xC1\x3F\xF5\xD8\xB9\xF4\xEC\x82\xC6\xD2\x3D\x95\x1D\xE5\xC0\x4F\x84\xC9\xD9\xA3\x44\x28\x06\x6A\xD7\x45\xAC\xF0\x6B\x6A\xEF\x4E\x5F\xF8\x11\x82\x1E\x38\x63\x34\x66\x50\xD4\x3E\x93\x73\xFA\x30\xC3\x66\xAD\xFF\x93\x2D\x97\xEF\x03\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8F\xFA\x25\x6B\x4F\x5B\xE4\xA4\x4E\x27\x55\xAB\x22\x15\x59\x3C\xCA\xB5\x0A\xD4\x4A\xDB\xAB\xDD\xA1\x5F\x53\xC5\xA0\x57\x39\xC2\xCE\x47\x2B\xBE\x3A\xC8\x56\xBF\xC2\xD9\x27\x10\x3A\xB1\x05\x3C\xC0\x77\x31\xBB\x3A\xD3\x05\x7B\x6D\x9A\x1C\x30\x8C\x80\xCB\x93\x93\x2A\x83\xAB\x05\x51\x82\x02\x00\x11\x67\x6B\xF3\x88\x61\x47\x5F\x03\x93\xD5\x5B\x0D\xE0\xF1\xD4\xA1\x32\x35\x85\xB2\x3A\xDB\xB0\x82\xAB\xD1\xCB\x0A\xBC\x4F\x8C\x5B\xC5\x4B\x00\x3B\x1F\x2A\x82\xA6\x7E\x36\x85\xDC\x7E\x3C\x67\x00\xB5\xE4\x3B\x52\xE0\xA8\xEB\x5D\x15\xF9\xC6\x6D\xF0\xAD\x1D\x0E\x85\xB7\xA9\x9A\x73\x14\x5A\x5B\x8F\x41\x28\xC0\xD5\xE8\x2D\x4D\xA4\x5E\xCD\xAA\xD9\xED\xCE\xDC\xD8\xD5\x3C\x42\x1D\x17\xC1\x12\x5D\x45\x38\xC3\x38\xF3\xFC\x85\x2E\x83\x46\x48\xB2\xD7\x20\x5F\x92\x36\x8F\xE7\x79\x0F\x98\x5E\x99\xE8\xF0\xD0\xA4\xBB\xF5\x53\xBD\x2A\xCE\x59\xB0\xAF\x6E\x7F\x6C\xBB\xD2\x1E\x00\xB0\x21\xED\xF8\x41\x62\x82\xB9\xD8\xB2\xC4\xBB\x46\x50\xF3\x31\xC5\x8F\x01\xA8\x74\xEB\xF5\x78\x27\xDA\xE7\xF7\x66\x43\xF3\x9E\x83\x3E\x20\xAA\xC3\x35\x60\x91\xCE",
 	["CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net"] = "\x30\x82\x04\x2A\x30\x82\x03\x12\xA0\x03\x02\x01\x02\x02\x04\x38\x63\xDE\xF8\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xB4\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x40\x30\x3E\x06\x03\x55\x04\x0B\x14\x37\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x50\x53\x5F\x32\x30\x34\x38\x20\x69\x6E\x63\x6F\x72\x70\x2E\x20\x62\x79\x20\x72\x65\x66\x2E\x20\x28\x6C\x69\x6D\x69\x74\x73\x20\x6C\x69\x61\x62\x2E\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x33\x30\x31\x06\x03\x55\x04\x03\x13\x2A\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x28\x32\x30\x34\x38\x29\x30\x1E\x17\x0D\x39\x39\x31\x32\x32\x34\x31\x37\x35\x30\x35\x31\x5A\x17\x0D\x32\x39\x30\x37\x32\x34\x31\x34\x31\x35\x31\x32\x5A\x30\x81\xB4\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x40\x30\x3E\x06\x03\x55\x04\x0B\x14\x37\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x50\x53\x5F\x32\x30\x34\x38\x20\x69\x6E\x63\x6F\x72\x70\x2E\x20\x62\x79\x20\x72\x65\x66\x2E\x20\x28\x6C\x69\x6D\x69\x74\x73\x20\x6C\x69\x61\x62\x2E\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x33\x30\x31\x06\x03\x55\x04\x03\x13\x2A\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x28\x32\x30\x34\x38\x29\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAD\x4D\x4B\xA9\x12\x86\xB2\xEA\xA3\x20\x07\x15\x16\x64\x2A\x2B\x4B\xD1\xBF\x0B\x4A\x4D\x8E\xED\x80\x76\xA5\x67\xB7\x78\x40\xC0\x73\x42\xC8\x68\xC0\xDB\x53\x2B\xDD\x5E\xB8\x76\x98\x35\x93\x8B\x1A\x9D\x7C\x13\x3A\x0E\x1F\x5B\xB7\x1E\xCF\xE5\x24\x14\x1E\xB1\x81\xA9\x8D\x7D\xB8\xCC\x6B\x4B\x03\xF1\x02\x0C\xDC\xAB\xA5\x40\x24\x00\x7F\x74\x94\xA1\x9D\x08\x29\xB3\x88\x0B\xF5\x87\x77\x9D\x55\xCD\xE4\xC3\x7E\xD7\x6A\x64\xAB\x85\x14\x86\x95\x5B\x97\x32\x50\x6F\x3D\xC8\xBA\x66\x0C\xE3\xFC\xBD\xB8\x49\xC1\x76\x89\x49\x19\xFD\xC0\xA8\xBD\x89\xA3\x67\x2F\xC6\x9F\xBC\x71\x19\x60\xB8\x2D\xE9\x2C\xC9\x90\x76\x66\x7B\x94\xE2\xAF\x78\xD6\x65\x53\x5D\x3C\xD6\x9C\xB2\xCF\x29\x03\xF9\x2F\xA4\x50\xB2\xD4\x48\xCE\x05\x32\x55\x8A\xFD\xB2\x64\x4C\x0E\xE4\x98\x07\x75\xDB\x7F\xDF\xB9\x08\x55\x60\x85\x30\x29\xF9\x7B\x48\xA4\x69\x86\xE3\x35\x3F\x1E\x86\x5D\x7A\x7A\x15\xBD\xEF\x00\x8E\x15\x22\x54\x17\x00\x90\x26\x93\xBC\x0E\x49\x68\x91\xBF\xF8\x47\xD3\x9D\x95\x42\xC1\x0E\x4D\xDF\x6F\x26\xCF\xC3\x18\x21\x62\x66\x43\x70\xD6\xD5\xC0\x07\xE1\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x55\xE4\x81\xD1\x11\x80\xBE\xD8\x89\xB9\x08\xA3\x31\xF9\xA1\x24\x09\x16\xB9\x70\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3B\x9B\x8F\x56\x9B\x30\xE7\x53\x99\x7C\x7A\x79\xA7\x4D\x97\xD7\x19\x95\x90\xFB\x06\x1F\xCA\x33\x7C\x46\x63\x8F\x96\x66\x24\xFA\x40\x1B\x21\x27\xCA\xE6\x72\x73\xF2\x4F\xFE\x31\x99\xFD\xC8\x0C\x4C\x68\x53\xC6\x80\x82\x13\x98\xFA\xB6\xAD\xDA\x5D\x3D\xF1\xCE\x6E\xF6\x15\x11\x94\x82\x0C\xEE\x3F\x95\xAF\x11\xAB\x0F\xD7\x2F\xDE\x1F\x03\x8F\x57\x2C\x1E\xC9\xBB\x9A\x1A\x44\x95\xEB\x18\x4F\xA6\x1F\xCD\x7D\x57\x10\x2F\x9B\x04\x09\x5A\x84\xB5\x6E\xD8\x1D\x3A\xE1\xD6\x9E\xD1\x6C\x79\x5E\x79\x1C\x14\xC5\xE3\xD0\x4C\x93\x3B\x65\x3C\xED\xDF\x3D\xBE\xA6\xE5\x95\x1A\xC3\xB5\x19\xC3\xBD\x5E\x5B\xBB\xFF\x23\xEF\x68\x19\xCB\x12\x93\x27\x5C\x03\x2D\x6F\x30\xD0\x1E\xB6\x1A\xAC\xDE\x5A\xF7\xD1\xAA\xA8\x27\xA6\xFE\x79\x81\xC4\x79\x99\x33\x57\xBA\x12\xB0\xA9\xE0\x42\x6C\x93\xCA\x56\xDE\xFE\x6D\x84\x0B\x08\x8B\x7E\x8D\xEA\xD7\x98\x21\xC6\xF3\xE7\x3C\x79\x2F\x5E\x9C\xD1\x4C\x15\x8D\xE1\xEC\x22\x37\xCC\x9A\x43\x0B\x97\xDC\x80\x90\x8D\xB3\x67\x9B\x6F\x48\x08\x15\x56\xCF\xBF\xF1\x2B\x7C\x5E\x9A\x76\xE9\x59\x90\xC5\x7C\x83\x35\x11\x65\x51",
 	["CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE"] = "\x30\x82\x03\x77\x30\x82\x02\x5F\xA0\x03\x02\x01\x02\x02\x04\x02\x00\x00\xB9\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x45\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x13\x09\x42\x61\x6C\x74\x69\x6D\x6F\x72\x65\x31\x13\x30\x11\x06\x03\x55\x04\x0B\x13\x0A\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x42\x61\x6C\x74\x69\x6D\x6F\x72\x65\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x30\x30\x35\x31\x32\x31\x38\x34\x36\x30\x30\x5A\x17\x0D\x32\x35\x30\x35\x31\x32\x32\x33\x35\x39\x30\x30\x5A\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x45\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x13\x09\x42\x61\x6C\x74\x69\x6D\x6F\x72\x65\x31\x13\x30\x11\x06\x03\x55\x04\x0B\x13\x0A\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x42\x61\x6C\x74\x69\x6D\x6F\x72\x65\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA3\x04\xBB\x22\xAB\x98\x3D\x57\xE8\x26\x72\x9A\xB5\x79\xD4\x29\xE2\xE1\xE8\x95\x80\xB1\xB0\xE3\x5B\x8E\x2B\x29\x9A\x64\xDF\xA1\x5D\xED\xB0\x09\x05\x6D\xDB\x28\x2E\xCE\x62\xA2\x62\xFE\xB4\x88\xDA\x12\xEB\x38\xEB\x21\x9D\xC0\x41\x2B\x01\x52\x7B\x88\x77\xD3\x1C\x8F\xC7\xBA\xB9\x88\xB5\x6A\x09\xE7\x73\xE8\x11\x40\xA7\xD1\xCC\xCA\x62\x8D\x2D\xE5\x8F\x0B\xA6\x50\xD2\xA8\x50\xC3\x28\xEA\xF5\xAB\x25\x87\x8A\x9A\x96\x1C\xA9\x67\xB8\x3F\x0C\xD5\xF7\xF9\x52\x13\x2F\xC2\x1B\xD5\x70\x70\xF0\x8F\xC0\x12\xCA\x06\xCB\x9A\xE1\xD9\xCA\x33\x7A\x77\xD6\xF8\xEC\xB9\xF1\x68\x44\x42\x48\x13\xD2\xC0\xC2\xA4\xAE\x5E\x60\xFE\xB6\xA6\x05\xFC\xB4\xDD\x07\x59\x02\xD4\x59\x18\x98\x63\xF5\xA5\x63\xE0\x90\x0C\x7D\x5D\xB2\x06\x7A\xF3\x85\xEA\xEB\xD4\x03\xAE\x5E\x84\x3E\x5F\xFF\x15\xED\x69\xBC\xF9\x39\x36\x72\x75\xCF\x77\x52\x4D\xF3\xC9\x90\x2C\xB9\x3D\xE5\xC9\x23\x53\x3F\x1F\x24\x98\x21\x5C\x07\x99\x29\xBD\xC6\x3A\xEC\xE7\x6E\x86\x3A\x6B\x97\x74\x63\x33\xBD\x68\x18\x31\xF0\x78\x8D\x76\xBF\xFC\x9E\x8E\x5D\x2A\x86\xA7\x4D\x90\xDC\x27\x1A\x39\x02\x03\x01\x00\x01\xA3\x45\x30\x43\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE5\x9D\x59\x30\x82\x47\x58\xCC\xAC\xFA\x08\x54\x36\x86\x7B\x3A\xB5\x04\x4D\xF0\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x03\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x85\x0C\x5D\x8E\xE4\x6F\x51\x68\x42\x05\xA0\xDD\xBB\x4F\x27\x25\x84\x03\xBD\xF7\x64\xFD\x2D\xD7\x30\xE3\xA4\x10\x17\xEB\xDA\x29\x29\xB6\x79\x3F\x76\xF6\x19\x13\x23\xB8\x10\x0A\xF9\x58\xA4\xD4\x61\x70\xBD\x04\x61\x6A\x12\x8A\x17\xD5\x0A\xBD\xC5\xBC\x30\x7C\xD6\xE9\x0C\x25\x8D\x86\x40\x4F\xEC\xCC\xA3\x7E\x38\xC6\x37\x11\x4F\xED\xDD\x68\x31\x8E\x4C\xD2\xB3\x01\x74\xEE\xBE\x75\x5E\x07\x48\x1A\x7F\x70\xFF\x16\x5C\x84\xC0\x79\x85\xB8\x05\xFD\x7F\xBE\x65\x11\xA3\x0F\xC0\x02\xB4\xF8\x52\x37\x39\x04\xD5\xA9\x31\x7A\x18\xBF\xA0\x2A\xF4\x12\x99\xF7\xA3\x45\x82\xE3\x3C\x5E\xF5\x9D\x9E\xB5\xC8\x9E\x7C\x2E\xC8\xA4\x9E\x4E\x08\x14\x4B\x6D\xFD\x70\x6D\x6B\x1A\x63\xBD\x64\xE6\x1F\xB7\xCE\xF0\xF2\x9F\x2E\xBB\x1B\xB7\xF2\x50\x88\x73\x92\xC2\xE2\xE3\x16\x8D\x9A\x32\x02\xAB\x8E\x18\xDD\xE9\x10\x11\xEE\x7E\x35\xAB\x90\xAF\x3E\x30\x94\x7A\xD0\x33\x3D\xA7\x65\x0F\xF5\xFC\x8E\x9E\x62\xCF\x47\x44\x2C\x01\x5D\xBB\x1D\xB5\x32\xD2\x47\xD2\x38\x2E\xD0\xFE\x81\xDC\x32\x6A\x1E\xB5\xEE\x3C\xD5\xFC\xE7\x81\x1D\x19\xC3\x24\x42\xEA\x63\x39\xA9",
-	["CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US"] = "\x30\x82\x02\x90\x30\x82\x01\xF9\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6E\x63\x2E\x31\x2D\x30\x2B\x06\x03\x55\x04\x03\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x47\x6C\x6F\x62\x61\x6C\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x31\x30\x1E\x17\x0D\x39\x39\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5A\x17\x0D\x32\x30\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5A\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6E\x63\x2E\x31\x2D\x30\x2B\x06\x03\x55\x04\x03\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x47\x6C\x6F\x62\x61\x6C\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x31\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xBA\xE7\x17\x90\x02\x65\xB1\x34\x55\x3C\x49\xC2\x51\xD5\xDF\xA7\xD1\x37\x8F\xD1\xE7\x81\x73\x41\x52\x60\x9B\x9D\xA1\x17\x26\x78\xAD\xC7\xB1\xE8\x26\x94\x32\xB5\xDE\x33\x8D\x3A\x2F\xDB\xF2\x9A\x7A\x5A\x73\x98\xA3\x5C\xE9\xFB\x8A\x73\x1B\x5C\xE7\xC3\xBF\x80\x6C\xCD\xA9\xF4\xD6\x2B\xC0\xF7\xF9\x99\xAA\x63\xA2\xB1\x47\x02\x0F\xD4\xE4\x51\x3A\x12\x3C\x6C\x8A\x5A\x54\x84\x70\xDB\xC1\xC5\x90\xCF\x72\x45\xCB\xA8\x59\xC0\xCD\x33\x9D\x3F\xA3\x96\xEB\x85\x33\x21\x1C\x3E\x1E\x3E\x60\x6E\x76\x9C\x67\x85\xC5\xC8\xC3\x61\x02\x03\x01\x00\x01\xA3\x66\x30\x64\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xBE\xA8\xA0\x74\x72\x50\x6B\x44\xB7\xC9\x23\xD8\xFB\xA8\xFF\xB3\x57\x6B\x68\x6C\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xBE\xA8\xA0\x74\x72\x50\x6B\x44\xB7\xC9\x23\xD8\xFB\xA8\xFF\xB3\x57\x6B\x68\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x30\xE2\x01\x51\xAA\xC7\xEA\x5F\xDA\xB9\xD0\x65\x0F\x30\xD6\x3E\xDA\x0D\x14\x49\x6E\x91\x93\x27\x14\x31\xEF\xC4\xF7\x2D\x45\xF8\xEC\xC7\xBF\xA2\x41\x0D\x23\xB4\x92\xF9\x19\x00\x67\xBD\x01\xAF\xCD\xE0\x71\xFC\x5A\xCF\x64\xC4\xE0\x96\x98\xD0\xA3\x40\xE2\x01\x8A\xEF\x27\x07\xF1\x65\x01\x8A\x44\x2D\x06\x65\x75\x52\xC0\x86\x10\x20\x21\x5F\x6C\x6B\x0F\x6C\xAE\x09\x1C\xAF\xF2\xA2\x18\x34\xC4\x75\xA4\x73\x1C\xF1\x8D\xDC\xEF\xAD\xF9\xB3\x76\xB4\x92\xBF\xDC\x95\x10\x1E\xBE\xCB\xC8\x3B\x5A\x84\x60\x19\x56\x94\xA9\x55",
-	["CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US"] = "\x30\x82\x02\x82\x30\x82\x01\xEB\xA0\x03\x02\x01\x02\x02\x01\x04\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6E\x63\x2E\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x31\x30\x1E\x17\x0D\x39\x39\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5A\x17\x0D\x32\x30\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5A\x30\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6E\x63\x2E\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x31\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xCE\x2F\x19\xBC\x17\xB7\x77\xDE\x93\xA9\x5F\x5A\x0D\x17\x4F\x34\x1A\x0C\x98\xF4\x22\xD9\x59\xD4\xC4\x68\x46\xF0\xB4\x35\xC5\x85\x03\x20\xC6\xAF\x45\xA5\x21\x51\x45\x41\xEB\x16\x58\x36\x32\x6F\xE2\x50\x62\x64\xF9\xFD\x51\x9C\xAA\x24\xD9\xF4\x9D\x83\x2A\x87\x0A\x21\xD3\x12\x38\x34\x6C\x8D\x00\x6E\x5A\xA0\xD9\x42\xEE\x1A\x21\x95\xF9\x52\x4C\x55\x5A\xC5\x0F\x38\x4F\x46\xFA\x6D\xF8\x2E\x35\xD6\x1D\x7C\xEB\xE2\xF0\xB0\x75\x80\xC8\xA9\x13\xAC\xBE\x88\xEF\x3A\x6E\xAB\x5F\x2A\x38\x62\x02\xB0\x12\x7B\xFE\x8F\xA6\x03\x02\x03\x01\x00\x01\xA3\x66\x30\x64\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x4A\x78\x32\x52\x11\xDB\x59\x16\x36\x5E\xDF\xC1\x14\x36\x40\x6A\x47\x7C\x4C\xA1\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4A\x78\x32\x52\x11\xDB\x59\x16\x36\x5E\xDF\xC1\x14\x36\x40\x6A\x47\x7C\x4C\xA1\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x75\x5B\xA8\x9B\x03\x11\xE6\xE9\x56\x4C\xCD\xF9\xA9\x4C\xC0\x0D\x9A\xF3\xCC\x65\x69\xE6\x25\x76\xCC\x59\xB7\xD6\x54\xC3\x1D\xCD\x99\xAC\x19\xDD\xB4\x85\xD5\xE0\x3D\xFC\x62\x20\xA7\x84\x4B\x58\x65\xF1\xE2\xF9\x95\x21\x3F\xF5\xD4\x7E\x58\x1E\x47\x87\x54\x3E\x58\xA1\xB5\xB5\xF8\x2A\xEF\x71\xE7\xBC\xC3\xF6\xB1\x49\x46\xE2\xD7\xA0\x6B\xE5\x56\x7A\x9A\x27\x98\x7C\x46\x62\x14\xE7\xC9\xFC\x6E\x03\x12\x79\x80\x38\x1D\x48\x82\x8D\xFC\x17\xFE\x2A\x96\x2B\xB5\x62\xA6\xA6\x3D\xBD\x7F\x92\x59\xCD\x5A\x2A\x82\xB2\x37\x79",
 	["CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE"] = "\x30\x82\x04\x18\x30\x82\x03\x00\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6C\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x30\x30\x35\x33\x30\x31\x30\x33\x38\x33\x31\x5A\x17\x0D\x32\x30\x30\x35\x33\x30\x31\x30\x33\x38\x33\x31\x5A\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6C\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x96\x96\xD4\x21\x49\x60\xE2\x6B\xE8\x41\x07\x0C\xDE\xC4\xE0\xDC\x13\x23\xCD\xC1\x35\xC7\xFB\xD6\x4E\x11\x0A\x67\x5E\xF5\x06\x5B\x6B\xA5\x08\x3B\x5B\x29\x16\x3A\xE7\x87\xB2\x34\x06\xC5\xBC\x05\xA5\x03\x7C\x82\xCB\x29\x10\xAE\xE1\x88\x81\xBD\xD6\x9E\xD3\xFE\x2D\x56\xC1\x15\xCE\xE3\x26\x9D\x15\x2E\x10\xFB\x06\x8F\x30\x04\xDE\xA7\xB4\x63\xB4\xFF\xB1\x9C\xAE\x3C\xAF\x77\xB6\x56\xC5\xB5\xAB\xA2\xE9\x69\x3A\x3D\x0E\x33\x79\x32\x3F\x70\x82\x92\x99\x61\x6D\x8D\x30\x08\x8F\x71\x3F\xA6\x48\x57\x19\xF8\x25\xDC\x4B\x66\x5C\xA5\x74\x8F\x98\xAE\xC8\xF9\xC0\x06\x22\xE7\xAC\x73\xDF\xA5\x2E\xFB\x52\xDC\xB1\x15\x65\x20\xFA\x35\x66\x69\xDE\xDF\x2C\xF1\x6E\xBC\x30\xDB\x2C\x24\x12\xDB\xEB\x35\x35\x68\x90\xCB\x00\xB0\x97\x21\x3D\x74\x21\x23\x65\x34\x2B\xBB\x78\x59\xA3\xD6\xE1\x76\x39\x9A\xA4\x49\x8E\x8C\x74\xAF\x6E\xA4\x9A\xA3\xD9\x9B\xD2\x38\x5C\x9B\xA2\x18\xCC\x75\x23\x84\xBE\xEB\xE2\x4D\x33\x71\x8E\x1A\xF0\xC2\xF8\xC7\x1D\xA2\xAD\x03\x97\x2C\xF8\xCF\x25\xC6\xF6\xB8\x24\x31\xB1\x63\x5D\x92\x7F\x63\xF0\x25\xC9\x53\x2E\x1F\xBF\x4D\x02\x03\x01\x00\x01\xA3\x81\xD2\x30\x81\xCF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x95\xB1\xB4\xF0\x94\xB6\xBD\xC7\xDA\xD1\x11\x09\x21\xBE\xC1\xAF\x49\xFD\x10\x7B\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x8F\x06\x03\x55\x1D\x23\x04\x81\x87\x30\x81\x84\x80\x14\x95\xB1\xB4\xF0\x94\xB6\xBD\xC7\xDA\xD1\x11\x09\x21\xBE\xC1\xAF\x49\xFD\x10\x7B\xA1\x69\xA4\x67\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6C\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6F\x6F\x74\x82\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x2C\x6D\x64\x1B\x1F\xCD\x0D\xDD\xB9\x01\xFA\x96\x63\x34\x32\x48\x47\x99\xAE\x97\xED\xFD\x72\x16\xA6\x73\x47\x5A\xF4\xEB\xDD\xE9\xF5\xD6\xFB\x45\xCC\x29\x89\x44\x5D\xBF\x46\x39\x3D\xE8\xEE\xBC\x4D\x54\x86\x1E\x1D\x6C\xE3\x17\x27\x43\xE1\x89\x56\x2B\xA9\x6F\x72\x4E\x49\x33\xE3\x72\x7C\x2A\x23\x9A\xBC\x3E\xFF\x28\x2A\xED\xA3\xFF\x1C\x23\xBA\x43\x57\x09\x67\x4D\x4B\x62\x06\x2D\xF8\xFF\x6C\x9D\x60\x1E\xD8\x1C\x4B\x7D\xB5\x31\x2F\xD9\xD0\x7C\x5D\xF8\xDE\x6B\x83\x18\x78\x37\x57\x2F\xE8\x33\x07\x67\xDF\x1E\xC7\x6B\x2A\x95\x76\xAE\x8F\x57\xA3\xF0\xF4\x52\xB4\xA9\x53\x08\xCF\xE0\x4F\xD3\x7A\x53\x8B\xFD\xBB\x1C\x56\x36\xF2\xFE\xB2\xB6\xE5\x76\xBB\xD5\x22\x65\xA7\x3F\xFE\xD1\x66\xAD\x0B\xBC\x6B\x99\x86\xEF\x3F\x7D\xF3\x18\x32\xCA\x7B\xC6\xE3\xAB\x64\x46\x95\xF8\x26\x69\xD9\x55\x83\x7B\x2C\x96\x07\xFF\x59\x2C\x44\xA3\xC6\xE5\xE9\xA9\xDC\xA1\x63\x80\x5A\x21\x5E\x21\xCF\x53\x54\xF0\xBA\x6F\x89\xDB\xA8\xAA\x95\xCF\x8B\xE3\x71\xCC\x1E\x1B\x20\x44\x08\xC0\x7A\xB6\x40\xFD\xC4\xE4\x35\xE1\x1D\x16\x1C\xD0\xBC\x2B\x8E\xD6\x71\xD9",
 	["CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE"] = "\x30\x82\x04\x36\x30\x82\x03\x1E\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x30\x30\x35\x33\x30\x31\x30\x34\x38\x33\x38\x5A\x17\x0D\x32\x30\x30\x35\x33\x30\x31\x30\x34\x38\x33\x38\x5A\x30\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB7\xF7\x1A\x33\xE6\xF2\x00\x04\x2D\x39\xE0\x4E\x5B\xED\x1F\xBC\x6C\x0F\xCD\xB5\xFA\x23\xB6\xCE\xDE\x9B\x11\x33\x97\xA4\x29\x4C\x7D\x93\x9F\xBD\x4A\xBC\x93\xED\x03\x1A\xE3\x8F\xCF\xE5\x6D\x50\x5A\xD6\x97\x29\x94\x5A\x80\xB0\x49\x7A\xDB\x2E\x95\xFD\xB8\xCA\xBF\x37\x38\x2D\x1E\x3E\x91\x41\xAD\x70\x56\xC7\xF0\x4F\x3F\xE8\x32\x9E\x74\xCA\xC8\x90\x54\xE9\xC6\x5F\x0F\x78\x9D\x9A\x40\x3C\x0E\xAC\x61\xAA\x5E\x14\x8F\x9E\x87\xA1\x6A\x50\xDC\xD7\x9A\x4E\xAF\x05\xB3\xA6\x71\x94\x9C\x71\xB3\x50\x60\x0A\xC7\x13\x9D\x38\x07\x86\x02\xA8\xE9\xA8\x69\x26\x18\x90\xAB\x4C\xB0\x4F\x23\xAB\x3A\x4F\x84\xD8\xDF\xCE\x9F\xE1\x69\x6F\xBB\xD7\x42\xD7\x6B\x44\xE4\xC7\xAD\xEE\x6D\x41\x5F\x72\x5A\x71\x08\x37\xB3\x79\x65\xA4\x59\xA0\x94\x37\xF7\x00\x2F\x0D\xC2\x92\x72\xDA\xD0\x38\x72\xDB\x14\xA8\x45\xC4\x5D\x2A\x7D\xB7\xB4\xD6\xC4\xEE\xAC\xCD\x13\x44\xB7\xC9\x2B\xDD\x43\x00\x25\xFA\x61\xB9\x69\x6A\x58\x23\x11\xB7\xA7\x33\x8F\x56\x75\x59\xF5\xCD\x29\xD7\x46\xB7\x0A\x2B\x65\xB6\xD3\x42\x6F\x15\xB2\xB8\x7B\xFB\xEF\xE9\x5D\x53\xD5\x34\x5A\x27\x02\x03\x01\x00\x01\xA3\x81\xDC\x30\x81\xD9\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xAD\xBD\x98\x7A\x34\xB4\x26\xF7\xFA\xC4\x26\x54\xEF\x03\xBD\xE0\x24\xCB\x54\x1A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x99\x06\x03\x55\x1D\x23\x04\x81\x91\x30\x81\x8E\x80\x14\xAD\xBD\x98\x7A\x34\xB4\x26\xF7\xFA\xC4\x26\x54\xEF\x03\xBD\xE0\x24\xCB\x54\x1A\xA1\x73\xA4\x71\x30\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x43\x41\x20\x52\x6F\x6F\x74\x82\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xB0\x9B\xE0\x85\x25\xC2\xD6\x23\xE2\x0F\x96\x06\x92\x9D\x41\x98\x9C\xD9\x84\x79\x81\xD9\x1E\x5B\x14\x07\x23\x36\x65\x8F\xB0\xD8\x77\xBB\xAC\x41\x6C\x47\x60\x83\x51\xB0\xF9\x32\x3D\xE7\xFC\xF6\x26\x13\xC7\x80\x16\xA5\xBF\x5A\xFC\x87\xCF\x78\x79\x89\x21\x9A\xE2\x4C\x07\x0A\x86\x35\xBC\xF2\xDE\x51\xC4\xD2\x96\xB7\xDC\x7E\x4E\xEE\x70\xFD\x1C\x39\xEB\x0C\x02\x51\x14\x2D\x8E\xBD\x16\xE0\xC1\xDF\x46\x75\xE7\x24\xAD\xEC\xF4\x42\xB4\x85\x93\x70\x10\x67\xBA\x9D\x06\x35\x4A\x18\xD3\x2B\x7A\xCC\x51\x42\xA1\x7A\x63\xD1\xE6\xBB\xA1\xC5\x2B\xC2\x36\xBE\x13\x0D\xE6\xBD\x63\x7E\x79\x7B\xA7\x09\x0D\x40\xAB\x6A\xDD\x8F\x8A\xC3\xF6\xF6\x8C\x1A\x42\x05\x51\xD4\x45\xF5\x9F\xA7\x62\x21\x68\x15\x20\x43\x3C\x99\xE7\x7C\xBD\x24\xD8\xA9\x91\x17\x73\x88\x3F\x56\x1B\x31\x38\x18\xB4\x71\x0F\x9A\xCD\xC8\x0E\x9E\x8E\x2E\x1B\xE1\x8C\x98\x83\xCB\x1F\x31\xF1\x44\x4C\xC6\x04\x73\x49\x76\x60\x0F\xC7\xF8\xBD\x17\x80\x6B\x2E\xE9\xCC\x4C\x0E\x5A\x9A\x79\x0F\x20\x0A\x2E\xD5\x9E\x63\x26\x1E\x55\x92\x94\xD8\x82\x17\x5A\x7B\xD0\xBC\xC7\x8F\x4E\x86\x04",
 	["CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE"] = "\x30\x82\x04\x15\x30\x82\x02\xFD\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6C\x69\x63\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x30\x30\x35\x33\x30\x31\x30\x34\x31\x35\x30\x5A\x17\x0D\x32\x30\x30\x35\x33\x30\x31\x30\x34\x31\x35\x30\x5A\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6C\x69\x63\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xE9\x1A\x30\x8F\x83\x88\x14\xC1\x20\xD8\x3C\x9B\x8F\x1B\x7E\x03\x74\xBB\xDA\x69\xD3\x46\xA5\xF8\x8E\xC2\x0C\x11\x90\x51\xA5\x2F\x66\x54\x40\x55\xEA\xDB\x1F\x4A\x56\xEE\x9F\x23\x6E\xF4\x39\xCB\xA1\xB9\x6F\xF2\x7E\xF9\x5D\x87\x26\x61\x9E\x1C\xF8\xE2\xEC\xA6\x81\xF8\x21\xC5\x24\xCC\x11\x0C\x3F\xDB\x26\x72\x7A\xC7\x01\x97\x07\x17\xF9\xD7\x18\x2C\x30\x7D\x0E\x7A\x1E\x62\x1E\xC6\x4B\xC0\xFD\x7D\x62\x77\xD3\x44\x1E\x27\xF6\x3F\x4B\x44\xB3\xB7\x38\xD9\x39\x1F\x60\xD5\x51\x92\x73\x03\xB4\x00\x69\xE3\xF3\x14\x4E\xEE\xD1\xDC\x09\xCF\x77\x34\x46\x50\xB0\xF8\x11\xF2\xFE\x38\x79\xF7\x07\x39\xFE\x51\x92\x97\x0B\x5B\x08\x5F\x34\x86\x01\xAD\x88\x97\xEB\x66\xCD\x5E\xD1\xFF\xDC\x7D\xF2\x84\xDA\xBA\x77\xAD\xDC\x80\x08\xC7\xA7\x87\xD6\x55\x9F\x97\x6A\xE8\xC8\x11\x64\xBA\xE7\x19\x29\x3F\x11\xB3\x78\x90\x84\x20\x52\x5B\x11\xEF\x78\xD0\x83\xF6\xD5\x48\x90\xD0\x30\x1C\xCF\x80\xF9\x60\xFE\x79\xE4\x88\xF2\xDD\x00\xEB\x94\x45\xEB\x65\x94\x69\x40\xBA\xC0\xD5\xB4\xB8\xBA\x7D\x04\x11\xA8\xEB\x31\x05\x96\x94\x4E\x58\x21\x8E\x9F\xD0\x60\xFD\x02\x03\x01\x00\x01\xA3\x81\xD1\x30\x81\xCE\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x81\x3E\x37\xD8\x92\xB0\x1F\x77\x9F\x5C\xB4\xAB\x73\xAA\xE7\xF6\x34\x60\x2F\xFA\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x8E\x06\x03\x55\x1D\x23\x04\x81\x86\x30\x81\x83\x80\x14\x81\x3E\x37\xD8\x92\xB0\x1F\x77\x9F\x5C\xB4\xAB\x73\xAA\xE7\xF6\x34\x60\x2F\xFA\xA1\x68\xA4\x66\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6C\x69\x63\x20\x43\x41\x20\x52\x6F\x6F\x74\x82\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xF7\x15\x4A\xF8\x24\xDA\x23\x56\x16\x93\x76\xDD\x36\x28\xB9\xAE\x1B\xB8\xC3\xF1\x64\xBA\x20\x18\x78\x95\x29\x27\x57\x05\xBC\x7C\x2A\xF4\xB9\x51\x55\xDA\x87\x02\xDE\x0F\x16\x17\x31\xF8\xAA\x79\x2E\x09\x13\xBB\xAF\xB2\x20\x19\x12\xE5\x93\xF9\x4B\xF9\x83\xE8\x44\xD5\xB2\x41\x25\xBF\x88\x75\x6F\xFF\x10\xFC\x4A\x54\xD0\x5F\xF0\xFA\xEF\x36\x73\x7D\x1B\x36\x45\xC6\x21\x6D\xB4\x15\xB8\x4E\xCF\x9C\x5C\xA5\x3D\x5A\x00\x8E\x06\xE3\x3C\x6B\x32\x7B\xF2\x9F\xF0\xB6\xFD\xDF\xF0\x28\x18\x48\xF0\xC6\xBC\xD0\xBF\x34\x80\x96\xC2\x4A\xB1\x6D\x8E\xC7\x90\x45\xDE\x2F\x67\xAC\x45\x04\xA3\x7A\xDC\x55\x92\xC9\x47\x66\xD8\x1A\x8C\xC7\xED\x9C\x4E\x9A\xE0\x12\xBB\xB5\x6A\x4C\x84\xE1\xE1\x22\x0D\x87\x00\x64\xFE\x8C\x7D\x62\x39\x65\xA6\xEF\x42\xB6\x80\x25\x12\x61\x01\xA8\x24\x13\x70\x00\x11\x26\x5F\xFA\x35\x50\xC5\x48\xCC\x06\x47\xE8\x27\xD8\x70\x8D\x5F\x64\xE6\xA1\x44\x26\x5E\x22\xEC\x92\xCD\xFF\x42\x9A\x44\x21\x6D\x5C\xC5\xE3\x22\x1D\x5F\x47\x12\xE7\xCE\x5F\x5D\xFA\xD8\xAA\xB1\x33\x2D\xD9\x76\xF2\x4E\x3A\x33\x0C\x2B\xB3\x2D\x90\x06",
@@ -34,8 +27,6 @@ redef root_certs += {
 	["CN=GeoTrust Global CA 2,O=GeoTrust Inc.,C=US"] = "\x30\x82\x03\x66\x30\x82\x02\x4E\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x44\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x1D\x30\x1B\x06\x03\x55\x04\x03\x13\x14\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x43\x41\x20\x32\x30\x1E\x17\x0D\x30\x34\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5A\x17\x0D\x31\x39\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5A\x30\x44\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x1D\x30\x1B\x06\x03\x55\x04\x03\x13\x14\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x43\x41\x20\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xEF\x3C\x4D\x40\x3D\x10\xDF\x3B\x53\x00\xE1\x67\xFE\x94\x60\x15\x3E\x85\x88\xF1\x89\x0D\x90\xC8\x28\x23\x99\x05\xE8\x2B\x20\x9D\xC6\xF3\x60\x46\xD8\xC1\xB2\xD5\x8C\x31\xD9\xDC\x20\x79\x24\x81\xBF\x35\x32\xFC\x63\x69\xDB\xB1\x2A\x6B\xEE\x21\x58\xF2\x08\xE9\x78\xCB\x6F\xCB\xFC\x16\x52\xC8\x91\xC4\xFF\x3D\x73\xDE\xB1\x3E\xA7\xC2\x7D\x66\xC1\xF5\x7E\x52\x24\x1A\xE2\xD5\x67\x91\xD0\x82\x10\xD7\x78\x4B\x4F\x2B\x42\x39\xBD\x64\x2D\x40\xA0\xB0\x10\xD3\x38\x48\x46\x88\xA1\x0C\xBB\x3A\x33\x2A\x62\x98\xFB\x00\x9D\x13\x59\x7F\x6F\x3B\x72\xAA\xEE\xA6\x0F\x86\xF9\x05\x61\xEA\x67\x7F\x0C\x37\x96\x8B\xE6\x69\x16\x47\x11\xC2\x27\x59\x03\xB3\xA6\x60\xC2\x21\x40\x56\xFA\xA0\xC7\x7D\x3A\x13\xE3\xEC\x57\xC7\xB3\xD6\xAE\x9D\x89\x80\xF7\x01\xE7\x2C\xF6\x96\x2B\x13\x0D\x79\x2C\xD9\xC0\xE4\x86\x7B\x4B\x8C\x0C\x72\x82\x8A\xFB\x17\xCD\x00\x6C\x3A\x13\x3C\xB0\x84\x87\x4B\x16\x7A\x29\xB2\x4F\xDB\x1D\xD4\x0B\xF3\x66\x37\xBD\xD8\xF6\x57\xBB\x5E\x24\x7A\xB8\x3C\x8B\xB9\xFA\x92\x1A\x1A\x84\x9E\xD8\x74\x8F\xAA\x1B\x7F\x5E\xF4\xFE\x45\x22\x21\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x71\x38\x36\xF2\x02\x31\x53\x47\x2B\x6E\xBA\x65\x46\xA9\x10\x15\x58\x20\x05\x09\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x71\x38\x36\xF2\x02\x31\x53\x47\x2B\x6E\xBA\x65\x46\xA9\x10\x15\x58\x20\x05\x09\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xF7\xB5\x2B\xAB\x5D\x10\xFC\x7B\xB2\xB2\x5E\xAC\x9B\x0E\x7E\x53\x78\x59\x3E\x42\x04\xFE\x75\xA3\xAD\xAC\x81\x4E\xD7\x02\x8B\x5E\xC4\x2D\xC8\x52\x76\xC7\x2C\x1F\xFC\x81\x32\x98\xD1\x4B\xC6\x92\x93\x33\x35\x31\x2F\xFC\xD8\x1D\x44\xDD\xE0\x81\x7F\x9D\xE9\x8B\xE1\x64\x91\x62\x0B\x39\x08\x8C\xAC\x74\x9D\x59\xD9\x7A\x59\x52\x97\x11\xB9\x16\x7B\x6F\x45\xD3\x96\xD9\x31\x7D\x02\x36\x0F\x9C\x3B\x6E\xCF\x2C\x0D\x03\x46\x45\xEB\xA0\xF4\x7F\x48\x44\xC6\x08\x40\xCC\xDE\x1B\x70\xB5\x29\xAD\xBA\x8B\x3B\x34\x65\x75\x1B\x71\x21\x1D\x2C\x14\x0A\xB0\x96\x95\xB8\xD6\xEA\xF2\x65\xFB\x29\xBA\x4F\xEA\x91\x93\x74\x69\xB6\xF2\xFF\xE1\x1A\xD0\x0C\xD1\x76\x85\xCB\x8A\x25\xBD\x97\x5E\x2C\x6F\x15\x99\x26\xE7\xB6\x29\xFF\x22\xEC\xC9\x02\xC7\x56\x00\xCD\x49\xB9\xB3\x6C\x7B\x53\x04\x1A\xE2\xA8\xC9\xAA\x12\x05\x23\xC2\xCE\xE7\xBB\x04\x02\xCC\xC0\x47\xA2\xE4\xC4\x29\x2F\x5B\x45\x57\x89\x51\xEE\x3C\xEB\x52\x08\xFF\x07\x35\x1E\x9F\x35\x6A\x47\x4A\x56\x98\xD1\x5A\x85\x1F\x8C\xF5\x22\xBF\xAB\xCE\x83\xF3\xE2\x22\x29\xAE\x7D\x83\x40\xA8\xBA\x6C",
 	["CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US"] = "\x30\x82\x05\x68\x30\x82\x03\x50\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x13\x15\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x30\x1E\x17\x0D\x30\x34\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5A\x17\x0D\x32\x39\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5A\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x13\x15\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA6\x15\x55\xA0\xA3\xC6\xE0\x1F\x8C\x9D\x21\x50\xD7\xC1\xBE\x2B\x5B\xB5\xA4\x9E\xA1\xD9\x72\x58\xBD\x00\x1B\x4C\xBF\x61\xC9\x14\x1D\x45\x82\xAB\xC6\x1D\x80\xD6\x3D\xEB\x10\x9C\x3A\xAF\x6D\x24\xF8\xBC\x71\x01\x9E\x06\xF5\x7C\x5F\x1E\xC1\x0E\x55\xCA\x83\x9A\x59\x30\xAE\x19\xCB\x30\x48\x95\xED\x22\x37\x8D\xF4\x4A\x9A\x72\x66\x3E\xAD\x95\xC0\xE0\x16\x00\xE0\x10\x1F\x2B\x31\x0E\xD7\x94\x54\xD3\x42\x33\xA0\x34\x1D\x1E\x45\x76\xDD\x4F\xCA\x18\x37\xEC\x85\x15\x7A\x19\x08\xFC\xD5\xC7\x9C\xF0\xF2\xA9\x2E\x10\xA9\x92\xE6\x3D\x58\x3D\xA9\x16\x68\x3C\x2F\x75\x21\x18\x7F\x28\x77\xA5\xE1\x61\x17\xB7\xA6\xE9\xF8\x1E\x99\xDB\x73\x6E\xF4\x0A\xA2\x21\x6C\xEE\xDA\xAA\x85\x92\x66\xAF\xF6\x7A\x6B\x82\xDA\xBA\x22\x08\x35\x0F\xCF\x42\xF1\x35\xFA\x6A\xEE\x7E\x2B\x25\xCC\x3A\x11\xE4\x6D\xAF\x73\xB2\x76\x1D\xAD\xD0\xB2\x78\x67\x1A\xA4\x39\x1C\x51\x0B\x67\x56\x83\xFD\x38\x5D\x0D\xCE\xDD\xF0\xBB\x2B\x96\x1F\xDE\x7B\x32\x52\xFD\x1D\xBB\xB5\x06\xA1\xB2\x21\x5E\xA5\xD6\x95\x68\x7F\xF0\x99\x9E\xDC\x45\x08\x3E\xE7\xD2\x09\x0D\x35\x94\xDD\x80\x4E\x53\x97\xD7\xB5\x09\x44\x20\x64\x16\x17\x03\x02\x4C\x53\x0D\x68\xDE\xD5\xAA\x72\x4D\x93\x6D\x82\x0E\xDB\x9C\xBD\xCF\xB4\xF3\x5C\x5D\x54\x7A\x69\x09\x96\xD6\xDB\x11\xC1\x8D\x75\xA8\xB4\xCF\x39\xC8\xCE\x3C\xBC\x24\x7C\xE6\x62\xCA\xE1\xBD\x7D\xA7\xBD\x57\x65\x0B\xE4\xFE\x25\xED\xB6\x69\x10\xDC\x28\x1A\x46\xBD\x01\x1D\xD0\x97\xB5\xE1\x98\x3B\xC0\x37\x64\xD6\x3D\x94\xEE\x0B\xE1\xF5\x28\xAE\x0B\x56\xBF\x71\x8B\x23\x29\x41\x8E\x86\xC5\x4B\x52\x7B\xD8\x71\xAB\x1F\x8A\x15\xA6\x3B\x83\x5A\xD7\x58\x01\x51\xC6\x4C\x41\xD9\x7F\xD8\x41\x67\x72\xA2\x28\xDF\x60\x83\xA9\x9E\xC8\x7B\xFC\x53\x73\x72\x59\xF5\x93\x7A\x17\x76\x0E\xCE\xF7\xE5\x5C\xD9\x0B\x55\x34\xA2\xAA\x5B\xB5\x6A\x54\xE7\x13\xCA\x57\xEC\x97\x6D\xF4\x5E\x06\x2F\x45\x8B\x58\xD4\x23\x16\x92\xE4\x16\x6E\x28\x63\x59\x30\xDF\x50\x01\x9C\x63\x89\x1A\x9F\xDB\x17\x94\x82\x70\x37\xC3\x24\x9E\x9A\x47\xD6\x5A\xCA\x4E\xA8\x69\x89\x72\x1F\x91\x6C\xDB\x7E\x9E\x1B\xAD\xC7\x1F\x73\xDD\x2C\x4F\x19\x65\xFD\x7F\x93\x40\x10\x2E\xD2\xF0\xED\x3C\x9E\x2E\x28\x3E\x69\x26\x33\xC5\x7B\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xDA\xBB\x2E\xAA\xB0\x0C\xB8\x88\x26\x51\x74\x5C\x6D\x03\xD3\xC0\xD8\x8F\x7A\xD6\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xDA\xBB\x2E\xAA\xB0\x0C\xB8\x88\x26\x51\x74\x5C\x6D\x03\xD3\xC0\xD8\x8F\x7A\xD6\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x31\x78\xE6\xC7\xB5\xDF\xB8\x94\x40\xC9\x71\xC4\xA8\x35\xEC\x46\x1D\xC2\x85\xF3\x28\x58\x86\xB0\x0B\xFC\x8E\xB2\x39\x8F\x44\x55\xAB\x64\x84\x5C\x69\xA9\xD0\x9A\x38\x3C\xFA\xE5\x1F\x35\xE5\x44\xE3\x80\x79\x94\x68\xA4\xBB\xC4\x9F\x3D\xE1\x34\xCD\x30\x46\x8B\x54\x2B\x95\xA5\xEF\xF7\x3F\x99\x84\xFD\x35\xE6\xCF\x31\xC6\xDC\x6A\xBF\xA7\xD7\x23\x08\xE1\x98\x5E\xC3\x5A\x08\x76\xA9\xA6\xAF\x77\x2F\xB7\x60\xBD\x44\x46\x6A\xEF\x97\xFF\x73\x95\xC1\x8E\xE8\x93\xFB\xFD\x31\xB7\xEC\x57\x11\x11\x45\x9B\x30\xF1\x1A\x88\x39\xC1\x4F\x3C\xA7\x00\xD5\xC7\xFC\xAB\x6D\x80\x22\x70\xA5\x0C\xE0\x5D\x04\x29\x02\xFB\xCB\xA0\x91\xD1\x7C\xD6\xC3\x7E\x50\xD5\x9D\x58\xBE\x41\x38\xEB\xB9\x75\x3C\x15\xD9\x9B\xC9\x4A\x83\x59\xC0\xDA\x53\xFD\x33\xBB\x36\x18\x9B\x85\x0F\x15\xDD\xEE\x2D\xAC\x76\x93\xB9\xD9\x01\x8D\x48\x10\xA8\xFB\xF5\x38\x86\xF1\xDB\x0A\xC6\xBD\x84\xA3\x23\x41\xDE\xD6\x77\x6F\x85\xD4\x85\x1C\x50\xE0\xAE\x51\x8A\xBA\x8D\x3E\x76\xE2\xB9\xCA\x27\xF2\x5F\x9F\xEF\x6E\x59\x0D\x06\xD8\x2B\x17\xA4\xD2\x7C\x6B\xBB\x5F\x14\x1A\x48\x8F\x1A\x4C\xE7\xB3\x47\x1C\x8E\x4C\x45\x2B\x20\xEE\x48\xDF\xE7\xDD\x09\x8E\x18\xA8\xDA\x40\x8D\x92\x26\x11\x53\x61\x73\x5D\xEB\xBD\xE7\xC4\x4D\x29\x37\x61\xEB\xAC\x39\x2D\x67\x2E\x16\xD6\xF5\x00\x83\x85\xA1\xCC\x7F\x76\xC4\x7D\xE4\xB7\x4B\x66\xEF\x03\x45\x60\x69\xB6\x0C\x52\x96\x92\x84\x5E\xA6\xA3\xB5\xA4\x3E\x2B\xD9\xCC\xD8\x1B\x47\xAA\xF2\x44\xDA\x4F\xF9\x03\xE8\xF0\x14\xCB\x3F\xF3\x83\xDE\xD0\xC1\x54\xE3\xB7\xE8\x0A\x37\x4D\x8B\x20\x59\x03\x30\x19\xA1\x2C\xC8\xBD\x11\x1F\xDF\xAE\xC9\x4A\xC5\xF3\x27\x66\x66\x86\xAC\x68\x91\xFF\xD9\xE6\x53\x1C\x0F\x8B\x5C\x69\x65\x0A\x26\xC8\x1E\x34\xC3\x5D\x51\x7B\xD7\xA9\x9C\x06\xA1\x36\xDD\xD5\x89\x94\xBC\xD9\xE4\x2D\x0C\x5E\x09\x6C\x08\x97\x7C\xA3\x3D\x7C\x93\xFF\x3F\xA1\x14\xA7\xCF\xB5\x5D\xEB\xDB\xDB\x1C\xC4\x76\xDF\x88\xB9\xBD\x45\x05\x95\x1B\xAE\xFC\x46\x6A\x4C\xAF\x48\xE3\xCE\xAE\x0F\xD2\x7E\xEB\xE6\x6C\x9C\x4F\x81\x6A\x7A\x64\xAC\xBB\x3E\xD5\xE7\xCB\x76\x2E\xC5\xA7\x48\xC1\x5C\x90\x0F\xCB\xC8\x3F\xFA\xE6\x32\xE1\x8D\x1B\x6F\xA4\xE6\x8E\xD8\xF9\x29\x48\x8A\xCE\x73\xFE\x2C",
 	["CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US"] = "\x30\x82\x05\x6C\x30\x82\x03\x54\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x47\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x20\x32\x30\x1E\x17\x0D\x30\x34\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5A\x17\x0D\x32\x39\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5A\x30\x47\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x20\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xB3\x54\x52\xC1\xC9\x3E\xF2\xD9\xDC\xB1\x53\x1A\x59\x29\xE7\xB1\xC3\x45\x28\xE5\xD7\xD1\xED\xC5\xC5\x4B\xA1\xAA\x74\x7B\x57\xAF\x4A\x26\xFC\xD8\xF5\x5E\xA7\x6E\x19\xDB\x74\x0C\x4F\x35\x5B\x32\x0B\x01\xE3\xDB\xEB\x7A\x77\x35\xEA\xAA\x5A\xE0\xD6\xE8\xA1\x57\x94\xF0\x90\xA3\x74\x56\x94\x44\x30\x03\x1E\x5C\x4E\x2B\x85\x26\x74\x82\x7A\x0C\x76\xA0\x6F\x4D\xCE\x41\x2D\xA0\x15\x06\x14\x5F\xB7\x42\xCD\x7B\x8F\x58\x61\x34\xDC\x2A\x08\xF9\x2E\xC3\x01\xA6\x22\x44\x1C\x4C\x07\x82\xE6\x5B\xCE\xD0\x4A\x7C\x04\xD3\x19\x73\x27\xF0\xAA\x98\x7F\x2E\xAF\x4E\xEB\x87\x1E\x24\x77\x6A\x5D\xB6\xE8\x5B\x45\xBA\xDC\xC3\xA1\x05\x6F\x56\x8E\x8F\x10\x26\xA5\x49\xC3\x2E\xD7\x41\x87\x22\xE0\x4F\x86\xCA\x60\xB5\xEA\xA1\x63\xC0\x01\x97\x10\x79\xBD\x00\x3C\x12\x6D\x2B\x15\xB1\xAC\x4B\xB1\xEE\x18\xB9\x4E\x96\xDC\xDC\x76\xFF\x3B\xBE\xCF\x5F\x03\xC0\xFC\x3B\xE8\xBE\x46\x1B\xFF\xDA\x40\xC2\x52\xF7\xFE\xE3\x3A\xF7\x6A\x77\x35\xD0\xDA\x8D\xEB\x5E\x18\x6A\x31\xC7\x1E\xBA\x3C\x1B\x28\xD6\x6B\x54\xC6\xAA\x5B\xD7\xA2\x2C\x1B\x19\xCC\xA2\x02\xF6\x9B\x59\xBD\x37\x6B\x86\xB5\x6D\x82\xBA\xD8\xEA\xC9\x56\xBC\xA9\x36\x58\xFD\x3E\x19\xF3\xED\x0C\x26\xA9\x93\x38\xF8\x4F\xC1\x5D\x22\x06\xD0\x97\xEA\xE1\xAD\xC6\x55\xE0\x81\x2B\x28\x83\x3A\xFA\xF4\x7B\x21\x51\x00\xBE\x52\x38\xCE\xCD\x66\x79\xA8\xF4\x81\x56\xE2\xD0\x83\x09\x47\x51\x5B\x50\x6A\xCF\xDB\x48\x1A\x5D\x3E\xF7\xCB\xF6\x65\xF7\x6C\xF1\x95\xF8\x02\x3B\x32\x56\x82\x39\x7A\x5B\xBD\x2F\x89\x1B\xBF\xA1\xB4\xE8\xFF\x7F\x8D\x8C\xDF\x03\xF1\x60\x4E\x58\x11\x4C\xEB\xA3\x3F\x10\x2B\x83\x9A\x01\x73\xD9\x94\x6D\x84\x00\x27\x66\xAC\xF0\x70\x40\x09\x42\x92\xAD\x4F\x93\x0D\x61\x09\x51\x24\xD8\x92\xD5\x0B\x94\x61\xB2\x87\xB2\xED\xFF\x9A\x35\xFF\x85\x54\xCA\xED\x44\x43\xAC\x1B\x3C\x16\x6B\x48\x4A\x0A\x1C\x40\x88\x1F\x92\xC2\x0B\x00\x05\xFF\xF2\xC8\x02\x4A\xA4\xAA\xA9\xCC\x99\x96\x9C\x2F\x58\xE0\x7D\xE1\xBE\xBB\x07\xDC\x5F\x04\x72\x5C\x31\x34\xC3\xEC\x5F\x2D\xE0\x3D\x64\x90\x22\xE6\xD1\xEC\xB8\x2E\xDD\x59\xAE\xD9\xA1\x37\xBF\x54\x35\xDC\x73\x32\x4F\x8C\x04\x1E\x33\xB2\xC9\x46\xF1\xD8\x5C\xC8\x55\x50\xC9\x68\xBD\xA8\xBA\x36\x09\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x76\xF3\x55\xE1\xFA\xA4\x36\xFB\xF0\x9F\x5C\x62\x71\xED\x3C\xF4\x47\x38\x10\x2B\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x76\xF3\x55\xE1\xFA\xA4\x36\xFB\xF0\x9F\x5C\x62\x71\xED\x3C\xF4\x47\x38\x10\x2B\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x66\xC1\xC6\x23\xF3\xD9\xE0\x2E\x6E\x5F\xE8\xCF\xAE\xB0\xB0\x25\x4D\x2B\xF8\x3B\x58\x9B\x40\x24\x37\x5A\xCB\xAB\x16\x49\xFF\xB3\x75\x79\x33\xA1\x2F\x6D\x70\x17\x34\x91\xFE\x67\x7E\x8F\xEC\x9B\xE5\x5E\x82\xA9\x55\x1F\x2F\xDC\xD4\x51\x07\x12\xFE\xAC\x16\x3E\x2C\x35\xC6\x63\xFC\xDC\x10\xEB\x0D\xA3\xAA\xD0\x7C\xCC\xD1\xD0\x2F\x51\x2E\xC4\x14\x5A\xDE\xE8\x19\xE1\x3E\xC6\xCC\xA4\x29\xE7\x2E\x84\xAA\x06\x30\x78\x76\x54\x73\x28\x98\x59\x38\xE0\x00\x0D\x62\xD3\x42\x7D\x21\x9F\xAE\x3D\x3A\x8C\xD5\xFA\x77\x0D\x18\x2B\x16\x0E\x5F\x36\xE1\xFC\x2A\xB5\x30\x24\xCF\xE0\x63\x0C\x7B\x58\x1A\xFE\x99\xBA\x42\x12\xB1\x91\xF4\x7C\x68\xE2\xC8\xE8\xAF\x2C\xEA\xC9\x7E\xAE\xBB\x2A\x3D\x0D\x15\xDC\x34\x95\xB6\x18\x74\xA8\x6A\x0F\xC7\xB4\xF4\x13\xC4\xE4\x5B\xED\x0A\xD2\xA4\x97\x4C\x2A\xED\x2F\x6C\x12\x89\x3D\xF1\x27\x70\xAA\x6A\x03\x52\x21\x9F\x40\xA8\x67\x50\xF2\xF3\x5A\x1F\xDF\xDF\x23\xF6\xDC\x78\x4E\xE6\x98\x4F\x55\x3A\x53\xE3\xEF\xF2\xF4\x9F\xC7\x7C\xD8\x58\xAF\x29\x22\x97\xB8\xE0\xBD\x91\x2E\xB0\x76\xEC\x57\x11\xCF\xEF\x29\x44\xF3\xE9\x85\x7A\x60\x63\xE4\x5D\x33\x89\x17\xD9\x31\xAA\xDA\xD6\xF3\x18\x35\x72\xCF\x87\x2B\x2F\x63\x23\x84\x5D\x84\x8C\x3F\x57\xA0\x88\xFC\x99\x91\x28\x26\x69\x99\xD4\x8F\x97\x44\xBE\x8E\xD5\x48\xB1\xA4\x28\x29\xF1\x15\xB4\xE1\xE5\x9E\xDD\xF8\x8F\xA6\x6F\x26\xD7\x09\x3C\x3A\x1C\x11\x0E\xA6\x6C\x37\xF7\xAD\x44\x87\x2C\x28\xC7\xD8\x74\x82\xB3\xD0\x6F\x4A\x57\xBB\x35\x29\x27\xA0\x8B\xE8\x21\xA7\x87\x64\x36\x5D\xCC\xD8\x16\xAC\xC7\xB2\x27\x40\x92\x55\x38\x28\x8D\x51\x6E\xDD\x14\x67\x53\x6C\x71\x5C\x26\x84\x4D\x75\x5A\xB6\x7E\x60\x56\xA9\x4D\xAD\xFB\x9B\x1E\x97\xF3\x0D\xD9\xD2\x97\x54\x77\xDA\x3D\x12\xB7\xE0\x1E\xEF\x08\x06\xAC\xF9\x85\x87\xE9\xA2\xDC\xAF\x7E\x18\x12\x83\xFD\x56\x17\x41\x2E\xD5\x29\x82\x7D\x99\xF4\x31\xF6\x71\xA9\xCF\x2C\x01\x27\xA5\x05\xB9\xAA\xB2\x48\x4E\x2A\xEF\x9F\x93\x52\x51\x95\x3C\x52\x73\x8E\x56\x4C\x17\x40\xC0\x09\x28\xE4\x8B\x6A\x48\x53\xDB\xEC\xCD\x55\x55\xF1\xC6\xF8\xE9\xA2\x2C\x4C\xA6\xD1\x26\x5F\x7E\xAF\x5A\x4C\xDA\x1F\xA6\xF2\x1C\x2C\x7E\xAE\x02\x16\xD2\x56\xD0\x2F\x57\x53\x47\xE8\x92",
-	["CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US"] = "\x30\x82\x03\xA4\x30\x82\x02\x8C\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x31\x30\x1E\x17\x0D\x30\x32\x30\x35\x32\x38\x30\x36\x30\x30\x30\x30\x5A\x17\x0D\x33\x37\x31\x31\x31\x39\x32\x30\x34\x33\x30\x30\x5A\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA8\x2F\xE8\xA4\x69\x06\x03\x47\xC3\xE9\x2A\x98\xFF\x19\xA2\x70\x9A\xC6\x50\xB2\x7E\xA5\xDF\x68\x4D\x1B\x7C\x0F\xB6\x97\x68\x7D\x2D\xA6\x8B\x97\xE9\x64\x86\xC9\xA3\xEF\xA0\x86\xBF\x60\x65\x9C\x4B\x54\x88\xC2\x48\xC5\x4A\x39\xBF\x14\xE3\x59\x55\xE5\x19\xB4\x74\xC8\xB4\x05\x39\x5C\x16\xA5\xE2\x95\x05\xE0\x12\xAE\x59\x8B\xA2\x33\x68\x58\x1C\xA6\xD4\x15\xB7\xD8\x9F\xD7\xDC\x71\xAB\x7E\x9A\xBF\x9B\x8E\x33\x0F\x22\xFD\x1F\x2E\xE7\x07\x36\xEF\x62\x39\xC5\xDD\xCB\xBA\x25\x14\x23\xDE\x0C\xC6\x3D\x3C\xCE\x82\x08\xE6\x66\x3E\xDA\x51\x3B\x16\x3A\xA3\x05\x7F\xA0\xDC\x87\xD5\x9C\xFC\x72\xA9\xA0\x7D\x78\xE4\xB7\x31\x55\x1E\x65\xBB\xD4\x61\xB0\x21\x60\xED\x10\x32\x72\xC5\x92\x25\x1E\xF8\x90\x4A\x18\x78\x47\xDF\x7E\x30\x37\x3E\x50\x1B\xDB\x1C\xD3\x6B\x9A\x86\x53\x07\xB0\xEF\xAC\x06\x78\xF8\x84\x99\xFE\x21\x8D\x4C\x80\xB6\x0C\x82\xF6\x66\x70\x79\x1A\xD3\x4F\xA3\xCF\xF1\xCF\x46\xB0\x4B\x0F\x3E\xDD\x88\x62\xB8\x8C\xA9\x09\x28\x3B\x7A\xC7\x97\xE1\x1E\xE5\xF4\x9F\xC0\xC0\xAE\x24\xA0\xC8\xA1\xD9\x0F\xD6\x7B\x26\x82\x69\x32\x3D\xA7\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x00\xAD\xD9\xA3\xF6\x79\xF6\x6E\x74\xA9\x7F\x33\x3D\x81\x17\xD7\x4C\xCF\x33\xDE\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x00\xAD\xD9\xA3\xF6\x79\xF6\x6E\x74\xA9\x7F\x33\x3D\x81\x17\xD7\x4C\xCF\x33\xDE\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7C\x8A\xD1\x1F\x18\x37\x82\xE0\xB8\xB0\xA3\xED\x56\x95\xC8\x62\x61\x9C\x05\xA2\xCD\xC2\x62\x26\x61\xCD\x10\x16\xD7\xCC\xB4\x65\x34\xD0\x11\x8A\xAD\xA8\xA9\x05\x66\xEF\x74\xF3\x6D\x5F\x9D\x99\xAF\xF6\x8B\xFB\xEB\x52\xB2\x05\x98\xA2\x6F\x2A\xC5\x54\xBD\x25\xBD\x5F\xAE\xC8\x86\xEA\x46\x2C\xC1\xB3\xBD\xC1\xE9\x49\x70\x18\x16\x97\x08\x13\x8C\x20\xE0\x1B\x2E\x3A\x47\xCB\x1E\xE4\x00\x30\x95\x5B\xF4\x45\xA3\xC0\x1A\xB0\x01\x4E\xAB\xBD\xC0\x23\x6E\x63\x3F\x80\x4A\xC5\x07\xED\xDC\xE2\x6F\xC7\xC1\x62\xF1\xE3\x72\xD6\x04\xC8\x74\x67\x0B\xFA\x88\xAB\xA1\x01\xC8\x6F\xF0\x14\xAF\xD2\x99\xCD\x51\x93\x7E\xED\x2E\x38\xC7\xBD\xCE\x46\x50\x3D\x72\xE3\x79\x25\x9D\x9B\x88\x2B\x10\x20\xDD\xA5\xB8\x32\x9F\x8D\xE0\x29\xDF\x21\x74\x86\x82\xDB\x2F\x82\x30\xC6\xC7\x35\x86\xB3\xF9\x96\x5F\x46\xDB\x0C\x45\xFD\xF3\x50\xC3\x6F\xC6\xC3\x48\xAD\x46\xA6\xE1\x27\x47\x0A\x1D\x0E\x9B\xB6\xC2\x77\x7F\x63\xF2\xE0\x7D\x1A\xBE\xFC\xE0\xDF\xD7\xC7\xA7\x6C\xB0\xF9\xAE\xBA\x3C\xFD\x74\xB4\x11\xE8\x58\x0D\x80\xBC\xD3\xA8\x80\x3A\x99\xED\x75\xCC\x46\x7B",
-	["CN=America Online Root Certification Authority 2,O=America Online Inc.,C=US"] = "\x30\x82\x05\xA4\x30\x82\x03\x8C\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x32\x30\x1E\x17\x0D\x30\x32\x30\x35\x32\x38\x30\x36\x30\x30\x30\x30\x5A\x17\x0D\x33\x37\x30\x39\x32\x39\x31\x34\x30\x38\x30\x30\x5A\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xCC\x41\x45\x1D\xE9\x3D\x4D\x10\xF6\x8C\xB1\x41\xC9\xE0\x5E\xCB\x0D\xB7\xBF\x47\x73\xD3\xF0\x55\x4D\xDD\xC6\x0C\xFA\xB1\x66\x05\x6A\xCD\x78\xB4\xDC\x02\xDB\x4E\x81\xF3\xD7\xA7\x7C\x71\xBC\x75\x63\xA0\x5D\xE3\x07\x0C\x48\xEC\x25\xC4\x03\x20\xF4\xFF\x0E\x3B\x12\xFF\x9B\x8D\xE1\xC6\xD5\x1B\xB4\x6D\x22\xE3\xB1\xDB\x7F\x21\x64\xAF\x86\xBC\x57\x22\x2A\xD6\x47\x81\x57\x44\x82\x56\x53\xBD\x86\x14\x01\x0B\xFC\x7F\x74\xA4\x5A\xAE\xF1\xBA\x11\xB5\x9B\x58\x5A\x80\xB4\x37\x78\x09\x33\x7C\x32\x47\x03\x5C\xC4\xA5\x83\x48\xF4\x57\x56\x6E\x81\x36\x27\x18\x4F\xEC\x9B\x28\xC2\xD4\xB4\xD7\x7C\x0C\x3E\x0C\x2B\xDF\xCA\x04\xD7\xC6\x8E\xEA\x58\x4E\xA8\xA4\xA5\x18\x1C\x6C\x45\x98\xA3\x41\xD1\x2D\xD2\xC7\x6D\x8D\x19\xF1\xAD\x79\xB7\x81\x3F\xBD\x06\x82\x27\x2D\x10\x58\x05\xB5\x78\x05\xB9\x2F\xDB\x0C\x6B\x90\x90\x7E\x14\x59\x38\xBB\x94\x24\x13\xE5\xD1\x9D\x14\xDF\xD3\x82\x4D\x46\xF0\x80\x39\x52\x32\x0F\xE3\x84\xB2\x7A\x43\xF2\x5E\xDE\x5F\x3F\x1D\xDD\xE3\xB2\x1B\xA0\xA1\x2A\x23\x03\x6E\x2E\x01\x15\x87\x5C\xA6\x75\x75\xC7\x97\x61\xBE\xDE\x86\xDC\xD4\x48\xDB\xBD\x2A\xBF\x4A\x55\xDA\xE8\x7D\x50\xFB\xB4\x80\x17\xB8\x94\xBF\x01\x3D\xEA\xDA\xBA\x7C\xE0\x58\x67\x17\xB9\x58\xE0\x88\x86\x46\x67\x6C\x9D\x10\x47\x58\x32\xD0\x35\x7C\x79\x2A\x90\xA2\x5A\x10\x11\x23\x35\xAD\x2F\xCC\xE4\x4A\x5B\xA7\xC8\x27\xF2\x83\xDE\x5E\xBB\x5E\x77\xE7\xE8\xA5\x6E\x63\xC2\x0D\x5D\x61\xD0\x8C\xD2\x6C\x5A\x21\x0E\xCA\x28\xA3\xCE\x2A\xE9\x95\xC7\x48\xCF\x96\x6F\x1D\x92\x25\xC8\xC6\xC6\xC1\xC1\x0C\x05\xAC\x26\xC4\xD2\x75\xD2\xE1\x2A\x67\xC0\x3D\x5B\xA5\x9A\xEB\xCF\x7B\x1A\xA8\x9D\x14\x45\xE5\x0F\xA0\x9A\x65\xDE\x2F\x28\xBD\xCE\x6F\x94\x66\x83\x48\x29\xD8\xEA\x65\x8C\xAF\x93\xD9\x64\x9F\x55\x57\x26\xBF\x6F\xCB\x37\x31\x99\xA3\x60\xBB\x1C\xAD\x89\x34\x32\x62\xB8\x43\x21\x06\x72\x0C\xA1\x5C\x6D\x46\xC5\xFA\x29\xCF\x30\xDE\x89\xDC\x71\x5B\xDD\xB6\x37\x3E\xDF\x50\xF5\xB8\x07\x25\x26\xE5\xBC\xB5\xFE\x3C\x02\xB3\xB7\xF8\xBE\x43\xC1\x87\x11\x94\x9E\x23\x6C\x17\x8A\xB8\x8A\x27\x0C\x54\x47\xF0\xA9\xB3\xC0\x80\x8C\xA0\x27\xEB\x1D\x19\xE3\x07\x8E\x77\x70\xCA\x2B\xF4\x7D\x76\xE0\x78\x67\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4D\x45\xC1\x68\x38\xBB\x73\xA9\x69\xA1\x20\xE7\xED\xF5\x22\xA1\x23\x14\xD7\x9E\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x4D\x45\xC1\x68\x38\xBB\x73\xA9\x69\xA1\x20\xE7\xED\xF5\x22\xA1\x23\x14\xD7\x9E\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x67\x6B\x06\xB9\x5F\x45\x3B\x2A\x4B\x33\xB3\xE6\x1B\x6B\x59\x4E\x22\xCC\xB9\xB7\xA4\x25\xC9\xA7\xC4\xF0\x54\x96\x0B\x64\xF3\xB1\x58\x4F\x5E\x51\xFC\xB2\x97\x7B\x27\x65\xC2\xE5\xCA\xE7\x0D\x0C\x25\x7B\x62\xE3\xFA\x9F\xB4\x87\xB7\x45\x46\xAF\x83\xA5\x97\x48\x8C\xA5\xBD\xF1\x16\x2B\x9B\x76\x2C\x7A\x35\x60\x6C\x11\x80\x97\xCC\xA9\x92\x52\xE6\x2B\xE6\x69\xED\xA9\xF8\x36\x2D\x2C\x77\xBF\x61\x48\xD1\x63\x0B\xB9\x5B\x52\xED\x18\xB0\x43\x42\x22\xA6\xB1\x77\xAE\xDE\x69\xC5\xCD\xC7\x1C\xA1\xB1\xA5\x1C\x10\xFB\x18\xBE\x1A\x70\xDD\xC1\x92\x4B\xBE\x29\x5A\x9D\x3F\x35\xBE\xE5\x7D\x51\xF8\x55\xE0\x25\x75\x23\x87\x1E\x5C\xDC\xBA\x9D\xB0\xAC\xB3\x69\xDB\x17\x83\xC9\xF7\xDE\x0C\xBC\x08\xDC\x91\x9E\xA8\xD0\xD7\x15\x37\x73\xA5\x35\xB8\xFC\x7E\xC5\x44\x40\x06\xC3\xEB\xF8\x22\x80\x5C\x47\xCE\x02\xE3\x11\x9F\x44\xFF\xFD\x9A\x32\xCC\x7D\x64\x51\x0E\xEB\x57\x26\x76\x3A\xE3\x1E\x22\x3C\xC2\xA6\x36\xDD\x19\xEF\xA7\xFC\x12\xF3\x26\xC0\x59\x31\x85\x4C\x9C\xD8\xCF\xDF\xA4\xCC\xCC\x29\x93\xFF\x94\x6D\x76\x5C\x13\x08\x97\xF2\xED\xA5\x0B\x4D\xDD\xE8\xC9\x68\x0E\x66\xD3\x00\x0E\x33\x12\x5B\xBC\x95\xE5\x32\x90\xA8\xB3\xC6\x6C\x83\xAD\x77\xEE\x8B\x7E\x7E\xB1\xA9\xAB\xD3\xE1\xF1\xB6\xC0\xB1\xEA\x88\xC0\xE7\xD3\x90\xE9\x28\x92\x94\x7B\x68\x7B\x97\x2A\x0A\x67\x2D\x85\x02\x38\x10\xE4\x03\x61\xD4\xDA\x25\x36\xC7\x08\x58\x2D\xA1\xA7\x51\xAF\x30\x0A\x49\xF5\xA6\x69\x87\x07\x2D\x44\x46\x76\x8E\x2A\xE5\x9A\x3B\xD7\x18\xA2\xFC\x9C\x38\x10\xCC\xC6\x3B\xD2\xB5\x17\x3A\x6F\xFD\xAE\x25\xBD\xF5\x72\x59\x64\xB1\x74\x2A\x38\x5F\x18\x4C\xDF\xCF\x71\x04\x5A\x36\xD4\xBF\x2F\x99\x9C\xE8\xD9\xBA\xB1\x95\xE6\x02\x4B\x21\xA1\x5B\xD5\xC1\x4F\x8F\xAE\x69\x6D\x53\xDB\x01\x93\xB5\x5C\x1E\x18\xDD\x64\x5A\xCA\x18\x28\x3E\x63\x04\x11\xFD\x1C\x8D\x00\x0F\xB8\x37\xDF\x67\x8A\x9D\x66\xA9\x02\x6A\x91\xFF\x13\xCA\x2F\x5D\x83\xBC\x87\x93\x6C\xDC\x24\x51\x16\x04\x25\x66\xFA\xB3\xD9\xC2\xBA\x29\xBE\x9A\x48\x38\x82\x99\xF4\xBF\x3B\x4A\x31\x19\xF9\xBF\x8E\x21\x33\x14\xCA\x4F\x54\x5F\xFB\xCE\xFB\x8F\x71\x7F\xFD\x5E\x19\xA0\x0F\x4B\x91\xB8\xC4\x54\xBC\x06\xB0\x45\x8F\x26\x91\xA2\x8E\xFE\xA9",
 	["CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US"] = "\x30\x82\x03\xA2\x30\x82\x02\x8A\xA0\x03\x02\x01\x02\x02\x10\x13\x86\x35\x4D\x1D\x3F\x06\xF2\xC1\xF9\x65\x05\xD5\x90\x1C\x62\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x6B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x56\x49\x53\x41\x31\x2F\x30\x2D\x06\x03\x55\x04\x0B\x13\x26\x56\x69\x73\x61\x20\x49\x6E\x74\x65\x72\x6E\x61\x74\x69\x6F\x6E\x61\x6C\x20\x53\x65\x72\x76\x69\x63\x65\x20\x41\x73\x73\x6F\x63\x69\x61\x74\x69\x6F\x6E\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x56\x69\x73\x61\x20\x65\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x32\x30\x36\x32\x36\x30\x32\x31\x38\x33\x36\x5A\x17\x0D\x32\x32\x30\x36\x32\x34\x30\x30\x31\x36\x31\x32\x5A\x30\x6B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x56\x49\x53\x41\x31\x2F\x30\x2D\x06\x03\x55\x04\x0B\x13\x26\x56\x69\x73\x61\x20\x49\x6E\x74\x65\x72\x6E\x61\x74\x69\x6F\x6E\x61\x6C\x20\x53\x65\x72\x76\x69\x63\x65\x20\x41\x73\x73\x6F\x63\x69\x61\x74\x69\x6F\x6E\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x56\x69\x73\x61\x20\x65\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAF\x57\xDE\x56\x1E\x6E\xA1\xDA\x60\xB1\x94\x27\xCB\x17\xDB\x07\x3F\x80\x85\x4F\xC8\x9C\xB6\xD0\xF4\x6F\x4F\xCF\x99\xD8\xE1\xDB\xC2\x48\x5C\x3A\xAC\x39\x33\xC7\x1F\x6A\x8B\x26\x3D\x2B\x35\xF5\x48\xB1\x91\xC1\x02\x4E\x04\x96\x91\x7B\xB0\x33\xF0\xB1\x14\x4E\x11\x6F\xB5\x40\xAF\x1B\x45\xA5\x4A\xEF\x7E\xB6\xAC\xF2\xA0\x1F\x58\x3F\x12\x46\x60\x3C\x8D\xA1\xE0\x7D\xCF\x57\x3E\x33\x1E\xFB\x47\xF1\xAA\x15\x97\x07\x55\x66\xA5\xB5\x2D\x2E\xD8\x80\x59\xB2\xA7\x0D\xB7\x46\xEC\x21\x63\xFF\x35\xAB\xA5\x02\xCF\x2A\xF4\x4C\xFE\x7B\xF5\x94\x5D\x84\x4D\xA8\xF2\x60\x8F\xDB\x0E\x25\x3C\x9F\x73\x71\xCF\x94\xDF\x4A\xEA\xDB\xDF\x72\x38\x8C\xF3\x96\xBD\xF1\x17\xBC\xD2\xBA\x3B\x45\x5A\xC6\xA7\xF6\xC6\x17\x8B\x01\x9D\xFC\x19\xA8\x2A\x83\x16\xB8\x3A\x48\xFE\x4E\x3E\xA0\xAB\x06\x19\xE9\x53\xF3\x80\x13\x07\xED\x2D\xBF\x3F\x0A\x3C\x55\x20\x39\x2C\x2C\x00\x69\x74\x95\x4A\xBC\x20\xB2\xA9\x79\xE5\x18\x89\x91\xA8\xDC\x1C\x4D\xEF\xBB\x7E\x37\x0B\x5D\xFE\x39\xA5\x88\x52\x8C\x00\x6C\xEC\x18\x7C\x41\xBD\xF6\x8B\x75\x77\xBA\x60\x9D\x84\xE7\xFE\x2D\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x15\x38\x83\x0F\x3F\x2C\x3F\x70\x33\x1E\xCD\x46\xFE\x07\x8C\x20\xE0\xD7\xC3\xB7\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5F\xF1\x41\x7D\x7C\x5C\x08\xB9\x2B\xE0\xD5\x92\x47\xFA\x67\x5C\xA5\x13\xC3\x03\x21\x9B\x2B\x4C\x89\x46\xCF\x59\x4D\xC9\xFE\xA5\x40\xB6\x63\xCD\xDD\x71\x28\x95\x67\x11\xCC\x24\xAC\xD3\x44\x6C\x71\xAE\x01\x20\x6B\x03\xA2\x8F\x18\xB7\x29\x3A\x7D\xE5\x16\x60\x53\x78\x3C\xC0\xAF\x15\x83\xF7\x8F\x52\x33\x24\xBD\x64\x93\x97\xEE\x8B\xF7\xDB\x18\xA8\x6D\x71\xB3\xF7\x2C\x17\xD0\x74\x25\x69\xF7\xFE\x6B\x3C\x94\xBE\x4D\x4B\x41\x8C\x4E\xE2\x73\xD0\xE3\x90\x22\x73\x43\xCD\xF3\xEF\xEA\x73\xCE\x45\x8A\xB0\xA6\x49\xFF\x4C\x7D\x9D\x71\x88\xC4\x76\x1D\x90\x5B\x1D\xEE\xFD\xCC\xF7\xEE\xFD\x60\xA5\xB1\x7A\x16\x71\xD1\x16\xD0\x7C\x12\x3C\x6C\x69\x97\xDB\xAE\x5F\x39\x9A\x70\x2F\x05\x3C\x19\x46\x04\x99\x20\x36\xD0\x60\x6E\x61\x06\xBB\x16\x42\x8C\x70\xF7\x30\xFB\xE0\xDB\x66\xA3\x00\x01\xBD\xE6\x2C\xDA\x91\x5F\xA0\x46\x8B\x4D\x6A\x9C\x3D\x3D\xDD\x05\x46\xFE\x76\xBF\xA0\x0A\x3C\xE4\x00\xE6\x27\xB7\xFF\x84\x2D\xDE\xBA\x22\x27\x96\x10\x71\xEB\x22\xED\xDF\xDF\x33\x9C\xCF\xE3\xAD\xAE\x8E\xD4\x8E\xE6\x4F\x51\xAF\x16\x92\xE0\x5C\xF6\x07\x0F",
 	["CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL"] = "\x30\x82\x03\x0C\x30\x82\x01\xF4\xA0\x03\x02\x01\x02\x02\x03\x01\x00\x20\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x3E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4C\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x55\x6E\x69\x7A\x65\x74\x6F\x20\x53\x70\x2E\x20\x7A\x20\x6F\x2E\x6F\x2E\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13\x09\x43\x65\x72\x74\x75\x6D\x20\x43\x41\x30\x1E\x17\x0D\x30\x32\x30\x36\x31\x31\x31\x30\x34\x36\x33\x39\x5A\x17\x0D\x32\x37\x30\x36\x31\x31\x31\x30\x34\x36\x33\x39\x5A\x30\x3E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4C\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x55\x6E\x69\x7A\x65\x74\x6F\x20\x53\x70\x2E\x20\x7A\x20\x6F\x2E\x6F\x2E\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13\x09\x43\x65\x72\x74\x75\x6D\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCE\xB1\xC1\x2E\xD3\x4F\x7C\xCD\x25\xCE\x18\x3E\x4F\xC4\x8C\x6F\x80\x6A\x73\xC8\x5B\x51\xF8\x9B\xD2\xDC\xBB\x00\x5C\xB1\xA0\xFC\x75\x03\xEE\x81\xF0\x88\xEE\x23\x52\xE9\xE6\x15\x33\x8D\xAC\x2D\x09\xC5\x76\xF9\x2B\x39\x80\x89\xE4\x97\x4B\x90\xA5\xA8\x78\xF8\x73\x43\x7B\xA4\x61\xB0\xD8\x58\xCC\xE1\x6C\x66\x7E\x9C\xF3\x09\x5E\x55\x63\x84\xD5\xA8\xEF\xF3\xB1\x2E\x30\x68\xB3\xC4\x3C\xD8\xAC\x6E\x8D\x99\x5A\x90\x4E\x34\xDC\x36\x9A\x8F\x81\x88\x50\xB7\x6D\x96\x42\x09\xF3\xD7\x95\x83\x0D\x41\x4B\xB0\x6A\x6B\xF8\xFC\x0F\x7E\x62\x9F\x67\xC4\xED\x26\x5F\x10\x26\x0F\x08\x4F\xF0\xA4\x57\x28\xCE\x8F\xB8\xED\x45\xF6\x6E\xEE\x25\x5D\xAA\x6E\x39\xBE\xE4\x93\x2F\xD9\x47\xA0\x72\xEB\xFA\xA6\x5B\xAF\xCA\x53\x3F\xE2\x0E\xC6\x96\x56\x11\x6E\xF7\xE9\x66\xA9\x26\xD8\x7F\x95\x53\xED\x0A\x85\x88\xBA\x4F\x29\xA5\x42\x8C\x5E\xB6\xFC\x85\x20\x00\xAA\x68\x0B\xA1\x1A\x85\x01\x9C\xC4\x46\x63\x82\x88\xB6\x22\xB1\xEE\xFE\xAA\x46\x59\x7E\xCF\x35\x2C\xD5\xB6\xDA\x5D\xF7\x48\x33\x14\x54\xB6\xEB\xD9\x6F\xCE\xCD\x88\xD6\xAB\x1B\xDA\x96\x3B\x1D\x59\x02\x03\x01\x00\x01\xA3\x13\x30\x11\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xB8\x8D\xCE\xEF\xE7\x14\xBA\xCF\xEE\xB0\x44\x92\x6C\xB4\x39\x3E\xA2\x84\x6E\xAD\xB8\x21\x77\xD2\xD4\x77\x82\x87\xE6\x20\x41\x81\xEE\xE2\xF8\x11\xB7\x63\xD1\x17\x37\xBE\x19\x76\x24\x1C\x04\x1A\x4C\xEB\x3D\xAA\x67\x6F\x2D\xD4\xCD\xFE\x65\x31\x70\xC5\x1B\xA6\x02\x0A\xBA\x60\x7B\x6D\x58\xC2\x9A\x49\xFE\x63\x32\x0B\x6B\xE3\x3A\xC0\xAC\xAB\x3B\xB0\xE8\xD3\x09\x51\x8C\x10\x83\xC6\x34\xE0\xC5\x2B\xE0\x1A\xB6\x60\x14\x27\x6C\x32\x77\x8C\xBC\xB2\x72\x98\xCF\xCD\xCC\x3F\xB9\xC8\x24\x42\x14\xD6\x57\xFC\xE6\x26\x43\xA9\x1D\xE5\x80\x90\xCE\x03\x54\x28\x3E\xF7\x3F\xD3\xF8\x4D\xED\x6A\x0A\x3A\x93\x13\x9B\x3B\x14\x23\x13\x63\x9C\x3F\xD1\x87\x27\x79\xE5\x4C\x51\xE3\x01\xAD\x85\x5D\x1A\x3B\xB1\xD5\x73\x10\xA4\xD3\xF2\xBC\x6E\x64\xF5\x5A\x56\x90\xA8\xC7\x0E\x4C\x74\x0F\x2E\x71\x3B\xF7\xC8\x47\xF4\x69\x6F\x15\xF2\x11\x5E\x83\x1E\x9C\x7C\x52\xAE\xFD\x02\xDA\x12\xA8\x59\x67\x18\xDB\xBC\x70\xDD\x9B\xB1\x69\xED\x80\xCE\x89\x40\x48\x6A\x0E\x35\xCA\x29\x66\x15\x21\x94\x2C\xE8\x60\x2A\x9B\x85\x4A\x40\xF3\x6B\x8A\x24\xEC\x06\x16\x2C\x73",
 	["CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB"] = "\x30\x82\x04\x32\x30\x82\x03\x1A\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x0C\x18\x41\x41\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x1E\x17\x0D\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x7B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x0C\x18\x41\x41\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBE\x40\x9D\xF4\x6E\xE1\xEA\x76\x87\x1C\x4D\x45\x44\x8E\xBE\x46\xC8\x83\x06\x9D\xC1\x2A\xFE\x18\x1F\x8E\xE4\x02\xFA\xF3\xAB\x5D\x50\x8A\x16\x31\x0B\x9A\x06\xD0\xC5\x70\x22\xCD\x49\x2D\x54\x63\xCC\xB6\x6E\x68\x46\x0B\x53\xEA\xCB\x4C\x24\xC0\xBC\x72\x4E\xEA\xF1\x15\xAE\xF4\x54\x9A\x12\x0A\xC3\x7A\xB2\x33\x60\xE2\xDA\x89\x55\xF3\x22\x58\xF3\xDE\xDC\xCF\xEF\x83\x86\xA2\x8C\x94\x4F\x9F\x68\xF2\x98\x90\x46\x84\x27\xC7\x76\xBF\xE3\xCC\x35\x2C\x8B\x5E\x07\x64\x65\x82\xC0\x48\xB0\xA8\x91\xF9\x61\x9F\x76\x20\x50\xA8\x91\xC7\x66\xB5\xEB\x78\x62\x03\x56\xF0\x8A\x1A\x13\xEA\x31\xA3\x1E\xA0\x99\xFD\x38\xF6\xF6\x27\x32\x58\x6F\x07\xF5\x6B\xB8\xFB\x14\x2B\xAF\xB7\xAA\xCC\xD6\x63\x5F\x73\x8C\xDA\x05\x99\xA8\x38\xA8\xCB\x17\x78\x36\x51\xAC\xE9\x9E\xF4\x78\x3A\x8D\xCF\x0F\xD9\x42\xE2\x98\x0C\xAB\x2F\x9F\x0E\x01\xDE\xEF\x9F\x99\x49\xF1\x2D\xDF\xAC\x74\x4D\x1B\x98\xB5\x47\xC5\xE5\x29\xD1\xF9\x90\x18\xC7\x62\x9C\xBE\x83\xC7\x26\x7B\x3E\x8A\x25\xC7\xC0\xDD\x9D\xE6\x35\x68\x10\x20\x9D\x8F\xD8\xDE\xD2\xC3\x84\x9C\x0D\x5E\xE8\x2F\xC9\x02\x03\x01\x00\x01\xA3\x81\xC0\x30\x81\xBD\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA0\x11\x0A\x23\x3E\x96\xF1\x07\xEC\xE2\xAF\x29\xEF\x82\xA5\x7F\xD0\x30\xA4\xB4\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x7B\x06\x03\x55\x1D\x1F\x04\x74\x30\x72\x30\x38\xA0\x36\xA0\x34\x86\x32\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x63\x61\x2E\x63\x6F\x6D\x2F\x41\x41\x41\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x36\xA0\x34\xA0\x32\x86\x30\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x2E\x6E\x65\x74\x2F\x41\x41\x41\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x08\x56\xFC\x02\xF0\x9B\xE8\xFF\xA4\xFA\xD6\x7B\xC6\x44\x80\xCE\x4F\xC4\xC5\xF6\x00\x58\xCC\xA6\xB6\xBC\x14\x49\x68\x04\x76\xE8\xE6\xEE\x5D\xEC\x02\x0F\x60\xD6\x8D\x50\x18\x4F\x26\x4E\x01\xE3\xE6\xB0\xA5\xEE\xBF\xBC\x74\x54\x41\xBF\xFD\xFC\x12\xB8\xC7\x4F\x5A\xF4\x89\x60\x05\x7F\x60\xB7\x05\x4A\xF3\xF6\xF1\xC2\xBF\xC4\xB9\x74\x86\xB6\x2D\x7D\x6B\xCC\xD2\xF3\x46\xDD\x2F\xC6\xE0\x6A\xC3\xC3\x34\x03\x2C\x7D\x96\xDD\x5A\xC2\x0E\xA7\x0A\x99\xC1\x05\x8B\xAB\x0C\x2F\xF3\x5C\x3A\xCF\x6C\x37\x55\x09\x87\xDE\x53\x40\x6C\x58\xEF\xFC\xB6\xAB\x65\x6E\x04\xF6\x1B\xDC\x3C\xE0\x5A\x15\xC6\x9E\xD9\xF1\x59\x48\x30\x21\x65\x03\x6C\xEC\xE9\x21\x73\xEC\x9B\x03\xA1\xE0\x37\xAD\xA0\x15\x18\x8F\xFA\xBA\x02\xCE\xA7\x2C\xA9\x10\x13\x2C\xD4\xE5\x08\x26\xAB\x22\x97\x60\xF8\x90\x5E\x74\xD4\xA2\x9A\x53\xBD\xF2\xA9\x68\xE0\xA2\x6E\xC2\xD7\x6C\xB1\xA3\x0F\x9E\xBF\xEB\x68\xE7\x56\xF2\xAE\xF2\xE3\x2B\x38\x3A\x09\x81\xB5\x6B\x85\xD7\xBE\x2D\xED\x3F\x1A\xB7\xB2\x63\xE2\xF5\x62\x2C\x82\xD4\x6A\x00\x41\x50\xF1\x39\x83\x9F\x95\xE9\x36\x96\x98\x6E",
@@ -47,7 +38,6 @@ redef root_certs += {
 	["OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP"] = "\x30\x82\x03\x5A\x30\x82\x02\x42\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x50\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x53\x45\x43\x4F\x4D\x20\x54\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6F\x6D\x6D\x75\x6E\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x43\x41\x31\x30\x1E\x17\x0D\x30\x33\x30\x39\x33\x30\x30\x34\x32\x30\x34\x39\x5A\x17\x0D\x32\x33\x30\x39\x33\x30\x30\x34\x32\x30\x34\x39\x5A\x30\x50\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x53\x45\x43\x4F\x4D\x20\x54\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6F\x6D\x6D\x75\x6E\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x43\x41\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB3\xB3\xFE\x7F\xD3\x6D\xB1\xEF\x16\x7C\x57\xA5\x0C\x6D\x76\x8A\x2F\x4B\xBF\x64\xFB\x4C\xEE\x8A\xF0\xF3\x29\x7C\xF5\xFF\xEE\x2A\xE0\xE9\xE9\xBA\x5B\x64\x22\x9A\x9A\x6F\x2C\x3A\x26\x69\x51\x05\x99\x26\xDC\xD5\x1C\x6A\x71\xC6\x9A\x7D\x1E\x9D\xDD\x7C\x6C\xC6\x8C\x67\x67\x4A\x3E\xF8\x71\xB0\x19\x27\xA9\x09\x0C\xA6\x95\xBF\x4B\x8C\x0C\xFA\x55\x98\x3B\xD8\xE8\x22\xA1\x4B\x71\x38\x79\xAC\x97\x92\x69\xB3\x89\x7E\xEA\x21\x68\x06\x98\x14\x96\x87\xD2\x61\x36\xBC\x6D\x27\x56\x9E\x57\xEE\xC0\xC0\x56\xFD\x32\xCF\xA4\xD9\x8E\xC2\x23\xD7\x8D\xA8\xF3\xD8\x25\xAC\x97\xE4\x70\x38\xF4\xB6\x3A\xB4\x9D\x3B\x97\x26\x43\xA3\xA1\xBC\x49\x59\x72\x4C\x23\x30\x87\x01\x58\xF6\x4E\xBE\x1C\x68\x56\x66\xAF\xCD\x41\x5D\xC8\xB3\x4D\x2A\x55\x46\xAB\x1F\xDA\x1E\xE2\x40\x3D\xDB\xCD\x7D\xB9\x92\x80\x9C\x37\xDD\x0C\x96\x64\x9D\xDC\x22\xF7\x64\x8B\xDF\x61\xDE\x15\x94\x52\x15\xA0\x7D\x52\xC9\x4B\xA8\x21\xC9\xC6\xB1\xED\xCB\xC3\x95\x60\xD1\x0F\xF0\xAB\x70\xF8\xDF\xCB\x4D\x7E\xEC\xD6\xFA\xAB\xD9\xBD\x7F\x54\xF2\xA5\xE9\x79\xFA\xD9\xD6\x76\x24\x28\x73\x02\x03\x01\x00\x01\xA3\x3F\x30\x3D\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA0\x73\x49\x99\x68\xDC\x85\x5B\x65\xE3\x9B\x28\x2F\x57\x9F\xBD\x33\xBC\x07\x48\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x68\x40\xA9\xA8\xBB\xE4\x4F\x5D\x79\xB3\x05\xB5\x17\xB3\x60\x13\xEB\xC6\x92\x5D\xE0\xD1\xD3\x6A\xFE\xFB\xBE\x9B\x6D\xBF\xC7\x05\x6D\x59\x20\xC4\x1C\xF0\xB7\xDA\x84\x58\x02\x63\xFA\x48\x16\xEF\x4F\xA5\x0B\xF7\x4A\x98\xF2\x3F\x9E\x1B\xAD\x47\x6B\x63\xCE\x08\x47\xEB\x52\x3F\x78\x9C\xAF\x4D\xAE\xF8\xD5\x4F\xCF\x9A\x98\x2A\x10\x41\x39\x52\xC4\xDD\xD9\x9B\x0E\xEF\x93\x01\xAE\xB2\x2E\xCA\x68\x42\x24\x42\x6C\xB0\xB3\x3A\x3E\xCD\xE9\xDA\x48\xC4\x15\xCB\xE9\xF9\x07\x0F\x92\x50\x49\x8A\xDD\x31\x97\x5F\xC9\xE9\x37\xAA\x3B\x59\x65\x97\x94\x32\xC9\xB3\x9F\x3E\x3A\x62\x58\xC5\x49\xAD\x62\x0E\x71\xA5\x32\xAA\x2F\xC6\x89\x76\x43\x40\x13\x13\x67\x3D\xA2\x54\x25\x10\xCB\xF1\x3A\xF2\xD9\xFA\xDB\x49\x56\xBB\xA6\xFE\xA7\x41\x35\xC3\xE0\x88\x61\xC9\x88\xC7\xDF\x36\x10\x22\x98\x59\xEA\xB0\x4A\xFB\x56\x16\x73\x6E\xAC\x4D\xF7\x22\xA1\x4F\xAD\x1D\x7A\x2D\x45\x27\xE5\x30\xC1\x5E\xF2\xDA\x13\xCB\x25\x42\x51\x95\x47\x03\x8C\x6C\x21\xCC\x74\x42\xED\x53\xFF\x33\x8B\x8F\x0F\x57\x01\x16\x2F\xCF\xA6\xEE\xC9\x70\x22\x14\xBD\xFD\xBE\x6C\x0B\x03",
 	["CN=Sonera Class2 CA,O=Sonera,C=FI"] = "\x30\x82\x03\x20\x30\x82\x02\x08\xA0\x03\x02\x01\x02\x02\x01\x1D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x39\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x49\x31\x0F\x30\x0D\x06\x03\x55\x04\x0A\x13\x06\x53\x6F\x6E\x65\x72\x61\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x6F\x6E\x65\x72\x61\x20\x43\x6C\x61\x73\x73\x32\x20\x43\x41\x30\x1E\x17\x0D\x30\x31\x30\x34\x30\x36\x30\x37\x32\x39\x34\x30\x5A\x17\x0D\x32\x31\x30\x34\x30\x36\x30\x37\x32\x39\x34\x30\x5A\x30\x39\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x49\x31\x0F\x30\x0D\x06\x03\x55\x04\x0A\x13\x06\x53\x6F\x6E\x65\x72\x61\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x6F\x6E\x65\x72\x61\x20\x43\x6C\x61\x73\x73\x32\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x90\x17\x4A\x35\x9D\xCA\xF0\x0D\x96\xC7\x44\xFA\x16\x37\xFC\x48\xBD\xBD\x7F\x80\x2D\x35\x3B\xE1\x6F\xA8\x67\xA9\xBF\x03\x1C\x4D\x8C\x6F\x32\x47\xD5\x41\x68\xA4\x13\x04\xC1\x35\x0C\x9A\x84\x43\xFC\x5C\x1D\xFF\x89\xB3\xE8\x17\x18\xCD\x91\x5F\xFB\x89\xE3\xEA\xBF\x4E\x5D\x7C\x1B\x26\xD3\x75\x79\xED\xE6\x84\xE3\x57\xE5\xAD\x29\xC4\xF4\x3A\x28\xE7\xA5\x7B\x84\x36\x69\xB3\xFD\x5E\x76\xBD\xA3\x2D\x99\xD3\x90\x4E\x23\x28\x7D\x18\x63\xF1\x54\x3B\x26\x9D\x76\x5B\x97\x42\xB2\xFF\xAE\xF0\x4E\xEC\xDD\x39\x95\x4E\x83\x06\x7F\xE7\x49\x40\xC8\xC5\x01\xB2\x54\x5A\x66\x1D\x3D\xFC\xF9\xE9\x3C\x0A\x9E\x81\xB8\x70\xF0\x01\x8B\xE4\x23\x54\x7C\xC8\xAE\xF8\x90\x1E\x00\x96\x72\xD4\x54\xCF\x61\x23\xBC\xEA\xFB\x9D\x02\x95\xD1\xB6\xB9\x71\x3A\x69\x08\x3F\x0F\xB4\xE1\x42\xC7\x88\xF5\x3F\x98\xA8\xA7\xBA\x1C\xE0\x71\x71\xEF\x58\x57\x81\x50\x7A\x5C\x6B\x74\x46\x0E\x83\x03\x98\xC3\x8E\xA8\x6E\xF2\x76\x32\x6E\x27\x83\xC2\x73\xF3\xDC\x18\xE8\xB4\x93\xEA\x75\x44\x6B\x04\x60\x20\x71\x57\x87\x9D\xF3\xBE\xA0\x90\x23\x3D\x8A\x24\xE1\xDA\x21\xDB\xC3\x02\x03\x01\x00\x01\xA3\x33\x30\x31\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x11\x06\x03\x55\x1D\x0E\x04\x0A\x04\x08\x4A\xA0\xAA\x58\x84\xD3\x5E\x3C\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5A\xCE\x87\xF9\x16\x72\x15\x57\x4B\x1D\xD9\x9B\xE7\xA2\x26\x30\xEC\x93\x67\xDF\xD6\x2D\xD2\x34\xAF\xF7\x38\xA5\xCE\xAB\x16\xB9\xAB\x2F\x7C\x35\xCB\xAC\xD0\x0F\xB4\x4C\x2B\xFC\x80\xEF\x6B\x8C\x91\x5F\x36\x76\xF7\xDB\xB3\x1B\x19\xEA\xF4\xB2\x11\xFD\x61\x71\x44\xBF\x28\xB3\x3A\x1D\xBF\xB3\x43\xE8\x9F\xBF\xDC\x31\x08\x71\xB0\x9D\x8D\xD6\x34\x47\x32\x90\xC6\x65\x24\xF7\xA0\x4A\x7C\x04\x73\x8F\x39\x6F\x17\x8C\x72\xB5\xBD\x4B\xC8\x7A\xF8\x7B\x83\xC3\x28\x4E\x9C\x09\xEA\x67\x3F\xB2\x67\x04\x1B\xC3\x14\xDA\xF8\xE7\x49\x24\x91\xD0\x1D\x6A\xFA\x61\x39\xEF\x6B\xE7\x21\x75\x06\x07\xD8\x12\xB4\x21\x20\x70\x42\x71\x81\xDA\x3C\x9A\x36\xBE\xA6\x5B\x0D\x6A\x6C\x9A\x1F\x91\x7B\xF9\xF9\xEF\x42\xBA\x4E\x4E\x9E\xCC\x0C\x8D\x94\xDC\xD9\x45\x9C\x5E\xEC\x42\x50\x63\xAE\xF4\x5D\xC4\xB1\x12\xDC\xCA\x3B\xA8\x2E\x9D\x14\x5A\x05\x75\xB7\xEC\xD7\x63\xE2\xBA\x35\xB6\x04\x08\x91\xE8\xDA\x9D\x9C\xF6\x66\xB5\x18\xAC\x0A\xA6\x54\x26\x34\x33\xD2\x1B\xC1\xD4\x7F\x1A\x3A\x8E\x0B\xAA\x32\x6E\xDB\xFC\x4F\x25\x9F\xD9\x32\xC7\x96\x5A\x70\xAC\xDF\x4C",
 	["CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL"] = "\x30\x82\x03\xBA\x30\x82\x02\xA2\xA0\x03\x02\x01\x02\x02\x04\x00\x98\x96\x8A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4C\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x32\x31\x32\x31\x37\x30\x39\x32\x33\x34\x39\x5A\x17\x0D\x31\x35\x31\x32\x31\x36\x30\x39\x31\x35\x33\x38\x5A\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4C\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x98\xD2\xB5\x51\x11\x7A\x81\xA6\x14\x98\x71\x6D\xBE\xCC\xE7\x13\x1B\xD6\x27\x0E\x7A\xB3\x6A\x18\x1C\xB6\x61\x5A\xD5\x61\x09\xBF\xDE\x90\x13\xC7\x67\xEE\xDD\xF3\xDA\xC5\x0C\x12\x9E\x35\x55\x3E\x2C\x27\x88\x40\x6B\xF7\xDC\xDD\x22\x61\xF5\xC2\xC7\x0E\xF5\xF6\xD5\x76\x53\x4D\x8F\x8C\xBC\x18\x76\x37\x85\x9D\xE8\xCA\x49\xC7\xD2\x4F\x98\x13\x09\xA2\x3E\x22\x88\x9C\x7F\xD6\xF2\x10\x65\xB4\xEE\x5F\x18\xD5\x17\xE3\xF8\xC5\xFD\xE2\x9D\xA2\xEF\x53\x0E\x85\x77\xA2\x0F\xE1\x30\x47\xEE\x00\xE7\x33\x7D\x44\x67\x1A\x0B\x51\xE8\x8B\xA0\x9E\x50\x98\x68\x34\x52\x1F\x2E\x6D\x01\xF2\x60\x45\xF2\x31\xEB\xA9\x31\x68\x29\xBB\x7A\x41\x9E\xC6\x19\x7F\x94\xB4\x51\x39\x03\x7F\xB2\xDE\xA7\x32\x9B\xB4\x47\x8E\x6F\xB4\x4A\xAE\xE5\xAF\xB1\xDC\xB0\x1B\x61\xBC\x99\x72\xDE\xE4\x89\xB7\x7A\x26\x5D\xDA\x33\x49\x5B\x52\x9C\x0E\xF5\x8A\xAD\xC3\xB8\x3D\xE8\x06\x6A\xC2\xD5\x2A\x0B\x6C\x7B\x84\xBD\x56\x05\xCB\x86\x65\x92\xEC\x44\x2B\xB0\x8E\xB9\xDC\x70\x0B\x46\xDA\xAD\xBC\x63\x88\x39\xFA\xDB\x6A\xFE\x23\xFA\xBC\xE4\x48\xF4\x67\x2B\x6A\x11\x10\x21\x49\x02\x03\x01\x00\x01\xA3\x81\x91\x30\x81\x8E\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x4F\x06\x03\x55\x1D\x20\x04\x48\x30\x46\x30\x44\x06\x04\x55\x1D\x20\x00\x30\x3C\x30\x3A\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x2E\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x70\x6B\x69\x6F\x76\x65\x72\x68\x65\x69\x64\x2E\x6E\x6C\x2F\x70\x6F\x6C\x69\x63\x69\x65\x73\x2F\x72\x6F\x6F\x74\x2D\x70\x6F\x6C\x69\x63\x79\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA8\x7D\xEB\xBC\x63\xA4\x74\x13\x74\x00\xEC\x96\xE0\xD3\x34\xC1\x2C\xBF\x6C\xF8\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x05\x84\x87\x55\x74\x36\x61\xC1\xBB\xD1\xD4\xC6\x15\xA8\x13\xB4\x9F\xA4\xFE\xBB\xEE\x15\xB4\x2F\x06\x0C\x29\xF2\xA8\x92\xA4\x61\x0D\xFC\xAB\x5C\x08\x5B\x51\x13\x2B\x4D\xC2\x2A\x61\xC8\xF8\x09\x58\xFC\x2D\x02\xB2\x39\x7D\x99\x66\x81\xBF\x6E\x5C\x95\x45\x20\x6C\xE6\x79\xA7\xD1\xD8\x1C\x29\xFC\xC2\x20\x27\x51\xC8\xF1\x7C\x5D\x34\x67\x69\x85\x11\x30\xC6\x00\xD2\xD7\xF3\xD3\x7C\xB6\xF0\x31\x57\x28\x12\x82\x73\xE9\x33\x2F\xA6\x55\xB4\x0B\x91\x94\x47\x9C\xFA\xBB\x7A\x42\x32\xE8\xAE\x7E\x2D\xC8\xBC\xAC\x14\xBF\xD9\x0F\xD9\x5B\xFC\xC1\xF9\x7A\x95\xE1\x7D\x7E\x96\xFC\x71\xB0\xC2\x4C\xC8\xDF\x45\x34\xC9\xCE\x0D\xF2\x9C\x64\x08\xD0\x3B\xC3\x29\xC5\xB2\xED\x90\x04\xC1\xB1\x29\x91\xC5\x30\x6F\xC1\xA9\x72\x33\xCC\xFE\x5D\x16\x17\x2C\x11\x69\xE7\x7E\xFE\xC5\x83\x08\xDF\xBC\xDC\x22\x3A\x2E\x20\x69\x23\x39\x56\x60\x67\x90\x8B\x2E\x76\x39\xFB\x11\x88\x97\xF6\x7C\xBD\x4B\xB8\x20\x16\x67\x05\x8D\xE2\x3B\xC1\x72\x3F\x94\x95\x37\xC7\x5D\xB9\x9E\xD8\x93\xA1\x17\x8F\xFF\x0C\x66\x15\xC1\x24\x7C\x32\x7C\x03\x1D\x3B\xA1\x58\x45\x32\x93",
-	["OU=TDC Internet Root CA,O=TDC Internet,C=DK"] = "\x30\x82\x04\x2B\x30\x82\x03\x13\xA0\x03\x02\x01\x02\x02\x04\x3A\xCC\xA5\x4C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x43\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x31\x30\x34\x30\x35\x31\x36\x33\x33\x31\x37\x5A\x17\x0D\x32\x31\x30\x34\x30\x35\x31\x37\x30\x33\x31\x37\x5A\x30\x43\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC4\xB8\x40\xBC\x91\xD5\x63\x1F\xD7\x99\xA0\x8B\x0C\x40\x1E\x74\xB7\x48\x9D\x46\x8C\x02\xB2\xE0\x24\x5F\xF0\x19\x13\xA7\x37\x83\x6B\x5D\xC7\x8E\xF9\x84\x30\xCE\x1A\x3B\xFA\xFB\xCE\x8B\x6D\x23\xC6\xC3\x6E\x66\x9F\x89\xA5\xDF\xE0\x42\x50\x67\xFA\x1F\x6C\x1E\xF4\xD0\x05\xD6\xBF\xCA\xD6\x4E\xE4\x68\x60\x6C\x46\xAA\x1C\x5D\x63\xE1\x07\x86\x0E\x65\x00\xA7\x2E\xA6\x71\xC6\xBC\xB9\x81\xA8\x3A\x7D\x1A\xD2\xF9\xD1\xAC\x4B\xCB\xCE\x75\xAF\xDC\x7B\xFA\x81\x73\xD4\xFC\xBA\xBD\x41\x88\xD4\x74\xB3\xF9\x5E\x38\x3A\x3C\x43\xA8\xD2\x95\x4E\x77\x6D\x13\x0C\x9D\x8F\x78\x01\xB7\x5A\x20\x1F\x03\x37\x35\xE2\x2C\xDB\x4B\x2B\x2C\x78\xB9\x49\xDB\xC4\xD0\xC7\x9C\x9C\xE4\x8A\x20\x09\x21\x16\x56\x66\xFF\x05\xEC\x5B\xE3\xF0\xCF\xAB\x24\x24\x5E\xC3\x7F\x70\x7A\x12\xC4\xD2\xB5\x10\xA0\xB6\x21\xE1\x8D\x78\x69\x55\x44\x69\xF5\xCA\x96\x1C\x34\x85\x17\x25\x77\xE2\xF6\x2F\x27\x98\x78\xFD\x79\x06\x3A\xA2\xD6\x5A\x43\xC1\xFF\xEC\x04\x3B\xEE\x13\xEF\xD3\x58\x5A\xFF\x92\xEB\xEC\xAE\xDA\xF2\x37\x03\x47\x41\xB6\x97\xC9\x2D\x0A\x41\x22\xBB\xBB\xE6\xA7\x02\x03\x01\x00\x01\xA3\x82\x01\x25\x30\x82\x01\x21\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x65\x06\x03\x55\x1D\x1F\x04\x5E\x30\x5C\x30\x5A\xA0\x58\xA0\x56\xA4\x54\x30\x52\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x52\x6F\x6F\x74\x20\x43\x41\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x2B\x06\x03\x55\x1D\x10\x04\x24\x30\x22\x80\x0F\x32\x30\x30\x31\x30\x34\x30\x35\x31\x36\x33\x33\x31\x37\x5A\x81\x0F\x32\x30\x32\x31\x30\x34\x30\x35\x31\x37\x30\x33\x31\x37\x5A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x6C\x64\x01\xC7\xFD\x85\x6D\xAC\xC8\xDA\x9E\x50\x08\x85\x08\xB5\x3C\x56\xA8\x50\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x6C\x64\x01\xC7\xFD\x85\x6D\xAC\xC8\xDA\x9E\x50\x08\x85\x08\xB5\x3C\x56\xA8\x50\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x10\x30\x0E\x1B\x08\x56\x35\x2E\x30\x3A\x34\x2E\x30\x03\x02\x04\x90\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4E\x43\xCC\xD1\xDD\x1D\x10\x1B\x06\x7F\xB7\xA4\xFA\xD3\xD9\x4D\xFB\x23\x9F\x23\x54\x5B\xE6\x8B\x2F\x04\x28\x8B\xB5\x27\x6D\x89\xA1\xEC\x98\x69\xDC\xE7\x8D\x26\x83\x05\x79\x74\xEC\xB4\xB9\xA3\x97\xC1\x35\x00\xFD\x15\xDA\x39\x81\x3A\x95\x31\x90\xDE\x97\xE9\x86\xA8\x99\x77\x0C\xE5\x5A\xA0\x84\xFF\x12\x16\xAC\x6E\xB8\x8D\xC3\x7B\x92\xC2\xAC\x2E\xD0\x7D\x28\xEC\xB6\xF3\x60\x38\x69\x6F\x3E\xD8\x04\x55\x3E\x9E\xCC\x55\xD2\xBA\xFE\xBB\x47\x04\xD7\x0A\xD9\x16\x0A\x34\x29\xF5\x58\x13\xD5\x4F\xCF\x8F\x56\x4B\xB3\x1E\xEE\xD3\x98\x79\xDA\x08\x1E\x0C\x6F\xB8\xF8\x16\x27\xEF\xC2\x6F\x3D\xF6\xA3\x4B\x3E\x0E\xE4\x6D\x6C\xDB\x3B\x41\x12\x9B\xBD\x0D\x47\x23\x7F\x3C\x4A\xD0\xAF\xC0\xAF\xF6\xEF\x1B\xB5\x15\xC4\xEB\x83\xC4\x09\x5F\x74\x8B\xD9\x11\xFB\xC2\x56\xB1\x3C\xF8\x70\xCA\x34\x8D\x43\x40\x13\x8C\xFD\x99\x03\x54\x79\xC6\x2E\xEA\x86\xA1\xF6\x3A\xD4\x09\xBC\xF4\xBC\x66\xCC\x3D\x58\xD0\x57\x49\x0A\xEE\x25\xE2\x41\xEE\x13\xF9\x9B\x38\x34\xD1\x00\xF5\x7E\xE7\x94\x1D\xFC\x69\x03\x62\xB8\x99\x05\x05\x3D\x6B\x78\x12\xBD\xB0\x6F\x65",
 	["CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US"] = "\x30\x82\x04\x5E\x30\x82\x03\x46\xA0\x03\x02\x01\x02\x02\x10\x44\xBE\x0C\x8B\x50\x00\x21\xB4\x11\xD3\x2A\x68\x06\xA9\xAD\x69\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x93\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x55\x54\x4E\x20\x2D\x20\x44\x41\x54\x41\x43\x6F\x72\x70\x20\x53\x47\x43\x30\x1E\x17\x0D\x39\x39\x30\x36\x32\x34\x31\x38\x35\x37\x32\x31\x5A\x17\x0D\x31\x39\x30\x36\x32\x34\x31\x39\x30\x36\x33\x30\x5A\x30\x81\x93\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x55\x54\x4E\x20\x2D\x20\x44\x41\x54\x41\x43\x6F\x72\x70\x20\x53\x47\x43\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDF\xEE\x58\x10\xA2\x2B\x6E\x55\xC4\x8E\xBF\x2E\x46\x09\xE7\xE0\x08\x0F\x2E\x2B\x7A\x13\x94\x1B\xBD\xF6\xB6\x80\x8E\x65\x05\x93\x00\x1E\xBC\xAF\xE2\x0F\x8E\x19\x0D\x12\x47\xEC\xAC\xAD\xA3\xFA\x2E\x70\xF8\xDE\x6E\xFB\x56\x42\x15\x9E\x2E\x5C\xEF\x23\xDE\x21\xB9\x05\x76\x27\x19\x0F\x4F\xD6\xC3\x9C\xB4\xBE\x94\x19\x63\xF2\xA6\x11\x0A\xEB\x53\x48\x9C\xBE\xF2\x29\x3B\x16\xE8\x1A\xA0\x4C\xA6\xC9\xF4\x18\x59\x68\xC0\x70\xF2\x53\x00\xC0\x5E\x50\x82\xA5\x56\x6F\x36\xF9\x4A\xE0\x44\x86\xA0\x4D\x4E\xD6\x47\x6E\x49\x4A\xCB\x67\xD7\xA6\xC4\x05\xB9\x8E\x1E\xF4\xFC\xFF\xCD\xE7\x36\xE0\x9C\x05\x6C\xB2\x33\x22\x15\xD0\xB4\xE0\xCC\x17\xC0\xB2\xC0\xF4\xFE\x32\x3F\x29\x2A\x95\x7B\xD8\xF2\xA7\x4E\x0F\x54\x7C\xA1\x0D\x80\xB3\x09\x03\xC1\xFF\x5C\xDD\x5E\x9A\x3E\xBC\xAE\xBC\x47\x8A\x6A\xAE\x71\xCA\x1F\xB1\x2A\xB8\x5F\x42\x05\x0B\xEC\x46\x30\xD1\x72\x0B\xCA\xE9\x56\x6D\xF5\xEF\xDF\x78\xBE\x61\xBA\xB2\xA5\xAE\x04\x4C\xBC\xA8\xAC\x69\x15\x97\xBD\xEF\xEB\xB4\x8C\xBF\x35\xF8\xD4\xC3\xD1\x28\x0E\x5C\x3A\x9F\x70\x18\x33\x20\x77\xC4\xA2\xAF\x02\x03\x01\x00\x01\xA3\x81\xAB\x30\x81\xA8\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\xC6\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x53\x32\xD1\xB3\xCF\x7F\xFA\xE0\xF1\xA0\x5D\x85\x4E\x92\xD2\x9E\x45\x1D\xB4\x4F\x30\x3D\x06\x03\x55\x1D\x1F\x04\x36\x30\x34\x30\x32\xA0\x30\xA0\x2E\x86\x2C\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x2F\x55\x54\x4E\x2D\x44\x41\x54\x41\x43\x6F\x72\x70\x53\x47\x43\x2E\x63\x72\x6C\x30\x2A\x06\x03\x55\x1D\x25\x04\x23\x30\x21\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x03\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x04\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x27\x35\x97\x00\x8A\x8B\x28\xBD\xC6\x33\x30\x1E\x29\xFC\xE2\xF7\xD5\x98\xD4\x40\xBB\x60\xCA\xBF\xAB\x17\x2C\x09\x36\x7F\x50\xFA\x41\xDC\xAE\x96\x3A\x0A\x23\x3E\x89\x59\xC9\xA3\x07\xED\x1B\x37\xAD\xFC\x7C\xBE\x51\x49\x5A\xDE\x3A\x0A\x54\x08\x16\x45\xC2\x99\xB1\x87\xCD\x8C\x68\xE0\x69\x03\xE9\xC4\x4E\x98\xB2\x3B\x8C\x16\xB3\x0E\xA0\x0C\x98\x50\x9B\x93\xA9\x70\x09\xC8\x2C\xA3\x8F\xDF\x02\xE4\xE0\x71\x3A\xF1\xB4\x23\x72\xA0\xAA\x01\xDF\xDF\x98\x3E\x14\x50\xA0\x31\x26\xBD\x28\xE9\x5A\x30\x26\x75\xF9\x7B\x60\x1C\x8D\xF3\xCD\x50\x26\x6D\x04\x27\x9A\xDF\xD5\x0D\x45\x47\x29\x6B\x2C\xE6\x76\xD9\xA9\x29\x7D\x32\xDD\xC9\x36\x3C\xBD\xAE\x35\xF1\x11\x9E\x1D\xBB\x90\x3F\x12\x47\x4E\x8E\xD7\x7E\x0F\x62\x73\x1D\x52\x26\x38\x1C\x18\x49\xFD\x30\x74\x9A\xC4\xE5\x22\x2F\xD8\xC0\x8D\xED\x91\x7A\x4C\x00\x8F\x72\x7F\x5D\xDA\xDD\x1B\x8B\x45\x6B\xE7\xDD\x69\x97\xA8\xC5\x56\x4C\x0F\x0C\xF6\x9F\x7A\x91\x37\xF6\x97\x82\xE0\xDD\x71\x69\xFF\x76\x3F\x60\x4D\x3C\xCF\xF7\x99\xF9\xC6\x57\xF4\xC9\x55\x39\x78\xBA\x2C\x79\xC9\xA6\x88\x2B\xF4\x08",
 	["CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US"] = "\x30\x82\x04\x74\x30\x82\x03\x5C\xA0\x03\x02\x01\x02\x02\x10\x44\xBE\x0C\x8B\x50\x00\x24\xB4\x11\xD3\x36\x2A\xFE\x65\x0A\xFD\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x97\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x13\x16\x55\x54\x4E\x2D\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2D\x48\x61\x72\x64\x77\x61\x72\x65\x30\x1E\x17\x0D\x39\x39\x30\x37\x30\x39\x31\x38\x31\x30\x34\x32\x5A\x17\x0D\x31\x39\x30\x37\x30\x39\x31\x38\x31\x39\x32\x32\x5A\x30\x81\x97\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x13\x16\x55\x54\x4E\x2D\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2D\x48\x61\x72\x64\x77\x61\x72\x65\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB1\xF7\xC3\x38\x3F\xB4\xA8\x7F\xCF\x39\x82\x51\x67\xD0\x6D\x9F\xD2\xFF\x58\xF3\xE7\x9F\x2B\xEC\x0D\x89\x54\x99\xB9\x38\x99\x16\xF7\xE0\x21\x79\x48\xC2\xBB\x61\x74\x12\x96\x1D\x3C\x6A\x72\xD5\x3C\x10\x67\x3A\x39\xED\x2B\x13\xCD\x66\xEB\x95\x09\x33\xA4\x6C\x97\xB1\xE8\xC6\xEC\xC1\x75\x79\x9C\x46\x5E\x8D\xAB\xD0\x6A\xFD\xB9\x2A\x55\x17\x10\x54\xB3\x19\xF0\x9A\xF6\xF1\xB1\x5D\xB6\xA7\x6D\xFB\xE0\x71\x17\x6B\xA2\x88\xFB\x00\xDF\xFE\x1A\x31\x77\x0C\x9A\x01\x7A\xB1\x32\xE3\x2B\x01\x07\x38\x6E\xC3\xA5\x5E\x23\xBC\x45\x9B\x7B\x50\xC1\xC9\x30\x8F\xDB\xE5\x2B\x7A\xD3\x5B\xFB\x33\x40\x1E\xA0\xD5\x98\x17\xBC\x8B\x87\xC3\x89\xD3\x5D\xA0\x8E\xB2\xAA\xAA\xF6\x8E\x69\x88\x06\xC5\xFA\x89\x21\xF3\x08\x9D\x69\x2E\x09\x33\x9B\x29\x0D\x46\x0F\x8C\xCC\x49\x34\xB0\x69\x51\xBD\xF9\x06\xCD\x68\xAD\x66\x4C\xBC\x3E\xAC\x61\xBD\x0A\x88\x0E\xC8\xDF\x3D\xEE\x7C\x04\x4C\x9D\x0A\x5E\x6B\x91\xD6\xEE\xC7\xED\x28\x8D\xAB\x4D\x87\x89\x73\xD0\x6E\xA4\xD0\x1E\x16\x8B\x14\xE1\x76\x44\x03\x7F\x63\xAC\xE4\xCD\x49\x9C\xC5\x92\xF4\xAB\x32\xA1\x48\x5B\x02\x03\x01\x00\x01\xA3\x81\xB9\x30\x81\xB6\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\xC6\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA1\x72\x5F\x26\x1B\x28\x98\x43\x95\x5D\x07\x37\xD5\x85\x96\x9D\x4B\xD2\xC3\x45\x30\x44\x06\x03\x55\x1D\x1F\x04\x3D\x30\x3B\x30\x39\xA0\x37\xA0\x35\x86\x33\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x2F\x55\x54\x4E\x2D\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2D\x48\x61\x72\x64\x77\x61\x72\x65\x2E\x63\x72\x6C\x30\x31\x06\x03\x55\x1D\x25\x04\x2A\x30\x28\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x05\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x06\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x07\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x47\x19\x0F\xDE\x74\xC6\x99\x97\xAF\xFC\xAD\x28\x5E\x75\x8E\xEB\x2D\x67\xEE\x4E\x7B\x2B\xD7\x0C\xFF\xF6\xDE\xCB\x55\xA2\x0A\xE1\x4C\x54\x65\x93\x60\x6B\x9F\x12\x9C\xAD\x5E\x83\x2C\xEB\x5A\xAE\xC0\xE4\x2D\xF4\x00\x63\x1D\xB8\xC0\x6C\xF2\xCF\x49\xBB\x4D\x93\x6F\x06\xA6\x0A\x22\xB2\x49\x62\x08\x4E\xFF\xC8\xC8\x14\xB2\x88\x16\x5D\xE7\x01\xE4\x12\x95\xE5\x45\x34\xB3\x8B\x69\xBD\xCF\xB4\x85\x8F\x75\x51\x9E\x7D\x3A\x38\x3A\x14\x48\x12\xC6\xFB\xA7\x3B\x1A\x8D\x0D\x82\x40\x07\xE8\x04\x08\x90\xA1\x89\xCB\x19\x50\xDF\xCA\x1C\x01\xBC\x1D\x04\x19\x7B\x10\x76\x97\x3B\xEE\x90\x90\xCA\xC4\x0E\x1F\x16\x6E\x75\xEF\x33\xF8\xD3\x6F\x5B\x1E\x96\xE3\xE0\x74\x77\x74\x7B\x8A\xA2\x6E\x2D\xDD\x76\xD6\x39\x30\x82\xF0\xAB\x9C\x52\xF2\x2A\xC7\xAF\x49\x5E\x7E\xC7\x68\xE5\x82\x81\xC8\x6A\x27\xF9\x27\x88\x2A\xD5\x58\x50\x95\x1F\xF0\x3B\x1C\x57\xBB\x7D\x14\x39\x62\x2B\x9A\xC9\x94\x92\x2A\xA3\x22\x0C\xFF\x89\x26\x7D\x5F\x23\x2B\x47\xD7\x15\x1D\xA9\x6A\x9E\x51\x0D\x2A\x51\x9E\x81\xF9\xD4\x3B\x5E\x70\x12\x7F\x10\x32\x9C\x1E\xBB\x9D\xF8\x66\xA8",
 	["CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU"] = "\x30\x82\x04\xBD\x30\x82\x03\xA5\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0A\x13\x1E\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0B\x13\x1A\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x43\x68\x61\x6D\x62\x65\x72\x73\x20\x6F\x66\x20\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x33\x30\x39\x33\x30\x31\x36\x31\x33\x34\x33\x5A\x17\x0D\x33\x37\x30\x39\x33\x30\x31\x36\x31\x33\x34\x34\x5A\x30\x7F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0A\x13\x1E\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0B\x13\x1A\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x43\x68\x61\x6D\x62\x65\x72\x73\x20\x6F\x66\x20\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x82\x01\x20\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0D\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xB7\x36\x55\xE5\xA5\x5D\x18\x30\xE0\xDA\x89\x54\x91\xFC\xC8\xC7\x52\xF8\x2F\x50\xD9\xEF\xB1\x75\x73\x65\x47\x7D\x1B\x5B\xBA\x75\xC5\xFC\xA1\x88\x24\xFA\x2F\xED\xCA\x08\x4A\x39\x54\xC4\x51\x7A\xB5\xDA\x60\xEA\x38\x3C\x81\xB2\xCB\xF1\xBB\xD9\x91\x23\x3F\x48\x01\x70\x75\xA9\x05\x2A\xAD\x1F\x71\xF3\xC9\x54\x3D\x1D\x06\x6A\x40\x3E\xB3\x0C\x85\xEE\x5C\x1B\x79\xC2\x62\xC4\xB8\x36\x8E\x35\x5D\x01\x0C\x23\x04\x47\x35\xAA\x9B\x60\x4E\xA0\x66\x3D\xCB\x26\x0A\x9C\x40\xA1\xF4\x5D\x98\xBF\x71\xAB\xA5\x00\x68\x2A\xED\x83\x7A\x0F\xA2\x14\xB5\xD4\x22\xB3\x80\xB0\x3C\x0C\x5A\x51\x69\x2D\x58\x18\x8F\xED\x99\x9E\xF1\xAE\xE2\x95\xE6\xF6\x47\xA8\xD6\x0C\x0F\xB0\x58\x58\xDB\xC3\x66\x37\x9E\x9B\x91\x54\x33\x37\xD2\x94\x1C\x6A\x48\xC9\xC9\xF2\xA5\xDA\xA5\x0C\x23\xF7\x23\x0E\x9C\x32\x55\x5E\x71\x9C\x84\x05\x51\x9A\x2D\xFD\xE6\x4E\x2A\x34\x5A\xDE\xCA\x40\x37\x67\x0C\x54\x21\x55\x77\xDA\x0A\x0C\xCC\x97\xAE\x80\xDC\x94\x36\x4A\xF4\x3E\xCE\x36\x13\x1E\x53\xE4\xAC\x4E\x3A\x05\xEC\xDB\xAE\x72\x9C\x38\x8B\xD0\x39\x3B\x89\x0A\x3E\x77\xFE\x75\x02\x01\x03\xA3\x82\x01\x44\x30\x82\x01\x40\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x0C\x30\x3C\x06\x03\x55\x1D\x1F\x04\x35\x30\x33\x30\x31\xA0\x2F\xA0\x2D\x86\x2B\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x2F\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x2E\x63\x72\x6C\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE3\x94\xF5\xB1\x4D\xE9\xDB\xA1\x29\x5B\x57\x8B\x4D\x76\x06\x76\xE1\xD1\xA2\x8A\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x27\x06\x03\x55\x1D\x11\x04\x20\x30\x1E\x81\x1C\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x40\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x30\x27\x06\x03\x55\x1D\x12\x04\x20\x30\x1E\x81\x1C\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x40\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x30\x58\x06\x03\x55\x1D\x20\x04\x51\x30\x4F\x30\x4D\x06\x0B\x2B\x06\x01\x04\x01\x81\x87\x2E\x0A\x03\x01\x30\x3E\x30\x3C\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x30\x68\x74\x74\x70\x3A\x2F\x2F\x63\x70\x73\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x2F\x63\x70\x73\x2F\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x2E\x68\x74\x6D\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x0C\x41\x97\xC2\x1A\x86\xC0\x22\x7C\x9F\xFB\x90\xF3\x1A\xD1\x03\xB1\xEF\x13\xF9\x21\x5F\x04\x9C\xDA\xC9\xA5\x8D\x27\x6C\x96\x87\x91\xBE\x41\x90\x01\x72\x93\xE7\x1E\x7D\x5F\xF6\x89\xC6\x5D\xA7\x40\x09\x3D\xAC\x49\x45\x45\xDC\x2E\x8D\x30\x68\xB2\x09\xBA\xFB\xC3\x2F\xCC\xBA\x0B\xDF\x3F\x77\x7B\x46\x7D\x3A\x12\x24\x8E\x96\x8F\x3C\x05\x0A\x6F\xD2\x94\x28\x1D\x6D\x0C\xC0\x2E\x88\x22\xD5\xD8\xCF\x1D\x13\xC7\xF0\x48\xD7\xD7\x05\xA7\xCF\xC7\x47\x9E\x3B\x3C\x34\xC8\x80\x4F\xD4\x14\xBB\xFC\x0D\x50\xF7\xFA\xB3\xEC\x42\x5F\xA9\xDD\x6D\xC8\xF4\x75\xCF\x7B\xC1\x72\x26\xB1\x01\x1C\x5C\x2C\xFD\x7A\x4E\xB4\x01\xC5\x05\x57\xB9\xE7\x3C\xAA\x05\xD9\x88\xE9\x07\x46\x41\xCE\xEF\x41\x81\xAE\x58\xDF\x83\xA2\xAE\xCA\xD7\x77\x1F\xE7\x00\x3C\x9D\x6F\x8E\xE4\x32\x09\x1D\x4D\x78\x34\x78\x34\x3C\x94\x9B\x26\xED\x4F\x71\xC6\x19\x7A\xBD\x20\x22\x48\x5A\xFE\x4B\x7D\x03\xB7\xE7\x58\xBE\xC6\x32\x4E\x74\x1E\x68\xDD\xA8\x68\x5B\xB3\x3E\xEE\x62\x7D\xD9\x80\xE8\x0A\x75\x7A\xB7\xEE\xB4\x65\x9A\x21\x90\xE0\xAA\xD0\x98\xBC\x38\xB5\x73\x3C\x8B\xF8\xDC",
@@ -83,9 +73,7 @@ redef root_certs += {
 	["CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH"] = "\x30\x82\x03\xF1\x30\x82\x02\xD9\xA0\x03\x02\x01\x02\x02\x10\x41\x3D\x72\xC7\xF4\x6B\x1F\x81\x43\x7D\xF1\xD2\x28\x54\xDF\x9A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x8A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x57\x49\x53\x65\x4B\x65\x79\x31\x1B\x30\x19\x06\x03\x55\x04\x0B\x13\x12\x43\x6F\x70\x79\x72\x69\x67\x68\x74\x20\x28\x63\x29\x20\x32\x30\x30\x35\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x4F\x49\x53\x54\x45\x20\x46\x6F\x75\x6E\x64\x61\x74\x69\x6F\x6E\x20\x45\x6E\x64\x6F\x72\x73\x65\x64\x31\x28\x30\x26\x06\x03\x55\x04\x03\x13\x1F\x4F\x49\x53\x54\x45\x20\x57\x49\x53\x65\x4B\x65\x79\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x20\x47\x41\x20\x43\x41\x30\x1E\x17\x0D\x30\x35\x31\x32\x31\x31\x31\x36\x30\x33\x34\x34\x5A\x17\x0D\x33\x37\x31\x32\x31\x31\x31\x36\x30\x39\x35\x31\x5A\x30\x81\x8A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x57\x49\x53\x65\x4B\x65\x79\x31\x1B\x30\x19\x06\x03\x55\x04\x0B\x13\x12\x43\x6F\x70\x79\x72\x69\x67\x68\x74\x20\x28\x63\x29\x20\x32\x30\x30\x35\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x4F\x49\x53\x54\x45\x20\x46\x6F\x75\x6E\x64\x61\x74\x69\x6F\x6E\x20\x45\x6E\x64\x6F\x72\x73\x65\x64\x31\x28\x30\x26\x06\x03\x55\x04\x03\x13\x1F\x4F\x49\x53\x54\x45\x20\x57\x49\x53\x65\x4B\x65\x79\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x20\x47\x41\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCB\x4F\xB3\x00\x9B\x3D\x36\xDD\xF9\xD1\x49\x6A\x6B\x10\x49\x1F\xEC\xD8\x2B\xB2\xC6\xF8\x32\x81\x29\x43\x95\x4C\x9A\x19\x23\x21\x15\x45\xDE\xE3\xC8\x1C\x51\x55\x5B\xAE\x93\xE8\x37\xFF\x2B\x6B\xE9\xD4\xEA\xBE\x2A\xDD\xA8\x51\x2B\xD7\x66\xC3\x61\x5C\x60\x02\xC8\xF5\xCE\x72\x7B\x3B\xB8\xF2\x4E\x65\x08\x9A\xCD\xA4\x6A\x19\xC1\x01\xBB\x73\xA6\xD7\xF6\xC3\xDD\xCD\xBC\xA4\x8B\xB5\x99\x61\xB8\x01\xA2\xA3\xD4\x4D\xD4\x05\x3D\x91\xAD\xF8\xB4\x08\x71\x64\xAF\x70\xF1\x1C\x6B\x7E\xF6\xC3\x77\x9D\x24\x73\x7B\xE4\x0C\x8C\xE1\xD9\x36\xE1\x99\x8B\x05\x99\x0B\xED\x45\x31\x09\xCA\xC2\x00\xDB\xF7\x72\xA0\x96\xAA\x95\x87\xD0\x8E\xC7\xB6\x61\x73\x0D\x76\x66\x8C\xDC\x1B\xB4\x63\xA2\x9F\x7F\x93\x13\x30\xF1\xA1\x27\xDB\xD9\xFF\x2C\x55\x88\x91\xA0\xE0\x4F\x07\xB0\x28\x56\x8C\x18\x1B\x97\x44\x8E\x89\xDD\xE0\x17\x6E\xE7\x2A\xEF\x8F\x39\x0A\x31\x84\x82\xD8\x40\x14\x49\x2E\x7A\x41\xE4\xA7\xFE\xE3\x64\xCC\xC1\x59\x71\x4B\x2C\x21\xA7\x5B\x7D\xE0\x1D\xD1\x2E\x81\x9B\xC3\xD8\x68\xF7\xBD\x96\x1B\xAC\x70\xB1\x16\x14\x0B\xDB\x60\xB9\x26\x01\x05\x02\x03\x01\x00\x01\xA3\x51\x30\x4F\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x86\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xB3\x03\x7E\xAE\x36\xBC\xB0\x79\xD1\xDC\x94\x26\xB6\x11\xBE\x21\xB2\x69\x86\x94\x30\x10\x06\x09\x2B\x06\x01\x04\x01\x82\x37\x15\x01\x04\x03\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4B\xA1\xFF\x0B\x87\x6E\xB3\xF9\xC1\x43\xB1\x48\xF3\x28\xC0\x1D\x2E\xC9\x09\x41\xFA\x94\x00\x1C\xA4\xA4\xAB\x49\x4F\x8F\x3D\x1E\xEF\x4D\x6F\xBD\xBC\xA4\xF6\xF2\x26\x30\xC9\x10\xCA\x1D\x88\xFB\x74\x19\x1F\x85\x45\xBD\xB0\x6C\x51\xF9\x36\x7E\xDB\xF5\x4C\x32\x3A\x41\x4F\x5B\x47\xCF\xE8\x0B\x2D\xB6\xC4\x19\x9D\x74\xC5\x47\xC6\x3B\x6A\x0F\xAC\x14\xDB\x3C\xF4\x73\x9C\xA9\x05\xDF\x00\xDC\x74\x78\xFA\xF8\x35\x60\x59\x02\x13\x18\x7C\xBC\xFB\x4D\xB0\x20\x6D\x43\xBB\x60\x30\x7A\x67\x33\x5C\xC5\x99\xD1\xF8\x2D\x39\x52\x73\xFB\x8C\xAA\x97\x25\x5C\x72\xD9\x08\x1E\xAB\x4E\x3C\xE3\x81\x31\x9F\x03\xA6\xFB\xC0\xFE\x29\x88\x55\xDA\x84\xD5\x50\x03\xB6\xE2\x84\xA3\xA6\x36\xAA\x11\x3A\x01\xE1\x18\x4B\xD6\x44\x68\xB3\x3D\xF9\x53\x74\x84\xB3\x46\x91\x46\x96\x00\xB7\x80\x2C\xB6\xE1\xE3\x10\xE2\xDB\xA2\xE7\x28\x8F\x01\x96\x62\x16\x3E\x00\xE3\x1C\xA5\x36\x81\x18\xA2\x4C\x52\x76\xC0\x11\xA3\x6E\xE6\x1D\xBA\xE3\x5A\xBE\x36\x53\xC5\x3E\x75\x8F\x86\x69\x29\x58\x53\xB5\x9C\xBB\x6F\x9F\x5C\xC5\x18\xEC\xDD\x2F\xE1\x98\xC9\xFC\xBE\xDF\x0A\x0D",
 	["CN=Microsec e-Szigno Root CA,OU=e-Szigno CA,O=Microsec Ltd.,L=Budapest,C=HU"] = "\x30\x82\x07\xA8\x30\x82\x06\x90\xA0\x03\x02\x01\x02\x02\x11\x00\xCC\xB8\xE7\xBF\x4E\x29\x1A\xFD\xA2\xDC\x66\xA5\x1C\x2C\x0F\x11\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x72\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x4C\x74\x64\x2E\x31\x14\x30\x12\x06\x03\x55\x04\x0B\x13\x0B\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x43\x41\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x35\x30\x34\x30\x36\x31\x32\x32\x38\x34\x34\x5A\x17\x0D\x31\x37\x30\x34\x30\x36\x31\x32\x32\x38\x34\x34\x5A\x30\x72\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x4C\x74\x64\x2E\x31\x14\x30\x12\x06\x03\x55\x04\x0B\x13\x0B\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x43\x41\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xED\xC8\x00\xD5\x81\x7B\xCD\x38\x00\x47\xCC\xDB\x84\xC1\x21\x69\x2C\x74\x90\x0C\x21\xD9\x53\x87\xED\x3E\x43\x44\x53\xAF\xAB\xF8\x80\x9B\x3C\x78\x8D\xD4\x8D\xAE\xB8\xEF\xD3\x11\xDC\x81\xE6\xCF\x3B\x96\x8C\xD6\x6F\x15\xC6\x77\x7E\xA1\x2F\xE0\x5F\x92\xB6\x27\xD7\x76\x9A\x1D\x43\x3C\xEA\xD9\xEC\x2F\xEE\x39\xF3\x6A\x67\x4B\x8B\x82\xCF\x22\xF8\x65\x55\xFE\x2C\xCB\x2F\x7D\x48\x7A\x3D\x75\xF9\xAA\xA0\x27\xBB\x78\xC2\x06\xCA\x51\xC2\x7E\x66\x4B\xAF\xCD\xA2\xA7\x4D\x02\x82\x3F\x82\xAC\x85\xC6\xE1\x0F\x90\x47\x99\x94\x0A\x71\x72\x93\x2A\xC9\xA6\xC0\xBE\x3C\x56\x4C\x73\x92\x27\xF1\x6B\xB5\xF5\xFD\xFC\x30\x05\x60\x92\xC6\xEB\x96\x7E\x01\x91\xC2\x69\xB1\x1E\x1D\x7B\x53\x45\xB8\xDC\x41\x1F\xC9\x8B\x71\xD6\x54\x14\xE3\x8B\x54\x78\x3F\xBE\xF4\x62\x3B\x5B\xF5\xA3\xEC\xD5\x92\x74\xE2\x74\x30\xEF\x01\xDB\xE1\xD4\xAB\x99\x9B\x2A\x6B\xF8\xBD\xA6\x1C\x86\x23\x42\x5F\xEC\x49\xDE\x9A\x8B\x5B\xF4\x72\x3A\x40\xC5\x49\x3E\xA5\xBE\x8E\xAA\x71\xEB\x6C\xFA\xF5\x1A\xE4\x6A\xFD\x7B\x7D\x55\x40\xEF\x58\x6E\xE6\xD9\xD5\xBC\x24\xAB\xC1\xEF\xB7\x02\x03\x01\x00\x01\xA3\x82\x04\x37\x30\x82\x04\x33\x30\x67\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x01\x04\x5B\x30\x59\x30\x28\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x01\x86\x1C\x68\x74\x74\x70\x73\x3A\x2F\x2F\x72\x63\x61\x2E\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x2F\x6F\x63\x73\x70\x30\x2D\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x02\x86\x21\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x2F\x52\x6F\x6F\x74\x43\x41\x2E\x63\x72\x74\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x82\x01\x73\x06\x03\x55\x1D\x20\x04\x82\x01\x6A\x30\x82\x01\x66\x30\x82\x01\x62\x06\x0C\x2B\x06\x01\x04\x01\x81\xA8\x18\x02\x01\x01\x01\x30\x82\x01\x50\x30\x28\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x1C\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x2F\x53\x5A\x53\x5A\x2F\x30\x82\x01\x22\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x82\x01\x14\x1E\x82\x01\x10\x00\x41\x00\x20\x00\x74\x00\x61\x00\x6E\x00\xFA\x00\x73\x00\xED\x00\x74\x00\x76\x00\xE1\x00\x6E\x00\x79\x00\x20\x00\xE9\x00\x72\x00\x74\x00\x65\x00\x6C\x00\x6D\x00\x65\x00\x7A\x00\xE9\x00\x73\x00\xE9\x00\x68\x00\x65\x00\x7A\x00\x20\x00\xE9\x00\x73\x00\x20\x00\x65\x00\x6C\x00\x66\x00\x6F\x00\x67\x00\x61\x00\x64\x00\xE1\x00\x73\x00\xE1\x00\x68\x00\x6F\x00\x7A\x00\x20\x00\x61\x00\x20\x00\x53\x00\x7A\x00\x6F\x00\x6C\x00\x67\x00\xE1\x00\x6C\x00\x74\x00\x61\x00\x74\x00\xF3\x00\x20\x00\x53\x00\x7A\x00\x6F\x00\x6C\x00\x67\x00\xE1\x00\x6C\x00\x74\x00\x61\x00\x74\x00\xE1\x00\x73\x00\x69\x00\x20\x00\x53\x00\x7A\x00\x61\x00\x62\x00\xE1\x00\x6C\x00\x79\x00\x7A\x00\x61\x00\x74\x00\x61\x00\x20\x00\x73\x00\x7A\x00\x65\x00\x72\x00\x69\x00\x6E\x00\x74\x00\x20\x00\x6B\x00\x65\x00\x6C\x00\x6C\x00\x20\x00\x65\x00\x6C\x00\x6A\x00\xE1\x00\x72\x00\x6E\x00\x69\x00\x3A\x00\x20\x00\x68\x00\x74\x00\x74\x00\x70\x00\x3A\x00\x2F\x00\x2F\x00\x77\x00\x77\x00\x77\x00\x2E\x00\x65\x00\x2D\x00\x73\x00\x7A\x00\x69\x00\x67\x00\x6E\x00\x6F\x00\x2E\x00\x68\x00\x75\x00\x2F\x00\x53\x00\x5A\x00\x53\x00\x5A\x00\x2F\x30\x81\xC8\x06\x03\x55\x1D\x1F\x04\x81\xC0\x30\x81\xBD\x30\x81\xBA\xA0\x81\xB7\xA0\x81\xB4\x86\x21\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x2F\x52\x6F\x6F\x74\x43\x41\x2E\x63\x72\x6C\x86\x81\x8E\x6C\x64\x61\x70\x3A\x2F\x2F\x6C\x64\x61\x70\x2E\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x2F\x43\x4E\x3D\x4D\x69\x63\x72\x6F\x73\x65\x63\x25\x32\x30\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x25\x32\x30\x52\x6F\x6F\x74\x25\x32\x30\x43\x41\x2C\x4F\x55\x3D\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x25\x32\x30\x43\x41\x2C\x4F\x3D\x4D\x69\x63\x72\x6F\x73\x65\x63\x25\x32\x30\x4C\x74\x64\x2E\x2C\x4C\x3D\x42\x75\x64\x61\x70\x65\x73\x74\x2C\x43\x3D\x48\x55\x3F\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x52\x65\x76\x6F\x63\x61\x74\x69\x6F\x6E\x4C\x69\x73\x74\x3B\x62\x69\x6E\x61\x72\x79\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x81\x96\x06\x03\x55\x1D\x11\x04\x81\x8E\x30\x81\x8B\x81\x10\x69\x6E\x66\x6F\x40\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\xA4\x77\x30\x75\x31\x23\x30\x21\x06\x03\x55\x04\x03\x0C\x1A\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x65\x2D\x53\x7A\x69\x67\x6E\xC3\xB3\x20\x52\x6F\x6F\x74\x20\x43\x41\x31\x16\x30\x14\x06\x03\x55\x04\x0B\x0C\x0D\x65\x2D\x53\x7A\x69\x67\x6E\xC3\xB3\x20\x48\x53\x5A\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x4B\x66\x74\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x30\x81\xAC\x06\x03\x55\x1D\x23\x04\x81\xA4\x30\x81\xA1\x80\x14\xC7\xA0\x49\x75\x16\x61\x84\xDB\x31\x4B\x84\xD2\xF1\x37\x40\x90\xEF\x4E\xDC\xF7\xA1\x76\xA4\x74\x30\x72\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x4C\x74\x64\x2E\x31\x14\x30\x12\x06\x03\x55\x04\x0B\x13\x0B\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x43\x41\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x52\x6F\x6F\x74\x20\x43\x41\x82\x11\x00\xCC\xB8\xE7\xBF\x4E\x29\x1A\xFD\xA2\xDC\x66\xA5\x1C\x2C\x0F\x11\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xC7\xA0\x49\x75\x16\x61\x84\xDB\x31\x4B\x84\xD2\xF1\x37\x40\x90\xEF\x4E\xDC\xF7\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xD3\x13\x9C\x66\x63\x59\x2E\xCA\x5C\x70\x0C\xFC\x83\xBC\x55\xB1\xF4\x8E\x07\x6C\x66\x27\xCE\xC1\x3B\x20\xA9\x1C\xBB\x46\x54\x70\xEE\x5A\xCC\xA0\x77\xEA\x68\x44\x27\xEB\xF2\x29\xDD\x77\xA9\xD5\xFB\xE3\xD4\xA7\x04\xC4\x95\xB8\x0B\xE1\x44\x68\x60\x07\x43\x30\x31\x42\x61\xE5\xEE\xD9\xE5\x24\xD5\x1B\xDF\xE1\x4A\x1B\xAA\x9F\xC7\x5F\xF8\x7A\x11\xEA\x13\x93\x00\xCA\x8A\x58\xB1\xEE\xED\x0E\x4D\xB4\xD7\xA8\x36\x26\x7C\xE0\x3A\xC1\xD5\x57\x82\xF1\x75\xB6\xFD\x89\x5F\xDA\xF3\xA8\x38\x9F\x35\x06\x08\xCE\x22\x95\xBE\xCD\xD5\xFC\xBE\x5B\xDE\x79\x6B\xDC\x7A\xA9\x65\x66\xBE\xB1\x25\x5A\x5F\xED\x7E\xD3\xAC\x46\x6D\x4C\xF4\x32\x87\xB4\x20\x04\xE0\x6C\x78\xB0\x77\xD1\x85\x46\x4B\xA6\x12\xB7\x75\xE8\x4A\xC9\x56\x6C\xD7\x92\xAB\x9D\xF5\x49\x38\xD2\x4F\x53\xE3\x55\x90\x11\xDB\x98\x96\xC6\x49\xF2\x3E\xF4\x9F\x1B\xE0\xF7\x88\xDC\x25\x62\x99\x44\xD8\x73\xBF\x3F\x30\xF3\x0C\x37\x3E\xD4\xC2\x28\x80\x73\xB1\x01\xB7\x9D\x5A\x96\x14\x01\x4B\xA9\x11\x9D\x29\x6A\x2E\xD0\x5D\x81\xC0\xCF\xB2\x20\x43\xC7\x03\xE0\x37\x4E\x5D\x0A\xDC\x59\x20\x25",
 	["CN=Certigna,O=Dhimyotis,C=FR"] = "\x30\x82\x03\xA8\x30\x82\x02\x90\xA0\x03\x02\x01\x02\x02\x09\x00\xFE\xDC\xE3\x01\x0F\xC9\x48\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x34\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x0C\x09\x44\x68\x69\x6D\x79\x6F\x74\x69\x73\x31\x11\x30\x0F\x06\x03\x55\x04\x03\x0C\x08\x43\x65\x72\x74\x69\x67\x6E\x61\x30\x1E\x17\x0D\x30\x37\x30\x36\x32\x39\x31\x35\x31\x33\x30\x35\x5A\x17\x0D\x32\x37\x30\x36\x32\x39\x31\x35\x31\x33\x30\x35\x5A\x30\x34\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x0C\x09\x44\x68\x69\x6D\x79\x6F\x74\x69\x73\x31\x11\x30\x0F\x06\x03\x55\x04\x03\x0C\x08\x43\x65\x72\x74\x69\x67\x6E\x61\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC8\x68\xF1\xC9\xD6\xD6\xB3\x34\x75\x26\x82\x1E\xEC\xB4\xBE\xEA\x5C\xE1\x26\xED\x11\x47\x61\xE1\xA2\x7C\x16\x78\x40\x21\xE4\x60\x9E\x5A\xC8\x63\xE1\xC4\xB1\x96\x92\xFF\x18\x6D\x69\x23\xE1\x2B\x62\xF7\xDD\xE2\x36\x2F\x91\x07\xB9\x48\xCF\x0E\xEC\x79\xB6\x2C\xE7\x34\x4B\x70\x08\x25\xA3\x3C\x87\x1B\x19\xF2\x81\x07\x0F\x38\x90\x19\xD3\x11\xFE\x86\xB4\xF2\xD1\x5E\x1E\x1E\x96\xCD\x80\x6C\xCE\x3B\x31\x93\xB6\xF2\xA0\xD0\xA9\x95\x12\x7D\xA5\x9A\xCC\x6B\xC8\x84\x56\x8A\x33\xA9\xE7\x22\x15\x53\x16\xF0\xCC\x17\xEC\x57\x5F\xE9\xA2\x0A\x98\x09\xDE\xE3\x5F\x9C\x6F\xDC\x48\xE3\x85\x0B\x15\x5A\xA6\xBA\x9F\xAC\x48\xE3\x09\xB2\xF7\xF4\x32\xDE\x5E\x34\xBE\x1C\x78\x5D\x42\x5B\xCE\x0E\x22\x8F\x4D\x90\xD7\x7D\x32\x18\xB3\x0B\x2C\x6A\xBF\x8E\x3F\x14\x11\x89\x20\x0E\x77\x14\xB5\x3D\x94\x08\x87\xF7\x25\x1E\xD5\xB2\x60\x00\xEC\x6F\x2A\x28\x25\x6E\x2A\x3E\x18\x63\x17\x25\x3F\x3E\x44\x20\x16\xF6\x26\xC8\x25\xAE\x05\x4A\xB4\xE7\x63\x2C\xF3\x8C\x16\x53\x7E\x5C\xFB\x11\x1A\x08\xC1\x46\x62\x9F\x22\xB8\xF1\xC2\x8D\x69\xDC\xFA\x3A\x58\x06\xDF\x02\x03\x01\x00\x01\xA3\x81\xBC\x30\x81\xB9\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x1A\xED\xFE\x41\x39\x90\xB4\x24\x59\xBE\x01\xF2\x52\xD5\x45\xF6\x5A\x39\xDC\x11\x30\x64\x06\x03\x55\x1D\x23\x04\x5D\x30\x5B\x80\x14\x1A\xED\xFE\x41\x39\x90\xB4\x24\x59\xBE\x01\xF2\x52\xD5\x45\xF6\x5A\x39\xDC\x11\xA1\x38\xA4\x36\x30\x34\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x0C\x09\x44\x68\x69\x6D\x79\x6F\x74\x69\x73\x31\x11\x30\x0F\x06\x03\x55\x04\x03\x0C\x08\x43\x65\x72\x74\x69\x67\x6E\x61\x82\x09\x00\xFE\xDC\xE3\x01\x0F\xC9\x48\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x85\x03\x1E\x92\x71\xF6\x42\xAF\xE1\xA3\x61\x9E\xEB\xF3\xC0\x0F\xF2\xA5\xD4\xDA\x95\xE6\xD6\xBE\x68\x36\x3D\x7E\x6E\x1F\x4C\x8A\xEF\xD1\x0F\x21\x6D\x5E\xA5\x52\x63\xCE\x12\xF8\xEF\x2A\xDA\x6F\xEB\x37\xFE\x13\x02\xC7\xCB\x3B\x3E\x22\x6B\xDA\x61\x2E\x7F\xD4\x72\x3D\xDD\x30\xE1\x1E\x4C\x40\x19\x8C\x0F\xD7\x9C\xD1\x83\x30\x7B\x98\x59\xDC\x7D\xC6\xB9\x0C\x29\x4C\xA1\x33\xA2\xEB\x67\x3A\x65\x84\xD3\x96\xE2\xED\x76\x45\x70\x8F\xB5\x2B\xDE\xF9\x23\xD6\x49\x6E\x3C\x14\xB5\xC6\x9F\x35\x1E\x50\xD0\xC1\x8F\x6A\x70\x44\x02\x62\xCB\xAE\x1D\x68\x41\xA7\xAA\x57\xE8\x53\xAA\x07\xD2\x06\xF6\xD5\x14\x06\x0B\x91\x03\x75\x2C\x6C\x72\xB5\x61\x95\x9A\x0D\x8B\xB9\x0D\xE7\xF5\xDF\x54\xCD\xDE\xE6\xD8\xD6\x09\x08\x97\x63\xE5\xC1\x2E\xB0\xB7\x44\x26\xC0\x26\xC0\xAF\x55\x30\x9E\x3B\xD5\x36\x2A\x19\x04\xF4\x5C\x1E\xFF\xCF\x2C\xB7\xFF\xD0\xFD\x87\x40\x11\xD5\x11\x23\xBB\x48\xC0\x21\xA9\xA4\x28\x2D\xFD\x15\xF8\xB0\x4E\x2B\xF4\x30\x5B\x21\xFC\x11\x91\x34\xBE\x41\xEF\x7B\x9D\x97\x75\xFF\x97\x95\xC0\x96\x58\x2F\xEA\xBB\x46\xD7\xBB\xE4\xD9\x2E",
-	["CN=AC Ra\C3\ADz Certic\C3\A1mara S.A.,O=Sociedad Cameral de Certificaci\C3\B3n Digital - Certic\C3\A1mara S.A.,C=CO"] = "\x30\x82\x06\x66\x30\x82\x04\x4E\xA0\x03\x02\x01\x02\x02\x0F\x07\x7E\x52\x93\x7B\xE0\x15\xE3\x57\xF0\x69\x8C\xCB\xEC\x0C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4F\x31\x47\x30\x45\x06\x03\x55\x04\x0A\x0C\x3E\x53\x6F\x63\x69\x65\x64\x61\x64\x20\x43\x61\x6D\x65\x72\x61\x6C\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\xC3\xB3\x6E\x20\x44\x69\x67\x69\x74\x61\x6C\x20\x2D\x20\x43\x65\x72\x74\x69\x63\xC3\xA1\x6D\x61\x72\x61\x20\x53\x2E\x41\x2E\x31\x23\x30\x21\x06\x03\x55\x04\x03\x0C\x1A\x41\x43\x20\x52\x61\xC3\xAD\x7A\x20\x43\x65\x72\x74\x69\x63\xC3\xA1\x6D\x61\x72\x61\x20\x53\x2E\x41\x2E\x30\x1E\x17\x0D\x30\x36\x31\x31\x32\x37\x32\x30\x34\x36\x32\x39\x5A\x17\x0D\x33\x30\x30\x34\x30\x32\x32\x31\x34\x32\x30\x32\x5A\x30\x7B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4F\x31\x47\x30\x45\x06\x03\x55\x04\x0A\x0C\x3E\x53\x6F\x63\x69\x65\x64\x61\x64\x20\x43\x61\x6D\x65\x72\x61\x6C\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\xC3\xB3\x6E\x20\x44\x69\x67\x69\x74\x61\x6C\x20\x2D\x20\x43\x65\x72\x74\x69\x63\xC3\xA1\x6D\x61\x72\x61\x20\x53\x2E\x41\x2E\x31\x23\x30\x21\x06\x03\x55\x04\x03\x0C\x1A\x41\x43\x20\x52\x61\xC3\xAD\x7A\x20\x43\x65\x72\x74\x69\x63\xC3\xA1\x6D\x61\x72\x61\x20\x53\x2E\x41\x2E\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xAB\x6B\x89\xA3\x53\xCC\x48\x23\x08\xFB\xC3\xCF\x51\x96\x08\x2E\xB8\x08\x7A\x6D\x3C\x90\x17\x86\xA9\xE9\xED\x2E\x13\x34\x47\xB2\xD0\x70\xDC\xC9\x3C\xD0\x8D\xCA\xEE\x4B\x17\xAB\xD0\x85\xB0\xA7\x23\x04\xCB\xA8\xA2\xFC\xE5\x75\xDB\x40\xCA\x62\x89\x8F\x50\x9E\x01\x3D\x26\x5B\x18\x84\x1C\xCB\x7C\x37\xB7\x7D\xEC\xD3\x7F\x73\x19\xB0\x6A\xB2\xD8\x88\x8A\x2D\x45\x74\xA8\xF7\xB3\xB8\xC0\xD4\xDA\xCD\x22\x89\x74\x4D\x5A\x15\x39\x73\x18\x74\x4F\xB5\xEB\x99\xA7\xC1\x1E\x88\xB4\xC2\x93\x90\x63\x97\xF3\xA7\xA7\x12\xB2\x09\x22\x07\x33\xD9\x91\xCD\x0E\x9C\x1F\x0E\x20\xC7\xEE\xBB\x33\x8D\x8F\xC2\xD2\x58\xA7\x5F\xFD\x65\x37\xE2\x88\xC2\xD8\x8F\x86\x75\x5E\xF9\x2D\xA7\x87\x33\xF2\x78\x37\x2F\x8B\xBC\x1D\x86\x37\x39\xB1\x94\xF2\xD8\xBC\x4A\x9C\x83\x18\x5A\x06\xFC\xF3\xD4\xD4\xBA\x8C\x15\x09\x25\xF0\xF9\xB6\x8D\x04\x7E\x17\x12\x33\x6B\x57\x48\x4C\x4F\xDB\x26\x1E\xEB\xCC\x90\xE7\x8B\xF9\x68\x7C\x70\x0F\xA3\x2A\xD0\x3A\x38\xDF\x37\x97\xE2\x5B\xDE\x80\x61\xD3\x80\xD8\x91\x83\x42\x5A\x4C\x04\x89\x68\x11\x3C\xAC\x5F\x68\x80\x41\xCC\x60\x42\xCE\x0D\x5A\x2A\x0C\x0F\x9B\x30\xC0\xA6\xF0\x86\xDB\xAB\x49\xD7\x97\x6D\x48\x8B\xF9\x03\xC0\x52\x67\x9B\x12\xF7\xC2\xF2\x2E\x98\x65\x42\xD9\xD6\x9A\xE3\xD0\x19\x31\x0C\xAD\x87\xD5\x57\x02\x7A\x30\xE8\x86\x26\xFB\x8F\x23\x8A\x54\x87\xE4\xBF\x3C\xEE\xEB\xC3\x75\x48\x5F\x1E\x39\x6F\x81\x62\x6C\xC5\x2D\xC4\x17\x54\x19\xB7\x37\x8D\x9C\x37\x91\xC8\xF6\x0B\xD5\xEA\x63\x6F\x83\xAC\x38\xC2\xF3\x3F\xDE\x9A\xFB\xE1\x23\x61\xF0\xC8\x26\xCB\x36\xC8\xA1\xF3\x30\x8F\xA4\xA3\xA2\xA1\xDD\x53\xB3\xDE\xF0\x9A\x32\x1F\x83\x91\x79\x30\xC1\xA9\x1F\x53\x9B\x53\xA2\x15\x53\x3F\xDD\x9D\xB3\x10\x3B\x48\x7D\x89\x0F\xFC\xED\x03\xF5\xFB\x25\x64\x75\x0E\x17\x19\x0D\x8F\x00\x16\x67\x79\x7A\x40\xFC\x2D\x59\x07\xD9\x90\xFA\x9A\xAD\x3D\xDC\x80\x8A\xE6\x5C\x35\xA2\x67\x4C\x11\x6B\xB1\xF8\x80\x64\x00\x2D\x6F\x22\x61\xC5\xAC\x4B\x26\xE5\x5A\x10\x82\x9B\xA4\x83\x7B\x34\xF7\x9E\x89\x91\x20\x97\x8E\xB7\x42\xC7\x66\xC3\xD0\xE9\xA4\xD6\xF5\x20\x8D\xC4\xC3\x95\xAC\x44\x0A\x9D\x5B\x73\x3C\x26\x3D\x2F\x4A\xBE\xA7\xC9\xA7\x10\x1E\xFB\x9F\x50\x69\xF3\x02\x03\x01\x00\x01\xA3\x81\xE6\x30\x81\xE3\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xD1\x09\xD0\xE9\xD7\xCE\x79\x74\x54\xF9\x3A\x30\xB3\xF4\x6D\x2C\x03\x03\x1B\x68\x30\x81\xA0\x06\x03\x55\x1D\x20\x04\x81\x98\x30\x81\x95\x30\x81\x92\x06\x04\x55\x1D\x20\x00\x30\x81\x89\x30\x2B\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x1F\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x65\x72\x74\x69\x63\x61\x6D\x61\x72\x61\x2E\x63\x6F\x6D\x2F\x64\x70\x63\x2F\x30\x5A\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x4E\x1A\x4C\x4C\x69\x6D\x69\x74\x61\x63\x69\x6F\x6E\x65\x73\x20\x64\x65\x20\x67\x61\x72\x61\x6E\x74\xED\x61\x73\x20\x64\x65\x20\x65\x73\x74\x65\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x64\x6F\x20\x73\x65\x20\x70\x75\x65\x64\x65\x6E\x20\x65\x6E\x63\x6F\x6E\x74\x72\x61\x72\x20\x65\x6E\x20\x6C\x61\x20\x44\x50\x43\x2E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x5C\x94\xB5\xB8\x45\x91\x4D\x8E\x61\x1F\x03\x28\x0F\x53\x7C\xE6\xA4\x59\xA9\xB3\x8A\x7A\xC5\xB0\xFF\x08\x7C\x2C\xA3\x71\x1C\x21\x13\x67\xA1\x95\x12\x40\x35\x83\x83\x8F\x74\xDB\x33\x5C\xF0\x49\x76\x0A\x81\x52\xDD\x49\xD4\x9A\x32\x33\xEF\x9B\xA7\xCB\x75\xE5\x7A\xCB\x97\x12\x90\x5C\xBA\x7B\xC5\x9B\xDF\xBB\x39\x23\xC8\xFF\x98\xCE\x0A\x4D\x22\x01\x48\x07\x7E\x8A\xC0\xD5\x20\x42\x94\x44\xEF\xBF\x77\xA2\x89\x67\x48\x1B\x40\x03\x05\xA1\x89\xEC\xCF\x62\xE3\x3D\x25\x76\x66\xBF\x26\xB7\xBB\x22\xBE\x6F\xFF\x39\x57\x74\xBA\x7A\xC9\x01\x95\xC1\x95\x51\xE8\xAB\x2C\xF8\xB1\x86\x20\xE9\x3F\xCB\x35\x5B\xD2\x17\xE9\x2A\xFE\x83\x13\x17\x40\xEE\x88\x62\x65\x5B\xD5\x3B\x60\xE9\x7B\x3C\xB8\xC9\xD5\x7F\x36\x02\x25\xAA\x68\xC2\x31\x15\xB7\x30\x65\xEB\x7F\x1D\x48\x79\xB1\xCF\x39\xE2\x42\x80\x16\xD3\xF5\x93\x23\xFC\x4C\x97\xC9\x5A\x37\x6C\x7C\x22\xD8\x4A\xCD\xD2\x8E\x36\x83\x39\x91\x90\x10\xC8\xF1\xC9\x35\x7E\x3F\xB8\xD3\x81\xC6\x20\x64\x1A\xB6\x50\xC2\x21\xA4\x78\xDC\xD0\x2F\x3B\x64\x93\x74\xF0\x96\x90\xF1\xEF\xFB\x09\x5A\x34\x40\x96\xF0\x36\x12\xC1\xA3\x74\x8C\x93\x7E\x41\xDE\x77\x8B\xEC\x86\xD9\xD2\x0F\x3F\x2D\xD1\xCC\x40\xA2\x89\x66\x48\x1E\x20\xB3\x9C\x23\x59\x73\xA9\x44\x73\xBC\x24\x79\x90\x56\x37\xB3\xC6\x29\x7E\xA3\x0F\xF1\x29\x39\xEF\x7E\x5C\x28\x32\x70\x35\xAC\xDA\xB8\xC8\x75\x66\xFC\x9B\x4C\x39\x47\x8E\x1B\x6F\x9B\x4D\x02\x54\x22\x33\xEF\x61\xBA\x9E\x29\x84\xEF\x4E\x4B\x33\x47\x76\x97\x6A\xCB\x7E\x5F\xFD\x15\xA6\x9E\x42\x43\x5B\x66\x5A\x8A\x88\x0D\xF7\x16\xB9\x3F\x51\x65\x2B\x66\x6A\x8B\xD1\x38\x52\xA2\xD6\x46\x11\xFA\xFC\x9A\x1C\x74\x9E\x8F\x97\x0B\x02\x4F\x64\xC6\xF5\x68\xD3\x4B\x2D\xFF\xA4\x37\x1E\x8B\x3F\xBF\x44\xBE\x61\x46\xA1\x84\x3D\x08\x27\x4C\x81\x20\x77\x89\x08\xEA\x67\x40\x5E\x6C\x08\x51\x5F\x34\x5A\x8C\x96\x68\xCD\xD7\xF7\x89\xC2\x1C\xD3\x32\x00\xAF\x52\xCB\xD3\x60\x5B\x2A\x3A\x47\x7E\x6B\x30\x33\xA1\x62\x29\x7F\x4A\xB9\xE1\x2D\xE7\x14\x23\x0E\x0E\x18\x47\xE1\x79\xFC\x15\x55\xD0\xB1\xFC\x25\x71\x63\x75\x33\x1C\x23\x2B\xAF\x5C\xD9\xED\x47\x77\x60\x0E\x3B\x0F\x1E\xD2\xC0\xDC\x64\x05\x89\xFC\x78\xD6\x5C\x2C\x26\x43\xA9",
 	["CN=TC TrustCenter Class 2 CA II,OU=TC TrustCenter Class 2 CA,O=TC TrustCenter GmbH,C=DE"] = "\x30\x82\x04\xAA\x30\x82\x03\x92\xA0\x03\x02\x01\x02\x02\x0E\x2E\x6A\x00\x01\x00\x02\x1F\xD7\x52\x21\x2C\x11\x5C\x3B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x76\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1C\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x41\x20\x49\x49\x30\x1E\x17\x0D\x30\x36\x30\x31\x31\x32\x31\x34\x33\x38\x34\x33\x5A\x17\x0D\x32\x35\x31\x32\x33\x31\x32\x32\x35\x39\x35\x39\x5A\x30\x76\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1C\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x41\x20\x49\x49\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAB\x80\x87\x9B\x8E\xF0\xC3\x7C\x87\xD7\xE8\x24\x82\x11\xB3\x3C\xDD\x43\x62\xEE\xF8\xC3\x45\xDA\xE8\xE1\xA0\x5F\xD1\x2A\xB2\xEA\x93\x68\xDF\xB4\xC8\xD6\x43\xE9\xC4\x75\x59\x7F\xFC\xE1\x1D\xF8\x31\x70\x23\x1B\x88\x9E\x27\xB9\x7B\xFD\x3A\xD2\xC9\xA9\xE9\x14\x2F\x90\xBE\x03\x52\xC1\x49\xCD\xF6\xFD\xE4\x08\x66\x0B\x57\x8A\xA2\x42\xA0\xB8\xD5\x7F\x69\x5C\x90\x32\xB2\x97\x0D\xCA\x4A\xDC\x46\x3E\x02\x55\x89\x53\xE3\x1A\x5A\xCB\x36\xC6\x07\x56\xF7\x8C\xCF\x11\xF4\x4C\xBB\x30\x70\x04\x95\xA5\xF6\x39\x8C\xFD\x73\x81\x08\x7D\x89\x5E\x32\x1E\x22\xA9\x22\x45\x4B\xB0\x66\x2E\x30\xCC\x9F\x65\xFD\xFC\xCB\x81\xA9\xF1\xE0\x3B\xAF\xA3\x86\xD1\x89\xEA\xC4\x45\x79\x50\x5D\xAE\xE9\x21\x74\x92\x4D\x8B\x59\x82\x8F\x94\xE3\xE9\x4A\xF1\xE7\x49\xB0\x14\xE3\xF5\x62\xCB\xD5\x72\xBD\x1F\xB9\xD2\x9F\xA0\xCD\xA8\xFA\x01\xC8\xD9\x0D\xDF\xDA\xFC\x47\x9D\xB3\xC8\x54\xDF\x49\x4A\xF1\x21\xA9\xFE\x18\x4E\xEE\x48\xD4\x19\xBB\xEF\x7D\xE4\xE2\x9D\xCB\x5B\xB6\x6E\xFF\xE3\xCD\x5A\xE7\x74\x82\x05\xBA\x80\x25\x38\xCB\xE4\x69\x9E\xAF\x41\xAA\x1A\x84\xF5\x02\x03\x01\x00\x01\xA3\x82\x01\x34\x30\x82\x01\x30\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE3\xAB\x54\x4C\x80\xA1\xDB\x56\x43\xB7\x91\x4A\xCB\xF3\x82\x7A\x13\x5C\x08\xAB\x30\x81\xED\x06\x03\x55\x1D\x1F\x04\x81\xE5\x30\x81\xE2\x30\x81\xDF\xA0\x81\xDC\xA0\x81\xD9\x86\x35\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x2F\x63\x72\x6C\x2F\x76\x32\x2F\x74\x63\x5F\x63\x6C\x61\x73\x73\x5F\x32\x5F\x63\x61\x5F\x49\x49\x2E\x63\x72\x6C\x86\x81\x9F\x6C\x64\x61\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x2F\x43\x4E\x3D\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x25\x32\x30\x43\x6C\x61\x73\x73\x25\x32\x30\x32\x25\x32\x30\x43\x41\x25\x32\x30\x49\x49\x2C\x4F\x3D\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x25\x32\x30\x47\x6D\x62\x48\x2C\x4F\x55\x3D\x72\x6F\x6F\x74\x63\x65\x72\x74\x73\x2C\x44\x43\x3D\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2C\x44\x43\x3D\x64\x65\x3F\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x52\x65\x76\x6F\x63\x61\x74\x69\x6F\x6E\x4C\x69\x73\x74\x3F\x62\x61\x73\x65\x3F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8C\xD7\xDF\x7E\xEE\x1B\x80\x10\xB3\x83\xF5\xDB\x11\xEA\x6B\x4B\xA8\x92\x18\xD9\xF7\x07\x39\xF5\x2C\xBE\x06\x75\x7A\x68\x53\x15\x1C\xEA\x4A\xED\x5E\xFC\x23\xB2\x13\xA0\xD3\x09\xFF\xF6\xF6\x2E\x6B\x41\x71\x79\xCD\xE2\x6D\xFD\xAE\x59\x6B\x85\x1D\xB8\x4E\x22\x9A\xED\x66\x39\x6E\x4B\x94\xE6\x55\xFC\x0B\x1B\x8B\x77\xC1\x53\x13\x66\x89\xD9\x28\xD6\x8B\xF3\x45\x4A\x63\xB7\xFD\x7B\x0B\x61\x5D\xB8\x6D\xBE\xC3\xDC\x5B\x79\xD2\xED\x86\xE5\xA2\x4D\xBE\x5E\x74\x7C\x6A\xED\x16\x38\x1F\x7F\x58\x81\x5A\x1A\xEB\x32\x88\x2D\xB2\xF3\x39\x77\x80\xAF\x5E\xB6\x61\x75\x29\xDB\x23\x4D\x88\xCA\x50\x28\xCB\x85\xD2\xD3\x10\xA2\x59\x6E\xD3\x93\x54\x00\x7A\xA2\x46\x95\x86\x05\x9C\xA9\x19\x98\xE5\x31\x72\x0C\x00\xE2\x67\xD9\x40\xE0\x24\x33\x7B\x6F\x2C\xB9\x5C\xAB\x65\x9D\x2C\xAC\x76\xEA\x35\x99\xF5\x97\xB9\x0F\x24\xEC\xC7\x76\x21\x28\x65\xAE\x57\xE8\x07\x88\x75\x4A\x56\xA0\xD2\x05\x3A\xA4\xE6\x8D\x92\x88\x2C\xF3\xF2\xE1\xC1\xC6\x61\xDB\x41\xC5\xC7\x9B\xF7\x0E\x1A\x51\x45\xC2\x61\x6B\xDC\x64\x27\x17\x8C\x5A\xB7\xDA\x74\x28\xCD\x97\xE4\xBD",
-	["CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE"] = "\x30\x82\x04\xAA\x30\x82\x03\x92\xA0\x03\x02\x01\x02\x02\x0E\x4A\x47\x00\x01\x00\x02\xE5\xA0\x5D\xD6\x3F\x00\x51\xBF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x76\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1C\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x20\x49\x49\x30\x1E\x17\x0D\x30\x36\x30\x31\x31\x32\x31\x34\x34\x31\x35\x37\x5A\x17\x0D\x32\x35\x31\x32\x33\x31\x32\x32\x35\x39\x35\x39\x5A\x30\x76\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1C\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x20\x49\x49\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB4\xE0\xBB\x51\xBB\x39\x5C\x8B\x04\xC5\x4C\x79\x1C\x23\x86\x31\x10\x63\x43\x55\x27\x3F\xC6\x45\xC7\xA4\x3D\xEC\x09\x0D\x1A\x1E\x20\xC2\x56\x1E\xDE\x1B\x37\x07\x30\x22\x2F\x6F\xF1\x06\xF1\xAB\xAD\xD6\xC8\xAB\x61\xA3\x2F\x43\xC4\xB0\xB2\x2D\xFC\xC3\x96\x69\x7B\x7E\x8A\xE4\xCC\xC0\x39\x12\x90\x42\x60\xC9\xCC\x35\x68\xEE\xDA\x5F\x90\x56\x5F\xCD\x1C\x4D\x5B\x58\x49\xEB\x0E\x01\x4F\x64\xFA\x2C\x3C\x89\x58\xD8\x2F\x2E\xE2\xB0\x68\xE9\x22\x3B\x75\x89\xD6\x44\x1A\x65\xF2\x1B\x97\x26\x1D\x28\x6D\xAC\xE8\xBD\x59\x1D\x2B\x24\xF6\xD6\x84\x03\x66\x88\x24\x00\x78\x60\xF1\xF8\xAB\xFE\x02\xB2\x6B\xFB\x22\xFB\x35\xE6\x16\xD1\xAD\xF6\x2E\x12\xE4\xFA\x35\x6A\xE5\x19\xB9\x5D\xDB\x3B\x1E\x1A\xFB\xD3\xFF\x15\x14\x08\xD8\x09\x6A\xBA\x45\x9D\x14\x79\x60\x7D\xAF\x40\x8A\x07\x73\xB3\x93\x96\xD3\x74\x34\x8D\x3A\x37\x29\xDE\x5C\xEC\xF5\xEE\x2E\x31\xC2\x20\xDC\xBE\xF1\x4F\x7F\x23\x52\xD9\x5B\xE2\x64\xD9\x9C\xAA\x07\x08\xB5\x45\xBD\xD1\xD0\x31\xC1\xAB\x54\x9F\xA9\xD2\xC3\x62\x60\x03\xF1\xBB\x39\x4A\x92\x4A\x3D\x0A\xB9\x9D\xC5\xA0\xFE\x37\x02\x03\x01\x00\x01\xA3\x82\x01\x34\x30\x82\x01\x30\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xD4\xA2\xFC\x9F\xB3\xC3\xD8\x03\xD3\x57\x5C\x07\xA4\xD0\x24\xA7\xC0\xF2\x00\xD4\x30\x81\xED\x06\x03\x55\x1D\x1F\x04\x81\xE5\x30\x81\xE2\x30\x81\xDF\xA0\x81\xDC\xA0\x81\xD9\x86\x35\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x2F\x63\x72\x6C\x2F\x76\x32\x2F\x74\x63\x5F\x63\x6C\x61\x73\x73\x5F\x33\x5F\x63\x61\x5F\x49\x49\x2E\x63\x72\x6C\x86\x81\x9F\x6C\x64\x61\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x2F\x43\x4E\x3D\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x25\x32\x30\x43\x6C\x61\x73\x73\x25\x32\x30\x33\x25\x32\x30\x43\x41\x25\x32\x30\x49\x49\x2C\x4F\x3D\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x25\x32\x30\x47\x6D\x62\x48\x2C\x4F\x55\x3D\x72\x6F\x6F\x74\x63\x65\x72\x74\x73\x2C\x44\x43\x3D\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2C\x44\x43\x3D\x64\x65\x3F\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x52\x65\x76\x6F\x63\x61\x74\x69\x6F\x6E\x4C\x69\x73\x74\x3F\x62\x61\x73\x65\x3F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x36\x60\xE4\x70\xF7\x06\x20\x43\xD9\x23\x1A\x42\xF2\xF8\xA3\xB2\xB9\x4D\x8A\xB4\xF3\xC2\x9A\x55\x31\x7C\xC4\x3B\x67\x9A\xB4\xDF\x4D\x0E\x8A\x93\x4A\x17\x8B\x1B\x8D\xCA\x89\xE1\xCF\x3A\x1E\xAC\x1D\xF1\x9C\x32\xB4\x8E\x59\x76\xA2\x41\x85\x25\x37\xA0\x13\xD0\xF5\x7C\x4E\xD5\xEA\x96\xE2\x6E\x72\xC1\xBB\x2A\xFE\x6C\x6E\xF8\x91\x98\x46\xFC\xC9\x1B\x57\x5B\xEA\xC8\x1A\x3B\x3F\xB0\x51\x98\x3C\x07\xDA\x2C\x59\x01\xDA\x8B\x44\xE8\xE1\x74\xFD\xA7\x68\xDD\x54\xBA\x83\x46\xEC\xC8\x46\xB5\xF8\xAF\x97\xC0\x3B\x09\x1C\x8F\xCE\x72\x96\x3D\x33\x56\x70\xBC\x96\xCB\xD8\xD5\x7D\x20\x9A\x83\x9F\x1A\xDC\x39\xF1\xC5\x72\xA3\x11\x03\xFD\x3B\x42\x52\x29\xDB\xE8\x01\xF7\x9B\x5E\x8C\xD6\x8D\x86\x4E\x19\xFA\xBC\x1C\xBE\xC5\x21\xA5\x87\x9E\x78\x2E\x36\xDB\x09\x71\xA3\x72\x34\xF8\x6C\xE3\x06\x09\xF2\x5E\x56\xA5\xD3\xDD\x98\xFA\xD4\xE6\x06\xF4\xF0\xB6\x20\x63\x4B\xEA\x29\xBD\xAA\x82\x66\x1E\xFB\x81\xAA\xA7\x37\xAD\x13\x18\xE6\x92\xC3\x81\xC1\x33\xBB\x88\x1E\xA1\xE7\xE2\xB4\xBD\x31\x6C\x0E\x51\x3D\x6F\xFB\x96\x56\x80\xE2\x36\x17\xD1\xDC\xE4",
 	["CN=TC TrustCenter Universal CA I,OU=TC TrustCenter Universal CA,O=TC TrustCenter GmbH,C=DE"] = "\x30\x82\x03\xDD\x30\x82\x02\xC5\xA0\x03\x02\x01\x02\x02\x0E\x1D\xA2\x00\x01\x00\x02\xEC\xB7\x60\x80\x78\x8D\xB6\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x79\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x47\x6D\x62\x48\x31\x24\x30\x22\x06\x03\x55\x04\x0B\x13\x1B\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x20\x49\x30\x1E\x17\x0D\x30\x36\x30\x33\x32\x32\x31\x35\x35\x34\x32\x38\x5A\x17\x0D\x32\x35\x31\x32\x33\x31\x32\x32\x35\x39\x35\x39\x5A\x30\x79\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x47\x6D\x62\x48\x31\x24\x30\x22\x06\x03\x55\x04\x0B\x13\x1B\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x20\x49\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA4\x77\x23\x96\x44\xAF\x90\xF4\x31\xA7\x10\xF4\x26\x87\x9C\xF3\x38\xD9\x0F\x5E\xDE\xCF\x41\xE8\x31\xAD\xC6\x74\x91\x24\x96\x78\x1E\x09\xA0\x9B\x9A\x95\x4A\x4A\xF5\x62\x7C\x02\xA8\xCA\xAC\xFB\x5A\x04\x76\x39\xDE\x5F\xF1\xF9\xB3\xBF\xF3\x03\x58\x55\xD2\xAA\xB7\xE3\x04\x22\xD1\xF8\x94\xDA\x22\x08\x00\x8D\xD3\x7C\x26\x5D\xCC\x77\x79\xE7\x2C\x78\x39\xA8\x26\x73\x0E\xA2\x5D\x25\x69\x85\x4F\x55\x0E\x9A\xEF\xC6\xB9\x44\xE1\x57\x3D\xDF\x1F\x54\x22\xE5\x6F\x65\xAA\x33\x84\x3A\xF3\xCE\x7A\xBE\x55\x97\xAE\x8D\x12\x0F\x14\x33\xE2\x50\x70\xC3\x49\x87\x13\xBC\x51\xDE\xD7\x98\x12\x5A\xEF\x3A\x83\x33\x92\x06\x75\x8B\x92\x7C\x12\x68\x7B\x70\x6A\x0F\xB5\x9B\xB6\x77\x5B\x48\x59\x9D\xE4\xEF\x5A\xAD\xF3\xC1\x9E\xD4\xD7\x45\x4E\xCA\x56\x34\x21\xBC\x3E\x17\x5B\x6F\x77\x0C\x48\x01\x43\x29\xB0\xDD\x3F\x96\x6E\xE6\x95\xAA\x0C\xC0\x20\xB6\xFD\x3E\x36\x27\x9C\xE3\x5C\xCF\x4E\x81\xDC\x19\xBB\x91\x90\x7D\xEC\xE6\x97\x04\x1E\x93\xCC\x22\x49\xD7\x97\x86\xB6\x13\x0A\x3C\x43\x23\x77\x7E\xF0\xDC\xE6\xCD\x24\x1F\x3B\x83\x9B\x34\x3A\x83\x34\xE3\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x92\xA4\x75\x2C\xA4\x9E\xBE\x81\x44\xEB\x79\xFC\x8A\xC5\x95\xA5\xEB\x10\x75\x73\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x92\xA4\x75\x2C\xA4\x9E\xBE\x81\x44\xEB\x79\xFC\x8A\xC5\x95\xA5\xEB\x10\x75\x73\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x28\xD2\xE0\x86\xD5\xE6\xF8\x7B\xF0\x97\xDC\x22\x6B\x3B\x95\x14\x56\x0F\x11\x30\xA5\x9A\x4F\x3A\xB0\x3A\xE0\x06\xCB\x65\xF5\xED\xC6\x97\x27\xFE\x25\xF2\x57\xE6\x5E\x95\x8C\x3E\x64\x60\x15\x5A\x7F\x2F\x0D\x01\xC5\xB1\x60\xFD\x45\x35\xCF\xF0\xB2\xBF\x06\xD9\xEF\x5A\xBE\xB3\x62\x21\xB4\xD7\xAB\x35\x7C\x53\x3E\xA6\x27\xF1\xA1\x2D\xDA\x1A\x23\x9D\xCC\xDD\xEC\x3C\x2D\x9E\x27\x34\x5D\x0F\xC2\x36\x79\xBC\xC9\x4A\x62\x2D\xED\x6B\xD9\x7D\x41\x43\x7C\xB6\xAA\xCA\xED\x61\xB1\x37\x82\x15\x09\x1A\x8A\x16\x30\xD8\xEC\xC9\xD6\x47\x72\x78\x4B\x10\x46\x14\x8E\x5F\x0E\xAF\xEC\xC7\x2F\xAB\x10\xD7\xB6\xF1\x6E\xEC\x86\xB2\xC2\xE8\x0D\x92\x73\xDC\xA2\xF4\x0F\x3A\xBF\x61\x23\x10\x89\x9C\x48\x40\x6E\x70\x00\xB3\xD3\xBA\x37\x44\x58\x11\x7A\x02\x6A\x88\xF0\x37\x34\xF0\x19\xE9\xAC\xD4\x65\x73\xF6\x69\x8C\x64\x94\x3A\x79\x85\x29\xB0\x16\x2B\x0C\x82\x3F\x06\x9C\xC7\xFD\x10\x2B\x9E\x0F\x2C\xB6\x9E\xE3\x15\xBF\xD9\x36\x1C\xBA\x25\x1A\x52\x3D\x1A\xEC\x22\x0C\x1C\xE0\xA4\xA2\x3D\xF0\xE8\x39\xCF\x81\xC0\x7B\xED\x5D\x1F\x6F\xC5\xD0\x0B\xD7\x98",
 	["CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE"] = "\x30\x82\x03\x9F\x30\x82\x02\x87\xA0\x03\x02\x01\x02\x02\x01\x26\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x71\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6C\x65\x6B\x6F\x6D\x20\x41\x47\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x54\x2D\x54\x65\x6C\x65\x53\x65\x63\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6E\x74\x65\x72\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1A\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6C\x65\x6B\x6F\x6D\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x1E\x17\x0D\x39\x39\x30\x37\x30\x39\x31\x32\x31\x31\x30\x30\x5A\x17\x0D\x31\x39\x30\x37\x30\x39\x32\x33\x35\x39\x30\x30\x5A\x30\x71\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6C\x65\x6B\x6F\x6D\x20\x41\x47\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x54\x2D\x54\x65\x6C\x65\x53\x65\x63\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6E\x74\x65\x72\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1A\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6C\x65\x6B\x6F\x6D\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAB\x0B\xA3\x35\xE0\x8B\x29\x14\xB1\x14\x85\xAF\x3C\x10\xE4\x39\x6F\x35\x5D\x4A\xAE\xDD\xEA\x61\x8D\x95\x49\xF4\x6F\x64\xA3\x1A\x60\x66\xA4\xA9\x40\x22\x84\xD9\xD4\xA5\xE5\x78\x93\x0E\x68\x01\xAD\xB9\x4D\x5C\x3A\xCE\xD3\xB8\xA8\x42\x40\xDF\xCF\xA3\xBA\x82\x59\x6A\x92\x1B\xAC\x1C\x9A\xDA\x08\x2B\x25\x27\xF9\x69\x23\x47\xF1\xE0\xEB\x2C\x7A\x9B\xF5\x13\x02\xD0\x7E\x34\x7C\xC2\x9E\x3C\x00\x59\xAB\xF5\xDA\x0C\xF5\x32\x3C\x2B\xAC\x50\xDA\xD6\xC3\xDE\x83\x94\xCA\xA8\x0C\x99\x32\x0E\x08\x48\x56\x5B\x6A\xFB\xDA\xE1\x58\x58\x01\x49\x5F\x72\x41\x3C\x15\x06\x01\x8E\x5D\xAD\xAA\xB8\x93\xB4\xCD\x9E\xEB\xA7\xE8\x6A\x2D\x52\x34\xDB\x3A\xEF\x5C\x75\x51\xDA\xDB\xF3\x31\xF9\xEE\x71\x98\x32\xC4\x54\x15\x44\x0C\xF9\x9B\x55\xED\xAD\xDF\x18\x08\xA0\xA3\x86\x8A\x49\xEE\x53\x05\x8F\x19\x4C\xD5\xDE\x58\x79\x9B\xD2\x6A\x1C\x42\xAB\xC5\xD5\xA7\xCF\x68\x0F\x96\xE4\xE1\x61\x98\x76\x61\xC8\x91\x7C\xD6\x3E\x00\xE2\x91\x50\x87\xE1\x9D\x0A\xE6\xAD\x97\xD2\x1D\xC6\x3A\x7D\xCB\xBC\xDA\x03\x34\xD5\x8E\x5B\x01\xF5\x6A\x07\xB7\x16\xB6\x6E\x4A\x7F\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x31\xC3\x79\x1B\xBA\xF5\x53\xD7\x17\xE0\x89\x7A\x2D\x17\x6C\x0A\xB3\x2B\x9D\x33\x30\x0F\x06\x03\x55\x1D\x13\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x05\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x94\x64\x59\xAD\x39\x64\xE7\x29\xEB\x13\xFE\x5A\xC3\x8B\x13\x57\xC8\x04\x24\xF0\x74\x77\xC0\x60\xE3\x67\xFB\xE9\x89\xA6\x83\xBF\x96\x82\x7C\x6E\xD4\xC3\x3D\xEF\x9E\x80\x6E\xBB\x29\xB4\x98\x7A\xB1\x3B\x54\xEB\x39\x17\x47\x7E\x1A\x8E\x0B\xFC\x1F\x31\x59\x31\x04\xB2\xCE\x17\xF3\x2C\xC7\x62\x36\x55\xE2\x22\xD8\x89\x55\xB4\x98\x48\xAA\x64\xFA\xD6\x1C\x36\xD8\x44\x78\x5A\x5A\x23\x3A\x57\x97\xF5\x7A\x30\x4F\xAE\x9F\x6A\x4C\x4B\x2B\x8E\xA0\x03\xE3\x3E\xE0\xA9\xD4\xD2\x7B\xD2\xB3\xA8\xE2\x72\x3C\xAD\x9E\xFF\x80\x59\xE4\x9B\x45\xB4\xF6\x3B\xB0\xCD\x39\x19\x98\x32\xE5\xEA\x21\x61\x90\xE4\x31\x21\x8E\x34\xB1\xF7\x2F\x35\x4A\x85\x10\xDA\xE7\x8A\x37\x21\xBE\x59\x63\xE0\xF2\x85\x88\x31\x53\xD4\x54\x14\x85\x70\x79\xF4\x2E\x06\x77\x27\x75\x2F\x1F\xB8\x8A\xF9\xFE\xC5\xBA\xD8\x36\xE4\x83\xEC\xE7\x65\xB7\xBF\x63\x5A\xF3\x46\xAF\x81\x94\x37\xD4\x41\x8C\xD6\x23\xD6\x1E\xCF\xF5\x68\x1B\x44\x63\xA2\x5A\xBA\xA7\x35\x59\xA1\xE5\x70\x05\x9B\x0E\x23\x57\x99\x94\x0A\x6D\xBA\x39\x63\x28\x86\x92\xF3\x18\x84\xD8\xFB\xD1\xCF\x05\x56\x64\x57",
 	["C=IL,O=ComSign,CN=ComSign Secured CA"] = "\x30\x82\x03\xAB\x30\x82\x02\x93\xA0\x03\x02\x01\x02\x02\x11\x00\xC7\x28\x47\x09\xB3\xB8\x6C\x45\x8C\x1D\xFA\x24\xF5\x36\x4E\xE9\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x3C\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x43\x6F\x6D\x53\x69\x67\x6E\x20\x53\x65\x63\x75\x72\x65\x64\x20\x43\x41\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x43\x6F\x6D\x53\x69\x67\x6E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4C\x30\x1E\x17\x0D\x30\x34\x30\x33\x32\x34\x31\x31\x33\x37\x32\x30\x5A\x17\x0D\x32\x39\x30\x33\x31\x36\x31\x35\x30\x34\x35\x36\x5A\x30\x3C\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x43\x6F\x6D\x53\x69\x67\x6E\x20\x53\x65\x63\x75\x72\x65\x64\x20\x43\x41\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x43\x6F\x6D\x53\x69\x67\x6E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4C\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC6\xB5\x68\x5F\x1D\x94\x15\xC3\xA4\x08\x55\x2D\xE3\xA0\x57\x7A\xEF\xE9\x74\x2A\xBB\xB9\x7C\x57\x49\x1A\x11\x5E\x4F\x29\x87\x0C\x48\xD6\x6A\xE7\x8F\xD4\x7E\x57\x24\xB9\x06\x89\xE4\x1C\x3C\xEA\xAC\xE3\xDA\x21\x80\x73\x21\x0A\xEF\x79\x98\x6C\x1F\x08\xFF\xA1\x50\x7D\xF2\x98\x1B\xC9\x54\x6F\x3E\xA5\x28\xEC\x21\x04\x0F\x45\xBB\x07\x3D\xA1\xC0\xFA\x2A\x98\x1D\x4E\x06\x93\xFB\xF5\x88\x3B\xAB\x5F\xCB\x16\xBF\xE6\xF3\x9E\x4A\x87\xED\x19\xEA\xC2\x9F\x43\xE4\xF1\x81\xA5\x7F\x10\x4F\x3E\xD1\x4A\x62\xAD\x53\x1B\xCB\x83\xFF\x07\x65\xA5\x92\x2D\x66\xA9\x5B\xB8\x5A\xF4\x1D\xB4\x21\x91\x4A\x17\x7B\x9E\x32\xFE\x56\x24\x39\xB2\x54\x84\x43\xF5\x84\xC2\xD8\xBC\x41\x90\xCC\x9D\xD6\x68\xDA\xE9\x82\x50\xA9\x3B\x68\xCF\xB5\x5D\x02\x94\x60\x16\xB1\x43\xD9\x43\x5D\xDD\x5D\x87\x6E\xEA\xBB\xB3\xC9\x6B\xF6\x03\x94\x09\x70\xDE\x16\x11\x7A\x2B\xE8\x76\x8F\x49\x10\x98\x77\xB9\x63\x5C\x8B\x33\x97\x75\xF6\x0B\x8C\xB2\xAB\x5B\xDE\x74\x20\x25\x3F\xE3\xF3\x11\xF9\x87\x68\x86\x35\x71\xC3\x1D\x8C\x2D\xEB\xE5\x1A\xAC\x0F\x73\xD5\x82\x59\x40\x80\xD3\x02\x03\x01\x00\x01\xA3\x81\xA7\x30\x81\xA4\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x44\x06\x03\x55\x1D\x1F\x04\x3D\x30\x3B\x30\x39\xA0\x37\xA0\x35\x86\x33\x68\x74\x74\x70\x3A\x2F\x2F\x66\x65\x64\x69\x72\x2E\x63\x6F\x6D\x73\x69\x67\x6E\x2E\x63\x6F\x2E\x69\x6C\x2F\x63\x72\x6C\x2F\x43\x6F\x6D\x53\x69\x67\x6E\x53\x65\x63\x75\x72\x65\x64\x43\x41\x2E\x63\x72\x6C\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xC1\x4B\xED\x70\xB6\xF7\x3E\x7C\x00\x3B\x00\x8F\xC7\x3E\x0E\x45\x9F\x1E\x5D\xEC\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xC1\x4B\xED\x70\xB6\xF7\x3E\x7C\x00\x3B\x00\x8F\xC7\x3E\x0E\x45\x9F\x1E\x5D\xEC\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x16\xCF\xEE\x92\x13\x50\xAB\x7B\x14\x9E\x33\xB6\x42\x20\x6A\xD4\x15\xBD\x09\xAB\xFC\x72\xE8\xEF\x47\x7A\x90\xAC\x51\xC1\x64\x4E\xE9\x88\xBD\x43\x45\x81\xE3\x66\x23\x3F\x12\x86\x4D\x19\xE4\x05\xB0\xE6\x37\xC2\x8D\xDA\x06\x28\xC9\x0F\x89\xA4\x53\xA9\x75\x3F\xB0\x96\xFB\xAB\x4C\x33\x55\xF9\x78\x26\x46\x6F\x1B\x36\x98\xFB\x42\x76\xC1\x82\xB9\x8E\xDE\xFB\x45\xF9\x63\x1B\x62\x3B\x39\x06\xCA\x77\x7A\xA8\x3C\x09\xCF\x6C\x36\x3D\x0F\x0A\x45\x4B\x69\x16\x1A\x45\x7D\x33\x03\x65\xF9\x52\x71\x90\x26\x95\xAC\x4C\x0C\xF5\x8B\x93\x3F\xCC\x75\x74\x85\x98\xBA\xFF\x62\x7A\x4D\x1F\x89\xFE\xAE\xBD\x94\x00\x99\xBF\x11\xA5\xDC\xE0\x79\xC5\x16\x0B\x7D\x02\x61\x1D\xEA\x85\xF9\x02\x15\x4F\xE7\x5A\x89\x4E\x14\x6F\xE3\x37\x4B\x85\xF5\xC1\x3C\x61\xE0\xFD\x05\x41\xB2\x92\x7F\xC3\x1D\xA0\xD0\xAE\x52\x64\x60\x6B\x18\xC6\x26\x9C\xD8\xF5\x64\xE4\x36\x1A\x62\x9F\x8A\x0F\x3E\xFF\x6D\x4E\x19\x56\x4E\x20\x91\x6C\x9F\x34\x33\x3A\x34\x57\x50\x3A\x6F\x81\x5E\x06\xC6\xF5\x3E\x7C\x4E\x8E\x2B\xCE\x65\x06\x2E\x5D\xD2\x2A\x53\x74\x5E\xD3\x6E\x27\x9E\x8F",
@@ -155,4 +143,26 @@ redef root_certs += {
 	["CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu\C4\9Fra EBG Bili\C5\9Fim Teknolojileri ve Hizmetleri A.\C5\9E.,L=Ankara,C=TR"] = "\x30\x82\x06\x4B\x30\x82\x04\x33\xA0\x03\x02\x01\x02\x02\x08\x6A\x68\x3E\x9C\x51\x9B\xCB\x53\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\xB2\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x0C\x06\x41\x6E\x6B\x61\x72\x61\x31\x40\x30\x3E\x06\x03\x55\x04\x0A\x0C\x37\x45\x2D\x54\x75\xC4\x9F\x72\x61\x20\x45\x42\x47\x20\x42\x69\x6C\x69\xC5\x9F\x69\x6D\x20\x54\x65\x6B\x6E\x6F\x6C\x6F\x6A\x69\x6C\x65\x72\x69\x20\x76\x65\x20\x48\x69\x7A\x6D\x65\x74\x6C\x65\x72\x69\x20\x41\x2E\xC5\x9E\x2E\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x0C\x1D\x45\x2D\x54\x75\x67\x72\x61\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x73\x79\x6F\x6E\x20\x4D\x65\x72\x6B\x65\x7A\x69\x31\x28\x30\x26\x06\x03\x55\x04\x03\x0C\x1F\x45\x2D\x54\x75\x67\x72\x61\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x31\x33\x30\x33\x30\x35\x31\x32\x30\x39\x34\x38\x5A\x17\x0D\x32\x33\x30\x33\x30\x33\x31\x32\x30\x39\x34\x38\x5A\x30\x81\xB2\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x0C\x06\x41\x6E\x6B\x61\x72\x61\x31\x40\x30\x3E\x06\x03\x55\x04\x0A\x0C\x37\x45\x2D\x54\x75\xC4\x9F\x72\x61\x20\x45\x42\x47\x20\x42\x69\x6C\x69\xC5\x9F\x69\x6D\x20\x54\x65\x6B\x6E\x6F\x6C\x6F\x6A\x69\x6C\x65\x72\x69\x20\x76\x65\x20\x48\x69\x7A\x6D\x65\x74\x6C\x65\x72\x69\x20\x41\x2E\xC5\x9E\x2E\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x0C\x1D\x45\x2D\x54\x75\x67\x72\x61\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x73\x79\x6F\x6E\x20\x4D\x65\x72\x6B\x65\x7A\x69\x31\x28\x30\x26\x06\x03\x55\x04\x03\x0C\x1F\x45\x2D\x54\x75\x67\x72\x61\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xE2\xF5\x3F\x93\x05\x51\x1E\x85\x62\x54\x5E\x7A\x0B\xF5\x18\x07\x83\xAE\x7E\xAF\x7C\xF7\xD4\x8A\x6B\xA5\x63\x43\x39\xB9\x4B\xF7\xC3\xC6\x64\x89\x3D\x94\x2E\x54\x80\x52\x39\x39\x07\x4B\x4B\xDD\x85\x07\x76\x87\xCC\xBF\x2F\x95\x4C\xCC\x7D\xA7\x3D\xBC\x47\x0F\x98\x70\xF8\x8C\x85\x1E\x74\x8E\x92\x6D\x1B\x40\xD1\x99\x0D\xBB\x75\x6E\xC8\xA9\x6B\x9A\xC0\x84\x31\xAF\xCA\x43\xCB\xEB\x2B\x34\xE8\x8F\x97\x6B\x01\x9B\xD5\x0E\x4A\x08\xAA\x5B\x92\x74\x85\x43\xD3\x80\xAE\xA1\x88\x5B\xAE\xB3\xEA\x5E\xCB\x16\x9A\x77\x44\xC8\xA1\xF6\x54\x68\xCE\xDE\x8F\x97\x2B\xBA\x5B\x40\x02\x0C\x64\x17\xC0\xB5\x93\xCD\xE1\xF1\x13\x66\xCE\x0C\x79\xEF\xD1\x91\x28\xAB\x5F\xA0\x12\x52\x30\x73\x19\x8E\x8F\xE1\x8C\x07\xA2\xC3\xBB\x4A\xF0\xEA\x1F\x15\xA8\xEE\x25\xCC\xA4\x46\xF8\x1B\x22\xEF\xB3\x0E\x43\xBA\x2C\x24\xB8\xC5\x2C\x5C\xD4\x1C\xF8\x5D\x64\xBD\xC3\x93\x5E\x28\xA7\x3F\x27\xF1\x8E\x1E\xD3\x2A\x50\x05\xA3\x55\xD9\xCB\xE7\x39\x53\xC0\x98\x9E\x8C\x54\x62\x8B\x26\xB0\xF7\x7D\x8D\x7C\xE4\xC6\x9E\x66\x42\x55\x82\x47\xE7\xB2\x58\x8D\x66\xF7\x07\x7C\x2E\x36\xE6\x50\x1C\x3F\xDB\x43\x24\xC5\xBF\x86\x47\x79\xB3\x79\x1C\xF7\x5A\xF4\x13\xEC\x6C\xF8\x3F\xE2\x59\x1F\x95\xEE\x42\x3E\xB9\xAD\xA8\x32\x85\x49\x97\x46\xFE\x4B\x31\x8F\x5A\xCB\xAD\x74\x47\x1F\xE9\x91\xB7\xDF\x28\x04\x22\xA0\xD4\x0F\x5D\xE2\x79\x4F\xEA\x6C\x85\x86\xBD\xA8\xA6\xCE\xE4\xFA\xC3\xE1\xB3\xAE\xDE\x3C\x51\xEE\xCB\x13\x7C\x01\x7F\x84\x0E\x5D\x51\x94\x9E\x13\x0C\xB6\x2E\xA5\x4C\xF9\x39\x70\x36\x6F\x96\xCA\x2E\x0C\x44\x55\xC5\xCA\xFA\x5D\x02\xA3\xDF\xD6\x64\x8C\x5A\xB3\x01\x0A\xA9\xB5\x0A\x47\x17\xFF\xEF\x91\x40\x2A\x8E\xA1\x46\x3A\x31\x98\xE5\x11\xFC\xCC\xBB\x49\x56\x8A\xFC\xB9\xD0\x61\x9A\x6F\x65\x6C\xE6\xC3\xCB\x3E\x75\x49\xFE\x8F\xA7\xE2\x89\xC5\x67\xD7\x9D\x46\x13\x4E\x31\x76\x3B\x24\xB3\x9E\x11\x65\x86\xAB\x7F\xEF\x1D\xD4\xF8\xBC\xE7\xAC\x5A\x5C\xB7\x5A\x47\x5C\x55\xCE\x55\xB4\x22\x71\x5B\x5B\x0B\xF0\xCF\xDC\xA0\x61\x64\xEA\xA9\xD7\x68\x0A\x63\xA7\xE0\x0D\x3F\xA0\xAF\xD3\xAA\xD2\x7E\xEF\x51\xA0\xE6\x51\x2B\x55\x92\x15\x17\x53\xCB\xB7\x66\x0E\x66\x4C\xF8\xF9\x75\x4C\x90\xE7\x12\x70\xC7\x45\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x2E\xE3\xDB\xB2\x49\xD0\x9C\x54\x79\x5C\xFA\x27\x2A\xFE\xCC\x4E\xD2\xE8\x4E\x54\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x2E\xE3\xDB\xB2\x49\xD0\x9C\x54\x79\x5C\xFA\x27\x2A\xFE\xCC\x4E\xD2\xE8\x4E\x54\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x05\x37\x3A\xF4\x4D\xB7\x45\xE2\x45\x75\x24\x8F\xB6\x77\x52\xE8\x1C\xD8\x10\x93\x65\xF3\xF2\x59\x06\xA4\x3E\x1E\x29\xEC\x5D\xD1\xD0\xAB\x7C\xE0\x0A\x90\x48\x78\xED\x4E\x98\x03\x99\xFE\x28\x60\x91\x1D\x30\x1D\xB8\x63\x7C\xA8\xE6\x35\xB5\xFA\xD3\x61\x76\xE6\xD6\x07\x4B\xCA\x69\x9A\xB2\x84\x7A\x77\x93\x45\x17\x15\x9F\x24\xD0\x98\x13\x12\xFF\xBB\xA0\x2E\xFD\x4E\x4C\x87\xF8\xCE\x5C\xAA\x98\x1B\x05\xE0\x00\x46\x4A\x82\x80\xA5\x33\x8B\x28\xDC\xED\x38\xD3\xDF\xE5\x3E\xE9\xFE\xFB\x59\xDD\x61\x84\x4F\xD2\x54\x96\x13\x61\x13\x3E\x8F\x80\x69\xBE\x93\x47\xB5\x35\x43\xD2\x5A\xBB\x3D\x5C\xEF\xB3\x42\x47\xCD\x3B\x55\x13\x06\xB0\x09\xDB\xFD\x63\xF6\x3A\x88\x0A\x99\x6F\x7E\xE1\xCE\x1B\x53\x6A\x44\x66\x23\x51\x08\x7B\xBC\x5B\x52\xA2\xFD\x06\x37\x38\x40\x61\x8F\x4A\x96\xB8\x90\x37\xF8\x66\xC7\x78\x90\x00\x15\x2E\x8B\xAD\x51\x35\x53\x07\xA8\x6B\x68\xAE\xF9\x4E\x3C\x07\x26\xCD\x08\x05\x70\xCC\x39\x3F\x76\xBD\xA5\xD3\x67\x26\x01\x86\xA6\x53\xD2\x60\x3B\x7C\x43\x7F\x55\x8A\xBC\x95\x1A\xC1\x28\x39\x4C\x1F\x43\xD2\x91\xF4\x72\x59\x8A\xB9\x56\xFC\x3F\xB4\x9D\xDA\x70\x9C\x76\x5A\x8C\x43\x50\xEE\x8E\x30\x72\x4D\xDF\xFF\x49\xF7\xC6\xA9\x67\xD9\x6D\xAC\x02\x11\xE2\x3A\x16\x25\xA7\x58\x08\xCB\x6F\x53\x41\x9C\x48\x38\x47\x68\x33\xD1\xD7\xC7\x8F\xD4\x74\x21\xD4\xC3\x05\x90\x7A\xFF\xCE\x96\x88\xB1\x15\x29\x5D\x23\xAB\xD0\x60\xA1\x12\x4F\xDE\xF4\x17\xCD\x32\xE5\xC9\xBF\xC8\x43\xAD\xFD\x2E\x8E\xF1\xAF\xE2\xF4\x98\xFA\x12\x1F\x20\xD8\xC0\xA7\x0C\x85\xC5\x90\xF4\x3B\x2D\x96\x26\xB1\x2C\xBE\x4C\xAB\xEB\xB1\xD2\x8A\xC9\xDB\x78\x13\x0F\x1E\x09\x9D\x6D\x8F\x00\x9F\x02\xDA\xC1\xFA\x1F\x7A\x7A\x09\xC4\x4A\xE6\x88\x2A\x97\x9F\x89\x8B\xFD\x37\x5F\x5F\x3A\xCE\x38\x59\x86\x4B\xAF\x71\x0B\xB4\xD8\xF2\x70\x4F\x9F\x32\x13\xE3\xB0\xA7\x57\xE5\xDA\xDA\x43\xCB\x84\x34\xF2\x28\xC4\xEA\x6D\xF4\x2A\xEF\xC1\x6B\x76\xDA\xFB\x7E\xBB\x85\x3C\xD2\x53\xC2\x4D\xBE\x71\xE1\x45\xD1\xFD\x23\x67\x0D\x13\x75\xFB\xCF\x65\x67\x22\x9D\xAE\xB0\x09\xD1\x09\xFF\x1D\x34\xBF\xFE\x23\x97\x37\xD2\x39\xFA\x3D\x0D\x06\x0B\xB4\xDB\x3B\xA3\xAB\x6F\x5C\x1D\xB6\x7E\xE8\xB3\x82\x34\xED\x06\x5C\x24",
 	["CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE"] = "\x30\x82\x03\xC3\x30\x82\x02\xAB\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x2B\x30\x29\x06\x03\x55\x04\x0A\x0C\x22\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x45\x6E\x74\x65\x72\x70\x72\x69\x73\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x47\x6D\x62\x48\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x0C\x16\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6E\x74\x65\x72\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0C\x1C\x54\x2D\x54\x65\x6C\x65\x53\x65\x63\x20\x47\x6C\x6F\x62\x61\x6C\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x32\x30\x1E\x17\x0D\x30\x38\x31\x30\x30\x31\x31\x30\x34\x30\x31\x34\x5A\x17\x0D\x33\x33\x31\x30\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x2B\x30\x29\x06\x03\x55\x04\x0A\x0C\x22\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x45\x6E\x74\x65\x72\x70\x72\x69\x73\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x47\x6D\x62\x48\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x0C\x16\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6E\x74\x65\x72\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0C\x1C\x54\x2D\x54\x65\x6C\x65\x53\x65\x63\x20\x47\x6C\x6F\x62\x61\x6C\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAA\x5F\xDA\x1B\x5F\xE8\x73\x91\xE5\xDA\x5C\xF4\xA2\xE6\x47\xE5\xF3\x68\x55\x60\x05\x1D\x02\xA4\xB3\x9B\x59\xF3\x1E\x8A\xAF\x34\xAD\xFC\x0D\xC2\xD9\x48\x19\xEE\x69\x8F\xC9\x20\xFC\x21\xAA\x07\x19\xED\xB0\x5C\xAC\x65\xC7\x5F\xED\x02\x7C\x7B\x7C\x2D\x1B\xD6\xBA\xB9\x80\xC2\x18\x82\x16\x84\xFA\x66\xB0\x08\xC6\x54\x23\x81\xE4\xCD\xB9\x49\x3F\xF6\x4F\x6E\x37\x48\x28\x38\x0F\xC5\xBE\xE7\x68\x70\xFD\x39\x97\x4D\xD2\xC7\x98\x91\x50\xAA\xC4\x44\xB3\x23\x7D\x39\x47\xE9\x52\x62\xD6\x12\x93\x5E\xB7\x31\x96\x42\x05\xFB\x76\xA7\x1E\xA3\xF5\xC2\xFC\xE9\x7A\xC5\x6C\xA9\x71\x4F\xEA\xCB\x78\xBC\x60\xAF\xC7\xDE\xF4\xD9\xCB\xBE\x7E\x33\xA5\x6E\x94\x83\xF0\x34\xFA\x21\xAB\xEA\x8E\x72\xA0\x3F\xA4\xDE\x30\x5B\xEF\x86\x4D\x6A\x95\x5B\x43\x44\xA8\x10\x15\x1C\xE5\x01\x57\xC5\x98\xF1\xE6\x06\x28\x91\xAA\x20\xC5\xB7\x53\x26\x51\x43\xB2\x0B\x11\x95\x58\xE1\xC0\x0F\x76\xD9\xC0\x8D\x7C\x81\xF3\x72\x70\x9E\x6F\xFE\x1A\x8E\xD9\x5F\x35\xC6\xB2\x6F\x34\x7C\xBE\x48\x4F\xE2\x5A\x39\xD7\xD8\x9D\x78\x9E\x9F\x86\x3E\x03\x5E\x19\x8B\x44\xA2\xD5\xC7\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xBF\x59\x20\x36\x00\x79\xA0\xA0\x22\x6B\x8C\xD5\xF2\x61\xD2\xB8\x2C\xCB\x82\x4A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x31\x03\xA2\x61\x0B\x1F\x74\xE8\x72\x36\xC6\x6D\xF9\x4D\x9E\xFA\x22\xA8\xE1\x81\x56\xCF\xCD\xBB\x9F\xEA\xAB\x91\x19\x38\xAF\xAA\x7C\x15\x4D\xF3\xB6\xA3\x8D\xA5\xF4\x8E\xF6\x44\xA9\xA7\xE8\x21\x95\xAD\x3E\x00\x62\x16\x88\xF0\x02\xBA\xFC\x61\x23\xE6\x33\x9B\x30\x7A\x6B\x36\x62\x7B\xAD\x04\x23\x84\x58\x65\xE2\xDB\x2B\x8A\xE7\x25\x53\x37\x62\x53\x5F\xBC\xDA\x01\x62\x29\xA2\xA6\x27\x71\xE6\x3A\x22\x7E\xC1\x6F\x1D\x95\x70\x20\x4A\x07\x34\xDF\xEA\xFF\x15\x80\xE5\xBA\xD7\x7A\xD8\x5B\x75\x7C\x05\x7A\x29\x47\x7E\x40\xA8\x31\x13\x77\xCD\x40\x3B\xB4\x51\x47\x7A\x2E\x11\xE3\x47\x11\xDE\x9D\x66\xD0\x8B\xD5\x54\x66\xFA\x83\x55\xEA\x7C\xC2\x29\x89\x1B\xE9\x6F\xB3\xCE\xE2\x05\x84\xC9\x2F\x3E\x78\x85\x62\x6E\xC9\x5F\xC1\x78\x63\x74\x58\xC0\x48\x18\x0C\x99\x39\xEB\xA4\xCC\x1A\xB5\x79\x5A\x8D\x15\x9C\xD8\x14\x0D\xF6\x7A\x07\x57\xC7\x22\x83\x05\x2D\x3C\x9B\x25\x26\x3D\x18\xB3\xA9\x43\x7C\xC8\xC8\xAB\x64\x8F\x0E\xA3\xBF\x9C\x1B\x9D\x30\xDB\xDA\xD0\x19\x2E\xAA\x3C\xF1\xFB\x33\x80\x76\xE4\xCD\xAD\x19\x4F\x05\x27\x8E\x13\xA1\x6E\xC2",
 	["C=DE,O=Atos,CN=Atos TrustedRoot 2011"] = "\x30\x82\x03\x77\x30\x82\x02\x5F\xA0\x03\x02\x01\x02\x02\x08\x5C\x33\xCB\x62\x2C\x5F\xB3\x32\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x3C\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x0C\x15\x41\x74\x6F\x73\x20\x54\x72\x75\x73\x74\x65\x64\x52\x6F\x6F\x74\x20\x32\x30\x31\x31\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x0C\x04\x41\x74\x6F\x73\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x30\x1E\x17\x0D\x31\x31\x30\x37\x30\x37\x31\x34\x35\x38\x33\x30\x5A\x17\x0D\x33\x30\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x3C\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x0C\x15\x41\x74\x6F\x73\x20\x54\x72\x75\x73\x74\x65\x64\x52\x6F\x6F\x74\x20\x32\x30\x31\x31\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x0C\x04\x41\x74\x6F\x73\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x95\x85\x3B\x97\x6F\x2A\x3B\x2E\x3B\xCF\xA6\xF3\x29\x35\xBE\xCF\x18\xAC\x3E\xAA\xD9\xF8\x4D\xA0\x3E\x1A\x47\xB9\xBC\x9A\xDF\xF2\xFE\xCC\x3E\x47\xE8\x7A\x96\xC2\x24\x8E\x35\xF4\xA9\x0C\xFC\x82\xFD\x6D\xC1\x72\x62\x27\xBD\xEA\x6B\xEB\xE7\x8A\xCC\x54\x3E\x90\x50\xCF\x80\xD4\x95\xFB\xE8\xB5\x82\xD4\x14\xC5\xB6\xA9\x55\x25\x57\xDB\xB1\x50\xF6\xB0\x60\x64\x59\x7A\x69\xCF\x03\xB7\x6F\x0D\xBE\xCA\x3E\x6F\x74\x72\xEA\xAA\x30\x2A\x73\x62\xBE\x49\x91\x61\xC8\x11\xFE\x0E\x03\x2A\xF7\x6A\x20\xDC\x02\x15\x0D\x5E\x15\x6A\xFC\xE3\x82\xC1\xB5\xC5\x9D\x64\x09\x6C\xA3\x59\x98\x07\x27\xC7\x1B\x96\x2B\x61\x74\x71\x6C\x43\xF1\xF7\x35\x89\x10\xE0\x9E\xEC\x55\xA1\x37\x22\xA2\x87\x04\x05\x2C\x47\x7D\xB4\x1C\xB9\x62\x29\x66\x28\xCA\xB7\xE1\x93\xF5\xA4\x94\x03\x99\xB9\x70\x85\xB5\xE6\x48\xEA\x8D\x50\xFC\xD9\xDE\xCC\x6F\x07\x0E\xDD\x0B\x72\x9D\x80\x30\x16\x07\x95\x3F\x28\x0E\xFD\xC5\x75\x4F\x53\xD6\x74\x9A\xB4\x24\x2E\x8E\x02\x91\xCF\x76\xC5\x9B\x1E\x55\x74\x9C\x78\x21\xB1\xF0\x2D\xF1\x0B\x9F\xC2\xD5\x96\x18\x1F\xF0\x54\x22\x7A\x8C\x07\x02\x03\x01\x00\x01\xA3\x7D\x30\x7B\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA7\xA5\x06\xB1\x2C\xA6\x09\x60\xEE\xD1\x97\xE9\x70\xAE\xBC\x3B\x19\x6C\xDB\x21\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xA7\xA5\x06\xB1\x2C\xA6\x09\x60\xEE\xD1\x97\xE9\x70\xAE\xBC\x3B\x19\x6C\xDB\x21\x30\x18\x06\x03\x55\x1D\x20\x04\x11\x30\x0F\x30\x0D\x06\x0B\x2B\x06\x01\x04\x01\xB0\x2D\x03\x04\x01\x01\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x26\x77\x34\xDB\x94\x48\x86\x2A\x41\x9D\x2C\x3E\x06\x90\x60\xC4\x8C\xAC\x0B\x54\xB8\x1F\xB9\x7B\xD3\x07\x39\xE4\xFA\x3E\x7B\xB2\x3D\x4E\xED\x9F\x23\xBD\x97\xF3\x6B\x5C\xEF\xEE\xFD\x40\xA6\xDF\xA1\x93\xA1\x0A\x86\xAC\xEF\x20\xD0\x79\x01\xBD\x78\xF7\x19\xD8\x24\x31\x34\x04\x01\xA6\xBA\x15\x9A\xC3\x27\xDC\xD8\x4F\x0F\xCC\x18\x63\xFF\x99\x0F\x0E\x91\x6B\x75\x16\xE1\x21\xFC\xD8\x26\xC7\x47\xB7\xA6\xCF\x58\x72\x71\x7E\xBA\xE1\x4D\x95\x47\x3B\xC9\xAF\x6D\xA1\xB4\xC1\xEC\x89\xF6\xB4\x0F\x38\xB5\xE2\x64\xDC\x25\xCF\xA6\xDB\xEB\x9A\x5C\x99\xA1\xC5\x08\xDE\xFD\xE6\xDA\xD5\xD6\x5A\x45\x0C\xC4\xB7\xC2\xB5\x14\xEF\xB4\x11\xFF\x0E\x15\xB5\xF5\xF5\xDB\xC6\xBD\xEB\x5A\xA7\xF0\x56\x22\xA9\x3C\x65\x54\xC6\x15\xA8\xBD\x86\x9E\xCD\x83\x96\x68\x7A\x71\x81\x89\xE1\x0B\xE1\xEA\x11\x1B\x68\x08\xCC\x69\x9E\xEC\x9E\x41\x9E\x44\x32\x26\x7A\xE2\x87\x0A\x71\x3D\xEB\xE4\x5A\xA4\xD2\xDB\xC5\xCD\xC6\xDE\x60\x7F\xB9\xF3\x4F\x44\x92\xEF\x2A\xB7\x18\x3E\xA7\x19\xD9\x0B\x7D\xB1\x37\x41\x42\xB0\xBA\x60\x1D\xF2\xFE\x09\x11\xB0\xF0\x87\x7B\xA7\x9D",
+	["CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM"] = "\x30\x82\x05\x60\x30\x82\x03\x48\xA0\x03\x02\x01\x02\x02\x14\x78\x58\x5F\x2E\xAD\x2C\x19\x4B\xE3\x37\x07\x35\x34\x13\x28\xB5\x96\xD4\x65\x93\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x48\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x13\x15\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x31\x20\x47\x33\x30\x1E\x17\x0D\x31\x32\x30\x31\x31\x32\x31\x37\x32\x37\x34\x34\x5A\x17\x0D\x34\x32\x30\x31\x31\x32\x31\x37\x32\x37\x34\x34\x5A\x30\x48\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x13\x15\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x31\x20\x47\x33\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA0\xBE\x50\x10\x8E\xE9\xF2\x6C\x40\xB4\x04\x9C\x85\xB9\x31\xCA\xDC\x2D\xE4\x11\xA9\x04\x3C\x1B\x55\xC1\xE7\x58\x30\x1D\x24\xB4\xC3\xEF\x85\xDE\x8C\x2C\xE1\xC1\x3D\xDF\x82\xE6\x4F\xAD\x47\x87\x6C\xEC\x5B\x49\xC1\x4A\xD5\xBB\x8F\xEC\x87\xAC\x7F\x82\x9A\x86\xEC\x3D\x03\x99\x52\x01\xD2\x35\x9E\xAC\xDA\xF0\x53\xC9\x66\x3C\xD4\xAC\x02\x01\xDA\x24\xD3\x3B\xA8\x02\x46\xAF\xA4\x1C\xE3\xF8\x73\x58\x76\xB7\xF6\x0E\x90\x0D\xB5\xF0\xCF\xCC\xFA\xF9\xC6\x4C\xE5\xC3\x86\x30\x0A\x8D\x17\x7E\x35\xEB\xC5\xDF\xBB\x0E\x9C\xC0\x8D\x87\xE3\x88\x38\x85\x67\xFA\x3E\xC7\xAB\xE0\x13\x9C\x05\x18\x98\xCF\x93\xF5\xB1\x92\xB4\xFC\x23\xD3\xCF\xD5\xC4\x27\x49\xE0\x9E\x3C\x9B\x08\xA3\x8B\x5D\x2A\x21\xE0\xFC\x39\xAA\x53\xDA\x7D\x7E\xCF\x1A\x09\x53\xBC\x5D\x05\x04\xCF\xA1\x4A\x8F\x8B\x76\x82\x0D\xA1\xF8\xD2\xC7\x14\x77\x5B\x90\x36\x07\x81\x9B\x3E\x06\xFA\x52\x5E\x63\xC5\xA6\x00\xFE\xA5\xE9\x52\x1B\x52\xB5\x92\x39\x72\x03\x09\x62\xBD\xB0\x60\x16\x6E\xA6\xDD\x25\xC2\x03\x66\xDD\xF3\x04\xD1\x40\xE2\x4E\x8B\x86\xF4\x6F\xE5\x83\xA0\x27\x84\x5E\x04\xC1\xF5\x90\xBD\x30\x3D\xC4\xEF\xA8\x69\xBC\x38\x9B\xA4\xA4\x96\xD1\x62\xDA\x69\xC0\x01\x96\xAE\xCB\xC4\x51\x34\xEA\x0C\xAA\xFF\x21\x8E\x59\x8F\x4A\x5C\xE4\x61\x9A\xA7\xD2\xE9\x2A\x78\x8D\x51\x3D\x3A\x15\xEE\xA2\x59\x8E\xA9\x5C\xDE\xC5\xF9\x90\x22\xE5\x88\x45\x71\xDD\x91\x99\x6C\x7A\x9F\x3D\x3D\x98\x7C\x5E\xF6\xBE\x16\x68\xA0\x5E\xAE\x0B\x23\xFC\x5A\x0F\xAA\x22\x76\x2D\xC9\xA1\x10\x1D\xE4\xD3\x44\x23\x90\x88\x9F\xC6\x2A\xE6\xD7\xF5\x9A\xB3\x58\x1E\x2F\x30\x89\x08\x1B\x54\xA2\xB5\x98\x23\xEC\x08\x77\x1C\x95\x5D\x61\xD1\xCB\x89\x9C\x5F\xA2\x4A\x91\x9A\xEF\x21\xAA\x49\x16\x08\xA8\xBD\x61\x28\x31\xC9\x74\xAD\x85\xF6\xD9\xC5\xB1\x8B\xD1\xE5\x10\x32\x4D\x5F\x8B\x20\x3A\x3C\x49\x1F\x33\x85\x59\x0D\xDB\xCB\x09\x75\x43\x69\x73\xFB\x6B\x71\x7D\xF0\xDF\xC4\x4C\x7D\xC6\xA3\x2E\xC8\x95\x79\xCB\x73\xA2\x8E\x4E\x4D\x24\xFB\x5E\xE4\x04\xBE\x72\x1B\xA6\x27\x2D\x49\x5A\x99\x7A\xD7\x5C\x09\x20\xB7\x7F\x94\xB9\x4F\xF1\x0D\x1C\x5E\x88\x42\x1B\x11\xB7\xE7\x91\xDB\x9E\x6C\xF4\x6A\xDF\x8C\x06\x98\x03\xAD\xCC\x28\xEF\xA5\x47\xF3\x53\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA3\x97\xD6\xF3\x5E\xA2\x10\xE1\xAB\x45\x9F\x3C\x17\x64\x3C\xEE\x01\x70\x9C\xCC\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x18\xFA\x5B\x75\xFC\x3E\x7A\xC7\x5F\x77\xC7\xCA\xDF\xCF\x5F\xC3\x12\xC4\x40\x5D\xD4\x32\xAA\xB8\x6A\xD7\xD5\x15\x15\x46\x98\x23\xA5\xE6\x90\x5B\x18\x99\x4C\xE3\xAD\x42\xA3\x82\x31\x36\x88\xCD\xE9\xFB\xC4\x04\x96\x48\x8B\x01\xC7\x8D\x01\xCF\x5B\x33\x06\x96\x46\x66\x74\x1D\x4F\xED\xC1\xB6\xB9\xB4\x0D\x61\xCC\x63\x7E\xD7\x2E\x77\x8C\x96\x1C\x2A\x23\x68\x6B\x85\x57\x76\x70\x33\x13\xFE\xE1\x4F\xA6\x23\x77\x18\xFA\x1A\x8C\xE8\xBD\x65\xC9\xCF\x3F\xF4\xC9\x17\xDC\xEB\xC7\xBC\xC0\x04\x2E\x2D\x46\x2F\x69\x66\xC3\x1B\x8F\xFE\xEC\x3E\xD3\xCA\x94\xBF\x76\x0A\x25\x0D\xA9\x7B\x02\x1C\xA9\xD0\x3B\x5F\x0B\xC0\x81\x3A\x3D\x64\xE1\xBF\xA7\x2D\x4E\xBD\x4D\xC4\xD8\x29\xC6\x22\x18\xD0\xC5\xAC\x72\x02\x82\x3F\xAA\x3A\xA2\x3A\x22\x97\x31\xDD\x08\x63\xC3\x75\x14\xB9\x60\x28\x2D\x5B\x68\xE0\x16\xA9\x66\x82\x23\x51\xF5\xEB\x53\xD8\x31\x9B\x7B\xE9\xB7\x9D\x4B\xEB\x88\x16\xCF\xF9\x5D\x38\x8A\x49\x30\x8F\xED\xF1\xEB\x19\xF4\x77\x1A\x31\x18\x4D\x67\x54\x6C\x2F\x6F\x65\xF9\xDB\x3D\xEC\x21\xEC\x5E\xF4\xF4\x8B\xCA\x60\x65\x54\xD1\x71\x64\xF4\xF9\xA6\xA3\x81\x33\x36\x33\x71\xF0\xA4\x78\x5F\x4E\xAD\x83\x21\xDE\x34\x49\x8D\xE8\x59\xAC\x9D\xF2\x76\x5A\x36\xF2\x13\xF4\xAF\xE0\x09\xC7\x61\x2A\x6C\xF7\xE0\x9D\xAE\xBB\x86\x4A\x28\x6F\x2E\xEE\xB4\x79\xCD\x90\x33\xC3\xB3\x76\xFA\xF5\xF0\x6C\x9D\x01\x90\xFA\x9E\x90\xF6\x9C\x72\xCF\x47\xDA\xC3\x1F\xE4\x35\x20\x53\xF2\x54\xD1\xDF\x61\x83\xA6\x02\xE2\x25\x38\xDE\x85\x32\x2D\x5E\x73\x90\x52\x5D\x42\xC4\xCE\x3D\x4B\xE1\xF9\x19\x84\x1D\xD5\xA2\x50\xCC\x41\xFB\x41\x14\xC3\xBD\xD6\xC9\x5A\xA3\x63\x66\x02\x80\xBD\x05\x3A\x3B\x47\x9C\xEC\x00\x26\x4C\xF5\x88\x51\xBF\xA8\x23\x7F\x18\x07\xB0\x0B\xED\x8B\x26\xA1\x64\xD3\x61\x4A\xEB\x5C\x9F\xDE\xB3\xAF\x67\x03\xB3\x1F\xDD\x6D\x5D\x69\x68\x69\xAB\x5E\x3A\xEC\x7C\x69\xBC\xC7\x3B\x85\x4E\x9E\x15\xB9\xB4\x15\x4F\xC3\x95\x7A\x58\xD7\xC9\x6C\xE9\x6C\xB9\xF3\x29\x63\x5E\xB4\x2C\xF0\x2D\x3D\xED\x5A\x65\xE0\xA9\x5B\x40\xC2\x48\x99\x81\x6D\x9E\x1F\x06\x2A\x3C\x12\xB4\x8B\x0F\x9B\xA2\x24\xF0\xA6\x8D\xD6\x7A\xE0\x4B\xB6\x64\x96\x63\x95\x84\xC2\x4A\xCD\x1C\x2E\x24\x87\x33\x60\xE5\xC3",
+	["CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM"] = "\x30\x82\x05\x60\x30\x82\x03\x48\xA0\x03\x02\x01\x02\x02\x14\x44\x57\x34\x24\x5B\x81\x89\x9B\x35\xF2\xCE\xB8\x2B\x3B\x5B\xA7\x26\xF0\x75\x28\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x48\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x13\x15\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x20\x47\x33\x30\x1E\x17\x0D\x31\x32\x30\x31\x31\x32\x31\x38\x35\x39\x33\x32\x5A\x17\x0D\x34\x32\x30\x31\x31\x32\x31\x38\x35\x39\x33\x32\x5A\x30\x48\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x13\x15\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x20\x47\x33\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA1\xAE\x25\xB2\x01\x18\xDC\x57\x88\x3F\x46\xEB\xF9\xAF\xE2\xEB\x23\x71\xE2\x9A\xD1\x61\x66\x21\x5F\xAA\xAF\x27\x51\xE5\x6E\x1B\x16\xD4\x2D\x7D\x50\xB0\x53\x77\xBD\x78\x3A\x60\xE2\x64\x02\x9B\x7C\x86\x9B\xD6\x1A\x8E\xAD\xFF\x1F\x15\x7F\xD5\x95\x1E\x12\xCB\xE6\x14\x84\x04\xC1\xDF\x36\xB3\x16\x9F\x8A\xE3\xC9\xDB\x98\x34\xCE\xD8\x33\x17\x28\x46\xFC\xA7\xC9\xF0\xD2\xB4\xD5\x4D\x09\x72\x49\xF9\xF2\x87\xE3\xA9\xDA\x7D\xA1\x7D\x6B\xB2\x3A\x25\xA9\x6D\x52\x44\xAC\xF8\xBE\x6E\xFB\xDC\xA6\x73\x91\x90\x61\xA6\x03\x14\x20\xF2\xE7\x87\xA3\x88\xAD\xAD\xA0\x8C\xFF\xA6\x0B\x25\x52\x25\xE7\x16\x01\xD5\xCB\xB8\x35\x81\x0C\xA3\x3B\xF0\xE1\xE1\xFC\x5A\x5D\xCE\x80\x71\x6D\xF8\x49\xAB\x3E\x3B\xBA\xB8\xD7\x80\x01\xFB\xA5\xEB\x5B\xB3\xC5\x5E\x60\x2A\x31\xA0\xAF\x37\xE8\x20\x3A\x9F\xA8\x32\x2C\x0C\xCC\x09\x1D\xD3\x9E\x8E\x5D\xBC\x4C\x98\xEE\xC5\x1A\x68\x7B\xEC\x53\xA6\xE9\x14\x35\xA3\xDF\xCD\x80\x9F\x0C\x48\xFB\x1C\xF4\xF1\xBF\x4A\xB8\xFA\xD5\x8C\x71\x4A\xC7\x1F\xAD\xFE\x41\x9A\xB3\x83\x5D\xF2\x84\x56\xEF\xA5\x57\x43\xCE\x29\xAD\x8C\xAB\x55\xBF\xC4\xFB\x5B\x01\xDD\x23\x21\xA1\x58\x00\x8E\xC3\xD0\x6A\x13\xED\x13\xE3\x12\x2B\x80\xDC\x67\xE6\x95\xB2\xCD\x1E\x22\x6E\x2A\xF8\x41\xD4\xF2\xCA\x14\x07\x8D\x8A\x55\x12\xC6\x69\xF5\xB8\x86\x68\x2F\x53\x5E\xB0\xD2\xAA\x21\xC1\x98\xE6\x30\xE3\x67\x55\xC7\x9B\x6E\xAC\x19\xA8\x55\xA6\x45\x06\xD0\x23\x3A\xDB\xEB\x65\x5D\x2A\x11\x11\xF0\x3B\x4F\xCA\x6D\xF4\x34\xC4\x71\xE4\xFF\x00\x5A\xF6\x5C\xAE\x23\x60\x85\x73\xF1\xE4\x10\xB1\x25\xAE\xD5\x92\xBB\x13\xC1\x0C\xE0\x39\xDA\xB4\x39\x57\xB5\xAB\x35\xAA\x72\x21\x3B\x83\x35\xE7\x31\xDF\x7A\x21\x6E\xB8\x32\x08\x7D\x1D\x32\x91\x15\x4A\x62\x72\xCF\xE3\x77\xA1\xBC\xD5\x11\x1B\x76\x01\x67\x08\xE0\x41\x0B\xC3\xEB\x15\x6E\xF8\xA4\x19\xD9\xA2\xAB\xAF\xE2\x27\x52\x56\x2B\x02\x8A\x2C\x14\x24\xF9\xBF\x42\x02\xBF\x26\xC8\xC6\x8F\xE0\x6E\x38\x7D\x53\x2D\xE5\xED\x98\xB3\x95\x63\x68\x7F\xF9\x35\xF4\xDF\x88\xC5\x60\x35\x92\xC0\x7C\x69\x1C\x61\x95\x16\xD0\xEB\xDE\x0B\xAF\x3E\x04\x10\x45\x65\x58\x50\x38\xAF\x48\xF2\x59\xB6\x16\xF2\x3C\x0D\x90\x02\xC6\x70\x2E\x01\xAD\x3C\x15\xD7\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xED\xE7\x6F\x76\x5A\xBF\x60\xEC\x49\x5B\xC6\xA5\x77\xBB\x72\x16\x71\x9B\xC4\x3D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x91\xDF\x80\x3F\x43\x09\x7E\x71\xC2\xF7\xEB\xB3\x88\x8F\xE1\x51\xB2\xBC\x3D\x75\xF9\x28\x5D\xC8\xBC\x99\x9B\x7B\x5D\xAA\xE5\xCA\xE1\x0A\xF7\xE8\xB2\xD3\x9F\xDD\x67\x31\x7E\xBA\x01\xAA\xC7\x6A\x41\x3B\x90\xD4\x08\x5C\xB2\x60\x6A\x90\xF0\xC8\xCE\x03\x62\xF9\x8B\xED\xFB\x6E\x2A\xDC\x06\x4D\x3C\x29\x0F\x89\x16\x8A\x58\x4C\x48\x0F\xE8\x84\x61\xEA\x3C\x72\xA6\x77\xE4\x42\xAE\x88\xA3\x43\x58\x79\x7E\xAE\xCA\xA5\x53\x0D\xA9\x3D\x70\xBD\x20\x19\x61\xA4\x6C\x38\xFC\x43\x32\xE1\xC1\x47\xFF\xF8\xEC\xF1\x11\x22\x32\x96\x9C\xC2\xF6\x5B\x69\x96\x7B\x20\x0C\x43\x41\x9A\x5B\xF6\x59\x19\x88\xDE\x55\x88\x37\x51\x0B\x78\x5C\x0A\x1E\xA3\x42\xFD\xC7\x9D\x88\x0F\xC0\xF2\x78\x02\x24\x54\x93\xAF\x89\x87\x88\xC9\x4A\x80\x1D\xEA\xD0\x6E\x3E\x61\x2E\x36\xBB\x35\x0E\x27\x96\xFD\x66\x34\x3B\x61\x72\x73\xF1\x16\x5C\x47\x06\x54\x49\x00\x7A\x58\x12\xB0\x0A\xEF\x85\xFD\xB1\xB8\x33\x75\x6A\x93\x1C\x12\xE6\x60\x5E\x6F\x1D\x7F\xC9\x1F\x23\xCB\x84\x61\x9F\x1E\x82\x44\xF9\x5F\xAD\x62\x55\x24\x9A\x52\x98\xED\x51\xE7\xA1\x7E\x97\x3A\xE6\x2F\x1F\x11\xDA\x53\x80\x2C\x85\x9E\xAB\x35\x10\xDB\x22\x5F\x6A\xC5\x5E\x97\x53\xF2\x32\x02\x09\x30\xA3\x58\xF0\x0D\x01\xD5\x72\xC6\xB1\x7C\x69\x7B\xC3\xF5\x36\x45\xCC\x61\x6E\x5E\x4C\x94\xC5\x5E\xAE\xE8\x0E\x5E\x8B\xBF\xF7\xCD\xE0\xED\xA1\x0E\x1B\x33\xEE\x54\x18\xFE\x0F\xBE\xEF\x7E\x84\x6B\x43\xE3\x70\x98\xDB\x5D\x75\xB2\x0D\x59\x07\x85\x15\x23\x39\xD6\xF1\xDF\xA9\x26\x0F\xD6\x48\xC7\xB3\xA6\x22\xF5\x33\x37\x5A\x95\x47\x9F\x7B\xBA\x18\x15\x6F\xFF\xD6\x14\x64\x83\x49\xD2\x0A\x67\x21\xDB\x0F\x35\x63\x60\x28\x22\xE3\xB1\x95\x83\xCD\x85\xA6\xDD\x2F\x0F\xE7\x67\x52\x6E\xBB\x2F\x85\x7C\xF5\x4A\x73\xE7\xC5\x3E\xC0\xBD\x21\x12\x05\x3F\xFC\xB7\x03\x49\x02\x5B\xC8\x25\xE6\xE2\x54\x38\xF5\x79\x87\x8C\x1D\x53\xB2\x4E\x85\x7B\x06\x38\xC7\x2C\xF8\xF8\xB0\x72\x8D\x25\xE5\x77\x52\xF4\x03\x1C\x48\xA6\x50\x5F\x88\x20\x30\x6E\xF2\x82\x43\xAB\x3D\x97\x84\xE7\x53\xFB\x21\xC1\x4F\x0F\x22\x9A\x86\xB8\x59\x2A\xF6\x47\x3D\x19\x88\x2D\xE8\x85\xE1\x9E\xEC\x85\x08\x6A\xB1\x6C\x34\xC9\x1D\xEC\x48\x2B\x3B\x78\xED\x66\xC4\x8E\x79\x69\x83\xDE\x7F\x8C",
+	["CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM"] = "\x30\x82\x05\x60\x30\x82\x03\x48\xA0\x03\x02\x01\x02\x02\x14\x2E\xF5\x9B\x02\x28\xA7\xDB\x7A\xFF\xD5\xA3\xA9\xEE\xBD\x03\xA0\xCF\x12\x6A\x1D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x48\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x13\x15\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x33\x20\x47\x33\x30\x1E\x17\x0D\x31\x32\x30\x31\x31\x32\x32\x30\x32\x36\x33\x32\x5A\x17\x0D\x34\x32\x30\x31\x31\x32\x32\x30\x32\x36\x33\x32\x5A\x30\x48\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x13\x15\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x33\x20\x47\x33\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xB3\xCB\x0E\x10\x67\x8E\xEA\x14\x97\xA7\x32\x2A\x0A\x56\x36\x7F\x68\x4C\xC7\xB3\x6F\x3A\x23\x14\x91\xFF\x19\x7F\xA5\xCA\xAC\xEE\xB3\x76\x9D\x7A\xE9\x8B\x1B\xAB\x6B\x31\xDB\xFA\x0B\x53\x4C\xAF\xC5\xA5\x1A\x79\x3C\x8A\x4C\xFF\xAC\xDF\x25\xDE\x4E\xD9\x82\x32\x0B\x44\xDE\xCA\xDB\x8C\xAC\xA3\x6E\x16\x83\x3B\xA6\x64\x4B\x32\x89\xFB\x16\x16\x38\x7E\xEB\x43\xE2\xD3\x74\x4A\xC2\x62\x0A\x73\x0A\xDD\x49\xB3\x57\xD2\xB0\x0A\x85\x9D\x71\x3C\xDE\xA3\xCB\xC0\x32\xF3\x01\x39\x20\x43\x1B\x35\xD1\x53\xB3\xB1\xEE\xC5\x93\x69\x82\x3E\x16\xB5\x28\x46\xA1\xDE\xEA\x89\x09\xED\x43\xB8\x05\x46\x8A\x86\xF5\x59\x47\xBE\x1B\x6F\x01\x21\x10\xB9\xFD\xA9\xD2\x28\xCA\x10\x39\x09\xCA\x13\x36\xCF\x9C\xAD\xAD\x40\x74\x79\x2B\x02\x3F\x34\xFF\xFA\x20\x69\x7D\xD3\xEE\x61\xF5\xBA\xB3\xE7\x30\xD0\x37\x23\x86\x72\x61\x45\x29\x48\x59\x68\x6F\x77\xA6\x2E\x81\xBE\x07\x4D\x6F\xAF\xCE\xC4\x45\x13\x91\x14\x70\x06\x8F\x1F\x9F\xF8\x87\x69\xB1\x0E\xEF\xC3\x89\x19\xEB\xEA\x1C\x61\xFC\x7A\x6C\x8A\xDC\xD6\x03\x0B\x9E\x26\xBA\x12\xDD\xD4\x54\x39\xAB\x26\xA3\x33\xEA\x75\x81\xDA\x2D\xCD\x0F\x4F\xE4\x03\xD1\xEF\x15\x97\x1B\x6B\x90\xC5\x02\x90\x93\x66\x02\x21\xB1\x47\xDE\x8B\x9A\x4A\x80\xB9\x55\x8F\xB5\xA2\x2F\xC0\xD6\x33\x67\xDA\x7E\xC4\xA7\xB4\x04\x44\xEB\x47\xFB\xE6\x58\xB9\xF7\x0C\xF0\x7B\x2B\xB1\xC0\x70\x29\xC3\x40\x62\x2D\x3B\x48\x69\xDC\x23\x3C\x48\xEB\x7B\x09\x79\xA9\x6D\xDA\xA8\x30\x98\xCF\x80\x72\x03\x88\xA6\x5B\x46\xAE\x72\x79\x7C\x08\x03\x21\x65\xAE\xB7\xE1\x1C\xA5\xB1\x2A\xA2\x31\xDE\x66\x04\xF7\xC0\x74\xE8\x71\xDE\xFF\x3D\x59\xCC\x96\x26\x12\x8B\x85\x95\x57\x1A\xAB\x6B\x75\x0B\x44\x3D\x11\x28\x3C\x7B\x61\xB7\xE2\x8F\x67\x4F\xE5\xEC\x3C\x4C\x60\x80\x69\x57\x38\x1E\x01\x5B\x8D\x55\xE8\xC7\xDF\xC0\xCC\x77\x23\x34\x49\x75\x7C\xF6\x98\x11\xEB\x2D\xDE\xED\x41\x2E\x14\x05\x02\x7F\xE0\xFE\x20\xEB\x35\xE7\x11\xAC\x22\xCE\x57\x3D\xDE\xC9\x30\x6D\x10\x03\x85\xCD\xF1\xFF\x8C\x16\xB5\xC1\xB2\x3E\x88\x6C\x60\x7F\x90\x4F\x95\xF7\xF6\x2D\xAD\x01\x39\x07\x04\xFA\x75\x80\x7D\xBF\x49\x50\xED\xEF\xC9\xC4\x7C\x1C\xEB\x80\x7E\xDB\xB6\xD0\xDD\x13\xFE\xC9\xD3\x9C\xD7\xB2\x97\xA9\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xC6\x17\xD0\xBC\xA8\xEA\x02\x43\xF2\x1B\x06\x99\x5D\x2B\x90\x20\xB9\xD7\x9C\xE4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x34\x61\xD9\x56\xB5\x12\x87\x55\x4D\xDD\xA3\x35\x31\x46\xBB\xA4\x07\x72\xBC\x5F\x61\x62\xE8\xA5\xFB\x0B\x37\xB1\x3C\xB6\xB3\xFA\x29\x9D\x7F\x02\xF5\xA4\xC9\xA8\x93\xB7\x7A\x71\x28\x69\x8F\x73\xE1\x52\x90\xDA\xD5\xBE\x3A\xE5\xB7\x76\x6A\x56\x80\x21\xDF\x5D\xE6\xE9\x3A\x9E\xE5\x3E\xF6\xA2\x69\xC7\x2A\x0A\xB0\x18\x47\xDC\x20\x70\x7D\x52\xA3\x3E\x59\x7C\xC1\xBA\xC9\xC8\x15\x40\x61\xCA\x72\xD6\x70\xAC\xD2\xB7\xF0\x1C\xE4\x86\x29\xF0\xCE\xEF\x68\x63\xD0\xB5\x20\x8A\x15\x61\x9A\x7E\x86\x98\xB4\xC9\xC2\x76\xFB\xCC\xBA\x30\x16\xCC\xA3\x61\xC6\x74\x13\xE5\x6B\xEF\xA3\x15\xEA\x03\xFE\x13\x8B\x64\xE4\xD3\xC1\xD2\xE8\x84\xFB\x49\xD1\x10\x4D\x79\x66\xEB\xAA\xFD\xF4\x8D\x31\x1E\x70\x14\xAD\xDC\xDE\x67\x13\x4C\x81\x15\x61\xBC\xB7\xD9\x91\x77\x71\x19\x81\x60\xBB\xF0\x58\xA5\xB5\x9C\x0B\xF7\x8F\x22\x55\x27\xC0\x4B\x01\x6D\x3B\x99\x0D\xD4\x1D\x9B\x63\x67\x2F\xD0\xEE\x0D\xCA\x66\xBC\x94\x4F\xA6\xAD\xED\xFC\xEE\x63\xAC\x57\x3F\x65\x25\xCF\xB2\x86\x8F\xD0\x08\xFF\xB8\x76\x14\x6E\xDE\xE5\x27\xEC\xAB\x78\xB5\x53\xB9\xB6\x3F\xE8\x20\xF9\xD2\xA8\xBE\x61\x46\xCA\x87\x8C\x84\xF3\xF9\xF1\xA0\x68\x9B\x22\x1E\x81\x26\x9B\x10\x04\x91\x71\xC0\x06\x1F\xDC\xA0\xD3\xB9\x56\xA7\xE3\x98\x2D\x7F\x83\x9D\xDF\x8C\x2B\x9C\x32\x8E\x32\x94\xF0\x01\x3C\x22\x2A\x9F\x43\xC2\x2E\xC3\x98\x39\x07\x38\x7B\xFC\x5E\x00\x42\x1F\xF3\x32\x26\x79\x83\x84\xF6\xE5\xF0\xC1\x51\x12\xC0\x0B\x1E\x04\x23\x0C\x54\xA5\x4C\x2F\x49\xC5\x4A\xD1\xB6\x6E\x60\x0D\x6B\xFC\x6B\x8B\x85\x24\x64\xB7\x89\x0E\xAB\x25\x47\x5B\x3C\xCF\x7E\x49\xBD\xC7\xE9\x0A\xC6\xDA\xF7\x7E\x0E\x17\x08\xD3\x48\x97\xD0\x71\x92\xF0\x0F\x39\x3E\x34\x6A\x1C\x7D\xD8\xF2\x22\xAE\xBB\x69\xF4\x33\xB4\xA6\x48\x55\xD1\x0F\x0E\x26\xE8\xEC\xB6\x0B\x2D\xA7\x85\x35\xCD\xFD\x59\xC8\x9F\xD1\xCD\x3E\x5A\x29\x34\xB9\x3D\x84\xCE\xB1\x65\xD4\x59\x91\x91\x56\x75\x21\xC1\x77\x9E\xF9\x7A\xE1\x60\x9D\xD3\xAD\x04\x18\xF4\x7C\xEB\x5E\x93\x8F\x53\x4A\x22\x29\xF8\x48\x2B\x3E\x4D\x86\xAC\x5B\x7F\xCB\x06\x99\x59\x60\xD8\x58\x65\x95\x8D\x44\xD1\xF7\x7F\x7E\x27\x7F\x7D\xAE\x80\xF5\x07\x4C\xB6\x3E\x9C\x71\x54\x99\x04\x4B\xFD\x58\xF9\x98\xF4",
+	["CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US"] = "\x30\x82\x03\x96\x30\x82\x02\x7E\xA0\x03\x02\x01\x02\x02\x10\x0B\x93\x1C\x3A\xD6\x39\x67\xEA\x67\x23\xBF\xC3\xAF\x9A\xF4\x4B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1B\x44\x69\x67\x69\x43\x65\x72\x74\x20\x41\x73\x73\x75\x72\x65\x64\x20\x49\x44\x20\x52\x6F\x6F\x74\x20\x47\x32\x30\x1E\x17\x0D\x31\x33\x30\x38\x30\x31\x31\x32\x30\x30\x30\x30\x5A\x17\x0D\x33\x38\x30\x31\x31\x35\x31\x32\x30\x30\x30\x30\x5A\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1B\x44\x69\x67\x69\x43\x65\x72\x74\x20\x41\x73\x73\x75\x72\x65\x64\x20\x49\x44\x20\x52\x6F\x6F\x74\x20\x47\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xD9\xE7\x28\x2F\x52\x3F\x36\x72\x49\x88\x93\x34\xF3\xF8\x6A\x1E\x31\x54\x80\x9F\xAD\x54\x41\xB5\x47\xDF\x96\xA8\xD4\xAF\x80\x2D\xB9\x0A\xCF\x75\xFD\x89\xA5\x7D\x24\xFA\xE3\x22\x0C\x2B\xBC\x95\x17\x0B\x33\xBF\x19\x4D\x41\x06\x90\x00\xBD\x0C\x4D\x10\xFE\x07\xB5\xE7\x1C\x6E\x22\x55\x31\x65\x97\xBD\xD3\x17\xD2\x1E\x62\xF3\xDB\xEA\x6C\x50\x8C\x3F\x84\x0C\x96\xCF\xB7\xCB\x03\xE0\xCA\x6D\xA1\x14\x4C\x1B\x89\xDD\xED\x00\xB0\x52\x7C\xAF\x91\x6C\xB1\x38\x13\xD1\xE9\x12\x08\xC0\x00\xB0\x1C\x2B\x11\xDA\x77\x70\x36\x9B\xAE\xCE\x79\x87\xDC\x82\x70\xE6\x09\x74\x70\x55\x69\xAF\xA3\x68\x9F\xBF\xDD\xB6\x79\xB3\xF2\x9D\x70\x29\x55\xF4\xAB\xFF\x95\x61\xF3\xC9\x40\x6F\x1D\xD1\xBE\x93\xBB\xD3\x88\x2A\xBB\x9D\xBF\x72\x5A\x56\x71\x3B\x3F\xD4\xF3\xD1\x0A\xFE\x28\xEF\xA3\xEE\xD9\x99\xAF\x03\xD3\x8F\x60\xB7\xF2\x92\xA1\xB1\xBD\x89\x89\x1F\x30\xCD\xC3\xA6\x2E\x62\x33\xAE\x16\x02\x77\x44\x5A\xE7\x81\x0A\x3C\xA7\x44\x2E\x79\xB8\x3F\x04\xBC\x5C\xA0\x87\xE1\x1B\xAF\x51\x8E\xCD\xEC\x2C\xFA\xF8\xFE\x6D\xF0\x3A\x7C\xAA\x8B\xE4\x67\x95\x31\x8D\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xCE\xC3\x4A\xB9\x99\x55\xF2\xB8\xDB\x60\xBF\xA9\x7E\xBD\x56\xB5\x97\x36\xA7\xD6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\xCA\xA5\x55\x8C\xE3\xC8\x41\x6E\x69\x27\xA7\x75\x11\xEF\x3C\x86\x36\x6F\xD2\x9D\xC6\x78\x38\x1D\x69\x96\xA2\x92\x69\x2E\x38\x6C\x9B\x7D\x04\xD4\x89\xA5\xB1\x31\x37\x8A\xC9\x21\xCC\xAB\x6C\xCD\x8B\x1C\x9A\xD6\xBF\x48\xD2\x32\x66\xC1\x8A\xC0\xF3\x2F\x3A\xEF\xC0\xE3\xD4\x91\x86\xD1\x50\xE3\x03\xDB\x73\x77\x6F\x4A\x39\x53\xED\xDE\x26\xC7\xB5\x7D\xAF\x2B\x42\xD1\x75\x62\xE3\x4A\x2B\x02\xC7\x50\x4B\xE0\x69\xE2\x96\x6C\x0E\x44\x66\x10\x44\x8F\xAD\x05\xEB\xF8\x79\xAC\xA6\x1B\xE8\x37\x34\x9D\x53\xC9\x61\xAA\xA2\x52\xAF\x4A\x70\x16\x86\xC2\x3A\xC8\xB1\x13\x70\x36\xD8\xCF\xEE\xF4\x0A\x34\xD5\x5B\x4C\xFD\x07\x9C\xA2\xBA\xD9\x01\x72\x5C\xF3\x4D\xC1\xDD\x0E\xB1\x1C\x0D\xC4\x63\xBE\xAD\xF4\x14\xFB\x89\xEC\xA2\x41\x0E\x4C\xCC\xC8\x57\x40\xD0\x6E\x03\xAA\xCD\x0C\x8E\x89\x99\x99\x6C\xF0\x3C\x30\xAF\x38\xDF\x6F\xBC\xA3\xBE\x29\x20\x27\xAB\x74\xFF\x13\x22\x78\xDE\x97\x52\x55\x1E\x83\xB5\x54\x20\x03\xEE\xAE\xC0\x4F\x56\xDE\x37\xCC\xC3\x7F\xAA\x04\x27\xBB\xD3\x77\xB8\x62\xDB\x17\x7C\x9C\x28\x22\x13\x73\x6C\xCF\x26\xF5\x8A\x29\xE7",
+	["CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US"] = "\x30\x82\x02\x46\x30\x82\x01\xCD\xA0\x03\x02\x01\x02\x02\x10\x0B\xA1\x5A\xFA\x1D\xDF\xA0\xB5\x49\x44\xAF\xCD\x24\xA0\x6C\xEC\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1B\x44\x69\x67\x69\x43\x65\x72\x74\x20\x41\x73\x73\x75\x72\x65\x64\x20\x49\x44\x20\x52\x6F\x6F\x74\x20\x47\x33\x30\x1E\x17\x0D\x31\x33\x30\x38\x30\x31\x31\x32\x30\x30\x30\x30\x5A\x17\x0D\x33\x38\x30\x31\x31\x35\x31\x32\x30\x30\x30\x30\x5A\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1B\x44\x69\x67\x69\x43\x65\x72\x74\x20\x41\x73\x73\x75\x72\x65\x64\x20\x49\x44\x20\x52\x6F\x6F\x74\x20\x47\x33\x30\x76\x30\x10\x06\x07\x2A\x86\x48\xCE\x3D\x02\x01\x06\x05\x2B\x81\x04\x00\x22\x03\x62\x00\x04\x19\xE7\xBC\xAC\x44\x65\xED\xCD\xB8\x3F\x58\xFB\x8D\xB1\x57\xA9\x44\x2D\x05\x15\xF2\xEF\x0B\xFF\x10\x74\x9F\xB5\x62\x52\x5F\x66\x7E\x1F\xE5\xDC\x1B\x45\x79\x0B\xCC\xC6\x53\x0A\x9D\x8D\x5D\x02\xD9\xA9\x59\xDE\x02\x5A\xF6\x95\x2A\x0E\x8D\x38\x4A\x8A\x49\xC6\xBC\xC6\x03\x38\x07\x5F\x55\xDA\x7E\x09\x6E\xE2\x7F\x5E\xD0\x45\x20\x0F\x59\x76\x10\xD6\xA0\x24\xF0\x2D\xDE\x36\xF2\x6C\x29\x39\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xCB\xD0\xBD\xA9\xE1\x98\x05\x51\xA1\x4D\x37\xA2\x83\x79\xCE\x8D\x1D\x2A\xE4\x84\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x03\x67\x00\x30\x64\x02\x30\x25\xA4\x81\x45\x02\x6B\x12\x4B\x75\x74\x4F\xC8\x23\xE3\x70\xF2\x75\x72\xDE\x7C\x89\xF0\xCF\x91\x72\x61\x9E\x5E\x10\x92\x59\x56\xB9\x83\xC7\x10\xE7\x38\xE9\x58\x26\x36\x7D\xD5\xE4\x34\x86\x39\x02\x30\x7C\x36\x53\xF0\x30\xE5\x62\x63\x3A\x99\xE2\xB6\xA3\x3B\x9B\x34\xFA\x1E\xDA\x10\x92\x71\x5E\x91\x13\xA7\xDD\xA4\x6E\x92\xCC\x32\xD6\xF5\x21\x66\xC7\x2F\xEA\x96\x63\x6A\x65\x45\x92\x95\x01\xB4",
+	["CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US"] = "\x30\x82\x03\x8E\x30\x82\x02\x76\xA0\x03\x02\x01\x02\x02\x10\x03\x3A\xF1\xE6\xA7\x11\xA9\xA0\xBB\x28\x64\xB1\x1D\x09\xFA\xE5\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x61\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x44\x69\x67\x69\x43\x65\x72\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x20\x47\x32\x30\x1E\x17\x0D\x31\x33\x30\x38\x30\x31\x31\x32\x30\x30\x30\x30\x5A\x17\x0D\x33\x38\x30\x31\x31\x35\x31\x32\x30\x30\x30\x30\x5A\x30\x61\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x44\x69\x67\x69\x43\x65\x72\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x20\x47\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBB\x37\xCD\x34\xDC\x7B\x6B\xC9\xB2\x68\x90\xAD\x4A\x75\xFF\x46\xBA\x21\x0A\x08\x8D\xF5\x19\x54\xC9\xFB\x88\xDB\xF3\xAE\xF2\x3A\x89\x91\x3C\x7A\xE6\xAB\x06\x1A\x6B\xCF\xAC\x2D\xE8\x5E\x09\x24\x44\xBA\x62\x9A\x7E\xD6\xA3\xA8\x7E\xE0\x54\x75\x20\x05\xAC\x50\xB7\x9C\x63\x1A\x6C\x30\xDC\xDA\x1F\x19\xB1\xD7\x1E\xDE\xFD\xD7\xE0\xCB\x94\x83\x37\xAE\xEC\x1F\x43\x4E\xDD\x7B\x2C\xD2\xBD\x2E\xA5\x2F\xE4\xA9\xB8\xAD\x3A\xD4\x99\xA4\xB6\x25\xE9\x9B\x6B\x00\x60\x92\x60\xFF\x4F\x21\x49\x18\xF7\x67\x90\xAB\x61\x06\x9C\x8F\xF2\xBA\xE9\xB4\xE9\x92\x32\x6B\xB5\xF3\x57\xE8\x5D\x1B\xCD\x8C\x1D\xAB\x95\x04\x95\x49\xF3\x35\x2D\x96\xE3\x49\x6D\xDD\x77\xE3\xFB\x49\x4B\xB4\xAC\x55\x07\xA9\x8F\x95\xB3\xB4\x23\xBB\x4C\x6D\x45\xF0\xF6\xA9\xB2\x95\x30\xB4\xFD\x4C\x55\x8C\x27\x4A\x57\x14\x7C\x82\x9D\xCD\x73\x92\xD3\x16\x4A\x06\x0C\x8C\x50\xD1\x8F\x1E\x09\xBE\x17\xA1\xE6\x21\xCA\xFD\x83\xE5\x10\xBC\x83\xA5\x0A\xC4\x67\x28\xF6\x73\x14\x14\x3D\x46\x76\xC3\x87\x14\x89\x21\x34\x4D\xAF\x0F\x45\x0C\xA6\x49\xA1\xBA\xBB\x9C\xC5\xB1\x33\x83\x29\x85\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4E\x22\x54\x20\x18\x95\xE6\xE3\x6E\xE6\x0F\xFA\xFA\xB9\x12\xED\x06\x17\x8F\x39\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x60\x67\x28\x94\x6F\x0E\x48\x63\xEB\x31\xDD\xEA\x67\x18\xD5\x89\x7D\x3C\xC5\x8B\x4A\x7F\xE9\xBE\xDB\x2B\x17\xDF\xB0\x5F\x73\x77\x2A\x32\x13\x39\x81\x67\x42\x84\x23\xF2\x45\x67\x35\xEC\x88\xBF\xF8\x8F\xB0\x61\x0C\x34\xA4\xAE\x20\x4C\x84\xC6\xDB\xF8\x35\xE1\x76\xD9\xDF\xA6\x42\xBB\xC7\x44\x08\x86\x7F\x36\x74\x24\x5A\xDA\x6C\x0D\x14\x59\x35\xBD\xF2\x49\xDD\xB6\x1F\xC9\xB3\x0D\x47\x2A\x3D\x99\x2F\xBB\x5C\xBB\xB5\xD4\x20\xE1\x99\x5F\x53\x46\x15\xDB\x68\x9B\xF0\xF3\x30\xD5\x3E\x31\xE2\x8D\x84\x9E\xE3\x8A\xDA\xDA\x96\x3E\x35\x13\xA5\x5F\xF0\xF9\x70\x50\x70\x47\x41\x11\x57\x19\x4E\xC0\x8F\xAE\x06\xC4\x95\x13\x17\x2F\x1B\x25\x9F\x75\xF2\xB1\x8E\x99\xA1\x6F\x13\xB1\x41\x71\xFE\x88\x2A\xC8\x4F\x10\x20\x55\xD7\xF3\x14\x45\xE5\xE0\x44\xF4\xEA\x87\x95\x32\x93\x0E\xFE\x53\x46\xFA\x2C\x9D\xFF\x8B\x22\xB9\x4B\xD9\x09\x45\xA4\xDE\xA4\xB8\x9A\x58\xDD\x1B\x7D\x52\x9F\x8E\x59\x43\x88\x81\xA4\x9E\x26\xD5\x6F\xAD\xDD\x0D\xC6\x37\x7D\xED\x03\x92\x1B\xE5\x77\x5F\x76\xEE\x3C\x8D\xC4\x5D\x56\x5B\xA2\xD9\x66\x6E\xB3\x35\x37\xE5\x32\xB6",
+	["CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US"] = "\x30\x82\x02\x3F\x30\x82\x01\xC5\xA0\x03\x02\x01\x02\x02\x10\x05\x55\x56\xBC\xF2\x5E\xA4\x35\x35\xC3\xA4\x0F\xD5\xAB\x45\x72\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x30\x61\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x44\x69\x67\x69\x43\x65\x72\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x20\x47\x33\x30\x1E\x17\x0D\x31\x33\x30\x38\x30\x31\x31\x32\x30\x30\x30\x30\x5A\x17\x0D\x33\x38\x30\x31\x31\x35\x31\x32\x30\x30\x30\x30\x5A\x30\x61\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x44\x69\x67\x69\x43\x65\x72\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x20\x47\x33\x30\x76\x30\x10\x06\x07\x2A\x86\x48\xCE\x3D\x02\x01\x06\x05\x2B\x81\x04\x00\x22\x03\x62\x00\x04\xDD\xA7\xD9\xBB\x8A\xB8\x0B\xFB\x0B\x7F\x21\xD2\xF0\xBE\xBE\x73\xF3\x33\x5D\x1A\xBC\x34\xEA\xDE\xC6\x9B\xBC\xD0\x95\xF6\xF0\xCC\xD0\x0B\xBA\x61\x5B\x51\x46\x7E\x9E\x2D\x9F\xEE\x8E\x63\x0C\x17\xEC\x07\x70\xF5\xCF\x84\x2E\x40\x83\x9C\xE8\x3F\x41\x6D\x3B\xAD\xD3\xA4\x14\x59\x36\x78\x9D\x03\x43\xEE\x10\x13\x6C\x72\xDE\xAE\x88\xA7\xA1\x6B\xB5\x43\xCE\x67\xDC\x23\xFF\x03\x1C\xA3\xE2\x3E\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xB3\xDB\x48\xA4\xF9\xA1\xC5\xD8\xAE\x36\x41\xCC\x11\x63\x69\x62\x29\xBC\x4B\xC6\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x03\x68\x00\x30\x65\x02\x31\x00\xAD\xBC\xF2\x6C\x3F\x12\x4A\xD1\x2D\x39\xC3\x0A\x09\x97\x73\xF4\x88\x36\x8C\x88\x27\xBB\xE6\x88\x8D\x50\x85\xA7\x63\xF9\x9E\x32\xDE\x66\x93\x0F\xF1\xCC\xB1\x09\x8F\xDD\x6C\xAB\xFA\x6B\x7F\xA0\x02\x30\x39\x66\x5B\xC2\x64\x8D\xB8\x9E\x50\xDC\xA8\xD5\x49\xA2\xED\xC7\xDC\xD1\x49\x7F\x17\x01\xB8\xC8\x86\x8F\x4E\x8C\x88\x2B\xA8\x9A\xA9\x8A\xC5\xD1\x00\xBD\xF8\x54\xE2\x9A\xE5\x5B\x7C\xB3\x27\x17",
+	["CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US"] = "\x30\x82\x05\x90\x30\x82\x03\x78\xA0\x03\x02\x01\x02\x02\x10\x05\x9B\x1B\x57\x9E\x8E\x21\x32\xE2\x39\x07\xBD\xA7\x77\x75\x5C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C\x05\x00\x30\x62\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x44\x69\x67\x69\x43\x65\x72\x74\x20\x54\x72\x75\x73\x74\x65\x64\x20\x52\x6F\x6F\x74\x20\x47\x34\x30\x1E\x17\x0D\x31\x33\x30\x38\x30\x31\x31\x32\x30\x30\x30\x30\x5A\x17\x0D\x33\x38\x30\x31\x31\x35\x31\x32\x30\x30\x30\x30\x5A\x30\x62\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x44\x69\x67\x69\x43\x65\x72\x74\x20\x54\x72\x75\x73\x74\x65\x64\x20\x52\x6F\x6F\x74\x20\x47\x34\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xBF\xE6\x90\x73\x68\xDE\xBB\xE4\x5D\x4A\x3C\x30\x22\x30\x69\x33\xEC\xC2\xA7\x25\x2E\xC9\x21\x3D\xF2\x8A\xD8\x59\xC2\xE1\x29\xA7\x3D\x58\xAB\x76\x9A\xCD\xAE\x7B\x1B\x84\x0D\xC4\x30\x1F\xF3\x1B\xA4\x38\x16\xEB\x56\xC6\x97\x6D\x1D\xAB\xB2\x79\xF2\xCA\x11\xD2\xE4\x5F\xD6\x05\x3C\x52\x0F\x52\x1F\xC6\x9E\x15\xA5\x7E\xBE\x9F\xA9\x57\x16\x59\x55\x72\xAF\x68\x93\x70\xC2\xB2\xBA\x75\x99\x6A\x73\x32\x94\xD1\x10\x44\x10\x2E\xDF\x82\xF3\x07\x84\xE6\x74\x3B\x6D\x71\xE2\x2D\x0C\x1B\xEE\x20\xD5\xC9\x20\x1D\x63\x29\x2D\xCE\xEC\x5E\x4E\xC8\x93\xF8\x21\x61\x9B\x34\xEB\x05\xC6\x5E\xEC\x5B\x1A\xBC\xEB\xC9\xCF\xCD\xAC\x34\x40\x5F\xB1\x7A\x66\xEE\x77\xC8\x48\xA8\x66\x57\x57\x9F\x54\x58\x8E\x0C\x2B\xB7\x4F\xA7\x30\xD9\x56\xEE\xCA\x7B\x5D\xE3\xAD\xC9\x4F\x5E\xE5\x35\xE7\x31\xCB\xDA\x93\x5E\xDC\x8E\x8F\x80\xDA\xB6\x91\x98\x40\x90\x79\xC3\x78\xC7\xB6\xB1\xC4\xB5\x6A\x18\x38\x03\x10\x8D\xD8\xD4\x37\xA4\x2E\x05\x7D\x88\xF5\x82\x3E\x10\x91\x70\xAB\x55\x82\x41\x32\xD7\xDB\x04\x73\x2A\x6E\x91\x01\x7C\x21\x4C\xD4\xBC\xAE\x1B\x03\x75\x5D\x78\x66\xD9\x3A\x31\x44\x9A\x33\x40\xBF\x08\xD7\x5A\x49\xA4\xC2\xE6\xA9\xA0\x67\xDD\xA4\x27\xBC\xA1\x4F\x39\xB5\x11\x58\x17\xF7\x24\x5C\x46\x8F\x64\xF7\xC1\x69\x88\x76\x98\x76\x3D\x59\x5D\x42\x76\x87\x89\x97\x69\x7A\x48\xF0\xE0\xA2\x12\x1B\x66\x9A\x74\xCA\xDE\x4B\x1E\xE7\x0E\x63\xAE\xE6\xD4\xEF\x92\x92\x3A\x9E\x3D\xDC\x00\xE4\x45\x25\x89\xB6\x9A\x44\x19\x2B\x7E\xC0\x94\xB4\xD2\x61\x6D\xEB\x33\xD9\xC5\xDF\x4B\x04\x00\xCC\x7D\x1C\x95\xC3\x8F\xF7\x21\xB2\xB2\x11\xB7\xBB\x7F\xF2\xD5\x8C\x70\x2C\x41\x60\xAA\xB1\x63\x18\x44\x95\x1A\x76\x62\x7E\xF6\x80\xB0\xFB\xE8\x64\xA6\x33\xD1\x89\x07\xE1\xBD\xB7\xE6\x43\xA4\x18\xB8\xA6\x77\x01\xE1\x0F\x94\x0C\x21\x1D\xB2\x54\x29\x25\x89\x6C\xE5\x0E\x52\x51\x47\x74\xBE\x26\xAC\xB6\x41\x75\xDE\x7A\xAC\x5F\x8D\x3F\xC9\xBC\xD3\x41\x11\x12\x5B\xE5\x10\x50\xEB\x31\xC5\xCA\x72\x16\x22\x09\xDF\x7C\x4C\x75\x3F\x63\xEC\x21\x5F\xC4\x20\x51\x6B\x6F\xB1\xAB\x86\x8B\x4F\xC2\xD6\x45\x5F\x9D\x20\xFC\xA1\x1E\xC5\xC0\x8F\xA2\xB1\x7E\x0A\x26\x99\xF5\xE4\x69\x2F\x98\x1D\x2D\xF5\xD9\xA9\xB2\x1D\xE5\x1B\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xEC\xD7\xE3\x82\xD2\x71\x5D\x64\x4C\xDF\x2E\x67\x3F\xE7\xBA\x98\xAE\x1C\x0F\x4F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C\x05\x00\x03\x82\x02\x01\x00\xBB\x61\xD9\x7D\xA9\x6C\xBE\x17\xC4\x91\x1B\xC3\xA1\xA2\x00\x8D\xE3\x64\x68\x0F\x56\xCF\x77\xAE\x70\xF9\xFD\x9A\x4A\x99\xB9\xC9\x78\x5C\x0C\x0C\x5F\xE4\xE6\x14\x29\x56\x0B\x36\x49\x5D\x44\x63\xE0\xAD\x9C\x96\x18\x66\x1B\x23\x0D\x3D\x79\xE9\x6D\x6B\xD6\x54\xF8\xD2\x3C\xC1\x43\x40\xAE\x1D\x50\xF5\x52\xFC\x90\x3B\xBB\x98\x99\x69\x6B\xC7\xC1\xA7\xA8\x68\xA4\x27\xDC\x9D\xF9\x27\xAE\x30\x85\xB9\xF6\x67\x4D\x3A\x3E\x8F\x59\x39\x22\x53\x44\xEB\xC8\x5D\x03\xCA\xED\x50\x7A\x7D\x62\x21\x0A\x80\xC8\x73\x66\xD1\xA0\x05\x60\x5F\xE8\xA5\xB4\xA7\xAF\xA8\xF7\x6D\x35\x9C\x7C\x5A\x8A\xD6\xA2\x38\x99\xF3\x78\x8B\xF4\x4D\xD2\x20\x0B\xDE\x04\xEE\x8C\x9B\x47\x81\x72\x0D\xC0\x14\x32\xEF\x30\x59\x2E\xAE\xE0\x71\xF2\x56\xE4\x6A\x97\x6F\x92\x50\x6D\x96\x8D\x68\x7A\x9A\xB2\x36\x14\x7A\x06\xF2\x24\xB9\x09\x11\x50\xD7\x08\xB1\xB8\x89\x7A\x84\x23\x61\x42\x29\xE5\xA3\xCD\xA2\x20\x41\xD7\xD1\x9C\x64\xD9\xEA\x26\xA1\x8B\x14\xD7\x4C\x19\xB2\x50\x41\x71\x3D\x3F\x4D\x70\x23\x86\x0C\x4A\xDC\x81\xD2\xCC\x32\x94\x84\x0D\x08\x09\x97\x1C\x4F\xC0\xEE\x6B\x20\x74\x30\xD2\xE0\x39\x34\x10\x85\x21\x15\x01\x08\xE8\x55\x32\xDE\x71\x49\xD9\x28\x17\x50\x4D\xE6\xBE\x4D\xD1\x75\xAC\xD0\xCA\xFB\x41\xB8\x43\xA5\xAA\xD3\xC3\x05\x44\x4F\x2C\x36\x9B\xE2\xFA\xE2\x45\xB8\x23\x53\x6C\x06\x6F\x67\x55\x7F\x46\xB5\x4C\x3F\x6E\x28\x5A\x79\x26\xD2\xA4\xA8\x62\x97\xD2\x1E\xE2\xED\x4A\x8B\xBC\x1B\xFD\x47\x4A\x0D\xDF\x67\x66\x7E\xB2\x5B\x41\xD0\x3B\xE4\xF4\x3B\xF4\x04\x63\xE9\xEF\xC2\x54\x00\x51\xA0\x8A\x2A\xC9\xCE\x78\xCC\xD5\xEA\x87\x04\x18\xB3\xCE\xAF\x49\x88\xAF\xF3\x92\x99\xB6\xB3\xE6\x61\x0F\xD2\x85\x00\xE7\x50\x1A\xE4\x1B\x95\x9D\x19\xA1\xB9\x9C\xB1\x9B\xB1\x00\x1E\xEF\xD0\x0F\x4F\x42\x6C\xC9\x0A\xBC\xEE\x43\xFA\x3A\x71\xA5\xC8\x4D\x26\xA5\x35\xFD\x89\x5D\xBC\x85\x62\x1D\x32\xD2\xA0\x2B\x54\xED\x9A\x57\xC1\xDB\xFA\x10\xCF\x19\xB7\x8B\x4A\x1B\x8F\x01\xB6\x27\x95\x53\xE8\xB6\x89\x6D\x5B\xBC\x68\xD4\x23\xE8\x8B\x51\xA2\x56\xF9\xF0\xA6\x80\xA0\xD6\x1E\xB3\xBC\x0F\x0F\x53\x75\x29\xAA\xEA\x13\x77\xE4\xDE\x8C\x81\x21\xAD\x07\x10\x47\x11\xAD\x87\x3D\x07\xD1\x75\xBC\xCF\xF3\x66\x7E",
+	["CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN"] = "\x30\x82\x05\x76\x30\x82\x03\x5E\xA0\x03\x02\x01\x02\x02\x10\x5E\x68\xD6\x11\x71\x94\x63\x50\x56\x00\x68\xF3\x3E\xC9\xC5\x91\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x13\x11\x57\x6F\x53\x69\x67\x6E\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x13\x21\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x6F\x66\x20\x57\x6F\x53\x69\x67\x6E\x30\x1E\x17\x0D\x30\x39\x30\x38\x30\x38\x30\x31\x30\x30\x30\x31\x5A\x17\x0D\x33\x39\x30\x38\x30\x38\x30\x31\x30\x30\x30\x31\x5A\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x13\x11\x57\x6F\x53\x69\x67\x6E\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x13\x21\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x6F\x66\x20\x57\x6F\x53\x69\x67\x6E\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xBD\xCA\x8D\xAC\xB8\x91\x15\x56\x97\x7B\x6B\x5C\x7A\xC2\xDE\x6B\xD9\xA1\xB0\xC3\x10\x23\xFA\xA7\xA1\xB2\xCC\x31\xFA\x3E\xD9\xA6\x29\x6F\x16\x3D\xE0\x6B\xF8\xB8\x40\x5F\xDB\x39\xA8\x00\x7A\x8B\xA0\x4D\x54\x7D\xC2\x22\x78\xFC\x8E\x09\xB8\xA8\x85\xD7\xCC\x95\x97\x4B\x74\xD8\x9E\x7E\xF0\x00\xE4\x0E\x89\xAE\x49\x28\x44\x1A\x10\x99\x32\x0F\x25\x88\x53\xA4\x0D\xB3\x0F\x12\x08\x16\x0B\x03\x71\x27\x1C\x7F\xE1\xDB\xD2\xFD\x67\x68\xC4\x05\x5D\x0A\x0E\x5D\x70\xD7\xD8\x97\xA0\xBC\x53\x41\x9A\x91\x8D\xF4\x9E\x36\x66\x7A\x7E\x56\xC1\x90\x5F\xE6\xB1\x68\x20\x36\xA4\x8C\x24\x2C\x2C\x47\x0B\x59\x76\x66\x30\xB5\xBE\xDE\xED\x8F\xF8\x9D\xD3\xBB\x01\x30\xE6\xF2\xF3\x0E\xE0\x2C\x92\x80\xF3\x85\xF9\x28\x8A\xB4\x54\x2E\x9A\xED\xF7\x76\xFC\x15\x68\x16\xEB\x4A\x6C\xEB\x2E\x12\x8F\xD4\xCF\xFE\x0C\xC7\x5C\x1D\x0B\x7E\x05\x32\xBE\x5E\xB0\x09\x2A\x42\xD5\xC9\x4E\x90\xB3\x59\x0D\xBB\x7A\x7E\xCD\xD5\x08\x5A\xB4\x7F\xD8\x1C\x69\x11\xF9\x27\x0F\x7B\x06\xAF\x54\x83\x18\x7B\xE1\xDD\x54\x7A\x51\x68\x6E\x77\xFC\xC6\xBF\x52\x4A\x66\x46\xA1\xB2\x67\x1A\xBB\xA3\x4F\x77\xA0\xBE\x5D\xFF\xFC\x56\x0B\x43\x72\x77\x90\xCA\x9E\xF9\xF2\x39\xF5\x0D\xA9\xF4\xEA\xD7\xE7\xB3\x10\x2F\x30\x42\x37\x21\xCC\x30\x70\xC9\x86\x98\x0F\xCC\x58\x4D\x83\xBB\x7D\xE5\x1A\xA5\x37\x8D\xB6\xAC\x32\x97\x00\x3A\x63\x71\x24\x1E\x9E\x37\xC4\xFF\x74\xD4\x37\xC0\xE2\xFE\x88\x46\x60\x11\xDD\x08\x3F\x50\x36\xAB\xB8\x7A\xA4\x95\x62\x6A\x6E\xB0\xCA\x6A\x21\x5A\x69\xF3\xF3\xFB\x1D\x70\x39\x95\xF3\xA7\x6E\xA6\x81\x89\xA1\x88\xC5\x3B\x71\xCA\xA3\x52\xEE\x83\xBB\xFD\xA0\x77\xF4\xE4\x6F\xE7\x42\xDB\x6D\x4A\x99\x8A\x34\x48\xBC\x17\xDC\xE4\x80\x08\x22\xB6\xF2\x31\xC0\x3F\x04\x3E\xEB\x9F\x20\x79\xD6\xB8\x06\x64\x64\x02\x31\xD7\xA9\xCD\x52\xFB\x84\x45\x69\x09\x00\x2A\xDC\x55\x8B\xC4\x06\x46\x4B\xC0\x4A\x1D\x09\x5B\x39\x28\xFD\xA9\xAB\xCE\x00\xF9\x2E\x48\x4B\x26\xE6\x30\x4C\xA5\x58\xCA\xB4\x44\x82\x4F\xE7\x91\x1E\x33\xC3\xB0\x93\xFF\x11\xFC\x81\xD2\xCA\x1F\x71\x29\xDD\x76\x4F\x92\x25\xAF\x1D\x81\xB7\x0F\x2F\x8C\xC3\x06\xCC\x2F\x27\xA3\x4A\xE4\x0E\x99\xBA\x7C\x1E\x45\x1F\x7F\xAA\x19\x45\x96\xFD\xFC\x3D\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE1\x66\xCF\x0E\xD1\xF1\xB3\x4B\xB7\x06\x20\x14\xFE\x87\x12\xD5\xF6\xFE\xFB\x3E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\xA8\xCB\x72\x40\xB2\x76\xC1\x7E\x7B\xFC\xAD\x64\xE3\x32\x7B\xCC\x3C\xB6\x5D\x46\xD3\xF5\x2C\xE2\x70\x5D\xC8\x2E\xD8\x06\x7D\x98\xD1\x0B\x21\xA0\x89\x59\x24\x01\x9D\xF9\xAF\x09\x7D\x0A\x23\x82\x34\xD5\xFC\x7C\x72\x99\xB9\xA3\xD7\x54\xF4\xEA\x52\x70\x0E\xC5\xF5\xD6\x3B\xE1\x3A\x09\x32\xE6\x21\x39\x93\xBD\xB3\x15\xEA\x4F\x6A\xF4\xF5\x8B\x3F\x2F\x7C\x8D\x58\x2E\xC5\xE1\x39\xA0\x3E\xC7\x3D\x4A\x73\x9E\x40\x7A\xC0\x2B\x61\xA9\x67\xC9\xF3\x24\xB9\xB3\x6D\x55\x2C\x5A\x1D\x9E\x25\x72\xCE\x0B\xAD\xAA\xC7\x55\x62\x0B\xBE\xFB\x63\xB3\x61\x44\x23\xA3\xCB\xE1\x1A\x0E\xF7\x9A\x06\x4D\xDE\xD4\x23\x4E\x21\x96\x5B\x39\x5B\x57\x1D\x2F\x5D\x08\x5E\x09\x79\xFF\x7C\x97\xB5\x4D\x83\xAE\x0D\xD6\xE6\xA3\x79\xE0\x33\xD0\x99\x96\x02\x30\xA7\x3E\xFF\xD2\xA3\x43\x3F\x05\x5A\x06\xEA\x44\x02\xDA\x7C\xF8\x48\xD0\x33\xA9\xF9\x07\xC7\x95\xE1\xF5\x3E\xF5\x5D\x71\xBA\xF2\x95\xA9\x74\x88\x61\x59\xE3\xBF\xCA\x5A\x13\xBA\x72\xB4\x8C\x5D\x36\x87\xE9\xA6\xC5\x3C\x13\xBF\xDE\xD0\x44\x26\xEE\xB7\xEC\x2E\x70\xFA\xD7\x9D\xB7\xAC\xE5\xC5\x40\x5A\xE6\xD7\x6C\x7B\x2C\xC3\x56\x9B\x47\xCD\x0B\xCE\xFA\x1B\xB4\x21\xD7\xB7\x66\xB8\xF4\x25\x30\x8B\x5C\x0D\xB9\xEA\x67\xB2\xF4\x6D\xAE\xD5\xA1\x9E\x4F\xD8\x9F\xE9\x27\x02\xB0\x1D\x06\xD6\x8F\xE3\xFB\x48\x12\x9F\x7F\x11\xA1\x10\x3E\x4C\x51\x3A\x96\xB0\xD1\x13\xF1\xC7\xD8\x26\xAE\x3A\xCA\x91\xC4\x69\x9D\xDF\x01\x29\x64\x51\x6F\x68\xDA\x14\xEC\x08\x41\x97\x90\x8D\xD0\xB2\x80\xF2\xCF\xC2\x3D\xBF\x91\x68\xC5\x80\x67\x1E\xC4\x60\x13\x55\xD5\x61\x99\x57\x7C\xBA\x95\x0F\x61\x49\x3A\xCA\x75\xBC\xC9\x0A\x93\x3F\x67\x0E\x12\xF2\x28\xE2\x31\x1B\xC0\x57\x16\xDF\x08\x7C\x19\xC1\x7E\x0F\x1F\x85\x1E\x0A\x36\x7C\x5B\x7E\x27\xBC\x7A\xBF\xE0\xDB\xF4\xDA\x52\xBD\xDE\x0C\x54\x70\x31\x91\x43\x95\xC8\xBC\xF0\x3E\xDD\x09\x7E\x30\x64\x50\xED\x7F\x01\xA4\x33\x67\x4D\x68\x4F\xBE\x15\xEF\xB0\xF6\x02\x11\xA2\x1B\x13\x25\x3A\xDC\xC2\x59\xF1\xE3\x5C\x46\xBB\x67\x2C\x02\x46\xEA\x1E\x48\xA6\xE6\x5B\xD9\xB5\xBC\x51\xA2\x92\x96\xDB\xAA\xC6\x37\x22\xA6\xFE\xCC\x20\x74\xA3\x2D\xA9\x2E\x6B\xCB\xC0\x82\x11\x21\xB5\x93\x79\xEE\x44\x86\xBE\xD7\x1E\xE4\x1E\xFB",
+	["CN=CA \E6\B2\83\E9\80\9A\E6\A0\B9\E8\AF\81\E4\B9\A6,O=WoSign CA Limited,C=CN"] = "\x30\x82\x05\x58\x30\x82\x03\x40\xA0\x03\x02\x01\x02\x02\x10\x50\x70\x6B\xCD\xD8\x13\xFC\x1B\x4E\x3B\x33\x72\xD2\x11\x48\x8D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x46\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x13\x11\x57\x6F\x53\x69\x67\x6E\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x0C\x12\x43\x41\x20\xE6\xB2\x83\xE9\x80\x9A\xE6\xA0\xB9\xE8\xAF\x81\xE4\xB9\xA6\x30\x1E\x17\x0D\x30\x39\x30\x38\x30\x38\x30\x31\x30\x30\x30\x31\x5A\x17\x0D\x33\x39\x30\x38\x30\x38\x30\x31\x30\x30\x30\x31\x5A\x30\x46\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x13\x11\x57\x6F\x53\x69\x67\x6E\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x0C\x12\x43\x41\x20\xE6\xB2\x83\xE9\x80\x9A\xE6\xA0\xB9\xE8\xAF\x81\xE4\xB9\xA6\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xD0\x49\x21\x1E\x25\xFC\x87\xC1\x2A\xC2\xAC\xDB\x76\x86\x06\x4E\xE7\xD0\x74\x34\xDC\xED\x65\x35\xFC\x50\xD6\x88\x3F\xA4\xF0\x7F\xEB\x0F\x5F\x79\x2F\x89\xB1\xFD\xBC\x63\x58\x37\x93\x9B\x38\xF8\xB7\x5B\xA9\xFA\xD8\x71\xC7\xB4\xBC\x80\x97\x8D\x6C\x4B\xF1\x50\xD5\x2A\x29\xAA\xA8\x19\x7A\x96\xE6\x95\x8E\x74\xED\x97\x0A\x57\x75\xF4\x05\xDB\x6D\x0B\x39\xB9\x01\x7F\xAA\xF6\xD6\xDA\x6C\xE6\x05\xE0\xA4\x4D\x52\xFC\xDB\xD0\x74\xB7\x11\x8C\x7B\x8D\x4F\xFF\x87\x83\xAE\xFF\x05\x03\x13\x57\x50\x37\xFE\x8C\x96\x52\x10\x4C\x5F\xBF\x94\x71\x69\xD9\x96\x3E\x0C\x43\x4F\xBE\x30\xC0\x9F\x39\x74\x4F\x06\x45\x5D\xA3\xD6\x56\x39\x68\x07\xCC\x87\x4F\x50\x77\x93\x71\xD9\x44\x08\xB1\x8A\x34\xE9\x89\xAC\xDB\x9B\x4E\xE1\xD9\xE4\x52\x45\x8C\x2E\x14\x1F\x91\x6B\x19\x1D\x68\x29\x2C\x56\xC4\xE2\x1E\x13\x57\x64\xF0\x61\xE3\xB9\x11\xDF\xB0\xE1\x57\xA0\x1B\xAD\xD7\x5F\xD1\xAF\xDB\x2B\x2D\x3F\xD0\x68\x8E\x0F\xEA\x9F\x0F\x8B\x35\x58\x1B\x13\x1C\xF4\xDE\x35\xA1\x0A\x5D\xD6\xEA\xDF\x12\x6F\xC0\xFB\x69\x07\x46\x72\xDC\x81\xF6\x04\x23\x17\xE0\x4D\x75\xE1\x72\x6F\xB0\x28\xEB\x9B\xE1\xE1\x83\xA1\x9F\x4A\x5D\xAF\xCC\x9B\xFA\x02\x20\xB6\x18\x62\x77\x91\x3B\xA3\xD5\x65\xAD\xDC\x7C\x90\x77\x1C\x44\x41\xA4\x4A\x8B\xEB\x95\x72\xE9\xF6\x09\x64\xDC\xA8\x2D\x9F\x74\x78\xE8\xC1\xA2\x09\x63\x9C\xEF\xA0\xDB\x4F\x9D\x95\xAB\x20\x4F\xB7\xB0\xF7\x87\x5C\xA6\xA0\xE4\x37\x38\xC7\x5C\xE3\x35\x0F\x2C\xAD\xA3\x80\xA2\xEC\x2E\x5D\xC0\xCF\xED\x8B\x05\xC2\xE6\x73\x6E\xF6\x89\xD5\xF5\xD2\x46\x8E\xEA\x6D\x63\x1B\x1E\x8A\xC9\x7D\xA6\xF8\x9C\xEB\xE5\xD5\x63\x85\x4D\x73\x66\x69\x11\xFE\xC8\x0E\xF4\xC1\xC7\x66\x49\x53\x7E\xE4\x19\x6B\xF1\xE9\x7A\x59\xA3\x6D\x7E\xC5\x17\xE6\x27\xC6\xEF\x1B\xDB\x6F\xFC\x0D\x4D\x06\x01\xB4\x0E\x5C\x30\x46\x55\x60\xAF\x38\x65\x3A\xCA\x47\xBA\xAC\x2C\xCC\x46\x1F\xB2\x46\x96\x3F\xF3\xED\x26\x05\xEE\x77\xA1\x6A\x6B\x7E\x2D\x6D\x58\x5C\x4A\xD4\x8E\x67\xB8\xF1\xDA\xD5\x46\x8A\x27\xF9\x11\xF2\xC9\x42\xFE\x4E\xDE\xDF\x1F\x5C\xC4\xA4\x86\x87\x16\x33\xA1\xA7\x17\x18\xA5\x0D\xE4\x05\xE5\x2B\xC2\x2B\x0B\xA2\x95\x90\xB9\xFD\x60\x3C\x4E\x89\x3E\xE7\x9C\xEE\x1F\xBB\x01\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE0\x4D\xBF\xDC\x9B\x41\x5D\x13\xE8\x64\xF0\xA7\xE9\x15\xA4\xE1\x81\xC1\xBA\x31\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x6A\x8A\x70\x38\x59\xB6\xDA\x8B\x18\xC8\xBE\x2A\xD3\xB6\x19\xD5\x66\x29\x7A\x5D\xCD\x5B\x2F\x73\x1C\x26\x4E\xA3\x7D\x6F\xAB\xB7\x29\x4D\xA6\xE9\xA5\x11\x83\xA7\x39\x73\xAF\x10\x44\x92\xE6\x25\x5D\x4F\x61\xFA\xC8\x06\xBE\x4E\x4B\xEF\xFE\xF3\x31\xFE\xC6\x7C\x70\x0A\x41\x58\xDA\xE8\x99\x4B\x96\xC9\x78\xBC\x98\x7C\x02\x29\xED\x09\x80\xE6\x0A\x3A\x82\x02\x2A\xE2\xC9\x2F\xC8\x56\x19\x26\xEE\x78\x1C\x23\xFD\xF7\x93\x65\x4E\xE7\xF3\x98\x98\xAF\xCD\xDD\xD9\x9E\x40\x88\x31\x28\x3A\xAB\x2E\x0B\xB0\xAC\x0C\x24\xFA\x7A\x26\x98\xF3\x12\x61\x10\xF4\x5D\x17\xF7\x7E\xE2\x78\x97\x54\xE2\x8C\xE8\x29\xBA\x8C\x10\x32\xBD\xDD\x33\x6B\x38\x86\x7E\x39\x3D\x0E\x03\x72\xA7\x5D\x79\x8F\x45\x8A\x59\xAE\x5B\x21\x6E\x31\x46\xD5\x59\x8D\xCF\x15\x5F\xDD\x31\x25\xCF\xDB\x60\xD6\x81\x44\x72\x29\x02\x57\xF6\x96\xD4\xD6\xFF\xEA\x29\xDB\x39\xC5\xB8\x2C\x8A\x1A\x8D\xCE\xCB\xE7\x42\x31\x86\x05\x68\x0E\x9E\x14\xDD\x00\x90\xBA\x69\x45\x08\xDB\x6E\x90\x81\x86\xA7\x2A\x05\x3F\xE6\x84\x39\xF8\xB7\xF9\x57\x5F\x4C\xA4\x79\x5A\x10\x0C\x5E\xD5\x6B\xFF\x35\x5F\x05\x51\x1E\x6C\xA3\x75\xA9\xCF\x50\x83\xD3\x7C\xF4\x66\xF7\x82\x8D\x3D\x0C\x7D\xE8\xDF\x7B\xA8\x0E\x1B\x2C\x9C\xAE\x40\x70\x87\xDA\xED\xA7\x16\x82\x5A\xBE\x35\x6C\x20\x4E\x22\x61\xD9\xBC\x51\x7A\xCD\x7A\x61\xDC\x4B\x11\xF9\xFE\x67\x34\xCF\x2E\x04\x66\x61\x5C\x57\x97\x23\x8C\xF3\x86\x1B\x48\xDF\x2A\xAF\xA7\xC1\xFF\xD8\x8E\x3E\x03\xBB\xD8\x2A\xB0\xFA\x14\x25\xB2\x51\x6B\x86\x43\x85\x2E\x07\x23\x16\x80\x8D\x4C\xFB\xB4\x63\x3B\xCC\xC3\x74\xED\x1B\xA3\x1E\xFE\x35\x0F\x5F\x7C\x1D\x16\x86\xF5\x0E\xC3\x95\xF1\x2F\xAF\x5D\x25\x3B\x51\xE6\xD7\x76\x41\x38\xD1\x4B\x03\x39\x28\xA5\x1E\x91\x72\xD4\x7D\xAB\x97\x33\xC4\xD3\x3E\xE0\x69\xB6\x28\x79\xA0\x09\x8D\x1C\xD1\xFF\x41\x72\x48\x06\xFC\x9A\x2E\xE7\x20\xF9\x9B\xA2\xDE\x89\xED\xAE\x3C\x09\xAF\xCA\x57\xB3\x92\x89\x70\x40\xE4\x2F\x4F\xC2\x70\x83\x40\xD7\x24\x2C\x6B\xE7\x09\x1F\xD3\xD5\xC7\xC1\x08\xF4\xDB\x0E\x3B\x1C\x07\x0B\x43\x11\x84\x21\x86\xE9\x80\xD4\x75\xD8\xAB\xF1\x02\x62\xC1\xB1\x7E\x55\x61\xCF\x13\xD7\x26\xB0\xD7\x9C\xCB\x29\x8B\x38\x4A\x0B\x0E\x90\x8D\xBA\xA1",
+	["CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB"] = "\x30\x82\x05\xD8\x30\x82\x03\xC0\xA0\x03\x02\x01\x02\x02\x10\x4C\xAA\xF9\xCA\xDB\x63\x6F\xE0\x1F\xF7\x4E\xD8\x5B\x03\x86\x9D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C\x05\x00\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x13\x11\x43\x4F\x4D\x4F\x44\x4F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x2B\x30\x29\x06\x03\x55\x04\x03\x13\x22\x43\x4F\x4D\x4F\x44\x4F\x20\x52\x53\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x31\x30\x30\x31\x31\x39\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x13\x11\x43\x4F\x4D\x4F\x44\x4F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x2B\x30\x29\x06\x03\x55\x04\x03\x13\x22\x43\x4F\x4D\x4F\x44\x4F\x20\x52\x53\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\x91\xE8\x54\x92\xD2\x0A\x56\xB1\xAC\x0D\x24\xDD\xC5\xCF\x44\x67\x74\x99\x2B\x37\xA3\x7D\x23\x70\x00\x71\xBC\x53\xDF\xC4\xFA\x2A\x12\x8F\x4B\x7F\x10\x56\xBD\x9F\x70\x72\xB7\x61\x7F\xC9\x4B\x0F\x17\xA7\x3D\xE3\xB0\x04\x61\xEE\xFF\x11\x97\xC7\xF4\x86\x3E\x0A\xFA\x3E\x5C\xF9\x93\xE6\x34\x7A\xD9\x14\x6B\xE7\x9C\xB3\x85\xA0\x82\x7A\x76\xAF\x71\x90\xD7\xEC\xFD\x0D\xFA\x9C\x6C\xFA\xDF\xB0\x82\xF4\x14\x7E\xF9\xBE\xC4\xA6\x2F\x4F\x7F\x99\x7F\xB5\xFC\x67\x43\x72\xBD\x0C\x00\xD6\x89\xEB\x6B\x2C\xD3\xED\x8F\x98\x1C\x14\xAB\x7E\xE5\xE3\x6E\xFC\xD8\xA8\xE4\x92\x24\xDA\x43\x6B\x62\xB8\x55\xFD\xEA\xC1\xBC\x6C\xB6\x8B\xF3\x0E\x8D\x9A\xE4\x9B\x6C\x69\x99\xF8\x78\x48\x30\x45\xD5\xAD\xE1\x0D\x3C\x45\x60\xFC\x32\x96\x51\x27\xBC\x67\xC3\xCA\x2E\xB6\x6B\xEA\x46\xC7\xC7\x20\xA0\xB1\x1F\x65\xDE\x48\x08\xBA\xA4\x4E\xA9\xF2\x83\x46\x37\x84\xEB\xE8\xCC\x81\x48\x43\x67\x4E\x72\x2A\x9B\x5C\xBD\x4C\x1B\x28\x8A\x5C\x22\x7B\xB4\xAB\x98\xD9\xEE\xE0\x51\x83\xC3\x09\x46\x4E\x6D\x3E\x99\xFA\x95\x17\xDA\x7C\x33\x57\x41\x3C\x8D\x51\xED\x0B\xB6\x5C\xAF\x2C\x63\x1A\xDF\x57\xC8\x3F\xBC\xE9\x5D\xC4\x9B\xAF\x45\x99\xE2\xA3\x5A\x24\xB4\xBA\xA9\x56\x3D\xCF\x6F\xAA\xFF\x49\x58\xBE\xF0\xA8\xFF\xF4\xB8\xAD\xE9\x37\xFB\xBA\xB8\xF4\x0B\x3A\xF9\xE8\x43\x42\x1E\x89\xD8\x84\xCB\x13\xF1\xD9\xBB\xE1\x89\x60\xB8\x8C\x28\x56\xAC\x14\x1D\x9C\x0A\xE7\x71\xEB\xCF\x0E\xDD\x3D\xA9\x96\xA1\x48\xBD\x3C\xF7\xAF\xB5\x0D\x22\x4C\xC0\x11\x81\xEC\x56\x3B\xF6\xD3\xA2\xE2\x5B\xB7\xB2\x04\x22\x52\x95\x80\x93\x69\xE8\x8E\x4C\x65\xF1\x91\x03\x2D\x70\x74\x02\xEA\x8B\x67\x15\x29\x69\x52\x02\xBB\xD7\xDF\x50\x6A\x55\x46\xBF\xA0\xA3\x28\x61\x7F\x70\xD0\xC3\xA2\xAA\x2C\x21\xAA\x47\xCE\x28\x9C\x06\x45\x76\xBF\x82\x18\x27\xB4\xD5\xAE\xB4\xCB\x50\xE6\x6B\xF4\x4C\x86\x71\x30\xE9\xA6\xDF\x16\x86\xE0\xD8\xFF\x40\xDD\xFB\xD0\x42\x88\x7F\xA3\x33\x3A\x2E\x5C\x1E\x41\x11\x81\x63\xCE\x18\x71\x6B\x2B\xEC\xA6\x8A\xB7\x31\x5C\x3A\x6A\x47\xE0\xC3\x79\x59\xD6\x20\x1A\xAF\xF2\x6A\x98\xAA\x72\xBC\x57\x4A\xD2\x4B\x9D\xBB\x10\xFC\xB0\x4C\x41\xE5\xED\x1D\x3D\x5E\x28\x9D\x9C\xCC\xBF\xB3\x51\xDA\xA7\x47\xE5\x84\x53\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xBB\xAF\x7E\x02\x3D\xFA\xA6\xF1\x3C\x84\x8E\xAD\xEE\x38\x98\xEC\xD9\x32\x32\xD4\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C\x05\x00\x03\x82\x02\x01\x00\x0A\xF1\xD5\x46\x84\xB7\xAE\x51\xBB\x6C\xB2\x4D\x41\x14\x00\x93\x4C\x9C\xCB\xE5\xC0\x54\xCF\xA0\x25\x8E\x02\xF9\xFD\xB0\xA2\x0D\xF5\x20\x98\x3C\x13\x2D\xAC\x56\xA2\xB0\xD6\x7E\x11\x92\xE9\x2E\xBA\x9E\x2E\x9A\x72\xB1\xBD\x19\x44\x6C\x61\x35\xA2\x9A\xB4\x16\x12\x69\x5A\x8C\xE1\xD7\x3E\xA4\x1A\xE8\x2F\x03\xF4\xAE\x61\x1D\x10\x1B\x2A\xA4\x8B\x7A\xC5\xFE\x05\xA6\xE1\xC0\xD6\xC8\xFE\x9E\xAE\x8F\x2B\xBA\x3D\x99\xF8\xD8\x73\x09\x58\x46\x6E\xA6\x9C\xF4\xD7\x27\xD3\x95\xDA\x37\x83\x72\x1C\xD3\x73\xE0\xA2\x47\x99\x03\x38\x5D\xD5\x49\x79\x00\x29\x1C\xC7\xEC\x9B\x20\x1C\x07\x24\x69\x57\x78\xB2\x39\xFC\x3A\x84\xA0\xB5\x9C\x7C\x8D\xBF\x2E\x93\x62\x27\xB7\x39\xDA\x17\x18\xAE\xBD\x3C\x09\x68\xFF\x84\x9B\x3C\xD5\xD6\x0B\x03\xE3\x57\x9E\x14\xF7\xD1\xEB\x4F\xC8\xBD\x87\x23\xB7\xB6\x49\x43\x79\x85\x5C\xBA\xEB\x92\x0B\xA1\xC6\xE8\x68\xA8\x4C\x16\xB1\x1A\x99\x0A\xE8\x53\x2C\x92\xBB\xA1\x09\x18\x75\x0C\x65\xA8\x7B\xCB\x23\xB7\x1A\xC2\x28\x85\xC3\x1B\xFF\xD0\x2B\x62\xEF\xA4\x7B\x09\x91\x98\x67\x8C\x14\x01\xCD\x68\x06\x6A\x63\x21\x75\x03\x80\x88\x8A\x6E\x81\xC6\x85\xF2\xA9\xA4\x2D\xE7\xF4\xA5\x24\x10\x47\x83\xCA\xCD\xF4\x8D\x79\x58\xB1\x06\x9B\xE7\x1A\x2A\xD9\x9D\x01\xD7\x94\x7D\xED\x03\x4A\xCA\xF0\xDB\xE8\xA9\x01\x3E\xF5\x56\x99\xC9\x1E\x8E\x49\x3D\xBB\xE5\x09\xB9\xE0\x4F\x49\x92\x3D\x16\x82\x40\xCC\xCC\x59\xC6\xE6\x3A\xED\x12\x2E\x69\x3C\x6C\x95\xB1\xFD\xAA\x1D\x7B\x7F\x86\xBE\x1E\x0E\x32\x46\xFB\xFB\x13\x8F\x75\x7F\x4C\x8B\x4B\x46\x63\xFE\x00\x34\x40\x70\xC1\xC3\xB9\xA1\xDD\xA6\x70\xE2\x04\xB3\x41\xBC\xE9\x80\x91\xEA\x64\x9C\x7A\xE1\x22\x03\xA9\x9C\x6E\x6F\x0E\x65\x4F\x6C\x87\x87\x5E\xF3\x6E\xA0\xF9\x75\xA5\x9B\x40\xE8\x53\xB2\x27\x9D\x4A\xB9\xC0\x77\x21\x8D\xFF\x87\xF2\xDE\xBC\x8C\xEF\x17\xDF\xB7\x49\x0B\xD1\xF2\x6E\x30\x0B\x1A\x0E\x4E\x76\xED\x11\xFC\xF5\xE9\x56\xB2\x7D\xBF\xC7\x6D\x0A\x93\x8C\xA5\xD0\xC0\xB6\x1D\xBE\x3A\x4E\x94\xA2\xD7\x6E\x6C\x0B\xC2\x8A\x7C\xFA\x20\xF3\xC4\xE4\xE5\xCD\x0D\xA8\xCB\x91\x92\xB1\x7C\x85\xEC\xB5\x14\x69\x66\x0E\x82\xE7\xCD\xCE\xC8\x2D\xA6\x51\x7F\x21\xC1\x35\x53\x85\x06\x4A\x5D\x9F\xAD\xBB\x1B\x5F\x74",
+	["CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US"] = "\x30\x82\x05\xDE\x30\x82\x03\xC6\xA0\x03\x02\x01\x02\x02\x10\x01\xFD\x6D\x30\xFC\xA3\xCA\x51\xA8\x1B\xBC\x64\x0E\x35\x03\x2D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C\x05\x00\x30\x81\x88\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x13\x30\x11\x06\x03\x55\x04\x08\x13\x0A\x4E\x65\x77\x20\x4A\x65\x72\x73\x65\x79\x31\x14\x30\x12\x06\x03\x55\x04\x07\x13\x0B\x4A\x65\x72\x73\x65\x79\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x2E\x30\x2C\x06\x03\x55\x04\x03\x13\x25\x55\x53\x45\x52\x54\x72\x75\x73\x74\x20\x52\x53\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x31\x30\x30\x32\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x88\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x13\x30\x11\x06\x03\x55\x04\x08\x13\x0A\x4E\x65\x77\x20\x4A\x65\x72\x73\x65\x79\x31\x14\x30\x12\x06\x03\x55\x04\x07\x13\x0B\x4A\x65\x72\x73\x65\x79\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x2E\x30\x2C\x06\x03\x55\x04\x03\x13\x25\x55\x53\x45\x52\x54\x72\x75\x73\x74\x20\x52\x53\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\x80\x12\x65\x17\x36\x0E\xC3\xDB\x08\xB3\xD0\xAC\x57\x0D\x76\xED\xCD\x27\xD3\x4C\xAD\x50\x83\x61\xE2\xAA\x20\x4D\x09\x2D\x64\x09\xDC\xCE\x89\x9F\xCC\x3D\xA9\xEC\xF6\xCF\xC1\xDC\xF1\xD3\xB1\xD6\x7B\x37\x28\x11\x2B\x47\xDA\x39\xC6\xBC\x3A\x19\xB4\x5F\xA6\xBD\x7D\x9D\xA3\x63\x42\xB6\x76\xF2\xA9\x3B\x2B\x91\xF8\xE2\x6F\xD0\xEC\x16\x20\x90\x09\x3E\xE2\xE8\x74\xC9\x18\xB4\x91\xD4\x62\x64\xDB\x7F\xA3\x06\xF1\x88\x18\x6A\x90\x22\x3C\xBC\xFE\x13\xF0\x87\x14\x7B\xF6\xE4\x1F\x8E\xD4\xE4\x51\xC6\x11\x67\x46\x08\x51\xCB\x86\x14\x54\x3F\xBC\x33\xFE\x7E\x6C\x9C\xFF\x16\x9D\x18\xBD\x51\x8E\x35\xA6\xA7\x66\xC8\x72\x67\xDB\x21\x66\xB1\xD4\x9B\x78\x03\xC0\x50\x3A\xE8\xCC\xF0\xDC\xBC\x9E\x4C\xFE\xAF\x05\x96\x35\x1F\x57\x5A\xB7\xFF\xCE\xF9\x3D\xB7\x2C\xB6\xF6\x54\xDD\xC8\xE7\x12\x3A\x4D\xAE\x4C\x8A\xB7\x5C\x9A\xB4\xB7\x20\x3D\xCA\x7F\x22\x34\xAE\x7E\x3B\x68\x66\x01\x44\xE7\x01\x4E\x46\x53\x9B\x33\x60\xF7\x94\xBE\x53\x37\x90\x73\x43\xF3\x32\xC3\x53\xEF\xDB\xAA\xFE\x74\x4E\x69\xC7\x6B\x8C\x60\x93\xDE\xC4\xC7\x0C\xDF\xE1\x32\xAE\xCC\x93\x3B\x51\x78\x95\x67\x8B\xEE\x3D\x56\xFE\x0C\xD0\x69\x0F\x1B\x0F\xF3\x25\x26\x6B\x33\x6D\xF7\x6E\x47\xFA\x73\x43\xE5\x7E\x0E\xA5\x66\xB1\x29\x7C\x32\x84\x63\x55\x89\xC4\x0D\xC1\x93\x54\x30\x19\x13\xAC\xD3\x7D\x37\xA7\xEB\x5D\x3A\x6C\x35\x5C\xDB\x41\xD7\x12\xDA\xA9\x49\x0B\xDF\xD8\x80\x8A\x09\x93\x62\x8E\xB5\x66\xCF\x25\x88\xCD\x84\xB8\xB1\x3F\xA4\x39\x0F\xD9\x02\x9E\xEB\x12\x4C\x95\x7C\xF3\x6B\x05\xA9\x5E\x16\x83\xCC\xB8\x67\xE2\xE8\x13\x9D\xCC\x5B\x82\xD3\x4C\xB3\xED\x5B\xFF\xDE\xE5\x73\xAC\x23\x3B\x2D\x00\xBF\x35\x55\x74\x09\x49\xD8\x49\x58\x1A\x7F\x92\x36\xE6\x51\x92\x0E\xF3\x26\x7D\x1C\x4D\x17\xBC\xC9\xEC\x43\x26\xD0\xBF\x41\x5F\x40\xA9\x44\x44\xF4\x99\xE7\x57\x87\x9E\x50\x1F\x57\x54\xA8\x3E\xFD\x74\x63\x2F\xB1\x50\x65\x09\xE6\x58\x42\x2E\x43\x1A\x4C\xB4\xF0\x25\x47\x59\xFA\x04\x1E\x93\xD4\x26\x46\x4A\x50\x81\xB2\xDE\xBE\x78\xB7\xFC\x67\x15\xE1\xC9\x57\x84\x1E\x0F\x63\xD6\xE9\x62\xBA\xD6\x5F\x55\x2E\xEA\x5C\xC6\x28\x08\x04\x25\x39\xB8\x0E\x2B\xA9\xF2\x4C\x97\x1C\x07\x3F\x0D\x52\xF5\xED\xEF\x2F\x82\x0F\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x53\x79\xBF\x5A\xAA\x2B\x4A\xCF\x54\x80\xE1\xD8\x9B\xC0\x9D\xF2\xB2\x03\x66\xCB\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C\x05\x00\x03\x82\x02\x01\x00\x5C\xD4\x7C\x0D\xCF\xF7\x01\x7D\x41\x99\x65\x0C\x73\xC5\x52\x9F\xCB\xF8\xCF\x99\x06\x7F\x1B\xDA\x43\x15\x9F\x9E\x02\x55\x57\x96\x14\xF1\x52\x3C\x27\x87\x94\x28\xED\x1F\x3A\x01\x37\xA2\x76\xFC\x53\x50\xC0\x84\x9B\xC6\x6B\x4E\xBA\x8C\x21\x4F\xA2\x8E\x55\x62\x91\xF3\x69\x15\xD8\xBC\x88\xE3\xC4\xAA\x0B\xFD\xEF\xA8\xE9\x4B\x55\x2A\x06\x20\x6D\x55\x78\x29\x19\xEE\x5F\x30\x5C\x4B\x24\x11\x55\xFF\x24\x9A\x6E\x5E\x2A\x2B\xEE\x0B\x4D\x9F\x7F\xF7\x01\x38\x94\x14\x95\x43\x07\x09\xFB\x60\xA9\xEE\x1C\xAB\x12\x8C\xA0\x9A\x5E\xA7\x98\x6A\x59\x6D\x8B\x3F\x08\xFB\xC8\xD1\x45\xAF\x18\x15\x64\x90\x12\x0F\x73\x28\x2E\xC5\xE2\x24\x4E\xFC\x58\xEC\xF0\xF4\x45\xFE\x22\xB3\xEB\x2F\x8E\xD2\xD9\x45\x61\x05\xC1\x97\x6F\xA8\x76\x72\x8F\x8B\x8C\x36\xAF\xBF\x0D\x05\xCE\x71\x8D\xE6\xA6\x6F\x1F\x6C\xA6\x71\x62\xC5\xD8\xD0\x83\x72\x0C\xF1\x67\x11\x89\x0C\x9C\x13\x4C\x72\x34\xDF\xBC\xD5\x71\xDF\xAA\x71\xDD\xE1\xB9\x6C\x8C\x3C\x12\x5D\x65\xDA\xBD\x57\x12\xB6\x43\x6B\xFF\xE5\xDE\x4D\x66\x11\x51\xCF\x99\xAE\xEC\x17\xB6\xE8\x71\x91\x8C\xDE\x49\xFE\xDD\x35\x71\xA2\x15\x27\x94\x1C\xCF\x61\xE3\x26\xBB\x6F\xA3\x67\x25\x21\x5D\xE6\xDD\x1D\x0B\x2E\x68\x1B\x3B\x82\xAF\xEC\x83\x67\x85\xD4\x98\x51\x74\xB1\xB9\x99\x80\x89\xFF\x7F\x78\x19\x5C\x79\x4A\x60\x2E\x92\x40\xAE\x4C\x37\x2A\x2C\xC9\xC7\x62\xC8\x0E\x5D\xF7\x36\x5B\xCA\xE0\x25\x25\x01\xB4\xDD\x1A\x07\x9C\x77\x00\x3F\xD0\xDC\xD5\xEC\x3D\xD4\xFA\xBB\x3F\xCC\x85\xD6\x6F\x7F\xA9\x2D\xDF\xB9\x02\xF7\xF5\x97\x9A\xB5\x35\xDA\xC3\x67\xB0\x87\x4A\xA9\x28\x9E\x23\x8E\xFF\x5C\x27\x6B\xE1\xB0\x4F\xF3\x07\xEE\x00\x2E\xD4\x59\x87\xCB\x52\x41\x95\xEA\xF4\x47\xD7\xEE\x64\x41\x55\x7C\x8D\x59\x02\x95\xDD\x62\x9D\xC2\xB9\xEE\x5A\x28\x74\x84\xA5\x9B\xB7\x90\xC7\x0C\x07\xDF\xF5\x89\x36\x74\x32\xD6\x28\xC1\xB0\xB0\x0B\xE0\x9C\x4C\xC3\x1C\xD6\xFC\xE3\x69\xB5\x47\x46\x81\x2F\xA2\x82\xAB\xD3\x63\x44\x70\xC4\x8D\xFF\x2D\x33\xBA\xAD\x8F\x7B\xB5\x70\x88\xAE\x3E\x19\xCF\x40\x28\xD8\xFC\xC8\x90\xBB\x5D\x99\x22\xF5\x52\xE6\x58\xC5\x1F\x88\x31\x43\xEE\x88\x1D\xD7\xC6\x8E\x3C\x43\x6A\x1D\xA7\x18\xDE\x7D\x3D\x16\xF1\x62\xF9\xCA\x90\xA8\xFD",
+	["CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US"] = "\x30\x82\x02\x8F\x30\x82\x02\x15\xA0\x03\x02\x01\x02\x02\x10\x5C\x8B\x99\xC5\x5A\x94\xC5\xD2\x71\x56\xDE\xCD\x89\x80\xCC\x26\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x30\x81\x88\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x13\x30\x11\x06\x03\x55\x04\x08\x13\x0A\x4E\x65\x77\x20\x4A\x65\x72\x73\x65\x79\x31\x14\x30\x12\x06\x03\x55\x04\x07\x13\x0B\x4A\x65\x72\x73\x65\x79\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x2E\x30\x2C\x06\x03\x55\x04\x03\x13\x25\x55\x53\x45\x52\x54\x72\x75\x73\x74\x20\x45\x43\x43\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x31\x30\x30\x32\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x88\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x13\x30\x11\x06\x03\x55\x04\x08\x13\x0A\x4E\x65\x77\x20\x4A\x65\x72\x73\x65\x79\x31\x14\x30\x12\x06\x03\x55\x04\x07\x13\x0B\x4A\x65\x72\x73\x65\x79\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x2E\x30\x2C\x06\x03\x55\x04\x03\x13\x25\x55\x53\x45\x52\x54\x72\x75\x73\x74\x20\x45\x43\x43\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x76\x30\x10\x06\x07\x2A\x86\x48\xCE\x3D\x02\x01\x06\x05\x2B\x81\x04\x00\x22\x03\x62\x00\x04\x1A\xAC\x54\x5A\xA9\xF9\x68\x23\xE7\x7A\xD5\x24\x6F\x53\xC6\x5A\xD8\x4B\xAB\xC6\xD5\xB6\xD1\xE6\x73\x71\xAE\xDD\x9C\xD6\x0C\x61\xFD\xDB\xA0\x89\x03\xB8\x05\x14\xEC\x57\xCE\xEE\x5D\x3F\xE2\x21\xB3\xCE\xF7\xD4\x8A\x79\xE0\xA3\x83\x7E\x2D\x97\xD0\x61\xC4\xF1\x99\xDC\x25\x91\x63\xAB\x7F\x30\xA3\xB4\x70\xE2\xC7\xA1\x33\x9C\xF3\xBF\x2E\x5C\x53\xB1\x5F\xB3\x7D\x32\x7F\x8A\x34\xE3\x79\x79\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x3A\xE1\x09\x86\xD4\xCF\x19\xC2\x96\x76\x74\x49\x76\xDC\xE0\x35\xC6\x63\x63\x9A\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x03\x68\x00\x30\x65\x02\x30\x36\x67\xA1\x16\x08\xDC\xE4\x97\x00\x41\x1D\x4E\xBE\xE1\x63\x01\xCF\x3B\xAA\x42\x11\x64\xA0\x9D\x94\x39\x02\x11\x79\x5C\x7B\x1D\xFA\x64\xB9\xEE\x16\x42\xB3\xBF\x8A\xC2\x09\xC4\xEC\xE4\xB1\x4D\x02\x31\x00\xE9\x2A\x61\x47\x8C\x52\x4A\x4B\x4E\x18\x70\xF6\xD6\x44\xD6\x6E\xF5\x83\xBA\x6D\x58\xBD\x24\xD9\x56\x48\xEA\xEF\xC4\xA2\x46\x81\x88\x6A\x3A\x46\xD1\xA9\x9B\x4D\xC9\x61\xDA\xD1\x5D\x57\x6A\x18",
+	["CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4"] = "\x30\x82\x01\xE1\x30\x82\x01\x87\xA0\x03\x02\x01\x02\x02\x11\x2A\x38\xA4\x1C\x96\x0A\x04\xDE\x42\xB2\x28\xA5\x0B\xE8\x34\x98\x02\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x02\x30\x50\x31\x24\x30\x22\x06\x03\x55\x04\x0B\x13\x1B\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x45\x43\x43\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x34\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x1E\x17\x0D\x31\x32\x31\x31\x31\x33\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x38\x30\x31\x31\x39\x30\x33\x31\x34\x30\x37\x5A\x30\x50\x31\x24\x30\x22\x06\x03\x55\x04\x0B\x13\x1B\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x45\x43\x43\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x34\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x59\x30\x13\x06\x07\x2A\x86\x48\xCE\x3D\x02\x01\x06\x08\x2A\x86\x48\xCE\x3D\x03\x01\x07\x03\x42\x00\x04\xB8\xC6\x79\xD3\x8F\x6C\x25\x0E\x9F\x2E\x39\x19\x1C\x03\xA4\xAE\x9A\xE5\x39\x07\x09\x16\xCA\x63\xB1\xB9\x86\xF8\x8A\x57\xC1\x57\xCE\x42\xFA\x73\xA1\xF7\x65\x42\xFF\x1E\xC1\x00\xB2\x6E\x73\x0E\xFF\xC7\x21\xE5\x18\xA4\xAA\xD9\x71\x3F\xA8\xD4\xB9\xCE\x8C\x1D\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x54\xB0\x7B\xAD\x45\xB8\xE2\x40\x7F\xFB\x0A\x6E\xFB\xBE\x33\xC9\x3C\xA3\x84\xD5\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x02\x03\x48\x00\x30\x45\x02\x21\x00\xDC\x92\xA1\xA0\x13\xA6\xCF\x03\xB0\xE6\xC4\x21\x97\x90\xFA\x14\x57\x2D\x03\xEC\xEE\x3C\xD3\x6E\xCA\xA8\x6C\x76\xBC\xA2\xDE\xBB\x02\x20\x27\xA8\x85\x27\x35\x9B\x56\xC6\xA3\xF2\x47\xD2\xB7\x6E\x1B\x02\x00\x17\xAA\x67\xA6\x15\x91\xDE\xFA\x94\xEC\x7B\x0B\xF8\x9F\x84",
+	["CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5"] = "\x30\x82\x02\x1E\x30\x82\x01\xA4\xA0\x03\x02\x01\x02\x02\x11\x60\x59\x49\xE0\x26\x2E\xBB\x55\xF9\x0A\x77\x8A\x71\xF9\x4A\xD8\x6C\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x30\x50\x31\x24\x30\x22\x06\x03\x55\x04\x0B\x13\x1B\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x45\x43\x43\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x35\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x1E\x17\x0D\x31\x32\x31\x31\x31\x33\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x38\x30\x31\x31\x39\x30\x33\x31\x34\x30\x37\x5A\x30\x50\x31\x24\x30\x22\x06\x03\x55\x04\x0B\x13\x1B\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x45\x43\x43\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x35\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x76\x30\x10\x06\x07\x2A\x86\x48\xCE\x3D\x02\x01\x06\x05\x2B\x81\x04\x00\x22\x03\x62\x00\x04\x47\x45\x0E\x96\xFB\x7D\x5D\xBF\xE9\x39\xD1\x21\xF8\x9F\x0B\xB6\xD5\x7B\x1E\x92\x3A\x48\x59\x1C\xF0\x62\x31\x2D\xC0\x7A\x28\xFE\x1A\xA7\x5C\xB3\xB6\xCC\x97\xE7\x45\xD4\x58\xFA\xD1\x77\x6D\x43\xA2\xC0\x87\x65\x34\x0A\x1F\x7A\xDD\xEB\x3C\x33\xA1\xC5\x9D\x4D\xA4\x6F\x41\x95\x38\x7F\xC9\x1E\x84\xEB\xD1\x9E\x49\x92\x87\x94\x87\x0C\x3A\x85\x4A\x66\x9F\x9D\x59\x93\x4D\x97\x61\x06\x86\x4A\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x3D\xE6\x29\x48\x9B\xEA\x07\xCA\x21\x44\x4A\x26\xDE\x6E\xDE\xD2\x83\xD0\x9F\x59\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x03\x68\x00\x30\x65\x02\x31\x00\xE5\x69\x12\xC9\x6E\xDB\xC6\x31\xBA\x09\x41\xE1\x97\xF8\xFB\xFD\x9A\xE2\x7D\x12\xC9\xED\x7C\x64\xD3\xCB\x05\x25\x8B\x56\xD9\xA0\xE7\x5E\x5D\x4E\x0B\x83\x9C\x5B\x76\x29\xA0\x09\x26\x21\x6A\x62\x02\x30\x71\xD2\xB5\x8F\x5C\xEA\x3B\xE1\x78\x09\x85\xA8\x75\x92\x3B\xC8\x5C\xFD\x48\xEF\x0D\x74\x22\xA8\x08\xE2\x6E\xC5\x49\xCE\xC7\x0C\xBC\xA7\x61\x69\xF1\xF7\x3B\xE1\x2A\xCB\xF9\x2B\xF3\x66\x90\x37",
+	["CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL"] = "\x30\x82\x05\x74\x30\x82\x03\x5C\xA0\x03\x02\x01\x02\x02\x04\x00\x98\xA2\x39\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4C\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x0C\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x31\x2B\x30\x29\x06\x03\x55\x04\x03\x0C\x22\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x47\x33\x30\x1E\x17\x0D\x31\x33\x31\x31\x31\x34\x31\x31\x32\x38\x34\x32\x5A\x17\x0D\x32\x38\x31\x31\x31\x33\x32\x33\x30\x30\x30\x30\x5A\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4C\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x0C\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x31\x2B\x30\x29\x06\x03\x55\x04\x03\x0C\x22\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x47\x33\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xBE\x32\xA2\x54\x0F\x70\xFB\x2C\x5C\x59\xEB\x6C\xC4\xA4\x51\xE8\x85\x2A\xB3\xCC\x4A\x34\xF2\xB0\x5F\xF3\x0E\xC7\x1C\x3D\x53\x1E\x88\x08\x68\xD8\x6F\x3D\xAD\xC2\x9E\xCC\x82\x67\x07\x27\x87\x68\x71\x3A\x9F\x75\x96\x22\x46\x05\xB0\xED\xAD\xC7\x5B\x9E\x2A\xDE\x9C\xFC\x3A\xC6\x95\xA7\xF5\x17\x67\x18\xE7\x2F\x49\x08\x0C\x5C\xCF\xE6\xCC\x34\xED\x78\xFB\x50\xB1\xDC\x6B\x32\xF0\xA2\xFE\xB6\x3C\xE4\xEC\x5A\x97\xC7\x3F\x1E\x70\x08\x30\xA0\xDC\xC5\xB3\x6D\x6F\xD0\x82\x72\x11\xAB\xD2\x81\x68\x59\x82\x17\xB7\x78\x92\x60\xFA\xCC\xDE\x3F\x84\xEB\x8D\x38\x33\x90\x0A\x72\x23\xFA\x35\xCC\x26\x71\x31\xD1\x72\x28\x92\xD9\x5B\x23\x6D\x66\xB5\x6D\x07\x42\xEB\xA6\x33\xCE\x92\xDB\xC0\xF6\x6C\x63\x78\xCD\xCA\x4E\x3D\xB5\xE5\x52\x9B\xF1\xBE\x3B\xE6\x54\x60\xB0\x66\x1E\x09\xAB\x07\xFE\x54\x89\x11\x42\xD1\xF7\x24\xBA\x60\x78\x1A\x98\xF7\xC9\x11\xFD\x16\xC1\x35\x1A\x54\x75\xEF\x43\xD3\xE5\xAE\x4E\xCE\xE7\x7B\xC3\xC6\x4E\x61\x51\x4B\xAB\x9A\x45\x4B\xA1\x1F\x41\xBD\x48\x53\x15\x71\x64\x0B\x86\xB3\xE5\x2E\xBE\xCE\xA4\x1B\xC1\x29\x84\xA2\xB5\xCB\x08\x23\x76\x43\x22\x24\x1F\x17\x04\xD4\x6E\x9C\xC6\xFC\x7F\x2B\x66\x1A\xEC\x8A\xE5\xD6\xCF\x4D\xF5\x63\x09\xB7\x15\x39\xD6\x7B\xAC\xEB\xE3\x7C\xE9\x4E\xFC\x75\x42\xC8\xED\x58\x95\x0C\x06\x42\xA2\x9C\xF7\xE4\x70\xB3\xDF\x72\x6F\x5A\x37\x40\x89\xD8\x85\xA4\xD7\xF1\x0B\xDE\x43\x19\xD4\x4A\x58\x2C\x8C\x8A\x39\x9E\xBF\x84\x87\xF1\x16\x3B\x36\x0C\xE9\xD3\xB4\xCA\x6C\x19\x41\x52\x09\xA1\x1D\xB0\x6A\xBF\x82\xEF\x70\x51\x21\x32\xDC\x05\x76\x8C\xCB\xF7\x64\xE4\x03\x50\xAF\x8C\x91\x67\xAB\xC5\xF2\xEE\x58\xD8\xDE\xBE\xF7\xE7\x31\xCF\x6C\xC9\x3B\x71\xC1\xD5\x88\xB5\x65\xBC\xC0\xE8\x17\x17\x07\x12\xB5\x5C\xD2\xAB\x20\x93\xB4\xE6\x82\x83\x70\x36\xC5\xCD\xA3\x8D\xAD\x8B\xEC\xA3\xC1\x43\x87\xE6\x43\xE2\x34\xBE\x95\x8B\x35\xED\x07\x39\xDA\xA8\x1D\x7A\x9F\x36\x9E\x12\xB0\x0C\x65\x12\x90\x15\x60\xD9\x26\x40\x44\xE3\x56\x60\xA5\x10\xD4\x6A\x3C\xFD\x41\xDC\x0E\x5A\x47\xB6\xEF\x97\x61\x75\x4F\xD9\xFE\xC7\xB2\x1D\xD4\xED\x5D\x49\xB3\xA9\x6A\xCB\x66\x84\x13\xD5\x5C\xA0\xDC\xDF\x6E\x77\x06\xD1\x71\x75\xC8\x57\x6F\xAF\x0F\x77\x5B\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x54\xAD\xFA\xC7\x92\x57\xAE\xCA\x35\x9C\x2E\x12\xFB\xE4\xBA\x5D\x20\xDC\x94\x57\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x30\x99\x9D\x05\x32\xC8\x5E\x0E\x3B\x98\x01\x3A\x8A\xA4\xE7\x07\xF7\x7A\xF8\xE7\x9A\xDF\x50\x43\x53\x97\x2A\x3D\xCA\x3C\x47\x98\x2E\xE1\x15\x7B\xF1\x92\xF3\x61\xDA\x90\x25\x16\x65\xC0\x9F\x54\x5D\x0E\x03\x3B\x5B\x77\x02\x9C\x84\xB6\x0D\x98\x5F\x34\xDD\x3B\x63\xC2\xC3\x28\x81\xC2\x9C\x29\x2E\x29\xE2\xC8\xC3\x01\xF2\x33\xEA\x2A\xAA\xCC\x09\x08\xF7\x65\x67\xC6\xCD\xDF\xD3\xB6\x2B\xA7\xBD\xCC\xD1\x0E\x70\x5F\xB8\x23\xD1\xCB\x91\x4E\x0A\xF4\xC8\x7A\xE5\xD9\x63\x36\xC1\xD4\xDF\xFC\x22\x97\xF7\x60\x5D\xEA\x29\x2F\x58\xB2\xBD\x58\xBD\x8D\x96\x4F\x10\x75\xBF\x48\x7B\x3D\x51\x87\xA1\x3C\x74\x22\xC2\xFC\x07\x7F\x80\xDC\xC4\xAC\xFE\x6A\xC1\x70\x30\xB0\xE9\x8E\x69\xE2\x2C\x69\x81\x94\x09\xBA\xDD\xFE\x4D\xC0\x83\x8C\x94\x58\xC0\x46\x20\xAF\x9C\x1F\x02\xF8\x35\x55\x49\x2F\x46\xD4\xC0\xF0\xA0\x96\x02\x0F\x33\xC5\x71\xF3\x9E\x23\x7D\x94\xB7\xFD\x3A\xD3\x09\x83\x06\x21\xFD\x60\x3D\xAE\x32\xC0\xD2\xEE\x8D\xA6\xF0\xE7\xB4\x82\x7C\x0A\xCC\x70\xC9\x79\x80\xF8\xFE\x4C\xF7\x35\x84\x19\x8A\x31\xFB\x0A\xD9\xD7\x7F\x9B\xF0\xA2\x9A\x6B\xC3\x05\x4A\xED\x41\x60\x14\x30\xD1\xAA\x11\x42\x6E\xD3\x23\x02\x04\x0B\xC6\x65\xDD\xDD\x52\x77\xDA\x81\x6B\xB2\xA8\xFA\x01\x38\xB9\x96\xEA\x2A\x6C\x67\x97\x89\x94\x9E\xBC\xE1\x54\xD5\xE4\x6A\x78\xEF\x4A\xBD\x2B\x9A\x3D\x40\x7E\xC6\xC0\x75\xD2\x6E\xFB\x68\x30\xEC\xEC\x8B\x9D\xF9\x49\x35\x9A\x1A\x2C\xD9\xB3\x95\x39\xD5\x1E\x92\xF7\xA6\xB9\x65\x2F\xE5\x3D\x6D\x3A\x48\x4C\x08\xDC\xE4\x28\x12\x28\xBE\x7D\x35\x5C\xEA\xE0\x16\x7E\x13\x1B\x6A\xD7\x3E\xD7\x9E\xFC\x2D\x75\xB2\xC1\x14\xD5\x23\x03\xDB\x5B\x6F\x0B\x3E\x78\x2F\x0D\xDE\x33\x8D\x16\xB7\x48\xE7\x83\x9A\x81\x0F\x7B\xC1\x43\x4D\x55\x04\x17\x38\x4A\x51\xD5\x59\xA2\x89\x74\xD3\x9F\xBE\x1E\x4B\xD7\xC6\x6D\xB7\x88\x24\x6F\x60\x91\xA4\x82\x85\x5B\x56\x41\xBC\xD0\x44\xAB\x6A\x13\xBE\xD1\x2C\x58\xB7\x12\x33\x58\xB2\x37\x63\xDC\x13\xF5\x94\x1D\x3F\x40\x51\xF5\x4F\xF5\x3A\xED\xC8\xC5\xEB\xC2\x1E\x1D\x16\x95\x7A\xC7\x7E\x42\x71\x93\x6E\x4B\x15\xB7\x30\xDF\xAA\xED\x57\x85\x48\xAC\x1D\x6A\xDD\x39\x69\xE4\xE1\x79\x78\xBE\xCE\x05\xBF\xA1\x0C\xF7\x80\x7B\x21\x67\x27\x30\x59",
+	["CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL"] = "\x30\x82\x05\x70\x30\x82\x03\x58\xA0\x03\x02\x01\x02\x02\x04\x00\x98\x96\x8D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x58\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4C\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x0C\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x31\x29\x30\x27\x06\x03\x55\x04\x03\x0C\x20\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x20\x45\x56\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x31\x30\x31\x32\x30\x38\x31\x31\x31\x39\x32\x39\x5A\x17\x0D\x32\x32\x31\x32\x30\x38\x31\x31\x31\x30\x32\x38\x5A\x30\x58\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4C\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x0C\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x31\x29\x30\x27\x06\x03\x55\x04\x03\x0C\x20\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x20\x45\x56\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xE3\xC7\x7E\x89\xF9\x24\x4B\x3A\xD2\x33\x83\x35\x2C\x69\xEC\xDC\x09\xA4\xE3\x51\xA8\x25\x2B\x79\xB8\x08\x3D\xE0\x91\xBA\x84\x85\xC6\x85\xA4\xCA\xE6\xC9\x2E\x53\xA4\xC9\x24\x1E\xFD\x55\x66\x71\x5D\x2C\xC5\x60\x68\x04\xB7\xD9\xC2\x52\x26\x38\x88\xA4\xD6\x3B\x40\xA6\xC2\xCD\x3F\xCD\x98\x93\xB3\x54\x14\x58\x96\x55\xD5\x50\xFE\x86\xAD\xA4\x63\x7F\x5C\x87\xF6\x8E\xE6\x27\x92\x67\x17\x92\x02\x03\x2C\xDC\xD6\x66\x74\xED\xDD\x67\xFF\xC1\x61\x8D\x63\x4F\x0F\x9B\x6D\x17\x30\x26\xEF\xAB\xD2\x1F\x10\xA0\xF9\xC5\x7F\x16\x69\x81\x03\x47\xED\x1E\x68\x8D\x72\xA1\x4D\xB2\x26\xC6\xBA\x6C\x5F\x6D\xD6\xAF\xD1\xB1\x13\x8E\xA9\xAD\xF3\x5E\x69\x75\x26\x18\x3E\x41\x2B\x21\x7F\xEE\x8B\x5D\x07\x06\x9D\x43\xC4\x29\x0A\x2B\xFC\x2A\x3E\x86\xCB\x3C\x83\x3A\xF9\xC9\x0D\xDA\xC5\x99\xE2\xBC\x78\x41\x33\x76\xE1\xBF\x2F\x5D\xE5\xA4\x98\x50\x0C\x15\xDD\xE0\xFA\x9C\x7F\x38\x68\xD0\xB2\xA6\x7A\xA7\xD1\x31\xBD\x7E\x8A\x58\x27\x43\xB3\xBA\x33\x91\xD3\xA7\x98\x15\x5C\x9A\xE6\xD3\x0F\x75\xD9\xFC\x41\x98\x97\x3E\xAA\x25\xDB\x8F\x92\x2E\xB0\x7B\x0C\x5F\xF1\x63\xA9\x37\xF9\x9B\x75\x69\x4C\x28\x26\x25\xDA\xD5\xF2\x12\x70\x45\x55\xE3\xDF\x73\x5E\x37\xF5\x21\x6C\x90\x8E\x35\x5A\xC9\xD3\x23\xEB\xD3\xC0\xBE\x78\xAC\x42\x28\x58\x66\xA5\x46\x6D\x70\x02\xD7\x10\xF9\x4B\x54\xFC\x5D\x86\x4A\x87\xCF\x7F\xCA\x45\xAC\x11\x5A\xB5\x20\x51\x8D\x2F\x88\x47\x97\x39\xC0\xCF\xBA\xC0\x42\x01\x40\x99\x48\x21\x0B\x6B\xA7\xD2\xFD\x96\xD5\xD1\xBE\x46\x9D\x49\xE0\x0B\xA6\xA0\x22\x4E\x38\xD0\xC1\x3C\x30\xBC\x70\x8F\x2C\x75\xCC\xD0\xC5\x8C\x51\x3B\x3D\x94\x08\x64\x26\x61\x7D\xB9\xC3\x65\x8F\x14\x9C\x21\xD0\xAA\xFD\x17\x72\x03\x8F\xBD\x9B\x8C\xE6\x5E\x53\x9E\xB9\x9D\xEF\x82\xBB\xE1\xBC\xE2\x72\x41\x5B\x21\x94\xD3\x45\x37\x94\xD1\xDF\x09\x39\x5D\xE7\x23\xAA\x9A\x1D\xCA\x6D\xA8\x0A\x86\x85\x8A\x82\xBE\x42\x07\xD6\xF2\x38\x82\x73\xDA\x87\x5B\xE5\x3C\xD3\x9E\x3E\xA7\x3B\x9E\xF4\x03\xB3\xF9\xF1\x7D\x13\x74\x02\xFF\xBB\xA1\xE5\xFA\x00\x79\x1C\xA6\x66\x41\x88\x5C\x60\x57\xA6\x2E\x09\xC4\xBA\xFD\x9A\xCF\xA7\x1F\x40\xC3\xBB\xCC\x5A\x0A\x55\x4B\x3B\x38\x76\x51\xB8\x63\x8B\x84\x94\x16\xE6\x56\xF3\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xFE\xAB\x00\x90\x98\x9E\x24\xFC\xA9\xCC\x1A\x8A\xFB\x27\xB8\xBF\x30\x6E\xA8\x3B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\xCF\x77\x2C\x6E\x56\xBE\x4E\xB3\xB6\x84\x00\x94\xAB\x47\xC9\x0D\xD2\x76\xC7\x86\x9F\x1D\x07\xD3\xB6\xB4\xBB\x08\x78\xAF\x69\xD2\x0B\x49\xDE\x33\xC5\xAC\xAD\xC2\x88\x02\x7D\x06\xB7\x35\x02\xC1\x60\xC9\xBF\xC4\xE8\x94\xDE\xD4\xD3\xA9\x13\x25\x5A\xFE\x6E\xA2\xAE\x7D\x05\xDC\x7D\xF3\x6C\xF0\x7E\xA6\x8D\xEE\xD9\xD7\xCE\x58\x17\xE8\xA9\x29\xAE\x73\x48\x87\xE7\x9B\xCA\x6E\x29\xA1\x64\x5F\x19\x13\xF7\xAE\x06\x10\xFF\x51\xC6\x9B\x4D\x55\x25\x4F\x93\x99\x10\x01\x53\x75\xF1\x13\xCE\xC7\xA6\x41\x41\xD2\xBF\x88\xA5\x7F\x45\xFC\xAC\xB8\xA5\xB5\x33\x0C\x82\xC4\xFB\x07\xF6\x6A\xE5\x25\x84\x5F\x06\xCA\xC1\x86\x39\x11\xDB\x58\xCD\x77\x3B\x2C\xC2\x4C\x0F\x5E\x9A\xE3\xF0\xAB\x3E\x61\x1B\x50\x24\xC2\xC0\xF4\xF1\x19\xF0\x11\x29\xB6\xA5\x18\x02\x9B\xD7\x63\x4C\x70\x8C\x47\xA3\x03\x43\x5C\xB9\x5D\x46\xA0\x0D\x6F\xFF\x59\x8E\xBE\xDD\x9F\x72\xC3\x5B\x2B\xDF\x8C\x5B\xCE\xE5\x0C\x46\x6C\x92\xB2\x0A\xA3\x4C\x54\x42\x18\x15\x12\x18\xBD\xDA\xFC\xBA\x74\x6E\xFF\xC1\xB6\xA0\x64\xD8\xA9\x5F\x55\xAE\x9F\x5C\x6A\x76\x96\xD8\x73\x67\x87\xFB\x4D\x7F\x5C\xEE\x69\xCA\x73\x10\xFB\x8A\xA9\xFD\x9E\xBD\x36\x38\x49\x49\x87\xF4\x0E\x14\xF0\xE9\x87\xB8\x3F\xA7\x4F\x7A\x5A\x8E\x79\xD4\x93\xE4\xBB\x68\x52\x84\xAC\x6C\xE9\xF3\x98\x70\x55\x72\x32\xF9\x34\xAB\x2B\x49\xB5\xCD\x20\x62\xE4\x3A\x7A\x67\x63\xAB\x96\xDC\x6D\xAE\x97\xEC\xFC\x9F\x76\x56\x88\x2E\x66\xCF\x5B\xB6\xC9\xA4\xB0\xD7\x05\xBA\xE1\x27\x2F\x93\xBB\x26\x2A\xA2\x93\xB0\x1B\xF3\x8E\xBE\x1D\x40\xA3\xB9\x36\x8F\x3E\x82\x1A\x1A\x5E\x88\xEA\x50\xF8\x59\xE2\x83\x46\x29\x0B\xE3\x44\x5C\xE1\x95\xB6\x69\x90\x9A\x14\x6F\x97\xAE\x81\xCF\x68\xEF\x99\x9A\xBE\xB5\xE7\xE1\x7F\xF8\xFA\x13\x47\x16\x4C\xCC\x6D\x08\x40\xE7\x8B\x78\x6F\x50\x82\x44\x50\x3F\x66\x06\x8A\xAB\x43\x84\x56\x4A\x0F\x20\x2D\x86\x0E\xF5\xD2\xDB\xD2\x7A\x8A\x4B\xCD\xA5\xE8\x4E\xF1\x5E\x26\x25\x01\x59\x23\xA0\x7E\xD2\xF6\x7E\x21\x57\xD7\x27\xBC\x15\x57\x4C\xA4\x46\xC1\xE0\x83\x1E\x0C\x4C\x4D\x1F\x4F\x06\x19\xE2\xF9\xA8\xF4\x3A\x82\xA1\xB2\x79\x43\x79\xD6\xAD\x6F\x7A\x27\x90\x03\xA4\xEA\x24\x87\x3F\xD9\xBD\xD9\xE9\xF2\x5F\x50\x49\x1C\xEE\xEC\xD7\x2E",
+	["CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US"] = "\x30\x82\x05\x60\x30\x82\x03\x48\xA0\x03\x02\x01\x02\x02\x10\x0A\x01\x42\x80\x00\x00\x01\x45\x23\xC8\x44\xB5\x00\x00\x00\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x13\x09\x49\x64\x65\x6E\x54\x72\x75\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x49\x64\x65\x6E\x54\x72\x75\x73\x74\x20\x43\x6F\x6D\x6D\x65\x72\x63\x69\x61\x6C\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x31\x30\x1E\x17\x0D\x31\x34\x30\x31\x31\x36\x31\x38\x31\x32\x32\x33\x5A\x17\x0D\x33\x34\x30\x31\x31\x36\x31\x38\x31\x32\x32\x33\x5A\x30\x4A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x13\x09\x49\x64\x65\x6E\x54\x72\x75\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x49\x64\x65\x6E\x54\x72\x75\x73\x74\x20\x43\x6F\x6D\x6D\x65\x72\x63\x69\x61\x6C\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x31\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA7\x50\x19\xDE\x3F\x99\x3D\xD4\x33\x46\xF1\x6F\x51\x61\x82\xB2\xA9\x4F\x8F\x67\x89\x5D\x84\xD9\x53\xDD\x0C\x28\xD9\xD7\xF0\xFF\xAE\x95\x43\x72\x99\xF9\xB5\x5D\x7C\x8A\xC1\x42\xE1\x31\x50\x74\xD1\x81\x0D\x7C\xCD\x9B\x21\xAB\x43\xE2\xAC\xAD\x5E\x86\x6E\xF3\x09\x8A\x1F\x5A\x32\xBD\xA2\xEB\x94\xF9\xE8\x5C\x0A\xEC\xFF\x98\xD2\xAF\x71\xB3\xB4\x53\x9F\x4E\x87\xEF\x92\xBC\xBD\xEC\x4F\x32\x30\x88\x4B\x17\x5E\x57\xC4\x53\xC2\xF6\x02\x97\x8D\xD9\x62\x2B\xBF\x24\x1F\x62\x8D\xDF\xC3\xB8\x29\x4B\x49\x78\x3C\x93\x60\x88\x22\xFC\x99\xDA\x36\xC8\xC2\xA2\xD4\x2C\x54\x00\x67\x35\x6E\x73\xBF\x02\x58\xF0\xA4\xDD\xE5\xB0\xA2\x26\x7A\xCA\xE0\x36\xA5\x19\x16\xF5\xFD\xB7\xEF\xAE\x3F\x40\xF5\x6D\x5A\x04\xFD\xCE\x34\xCA\x24\xDC\x74\x23\x1B\x5D\x33\x13\x12\x5D\xC4\x01\x25\xF6\x30\xDD\x02\x5D\x9F\xE0\xD5\x47\xBD\xB4\xEB\x1B\xA1\xBB\x49\x49\xD8\x9F\x5B\x02\xF3\x8A\xE4\x24\x90\xE4\x62\x4F\x4F\xC1\xAF\x8B\x0E\x74\x17\xA8\xD1\x72\x88\x6A\x7A\x01\x49\xCC\xB4\x46\x79\xC6\x17\xB1\xDA\x98\x1E\x07\x59\xFA\x75\x21\x85\x65\xDD\x90\x56\xCE\xFB\xAB\xA5\x60\x9D\xC4\x9D\xF9\x52\xB0\x8B\xBD\x87\xF9\x8F\x2B\x23\x0A\x23\x76\x3B\xF7\x33\xE1\xC9\x00\xF3\x69\xF9\x4B\xA2\xE0\x4E\xBC\x7E\x93\x39\x84\x07\xF7\x44\x70\x7E\xFE\x07\x5A\xE5\xB1\xAC\xD1\x18\xCC\xF2\x35\xE5\x49\x49\x08\xCA\x56\xC9\x3D\xFB\x0F\x18\x7D\x8B\x3B\xC1\x13\xC2\x4D\x8F\xC9\x4F\x0E\x37\xE9\x1F\xA1\x0E\x6A\xDF\x62\x2E\xCB\x35\x06\x51\x79\x2C\xC8\x25\x38\xF4\xFA\x4B\xA7\x89\x5C\x9C\xD2\xE3\x0D\x39\x86\x4A\x74\x7C\xD5\x59\x87\xC2\x3F\x4E\x0C\x5C\x52\xF4\x3D\xF7\x52\x82\xF1\xEA\xA3\xAC\xFD\x49\x34\x1A\x28\xF3\x41\x88\x3A\x13\xEE\xE8\xDE\xFF\x99\x1D\x5F\xBA\xCB\xE8\x1E\xF2\xB9\x50\x60\xC0\x31\xD3\x73\xE5\xEF\xBE\xA0\xED\x33\x0B\x74\xBE\x20\x20\xC4\x67\x6C\xF0\x08\x03\x7A\x55\x80\x7F\x46\x4E\x96\xA7\xF4\x1E\x3E\xE1\xF6\xD8\x09\xE1\x33\x64\x2B\x63\xD7\x32\x5E\x9F\xF9\xC0\x7B\x0F\x78\x6F\x97\xBC\x93\x9A\xF9\x9C\x12\x90\x78\x7A\x80\x87\x15\xD7\x72\x74\x9C\x55\x74\x78\xB1\xBA\xE1\x6E\x70\x04\xBA\x4F\xA0\xBA\x68\xC3\x7B\xFF\x31\xF0\x73\x3D\x3D\x94\x2A\xB1\x0B\x41\x0E\xA0\xFE\x4D\x88\x65\x6B\x79\x33\xB4\xD7\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xED\x44\x19\xC0\xD3\xF0\x06\x8B\xEE\xA4\x7B\xBE\x42\xE7\x26\x54\xC8\x8E\x36\x76\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x0D\xAE\x90\x32\xF6\xA6\x4B\x7C\x44\x76\x19\x61\x1E\x27\x28\xCD\x5E\x54\xEF\x25\xBC\xE3\x08\x90\xF9\x29\xD7\xAE\x68\x08\xE1\x94\x00\x58\xEF\x2E\x2E\x7E\x53\x52\x8C\xB6\x5C\x07\xEA\x88\xBA\x99\x8B\x50\x94\xD7\x82\x80\xDF\x61\x09\x00\x93\xAD\x0D\x14\xE6\xCE\xC1\xF2\x37\x94\x78\xB0\x5F\x9C\xB3\xA2\x73\xB8\x8F\x05\x93\x38\xCD\x8D\x3E\xB0\xB8\xFB\xC0\xCF\xB1\xF2\xEC\x2D\x2D\x1B\xCC\xEC\xAA\x9A\xB3\xAA\x60\x82\x1B\x2D\x3B\xC3\x84\x3D\x57\x8A\x96\x1E\x9C\x75\xB8\xD3\x30\xCD\x60\x08\x83\x90\xD3\x8E\x54\xF1\x4D\x66\xC0\x5D\x74\x03\x40\xA3\xEE\x85\x7E\xC2\x1F\x77\x9C\x06\xE8\xC1\xA7\x18\x5D\x52\x95\xED\xC9\xDD\x25\x9E\x6D\xFA\xA9\xED\xA3\x3A\x34\xD0\x59\x7B\xDA\xED\x50\xF3\x35\xBF\xED\xEB\x14\x4D\x31\xC7\x60\xF4\xDA\xF1\x87\x9C\xE2\x48\xE2\xC6\xC5\x37\xFB\x06\x10\xFA\x75\x59\x66\x31\x47\x29\xDA\x76\x9A\x1C\xE9\x82\xAE\xEF\x9A\xB9\x51\xF7\x88\x23\x9A\x69\x95\x62\x3C\xE5\x55\x80\x36\xD7\x54\x02\xFF\xF1\xB9\x5D\xCE\xD4\x23\x6F\xD8\x45\x84\x4A\x5B\x65\xEF\x89\x0C\xDD\x14\xA7\x20\xCB\x18\xA5\x25\xB4\x0D\xF9\x01\xF0\xA2\xD2\xF4\x00\xC8\x74\x8E\xA1\x2A\x48\x8E\x65\xDB\x13\xC4\xE2\x25\x17\x7D\xEB\xBE\x87\x5B\x17\x20\x54\x51\x93\x4A\x53\x03\x0B\xEC\x5D\xCA\x33\xED\x62\xFD\x45\xC7\x2F\x5B\xDC\x58\xA0\x80\x39\xE6\xFA\xD7\xFE\x13\x14\xA6\xED\x3D\x94\x4A\x42\x74\xD4\xC3\x77\x59\x73\xCD\x8F\x46\xBE\x55\x38\xEF\xFA\xE8\x91\x32\xEA\x97\x58\x04\x22\xDE\x38\xC3\xCC\xBC\x6D\xC9\x33\x3A\x6A\x0A\x69\x3F\xA0\xC8\xEA\x72\x8F\x8C\x63\x86\x23\xBD\x6D\x3C\x96\x9E\x95\xE0\x49\x4C\xAA\xA2\xB9\x2A\x1B\x9C\x36\x81\x78\xED\xC3\xE8\x46\xE2\x26\x59\x44\x75\x1E\xD9\x75\x89\x51\xCD\x10\x84\x9D\x61\x60\xCB\x5D\xF9\x97\x22\x4D\x8E\x98\xE6\xE3\x7F\xF6\x5B\xBB\xAE\xCD\xCA\x4A\x81\x6B\x5E\x0B\xF3\x51\xE1\x74\x2B\xE9\x7E\x27\xA7\xD9\x99\x49\x4E\xF8\xA5\x80\xDB\x25\x0F\x1C\x63\x62\x8A\xC9\x33\x67\x6B\x3C\x10\x83\xC6\xAD\xDE\xA8\xCD\x16\x8E\x8D\xF0\x07\x37\x71\x9F\xF2\xAB\xFC\x41\xF5\xC1\x8B\xEC\x00\x37\x5D\x09\xE5\x4E\x80\xEF\xFA\xB1\x5C\x38\x06\xA5\x1B\x4A\xE1\xDC\x38\x2D\x3C\xDC\xAB\x1F\x90\x1A\xD5\x4A\x9C\xEE\xD1\x70\x6C\xCC\xEE\xF4\x57\xF8\x18\xBA\x84\x6E\x87",
+	["CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US"] = "\x30\x82\x05\x66\x30\x82\x03\x4E\xA0\x03\x02\x01\x02\x02\x10\x0A\x01\x42\x80\x00\x00\x01\x45\x23\xCF\x46\x7C\x00\x00\x00\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x13\x09\x49\x64\x65\x6E\x54\x72\x75\x73\x74\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x13\x21\x49\x64\x65\x6E\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6C\x69\x63\x20\x53\x65\x63\x74\x6F\x72\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x31\x30\x1E\x17\x0D\x31\x34\x30\x31\x31\x36\x31\x37\x35\x33\x33\x32\x5A\x17\x0D\x33\x34\x30\x31\x31\x36\x31\x37\x35\x33\x33\x32\x5A\x30\x4D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x13\x09\x49\x64\x65\x6E\x54\x72\x75\x73\x74\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x13\x21\x49\x64\x65\x6E\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6C\x69\x63\x20\x53\x65\x63\x74\x6F\x72\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x31\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xB6\x22\x94\xFC\xA4\x48\xAF\xE8\x47\x6B\x0A\xFB\x27\x76\xE4\xF2\x3F\x8A\x3B\x7A\x4A\x2C\x31\x2A\x8C\x8D\xB0\xA9\xC3\x31\x6B\xA8\x77\x76\x84\x26\xB6\xAC\x81\x42\x0D\x08\xEB\x55\x58\xBB\x7A\xF8\xBC\x65\x7D\xF2\xA0\x6D\x8B\xA8\x47\xE9\x62\x76\x1E\x11\xEE\x08\x14\xD1\xB2\x44\x16\xF4\xEA\xD0\xFA\x1E\x2F\x5E\xDB\xCB\x73\x41\xAE\xBC\x00\xB0\x4A\x2B\x40\xB2\xAC\xE1\x3B\x4B\xC2\x2D\x9D\xE4\xA1\x9B\xEC\x1A\x3A\x1E\xF0\x08\xB3\xD0\xE4\x24\x35\x07\x9F\x9C\xB4\xC9\x52\x6D\xDB\x07\xCA\x8F\xB5\x5B\xF0\x83\xF3\x4F\xC7\x2D\xA5\xC8\xAD\xCB\x95\x20\xA4\x31\x28\x57\x58\x5A\xE4\x8D\x1B\x9A\xAB\x9E\x0D\x0C\xF2\x0A\x33\x39\x22\x39\x0A\x97\x2E\xF3\x53\x77\xB9\x44\x45\xFD\x84\xCB\x36\x20\x81\x59\x2D\x9A\x6F\x6D\x48\x48\x61\xCA\x4C\xDF\x53\xD1\xAF\x52\xBC\x44\x9F\xAB\x2F\x6B\x83\x72\xEF\x75\x80\xDA\x06\x33\x1B\x5D\xC8\xDA\x63\xC6\x4D\xCD\xAC\x66\x31\xCD\xD1\xDE\x3E\x87\x10\x36\xE1\xB9\xA4\x7A\xEF\x60\x50\xB2\xCB\xCA\xA6\x56\xE0\x37\xAF\xAB\x34\x13\x39\x25\xE8\x39\x66\xE4\x98\x7A\xAA\x12\x98\x9C\x59\x66\x86\x3E\xAD\xF1\xB0\xCA\x3E\x06\x0F\x7B\xF0\x11\x4B\x37\xA0\x44\x6D\x7B\xCB\xA8\x8C\x71\xF4\xD5\xB5\x91\x36\xCC\xF0\x15\xC6\x2B\xDE\x51\x17\xB1\x97\x4C\x50\x3D\xB1\x95\x59\x7C\x05\x7D\x2D\x21\xD5\x00\xBF\x01\x67\xA2\x5E\x7B\xA6\x5C\xF2\xF7\x22\xF1\x90\x0D\x93\xDB\xAA\x44\x51\x66\xCC\x7D\x76\x03\xEB\x6A\xA8\x2A\x38\x19\x97\x76\x0D\x6B\x8A\x61\xF9\xBC\xF6\xEE\x76\xFD\x70\x2B\xDD\x29\x3C\xF8\x0A\x1E\x5B\x42\x1C\x8B\x56\x2F\x55\x1B\x1C\xA1\x2E\xB5\xC7\x16\xE6\xF8\xAA\x3C\x92\x8E\x69\xB6\x01\xC1\xB5\x86\x9D\x89\x0F\x0B\x38\x94\x54\xE8\xEA\xDC\x9E\x3D\x25\xBC\x53\x26\xED\xD5\xAB\x39\xAA\xC5\x40\x4C\x54\xAB\xB2\xB4\xD9\xD9\xF8\xD7\x72\xDB\x1C\xBC\x6D\xBD\x65\x5F\xEF\x88\x35\x2A\x66\x2F\xEE\xF6\xB3\x65\xF0\x33\x8D\x7C\x98\x41\x69\x46\x0F\x43\x1C\x69\xFA\x9B\xB5\xD0\x61\x6A\xCD\xCA\x4B\xD9\x4C\x90\x46\xAB\x15\x59\xA1\x47\x54\x29\x2E\x83\x28\x5F\x1C\xC2\xA2\xAB\x72\x17\x00\x06\x8E\x45\xEC\x8B\xE2\x33\x3D\x7F\xDA\x19\x44\xE4\x62\x72\xC3\xDF\x22\xC6\xF2\x56\xD4\xDD\x5F\x95\x72\xED\x6D\x5F\xF7\x48\x03\x5B\xFD\xC5\x2A\xA0\xF6\x73\x23\x84\x10\x1B\x01\xE7\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE3\x71\xE0\x9E\xD8\xA7\x42\xD9\xDB\x71\x91\x6B\x94\x93\xEB\xC3\xA3\xD1\x14\xA3\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x47\xFA\xDD\x0A\xB0\x11\x91\x38\xAD\x4D\x5D\xF7\xE5\x0E\x97\x54\x19\x82\x48\x87\x54\x8C\xAA\x64\x99\xD8\x5A\xFE\x88\x01\xC5\x58\xA5\x99\xB1\x23\x54\x23\xB7\x6A\x1D\x20\x57\xE5\x01\x62\x41\x17\xD3\x09\xDB\x75\xCB\x6E\x54\x90\x75\xFE\x1A\x9F\x81\x0A\xC2\xDD\xD7\xF7\x09\xD0\x5B\x72\x15\xE4\x1E\x09\x6A\x3D\x33\xF3\x21\x9A\xE6\x15\x7E\xAD\x51\xD5\x0D\x10\xED\x7D\x42\xC0\x8F\xEE\xC0\x9A\x08\xD5\x41\xD6\x5C\x0E\x21\x69\x6E\x80\x61\x0E\x15\xC0\xB8\xCF\xC5\x49\x12\x52\xCC\xBE\x3A\xCC\xD4\x2E\x38\x05\xDE\x35\xFD\x1F\x6F\xB8\x80\x68\x98\x3D\x4D\xA0\xCA\x40\x65\xD2\x73\x7C\xF5\x8B\xD9\x0A\x95\x3F\xD8\x3F\x23\x6D\x1A\xD1\x2A\x24\x19\xD9\x85\xB3\x17\xEF\x78\x6E\xA9\x58\xD1\x23\xD3\xC7\x13\xED\x72\x25\x7F\x5D\xB1\x73\x70\xD0\x7F\x06\x97\x09\x84\x29\x80\x61\x1D\xFA\x5E\xFF\x73\xAC\xA0\xE3\x89\xB8\x1C\x71\x15\xC6\xDE\x31\x7F\x12\xDC\xE1\x6D\x9B\xAF\xE7\xE8\x9F\x75\x78\x4C\xAB\x46\x3B\x9A\xCE\xBF\x05\x18\x5D\x4D\x15\x3C\x16\x9A\x19\x50\x04\x9A\xB2\x9A\x6F\x65\x8B\x52\x5F\x3C\x58\x04\x28\x25\xC0\x66\x61\x31\x7E\xB9\xE0\x75\xB9\x1A\xA8\x81\xD6\x72\x17\xB3\xC5\x03\x31\x35\x11\x78\x78\xA2\xE0\xE9\x30\x8C\x7F\x80\xDF\x58\xDF\x3C\xBA\x27\x96\xE2\x80\x34\x6D\xE3\x98\xD3\x64\x27\xAC\x48\x7E\x28\x77\x5C\xC6\x25\x61\x25\xF8\x85\x0C\x65\xFA\xC4\x32\x2F\xA5\x98\x05\xE4\xF8\x0B\x67\x16\x16\xC6\x82\xB8\x32\x19\xF9\xF9\xB9\x79\xDC\x1F\xCD\xEB\xAF\xAB\x0E\xDD\x1B\xDB\x45\xE4\x7A\xE7\x02\xE2\x95\x5D\xFC\x69\xF0\x53\x69\x61\x95\x75\x79\x0B\x5E\x55\xE6\x38\x1C\x94\xA9\x59\x33\x9E\xC8\x71\x74\x79\x7F\x51\x89\xB6\xC8\x6A\xB8\x30\xC8\x6A\x38\xC3\x6E\x9E\xE1\x37\x16\xEA\x05\x62\x4C\x5B\x12\x47\xED\xA7\xB4\xB3\x58\x56\xC7\x49\xF3\x7F\x12\x68\x09\x31\x71\xF0\x6D\xF8\x4E\x47\xFB\xD6\x85\xEE\xC5\x58\x40\x19\xA4\x1D\xA7\xF9\x4B\x43\x37\xDC\x68\x5A\x4F\xCF\xEB\xC2\x64\x74\xDE\xB4\x15\xD9\xF4\x54\x54\x1A\x2F\x1C\xD7\x97\x71\x54\x90\x8E\xD9\x20\x9D\x53\x2B\x7F\xAB\x8F\xE2\xEA\x30\xBC\x50\x37\xEF\xF1\x47\xB5\x7D\x7C\x2C\x04\xEC\x68\x9D\xB4\x49\x44\x10\xF4\x72\x4B\x1C\x64\xE7\xFC\xE6\x6B\x90\xDD\x69\x7D\x69\xFD\x00\x56\xA5\xB7\xAC\xB6\xAD\xB7\xCA\x3E\x01\xEF\x9C",
+	["CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US"] = "\x30\x82\x04\x3E\x30\x82\x03\x26\xA0\x03\x02\x01\x02\x02\x04\x4A\x53\x8C\x28\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\xBE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x45\x6E\x74\x72\x75\x73\x74\x2C\x20\x49\x6E\x63\x2E\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x53\x65\x65\x20\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x6C\x65\x67\x61\x6C\x2D\x74\x65\x72\x6D\x73\x31\x39\x30\x37\x06\x03\x55\x04\x0B\x13\x30\x28\x63\x29\x20\x32\x30\x30\x39\x20\x45\x6E\x74\x72\x75\x73\x74\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x66\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x32\x30\x30\x06\x03\x55\x04\x03\x13\x29\x45\x6E\x74\x72\x75\x73\x74\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x30\x1E\x17\x0D\x30\x39\x30\x37\x30\x37\x31\x37\x32\x35\x35\x34\x5A\x17\x0D\x33\x30\x31\x32\x30\x37\x31\x37\x35\x35\x35\x34\x5A\x30\x81\xBE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x45\x6E\x74\x72\x75\x73\x74\x2C\x20\x49\x6E\x63\x2E\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x53\x65\x65\x20\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x6C\x65\x67\x61\x6C\x2D\x74\x65\x72\x6D\x73\x31\x39\x30\x37\x06\x03\x55\x04\x0B\x13\x30\x28\x63\x29\x20\x32\x30\x30\x39\x20\x45\x6E\x74\x72\x75\x73\x74\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x66\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x32\x30\x30\x06\x03\x55\x04\x03\x13\x29\x45\x6E\x74\x72\x75\x73\x74\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBA\x84\xB6\x72\xDB\x9E\x0C\x6B\xE2\x99\xE9\x30\x01\xA7\x76\xEA\x32\xB8\x95\x41\x1A\xC9\xDA\x61\x4E\x58\x72\xCF\xFE\xF6\x82\x79\xBF\x73\x61\x06\x0A\xA5\x27\xD8\xB3\x5F\xD3\x45\x4E\x1C\x72\xD6\x4E\x32\xF2\x72\x8A\x0F\xF7\x83\x19\xD0\x6A\x80\x80\x00\x45\x1E\xB0\xC7\xE7\x9A\xBF\x12\x57\x27\x1C\xA3\x68\x2F\x0A\x87\xBD\x6A\x6B\x0E\x5E\x65\xF3\x1C\x77\xD5\xD4\x85\x8D\x70\x21\xB4\xB3\x32\xE7\x8B\xA2\xD5\x86\x39\x02\xB1\xB8\xD2\x47\xCE\xE4\xC9\x49\xC4\x3B\xA7\xDE\xFB\x54\x7D\x57\xBE\xF0\xE8\x6E\xC2\x79\xB2\x3A\x0B\x55\xE2\x50\x98\x16\x32\x13\x5C\x2F\x78\x56\xC1\xC2\x94\xB3\xF2\x5A\xE4\x27\x9A\x9F\x24\xD7\xC6\xEC\xD0\x9B\x25\x82\xE3\xCC\xC2\xC4\x45\xC5\x8C\x97\x7A\x06\x6B\x2A\x11\x9F\xA9\x0A\x6E\x48\x3B\x6F\xDB\xD4\x11\x19\x42\xF7\x8F\x07\xBF\xF5\x53\x5F\x9C\x3E\xF4\x17\x2C\xE6\x69\xAC\x4E\x32\x4C\x62\x77\xEA\xB7\xE8\xE5\xBB\x34\xBC\x19\x8B\xAE\x9C\x51\xE7\xB7\x7E\xB5\x53\xB1\x33\x22\xE5\x6D\xCF\x70\x3C\x1A\xFA\xE2\x9B\x67\xB6\x83\xF4\x8D\xA5\xAF\x62\x4C\x4D\xE0\x58\xAC\x64\x34\x12\x03\xF8\xB6\x8D\x94\x63\x24\xA4\x71\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x6A\x72\x26\x7A\xD0\x1E\xEF\x7D\xE7\x3B\x69\x51\xD4\x6C\x8D\x9F\x90\x12\x66\xAB\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x79\x9F\x1D\x96\xC6\xB6\x79\x3F\x22\x8D\x87\xD3\x87\x03\x04\x60\x6A\x6B\x9A\x2E\x59\x89\x73\x11\xAC\x43\xD1\xF5\x13\xFF\x8D\x39\x2B\xC0\xF2\xBD\x4F\x70\x8C\xA9\x2F\xEA\x17\xC4\x0B\x54\x9E\xD4\x1B\x96\x98\x33\x3C\xA8\xAD\x62\xA2\x00\x76\xAB\x59\x69\x6E\x06\x1D\x7E\xC4\xB9\x44\x8D\x98\xAF\x12\xD4\x61\xDB\x0A\x19\x46\x47\xF3\xEB\xF7\x63\xC1\x40\x05\x40\xA5\xD2\xB7\xF4\xB5\x9A\x36\xBF\xA9\x88\x76\x88\x04\x55\x04\x2B\x9C\x87\x7F\x1A\x37\x3C\x7E\x2D\xA5\x1A\xD8\xD4\x89\x5E\xCA\xBD\xAC\x3D\x6C\xD8\x6D\xAF\xD5\xF3\x76\x0F\xCD\x3B\x88\x38\x22\x9D\x6C\x93\x9A\xC4\x3D\xBF\x82\x1B\x65\x3F\xA6\x0F\x5D\xAA\xFC\xE5\xB2\x15\xCA\xB5\xAD\xC6\xBC\x3D\xD0\x84\xE8\xEA\x06\x72\xB0\x4D\x39\x32\x78\xBF\x3E\x11\x9C\x0B\xA4\x9D\x9A\x21\xF3\xF0\x9B\x0B\x30\x78\xDB\xC1\xDC\x87\x43\xFE\xBC\x63\x9A\xCA\xC5\xC2\x1C\xC9\xC7\x8D\xFF\x3B\x12\x58\x08\xE6\xB6\x3D\xEC\x7A\x2C\x4E\xFB\x83\x96\xCE\x0C\x3C\x69\x87\x54\x73\xA4\x73\xC2\x93\xFF\x51\x10\xAC\x15\x54\x01\xD8\xFC\x05\xB1\x89\xA1\x7F\x74\x83\x9A\x49\xD7\xDC\x4E\x7B\x8A\x48\x6F\x8B\x45\xF6",
+	["CN=Entrust Root Certification Authority - EC1,OU=(c) 2012 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US"] = "\x30\x82\x02\xF9\x30\x82\x02\x80\xA0\x03\x02\x01\x02\x02\x0D\x00\xA6\x8B\x79\x29\x00\x00\x00\x00\x50\xD0\x91\xF9\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x30\x81\xBF\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x45\x6E\x74\x72\x75\x73\x74\x2C\x20\x49\x6E\x63\x2E\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x53\x65\x65\x20\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x6C\x65\x67\x61\x6C\x2D\x74\x65\x72\x6D\x73\x31\x39\x30\x37\x06\x03\x55\x04\x0B\x13\x30\x28\x63\x29\x20\x32\x30\x31\x32\x20\x45\x6E\x74\x72\x75\x73\x74\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x66\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x33\x30\x31\x06\x03\x55\x04\x03\x13\x2A\x45\x6E\x74\x72\x75\x73\x74\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x45\x43\x31\x30\x1E\x17\x0D\x31\x32\x31\x32\x31\x38\x31\x35\x32\x35\x33\x36\x5A\x17\x0D\x33\x37\x31\x32\x31\x38\x31\x35\x35\x35\x33\x36\x5A\x30\x81\xBF\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x45\x6E\x74\x72\x75\x73\x74\x2C\x20\x49\x6E\x63\x2E\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x53\x65\x65\x20\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x6C\x65\x67\x61\x6C\x2D\x74\x65\x72\x6D\x73\x31\x39\x30\x37\x06\x03\x55\x04\x0B\x13\x30\x28\x63\x29\x20\x32\x30\x31\x32\x20\x45\x6E\x74\x72\x75\x73\x74\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x66\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x33\x30\x31\x06\x03\x55\x04\x03\x13\x2A\x45\x6E\x74\x72\x75\x73\x74\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x45\x43\x31\x30\x76\x30\x10\x06\x07\x2A\x86\x48\xCE\x3D\x02\x01\x06\x05\x2B\x81\x04\x00\x22\x03\x62\x00\x04\x84\x13\xC9\xD0\xBA\x6D\x41\x7B\xE2\x6C\xD0\xEB\x55\x5F\x66\x02\x1A\x24\xF4\x5B\x89\x69\x47\xE3\xB8\xC2\x7D\xF1\xF2\x02\xC5\x9F\xA0\xF6\x5B\xD5\x8B\x06\x19\x86\x4F\x53\x10\x6D\x07\x24\x27\xA1\xA0\xF8\xD5\x47\x19\x61\x4C\x7D\xCA\x93\x27\xEA\x74\x0C\xEF\x6F\x96\x09\xFE\x63\xEC\x70\x5D\x36\xAD\x67\x77\xAE\xC9\x9D\x7C\x55\x44\x3A\xA2\x63\x51\x1F\xF5\xE3\x62\xD4\xA9\x47\x07\x3E\xCC\x20\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xB7\x63\xE7\x1A\xDD\x8D\xE9\x08\xA6\x55\x83\xA4\xE0\x6A\x50\x41\x65\x11\x42\x49\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x03\x67\x00\x30\x64\x02\x30\x61\x79\xD8\xE5\x42\x47\xDF\x1C\xAE\x53\x99\x17\xB6\x6F\x1C\x7D\xE1\xBF\x11\x94\xD1\x03\x88\x75\xE4\x8D\x89\xA4\x8A\x77\x46\xDE\x6D\x61\xEF\x02\xF5\xFB\xB5\xDF\xCC\xFE\x4E\xFF\xFE\xA9\xE6\xA7\x02\x30\x5B\x99\xD7\x85\x37\x06\xB5\x7B\x08\xFD\xEB\x27\x8B\x4A\x94\xF9\xE1\xFA\xA7\x8E\x26\x08\xE8\x7C\x92\x68\x6D\x73\xD8\x6F\x26\xAC\x21\x02\xB8\x99\xB7\x26\x41\x5B\x25\x60\xAE\xD0\x48\x1A\xEE\x06",
+	["CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN"] = "\x30\x82\x05\x8D\x30\x82\x03\x75\xA0\x03\x02\x01\x02\x02\x04\x18\x4A\xCC\xD6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x56\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x30\x30\x2E\x06\x03\x55\x04\x0A\x0C\x27\x43\x68\x69\x6E\x61\x20\x46\x69\x6E\x61\x6E\x63\x69\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x15\x30\x13\x06\x03\x55\x04\x03\x0C\x0C\x43\x46\x43\x41\x20\x45\x56\x20\x52\x4F\x4F\x54\x30\x1E\x17\x0D\x31\x32\x30\x38\x30\x38\x30\x33\x30\x37\x30\x31\x5A\x17\x0D\x32\x39\x31\x32\x33\x31\x30\x33\x30\x37\x30\x31\x5A\x30\x56\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x30\x30\x2E\x06\x03\x55\x04\x0A\x0C\x27\x43\x68\x69\x6E\x61\x20\x46\x69\x6E\x61\x6E\x63\x69\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x15\x30\x13\x06\x03\x55\x04\x03\x0C\x0C\x43\x46\x43\x41\x20\x45\x56\x20\x52\x4F\x4F\x54\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xD7\x5D\x6B\xCD\x10\x3F\x1F\x05\x59\xD5\x05\x4D\x37\xB1\x0E\xEC\x98\x2B\x8E\x15\x1D\xFA\x93\x4B\x17\x82\x21\x71\x10\x52\xD7\x51\x64\x70\x16\xC2\x55\x69\x4D\x8E\x15\x6D\x9F\xBF\x0C\x1B\xC2\xE0\xA3\x67\xD6\x0C\xAC\xCF\x22\xAE\xAF\x77\x54\x2A\x4B\x4C\x8A\x53\x52\x7A\xC3\xEE\x2E\xDE\xB3\x71\x25\xC1\xE9\x5D\x3D\xEE\xA1\x2F\xA3\xF7\x2A\x3C\xC9\x23\x1D\x6A\xAB\x1D\xA1\xA7\xF1\xF3\xEC\xA0\xD5\x44\xCF\x15\xCF\x72\x2F\x1D\x63\x97\xE8\x99\xF9\xFD\x93\xA4\x54\x80\x4C\x52\xD4\x52\xAB\x2E\x49\xDF\x90\xCD\xB8\x5F\xBE\x3F\xDE\xA1\xCA\x4D\x20\xD4\x25\xE8\x84\x29\x53\xB7\xB1\x88\x1F\xFF\xFA\xDA\x90\x9F\x0A\xA9\x2D\x41\x3F\xB1\xF1\x18\x29\xEE\x16\x59\x2C\x34\x49\x1A\xA8\x06\xD7\xA8\x88\xD2\x03\x72\x7A\x32\xE2\xEA\x68\x4D\x6E\x2C\x96\x65\x7B\xCA\x59\xFA\xF2\xE2\xDD\xEE\x30\x2C\xFB\xCC\x46\xAC\xC4\x63\xEB\x6F\x7F\x36\x2B\x34\x73\x12\x94\x7F\xDF\xCC\x26\x9E\xF1\x72\x5D\x50\x65\x59\x8F\x69\xB3\x87\x5E\x32\x6F\xC3\x18\x8A\xB5\x95\x8F\xB0\x7A\x37\xDE\x5A\x45\x3B\xC7\x36\xE1\xEF\x67\xD1\x39\xD3\x97\x5B\x73\x62\x19\x48\x2D\x87\x1C\x06\xFB\x74\x98\x20\x49\x73\xF0\x05\xD2\x1B\xB1\xA0\xA3\xB7\x1B\x70\xD3\x88\x69\xB9\x5A\xD6\x38\xF4\x62\xDC\x25\x8B\x78\xBF\xF8\xE8\x7E\xB8\x5C\xC9\x95\x4F\x5F\xA7\x2D\xB9\x20\x6B\xCF\x6B\xDD\xF5\x0D\xF4\x82\xB7\xF4\xB2\x66\x2E\x10\x28\xF6\x97\x5A\x7B\x96\x16\x8F\x01\x19\x2D\x6C\x6E\x7F\x39\x58\x06\x64\x83\x01\x83\x83\xC3\x4D\x92\xDD\x32\xC6\x87\xA4\x37\xE9\x16\xCE\xAA\x2D\x68\xAF\x0A\x81\x65\x3A\x70\xC1\x9B\xAD\x4D\x6D\x54\xCA\x2A\x2D\x4B\x85\x1B\xB3\x80\xE6\x70\x45\x0D\x6B\x5E\x35\xF0\x7F\x3B\xB8\x9C\xE4\x04\x70\x89\x12\x25\x93\xDA\x0A\x99\x22\x60\x6A\x63\x60\x4E\x76\x06\x98\x4E\xBD\x83\xAD\x1D\x58\x8A\x25\x85\xD2\xC7\x65\x1E\x2D\x8E\xC6\xDF\xB6\xC6\xE1\x7F\x8A\x04\x21\x15\x29\x74\xF0\x3E\x9C\x90\x9D\x0C\x2E\xF1\x8A\x3E\x5A\xAA\x0C\x09\x1E\xC7\xD5\x3C\xA3\xED\x97\xC3\x1E\x34\xFA\x38\xF9\x08\x0E\xE3\xC0\x5D\x2B\x83\xD1\x56\x6A\xC9\xB6\xA8\x54\x53\x2E\x78\x32\x67\x3D\x82\x7F\x74\xD0\xFB\xE1\xB6\x05\x60\xB9\x70\xDB\x8E\x0B\xF9\x13\x58\x6F\x71\x60\x10\x52\x10\xB9\xC1\x41\x09\xEF\x72\x1F\x67\x31\x78\xFF\x96\x05\x8D\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xE3\xFE\x2D\xFD\x28\xD0\x0B\xB5\xBA\xB6\xA2\xC4\xBF\x06\xAA\x05\x8C\x93\xFB\x2F\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE3\xFE\x2D\xFD\x28\xD0\x0B\xB5\xBA\xB6\xA2\xC4\xBF\x06\xAA\x05\x8C\x93\xFB\x2F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x25\xC6\xBA\x6B\xEB\x87\xCB\xDE\x82\x39\x96\x3D\xF0\x44\xA7\x6B\x84\x73\x03\xDE\x9D\x2B\x4F\xBA\x20\x7F\xBC\x78\xB2\xCF\x97\xB0\x1B\x9C\xF3\xD7\x79\x2E\xF5\x48\xB6\xD2\xFB\x17\x88\xE6\xD3\x7A\x3F\xED\x53\x13\xD0\xE2\x2F\x6A\x79\xCB\x00\x23\x28\xE6\x1E\x37\x57\x35\x89\x84\xC2\x76\x4F\x34\x36\xAD\x67\xC3\xCE\x41\x06\x88\xC5\xF7\xEE\xD8\x1A\xB8\xD6\x0B\x7F\x50\xFF\x93\xAA\x17\x4B\x8C\xEC\xED\x52\x60\xB2\xA4\x06\xEA\x4E\xEB\xF4\x6B\x19\xFD\xEB\xF5\x1A\xE0\x25\x2A\x9A\xDC\xC7\x41\x36\xF7\xC8\x74\x05\x84\x39\x95\x39\xD6\x0B\x3B\xA4\x27\xFA\x08\xD8\x5C\x1E\xF8\x04\x60\x52\x11\x28\x28\x03\xFF\xEF\x53\x66\x00\xA5\x4A\x34\x16\x66\x7C\xFD\x09\xA4\xAE\x9E\x67\x1A\x6F\x41\x0B\x6B\x06\x13\x9B\x8F\x86\x71\x05\xB4\x2F\x8D\x89\x66\x33\x29\x76\x54\x9A\x11\xF8\x27\xFA\xB2\x3F\x91\xE0\xCE\x0D\x1B\xF3\x30\x1A\xAD\xBF\x22\x5D\x1B\xD3\xBF\x25\x05\x4D\xE1\x92\x1A\x7F\x99\x9F\x3C\x44\x93\xCA\xD4\x40\x49\x6C\x80\x87\xD7\x04\x3A\xC3\x32\x52\x35\x0E\x56\xF8\xA5\xDD\x7D\xC4\x8B\x0D\x11\x1F\x53\xCB\x1E\xB2\x17\xB6\x68\x77\x5A\xE0\xD4\xCB\xC8\x07\xAE\xF5\x3A\x2E\x8E\x37\xB7\xD0\x01\x4B\x43\x29\x77\x8C\x39\x97\x8F\x82\x5A\xF8\x51\xE5\x89\xA0\x18\xE7\x68\x7F\x5D\x0A\x2E\xFB\xA3\x47\x0E\x3D\xA6\x23\x7A\xC6\x01\xC7\x8F\xC8\x5E\xBF\x6D\x80\x56\xBE\x8A\x24\xBA\x33\xEA\x9F\xE1\x32\x11\x9E\xF1\xD2\x4F\x80\xF6\x1B\x40\xAF\x38\x9E\x11\x50\x79\x73\x12\x12\xCD\xE6\x6C\x9D\x2C\x88\x72\x3C\x30\x81\x06\x91\x22\xEA\x59\xAD\xDA\x19\x2E\x22\xC2\x8D\xB9\x8C\x87\xE0\x66\xBC\x73\x23\x5F\x21\x64\x63\x80\x48\xF5\xA0\x3C\x18\x3D\x94\xC8\x48\x41\x1D\x40\xBA\x5E\xFE\xFE\x56\x39\xA1\xC8\xCF\x5E\x9E\x19\x64\x46\x10\xDA\x17\x91\xB7\x05\x80\xAC\x8B\x99\x92\x7D\xE7\xA2\xD8\x07\x0B\x36\x27\xE7\x48\x79\x60\x8A\xC3\xD7\x13\x5C\xF8\x72\x40\xDF\x4A\xCB\xCF\x99\x00\x0A\x00\x0B\x11\x95\xDA\x56\x45\x03\x88\x0A\x9F\x67\xD0\xD5\x79\xB1\xA8\x8D\x40\x6D\x0D\xC2\x7A\x40\xFA\xF3\x5F\x64\x47\x92\xCB\x53\xB9\xBB\x59\xCE\x4F\xFD\xD0\x15\x53\x01\xD8\xDF\xEB\xD9\xE6\x76\xEF\xD0\x23\xBB\x3B\xA9\x79\xB3\xD5\x02\x29\xCD\x89\xA3\x96\x0F\x4A\x35\xE7\x4E\x42\xC0\x75\xCD\x07\xCF\xE6\x2C\xEB\x7B\x2E",
 };
diff --git a/scripts/base/protocols/syslog/main.bro b/scripts/base/protocols/syslog/main.bro
index afe562c890..593c8ab9a2 100644
--- a/scripts/base/protocols/syslog/main.bro
+++ b/scripts/base/protocols/syslog/main.bro
@@ -35,7 +35,7 @@ redef likely_server_ports += { ports };
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Syslog::LOG, [$columns=Info]);
+	Log::create_stream(Syslog::LOG, [$columns=Info, $path="syslog"]);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, ports);
 	}
 
diff --git a/scripts/broxygen/__load__.bro b/scripts/broxygen/__load__.bro
index 8db4a7c1b8..3b78ba8619 100644
--- a/scripts/broxygen/__load__.bro
+++ b/scripts/broxygen/__load__.bro
@@ -5,6 +5,7 @@
 @load frameworks/communication/listen.bro
 @load frameworks/control/controllee.bro
 @load frameworks/control/controller.bro
+@load frameworks/files/extract-all-files.bro
 @load policy/misc/dump-events.bro
 
 @load ./example.bro
diff --git a/scripts/policy/frameworks/files/extract-all-files.bro b/scripts/policy/frameworks/files/extract-all-files.bro
new file mode 100644
index 0000000000..7bd7b300e9
--- /dev/null
+++ b/scripts/policy/frameworks/files/extract-all-files.bro
@@ -0,0 +1,8 @@
+##! Extract all files to disk.
+
+@load base/files/extract
+
+event file_new(f: fa_file)
+	{
+	Files::add_analyzer(f, Files::ANALYZER_EXTRACT);
+	}
diff --git a/scripts/policy/frameworks/intel/seen/pubkey-hashes.bro b/scripts/policy/frameworks/intel/seen/pubkey-hashes.bro
new file mode 100644
index 0000000000..5301ffb079
--- /dev/null
+++ b/scripts/policy/frameworks/intel/seen/pubkey-hashes.bro
@@ -0,0 +1,11 @@
+@load base/frameworks/intel
+@load ./where-locations
+
+event ssh_server_host_key(c: connection, hash: string)
+	{
+	local seen = Intel::Seen($indicator=hash,
+				 $indicator_type=Intel::PUBKEY_HASH,
+				 $conn=c,
+				 $where=SSH::IN_SERVER_HOST_KEY);
+	Intel::seen(seen);
+	}
diff --git a/scripts/policy/frameworks/intel/seen/ssl.bro b/scripts/policy/frameworks/intel/seen/ssl.bro
index 70c70f5b71..7bfbef4e9b 100644
--- a/scripts/policy/frameworks/intel/seen/ssl.bro
+++ b/scripts/policy/frameworks/intel/seen/ssl.bro
@@ -10,3 +10,16 @@ event ssl_extension_server_name(c: connection, is_orig: bool, names: string_vec)
 		             $conn=c,
 		             $where=SSL::IN_SERVER_NAME]);
 	}
+
+event ssl_established(c: connection)
+	{
+	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 ||
+	     ! c$ssl$cert_chain[0]?$x509 )
+		return;
+
+	if ( c$ssl$cert_chain[0]$x509?$certificate && c$ssl$cert_chain[0]$x509$certificate?$cn )
+		Intel::seen([$indicator=c$ssl$cert_chain[0]$x509$certificate$cn,
+			$indicator_type=Intel::DOMAIN,
+			$conn=c,
+			$where=X509::IN_CERT]);
+	}
diff --git a/scripts/policy/frameworks/intel/seen/where-locations.bro b/scripts/policy/frameworks/intel/seen/where-locations.bro
index b9b4325bc1..f286cc2ff7 100644
--- a/scripts/policy/frameworks/intel/seen/where-locations.bro
+++ b/scripts/policy/frameworks/intel/seen/where-locations.bro
@@ -21,6 +21,7 @@ export {
 		SMTP::IN_REPLY_TO,
 		SMTP::IN_X_ORIGINATING_IP_HEADER,
 		SMTP::IN_MESSAGE,
+		SSH::IN_SERVER_HOST_KEY,
 		SSL::IN_SERVER_NAME,
 		SMTP::IN_HEADER,
 		X509::IN_CERT,
diff --git a/scripts/policy/frameworks/intel/seen/x509.bro b/scripts/policy/frameworks/intel/seen/x509.bro
index 11e4d57f90..3a2859b6d5 100644
--- a/scripts/policy/frameworks/intel/seen/x509.bro
+++ b/scripts/policy/frameworks/intel/seen/x509.bro
@@ -2,6 +2,18 @@
 @load base/files/x509
 @load ./where-locations
 
+event x509_ext_subject_alternative_name(f: fa_file, ext: X509::SubjectAlternativeName)
+	{
+	if ( ext?$dns )
+		{
+		for ( i in ext$dns )
+			Intel::seen([$indicator=ext$dns[i],
+				$indicator_type=Intel::DOMAIN,
+				$f=f,
+				$where=X509::IN_CERT]);
+		}
+	}
+
 event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate)
 	{
 	if ( /emailAddress=/ in cert$subject )
diff --git a/scripts/policy/integration/barnyard2/main.bro b/scripts/policy/integration/barnyard2/main.bro
index 42364e8d76..10dd242049 100644
--- a/scripts/policy/integration/barnyard2/main.bro
+++ b/scripts/policy/integration/barnyard2/main.bro
@@ -23,7 +23,7 @@ export {
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Barnyard2::LOG, [$columns=Info]);
+	Log::create_stream(Barnyard2::LOG, [$columns=Info, $path="barnyard2"]);
 	}
 
 
diff --git a/scripts/policy/misc/app-stats/main.bro b/scripts/policy/misc/app-stats/main.bro
index 3a0219db6e..d80763c699 100644
--- a/scripts/policy/misc/app-stats/main.bro
+++ b/scripts/policy/misc/app-stats/main.bro
@@ -38,7 +38,7 @@ global add_sumstats: hook(id: conn_id, hostname: string, size: count);
 
 event bro_init() &priority=3
 	{
-	Log::create_stream(AppStats::LOG, [$columns=Info]);
+	Log::create_stream(AppStats::LOG, [$columns=Info, $path="app_stats"]);
 
 	local r1: SumStats::Reducer = [$stream="apps.bytes", $apply=set(SumStats::SUM)];
 	local r2: SumStats::Reducer = [$stream="apps.hits",  $apply=set(SumStats::UNIQUE)];
diff --git a/scripts/policy/misc/capture-loss.bro b/scripts/policy/misc/capture-loss.bro
index 089412020a..28f468a1c8 100644
--- a/scripts/policy/misc/capture-loss.bro
+++ b/scripts/policy/misc/capture-loss.bro
@@ -76,7 +76,7 @@ event CaptureLoss::take_measurement(last_ts: time, last_acks: count, last_gaps:
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(LOG, [$columns=Info]);
+	Log::create_stream(LOG, [$columns=Info, $path="capture_loss"]);
 
 	# We only schedule the event if we are capturing packets.
 	if ( reading_live_traffic() || reading_traces() )
diff --git a/scripts/policy/misc/detect-traceroute/main.bro b/scripts/policy/misc/detect-traceroute/main.bro
index 68151e209a..5cbb34e27e 100644
--- a/scripts/policy/misc/detect-traceroute/main.bro
+++ b/scripts/policy/misc/detect-traceroute/main.bro
@@ -55,7 +55,7 @@ export {
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Traceroute::LOG, [$columns=Info, $ev=log_traceroute]);
+	Log::create_stream(Traceroute::LOG, [$columns=Info, $ev=log_traceroute, $path="traceroute"]);
 
 	local r1: SumStats::Reducer = [$stream="traceroute.time_exceeded", $apply=set(SumStats::UNIQUE)];
 	local r2: SumStats::Reducer = [$stream="traceroute.low_ttl_packet", $apply=set(SumStats::SUM)];
diff --git a/scripts/policy/misc/known-devices.bro b/scripts/policy/misc/known-devices.bro
index 8378d589f8..2f1f81524f 100644
--- a/scripts/policy/misc/known-devices.bro
+++ b/scripts/policy/misc/known-devices.bro
@@ -38,5 +38,5 @@ export {
 
 event bro_init()
 	{
-	Log::create_stream(Known::DEVICES_LOG, [$columns=DevicesInfo, $ev=log_known_devices]);
+	Log::create_stream(Known::DEVICES_LOG, [$columns=DevicesInfo, $ev=log_known_devices, $path="known_devices"]);
 	}
diff --git a/scripts/policy/misc/loaded-scripts.bro b/scripts/policy/misc/loaded-scripts.bro
index bd6943e928..3b0b9e2429 100644
--- a/scripts/policy/misc/loaded-scripts.bro
+++ b/scripts/policy/misc/loaded-scripts.bro
@@ -30,7 +30,7 @@ const depth: table[count] of string = {
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(LoadedScripts::LOG, [$columns=Info]);
+	Log::create_stream(LoadedScripts::LOG, [$columns=Info, $path="loaded_scripts"]);
 	}
 
 event bro_script_loaded(path: string, level: count)
diff --git a/scripts/policy/misc/stats.bro b/scripts/policy/misc/stats.bro
index eb1ddb0202..215a3bb9de 100644
--- a/scripts/policy/misc/stats.bro
+++ b/scripts/policy/misc/stats.bro
@@ -39,6 +39,9 @@ export {
 		## Number of packets seen on the link since the last stats
 		## interval if reading live traffic.
 		pkts_link:     count     &log &optional;
+		## Number of bytes received since the last stats interval if
+		## reading live traffic.
+		bytes_recv:   count     &log &optional;
 	};
 
 	## Event to catch stats as they are written to the logging stream.
@@ -47,7 +50,7 @@ export {
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Stats::LOG, [$columns=Info, $ev=log_stats]);
+	Log::create_stream(Stats::LOG, [$columns=Info, $ev=log_stats, $path="stats"]);
 	}
 
 event check_stats(last_ts: time, last_ns: NetStats, last_res: bro_resources)
@@ -74,6 +77,7 @@ event check_stats(last_ts: time, last_ns: NetStats, last_res: bro_resources)
 		info$pkts_recv = ns$pkts_recvd - last_ns$pkts_recvd;
 		info$pkts_dropped = ns$pkts_dropped  - last_ns$pkts_dropped;
 		info$pkts_link = ns$pkts_link  - last_ns$pkts_link;
+		info$bytes_recv = ns$bytes_recvd  - last_ns$bytes_recvd;
 		}
 
 	Log::write(Stats::LOG, info);
diff --git a/scripts/policy/protocols/conn/known-hosts.bro b/scripts/policy/protocols/conn/known-hosts.bro
index e4fef85f87..a539885dd1 100644
--- a/scripts/policy/protocols/conn/known-hosts.bro
+++ b/scripts/policy/protocols/conn/known-hosts.bro
@@ -38,7 +38,7 @@ export {
 
 event bro_init()
 	{
-	Log::create_stream(Known::HOSTS_LOG, [$columns=HostsInfo, $ev=log_known_hosts]);
+	Log::create_stream(Known::HOSTS_LOG, [$columns=HostsInfo, $ev=log_known_hosts, $path="known_hosts"]);
 	}
 
 event connection_established(c: connection) &priority=5
diff --git a/scripts/policy/protocols/conn/known-services.bro b/scripts/policy/protocols/conn/known-services.bro
index 4e474f76a0..0c79db84f5 100644
--- a/scripts/policy/protocols/conn/known-services.bro
+++ b/scripts/policy/protocols/conn/known-services.bro
@@ -49,7 +49,8 @@ redef record connection += {
 event bro_init() &priority=5
 	{
 	Log::create_stream(Known::SERVICES_LOG, [$columns=ServicesInfo,
-	                                         $ev=log_known_services]);
+	                                         $ev=log_known_services,
+	                                         $path="known_services"]);
 	}
 	
 event log_it(ts: time, a: addr, p: port, services: set[string])
diff --git a/scripts/policy/protocols/http/header-names.bro b/scripts/policy/protocols/http/header-names.bro
index 5aefdad538..ed3f9380a7 100644
--- a/scripts/policy/protocols/http/header-names.bro
+++ b/scripts/policy/protocols/http/header-names.bro
@@ -26,20 +26,25 @@ export {
 
 event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=3
 	{
-	if ( ! is_orig || ! c?$http )
+	if ( ! c?$http )
 		return;
-	
-	if ( log_client_header_names )
+
+	if ( is_orig )
 		{
-		if ( ! c$http?$client_header_names )
-			c$http$client_header_names = vector();
-		c$http$client_header_names[|c$http$client_header_names|] = name;
+		if ( log_client_header_names )
+			{
+			if ( ! c$http?$client_header_names )
+				c$http$client_header_names = vector();
+			c$http$client_header_names[|c$http$client_header_names|] = name;
+			}
 		}
-		
-	if ( log_server_header_names )
+	else
 		{
-		if ( ! c$http?$server_header_names )
-			c$http$server_header_names = vector();
-		c$http$server_header_names[|c$http$server_header_names|] = name;
+		if ( log_server_header_names )
+			{
+			if ( ! c$http?$server_header_names )
+				c$http$server_header_names = vector();
+			c$http$server_header_names[|c$http$server_header_names|] = name;
+			}
 		}
 	}
diff --git a/scripts/policy/protocols/modbus/known-masters-slaves.bro b/scripts/policy/protocols/modbus/known-masters-slaves.bro
index 84ea7ea35a..a49e1f81e4 100644
--- a/scripts/policy/protocols/modbus/known-masters-slaves.bro
+++ b/scripts/policy/protocols/modbus/known-masters-slaves.bro
@@ -35,7 +35,7 @@ export {
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Known::MODBUS_LOG, [$columns=ModbusInfo, $ev=log_known_modbus]);
+	Log::create_stream(Known::MODBUS_LOG, [$columns=ModbusInfo, $ev=log_known_modbus, $path="known_modbus"]);
 	}
 
 event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool)
diff --git a/scripts/policy/protocols/modbus/track-memmap.bro b/scripts/policy/protocols/modbus/track-memmap.bro
index 7714ce7537..fedda25ea7 100644
--- a/scripts/policy/protocols/modbus/track-memmap.bro
+++ b/scripts/policy/protocols/modbus/track-memmap.bro
@@ -54,7 +54,7 @@ redef record Modbus::Info += {
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Modbus::REGISTER_CHANGE_LOG, [$columns=MemmapInfo]);
+	Log::create_stream(Modbus::REGISTER_CHANGE_LOG, [$columns=MemmapInfo, $path="modbus_register_change"]);
 	}
 
 event modbus_read_holding_registers_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
diff --git a/scripts/policy/protocols/rdp/indicate_ssl.bro b/scripts/policy/protocols/rdp/indicate_ssl.bro
new file mode 100644
index 0000000000..91be13d3ef
--- /dev/null
+++ b/scripts/policy/protocols/rdp/indicate_ssl.bro
@@ -0,0 +1,22 @@
+##! If an RDP session is "upgraded" to SSL, this will be indicated
+##! with this script in a new field added to the RDP log.
+
+@load base/protocols/rdp
+@load base/protocols/ssl
+
+module RDP;
+
+export {
+	redef record RDP::Info += {
+		## Flag the connection if it was seen over SSL.
+		ssl: bool &log &default=F;
+	};
+}
+
+event ssl_established(c: connection)
+	{
+	if ( c?$rdp )
+		{
+		c$rdp$ssl = T;
+		}
+	}
\ No newline at end of file
diff --git a/scripts/policy/protocols/ssh/detect-bruteforcing.bro b/scripts/policy/protocols/ssh/detect-bruteforcing.bro
index ba889cbf3c..55687e2afd 100644
--- a/scripts/policy/protocols/ssh/detect-bruteforcing.bro
+++ b/scripts/policy/protocols/ssh/detect-bruteforcing.bro
@@ -12,11 +12,11 @@ export {
 	redef enum Notice::Type += {
 		## Indicates that a host has been identified as crossing the
 		## :bro:id:`SSH::password_guesses_limit` threshold with
-		## heuristically determined failed logins.
+		## failed logins.
 		Password_Guessing,
 		## Indicates that a host previously identified as a "password
-		## guesser" has now had a heuristically successful login
-		## attempt.  This is not currently implemented.
+		## guesser" has now had a successful login
+		## attempt. This is not currently implemented.
 		Login_By_Password_Guesser,
 	};
 
@@ -34,8 +34,7 @@ export {
 	const guessing_timeout = 30 mins &redef;
 
 	## This value can be used to exclude hosts or entire networks from being
-	## tracked as potential "guessers".  There are cases where the success
-	## heuristic fails and this acts as the whitelist.  The index represents
+	## tracked as potential "guessers". The index represents
 	## client subnets and the yield value represents server subnets.
 	const ignore_guessers: table[subnet] of subnet &redef;
 }
@@ -70,7 +69,7 @@ event bro_init()
 	                  	}]);
 	}
 
-event SSH::heuristic_successful_login(c: connection)
+event ssh_auth_successful(c: connection, auth_method_none: bool)
 	{
 	local id = c$id;
 
@@ -79,7 +78,7 @@ event SSH::heuristic_successful_login(c: connection)
 	             $where=SSH::SUCCESSFUL_LOGIN]);
 	}
 
-event SSH::heuristic_failed_login(c: connection)
+event ssh_auth_failed(c: connection)
 	{
 	local id = c$id;
 
diff --git a/scripts/policy/protocols/ssh/geo-data.bro b/scripts/policy/protocols/ssh/geo-data.bro
index a5fed986ef..7235f24199 100644
--- a/scripts/policy/protocols/ssh/geo-data.bro
+++ b/scripts/policy/protocols/ssh/geo-data.bro
@@ -12,14 +12,14 @@ export {
 		## notice will be generated.
 		Watched_Country_Login,
 	};
-	
+
 	redef record Info += {
 		## Add geographic data related to the "remote" host of the
 		## connection.
 		remote_location: geo_location &log &optional;
 	};
-	
-	## The set of countries for which you'd like to generate notices upon 
+
+	## The set of countries for which you'd like to generate notices upon
 	## successful login.
 	const watched_countries: set[string] = {"RO"} &redef;
 }
@@ -30,23 +30,29 @@ function get_location(c: connection): geo_location
 	return lookup_location(lookup_ip);
 	}
 
-event SSH::heuristic_successful_login(c: connection) &priority=5
+event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3
 	{
+	if ( ! c$ssh?$direction )
+		return;
+
 	# Add the location data to the SSH record.
 	c$ssh$remote_location = get_location(c);
-	
+
 	if ( c$ssh$remote_location?$country_code && c$ssh$remote_location$country_code in watched_countries )
 		{
 		NOTICE([$note=Watched_Country_Login,
 		        $conn=c,
-		        $msg=fmt("SSH login %s watched country: %s", 
-		                 (c$ssh$direction == OUTBOUND) ? "to" : "from", 
+		        $msg=fmt("SSH login %s watched country: %s",
+		                 (c$ssh$direction == OUTBOUND) ? "to" : "from",
 		                 c$ssh$remote_location$country_code)]);
 		}
 	}
 
-event SSH::heuristic_failed_login(c: connection) &priority=5
+event ssh_auth_failed(c: connection) &priority=3
 	{
+	if ( ! c$ssh?$direction )
+		return;
+
 	# Add the location data to the SSH record.
 	c$ssh$remote_location = get_location(c);
 	}
diff --git a/scripts/policy/protocols/ssh/interesting-hostnames.bro b/scripts/policy/protocols/ssh/interesting-hostnames.bro
index f9b3636e62..af6f441646 100644
--- a/scripts/policy/protocols/ssh/interesting-hostnames.bro
+++ b/scripts/policy/protocols/ssh/interesting-hostnames.bro
@@ -27,7 +27,7 @@ export {
 			/^ftp[0-9]*\./  &redef;
 }
 
-event SSH::heuristic_successful_login(c: connection)
+event ssh_auth_successful(c: connection, auth_method_none: bool)
 	{
 	for ( host in set(c$id$orig_h, c$id$resp_h) )
 		{
diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.bro
index 298c665459..1f27521e46 100644
--- a/scripts/policy/protocols/ssl/known-certs.bro
+++ b/scripts/policy/protocols/ssl/known-certs.bro
@@ -43,7 +43,7 @@ export {
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(Known::CERTS_LOG, [$columns=CertsInfo, $ev=log_known_certs]);
+	Log::create_stream(Known::CERTS_LOG, [$columns=CertsInfo, $ev=log_known_certs, $path="known_certs"]);
 	}
 
 event ssl_established(c: connection) &priority=3
diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.bro
index 414f0d2a54..97072e4cab 100644
--- a/scripts/policy/protocols/ssl/validate-certs.bro
+++ b/scripts/policy/protocols/ssl/validate-certs.bro
@@ -1,4 +1,7 @@
 ##! Perform full certificate chain validation for SSL certificates.
+#
+# Also caches all intermediate certificates encountered so far and use them
+# for future validations.
 
 @load base/frameworks/notice
 @load base/protocols/ssl
@@ -12,19 +15,114 @@ export {
 		## invalid.
 		Invalid_Server_Cert
 	};
-	
+
 	redef record Info += {
 		## Result of certificate validation for this connection.
 		validation_status: string &log &optional;
 	};
-	
+
 	## MD5 hash values for recently validated chains along with the
-	## validation status message are kept in this table to avoid constant
+	## validation status are kept in this table to avoid constant
 	## validation every time the same certificate chain is seen.
-	global recently_validated_certs: table[string] of string = table() 
-		&read_expire=5mins &synchronized &redef;
+	global recently_validated_certs: table[string] of string = table()
+		&read_expire=5mins &redef;
+
+	## Use intermediate CA certificate caching when trying to validate
+	## certificates. When this is enabled, Bro keeps track of all valid
+	## intermediate CA certificates that it has seen in the past. When
+	## encountering a host certificate that cannot be validated because
+	## of missing intermediate CA certificate, the cached list is used
+	## to try to validate the cert. This is similar to how Firefox is
+	## doing certificate validation.
+	##
+	## Disabling this will usually greatly increase the number of validation warnings
+	## that you encounter. Only disable if you want to find misconfigured servers.
+	global ssl_cache_intermediate_ca: bool = T &redef;
+
+	## Event from a worker to the manager that it has encountered a new
+	## valid intermediate.
+	global intermediate_add: event(key: string, value: vector of opaque of x509);
+
+	## Event from the manager to the workers that a new intermediate chain
+	## is to be added.
+	global new_intermediate: event(key: string, value: vector of opaque of x509);
 }
 
+global intermediate_cache: table[string] of vector of opaque of x509;
+
+@if ( Cluster::is_enabled() )
+@load base/frameworks/cluster
+redef Cluster::manager2worker_events += /SSL::intermediate_add/;
+redef Cluster::worker2manager_events += /SSL::new_intermediate/;
+@endif
+
+
+function add_to_cache(key: string, value: vector of opaque of x509)
+	{
+	intermediate_cache[key] = value;
+@if ( Cluster::is_enabled() )
+	event SSL::new_intermediate(key, value);
+@endif
+	}
+
+@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
+event SSL::intermediate_add(key: string, value: vector of opaque of x509)
+	{
+	intermediate_cache[key] = value;
+	}
+@endif
+
+@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
+event SSL::new_intermediate(key: string, value: vector of opaque of x509)
+	{
+	if ( key in intermediate_cache )
+		return;
+
+	intermediate_cache[key] = value;
+	event SSL::intermediate_add(key, value);
+	}
+@endif
+
+function cache_validate(chain: vector of opaque of x509): string
+	{
+	local chain_hash: vector of string = vector();
+
+	for ( i in chain )
+		chain_hash[i] = sha1_hash(x509_get_certificate_string(chain[i]));
+
+	local chain_id = join_string_vec(chain_hash, ".");
+
+	# If we tried this certificate recently, just return the cached result.
+	if ( chain_id in recently_validated_certs )
+		return recently_validated_certs[chain_id];
+
+	local result = x509_verify(chain, root_certs);
+	recently_validated_certs[chain_id] = result$result_string;
+
+	# if we have a working chain where we did not store the intermediate certs
+	# in our cache yet - do so
+	if ( ssl_cache_intermediate_ca &&
+	     result$result_string == "ok" &&
+		   result?$chain_certs &&
+		   |result$chain_certs| > 2 )
+		{
+		local result_chain = result$chain_certs;
+		local icert = x509_parse(result_chain[1]);
+		if ( icert$subject !in intermediate_cache )
+			{
+			local cachechain: vector of opaque of x509;
+			for ( i in result_chain )
+				{
+				if ( i >=1 && i<=|result_chain|-2 )
+					cachechain[i-1] = result_chain[i];
+				}
+			add_to_cache(icert$subject, cachechain);
+			}
+		}
+
+	return result$result_string;
+	}
+
 event ssl_established(c: connection) &priority=3
 	{
 	# If there aren't any certs we can't very well do certificate validation.
@@ -32,8 +130,31 @@ event ssl_established(c: connection) &priority=3
 	     ! c$ssl$cert_chain[0]?$x509 )
 		return;
 
-	local chain_id = join_string_vec(c$ssl$cert_chain_fuids, ".");
+	local intermediate_chain: vector of opaque of x509 = vector();
+	local issuer = c$ssl$cert_chain[0]$x509$certificate$issuer;
+	local hash = c$ssl$cert_chain[0]$sha1;
+	local result: string;
 
+	# Look if we already have a working chain for the issuer of this cert.
+	# If yes, try this chain first instead of using the chain supplied from
+	# the server.
+	if ( ssl_cache_intermediate_ca && issuer in intermediate_cache )
+		{
+		intermediate_chain[0] = c$ssl$cert_chain[0]$x509$handle;
+		for ( i in intermediate_cache[issuer] )
+			intermediate_chain[i+1] = intermediate_cache[issuer][i];
+
+		result = cache_validate(intermediate_chain);
+		if ( result == "ok" )
+			{
+			c$ssl$validation_status = result;
+			return;
+			}
+		}
+
+	# Validation with known chains failed or there was no fitting intermediate
+	# in our store.
+	# Fall back to validating the certificate with the server-supplied chain.
 	local chain: vector of opaque of x509 = vector();
 	for ( i in c$ssl$cert_chain )
 		{
@@ -41,24 +162,14 @@ event ssl_established(c: connection) &priority=3
 			chain[i] = c$ssl$cert_chain[i]$x509$handle;
 		}
 
-	if ( chain_id in recently_validated_certs )
-		{
-		c$ssl$validation_status = recently_validated_certs[chain_id];
-		}
-	else
-		{
-		local result = x509_verify(chain, root_certs);
-		c$ssl$validation_status = result$result_string;
-		recently_validated_certs[chain_id] = result$result_string;
-		}
+	result = cache_validate(chain);
+	c$ssl$validation_status = result;
 
-	if ( c$ssl$validation_status != "ok" )
+	if ( result != "ok" )
 		{
 		local message = fmt("SSL certificate validation failed with (%s)", c$ssl$validation_status);
 		NOTICE([$note=Invalid_Server_Cert, $msg=message,
 		        $sub=c$ssl$subject, $conn=c,
-		        $identifier=cat(c$id$resp_h,c$id$resp_p,c$ssl$validation_status)]);
+		        $identifier=cat(c$id$resp_h,c$id$resp_p,hash,c$ssl$validation_status)]);
 		}
 	}
-
-
diff --git a/scripts/policy/protocols/ssl/validate-ocsp.bro b/scripts/policy/protocols/ssl/validate-ocsp.bro
index 01b6853226..3beabbe59c 100644
--- a/scripts/policy/protocols/ssl/validate-ocsp.bro
+++ b/scripts/policy/protocols/ssl/validate-ocsp.bro
@@ -34,9 +34,10 @@ event ssl_stapled_ocsp(c: connection, is_orig: bool, response: string) &priority
 
 event ssl_established(c: connection) &priority=3
 	{
-	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 || !c$ssl?$ocsp_response )
+	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 || ! c$ssl$cert_chain[0]?$x509 || !c$ssl?$ocsp_response )
 		return;
 
+	local hash = c$ssl$cert_chain[0]$sha1;
 	local chain: vector of opaque of x509 = vector();
 	for ( i in c$ssl$cert_chain )
 		{
diff --git a/scripts/policy/protocols/ssl/weak-keys.bro b/scripts/policy/protocols/ssl/weak-keys.bro
index 82cc3a2b5f..a8859b2e59 100644
--- a/scripts/policy/protocols/ssl/weak-keys.bro
+++ b/scripts/policy/protocols/ssl/weak-keys.bro
@@ -1,5 +1,5 @@
-##! Generate notices when SSL/TLS connections use certificates or DH parameters
-##! that have potentially unsafe key lengths.
+##! Generate notices when SSL/TLS connections use certificates, DH parameters,
+##! or cipher suites that are deemed to be insecure.
 
 @load base/protocols/ssl
 @load base/frameworks/notice
@@ -11,17 +11,20 @@ export {
 	redef enum Notice::Type += {
 		## Indicates that a server is using a potentially unsafe key.
 		Weak_Key,
+		## Indicates that a server is using a potentially unsafe version
+		Old_Version,
+		## Indicates that a server is using a potentially unsafe cipher
+		Weak_Cipher
 	};
 
-	## The category of hosts you would like to be notified about which have
-	## certificates that are going to be expiring soon.  By default, these
-	## notices will be suppressed by the notice framework for 1 day after a particular
-	## certificate has had a notice generated. Choices are: LOCAL_HOSTS, REMOTE_HOSTS,
-	## ALL_HOSTS, NO_HOSTS
+	## The category of hosts you would like to be notified about which are using weak
+	## keys/ciphers/protocol_versions.  By default, these notices will be suppressed
+	## by the notice framework for 1 day after a particular host has had a notice
+	## generated. Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS
 	const notify_weak_keys = LOCAL_HOSTS &redef;
 
 	## The minimal key length in bits that is considered to be safe. Any shorter
-	## (non-EC) key lengths will trigger the notice.
+	## (non-EC) key lengths will trigger a notice.
 	const notify_minimal_key_length = 2048 &redef;
 
 	## Warn if the DH key length is smaller than the certificate key length. This is
@@ -29,6 +32,17 @@ export {
 	## certificate key length. However, it is very common and cannot be avoided in some
 	## settings (e.g. with old jave clients).
 	const notify_dh_length_shorter_cert_length = T &redef;
+
+	## Warn if a server negotiates a SSL session with a protocol version smaller than
+	## the specified version. By default, the minimal version is TLSv10 because SSLv2
+	## and v3 have serious security issued.
+	## See https://tools.ietf.org/html/draft-thomson-sslv3-diediedie-00
+	## To disable, set to SSLv20
+	const tls_minimum_version = TLSv10 &redef;
+
+	## Warn if a server negotiates an unsafe cipher suite. By default, we only warn when
+	## encountering old export cipher suites, or RC4 (see RFC7465).
+	const unsafe_ciphers_regex = /(_EXPORT_)|(_RC4_)/ &redef;
 }
 
 # We check key lengths only for DSA or RSA certificates. For others, we do
@@ -43,6 +57,7 @@ event ssl_established(c: connection) &priority=3
 
 	local fuid = c$ssl$cert_chain_fuids[0];
 	local cert = c$ssl$cert_chain[0]$x509$certificate;
+	local hash = c$ssl$cert_chain[0]$sha1;
 
 	if ( !cert?$key_type || !cert?$key_length )
 		return;
@@ -56,7 +71,32 @@ event ssl_established(c: connection) &priority=3
 		NOTICE([$note=Weak_Key,
 			$msg=fmt("Host uses weak certificate with %d bit key", key_length),
 			$conn=c, $suppress_for=1day,
-			$identifier=cat(c$id$resp_h, c$id$resp_h, key_length)
+			$identifier=cat(c$id$resp_h, c$id$resp_h, hash, key_length)
+		]);
+	}
+
+# Check for old SSL versions and weak connection keys
+event ssl_server_hello(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count) &priority=3
+	{
+	if ( ! addr_matches_host(c$id$resp_h, notify_weak_keys) )
+		return;
+
+	if ( version < tls_minimum_version )
+		{
+		local minimum_string = version_strings[tls_minimum_version];
+		local host_string = version_strings[version];
+		NOTICE([$note=Old_Version,
+			$msg=fmt("Host uses protocol version %s which is lower than the safe minimum %s", host_string, minimum_string),
+			$conn=c, $suppress_for=1day,
+			$identifier=cat(c$id$resp_h, c$id$resp_h)
+		]);
+		}
+
+	if ( unsafe_ciphers_regex in c$ssl$cipher )
+		NOTICE([$note=Weak_Cipher,
+			$msg=fmt("Host established connection using unsafe ciper suite %s", c$ssl$cipher),
+			$conn=c, $suppress_for=1day,
+			$identifier=cat(c$id$resp_h, c$id$resp_h, c$ssl$cipher)
 		]);
 	}
 
diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro
index 0fb74f91cf..2ffdda8e6a 100644
--- a/scripts/test-all-policy.bro
+++ b/scripts/test-all-policy.bro
@@ -22,12 +22,14 @@
 @load frameworks/intel/seen/file-names.bro
 @load frameworks/intel/seen/http-headers.bro
 @load frameworks/intel/seen/http-url.bro
+@load frameworks/intel/seen/pubkey-hashes.bro
 @load frameworks/intel/seen/smtp-url-extraction.bro
 @load frameworks/intel/seen/smtp.bro
 @load frameworks/intel/seen/ssl.bro
 @load frameworks/intel/seen/where-locations.bro
 @load frameworks/intel/seen/x509.bro
 @load frameworks/files/detect-MHR.bro
+#@load frameworks/files/extract-all-files.bro
 @load frameworks/files/hash-all-files.bro
 @load frameworks/packet-filter/shunt.bro
 @load frameworks/software/version-changes.bro
@@ -77,6 +79,7 @@
 @load protocols/modbus/known-masters-slaves.bro
 @load protocols/modbus/track-memmap.bro
 @load protocols/mysql/software.bro
+@load protocols/rdp/indicate_ssl.bro
 @load protocols/smtp/blocklists.bro
 @load protocols/smtp/detect-suspicious-orig.bro
 @load protocols/smtp/entities-excerpt.bro
diff --git a/src/3rdparty b/src/3rdparty
index f2e34d731e..6a429e79bb 160000
--- a/src/3rdparty
+++ b/src/3rdparty
@@ -1 +1 @@
-Subproject commit f2e34d731ed29bb993fbb065846faa342a8c824f
+Subproject commit 6a429e79bbaf0fcc11eff5f639bfb9d1f62be6f2
diff --git a/src/Attr.cc b/src/Attr.cc
index fc8d3000d1..dad51c608e 100644
--- a/src/Attr.cc
+++ b/src/Attr.cc
@@ -76,11 +76,28 @@ void Attr::DescribeReST(ODesc* d) const
 			d->Add("`");
 			}
 
-		else
+		else if ( expr->Tag() == EXPR_CONST )
 			{
 			d->Add("``");
 			expr->Describe(d);
-			d-> Add("``");
+			d->Add("``");
+			}
+
+		else
+			{
+			d->Add("``");
+			Val* v = expr->Eval(0);
+			ODesc dd;
+			v->Describe(&dd);
+			Unref(v);
+			string s = dd.Description();
+
+			for ( size_t i = 0; i < s.size(); ++i )
+				if ( s[i] == '\n' )
+					s[i] = ' ';
+
+			d->Add(s);
+			d->Add("``");
 			}
 		}
 	}
diff --git a/src/BroString.cc b/src/BroString.cc
index 19f7a16566..086a7f8dde 100644
--- a/src/BroString.cc
+++ b/src/BroString.cc
@@ -194,22 +194,7 @@ char* BroString::Render(int format, int* len) const
 
 	for ( int i = 0; i < n; ++i )
 		{
-		if ( b[i] == '\0' && (format & ESC_NULL) )
-			{
-			*sp++ = '\\'; *sp++ = '0';
-			}
-
-		else if ( b[i] == '\x7f' && (format & ESC_DEL) )
-			{
-			*sp++ = '^'; *sp++ = '?';
-			}
-
-		else if ( b[i] <= 26 && (format & ESC_LOW) )
-			{
-			*sp++ = '^'; *sp++ = b[i] + 'A' - 1;
-			}
-
-		else if ( b[i] == '\\' && (format & ESC_ESC) )
+		if ( b[i] == '\\' && (format & ESC_ESC) )
 			{
 			*sp++ = '\\'; *sp++ = '\\';
 			}
diff --git a/src/BroString.h b/src/BroString.h
index d04e9768f2..9afd40e5d7 100644
--- a/src/BroString.h
+++ b/src/BroString.h
@@ -75,21 +75,17 @@ public:
 
 	enum render_style {
 		ESC_NONE = 0,
-
-		ESC_NULL = (1 << 0),	// 0 -> "\0"
-		ESC_DEL  = (1 << 1),	// DEL -> "^?"
-		ESC_LOW  = (1 << 2),	// values <= 26 mapped into "^[A-Z]"
-		ESC_ESC  = (1 << 3),	// '\' -> "\\"
-		ESC_QUOT = (1 << 4),	// '"' -> "\"", ''' -> "\'"
-		ESC_HEX  = (1 << 5),	// Not in [32, 126]? -> "%XX"
-		ESC_DOT  = (1 << 6),	// Not in [32, 126]? -> "."
+		ESC_ESC  = (1 << 1),	// '\' -> "\\"
+		ESC_QUOT = (1 << 2),	// '"' -> "\"", ''' -> "\'"
+		ESC_HEX  = (1 << 3),	// Not in [32, 126]? -> "\xXX"
+		ESC_DOT  = (1 << 4),	// Not in [32, 126]? -> "."
 
 		// For serialization: '<string len> <string>'
 		ESC_SER  = (1 << 7),
 	};
 
 	static const int EXPANDED_STRING =	// the original style
-		ESC_NULL | ESC_DEL | ESC_LOW | ESC_HEX;
+		ESC_HEX;
 
 	static const int BRO_STRING_LITERAL =	// as in a Bro string literal
 		ESC_ESC | ESC_QUOT | ESC_HEX;
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 6d24172b97..bdbd3839ce 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -161,6 +161,14 @@ add_subdirectory(iosource)
 add_subdirectory(logging)
 add_subdirectory(probabilistic)
 
+if ( ENABLE_BROKER )
+    add_subdirectory(broker)
+else ()
+    # Just to satisfy coverage unit tests until new Broker-based
+    # communication is enabled by default.
+    add_subdirectory(broker-dummy)
+endif ()
+
 set(bro_SUBDIRS
     # Order is important here.
     ${bro_PLUGIN_LIBS}
@@ -261,6 +269,7 @@ set(bro_SRCS
     ChunkedIO.cc
     CompHash.cc
     Conn.cc
+    ConvertUTF.c
     DFA.cc
     DbgBreakpoint.cc
     DbgHelp.cc
diff --git a/src/ChunkedIO.cc b/src/ChunkedIO.cc
index 722b209bcd..1e581806d6 100644
--- a/src/ChunkedIO.cc
+++ b/src/ChunkedIO.cc
@@ -137,20 +137,6 @@ bool ChunkedIOFd::Write(Chunk* chunk)
 		chunk->len, fmt_bytes(chunk->data, min((uint32)20, chunk->len)));
 #endif
 
-	// Reject if our queue of pending chunks is way too large. Otherwise,
-	// memory could fill up if the other side doesn't read.
-	if ( stats.pending > MAX_BUFFERED_CHUNKS )
-		{
-		DBG_LOG(DBG_CHUNKEDIO, "write queue full");
-
-#ifdef DEBUG_COMMUNICATION
-		AddToBuffer("<false:write-queue-full>", false);
-#endif
-
-		errno = ENOSPC;
-		return false;
-		}
-
 #ifdef DEBUG_COMMUNICATION
 	AddToBuffer(chunk, false);
 #endif
@@ -627,7 +613,7 @@ bool ChunkedIOFd::IsIdle()
 
 bool ChunkedIOFd::IsFillingUp()
 	{
-	return stats.pending > MAX_BUFFERED_CHUNKS_SOFT;
+	return stats.pending > chunked_io_buffer_soft_cap;
 	}
 
 iosource::FD_Set ChunkedIOFd::ExtraReadFDs() const
@@ -838,15 +824,6 @@ bool ChunkedIOSSL::Write(Chunk* chunk)
 		chunk->len, fmt_bytes(chunk->data, 20));
 #endif
 
-	// Reject if our queue of pending chunks is way too large. Otherwise,
-	// memory could fill up if the other side doesn't read.
-	if ( stats.pending > MAX_BUFFERED_CHUNKS )
-		{
-		DBG_LOG(DBG_CHUNKEDIO, "write queue full");
-		errno = ENOSPC;
-		return false;
-		}
-
 	// Queue it.
 	++stats.pending;
 	Queue* q = new Queue;
diff --git a/src/ChunkedIO.h b/src/ChunkedIO.h
index b590453a72..afb239b325 100644
--- a/src/ChunkedIO.h
+++ b/src/ChunkedIO.h
@@ -221,13 +221,6 @@ private:
 	// than BUFFER_SIZE.
 	static const uint32 FLAG_PARTIAL = 0x80000000;
 
-	// We report that we're filling up when there are more than this number
-	// of pending chunks.
-	static const uint32 MAX_BUFFERED_CHUNKS_SOFT = 400000;
-
-	// Maximum number of chunks we store in memory before rejecting writes.
-	static const uint32 MAX_BUFFERED_CHUNKS = 500000;
-
 	char* read_buffer;
 	uint32 read_len;
 	uint32 read_pos;
@@ -275,8 +268,6 @@ public:
 	virtual void Stats(char* buffer, int length);
 
 private:
-	// Maximum number of chunks we store in memory before rejecting writes.
-	static const uint32 MAX_BUFFERED_CHUNKS = 500000;
 
 	// Only returns true if all data has been read. If not, call
 	// it again with the same parameters as long as error is not
diff --git a/src/Conn.cc b/src/Conn.cc
index bc62902421..96e71ca52d 100644
--- a/src/Conn.cc
+++ b/src/Conn.cc
@@ -375,17 +375,15 @@ RecordVal* Connection::BuildConnVal()
 		conn_val->Assign(2, resp_endp);
 		// 3 and 4 are set below.
 		conn_val->Assign(5, new TableVal(string_set));	// service
-		conn_val->Assign(6, new StringVal(""));	// addl
-		conn_val->Assign(7, new Val(0, TYPE_COUNT));	// hot
-		conn_val->Assign(8, new StringVal(""));	// history
+		conn_val->Assign(6, new StringVal(""));	// history
 
 		if ( ! uid )
 			uid.Set(bits_per_uid);
 
-		conn_val->Assign(9, new StringVal(uid.Base62("C").c_str()));
+		conn_val->Assign(7, new StringVal(uid.Base62("C").c_str()));
 
 		if ( encapsulation && encapsulation->Depth() > 0 )
-			conn_val->Assign(10, encapsulation->GetVectorVal());
+			conn_val->Assign(8, encapsulation->GetVectorVal());
 		}
 
 	if ( root_analyzer )
@@ -393,7 +391,7 @@ RecordVal* Connection::BuildConnVal()
 
 	conn_val->Assign(3, new Val(start_time, TYPE_TIME));	// ###
 	conn_val->Assign(4, new Val(last_time - start_time, TYPE_INTERVAL));
-	conn_val->Assign(8, new StringVal(history.c_str()));
+	conn_val->Assign(6, new StringVal(history.c_str()));
 
 	conn_val->SetOrigin(this);
 
diff --git a/src/Conn.h b/src/Conn.h
index 966c77a9f8..20e60d2617 100644
--- a/src/Conn.h
+++ b/src/Conn.h
@@ -263,6 +263,9 @@ public:
 
 	void CheckFlowLabel(bool is_orig, uint32 flow_label);
 
+	uint32 GetOrigFlowLabel() { return orig_flow_label; }
+	uint32 GetRespFlowLabel() { return resp_flow_label; }
+
 protected:
 
 	Connection()	{ persistent = 0; }
diff --git a/src/ConvertUTF.c b/src/ConvertUTF.c
new file mode 100644
index 0000000000..1a213725e5
--- /dev/null
+++ b/src/ConvertUTF.c
@@ -0,0 +1,755 @@
+/*===--- ConvertUTF.c - Universal Character Names conversions ---------------===
+ *
+ *                     The LLVM Compiler Infrastructure
+ *
+ * This file is distributed under the University of Illinois Open Source
+ * License:
+ *
+ *    University of Illinois/NCSA
+ *    Open Source License
+ *
+ *    Copyright (c) 2003-2014 University of Illinois at Urbana-Champaign.
+ *    All rights reserved.
+ *
+ *    Developed by:
+ *
+ *        LLVM Team
+ *
+ *        University of Illinois at Urbana-Champaign
+ *
+ *        http://llvm.org
+ *
+ *    Permission is hereby granted, free of charge, to any person
+ *    obtaining a copy of this software and associated documentation
+ *    files (the "Software"), to deal with the Software without
+ *    restriction, including without limitation the rights to use,
+ *    copy, modify, merge, publish, distribute, sublicense, and/or
+ *    sell copies of the Software, and to permit persons to whom the
+ *    Software is furnished to do so, subject to the following
+ *    conditions:
+ *
+ *        * Redistributions of source code must retain the above
+ *          copyright notice, this list of conditions and the
+ *          following disclaimers.
+ *
+ *        * Redistributions in binary form must reproduce the
+ *          above copyright notice, this list of conditions and
+ *          the following disclaimers in the documentation and/or
+ *          other materials provided with the distribution.
+ *
+ *        * Neither the names of the LLVM Team, University of
+ *          Illinois at Urbana-Champaign, nor the names of its
+ *          contributors may be used to endorse or promote
+ *          products derived from this Software without specific
+ *          prior written permission.
+ *
+ *    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ *    EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ *    OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ *    NONINFRINGEMENT.  IN NO EVENT SHALL THE CONTRIBUTORS OR
+ *    COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ *    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ *    ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+ *    USE OR OTHER DEALINGS WITH THE SOFTWARE.
+ *
+ *===------------------------------------------------------------------------=*/
+/*
+ * Copyright 2001-2004 Unicode, Inc.
+ * 
+ * Disclaimer
+ * 
+ * This source code is provided as is by Unicode, Inc. No claims are
+ * made as to fitness for any particular purpose. No warranties of any
+ * kind are expressed or implied. The recipient agrees to determine
+ * applicability of information provided. If this file has been
+ * purchased on magnetic or optical media from Unicode, Inc., the
+ * sole remedy for any claim will be exchange of defective media
+ * within 90 days of receipt.
+ * 
+ * Limitations on Rights to Redistribute This Code
+ * 
+ * Unicode, Inc. hereby grants the right to freely use the information
+ * supplied in this file in the creation of products supporting the
+ * Unicode Standard, and to make copies of this file in any form
+ * for internal or external distribution as long as this notice
+ * remains attached.
+ */
+
+/* ---------------------------------------------------------------------
+
+    Conversions between UTF32, UTF-16, and UTF-8. Source code file.
+    Author: Mark E. Davis, 1994.
+    Rev History: Rick McGowan, fixes & updates May 2001.
+    Sept 2001: fixed const & error conditions per
+        mods suggested by S. Parent & A. Lillich.
+    June 2002: Tim Dodd added detection and handling of incomplete
+        source sequences, enhanced error detection, added casts
+        to eliminate compiler warnings.
+    July 2003: slight mods to back out aggressive FFFE detection.
+    Jan 2004: updated switches in from-UTF8 conversions.
+    Oct 2004: updated to use UNI_MAX_LEGAL_UTF32 in UTF-32 conversions.
+
+    See the header file "ConvertUTF.h" for complete documentation.
+
+------------------------------------------------------------------------ */
+
+
+#include "ConvertUTF.h"
+#ifdef CVTUTF_DEBUG
+#include <stdio.h>
+#endif
+#include <assert.h>
+
+static const int halfShift  = 10; /* used for shifting by 10 bits */
+
+static const UTF32 halfBase = 0x0010000UL;
+static const UTF32 halfMask = 0x3FFUL;
+
+#define UNI_SUR_HIGH_START  (UTF32)0xD800
+#define UNI_SUR_HIGH_END    (UTF32)0xDBFF
+#define UNI_SUR_LOW_START   (UTF32)0xDC00
+#define UNI_SUR_LOW_END     (UTF32)0xDFFF
+#define false      0
+#define true        1
+
+/* --------------------------------------------------------------------- */
+
+/*
+ * Index into the table below with the first byte of a UTF-8 sequence to
+ * get the number of trailing bytes that are supposed to follow it.
+ * Note that *legal* UTF-8 values can't have 4 or 5-bytes. The table is
+ * left as-is for anyone who may want to do such conversion, which was
+ * allowed in earlier algorithms.
+ */
+static const char trailingBytesForUTF8[256] = {
+    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+    1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
+    2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5
+};
+
+/*
+ * Magic values subtracted from a buffer value during UTF8 conversion.
+ * This table contains as many values as there might be trailing bytes
+ * in a UTF-8 sequence.
+ */
+static const UTF32 offsetsFromUTF8[6] = { 0x00000000UL, 0x00003080UL, 0x000E2080UL, 
+                     0x03C82080UL, 0xFA082080UL, 0x82082080UL };
+
+/*
+ * Once the bits are split out into bytes of UTF-8, this is a mask OR-ed
+ * into the first byte, depending on how many bytes follow.  There are
+ * as many entries in this table as there are UTF-8 sequence types.
+ * (I.e., one byte sequence, two byte... etc.). Remember that sequencs
+ * for *legal* UTF-8 will be 4 or fewer bytes total.
+ */
+static const UTF8 firstByteMark[7] = { 0x00, 0x00, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC };
+
+/* --------------------------------------------------------------------- */
+
+/* The interface converts a whole buffer to avoid function-call overhead.
+ * Constants have been gathered. Loops & conditionals have been removed as
+ * much as possible for efficiency, in favor of drop-through switches.
+ * (See "Note A" at the bottom of the file for equivalent code.)
+ * If your compiler supports it, the "isLegalUTF8" call can be turned
+ * into an inline function.
+ */
+
+
+/* --------------------------------------------------------------------- */
+
+ConversionResult ConvertUTF32toUTF16 (
+        const UTF32** sourceStart, const UTF32* sourceEnd, 
+        UTF16** targetStart, UTF16* targetEnd, ConversionFlags flags) {
+    ConversionResult result = conversionOK;
+    const UTF32* source = *sourceStart;
+    UTF16* target = *targetStart;
+    while (source < sourceEnd) {
+        UTF32 ch;
+        if (target >= targetEnd) {
+            result = targetExhausted; break;
+        }
+        ch = *source++;
+        if (ch <= UNI_MAX_BMP) { /* Target is a character <= 0xFFFF */
+            /* UTF-16 surrogate values are illegal in UTF-32; 0xffff or 0xfffe are both reserved values */
+            if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_LOW_END) {
+                if (flags == strictConversion) {
+                    --source; /* return to the illegal value itself */
+                    result = sourceIllegal;
+                    break;
+                } else {
+                    *target++ = UNI_REPLACEMENT_CHAR;
+                }
+            } else {
+                *target++ = (UTF16)ch; /* normal case */
+            }
+        } else if (ch > UNI_MAX_LEGAL_UTF32) {
+            if (flags == strictConversion) {
+                result = sourceIllegal;
+            } else {
+                *target++ = UNI_REPLACEMENT_CHAR;
+            }
+        } else {
+            /* target is a character in range 0xFFFF - 0x10FFFF. */
+            if (target + 1 >= targetEnd) {
+                --source; /* Back up source pointer! */
+                result = targetExhausted; break;
+            }
+            ch -= halfBase;
+            *target++ = (UTF16)((ch >> halfShift) + UNI_SUR_HIGH_START);
+            *target++ = (UTF16)((ch & halfMask) + UNI_SUR_LOW_START);
+        }
+    }
+    *sourceStart = source;
+    *targetStart = target;
+    return result;
+}
+
+/* --------------------------------------------------------------------- */
+
+ConversionResult ConvertUTF16toUTF32 (
+        const UTF16** sourceStart, const UTF16* sourceEnd, 
+        UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags) {
+    ConversionResult result = conversionOK;
+    const UTF16* source = *sourceStart;
+    UTF32* target = *targetStart;
+    UTF32 ch, ch2;
+    while (source < sourceEnd) {
+        const UTF16* oldSource = source; /*  In case we have to back up because of target overflow. */
+        ch = *source++;
+        /* If we have a surrogate pair, convert to UTF32 first. */
+        if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_HIGH_END) {
+            /* If the 16 bits following the high surrogate are in the source buffer... */
+            if (source < sourceEnd) {
+                ch2 = *source;
+                /* If it's a low surrogate, convert to UTF32. */
+                if (ch2 >= UNI_SUR_LOW_START && ch2 <= UNI_SUR_LOW_END) {
+                    ch = ((ch - UNI_SUR_HIGH_START) << halfShift)
+                        + (ch2 - UNI_SUR_LOW_START) + halfBase;
+                    ++source;
+                } else if (flags == strictConversion) { /* it's an unpaired high surrogate */
+                    --source; /* return to the illegal value itself */
+                    result = sourceIllegal;
+                    break;
+                }
+            } else { /* We don't have the 16 bits following the high surrogate. */
+                --source; /* return to the high surrogate */
+                result = sourceExhausted;
+                break;
+            }
+        } else if (flags == strictConversion) {
+            /* UTF-16 surrogate values are illegal in UTF-32 */
+            if (ch >= UNI_SUR_LOW_START && ch <= UNI_SUR_LOW_END) {
+                --source; /* return to the illegal value itself */
+                result = sourceIllegal;
+                break;
+            }
+        }
+        if (target >= targetEnd) {
+            source = oldSource; /* Back up source pointer! */
+            result = targetExhausted; break;
+        }
+        *target++ = ch;
+    }
+    *sourceStart = source;
+    *targetStart = target;
+#ifdef CVTUTF_DEBUG
+if (result == sourceIllegal) {
+    fprintf(stderr, "ConvertUTF16toUTF32 illegal seq 0x%04x,%04x\n", ch, ch2);
+    fflush(stderr);
+}
+#endif
+    return result;
+}
+ConversionResult ConvertUTF16toUTF8 (
+        const UTF16** sourceStart, const UTF16* sourceEnd, 
+        UTF8** targetStart, UTF8* targetEnd, ConversionFlags flags) {
+    ConversionResult result = conversionOK;
+    const UTF16* source = *sourceStart;
+    UTF8* target = *targetStart;
+    while (source < sourceEnd) {
+        UTF32 ch;
+        unsigned short bytesToWrite = 0;
+        const UTF32 byteMask = 0xBF;
+        const UTF32 byteMark = 0x80; 
+        const UTF16* oldSource = source; /* In case we have to back up because of target overflow. */
+        ch = *source++;
+        /* If we have a surrogate pair, convert to UTF32 first. */
+        if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_HIGH_END) {
+            /* If the 16 bits following the high surrogate are in the source buffer... */
+            if (source < sourceEnd) {
+                UTF32 ch2 = *source;
+                /* If it's a low surrogate, convert to UTF32. */
+                if (ch2 >= UNI_SUR_LOW_START && ch2 <= UNI_SUR_LOW_END) {
+                    ch = ((ch - UNI_SUR_HIGH_START) << halfShift)
+                        + (ch2 - UNI_SUR_LOW_START) + halfBase;
+                    ++source;
+                } else if (flags == strictConversion) { /* it's an unpaired high surrogate */
+                    --source; /* return to the illegal value itself */
+                    result = sourceIllegal;
+                    break;
+                }
+            } else { /* We don't have the 16 bits following the high surrogate. */
+                --source; /* return to the high surrogate */
+                result = sourceExhausted;
+                break;
+            }
+        } else if (flags == strictConversion) {
+            /* UTF-16 surrogate values are illegal in UTF-32 */
+            if (ch >= UNI_SUR_LOW_START && ch <= UNI_SUR_LOW_END) {
+                --source; /* return to the illegal value itself */
+                result = sourceIllegal;
+                break;
+            }
+        }
+        /* Figure out how many bytes the result will require */
+        if (ch < (UTF32)0x80) {      bytesToWrite = 1;
+        } else if (ch < (UTF32)0x800) {     bytesToWrite = 2;
+        } else if (ch < (UTF32)0x10000) {   bytesToWrite = 3;
+        } else if (ch < (UTF32)0x110000) {  bytesToWrite = 4;
+        } else {                            bytesToWrite = 3;
+                                            ch = UNI_REPLACEMENT_CHAR;
+        }
+
+        target += bytesToWrite;
+        if (target > targetEnd) {
+            source = oldSource; /* Back up source pointer! */
+            target -= bytesToWrite; result = targetExhausted; break;
+        }
+        switch (bytesToWrite) { /* note: everything falls through. */
+            case 4: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6;
+            case 3: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6;
+            case 2: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6;
+            case 1: *--target =  (UTF8)(ch | firstByteMark[bytesToWrite]);
+        }
+        target += bytesToWrite;
+    }
+    *sourceStart = source;
+    *targetStart = target;
+    return result;
+}
+
+/* --------------------------------------------------------------------- */
+
+ConversionResult ConvertUTF32toUTF8 (
+        const UTF32** sourceStart, const UTF32* sourceEnd, 
+        UTF8** targetStart, UTF8* targetEnd, ConversionFlags flags) {
+    ConversionResult result = conversionOK;
+    const UTF32* source = *sourceStart;
+    UTF8* target = *targetStart;
+    while (source < sourceEnd) {
+        UTF32 ch;
+        unsigned short bytesToWrite = 0;
+        const UTF32 byteMask = 0xBF;
+        const UTF32 byteMark = 0x80; 
+        ch = *source++;
+        if (flags == strictConversion ) {
+            /* UTF-16 surrogate values are illegal in UTF-32 */
+            if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_LOW_END) {
+                --source; /* return to the illegal value itself */
+                result = sourceIllegal;
+                break;
+            }
+        }
+        /*
+         * Figure out how many bytes the result will require. Turn any
+         * illegally large UTF32 things (> Plane 17) into replacement chars.
+         */
+        if (ch < (UTF32)0x80) {      bytesToWrite = 1;
+        } else if (ch < (UTF32)0x800) {     bytesToWrite = 2;
+        } else if (ch < (UTF32)0x10000) {   bytesToWrite = 3;
+        } else if (ch <= UNI_MAX_LEGAL_UTF32) {  bytesToWrite = 4;
+        } else {                            bytesToWrite = 3;
+                                            ch = UNI_REPLACEMENT_CHAR;
+                                            result = sourceIllegal;
+        }
+        
+        target += bytesToWrite;
+        if (target > targetEnd) {
+            --source; /* Back up source pointer! */
+            target -= bytesToWrite; result = targetExhausted; break;
+        }
+        switch (bytesToWrite) { /* note: everything falls through. */
+            case 4: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6;
+            case 3: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6;
+            case 2: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6;
+            case 1: *--target = (UTF8) (ch | firstByteMark[bytesToWrite]);
+        }
+        target += bytesToWrite;
+    }
+    *sourceStart = source;
+    *targetStart = target;
+    return result;
+}
+
+/* --------------------------------------------------------------------- */
+
+/*
+ * Utility routine to tell whether a sequence of bytes is legal UTF-8.
+ * This must be called with the length pre-determined by the first byte.
+ * If not calling this from ConvertUTF8to*, then the length can be set by:
+ *  length = trailingBytesForUTF8[*source]+1;
+ * and the sequence is illegal right away if there aren't that many bytes
+ * available.
+ * If presented with a length > 4, this returns false.  The Unicode
+ * definition of UTF-8 goes up to 4-byte sequences.
+ */
+
+static Boolean isLegalUTF8(const UTF8 *source, int length) {
+    UTF8 a;
+    const UTF8 *srcptr = source+length;
+    switch (length) {
+    default: return false;
+        /* Everything else falls through when "true"... */
+    case 4: if ((a = (*--srcptr)) < 0x80 || a > 0xBF) return false;
+    case 3: if ((a = (*--srcptr)) < 0x80 || a > 0xBF) return false;
+    case 2: if ((a = (*--srcptr)) < 0x80 || a > 0xBF) return false;
+
+        switch (*source) {
+            /* no fall-through in this inner switch */
+            case 0xE0: if (a < 0xA0) return false; break;
+            case 0xED: if (a > 0x9F) return false; break;
+            case 0xF0: if (a < 0x90) return false; break;
+            case 0xF4: if (a > 0x8F) return false; break;
+            default:   if (a < 0x80) return false;
+        }
+
+    case 1: if (*source >= 0x80 && *source < 0xC2) return false;
+    }
+    if (*source > 0xF4) return false;
+    return true;
+}
+
+/* --------------------------------------------------------------------- */
+
+/*
+ * Exported function to return whether a UTF-8 sequence is legal or not.
+ * This is not used here; it's just exported.
+ */
+Boolean isLegalUTF8Sequence(const UTF8 *source, const UTF8 *sourceEnd) {
+    int length = trailingBytesForUTF8[*source]+1;
+    if (length > sourceEnd - source) {
+        return false;
+    }
+    return isLegalUTF8(source, length);
+}
+
+/* --------------------------------------------------------------------- */
+
+static unsigned
+findMaximalSubpartOfIllFormedUTF8Sequence(const UTF8 *source,
+                                          const UTF8 *sourceEnd) {
+  UTF8 b1, b2, b3;
+
+  assert(!isLegalUTF8Sequence(source, sourceEnd));
+
+  /*
+   * Unicode 6.3.0, D93b:
+   *
+   *   Maximal subpart of an ill-formed subsequence: The longest code unit
+   *   subsequence starting at an unconvertible offset that is either:
+   *   a. the initial subsequence of a well-formed code unit sequence, or
+   *   b. a subsequence of length one.
+   */
+
+  if (source == sourceEnd)
+    return 0;
+
+  /*
+   * Perform case analysis.  See Unicode 6.3.0, Table 3-7. Well-Formed UTF-8
+   * Byte Sequences.
+   */
+
+  b1 = *source;
+  ++source;
+  if (b1 >= 0xC2 && b1 <= 0xDF) {
+    /*
+     * First byte is valid, but we know that this code unit sequence is
+     * invalid, so the maximal subpart has to end after the first byte.
+     */
+    return 1;
+  }
+
+  if (source == sourceEnd)
+    return 1;
+
+  b2 = *source;
+  ++source;
+
+  if (b1 == 0xE0) {
+    return (b2 >= 0xA0 && b2 <= 0xBF) ? 2 : 1;
+  }
+  if (b1 >= 0xE1 && b1 <= 0xEC) {
+    return (b2 >= 0x80 && b2 <= 0xBF) ? 2 : 1;
+  }
+  if (b1 == 0xED) {
+    return (b2 >= 0x80 && b2 <= 0x9F) ? 2 : 1;
+  }
+  if (b1 >= 0xEE && b1 <= 0xEF) {
+    return (b2 >= 0x80 && b2 <= 0xBF) ? 2 : 1;
+  }
+  if (b1 == 0xF0) {
+    if (b2 >= 0x90 && b2 <= 0xBF) {
+      if (source == sourceEnd)
+        return 2;
+
+      b3 = *source;
+      return (b3 >= 0x80 && b3 <= 0xBF) ? 3 : 2;
+    }
+    return 1;
+  }
+  if (b1 >= 0xF1 && b1 <= 0xF3) {
+    if (b2 >= 0x80 && b2 <= 0xBF) {
+      if (source == sourceEnd)
+        return 2;
+
+      b3 = *source;
+      return (b3 >= 0x80 && b3 <= 0xBF) ? 3 : 2;
+    }
+    return 1;
+  }
+  if (b1 == 0xF4) {
+    if (b2 >= 0x80 && b2 <= 0x8F) {
+      if (source == sourceEnd)
+        return 2;
+
+      b3 = *source;
+      return (b3 >= 0x80 && b3 <= 0xBF) ? 3 : 2;
+    }
+    return 1;
+  }
+
+  assert((b1 >= 0x80 && b1 <= 0xC1) || b1 >= 0xF5);
+  /*
+   * There are no valid sequences that start with these bytes.  Maximal subpart
+   * is defined to have length 1 in these cases.
+   */
+  return 1;
+}
+
+/* --------------------------------------------------------------------- */
+
+/*
+ * Exported function to return the total number of bytes in a codepoint
+ * represented in UTF-8, given the value of the first byte.
+ */
+unsigned getNumBytesForUTF8(UTF8 first) {
+  return trailingBytesForUTF8[first] + 1;
+}
+
+/* --------------------------------------------------------------------- */
+
+/*
+ * Exported function to return whether a UTF-8 string is legal or not.
+ * This is not used here; it's just exported.
+ */
+Boolean isLegalUTF8String(const UTF8 **source, const UTF8 *sourceEnd) {
+    while (*source != sourceEnd) {
+        int length = trailingBytesForUTF8[**source] + 1;
+        if (length > sourceEnd - *source || !isLegalUTF8(*source, length))
+            return false;
+        *source += length;
+    }
+    return true;
+}
+
+/* --------------------------------------------------------------------- */
+
+ConversionResult ConvertUTF8toUTF16 (
+        const UTF8** sourceStart, const UTF8* sourceEnd, 
+        UTF16** targetStart, UTF16* targetEnd, ConversionFlags flags) {
+    ConversionResult result = conversionOK;
+    const UTF8* source = *sourceStart;
+    UTF16* target = *targetStart;
+    while (source < sourceEnd) {
+        UTF32 ch = 0;
+        unsigned short extraBytesToRead = trailingBytesForUTF8[*source];
+        if (extraBytesToRead >= sourceEnd - source) {
+            result = sourceExhausted; break;
+        }
+        /* Do this check whether lenient or strict */
+        if (!isLegalUTF8(source, extraBytesToRead+1)) {
+            result = sourceIllegal;
+            break;
+        }
+        /*
+         * The cases all fall through. See "Note A" below.
+         */
+        switch (extraBytesToRead) {
+            case 5: ch += *source++; ch <<= 6; /* remember, illegal UTF-8 */
+            case 4: ch += *source++; ch <<= 6; /* remember, illegal UTF-8 */
+            case 3: ch += *source++; ch <<= 6;
+            case 2: ch += *source++; ch <<= 6;
+            case 1: ch += *source++; ch <<= 6;
+            case 0: ch += *source++;
+        }
+        ch -= offsetsFromUTF8[extraBytesToRead];
+
+        if (target >= targetEnd) {
+            source -= (extraBytesToRead+1); /* Back up source pointer! */
+            result = targetExhausted; break;
+        }
+        if (ch <= UNI_MAX_BMP) { /* Target is a character <= 0xFFFF */
+            /* UTF-16 surrogate values are illegal in UTF-32 */
+            if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_LOW_END) {
+                if (flags == strictConversion) {
+                    source -= (extraBytesToRead+1); /* return to the illegal value itself */
+                    result = sourceIllegal;
+                    break;
+                } else {
+                    *target++ = UNI_REPLACEMENT_CHAR;
+                }
+            } else {
+                *target++ = (UTF16)ch; /* normal case */
+            }
+        } else if (ch > UNI_MAX_UTF16) {
+            if (flags == strictConversion) {
+                result = sourceIllegal;
+                source -= (extraBytesToRead+1); /* return to the start */
+                break; /* Bail out; shouldn't continue */
+            } else {
+                *target++ = UNI_REPLACEMENT_CHAR;
+            }
+        } else {
+            /* target is a character in range 0xFFFF - 0x10FFFF. */
+            if (target + 1 >= targetEnd) {
+                source -= (extraBytesToRead+1); /* Back up source pointer! */
+                result = targetExhausted; break;
+            }
+            ch -= halfBase;
+            *target++ = (UTF16)((ch >> halfShift) + UNI_SUR_HIGH_START);
+            *target++ = (UTF16)((ch & halfMask) + UNI_SUR_LOW_START);
+        }
+    }
+    *sourceStart = source;
+    *targetStart = target;
+    return result;
+}
+
+/* --------------------------------------------------------------------- */
+
+static ConversionResult ConvertUTF8toUTF32Impl(
+        const UTF8** sourceStart, const UTF8* sourceEnd, 
+        UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags,
+        Boolean InputIsPartial) {
+    ConversionResult result = conversionOK;
+    const UTF8* source = *sourceStart;
+    UTF32* target = *targetStart;
+    while (source < sourceEnd) {
+        UTF32 ch = 0;
+        unsigned short extraBytesToRead = trailingBytesForUTF8[*source];
+        if (extraBytesToRead >= sourceEnd - source) {
+            if (flags == strictConversion || InputIsPartial) {
+                result = sourceExhausted;
+                break;
+            } else {
+                result = sourceIllegal;
+
+                /*
+                 * Replace the maximal subpart of ill-formed sequence with
+                 * replacement character.
+                 */
+                source += findMaximalSubpartOfIllFormedUTF8Sequence(source,
+                                                                    sourceEnd);
+                *target++ = UNI_REPLACEMENT_CHAR;
+                continue;
+            }
+        }
+        if (target >= targetEnd) {
+            result = targetExhausted; break;
+        }
+
+        /* Do this check whether lenient or strict */
+        if (!isLegalUTF8(source, extraBytesToRead+1)) {
+            result = sourceIllegal;
+            if (flags == strictConversion) {
+                /* Abort conversion. */
+                break;
+            } else {
+                /*
+                 * Replace the maximal subpart of ill-formed sequence with
+                 * replacement character.
+                 */
+                source += findMaximalSubpartOfIllFormedUTF8Sequence(source,
+                                                                    sourceEnd);
+                *target++ = UNI_REPLACEMENT_CHAR;
+                continue;
+            }
+        }
+        /*
+         * The cases all fall through. See "Note A" below.
+         */
+        switch (extraBytesToRead) {
+            case 5: ch += *source++; ch <<= 6;
+            case 4: ch += *source++; ch <<= 6;
+            case 3: ch += *source++; ch <<= 6;
+            case 2: ch += *source++; ch <<= 6;
+            case 1: ch += *source++; ch <<= 6;
+            case 0: ch += *source++;
+        }
+        ch -= offsetsFromUTF8[extraBytesToRead];
+
+        if (ch <= UNI_MAX_LEGAL_UTF32) {
+            /*
+             * UTF-16 surrogate values are illegal in UTF-32, and anything
+             * over Plane 17 (> 0x10FFFF) is illegal.
+             */
+            if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_LOW_END) {
+                if (flags == strictConversion) {
+                    source -= (extraBytesToRead+1); /* return to the illegal value itself */
+                    result = sourceIllegal;
+                    break;
+                } else {
+                    *target++ = UNI_REPLACEMENT_CHAR;
+                }
+            } else {
+                *target++ = ch;
+            }
+        } else { /* i.e., ch > UNI_MAX_LEGAL_UTF32 */
+            result = sourceIllegal;
+            *target++ = UNI_REPLACEMENT_CHAR;
+        }
+    }
+    *sourceStart = source;
+    *targetStart = target;
+    return result;
+}
+
+ConversionResult ConvertUTF8toUTF32Partial(const UTF8 **sourceStart,
+                                           const UTF8 *sourceEnd,
+                                           UTF32 **targetStart,
+                                           UTF32 *targetEnd,
+                                           ConversionFlags flags) {
+  return ConvertUTF8toUTF32Impl(sourceStart, sourceEnd, targetStart, targetEnd,
+                                flags, /*InputIsPartial=*/true);
+}
+
+ConversionResult ConvertUTF8toUTF32(const UTF8 **sourceStart,
+                                    const UTF8 *sourceEnd, UTF32 **targetStart,
+                                    UTF32 *targetEnd, ConversionFlags flags) {
+  return ConvertUTF8toUTF32Impl(sourceStart, sourceEnd, targetStart, targetEnd,
+                                flags, /*InputIsPartial=*/false);
+}
+
+/* ---------------------------------------------------------------------
+
+    Note A.
+    The fall-through switches in UTF-8 reading code save a
+    temp variable, some decrements & conditionals.  The switches
+    are equivalent to the following loop:
+        {
+            int tmpBytesToRead = extraBytesToRead+1;
+            do {
+                ch += *source++;
+                --tmpBytesToRead;
+                if (tmpBytesToRead) ch <<= 6;
+            } while (tmpBytesToRead > 0);
+        }
+    In UTF-8 writing code, the switches on "bytesToWrite" are
+    similarly unrolled loops.
+
+   --------------------------------------------------------------------- */
diff --git a/src/ConvertUTF.h b/src/ConvertUTF.h
new file mode 100644
index 0000000000..9be51e57f1
--- /dev/null
+++ b/src/ConvertUTF.h
@@ -0,0 +1,230 @@
+/*===--- ConvertUTF.h - Universal Character Names conversions ---------------===
+ *
+ *                     The LLVM Compiler Infrastructure
+ *
+ * This file is distributed under the University of Illinois Open Source
+ * License:
+ *
+ *    University of Illinois/NCSA
+ *    Open Source License
+ *
+ *    Copyright (c) 2003-2014 University of Illinois at Urbana-Champaign.
+ *    All rights reserved.
+ *
+ *    Developed by:
+ *
+ *        LLVM Team
+ *
+ *        University of Illinois at Urbana-Champaign
+ *
+ *        http://llvm.org
+ *
+ *    Permission is hereby granted, free of charge, to any person
+ *    obtaining a copy of this software and associated documentation
+ *    files (the "Software"), to deal with the Software without
+ *    restriction, including without limitation the rights to use,
+ *    copy, modify, merge, publish, distribute, sublicense, and/or
+ *    sell copies of the Software, and to permit persons to whom the
+ *    Software is furnished to do so, subject to the following
+ *    conditions:
+ *
+ *        * Redistributions of source code must retain the above
+ *          copyright notice, this list of conditions and the
+ *          following disclaimers.
+ *
+ *        * Redistributions in binary form must reproduce the
+ *          above copyright notice, this list of conditions and
+ *          the following disclaimers in the documentation and/or
+ *          other materials provided with the distribution.
+ *
+ *        * Neither the names of the LLVM Team, University of
+ *          Illinois at Urbana-Champaign, nor the names of its
+ *          contributors may be used to endorse or promote
+ *          products derived from this Software without specific
+ *          prior written permission.
+ *
+ *    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ *    EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ *    OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ *    NONINFRINGEMENT.  IN NO EVENT SHALL THE CONTRIBUTORS OR
+ *    COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ *    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ *    ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+ *    USE OR OTHER DEALINGS WITH THE SOFTWARE.
+ *
+ *==------------------------------------------------------------------------==*/
+/*
+ * Copyright 2001-2004 Unicode, Inc.
+ *
+ * Disclaimer
+ *
+ * This source code is provided as is by Unicode, Inc. No claims are
+ * made as to fitness for any particular purpose. No warranties of any
+ * kind are expressed or implied. The recipient agrees to determine
+ * applicability of information provided. If this file has been
+ * purchased on magnetic or optical media from Unicode, Inc., the
+ * sole remedy for any claim will be exchange of defective media
+ * within 90 days of receipt.
+ *
+ * Limitations on Rights to Redistribute This Code
+ *
+ * Unicode, Inc. hereby grants the right to freely use the information
+ * supplied in this file in the creation of products supporting the
+ * Unicode Standard, and to make copies of this file in any form
+ * for internal or external distribution as long as this notice
+ * remains attached.
+ */
+
+/* ---------------------------------------------------------------------
+
+    Conversions between UTF32, UTF-16, and UTF-8.  Header file.
+
+    Several funtions are included here, forming a complete set of
+    conversions between the three formats.  UTF-7 is not included
+    here, but is handled in a separate source file.
+
+    Each of these routines takes pointers to input buffers and output
+    buffers.  The input buffers are const.
+
+    Each routine converts the text between *sourceStart and sourceEnd,
+    putting the result into the buffer between *targetStart and
+    targetEnd. Note: the end pointers are *after* the last item: e.g.
+    *(sourceEnd - 1) is the last item.
+
+    The return result indicates whether the conversion was successful,
+    and if not, whether the problem was in the source or target buffers.
+    (Only the first encountered problem is indicated.)
+
+    After the conversion, *sourceStart and *targetStart are both
+    updated to point to the end of last text successfully converted in
+    the respective buffers.
+
+    Input parameters:
+        sourceStart - pointer to a pointer to the source buffer.
+                The contents of this are modified on return so that
+                it points at the next thing to be converted.
+        targetStart - similarly, pointer to pointer to the target buffer.
+        sourceEnd, targetEnd - respectively pointers to the ends of the
+                two buffers, for overflow checking only.
+
+    These conversion functions take a ConversionFlags argument. When this
+    flag is set to strict, both irregular sequences and isolated surrogates
+    will cause an error.  When the flag is set to lenient, both irregular
+    sequences and isolated surrogates are converted.
+
+    Whether the flag is strict or lenient, all illegal sequences will cause
+    an error return. This includes sequences such as: <F4 90 80 80>, <C0 80>,
+    or <A0> in UTF-8, and values above 0x10FFFF in UTF-32. Conformant code
+    must check for illegal sequences.
+
+    When the flag is set to lenient, characters over 0x10FFFF are converted
+    to the replacement character; otherwise (when the flag is set to strict)
+    they constitute an error.
+
+    Output parameters:
+        The value "sourceIllegal" is returned from some routines if the input
+        sequence is malformed.  When "sourceIllegal" is returned, the source
+        value will point to the illegal value that caused the problem. E.g.,
+        in UTF-8 when a sequence is malformed, it points to the start of the
+        malformed sequence.
+
+    Author: Mark E. Davis, 1994.
+    Rev History: Rick McGowan, fixes & updates May 2001.
+         Fixes & updates, Sept 2001.
+
+------------------------------------------------------------------------ */
+
+#ifndef LLVM_SUPPORT_CONVERTUTF_H
+#define LLVM_SUPPORT_CONVERTUTF_H
+
+/* ---------------------------------------------------------------------
+    The following 4 definitions are compiler-specific.
+    The C standard does not guarantee that wchar_t has at least
+    16 bits, so wchar_t is no less portable than unsigned short!
+    All should be unsigned values to avoid sign extension during
+    bit mask & shift operations.
+------------------------------------------------------------------------ */
+
+typedef unsigned int    UTF32;  /* at least 32 bits */
+typedef unsigned short  UTF16;  /* at least 16 bits */
+typedef unsigned char   UTF8;   /* typically 8 bits */
+typedef unsigned char   Boolean; /* 0 or 1 */
+
+/* Some fundamental constants */
+#define UNI_REPLACEMENT_CHAR (UTF32)0x0000FFFD
+#define UNI_MAX_BMP (UTF32)0x0000FFFF
+#define UNI_MAX_UTF16 (UTF32)0x0010FFFF
+#define UNI_MAX_UTF32 (UTF32)0x7FFFFFFF
+#define UNI_MAX_LEGAL_UTF32 (UTF32)0x0010FFFF
+
+#define UNI_MAX_UTF8_BYTES_PER_CODE_POINT 4
+
+#define UNI_UTF16_BYTE_ORDER_MARK_NATIVE  0xFEFF
+#define UNI_UTF16_BYTE_ORDER_MARK_SWAPPED 0xFFFE
+
+typedef enum {
+  conversionOK,           /* conversion successful */
+  sourceExhausted,        /* partial character in source, but hit end */
+  targetExhausted,        /* insuff. room in target for conversion */
+  sourceIllegal           /* source sequence is illegal/malformed */
+} ConversionResult;
+
+typedef enum {
+  strictConversion = 0,
+  lenientConversion
+} ConversionFlags;
+
+/* This is for C++ and does no harm in C */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ConversionResult ConvertUTF8toUTF16 (
+  const UTF8** sourceStart, const UTF8* sourceEnd,
+  UTF16** targetStart, UTF16* targetEnd, ConversionFlags flags);
+
+/**
+ * Convert a partial UTF8 sequence to UTF32.  If the sequence ends in an
+ * incomplete code unit sequence, returns \c sourceExhausted.
+ */
+ConversionResult ConvertUTF8toUTF32Partial(
+  const UTF8** sourceStart, const UTF8* sourceEnd,
+  UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags);
+
+/**
+ * Convert a partial UTF8 sequence to UTF32.  If the sequence ends in an
+ * incomplete code unit sequence, returns \c sourceIllegal.
+ */
+ConversionResult ConvertUTF8toUTF32(
+  const UTF8** sourceStart, const UTF8* sourceEnd,
+  UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags);
+
+ConversionResult ConvertUTF16toUTF8 (
+  const UTF16** sourceStart, const UTF16* sourceEnd,
+  UTF8** targetStart, UTF8* targetEnd, ConversionFlags flags);
+
+ConversionResult ConvertUTF32toUTF8 (
+  const UTF32** sourceStart, const UTF32* sourceEnd,
+  UTF8** targetStart, UTF8* targetEnd, ConversionFlags flags);
+
+ConversionResult ConvertUTF16toUTF32 (
+  const UTF16** sourceStart, const UTF16* sourceEnd,
+  UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags);
+
+ConversionResult ConvertUTF32toUTF16 (
+  const UTF32** sourceStart, const UTF32* sourceEnd,
+  UTF16** targetStart, UTF16* targetEnd, ConversionFlags flags);
+
+Boolean isLegalUTF8Sequence(const UTF8 *source, const UTF8 *sourceEnd);
+
+Boolean isLegalUTF8String(const UTF8 **source, const UTF8 *sourceEnd);
+
+unsigned getNumBytesForUTF8(UTF8 firstByte);
+
+#ifdef __cplusplus
+}
+#endif
+
+/* --------------------------------------------------------------------- */
+
+#endif
diff --git a/src/DFA.cc b/src/DFA.cc
index dbfed71ba3..514183165a 100644
--- a/src/DFA.cc
+++ b/src/DFA.cc
@@ -7,8 +7,6 @@
 #include "EquivClass.h"
 #include "DFA.h"
 
-int dfa_state_cache_size = 10000;
-
 unsigned int DFA_State::transition_counter = 0;
 
 DFA_State::DFA_State(int arg_state_num, const EquivClass* ec,
@@ -292,9 +290,8 @@ unsigned int DFA_State::Size()
 		+ (centry ? padded_sizeof(CacheEntry) : 0);
 	}
 
-DFA_State_Cache::DFA_State_Cache(int arg_maxsize)
+DFA_State_Cache::DFA_State_Cache()
 	{
-	maxsize = arg_maxsize;
 	hits = misses = 0;
 	}
 
@@ -402,7 +399,7 @@ DFA_Machine::DFA_Machine(NFA_Machine* n, EquivClass* arg_ec)
 
 	ec = arg_ec;
 
-	dfa_state_cache = new DFA_State_Cache(dfa_state_cache_size);
+	dfa_state_cache = new DFA_State_Cache();
 
 	NFA_state_list* ns = new NFA_state_list;
 	ns->append(n->FirstState());
diff --git a/src/DFA.h b/src/DFA.h
index 0f6c7d2f25..00cfdc3d39 100644
--- a/src/DFA.h
+++ b/src/DFA.h
@@ -15,8 +15,6 @@ class DFA_State;
 
 #include "NFA.h"
 
-extern int dfa_state_cache_size;
-
 class DFA_Machine;
 class DFA_State;
 struct CacheEntry;
@@ -78,7 +76,7 @@ struct CacheEntry {
 
 class DFA_State_Cache {
 public:
-	DFA_State_Cache(int maxsize);
+	DFA_State_Cache();
 	~DFA_State_Cache();
 
 	// If the caller stores the handle, it has to call Ref() on it.
@@ -105,8 +103,6 @@ public:
 	void GetStats(Stats* s);
 
 private:
-	int maxsize;
-
 	int hits;	// Statistics
 	int misses;
 
diff --git a/src/DebugLogger.cc b/src/DebugLogger.cc
index 6f025e3c2b..4e3dba9d81 100644
--- a/src/DebugLogger.cc
+++ b/src/DebugLogger.cc
@@ -19,7 +19,7 @@ DebugLogger::Stream DebugLogger::streams[NUM_DBGS] = {
 	{ "logging", 0, false }, {"input", 0, false },
 	{ "threading", 0, false }, { "file_analysis", 0, false },
 	{ "plugins", 0, false }, { "broxygen", 0, false },
-	{ "pktio", 0, false}
+	{ "pktio", 0, false }, { "broker", 0, false }
 };
 
 DebugLogger::DebugLogger(const char* filename)
@@ -55,32 +55,81 @@ DebugLogger::~DebugLogger()
 		fclose(file);
 	}
 
+void DebugLogger::ShowStreamsHelp()
+	{
+	fprintf(stderr, "\n");
+	fprintf(stderr, "Enable debug output into debug.log with -B <streams>.\n");
+	fprintf(stderr, "<streams> is a comma-separated list of streams to enable.\n");
+	fprintf(stderr, "\n");
+	fprintf(stderr, "Available streams:\n");
+
+	for ( int i = 0; i < NUM_DBGS; ++i )
+		fprintf(stderr,"  %s\n", streams[i].prefix);
+
+	fprintf(stderr, "\n");
+	fprintf(stderr, "  plugin-<plugin-name>   (replace '::' in name with '-'; e.g., '-B plugin-Bro-Netmap')\n");
+	fprintf(stderr, "\n");
+	fprintf(stderr, "Pseudo streams\n");
+	fprintf(stderr, "  verbose  Increase verbosity.\n");
+	fprintf(stderr, "  all      Enable all streams at maximum verbosity.\n");
+	fprintf(stderr, "\n");
+	}
+
 void DebugLogger::EnableStreams(const char* s)
 	{
-	char* tmp = copy_string(s);
 	char* brkt;
+	char* tmp = copy_string(s);
 	char* tok = strtok(tmp, ",");
 
 	while ( tok )
 		{
+		if ( strcasecmp("all", tok) == 0 )
+			{
+			for ( int i = 0; i < NUM_DBGS; ++i )
+				{
+				streams[i].enabled = true;
+				enabled_streams.insert(streams[i].prefix);
+				}
+
+			verbose = true;
+			goto next;
+			}
+
+		if ( strcasecmp("verbose", tok) == 0 )
+			{
+			verbose = true;
+			goto next;
+			}
+
+		if ( strcasecmp("help", tok) == 0 )
+			{
+			ShowStreamsHelp();
+			exit(0);
+			}
+
+		if ( strncmp(tok, "plugin-", strlen("plugin-")) == 0 )
+			{
+			// Cannot verify this at this time, plugins may not
+			// have been loaded.
+			enabled_streams.insert(tok);
+			goto next;
+			}
+
 		int i;
+
 		for ( i = 0; i < NUM_DBGS; ++i )
+			{
 			if ( strcasecmp(streams[i].prefix, tok) == 0 )
 				{
 				streams[i].enabled = true;
-				break;
+				enabled_streams.insert(tok);
+				goto next;
 				}
-
-		if ( i == NUM_DBGS )
-			{
-			if ( strcasecmp("verbose", tok) == 0 )
-				verbose = true;
-			else if ( strncmp(tok, "plugin-", 7) != 0 )
-				reporter->FatalError("unknown debug stream %s\n", tok);
 			}
 
-		enabled_streams.insert(tok);
+		reporter->FatalError("unknown debug stream '%s', try -B help.\n", tok);
 
+next:
 		tok = strtok(0, ",");
 		}
 
diff --git a/src/DebugLogger.h b/src/DebugLogger.h
index 9cd09dada1..ca947ff03a 100644
--- a/src/DebugLogger.h
+++ b/src/DebugLogger.h
@@ -32,6 +32,7 @@ enum DebugStream {
 	DBG_PLUGINS,	// Plugin system
 	DBG_BROXYGEN,	// Broxygen
 	DBG_PKTIO,	// Packet sources and dumpers.
+	DBG_BROKER,	// Broker communication
 
 	NUM_DBGS // Has to be last
 };
@@ -77,6 +78,8 @@ public:
 	void SetVerbose(bool arg_verbose)	{ verbose = arg_verbose; }
 	bool IsVerbose() const			{ return verbose; }
 
+	void ShowStreamsHelp();
+
 private:
 	FILE* file;
 	bool verbose;
diff --git a/src/Desc.cc b/src/Desc.cc
index f636a028b5..ebe5fb616c 100644
--- a/src/Desc.cc
+++ b/src/Desc.cc
@@ -181,13 +181,7 @@ void ODesc::AddBytes(const BroString* s)
 			AddBytes(reinterpret_cast<const char*>(s->Bytes()), s->Len());
 		else
 			{
-			int render_style = BroString::EXPANDED_STRING;
-			if ( Style() == ALTERNATIVE_STYLE )
-				// Only change NULs, since we can't in any case
-				// cope with them.
-				render_style = BroString::ESC_NULL;
-
-			const char* str = s->Render(render_style);
+			const char* str = s->Render(BroString::EXPANDED_STRING);
 			Add(str);
 			delete [] str;
 			}
@@ -256,7 +250,7 @@ pair<const char*, size_t> ODesc::FirstEscapeLoc(const char* bytes, size_t n)
 
 	for ( size_t i = 0; i < n; ++i )
 		{
-		if ( ! isprint(bytes[i]) )
+		if ( ! isprint(bytes[i]) || bytes[i] == '\\' )
 			return escape_pos(bytes + i, 1);
 
 		size_t len = StartsWithEscapeSequence(bytes + i, bytes + n);
diff --git a/src/Desc.h b/src/Desc.h
index b7df7d75f7..cc6ba3a662 100644
--- a/src/Desc.h
+++ b/src/Desc.h
@@ -17,7 +17,6 @@ typedef enum {
 
 typedef enum {
 	STANDARD_STYLE,
-	ALTERNATIVE_STYLE,
 	RAW_STYLE,
 } desc_style;
 
diff --git a/src/EventHandler.cc b/src/EventHandler.cc
index 0f25d63ba8..3f1fd71ddf 100644
--- a/src/EventHandler.cc
+++ b/src/EventHandler.cc
@@ -5,6 +5,11 @@
 #include "RemoteSerializer.h"
 #include "NetVar.h"
 
+#ifdef ENABLE_BROKER
+#include "broker/Manager.h"
+#include "broker/Data.h"
+#endif
+
 EventHandler::EventHandler(const char* arg_name)
 	{
 	name = copy_string(arg_name);
@@ -26,7 +31,12 @@ EventHandler::operator bool() const
 	{
 	return enabled && ((local && local->HasBodies())
 			   || receivers.length()
-			   || generate_always);
+			   || generate_always
+#ifdef ENABLE_BROKER
+			   || ! auto_remote_send.empty()
+			   // TODO: and require a subscriber interested in a topic or unsolicited flags?
+#endif
+	                   );
 	}
 
 FuncType* EventHandler::FType()
@@ -73,6 +83,46 @@ void EventHandler::Call(val_list* vl, bool no_remote)
 			SerialInfo info(remote_serializer);
 			remote_serializer->SendCall(&info, receivers[i], name, vl);
 			}
+
+#ifdef ENABLE_BROKER
+
+		if ( ! auto_remote_send.empty() )
+			{
+			// TODO: also short-circuit based on interested subscribers/flags?
+			broker::message msg;
+			msg.reserve(vl->length() + 1);
+			msg.emplace_back(Name());
+			bool valid_args = true;
+
+			for ( auto i = 0; i < vl->length(); ++i )
+				{
+				auto opt_data = bro_broker::val_to_data((*vl)[i]);
+
+				if ( opt_data )
+					msg.emplace_back(move(*opt_data));
+				else
+					{
+					valid_args = false;
+					auto_remote_send.clear();
+					reporter->Error("failed auto-remote event '%s', disabled",
+					                Name());
+					break;
+					}
+				}
+
+			if ( valid_args )
+				{
+				for ( auto it = auto_remote_send.begin();
+				      it != auto_remote_send.end(); ++it )
+					{
+					if ( std::next(it) == auto_remote_send.end() )
+						broker_mgr->Event(it->first, move(msg), it->second);
+					else
+						broker_mgr->Event(it->first, msg, it->second);
+					}
+				}
+			}
+#endif
 		}
 
 	if ( local )
diff --git a/src/EventHandler.h b/src/EventHandler.h
index 55ac33cffd..2acd2569a6 100644
--- a/src/EventHandler.h
+++ b/src/EventHandler.h
@@ -4,7 +4,8 @@
 #define EVENTHANDLER
 
 #include <assert.h>
-
+#include <map>
+#include <string>
 #include "List.h"
 #include "BroList.h"
 
@@ -28,6 +29,18 @@ public:
 	void AddRemoteHandler(SourceID peer);
 	void RemoveRemoteHandler(SourceID peer);
 
+#ifdef ENABLE_BROKER
+	void AutoRemote(std::string topic, int flags)
+		{
+		auto_remote_send[std::move(topic)] = flags;
+		}
+
+	void AutoRemoteStop(const std::string& topic)
+		{
+		auto_remote_send.erase(topic);
+		}
+#endif
+
 	void Call(val_list* vl, bool no_remote = false);
 
 	// Returns true if there is at least one local or remote handler.
@@ -67,6 +80,10 @@ private:
 	declare(List, SourceID);
 	typedef List(SourceID) receiver_list;
 	receiver_list receivers;
+
+#ifdef ENABLE_BROKER
+	std::map<std::string, int> auto_remote_send;	// topic -> flags
+#endif
 };
 
 // Encapsulates a ptr to an event handler to overload the boolean operator.
diff --git a/src/Expr.cc b/src/Expr.cc
index d2dcb1585b..ba44149ec3 100644
--- a/src/Expr.cc
+++ b/src/Expr.cc
@@ -249,18 +249,6 @@ NameExpr::~NameExpr()
 	Unref(id);
 	}
 
-Expr* NameExpr::Simplify(SimplifyType simp_type)
-	{
-	if ( simp_type != SIMPLIFY_LHS && id->IsConst() )
-		{
-		Val* v = Eval(0);
-		if ( v )
-			return new ConstExpr(v);
-		}
-
-	return this;
-	}
-
 Val* NameExpr::Eval(Frame* f) const
 	{
 	Val* v;
@@ -410,11 +398,6 @@ void ConstExpr::ExprDescribe(ODesc* d) const
 	val->Describe(d);
 	}
 
-Expr* ConstExpr::Simplify(SimplifyType /* simp_type */)
-	{
-	return this;
-	}
-
 Val* ConstExpr::Eval(Frame* /* f */) const
 	{
 	return Value()->Ref();
@@ -457,16 +440,6 @@ UnaryExpr::~UnaryExpr()
 	Unref(op);
 	}
 
-Expr* UnaryExpr::Simplify(SimplifyType simp_type)
-	{
-	if ( IsError() )
-		return this;
-
-	op = simplify_expr(op, simp_type);
-	Canonicize();
-	return DoSimplify();
-	}
-
 Val* UnaryExpr::Eval(Frame* f) const
 	{
 	if ( IsError() )
@@ -516,11 +489,6 @@ TraversalCode UnaryExpr::Traverse(TraversalCallback* cb) const
 	HANDLE_TC_EXPR_POST(tc);
 	}
 
-Expr* UnaryExpr::DoSimplify()
-	{
-	return this;
-	}
-
 Val* UnaryExpr::Fold(Val* v) const
 	{
 	return v->Ref();
@@ -573,19 +541,6 @@ BinaryExpr::~BinaryExpr()
 	Unref(op2);
 	}
 
-Expr* BinaryExpr::Simplify(SimplifyType /* simp_type */)
-	{
-	if ( IsError() )
-		return this;
-
-	SimplifyOps();
-
-	if ( BothConst() )
-		return new ConstExpr(Fold(op1->ExprVal(), op2->ExprVal()));
-	else
-		return DoSimplify();
-	}
-
 Val* BinaryExpr::Eval(Frame* f) const
 	{
 	if ( IsError() )
@@ -687,11 +642,6 @@ TraversalCode BinaryExpr::Traverse(TraversalCallback* cb) const
 	HANDLE_TC_EXPR_POST(tc);
 	}
 
-Expr* BinaryExpr::DoSimplify()
-	{
-	return this;
-	}
-
 void BinaryExpr::ExprDescribe(ODesc* d) const
 	{
 	op1->Describe(d);
@@ -703,13 +653,6 @@ void BinaryExpr::ExprDescribe(ODesc* d) const
 	op2->Describe(d);
 	}
 
-void BinaryExpr::SimplifyOps()
-	{
-	op1 = simplify_expr(op1, SIMPLIFY_GENERAL);
-	op2 = simplify_expr(op2, SIMPLIFY_GENERAL);
-	Canonicize();
-	}
-
 Val* BinaryExpr::Fold(Val* v1, Val* v2) const
 	{
 	InternalTypeTag it = v1->Type()->InternalType();
@@ -1147,21 +1090,6 @@ NotExpr::NotExpr(Expr* arg_op) : UnaryExpr(EXPR_NOT, arg_op)
 		SetType(base_type(TYPE_BOOL));
 	}
 
-Expr* NotExpr::DoSimplify()
-	{
-	op = simplify_expr(op, SIMPLIFY_GENERAL);
-	Canonicize();
-
-	if ( op->Tag() == EXPR_NOT )
-		// !!x == x
-		return ((NotExpr*) op)->Op()->Ref();
-
-	if ( op->IsConst() )
-		return new ConstExpr(Fold(op->ExprVal()));
-
-	return this;
-	}
-
 Val* NotExpr::Fold(Val* v) const
 	{
 	return new Val(! v->InternalInt(), type->Tag());
@@ -1207,22 +1135,6 @@ PosExpr::PosExpr(Expr* arg_op) : UnaryExpr(EXPR_POSITIVE, arg_op)
 		SetType(base_result_type);
 	}
 
-Expr* PosExpr::DoSimplify()
-	{
-	op = simplify_expr(op, SIMPLIFY_GENERAL);
-	Canonicize();
-
-	TypeTag t = op->Type()->Tag();
-
-	if ( t == TYPE_DOUBLE || t == TYPE_INTERVAL || t == TYPE_INT )
-		return op->Ref();
-
-	if ( op->IsConst() && ! is_vector(op->ExprVal()) )
-		return new ConstExpr(Fold(op->ExprVal()));
-
-	return this;
-	}
-
 Val* PosExpr::Fold(Val* v) const
 	{
 	TypeTag t = v->Type()->Tag();
@@ -1273,27 +1185,6 @@ NegExpr::NegExpr(Expr* arg_op) : UnaryExpr(EXPR_NEGATE, arg_op)
 		SetType(base_result_type);
 	}
 
-Expr* NegExpr::DoSimplify()
-	{
-	op = simplify_expr(op, SIMPLIFY_GENERAL);
-	Canonicize();
-
-	if ( op->Tag() == EXPR_NEGATE )
-		// -(-x) == x
-		return ((NegExpr*) op)->Op()->Ref();
-
-	if ( op->IsConst() && ! is_vector(op->ExprVal()) )
-		return new ConstExpr(Fold(op->ExprVal()));
-
-	if ( op->Tag() == EXPR_SUB )
-		{ // -(a-b) == b-a
-		SubExpr* s = (SubExpr*) op;
-		return new SubExpr(s->Op2()->Ref(), s->Op1()->Ref());
-		}
-
-	return this;
-	}
-
 Val* NegExpr::Fold(Val* v) const
 	{
 	if ( v->Type()->Tag() == TYPE_DOUBLE )
@@ -1396,24 +1287,6 @@ AddExpr::AddExpr(Expr* arg_op1, Expr* arg_op2)
 		}
 	}
 
-Expr* AddExpr::DoSimplify()
-	{
-	// If there's a constant, then it's in op1, since Canonicize()
-	// makes sure of that.
-	if ( op1->IsZero() )
-		return op2->Ref();
-
-	else if ( op1->Tag() == EXPR_NEGATE )
-		// (-a)+b = b-a
-		return new AddExpr(op2->Ref(), ((NegExpr*) op1)->Op()->Ref());
-
-	else if ( op2->Tag() == EXPR_NEGATE )
-		// a+(-b) == a-b
-		return new SubExpr(op1->Ref(), ((NegExpr*) op2)->Op()->Ref());
-
-	return this;
-	}
-
 void AddExpr::Canonicize()
 	{
 	if ( expr_greater(op2, op1) ||
@@ -1532,21 +1405,6 @@ SubExpr::SubExpr(Expr* arg_op1, Expr* arg_op2)
 		}
 	}
 
-Expr* SubExpr::DoSimplify()
-	{
-	if ( op1->IsZero() )
-		return new NegExpr(op2->Ref());
-
-	else if ( op2->IsZero() )
-		return op1->Ref();
-
-	else if ( op2->Tag() == EXPR_NEGATE )
-		// a-(-b) = a+b
-		return new AddExpr(op1->Ref(), ((NegExpr*) op2)->Op()->Ref());
-
-	return this;
-	}
-
 IMPLEMENT_SERIAL(SubExpr, SER_SUB_EXPR);
 
 bool SubExpr::DoSerialize(SerialInfo* info) const
@@ -1648,27 +1506,6 @@ TimesExpr::TimesExpr(Expr* arg_op1, Expr* arg_op2)
 		ExprError("requires arithmetic operands");
 	}
 
-Expr* TimesExpr::DoSimplify()
-	{
-	// If there's a constant, then it's in op1, since Canonicize()
-	// makes sure of that.
-	if ( op1->IsConst() )
-		{
-		if ( op1->IsZero() )
-			{
-			if ( IsVector(op2->Type()->Tag()) )
-				return this;
-			else
-				return make_zero(type);
-			}
-
-		else if ( op1->IsOne() )
-			return op2->Ref();
-		}
-
-	return this;
-	}
-
 void TimesExpr::Canonicize()
 	{
 	if ( expr_greater(op2, op1) || op2->Type()->Tag() == TYPE_INTERVAL ||
@@ -1741,31 +1578,6 @@ Val* DivideExpr::AddrFold(Val* v1, Val* v2) const
 	return new SubNetVal(v1->AsAddr(), mask);
 	}
 
-Expr* DivideExpr::DoSimplify()
-	{
-	if ( IsError() )
-		return this;
-
-	if ( op1->Type()->Tag() == TYPE_ADDR )
-		return this;
-
-	if ( is_vector(op1) || is_vector(op2) )
-		return this;
-
-	if ( op2->IsConst() )
-		{
-		if ( op2->IsOne() )
-			return op1->Ref();
-		else if ( op2->IsZero() )
-			Error("zero divisor");
-		}
-
-	else if ( same_expr(op1, op2) )
-		return make_one(type);
-
-	return this;
-	}
-
 IMPLEMENT_SERIAL(DivideExpr, SER_DIVIDE_EXPR);
 
 bool DivideExpr::DoSerialize(SerialInfo* info) const
@@ -1800,31 +1612,6 @@ ModExpr::ModExpr(Expr* arg_op1, Expr* arg_op2)
 		ExprError("requires integral operands");
 	}
 
-Expr* ModExpr::DoSimplify()
-	{
-	if ( IsError() )
-		return this;
-
-	TypeTag bt1 = op1->Type()->Tag();
-	TypeTag bt2 = op2->Type()->Tag();
-
-	if ( IsVector(bt1) || IsVector(bt2) )
-		return this;
-
-	if ( op2->IsConst() )
-		{
-		if ( op2->IsOne() )
-			return make_zero(type);
-		else if ( op2->IsZero() )
-			Error("zero modulus");
-		}
-
-	else if ( same_expr(op1, op2) )
-		return make_zero(type);
-
-	return this;
-	}
-
 IMPLEMENT_SERIAL(ModExpr, SER_MOD_EXPR);
 
 bool ModExpr::DoSerialize(SerialInfo* info) const
@@ -2011,37 +1798,6 @@ Val* BoolExpr::Eval(Frame* f) const
 	return result;
 	}
 
-Expr* BoolExpr::DoSimplify()
-	{
-	if ( op1->IsConst() && ! is_vector(op1) )
-		{
-		if ( op1->IsZero() )
-			// F && x  or  F || x
-			return (tag == EXPR_AND) ? make_zero(type) : op2->Ref();
-		else
-			// T && x  or  T || x
-			return (tag == EXPR_AND) ? op2->Ref() : make_one(type);
-		}
-
-	else if ( op2->IsConst() && ! is_vector(op2) )
-		{
-		if ( op1->IsZero() )
-			// x && F  or  x || F
-			return (tag == EXPR_AND) ? make_zero(type) : op1->Ref();
-		else
-			// x && T  or  x || T
-			return (tag == EXPR_AND) ? op1->Ref() : make_one(type);
-		}
-
-	else if ( same_expr(op1, op2) )
-		{
-		Warn("redundant boolean operation");
-		return op1->Ref();
-		}
-
-	return this;
-	}
-
 IMPLEMENT_SERIAL(BoolExpr, SER_BOOL_EXPR);
 
 bool BoolExpr::DoSerialize(SerialInfo* info) const
@@ -2128,22 +1884,6 @@ void EqExpr::Canonicize()
 		SwapOps();
 	}
 
-Expr* EqExpr::DoSimplify()
-	{
-	if ( same_expr(op1, op2) && ! is_vector(op1) )
-		{
-		if ( ! optimize )
-			Warn("redundant comparison");
-
-		if ( tag == EXPR_EQ )
-			return make_one(type);
-		else
-			return make_zero(type);
-		}
-
-	return this;
-	}
-
 Val* EqExpr::Fold(Val* v1, Val* v2) const
 	{
 	if ( op1->Type()->Tag() == TYPE_PATTERN )
@@ -2207,22 +1947,6 @@ RelExpr::RelExpr(BroExprTag arg_tag, Expr* arg_op1, Expr* arg_op2)
 		ExprError("illegal comparison");
 	}
 
-Expr* RelExpr::DoSimplify()
-	{
-	if ( same_expr(op1, op2) )
-		{
-		Warn("redundant comparison");
-		// Here we use the fact that the canonical form of
-		// a RelExpr only uses EXPR_LE or EXPR_LT.
-		if ( tag == EXPR_LE )
-			return make_one(type);
-		else
-			return make_zero(type);
-		}
-
-	return this;
-	}
-
 void RelExpr::Canonicize()
 	{
 	if ( tag == EXPR_GT )
@@ -2314,25 +2038,6 @@ CondExpr::~CondExpr()
 	Unref(op3);
 	}
 
-Expr* CondExpr::Simplify(SimplifyType /* simp_type */)
-	{
-	op1 = simplify_expr(op1, SIMPLIFY_GENERAL);
-	op2 = simplify_expr(op2, SIMPLIFY_GENERAL);
-	op3 = simplify_expr(op3, SIMPLIFY_GENERAL);
-
-	if ( op1->IsConst() && ! is_vector(op1) )
-		{
-		Val* v = op1->ExprVal();
-		return (v->IsZero() ? op3 : op2)->Ref();
-		}
-
-	if ( op1->Tag() == EXPR_NOT )
-		return new CondExpr(((NotExpr*) op1)->Op()->Ref(),
-					op3->Ref(), op2->Ref());
-
-	return this;
-	}
-
 Val* CondExpr::Eval(Frame* f) const
 	{
 	if ( ! is_vector(op1) )
@@ -2599,6 +2304,39 @@ bool AssignExpr::TypeCheck(attr_list* attrs)
 
 	if ( ! same_type(op1->Type(), op2->Type()) )
 		{
+		if ( bt1 == TYPE_TABLE && bt2 == TYPE_TABLE )
+			{
+			if ( op2->Tag() == EXPR_SET_CONSTRUCTOR )
+				{
+				// Some elements in constructor list must not match, see if
+				// we can create a new constructor now that the expected type
+				// of LHS is known and let it do coercions where possible.
+				SetConstructorExpr* sce = dynamic_cast<SetConstructorExpr*>(op2);
+				ListExpr* ctor_list = dynamic_cast<ListExpr*>(sce->Op());
+				attr_list* attr_copy = 0;
+
+				if ( sce->Attrs() )
+					{
+					attr_list* a = sce->Attrs()->Attrs();
+					attrs = new attr_list;
+					loop_over_list(*a, i)
+						attrs->append((*a)[i]);
+					}
+
+				int errors_before = reporter->Errors();
+				op2 = new SetConstructorExpr(ctor_list, attr_copy, op1->Type());
+				int errors_after = reporter->Errors();
+
+				if ( errors_after > errors_before )
+					{
+					ExprError("type clash in assignment");
+					return false;
+					}
+
+				return true;
+				}
+			}
+
 		ExprError("type clash in assignment");
 		return false;
 		}
@@ -2651,13 +2389,6 @@ bool AssignExpr::TypeCheckArithmetics(TypeTag bt1, TypeTag bt2)
 	}
 
 
-Expr* AssignExpr::Simplify(SimplifyType /* simp_type */)
-	{
-	op1 = simplify_expr(op1, SIMPLIFY_LHS);
-	op2 = simplify_expr(op2, SIMPLIFY_GENERAL);
-	return this;
-	}
-
 Val* AssignExpr::Eval(Frame* f) const
 	{
 	if ( is_init )
@@ -2973,13 +2704,6 @@ Expr* IndexExpr::MakeLvalue()
 	return new RefExpr(this);
 	}
 
-Expr* IndexExpr::Simplify(SimplifyType simp_type)
-	{
-	op1 = simplify_expr(op1, simp_type);
-	op2 = simplify_expr(op2, SIMPLIFY_GENERAL);
-	return this;
-	}
-
 Val* IndexExpr::Eval(Frame* f) const
 	{
 	Val* v1 = op1->Eval(f);
@@ -3231,12 +2955,6 @@ Expr* FieldExpr::MakeLvalue()
 	return new RefExpr(this);
 	}
 
-Expr* FieldExpr::Simplify(SimplifyType simp_type)
-	{
-	op = simplify_expr(op, simp_type);
-	return this;
-	}
-
 int FieldExpr::CanDel() const
 	{
 	return td->FindAttr(ATTR_DEFAULT) || td->FindAttr(ATTR_OPTIONAL);
@@ -3962,73 +3680,6 @@ ArithCoerceExpr::ArithCoerceExpr(Expr* arg_op, TypeTag t)
 		ExprError("bad coercion value");
 	}
 
-Expr* ArithCoerceExpr::DoSimplify()
-	{
-	if ( is_vector(op) )
-		return this;
-
-	InternalTypeTag my_int = type->InternalType();
-	InternalTypeTag op_int = op->Type()->InternalType();
-
-	if ( my_int == TYPE_INTERNAL_UNSIGNED )
-		my_int = TYPE_INTERNAL_INT;
-	if ( op_int == TYPE_INTERNAL_UNSIGNED )
-		op_int = TYPE_INTERNAL_INT;
-
-	if ( my_int == op_int )
-		return op->Ref();
-
-	if ( op->IsConst() )
-		{
-		if ( my_int == TYPE_INTERNAL_INT )
-			{
-			if ( op_int != TYPE_INTERNAL_DOUBLE )
-				Internal("bad coercion in CoerceExpr::DoSimplify");
-			double d = op->ExprVal()->InternalDouble();
-			bro_int_t i = bro_int_t(d);
-
-			if ( i < 0 &&
-			     type->InternalType() == TYPE_INTERNAL_UNSIGNED )
-				Warn("coercion produces negative count value");
-
-			if ( d != double(i) )
-				Warn("coercion loses precision");
-
-			return new ConstExpr(new Val(i, type->Tag()));
-			}
-
-		if ( my_int == TYPE_INTERNAL_DOUBLE )
-			{
-			if ( op_int == TYPE_INTERNAL_INT )
-				{
-				bro_int_t i = op->ExprVal()->InternalInt();
-				double d = double(i);
-
-				if ( i != bro_int_t(d) )
-					Warn("coercion loses precision");
-
-				return new ConstExpr(new Val(d, type->Tag()));
-				}
-
-			if ( op_int == TYPE_INTERNAL_UNSIGNED )
-				{
-				bro_uint_t u = op->ExprVal()->InternalUnsigned();
-				double d = double(u);
-
-				if ( u != (bro_uint_t) (d) )
-					Warn("coercion loses precision");
-
-				return new ConstExpr(new Val(d, type->Tag()));
-				}
-
-			}
-
-		Internal("bad coercion in CoerceExpr::DoSimplify");
-		}
-
-	return this;
-	}
-
 Val* ArithCoerceExpr::FoldSingleVal(Val* v, InternalTypeTag t) const
 	{
 	switch ( t ) {
@@ -4153,6 +3804,9 @@ RecordCoerceExpr::RecordCoerceExpr(Expr* op, RecordType* r)
 			map[t_i] = i;
 			}
 
+		if ( IsError() )
+			return;
+
 		for ( i = 0; i < map_size; ++i )
 			{
 			if ( map[i] == -1 )
@@ -4517,22 +4171,6 @@ int ScheduleExpr::IsPure() const
 	return 0;
 	}
 
-Expr* ScheduleExpr::Simplify(SimplifyType simp_type)
-	{
-	when = when->Simplify(simp_type);
-	Expr* generic_event = event->Simplify(simp_type);
-
-	if ( ! generic_event )
-		return 0;
-
-	if ( generic_event->Tag() != EXPR_CALL )
-		Internal("bad event type in ScheduleExpr::Simplify");
-
-	event = (EventExpr*) generic_event;
-
-	return this;
-	}
-
 Val* ScheduleExpr::Eval(Frame* f) const
 	{
 	if ( terminating )
@@ -4865,20 +4503,6 @@ int CallExpr::IsPure() const
 	return pure;
 	}
 
-Expr* CallExpr::Simplify(SimplifyType /* simp_type */)
-	{
-	if ( IsError() )
-		return this;
-
-	func = simplify_expr(func, SIMPLIFY_GENERAL);
-	args = simplify_expr_list(args, SIMPLIFY_GENERAL);
-
-	if ( IsPure() )
-		return new ConstExpr(Eval(0));
-	else
-		return this;
-	}
-
 Val* CallExpr::Eval(Frame* f) const
 	{
 	if ( IsError() )
@@ -5031,14 +4655,6 @@ EventExpr::~EventExpr()
 	Unref(args);
 	}
 
-Expr* EventExpr::Simplify(SimplifyType /* simp_type */)
-	{
-	if ( ! IsError() )
-		args = simplify_expr_list(args, SIMPLIFY_GENERAL);
-
-	return this;
-	}
-
 Val* EventExpr::Eval(Frame* f) const
 	{
 	if ( IsError() )
@@ -5145,17 +4761,6 @@ int ListExpr::AllConst() const
 	return 1;
 	}
 
-Expr* ListExpr::Simplify(SimplifyType /* simp_type */)
-	{
-	loop_over_list(exprs, i)
-		exprs.replace(i, simplify_expr(exprs[i], SIMPLIFY_GENERAL));
-
-	// Note that we do *not* simplify a list with one element
-	// to just that element.  The assumption that simplify_expr(ListExpr*)
-	// returns a ListExpr* is widespread.
-	return this;
-	}
-
 Val* ListExpr::Eval(Frame* f) const
 	{
 	ListVal* v = new ListVal(TYPE_ANY);
@@ -5787,25 +5392,6 @@ int check_and_promote_exprs_to_type(ListExpr*& elements, BroType* type)
 	return 1;
 	}
 
-Expr* simplify_expr(Expr* e, SimplifyType simp_type)
-	{
-	if ( ! e )
-		return 0;
-
-	for ( Expr* s = e->Simplify(simp_type); s != e; s = e->Simplify(simp_type) )
-		{
-		Unref(e);
-		e = s;
-		}
-
-	return e;
-	}
-
-ListExpr* simplify_expr_list(ListExpr* l, SimplifyType simp_type)
-	{
-	return (ListExpr*) simplify_expr(l, simp_type);
-	}
-
 val_list* eval_list(Frame* f, const ListExpr* l)
 	{
 	const expr_list& e = l->Exprs();
@@ -5831,129 +5417,6 @@ val_list* eval_list(Frame* f, const ListExpr* l)
 		return v;
 	}
 
-int same_expr(const Expr* e1, const Expr* e2)
-	{
-	if ( e1 == e2 )
-		return 1;
-
-	if ( e1->Tag() != e2->Tag() || ! same_type(e1->Type(), e2->Type()) )
-		return 0;
-
-	if ( e1->IsError() || e2->IsError() )
-		return 0;
-
-	switch ( e1->Tag() ) {
-	case EXPR_NAME:
-		{
-		const NameExpr* n1 = (NameExpr*) e1;
-		const NameExpr* n2 = (NameExpr*) e2;
-		return n1->Id() == n2->Id();
-		}
-
-	case EXPR_CONST:
-		{
-		const ConstExpr* c1 = (ConstExpr*) e1;
-		const ConstExpr* c2 = (ConstExpr*) e2;
-		return same_val(c1->Value(), c2->Value());
-		}
-
-	case EXPR_INCR:
-	case EXPR_DECR:
-	case EXPR_NOT:
-	case EXPR_NEGATE:
-	case EXPR_POSITIVE:
-	case EXPR_REF:
-	case EXPR_RECORD_CONSTRUCTOR:
-	case EXPR_TABLE_CONSTRUCTOR:
-	case EXPR_SET_CONSTRUCTOR:
-	case EXPR_VECTOR_CONSTRUCTOR:
-	case EXPR_FIELD_ASSIGN:
-	case EXPR_ARITH_COERCE:
-	case EXPR_RECORD_COERCE:
-	case EXPR_TABLE_COERCE:
-	case EXPR_FLATTEN:
-		{
-		const UnaryExpr* u1 = (UnaryExpr*) e1;
-		const UnaryExpr* u2 = (UnaryExpr*) e2;
-		return same_expr(u1->Op(), u2->Op());
-		}
-
-	case EXPR_FIELD:
-		{
-		const FieldExpr* f1 = (FieldExpr*) e1;
-		const FieldExpr* f2 = (FieldExpr*) e2;
-		return same_expr(f1->Op(), f2->Op()) &&
-			f1->Field() == f2->Field();
-		}
-
-	case EXPR_SCHEDULE:
-		{
-		const ScheduleExpr* s1 = (ScheduleExpr*) e1;
-		const ScheduleExpr* s2 = (ScheduleExpr*) e2;
-		return same_expr(s1->When(), s2->When()) &&
-			same_expr(s1->Event(), s2->Event());
-		}
-
-	case EXPR_ADD:
-	case EXPR_ADD_TO:
-	case EXPR_SUB:
-	case EXPR_REMOVE_FROM:
-	case EXPR_TIMES:
-	case EXPR_DIVIDE:
-	case EXPR_MOD:
-	case EXPR_AND:
-	case EXPR_OR:
-	case EXPR_LT:
-	case EXPR_LE:
-	case EXPR_EQ:
-	case EXPR_NE:
-	case EXPR_GE:
-	case EXPR_GT:
-	case EXPR_ASSIGN:
-	case EXPR_MATCH:
-	case EXPR_INDEX:
-	case EXPR_IN:
-		{
-		const BinaryExpr* b1 = (BinaryExpr*) e1;
-		const BinaryExpr* b2 = (BinaryExpr*) e2;
-		return same_expr(b1->Op1(), b2->Op1()) &&
-			same_expr(b1->Op2(), b2->Op2());
-		}
-
-	case EXPR_LIST:
-		{
-		const ListExpr* l1 = (ListExpr*) e1;
-		const ListExpr* l2 = (ListExpr*) e2;
-
-		const expr_list& le1 = l1->Exprs();
-		const expr_list& le2 = l2->Exprs();
-
-		if ( le1.length() != le2.length() )
-			return 0;
-
-		loop_over_list(le1, i)
-			if ( ! same_expr(le1[i], le2[i]) )
-				return 0;
-
-		return 1;
-		}
-
-	case EXPR_CALL:
-		{
-		const CallExpr* c1 = (CallExpr*) e1;
-		const CallExpr* c2 = (CallExpr*) e2;
-
-		return same_expr(c1->Func(), c2->Func()) &&
-			c1->IsPure() && same_expr(c1->Args(), c2->Args());
-		}
-
-	default:
-		reporter->InternalError("bad tag in same_expr()");
-	}
-
-	return 0;
-	}
-
 int expr_greater(const Expr* e1, const Expr* e2)
 	{
 	return int(e1->Tag()) > int(e2->Tag());
diff --git a/src/Expr.h b/src/Expr.h
index b726697803..97092c1315 100644
--- a/src/Expr.h
+++ b/src/Expr.h
@@ -47,11 +47,6 @@ typedef enum {
 #define NUM_EXPRS (int(EXPR_FLATTEN) + 1)
 } BroExprTag;
 
-typedef enum {
-	SIMPLIFY_GENERAL,	// regular simplification
-	SIMPLIFY_LHS,		// simplify as the LHS of an assignment
-} SimplifyType;
-
 extern const char* expr_name(BroExprTag t);
 
 class Stmt;
@@ -72,11 +67,6 @@ public:
 
 	Expr* Ref()			{ ::Ref(this); return this; }
 
-	// Returns a fully simplified version of the expression (this
-	// may be the same expression, or a newly created one).  simp_type
-	// gives the context of the simplification.
-	virtual Expr* Simplify(SimplifyType simp_type) = 0;
-
 	// Evaluates the expression and returns a corresponding Val*,
 	// or nil if the expression's value isn't fixed.
 	virtual Val* Eval(Frame* f) const = 0;
@@ -230,7 +220,6 @@ public:
 
 	ID* Id() const		{ return id; }
 
-	Expr* Simplify(SimplifyType simp_type);
 	Val* Eval(Frame* f) const;
 	void Assign(Frame* f, Val* v, Opcode op = OP_ASSIGN);
 	Expr* MakeLvalue();
@@ -257,7 +246,6 @@ public:
 
 	Val* Value() const	{ return val; }
 
-	Expr* Simplify(SimplifyType simp_type);
 	Val* Eval(Frame* f) const;
 
 	TraversalCode Traverse(TraversalCallback* cb) const;
@@ -276,9 +264,6 @@ class UnaryExpr : public Expr {
 public:
 	Expr* Op() const	{ return op; }
 
-	// Simplifies the operand and calls DoSimplify().
-	virtual Expr* Simplify(SimplifyType simp_type);
-
 	// UnaryExpr::Eval correctly handles vector types.  Any child
 	// class that overrides Eval() should be modified to handle
 	// vectors correctly as necessary.
@@ -297,10 +282,6 @@ protected:
 
 	void ExprDescribe(ODesc* d) const;
 
-	// Can be overridden by subclasses that want to take advantage
-	// of UnaryExpr's Simplify() method.
-	virtual Expr* DoSimplify();
-
 	// Returns the expression folded using the given constant.
 	virtual Val* Fold(Val* v) const;
 
@@ -314,9 +295,6 @@ public:
 	Expr* Op1() const	{ return op1; }
 	Expr* Op2() const	{ return op2; }
 
-	// Simplifies both operands, folds them if constant,
-	// otherwise calls DoSimplify().
-	virtual Expr* Simplify(SimplifyType simp_type);
 	int IsPure() const;
 
 	// BinaryExpr::Eval correctly handles vector types.  Any child
@@ -340,10 +318,6 @@ protected:
 		}
 	virtual ~BinaryExpr();
 
-	// Can be overridden by subclasses that want to take advantage
-	// of BinaryExpr's Simplify() method.
-	virtual Expr* DoSimplify();
-
 	// Returns the expression folded using the given constants.
 	virtual Val* Fold(Val* v1, Val* v2) const;
 
@@ -356,9 +330,6 @@ protected:
 
 	int BothConst() const	{ return op1->IsConst() && op2->IsConst(); }
 
-	// Simplify both operands and canonicize.
-	void SimplifyOps();
-
 	// Exchange op1 and op2.
 	void SwapOps();
 
@@ -414,7 +385,6 @@ protected:
 	friend class Expr;
 	NotExpr()	{ }
 
-	Expr* DoSimplify();
 	Val* Fold(Val* v) const;
 
 	DECLARE_SERIAL(NotExpr);
@@ -428,7 +398,6 @@ protected:
 	friend class Expr;
 	PosExpr()	{ }
 
-	Expr* DoSimplify();
 	Val* Fold(Val* v) const;
 
 	DECLARE_SERIAL(PosExpr);
@@ -442,7 +411,6 @@ protected:
 	friend class Expr;
 	NegExpr()	{ }
 
-	Expr* DoSimplify();
 	Val* Fold(Val* v) const;
 
 	DECLARE_SERIAL(NegExpr);
@@ -470,8 +438,6 @@ protected:
 	friend class Expr;
 	AddExpr()	{ }
 
-	Expr* DoSimplify();
-
 	DECLARE_SERIAL(AddExpr);
 
 };
@@ -508,8 +474,6 @@ protected:
 	friend class Expr;
 	SubExpr()	{ }
 
-	Expr* DoSimplify();
-
 	DECLARE_SERIAL(SubExpr);
 
 };
@@ -523,8 +487,6 @@ protected:
 	friend class Expr;
 	TimesExpr()	{ }
 
-	Expr* DoSimplify();
-
 	DECLARE_SERIAL(TimesExpr);
 
 };
@@ -538,7 +500,6 @@ protected:
 	DivideExpr()	{ }
 
 	Val* AddrFold(Val* v1, Val* v2) const;
-	Expr* DoSimplify();
 
 	DECLARE_SERIAL(DivideExpr);
 
@@ -552,8 +513,6 @@ protected:
 	friend class Expr;
 	ModExpr()	{ }
 
-	Expr* DoSimplify();
-
 	DECLARE_SERIAL(ModExpr);
 };
 
@@ -568,8 +527,6 @@ protected:
 	friend class Expr;
 	BoolExpr()	{ }
 
-	Expr* DoSimplify();
-
 	DECLARE_SERIAL(BoolExpr);
 };
 
@@ -582,8 +539,6 @@ protected:
 	friend class Expr;
 	EqExpr()	{ }
 
-	Expr* DoSimplify();
-
 	Val* Fold(Val* v1, Val* v2) const;
 
 	DECLARE_SERIAL(EqExpr);
@@ -598,8 +553,6 @@ protected:
 	friend class Expr;
 	RelExpr()	{ }
 
-	Expr* DoSimplify();
-
 	DECLARE_SERIAL(RelExpr);
 };
 
@@ -612,7 +565,6 @@ public:
 	const Expr* Op2() const	{ return op2; }
 	const Expr* Op3() const	{ return op3; }
 
-	Expr* Simplify(SimplifyType simp_type);
 	Val* Eval(Frame* f) const;
 	int IsPure() const;
 
@@ -652,7 +604,6 @@ public:
 	AssignExpr(Expr* op1, Expr* op2, int is_init, Val* val = 0, attr_list* attrs = 0);
 	virtual ~AssignExpr()	{ Unref(val); }
 
-	Expr* Simplify(SimplifyType simp_type);
 	Val* Eval(Frame* f) const;
 	void EvalIntoAggregate(const BroType* t, Val* aggr, Frame* f) const;
 	BroType* InitType() const;
@@ -683,7 +634,6 @@ public:
 	void Add(Frame* f);
 	void Delete(Frame* f);
 
-	Expr* Simplify(SimplifyType simp_type);
 	void Assign(Frame* f, Val* v, Opcode op = OP_ASSIGN);
 	Expr* MakeLvalue();
 
@@ -714,7 +664,6 @@ public:
 
 	int CanDel() const;
 
-	Expr* Simplify(SimplifyType simp_type);
 	void Assign(Frame* f, Val* v, Opcode op = OP_ASSIGN);
 	void Delete(Frame* f);
 
@@ -866,8 +815,6 @@ protected:
 	friend class Expr;
 	ArithCoerceExpr()	{ }
 
-	Expr* DoSimplify();
-
 	Val* FoldSingleVal(Val* v, InternalTypeTag t) const;
 	Val* Fold(Val* v) const;
 
@@ -962,8 +909,6 @@ public:
 
 	int IsPure() const;
 
-	Expr* Simplify(SimplifyType simp_type);
-
 	Val* Eval(Frame* f) const;
 
 	Expr* When() const	{ return when; }
@@ -1007,7 +952,6 @@ public:
 
 	int IsPure() const;
 
-	Expr* Simplify(SimplifyType simp_type);
 	Val* Eval(Frame* f) const;
 
 	TraversalCode Traverse(TraversalCallback* cb) const;
@@ -1033,7 +977,6 @@ public:
 	ListExpr* Args() const		{ return args; }
 	EventHandlerPtr Handler()  const	{ return handler; }
 
-	Expr* Simplify(SimplifyType simp_type);
 	Val* Eval(Frame* f) const;
 
 	TraversalCode Traverse(TraversalCallback* cb) const;
@@ -1068,7 +1011,6 @@ public:
 	// True if the entire list represents constant values.
 	int AllConst() const;
 
-	Expr* Simplify(SimplifyType simp_type);
 	Val* Eval(Frame* f) const;
 
 	BroType* InitType() const;
@@ -1127,21 +1069,10 @@ extern int check_and_promote_exprs(ListExpr*& elements, TypeList* types);
 extern int check_and_promote_args(ListExpr*& args, RecordType* types);
 extern int check_and_promote_exprs_to_type(ListExpr*& elements, BroType* type);
 
-// Returns a fully simplified form of the expression.  Note that passed
-// expression and its subexpressions may be modified, Unref()'d, etc.
-Expr* simplify_expr(Expr* e, SimplifyType simp_type);
-
-// Returns a simplified ListExpr - guaranteed to still be a ListExpr,
-// even if it only contains one expr.
-ListExpr* simplify_expr_list(ListExpr* l, SimplifyType simp_type);
-
 // Returns a ListExpr simplified down to a list a values, or a nil
 // pointer if they couldn't all be reduced.
 val_list* eval_list(Frame* f, const ListExpr* l);
 
-// Returns true if two expressions are identical.
-extern int same_expr(const Expr* e1, const Expr* e2);
-
 // Returns true if e1 is "greater" than e2 - here "greater" is just
 // a heuristic, used with commutative operators to put them into
 // a canonical form.
diff --git a/src/Func.cc b/src/Func.cc
index 693a4535d4..82f73e1f19 100644
--- a/src/Func.cc
+++ b/src/Func.cc
@@ -54,6 +54,7 @@ const Expr* calling_expr = 0;
 bool did_builtin_init = false;
 
 vector<Func*> Func::unique_ids;
+static const std::pair<bool, Val*> empty_hook_result(false, NULL);
 
 Func::Func() : scope(0), type(0)
 	{
@@ -245,20 +246,31 @@ TraversalCode Func::Traverse(TraversalCallback* cb) const
 	HANDLE_TC_STMT_POST(tc);
 	}
 
-Val* Func::HandlePluginResult(Val* plugin_result, val_list* args, function_flavor flavor) const
+std::pair<bool, Val*> Func::HandlePluginResult(std::pair<bool, Val*> plugin_result, val_list* args, function_flavor flavor) const
 	{
-	// Helper function factoring out this code from BroFunc:Call() for better
-	// readability.
+	// Helper function factoring out this code from BroFunc:Call() for
+	// better readability.
+
+	if( ! plugin_result.first )
+		{
+		if( plugin_result.second )
+			reporter->InternalError("plugin set processed flag to false but actually returned a value");
+
+		// The plugin result hasn't been processed yet (read: fall
+		// into ::Call method).
+		return plugin_result;
+		}
 
 	switch ( flavor ) {
 	case FUNC_FLAVOR_EVENT:
-		Unref(plugin_result);
-		plugin_result = 0;
+		if( plugin_result.second )
+			reporter->InternalError("plugin returned non-void result for event %s", this->Name());
+
 		break;
 
 	case FUNC_FLAVOR_HOOK:
-		if ( plugin_result->Type()->Tag() != TYPE_BOOL )
-			reporter->InternalError("plugin returned non-bool for hook");
+		if ( plugin_result.second->Type()->Tag() != TYPE_BOOL )
+			reporter->InternalError("plugin returned non-bool for hook %s", this->Name());
 
 		break;
 
@@ -268,14 +280,14 @@ Val* Func::HandlePluginResult(Val* plugin_result, val_list* args, function_flavo
 
 		if ( (! yt) || yt->Tag() == TYPE_VOID )
 			{
-			Unref(plugin_result);
-			plugin_result = 0;
+			if( plugin_result.second )
+				reporter->InternalError("plugin returned non-void result for void method %s", this->Name());
 			}
 
-		else
+		else if ( plugin_result.second && plugin_result.second->Type()->Tag() != yt->Tag() && yt->Tag() != TYPE_ANY)
 			{
-			if ( plugin_result->Type()->Tag() != yt->Tag() )
-				reporter->InternalError("plugin returned wrong type for function call");
+			reporter->InternalError("plugin returned wrong type (got %d, expecting %d) for %s",
+						plugin_result.second->Type()->Tag(), yt->Tag(), this->Name());
 			}
 
 		break;
@@ -331,10 +343,15 @@ Val* BroFunc::Call(val_list* args, Frame* parent) const
 	if ( sample_logger )
 		sample_logger->FunctionSeen(this);
 
-	Val* plugin_result = PLUGIN_HOOK_WITH_RESULT(HOOK_CALL_FUNCTION, HookCallFunction(this, args), 0);
+	std::pair<bool, Val*> plugin_result = PLUGIN_HOOK_WITH_RESULT(HOOK_CALL_FUNCTION, HookCallFunction(this, parent, args), empty_hook_result);
 
-	if ( plugin_result )
-		return HandlePluginResult(plugin_result, args, Flavor());
+	plugin_result = HandlePluginResult(plugin_result, args, Flavor());
+
+	if( plugin_result.first )
+		{
+		Val *result = plugin_result.second;
+		return result;
+		}
 
 	if ( bodies.empty() )
 		{
@@ -425,11 +442,11 @@ Val* BroFunc::Call(val_list* args, Frame* parent) const
 	// Warn if the function returns something, but we returned from
 	// the function without an explicit return, or without a value.
 	else if ( FType()->YieldType() && FType()->YieldType()->Tag() != TYPE_VOID &&
-	     (flow != FLOW_RETURN /* we fell off the end */ ||
-	      ! result /* explicit return with no result */) &&
-	     ! f->HasDelayed() )
+		 (flow != FLOW_RETURN /* we fell off the end */ ||
+		  ! result /* explicit return with no result */) &&
+		 ! f->HasDelayed() )
 		reporter->Warning("non-void function returns without a value: %s",
-		                  Name());
+				  Name());
 
 	if ( result && g_trace_state.DoTrace() )
 		{
@@ -548,10 +565,15 @@ Val* BuiltinFunc::Call(val_list* args, Frame* parent) const
 	if ( sample_logger )
 		sample_logger->FunctionSeen(this);
 
-	Val* plugin_result = PLUGIN_HOOK_WITH_RESULT(HOOK_CALL_FUNCTION, HookCallFunction(this, args), 0);
+	std::pair<bool, Val*> plugin_result = PLUGIN_HOOK_WITH_RESULT(HOOK_CALL_FUNCTION, HookCallFunction(this, parent, args), empty_hook_result);
 
-	if ( plugin_result )
-		return HandlePluginResult(plugin_result, args, FUNC_FLAVOR_FUNCTION);
+	plugin_result = HandlePluginResult(plugin_result, args, FUNC_FLAVOR_FUNCTION);
+
+	if ( plugin_result.first )
+		{
+		Val *result = plugin_result.second;
+		return result;
+		}
 
 	if ( g_trace_state.DoTrace() )
 		{
diff --git a/src/Func.h b/src/Func.h
index 446043d581..0e50d546f4 100644
--- a/src/Func.h
+++ b/src/Func.h
@@ -3,6 +3,8 @@
 #ifndef func_h
 #define func_h
 
+#include <utility>
+
 #include "BroList.h"
 #include "Obj.h"
 #include "Debug.h"
@@ -71,7 +73,7 @@ protected:
 	Func();
 
 	// Helper function for handling result of plugin hook.
-	Val* HandlePluginResult(Val* plugin_result, val_list* args, function_flavor flavor) const;
+	std::pair<bool, Val*> HandlePluginResult(std::pair<bool, Val*> plugin_result, val_list* args, function_flavor flavor) const;
 
 	DECLARE_ABSTRACT_SERIAL(Func);
 
diff --git a/src/Net.cc b/src/Net.cc
index adac9c02fd..af542cb1a6 100644
--- a/src/Net.cc
+++ b/src/Net.cc
@@ -34,6 +34,10 @@
 #include "iosource/PktDumper.h"
 #include "plugin/Manager.h"
 
+#ifdef ENABLE_BROKER
+#include "broker/Manager.h"
+#endif
+
 extern "C" {
 #include "setsignal.h"
 };
@@ -315,6 +319,11 @@ void net_run()
 			}
 #endif
 		current_iosrc = src;
+		bool communication_enabled = using_communication;
+
+#ifdef ENABLE_BROKER
+		communication_enabled |= broker_mgr->Enabled();
+#endif
 
 		if ( src )
 			src->Process();	// which will call net_packet_dispatch()
@@ -332,7 +341,7 @@ void net_run()
 				}
 			}
 
-		else if ( (have_pending_timers || using_communication) &&
+		else if ( (have_pending_timers || communication_enabled) &&
 			  ! pseudo_realtime )
 			{
 			// Take advantage of the lull to get up to
@@ -347,7 +356,7 @@ void net_run()
 			// us a lot of idle time, but doesn't delay near-term
 			// timers too much.  (Delaying them somewhat is okay,
 			// since Bro timers are not high-precision anyway.)
-			if ( ! using_communication )
+			if ( ! communication_enabled )
 				usleep(100000);
 			else
 				usleep(1000);
diff --git a/src/NetVar.cc b/src/NetVar.cc
index 7c66b55bc2..123e947701 100644
--- a/src/NetVar.cc
+++ b/src/NetVar.cc
@@ -10,6 +10,7 @@ RecordType* endpoint;
 RecordType* endpoint_stats;
 RecordType* connection_type;
 RecordType* fa_file_type;
+RecordType* fa_metadata_type;
 RecordType* icmp_conn;
 RecordType* icmp_context;
 RecordType* SYN_packet;
@@ -178,6 +179,7 @@ RecordType* peer;
 int forward_remote_state_changes;
 int forward_remote_events;
 int remote_check_sync_consistency;
+bro_uint_t chunked_io_buffer_soft_cap;
 
 StringVal* ssl_ca_certificate;
 StringVal* ssl_private_key;
@@ -276,6 +278,7 @@ void init_general_global_var()
 	forward_remote_events = opt_internal_int("forward_remote_events");
 	remote_check_sync_consistency =
 		opt_internal_int("remote_check_sync_consistency");
+	chunked_io_buffer_soft_cap = opt_internal_unsigned("chunked_io_buffer_soft_cap");
 
 	ssl_ca_certificate = internal_val("ssl_ca_certificate")->AsStringVal();
 	ssl_private_key = internal_val("ssl_private_key")->AsStringVal();
@@ -316,6 +319,7 @@ void init_net_var()
 	endpoint_stats = internal_type("endpoint_stats")->AsRecordType();
 	connection_type = internal_type("connection")->AsRecordType();
 	fa_file_type = internal_type("fa_file")->AsRecordType();
+	fa_metadata_type = internal_type("fa_metadata")->AsRecordType();
 	icmp_conn = internal_type("icmp_conn")->AsRecordType();
 	icmp_context = internal_type("icmp_context")->AsRecordType();
 	signature_state = internal_type("signature_state")->AsRecordType();
diff --git a/src/NetVar.h b/src/NetVar.h
index edd70d1ea6..bf2d9a5712 100644
--- a/src/NetVar.h
+++ b/src/NetVar.h
@@ -13,6 +13,7 @@ extern RecordType* endpoint;
 extern RecordType* endpoint_stats;
 extern RecordType* connection_type;
 extern RecordType* fa_file_type;
+extern RecordType* fa_metadata_type;
 extern RecordType* icmp_conn;
 extern RecordType* icmp_context;
 extern RecordType* signature_state;
@@ -181,6 +182,7 @@ extern RecordType* peer;
 extern int forward_remote_state_changes;
 extern int forward_remote_events;
 extern int remote_check_sync_consistency;
+extern bro_uint_t chunked_io_buffer_soft_cap;
 
 extern StringVal* ssl_ca_certificate;
 extern StringVal* ssl_private_key;
diff --git a/src/RE.cc b/src/RE.cc
index 4855b0e39a..f52eff47eb 100644
--- a/src/RE.cc
+++ b/src/RE.cc
@@ -20,9 +20,6 @@ int case_insensitive = 0;
 extern int RE_parse(void);
 extern void RE_set_input(const char* str);
 
-// If true, the set-wise matching always returns false - for benchmarking.
-extern int rule_bench;
-
 Specific_RE_Matcher::Specific_RE_Matcher(match_type arg_mt, int arg_multiline)
 : equiv_class(NUM_SYM)
 	{
@@ -279,9 +276,6 @@ inline void RE_Match_State::AddMatches(const AcceptingSet& as,
 bool RE_Match_State::Match(const u_char* bv, int n,
 				bool bol, bool eol, bool clear)
 	{
-	if ( rule_bench > 0 )
-		return false;
-
 	if ( current_pos == -1 )
 		{
 		// First call to Match().
diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc
index 9756e0b0ae..d359c1ea5d 100644
--- a/src/RemoteSerializer.cc
+++ b/src/RemoteSerializer.cc
@@ -542,6 +542,9 @@ RemoteSerializer::RemoteSerializer()
 	current_msgtype = 0;
 	current_args = 0;
 	source_peer = 0;
+
+	// Register as a "dont-count" source first, we may change that later.
+	iosource_mgr->Register(this, true);
 	}
 
 RemoteSerializer::~RemoteSerializer()
@@ -571,8 +574,6 @@ void RemoteSerializer::Enable()
 
 	Fork();
 
-	iosource_mgr->Register(this);
-
 	Log(LogInfo, fmt("communication started, parent pid is %d, child pid is %d", getpid(), child_pid));
 	initialized = 1;
 	}
@@ -612,6 +613,9 @@ void RemoteSerializer::Fork()
 	if ( child_pid )
 		return;
 
+	// Register as a "does-count" source now.
+	iosource_mgr->Register(this, false);
+
 	// If we are re-forking, remove old entries
 	loop_over_list(peers, i)
 		RemovePeer(peers[i]);
@@ -3460,7 +3464,8 @@ void SocketComm::Run()
 		int a = select(max_fd + 1, &fd_read, &fd_write, &fd_except, 0);
 
 		if ( selects % 100000 == 0 )
-			Log(fmt("selects=%ld canwrites=%ld", selects, canwrites));
+			Log(fmt("selects=%ld canwrites=%ld pending=%lu",
+			        selects, canwrites, io->Stats()->pending));
 
 		if ( a < 0 )
 			// Ignore errors for now.
diff --git a/src/Reporter.cc b/src/Reporter.cc
index 9002633b10..cd1aa09d4c 100644
--- a/src/Reporter.cc
+++ b/src/Reporter.cc
@@ -123,6 +123,19 @@ void Reporter::ExprRuntimeError(const Expr* expr, const char* fmt, ...)
 	throw InterpreterException();
 	}
 
+void Reporter::RuntimeError(const Location* location, const char* fmt, ...)
+	{
+	++errors;
+	PushLocation(location);
+	va_list ap;
+	va_start(ap, fmt);
+	FILE* out = errors_to_stderr ? stderr : 0;
+	DoLog("runtime error", reporter_error, out, 0, 0, true, true, "", fmt, ap);
+	va_end(ap);
+	PopLocation();
+	throw InterpreterException();
+	}
+
 void Reporter::InternalError(const char* fmt, ...)
 	{
 	va_list ap;
diff --git a/src/Reporter.h b/src/Reporter.h
index e477ad8934..52bcd7d02a 100644
--- a/src/Reporter.h
+++ b/src/Reporter.h
@@ -73,6 +73,10 @@ public:
 	// function will not return but raise an InterpreterException.
 	void ExprRuntimeError(const Expr* expr, const char* fmt, ...);
 
+	// Report a runtime error in evaluating a Bro script expression. This
+	// function will not return but raise an InterpreterException.
+	void RuntimeError(const Location* location, const char* fmt, ...);
+
 	// Report a traffic weirdness, i.e., an unexpected protocol situation
 	// that may lead to incorrectly processing a connnection.
 	void Weird(const char* name);	// Raises net_weird().
diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc
index ca08388b10..967c4e4e65 100644
--- a/src/RuleMatcher.cc
+++ b/src/RuleMatcher.cc
@@ -577,9 +577,6 @@ RuleFileMagicState* RuleMatcher::InitFileMagic() const
 	{
 	RuleFileMagicState* state = new RuleFileMagicState();
 
-	if ( rule_bench == 3 )
-		return state;
-
 	loop_over_list(root->psets[Rule::FILE_MAGIC], i)
 		{
 		RuleHdrTest::PatternSet* set = root->psets[Rule::FILE_MAGIC][i];
@@ -630,9 +627,6 @@ RuleMatcher::MIME_Matches* RuleMatcher::Match(RuleFileMagicState* state,
 		return rval;
 		}
 
-	if ( rule_bench >= 2 )
-		return rval;
-
 #ifdef DEBUG
 	if ( debug_logger.IsEnabled(DBG_RULES) )
 		{
@@ -712,9 +706,6 @@ RuleEndpointState* RuleMatcher::InitEndpoint(analyzer::Analyzer* analyzer,
 	RuleEndpointState* state =
 		new RuleEndpointState(analyzer, from_orig, opposite, pia);
 
-	if ( rule_bench == 3 )
-		return state;
-
 	rule_hdr_test_list tests;
 	tests.append(root);
 
@@ -837,9 +828,6 @@ void RuleMatcher::Match(RuleEndpointState* state, Rule::PatternType type,
 	// for 'accepted' (that depends on the average number of matching
 	// patterns).
 
-	if ( rule_bench >= 2 )
-		return;
-
 	bool newmatch = false;
 
 #ifdef DEBUG
@@ -956,9 +944,6 @@ void RuleMatcher::Match(RuleEndpointState* state, Rule::PatternType type,
 
 void RuleMatcher::FinishEndpoint(RuleEndpointState* state)
 	{
-	if ( rule_bench == 3 )
-		return;
-
 	// Send EOL to payload matchers.
 	Match(state, Rule::PAYLOAD, (const u_char *) "", 0, false, true, false);
 
@@ -1110,15 +1095,9 @@ void RuleMatcher::ExecRule(Rule* rule, RuleEndpointState* state, bool eos)
 
 void RuleMatcher::ClearEndpointState(RuleEndpointState* state)
 	{
-	if ( rule_bench == 3 )
-		return;
+	state->payload_size = -1;
 
 	ExecPureRules(state, 1);
-	state->payload_size = -1;
-	state->matched_by_patterns.clear();
-	loop_over_list(state->matched_text, i)
-		delete state->matched_text[i];
-	state->matched_text.clear();
 
 	loop_over_list(state->matchers, j)
 		state->matchers[j]->state->Clear();
@@ -1126,9 +1105,6 @@ void RuleMatcher::ClearEndpointState(RuleEndpointState* state)
 
 void RuleMatcher::ClearFileMagicState(RuleFileMagicState* state) const
 	{
-	if ( rule_bench == 3 )
-		return;
-
 	loop_over_list(state->matchers, j)
 		state->matchers[j]->state->Clear();
 	}
@@ -1496,8 +1472,12 @@ void RuleMatcherState::ClearMatchState(bool orig)
 	if ( ! rule_matcher )
 		return;
 
-	if ( orig_match_state )
-		rule_matcher->ClearEndpointState(orig_match_state);
-	if ( resp_match_state )
+	if ( orig )
+		{
+		if ( orig_match_state )
+			rule_matcher->ClearEndpointState(orig_match_state);
+		}
+
+	else if ( resp_match_state )
 		rule_matcher->ClearEndpointState(resp_match_state);
 	}
diff --git a/src/RuleMatcher.h b/src/RuleMatcher.h
index da2838cb6d..6ffc971db1 100644
--- a/src/RuleMatcher.h
+++ b/src/RuleMatcher.h
@@ -22,8 +22,6 @@
 
 //#define MATCHER_PRINT_STATS
 
-extern int rule_bench;
-
 // Parser interface:
 
 extern void rules_error(const char* msg);
diff --git a/src/SerialTypes.h b/src/SerialTypes.h
index e50ec3889f..cf2c52a08b 100644
--- a/src/SerialTypes.h
+++ b/src/SerialTypes.h
@@ -113,6 +113,8 @@ SERIAL_VAL(TOPK_VAL, 20)
 SERIAL_VAL(BLOOMFILTER_VAL, 21)
 SERIAL_VAL(CARDINALITY_VAL, 22)
 SERIAL_VAL(X509_VAL, 23)
+SERIAL_VAL(COMM_STORE_HANDLE_VAL, 24)
+SERIAL_VAL(COMM_DATA_VAL, 25)
 
 #define SERIAL_EXPR(name, val) SERIAL_CONST(name, val, EXPR)
 SERIAL_EXPR(EXPR, 1)
diff --git a/src/Sessions.cc b/src/Sessions.cc
index ffc2baf944..086216e93d 100644
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@@ -466,6 +466,7 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 	id.src_addr = ip_hdr->SrcAddr();
 	id.dst_addr = ip_hdr->DstAddr();
 	Dictionary* d = 0;
+	BifEnum::Tunnel::Type tunnel_type = BifEnum::Tunnel::IP;
 
 	switch ( proto ) {
 	case IPPROTO_TCP:
@@ -606,6 +607,8 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 
 		// Treat GRE tunnel like IP tunnels, fallthrough to logic below now
 		// that GRE header is stripped and only payload packet remains.
+		// The only thing different is the tunnel type enum value to use.
+		tunnel_type = BifEnum::Tunnel::GRE;
 		}
 
 	case IPPROTO_IPV4:
@@ -653,7 +656,8 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 
 		if ( it == ip_tunnels.end() )
 			{
-			EncapsulatingConn ec(ip_hdr->SrcAddr(), ip_hdr->DstAddr());
+			EncapsulatingConn ec(ip_hdr->SrcAddr(), ip_hdr->DstAddr(),
+			                     tunnel_type);
 			ip_tunnels[tunnel_idx] = TunnelActivity(ec, network_time);
 			timer_mgr->Add(new IPTunnelTimer(network_time, tunnel_idx));
 			}
diff --git a/src/Stats.cc b/src/Stats.cc
index 01ca0a41d3..00f603cba7 100644
--- a/src/Stats.cc
+++ b/src/Stats.cc
@@ -10,6 +10,10 @@
 #include "Trigger.h"
 #include "threading/Manager.h"
 
+#ifdef ENABLE_BROKER
+#include "broker/Manager.h"
+#endif
+
 int killed_by_inactivity = 0;
 
 uint64 tot_ack_events = 0;
@@ -222,6 +226,26 @@ void ProfileLogger::Log()
 			    ));
 		}
 
+#ifdef ENABLE_BROKER
+	auto cs = broker_mgr->ConsumeStatistics();
+
+	file->Write(fmt("%0.6f Comm: peers=%zu stores=%zu "
+	                "store_queries=%zu store_responses=%zu "
+	                "outgoing_conn_status=%zu incoming_conn_status=%zu "
+	                "reports=%zu\n",
+	                network_time, cs.outgoing_peer_count, cs.data_store_count,
+	                cs.pending_query_count, cs.response_count,
+	                cs.outgoing_conn_status_count, cs.incoming_conn_status_count,
+	                cs.report_count));
+
+	for ( const auto& s : cs.print_count )
+		file->Write(fmt("    %-25s prints dequeued=%zu\n", s.first.data(), s.second));
+	for ( const auto& s : cs.event_count )
+		file->Write(fmt("    %-25s events dequeued=%zu\n", s.first.data(), s.second));
+	for ( const auto& s : cs.log_count )
+		file->Write(fmt("    %-25s logs dequeued=%zu\n", s.first.data(), s.second));
+#endif
+
 	// Script-level state.
 	unsigned int size, mem = 0;
 	PDict(ID)* globals = global_scope()->Vars();
diff --git a/src/Stmt.cc b/src/Stmt.cc
index d2f8c48cee..932943803c 100644
--- a/src/Stmt.cc
+++ b/src/Stmt.cc
@@ -79,11 +79,6 @@ bool Stmt::SetLocationInfo(const Location* start, const Location* end)
 	return true;
 	}
 
-Stmt* Stmt::Simplify()
-	{
-	return this;
-	}
-
 int Stmt::IsPure() const
 	{
 	return 0;
@@ -201,18 +196,6 @@ Val* ExprListStmt::Exec(Frame* f, stmt_flow_type& flow) const
 		return 0;
 	}
 
-Stmt* ExprListStmt::Simplify()
-	{
-	l = simplify_expr_list(l, SIMPLIFY_GENERAL);
-	DoSimplify();
-	return this;
-	}
-
-Stmt* ExprListStmt::DoSimplify()
-	{
-	return this;
-	}
-
 void ExprListStmt::Describe(ODesc* d) const
 	{
 	Stmt::Describe(d);
@@ -383,17 +366,6 @@ Val* ExprStmt::DoExec(Frame* /* f */, Val* /* v */, stmt_flow_type& /* flow */)
 	return 0;
 	}
 
-Stmt* ExprStmt::Simplify()
-	{
-	e = simplify_expr(e, SIMPLIFY_GENERAL);
-	return DoSimplify();
-	}
-
-Stmt* ExprStmt::DoSimplify()
-	{
-	return this;
-	}
-
 int ExprStmt::IsPure() const
 	{
 	return ! e || e->IsPure();
@@ -490,33 +462,6 @@ Val* IfStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const
 	return result;
 	}
 
-Stmt* IfStmt::DoSimplify()
-	{
-	s1 = simplify_stmt(s1);
-	s2 = simplify_stmt(s2);
-
-	if ( e->IsConst() )
-		{
-		if ( ! optimize )
-			Warn("constant in conditional");
-
-		return e->IsZero() ? s2->Ref() : s1->Ref();
-		}
-
-	if ( e->Tag() == EXPR_NOT )
-		{
-		Stmt* t = s1;
-		s1 = s2;
-		s2 = t;
-
-		e = new NotExpr(e);
-
-		return Simplify();
-		}
-
-	return this;
-	}
-
 int IfStmt::IsPure() const
 	{
 	return e->IsPure() && s1->IsPure() && s2->IsPure();
@@ -602,7 +547,7 @@ static BroStmtTag get_last_stmt_tag(const Stmt* stmt)
 	}
 
 Case::Case(ListExpr* c, Stmt* arg_s)
-    : cases(simplify_expr_list(c, SIMPLIFY_GENERAL)), s(arg_s)
+    : cases(c), s(arg_s)
 	{
 	BroStmtTag t = get_last_stmt_tag(Body());
 
@@ -729,8 +674,8 @@ SwitchStmt::SwitchStmt(Expr* index, case_list* arg_cases) :
 
 	loop_over_list(*cases, i)
 		{
-		const Case* c = (*cases)[i];
-		const ListExpr* le = c->Cases();
+		Case* c = (*cases)[i];
+		ListExpr* le = c->Cases();
 
 		if ( le )
 			{
@@ -740,10 +685,53 @@ SwitchStmt::SwitchStmt(Expr* index, case_list* arg_cases) :
 				continue;
 				}
 
-			const expr_list& exprs = le->Exprs();
+			expr_list& exprs = le->Exprs();
 
 			loop_over_list(exprs, j)
 				{
+				if ( ! exprs[j]->IsConst() )
+					{
+					Expr* expr = exprs[j];
+
+					switch ( expr->Tag() ) {
+					// Simplify trivial unary plus/minus expressions on consts.
+					case EXPR_NEGATE:
+						{
+						NegExpr* ne = (NegExpr*)(expr);
+
+						if ( ne->Op()->IsConst() )
+							Unref(exprs.replace(j, new ConstExpr(ne->Eval(0))));
+						}
+						break;
+
+					case EXPR_POSITIVE:
+						{
+						PosExpr* pe = (PosExpr*)(expr);
+
+						if ( pe->Op()->IsConst() )
+							Unref(exprs.replace(j, new ConstExpr(pe->Eval(0))));
+						}
+						break;
+
+					case EXPR_NAME:
+						{
+						NameExpr* ne = (NameExpr*)(expr);
+
+						if ( ne->Id()->IsConst() )
+							{
+							Val* v = ne->Eval(0);
+
+							if ( v )
+								Unref(exprs.replace(j, new ConstExpr(v)));
+							}
+						}
+						break;
+
+					default:
+						break;
+					}
+					}
+
 				if ( ! exprs[j]->IsConst() )
 					exprs[j]->Error("case label expression isn't constant");
 				else
@@ -845,36 +833,6 @@ Val* SwitchStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const
 	return rval;
 	}
 
-Stmt* SwitchStmt::DoSimplify()
-	{
-	loop_over_list(*cases, i)
-		{
-		Case* c = (*cases)[i];
-		ListExpr* new_cases = simplify_expr_list(c->Cases(), SIMPLIFY_GENERAL);
-		Stmt* new_body = simplify_stmt(c->Body());
-
-		if ( new_cases != c->Cases() || new_body != c->Body() )
-			{
-			cases->replace(i, new Case(new_cases, new_body));
-			Unref(c);
-			}
-		}
-
-	if ( e->IsConst() )
-		{
-		// Could possibly remove all case labels before the one
-		// that will match, but may be tricky to tell if any
-		// subsequent ones can also be removed since it depends
-		// on the evaluation of the body executing a break/return
-		// statement.  Then still need a way to bypass the lookup
-		// DoExec for it to be beneficial.
-		if ( ! optimize )
-			Warn("constant in switch");
-		}
-
-	return this;
-	}
-
 int SwitchStmt::IsPure() const
 	{
 	if ( ! e->IsPure() )
@@ -1212,17 +1170,6 @@ Val* WhileStmt::Exec(Frame* f, stmt_flow_type& flow) const
 	return rval;
 	}
 
-Stmt* WhileStmt::Simplify()
-	{
-	loop_condition = simplify_expr(loop_condition, SIMPLIFY_GENERAL);
-
-	if ( loop_condition->IsConst() && loop_condition->IsZero() )
-		return new NullStmt();
-
-	body = simplify_stmt(body);
-	return this;
-	}
-
 IMPLEMENT_SERIAL(WhileStmt, SER_WHILE_STMT);
 
 bool WhileStmt::DoSerialize(SerialInfo* info) const
@@ -1416,21 +1363,6 @@ Val* ForStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const
 	return ret;
 	}
 
-Stmt* ForStmt::DoSimplify()
-	{
-	body = simplify_stmt(body);
-
-	if ( e->IsConst() )
-		{
-		const PDict(TableEntryVal)* vt = e->ExprVal()->AsTable();
-
-		if ( vt->Length() == 0 )
-			return new NullStmt();
-		}
-
-	return this;
-	}
-
 int ForStmt::IsPure() const
 	{
 	return e->IsPure() && body->IsPure();
@@ -1774,20 +1706,6 @@ Val* StmtList::Exec(Frame* f, stmt_flow_type& flow) const
 	return 0;
 	}
 
-Stmt* StmtList::Simplify()
-	{
-	if ( stmts.length() == 0 )
-		return new NullStmt();
-
-	if ( stmts.length() == 1 )
-		return stmts[0]->Ref();
-
-	loop_over_list(stmts, i)
-		stmts.replace(i, simplify_stmt(stmts[i]));
-
-	return this;
-	}
-
 int StmtList::IsPure() const
 	{
 	loop_over_list(stmts, i)
@@ -1909,17 +1827,6 @@ Val* EventBodyList::Exec(Frame* f, stmt_flow_type& flow) const
 	return 0;
 	}
 
-Stmt* EventBodyList::Simplify()
-	{
-	if ( stmts.length() <= 1 )
-		// Don't simplify these, we don't want to lose our
-		// "execute even across returns" property.
-		return this;
-
-	else
-		return StmtList::Simplify();
-	}
-
 void EventBodyList::Describe(ODesc* d) const
 	{
 	if ( d->IsReadable() && stmts.length() > 0 )
@@ -2168,19 +2075,6 @@ Val* WhenStmt::Exec(Frame* f, stmt_flow_type& flow) const
 	return 0;
 	}
 
-Stmt* WhenStmt::Simplify()
-	{
-	cond = simplify_expr(cond, SIMPLIFY_GENERAL);
-	s1 = simplify_stmt(s1);
-	if ( s2 )
-		s2 = simplify_stmt(s2);
-
-	if ( cond->IsPure() )
-		Warn("non-varying expression in when clause");
-
-	return this;
-	}
-
 int WhenStmt::IsPure() const
 	{
 	return cond->IsPure() && s1->IsPure() && (! s2 || s2->IsPure());
@@ -2276,172 +2170,3 @@ bool WhenStmt::DoUnserialize(UnserialInfo* info)
 
 	return true;
 	}
-
-Stmt* simplify_stmt(Stmt* s)
-	{
-	for ( Stmt* ss = s->Simplify(); ss != s; ss = s->Simplify() )
-		{
-		Unref(s);
-		s = ss;
-		}
-
-	return s;
-	}
-
-int same_stmt(const Stmt* s1, const Stmt* s2)
-	{
-	if ( s1 == s2 )
-		return 1;
-
-	if ( s1->Tag() != s2->Tag() )
-		return 0;
-
-	switch ( s1->Tag() ) {
-	case STMT_PRINT:
-		{
-		const ListExpr* l1 = ((const ExprListStmt*) s1)->ExprList();
-		const ListExpr* l2 = ((const ExprListStmt*) s2)->ExprList();
-		return same_expr(l1, l2);
-		}
-
-	case STMT_ADD:
-	case STMT_DELETE:
-	case STMT_RETURN:
-	case STMT_EXPR:
-	case STMT_EVENT:
-		{
-		const ExprStmt* e1 = (const ExprStmt*) s1;
-		const ExprStmt* e2 = (const ExprStmt*) s2;
-		return same_expr(e1->StmtExpr(), e2->StmtExpr());
-		}
-
-	case STMT_FOR:
-		{
-		const ForStmt* f1 = (const ForStmt*) s1;
-		const ForStmt* f2 = (const ForStmt*) s2;
-
-		return f1->LoopVar() == f2->LoopVar() &&
-			same_expr(f1->LoopExpr(), f2->LoopExpr()) &&
-			same_stmt(f1->LoopBody(), f2->LoopBody());
-		}
-
-	case STMT_IF:
-		{
-		const IfStmt* i1 = (const IfStmt*) s1;
-		const IfStmt* i2 = (const IfStmt*) s2;
-
-		if ( ! same_expr(i1->StmtExpr(), i2->StmtExpr()) )
-			return 0;
-
-		if ( i1->TrueBranch() || i2->TrueBranch() )
-			{
-			if ( ! i1->TrueBranch() || ! i2->TrueBranch() )
-				return 0;
-			if ( ! same_stmt(i1->TrueBranch(), i2->TrueBranch()) )
-				return 0;
-			}
-
-		if ( i1->FalseBranch() || i2->FalseBranch() )
-			{
-			if ( ! i1->FalseBranch() || ! i2->FalseBranch() )
-				return 0;
-			if ( ! same_stmt(i1->FalseBranch(), i2->FalseBranch()) )
-				return 0;
-			}
-
-		return 1;
-		}
-
-	case STMT_SWITCH:
-		{
-		const SwitchStmt* sw1 = (const SwitchStmt*) s1;
-		const SwitchStmt* sw2 = (const SwitchStmt*) s2;
-
-		if ( ! same_expr(sw1->StmtExpr(), sw2->StmtExpr()) )
-			return 0;
-
-		const case_list* c1 = sw1->Cases();
-		const case_list* c2 = sw1->Cases();
-
-		if ( c1->length() != c2->length() )
-			return 0;
-
-		loop_over_list(*c1, i)
-			{
-			if ( ! same_expr((*c1)[i]->Cases(), (*c2)[i]->Cases()) )
-				return 0;
-			if ( ! same_stmt((*c1)[i]->Body(), (*c2)[i]->Body()) )
-				return 0;
-			}
-
-		return 1;
-		}
-
-	case STMT_LIST:
-	case STMT_EVENT_BODY_LIST:
-		{
-		const stmt_list& l1 = ((const StmtList*) s1)->Stmts();
-		const stmt_list& l2 = ((const StmtList*) s2)->Stmts();
-
-		if ( l1.length() != l2.length() )
-			return 0;
-
-		loop_over_list(l1, i)
-			if ( ! same_stmt(l1[i], l2[i]) )
-				return 0;
-
-		return 1;
-		}
-
-	case STMT_INIT:
-		{
-		const id_list* i1 = ((const InitStmt*) s1)->Inits();
-		const id_list* i2 = ((const InitStmt*) s2)->Inits();
-
-		if ( i1->length() != i2->length() )
-			return 0;
-
-		loop_over_list(*i1, i)
-			if ( (*i1)[i] != (*i2)[i] )
-				return 0;
-
-		return 1;
-		}
-
-	case STMT_WHEN:
-		{
-		const WhenStmt* w1 = (const WhenStmt*) s1;
-		const WhenStmt* w2 = (const WhenStmt*) s2;
-
-		if ( ! same_expr(w1->Cond(), w2->Cond()) )
-			return 0;
-
-		if ( ! same_stmt(w1->Body(), w2->Body()) )
-			return 0;
-
-		if ( w1->TimeoutBody() || w2->TimeoutBody() )
-			{
-			if ( ! w1->TimeoutBody() || ! w2->TimeoutBody() )
-				return 0;
-
-			if ( ! same_expr(w1->TimeoutExpr(), w2->TimeoutExpr()) )
-				return 0;
-
-			if ( ! same_stmt(w1->TimeoutBody(), w2->TimeoutBody()) )
-				return 0;
-			}
-
-		return 1;
-		}
-
-	case STMT_NEXT:
-	case STMT_BREAK:
-	case STMT_NULL:
-		return 1;
-
-	default:
-		reporter->Error("bad tag in same_stmt()");
-	}
-
-	return 0;
-	}
diff --git a/src/Stmt.h b/src/Stmt.h
index 9f0621e567..36fe624e68 100644
--- a/src/Stmt.h
+++ b/src/Stmt.h
@@ -33,10 +33,6 @@ public:
 		{ return Stmt::SetLocationInfo(loc, loc); }
 	bool SetLocationInfo(const Location* start, const Location* end);
 
-	// Returns a fully simplified version of the statement (this
-	// may be the same statement, or a newly created one).
-	virtual Stmt* Simplify();
-
 	// True if the statement has no side effects, false otherwise.
 	virtual int IsPure() const;
 
@@ -112,9 +108,6 @@ protected:
 	Val* Exec(Frame* f, stmt_flow_type& flow) const;
 	virtual Val* DoExec(val_list* vals, stmt_flow_type& flow) const = 0;
 
-	Stmt* Simplify();
-	virtual Stmt* DoSimplify();
-
 	void Describe(ODesc* d) const;
 	void PrintVals(ODesc* d, val_list* vals, int offset) const;
 
@@ -156,12 +149,8 @@ protected:
 
 	virtual Val* DoExec(Frame* f, Val* v, stmt_flow_type& flow) const;
 
-	Stmt* Simplify();
 	int IsPure() const;
 
-	// Called by Simplify(), after the expression's been simplified.
-	virtual Stmt* DoSimplify();
-
 	DECLARE_SERIAL(ExprStmt);
 
 	Expr* e;
@@ -184,7 +173,6 @@ protected:
 	IfStmt()	{ s1 = s2 = 0; }
 
 	Val* DoExec(Frame* f, Val* v, stmt_flow_type& flow) const;
-	Stmt* DoSimplify();
 	int IsPure() const;
 
 	DECLARE_SERIAL(IfStmt);
@@ -237,7 +225,6 @@ protected:
 	SwitchStmt()	{ cases = 0; default_case_idx = -1; comp_hash = 0; }
 
 	Val* DoExec(Frame* f, Val* v, stmt_flow_type& flow) const;
-	Stmt* DoSimplify();
 	int IsPure() const;
 
 	DECLARE_SERIAL(SwitchStmt);
@@ -329,7 +316,6 @@ protected:
 		{ loop_condition = 0; body = 0; }
 
 	Val* Exec(Frame* f, stmt_flow_type& flow) const;
-	Stmt* Simplify();
 
 	DECLARE_SERIAL(WhileStmt);
 
@@ -359,7 +345,6 @@ protected:
 	ForStmt()	{ loop_vars = 0; body = 0; }
 
 	Val* DoExec(Frame* f, Val* v, stmt_flow_type& flow) const;
-	Stmt* DoSimplify();
 
 	DECLARE_SERIAL(ForStmt);
 
@@ -442,7 +427,6 @@ public:
 	TraversalCode Traverse(TraversalCallback* cb) const;
 
 protected:
-	Stmt* Simplify();
 	int IsPure() const;
 
 	DECLARE_SERIAL(StmtList);
@@ -464,7 +448,6 @@ public:
 	// bool IsTopmost()	{ return topmost; }
 
 protected:
-	Stmt* Simplify();
 
 	DECLARE_SERIAL(EventBodyList);
 
@@ -522,7 +505,6 @@ public:
 
 	Val* Exec(Frame* f, stmt_flow_type& flow) const;
 	int IsPure() const;
-	Stmt* Simplify();
 
 	const Expr* Cond() const	{ return cond; }
 	const Stmt* Body() const	{ return s1; }
@@ -545,7 +527,4 @@ protected:
 	bool is_return;
 };
 
-extern Stmt* simplify_stmt(Stmt* s);
-extern int same_stmt(const Stmt* s1, const Stmt* s2);
-
 #endif
diff --git a/src/Trigger.cc b/src/Trigger.cc
index 099027f4e0..772a991791 100644
--- a/src/Trigger.cc
+++ b/src/Trigger.cc
@@ -112,6 +112,7 @@ Trigger::Trigger(Expr* arg_cond, Stmt* arg_body, Stmt* arg_timeout_stmts,
 	attached = 0;
 	is_return = arg_is_return;
 	location = arg_location;
+	timeout_value = -1;
 
 	++total_triggers;
 
@@ -133,17 +134,22 @@ Trigger::Trigger(Expr* arg_cond, Stmt* arg_body, Stmt* arg_timeout_stmts,
 
 	Val* timeout_val = arg_timeout ? arg_timeout->Eval(arg_frame) : 0;
 
+	if ( timeout_val )
+		{
+		Unref(timeout_val);
+		timeout_value = timeout_val->AsInterval();
+		}
+
 	// Make sure we don't get deleted if somebody calls a method like
 	// Timeout() while evaluating the trigger. 
 	Ref(this);
 
-	if ( ! Eval() && timeout_val )
+	if ( ! Eval() && timeout_value >= 0 )
 		{
-		timer = new TriggerTimer(timeout_val->AsInterval(), this);
+		timer = new TriggerTimer(timeout_value, this);
 		timer_mgr->Add(timer);
 		}
 
-	Unref(timeout_val);
 	Unref(this);
 	}
 
diff --git a/src/Trigger.h b/src/Trigger.h
index b752ea8ada..3af9ddf1b0 100644
--- a/src/Trigger.h
+++ b/src/Trigger.h
@@ -32,6 +32,10 @@ public:
 	// Executes timeout code and deletes the object.
 	void Timeout();
 
+	// Return the timeout interval (negative if none was specified).
+	double TimeoutValue() const
+		{ return timeout_value; }
+
 	// Called if another entity needs to complete its operations first
 	// in any case before this trigger can proceed.
 	void Hold()	{ delayed = true; }
@@ -51,6 +55,8 @@ public:
 	// may not immediately delete it as other references may still exist.
 	void Disable();
 
+	bool Disabled() const { return disabled; }
+
 	virtual void Describe(ODesc* d) const { d->Add("<trigger>"); }
 
 	// Overidden from Notifier.  We queue the trigger and evaluate it
@@ -87,6 +93,7 @@ private:
 	Stmt* body;
 	Stmt* timeout_stmts;
 	Expr* timeout;
+	double timeout_value;
 	Frame* frame;
 	bool is_return;
 	const Location* location;
diff --git a/src/TunnelEncapsulation.h b/src/TunnelEncapsulation.h
index 23f8966ee7..419a3000b4 100644
--- a/src/TunnelEncapsulation.h
+++ b/src/TunnelEncapsulation.h
@@ -37,10 +37,12 @@ public:
 	 *
 	 * @param s The tunnel source address, likely taken from an IP header.
 	 * @param d The tunnel destination address, likely taken from an IP header.
+	 * @param t The type of IP tunnel.
 	 */
-	EncapsulatingConn(const IPAddr& s, const IPAddr& d)
+	EncapsulatingConn(const IPAddr& s, const IPAddr& d,
+	                  BifEnum::Tunnel::Type t = BifEnum::Tunnel::IP)
 		: src_addr(s), dst_addr(d), src_port(0), dst_port(0),
-		  proto(TRANSPORT_UNKNOWN), type(BifEnum::Tunnel::IP),
+		  proto(TRANSPORT_UNKNOWN), type(t),
 		  uid(Bro::UID(bits_per_uid))
 		{
 		}
@@ -85,7 +87,8 @@ public:
 		if ( ec1.type != ec2.type )
 			return false;
 
-		if ( ec1.type == BifEnum::Tunnel::IP )
+		if ( ec1.type == BifEnum::Tunnel::IP ||
+		     ec1.type == BifEnum::Tunnel::GRE )
 			// Reversing endpoints is still same tunnel.
 			return ec1.uid == ec2.uid && ec1.proto == ec2.proto &&
 			  ((ec1.src_addr == ec2.src_addr && ec1.dst_addr == ec2.dst_addr) ||
diff --git a/src/Type.cc b/src/Type.cc
index 9aa86da8dc..7fab05673f 100644
--- a/src/Type.cc
+++ b/src/Type.cc
@@ -1971,18 +1971,33 @@ int same_attrs(const Attributes* a1, const Attributes* a2)
 	return (*a1 == *a2);
 	}
 
-int record_promotion_compatible(const RecordType* /* super_rec */,
-				const RecordType* /* sub_rec */)
+int record_promotion_compatible(const RecordType* super_rec,
+				const RecordType* sub_rec)
 	{
-#if 0
-	int n = sub_rec->NumFields();
-
-	for ( int i = 0; i < n; ++i )
+	for ( int i = 0; i < sub_rec->NumFields(); ++i )
 		{
-		if ( ! super_rec->HasField(sub_rec->FieldName(i)) )
+		int o = super_rec->FieldOffset(sub_rec->FieldName(i));
+
+		if ( o < 0 )
+			// Orphaned field.
+			continue;
+
+		BroType* sub_field_type = sub_rec->FieldType(i);
+		BroType* super_field_type = super_rec->FieldType(o);
+
+		if ( same_type(sub_field_type, super_field_type) )
+			continue;
+
+		if ( sub_field_type->Tag() != TYPE_RECORD )
+			return 0;
+
+		if ( super_field_type->Tag() != TYPE_RECORD )
+			return 0;
+
+		if ( ! record_promotion_compatible(super_field_type->AsRecordType(),
+		                                   sub_field_type->AsRecordType()) )
 			return 0;
 		}
-#endif
 
 	return 1;
 	}
diff --git a/src/Val.cc b/src/Val.cc
index 7c83830bf9..f3825dc9da 100644
--- a/src/Val.cc
+++ b/src/Val.cc
@@ -2985,8 +2985,10 @@ bool VectorVal::Assign(unsigned int index, Val* element, Opcode op)
 			}
 		}
 
+	Val* val_at_index = 0;
+
 	if ( index < val.vector_val->size() )
-		Unref((*val.vector_val)[index]);
+		val_at_index = (*val.vector_val)[index];
 	else
 		val.vector_val->resize(index + 1);
 
@@ -2999,10 +3001,12 @@ bool VectorVal::Assign(unsigned int index, Val* element, Opcode op)
 
 		StateAccess::Log(new StateAccess(op == OP_INCR ?
 				OP_INCR_IDX : OP_ASSIGN_IDX,
-				this, ival, element, (*val.vector_val)[index]));
+				this, ival, element, val_at_index));
 		Unref(ival);
 		}
 
+	Unref(val_at_index);
+
 	// Note: we do *not* Ref() the element, if any, at this point.
 	// AssignExpr::Eval() already does this; other callers must remember
 	// to do it similarly.
diff --git a/src/Var.cc b/src/Var.cc
index 95ec5802ef..ed0f486875 100644
--- a/src/Var.cc
+++ b/src/Var.cc
@@ -64,9 +64,6 @@ static void make_var(ID* id, BroType* t, init_class c, Expr* init,
 			}
 		}
 
-	if ( init && optimize )
-		init = init->Simplify(SIMPLIFY_GENERAL);
-
 	if ( t && t->IsSet() )
 		{ // Check for set with explicit elements.
 		SetType* st = t->AsTableType()->AsSetType();
diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h
index 1eda4c3cf1..83157aadde 100644
--- a/src/analyzer/Analyzer.h
+++ b/src/analyzer/Analyzer.h
@@ -400,7 +400,7 @@ public:
 	 *
 	 * @return The analyzer, or null if not found.
 	 */
-	Analyzer* FindChild(ID id);
+	virtual Analyzer* FindChild(ID id);
 
 	/**
 	 * Recursively searches all (direct or indirect) childs of the
@@ -411,7 +411,7 @@ public:
 	 * @return The first analyzer of the given type found, or null if
 	 * none.
 	 */
-	Analyzer* FindChild(Tag tag);
+	virtual Analyzer* FindChild(Tag tag);
 
 	/**
 	 * Recursively searches all (direct or indirect) childs of the
diff --git a/src/analyzer/protocol/CMakeLists.txt b/src/analyzer/protocol/CMakeLists.txt
index d0fa1ded66..467fce83ee 100644
--- a/src/analyzer/protocol/CMakeLists.txt
+++ b/src/analyzer/protocol/CMakeLists.txt
@@ -18,18 +18,20 @@ add_subdirectory(icmp)
 add_subdirectory(ident)
 add_subdirectory(interconn)
 add_subdirectory(irc)
+add_subdirectory(krb)
 add_subdirectory(login)
 add_subdirectory(mime)
 add_subdirectory(modbus)
 add_subdirectory(mysql)
 add_subdirectory(ncp)
 add_subdirectory(netbios)
-add_subdirectory(netflow)
 add_subdirectory(ntp)
 add_subdirectory(pia)
 add_subdirectory(pop3)
 add_subdirectory(radius)
+add_subdirectory(rdp)
 add_subdirectory(rpc)
+add_subdirectory(sip)
 add_subdirectory(snmp)
 add_subdirectory(smb)
 add_subdirectory(smtp)
diff --git a/src/analyzer/protocol/asn1/asn1.pac b/src/analyzer/protocol/asn1/asn1.pac
new file mode 100644
index 0000000000..07d9c1bbc3
--- /dev/null
+++ b/src/analyzer/protocol/asn1/asn1.pac
@@ -0,0 +1,194 @@
+%extern{
+#include <cstdlib>
+%}
+
+%header{
+	Val* asn1_integer_to_val(const ASN1Encoding* i, TypeTag t);
+	Val* asn1_integer_to_val(const ASN1Integer* i, TypeTag t);
+	StringVal* asn1_oid_to_val(const ASN1Encoding* oid);
+	StringVal* asn1_oid_to_val(const ASN1ObjectIdentifier* oid);
+	StringVal* asn1_octet_string_to_val(const ASN1Encoding* s);
+	StringVal* asn1_octet_string_to_val(const ASN1OctetString* s);
+%}
+
+############################## ASN.1 Encodings
+
+enum ASN1TypeTag {
+	ASN1_INTEGER_TAG           = 0x02,
+	ASN1_OCTET_STRING_TAG      = 0x04,
+	ASN1_NULL_TAG              = 0x05,
+	ASN1_OBJECT_IDENTIFIER_TAG = 0x06,
+	ASN1_SEQUENCE_TAG          = 0x30,
+	ASN1_APP_TAG_OFFSET	       = 0x60,
+	ASN1_INDEX_TAG_OFFSET	   = 0xa0,
+};
+
+type ASN1Encoding = record {
+	meta:    ASN1EncodingMeta;
+	content: bytestring &length = meta.length;
+};
+
+type ASN1EncodingMeta = record {
+	tag:      uint8;
+	len:      uint8;
+	more_len: bytestring &length = long_len ? len & 0x7f : 0;
+} &let {
+	long_len        : bool = (len & 0x80) > 0;
+	length:   uint64 = long_len ? binary_to_int64(more_len) : len;
+	index           : uint8 = tag - ASN1_INDEX_TAG_OFFSET;
+};
+
+type ASN1OptionalEncodingMeta(is_present: bool, previous_metadata: ASN1EncodingMeta) = case is_present of {
+	true  -> data: ASN1EncodingMeta;
+	false -> none: empty;
+} &let {
+	length: uint64 = is_present ? data.length : previous_metadata.length;
+};
+
+type ASN1SequenceMeta = record {
+	encoding: ASN1EncodingMeta;
+};
+
+type ASN1Integer = record {
+	encoding: ASN1Encoding;
+};
+
+type ASN1OctetString = record {
+	encoding: ASN1Encoding;
+};
+
+type ASN1ObjectIdentifier = record {
+	encoding: ASN1Encoding;
+};
+
+type ASN1Boolean = record {
+	encoding: ASN1Encoding;
+};
+
+type ASN1Enumerated = record {
+	encoding: ASN1Encoding;
+};
+
+type SequenceElement(grab_content: bool) = record {
+	index_meta:    ASN1EncodingMeta;
+	have_content:  case grab_content of {
+		true  -> data: ASN1Encoding;
+		false -> meta: ASN1EncodingMeta;
+	};
+} &let {
+	index:  uint8 = index_meta.index;
+	length: uint64 = index_meta.length;
+};
+
+type Array = record {
+	array_meta: ASN1EncodingMeta;
+	data:       ASN1Encoding[];
+};
+
+############################## ASN.1 Conversion Functions
+
+function binary_to_int64(bs: bytestring): int64
+	%{
+	int64 rval = 0;
+
+	for ( int i = 0; i < bs.length(); ++i )
+		{
+		uint64 byte = bs[i];
+		rval |= byte << (8 * (bs.length() - (i + 1)));
+		}
+
+	return rval;
+	%}
+
+%code{
+
+Val* asn1_integer_to_val(const ASN1Integer* i, TypeTag t)
+	{
+	return asn1_integer_to_val(i->encoding(), t);
+	}
+
+Val* asn1_integer_to_val(const ASN1Encoding* i, TypeTag t)
+	{
+	return new Val(binary_to_int64(i->content()), t);
+	}
+
+StringVal* asn1_oid_to_val(const ASN1ObjectIdentifier* oid)
+	{
+	return asn1_oid_to_val(oid->encoding());
+	}
+
+StringVal* asn1_oid_to_val(const ASN1Encoding* oid)
+	{
+	vector<uint64> oid_components;
+	vector<vector<uint8> > subidentifiers;
+	vector<uint64> subidentifier_values;
+	vector<uint8> subidentifier;
+	bytestring const& bs = oid->content();
+
+	for ( int i = 0; i < bs.length(); ++i )
+		{
+		if ( bs[i] & 0x80 )
+			subidentifier.push_back(bs[i] & 0x7f);
+		else
+			{
+			subidentifier.push_back(bs[i]);
+			subidentifiers.push_back(subidentifier);
+			subidentifier.clear();
+			}
+		}
+
+	if ( ! subidentifier.empty() || subidentifiers.size() < 1 )
+		// Underflow.
+		return new StringVal("");
+
+	for ( size_t i = 0; i < subidentifiers.size(); ++i )
+		{
+		subidentifier = subidentifiers[i];
+		uint64 value = 0;
+
+		for ( size_t j = 0; j < subidentifier.size(); ++j )
+			{
+			uint64 byte = subidentifier[j];
+			value |= byte << (7 * (subidentifier.size() - (j + 1)));
+			}
+
+		subidentifier_values.push_back(value);
+		}
+
+	string rval;
+
+	for ( size_t i = 0; i < subidentifier_values.size(); ++i )
+		{
+		char tmp[32];
+
+		if ( i > 0 )
+			{
+			rval += ".";
+			snprintf(tmp, sizeof(tmp), "%" PRIu64, subidentifier_values[i]);
+			rval += tmp;
+			}
+		else
+			{
+			std::div_t result = std::div(subidentifier_values[i], 40);
+			snprintf(tmp, sizeof(tmp), "%d", result.quot);
+			rval += tmp;
+			rval += ".";
+			snprintf(tmp, sizeof(tmp), "%d", result.rem);
+			rval += tmp;
+			}
+		}
+
+	return new StringVal(rval);
+	}
+
+StringVal* asn1_octet_string_to_val(const ASN1OctetString* s)
+	{
+	return asn1_octet_string_to_val(s->encoding());
+	}
+
+StringVal* asn1_octet_string_to_val(const ASN1Encoding* s)
+	{
+	bytestring const& bs = s->content();
+	return new StringVal(bs.length(), reinterpret_cast<const char*>(bs.data()));
+	}
+%}
diff --git a/src/analyzer/protocol/conn-size/CMakeLists.txt b/src/analyzer/protocol/conn-size/CMakeLists.txt
index efaadef401..f89a6e5b88 100644
--- a/src/analyzer/protocol/conn-size/CMakeLists.txt
+++ b/src/analyzer/protocol/conn-size/CMakeLists.txt
@@ -6,4 +6,5 @@ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DI
 bro_plugin_begin(Bro ConnSize)
 bro_plugin_cc(ConnSize.cc Plugin.cc)
 bro_plugin_bif(events.bif)
+bro_plugin_bif(functions.bif)
 bro_plugin_end()
diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc
index 5bfeb2bf90..183ee1e233 100644
--- a/src/analyzer/protocol/conn-size/ConnSize.cc
+++ b/src/analyzer/protocol/conn-size/ConnSize.cc
@@ -29,6 +29,11 @@ void ConnSize_Analyzer::Init()
 	orig_pkts = 0;
 	resp_bytes = 0;
 	resp_pkts = 0;
+
+	orig_bytes_thresh = 0;
+	orig_pkts_thresh = 0;
+	resp_bytes_thresh = 0;
+	resp_pkts_thresh = 0;
 	}
 
 void ConnSize_Analyzer::Done()
@@ -36,6 +41,50 @@ void ConnSize_Analyzer::Done()
 	Analyzer::Done();
 	}
 
+void ConnSize_Analyzer::ThresholdEvent(EventHandlerPtr f, uint64 threshold, bool is_orig)
+	{
+	if ( ! f )
+		return;
+
+	val_list* vl = new val_list;
+	vl->append(BuildConnVal());
+	vl->append(new Val(threshold, TYPE_COUNT));
+	vl->append(new Val(is_orig, TYPE_BOOL));
+	ConnectionEvent(f, vl);
+	}
+
+void ConnSize_Analyzer::CheckSizes(bool is_orig)
+	{
+	if ( is_orig )
+		{
+		if ( orig_bytes_thresh && orig_bytes >= orig_bytes_thresh )
+			{
+			ThresholdEvent(conn_bytes_threshold_crossed, orig_bytes_thresh, is_orig);
+			orig_bytes_thresh = 0;
+			}
+
+		if ( orig_pkts_thresh && orig_pkts >= orig_pkts_thresh )
+			{
+			ThresholdEvent(conn_packets_threshold_crossed, orig_pkts_thresh, is_orig);
+			orig_pkts_thresh = 0;
+			}
+		}
+	else
+		{
+		if ( resp_bytes_thresh && resp_bytes >= resp_bytes_thresh )
+			{
+			ThresholdEvent(conn_bytes_threshold_crossed, resp_bytes_thresh, is_orig);
+			resp_bytes_thresh = 0;
+			}
+
+		if ( resp_pkts_thresh && resp_pkts >= resp_pkts_thresh )
+			{
+			ThresholdEvent(conn_packets_threshold_crossed, resp_pkts_thresh, is_orig);
+			resp_pkts_thresh = 0;
+			}
+		}
+	}
+
 void ConnSize_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64 seq, const IP_Hdr* ip, int caplen)
 	{
 	Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen);
@@ -50,6 +99,47 @@ void ConnSize_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 		resp_bytes += ip->TotalLen();
 		resp_pkts ++;
 		}
+
+	CheckSizes(is_orig);
+	}
+
+void ConnSize_Analyzer::SetThreshold(uint64 threshold, bool bytes, bool orig)
+	{
+	if ( bytes )
+		{
+		if ( orig )
+			orig_bytes_thresh = threshold;
+		else
+			resp_bytes_thresh = threshold;
+		}
+	else
+		{
+		if ( orig )
+			orig_pkts_thresh = threshold;
+		else
+			resp_pkts_thresh = threshold;
+		}
+
+	// Check if threshold is already crossed.
+	CheckSizes(orig);
+	}
+
+uint64_t ConnSize_Analyzer::GetThreshold(bool bytes, bool orig)
+	{
+	if ( bytes )
+		{
+		if ( orig )
+			return orig_bytes_thresh;
+		else
+			return resp_bytes_thresh;
+		}
+	else
+		{
+		if ( orig )
+			return orig_pkts_thresh;
+		else
+			return resp_pkts_thresh;
+		}
 	}
 
 void ConnSize_Analyzer::UpdateConnVal(RecordVal *conn_val)
diff --git a/src/analyzer/protocol/conn-size/ConnSize.h b/src/analyzer/protocol/conn-size/ConnSize.h
index d48c448822..d8dff57a1b 100644
--- a/src/analyzer/protocol/conn-size/ConnSize.h
+++ b/src/analyzer/protocol/conn-size/ConnSize.h
@@ -21,18 +21,28 @@ public:
 	virtual void UpdateConnVal(RecordVal *conn_val);
 	virtual void FlipRoles();
 
+	void SetThreshold(uint64_t threshold, bool bytes, bool orig);
+	uint64 GetThreshold(bool bytes, bool orig);
+
 	static analyzer::Analyzer* Instantiate(Connection* conn)
 		{ return new ConnSize_Analyzer(conn); }
 
 protected:
 	virtual void DeliverPacket(int len, const u_char* data, bool is_orig,
 					uint64 seq, const IP_Hdr* ip, int caplen);
+	void CheckSizes(bool is_orig);
 
+	void ThresholdEvent(EventHandlerPtr f, uint64 threshold, bool is_orig);
 
 	uint64_t orig_bytes;
 	uint64_t resp_bytes;
 	uint64_t orig_pkts;
 	uint64_t resp_pkts;
+
+	uint64_t orig_bytes_thresh;
+	uint64_t resp_bytes_thresh;
+	uint64_t orig_pkts_thresh;
+	uint64_t resp_pkts_thresh;
 };
 
 } } // namespace analyzer::* 
diff --git a/src/analyzer/protocol/conn-size/events.bif b/src/analyzer/protocol/conn-size/events.bif
index e69de29bb2..38b263db57 100644
--- a/src/analyzer/protocol/conn-size/events.bif
+++ b/src/analyzer/protocol/conn-size/events.bif
@@ -0,0 +1,27 @@
+## Generated for a connection that crossed a set byte threshold. Note that this
+## is a low level event that should usually be avoided for user code. Use
+## ConnThreshold::bytes_threshold_crossed instead.
+##
+## c: the connection
+##
+## threshold: the threshold that was set
+##
+## is_orig: true if the threshold was crossed by the originator of the connection
+##
+## .. bro:see:: set_current_conn_packets_threshold set_current_conn_bytes_threshold conn_packets_threshold_crossed
+##              get_current_conn_bytes_threshold get_current_conn_packets_threshold
+event conn_bytes_threshold_crossed%(c: connection, threshold: count, is_orig: bool%);
+
+## Generated for a connection that crossed a set packet threshold. Note that this
+## is a low level event that should usually be avoided for user code. Use
+## ConnThreshold::bytes_threshold_crossed instead.
+##
+## c: the connection
+##
+## threshold: the threshold that was set
+##
+## is_orig: true if the threshold was crossed by the originator of the connection
+##
+## .. bro:see:: set_current_conn_packets_threshold set_current_conn_bytes_threshold conn_bytes_threshold_crossed
+##              get_current_conn_bytes_threshold get_current_conn_packets_threshold
+event conn_packets_threshold_crossed%(c: connection, threshold: count, is_orig: bool%);
diff --git a/src/analyzer/protocol/conn-size/functions.bif b/src/analyzer/protocol/conn-size/functions.bif
new file mode 100644
index 0000000000..a05359a17b
--- /dev/null
+++ b/src/analyzer/protocol/conn-size/functions.bif
@@ -0,0 +1,109 @@
+%%{
+#include "analyzer/protocol/conn-size/ConnSize.h"
+
+static analyzer::Analyzer* GetConnsizeAnalyzer(Val* cid)
+	{
+	Connection* c = sessions->FindConnection(cid);
+	if ( ! c )
+		{
+		reporter->Error("cannot find connection");
+		return 0;
+		}
+
+	analyzer::Analyzer* a = c->FindAnalyzer("CONNSIZE");
+	if ( ! a )
+		reporter->Error("connection does not have ConnSize analyzer");
+
+	return a;
+	}
+
+%%}
+
+## Sets the current byte threshold for connection sizes, overwriting any potential old
+## threshold. Be aware that in nearly any case you will want to use the high level API
+## instead (ConnThreshold::set_bytes_threshold).
+##
+## cid: The connection id.
+##
+## threshold: Threshold in bytes.
+##
+## is_orig: If true, threshold is set for bytes from originator, otherwhise for bytes from responder.
+##
+## .. bro:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed
+##              get_current_conn_bytes_threshold get_current_conn_packets_threshold
+function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_orig: bool%): bool
+	%{
+	analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
+	if ( ! a )
+		return new Val(0, TYPE_BOOL);
+
+	static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->SetThreshold(threshold, 1, is_orig);
+
+	return new Val(1, TYPE_BOOL);
+	%}
+
+## Sets a threshold for connection packets, overwtiting any potential old thresholds.
+## Be aware that in nearly any case you will want to use the high level API
+## instead (ConnThreshold::set_packets_threshold).
+##
+## cid: The connection id.
+##
+## threshold: Threshold in packets.
+##
+## is_orig: If true, threshold is set for packets from originator, otherwhise for packets from responder.
+##
+## .. bro:see:: set_current_conn_bytes_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed
+##              get_current_conn_bytes_threshold get_current_conn_packets_threshold
+function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_orig: bool%): bool
+	%{
+	analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
+	if ( ! a )
+		return new Val(0, TYPE_BOOL);
+
+	static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->SetThreshold(threshold, 0, is_orig);
+
+	return new Val(1, TYPE_BOOL);
+	%}
+
+## Gets the current byte threshold size for a connection.
+##
+## cid: The connection id.
+##
+## is_orig: If true, threshold of originator, otherwhise threshold of responder.
+##
+## Returns: 0 if no threshold is set or the threshold in bytes
+##
+## .. bro:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed
+##              get_current_conn_packets_threshold
+function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count
+	%{
+	analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
+	if ( ! a )
+		return new Val(0, TYPE_COUNT);
+
+	return new Val(
+		static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetThreshold(1, is_orig),
+		TYPE_COUNT);
+	%}
+
+## Gets the current packet threshold size for a connection.
+##
+## cid: The connection id.
+##
+## is_orig: If true, threshold of originator, otherwhise threshold of responder.
+##
+## Returns: 0 if no threshold is set or the threshold in packets
+##
+## .. bro:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed
+##              get_current_conn_bytes_threshold
+function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): count
+	%{
+	analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
+	if ( ! a )
+		return new Val(0, TYPE_COUNT);
+
+	return new Val(
+		static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetThreshold(0, is_orig),
+		TYPE_COUNT);
+	%}
+
diff --git a/src/analyzer/protocol/dce-rpc/CMakeLists.txt b/src/analyzer/protocol/dce-rpc/CMakeLists.txt
index d9baa08acf..8ccbf094d4 100644
--- a/src/analyzer/protocol/dce-rpc/CMakeLists.txt
+++ b/src/analyzer/protocol/dce-rpc/CMakeLists.txt
@@ -6,7 +6,7 @@ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DI
 bro_plugin_begin(Bro DCE_RPC)
 bro_plugin_cc(DCE_RPC.cc Plugin.cc)
 bro_plugin_bif(events.bif)
-bro_plugin_pac(dce_rpc.pac dce_rpc-protocol.pac dce_rpc-analyzer.pac)
+bro_plugin_pac(dce_rpc.pac dce_rpc-protocol.pac dce_rpc-analyzer.pac epmapper.pac)
 bro_plugin_pac(dce_rpc_simple.pac dce_rpc-protocol.pac epmapper.pac)
 bro_plugin_end()
 
diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc
index e551351926..0c5ef53000 100644
--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@@ -19,6 +19,7 @@ using namespace analyzer::dns;
 DNS_Interpreter::DNS_Interpreter(analyzer::Analyzer* arg_analyzer)
 	{
 	analyzer = arg_analyzer;
+	first_message = true;
 	}
 
 int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
@@ -33,6 +34,16 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
 
 	DNS_MsgInfo msg((DNS_RawMsgHdr*) data, is_query);
 
+	if ( first_message && msg.QR && is_query == 1 )
+		{
+		is_query = msg.is_query = 0;
+
+		if ( ! analyzer->Conn()->RespAddr().IsMulticast() )
+			analyzer->Conn()->FlipRoles();
+		}
+
+	first_message = false;
+
 	if ( dns_message )
 		{
 		val_list* vl = new val_list();
@@ -308,7 +319,7 @@ int DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg,
 				analyzer->ConnectionEvent(dns_unknown_reply, vl);
 				}
 
-			analyzer->Weird("DNS_RR_unknown_type");
+			analyzer->Weird("DNS_RR_unknown_type", fmt("%d", msg->atype));
 			data += rdlength;
 			len -= rdlength;
 			status = 1;
@@ -1064,7 +1075,8 @@ void Contents_DNS::Flush()
 	{
 	if ( buf_n > 0 )
 		{ // Deliver partial message.
-		interp->ParseMessage(msg_buf, buf_n, true);
+		// '2' here means whether it's a query is unknown.
+		interp->ParseMessage(msg_buf, buf_n, 2);
 		msg_size = 0;
 		}
 	}
diff --git a/src/analyzer/protocol/dns/DNS.h b/src/analyzer/protocol/dns/DNS.h
index 2d95d979b8..59f51812ca 100644
--- a/src/analyzer/protocol/dns/DNS.h
+++ b/src/analyzer/protocol/dns/DNS.h
@@ -220,6 +220,7 @@ protected:
 					BroString* question_name);
 
 	analyzer::Analyzer* analyzer;
+	bool first_message;
 };
 
 
diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc
index 924c958e43..f60d1372ac 100644
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@@ -239,7 +239,9 @@ int HTTP_Entity::Undelivered(int64_t len)
 			  len, expect_data_length);
 		}
 
-	if ( end_of_data && in_header )
+	// Don't propogate an entity (file) gap if we're still in the headers,
+	// or the body length was declared to be zero.
+	if ( (end_of_data && in_header) || body_length == 0 )
 		return 0;
 
 	if ( is_partial_content )
@@ -985,9 +987,7 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
 				{
 				++num_replies;
 
-				if ( unanswered_requests.empty() )
-					Weird("unmatched_HTTP_reply");
-				else
+				if ( ! unanswered_requests.empty() )
 					ProtocolConfirmation();
 
 				reply_state = EXPECT_REPLY_MESSAGE;
diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc
index 393b5536e8..84df7ab0d2 100644
--- a/src/analyzer/protocol/icmp/ICMP.cc
+++ b/src/analyzer/protocol/icmp/ICMP.cc
@@ -130,7 +130,7 @@ void ICMP_Analyzer::NextICMP4(double t, const struct icmp* icmpp, int len, int c
 			break;
 
 		default:
-			ICMPEvent(icmp_sent, icmpp, len, 0, ip_hdr);
+			ICMP_Sent(icmpp, len, caplen, 0, data, ip_hdr);
 			break;
 		}
 	}
@@ -172,7 +172,7 @@ void ICMP_Analyzer::NextICMP6(double t, const struct icmp* icmpp, int len, int c
 			RouterSolicit(t, icmpp, len, caplen, data, ip_hdr);
 			break;
 		case ICMP6_ROUTER_RENUMBERING:
-			ICMPEvent(icmp_sent, icmpp, len, 1, ip_hdr);
+			ICMP_Sent(icmpp, len, caplen, 1, data, ip_hdr);
 			break;
 
 #if 0
@@ -188,21 +188,32 @@ void ICMP_Analyzer::NextICMP6(double t, const struct icmp* icmpp, int len, int c
 			if ( icmpp->icmp_type < 128 )
 				Context6(t, icmpp, len, caplen, data, ip_hdr);
 			else
-				ICMPEvent(icmp_sent, icmpp, len, 1, ip_hdr);
+				ICMP_Sent(icmpp, len, caplen, 1, data, ip_hdr);
 			break;
 		}
 	}
 
-void ICMP_Analyzer::ICMPEvent(EventHandlerPtr f, const struct icmp* icmpp,
-                              int len, int icmpv6, const IP_Hdr* ip_hdr)
+void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen,
+                              int icmpv6, const u_char* data,
+                              const IP_Hdr* ip_hdr)
     {
-	if ( ! f )
-		return;
+	if ( icmp_sent )
+		{
+		val_list* vl = new val_list;
+		vl->append(BuildConnVal());
+		vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr));
+		ConnectionEvent(icmp_sent, vl);
+		}
 
-	val_list* vl = new val_list;
-	vl->append(BuildConnVal());
-	vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr));
-	ConnectionEvent(f, vl);
+	if ( icmp_sent_payload )
+		{
+		val_list* vl = new val_list;
+		vl->append(BuildConnVal());
+		vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr));
+		BroString* payload = new BroString(data, min(len, caplen), 0);
+		vl->append(new StringVal(payload));
+		ConnectionEvent(icmp_sent_payload, vl);
+		}
 	}
 
 RecordVal* ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len,
diff --git a/src/analyzer/protocol/icmp/ICMP.h b/src/analyzer/protocol/icmp/ICMP.h
index d207b3813c..1de6a4afea 100644
--- a/src/analyzer/protocol/icmp/ICMP.h
+++ b/src/analyzer/protocol/icmp/ICMP.h
@@ -33,8 +33,8 @@ protected:
 	virtual bool IsReuse(double t, const u_char* pkt);
 	virtual unsigned int MemoryAllocation() const;
 
-	void ICMPEvent(EventHandlerPtr f, const struct icmp* icmpp, int len,
-	               int icmpv6, const IP_Hdr* ip_hdr);
+	void ICMP_Sent(const struct icmp* icmpp, int len, int caplen, int icmpv6,
+	               const u_char* data, const IP_Hdr* ip_hdr);
 
 	void Echo(double t, const struct icmp* icmpp, int len,
 			 int caplen, const u_char*& data, const IP_Hdr* ip_hdr);
diff --git a/src/analyzer/protocol/icmp/events.bif b/src/analyzer/protocol/icmp/events.bif
index c471ca0ee6..bd55f17b27 100644
--- a/src/analyzer/protocol/icmp/events.bif
+++ b/src/analyzer/protocol/icmp/events.bif
@@ -12,9 +12,21 @@
 ## icmp: Additional ICMP-specific information augmenting the standard
 ##       connection record *c*.
 ##
-## .. bro:see:: icmp_error_message
+## .. bro:see:: icmp_error_message icmp_sent_payload
 event icmp_sent%(c: connection, icmp: icmp_conn%);
 
+## The same as :bro:see:`icmp_sent` except containing the ICMP payload.
+##
+## c: The connection record for the corresponding ICMP flow.
+##
+## icmp: Additional ICMP-specific information augmenting the standard
+##       connection record *c*.
+##
+## payload: The payload of the ICMP message.
+##
+## .. bro:see:: icmp_error_message icmp_sent_payload
+event icmp_sent_payload%(c: connection, icmp: icmp_conn, payload: string%);
+
 ## Generated for ICMP *echo request* messages.
 ##
 ## See `Wikipedia
diff --git a/src/analyzer/protocol/krb/CMakeLists.txt b/src/analyzer/protocol/krb/CMakeLists.txt
new file mode 100644
index 0000000000..1cac35d626
--- /dev/null
+++ b/src/analyzer/protocol/krb/CMakeLists.txt
@@ -0,0 +1,26 @@
+include(BroPlugin)
+
+include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}
+                           ${CMAKE_CURRENT_BINARY_DIR})
+
+bro_plugin_begin(Bro KRB)
+bro_plugin_cc(Plugin.cc)
+bro_plugin_cc(KRB.cc)
+bro_plugin_cc(KRB_TCP.cc)
+bro_plugin_bif(types.bif)
+bro_plugin_bif(events.bif)
+bro_plugin_pac(krb.pac krb-protocol.pac krb-analyzer.pac
+	krb-asn1.pac
+	krb-defs.pac
+	krb-types.pac
+	krb-padata.pac
+	../asn1/asn1.pac
+)
+bro_plugin_pac(krb_TCP.pac krb-protocol.pac krb-analyzer.pac
+	krb-asn1.pac
+	krb-defs.pac
+    krb-types.pac
+	krb-padata.pac
+	../asn1/asn1.pac
+)
+bro_plugin_end()
diff --git a/src/analyzer/protocol/krb/KRB.cc b/src/analyzer/protocol/krb/KRB.cc
new file mode 100644
index 0000000000..0a123c3beb
--- /dev/null
+++ b/src/analyzer/protocol/krb/KRB.cc
@@ -0,0 +1,39 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include "KRB.h"
+#include "types.bif.h"
+#include "events.bif.h"
+
+using namespace analyzer::krb;
+
+KRB_Analyzer::KRB_Analyzer(Connection* conn)
+	: Analyzer("KRB", conn)
+	{
+	interp = new binpac::KRB::KRB_Conn(this);
+	}
+
+KRB_Analyzer::~KRB_Analyzer()
+	{
+	delete interp;
+	}
+
+void KRB_Analyzer::Done()
+	{
+	Analyzer::Done();
+	}
+
+void KRB_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
+				 uint64 seq, const IP_Hdr* ip, int caplen)
+	{
+	Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);
+
+	try
+		{
+		interp->NewData(orig, data, data + len);
+		}
+	catch ( const binpac::Exception& e )
+		{
+		ProtocolViolation(e.c_msg());
+		}
+	}
+
diff --git a/src/analyzer/protocol/krb/KRB.h b/src/analyzer/protocol/krb/KRB.h
new file mode 100644
index 0000000000..392df5c13d
--- /dev/null
+++ b/src/analyzer/protocol/krb/KRB.h
@@ -0,0 +1,30 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#ifndef ANALYZER_PROTOCOL_KRB_KRB_H
+#define ANALYZER_PROTOCOL_KRB_KRB_H
+
+#include "krb_pac.h"
+
+namespace analyzer { namespace krb {
+
+class KRB_Analyzer : public analyzer::Analyzer {
+
+public:
+	KRB_Analyzer(Connection* conn);
+	virtual ~KRB_Analyzer();
+
+	virtual void Done();
+	virtual void DeliverPacket(int len, const u_char* data, bool orig,
+							   uint64 seq, const IP_Hdr* ip, int caplen);
+
+	static analyzer::Analyzer* Instantiate(Connection* conn)
+		{ return new KRB_Analyzer(conn); }
+
+protected:
+
+	binpac::KRB::KRB_Conn* interp;
+};
+
+} } // namespace analyzer::*
+
+#endif
diff --git a/src/analyzer/protocol/krb/KRB_TCP.cc b/src/analyzer/protocol/krb/KRB_TCP.cc
new file mode 100644
index 0000000000..865b3de1e4
--- /dev/null
+++ b/src/analyzer/protocol/krb/KRB_TCP.cc
@@ -0,0 +1,65 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include "KRB_TCP.h"
+#include "analyzer/protocol/tcp/TCP_Reassembler.h"
+#include "types.bif.h"
+#include "events.bif.h"
+
+using namespace analyzer::krb_tcp;
+
+KRB_Analyzer::KRB_Analyzer(Connection* conn)
+	: tcp::TCP_ApplicationAnalyzer("KRB_TCP", conn)
+	{
+	interp = new binpac::KRB_TCP::KRB_Conn(this);
+	had_gap = false;
+	}
+
+KRB_Analyzer::~KRB_Analyzer()
+	{
+	delete interp;
+	}
+
+void KRB_Analyzer::Done()
+	{
+	tcp::TCP_ApplicationAnalyzer::Done();
+
+	interp->FlowEOF(true);
+	interp->FlowEOF(false);
+	}
+
+void KRB_Analyzer::EndpointEOF(bool is_orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig);
+	interp->FlowEOF(is_orig);
+	}
+
+void KRB_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
+
+	assert(TCP());
+	if ( TCP()->IsPartial() )
+		return;
+
+	if ( had_gap )
+		// If only one side had a content gap, we could still try to
+		// deliver data to the other side if the script layer can
+		// handle this.
+		return;
+
+	try
+		{
+		interp->NewData(orig, data, data + len);
+		}
+	catch ( const binpac::Exception& e )
+		{
+		ProtocolViolation(e.c_msg());
+		}
+	}
+
+void KRB_Analyzer::Undelivered(uint64 seq, int len, bool orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
+	had_gap = true;
+	interp->NewGap(orig, len);
+	}
diff --git a/src/analyzer/protocol/krb/KRB_TCP.h b/src/analyzer/protocol/krb/KRB_TCP.h
new file mode 100644
index 0000000000..0dcf99ca97
--- /dev/null
+++ b/src/analyzer/protocol/krb/KRB_TCP.h
@@ -0,0 +1,35 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#ifndef ANALYZER_PROTOCOL_KRB_KRB_TCP_H
+#define ANALYZER_PROTOCOL_KRB_KRB_TCP_H
+
+#include "analyzer/protocol/tcp/TCP.h"
+
+#include "krb_TCP_pac.h"
+
+namespace analyzer { namespace krb_tcp {
+
+class KRB_Analyzer : public tcp::TCP_ApplicationAnalyzer {
+
+public:
+	KRB_Analyzer(Connection* conn);
+	virtual ~KRB_Analyzer();
+
+	virtual void Done();
+	virtual void DeliverStream(int len, const u_char* data, bool orig);
+	virtual void Undelivered(uint64 seq, int len, bool orig);
+
+	// Overriden from tcp::TCP_ApplicationAnalyzer.
+	virtual void EndpointEOF(bool is_orig);
+
+	static analyzer::Analyzer* Instantiate(Connection* conn)
+		{ return new KRB_Analyzer(conn); }
+
+protected:
+	binpac::KRB_TCP::KRB_Conn* interp;
+	bool had_gap;
+};
+
+} } // namespace analyzer::*
+
+#endif
diff --git a/src/analyzer/protocol/krb/Plugin.cc b/src/analyzer/protocol/krb/Plugin.cc
new file mode 100644
index 0000000000..ffbefb5b1c
--- /dev/null
+++ b/src/analyzer/protocol/krb/Plugin.cc
@@ -0,0 +1,22 @@
+//See the file in the main distribution directory for copyright.
+
+#include "plugin/Plugin.h"
+#include "KRB.h"
+#include "KRB_TCP.h"
+
+namespace plugin {
+	namespace Bro_KRB {
+		class Plugin : public plugin::Plugin {
+		public:
+			plugin::Configuration Configure()
+				{
+				AddComponent(new ::analyzer::Component("KRB", ::analyzer::krb::KRB_Analyzer::Instantiate));
+				AddComponent(new ::analyzer::Component("KRB_TCP", ::analyzer::krb_tcp::KRB_Analyzer::Instantiate));
+				plugin::Configuration config;
+				config.name = "Bro::KRB";
+				config.description = "Kerberos analyzer";
+				return config;
+				}
+		} plugin;
+	}
+}
diff --git a/src/analyzer/protocol/krb/events.bif b/src/analyzer/protocol/krb/events.bif
new file mode 100644
index 0000000000..19b165a4be
--- /dev/null
+++ b/src/analyzer/protocol/krb/events.bif
@@ -0,0 +1,159 @@
+## A Kerberos 5 ``Authentication Server (AS) Request`` as defined
+## in :rfc:`4120`. The AS request contains a username of the client
+## requesting authentication, and returns an AS reply with an
+## encrypted Ticket Granting Ticket (TGT) for that user. The TGT
+## can then be used to request further tickets for other services.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## more information about the Kerberos protocol.
+##
+## c: The connection over which this Kerberos message was sent.
+##
+## msg: A Kerberos KDC request message data structure.
+##
+## .. bro:see:: krb_as_response krb_tgs_request krb_tgs_response krb_ap_request
+##    krb_ap_response krb_priv krb_safe krb_cred krb_error
+event krb_as_request%(c: connection, msg: KRB::KDC_Request%);
+
+## A Kerberos 5 ``Authentication Server (AS) Response`` as defined
+## in :rfc:`4120`. Following the AS request for a user, an AS reply
+## contains an encrypted Ticket Granting Ticket (TGT) for that user.
+## The TGT can then be used to request further tickets for other services.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## more information about the Kerberos protocol.
+##
+## c: The connection over which this Kerberos message was sent.
+##
+## msg: A Kerberos KDC reply message data structure.
+##
+## .. bro:see:: krb_as_request krb_tgs_request krb_tgs_response krb_ap_request
+##    krb_ap_response krb_priv krb_safe krb_cred krb_error
+event krb_as_response%(c: connection, msg: KRB::KDC_Response%);
+
+## A Kerberos 5 ``Ticket Granting Service (TGS) Request`` as defined
+## in :rfc:`4120`. Following the Authentication Server exchange, if
+## successful, the client now has a Ticket Granting Ticket (TGT). To
+## authenticate to a Kerberized service, the client requests a Service
+## Ticket, which will be returned in the TGS reply.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## more information about the Kerberos protocol.
+##
+## c: The connection over which this Kerberos message was sent.
+##
+## msg: A Kerberos KDC request message data structure.
+##
+## .. bro:see:: krb_as_request krb_as_response krb_tgs_response krb_ap_request
+##    krb_ap_response krb_priv krb_safe krb_cred krb_error
+event krb_tgs_request%(c: connection, msg: KRB::KDC_Request%);
+
+## A Kerberos 5 ``Ticket Granting Service (TGS) Response`` as defined
+## in :rfc:`4120`. This message returns a Service Ticket to the client,
+## which is encrypted with the service's long-term key, and which the
+## client can use to authenticate to that service.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## more information about the Kerberos protocol.
+##
+## c: The connection over which this Kerberos message was sent.
+##
+## msg: A Kerberos KDC reply message data structure.
+##
+## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_ap_request
+##    krb_ap_response krb_priv krb_safe krb_cred krb_error
+event krb_tgs_response%(c: connection, msg: KRB::KDC_Response%);
+
+## A Kerberos 5 ``Authentication Header (AP) Request`` as defined
+## in :rfc:`4120`. This message contains authentication information
+## that should be part of the first message in an authenticated
+## transaction.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## more information about the Kerberos protocol.
+##
+## c: The connection over which this Kerberos message was sent.
+##
+## ticket: The Kerberos ticket being used for authentication.
+##
+## opts: A Kerberos AP options data structure.
+##
+## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response
+##    krb_ap_response krb_priv krb_safe krb_cred krb_error
+event krb_ap_request%(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options%);
+
+## A Kerberos 5 ``Authentication Header (AP) Response`` as defined
+## in :rfc:`4120`. This is used if mutual authentication is desired.
+## All of the interesting information in here is encrypted, so the event
+## doesn't have much useful data, but it's provided in case it's important
+## to know that this message was sent.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## more information about the Kerberos protocol.
+##
+## c: The connection over which this Kerberos message was sent.
+##
+## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response
+##    krb_ap_request krb_priv krb_safe krb_cred krb_error
+event krb_ap_response%(c: connection%);
+
+## A Kerberos 5 ``Private Message`` as defined in :rfc:`4120`. This
+## is a private (encrypted) application message, so the event doesn't
+## have much useful data, but it's provided in case it's important to
+## know that this message was sent.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## more information about the Kerberos protocol.
+##
+## c: The connection over which this Kerberos message was sent.
+##
+## is_orig: Whether the originator of the connection sent this message.
+##
+## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response
+##    krb_ap_request krb_ap_response krb_safe krb_cred krb_error
+event krb_priv%(c: connection, is_orig: bool%);
+
+## A Kerberos 5 ``Safe Message`` as defined in :rfc:`4120`. This is a
+## safe (checksummed) application message.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## more information about the Kerberos protocol.
+##
+## c: The connection over which this Kerberos message was sent.
+##
+## is_orig: Whether the originator of the connection sent this message.
+##
+## msg: A Kerberos SAFE message data structure.
+##
+## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response
+##    krb_ap_request krb_ap_response krb_priv krb_cred krb_error
+event krb_safe%(c: connection, is_orig: bool, msg: KRB::SAFE_Msg%);
+
+## A Kerberos 5 ``Credential Message`` as defined in :rfc:`4120`. This is
+## a private (encrypted) message to forward credentials.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## more information about the Kerberos protocol.
+##
+## c: The connection over which this Kerberos message was sent.
+##
+## is_orig: Whether the originator of the connection sent this message.
+##
+## tickets: Tickets obtained from the KDC that are being forwarded.
+##
+## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response
+##    krb_ap_request krb_ap_response krb_priv krb_safe krb_error
+event krb_cred%(c: connection, is_orig: bool, tickets: KRB::Ticket_Vector%);
+
+## A Kerberos 5 ``Error Message`` as defined in :rfc:`4120`.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## more information about the Kerberos protocol.
+##
+## c: The connection over which this Kerberos message was sent.
+##
+## msg: A Kerberos error message data structure.
+##
+## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response
+##    krb_ap_request krb_ap_response krb_priv krb_safe krb_cred
+event krb_error%(c: connection, msg: KRB::Error_Msg%);
diff --git a/src/analyzer/protocol/krb/krb-analyzer.pac b/src/analyzer/protocol/krb/krb-analyzer.pac
new file mode 100644
index 0000000000..6390fb8fd0
--- /dev/null
+++ b/src/analyzer/protocol/krb/krb-analyzer.pac
@@ -0,0 +1,383 @@
+%header{
+RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts);
+RecordVal* proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_analyzer);
+
+bool proc_error_arguments(RecordVal* rv, const std::vector<KRB_ERROR_Arg*>* args, int64 error_code);
+%}
+
+%code{
+RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts)
+{
+	RecordVal* rv = new RecordVal(BifType::Record::KRB::KDC_Options);
+
+	rv->Assign(0, new Val(opts->forwardable(), TYPE_BOOL));
+	rv->Assign(1, new Val(opts->forwarded(), TYPE_BOOL));
+	rv->Assign(2, new Val(opts->proxiable(), TYPE_BOOL));
+	rv->Assign(3, new Val(opts->proxy(), TYPE_BOOL));
+	rv->Assign(4, new Val(opts->allow_postdate(), TYPE_BOOL));
+	rv->Assign(5, new Val(opts->postdated(), TYPE_BOOL));
+	rv->Assign(6, new Val(opts->renewable(), TYPE_BOOL));
+	rv->Assign(7, new Val(opts->opt_hardware_auth(), TYPE_BOOL));
+	rv->Assign(8, new Val(opts->disable_transited_check(), TYPE_BOOL));
+	rv->Assign(9, new Val(opts->renewable_ok(), TYPE_BOOL));
+	rv->Assign(10, new Val(opts->enc_tkt_in_skey(), TYPE_BOOL));
+	rv->Assign(11, new Val(opts->renew(), TYPE_BOOL));
+	rv->Assign(12, new Val(opts->validate(), TYPE_BOOL));
+
+	return rv;
+}
+
+RecordVal* proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_analyzer)
+{
+	RecordVal* rv = new RecordVal(BifType::Record::KRB::KDC_Request);
+
+	rv->Assign(0, asn1_integer_to_val(msg->pvno()->data(), TYPE_COUNT));
+	rv->Assign(1, asn1_integer_to_val(msg->msg_type()->data(), TYPE_COUNT));
+
+	if ( msg->padata()->has_padata() )
+		rv->Assign(2, proc_padata(msg->padata()->padata()->padata(), bro_analyzer, false));
+
+	for ( uint i = 0; i < msg->body_args()->size(); ++i )
+		{
+		KRB_REQ_Arg* element = (*msg->body_args())[i];
+		switch ( element->seq_meta()->index() )
+			{
+			case 0:
+				rv->Assign(3, proc_krb_kdc_options(element->data()->options()));
+				break;
+			case 1:
+				rv->Assign(4, GetStringFromPrincipalName(element->data()->principal()));
+				break;
+			case 2:
+				rv->Assign(5, bytestring_to_val(element->data()->realm()->encoding()->content()));
+				break;
+			case 3:
+				rv->Assign(6, GetStringFromPrincipalName(element->data()->sname()));
+				break;
+			case 4:
+				rv->Assign(7, GetTimeFromAsn1(element->data()->from(), 0));
+				break;
+			case 5:
+				rv->Assign(8, GetTimeFromAsn1(element->data()->till(), 0));
+				break;
+			case 6:
+				rv->Assign(9, GetTimeFromAsn1(element->data()->rtime(), 0));
+				break;
+			case 7:
+				rv->Assign(10, asn1_integer_to_val(element->data()->nonce(), TYPE_COUNT));
+				break;
+			case 8:
+				if ( element->data()->etype()->data()->size() )
+					rv->Assign(11, proc_cipher_list(element->data()->etype()));
+
+				break;
+			case 9:
+				if ( element->data()->addrs()->addresses()->size() )
+					rv->Assign(12, proc_host_address_list(element->data()->addrs()));
+
+				break;
+			case 10:
+				// TODO
+				break;
+			case 11:
+				if ( element->data()->addl_tkts()->tickets()->size() )
+					rv->Assign(13, proc_tickets(element->data()->addl_tkts()));
+
+				break;
+			default:
+				break;
+			}
+		}
+
+	return rv;
+}
+
+
+bool proc_error_arguments(RecordVal* rv, const std::vector<KRB_ERROR_Arg*>* args, int64 error_code )
+{
+	uint ctime_i = 0, stime_i = 0;
+	int64 ctime_usecs = 0, stime_usecs = 0;
+
+	// We need to do a pass first, to see if we have microseconds for the timestamp values, which are optional
+
+	for ( uint i = 0; i < args->size(); i++ )
+		{
+		switch ( (*args)[i]->seq_meta()->index() )
+			{
+			case 2:
+				ctime_i = i;
+				break;
+			case 3:
+				ctime_usecs = binary_to_int64((*args)[i]->args()->cusec()->encoding()->content());
+				break;
+			case 4:
+				stime_i = i;
+				break;
+			case 5:
+				stime_usecs = binary_to_int64((*args)[i]->args()->susec()->encoding()->content());
+				break;
+			default:
+				break;
+			}
+		}
+
+	if ( ctime_i )
+		rv->Assign(2, GetTimeFromAsn1((*args)[ctime_i]->args()->ctime(), ctime_usecs));
+
+	if ( stime_i )
+		rv->Assign(3, GetTimeFromAsn1((*args)[stime_i]->args()->stime(), stime_usecs));
+
+	for ( uint i = 0; i < args->size(); ++i )
+		{
+		switch ( (*args)[i]->seq_meta()->index() )
+			{
+			case 0:
+				rv->Assign(0, asn1_integer_to_val((*args)[i]->args()->pvno(), TYPE_COUNT));
+				break;
+			case 1:
+				rv->Assign(1, asn1_integer_to_val((*args)[i]->args()->msg_type(), TYPE_COUNT));
+				break;
+			// ctime/stime handled above
+			case 7:
+				rv->Assign(5, bytestring_to_val((*args)[i]->args()->crealm()->encoding()->content()));
+				break;
+			case 8:
+				rv->Assign(6, GetStringFromPrincipalName((*args)[i]->args()->cname()));
+				break;
+			case 9:
+				rv->Assign(7, bytestring_to_val((*args)[i]->args()->realm()->encoding()->content()));
+				break;
+			case 10:
+				rv->Assign(8, GetStringFromPrincipalName((*args)[i]->args()->sname()));
+				break;
+			case 11:
+				rv->Assign(9, bytestring_to_val((*args)[i]->args()->e_text()->encoding()->content()));
+				break;
+			case 12:
+				if ( error_code == KDC_ERR_PREAUTH_REQUIRED )
+					rv->Assign(10, proc_padata((*args)[i]->args()->e_data()->padata(), NULL, true));
+				break;
+			default:
+				break;
+			}
+		}
+
+	return true;
+}
+
+%}
+
+refine connection KRB_Conn += {
+
+	function proc_krb_kdc_req_msg(msg: KRB_KDC_REQ): bool
+		%{
+		bro_analyzer()->ProtocolConfirmation();
+		if ( ( binary_to_int64(${msg.msg_type.data.content}) == 10 ) && ! krb_as_request )
+			return false;
+
+		if ( ( binary_to_int64(${msg.msg_type.data.content}) == 12 ) && ! krb_tgs_request )
+			return false;
+
+		RecordVal* rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer());
+
+		if ( ( binary_to_int64(${msg.msg_type.data.content}) == 10 ) )
+			BifEvent::generate_krb_as_request(bro_analyzer(), bro_analyzer()->Conn(), rv);
+
+		if ( ( binary_to_int64(${msg.msg_type.data.content}) == 12 ) )
+			BifEvent::generate_krb_tgs_request(bro_analyzer(), bro_analyzer()->Conn(), rv);
+
+		return true;
+		%}
+
+	function proc_krb_kdc_rep_msg(msg: KRB_KDC_REP): bool
+		%{
+		bro_analyzer()->ProtocolConfirmation();
+
+		if ( ( binary_to_int64(${msg.msg_type.data.content}) == 11 ) && ! krb_as_response )
+			return false;
+
+		if ( ( binary_to_int64(${msg.msg_type.data.content}) == 13 ) && ! krb_tgs_response )
+			return false;
+
+
+		RecordVal* rv = new RecordVal(BifType::Record::KRB::KDC_Response);
+
+		rv->Assign(0, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT));
+		rv->Assign(1, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT));
+
+		if ( ${msg.padata.has_padata} )
+			rv->Assign(2, proc_padata(${msg.padata.padata.padata}, bro_analyzer(), false));
+
+		rv->Assign(3, bytestring_to_val(${msg.client_realm.encoding.content}));
+		rv->Assign(4, GetStringFromPrincipalName(${msg.client_name}));
+
+		rv->Assign(5, proc_ticket(${msg.ticket}));
+
+		if ( ( binary_to_int64(${msg.msg_type.data.content}) == 11 ) )
+			BifEvent::generate_krb_as_response(bro_analyzer(), bro_analyzer()->Conn(), rv);
+
+		if ( ( binary_to_int64(${msg.msg_type.data.content}) == 13 ) )
+			BifEvent::generate_krb_tgs_response(bro_analyzer(), bro_analyzer()->Conn(), rv);
+
+		return true;
+		%}
+
+	function proc_krb_error_msg(msg: KRB_ERROR_MSG): bool
+		%{
+		bro_analyzer()->ProtocolConfirmation();
+		if ( krb_error )
+			{
+			RecordVal* rv = new RecordVal(BifType::Record::KRB::Error_Msg);
+			proc_error_arguments(rv, ${msg.args1}, 0);
+			rv->Assign(4, asn1_integer_to_val(${msg.error_code}, TYPE_COUNT));
+			proc_error_arguments(rv, ${msg.args2}, binary_to_int64(${msg.error_code.encoding.content}));
+			BifEvent::generate_krb_error(bro_analyzer(), bro_analyzer()->Conn(), rv);
+			}
+		return true;
+		%}
+
+	function proc_krb_ap_req_msg(msg: KRB_AP_REQ): bool
+		%{
+		bro_analyzer()->ProtocolConfirmation();
+		if ( krb_ap_request )
+			{
+			RecordVal* rv = new RecordVal(BifType::Record::KRB::AP_Options);
+			rv->Assign(0, new Val(${msg.ap_options.use_session_key}, TYPE_BOOL));
+			rv->Assign(1, new Val(${msg.ap_options.mutual_required}, TYPE_BOOL));
+
+			BifEvent::generate_krb_ap_request(bro_analyzer(), bro_analyzer()->Conn(),
+						      proc_ticket(${msg.ticket}), rv);
+			}
+		return true;
+		%}
+
+	function proc_krb_ap_rep_msg(msg: KRB_AP_REP): bool
+		%{
+		bro_analyzer()->ProtocolConfirmation();
+		if ( krb_ap_response )
+			{
+			BifEvent::generate_krb_ap_response(bro_analyzer(), bro_analyzer()->Conn());
+			}
+		return true;
+		%}
+
+	function proc_krb_safe_msg(msg: KRB_SAFE_MSG): bool
+		%{
+		bro_analyzer()->ProtocolConfirmation();
+		if ( krb_safe )
+			{
+			RecordVal* rv = new RecordVal(BifType::Record::KRB::SAFE_Msg);
+
+			rv->Assign(0, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT));
+			rv->Assign(1, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT));
+
+			uint timestamp_i = 0;
+			int64 timestamp_usecs = 0;
+
+			// We need to do a pass first, to see if we have microseconds for the timestamp values, which are optional
+
+			for ( uint i = 0; i < ${msg.safe_body.args}->size(); ++i )
+				{
+				switch ( ${msg.safe_body.args[i].seq_meta.index} )
+					{
+					case 1:
+						timestamp_i = i;
+						break;
+					case 2:
+						timestamp_usecs = binary_to_int64(${msg.safe_body.args[i].args.usec.encoding.content});
+						break;
+					default:
+						break;
+					}
+				}
+
+			if ( timestamp_i )
+				rv->Assign(4, GetTimeFromAsn1(${msg.safe_body.args[timestamp_i].args.timestamp}, timestamp_usecs));
+
+			for ( uint i = 0; i < ${msg.safe_body.args}->size(); ++i )
+				{
+				switch ( ${msg.safe_body.args[i].seq_meta.index} )
+					{
+					case 0:
+						rv->Assign(3, bytestring_to_val(${msg.safe_body.args[i].args.user_data.encoding.content}));
+						break;
+					case 3:
+						rv->Assign(5, asn1_integer_to_val(${msg.safe_body.args[i].args.seq_number}, TYPE_COUNT));
+						break;
+					case 4:
+						rv->Assign(6, proc_host_address(${msg.safe_body.args[i].args.sender_addr}));
+						break;
+					case 5:
+						rv->Assign(7, proc_host_address(${msg.safe_body.args[i].args.recp_addr}));
+						break;
+					default:
+						break;
+					}
+				}
+			BifEvent::generate_krb_safe(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig}, rv);
+			}
+		return true;
+		%}
+
+	function proc_krb_priv_msg(msg: KRB_PRIV_MSG): bool
+		%{
+		bro_analyzer()->ProtocolConfirmation();
+		if ( krb_priv )
+			{
+			BifEvent::generate_krb_priv(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig});
+			}
+		return true;
+		%}
+
+	function proc_krb_cred_msg(msg: KRB_CRED_MSG): bool
+		%{
+		bro_analyzer()->ProtocolConfirmation();
+		if ( krb_cred )
+			{
+			BifEvent::generate_krb_cred(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig},
+						    proc_tickets(${msg.tickets}));
+			}
+		return true;
+
+		%}
+}
+
+refine typeattr KRB_AS_REQ += &let {
+	proc: bool = $context.connection.proc_krb_kdc_req_msg(data);
+};
+
+refine typeattr KRB_TGS_REQ += &let {
+	proc: bool = $context.connection.proc_krb_kdc_req_msg(data);
+};
+
+refine typeattr KRB_AS_REP += &let {
+	proc: bool = $context.connection.proc_krb_kdc_rep_msg(data);
+};
+
+refine typeattr KRB_TGS_REP += &let {
+	proc: bool = $context.connection.proc_krb_kdc_rep_msg(data);
+};
+
+refine typeattr KRB_AP_REQ += &let {
+	proc: bool = $context.connection.proc_krb_ap_req_msg(this);
+};
+
+refine typeattr KRB_AP_REP += &let {
+	proc: bool = $context.connection.proc_krb_ap_rep_msg(this);
+};
+
+refine typeattr KRB_ERROR_MSG += &let {
+	proc: bool = $context.connection.proc_krb_error_msg(this);
+};
+
+refine typeattr KRB_SAFE_MSG += &let {
+	proc: bool = $context.connection.proc_krb_safe_msg(this);
+};
+
+refine typeattr KRB_PRIV_MSG += &let {
+	proc: bool = $context.connection.proc_krb_priv_msg(this);
+};
+
+refine typeattr KRB_CRED_MSG += &let {
+	proc: bool = $context.connection.proc_krb_cred_msg(this);
+};
diff --git a/src/analyzer/protocol/krb/krb-asn1.pac b/src/analyzer/protocol/krb/krb-asn1.pac
new file mode 100644
index 0000000000..419dfe3750
--- /dev/null
+++ b/src/analyzer/protocol/krb/krb-asn1.pac
@@ -0,0 +1,58 @@
+
+%include ../asn1/asn1.pac
+
+%header{
+    Val* GetTimeFromAsn1(const KRB_Time* atime, int64 usecs);
+    Val* GetTimeFromAsn1(StringVal* atime, int64 usecs);
+%}
+
+%code{
+
+Val* GetTimeFromAsn1(const KRB_Time* atime, int64 usecs)
+	{
+	StringVal* atime_bytestring = bytestring_to_val(atime->time());
+	Val* result = GetTimeFromAsn1(atime_bytestring, usecs);
+	Unref(atime_bytestring);
+	return result;
+	}
+
+Val* GetTimeFromAsn1(StringVal* atime, int64 usecs)
+	{
+	time_t lResult = 0;
+
+	char lBuffer[17];
+	char* pBuffer = lBuffer;
+
+	size_t lTimeLength = atime->Len();
+	char * pString = (char *) atime->Bytes();
+
+	if ( lTimeLength != 15 && lTimeLength != 17 )
+		return 0;
+
+	if (lTimeLength == 17 )
+		pString = pString + 2;
+
+	memcpy(pBuffer, pString, 15);
+	*(pBuffer+15) = '\0';
+
+	tm lTime;
+	lTime.tm_sec  = ((lBuffer[12] - '0') * 10) + (lBuffer[13] - '0');
+	lTime.tm_min  = ((lBuffer[10] - '0') * 10) + (lBuffer[11] - '0');
+	lTime.tm_hour = ((lBuffer[8] - '0') * 10) + (lBuffer[9] - '0');
+	lTime.tm_mday = ((lBuffer[6] - '0') * 10) + (lBuffer[7] - '0');
+	lTime.tm_mon  = (((lBuffer[4] - '0') * 10) + (lBuffer[5] - '0')) - 1;
+	lTime.tm_year = ((lBuffer[0] - '0') * 1000) + ((lBuffer[1] - '0') * 100) + ((lBuffer[2] - '0') * 10) + (lBuffer[3] - '0') - 1900;
+
+	lTime.tm_wday = 0;
+	lTime.tm_yday = 0;
+	lTime.tm_isdst = 0;
+
+	lResult = timegm(&lTime);
+
+	if ( !lResult )
+		lResult = 0;
+
+	return new Val(double(lResult + double(usecs/100000.0)), TYPE_TIME);
+	}
+
+%}
diff --git a/src/analyzer/protocol/krb/krb-defs.pac b/src/analyzer/protocol/krb/krb-defs.pac
new file mode 100644
index 0000000000..681f456e6d
--- /dev/null
+++ b/src/analyzer/protocol/krb/krb-defs.pac
@@ -0,0 +1,27 @@
+# Defined in RFC 4120
+enum KRBMessageTypes {
+	AS_REQ    = 10,
+	AS_REP    = 11,
+	TGS_REQ   = 12,
+	TGS_REP   = 13,
+	AP_REQ    = 14,
+	AP_REP    = 15,
+	KRB_SAFE  = 20,
+	KRB_PRIV  = 21,
+	KRB_CRED  = 22,
+	KRB_ERROR = 30,
+};
+
+# Defined by IANA in Kerberos Parameters - Pre-authentication and Typed Data
+enum KRBPADataTypes {
+	PA_TGS_REQ 	 = 1,
+	PA_ENC_TIMESTAMP = 2,
+	PA_PW_SALT 	 = 3,
+	PA_PW_AS_REQ 	 = 16,
+	PA_PW_AS_REP	 = 17,
+};
+
+# Defined in RFC 4120
+enum KRBErrorCodes {
+	KDC_ERR_PREAUTH_REQUIRED = 25,
+};
diff --git a/src/analyzer/protocol/krb/krb-padata.pac b/src/analyzer/protocol/krb/krb-padata.pac
new file mode 100644
index 0000000000..829ae48df8
--- /dev/null
+++ b/src/analyzer/protocol/krb/krb-padata.pac
@@ -0,0 +1,212 @@
+# Kerberos pre-authentication data is a significant piece of the complexity,
+# so we're splitting this off
+
+%extern{
+#include "file_analysis/Manager.h"
+%}
+
+%header{
+VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_analyzer, bool is_error);
+%}
+
+%code{
+VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_analyzer, bool is_error)
+{
+	VectorVal* vv = new VectorVal(internal_type("KRB::Type_Value_Vector")->AsVectorType());
+
+	if ( ! data->data()->has_padata() )
+		return vv;
+
+	for ( uint i = 0; i < data->data()->padata_elems()->size(); ++i)
+		{
+		KRB_PA_Data* element = (*data->data()->padata_elems())[i];
+		int64 data_type = element->data_type();
+
+		if ( is_error && ( data_type == PA_PW_AS_REQ || data_type == PA_PW_AS_REP ) )
+			data_type = 0;
+
+		switch( data_type )
+			{
+			case PA_TGS_REQ:
+				// will be generated as separate event
+				break;
+			case PA_ENC_TIMESTAMP:
+				// encrypted timestamp is unreadable
+				break;
+			case PA_PW_SALT:
+				{
+				RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
+				type_val->Assign(0, new Val(element->data_type(), TYPE_COUNT));
+				type_val->Assign(1, bytestring_to_val(element->pa_data_element()->pa_pw_salt()->encoding()->content()));
+				vv->Assign(vv->Size(), type_val);
+				break;
+				}
+			case PA_PW_AS_REQ:
+				{
+				const bytestring& cert = element->pa_data_element()->pa_pk_as_req()->cert();
+
+				ODesc common;
+				common.AddRaw("Analyzer::ANALYZER_KRB");
+				common.Add(bro_analyzer->Conn()->StartTime());
+				// Request means is_orig=T
+				common.AddRaw("T", 1);
+				bro_analyzer->Conn()->IDString(&common);
+
+				ODesc file_handle;
+				file_handle.Add(common.Description());
+				file_handle.Add(0);
+
+				string file_id = file_mgr->HashHandle(file_handle.Description());
+
+				file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()),
+			                 	 cert.length(), bro_analyzer->GetAnalyzerTag(),
+			                 	 bro_analyzer->Conn(), true, file_id);
+				file_mgr->EndOfFile(file_id);
+
+				break;
+				}
+			case PA_PW_AS_REP:
+				{
+				const bytestring& cert = element->pa_data_element()->pa_pk_as_rep()->cert();
+
+				ODesc common;
+				common.AddRaw("Analyzer::ANALYZER_KRB");
+				common.Add(bro_analyzer->Conn()->StartTime());
+				// Response means is_orig=F
+				common.AddRaw("F", 1);
+				bro_analyzer->Conn()->IDString(&common);
+
+				ODesc file_handle;
+				file_handle.Add(common.Description());
+				file_handle.Add(1);
+
+				string file_id = file_mgr->HashHandle(file_handle.Description());
+
+				file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()),
+	                 			 cert.length(), bro_analyzer->GetAnalyzerTag(),
+			 	                 bro_analyzer->Conn(), false, file_id);
+				file_mgr->EndOfFile(file_id);
+
+				break;
+				}
+			default:
+				{
+				if ( ! is_error && element->pa_data_element()->unknown().length() )
+					{
+					RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
+					type_val->Assign(0, new Val(element->data_type(), TYPE_COUNT));
+					type_val->Assign(1, bytestring_to_val(element->pa_data_element()->unknown()));
+					vv->Assign(vv->Size(), type_val);
+					}
+				break;
+				}
+			}
+		}
+	return vv;
+}
+%}
+
+# Basic structure:
+#  1) In KDC_REQ/KDC_REP packets, the PA_Data is optional and needs a bit of "lookahead."
+#       KRB_PA_Data_Optional -> KRB_PA_Data_Optional_Contents -> KRB_PA_Data_Sequence
+#
+#  2) Once we get to the KRB_PA_Data_Sequence level:
+#  	KRB_PA_Data_Sequence -> KRB_PA_Data_Container -> KRB_PA_Data -> KRB_PA_Data_Element
+
+
+# Encapsulating header #1 for KDC_REQ/KDC_REP packets where the PADATA is optional.
+type KRB_PA_Data_Optional(is_orig: bool, pkt_type: uint8, desired_index: uint8) = record {
+	first_meta	: ASN1EncodingMeta;
+	padata		: KRB_PA_Data_Optional_Contents(is_orig, has_padata, pkt_type, first_meta.length);
+	next_meta	: ASN1OptionalEncodingMeta(has_padata, first_meta);
+} &let {
+	has_padata : bool = first_meta.index == desired_index;
+};
+
+# Encapsulating header #2 for KDC_REQ/KDC_REP packets where the PADATA is optional.
+#
+# Note: Split off due to a BinPAC bug
+type KRB_PA_Data_Optional_Contents(is_orig: bool, is_present: bool, pkt_type: uint8, length: uint64) = case is_present of {
+	true -> padata	: KRB_PA_Data_Sequence(is_orig, pkt_type) &length=length;
+	false -> none	: empty;
+};
+
+# This is our main type
+type KRB_PA_Data_Sequence(is_orig: bool, pkt_type: uint8) = record {
+	meta    : ASN1EncodingMeta;
+	data	: KRB_PA_Data_Container(is_orig, pkt_type, meta.tag, meta.length);
+};
+
+# The data in KRB_PA_Data_Sequence is usually (and supposed to be) a sequence, which we'll parse,
+# but is sometimes an octet string. We'll grab that but ignore it.
+#
+# Note: This is a separate type due to a BinPAC bug.
+type KRB_PA_Data_Container(is_orig: bool, pkt_type: uint8, tag: uint8, length: uint64) = case tag of {
+	ASN1_SEQUENCE_TAG	-> padata_elems	: KRB_PA_Data(is_orig, pkt_type)[];
+	default 		-> unknown	: bytestring &length=length;
+} &let {
+	has_padata: bool = (tag == ASN1_SEQUENCE_TAG);
+};
+
+# The pre-auth data sequence.
+#
+# Note: Error packets don't have pre-auth data, they just advertise which mechanisms they support.
+type KRB_PA_Data(is_orig: bool, pkt_type: uint8) = record {
+	seq_meta	  : ASN1EncodingMeta;
+	pa_data_type      : SequenceElement(true);
+	pa_data_elem_meta : ASN1EncodingMeta;
+	have_data	  : case pkt_type of {
+		KRB_ERROR   -> pa_data_placeholder: bytestring &length=pa_data_elem_meta.length;
+		default	    -> pa_data_element : KRB_PA_Data_Element(is_orig, data_type, pa_data_elem_meta.length);
+	} &requires(data_type);
+} &let {
+	data_type: int64 = binary_to_int64(pa_data_type.data.content);
+};
+
+# Each pre-auth element
+type KRB_PA_Data_Element(is_orig: bool, type: int64, length: uint64) = case type of {
+	PA_TGS_REQ      -> pa_tgs_req	: KRB_AP_REQ(is_orig);
+	PA_PW_SALT      -> pa_pw_salt	: ASN1OctetString;
+	PA_PW_AS_REQ	-> pa_pk_as_req	: KRB_PA_PK_AS_Req &length=length;
+	PA_PW_AS_REP	-> pa_pk_as_rep	: KRB_PA_PK_AS_Rep &length=length;
+	default 	-> unknown	: bytestring &length=length;
+};
+
+
+# The PKINIT certificate structure for a request
+type KRB_PA_PK_AS_Req = record {
+	string_meta	: ASN1EncodingMeta;
+	seq_meta1	: ASN1EncodingMeta;
+	elem_0_meta1	: ASN1EncodingMeta;
+	seq_meta2	: ASN1EncodingMeta;
+	oid		: ASN1Encoding;
+	elem_0_meta2	: ASN1EncodingMeta;
+	seq_meta3	: ASN1EncodingMeta;
+	version		: ASN1Encoding;
+	digest_algs	: ASN1Encoding;
+	signed_data	: ASN1Encoding;
+	cert_meta	: ASN1EncodingMeta;
+	cert		: bytestring &length=cert_meta.length;
+	# Ignore everything else
+			: bytestring &restofdata &transient;
+};
+
+# The PKINIT certificate structure for a reply
+type KRB_PA_PK_AS_Rep = record {
+	string_meta 	: ASN1EncodingMeta;
+	elem_0_meta1	: ASN1EncodingMeta;
+	seq_meta1	: ASN1EncodingMeta;
+	elem_0_meta2	: ASN1EncodingMeta;
+	seq_meta2	: ASN1EncodingMeta;
+	oid		: ASN1Encoding;
+	elem_0_meta3	: ASN1EncodingMeta;
+	seq_meta3	: ASN1EncodingMeta;
+	version		: ASN1Encoding;
+	digest_algs	: ASN1Encoding;
+	signed_data	: ASN1Encoding;
+	cert_meta	: ASN1EncodingMeta;
+	cert		: bytestring &length=cert_meta.length;
+	# Ignore everything else
+			: bytestring &restofdata &transient;
+};
+
diff --git a/src/analyzer/protocol/krb/krb-protocol.pac b/src/analyzer/protocol/krb/krb-protocol.pac
new file mode 100644
index 0000000000..afb66de973
--- /dev/null
+++ b/src/analyzer/protocol/krb/krb-protocol.pac
@@ -0,0 +1,240 @@
+# ASN1 parsing
+%include krb-asn1.pac
+
+# Constants
+%include krb-defs.pac
+
+# Basic types
+%include krb-types.pac
+
+# Preauth data parsing
+%include krb-padata.pac
+
+# KRB over TCP is the same as over UDP, but prefixed with a uint32 denoting the size
+type KRB_PDU_TCP(is_orig: bool) = record {
+	size	: uint32;
+	pdu	: KRB_PDU(is_orig);
+} &length=size+4 &byteorder=bigendian;
+
+type KRB_PDU(is_orig: bool) = record {
+	app_meta  : ASN1EncodingMeta;
+	msg_type  : case (app_meta.tag - ASN1_APP_TAG_OFFSET) of {
+		AS_REQ    -> as_req   : KRB_AS_REQ(is_orig);
+		AS_REP    -> as_rep   : KRB_AS_REP(is_orig);
+		TGS_REQ   -> tgs_req  : KRB_TGS_REQ(is_orig);
+		TGS_REP   -> tgs_rep  : KRB_TGS_REP(is_orig);
+		AP_REQ    -> ap_req   : KRB_AP_REQ(is_orig);
+		AP_REP    -> ap_rep   : KRB_AP_REP(is_orig);
+		KRB_SAFE  -> krb_safe : KRB_SAFE_MSG(is_orig);
+		KRB_PRIV  -> krb_priv : KRB_PRIV_MSG(is_orig);
+		KRB_CRED  -> krb_cred : KRB_CRED_MSG(is_orig);
+		KRB_ERROR -> krb_error: KRB_ERROR_MSG(is_orig);
+	};
+} &byteorder=bigendian;
+
+type KRB_AS_REQ(is_orig: bool) = record {
+	data: KRB_KDC_REQ(is_orig, AS_REQ);
+};
+
+type KRB_TGS_REQ(is_orig: bool) = record {
+	data: KRB_KDC_REQ(is_orig, TGS_REQ);
+};
+
+type KRB_AS_REP(is_orig: bool) = record {
+	data: KRB_KDC_REP(is_orig, AS_REP);
+};
+
+type KRB_TGS_REP(is_orig: bool) = record {
+	data: KRB_KDC_REP(is_orig, TGS_REP);
+};
+
+### A Kerberos ticket-granting-service or authentication-service request
+
+type KRB_KDC_REQ(is_orig: bool, pkt_type: uint8) = record {
+	seq_meta   : ASN1EncodingMeta;
+	pvno       : SequenceElement(true);
+	msg_type   : SequenceElement(true);
+	padata	   : KRB_PA_Data_Optional(is_orig, pkt_type, 3);
+	body_meta  : ASN1EncodingMeta;
+	body_args  : KRB_REQ_Arg[];
+};
+
+type KRB_REQ_Arg = record {
+	seq_meta   : ASN1EncodingMeta;
+	data	   : KRB_REQ_Arg_Data(seq_meta.index) &length=seq_meta.length;
+};
+
+type KRB_REQ_Arg_Data(index: uint8) = case index of {
+	0 	-> options	: KRB_KDC_Options;
+	1  	-> principal	: KRB_Principal_Name;
+	2  	-> realm	: ASN1OctetString;
+	3  	-> sname	: KRB_Principal_Name;
+	4  	-> from		: KRB_Time;
+	5  	-> till		: KRB_Time;
+	6  	-> rtime	: KRB_Time;
+	7  	-> nonce	: ASN1Integer;
+	8  	-> etype	: Array;
+	9  	-> addrs	: KRB_Host_Addresses;
+	10 	-> auth_data 	: ASN1OctetString;
+	11 	-> addl_tkts 	: KRB_Ticket_Sequence;
+	default -> unknown	: bytestring &restofdata;
+};
+
+type KRB_KDC_Options = record {
+	meta	: ASN1EncodingMeta;
+	pad	: uint8;
+	flags	: uint32;
+} &let {
+	reserved		: bool	= (flags & 0x80000000) > 0;
+	forwardable		: bool	= (flags & 0x40000000) > 0;
+	forwarded		: bool	= (flags & 0x20000000) > 0;
+	proxiable		: bool	= (flags & 0x10000000) > 0;
+	proxy			: bool	= (flags &  0x8000000) > 0;
+	allow_postdate		: bool	= (flags &  0x4000000) > 0;
+	postdated		: bool	= (flags &  0x2000000) > 0;
+	unused7			: bool	= (flags &  0x1000000) > 0;
+	renewable		: bool	= (flags &   0x800000) > 0;
+	unused9			: bool	= (flags &   0x400000) > 0;
+	unused10		: bool	= (flags &   0x200000) > 0;
+	opt_hardware_auth	: bool	= (flags &   0x100000) > 0;
+	unused12		: bool	= (flags &    0x80000) > 0;
+	unused13		: bool	= (flags &    0x40000) > 0;
+	# ...
+	unused15		: bool	= (flags &    0x10000) > 0;
+	# ...
+	disable_transited_check	: bool	= (flags &       0x10) > 0;
+	renewable_ok		: bool	= (flags &        0x8) > 0;
+	enc_tkt_in_skey		: bool	= (flags &        0x4) > 0;
+	renew			: bool	= (flags &        0x2) > 0;
+	validate		: bool	= (flags &        0x1) > 0;
+};
+
+### KDC_REP
+
+type KRB_KDC_REP(is_orig: bool, pkt_type: uint8) = record {
+	seq_meta    : ASN1EncodingMeta;
+	pvno        : SequenceElement(true);
+	msg_type    : SequenceElement(true);
+	padata	    : KRB_PA_Data_Optional(is_orig, pkt_type, 2);
+	client_realm: ASN1OctetString &length=padata.next_meta.length;
+	cname_meta  : ASN1EncodingMeta;
+	client_name : KRB_Principal_Name &length=cname_meta.length;
+	ticket      : KRB_Ticket(true);
+	enc_part    : KRB_Encrypted_Data_in_Seq;
+};
+
+### AP_REQ
+
+type KRB_AP_REQ(is_orig: bool) = record {
+	string_meta : ASN1EncodingMeta;
+	app_meta    : ASN1EncodingMeta;
+	seq_meta    : ASN1EncodingMeta;
+	pvno 	    : SequenceElement(true);
+	msg_type    : SequenceElement(true);
+	ap_options  : KRB_AP_Options;
+	ticket	    : KRB_Ticket(true);
+	enc_part    : KRB_Encrypted_Data_in_Seq;
+};
+
+type KRB_AP_Options = record {
+	meta 	: SequenceElement(false);
+	flags	: uint32;
+		: padding[1];
+} &let {
+	reserved	: bool = (flags & 0x80000000) > 0;
+	use_session_key	: bool = (flags & 0x40000000) > 0;
+	mutual_required	: bool = (flags & 0x20000000) > 0;
+};
+
+
+### AP_REP
+
+type KRB_AP_REP(is_orig: bool) = record {
+	pvno 	: SequenceElement(true);
+	msg_type: SequenceElement(true);
+	enc_part: KRB_Encrypted_Data_in_Seq;
+};
+
+### KRB_ERROR
+
+type KRB_ERROR_MSG(is_orig: bool) = record {
+	seq_meta	: ASN1EncodingMeta;
+	args1		: KRB_ERROR_Arg(is_orig, 0)[] &until ($element.process_in_parent);
+	error_code	: ASN1Integer;
+	args2		: KRB_ERROR_Arg(is_orig, binary_to_int64(error_code.encoding.content))[];
+};
+
+type KRB_ERROR_Arg(is_orig: bool, error_code: int64) = record {
+	seq_meta: ASN1EncodingMeta;
+	args	: KRB_ERROR_Arg_Data(is_orig, seq_meta.index, error_code) &length=arg_length;
+} &let {
+	process_in_parent : bool = seq_meta.index == 6;
+	arg_length 	  : uint64 = ( process_in_parent ? 0 : seq_meta.length);
+};
+
+type KRB_ERROR_Arg_Data(is_orig: bool, index: uint8, error_code: int64) = case index of {
+	0  -> pvno	: ASN1Integer;
+	1  -> msg_type	: ASN1Integer;
+	2  -> ctime	: KRB_Time;
+	3  -> cusec	: ASN1Integer;
+	4  -> stime	: KRB_Time;
+	5  -> susec	: ASN1Integer;
+	6  -> err_code	: empty;
+	7  -> crealm	: ASN1OctetString;
+	8  -> cname	: KRB_Principal_Name;
+	9  -> realm	: ASN1OctetString;
+	10 -> sname	: KRB_Principal_Name;
+	11 -> e_text	: ASN1OctetString;
+	12 -> e_data	: KRB_ERROR_E_Data(is_orig, error_code);
+};
+
+type KRB_ERROR_E_Data(is_orig: bool, error_code: uint64) = case ( error_code == KDC_ERR_PREAUTH_REQUIRED ) of {
+	true 	-> padata  : KRB_PA_Data_Sequence(is_orig, KRB_ERROR);
+	false	-> unknown : bytestring &restofdata;
+};
+
+### KRB_SAFE
+
+type KRB_SAFE_MSG(is_orig: bool) = record {
+	pvno	 : SequenceElement(true);
+	msg_type : SequenceElement(true);
+	safe_body: KRB_SAFE_Body;
+	checksum : KRB_Checksum;
+};
+
+type KRB_SAFE_Body = record {
+	seq_meta: ASN1EncodingMeta;
+	args	: KRB_SAFE_Arg[];
+};
+
+type KRB_SAFE_Arg = record {
+	seq_meta: ASN1EncodingMeta;
+	args    : KRB_SAFE_Arg_Data(seq_meta.index) &length=seq_meta.length;
+};
+
+type KRB_SAFE_Arg_Data(index: uint8) = case index of {
+	0 -> user_data	: ASN1OctetString;
+	1 -> timestamp  : KRB_Time;
+	2 -> usec	: ASN1Integer;
+	3 -> seq_number : ASN1Integer;
+	4 -> sender_addr: KRB_Host_Address;
+	5 -> recp_addr  : KRB_Host_Address;
+};
+
+### KRB_PRIV
+
+type KRB_PRIV_MSG(is_orig: bool) = record {
+	pvno	: SequenceElement(true);
+	msg_type: SequenceElement(true);
+	enc_part: KRB_Encrypted_Data_in_Seq;
+};
+
+### KRB_CRED
+
+type KRB_CRED_MSG(is_orig: bool) = record {
+	pvno	 : SequenceElement(true);
+	msg_type : SequenceElement(true);
+	tkts_meta: SequenceElement(false);
+	tickets  : KRB_Ticket_Sequence;
+	enc_part : KRB_Encrypted_Data_in_Seq;
+};
diff --git a/src/analyzer/protocol/krb/krb-types.pac b/src/analyzer/protocol/krb/krb-types.pac
new file mode 100644
index 0000000000..07418b3a71
--- /dev/null
+++ b/src/analyzer/protocol/krb/krb-types.pac
@@ -0,0 +1,171 @@
+# Fundamental KRB types
+
+%header{
+Val* GetStringFromPrincipalName(const KRB_Principal_Name* pname);
+
+VectorVal* proc_cipher_list(const Array* list);
+
+VectorVal* proc_host_address_list(const KRB_Host_Addresses* list);
+RecordVal* proc_host_address(const KRB_Host_Address* addr);
+
+VectorVal* proc_tickets(const KRB_Ticket_Sequence* list);
+RecordVal* proc_ticket(const KRB_Ticket* ticket);
+%}
+
+%code{
+Val* GetStringFromPrincipalName(const KRB_Principal_Name* pname)
+{
+	if ( pname->data()->size() == 1 )
+		return bytestring_to_val(pname->data()[0][0]->encoding()->content());
+	if ( pname->data()->size() == 2 )
+		return new StringVal(fmt("%s/%s", (char *) pname->data()[0][0]->encoding()->content().begin(), (char *)pname->data()[0][1]->encoding()->content().begin()));
+
+	return new StringVal("unknown");
+}
+
+VectorVal* proc_cipher_list(const Array* list)
+{
+	VectorVal* ciphers = new VectorVal(internal_type("index_vec")->AsVectorType());
+	for ( uint i = 0; i < list->data()->size(); ++i )
+		ciphers->Assign(ciphers->Size(), asn1_integer_to_val((*list->data())[i], TYPE_COUNT));
+	return ciphers;
+}
+
+VectorVal* proc_host_address_list(const KRB_Host_Addresses* list)
+{
+	VectorVal* addrs = new VectorVal(internal_type("KRB::Host_Address_Vector")->AsVectorType());
+
+	for ( uint i = 0; i < list->addresses()->size(); ++i )
+		{
+		addrs->Assign(addrs->Size(), proc_host_address((*list->addresses())[i]));
+		}
+
+	return addrs;
+}
+
+RecordVal* proc_host_address(const KRB_Host_Address* addr)
+{
+	RecordVal* rv = new RecordVal(BifType::Record::KRB::Host_Address);
+
+	switch ( binary_to_int64(addr->addr_type()->encoding()->content()) )
+		{
+		case 2:
+			rv->Assign(0, new AddrVal(IPAddr(IPv4,
+					    	         (const uint32_t*) c_str(addr->address()->data()->content()),
+							 IPAddr::Network)));
+			break;
+		case 24:
+			rv->Assign(0, new AddrVal(IPAddr(IPv6,
+					    		 (const uint32_t*) c_str(addr->address()->data()->content()),
+							 IPAddr::Network)));
+			break;
+		case 20:
+			rv->Assign(1, bytestring_to_val(addr->address()->data()->content()));
+			break;
+		default:
+			RecordVal* unk = new RecordVal(BifType::Record::KRB::Type_Value);
+			unk->Assign(0, asn1_integer_to_val(addr->addr_type(), TYPE_COUNT));
+			unk->Assign(1, bytestring_to_val(addr->address()->data()->content()));
+			rv->Assign(2, unk);
+			break;
+		}
+
+	return rv;
+}
+
+VectorVal* proc_tickets(const KRB_Ticket_Sequence* list)
+{
+	VectorVal* tickets = new VectorVal(internal_type("KRB::Ticket_Vector")->AsVectorType());
+	for ( uint i = 0; i < list->tickets()->size(); ++i )
+		{
+		KRB_Ticket* element = (*list->tickets())[i];
+		tickets->Assign(tickets->Size(), proc_ticket(element));
+		}
+
+	return tickets;
+}
+
+RecordVal* proc_ticket(const KRB_Ticket* ticket)
+{
+	RecordVal* rv = new RecordVal(BifType::Record::KRB::Ticket);
+
+	rv->Assign(0, asn1_integer_to_val(ticket->tkt_vno()->data(), TYPE_COUNT));
+	rv->Assign(1, bytestring_to_val(ticket->realm()->data()->content()));
+	rv->Assign(2, GetStringFromPrincipalName(ticket->sname()));
+	rv->Assign(3, asn1_integer_to_val(ticket->enc_part()->data()->etype()->data(), TYPE_COUNT));
+
+	return rv;
+}
+%}
+
+type KRB_Principal_Name = record {
+	seq_meta  : ASN1EncodingMeta;
+	name_meta : ASN1EncodingMeta;
+	name_type : ASN1Integer;
+	seq_meta_1: ASN1EncodingMeta;
+	seq_meta_2: ASN1EncodingMeta;
+	data      : ASN1OctetString[];
+};
+
+type KRB_Time = record {
+	meta: ASN1EncodingMeta;
+	time: bytestring &restofdata;
+};
+
+type KRB_Host_Addresses = record {
+	seq_meta : ASN1EncodingMeta;
+	addresses: KRB_Host_Address[];
+};
+
+type KRB_Host_Address = record {
+	addr_type_meta	: SequenceElement(false);
+	addr_type	: ASN1Integer;
+	address  	: SequenceElement(true);
+};
+
+type KRB_Ticket(in_sequence: bool) = record {
+	have_seq  : case in_sequence of {
+		true  -> meta: ASN1EncodingMeta;
+		false -> none: empty;
+	};
+	app_meta  : ASN1EncodingMeta;
+	seq_meta  : ASN1EncodingMeta;
+	tkt_vno   : SequenceElement(true);
+	realm	  : SequenceElement(true);
+	sname_meta: ASN1EncodingMeta;
+	sname	  : KRB_Principal_Name &length=sname_meta.length;
+	enc_part  : KRB_Encrypted_Data_in_Seq;
+};
+
+type KRB_Ticket_Sequence = record {
+	seq_meta : ASN1EncodingMeta;
+	tickets  : KRB_Ticket(false)[] &length=seq_meta.length;
+};
+
+type KRB_Encrypted_Data_in_Seq = record {
+	index_meta  : ASN1EncodingMeta;
+	data	    : KRB_Encrypted_Data &length=index_meta.length;
+};
+
+type KRB_Encrypted_Data = record {
+	seq_meta	: ASN1EncodingMeta;
+	etype		: SequenceElement(true);
+	kvno_meta	: ASN1EncodingMeta;
+	case_kvno	: case have_kvno of {
+		true   -> kvno	: ASN1Integer;
+		false  -> none	: empty;
+	};
+	grab_next_meta	: case have_kvno of {
+		true   -> next_meta: ASN1EncodingMeta;
+		false  -> none_meta: empty;
+	};
+	ciphertext	: bytestring &length=have_kvno ? next_meta.length : kvno_meta.length;
+} &let {
+	have_kvno	: bool = kvno_meta.index == 1;
+};
+
+type KRB_Checksum = record {
+	checksum_type: SequenceElement(true);
+	checksum     : SequenceElement(true);
+};
+
diff --git a/src/analyzer/protocol/krb/krb.pac b/src/analyzer/protocol/krb/krb.pac
new file mode 100644
index 0000000000..508fb78a7a
--- /dev/null
+++ b/src/analyzer/protocol/krb/krb.pac
@@ -0,0 +1,25 @@
+%include binpac.pac
+%include bro.pac
+
+%extern{
+#include "types.bif.h"
+#include "events.bif.h"
+%}
+
+analyzer KRB withcontext {
+	connection:	KRB_Conn;
+	flow:		KRB_Flow;
+};
+
+connection KRB_Conn(bro_analyzer: BroAnalyzer) {
+	upflow = KRB_Flow(true);
+	downflow = KRB_Flow(false);
+};
+
+%include krb-protocol.pac
+
+flow KRB_Flow(is_orig: bool) {
+	datagram = KRB_PDU(is_orig) withcontext(connection, this);
+};
+
+%include krb-analyzer.pac
diff --git a/src/analyzer/protocol/krb/krb_TCP.pac b/src/analyzer/protocol/krb/krb_TCP.pac
new file mode 100644
index 0000000000..6748c5fcbb
--- /dev/null
+++ b/src/analyzer/protocol/krb/krb_TCP.pac
@@ -0,0 +1,25 @@
+%include binpac.pac
+%include bro.pac
+
+%extern{
+#include "types.bif.h"
+#include "events.bif.h"
+%}
+
+analyzer KRB_TCP withcontext {
+	connection:	KRB_Conn;
+	flow:		KRB_Flow;
+};
+
+connection KRB_Conn(bro_analyzer: BroAnalyzer) {
+	upflow = KRB_Flow(true);
+	downflow = KRB_Flow(false);
+};
+
+%include krb-protocol.pac
+
+flow KRB_Flow(is_orig: bool) {
+	flowunit = KRB_PDU_TCP(is_orig) withcontext(connection, this);
+};
+
+%include krb-analyzer.pac
diff --git a/src/analyzer/protocol/krb/types.bif b/src/analyzer/protocol/krb/types.bif
new file mode 100644
index 0000000000..8393adbf3c
--- /dev/null
+++ b/src/analyzer/protocol/krb/types.bif
@@ -0,0 +1,17 @@
+module KRB;
+
+type Error_Msg: record;
+type SAFE_Msg: record;
+
+type KDC_Options: record;
+type AP_Options: record;
+type Type_Value: record;
+type Ticket: record;
+type Ticket_Vector: vector;
+type Host_Address: record;
+
+type KDC_Request: record;
+
+type KDC_Response: record;
+
+module GLOBAL;
diff --git a/src/analyzer/protocol/netflow/CMakeLists.txt b/src/analyzer/protocol/netflow/CMakeLists.txt
deleted file mode 100644
index 3afc9fd66a..0000000000
--- a/src/analyzer/protocol/netflow/CMakeLists.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-
-# This is not an actual analyzer, but used by the core. We still
-# maintain it here along with the other analyzers because conceptually
-# it's also parsing a protocol just like them. The current structure
-# is merely a left-over from when this code was written.
-
-include(BroPlugin)
-
-include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
-
-bro_plugin_begin(Bro NetFlow)
-bro_plugin_cc(Plugin.cc)
-bro_plugin_bif(events.bif)
-bro_plugin_pac(netflow.pac netflow-protocol.pac netflow-analyzer.pac)
-bro_plugin_end()
-
diff --git a/src/analyzer/protocol/netflow/events.bif b/src/analyzer/protocol/netflow/events.bif
deleted file mode 100644
index 69c196de9e..0000000000
--- a/src/analyzer/protocol/netflow/events.bif
+++ /dev/null
@@ -1,18 +0,0 @@
-## Generated for a received NetFlow v5 header.  Bro's NetFlow processor raises
-## this event whenever it either receives a NetFlow header on the port it's
-## listening on, or reads one from a trace file.
-##
-## h: The parsed NetFlow header.
-##
-## .. bro:see:: netflow_v5_record
-event netflow_v5_header%(h: nf_v5_header%);
-
-## Generated for a received NetFlow v5 record.  Bro's NetFlow processor raises
-## this event whenever it either receives a NetFlow record on the port it's
-## listening on, or reads one from a trace file.
-##
-## r: The parsed NetFlow record.
-##
-## .. bro:see:: netflow_v5_record
-event netflow_v5_record%(r: nf_v5_record%);
-
diff --git a/src/analyzer/protocol/netflow/netflow-analyzer.pac b/src/analyzer/protocol/netflow/netflow-analyzer.pac
deleted file mode 100644
index 439215dbc1..0000000000
--- a/src/analyzer/protocol/netflow/netflow-analyzer.pac
+++ /dev/null
@@ -1,174 +0,0 @@
-# Code written by Bernhard Ager (2007).
-
-analyzer NetFlow withcontext {
-	analyzer:	NetFlow_Analyzer;
-	flow:		NetFlow_Flow;
-}
-
-analyzer NetFlow_Analyzer {
-	downflow = NetFlow_Flow;
-	upflow = NetFlow_Flow;
-};
-
-flow NetFlow_Flow {
-	datagram = NetFlowPacket withcontext(connection, this);
-
-	%member{
-		RecordType* nf_v5_header_type;
-		RecordType* nf_v5_record_type;
-		RecordType* nfheader_id_type;
-		char* identifier;
-		uint32 exporter_ip;
-		uint32 uptime;
-		double export_time;
-		bro_uint_t pdu_id;
-	%}
-
-	%init{
-		nf_v5_header_type =
-			internal_type("nf_v5_header")->AsRecordType();
-		nf_v5_record_type =
-			internal_type("nf_v5_record")->AsRecordType();
-		nfheader_id_type =
-			internal_type("nfheader_id")->AsRecordType();
-		identifier = NULL;
-		exporter_ip = 0;
-		uptime = 0;
-		export_time = 0;
-		pdu_id = 0;
-	%}
-
-	# %cleanup does not only put the cleanup code into the destructor,
-	# but also at the end of the catch clause in NewData().  This is
-	# different from the documentation at
-	# http://www.bro.org/wiki/index.php/BinPAC_Userguide#.25cleanup.7B....25.7D
-	#
-	# Unfortunately this means that we cannot clean up the identifier
-	# string.  Note that IOSource destructors seemingly are never
-	# called anyway.
-	#
-	#    %cleanup{
-	#	delete[] identifier;
-	#    %}
-
-	function set_exporter_ip(exporter_ip: uint32): bool
-		%{
-		this->exporter_ip = exporter_ip;
-		return true;
-		%}
-
-	function set_identifier(idf: const_charptr): bool
-		%{
-		if ( identifier )
-			delete[] identifier;
-		identifier = new char[strlen(idf) + 1];
-		strcpy(identifier, idf);
-		return true;
-		%}
-
-	function deliver_v5_header(count: uint16, sysuptime: uint32,
-				unix_secs: uint32, unix_nsecs: uint32,
-				flow_seq: uint32, eng_type: uint8,
-				eng_id: uint8, sample_int: uint16): bool
-		%{
-		uptime = sysuptime;
-		export_time = unix_secs + unix_nsecs / 1e9;
-		++pdu_id;
-
-		if ( ! ::netflow_v5_header )
-			return false;
-
-		RecordVal* nfheader = new RecordVal(nfheader_id_type);
-		nfheader->Assign(0, new StringVal(identifier));
-		nfheader->Assign(1, new Val(pdu_id, TYPE_COUNT));
-
-		RecordVal* v5header = new RecordVal(nf_v5_header_type);
-		v5header->Assign(0, nfheader);
-		v5header->Assign(1, new Val(count, TYPE_COUNT));
-		v5header->Assign(2, new IntervalVal(sysuptime, Milliseconds));
-		v5header->Assign(3, new Val(export_time, TYPE_TIME));
-		v5header->Assign(4, new Val(flow_seq, TYPE_COUNT));
-		v5header->Assign(5, new Val(eng_type, TYPE_COUNT));
-		v5header->Assign(6, new Val(eng_id, TYPE_COUNT));
-		v5header->Assign(7, new Val(sample_int, TYPE_COUNT));
-		v5header->Assign(8, new AddrVal(exporter_ip));
-
-		val_list* vl = new val_list;
-		vl->append(v5header);
-		mgr.QueueEvent(netflow_v5_header, vl);
-
-		return true;
-		%}
-
-	function deliver_v5_record(srcaddr: uint32, dstaddr: uint32,
-				nexthop: uint32, input: uint16, output: uint16,
-				dPkts: uint32, dOctets: uint32,
-				first: uint32, last: uint32,
-				srcport: uint16, dstport: uint16,
-				tcp_flags: uint8, prot: uint8, tos: uint8,
-				src_as: uint16, dst_as: uint16,
-				src_mask: uint8, dst_mask: uint8): bool
-		%{
-		if ( ! ::netflow_v5_record )
-			return false;
-
-		TransportProto proto = TRANSPORT_UNKNOWN;
-		switch ( prot ) {
-		case 1: proto = TRANSPORT_ICMP; break;
-		case 6: proto = TRANSPORT_TCP; break;
-		case 17: proto = TRANSPORT_UDP; break;
-		}
-
-		RecordVal* connid = new RecordVal(conn_id);
-		connid->Assign(0, new AddrVal(htonl(srcaddr)));
-		connid->Assign(1, new PortVal(srcport, proto));
-		connid->Assign(2, new AddrVal(htonl(dstaddr)));
-		connid->Assign(3, new PortVal(dstport, proto));
-
-		RecordVal* nfheader = new RecordVal(nfheader_id_type);
-		nfheader->Assign(0, new StringVal(identifier));
-		nfheader->Assign(1, new Val(pdu_id, TYPE_COUNT));
-
-		RecordVal* v5record = new RecordVal(nf_v5_record_type);
-		v5record->Assign(0, nfheader);
-		v5record->Assign(1, connid);
-		v5record->Assign(2, new AddrVal(htonl(nexthop)));
-		v5record->Assign(3, new Val(input, TYPE_COUNT));
-		v5record->Assign(4, new Val(output, TYPE_COUNT));
-		v5record->Assign(5, new Val(dPkts, TYPE_COUNT));
-		v5record->Assign(6, new Val(dOctets, TYPE_COUNT));
-
-		// Overflows are handled correctly by using 32 bit
-		// unsigned integer arithmetic.
-		double c_first = export_time - (uptime - first) * Milliseconds;
-		double c_last = export_time - (uptime - last) * Milliseconds;
-		v5record->Assign(7, new Val(c_first, TYPE_TIME));
-		v5record->Assign(8, new Val(c_last, TYPE_TIME));
-
-		v5record->Assign(9,
-			new Val((tcp_flags & TH_FIN) != 0, TYPE_BOOL));
-		v5record->Assign(10,
-			new Val((tcp_flags & TH_SYN) != 0, TYPE_BOOL));
-		v5record->Assign(11,
-			new Val((tcp_flags & TH_RST) != 0, TYPE_BOOL));
-		v5record->Assign(12,
-			new Val((tcp_flags & TH_PUSH) != 0, TYPE_BOOL));
-		v5record->Assign(13,
-			new Val((tcp_flags & TH_ACK) != 0, TYPE_BOOL));
-		v5record->Assign(14,
-			new Val((tcp_flags & TH_URG) != 0, TYPE_BOOL));
-
-		v5record->Assign(15, new Val(prot, TYPE_COUNT));
-		v5record->Assign(16, new Val(tos, TYPE_COUNT));
-		v5record->Assign(17, new Val(src_as, TYPE_COUNT));
-		v5record->Assign(18, new Val(dst_as, TYPE_COUNT));
-		v5record->Assign(19, new Val(src_mask, TYPE_COUNT));
-		v5record->Assign(20, new Val(dst_mask, TYPE_COUNT));
-
-		val_list* vl = new val_list;
-		vl->append(v5record);
-		mgr.QueueEvent(netflow_v5_record, vl);
-
-		return true;
-		%}
-	};
diff --git a/src/analyzer/protocol/netflow/netflow-protocol.pac b/src/analyzer/protocol/netflow/netflow-protocol.pac
deleted file mode 100644
index 6b97b7cee6..0000000000
--- a/src/analyzer/protocol/netflow/netflow-protocol.pac
+++ /dev/null
@@ -1,89 +0,0 @@
-# Code written by Bernhard Ager (2007).
-
-type NetFlowPacket = record {
-	# Count and version are the first two fields, at least for
-	# versions 1, 5, 7, 8 and 9.
-	version: uint16;
-
-	# This does not generate any code in current binpac.
-	count: uint16 &check(count <= 30);
-
-	header: NFHeader(version, count);
-	records: NFRecord(version)[count];
-} &byteorder = bigendian;
-
-type NFHeader(version: uint16, count: uint16) = case version of {
-	5 -> v5header: NFv5HeaderRest(count);
-	9 -> v9header: NFv9HeaderRest(count);
-	# default -> string: bytestring &restofdata &transient;
-};
-
-type NFv5HeaderRest(count: uint16) = record {
-	sysuptime: uint32;
-	unix_secs: uint32;
-	unix_nsecs: uint32;
-	flow_seq: uint32;
-	eng_type: uint8;
-	eng_id: uint8;
-	sample_int: uint16;
-} &let {
-	delivered: bool =
-		$context.flow.deliver_v5_header(count, sysuptime,
-					     unix_secs, unix_nsecs,
-					     flow_seq, eng_type,
-					     eng_id, sample_int);
-};
-
-type NFv9HeaderRest(count: uint16) = record {
-	sysuptime: uint32;
-	unix_secs: uint32;
-	pack_seq: uint32;
-	src_id: uint32;
-};
-
-# We only handle version 5 and 9.  Others will throw a parsing exception.
-type NFRecord(nf_version: uint32) = case nf_version of {
-	5 -> v5: NFv5Record;
-	9 -> v9: NFv9Record;
-};
-
-type NFv5Record = record {
-	srcaddr: uint32;
-	dstaddr: uint32;
-	nexthop: uint32;
-	input: uint16;
-	output: uint16;
-	dPkts: uint32;
-	dOctets: uint32;
-	first: uint32;
-	last: uint32;
-	srcport: uint16;
-	dstport: uint16;
-	: uint8;      # PAD1
-	tcp_flags: uint8;
-	prot: uint8;
-	tos: uint8;
-	src_as: uint16;
-	dst_as: uint16;
-	src_mask: uint8;
-	dst_mask: uint8;
-	: uint16;     # PAD2
-} &let {
-	delivered: bool =
-		$context.flow.deliver_v5_record(srcaddr, dstaddr,
-					      nexthop, input, output,
-					      dPkts, dOctets, first,
-					      last, srcport, dstport,
-					      tcp_flags, prot, tos,
-					      src_as, dst_as,
-					      src_mask, dst_mask);
-};
-
-# Works for both template and data flow sets.  Data parsing will have
-# to be done externally - no event generation yet.  We need sample
-# flow data to implement that.
-type NFv9Record = record {
-	flowset_id: uint32;
-	length: uint32;
-	data: bytestring &length = length - 8;
-};
diff --git a/src/analyzer/protocol/netflow/netflow.pac b/src/analyzer/protocol/netflow/netflow.pac
deleted file mode 100644
index 57e1b71a76..0000000000
--- a/src/analyzer/protocol/netflow/netflow.pac
+++ /dev/null
@@ -1,13 +0,0 @@
-# Code written by Bernhard Ager (2007).
-
-%extern{
-#include "net_util.h"
-#include "Event.h"
-extern RecordType* conn_id;
-
-#include "events.bif.h"
-%}
-
-%include bro.pac
-%include netflow-analyzer.pac
-%include netflow-protocol.pac
diff --git a/src/analyzer/protocol/pia/PIA.cc b/src/analyzer/protocol/pia/PIA.cc
index 69a0c5d312..1adeb54a2d 100644
--- a/src/analyzer/protocol/pia/PIA.cc
+++ b/src/analyzer/protocol/pia/PIA.cc
@@ -81,7 +81,7 @@ void PIA::PIA_Done()
 	}
 
 void PIA::PIA_DeliverPacket(int len, const u_char* data, bool is_orig, uint64 seq,
-				const IP_Hdr* ip, int caplen)
+				const IP_Hdr* ip, int caplen, bool clear_state)
 	{
 	if ( pkt_buffer.state == SKIPPING )
 		return;
@@ -108,6 +108,9 @@ void PIA::PIA_DeliverPacket(int len, const u_char* data, bool is_orig, uint64 se
 	// FIXME: I'm not sure why it does not work with eol=true...
 	DoMatch(data, len, is_orig, true, false, false, ip);
 
+	if ( clear_state )
+		RuleMatcherState::ClearMatchState(is_orig);
+
 	pkt_buffer.state = new_state;
 
 	current_packet.data = 0;
diff --git a/src/analyzer/protocol/pia/PIA.h b/src/analyzer/protocol/pia/PIA.h
index d6e07f68c3..85683289a9 100644
--- a/src/analyzer/protocol/pia/PIA.h
+++ b/src/analyzer/protocol/pia/PIA.h
@@ -42,7 +42,7 @@ public:
 protected:
 	void PIA_Done();
 	void PIA_DeliverPacket(int len, const u_char* data, bool is_orig,
-				uint64 seq, const IP_Hdr* ip, int caplen);
+				uint64 seq, const IP_Hdr* ip, int caplen, bool clear_state);
 
 	enum State { INIT, BUFFERING, MATCHING_ONLY, SKIPPING } state;
 
@@ -109,7 +109,7 @@ protected:
 					uint64 seq, const IP_Hdr* ip, int caplen)
 		{
 		Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen);
-		PIA_DeliverPacket(len, data, is_orig, seq, ip, caplen);
+		PIA_DeliverPacket(len, data, is_orig, seq, ip, caplen, true);
 		}
 
 	virtual void ActivateAnalyzer(analyzer::Tag tag, const Rule* rule);
@@ -154,7 +154,7 @@ protected:
 					uint64 seq, const IP_Hdr* ip, int caplen)
 		{
 		Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen);
-		PIA_DeliverPacket(len, data, is_orig, seq, ip, caplen);
+		PIA_DeliverPacket(len, data, is_orig, seq, ip, caplen, false);
 		}
 
 	virtual void DeliverStream(int len, const u_char* data, bool is_orig);
diff --git a/src/analyzer/protocol/rdp/CMakeLists.txt b/src/analyzer/protocol/rdp/CMakeLists.txt
new file mode 100644
index 0000000000..c94afaa052
--- /dev/null
+++ b/src/analyzer/protocol/rdp/CMakeLists.txt
@@ -0,0 +1,10 @@
+include(BroPlugin)
+
+include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
+
+bro_plugin_begin(Bro RDP)
+	bro_plugin_cc(RDP.cc Plugin.cc)
+	bro_plugin_bif(events.bif)
+	bro_plugin_bif(types.bif)
+	bro_plugin_pac(rdp.pac rdp-analyzer.pac rdp-protocol.pac ../asn1/asn1.pac)
+bro_plugin_end()
diff --git a/src/analyzer/protocol/rdp/Plugin.cc b/src/analyzer/protocol/rdp/Plugin.cc
new file mode 100644
index 0000000000..770bdfc730
--- /dev/null
+++ b/src/analyzer/protocol/rdp/Plugin.cc
@@ -0,0 +1,22 @@
+#include "plugin/Plugin.h"
+
+#include "RDP.h"
+
+namespace plugin {
+namespace Bro_RDP {
+
+class Plugin : public plugin::Plugin {
+public:
+        plugin::Configuration Configure()
+                {
+                AddComponent(new ::analyzer::Component("RDP", ::analyzer::rdp::RDP_Analyzer::InstantiateAnalyzer));
+
+                plugin::Configuration config;
+                config.name = "Bro::RDP";
+                config.description = "RDP analyzer";
+                return config;
+                }
+} plugin;
+
+}
+}
diff --git a/src/analyzer/protocol/rdp/RDP.cc b/src/analyzer/protocol/rdp/RDP.cc
new file mode 100644
index 0000000000..f3ceaae699
--- /dev/null
+++ b/src/analyzer/protocol/rdp/RDP.cc
@@ -0,0 +1,94 @@
+#include "RDP.h"
+#include "analyzer/protocol/tcp/TCP_Reassembler.h"
+#include "Reporter.h"
+#include "events.bif.h"
+#include "types.bif.h"
+
+using namespace analyzer::rdp;
+
+RDP_Analyzer::RDP_Analyzer(Connection* c)
+	: tcp::TCP_ApplicationAnalyzer("RDP", c)
+	{
+	interp = new binpac::RDP::RDP_Conn(this);
+	
+	had_gap = false;
+	pia = 0;
+	}
+
+RDP_Analyzer::~RDP_Analyzer()
+	{
+	delete interp;
+	}
+
+void RDP_Analyzer::Done()
+	{
+	tcp::TCP_ApplicationAnalyzer::Done();
+
+	interp->FlowEOF(true);
+	interp->FlowEOF(false);
+	}
+
+void RDP_Analyzer::EndpointEOF(bool is_orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig);
+	interp->FlowEOF(is_orig);
+	}
+
+void RDP_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
+
+	assert(TCP());
+	if ( TCP()->IsPartial() )
+		return;
+
+	if ( had_gap )
+		// If only one side had a content gap, we could still try to
+		// deliver data to the other side if the script layer can handle this.
+		return;
+
+	if ( interp->is_encrypted() )
+		{
+		// 0x00 is RDP native encryption which we don't do anything with now.
+		// 0x01 is SSL/TLS
+		// 0x03-0x04 is CredSSP which is effectively SSL/TLS
+		if ( interp->encryption_method() > 0x00 )
+			{
+			if ( ! pia )
+				{
+				pia = new pia::PIA_TCP(Conn());
+
+				if ( ! AddChildAnalyzer(pia) )
+					{
+					reporter->AnalyzerError(this,
+					                        "failed to add TCP child analyzer "
+					                        "to RDP analyzer: already exists");
+					return;
+					}
+
+				pia->FirstPacket(true, 0);
+				pia->FirstPacket(false, 0);
+				}
+
+			ForwardStream(len, data, orig);
+			}
+		}
+	else // if not encrypted
+		{
+		try
+			{
+			interp->NewData(orig, data, data + len);
+			}
+		catch ( const binpac::Exception& e )
+			{
+			ProtocolViolation(fmt("Binpac exception: %s", e.c_msg()));
+			}
+		}
+	}
+
+void RDP_Analyzer::Undelivered(uint64 seq, int len, bool orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
+	had_gap = true;
+	interp->NewGap(orig, len);
+	}
diff --git a/src/analyzer/protocol/rdp/RDP.h b/src/analyzer/protocol/rdp/RDP.h
new file mode 100644
index 0000000000..9d4eda1db8
--- /dev/null
+++ b/src/analyzer/protocol/rdp/RDP.h
@@ -0,0 +1,39 @@
+#ifndef ANALYZER_PROTOCOL_RDP_RDP_H
+#define ANALYZER_PROTOCOL_RDP_RDP_H
+
+#include "events.bif.h"
+
+
+#include "analyzer/protocol/tcp/TCP.h"
+#include "analyzer/protocol/pia/PIA.h"
+
+#include "rdp_pac.h"
+
+namespace analyzer { namespace rdp {
+
+class RDP_Analyzer : public tcp::TCP_ApplicationAnalyzer {
+
+public:
+	RDP_Analyzer(Connection* conn);
+	virtual ~RDP_Analyzer();
+
+	// Overriden from Analyzer.
+	virtual void Done();
+	
+	virtual void DeliverStream(int len, const u_char* data, bool orig);
+	virtual void Undelivered(uint64 seq, int len, bool orig);
+	virtual void EndpointEOF(bool is_orig);
+
+	static analyzer::Analyzer* InstantiateAnalyzer(Connection* conn)
+		{ return new RDP_Analyzer(conn); }
+
+protected:
+	binpac::RDP::RDP_Conn* interp;
+	
+	bool had_gap;
+	pia::PIA_TCP *pia;
+};
+
+} } // namespace analyzer::* 
+
+#endif
diff --git a/src/analyzer/protocol/rdp/events.bif b/src/analyzer/protocol/rdp/events.bif
new file mode 100644
index 0000000000..3a86e45773
--- /dev/null
+++ b/src/analyzer/protocol/rdp/events.bif
@@ -0,0 +1,61 @@
+## Generated for X.224 client requests.
+##
+## c: The connection record for the underlying transport-layer session/flow.
+##
+## cookie: The cookie included in the request.
+event rdp_connect_request%(c: connection, cookie: string%);
+
+## Generated for RDP Negotiation Response messages.
+##
+## c: The connection record for the underlying transport-layer session/flow.
+##
+## security_protocol: The security protocol selected by the server.
+event rdp_negotiation_response%(c: connection, security_protocol: count%);
+
+## Generated for RDP Negotiation Failure messages.
+##
+## c: The connection record for the underlying transport-layer session/flow.
+##
+## failure_code: The failure code sent by the server.
+event rdp_negotiation_failure%(c: connection, failure_code: count%);
+
+## Generated for MCS client requests.
+##
+## c: The connection record for the underlying transport-layer session/flow.
+##
+## data: The data contained in the client core data structure.
+event rdp_client_core_data%(c: connection, data: RDP::ClientCoreData%);
+
+## Generated for MCS server responses.
+##
+## c: The connection record for the underlying transport-layer session/flow.
+##
+## result: The 8-bit integer representing the GCC Conference Create Response result.
+event rdp_gcc_server_create_response%(c: connection, result: count%);
+
+## Generated for MCS server responses.
+##
+## c: The connection record for the underlying transport-layer session/flow.
+##
+## encryption_method: The 32-bit integer representing the encryption method used in the connection.
+##
+## encryption_level: The 32-bit integer representing the encryption level used in the connection.
+event rdp_server_security%(c: connection, encryption_method: count, encryption_level: count%);
+
+## Generated for a server certificate section.  If multiple X.509 
+## certificates are included in chain, this event will still
+## only be generated a single time.
+##
+## c: The connection record for the underlying transport-layer session/flow.
+##
+## cert_type: Indicates the type of certificate.
+##
+## permanently_issued: Value will be true is the certificate(s) is permanent on the server.
+event rdp_server_certificate%(c: connection, cert_type: count, permanently_issued: bool%);
+
+## Generated when an RDP session becomes encrypted.
+##
+## c: The connection record for the underlying transport-layer session/flow.
+##
+## security_protocol: The security protocol being used for the session.
+event rdp_begin_encryption%(c: connection, security_protocol: count%);
\ No newline at end of file
diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac
new file mode 100644
index 0000000000..a70d55fb7b
--- /dev/null
+++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac
@@ -0,0 +1,219 @@
+%extern{
+#include "ConvertUTF.h"
+#include "file_analysis/Manager.h"
+#include "types.bif.h"
+%}
+
+refine flow RDP_Flow += {
+
+	function utf16_to_utf8_val(utf16: bytestring): StringVal
+		%{
+		std::string resultstring;
+		size_t widesize = utf16.length();
+
+		size_t utf8size = 3 * widesize + 1;
+
+		if ( utf8size > resultstring.max_size() )
+			{
+			connection()->bro_analyzer()->Weird("excessive_utf16_length");
+			return new StringVal("");
+			}
+
+		resultstring.resize(utf8size, '\0');
+		const UTF16* sourcestart = reinterpret_cast<const UTF16*>(utf16.begin());
+		const UTF16* sourceend = sourcestart + widesize;
+		UTF8* targetstart = reinterpret_cast<UTF8*>(&resultstring[0]);
+		UTF8* targetend = targetstart + utf8size;
+
+		ConversionResult res = ConvertUTF16toUTF8(&sourcestart,
+		                                          sourceend,
+		                                          &targetstart,
+		                                          targetend,
+		                                          lenientConversion);
+		if ( res != conversionOK )
+			{
+			connection()->bro_analyzer()->Weird("Failed UTF-16 to UTF-8 conversion");
+			return new StringVal(utf16.length(), (const char *) utf16.begin());
+			}
+
+		*targetstart = 0;
+		// We're relying on no nulls being in the string.
+		return new StringVal(resultstring.c_str());
+		%}
+
+	function proc_rdp_connect_request(cr: Connect_Request): bool
+		%{
+		if ( rdp_connect_request )
+			{
+			BifEvent::generate_rdp_connect_request(connection()->bro_analyzer(),
+			                                       connection()->bro_analyzer()->Conn(),
+			                                       bytestring_to_val(${cr.cookie_value}));
+			}
+
+		return true;
+		%}
+
+	function proc_rdp_negotiation_response(nr: RDP_Negotiation_Response): bool
+		%{
+		if ( rdp_negotiation_response )
+			{
+			BifEvent::generate_rdp_negotiation_response(connection()->bro_analyzer(),
+			                                            connection()->bro_analyzer()->Conn(),
+			                                            ${nr.selected_protocol});
+			}
+
+		return true;
+		%}
+
+	function proc_rdp_negotiation_failure(nf: RDP_Negotiation_Failure): bool
+		%{
+		if ( rdp_negotiation_failure )
+			{
+			BifEvent::generate_rdp_negotiation_failure(connection()->bro_analyzer(),
+			                                           connection()->bro_analyzer()->Conn(),
+			                                           ${nf.failure_code});
+			}
+
+		return true;
+		%}
+
+
+	function proc_rdp_gcc_server_create_response(gcc_response: GCC_Server_Create_Response): bool
+		%{
+		connection()->bro_analyzer()->ProtocolConfirmation();
+
+		if ( rdp_gcc_server_create_response )
+			BifEvent::generate_rdp_gcc_server_create_response(connection()->bro_analyzer(),
+			                                                  connection()->bro_analyzer()->Conn(),
+			                                                  ${gcc_response.result});
+
+		return true;
+		%}
+
+
+	function proc_rdp_client_core_data(ccore: Client_Core_Data): bool
+		%{
+		connection()->bro_analyzer()->ProtocolConfirmation();
+
+		if ( rdp_client_core_data )
+			{
+			RecordVal* ec_flags = new RecordVal(BifType::Record::RDP::EarlyCapabilityFlags);
+			ec_flags->Assign(0, new Val(${ccore.SUPPORT_ERRINFO_PDU}, TYPE_BOOL));
+			ec_flags->Assign(1, new Val(${ccore.WANT_32BPP_SESSION}, TYPE_BOOL));
+			ec_flags->Assign(2, new Val(${ccore.SUPPORT_STATUSINFO_PDU}, TYPE_BOOL));
+			ec_flags->Assign(3, new Val(${ccore.STRONG_ASYMMETRIC_KEYS}, TYPE_BOOL));
+			ec_flags->Assign(4, new Val(${ccore.SUPPORT_MONITOR_LAYOUT_PDU}, TYPE_BOOL));
+			ec_flags->Assign(5, new Val(${ccore.SUPPORT_NETCHAR_AUTODETECT}, TYPE_BOOL));
+			ec_flags->Assign(6, new Val(${ccore.SUPPORT_DYNVC_GFX_PROTOCOL}, TYPE_BOOL));
+			ec_flags->Assign(7, new Val(${ccore.SUPPORT_DYNAMIC_TIME_ZONE}, TYPE_BOOL));
+			ec_flags->Assign(8, new Val(${ccore.SUPPORT_HEARTBEAT_PDU}, TYPE_BOOL));
+
+			RecordVal* ccd = new RecordVal(BifType::Record::RDP::ClientCoreData);
+			ccd->Assign(0, new Val(${ccore.version_major}, TYPE_COUNT));
+			ccd->Assign(1, new Val(${ccore.version_minor}, TYPE_COUNT));
+			ccd->Assign(2, new Val(${ccore.desktop_width}, TYPE_COUNT));
+			ccd->Assign(3, new Val(${ccore.desktop_height}, TYPE_COUNT));
+			ccd->Assign(4, new Val(${ccore.color_depth}, TYPE_COUNT));
+			ccd->Assign(5, new Val(${ccore.sas_sequence}, TYPE_COUNT));
+			ccd->Assign(6, new Val(${ccore.keyboard_layout}, TYPE_COUNT));
+			ccd->Assign(7, new Val(${ccore.client_build}, TYPE_COUNT));
+			ccd->Assign(8, utf16_to_utf8_val(${ccore.client_name}));
+			ccd->Assign(9, new Val(${ccore.keyboard_type}, TYPE_COUNT));
+			ccd->Assign(10, new Val(${ccore.keyboard_sub}, TYPE_COUNT));
+			ccd->Assign(11, new Val(${ccore.keyboard_function_key}, TYPE_COUNT));
+			ccd->Assign(12, utf16_to_utf8_val(${ccore.ime_file_name}));
+			ccd->Assign(13, new Val(${ccore.post_beta2_color_depth}, TYPE_COUNT));
+			ccd->Assign(14, new Val(${ccore.client_product_id}, TYPE_COUNT));
+			ccd->Assign(15, new Val(${ccore.serial_number}, TYPE_COUNT));
+			ccd->Assign(16, new Val(${ccore.high_color_depth}, TYPE_COUNT));
+			ccd->Assign(17, new Val(${ccore.supported_color_depths}, TYPE_COUNT));
+			ccd->Assign(18, ec_flags);
+			ccd->Assign(19, utf16_to_utf8_val(${ccore.dig_product_id}));
+
+			BifEvent::generate_rdp_client_core_data(connection()->bro_analyzer(),
+			                                        connection()->bro_analyzer()->Conn(),
+			                                        ccd);
+			}
+
+		return true;
+		%}
+
+	function proc_rdp_server_security(ssd: Server_Security_Data): bool
+		%{
+		connection()->bro_analyzer()->ProtocolConfirmation();
+
+		if ( rdp_server_security )
+			BifEvent::generate_rdp_server_security(connection()->bro_analyzer(),
+			                                       connection()->bro_analyzer()->Conn(),
+			                                       ${ssd.encryption_method},
+			                                       ${ssd.encryption_level});
+
+		return true;
+		%}
+
+	function proc_rdp_server_certificate(cert: Server_Certificate): bool
+		%{
+		if ( rdp_server_certificate )
+			{
+			BifEvent::generate_rdp_server_certificate(connection()->bro_analyzer(),
+			                                          connection()->bro_analyzer()->Conn(),
+			                                          ${cert.cert_type},
+			                                          ${cert.permanently_issued});
+			}
+
+		return true;
+		%}
+
+	function proc_x509_cert_data(x509: X509_Cert_Data): bool
+		%{
+		const bytestring& cert = ${x509.cert};
+
+		ODesc file_handle;
+		file_handle.AddRaw("Analyzer::ANALYZER_RDP");
+		file_handle.Add(connection()->bro_analyzer()->Conn()->StartTime());
+		connection()->bro_analyzer()->Conn()->IDString(&file_handle);
+		string file_id = file_mgr->HashHandle(file_handle.Description());
+
+		file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()),
+		                 cert.length(),
+		                 connection()->bro_analyzer()->GetAnalyzerTag(),
+		                 connection()->bro_analyzer()->Conn(),
+		                 false, // It seems there are only server certs?
+		                 file_id);
+		file_mgr->EndOfFile(file_id);
+
+		return true;
+		%}
+};
+
+refine typeattr Connect_Request += &let {
+	proc: bool = $context.flow.proc_rdp_connect_request(this);
+};
+
+refine typeattr RDP_Negotiation_Response += &let {
+	proc: bool = $context.flow.proc_rdp_negotiation_response(this);
+};
+
+refine typeattr RDP_Negotiation_Failure += &let {
+	proc: bool = $context.flow.proc_rdp_negotiation_failure(this);
+};
+
+refine typeattr Client_Core_Data += &let {
+	proc: bool = $context.flow.proc_rdp_client_core_data(this);
+};
+
+refine typeattr GCC_Server_Create_Response += &let {
+	proc: bool = $context.flow.proc_rdp_gcc_server_create_response(this);
+};
+
+refine typeattr Server_Security_Data += &let {
+	proc: bool = $context.flow.proc_rdp_server_security(this);
+};
+
+refine typeattr Server_Certificate += &let {
+	proc: bool = $context.flow.proc_rdp_server_certificate(this);
+};
+
+refine typeattr X509_Cert_Data += &let {
+	proc: bool = $context.flow.proc_x509_cert_data(this);
+};
diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac
new file mode 100644
index 0000000000..602e104b2a
--- /dev/null
+++ b/src/analyzer/protocol/rdp/rdp-protocol.pac
@@ -0,0 +1,366 @@
+%include ../asn1/asn1.pac
+
+type TPKT(is_orig: bool) = record {
+	version:  uint8;
+	reserved: uint8;
+	tpkt_len: uint16;
+
+# These data structures are merged together into TPKT
+# because there are packets that report incorrect
+# lengths in the tpkt length field.  No clue why.
+
+	cotp:     COTP(this);
+} &byteorder=bigendian &length=tpkt_len;
+
+type COTP(tpkt: TPKT) = record {
+	cotp_len:  uint8;
+	pdu:       uint8;
+	switch:    case pdu of {
+		0xd0    -> connect_confirm: Connect_Confirm(this);
+		0xe0    -> client_request:  Connect_Request(this);
+		0xf0    -> data:            DT_Data;
+
+		# In case we don't support the PDU we just
+		# consume the rest of it and throw it away.
+		default -> not_done:  bytestring &restofdata &transient;
+	};
+} &byteorder=littleendian;
+
+type DT_Data = record {
+	tpdu_number:              uint8;
+	# multiple octet variant of the ASN.1 type field, should handle this better.
+	application_defined_type: uint8;
+	application_type:         uint8;
+
+	data: case application_type of {
+		0x65    -> client: Client_Header; # 0x65 is a client
+		0x66    -> server: Server_Header; # 0x66 is a server
+		default -> none:   empty;
+	};
+} &byteorder=littleendian;
+
+######################################################################
+# Data Blocks
+######################################################################
+
+type Data_Header = record {
+	type:   uint16;
+	length: uint16;
+} &byteorder=littleendian;
+
+type Data_Block = record {
+	header: Data_Header;
+	block: case header.type of {
+		0xc001  -> client_core:       Client_Core_Data;
+		#0xc002  -> client_security:   Client_Security_Data;
+		#0xc003  -> client_network:    Client_Network_Data;
+		#0xc004  -> client_cluster:    Client_Cluster_Data;
+		#0xc005  -> client_monitor:    Client_Monitor_Data;
+		#0xc006  -> client_msgchannel: Client_MsgChannel_Data;
+		#0xc008  -> client_monitor_ex: Client_MonitorExtended_Data;
+		#0xc00A  -> client_multitrans: Client_MultiTransport_Data;
+
+		0x0c01  -> server_core:       Server_Core_Data(header);
+		0x0c02  -> server_security:   Server_Security_Data;
+		0x0c03  -> server_network:    Server_Network_Data;
+		#0x0c04  -> server_msgchannel: Server_MsgChannel_Data;
+		#0x0c08  -> server_multitrans: Server_MultiTransport_Data;
+
+		default -> unhandled:  bytestring &restofdata &transient;
+	} &length=header.length-4;
+} &byteorder=littleendian;
+
+######################################################################
+# Client X.224
+######################################################################
+
+type Connect_Request(cotp: COTP) = record {
+	destination_reference: uint16;
+	source_reference:      uint16;
+	flow_control:          uint8;
+	cookie_mstshash:       RE/Cookie: mstshash\=/;
+	cookie_value:          RE/[^\x0d]*/;
+	cookie_terminator:     RE/\x0d\x0a/;
+	# Terrifying little case statement to figure out if there
+	# is any data left in the COTP structure.
+	switch1:   case (offsetof(switch1) + 2 - cotp.cotp_len - 1) of {
+		0       -> none:        empty;
+		default -> rdp_neg_req: RDP_Negotiation_Request;
+	};
+} &byteorder=littleendian;
+
+type RDP_Negotiation_Request = record {
+	type:                uint8;
+	flags:               uint8;
+	length:              uint16; # must be set to 8
+	requested_protocols: uint32;
+} &let {
+	PROTOCOL_RDP:       bool = requested_protocols & 0x00;
+	PROTOCOL_SSL:       bool = requested_protocols & 0x01;
+	PROTOCOL_HYBRID:    bool = requested_protocols & 0x02;
+	PROTOCOL_HYBRID_EX: bool = requested_protocols & 0x08;
+} &byteorder=littleendian;
+
+######################################################################
+# Server X.224
+######################################################################
+
+type Connect_Confirm(cotp: COTP) = record {
+	destination_reference: uint16;
+	source_reference:      uint16;
+	flags:                 uint8;
+	# Terrifying little case statement to figure out if there
+	# is any data left in the COTP structure.
+	switch1: case (offsetof(switch1) + 2 - cotp.cotp_len - 1) of {
+		0       -> none1:    empty;
+		default -> response: Connect_Confirm_Record;
+	};
+};
+
+type Connect_Confirm_Record = record {
+	response_type:         uint8;
+	switch1: case response_type of {
+		0x02 -> neg_resp: RDP_Negotiation_Response;
+		0x03 -> neg_fail: RDP_Negotiation_Failure;
+	};
+};
+
+type RDP_Negotiation_Response = record {
+	flags:               uint8;
+	length:              uint16; # must be set to 8
+	selected_protocol:   uint32;
+} &let {
+	# Seems to be SSL encrypted (maybe CredSSP also?)
+	# after this message if the selected_protocol is > 0.
+	enc_ssl: bool = $context.connection.go_encrypted(selected_protocol) &if(selected_protocol > 0);
+} &byteorder=littleendian;
+
+type RDP_Negotiation_Failure = record {
+	flags: uint8;
+	length: uint16;
+	failure_code: uint32;
+} &byteorder=littleendian;
+
+######################################################################
+# Client MCS
+######################################################################
+
+type Client_Header = record {
+	type_length:               ASN1Integer;
+	calling_domain_selector:   ASN1OctetString;
+	called_domain_selector:    ASN1OctetString;
+	upward_flag:               ASN1Boolean;
+	target_parameters:         ASN1SequenceMeta;
+	targ_parameters_pad:       bytestring &length=target_parameters.encoding.length &transient;
+	minimum_parameters:        ASN1SequenceMeta;
+	min_parameters_pad:        bytestring &length=minimum_parameters.encoding.length &transient;
+	maximum_parameters:        ASN1SequenceMeta;
+	max_parameters_pad:        bytestring &length=maximum_parameters.encoding.length &transient;
+	# BER encoded OctetString and long variant, can be safely skipped for now
+	user_data_length:          uint32;
+	gcc_connection_data:       GCC_Client_Connection_Data;
+	gcc_client_create_request: GCC_Client_Create_Request;
+	data_blocks:               Data_Block[] &until($input.length() == 0);
+};
+
+type GCC_Client_Connection_Data = record {
+	key_object_length:        uint16;
+	key_object:               uint8[key_object_length];
+	connect_data_connect_pdu: uint16;
+} &byteorder=bigendian;
+
+type GCC_Client_Create_Request = record {
+	extension_bit:           uint8;
+	privileges:              uint8;
+	numeric_length:          uint8;
+	numeric:                 uint8;
+	termination_method:      uint8;
+	number_user_data_sets:   uint8;
+	user_data_value_present: uint8;
+	h221_nonstandard_length: uint8;
+	h221_nonstandard_key:    RE/Duca/;
+	user_data_value_length:  uint16;
+} &byteorder=bigendian;
+
+type Client_Core_Data = record {
+	version_major:            uint16;
+	version_minor:            uint16;
+	desktop_width:            uint16;
+	desktop_height:           uint16;
+	color_depth:              uint16;
+	sas_sequence:             uint16;
+	keyboard_layout:          uint32;
+	client_build:             uint32;
+	client_name:              bytestring &length=32;
+	keyboard_type:            uint32;
+	keyboard_sub:             uint32;
+	keyboard_function_key:    uint32;
+	ime_file_name:            bytestring &length=64;
+	# Everything below here is optional and should be handled better.
+	# If some of these fields aren't included it could lead to parse failure.
+	post_beta2_color_depth:   uint16;
+	client_product_id:        uint16;
+	serial_number:            uint32;
+	high_color_depth:         uint16;
+	supported_color_depths:   uint16;
+	early_capability_flags:   uint16;
+	dig_product_id:           bytestring &length=64;
+	# There are more optional fields here but they are
+	# annoying to optionally parse in binpac.
+	# Documented here: https://msdn.microsoft.com/en-us/library/cc240510.aspx
+} &let {
+	SUPPORT_ERRINFO_PDU:        bool = early_capability_flags & 0x01;
+	WANT_32BPP_SESSION:         bool = early_capability_flags & 0x02;
+	SUPPORT_STATUSINFO_PDU:     bool = early_capability_flags & 0x04;
+	STRONG_ASYMMETRIC_KEYS:     bool = early_capability_flags & 0x08;
+	SUPPORT_MONITOR_LAYOUT_PDU: bool = early_capability_flags & 0x40;
+	SUPPORT_NETCHAR_AUTODETECT: bool = early_capability_flags & 0x80;
+	SUPPORT_DYNVC_GFX_PROTOCOL: bool = early_capability_flags & 0x0100;
+	SUPPORT_DYNAMIC_TIME_ZONE:  bool = early_capability_flags & 0x0200;
+	SUPPORT_HEARTBEAT_PDU:      bool = early_capability_flags & 0x0400;
+} &byteorder=littleendian;
+
+######################################################################
+# Server MCS
+######################################################################
+
+type Server_Header = record {
+	# We don't need this value, but it's ASN.1 integer in definite length
+	# so I think we can skip over it.
+	type_length:                        uint8[3];
+	connect_response_result:            ASN1Enumerated;
+	connect_response_called_id:         ASN1Integer;
+	connect_response_domain_parameters: ASN1SequenceMeta;
+	# Skipping over domain parameters for now.
+	domain_parameters:                  bytestring &length=connect_response_domain_parameters.encoding.length &transient;
+	# I think this is another definite length encoded value.
+	user_data_length:                   uint32;
+	gcc_connection_data:                GCC_Server_Connection_Data;
+	gcc_create_response:                GCC_Server_Create_Response;
+	data_blocks:                        Data_Block[] &until($input.length() == 0);
+} &byteorder=littleendian;
+
+type GCC_Server_Connection_Data = record {
+	key_object_length:        uint16;
+	key_object:               uint8[key_object_length];
+	connect_data_connect_pdu: uint8;
+} &byteorder=bigendian;
+
+type GCC_Server_Create_Response = record {
+	extension_bit:           uint8;
+	node_id:                 uint16;
+	tag_length:              uint8;
+	tag:                     uint8;
+	result:                  uint8;
+	number_user_data_sets:   uint8;
+	user_data_value_present: uint8;
+	h221_nonstandard_length: uint8;
+	h221_nonstandard_key:    RE/McDn/;
+	user_data_value_length:  uint16;
+} &byteorder=bigendian;
+
+type Server_Core_Data(h: Data_Header) = record {
+	version_major: uint16;
+	version_minor: uint16;
+	switch1:       case h.length of {
+		8       -> none:                       empty;
+		default -> client_requested_protocols: uint32;
+	};
+} &byteorder=littleendian;
+
+type Server_Network_Data = record {
+	mcs_channel_id: uint16;
+	channel_count:  uint16;
+} &byteorder=littleendian;
+
+type Server_Security_Data = record {
+	encryption_method:      uint32;
+	encryption_level:       uint32;
+	server_random_length:   uint32;
+	server_cert_length:     uint32;
+	server_random:          bytestring &length=server_random_length;
+	server_certificate:     Server_Certificate &length=server_cert_length;
+} &let {
+	# Seems to be encrypted after this message if
+	# encryption level is >0
+	# 0 means RDP encryption.
+	enc: bool = $context.connection.go_encrypted(0) &if(encryption_method > 0 && encryption_level > 0);
+} &byteorder=littleendian;
+
+type Server_Certificate = record {
+	version: uint32;
+	switch:  case cert_type of {
+		0x01 -> proprietary: Server_Proprietary_Cert(this);
+		0x02 -> x509:        X509;
+	};
+} &let {
+	cert_type:          uint32 = version & 0x7FFFFFFF;
+	permanently_issued: bool   = (version & 0x80000000) == 0;
+} &byteorder=littleendian;
+
+type Server_Proprietary_Cert(cert: Server_Certificate) = record {
+	signature_algorithm:    uint32;
+	key_algorithm:          uint32;
+	public_key_blob_type:   uint16;
+	public_key_blob_length: uint16;
+	public_key_blob:        Public_Key_Blob &length=public_key_blob_length;
+	signature_blob_type:    uint16;
+	signature_blob_length:  uint16;
+	signature_blob:         bytestring &length=signature_blob_length;
+} &byteorder=littleendian;
+
+type Public_Key_Blob = record {
+	magic:           bytestring &length=4;
+	key_length:      uint32;
+	bit_length:      uint32;
+	public_exponent: uint32;
+	modulus:         bytestring &length=key_length;
+} &byteorder=littleendian;
+
+type X509 = record {
+	num_of_certs: uint32;
+	certs: X509_Cert_Data[num_of_certs];
+} &byteorder=littleendian;
+
+type X509_Cert_Data = record {
+	cert_len: uint32;
+	cert: bytestring &length=cert_len;
+} &byteorder=littleendian;
+
+refine connection RDP_Conn += {
+
+	%member{
+		bool is_encrypted_;
+		uint32 encryption_method_;
+	%}
+
+	%init{
+		is_encrypted_ = false;
+		encryption_method_ = 0;
+	%}
+
+	function go_encrypted(method: uint32): bool
+		%{
+		is_encrypted_ = true;
+		encryption_method_ = method;
+
+		if ( rdp_begin_encryption )
+			{
+			BifEvent::generate_rdp_begin_encryption(bro_analyzer(),
+			                                        bro_analyzer()->Conn(),
+			                                        ${method});
+			}
+
+		return is_encrypted_;
+		%}
+
+	function is_encrypted(): bool
+		%{
+		return is_encrypted_;
+		%}
+
+	function encryption_method(): uint32
+		%{
+		return encryption_method_;
+		%}
+};
diff --git a/src/analyzer/protocol/rdp/rdp.pac b/src/analyzer/protocol/rdp/rdp.pac
new file mode 100644
index 0000000000..088896c663
--- /dev/null
+++ b/src/analyzer/protocol/rdp/rdp.pac
@@ -0,0 +1,25 @@
+%include binpac.pac
+%include bro.pac
+
+%extern{
+	#include "events.bif.h"
+%}
+
+analyzer RDP withcontext {
+	connection: RDP_Conn;
+	flow:       RDP_Flow;
+};
+
+# Our connection consists of two flows, one in each direction.
+connection RDP_Conn(bro_analyzer: BroAnalyzer) {
+	upflow   = RDP_Flow(true);
+	downflow = RDP_Flow(false);
+};
+
+%include rdp-protocol.pac
+
+flow RDP_Flow(is_orig: bool) {
+	flowunit = TPKT(is_orig) withcontext(connection, this);
+};
+
+%include rdp-analyzer.pac
diff --git a/src/analyzer/protocol/rdp/types.bif b/src/analyzer/protocol/rdp/types.bif
new file mode 100644
index 0000000000..8222560331
--- /dev/null
+++ b/src/analyzer/protocol/rdp/types.bif
@@ -0,0 +1,5 @@
+
+module RDP;
+
+type EarlyCapabilityFlags: record;
+type ClientCoreData: record;
diff --git a/src/analyzer/protocol/sip/CMakeLists.txt b/src/analyzer/protocol/sip/CMakeLists.txt
new file mode 100644
index 0000000000..6b42d2519a
--- /dev/null
+++ b/src/analyzer/protocol/sip/CMakeLists.txt
@@ -0,0 +1,14 @@
+
+include(BroPlugin)
+
+include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
+
+bro_plugin_begin(Bro SIP)
+bro_plugin_cc(Plugin.cc)
+bro_plugin_cc(SIP.cc)
+bro_plugin_cc(SIP_TCP.cc)
+bro_plugin_bif(events.bif)
+bro_plugin_pac(sip.pac sip-analyzer.pac sip-protocol.pac)
+bro_plugin_pac(sip_TCP.pac sip-protocol.pac sip-analyzer.pac)
+bro_plugin_end()
+
diff --git a/src/analyzer/protocol/sip/Plugin.cc b/src/analyzer/protocol/sip/Plugin.cc
new file mode 100644
index 0000000000..cb8d49ddb6
--- /dev/null
+++ b/src/analyzer/protocol/sip/Plugin.cc
@@ -0,0 +1,29 @@
+// See the file  in the main distribution directory for copyright.
+
+
+#include "plugin/Plugin.h"
+
+#include "SIP.h"
+#include "SIP_TCP.h"
+
+namespace plugin {
+namespace Bro_SIP {
+
+class Plugin : public plugin::Plugin {
+public:
+	plugin::Configuration Configure()
+		{
+		AddComponent(new ::analyzer::Component("SIP", ::analyzer::SIP::SIP_Analyzer::Instantiate));
+
+		// We don't fully support SIP-over-TCP yet, so we don't activate this component.
+		// AddComponent(new ::analyzer::Component("SIP_TCP", ::analyzer::sip_tcp::SIP_Analyzer::Instantiate));
+
+		plugin::Configuration config;
+		config.name = "Bro::SIP";
+		config.description = "SIP analyzer UDP-only";
+		return config;
+		}
+} plugin;
+
+}
+}
diff --git a/src/analyzer/protocol/sip/SIP.cc b/src/analyzer/protocol/sip/SIP.cc
new file mode 100644
index 0000000000..9ff52ec98b
--- /dev/null
+++ b/src/analyzer/protocol/sip/SIP.cc
@@ -0,0 +1,44 @@
+#include "SIP.h"
+
+#include "events.bif.h"
+
+using namespace analyzer::SIP;
+
+SIP_Analyzer::SIP_Analyzer(Connection* c)
+	: analyzer::Analyzer("SIP", c)
+	{
+	interp = new binpac::SIP::SIP_Conn(this);
+	}
+
+SIP_Analyzer::~SIP_Analyzer()
+	{
+	delete interp;
+	}
+
+void SIP_Analyzer::Done()
+	{
+	Analyzer::Done();
+	}
+
+void SIP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
+								 uint64 seq, const IP_Hdr* ip, int caplen)
+	{
+	bool real_orig = true;
+	if ( len > 6 && data[0] == 'S' && data[1] == 'I' && data[2] == 'P' && data[3] == '/' )
+		real_orig  = false;
+
+	// Sometimes we see some packets with just '\r\n' - ignore those
+	if ( len == 2 && data[0] == '\r')
+		return;
+
+	Analyzer::DeliverPacket(len, data, real_orig, seq, ip, caplen);
+
+	try
+		{
+		interp->NewData(real_orig, data, data + len);
+		}
+	catch ( const binpac::Exception& e )
+		{
+		ProtocolViolation(fmt("Binpac exception: %s", e.c_msg()));
+		}
+	}
diff --git a/src/analyzer/protocol/sip/SIP.h b/src/analyzer/protocol/sip/SIP.h
new file mode 100644
index 0000000000..130e70f46a
--- /dev/null
+++ b/src/analyzer/protocol/sip/SIP.h
@@ -0,0 +1,31 @@
+#ifndef ANALYZER_PROTOCOL_SIP_SIP_H
+#define ANALYZER_PROTOCOL_SIP_SIP_H
+
+#include "events.bif.h"
+
+#include "analyzer/protocol/udp/UDP.h"
+#include "sip_pac.h"
+
+namespace analyzer { namespace SIP {
+
+class SIP_Analyzer : public analyzer::Analyzer {
+public:
+	SIP_Analyzer(Connection* conn);
+	virtual ~SIP_Analyzer();
+
+	// Overridden from Analyzer
+
+	virtual void Done();
+	virtual void DeliverPacket(int len, const u_char* data, bool orig,
+				   	   uint64 seq, const IP_Hdr* ip, int caplen);
+
+	static analyzer::Analyzer* Instantiate(Connection* conn)
+	{ return new SIP_Analyzer(conn); }
+
+protected:
+	binpac::SIP::SIP_Conn* interp;
+};
+
+} } // namespace analyzer::*
+
+#endif
diff --git a/src/analyzer/protocol/sip/SIP_TCP.cc b/src/analyzer/protocol/sip/SIP_TCP.cc
new file mode 100644
index 0000000000..464c650bd9
--- /dev/null
+++ b/src/analyzer/protocol/sip/SIP_TCP.cc
@@ -0,0 +1,68 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+//
+// TODO: This is preliminary code that's not yet functional and not
+// activated. We don't yet support SIP-over-TCP.
+
+#include "SIP_TCP.h"
+#include "analyzer/protocol/tcp/TCP_Reassembler.h"
+#include "events.bif.h"
+
+using namespace analyzer::sip_tcp;
+
+SIP_Analyzer::SIP_Analyzer(Connection* conn)
+	: tcp::TCP_ApplicationAnalyzer("SIP_TCP", conn)
+	{
+	interp = new binpac::SIP_TCP::SIP_Conn(this);
+	had_gap = false;
+	}
+
+SIP_Analyzer::~SIP_Analyzer()
+	{
+	delete interp;
+	}
+
+void SIP_Analyzer::Done()
+	{
+	tcp::TCP_ApplicationAnalyzer::Done();
+
+	interp->FlowEOF(true);
+	interp->FlowEOF(false);
+	}
+
+void SIP_Analyzer::EndpointEOF(bool is_orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig);
+	interp->FlowEOF(is_orig);
+	}
+
+void SIP_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
+
+	assert(TCP());
+	if ( TCP()->IsPartial() )
+		return;
+
+	if ( had_gap )
+		// If only one side had a content gap, we could still try to
+		// deliver data to the other side if the script layer can
+		// handle this.
+		return;
+
+	try
+		{
+		interp->NewData(orig, data, data + len);
+		}
+	catch ( const binpac::Exception& e )
+		{
+		printf("BinPAC Exception: %s\n", e.c_msg());
+		ProtocolViolation(e.c_msg());
+		}
+	}
+
+void SIP_Analyzer::Undelivered(uint64 seq, int len, bool orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
+	had_gap = true;
+	interp->NewGap(orig, len);
+	}
diff --git a/src/analyzer/protocol/sip/SIP_TCP.h b/src/analyzer/protocol/sip/SIP_TCP.h
new file mode 100644
index 0000000000..f2a4dad479
--- /dev/null
+++ b/src/analyzer/protocol/sip/SIP_TCP.h
@@ -0,0 +1,37 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+//
+// TODO: This is preliminary code that's not yet functional and not
+// activated. We don't yet support SIP-over-TCP.
+
+#ifndef ANALYZER_PROTOCOL_SIP_SIP_TCP_H
+#define ANALYZER_PROTOCOL_SIP_SIP_TCP_H
+
+#include "analyzer/protocol/tcp/TCP.h"
+
+#include "sip_TCP_pac.h"
+
+namespace analyzer { namespace sip_tcp {
+
+class SIP_Analyzer : public tcp::TCP_ApplicationAnalyzer {
+public:
+	SIP_Analyzer(Connection* conn);
+	virtual ~SIP_Analyzer();
+
+	virtual void Done();
+	virtual void DeliverStream(int len, const u_char* data, bool orig);
+	virtual void Undelivered(uint64 seq, int len, bool orig);
+
+	// Overriden from tcp::TCP_ApplicationAnalyzer.
+	virtual void EndpointEOF(bool is_orig);
+
+	static analyzer::Analyzer* Instantiate(Connection* conn)
+		{ return new SIP_Analyzer(conn); }
+
+protected:
+	binpac::SIP_TCP::SIP_Conn* interp;
+	bool had_gap;
+};
+
+} } // namespace analyzer::*
+
+#endif
diff --git a/src/analyzer/protocol/sip/events.bif b/src/analyzer/protocol/sip/events.bif
new file mode 100644
index 0000000000..f8ab6f4f37
--- /dev/null
+++ b/src/analyzer/protocol/sip/events.bif
@@ -0,0 +1,91 @@
+## Generated for :abbr:`SIP (Session Initiation Protocol)` requests, used in Voice over IP (VoIP).
+##
+## This event is generated as soon as a request's initial line has been parsed.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
+## for more information about the :abbr:`SIP (Session Initiation Protocol)` protocol.
+##
+## c: The connection.
+##
+## method: The :abbr:`SIP (Session Initiation Protocol)` method extracted from the request (e.g., ``REGISTER``, ``NOTIFY``).
+##
+## original_URI: The unprocessed URI as specified in the request.
+##
+## version: The version number specified in the request (e.g., ``2.0``).
+##
+## .. bro:see:: sip_reply sip_header sip_all_headers sip_begin_entity sip_end_entity
+event sip_request%(c: connection, method: string, original_URI: string, version: string%);
+
+## Generated for :abbr:`SIP (Session Initiation Protocol)` replies, used in Voice over IP (VoIP).
+##
+## This event is generated as soon as a reply's initial line has been parsed.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
+## for more information about the :abbr:`SIP (Session Initiation Protocol)` protocol.
+##
+## c: The connection.
+##
+## version: The :abbr:`SIP (Session Initiation Protocol)` version in use.
+##
+## code: The response code.
+##
+## reason: Textual details for the response code.
+##
+## .. bro:see:: sip_request sip_header sip_all_headers sip_begin_entity sip_end_entity
+event sip_reply%(c: connection, version: string, code: count, reason: string%);
+
+## Generated for each :abbr:`SIP (Session Initiation Protocol)` header.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
+## for more information about the :abbr:`SIP (Session Initiation Protocol)` protocol.
+##
+## c: The connection.
+##
+## is_orig: Whether the header came from the originator.
+##
+## name: Header name.
+##
+## value: Header value.
+##
+## .. bro:see:: sip_request sip_reply sip_all_headers sip_begin_entity sip_end_entity
+event sip_header%(c: connection, is_orig: bool, name: string, value: string%);
+
+## Generated once for all :abbr:`SIP (Session Initiation Protocol)` headers from the originator or responder.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
+## for more information about the :abbr:`SIP (Session Initiation Protocol)` protocol.
+##
+## c: The connection.
+##
+## is_orig: Whether the headers came from the originator.
+##
+## hlist: All the headers, and their values
+##
+## .. bro:see:: sip_request sip_reply sip_header sip_begin_entity sip_end_entity
+event sip_all_headers%(c: connection, is_orig: bool, hlist: mime_header_list%);
+
+## Generated at the beginning of a :abbr:`SIP (Session Initiation Protocol)` message.
+##
+## This event is generated as soon as a message's initial line has been parsed.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
+## for more information about the :abbr:`SIP (Session Initiation Protocol)` protocol.
+##
+## c: The connection.
+##
+## is_orig: Whether the message came from the originator.
+##
+## .. bro:see:: sip_request sip_reply sip_header sip_all_headers sip_end_entity
+event sip_begin_entity%(c: connection, is_orig: bool%);
+
+## Generated at the end of a :abbr:`SIP (Session Initiation Protocol)` message.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
+## for more information about the :abbr:`SIP (Session Initiation Protocol)` protocol.
+##
+## c: The connection.
+##
+## is_orig: Whether the message came from the originator.
+##
+## .. bro:see:: sip_request sip_reply sip_header sip_all_headers sip_begin_entity
+event sip_end_entity%(c: connection, is_orig: bool%);
diff --git a/src/analyzer/protocol/sip/sip-analyzer.pac b/src/analyzer/protocol/sip/sip-analyzer.pac
new file mode 100644
index 0000000000..36a1dae7e2
--- /dev/null
+++ b/src/analyzer/protocol/sip/sip-analyzer.pac
@@ -0,0 +1,162 @@
+refine flow SIP_Flow += {
+
+	%member{
+		int content_length;
+		bool build_headers;
+		vector<BroVal> headers;
+	%}
+
+	%init{
+		content_length = 0;
+		build_headers = (sip_all_headers != 0);
+	%}
+
+	function get_content_length(): int
+		%{
+		return content_length;
+		%}
+
+	function proc_sip_request(method: bytestring, uri: bytestring, vers: SIP_Version): bool
+		%{
+		connection()->bro_analyzer()->ProtocolConfirmation();
+		if ( sip_request )
+			{
+			BifEvent::generate_sip_request(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
+						       bytestring_to_val(method), bytestring_to_val(uri),
+						       bytestring_to_val(${vers.vers_str}));
+			}
+
+		proc_sip_message_begin();
+
+		return true;
+		%}
+
+	function proc_sip_reply(vers: SIP_Version, code: int, reason: bytestring): bool
+		%{
+		connection()->bro_analyzer()->ProtocolConfirmation();
+		if ( sip_reply )
+			{
+			BifEvent::generate_sip_reply(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
+						     bytestring_to_val(${vers.vers_str}), code, bytestring_to_val(reason));
+			}
+
+		proc_sip_message_begin();
+
+		return true;
+		%}
+
+	function proc_sip_header(name: bytestring, value: bytestring): bool
+		%{
+		if ( name == "Content-Length" || name == "L" )
+			content_length = bytestring_to_int(value, 10);
+
+		if ( sip_header )
+			{
+			BifEvent::generate_sip_header(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
+						      is_orig(), bytestring_to_val(name)->ToUpper(), bytestring_to_val(value));
+			}
+
+		if ( build_headers )
+			{
+			headers.push_back(build_sip_header_val(name, value));
+			}
+
+		return true;
+		%}
+
+	function build_sip_headers_val(): BroVal
+		%{
+		TableVal* t = new TableVal(mime_header_list);
+
+		for ( unsigned int i = 0; i < headers.size(); ++i )
+			{ // index starting from 1
+			Val* index = new Val(i + 1, TYPE_COUNT);
+			t->Assign(index, headers[i]);
+			Unref(index);
+			}
+
+		return t;
+		%}
+
+	function gen_sip_all_headers(): void
+		%{
+		if ( sip_all_headers )
+			{
+			BifEvent::generate_sip_all_headers(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
+							   is_orig(), build_sip_headers_val());
+			}
+
+		headers.clear();
+		%}
+
+	function proc_sip_end_of_headers(headers: SIP_Headers): bool
+		%{
+		if ( build_headers )
+			{
+			gen_sip_all_headers();
+			}
+
+		return true;
+		%}
+
+	function build_sip_header_val(name: const_bytestring, value: const_bytestring): BroVal
+		%{
+		RecordVal* header_record = new RecordVal(mime_header_rec);
+
+		StringVal* name_val = 0;
+		if ( name.length() > 0 )
+			{
+			// Make it all uppercase.
+			name_val = new StringVal(name.length(), (const char*) name.begin());
+			name_val->ToUpper();
+			}
+		else
+			{
+			name_val = new StringVal("");
+			}
+
+		header_record->Assign(0, name_val);
+		header_record->Assign(1, bytestring_to_val(value));
+
+		return header_record;
+		%}
+
+	function proc_sip_message_begin(): void
+		%{
+		if ( sip_begin_entity )
+			{
+			BifEvent::generate_sip_begin_entity(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig());
+			}
+		%}
+
+	function proc_sip_message_done(pdu: SIP_PDU): bool
+		%{
+		if ( sip_end_entity )
+			{
+			BifEvent::generate_sip_end_entity(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig());
+			}
+
+		return true;
+		%}
+
+};
+
+refine typeattr SIP_RequestLine += &let {
+       proc: bool = $context.flow.proc_sip_request(method, uri, version);
+};
+
+refine typeattr SIP_ReplyLine += &let {
+       proc: bool = $context.flow.proc_sip_reply(version, status.stat_num, reason);
+};
+
+refine typeattr SIP_Header += &let {
+       proc: bool = $context.flow.proc_sip_header(name, value);
+};
+
+refine typeattr SIP_Headers += &let {
+       proc: bool = $context.flow.proc_sip_end_of_headers(this);
+};
+
+refine typeattr SIP_PDU += &let {
+       proc: bool = $context.flow.proc_sip_message_done(this);
+};
diff --git a/src/analyzer/protocol/sip/sip-protocol.pac b/src/analyzer/protocol/sip/sip-protocol.pac
new file mode 100644
index 0000000000..a9e03cf2c1
--- /dev/null
+++ b/src/analyzer/protocol/sip/sip-protocol.pac
@@ -0,0 +1,78 @@
+enum ExpectBody {
+	BODY_EXPECTED,
+	BODY_NOT_EXPECTED,
+	BODY_MAYBE,
+};
+
+type SIP_TOKEN  = RE/[^()<>@,;:\\"\/\[\]?={} \t]+/;
+type SIP_WS     = RE/[ \t]*/;
+type SIP_COLON	= RE/:/;
+type SIP_TO_EOL = RE/[^\r\n]*/;
+type SIP_EOL    = RE/(\r\n){1,2}/;
+type SIP_URI    = RE/[[:alnum:]@[:punct:]]+/;
+
+type SIP_PDU(is_orig: bool) = case is_orig of {
+	true  ->	request:	SIP_Request;
+	false ->	reply:		SIP_Reply;
+};
+
+type SIP_Request = record {
+	request:	SIP_RequestLine;
+	newline:	padding[2];
+	msg:		SIP_Message;
+};
+
+type SIP_Reply = record {
+	reply:		SIP_ReplyLine;
+	newline:	padding[2];
+	msg:		SIP_Message;
+};
+
+type SIP_RequestLine = record {
+	method:		SIP_TOKEN;
+	:		SIP_WS;
+	uri:		SIP_URI;
+	:		SIP_WS;
+	version:	SIP_Version;
+} &oneline;
+
+type SIP_ReplyLine = record {
+	version:	SIP_Version;
+	:		SIP_WS;
+	status:		SIP_Status;
+	:		SIP_WS;
+	reason:		SIP_TO_EOL;
+} &oneline;
+
+type SIP_Status = record {
+	stat_str:	RE/[0-9]{3}/;
+} &let {
+	stat_num: int = bytestring_to_int(stat_str, 10);
+};
+
+type SIP_Version = record {
+	:			"SIP/";
+	vers_str:	RE/[0-9]+\.[0-9]+/;
+} &let {
+	vers_num:	double = bytestring_to_double(vers_str);
+};
+
+type SIP_Headers = SIP_Header[] &until($input.length() == 0);
+
+type SIP_Message = record {
+	headers:	SIP_Headers;
+	body:		SIP_Body;
+};
+
+type SIP_HEADER_NAME = RE/[^: \t]+/;
+type SIP_Header = record {
+	name:	SIP_HEADER_NAME;
+	:	SIP_COLON;
+	:	SIP_WS;
+	value:	SIP_TO_EOL;
+	:	SIP_EOL;
+} &oneline &byteorder=bigendian;
+
+type SIP_Body = record {
+	 body:	bytestring &length = $context.flow.get_content_length();
+};
diff --git a/src/analyzer/protocol/sip/sip.pac b/src/analyzer/protocol/sip/sip.pac
new file mode 100644
index 0000000000..f527a90117
--- /dev/null
+++ b/src/analyzer/protocol/sip/sip.pac
@@ -0,0 +1,27 @@
+# BinPAC file for SIP analyzer
+# Based heavily on the HTTP BinPAC analyzer
+
+%include binpac.pac
+%include bro.pac
+
+%extern{
+#include "events.bif.h"
+%}
+
+analyzer SIP withcontext {
+	connection:	 SIP_Conn;
+	flow:		 SIP_Flow;
+};
+
+connection SIP_Conn(bro_analyzer: BroAnalyzer) {
+	upflow = SIP_Flow(true);
+	downflow = SIP_Flow(false);
+};
+
+%include sip-protocol.pac
+
+flow SIP_Flow(is_orig: bool) {
+	datagram = SIP_PDU(is_orig) withcontext(connection, this);
+};
+
+%include sip-analyzer.pac
diff --git a/src/analyzer/protocol/sip/sip_TCP.pac b/src/analyzer/protocol/sip/sip_TCP.pac
new file mode 100644
index 0000000000..5546d28ece
--- /dev/null
+++ b/src/analyzer/protocol/sip/sip_TCP.pac
@@ -0,0 +1,30 @@
+# BinPAC file for SIP over TCP
+# Based heavily on the HTTP BinPAC analyzer
+#
+# TODO: This is preliminary code that's not yet functional and not
+# activated. We don't yet support SIP-over-TCP.
+
+%include binpac.pac
+%include bro.pac
+
+%extern{
+#include "events.bif.h"
+%}
+
+analyzer SIP_TCP withcontext {
+	connection:	 SIP_Conn;
+	flow:		 SIP_Flow;
+};
+
+connection SIP_Conn(bro_analyzer: BroAnalyzer) {
+	upflow = SIP_Flow(true);
+	downflow = SIP_Flow(false);
+};
+
+%include sip-protocol.pac
+
+flow SIP_Flow(is_orig: bool) {
+	datagram = SIP_PDU(is_orig) withcontext(connection, this);
+};
+
+%include sip-analyzer.pac
diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc
index a835672378..d2743817d5 100644
--- a/src/analyzer/protocol/smtp/SMTP.cc
+++ b/src/analyzer/protocol/smtp/SMTP.cc
@@ -896,7 +896,7 @@ void SMTP_Analyzer::BeginData()
 	skip_data = 0; // reset the flag at the beginning of the mail
 	if ( mail != 0 )
 		{
-		reporter->Warning("nested mail transaction");
+		Weird("smtp_nested_mail_transaction");
 		mail->Done();
 		delete mail;
 		}
@@ -907,7 +907,7 @@ void SMTP_Analyzer::BeginData()
 void SMTP_Analyzer::EndData()
 	{
 	if ( ! mail )
-		reporter->Warning("Unmatched end of data");
+		Weird("smtp_unmatched_end_of_data");
 	else
 		{
 		mail->Done();
diff --git a/src/analyzer/protocol/snmp/CMakeLists.txt b/src/analyzer/protocol/snmp/CMakeLists.txt
index 7f1ffe2ed6..43cbf45ac4 100644
--- a/src/analyzer/protocol/snmp/CMakeLists.txt
+++ b/src/analyzer/protocol/snmp/CMakeLists.txt
@@ -7,5 +7,5 @@ bro_plugin_begin(Bro SNMP)
 bro_plugin_cc(SNMP.cc Plugin.cc)
 bro_plugin_bif(types.bif)
 bro_plugin_bif(events.bif)
-bro_plugin_pac(snmp.pac snmp-protocol.pac snmp-analyzer.pac)
+bro_plugin_pac(snmp.pac snmp-protocol.pac snmp-analyzer.pac ../asn1/asn1.pac)
 bro_plugin_end()
diff --git a/src/analyzer/protocol/snmp/snmp-analyzer.pac b/src/analyzer/protocol/snmp/snmp-analyzer.pac
index feb4474feb..891531b292 100644
--- a/src/analyzer/protocol/snmp/snmp-analyzer.pac
+++ b/src/analyzer/protocol/snmp/snmp-analyzer.pac
@@ -8,19 +8,9 @@
 %}
 
 %header{
-StringVal* asn1_oid_to_val(const ASN1Encoding* oid);
-StringVal* asn1_oid_to_val(const ASN1ObjectIdentifier* oid);
-
-Val* asn1_integer_to_val(const ASN1Encoding* i, TypeTag t);
-Val* asn1_integer_to_val(const ASN1Integer* i, TypeTag t);
-
-StringVal* asn1_octet_string_to_val(const ASN1Encoding* s);
-StringVal* asn1_octet_string_to_val(const ASN1OctetString* s);
-
 AddrVal* network_address_to_val(const ASN1Encoding* na);
 AddrVal* network_address_to_val(const NetworkAddress* na);
-
-Val* asn1_obj_to_val(const ASN1Encoding* obj);
+Val*     asn1_obj_to_val(const ASN1Encoding* obj);
 
 RecordVal* build_hdr(const Header* header);
 RecordVal* build_hdrV3(const Header* header);
@@ -32,73 +22,24 @@ RecordVal* build_bulk_pdu(const GetBulkRequestPDU* pdu);
 
 %code{
 
-StringVal* asn1_oid_to_val(const ASN1ObjectIdentifier* oid)
+AddrVal* network_address_to_val(const NetworkAddress* na)
 	{
-	return asn1_oid_to_val(oid->encoding());
+	return network_address_to_val(na->encoding());
 	}
 
-StringVal* asn1_oid_to_val(const ASN1Encoding* oid)
+AddrVal* network_address_to_val(const ASN1Encoding* na)
 	{
-	vector<uint64> oid_components;
-	vector<vector<uint8> > subidentifiers;
-	vector<uint64> subidentifier_values;
-	vector<uint8> subidentifier;
-	bytestring const& bs = oid->content();
+	bytestring const& bs = na->content();
 
-	for ( int i = 0; i < bs.length(); ++i )
-		{
-		if ( bs[i] & 0x80 )
-			subidentifier.push_back(bs[i] & 0x7f);
-		else
-			{
-			subidentifier.push_back(bs[i]);
-			subidentifiers.push_back(subidentifier);
-			subidentifier.clear();
-			}
-		}
+	// IPv6 can probably be presumed to be a octet string of length 16,
+	// but standards don't seem to currently make any provisions for IPv6,
+	// so ignore anything that can't be IPv4.
+	if ( bs.length() != 4 )
+		return new AddrVal(IPAddr());
 
-	if ( ! subidentifier.empty() || subidentifiers.size() < 1 )
-		// Underflow.
-		return new StringVal("");
-
-	for ( size_t i = 0; i < subidentifiers.size(); ++i )
-		{
-		subidentifier = subidentifiers[i];
-		uint64 value = 0;
-
-		for ( size_t j = 0; j < subidentifier.size(); ++j )
-			{
-			uint64 byte = subidentifier[j];
-			value |= byte << (7 * (subidentifier.size() - (j + 1)));
-			}
-
-		subidentifier_values.push_back(value);
-		}
-
-	string rval;
-
-	for ( size_t i = 0; i < subidentifier_values.size(); ++i )
-		{
-		char tmp[32];
-
-		if ( i > 0 )
-			{
-			rval += ".";
-			snprintf(tmp, sizeof(tmp), "%" PRIu64, subidentifier_values[i]);
-			rval += tmp;
-			}
-		else
-			{
-			std::div_t result = std::div(subidentifier_values[i], 40);
-			snprintf(tmp, sizeof(tmp), "%d", result.quot);
-			rval += tmp;
-			rval += ".";
-			snprintf(tmp, sizeof(tmp), "%d", result.rem);
-			rval += tmp;
-			}
-		}
-
-	return new StringVal(rval);
+	const u_char* data = reinterpret_cast<const u_char*>(bs.data());
+	uint32 network_order = extract_uint32(data);
+	return new AddrVal(network_order);
 	}
 
 Val* asn1_obj_to_val(const ASN1Encoding* obj)
@@ -144,47 +85,6 @@ Val* asn1_obj_to_val(const ASN1Encoding* obj)
 	return rval;
 	}
 
-StringVal* asn1_octet_string_to_val(const ASN1OctetString* s)
-	{
-	return asn1_octet_string_to_val(s->encoding());
-	}
-
-StringVal* asn1_octet_string_to_val(const ASN1Encoding* s)
-	{
-	bytestring const& bs = s->content();
-	return new StringVal(bs.length(), reinterpret_cast<const char*>(bs.data()));
-	}
-
-Val* asn1_integer_to_val(const ASN1Integer* i, TypeTag t)
-	{
-	return asn1_integer_to_val(i->encoding(), t);
-	}
-
-Val* asn1_integer_to_val(const ASN1Encoding* i, TypeTag t)
-	{
-	return new Val(binary_to_int64(i->content()), t);
-	}
-
-AddrVal* network_address_to_val(const NetworkAddress* na)
-	{
-	return network_address_to_val(na->encoding());
-	}
-
-AddrVal* network_address_to_val(const ASN1Encoding* na)
-	{
-	bytestring const& bs = na->content();
-
-	// IPv6 can probably be presumed to be a octet string of length 16,
-	// but standards don't seem to currently make any provisions for IPv6,
-	// so ignore anything that can't be IPv4.
-	if ( bs.length() != 4 )
-		return new AddrVal(IPAddr());
-
-	const u_char* data = reinterpret_cast<const u_char*>(bs.data());
-	uint32 network_order = extract_uint32(data);
-	return new AddrVal(network_order);
-	}
-
 Val* time_ticks_to_val(const TimeTicks* tt)
 	{
 	return asn1_integer_to_val(tt->asn1_integer(), TYPE_COUNT);
diff --git a/src/analyzer/protocol/snmp/snmp-protocol.pac b/src/analyzer/protocol/snmp/snmp-protocol.pac
index 8d9b602ea2..f498271b72 100644
--- a/src/analyzer/protocol/snmp/snmp-protocol.pac
+++ b/src/analyzer/protocol/snmp/snmp-protocol.pac
@@ -8,6 +8,8 @@
 # used.  Primitive or non-constructor encodings are preferred over
 # constructor encodings.
 
+%include ../asn1/asn1.pac
+
 type TopLevelMessage(is_orig: bool) = record {
 	asn1_sequence_meta: ASN1SequenceMeta;
 	version:            ASN1Integer;
@@ -215,58 +217,3 @@ enum VarBindNullTag {
 	VARBIND_NOSUCHINSTANCE_TAG = 0x81,
 	VARBIND_ENDOFMIBVIEW_TAG   = 0x82,
 };
-
-############################## ASN.1 Encodings
-
-enum ASN1TypeTag {
-	ASN1_INTEGER_TAG           = 0x02,
-	ASN1_OCTET_STRING_TAG      = 0x04,
-	ASN1_NULL_TAG              = 0x05,
-	ASN1_OBJECT_IDENTIFIER_TAG = 0x06,
-	ASN1_SEQUENCE_TAG          = 0x30,
-};
-
-type ASN1Encoding = record {
-	meta:    ASN1EncodingMeta;
-	content: bytestring &length = meta.length;
-};
-
-type ASN1EncodingMeta = record {
-	tag:      uint8;
-	len:      uint8;
-	more_len: bytestring &length = long_len ? len & 0x7f : 0;
-} &let {
-	long_len: bool = len & 0x80;
-	length:   uint64 = long_len ? binary_to_int64(more_len) : len & 0x7f;
-};
-
-type ASN1SequenceMeta = record {
-	encoding: ASN1EncodingMeta;
-};
-
-type ASN1Integer = record {
-	encoding: ASN1Encoding;
-};
-
-type ASN1OctetString = record {
-	encoding: ASN1Encoding;
-};
-
-type ASN1ObjectIdentifier = record {
-	encoding: ASN1Encoding;
-};
-
-############################## ASN.1 Conversion Functions
-
-function binary_to_int64(bs: bytestring): int64
-	%{
-	int64 rval = 0;
-
-	for ( int i = 0; i < bs.length(); ++i )
-		{
-		uint64 byte = bs[i];
-		rval |= byte << (8 * (bs.length() - (i + 1)));
-		}
-
-	return rval;
-	%}
diff --git a/src/analyzer/protocol/ssh/CMakeLists.txt b/src/analyzer/protocol/ssh/CMakeLists.txt
index 505c89332e..b7d8b50b4a 100644
--- a/src/analyzer/protocol/ssh/CMakeLists.txt
+++ b/src/analyzer/protocol/ssh/CMakeLists.txt
@@ -4,6 +4,8 @@ include(BroPlugin)
 include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
 
 bro_plugin_begin(Bro SSH)
-bro_plugin_cc(SSH.cc Plugin.cc)
-bro_plugin_bif(events.bif)
+	bro_plugin_cc(SSH.cc Plugin.cc)
+	bro_plugin_bif(types.bif)
+	bro_plugin_bif(events.bif)
+	bro_plugin_pac(ssh.pac ssh-analyzer.pac ssh-protocol.pac consts.pac)
 bro_plugin_end()
diff --git a/src/analyzer/protocol/ssh/Plugin.cc b/src/analyzer/protocol/ssh/Plugin.cc
index 98b4e25522..be5d2f428b 100644
--- a/src/analyzer/protocol/ssh/Plugin.cc
+++ b/src/analyzer/protocol/ssh/Plugin.cc
@@ -1,25 +1,24 @@
 // See the file  in the main distribution directory for copyright.
 
-
 #include "plugin/Plugin.h"
-
 #include "SSH.h"
 
 namespace plugin {
-namespace Bro_SSH {
+	namespace Bro_SSH {
 
-class Plugin : public plugin::Plugin {
-public:
-	plugin::Configuration Configure()
-		{
-		AddComponent(new ::analyzer::Component("SSH", ::analyzer::ssh::SSH_Analyzer::Instantiate));
+		class Plugin : public plugin::Plugin {
+		public:
+			plugin::Configuration Configure()
+				{
+				AddComponent(new ::analyzer::Component("SSH", ::analyzer::SSH::SSH_Analyzer::Instantiate));
+
+				plugin::Configuration config;
+				config.name = "Bro::SSH";
+				config.description = "Secure Shell analyzer";
+				return config;
+				}
+			} plugin;
 
-		plugin::Configuration config;
-		config.name = "Bro::SSH";
-		config.description = "SSH analyzer";
-		return config;
 		}
-} plugin;
+	}
 
-}
-}
diff --git a/src/analyzer/protocol/ssh/SSH.cc b/src/analyzer/protocol/ssh/SSH.cc
index ab3f6a5e5b..f1f8857e03 100644
--- a/src/analyzer/protocol/ssh/SSH.cc
+++ b/src/analyzer/protocol/ssh/SSH.cc
@@ -1,105 +1,148 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
-#include "config.h"
-
-#include <ctype.h>
-
-#include "NetVar.h"
 #include "SSH.h"
-#include "Event.h"
-#include "analyzer/protocol/tcp/ContentLine.h"
 
+#include "analyzer/protocol/tcp/TCP_Reassembler.h"
+
+#include "Reporter.h"
+
+#include "types.bif.h"
 #include "events.bif.h"
 
-using namespace analyzer::ssh;
+using namespace analyzer::SSH;
 
 SSH_Analyzer::SSH_Analyzer(Connection* c)
-: tcp::TCP_ApplicationAnalyzer("SSH", c)
+	: tcp::TCP_ApplicationAnalyzer("SSH", c)
 	{
-	orig = new tcp::ContentLine_Analyzer(c, true);
-	orig->SetSkipPartial(true);
-	orig->SetCRLFAsEOL(LF_as_EOL);
-	AddSupportAnalyzer(orig);
-
-	resp = new tcp::ContentLine_Analyzer(c, false);
-	resp->SetSkipPartial(true);
-	resp->SetCRLFAsEOL(LF_as_EOL);
-	AddSupportAnalyzer(resp);
+	interp = new binpac::SSH::SSH_Conn(this);
+	had_gap = false;
+	auth_decision_made = false;
+	skipped_banner = false;
+	service_accept_size = 0;
+	userauth_failure_size = 0;
 	}
 
-void SSH_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
+SSH_Analyzer::~SSH_Analyzer()
 	{
-	tcp::TCP_ApplicationAnalyzer::DeliverStream(length, data, is_orig);
+	delete interp;
+	}
 
-	// We're all done processing this endpoint - flag it as such,
-	// before we even determine whether we have any event generation
-	// work to do, to make sure we don't do any further work on it.
-	if ( is_orig )
-		orig->SetSkipDeliveries(true);
-	else
-		resp->SetSkipDeliveries(true);
+void SSH_Analyzer::Done()
+	{
+	tcp::TCP_ApplicationAnalyzer::Done();
 
-	if ( TCP() )
+	interp->FlowEOF(true);
+	interp->FlowEOF(false);
+	}
+
+void SSH_Analyzer::EndpointEOF(bool is_orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig);
+	interp->FlowEOF(is_orig);
+	}
+
+void SSH_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
+
+	assert(TCP());
+	if ( TCP()->IsPartial() )
+		return;
+
+	if ( had_gap )
+		// If only one side had a content gap, we could still try to
+		// deliver data to the other side if the script layer can handle this.
+		return;
+
+	if ( interp->get_state(orig) == binpac::SSH::ENCRYPTED )
 		{
-		// Don't try to parse version if there has already been a gap.
-		tcp::TCP_Endpoint* endp = is_orig ? TCP()->Orig() : TCP()->Resp();
-		if ( endp->HadGap() )
+		if ( ssh_encrypted_packet )
+			BifEvent::generate_ssh_encrypted_packet(interp->bro_analyzer(), interp->bro_analyzer()->Conn(),
+				orig, len);
+
+		if ( ! auth_decision_made )
+			ProcessEncrypted(len, orig);
+
+		return;
+		}
+
+	try
+		{
+		interp->NewData(orig, data, data + len);
+		}
+	catch ( const binpac::Exception& e )
+		{
+		ProtocolViolation(fmt("Binpac exception: %s", e.c_msg()));
+		}
+	}
+
+void SSH_Analyzer::Undelivered(uint64 seq, int len, bool orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
+	had_gap = true;
+	interp->NewGap(orig, len);
+	}
+
+void SSH_Analyzer::ProcessEncrypted(int len, bool orig)
+	{
+	// We're interested in messages from the server for SSH2
+	if ( ! orig && (interp->get_version() == binpac::SSH::SSH2) )
+		{
+		// The first thing we see and want to know is the length of
+		// SSH_MSG_SERVICE_REQUEST, which has a fixed (decrypted) size
+		// of 24 bytes (17 for content pad-aligned to 8-byte
+		// boundaries)
+		if ( ! service_accept_size )
+			{
+			service_accept_size = len;
 			return;
-		}
-
-	const char* line = (const char*) data;
-
-	// The SSH identification looks like this:
-	//
-	//     SSH-<protocolmajor>.<protocolminor>-<version>\n
-	//
-	// We're interested in the "version" part here.
-
-	if ( length < 4 || memcmp(line, "SSH-", 4) != 0 )
-		{
-		Weird("malformed_ssh_identification");
-		ProtocolViolation("malformed ssh identification", line, length);
-		return;
-		}
-
-	int i;
-	for ( i = 4; i < length && line[i] != '-'; ++i )
-		;
-
-	if ( TCP() )
-		{
-		if ( length >= i )
-			{
-			IPAddr dst;
-
-			if ( is_orig )
-				dst = TCP()->Orig()->dst_addr;
-			else
-				dst = TCP()->Resp()->dst_addr;
-
-			if ( Conn()->VersionFoundEvent(dst, line + i,
-							length - i) )
-				ProtocolConfirmation();
-			else
-				ProtocolViolation("malformed ssh version",
-							line, length);
 			}
-		else
+
+		// If our user can authenticate via the "none" method, this
+		// packet will be a SSH_MSG_USERAUTH_SUCCESS, which has a
+		// fixed (decrypted) size of 8 bytes (1 for content
+		// pad-aligned to 8-byte boundaries). relative_len would be
+		// -16.
+		if ( ! userauth_failure_size && (len + 16 == service_accept_size) )
 			{
-			Weird("malformed_ssh_version");
-			ProtocolViolation("malformed ssh version", line, length);
+			auth_decision_made = true;
+			if ( ssh_auth_successful )
+				BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
+			return;
+			}
+
+		// Normally, this packet would be a SSH_MSG_USERAUTH_FAILURE
+		// message, with a variable length, depending on the
+		// authentication methods the server supports. If it's too
+		// big, it might contain a pre-auth MOTD/banner, so we'll just
+		// skip it.
+		if ( ! userauth_failure_size )
+			{
+			if ( ! skipped_banner && (len - service_accept_size) > 256 )
+				{
+				skipped_banner = true;
+				return;
+				}
+			userauth_failure_size = len;
+			return;
+			}
+
+		// If we've already seen a failure, let's see if this is
+		// another packet of the same size.
+		if ( len == userauth_failure_size )
+			{
+			if ( ssh_auth_failed )
+				BifEvent::generate_ssh_auth_failed(interp->bro_analyzer(), interp->bro_analyzer()->Conn());
+			return;
+			}
+
+		// ...or a success packet.
+		if ( len - service_accept_size == -16 )
+			{
+			auth_decision_made = true;
+			if ( ssh_auth_successful )
+				BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), false);
+			return;
 			}
 		}
-
-	// Generate SSH events.
-	EventHandlerPtr event = is_orig ?
-				ssh_client_version : ssh_server_version;
-	if ( ! event )
-		return;
-
-	val_list* vl = new val_list;
-	vl->append(BuildConnVal());
-	vl->append(new StringVal(length, line));
-
-	ConnectionEvent(event, vl);
 	}
diff --git a/src/analyzer/protocol/ssh/SSH.h b/src/analyzer/protocol/ssh/SSH.h
index d1f8c36150..dc3a7c5e39 100644
--- a/src/analyzer/protocol/ssh/SSH.h
+++ b/src/analyzer/protocol/ssh/SSH.h
@@ -3,25 +3,46 @@
 #ifndef ANALYZER_PROTOCOL_SSH_SSH_H
 #define ANALYZER_PROTOCOL_SSH_SSH_H
 
+#include "events.bif.h"
+
 #include "analyzer/protocol/tcp/TCP.h"
-#include "analyzer/protocol/tcp/ContentLine.h"
+#include "ssh_pac.h"
 
-namespace analyzer { namespace ssh {
+namespace analyzer {
+	namespace SSH {
+		class SSH_Analyzer : public tcp::TCP_ApplicationAnalyzer {
 
-class SSH_Analyzer : public tcp::TCP_ApplicationAnalyzer {
-public:
-	SSH_Analyzer(Connection* conn);
+		public:
+			SSH_Analyzer(Connection* conn);
+			virtual ~SSH_Analyzer();
 
-	virtual void DeliverStream(int len, const u_char* data, bool orig);
+			// Overriden from Analyzer.
+			virtual void Done();
+			virtual void DeliverStream(int len, const u_char* data, bool orig);
+			virtual void Undelivered(uint64 seq, int len, bool orig);
 
-	static analyzer::Analyzer* Instantiate(Connection* conn)
-		{ return new SSH_Analyzer(conn); }
+			// Overriden from tcp::TCP_ApplicationAnalyzer.
+			virtual void EndpointEOF(bool is_orig);
 
-private:
-	tcp::ContentLine_Analyzer* orig;
-	tcp::ContentLine_Analyzer* resp;
-};
+			static analyzer::Analyzer* Instantiate(Connection* conn)
+				{ return new SSH_Analyzer(conn); }
 
-} } // namespace analyzer::* 
+		protected:
+			binpac::SSH::SSH_Conn* interp;
 
+			void ProcessEncrypted(int len, bool orig);
+
+			bool had_gap;
+
+			// Packet analysis stuff
+			bool auth_decision_made;
+			bool skipped_banner;
+
+			int service_accept_size;
+			int userauth_failure_size;
+
+			};
+
+		}
+	}
 #endif
diff --git a/src/analyzer/protocol/ssh/consts.pac b/src/analyzer/protocol/ssh/consts.pac
new file mode 100644
index 0000000000..78027f8a51
--- /dev/null
+++ b/src/analyzer/protocol/ssh/consts.pac
@@ -0,0 +1,126 @@
+enum version {
+	SSH1 = 1,
+	SSH2 = 2,
+	UNK  = 3,
+};
+
+enum state {
+	VERSION_EXCHANGE = 0,
+	KEX_INIT         = 1,
+	KEX_DH_GEX       = 2,
+	KEX_DH           = 3,
+	KEX_ECC          = 4,
+	KEX_GSS          = 5,
+	KEX_RSA          = 6,
+	ENCRYPTED        = 7,
+};
+
+# diffie-hellman-group1-sha1	[RFC4253]	Section 8.1
+# diffie-hellman-group14-sha1	[RFC4253]	Section 8.2
+enum KEX_DH_message_id {
+	SSH_MSG_KEXDH_INIT  = 30,
+	SSH_MSG_KEXDH_REPLY = 31,
+};
+
+# diffie-hellman-group-exchange-sha1	[RFC4419]	Section 4.1
+# diffie-hellman-group-exchange-sha256	[RFC4419]	Section 4.2
+enum KEX_DH_GEX_message_id {
+	SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30,
+	SSH_MSG_KEX_DH_GEX_GROUP       = 31,
+	SSH_MSG_KEX_DH_GEX_INIT        = 32,
+	SSH_MSG_KEX_DH_GEX_REPLY       = 33,
+	SSH_MSG_KEX_DH_GEX_REQUEST     = 34,
+};
+
+# rsa1024-sha1		[RFC4432]
+# rsa2048-sha256	[RFC4432]
+enum KEX_RSA_message_id {
+	SSH_MSG_KEXRSA_PUBKEY = 30,
+	SSH_MSG_KEXRSA_SECRET = 31,
+	SSH_MSG_KEXRSA_DONE   = 32,
+};
+
+# gss-group1-sha1-*	[RFC4462]	Section 2.3
+# gss-group14-sha1-*	[RFC4462]	Section 2.4
+# gss-gex-sha1-*	[RFC4462]	Section 2.5
+# gss-*			[RFC4462]	Section 2.6
+enum KEX_GSS_message_id {
+	SSH_MSG_KEXGSS_INIT     = 30,
+	SSH_MSG_KEXGSS_CONTINUE = 31,
+	SSH_MSG_KEXGSS_COMPLETE = 32,
+	SSH_MSG_KEXGSS_HOSTKEY  = 33,
+	SSH_MSG_KEXGSS_ERROR    = 34,
+	SSH_MSG_KEXGSS_GROUPREQ = 40,
+	SSH_MSG_KEXGSS_GROUP    = 41,
+};
+
+# ecdh-sha2-*	[RFC5656]
+enum KEX_ECDH_message_id {
+	SSH_MSG_KEX_ECDH_INIT  = 30,
+	SSH_MSG_KEX_ECDH_REPLY = 31,
+};
+
+# ecmqv-sha2	[RFC5656]
+enum KEX_ECMQV_message_id {
+	SSH_MSG_ECMQV_INIT  = 30,
+	SSH_MSG_ECMQV_REPLY = 31,
+};
+
+enum ssh1_message_id {
+	SSH_MSG_NONE                        = 0,
+	SSH_MSG_DISCONNECT                  = 1,
+	SSH_SMSG_PUBLIC_KEY                 = 2,
+	SSH_CMSG_SESSION_KEY                = 3,
+	SSH_CMSG_USER                       = 4,
+	SSH_CMSG_AUTH_RHOSTS                = 5,
+	SSH_CMSG_AUTH_RSA                   = 6,
+	SSH_SMSG_AUTH_RSA_CHALLENGE         = 7,
+	SSH_CMSG_AUTH_RSA_RESPONSE          = 8,
+	SSH_CMSG_AUTH_PASSWORD              = 9,
+	SSH_CMSG_REQUEST_PTY                = 10,
+	SSH_CMSG_WINDOW_SIZE                = 11,
+	SSH_CMSG_EXEC_SHELL                 = 12,
+	SSH_CMSG_EXEC_CMD                   = 13,
+	SSH_SMSG_SUCCESS                    = 14,
+	SSH_SMSG_FAILURE                    = 15,
+	SSH_CMSG_STDIN_DATA                 = 16,
+	SSH_SMSG_STDOUT_DATA                = 17,
+	SSH_SMSG_STDERR_DATA                = 18,
+	SSH_CMSG_EOF                        = 19,
+	SSH_SMSG_EXITSTATUS                 = 20,
+	SSH_MSG_CHANNEL_OPEN_CONFIRMATION   = 21,
+	SSH_MSG_CHANNEL_OPEN_FAILURE        = 22,
+	SSH_MSG_CHANNEL_DATA                = 23,
+	SSH_MSG_CHANNEL_CLOSE               = 24,
+	SSH_MSG_CHANNEL_CLOSE_CONFIRMATION  = 25,
+	SSH_CMSG_X11_REQUEST_FORWARDING_OLD = 26,
+	SSH_SMSG_X11_OPEN                   = 27,
+	SSH_CMSG_PORT_FORWARD_REQUEST       = 28,
+	SSH_MSG_PORT_OPEN                   = 29,
+	SSH_CMSG_AGENT_REQUEST_FORWARDING   = 30,
+	SSH_SMSG_AGENT_OPEN                 = 31,
+	SSH_MSG_IGNORE                      = 32,
+	SSH_CMSG_EXIT_CONFIRMATION          = 33,
+	SSH_CMSG_X11_REQUEST_FORWARDING     = 34,
+	SSH_CMSG_AUTH_RHOSTS_RSA            = 35,
+	SSH_MSG_DEBUG                       = 36,
+	SSH_CMSG_REQUEST_COMPRESSION        = 37,
+	SSH_CMSG_MAX_PACKET_SIZE            = 38,
+	SSH_CMSG_AUTH_TIS                   = 39,
+	SSH_SMSG_AUTH_TIS_CHALLENGE         = 40,
+	SSH_CMSG_AUTH_TIS_RESPONSE          = 41,
+	SSH_CMSG_AUTH_KERBEROS              = 42,
+	SSH_SMSG_AUTH_KERBEROS_RESPONSE     = 43,
+	SSH_CMSG_HAVE_KERBEROS_TGT          = 44,
+};
+
+enum ssh2_message_id {
+	MSG_DISCONNECT      = 1,
+	MSG_IGNORE          = 2,
+	MSG_UNIMPLEMENTED   = 3,
+	MSG_DEBUG           = 4,
+	MSG_SERVICE_REQUEST = 5,
+	MSG_SERVICE_ACCEPT  = 6,
+	MSG_KEXINIT         = 20,
+	MSG_NEWKEYS         = 21,
+};
diff --git a/src/analyzer/protocol/ssh/events.bif b/src/analyzer/protocol/ssh/events.bif
index 9d73f5e483..57b736ac85 100644
--- a/src/analyzer/protocol/ssh/events.bif
+++ b/src/analyzer/protocol/ssh/events.bif
@@ -1,38 +1,194 @@
-## Generated when seeing an SSH client's version identification. The SSH
-## protocol starts with a clear-text handshake message that reports client and
-## server protocol/software versions. This event provides access to what the
-## client sent.
+## An :abbr:`SSH (Secure Shell)` Protocol Version Exchange message
+## from the server. This contains an identification string that's used
+## for version identification. See :rfc:`4253#section-4.2` for
+## details.
 ##
+## c: The connection over which the message was sent.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Secure_Shell>`__ for more
-## information about the SSH protocol.
+## version: The identification string
 ##
-## c: The connection.
-##
-## version: The version string the client sent (e.g., `SSH-2.0-libssh-0.11`).
-##
-## .. bro:see:: ssh_server_version
-##
-## .. note:: As everything after the initial version handshake proceeds
-##    encrypted, Bro cannot further analyze SSH sessions.
-event ssh_client_version%(c: connection, version: string%);
-
-## Generated when seeing an SSH server's version identification. The SSH
-## protocol starts with a clear-text handshake message that reports client and
-## server protocol/software versions. This event provides access to what the
-## server sent.
-##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Secure_Shell>`__ for more
-## information about the SSH protocol.
-##
-## c: The connection.
-##
-## version: The version string the server sent (e.g.,
-##          ``SSH-1.99-OpenSSH_3.9p1``).
-##
-## .. bro:see:: ssh_client_version
-##
-## .. note:: As everything coming after the initial version handshake proceeds
-##    encrypted, Bro cannot further analyze SSH sessions.
+## .. bro:see:: ssh_client_version ssh_auth_successful ssh_auth_failed
+##    ssh_capabilities ssh2_server_host_key ssh1_server_host_key
+##    ssh_encrypted_packet ssh2_dh_server_params
+##    ssh2_gss_error ssh2_ecc_key
 event ssh_server_version%(c: connection, version: string%);
 
+## An :abbr:`SSH (Secure Shell)` Protocol Version Exchange message
+## from the client. This contains an identification string that's used
+## for version identification. See :rfc:`4253#section-4.2` for
+## details.
+##
+## c: The connection over which the message was sent.
+##
+## version: The identification string
+##
+## .. bro:see:: ssh_server_version ssh_auth_successful ssh_auth_failed
+##    ssh_capabilities ssh2_server_host_key ssh1_server_host_key
+##    ssh_encrypted_packet ssh2_dh_server_params
+##    ssh2_gss_error ssh2_ecc_key
+event ssh_client_version%(c: connection, version: string%);
+
+## This event is generated when an :abbr:`SSH (Secure Shell)`
+## connection was determined to have had a successful
+## authentication. This determination is based on packet size
+## analysis, and errs on the side of caution - that is, if there's any
+## doubt about the authentication success, this event is *not* raised.
+##
+## c: The connection over which the :abbr:`SSH (Secure Shell)`
+##    connection took place.
+##
+## auth_method_none: This is true if the analyzer detected a
+##    successful connection before any authentication challenge. The
+##    :abbr:`SSH (Secure Shell)` protocol provides a mechanism for
+##    unauthenticated access, which some servers support.
+##
+## .. bro:see:: ssh_server_version ssh_client_version ssh_auth_failed
+##    ssh_capabilities ssh2_server_host_key ssh1_server_host_key
+##    ssh_encrypted_packet ssh2_dh_server_params
+##    ssh2_gss_error ssh2_ecc_key
+event ssh_auth_successful%(c: connection, auth_method_none: bool%);
+
+## This event is generated when an :abbr:`SSH (Secure Shell)`
+## connection was determined to have had a failed authentication. This
+## determination is based on packet size analysis, and errs on the
+## side of caution - that is, if there's any doubt about the
+## authentication failure, this event is *not* raised.
+##
+## c: The connection over which the :abbr:`SSH (Secure Shell)`
+##    connection took place.
+##
+## .. bro:see:: ssh_server_version ssh_client_version
+##    ssh_auth_successful ssh_capabilities ssh2_server_host_key
+##    ssh1_server_host_key ssh_encrypted_packet ssh2_dh_server_params
+##    ssh2_gss_error ssh2_ecc_key
+event ssh_auth_failed%(c: connection%);
+
+## During the initial :abbr:`SSH (Secure Shell)` key exchange, each
+## endpoint lists the algorithms that it supports, in order of
+## preference. This event is generated for each endpoint, when the
+## SSH_MSG_KEXINIT message is seen. See :rfc:`4253#section-7.1` for
+## details.
+##
+## c: The connection over which the :abbr:`SSH (Secure Shell)`
+##    connection took place.
+##
+## cookie: The SSH_MSG_KEXINIT cookie - a random value generated by
+##    the sender.
+##
+## capabilities: The list of algorithms and languages that the sender
+##    advertises support for, in order of preference.
+##
+## .. bro:see:: ssh_server_version ssh_client_version
+##    ssh_auth_successful ssh_auth_failed ssh2_server_host_key
+##    ssh1_server_host_key ssh_encrypted_packet ssh2_dh_server_params
+##    ssh2_gss_error ssh2_ecc_key
+event ssh_capabilities%(c: connection, cookie: string, capabilities: SSH::Capabilities%);
+
+## During the :abbr:`SSH (Secure Shell)` key exchange, the server
+## supplies its public host key. This event is generated when the
+## appropriate key exchange message is seen for SSH2.
+##
+## c: The connection over which the :abbr:`SSH (Secure Shell)`
+##    connection took place.
+##
+## key: The server's public host key. Note that this is the public key
+##    itself, and not just the fingerprint or hash.
+##
+## .. bro:see:: ssh_server_version ssh_client_version
+##    ssh_auth_successful ssh_auth_failed ssh_capabilities
+##    ssh1_server_host_key ssh_encrypted_packet ssh2_dh_server_params
+##    ssh2_gss_error ssh2_ecc_key
+event ssh2_server_host_key%(c: connection, key: string%);
+
+## During the :abbr:`SSH (Secure Shell)` key exchange, the server
+## supplies its public host key. This event is generated when the
+## appropriate key exchange message is seen for SSH1.
+##
+## c: The connection over which the :abbr:`SSH (Secure Shell)`
+##    connection took place.
+##
+## p: The prime for the server's public host key.
+##
+## e: The exponent for the serer's public host key.
+##
+## .. bro:see:: ssh_server_version ssh_client_version
+##    ssh_auth_successful ssh_auth_failed ssh_capabilities
+##    ssh2_server_host_key ssh_encrypted_packet ssh2_dh_server_params
+##    ssh2_gss_error ssh2_ecc_key
+event ssh1_server_host_key%(c: connection, p: string, e: string%);
+
+## This event is generated when an :abbr:`SSH (Secure Shell)`
+## encrypted packet is seen. This event is not handled by default, but
+## is provided for heuristic analysis scripts. Note that you have to set
+## :bro:id:`SSH::skip_processing_after_detection` to false to use this
+## event. This carries a performance penalty.
+##
+## c: The connection over which the :abbr:`SSH (Secure Shell)`
+##    connection took place.
+##
+## orig: Whether the packet was sent by the originator of the TCP
+##    connection.
+##
+## len: The length of the :abbr:`SSH (Secure Shell)` payload, in
+##    bytes. Note that this ignores reassembly, as this is unknown.
+##
+## .. bro:see:: ssh_server_version ssh_client_version
+##    ssh_auth_successful ssh_auth_failed ssh_capabilities
+##    ssh2_server_host_key ssh1_server_host_key ssh2_dh_server_params
+##    ssh2_gss_error ssh2_ecc_key
+event ssh_encrypted_packet%(c: connection, orig: bool, len: count%);
+
+## Generated if the connection uses a Diffie-Hellman Group Exchange
+## key exchange method. This event contains the server DH parameters,
+## which are sent in the SSH_MSG_KEY_DH_GEX_GROUP message as defined in
+## :rfc:`4419#section-3`.
+##
+## c: The connection.
+##
+## p: The DH prime modulus.
+##
+## q: The DH generator.
+##
+## .. bro:see:: ssl_dh_server_params ssh_server_version
+##    ssh_client_version ssh_auth_successful ssh_auth_failed
+##    ssh_capabilities ssh2_server_host_key ssh1_server_host_key
+##    ssh_encrypted_packet ssh2_gss_error ssh2_ecc_key
+event ssh2_dh_server_params%(c: connection, p: string, q: string%);
+
+## In the event of a GSS-API error on the server, the server MAY send
+## send an error message with some additional details. This event is
+## generated when such an error message is seen. For more information,
+## see :rfc:`4462#section-2.1`.
+##
+## c: The connection.
+##
+## major_status: GSS-API major status code.
+##
+## minor_status: GSS-API minor status code.
+##
+## err_msg: Detailed human-readable error message
+##
+## .. bro:see:: ssh_server_version ssh_client_version
+##    ssh_auth_successful ssh_auth_failed ssh_capabilities
+##    ssh2_server_host_key ssh1_server_host_key ssh_encrypted_packet
+##    ssh2_dh_server_params ssh2_ecc_key
+event ssh2_gss_error%(c: connection, major_status: count, minor_status: count, err_msg: string%);
+
+## The :abbr:`ECDH (Elliptic Curve Diffie-Hellman)` and
+## :abbr:`ECMQV (Elliptic Curve Menezes-Qu-Vanstone)` key exchange
+## algorithms use two ephemeral key pairs to generate a shared
+## secret. This event is generated when either the client's or
+## server's ephemeral public key is seen. For more information, see:
+## :rfc:`5656#section-4`.
+##
+## c: The connection
+##
+## is_orig: Did this message come from the originator?
+##
+## q: The ephemeral public key
+##
+## .. bro:see:: ssh_server_version ssh_client_version
+##    ssh_auth_successful ssh_auth_failed ssh_capabilities
+##    ssh2_server_host_key ssh1_server_host_key ssh_encrypted_packet
+##    ssh2_dh_server_params ssh2_gss_error
+event ssh2_ecc_key%(c: connection, is_orig: bool, q: string%);
diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac
new file mode 100644
index 0000000000..598dc869ab
--- /dev/null
+++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac
@@ -0,0 +1,221 @@
+%extern{
+#include <cstdlib>
+#include <vector>
+#include <string>
+%}
+
+%header{
+VectorVal* name_list_to_vector(const bytestring nl);
+%}
+
+%code{
+// Copied from IRC_Analyzer::SplitWords
+VectorVal* name_list_to_vector(const bytestring nl)
+	{
+	VectorVal* vv = new VectorVal(internal_type("string_vec")->AsVectorType());
+
+	string name_list = std_str(nl);
+	if ( name_list.size() < 1 )
+		return vv;
+
+	unsigned int start = 0;
+	unsigned int split_pos = 0;
+
+	while ( name_list[start] == ',' )
+		{
+		++start;
+		++split_pos;
+		}
+
+	string word;
+	while ( (split_pos = name_list.find(',', start)) < name_list.size() )
+		{
+		word = name_list.substr(start, split_pos - start);
+		if ( word.size() > 0 && word[0] != ',' )
+			vv->Assign(vv->Size(), new StringVal(word));
+
+		start = split_pos + 1;
+		}
+
+	// Add line end if needed.
+	if ( start < name_list.size() )
+		{
+		word = name_list.substr(start, name_list.size() - start);
+		vv->Assign(vv->Size(), new StringVal(word));
+		}
+	return vv;
+	}
+%}
+
+refine flow SSH_Flow += {
+	function proc_ssh_version(msg: SSH_Version): bool
+		%{
+		if ( ssh_client_version && ${msg.is_orig } )
+			{
+			BifEvent::generate_ssh_client_version(connection()->bro_analyzer(), 
+				connection()->bro_analyzer()->Conn(), 
+				bytestring_to_val(${msg.version}));
+			}
+		else if ( ssh_server_version )
+			{
+			BifEvent::generate_ssh_server_version(connection()->bro_analyzer(), 
+				connection()->bro_analyzer()->Conn(), 
+				bytestring_to_val(${msg.version}));
+			}
+		return true;
+		%}
+
+	function proc_ssh2_kexinit(msg: SSH2_KEXINIT): bool
+		%{
+		if ( ! ssh_capabilities )
+			return false;
+
+		RecordVal* result = new RecordVal(BifType::Record::SSH::Capabilities);
+		result->Assign(0, name_list_to_vector(${msg.kex_algorithms.val}));
+		result->Assign(1, name_list_to_vector(${msg.server_host_key_algorithms.val}));
+
+		RecordVal* encryption_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
+		encryption_algs->Assign(0, name_list_to_vector(${msg.encryption_algorithms_client_to_server.val}));
+		encryption_algs->Assign(1, name_list_to_vector(${msg.encryption_algorithms_server_to_client.val}));
+		result->Assign(2, encryption_algs);
+
+		RecordVal* mac_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
+		mac_algs->Assign(0, name_list_to_vector(${msg.mac_algorithms_client_to_server.val}));
+		mac_algs->Assign(1, name_list_to_vector(${msg.mac_algorithms_server_to_client.val}));
+		result->Assign(3, mac_algs);
+
+		RecordVal* compression_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
+		compression_algs->Assign(0, name_list_to_vector(${msg.compression_algorithms_client_to_server.val}));
+		compression_algs->Assign(1, name_list_to_vector(${msg.compression_algorithms_server_to_client.val}));
+		result->Assign(4, compression_algs);
+
+		if ( ${msg.languages_client_to_server.len} || ${msg.languages_server_to_client.len} )
+			{
+			RecordVal* languages = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
+			if ( ${msg.languages_client_to_server.len} )
+				languages->Assign(0, name_list_to_vector(${msg.languages_client_to_server.val}));
+			if ( ${msg.languages_server_to_client.len} )
+				languages->Assign(1, name_list_to_vector(${msg.languages_server_to_client.val}));
+
+			result->Assign(5, languages);
+			}
+
+
+		result->Assign(6, new Val(${msg.is_orig}, TYPE_BOOL));
+
+		BifEvent::generate_ssh_capabilities(connection()->bro_analyzer(),
+			connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.cookie}),
+			result);
+
+		return true;
+		%}
+
+
+	function proc_ssh2_dh_gex_group(msg: SSH2_DH_GEX_GROUP): bool
+		%{
+		if ( ssh2_dh_server_params )
+			{
+			BifEvent::generate_ssh2_dh_server_params(connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				bytestring_to_val(${msg.p.val}), bytestring_to_val(${msg.g.val}));
+			}
+		return true;
+		%}
+
+	function proc_ssh2_ecc_key(q: bytestring, is_orig: bool): bool
+		%{
+		if ( ssh2_ecc_key )
+			{
+			BifEvent::generate_ssh2_ecc_key(connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				is_orig, bytestring_to_val(q));
+			}
+		return true;
+		%}
+
+	function proc_ssh2_gss_error(msg: SSH2_GSS_ERROR): bool
+		%{
+		if ( ssh2_gss_error )
+			{
+			BifEvent::generate_ssh2_gss_error(connection()->bro_analyzer(),
+				connection()->bro_analyzer()->Conn(),
+				${msg.major_status}, ${msg.minor_status},
+				bytestring_to_val(${msg.message.val}));
+			}
+		return true;
+		%}
+
+	function proc_ssh2_server_host_key(key: bytestring): bool
+		%{
+		if ( ssh2_server_host_key )
+			{
+			BifEvent::generate_ssh2_server_host_key(connection()->bro_analyzer(), 
+				connection()->bro_analyzer()->Conn(), 
+				bytestring_to_val(${key}));
+			}
+		return true;
+		%}
+
+	function proc_ssh1_server_host_key(p: bytestring, e: bytestring): bool
+		%{
+		if ( ssh1_server_host_key )
+			{
+			BifEvent::generate_ssh1_server_host_key(connection()->bro_analyzer(), 
+				connection()->bro_analyzer()->Conn(), 
+				bytestring_to_val(${p}),
+				bytestring_to_val(${e}));
+			}
+		return true;
+		%}
+
+	function proc_newkeys(): bool
+		%{
+		connection()->bro_analyzer()->ProtocolConfirmation();
+		return true;
+		%}
+};
+
+refine typeattr SSH_Version += &let {
+	proc: bool = $context.flow.proc_ssh_version(this);
+};
+
+refine typeattr SSH2_KEXINIT += &let {
+	proc: bool = $context.flow.proc_ssh2_kexinit(this);
+};
+
+refine typeattr SSH1_Message += &let {
+	proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == SSH_CMSG_SESSION_KEY);
+};
+
+refine typeattr SSH2_Message += &let {
+	proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == MSG_NEWKEYS);
+};
+
+refine typeattr SSH2_DH_GEX_REPLY += &let {
+	proc: bool = $context.flow.proc_ssh2_server_host_key(k_s.val);
+};
+
+refine typeattr SSH2_GSS_HOSTKEY += &let {
+	proc: bool = $context.flow.proc_ssh2_server_host_key(k_s.val);
+};
+
+refine typeattr SSH2_GSS_ERROR += &let {
+	proc: bool = $context.flow.proc_ssh2_gss_error(this);
+};
+
+refine typeattr SSH2_DH_GEX_GROUP += &let {
+	proc: bool = $context.flow.proc_ssh2_dh_gex_group(this);
+};
+
+refine typeattr SSH2_ECC_REPLY += &let {
+	proc_k: bool = $context.flow.proc_ssh2_server_host_key(k_s.val);
+	proc_q: bool = $context.flow.proc_ssh2_ecc_key(q_s.val, false);
+};
+
+refine typeattr SSH2_ECC_INIT += &let {
+	proc: bool = $context.flow.proc_ssh2_ecc_key(q_c.val, true);
+};
+
+refine typeattr SSH1_PUBLIC_KEY += &let {
+	proc:  bool = $context.flow.proc_ssh1_server_host_key(host_key_p.val, host_key_e.val);
+};
diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac
new file mode 100644
index 0000000000..28b0379999
--- /dev/null
+++ b/src/analyzer/protocol/ssh/ssh-protocol.pac
@@ -0,0 +1,430 @@
+%include consts.pac
+
+# Common constructs across SSH1 and SSH2
+########################################
+
+# We have 3 basic types of messages:
+#
+#  - SSH_Version messages just have a string with the banner string of the client or server
+#  - Encrypted messages have no usable data, so we'll just ignore them as best we can.
+#  - Finally, key exchange messages have a common format.
+
+type SSH_PDU(is_orig: bool) = case $context.connection.get_state(is_orig) of {
+	VERSION_EXCHANGE -> version   : SSH_Version(is_orig);
+	ENCRYPTED        -> encrypted : bytestring &length=1 &transient;
+	default          -> kex       : SSH_Key_Exchange(is_orig);
+} &byteorder=bigendian;
+
+type SSH_Version(is_orig: bool) = record {
+	version : bytestring &oneline;
+} &let {
+	update_state   : bool = $context.connection.update_state(KEX_INIT, is_orig);
+	update_version : bool = $context.connection.update_version(version, is_orig);
+};
+
+type SSH_Key_Exchange(is_orig: bool) = case $context.connection.get_version() of {
+	SSH1 -> ssh1_msg : SSH1_Key_Exchange(is_orig);
+	SSH2 -> ssh2_msg : SSH2_Key_Exchange(is_orig);
+};
+
+# SSH1 constructs
+#################
+
+type SSH1_Key_Exchange(is_orig: bool) = record {
+	packet_length : uint32;
+	pad_fill      : bytestring &length = 8 - (packet_length % 8);
+	msg_type      : uint8;
+	message       : SSH1_Message(is_orig, msg_type, packet_length - 5);
+	crc           : uint32;
+} &length = packet_length + 4 + 8 - (packet_length % 8);
+
+type SSH1_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of {
+	SSH_SMSG_PUBLIC_KEY  -> public_key  : SSH1_PUBLIC_KEY(length);
+	SSH_CMSG_SESSION_KEY -> session_key : SSH1_SESSION_KEY(length);
+} &let {
+	detach : bool=$context.connection.update_state(ENCRYPTED, is_orig);
+};
+
+type SSH1_PUBLIC_KEY(length: uint32) = record {
+	cookie            : bytestring &length=8;
+	server_key        : uint32;
+	server_key_p      : ssh1_mp_int;
+	server_key_e      : ssh1_mp_int;
+	host_key          : uint32;
+	host_key_p        : ssh1_mp_int;
+	host_key_e        : ssh1_mp_int;
+	flags             : uint32;
+	supported_ciphers : uint32;
+	supported_auths   : uint32;
+} &length=length;
+
+type SSH1_SESSION_KEY(length: uint32) = record {
+	cipher      : uint8;
+	cookie      : bytestring &length=8;
+	session_key : ssh1_mp_int;
+	flags       : uint32;
+} &length=length;
+
+type ssh1_mp_int = record {
+	len : uint16;
+	val : bytestring &length=(len+7)/8;
+};
+
+
+## SSH2
+
+type SSH2_Header(is_orig: bool) = record {
+	packet_length  : uint32;
+	padding_length : uint8;
+	msg_type       : uint8;
+} &let {
+	payload_length : uint32 = packet_length - padding_length - 2;
+	detach         : bool = $context.connection.update_state(ENCRYPTED, is_orig) &if(msg_type == MSG_NEWKEYS);
+};
+
+type SSH2_Key_Exchange(is_orig: bool) = record {
+	header   : SSH2_Header(is_orig);
+	payload  : SSH2_Message(is_orig, header.msg_type, header.payload_length);
+	pad      : bytestring &length=header.padding_length;
+} &length=header.packet_length + 4;
+
+type SSH2_Message(is_orig: bool, msg_type: uint8, length: uint32) = case $context.connection.get_state(is_orig) of {
+	KEX_INIT   -> kex        : SSH2_KEXINIT(length, is_orig);
+	KEX_DH_GEX -> kex_dh_gex : SSH2_Key_Exchange_DH_GEX_Message(is_orig, msg_type, length);
+	KEX_DH     -> kex_dh     : SSH2_Key_Exchange_DH_Message(is_orig, msg_type, length);
+	KEX_ECC    -> kex_ecc    : SSH2_Key_Exchange_ECC_Message(is_orig, msg_type, length);
+	KEX_GSS    -> kex_gss    : SSH2_Key_Exchange_GSS_Message(is_orig, msg_type, length);
+	KEX_RSA    -> kex_rsa    : SSH2_Key_Exchange_RSA_Message(is_orig, msg_type, length);
+	default    -> unknown    : bytestring &length=length;
+};
+
+type SSH2_KEXINIT(length: uint32, is_orig: bool) = record {
+	cookie                                  : bytestring &length=16;
+	kex_algorithms                          : ssh_string;
+	server_host_key_algorithms              : ssh_string;
+	encryption_algorithms_client_to_server  : ssh_string;
+	encryption_algorithms_server_to_client  : ssh_string;
+	mac_algorithms_client_to_server         : ssh_string;
+	mac_algorithms_server_to_client         : ssh_string;
+	compression_algorithms_client_to_server : ssh_string;
+	compression_algorithms_server_to_client : ssh_string;
+	languages_client_to_server              : ssh_string;
+	languages_server_to_client              : ssh_string;
+	first_kex_packet_follows                : uint8;
+	reserved                                : uint32;
+} &let {
+	proc_kex : bool= $context.connection.update_kex(kex_algorithms.val, is_orig);
+} &length=length;
+
+# KEX_DH exchanges
+
+type SSH2_Key_Exchange_DH_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of {
+	SSH_MSG_KEXDH_INIT  -> init   : SSH2_DH_GEX_INIT(length);
+	SSH_MSG_KEXDH_REPLY -> reply  : SSH2_DH_GEX_REPLY(length);
+	default             -> unknown: bytestring &length=length &transient;
+};
+
+# KEX_DH_GEX exchanges
+
+type SSH2_Key_Exchange_DH_GEX_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of {
+	SSH_MSG_KEX_DH_GEX_REQUEST_OLD -> request_old : SSH2_DH_GEX_REQUEST_OLD;
+	SSH_MSG_KEX_DH_GEX_REQUEST     -> request     : SSH2_DH_GEX_REQUEST;
+	SSH_MSG_KEX_DH_GEX_GROUP       -> group       : SSH2_DH_GEX_GROUP(length);
+	SSH_MSG_KEX_DH_GEX_INIT        -> init        : SSH2_DH_GEX_INIT(length);
+	SSH_MSG_KEX_DH_GEX_REPLY       -> reply       : SSH2_DH_GEX_REPLY(length);
+	default                        -> unknown     : bytestring &length=length &transient;
+};
+
+type SSH2_DH_GEX_REQUEST = record {
+	min : uint32;
+	n   : uint32;
+	max : uint32;
+} &length=12;
+
+type SSH2_DH_GEX_REQUEST_OLD = record {
+	n : uint32;
+} &length=4;
+
+type SSH2_DH_GEX_GROUP(length: uint32) = record {
+	p : ssh_string;
+	g : ssh_string;
+} &length=length;
+
+type SSH2_DH_GEX_INIT(length: uint32) = record {
+	e : ssh_string;
+} &length=length;
+
+type SSH2_DH_GEX_REPLY(length: uint32) = record {
+	k_s       : ssh_string;
+	f         : ssh_string;
+	signature : ssh_string;
+} &length=length;
+
+# KEX_RSA exchanges
+
+type SSH2_Key_Exchange_RSA_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of {
+	SSH_MSG_KEXRSA_PUBKEY -> pubkey : SSH2_RSA_PUBKEY(length);
+	SSH_MSG_KEXRSA_SECRET -> secret : SSH2_RSA_SECRET(length);
+	SSH_MSG_KEXRSA_DONE   -> done   : SSH2_RSA_DONE(length);
+};
+
+type SSH2_RSA_PUBKEY(length: uint32) = record {
+	k_s : ssh_string;
+	k_t : ssh_string;
+} &length=length;
+
+type SSH2_RSA_SECRET(length: uint32) = record {
+	encrypted_payload : ssh_string;
+} &length=length;
+
+type SSH2_RSA_DONE(length: uint32) = record {
+	signature : ssh_string;
+} &length=length;
+
+# KEX_GSS exchanges
+
+type SSH2_Key_Exchange_GSS_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of {
+	SSH_MSG_KEXGSS_INIT     -> init     : SSH2_GSS_INIT(length);
+	SSH_MSG_KEXGSS_CONTINUE -> cont     : SSH2_GSS_CONTINUE(length);
+	SSH_MSG_KEXGSS_COMPLETE -> complete : SSH2_GSS_COMPLETE(length);
+	SSH_MSG_KEXGSS_HOSTKEY  -> hostkey  : SSH2_GSS_HOSTKEY(length);
+	SSH_MSG_KEXGSS_ERROR    -> error    : SSH2_GSS_ERROR(length);
+	SSH_MSG_KEXGSS_GROUPREQ -> groupreq : SSH2_DH_GEX_REQUEST;
+	SSH_MSG_KEXGSS_GROUP    -> group    : SSH2_DH_GEX_GROUP(length);
+};
+
+type SSH2_GSS_INIT(length: uint32) = record {
+	output_token : ssh_string;
+	e            : ssh_string;
+} &length=length;
+
+type SSH2_GSS_CONTINUE(length: uint32) = record {
+	output_token : ssh_string;
+} &length=length;
+
+type SSH2_GSS_COMPLETE(length: uint32) = record {
+	f                           : ssh_string;
+	per_msg_token               : ssh_string;
+	have_token                  : uint8;
+	parse_token                 : case have_token of {
+		0       -> no_token : empty;
+		default -> token    : ssh_string;
+	};
+} &length=length;
+
+type SSH2_GSS_HOSTKEY(length: uint32) = record {
+	k_s : ssh_string;
+} &length=length;
+
+type SSH2_GSS_ERROR(length: uint32) = record {
+	major_status : uint32;
+	minor_status : uint32;
+	message      : ssh_string;
+	language     : ssh_string;
+} &length=length;
+
+# KEX_ECDH and KEX_ECMQV exchanges
+
+type SSH2_Key_Exchange_ECC_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of {
+	SSH_MSG_KEX_ECDH_INIT  -> init  : SSH2_ECC_INIT(length);
+	SSH_MSG_KEX_ECDH_REPLY -> reply : SSH2_ECC_REPLY(length);
+};
+
+# This deviates from the RFC. SSH_MSG_KEX_ECDH_INIT and
+# SSH_MSG_KEX_ECMQV_INIT can be parsed the same way.
+type SSH2_ECC_INIT(length: uint32) = record {
+	q_c : ssh_string;
+};
+
+# This deviates from the RFC. SSH_MSG_KEX_ECDH_REPLY and
+# SSH_MSG_KEX_ECMQV_REPLY can be parsed the same way.
+type SSH2_ECC_REPLY(length: uint32) = record {
+	k_s       : ssh_string;
+	q_s       : ssh_string;
+	signature : ssh_string;
+};
+
+# Helper types
+
+type ssh_string = record {
+	len : uint32;
+	val : bytestring &length=len;
+};
+
+type ssh_host_key = record {
+	len      : uint32;
+	key_type : ssh_string;
+	key      : ssh_string;
+} &length=(len + 4);
+
+## Done with types
+
+refine connection SSH_Conn += {
+	%member{
+		int state_up_;
+		int state_down_;
+		int version_;
+
+		bool kex_orig_;
+		bool kex_seen_;
+		bytestring kex_algs_cache_;
+		bytestring kex_algorithm_;
+	%}
+
+	%init{
+		state_up_   = VERSION_EXCHANGE;
+		state_down_ = VERSION_EXCHANGE;
+		version_    = UNK;
+
+		kex_seen_ = false;
+		kex_orig_ = false;
+		kex_algs_cache_ = bytestring();
+		kex_algorithm_ = bytestring();
+	%}
+
+	%cleanup{
+		kex_algorithm_.free();
+		kex_algs_cache_.free();
+	%}
+
+	function get_state(is_orig: bool) : int
+		%{
+		if ( is_orig )
+			{
+			return state_up_;
+			}
+		else
+			{
+			return state_down_;
+			}
+		%}
+
+	function update_state(s: state, is_orig: bool) : bool
+		%{
+		if ( is_orig )
+			state_up_ = s;
+		else
+			state_down_ = s;
+		return true;
+		%}
+
+	function get_version() : int
+		%{
+		return version_;
+		%}
+
+	function update_version(v: bytestring, is_orig: bool) : bool
+		%{
+		if ( is_orig && ( v.length() >= 4 ) )
+			{
+			if ( v[4] == '2' )
+				version_ = SSH2;
+			if ( v[4] == '1' )
+				version_ = SSH1;
+			}
+		return true;
+		%}
+
+	function update_kex_state_if_equal(s: string, to_state: state) : bool
+		%{
+		if ( std_str(kex_algorithm_).compare(s) == 0 )
+			{
+			update_state(to_state, true);
+			update_state(to_state, false);
+			return true;
+			}
+		return false;
+		%}
+
+	function update_kex_state_if_startswith(s: string, to_state: state) : bool
+		%{
+		if ( (uint) kex_algorithm_.length() < s.length() )
+			return false;
+
+		if ( std_str(kex_algorithm_).substr(0, s.length()).compare(s) == 0 )
+			{
+			update_state(to_state, true);
+			update_state(to_state, false);
+			return true;
+			}
+		return false;
+		%}
+
+	function update_kex(algs: bytestring, orig: bool) : bool
+		%{
+		if ( !kex_seen_ )
+			{
+			kex_seen_ = true;
+			kex_orig_ = orig;
+			kex_algs_cache_.init(${algs}.data(), ${algs}.length());
+
+			return false;
+			}
+		else if ( kex_orig_ == orig )
+			return false;
+
+		VectorVal* client_list = name_list_to_vector(orig ? algs             : kex_algs_cache_);
+		VectorVal* server_list = name_list_to_vector(orig ? kex_algs_cache_  : algs);
+
+		for ( unsigned int i = 0; i < client_list->Size(); ++i )
+			{
+			for ( unsigned int j = 0; j < server_list->Size(); ++j )
+				{
+				if ( *(client_list->Lookup(i)->AsStringVal()->AsString()) == *(server_list->Lookup(j)->AsStringVal()->AsString()) )
+					{
+					kex_algorithm_.init((const uint8 *) client_list->Lookup(i)->AsStringVal()->Bytes(),
+						client_list->Lookup(i)->AsStringVal()->Len());
+
+					Unref(client_list);
+					Unref(server_list);
+
+					// UNTESTED
+					if ( update_kex_state_if_equal("rsa1024-sha1", KEX_RSA) )
+						return true;
+					// UNTESTED
+					if ( update_kex_state_if_equal("rsa2048-sha256", KEX_RSA) )
+						return true;
+
+					// UNTESTED
+					if ( update_kex_state_if_equal("diffie-hellman-group1-sha1", KEX_DH) )
+						return true;
+					// UNTESTED
+					if ( update_kex_state_if_equal("diffie-hellman-group14-sha1", KEX_DH) )
+						return true;
+
+					if ( update_kex_state_if_equal("diffie-hellman-group-exchange-sha1", KEX_DH_GEX) )
+						return true;
+					if ( update_kex_state_if_equal("diffie-hellman-group-exchange-sha256", KEX_DH_GEX) )
+						return true;
+
+					if ( update_kex_state_if_startswith("gss-group1-sha1-", KEX_GSS) )
+						return true;
+					if ( update_kex_state_if_startswith("gss-group14-sha1-", KEX_GSS) )
+						return true;
+					if ( update_kex_state_if_startswith("gss-gex-sha1-", KEX_GSS) )
+						return true;
+					if ( update_kex_state_if_startswith("gss-", KEX_GSS) )
+						return true;
+
+					if ( update_kex_state_if_startswith("ecdh-sha2-", KEX_ECC) )
+						return true;
+					if ( update_kex_state_if_equal("ecmqv-sha2", KEX_ECC) )
+						return true;
+					if ( update_kex_state_if_equal("curve25519-sha256@libssh.org", KEX_ECC) )
+						return true;
+
+
+					bro_analyzer()->Weird(fmt("ssh_unknown_kex_algorithm=%s", c_str(kex_algorithm_)));
+					return true;
+
+					}
+				}
+			}
+
+		Unref(client_list);
+		Unref(server_list);
+
+		return true;
+		%}
+
+};
diff --git a/src/analyzer/protocol/ssh/ssh.pac b/src/analyzer/protocol/ssh/ssh.pac
new file mode 100644
index 0000000000..2358f056da
--- /dev/null
+++ b/src/analyzer/protocol/ssh/ssh.pac
@@ -0,0 +1,33 @@
+# Generated by binpac_quickstart
+
+# Analyzer for Secure Shell
+#  - ssh-protocol.pac: describes the SSH protocol messages
+#  - ssh-analyzer.pac: describes the SSH analyzer code
+
+%include binpac.pac
+%include bro.pac
+
+%extern{
+	#include "types.bif.h"
+	#include "events.bif.h"
+%}
+
+analyzer SSH withcontext {
+	connection: SSH_Conn;
+	flow:       SSH_Flow;
+};
+
+# Our connection consists of two flows, one in each direction.
+connection SSH_Conn(bro_analyzer: BroAnalyzer) {
+	upflow   = SSH_Flow(true);
+	downflow = SSH_Flow(false);
+};
+
+%include ssh-protocol.pac
+
+# Now we define the flow:
+flow SSH_Flow(is_orig: bool) {
+	flowunit = SSH_PDU(is_orig) withcontext(connection, this);
+};
+
+%include ssh-analyzer.pac
\ No newline at end of file
diff --git a/src/analyzer/protocol/ssh/types.bif b/src/analyzer/protocol/ssh/types.bif
new file mode 100644
index 0000000000..0b2b861723
--- /dev/null
+++ b/src/analyzer/protocol/ssh/types.bif
@@ -0,0 +1,6 @@
+module SSH;
+
+type Algorithm_Prefs: record;
+type Capabilities: record;
+
+module GLOBAL;
\ No newline at end of file
diff --git a/src/analyzer/protocol/ssl/CMakeLists.txt b/src/analyzer/protocol/ssl/CMakeLists.txt
index 2591c5dfec..c8008da4d6 100644
--- a/src/analyzer/protocol/ssl/CMakeLists.txt
+++ b/src/analyzer/protocol/ssl/CMakeLists.txt
@@ -4,7 +4,17 @@ include(BroPlugin)
 include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
 
 bro_plugin_begin(Bro SSL)
-bro_plugin_cc(SSL.cc Plugin.cc)
+bro_plugin_cc(SSL.cc DTLS.cc Plugin.cc)
 bro_plugin_bif(events.bif)
-bro_plugin_pac(ssl.pac ssl-analyzer.pac ssl-protocol.pac ssl-defs.pac)
+bro_plugin_pac(tls-handshake.pac tls-handshake-protocol.pac tls-handshake-analyzer.pac ssl-defs.pac
+	proc-client-hello.pac
+	proc-server-hello.pac
+	proc-certificate.pac
+)
+bro_plugin_pac(ssl.pac ssl-dtls-analyzer.pac ssl-analyzer.pac ssl-dtls-protocol.pac ssl-protocol.pac ssl-defs.pac
+	proc-client-hello.pac
+    proc-server-hello.pac
+	proc-certificate.pac
+)
+bro_plugin_pac(dtls.pac ssl-dtls-analyzer.pac dtls-analyzer.pac ssl-dtls-protocol.pac dtls-protocol.pac ssl-defs.pac)
 bro_plugin_end()
diff --git a/src/analyzer/protocol/ssl/DTLS.cc b/src/analyzer/protocol/ssl/DTLS.cc
new file mode 100644
index 0000000000..c90e414031
--- /dev/null
+++ b/src/analyzer/protocol/ssl/DTLS.cc
@@ -0,0 +1,65 @@
+
+#include "DTLS.h"
+#include "Reporter.h"
+#include "util.h"
+
+#include "events.bif.h"
+
+#include "dtls_pac.h"
+#include "tls-handshake_pac.h"
+
+using namespace analyzer::dtls;
+
+DTLS_Analyzer::DTLS_Analyzer(Connection* c)
+: analyzer::Analyzer("DTLS", c)
+	{
+	interp = new binpac::DTLS::SSL_Conn(this);
+	handshake_interp = new binpac::TLSHandshake::Handshake_Conn(this);
+	}
+
+DTLS_Analyzer::~DTLS_Analyzer()
+	{
+	delete interp;
+	delete handshake_interp;
+	}
+
+void DTLS_Analyzer::Done()
+	{
+	Analyzer::Done();
+	interp->FlowEOF(true);
+	interp->FlowEOF(false);
+	handshake_interp->FlowEOF(true);
+	handshake_interp->FlowEOF(false);
+	}
+
+void DTLS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64 seq, const IP_Hdr* ip, int caplen)
+	{
+	Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);
+	interp->NewData(orig, data, data + len);
+	}
+
+void DTLS_Analyzer::EndOfData(bool is_orig)
+	{
+	Analyzer::EndOfData(is_orig);
+	interp->FlowEOF(is_orig);
+	handshake_interp->FlowEOF(is_orig);
+	}
+
+
+void DTLS_Analyzer::SendHandshake(uint8 msg_type, uint32 length, const u_char* begin, const u_char* end, bool orig)
+	{
+	try
+		{
+		handshake_interp->NewData(orig, (const unsigned char*) &msg_type, (const unsigned char*) &msg_type + 1);
+		uint32 host_length = htonl(length);
+		// the parser inspects a uint24 - since it is big-endian, it should be ok to just skip
+		// the first byte of the uint32. Since we get the data from an uint24 from the dtls-parser, this should
+		// always yield the correct result.
+		handshake_interp->NewData(orig, (const unsigned char*) &host_length + 1, (const unsigned char*) &host_length + sizeof(host_length));
+		handshake_interp->NewData(orig, begin, end);
+		}
+	catch ( const binpac::Exception& e )
+		{
+		ProtocolViolation(fmt("Binpac exception: %s", e.c_msg()));
+		}
+	}
diff --git a/src/analyzer/protocol/ssl/DTLS.h b/src/analyzer/protocol/ssl/DTLS.h
new file mode 100644
index 0000000000..6611a6974e
--- /dev/null
+++ b/src/analyzer/protocol/ssl/DTLS.h
@@ -0,0 +1,38 @@
+#ifndef ANALYZER_PROTOCOL_SSL_DTLS_H
+#define ANALYZER_PROTOCOL_SSL_DTLS_H
+
+#include "events.bif.h"
+
+#include "analyzer/protocol/udp/UDP.h"
+
+namespace binpac { namespace DTLS { class SSL_Conn; } }
+
+namespace binpac { namespace TLSHandshake { class Handshake_Conn; } }
+
+namespace analyzer { namespace dtls {
+
+class DTLS_Analyzer : public analyzer::Analyzer {
+public:
+	DTLS_Analyzer(Connection* conn);
+	virtual ~DTLS_Analyzer();
+
+	// Overriden from Analyzer.
+	virtual void Done();
+	virtual void DeliverPacket(int len, const u_char* data, bool orig,
+					uint64 seq, const IP_Hdr* ip, int caplen);
+	virtual void EndOfData(bool is_orig);
+
+	void SendHandshake(uint8 msg_type, uint32 length, const u_char* begin, const u_char* end, bool orig);
+
+
+	static analyzer::Analyzer* Instantiate(Connection* conn)
+		{ return new DTLS_Analyzer(conn); }
+
+protected:
+	binpac::DTLS::SSL_Conn* interp;
+	binpac::TLSHandshake::Handshake_Conn* handshake_interp;
+};
+
+} } // namespace analyzer::*
+
+#endif
diff --git a/src/analyzer/protocol/ssl/Plugin.cc b/src/analyzer/protocol/ssl/Plugin.cc
index 0479c9c97f..85b65aedfd 100644
--- a/src/analyzer/protocol/ssl/Plugin.cc
+++ b/src/analyzer/protocol/ssl/Plugin.cc
@@ -4,6 +4,7 @@
 #include "plugin/Plugin.h"
 
 #include "SSL.h"
+#include "DTLS.h"
 
 namespace plugin {
 namespace Bro_SSL {
@@ -13,10 +14,11 @@ public:
 	plugin::Configuration Configure()
 		{
 		AddComponent(new ::analyzer::Component("SSL", ::analyzer::ssl::SSL_Analyzer::Instantiate));
+		AddComponent(new ::analyzer::Component("DTLS", ::analyzer::dtls::DTLS_Analyzer::Instantiate));
 
 		plugin::Configuration config;
 		config.name = "Bro::SSL";
-		config.description = "SSL analyzer";
+		config.description = "SSL/TLS and DTLS analyzers";
 		return config;
 		}
 } plugin;
diff --git a/src/analyzer/protocol/ssl/SSL.cc b/src/analyzer/protocol/ssl/SSL.cc
index 5e5d24888a..d571439f19 100644
--- a/src/analyzer/protocol/ssl/SSL.cc
+++ b/src/analyzer/protocol/ssl/SSL.cc
@@ -5,6 +5,8 @@
 #include "util.h"
 
 #include "events.bif.h"
+#include "ssl_pac.h"
+#include "tls-handshake_pac.h"
 
 using namespace analyzer::ssl;
 
@@ -12,12 +14,14 @@ SSL_Analyzer::SSL_Analyzer(Connection* c)
 : tcp::TCP_ApplicationAnalyzer("SSL", c)
 	{
 	interp = new binpac::SSL::SSL_Conn(this);
+	handshake_interp = new binpac::TLSHandshake::Handshake_Conn(this);
 	had_gap = false;
 	}
 
 SSL_Analyzer::~SSL_Analyzer()
 	{
 	delete interp;
+	delete handshake_interp;
 	}
 
 void SSL_Analyzer::Done()
@@ -26,12 +30,15 @@ void SSL_Analyzer::Done()
 
 	interp->FlowEOF(true);
 	interp->FlowEOF(false);
+	handshake_interp->FlowEOF(true);
+	handshake_interp->FlowEOF(false);
 	}
 
 void SSL_Analyzer::EndpointEOF(bool is_orig)
 	{
 	tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig);
 	interp->FlowEOF(is_orig);
+	handshake_interp->FlowEOF(is_orig);
 	}
 
 void SSL_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
@@ -57,6 +64,18 @@ void SSL_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 		}
 	}
 
+void SSL_Analyzer::SendHandshake(const u_char* begin, const u_char* end, bool orig)
+	{
+	try
+		{
+		handshake_interp->NewData(orig, begin, end);
+		}
+	catch ( const binpac::Exception& e )
+		{
+		ProtocolViolation(fmt("Binpac exception: %s", e.c_msg()));
+		}
+	}
+
 void SSL_Analyzer::Undelivered(uint64 seq, int len, bool orig)
 	{
 	tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
diff --git a/src/analyzer/protocol/ssl/SSL.h b/src/analyzer/protocol/ssl/SSL.h
index 5ef09aa147..3294aa9db5 100644
--- a/src/analyzer/protocol/ssl/SSL.h
+++ b/src/analyzer/protocol/ssl/SSL.h
@@ -4,7 +4,10 @@
 #include "events.bif.h"
 
 #include "analyzer/protocol/tcp/TCP.h"
-#include "ssl_pac.h"
+
+namespace binpac { namespace SSL { class SSL_Conn; } }
+
+namespace binpac { namespace TLSHandshake { class Handshake_Conn; } }
 
 namespace analyzer { namespace ssl {
 
@@ -18,6 +21,8 @@ public:
 	virtual void DeliverStream(int len, const u_char* data, bool orig);
 	virtual void Undelivered(uint64 seq, int len, bool orig);
 
+	void SendHandshake(const u_char* begin, const u_char* end, bool orig);
+
 	// Overriden from tcp::TCP_ApplicationAnalyzer.
 	virtual void EndpointEOF(bool is_orig);
 
@@ -26,6 +31,7 @@ public:
 
 protected:
 	binpac::SSL::SSL_Conn* interp;
+	binpac::TLSHandshake::Handshake_Conn* handshake_interp;
 	bool had_gap;
 
 };
diff --git a/src/analyzer/protocol/ssl/dtls-analyzer.pac b/src/analyzer/protocol/ssl/dtls-analyzer.pac
new file mode 100644
index 0000000000..c29c5a785f
--- /dev/null
+++ b/src/analyzer/protocol/ssl/dtls-analyzer.pac
@@ -0,0 +1,150 @@
+
+refine connection SSL_Conn += {
+
+	%member{
+
+		struct message_info {
+			uint64 message_first_sequence; // the minumum dtls sequence number for this handshake fragment
+			bool first_sequence_seen; // did we actually see the fragment with the smallest number
+			uint64 message_last_sequence; // the mazimum dtls sequence number for this handshake fragment
+			uint16 message_handshake_sequence; // the handshake sequence number of this handshake (to identify)
+			uint32 message_length; // data length of this handshake (data in buffer)
+			uint32 message_sequence_seen; // a bitfield that shows which sequence numbers we already saw, offset from first_seq.
+			u_char* buffer;
+		} server, client;
+	%}
+
+	%init{
+		memset(&server, 0, sizeof(server));
+		memset(&client, 0, sizeof(client));
+	%}
+
+	%cleanup{
+		delete [] server.buffer;
+		delete [] client.buffer;
+	%}
+
+	function proc_dtls(pdu: SSLRecord, sequence: uint64): bool
+		%{
+		//fprintf(stderr, "Type: %d, sequence number: %d, epoch: %d\n", ${pdu.content_type}, sequence, ${pdu.epoch});
+
+		return true;
+		%}
+
+	function proc_handshake(pdu: SSLRecord, rec: Handshake): bool
+		%{
+		uint32 foffset = to_int()(${rec.fragment_offset});
+		int64  flength = to_int()(${rec.fragment_length});
+		int64  length = to_int()(${rec.length});
+		uint64 sequence_number = to_int()(${pdu.sequence_number});
+		//fprintf(stderr, "Handshake type: %d, length: %u, seq: %u, foffset: %u, flength: %u\n", ${rec.msg_type}, to_int()(${rec.length}), ${rec.message_seq}, to_int()(${rec.fragment_offset}), to_int()(${rec.fragment_length}));
+
+		if ( foffset == 0 && length == flength )
+			{
+			//fprintf(stderr, "Complete fragment, forwarding...\n");
+			bro_analyzer()->SendHandshake(${rec.msg_type}, length, ${rec.data}.begin(), ${rec.data}.end(), ${pdu.is_orig});
+			return true;
+			}
+
+		// if we fall through here, the message has to be reassembled. Let's first get the right info record...
+		message_info* i;
+		if ( ${pdu.is_orig} )
+			i = &client;
+		else
+			i = &server;
+
+		if ( length > MAX_DTLS_HANDSHAKE_RECORD )
+			{
+			bro_analyzer()->ProtocolViolation(fmt("DTLS record length %lld larger than allowed maximum.", length));
+			return true;
+			}
+
+		if ( i->message_handshake_sequence != ${rec.message_seq} || i->message_length != length || i->buffer == 0 )
+			{
+			// cannot resume reassembling. Let's abandon the current data and try anew...
+			delete [] i->buffer;
+			memset(i, 0, sizeof(message_info));
+			i->message_handshake_sequence = ${rec.message_seq};
+			i->message_length = length;
+			i->buffer = new u_char[length];
+			// does not have to be the first sequence number - we cannot figure that out at this point. If it is not,
+			// we will fix that later...
+			i->message_first_sequence = sequence_number;
+			}
+
+		// if we arrive here, we are actually ready to resume.
+		if ( i->message_first_sequence > sequence_number )
+			{
+			if ( i->first_sequence_seen )
+				{
+				bro_analyzer()->ProtocolViolation("Saw second and different first message fragment for handshake.");
+				return true;
+				}
+			// first sequence number was incorrect, let's fix that.
+			uint64 diff = i->message_first_sequence - sequence_number;
+			i->message_sequence_seen = i->message_sequence_seen << diff;
+			i->message_first_sequence = sequence_number;
+			}
+
+		// if we have offset 0, we know the smallest number...
+		if ( foffset == 0 )
+			i->first_sequence_seen = true;
+
+		// check if we already saw the message
+		if ( ( i->message_sequence_seen & ( 1 << (sequence_number - i->message_first_sequence) ) ) != 0 )
+			return true; // do not handle same message fragment twice
+
+		// copy data from fragment to buffer
+		if ( ${rec.data}.length() != flength )
+			{
+			bro_analyzer()->ProtocolViolation(fmt("DTLS handshake record length does not match packet length"));
+			return true;
+			}
+
+		if ( foffset + flength > length )
+			{
+			bro_analyzer()->ProtocolViolation(fmt("DTLS handshake fragment trying to write past end of buffer"));
+			return true;
+			}
+
+		// store that we handled fragment
+		i->message_sequence_seen |= 1 << (sequence_number - i->message_first_sequence);
+		memcpy(i->buffer + foffset, ${rec.data}.data(), ${rec.data}.length());
+
+		//fprintf(stderr, "Copied to buffer offset %u length %u\n", foffset, ${rec.data}.length());
+
+		// store last fragment information if this is the last fragment...
+
+		// check if we saw all fragments so far. If yes, forward...
+		if ( foffset + flength == length )
+			i->message_last_sequence = sequence_number;
+
+		if ( i->message_last_sequence != 0 && i->first_sequence_seen )
+			{
+			uint64 total_length = i->message_last_sequence - i->message_first_sequence;
+			if ( total_length > 30 )
+				{
+				bro_analyzer()->ProtocolViolation(fmt("DTLS Message fragmented over more than 30 pieces. Cannot reassemble."));
+				return true;
+				}
+
+			if ( ( ~(i->message_sequence_seen) & ( ( 1<<(total_length+1) ) -1 ) ) == 0 )
+				{
+				//fprintf(stderr, "ALl fragments here. Total length %u\n", length);
+				bro_analyzer()->SendHandshake(${rec.msg_type}, length, i->buffer, i->buffer + length, ${pdu.is_orig});
+				}
+			}
+
+
+		return true;
+		%}
+};
+
+refine typeattr SSLRecord += &let {
+	proc: bool = $context.connection.proc_dtls(this, to_int()(sequence_number));
+};
+
+refine typeattr Handshake += &let {
+	proc: bool = $context.connection.proc_handshake(rec, this);
+};
+
diff --git a/src/analyzer/protocol/ssl/dtls-protocol.pac b/src/analyzer/protocol/ssl/dtls-protocol.pac
new file mode 100644
index 0000000000..6faa191d18
--- /dev/null
+++ b/src/analyzer/protocol/ssl/dtls-protocol.pac
@@ -0,0 +1,60 @@
+
+######################################################################
+# initial datatype for binpac
+######################################################################
+
+type DTLSPDU(is_orig: bool) = record {
+	records: SSLRecord(is_orig)[] &transient;
+};
+
+type SSLRecord(is_orig: bool) = record {
+	content_type: uint8;
+	version: uint16;
+# the epoch signalizes that a changecipherspec message has been received. Hence, everything with
+# an epoch > 0 should be encrypted
+	epoch: uint16;
+	sequence_number: uint48;
+	length: uint16;
+	cont: case valid of {
+		true -> rec: RecordText(this)[] &length=length;
+    false -> swallow: bytestring &restofdata;
+	};
+} &byteorder = bigendian, &let {
+# Do not parse body if packet version invalid
+	valid: bool = $context.connection.dtls_version_ok(version);
+};
+
+type RecordText(rec: SSLRecord) = case rec.epoch of {
+	0	-> plaintext : PlaintextRecord(rec);
+	default -> ciphertext : CiphertextRecord(rec);
+};
+
+refine casetype PlaintextRecord += {
+	HANDSHAKE		-> handshake : Handshake(rec);
+};
+
+type Handshake(rec: SSLRecord) = record {
+	msg_type: uint8;
+	length: uint24;
+	message_seq: uint16;
+	fragment_offset: uint24;
+	fragment_length: uint24;
+	data: bytestring &restofdata;
+}
+
+refine connection SSL_Conn += {
+
+	function dtls_version_ok(version: uint16): uint16
+		%{
+		switch ( version ) {
+		case DTLSv10:
+		case DTLSv12:
+			return true;
+
+		default:
+			bro_analyzer()->ProtocolViolation(fmt("Invalid version in DTLS connection. Packet reported version: %d", version));			
+			return false;
+		}
+		%}
+
+};
diff --git a/src/analyzer/protocol/ssl/dtls.pac b/src/analyzer/protocol/ssl/dtls.pac
new file mode 100644
index 0000000000..b08dd61f8f
--- /dev/null
+++ b/src/analyzer/protocol/ssl/dtls.pac
@@ -0,0 +1,36 @@
+# binpac file for SSL analyzer
+
+%include binpac.pac
+%include bro.pac
+
+%extern{
+#include "events.bif.h"
+
+namespace analyzer { namespace dtls { class DTLS_Analyzer; } }
+typedef analyzer::dtls::DTLS_Analyzer* DTLSAnalyzer;
+
+#include "DTLS.h"
+%}
+
+extern type DTLSAnalyzer;
+
+analyzer DTLS withcontext {
+	connection: SSL_Conn;
+	flow:       DTLS_Flow;
+};
+
+connection SSL_Conn(bro_analyzer: DTLSAnalyzer) {
+	upflow = DTLS_Flow(true);
+	downflow = DTLS_Flow(false);
+};
+
+%include ssl-dtls-protocol.pac
+%include dtls-protocol.pac
+
+flow DTLS_Flow(is_orig: bool) {
+  datagram = DTLSPDU(is_orig) withcontext(connection, this);
+}
+
+%include ssl-dtls-analyzer.pac
+%include dtls-analyzer.pac
+%include ssl-defs.pac
diff --git a/src/analyzer/protocol/ssl/proc-certificate.pac b/src/analyzer/protocol/ssl/proc-certificate.pac
new file mode 100644
index 0000000000..c2353e3a88
--- /dev/null
+++ b/src/analyzer/protocol/ssl/proc-certificate.pac
@@ -0,0 +1,30 @@
+	function proc_certificate(is_orig: bool, certificates : bytestring[]) : bool
+		%{
+		if ( certificates->size() == 0 )
+			return true;
+
+		ODesc common;
+		common.AddRaw("Analyzer::ANALYZER_SSL");
+		common.Add(bro_analyzer()->Conn()->StartTime());
+		common.AddRaw(is_orig ? "T" : "F", 1);
+		bro_analyzer()->Conn()->IDString(&common);
+
+		for ( unsigned int i = 0; i < certificates->size(); ++i )
+			{
+			const bytestring& cert = (*certificates)[i];
+
+			ODesc file_handle;
+			file_handle.Add(common.Description());
+			file_handle.Add(i);
+
+			string file_id = file_mgr->HashHandle(file_handle.Description());
+
+			file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()),
+			                 cert.length(), bro_analyzer()->GetAnalyzerTag(),
+			                 bro_analyzer()->Conn(), is_orig, file_id);
+			file_mgr->EndOfFile(file_id);
+			}
+		return true;
+		%}
+
+
diff --git a/src/analyzer/protocol/ssl/proc-client-hello.pac b/src/analyzer/protocol/ssl/proc-client-hello.pac
new file mode 100644
index 0000000000..601d0fce94
--- /dev/null
+++ b/src/analyzer/protocol/ssl/proc-client-hello.pac
@@ -0,0 +1,42 @@
+	function proc_client_hello(
+					version : uint16, ts : double,
+					client_random : bytestring,
+					session_id : uint8[],
+					cipher_suites16 : uint16[],
+					cipher_suites24 : uint24[]) : bool
+		%{
+		if ( ! version_ok(version) )
+			{
+			bro_analyzer()->ProtocolViolation(fmt("unsupported client SSL version 0x%04x", version));
+			bro_analyzer()->SetSkip(true);
+			}
+		else
+			bro_analyzer()->ProtocolConfirmation();
+
+		if ( ssl_client_hello )
+			{
+			vector<int>* cipher_suites = new vector<int>();
+			if ( cipher_suites16 )
+				std::copy(cipher_suites16->begin(), cipher_suites16->end(), std::back_inserter(*cipher_suites));
+			else
+				std::transform(cipher_suites24->begin(), cipher_suites24->end(), std::back_inserter(*cipher_suites), to_int());
+
+			VectorVal* cipher_vec = new VectorVal(internal_type("index_vec")->AsVectorType());
+			for ( unsigned int i = 0; i < cipher_suites->size(); ++i )
+				{
+				Val* ciph = new Val((*cipher_suites)[i], TYPE_COUNT);
+				cipher_vec->Assign(i, ciph);
+				}
+
+			BifEvent::generate_ssl_client_hello(bro_analyzer(), bro_analyzer()->Conn(),
+							version, ts, new StringVal(client_random.length(),
+							(const char*) client_random.data()),
+							to_string_val(session_id),
+							cipher_vec);
+
+			delete cipher_suites;
+			}
+
+		return true;
+		%}
+
diff --git a/src/analyzer/protocol/ssl/proc-server-hello.pac b/src/analyzer/protocol/ssl/proc-server-hello.pac
new file mode 100644
index 0000000000..2dfc940774
--- /dev/null
+++ b/src/analyzer/protocol/ssl/proc-server-hello.pac
@@ -0,0 +1,36 @@
+	function proc_server_hello(
+					version : uint16, ts : double,
+					server_random : bytestring,
+					session_id : uint8[],
+					cipher_suites16 : uint16[],
+					cipher_suites24 : uint24[],
+					comp_method : uint8) : bool
+		%{
+		if ( ! version_ok(version) )
+			{
+			bro_analyzer()->ProtocolViolation(fmt("unsupported server SSL version 0x%04x", version));
+			bro_analyzer()->SetSkip(true);
+			}
+
+		if ( ssl_server_hello )
+			{
+			vector<int>* ciphers = new vector<int>();
+
+			if ( cipher_suites16 )
+				std::copy(cipher_suites16->begin(), cipher_suites16->end(), std::back_inserter(*ciphers));
+			else
+				std::transform(cipher_suites24->begin(), cipher_suites24->end(), std::back_inserter(*ciphers), to_int());
+
+			BifEvent::generate_ssl_server_hello(bro_analyzer(),
+							bro_analyzer()->Conn(),
+							version, ts, new StringVal(server_random.length(),
+							(const char*) server_random.data()),
+							to_string_val(session_id),
+							ciphers->size()==0 ? 0 : ciphers->at(0), comp_method);
+
+			delete ciphers;
+			}
+
+		return true;
+		%}
+
diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac
index 2433886d14..3d61b215a2 100644
--- a/src/analyzer/protocol/ssl/ssl-analyzer.pac
+++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac
@@ -1,352 +1,19 @@
 # Analyzer for SSL (Bro-specific part).
 
-%extern{
-#include <vector>
-#include <algorithm>
-#include <iostream>
-#include <iterator>
-
-#include "util.h"
-
-#include "file_analysis/Manager.h"
-%}
-
-
-%header{
-	class extract_certs {
-	public:
-		bytestring const& operator() (X509Certificate* cert) const
-			{
-			return cert->certificate();
-			}
-	};
-
-	string orig_label(bool is_orig);
-	string handshake_type_label(int type);
-	%}
-
-%code{
-string orig_label(bool is_orig)
-		{
-		return string(is_orig ? "originator" :"responder");
-		}
-
-	string handshake_type_label(int type)
-		{
-		switch ( type ) {
-		case HELLO_REQUEST: return string("HELLO_REQUEST");
-		case CLIENT_HELLO: return string("CLIENT_HELLO");
-		case SERVER_HELLO: return string("SERVER_HELLO");
-		case SESSION_TICKET: return string("SESSION_TICKET");
-		case CERTIFICATE: return string("CERTIFICATE");
-		case SERVER_KEY_EXCHANGE: return string("SERVER_KEY_EXCHANGE");
-		case CERTIFICATE_REQUEST: return string("CERTIFICATE_REQUEST");
-		case SERVER_HELLO_DONE: return string("SERVER_HELLO_DONE");
-		case CERTIFICATE_VERIFY: return string("CERTIFICATE_VERIFY");
-		case CLIENT_KEY_EXCHANGE: return string("CLIENT_KEY_EXCHANGE");
-		case FINISHED: return string("FINISHED");
-		case CERTIFICATE_URL: return string("CERTIFICATE_URL");
-		case CERTIFICATE_STATUS: return string("CERTIFICATE_STATUS");
-		default: return string(fmt("UNKNOWN (%d)", type));
-		}
-		}
-
-%}
-
-
-function to_string_val(data : uint8[]) : StringVal
-	%{
-	char tmp[32];
-	memset(tmp, 0, sizeof(tmp));
-
-	// Just return an empty string if the string is longer than 32 bytes
-	if ( data && data->size() <= 32 )
-		{
-		for ( unsigned int i = data->size(); i > 0; --i )
-			tmp[i-1] = (*data)[i-1];
-		}
-
-	return new StringVal(32, tmp);
-	%}
-
-function version_ok(vers : uint16) : bool
-	%{
-	switch ( vers ) {
-	case SSLv20:
-	case SSLv30:
-	case TLSv10:
-	case TLSv11:
-	case TLSv12:
-		return true;
-
-	default:
-		return false;
-	}
-	%}
-
 refine connection SSL_Conn += {
 
-	%member{
-		int established_;
-	%}
+	%include proc-client-hello.pac
+	%include proc-server-hello.pac
+	%include proc-certificate.pac
 
-	%init{
-		established_ = false;
-	%}
-
-	%cleanup{
-	%}
-
-	function proc_alert(rec: SSLRecord, level : int, desc : int) : bool
-		%{
-		BifEvent::generate_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(),
-						${rec.is_orig}, level, desc);
-		return true;
-		%}
-
-	function proc_client_hello(rec: SSLRecord,
-					version : uint16, ts : double,
-					client_random : bytestring,
-					session_id : uint8[],
-					cipher_suites16 : uint16[],
-					cipher_suites24 : uint24[]) : bool
-		%{
-		if ( ! version_ok(version) )
-			{
-			bro_analyzer()->ProtocolViolation(fmt("unsupported client SSL version 0x%04x", version));
-			bro_analyzer()->SetSkip(true);
-			}
-		else
-			bro_analyzer()->ProtocolConfirmation();
-
-		if ( ssl_client_hello )
-			{
-			vector<int>* cipher_suites = new vector<int>();
-			if ( cipher_suites16 )
-				std::copy(cipher_suites16->begin(), cipher_suites16->end(), std::back_inserter(*cipher_suites));
-			else
-				std::transform(cipher_suites24->begin(), cipher_suites24->end(), std::back_inserter(*cipher_suites), to_int());
-
-			VectorVal* cipher_vec = new VectorVal(internal_type("index_vec")->AsVectorType());
-			for ( unsigned int i = 0; i < cipher_suites->size(); ++i )
-				{
-				Val* ciph = new Val((*cipher_suites)[i], TYPE_COUNT);
-				cipher_vec->Assign(i, ciph);
-				}
-
-			BifEvent::generate_ssl_client_hello(bro_analyzer(), bro_analyzer()->Conn(),
-							version, ts, new StringVal(client_random.length(),
-							(const char*) client_random.data()),
-							to_string_val(session_id),
-							cipher_vec);
-
-			delete cipher_suites;
-			}
-
-		return true;
-		%}
-
-	function proc_server_hello(rec: SSLRecord,
-					version : uint16, ts : double,
-					server_random : bytestring,
-					session_id : uint8[],
-					cipher_suites16 : uint16[],
-					cipher_suites24 : uint24[],
-					comp_method : uint8) : bool
-		%{
-		if ( ! version_ok(version) )
-			{
-			bro_analyzer()->ProtocolViolation(fmt("unsupported server SSL version 0x%04x", version));
-			bro_analyzer()->SetSkip(true);
-			}
-
-		if ( ssl_server_hello )
-			{
-			vector<int>* ciphers = new vector<int>();
-
-			if ( cipher_suites16 )
-				std::copy(cipher_suites16->begin(), cipher_suites16->end(), std::back_inserter(*ciphers));
-			else
-				std::transform(cipher_suites24->begin(), cipher_suites24->end(), std::back_inserter(*ciphers), to_int());
-
-			BifEvent::generate_ssl_server_hello(bro_analyzer(),
-							bro_analyzer()->Conn(),
-							version, ts, new StringVal(server_random.length(),
-							(const char*) server_random.data()),
-							to_string_val(session_id),
-							ciphers->size()==0 ? 0 : ciphers->at(0), comp_method);
-
-			delete ciphers;
-			}
-
-		return true;
-		%}
-
-	function proc_session_ticket_handshake(rec: SessionTicketHandshake, is_orig: bool): bool
-		%{
-		if ( ssl_session_ticket_handshake )
-			{
-			BifEvent::generate_ssl_session_ticket_handshake(bro_analyzer(),
-							bro_analyzer()->Conn(),
-							${rec.ticket_lifetime_hint},
-							new StringVal(${rec.data}.length(), (const char*) ${rec.data}.data()));
-			}
-		return true;
-		%}
-
-	function proc_ssl_extension(rec: SSLRecord, type: int, sourcedata: const_bytestring) : bool
-		%{
-		// We cheat a little bit here. We want to throw this event
-		// for every extension we encounter, even those that are
-		// handled by more specialized events later. To access the
-		// parsed data, we use sourcedata, which contains the whole
-		// data blob of the extension, including headers. We skip
-		// over those (4 bytes).
-		size_t length = sourcedata.length();
-		if ( length < 4 )
-			{
-			// This should be impossible due to the binpac parser
-			// and protocol description
-			bro_analyzer()->ProtocolViolation(fmt("Impossible extension length: %lu", length));
-			bro_analyzer()->SetSkip(true);
-			return true;
-			}
-
-		length -= 4;
-		const unsigned char* data = sourcedata.begin() + 4;
-
-		if ( ssl_extension )
-			BifEvent::generate_ssl_extension(bro_analyzer(),
-						bro_analyzer()->Conn(), ${rec.is_orig}, type,
-						new StringVal(length, reinterpret_cast<const char*>(data)));
-		return true;
-		%}
-
-	function proc_ec_point_formats(rec: SSLRecord, point_format_list: uint8[]) : bool
-		%{
-		VectorVal* points = new VectorVal(internal_type("index_vec")->AsVectorType());
-
-		if ( point_format_list )
-			{
-			for ( unsigned int i = 0; i < point_format_list->size(); ++i )
-				points->Assign(i, new Val((*point_format_list)[i], TYPE_COUNT));
-			}
-
-		BifEvent::generate_ssl_extension_ec_point_formats(bro_analyzer(), bro_analyzer()->Conn(),
-		   ${rec.is_orig}, points);
-
-		return true;
-		%}
-
-	function proc_elliptic_curves(rec: SSLRecord, list: uint16[]) : bool
-		%{
-		VectorVal* curves = new VectorVal(internal_type("index_vec")->AsVectorType());
-
-		if ( list )
-			{
-			for ( unsigned int i = 0; i < list->size(); ++i )
-				curves->Assign(i, new Val((*list)[i], TYPE_COUNT));
-			}
-
-		BifEvent::generate_ssl_extension_elliptic_curves(bro_analyzer(), bro_analyzer()->Conn(),
-		   ${rec.is_orig}, curves);
-
-		return true;
-		%}
-
-	function proc_apnl(rec: SSLRecord, protocols: ProtocolName[]) : bool
-		%{
-		VectorVal* plist = new VectorVal(internal_type("string_vec")->AsVectorType());
-
-		if ( protocols )
-			{
-			for ( unsigned int i = 0; i < protocols->size(); ++i )
-				plist->Assign(i, new StringVal((*protocols)[i]->name().length(), (const char*) (*protocols)[i]->name().data()));
-			}
-
-		BifEvent::generate_ssl_extension_application_layer_protocol_negotiation(bro_analyzer(), bro_analyzer()->Conn(),
-											${rec.is_orig}, plist);
-
-		return true;
-		%}
-
-	function proc_server_name(rec: SSLRecord, list: ServerName[]) : bool
-		%{
-		VectorVal* servers = new VectorVal(internal_type("string_vec")->AsVectorType());
-
-		if ( list )
-			{
-			for ( unsigned int i = 0, j = 0; i < list->size(); ++i )
-				{
-				ServerName* servername = (*list)[i];
-				if ( servername->name_type() != 0 )
-					{
-					bro_analyzer()->Weird(fmt("Encountered unknown type in server name ssl extension: %d", servername->name_type()));
-					continue;
-					}
-
-				if ( servername->host_name() )
-					servers->Assign(j++, new StringVal(servername->host_name()->host_name().length(), (const char*) servername->host_name()->host_name().data()));
-				else
-					bro_analyzer()->Weird("Empty server_name extension in ssl connection");
-				}
-			}
-
-		BifEvent::generate_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(),
-		   ${rec.is_orig}, servers);
-
-		return true;
-		%}
-
-	function proc_certificate(rec: SSLRecord, certificates : bytestring[]) : bool
-		%{
-		if ( certificates->size() == 0 )
-			return true;
-
-		ODesc common;
-		common.AddRaw("Analyzer::ANALYZER_SSL");
-		common.Add(bro_analyzer()->Conn()->StartTime());
-		common.AddRaw(${rec.is_orig} ? "T" : "F", 1);
-		bro_analyzer()->Conn()->IDString(&common);
-
-		for ( unsigned int i = 0; i < certificates->size(); ++i )
-			{
-			const bytestring& cert = (*certificates)[i];
-
-			ODesc file_handle;
-			file_handle.Add(common.Description());
-			file_handle.Add(i);
-
-			string file_id = file_mgr->HashHandle(file_handle.Description());
-
-			file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()),
-			                 cert.length(), bro_analyzer()->GetAnalyzerTag(),
-			                 bro_analyzer()->Conn(), ${rec.is_orig}, file_id);
-			file_mgr->EndOfFile(file_id);
-			}
-		return true;
-		%}
-
-	function proc_v2_certificate(rec: SSLRecord, cert : bytestring) : bool
+	function proc_v2_certificate(is_orig: bool, cert : bytestring) : bool
 		%{
 		vector<bytestring>* cert_list = new vector<bytestring>(1,cert);
-		bool ret = proc_certificate(rec, cert_list);
+		bool ret = proc_certificate(is_orig, cert_list);
 		delete cert_list;
 		return ret;
 		%}
 
-	function proc_v3_certificate(rec: SSLRecord, cl : X509Certificate[]) : bool
-		%{
-		vector<X509Certificate*>* certs = cl;
-		vector<bytestring>* cert_list = new vector<bytestring>();
-
-		std::transform(certs->begin(), certs->end(),
-		std::back_inserter(*cert_list), extract_certs());
-
-		bool ret = proc_certificate(rec, cert_list);
-		delete cert_list;
-		return ret;
-		%}
 
 	function proc_v2_client_master_key(rec: SSLRecord, cipher_kind: int) : bool
 		%{
@@ -356,209 +23,38 @@ refine connection SSL_Conn += {
 		return true;
 		%}
 
-	function proc_unknown_handshake(hs: Handshake, is_orig: bool) : bool
+	function proc_handshake(rec: SSLRecord, data: bytestring, is_orig: bool) : bool
 		%{
-		bro_analyzer()->ProtocolViolation(fmt("unknown handshake message (%d) from %s",
-			${hs.msg_type}, orig_label(is_orig).c_str()));
+		bro_analyzer()->SendHandshake(data.begin(), data.end(), is_orig);
 		return true;
 		%}
-
-	function proc_unknown_record(rec: SSLRecord) : bool
-		%{
-		bro_analyzer()->ProtocolViolation(fmt("unknown SSL record type (%d) from %s",
-				${rec.content_type},
-				orig_label(${rec.is_orig}).c_str()));
-		return true;
-		%}
-
-	function proc_ciphertext_record(rec : SSLRecord) : bool
-		%{
-		 if ( client_state_ == STATE_ENCRYPTED &&
-		      server_state_ == STATE_ENCRYPTED &&
-		      established_ == false )
-			{
-			established_ = true;
-			BifEvent::generate_ssl_established(bro_analyzer(),
-							bro_analyzer()->Conn());
-			}
-
-		BifEvent::generate_ssl_encrypted_data(bro_analyzer(),
-			bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.content_type}, ${rec.length});
-
-		return true;
-		%}
-
-	function proc_heartbeat(rec : SSLRecord, type: uint8, payload_length: uint16, data: bytestring) : bool
-		%{
-		BifEvent::generate_ssl_heartbeat(bro_analyzer(),
-			bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length}, type, payload_length,
-			new StringVal(data.length(), (const char*) data.data()));
-		return true;
-		%}
-
-	function proc_check_v2_server_hello_version(version: uint16) : bool
-		%{
-		if ( version != SSLv20 )
-			{
-			bro_analyzer()->ProtocolViolation(fmt("Invalid version in SSL server hello. Version: %d", version));
-			bro_analyzer()->SetSkip(true);
-			return false;
-			}
-
-		return true;
-		%}
-
-	function proc_certificate_status(rec : SSLRecord, status_type: uint8, response: bytestring) : bool
-		%{
-		 if ( status_type == 1 ) // ocsp
-			{
-			BifEvent::generate_ssl_stapled_ocsp(bro_analyzer(),
-							    bro_analyzer()->Conn(), ${rec.is_orig},
-							    new StringVal(response.length(),
-							    (const char*) response.data()));
-			}
-
-		return true;
-		%}
-
-	function proc_ec_server_key_exchange(rec: SSLRecord, curve_type: uint8, curve: uint16) : bool
-		%{
-		if ( curve_type == NAMED_CURVE )
-			BifEvent::generate_ssl_server_curve(bro_analyzer(),
-			  bro_analyzer()->Conn(), curve);
-
-		return true;
-		%}
-
-	function proc_dh_server_key_exchange(rec: SSLRecord, p: bytestring, g: bytestring, Ys: bytestring) : bool
-		%{
-		BifEvent::generate_ssl_dh_server_params(bro_analyzer(),
-			bro_analyzer()->Conn(),
-		  new StringVal(p.length(), (const char*) p.data()),
-		  new StringVal(g.length(), (const char*) g.data()),
-		  new StringVal(Ys.length(), (const char*) Ys.data())
-		  );
-
-		return true;
-		%}
-
-	function proc_ccs(rec: SSLRecord) : bool
-		%{
-		BifEvent::generate_ssl_change_cipher_spec(bro_analyzer(),
-			bro_analyzer()->Conn(), ${rec.is_orig});
-
-		return true;
-		%}
-
-	function proc_handshake(rec: SSLRecord, msg_type: uint8, length: uint24) : bool
-		%{
-		BifEvent::generate_ssl_handshake_message(bro_analyzer(),
-			bro_analyzer()->Conn(), ${rec.is_orig}, msg_type, to_int()(length));
-
-		return true;
-		%}
-
 };
 
-refine typeattr Alert += &let {
-	proc : bool = $context.connection.proc_alert(rec, level, description);
-};
 
 refine typeattr V2Error += &let {
 	proc : bool = $context.connection.proc_alert(rec, -1, error_code);
 };
 
-refine typeattr Heartbeat += &let {
-	proc : bool = $context.connection.proc_heartbeat(rec, type, payload_length, data);
-};
-
-refine typeattr ClientHello += &let {
-	proc : bool = $context.connection.proc_client_hello(rec, client_version,
-				gmt_unix_time, random_bytes,
-				session_id, csuits, 0);
-};
 
 refine typeattr V2ClientHello += &let {
-	proc : bool = $context.connection.proc_client_hello(rec, client_version, 0,
+	proc : bool = $context.connection.proc_client_hello(client_version, 0,
 				challenge, session_id, 0, ciphers);
 };
 
-refine typeattr ServerHello += &let {
-	proc : bool = $context.connection.proc_server_hello(rec, server_version,
-			gmt_unix_time, random_bytes, session_id, cipher_suite, 0,
-			compression_method);
-};
-
 refine typeattr V2ServerHello += &let {
 	check_v2 : bool = $context.connection.proc_check_v2_server_hello_version(server_version);
 
-	proc : bool = $context.connection.proc_server_hello(rec, server_version, 0,
+	proc : bool = $context.connection.proc_server_hello(server_version, 0,
 				conn_id_data, 0, 0, ciphers, 0) &requires(check_v2) &if(check_v2 == true);
 
-	cert : bool = $context.connection.proc_v2_certificate(rec, cert_data)
+	cert : bool = $context.connection.proc_v2_certificate(rec.is_orig, cert_data)
 		&requires(proc) &requires(check_v2) &if(check_v2 == true);
 };
 
-refine typeattr Certificate += &let {
-	proc : bool = $context.connection.proc_v3_certificate(rec, certificates);
-};
-
 refine typeattr V2ClientMasterKey += &let {
 	proc : bool = $context.connection.proc_v2_client_master_key(rec, cipher_kind);
 };
 
-refine typeattr UnknownHandshake += &let {
-	proc : bool = $context.connection.proc_unknown_handshake(hs, is_orig);
-};
-
-refine typeattr SessionTicketHandshake += &let {
-	proc : bool = $context.connection.proc_session_ticket_handshake(this, rec.is_orig);
-}
-
-refine typeattr UnknownRecord += &let {
-	proc : bool = $context.connection.proc_unknown_record(rec);
-};
-
-refine typeattr CiphertextRecord += &let {
-	proc : bool = $context.connection.proc_ciphertext_record(rec);
-}
-
-refine typeattr SSLExtension += &let {
-	proc : bool = $context.connection.proc_ssl_extension(rec, type, sourcedata);
-};
-
-refine typeattr EcPointFormats += &let {
-	proc : bool = $context.connection.proc_ec_point_formats(rec, point_format_list);
-};
-
-refine typeattr EllipticCurves += &let {
-	proc : bool = $context.connection.proc_elliptic_curves(rec, elliptic_curve_list);
-};
-
-refine typeattr ApplicationLayerProtocolNegotiationExtension += &let {
-	proc : bool = $context.connection.proc_apnl(rec, protocol_name_list);
-};
-
-refine typeattr ServerNameExt += &let {
-	proc : bool = $context.connection.proc_server_name(rec, server_names);
-};
-
-refine typeattr CertificateStatus += &let {
-	proc : bool = $context.connection.proc_certificate_status(rec, status_type, response);
-};
-
-refine typeattr EcServerKeyExchange += &let {
-	proc : bool = $context.connection.proc_ec_server_key_exchange(rec, curve_type, curve);
-};
-
-refine typeattr DhServerKeyExchange += &let {
-	proc : bool = $context.connection.proc_dh_server_key_exchange(rec, dh_p, dh_g, dh_Ys);
-};
-
-refine typeattr ChangeCipherSpec += &let {
-	proc : bool = $context.connection.proc_ccs(rec);
-};
-
 refine typeattr Handshake += &let {
-	proc : bool = $context.connection.proc_handshake(rec, msg_type, length);
+	proc : bool = $context.connection.proc_handshake(rec, data, rec.is_orig);
 };
diff --git a/src/analyzer/protocol/ssl/ssl-defs.pac b/src/analyzer/protocol/ssl/ssl-defs.pac
index 29eb1d1fb9..cb69af9e14 100644
--- a/src/analyzer/protocol/ssl/ssl-defs.pac
+++ b/src/analyzer/protocol/ssl/ssl-defs.pac
@@ -1,5 +1,86 @@
 # Some common definitions for the SSL and SSL record-layer analyzers.
 
+type uint24 = record {
+	byte1 : uint8;
+	byte2 : uint8;
+	byte3 : uint8;
+};
+
+type uint48 = record {
+	byte1 : uint8;
+	byte2 : uint8;
+	byte3 : uint8;
+	byte4 : uint8;
+	byte5 : uint8;
+	byte6 : uint8;
+};
+
+
+%header{
+	string orig_label(bool is_orig);
+	%}
+
+
+%code{
+string orig_label(bool is_orig)
+		{
+		return string(is_orig ? "originator" :"responder");
+		}
+%}
+
+%header{
+	class to_int {
+	public:
+		int operator()(uint24 * num) const
+		{
+		return (num->byte1() << 16) | (num->byte2() << 8) | num->byte3();
+		}
+
+		uint64 operator()(uint48 * num) const
+		{
+		return ((uint64)num->byte1() << 40) | ((uint64)num->byte2() << 32) | ((uint64)num->byte3() << 24) |
+		  ((uint64)num->byte4() << 16) | ((uint64)num->byte5() << 8) | (uint64)num->byte6();
+		}
+	};
+
+	string state_label(int state_nr);
+%}
+
+extern type to_int;
+
+function to_string_val(data : uint8[]) : StringVal
+	%{
+	char tmp[32];
+	memset(tmp, 0, sizeof(tmp));
+
+	// Just return an empty string if the string is longer than 32 bytes
+	if ( data && data->size() <= 32 )
+		{
+		for ( unsigned int i = data->size(); i > 0; --i )
+			tmp[i-1] = (*data)[i-1];
+		}
+
+	return new StringVal(32, tmp);
+	%}
+
+function version_ok(vers : uint16) : bool
+	%{
+	switch ( vers ) {
+	case SSLv20:
+	case SSLv30:
+	case TLSv10:
+	case TLSv11:
+	case TLSv12:
+	case DTLSv10:
+	case DTLSv12:
+		return true;
+
+	default:
+		return false;
+	}
+	%}
+
+
 %extern{
 #include <string>
 using std::string;
@@ -7,6 +88,9 @@ using std::string;
 #include "events.bif.h"
 %}
 
+# a maximum of 100k for one record seems safe 
+let MAX_DTLS_HANDSHAKE_RECORD: uint32 = 100000;
+
 enum ContentType {
 	CHANGE_CIPHER_SPEC = 20,
 	ALERT = 21,
@@ -27,7 +111,11 @@ enum SSLVersions {
 	SSLv30		= 0x0300,
 	TLSv10		= 0x0301,
 	TLSv11		= 0x0302,
-	TLSv12		= 0x0303
+	TLSv12		= 0x0303,
+
+	DTLSv10   = 0xFEFF,
+	# DTLSv11 does not exist.
+	DTLSv12   = 0xFEFD
 };
 
 enum SSLExtensions {
diff --git a/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac
new file mode 100644
index 0000000000..0e8418644e
--- /dev/null
+++ b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac
@@ -0,0 +1,106 @@
+
+%extern{
+#include <vector>
+#include <algorithm>
+#include <iostream>
+#include <iterator>
+
+#include "util.h"
+
+#include "file_analysis/Manager.h"
+%}
+
+refine connection SSL_Conn += {
+
+	%member{
+		int established_;
+	%}
+
+	%init{
+		established_ = false;
+	%}
+
+	%cleanup{
+	%}
+
+	function proc_alert(rec: SSLRecord, level : int, desc : int) : bool
+		%{
+		BifEvent::generate_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(),
+						${rec.is_orig}, level, desc);
+		return true;
+		%}
+	function proc_unknown_record(rec: SSLRecord) : bool
+		%{
+		bro_analyzer()->ProtocolViolation(fmt("unknown SSL record type (%d) from %s",
+				${rec.content_type},
+				orig_label(${rec.is_orig}).c_str()));
+		return true;
+		%}
+
+	function proc_ciphertext_record(rec : SSLRecord) : bool
+		%{
+		 if ( client_state_ == STATE_ENCRYPTED &&
+		      server_state_ == STATE_ENCRYPTED &&
+		      established_ == false )
+			{
+			established_ = true;
+			BifEvent::generate_ssl_established(bro_analyzer(),
+							bro_analyzer()->Conn());
+			}
+
+		BifEvent::generate_ssl_encrypted_data(bro_analyzer(),
+			bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.content_type}, ${rec.length});
+
+		return true;
+		%}
+
+	function proc_heartbeat(rec : SSLRecord, type: uint8, payload_length: uint16, data: bytestring) : bool
+		%{
+		BifEvent::generate_ssl_heartbeat(bro_analyzer(),
+			bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length}, type, payload_length,
+			new StringVal(data.length(), (const char*) data.data()));
+		return true;
+		%}
+
+	function proc_check_v2_server_hello_version(version: uint16) : bool
+		%{
+		if ( version != SSLv20 )
+			{
+			bro_analyzer()->ProtocolViolation(fmt("Invalid version in SSL server hello. Version: %d", version));
+			bro_analyzer()->SetSkip(true);
+			return false;
+			}
+
+		return true;
+		%}
+
+
+	function proc_ccs(rec: SSLRecord) : bool
+		%{
+		BifEvent::generate_ssl_change_cipher_spec(bro_analyzer(),
+			bro_analyzer()->Conn(), ${rec.is_orig});
+
+		return true;
+		%}
+
+};
+
+refine typeattr Alert += &let {
+	proc : bool = $context.connection.proc_alert(rec, level, description);
+};
+
+refine typeattr Heartbeat += &let {
+	proc : bool = $context.connection.proc_heartbeat(rec, type, payload_length, data);
+};
+
+refine typeattr UnknownRecord += &let {
+	proc : bool = $context.connection.proc_unknown_record(rec);
+};
+
+refine typeattr CiphertextRecord += &let {
+	proc : bool = $context.connection.proc_ciphertext_record(rec);
+}
+
+refine typeattr ChangeCipherSpec += &let {
+	proc : bool = $context.connection.proc_ccs(rec);
+};
diff --git a/src/analyzer/protocol/ssl/ssl-dtls-protocol.pac b/src/analyzer/protocol/ssl/ssl-dtls-protocol.pac
new file mode 100644
index 0000000000..c3277d150e
--- /dev/null
+++ b/src/analyzer/protocol/ssl/ssl-dtls-protocol.pac
@@ -0,0 +1,134 @@
+
+######################################################################
+# General definitions
+######################################################################
+
+type PlaintextRecord(rec: SSLRecord) = case rec.content_type of {
+	CHANGE_CIPHER_SPEC	-> ch_cipher : ChangeCipherSpec(rec);
+	ALERT			-> alert : Alert(rec);
+	HEARTBEAT -> heartbeat: Heartbeat(rec);
+	APPLICATION_DATA	-> app_data : ApplicationData(rec);
+	default			-> unknown_record : UnknownRecord(rec);
+};
+
+
+######################################################################
+# Encryption Tracking
+######################################################################
+
+enum AnalyzerState {
+	STATE_CLEAR,
+	STATE_ENCRYPTED
+};
+
+%code{
+	string state_label(int state_nr)
+		{
+		switch ( state_nr ) {
+		case STATE_CLEAR:
+			return string("CLEAR");
+
+		case STATE_ENCRYPTED:
+			return string("ENCRYPTED");
+
+		default:
+			return string(fmt("UNKNOWN (%d)", state_nr));
+		}
+		}
+%}
+
+######################################################################
+# Change Cipher Spec Protocol (7.1.)
+######################################################################
+
+type ChangeCipherSpec(rec: SSLRecord) = record {
+	type : uint8;
+} &length = 1, &let {
+	state_changed : bool =
+		$context.connection.startEncryption(rec.is_orig);
+};
+
+
+######################################################################
+# Alert Protocol (7.2.)
+######################################################################
+
+type Alert(rec: SSLRecord) = record {
+	level : uint8;
+	description: uint8;
+};
+
+
+######################################################################
+# V3 Application Data
+######################################################################
+
+# Application data should always be encrypted, so we should not
+# reach this point.
+type ApplicationData(rec: SSLRecord) = record {
+	data : bytestring &restofdata &transient;
+};
+
+######################################################################
+# V3 Heartbeat
+######################################################################
+
+type Heartbeat(rec: SSLRecord) = record {
+	type : uint8;
+	payload_length : uint16;
+	data : bytestring &restofdata;
+};
+
+
+
+######################################################################
+# Fragmentation (6.2.1.)
+######################################################################
+
+type UnknownRecord(rec: SSLRecord) = record {
+	cont : bytestring &restofdata &transient;
+};
+
+type CiphertextRecord(rec: SSLRecord) = record {
+	cont : bytestring &restofdata &transient;
+};
+
+######################################################################
+# binpac analyzer for SSL including
+######################################################################
+
+refine connection SSL_Conn += {
+
+	%member{
+		int client_state_;
+		int server_state_;
+		int record_layer_version_;
+	%}
+
+	%init{
+		server_state_ = STATE_CLEAR;
+		client_state_ = STATE_CLEAR;
+		record_layer_version_ = UNKNOWN_VERSION;
+	%}
+
+	function client_state() : int %{ return client_state_; %}
+
+	function server_state() : int %{ return client_state_; %}
+
+	function state(is_orig: bool) : int
+		%{
+		if ( is_orig )
+			return client_state_;
+		else
+			return server_state_;
+		%}
+
+	function startEncryption(is_orig: bool) : bool
+		%{
+		if ( is_orig )
+			client_state_ = STATE_ENCRYPTED;
+		else
+			server_state_ = STATE_ENCRYPTED;
+		return true;
+		%}
+};
diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac
index cb794bd8a4..7f9799e0bc 100644
--- a/src/analyzer/protocol/ssl/ssl-protocol.pac
+++ b/src/analyzer/protocol/ssl/ssl-protocol.pac
@@ -2,30 +2,6 @@
 # To be used in conjunction with an SSL record-layer analyzer.
 # Separation is necessary due to possible fragmentation of SSL records.
 
-######################################################################
-# General definitions
-######################################################################
-
-type uint24 = record {
-	byte1 : uint8;
-	byte2 : uint8;
-	byte3 : uint8;
-};
-
-%header{
-	class to_int {
-	public:
-		int operator()(uint24 * num) const
-		{
-		return (num->byte1() << 16) | (num->byte2() << 8) | num->byte3();
-		}
-	};
-
-	string state_label(int state_nr);
-%}
-
-extern type to_int;
-
 type SSLRecord(is_orig: bool) = record {
 	head0 : uint8;
 	head1 : uint8;
@@ -58,161 +34,19 @@ type RecordText(rec: SSLRecord) = case $context.connection.state(rec.is_orig) of
 		-> plaintext : PlaintextRecord(rec);
 };
 
-type PlaintextRecord(rec: SSLRecord) = case rec.content_type of {
-	CHANGE_CIPHER_SPEC	-> ch_cipher : ChangeCipherSpec(rec);
-	ALERT			-> alert : Alert(rec);
+refine casetype PlaintextRecord += {
 	HANDSHAKE		-> handshake : Handshake(rec);
-	HEARTBEAT -> heartbeat: Heartbeat(rec);
-	APPLICATION_DATA	-> app_data : ApplicationData(rec);
 	V2_ERROR		-> v2_error : V2Error(rec);
 	V2_CLIENT_HELLO		-> v2_client_hello : V2ClientHello(rec);
 	V2_CLIENT_MASTER_KEY	-> v2_client_master_key : V2ClientMasterKey(rec);
 	V2_SERVER_HELLO		-> v2_server_hello : V2ServerHello(rec);
-	default			-> unknown_record : UnknownRecord(rec);
 };
 
-######################################################################
-# TLS Extensions
-######################################################################
-
-type SSLExtension(rec: SSLRecord) = record {
-	type: uint16;
-	data_len: uint16;
-
-	# Pretty code ahead. Deal with the fact that perhaps extensions are
-	# not really present and we do not want to fail because of that.
-	ext: case type of {
-		EXT_APPLICATION_LAYER_PROTOCOL_NEGOTIATION -> apnl: ApplicationLayerProtocolNegotiationExtension(rec)[] &until($element == 0 || $element != 0);
-		EXT_ELLIPTIC_CURVES -> elliptic_curves: EllipticCurves(rec)[] &until($element == 0 || $element != 0);
-		EXT_EC_POINT_FORMATS -> ec_point_formats: EcPointFormats(rec)[] &until($element == 0 || $element != 0);
-#		EXT_STATUS_REQUEST -> status_request: StatusRequest(rec)[] &until($element == 0 || $element != 0);
-		EXT_SERVER_NAME -> server_name: ServerNameExt(rec)[] &until($element == 0 || $element != 0);
-		default -> data: bytestring &restofdata;
-	};
-} &length=data_len+4 &exportsourcedata;
-
-type ServerNameHostName() = record {
-	length: uint16;
-	host_name: bytestring &length=length;
+# Handshakes are parsed by the handshake analyzer.
+type Handshake(rec: SSLRecord) = record {
+	data: bytestring &restofdata;
 };
 
-type ServerName() = record {
-	name_type: uint8; # has to be 0 for host-name
-	name: case name_type of {
-		0 -> host_name: ServerNameHostName;
-		default -> data : bytestring &restofdata &transient; # unknown name
-	};
-};
-
-type ServerNameExt(rec: SSLRecord) = record {
-	length: uint16;
-	server_names: ServerName[] &until($input.length() == 0);
-} &length=length+2;
-
-# Do not parse for now. Structure is correct, but only contains asn.1 data that we would not use further.
-#type OcspStatusRequest(rec: SSLRecord) = record {
-#	responder_id_list_length: uint16;
-#	responder_id_list: bytestring &length=responder_id_list_length;
-#	request_extensions_length: uint16;
-#	request_extensions: bytestring &length=request_extensions_length;
-#};
-#
-#type StatusRequest(rec: SSLRecord) = record {
-#	status_type: uint8; # 1 -> ocsp
-#	req: case status_type of {
-#		1 -> ocsp_status_request: OcspStatusRequest(rec);
-#		default -> data : bytestring &restofdata &transient; # unknown
-#	};
-#};
-
-type EcPointFormats(rec: SSLRecord) = record {
-	length: uint8;
-	point_format_list: uint8[length];
-};
-
-type EllipticCurves(rec: SSLRecord) = record {
-	length: uint16;
-	elliptic_curve_list: uint16[length/2];
-};
-
-type ProtocolName() = record {
-  length: uint8;
-	name: bytestring &length=length;
-};
-
-type ApplicationLayerProtocolNegotiationExtension(rec: SSLRecord) = record {
-	length: uint16;
-	protocol_name_list: ProtocolName[] &until($input.length() == 0);
-} &length=length+2;
-
-######################################################################
-# Encryption Tracking
-######################################################################
-
-enum AnalyzerState {
-	STATE_CLEAR,
-	STATE_ENCRYPTED
-};
-
-%code{
-	string state_label(int state_nr)
-		{
-		switch ( state_nr ) {
-		case STATE_CLEAR:
-			return string("CLEAR");
-
-		case STATE_ENCRYPTED:
-			return string("ENCRYPTED");
-
-		default:
-			return string(fmt("UNKNOWN (%d)", state_nr));
-		}
-		}
-%}
-
-######################################################################
-# SSLv3 Handshake Protocols (7.)
-######################################################################
-
-enum HandshakeType {
-	HELLO_REQUEST       = 0,
-	CLIENT_HELLO        = 1,
-	SERVER_HELLO        = 2,
-	SESSION_TICKET      = 4, # RFC 5077
-	CERTIFICATE         = 11,
-	SERVER_KEY_EXCHANGE = 12,
-	CERTIFICATE_REQUEST = 13,
-	SERVER_HELLO_DONE   = 14,
-	CERTIFICATE_VERIFY  = 15,
-	CLIENT_KEY_EXCHANGE = 16,
-	FINISHED            = 20,
-	CERTIFICATE_URL     = 21, # RFC 3546
-	CERTIFICATE_STATUS  = 22, # RFC 3546
-};
-
-
-######################################################################
-# V3 Change Cipher Spec Protocol (7.1.)
-######################################################################
-
-type ChangeCipherSpec(rec: SSLRecord) = record {
-	type : uint8;
-} &length = 1, &let {
-	state_changed : bool =
-		$context.connection.startEncryption(rec.is_orig);
-};
-
-
-######################################################################
-# V3 Alert Protocol (7.2.)
-######################################################################
-
-type Alert(rec: SSLRecord) = record {
-	level : uint8;
-	description: uint8;
-};
-
-
 ######################################################################
 # V2 Error Records (SSLv2 2.7.)
 ######################################################################
@@ -224,53 +58,6 @@ type V2Error(rec: SSLRecord) = record {
 };
 
 
-######################################################################
-# V3 Application Data
-######################################################################
-
-# Application data should always be encrypted, so we should not
-# reach this point.
-type ApplicationData(rec: SSLRecord) = record {
-	data : bytestring &restofdata &transient;
-};
-
-######################################################################
-# V3 Heartbeat
-######################################################################
-
-type Heartbeat(rec: SSLRecord) = record {
-	type : uint8;
-	payload_length : uint16;
-	data : bytestring &restofdata;
-};
-
-######################################################################
-# V3 Hello Request (7.4.1.1.)
-######################################################################
-
-# Hello Request is empty
-type HelloRequest(rec: SSLRecord) = empty;
-
-
-######################################################################
-# V3 Client Hello (7.4.1.2.)
-######################################################################
-
-type ClientHello(rec: SSLRecord) = record {
-	client_version : uint16;
-	gmt_unix_time : uint32;
-	random_bytes : bytestring &length = 28;
-	session_len : uint8;
-	session_id : uint8[session_len];
-	csuit_len : uint16 &check(csuit_len > 1 && csuit_len % 2 == 0);
-	csuits : uint16[csuit_len/2];
-	cmeth_len : uint8 &check(cmeth_len > 0);
-	cmeths : uint8[cmeth_len];
-	# This weirdness is to deal with the possible existence or absence
-	# of the following fields.
-	ext_len: uint16[] &until($element == 0 || $element != 0);
-	extensions : SSLExtension(rec)[] &until($input.length() == 0);
-};
 
 ######################################################################
 # V2 Client Hello (SSLv2 2.5.)
@@ -288,26 +75,6 @@ type V2ClientHello(rec: SSLRecord) = record {
 };
 
 
-######################################################################
-# V3 Server Hello (7.4.1.3.)
-######################################################################
-
-type ServerHello(rec: SSLRecord) = record {
-	server_version : uint16;
-	gmt_unix_time : uint32;
-	random_bytes : bytestring &length = 28;
-	session_len : uint8;
-	session_id : uint8[session_len];
-	cipher_suite : uint16[1];
-	compression_method : uint8;
-	# This weirdness is to deal with the possible existence or absence
-	# of the following fields.
-	ext_len: uint16[] &until($element == 0 || $element != 0);
-	extensions : SSLExtension(rec)[] &until($input.length() == 0);
-} &let {
-	cipher_set : bool =
-		$context.connection.set_cipher(cipher_suite[0]);
-};
 
 ######################################################################
 # V2 Server Hello (SSLv2 2.6.)
@@ -329,298 +96,6 @@ type V2ServerHello(rec: SSLRecord) = record {
 };
 
 
-######################################################################
-# V3 Server Certificate (7.4.2.)
-######################################################################
-
-type X509Certificate = record {
-	length : uint24;
-	certificate : bytestring &length = to_int()(length);
-};
-
-type Certificate(rec: SSLRecord) = record {
-	length : uint24;
-	certificates : X509Certificate[] &until($input.length() == 0);
-} &length = to_int()(length)+3;
-
-# OCSP Stapling
-
-type CertificateStatus(rec: SSLRecord) = record {
-	status_type: uint8; # 1 = ocsp, everything else is undefined
-	length : uint24;
-	response: bytestring &restofdata;
-};
-
-######################################################################
-# V3 Server Key Exchange Message (7.4.3.)
-######################################################################
-
-# Usually, the server key exchange does not contain any information
-# that we are interested in.
-#
-# The exception is when we are using an ECDHE, DHE or DH-Anon suite.
-# In this case, we can extract information about the chosen cipher from
-# here.
-type ServerKeyExchange(rec: SSLRecord) = case $context.connection.chosen_cipher() of {
-	TLS_ECDH_ECDSA_WITH_NULL_SHA,
-	TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-	TLS_ECDHE_ECDSA_WITH_NULL_SHA,
-	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
-	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-	TLS_ECDH_RSA_WITH_NULL_SHA,
-	TLS_ECDH_RSA_WITH_RC4_128_SHA,
-	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
-	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
-	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
-	TLS_ECDHE_RSA_WITH_NULL_SHA,
-	TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-	TLS_ECDH_ANON_WITH_NULL_SHA,
-	TLS_ECDH_ANON_WITH_RC4_128_SHA,
-	TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA,
-	TLS_ECDH_ANON_WITH_AES_128_CBC_SHA,
-	TLS_ECDH_ANON_WITH_AES_256_CBC_SHA,
-	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
-	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
-	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
-	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
-	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
-	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
-	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
-	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-	TLS_ECDHE_PSK_WITH_RC4_128_SHA,
-	TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
-	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
-	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
-	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
-	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
-	TLS_ECDHE_PSK_WITH_NULL_SHA,
-	TLS_ECDHE_PSK_WITH_NULL_SHA256,
-	TLS_ECDHE_PSK_WITH_NULL_SHA384,
-	TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
-	TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
-	TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
-	TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
-	TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
-	TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
-	TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
-	TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
-	TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
-	TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
-	TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
-	TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
-	TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
-	TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
-	TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
-	TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
-	TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
-	TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
-	TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
-	TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
-	TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
-	TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
-	TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-	TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
-	TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-	TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
-	TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
-	TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
-	TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
-	TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
-	TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
-	TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-	TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
-	TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-	TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
-	TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
-	TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
-	TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
-	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
-	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
-	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-		-> ec_server_key_exchange : EcServerKeyExchange(rec);
-
-	# DHE suites
-	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
-	TLS_DHE_DSS_WITH_DES_CBC_SHA,
-	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
-	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
-	TLS_DHE_RSA_WITH_DES_CBC_SHA,
-	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-	TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
-	TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
-	TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
-	TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
-	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
-	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-	TLS_DHE_DSS_WITH_RC4_128_SHA,
-	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
-	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
-	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
-	TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD,
-	TLS_DHE_DSS_WITH_AES_128_CBC_RMD,
-	TLS_DHE_DSS_WITH_AES_256_CBC_RMD,
-	TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD,
-	TLS_DHE_RSA_WITH_AES_128_CBC_RMD,
-	TLS_DHE_RSA_WITH_AES_256_CBC_RMD,
-	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-	TLS_DHE_PSK_WITH_RC4_128_SHA,
-	TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
-	TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
-	TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
-	TLS_DHE_DSS_WITH_SEED_CBC_SHA,
-	TLS_DHE_RSA_WITH_SEED_CBC_SHA,
-	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
-	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
-	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
-	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
-	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
-	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
-	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
-	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
-	TLS_DHE_PSK_WITH_NULL_SHA256,
-	TLS_DHE_PSK_WITH_NULL_SHA384,
-	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
-	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
-	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
-	TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256,
-	TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384,
-	TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
-	TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
-	TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
-	TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
-	TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
-	TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
-	TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
-	TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
-	TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
-	TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
-	TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
-	TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-	TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256,
-	TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384,
-	TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
-	TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
-	TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
-	TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
-	TLS_DHE_RSA_WITH_AES_128_CCM,
-	TLS_DHE_RSA_WITH_AES_256_CCM,
-	TLS_DHE_RSA_WITH_AES_128_CCM_8,
-	TLS_DHE_RSA_WITH_AES_256_CCM_8,
-	TLS_DHE_PSK_WITH_AES_128_CCM,
-	TLS_DHE_PSK_WITH_AES_256_CCM,
-	TLS_PSK_DHE_WITH_AES_128_CCM_8,
-	TLS_PSK_DHE_WITH_AES_256_CCM_8,
-	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-	# DH-anon suites
-	TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5,
-	TLS_DH_ANON_WITH_RC4_128_MD5,
-	TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
-	TLS_DH_ANON_WITH_DES_CBC_SHA,
-	TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA,
-	TLS_DH_ANON_WITH_AES_128_CBC_SHA,
-	TLS_DH_ANON_WITH_AES_256_CBC_SHA,
-	TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA,
-	TLS_DH_ANON_WITH_AES_128_CBC_SHA256,
-	TLS_DH_ANON_WITH_AES_256_CBC_SHA256,
-	TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA,
-	TLS_DH_ANON_WITH_SEED_CBC_SHA,
-	TLS_DH_ANON_WITH_AES_128_GCM_SHA256,
-	TLS_DH_ANON_WITH_AES_256_GCM_SHA384,
-	TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256,
-	TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256,
-	TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256,
-	TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384,
-	TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256,
-	TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384,
-	TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256,
-	TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384
-	# DH non-anon suites do not send a ServerKeyExchange
-		-> dh_server_key_exchange : DhServerKeyExchange(rec);
-
-	default
-		-> key : bytestring &restofdata &transient;
-};
-
-# For the moment, we really only are interested in the curve name. If it
-# is not set (if the server sends explicit parameters), we do not bother.
-# We also do not parse the actual signature data following the named curve.
-type EcServerKeyExchange(rec: SSLRecord) = record {
-	curve_type: uint8;
-	curve: uint16; # only if curve_type = 3 (NAMED_CURVE)
-	data: bytestring &restofdata &transient;
-};
-
-# For both, dh_anon and dhe the ServerKeyExchange starts with a ServerDHParams
-# structure. After that, they start to differ, but we do not care about that.
-type DhServerKeyExchange(rec: SSLRecord) = record {
-	dh_p_length: uint16;
-	dh_p: bytestring &length=dh_p_length;
-	dh_g_length: uint16;
-	dh_g: bytestring &length=dh_g_length;
-	dh_Ys_length: uint16;
-	dh_Ys: bytestring &length=dh_Ys_length;
-	data: bytestring &restofdata &transient;
-};
-
-
-######################################################################
-# V3 Certificate Request (7.4.4.)
-######################################################################
-
-# For now, ignore Certificate Request Details; just eat up message.
-type CertificateRequest(rec: SSLRecord) = record {
-	cont : bytestring &restofdata &transient;
-};
-
-
-######################################################################
-# V3 Server Hello Done (7.4.5.)
-######################################################################
-
-# Server Hello Done is empty
-type ServerHelloDone(rec: SSLRecord) = empty;
-
-
-######################################################################
-# V3 Client Certificate (7.4.6.)
-######################################################################
-
-# Client Certificate is identical to Server Certificate;
-# no further definition here
-
-
-######################################################################
-# V3 Client Key Exchange Message (7.4.7.)
-######################################################################
-
-# For now ignore details of ClientKeyExchange (most of it is
-# encrypted anyway); just eat up message.
-type ClientKeyExchange(rec: SSLRecord) = record {
-	key : bytestring &restofdata &transient;
-};
-
 ######################################################################
 # V2 Client Master Key (SSLv2 2.5.)
 ######################################################################
@@ -641,75 +116,6 @@ type V2ClientMasterKey(rec: SSLRecord) = record {
 };
 
 
-######################################################################
-# V3 Certificate Verify (7.4.8.)
-######################################################################
-
-# For now, ignore Certificate Verify; just eat up the message.
-type CertificateVerify(rec: SSLRecord) = record {
-	cont : bytestring &restofdata &transient;
-};
-
-
-######################################################################
-# V3 Finished (7.4.9.)
-######################################################################
-
-# The finished messages are always sent after encryption is in effect,
-# so we will not be able to read those messages.
-type Finished(rec: SSLRecord) = record {
-	cont : bytestring &restofdata &transient;
-};
-
-type SessionTicketHandshake(rec: SSLRecord) = record {
-	ticket_lifetime_hint: uint32;
-	data:                 bytestring &restofdata;
-};
-
-######################################################################
-# V3 Handshake Protocol (7.)
-######################################################################
-
-type UnknownHandshake(hs: Handshake, is_orig: bool) = record {
-	data : bytestring &restofdata &transient;
-};
-
-type Handshake(rec: SSLRecord) = record {
-	msg_type : uint8;
-	length : uint24;
-
-	body : case msg_type of {
-		HELLO_REQUEST       -> hello_request       : HelloRequest(rec);
-		CLIENT_HELLO        -> client_hello        : ClientHello(rec);
-		SERVER_HELLO        -> server_hello        : ServerHello(rec);
-		SESSION_TICKET      -> session_ticket      : SessionTicketHandshake(rec);
-		CERTIFICATE         -> certificate         : Certificate(rec);
-		SERVER_KEY_EXCHANGE -> server_key_exchange : ServerKeyExchange(rec);
-		CERTIFICATE_REQUEST -> certificate_request : CertificateRequest(rec);
-		SERVER_HELLO_DONE   -> server_hello_done   : ServerHelloDone(rec);
-		CERTIFICATE_VERIFY  -> certificate_verify  : CertificateVerify(rec);
-		CLIENT_KEY_EXCHANGE -> client_key_exchange : ClientKeyExchange(rec);
-		FINISHED            -> finished            : Finished(rec);
-		CERTIFICATE_URL     -> certificate_url     : bytestring &restofdata &transient;
-		CERTIFICATE_STATUS  -> certificate_status  : CertificateStatus(rec);
-		default             -> unknown_handshake   : UnknownHandshake(this, rec.is_orig);
-	} &length = to_int()(length);
-};
-
-
-######################################################################
-# Fragmentation (6.2.1.)
-######################################################################
-
-type UnknownRecord(rec: SSLRecord) = record {
-	cont : bytestring &restofdata &transient;
-};
-
-type CiphertextRecord(rec: SSLRecord) = record {
-	cont : bytestring &restofdata &transient;
-};
-
-
 ######################################################################
 # initial datatype for binpac
 ######################################################################
@@ -725,31 +131,15 @@ type SSLPDU(is_orig: bool) = record {
 
 refine connection SSL_Conn += {
 
-	%member{
-		int client_state_;
-		int server_state_;
-		int record_layer_version_;
-		uint32 chosen_cipher_;
-	%}
-
-	%init{
-		server_state_ = STATE_CLEAR;
-		client_state_ = STATE_CLEAR;
-		record_layer_version_ = UNKNOWN_VERSION;
-		chosen_cipher_ = NO_CHOSEN_CIPHER;
-	%}
-
-	function chosen_cipher() : int %{ return chosen_cipher_; %}
-
-	function set_cipher(cipher: uint32) : bool
-		%{
-		chosen_cipher_ = cipher;
-		return true;
-		%}
-
 	function determine_ssl_record_layer(head0 : uint8, head1 : uint8,
 					head2 : uint8, head3: uint8, head4: uint8, is_orig: bool) : int
 		%{
+		// stop processing if we already had a protocol violation or otherwhise
+		// decided that we do not want to parse anymore. Just setting skip is not
+		// enough for the data that is already in the pipe.
+		if ( bro_analyzer()->Skipping() )
+			return UNKNOWN_VERSION;
+
 		// re-check record layer version to be sure that we still are synchronized with
 		// the data stream
 		if ( record_layer_version_ != UNKNOWN_VERSION && record_layer_version_ != SSLv20 )
@@ -818,24 +208,4 @@ refine connection SSL_Conn += {
 		return UNKNOWN_VERSION;
 		%}
 
-	function client_state() : int %{ return client_state_; %}
-
-	function server_state() : int %{ return client_state_; %}
-
-	function state(is_orig: bool) : int
-		%{
-		if ( is_orig )
-			return client_state_;
-		else
-			return server_state_;
-		%}
-
-	function startEncryption(is_orig: bool) : bool
-		%{
-		if ( is_orig )
-			client_state_ = STATE_ENCRYPTED;
-		else
-			server_state_ = STATE_ENCRYPTED;
-		return true;
-		%}
 };
diff --git a/src/analyzer/protocol/ssl/ssl.pac b/src/analyzer/protocol/ssl/ssl.pac
index 4a32227088..f7e7c17e7f 100644
--- a/src/analyzer/protocol/ssl/ssl.pac
+++ b/src/analyzer/protocol/ssl/ssl.pac
@@ -10,23 +10,32 @@
 
 %extern{
 #include "events.bif.h"
+
+namespace analyzer { namespace ssl { class SSL_Analyzer; } }
+typedef analyzer::ssl::SSL_Analyzer* SSLAnalyzer;
+
+#include "SSL.h"
 %}
 
+extern type SSLAnalyzer;
+
 analyzer SSL withcontext {
 	connection: SSL_Conn;
 	flow:       SSL_Flow;
 };
 
-connection SSL_Conn(bro_analyzer: BroAnalyzer) {
+connection SSL_Conn(bro_analyzer: SSLAnalyzer) {
 	upflow = SSL_Flow(true);
 	downflow = SSL_Flow(false);
 };
 
+%include ssl-dtls-protocol.pac
 %include ssl-protocol.pac
 
 flow SSL_Flow(is_orig: bool) {
 	flowunit = SSLPDU(is_orig) withcontext(connection, this);
 }
 
+%include ssl-dtls-analyzer.pac
 %include ssl-analyzer.pac
 %include ssl-defs.pac
diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
new file mode 100644
index 0000000000..17432fa5cb
--- /dev/null
+++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
@@ -0,0 +1,273 @@
+# Analyzer for SSL/TLS Handshake protocol (Bro-specific part).
+
+%extern{
+#include <vector>
+#include <algorithm>
+#include <iostream>
+#include <iterator>
+
+#include "util.h"
+
+#include "file_analysis/Manager.h"
+%}
+
+%header{
+	class extract_certs {
+	public:
+		bytestring const& operator() (X509Certificate* cert) const
+			{
+			return cert->certificate();
+			}
+	};
+
+	string orig_label(bool is_orig);
+	string handshake_type_label(int type);
+	%}
+
+refine connection Handshake_Conn += {
+
+	%include proc-client-hello.pac
+	%include proc-server-hello.pac
+	%include proc-certificate.pac
+
+	function proc_session_ticket_handshake(rec: SessionTicketHandshake, is_orig: bool): bool
+		%{
+		if ( ssl_session_ticket_handshake )
+			{
+			BifEvent::generate_ssl_session_ticket_handshake(bro_analyzer(),
+							bro_analyzer()->Conn(),
+							${rec.ticket_lifetime_hint},
+							new StringVal(${rec.data}.length(), (const char*) ${rec.data}.data()));
+			}
+		return true;
+		%}
+
+	function proc_ssl_extension(rec: HandshakeRecord, type: int, sourcedata: const_bytestring) : bool
+		%{
+		// We cheat a little bit here. We want to throw this event
+		// for every extension we encounter, even those that are
+		// handled by more specialized events later. To access the
+		// parsed data, we use sourcedata, which contains the whole
+		// data blob of the extension, including headers. We skip
+		// over those (4 bytes).
+		size_t length = sourcedata.length();
+		if ( length < 4 )
+			{
+			// This should be impossible due to the binpac parser
+			// and protocol description
+			bro_analyzer()->ProtocolViolation(fmt("Impossible extension length: %zu", length));
+			bro_analyzer()->SetSkip(true);
+			return true;
+			}
+
+		length -= 4;
+		const unsigned char* data = sourcedata.begin() + 4;
+
+		if ( ssl_extension )
+			BifEvent::generate_ssl_extension(bro_analyzer(),
+						bro_analyzer()->Conn(), ${rec.is_orig}, type,
+						new StringVal(length, reinterpret_cast<const char*>(data)));
+		return true;
+		%}
+
+	function proc_ec_point_formats(rec: HandshakeRecord, point_format_list: uint8[]) : bool
+		%{
+		VectorVal* points = new VectorVal(internal_type("index_vec")->AsVectorType());
+
+		if ( point_format_list )
+			{
+			for ( unsigned int i = 0; i < point_format_list->size(); ++i )
+				points->Assign(i, new Val((*point_format_list)[i], TYPE_COUNT));
+			}
+
+		BifEvent::generate_ssl_extension_ec_point_formats(bro_analyzer(), bro_analyzer()->Conn(),
+		   ${rec.is_orig}, points);
+
+		return true;
+		%}
+
+	function proc_elliptic_curves(rec: HandshakeRecord, list: uint16[]) : bool
+		%{
+		VectorVal* curves = new VectorVal(internal_type("index_vec")->AsVectorType());
+
+		if ( list )
+			{
+			for ( unsigned int i = 0; i < list->size(); ++i )
+				curves->Assign(i, new Val((*list)[i], TYPE_COUNT));
+			}
+
+		BifEvent::generate_ssl_extension_elliptic_curves(bro_analyzer(), bro_analyzer()->Conn(),
+		   ${rec.is_orig}, curves);
+
+		return true;
+		%}
+
+	function proc_apnl(rec: HandshakeRecord, protocols: ProtocolName[]) : bool
+		%{
+		VectorVal* plist = new VectorVal(internal_type("string_vec")->AsVectorType());
+
+		if ( protocols )
+			{
+			for ( unsigned int i = 0; i < protocols->size(); ++i )
+				plist->Assign(i, new StringVal((*protocols)[i]->name().length(), (const char*) (*protocols)[i]->name().data()));
+			}
+
+		BifEvent::generate_ssl_extension_application_layer_protocol_negotiation(bro_analyzer(), bro_analyzer()->Conn(),
+											${rec.is_orig}, plist);
+
+		return true;
+		%}
+
+	function proc_server_name(rec: HandshakeRecord, list: ServerName[]) : bool
+		%{
+		VectorVal* servers = new VectorVal(internal_type("string_vec")->AsVectorType());
+
+		if ( list )
+			{
+			for ( unsigned int i = 0, j = 0; i < list->size(); ++i )
+				{
+				ServerName* servername = (*list)[i];
+				if ( servername->name_type() != 0 )
+					{
+					bro_analyzer()->Weird(fmt("Encountered unknown type in server name ssl extension: %d", servername->name_type()));
+					continue;
+					}
+
+				if ( servername->host_name() )
+					servers->Assign(j++, new StringVal(servername->host_name()->host_name().length(), (const char*) servername->host_name()->host_name().data()));
+				else
+					bro_analyzer()->Weird("Empty server_name extension in ssl connection");
+				}
+			}
+
+		BifEvent::generate_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(),
+		   ${rec.is_orig}, servers);
+
+		return true;
+		%}
+
+	function proc_v3_certificate(is_orig: bool, cl : X509Certificate[]) : bool
+		%{
+		vector<X509Certificate*>* certs = cl;
+		vector<bytestring>* cert_list = new vector<bytestring>();
+
+		std::transform(certs->begin(), certs->end(),
+		std::back_inserter(*cert_list), extract_certs());
+
+		bool ret = proc_certificate(is_orig, cert_list);
+		delete cert_list;
+		return ret;
+		%}
+
+	function proc_unknown_handshake(hs: HandshakeRecord, is_orig: bool) : bool
+		%{
+		bro_analyzer()->ProtocolViolation(fmt("unknown handshake message (%d) from %s",
+			${hs.msg_type}, orig_label(is_orig).c_str()));
+		return true;
+		%}
+
+	function proc_certificate_status(rec : HandshakeRecord, status_type: uint8, response: bytestring) : bool
+		%{
+		 if ( status_type == 1 ) // ocsp
+			{
+			BifEvent::generate_ssl_stapled_ocsp(bro_analyzer(),
+							    bro_analyzer()->Conn(), ${rec.is_orig},
+							    new StringVal(response.length(),
+							    (const char*) response.data()));
+			}
+
+		return true;
+		%}
+
+	function proc_ec_server_key_exchange(rec: HandshakeRecord, curve_type: uint8, curve: uint16) : bool
+		%{
+		if ( curve_type == NAMED_CURVE )
+			BifEvent::generate_ssl_server_curve(bro_analyzer(),
+			  bro_analyzer()->Conn(), curve);
+
+		return true;
+		%}
+
+	function proc_dh_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring) : bool
+		%{
+		BifEvent::generate_ssl_dh_server_params(bro_analyzer(),
+			bro_analyzer()->Conn(),
+		  new StringVal(p.length(), (const char*) p.data()),
+		  new StringVal(g.length(), (const char*) g.data()),
+		  new StringVal(Ys.length(), (const char*) Ys.data())
+		  );
+
+		return true;
+		%}
+
+	function proc_handshake(is_orig: bool, msg_type: uint8, length: uint24) : bool
+		%{
+		BifEvent::generate_ssl_handshake_message(bro_analyzer(),
+			bro_analyzer()->Conn(), is_orig, msg_type, to_int()(length));
+
+		return true;
+		%}
+
+
+};
+
+refine typeattr ClientHello += &let {
+	proc : bool = $context.connection.proc_client_hello(client_version,
+				gmt_unix_time, random_bytes,
+				session_id, csuits, 0);
+};
+
+refine typeattr ServerHello += &let {
+	proc : bool = $context.connection.proc_server_hello(server_version,
+			gmt_unix_time, random_bytes, session_id, cipher_suite, 0,
+			compression_method);
+};
+
+refine typeattr Certificate += &let {
+	proc : bool = $context.connection.proc_v3_certificate(rec.is_orig, certificates);
+};
+
+refine typeattr UnknownHandshake += &let {
+	proc : bool = $context.connection.proc_unknown_handshake(hs, is_orig);
+};
+
+refine typeattr SessionTicketHandshake += &let {
+	proc : bool = $context.connection.proc_session_ticket_handshake(this, rec.is_orig);
+}
+
+refine typeattr SSLExtension += &let {
+	proc : bool = $context.connection.proc_ssl_extension(rec, type, sourcedata);
+};
+
+refine typeattr EcPointFormats += &let {
+	proc : bool = $context.connection.proc_ec_point_formats(rec, point_format_list);
+};
+
+refine typeattr EllipticCurves += &let {
+	proc : bool = $context.connection.proc_elliptic_curves(rec, elliptic_curve_list);
+};
+
+refine typeattr ApplicationLayerProtocolNegotiationExtension += &let {
+	proc : bool = $context.connection.proc_apnl(rec, protocol_name_list);
+};
+
+refine typeattr ServerNameExt += &let {
+	proc : bool = $context.connection.proc_server_name(rec, server_names);
+};
+
+refine typeattr CertificateStatus += &let {
+	proc : bool = $context.connection.proc_certificate_status(rec, status_type, response);
+};
+
+refine typeattr EcServerKeyExchange += &let {
+	proc : bool = $context.connection.proc_ec_server_key_exchange(rec, curve_type, curve);
+};
+
+refine typeattr DhServerKeyExchange += &let {
+	proc : bool = $context.connection.proc_dh_server_key_exchange(rec, dh_p, dh_g, dh_Ys);
+};
+
+refine typeattr Handshake += &let {
+	proc : bool = $context.connection.proc_handshake(rec.is_orig, rec.msg_type, rec.msg_length);
+};
+
diff --git a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac
new file mode 100644
index 0000000000..b24352d099
--- /dev/null
+++ b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac
@@ -0,0 +1,538 @@
+######################################################################
+# Handshake Protocols (7.)
+######################################################################
+
+enum HandshakeType {
+	HELLO_REQUEST       = 0,
+	CLIENT_HELLO        = 1,
+	SERVER_HELLO        = 2,
+	HELLO_VERIFY_REQUEST = 3, # DTLS
+	SESSION_TICKET      = 4, # RFC 5077
+	CERTIFICATE         = 11,
+	SERVER_KEY_EXCHANGE = 12,
+	CERTIFICATE_REQUEST = 13,
+	SERVER_HELLO_DONE   = 14,
+	CERTIFICATE_VERIFY  = 15,
+	CLIENT_KEY_EXCHANGE = 16,
+	FINISHED            = 20,
+	CERTIFICATE_URL     = 21, # RFC 3546
+	CERTIFICATE_STATUS  = 22, # RFC 3546
+};
+
+
+######################################################################
+# V3 Handshake Protocol (7.)
+######################################################################
+
+type HandshakeRecord(is_orig: bool) = record {
+  msg_type: uint8;
+	msg_length: uint24;
+	rec: Handshake(this);
+} &length=(to_int()(msg_length) + 4);
+
+type Handshake(rec: HandshakeRecord) = case rec.msg_type of {
+	HELLO_REQUEST        -> hello_request        : HelloRequest(rec);
+	CLIENT_HELLO         -> client_hello         : ClientHello(rec);
+	SERVER_HELLO         -> server_hello         : ServerHello(rec);
+	HELLO_VERIFY_REQUEST -> hello_verify_request : HelloVerifyRequest(rec);
+	SESSION_TICKET       -> session_ticket       : SessionTicketHandshake(rec);
+	CERTIFICATE          -> certificate          : Certificate(rec);
+	SERVER_KEY_EXCHANGE  -> server_key_exchange  : ServerKeyExchange(rec);
+	CERTIFICATE_REQUEST  -> certificate_request  : CertificateRequest(rec);
+	SERVER_HELLO_DONE    -> server_hello_done    : ServerHelloDone(rec);
+	CERTIFICATE_VERIFY   -> certificate_verify   : CertificateVerify(rec);
+	CLIENT_KEY_EXCHANGE  -> client_key_exchange  : ClientKeyExchange(rec);
+	FINISHED             -> finished             : Finished(rec);
+	CERTIFICATE_URL      -> certificate_url      : bytestring &restofdata &transient;
+	CERTIFICATE_STATUS   -> certificate_status   : CertificateStatus(rec);
+	default              -> unknown_handshake    : UnknownHandshake(rec, rec.is_orig);
+}
+
+type HandshakePDU(is_orig: bool) = record {
+	records: HandshakeRecord(is_orig)[] &transient;
+} &byteorder = bigendian;
+
+type UnknownHandshake(hs: HandshakeRecord, is_orig: bool) = record {
+	data : bytestring &restofdata &transient;
+};
+
+######################################################################
+# V3 Hello Request (7.4.1.1.)
+######################################################################
+
+# Hello Request is empty
+type HelloRequest(rec: HandshakeRecord) = empty;
+
+
+######################################################################
+# V3 Client Hello (7.4.1.2.)
+######################################################################
+
+type ClientHello(rec: HandshakeRecord) = record {
+	client_version : uint16;
+	gmt_unix_time : uint32;
+	random_bytes : bytestring &length = 28;
+	session_len : uint8;
+	session_id : uint8[session_len];
+	dtls_cookie: case client_version of {
+		DTLSv10 -> cookie: ClientHelloCookie(rec);
+		default -> nothing: bytestring &length=0;
+	};
+	csuit_len : uint16 &check(csuit_len > 1 && csuit_len % 2 == 0);
+	csuits : uint16[csuit_len/2];
+	cmeth_len : uint8 &check(cmeth_len > 0);
+	cmeths : uint8[cmeth_len];
+	# This weirdness is to deal with the possible existence or absence
+	# of the following fields.
+	ext_len: uint16[] &until($element == 0 || $element != 0);
+	extensions : SSLExtension(rec)[] &until($input.length() == 0);
+};
+
+type ClientHelloCookie(rec: HandshakeRecord) = record {
+	cookie_len : uint8;
+	cookie : bytestring &length = cookie_len;
+};
+
+######################################################################
+# V3 Server Hello (7.4.1.3.)
+######################################################################
+
+type ServerHello(rec: HandshakeRecord) = record {
+	server_version : uint16;
+	gmt_unix_time : uint32;
+	random_bytes : bytestring &length = 28;
+	session_len : uint8;
+	session_id : uint8[session_len];
+	cipher_suite : uint16[1];
+	compression_method : uint8;
+	# This weirdness is to deal with the possible existence or absence
+	# of the following fields.
+	ext_len: uint16[] &until($element == 0 || $element != 0);
+	extensions : SSLExtension(rec)[] &until($input.length() == 0);
+} &let {
+	cipher_set : bool =
+		$context.connection.set_cipher(cipher_suite[0]);
+};
+
+######################################################################
+# DTLS Hello Verify Request
+######################################################################
+
+type HelloVerifyRequest(rec: HandshakeRecord) = record {
+	version: uint16;
+	cookie_length: uint8;
+	cookie: bytestring &length=cookie_length;
+};
+
+######################################################################
+# V3 Server Certificate (7.4.2.)
+######################################################################
+
+type X509Certificate = record {
+	length : uint24;
+	certificate : bytestring &length = to_int()(length);
+};
+
+type Certificate(rec: HandshakeRecord) = record {
+	length : uint24;
+	certificates : X509Certificate[] &until($input.length() == 0);
+} &length = to_int()(length)+3;
+
+# OCSP Stapling
+
+type CertificateStatus(rec: HandshakeRecord) = record {
+	status_type: uint8; # 1 = ocsp, everything else is undefined
+	length : uint24;
+	response: bytestring &restofdata;
+};
+
+######################################################################
+# V3 Server Key Exchange Message (7.4.3.)
+######################################################################
+
+# Usually, the server key exchange does not contain any information
+# that we are interested in.
+#
+# The exception is when we are using an ECDHE, DHE or DH-Anon suite.
+# In this case, we can extract information about the chosen cipher from
+# here.
+type ServerKeyExchange(rec: HandshakeRecord) = case $context.connection.chosen_cipher() of {
+	TLS_ECDH_ECDSA_WITH_NULL_SHA,
+	TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+	TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+	TLS_ECDH_RSA_WITH_NULL_SHA,
+	TLS_ECDH_RSA_WITH_RC4_128_SHA,
+	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+	TLS_ECDHE_RSA_WITH_NULL_SHA,
+	TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+	TLS_ECDH_ANON_WITH_NULL_SHA,
+	TLS_ECDH_ANON_WITH_RC4_128_SHA,
+	TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA,
+	TLS_ECDH_ANON_WITH_AES_128_CBC_SHA,
+	TLS_ECDH_ANON_WITH_AES_256_CBC_SHA,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
+	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
+	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
+	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
+	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
+	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
+	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
+	TLS_ECDHE_PSK_WITH_RC4_128_SHA,
+	TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+	TLS_ECDHE_PSK_WITH_NULL_SHA,
+	TLS_ECDHE_PSK_WITH_NULL_SHA256,
+	TLS_ECDHE_PSK_WITH_NULL_SHA384,
+	TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
+	TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
+	TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
+	TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
+	TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
+	TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
+	TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
+	TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
+	TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+	TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+	TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
+	TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
+	TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+	TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+	TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
+	TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
+	TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
+	TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
+	TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
+	TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
+	TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+	TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+	TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+		-> ec_server_key_exchange : EcServerKeyExchange(rec);
+
+	# DHE suites
+	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DHE_DSS_WITH_DES_CBC_SHA,
+	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DHE_RSA_WITH_DES_CBC_SHA,
+	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+	TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
+	TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+	TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
+	TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
+	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+	TLS_DHE_DSS_WITH_RC4_128_SHA,
+	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
+	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+	TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD,
+	TLS_DHE_DSS_WITH_AES_128_CBC_RMD,
+	TLS_DHE_DSS_WITH_AES_256_CBC_RMD,
+	TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD,
+	TLS_DHE_RSA_WITH_AES_128_CBC_RMD,
+	TLS_DHE_RSA_WITH_AES_256_CBC_RMD,
+	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+	TLS_DHE_PSK_WITH_RC4_128_SHA,
+	TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+	TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
+	TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
+	TLS_DHE_DSS_WITH_SEED_CBC_SHA,
+	TLS_DHE_RSA_WITH_SEED_CBC_SHA,
+	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
+	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
+	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
+	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
+	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
+	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
+	TLS_DHE_PSK_WITH_NULL_SHA256,
+	TLS_DHE_PSK_WITH_NULL_SHA384,
+	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+	TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256,
+	TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384,
+	TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
+	TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
+	TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+	TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+	TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+	TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+	TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
+	TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
+	TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+	TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+	TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+	TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384,
+	TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
+	TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS_DHE_RSA_WITH_AES_128_CCM,
+	TLS_DHE_RSA_WITH_AES_256_CCM,
+	TLS_DHE_RSA_WITH_AES_128_CCM_8,
+	TLS_DHE_RSA_WITH_AES_256_CCM_8,
+	TLS_DHE_PSK_WITH_AES_128_CCM,
+	TLS_DHE_PSK_WITH_AES_256_CCM,
+	TLS_PSK_DHE_WITH_AES_128_CCM_8,
+	TLS_PSK_DHE_WITH_AES_256_CCM_8,
+	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+	# DH-anon suites
+	TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5,
+	TLS_DH_ANON_WITH_RC4_128_MD5,
+	TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DH_ANON_WITH_DES_CBC_SHA,
+	TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA,
+	TLS_DH_ANON_WITH_AES_128_CBC_SHA,
+	TLS_DH_ANON_WITH_AES_256_CBC_SHA,
+	TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA,
+	TLS_DH_ANON_WITH_AES_128_CBC_SHA256,
+	TLS_DH_ANON_WITH_AES_256_CBC_SHA256,
+	TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA,
+	TLS_DH_ANON_WITH_SEED_CBC_SHA,
+	TLS_DH_ANON_WITH_AES_128_GCM_SHA256,
+	TLS_DH_ANON_WITH_AES_256_GCM_SHA384,
+	TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256,
+	TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256,
+	TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384,
+	TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256,
+	TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384,
+	TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384
+	# DH non-anon suites do not send a ServerKeyExchange
+		-> dh_server_key_exchange : DhServerKeyExchange(rec);
+
+	default
+		-> key : bytestring &restofdata &transient;
+};
+
+# For the moment, we really only are interested in the curve name. If it
+# is not set (if the server sends explicit parameters), we do not bother.
+# We also do not parse the actual signature data following the named curve.
+type EcServerKeyExchange(rec: HandshakeRecord) = record {
+	curve_type: uint8;
+	curve: uint16; # only if curve_type = 3 (NAMED_CURVE)
+	data: bytestring &restofdata &transient;
+};
+
+# For both, dh_anon and dhe the ServerKeyExchange starts with a ServerDHParams
+# structure. After that, they start to differ, but we do not care about that.
+type DhServerKeyExchange(rec: HandshakeRecord) = record {
+	dh_p_length: uint16;
+	dh_p: bytestring &length=dh_p_length;
+	dh_g_length: uint16;
+	dh_g: bytestring &length=dh_g_length;
+	dh_Ys_length: uint16;
+	dh_Ys: bytestring &length=dh_Ys_length;
+	data: bytestring &restofdata &transient;
+};
+
+
+######################################################################
+# V3 Certificate Request (7.4.4.)
+######################################################################
+
+# For now, ignore Certificate Request Details; just eat up message.
+type CertificateRequest(rec: HandshakeRecord) = record {
+	cont : bytestring &restofdata &transient;
+};
+
+
+######################################################################
+# V3 Server Hello Done (7.4.5.)
+######################################################################
+
+# Server Hello Done is empty
+type ServerHelloDone(rec: HandshakeRecord) = empty;
+
+
+######################################################################
+# V3 Client Certificate (7.4.6.)
+######################################################################
+
+# Client Certificate is identical to Server Certificate;
+# no further definition here
+
+
+######################################################################
+# V3 Client Key Exchange Message (7.4.7.)
+######################################################################
+
+# For now ignore details of ClientKeyExchange (most of it is
+# encrypted anyway); just eat up message.
+type ClientKeyExchange(rec: HandshakeRecord) = record {
+	key : bytestring &restofdata &transient;
+};
+
+
+######################################################################
+# V3 Certificate Verify (7.4.8.)
+######################################################################
+
+# For now, ignore Certificate Verify; just eat up the message.
+type CertificateVerify(rec: HandshakeRecord) = record {
+	cont : bytestring &restofdata &transient;
+};
+
+
+######################################################################
+# V3 Finished (7.4.9.)
+######################################################################
+
+# The finished messages are always sent after encryption is in effect,
+# so we will not be able to read those messages.
+type Finished(rec: HandshakeRecord) = record {
+	cont : bytestring &restofdata &transient;
+};
+
+type SessionTicketHandshake(rec: HandshakeRecord) = record {
+	ticket_lifetime_hint: uint32;
+	data:                 bytestring &restofdata;
+};
+
+######################################################################
+# TLS Extensions
+######################################################################
+
+type SSLExtension(rec: HandshakeRecord) = record {
+	type: uint16;
+	data_len: uint16;
+
+	# Pretty code ahead. Deal with the fact that perhaps extensions are
+	# not really present and we do not want to fail because of that.
+	ext: case type of {
+		EXT_APPLICATION_LAYER_PROTOCOL_NEGOTIATION -> apnl: ApplicationLayerProtocolNegotiationExtension(rec)[] &until($element == 0 || $element != 0);
+		EXT_ELLIPTIC_CURVES -> elliptic_curves: EllipticCurves(rec)[] &until($element == 0 || $element != 0);
+		EXT_EC_POINT_FORMATS -> ec_point_formats: EcPointFormats(rec)[] &until($element == 0 || $element != 0);
+#		EXT_STATUS_REQUEST -> status_request: StatusRequest(rec)[] &until($element == 0 || $element != 0);
+		EXT_SERVER_NAME -> server_name: ServerNameExt(rec)[] &until($element == 0 || $element != 0);
+		default -> data: bytestring &restofdata;
+	};
+} &length=data_len+4 &exportsourcedata;
+
+type ServerNameHostName() = record {
+	length: uint16;
+	host_name: bytestring &length=length;
+};
+
+type ServerName() = record {
+	name_type: uint8; # has to be 0 for host-name
+	name: case name_type of {
+		0 -> host_name: ServerNameHostName;
+		default -> data : bytestring &restofdata &transient; # unknown name
+	};
+};
+
+type ServerNameExt(rec: HandshakeRecord) = record {
+	length: uint16;
+	server_names: ServerName[] &until($input.length() == 0);
+} &length=length+2;
+
+# Do not parse for now. Structure is correct, but only contains asn.1 data that we would not use further.
+#type OcspStatusRequest(rec: HandshakeRecord) = record {
+#	responder_id_list_length: uint16;
+#	responder_id_list: bytestring &length=responder_id_list_length;
+#	request_extensions_length: uint16;
+#	request_extensions: bytestring &length=request_extensions_length;
+#};
+#
+#type StatusRequest(rec: HandshakeRecord) = record {
+#	status_type: uint8; # 1 -> ocsp
+#	req: case status_type of {
+#		1 -> ocsp_status_request: OcspStatusRequest(rec);
+#		default -> data : bytestring &restofdata &transient; # unknown
+#	};
+#};
+
+type EcPointFormats(rec: HandshakeRecord) = record {
+	length: uint8;
+	point_format_list: uint8[length];
+};
+
+type EllipticCurves(rec: HandshakeRecord) = record {
+	length: uint16;
+	elliptic_curve_list: uint16[length/2];
+};
+
+type ProtocolName() = record {
+  length: uint8;
+	name: bytestring &length=length;
+};
+
+type ApplicationLayerProtocolNegotiationExtension(rec: HandshakeRecord) = record {
+	length: uint16;
+	protocol_name_list: ProtocolName[] &until($input.length() == 0);
+} &length=length+2;
+
+refine connection Handshake_Conn += {
+
+	%member{
+		uint32 chosen_cipher_;
+	%}
+
+	%init{
+		chosen_cipher_ = NO_CHOSEN_CIPHER;
+	%}
+
+	function chosen_cipher() : int %{ return chosen_cipher_; %}
+
+	function set_cipher(cipher: uint32) : bool
+		%{
+		chosen_cipher_ = cipher;
+		return true;
+		%}
+};
+
+
diff --git a/src/analyzer/protocol/ssl/tls-handshake.pac b/src/analyzer/protocol/ssl/tls-handshake.pac
new file mode 100644
index 0000000000..a3c45fa492
--- /dev/null
+++ b/src/analyzer/protocol/ssl/tls-handshake.pac
@@ -0,0 +1,23 @@
+# Binpac analyzer just for the TLS handshake protocol and nothing else
+
+%include binpac.pac
+%include bro.pac
+
+analyzer TLSHandshake withcontext {
+	connection: Handshake_Conn;
+	flow:       Handshake_Flow;
+};
+
+connection Handshake_Conn(bro_analyzer: BroAnalyzer) {
+	upflow = Handshake_Flow(true);
+	downflow = Handshake_Flow(false);
+};
+
+%include ssl-defs.pac
+%include tls-handshake-protocol.pac
+
+flow Handshake_Flow(is_orig: bool) {
+	flowunit = HandshakePDU(is_orig) withcontext(connection, this);
+}
+
+%include tls-handshake-analyzer.pac
diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc
index 88def89689..72cad8a05c 100644
--- a/src/analyzer/protocol/tcp/TCP.cc
+++ b/src/analyzer/protocol/tcp/TCP.cc
@@ -367,6 +367,41 @@ void TCP_Analyzer::Done()
 	finished = 1;
 	}
 
+analyzer::Analyzer* TCP_Analyzer::FindChild(ID arg_id)
+	{
+	analyzer::Analyzer* child = analyzer::TransportLayerAnalyzer::FindChild(arg_id);
+
+	if ( child )
+		return child;
+
+	LOOP_OVER_GIVEN_CHILDREN(i, packet_children)
+		{
+		analyzer::Analyzer* child = (*i)->FindChild(arg_id);
+		if ( child )
+			return child;
+		}
+
+	return 0;
+	}
+
+analyzer::Analyzer* TCP_Analyzer::FindChild(Tag arg_tag)
+	{
+	analyzer::Analyzer* child = analyzer::TransportLayerAnalyzer::FindChild(arg_tag);
+
+	if ( child )
+		return child;
+
+	LOOP_OVER_GIVEN_CHILDREN(i, packet_children)
+		{
+		analyzer::Analyzer* child = (*i)->FindChild(arg_tag);
+		if ( child )
+			return child;
+		}
+
+	return 0;
+	}
+
+
 void TCP_Analyzer::EnableReassembly()
 	{
 	SetReassembler(new TCP_Reassembler(this, this,
@@ -1764,6 +1799,15 @@ bool TCP_Analyzer::HadGap(bool is_orig) const
 	return endp && endp->HadGap();
 	}
 
+void TCP_Analyzer::AddChildPacketAnalyzer(analyzer::Analyzer* a)
+	{
+	DBG_LOG(DBG_ANALYZER, "%s added packet child %s",
+			this->GetAnalyzerName(), a->GetAnalyzerName());
+
+	packet_children.push_back(a);
+	a->SetParent(this);
+	}
+
 int TCP_Analyzer::DataPending(TCP_Endpoint* closing_endp)
 	{
 	if ( Skipping() )
diff --git a/src/analyzer/protocol/tcp/TCP.h b/src/analyzer/protocol/tcp/TCP.h
index 3073d75fb2..608c06a5aa 100644
--- a/src/analyzer/protocol/tcp/TCP.h
+++ b/src/analyzer/protocol/tcp/TCP.h
@@ -47,8 +47,10 @@ public:
 
 	// Add a child analyzer that will always get the packets,
 	// independently of whether we do any reassembly.
-	void AddChildPacketAnalyzer(analyzer::Analyzer* a)
-		{ packet_children.push_back(a); a->SetParent(this); }
+	void AddChildPacketAnalyzer(analyzer::Analyzer* a);
+
+	virtual Analyzer* FindChild(ID id);
+	virtual Analyzer* FindChild(Tag tag);
 
 	// True if the connection has closed in some sense, false otherwise.
 	int IsClosed() const	{ return orig->did_close || resp->did_close; }
diff --git a/src/bro.bif b/src/bro.bif
index 4e685eb84a..037b236cc0 100644
--- a/src/bro.bif
+++ b/src/bro.bif
@@ -128,12 +128,7 @@ static void do_fmt(const char*& fmt, Val* v, ODesc* d)
 	char out_buf[512];
 
 	ODesc s;
-
-	if ( *fmt == 'A' )
-		{
-		s.SetStyle(ALTERNATIVE_STYLE);
-		++fmt;
-		}
+	s.SetStyle(RAW_STYLE);
 
 	if ( precision >= 0 && *fmt != 'e' && *fmt != 'f' && *fmt != 'g' )
 		builtin_error("precision specified for non-floating point");
@@ -256,12 +251,12 @@ static void do_fmt(const char*& fmt, Val* v, ODesc* d)
 			d->Add(" ");
 		}
 
-	d->Add(s.Description());
+	d->AddN((const char*)(s.Bytes()), s.Len());
 
 	// Right-padding with whitespace, if any.
 	if ( field_width > 0 && left_just )
 		{
-		int sl = strlen(s.Description());
+		int sl = s.Len();
 		while ( ++sl <= field_width )
 			d->Add(" ");
 		}
@@ -1348,6 +1343,8 @@ function order%(v: any, ...%) : index_vec
 function cat%(...%): string
 	%{
 	ODesc d;
+	d.SetStyle(RAW_STYLE);
+
 	loop_over_list(@ARG@, i)
 		@ARG@[i]->Describe(&d);
 
@@ -1373,6 +1370,8 @@ function cat%(...%): string
 function cat_sep%(sep: string, def: string, ...%): string
 	%{
 	ODesc d;
+	d.SetStyle(RAW_STYLE);
+
 	int pre_size = 0;
 
 	loop_over_list(@ARG@, i)
@@ -1449,6 +1448,8 @@ function fmt%(...%): string
 
 	const char* fmt = fmt_v->AsString()->CheckString();
 	ODesc d;
+	d.SetStyle(RAW_STYLE);
+
 	int n = 0;
 
 	while ( next_fmt(fmt, @ARGS@, &d, n) )
@@ -1675,6 +1676,7 @@ function net_stats%(%): NetStats
 	unsigned int recv = 0;
 	unsigned int drop = 0;
 	unsigned int link = 0;
+	unsigned int bytes_recv = 0;
 
 	const iosource::Manager::PktSrcList& pkt_srcs(iosource_mgr->GetPktSrcs());
 
@@ -1688,12 +1690,14 @@ function net_stats%(%): NetStats
 		recv += stat.received;
 		drop += stat.dropped;
 		link += stat.link;
+		bytes_recv += stat.bytes_received;
 		}
 
 	RecordVal* ns = new RecordVal(net_stats);
 	ns->Assign(0, new Val(recv, TYPE_COUNT));
 	ns->Assign(1, new Val(drop, TYPE_COUNT));
 	ns->Assign(2, new Val(link, TYPE_COUNT));
+	ns->Assign(3, new Val(bytes_recv, TYPE_COUNT));
 
 	return ns;
 	%}
@@ -2244,7 +2248,7 @@ function to_count%(str: string%): count
 	const char* s = str->CheckString();
 	char* end_s;
 
-	uint64 u = (uint64) strtoll(s, &end_s, 10);
+	uint64 u = (uint64) strtoull(s, &end_s, 10);
 
 	if ( s[0] == '\0' || end_s[0] != '\0' )
     	{
@@ -3204,9 +3208,7 @@ function lookup_connection%(cid: conn_id%): connection
 	c->Assign(3, new Val(network_time, TYPE_TIME));
 	c->Assign(4, new Val(0.0, TYPE_INTERVAL));
 	c->Assign(5, new TableVal(string_set));	// service
-	c->Assign(6, new StringVal(""));	// addl
-	c->Assign(7, new Val(0, TYPE_COUNT));	// hot
-	c->Assign(8, new StringVal(""));	// history
+	c->Assign(6, new StringVal(""));	// history
 
 	return c;
 	%}
diff --git a/src/broker-dummy/CMakeLists.txt b/src/broker-dummy/CMakeLists.txt
new file mode 100644
index 0000000000..08c5f3214c
--- /dev/null
+++ b/src/broker-dummy/CMakeLists.txt
@@ -0,0 +1,13 @@
+# Placeholder for Broker-based communication functionality, not enabled
+# by default.  This helps satisfy coverage unit tests pass regardless of
+# whether Broker is enabled or not.
+
+include(BroSubdir)
+
+bif_target(comm.bif)
+bif_target(data.bif)
+bif_target(messaging.bif)
+bif_target(store.bif)
+
+bro_add_subdir_library(broker_dummy ${BIF_OUTPUT_CC})
+add_dependencies(bro_broker_dummy generate_outputs)
diff --git a/src/broker-dummy/comm.bif b/src/broker-dummy/comm.bif
new file mode 100644
index 0000000000..b030a4cc73
--- /dev/null
+++ b/src/broker-dummy/comm.bif
@@ -0,0 +1,3 @@
+
+##! Placeholder for Broker-based communication functionality, not enabled
+##! by default.
diff --git a/src/broker-dummy/data.bif b/src/broker-dummy/data.bif
new file mode 100644
index 0000000000..e9b9950474
--- /dev/null
+++ b/src/broker-dummy/data.bif
@@ -0,0 +1,3 @@
+
+##! Placeholder for Broker-based communication functionality, not enabled
+##! by default
diff --git a/src/broker-dummy/messaging.bif b/src/broker-dummy/messaging.bif
new file mode 100644
index 0000000000..e9b9950474
--- /dev/null
+++ b/src/broker-dummy/messaging.bif
@@ -0,0 +1,3 @@
+
+##! Placeholder for Broker-based communication functionality, not enabled
+##! by default
diff --git a/src/broker-dummy/store.bif b/src/broker-dummy/store.bif
new file mode 100644
index 0000000000..e9b9950474
--- /dev/null
+++ b/src/broker-dummy/store.bif
@@ -0,0 +1,3 @@
+
+##! Placeholder for Broker-based communication functionality, not enabled
+##! by default
diff --git a/src/broker/CMakeLists.txt b/src/broker/CMakeLists.txt
new file mode 100644
index 0000000000..7329bfd46e
--- /dev/null
+++ b/src/broker/CMakeLists.txt
@@ -0,0 +1,28 @@
+include(BroSubdir)
+
+include_directories(BEFORE
+                    ${CMAKE_CURRENT_SOURCE_DIR}
+                    ${CMAKE_CURRENT_BINARY_DIR}
+)
+
+if ( ROCKSDB_INCLUDE_DIR )
+    add_definitions(-DHAVE_ROCKSDB)
+    include_directories(BEFORE ${ROCKSDB_INCLUDE_DIR})
+endif ()
+
+include_directories(BEFORE ${LIBCAF_INCLUDE_DIR_CORE})
+include_directories(BEFORE ${LIBCAF_INCLUDE_DIR_IO})
+
+set(comm_SRCS
+    Data.cc
+    Manager.cc
+    Store.cc
+)
+
+bif_target(comm.bif)
+bif_target(data.bif)
+bif_target(messaging.bif)
+bif_target(store.bif)
+
+bro_add_subdir_library(brokercomm ${comm_SRCS} ${BIF_OUTPUT_CC})
+add_dependencies(bro_brokercomm generate_outputs)
diff --git a/src/broker/Data.cc b/src/broker/Data.cc
new file mode 100644
index 0000000000..8f66427bb5
--- /dev/null
+++ b/src/broker/Data.cc
@@ -0,0 +1,708 @@
+#include "Data.h"
+#include "broker/data.bif.h"
+#include <caf/binary_serializer.hpp>
+#include <caf/binary_deserializer.hpp>
+
+using namespace std;
+
+OpaqueType* bro_broker::opaque_of_data_type;
+OpaqueType* bro_broker::opaque_of_set_iterator;
+OpaqueType* bro_broker::opaque_of_table_iterator;
+OpaqueType* bro_broker::opaque_of_vector_iterator;
+OpaqueType* bro_broker::opaque_of_record_iterator;
+
+static broker::port::protocol to_broker_port_proto(TransportProto tp)
+	{
+	switch ( tp ) {
+	case TRANSPORT_TCP:
+		return broker::port::protocol::tcp;
+	case TRANSPORT_UDP:
+		return broker::port::protocol::udp;
+	case TRANSPORT_ICMP:
+		return broker::port::protocol::icmp;
+	case TRANSPORT_UNKNOWN:
+	default:
+		return broker::port::protocol::unknown;
+	}
+	}
+
+TransportProto bro_broker::to_bro_port_proto(broker::port::protocol tp)
+	{
+	switch ( tp ) {
+	case broker::port::protocol::tcp:
+		return TRANSPORT_TCP;
+	case broker::port::protocol::udp:
+		return TRANSPORT_UDP;
+	case broker::port::protocol::icmp:
+		return TRANSPORT_ICMP;
+	case broker::port::protocol::unknown:
+	default:
+		return TRANSPORT_UNKNOWN;
+	}
+	}
+
+struct val_converter {
+	using result_type = Val*;
+
+	BroType* type;
+	bool require_log_attr;
+
+	result_type operator()(bool a)
+		{
+		if ( type->Tag() == TYPE_BOOL )
+			return new Val(a, TYPE_BOOL);
+		return nullptr;
+		}
+
+	result_type operator()(uint64_t a)
+		{
+		if ( type->Tag() == TYPE_COUNT )
+			return new Val(a, TYPE_COUNT);
+		if ( type->Tag() == TYPE_COUNTER )
+			return new Val(a, TYPE_COUNTER);
+		return nullptr;
+		}
+
+	result_type operator()(int64_t a)
+		{
+		if ( type->Tag() == TYPE_INT )
+			return new Val(a, TYPE_INT);
+		return nullptr;
+		}
+
+	result_type operator()(double a)
+		{
+		if ( type->Tag() == TYPE_DOUBLE )
+			return new Val(a, TYPE_DOUBLE);
+		return nullptr;
+		}
+
+	result_type operator()(std::string& a)
+		{
+		switch ( type->Tag() ) {
+		case TYPE_STRING:
+			return new StringVal(a.size(), a.data());
+		case TYPE_FILE:
+			{
+			auto file = BroFile::GetFile(a.data());
+
+			if ( file )
+				{
+				Ref(file);
+				return new Val(file);
+				}
+
+			return nullptr;
+			}
+		case TYPE_FUNC:
+			{
+			auto id = lookup_ID(a.data(), GLOBAL_MODULE_NAME);
+			auto rval = id ? id->ID_Val() : nullptr;
+			Unref(id);
+
+			if ( rval && rval->Type()->Tag() == TYPE_FUNC )
+				return rval;
+
+			return nullptr;
+			}
+		default:
+			return nullptr;
+		}
+		}
+
+	result_type operator()(broker::address& a)
+		{
+		if ( type->Tag() == TYPE_ADDR )
+			{
+			auto bits = reinterpret_cast<const in6_addr*>(&a.bytes());
+			return new AddrVal(IPAddr(*bits));
+			}
+
+		return nullptr;
+		}
+
+	result_type operator()(broker::subnet& a)
+		{
+		if ( type->Tag() == TYPE_SUBNET )
+			{
+			auto bits = reinterpret_cast<const in6_addr*>(&a.network().bytes());
+			return new SubNetVal(IPPrefix(IPAddr(*bits), a.length()));
+			}
+
+		return nullptr;
+		}
+
+	result_type operator()(broker::port& a)
+		{
+		if ( type->Tag() == TYPE_PORT )
+			return new PortVal(a.number(), bro_broker::to_bro_port_proto(a.type()));
+
+		return nullptr;
+		}
+
+	result_type operator()(broker::time_point& a)
+		{
+		if ( type->Tag() == TYPE_TIME )
+			return new Val(a.value, TYPE_TIME);
+
+		return nullptr;
+		}
+
+	result_type operator()(broker::time_duration& a)
+		{
+		if ( type->Tag() == TYPE_INTERVAL )
+			return new Val(a.value, TYPE_INTERVAL);
+
+		return nullptr;
+		}
+
+	result_type operator()(broker::enum_value& a)
+		{
+		if ( type->Tag() == TYPE_ENUM )
+			{
+			auto etype = type->AsEnumType();
+			auto i = etype->Lookup(GLOBAL_MODULE_NAME, a.name.data());
+
+			if ( i == -1 )
+				return nullptr;
+
+			return new EnumVal(i, etype);
+			}
+
+		return nullptr;
+		}
+
+	result_type operator()(broker::set& a)
+		{
+		if ( ! type->IsSet() )
+			return nullptr;
+
+		auto tt = type->AsTableType();
+		auto rval = new TableVal(tt);
+
+		for ( auto& item : a )
+			{
+			broker::vector composite_key;
+			auto indices = broker::get<broker::vector>(item);
+
+			if ( ! indices )
+				{
+				composite_key.emplace_back(move(item));
+				indices = &composite_key;
+				}
+
+			auto expected_index_types = tt->Indices()->Types();
+
+			if ( static_cast<size_t>(expected_index_types->length()) !=
+			     indices->size() )
+				{
+				Unref(rval);
+				return nullptr;
+				}
+
+			auto list_val = new ListVal(TYPE_ANY);
+
+			for ( auto i = 0u; i < indices->size(); ++i )
+				{
+				auto index_val = bro_broker::data_to_val(move((*indices)[i]),
+				                                         (*expected_index_types)[i]);
+
+				if ( ! index_val )
+					{
+					Unref(rval);
+					Unref(list_val);
+					return nullptr;
+					}
+
+				list_val->Append(index_val);
+				}
+
+
+			rval->Assign(list_val, nullptr);
+			Unref(list_val);
+			}
+
+		return rval;
+		}
+
+	result_type operator()(broker::table& a)
+		{
+		if ( ! type->IsTable() )
+			return nullptr;
+
+		auto tt = type->AsTableType();
+		auto rval = new TableVal(tt);
+
+		for ( auto& item : a )
+			{
+			broker::vector composite_key;
+			auto indices = broker::get<broker::vector>(item.first);
+
+			if ( ! indices )
+				{
+				composite_key.emplace_back(move(item.first));
+				indices = &composite_key;
+				}
+
+			auto expected_index_types = tt->Indices()->Types();
+
+			if ( static_cast<size_t>(expected_index_types->length()) !=
+			     indices->size() )
+				{
+				Unref(rval);
+				return nullptr;
+				}
+
+			auto list_val = new ListVal(TYPE_ANY);
+
+			for ( auto i = 0u; i < indices->size(); ++i )
+				{
+				auto index_val = bro_broker::data_to_val(move((*indices)[i]),
+				                                         (*expected_index_types)[i]);
+
+				if ( ! index_val )
+					{
+					Unref(rval);
+					Unref(list_val);
+					return nullptr;
+					}
+
+				list_val->Append(index_val);
+				}
+
+			auto value_val = bro_broker::data_to_val(move(item.second),
+			                                         tt->YieldType());
+
+			if ( ! value_val )
+				{
+				Unref(rval);
+				Unref(list_val);
+				return nullptr;
+				}
+
+			rval->Assign(list_val, value_val);
+			Unref(list_val);
+			}
+
+		return rval;
+		}
+
+	result_type operator()(broker::vector& a)
+		{
+		if ( type->Tag() != TYPE_VECTOR )
+			return nullptr;
+
+		auto vt = type->AsVectorType();
+		auto rval = new VectorVal(vt);
+
+		for ( auto& item : a )
+			{
+			auto item_val = bro_broker::data_to_val(move(item), vt->YieldType());
+
+			if ( ! item_val )
+				{
+				Unref(rval);
+				return nullptr;
+				}
+
+			rval->Assign(rval->Size(), item_val);
+			}
+
+		return rval;
+		}
+
+	result_type operator()(broker::record& a)
+		{
+		if ( type->Tag() != TYPE_RECORD )
+			return nullptr;
+
+		auto rt = type->AsRecordType();
+		auto rval = new RecordVal(rt);
+
+		for ( auto i = 0u; i < static_cast<size_t>(rt->NumFields()); ++i )
+			{
+			if ( require_log_attr && ! rt->FieldDecl(i)->FindAttr(ATTR_LOG) )
+				continue;
+
+			if ( i >= a.fields.size() )
+				{
+				Unref(rval);
+				return nullptr;
+				}
+
+			if ( ! a.fields[i] )
+				{
+				rval->Assign(i, nullptr);
+				continue;
+				}
+
+			auto item_val = bro_broker::data_to_val(move(*a.fields[i]),
+			                                        rt->FieldType(i));
+
+			if ( ! item_val )
+				{
+				Unref(rval);
+				return nullptr;
+				}
+
+			rval->Assign(i, item_val);
+			}
+
+		return rval;
+		}
+};
+
+Val* bro_broker::data_to_val(broker::data d, BroType* type, bool require_log_attr)
+	{
+	return broker::visit(val_converter{type, require_log_attr}, d);
+	}
+
+broker::util::optional<broker::data> bro_broker::val_to_data(Val* v)
+	{
+	switch ( v->Type()->Tag() ) {
+	case TYPE_BOOL:
+		return {v->AsBool()};
+	case TYPE_INT:
+		return {v->AsInt()};
+	case TYPE_COUNT:
+		return {v->AsCount()};
+	case TYPE_COUNTER:
+		return {v->AsCounter()};
+	case TYPE_PORT:
+		{
+		auto p = v->AsPortVal();
+		return {broker::port(p->Port(), to_broker_port_proto(p->PortType()))};
+		}
+	case TYPE_ADDR:
+		{
+		auto a = v->AsAddr();
+		in6_addr tmp;
+		a.CopyIPv6(&tmp);
+		return {broker::address(reinterpret_cast<const uint32_t*>(&tmp),
+			                    broker::address::family::ipv6,
+			                    broker::address::byte_order::network)};
+		}
+		break;
+	case TYPE_SUBNET:
+		{
+		auto s = v->AsSubNet();
+		in6_addr tmp;
+		s.Prefix().CopyIPv6(&tmp);
+		auto a = broker::address(reinterpret_cast<const uint32_t*>(&tmp),
+		                         broker::address::family::ipv6,
+		                         broker::address::byte_order::network);
+		return {broker::subnet(a, s.Length())};
+		}
+		break;
+	case TYPE_DOUBLE:
+		return {v->AsDouble()};
+	case TYPE_TIME:
+		return {broker::time_point(v->AsTime())};
+	case TYPE_INTERVAL:
+		return {broker::time_duration(v->AsInterval())};
+	case TYPE_ENUM:
+		{
+		auto enum_type = v->Type()->AsEnumType();
+		auto enum_name = enum_type->Lookup(v->AsEnum());
+		return {broker::enum_value(enum_name ? enum_name : "<unknown enum>")};
+		}
+	case TYPE_STRING:
+		{
+		auto s = v->AsString();
+		return {string(reinterpret_cast<const char*>(s->Bytes()), s->Len())};
+		}
+	case TYPE_FILE:
+		return {string(v->AsFile()->Name())};
+	case TYPE_FUNC:
+		return {string(v->AsFunc()->Name())};
+	case TYPE_TABLE:
+		{
+		auto is_set = v->Type()->IsSet();
+		auto table = v->AsTable();
+		auto table_val = v->AsTableVal();
+		broker::data rval;
+
+		if ( is_set )
+			rval = broker::set();
+		else
+			rval = broker::table();
+
+		struct iter_guard {
+			iter_guard(HashKey* arg_k, ListVal* arg_lv)
+			    : k(arg_k), lv(arg_lv)
+				{}
+
+			~iter_guard()
+				{
+				delete k;
+				Unref(lv);
+				}
+
+			HashKey* k;
+			ListVal* lv;
+		};
+
+		HashKey* k;
+		TableEntryVal* entry;
+		auto c = table->InitForIteration();
+
+		while ( (entry = table->NextEntry(k, c)) )
+			{
+			auto vl = table_val->RecoverIndex(k);
+			iter_guard ig(k, vl);
+
+			broker::vector composite_key;
+			composite_key.reserve(vl->Length());
+
+			for ( auto k = 0; k < vl->Length(); ++k )
+				{
+				auto key_part = val_to_data((*vl->Vals())[k]);
+
+				if ( ! key_part )
+					return {};
+
+				composite_key.emplace_back(move(*key_part));
+				}
+
+			broker::data key;
+
+			if ( composite_key.size() == 1 )
+				key = move(composite_key[0]);
+			else
+				key = move(composite_key);
+
+			if ( is_set )
+				broker::get<broker::set>(rval)->emplace(move(key));
+			else
+				{
+				auto val = val_to_data(entry->Value());
+
+				if ( ! val )
+					return {};
+
+				broker::get<broker::table>(rval)->emplace(move(key),
+				                                          move(*val));
+				}
+			}
+
+		return {rval};
+		}
+	case TYPE_VECTOR:
+		{
+		auto vec = v->AsVectorVal();
+		broker::vector rval;
+		rval.reserve(vec->Size());
+
+		for ( auto i = 0u; i < vec->Size(); ++i )
+			{
+			auto item_val = vec->Lookup(i);
+
+			if ( ! item_val )
+				continue;
+
+			auto item = val_to_data(item_val);
+
+			if ( ! item )
+				return {};
+
+			rval.emplace_back(move(*item));
+			}
+
+		return {rval};
+		}
+	case TYPE_RECORD:
+		{
+		auto rec = v->AsRecordVal();
+		broker::record rval;
+		size_t num_fields = v->Type()->AsRecordType()->NumFields();
+		rval.fields.reserve(num_fields);
+
+		for ( auto i = 0u; i < num_fields; ++i )
+			{
+			auto item_val = rec->LookupWithDefault(i);
+
+			if ( ! item_val )
+				{
+				rval.fields.emplace_back(broker::record::field{});
+				continue;
+				}
+
+			auto item = val_to_data(item_val);
+			Unref(item_val);
+
+			if ( ! item )
+				return {};
+
+			rval.fields.emplace_back(broker::record::field{move(*item)});
+			}
+
+		return {rval};
+		}
+	default:
+		reporter->Error("unsupported BrokerComm::Data type: %s",
+		                type_name(v->Type()->Tag()));
+		break;
+	}
+
+	return {};
+	}
+
+RecordVal* bro_broker::make_data_val(Val* v)
+	{
+	auto rval = new RecordVal(BifType::Record::BrokerComm::Data);
+	auto data = val_to_data(v);
+
+	if ( data )
+		rval->Assign(0, new DataVal(move(*data)));
+
+	return rval;
+	}
+
+RecordVal* bro_broker::make_data_val(broker::data d)
+	{
+	auto rval = new RecordVal(BifType::Record::BrokerComm::Data);
+	rval->Assign(0, new DataVal(move(d)));
+	return rval;
+	}
+
+struct data_type_getter {
+	using result_type = EnumVal*;
+
+	result_type operator()(bool a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::BOOL,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+
+	result_type operator()(uint64_t a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::COUNT,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+
+	result_type operator()(int64_t a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::INT,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+
+	result_type operator()(double a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::DOUBLE,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+
+	result_type operator()(const std::string& a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::STRING,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+
+	result_type operator()(const broker::address& a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::ADDR,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+
+	result_type operator()(const broker::subnet& a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::SUBNET,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+
+	result_type operator()(const broker::port& a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::PORT,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+
+	result_type operator()(const broker::time_point& a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::TIME,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+
+	result_type operator()(const broker::time_duration& a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::INTERVAL,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+
+	result_type operator()(const broker::enum_value& a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::ENUM,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+
+	result_type operator()(const broker::set& a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::SET,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+
+	result_type operator()(const broker::table& a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::TABLE,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+
+	result_type operator()(const broker::vector& a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::VECTOR,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+
+	result_type operator()(const broker::record& a)
+		{
+		return new EnumVal(BifEnum::BrokerComm::RECORD,
+		                   BifType::Enum::BrokerComm::DataType);
+		}
+};
+
+EnumVal* bro_broker::get_data_type(RecordVal* v, Frame* frame)
+	{
+	return broker::visit(data_type_getter{}, opaque_field_to_data(v, frame));
+	}
+
+broker::data& bro_broker::opaque_field_to_data(RecordVal* v, Frame* f)
+	{
+	Val* d = v->Lookup(0);
+
+	if ( ! d )
+		reporter->RuntimeError(f->GetCall()->GetLocationInfo(),
+		                       "BrokerComm::Data's opaque field is not set");
+
+	return static_cast<DataVal*>(d)->data;
+	}
+
+IMPLEMENT_SERIAL(bro_broker::DataVal, SER_COMM_DATA_VAL);
+
+bool bro_broker::DataVal::DoSerialize(SerialInfo* info) const
+	{
+	DO_SERIALIZE(SER_COMM_DATA_VAL, OpaqueVal);
+
+	std::string serial;
+	caf::binary_serializer bs(std::back_inserter(serial));
+	bs << data;
+
+	if ( ! SERIALIZE_STR(serial.data(), serial.size()) )
+		return false;
+
+	return true;
+	}
+
+bool bro_broker::DataVal::DoUnserialize(UnserialInfo* info)
+	{
+	DO_UNSERIALIZE(OpaqueVal);
+
+	const char* serial;
+	int len;
+
+	if ( ! UNSERIALIZE_STR(&serial, &len) )
+		return false;
+
+	caf::binary_deserializer bd(serial, len);
+	caf::uniform_typeid<broker::data>()->deserialize(&data, &bd);
+	delete [] serial;
+	return true;
+	}
diff --git a/src/broker/Data.h b/src/broker/Data.h
new file mode 100644
index 0000000000..84495056be
--- /dev/null
+++ b/src/broker/Data.h
@@ -0,0 +1,256 @@
+#ifndef BRO_COMM_DATA_H
+#define BRO_COMM_DATA_H
+
+#include <broker/data.hh>
+#include "Val.h"
+#include "Reporter.h"
+#include "Frame.h"
+#include "Expr.h"
+
+namespace bro_broker {
+
+extern OpaqueType* opaque_of_data_type;
+extern OpaqueType* opaque_of_set_iterator;
+extern OpaqueType* opaque_of_table_iterator;
+extern OpaqueType* opaque_of_vector_iterator;
+extern OpaqueType* opaque_of_record_iterator;
+
+/**
+ * Convert a broker port protocol to a bro port protocol.
+ */
+TransportProto to_bro_port_proto(broker::port::protocol tp);
+
+/**
+ * Create a BrokerComm::Data value from a Bro value.
+ * @param v the Bro value to convert to a Broker data value.
+ * @return a BrokerComm::Data value, where the optional field is set if the conversion
+ * was possible, else it is unset.
+ */
+RecordVal* make_data_val(Val* v);
+
+/**
+ * Create a BrokerComm::Data value from a Broker data value.
+ * @param d the Broker value to wrap in an opaque type.
+ * @return a BrokerComm::Data value that wraps the Broker value.
+ */
+RecordVal* make_data_val(broker::data d);
+
+/**
+ * Get the type of Broker data that BrokerComm::Data wraps.
+ * @param v a BrokerComm::Data value.
+ * @param frame used to get location info upon error.
+ * @return a BrokerComm::DataType value.
+ */
+EnumVal* get_data_type(RecordVal* v, Frame* frame);
+
+/**
+ * Convert a Bro value to a Broker data value.
+ * @param v a Bro value.
+ * @return a Broker data value if the Bro value could be converted to one.
+ */
+broker::util::optional<broker::data> val_to_data(Val* v);
+
+/**
+ * Convert a Broker data value to a Bro value.
+ * @param d a Broker data value.
+ * @param type the expected type of the value to return.
+ * @param require_log_attr if true, skip over record fields that don't have the
+ * &log attribute.
+ * @return a pointer to a new Bro value or a nullptr if the conversion was not
+ * possible.
+ */
+Val* data_to_val(broker::data d, BroType* type, bool require_log_attr = false);
+
+/**
+ * A Bro value which wraps a Broker data value.
+ */
+class DataVal : public OpaqueVal {
+public:
+
+	DataVal(broker::data arg_data)
+		: OpaqueVal(bro_broker::opaque_of_data_type), data(std::move(arg_data))
+		{}
+
+	void ValDescribe(ODesc* d) const override
+		{
+		d->Add("broker::data{");
+		d->Add(broker::to_string(data));
+		d->Add("}");
+		}
+
+	DECLARE_SERIAL(DataVal);
+
+	broker::data data;
+
+protected:
+
+	DataVal()
+		{}
+};
+
+/**
+ * Visitor for retrieving type names a Broker data value.
+ */
+struct type_name_getter {
+	using result_type = const char*;
+
+	result_type operator()(bool a)
+		{ return "bool"; }
+
+	result_type operator()(uint64_t a)
+		{ return "uint64_t"; }
+
+	result_type operator()(int64_t a)
+		{ return "int64_t"; }
+
+	result_type operator()(double a)
+		{ return "double"; }
+
+	result_type operator()(const std::string& a)
+		{ return "string"; }
+
+	result_type operator()(const broker::address& a)
+		{ return "address"; }
+
+	result_type operator()(const broker::subnet& a)
+		{ return "subnet"; }
+
+	result_type operator()(const broker::port& a)
+		{ return "port"; }
+
+	result_type operator()(const broker::time_point& a)
+		{ return "time"; }
+
+	result_type operator()(const broker::time_duration& a)
+		{ return "interval"; }
+
+	result_type operator()(const broker::enum_value& a)
+		{ return "enum"; }
+
+	result_type operator()(const broker::set& a)
+		{ return "set"; }
+
+	result_type operator()(const broker::table& a)
+		{ return "table"; }
+
+	result_type operator()(const broker::vector& a)
+		{ return "vector"; }
+
+	result_type operator()(const broker::record& a)
+		{ return "record"; }
+};
+
+/**
+ * Retrieve Broker data value associated with a BrokerComm::Data Bro value.
+ * @param v a BrokerComm::Data value.
+ * @param f used to get location information on error.
+ * @return a reference to the wrapped Broker data value.  A runtime interpreter
+ * exception is thrown if the the optional opaque value of \a v is not set.
+ */
+broker::data& opaque_field_to_data(RecordVal* v, Frame* f);
+
+/**
+ * Retrieve variant data from a Broker data value.
+ * @tparam T a type that the variant may contain.
+ * @param d a Broker data value to get variant data out of.
+ * @param tag a Bro tag which corresponds to T (just used for error reporting).
+ * @param f used to get location information on error.
+ * @return a refrence to the requested type in the variant Broker data.
+ * A runtime interpret exception is thrown if trying to access a type which
+ * is not currently stored in the Broker data.
+ */
+template <typename T>
+T& require_data_type(broker::data& d, TypeTag tag, Frame* f)
+	{
+	auto ptr = broker::get<T>(d);
+
+	if ( ! ptr )
+		reporter->RuntimeError(f->GetCall()->GetLocationInfo(),
+		                       "data is of type '%s' not of type '%s'",
+		                       broker::visit(type_name_getter{}, d),
+		                       type_name(tag));
+
+	return *ptr;
+	}
+
+/**
+ * @see require_data_type() and opaque_field_to_data().
+ */
+template <typename T>
+inline T& require_data_type(RecordVal* v, TypeTag tag, Frame* f)
+	{
+	return require_data_type<T>(opaque_field_to_data(v, f), tag, f);
+	}
+
+/**
+ * Convert a BrokerComm::Data Bro value to a Bro value of a given type.
+ * @tparam a type that a Broker data variant may contain.
+ * @param v a BrokerComm::Data value.
+ * @param tag a Bro type to convert to.
+ * @param f used to get location information on error.
+ * A runtime interpret exception is thrown if trying to access a type which
+ * is not currently stored in the Broker data.
+ */
+template <typename T>
+inline Val* refine(RecordVal* v, TypeTag tag, Frame* f)
+	{
+	return new Val(require_data_type<T>(v, tag, f), tag);
+	}
+
+// Copying data in to iterator vals is not the fastest approach, but safer...
+
+class SetIterator : public OpaqueVal {
+public:
+
+	SetIterator(RecordVal* v, TypeTag tag, Frame* f)
+	    : OpaqueVal(bro_broker::opaque_of_set_iterator),
+	      dat(require_data_type<broker::set>(v, TYPE_TABLE, f)),
+	      it(dat.begin())
+		{}
+
+	broker::set dat;
+	broker::set::iterator it;
+};
+
+class TableIterator : public OpaqueVal {
+public:
+
+	TableIterator(RecordVal* v, TypeTag tag, Frame* f)
+	    : OpaqueVal(bro_broker::opaque_of_table_iterator),
+	      dat(require_data_type<broker::table>(v, TYPE_TABLE, f)),
+	      it(dat.begin())
+		{}
+
+	broker::table dat;
+	broker::table::iterator it;
+};
+
+class VectorIterator : public OpaqueVal {
+public:
+
+	VectorIterator(RecordVal* v, TypeTag tag, Frame* f)
+	    : OpaqueVal(bro_broker::opaque_of_vector_iterator),
+	      dat(require_data_type<broker::vector>(v, TYPE_VECTOR, f)),
+	      it(dat.begin())
+		{}
+
+	broker::vector dat;
+	broker::vector::iterator it;
+};
+
+class RecordIterator : public OpaqueVal {
+public:
+
+	RecordIterator(RecordVal* v, TypeTag tag, Frame* f)
+	    : OpaqueVal(bro_broker::opaque_of_record_iterator),
+	      dat(require_data_type<broker::record>(v, TYPE_VECTOR, f)),
+	      it(dat.fields.begin())
+		{}
+
+	broker::record dat;
+	decltype(broker::record::fields)::iterator it;
+};
+
+} // namespace bro_broker
+
+#endif // BRO_COMM_DATA_H
diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc
new file mode 100644
index 0000000000..e467137c65
--- /dev/null
+++ b/src/broker/Manager.cc
@@ -0,0 +1,1085 @@
+#include "Manager.h"
+#include "Data.h"
+#include "Store.h"
+#include <broker/broker.hh>
+#include <broker/report.hh>
+#include <cstdio>
+#include <unistd.h>
+#include "util.h"
+#include "Var.h"
+#include "Reporter.h"
+#include "broker/comm.bif.h"
+#include "broker/data.bif.h"
+#include "broker/messaging.bif.h"
+#include "broker/store.bif.h"
+#include "logging/Manager.h"
+#include "DebugLogger.h"
+#include "iosource/Manager.h"
+
+using namespace std;
+
+VectorType* bro_broker::Manager::vector_of_data_type;
+EnumType* bro_broker::Manager::log_id_type;
+int bro_broker::Manager::send_flags_self_idx;
+int bro_broker::Manager::send_flags_peers_idx;
+int bro_broker::Manager::send_flags_unsolicited_idx;
+
+bro_broker::Manager::~Manager()
+	{
+	vector<decltype(data_stores)::key_type> stores_to_close;
+
+	for ( auto& s : data_stores )
+		stores_to_close.emplace_back(s.first);
+
+	for ( auto& s : stores_to_close )
+		// This doesn't loop directly over data_stores, because CloseStore
+		// modifies the map and invalidates iterators.
+		CloseStore(s.first, s.second);
+	}
+
+static int require_field(RecordType* rt, const char* name)
+	{
+	auto rval = rt->FieldOffset(name);
+
+	if ( rval < 0 )
+		reporter->InternalError("no field named '%s' in record type '%s'", name,
+		                        rt->GetName().data());
+
+	return rval;
+	}
+
+static int endpoint_flags_to_int(Val* broker_endpoint_flags)
+	{
+	int rval = 0;
+	auto r = broker_endpoint_flags->AsRecordVal();
+	Val* auto_publish_flag = r->Lookup("auto_publish", true);
+	Val* auto_advertise_flag = r->Lookup("auto_advertise", true);
+
+	if ( auto_publish_flag->AsBool() )
+		rval |= broker::AUTO_PUBLISH;
+
+	if ( auto_advertise_flag->AsBool() )
+		rval |= broker::AUTO_ADVERTISE;
+
+	Unref(auto_publish_flag);
+	Unref(auto_advertise_flag);
+	return rval;
+	}
+
+bool bro_broker::Manager::Enable(Val* broker_endpoint_flags)
+	{
+	if ( endpoint != nullptr )
+		return true;
+
+	auto send_flags_type = internal_type("BrokerComm::SendFlags")->AsRecordType();
+	send_flags_self_idx = require_field(send_flags_type, "self");
+	send_flags_peers_idx = require_field(send_flags_type, "peers");
+	send_flags_unsolicited_idx = require_field(send_flags_type, "unsolicited");
+
+	log_id_type = internal_type("Log::ID")->AsEnumType();
+
+	bro_broker::opaque_of_data_type = new OpaqueType("BrokerComm::Data");
+	bro_broker::opaque_of_set_iterator = new OpaqueType("BrokerComm::SetIterator");
+	bro_broker::opaque_of_table_iterator = new OpaqueType("BrokerComm::TableIterator");
+	bro_broker::opaque_of_vector_iterator = new OpaqueType("BrokerComm::VectorIterator");
+	bro_broker::opaque_of_record_iterator = new OpaqueType("BrokerComm::RecordIterator");
+	bro_broker::opaque_of_store_handle = new OpaqueType("BrokerStore::Handle");
+	vector_of_data_type = new VectorType(internal_type("BrokerComm::Data")->Ref());
+
+	auto res = broker::init();
+
+	if ( res )
+		{
+		fprintf(stderr, "broker::init failed: %s\n", broker::strerror(res));
+		return false;
+		}
+
+	res = broker::report::init(true);
+
+	if ( res )
+		{
+		fprintf(stderr, "broker::report::init failed: %s\n",
+		        broker::strerror(res));
+		return false;
+		}
+
+	const char* name;
+	auto name_from_script = internal_val("BrokerComm::endpoint_name")->AsString();
+
+	if ( name_from_script->Len() )
+		name = name_from_script->CheckString();
+	else
+		{
+		char host[256];
+
+		if ( gethostname(host, sizeof(host)) == 0 )
+			name = fmt("bro@%s.%ld", host, static_cast<long>(getpid()));
+		else
+			name = fmt("bro@<unknown>.%ld", static_cast<long>(getpid()));
+		}
+
+	int flags = endpoint_flags_to_int(broker_endpoint_flags);
+	endpoint = unique_ptr<broker::endpoint>(new broker::endpoint(name, flags));
+	iosource_mgr->Register(this, true);
+	return true;
+	}
+
+bool bro_broker::Manager::SetEndpointFlags(Val* broker_endpoint_flags)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	int flags = endpoint_flags_to_int(broker_endpoint_flags);
+	endpoint->set_flags(flags);
+	return true;
+	}
+
+bool bro_broker::Manager::Listen(uint16_t port, const char* addr, bool reuse_addr)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	auto rval = endpoint->listen(port, addr, reuse_addr);
+
+	if ( ! rval )
+		{
+		reporter->Error("Failed to listen on %s:%" PRIu16 " : %s",
+		                addr ? addr : "INADDR_ANY", port,
+		                endpoint->last_error().data());
+		}
+
+	return rval;
+	}
+
+bool bro_broker::Manager::Connect(string addr, uint16_t port,
+                            chrono::duration<double> retry_interval)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	auto& peer = peers[make_pair(addr, port)];
+
+	if ( peer )
+		return false;
+
+	peer = endpoint->peer(move(addr), port, retry_interval);
+	return true;
+	}
+
+bool bro_broker::Manager::Disconnect(const string& addr, uint16_t port)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	auto it = peers.find(make_pair(addr, port));
+
+	if ( it == peers.end() )
+		return false;
+
+	auto rval = endpoint->unpeer(it->second);
+	peers.erase(it);
+	return rval;
+	}
+
+bool bro_broker::Manager::Print(string topic, string msg, Val* flags)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	endpoint->send(move(topic), broker::message{move(msg)},
+	               send_flags_to_int(flags));
+	return true;
+	}
+
+bool bro_broker::Manager::Event(std::string topic, broker::message msg, int flags)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	endpoint->send(move(topic), move(msg), flags);
+	return true;
+	}
+
+bool bro_broker::Manager::Log(EnumVal* stream, RecordVal* columns, RecordType* info,
+                        int flags)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	auto stream_name = stream->Type()->AsEnumType()->Lookup(stream->AsEnum());
+
+	if ( ! stream_name )
+		{
+		reporter->Error("Failed to remotely log: stream %d doesn't have name",
+		                stream->AsEnum());
+		return false;
+		}
+
+	broker::record column_data;
+
+	for ( auto i = 0u; i < static_cast<size_t>(info->NumFields()); ++i )
+		{
+		if ( ! info->FieldDecl(i)->FindAttr(ATTR_LOG) )
+			continue;
+
+		auto field_val = columns->LookupWithDefault(i);
+
+		if ( ! field_val )
+			{
+			column_data.fields.emplace_back(broker::record::field{});
+			continue;
+			}
+
+		auto opt_field_data = val_to_data(field_val);
+		Unref(field_val);
+
+		if ( ! opt_field_data )
+			{
+			reporter->Error("Failed to remotely log stream %s: "
+			                "unsupported type '%s'",
+			                stream_name,
+			                type_name(info->FieldDecl(i)->type->Tag()));
+			return false;
+			}
+
+		column_data.fields.emplace_back(
+		            broker::record::field{move(*opt_field_data)});
+		}
+
+	broker::message msg{broker::enum_value{stream_name}, move(column_data)};
+	std::string topic = std::string("bro/log/") + stream_name;
+	endpoint->send(move(topic), move(msg), flags);
+	return true;
+	}
+
+bool bro_broker::Manager::Event(std::string topic, RecordVal* args, Val* flags)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	if ( ! args->Lookup(0) )
+		return false;
+
+	auto event_name = args->Lookup(0)->AsString()->CheckString();
+	auto vv = args->Lookup(1)->AsVectorVal();
+	broker::message msg;
+	msg.reserve(vv->Size() + 1);
+	msg.emplace_back(event_name);
+
+	for ( auto i = 0u; i < vv->Size(); ++i )
+		{
+		auto val = vv->Lookup(i)->AsRecordVal()->Lookup(0);
+		auto data_val = static_cast<DataVal*>(val);
+		msg.emplace_back(data_val->data);
+		}
+
+	endpoint->send(move(topic), move(msg), send_flags_to_int(flags));
+	return true;
+	}
+
+bool bro_broker::Manager::AutoEvent(string topic, Val* event, Val* flags)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	if ( event->Type()->Tag() != TYPE_FUNC )
+		{
+		reporter->Error("BrokerComm::auto_event must operate on an event");
+		return false;
+		}
+
+	auto event_val = event->AsFunc();
+
+	if ( event_val->Flavor() != FUNC_FLAVOR_EVENT )
+		{
+		reporter->Error("BrokerComm::auto_event must operate on an event");
+		return false;
+		}
+
+	auto handler = event_registry->Lookup(event_val->Name());
+
+	if ( ! handler )
+		{
+		reporter->Error("BrokerComm::auto_event failed to lookup event '%s'",
+		                event_val->Name());
+		return false;
+		}
+
+	handler->AutoRemote(move(topic), send_flags_to_int(flags));
+	return true;
+	}
+
+bool bro_broker::Manager::AutoEventStop(const string& topic, Val* event)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	if ( event->Type()->Tag() != TYPE_FUNC )
+		{
+		reporter->Error("BrokerComm::auto_event_stop must operate on an event");
+		return false;
+		}
+
+	auto event_val = event->AsFunc();
+
+	if ( event_val->Flavor() != FUNC_FLAVOR_EVENT )
+		{
+		reporter->Error("BrokerComm::auto_event_stop must operate on an event");
+		return false;
+		}
+
+	auto handler = event_registry->Lookup(event_val->Name());
+
+	if ( ! handler )
+		{
+		reporter->Error("BrokerComm::auto_event_stop failed to lookup event '%s'",
+		                event_val->Name());
+		return false;
+		}
+
+
+	handler->AutoRemoteStop(topic);
+	return true;
+	}
+
+RecordVal* bro_broker::Manager::MakeEventArgs(val_list* args)
+	{
+	if ( ! Enabled() )
+		return nullptr;
+
+	auto rval = new RecordVal(BifType::Record::BrokerComm::EventArgs);
+	auto arg_vec = new VectorVal(vector_of_data_type);
+	rval->Assign(1, arg_vec);
+	Func* func = 0;
+
+	for ( auto i = 0; i < args->length(); ++i )
+		{
+		auto arg_val = (*args)[i];
+
+		if ( i == 0 )
+			{
+			// Event val must come first.
+
+			if ( arg_val->Type()->Tag() != TYPE_FUNC )
+				{
+				reporter->Error("1st param of BrokerComm::event_args must be event");
+				return rval;
+				}
+
+			func = arg_val->AsFunc();
+
+			if ( func->Flavor() != FUNC_FLAVOR_EVENT )
+				{
+				reporter->Error("1st param of BrokerComm::event_args must be event");
+				return rval;
+				}
+
+			auto num_args = func->FType()->Args()->NumFields();
+
+			if ( num_args != args->length() - 1 )
+				{
+				reporter->Error("bad # of BrokerComm::event_args: got %d, expect %d",
+				                args->length(), num_args + 1);
+				return rval;
+				}
+
+			rval->Assign(0, new StringVal(func->Name()));
+			continue;
+			}
+
+		auto expected_type = (*func->FType()->ArgTypes()->Types())[i - 1];
+
+		if ( ! same_type((*args)[i]->Type(), expected_type) )
+			{
+			rval->Assign(0, 0);
+			reporter->Error("BrokerComm::event_args param %d type mismatch", i);
+			return rval;
+			}
+
+		auto data_val = make_data_val((*args)[i]);
+
+		if ( ! data_val->Lookup(0) )
+			{
+			Unref(data_val);
+			rval->Assign(0, 0);
+			reporter->Error("BrokerComm::event_args unsupported event/params");
+			return rval;
+			}
+
+		arg_vec->Assign(i - 1, data_val);
+		}
+
+	return rval;
+	}
+
+bool bro_broker::Manager::SubscribeToPrints(string topic_prefix)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	auto& q = print_subscriptions[topic_prefix].q;
+
+	if ( q )
+		return false;
+
+	q = broker::message_queue(move(topic_prefix), *endpoint);
+	return true;
+	}
+
+bool bro_broker::Manager::UnsubscribeToPrints(const string& topic_prefix)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	return print_subscriptions.erase(topic_prefix);
+	}
+
+bool bro_broker::Manager::SubscribeToEvents(string topic_prefix)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	auto& q = event_subscriptions[topic_prefix].q;
+
+	if ( q )
+		return false;
+
+	q = broker::message_queue(move(topic_prefix), *endpoint);
+	return true;
+	}
+
+bool bro_broker::Manager::UnsubscribeToEvents(const string& topic_prefix)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	return event_subscriptions.erase(topic_prefix);
+	}
+
+bool bro_broker::Manager::SubscribeToLogs(string topic_prefix)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	auto& q = log_subscriptions[topic_prefix].q;
+
+	if ( q )
+		return false;
+
+	q = broker::message_queue(move(topic_prefix), *endpoint);
+	return true;
+	}
+
+bool bro_broker::Manager::UnsubscribeToLogs(const string& topic_prefix)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	return log_subscriptions.erase(topic_prefix);
+	}
+
+bool bro_broker::Manager::PublishTopic(broker::topic t)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	endpoint->publish(move(t));
+	return true;
+	}
+
+bool bro_broker::Manager::UnpublishTopic(broker::topic t)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	endpoint->unpublish(move(t));
+	return true;
+	}
+
+bool bro_broker::Manager::AdvertiseTopic(broker::topic t)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	endpoint->advertise(move(t));
+	return true;
+	}
+
+bool bro_broker::Manager::UnadvertiseTopic(broker::topic t)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	endpoint->unadvertise(move(t));
+	return true;
+	}
+
+int bro_broker::Manager::send_flags_to_int(Val* flags)
+	{
+	auto r = flags->AsRecordVal();
+	int rval = 0;
+	Val* self_flag = r->LookupWithDefault(send_flags_self_idx);
+	Val* peers_flag = r->LookupWithDefault(send_flags_peers_idx);
+	Val* unsolicited_flag = r->LookupWithDefault(send_flags_unsolicited_idx);
+
+	if ( self_flag->AsBool() )
+		rval |= broker::SELF;
+
+	if ( peers_flag->AsBool() )
+		rval |= broker::PEERS;
+
+	if ( unsolicited_flag->AsBool() )
+		rval |= broker::UNSOLICITED;
+
+	Unref(self_flag);
+	Unref(peers_flag);
+	Unref(unsolicited_flag);
+	return rval;
+	}
+
+void bro_broker::Manager::GetFds(iosource::FD_Set* read, iosource::FD_Set* write,
+                           iosource::FD_Set* except)
+	{
+	read->Insert(endpoint->outgoing_connection_status().fd());
+	read->Insert(endpoint->incoming_connection_status().fd());
+
+	for ( const auto& ps : print_subscriptions )
+		read->Insert(ps.second.q.fd());
+
+	for ( const auto& ps : event_subscriptions )
+		read->Insert(ps.second.q.fd());
+
+	for ( const auto& ps : log_subscriptions )
+		read->Insert(ps.second.q.fd());
+
+	for ( const auto& s : data_stores )
+		read->Insert(s.second->store->responses().fd());
+
+	read->Insert(broker::report::default_queue->fd());
+	}
+
+double bro_broker::Manager::NextTimestamp(double* local_network_time)
+	{
+	// TODO: do something better?
+	return timer_mgr->Time();
+	}
+
+struct response_converter {
+	using result_type = RecordVal*;
+	broker::store::query::tag query_tag;
+
+	result_type operator()(bool d)
+		{
+		switch ( query_tag ) {
+		case broker::store::query::tag::pop_left:
+		case broker::store::query::tag::pop_right:
+		case broker::store::query::tag::lookup:
+			// A boolean result means the key doesn't exist (if it did, then
+			// the result would contain the broker::data value, not a bool).
+			return new RecordVal(BifType::Record::BrokerComm::Data);
+		default:
+			return bro_broker::make_data_val(broker::data{d});
+		}
+		}
+
+	result_type operator()(uint64_t d)
+		{
+		return bro_broker::make_data_val(broker::data{d});
+		}
+
+	result_type operator()(broker::data& d)
+		{
+		return bro_broker::make_data_val(move(d));
+		}
+
+	result_type operator()(std::vector<broker::data>& d)
+		{
+		return bro_broker::make_data_val(broker::data{move(d)});
+		}
+
+	result_type operator()(broker::store::snapshot& d)
+		{
+		broker::table table;
+
+		for ( auto& item : d.entries )
+			{
+			auto& key = item.first;
+			auto& val = item.second.item;
+			table[move(key)] = move(val);
+			}
+
+		return bro_broker::make_data_val(broker::data{move(table)});
+		}
+};
+
+static RecordVal* response_to_val(broker::store::response r)
+	{
+	return broker::visit(response_converter{r.request.type}, r.reply.value);
+	}
+
+void bro_broker::Manager::Process()
+	{
+	bool idle = true;
+	auto outgoing_connection_updates =
+	        endpoint->outgoing_connection_status().want_pop();
+	auto incoming_connection_updates =
+	        endpoint->incoming_connection_status().want_pop();
+
+	statistics.outgoing_conn_status_count += outgoing_connection_updates.size();
+	statistics.incoming_conn_status_count += incoming_connection_updates.size();
+
+	for ( auto& u : outgoing_connection_updates )
+		{
+		idle = false;
+
+		switch ( u.status ) {
+		case broker::outgoing_connection_status::tag::established:
+			if ( BrokerComm::outgoing_connection_established )
+				{
+				val_list* vl = new val_list;
+				vl->append(new StringVal(u.relation.remote_tuple().first));
+				vl->append(new PortVal(u.relation.remote_tuple().second,
+				                       TRANSPORT_TCP));
+				vl->append(new StringVal(u.peer_name));
+				mgr.QueueEvent(BrokerComm::outgoing_connection_established, vl);
+				}
+			break;
+
+		case broker::outgoing_connection_status::tag::disconnected:
+			if ( BrokerComm::outgoing_connection_broken )
+				{
+				val_list* vl = new val_list;
+				vl->append(new StringVal(u.relation.remote_tuple().first));
+				vl->append(new PortVal(u.relation.remote_tuple().second,
+				                       TRANSPORT_TCP));
+				mgr.QueueEvent(BrokerComm::outgoing_connection_broken, vl);
+				}
+			break;
+
+		case broker::outgoing_connection_status::tag::incompatible:
+			if ( BrokerComm::outgoing_connection_incompatible )
+				{
+				val_list* vl = new val_list;
+				vl->append(new StringVal(u.relation.remote_tuple().first));
+				vl->append(new PortVal(u.relation.remote_tuple().second,
+				                       TRANSPORT_TCP));
+				mgr.QueueEvent(BrokerComm::outgoing_connection_incompatible, vl);
+				}
+			break;
+
+		default:
+			reporter->InternalWarning(
+			            "unknown broker::outgoing_connection_status::tag : %d",
+			            static_cast<int>(u.status));
+			break;
+		}
+		}
+
+	for ( auto& u : incoming_connection_updates )
+		{
+		idle = false;
+
+		switch ( u.status ) {
+		case broker::incoming_connection_status::tag::established:
+			if ( BrokerComm::incoming_connection_established )
+				{
+				val_list* vl = new val_list;
+				vl->append(new StringVal(u.peer_name));
+				mgr.QueueEvent(BrokerComm::incoming_connection_established, vl);
+				}
+			break;
+
+		case broker::incoming_connection_status::tag::disconnected:
+			if ( BrokerComm::incoming_connection_broken )
+				{
+				val_list* vl = new val_list;
+				vl->append(new StringVal(u.peer_name));
+				mgr.QueueEvent(BrokerComm::incoming_connection_broken, vl);
+				}
+			break;
+
+		default:
+			reporter->InternalWarning(
+			            "unknown broker::incoming_connection_status::tag : %d",
+			            static_cast<int>(u.status));
+			break;
+		}
+		}
+
+	for ( auto& ps : print_subscriptions )
+		{
+		auto print_messages = ps.second.q.want_pop();
+
+		if ( print_messages.empty() )
+			continue;
+
+		ps.second.received += print_messages.size();
+		idle = false;
+
+		if ( ! BrokerComm::print_handler )
+			continue;
+
+		for ( auto& pm : print_messages )
+			{
+			if ( pm.size() != 1 )
+				{
+				reporter->Warning("got print message of invalid size: %zd",
+				                  pm.size());
+				continue;
+				}
+
+			std::string* msg = broker::get<std::string>(pm[0]);
+
+			if ( ! msg )
+				{
+				reporter->Warning("got print message of invalid type: %d",
+				                  static_cast<int>(broker::which(pm[0])));
+				continue;
+				}
+
+			val_list* vl = new val_list;
+			vl->append(new StringVal(move(*msg)));
+			mgr.QueueEvent(BrokerComm::print_handler, vl);
+			}
+		}
+
+	for ( auto& es : event_subscriptions )
+		{
+		auto event_messages = es.second.q.want_pop();
+
+		if ( event_messages.empty() )
+			continue;
+
+		es.second.received += event_messages.size();
+		idle = false;
+
+		for ( auto& em : event_messages )
+			{
+			if ( em.empty() )
+				{
+				reporter->Warning("got empty event message");
+				continue;
+				}
+
+			std::string* event_name = broker::get<std::string>(em[0]);
+
+			if ( ! event_name )
+				{
+				reporter->Warning("got event message w/o event name: %d",
+				                  static_cast<int>(broker::which(em[0])));
+				continue;
+				}
+
+			EventHandlerPtr ehp = event_registry->Lookup(event_name->data());
+
+			if ( ! ehp )
+				continue;
+
+			auto arg_types = ehp->FType()->ArgTypes()->Types();
+
+			if ( static_cast<size_t>(arg_types->length()) != em.size() - 1 )
+				{
+				reporter->Warning("got event message with invalid # of args,"
+				                  " got %zd, expected %d", em.size() - 1,
+				                  arg_types->length());
+				continue;
+				}
+
+			val_list* vl = new val_list;
+
+			for ( auto i = 1u; i < em.size(); ++i )
+				{
+				auto val = data_to_val(move(em[i]), (*arg_types)[i - 1]);
+
+				if ( val )
+					vl->append(val);
+				else
+					{
+					reporter->Warning("failed to convert remote event arg # %d",
+					                  i - 1);
+					break;
+					}
+				}
+
+			if ( static_cast<size_t>(vl->length()) == em.size() - 1 )
+				mgr.QueueEvent(ehp, vl);
+			else
+				delete_vals(vl);
+			}
+		}
+
+	struct unref_guard {
+		unref_guard(Val* v) : val(v) {}
+		~unref_guard() { Unref(val); }
+		Val* val;
+	};
+
+	for ( auto& ls : log_subscriptions )
+		{
+		auto log_messages = ls.second.q.want_pop();
+
+		if ( log_messages.empty() )
+			continue;
+
+		ls.second.received += log_messages.size();
+		idle = false;
+
+		for ( auto& lm : log_messages )
+			{
+			if ( lm.size() != 2 )
+				{
+				reporter->Warning("got bad remote log size: %zd (expect 2)",
+				                  lm.size());
+				continue;
+				}
+
+			if ( ! broker::get<broker::enum_value>(lm[0]) )
+				{
+				reporter->Warning("got remote log w/o stream id: %d",
+				                  static_cast<int>(broker::which(lm[0])));
+				continue;
+				}
+
+			if ( ! broker::get<broker::record>(lm[1]) )
+				{
+				reporter->Warning("got remote log w/o columns: %d",
+				                  static_cast<int>(broker::which(lm[1])));
+				continue;
+				}
+
+			auto stream_id = data_to_val(move(lm[0]), log_id_type);
+
+			if ( ! stream_id )
+				{
+				reporter->Warning("failed to unpack remote log stream id");
+				continue;
+				}
+
+			unref_guard stream_id_unreffer{stream_id};
+			auto columns_type = log_mgr->StreamColumns(stream_id->AsEnumVal());
+
+			if ( ! columns_type )
+				{
+				reporter->Warning("got remote log for unknown stream: %s",
+				                  stream_id->Type()->AsEnumType()->Lookup(
+				                      stream_id->AsEnum()));
+				continue;
+				}
+
+			auto columns = data_to_val(move(lm[1]), columns_type, true);
+
+			if ( ! columns )
+				{
+				reporter->Warning("failed to unpack remote log stream columns"
+				                  " for stream: %s",
+				                  stream_id->Type()->AsEnumType()->Lookup(
+				                      stream_id->AsEnum()));
+				continue;
+				}
+
+			log_mgr->Write(stream_id->AsEnumVal(), columns->AsRecordVal());
+			Unref(columns);
+			}
+		}
+
+	for ( const auto& s : data_stores )
+		{
+		auto responses = s.second->store->responses().want_pop();
+
+		if ( responses.empty() )
+			continue;
+
+		statistics.report_count += responses.size();
+		idle = false;
+
+		for ( auto& response : responses )
+			{
+			auto ck = static_cast<StoreQueryCallback*>(response.cookie);
+			auto it = pending_queries.find(ck);
+
+			if ( it == pending_queries.end() )
+				{
+				reporter->Warning("unmatched response to query on store %s",
+				                  s.second->store->id().data());
+				continue;
+				}
+
+			auto query = *it;
+
+			if ( query->Disabled() )
+				{
+				// Trigger timer must have timed the query out already.
+				delete query;
+				pending_queries.erase(it);
+				continue;
+				}
+
+			switch ( response.reply.stat ) {
+			case broker::store::result::status::timeout:
+				// Fine, trigger's timeout takes care of things.
+				break;
+			case broker::store::result::status::failure:
+				query->Result(query_result());
+				break;
+			case broker::store::result::status::success:
+				query->Result(query_result(response_to_val(move(response))));
+				break;
+			default:
+				reporter->InternalWarning("unknown store response status: %d",
+				                         static_cast<int>(response.reply.stat));
+				break;
+			}
+
+			delete query;
+			pending_queries.erase(it);
+			}
+		}
+
+	auto reports = broker::report::default_queue->want_pop();
+	statistics.report_count += reports.size();
+
+	for ( auto& report : reports )
+		{
+		idle = false;
+
+		if ( report.size() < 2 )
+			{
+			reporter->Warning("got broker report msg of size %zu, expect 4",
+			                  report.size());
+			continue;
+			}
+
+		uint64_t* level = broker::get<uint64_t>(report[1]);
+
+		if ( ! level )
+			{
+			reporter->Warning("got broker report msg w/ bad level type: %d",
+			                  static_cast<int>(broker::which(report[1])));
+			continue;
+			}
+
+		auto lvl = static_cast<broker::report::level>(*level);
+
+		switch ( lvl ) {
+		case broker::report::level::debug:
+			DBG_LOG(DBG_BROKER, broker::to_string(report).data());
+			break;
+		case broker::report::level::info:
+			reporter->Info("broker info: %s",
+			               broker::to_string(report).data());
+			break;
+		case broker::report::level::warn:
+			reporter->Warning("broker warning: %s",
+			                  broker::to_string(report).data());
+			break;
+		case broker::report::level::error:
+			reporter->Error("broker error: %s",
+			                broker::to_string(report).data());
+			break;
+			}
+		}
+
+	SetIdle(idle);
+	}
+
+bool bro_broker::Manager::AddStore(StoreHandleVal* handle)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	if ( ! handle->store )
+		return false;
+
+	auto key = make_pair(handle->store->id(), handle->store_type);
+
+	if ( data_stores.find(key) != data_stores.end() )
+		return false;
+
+	data_stores[key] = handle;
+	Ref(handle);
+	return true;
+	}
+
+bro_broker::StoreHandleVal*
+bro_broker::Manager::LookupStore(const broker::store::identifier& id,
+                           bro_broker::StoreType type)
+	{
+	if ( ! Enabled() )
+		return nullptr;
+
+	auto key = make_pair(id, type);
+	auto it = data_stores.find(key);
+
+	if ( it == data_stores.end() )
+		return nullptr;
+
+	return it->second;
+	}
+
+bool bro_broker::Manager::CloseStore(const broker::store::identifier& id,
+                               StoreType type)
+	{
+	if ( ! Enabled() )
+		return false;
+
+	auto key = make_pair(id, type);
+	auto it = data_stores.find(key);
+
+	if ( it == data_stores.end() )
+		return false;
+
+	for ( auto it = pending_queries.begin(); it != pending_queries.end(); )
+		{
+		auto query = *it;
+
+		if ( query->GetStoreType() == type && query->StoreID() == id )
+			{
+			it = pending_queries.erase(it);
+			query->Abort();
+			delete query;
+			}
+		else
+			++it;
+		}
+
+	delete it->second->store;
+	it->second->store = nullptr;
+	Unref(it->second);
+	data_stores.erase(it);
+	return true;
+	}
+
+bool bro_broker::Manager::TrackStoreQuery(StoreQueryCallback* cb)
+	{
+	assert(Enabled());
+	return pending_queries.insert(cb).second;
+	}
+
+bro_broker::Stats bro_broker::Manager::ConsumeStatistics()
+	{
+	statistics.outgoing_peer_count = peers.size();
+	statistics.data_store_count = data_stores.size();
+	statistics.pending_query_count = pending_queries.size();
+
+	for ( auto& s : print_subscriptions )
+		{
+		statistics.print_count[s.first] = s.second.received;
+		s.second.received = 0;
+		}
+
+	for ( auto& s : event_subscriptions )
+		{
+		statistics.event_count[s.first] = s.second.received;
+		s.second.received = 0;
+		}
+
+	for ( auto& s : log_subscriptions )
+		{
+		statistics.log_count[s.first] = s.second.received;
+		s.second.received = 0;
+		}
+
+	auto rval = move(statistics);
+	statistics = Stats{};
+	return rval;
+	}
diff --git a/src/broker/Manager.h b/src/broker/Manager.h
new file mode 100644
index 0000000000..63fbba074a
--- /dev/null
+++ b/src/broker/Manager.h
@@ -0,0 +1,366 @@
+#ifndef BRO_COMM_MANAGER_H
+#define BRO_COMM_MANAGER_H
+
+#include <broker/endpoint.hh>
+#include <broker/message_queue.hh>
+#include <memory>
+#include <string>
+#include <map>
+#include <unordered_set>
+#include "broker/Store.h"
+#include "Reporter.h"
+#include "iosource/IOSource.h"
+#include "Val.h"
+
+namespace bro_broker {
+
+/**
+ * Communication statistics.  Some are tracked in relation to last
+ * sample (bro_broker::Manager::ConsumeStatistics()).
+ */
+struct Stats {
+	// Number of outgoing peer connections (at time of sample).
+	size_t outgoing_peer_count = 0;
+	// Number of data stores (at time of sample).
+	size_t data_store_count = 0;
+	// Number of pending data store queries (at time of sample).
+	size_t pending_query_count = 0;
+	// Number of data store responses received (since last sample).
+	size_t response_count = 0;
+	// Number of outgoing connection updates received (since last sample).
+	size_t outgoing_conn_status_count = 0;
+	// Number of incoming connection updates received (since last sample).
+	size_t incoming_conn_status_count = 0;
+	// Number of broker report messages (e.g. debug, warning, errors) received
+	// (since last sample).
+	size_t report_count = 0;
+	// Number of print messages received per topic-prefix (since last sample).
+	std::map<std::string, size_t> print_count;
+	// Number of event messages received per topic-prefix (since last sample).
+	std::map<std::string, size_t> event_count;
+	// Number of log messages received per topic-prefix (since last sample).
+	std::map<std::string, size_t> log_count;
+};
+
+/**
+ * Manages various forms of communication between peer Bro processes
+ * or other external applications via use of the Broker messaging library.
+ */
+class Manager : public iosource::IOSource {
+friend class StoreHandleVal;
+public:
+
+	/**
+	 * Destructor.  Any still-pending data store queries are aborted.
+	 */
+	~Manager();
+
+	/**
+	 * Enable use of communication.
+	 * @param flags used to tune the local Broker endpoint's behavior.
+	 * See the BrokerComm::EndpointFlags record type.
+	 * @return true if communication is successfully initialized.
+	 */
+	bool Enable(Val* flags);
+
+	/**
+	 * Changes endpoint flags originally supplied to bro_broker::Manager::Enable().
+	 * @param flags the new behavior flags to use.
+	 * @return true if flags were changed.
+	 */
+	bool SetEndpointFlags(Val* flags);
+
+	/**
+	 * @return true if bro_broker::Manager::Enable() has previously been called and
+	 * it succeeded.
+	 */
+	bool Enabled()
+		{ return endpoint != nullptr; }
+
+	/**
+	 * Listen for remote connections.
+	 * @param port the TCP port to listen on.
+	 * @param addr an address string on which to accept connections, e.g.
+	 * "127.0.0.1".  A nullptr refers to @p INADDR_ANY.
+	 * @param reuse_addr equivalent to behavior of SO_REUSEADDR.
+	 * @return true if the local endpoint is now listening for connections.
+	 */
+	bool Listen(uint16_t port, const char* addr = nullptr,
+	            bool reuse_addr = true);
+
+	/**
+	 * Initiate a remote connection.
+	 * @param addr an address to connect to, e.g. "localhost" or "127.0.0.1".
+	 * @param port the TCP port on which the remote side is listening.
+	 * @param retry_interval an interval at which to retry establishing the
+	 * connection with the remote peer.
+	 * @return true if it's possible to try connecting with the peer and
+	 * it's a new peer.  The actual connection may not be established until a
+	 * later point in time.
+	 */
+	bool Connect(std::string addr, uint16_t port,
+	             std::chrono::duration<double> retry_interval);
+
+	/**
+	 * Remove a remote connection.
+	 * @param addr the address used in bro_broker::Manager::Connect().
+	 * @param port the port used in bro_broker::Manager::Connect().
+	 * @return true if the arguments match a previously successful call to
+	 * bro_broker::Manager::Connect().
+	 */
+	bool Disconnect(const std::string& addr, uint16_t port);
+
+	/**
+	 * Print a simple message to any interested peers.
+	 * @param topic a topic string associated with the print message.
+	 * Peers advertise interest by registering a subscription to some prefix
+	 * of this topic name.
+	 * @param msg the string to send to peers.
+	 * @param flags tune the behavior of how the message is send.
+	 * See the BrokerComm::SendFlags record type.
+	 * @return true if the message is sent successfully.
+	 */
+	bool Print(std::string topic, std::string msg, Val* flags);
+
+	/**
+	 * Send an event to any interested peers.
+	 * @param topic a topic string associated with the print message.
+	 * Peers advertise interest by registering a subscription to some prefix
+	 * of this topic name.
+	 * @param msg the event to send to peers, which is the name of the event
+	 * as a string followed by all of its arguments.
+	 * @param flags tune the behavior of how the message is send.
+	 * See the BrokerComm::SendFlags record type.
+	 * @return true if the message is sent successfully.
+	 */
+	bool Event(std::string topic, broker::message msg, int flags);
+
+	/**
+	 * Send an event to any interested peers.
+	 * @param topic a topic string associated with the print message.
+	 * Peers advertise interest by registering a subscription to some prefix
+	 * of this topic name.
+	 * @param args the event and its arguments to send to peers.  See the
+	 * BrokerComm::EventArgs record type.
+	 * @param flags tune the behavior of how the message is send.
+	 * See the BrokerComm::SendFlags record type.
+	 * @return true if the message is sent successfully.
+	 */
+	bool Event(std::string topic, RecordVal* args, Val* flags);
+
+	/**
+	 * Send a log entry to any interested peers.  The topic name used is
+	 * implicitly "bro/log/<stream-name>".
+	 * @param stream_id the stream to which the log entry belongs.
+	 * @param columns the data which comprises the log entry.
+	 * @param info the record type corresponding to the log's columns.
+	 * @param flags tune the behavior of how the message is send.
+	 * See the BrokerComm::SendFlags record type.
+	 * @return true if the message is sent successfully.
+	 */
+	bool Log(EnumVal* stream_id, RecordVal* columns, RecordType* info,
+	         int flags);
+
+	/**
+	 * Automatically send an event to any interested peers whenever it is
+	 * locally dispatched (e.g. using "event my_event(...);" in a script).
+	 * @param topic a topic string associated with the event message.
+	 * Peers advertise interest by registering a subscription to some prefix
+	 * of this topic name.
+	 * @param event a Bro event value.
+	 * @param flags tune the behavior of how the message is send.
+	 * See the BrokerComm::SendFlags record type.
+	 * @return true if automatic event sending is now enabled.
+	 */
+	bool AutoEvent(std::string topic, Val* event, Val* flags);
+
+	/**
+	 * Stop automatically sending an event to peers upon local dispatch.
+	 * @param topic a topic originally given to bro_broker::Manager::AutoEvent().
+	 * @param event an event originally given to bro_broker::Manager::AutoEvent().
+	 * @return true if automatic events will no occur for the topic/event pair.
+	 */
+	bool AutoEventStop(const std::string& topic, Val* event);
+
+	/**
+	 * Create an EventArgs record value from an event and its arguments.
+	 * @param args the event and its arguments.  The event is always the first
+	 * elements in the list.
+	 * @return an EventArgs record value.  If an invalid event or arguments
+	 * were supplied the optional "name" field will not be set.
+	 */
+	RecordVal* MakeEventArgs(val_list* args);
+
+	/**
+	 * Register interest in peer print messages that use a certain topic prefix.
+	 * @param topic_prefix a prefix to match against remote message topics.
+	 * e.g. an empty prefix will match everything and "a" will match "alice"
+	 * and "amy" but not "bob".
+	 * @return true if it's a new print subscriptions and it is now registered.
+	 */
+	bool SubscribeToPrints(std::string topic_prefix);
+
+	/**
+	 * Unregister interest in peer print messages.
+	 * @param topic_prefix a prefix previously supplied to a successful call
+	 * to bro_broker::Manager::SubscribeToPrints().
+	 * @return true if interest in topic prefix is no longer advertised.
+	 */
+	bool UnsubscribeToPrints(const std::string& topic_prefix);
+
+	/**
+	 * Register interest in peer event messages that use a certain topic prefix.
+	 * @param topic_prefix a prefix to match against remote message topics.
+	 * e.g. an empty prefix will match everything and "a" will match "alice"
+	 * and "amy" but not "bob".
+	 * @return true if it's a new event subscription and it is now registered.
+	 */
+	bool SubscribeToEvents(std::string topic_prefix);
+
+	/**
+	 * Unregister interest in peer event messages.
+	 * @param topic_prefix a prefix previously supplied to a successful call
+	 * to bro_broker::Manager::SubscribeToEvents().
+	 * @return true if interest in topic prefix is no longer advertised.
+	 */
+	bool UnsubscribeToEvents(const std::string& topic_prefix);
+
+	/**
+	 * Register interest in peer log messages that use a certain topic prefix.
+	 * @param topic_prefix a prefix to match against remote message topics.
+	 * e.g. an empty prefix will match everything and "a" will match "alice"
+	 * and "amy" but not "bob".
+	 * @return true if it's a new log subscription and it is now registered.
+	 */
+	bool SubscribeToLogs(std::string topic_prefix);
+
+	/**
+	 * Unregister interest in peer log messages.
+	 * @param topic_prefix a prefix previously supplied to a successful call
+	 * to bro_broker::Manager::SubscribeToLogs().
+	 * @return true if interest in topic prefix is no longer advertised.
+	 */
+	bool UnsubscribeToLogs(const std::string& topic_prefix);
+
+	/**
+	 * Allow sending messages to peers if associated with the given topic.
+	 * This has no effect if auto publication behavior is enabled via the flags
+	 * supplied to bro_broker::Manager::Enable() or bro_broker::Manager::SetEndpointFlags().
+	 * @param t a topic to allow messages to be published under.
+	 * @return true if successful.
+	 */
+	bool PublishTopic(broker::topic t);
+
+	/**
+	 * Disallow sending messages to peers if associated with the given topic.
+	 * This has no effect if auto publication behavior is enabled via the flags
+	 * supplied to bro_broker::Manager::Enable() or bro_broker::Manager::SetEndpointFlags().
+	 * @param t a topic to disallow messages to be published under.
+	 * @return true if successful.
+	 */
+	bool UnpublishTopic(broker::topic t);
+
+	/**
+	 * Allow advertising interest in the given topic to peers.
+	 * This has no effect if auto advertise behavior is enabled via the flags
+	 * supplied to bro_broker::Manager::Enable() or bro_broker::Manager::SetEndpointFlags().
+	 * @param t a topic to allow advertising interest/subscription to peers.
+	 * @return true if successful.
+	 */
+	bool AdvertiseTopic(broker::topic t);
+
+	/**
+	 * Disallow advertising interest in the given topic to peers.
+	 * This has no effect if auto advertise behavior is enabled via the flags
+	 * supplied to bro_broker::Manager::Enable() or bro_broker::Manager::SetEndpointFlags().
+	 * @param t a topic to disallow advertising interest/subscription to peers.
+	 * @return true if successful.
+	 */
+	bool UnadvertiseTopic(broker::topic t);
+
+	/**
+	 * Register the availability of a data store.
+	 * @param handle the data store.
+	 * @return true if the store was valid and not already away of it.
+	 */
+	bool AddStore(StoreHandleVal* handle);
+
+	/**
+	 * Lookup a data store by it's identifier name and type.
+	 * @param id the store's name.
+	 * @param type the type of data store.
+	 * @return a pointer to the store handle if it exists else nullptr.
+	 */
+	StoreHandleVal* LookupStore(const broker::store::identifier& id, StoreType type);
+
+	/**
+	 * Close and unregister a data store.  Any existing references to the
+	 * store handle will not be able to be used for any data store operations.
+	 * @param id the stores' name.
+	 * @param type the type of the data store.
+	 * @return true if such a store existed and is now closed.
+	 */
+	bool CloseStore(const broker::store::identifier& id, StoreType type);
+
+	/**
+	 * Register a data store query callback.
+	 * @param cb the callback info to use when the query completes or times out.
+	 * @return true if now tracking a data store query.
+	 */
+	bool TrackStoreQuery(StoreQueryCallback* cb);
+
+	/**
+	 * @return communication statistics.
+	 */
+	Stats ConsumeStatistics();
+
+	/**
+	 * Convert BrokerComm::SendFlags to int flags for use with broker::send().
+	 */
+	static int send_flags_to_int(Val* flags);
+
+private:
+
+	// IOSource interface overrides:
+	void GetFds(iosource::FD_Set* read, iosource::FD_Set* write,
+	            iosource::FD_Set* except) override;
+
+	double NextTimestamp(double* local_network_time) override;
+
+	void Process() override;
+
+	const char* Tag() override
+		{ return "BrokerComm::Manager"; }
+
+	broker::endpoint& Endpoint()
+		{ return *endpoint; }
+
+	struct QueueWithStats {
+		broker::message_queue q;
+		size_t received = 0;
+	};
+
+	std::unique_ptr<broker::endpoint> endpoint;
+	std::map<std::pair<std::string, uint16_t>, broker::peering> peers;
+	std::map<std::string, QueueWithStats> print_subscriptions;
+	std::map<std::string, QueueWithStats> event_subscriptions;
+	std::map<std::string, QueueWithStats> log_subscriptions;
+
+	std::map<std::pair<broker::store::identifier, StoreType>,
+	         StoreHandleVal*> data_stores;
+	std::unordered_set<StoreQueryCallback*> pending_queries;
+
+	Stats statistics;
+
+	static VectorType* vector_of_data_type;
+	static EnumType* log_id_type;
+	static int send_flags_self_idx;
+	static int send_flags_peers_idx;
+	static int send_flags_unsolicited_idx;
+};
+
+} // namespace bro_broker
+
+extern bro_broker::Manager* broker_mgr;
+
+#endif // BRO_COMM_MANAGER_H
diff --git a/src/broker/Store.cc b/src/broker/Store.cc
new file mode 100644
index 0000000000..f9effa6d9e
--- /dev/null
+++ b/src/broker/Store.cc
@@ -0,0 +1,204 @@
+#include "Store.h"
+#include "broker/Manager.h"
+
+#include <broker/store/master.hh>
+#include <broker/store/clone.hh>
+#include <broker/store/sqlite_backend.hh>
+
+#ifdef HAVE_ROCKSDB
+#include <broker/store/rocksdb_backend.hh>
+#include <rocksdb/db.h>
+#endif
+
+OpaqueType* bro_broker::opaque_of_store_handle;
+
+bro_broker::StoreHandleVal::StoreHandleVal(broker::store::identifier id,
+                                     bro_broker::StoreType arg_type,
+                                     broker::util::optional<BifEnum::BrokerStore::BackendType> arg_back,
+                                     RecordVal* backend_options, std::chrono::duration<double> resync)
+	: OpaqueVal(opaque_of_store_handle),
+	  store(), store_type(arg_type), backend_type(arg_back)
+	{
+	using BifEnum::BrokerStore::BackendType;
+	std::unique_ptr<broker::store::backend> backend;
+
+	if ( backend_type )
+		switch ( *backend_type ) {
+		case BackendType::MEMORY:
+			backend.reset(new broker::store::memory_backend);
+			break;
+		case BackendType::SQLITE:
+			{
+			auto sqlite = new broker::store::sqlite_backend;
+			std::string path = backend_options->Lookup(0)->AsRecordVal()
+			                   ->Lookup(0)->AsStringVal()->CheckString();
+
+			if ( sqlite->open(path) )
+				backend.reset(sqlite);
+			else
+				{
+				reporter->Error("failed to open sqlite backend at path %s: %s",
+				                path.data(), sqlite->last_error().data());
+				delete sqlite;
+				}
+			}
+			break;
+		case BackendType::ROCKSDB:
+			{
+#ifdef HAVE_ROCKSDB
+			std::string path = backend_options->Lookup(1)->AsRecordVal()
+			                   ->Lookup(0)->AsStringVal()->CheckString();
+			rocksdb::Options rock_op;
+			rock_op.create_if_missing = true;
+
+			auto rocksdb = new broker::store::rocksdb_backend;
+
+			if ( rocksdb->open(path, options).ok() )
+				backend.reset(rocksdb);
+			else
+				{
+				reporter->Error("failed to open rocksdb backend at path %s: %s",
+				                path.data(), rocksdb->last_error().data());
+				delete rocksdb;
+				}
+#else
+			reporter->Error("rocksdb backend support is not enabled");
+#endif
+			}
+			break;
+		default:
+			reporter->FatalError("unknown data store backend: %d",
+			                     static_cast<int>(*backend_type));
+			}
+
+	switch ( store_type ) {
+	case StoreType::FRONTEND:
+		store = new broker::store::frontend(broker_mgr->Endpoint(), move(id));
+		break;
+	case StoreType::MASTER:
+		store = new broker::store::master(broker_mgr->Endpoint(), move(id),
+		                                  move(backend));
+		break;
+	case StoreType::CLONE:
+		store = new broker::store::clone(broker_mgr->Endpoint(), move(id), resync,
+		                                 move(backend));
+		break;
+	default:
+		reporter->FatalError("unknown data store type: %d",
+		                     static_cast<int>(store_type));
+		}
+	}
+
+void bro_broker::StoreHandleVal::ValDescribe(ODesc* d) const
+	{
+	using BifEnum::BrokerStore::BackendType;
+	d->Add("broker::store::");
+
+	switch ( store_type ) {
+	case StoreType::FRONTEND:
+		d->Add("frontend");
+		break;
+	case StoreType::MASTER:
+		d->Add("master");
+		break;
+	case StoreType::CLONE:
+		d->Add("clone");
+		break;
+	default:
+		d->Add("unknown");
+		}
+
+	d->Add("{");
+	d->Add(store->id());
+
+	if ( backend_type )
+		{
+		d->Add(", ");
+
+		switch ( *backend_type ) {
+		case BackendType::MEMORY:
+			d->Add("memory");
+			break;
+		case BackendType::SQLITE:
+			d->Add("sqlite");
+			break;
+		case BackendType::ROCKSDB:
+			d->Add("rocksdb");
+			break;
+		default:
+			d->Add("unknown");
+			}
+		}
+
+	d->Add("}");
+	}
+
+IMPLEMENT_SERIAL(bro_broker::StoreHandleVal, SER_COMM_STORE_HANDLE_VAL);
+
+bool bro_broker::StoreHandleVal::DoSerialize(SerialInfo* info) const
+	{
+	DO_SERIALIZE(SER_COMM_STORE_HANDLE_VAL, OpaqueVal);
+
+	bool have_store = store != nullptr;
+
+	if ( ! SERIALIZE(have_store) )
+		return false;
+
+	if ( ! have_store )
+		return true;
+
+	if ( ! SERIALIZE(static_cast<int>(store_type)) )
+		return false;
+
+	if ( ! SERIALIZE_STR(store->id().data(), store->id().size()) )
+		return false;
+
+	return true;
+	}
+
+bool bro_broker::StoreHandleVal::DoUnserialize(UnserialInfo* info)
+	{
+	DO_UNSERIALIZE(OpaqueVal);
+
+	bool have_store;
+
+	if ( ! UNSERIALIZE(&have_store) )
+		return false;
+
+	if ( ! have_store )
+		{
+		store = nullptr;
+		return true;
+		}
+
+	int type;
+
+	if ( ! UNSERIALIZE(&type) )
+		return false;
+
+	const char* id_str;
+	int len;
+
+	if ( ! UNSERIALIZE_STR(&id_str, &len) )
+		return false;
+
+	broker::store::identifier id(id_str, len);
+	delete [] id_str;
+
+	auto handle = broker_mgr->LookupStore(id, static_cast<bro_broker::StoreType>(type));
+
+	if ( ! handle )
+		{
+		// Passing serialized version of store handles to other Bro processes
+		// doesn't make sense, only allow local clones of the handle val.
+		reporter->Error("failed to look up unserialized store handle %s, %d",
+		                id.data(), type);
+		store = nullptr;
+		return false;
+		}
+
+	store = handle->store;
+	store_type = handle->store_type;
+	backend_type = handle->backend_type;
+	return true;
+	}
diff --git a/src/broker/Store.h b/src/broker/Store.h
new file mode 100644
index 0000000000..5823e0c3f8
--- /dev/null
+++ b/src/broker/Store.h
@@ -0,0 +1,153 @@
+#ifndef BRO_COMM_STORE_H
+#define BRO_COMM_STORE_H
+
+#include "broker/store.bif.h"
+#include "broker/data.bif.h"
+#include "Reporter.h"
+#include "Type.h"
+#include "Val.h"
+#include "Trigger.h"
+
+#include <broker/store/frontend.hh>
+
+namespace bro_broker {
+
+extern OpaqueType* opaque_of_store_handle;
+
+/**
+ * Enumerates the possible types of data stores.
+ */
+enum StoreType {
+	// Just a view in to a remote store, contains no data itself.
+	FRONTEND,
+	MASTER,
+	CLONE,
+};
+
+/**
+ * Create a BrokerStore::QueryStatus value.
+ * @param success whether the query status should be set to success or failure.
+ * @return a BrokerStore::QueryStatus value.
+ */
+inline EnumVal* query_status(bool success)
+	{
+	static EnumType* store_query_status = nullptr;
+	static int success_val;
+	static int failure_val;
+
+	if ( ! store_query_status )
+		{
+		store_query_status = internal_type("BrokerStore::QueryStatus")->AsEnumType();
+		success_val = store_query_status->Lookup("BrokerStore", "SUCCESS");
+		failure_val = store_query_status->Lookup("BrokerStore", "FAILURE");
+		}
+
+	return new EnumVal(success ? success_val : failure_val, store_query_status);
+	}
+
+/**
+ * @return a BrokerStore::QueryResult value that has a BrokerStore::QueryStatus indicating
+ * a failure.
+ */
+inline RecordVal* query_result()
+	{
+	auto rval = new RecordVal(BifType::Record::BrokerStore::QueryResult);
+	rval->Assign(0, query_status(false));
+	rval->Assign(1, new RecordVal(BifType::Record::BrokerComm::Data));
+	return rval;
+	}
+
+/**
+ * @param data the result of the query.
+ * @return a BrokerStore::QueryResult value that has a BrokerStore::QueryStatus indicating
+ * a success.
+ */
+inline RecordVal* query_result(RecordVal* data)
+	{
+	auto rval = new RecordVal(BifType::Record::BrokerStore::QueryResult);
+	rval->Assign(0, query_status(true));
+	rval->Assign(1, data);
+	return rval;
+	}
+
+/**
+ * Used for asynchronous data store queries which use "when" statements.
+ */
+class StoreQueryCallback {
+public:
+
+	StoreQueryCallback(Trigger* arg_trigger, const CallExpr* arg_call,
+					   broker::store::identifier arg_store_id,
+	                   StoreType arg_store_type)
+		: trigger(arg_trigger), call(arg_call), store_id(move(arg_store_id)),
+	      store_type(arg_store_type)
+		{
+		Ref(trigger);
+		}
+
+	~StoreQueryCallback()
+		{
+		Unref(trigger);
+		}
+
+	void Result(RecordVal* result)
+		{
+		trigger->Cache(call, result);
+		trigger->Release();
+		Unref(result);
+		}
+
+	void Abort()
+		{
+		auto result = query_result();
+		trigger->Cache(call, result);
+		trigger->Release();
+		Unref(result);
+		}
+
+	bool Disabled() const
+		{ return trigger->Disabled(); }
+
+	const broker::store::identifier& StoreID() const
+		{ return store_id; }
+
+	StoreType GetStoreType() const
+		{ return store_type; }
+
+private:
+
+	Trigger* trigger;
+	const CallExpr* call;
+	broker::store::identifier store_id;
+	StoreType store_type;
+};
+
+/**
+ * An opaque handle which wraps a Broker data store.
+ */
+class StoreHandleVal : public OpaqueVal {
+public:
+
+	StoreHandleVal(broker::store::identifier id,
+		       bro_broker::StoreType arg_type,
+		       broker::util::optional<BifEnum::BrokerStore::BackendType> arg_back,
+		       RecordVal* backend_options,
+		       std::chrono::duration<double> resync = std::chrono::seconds(1));
+
+	void ValDescribe(ODesc* d) const override;
+
+	DECLARE_SERIAL(StoreHandleVal);
+
+	broker::store::frontend* store;
+	bro_broker::StoreType store_type;
+	broker::util::optional<BifEnum::BrokerStore::BackendType> backend_type;
+
+protected:
+
+	StoreHandleVal()
+		{}
+};
+
+} // namespace bro_broker
+
+#endif // BRO_COMM_STORE_H
diff --git a/src/broker/comm.bif b/src/broker/comm.bif
new file mode 100644
index 0000000000..f8dd546965
--- /dev/null
+++ b/src/broker/comm.bif
@@ -0,0 +1,199 @@
+
+##! Functions and events regarding Bro's broker communication mechanisms.
+
+%%{
+#include "broker/Manager.h"
+%%}
+
+module BrokerComm;
+
+type BrokerComm::EndpointFlags: record;
+
+## Enable use of communication.
+##
+## flags: used to tune the local Broker endpoint behavior.
+##
+## Returns: true if communication is successfully initialized.
+function BrokerComm::enable%(flags: EndpointFlags &default = EndpointFlags()%): bool
+	%{
+	return new Val(broker_mgr->Enable(flags), TYPE_BOOL);
+	%}
+
+## Changes endpoint flags originally supplied to :bro:see:`BrokerComm::enable`.
+##
+## flags: the new endpoint behavior flags to use.
+##
+## Returns: true if flags were changed.
+function BrokerComm::set_endpoint_flags%(flags: EndpointFlags &default = EndpointFlags()%): bool
+	%{
+	return new Val(broker_mgr->SetEndpointFlags(flags), TYPE_BOOL);
+	%}
+
+## Allow sending messages to peers if associated with the given topic.
+## This has no effect if auto publication behavior is enabled via the flags
+## supplied to :bro:see:`BrokerComm::enable` or :bro:see:`BrokerComm::set_endpoint_flags`.
+##
+## topic: a topic to allow messages to be published under.
+##
+## Returns: true if successful.
+function BrokerComm::publish_topic%(topic: string%): bool
+	%{
+	return new Val(broker_mgr->PublishTopic(topic->CheckString()), TYPE_BOOL);
+	%}
+
+## Disallow sending messages to peers if associated with the given topic.
+## This has no effect if auto publication behavior is enabled via the flags
+## supplied to :bro:see:`BrokerComm::enable` or :bro:see:`BrokerComm::set_endpoint_flags`.
+##
+## topic: a topic to disallow messages to be published under.
+##
+## Returns: true if successful.
+function BrokerComm::unpublish_topic%(topic: string%): bool
+	%{
+	return new Val(broker_mgr->UnpublishTopic(topic->CheckString()), TYPE_BOOL);
+	%}
+
+## Allow advertising interest in the given topic to peers.
+## This has no effect if auto advertise behavior is enabled via the flags
+## supplied to :bro:see:`BrokerComm::enable` or :bro:see:`BrokerComm::set_endpoint_flags`.
+##
+## topic: a topic to allow advertising interest/subscription to peers.
+##
+## Returns: true if successful.
+function BrokerComm::advertise_topic%(topic: string%): bool
+	%{
+	return new Val(broker_mgr->AdvertiseTopic(topic->CheckString()), TYPE_BOOL);
+	%}
+
+## Disallow advertising interest in the given topic to peers.
+## This has no effect if auto advertise behavior is enabled via the flags
+## supplied to :bro:see:`BrokerComm::enable` or :bro:see:`BrokerComm::set_endpoint_flags`.
+##
+## topic: a topic to disallow advertising interest/subscription to peers.
+##
+## Returns: true if successful.
+function BrokerComm::unadvertise_topic%(topic: string%): bool
+	%{
+	return new Val(broker_mgr->UnadvertiseTopic(topic->CheckString()), TYPE_BOOL);
+	%}
+
+## Generated when a connection has been established due to a previous call
+## to :bro:see:`BrokerComm::connect`.
+##
+## peer_address: the address used to connect to the peer.
+##
+## peer_port: the port used to connect to the peer.
+##
+## peer_name: the name by which the peer identified itself.
+event BrokerComm::outgoing_connection_established%(peer_address: string,
+                                             peer_port: port,
+                                             peer_name: string%);
+
+## Generated when a previously established connection becomes broken.
+## Reconnection will automatically be attempted at a frequency given
+## by the original call to :bro:see:`BrokerComm::connect`.
+##
+## peer_address: the address used to connect to the peer.
+##
+## peer_port: the port used to connect to the peer.
+##
+## .. bro:see:: BrokerComm::outgoing_connection_established
+event BrokerComm::outgoing_connection_broken%(peer_address: string,
+                                        peer_port: port%);
+
+## Generated when a connection via :bro:see:`BrokerComm::connect` has failed
+## because the remote side is incompatible.
+##
+## peer_address: the address used to connect to the peer.
+##
+## peer_port: the port used to connect to the peer.
+event BrokerComm::outgoing_connection_incompatible%(peer_address: string,
+                                              peer_port: port%);
+
+## Generated when a peer has established a connection with this process
+## as a result of previously performing a :bro:see:`BrokerComm::listen`.
+##
+## peer_name: the name by which the peer identified itself.
+event BrokerComm::incoming_connection_established%(peer_name: string%);
+
+## Generated when a peer that previously established a connection with this
+## process becomes disconnected.
+##
+## peer_name: the name by which the peer identified itself.
+##
+## .. bro:see:: BrokerComm::incoming_connection_established
+event BrokerComm::incoming_connection_broken%(peer_name: string%);
+
+## Listen for remote connections.
+##
+## p: the TCP port to listen on.
+##
+## a: an address string on which to accept connections, e.g.
+##    "127.0.0.1".  An empty string refers to @p INADDR_ANY.
+##
+## reuse: equivalent to behavior of SO_REUSEADDR.
+##
+## Returns: true if the local endpoint is now listening for connections.
+##
+## .. bro:see:: BrokerComm::incoming_connection_established
+function BrokerComm::listen%(p: port, a: string &default = "",
+					   reuse: bool &default = T%): bool
+	%{
+	if ( ! p->IsTCP() )
+		{
+		reporter->Error("listen port must use tcp");
+		return new Val(false, TYPE_BOOL);
+		}
+
+	auto rval = broker_mgr->Listen(p->Port(), a->Len() ? a->CheckString() : 0,
+								 reuse);
+	return new Val(rval, TYPE_BOOL);
+	%}
+
+## Initiate a remote connection.
+##
+## a: an address to connect to, e.g. "localhost" or "127.0.0.1".
+##
+## p: the TCP port on which the remote side is listening.
+##
+## retry: an interval at which to retry establishing the
+##        connection with the remote peer if it cannot be made initially, or
+##        if it ever becomes disconnected.
+##
+## Returns: true if it's possible to try connecting with the peer and
+##          it's a new peer.  The actual connection may not be established
+##          until a later point in time.
+##
+## .. bro:see:: BrokerComm::outgoing_connection_established
+function BrokerComm::connect%(a: string, p: port, retry: interval%): bool
+	%{
+	if ( ! p->IsTCP() )
+		{
+		reporter->Error("remote connection port must use tcp");
+		return new Val(false, TYPE_BOOL);
+		}
+
+	auto rval = broker_mgr->Connect(a->CheckString(), p->Port(),
+	                              std::chrono::duration<double>(retry));
+	return new Val(rval, TYPE_BOOL);
+	%}
+
+## Remove a remote connection.
+##
+## a: the address used in previous successful call to :bro:see:`BrokerComm::connect`.
+##
+## p: the port used in previous successful call to :bro:see:`BrokerComm::connect`.
+##
+## Returns: true if the arguments match a previously successful call to
+##          :bro:see:`BrokerComm::connect`.
+function BrokerComm::disconnect%(a: string, p: port%): bool
+	%{
+	if ( ! p->IsTCP() )
+		{
+		reporter->Error("remote connection port must use tcp");
+		return new Val(false, TYPE_BOOL);
+		}
+
+	auto rval = broker_mgr->Disconnect(a->CheckString(), p->Port());
+	return new Val(rval, TYPE_BOOL);
+	%}
diff --git a/src/broker/data.bif b/src/broker/data.bif
new file mode 100644
index 0000000000..9ea1ca1e86
--- /dev/null
+++ b/src/broker/data.bif
@@ -0,0 +1,835 @@
+
+##! Functions for inspecting and manipulating broker data.
+
+%%{
+#include "broker/Data.h"
+%%}
+
+module BrokerComm;
+
+## Enumerates the possible types that :bro:see:`BrokerComm::Data` may be in
+## terms of Bro data types.
+enum DataType %{
+	BOOL,
+	INT,
+	COUNT,
+	DOUBLE,
+	STRING,
+	ADDR,
+	SUBNET,
+	PORT,
+	TIME,
+	INTERVAL,
+	ENUM,
+	SET,
+	TABLE,
+	VECTOR,
+	RECORD,
+%}
+
+type BrokerComm::Data: record;
+
+type BrokerComm::TableItem: record;
+
+## Convert any Bro value to communication data.
+##
+## d: any Bro value to attempt to convert (not all types are supported).
+##
+## Returns: the converted communication data.  The returned record's optional
+##          field will not be set if the conversion was not possible (this can
+##          happen if the Bro data type does not support being converted to
+##          communication data).
+function BrokerComm::data%(d: any%): BrokerComm::Data
+	%{
+	return bro_broker::make_data_val(d);
+	%}
+
+## Retrieve the type of data associated with communication data.
+##
+## d: the communication data.
+##
+## Returns: the data type associated with the communication data.
+function BrokerComm::data_type%(d: BrokerComm::Data%): BrokerComm::DataType
+	%{
+	return bro_broker::get_data_type(d->AsRecordVal(), frame);
+	%}
+
+## Convert communication data with a type of :bro:see:`BrokerComm::BOOL` to
+## an actual Bro value.
+##
+## d: the communication data to convert.
+##
+## Returns: the value retrieved from the communication data.
+function BrokerComm::refine_to_bool%(d: BrokerComm::Data%): bool
+	%{
+	return bro_broker::refine<bool>(d->AsRecordVal(), TYPE_BOOL, frame);
+	%}
+
+## Convert communication data with a type of :bro:see:`BrokerComm::INT` to
+## an actual Bro value.
+##
+## d: the communication data to convert.
+##
+## Returns: the value retrieved from the communication data.
+function BrokerComm::refine_to_int%(d: BrokerComm::Data%): int
+	%{
+	return bro_broker::refine<int64_t>(d->AsRecordVal(), TYPE_INT, frame);
+	%}
+
+## Convert communication data with a type of :bro:see:`BrokerComm::COUNT` to
+## an actual Bro value.
+##
+## d: the communication data to convert.
+##
+## Returns: the value retrieved from the communication data.
+function BrokerComm::refine_to_count%(d: BrokerComm::Data%): count
+	%{
+	return bro_broker::refine<uint64_t>(d->AsRecordVal(), TYPE_COUNT, frame);
+	%}
+
+## Convert communication data with a type of :bro:see:`BrokerComm::DOUBLE` to
+## an actual Bro value.
+##
+## d: the communication data to convert.
+##
+## Returns: the value retrieved from the communication data.
+function BrokerComm::refine_to_double%(d: BrokerComm::Data%): double
+	%{
+	return bro_broker::refine<double>(d->AsRecordVal(), TYPE_DOUBLE, frame);
+	%}
+
+## Convert communication data with a type of :bro:see:`BrokerComm::STRING` to
+## an actual Bro value.
+##
+## d: the communication data to convert.
+##
+## Returns: the value retrieved from the communication data.
+function BrokerComm::refine_to_string%(d: BrokerComm::Data%): string
+	%{
+	return new StringVal(bro_broker::require_data_type<std::string>(d->AsRecordVal(),
+												              TYPE_STRING,
+															  frame));
+	%}
+
+## Convert communication data with a type of :bro:see:`BrokerComm::ADDR` to
+## an actual Bro value.
+##
+## d: the communication data to convert.
+##
+## Returns: the value retrieved from the communication data.
+function BrokerComm::refine_to_addr%(d: BrokerComm::Data%): addr
+	%{
+	auto& a = bro_broker::require_data_type<broker::address>(d->AsRecordVal(),
+													   TYPE_ADDR, frame);
+	auto bits = reinterpret_cast<const in6_addr*>(&a.bytes());
+	return new AddrVal(IPAddr(*bits));
+	%}
+
+## Convert communication data with a type of :bro:see:`BrokerComm::SUBNET` to
+## an actual Bro value.
+##
+## d: the communication data to convert.
+##
+## Returns: the value retrieved from the communication data.
+function BrokerComm::refine_to_subnet%(d: BrokerComm::Data%): subnet
+	%{
+	auto& a = bro_broker::require_data_type<broker::subnet>(d->AsRecordVal(),
+													  TYPE_SUBNET, frame);
+	auto bits = reinterpret_cast<const in6_addr*>(&a.network().bytes());
+	return new SubNetVal(IPPrefix(IPAddr(*bits), a.length()));
+	%}
+
+## Convert communication data with a type of :bro:see:`BrokerComm::PORT` to
+## an actual Bro value.
+##
+## d: the communication data to convert.
+##
+## Returns: the value retrieved from the communication data.
+function BrokerComm::refine_to_port%(d: BrokerComm::Data%): port
+	%{
+	auto& a = bro_broker::require_data_type<broker::port>(d->AsRecordVal(),
+													TYPE_SUBNET, frame);
+	return new PortVal(a.number(), bro_broker::to_bro_port_proto(a.type()));
+	%}
+
+## Convert communication data with a type of :bro:see:`BrokerComm::TIME` to
+## an actual Bro value.
+##
+## d: the communication data to convert.
+##
+## Returns: the value retrieved from the communication data.
+function BrokerComm::refine_to_time%(d: BrokerComm::Data%): time
+	%{
+	auto v = bro_broker::require_data_type<broker::time_point>(d->AsRecordVal(),
+														TYPE_TIME, frame).value;
+	return new Val(v, TYPE_TIME);
+	%}
+
+## Convert communication data with a type of :bro:see:`BrokerComm::INTERVAL` to
+## an actual Bro value.
+##
+## d: the communication data to convert.
+##
+## Returns: the value retrieved from the communication data.
+function BrokerComm::refine_to_interval%(d: BrokerComm::Data%): interval
+	%{
+	auto v = bro_broker::require_data_type<broker::time_duration>(d->AsRecordVal(),
+														TYPE_TIME, frame).value;
+	return new Val(v, TYPE_INTERVAL);
+	%}
+
+## Convert communication data with a type of :bro:see:`BrokerComm::ENUM` to
+## the name of the enum value.  :bro:see:`lookup_ID` may be used to convert
+## the name to the actual enum value.
+##
+## d: the communication data to convert.
+##
+## Returns: the enum name retrieved from the communication data.
+function BrokerComm::refine_to_enum_name%(d: BrokerComm::Data%): string
+	%{
+	auto& v = bro_broker::require_data_type<broker::enum_value>(d->AsRecordVal(),
+														TYPE_ENUM, frame).name;
+	return new StringVal(v);
+	%}
+
+## Create communication data of type "set".
+function BrokerComm::set_create%(%): BrokerComm::Data
+	%{
+	return bro_broker::make_data_val(broker::set());
+	%}
+
+## Remove all elements within a set.
+##
+## s: the set to clear.
+##
+## Returns: always true.
+function BrokerComm::set_clear%(s: BrokerComm::Data%): bool
+	%{
+	auto& v = bro_broker::require_data_type<broker::set>(s->AsRecordVal(), TYPE_TABLE,
+												   frame);
+	v.clear();
+	return new Val(true, TYPE_BOOL);
+	%}
+
+## Get the number of elements within a set.
+##
+## s: the set to query.
+##
+## Returns: the number of elements in the set.
+function BrokerComm::set_size%(s: BrokerComm::Data%): count
+	%{
+	auto& v = bro_broker::require_data_type<broker::set>(s->AsRecordVal(), TYPE_TABLE,
+												   frame);
+	return new Val(static_cast<uint64_t>(v.size()), TYPE_COUNT);
+	%}
+
+## Check if a set contains a particular element.
+##
+## s: the set to query.
+##
+## key: the element to check for existence.
+##
+## Returns: true if the key exists in the set.
+function BrokerComm::set_contains%(s: BrokerComm::Data, key: BrokerComm::Data%): bool
+	%{
+	auto& v = bro_broker::require_data_type<broker::set>(s->AsRecordVal(), TYPE_TABLE,
+												   frame);
+	auto& k = bro_broker::opaque_field_to_data(key->AsRecordVal(), frame);
+	return new Val(v.find(k) != v.end(), TYPE_BOOL);
+	%}
+
+## Insert an element into a set.
+##
+## s: the set to modify.
+##
+## key: the element to insert.
+##
+## Returns: true if the key was inserted, or false if it already existed.
+function BrokerComm::set_insert%(s: BrokerComm::Data, key: BrokerComm::Data%): bool
+	%{
+	auto& v = bro_broker::require_data_type<broker::set>(s->AsRecordVal(), TYPE_TABLE,
+												   frame);
+	auto& k = bro_broker::opaque_field_to_data(key->AsRecordVal(), frame);
+	return new Val(v.insert(k).second, TYPE_BOOL);
+	%}
+
+## Remove an element from a set.
+##
+## s: the set to modify.
+##
+## key: the element to remove.
+##
+## Returns: true if the element existed in the set and is now removed.
+function BrokerComm::set_remove%(s: BrokerComm::Data, key: BrokerComm::Data%): bool
+	%{
+	auto& v = bro_broker::require_data_type<broker::set>(s->AsRecordVal(), TYPE_TABLE,
+												   frame);
+	auto& k = bro_broker::opaque_field_to_data(key->AsRecordVal(), frame);
+	return new Val(v.erase(k) > 0, TYPE_BOOL);
+	%}
+
+## Create an iterator for a set.  Note that this makes a copy of the set
+## internally to ensure the iterator is always valid.
+##
+## s: the set to iterate over.
+##
+## Returns: an iterator.
+function BrokerComm::set_iterator%(s: BrokerComm::Data%): opaque of BrokerComm::SetIterator
+	%{
+	return new bro_broker::SetIterator(s->AsRecordVal(), TYPE_TABLE, frame);
+	%}
+
+## Check if there are no more elements to iterate over.
+##
+## it: an iterator.
+##
+## Returns: true if there are no more elements to iterator over, i.e.
+##          the iterator is one-past-the-final-element.
+function BrokerComm::set_iterator_last%(it: opaque of BrokerComm::SetIterator%): bool
+	%{
+	auto set_it = static_cast<bro_broker::SetIterator*>(it);
+	return new Val(set_it->it == set_it->dat.end(), TYPE_BOOL);
+	%}
+
+## Advance an iterator.
+##
+## it: an iterator.
+##
+## Returns: true if the iterator, after advancing, still references an element
+##          in the collection.  False if the iterator, after advancing, is
+##          one-past-the-final-element.
+function BrokerComm::set_iterator_next%(it: opaque of BrokerComm::SetIterator%): bool
+	%{
+	auto set_it = static_cast<bro_broker::SetIterator*>(it);
+
+	if ( set_it->it == set_it->dat.end() )
+		return new Val(false, TYPE_BOOL);
+
+	++set_it->it;
+	return new Val(set_it->it != set_it->dat.end(), TYPE_BOOL);
+	%}
+
+## Retrieve the data at an iterator's current position.
+##
+## it: an iterator.
+##
+## Returns: element in the collection that the iterator currently references.
+function BrokerComm::set_iterator_value%(it: opaque of BrokerComm::SetIterator%): BrokerComm::Data
+	%{
+	auto set_it = static_cast<bro_broker::SetIterator*>(it);
+	auto rval = new RecordVal(BifType::Record::BrokerComm::Data);
+
+	if ( set_it->it == set_it->dat.end() )
+		{
+		reporter->PushLocation(frame->GetCall()->GetLocationInfo());
+		reporter->Warning("attempt to retrieve value of invalid set iterator");
+		reporter->PopLocation();
+		return rval;
+		}
+
+	rval->Assign(0, new bro_broker::DataVal(*set_it->it));
+	return rval;
+	%}
+
+## Create communication data of type "table".
+function BrokerComm::table_create%(%): BrokerComm::Data
+	%{
+	return bro_broker::make_data_val(broker::table());
+	%}
+
+## Remove all elements within a table.
+##
+## t: the table to clear.
+##
+## Returns: always true.
+function BrokerComm::table_clear%(t: BrokerComm::Data%): bool
+	%{
+	auto& v = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
+													 TYPE_TABLE, frame);
+	v.clear();
+	return new Val(true, TYPE_BOOL);
+	%}
+
+## Get the number of elements within a table.
+##
+## t: the table to query.
+##
+## Returns: the number of elements in the table.
+function BrokerComm::table_size%(t: BrokerComm::Data%): count
+	%{
+	auto& v = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
+													 TYPE_TABLE, frame);
+	return new Val(static_cast<uint64_t>(v.size()), TYPE_COUNT);
+	%}
+
+## Check if a table contains a particular key.
+##
+## t: the table to query.
+##
+## key: the key to check for existence.
+##
+## Returns: true if the key exists in the table.
+function BrokerComm::table_contains%(t: BrokerComm::Data, key: BrokerComm::Data%): bool
+	%{
+	auto& v = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
+													 TYPE_TABLE, frame);
+	auto& k = bro_broker::opaque_field_to_data(key->AsRecordVal(), frame);
+	return new Val(v.find(k) != v.end(), TYPE_BOOL);
+	%}
+
+## Insert a key-value pair into a table.
+##
+## t: the table to modify.
+##
+## key: the key at which to insert the value.
+##
+## val: the value to insert.
+##
+## Returns: true if the key-value pair was inserted, or false if the key
+##          already existed in the table.
+function BrokerComm::table_insert%(t: BrokerComm::Data, key: BrokerComm::Data, val: BrokerComm::Data%): BrokerComm::Data
+	%{
+	auto& table = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
+													     TYPE_TABLE, frame);
+	auto& k = bro_broker::opaque_field_to_data(key->AsRecordVal(), frame);
+	auto& v = bro_broker::opaque_field_to_data(val->AsRecordVal(), frame);
+
+	try
+		{
+		auto& prev = table.at(k);
+		auto rval = bro_broker::make_data_val(move(prev));
+		prev = v;
+		return rval;
+		}
+	catch (const std::out_of_range&)
+		{
+		table[k] = v;
+		return new RecordVal(BifType::Record::BrokerComm::Data);
+		}
+	%}
+
+## Remove a key-value pair from a table.
+##
+## t: the table to modify.
+##
+## key: the key to remove from the table.
+##
+## Returns: the value associated with the key.  If the key did not exist, then
+##          the optional field of the returned record is not set.
+function BrokerComm::table_remove%(t: BrokerComm::Data, key: BrokerComm::Data%): BrokerComm::Data
+	%{
+	auto& table = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
+													     TYPE_TABLE, frame);
+	auto& k = bro_broker::opaque_field_to_data(key->AsRecordVal(), frame);
+	auto it = table.find(k);
+
+	if ( it == table.end() )
+		return new RecordVal(BifType::Record::BrokerComm::Data);
+	else
+		{
+		auto rval = bro_broker::make_data_val(move(it->second));
+		table.erase(it);
+		return rval;
+		}
+	%}
+
+## Retrieve a value from a table.
+##
+## t: the table to query.
+##
+## key: the key to lookup.
+##
+## Returns: the value associated with the key.  If the key did not exist, then
+##          the optional field of the returned record is not set.
+function BrokerComm::table_lookup%(t: BrokerComm::Data, key: BrokerComm::Data%): BrokerComm::Data
+	%{
+	auto& table = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
+													     TYPE_TABLE, frame);
+	auto& k = bro_broker::opaque_field_to_data(key->AsRecordVal(), frame);
+	auto it = table.find(k);
+
+	if ( it == table.end() )
+		return new RecordVal(BifType::Record::BrokerComm::Data);
+	else
+		return bro_broker::make_data_val(it->second);
+	%}
+
+## Create an iterator for a table.  Note that this makes a copy of the table
+## internally to ensure the iterator is always valid.
+##
+## t: the table to iterate over.
+##
+## Returns: an iterator.
+function BrokerComm::table_iterator%(t: BrokerComm::Data%): opaque of BrokerComm::TableIterator
+	%{
+	return new bro_broker::TableIterator(t->AsRecordVal(), TYPE_TABLE, frame);
+	%}
+
+## Check if there are no more elements to iterate over.
+##
+## it: an iterator.
+##
+## Returns: true if there are no more elements to iterator over, i.e.
+##          the iterator is one-past-the-final-element.
+function BrokerComm::table_iterator_last%(it: opaque of BrokerComm::TableIterator%): bool
+	%{
+	auto ti = static_cast<bro_broker::TableIterator*>(it);
+	return new Val(ti->it == ti->dat.end(), TYPE_BOOL);
+	%}
+
+## Advance an iterator.
+##
+## it: an iterator.
+##
+## Returns: true if the iterator, after advancing, still references an element
+##          in the collection.  False if the iterator, after advancing, is
+##          one-past-the-final-element.
+function BrokerComm::table_iterator_next%(it: opaque of BrokerComm::TableIterator%): bool
+	%{
+	auto ti = static_cast<bro_broker::TableIterator*>(it);
+
+	if ( ti->it == ti->dat.end() )
+		return new Val(false, TYPE_BOOL);
+
+	++ti->it;
+	return new Val(ti->it != ti->dat.end(), TYPE_BOOL);
+	%}
+
+## Retrieve the data at an iterator's current position.
+##
+## it: an iterator.
+##
+## Returns: element in the collection that the iterator currently references.
+function BrokerComm::table_iterator_value%(it: opaque of BrokerComm::TableIterator%): BrokerComm::TableItem
+	%{
+	auto ti = static_cast<bro_broker::TableIterator*>(it);
+	auto rval = new RecordVal(BifType::Record::BrokerComm::TableItem);
+	auto key_val = new RecordVal(BifType::Record::BrokerComm::Data);
+	auto val_val = new RecordVal(BifType::Record::BrokerComm::Data);
+	rval->Assign(0, key_val);
+	rval->Assign(1, val_val);
+
+	if ( ti->it == ti->dat.end() )
+		{
+		reporter->PushLocation(frame->GetCall()->GetLocationInfo());
+		reporter->Warning("attempt to retrieve value of invalid table iterator");
+		reporter->PopLocation();
+		return rval;
+		}
+
+	key_val->Assign(0, new bro_broker::DataVal(ti->it->first));
+	val_val->Assign(0, new bro_broker::DataVal(ti->it->second));
+	return rval;
+	%}
+
+## Create communication data of type "vector".
+function BrokerComm::vector_create%(%): BrokerComm::Data
+	%{
+	return bro_broker::make_data_val(broker::vector());
+	%}
+
+## Remove all elements within a vector.
+##
+## v: the vector to clear.
+##
+## Returns: always true.
+function BrokerComm::vector_clear%(v: BrokerComm::Data%): bool
+	%{
+	auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
+													    TYPE_VECTOR, frame);
+	vec.clear();
+	return new Val(true, TYPE_BOOL);
+	%}
+
+## Get the number of elements within a vector.
+##
+## v: the vector to query.
+##
+## Returns: the number of elements in the vector.
+function BrokerComm::vector_size%(v: BrokerComm::Data%): count
+	%{
+	auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
+													    TYPE_VECTOR, frame);
+	return new Val(static_cast<uint64_t>(vec.size()), TYPE_COUNT);
+	%}
+
+## Insert an element into a vector at a particular position, possibly displacing
+## existing elements (insertion always grows the size of the vector by one).
+##
+## v: the vector to modify.
+##
+## d: the element to insert.
+##
+## idx: the index at which to insert the data.  If it is greater than the
+##      current size of the vector, the element is inserted at the end.
+##
+## Returns: always true.
+function BrokerComm::vector_insert%(v: BrokerComm::Data, d: BrokerComm::Data, idx: count%): bool
+	%{
+	auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
+													    TYPE_VECTOR, frame);
+	auto& item = bro_broker::opaque_field_to_data(d->AsRecordVal(), frame);
+	idx = min(idx, static_cast<uint64_t>(vec.size()));
+	vec.insert(vec.begin() + idx, item);
+	return new Val(true, TYPE_BOOL);
+	%}
+
+## Replace an element in a vector at a particular position.
+##
+## v: the vector to modify.
+##
+## d: the element to insert.
+##
+## idx: the index to replace.
+##
+## Returns: the value that was just evicted.  If the index was larger than any
+##          valid index, the optional field of the returned record is not set.
+function BrokerComm::vector_replace%(v: BrokerComm::Data, d: BrokerComm::Data, idx: count%): BrokerComm::Data
+	%{
+	auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
+													    TYPE_VECTOR, frame);
+	auto& item = bro_broker::opaque_field_to_data(d->AsRecordVal(), frame);
+
+	if ( idx >= vec.size() )
+		return new RecordVal(BifType::Record::BrokerComm::Data);
+
+	auto rval = bro_broker::make_data_val(move(vec[idx]));
+	vec[idx] = item;
+	return rval;
+	%}
+
+## Remove an element from a vector at a particular position.
+##
+## v: the vector to modify.
+##
+## idx: the index to remove.
+##
+## Returns: the value that was just evicted.  If the index was larger than any
+##          valid index, the optional field of the returned record is not set.
+function BrokerComm::vector_remove%(v: BrokerComm::Data, idx: count%): BrokerComm::Data
+	%{
+	auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
+													    TYPE_VECTOR, frame);
+
+	if ( idx >= vec.size() )
+		return new RecordVal(BifType::Record::BrokerComm::Data);
+
+	auto rval = bro_broker::make_data_val(move(vec[idx]));
+	vec.erase(vec.begin() + idx);
+	return rval;
+	%}
+
+## Lookup an element in a vector at a particular position.
+##
+## v: the vector to query.
+##
+## idx: the index to lookup.
+##
+## Returns: the value at the index.  If the index was larger than any
+##          valid index, the optional field of the returned record is not set.
+function BrokerComm::vector_lookup%(v: BrokerComm::Data, idx: count%): BrokerComm::Data
+	%{
+	auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
+													    TYPE_VECTOR, frame);
+
+	if ( idx >= vec.size() )
+		return new RecordVal(BifType::Record::BrokerComm::Data);
+
+	return bro_broker::make_data_val(vec[idx]);
+	%}
+
+## Create an iterator for a vector.  Note that this makes a copy of the vector
+## internally to ensure the iterator is always valid.
+##
+## v: the vector to iterate over.
+##
+## Returns: an iterator.
+function BrokerComm::vector_iterator%(v: BrokerComm::Data%): opaque of BrokerComm::VectorIterator
+	%{
+	return new bro_broker::VectorIterator(v->AsRecordVal(), TYPE_VECTOR, frame);
+	%}
+
+## Check if there are no more elements to iterate over.
+##
+## it: an iterator.
+##
+## Returns: true if there are no more elements to iterator over, i.e.
+##          the iterator is one-past-the-final-element.
+function BrokerComm::vector_iterator_last%(it: opaque of BrokerComm::VectorIterator%): bool
+	%{
+	auto vi = static_cast<bro_broker::VectorIterator*>(it);
+	return new Val(vi->it == vi->dat.end(), TYPE_BOOL);
+	%}
+
+## Advance an iterator.
+##
+## it: an iterator.
+##
+## Returns: true if the iterator, after advancing, still references an element
+##          in the collection.  False if the iterator, after advancing, is
+##          one-past-the-final-element.
+function BrokerComm::vector_iterator_next%(it: opaque of BrokerComm::VectorIterator%): bool
+	%{
+	auto vi = static_cast<bro_broker::VectorIterator*>(it);
+
+	if ( vi->it == vi->dat.end() )
+		return new Val(false, TYPE_BOOL);
+
+	++vi->it;
+	return new Val(vi->it != vi->dat.end(), TYPE_BOOL);
+	%}
+
+## Retrieve the data at an iterator's current position.
+##
+## it: an iterator.
+##
+## Returns: element in the collection that the iterator currently references.
+function BrokerComm::vector_iterator_value%(it: opaque of BrokerComm::VectorIterator%): BrokerComm::Data
+	%{
+	auto vi = static_cast<bro_broker::VectorIterator*>(it);
+	auto rval = new RecordVal(BifType::Record::BrokerComm::Data);
+
+	if ( vi->it == vi->dat.end() )
+		{
+		reporter->PushLocation(frame->GetCall()->GetLocationInfo());
+		reporter->Warning("attempt to retrieve value of invalid vector iterator");
+		reporter->PopLocation();
+		return rval;
+		}
+
+	rval->Assign(0, new bro_broker::DataVal(*vi->it));
+	return rval;
+	%}
+
+## Create communication data of type "record".
+##
+## sz: the number of fields in the record.
+##
+## Returns: record data, with all fields uninitialized.
+function BrokerComm::record_create%(sz: count%): BrokerComm::Data
+	%{
+	return bro_broker::make_data_val(broker::record(std::vector<broker::record::field>(sz)));
+	%}
+
+## Get the number of fields within a record.
+##
+## r: the record to query.
+##
+## Returns: the number of fields in the record.
+function BrokerComm::record_size%(r: BrokerComm::Data%): count
+	%{
+	auto& v = bro_broker::require_data_type<broker::record>(r->AsRecordVal(),
+													  TYPE_RECORD, frame);
+	return new Val(static_cast<uint64_t>(v.fields.size()), TYPE_COUNT);
+	%}
+
+## Replace a field in a record at a particular position.
+##
+## r: the record to modify.
+##
+## d: the new field value to assign.
+##
+## idx: the index to replace.
+##
+## Returns: false if the index was larger than any valid index, else true.
+function BrokerComm::record_assign%(r: BrokerComm::Data, d: BrokerComm::Data, idx: count%): bool
+	%{
+	auto& v = bro_broker::require_data_type<broker::record>(r->AsRecordVal(),
+													  TYPE_RECORD, frame);
+	auto& item = bro_broker::opaque_field_to_data(d->AsRecordVal(), frame);
+
+	if ( idx >= v.fields.size() )
+		return new Val(false, TYPE_BOOL);
+
+	v.fields[idx] = item;
+	return new Val(true, TYPE_BOOL);
+	%}
+
+## Lookup a field in a record at a particular position.
+##
+## r: the record to query.
+##
+## idx: the index to lookup.
+##
+## Returns: the value at the index.  The optional field of the returned record
+##          may not be set if the field of the record has no value or if the
+##          index was not valid.
+function BrokerComm::record_lookup%(r: BrokerComm::Data, idx: count%): BrokerComm::Data
+	%{
+	auto& v = bro_broker::require_data_type<broker::record>(r->AsRecordVal(),
+													  TYPE_RECORD, frame);
+
+	if ( idx >= v.size() )
+		return new RecordVal(BifType::Record::BrokerComm::Data);
+
+	if ( ! v.fields[idx] )
+		return new RecordVal(BifType::Record::BrokerComm::Data);
+
+	return bro_broker::make_data_val(*v.fields[idx]);
+	%}
+
+## Create an iterator for a record.  Note that this makes a copy of the record
+## internally to ensure the iterator is always valid.
+##
+## r: the record to iterate over.
+##
+## Returns: an iterator.
+function BrokerComm::record_iterator%(r: BrokerComm::Data%): opaque of BrokerComm::RecordIterator
+	%{
+	return new bro_broker::RecordIterator(r->AsRecordVal(), TYPE_RECORD, frame);
+	%}
+
+## Check if there are no more elements to iterate over.
+##
+## it: an iterator.
+##
+## Returns: true if there are no more elements to iterator over, i.e.
+##          the iterator is one-past-the-final-element.
+function BrokerComm::record_iterator_last%(it: opaque of BrokerComm::RecordIterator%): bool
+	%{
+	auto ri = static_cast<bro_broker::RecordIterator*>(it);
+	return new Val(ri->it == ri->dat.fields.end(), TYPE_BOOL);
+	%}
+
+## Advance an iterator.
+##
+## it: an iterator.
+##
+## Returns: true if the iterator, after advancing, still references an element
+##          in the collection.  False if the iterator, after advancing, is
+##          one-past-the-final-element.
+function BrokerComm::record_iterator_next%(it: opaque of BrokerComm::RecordIterator%): bool
+	%{
+	auto ri = static_cast<bro_broker::RecordIterator*>(it);
+
+	if ( ri->it == ri->dat.fields.end() )
+		return new Val(false, TYPE_BOOL);
+
+	++ri->it;
+	return new Val(ri->it != ri->dat.fields.end(), TYPE_BOOL);
+	%}
+
+## Retrieve the data at an iterator's current position.
+##
+## it: an iterator.
+##
+## Returns: element in the collection that the iterator currently references.
+function BrokerComm::record_iterator_value%(it: opaque of BrokerComm::RecordIterator%): BrokerComm::Data
+	%{
+	auto ri = static_cast<bro_broker::RecordIterator*>(it);
+	auto rval = new RecordVal(BifType::Record::BrokerComm::Data);
+
+	if ( ri->it == ri->dat.fields.end() )
+		{
+		reporter->PushLocation(frame->GetCall()->GetLocationInfo());
+		reporter->Warning("attempt to retrieve value of invalid record iterator");
+		reporter->PopLocation();
+		return rval;
+		}
+
+	if ( ! *ri->it )
+		return rval; // field isn't set
+
+	rval->Assign(0, new bro_broker::DataVal(**ri->it));
+	return rval;
+	%}
diff --git a/src/broker/messaging.bif b/src/broker/messaging.bif
new file mode 100644
index 0000000000..97b794b50e
--- /dev/null
+++ b/src/broker/messaging.bif
@@ -0,0 +1,215 @@
+
+##! Functions for peering and various messaging patterns (e.g. print/log/event).
+
+%%{
+#include "broker/Manager.h"
+#include "logging/Manager.h"
+%%}
+
+module BrokerComm;
+
+type BrokerComm::SendFlags: record;
+
+type BrokerComm::EventArgs: record;
+
+## Used to handle remote print messages from peers that call
+## :bro:see:`BrokerComm::print`.
+event BrokerComm::print_handler%(msg: string%);
+
+## Print a simple message to any interested peers.  The receiver can use
+## :bro:see:`BrokerComm::print_handler` to handle messages.
+##
+## topic: a topic associated with the printed message.
+##
+## msg: the print message to send to peers.
+##
+## flags: tune the behavior of how the message is sent.
+##
+## Returns: true if the message is sent.
+function BrokerComm::print%(topic: string, msg: string,
+                      flags: SendFlags &default = SendFlags()%): bool
+	%{
+	auto rval = broker_mgr->Print(topic->CheckString(), msg->CheckString(),
+	                            flags);
+	return new Val(rval, TYPE_BOOL);
+	%}
+
+## Register interest in all peer print messages that use a certain topic prefix.
+## Use :bro:see:`BrokerComm::print_handler` to handle received messages.
+##
+## topic_prefix: a prefix to match against remote message topics.
+##               e.g. an empty prefix matches everything and "a" matches
+##               "alice" and "amy" but not "bob".
+##
+## Returns: true if it's a new print subscription and it is now registered.
+function BrokerComm::subscribe_to_prints%(topic_prefix: string%): bool
+	%{
+	auto rval = broker_mgr->SubscribeToPrints(topic_prefix->CheckString());
+	return new Val(rval, TYPE_BOOL);
+	%}
+
+## Unregister interest in all peer print messages that use a topic prefix.
+##
+## topic_prefix: a prefix previously supplied to a successful call to
+##               :bro:see:`BrokerComm::subscribe_to_prints`.
+##
+## Returns: true if interest in the topic prefix is no longer advertised.
+function BrokerComm::unsubscribe_to_prints%(topic_prefix: string%): bool
+	%{
+	auto rval = broker_mgr->UnsubscribeToPrints(topic_prefix->CheckString());
+	return new Val(rval, TYPE_BOOL);
+	%}
+
+## Create a data structure that may be used to send a remote event via
+## :bro:see:`BrokerComm::event`.
+##
+## args: an event, followed by a list of argument values that may be used
+##       to call it.
+##
+## Returns: opaque communication data that may be used to send a remote event.
+function BrokerComm::event_args%(...%): BrokerComm::EventArgs
+	%{
+	auto rval = broker_mgr->MakeEventArgs(@ARGS@);
+	return rval;
+	%}
+
+## Send an event to any interested peers.
+##
+## topic: a topic associated with the event message.
+##
+## args: event arguments as made by :bro:see:`BrokerComm::event_args`.
+##
+## flags: tune the behavior of how the message is sent.
+##
+## Returns: true if the message is sent.
+function BrokerComm::event%(topic: string, args: BrokerComm::EventArgs,
+                      flags: SendFlags &default = SendFlags()%): bool
+	%{
+	auto rval = broker_mgr->Event(topic->CheckString(), args->AsRecordVal(),
+	                            flags);
+	return new Val(rval, TYPE_BOOL);
+	%}
+
+## Automatically send an event to any interested peers whenever it is
+## locally dispatched (e.g. using "event my_event(...);" in a script).
+##
+## topic: a topic string associated with the event message.
+##        Peers advertise interest by registering a subscription to some prefix
+##        of this topic name.
+##
+## ev: a Bro event value.
+##
+## flags: tune the behavior of how the message is sent.
+##
+## Returns: true if automatic event sending is now enabled.
+function BrokerComm::auto_event%(topic: string, ev: any,
+                           flags: SendFlags &default = SendFlags()%): bool
+	%{
+	auto rval = broker_mgr->AutoEvent(topic->CheckString(), ev, flags);
+	return new Val(rval, TYPE_BOOL);
+	%}
+
+## Stop automatically sending an event to peers upon local dispatch.
+##
+## topic: a topic originally given to :bro:see:`BrokerComm::auto_event`.
+##
+## ev: an event originally given to :bro:see:`BrokerComm::auto_event`.
+##
+## Returns: true if automatic events will not occur for the topic/event pair.
+function BrokerComm::auto_event_stop%(topic: string, ev: any%): bool
+	%{
+	auto rval = broker_mgr->AutoEventStop(topic->CheckString(), ev);
+	return new Val(rval, TYPE_BOOL);
+	%}
+
+## Register interest in all peer event messages that use a certain topic prefix.
+##
+## topic_prefix: a prefix to match against remote message topics.
+##               e.g. an empty prefix matches everything and "a" matches
+##               "alice" and "amy" but not "bob".
+##
+## Returns: true if it's a new event subscription and it is now registered.
+function BrokerComm::subscribe_to_events%(topic_prefix: string%): bool
+	%{
+	auto rval = broker_mgr->SubscribeToEvents(topic_prefix->CheckString());
+	return new Val(rval, TYPE_BOOL);
+	%}
+
+## Unregister interest in all peer event messages that use a topic prefix.
+##
+## topic_prefix: a prefix previously supplied to a successful call to
+##               :bro:see:`BrokerComm::subscribe_to_events`.
+##
+## Returns: true if interest in the topic prefix is no longer advertised.
+function BrokerComm::unsubscribe_to_events%(topic_prefix: string%): bool
+	%{
+	auto rval = broker_mgr->UnsubscribeToEvents(topic_prefix->CheckString());
+	return new Val(rval, TYPE_BOOL);
+	%}
+
+## Enable remote logs for a given log stream.
+##
+## id: the log stream to enable remote logs for.
+##
+## flags: tune the behavior of how log entry messages are sent.
+##
+## Returns: true if remote logs are enabled for the stream.
+function
+BrokerComm::enable_remote_logs%(id: Log::ID,
+                          flags: SendFlags &default = SendFlags()%): bool
+	%{
+	auto rval = log_mgr->EnableRemoteLogs(id->AsEnumVal(),
+	                                   bro_broker::Manager::send_flags_to_int(flags));
+	return new Val(rval, TYPE_BOOL);
+	%}
+
+## Disable remote logs for a given log stream.
+##
+## id: the log stream to disable remote logs for.
+##
+## Returns: true if remote logs are disabled for the stream.
+function BrokerComm::disable_remote_logs%(id: Log::ID%): bool
+	%{
+	auto rval = log_mgr->DisableRemoteLogs(id->AsEnumVal());
+	return new Val(rval, TYPE_BOOL);
+	%}
+
+## Check if remote logs are enabled for a given log stream.
+##
+## id: the log stream to check.
+##
+## Returns: true if remote logs are enabled for the given stream.
+function BrokerComm::remote_logs_enabled%(id: Log::ID%): bool
+	%{
+	auto rval = log_mgr->RemoteLogsAreEnabled(id->AsEnumVal());
+	return new Val(rval, TYPE_BOOL);
+	%}
+
+## Register interest in all peer log messages that use a certain topic prefix.
+## Logs are implicitly sent with topic "bro/log/<stream-name>" and the
+## receiving side processes them through the logging framework as usual.
+##
+## topic_prefix: a prefix to match against remote message topics.
+##               e.g. an empty prefix matches everything and "a" matches
+##               "alice" and "amy" but not "bob".
+##
+## Returns: true if it's a new log subscription and it is now registered.
+function BrokerComm::subscribe_to_logs%(topic_prefix: string%): bool
+	%{
+	auto rval = broker_mgr->SubscribeToLogs(topic_prefix->CheckString());
+	return new Val(rval, TYPE_BOOL);
+	%}
+
+## Unregister interest in all peer log messages that use a topic prefix.
+## Logs are implicitly sent with topic "bro/log/<stream-name>" and the
+## receiving side processes them through the logging framework as usual.
+##
+## topic_prefix: a prefix previously supplied to a successful call to
+##               :bro:see:`BrokerComm::subscribe_to_logs`.
+##
+## Returns: true if interest in the topic prefix is no longer advertised.
+function BrokerComm::unsubscribe_to_logs%(topic_prefix: string%): bool
+	%{
+	auto rval = broker_mgr->UnsubscribeToLogs(topic_prefix->CheckString());
+	return new Val(rval, TYPE_BOOL);
+	%}
diff --git a/src/broker/store.bif b/src/broker/store.bif
new file mode 100644
index 0000000000..853bd1f2d7
--- /dev/null
+++ b/src/broker/store.bif
@@ -0,0 +1,597 @@
+
+##! Functions to interface with broker's distributed data store.
+
+%%{
+#include "broker/Manager.h"
+#include "broker/Store.h"
+#include "broker/Data.h"
+#include "Trigger.h"
+%%}
+
+module BrokerStore;
+
+type BrokerStore::ExpiryTime: record;
+
+type BrokerStore::QueryResult: record;
+
+type BrokerStore::BackendOptions: record;
+
+## Enumerates the possible storage backends.
+enum BackendType %{
+	MEMORY,
+	SQLITE,
+	ROCKSDB,
+%}
+
+## Create a master data store which contains key-value pairs.
+##
+## id: a unique name for the data store.
+##
+## b: the storage backend to use.
+##
+## options: tunes how some storage backends operate.
+##
+## Returns: a handle to the data store.
+function BrokerStore::create_master%(id: string, b: BackendType &default = MEMORY,
+                               options: BackendOptions &default = BackendOptions()%): opaque of BrokerStore::Handle
+	%{
+	auto id_str = id->CheckString();
+	auto type = bro_broker::StoreType::MASTER;
+	auto rval = broker_mgr->LookupStore(id_str, type);
+
+	if ( rval )
+		{
+		Ref(rval);
+		return rval;
+		}
+
+	rval = new bro_broker::StoreHandleVal(id_str, type,
+	                                static_cast<BifEnum::BrokerStore::BackendType>(b->AsEnum()),
+	                                options->AsRecordVal());
+	auto added = broker_mgr->AddStore(rval);
+	assert(added);
+	return rval;
+	%}
+
+## Create a clone of a master data store which may live with a remote peer.
+## A clone automatically synchronizes to the master by automatically receiving
+## modifications and applying them locally.  Direct modifications are not
+## possible, they must be sent through the master store, which then
+## automatically broadcasts the changes out to clones.  But queries may be made
+## directly against the local cloned copy, which may be resolved quicker than
+## reaching out to a remote master store.
+##
+## id: the unique name which identifies the master data store.
+##
+## b: the storage backend to use.
+##
+## options: tunes how some storage backends operate.
+##
+## resync: the interval at which to re-attempt synchronizing with the master
+##         store should the connection be lost.  If the clone has not yet
+##         synchronized for the first time, updates and queries queue up until
+##         the synchronization completes.  After, if the connection to the
+##         master store is lost, queries continue to use the clone's version,
+##         but updates will be lost until the master is once again available.
+##
+## Returns: a handle to the data store.
+function BrokerStore::create_clone%(id: string, b: BackendType &default = MEMORY,
+                              options: BackendOptions &default = BackendOptions(),
+                              resync: interval &default = 1sec%): opaque of BrokerStore::Handle
+	%{
+	auto id_str = id->CheckString();
+	auto type = bro_broker::StoreType::CLONE;
+	auto rval = broker_mgr->LookupStore(id_str, type);
+
+	if ( rval )
+		{
+		Ref(rval);
+		return rval;
+		}
+
+	rval = new bro_broker::StoreHandleVal(id_str, type,
+	                                static_cast<BifEnum::BrokerStore::BackendType>(b->AsEnum()),
+	                                options->AsRecordVal(),
+	                                std::chrono::duration<double>(resync));
+	auto added = broker_mgr->AddStore(rval);
+	assert(added);
+	return rval;
+	%}
+
+## Create a frontend interface to an existing master data store that allows
+## querying and updating its contents.
+##
+## id: the unique name which identifies the master data store.
+##
+## Returns: a handle to the data store.
+function BrokerStore::create_frontend%(id: string%): opaque of BrokerStore::Handle
+	%{
+	auto id_str = id->CheckString();
+	auto type = bro_broker::StoreType::FRONTEND;
+	auto rval = broker_mgr->LookupStore(id_str, type);
+
+	if ( rval )
+		{
+		Ref(rval);
+		return rval;
+		}
+
+	rval = new bro_broker::StoreHandleVal(id_str, type, {}, nullptr);
+	auto added = broker_mgr->AddStore(rval);
+	assert(added);
+	return rval;
+	%}
+
+## Close a data store.
+##
+## h: a data store handle.
+##
+## Returns: true if store was valid and is now closed.  The handle can no
+##          longer be used for data store operations.
+function BrokerStore::close_by_handle%(h: opaque of BrokerStore::Handle%): bool
+	%{
+	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
+
+	if ( ! handle->store )
+		return new Val(false, TYPE_BOOL);
+
+	return new Val(broker_mgr->CloseStore(handle->store->id(),
+										handle->store_type), TYPE_BOOL);
+	%}
+
+###########################
+# non-blocking update API #
+###########################
+
+## Insert a key-value pair in to the store.
+##
+## h: the handle of the store to modify.
+##
+## k: the key to insert.
+##
+## v: the value to insert.
+##
+## e: the expiration time of the key-value pair.
+##
+## Returns: false if the store handle was not valid.
+function BrokerStore::insert%(h: opaque of BrokerStore::Handle,
+                        k: BrokerComm::Data, v: BrokerComm::Data,
+                        e: BrokerStore::ExpiryTime &default = BrokerStore::ExpiryTime()%): bool
+	%{
+	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
+
+	if ( ! handle->store )
+		return new Val(false, TYPE_BOOL);
+
+	auto& key = bro_broker::opaque_field_to_data(k->AsRecordVal(), frame);
+	auto& val = bro_broker::opaque_field_to_data(v->AsRecordVal(), frame);
+
+	using broker::store::expiration_time;
+
+	auto abs_expiry_val = e->AsRecordVal()->Lookup(0);
+
+	if ( abs_expiry_val )
+		{
+		auto expiry = expiration_time(abs_expiry_val->AsTime());
+		handle->store->insert(key, val, expiry);
+		return new Val(true, TYPE_BOOL);
+		}
+
+	auto rel_expiry_val = e->AsRecordVal()->Lookup(1);
+
+	if ( rel_expiry_val )
+		{
+		auto ct = broker::time_point::now().value;
+		auto expiry = expiration_time(rel_expiry_val->AsInterval(), ct);
+		handle->store->insert(key, val, expiry);
+		return new Val(true, TYPE_BOOL);
+		}
+
+	handle->store->insert(key, val);
+	return new Val(true, TYPE_BOOL);
+	%}
+
+## Remove a key-value pair from the store.
+##
+## h: the handle of the store to modify.
+##
+## k: the key to remove.
+##
+## Returns: false if the store handle was not valid.
+function BrokerStore::erase%(h: opaque of BrokerStore::Handle, k: BrokerComm::Data%): bool
+	%{
+	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
+
+	if ( ! handle->store )
+		return new Val(false, TYPE_BOOL);
+
+	auto& key = bro_broker::opaque_field_to_data(k->AsRecordVal(), frame);
+	handle->store->erase(key);
+	return new Val(true, TYPE_BOOL);
+	%}
+
+## Remove all key-value pairs from the store.
+##
+## h: the handle of the store to modify.
+##
+## Returns: false if the store handle was not valid.
+function BrokerStore::clear%(h: opaque of BrokerStore::Handle%): bool
+	%{
+	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
+
+	if ( ! handle->store )
+		return new Val(false, TYPE_BOOL);
+
+	handle->store->clear();
+	return new Val(true, TYPE_BOOL);
+	%}
+
+## Increment an integer value in a data store.
+##
+## h: the handle of the store to modify.
+##
+## k: the key whose associated value is to be modified.
+##
+## by: the amount to increment the value by.  A non-existent key will first
+##     create it with an implicit value of zero before incrementing.
+##
+## Returns: false if the store handle was not valid.
+function BrokerStore::increment%(h: opaque of BrokerStore::Handle,
+                           k: BrokerComm::Data, by: int &default = +1%): bool
+	%{
+	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
+
+	if ( ! handle->store )
+		return new Val(false, TYPE_BOOL);
+
+	auto& key = bro_broker::opaque_field_to_data(k->AsRecordVal(), frame);
+	handle->store->increment(key, by);
+	return new Val(true, TYPE_BOOL);
+	%}
+
+## Decrement an integer value in a data store.
+##
+## h: the handle of the store to modify.
+##
+## k: the key whose associated value is to be modified.
+##
+## by: the amount to decrement the value by.  A non-existent key will first
+##     create it with an implicit value of zero before decrementing.
+##
+## Returns: false if the store handle was not valid.
+function BrokerStore::decrement%(h: opaque of BrokerStore::Handle,
+                           k: BrokerComm::Data, by: int &default = +1%): bool
+	%{
+	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
+
+	if ( ! handle->store )
+		return new Val(false, TYPE_BOOL);
+
+	auto& key = bro_broker::opaque_field_to_data(k->AsRecordVal(), frame);
+	handle->store->decrement(key, by);
+	return new Val(true, TYPE_BOOL);
+	%}
+
+## Add an element to a set value in a data store.
+##
+## h: the handle of the store to modify.
+##
+## k: the key whose associated value is to be modified.
+##
+## element: the element to add to the set.  A non-existent key will first
+##          create it with an implicit empty set value before modifying.
+##
+## Returns: false if the store handle was not valid.
+function BrokerStore::add_to_set%(h: opaque of BrokerStore::Handle,
+                            k: BrokerComm::Data, element: BrokerComm::Data%): bool
+	%{
+	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
+
+	if ( ! handle->store )
+		return new Val(false, TYPE_BOOL);
+
+	auto& key = bro_broker::opaque_field_to_data(k->AsRecordVal(), frame);
+	auto& ele = bro_broker::opaque_field_to_data(element->AsRecordVal(), frame);
+	handle->store->add_to_set(key, ele);
+	return new Val(true, TYPE_BOOL);
+	%}
+
+## Remove an element from a set value in a data store.
+##
+## h: the handle of the store to modify.
+##
+## k: the key whose associated value is to be modified.
+##
+## element: the element to remove from the set.  A non-existent key will
+##          implicitly create an empty set value associated with the key.
+##
+## Returns: false if the store handle was not valid.
+function BrokerStore::remove_from_set%(h: opaque of BrokerStore::Handle,
+                                 k: BrokerComm::Data, element: BrokerComm::Data%): bool
+	%{
+	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
+
+	if ( ! handle->store )
+		return new Val(false, TYPE_BOOL);
+
+	auto& key = bro_broker::opaque_field_to_data(k->AsRecordVal(), frame);
+	auto& ele = bro_broker::opaque_field_to_data(element->AsRecordVal(), frame);
+	handle->store->remove_from_set(key, ele);
+	return new Val(true, TYPE_BOOL);
+	%}
+
+## Add a new item to the head of a vector value in a data store.
+##
+## h: the handle of store to modify.
+##
+## k: the key whose associated value is to be modified.
+##
+## items: the element to insert in to the vector.  A non-existent key will first
+##        create an empty vector value before modifying.
+##
+## Returns: false if the store handle was not valid.
+function BrokerStore::push_left%(h: opaque of BrokerStore::Handle, k: BrokerComm::Data,
+                           items: BrokerComm::DataVector%): bool
+	%{
+	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
+
+	if ( ! handle->store )
+		return new Val(false, TYPE_BOOL);
+
+	auto& key = bro_broker::opaque_field_to_data(k->AsRecordVal(), frame);
+	broker::vector items_vector;
+	auto items_vv = items->AsVector();
+
+	for ( auto i = 0u; i < items_vv->size(); ++i )
+		{
+		auto& item = bro_broker::opaque_field_to_data((*items_vv)[i]->AsRecordVal(),
+		                                        frame);
+		items_vector.emplace_back(item);
+		}
+
+	handle->store->push_left(key, move(items_vector));
+	return new Val(true, TYPE_BOOL);
+	%}
+
+## Add a new item to the tail of a vector value in a data store.
+##
+## h: the handle of store to modify.
+##
+## k: the key whose associated value is to be modified.
+##
+## items: the element to insert in to the vector.  A non-existent key will first
+##        create an empty vector value before modifying.
+##
+## Returns: false if the store handle was not valid.
+function BrokerStore::push_right%(h: opaque of BrokerStore::Handle, k: BrokerComm::Data,
+                            items: BrokerComm::DataVector%): bool
+	%{
+	auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
+
+	if ( ! handle->store )
+		return new Val(false, TYPE_BOOL);
+
+	auto& key = bro_broker::opaque_field_to_data(k->AsRecordVal(), frame);
+	broker::vector items_vector;
+	auto items_vv = items->AsVector();
+
+	for ( auto i = 0u; i < items_vv->size(); ++i )
+		{
+		auto& item = bro_broker::opaque_field_to_data((*items_vv)[i]->AsRecordVal(),
+		                                        frame);
+		items_vector.emplace_back(item);
+		}
+
+	handle->store->push_right(key, move(items_vector));
+	return new Val(true, TYPE_BOOL);
+	%}
+
+##########################
+# non-blocking query API #
+##########################
+
+%%{
+static bool prepare_for_query(Val* opaque, Frame* frame,
+			      bro_broker::StoreHandleVal** handle,
+			      double* timeout,
+			      bro_broker::StoreQueryCallback** cb)
+	{
+	*handle = static_cast<bro_broker::StoreHandleVal*>(opaque);
+
+	if ( ! (*handle)->store )
+		{
+		reporter->PushLocation(frame->GetCall()->GetLocationInfo());
+		reporter->Error("BrokerStore query has an invalid data store");
+		reporter->PopLocation();
+		return false;
+		}
+
+	Trigger* trigger = frame->GetTrigger();
+
+	if ( ! trigger )
+		{
+		reporter->PushLocation(frame->GetCall()->GetLocationInfo());
+		reporter->Error("BrokerStore queries can only be called inside when-condition");
+		reporter->PopLocation();
+		return false;
+		}
+
+	*timeout = trigger->TimeoutValue();
+
+	if ( *timeout < 0 )
+		{
+		reporter->PushLocation(frame->GetCall()->GetLocationInfo());
+		reporter->Error("BrokerStore queries must specify a timeout block");
+		reporter->PopLocation();
+		return false;
+		}
+
+	frame->SetDelayed();
+	trigger->Hold();
+	*cb = new bro_broker::StoreQueryCallback(trigger, frame->GetCall(),
+					   (*handle)->store->id(),
+					   (*handle)->store_type);
+	broker_mgr->TrackStoreQuery(*cb);
+	return true;
+	}
+
+%%}
+
+## Pop the head of a data store vector value.
+##
+## h: the handle of the store to query.
+##
+## k: the key associated with the vector to modify.
+##
+## Returns: the result of the query.
+function BrokerStore::pop_left%(h: opaque of BrokerStore::Handle,
+                          k: BrokerComm::Data%): BrokerStore::QueryResult
+	%{
+	if ( ! broker_mgr->Enabled() )
+		return bro_broker::query_result();
+
+	Val* key = k->AsRecordVal()->Lookup(0);
+
+	if ( ! key )
+		return bro_broker::query_result();
+
+	double timeout;
+	bro_broker::StoreQueryCallback* cb;
+	bro_broker::StoreHandleVal* handle;
+
+	if ( ! prepare_for_query(h, frame, &handle, &timeout, &cb) )
+		return bro_broker::query_result();
+
+	handle->store->pop_left(static_cast<bro_broker::DataVal*>(key)->data,
+	                         std::chrono::duration<double>(timeout), cb);
+	return 0;
+	%}
+
+## Pop the tail of a data store vector value.
+##
+## h: the handle of the store to query.
+##
+## k: the key associated with the vector to modify.
+##
+## Returns: the result of the query.
+function BrokerStore::pop_right%(h: opaque of BrokerStore::Handle,
+                           k: BrokerComm::Data%): BrokerStore::QueryResult
+	%{
+	if ( ! broker_mgr->Enabled() )
+		return bro_broker::query_result();
+
+	Val* key = k->AsRecordVal()->Lookup(0);
+
+	if ( ! key )
+		return bro_broker::query_result();
+
+	double timeout;
+	bro_broker::StoreQueryCallback* cb;
+	bro_broker::StoreHandleVal* handle;
+
+	if ( ! prepare_for_query(h, frame, &handle, &timeout, &cb) )
+		return bro_broker::query_result();
+
+	handle->store->pop_right(static_cast<bro_broker::DataVal*>(key)->data,
+	                         std::chrono::duration<double>(timeout), cb);
+	return 0;
+	%}
+
+## Lookup the value associated with a key in a data store.
+##
+## h: the handle of the store to query.
+##
+## k: the key to lookup.
+##
+## Returns: the result of the query.
+function BrokerStore::lookup%(h: opaque of BrokerStore::Handle,
+                       k: BrokerComm::Data%): BrokerStore::QueryResult
+	%{
+	if ( ! broker_mgr->Enabled() )
+		return bro_broker::query_result();
+
+	Val* key = k->AsRecordVal()->Lookup(0);
+
+	if ( ! key )
+		return bro_broker::query_result();
+
+	double timeout;
+	bro_broker::StoreQueryCallback* cb;
+	bro_broker::StoreHandleVal* handle;
+
+	if ( ! prepare_for_query(h, frame, &handle, &timeout, &cb) )
+		return bro_broker::query_result();
+
+	handle->store->lookup(static_cast<bro_broker::DataVal*>(key)->data,
+	                      std::chrono::duration<double>(timeout), cb);
+	return 0;
+	%}
+
+## Check if a data store contains a given key.
+##
+## h: the handle of the store to query.
+##
+## k: the key to check for existence.
+##
+## Returns: the result of the query (uses :bro:see:`BrokerComm::BOOL`).
+function BrokerStore::exists%(h: opaque of BrokerStore::Handle,
+                        k: BrokerComm::Data%): BrokerStore::QueryResult
+	%{
+	if ( ! broker_mgr->Enabled() )
+		return bro_broker::query_result();
+
+	Val* key = k->AsRecordVal()->Lookup(0);
+
+	if ( ! key )
+		return bro_broker::query_result();
+
+	double timeout;
+	bro_broker::StoreQueryCallback* cb;
+	bro_broker::StoreHandleVal* handle;
+
+	if ( ! prepare_for_query(h, frame, &handle, &timeout, &cb) )
+		return bro_broker::query_result();
+
+	handle->store->exists(static_cast<bro_broker::DataVal*>(key)->data,
+	                      std::chrono::duration<double>(timeout), cb);
+	return 0;
+	%}
+
+## Retrieve all keys in a data store.
+##
+## h: the handle of the store to query.
+##
+## Returns: the result of the query (uses :bro:see:`BrokerComm::VECTOR`).
+function BrokerStore::keys%(h: opaque of BrokerStore::Handle%): BrokerStore::QueryResult
+	%{
+	double timeout;
+	bro_broker::StoreQueryCallback* cb;
+	bro_broker::StoreHandleVal* handle;
+
+	if ( ! prepare_for_query(h, frame, &handle, &timeout, &cb) )
+		return bro_broker::query_result();
+
+	handle->store->keys(std::chrono::duration<double>(timeout), cb);
+	return 0;
+	%}
+
+## Get the number of key-value pairs in a data store.
+##
+## h: the handle of the store to query.
+##
+## Returns: the result of the query (uses :bro:see:`BrokerComm::COUNT`).
+function BrokerStore::size%(h: opaque of BrokerStore::Handle%): BrokerStore::QueryResult
+	%{
+	if ( ! broker_mgr->Enabled() )
+		return bro_broker::query_result();
+
+	double timeout;
+	bro_broker::StoreQueryCallback* cb;
+	bro_broker::StoreHandleVal* handle;
+
+	if ( ! prepare_for_query(h, frame, &handle, &timeout, &cb) )
+		return bro_broker::query_result();
+
+	handle->store->size(std::chrono::duration<double>(timeout), cb);
+	return 0;
+	%}
diff --git a/src/event.bif b/src/event.bif
index dd941b6736..6531bef6d8 100644
--- a/src/event.bif
+++ b/src/event.bif
@@ -905,8 +905,8 @@ event get_file_handle%(tag: Analyzer::Tag, c: connection, is_orig: bool%);
 ##
 ## f: The file.
 ##
-## .. bro:see:: file_over_new_connection file_timeout file_gap file_mime_type
-##    file_state_remove
+## .. bro:see:: file_over_new_connection file_timeout file_gap
+##    file_sniff file_state_remove
 event file_new%(f: fa_file%);
 
 ## Indicates that a file has been seen being transferred over a connection
@@ -918,39 +918,35 @@ event file_new%(f: fa_file%);
 ##
 ## is_orig: true if the originator of *c* is the one sending the file.
 ##
-## .. bro:see:: file_new file_timeout file_gap file_mime_type 
+## .. bro:see:: file_new file_timeout file_gap file_sniff
 ##    file_state_remove
 event file_over_new_connection%(f: fa_file, c: connection, is_orig: bool%);
 
-## Provide the most likely matching MIME type for this file. The analysis 
-## can be augmented at this time via :bro:see:`Files::add_analyzer`.
+## Provide all metadata that has been inferred about a particular file
+## from inspection of the initial content that been seen at the beginning
+## of the file.  The analysis can be augmented at this time via
+## :bro:see:`Files::add_analyzer`.  The amount of data fed into the file
+## sniffing can be increased or decreased by changing either
+## :bro:see:`default_file_bof_buffer_size` or the `bof_buffer_size` field
+## in an `fa_file` record. The event will be raised even if content inspection
+## has been unable to infer any metadata, in which case the fields in *meta*
+## will be left all unset.
 ##
 ## f: The file.
 ##
-## mime_type: The mime type that was discovered.
+## meta: Metadata that's been discovered about the file.
 ##
-## .. bro:see:: file_over_new_connection file_timeout file_gap file_mime_type 
-##    file_mime_types file_state_remove
-event file_mime_type%(f: fa_file, mime_type: string%);
-
-## Provide all matching MIME types for this file. The analysis can be
-## augmented at this time via :bro:see:`Files::add_analyzer`.
-##
-## f: The file.
-##
-## mime_types: The mime types that were discovered.
-##
-## .. bro:see:: file_over_new_connection file_timeout file_gap file_mime_type 
-##    file_mime_types file_state_remove
-event file_mime_types%(f: fa_file, mime_types: mime_matches%);
+## .. bro:see:: file_over_new_connection file_timeout file_gap
+##    file_state_remove
+event file_sniff%(f: fa_file, meta: fa_metadata%);
 
 ## Indicates that file analysis has timed out because no activity was seen
 ## for the file in a while.
 ##
 ## f: The file.
 ##
-## .. bro:see:: file_new file_over_new_connection file_gap file_mime_type
-##    file_mime_types file_state_remove default_file_timeout_interval
+## .. bro:see:: file_new file_over_new_connection file_gap
+##    file_sniff file_state_remove default_file_timeout_interval
 ##    Files::set_timeout_interval
 event file_timeout%(f: fa_file%);
 
@@ -962,8 +958,8 @@ event file_timeout%(f: fa_file%);
 ##
 ## len: The number of missing bytes.
 ##
-## .. bro:see:: file_new file_over_new_connection file_timeout file_mime_type
-##    file_mime_types file_state_remove file_reassembly_overflow
+## .. bro:see:: file_new file_over_new_connection file_timeout
+##    file_sniff file_state_remove file_reassembly_overflow
 event file_gap%(f: fa_file, offset: count, len: count%);
 
 ## Indicates that the file had an overflow of the reassembly buffer.
@@ -978,10 +974,11 @@ event file_gap%(f: fa_file, offset: count, len: count%);
 ##          file data and get back under the reassembly buffer size limit.
 ##          This value will also be represented as a gap.
 ##
-## .. bro:see:: file_new file_over_new_connection file_timeout file_mime_type
-##    file_mime_types file_state_remove file_gap Files::enable_reassembler 
-##    Files::reassembly_buffer_size Files::enable_reassembly 
-##    Files::disable_reassembly Files::set_reassembly_buffer_size
+## .. bro:see:: file_new file_over_new_connection file_timeout
+##    file_sniff file_state_remove file_gap
+##    Files::enable_reassembler Files::reassembly_buffer_size
+##    Files::enable_reassembly Files::disable_reassembly
+##    Files::set_reassembly_buffer_size
 event file_reassembly_overflow%(f: fa_file, offset: count, skipped: count%);
 
 ## This event is generated each time file analysis is ending for a given file.
@@ -989,7 +986,7 @@ event file_reassembly_overflow%(f: fa_file, offset: count, skipped: count%);
 ## f: The file.
 ##
 ## .. bro:see:: file_new file_over_new_connection file_timeout file_gap
-##    file_mime_type file_mime_types
+##    file_sniff
 event file_state_remove%(f: fa_file%);
 
 ## Generated when an internal DNS lookup produces the same result as last time.
diff --git a/src/file_analysis/AnalyzerSet.cc b/src/file_analysis/AnalyzerSet.cc
index 8425e5d3c7..1de1d230de 100644
--- a/src/file_analysis/AnalyzerSet.cc
+++ b/src/file_analysis/AnalyzerSet.cc
@@ -52,9 +52,10 @@ bool AnalyzerSet::Add(file_analysis::Tag tag, RecordVal* args)
 
 	if ( analyzer_map.Lookup(key) )
 		{
-		DBG_LOG(DBG_FILE_ANALYSIS, "Instantiate analyzer %s skipped for file id"
-		        " %s: already exists", file_mgr->GetComponentName(tag).c_str(),
-		        file->GetID().c_str());
+		DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Instantiate analyzer %s skipped: already exists",
+		        file->GetID().c_str(),
+		        file_mgr->GetComponentName(tag).c_str());
+
 		delete key;
 		return true;
 		}
@@ -92,9 +93,9 @@ bool AnalyzerSet::AddMod::Perform(AnalyzerSet* set)
 	{
 	if ( set->analyzer_map.Lookup(key) )
 		{
-		DBG_LOG(DBG_FILE_ANALYSIS, "Add analyzer %s skipped for file id"
-		        " %s: already exists", file_mgr->GetComponentName(a->Tag()).c_str(),
-		        a->GetFile()->GetID().c_str());
+		DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Add analyzer %s skipped: already exists",
+		        a->GetFile()->GetID().c_str(),
+		        file_mgr->GetComponentName(a->Tag()).c_str());
 
 		Abort();
 		return true;
@@ -119,14 +120,14 @@ bool AnalyzerSet::Remove(file_analysis::Tag tag, HashKey* key)
 
 	if ( ! a )
 		{
-		DBG_LOG(DBG_FILE_ANALYSIS, "Skip remove analyzer %s for file id %s",
-		        file_mgr->GetComponentName(tag).c_str(), file->GetID().c_str());
+		DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Skip remove analyzer %s",
+		        file->GetID().c_str(), file_mgr->GetComponentName(tag).c_str());
 		return false;
 		}
 
-	DBG_LOG(DBG_FILE_ANALYSIS, "Remove analyzer %s for file id %s",
-	        file_mgr->GetComponentName(tag).c_str(),
-	        file->GetID().c_str());
+	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Remove analyzer %s",
+	        file->GetID().c_str(),
+	        file_mgr->GetComponentName(tag).c_str());
 
 	a->Done();
 	delete a;
@@ -168,8 +169,9 @@ file_analysis::Analyzer* AnalyzerSet::InstantiateAnalyzer(Tag tag,
 
 	if ( ! a )
 		{
-		reporter->Error("Failed file analyzer %s instantiation for file id %s",
-		                file_mgr->GetComponentName(tag).c_str(), file->GetID().c_str());
+		reporter->Error("[%s] Failed file analyzer %s instantiation",
+		                file->GetID().c_str(),
+		                file_mgr->GetComponentName(tag).c_str());
 		return 0;
 		}
 
@@ -178,8 +180,8 @@ file_analysis::Analyzer* AnalyzerSet::InstantiateAnalyzer(Tag tag,
 
 void AnalyzerSet::Insert(file_analysis::Analyzer* a, HashKey* key)
 	{
-	DBG_LOG(DBG_FILE_ANALYSIS, "Add analyzer %s for file id %s",
-	        file_mgr->GetComponentName(a->Tag()).c_str(), file->GetID().c_str());
+	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Add analyzer %s",
+	        file->GetID().c_str(), file_mgr->GetComponentName(a->Tag()).c_str());
 	analyzer_map.Insert(key, a);
 	delete key;
 
@@ -191,7 +193,7 @@ void AnalyzerSet::DrainModifications()
 	if ( mod_queue.empty() )
 		return;
 
-	DBG_LOG(DBG_FILE_ANALYSIS, "Start analyzer mod queue flush of file id %s",
+	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Start analyzer mod queue flush",
 	        file->GetID().c_str());
 	do
 		{
@@ -200,6 +202,6 @@ void AnalyzerSet::DrainModifications()
 		delete mod;
 		mod_queue.pop();
 		} while ( ! mod_queue.empty() );
-	DBG_LOG(DBG_FILE_ANALYSIS, "End flushing analyzer mod queue of file id %s",
+	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] End flushing analyzer mod queue.",
 	        file->GetID().c_str());
 	}
diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc
index c90c9f2413..88aa1b10c8 100644
--- a/src/file_analysis/File.cc
+++ b/src/file_analysis/File.cc
@@ -53,32 +53,36 @@ int File::overflow_bytes_idx = -1;
 int File::timeout_interval_idx = -1;
 int File::bof_buffer_size_idx = -1;
 int File::bof_buffer_idx = -1;
+int File::meta_mime_type_idx = -1;
+int File::meta_mime_types_idx = -1;
 
 void File::StaticInit()
 	{
 	if ( id_idx != -1 )
 		return;
 
-	id_idx = Idx("id");
-	parent_id_idx = Idx("parent_id");
-	source_idx = Idx("source");
-	is_orig_idx = Idx("is_orig");
-	conns_idx = Idx("conns");
-	last_active_idx = Idx("last_active");
-	seen_bytes_idx = Idx("seen_bytes");
-	total_bytes_idx = Idx("total_bytes");
-	missing_bytes_idx = Idx("missing_bytes");
-	overflow_bytes_idx = Idx("overflow_bytes");
-	timeout_interval_idx = Idx("timeout_interval");
-	bof_buffer_size_idx = Idx("bof_buffer_size");
-	bof_buffer_idx = Idx("bof_buffer");
+	id_idx = Idx("id", fa_file_type);
+	parent_id_idx = Idx("parent_id", fa_file_type);
+	source_idx = Idx("source", fa_file_type);
+	is_orig_idx = Idx("is_orig", fa_file_type);
+	conns_idx = Idx("conns", fa_file_type);
+	last_active_idx = Idx("last_active", fa_file_type);
+	seen_bytes_idx = Idx("seen_bytes", fa_file_type);
+	total_bytes_idx = Idx("total_bytes", fa_file_type);
+	missing_bytes_idx = Idx("missing_bytes", fa_file_type);
+	overflow_bytes_idx = Idx("overflow_bytes", fa_file_type);
+	timeout_interval_idx = Idx("timeout_interval", fa_file_type);
+	bof_buffer_size_idx = Idx("bof_buffer_size", fa_file_type);
+	bof_buffer_idx = Idx("bof_buffer", fa_file_type);
+	meta_mime_type_idx = Idx("mime_type", fa_metadata_type);
+	meta_mime_types_idx = Idx("mime_types", fa_metadata_type);
 	}
 
 File::File(const string& file_id, const string& source_name, Connection* conn,
            analyzer::Tag tag, bool is_orig)
-	: id(file_id), val(0), file_reassembler(0), stream_offset(0), 
-	  reassembly_max_buffer(0), did_mime_type(false), 
-	  reassembly_enabled(false), postpone_timeout(false), done(false), 
+	: id(file_id), val(0), file_reassembler(0), stream_offset(0),
+	  reassembly_max_buffer(0), did_metadata_inference(false),
+	  reassembly_enabled(false), postpone_timeout(false), done(false),
 	  analyzers(this)
 	{
 	StaticInit();
@@ -169,11 +173,13 @@ double File::LookupFieldDefaultInterval(int idx) const
 	return rval;
 	}
 
-int File::Idx(const string& field)
+int File::Idx(const string& field, const RecordType* type)
 	{
-	int rval = fa_file_type->FieldOffset(field.c_str());
+	int rval = type->FieldOffset(field.c_str());
+
 	if ( rval < 0 )
-		reporter->InternalError("Unknown fa_file field: %s", field.c_str());
+		reporter->InternalError("Unknown %s field: %s", type->GetName().c_str(),
+		                        field.c_str());
 
 	return rval;
 	}
@@ -281,48 +287,46 @@ void File::SetReassemblyBuffer(uint64 max)
 	reassembly_max_buffer = max;
 	}
 
-bool File::DetectMIME()
+void File::InferMetadata()
 	{
-	did_mime_type = true;
+	did_metadata_inference = true;
 
 	Val* bof_buffer_val = val->Lookup(bof_buffer_idx);
 
 	if ( ! bof_buffer_val )
 		{
 		if ( bof_buffer.size == 0 )
-			return false;
+			return;
 
 		BroString* bs = concatenate(bof_buffer.chunks);
 		bof_buffer_val = new StringVal(bs);
 		val->Assign(bof_buffer_idx, bof_buffer_val);
 		}
 
+	if ( ! FileEventAvailable(file_sniff) )
+		return;
+
 	RuleMatcher::MIME_Matches matches;
 	const u_char* data = bof_buffer_val->AsString()->Bytes();
 	uint64 len = bof_buffer_val->AsString()->Len();
 	len = min(len, LookupFieldDefaultCount(bof_buffer_size_idx));
 	file_mgr->DetectMIME(data, len, &matches);
 
-	if ( matches.empty() )
-		return false;
+	val_list* vl = new val_list();
+	vl->append(val->Ref());
+	RecordVal* meta = new RecordVal(fa_metadata_type);
+	vl->append(meta);
 
-	if ( FileEventAvailable(file_mime_type) )
+	if ( ! matches.empty() )
 		{
-		val_list* vl = new val_list();
-		vl->append(val->Ref());
-		vl->append(new StringVal(*(matches.begin()->second.begin())));
-		FileEvent(file_mime_type, vl);
+		meta->Assign(meta_mime_type_idx,
+		             new StringVal(*(matches.begin()->second.begin())));
+		meta->Assign(meta_mime_types_idx,
+		             file_analysis::GenMIMEMatchesVal(matches));
 		}
 
-	if ( FileEventAvailable(file_mime_types) )
-		{
-		val_list* vl = new val_list();
-		vl->append(val->Ref());
-		vl->append(file_analysis::GenMIMEMatchesVal(matches));
-		FileEvent(file_mime_types, vl);
-		}
-
-	return true;
+	FileEvent(file_sniff, vl);
+	return;
 	}
 
 bool File::BufferBOF(const u_char* data, uint64 len)
@@ -355,9 +359,9 @@ void File::DeliverStream(const u_char* data, uint64 len)
 	// Buffer enough data for the BOF buffer
 	BufferBOF(data, len);
 
-	if ( ! did_mime_type && bof_buffer.full &&
+	if ( ! did_metadata_inference && bof_buffer.full &&
 	     LookupFieldDefaultCount(missing_bytes_idx) == 0 )
-		DetectMIME();
+		InferMetadata();
 
 	DBG_LOG(DBG_FILE_ANALYSIS,
 	        "[%s] %" PRIu64 " stream bytes in at offset %" PRIu64 "; %s [%s%s]",
@@ -438,7 +442,7 @@ void File::DeliverChunk(const u_char* data, uint64 len, uint64 offset)
 		}
 	else if ( reassembly_enabled )
 		{
-		// This is data that doesn't match the offset and the reassembler 
+		// This is data that doesn't match the offset and the reassembler
 		// needs to be enabled.
 		file_reassembler = new FileReassembler(this, stream_offset);
 		file_reassembler->NewBlock(network_time, offset, len, data);
@@ -502,10 +506,10 @@ void File::EndOfFile()
 	// any stream analyzers.
 	if ( ! bof_buffer.full )
 		{
+		DBG_LOG(DBG_FILE_ANALYSIS, "[%s] File over but bof_buffer not full.", id.c_str());
 		bof_buffer.full = true;
 		DeliverStream((const u_char*) "", 0);
 		}
-
 	analyzers.DrainModifications();
 
 	done = true;
@@ -536,7 +540,12 @@ void File::Gap(uint64 offset, uint64 len)
 		return;
 		}
 
-	analyzers.DrainModifications();
+	if ( ! bof_buffer.full )
+		{
+		DBG_LOG(DBG_FILE_ANALYSIS, "[%s] File gap before bof_buffer filled, continued without attempting to fill bof_buffer.", id.c_str());
+		bof_buffer.full = true;
+		DeliverStream((const u_char*) "", 0);
+		}
 
 	file_analysis::Analyzer* a = 0;
 	IterCookie* c = analyzers.InitForIteration();
@@ -582,7 +591,7 @@ void File::FileEvent(EventHandlerPtr h, val_list* vl)
 	mgr.QueueEvent(h, vl);
 
 	if ( h == file_new || h == file_over_new_connection ||
-	     h == file_mime_type ||
+	     h == file_sniff ||
 	     h == file_timeout || h == file_extraction_limit )
 		{
 		// immediate feedback is required for these events.
diff --git a/src/file_analysis/File.h b/src/file_analysis/File.h
index 645f7d5111..6ad90e986b 100644
--- a/src/file_analysis/File.h
+++ b/src/file_analysis/File.h
@@ -230,12 +230,11 @@ protected:
 	bool BufferBOF(const u_char* data, uint64 len);
 
 	/**
-	 * Does mime type detection via file magic signatures and assigns
-	 * strongest matching mime type (if available) to \c mime_type
-	 * field in #val.  It uses the data in the BOF buffer.
-	 * @return whether a mime type match was found.
+	 * Does metadata inference (e.g. mime type detection via file
+	 * magic signatures) using data in the BOF (beginning-of-file) buffer
+	 * and raises an event with the metadata.
 	 */
-	bool DetectMIME();
+	void InferMetadata();
 
 	/**
 	 * Enables reassembly on the file.
@@ -266,10 +265,11 @@ protected:
 
 	/**
 	 * Lookup a record field index/offset by name.
-	 * @param field_name the name of the \c fa_file record field.
+	 * @param field_name the name of the record field.
+	 * @param type the record type for which the field will be looked up.
 	 * @return the field offset in #val record corresponding to \a field_name.
 	 */
-	static int Idx(const string& field_name);
+	static int Idx(const string& field_name, const RecordType* type);
 
 	/**
 	 * Initializes static member.
@@ -282,7 +282,7 @@ protected:
 	FileReassembler* file_reassembler; /**< A reassembler for the file if it's needed. */
 	uint64 stream_offset;      /**< The offset of the file which has been forwarded. */
 	uint64 reassembly_max_buffer;      /**< Maximum allowed buffer for reassembly. */
-	bool did_mime_type;        /**< Whether the mime type ident has already been attempted. */
+	bool did_metadata_inference;        /**< Whether the metadata inference has already been attempted. */
 	bool reassembly_enabled;           /**< Whether file stream reassembly is needed. */
 	bool postpone_timeout;     /**< Whether postponing timeout is requested. */
 	bool done;                 /**< If this object is about to be deleted. */
@@ -313,6 +313,9 @@ protected:
 	static int bof_buffer_idx;
 	static int mime_type_idx;
 	static int mime_types_idx;
+
+	static int meta_mime_type_idx;
+	static int meta_mime_types_idx;
 };
 
 } // namespace file_analysis
diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc
index 995d422a37..217c901969 100644
--- a/src/file_analysis/Manager.cc
+++ b/src/file_analysis/Manager.cc
@@ -390,7 +390,7 @@ bool Manager::RemoveFile(const string& file_id)
 	if ( ! f )
 		return false;
 
-	DBG_LOG(DBG_FILE_ANALYSIS, "Remove FileID %s", file_id.c_str());
+	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Remove file", file_id.c_str());
 
 	f->EndOfFile();
 	delete f;
@@ -467,8 +467,8 @@ Analyzer* Manager::InstantiateAnalyzer(Tag tag, RecordVal* args, File* f) const
 		return 0;
 		}
 
-	DBG_LOG(DBG_FILE_ANALYSIS, "Instantiate analyzer %s for file %s",
-		GetComponentName(tag).c_str(), f->id.c_str());
+	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Instantiate analyzer %s",
+		f->id.c_str(), GetComponentName(tag).c_str());
 
 	Analyzer* a = c->Factory()(args, f);
 
diff --git a/src/file_analysis/analyzer/CMakeLists.txt b/src/file_analysis/analyzer/CMakeLists.txt
index ede63dbd1b..225504c56a 100644
--- a/src/file_analysis/analyzer/CMakeLists.txt
+++ b/src/file_analysis/analyzer/CMakeLists.txt
@@ -1,5 +1,6 @@
 add_subdirectory(data_event)
 add_subdirectory(extract)
 add_subdirectory(hash)
+add_subdirectory(pe)
 add_subdirectory(unified2)
 add_subdirectory(x509)
diff --git a/src/file_analysis/analyzer/pe/CMakeLists.txt b/src/file_analysis/analyzer/pe/CMakeLists.txt
new file mode 100644
index 0000000000..7fc89bfd51
--- /dev/null
+++ b/src/file_analysis/analyzer/pe/CMakeLists.txt
@@ -0,0 +1,10 @@
+include(BroPlugin)
+
+include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}
+                           ${CMAKE_CURRENT_BINARY_DIR})
+
+bro_plugin_begin(Bro PE)
+bro_plugin_cc(PE.cc Plugin.cc)
+bro_plugin_bif(events.bif)
+bro_plugin_pac(pe.pac pe-file.pac pe-analyzer.pac)
+bro_plugin_end()
diff --git a/src/file_analysis/analyzer/pe/PE.cc b/src/file_analysis/analyzer/pe/PE.cc
new file mode 100644
index 0000000000..9db13291b0
--- /dev/null
+++ b/src/file_analysis/analyzer/pe/PE.cc
@@ -0,0 +1,39 @@
+#include "PE.h"
+#include "file_analysis/Manager.h"
+
+using namespace file_analysis;
+
+PE::PE(RecordVal* args, File* file)
+    : file_analysis::Analyzer(file_mgr->GetComponentTag("PE"), args, file)
+	{
+	conn = new binpac::PE::MockConnection(this);
+	interp = new binpac::PE::File(conn);
+	done = false;
+	}
+
+PE::~PE()
+	{
+	delete interp;
+	delete conn;
+	}
+
+bool PE::DeliverStream(const u_char* data, uint64 len)
+	{
+	if ( conn->is_done() )
+		return true;
+	try
+		{
+		interp->NewData(data, data + len);
+		}
+	catch ( const binpac::Exception& e )
+		{
+		return false;
+		}
+
+	return true;
+	}
+
+bool PE::EndOfFile()
+	{
+	return false;
+	}
diff --git a/src/file_analysis/analyzer/pe/PE.h b/src/file_analysis/analyzer/pe/PE.h
new file mode 100644
index 0000000000..4bdf7b3969
--- /dev/null
+++ b/src/file_analysis/analyzer/pe/PE.h
@@ -0,0 +1,35 @@
+#ifndef FILE_ANALYSIS_PE_H
+#define FILE_ANALYSIS_PE_H
+
+#include <string>
+
+#include "Val.h"
+#include "../File.h"
+#include "pe_pac.h"
+
+namespace file_analysis {
+
+/**
+ * Analyze Portable Executable files
+ */
+class PE : public file_analysis::Analyzer {
+public:
+	~PE();
+
+	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
+		{ return new PE(args, file); }
+
+	virtual bool DeliverStream(const u_char* data, uint64 len);
+
+	virtual bool EndOfFile();
+
+protected:
+	PE(RecordVal* args, File* file);
+	binpac::PE::File* interp;
+	binpac::PE::MockConnection* conn;
+	bool done;
+};
+
+} // namespace file_analysis
+
+#endif
diff --git a/src/analyzer/protocol/netflow/Plugin.cc b/src/file_analysis/analyzer/pe/Plugin.cc
similarity index 56%
rename from src/analyzer/protocol/netflow/Plugin.cc
rename to src/file_analysis/analyzer/pe/Plugin.cc
index 26107d0003..8601dedb67 100644
--- a/src/analyzer/protocol/netflow/Plugin.cc
+++ b/src/file_analysis/analyzer/pe/Plugin.cc
@@ -1,18 +1,21 @@
 // See the file  in the main distribution directory for copyright.
 
-
 #include "plugin/Plugin.h"
 
+#include "PE.h"
+
 namespace plugin {
-namespace Bro_NetFlow {
+namespace Bro_PE {
 
 class Plugin : public plugin::Plugin {
 public:
 	plugin::Configuration Configure()
 		{
+		AddComponent(new ::file_analysis::Component("PE", ::file_analysis::PE::Instantiate));
+
 		plugin::Configuration config;
-		config.name = "Bro::NetFlow";
-		config.description = "NetFlow parsing";
+		config.name = "Bro::PE";
+		config.description = "Portable Executable analyzer";
 		return config;
 		}
 } plugin;
diff --git a/src/file_analysis/analyzer/pe/events.bif b/src/file_analysis/analyzer/pe/events.bif
new file mode 100644
index 0000000000..c804937c49
--- /dev/null
+++ b/src/file_analysis/analyzer/pe/events.bif
@@ -0,0 +1,57 @@
+## A :abbr:`PE (Portable Executable)` file DOS header was parsed.
+## This is the top-level header and contains information like the
+## size of the file, initial value of registers, etc.
+##
+## f: The file.
+##
+## h: The parsed DOS header information.
+##
+## .. bro:see:: pe_dos_code pe_file_header pe_optional_header pe_section_header
+event pe_dos_header%(f: fa_file, h: PE::DOSHeader%);
+
+## A :abbr:`PE (Portable Executable)` file DOS stub was parsed.
+## The stub is a valid application that runs under MS-DOS, by default
+## to inform the user that the program can't be run in DOS mode.
+##
+## f: The file.
+##
+## code: The DOS stub
+##
+## .. bro:see:: pe_dos_header pe_file_header pe_optional_header pe_section_header
+event pe_dos_code%(f: fa_file, code: string%);
+
+## A :abbr:`PE (Portable Executable)` file file header was parsed.
+## This header contains information like the target machine,
+## the timestamp when the file was created, the number of sections, and
+## pointers to other parts of the file.
+##
+## f: The file.
+##
+## h: The parsed file header information.
+##
+## .. bro:see:: pe_dos_header pe_dos_code pe_optional_header pe_section_header
+event pe_file_header%(f: fa_file, h: PE::FileHeader%);
+
+## A :abbr:`PE (Portable Executable)` file optional header was parsed.
+## This header is required for executable files, but not for object files.
+## It contains information like OS requirements to execute the file, the
+## original entry point address, and information needed to load the file
+## into memory.
+##
+## f: The file.
+##
+## h: The parsed optional header information.
+##
+## .. bro:see:: pe_dos_header pe_dos_code pe_file_header pe_section_header
+event pe_optional_header%(f: fa_file, h: PE::OptionalHeader%);
+
+## A :abbr:`PE (Portable Executable)` file section header was parsed.
+## This header contains information like the section name, size, address,
+## and characteristics.
+##
+## f: The file.
+##
+## h: The parsed section header information.
+##
+## .. bro:see:: pe_dos_header pe_dos_code pe_file_header pe_optional_header
+event pe_section_header%(f: fa_file, h: PE::SectionHeader%);
diff --git a/src/file_analysis/analyzer/pe/pe-analyzer.pac b/src/file_analysis/analyzer/pe/pe-analyzer.pac
new file mode 100644
index 0000000000..ad55d30c55
--- /dev/null
+++ b/src/file_analysis/analyzer/pe/pe-analyzer.pac
@@ -0,0 +1,216 @@
+%extern{
+#include "Event.h"
+#include "file_analysis/File.h"
+#include "events.bif.h"
+%}
+
+%header{
+VectorVal* process_rvas(const RVAS* rvas, const uint16 size);
+%}
+
+%code{
+VectorVal* process_rvas(const RVAS* rva_table, const uint16 size)
+	{
+	VectorVal* rvas = new VectorVal(internal_type("index_vec")->AsVectorType());
+	for ( uint16 i=0; i < size; ++i )
+		rvas->Assign(i, new Val((*rva_table->rvas())[i]->size(), TYPE_COUNT));
+
+	return rvas;
+	}
+%}
+
+
+refine flow File += {
+
+	function characteristics_to_bro(c: uint32, len: uint8): TableVal
+		%{
+		uint64 mask = (len==16) ? 0xFFFF : 0xFFFFFFFF;
+		TableVal* char_set = new TableVal(internal_type("count_set")->AsTableType());
+		for ( uint16 i=0; i < len; ++i )
+			{
+			if ( ((c >> i) & 0x1) == 1 )
+				{
+				Val *ch = new Val((1<<i)&mask, TYPE_COUNT);
+				char_set->Assign(ch, 0);
+				Unref(ch);
+				}
+			}
+		return char_set;
+		%}
+
+	function proc_dos_header(h: DOS_Header): bool
+		%{
+		if ( pe_dos_header )
+			{
+			RecordVal* dh = new RecordVal(BifType::Record::PE::DOSHeader);
+			dh->Assign(0, new StringVal(${h.signature}.length(), (const char*) ${h.signature}.data()));
+			dh->Assign(1, new Val(${h.UsedBytesInTheLastPage}, TYPE_COUNT));
+			dh->Assign(2, new Val(${h.FileSizeInPages}, TYPE_COUNT));
+			dh->Assign(3, new Val(${h.NumberOfRelocationItems}, TYPE_COUNT));
+			dh->Assign(4, new Val(${h.HeaderSizeInParagraphs}, TYPE_COUNT));
+			dh->Assign(5, new Val(${h.MinimumExtraParagraphs}, TYPE_COUNT));
+			dh->Assign(6, new Val(${h.MaximumExtraParagraphs}, TYPE_COUNT));
+			dh->Assign(7, new Val(${h.InitialRelativeSS}, TYPE_COUNT));
+			dh->Assign(8, new Val(${h.InitialSP}, TYPE_COUNT));
+			dh->Assign(9, new Val(${h.Checksum}, TYPE_COUNT));
+			dh->Assign(10, new Val(${h.InitialIP}, TYPE_COUNT));
+			dh->Assign(11, new Val(${h.InitialRelativeCS}, TYPE_COUNT));
+			dh->Assign(12, new Val(${h.AddressOfRelocationTable}, TYPE_COUNT));
+			dh->Assign(13, new Val(${h.OverlayNumber}, TYPE_COUNT));
+			dh->Assign(14, new Val(${h.OEMid}, TYPE_COUNT));
+			dh->Assign(15, new Val(${h.OEMinfo}, TYPE_COUNT));
+			dh->Assign(16, new Val(${h.AddressOfNewExeHeader}, TYPE_COUNT));
+
+			BifEvent::generate_pe_dos_header((analyzer::Analyzer *) connection()->bro_analyzer(),
+			                                 connection()->bro_analyzer()->GetFile()->GetVal()->Ref(),
+			                                 dh);
+			}
+		return true;
+		%}
+
+	function proc_dos_code(code: bytestring): bool
+		%{
+		if ( pe_dos_code )
+			{
+			BifEvent::generate_pe_dos_code((analyzer::Analyzer *) connection()->bro_analyzer(),
+			                               connection()->bro_analyzer()->GetFile()->GetVal()->Ref(),
+			                               new StringVal(code.length(), (const char*) code.data()));
+			}
+		return true;
+		%}
+
+	function proc_nt_headers(h: NT_Headers): bool
+		%{
+		if ( ${h.PESignature} != 17744 ) // Number is uint32 version of "PE\0\0"
+			{
+			return false;
+			// FileViolation("PE Header signature is incorrect.");
+			}
+		return true;
+		%}
+
+	function proc_file_header(h: File_Header): bool
+		%{
+		if ( pe_file_header )
+			{
+			RecordVal* fh = new RecordVal(BifType::Record::PE::FileHeader);
+			fh->Assign(0, new Val(${h.Machine}, TYPE_COUNT));
+			fh->Assign(1, new Val(static_cast<double>(${h.TimeDateStamp}), TYPE_TIME));
+			fh->Assign(2, new Val(${h.PointerToSymbolTable}, TYPE_COUNT));
+			fh->Assign(3, new Val(${h.NumberOfSymbols}, TYPE_COUNT));
+			fh->Assign(4, new Val(${h.SizeOfOptionalHeader}, TYPE_COUNT));
+			fh->Assign(5, characteristics_to_bro(${h.Characteristics}, 16));
+			BifEvent::generate_pe_file_header((analyzer::Analyzer *) connection()->bro_analyzer(),
+			                                  connection()->bro_analyzer()->GetFile()->GetVal()->Ref(),
+			                                  fh);
+			}
+
+		return true;
+		%}
+
+	function proc_optional_header(h: Optional_Header): bool
+		%{
+		if ( ${h.magic} != 0x10b &&  // normal pe32 executable
+		     ${h.magic} != 0x107 &&  // rom image
+		     ${h.magic} != 0x20b )   // pe32+ executable
+			{
+			// FileViolation("PE Optional Header magic is invalid.");
+			return false;
+			}
+
+		if ( pe_optional_header )
+			{
+			RecordVal* oh = new RecordVal(BifType::Record::PE::OptionalHeader);
+
+			oh->Assign(0, new Val(${h.magic}, TYPE_COUNT));
+			oh->Assign(1, new Val(${h.major_linker_version}, TYPE_COUNT));
+			oh->Assign(2, new Val(${h.minor_linker_version}, TYPE_COUNT));
+			oh->Assign(3, new Val(${h.size_of_code}, TYPE_COUNT));
+			oh->Assign(4, new Val(${h.size_of_init_data}, TYPE_COUNT));
+			oh->Assign(5, new Val(${h.size_of_uninit_data}, TYPE_COUNT));
+			oh->Assign(6, new Val(${h.addr_of_entry_point}, TYPE_COUNT));
+			oh->Assign(7, new Val(${h.base_of_code}, TYPE_COUNT));
+
+			if ( ${h.pe_format} != PE32_PLUS )
+				oh->Assign(8, new Val(${h.base_of_data}, TYPE_COUNT));
+
+			oh->Assign(9, new Val(${h.image_base}, TYPE_COUNT));
+			oh->Assign(10, new Val(${h.section_alignment}, TYPE_COUNT));
+			oh->Assign(11, new Val(${h.file_alignment}, TYPE_COUNT));
+			oh->Assign(12, new Val(${h.os_version_major}, TYPE_COUNT));
+			oh->Assign(13, new Val(${h.os_version_minor}, TYPE_COUNT));
+			oh->Assign(14, new Val(${h.major_image_version}, TYPE_COUNT));
+			oh->Assign(15, new Val(${h.minor_image_version}, TYPE_COUNT));
+			oh->Assign(16, new Val(${h.minor_subsys_version}, TYPE_COUNT));
+			oh->Assign(17, new Val(${h.minor_subsys_version}, TYPE_COUNT));
+			oh->Assign(18, new Val(${h.size_of_image}, TYPE_COUNT));
+			oh->Assign(19, new Val(${h.size_of_headers}, TYPE_COUNT));
+			oh->Assign(20, new Val(${h.checksum}, TYPE_COUNT));
+			oh->Assign(21, new Val(${h.subsystem}, TYPE_COUNT));
+			oh->Assign(22, characteristics_to_bro(${h.dll_characteristics}, 16));
+
+			oh->Assign(23, process_rvas(${h.rvas}, ${h.number_of_rva_and_sizes}));
+
+			BifEvent::generate_pe_optional_header((analyzer::Analyzer *) connection()->bro_analyzer(),
+			                                      connection()->bro_analyzer()->GetFile()->GetVal()->Ref(),
+			                                      oh);
+			}
+		return true;
+		%}
+
+	function proc_section_header(h: Section_Header): bool
+		%{
+		if ( pe_section_header )
+			{
+			RecordVal* section_header = new RecordVal(BifType::Record::PE::SectionHeader);
+
+			// Strip null characters from the end of the section name.
+			u_char* first_null = (u_char*) memchr(${h.name}.data(), 0, ${h.name}.length());
+			uint16 name_len;
+			if ( first_null == NULL )
+				name_len = ${h.name}.length();
+			else
+				name_len = first_null - ${h.name}.data();
+			section_header->Assign(0, new StringVal(name_len, (const char*) ${h.name}.data()));
+
+			section_header->Assign(1, new Val(${h.virtual_size}, TYPE_COUNT));
+			section_header->Assign(2, new Val(${h.virtual_addr}, TYPE_COUNT));
+			section_header->Assign(3, new Val(${h.size_of_raw_data}, TYPE_COUNT));
+			section_header->Assign(4, new Val(${h.ptr_to_raw_data}, TYPE_COUNT));
+			section_header->Assign(5, new Val(${h.non_used_ptr_to_relocs}, TYPE_COUNT));
+			section_header->Assign(6, new Val(${h.non_used_ptr_to_line_nums}, TYPE_COUNT));
+			section_header->Assign(7, new Val(${h.non_used_num_of_relocs}, TYPE_COUNT));
+			section_header->Assign(8, new Val(${h.non_used_num_of_line_nums}, TYPE_COUNT));
+			section_header->Assign(9, characteristics_to_bro(${h.characteristics}, 32));
+
+			BifEvent::generate_pe_section_header((analyzer::Analyzer *) connection()->bro_analyzer(),
+			                                     connection()->bro_analyzer()->GetFile()->GetVal()->Ref(),
+			                                     section_header);
+			}
+		return true;
+		%}
+};
+
+refine typeattr DOS_Header += &let {
+	proc : bool = $context.flow.proc_dos_header(this);
+};
+
+refine typeattr DOS_Code += &let {
+	proc : bool = $context.flow.proc_dos_code(code);
+};
+
+refine typeattr NT_Headers += &let {
+	proc : bool = $context.flow.proc_nt_headers(this);
+};
+
+refine typeattr File_Header += &let {
+	proc : bool = $context.flow.proc_file_header(this);
+};
+
+refine typeattr Optional_Header += &let {
+	proc : bool = $context.flow.proc_optional_header(this);
+};
+
+refine typeattr Section_Header += &let {
+	proc: bool = $context.flow.proc_section_header(this);
+};
diff --git a/src/file_analysis/analyzer/pe/pe-file-headers.pac b/src/file_analysis/analyzer/pe/pe-file-headers.pac
new file mode 100644
index 0000000000..f12d76e035
--- /dev/null
+++ b/src/file_analysis/analyzer/pe/pe-file-headers.pac
@@ -0,0 +1,168 @@
+type Headers = record {
+	dos_header      : DOS_Header;
+	dos_code        : DOS_Code(dos_code_len);
+	pe_header       : NT_Headers;
+	section_headers : Section_Headers(pe_header.file_header.NumberOfSections);
+} &let {
+	dos_code_len: uint32 = dos_header.AddressOfNewExeHeader > 64 ? dos_header.AddressOfNewExeHeader - 64 : 0;
+	length: uint64 = 64 + dos_code_len + pe_header.length + section_headers.length;
+};
+
+# The DOS header gives us the offset of the NT headers
+type DOS_Header = record {
+	signature                : bytestring &length=2;
+	UsedBytesInTheLastPage   : uint16;
+	FileSizeInPages          : uint16;
+	NumberOfRelocationItems  : uint16;
+	HeaderSizeInParagraphs   : uint16;
+	MinimumExtraParagraphs   : uint16;
+	MaximumExtraParagraphs   : uint16;
+	InitialRelativeSS        : uint16;
+	InitialSP                : uint16;
+	Checksum                 : uint16;
+	InitialIP                : uint16;
+	InitialRelativeCS        : uint16;
+	AddressOfRelocationTable : uint16;
+	OverlayNumber            : uint16;
+	Reserved                 : uint16[4];
+	OEMid                    : uint16;
+	OEMinfo                  : uint16;
+	Reserved2                : uint16[10];
+	AddressOfNewExeHeader    : uint32;
+} &length=64;
+
+type DOS_Code(len: uint32) = record {
+	code : bytestring &length=len;
+};
+
+# The NT headers give us the file and the optional headers.
+type NT_Headers = record {
+	PESignature     : uint32;
+	file_header     : File_Header;
+	have_opt_header : case is_exe of {
+		true  -> optional_header : Optional_Header &length=file_header.SizeOfOptionalHeader;
+		false -> none: empty;
+		};
+} &let {
+	length: uint32 = file_header.SizeOfOptionalHeader + offsetof(have_opt_header);
+	is_exe: bool = file_header.SizeOfOptionalHeader > 0;
+	size_of_headers: uint32 = is_exe ? optional_header.size_of_headers : 0;
+} &length=length;
+
+# The file header is mainly self-describing
+type File_Header = record {
+	Machine               : uint16;
+	NumberOfSections      : uint16;
+	TimeDateStamp         : uint32;
+	PointerToSymbolTable  : uint32;
+	NumberOfSymbols       : uint32;
+	SizeOfOptionalHeader  : uint16;
+	Characteristics       : uint16;
+};
+
+# The optional header gives us DLL link information, and some structural information
+type Optional_Header = record {
+	magic                   : uint16;
+	major_linker_version    : uint8;
+	minor_linker_version    : uint8;
+	size_of_code            : uint32;
+	size_of_init_data       : uint32;
+	size_of_uninit_data     : uint32;
+	addr_of_entry_point     : uint32;
+	base_of_code            : uint32;
+	have_base_of_data: case pe_format of {
+		PE32    -> base_of_data: uint32;
+		default -> not_present:  empty;
+	} &requires(pe_format);
+	is_pe32: case pe_format of {
+		PE32_PLUS -> image_base_64: uint64;
+		default   -> image_base_32: uint32;
+	} &requires(pe_format);
+	section_alignment       : uint32;
+	file_alignment          : uint32;
+	os_version_major        : uint16;
+	os_version_minor        : uint16;
+	major_image_version     : uint16;
+	minor_image_version     : uint16;
+	major_subsys_version    : uint16;
+	minor_subsys_version    : uint16;
+	win32_version           : uint32;
+	size_of_image           : uint32;
+	size_of_headers         : uint32;
+	checksum                : uint32;
+	subsystem               : uint16;
+	dll_characteristics     : uint16;
+	mem: case pe_format of {
+		PE32      -> i32: Mem_Info32;
+		PE32_PLUS -> i64: Mem_Info64;
+		default -> InvalidPEFile : empty;
+	} &requires(pe_format);
+	loader_flags            : uint32;
+	number_of_rva_and_sizes : uint32;
+	rvas			: RVAS(number_of_rva_and_sizes);
+} &let {
+	pe_format : uint8 = $context.connection.set_pe32_format(magic);
+	image_base: uint64 = pe_format == PE32_PLUS ? image_base_64 : image_base_32;
+};
+
+type Section_Headers(num: uint16) = record {
+	sections : Section_Header[num];
+} &let {
+	length: uint32 = num*40;
+} &length=length;
+
+type Section_Header = record {
+	name                      : bytestring &length=8;
+	virtual_size              : uint32;
+	virtual_addr              : uint32;
+	size_of_raw_data          : uint32;
+	ptr_to_raw_data           : uint32;
+	non_used_ptr_to_relocs    : uint32;
+	non_used_ptr_to_line_nums : uint32;
+	non_used_num_of_relocs    : uint16;
+	non_used_num_of_line_nums : uint16;
+	characteristics           : uint32;
+} &let {
+	add_section: bool = $context.connection.add_section(this);
+} &length=40;
+
+refine connection MockConnection += {
+	%member{
+		uint64 max_file_location_;
+		uint8  pe32_format_;
+	%}
+
+	%init{
+		max_file_location_ = 0;
+		pe32_format_ = UNKNOWN_VERSION;;
+	%}
+
+	function add_section(h: Section_Header): bool
+		%{
+		if ( ${h.size_of_raw_data} + ${h.ptr_to_raw_data} > max_file_location_ )
+			max_file_location_ = ${h.size_of_raw_data} + ${h.ptr_to_raw_data};
+
+		return true;
+		%}
+
+	function set_pe32_format(magic: uint16): uint8
+		%{
+		if ( ${magic} == 0x10b )
+			pe32_format_ = PE32;
+
+		if ( ${magic} == 0x20b )
+			pe32_format_ = PE32_PLUS;
+
+		return pe32_format_;
+		%}
+
+	function get_max_file_location(): uint64
+		%{
+		return max_file_location_;
+		%}
+
+	function get_pe32_format(): uint8
+		%{
+		return pe32_format_;
+		%}
+};
diff --git a/src/file_analysis/analyzer/pe/pe-file-idata.pac b/src/file_analysis/analyzer/pe/pe-file-idata.pac
new file mode 100644
index 0000000000..795f3bbe38
--- /dev/null
+++ b/src/file_analysis/analyzer/pe/pe-file-idata.pac
@@ -0,0 +1,183 @@
+## Support for parsing the .idata section
+
+type import_directory = record {
+	rva_import_lookup_table : uint32;
+	time_date_stamp         : uint32;
+	forwarder_chain         : uint32;
+	rva_module_name         : uint32;
+	rva_import_addr_table   : uint32;
+} &let {
+	is_null: bool = rva_module_name == 0;
+	proc: bool = $context.connection.proc_image_import_directory(this);
+} &length=20;
+
+type import_lookup_attrs(pe32_format: uint8) = record {
+	is_pe32_plus: case pe32_format of {
+		PE32_PLUS -> attrs_64: uint64;
+		default   -> attrs_32: uint32;
+	};
+} &let {
+	import_by_ordinal: bool = (pe32_format == PE32_PLUS) ? (attrs_64 & 0x8000000000000000) > 1: (attrs_32 & 0x80000000) > 1;
+	attrs: uint64 = (pe32_format == PE32_PLUS) ? attrs_64 : attrs_32;
+	ordinal: uint16 = attrs & 0xff;
+	hint_rva: uint32 = attrs & 0xffff;
+	proc9000: bool = $context.connection.proc_import_lookup_attrs(this);
+} &length=(pe32_format == PE32_PLUS ? 8 : 4);
+
+type import_lookup_table = record {
+	attrs: import_lookup_attrs($context.connection.get_pe32_format())[] &until($element.attrs == 0);
+} &let {
+	proc: bool = $context.connection.proc_import_lookup_table(this);
+};
+
+type import_entry(is_module: bool, pad_align: uint8) = record {
+	pad: bytestring &length=pad_align;
+	has_index: case is_module of {
+		true  -> null: empty;
+		false -> index: uint16;
+	};
+	name: null_terminated_string;
+} &let {
+	proc_align: bool = $context.connection.proc_import_hint(name, is_module);
+};
+
+type idata = record {
+	directory_table : import_directory[] &until $element.is_null;
+	lookup_tables   : import_lookup_table[] &until $context.connection.get_num_imports() <= 0;
+	hint_table	: import_entry($context.connection.get_next_hint_type(), $context.connection.get_next_hint_align())[] &until($context.connection.imports_done());
+};
+
+refine typeattr RVAS += &let {
+	proc_import_table: bool = $context.connection.proc_idata_rva(rvas[1]) &if (num > 1);
+};
+
+refine connection MockConnection += {
+	%member{
+		uint8 num_imports_;        // How many import tables will we have?
+
+		uint32 import_table_rva_;  // Used for finding the right section
+		uint32 import_table_va_;
+		uint32 import_table_len_;
+
+		// We need to track the number of imports for each, to
+		// know when we've parsed them all.
+		vector<uint32> imports_per_module_;
+
+		// These are to determine the alignment of the import hints
+		uint32 next_hint_index_;
+		uint8 next_hint_align_;
+		bool next_hint_is_module_;
+
+		// Track the module name, so we know what each import's for
+		bytestring module_name_;
+	%}
+
+	%init{
+		// It ends with a null import entry, so we'll set it to -1.
+		num_imports_ = -1;
+
+		// First hint is a module name.
+		next_hint_is_module_ = true;
+		next_hint_index_ = 0;
+		next_hint_align_ = 0;
+
+		module_name_ = bytestring();
+	%}
+
+	%cleanup{
+		module_name_.free();
+	%}
+
+	# When we read the section header, store the relative virtual address and
+	# size of the .idata section, so we know when we get there.
+	function proc_idata_rva(r: RVA): bool
+		%{
+		import_table_rva_ = ${r.virtual_address};
+		import_table_len_ = ${r.size};
+
+		return true;
+		%}
+
+	# Each import directory means another module we're importing from.
+	function proc_image_import_directory(i: import_directory): bool
+		%{
+		printf("Parsed import directory. name@%x, IAT@%x\n", ${i.rva_module_name}, ${i.rva_import_addr_table});
+		num_imports_++;
+		return true;
+		%}
+
+	# Store the number of functions imported in each module lookup table.
+	function proc_import_lookup_table(t: import_lookup_table): bool
+		%{
+		--num_imports_;
+		imports_per_module_.push_back(${t.attrs}->size());
+		return true;
+		%}
+
+	function proc_import_lookup_attrs(t: import_lookup_attrs): bool
+		%{
+		printf("Parsed import lookup attrs. Hints @%x\n", ${t.hint_rva});
+		return true;
+		%}
+
+	# We need to calculate the length of the next padding field
+	function proc_import_hint(hint_name: bytestring, is_module: bool): bool
+		%{
+		printf("Parsed import hint\n");
+		next_hint_align_ = ${hint_name}.length() % 2;
+		if ( is_module && ${hint_name}.length() > 1 )
+			{
+			module_name_.clear();
+			module_name_.init(${hint_name}.data(), ${hint_name}.length() - 1);
+			}
+
+		return true;
+		%}
+
+	# Functions have an index field, modules don't. Which one is this?
+	function get_next_hint_type(): bool
+		%{
+		if ( next_hint_is_module_ )
+			{
+			next_hint_is_module_ = false;
+			return true;
+			}
+		if ( --imports_per_module_[next_hint_index_] == 0)
+			{
+			++next_hint_index_;
+			return true;
+			}
+		return false;
+		%}
+
+	function imports_done(): bool
+		%{
+		return next_hint_index_ == imports_per_module_.size();
+		%}
+
+	function get_module_name(): bytestring
+		%{
+		return module_name_;
+		%}
+
+	function get_import_table_addr(): uint32
+		%{
+		return import_table_va_ > 0 ? import_table_va_ : 0;
+		%}
+
+	function get_import_table_len(): uint32
+		%{
+		return import_table_va_ > 0 ? import_table_len_ : 0;
+		%}
+
+	function get_num_imports(): uint8
+		%{
+		return num_imports_;
+		%}
+
+	function get_next_hint_align(): uint8
+		%{
+		return next_hint_align_;
+		%}
+
+};
diff --git a/src/file_analysis/analyzer/pe/pe-file-types.pac b/src/file_analysis/analyzer/pe/pe-file-types.pac
new file mode 100644
index 0000000000..b2fa934dc4
--- /dev/null
+++ b/src/file_analysis/analyzer/pe/pe-file-types.pac
@@ -0,0 +1,37 @@
+# Basic PE types
+
+enum PE_File_Format {
+	UNKNOWN_VERSION = 0,
+	PE32            = 1,
+	PE32_PLUS       = 2,
+};
+
+type Mem_Info32 = record {
+	size_of_stack_reserve : uint32;
+	size_of_stack_commit  : uint32;
+	size_of_heap_reserve  : uint32;
+	size_of_heap_commit   : uint32;
+} &byteorder=littleendian &length=16;
+
+type Mem_Info64 = record {
+	size_of_stack_reserve : uint64;
+	size_of_stack_commit  : uint64;
+	size_of_heap_reserve  : uint64;
+	size_of_heap_commit   : uint64;
+} &byteorder=littleendian &length=32;
+
+type RVAS(num: uint32) = record {
+	rvas : RVA[num];
+};
+
+type RVA = record {
+	virtual_address : uint32;
+	size		: uint32;
+} &length=8;
+
+# The BinPAC padding type doesn't work here.
+type Padding(length: uint64) = record {
+	pad: bytestring &length=length &transient;
+};
+
+type null_terminated_string = RE/[A-Za-z0-9.]+\x00/;
diff --git a/src/file_analysis/analyzer/pe/pe-file.pac b/src/file_analysis/analyzer/pe/pe-file.pac
new file mode 100644
index 0000000000..3eed9ad5bd
--- /dev/null
+++ b/src/file_analysis/analyzer/pe/pe-file.pac
@@ -0,0 +1,40 @@
+%include pe-file-types.pac
+%include pe-file-headers.pac
+
+# The base record for a Portable Executable file
+type PE_File = case $context.connection.is_done() of {
+	false -> PE      : Portable_Executable;
+	true  -> overlay : bytestring &length=1 &transient;
+};
+
+type Portable_Executable = record {
+	headers : Headers;
+	pad     : Padding(restofdata);
+} &let {
+	unparsed_hdr_len: uint32 = headers.pe_header.size_of_headers - headers.length;
+	data_post_hdrs:   uint64 = $context.connection.get_max_file_location() - headers.pe_header.size_of_headers + unparsed_hdr_len;
+	restofdata:       uint64 = headers.pe_header.is_exe ? data_post_hdrs : 0;
+	proc:             bool   = $context.connection.mark_done();
+} &byteorder=littleendian;
+
+refine connection MockConnection += {
+
+	%member{
+		bool done_;
+	%}
+
+	%init{
+		done_ = false;
+	%}
+
+	function mark_done(): bool
+		%{
+		done_ = true;
+		return true;
+		%}
+
+	function is_done(): bool
+		%{
+		return done_;
+		%}
+};
diff --git a/src/file_analysis/analyzer/pe/pe.pac b/src/file_analysis/analyzer/pe/pe.pac
new file mode 100644
index 0000000000..df7c3011d9
--- /dev/null
+++ b/src/file_analysis/analyzer/pe/pe.pac
@@ -0,0 +1,20 @@
+%include binpac.pac
+%include bro.pac
+
+analyzer PE withcontext {
+	connection: MockConnection;
+	flow:       File;
+};
+
+connection MockConnection(bro_analyzer: BroFileAnalyzer) {
+	upflow = File;
+	downflow = File;
+};
+
+%include pe-file.pac
+
+flow File {
+	flowunit = PE_File withcontext(connection, this);
+}
+ 
+%include pe-analyzer.pac
diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc
index 69f399c9dc..8c70597dca 100644
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@@ -104,13 +104,35 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val)
 	len = BIO_gets(bio, buf, sizeof(buf));
 	pX509Cert->Assign(2, new StringVal(len, buf));
 	BIO_reset(bio);
+
+	X509_NAME *subject_name = X509_get_subject_name(ssl_cert);
+	// extract the most specific (last) common name from the subject
+	int namepos = -1;
+	for ( ;; )
+		{
+		int j = X509_NAME_get_index_by_NID(subject_name, NID_commonName, namepos);
+		if ( j == -1 )
+			break;
+
+		namepos = j;
+		}
+
+	if ( namepos != -1 )
+		{
+		// we found a common name
+		ASN1_STRING_print(bio, X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject_name, namepos)));
+		len = BIO_gets(bio, buf, sizeof(buf));
+		pX509Cert->Assign(4, new StringVal(len, buf));
+		BIO_reset(bio);
+		}
+
 	X509_NAME_print_ex(bio, X509_get_issuer_name(ssl_cert), 0, XN_FLAG_RFC2253);
 	len = BIO_gets(bio, buf, sizeof(buf));
 	pX509Cert->Assign(3, new StringVal(len, buf));
 	BIO_free(bio);
 
-	pX509Cert->Assign(4, new Val(GetTimeFromAsn1(X509_get_notBefore(ssl_cert)), TYPE_TIME));
-	pX509Cert->Assign(5, new Val(GetTimeFromAsn1(X509_get_notAfter(ssl_cert)), TYPE_TIME));
+	pX509Cert->Assign(5, new Val(GetTimeFromAsn1(X509_get_notBefore(ssl_cert)), TYPE_TIME));
+	pX509Cert->Assign(6, new Val(GetTimeFromAsn1(X509_get_notAfter(ssl_cert)), TYPE_TIME));
 
 	// we only read 255 bytes because byte 256 is always 0.
 	// if the string is longer than 255, that will be our null-termination,
@@ -118,28 +140,41 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val)
 	if ( ! i2t_ASN1_OBJECT(buf, 255, ssl_cert->cert_info->key->algor->algorithm) )
 		buf[0] = 0;
 
-	pX509Cert->Assign(6, new StringVal(buf));
+	pX509Cert->Assign(7, new StringVal(buf));
+
+	// Special case for RDP server certificates. For some reason some (all?) RDP server
+	// certificates like to specify their key algorithm as md5WithRSAEncryption, which
+	// is wrong on so many levels. We catch this special case here and set it to what is
+	// actually should be (namely - rsaEncryption), so that OpenSSL will parse out the
+	// key later. Otherwise it will just fail to parse the certificate key.
+
+	ASN1_OBJECT* old_algorithm = 0;
+	if ( OBJ_obj2nid(ssl_cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption )
+		{
+		old_algorithm = ssl_cert->cert_info->key->algor->algorithm;
+		ssl_cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+		}
 
 	if ( ! i2t_ASN1_OBJECT(buf, 255, ssl_cert->sig_alg->algorithm) )
 		buf[0] = 0;
 
-	pX509Cert->Assign(7, new StringVal(buf));
+	pX509Cert->Assign(8, new StringVal(buf));
 
 	// Things we can do when we have the key...
 	EVP_PKEY *pkey = X509_extract_key(ssl_cert);
 	if ( pkey != NULL )
 		{
 		if ( pkey->type == EVP_PKEY_DSA )
-			pX509Cert->Assign(8, new StringVal("dsa"));
+			pX509Cert->Assign(9, new StringVal("dsa"));
 
 		else if ( pkey->type == EVP_PKEY_RSA )
 			{
-			pX509Cert->Assign(8, new StringVal("rsa"));
+			pX509Cert->Assign(9, new StringVal("rsa"));
 
 			char *exponent = BN_bn2dec(pkey->pkey.rsa->e);
 			if ( exponent != NULL )
 				{
-				pX509Cert->Assign(10, new StringVal(exponent));
+				pX509Cert->Assign(11, new StringVal(exponent));
 				OPENSSL_free(exponent);
 				exponent = NULL;
 				}
@@ -147,14 +182,19 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val)
 #ifndef OPENSSL_NO_EC
 		else if ( pkey->type == EVP_PKEY_EC )
 			{
-			pX509Cert->Assign(8, new StringVal("ecdsa"));
-			pX509Cert->Assign(11, KeyCurve(pkey));
+			pX509Cert->Assign(9, new StringVal("ecdsa"));
+			pX509Cert->Assign(12, KeyCurve(pkey));
 			}
 #endif
 
+		// set key algorithm back. We do not have to free the value that we created because (I think) it
+		// comes out of a static array from OpenSSL memory.
+		if ( old_algorithm )
+			ssl_cert->cert_info->key->algor->algorithm = old_algorithm;
+
 		unsigned int length = KeyLength(pkey);
 		if ( length > 0 )
-			pX509Cert->Assign(9, new Val(length, TYPE_COUNT));
+			pX509Cert->Assign(10, new Val(length, TYPE_COUNT));
 
 		EVP_PKEY_free(pkey);
 		}
diff --git a/src/input.h b/src/input.h
index d07a82f2ee..f0f402b23b 100644
--- a/src/input.h
+++ b/src/input.h
@@ -46,6 +46,4 @@ extern vector<string> params;
 class Stmt;
 extern Stmt* stmts;	// global statements
 
-extern int optimize;
-
 #endif
diff --git a/src/input/Component.cc b/src/input/Component.cc
index fd70c76216..b7c5d5e30b 100644
--- a/src/input/Component.cc
+++ b/src/input/Component.cc
@@ -9,7 +9,7 @@
 using namespace input;
 
 Component::Component(const std::string& name, factory_callback arg_factory)
-	: plugin::Component(plugin::component::WRITER, name)
+	: plugin::Component(plugin::component::READER, name)
 	{
 	factory = arg_factory;
 
diff --git a/src/input/Manager.cc b/src/input/Manager.cc
index 044f9fcae3..6360e440f4 100644
--- a/src/input/Manager.cc
+++ b/src/input/Manager.cc
@@ -971,7 +971,7 @@ Val* Manager::RecordValToIndexVal(RecordVal *r)
 	}
 
 
-Val* Manager::ValueToIndexVal(int num_fields, const RecordType *type, const Value* const *vals)
+Val* Manager::ValueToIndexVal(const Stream* i, int num_fields, const RecordType *type, const Value* const *vals, bool& have_error)
 	{
 	Val* idxval;
 	int position = 0;
@@ -979,7 +979,7 @@ Val* Manager::ValueToIndexVal(int num_fields, const RecordType *type, const Valu
 
 	if ( num_fields == 1 && type->FieldType(0)->Tag() != TYPE_RECORD  )
 		{
-		idxval = ValueToVal(vals[0], type->FieldType(0));
+		idxval = ValueToVal(i, vals[0], type->FieldType(0), have_error);
 		position = 1;
 		}
 	else
@@ -988,11 +988,11 @@ Val* Manager::ValueToIndexVal(int num_fields, const RecordType *type, const Valu
 		for ( int j = 0 ; j < type->NumFields(); j++ )
 			{
 			if ( type->FieldType(j)->Tag() == TYPE_RECORD )
-				l->Append(ValueToRecordVal(vals,
-				          type->FieldType(j)->AsRecordType(), &position));
+				l->Append(ValueToRecordVal(i, vals,
+				          type->FieldType(j)->AsRecordType(), &position, have_error));
 			else
 				{
-				l->Append(ValueToVal(vals[position], type->FieldType(j)));
+				l->Append(ValueToVal(i, vals[position], type->FieldType(j), have_error));
 				position++;
 				}
 			}
@@ -1079,7 +1079,7 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals)
 		{
 		// seen before
 		if ( stream->num_val_fields == 0 || h->valhash == valhash )
-	       		{
+			{
 			// ok, exact duplicate, move entry to new dicrionary and do nothing else.
 			stream->lastDict->Remove(idxhash);
 			stream->currDict->Insert(idxhash, h);
@@ -1094,8 +1094,8 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals)
 			stream->lastDict->Remove(idxhash);
 			// keep h for predicates
 			updated = true;
-
 			}
+
 		}
 
 	Val* valval;
@@ -1103,63 +1103,68 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals)
 
 	int position = stream->num_idx_fields;
 
+	bool convert_error = false; // this will be set to true by ValueTo* on Error
+
 	if ( stream->num_val_fields == 0 )
 		valval = 0;
 
 	else if ( stream->num_val_fields == 1 && !stream->want_record )
-		valval = ValueToVal(vals[position], stream->rtype->FieldType(0));
+		valval = ValueToVal(i, vals[position], stream->rtype->FieldType(0), convert_error);
 
 	else
-		valval = ValueToRecordVal(vals, stream->rtype, &position);
-
+		valval = ValueToRecordVal(i, vals, stream->rtype, &position, convert_error);
 
 	// call stream first to determine if we really add / change the entry
-	if ( stream->pred )
+	if ( stream->pred && ! convert_error )
 		{
 		EnumVal* ev;
 		int startpos = 0;
-		predidx = ValueToRecordVal(vals, stream->itype, &startpos);
+		bool pred_convert_error = false;
+		predidx = ValueToRecordVal(i, vals, stream->itype, &startpos, pred_convert_error);
 
-		if ( updated )
-			ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, BifType::Enum::Input::Event);
-		else
-			ev = new EnumVal(BifEnum::Input::EVENT_NEW, BifType::Enum::Input::Event);
-
-		bool result;
-		if ( stream->num_val_fields > 0 ) // we have values
-			result = CallPred(stream->pred, 3, ev, predidx->Ref(), valval->Ref());
-		else // no values
-			result = CallPred(stream->pred, 2, ev, predidx->Ref());
-
-		if ( result == false )
+		// if we encountered a convert error here - just continue as we would have without
+		// emitting the event. I do not really think that that can happen just here and not
+		// at the top-level. But - this is safe.
+		if ( ! pred_convert_error )
 			{
-			Unref(predidx);
-			Unref(valval);
-
-			if ( ! updated )
-				{
-				// just quit and delete everything we created.
-				delete idxhash;
-				return stream->num_val_fields + stream->num_idx_fields;
-				}
-
+			if ( updated )
+				ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, BifType::Enum::Input::Event);
 			else
+				ev = new EnumVal(BifEnum::Input::EVENT_NEW, BifType::Enum::Input::Event);
+
+			bool result;
+			if ( stream->num_val_fields > 0 ) // we have values
+				result = CallPred(stream->pred, 3, ev, predidx->Ref(), valval->Ref());
+			else // no values
+				result = CallPred(stream->pred, 2, ev, predidx->Ref());
+
+			if ( result == false )
 				{
-				// keep old one
-				stream->currDict->Insert(idxhash, h);
-				delete idxhash;
-				return stream->num_val_fields + stream->num_idx_fields;
+				Unref(predidx);
+				Unref(valval);
+
+				if ( ! updated )
+					{
+					// just quit and delete everything we created.
+					delete idxhash;
+					return stream->num_val_fields + stream->num_idx_fields;
+					}
+
+				else
+					{
+					// keep old one
+					stream->currDict->Insert(idxhash, h);
+					delete idxhash;
+					return stream->num_val_fields + stream->num_idx_fields;
+					}
 				}
 			}
+
 		}
 
 	// now we don't need h anymore - if we are here, the entry is updated and a new h is created.
-	if ( h )
-		{
-		delete h;
-		h = 0;
-		}
-
+	delete h;
+	h = 0;
 
 	Val* idxval;
 	if ( predidx != 0 )
@@ -1168,7 +1173,20 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals)
 		// I think there is an unref missing here. But if I insert is, it crashes :)
 		}
 	else
-		idxval = ValueToIndexVal(stream->num_idx_fields, stream->itype, vals);
+		idxval = ValueToIndexVal(i, stream->num_idx_fields, stream->itype, vals, convert_error);
+
+	if ( convert_error )
+		{
+		// abort here and free everything that was allocated so far.
+		Unref(predidx);
+		Unref(valval);
+		Unref(idxval);
+
+		delete idxhash;
+		return stream->num_val_fields + stream->num_idx_fields;
+		}
+
+	assert(idxval);
 
 	Val* oldval = 0;
 	if ( updated == true )
@@ -1178,7 +1196,6 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals)
 		oldval = stream->tab->Lookup(idxval, false);
 		}
 
-	assert(idxval);
 	HashKey* k = stream->tab->ComputeHash(idxval);
 	if ( ! k )
 		reporter->InternalError("could not hash");
@@ -1203,16 +1220,21 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals)
 		{
 		EnumVal* ev;
 		int startpos = 0;
-		Val* predidx = ValueToRecordVal(vals, stream->itype, &startpos);
+		Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos, convert_error);
 
-		if ( updated )
+		if ( convert_error )
+			{
+			// the only thing to clean up here is predidx. Everything else should
+			// already be ok again
+			Unref(predidx);
+			}
+		else if ( updated )
 			{ // in case of update send back the old value.
 			assert ( stream->num_val_fields > 0 );
 			ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, BifType::Enum::Input::Event);
 			assert ( oldval != 0 );
 			SendEvent(stream->event, 4, stream->description->Ref(), ev, predidx, oldval);
 			}
-
 		else
 			{
 			ev = new EnumVal(BifEnum::Input::EVENT_NEW, BifType::Enum::Input::Event);
@@ -1223,7 +1245,6 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals)
 				}
 			else
 				SendEvent(stream->event, 4, stream->description->Ref(), ev, predidx, valval->Ref());
-
 			}
 		}
 
@@ -1416,7 +1437,6 @@ int Manager::SendEventStreamEvent(Stream* i, EnumVal* type, const Value* const *
 	assert(i->stream_type == EVENT_STREAM);
 	EventStream* stream = (EventStream*) i;
 
-	Val *val;
 	list<Val*> out_vals;
 	Ref(stream->description);
 	out_vals.push_back(stream->description);
@@ -1425,9 +1445,11 @@ int Manager::SendEventStreamEvent(Stream* i, EnumVal* type, const Value* const *
 
 	int position = 0;
 
+	bool convert_error = false;
+
 	if ( stream->want_record )
 		{
-		RecordVal * r = ValueToRecordVal(vals, stream->fields, &position);
+		RecordVal * r = ValueToRecordVal(i, vals, stream->fields, &position, convert_error);
 		out_vals.push_back(r);
 		}
 
@@ -1438,13 +1460,13 @@ int Manager::SendEventStreamEvent(Stream* i, EnumVal* type, const Value* const *
 			Val* val = 0;
 
 			if ( stream->fields->FieldType(j)->Tag() == TYPE_RECORD )
-				val = ValueToRecordVal(vals,
+				val = ValueToRecordVal(i, vals,
 						stream->fields->FieldType(j)->AsRecordType(),
-						&position);
+						&position, convert_error);
 
 			else
 				{
-				val =  ValueToVal(vals[position], stream->fields->FieldType(j));
+				val = ValueToVal(i, vals[position], stream->fields->FieldType(j), convert_error);
 				position++;
 				}
 
@@ -1452,7 +1474,14 @@ int Manager::SendEventStreamEvent(Stream* i, EnumVal* type, const Value* const *
 			}
 		}
 
-	SendEvent(stream->event, out_vals);
+	if ( convert_error )
+		{
+		// we have an error somewhere in our out_vals. Just delete all of them.
+		for ( list<Val*>::const_iterator it = out_vals.begin(), end = out_vals.end(); it != end; ++it )
+			Unref(*it);
+		}
+	else
+		SendEvent(stream->event, out_vals);
 
 	return stream->num_fields;
 	}
@@ -1464,7 +1493,9 @@ int Manager::PutTable(Stream* i, const Value* const *vals)
 	assert(i->stream_type == TABLE_STREAM);
 	TableStream* stream = (TableStream*) i;
 
-	Val* idxval = ValueToIndexVal(stream->num_idx_fields, stream->itype, vals);
+	bool convert_error = 0;
+
+	Val* idxval = ValueToIndexVal(i, stream->num_idx_fields, stream->itype, vals, convert_error);
 	Val* valval;
 
 	int position = stream->num_idx_fields;
@@ -1473,9 +1504,16 @@ int Manager::PutTable(Stream* i, const Value* const *vals)
 		valval = 0;
 
 	else if ( stream->num_val_fields == 1 && stream->want_record == 0 )
-		valval = ValueToVal(vals[position], stream->rtype->FieldType(0));
+		valval = ValueToVal(i, vals[position], stream->rtype->FieldType(0), convert_error);
 	else
-		valval = ValueToRecordVal(vals, stream->rtype, &position);
+		valval = ValueToRecordVal(i, vals, stream->rtype, &position, convert_error);
+
+	if ( convert_error )
+		{
+		Unref(valval);
+		Unref(idxval);
+		return stream->num_idx_fields + stream->num_val_fields;
+		}
 
 	// if we have a subscribed event, we need to figure out, if this is an update or not
 	// same for predicates
@@ -1503,31 +1541,37 @@ int Manager::PutTable(Stream* i, const Value* const *vals)
 			{
 			EnumVal* ev;
 			int startpos = 0;
-			Val* predidx = ValueToRecordVal(vals, stream->itype, &startpos);
+			bool pred_convert_error = false;
+			Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos, pred_convert_error);
 
-			if ( updated )
-				ev = new EnumVal(BifEnum::Input::EVENT_CHANGED,
-						 BifType::Enum::Input::Event);
+			if ( pred_convert_error )
+				Unref(predidx);
 			else
-				ev = new EnumVal(BifEnum::Input::EVENT_NEW,
-						 BifType::Enum::Input::Event);
-
-			bool result;
-			if ( stream->num_val_fields > 0 ) // we have values
 				{
-				Ref(valval);
-				result = CallPred(stream->pred, 3, ev, predidx, valval);
-				}
-			else // no values
-				result = CallPred(stream->pred, 2, ev, predidx);
+				if ( updated )
+					ev = new EnumVal(BifEnum::Input::EVENT_CHANGED,
+							 BifType::Enum::Input::Event);
+				else
+					ev = new EnumVal(BifEnum::Input::EVENT_NEW,
+							 BifType::Enum::Input::Event);
 
-			if ( result == false )
-				{
-				// do nothing
-				Unref(idxval);
-				Unref(valval);
-				Unref(oldval);
-				return stream->num_val_fields + stream->num_idx_fields;
+				bool result;
+				if ( stream->num_val_fields > 0 ) // we have values
+					{
+					Ref(valval);
+					result = CallPred(stream->pred, 3, ev, predidx, valval);
+					}
+				else // no values
+					result = CallPred(stream->pred, 2, ev, predidx);
+
+				if ( result == false )
+					{
+					// do nothing
+					Unref(idxval);
+					Unref(valval);
+					Unref(oldval);
+					return stream->num_val_fields + stream->num_idx_fields;
+					}
 				}
 
 			}
@@ -1538,28 +1582,34 @@ int Manager::PutTable(Stream* i, const Value* const *vals)
 			{
 			EnumVal* ev;
 			int startpos = 0;
-			Val* predidx = ValueToRecordVal(vals, stream->itype, &startpos);
+			bool event_convert_error = false;
+			Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos, event_convert_error);
 
-			if ( updated )
-				{
-				// in case of update send back the old value.
-				assert ( stream->num_val_fields > 0 );
-				ev = new EnumVal(BifEnum::Input::EVENT_CHANGED,
-						 BifType::Enum::Input::Event);
-				assert ( oldval != 0 );
-				SendEvent(stream->event, 4, stream->description->Ref(),
-					  ev, predidx, oldval);
-				}
+			if ( event_convert_error )
+				Unref(predidx);
 			else
 				{
-				ev = new EnumVal(BifEnum::Input::EVENT_NEW,
-					       	 BifType::Enum::Input::Event);
-				if ( stream->num_val_fields == 0 )
+				if ( updated )
+					{
+					// in case of update send back the old value.
+					assert ( stream->num_val_fields > 0 );
+					ev = new EnumVal(BifEnum::Input::EVENT_CHANGED,
+							 BifType::Enum::Input::Event);
+					assert ( oldval != 0 );
 					SendEvent(stream->event, 4, stream->description->Ref(),
-						  ev, predidx);
+							ev, predidx, oldval);
+					}
 				else
-					SendEvent(stream->event, 4, stream->description->Ref(),
-						  ev, predidx, valval->Ref());
+					{
+					ev = new EnumVal(BifEnum::Input::EVENT_NEW,
+										 BifType::Enum::Input::Event);
+					if ( stream->num_val_fields == 0 )
+						SendEvent(stream->event, 4, stream->description->Ref(),
+								ev, predidx);
+					else
+						SendEvent(stream->event, 4, stream->description->Ref(),
+								ev, predidx, valval->Ref());
+					}
 				}
 
 			}
@@ -1612,29 +1662,42 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals)
 	if ( i->stream_type == TABLE_STREAM )
 		{
 		TableStream* stream = (TableStream*) i;
-		Val* idxval = ValueToIndexVal(stream->num_idx_fields, stream->itype, vals);
+		bool convert_error = false;
+		Val* idxval = ValueToIndexVal(i, stream->num_idx_fields, stream->itype, vals, convert_error);
 		assert(idxval != 0);
 		readVals = stream->num_idx_fields + stream->num_val_fields;
 		bool streamresult = true;
 
+		if ( convert_error )
+			{
+			Unref(idxval);
+			return false;
+			}
+
 		if ( stream->pred || stream->event )
 			{
 			Val *val = stream->tab->Lookup(idxval);
 
 			if ( stream->pred )
 				{
-				Ref(val);
-				EnumVal *ev = new EnumVal(BifEnum::Input::EVENT_REMOVED, BifType::Enum::Input::Event);
 				int startpos = 0;
-				Val* predidx = ValueToRecordVal(vals, stream->itype, &startpos);
+				Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos, convert_error);
 
-				streamresult = CallPred(stream->pred, 3, ev, predidx, val);
-
-				if ( streamresult == false )
+				if ( convert_error )
+					Unref(predidx);
+				else
 					{
-					// keep it.
-					Unref(idxval);
-					success = true;
+					Ref(val);
+					EnumVal *ev = new EnumVal(BifEnum::Input::EVENT_REMOVED, BifType::Enum::Input::Event);
+
+					streamresult = CallPred(stream->pred, 3, ev, predidx, val);
+
+					if ( streamresult == false )
+						{
+						// keep it.
+						Unref(idxval);
+						success = true;
+						}
 					}
 
 				}
@@ -1708,8 +1771,15 @@ bool Manager::CallPred(Func* pred_func, const int numvals, ...)
 	return result;
 	}
 
-bool Manager::SendEvent(const string& name, const int num_vals, Value* *vals)
+bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int num_vals, Value* *vals)
 	{
+	Stream *i = FindStream(reader);
+	if ( i == 0 )
+		{
+		reporter->InternalWarning("Unknown reader %s in SendEvent for event %s", reader->Name(), name.c_str());
+		return false;
+		}
+
 	EventHandler* handler = event_registry->Lookup(name.c_str());
 	if ( handler == 0 )
 		{
@@ -1732,13 +1802,22 @@ bool Manager::SendEvent(const string& name, const int num_vals, Value* *vals)
 		return false;
 		}
 
-	val_list* vl = new val_list;
-	for ( int i = 0; i < num_vals; i++)
-		vl->append(ValueToVal(vals[i], type->FieldType(i)));
+	bool convert_error = false;
 
-	mgr.QueueEvent(handler, vl, SOURCE_LOCAL);
+	val_list* vl = new val_list;
+	for ( int j = 0; j < num_vals; j++)
+		vl->append(ValueToVal(i, vals[j], type->FieldType(j), convert_error));
 
 	delete_value_ptr_array(vals, num_vals);
+
+	if ( convert_error )
+		{
+		delete_vals(vl);
+		return false;
+		}
+	else
+		mgr.QueueEvent(handler, vl, SOURCE_LOCAL);
+
 	return true;
 }
 
@@ -1809,8 +1888,8 @@ RecordVal* Manager::ListValToRecordVal(ListVal* list, RecordType *request_type,
 	}
 
 // Convert a threading value to a record value
-RecordVal* Manager::ValueToRecordVal(const Value* const *vals,
-	                             RecordType *request_type, int* position)
+RecordVal* Manager::ValueToRecordVal(const Stream* stream, const Value* const *vals,
+	                             RecordType *request_type, int* position, bool& have_error)
 	{
 	assert(position != 0); // we need the pointer to point to data.
 
@@ -1819,7 +1898,7 @@ RecordVal* Manager::ValueToRecordVal(const Value* const *vals,
 		{
 		Val* fieldVal = 0;
 		if ( request_type->FieldType(i)->Tag() == TYPE_RECORD )
-			fieldVal = ValueToRecordVal(vals, request_type->FieldType(i)->AsRecordType(), position);
+			fieldVal = ValueToRecordVal(stream, vals, request_type->FieldType(i)->AsRecordType(), position, have_error);
 		else if ( request_type->FieldType(i)->Tag() == TYPE_FILE ||
 			  request_type->FieldType(i)->Tag() == TYPE_FUNC )
 			{
@@ -1834,7 +1913,7 @@ RecordVal* Manager::ValueToRecordVal(const Value* const *vals,
 			}
 		else
 			{
-			fieldVal = ValueToVal(vals[*position], request_type->FieldType(i));
+			fieldVal = ValueToVal(stream, vals[*position], request_type->FieldType(i), have_error);
 			(*position)++;
 			}
 
@@ -2103,12 +2182,17 @@ HashKey* Manager::HashValues(const int num_elements, const Value* const *vals)
 	}
 
 // convert threading value to Bro value
-Val* Manager::ValueToVal(const Value* val, BroType* request_type)
+// have_error is a reference to a boolean which is set to true as soon as an error occured.
+// When have_error is set to true at the beginning of the function, it is assumed that
+// an error already occured in the past and processing is aborted.
+Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_type, bool& have_error)
 	{
+	if ( have_error )
+		return 0;
 
 	if ( request_type->Tag() != TYPE_ANY && request_type->Tag() != val->type )
 		{
-		reporter->InternalError("Typetags don't match: %d vs %d", request_type->Tag(), val->type);
+		reporter->InternalError("Typetags don't match: %d vs %d in stream %s", request_type->Tag(), val->type, i->name.c_str());
 		return 0;
 		}
 
@@ -2189,11 +2273,12 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type)
 		set_index->Append(type->Ref());
 		SetType* s = new SetType(set_index, 0);
 		TableVal* t = new TableVal(s);
-		for ( int i = 0; i < val->val.set_val.size; i++ )
+		for ( int j = 0; j < val->val.set_val.size; j++ )
 			{
-			Val* assignval = ValueToVal( val->val.set_val.vals[i], type );
+			Val* assignval = ValueToVal(i, val->val.set_val.vals[j], type, have_error);
+
 			t->Assign(assignval, 0);
-			Unref(assignval); // idex is not consumed by assign.
+			Unref(assignval); // index is not consumed by assign.
 			}
 
 		Unref(s);
@@ -2206,8 +2291,10 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type)
 		BroType* type = request_type->AsVectorType()->YieldType();
 		VectorType* vt = new VectorType(type->Ref());
 		VectorVal* v = new VectorVal(vt);
-		for (  int i = 0; i < val->val.vector_val.size; i++ )
-			v->Assign(i, ValueToVal( val->val.set_val.vals[i], type ));
+		for ( int j = 0; j < val->val.vector_val.size; j++ )
+			{
+			v->Assign(j, ValueToVal(i, val->val.set_val.vals[j], type, have_error));
+			}
 
 		Unref(vt);
 		return v;
@@ -2216,25 +2303,29 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type)
 	case TYPE_ENUM: {
 		// Convert to string first to not have to deal with missing
 		// \0's...
-		string module_string(val->val.string_val.data, val->val.string_val.length);
-		string var_string(val->val.string_val.data, val->val.string_val.length);
+		string enum_string(val->val.string_val.data, val->val.string_val.length);
 
-		string module = extract_module_name(module_string.c_str());
-		string var = extract_var_name(var_string.c_str());
+		string module = extract_module_name(enum_string.c_str());
+		string var = extract_var_name(enum_string.c_str());
 
 		// Well, this is kind of stupid, because EnumType just
 		// mangles the module name and the var name together again...
 		// but well.
 		bro_int_t index = request_type->AsEnumType()->Lookup(module, var.c_str());
 		if ( index == -1 )
-			reporter->InternalError("Value not found in enum mappimg. Module: %s, var: %s, var size: %zu",
-			                        module.c_str(), var.c_str(), var.size());
+			{
+			reporter->Error("Value not '%s' for stream '%s' is not a valid enum.",
+			                        enum_string.c_str(), i->name.c_str());
+
+			have_error = true;
+			return 0;
+			}
 
 		return new EnumVal(index, request_type->Ref()->AsEnumType());
 		}
 
 	default:
-		reporter->InternalError("unsupported type for input_read");
+		reporter->InternalError("Unsupported type for input_read in stream %s", i->name.c_str());
 	}
 
 	assert(false);
diff --git a/src/input/Manager.h b/src/input/Manager.h
index cfac803129..d61ed3a485 100644
--- a/src/input/Manager.h
+++ b/src/input/Manager.h
@@ -129,7 +129,7 @@ protected:
 	// Allows readers to directly send Bro events. The num_vals and vals
 	// must be the same the named event expects. Takes ownership of
 	// threading::Value fields.
-	bool SendEvent(const string& name, const int num_vals, threading::Value* *vals);
+	bool SendEvent(ReaderFrontend* reader, const string& name, const int num_vals, threading::Value* *vals);
 
 	// Instantiates a new ReaderBackend of the given type (note that
 	// doing so creates a new thread!).
@@ -205,14 +205,14 @@ private:
 
 	// Convert Threading::Value to an internal Bro Type (works also with
 	// Records).
-	Val* ValueToVal(const threading::Value* val, BroType* request_type);
+	Val* ValueToVal(const Stream* i, const threading::Value* val, BroType* request_type, bool& have_error);
 
 	// Convert Threading::Value to an internal Bro List type.
-	Val* ValueToIndexVal(int num_fields, const RecordType* type, const threading::Value* const *vals);
+	Val* ValueToIndexVal(const Stream* i, int num_fields, const RecordType* type, const threading::Value* const *vals, bool& have_error);
 
 	// Converts a threading::value to a record type. Mostly used by
 	// ValueToVal.
-	RecordVal* ValueToRecordVal(const threading::Value* const *vals, RecordType *request_type, int* position);
+	RecordVal* ValueToRecordVal(const Stream* i, const threading::Value* const *vals, RecordType *request_type, int* position, bool& have_error);
 
 	Val* RecordValToIndexVal(RecordVal *r);
 
diff --git a/src/input/ReaderBackend.cc b/src/input/ReaderBackend.cc
index 72043c5932..685ada56aa 100644
--- a/src/input/ReaderBackend.cc
+++ b/src/input/ReaderBackend.cc
@@ -64,7 +64,7 @@ public:
 
 	virtual bool Process()
 		{
-		bool success = input_mgr->SendEvent(name, num_vals, val);
+		bool success = input_mgr->SendEvent(Object(), name, num_vals, val);
 
 		if ( ! success )
 			reporter->Error("SendEvent for event %s failed", name);
diff --git a/src/input/readers/raw/Raw.cc b/src/input/readers/raw/Raw.cc
index 259792cb3f..2aae96abf7 100644
--- a/src/input/readers/raw/Raw.cc
+++ b/src/input/readers/raw/Raw.cc
@@ -8,6 +8,7 @@
 #include <fcntl.h>
 #include <errno.h>
 #include <signal.h>
+#include <stdlib.h>
 
 #include "Raw.h"
 #include "Plugin.h"
@@ -33,6 +34,7 @@ Raw::Raw(ReaderFrontend *frontend) : ReaderBackend(frontend)
 	firstrun = true;
 	mtime = 0;
 	forcekill = false;
+	offset = 0;
 	separator.assign( (const char*) BifConst::InputRaw::record_separator->Bytes(),
 			  BifConst::InputRaw::record_separator->Len());
 
@@ -298,6 +300,17 @@ bool Raw::OpenInput()
 			Warning(Fmt("Init: cannot set close-on-exec for %s", fname.c_str()));
 		}
 
+		if ( offset )
+			{
+			int whence = (offset > 0) ? SEEK_SET : SEEK_END;
+			if ( fseek(file, offset, whence) < 0 )
+				{
+				char buf[256];
+				strerror_r(errno, buf, sizeof(buf));
+				Error(Fmt("Seek failed in init: %s", buf));
+				}
+			}
+
 	return true;
 	}
 
@@ -377,6 +390,20 @@ bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fie
 		forcekill = true;
 		}
 
+	it = info.config.find("offset"); // we want to seek to a given offset inside the file
+	if ( it != info.config.end() && ! execute && (Info().mode == MODE_STREAM || Info().mode == MODE_MANUAL) )
+		{
+		string offset_s = it->second;
+		offset = strtoll(offset_s.c_str(), 0, 10);
+		if ( offset < 0 )
+			offset++; // we want -1 to be the end of the file
+		}
+	else if ( it != info.config.end() )
+		{
+		Error("Offset only is supported for MODE_STREAM and MODE_MANUAL; it is also not supported when executing a command");
+		return false;
+		}
+
 	if ( num_fields != want_fields )
 		{
 		Error(Fmt("Filter for raw reader contains wrong number of fields -- got %d, expected %d. "
diff --git a/src/input/readers/raw/Raw.h b/src/input/readers/raw/Raw.h
index 06568a6296..f08d22beca 100644
--- a/src/input/readers/raw/Raw.h
+++ b/src/input/readers/raw/Raw.h
@@ -65,6 +65,8 @@ private:
 
 	bool forcekill;
 
+	int64_t offset;
+
 	int pipes[6];
 	pid_t childpid;
 
diff --git a/src/iosource/Manager.cc b/src/iosource/Manager.cc
index f71807dcbe..fccdbadb4a 100644
--- a/src/iosource/Manager.cc
+++ b/src/iosource/Manager.cc
@@ -24,6 +24,7 @@ Manager::~Manager()
 	for ( SourceList::iterator i = sources.begin(); i != sources.end(); ++i )
 		{
 		(*i)->src->Done();
+		delete (*i)->src;
 		delete *i;
 		}
 
@@ -183,9 +184,24 @@ finished:
 
 void Manager::Register(IOSource* src, bool dont_count)
 	{
+	// First see if we already have registered that source. If so, just
+	// adjust dont_count.
+	for ( SourceList::iterator i = sources.begin(); i != sources.end(); ++i )
+		{
+		if ( (*i)->src == src )
+			{
+			if ( (*i)->dont_count != dont_count )
+				// Adjust the global counter.
+				dont_counts += (dont_count ? 1 : -1);
+
+			return;
+			}
+		}
+
 	src->Init();
 	Source* s = new Source;
 	s->src = src;
+	s->dont_count = dont_count;
 	if ( dont_count )
 		++dont_counts;
 
diff --git a/src/iosource/Manager.h b/src/iosource/Manager.h
index fb4f6676b6..e25b940bca 100644
--- a/src/iosource/Manager.h
+++ b/src/iosource/Manager.h
@@ -29,7 +29,9 @@ public:
 	~Manager();
 
 	/**
-	 * Registers an IOSource with the manager.
+	 * Registers an IOSource with the manager. If the source is already
+	 * registered, the method will update its *dont_count* value but not
+	 * do anything else.
 	 *
 	 * @param src The source. The manager takes ownership.
 	 *
@@ -117,6 +119,7 @@ private:
 		FD_Set fd_read;
 		FD_Set fd_write;
 		FD_Set fd_except;
+		bool dont_count;
 
 		bool Ready(fd_set* read, fd_set* write, fd_set* except) const
 			{ return fd_read.Ready(read) || fd_write.Ready(write) ||
diff --git a/src/iosource/PktSrc.h b/src/iosource/PktSrc.h
index 378ac3f5ee..2400219fd0 100644
--- a/src/iosource/PktSrc.h
+++ b/src/iosource/PktSrc.h
@@ -38,7 +38,12 @@ public:
 		 */
 		unsigned int link;
 
-		Stats()	{ received = dropped = link = 0; }
+		/**
+		  * Bytes received by source after filtering (w/o drops).
+		*/
+		uint64 bytes_received;
+
+		Stats()	{ received = dropped = link = bytes_received = 0; }
 	};
 
 	/**
diff --git a/src/iosource/pcap/Plugin.cc b/src/iosource/pcap/Plugin.cc
index f0490e6e3d..af74b16ead 100644
--- a/src/iosource/pcap/Plugin.cc
+++ b/src/iosource/pcap/Plugin.cc
@@ -17,7 +17,7 @@ public:
 
 		plugin::Configuration config;
 		config.name = "Bro::Pcap";
-		config.description = "Packet aquisition via libpcap";
+		config.description = "Packet acquisition via libpcap";
 		return config;
 		}
 } plugin;
diff --git a/src/iosource/pcap/Source.cc b/src/iosource/pcap/Source.cc
index a68f0ca322..7645903c2a 100644
--- a/src/iosource/pcap/Source.cc
+++ b/src/iosource/pcap/Source.cc
@@ -180,6 +180,8 @@ bool PcapSource::ExtractNextPacket(Packet* pkt)
 	last_hdr = current_hdr;
 	last_data = data;
 	++stats.received;
+	stats.bytes_received += current_hdr.len;
+
 	return true;
 	}
 
@@ -219,7 +221,7 @@ bool PcapSource::SetFilter(int index)
 
 #ifndef HAVE_LINUX
 	// Linux doesn't clear counters when resetting filter.
-	stats.received = stats.dropped = stats.link = 0;
+	stats.received = stats.dropped = stats.link = stats.bytes_received = 0;
 #endif
 
 	return true;
@@ -230,7 +232,7 @@ void PcapSource::Statistics(Stats* s)
 	char errbuf[PCAP_ERRBUF_SIZE];
 
 	if ( ! (props.is_live && pd) )
-		s->received = s->dropped = s->link = 0;
+		s->received = s->dropped = s->link = s->bytes_received = 0;
 
 	else
 		{
@@ -238,7 +240,7 @@ void PcapSource::Statistics(Stats* s)
 		if ( pcap_stats(pd, &pstat) < 0 )
 			{
 			PcapError();
-			s->received = s->dropped = s->link = 0;
+			s->received = s->dropped = s->link = s->bytes_received = 0;
 			}
 
 		else
@@ -249,6 +251,7 @@ void PcapSource::Statistics(Stats* s)
 		}
 
 	s->received = stats.received;
+	s->bytes_received = stats.bytes_received;
 
 	if ( ! props.is_live )
 		s->dropped = 0;
diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc
index 1fe5db3b26..9db43518ed 100644
--- a/src/logging/Manager.cc
+++ b/src/logging/Manager.cc
@@ -16,6 +16,10 @@
 #include "WriterBackend.h"
 #include "logging.bif.h"
 
+#ifdef ENABLE_BROKER
+#include "broker/Manager.h"
+#endif
+
 using namespace logging;
 
 struct Manager::Filter {
@@ -69,6 +73,11 @@ struct Manager::Stream {
 
 	WriterMap writers;	// Writers indexed by id/path pair.
 
+#ifdef ENABLE_BROKER
+	bool enable_remote;
+	int remote_flags;
+#endif
+
 	~Stream();
 	};
 
@@ -287,6 +296,11 @@ bool Manager::CreateStream(EnumVal* id, RecordVal* sval)
 	streams[idx]->event = event ? event_registry->Lookup(event->Name()) : 0;
 	streams[idx]->columns = columns->Ref()->AsRecordType();
 
+#ifdef ENABLE_BROKER
+	streams[idx]->enable_remote = internal_val("Log::enable_remote_logging")->AsBool();
+	streams[idx]->remote_flags = broker::PEERS;
+#endif
+
 	DBG_LOG(DBG_LOGGING, "Created new logging stream '%s', raising event %s",
 		streams[idx]->name.c_str(), event ? streams[idx]->event->Name() : "<none>");
 
@@ -828,6 +842,12 @@ bool Manager::Write(EnumVal* id, RecordVal* columns)
 #endif
 		}
 
+#ifdef ENABLE_BROKER
+	if ( stream->enable_remote &&
+	     ! broker_mgr->Log(id, columns, stream->columns, stream->remote_flags) )
+			stream->enable_remote = false;
+#endif
+
 	Unref(columns);
 
 	if ( error )
@@ -1206,6 +1226,53 @@ void Manager::Terminate()
 		}
 	}
 
+#ifdef ENABLE_BROKER
+
+bool Manager::EnableRemoteLogs(EnumVal* stream_id, int flags)
+	{
+	auto stream = FindStream(stream_id);
+
+	if ( ! stream )
+		return false;
+
+	stream->enable_remote = true;
+	stream->remote_flags = flags;
+	return true;
+	}
+
+bool Manager::DisableRemoteLogs(EnumVal* stream_id)
+	{
+	auto stream = FindStream(stream_id);
+
+	if ( ! stream )
+		return false;
+
+	stream->enable_remote = false;
+	return true;
+	}
+
+bool Manager::RemoteLogsAreEnabled(EnumVal* stream_id)
+	{
+	auto stream = FindStream(stream_id);
+
+	if ( ! stream )
+		return false;
+
+	return stream->enable_remote;
+	}
+
+RecordType* Manager::StreamColumns(EnumVal* stream_id)
+	{
+	auto stream = FindStream(stream_id);
+
+	if ( ! stream )
+		return nullptr;
+
+	return stream->columns;
+	}
+
+#endif
+
 // Timer which on dispatching rotates the filter.
 class RotationTimer : public Timer {
 public:
diff --git a/src/logging/Manager.h b/src/logging/Manager.h
index b8264927a3..5d3372fb9b 100644
--- a/src/logging/Manager.h
+++ b/src/logging/Manager.h
@@ -157,6 +157,34 @@ public:
 	 */
 	void Terminate();
 
+#ifdef ENABLE_BROKER
+	/**
+	 * Enable remote logs for a given stream.
+	 * @param stream_id the stream to enable remote logs for.
+	 * @param flags tune behavior of how log entries are sent to peer endpoints.
+	 * @return true if remote logs are enabled.
+	 */
+	bool EnableRemoteLogs(EnumVal* stream_id, int flags);
+
+	/**
+	 * Disable remote logs for a given stream.
+	 * @param stream_id the stream to disable remote logs for.
+	 * @return true if remote logs are disabled.
+	 */
+	bool DisableRemoteLogs(EnumVal* stream_id);
+
+	/**
+	 * @return true if remote logs are enabled for a given stream.
+	 */
+	bool RemoteLogsAreEnabled(EnumVal* stream_id);
+
+	/**
+	 * @return the type which corresponds to the columns in a log entry for
+	 * a given log stream.
+	 */
+	RecordType* StreamColumns(EnumVal* stream_id);
+#endif
+
 protected:
 	friend class WriterFrontend;
 	friend class RotationFinishedMessage;
diff --git a/src/logging/writers/ascii/Ascii.cc b/src/logging/writers/ascii/Ascii.cc
index a27553916f..d6f5daa7e7 100644
--- a/src/logging/writers/ascii/Ascii.cc
+++ b/src/logging/writers/ascii/Ascii.cc
@@ -181,10 +181,9 @@ bool Ascii::InitFormatter()
 Ascii::~Ascii()
 	{
 	if ( ! ascii_done )
-		{
-		fprintf(stderr, "internal error: finish missing\n");
-		abort();
-		}
+		// In case of errors aborting the logging altogether,
+		// DoFinish() may not have been called.
+		CloseFile(network_time);
 
 	delete formatter;
 	}
diff --git a/src/main.cc b/src/main.cc
index 15aea3d3fe..61cc35f198 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -63,6 +63,10 @@ extern "C" void OPENSSL_add_all_algorithms_conf(void);
 
 #include "3rdparty/sqlite3.h"
 
+#ifdef ENABLE_BROKER
+#include "broker/Manager.h"
+#endif
+
 Brofiler brofiler;
 
 #ifndef HAVE_STRSEP
@@ -81,9 +85,6 @@ int perftools_leaks = 0;
 int perftools_profile = 0;
 #endif
 
-const char* prog;
-char* writefile = 0;
-name_list prefixes;
 DNS_Mgr* dns_mgr;
 TimerMgr* timer_mgr;
 logging::Manager* log_mgr = 0;
@@ -94,6 +95,13 @@ analyzer::Manager* analyzer_mgr = 0;
 file_analysis::Manager* file_mgr = 0;
 broxygen::Manager* broxygen_mgr = 0;
 iosource::Manager* iosource_mgr = 0;
+#ifdef ENABLE_BROKER
+bro_broker::Manager* broker_mgr = 0;
+#endif
+
+const char* prog;
+char* writefile = 0;
+name_list prefixes;
 Stmt* stmts;
 EventHandlerPtr net_done = 0;
 RuleMatcher* rule_matcher = 0;
@@ -107,9 +115,7 @@ ProfileLogger* profiling_logger = 0;
 ProfileLogger* segment_logger = 0;
 SampleLogger* sample_logger = 0;
 int signal_val = 0;
-int optimize = 0;
 int do_notice_analysis = 0;
-int rule_bench = 0;
 extern char version[];
 char* command_line_policy = 0;
 vector<string> params;
@@ -171,8 +177,6 @@ void usage()
 	fprintf(stderr, "    -i|--iface <interface>         | read from given interface\n");
 	fprintf(stderr, "    -p|--prefix <prefix>           | add given prefix to policy file resolution\n");
 	fprintf(stderr, "    -r|--readfile <readfile>       | read from given tcpdump file\n");
-	fprintf(stderr, "    -y|--flowfile <file>[=<ident>] | read from given flow file\n");
-	fprintf(stderr, "    -Y|--netflow <ip>:<prt>[=<id>] | read flow from socket\n");
 	fprintf(stderr, "    -s|--rulefile <rulefile>       | read rules from given file\n");
 	fprintf(stderr, "    -t|--tracefile <tracefile>     | activate execution tracing\n");
 	fprintf(stderr, "    -w|--writefile <writefile>     | write to given tcpdump file\n");
@@ -180,16 +184,14 @@ void usage()
 	fprintf(stderr, "    -x|--print-state <file.bst>    | print contents of state file\n");
 	fprintf(stderr, "    -z|--analyze <analysis>        | run the specified policy file analysis\n");
 #ifdef DEBUG
-	fprintf(stderr, "    -B|--debug <dbgstreams>        | Enable debugging output for selected streams\n");
+	fprintf(stderr, "    -B|--debug <dbgstreams>        | Enable debugging output for selected streams ('-B help' for help)\n");
 #endif
 	fprintf(stderr, "    -C|--no-checksums              | ignore checksums\n");
-	fprintf(stderr, "    -D|--dfa-size <size>           | DFA state cache size\n");
 	fprintf(stderr, "    -F|--force-dns                 | force DNS\n");
 	fprintf(stderr, "    -I|--print-id <ID name>        | print out given ID\n");
+	fprintf(stderr, "    -J|--set-seed <seed>           | set the random number seed\n");
 	fprintf(stderr, "    -K|--md5-hashkey <hashkey>     | set key for MD5-keyed hashing\n");
-	fprintf(stderr, "    -L|--rule-benchmark            | benchmark for rules\n");
 	fprintf(stderr, "    -N|--print-plugins             | print available plugins and exit (-NN for verbose)\n");
-	fprintf(stderr, "    -O|--optimize                  | optimize policy script\n");
 	fprintf(stderr, "    -P|--prime-dns                 | prime DNS\n");
 	fprintf(stderr, "    -Q|--time                      | print execution time summary to stderr\n");
 	fprintf(stderr, "    -R|--replay <events.bst>       | replay events\n");
@@ -197,7 +199,7 @@ void usage()
 	fprintf(stderr, "    -T|--re-level <level>          | set 'RE_level' for rules\n");
 	fprintf(stderr, "    -U|--status-file <file>        | Record process status in file\n");
 	fprintf(stderr, "    -W|--watchdog                  | activate watchdog timer\n");
-	fprintf(stderr, "    -X|--broxygen                  | generate documentation based on config file\n");
+	fprintf(stderr, "    -X|--broxygen <cfgfile>        | generate documentation based on config file\n");
 
 #ifdef USE_PERFTOOLS_DEBUG
 	fprintf(stderr, "    -m|--mem-leaks                 | show leaks  [perftools]\n");
@@ -480,8 +482,6 @@ int main(int argc, char** argv)
 		{"broxygen",		required_argument,		0,	'X'},
 		{"prefix",		required_argument,	0,	'p'},
 		{"readfile",		required_argument,	0,	'r'},
-		{"flowfile",		required_argument,	0,	'y'},
-		{"netflow",		required_argument,	0,	'Y'},
 		{"rulefile",		required_argument,	0,	's'},
 		{"tracefile",		required_argument,	0,	't'},
 		{"writefile",		required_argument,	0,	'w'},
@@ -489,19 +489,17 @@ int main(int argc, char** argv)
 		{"print-state",		required_argument,	0,	'x'},
 		{"analyze",		required_argument,	0,	'z'},
 		{"no-checksums",	no_argument,		0,	'C'},
-		{"dfa-cache",		required_argument,	0,	'D'},
 		{"force-dns",		no_argument,		0,	'F'},
 		{"load-seeds",		required_argument,	0,	'G'},
 		{"save-seeds",		required_argument,	0,	'H'},
 		{"set-seed",		required_argument,	0,	'J'},
 		{"md5-hashkey",		required_argument,	0,	'K'},
-		{"rule-benchmark",	no_argument,		0,	'L'},
 		{"print-plugins",	no_argument,		0,	'N'},
-		{"optimize",		no_argument,		0,	'O'},
 		{"prime-dns",		no_argument,		0,	'P'},
+		{"time",		no_argument,		0,	'Q'},
 		{"replay",		required_argument,	0,	'R'},
 		{"debug-rules",		no_argument,		0,	'S'},
-		{"re-level",		required_argument,	0,	'R'},
+		{"re-level",		required_argument,	0,	'T'},
 		{"watchdog",		no_argument,		0,	'W'},
 		{"print-id",		required_argument,	0,	'I'},
 		{"status-file",		required_argument,	0,	'U'},
@@ -549,7 +547,7 @@ int main(int argc, char** argv)
 	opterr = 0;
 
 	char opts[256];
-	safe_strncpy(opts, "B:D:e:f:I:i:K:l:n:p:R:r:s:T:t:U:w:x:X:z:CFGLNOPSWabdghvZQ",
+	safe_strncpy(opts, "B:e:f:I:i:J:K:n:p:R:r:s:T:t:U:w:x:X:z:CFNPSWabdghvQ",
 		     sizeof(opts));
 
 #ifdef USE_PERFTOOLS_DEBUG
@@ -623,10 +621,6 @@ int main(int argc, char** argv)
 			override_ignore_checksums = 1;
 			break;
 
-		case 'D':
-			dfa_state_cache_size = atoi(optarg);
-			break;
-
 		case 'E':
 			pseudo_realtime = 1.0;
 			if ( optarg )
@@ -660,18 +654,10 @@ int main(int argc, char** argv)
 			hmac_key_set = 1;
 			break;
 
-		case 'L':
-			++rule_bench;
-			break;
-
 		case 'N':
 			++print_plugins;
 			break;
 
-		case 'O':
-			optimize = 1;
-			break;
-
 		case 'P':
 			if ( dns_type != DNS_DEFAULT )
 				usage();
@@ -851,6 +837,10 @@ int main(int argc, char** argv)
 	input_mgr = new input::Manager();
 	file_mgr = new file_analysis::Manager();
 
+#ifdef ENABLE_BROKER
+	broker_mgr = new bro_broker::Manager();
+#endif
+
 	plugin_mgr->InitPreScript();
 	analyzer_mgr->InitPreScript();
 	file_mgr->InitPreScript();
diff --git a/src/parse.y b/src/parse.y
index 8054718d45..c67732835f 100644
--- a/src/parse.y
+++ b/src/parse.y
@@ -272,9 +272,6 @@ static bool has_attr(const attr_list* al, attr_tag tag)
 bro:
 		decl_list stmt_list
 			{
-			if ( optimize )
-				$2 = $2->Simplify();
-
 			if ( stmts )
 				stmts->AsStmtList()->Stmts().append($2);
 			else
@@ -1173,9 +1170,6 @@ func_body:
 
 		'}'
 			{
-			if ( optimize )
-				$4 = $4->Simplify();
-
 			end_func($4, $1);
 			}
 	;
diff --git a/src/plugin/Manager.cc b/src/plugin/Manager.cc
index b891a0faab..8e58c1296b 100644
--- a/src/plugin/Manager.cc
+++ b/src/plugin/Manager.cc
@@ -143,6 +143,17 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_
 		if ( ok_if_not_found )
 			return true;
 
+		// Check if it's a static built-in plugin; they are always
+		// active, so just ignore. Not the most efficient way, but
+		// this should be rare to begin with.
+		plugin_list* all_plugins = Manager::ActivePluginsInternal();
+
+		for ( plugin::Manager::plugin_list::const_iterator i = all_plugins->begin(); i != all_plugins->end(); i++ )
+			{
+			if ( (*i)->Name() == name )
+				return true;
+			}
+
 		reporter->Error("plugin %s is not available", name.c_str());
 		return false;
 		}
@@ -333,7 +344,7 @@ void Manager::InitPreScript()
 	assert(! init);
 
 	for ( plugin_list::iterator i = Manager::ActivePluginsInternal()->begin();
-          i != Manager::ActivePluginsInternal()->end(); i++ )
+	      i != Manager::ActivePluginsInternal()->end(); i++ )
 		{
 		Plugin* plugin = *i;
 		plugin->DoConfigure();
@@ -348,7 +359,7 @@ void Manager::InitBifs()
 	bif_init_func_map* bifs = BifFilesInternal();
 
 	for ( plugin_list::iterator i = Manager::ActivePluginsInternal()->begin();
-          i != Manager::ActivePluginsInternal()->end(); i++ )
+	      i != Manager::ActivePluginsInternal()->end(); i++ )
 		{
 		bif_init_func_map::const_iterator b = bifs->find(strtolower((*i)->Name()));
 
@@ -365,7 +376,7 @@ void Manager::InitPostScript()
 	assert(init);
 
 	for ( plugin_list::iterator i = Manager::ActivePluginsInternal()->begin();
-          i != Manager::ActivePluginsInternal()->end(); i++ )
+	      i != Manager::ActivePluginsInternal()->end(); i++ )
 		(*i)->InitPostScript();
 	}
 
@@ -374,7 +385,7 @@ void Manager::FinishPlugins()
 	assert(init);
 
 	for ( plugin_list::iterator i = Manager::ActivePluginsInternal()->begin();
-          i != Manager::ActivePluginsInternal()->end(); i++ )
+	      i != Manager::ActivePluginsInternal()->end(); i++ )
 		(*i)->Done();
 
 	Manager::ActivePluginsInternal()->clear();
@@ -507,13 +518,13 @@ void Manager::DisableHook(HookType hook, Plugin* plugin)
 void Manager::RequestEvent(EventHandlerPtr handler, Plugin* plugin)
 	{
 	DBG_LOG(DBG_PLUGINS, "Plugin %s requested event %s",
-            plugin->Name().c_str(), handler->Name());
+	        plugin->Name().c_str(), handler->Name());
 	handler->SetGenerateAlways();
 	}
 
 void Manager::RequestBroObjDtor(BroObj* obj, Plugin* plugin)
 	{
-    obj->NotifyPluginsOnDtor();
+	obj->NotifyPluginsOnDtor();
 	}
 
 int Manager::HookLoadFile(const string& file)
@@ -561,31 +572,34 @@ int Manager::HookLoadFile(const string& file)
 	return rc;
 	}
 
-Val* Manager::HookCallFunction(const Func* func, val_list* vargs) const
+std::pair<bool, Val*> Manager::HookCallFunction(const Func* func, Frame* parent, val_list* vargs) const
 	{
 	HookArgumentList args;
 
 	if ( HavePluginForHook(META_HOOK_PRE) )
 		{
 		args.push_back(HookArgument(func));
+		args.push_back(HookArgument(parent));
 		args.push_back(HookArgument(vargs));
 		MetaHookPre(HOOK_CALL_FUNCTION, args);
 		}
 
 	hook_list* l = hooks[HOOK_CALL_FUNCTION];
 
-	Val* v = 0;
+	std::pair<bool, Val*> v = std::pair<bool, Val*>(false, NULL);
 
 	if ( l )
+		{
 		for ( hook_list::iterator i = l->begin(); i != l->end(); ++i )
 			{
 			Plugin* p = (*i).second;
 
-			v = p->HookCallFunction(func, vargs);
+			v = p->HookCallFunction(func, parent, vargs);
 
-			if ( v )
+			if ( v.first )
 				break;
 			}
+		}
 
 	if ( HavePluginForHook(META_HOOK_POST) )
 		MetaHookPost(HOOK_CALL_FUNCTION, args, HookArgument(v));
@@ -673,7 +687,7 @@ void Manager::HookBroObjDtor(void* obj) const
 	{
 	HookArgumentList args;
 
-        if ( HavePluginForHook(META_HOOK_PRE) )
+	if ( HavePluginForHook(META_HOOK_PRE) )
 		{
 		args.push_back(obj);
 		MetaHookPre(HOOK_BRO_OBJ_DTOR, args);
diff --git a/src/plugin/Manager.h b/src/plugin/Manager.h
index 39a2f7f887..db812b6a8c 100644
--- a/src/plugin/Manager.h
+++ b/src/plugin/Manager.h
@@ -3,6 +3,7 @@
 #ifndef PLUGIN_MANAGER_H
 #define PLUGIN_MANAGER_H
 
+#include <utility>
 #include <map>
 
 #include "Plugin.h"
@@ -244,7 +245,7 @@ public:
 	 * functions and events, it may be any Val and must be ignored). If no
 	 * plugin handled the call, the method returns null.
 	 */
-	Val* HookCallFunction(const Func* func, val_list* args) const;
+	std::pair<bool, Val*> HookCallFunction(const Func* func, Frame *parent, val_list* args) const;
 
 	/**
 	 * Hook that filters the queuing of an event.
diff --git a/src/plugin/Plugin.cc b/src/plugin/Plugin.cc
index 8aaadc1ec7..f05378eb84 100644
--- a/src/plugin/Plugin.cc
+++ b/src/plugin/Plugin.cc
@@ -83,6 +83,26 @@ void HookArgument::Describe(ODesc* d) const
 			d->Add("<null>");
 		break;
 
+	case FUNC_RESULT:
+		if ( func_result.first )
+			{
+			if( func_result.second )
+				func_result.second->Describe(d);
+			else
+				d->Add("<null>");
+			}
+		else
+			d->Add("<no result>");
+
+		break;
+
+	case FRAME:
+		if ( arg.frame )
+			d->Add("<frame>");
+		else
+			d->Add("<null>");
+		break;
+
 	case FUNC:
 		if ( arg.func )
 			d->Add(arg.func->Name());
@@ -199,7 +219,7 @@ void Plugin::InitPostScript()
 
 Plugin::bif_item_list Plugin::BifItems() const
 	{
-    return bif_items;
+	return bif_items;
 	}
 
 void Plugin::Done()
@@ -271,9 +291,10 @@ int Plugin::HookLoadFile(const std::string& file, const std::string& ext)
 	return -1;
 	}
 
-Val* Plugin::HookCallFunction(const Func* func, val_list* args)
+std::pair<bool, Val*> Plugin::HookCallFunction(const Func* func, Frame *parent, val_list* args)
 	{
-	return 0;
+	std::pair<bool, Val*> result(false, NULL);
+	return result;
 	}
 
 bool Plugin::HookQueueEvent(Event* event)
diff --git a/src/plugin/Plugin.h b/src/plugin/Plugin.h
index ccda20054c..32359b4686 100644
--- a/src/plugin/Plugin.h
+++ b/src/plugin/Plugin.h
@@ -5,6 +5,7 @@
 
 #include <list>
 #include <string>
+#include <utility>
 
 #include "config.h"
 #include "analyzer/Component.h"
@@ -156,7 +157,7 @@ public:
 	 * Type of the argument.
 	 */
 	enum Type {
-		BOOL, DOUBLE, EVENT, FUNC, INT, STRING, VAL, VAL_LIST, VOID, VOIDP,
+		BOOL, DOUBLE, EVENT, FRAME, FUNC, FUNC_RESULT, INT, STRING, VAL, VAL_LIST, VOID, VOIDP
 	};
 
 	/**
@@ -209,6 +210,16 @@ public:
 	 */
 	HookArgument(void* p)	{ type = VOIDP; arg.voidp = p; }
 
+	/**
+	 * Constructor with a function result argument.
+	 */
+	HookArgument(std::pair<bool, Val*> fresult)	{ type = FUNC_RESULT; func_result = fresult; }
+
+	/**
+	 * Constructor with a Frame argument.
+	 */
+	HookArgument(Frame* f)	{ type = FRAME; arg.frame = f; }
+
 	/**
 	 * Returns the value for a boolen argument. The argument's type must
 	 * match accordingly.
@@ -251,6 +262,18 @@ public:
 	 */
 	const Val* AsVal() const	{ assert(type == VAL); return arg.val; }
 
+	/**
+	 * Returns the value for a Bro wrapped value argument.  The argument's type must
+	 * match accordingly.
+	 */
+	const std::pair<bool, Val*> AsFuncResult() const { assert(type == FUNC_RESULT); return func_result; }
+
+	/**
+	 * Returns the value for a Bro frame argument.  The argument's type must
+	 * match accordingly.
+	 */
+	const Frame* AsFrame() const { assert(type == FRAME); return arg.frame; }
+
 	/**
 	 * Returns the value for a list of Bro values argument. The argument's type must
 	 * match accordingly.
@@ -282,13 +305,16 @@ private:
 		double double_;
 		const Event* event;
 		const Func* func;
+		const Frame* frame;
 		int int_;
 		const Val* val;
 		const val_list* vals;
 		const void* voidp;
 	} arg;
 
-	std::string arg_string; // Outside union because it has dtor.
+	// Outside union because these have dtors.
+	std::pair<bool, Val*> func_result;
+	std::string arg_string;
 };
 
 typedef std::list<HookArgument> HookArgumentList;
@@ -512,7 +538,7 @@ protected:
 	 * actually has code to execute for it. By calling this method, the
 	 * plugin tells Bro to raise the event even if there's no correspondong
 	 * handler; it will then go into HookQueueEvent() just as any other.
-     *
+	 *
 	 * @param handler The event handler being interested in.
 	 */
 	void RequestEvent(EventHandlerPtr handler);
@@ -568,13 +594,13 @@ protected:
 	 * in place as long as it ensures matching types and correct reference
 	 * counting.
 	 *
-	 * @return If the plugin handled the call, a Val with +1 reference
-	 * count containixnmg the result value to pass back to the interpreter
-	 * (for void functions and events any \a Val is fine; it will be
-	 * ignored; best to use a \c TYPE_ANY). If the plugin did not handle
-	 * the call, it must return null.
+	 * @return If the plugin handled the call, a std::pair<bool, Val*> with the
+	 * processed flag set to true, and a value set on the object with
+	 * a+1 reference count containing the result value to pass back to the
+	 * interpreter.  If the plugin did not handle the call, it must
+	 * return a pair with the processed flag set to 'false'.
 	 */
-	virtual Val* HookCallFunction(const Func* func, val_list* args);
+	virtual std::pair<bool, Val*> HookCallFunction(const Func* func, Frame *parent, val_list* args);
 
 	/**
 	 * Hook into raising events. Whenever the script interpreter is about
@@ -606,7 +632,7 @@ protected:
 	 * Hook for updates to network time. This method will be called
 	 * whenever network time is advanced.
 	 *
-	 * @param networkt_time The new network time.
+	 * @param network_time The new network time.
 	 */
 	virtual void HookUpdateNetworkTime(double network_time);
 
diff --git a/src/scan.l b/src/scan.l
index b13215e4b8..a6e37a67f7 100644
--- a/src/scan.l
+++ b/src/scan.l
@@ -56,6 +56,11 @@ char last_tok[128];
 	if ( ((result = fread(buf, 1, max_size, yyin)) == 0) && ferror(yyin) ) \
 		reporter->Error("read failed with \"%s\"", strerror(errno));
 
+static void deprecated_attr(const char* attr)
+	{
+	reporter->Warning("Use of deprecated attribute: %s", attr);
+	}
+
 static string find_relative_file(const string& filename, const string& ext)
 	{
 	if ( filename.empty() )
@@ -263,22 +268,50 @@ when	return TOK_WHEN;
 &delete_func	return TOK_ATTR_DEL_FUNC;
 &deprecated	return TOK_ATTR_DEPRECATED;
 &raw_output return TOK_ATTR_RAW_OUTPUT;
-&encrypt	return TOK_ATTR_ENCRYPT;
 &error_handler	return TOK_ATTR_ERROR_HANDLER;
 &expire_func	return TOK_ATTR_EXPIRE_FUNC;
 &log		return TOK_ATTR_LOG;
-&mergeable	return TOK_ATTR_MERGEABLE;
 &optional	return TOK_ATTR_OPTIONAL;
-&persistent	return TOK_ATTR_PERSISTENT;
 &priority	return TOK_ATTR_PRIORITY;
 &type_column	return TOK_ATTR_TYPE_COLUMN;
 &read_expire	return TOK_ATTR_EXPIRE_READ;
 &redef		return TOK_ATTR_REDEF;
-&rotate_interval	return TOK_ATTR_ROTATE_INTERVAL;
-&rotate_size		return TOK_ATTR_ROTATE_SIZE;
-&synchronized	return TOK_ATTR_SYNCHRONIZED;
 &write_expire	return TOK_ATTR_EXPIRE_WRITE;
 
+&encrypt {
+	deprecated_attr(yytext);
+	return TOK_ATTR_ENCRYPT;
+	}
+
+&mergeable {
+	// Not yet deprecated, but soon.
+	//deprecated_attr(yytext);
+	return TOK_ATTR_MERGEABLE;
+	}
+
+&persistent {
+	// Not yet deprecated, but soon.
+	//deprecated_attr(yytext);
+	return TOK_ATTR_PERSISTENT;
+	}
+
+&rotate_interval {
+	deprecated_attr(yytext);
+	return TOK_ATTR_ROTATE_INTERVAL;
+	}
+
+&rotate_size {
+	deprecated_attr(yytext);
+	return TOK_ATTR_ROTATE_SIZE;
+	}
+
+&synchronized  {
+	// Not yet deprecated, but soon.
+	//deprecated_attr(yytext);
+	return TOK_ATTR_SYNCHRONIZED;
+	}
+
+
 @DEBUG	return TOK_DEBUG;	// marks input for debugger
 
 @DIR	{
diff --git a/src/strings.bif b/src/strings.bif
index 1f09667064..80b60a57d0 100644
--- a/src/strings.bif
+++ b/src/strings.bif
@@ -207,6 +207,8 @@ function join_string_array%(sep: string, a: string_array%): string &deprecated
 function join_string_vec%(vec: string_vec, sep: string%): string
 	%{
 	ODesc d;
+	d.SetStyle(RAW_STYLE);
+
 	VectorVal *v = vec->AsVectorVal();
 
 	for ( unsigned i = 0; i < v->Size(); ++i )
@@ -888,12 +890,11 @@ function to_upper%(str: string%): string
 ## Replaces non-printable characters in a string with escaped sequences. The
 ## mappings are:
 ##
-##     - ``NUL`` to ``\0``
-##     - ``DEL`` to ``^?``
-##     - values <= 26 to ``^[A-Z]``
-##     - values not in *[32, 126]* to ``%XX``
+##     - values not in *[32, 126]* to ``\xXX``
 ##
-## If the string does not yet have a trailing NUL, one is added.
+## If the string does not yet have a trailing NUL, one is added internally.
+##
+## In contrast to :bro:id:`escape_string`, this encoding is *not* fully reversible.` 
 ##
 ## str: The string to escape.
 ##
@@ -909,10 +910,9 @@ function clean%(str: string%): string
 ## Replaces non-printable characters in a string with escaped sequences. The
 ## mappings are:
 ##
-##     - ``NUL`` to ``\0``
-##     - ``DEL`` to ``^?``
-##     - values <= 26 to ``^[A-Z]``
-##     - values not in *[32, 126]* to ``%XX``
+##     - values not in *[32, 126]* to ``\xXX``
+##     - ``\`` to ``\\``
+##     - ``'`` and ``""`` to ``\'`` and ``\"``, respectively.
 ##
 ## str: The string to escape.
 ##
@@ -945,17 +945,22 @@ function is_ascii%(str: string%): bool
 	return new Val(1, TYPE_BOOL);
 	%}
 
-## Creates a printable version of a string. This function is the same as
-## :bro:id:`clean` except that non-printable characters are removed.
+## Replaces non-printable characters in a string with escaped sequences. The
+## mappings are:
 ##
-## s: The string to escape.
+##     - values not in *[32, 126]* to ``\xXX``
+##     - ``\`` to ``\\``
+##
+## In contrast to :bro:id:`clean`, this encoding is fully reversible.` 
+##
+## str: The string to escape.
 ##
 ## Returns: The escaped string.
 ##
 ## .. bro:see:: clean to_string_literal
 function escape_string%(s: string%): string
 	%{
-	char* escstr = s->AsString()->Render();
+	char* escstr = s->AsString()->Render(BroString::ESC_HEX | BroString::ESC_ESC);
 	Val* val = new StringVal(escstr);
 	delete [] escstr;
 	return val;
diff --git a/src/types.bif b/src/types.bif
index 99df67c9d5..180112dd8c 100644
--- a/src/types.bif
+++ b/src/types.bif
@@ -163,6 +163,11 @@ type ModbusHeaders: record;
 type ModbusCoils: vector;
 type ModbusRegisters: vector;
 
+type PE::DOSHeader: record;
+type PE::FileHeader: record;
+type PE::OptionalHeader: record;
+type PE::SectionHeader: record;
+
 module Tunnel;
 enum Type %{
 	NONE,
@@ -172,6 +177,7 @@ enum Type %{
 	SOCKS,
 	GTPv1,
 	HTTP,
+	GRE,
 %}
 
 type EncapsulatingConn: record;
diff --git a/src/util.cc b/src/util.cc
index ac2a942ed3..a76ba84de3 100644
--- a/src/util.cc
+++ b/src/util.cc
@@ -141,10 +141,16 @@ ODesc* get_escaped_string(ODesc* d, const char* str, size_t len,
 
 		if ( escape_all || isspace(c) || ! isascii(c) || ! isprint(c) )
 			{
-			char hex[4] = {'\\', 'x', '0', '0' };
-			bytetohex(c, hex + 2);
-			d->AddRaw(hex, 4);
+			if ( c == '\\' )
+				d->AddRaw("\\\\", 2);
+			else
+				{
+				char hex[4] = {'\\', 'x', '0', '0' };
+				bytetohex(c, hex + 2);
+				d->AddRaw(hex, 4);
+				}
 			}
+
 		else
 			d->AddRaw(&c, 1);
 		}
@@ -1352,13 +1358,23 @@ double parse_rotate_base_time(const char* rotate_base_time)
 
 double calc_next_rotate(double current, double interval, double base)
 	{
+	if ( ! interval )
+		{
+		reporter->Error("calc_next_rotate(): interval is zero, falling back to 24hrs");
+		interval = 86400;
+		}
+
 	// Calculate start of day.
 	time_t teatime = time_t(current);
 
 	struct tm t;
-	t = *localtime_r(&teatime, &t);
-	t.tm_hour = t.tm_min = t.tm_sec = 0;
-	double startofday = mktime(&t);
+	if ( ! localtime_r(&teatime, &t) )
+		{
+		reporter->Error("calc_next_rotate(): failure processing current time (%.6f)", current);
+
+		// fall back to the method used if no base time is given
+		base = -1;
+		}
 
 	if ( base < 0 )
 		// No base time given. To get nice timestamps, we round
@@ -1366,6 +1382,9 @@ double calc_next_rotate(double current, double interval, double base)
 		return floor(current / interval) * interval
 			+ interval - current;
 
+	t.tm_hour = t.tm_min = t.tm_sec = 0;
+	double startofday = mktime(&t);
+
 	// current < startofday + base + i * interval <= current + interval
 	return startofday + base +
 		ceil((current - startofday - base) / interval) * interval -
diff --git a/testing/btest/Baseline/bifs.escape_string/out b/testing/btest/Baseline/bifs.escape_string/out
index 6d79533c61..3ea5484cde 100644
--- a/testing/btest/Baseline/bifs.escape_string/out
+++ b/testing/btest/Baseline/bifs.escape_string/out
@@ -1,10 +1,10 @@
 12
-Test \0string
-13
-Test \0string
+Test \x00string
+15
+Test \x00string
+15
+Test \x00string
 15
 Test \x00string
-13
-Test \0string
 24
 546573742000737472696e67
diff --git a/testing/btest/Baseline/bifs.fmt/out b/testing/btest/Baseline/bifs.fmt/out
index 2a28bf333a..5f380c1b22 100644
--- a/testing/btest/Baseline/bifs.fmt/out
+++ b/testing/btest/Baseline/bifs.fmt/out
@@ -35,8 +35,8 @@ test
 */^?(^foo|bar)$?/*
 *      Blue*
 * [1, 2, 3]*
-*{^J^I2,^J^I1,^J^I3^J}*
-*{^J^I[2] = bro,^J^I[1] = test^J}*
+*{\x0a\x092,\x0a\x091,\x0a\x093\x0a}*
+*{\x0a\x09[2] = bro,\x0a\x09[1] = test\x0a}*
 3.100000e+02
 310.000000
 310
@@ -45,11 +45,11 @@ test
 310
 310
 2
-3
-4
+1
 2
 2
-6
+1
 2
 2
-6
+1
+2
diff --git a/testing/btest/Baseline/bifs.hexdump/out b/testing/btest/Baseline/bifs.hexdump/out
index 740435f7ea..1bde3acdad 100644
--- a/testing/btest/Baseline/bifs.hexdump/out
+++ b/testing/btest/Baseline/bifs.hexdump/out
@@ -1 +1 @@
-0000  61 62 63 ff 64 65 66 67  68 69 6a 6b 6c 6d 6e 6f  abc.defg hijklmno^J0010  70 71 72 73 74 75 76 77  78 79 7a                 pqrstuvw xyz^J
+0000  61 62 63 ff 64 65 66 67  68 69 6a 6b 6c 6d 6e 6f  abc.defg hijklmno\x0a0010  70 71 72 73 74 75 76 77  78 79 7a                 pqrstuvw xyz\x0a
diff --git a/testing/btest/Baseline/bifs.hexstr_to_bytestring/out b/testing/btest/Baseline/bifs.hexstr_to_bytestring/out
index ccb9c51e7c..ce17acd828 100644
--- a/testing/btest/Baseline/bifs.hexstr_to_bytestring/out
+++ b/testing/btest/Baseline/bifs.hexstr_to_bytestring/out
@@ -1,4 +1,4 @@
 04
 
-\0
+\x00
 
diff --git a/testing/btest/Baseline/bifs.net_stats_trace/output b/testing/btest/Baseline/bifs.net_stats_trace/output
index 55d6693db5..ed924affa6 100644
--- a/testing/btest/Baseline/bifs.net_stats_trace/output
+++ b/testing/btest/Baseline/bifs.net_stats_trace/output
@@ -1 +1 @@
-[pkts_recvd=136, pkts_dropped=0, pkts_link=0]
+[pkts_recvd=136, pkts_dropped=0, pkts_link=0, bytes_recvd=25260]
diff --git a/testing/btest/Baseline/bifs.netbios-functions/out b/testing/btest/Baseline/bifs.netbios-functions/out
index d849dbff71..4020ef46a0 100644
--- a/testing/btest/Baseline/bifs.netbios-functions/out
+++ b/testing/btest/Baseline/bifs.netbios-functions/out
@@ -4,5 +4,5 @@ WORKGROUP
 27
 ISATAP
 0
-^A^B__MSBROWSE__^B
+\x01\x02__MSBROWSE__\x02
 1
diff --git a/testing/btest/Baseline/bifs.string_fill/out b/testing/btest/Baseline/bifs.string_fill/out
index b15a2d1006..1614cbd5a4 100644
--- a/testing/btest/Baseline/bifs.string_fill/out
+++ b/testing/btest/Baseline/bifs.string_fill/out
@@ -1,3 +1,3 @@
-*\0* 1
-*t\0* 2
-*test test\0* 10
+*\x00* 1
+*t\x00* 2
+*test test\x00* 10
diff --git a/testing/btest/Baseline/bifs.to_count/out b/testing/btest/Baseline/bifs.to_count/out
index a283cbaed3..1b0fa383fa 100644
--- a/testing/btest/Baseline/bifs.to_count/out
+++ b/testing/btest/Baseline/bifs.to_count/out
@@ -7,3 +7,4 @@
 18446744073709551611
 0
 123
+9223372036854775808 and 9223372036854775808 are the same
diff --git a/testing/btest/Baseline/broker.clone_store/clone.clone.out b/testing/btest/Baseline/broker.clone_store/clone.clone.out
new file mode 100644
index 0000000000..570f3f25ca
--- /dev/null
+++ b/testing/btest/Baseline/broker.clone_store/clone.clone.out
@@ -0,0 +1,5 @@
+clone keys, [status=BrokerStore::SUCCESS, result=[d=broker::data{[one, two, myset, myvec]}]]
+lookup, one, [status=BrokerStore::SUCCESS, result=[d=broker::data{111}]]
+lookup, myset, [status=BrokerStore::SUCCESS, result=[d=broker::data{{a, c, d}}]]
+lookup, two, [status=BrokerStore::SUCCESS, result=[d=broker::data{222}]]
+lookup, myvec, [status=BrokerStore::SUCCESS, result=[d=broker::data{[delta, alpha, beta, gamma, omega]}]]
diff --git a/testing/btest/Baseline/broker.clone_store/master.master.out b/testing/btest/Baseline/broker.clone_store/master.master.out
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/testing/btest/Baseline/broker.connection_updates/recv.recv.out b/testing/btest/Baseline/broker.connection_updates/recv.recv.out
new file mode 100644
index 0000000000..714cbfbac4
--- /dev/null
+++ b/testing/btest/Baseline/broker.connection_updates/recv.recv.out
@@ -0,0 +1,2 @@
+BrokerComm::incoming_connection_established, connector
+BrokerComm::incoming_connection_broken, connector
diff --git a/testing/btest/Baseline/broker.connection_updates/send.send.out b/testing/btest/Baseline/broker.connection_updates/send.send.out
new file mode 100644
index 0000000000..61c988d1c8
--- /dev/null
+++ b/testing/btest/Baseline/broker.connection_updates/send.send.out
@@ -0,0 +1 @@
+BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp, listener
diff --git a/testing/btest/Baseline/broker.data/out b/testing/btest/Baseline/broker.data/out
new file mode 100644
index 0000000000..628870144a
--- /dev/null
+++ b/testing/btest/Baseline/broker.data/out
@@ -0,0 +1,99 @@
+BrokerComm::BOOL
+BrokerComm::INT
+BrokerComm::COUNT
+BrokerComm::DOUBLE
+BrokerComm::STRING
+BrokerComm::ADDR
+BrokerComm::SUBNET
+BrokerComm::PORT
+BrokerComm::TIME
+BrokerComm::INTERVAL
+BrokerComm::ENUM
+BrokerComm::SET
+BrokerComm::TABLE
+BrokerComm::VECTOR
+BrokerComm::RECORD
+***************************
+T
+F
+1
+0
+-1
+1
+0
+1.1
+-11.1
+hello
+1.2.3.4
+192.168.0.0/16
+22/tcp
+42.0
+180.0
+BrokerComm::BOOL
+***************************
+{
+two,
+one,
+three
+}
+0
+T
+1
+T
+F
+T
+2
+T
+1
+F
+{
+bye
+}
+0
+***************************
+{
+[two] = 2,
+[one] = 1,
+[three] = 3
+}
+0
+[d=<uninitialized>]
+1
+T
+42
+F
+[d=<uninitialized>]
+2
+[d=broker::data{7}]
+2
+37
+[d=broker::data{42}]
+1
+***************************
+[zero, one, two]
+0
+T
+T
+T
+T
+[hi, salutations, hello, greetings]
+4
+[d=broker::data{hello}]
+[d=broker::data{bah}]
+[d=broker::data{hi}]
+[hi, salutations, bah, greetings]
+[d=broker::data{bah}]
+[hi, salutations, greetings]
+3
+***************************
+[a=<uninitialized>, b=bee, c=1]
+[a=test, b=bee, c=1]
+[a=test, b=testagain, c=1]
+3
+T
+T
+T
+[d=broker::data{hi}]
+[d=broker::data{hello}]
+[d=broker::data{37}]
+3
diff --git a/testing/btest/Baseline/broker.master_store/master.out b/testing/btest/Baseline/broker.master_store/master.out
new file mode 100644
index 0000000000..4208503151
--- /dev/null
+++ b/testing/btest/Baseline/broker.master_store/master.out
@@ -0,0 +1,14 @@
+lookup(two): [status=BrokerStore::SUCCESS, result=[d=broker::data{222}]]
+lookup(four): [status=BrokerStore::SUCCESS, result=[d=<uninitialized>]]
+lookup(myset): [status=BrokerStore::SUCCESS, result=[d=broker::data{{a, c, d}}]]
+lookup(one): [status=BrokerStore::SUCCESS, result=[d=broker::data{111}]]
+lookup(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{[delta, alpha, beta, gamma, omega]}]]
+exists(one): [status=BrokerStore::SUCCESS, result=[d=broker::data{1}]]
+exists(two): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]
+exists(myset): [status=BrokerStore::SUCCESS, result=[d=broker::data{1}]]
+exists(four): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]
+pop_right(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{omega}]]
+pop_left(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{delta}]]
+keys: [status=BrokerStore::SUCCESS, result=[d=broker::data{[myvec, myset, one]}]]
+size: [status=BrokerStore::SUCCESS, result=[d=broker::data{3}]]
+size (after clear): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]
diff --git a/testing/btest/Baseline/broker.remote_event/recv.recv.out b/testing/btest/Baseline/broker.remote_event/recv.recv.out
new file mode 100644
index 0000000000..7dab0284ea
--- /dev/null
+++ b/testing/btest/Baseline/broker.remote_event/recv.recv.out
@@ -0,0 +1,6 @@
+got event msg, ping, 0
+got event msg, ping, 1
+got event msg, ping, 2
+got event msg, ping, 3
+got event msg, ping, 4
+got event msg, ping, 5
diff --git a/testing/btest/Baseline/broker.remote_event/send.send.out b/testing/btest/Baseline/broker.remote_event/send.send.out
new file mode 100644
index 0000000000..a29c1ecd1e
--- /dev/null
+++ b/testing/btest/Baseline/broker.remote_event/send.send.out
@@ -0,0 +1,11 @@
+BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
+got event msg, pong, 0
+got auto event msg, ping, 0
+got event msg, pong, 1
+got auto event msg, ping, 1
+got event msg, pong, 2
+got auto event msg, ping, 2
+got event msg, pong, 3
+got auto event msg, ping, 3
+got event msg, pong, 4
+got auto event msg, ping, 4
diff --git a/testing/btest/Baseline/broker.remote_log/recv.recv.out b/testing/btest/Baseline/broker.remote_log/recv.recv.out
new file mode 100644
index 0000000000..ef9cb8402d
--- /dev/null
+++ b/testing/btest/Baseline/broker.remote_log/recv.recv.out
@@ -0,0 +1,6 @@
+wrote log, [msg=ping, num=0, nolog=no]
+wrote log, [msg=ping, num=1, nolog=no]
+wrote log, [msg=ping, num=2, nolog=no]
+wrote log, [msg=ping, num=3, nolog=no]
+wrote log, [msg=ping, num=4, nolog=no]
+wrote log, [msg=ping, num=5, nolog=no]
diff --git a/testing/btest/Baseline/broker.remote_log/recv.test.log b/testing/btest/Baseline/broker.remote_log/recv.test.log
new file mode 100644
index 0000000000..0d6dae756c
--- /dev/null
+++ b/testing/btest/Baseline/broker.remote_log/recv.test.log
@@ -0,0 +1,15 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	test
+#open	2015-01-26-22-47-11
+#fields	msg	num
+#types	string	count
+ping	0
+ping	1
+ping	2
+ping	3
+ping	4
+ping	5
+#close	2015-01-26-22-47-11
diff --git a/testing/btest/Baseline/broker.remote_log/send.send.out b/testing/btest/Baseline/broker.remote_log/send.send.out
new file mode 100644
index 0000000000..d97ef33af1
--- /dev/null
+++ b/testing/btest/Baseline/broker.remote_log/send.send.out
@@ -0,0 +1 @@
+BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
diff --git a/testing/btest/Baseline/broker.remote_log/send.test.log b/testing/btest/Baseline/broker.remote_log/send.test.log
new file mode 100644
index 0000000000..0d6dae756c
--- /dev/null
+++ b/testing/btest/Baseline/broker.remote_log/send.test.log
@@ -0,0 +1,15 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	test
+#open	2015-01-26-22-47-11
+#fields	msg	num
+#types	string	count
+ping	0
+ping	1
+ping	2
+ping	3
+ping	4
+ping	5
+#close	2015-01-26-22-47-11
diff --git a/testing/btest/Baseline/broker.remote_print/recv.recv.out b/testing/btest/Baseline/broker.remote_print/recv.recv.out
new file mode 100644
index 0000000000..6e5a37abbf
--- /dev/null
+++ b/testing/btest/Baseline/broker.remote_print/recv.recv.out
@@ -0,0 +1,6 @@
+got print msg, ping 0
+got print msg, ping 1
+got print msg, ping 2
+got print msg, ping 3
+got print msg, ping 4
+got print msg, ping 5
diff --git a/testing/btest/Baseline/broker.remote_print/send.send.out b/testing/btest/Baseline/broker.remote_print/send.send.out
new file mode 100644
index 0000000000..65d8ee79b7
--- /dev/null
+++ b/testing/btest/Baseline/broker.remote_print/send.send.out
@@ -0,0 +1,6 @@
+BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
+got print msg, pong 0
+got print msg, pong 1
+got print msg, pong 2
+got print msg, pong 3
+got print msg, pong 4
diff --git a/testing/btest/Baseline/core.conn-size-threshold/.stdout b/testing/btest/Baseline/core.conn-size-threshold/.stdout
new file mode 100644
index 0000000000..76ad7c0696
--- /dev/null
+++ b/testing/btest/Baseline/core.conn-size-threshold/.stdout
@@ -0,0 +1,23 @@
+0
+0
+0
+0
+Threshold set for [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp]
+3000
+2000
+63
+50
+triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 2000, F
+triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 3000, T
+triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 50, F
+0
+0
+0
+0
+Threshold set for [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp]
+3000
+2000
+63
+50
+triggered bytes, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 2000, F
+triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 63, T
diff --git a/testing/btest/Baseline/core.icmp.icmp-events/output b/testing/btest/Baseline/core.icmp.icmp-events/output
index c8c8eb317f..c72af480d5 100644
--- a/testing/btest/Baseline/core.icmp.icmp-events/output
+++ b/testing/btest/Baseline/core.icmp.icmp-events/output
@@ -6,15 +6,15 @@ icmp_time_exceeded (code=0)
   conn_id: [orig_h=10.0.0.1, orig_p=11/icmp, resp_h=10.0.0.2, resp_p=0/icmp]
   icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=11, icode=0, len=32, hlim=64, v6=F]
   icmp_context: [id=[orig_h=10.0.0.2, orig_p=30000/udp, resp_h=10.0.0.1, resp_p=13000/udp], len=32, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
-icmp_echo_request (id=34844, seq=0, payload=O\x85\xe0C\0^N\xeb\xff^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
+icmp_echo_request (id=34844, seq=0, payload=O\x85\xe0C\x00\x0e\xeb\xff\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
   conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp]
   icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F]
-icmp_echo_reply (id=34844, seq=0, payload=O\x85\xe0C\0^N\xeb\xff^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
+icmp_echo_reply (id=34844, seq=0, payload=O\x85\xe0C\x00\x0e\xeb\xff\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
   conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp]
   icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F]
-icmp_echo_request (id=34844, seq=1, payload=O\x85\xe0D\0^N\xf0}^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
+icmp_echo_request (id=34844, seq=1, payload=O\x85\xe0D\x00\x0e\xf0}\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
   conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp]
   icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F]
-icmp_echo_reply (id=34844, seq=1, payload=O\x85\xe0D\0^N\xf0}^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
+icmp_echo_reply (id=34844, seq=1, payload=O\x85\xe0D\x00\x0e\xf0}\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
   conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp]
   icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F]
diff --git a/testing/btest/Baseline/core.icmp.icmp6-nd-options/output b/testing/btest/Baseline/core.icmp.icmp6-nd-options/output
index 1a3958f32d..f38d3e3cea 100644
--- a/testing/btest/Baseline/core.icmp.icmp6-nd-options/output
+++ b/testing/btest/Baseline/core.icmp.icmp6-nd-options/output
@@ -1,28 +1,28 @@
 icmp_redirect options
     [otype=4, len=8, link_address=<uninitialized>, prefix=<uninitialized>, redirect=[id=[orig_h=fe80::aaaa, orig_p=30000/udp, resp_h=fe80::bbbb, resp_p=13000/udp], len=56, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F], mtu=<uninitialized>, payload=<uninitialized>]
 icmp_neighbor_advertisement options
-    [otype=2, len=1, link_address=\xc2\0T\xf5\0\0, prefix=<uninitialized>, redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
+    [otype=2, len=1, link_address=\xc2\x00T\xf5\x00\x00, prefix=<uninitialized>, redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
      MAC: c20054f50000
 icmp_router_advertisement options
-    [otype=1, len=1, link_address=\xc2\0T\xf5\0\0, prefix=<uninitialized>, redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
+    [otype=1, len=1, link_address=\xc2\x00T\xf5\x00\x00, prefix=<uninitialized>, redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
      MAC: c20054f50000
     [otype=5, len=1, link_address=<uninitialized>, prefix=<uninitialized>, redirect=<uninitialized>, mtu=1500, payload=<uninitialized>]
     [otype=3, len=4, link_address=<uninitialized>, prefix=[prefix_len=64, L_flag=T, A_flag=T, valid_lifetime=30.0 days, preferred_lifetime=7.0 days, prefix=2001:db8:0:1::], redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
 icmp_neighbor_advertisement options
-    [otype=2, len=1, link_address=\xc2\0T\xf5\0\0, prefix=<uninitialized>, redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
+    [otype=2, len=1, link_address=\xc2\x00T\xf5\x00\x00, prefix=<uninitialized>, redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
      MAC: c20054f50000
 icmp_router_advertisement options
-    [otype=1, len=1, link_address=\xc2\0T\xf5\0\0, prefix=<uninitialized>, redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
+    [otype=1, len=1, link_address=\xc2\x00T\xf5\x00\x00, prefix=<uninitialized>, redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
      MAC: c20054f50000
     [otype=5, len=1, link_address=<uninitialized>, prefix=<uninitialized>, redirect=<uninitialized>, mtu=1500, payload=<uninitialized>]
     [otype=3, len=4, link_address=<uninitialized>, prefix=[prefix_len=64, L_flag=T, A_flag=T, valid_lifetime=30.0 days, preferred_lifetime=7.0 days, prefix=2001:db8:0:1::], redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
 icmp_router_advertisement options
-    [otype=1, len=1, link_address=\xc2\0T\xf5\0\0, prefix=<uninitialized>, redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
+    [otype=1, len=1, link_address=\xc2\x00T\xf5\x00\x00, prefix=<uninitialized>, redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
      MAC: c20054f50000
     [otype=5, len=1, link_address=<uninitialized>, prefix=<uninitialized>, redirect=<uninitialized>, mtu=1500, payload=<uninitialized>]
     [otype=3, len=4, link_address=<uninitialized>, prefix=[prefix_len=64, L_flag=T, A_flag=T, valid_lifetime=30.0 days, preferred_lifetime=7.0 days, prefix=2001:db8:0:1::], redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
 icmp_router_advertisement options
-    [otype=1, len=1, link_address=\xc2\0T\xf5\0\0, prefix=<uninitialized>, redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
+    [otype=1, len=1, link_address=\xc2\x00T\xf5\x00\x00, prefix=<uninitialized>, redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
      MAC: c20054f50000
     [otype=5, len=1, link_address=<uninitialized>, prefix=<uninitialized>, redirect=<uninitialized>, mtu=1500, payload=<uninitialized>]
     [otype=3, len=4, link_address=<uninitialized>, prefix=[prefix_len=64, L_flag=T, A_flag=T, valid_lifetime=30.0 days, preferred_lifetime=7.0 days, prefix=2001:db8:0:1::], redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
diff --git a/testing/btest/Baseline/core.icmp.icmp_sent/out b/testing/btest/Baseline/core.icmp.icmp_sent/out
new file mode 100644
index 0000000000..cf8fe9e4e1
--- /dev/null
+++ b/testing/btest/Baseline/core.icmp.icmp_sent/out
@@ -0,0 +1,2 @@
+icmp_sent, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [orig_h=fe80::2c23:b96c:78d:e116, resp_h=ff02::16, itype=143, icode=0, len=20, hlim=1, v6=T]
+icmp_sent_payload, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [orig_h=fe80::2c23:b96c:78d:e116, resp_h=ff02::16, itype=143, icode=0, len=20, hlim=1, v6=T], 20
diff --git a/testing/btest/Baseline/core.ipv6_ext_headers/output b/testing/btest/Baseline/core.ipv6_ext_headers/output
index b4cd249371..77c9f77a6f 100644
--- a/testing/btest/Baseline/core.ipv6_ext_headers/output
+++ b/testing/btest/Baseline/core.ipv6_ext_headers/output
@@ -1,3 +1,3 @@
 weird routing0_hdr from 2001:4f8:4:7:2e0:81ff:fe52:ffff to 2001:78:1:32::2
 [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=53/udp, resp_h=2001:78:1:32::2, resp_p=53/udp]
-[ip=<uninitialized>, ip6=[class=0, flow=0, len=59, nxt=0, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=0, hopopts=[nxt=43, len=0, options=[[otype=1, len=4, data=\0\0\0\0]]], dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=<uninitialized>, mobility=<uninitialized>], [id=43, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=[nxt=17, len=4, rtype=0, segleft=2, data=\0\0\0\0 ^A\0x\0^A\02\0\0\0\0\0\0\0^A ^A\0x\0^A\02\0\0\0\0\0\0\0^B], fragment=<uninitialized>, ah=<uninitialized>, esp=<uninitialized>, mobility=<uninitialized>]]], tcp=<uninitialized>, udp=[sport=53/udp, dport=53/udp, ulen=11], icmp=<uninitialized>]
+[ip=<uninitialized>, ip6=[class=0, flow=0, len=59, nxt=0, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=0, hopopts=[nxt=43, len=0, options=[[otype=1, len=4, data=\x00\x00\x00\x00]]], dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=<uninitialized>, mobility=<uninitialized>], [id=43, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=[nxt=17, len=4, rtype=0, segleft=2, data=\x00\x00\x00\x00 \x01\x00x\x00\x01\x002\x00\x00\x00\x00\x00\x00\x00\x01 \x01\x00x\x00\x01\x002\x00\x00\x00\x00\x00\x00\x00\x02], fragment=<uninitialized>, ah=<uninitialized>, esp=<uninitialized>, mobility=<uninitialized>]]], tcp=<uninitialized>, udp=[sport=53/udp, dport=53/udp, ulen=11], icmp=<uninitialized>]
diff --git a/testing/btest/Baseline/core.leaks.broker.clone_store/clone.clone.out b/testing/btest/Baseline/core.leaks.broker.clone_store/clone.clone.out
new file mode 100644
index 0000000000..017537fea9
--- /dev/null
+++ b/testing/btest/Baseline/core.leaks.broker.clone_store/clone.clone.out
@@ -0,0 +1,5 @@
+clone keys, [status=BrokerStore::SUCCESS, result=[d=broker::data{[one, two, myset, myvec]}]]
+lookup, one, [status=BrokerStore::SUCCESS, result=[d=broker::data{111}]]
+lookup, two, [status=BrokerStore::SUCCESS, result=[d=broker::data{222}]]
+lookup, myset, [status=BrokerStore::SUCCESS, result=[d=broker::data{{a, c, d}}]]
+lookup, myvec, [status=BrokerStore::SUCCESS, result=[d=broker::data{[delta, alpha, beta, gamma, omega]}]]
diff --git a/testing/btest/Baseline/core.leaks.broker.data/bro..stdout b/testing/btest/Baseline/core.leaks.broker.data/bro..stdout
new file mode 100644
index 0000000000..628870144a
--- /dev/null
+++ b/testing/btest/Baseline/core.leaks.broker.data/bro..stdout
@@ -0,0 +1,99 @@
+BrokerComm::BOOL
+BrokerComm::INT
+BrokerComm::COUNT
+BrokerComm::DOUBLE
+BrokerComm::STRING
+BrokerComm::ADDR
+BrokerComm::SUBNET
+BrokerComm::PORT
+BrokerComm::TIME
+BrokerComm::INTERVAL
+BrokerComm::ENUM
+BrokerComm::SET
+BrokerComm::TABLE
+BrokerComm::VECTOR
+BrokerComm::RECORD
+***************************
+T
+F
+1
+0
+-1
+1
+0
+1.1
+-11.1
+hello
+1.2.3.4
+192.168.0.0/16
+22/tcp
+42.0
+180.0
+BrokerComm::BOOL
+***************************
+{
+two,
+one,
+three
+}
+0
+T
+1
+T
+F
+T
+2
+T
+1
+F
+{
+bye
+}
+0
+***************************
+{
+[two] = 2,
+[one] = 1,
+[three] = 3
+}
+0
+[d=<uninitialized>]
+1
+T
+42
+F
+[d=<uninitialized>]
+2
+[d=broker::data{7}]
+2
+37
+[d=broker::data{42}]
+1
+***************************
+[zero, one, two]
+0
+T
+T
+T
+T
+[hi, salutations, hello, greetings]
+4
+[d=broker::data{hello}]
+[d=broker::data{bah}]
+[d=broker::data{hi}]
+[hi, salutations, bah, greetings]
+[d=broker::data{bah}]
+[hi, salutations, greetings]
+3
+***************************
+[a=<uninitialized>, b=bee, c=1]
+[a=test, b=bee, c=1]
+[a=test, b=testagain, c=1]
+3
+T
+T
+T
+[d=broker::data{hi}]
+[d=broker::data{hello}]
+[d=broker::data{37}]
+3
diff --git a/testing/btest/Baseline/core.leaks.broker.master_store/bro..stdout b/testing/btest/Baseline/core.leaks.broker.master_store/bro..stdout
new file mode 100644
index 0000000000..4208503151
--- /dev/null
+++ b/testing/btest/Baseline/core.leaks.broker.master_store/bro..stdout
@@ -0,0 +1,14 @@
+lookup(two): [status=BrokerStore::SUCCESS, result=[d=broker::data{222}]]
+lookup(four): [status=BrokerStore::SUCCESS, result=[d=<uninitialized>]]
+lookup(myset): [status=BrokerStore::SUCCESS, result=[d=broker::data{{a, c, d}}]]
+lookup(one): [status=BrokerStore::SUCCESS, result=[d=broker::data{111}]]
+lookup(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{[delta, alpha, beta, gamma, omega]}]]
+exists(one): [status=BrokerStore::SUCCESS, result=[d=broker::data{1}]]
+exists(two): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]
+exists(myset): [status=BrokerStore::SUCCESS, result=[d=broker::data{1}]]
+exists(four): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]
+pop_right(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{omega}]]
+pop_left(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{delta}]]
+keys: [status=BrokerStore::SUCCESS, result=[d=broker::data{[myvec, myset, one]}]]
+size: [status=BrokerStore::SUCCESS, result=[d=broker::data{3}]]
+size (after clear): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]
diff --git a/testing/btest/Baseline/core.leaks.broker.remote_event/recv.recv.out b/testing/btest/Baseline/core.leaks.broker.remote_event/recv.recv.out
new file mode 100644
index 0000000000..7dab0284ea
--- /dev/null
+++ b/testing/btest/Baseline/core.leaks.broker.remote_event/recv.recv.out
@@ -0,0 +1,6 @@
+got event msg, ping, 0
+got event msg, ping, 1
+got event msg, ping, 2
+got event msg, ping, 3
+got event msg, ping, 4
+got event msg, ping, 5
diff --git a/testing/btest/Baseline/core.leaks.broker.remote_event/send.send.out b/testing/btest/Baseline/core.leaks.broker.remote_event/send.send.out
new file mode 100644
index 0000000000..a29c1ecd1e
--- /dev/null
+++ b/testing/btest/Baseline/core.leaks.broker.remote_event/send.send.out
@@ -0,0 +1,11 @@
+BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
+got event msg, pong, 0
+got auto event msg, ping, 0
+got event msg, pong, 1
+got auto event msg, ping, 1
+got event msg, pong, 2
+got auto event msg, ping, 2
+got event msg, pong, 3
+got auto event msg, ping, 3
+got event msg, pong, 4
+got auto event msg, ping, 4
diff --git a/testing/btest/Baseline/core.leaks.broker.remote_log/recv.recv.out b/testing/btest/Baseline/core.leaks.broker.remote_log/recv.recv.out
new file mode 100644
index 0000000000..3e0957442d
--- /dev/null
+++ b/testing/btest/Baseline/core.leaks.broker.remote_log/recv.recv.out
@@ -0,0 +1,6 @@
+wrote log, [msg=ping, num=0]
+wrote log, [msg=ping, num=1]
+wrote log, [msg=ping, num=2]
+wrote log, [msg=ping, num=3]
+wrote log, [msg=ping, num=4]
+wrote log, [msg=ping, num=5]
diff --git a/testing/btest/Baseline/core.leaks.broker.remote_log/recv.test.log b/testing/btest/Baseline/core.leaks.broker.remote_log/recv.test.log
new file mode 100644
index 0000000000..4fe7790779
--- /dev/null
+++ b/testing/btest/Baseline/core.leaks.broker.remote_log/recv.test.log
@@ -0,0 +1,15 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	test
+#open	2015-02-12-17-33-13
+#fields	msg	num
+#types	string	count
+ping	0
+ping	1
+ping	2
+ping	3
+ping	4
+ping	5
+#close	2015-02-12-17-33-14
diff --git a/testing/btest/Baseline/core.leaks.broker.remote_log/send.send.out b/testing/btest/Baseline/core.leaks.broker.remote_log/send.send.out
new file mode 100644
index 0000000000..d97ef33af1
--- /dev/null
+++ b/testing/btest/Baseline/core.leaks.broker.remote_log/send.send.out
@@ -0,0 +1 @@
+BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
diff --git a/testing/btest/Baseline/core.leaks.broker.remote_log/send.test.log b/testing/btest/Baseline/core.leaks.broker.remote_log/send.test.log
new file mode 100644
index 0000000000..884517b252
--- /dev/null
+++ b/testing/btest/Baseline/core.leaks.broker.remote_log/send.test.log
@@ -0,0 +1,15 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	test
+#open	2015-02-12-17-33-13
+#fields	msg	num
+#types	string	count
+ping	0
+ping	1
+ping	2
+ping	3
+ping	4
+ping	5
+#close	2015-02-12-17-33-15
diff --git a/testing/btest/Baseline/core.leaks.broker.remote_print/recv.recv.out b/testing/btest/Baseline/core.leaks.broker.remote_print/recv.recv.out
new file mode 100644
index 0000000000..6e5a37abbf
--- /dev/null
+++ b/testing/btest/Baseline/core.leaks.broker.remote_print/recv.recv.out
@@ -0,0 +1,6 @@
+got print msg, ping 0
+got print msg, ping 1
+got print msg, ping 2
+got print msg, ping 3
+got print msg, ping 4
+got print msg, ping 5
diff --git a/testing/btest/Baseline/core.leaks.broker.remote_print/send.send.out b/testing/btest/Baseline/core.leaks.broker.remote_print/send.send.out
new file mode 100644
index 0000000000..65d8ee79b7
--- /dev/null
+++ b/testing/btest/Baseline/core.leaks.broker.remote_print/send.send.out
@@ -0,0 +1,6 @@
+BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
+got print msg, pong 0
+got print msg, pong 1
+got print msg, pong 2
+got print msg, pong 3
+got print msg, pong 4
diff --git a/testing/btest/Baseline/core.print-bpf-filters/conn.log b/testing/btest/Baseline/core.print-bpf-filters/conn.log
index 5c28b2acdd..bb0fde9806 100644
--- a/testing/btest/Baseline/core.print-bpf-filters/conn.log
+++ b/testing/btest/Baseline/core.print-bpf-filters/conn.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-32-49
+#open	2015-03-30-21-38-30
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
 1278600802.069419	CXWv6p3arKYeMETxOg	10.20.80.1	50343	10.0.0.15	80	tcp	-	0.004152	9	3429	SF	-	-	0	ShADadfF	7	381	7	3801	(empty)
-#close	2015-02-23-21-32-49
+#close	2015-03-30-21-38-30
diff --git a/testing/btest/Baseline/core.print-bpf-filters/output b/testing/btest/Baseline/core.print-bpf-filters/output
index 768e6762f3..a4cde0404a 100644
--- a/testing/btest/Baseline/core.print-bpf-filters/output
+++ b/testing/btest/Baseline/core.print-bpf-filters/output
@@ -3,28 +3,28 @@
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
-#open	2013-10-24-18-53-49
+#open	2015-03-30-21-38-29
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1382640829.338079	bro	ip or not ip	T	T
-#close	2013-10-24-18-53-49
+1427751509.034738	bro	ip or not ip	T	T
+#close	2015-03-30-21-38-29
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
-#open	2013-10-24-18-53-49
+#open	2015-03-30-21-38-29
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1382640829.495639	bro	port 42	T	T
-#close	2013-10-24-18-53-49
+1427751509.711080	bro	port 42	T	T
+#close	2015-03-30-21-38-29
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
-#open	2013-10-24-18-53-49
+#open	2015-03-30-21-38-30
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1382640829.653368	bro	(vlan) and (ip or not ip)	T	T
-#close	2013-10-24-18-53-49
+1427751510.380510	bro	(vlan) and (ip or not ip)	T	T
+#close	2015-03-30-21-38-30
diff --git a/testing/btest/Baseline/core.print-bpf-filters/output2 b/testing/btest/Baseline/core.print-bpf-filters/output2
index f843da2909..ac140925fc 100644
--- a/testing/btest/Baseline/core.print-bpf-filters/output2
+++ b/testing/btest/Baseline/core.print-bpf-filters/output2
@@ -13,9 +13,11 @@
 1 2811
 1 3128
 1 3306
+1 3389
 1 3544
-1 443
+2 443
 1 502
+1 5060
 1 5072
 1 514
 1 5223
@@ -38,14 +40,15 @@
 1 8000
 1 8080
 1 81
+2 88
 1 8888
 1 989
 1 990
 1 992
 1 993
 1 995
-49 and
-48 or
-49 port
-34 tcp
-15 udp
+54 and
+53 or
+54 port
+36 tcp
+18 udp
diff --git a/testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log b/testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log
index 0df7c34145..1022eacffc 100644
--- a/testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log
+++ b/testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log
@@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-32-56
+#open	2015-04-15-23-53-28
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
 1395939406.175845	CjhGID4nQcgTWjvg4c	192.168.56.1	59763	192.168.56.101	63988	tcp	ftp-data	0.001676	0	270	SF	-	-	0	ShAdfFa	5	272	4	486	(empty)
 1395939411.361078	CCvvfg3TEfuqmmG4bh	192.168.56.1	59764	192.168.56.101	37150	tcp	ftp-data	150.496065	0	5416666670	SF	-	-	4675708816	ShAdfFa	13	688	12	24454	(empty)
 1395939399.984671	CXWv6p3arKYeMETxOg	192.168.56.1	59762	192.168.56.101	21	tcp	ftp	169.634297	104	1041	SF	-	-	0	ShAdDaFf	31	1728	18	1985	(empty)
-#close	2015-02-23-21-32-56
+#close	2015-04-15-23-53-28
diff --git a/testing/btest/Baseline/core.tcp.large-file-reassembly/files.log b/testing/btest/Baseline/core.tcp.large-file-reassembly/files.log
index b8b9bf9db1..79f1b7fba9 100644
--- a/testing/btest/Baseline/core.tcp.large-file-reassembly/files.log
+++ b/testing/btest/Baseline/core.tcp.large-file-reassembly/files.log
@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	files
-#open	2014-04-09-16-44-53
+#open	2015-04-15-23-53-28
 #fields	ts	fuid	tx_hosts	rx_hosts	conn_uids	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted
 #types	time	string	set[addr]	set[addr]	set[string]	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string
 1395939406.177079	FAb5m22Dhe2Zi95anf	192.168.56.101	192.168.56.1	CjhGID4nQcgTWjvg4c	FTP_DATA	0	DATA_EVENT	text/plain	-	0.000000	-	F	270	-	0	0	F	-	-	-	-	-
 1395939411.364462	FhI0ao2FNTjabdfSBd	192.168.56.101	192.168.56.1	CCvvfg3TEfuqmmG4bh	FTP_DATA	0	DATA_EVENT	text/plain	-	150.490904	-	F	23822	-	5416642848	0	F	-	-	-	-	-
-#close	2014-04-09-16-44-54
+#close	2015-04-15-23-53-28
diff --git a/testing/btest/Baseline/core.tcp.large-file-reassembly/out b/testing/btest/Baseline/core.tcp.large-file-reassembly/out
index dd3960bdb7..7e18dd7c25 100644
--- a/testing/btest/Baseline/core.tcp.large-file-reassembly/out
+++ b/testing/btest/Baseline/core.tcp.large-file-reassembly/out
@@ -1,11 +1,11 @@
-file_chunk, 270, 0, drwxr-xr-x    3 0          0                4096 Mar 27 11:55 .^M^Jdrwxr-xr-x    3 0          0                4096 Mar 27 11:55 ..^M^Jdrwxr-xr-x    2 0          0                4096 Mar 27 11:43 pub^M^J-rw-rw-r--    1 1000       1000       5416666670 Mar 27 11:52 rand.txt^M^J
-file_chunk, 14480, 0, TCf8ZQLH67eBQks8SjFaumquAt7f9eg6GNvyLgvdbRl4QShP5o47kdBupR8IxbCz^JZ1sR200ZDSWX1TeH7UVjxBg+eQ8YpmUbnjqePKMUBbb0uq6tDGYGauJiZnSHVNez^JVZmm+pCPVdIGyWe27Xgub9s8PyDBjVD3amDxvoFb8ad86eTDcrzuPZ0/iFP4CnDY^JHFLAvEbvgBVuKTmveyUjmis9nRgvjaeoHhBV7/XtC6fP9ayGCHqJIYs7pGHEm0hi^Ji95bgfyFCEB2hBvwGGNQStTigpE89eURtsmxnK+I3Hxk+dyBQjQ6hTxQlwmqZuto^J/ZMEv8KCfrZUtTh4s3l621DN7wRiUbgltFXAIoaWwc5YACR65582L9aEX86XVNXt^J8IfLL0klmNgaRO49b1He7exMUA0UCUY9DFdFfqyt2hMoPJqEfm4nRH0x/xQs5x/G^Jq5K+JPJtkyxvqI7AwMSRaN+k7ez12fZCwzpPIU8taS++y0op+kmXsPaTSJpPe8Ev^Js1XyutkfH5OPmrt413q80e4UTlV73zGs8XMBO+VL+Jb+0IUNnmiyWzqIuYokI9RS^JCdLbWCdLGGb6+k76rY4oIDnUbAP7YCDdr2s3QZ9aLMNaSpuyKY19WNzNbw8cI81O^JIuTY6C3NzXMItjWriqAzmMl2AXztrPZZ2GFhyUy1Hwf4DufBEVeDMvhVd+WlfzVn^JlRdy8Os5X0ULPhFDmej+1igX/AD9a2Yf26vqak8AUvLbJciJWFZp17sZYXus6zos^JR17iUaq63Mfl0dk6wnktVLIGt6EHBYb/oJ65ZGLMuFSDqv+NvVhuyNd/IIR4tUKO^JqNVH/+FHHqjbpZQvFHSTqOGA62rb1AecBRnliYKjRTsg7u4/HI+v/jwPnp89pntJ^JkztVIkc7VVG0GhvgnKFjmV+bVddG3UpB3juIVMJwcFOFnQNzF0hm7oDdfEYXEUht^JW/TCpIox9O+VQknCTo4iZcZOOXGkEYRc11C+P2WPk46b2OER/l8agJPG9qS6Yf35^J+ljLAVFNgW12iqiqCYmfQM6z1l+6RIo/DlDSALbhYjTV9CG02WwyQiG4WpkAHnx+^JiaSwwrKYCklvFoUtisVGfV19rTo1HGGG2FFo5oCY4BPmbIQWidTXJtA1JkHsni5R^JPlG8elgJkTJJKkzdwAh5V0UL+m1y2zH+NyQHFzj9zunB0g5QEmuYMt18TvXy7D/W^JkgJbWGvDCKY36ZKVhWTTqsgQ2xecH+vKBaCF4IofA0joodZzBv9GH6UOSkhTML57^J5BRbLoPr3IqbTAx7PFlixb+fIur2UeUo+RYZeDudo7HmvLBnsGFw0K9rBVNg1D8C^JwcO4lpwxZEPsLeqKChpHpQugpkfSnC9B2/Oywoep2FAI2OL4zL9nOWb+QnE8kibe^JmZVCAm6p2qnr1nfKMUP2YWKbTeyowi6dlS9SfQdzc5+a1Asg/+S8ZWOPDJGauS6h^JNrfV2HRoHwYmpqvxN3/8A7vkF+rPgx1yeGHK0mDVn4F2ke1E+r5e1F9IZzM90EkR^JFX1hEcNcqzPX/rerGjD6WNBDdoAvmsth8mrcsIf0iq/yvNblB9R4Vg1+bxHYOXYf^JE70vkvtaSmWCQ5gi19SYK01XR42Jnu+cnUtuCr3P2relXC5TjBqz3V2CO3St9tX/^J8sdKZWDc/kHAQ5uVZAIonoVp6Ffeu2Zz3B0NFjJj9hyJtLIJ+Qg2Bru0YeplIIQz^Jw8WXZ3xHw7nN2pIMRMkef8pAoonGsrUySUhhSjEMZCYDXvWpTSrOwm+LRsyJ9czy^J4kUBxgoiCdxGi0NpljEzvrj27ElBmqa2E/bOoK39ff89GSBvXeHw6NVrrDZhEFrU^JfnALNwjCGdxCrkPm2sw03cdsPRVO0yQppyYbT8MhWuzlq31VGps+EiwfpU+jHsw2^J7CuI4qC/n6yui5irPTV+GJmS900rfqCDab+PW6XJ82rGAN1lvV7+lz/x3lGcFCux^JUudDhQANxzHwTQGmwJeR4Fk+PGTAvQoWfgN+21hgPgIW4Yug1uKtL5IOK2rRVMTf^JljjxQ8FlEfZLdLZgiOOHnpioRz4n/SbcSMw15i9GHMmHE3wOmV7En11vBFPmUcYb^J+d2UaodnxE6psPmSfawBFI6TNT9fKaZchANali9OdFieh79e/7mox79DrzX4tuQT^JNLs1nj0jb+4Tm+LNqkJ5cvDkyFds0FbBd3CblDHNtdkIcSVj3TpkYz1wwYYogt7r^JV6wVmRQ09dhDmRSM8kVinGhVudTpBRH6+F922anxF9exYYKfYi7M/ODjuQLRCK7R^JwSNg7BDBVXt/Q31ryukAzcE5UtCk0LSlci02B1taq2Bp1ChFDpSzaqeshwgCQvYJ^JVLBPFdy21eqa8IQwXZ3wU2TEiGgJIv3k6M07uSDMCJF8/IPf7KmmOy/dotWXWSCe^J9FqYiGMYW5KRrTZnknhS2JYhC4iIHqlGYFYd5cSm3dtx6m1Y4hmqE4+JWRDK2I/s^JCkDbfOvU8UwES3k4tHORdqDn/b54EdEbnG06hfcg2B5FEg7cr90Qjdh838ldIcwG^JI0k9UewaVjjPL1dG585WFMQa3bZChzNN25kRGMQP24BGvA8wuKDseza7rn1dmrYw^JCRSsA2U7gNy96DKQFQX6Ga9uT9OCW+Ukvq2sejhL5cgiqZ6xZpV3WCFlFEjHEZDU^J/Jcaes5cbbkWLHe9PXwlLeCArWkwsrwhM/zS2vWN9xnvPzyYAaDqSlOPNeyBYW0t^JwEca4eu9Kg7dLNrZ8S6tEECdpor+9EAU6T8o60s20nUzmqG96yWhdl1mns+IHW8N^JwJ9u1uYlEKoAHPVdYY6MnWToAxH5KI1OaEfJ4He929/QGkIso6gRRyWlF2shqR+W^Jx74nIGsLeou4Ao8WGVjV0aa1qZiNw5KSB5QB5UuKlmTWG/gdk1APdsmudyg+Vc1T^JAXLdMwj7uvngrIZxFxqipXnWB7FPC4yzeiPu8qOoestmuqkhkD0FPCW5QFhk965F^Jxm9fqwgJPsjBTC5YTB2LOfTO5ZYdJiPYQmETOOe4a9ztL6HwQ2Y/zxc7GD4AbwQp^JM/AbXtIaCYgNkeG9vkJaLn6byDwdmJUZGHHNVjZca8wV6+YlboGrAYrJbX+ndyqH^JKquD7o1PkJTO+4H04lDmYquf/fRembQ51YGyVQaNqbLF1mbyfVd/lc+JJICTVT/o^Ju4+9yTKOhJG2Gb1DmBG+jOIuZkGv6m9CqZYfKTtDv9zwkUeNHMGcAX6n+TPc2WPI^JsBSKIdYnzlvRCMI9BJAWoNej5yQzzfCPlXd15Og+SK0mfM8+44iDRv/051rLVhcI^JCxQpRjq/NdINYF+WwwDoN4VlpPXLZkw1+qYoSHdstDiHv7uhRgP+cEbZXH8mDpe1^Jkj47aUHCLiGP8u1UgRXGH8A0jFp5yPEFU3SBePIehSZZynNB8u04mRpXc1kIlubA^JqnhGKpscdIZnO7KB7pQA2qF+s1I45amehPIBDBzbaGkMJe2Esqphgh3Rk695uPDm^JQM7JjrfhBTlNXxoxC48WdbI9+xzhTavuwP4BhUNADgDel9vxs+HkT1rLR907NaN1^JxWJdo2bsRFNdftSKf2XCthor9VHwOmyU0XI2yeVSxu9hdA1jK4M4C7fmRrQrwuoO^JS6fTlgbMeTey2ZHrJO/iDT+9sGfgT/oGDXYzZrbaFbiBRj5HLweXE+rAyIG77yUY^JZEqkeh1BA1KHSxqhXmkrYr+ambErzrQHIr6fTujmPVc5W1kIZEAhMdLDJ8U/C1dL^JjqjEA/VyjJr8A2gELABBiATb5ro485x/GdUHgOam0sYpHqG4wmsxnM8iVuxbwlS5^JC9z/MjVvBoLl83/YZjG1jfRLkaX6wzWXuSeybIDk7TilDwAdeFAbUfgEqH5xnXND^JPHnSaA8yOxba7kpuRDWJebGb2GPxiP6u0Wk8iXd3jnSJdE3+b69SXzgM82Wht6NH^JFkBEQWf8hDu0pAhxxU32yPCrLoRxCpl/K/p1cL01xtzDbj5Ncfhg5TbYYUyRw2UN^JSHQ46bN/ozKIQ02T+bhA7Z4BVjVw3Fens8jbZX+Z5ClnEiY5q4g+hR6estFTli3z^J0bQBij3OB0yseeOCcyLt9ZpepxQwgO6BNvecNuNtBwEq/xCx7ESzX3N7dVZAjWKE^JdyjbFMIPKMfIMlfU7wvuaxiyWkbVsBcPDPcyLja3qzO85GZgh0Uln+mCModfqZc/^JcplyVPYQBIFXAViGIFZONpAOWC29fy4j0uRsNYKKhRv6fSZzVNbVgeljKFwTCAXu^J8CtcxnpNOTYXuGZbgISo6oHxCy+fIK1Q14eaZepMWWYT22kWR7FlN4BOLcj50K/Z^JBxpcOexNb0QreketOWPWfHflY9YxB07ykX6djOH9ZOlITbZ0c2BMxfJxOaaNbidn^JX1Vka0i06Sk2iFw2MmxHJm5zwN6Ln4S9hCrwaPCDkmXOCoN0pr1jt9teBBA/LkDG^Jn+rp2U4CwSAtJy690+HlZ+Ni/m5QkchnSsGuYXeBE7feao+dBTJ5hyFpMKjjyOS3^Jf+vZkyNxOzgugBnQ5e0suK46y5GhpbrmNIbP8lJn04B6CFe/lidABVS50GK5LqCD^JtdtAyr+6LD0PCJU2pJeqwePqlbQmA5XZxOW1vJVNQJ4EEJfcJj8Ha2hynAOQaiT/^JAXtlD22EXutFfFgFBgkFJZ35+nO4TuSIawad8xkIBnpMX87wpp4nVi3aWd4sMr0o^JyXWSHcd3Y+izqfXH/6BqlUeXNGQjLlj7biMCosz3iFBRhOvUK1a5r90ZcVy+8+Ty^J4qT52tO7+bQOngxBiwqpnvKAONsxFFHWgR7/LjYbYKtgtq+1ibACiaSzQg+IVFP3^J1V7aZb9fZP0YBvbhv4JxdTXxFfJ4knugi+5mmm1PIyznXWnsWOEbYEnZV4dZIq5M^JQqBIYxrS+aWnUyE8DTsXqDUwVL/rBjbhK/1RxNT+mzHG7Q/phD3y2d8ysHlmAWfl^JDGZbZ8+Plpm7uhj/fK6b6FqYO9qJYoTSesyEsZ0Pfjb7uMrYjSbRyRg6yTuV3Qe+^Jjz+g9Nj63cFMlXVlvaBZgwu8giF/SmdkTM48IVc8BkeMJlPg0fnqcEbEgnMrYBsG^Jv8FdEUWTWvzoDFCiQRFrSnPF8GIBcwgrxN7wGqWexfQlzQsQ9XbJlACIwKMLzh2t^JQTr0zs9g8yAk9SQMahWtYJG4IPdAI0mH9dBSYzt0ATxtBe3NpAhrewtcNqTBnII5^JhUcSoygg4JGCBjxZpxle7/anr4CBduMHcAiL9JFCcWb/cg8uwFPm8p+Ddsz+e3ir^J5WZPHa8uXRupG0ZIY3kQXebizwq6aULjDSFy+ggEWHlkGHIAUYpvKXmCiQAWiKiP^JeBSIUBicoJSDOkf0xo1pvC+yKnjlYXhJob3YxuiKoYH6guAz/OSu0Yr/Y+w8fY2r^JmvpnxCwaLbjmYG/ihbaXtiic6xXYjb+OQKfrRywvDQ28UKoLj7lZ0rZfBPPjqGvv^J/qFSiqKvgDua36DPiFy6UO4D2747V7uZoXtWJQEmSEJZOC1NEbyhztzIksHVcT8Z^JKVIHWPyVa69yvmKpIGgEqE92sEvgrKpbeH3xJEekHPkDpCtojjVGJ1Vm2/OrNitV^JMWha/HsUn6obKV7MYIgSIH2BQfs01araaHR54nKL1PmwHvTnYKo7BY3IKxFsDVq/^J/QQWyib6DNqYagd8+jz8tgG3m8/RX0ZO3V8wLgpPNXgXruBIdaqimwPYu6Msstuc^Jj9tPBWiX8XVhrrtoTg7bV2L9rlOdVY10amL4qfcFFjtlbce25vXRwr+DO2En/lqR^JDUngzYLwMTCCb5fEQPPIh/3/paYE+4T1eYQE5WoIO7OLaryzHXqWR1TfWEKAm2gx^JZvlf1Gtwlnuy+Qi8s7TG2/uGg6GqlS3DnL1ryzntYO+7J41qJw3u3Kiv+AhO23eZ^JgUhR5E9InJ4kPQ+g5TyB0l/nAIS4ztOXvAgXDOa0YnkJYlHEJry/UlRGCijyrDr+^Jlumbv8YtfhzX3Px3ufUYVxhW+utGUI24AVKpUf4FjlX7ClDulSGVdE8AxHNZHK00^JpjAPL1SigMdn7Y8xym+NG7XIcHadTc0HW4U45wAZBICwE5Q60vzCbNIEqy8luyAJ^JaTMiI9W9rL0Pf7mkoSZhmfdzdQ2+CV+m0I4EapkS2kBUGOUdyVm51lmsFLGsAtnb^JRlKhBOnSB9tnLy7u2bXqju6c+BW97DLB1mApXC149/KBbsVpxxC8B/WKmDMnFwgk^JGuRP7bMBxZTamnBUFoFazFFUf/JvhG/8ZRn3bn9zcpBVmK65p/6aua5oIEF8lHQJ^Jj69dCO2JnECvpuuLmPzX0KITgnsXec0jKMbkujHsSB1q0WzO4roQCP33d7QhWbb9^J93xNd8S7vWs+jENQ/d+Sab4bIsEAZzjzRhBd6Z2Y+2e0lL4225SjTlQV0rTK4hbI^JV26RP3ooaA2cl0dMZ4n7L+kMKh83wRvHxV0oD218YzsVZZk7azUr+6L4KvzOU6Xf^JFQDP05ykX6k3Ix7Xg+aoIUvThAU0hyYxn2aEcZtQqVtJ45FYym9/8mdeBbNlmI++^JZK1fC7vylUhO9comEAUWcAeIETXwnb2O0syp6ArLVPuTPF07OdpqY9g5ooje/vGA^JCOCF3OCghSfV4HmgHaMDbxV040bMyUrFwX+33QKg6H8tZr9H3FHoKSrn6D8viKyf^Jw1iA2H8fb8HSN2hHjlUFJZEvaYTnUWWmXTzwcNsAJGwpdilBZCB+kfTpHuc0j7TS^JbzbMh7eZRLBrPH/B8PGv3s+vG02KwKrBPRN8saDMRFlp3Y+dfYlycpVLkbYTiP0D^JdadaY/6GaX4dYrGNhHS0uZwcwUjSmaOniwgmEPyjwPmAN9DdNYR/d9cd3eRYEXor^JyJYEPiSt3OLT3Qn5+L9+dKnIaJs0CqjItKgoNAvmEACxdGui2T1G+TOVSupPlHwX^JYJaiMo99b0u5WfPefYXPLAO6yBXu1lKvLSPbyyd8epZY2i5Y+/arhEp99fJPt8Ja^Jfy9Kl1XWi2nDaDFhuV+26wGK/hasMdgkl4MpFR1SaZOTIHnjOI8j7DqqdZ3yE3xz^Jzvh+NYohCU4K6WD7nkkQydb3ddMHd12fdJvI0YRw/QmsRQ5N3BLMVhPYFhHuVHan^JHeyfnIKzmS9uaDiuSkx7c7or7fyLP93uDjs1w7DoMn1/oWWV8A+k/wNcw+TCybkd^J9ZZbX/5hBy+jdc4UuRt57B2cm/HWuVaM3zZngz9k01iy8R3xik+D8Kd4bfpO3Rfx^J/u3qB973X46IX9YkRi0nfRM+PGYvC62FaUArk7h5vxEuSuG6hDF2AtIfdsWSQv31^J5hL6I9IxT5vbhRK+h15V3rdTDcN6MlF6mwN72cLPsylxfR9jpUVW2ab+gL6/v7rn^JHgZeyYV9CpIBEelHIY9TMqCY8GeGQno8K9vvwugx2ky1yGoZ8fCrLZy4umRd9wGE^JIoqdDAlWqIpvqf675V4Db5s/y7uv5p7CMNCWh/APdpWvzlWQ2XgVQtecl6sAhB6J^Jh9XbFWh4dVAC/ftbzd1nxuqDNUBDZYR6WniWIuPZIDsv+mcxrqA/8uSDAKfCT+VQ^JZIy9aMLfli23hZOlayfOTzBrl4/cDgnw3fWMVB8WZEdj2GQqeGZu3upC4QdR0c2Y^JKDdkAh2ekhJEiNA9L2DnZXtxXcgKA4x6Ok1AXY2SIRpTN4UED2CWnqqA54Cg0s66^JpIWUZZrK2t+wKumRXkszD8+s0tpgqjCCjHLagzIB2jphatxseHVe/RE+Sp+Ooo6t^JKqJn7fFIL81GA4SB/qwinU0jV2pyW9naCTO7clu1d4BTAE2Kz9q54zp37BlKmcTF^JloBrygICa/NvtyinA4nqkGJKO75Q15eDEXhzW8PUMxZkNJzqUHY8QkifKkVmYp2k^J4VSZ7VObaui3sH8mc+uh0i2vlXNHJMOrt4taJ0SyWbryPXP3wxDxzo2gbyTlqPDF^J2JBSRPIGTTf4WeeN51j7ZrQK8zYktg1urhtBYABHdeSz3aIoE2qTR9U5lvNB/bCN^JwPN5Elb/grlAyD/d4k+d8Vy9GgKNq1nqtjI2uGqf4x69CSn7HH2Bfe6MUx0L70da^Jd07M4tkaFBMbOwen7rnP2T3nqmrikYWyyS1GXjW9Ts6UPF3O4UpL0ZaUsTwv2+F5^Jzc/IFns7Udyys8+sJnRg0EaFN/VnOk943VTWidbN6ezorOF5dBAPloXhcBaRs5jB^JeDta11oVC4PmOo55lwKMAMG8kyTps+tFFLJl+uXiYTj+pTayYPEk6d/zWp/wB/3S^J40VLs00fF+OeaguQ2bElfnXK9+HP0Hyusa77YpetVmIYAoOuySVcjsa5xS6MncIU^JEQdNnDhiN/MWKikaLzcaF7KTKtkaYzrs/Wx29n/eb+53xKKU5qwPCFQuGzwbcUST^JbbnMA0ucEYthm2//t2drRFQJc5vdUjr5wyjrAH00c1OLovXW+jsdvpQjYOBwG/OI^JlWOdt+aDoxwdz4mn9QXG3+9UjDpIYPj4XehovH++hWJj0fdiySNKaacOoNwVV6ty^Jl6MkknvVhYIPG5l29n2voBSYzMoBZmOvU1D9wG7y4rwPDC9K+5cIGk1Q7U3FzvBG^J2oOBgdrBa8VXwAZkC+PIHhgmEqRHvzAIhRLfzgNTwSXeeu8gHck8CD+lBWkayV1g^JKvsGRgQ8h89RRHo6Ky0L8XoCsOsEyb+m4Zsq6YeCceNV7DFCFw+GEzVvtLSYtFtr^JF08tKhpYZOEMSqPv9SUbcL/HtVl1+FRnTUe5UxDXrwVX16RvPaqFs15nJfFLqgDm^J3WFjmi7W4aIgSQUBUlEue34hTWPRpauluaAuKStu3xNoNm9aKfo24cPJsQdCIiMD^JuRL3FqyjNfZKo82X/OKqt0EYfK3w9ys7t0ewAO59Bm4eokdARepljfbHXy4X8+/O^JF5aguc6m74jgVoEPxdffprU4T7vXwVO8k3FmZ7+JrBsPRI4hTwVqRevgIoPYBpxe^JngSfxNNFscFYjbRIPcMlauvnwkrVnD48VZnsOpNszl/FbCNfolM19WCdLHCiIUPB^JiJA+ozEbiijt92F4hv+ALQksEzrgbrr48t1/YOK3WvZJrFNhKoQKpQ3JTWMnMoke^JOHel5uQez/iUSwNLxlnFaBRptfUgugdb6i5NkWxudWYAWJSoxHwQMUuE9NpTG3ha^JiFEPCIzX1FqXkZCnGyTdWc1WQwthefC3atUR2dSR0MeGhAbVpDputwB6gJB263mX^Jh0J9Gd1G8/6g93fM7AXHC3K67phaLmLHG2NkNH6Q2HnOw7BkRuhYuWhG9/v15ih1^JuhoMnEHvgnDke4C5FxpV6A3T0XaGJjfqre/4MAHELmXfSd+RlF5FR7ZnWNjPTL9l^JlnsqEXQ+DpsHFWfo0SU5tC5PBM//ZwozP45FOVxKEjk4z59tGZwg7wgJEZfEzjTb^JQotqYrFWpa8LwueJPbsPnFTOGDtIVPzg12Gg0s5mNTXv3LgyZjJ5Ot1aQUOeoMEd^JaYK3G9a92Hq/6ugfvlqtOe7uV2NJp3K6Kav5RI7di1K+4Hl6T6ohq0BEo1JU+BHT^JyWPSVqkrNIAYA/ShG3ipO8cV6MUcnlRzBgYvn7/fWpeAbDkXDNxYxmfmTIgUwMm1^JzUgAj8KNEjGc7NRIkIhD/taYl/H0dbBbGdlhzGQMu9a1xQ2w+3wQBo2cLywAAf+A^JsbQvkP3L7+8DJ8Ai76GSuA238Coj/k2WFLvGJCG53kNxydjZT9Q9NhP0/bwUObaI^J0Hw2mXfxhBn6+qNJN+hwktzS4zrgq8nbdLtPRvBYYbubYASw1ZUWfJy6GxmiT3OA^JOuGA4C+siVqQRpTAW4AyzNEwNgjw5Apxq790EwMC8lZhdmSbAdRvI4LUgZFKU7sq^JOGKF46fAxsgVcJI7JgpRB4LX7jOrSiqHj6BptA1fHndIrQ/6XTOzsC3JTnKKIXBC^JXAp3HO9zAas7llLvSRDmVR0NfBpjNwCeIFxp4bY3eYHKxruGylwelY87G73UoTmp^J7BpfYuOtdFXi+MfWzSd4hQsoxBiLbDbXL+OSMI2aegXGtMJMGt7NL0QYqqO0d+z+^JnvezoFA7xnqZou/M3Zjo/VABy/m1HBMdTU5g6G4WD+8aw+TDfvPK+Op4Lb7MuyxE^JSmPBxPaHEQYmCKMzOwGQEI/AH0mM5UTOLpfurfQ/FaQthUuPfL1sraZBV1uxWWZ+^JunTkttIUWlX1CF7AqN6o92QF4MpjZwn6dtU/WLmDm/j64CjlRifNP3hPL7xDXR4O^JfFU3aFO1AjB0Md0d4OnbtiBHd3xVtg9o2noglEdSEoboBz8ikZa1kq5vu3kgqAVQ^Jz/w+zhw49o9GDo583jLECbxOIrfMgxnv2RND/Etoc9XOY3U6d2C55GTzN5CwvG8y^JmObnT77IkD8PHKb7B4+zO40GWfsGdc1JwJ8VuetrEZKqxpyf3TtgPQ8gWkJt7zt5^JWjoZhrHI7opFo3uFDC23dOmVBPQkXzC8IyYcRT1B/Wh7um3X+ZXdUTyq1e60sC8A^JRNRy+Nd2OQkEH5BiCmunb+kvfdx739i5dLQWrIgvDFJPmfbUhyuyqDboxTMedNpn^JbebTEbrFJFxCwOLREtTWMaXorDnEd9X0YrxkkljwYUweiZIgOZu7QALj4G0an8EZ^J+i88NMdD+KONWySuZL8UGpuWMqOG5qpt8oMAXuNZgjnGu+dPmQ7PiTIftkIldgA0^J/mzOt31RkN/+YuL9sEHXfZPCATwqRJoWfTHYKRLjyvnKK8UclTAiwkgehUD8dpJK^J/f0kzIA0AaNotwMIY2S8h+2wAsDpTUmg+47izIoAiylX2Ek0kMLY/cMQp/pZJII+^JnSqLkbbJC1iJTkzzkA4Sq9BEwYHX+AQACfR1XSi5fQ1cwFl4oIftsFhUnrW1yIkD^JkqnvkFP21puNq/Cb8uKJD+qRTpePrke3+Q5cndY0nPI9S2PABdmPOPABA380EjtN^Jva499Dxgcuozj7C42DVdthSiedF1V/MZgWTG6CCdDZijf0/dEkxpMFDrdCm9gr9/^J0BzznU1hXXrug0xIlZ81W935KgcSwzT62vp1EAT5L8vZN57Oog8VTVTmTPKnOSo4^J/1YPJnTYkvBoW1YeHBSvJaik6g9lqtqUsb+aup5QoY2SKM/WMZIpHz0OUsidZywA^JX2GgunrW8R2jgYqi7icCt6soC0a/M1AeT2g6zAaGD8TI5gRZWmrGvqKZXFK1zkP1^J+1ri6w2Bothzg8tz1eG7Uuyu/jHP0ENz4DlfTawIRot55VHPh4dNiv2akdza0LUs^J7rdoa+ZIevf2jyvC7YZP46i3V4OHhdh8u8DLJFTpK4yzSSaFNpFJ0hurpyqwAtf5^JoB70MY69lVZwhuCn7249QbGZ7vc9aCBtWP9sx2kUHQG9l/WQ5VSrrsfcJqnw9AzY^JePk/Yv0O0LFIuHL8ZjkSNVfvaC59Fi7cRqJ7PKZDbFQz3cMfyaGs9NBE73EDv7lF^JOCCh8G/Ocg3EWzBkin6mnrvOy1hu4EDD7yQqeVS0+xHQPZICr9X0SKGXXUyvn4eL^J89+8cIACBlOecMs3pnrhlLIla790gySCmCybrwXtAfN1byomJL2wsQqcLeXiLAwJ^JgGXKTjJZXgRTq8qFjrqw1JBuqYo/BMuOAO8P175zbX97Nn5uy4YE15aBG/5GsDhn^JhhVhncMJUyJNyhj//PSDPvXWbDWD5TG58PZih6mhadE3Do6eRPfVVx8OlOsfLiHg^JHa7+s1aX/bX9+Ibng4khoSjNGYIIg3dmF+EZ0MUEfxmV2OxItlPCcxvK7850S3C5^JcOuJHqzzbJdz7J1/hAFs8z0w2ndIFNdf23jWZ/BsfaHhyjel2KEnrTpSVqSiOi3Z^JYxIiHk2EH+0VAlcmtbfFSreDi+1E+Mi1O3DMUoNZJpiPwJxGjPaBdM6yRACrByy8^JY4YRH1VBJ6zZcIiKjjP08csRizu1nfKOsalhmaMpPGCvPkDvKFIp2BJxDcpMU/Cc^JyyDmV57jx7BH3txuyIw/TQIDuQ/As0+37GW1t+n0hyuaG3LjjZRPM1oqR0svvmU2^JiuXx2lkuwcKcrvKcXYiueacKdkizP3SirDTsDsTejrbGLkIoFWg11vNl/AZ7KW8F^J3s6EwVAdSaVTn6kb9TE0045O1bTuu8DHbDbGJnA7u+4am7ToX0iSo1yaOOIEzhA7^JYvVoTDFsfKSdLtHNEO/wlXoYHBuOAQw093Z+2GAyWfq5y/qT7vh5FYL2WbF6g8xc^Jta6ebB9Rqno1xC2BTwgwJ6VPzpFS3r8ArWdelq/0GCHIj/6x/2AfXQX+mvbE77gE^JMEHB2Qo+tZQCIqAnNNuaAjbBHuvLSy3c+sNYnvJoyzQ5yK8+gdtbJethaaWXk7jI^J4PU0t1LamlEWGZMKISK3zn8pfQAdh+ozYprnaQsqYjSBUsb3SAsI1CgVMSd/p4iW^JZdeA2vt35dsm3JaJNIrbk82AP12PH1DQW84zEee4+ljsUmnNnocNAyTqfkjTdRCZ^Jm5m2kTijKb+72KH5qnMRIMJHOZJ1etLLWGxGPwQ6ZcIW1qSkisv3HjjTkKGaHiyQ^JCBViKUVCZ70DAtEhdxnt4We4AqkHLF/HQKkKixTiQyYmmuHGr0NqOaNxcG05tPZ+^J4mBbI97OnVszlYi3XYIvd2gll/+KCrun3yURvzVML6RrnqPwnGeLyGoFpqvvUSji^JVi0S6tgNKEA1644bmTuWP9zszpKVNRH8mbgVMpxNN+830CbqiBZosE4TuP36D2Ug^JLq265sflRY62rzGEI/EsJ2L47t7waTIQk3sxIzR70mZlJqchH6VhnfTk6S2Xgrv9^J6cMZxvVtAeSCsXAi5J9wgdso8z07jgRvzPG5Lzx6ILVEKE2sJQdxaleHFAjY/fXG^Jdb4vLk3NELU4zh4iNgB77XshiNeeCoYp3a9TipOrHCPj5txwICaUeaE42auHkdjb^JQSBABJwLOd+bXZWuQpFqZ8j9OjXC6q1HZi13VVreLhsD2yiUjhQn00V3d8gEfPFv^J045cUboZlWsU110UV/7OLDke2Vvd/gTp9EAb62EPAR7W8kRA2gfYbxoa0LqB1zK4^J9H6Dbir4dd7WOx+CfQD/LbRVWUBgL8E5Kt3WhAFkb1Rtnzs0fVAijk/bauFIadLT^J5wKK6nfjv73wYAKbwkw6+Rmo5Ki86YjF5VgFbjtYwcUvN9xabNl7xh9rtdtyq/4b^JkhzC/jwyg5pvg7p8v/q8Mbm7wY9Xv0fZxYaLin+tcq150yNycwmxoO4oyEXLx8NK^JTrmZKIGbJ1MiFmh/AuB1kMoZbDy37kvOs0yJjl0fA2SuSlulkFzWekmuLnVfbZJF^JvhLRPdpM5OY55IY62ICkRAnCX+j9/i5jx0BSSfmB4Yhh63szrF6slKZfITssSAkp^JhdaAyfAhBTu/APBF2GgEh4BiL2fpK8a4LFZtSZWIqwHa4bmWjyjRJBuvK7GjbLeg^JDnCuPPdNOwfPeuhW2B8h7FM8rEhwtJIysP62lpNuIeD876yB2uCsYYvnIx6Sx3qX^JhX+2xkF5p5vh6sM8WnnZqbVN9lI/5ru/sghlopPt/mUMuYcR73ja9odPtYCYbZTa^JK/oCCS3lu6BFmyCsHOUgn7Dn8mGsorOdzfa/W6/Es4AgtqPS3VynrTgt/nKUULi0^Jez0yIkIOHqYkl6DrmJIOXrwwxqMgSrTe0vvrOdTifQaDF/MTgfHp1+xuEpi3Xgzz^J8gKRAPIgMJkm44YPlBRRfYTzrFYPGJxeMe4CnL6NgcN6TCE7Y0aOvpbgBw6/JZd9^JqC1sLRbKuUkkRzzN0T6LcHX95RCcL/9Lp1RKqaoQnX0wZhskLkGz3/L9rDDtLeAM^JhTYExb6VAciL9a9oeOTJDXjJ2MQGjUVAHjouLLtFJLdmrqpc+tUFB2L5IW/ZgP1u^JHcmlIa2m5lxxcFHdYRo8FVtM8avDhunvmtMaYL0LBP1HmHr8xl42ICSqASRPUw8t^JE0siS+GwIdM/F2X2NH0sz/leTvVVl2iD7suRUHVk0vHa5+lypZcCSQ9qvp7mXIfs^JmOfwRNn8VT4UHRi1gjsEwXEUyLXPxOAq7MlO714gWtZYWiXJXnDVPL88Tai1eMz3^JVrzkpFUTW5DtNiRRM4DbZMtjcv0J+tunLbrHvVRaVYKnuwZlFL+6X+Cr0BzmkOoL^Jxm+8Gf8+Iih859+rRj8/T7lPV+S87zQAUcXXTiEvJrl86DJ9Kl
-file_chunk, 752, 380370192, GsvqfXiJ4np0khHUmapJNPmJQKa0luEG6FpCzgp0Dyl47QbUHksinrhMu^Jo8584ANcgv0sVUAruYbHZKqWHF1iaF33J5moGutRzOir5TpCwsYtUJTItLPqAigi^JUZIpKxPbO1Qu7ogRR+m96RRQWPGMM0gtauwU8a4i920bBrETqumRuEBs11GgfVBH^JZAc44gk8Dg0YmuX2XnxxWHxqQkVbpHoDLGzeFh/3DkQ9xmAFWktrZHoefkUFgJ68^J1JG8ovCJUheKpSkhI7xcm/OLvfXpVZMatajQGo+4pCA28fQ7SlO0NJuQQUB1Dl9H^JYKuqg6sXuXE3n2BtmQW3LMUG4EIA7bplb0Njb2sCxh/XjApgMVQXzzAmhwuz4o4k^JiaecwnEheh8CLnv8JWMshGw1zDgidP5HbJ3siVD1QhFGmMvkX/ZM7bo7zMZfpRbE^JMdVIb5jJBGUXl1lCol3qbMnSoHNhOo7doGEFhTuVvXK8lP/bmlssoH8aGc52bjws^JYZXn2kVUhUV7d4TJzPhByjKFHg1mY4WZVwRUG2TbgOiy74z5brEhU5/he3helhy8^JqXMSQKGZlMqbHByHDEjBYpR2PqebUuuDPNpkmZ2nNG4NAVOa0gvDcrocMsCEbW8F^JXp2Bmrxj4idyuqruml/tmhYEm1JSPqnAtJCvldK/Ksu7WSMXDYZSitG+2Q4n0L6V^Ju62Pt8j5vMU0RRCbqq3ETqSUEqasL96nHQys/ppzaraC
-file_chunk, 752, 380763408, gXdxRZzzH8TAPLeCpKo4lkFco7^JVvkx0JG2M4OVAYmaExT9D1KAHw2PxHnIgNUBq1jHnyj9VEq9r4q3ImdsoysEswws^JNzUDy0dboVl7ZetTP6iOLaeghpKUezHDfHFdgQJK0M7l0GTps9dKqumA6vb8zElx^Jf7tgGXKbPgGXirMekktHzJmb0egVOxwdxRihS5KggKG4u8uNGqq/0vcIZuQCBvVZ^JDCUdJG8s0L9aqifuzQ+3y/4v0l+qQ3daY20plf/KWhbp9T3QBCiutmbMSnIQoK/H^JZ7yqa1h2w1aSgSOStv2tWtCcjjgmBI8acLZ/D6/LZAgF9ZdEfSnK9+39yw9vHg9W^J2IpsFzmtD+CyQ1eVrarHiGL0cDd9kKPE45czXjT96cjk40+SgN/08efxvRvOZpV4^JMvW3fHpSFS8UQecdE+NKyPqf9zEMd/8UBwzKD6PQHJ8HpCLIFdy+wsbwU4+yRJBC^JTdEOlDT8j+laAmErlQw8Mgf5KcPx1hBIqecPaZqfpz5r6LmCXYbZQVW8E318CJfF^J7vGlrZLQh/x6/0oOICTUqd/CaPGhXDrrS2MRGbCEG5N/n/qIQUyyBJoXbPp1AAwG^J8OlwvOcAQWh0AJoXwI4bFF3lqIsBvLwVOL20uRIqsAfmxle6nfwSKAT8FDnqyAng^JBsPh4X3wUmOKuqG9cZhc5544WG1Ec8WRKmEB8ru24k3Lw0GsFPYNLpmbrYPofVlh^JXbH69HCe18
-file_chunk, 752, 2293234960, bE5SAPMll^Jaib84k6IRyHiKCbCiaAZVHGn7mK06uxYUbD7bZSfWLRVOrJpAwF7KCprFfMglIo0^JwCSYXGRoYX87FbYLtOCxuc/rFQE3JjNQMmNbTjxQv69xmpCQ6VWs8ePj3n9hDuAC^JBLq/iJ2h6hKeLUfcpblaJ4+2hHO+Bfr1PX6juuATkCex1QMCAr0ykNuXrirTvGm9^JHFjQyOKV1Mk5srxRXf0o9CZDnw0h02cDV1Zm/MzpnmA1uRy4mNBGXmR4tXn6Jype^JCwrONyUP6jDaRQDeqLnniEKnZrPvu+33rAdFK+1TRzr//gnudo2nj6ehzw5GavxS^JOYOjpXTQKo3sXtDuO0XKtGlQMN7cdV95tkXEpyatfdjFs57BBXyih/w50WfNRlJ9^JvDcC21ht9AuYP/7/N1sSAZ8O5icTEqiLox1gm/s7CJR38nN695+0aGRrI2zdnZJD^JffR7ha8uqFsfJbJSIBrqHXsSleF8hjqlVTXyGpd/yo96KsYk1qKsIdgkMVT+cMuf^JjFwxhTW+BH8s+K00eNzpjIUzJY8fUOusUYbWNlvRHZVzs1zKUzJiWNmKSEQkAVnx^Jp+wWj5yQKPJyIwJUR2DcGzkXES8udDbfstiPqRHeAUcm3otjWQzn78jdQ/trYq03^Jh/yu+wuWsMazmSoDY5kEXCYLovRX8zBfPsT0/yx4Jk9eTdo1AY10E7mMFOufZ31O^JNSZ5clGw/3oyPNw0Dthl6RJGRMl
-file_chunk, 752, 2338716944, rKkq7+/L7WcTv1pXM2kK^JARYWqoQyfEpftTMC+UdQgVQxklO0zOYQwIOF3I50JNSycpqO6QWEVCr/yNarcSQC^JALVtH/fJKp76r/825GduosjDFDlYyohREwQqqvYlnXszy6DeIVN3Fpb+ChkwvNmw^J1XVj74VT8QQH2g1fbwQsjL4QOw/xLqgZtq/3SiDLvOsnrpvuN5oQcUdV+1g12I1N^JJCznvVYVUTBnNWV1wNFecvuBxGYRETJE1aRHFimjFAezAVSW+FcwwHhcXY/8mpNN^JJieshkOjYKeUjhla2fDXH7OY1aS0T/bqBUqkdVTjkm0C3E6NlUGUA5t31I4jqEb5^JbNwrKpLJqCjpr/uRs+e9ef1mais77rMwxMxu3zOgI0+Wl7oEt4HXPMbLw7FlXByH^JPm3D3f0Vm/rsfABU7nPH8EOfR0Ad5WY4Ul+K8HGgFL5EpWgagrAxIm8ZMba0G37O^Jyt0CBAy0FJvTMCaIuFlL1VshcatltJqKgVoClur2gn8mnsMEKMsgLNE57G/v75aa^JK2G1EuFFg8F27Ry8WPFJhdnMBno5NIlBlp4a+GNnoyYypvSiyCH6ep0mmHCkInjI^Js25AU8PJzVK5fgJgZITJcS2ID4bQCFy4mVn4MtlPAQOGbZ4f1mNHWKXEj/arz9jx^J2LnF9I9OfP2SIUNuGr6EnZ1JO1ycPFh5Pmd7Cpl1MO9APB2RpwZ7FwAuwfNzRtHv^Jsgutwr6ceMsddeT9
-file_chunk, 752, 4260756752, 4Qr21M3p5vrxpuLqal1FrU4X8z1+r05kDvqcs1RzecdzoBp/FCMU^JykfOgs1BNZU6UypSW2vwOxaQFJSTb90OAdX6hpyTSRT+k1RaGwGdWgn7OdFgdizP^J4Qo6W9abCfi+6BnzHkxxSFTQfd9AFWZ1LlPw5+NjUXfxdi/jGLtDIopnKAE8LshA^J108MLfjjWwlcqs4v1XJHGfjCaauVsrRdes8uhXfiCZgUL0KOKvwHvBy2TKLDb3ZY^JAeJxEBZlgadEjxXjyQZ4BcvU1Gwa2TaIfKsM/2mCTiCIqBo3Mw5tVHkDvEBGKUdS^JvY8E9bpKp26Y2ejYdVk8JSt58wDHzNBeO7ocmzBn3s2fQNbiwX3I+eeJjkogqKTa^JjQSAGi+bUGKWE9dZyDkMZd7NnvLhxO2gEoRlYYjVuDDeDbXvBtLHDa6puLcO1p0Q^JHIkzRmtMTV5SVPhXjQCJyps/bp5v/HzViCLRfXiL0+nDDVesaVbhko71aICGI9Pn^JsvSR7E4qvDdzOppjmWKkau8QcuhLKlzUpyEI1SNAGzrSqL2OuHqdUK5ypuL8RZmm^JXGGDmJ27yMYNjgr3aTJ13eJLH/MQvLAIBys7GKM9BZ0UJW8W4KpbDFRRJieo/62U^JWtkGoNw6dRiCdkuHkWRs40aKc1yhDaoMxY9BHpMtUuxid9Qu9MCiAs33JHLzc+so^JBeFtAtKFW1VSSe31oO9fUfgGucj9BP3QpaqFA0t30TazwxUj3
-file_chunk, 2896, 4303090112, yZg/LJ/GpmwgXe+ESFWIDa^JxR4TdIMTekg4qqCL5PpNJ6DHfkkdsjsQ9zqkWNtrc/GpqBPClN8IwD4qThUGd+tI^JTe38v0hZWuuNnOjY9eJO747wIiPqy15oBYpstGeIdESgUFr9/xg82fGjalkY2ZVQ^JJAlH0xNX+TF5QIn9BUMnxn6OCA0DkQYqybz2eq82jB7ZEnGLdDvB8WeaQIjxBuVx^JDAiCwzjC2jpO+wNYCorVym4VFti4AgGYghyLmyAicit9NqPTMsaD2BbRpb/qHg0P^JdX53dFZe0qlqsrA15n3KCuLiw5YXEFUmUQuAN0dAOqlzOTOPpNmJakHF3TqIXvw6^JV/qERQeuiNPwnBZWrZvpTjO50VatjcUizhJRwTiQjbQ7+mqgHxiEa9abpzqlTN2I^JW/uUssi0jaVeFdL3MHZYHltusyTx0F4iH+KGJ1n7YRefPAI5klNZu3XmTQsQafkF^J1DMVbqcJT+aLdlz2hWMy1R0BfV2XMrO2/XhG2nOScnRzS8Z7EmAgqZmzFfF+nqyP^J9UCd39Si6aUrss3N0oCJ/44F3T55uSHYf2LCgoaaiR5IML5tk9mHVRyTile5iF3P^JNPwMnlSeka31pzsqLRiWIAvKqk5yZJ1v290/Aff0SSIxKggtVMBq3YmJeRb6LrkJ^JjkYC41zT+lvvvMRBJCFOOXBgesIBHq7pOKBKPY/xAcN/e+AQqHLlY/OGMT6+GK9v^JGXN4TvdRLBYHZQqyk2ITYWD5iQqweeZ2UmjB3Is3lDKtnlO6qbWvvYmYPoXDrNI5^JhRX0gaiVC5LyZZ9NheeAgb5ZTqYUcvNCxM7BFV7gJMFXc8gT7A0FG3YbkV9Y4D7v^J3NduhJG8kgS814/l3Il9K3jc12uv8V25orXa4lDXTbTu8WanSYUkg4cLjqfKD5Vh^Jly0ZTpYeNx1NdO8FoSGJhqI0BC/p2NyjzmTh3mrGk6tnfHuqXAMH5tIt/EC10MmP^JE2WTu0XrNk7I9bWBRRNWx+ysP1CJUd5GbYOcQpFHBfG+9ApIf3LjxSLU00/b7Ui2^Jz/92JI8T6X4TdKxA7DY10IJg6KJBsUAUJ9Co6Fxr9+9OIo0bdj1IcD5+w/qB7xzJ^JNC3dgXc86uEDpvICZS2vIeCZTrc9vgxBxpftsdVNn1nDYlalXZeNsAmDiy3QJ/wO^JPS3Li40x0KtDWbxMzgflfzuyMZQBFSNeQ7CXFh9mJMJQkuAtHN+yAEqJJKaYV1bt^JJM2jAeKb64mN31lIzTnkJEGWcvLNS0uiZKJQrm0lqsentMitzc/+U0gSxzsfbqmW^J187RzZAsNlfWnLN7miAPsdxas2JGGrmHzjaUkL7U+YJdAToYlxjMTnZgztt9LJxA^JSprIv68hyNVF+4+fpL7QER9EOmgQOIxjlxCx75SDd5g3CWJkVbXl8uU6G+j02j+Y^JcOXNTTwX2ptbc/79Kw9iDMV9YkAZtP8BD0Any1Fqh/IMx4QcMXEx46yDV2ji7umH^J1SO686Lv9zGXYb+ApuY6PVuICTJrWLIZBE48otTKBXTJ27wGiEf28Z7bh74P06Qv^JXMTUryBMDg9JrcCGTvelIZO+DbMMMN72Mh/lXBAOLIkfh9WvgqyMIH1kfg0H3AwN^JB9b689RpbK0N+xhfV/aIqGp3a1KbXqPA/h85vUI1aLXPreBN9gyTKe5K0HXw3Edo^JqMcB6m//PN72r6epmEMgdthZs5GtNcQBx2GbOonY1sot6ZA41GR4hfl+EJPc81uY^J55uCcANhvaaIl+V7GCjV414dNq89TzNFHF1sG3ifM5ePRhFHVnsE8HgoE3hsMhqH^J87vMDghqNZi7+tGPNjZvZGVtB+RL8ltGhUSuoE9OjU9S96T14TZT8ksIo2jb6+Tq^J6Vo3Y3vKc6krHH93OKiXN0hwqPupBD6xo/23Ivnk1qu4xAZ2fnR1Ob0BKcPCrNdi^JREI++RJzxugNvbGOf2LIdoI/2yChB5i4tg3qYRRRagUpNohIxW5eJy5ugiCwOH6d^JuPmvLXUzs3J0HWdCVpmgURIP4omxgUkLYeJNp4CmeTAUr6uVrqzRCDYPOYrCT4tB^JYL6uyxhmOfwL5/YuVtsCcKjX8nGvOIHdtiMolPpeH8qdv0zp9kY+h8eTE/WGh5HF^JA4VLUCH5d8qok38Q2Xvtiji0QrKr4j+P5Vhp8YbKLwFEqs3+NvA1iEx/RQhTvPO+^JHCdnaCc0vIaAp3jR88OrMDhHyKePPMk6shiWiFM4atdQesswq11pHaUrUoATZGm+^JG4IsH5+DZVk+ztcDnA2+f1+FKDFHloA7VWMiuccer4ZHFqaB1WGpTOMTBF0xhBYo^JmhRBLM+O3SJ3+I3FwbmE4mPnh8PMalte/qm9IFtDIhVdoo5+lS4tarJTPwazW+cs^JAIxETVWHanH/QOtyEdrnufA+kcj9DLRA0IUQLySOYCGQ3ZZsHyyEDV/9IWOjpARW^JDObwlGFQk2mWcH4/CdOl0ZQajrk2hWbwDuFx+RVy84JapHNIAFgH48u+bn+hgf3V^JVX1bUYtRpwrBEEBwD9rQJ6iMmeqg2B/Ih9RxPBq3wyvbhzk/VVCaUq3c+XLz+6B/^JwaUQeYEQ32U8XkaKbWsXxrcKZvZ70oYLGU1+mHLV/Lc/vwch4nAJmtRYRrZ8hXgx^J7CRciM9baxlkZ8zAaRXcGW2Gbl8m//oHERz8/8j7YpbkY3Y0qfeIqNoQyHieLPc+^JWwUfKskpxIgL7MhKlDs1fmJe6X6o3KW11JZqldPwKL6WGK5P4OS2fULClB9MD605^JNpjTRR0NBoNpKKr6UApGAqwfZmc+7oGZHVBw41tiCKuAavQydcOtOg7Xj84i26J1^JBppraxJIvxoJ3
-file_chunk, 752, 4675468560, +DcPcn4qO^JffnlMfb0kLM2x5RyTcNksyV29GDPpFDXWpehoJ56Wt8CMltAlRzSEEPAjWTISMvB^JgYHW2wKs9VHgQ4x2pxmnLTGmMKS49QFadEaILpCb7Vbi+EnWeDwitcBjWI2GrSMq^JYvex9t0vSEt1BrebNcumhwZ4fEjJ8+aci+ZW/r6ZVd7NMrSKMYpMTp1YxTqbp4xJ^JoogVMhE9enlaPiI39lS6mcjK9PZoY2nxTAjxD+vmsFrToCFtxp0aMcJzLsbjhQ7E^JTJX+jYH9mwJiX+mjghmb1npCkjCCZkl04m2cQwYN6xtyXRniEQwpKNK5KCcbfIPb^JYXDXWKvy61KJQli/DtUjh9rhBLVGrn70CCuoCHxnYSlmq6Np3BBDt1PIGYxnhCak^J31ueqgP7CVDs+2/Hh7t4syiABQmA+Xvw3E+Zd9zPp+TjZoux7nPxFUx/rm3YFj5T^JvjlF+AruGVrzTVRmpKSY01wo1Nxv+pSpHg0GukvDnRqFHGSamlyxDrgx3orpqj3e^JD4Pg4voGdHLoVkTF+HXNjUZq8UGKz95B4Tvrpy5Ll9NwX3DD0wDG1RDJLw618W6U^JLThJEdnZcI6460SCpiqKhVXZo9vL0f2dYc+nswEjtgkFnUPQMvp2fK9XVEozQNiQ^JKAjg0dXTDJ2K4mSxc6UlXqLpYgomE9vX0dEq1i6b9IktZi9WckHR4nfV9F4Zd9bI^JgQbfa6KTmdmTrHM4+jtC5dZBDtV
-file_chunk, 752, 4675730704, QvDDMBnvKD^Jf6O7XhaaVuulyRhTZPY7oJjJJXSEq/UK6XMmMRzTuPVwjK5hL8H8MvA9T5NPDNDN^J6awIHAtx9vRxa+fNXhfoE8roipZABMXCD510gRsS/yxmYat/2XSUVuwVcVfmLcUB^JGEIYmzbGTxPB9TfPccJVsKAD35jzeyTGsQjaW4B9I1cykWedRhvEd8AeL0O+vBCJ^JxUIWFEHet3dbQvasUZ30o0hMbgOiserhgO4tQ56U66e+Vl/VZUX+DpmxtTYTiVn5^JpVZfYQaoTUpzjAi9t8Iy3YJRwlQRgZHcnzmcDYNuvo4InrEHS1xZC6WcbenTIpSW^JkCGI7fhCLMabTW0FQ5AaSTFKXP7O9+nxdqdup0XJT8Twtuz8l6Mn4PkgqOn0A+bc^JQbtonpY5uIQwVCiAcYjpKAhGV+D1B3TDI5q2+Aj6WPQ9Bfi/pqfv3fBK5ihgY9LS^JW8jZEJCJduoEdsDyatqtSK3UOtftqPWVptW5JfuajYR3CPl84Xk4K1/cQxx5nAKi^JRGpvr0SVoJsS9HRSsoMlJB42Md0SVY0nwp3MO1gcOvKCA5SBI/KXIu0HQ3YpxT39^JV/sR/QjJZvj3u0hFehggRQVo25pQhq4RdCt2edeBwYoxmcJDhnOZD+nEYax8GRUu^JfrkPGVECNPqfzEePAZSv/8nW7ZHXz2+Cted/eRd0Y6qKO4KysL+kjDy2SX8ayrmA^JGlc8VABynj/sshoQi5/nz8nq7S
-file_chunk, 1182, 5416665488, w7c/SP4xbc2p6HIRdJLpymJYcB8aLuc^JltM7qmD7UWqSwePzdNZkOYSY0/p2PiZikeQ4wn1fZW+24gY3Dr+oghOLSyl9RIc1^JgO1jwi/vDVySgarwx2QcGsqac32ow212k0FzWuHSsI5SY3e9Cxb279S79PH23+NC^Jrs3mJw0arb7RYD4ZYIrtnnrSHncN944NEmooPcHD/y10bpQFlvIDO5dPX5SC7ryP^JAHOAkFGnlbNJasU9jjuGbl5KfwAG+lm/WyBS3Qzs/jZKEm8xcba1t+4Tmy4HPfIH^JQycTiGZvabxgg34ZrUkRS/VRyNs5DYEl08BsJFJ4ErXqMxqIgqndmqmFCMWRbqm3^JW1SyJLU1BpESS7O/WtdE0h52qeMibJCuMmSLZ6Ji3ObkDuWnJyQOD6DiywAOd4MK^JRAKw6c/G6daqMCLAR8iYNbKv5vizBN0xq38jnjN78n2L+Q0cHigtBVYOb6g/tOod^JsLW0MZnv2UQ+GkD7mz0FgctEtk7LnEGwwFrOOHFTZWJ69Z670dS9KVIVNLVom+wU^JM2bjpD82xE3kLHtZ/VZ/p5UzZkhFZTMqHisrXqcE2hs3StrJj50t49UK+JeBmNSV^JH9rY7uihuKU1BQrSxgXtgW6HZ2st2VMNWsAFyXDtWAO6PrmSF6L+D811cXHCGZx2^JqmEH4/fh3Qyz4wWp+2qJgdfqlvIR9glBAvF/612vO7ig4LN3+g7LLaXy/gtujFki^J9Dnfq/yKN4IzQspkrRJEd/Zitw4HMnO40iTvk/qmfq0lvfCaJkLNlVqD19XJCPrt^J4gvtRiwNs9QfQht7lhUp/Wnt++6jJ7xrHqmqOMvd7oBX9H7VtZwAN/5tOhznLs9a^JqcBtokxx9c2lWCtgLnOHdNssIC5WcBfQqCnfCPrnq2A1QVGFoIkFin+RmvgdpC0x^JTJHK1ceRTrnNb6VBcmXnraSn5QZTIZ5F+SQ2rgqTNfofokJtEKAt8fUVrHZ81emS^Jf3sbH8UPfa9Xj0jmZmcjRRggrJ1yu0RsxUlxg5siQ2Fy5i3vAb0ZZ5ItWdIt8Jwt^JJFX0FWYGmphyo0Nwj/XP27NaqTwSOmo6xAfoyU7z/28U3k/qEbtLpn5xzVHk6Dny^JP0XGw4JttE7CmvwEi057FGGBu4pUYERfRNu7o+THlsQ=^J
+file_chunk, 270, 0, drwxr-xr-x    3 0          0                4096 Mar 27 11:55 .\x0d\x0adrwxr-xr-x    3 0          0                4096 Mar 27 11:55 ..\x0d\x0adrwxr-xr-x    2 0          0                4096 Mar 27 11:43 pub\x0d\x0a-rw-rw-r--    1 1000       1000       5416666670 Mar 27 11:52 rand.txt\x0d\x0a
+file_chunk, 14480, 0, TCf8ZQLH67eBQks8SjFaumquAt7f9eg6GNvyLgvdbRl4QShP5o47kdBupR8IxbCz\x0aZ1sR200ZDSWX1TeH7UVjxBg+eQ8YpmUbnjqePKMUBbb0uq6tDGYGauJiZnSHVNez\x0aVZmm+pCPVdIGyWe27Xgub9s8PyDBjVD3amDxvoFb8ad86eTDcrzuPZ0/iFP4CnDY\x0aHFLAvEbvgBVuKTmveyUjmis9nRgvjaeoHhBV7/XtC6fP9ayGCHqJIYs7pGHEm0hi\x0ai95bgfyFCEB2hBvwGGNQStTigpE89eURtsmxnK+I3Hxk+dyBQjQ6hTxQlwmqZuto\x0a/ZMEv8KCfrZUtTh4s3l621DN7wRiUbgltFXAIoaWwc5YACR65582L9aEX86XVNXt\x0a8IfLL0klmNgaRO49b1He7exMUA0UCUY9DFdFfqyt2hMoPJqEfm4nRH0x/xQs5x/G\x0aq5K+JPJtkyxvqI7AwMSRaN+k7ez12fZCwzpPIU8taS++y0op+kmXsPaTSJpPe8Ev\x0as1XyutkfH5OPmrt413q80e4UTlV73zGs8XMBO+VL+Jb+0IUNnmiyWzqIuYokI9RS\x0aCdLbWCdLGGb6+k76rY4oIDnUbAP7YCDdr2s3QZ9aLMNaSpuyKY19WNzNbw8cI81O\x0aIuTY6C3NzXMItjWriqAzmMl2AXztrPZZ2GFhyUy1Hwf4DufBEVeDMvhVd+WlfzVn\x0alRdy8Os5X0ULPhFDmej+1igX/AD9a2Yf26vqak8AUvLbJciJWFZp17sZYXus6zos\x0aR17iUaq63Mfl0dk6wnktVLIGt6EHBYb/oJ65ZGLMuFSDqv+NvVhuyNd/IIR4tUKO\x0aqNVH/+FHHqjbpZQvFHSTqOGA62rb1AecBRnliYKjRTsg7u4/HI+v/jwPnp89pntJ\x0akztVIkc7VVG0GhvgnKFjmV+bVddG3UpB3juIVMJwcFOFnQNzF0hm7oDdfEYXEUht\x0aW/TCpIox9O+VQknCTo4iZcZOOXGkEYRc11C+P2WPk46b2OER/l8agJPG9qS6Yf35\x0a+ljLAVFNgW12iqiqCYmfQM6z1l+6RIo/DlDSALbhYjTV9CG02WwyQiG4WpkAHnx+\x0aiaSwwrKYCklvFoUtisVGfV19rTo1HGGG2FFo5oCY4BPmbIQWidTXJtA1JkHsni5R\x0aPlG8elgJkTJJKkzdwAh5V0UL+m1y2zH+NyQHFzj9zunB0g5QEmuYMt18TvXy7D/W\x0akgJbWGvDCKY36ZKVhWTTqsgQ2xecH+vKBaCF4IofA0joodZzBv9GH6UOSkhTML57\x0a5BRbLoPr3IqbTAx7PFlixb+fIur2UeUo+RYZeDudo7HmvLBnsGFw0K9rBVNg1D8C\x0awcO4lpwxZEPsLeqKChpHpQugpkfSnC9B2/Oywoep2FAI2OL4zL9nOWb+QnE8kibe\x0amZVCAm6p2qnr1nfKMUP2YWKbTeyowi6dlS9SfQdzc5+a1Asg/+S8ZWOPDJGauS6h\x0aNrfV2HRoHwYmpqvxN3/8A7vkF+rPgx1yeGHK0mDVn4F2ke1E+r5e1F9IZzM90EkR\x0aFX1hEcNcqzPX/rerGjD6WNBDdoAvmsth8mrcsIf0iq/yvNblB9R4Vg1+bxHYOXYf\x0aE70vkvtaSmWCQ5gi19SYK01XR42Jnu+cnUtuCr3P2relXC5TjBqz3V2CO3St9tX/\x0a8sdKZWDc/kHAQ5uVZAIonoVp6Ffeu2Zz3B0NFjJj9hyJtLIJ+Qg2Bru0YeplIIQz\x0aw8WXZ3xHw7nN2pIMRMkef8pAoonGsrUySUhhSjEMZCYDXvWpTSrOwm+LRsyJ9czy\x0a4kUBxgoiCdxGi0NpljEzvrj27ElBmqa2E/bOoK39ff89GSBvXeHw6NVrrDZhEFrU\x0afnALNwjCGdxCrkPm2sw03cdsPRVO0yQppyYbT8MhWuzlq31VGps+EiwfpU+jHsw2\x0a7CuI4qC/n6yui5irPTV+GJmS900rfqCDab+PW6XJ82rGAN1lvV7+lz/x3lGcFCux\x0aUudDhQANxzHwTQGmwJeR4Fk+PGTAvQoWfgN+21hgPgIW4Yug1uKtL5IOK2rRVMTf\x0aljjxQ8FlEfZLdLZgiOOHnpioRz4n/SbcSMw15i9GHMmHE3wOmV7En11vBFPmUcYb\x0a+d2UaodnxE6psPmSfawBFI6TNT9fKaZchANali9OdFieh79e/7mox79DrzX4tuQT\x0aNLs1nj0jb+4Tm+LNqkJ5cvDkyFds0FbBd3CblDHNtdkIcSVj3TpkYz1wwYYogt7r\x0aV6wVmRQ09dhDmRSM8kVinGhVudTpBRH6+F922anxF9exYYKfYi7M/ODjuQLRCK7R\x0awSNg7BDBVXt/Q31ryukAzcE5UtCk0LSlci02B1taq2Bp1ChFDpSzaqeshwgCQvYJ\x0aVLBPFdy21eqa8IQwXZ3wU2TEiGgJIv3k6M07uSDMCJF8/IPf7KmmOy/dotWXWSCe\x0a9FqYiGMYW5KRrTZnknhS2JYhC4iIHqlGYFYd5cSm3dtx6m1Y4hmqE4+JWRDK2I/s\x0aCkDbfOvU8UwES3k4tHORdqDn/b54EdEbnG06hfcg2B5FEg7cr90Qjdh838ldIcwG\x0aI0k9UewaVjjPL1dG585WFMQa3bZChzNN25kRGMQP24BGvA8wuKDseza7rn1dmrYw\x0aCRSsA2U7gNy96DKQFQX6Ga9uT9OCW+Ukvq2sejhL5cgiqZ6xZpV3WCFlFEjHEZDU\x0a/Jcaes5cbbkWLHe9PXwlLeCArWkwsrwhM/zS2vWN9xnvPzyYAaDqSlOPNeyBYW0t\x0awEca4eu9Kg7dLNrZ8S6tEECdpor+9EAU6T8o60s20nUzmqG96yWhdl1mns+IHW8N\x0awJ9u1uYlEKoAHPVdYY6MnWToAxH5KI1OaEfJ4He929/QGkIso6gRRyWlF2shqR+W\x0ax74nIGsLeou4Ao8WGVjV0aa1qZiNw5KSB5QB5UuKlmTWG/gdk1APdsmudyg+Vc1T\x0aAXLdMwj7uvngrIZxFxqipXnWB7FPC4yzeiPu8qOoestmuqkhkD0FPCW5QFhk965F\x0axm9fqwgJPsjBTC5YTB2LOfTO5ZYdJiPYQmETOOe4a9ztL6HwQ2Y/zxc7GD4AbwQp\x0aM/AbXtIaCYgNkeG9vkJaLn6byDwdmJUZGHHNVjZca8wV6+YlboGrAYrJbX+ndyqH\x0aKquD7o1PkJTO+4H04lDmYquf/fRembQ51YGyVQaNqbLF1mbyfVd/lc+JJICTVT/o\x0au4+9yTKOhJG2Gb1DmBG+jOIuZkGv6m9CqZYfKTtDv9zwkUeNHMGcAX6n+TPc2WPI\x0asBSKIdYnzlvRCMI9BJAWoNej5yQzzfCPlXd15Og+SK0mfM8+44iDRv/051rLVhcI\x0aCxQpRjq/NdINYF+WwwDoN4VlpPXLZkw1+qYoSHdstDiHv7uhRgP+cEbZXH8mDpe1\x0akj47aUHCLiGP8u1UgRXGH8A0jFp5yPEFU3SBePIehSZZynNB8u04mRpXc1kIlubA\x0aqnhGKpscdIZnO7KB7pQA2qF+s1I45amehPIBDBzbaGkMJe2Esqphgh3Rk695uPDm\x0aQM7JjrfhBTlNXxoxC48WdbI9+xzhTavuwP4BhUNADgDel9vxs+HkT1rLR907NaN1\x0axWJdo2bsRFNdftSKf2XCthor9VHwOmyU0XI2yeVSxu9hdA1jK4M4C7fmRrQrwuoO\x0aS6fTlgbMeTey2ZHrJO/iDT+9sGfgT/oGDXYzZrbaFbiBRj5HLweXE+rAyIG77yUY\x0aZEqkeh1BA1KHSxqhXmkrYr+ambErzrQHIr6fTujmPVc5W1kIZEAhMdLDJ8U/C1dL\x0ajqjEA/VyjJr8A2gELABBiATb5ro485x/GdUHgOam0sYpHqG4wmsxnM8iVuxbwlS5\x0aC9z/MjVvBoLl83/YZjG1jfRLkaX6wzWXuSeybIDk7TilDwAdeFAbUfgEqH5xnXND\x0aPHnSaA8yOxba7kpuRDWJebGb2GPxiP6u0Wk8iXd3jnSJdE3+b69SXzgM82Wht6NH\x0aFkBEQWf8hDu0pAhxxU32yPCrLoRxCpl/K/p1cL01xtzDbj5Ncfhg5TbYYUyRw2UN\x0aSHQ46bN/ozKIQ02T+bhA7Z4BVjVw3Fens8jbZX+Z5ClnEiY5q4g+hR6estFTli3z\x0a0bQBij3OB0yseeOCcyLt9ZpepxQwgO6BNvecNuNtBwEq/xCx7ESzX3N7dVZAjWKE\x0adyjbFMIPKMfIMlfU7wvuaxiyWkbVsBcPDPcyLja3qzO85GZgh0Uln+mCModfqZc/\x0acplyVPYQBIFXAViGIFZONpAOWC29fy4j0uRsNYKKhRv6fSZzVNbVgeljKFwTCAXu\x0a8CtcxnpNOTYXuGZbgISo6oHxCy+fIK1Q14eaZepMWWYT22kWR7FlN4BOLcj50K/Z\x0aBxpcOexNb0QreketOWPWfHflY9YxB07ykX6djOH9ZOlITbZ0c2BMxfJxOaaNbidn\x0aX1Vka0i06Sk2iFw2MmxHJm5zwN6Ln4S9hCrwaPCDkmXOCoN0pr1jt9teBBA/LkDG\x0an+rp2U4CwSAtJy690+HlZ+Ni/m5QkchnSsGuYXeBE7feao+dBTJ5hyFpMKjjyOS3\x0af+vZkyNxOzgugBnQ5e0suK46y5GhpbrmNIbP8lJn04B6CFe/lidABVS50GK5LqCD\x0atdtAyr+6LD0PCJU2pJeqwePqlbQmA5XZxOW1vJVNQJ4EEJfcJj8Ha2hynAOQaiT/\x0aAXtlD22EXutFfFgFBgkFJZ35+nO4TuSIawad8xkIBnpMX87wpp4nVi3aWd4sMr0o\x0ayXWSHcd3Y+izqfXH/6BqlUeXNGQjLlj7biMCosz3iFBRhOvUK1a5r90ZcVy+8+Ty\x0a4qT52tO7+bQOngxBiwqpnvKAONsxFFHWgR7/LjYbYKtgtq+1ibACiaSzQg+IVFP3\x0a1V7aZb9fZP0YBvbhv4JxdTXxFfJ4knugi+5mmm1PIyznXWnsWOEbYEnZV4dZIq5M\x0aQqBIYxrS+aWnUyE8DTsXqDUwVL/rBjbhK/1RxNT+mzHG7Q/phD3y2d8ysHlmAWfl\x0aDGZbZ8+Plpm7uhj/fK6b6FqYO9qJYoTSesyEsZ0Pfjb7uMrYjSbRyRg6yTuV3Qe+\x0ajz+g9Nj63cFMlXVlvaBZgwu8giF/SmdkTM48IVc8BkeMJlPg0fnqcEbEgnMrYBsG\x0av8FdEUWTWvzoDFCiQRFrSnPF8GIBcwgrxN7wGqWexfQlzQsQ9XbJlACIwKMLzh2t\x0aQTr0zs9g8yAk9SQMahWtYJG4IPdAI0mH9dBSYzt0ATxtBe3NpAhrewtcNqTBnII5\x0ahUcSoygg4JGCBjxZpxle7/anr4CBduMHcAiL9JFCcWb/cg8uwFPm8p+Ddsz+e3ir\x0a5WZPHa8uXRupG0ZIY3kQXebizwq6aULjDSFy+ggEWHlkGHIAUYpvKXmCiQAWiKiP\x0aeBSIUBicoJSDOkf0xo1pvC+yKnjlYXhJob3YxuiKoYH6guAz/OSu0Yr/Y+w8fY2r\x0amvpnxCwaLbjmYG/ihbaXtiic6xXYjb+OQKfrRywvDQ28UKoLj7lZ0rZfBPPjqGvv\x0a/qFSiqKvgDua36DPiFy6UO4D2747V7uZoXtWJQEmSEJZOC1NEbyhztzIksHVcT8Z\x0aKVIHWPyVa69yvmKpIGgEqE92sEvgrKpbeH3xJEekHPkDpCtojjVGJ1Vm2/OrNitV\x0aMWha/HsUn6obKV7MYIgSIH2BQfs01araaHR54nKL1PmwHvTnYKo7BY3IKxFsDVq/\x0a/QQWyib6DNqYagd8+jz8tgG3m8/RX0ZO3V8wLgpPNXgXruBIdaqimwPYu6Msstuc\x0aj9tPBWiX8XVhrrtoTg7bV2L9rlOdVY10amL4qfcFFjtlbce25vXRwr+DO2En/lqR\x0aDUngzYLwMTCCb5fEQPPIh/3/paYE+4T1eYQE5WoIO7OLaryzHXqWR1TfWEKAm2gx\x0aZvlf1Gtwlnuy+Qi8s7TG2/uGg6GqlS3DnL1ryzntYO+7J41qJw3u3Kiv+AhO23eZ\x0agUhR5E9InJ4kPQ+g5TyB0l/nAIS4ztOXvAgXDOa0YnkJYlHEJry/UlRGCijyrDr+\x0alumbv8YtfhzX3Px3ufUYVxhW+utGUI24AVKpUf4FjlX7ClDulSGVdE8AxHNZHK00\x0apjAPL1SigMdn7Y8xym+NG7XIcHadTc0HW4U45wAZBICwE5Q60vzCbNIEqy8luyAJ\x0aaTMiI9W9rL0Pf7mkoSZhmfdzdQ2+CV+m0I4EapkS2kBUGOUdyVm51lmsFLGsAtnb\x0aRlKhBOnSB9tnLy7u2bXqju6c+BW97DLB1mApXC149/KBbsVpxxC8B/WKmDMnFwgk\x0aGuRP7bMBxZTamnBUFoFazFFUf/JvhG/8ZRn3bn9zcpBVmK65p/6aua5oIEF8lHQJ\x0aj69dCO2JnECvpuuLmPzX0KITgnsXec0jKMbkujHsSB1q0WzO4roQCP33d7QhWbb9\x0a93xNd8S7vWs+jENQ/d+Sab4bIsEAZzjzRhBd6Z2Y+2e0lL4225SjTlQV0rTK4hbI\x0aV26RP3ooaA2cl0dMZ4n7L+kMKh83wRvHxV0oD218YzsVZZk7azUr+6L4KvzOU6Xf\x0aFQDP05ykX6k3Ix7Xg+aoIUvThAU0hyYxn2aEcZtQqVtJ45FYym9/8mdeBbNlmI++\x0aZK1fC7vylUhO9comEAUWcAeIETXwnb2O0syp6ArLVPuTPF07OdpqY9g5ooje/vGA\x0aCOCF3OCghSfV4HmgHaMDbxV040bMyUrFwX+33QKg6H8tZr9H3FHoKSrn6D8viKyf\x0aw1iA2H8fb8HSN2hHjlUFJZEvaYTnUWWmXTzwcNsAJGwpdilBZCB+kfTpHuc0j7TS\x0abzbMh7eZRLBrPH/B8PGv3s+vG02KwKrBPRN8saDMRFlp3Y+dfYlycpVLkbYTiP0D\x0adadaY/6GaX4dYrGNhHS0uZwcwUjSmaOniwgmEPyjwPmAN9DdNYR/d9cd3eRYEXor\x0ayJYEPiSt3OLT3Qn5+L9+dKnIaJs0CqjItKgoNAvmEACxdGui2T1G+TOVSupPlHwX\x0aYJaiMo99b0u5WfPefYXPLAO6yBXu1lKvLSPbyyd8epZY2i5Y+/arhEp99fJPt8Ja\x0afy9Kl1XWi2nDaDFhuV+26wGK/hasMdgkl4MpFR1SaZOTIHnjOI8j7DqqdZ3yE3xz\x0azvh+NYohCU4K6WD7nkkQydb3ddMHd12fdJvI0YRw/QmsRQ5N3BLMVhPYFhHuVHan\x0aHeyfnIKzmS9uaDiuSkx7c7or7fyLP93uDjs1w7DoMn1/oWWV8A+k/wNcw+TCybkd\x0a9ZZbX/5hBy+jdc4UuRt57B2cm/HWuVaM3zZngz9k01iy8R3xik+D8Kd4bfpO3Rfx\x0a/u3qB973X46IX9YkRi0nfRM+PGYvC62FaUArk7h5vxEuSuG6hDF2AtIfdsWSQv31\x0a5hL6I9IxT5vbhRK+h15V3rdTDcN6MlF6mwN72cLPsylxfR9jpUVW2ab+gL6/v7rn\x0aHgZeyYV9CpIBEelHIY9TMqCY8GeGQno8K9vvwugx2ky1yGoZ8fCrLZy4umRd9wGE\x0aIoqdDAlWqIpvqf675V4Db5s/y7uv5p7CMNCWh/APdpWvzlWQ2XgVQtecl6sAhB6J\x0ah9XbFWh4dVAC/ftbzd1nxuqDNUBDZYR6WniWIuPZIDsv+mcxrqA/8uSDAKfCT+VQ\x0aZIy9aMLfli23hZOlayfOTzBrl4/cDgnw3fWMVB8WZEdj2GQqeGZu3upC4QdR0c2Y\x0aKDdkAh2ekhJEiNA9L2DnZXtxXcgKA4x6Ok1AXY2SIRpTN4UED2CWnqqA54Cg0s66\x0apIWUZZrK2t+wKumRXkszD8+s0tpgqjCCjHLagzIB2jphatxseHVe/RE+Sp+Ooo6t\x0aKqJn7fFIL81GA4SB/qwinU0jV2pyW9naCTO7clu1d4BTAE2Kz9q54zp37BlKmcTF\x0aloBrygICa/NvtyinA4nqkGJKO75Q15eDEXhzW8PUMxZkNJzqUHY8QkifKkVmYp2k\x0a4VSZ7VObaui3sH8mc+uh0i2vlXNHJMOrt4taJ0SyWbryPXP3wxDxzo2gbyTlqPDF\x0a2JBSRPIGTTf4WeeN51j7ZrQK8zYktg1urhtBYABHdeSz3aIoE2qTR9U5lvNB/bCN\x0awPN5Elb/grlAyD/d4k+d8Vy9GgKNq1nqtjI2uGqf4x69CSn7HH2Bfe6MUx0L70da\x0ad07M4tkaFBMbOwen7rnP2T3nqmrikYWyyS1GXjW9Ts6UPF3O4UpL0ZaUsTwv2+F5\x0azc/IFns7Udyys8+sJnRg0EaFN/VnOk943VTWidbN6ezorOF5dBAPloXhcBaRs5jB\x0aeDta11oVC4PmOo55lwKMAMG8kyTps+tFFLJl+uXiYTj+pTayYPEk6d/zWp/wB/3S\x0a40VLs00fF+OeaguQ2bElfnXK9+HP0Hyusa77YpetVmIYAoOuySVcjsa5xS6MncIU\x0aEQdNnDhiN/MWKikaLzcaF7KTKtkaYzrs/Wx29n/eb+53xKKU5qwPCFQuGzwbcUST\x0abbnMA0ucEYthm2//t2drRFQJc5vdUjr5wyjrAH00c1OLovXW+jsdvpQjYOBwG/OI\x0alWOdt+aDoxwdz4mn9QXG3+9UjDpIYPj4XehovH++hWJj0fdiySNKaacOoNwVV6ty\x0al6MkknvVhYIPG5l29n2voBSYzMoBZmOvU1D9wG7y4rwPDC9K+5cIGk1Q7U3FzvBG\x0a2oOBgdrBa8VXwAZkC+PIHhgmEqRHvzAIhRLfzgNTwSXeeu8gHck8CD+lBWkayV1g\x0aKvsGRgQ8h89RRHo6Ky0L8XoCsOsEyb+m4Zsq6YeCceNV7DFCFw+GEzVvtLSYtFtr\x0aF08tKhpYZOEMSqPv9SUbcL/HtVl1+FRnTUe5UxDXrwVX16RvPaqFs15nJfFLqgDm\x0a3WFjmi7W4aIgSQUBUlEue34hTWPRpauluaAuKStu3xNoNm9aKfo24cPJsQdCIiMD\x0auRL3FqyjNfZKo82X/OKqt0EYfK3w9ys7t0ewAO59Bm4eokdARepljfbHXy4X8+/O\x0aF5aguc6m74jgVoEPxdffprU4T7vXwVO8k3FmZ7+JrBsPRI4hTwVqRevgIoPYBpxe\x0angSfxNNFscFYjbRIPcMlauvnwkrVnD48VZnsOpNszl/FbCNfolM19WCdLHCiIUPB\x0aiJA+ozEbiijt92F4hv+ALQksEzrgbrr48t1/YOK3WvZJrFNhKoQKpQ3JTWMnMoke\x0aOHel5uQez/iUSwNLxlnFaBRptfUgugdb6i5NkWxudWYAWJSoxHwQMUuE9NpTG3ha\x0aiFEPCIzX1FqXkZCnGyTdWc1WQwthefC3atUR2dSR0MeGhAbVpDputwB6gJB263mX\x0ah0J9Gd1G8/6g93fM7AXHC3K67phaLmLHG2NkNH6Q2HnOw7BkRuhYuWhG9/v15ih1\x0auhoMnEHvgnDke4C5FxpV6A3T0XaGJjfqre/4MAHELmXfSd+RlF5FR7ZnWNjPTL9l\x0alnsqEXQ+DpsHFWfo0SU5tC5PBM//ZwozP45FOVxKEjk4z59tGZwg7wgJEZfEzjTb\x0aQotqYrFWpa8LwueJPbsPnFTOGDtIVPzg12Gg0s5mNTXv3LgyZjJ5Ot1aQUOeoMEd\x0aaYK3G9a92Hq/6ugfvlqtOe7uV2NJp3K6Kav5RI7di1K+4Hl6T6ohq0BEo1JU+BHT\x0ayWPSVqkrNIAYA/ShG3ipO8cV6MUcnlRzBgYvn7/fWpeAbDkXDNxYxmfmTIgUwMm1\x0azUgAj8KNEjGc7NRIkIhD/taYl/H0dbBbGdlhzGQMu9a1xQ2w+3wQBo2cLywAAf+A\x0asbQvkP3L7+8DJ8Ai76GSuA238Coj/k2WFLvGJCG53kNxydjZT9Q9NhP0/bwUObaI\x0a0Hw2mXfxhBn6+qNJN+hwktzS4zrgq8nbdLtPRvBYYbubYASw1ZUWfJy6GxmiT3OA\x0aOuGA4C+siVqQRpTAW4AyzNEwNgjw5Apxq790EwMC8lZhdmSbAdRvI4LUgZFKU7sq\x0aOGKF46fAxsgVcJI7JgpRB4LX7jOrSiqHj6BptA1fHndIrQ/6XTOzsC3JTnKKIXBC\x0aXAp3HO9zAas7llLvSRDmVR0NfBpjNwCeIFxp4bY3eYHKxruGylwelY87G73UoTmp\x0a7BpfYuOtdFXi+MfWzSd4hQsoxBiLbDbXL+OSMI2aegXGtMJMGt7NL0QYqqO0d+z+\x0anvezoFA7xnqZou/M3Zjo/VABy/m1HBMdTU5g6G4WD+8aw+TDfvPK+Op4Lb7MuyxE\x0aSmPBxPaHEQYmCKMzOwGQEI/AH0mM5UTOLpfurfQ/FaQthUuPfL1sraZBV1uxWWZ+\x0aunTkttIUWlX1CF7AqN6o92QF4MpjZwn6dtU/WLmDm/j64CjlRifNP3hPL7xDXR4O\x0afFU3aFO1AjB0Md0d4OnbtiBHd3xVtg9o2noglEdSEoboBz8ikZa1kq5vu3kgqAVQ\x0az/w+zhw49o9GDo583jLECbxOIrfMgxnv2RND/Etoc9XOY3U6d2C55GTzN5CwvG8y\x0amObnT77IkD8PHKb7B4+zO40GWfsGdc1JwJ8VuetrEZKqxpyf3TtgPQ8gWkJt7zt5\x0aWjoZhrHI7opFo3uFDC23dOmVBPQkXzC8IyYcRT1B/Wh7um3X+ZXdUTyq1e60sC8A\x0aRNRy+Nd2OQkEH5BiCmunb+kvfdx739i5dLQWrIgvDFJPmfbUhyuyqDboxTMedNpn\x0abebTEbrFJFxCwOLREtTWMaXorDnEd9X0YrxkkljwYUweiZIgOZu7QALj4G0an8EZ\x0a+i88NMdD+KONWySuZL8UGpuWMqOG5qpt8oMAXuNZgjnGu+dPmQ7PiTIftkIldgA0\x0a/mzOt31RkN/+YuL9sEHXfZPCATwqRJoWfTHYKRLjyvnKK8UclTAiwkgehUD8dpJK\x0a/f0kzIA0AaNotwMIY2S8h+2wAsDpTUmg+47izIoAiylX2Ek0kMLY/cMQp/pZJII+\x0anSqLkbbJC1iJTkzzkA4Sq9BEwYHX+AQACfR1XSi5fQ1cwFl4oIftsFhUnrW1yIkD\x0akqnvkFP21puNq/Cb8uKJD+qRTpePrke3+Q5cndY0nPI9S2PABdmPOPABA380EjtN\x0ava499Dxgcuozj7C42DVdthSiedF1V/MZgWTG6CCdDZijf0/dEkxpMFDrdCm9gr9/\x0a0BzznU1hXXrug0xIlZ81W935KgcSwzT62vp1EAT5L8vZN57Oog8VTVTmTPKnOSo4\x0a/1YPJnTYkvBoW1YeHBSvJaik6g9lqtqUsb+aup5QoY2SKM/WMZIpHz0OUsidZywA\x0aX2GgunrW8R2jgYqi7icCt6soC0a/M1AeT2g6zAaGD8TI5gRZWmrGvqKZXFK1zkP1\x0a+1ri6w2Bothzg8tz1eG7Uuyu/jHP0ENz4DlfTawIRot55VHPh4dNiv2akdza0LUs\x0a7rdoa+ZIevf2jyvC7YZP46i3V4OHhdh8u8DLJFTpK4yzSSaFNpFJ0hurpyqwAtf5\x0aoB70MY69lVZwhuCn7249QbGZ7vc9aCBtWP9sx2kUHQG9l/WQ5VSrrsfcJqnw9AzY\x0aePk/Yv0O0LFIuHL8ZjkSNVfvaC59Fi7cRqJ7PKZDbFQz3cMfyaGs9NBE73EDv7lF\x0aOCCh8G/Ocg3EWzBkin6mnrvOy1hu4EDD7yQqeVS0+xHQPZICr9X0SKGXXUyvn4eL\x0a89+8cIACBlOecMs3pnrhlLIla790gySCmCybrwXtAfN1byomJL2wsQqcLeXiLAwJ\x0agGXKTjJZXgRTq8qFjrqw1JBuqYo/BMuOAO8P175zbX97Nn5uy4YE15aBG/5GsDhn\x0ahhVhncMJUyJNyhj//PSDPvXWbDWD5TG58PZih6mhadE3Do6eRPfVVx8OlOsfLiHg\x0aHa7+s1aX/bX9+Ibng4khoSjNGYIIg3dmF+EZ0MUEfxmV2OxItlPCcxvK7850S3C5\x0acOuJHqzzbJdz7J1/hAFs8z0w2ndIFNdf23jWZ/BsfaHhyjel2KEnrTpSVqSiOi3Z\x0aYxIiHk2EH+0VAlcmtbfFSreDi+1E+Mi1O3DMUoNZJpiPwJxGjPaBdM6yRACrByy8\x0aY4YRH1VBJ6zZcIiKjjP08csRizu1nfKOsalhmaMpPGCvPkDvKFIp2BJxDcpMU/Cc\x0ayyDmV57jx7BH3txuyIw/TQIDuQ/As0+37GW1t+n0hyuaG3LjjZRPM1oqR0svvmU2\x0aiuXx2lkuwcKcrvKcXYiueacKdkizP3SirDTsDsTejrbGLkIoFWg11vNl/AZ7KW8F\x0a3s6EwVAdSaVTn6kb9TE0045O1bTuu8DHbDbGJnA7u+4am7ToX0iSo1yaOOIEzhA7\x0aYvVoTDFsfKSdLtHNEO/wlXoYHBuOAQw093Z+2GAyWfq5y/qT7vh5FYL2WbF6g8xc\x0ata6ebB9Rqno1xC2BTwgwJ6VPzpFS3r8ArWdelq/0GCHIj/6x/2AfXQX+mvbE77gE\x0aMEHB2Qo+tZQCIqAnNNuaAjbBHuvLSy3c+sNYnvJoyzQ5yK8+gdtbJethaaWXk7jI\x0a4PU0t1LamlEWGZMKISK3zn8pfQAdh+ozYprnaQsqYjSBUsb3SAsI1CgVMSd/p4iW\x0aZdeA2vt35dsm3JaJNIrbk82AP12PH1DQW84zEee4+ljsUmnNnocNAyTqfkjTdRCZ\x0am5m2kTijKb+72KH5qnMRIMJHOZJ1etLLWGxGPwQ6ZcIW1qSkisv3HjjTkKGaHiyQ\x0aCBViKUVCZ70DAtEhdxnt4We4AqkHLF/HQKkKixTiQyYmmuHGr0NqOaNxcG05tPZ+\x0a4mBbI97OnVszlYi3XYIvd2gll/+KCrun3yURvzVML6RrnqPwnGeLyGoFpqvvUSji\x0aVi0S6tgNKEA1644bmTuWP9zszpKVNRH8mbgVMpxNN+830CbqiBZosE4TuP36D2Ug\x0aLq265sflRY62rzGEI/EsJ2L47t7waTIQk3sxIzR70mZlJqchH6VhnfTk6S2Xgrv9\x0a6cMZxvVtAeSCsXAi5J9wgdso8z07jgRvzPG5Lzx6ILVEKE2sJQdxaleHFAjY/fXG\x0adb4vLk3NELU4zh4iNgB77XshiNeeCoYp3a9TipOrHCPj5txwICaUeaE42auHkdjb\x0aQSBABJwLOd+bXZWuQpFqZ8j9OjXC6q1HZi13VVreLhsD2yiUjhQn00V3d8gEfPFv\x0a045cUboZlWsU110UV/7OLDke2Vvd/gTp9EAb62EPAR7W8kRA2gfYbxoa0LqB1zK4\x0a9H6Dbir4dd7WOx+CfQD/LbRVWUBgL8E5Kt3WhAFkb1Rtnzs0fVAijk/bauFIadLT\x0a5wKK6nfjv73wYAKbwkw6+Rmo5Ki86YjF5VgFbjtYwcUvN9xabNl7xh9rtdtyq/4b\x0akhzC/jwyg5pvg7p8v/q8Mbm7wY9Xv0fZxYaLin+tcq150yNycwmxoO4oyEXLx8NK\x0aTrmZKIGbJ1MiFmh/AuB1kMoZbDy37kvOs0yJjl0fA2SuSlulkFzWekmuLnVfbZJF\x0avhLRPdpM5OY55IY62ICkRAnCX+j9/i5jx0BSSfmB4Yhh63szrF6slKZfITssSAkp\x0ahdaAyfAhBTu/APBF2GgEh4BiL2fpK8a4LFZtSZWIqwHa4bmWjyjRJBuvK7GjbLeg\x0aDnCuPPdNOwfPeuhW2B8h7FM8rEhwtJIysP62lpNuIeD876yB2uCsYYvnIx6Sx3qX\x0ahX+2xkF5p5vh6sM8WnnZqbVN9lI/5ru/sghlopPt/mUMuYcR73ja9odPtYCYbZTa\x0aK/oCCS3lu6BFmyCsHOUgn7Dn8mGsorOdzfa/W6/Es4AgtqPS3VynrTgt/nKUULi0\x0aez0yIkIOHqYkl6DrmJIOXrwwxqMgSrTe0vvrOdTifQaDF/MTgfHp1+xuEpi3Xgzz\x0a8gKRAPIgMJkm44YPlBRRfYTzrFYPGJxeMe4CnL6NgcN6TCE7Y0aOvpbgBw6/JZd9\x0aqC1sLRbKuUkkRzzN0T6LcHX95RCcL/9Lp1RKqaoQnX0wZhskLkGz3/L9rDDtLeAM\x0ahTYExb6VAciL9a9oeOTJDXjJ2MQGjUVAHjouLLtFJLdmrqpc+tUFB2L5IW/ZgP1u\x0aHcmlIa2m5lxxcFHdYRo8FVtM8avDhunvmtMaYL0LBP1HmHr8xl42ICSqASRPUw8t\x0aE0siS+GwIdM/F2X2NH0sz/leTvVVl2iD7suRUHVk0vHa5+lypZcCSQ9qvp7mXIfs\x0amOfwRNn8VT4UHRi1gjsEwXEUyLXPxOAq7MlO714gWtZYWiXJXnDVPL88Tai1eMz3\x0aVrzkpFUTW5DtNiRRM4DbZMtjcv0J+tunLbrHvVRaVYKnuwZlFL+6X+Cr0BzmkOoL\x0axm+8Gf8+Iih859+rRj8/T7lPV+S87zQAUcXXTiEvJrl86DJ9Kl
+file_chunk, 752, 380370192, GsvqfXiJ4np0khHUmapJNPmJQKa0luEG6FpCzgp0Dyl47QbUHksinrhMu\x0ao8584ANcgv0sVUAruYbHZKqWHF1iaF33J5moGutRzOir5TpCwsYtUJTItLPqAigi\x0aUZIpKxPbO1Qu7ogRR+m96RRQWPGMM0gtauwU8a4i920bBrETqumRuEBs11GgfVBH\x0aZAc44gk8Dg0YmuX2XnxxWHxqQkVbpHoDLGzeFh/3DkQ9xmAFWktrZHoefkUFgJ68\x0a1JG8ovCJUheKpSkhI7xcm/OLvfXpVZMatajQGo+4pCA28fQ7SlO0NJuQQUB1Dl9H\x0aYKuqg6sXuXE3n2BtmQW3LMUG4EIA7bplb0Njb2sCxh/XjApgMVQXzzAmhwuz4o4k\x0aiaecwnEheh8CLnv8JWMshGw1zDgidP5HbJ3siVD1QhFGmMvkX/ZM7bo7zMZfpRbE\x0aMdVIb5jJBGUXl1lCol3qbMnSoHNhOo7doGEFhTuVvXK8lP/bmlssoH8aGc52bjws\x0aYZXn2kVUhUV7d4TJzPhByjKFHg1mY4WZVwRUG2TbgOiy74z5brEhU5/he3helhy8\x0aqXMSQKGZlMqbHByHDEjBYpR2PqebUuuDPNpkmZ2nNG4NAVOa0gvDcrocMsCEbW8F\x0aXp2Bmrxj4idyuqruml/tmhYEm1JSPqnAtJCvldK/Ksu7WSMXDYZSitG+2Q4n0L6V\x0au62Pt8j5vMU0RRCbqq3ETqSUEqasL96nHQys/ppzaraC
+file_chunk, 752, 380763408, gXdxRZzzH8TAPLeCpKo4lkFco7\x0aVvkx0JG2M4OVAYmaExT9D1KAHw2PxHnIgNUBq1jHnyj9VEq9r4q3ImdsoysEswws\x0aNzUDy0dboVl7ZetTP6iOLaeghpKUezHDfHFdgQJK0M7l0GTps9dKqumA6vb8zElx\x0af7tgGXKbPgGXirMekktHzJmb0egVOxwdxRihS5KggKG4u8uNGqq/0vcIZuQCBvVZ\x0aDCUdJG8s0L9aqifuzQ+3y/4v0l+qQ3daY20plf/KWhbp9T3QBCiutmbMSnIQoK/H\x0aZ7yqa1h2w1aSgSOStv2tWtCcjjgmBI8acLZ/D6/LZAgF9ZdEfSnK9+39yw9vHg9W\x0a2IpsFzmtD+CyQ1eVrarHiGL0cDd9kKPE45czXjT96cjk40+SgN/08efxvRvOZpV4\x0aMvW3fHpSFS8UQecdE+NKyPqf9zEMd/8UBwzKD6PQHJ8HpCLIFdy+wsbwU4+yRJBC\x0aTdEOlDT8j+laAmErlQw8Mgf5KcPx1hBIqecPaZqfpz5r6LmCXYbZQVW8E318CJfF\x0a7vGlrZLQh/x6/0oOICTUqd/CaPGhXDrrS2MRGbCEG5N/n/qIQUyyBJoXbPp1AAwG\x0a8OlwvOcAQWh0AJoXwI4bFF3lqIsBvLwVOL20uRIqsAfmxle6nfwSKAT8FDnqyAng\x0aBsPh4X3wUmOKuqG9cZhc5544WG1Ec8WRKmEB8ru24k3Lw0GsFPYNLpmbrYPofVlh\x0aXbH69HCe18
+file_chunk, 752, 2293234960, bE5SAPMll\x0aaib84k6IRyHiKCbCiaAZVHGn7mK06uxYUbD7bZSfWLRVOrJpAwF7KCprFfMglIo0\x0awCSYXGRoYX87FbYLtOCxuc/rFQE3JjNQMmNbTjxQv69xmpCQ6VWs8ePj3n9hDuAC\x0aBLq/iJ2h6hKeLUfcpblaJ4+2hHO+Bfr1PX6juuATkCex1QMCAr0ykNuXrirTvGm9\x0aHFjQyOKV1Mk5srxRXf0o9CZDnw0h02cDV1Zm/MzpnmA1uRy4mNBGXmR4tXn6Jype\x0aCwrONyUP6jDaRQDeqLnniEKnZrPvu+33rAdFK+1TRzr//gnudo2nj6ehzw5GavxS\x0aOYOjpXTQKo3sXtDuO0XKtGlQMN7cdV95tkXEpyatfdjFs57BBXyih/w50WfNRlJ9\x0avDcC21ht9AuYP/7/N1sSAZ8O5icTEqiLox1gm/s7CJR38nN695+0aGRrI2zdnZJD\x0affR7ha8uqFsfJbJSIBrqHXsSleF8hjqlVTXyGpd/yo96KsYk1qKsIdgkMVT+cMuf\x0ajFwxhTW+BH8s+K00eNzpjIUzJY8fUOusUYbWNlvRHZVzs1zKUzJiWNmKSEQkAVnx\x0ap+wWj5yQKPJyIwJUR2DcGzkXES8udDbfstiPqRHeAUcm3otjWQzn78jdQ/trYq03\x0ah/yu+wuWsMazmSoDY5kEXCYLovRX8zBfPsT0/yx4Jk9eTdo1AY10E7mMFOufZ31O\x0aNSZ5clGw/3oyPNw0Dthl6RJGRMl
+file_chunk, 752, 2338716944, rKkq7+/L7WcTv1pXM2kK\x0aARYWqoQyfEpftTMC+UdQgVQxklO0zOYQwIOF3I50JNSycpqO6QWEVCr/yNarcSQC\x0aALVtH/fJKp76r/825GduosjDFDlYyohREwQqqvYlnXszy6DeIVN3Fpb+ChkwvNmw\x0a1XVj74VT8QQH2g1fbwQsjL4QOw/xLqgZtq/3SiDLvOsnrpvuN5oQcUdV+1g12I1N\x0aJCznvVYVUTBnNWV1wNFecvuBxGYRETJE1aRHFimjFAezAVSW+FcwwHhcXY/8mpNN\x0aJieshkOjYKeUjhla2fDXH7OY1aS0T/bqBUqkdVTjkm0C3E6NlUGUA5t31I4jqEb5\x0abNwrKpLJqCjpr/uRs+e9ef1mais77rMwxMxu3zOgI0+Wl7oEt4HXPMbLw7FlXByH\x0aPm3D3f0Vm/rsfABU7nPH8EOfR0Ad5WY4Ul+K8HGgFL5EpWgagrAxIm8ZMba0G37O\x0ayt0CBAy0FJvTMCaIuFlL1VshcatltJqKgVoClur2gn8mnsMEKMsgLNE57G/v75aa\x0aK2G1EuFFg8F27Ry8WPFJhdnMBno5NIlBlp4a+GNnoyYypvSiyCH6ep0mmHCkInjI\x0as25AU8PJzVK5fgJgZITJcS2ID4bQCFy4mVn4MtlPAQOGbZ4f1mNHWKXEj/arz9jx\x0a2LnF9I9OfP2SIUNuGr6EnZ1JO1ycPFh5Pmd7Cpl1MO9APB2RpwZ7FwAuwfNzRtHv\x0asgutwr6ceMsddeT9
+file_chunk, 752, 4260756752, 4Qr21M3p5vrxpuLqal1FrU4X8z1+r05kDvqcs1RzecdzoBp/FCMU\x0aykfOgs1BNZU6UypSW2vwOxaQFJSTb90OAdX6hpyTSRT+k1RaGwGdWgn7OdFgdizP\x0a4Qo6W9abCfi+6BnzHkxxSFTQfd9AFWZ1LlPw5+NjUXfxdi/jGLtDIopnKAE8LshA\x0a108MLfjjWwlcqs4v1XJHGfjCaauVsrRdes8uhXfiCZgUL0KOKvwHvBy2TKLDb3ZY\x0aAeJxEBZlgadEjxXjyQZ4BcvU1Gwa2TaIfKsM/2mCTiCIqBo3Mw5tVHkDvEBGKUdS\x0avY8E9bpKp26Y2ejYdVk8JSt58wDHzNBeO7ocmzBn3s2fQNbiwX3I+eeJjkogqKTa\x0ajQSAGi+bUGKWE9dZyDkMZd7NnvLhxO2gEoRlYYjVuDDeDbXvBtLHDa6puLcO1p0Q\x0aHIkzRmtMTV5SVPhXjQCJyps/bp5v/HzViCLRfXiL0+nDDVesaVbhko71aICGI9Pn\x0asvSR7E4qvDdzOppjmWKkau8QcuhLKlzUpyEI1SNAGzrSqL2OuHqdUK5ypuL8RZmm\x0aXGGDmJ27yMYNjgr3aTJ13eJLH/MQvLAIBys7GKM9BZ0UJW8W4KpbDFRRJieo/62U\x0aWtkGoNw6dRiCdkuHkWRs40aKc1yhDaoMxY9BHpMtUuxid9Qu9MCiAs33JHLzc+so\x0aBeFtAtKFW1VSSe31oO9fUfgGucj9BP3QpaqFA0t30TazwxUj3
+file_chunk, 2896, 4303090112, yZg/LJ/GpmwgXe+ESFWIDa\x0axR4TdIMTekg4qqCL5PpNJ6DHfkkdsjsQ9zqkWNtrc/GpqBPClN8IwD4qThUGd+tI\x0aTe38v0hZWuuNnOjY9eJO747wIiPqy15oBYpstGeIdESgUFr9/xg82fGjalkY2ZVQ\x0aJAlH0xNX+TF5QIn9BUMnxn6OCA0DkQYqybz2eq82jB7ZEnGLdDvB8WeaQIjxBuVx\x0aDAiCwzjC2jpO+wNYCorVym4VFti4AgGYghyLmyAicit9NqPTMsaD2BbRpb/qHg0P\x0adX53dFZe0qlqsrA15n3KCuLiw5YXEFUmUQuAN0dAOqlzOTOPpNmJakHF3TqIXvw6\x0aV/qERQeuiNPwnBZWrZvpTjO50VatjcUizhJRwTiQjbQ7+mqgHxiEa9abpzqlTN2I\x0aW/uUssi0jaVeFdL3MHZYHltusyTx0F4iH+KGJ1n7YRefPAI5klNZu3XmTQsQafkF\x0a1DMVbqcJT+aLdlz2hWMy1R0BfV2XMrO2/XhG2nOScnRzS8Z7EmAgqZmzFfF+nqyP\x0a9UCd39Si6aUrss3N0oCJ/44F3T55uSHYf2LCgoaaiR5IML5tk9mHVRyTile5iF3P\x0aNPwMnlSeka31pzsqLRiWIAvKqk5yZJ1v290/Aff0SSIxKggtVMBq3YmJeRb6LrkJ\x0ajkYC41zT+lvvvMRBJCFOOXBgesIBHq7pOKBKPY/xAcN/e+AQqHLlY/OGMT6+GK9v\x0aGXN4TvdRLBYHZQqyk2ITYWD5iQqweeZ2UmjB3Is3lDKtnlO6qbWvvYmYPoXDrNI5\x0ahRX0gaiVC5LyZZ9NheeAgb5ZTqYUcvNCxM7BFV7gJMFXc8gT7A0FG3YbkV9Y4D7v\x0a3NduhJG8kgS814/l3Il9K3jc12uv8V25orXa4lDXTbTu8WanSYUkg4cLjqfKD5Vh\x0aly0ZTpYeNx1NdO8FoSGJhqI0BC/p2NyjzmTh3mrGk6tnfHuqXAMH5tIt/EC10MmP\x0aE2WTu0XrNk7I9bWBRRNWx+ysP1CJUd5GbYOcQpFHBfG+9ApIf3LjxSLU00/b7Ui2\x0az/92JI8T6X4TdKxA7DY10IJg6KJBsUAUJ9Co6Fxr9+9OIo0bdj1IcD5+w/qB7xzJ\x0aNC3dgXc86uEDpvICZS2vIeCZTrc9vgxBxpftsdVNn1nDYlalXZeNsAmDiy3QJ/wO\x0aPS3Li40x0KtDWbxMzgflfzuyMZQBFSNeQ7CXFh9mJMJQkuAtHN+yAEqJJKaYV1bt\x0aJM2jAeKb64mN31lIzTnkJEGWcvLNS0uiZKJQrm0lqsentMitzc/+U0gSxzsfbqmW\x0a187RzZAsNlfWnLN7miAPsdxas2JGGrmHzjaUkL7U+YJdAToYlxjMTnZgztt9LJxA\x0aSprIv68hyNVF+4+fpL7QER9EOmgQOIxjlxCx75SDd5g3CWJkVbXl8uU6G+j02j+Y\x0acOXNTTwX2ptbc/79Kw9iDMV9YkAZtP8BD0Any1Fqh/IMx4QcMXEx46yDV2ji7umH\x0a1SO686Lv9zGXYb+ApuY6PVuICTJrWLIZBE48otTKBXTJ27wGiEf28Z7bh74P06Qv\x0aXMTUryBMDg9JrcCGTvelIZO+DbMMMN72Mh/lXBAOLIkfh9WvgqyMIH1kfg0H3AwN\x0aB9b689RpbK0N+xhfV/aIqGp3a1KbXqPA/h85vUI1aLXPreBN9gyTKe5K0HXw3Edo\x0aqMcB6m//PN72r6epmEMgdthZs5GtNcQBx2GbOonY1sot6ZA41GR4hfl+EJPc81uY\x0a55uCcANhvaaIl+V7GCjV414dNq89TzNFHF1sG3ifM5ePRhFHVnsE8HgoE3hsMhqH\x0a87vMDghqNZi7+tGPNjZvZGVtB+RL8ltGhUSuoE9OjU9S96T14TZT8ksIo2jb6+Tq\x0a6Vo3Y3vKc6krHH93OKiXN0hwqPupBD6xo/23Ivnk1qu4xAZ2fnR1Ob0BKcPCrNdi\x0aREI++RJzxugNvbGOf2LIdoI/2yChB5i4tg3qYRRRagUpNohIxW5eJy5ugiCwOH6d\x0auPmvLXUzs3J0HWdCVpmgURIP4omxgUkLYeJNp4CmeTAUr6uVrqzRCDYPOYrCT4tB\x0aYL6uyxhmOfwL5/YuVtsCcKjX8nGvOIHdtiMolPpeH8qdv0zp9kY+h8eTE/WGh5HF\x0aA4VLUCH5d8qok38Q2Xvtiji0QrKr4j+P5Vhp8YbKLwFEqs3+NvA1iEx/RQhTvPO+\x0aHCdnaCc0vIaAp3jR88OrMDhHyKePPMk6shiWiFM4atdQesswq11pHaUrUoATZGm+\x0aG4IsH5+DZVk+ztcDnA2+f1+FKDFHloA7VWMiuccer4ZHFqaB1WGpTOMTBF0xhBYo\x0amhRBLM+O3SJ3+I3FwbmE4mPnh8PMalte/qm9IFtDIhVdoo5+lS4tarJTPwazW+cs\x0aAIxETVWHanH/QOtyEdrnufA+kcj9DLRA0IUQLySOYCGQ3ZZsHyyEDV/9IWOjpARW\x0aDObwlGFQk2mWcH4/CdOl0ZQajrk2hWbwDuFx+RVy84JapHNIAFgH48u+bn+hgf3V\x0aVX1bUYtRpwrBEEBwD9rQJ6iMmeqg2B/Ih9RxPBq3wyvbhzk/VVCaUq3c+XLz+6B/\x0awaUQeYEQ32U8XkaKbWsXxrcKZvZ70oYLGU1+mHLV/Lc/vwch4nAJmtRYRrZ8hXgx\x0a7CRciM9baxlkZ8zAaRXcGW2Gbl8m//oHERz8/8j7YpbkY3Y0qfeIqNoQyHieLPc+\x0aWwUfKskpxIgL7MhKlDs1fmJe6X6o3KW11JZqldPwKL6WGK5P4OS2fULClB9MD605\x0aNpjTRR0NBoNpKKr6UApGAqwfZmc+7oGZHVBw41tiCKuAavQydcOtOg7Xj84i26J1\x0aBppraxJIvxoJ3
+file_chunk, 752, 4675468560, +DcPcn4qO\x0affnlMfb0kLM2x5RyTcNksyV29GDPpFDXWpehoJ56Wt8CMltAlRzSEEPAjWTISMvB\x0agYHW2wKs9VHgQ4x2pxmnLTGmMKS49QFadEaILpCb7Vbi+EnWeDwitcBjWI2GrSMq\x0aYvex9t0vSEt1BrebNcumhwZ4fEjJ8+aci+ZW/r6ZVd7NMrSKMYpMTp1YxTqbp4xJ\x0aoogVMhE9enlaPiI39lS6mcjK9PZoY2nxTAjxD+vmsFrToCFtxp0aMcJzLsbjhQ7E\x0aTJX+jYH9mwJiX+mjghmb1npCkjCCZkl04m2cQwYN6xtyXRniEQwpKNK5KCcbfIPb\x0aYXDXWKvy61KJQli/DtUjh9rhBLVGrn70CCuoCHxnYSlmq6Np3BBDt1PIGYxnhCak\x0a31ueqgP7CVDs+2/Hh7t4syiABQmA+Xvw3E+Zd9zPp+TjZoux7nPxFUx/rm3YFj5T\x0avjlF+AruGVrzTVRmpKSY01wo1Nxv+pSpHg0GukvDnRqFHGSamlyxDrgx3orpqj3e\x0aD4Pg4voGdHLoVkTF+HXNjUZq8UGKz95B4Tvrpy5Ll9NwX3DD0wDG1RDJLw618W6U\x0aLThJEdnZcI6460SCpiqKhVXZo9vL0f2dYc+nswEjtgkFnUPQMvp2fK9XVEozQNiQ\x0aKAjg0dXTDJ2K4mSxc6UlXqLpYgomE9vX0dEq1i6b9IktZi9WckHR4nfV9F4Zd9bI\x0agQbfa6KTmdmTrHM4+jtC5dZBDtV
+file_chunk, 752, 4675730704, QvDDMBnvKD\x0af6O7XhaaVuulyRhTZPY7oJjJJXSEq/UK6XMmMRzTuPVwjK5hL8H8MvA9T5NPDNDN\x0a6awIHAtx9vRxa+fNXhfoE8roipZABMXCD510gRsS/yxmYat/2XSUVuwVcVfmLcUB\x0aGEIYmzbGTxPB9TfPccJVsKAD35jzeyTGsQjaW4B9I1cykWedRhvEd8AeL0O+vBCJ\x0axUIWFEHet3dbQvasUZ30o0hMbgOiserhgO4tQ56U66e+Vl/VZUX+DpmxtTYTiVn5\x0apVZfYQaoTUpzjAi9t8Iy3YJRwlQRgZHcnzmcDYNuvo4InrEHS1xZC6WcbenTIpSW\x0akCGI7fhCLMabTW0FQ5AaSTFKXP7O9+nxdqdup0XJT8Twtuz8l6Mn4PkgqOn0A+bc\x0aQbtonpY5uIQwVCiAcYjpKAhGV+D1B3TDI5q2+Aj6WPQ9Bfi/pqfv3fBK5ihgY9LS\x0aW8jZEJCJduoEdsDyatqtSK3UOtftqPWVptW5JfuajYR3CPl84Xk4K1/cQxx5nAKi\x0aRGpvr0SVoJsS9HRSsoMlJB42Md0SVY0nwp3MO1gcOvKCA5SBI/KXIu0HQ3YpxT39\x0aV/sR/QjJZvj3u0hFehggRQVo25pQhq4RdCt2edeBwYoxmcJDhnOZD+nEYax8GRUu\x0afrkPGVECNPqfzEePAZSv/8nW7ZHXz2+Cted/eRd0Y6qKO4KysL+kjDy2SX8ayrmA\x0aGlc8VABynj/sshoQi5/nz8nq7S
+file_chunk, 1182, 5416665488, w7c/SP4xbc2p6HIRdJLpymJYcB8aLuc\x0altM7qmD7UWqSwePzdNZkOYSY0/p2PiZikeQ4wn1fZW+24gY3Dr+oghOLSyl9RIc1\x0agO1jwi/vDVySgarwx2QcGsqac32ow212k0FzWuHSsI5SY3e9Cxb279S79PH23+NC\x0ars3mJw0arb7RYD4ZYIrtnnrSHncN944NEmooPcHD/y10bpQFlvIDO5dPX5SC7ryP\x0aAHOAkFGnlbNJasU9jjuGbl5KfwAG+lm/WyBS3Qzs/jZKEm8xcba1t+4Tmy4HPfIH\x0aQycTiGZvabxgg34ZrUkRS/VRyNs5DYEl08BsJFJ4ErXqMxqIgqndmqmFCMWRbqm3\x0aW1SyJLU1BpESS7O/WtdE0h52qeMibJCuMmSLZ6Ji3ObkDuWnJyQOD6DiywAOd4MK\x0aRAKw6c/G6daqMCLAR8iYNbKv5vizBN0xq38jnjN78n2L+Q0cHigtBVYOb6g/tOod\x0asLW0MZnv2UQ+GkD7mz0FgctEtk7LnEGwwFrOOHFTZWJ69Z670dS9KVIVNLVom+wU\x0aM2bjpD82xE3kLHtZ/VZ/p5UzZkhFZTMqHisrXqcE2hs3StrJj50t49UK+JeBmNSV\x0aH9rY7uihuKU1BQrSxgXtgW6HZ2st2VMNWsAFyXDtWAO6PrmSF6L+D811cXHCGZx2\x0aqmEH4/fh3Qyz4wWp+2qJgdfqlvIR9glBAvF/612vO7ig4LN3+g7LLaXy/gtujFki\x0a9Dnfq/yKN4IzQspkrRJEd/Zitw4HMnO40iTvk/qmfq0lvfCaJkLNlVqD19XJCPrt\x0a4gvtRiwNs9QfQht7lhUp/Wnt++6jJ7xrHqmqOMvd7oBX9H7VtZwAN/5tOhznLs9a\x0aqcBtokxx9c2lWCtgLnOHdNssIC5WcBfQqCnfCPrnq2A1QVGFoIkFin+RmvgdpC0x\x0aTJHK1ceRTrnNb6VBcmXnraSn5QZTIZ5F+SQ2rgqTNfofokJtEKAt8fUVrHZ81emS\x0af3sbH8UPfa9Xj0jmZmcjRRggrJ1yu0RsxUlxg5siQ2Fy5i3vAb0ZZ5ItWdIt8Jwt\x0aJFX0FWYGmphyo0Nwj/XP27NaqTwSOmo6xAfoyU7z/28U3k/qEbtLpn5xzVHk6Dny\x0aP0XGw4JttE7CmvwEi057FGGBu4pUYERfRNu7o+THlsQ=\x0a
diff --git a/testing/btest/Baseline/core.tunnels.gre-in-gre/tunnel.log b/testing/btest/Baseline/core.tunnels.gre-in-gre/tunnel.log
index 277d1df679..ad7154d756 100644
--- a/testing/btest/Baseline/core.tunnels.gre-in-gre/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.gre-in-gre/tunnel.log
@@ -6,6 +6,6 @@
 #open	2014-01-16-21-51-36
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
-1341436424.204043	CXWv6p3arKYeMETxOg	72.205.54.70	0	86.106.164.150	0	Tunnel::IP	Tunnel::DISCOVER
-1341436424.204043	CjhGID4nQcgTWjvg4c	10.10.11.2	0	10.10.13.2	0	Tunnel::IP	Tunnel::DISCOVER
+1341436424.204043	CXWv6p3arKYeMETxOg	72.205.54.70	0	86.106.164.150	0	Tunnel::GRE	Tunnel::DISCOVER
+1341436424.204043	CjhGID4nQcgTWjvg4c	10.10.11.2	0	10.10.13.2	0	Tunnel::GRE	Tunnel::DISCOVER
 #close	2014-01-16-21-51-36
diff --git a/testing/btest/Baseline/core.tunnels.gre/ssh.log b/testing/btest/Baseline/core.tunnels.gre/ssh.log
index 5b05545bd0..51dac36891 100644
--- a/testing/btest/Baseline/core.tunnels.gre/ssh.log
+++ b/testing/btest/Baseline/core.tunnels.gre/ssh.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
-#open	2014-01-16-21-51-12
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	direction	client	server
-#types	time	string	addr	port	addr	port	string	enum	string	string
-1055289978.855137	CsRx2w45OKnoww6xl4	66.59.111.190	40264	172.28.2.3	22	failure	INBOUND	SSH-2.0-OpenSSH_3.6.1p1	SSH-1.99-OpenSSH_3.1p1
-#close	2014-01-16-21-51-12
+#open	2015-03-17-17-42-58
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	auth_success	direction	client	server	cipher_alg	mac_alg	compression_alg	kex_alg	host_key_alg	host_key
+#types	time	string	addr	port	addr	port	count	bool	enum	string	string	string	string	string	string	string	string
+1055289978.855543	CsRx2w45OKnoww6xl4	66.59.111.190	40264	172.28.2.3	22	2	-	-	SSH-2.0-OpenSSH_3.6.1p1	SSH-1.99-OpenSSH_3.1p1	aes128-cbc	hmac-md5	none	diffie-hellman-group-exchange-sha1	ssh-rsa	20:7c:e5:96:b0:4e:ce:a4:db:e4:aa:29:e8:90:98:07
+#close	2015-03-17-17-42-59
diff --git a/testing/btest/Baseline/core.tunnels.gre/tunnel.log b/testing/btest/Baseline/core.tunnels.gre/tunnel.log
index f0d87f4964..066e1fe151 100644
--- a/testing/btest/Baseline/core.tunnels.gre/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.gre/tunnel.log
@@ -6,5 +6,5 @@
 #open	2014-01-16-21-51-12
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
-1055289968.793044	CXWv6p3arKYeMETxOg	172.27.1.66	0	66.59.109.137	0	Tunnel::IP	Tunnel::DISCOVER
+1055289968.793044	CXWv6p3arKYeMETxOg	172.27.1.66	0	66.59.109.137	0	Tunnel::GRE	Tunnel::DISCOVER
 #close	2014-01-16-21-51-12
diff --git a/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/http.log b/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/http.log
index ab4b369533..60872407a4 100644
--- a/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/http.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/http.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
-#open	2014-04-01-22-57-15
+#open	2015-04-20-14-23-04
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	orig_fuids	orig_mime_types	resp_fuids	resp_mime_types
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]
 1333458850.375568	CjhGID4nQcgTWjvg4c	10.131.47.185	1923	79.101.110.141	80	1	GET	o-o.preferred.telekomrs-beg1.v2.lscache8.c.youtube.com	/videoplayback?upn=MTU2MDY5NzQ5OTM0NTI3NDY4NDc&sparams=algorithm,burst,cp,factor,id,ip,ipbits,itag,source,upn,expire&fexp=912300,907210&algorithm=throttle-factor&itag=34&ip=212.0.0.0&burst=40&sver=3&signature=832FB1042E20780CFCA77A4DB5EA64AC593E8627.D1166C7E8365732E52DAFD68076DAE0146E0AE01&source=youtube&expire=1333484980&key=yt1&ipbits=8&factor=1.25&cp=U0hSSFRTUl9NSkNOMl9MTVZKOjh5eEN2SG8tZF84&id=ebf1e932d4bd1286&cm2=1	http://s.ytimg.com/yt/swfbin/watch_as3-vflqrJwOA.swf	Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko; X-SBLSP) Chrome/17.0.963.83 Safari/535.11	0	56320	206	Partial Content	-	-	-	(empty)	-	-	-	-	-	FNJkBA1b8FSHt5N8jl	-
-#close	2014-04-01-22-57-15
+#close	2015-04-20-14-23-04
diff --git a/testing/btest/Baseline/core.tunnels.gtp.pdp_ctx_messages/out b/testing/btest/Baseline/core.tunnels.gtp.pdp_ctx_messages/out
index fcdfe94824..0bcc0b5d6b 100644
--- a/testing/btest/Baseline/core.tunnels.gtp.pdp_ctx_messages/out
+++ b/testing/btest/Baseline/core.tunnels.gtp.pdp_ctx_messages/out
@@ -2,12 +2,12 @@ gtpv1_message, [orig_h=192.169.100.1, orig_p=34273/udp, resp_h=10.100.200.33, re
 [version=1, pt_flag=T, rsv=F, e_flag=F, s_flag=T, pn_flag=F, msg_type=16, length=137, teid=0, seq=4875, n_pdu=0, next_type=0]
 gtp create request, [orig_h=192.169.100.1, orig_p=34273/udp, resp_h=10.100.200.33, resp_p=2123/udp]
 [version=1, pt_flag=T, rsv=F, e_flag=F, s_flag=T, pn_flag=F, msg_type=16, length=137, teid=0, seq=4875, n_pdu=0, next_type=0]
-[imsi=460004100000101, rai=[mcc=460, mnc=6, lac=65534, rac=255], recovery=176, select_mode=1, data1=854600697, cp=854600697, nsapi=5, linked_nsapi=<uninitialized>, charge_character=<uninitialized>, trace_ref=<uninitialized>, trace_type=<uninitialized>, end_user_addr=[pdp_type_org=1, pdp_type_num=33, pdp_ip=<uninitialized>, pdp_other_addr=<uninitialized>], ap_name=^Feetest, opts=\x80\x80!^V^A^A\0^V^C^F\0\0\0\0\x81^F\0\0\0\0\x83^F\0\0\0\0, signal_addr=[ip=192.169.100.1, other=<uninitialized>], user_addr=[ip=192.169.100.1, other=<uninitialized>], msisdn=\x91hQ"^A\0^A\xf1, qos_prof=[priority=2, data=\x1bB\x1fs\x8c@@tK@@], tft=<uninitialized>, trigger_id=<uninitialized>, omc_id=<uninitialized>, ext=[id=10923, value=^B^A^C]]
+[imsi=460004100000101, rai=[mcc=460, mnc=6, lac=65534, rac=255], recovery=176, select_mode=1, data1=854600697, cp=854600697, nsapi=5, linked_nsapi=<uninitialized>, charge_character=<uninitialized>, trace_ref=<uninitialized>, trace_type=<uninitialized>, end_user_addr=[pdp_type_org=1, pdp_type_num=33, pdp_ip=<uninitialized>, pdp_other_addr=<uninitialized>], ap_name=\x06eetest, opts=\x80\x80!\x16\x01\x01\x00\x16\x03\x06\x00\x00\x00\x00\x81\x06\x00\x00\x00\x00\x83\x06\x00\x00\x00\x00, signal_addr=[ip=192.169.100.1, other=<uninitialized>], user_addr=[ip=192.169.100.1, other=<uninitialized>], msisdn=\x91hQ"\x01\x00\x01\xf1, qos_prof=[priority=2, data=\x1bB\x1fs\x8c@@tK@@], tft=<uninitialized>, trigger_id=<uninitialized>, omc_id=<uninitialized>, ext=[id=10923, value=\x02\x01\x03]]
 gtpv1_message, [orig_h=192.169.100.1, orig_p=34273/udp, resp_h=10.100.200.33, resp_p=2123/udp]
 [version=1, pt_flag=T, rsv=F, e_flag=F, s_flag=T, pn_flag=F, msg_type=17, length=101, teid=854600697, seq=4875, n_pdu=0, next_type=0]
 gtp create response, [orig_h=192.169.100.1, orig_p=34273/udp, resp_h=10.100.200.33, resp_p=2123/udp]
 [version=1, pt_flag=T, rsv=F, e_flag=F, s_flag=T, pn_flag=F, msg_type=17, length=101, teid=854600697, seq=4875, n_pdu=0, next_type=0]
-[cause=128, reorder_req=F, recovery=24, data1=268435589, cp=268435584, charging_id=103000009, end_user_addr=[pdp_type_org=1, pdp_type_num=33, pdp_ip=192.168.252.130, pdp_other_addr=<uninitialized>], opts=\x80\x80!^P^D^A\0^P\x81^F\0\0\0\0\x83^F\0\0\0\0\x80!^J^C^A\0^J^C^F\xc0\xa8\xfc\x82, cp_addr=[ip=10.100.200.34, other=<uninitialized>], user_addr=[ip=10.100.200.49, other=<uninitialized>], qos_prof=[priority=2, data=\x1bB\x1fs\x8c@@tK@@], charge_gateway=<uninitialized>, ext=<uninitialized>]
+[cause=128, reorder_req=F, recovery=24, data1=268435589, cp=268435584, charging_id=103000009, end_user_addr=[pdp_type_org=1, pdp_type_num=33, pdp_ip=192.168.252.130, pdp_other_addr=<uninitialized>], opts=\x80\x80!\x10\x04\x01\x00\x10\x81\x06\x00\x00\x00\x00\x83\x06\x00\x00\x00\x00\x80!\x0a\x03\x01\x00\x0a\x03\x06\xc0\xa8\xfc\x82, cp_addr=[ip=10.100.200.34, other=<uninitialized>], user_addr=[ip=10.100.200.49, other=<uninitialized>], qos_prof=[priority=2, data=\x1bB\x1fs\x8c@@tK@@], charge_gateway=<uninitialized>, ext=<uninitialized>]
 gtpv1_message, [orig_h=127.0.0.2, orig_p=2123/udp, resp_h=127.0.0.1, resp_p=2123/udp]
 [version=1, pt_flag=T, rsv=F, e_flag=F, s_flag=T, pn_flag=F, msg_type=1, length=4, teid=0, seq=3072, n_pdu=0, next_type=0]
 gtpv1_message, [orig_h=127.0.0.2, orig_p=2123/udp, resp_h=127.0.0.1, resp_p=2123/udp]
@@ -16,9 +16,9 @@ gtpv1_message, [orig_h=127.0.0.2, orig_p=2123/udp, resp_h=127.0.0.1, resp_p=2123
 [version=1, pt_flag=T, rsv=F, e_flag=F, s_flag=T, pn_flag=F, msg_type=16, length=104, teid=0, seq=3073, n_pdu=0, next_type=0]
 gtp create request, [orig_h=127.0.0.2, orig_p=2123/udp, resp_h=127.0.0.1, resp_p=2123/udp]
 [version=1, pt_flag=T, rsv=F, e_flag=F, s_flag=T, pn_flag=F, msg_type=16, length=104, teid=0, seq=3073, n_pdu=0, next_type=0]
-[imsi=240010123456789, rai=<uninitialized>, recovery=3, select_mode=1, data1=1, cp=1, nsapi=0, linked_nsapi=<uninitialized>, charge_character=2048, trace_ref=<uninitialized>, trace_type=<uninitialized>, end_user_addr=[pdp_type_org=1, pdp_type_num=33, pdp_ip=<uninitialized>, pdp_other_addr=<uninitialized>], ap_name=^Hinternet, opts=\x80\xc0#^Q^A^A\0^Q^Cmig^Hhemmelig, signal_addr=[ip=127.0.0.2, other=<uninitialized>], user_addr=[ip=127.0.0.2, other=<uninitialized>], msisdn=\x91d^G^R2T\xf6, qos_prof=[priority=0, data=^K\x92\x1f], tft=<uninitialized>, trigger_id=<uninitialized>, omc_id=<uninitialized>, ext=<uninitialized>]
+[imsi=240010123456789, rai=<uninitialized>, recovery=3, select_mode=1, data1=1, cp=1, nsapi=0, linked_nsapi=<uninitialized>, charge_character=2048, trace_ref=<uninitialized>, trace_type=<uninitialized>, end_user_addr=[pdp_type_org=1, pdp_type_num=33, pdp_ip=<uninitialized>, pdp_other_addr=<uninitialized>], ap_name=\x08internet, opts=\x80\xc0#\x11\x01\x01\x00\x11\x03mig\x08hemmelig, signal_addr=[ip=127.0.0.2, other=<uninitialized>], user_addr=[ip=127.0.0.2, other=<uninitialized>], msisdn=\x91d\x07\x122T\xf6, qos_prof=[priority=0, data=\x0b\x92\x1f], tft=<uninitialized>, trigger_id=<uninitialized>, omc_id=<uninitialized>, ext=<uninitialized>]
 gtpv1_message, [orig_h=127.0.0.2, orig_p=2123/udp, resp_h=127.0.0.1, resp_p=2123/udp]
 [version=1, pt_flag=T, rsv=F, e_flag=F, s_flag=T, pn_flag=F, msg_type=17, length=78, teid=1, seq=3073, n_pdu=0, next_type=0]
 gtp create response, [orig_h=127.0.0.2, orig_p=2123/udp, resp_h=127.0.0.1, resp_p=2123/udp]
 [version=1, pt_flag=T, rsv=F, e_flag=F, s_flag=T, pn_flag=F, msg_type=17, length=78, teid=1, seq=3073, n_pdu=0, next_type=0]
-[cause=128, reorder_req=F, recovery=1, data1=1, cp=1, charging_id=1, end_user_addr=[pdp_type_org=1, pdp_type_num=33, pdp_ip=192.168.0.2, pdp_other_addr=<uninitialized>], opts=\x80\x80!^P^B\0\0^P\x81^F\0\0\0\0\x83^F\0\0\0\0, cp_addr=[ip=127.0.0.1, other=<uninitialized>], user_addr=[ip=127.0.0.1, other=<uninitialized>], qos_prof=[priority=0, data=^K\x92\x1f], charge_gateway=<uninitialized>, ext=<uninitialized>]
+[cause=128, reorder_req=F, recovery=1, data1=1, cp=1, charging_id=1, end_user_addr=[pdp_type_org=1, pdp_type_num=33, pdp_ip=192.168.0.2, pdp_other_addr=<uninitialized>], opts=\x80\x80!\x10\x02\x00\x00\x10\x81\x06\x00\x00\x00\x00\x83\x06\x00\x00\x00\x00, cp_addr=[ip=127.0.0.1, other=<uninitialized>], user_addr=[ip=127.0.0.1, other=<uninitialized>], qos_prof=[priority=0, data=\x0b\x92\x1f], charge_gateway=<uninitialized>, ext=<uninitialized>]
diff --git a/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/dpd.log b/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/dpd.log
index 2dbe011a5a..ab91363b22 100644
--- a/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/dpd.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/dpd.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dpd
-#open	2013-08-26-19-02-18
+#open	2015-04-15-23-53-30
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	analyzer	failure_reason
 #types	time	string	addr	port	addr	port	enum	string	string
-1333458853.075889	CXWv6p3arKYeMETxOg	173.86.159.28	2152	213.72.147.186	2152	udp	GTPV1	Truncated GTPv1 [0\xff\x00\xac\x98\x13\x01LE\x00\x05\xc8G\xea@\x00\x80\x06\xb6\x83\x0a\x83w&\xd9\x14\x9c\x04\xd9\xc2\x00P\xddh\xb4\x8f41eV...]
-#close	2013-08-26-19-02-18
+1333458853.075889	CXWv6p3arKYeMETxOg	173.86.159.28	2152	213.72.147.186	2152	udp	GTPV1	Truncated GTPv1 [0\\xff\\x00\\xac\\x98\\x13\\x01LE\\x00\\x05\\xc8G\\xea@\\x00\\x80\\x06\\xb6\\x83\\x0a\\x83w&\\xd9\\x14\\x9c\\x04\\xd9\\xc2\\x00P\\xddh\\xb4\\x8f41eV...]
+#close	2015-04-15-23-53-30
diff --git a/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/tunnel.log b/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/tunnel.log
index c70c8536b7..9807b1b476 100644
--- a/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/tunnel.log
@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2013-08-26-19-35-01
+#open	2015-04-15-23-53-30
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
 1333458853.034734	CXWv6p3arKYeMETxOg	173.86.159.28	2152	213.72.147.186	2152	Tunnel::GTPv1	Tunnel::DISCOVER
 1333458853.108391	CXWv6p3arKYeMETxOg	173.86.159.28	2152	213.72.147.186	2152	Tunnel::GTPv1	Tunnel::CLOSE
-#close	2013-08-26-19-35-01
+#close	2015-04-15-23-53-30
diff --git a/testing/btest/Baseline/core.tunnels.teredo/http.log b/testing/btest/Baseline/core.tunnels.teredo/http.log
index 9a9776b7f3..72f673bd5c 100644
--- a/testing/btest/Baseline/core.tunnels.teredo/http.log
+++ b/testing/btest/Baseline/core.tunnels.teredo/http.log
@@ -3,11 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
-#open	2014-04-01-22-57-21
+#open	2015-03-14-01-46-26
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	orig_fuids	orig_mime_types	resp_fuids	resp_mime_types
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]
 1210953057.917183	C7XEbhP654jzLoe3a	192.168.2.16	1578	75.126.203.78	80	1	POST	download913.avast.com	/cgi-bin/iavs4stats.cgi	-	Syncer/4.80 (av_pro-1169;f)	589	0	204	<empty>	-	-	-	(empty)	-	-	-	Fp32SIJztq0Szn5Qc	text/plain	-	-
 1210953061.585996	CwSkQu4eWZCH7OONC1	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	1	GET	ipv6.google.com	/	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	6640	200	OK	-	-	-	(empty)	-	-	-	-	-	FNFYdH11h5iQcoD3a2	text/html
 1210953073.381474	CwSkQu4eWZCH7OONC1	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	2	GET	ipv6.google.com	/search?hl=en&q=Wireshark+!&btnG=Google+Search	http://ipv6.google.com/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	25119	200	OK	-	-	-	(empty)	-	-	-	-	-	FHD5nv1iSVFZVM0aH7	text/html
-1210953074.674817	Cab0vO1xNYSS2hJkle	192.168.2.16	1580	67.228.110.120	80	1	GET	www.wireshark.org	/	http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	11845	200	OK	-	-	-	(empty)	-	-	-	-	-	FS7lUf2cJFAVBCu6w6	application/xml
-#close	2014-04-01-22-57-21
+1210953074.674817	Cab0vO1xNYSS2hJkle	192.168.2.16	1580	67.228.110.120	80	1	GET	www.wireshark.org	/	http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	11845	200	OK	-	-	-	(empty)	-	-	-	-	-	FS7lUf2cJFAVBCu6w6	text/html
+#close	2015-03-14-01-46-26
diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
index b94df659b4..6d9df86baa 100644
--- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2014-10-31-20-38-14
+#open	2015-04-21-22-29-19
 #fields	name
 #types	string
 scripts/base/init-bare.bro
@@ -13,7 +13,10 @@ scripts/base/init-bare.bro
   build/scripts/base/bif/bro.bif.bro
   build/scripts/base/bif/reporter.bif.bro
   build/scripts/base/bif/plugins/Bro_SNMP.types.bif.bro
+  build/scripts/base/bif/plugins/Bro_KRB.types.bif.bro
   build/scripts/base/bif/event.bif.bro
+  scripts/base/frameworks/broker/__load__.bro
+    scripts/base/frameworks/broker/main.bro
   scripts/base/frameworks/logging/__load__.bro
     scripts/base/frameworks/logging/main.bro
       build/scripts/base/bif/logging.bif.bro
@@ -47,12 +50,17 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/bloom-filter.bif.bro
     build/scripts/base/bif/cardinality-counter.bif.bro
     build/scripts/base/bif/top-k.bif.bro
+    build/scripts/base/bif/comm.bif.bro
+    build/scripts/base/bif/data.bif.bro
+    build/scripts/base/bif/messaging.bif.bro
+    build/scripts/base/bif/store.bif.bro
   build/scripts/base/bif/plugins/__load__.bro
     build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_AYIYA.events.bif.bro
     build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.bro
     build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.bro
     build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.bro
     build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.bro
     build/scripts/base/bif/plugins/Bro_DHCP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_DNP3.events.bif.bro
@@ -69,6 +77,7 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_Ident.events.bif.bro
     build/scripts/base/bif/plugins/Bro_InterConn.events.bif.bro
     build/scripts/base/bif/plugins/Bro_IRC.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_KRB.events.bif.bro
     build/scripts/base/bif/plugins/Bro_Login.events.bif.bro
     build/scripts/base/bif/plugins/Bro_Login.functions.bif.bro
     build/scripts/base/bif/plugins/Bro_MIME.events.bif.bro
@@ -77,17 +86,20 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro
     build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro
-    build/scripts/base/bif/plugins/Bro_NetFlow.events.bif.bro
     build/scripts/base/bif/plugins/Bro_NTP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_PIA.events.bif.bro
     build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro
     build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_RDP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_RDP.types.bif.bro
     build/scripts/base/bif/plugins/Bro_RPC.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SIP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SNMP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro
     build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SSH.types.bif.bro
     build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro
@@ -100,6 +112,7 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.bro
     build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.bro
     build/scripts/base/bif/plugins/Bro_FileHash.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_PE.events.bif.bro
     build/scripts/base/bif/plugins/Bro_Unified2.events.bif.bro
     build/scripts/base/bif/plugins/Bro_Unified2.types.bif.bro
     build/scripts/base/bif/plugins/Bro_X509.events.bif.bro
@@ -115,4 +128,4 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
 scripts/policy/misc/loaded-scripts.bro
   scripts/base/utils/paths.bro
-#close	2014-10-31-20-38-14
+#close	2015-04-21-22-29-19
diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index 67de0fc1dc..5e2f3b9f4f 100644
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2014-10-31-20-38-48
+#open	2015-04-21-22-29-27
 #fields	name
 #types	string
 scripts/base/init-bare.bro
@@ -13,7 +13,10 @@ scripts/base/init-bare.bro
   build/scripts/base/bif/bro.bif.bro
   build/scripts/base/bif/reporter.bif.bro
   build/scripts/base/bif/plugins/Bro_SNMP.types.bif.bro
+  build/scripts/base/bif/plugins/Bro_KRB.types.bif.bro
   build/scripts/base/bif/event.bif.bro
+  scripts/base/frameworks/broker/__load__.bro
+    scripts/base/frameworks/broker/main.bro
   scripts/base/frameworks/logging/__load__.bro
     scripts/base/frameworks/logging/main.bro
       build/scripts/base/bif/logging.bif.bro
@@ -47,12 +50,17 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/bloom-filter.bif.bro
     build/scripts/base/bif/cardinality-counter.bif.bro
     build/scripts/base/bif/top-k.bif.bro
+    build/scripts/base/bif/comm.bif.bro
+    build/scripts/base/bif/data.bif.bro
+    build/scripts/base/bif/messaging.bif.bro
+    build/scripts/base/bif/store.bif.bro
   build/scripts/base/bif/plugins/__load__.bro
     build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_AYIYA.events.bif.bro
     build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.bro
     build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.bro
     build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.bro
     build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.bro
     build/scripts/base/bif/plugins/Bro_DHCP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_DNP3.events.bif.bro
@@ -69,6 +77,7 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_Ident.events.bif.bro
     build/scripts/base/bif/plugins/Bro_InterConn.events.bif.bro
     build/scripts/base/bif/plugins/Bro_IRC.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_KRB.events.bif.bro
     build/scripts/base/bif/plugins/Bro_Login.events.bif.bro
     build/scripts/base/bif/plugins/Bro_Login.functions.bif.bro
     build/scripts/base/bif/plugins/Bro_MIME.events.bif.bro
@@ -77,17 +86,20 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro
     build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro
-    build/scripts/base/bif/plugins/Bro_NetFlow.events.bif.bro
     build/scripts/base/bif/plugins/Bro_NTP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_PIA.events.bif.bro
     build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro
     build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_RDP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_RDP.types.bif.bro
     build/scripts/base/bif/plugins/Bro_RPC.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SIP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SNMP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro
     build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SSH.types.bif.bro
     build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro
@@ -100,6 +112,7 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.bro
     build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.bro
     build/scripts/base/bif/plugins/Bro_FileHash.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_PE.events.bif.bro
     build/scripts/base/bif/plugins/Bro_Unified2.events.bif.bro
     build/scripts/base/bif/plugins/Bro_Unified2.types.bif.bro
     build/scripts/base/bif/plugins/Bro_X509.events.bif.bro
@@ -180,6 +193,7 @@ scripts/base/init-default.bro
     scripts/base/protocols/conn/contents.bro
     scripts/base/protocols/conn/inactivity.bro
     scripts/base/protocols/conn/polling.bro
+    scripts/base/protocols/conn/thresholds.bro
   scripts/base/protocols/dhcp/__load__.bro
     scripts/base/protocols/dhcp/consts.bro
     scripts/base/protocols/dhcp/main.bro
@@ -215,6 +229,10 @@ scripts/base/init-default.bro
     scripts/base/protocols/irc/main.bro
     scripts/base/protocols/irc/dcc-send.bro
     scripts/base/protocols/irc/files.bro
+  scripts/base/protocols/krb/__load__.bro
+    scripts/base/protocols/krb/main.bro
+      scripts/base/protocols/krb/consts.bro
+    scripts/base/protocols/krb/files.bro
   scripts/base/protocols/modbus/__load__.bro
     scripts/base/protocols/modbus/consts.bro
     scripts/base/protocols/modbus/main.bro
@@ -225,6 +243,11 @@ scripts/base/init-default.bro
   scripts/base/protocols/radius/__load__.bro
     scripts/base/protocols/radius/main.bro
       scripts/base/protocols/radius/consts.bro
+  scripts/base/protocols/rdp/__load__.bro
+    scripts/base/protocols/rdp/consts.bro
+    scripts/base/protocols/rdp/main.bro
+  scripts/base/protocols/sip/__load__.bro
+    scripts/base/protocols/sip/main.bro
   scripts/base/protocols/snmp/__load__.bro
     scripts/base/protocols/snmp/main.bro
   scripts/base/protocols/smtp/__load__.bro
@@ -240,6 +263,9 @@ scripts/base/init-default.bro
     scripts/base/protocols/syslog/consts.bro
     scripts/base/protocols/syslog/main.bro
   scripts/base/protocols/tunnels/__load__.bro
+  scripts/base/files/pe/__load__.bro
+    scripts/base/files/pe/consts.bro
+    scripts/base/files/pe/main.bro
   scripts/base/files/extract/__load__.bro
     scripts/base/files/extract/main.bro
   scripts/base/files/unified2/__load__.bro
@@ -247,4 +273,4 @@ scripts/base/init-default.bro
   scripts/base/misc/find-checksum-offloading.bro
   scripts/base/misc/find-filtered-trace.bro
 scripts/policy/misc/loaded-scripts.bro
-#close	2014-10-31-20-38-48
+#close	2015-04-21-22-29-27
diff --git a/testing/btest/Baseline/coverage.find-bro-logs/out b/testing/btest/Baseline/coverage.find-bro-logs/out
index 7c86f9e59b..3deca99848 100644
--- a/testing/btest/Baseline/coverage.find-bro-logs/out
+++ b/testing/btest/Baseline/coverage.find-bro-logs/out
@@ -18,6 +18,7 @@ known_devices
 known_hosts
 known_modbus
 known_services
+krb
 loaded_scripts
 modbus
 modbus_register_change
@@ -25,9 +26,12 @@ mysql
 notice
 notice_alarm
 packet_filter
+pe
 radius
+rdp
 reporter
 signatures
+sip
 smtp
 snmp
 socks
diff --git a/testing/btest/Baseline/doc.sphinx.conditional-notice/btest-doc.sphinx.conditional-notice#1 b/testing/btest/Baseline/doc.sphinx.conditional-notice/btest-doc.sphinx.conditional-notice#1
new file mode 100644
index 0000000000..7217abc421
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.conditional-notice/btest-doc.sphinx.conditional-notice#1
@@ -0,0 +1,26 @@
+.. rst-class:: btest-cmd
+
+    .. code-block:: none
+      :linenos:
+      :emphasize-lines: 1,1
+
+      # bro -r tls/tls-expired-cert.trace conditional-notice.bro
+
+.. rst-class:: btest-cmd
+
+    .. code-block:: none
+      :linenos:
+      :emphasize-lines: 1,1
+
+      # cat notice.log
+      #separator \x09
+      #set_separator	,
+      #empty_field	(empty)
+      #unset_field	-
+      #path	notice
+      #open	2015-03-23-18-03-21
+      #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
+      #types	time	string	addr	port	addr	port	string	string	string	enum	enum	string	string	addr	addr	port	count	string	set[enum]	interval	bool	string	string	string	double	double
+      1394745603.293028	CXWv6p3arKYeMETxOg	192.168.4.149	60539	87.98.220.10	443	F1fX1R2cDOzbvg17ye	-	-	tcp	SSL::Certificate_Expired	Certificate CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated expired at 2014-03-04-23:59:59.000000000	-	192.168.4.149	87.98.220.10	443	-	bro	Notice::ACTION_EMAIL,Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
+      #close	2015-03-23-18-03-21
+
diff --git a/testing/btest/Baseline/doc.sphinx.connection-record-01/btest-doc.sphinx.connection-record-01#1 b/testing/btest/Baseline/doc.sphinx.connection-record-01/btest-doc.sphinx.connection-record-01#1
index 79d9859c4e..05169c643c 100644
--- a/testing/btest/Baseline/doc.sphinx.connection-record-01/btest-doc.sphinx.connection-record-01#1
+++ b/testing/btest/Baseline/doc.sphinx.connection-record-01/btest-doc.sphinx.connection-record-01#1
@@ -7,7 +7,7 @@
       # bro -b -r http/get.trace connection_record_01.bro
       [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={
       
-      }, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
+      }, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
       
-      }], extract_orig=F, extract_resp=F]
+      }], extract_orig=F, extract_resp=F, thresholds=<uninitialized>]
 
diff --git a/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1 b/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1
index 49fb44ebf7..60d2362043 100644
--- a/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1
+++ b/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1
@@ -7,11 +7,11 @@
       # bro -b -r http/get.trace connection_record_02.bro
       [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={
       
-      }, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
+      }, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
       
-      }], extract_orig=F, extract_resp=F, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={
+      }], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={
       
       }, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={
       
-      }, current_request=1, current_response=1]]
+      }, current_request=1, current_response=1, trans_depth=1]]
 
diff --git a/testing/btest/Baseline/doc.sphinx.data_type_time/btest-doc.sphinx.data_type_time#1 b/testing/btest/Baseline/doc.sphinx.data_type_time/btest-doc.sphinx.data_type_time#1
index e0f9ca2d11..179367ab12 100644
--- a/testing/btest/Baseline/doc.sphinx.data_type_time/btest-doc.sphinx.data_type_time#1
+++ b/testing/btest/Baseline/doc.sphinx.data_type_time/btest-doc.sphinx.data_type_time#1
@@ -5,13 +5,13 @@
       :emphasize-lines: 1,1
 
       # bro -r wikipedia.trace data_type_time.bro
-      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.118^J
-      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
-      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
-      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
-      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
-      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
-      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
-      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.2^J
-      2011/06/18 19:03:09:  New connection established from 141.142.220.235 to 173.192.163.128^J
+      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.118\x0a
+      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3\x0a
+      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3\x0a
+      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3\x0a
+      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3\x0a
+      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3\x0a
+      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3\x0a
+      2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.2\x0a
+      2011/06/18 19:03:09:  New connection established from 141.142.220.235 to 173.192.163.128\x0a
 
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_connecting-connector_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_connecting-connector_bro/output
new file mode 100644
index 0000000000..0953d88a3e
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_connecting-connector_bro/output
@@ -0,0 +1,23 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+connecting-connector.bro
+
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "connector";
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::connect("127.0.0.1", broker_port, 1sec);
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established",
+		  peer_address, peer_port, peer_name;
+	terminate();
+	}
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_connecting-listener_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_connecting-listener_bro/output
new file mode 100644
index 0000000000..2879beb396
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_connecting-listener_bro/output
@@ -0,0 +1,25 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+connecting-listener.bro
+
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "listener";
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established", peer_name;
+	}
+
+event BrokerComm::incoming_connection_broken(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_broken", peer_name;
+	terminate();
+	}
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_events-connector_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_events-connector_bro/output
new file mode 100644
index 0000000000..fe97fdb4ce
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_events-connector_bro/output
@@ -0,0 +1,35 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+events-connector.bro
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "connector";
+global my_event: event(msg: string, c: count);
+global my_auto_event: event(msg: string, c: count);
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::connect("127.0.0.1", broker_port, 1sec);
+	BrokerComm::auto_event("bro/event/my_auto_event", my_auto_event);
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established",
+	      peer_address, peer_port, peer_name;
+	BrokerComm::event("bro/event/my_event", BrokerComm::event_args(my_event, "hi", 0));
+	event my_auto_event("stuff", 88);
+	BrokerComm::event("bro/event/my_event", BrokerComm::event_args(my_event, "...", 1));
+	event my_auto_event("more stuff", 51);
+	BrokerComm::event("bro/event/my_event", BrokerComm::event_args(my_event, "bye", 2));
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_events-listener_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_events-listener_bro/output
new file mode 100644
index 0000000000..59e697601b
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_events-listener_bro/output
@@ -0,0 +1,41 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+events-listener.bro
+
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "listener";
+global msg_count = 0;
+global my_event: event(msg: string, c: count);
+global my_auto_event: event(msg: string, c: count);
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_events("bro/event/");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established", peer_name;
+	}
+
+event my_event(msg: string, c: count)
+	{
+	++msg_count;
+	print "got my_event", msg, c;
+
+	if ( msg_count == 5 )
+		terminate();
+	}
+
+event my_auto_event(msg: string, c: count)
+	{
+	++msg_count;
+	print "got my_auto_event", msg, c;
+
+	if ( msg_count == 5 )
+		terminate();
+	}
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_logs-connector_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_logs-connector_bro/output
new file mode 100644
index 0000000000..6884d5e4d6
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_logs-connector_bro/output
@@ -0,0 +1,44 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+logs-connector.bro
+
+@load ./testlog
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "connector";
+redef Log::enable_local_logging = F;
+redef Log::enable_remote_logging = F;
+global n = 0;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::enable_remote_logs(Test::LOG);
+	BrokerComm::connect("127.0.0.1", broker_port, 1sec);
+	}
+
+event do_write()
+	{
+	if ( n == 6 )
+		return;
+
+	Log::write(Test::LOG, [$msg = "ping", $num = n]);
+	++n;
+	event do_write();
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established",
+	      peer_address, peer_port, peer_name;
+	event do_write();
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_logs-listener_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_logs-listener_bro/output
new file mode 100644
index 0000000000..1610bde502
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_logs-listener_bro/output
@@ -0,0 +1,29 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+logs-listener.bro
+
+@load ./testlog
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "listener";
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_logs("bro/log/Test::LOG");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established", peer_name;
+	}
+
+event Test::log_test(rec: Test::Info)
+	{
+	print "wrote log", rec;
+
+	if ( rec$num == 5 )
+		terminate();
+	}
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_printing-connector_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_printing-connector_bro/output
new file mode 100644
index 0000000000..86ad4f459f
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_printing-connector_bro/output
@@ -0,0 +1,30 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+printing-connector.bro
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "connector";
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::connect("127.0.0.1", broker_port, 1sec);
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established",
+	      peer_address, peer_port, peer_name;
+	BrokerComm::print("bro/print/hi", "hello");
+	BrokerComm::print("bro/print/stuff", "...");
+	BrokerComm::print("bro/print/bye", "goodbye");
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_printing-listener_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_printing-listener_bro/output
new file mode 100644
index 0000000000..9cb48a0528
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_printing-listener_bro/output
@@ -0,0 +1,30 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+printing-listener.bro
+
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "listener";
+global msg_count = 0;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_prints("bro/print/");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established", peer_name;
+	}
+
+event BrokerComm::print_handler(msg: string)
+	{
+	++msg_count;
+	print "got print message", msg;
+
+	if ( msg_count == 3 )
+		terminate();
+	}
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_stores-connector_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_stores-connector_bro/output
new file mode 100644
index 0000000000..6ca9e3b49b
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_stores-connector_bro/output
@@ -0,0 +1,57 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+stores-connector.bro
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+
+global h: opaque of BrokerStore::Handle;
+
+function dv(d: BrokerComm::Data): BrokerComm::DataVector
+	{
+	local rval: BrokerComm::DataVector;
+	rval[0] = d;
+	return rval;
+	}
+
+global ready: event();
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	local myset: set[string] = {"a", "b", "c"};
+	local myvec: vector of string = {"alpha", "beta", "gamma"};
+	h = BrokerStore::create_master("mystore");
+	BrokerStore::insert(h, BrokerComm::data("one"), BrokerComm::data(110));
+	BrokerStore::insert(h, BrokerComm::data("two"), BrokerComm::data(223));
+	BrokerStore::insert(h, BrokerComm::data("myset"), BrokerComm::data(myset));
+	BrokerStore::insert(h, BrokerComm::data("myvec"), BrokerComm::data(myvec));
+	BrokerStore::increment(h, BrokerComm::data("one"));
+	BrokerStore::decrement(h, BrokerComm::data("two"));
+	BrokerStore::add_to_set(h, BrokerComm::data("myset"), BrokerComm::data("d"));
+	BrokerStore::remove_from_set(h, BrokerComm::data("myset"), BrokerComm::data("b"));
+	BrokerStore::push_left(h, BrokerComm::data("myvec"), dv(BrokerComm::data("delta")));
+	BrokerStore::push_right(h, BrokerComm::data("myvec"), dv(BrokerComm::data("omega")));
+
+	when ( local res = BrokerStore::size(h) )
+		{
+		print "master size", res;
+		event ready();
+		}
+	timeout 10sec
+		{ print "timeout"; }
+	}
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::connect("127.0.0.1", broker_port, 1secs);
+	BrokerComm::auto_event("bro/event/ready", ready);
+	}
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_stores-listener_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_stores-listener_bro/output
new file mode 100644
index 0000000000..6942ec17d2
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_stores-listener_bro/output
@@ -0,0 +1,47 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+stores-listener.bro
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+
+global h: opaque of BrokerStore::Handle;
+global expected_key_count = 4;
+global key_count = 0;
+
+function do_lookup(key: string)
+	{
+	when ( local res = BrokerStore::lookup(h, BrokerComm::data(key)) )
+		{
+		++key_count;
+		print "lookup", key, res;
+
+		if ( key_count == expected_key_count )
+			terminate();
+		}
+	timeout 10sec
+		{ print "timeout", key; }
+	}
+
+event ready()
+	{
+	h = BrokerStore::create_clone("mystore");
+
+	when ( local res = BrokerStore::keys(h) )
+		{
+		print "clone keys", res;
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 0)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 1)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 2)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 3)));
+		}
+	timeout 10sec
+		{ print "timeout"; }
+	}
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_events("bro/event/ready");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_testlog_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_testlog_bro/output
new file mode 100644
index 0000000000..da2261ebc4
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_testlog_bro/output
@@ -0,0 +1,23 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+testlog.bro
+
+
+module Test;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Info: record {
+		msg: string &log;
+		num: count &log;
+	};
+
+	global log_test: event(rec: Test::Info);
+}
+
+event bro_init() &priority=5
+	{
+	BrokerComm::enable();
+	Log::create_stream(Test::LOG, [$columns=Test::Info, $ev=log_test, $path="test"]);
+	}
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_file_analysis_02_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_file_analysis_02_bro/output
index 5e86c8d685..7c0b7eb8f0 100644
--- a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_file_analysis_02_bro/output
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_file_analysis_02_bro/output
@@ -2,10 +2,11 @@
 
 file_analysis_02.bro
 
-event file_mime_type(f: fa_file, mime_type: string)
+event file_sniff(f: fa_file, meta: fa_metadata)
     {
+	if ( ! meta?$mime_type ) return;
     print "new file", f$id;
-    if ( mime_type == "text/plain" )
+    if ( meta$mime_type == "text/plain" )
         Files::add_analyzer(f, Files::ANALYZER_MD5);
     }
 
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_notice_ssh_guesser_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_notice_ssh_guesser_bro/output
new file mode 100644
index 0000000000..11b77dd1ba
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_notice_ssh_guesser_bro/output
@@ -0,0 +1,14 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+notice_ssh_guesser.bro
+
+
+@load protocols/ssh/detect-bruteforcing
+
+redef SSH::password_guesses_limit=10;
+
+hook Notice::policy(n: Notice::Info)
+	{
+	if ( n$note == SSH::Password_Guessing && /192\.168\.56\.103/ in n$sub )
+		add n$actions[Notice::ACTION_EMAIL];
+	}
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_httpmonitor_file_extraction_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_httpmonitor_file_extraction_bro/output
index b193e4a530..729947ff72 100644
--- a/testing/btest/Baseline/doc.sphinx.include-doc_httpmonitor_file_extraction_bro/output
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_httpmonitor_file_extraction_bro/output
@@ -11,15 +11,18 @@ global mime_to_ext: table[string] of string = {
 	["text/html"] = "html",
 };
 
-event file_mime_type(f: fa_file, mime_type: string)
+event file_sniff(f: fa_file, meta: fa_metadata)
 	{
 	if ( f$source != "HTTP" )
 		return;
 
-	if ( mime_type !in mime_to_ext )
+	if ( ! meta?$mime_type )
 		return;
 
-	local fname = fmt("%s-%s.%s", f$source, f$id, mime_to_ext[mime_type]);
+	if ( meta$mime_type !in mime_to_ext )
+		return;
+
+	local fname = fmt("%s-%s.%s", f$source, f$id, mime_to_ext[meta$mime_type]);
 	print fmt("Extracting file %s", fname);
 	Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);
-	}
\ No newline at end of file
+	}
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_mimestats_mimestats_bro@4/output b/testing/btest/Baseline/doc.sphinx.include-doc_mimestats_mimestats_bro@4/output
index 0e97a0b14e..10c7b6bb34 100644
--- a/testing/btest/Baseline/doc.sphinx.include-doc_mimestats_mimestats_bro@4/output
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_mimestats_mimestats_bro@4/output
@@ -34,7 +34,7 @@ export {
 
 event bro_init() &priority=3
 	{
-	Log::create_stream(MimeMetrics::LOG, [$columns=Info]);
+	Log::create_stream(MimeMetrics::LOG, [$columns=Info, $path="mime_metrics"]);
 	local r1: SumStats::Reducer = [$stream="mime.bytes",
 	                               $apply=set(SumStats::SUM)];
 	local r2: SumStats::Reducer = [$stream="mime.hits", 
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_quickstart_conditional-notice_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_quickstart_conditional-notice_bro/output
new file mode 100644
index 0000000000..8412154ec4
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_quickstart_conditional-notice_bro/output
@@ -0,0 +1,28 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+conditional-notice.bro
+
+@load protocols/ssl/expiring-certs
+
+const watched_servers: set[addr] = {
+	87.98.220.10,
+} &redef;
+
+# Site::local_nets usually isn't something you need to modify if
+# BroControl automatically sets it up from networks.cfg.  It's
+# shown here for completeness.
+redef Site::local_nets += {
+	87.98.0.0/16,
+};
+
+hook Notice::policy(n: Notice::Info)
+	{
+	if ( n$note != SSL::Certificate_Expired )
+		return;
+
+	if ( n$id$resp_h !in watched_servers )
+		return;
+
+	add n$actions[Notice::ACTION_EMAIL];
+	}
+
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/output
index 34af08d8f1..19932699b6 100644
--- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/output
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/output
@@ -27,7 +27,7 @@ function factorial(n: count): count
 event bro_init()
     {
     # Create the logging stream.
-    Log::create_stream(LOG, [$columns=Info]);
+    Log::create_stream(LOG, [$columns=Info, $path="factor"]);
     }
 
 event bro_done()
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/output
index 631875ba2a..d5d1c23b2b 100644
--- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/output
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/output
@@ -4,7 +4,7 @@ framework_logging_factorial_03.bro
 
 event bro_init()
     {
-    Log::create_stream(LOG, [$columns=Info]);
+    Log::create_stream(LOG, [$columns=Info, $path="factor"]);
     
     local filter: Log::Filter = [$name="split-mod5s", $path_func=mod5];
     Log::add_filter(Factor::LOG, filter);
diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/output
index 035f8d90bc..c0f8d8ddac 100644
--- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/output
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/output
@@ -26,7 +26,7 @@ function factorial(n: count): count
 
 event bro_init()
     {
-    Log::create_stream(LOG, [$columns=Info, $ev=log_factor]);
+    Log::create_stream(LOG, [$columns=Info, $ev=log_factor, $path="factor"]);
     }
 
 event bro_done()
diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_conn_main_bro/output b/testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_conn_main_bro/output
index 9966341119..83e9d5bea1 100644
--- a/testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_conn_main_bro/output
+++ b/testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_conn_main_bro/output
@@ -17,6 +17,7 @@ export {
 		resp_bytes:   count           &log &optional;
 		conn_state:   string          &log &optional;
 		local_orig:   bool            &log &optional;
+		local_resp:   bool            &log &optional;
 		missed_bytes: count           &log &default=0;
 		history:      string          &log &optional;
 		orig_pkts:     count      &log &optional;
diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output
index af9ea0dc83..7905ffd953 100644
--- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output
+++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output
@@ -31,7 +31,7 @@ export {
 			/^ftp[0-9]*\./  &redef;
 }
 
-event SSH::heuristic_successful_login(c: connection)
+event ssh_auth_successful(c: connection, auth_method_none: bool)
 	{
 	for ( host in set(c$id$orig_h, c$id$resp_h) )
 		{
diff --git a/testing/btest/Baseline/doc.sphinx.mimestats/btest-doc.sphinx.mimestats#1 b/testing/btest/Baseline/doc.sphinx.mimestats/btest-doc.sphinx.mimestats#1
index e62ab5a373..3a0ddb5fd9 100644
--- a/testing/btest/Baseline/doc.sphinx.mimestats/btest-doc.sphinx.mimestats#1
+++ b/testing/btest/Baseline/doc.sphinx.mimestats/btest-doc.sphinx.mimestats#1
@@ -16,15 +16,15 @@
       #empty_field	(empty)
       #unset_field	-
       #path	mime_metrics
-      #open	2014-10-08-03-56-52
+      #open	2015-03-14-01-46-11
       #fields	ts	ts_delta	mtype	uniq_hosts	hits	bytes
       #types	time	interval	string	count	count	count
-      1389719059.311698	300.000000	text/html	1	7	68469
+      1389719059.311698	300.000000	text/html	1	2	42231
       1389719059.311698	300.000000	image/jpeg	1	1	186859
       1389719059.311698	300.000000	application/pgp-signature	1	1	836
-      1389719059.311698	300.000000	text/plain	1	10	101763
+      1389719059.311698	300.000000	text/plain	1	15	128001
       1389719059.311698	300.000000	image/gif	1	1	172
       1389719059.311698	300.000000	image/png	1	9	82176
       1389719059.311698	300.000000	image/x-icon	1	2	2300
-      #close	2014-10-08-03-56-52
+      #close	2015-03-14-01-46-11
 
diff --git a/testing/btest/Baseline/doc.sphinx.notice_ssh_guesser.bro/btest-doc.sphinx.notice_ssh_guesser.bro#1 b/testing/btest/Baseline/doc.sphinx.notice_ssh_guesser.bro/btest-doc.sphinx.notice_ssh_guesser.bro#1
new file mode 100644
index 0000000000..a8d9ce96d1
--- /dev/null
+++ b/testing/btest/Baseline/doc.sphinx.notice_ssh_guesser.bro/btest-doc.sphinx.notice_ssh_guesser.bro#1
@@ -0,0 +1,26 @@
+.. rst-class:: btest-cmd
+
+    .. code-block:: none
+      :linenos:
+      :emphasize-lines: 1,1
+
+      # bro -C -r ssh/sshguess.pcap notice_ssh_guesser.bro
+
+.. rst-class:: btest-cmd
+
+    .. code-block:: none
+      :linenos:
+      :emphasize-lines: 1,1
+
+      # cat notice.log
+      #separator \x09
+      #set_separator	,
+      #empty_field	(empty)
+      #unset_field	-
+      #path	notice
+      #open	2015-03-30-16-20-23
+      #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
+      #types	time	string	addr	port	addr	port	string	string	string	enum	enum	string	string	addr	addr	port	count	string	set[enum]	interval	bool	string	string	string	double	double
+      1427726711.398575	-	-	-	-	-	-	-	-	-	SSH::Password_Guessing	192.168.56.1 appears to be guessing SSH passwords (seen in 10 connections).	Sampled servers:  192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103	192.168.56.1	-	-	-	bro	Notice::ACTION_EMAIL,Notice::ACTION_LOG	3600.000000	F	-	-	-	-	-
+      #close	2015-03-30-16-20-23
+
diff --git a/testing/btest/Baseline/language.record-coerce-clash/out b/testing/btest/Baseline/language.record-coerce-clash/out
new file mode 100644
index 0000000000..9ef4116c7e
--- /dev/null
+++ b/testing/btest/Baseline/language.record-coerce-clash/out
@@ -0,0 +1 @@
+error in /Users/jon/Projects/bro/bro/testing/btest/.tmp/language.record-coerce-clash/record-coerce-clash.bro, line 13: type clash for field "cid" ((coerce [$cid=[$orig_h=1.2.3.4, $orig_p=0/tcp, $resp_h=0.0.0.0, $resp_p=wrong]] to myrec) and record { orig_h:addr; orig_p:port; resp_h:addr; resp_p:string; })
diff --git a/testing/btest/Baseline/language.set-type-checking/out b/testing/btest/Baseline/language.set-type-checking/out
index d93db19abd..707363e9c8 100644
--- a/testing/btest/Baseline/language.set-type-checking/out
+++ b/testing/btest/Baseline/language.set-type-checking/out
@@ -18,4 +18,7 @@ error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-che
 error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 38: arithmetic mixed with non-arithmetic (port and 1002)
 error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 38 and port: type mismatch (1002 and port)
 error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 38: inconsistent type in set constructor (set(1002))
+error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 44: arithmetic mixed with non-arithmetic (port and 1003)
+error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 44 and port: type mismatch (1003 and port)
+error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 44: inconsistent type in set constructor (set(1003))
 error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 44: type clash in assignment (lea = set(1003))
diff --git a/testing/btest/Baseline/plugins.file/output b/testing/btest/Baseline/plugins.file/output
index cd225e759d..487fa811c3 100644
--- a/testing/btest/Baseline/plugins.file/output
+++ b/testing/btest/Baseline/plugins.file/output
@@ -6,7 +6,7 @@ Demo::Foo - A Foo test analyzer (dynamic, version 1.0)
 foo_piece, FGy9Oo9JLY8SFxMJ2, The National Center 
 foo_piece, FGy9Oo9JLY8SFxMJ2, net, consult your lo
 foo_piece, FGy9Oo9JLY8SFxMJ2, most everything else
-foo_piece, FGy9Oo9JLY8SFxMJ2, low:^J^J   /Mac       
+foo_piece, FGy9Oo9JLY8SFxMJ2, low:\x0a\x0a   /Mac       
 foo_piece, FGy9Oo9JLY8SFxMJ2, es and directories o
 foo_piece, FGy9Oo9JLY8SFxMJ2, r example, here is a
 foo_piece, FGy9Oo9JLY8SFxMJ2, application, StuffIt
@@ -14,4 +14,4 @@ foo_piece, FGy9Oo9JLY8SFxMJ2, tion BinHex by doubl
 foo_piece, FGy9Oo9JLY8SFxMJ2, laced, or are going 
 foo_piece, FGy9Oo9JLY8SFxMJ2, sers several documen
 foo_piece, FGy9Oo9JLY8SFxMJ2, er or can be printed
-foo_piece, FGy9Oo9JLY8SFxMJ2,  ^J^JBug reports shoul
+foo_piece, FGy9Oo9JLY8SFxMJ2,  \x0a\x0aBug reports shoul
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index 9519ffec5e..7e22f052cb 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -1,331 +1,364 @@
-0.000000   MetaHookPost  CallFunction(Analyzer::__disable_analyzer, (Analyzer::ANALYZER_BACKDOOR)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__disable_analyzer, (Analyzer::ANALYZER_INTERCONN)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__disable_analyzer, (Analyzer::ANALYZER_STEPPINGSTONE)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__disable_analyzer, (Analyzer::ANALYZER_TCPSTATS)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_AYIYA, 5072/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DHCP, 67/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DHCP, 68/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DNS, 137/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DNS, 53/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DNS, 53/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DNS, 5353/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DNS, 5355/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_FTP, 21/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_FTP, 2811/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_GTPV1, 2123/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_GTPV1, 2152/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 3128/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 631/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 80/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 8000/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 8080/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 81/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 8888/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_IRC, 6666/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_IRC, 6667/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_IRC, 6668/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_IRC, 6669/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_MODBUS, 502/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_MYSQL, 1434/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_MYSQL, 3306/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_RADIUS, 1812/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SMTP, 25/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SMTP, 587/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SNMP, 161/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SNMP, 162/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSH, 22/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 443/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 5223/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 563/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 585/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 614/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 636/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 989/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 990/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 992/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 993/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 995/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SYSLOG, 514/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_TEREDO, 3544/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::disable_analyzer, (Analyzer::ANALYZER_BACKDOOR)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::disable_analyzer, (Analyzer::ANALYZER_INTERCONN)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::disable_analyzer, (Analyzer::ANALYZER_STEPPINGSTONE)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::disable_analyzer, (Analyzer::ANALYZER_TCPSTATS)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_AYIYA, 5072/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DHCP, 67/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DHCP, 68/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DNS, 137/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DNS, 53/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DNS, 53/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DNS, 5353/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DNS, 5355/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_FTP, 21/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_FTP, 2811/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_GTPV1, 2123/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_GTPV1, 2152/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 3128/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 631/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 80/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 8000/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 8080/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 81/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 8888/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_IRC, 6666/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_IRC, 6667/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_IRC, 6668/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_IRC, 6669/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_MODBUS, 502/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_MYSQL, 1434/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_MYSQL, 3306/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_RADIUS, 1812/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SMTP, 25/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SMTP, 587/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SNMP, 161/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SNMP, 162/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSH, 22/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 443/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 5223/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 563/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 585/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 614/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 636/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 989/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 990/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 992/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 993/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 995/tcp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SYSLOG, 514/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_TEREDO, 3544/udp)) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_AYIYA, {5072/udp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_DHCP, {67<...>/udp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_DNS, {5355<...>/udp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_GTPV1, {2152<...>/udp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_HTTP, {631<...>/tcp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_IRC, {6669<...>/tcp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_MODBUS, {502/tcp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_MYSQL, {3306<...>/tcp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_RADIUS, {1812/udp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SNMP, {162<...>/udp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SOCKS, {1080/tcp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SSH, {22/tcp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SSL, {5223<...>/tcp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SYSLOG, {514/udp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_TEREDO, {3544/udp})) -> <null>
-0.000000   MetaHookPost  CallFunction(Cluster::is_enabled, ()) -> <null>
-0.000000   MetaHookPost  CallFunction(Files::register_analyzer_add_callback, (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)})) -> <null>
-0.000000   MetaHookPost  CallFunction(Files::register_protocol, (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ <init> FTP::cid{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::f$conns[FTP::cid]?$ftp) return (FTP::describe(FTP::f$conns[FTP::cid]$ftp))}return ()}}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Files::register_protocol, (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ <init> HTTP::cid{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::f$conns[HTTP::cid]?$http) return (HTTP::build_url_http(HTTP::f$conns[HTTP::cid]$http))}return ()}}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Files::register_protocol, (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Files::register_protocol, (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ <init> SMTP::cid{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { SMTP::c = SMTP::f$conns[SMTP::cid]return (SMTP::describe(SMTP::c$smtp))}return ()}}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Files::register_protocol, (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Communication::LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Files::LOG, [columns=<no value description>, ev=Files::log_files])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Software::LOG, [columns=<no value description>, ev=Software::log_software])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::__write, (PacketFilter::LOG, [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Cluster::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Communication::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Conn::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (DHCP::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (DNP3::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (DNS::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (DPD::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (FTP::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Files::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (HTTP::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (IRC::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Intel::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Modbus::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Notice::ALARM_LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Notice::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (PacketFilter::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (RADIUS::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Reporter::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (SMTP::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (SNMP::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (SOCKS::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (SSH::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (SSL::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Signatures::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Software::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Syslog::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Tunnel::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Unified2::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (Weird::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (X509::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, (mysql::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Communication::LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Files::LOG, [columns=<no value description>, ev=Files::log_files])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Software::LOG, [columns=<no value description>, ev=Software::log_software])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::default_path_func, (PacketFilter::LOG, , [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T])) -> <null>
-0.000000   MetaHookPost  CallFunction(Log::write, (PacketFilter::LOG, [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T])) -> <null>
-0.000000   MetaHookPost  CallFunction(Notice::want_pp, ()) -> <null>
-0.000000   MetaHookPost  CallFunction(PacketFilter::build, ()) -> <null>
-0.000000   MetaHookPost  CallFunction(PacketFilter::combine_filters, (ip or not ip, and, )) -> <null>
-0.000000   MetaHookPost  CallFunction(PacketFilter::install, ()) -> <null>
-0.000000   MetaHookPost  CallFunction(SumStats::add_observe_plugin_dependency, (SumStats::STD_DEV, SumStats::VARIANCE)) -> <null>
-0.000000   MetaHookPost  CallFunction(SumStats::add_observe_plugin_dependency, (SumStats::VARIANCE, SumStats::AVERAGE)) -> <null>
-0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, (SumStats::AVERAGE, anonymous-function{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)})) -> <null>
-0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, (SumStats::HLL_UNIQUE, anonymous-function{ if (!SumStats::rv?$card) { SumStats::rv$card = hll_cardinality_init(SumStats::r$hll_error_margin, SumStats::r$hll_confidence)SumStats::rv$hll_error_margin = SumStats::r$hll_error_marginSumStats::rv$hll_confidence = SumStats::r$hll_confidence}hll_cardinality_add(SumStats::rv$card, SumStats::obs)SumStats::rv$hll_unique = double_to_count(hll_cardinality_estimate(SumStats::rv$card))})) -> <null>
-0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, (SumStats::LAST, anonymous-function{ if (0 < SumStats::r$num_last_elements) { if (!SumStats::rv?$last_elements) SumStats::rv$last_elements = Queue::init((coerce [$max_len=SumStats::r$num_last_elements] to Queue::Settings))Queue::put(SumStats::rv$last_elements, SumStats::obs)}})) -> <null>
-0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, (SumStats::MAX, anonymous-function{ if (!SumStats::rv?$max) SumStats::rv$max = SumStats::valelseif (SumStats::rv$max < SumStats::val) SumStats::rv$max = SumStats::val})) -> <null>
-0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, (SumStats::MIN, anonymous-function{ if (!SumStats::rv?$min) SumStats::rv$min = SumStats::valelseif (SumStats::val < SumStats::rv$min) SumStats::rv$min = SumStats::val})) -> <null>
-0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, (SumStats::SAMPLE, anonymous-function{ SumStats::sample_add_sample(SumStats::obs, SumStats::rv)})) -> <null>
-0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, (SumStats::STD_DEV, anonymous-function{ SumStats::calc_std_dev(SumStats::rv)})) -> <null>
-0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, (SumStats::SUM, anonymous-function{ SumStats::rv$sum += SumStats::val})) -> <null>
-0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, (SumStats::TOPK, anonymous-function{ topk_add(SumStats::rv$topk, SumStats::obs)})) -> <null>
-0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, (SumStats::UNIQUE, anonymous-function{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || flattenSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = flattenSumStats::rv$unique_vals})) -> <null>
-0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, (SumStats::VARIANCE, anonymous-function{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average})) -> <null>
-0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugins, ()) -> <null>
-0.000000   MetaHookPost  CallFunction(Unified2::mappings_initialized, ()) -> <null>
-0.000000   MetaHookPost  CallFunction(Unified2::start_watching, ()) -> <null>
-0.000000   MetaHookPost  CallFunction(bro_init, ()) -> <null>
-0.000000   MetaHookPost  CallFunction(cat, (Packe, t, _, Filter)) -> <null>
-0.000000   MetaHookPost  CallFunction(current_time, ()) -> <null>
-0.000000   MetaHookPost  CallFunction(filter_change_tracking, ()) -> <null>
-0.000000   MetaHookPost  CallFunction(fmt, (%s, PacketFilter::LOG)) -> <null>
-0.000000   MetaHookPost  CallFunction(getenv, (CLUSTER_NODE)) -> <null>
-0.000000   MetaHookPost  CallFunction(install_pcap_filter, (PacketFilter::DefaultPcapFilter)) -> <null>
-0.000000   MetaHookPost  CallFunction(network_time, ()) -> <null>
-0.000000   MetaHookPost  CallFunction(precompile_pcap_filter, (PacketFilter::DefaultPcapFilter, ip or not ip)) -> <null>
-0.000000   MetaHookPost  CallFunction(reading_live_traffic, ()) -> <null>
-0.000000   MetaHookPost  CallFunction(reading_traces, ()) -> <null>
-0.000000   MetaHookPost  CallFunction(set_to_regex, ({}, (^\.?|\.)(~~)$)) -> <null>
-0.000000   MetaHookPost  CallFunction(split_string1, (PacketFilter::LOG, <...>/)) -> <null>
-0.000000   MetaHookPost  CallFunction(split_string_n, (PacketFilter, <...>/, T, 4)) -> <null>
-0.000000   MetaHookPost  CallFunction(string_to_pattern, ((^\.?|\.)()$, F)) -> <null>
-0.000000   MetaHookPost  CallFunction(sub, ((^\.?|\.)(~~)$, <...>/, )) -> <null>
-0.000000   MetaHookPost  CallFunction(sub_bytes, (tFilter, 1, 1)) -> <null>
-0.000000   MetaHookPost  CallFunction(sub_bytes, (tFilter, 2, 7)) -> <null>
-0.000000   MetaHookPost  CallFunction(to_lower, (Packet_Filter)) -> <null>
+0.000000   MetaHookPost  CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_BACKDOOR)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_INTERCONN)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_STEPPINGSTONE)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_TCPSTATS)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_AYIYA, 5072/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 67/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 68/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 137/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 53/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 53/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5353/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5355/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DTLS, 443/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 21/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 2811/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_GTPV1, 2123/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_GTPV1, 2152/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 3128/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 631/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 80/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8000/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8080/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 81/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8888/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6666/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6667/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6668/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6669/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_KRB, 88/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_MODBUS, 502/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_MYSQL, 1434/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_MYSQL, 3306/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_RADIUS, 1812/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_RDP, 3389/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SIP, 5060/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SMTP, 25/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SMTP, 587/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SNMP, 161/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SNMP, 162/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSH, 22/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 443/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 5223/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 563/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 585/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 614/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 636/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 989/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 990/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 992/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 993/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 995/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SYSLOG, 514/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_TEREDO, 3544/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::disable_analyzer, <frame>, (Analyzer::ANALYZER_BACKDOOR)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::disable_analyzer, <frame>, (Analyzer::ANALYZER_INTERCONN)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::disable_analyzer, <frame>, (Analyzer::ANALYZER_STEPPINGSTONE)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::disable_analyzer, <frame>, (Analyzer::ANALYZER_TCPSTATS)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_AYIYA, 5072/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 67/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 68/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 137/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 53/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 53/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5353/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5355/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DTLS, 443/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 21/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 2811/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_GTPV1, 2123/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_GTPV1, 2152/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 3128/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 631/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 80/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8000/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8080/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 81/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8888/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6666/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6667/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6668/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6669/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_KRB, 88/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_MODBUS, 502/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_MYSQL, 1434/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_MYSQL, 3306/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_RADIUS, 1812/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_RDP, 3389/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SIP, 5060/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SMTP, 25/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SMTP, 587/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SNMP, 161/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SNMP, 162/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSH, 22/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 443/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 5223/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 563/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 585/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 614/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 636/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 989/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 990/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 992/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 993/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 995/tcp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SYSLOG, 514/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_TEREDO, 3544/udp)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_AYIYA, {5072/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DHCP, {67<...>/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5355<...>/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DTLS, {443/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2152<...>/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {631<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6669<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB, {88/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB_TCP, {88/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_MODBUS, {502/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_MYSQL, {3306<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_RADIUS, {1812/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_RDP, {3389/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SIP, {5060/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SNMP, {162<...>/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SOCKS, {1080/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSH, {22/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSL, {5223<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SYSLOG, {514/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_TEREDO, {3544/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Cluster::is_enabled, <frame>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(Cluster::is_enabled, <null>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_analyzer_add_callback, <frame>, (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_PE, application/x-dosexec)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_for_mime_types, <frame>, (Files::ANALYZER_PE, {application/x-dosexec})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ <init> FTP::cid{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::f$conns[FTP::cid]?$ftp) return (FTP::describe(FTP::f$conns[FTP::cid]$ftp))}return ()}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ <init> HTTP::cid{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::f$conns[HTTP::cid]?$http) return (HTTP::build_url_http(HTTP::f$conns[HTTP::cid]$http))}return ()}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::cid{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::f$conns[KRB::cid]?$krb) { KRB::c = KRB::f$conns[KRB::cid]return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::cid{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::f$conns[KRB::cid]?$krb) { KRB::c = KRB::f$conns[KRB::cid]return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ <init> SMTP::cid{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { SMTP::c = SMTP::f$conns[SMTP::cid]return (SMTP::describe(SMTP::c$smtp))}return ()}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=cluster, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=communication, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=conn, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dhcp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dnp3, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dns, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dpd, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=ftp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=files, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=http, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=irc, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=intel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=kerberos, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=modbus, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=pe, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=radius, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=rdp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=reporter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=sip, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=smtp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=snmp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=socks, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=ssh, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=ssl, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=signatures, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=software, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=syslog, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=tunnel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=unified2, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Communication::LOG, [columns=<no value description>, ev=<uninitialized>, path=communication])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1429655378.868621, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Communication::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Conn::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (DHCP::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (DNP3::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (DNS::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (DPD::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (FTP::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Files::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (HTTP::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (IRC::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Intel::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (KRB::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Modbus::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Notice::ALARM_LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Notice::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (PE::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (PacketFilter::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (RADIUS::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (RDP::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Reporter::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (SIP::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (SMTP::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (SNMP::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (SOCKS::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (SSH::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (SSL::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Signatures::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Software::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Syslog::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Tunnel::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Unified2::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Weird::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (X509::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (mysql::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Communication::LOG, [columns=<no value description>, ev=<uninitialized>, path=communication])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1429655378.868621, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(PacketFilter::build, <frame>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(PacketFilter::combine_filters, <frame>, (ip or not ip, and, )) -> <no result>
+0.000000   MetaHookPost  CallFunction(PacketFilter::install, <frame>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(SumStats::add_observe_plugin_dependency, <frame>, (SumStats::STD_DEV, SumStats::VARIANCE)) -> <no result>
+0.000000   MetaHookPost  CallFunction(SumStats::add_observe_plugin_dependency, <frame>, (SumStats::VARIANCE, SumStats::AVERAGE)) -> <no result>
+0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::AVERAGE, anonymous-function{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)})) -> <no result>
+0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::HLL_UNIQUE, anonymous-function{ if (!SumStats::rv?$card) { SumStats::rv$card = hll_cardinality_init(SumStats::r$hll_error_margin, SumStats::r$hll_confidence)SumStats::rv$hll_error_margin = SumStats::r$hll_error_marginSumStats::rv$hll_confidence = SumStats::r$hll_confidence}hll_cardinality_add(SumStats::rv$card, SumStats::obs)SumStats::rv$hll_unique = double_to_count(hll_cardinality_estimate(SumStats::rv$card))})) -> <no result>
+0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::LAST, anonymous-function{ if (0 < SumStats::r$num_last_elements) { if (!SumStats::rv?$last_elements) SumStats::rv$last_elements = Queue::init((coerce [$max_len=SumStats::r$num_last_elements] to Queue::Settings))Queue::put(SumStats::rv$last_elements, SumStats::obs)}})) -> <no result>
+0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::MAX, anonymous-function{ if (!SumStats::rv?$max) SumStats::rv$max = SumStats::valelseif (SumStats::rv$max < SumStats::val) SumStats::rv$max = SumStats::val})) -> <no result>
+0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::MIN, anonymous-function{ if (!SumStats::rv?$min) SumStats::rv$min = SumStats::valelseif (SumStats::val < SumStats::rv$min) SumStats::rv$min = SumStats::val})) -> <no result>
+0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::SAMPLE, anonymous-function{ SumStats::sample_add_sample(SumStats::obs, SumStats::rv)})) -> <no result>
+0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::STD_DEV, anonymous-function{ SumStats::calc_std_dev(SumStats::rv)})) -> <no result>
+0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::SUM, anonymous-function{ SumStats::rv$sum += SumStats::val})) -> <no result>
+0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::TOPK, anonymous-function{ topk_add(SumStats::rv$topk, SumStats::obs)})) -> <no result>
+0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::UNIQUE, anonymous-function{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || flattenSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = flattenSumStats::rv$unique_vals})) -> <no result>
+0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::VARIANCE, anonymous-function{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average})) -> <no result>
+0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugins, <frame>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(Unified2::mappings_initialized, <frame>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(Unified2::start_watching, <frame>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(bro_init, <null>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(current_time, <frame>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(filter_change_tracking, <null>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(getenv, <null>, (CLUSTER_NODE)) -> <no result>
+0.000000   MetaHookPost  CallFunction(install_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter)) -> <no result>
+0.000000   MetaHookPost  CallFunction(network_time, <frame>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(precompile_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter, ip or not ip)) -> <no result>
+0.000000   MetaHookPost  CallFunction(reading_live_traffic, <frame>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(reading_traces, <frame>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(set_to_regex, <frame>, ({}, (^\.?|\.)(~~)$)) -> <no result>
+0.000000   MetaHookPost  CallFunction(string_to_pattern, <frame>, ((^\.?|\.)()$, F)) -> <no result>
+0.000000   MetaHookPost  CallFunction(sub, <frame>, ((^\.?|\.)(~~)$, <...>/, )) -> <no result>
 0.000000   MetaHookPost  DrainEvents() -> <void>
 0.000000   MetaHookPost  LoadFile(../main) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_ARP.events.bif.bro) -> -1
@@ -337,6 +370,7 @@
 0.000000   MetaHookPost  LoadFile(./Bro_BinaryReader.binary.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_BitTorrent.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_ConnSize.events.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(./Bro_ConnSize.functions.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_DCE_RPC.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_DHCP.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_DNP3.events.bif.bro) -> -1
@@ -356,6 +390,8 @@
 0.000000   MetaHookPost  LoadFile(./Bro_IRC.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_Ident.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_InterConn.events.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(./Bro_KRB.events.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(./Bro_KRB.types.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_Login.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_Login.functions.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_MIME.events.bif.bro) -> -1
@@ -365,13 +401,16 @@
 0.000000   MetaHookPost  LoadFile(./Bro_NTP.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_NetBIOS.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_NetBIOS.functions.bif.bro) -> -1
-0.000000   MetaHookPost  LoadFile(./Bro_NetFlow.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_NoneWriter.none.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(./Bro_PE.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_PIA.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_POP3.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_RADIUS.events.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(./Bro_RDP.events.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(./Bro_RDP.types.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_RPC.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_RawReader.raw.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(./Bro_SIP.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMB.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMTP.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMTP.functions.bif.bro) -> -1
@@ -381,6 +420,7 @@
 0.000000   MetaHookPost  LoadFile(./Bro_SQLiteReader.sqlite.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SQLiteWriter.sqlite.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SSH.events.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(./Bro_SSH.types.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SSL.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SteppingStone.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_Syslog.events.bif.bro) -> -1
@@ -401,10 +441,12 @@
 0.000000   MetaHookPost  LoadFile(./bro.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./broxygen.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./cardinality-counter.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(./comm.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./const.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./consts) -> -1
 0.000000   MetaHookPost  LoadFile(./consts.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./contents) -> -1
+0.000000   MetaHookPost  LoadFile(./data.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./dcc-send) -> -1
 0.000000   MetaHookPost  LoadFile(./entities) -> -1
 0.000000   MetaHookPost  LoadFile(./event.bif.bro) -> -1
@@ -425,6 +467,7 @@
 0.000000   MetaHookPost  LoadFile(./main) -> -1
 0.000000   MetaHookPost  LoadFile(./main.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./max) -> -1
+0.000000   MetaHookPost  LoadFile(./messaging.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./min) -> -1
 0.000000   MetaHookPost  LoadFile(./mozilla-ca-list) -> -1
 0.000000   MetaHookPost  LoadFile(./netstats) -> -1
@@ -440,8 +483,10 @@
 0.000000   MetaHookPost  LoadFile(./sftp) -> -1
 0.000000   MetaHookPost  LoadFile(./site) -> -1
 0.000000   MetaHookPost  LoadFile(./std-dev) -> -1
+0.000000   MetaHookPost  LoadFile(./store.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./strings.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./sum) -> -1
+0.000000   MetaHookPost  LoadFile(./thresholds) -> -1
 0.000000   MetaHookPost  LoadFile(./top-k.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./topk) -> -1
 0.000000   MetaHookPost  LoadFile(./types.bif.bro) -> -1
@@ -467,12 +512,14 @@
 0.000000   MetaHookPost  LoadFile(<...>/hooks.bro) -> -1
 0.000000   MetaHookPost  LoadFile(base/bif) -> -1
 0.000000   MetaHookPost  LoadFile(base/init-default.bro) -> -1
+0.000000   MetaHookPost  LoadFile(base<...>/Bro_KRB.types.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/Bro_SNMP.types.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/active-http) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/addrs) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/analyzer) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/analyzer.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/bro.bif) -> -1
+0.000000   MetaHookPost  LoadFile(base<...>/broker) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/cluster) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/communication) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/conn) -> -1
@@ -499,6 +546,7 @@
 0.000000   MetaHookPost  LoadFile(base<...>/input.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/intel) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/irc) -> -1
+0.000000   MetaHookPost  LoadFile(base<...>/krb) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/logging) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/logging.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/main) -> -1
@@ -509,13 +557,16 @@
 0.000000   MetaHookPost  LoadFile(base<...>/packet-filter) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/paths) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/patterns) -> -1
+0.000000   MetaHookPost  LoadFile(base<...>/pe) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/plugins) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/pop3) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/queue) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/radius) -> -1
+0.000000   MetaHookPost  LoadFile(base<...>/rdp) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/reporter) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/reporter.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/signatures) -> -1
+0.000000   MetaHookPost  LoadFile(base<...>/sip) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/site) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/smtp) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/snmp) -> -1
@@ -537,334 +588,367 @@
 0.000000   MetaHookPost  LoadFile(base<...>/x509) -> -1
 0.000000   MetaHookPost  QueueEvent(bro_init()) -> false
 0.000000   MetaHookPost  QueueEvent(filter_change_tracking()) -> false
-0.000000   MetaHookPre   CallFunction(Analyzer::__disable_analyzer, (Analyzer::ANALYZER_BACKDOOR))
-0.000000   MetaHookPre   CallFunction(Analyzer::__disable_analyzer, (Analyzer::ANALYZER_INTERCONN))
-0.000000   MetaHookPre   CallFunction(Analyzer::__disable_analyzer, (Analyzer::ANALYZER_STEPPINGSTONE))
-0.000000   MetaHookPre   CallFunction(Analyzer::__disable_analyzer, (Analyzer::ANALYZER_TCPSTATS))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_AYIYA, 5072/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DHCP, 67/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DHCP, 68/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DNP3_TCP, 20000/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DNS, 137/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DNS, 53/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DNS, 53/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DNS, 5353/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_DNS, 5355/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_FTP, 21/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_FTP, 2811/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_GTPV1, 2123/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_GTPV1, 2152/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 1080/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 3128/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 631/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 80/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 8000/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 8080/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 81/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_HTTP, 8888/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_IRC, 6666/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_IRC, 6667/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_IRC, 6668/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_IRC, 6669/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_MODBUS, 502/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_MYSQL, 1434/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_MYSQL, 3306/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_RADIUS, 1812/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SMTP, 25/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SMTP, 587/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SNMP, 161/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SNMP, 162/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SOCKS, 1080/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSH, 22/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 443/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 5223/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 563/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 585/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 614/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 636/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 989/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 990/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 992/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 993/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 995/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SYSLOG, 514/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_TEREDO, 3544/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::disable_analyzer, (Analyzer::ANALYZER_BACKDOOR))
-0.000000   MetaHookPre   CallFunction(Analyzer::disable_analyzer, (Analyzer::ANALYZER_INTERCONN))
-0.000000   MetaHookPre   CallFunction(Analyzer::disable_analyzer, (Analyzer::ANALYZER_STEPPINGSTONE))
-0.000000   MetaHookPre   CallFunction(Analyzer::disable_analyzer, (Analyzer::ANALYZER_TCPSTATS))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_AYIYA, 5072/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DHCP, 67/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DHCP, 68/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DNP3_TCP, 20000/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DNS, 137/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DNS, 53/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DNS, 53/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DNS, 5353/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_DNS, 5355/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_FTP, 21/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_FTP, 2811/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_GTPV1, 2123/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_GTPV1, 2152/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 1080/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 3128/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 631/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 80/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 8000/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 8080/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 81/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_HTTP, 8888/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_IRC, 6666/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_IRC, 6667/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_IRC, 6668/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_IRC, 6669/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_MODBUS, 502/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_MYSQL, 1434/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_MYSQL, 3306/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_RADIUS, 1812/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SMTP, 25/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SMTP, 587/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SNMP, 161/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SNMP, 162/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SOCKS, 1080/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSH, 22/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 443/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 5223/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 563/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 585/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 614/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 636/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 989/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 990/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 992/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 993/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 995/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SYSLOG, 514/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_TEREDO, 3544/udp))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_AYIYA, {5072/udp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_DHCP, {67<...>/udp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_DNS, {5355<...>/udp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_FTP, {2811<...>/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_GTPV1, {2152<...>/udp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_HTTP, {631<...>/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_IRC, {6669<...>/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_MODBUS, {502/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_MYSQL, {3306<...>/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_RADIUS, {1812/udp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SMTP, {25<...>/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SNMP, {162<...>/udp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SOCKS, {1080/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SSH, {22/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SSL, {5223<...>/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SYSLOG, {514/udp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_TEREDO, {3544/udp}))
-0.000000   MetaHookPre   CallFunction(Cluster::is_enabled, ())
-0.000000   MetaHookPre   CallFunction(Files::register_analyzer_add_callback, (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)}))
-0.000000   MetaHookPre   CallFunction(Files::register_protocol, (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ <init> FTP::cid{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::f$conns[FTP::cid]?$ftp) return (FTP::describe(FTP::f$conns[FTP::cid]$ftp))}return ()}}]))
-0.000000   MetaHookPre   CallFunction(Files::register_protocol, (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ <init> HTTP::cid{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::f$conns[HTTP::cid]?$http) return (HTTP::build_url_http(HTTP::f$conns[HTTP::cid]$http))}return ()}}]))
-0.000000   MetaHookPre   CallFunction(Files::register_protocol, (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}]))
-0.000000   MetaHookPre   CallFunction(Files::register_protocol, (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ <init> SMTP::cid{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { SMTP::c = SMTP::f$conns[SMTP::cid]return (SMTP::describe(SMTP::c$smtp))}return ()}}]))
-0.000000   MetaHookPre   CallFunction(Files::register_protocol, (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Communication::LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Files::LOG, [columns=<no value description>, ev=Files::log_files]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Software::LOG, [columns=<no value description>, ev=Software::log_software]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql]))
-0.000000   MetaHookPre   CallFunction(Log::__write, (PacketFilter::LOG, [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T]))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Cluster::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Communication::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Conn::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (DHCP::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (DNP3::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (DNS::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (DPD::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (FTP::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Files::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (HTTP::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (IRC::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Intel::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Modbus::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Notice::ALARM_LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Notice::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (PacketFilter::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (RADIUS::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Reporter::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (SMTP::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (SNMP::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (SOCKS::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (SSH::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (SSL::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Signatures::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Software::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Syslog::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Tunnel::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Unified2::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (Weird::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (X509::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, (mysql::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Communication::LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Files::LOG, [columns=<no value description>, ev=Files::log_files]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Software::LOG, [columns=<no value description>, ev=Software::log_software]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql]))
-0.000000   MetaHookPre   CallFunction(Log::default_path_func, (PacketFilter::LOG, , [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T]))
-0.000000   MetaHookPre   CallFunction(Log::write, (PacketFilter::LOG, [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T]))
-0.000000   MetaHookPre   CallFunction(Notice::want_pp, ())
-0.000000   MetaHookPre   CallFunction(PacketFilter::build, ())
-0.000000   MetaHookPre   CallFunction(PacketFilter::combine_filters, (ip or not ip, and, ))
-0.000000   MetaHookPre   CallFunction(PacketFilter::install, ())
-0.000000   MetaHookPre   CallFunction(SumStats::add_observe_plugin_dependency, (SumStats::STD_DEV, SumStats::VARIANCE))
-0.000000   MetaHookPre   CallFunction(SumStats::add_observe_plugin_dependency, (SumStats::VARIANCE, SumStats::AVERAGE))
-0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, (SumStats::AVERAGE, anonymous-function{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)}))
-0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, (SumStats::HLL_UNIQUE, anonymous-function{ if (!SumStats::rv?$card) { SumStats::rv$card = hll_cardinality_init(SumStats::r$hll_error_margin, SumStats::r$hll_confidence)SumStats::rv$hll_error_margin = SumStats::r$hll_error_marginSumStats::rv$hll_confidence = SumStats::r$hll_confidence}hll_cardinality_add(SumStats::rv$card, SumStats::obs)SumStats::rv$hll_unique = double_to_count(hll_cardinality_estimate(SumStats::rv$card))}))
-0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, (SumStats::LAST, anonymous-function{ if (0 < SumStats::r$num_last_elements) { if (!SumStats::rv?$last_elements) SumStats::rv$last_elements = Queue::init((coerce [$max_len=SumStats::r$num_last_elements] to Queue::Settings))Queue::put(SumStats::rv$last_elements, SumStats::obs)}}))
-0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, (SumStats::MAX, anonymous-function{ if (!SumStats::rv?$max) SumStats::rv$max = SumStats::valelseif (SumStats::rv$max < SumStats::val) SumStats::rv$max = SumStats::val}))
-0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, (SumStats::MIN, anonymous-function{ if (!SumStats::rv?$min) SumStats::rv$min = SumStats::valelseif (SumStats::val < SumStats::rv$min) SumStats::rv$min = SumStats::val}))
-0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, (SumStats::SAMPLE, anonymous-function{ SumStats::sample_add_sample(SumStats::obs, SumStats::rv)}))
-0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, (SumStats::STD_DEV, anonymous-function{ SumStats::calc_std_dev(SumStats::rv)}))
-0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, (SumStats::SUM, anonymous-function{ SumStats::rv$sum += SumStats::val}))
-0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, (SumStats::TOPK, anonymous-function{ topk_add(SumStats::rv$topk, SumStats::obs)}))
-0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, (SumStats::UNIQUE, anonymous-function{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || flattenSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = flattenSumStats::rv$unique_vals}))
-0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, (SumStats::VARIANCE, anonymous-function{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average}))
-0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugins, ())
-0.000000   MetaHookPre   CallFunction(Unified2::mappings_initialized, ())
-0.000000   MetaHookPre   CallFunction(Unified2::start_watching, ())
-0.000000   MetaHookPre   CallFunction(bro_init, ())
-0.000000   MetaHookPre   CallFunction(cat, (Packe, t, _, Filter))
-0.000000   MetaHookPre   CallFunction(current_time, ())
-0.000000   MetaHookPre   CallFunction(filter_change_tracking, ())
-0.000000   MetaHookPre   CallFunction(fmt, (%s, PacketFilter::LOG))
-0.000000   MetaHookPre   CallFunction(getenv, (CLUSTER_NODE))
-0.000000   MetaHookPre   CallFunction(install_pcap_filter, (PacketFilter::DefaultPcapFilter))
-0.000000   MetaHookPre   CallFunction(network_time, ())
-0.000000   MetaHookPre   CallFunction(precompile_pcap_filter, (PacketFilter::DefaultPcapFilter, ip or not ip))
-0.000000   MetaHookPre   CallFunction(reading_live_traffic, ())
-0.000000   MetaHookPre   CallFunction(reading_traces, ())
-0.000000   MetaHookPre   CallFunction(set_to_regex, ({}, (^\.?|\.)(~~)$))
-0.000000   MetaHookPre   CallFunction(split_string1, (PacketFilter::LOG, <...>/))
-0.000000   MetaHookPre   CallFunction(split_string_n, (PacketFilter, <...>/, T, 4))
-0.000000   MetaHookPre   CallFunction(string_to_pattern, ((^\.?|\.)()$, F))
-0.000000   MetaHookPre   CallFunction(sub, ((^\.?|\.)(~~)$, <...>/, ))
-0.000000   MetaHookPre   CallFunction(sub_bytes, (tFilter, 1, 1))
-0.000000   MetaHookPre   CallFunction(sub_bytes, (tFilter, 2, 7))
-0.000000   MetaHookPre   CallFunction(to_lower, (Packet_Filter))
+0.000000   MetaHookPre   CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_BACKDOOR))
+0.000000   MetaHookPre   CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_INTERCONN))
+0.000000   MetaHookPre   CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_STEPPINGSTONE))
+0.000000   MetaHookPre   CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_TCPSTATS))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_AYIYA, 5072/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 67/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 68/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNP3_TCP, 20000/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 137/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 53/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 53/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5353/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5355/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DTLS, 443/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 21/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 2811/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_GTPV1, 2123/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_GTPV1, 2152/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 1080/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 3128/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 631/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 80/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8000/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8080/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 81/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8888/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6666/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6667/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6668/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6669/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_KRB, 88/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_KRB_TCP, 88/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_MODBUS, 502/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_MYSQL, 1434/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_MYSQL, 3306/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_RADIUS, 1812/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_RDP, 3389/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SIP, 5060/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SMTP, 25/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SMTP, 587/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SNMP, 161/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SNMP, 162/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SOCKS, 1080/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSH, 22/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 443/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 5223/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 563/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 585/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 614/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 636/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 989/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 990/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 992/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 993/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 995/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SYSLOG, 514/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_TEREDO, 3544/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::disable_analyzer, <frame>, (Analyzer::ANALYZER_BACKDOOR))
+0.000000   MetaHookPre   CallFunction(Analyzer::disable_analyzer, <frame>, (Analyzer::ANALYZER_INTERCONN))
+0.000000   MetaHookPre   CallFunction(Analyzer::disable_analyzer, <frame>, (Analyzer::ANALYZER_STEPPINGSTONE))
+0.000000   MetaHookPre   CallFunction(Analyzer::disable_analyzer, <frame>, (Analyzer::ANALYZER_TCPSTATS))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_AYIYA, 5072/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 67/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 68/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNP3_TCP, 20000/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 137/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 53/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 53/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5353/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5355/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DTLS, 443/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 21/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 2811/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_GTPV1, 2123/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_GTPV1, 2152/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 1080/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 3128/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 631/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 80/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8000/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8080/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 81/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 8888/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6666/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6667/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6668/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_IRC, 6669/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_KRB, 88/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_KRB_TCP, 88/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_MODBUS, 502/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_MYSQL, 1434/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_MYSQL, 3306/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_RADIUS, 1812/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_RDP, 3389/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SIP, 5060/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SMTP, 25/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SMTP, 587/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SNMP, 161/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SNMP, 162/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SOCKS, 1080/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSH, 22/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 443/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 5223/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 563/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 585/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 614/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 636/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 989/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 990/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 992/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 993/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SSL, 995/tcp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_SYSLOG, 514/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_TEREDO, 3544/udp))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_AYIYA, {5072/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DHCP, {67<...>/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5355<...>/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DTLS, {443/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FTP, {2811<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2152<...>/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {631<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6669<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB, {88/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB_TCP, {88/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_MODBUS, {502/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_MYSQL, {3306<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_RADIUS, {1812/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_RDP, {3389/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SIP, {5060/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMTP, {25<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SNMP, {162<...>/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SOCKS, {1080/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSH, {22/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSL, {5223<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SYSLOG, {514/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_TEREDO, {3544/udp}))
+0.000000   MetaHookPre   CallFunction(Cluster::is_enabled, <frame>, ())
+0.000000   MetaHookPre   CallFunction(Cluster::is_enabled, <null>, ())
+0.000000   MetaHookPre   CallFunction(Files::register_analyzer_add_callback, <frame>, (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)}))
+0.000000   MetaHookPre   CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_PE, application/x-dosexec))
+0.000000   MetaHookPre   CallFunction(Files::register_for_mime_types, <frame>, (Files::ANALYZER_PE, {application/x-dosexec}))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ <init> FTP::cid{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::f$conns[FTP::cid]?$ftp) return (FTP::describe(FTP::f$conns[FTP::cid]$ftp))}return ()}}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ <init> HTTP::cid{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::f$conns[HTTP::cid]?$http) return (HTTP::build_url_http(HTTP::f$conns[HTTP::cid]$http))}return ()}}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::cid{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::f$conns[KRB::cid]?$krb) { KRB::c = KRB::f$conns[KRB::cid]return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::cid{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::f$conns[KRB::cid]?$krb) { KRB::c = KRB::f$conns[KRB::cid]return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ <init> SMTP::cid{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { SMTP::c = SMTP::f$conns[SMTP::cid]return (SMTP::describe(SMTP::c$smtp))}return ()}}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=cluster, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=communication, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=conn, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dhcp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dnp3, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dns, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dpd, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=ftp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=files, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=http, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=irc, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=intel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=kerberos, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=modbus, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=pe, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=radius, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=rdp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=reporter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=sip, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=smtp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=snmp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=socks, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=ssh, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=ssl, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=signatures, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=software, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=syslog, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=tunnel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=unified2, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Communication::LOG, [columns=<no value description>, ev=<uninitialized>, path=communication]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
+0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1429655378.868621, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Communication::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Conn::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (DHCP::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (DNP3::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (DNS::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (DPD::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (FTP::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Files::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (HTTP::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (IRC::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Intel::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (KRB::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Modbus::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Notice::ALARM_LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Notice::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (PE::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (PacketFilter::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (RADIUS::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (RDP::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Reporter::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (SIP::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (SMTP::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (SNMP::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (SOCKS::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (SSH::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (SSL::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Signatures::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Software::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Syslog::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Tunnel::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Unified2::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Weird::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (X509::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (mysql::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Communication::LOG, [columns=<no value description>, ev=<uninitialized>, path=communication]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
+0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1429655378.868621, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
+0.000000   MetaHookPre   CallFunction(PacketFilter::build, <frame>, ())
+0.000000   MetaHookPre   CallFunction(PacketFilter::combine_filters, <frame>, (ip or not ip, and, ))
+0.000000   MetaHookPre   CallFunction(PacketFilter::install, <frame>, ())
+0.000000   MetaHookPre   CallFunction(SumStats::add_observe_plugin_dependency, <frame>, (SumStats::STD_DEV, SumStats::VARIANCE))
+0.000000   MetaHookPre   CallFunction(SumStats::add_observe_plugin_dependency, <frame>, (SumStats::VARIANCE, SumStats::AVERAGE))
+0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::AVERAGE, anonymous-function{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)}))
+0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::HLL_UNIQUE, anonymous-function{ if (!SumStats::rv?$card) { SumStats::rv$card = hll_cardinality_init(SumStats::r$hll_error_margin, SumStats::r$hll_confidence)SumStats::rv$hll_error_margin = SumStats::r$hll_error_marginSumStats::rv$hll_confidence = SumStats::r$hll_confidence}hll_cardinality_add(SumStats::rv$card, SumStats::obs)SumStats::rv$hll_unique = double_to_count(hll_cardinality_estimate(SumStats::rv$card))}))
+0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::LAST, anonymous-function{ if (0 < SumStats::r$num_last_elements) { if (!SumStats::rv?$last_elements) SumStats::rv$last_elements = Queue::init((coerce [$max_len=SumStats::r$num_last_elements] to Queue::Settings))Queue::put(SumStats::rv$last_elements, SumStats::obs)}}))
+0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::MAX, anonymous-function{ if (!SumStats::rv?$max) SumStats::rv$max = SumStats::valelseif (SumStats::rv$max < SumStats::val) SumStats::rv$max = SumStats::val}))
+0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::MIN, anonymous-function{ if (!SumStats::rv?$min) SumStats::rv$min = SumStats::valelseif (SumStats::val < SumStats::rv$min) SumStats::rv$min = SumStats::val}))
+0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::SAMPLE, anonymous-function{ SumStats::sample_add_sample(SumStats::obs, SumStats::rv)}))
+0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::STD_DEV, anonymous-function{ SumStats::calc_std_dev(SumStats::rv)}))
+0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::SUM, anonymous-function{ SumStats::rv$sum += SumStats::val}))
+0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::TOPK, anonymous-function{ topk_add(SumStats::rv$topk, SumStats::obs)}))
+0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::UNIQUE, anonymous-function{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || flattenSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = flattenSumStats::rv$unique_vals}))
+0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::VARIANCE, anonymous-function{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average}))
+0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugins, <frame>, ())
+0.000000   MetaHookPre   CallFunction(Unified2::mappings_initialized, <frame>, ())
+0.000000   MetaHookPre   CallFunction(Unified2::start_watching, <frame>, ())
+0.000000   MetaHookPre   CallFunction(bro_init, <null>, ())
+0.000000   MetaHookPre   CallFunction(current_time, <frame>, ())
+0.000000   MetaHookPre   CallFunction(filter_change_tracking, <null>, ())
+0.000000   MetaHookPre   CallFunction(getenv, <null>, (CLUSTER_NODE))
+0.000000   MetaHookPre   CallFunction(install_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter))
+0.000000   MetaHookPre   CallFunction(network_time, <frame>, ())
+0.000000   MetaHookPre   CallFunction(precompile_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter, ip or not ip))
+0.000000   MetaHookPre   CallFunction(reading_live_traffic, <frame>, ())
+0.000000   MetaHookPre   CallFunction(reading_traces, <frame>, ())
+0.000000   MetaHookPre   CallFunction(set_to_regex, <frame>, ({}, (^\.?|\.)(~~)$))
+0.000000   MetaHookPre   CallFunction(string_to_pattern, <frame>, ((^\.?|\.)()$, F))
+0.000000   MetaHookPre   CallFunction(sub, <frame>, ((^\.?|\.)(~~)$, <...>/, ))
 0.000000   MetaHookPre   DrainEvents()
 0.000000   MetaHookPre   LoadFile(../main)
 0.000000   MetaHookPre   LoadFile(./Bro_ARP.events.bif.bro)
@@ -876,6 +960,7 @@
 0.000000   MetaHookPre   LoadFile(./Bro_BinaryReader.binary.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_BitTorrent.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_ConnSize.events.bif.bro)
+0.000000   MetaHookPre   LoadFile(./Bro_ConnSize.functions.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_DCE_RPC.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_DHCP.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_DNP3.events.bif.bro)
@@ -895,6 +980,8 @@
 0.000000   MetaHookPre   LoadFile(./Bro_IRC.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_Ident.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_InterConn.events.bif.bro)
+0.000000   MetaHookPre   LoadFile(./Bro_KRB.events.bif.bro)
+0.000000   MetaHookPre   LoadFile(./Bro_KRB.types.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_Login.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_Login.functions.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_MIME.events.bif.bro)
@@ -904,13 +991,16 @@
 0.000000   MetaHookPre   LoadFile(./Bro_NTP.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_NetBIOS.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_NetBIOS.functions.bif.bro)
-0.000000   MetaHookPre   LoadFile(./Bro_NetFlow.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_NoneWriter.none.bif.bro)
+0.000000   MetaHookPre   LoadFile(./Bro_PE.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_PIA.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_POP3.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_RADIUS.events.bif.bro)
+0.000000   MetaHookPre   LoadFile(./Bro_RDP.events.bif.bro)
+0.000000   MetaHookPre   LoadFile(./Bro_RDP.types.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_RPC.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_RawReader.raw.bif.bro)
+0.000000   MetaHookPre   LoadFile(./Bro_SIP.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMB.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMTP.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMTP.functions.bif.bro)
@@ -920,6 +1010,7 @@
 0.000000   MetaHookPre   LoadFile(./Bro_SQLiteReader.sqlite.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SQLiteWriter.sqlite.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SSH.events.bif.bro)
+0.000000   MetaHookPre   LoadFile(./Bro_SSH.types.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SSL.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SteppingStone.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_Syslog.events.bif.bro)
@@ -940,10 +1031,12 @@
 0.000000   MetaHookPre   LoadFile(./bro.bif.bro)
 0.000000   MetaHookPre   LoadFile(./broxygen.bif.bro)
 0.000000   MetaHookPre   LoadFile(./cardinality-counter.bif.bro)
+0.000000   MetaHookPre   LoadFile(./comm.bif.bro)
 0.000000   MetaHookPre   LoadFile(./const.bif.bro)
 0.000000   MetaHookPre   LoadFile(./consts)
 0.000000   MetaHookPre   LoadFile(./consts.bro)
 0.000000   MetaHookPre   LoadFile(./contents)
+0.000000   MetaHookPre   LoadFile(./data.bif.bro)
 0.000000   MetaHookPre   LoadFile(./dcc-send)
 0.000000   MetaHookPre   LoadFile(./entities)
 0.000000   MetaHookPre   LoadFile(./event.bif.bro)
@@ -964,6 +1057,7 @@
 0.000000   MetaHookPre   LoadFile(./main)
 0.000000   MetaHookPre   LoadFile(./main.bro)
 0.000000   MetaHookPre   LoadFile(./max)
+0.000000   MetaHookPre   LoadFile(./messaging.bif.bro)
 0.000000   MetaHookPre   LoadFile(./min)
 0.000000   MetaHookPre   LoadFile(./mozilla-ca-list)
 0.000000   MetaHookPre   LoadFile(./netstats)
@@ -979,8 +1073,10 @@
 0.000000   MetaHookPre   LoadFile(./sftp)
 0.000000   MetaHookPre   LoadFile(./site)
 0.000000   MetaHookPre   LoadFile(./std-dev)
+0.000000   MetaHookPre   LoadFile(./store.bif.bro)
 0.000000   MetaHookPre   LoadFile(./strings.bif.bro)
 0.000000   MetaHookPre   LoadFile(./sum)
+0.000000   MetaHookPre   LoadFile(./thresholds)
 0.000000   MetaHookPre   LoadFile(./top-k.bif.bro)
 0.000000   MetaHookPre   LoadFile(./topk)
 0.000000   MetaHookPre   LoadFile(./types.bif.bro)
@@ -1006,12 +1102,14 @@
 0.000000   MetaHookPre   LoadFile(<...>/hooks.bro)
 0.000000   MetaHookPre   LoadFile(base/bif)
 0.000000   MetaHookPre   LoadFile(base/init-default.bro)
+0.000000   MetaHookPre   LoadFile(base<...>/Bro_KRB.types.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/Bro_SNMP.types.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/active-http)
 0.000000   MetaHookPre   LoadFile(base<...>/addrs)
 0.000000   MetaHookPre   LoadFile(base<...>/analyzer)
 0.000000   MetaHookPre   LoadFile(base<...>/analyzer.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/bro.bif)
+0.000000   MetaHookPre   LoadFile(base<...>/broker)
 0.000000   MetaHookPre   LoadFile(base<...>/cluster)
 0.000000   MetaHookPre   LoadFile(base<...>/communication)
 0.000000   MetaHookPre   LoadFile(base<...>/conn)
@@ -1038,6 +1136,7 @@
 0.000000   MetaHookPre   LoadFile(base<...>/input.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/intel)
 0.000000   MetaHookPre   LoadFile(base<...>/irc)
+0.000000   MetaHookPre   LoadFile(base<...>/krb)
 0.000000   MetaHookPre   LoadFile(base<...>/logging)
 0.000000   MetaHookPre   LoadFile(base<...>/logging.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/main)
@@ -1048,13 +1147,16 @@
 0.000000   MetaHookPre   LoadFile(base<...>/packet-filter)
 0.000000   MetaHookPre   LoadFile(base<...>/paths)
 0.000000   MetaHookPre   LoadFile(base<...>/patterns)
+0.000000   MetaHookPre   LoadFile(base<...>/pe)
 0.000000   MetaHookPre   LoadFile(base<...>/plugins)
 0.000000   MetaHookPre   LoadFile(base<...>/pop3)
 0.000000   MetaHookPre   LoadFile(base<...>/queue)
 0.000000   MetaHookPre   LoadFile(base<...>/radius)
+0.000000   MetaHookPre   LoadFile(base<...>/rdp)
 0.000000   MetaHookPre   LoadFile(base<...>/reporter)
 0.000000   MetaHookPre   LoadFile(base<...>/reporter.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/signatures)
+0.000000   MetaHookPre   LoadFile(base<...>/sip)
 0.000000   MetaHookPre   LoadFile(base<...>/site)
 0.000000   MetaHookPre   LoadFile(base<...>/smtp)
 0.000000   MetaHookPre   LoadFile(base<...>/snmp)
@@ -1090,6 +1192,7 @@
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 53/udp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 5353/udp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 5355/udp)
+0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DTLS, 443/udp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FTP, 21/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FTP, 2811/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_GTPV1, 2123/udp)
@@ -1106,10 +1209,14 @@
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6667/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6668/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6669/tcp)
+0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_KRB, 88/udp)
+0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_KRB_TCP, 88/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_MODBUS, 502/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_MYSQL, 1434/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_MYSQL, 3306/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_RADIUS, 1812/udp)
+0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_RDP, 3389/tcp)
+0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SIP, 5060/udp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMTP, 25/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMTP, 587/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SNMP, 161/udp)
@@ -1143,6 +1250,7 @@
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 53/udp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 5353/udp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 5355/udp)
+0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DTLS, 443/udp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FTP, 21/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FTP, 2811/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_GTPV1, 2123/udp)
@@ -1159,10 +1267,14 @@
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6667/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6668/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6669/tcp)
+0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_KRB, 88/udp)
+0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_KRB_TCP, 88/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_MODBUS, 502/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_MYSQL, 1434/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_MYSQL, 3306/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_RADIUS, 1812/udp)
+0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_RDP, 3389/tcp)
+0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SIP, 5060/udp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMTP, 25/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMTP, 587/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SNMP, 161/udp)
@@ -1186,13 +1298,18 @@
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, {67<...>/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, {5355<...>/udp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, {443/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, {2811<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_GTPV1, {2152<...>/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {631<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, {6669<...>/tcp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB, {88/udp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB_TCP, {88/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_MODBUS, {502/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_MYSQL, {3306<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RADIUS, {1812/udp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RDP, {3389/tcp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SIP, {5060/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, {25<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, {162<...>/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, {1080/tcp})
@@ -1201,75 +1318,88 @@
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, {514/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, {3544/udp})
 0.000000 | HookCallFunction Cluster::is_enabled()
-0.000000 | HookCallFunction Files::register_analyzer_add_callback(Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)})
+0.000000 | HookCallFunction Files::register_analyzer_add_callback(Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)})
+0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_PE, application/x-dosexec)
+0.000000 | HookCallFunction Files::register_for_mime_types(Files::ANALYZER_PE, {application/x-dosexec})
+0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])
 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ <init> FTP::cid{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::f$conns[FTP::cid]?$ftp) return (FTP::describe(FTP::f$conns[FTP::cid]$ftp))}return ()}}])
 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ <init> HTTP::cid{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::f$conns[HTTP::cid]?$http) return (HTTP::build_url_http(HTTP::f$conns[HTTP::cid]$http))}return ()}}])
 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}])
+0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::cid{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::f$conns[KRB::cid]?$krb) { KRB::c = KRB::f$conns[KRB::cid]return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}])
+0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::cid{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::f$conns[KRB::cid]?$krb) { KRB::c = KRB::f$conns[KRB::cid]return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}])
 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ <init> SMTP::cid{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { SMTP::c = SMTP::f$conns[SMTP::cid]return (SMTP::describe(SMTP::c$smtp))}return ()}}])
 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])
-0.000000 | HookCallFunction Log::__add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::__create_stream(Communication::LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::__create_stream(Conn::LOG, [columns=<no value description>, ev=Conn::log_conn])
-0.000000 | HookCallFunction Log::__create_stream(DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp])
-0.000000 | HookCallFunction Log::__create_stream(DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3])
-0.000000 | HookCallFunction Log::__create_stream(DNS::LOG, [columns=<no value description>, ev=DNS::log_dns])
-0.000000 | HookCallFunction Log::__create_stream(DPD::LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::__create_stream(FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp])
-0.000000 | HookCallFunction Log::__create_stream(Files::LOG, [columns=<no value description>, ev=Files::log_files])
-0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http])
-0.000000 | HookCallFunction Log::__create_stream(IRC::LOG, [columns=<no value description>, ev=IRC::irc_log])
-0.000000 | HookCallFunction Log::__create_stream(Intel::LOG, [columns=<no value description>, ev=Intel::log_intel])
-0.000000 | HookCallFunction Log::__create_stream(Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus])
-0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=<no value description>, ev=Notice::log_notice])
-0.000000 | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius])
-0.000000 | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::__create_stream(SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp])
-0.000000 | HookCallFunction Log::__create_stream(SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp])
-0.000000 | HookCallFunction Log::__create_stream(SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks])
-0.000000 | HookCallFunction Log::__create_stream(SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh])
-0.000000 | HookCallFunction Log::__create_stream(SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl])
-0.000000 | HookCallFunction Log::__create_stream(Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature])
-0.000000 | HookCallFunction Log::__create_stream(Software::LOG, [columns=<no value description>, ev=Software::log_software])
-0.000000 | HookCallFunction Log::__create_stream(Syslog::LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::__create_stream(Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2])
-0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])
-0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509])
-0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=cluster, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=communication, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=conn, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dhcp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dnp3, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dns, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dpd, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=ftp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=files, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=http, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=irc, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=intel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=kerberos, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=modbus, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=pe, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=radius, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=rdp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=reporter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=sip, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=smtp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=snmp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=socks, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=ssh, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=ssl, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=signatures, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=software, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=syslog, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=tunnel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=unified2, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])
+0.000000 | HookCallFunction Log::__create_stream(Communication::LOG, [columns=<no value description>, ev=<uninitialized>, path=communication])
+0.000000 | HookCallFunction Log::__create_stream(Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])
+0.000000 | HookCallFunction Log::__create_stream(DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])
+0.000000 | HookCallFunction Log::__create_stream(DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])
+0.000000 | HookCallFunction Log::__create_stream(DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])
+0.000000 | HookCallFunction Log::__create_stream(DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])
+0.000000 | HookCallFunction Log::__create_stream(FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])
+0.000000 | HookCallFunction Log::__create_stream(Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])
+0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])
+0.000000 | HookCallFunction Log::__create_stream(IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])
+0.000000 | HookCallFunction Log::__create_stream(Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])
+0.000000 | HookCallFunction Log::__create_stream(KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])
+0.000000 | HookCallFunction Log::__create_stream(Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])
+0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])
+0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])
+0.000000 | HookCallFunction Log::__create_stream(PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])
+0.000000 | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])
+0.000000 | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])
+0.000000 | HookCallFunction Log::__create_stream(RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])
+0.000000 | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])
+0.000000 | HookCallFunction Log::__create_stream(SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])
+0.000000 | HookCallFunction Log::__create_stream(SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])
+0.000000 | HookCallFunction Log::__create_stream(SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])
+0.000000 | HookCallFunction Log::__create_stream(SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])
+0.000000 | HookCallFunction Log::__create_stream(SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])
+0.000000 | HookCallFunction Log::__create_stream(SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])
+0.000000 | HookCallFunction Log::__create_stream(Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])
+0.000000 | HookCallFunction Log::__create_stream(Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])
+0.000000 | HookCallFunction Log::__create_stream(Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])
+0.000000 | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])
+0.000000 | HookCallFunction Log::__create_stream(Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])
+0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
+0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
+0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1429655378.868621, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG)
@@ -1282,12 +1412,16 @@
 0.000000 | HookCallFunction Log::add_default_filter(HTTP::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(IRC::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Intel::LOG)
+0.000000 | HookCallFunction Log::add_default_filter(KRB::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Modbus::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Notice::ALARM_LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Notice::LOG)
+0.000000 | HookCallFunction Log::add_default_filter(PE::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(PacketFilter::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(RADIUS::LOG)
+0.000000 | HookCallFunction Log::add_default_filter(RDP::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Reporter::LOG)
+0.000000 | HookCallFunction Log::add_default_filter(SIP::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(SMTP::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(SNMP::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(SOCKS::LOG)
@@ -1313,12 +1447,16 @@
 0.000000 | HookCallFunction Log::add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::add_filter(KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::add_filter(PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::add_filter(RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::add_filter(SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
@@ -1332,39 +1470,42 @@
 0.000000 | HookCallFunction Log::add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::create_stream(Communication::LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::create_stream(Conn::LOG, [columns=<no value description>, ev=Conn::log_conn])
-0.000000 | HookCallFunction Log::create_stream(DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp])
-0.000000 | HookCallFunction Log::create_stream(DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3])
-0.000000 | HookCallFunction Log::create_stream(DNS::LOG, [columns=<no value description>, ev=DNS::log_dns])
-0.000000 | HookCallFunction Log::create_stream(DPD::LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::create_stream(FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp])
-0.000000 | HookCallFunction Log::create_stream(Files::LOG, [columns=<no value description>, ev=Files::log_files])
-0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http])
-0.000000 | HookCallFunction Log::create_stream(IRC::LOG, [columns=<no value description>, ev=IRC::irc_log])
-0.000000 | HookCallFunction Log::create_stream(Intel::LOG, [columns=<no value description>, ev=Intel::log_intel])
-0.000000 | HookCallFunction Log::create_stream(Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus])
-0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=<no value description>, ev=Notice::log_notice])
-0.000000 | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius])
-0.000000 | HookCallFunction Log::create_stream(Reporter::LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::create_stream(SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp])
-0.000000 | HookCallFunction Log::create_stream(SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp])
-0.000000 | HookCallFunction Log::create_stream(SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks])
-0.000000 | HookCallFunction Log::create_stream(SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh])
-0.000000 | HookCallFunction Log::create_stream(SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl])
-0.000000 | HookCallFunction Log::create_stream(Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature])
-0.000000 | HookCallFunction Log::create_stream(Software::LOG, [columns=<no value description>, ev=Software::log_software])
-0.000000 | HookCallFunction Log::create_stream(Syslog::LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>])
-0.000000 | HookCallFunction Log::create_stream(Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2])
-0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])
-0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509])
-0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])
-0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])
+0.000000 | HookCallFunction Log::create_stream(Communication::LOG, [columns=<no value description>, ev=<uninitialized>, path=communication])
+0.000000 | HookCallFunction Log::create_stream(Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])
+0.000000 | HookCallFunction Log::create_stream(DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])
+0.000000 | HookCallFunction Log::create_stream(DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])
+0.000000 | HookCallFunction Log::create_stream(DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])
+0.000000 | HookCallFunction Log::create_stream(DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])
+0.000000 | HookCallFunction Log::create_stream(FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])
+0.000000 | HookCallFunction Log::create_stream(Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])
+0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])
+0.000000 | HookCallFunction Log::create_stream(IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])
+0.000000 | HookCallFunction Log::create_stream(Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])
+0.000000 | HookCallFunction Log::create_stream(KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])
+0.000000 | HookCallFunction Log::create_stream(Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])
+0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])
+0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])
+0.000000 | HookCallFunction Log::create_stream(PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])
+0.000000 | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])
+0.000000 | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])
+0.000000 | HookCallFunction Log::create_stream(RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])
+0.000000 | HookCallFunction Log::create_stream(Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])
+0.000000 | HookCallFunction Log::create_stream(SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])
+0.000000 | HookCallFunction Log::create_stream(SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])
+0.000000 | HookCallFunction Log::create_stream(SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])
+0.000000 | HookCallFunction Log::create_stream(SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])
+0.000000 | HookCallFunction Log::create_stream(SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])
+0.000000 | HookCallFunction Log::create_stream(SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])
+0.000000 | HookCallFunction Log::create_stream(Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])
+0.000000 | HookCallFunction Log::create_stream(Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])
+0.000000 | HookCallFunction Log::create_stream(Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])
+0.000000 | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])
+0.000000 | HookCallFunction Log::create_stream(Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])
+0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
+0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
+0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1429655378.868621, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Notice::want_pp()
 0.000000 | HookCallFunction PacketFilter::build()
 0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, )
@@ -1386,10 +1527,8 @@
 0.000000 | HookCallFunction Unified2::mappings_initialized()
 0.000000 | HookCallFunction Unified2::start_watching()
 0.000000 | HookCallFunction bro_init()
-0.000000 | HookCallFunction cat(Packe, t, _, Filter)
 0.000000 | HookCallFunction current_time()
 0.000000 | HookCallFunction filter_change_tracking()
-0.000000 | HookCallFunction fmt(%s, PacketFilter::LOG)
 0.000000 | HookCallFunction getenv(CLUSTER_NODE)
 0.000000 | HookCallFunction install_pcap_filter(PacketFilter::DefaultPcapFilter)
 0.000000 | HookCallFunction network_time()
@@ -1397,13 +1536,8 @@
 0.000000 | HookCallFunction reading_live_traffic()
 0.000000 | HookCallFunction reading_traces()
 0.000000 | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$)
-0.000000 | HookCallFunction split_string1(PacketFilter::LOG, <...>/)
-0.000000 | HookCallFunction split_string_n(PacketFilter, <...>/, T, 4)
 0.000000 | HookCallFunction string_to_pattern((^\.?|\.)()$, F)
 0.000000 | HookCallFunction sub((^\.?|\.)(~~)$, <...>/, )
-0.000000 | HookCallFunction sub_bytes(tFilter, 1, 1)
-0.000000 | HookCallFunction sub_bytes(tFilter, 2, 7)
-0.000000 | HookCallFunction to_lower(Packet_Filter)
 0.000000 | HookDrainEvents
 0.000000 | HookLoadFile  ..<...>/bro
 0.000000 | HookLoadFile  .<...>/bro
@@ -1413,164 +1547,164 @@
 0.000000 | HookQueueEvent bro_init()
 0.000000 | HookQueueEvent filter_change_tracking()
 1362692526.869344   MetaHookPost  BroObjDtor(<void ptr>) -> <void>
-1362692526.869344   MetaHookPost  CallFunction(ChecksumOffloading::check, ()) -> <null>
-1362692526.869344   MetaHookPost  CallFunction(filter_change_tracking, ()) -> <null>
-1362692526.869344   MetaHookPost  CallFunction(net_stats, ()) -> <null>
-1362692526.869344   MetaHookPost  CallFunction(new_connection, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <null>
+1362692526.869344   MetaHookPost  CallFunction(ChecksumOffloading::check, <null>, ()) -> <no result>
+1362692526.869344   MetaHookPost  CallFunction(filter_change_tracking, <null>, ()) -> <no result>
+1362692526.869344   MetaHookPost  CallFunction(net_stats, <frame>, ()) -> <no result>
+1362692526.869344   MetaHookPost  CallFunction(new_connection, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
 1362692526.869344   MetaHookPost  DrainEvents() -> <void>
 1362692526.869344   MetaHookPost  QueueEvent(ChecksumOffloading::check()) -> false
 1362692526.869344   MetaHookPost  QueueEvent(filter_change_tracking()) -> false
-1362692526.869344   MetaHookPost  QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> false
+1362692526.869344   MetaHookPost  QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> false
 1362692526.869344   MetaHookPost  UpdateNetworkTime(1362692526.869344) -> <void>
 1362692526.869344   MetaHookPre   BroObjDtor(<void ptr>)
-1362692526.869344   MetaHookPre   CallFunction(ChecksumOffloading::check, ())
-1362692526.869344   MetaHookPre   CallFunction(filter_change_tracking, ())
-1362692526.869344   MetaHookPre   CallFunction(net_stats, ())
-1362692526.869344   MetaHookPre   CallFunction(new_connection, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
+1362692526.869344   MetaHookPre   CallFunction(ChecksumOffloading::check, <null>, ())
+1362692526.869344   MetaHookPre   CallFunction(filter_change_tracking, <null>, ())
+1362692526.869344   MetaHookPre   CallFunction(net_stats, <frame>, ())
+1362692526.869344   MetaHookPre   CallFunction(new_connection, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
 1362692526.869344   MetaHookPre   DrainEvents()
 1362692526.869344   MetaHookPre   QueueEvent(ChecksumOffloading::check())
 1362692526.869344   MetaHookPre   QueueEvent(filter_change_tracking())
-1362692526.869344   MetaHookPre   QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
+1362692526.869344   MetaHookPre   QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
 1362692526.869344   MetaHookPre   UpdateNetworkTime(1362692526.869344)
 1362692526.869344  | HookBroObjDtor
 1362692526.869344  | HookUpdateNetworkTime 1362692526.869344
 1362692526.869344 | HookCallFunction ChecksumOffloading::check()
 1362692526.869344 | HookCallFunction filter_change_tracking()
 1362692526.869344 | HookCallFunction net_stats()
-1362692526.869344 | HookCallFunction new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
+1362692526.869344 | HookCallFunction new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
 1362692526.869344 | HookDrainEvents
 1362692526.869344 | HookQueueEvent ChecksumOffloading::check()
 1362692526.869344 | HookQueueEvent filter_change_tracking()
-1362692526.869344 | HookQueueEvent new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
+1362692526.869344 | HookQueueEvent new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
 1362692526.869344 | RequestObjDtor ChecksumOffloading::check()
-1362692526.939084   MetaHookPost  CallFunction(connection_established, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <null>
+1362692526.939084   MetaHookPost  CallFunction(connection_established, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
 1362692526.939084   MetaHookPost  DrainEvents() -> <void>
-1362692526.939084   MetaHookPost  QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> false
+1362692526.939084   MetaHookPost  QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> false
 1362692526.939084   MetaHookPost  UpdateNetworkTime(1362692526.939084) -> <void>
-1362692526.939084   MetaHookPre   CallFunction(connection_established, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
+1362692526.939084   MetaHookPre   CallFunction(connection_established, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
 1362692526.939084   MetaHookPre   DrainEvents()
-1362692526.939084   MetaHookPre   QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
+1362692526.939084   MetaHookPre   QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
 1362692526.939084   MetaHookPre   UpdateNetworkTime(1362692526.939084)
 1362692526.939084  | HookUpdateNetworkTime 1362692526.939084
-1362692526.939084 | HookCallFunction connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
+1362692526.939084 | HookCallFunction connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
 1362692526.939084 | HookDrainEvents
-1362692526.939084 | HookQueueEvent connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
+1362692526.939084 | HookQueueEvent connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
 1362692526.939378   MetaHookPost  DrainEvents() -> <void>
 1362692526.939378   MetaHookPost  UpdateNetworkTime(1362692526.939378) -> <void>
 1362692526.939378   MetaHookPre   DrainEvents()
 1362692526.939378   MetaHookPre   UpdateNetworkTime(1362692526.939378)
 1362692526.939378  | HookUpdateNetworkTime 1362692526.939378
 1362692526.939378 | HookDrainEvents
-1362692526.939527   MetaHookPost  CallFunction(Analyzer::__name, (Analyzer::ANALYZER_HTTP)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(Analyzer::name, (Analyzer::ANALYZER_HTTP)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(HTTP::new_http_session, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, T)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, T)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, T)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, T)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, T)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(cat, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(fmt, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(fmt, (-%s, HTTP)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(get_file_handle, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(http_begin_entity, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(http_end_entity, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, CONNECTION, Keep-Alive)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, HOST, bro.org)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(http_message_done, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(http_request, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(id_string, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(network_time, ()) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(protocol_confirmation, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(set_file_handle, (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -> <null>
-1362692526.939527   MetaHookPost  CallFunction(split_string1, (bro.org, <...>/)) -> <null>
+1362692526.939527   MetaHookPost  CallFunction(Analyzer::__name, <frame>, (Analyzer::ANALYZER_HTTP)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(Analyzer::name, <frame>, (Analyzer::ANALYZER_HTTP)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(HTTP::new_http_session, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(fmt, <frame>, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(fmt, <frame>, (-%s, HTTP)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(get_file_handle, <null>, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(http_begin_entity, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(http_end_entity, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, CONNECTION, Keep-Alive)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, HOST, bro.org)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(http_message_done, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(http_request, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(id_string, <frame>, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(network_time, <frame>, ()) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(protocol_confirmation, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(set_file_handle, <frame>, (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -> <no result>
+1362692526.939527   MetaHookPost  CallFunction(split_string1, <frame>, (bro.org, <...>/)) -> <no result>
 1362692526.939527   MetaHookPost  DrainEvents() -> <void>
-1362692526.939527   MetaHookPost  QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false
-1362692526.939527   MetaHookPost  QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false
-1362692526.939527   MetaHookPost  QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false
+1362692526.939527   MetaHookPost  QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false
+1362692526.939527   MetaHookPost  QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false
+1362692526.939527   MetaHookPost  QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false
 1362692526.939527   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> false
 1362692526.939527   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> false
-1362692526.939527   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, CONNECTION, Keep-Alive)) -> false
-1362692526.939527   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, HOST, bro.org)) -> false
-1362692526.939527   MetaHookPost  QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> false
+1362692526.939527   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, CONNECTION, Keep-Alive)) -> false
+1362692526.939527   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, HOST, bro.org)) -> false
+1362692526.939527   MetaHookPost  QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> false
 1362692526.939527   MetaHookPost  QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> false
 1362692526.939527   MetaHookPost  UpdateNetworkTime(1362692526.939527) -> <void>
-1362692526.939527   MetaHookPre   CallFunction(Analyzer::__name, (Analyzer::ANALYZER_HTTP))
-1362692526.939527   MetaHookPre   CallFunction(Analyzer::name, (Analyzer::ANALYZER_HTTP))
-1362692526.939527   MetaHookPre   CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
-1362692526.939527   MetaHookPre   CallFunction(HTTP::new_http_session, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
-1362692526.939527   MetaHookPre   CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, T))
-1362692526.939527   MetaHookPre   CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, T))
-1362692526.939527   MetaHookPre   CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, T))
-1362692526.939527   MetaHookPre   CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, T))
-1362692526.939527   MetaHookPre   CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, T))
-1362692526.939527   MetaHookPre   CallFunction(cat, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80))
-1362692526.939527   MetaHookPre   CallFunction(fmt, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp))
-1362692526.939527   MetaHookPre   CallFunction(fmt, (-%s, HTTP))
-1362692526.939527   MetaHookPre   CallFunction(get_file_handle, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
-1362692526.939527   MetaHookPre   CallFunction(http_begin_entity, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
-1362692526.939527   MetaHookPre   CallFunction(http_end_entity, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
-1362692526.939527   MetaHookPre   CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*))
-1362692526.939527   MetaHookPre   CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)))
-1362692526.939527   MetaHookPre   CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, CONNECTION, Keep-Alive))
-1362692526.939527   MetaHookPre   CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, HOST, bro.org))
-1362692526.939527   MetaHookPre   CallFunction(http_message_done, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]))
-1362692526.939527   MetaHookPre   CallFunction(http_request, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1))
-1362692526.939527   MetaHookPre   CallFunction(id_string, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp]))
-1362692526.939527   MetaHookPre   CallFunction(network_time, ())
-1362692526.939527   MetaHookPre   CallFunction(protocol_confirmation, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3))
-1362692526.939527   MetaHookPre   CallFunction(set_file_handle, (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80))
-1362692526.939527   MetaHookPre   CallFunction(split_string1, (bro.org, <...>/))
+1362692526.939527   MetaHookPre   CallFunction(Analyzer::__name, <frame>, (Analyzer::ANALYZER_HTTP))
+1362692526.939527   MetaHookPre   CallFunction(Analyzer::name, <frame>, (Analyzer::ANALYZER_HTTP))
+1362692526.939527   MetaHookPre   CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692526.939527   MetaHookPre   CallFunction(HTTP::new_http_session, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
+1362692526.939527   MetaHookPre   CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692526.939527   MetaHookPre   CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692526.939527   MetaHookPre   CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692526.939527   MetaHookPre   CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692526.939527   MetaHookPre   CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692526.939527   MetaHookPre   CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80))
+1362692526.939527   MetaHookPre   CallFunction(fmt, <frame>, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp))
+1362692526.939527   MetaHookPre   CallFunction(fmt, <frame>, (-%s, HTTP))
+1362692526.939527   MetaHookPre   CallFunction(get_file_handle, <null>, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692526.939527   MetaHookPre   CallFunction(http_begin_entity, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692526.939527   MetaHookPre   CallFunction(http_end_entity, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692526.939527   MetaHookPre   CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*))
+1362692526.939527   MetaHookPre   CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)))
+1362692526.939527   MetaHookPre   CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, CONNECTION, Keep-Alive))
+1362692526.939527   MetaHookPre   CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, HOST, bro.org))
+1362692526.939527   MetaHookPre   CallFunction(http_message_done, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]))
+1362692526.939527   MetaHookPre   CallFunction(http_request, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1))
+1362692526.939527   MetaHookPre   CallFunction(id_string, <frame>, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp]))
+1362692526.939527   MetaHookPre   CallFunction(network_time, <frame>, ())
+1362692526.939527   MetaHookPre   CallFunction(protocol_confirmation, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3))
+1362692526.939527   MetaHookPre   CallFunction(set_file_handle, <frame>, (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80))
+1362692526.939527   MetaHookPre   CallFunction(split_string1, <frame>, (bro.org, <...>/))
 1362692526.939527   MetaHookPre   DrainEvents()
-1362692526.939527   MetaHookPre   QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
-1362692526.939527   MetaHookPre   QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
-1362692526.939527   MetaHookPre   QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692526.939527   MetaHookPre   QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692526.939527   MetaHookPre   QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692526.939527   MetaHookPre   QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
 1362692526.939527   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*))
 1362692526.939527   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)))
-1362692526.939527   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, CONNECTION, Keep-Alive))
-1362692526.939527   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, HOST, bro.org))
-1362692526.939527   MetaHookPre   QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]))
+1362692526.939527   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, CONNECTION, Keep-Alive))
+1362692526.939527   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, HOST, bro.org))
+1362692526.939527   MetaHookPre   QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]))
 1362692526.939527   MetaHookPre   QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1))
 1362692526.939527   MetaHookPre   UpdateNetworkTime(1362692526.939527)
 1362692526.939527  | HookUpdateNetworkTime 1362692526.939527
 1362692526.939527 | HookCallFunction Analyzer::__name(Analyzer::ANALYZER_HTTP)
 1362692526.939527 | HookCallFunction Analyzer::name(Analyzer::ANALYZER_HTTP)
-1362692526.939527 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
-1362692526.939527 | HookCallFunction HTTP::new_http_session([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
-1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, T)
-1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, T)
-1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, T)
-1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, T)
-1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, T)
+1362692526.939527 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692526.939527 | HookCallFunction HTTP::new_http_session([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
+1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
 1362692526.939527 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)
 1362692526.939527 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)
 1362692526.939527 | HookCallFunction fmt(-%s, HTTP)
-1362692526.939527 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
-1362692526.939527 | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
-1362692526.939527 | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692526.939527 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692526.939527 | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692526.939527 | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
 1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)
 1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))
-1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, CONNECTION, Keep-Alive)
-1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, HOST, bro.org)
-1362692526.939527 | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])
+1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, CONNECTION, Keep-Alive)
+1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, HOST, bro.org)
+1362692526.939527 | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])
 1362692526.939527 | HookCallFunction http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)
 1362692526.939527 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp])
 1362692526.939527 | HookCallFunction network_time()
-1362692526.939527 | HookCallFunction protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3)
+1362692526.939527 | HookCallFunction protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3)
 1362692526.939527 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)
 1362692526.939527 | HookCallFunction split_string1(bro.org, <...>/)
 1362692526.939527 | HookDrainEvents
-1362692526.939527 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
-1362692526.939527 | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
-1362692526.939527 | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692526.939527 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692526.939527 | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692526.939527 | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
 1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)
 1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))
-1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, CONNECTION, Keep-Alive)
-1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, HOST, bro.org)
-1362692526.939527 | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])
+1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, CONNECTION, Keep-Alive)
+1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, HOST, bro.org)
+1362692526.939527 | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])
 1362692526.939527 | HookQueueEvent http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)
 1362692527.008509   MetaHookPost  DrainEvents() -> <void>
 1362692527.008509   MetaHookPost  UpdateNetworkTime(1362692527.008509) -> <void>
@@ -1578,144 +1712,144 @@
 1362692527.008509   MetaHookPre   UpdateNetworkTime(1362692527.008509)
 1362692527.008509  | HookUpdateNetworkTime 1362692527.008509
 1362692527.008509 | HookDrainEvents
-1362692527.009512   MetaHookPost  CallFunction(Files::__enable_reassembly, (FakNcS1Jfe01uljb3)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(Files::__set_reassembly_buffer, (FakNcS1Jfe01uljb3, 1048576)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(Files::enable_reassembly, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>])) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(Files::set_info, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>])) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(Files::set_info, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>])) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(Files::set_reassembly_buffer_size, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>], 1048576)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(HTTP::code_in_range, (200, 100, 199)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, F)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, F)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, F)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(cat, (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(file_new, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>])) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(file_over_new_connection, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(fmt, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(get_file_handle, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(http_begin_entity, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ACCEPT-RANGES, bytes)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONNECTION, Keep-Alive)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONTENT-LENGTH, 4705)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ETAG, "1261-4c870358a6fc0")) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, KEEP-ALIVE, timeout=5, max=100)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(http_reply, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], 1.1, 200, OK)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(id_string, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(set_file_handle, (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)) -> <null>
-1362692527.009512   MetaHookPost  CallFunction(split_string_all, (HTTP, <...>/)) -> <null>
+1362692527.009512   MetaHookPost  CallFunction(Files::__enable_reassembly, <frame>, (FakNcS1Jfe01uljb3)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(Files::__set_reassembly_buffer, <frame>, (FakNcS1Jfe01uljb3, 524288)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(Files::enable_reassembly, <frame>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(Files::set_info, <frame>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(Files::set_info, <frame>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(Files::set_reassembly_buffer_size, <frame>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>], 524288)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(HTTP::code_in_range, <frame>, (200, 100, 199)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(file_new, <null>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(file_over_new_connection, <null>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(fmt, <frame>, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(get_file_handle, <null>, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(http_begin_entity, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ACCEPT-RANGES, bytes)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONNECTION, Keep-Alive)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONTENT-LENGTH, 4705)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ETAG, "1261-4c870358a6fc0")) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, KEEP-ALIVE, timeout=5, max=100)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(http_reply, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], 1.1, 200, OK)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(id_string, <frame>, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(set_file_handle, <frame>, (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)) -> <no result>
+1362692527.009512   MetaHookPost  CallFunction(split_string_all, <frame>, (HTTP, <...>/)) -> <no result>
 1362692527.009512   MetaHookPost  DrainEvents() -> <void>
-1362692527.009512   MetaHookPost  QueueEvent(file_new([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>])) -> false
-1362692527.009512   MetaHookPost  QueueEvent(file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> false
-1362692527.009512   MetaHookPost  QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> false
-1362692527.009512   MetaHookPost  QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> false
-1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ACCEPT-RANGES, bytes)) -> false
-1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONNECTION, Keep-Alive)) -> false
-1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONTENT-LENGTH, 4705)) -> false
-1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> false
-1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ETAG, "1261-4c870358a6fc0")) -> false
-1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, KEEP-ALIVE, timeout=5, max=100)) -> false
-1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> false
+1362692527.009512   MetaHookPost  QueueEvent(file_new([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])) -> false
+1362692527.009512   MetaHookPost  QueueEvent(file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> false
+1362692527.009512   MetaHookPost  QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> false
+1362692527.009512   MetaHookPost  QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> false
+1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ACCEPT-RANGES, bytes)) -> false
+1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONNECTION, Keep-Alive)) -> false
+1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONTENT-LENGTH, 4705)) -> false
+1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> false
+1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ETAG, "1261-4c870358a6fc0")) -> false
+1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, KEEP-ALIVE, timeout=5, max=100)) -> false
+1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> false
 1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) -> false
 1362692527.009512   MetaHookPost  QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -> false
-1362692527.009512   MetaHookPost  QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], 1.1, 200, OK)) -> false
+1362692527.009512   MetaHookPost  QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], 1.1, 200, OK)) -> false
 1362692527.009512   MetaHookPost  UpdateNetworkTime(1362692527.009512) -> <void>
-1362692527.009512   MetaHookPre   CallFunction(Files::__enable_reassembly, (FakNcS1Jfe01uljb3))
-1362692527.009512   MetaHookPre   CallFunction(Files::__set_reassembly_buffer, (FakNcS1Jfe01uljb3, 1048576))
-1362692527.009512   MetaHookPre   CallFunction(Files::enable_reassembly, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]))
-1362692527.009512   MetaHookPre   CallFunction(Files::set_info, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]))
-1362692527.009512   MetaHookPre   CallFunction(Files::set_info, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]))
-1362692527.009512   MetaHookPre   CallFunction(Files::set_reassembly_buffer_size, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>], 1048576))
-1362692527.009512   MetaHookPre   CallFunction(HTTP::code_in_range, (200, 100, 199))
-1362692527.009512   MetaHookPre   CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
-1362692527.009512   MetaHookPre   CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, F))
-1362692527.009512   MetaHookPre   CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, F))
-1362692527.009512   MetaHookPre   CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, F))
-1362692527.009512   MetaHookPre   CallFunction(cat, (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80))
-1362692527.009512   MetaHookPre   CallFunction(file_new, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]))
-1362692527.009512   MetaHookPre   CallFunction(file_over_new_connection, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
-1362692527.009512   MetaHookPre   CallFunction(fmt, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp))
-1362692527.009512   MetaHookPre   CallFunction(get_file_handle, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
-1362692527.009512   MetaHookPre   CallFunction(http_begin_entity, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
-1362692527.009512   MetaHookPre   CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ACCEPT-RANGES, bytes))
-1362692527.009512   MetaHookPre   CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONNECTION, Keep-Alive))
-1362692527.009512   MetaHookPre   CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONTENT-LENGTH, 4705))
-1362692527.009512   MetaHookPre   CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT))
-1362692527.009512   MetaHookPre   CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ETAG, "1261-4c870358a6fc0"))
-1362692527.009512   MetaHookPre   CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, KEEP-ALIVE, timeout=5, max=100))
-1362692527.009512   MetaHookPre   CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT))
-1362692527.009512   MetaHookPre   CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora)))
-1362692527.009512   MetaHookPre   CallFunction(http_header, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8))
-1362692527.009512   MetaHookPre   CallFunction(http_reply, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], 1.1, 200, OK))
-1362692527.009512   MetaHookPre   CallFunction(id_string, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp]))
-1362692527.009512   MetaHookPre   CallFunction(set_file_handle, (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80))
-1362692527.009512   MetaHookPre   CallFunction(split_string_all, (HTTP, <...>/))
+1362692527.009512   MetaHookPre   CallFunction(Files::__enable_reassembly, <frame>, (FakNcS1Jfe01uljb3))
+1362692527.009512   MetaHookPre   CallFunction(Files::__set_reassembly_buffer, <frame>, (FakNcS1Jfe01uljb3, 524288))
+1362692527.009512   MetaHookPre   CallFunction(Files::enable_reassembly, <frame>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]))
+1362692527.009512   MetaHookPre   CallFunction(Files::set_info, <frame>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]))
+1362692527.009512   MetaHookPre   CallFunction(Files::set_info, <frame>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]))
+1362692527.009512   MetaHookPre   CallFunction(Files::set_reassembly_buffer_size, <frame>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>], 524288))
+1362692527.009512   MetaHookPre   CallFunction(HTTP::code_in_range, <frame>, (200, 100, 199))
+1362692527.009512   MetaHookPre   CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009512   MetaHookPre   CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009512   MetaHookPre   CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009512   MetaHookPre   CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009512   MetaHookPre   CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80))
+1362692527.009512   MetaHookPre   CallFunction(file_new, <null>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]))
+1362692527.009512   MetaHookPre   CallFunction(file_over_new_connection, <null>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009512   MetaHookPre   CallFunction(fmt, <frame>, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp))
+1362692527.009512   MetaHookPre   CallFunction(get_file_handle, <null>, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009512   MetaHookPre   CallFunction(http_begin_entity, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009512   MetaHookPre   CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ACCEPT-RANGES, bytes))
+1362692527.009512   MetaHookPre   CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONNECTION, Keep-Alive))
+1362692527.009512   MetaHookPre   CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONTENT-LENGTH, 4705))
+1362692527.009512   MetaHookPre   CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT))
+1362692527.009512   MetaHookPre   CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ETAG, "1261-4c870358a6fc0"))
+1362692527.009512   MetaHookPre   CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, KEEP-ALIVE, timeout=5, max=100))
+1362692527.009512   MetaHookPre   CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT))
+1362692527.009512   MetaHookPre   CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora)))
+1362692527.009512   MetaHookPre   CallFunction(http_header, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8))
+1362692527.009512   MetaHookPre   CallFunction(http_reply, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], 1.1, 200, OK))
+1362692527.009512   MetaHookPre   CallFunction(id_string, <frame>, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp]))
+1362692527.009512   MetaHookPre   CallFunction(set_file_handle, <frame>, (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80))
+1362692527.009512   MetaHookPre   CallFunction(split_string_all, <frame>, (HTTP, <...>/))
 1362692527.009512   MetaHookPre   DrainEvents()
-1362692527.009512   MetaHookPre   QueueEvent(file_new([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]))
-1362692527.009512   MetaHookPre   QueueEvent(file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
-1362692527.009512   MetaHookPre   QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
-1362692527.009512   MetaHookPre   QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
-1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ACCEPT-RANGES, bytes))
-1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONNECTION, Keep-Alive))
-1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONTENT-LENGTH, 4705))
-1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT))
-1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ETAG, "1261-4c870358a6fc0"))
-1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, KEEP-ALIVE, timeout=5, max=100))
-1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT))
+1362692527.009512   MetaHookPre   QueueEvent(file_new([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]))
+1362692527.009512   MetaHookPre   QueueEvent(file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009512   MetaHookPre   QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009512   MetaHookPre   QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ACCEPT-RANGES, bytes))
+1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONNECTION, Keep-Alive))
+1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONTENT-LENGTH, 4705))
+1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT))
+1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ETAG, "1261-4c870358a6fc0"))
+1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, KEEP-ALIVE, timeout=5, max=100))
+1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT))
 1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora)))
 1362692527.009512   MetaHookPre   QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8))
-1362692527.009512   MetaHookPre   QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], 1.1, 200, OK))
+1362692527.009512   MetaHookPre   QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], 1.1, 200, OK))
 1362692527.009512   MetaHookPre   UpdateNetworkTime(1362692527.009512)
 1362692527.009512  | HookUpdateNetworkTime 1362692527.009512
 1362692527.009512 | HookCallFunction Files::__enable_reassembly(FakNcS1Jfe01uljb3)
-1362692527.009512 | HookCallFunction Files::__set_reassembly_buffer(FakNcS1Jfe01uljb3, 1048576)
-1362692527.009512 | HookCallFunction Files::enable_reassembly([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>])
-1362692527.009512 | HookCallFunction Files::set_info([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>])
-1362692527.009512 | HookCallFunction Files::set_info([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>])
-1362692527.009512 | HookCallFunction Files::set_reassembly_buffer_size([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>], 1048576)
+1362692527.009512 | HookCallFunction Files::__set_reassembly_buffer(FakNcS1Jfe01uljb3, 524288)
+1362692527.009512 | HookCallFunction Files::enable_reassembly([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])
+1362692527.009512 | HookCallFunction Files::set_info([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])
+1362692527.009512 | HookCallFunction Files::set_info([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])
+1362692527.009512 | HookCallFunction Files::set_reassembly_buffer_size([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>], 524288)
 1362692527.009512 | HookCallFunction HTTP::code_in_range(200, 100, 199)
-1362692527.009512 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
-1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, F)
-1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, F)
-1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, F)
+1362692527.009512 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
+1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
+1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
+1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
 1362692527.009512 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)
-1362692527.009512 | HookCallFunction file_new([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>])
-1362692527.009512 | HookCallFunction file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
+1362692527.009512 | HookCallFunction file_new([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])
+1362692527.009512 | HookCallFunction file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
 1362692527.009512 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)
-1362692527.009512 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
-1362692527.009512 | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
-1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ACCEPT-RANGES, bytes)
-1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONNECTION, Keep-Alive)
-1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONTENT-LENGTH, 4705)
-1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)
-1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ETAG, "1261-4c870358a6fc0")
-1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, KEEP-ALIVE, timeout=5, max=100)
-1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)
+1362692527.009512 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
+1362692527.009512 | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
+1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ACCEPT-RANGES, bytes)
+1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONNECTION, Keep-Alive)
+1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONTENT-LENGTH, 4705)
+1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)
+1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ETAG, "1261-4c870358a6fc0")
+1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, KEEP-ALIVE, timeout=5, max=100)
+1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)
 1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))
 1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)
-1362692527.009512 | HookCallFunction http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], 1.1, 200, OK)
+1362692527.009512 | HookCallFunction http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], 1.1, 200, OK)
 1362692527.009512 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp])
 1362692527.009512 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)
 1362692527.009512 | HookCallFunction split_string_all(HTTP, <...>/)
 1362692527.009512 | HookDrainEvents
-1362692527.009512 | HookQueueEvent file_new([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>])
-1362692527.009512 | HookQueueEvent file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
-1362692527.009512 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
-1362692527.009512 | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
-1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ACCEPT-RANGES, bytes)
-1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONNECTION, Keep-Alive)
-1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONTENT-LENGTH, 4705)
-1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)
-1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ETAG, "1261-4c870358a6fc0")
-1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, KEEP-ALIVE, timeout=5, max=100)
-1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)
+1362692527.009512 | HookQueueEvent file_new([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])
+1362692527.009512 | HookQueueEvent file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
+1362692527.009512 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
+1362692527.009512 | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
+1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ACCEPT-RANGES, bytes)
+1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONNECTION, Keep-Alive)
+1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, CONTENT-LENGTH, 4705)
+1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)
+1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, ETAG, "1261-4c870358a6fc0")
+1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, KEEP-ALIVE, timeout=5, max=100)
+1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)
 1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))
 1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)
-1362692527.009512 | HookQueueEvent http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], 1.1, 200, OK)
+1362692527.009512 | HookQueueEvent http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], 1.1, 200, OK)
 1362692527.009721   MetaHookPost  DrainEvents() -> <void>
 1362692527.009721   MetaHookPost  UpdateNetworkTime(1362692527.009721) -> <void>
 1362692527.009721   MetaHookPre   DrainEvents()
@@ -1728,111 +1862,81 @@
 1362692527.009765   MetaHookPre   UpdateNetworkTime(1362692527.009765)
 1362692527.009765  | HookUpdateNetworkTime 1362692527.009765
 1362692527.009765 | HookDrainEvents
-1362692527.009775   MetaHookPost  CallFunction(Files::set_info, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, u2_events=<uninitialized>])) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(Files::set_info, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, u2_events=<uninitialized>])) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(HTTP::code_in_range, (200, 100, 199)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, F)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(Log::__write, (Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=<uninitialized>, duration=262.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>])) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(Log::__write, (HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1])) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(Log::default_path_func, (Files::LOG, , [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=<uninitialized>, duration=262.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>])) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(Log::default_path_func, (HTTP::LOG, , [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1])) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(Log::write, (Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=<uninitialized>, duration=262.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>])) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(Log::write, (HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1])) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(cat, (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(file_mime_type, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(file_state_remove, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, u2_events=<uninitialized>])) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(fmt, (%s, Files::LOG)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(fmt, (%s, HTTP::LOG)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(fmt, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(get_file_handle, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(http_end_entity, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(http_message_done, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(id_string, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(set_file_handle, (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(split_string1, (Files::LOG, <...>/)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(split_string1, (HTTP::LOG, <...>/)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(split_string_n, (Files, <...>/, T, 4)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(split_string_n, (HTTP, <...>/, T, 4)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(to_lower, (Files)) -> <null>
-1362692527.009775   MetaHookPost  CallFunction(to_lower, (HTTP)) -> <null>
+1362692527.009775   MetaHookPost  CallFunction(Files::set_info, <frame>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(Files::set_info, <frame>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(HTTP::code_in_range, <frame>, (200, 100, 199)) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(Log::__write, <frame>, (Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=<uninitialized>, duration=262.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>])) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(Log::__write, <frame>, (HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1])) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(Log::write, <frame>, (Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=<uninitialized>, duration=262.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>])) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(Log::write, <frame>, (HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1])) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(file_sniff, <null>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]]])) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(file_state_remove, <null>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(fmt, <frame>, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(get_file_handle, <null>, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(http_end_entity, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(http_message_done, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(id_string, <frame>, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> <no result>
+1362692527.009775   MetaHookPost  CallFunction(set_file_handle, <frame>, (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)) -> <no result>
 1362692527.009775   MetaHookPost  DrainEvents() -> <void>
-1362692527.009775   MetaHookPost  QueueEvent(file_mime_type([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain)) -> false
-1362692527.009775   MetaHookPost  QueueEvent(file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, u2_events=<uninitialized>])) -> false
-1362692527.009775   MetaHookPost  QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> false
-1362692527.009775   MetaHookPost  QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> false
-1362692527.009775   MetaHookPost  QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> false
+1362692527.009775   MetaHookPost  QueueEvent(file_sniff([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]]])) -> false
+1362692527.009775   MetaHookPost  QueueEvent(file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])) -> false
+1362692527.009775   MetaHookPost  QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> false
+1362692527.009775   MetaHookPost  QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)) -> false
+1362692527.009775   MetaHookPost  QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> false
 1362692527.009775   MetaHookPost  UpdateNetworkTime(1362692527.009775) -> <void>
-1362692527.009775   MetaHookPre   CallFunction(Files::set_info, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, u2_events=<uninitialized>]))
-1362692527.009775   MetaHookPre   CallFunction(Files::set_info, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, u2_events=<uninitialized>]))
-1362692527.009775   MetaHookPre   CallFunction(HTTP::code_in_range, (200, 100, 199))
-1362692527.009775   MetaHookPre   CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
-1362692527.009775   MetaHookPre   CallFunction(HTTP::set_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, F))
-1362692527.009775   MetaHookPre   CallFunction(Log::__write, (Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=<uninitialized>, duration=262.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]))
-1362692527.009775   MetaHookPre   CallFunction(Log::__write, (HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]))
-1362692527.009775   MetaHookPre   CallFunction(Log::default_path_func, (Files::LOG, , [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=<uninitialized>, duration=262.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]))
-1362692527.009775   MetaHookPre   CallFunction(Log::default_path_func, (HTTP::LOG, , [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]))
-1362692527.009775   MetaHookPre   CallFunction(Log::write, (Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=<uninitialized>, duration=262.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]))
-1362692527.009775   MetaHookPre   CallFunction(Log::write, (HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]))
-1362692527.009775   MetaHookPre   CallFunction(cat, (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80))
-1362692527.009775   MetaHookPre   CallFunction(file_mime_type, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain))
-1362692527.009775   MetaHookPre   CallFunction(file_state_remove, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, u2_events=<uninitialized>]))
-1362692527.009775   MetaHookPre   CallFunction(fmt, (%s, Files::LOG))
-1362692527.009775   MetaHookPre   CallFunction(fmt, (%s, HTTP::LOG))
-1362692527.009775   MetaHookPre   CallFunction(fmt, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp))
-1362692527.009775   MetaHookPre   CallFunction(get_file_handle, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
-1362692527.009775   MetaHookPre   CallFunction(http_end_entity, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
-1362692527.009775   MetaHookPre   CallFunction(http_message_done, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]))
-1362692527.009775   MetaHookPre   CallFunction(id_string, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp]))
-1362692527.009775   MetaHookPre   CallFunction(set_file_handle, (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80))
-1362692527.009775   MetaHookPre   CallFunction(split_string1, (Files::LOG, <...>/))
-1362692527.009775   MetaHookPre   CallFunction(split_string1, (HTTP::LOG, <...>/))
-1362692527.009775   MetaHookPre   CallFunction(split_string_n, (Files, <...>/, T, 4))
-1362692527.009775   MetaHookPre   CallFunction(split_string_n, (HTTP, <...>/, T, 4))
-1362692527.009775   MetaHookPre   CallFunction(to_lower, (Files))
-1362692527.009775   MetaHookPre   CallFunction(to_lower, (HTTP))
+1362692527.009775   MetaHookPre   CallFunction(Files::set_info, <frame>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]))
+1362692527.009775   MetaHookPre   CallFunction(Files::set_info, <frame>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]))
+1362692527.009775   MetaHookPre   CallFunction(HTTP::code_in_range, <frame>, (200, 100, 199))
+1362692527.009775   MetaHookPre   CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009775   MetaHookPre   CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009775   MetaHookPre   CallFunction(Log::__write, <frame>, (Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=<uninitialized>, duration=262.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]))
+1362692527.009775   MetaHookPre   CallFunction(Log::__write, <frame>, (HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]))
+1362692527.009775   MetaHookPre   CallFunction(Log::write, <frame>, (Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=<uninitialized>, duration=262.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]))
+1362692527.009775   MetaHookPre   CallFunction(Log::write, <frame>, (HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]))
+1362692527.009775   MetaHookPre   CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80))
+1362692527.009775   MetaHookPre   CallFunction(file_sniff, <null>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]]]))
+1362692527.009775   MetaHookPre   CallFunction(file_state_remove, <null>, ([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]))
+1362692527.009775   MetaHookPre   CallFunction(fmt, <frame>, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp))
+1362692527.009775   MetaHookPre   CallFunction(get_file_handle, <null>, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009775   MetaHookPre   CallFunction(http_end_entity, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009775   MetaHookPre   CallFunction(http_message_done, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]))
+1362692527.009775   MetaHookPre   CallFunction(id_string, <frame>, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp]))
+1362692527.009775   MetaHookPre   CallFunction(set_file_handle, <frame>, (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80))
 1362692527.009775   MetaHookPre   DrainEvents()
-1362692527.009775   MetaHookPre   QueueEvent(file_mime_type([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain))
-1362692527.009775   MetaHookPre   QueueEvent(file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, u2_events=<uninitialized>]))
-1362692527.009775   MetaHookPre   QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
-1362692527.009775   MetaHookPre   QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
-1362692527.009775   MetaHookPre   QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]))
+1362692527.009775   MetaHookPre   QueueEvent(file_sniff([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]]]))
+1362692527.009775   MetaHookPre   QueueEvent(file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]))
+1362692527.009775   MetaHookPre   QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009775   MetaHookPre   QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F))
+1362692527.009775   MetaHookPre   QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]))
 1362692527.009775   MetaHookPre   UpdateNetworkTime(1362692527.009775)
 1362692527.009775  | HookUpdateNetworkTime 1362692527.009775
-1362692527.009775 | HookCallFunction Files::set_info([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, u2_events=<uninitialized>])
-1362692527.009775 | HookCallFunction Files::set_info([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, u2_events=<uninitialized>])
+1362692527.009775 | HookCallFunction Files::set_info([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])
+1362692527.009775 | HookCallFunction Files::set_info([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])
 1362692527.009775 | HookCallFunction HTTP::code_in_range(200, 100, 199)
-1362692527.009775 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
-1362692527.009775 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, F)
+1362692527.009775 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
+1362692527.009775 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
 1362692527.009775 | HookCallFunction Log::__write(Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=<uninitialized>, duration=262.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>])
 1362692527.009775 | HookCallFunction Log::__write(HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1])
-1362692527.009775 | HookCallFunction Log::default_path_func(Files::LOG, , [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=<uninitialized>, duration=262.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>])
-1362692527.009775 | HookCallFunction Log::default_path_func(HTTP::LOG, , [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1])
 1362692527.009775 | HookCallFunction Log::write(Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=<uninitialized>, duration=262.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>])
 1362692527.009775 | HookCallFunction Log::write(HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1])
 1362692527.009775 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)
-1362692527.009775 | HookCallFunction file_mime_type([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain)
-1362692527.009775 | HookCallFunction file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, u2_events=<uninitialized>])
-1362692527.009775 | HookCallFunction fmt(%s, Files::LOG)
-1362692527.009775 | HookCallFunction fmt(%s, HTTP::LOG)
+1362692527.009775 | HookCallFunction file_sniff([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]]])
+1362692527.009775 | HookCallFunction file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])
 1362692527.009775 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)
-1362692527.009775 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
-1362692527.009775 | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
-1362692527.009775 | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])
+1362692527.009775 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
+1362692527.009775 | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
+1362692527.009775 | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])
 1362692527.009775 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp])
 1362692527.009775 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)
-1362692527.009775 | HookCallFunction split_string1(Files::LOG, <...>/)
-1362692527.009775 | HookCallFunction split_string1(HTTP::LOG, <...>/)
-1362692527.009775 | HookCallFunction split_string_n(Files, <...>/, T, 4)
-1362692527.009775 | HookCallFunction split_string_n(HTTP, <...>/, T, 4)
-1362692527.009775 | HookCallFunction to_lower(Files)
-1362692527.009775 | HookCallFunction to_lower(HTTP)
 1362692527.009775 | HookDrainEvents
-1362692527.009775 | HookQueueEvent file_mime_type([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain)
-1362692527.009775 | HookQueueEvent file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, u2_events=<uninitialized>])
-1362692527.009775 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
-1362692527.009775 | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
-1362692527.009775 | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])
+1362692527.009775 | HookQueueEvent file_sniff([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]]])
+1362692527.009775 | HookQueueEvent file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=<uninitialized>, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1], irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>])
+1362692527.009775 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
+1362692527.009775 | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F)
+1362692527.009775 | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])
 1362692527.009855   MetaHookPost  DrainEvents() -> <void>
 1362692527.009855   MetaHookPost  UpdateNetworkTime(1362692527.009855) -> <void>
 1362692527.009855   MetaHookPre   DrainEvents()
@@ -1857,90 +1961,81 @@
 1362692527.080828   MetaHookPre   UpdateNetworkTime(1362692527.080828)
 1362692527.080828  | HookUpdateNetworkTime 1362692527.080828
 1362692527.080828 | HookDrainEvents
-1362692527.080972   MetaHookPost  CallFunction(ChecksumOffloading::check, ()) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(Conn::conn_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], tcp)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(Conn::determine_service, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(Conn::set_conn, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(Log::__write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(Log::default_path_func, (Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(Log::write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(bro_done, ()) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(cat, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(connection_state_remove, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(filter_change_tracking, ()) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(fmt, (%s, Conn::LOG)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(fmt, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(get_file_handle, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(get_port_transport_proto, (80/tcp)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(id_string, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(is_tcp_port, (59856/tcp)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(net_done, (1362692527.080972)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(net_stats, ()) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(reading_traces, ()) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(set_file_handle, (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(split_string1, (Conn::LOG, <...>/)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(split_string_n, (Conn, <...>/, T, 4)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(sub_bytes, (HTTP, 0, 1)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(to_lower, (Conn)) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(to_lower, (HTTP)) -> <null>
+1362692527.080972   MetaHookPost  CallFunction(ChecksumOffloading::check, <null>, ()) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(Conn::conn_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], tcp)) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(Conn::determine_service, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(Conn::set_conn, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(KRB::fill_in_subjects, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(Log::write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(bro_done, <null>, ()) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(connection_state_remove, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(filter_change_tracking, <null>, ()) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(fmt, <frame>, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(get_file_handle, <null>, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(get_port_transport_proto, <frame>, (80/tcp)) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(id_string, <frame>, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(is_tcp_port, <frame>, (59856/tcp)) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(net_done, <null>, (1362692527.080972)) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(net_stats, <frame>, ()) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(reading_traces, <frame>, ()) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(set_file_handle, <frame>, (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(sub_bytes, <frame>, (HTTP, 0, 1)) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(to_lower, <frame>, (HTTP)) -> <no result>
 1362692527.080972   MetaHookPost  DrainEvents() -> <void>
 1362692527.080972   MetaHookPost  QueueEvent(ChecksumOffloading::check()) -> false
 1362692527.080972   MetaHookPost  QueueEvent(bro_done()) -> false
-1362692527.080972   MetaHookPost  QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> false
+1362692527.080972   MetaHookPost  QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> false
 1362692527.080972   MetaHookPost  QueueEvent(filter_change_tracking()) -> false
-1362692527.080972   MetaHookPost  QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false
+1362692527.080972   MetaHookPost  QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false
 1362692527.080972   MetaHookPost  UpdateNetworkTime(1362692527.080972) -> <void>
-1362692527.080972   MetaHookPre   CallFunction(ChecksumOffloading::check, ())
-1362692527.080972   MetaHookPre   CallFunction(Conn::conn_state, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], tcp))
-1362692527.080972   MetaHookPre   CallFunction(Conn::determine_service, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
-1362692527.080972   MetaHookPre   CallFunction(Conn::set_conn, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
-1362692527.080972   MetaHookPre   CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
-1362692527.080972   MetaHookPre   CallFunction(Log::__write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]))
-1362692527.080972   MetaHookPre   CallFunction(Log::default_path_func, (Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]))
-1362692527.080972   MetaHookPre   CallFunction(Log::write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]))
-1362692527.080972   MetaHookPre   CallFunction(bro_done, ())
-1362692527.080972   MetaHookPre   CallFunction(cat, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80))
-1362692527.080972   MetaHookPre   CallFunction(connection_state_remove, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
-1362692527.080972   MetaHookPre   CallFunction(filter_change_tracking, ())
-1362692527.080972   MetaHookPre   CallFunction(fmt, (%s, Conn::LOG))
-1362692527.080972   MetaHookPre   CallFunction(fmt, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp))
-1362692527.080972   MetaHookPre   CallFunction(get_file_handle, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
-1362692527.080972   MetaHookPre   CallFunction(get_port_transport_proto, (80/tcp))
-1362692527.080972   MetaHookPre   CallFunction(id_string, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp]))
-1362692527.080972   MetaHookPre   CallFunction(is_tcp_port, (59856/tcp))
-1362692527.080972   MetaHookPre   CallFunction(net_done, (1362692527.080972))
-1362692527.080972   MetaHookPre   CallFunction(net_stats, ())
-1362692527.080972   MetaHookPre   CallFunction(reading_traces, ())
-1362692527.080972   MetaHookPre   CallFunction(set_file_handle, (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80))
-1362692527.080972   MetaHookPre   CallFunction(split_string1, (Conn::LOG, <...>/))
-1362692527.080972   MetaHookPre   CallFunction(split_string_n, (Conn, <...>/, T, 4))
-1362692527.080972   MetaHookPre   CallFunction(sub_bytes, (HTTP, 0, 1))
-1362692527.080972   MetaHookPre   CallFunction(to_lower, (Conn))
-1362692527.080972   MetaHookPre   CallFunction(to_lower, (HTTP))
+1362692527.080972   MetaHookPre   CallFunction(ChecksumOffloading::check, <null>, ())
+1362692527.080972   MetaHookPre   CallFunction(Conn::conn_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], tcp))
+1362692527.080972   MetaHookPre   CallFunction(Conn::determine_service, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
+1362692527.080972   MetaHookPre   CallFunction(Conn::set_conn, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692527.080972   MetaHookPre   CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692527.080972   MetaHookPre   CallFunction(KRB::fill_in_subjects, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
+1362692527.080972   MetaHookPre   CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]))
+1362692527.080972   MetaHookPre   CallFunction(Log::write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]))
+1362692527.080972   MetaHookPre   CallFunction(bro_done, <null>, ())
+1362692527.080972   MetaHookPre   CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80))
+1362692527.080972   MetaHookPre   CallFunction(connection_state_remove, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
+1362692527.080972   MetaHookPre   CallFunction(filter_change_tracking, <null>, ())
+1362692527.080972   MetaHookPre   CallFunction(fmt, <frame>, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp))
+1362692527.080972   MetaHookPre   CallFunction(get_file_handle, <null>, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692527.080972   MetaHookPre   CallFunction(get_port_transport_proto, <frame>, (80/tcp))
+1362692527.080972   MetaHookPre   CallFunction(id_string, <frame>, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp]))
+1362692527.080972   MetaHookPre   CallFunction(is_tcp_port, <frame>, (59856/tcp))
+1362692527.080972   MetaHookPre   CallFunction(net_done, <null>, (1362692527.080972))
+1362692527.080972   MetaHookPre   CallFunction(net_stats, <frame>, ())
+1362692527.080972   MetaHookPre   CallFunction(reading_traces, <frame>, ())
+1362692527.080972   MetaHookPre   CallFunction(set_file_handle, <frame>, (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80))
+1362692527.080972   MetaHookPre   CallFunction(sub_bytes, <frame>, (HTTP, 0, 1))
+1362692527.080972   MetaHookPre   CallFunction(to_lower, <frame>, (HTTP))
 1362692527.080972   MetaHookPre   DrainEvents()
 1362692527.080972   MetaHookPre   QueueEvent(ChecksumOffloading::check())
 1362692527.080972   MetaHookPre   QueueEvent(bro_done())
-1362692527.080972   MetaHookPre   QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
+1362692527.080972   MetaHookPre   QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
 1362692527.080972   MetaHookPre   QueueEvent(filter_change_tracking())
-1362692527.080972   MetaHookPre   QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692527.080972   MetaHookPre   QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
 1362692527.080972   MetaHookPre   UpdateNetworkTime(1362692527.080972)
 1362692527.080972  | HookUpdateNetworkTime 1362692527.080972
 1362692527.080972 | HookCallFunction ChecksumOffloading::check()
-1362692527.080972 | HookCallFunction Conn::conn_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], tcp)
-1362692527.080972 | HookCallFunction Conn::determine_service([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
-1362692527.080972 | HookCallFunction Conn::set_conn([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
-1362692527.080972 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692527.080972 | HookCallFunction Conn::conn_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], tcp)
+1362692527.080972 | HookCallFunction Conn::determine_service([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
+1362692527.080972 | HookCallFunction Conn::set_conn([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692527.080972 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692527.080972 | HookCallFunction KRB::fill_in_subjects([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
 1362692527.080972 | HookCallFunction Log::__write(Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])
-1362692527.080972 | HookCallFunction Log::default_path_func(Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])
 1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])
 1362692527.080972 | HookCallFunction bro_done()
 1362692527.080972 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)
-1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
+1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
 1362692527.080972 | HookCallFunction filter_change_tracking()
-1362692527.080972 | HookCallFunction fmt(%s, Conn::LOG)
 1362692527.080972 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)
-1362692527.080972 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692527.080972 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
 1362692527.080972 | HookCallFunction get_port_transport_proto(80/tcp)
 1362692527.080972 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp])
 1362692527.080972 | HookCallFunction is_tcp_port(59856/tcp)
@@ -1948,14 +2043,11 @@
 1362692527.080972 | HookCallFunction net_stats()
 1362692527.080972 | HookCallFunction reading_traces()
 1362692527.080972 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)
-1362692527.080972 | HookCallFunction split_string1(Conn::LOG, <...>/)
-1362692527.080972 | HookCallFunction split_string_n(Conn, <...>/, T, 4)
 1362692527.080972 | HookCallFunction sub_bytes(HTTP, 0, 1)
-1362692527.080972 | HookCallFunction to_lower(Conn)
 1362692527.080972 | HookCallFunction to_lower(HTTP)
 1362692527.080972 | HookDrainEvents
 1362692527.080972 | HookQueueEvent ChecksumOffloading::check()
 1362692527.080972 | HookQueueEvent bro_done()
-1362692527.080972 | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
+1362692527.080972 | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
 1362692527.080972 | HookQueueEvent filter_change_tracking()
-1362692527.080972 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692527.080972 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
diff --git a/testing/btest/Baseline/plugins.protocol/output b/testing/btest/Baseline/plugins.protocol/output
index 6d5f13f4be..1c8dccc973 100644
--- a/testing/btest/Baseline/plugins.protocol/output
+++ b/testing/btest/Baseline/plugins.protocol/output
@@ -3,4 +3,4 @@ Demo::Foo - A Foo test analyzer (dynamic, version 1.0)
     [Event] foo_message
 
 ===
-foo_message, [orig_h=::1, orig_p=37927/tcp, resp_h=::1, resp_p=4242/tcp], Hello, Foo!^J
+foo_message, [orig_h=::1, orig_p=37927/tcp, resp_h=::1, resp_p=4242/tcp], Hello, Foo!\x0a
diff --git a/testing/btest/Baseline/plugins.reader/output b/testing/btest/Baseline/plugins.reader/output
index fa218d04a5..0f8980d0e7 100644
--- a/testing/btest/Baseline/plugins.reader/output
+++ b/testing/btest/Baseline/plugins.reader/output
@@ -1,4 +1,4 @@
 Demo::Foo - A Foo test input reader (dynamic, version 1.0)
-    [Writer] Foo (Input::READER_FOO)
+    [Reader] Foo (Input::READER_FOO)
 
 ===
diff --git a/testing/btest/Baseline/scripts.base.files.pe.basic/pe.log b/testing/btest/Baseline/scripts.base.files.pe.basic/pe.log
new file mode 100644
index 0000000000..f4335adc1d
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.files.pe.basic/pe.log
@@ -0,0 +1,13 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	pe
+#open	2015-04-20-16-48-55
+#fields	ts	id	machine	compile_ts	os	subsystem	is_exe	is_64bit	uses_aslr	uses_dep	uses_code_integrity	uses_seh	has_import_table	has_export_table	has_cert_table	has_debug_data	section_names
+#types	time	string	string	time	string	string	bool	bool	bool	bool	bool	bool	bool	bool	bool	bool	vector[string]
+1429466342.201366	Fz2N9x4SAxQiSnI6mk	unknown-475	0.000000	-	-	F	T	F	F	F	T	-	-	-	-	-
+1429466342.278998	F5fc4q3zhJHmYSvm8a	I386	1402852568.000000	Windows 95 or NT 4.0	WINDOWS_GUI	T	F	F	F	F	T	T	T	F	F	.text,.Ddata,.data,.rsrc
+1429466342.225653	Fzysjj1zfjAcgWgm22	I386	1171692517.000000	Windows XP x64 or Server 2003	WINDOWS_GUI	T	F	F	F	F	T	T	F	F	T	.text,.data,.rsrc
+1429466342.250474	FOuWFKf04xcHH4ck	I386	1210911433.000000	Windows 95 or NT 4.0	WINDOWS_CUI	T	F	F	F	F	T	T	F	T	T	.text,.rdata,.data,.rsrc
+#close	2015-04-20-16-48-55
diff --git a/testing/btest/Baseline/scripts.base.files.unified2.alert/unified2.log b/testing/btest/Baseline/scripts.base.files.unified2.alert/unified2.log
index b86dedf23b..6f6c8dcd29 100644
--- a/testing/btest/Baseline/scripts.base.files.unified2.alert/unified2.log
+++ b/testing/btest/Baseline/scripts.base.files.unified2.alert/unified2.log
@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	unified2
-#open	2013-08-13-07-16-01
+#open	2015-04-15-23-53-40
 #fields	ts	id.src_ip	id.src_p	id.dst_ip	id.dst_p	sensor_id	signature_id	signature	generator_id	generator	signature_revision	classification_id	classification	priority_id	event_id	packet
 #types	time	addr	port	addr	port	count	count	string	count	string	count	count	string	count	count	string
-1323827323.000000	192.168.1.72	50185	74.125.225.49	80	0	2003058	ET MALWARE 180solutions (Zango) Spyware Installer Download	1	snort general alert	5	21	trojan-activity	1	2	\xd80bH\xc5\xb5x\xca9\xb7\xe4r\x08\x00E\x10\x00\\x1a\xce@\x00@\x062\x1f\xc0\xa8\x01HJ}\xe11\xc4\x09\x00P*\xa8bv]z/\xde\x80\x18\x82+\x88,\x00\x00\x01\x01\x08\x0a\x17J\x83Q\xfe\xad\xac\x1aGET /Zango/ZangoInstaller.exe HTTP/1.0\x0d\x0a
+1323827323.000000	192.168.1.72	50185	74.125.225.49	80	0	2003058	ET MALWARE 180solutions (Zango) Spyware Installer Download	1	snort general alert	5	21	trojan-activity	1	2	\xd80bH\xc5\xb5x\xca9\xb7\xe4r\x08\x00E\x10\x00\\\x1a\xce@\x00@\x062\x1f\xc0\xa8\x01HJ}\xe11\xc4\x09\x00P*\xa8bv]z/\xde\x80\x18\x82+\x88,\x00\x00\x01\x01\x08\x0a\x17J\x83Q\xfe\xad\xac\x1aGET /Zango/ZangoInstaller.exe HTTP/1.0\x0d\x0a
 1323827344.000000	192.168.1.72	49862	199.47.216.144	80	0	2012647	ET POLICY Dropbox.com Offsite File Backup in Use	1	snort general alert	3	33	policy-violation	1	3	\xd80bH\xc5\xb5x\xca9\xb7\xe4r\x08\x00E\x00\x00\xf8Q\xdf@\x00@\x06\x86p\xc0\xa8\x01H\xc7/\xd8\x90\xc2\xc6\x00P\x9cm\x97U\xf07\x084\x80\x18\x82\x18%<\x00\x00\x01\x01\x08\x0a\x17J\xd7\xde\x00\x92\x81\xc5GET /subscribe?host_int=43112345&ns_map=123456_1234524412104916591&ts=1323827344 HTTP/1.1\x0d\x0aHost: notify1.dropbox.com\x0d\x0aAccept-Encoding: identity\x0d\x0aConnection: keep-alive\x0d\x0aX-Dropbox-Locale: en_US\x0d\x0a\x0d\x0a
-#close	2013-08-13-07-16-01
+#close	2015-04-15-23-53-40
diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.actions.data_event/out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.actions.data_event/out
index 5e70c0645c..81f2ca44fc 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.actions.data_event/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.actions.data_event/out
@@ -1,19 +1,19 @@
 FILE_NEW
 file #0, 0, 0
 FILE_OVER_NEW_CONNECTION
-file_stream, file #0, 1146, ^J0.26 | 2012-08-24 15:10:04 -0700^J^J  * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)^J^J  * Fixing GPG signing script. (Robin Sommer)^J^J0.25 | 2012-08-01 13:55:46 -0500^J^J  * Fix configure script to exit with non-zero status on error (Jon Siwek)^J^J0.24 | 2012-07-05 12:50:43 -0700^J^J  * Raise minimum required CMake version to 2.6.3 (Jon Siwek)^J^J  * Adding script to delete old fully-merged branches. (Robin Sommer)^J^J0.23-2 | 2012-01-25 13:24:01 -0800^J^J  * Fix a bro-cut error message. (Daniel Thayer)^J^J0.23 | 2012-01-11 12:16:11 -0800^J^J  * Tweaks to release scripts, plus a new one for signing files.^J    (Robin Sommer)^J^J0.22 | 2012-01-10 16:45:19 -0800^J^J  * Tweaks for OpenBSD support. (Jon Siwek)^J^J  * bro-cut extensions and fixes.  (Robin Sommer)^J    ^J    - If no field names are given on the command line, we now pass through^J      all fields. Adresses #657.^J^J    - Removing some GNUism from awk script. Addresses #653.^J^J    - Added option for time output in UTC. Addresses #668.^J^J    - Added output field separator option -F. Addresses #649.^J^J    - Fixing option -c: only some header lines were passed through^J   
-file_chunk, file #0, 1146, 0, ^J0.26 | 2012-08-24 15:10:04 -0700^J^J  * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)^J^J  * Fixing GPG signing script. (Robin Sommer)^J^J0.25 | 2012-08-01 13:55:46 -0500^J^J  * Fix configure script to exit with non-zero status on error (Jon Siwek)^J^J0.24 | 2012-07-05 12:50:43 -0700^J^J  * Raise minimum required CMake version to 2.6.3 (Jon Siwek)^J^J  * Adding script to delete old fully-merged branches. (Robin Sommer)^J^J0.23-2 | 2012-01-25 13:24:01 -0800^J^J  * Fix a bro-cut error message. (Daniel Thayer)^J^J0.23 | 2012-01-11 12:16:11 -0800^J^J  * Tweaks to release scripts, plus a new one for signing files.^J    (Robin Sommer)^J^J0.22 | 2012-01-10 16:45:19 -0800^J^J  * Tweaks for OpenBSD support. (Jon Siwek)^J^J  * bro-cut extensions and fixes.  (Robin Sommer)^J    ^J    - If no field names are given on the command line, we now pass through^J      all fields. Adresses #657.^J^J    - Removing some GNUism from awk script. Addresses #653.^J^J    - Added option for time output in UTC. Addresses #668.^J^J    - Added output field separator option -F. Addresses #649.^J^J    - Fixing option -c: only some header lines were passed through^J   
-file_stream, file #0, 1448,    rather than all. (Robin Sommer)^J^J  * Fix parallel make portability. (Jon Siwek)^J^J0.21-9 | 2011-11-07 05:44:14 -0800^J^J  * Fixing compiler warnings. Addresses #388. (Jon Siwek)^J^J0.21-2 | 2011-11-02 18:12:13 -0700^J^J  * Fix for misnaming temp file in update-changes script. (Robin Sommer)^J^J0.21-1 | 2011-11-02 18:10:39 -0700^J^J  * Little fix for make-release script, which could pick out the wrong^J    tag. (Robin Sommer)^J^J0.21 | 2011-10-27 17:40:45 -0700^J^J  * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)^J^J  * Bugfix in update-changes script. (Robin Sommer)^J^J  * update-changes now ignores commits it did itself. (Robin Sommer)^J^J  * Fix a bug in the update-changes script. (Robin Sommer)^J^J  * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)^J^J  * Options to adjust time format for bro-cut. (Robin Sommer)^J^J    The default with -d is now ISO format. The new option "-D <fmt>"^J    specifies a custom strftime()-style format string. Alternatively,^J    the environment variable BRO_CUT_TIMEFMT can set the format as^J    well.^J^J  * bro-cut now understands the field separator header. (Robin Sommer)^J^J  * Renaming options -h/-H -> -c/-C, and doing some general cleanup.^J^J0.2 | 2011-10-25 19:53:57 -0700^J^J  * Adding support for replacing version string in a setup.py. (Robin^J    Sommer)^J^J  * Change generated root cert DN indices format for RFC2253^J    compliance. (Jon Siwek)^J^J  * New tool devel-tool
-file_chunk, file #0, 1448, 1146,    rather than all. (Robin Sommer)^J^J  * Fix parallel make portability. (Jon Siwek)^J^J0.21-9 | 2011-11-07 05:44:14 -0800^J^J  * Fixing compiler warnings. Addresses #388. (Jon Siwek)^J^J0.21-2 | 2011-11-02 18:12:13 -0700^J^J  * Fix for misnaming temp file in update-changes script. (Robin Sommer)^J^J0.21-1 | 2011-11-02 18:10:39 -0700^J^J  * Little fix for make-release script, which could pick out the wrong^J    tag. (Robin Sommer)^J^J0.21 | 2011-10-27 17:40:45 -0700^J^J  * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)^J^J  * Bugfix in update-changes script. (Robin Sommer)^J^J  * update-changes now ignores commits it did itself. (Robin Sommer)^J^J  * Fix a bug in the update-changes script. (Robin Sommer)^J^J  * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)^J^J  * Options to adjust time format for bro-cut. (Robin Sommer)^J^J    The default with -d is now ISO format. The new option "-D <fmt>"^J    specifies a custom strftime()-style format string. Alternatively,^J    the environment variable BRO_CUT_TIMEFMT can set the format as^J    well.^J^J  * bro-cut now understands the field separator header. (Robin Sommer)^J^J  * Renaming options -h/-H -> -c/-C, and doing some general cleanup.^J^J0.2 | 2011-10-25 19:53:57 -0700^J^J  * Adding support for replacing version string in a setup.py. (Robin^J    Sommer)^J^J  * Change generated root cert DN indices format for RFC2253^J    compliance. (Jon Siwek)^J^J  * New tool devel-tool
-file_stream, file #0, 1448, s/check-release to run before making releases.^J    (Robin Sommer)^J^J  * devel-tools/update-changes gets a new option -a to amend to^J    previous commit if possible. Default is now not to (used to be the^J    opposite). (Robin Sommer)^J^J  * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)^J^J  * Change distclean to only remove build dir. (Jon Siwek)^J^J  * Make dist now cleans the copied source (Jon Siwek)^J^J  * Small tweak to make-release for forced git-clean. (Jon Siwek)^J^J  * Fix to not let updates scripts loose their executable permissions.^J    (Robin Sommer)^J^J  * devel-tools/update-changes now looks for a 'release' tag to^J    idenfify the stable version, and 'beta' for the beta versions.^J    (Robin Sommer).^J^J  * Distribution cleanup. (Robin Sommer)^J^J  * New script devel-tools/make-release to create source tar balls.^J    (Robin Sommer)^J^J  * Removing bdcat. With the new log format, this isn't very useful^J    anymore. (Robin Sommer)^J^J  * Adding script that shows all pending git fastpath commits. (Robin^J    Sommer)^J^J  * Script to measure CPU time by loading an increasing set of^J    scripts. (Robin Sommer)^J^J  * extract-conn script now deals wit *.gz files. (Robin Sommer)^J^J  * Tiny update to output a valid CA list file for SSL cert^J    validation. (Seth Hall)^J^J  * Adding "install-aux" target. Addresses #622. (Jon Siwek)^J^J  * Distribution cleanup. (Jon Siwek and Robin Sommer)^J^J  * FindPCAP now links against
-file_chunk, file #0, 1448, 2594, s/check-release to run before making releases.^J    (Robin Sommer)^J^J  * devel-tools/update-changes gets a new option -a to amend to^J    previous commit if possible. Default is now not to (used to be the^J    opposite). (Robin Sommer)^J^J  * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)^J^J  * Change distclean to only remove build dir. (Jon Siwek)^J^J  * Make dist now cleans the copied source (Jon Siwek)^J^J  * Small tweak to make-release for forced git-clean. (Jon Siwek)^J^J  * Fix to not let updates scripts loose their executable permissions.^J    (Robin Sommer)^J^J  * devel-tools/update-changes now looks for a 'release' tag to^J    idenfify the stable version, and 'beta' for the beta versions.^J    (Robin Sommer).^J^J  * Distribution cleanup. (Robin Sommer)^J^J  * New script devel-tools/make-release to create source tar balls.^J    (Robin Sommer)^J^J  * Removing bdcat. With the new log format, this isn't very useful^J    anymore. (Robin Sommer)^J^J  * Adding script that shows all pending git fastpath commits. (Robin^J    Sommer)^J^J  * Script to measure CPU time by loading an increasing set of^J    scripts. (Robin Sommer)^J^J  * extract-conn script now deals wit *.gz files. (Robin Sommer)^J^J  * Tiny update to output a valid CA list file for SSL cert^J    validation. (Seth Hall)^J^J  * Adding "install-aux" target. Addresses #622. (Jon Siwek)^J^J  * Distribution cleanup. (Jon Siwek and Robin Sommer)^J^J  * FindPCAP now links against
-file_stream, file #0, 663,  thread library when necessary (e.g.^J    PF_RING's libpcap) (Jon Siwek)^J^J  * Install binaries with an RPATH (Jon Siwek)^J^J  * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)^J^J  * Rewrite of the update-changes script. (Robin Sommer)^J^J0.1-1 | 2011-06-14 21:12:41 -0700^J^J  * Add a script for generating Mozilla's CA list for the SSL analyzer.^J    (Seth Hall)^J^J0.1 | 2011-04-01 16:28:22 -0700^J^J  * Converting build process to CMake. (Jon Siwek)^J^J  * Removing cf/hf/ca-* from distribution. The README has a note where^J    to find them now. (Robin Sommer)^J^J  * General cleanup. (Robin Sommer)^J^J  * Initial import of bro/aux from SVN r7088. (Jon Siwek)^J
-file_chunk, file #0, 663, 4042,  thread library when necessary (e.g.^J    PF_RING's libpcap) (Jon Siwek)^J^J  * Install binaries with an RPATH (Jon Siwek)^J^J  * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)^J^J  * Rewrite of the update-changes script. (Robin Sommer)^J^J0.1-1 | 2011-06-14 21:12:41 -0700^J^J  * Add a script for generating Mozilla's CA list for the SSL analyzer.^J    (Seth Hall)^J^J0.1 | 2011-04-01 16:28:22 -0700^J^J  * Converting build process to CMake. (Jon Siwek)^J^J  * Removing cf/hf/ca-* from distribution. The README has a note where^J    to find them now. (Robin Sommer)^J^J  * General cleanup. (Robin Sommer)^J^J  * Initial import of bro/aux from SVN r7088. (Jon Siwek)^J
+file_stream, file #0, 1146, \x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a  * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a  * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a  * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a  * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a  * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a  * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a  * Tweaks to release scripts, plus a new one for signing files.\x0a    (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a  * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a  * bro-cut extensions and fixes.  (Robin Sommer)\x0a    \x0a    - If no field names are given on the command line, we now pass through\x0a      all fields. Adresses #657.\x0a\x0a    - Removing some GNUism from awk script. Addresses #653.\x0a\x0a    - Added option for time output in UTC. Addresses #668.\x0a\x0a    - Added output field separator option -F. Addresses #649.\x0a\x0a    - Fixing option -c: only some header lines were passed through\x0a   
+file_chunk, file #0, 1146, 0, \x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a  * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a  * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a  * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a  * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a  * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a  * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a  * Tweaks to release scripts, plus a new one for signing files.\x0a    (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a  * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a  * bro-cut extensions and fixes.  (Robin Sommer)\x0a    \x0a    - If no field names are given on the command line, we now pass through\x0a      all fields. Adresses #657.\x0a\x0a    - Removing some GNUism from awk script. Addresses #653.\x0a\x0a    - Added option for time output in UTC. Addresses #668.\x0a\x0a    - Added output field separator option -F. Addresses #649.\x0a\x0a    - Fixing option -c: only some header lines were passed through\x0a   
+file_stream, file #0, 1448,    rather than all. (Robin Sommer)\x0a\x0a  * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a  * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a  * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a  * Little fix for make-release script, which could pick out the wrong\x0a    tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a  * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a  * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a  * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a  * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a  * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a  * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a    The default with -d is now ISO format. The new option "-D <fmt>"\x0a    specifies a custom strftime()-style format string. Alternatively,\x0a    the environment variable BRO_CUT_TIMEFMT can set the format as\x0a    well.\x0a\x0a  * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a  * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a  * Adding support for replacing version string in a setup.py. (Robin\x0a    Sommer)\x0a\x0a  * Change generated root cert DN indices format for RFC2253\x0a    compliance. (Jon Siwek)\x0a\x0a  * New tool devel-tool
+file_chunk, file #0, 1448, 1146,    rather than all. (Robin Sommer)\x0a\x0a  * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a  * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a  * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a  * Little fix for make-release script, which could pick out the wrong\x0a    tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a  * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a  * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a  * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a  * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a  * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a  * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a    The default with -d is now ISO format. The new option "-D <fmt>"\x0a    specifies a custom strftime()-style format string. Alternatively,\x0a    the environment variable BRO_CUT_TIMEFMT can set the format as\x0a    well.\x0a\x0a  * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a  * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a  * Adding support for replacing version string in a setup.py. (Robin\x0a    Sommer)\x0a\x0a  * Change generated root cert DN indices format for RFC2253\x0a    compliance. (Jon Siwek)\x0a\x0a  * New tool devel-tool
+file_stream, file #0, 1448, s/check-release to run before making releases.\x0a    (Robin Sommer)\x0a\x0a  * devel-tools/update-changes gets a new option -a to amend to\x0a    previous commit if possible. Default is now not to (used to be the\x0a    opposite). (Robin Sommer)\x0a\x0a  * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a  * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a  * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a  * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a  * Fix to not let updates scripts loose their executable permissions.\x0a    (Robin Sommer)\x0a\x0a  * devel-tools/update-changes now looks for a 'release' tag to\x0a    idenfify the stable version, and 'beta' for the beta versions.\x0a    (Robin Sommer).\x0a\x0a  * Distribution cleanup. (Robin Sommer)\x0a\x0a  * New script devel-tools/make-release to create source tar balls.\x0a    (Robin Sommer)\x0a\x0a  * Removing bdcat. With the new log format, this isn't very useful\x0a    anymore. (Robin Sommer)\x0a\x0a  * Adding script that shows all pending git fastpath commits. (Robin\x0a    Sommer)\x0a\x0a  * Script to measure CPU time by loading an increasing set of\x0a    scripts. (Robin Sommer)\x0a\x0a  * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a  * Tiny update to output a valid CA list file for SSL cert\x0a    validation. (Seth Hall)\x0a\x0a  * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a  * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a  * FindPCAP now links against
+file_chunk, file #0, 1448, 2594, s/check-release to run before making releases.\x0a    (Robin Sommer)\x0a\x0a  * devel-tools/update-changes gets a new option -a to amend to\x0a    previous commit if possible. Default is now not to (used to be the\x0a    opposite). (Robin Sommer)\x0a\x0a  * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a  * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a  * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a  * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a  * Fix to not let updates scripts loose their executable permissions.\x0a    (Robin Sommer)\x0a\x0a  * devel-tools/update-changes now looks for a 'release' tag to\x0a    idenfify the stable version, and 'beta' for the beta versions.\x0a    (Robin Sommer).\x0a\x0a  * Distribution cleanup. (Robin Sommer)\x0a\x0a  * New script devel-tools/make-release to create source tar balls.\x0a    (Robin Sommer)\x0a\x0a  * Removing bdcat. With the new log format, this isn't very useful\x0a    anymore. (Robin Sommer)\x0a\x0a  * Adding script that shows all pending git fastpath commits. (Robin\x0a    Sommer)\x0a\x0a  * Script to measure CPU time by loading an increasing set of\x0a    scripts. (Robin Sommer)\x0a\x0a  * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a  * Tiny update to output a valid CA list file for SSL cert\x0a    validation. (Seth Hall)\x0a\x0a  * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a  * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a  * FindPCAP now links against
+file_stream, file #0, 663,  thread library when necessary (e.g.\x0a    PF_RING's libpcap) (Jon Siwek)\x0a\x0a  * Install binaries with an RPATH (Jon Siwek)\x0a\x0a  * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a  * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a  * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a    (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a  * Converting build process to CMake. (Jon Siwek)\x0a\x0a  * Removing cf/hf/ca-* from distribution. The README has a note where\x0a    to find them now. (Robin Sommer)\x0a\x0a  * General cleanup. (Robin Sommer)\x0a\x0a  * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a
+file_chunk, file #0, 663, 4042,  thread library when necessary (e.g.\x0a    PF_RING's libpcap) (Jon Siwek)\x0a\x0a  * Install binaries with an RPATH (Jon Siwek)\x0a\x0a  * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a  * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a  * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a    (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a  * Converting build process to CMake. (Jon Siwek)\x0a\x0a  * Removing cf/hf/ca-* from distribution. The README has a note where\x0a    to find them now. (Robin Sommer)\x0a\x0a  * General cleanup. (Robin Sommer)\x0a\x0a  * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a
 FILE_STATE_REMOVE
 file #0, 4705, 0
 [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp]
 FILE_BOF_BUFFER
-^J0.26 | 201
+\x0a0.26 | 201
 MIME_TYPE
 text/plain
 total bytes: 4705
diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.remove_action/get.out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.remove_action/get.out
index 4b2bf1e210..884adb0005 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.remove_action/get.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.remove_action/get.out
@@ -5,7 +5,7 @@ FILE_STATE_REMOVE
 file #0, 4705, 0
 [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp]
 FILE_BOF_BUFFER
-^J0.26 | 201
+\x0a0.26 | 201
 MIME_TYPE
 text/plain
 total bytes: 4705
diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout
index 89ee79cad4..eb704bbf4c 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout
@@ -5,7 +5,7 @@ FILE_STATE_REMOVE
 file #0, 1022920, 0
 [orig_h=192.168.72.14, orig_p=3254/tcp, resp_h=65.54.95.206, resp_p=80/tcp]
 FILE_BOF_BUFFER
-MZ\x90\0^C\0\0\0^D\0\0
+MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00
 MIME_TYPE
 application/x-dosexec
 total bytes: 1022920
@@ -22,7 +22,5 @@ FILE_GAP
 FILE_STATE_REMOVE
 file #1, 206024, 816896
 [orig_h=192.168.72.14, orig_p=3257/tcp, resp_h=65.54.95.14, resp_p=80/tcp]
-FILE_BOF_BUFFER
-\x1b\xb8=\xb1\xff^PU^P\xce\xc3^
 total bytes: 1022920
 source: HTTP
diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/get-gzip.out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/get-gzip.out
index 0ed8262afc..c1184423d9 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/get-gzip.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/get-gzip.out
@@ -5,9 +5,9 @@ FILE_STATE_REMOVE
 file #0, 197, 0
 [orig_h=141.142.228.5, orig_p=50153/tcp, resp_h=54.243.118.187, resp_p=80/tcp]
 FILE_BOF_BUFFER
-{^J  "origin
+{\x0a  "origin
 MIME_TYPE
-text/plain
+text/json
 source: HTTP
 MD5: 5baba7eea57bc8a42a92c817ed566d72
 SHA1: e351b8c693c3353716787c02e2923f4d12ebbb31
diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/get.out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/get.out
index cc04790c70..72a6165c28 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/get.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/get.out
@@ -5,7 +5,7 @@ FILE_STATE_REMOVE
 file #0, 4705, 0
 [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp]
 FILE_BOF_BUFFER
-^J0.26 | 201
+\x0a0.26 | 201
 MIME_TYPE
 text/plain
 total bytes: 4705
diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out
index d6b94e5372..f15f59d906 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out
@@ -41,9 +41,9 @@ FILE_STATE_REMOVE
 file #3, 465, 0
 [orig_h=141.142.228.5, orig_p=57262/tcp, resp_h=54.243.88.146, resp_p=80/tcp]
 FILE_BOF_BUFFER
-{^J  "data":
+{\x0a  "data":
 MIME_TYPE
-text/plain
+text/json
 total bytes: 465
 source: HTTP
 MD5: 226244811006caf4ac904344841168dd
diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/a.out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/a.out
index 5f2e28889e..41abe87d29 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/a.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/a.out
@@ -7,7 +7,7 @@ file #0, 555523, 0
 [orig_h=10.101.84.70, orig_p=10978/tcp, resp_h=129.174.93.161, resp_p=80/tcp]
 [orig_h=10.101.84.70, orig_p=10977/tcp, resp_h=129.174.93.161, resp_p=80/tcp]
 FILE_BOF_BUFFER
-%PDF-1.4^J%\xd0
+%PDF-1.4\x0a%\xd0
 MIME_TYPE
 application/pdf
 total bytes: 555523
diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out
index 36202f285b..aaa9ecbfa6 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out
@@ -5,7 +5,7 @@ FILE_STATE_REMOVE
 file #0, 1022920, 0
 [orig_h=192.168.72.14, orig_p=3254/tcp, resp_h=65.54.95.206, resp_p=80/tcp]
 FILE_BOF_BUFFER
-MZ\x90\0^C\0\0\0^D\0\0
+MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00
 MIME_TYPE
 application/x-dosexec
 total bytes: 1022920
@@ -21,7 +21,5 @@ FILE_GAP
 FILE_STATE_REMOVE
 file #1, 206024, 816896
 [orig_h=192.168.72.14, orig_p=3257/tcp, resp_h=65.54.95.14, resp_p=80/tcp]
-FILE_BOF_BUFFER
-\x1b\xb8=\xb1\xff^PU^P\xce\xc3^
 total bytes: 1022920
 source: HTTP
diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out
index 34cffd7f1e..cf2b16bd52 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out
@@ -7,7 +7,7 @@ file #0, 498668, 0
 [orig_h=10.45.179.94, orig_p=19950/tcp, resp_h=129.174.93.170, resp_p=80/tcp]
 [orig_h=10.45.179.94, orig_p=19953/tcp, resp_h=129.174.93.170, resp_p=80/tcp]
 FILE_BOF_BUFFER
-%PDF-1.4^M%\xe2
+%PDF-1.4\x0d%\xe2
 MIME_TYPE
 application/pdf
 total bytes: 498668
diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/out
index e0880d128c..c936e55658 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/out
@@ -5,7 +5,7 @@ FILE_STATE_REMOVE
 file #0, 2675, 0
 [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp]
 FILE_BOF_BUFFER
-/*^J********
+/*\x0a********
 MIME_TYPE
 text/plain
 source: HTTP
@@ -33,7 +33,7 @@ FILE_STATE_REMOVE
 file #2, 94, 0
 [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp]
 FILE_BOF_BUFFER
-GIF89a^D\0^D\0\xb3
+GIF89a\x04\x00\x04\x00\xb3
 MIME_TYPE
 image/gif
 total bytes: 94
@@ -48,7 +48,7 @@ FILE_STATE_REMOVE
 file #3, 2349, 0
 [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp]
 FILE_BOF_BUFFER
-\x89PNG^M^J^Z^J\0\0\0
+\x89PNG\x0d\x0a\x1a\x0a\x00\x00\x00
 MIME_TYPE
 image/png
 total bytes: 2349
@@ -63,7 +63,7 @@ FILE_STATE_REMOVE
 file #4, 27579, 0
 [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp]
 FILE_BOF_BUFFER
-\x89PNG^M^J^Z^J\0\0\0
+\x89PNG\x0d\x0a\x1a\x0a\x00\x00\x00
 MIME_TYPE
 image/png
 total bytes: 27579
diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.post/out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.post/out
index deddfbb640..2a0b09e740 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.post/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.post/out
@@ -20,9 +20,9 @@ FILE_STATE_REMOVE
 file #1, 366, 0
 [orig_h=141.142.228.5, orig_p=53595/tcp, resp_h=54.243.55.129, resp_p=80/tcp]
 FILE_BOF_BUFFER
-{^J  "origin
+{\x0a  "origin
 MIME_TYPE
-text/plain
+text/json
 total bytes: 366
 source: HTTP
 MD5: c9337794df612aeaa901dcf9fa446bca
diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.irc/out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.irc/out
index 906225c051..b88eea2c35 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.irc/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.irc/out
@@ -8,7 +8,7 @@ FILE_STATE_REMOVE
 file #1, 124, 0
 [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp]
 FILE_BOF_BUFFER
-\0\0^Ex\0\0^J\xf0\0\0^P
+\x00\x00\x05x\x00\x00\x0a\xf0\x00\x00\x10
 source: IRC_DATA
 MD5: 35288fd50a74c7d675909ff83424d7a1
 SHA1: 8a98f177cb47e6bf771bf57c2f7e94c4b5e79ffa
@@ -17,7 +17,7 @@ FILE_STATE_REMOVE
 file #0, 42208, 0
 [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp]
 FILE_BOF_BUFFER
-PK^C^D^T\0\0\0^H\0\xae
+PK\x03\x04\x14\x00\x00\x00\x08\x00\xae
 MIME_TYPE
 application/zip
 source: IRC_DATA
diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.smtp/out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.smtp/out
index 561f3c49f6..186c54cb66 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.smtp/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.smtp/out
@@ -5,7 +5,7 @@ FILE_STATE_REMOVE
 file #0, 77, 0
 [orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]
 FILE_BOF_BUFFER
-Hello^M^J^M^J ^M
+Hello\x0d\x0a\x0d\x0a \x0d
 MIME_TYPE
 text/plain
 source: SMTP
diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.binary/out b/testing/btest/Baseline/scripts.base.frameworks.input.binary/out
index deab902925..12f33963eb 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.input.binary/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.input.binary/out
@@ -1,4 +1,4 @@
-abc^J\xffdef
+abc\x0a\xffdef
 DATA2
 abc|\xffdef
 DATA2
diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stderr
new file mode 100644
index 0000000000..c8e56d4c21
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stderr
@@ -0,0 +1,2 @@
+error: Value not 'IdoNot::Exist' for stream 'enum' is not a valid enum.
+received termination signal
diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stdout
new file mode 100644
index 0000000000..e760668629
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stdout
@@ -0,0 +1,4 @@
+Table:
+{
+
+}
diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.raw.executestdin/out b/testing/btest/Baseline/scripts.base.frameworks.input.raw.executestdin/out
index d36930d752..23851022b5 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.input.raw.executestdin/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.input.raw.executestdin/out
@@ -1,20 +1,20 @@
 Input::EVENT_NEW, cat |, input0
 hello
 Input::EVENT_NEW, cat |, input0
-there^A^B^C^D^E^A^B^Cyay0
+there\x01\x02\x03\x04\x05\x01\x02\x03yay0
 Input::EVENT_NEW, cat |, input1
 hello
 Input::EVENT_NEW, cat |, input1
-there^A^B^C^D^E^A^B^Cyay01
+there\x01\x02\x03\x04\x05\x01\x02\x03yay01
 Input::EVENT_NEW, cat |, input2
 hello
 Input::EVENT_NEW, cat |, input2
-there^A^B^C^D^E^A^B^Cyay012
+there\x01\x02\x03\x04\x05\x01\x02\x03yay012
 Input::EVENT_NEW, cat |, input3
 hello
 Input::EVENT_NEW, cat |, input3
-there^A^B^C^D^E^A^B^Cyay0123
+there\x01\x02\x03\x04\x05\x01\x02\x03yay0123
 Input::EVENT_NEW, cat |, input4
 hello
 Input::EVENT_NEW, cat |, input4
-there^A^B^C^D^E^A^B^Cyay01234
+there\x01\x02\x03\x04\x05\x01\x02\x03yay01234
diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.raw.offset/out b/testing/btest/Baseline/scripts.base.frameworks.input.raw.offset/out
new file mode 100644
index 0000000000..3af2451db9
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.input.raw.offset/out
@@ -0,0 +1,2 @@
+fkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
+F
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-binary/output b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-binary/output
new file mode 100644
index 0000000000..15bbad6c22
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-binary/output
@@ -0,0 +1,12 @@
+AB\x00CD\x00
+AB\xffCD\x00
+AB\xffCD\x00
+
+abc\x00def
+
+abc\x00def
+
+foo \xc2\xae bar \xc2\xae baz
+foo\x00bar\0baz
+foo \x0e bar ^N baz
+
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-binary/test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-binary/test.log
new file mode 100644
index 0000000000..01f127952a
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-binary/test.log
@@ -0,0 +1,20 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	test
+#open	2015-04-17-03-37-33
+#fields	s
+#types	string
+AB\x00CD\x00
+AB\xffCD\x00
+AB\\xffCD\x00
+ 
+abc\\x00def
+ 
+abc\x00def
+ 
+foo \xc2\xae bar \\xc2\\xae baz
+foo\x00bar\\0baz
+foo \x0e bar ^N baz
+#close	2015-04-17-03-37-33
diff --git a/testing/btest/Baseline/scripts.base.protocols.conn.threshold/.stdout b/testing/btest/Baseline/scripts.base.protocols.conn.threshold/.stdout
new file mode 100644
index 0000000000..f5ae35abc3
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.conn.threshold/.stdout
@@ -0,0 +1,10 @@
+Threshold set for [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp]
+triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 1, T
+triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 2000, F
+triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 2500, T
+triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 2700, T
+triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 50, F
+Threshold set for [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp]
+triggered bytes, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 1, T
+triggered bytes, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 2000, F
+triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 52, F
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/dnp3.log b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/dnp3.log
index 7acf3a1608..ddbadbe2c5 100644
--- a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/dnp3.log
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/dnp3.log
@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dnp3
-#open	2014-08-16-15-58-48
+#open	2015-04-15-23-54-06
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
 #types	time	string	addr	port	addr	port	string	string	count
 1325036012.621691	CXWv6p3arKYeMETxOg	130.126.142.250	50276	130.126.140.229	20000	OPEN_FILE	RESPONSE	4096
@@ -11,4 +11,4 @@
 1325036019.765502	CXWv6p3arKYeMETxOg	130.126.142.250	50276	130.126.140.229	20000	WRITE	RESPONSE	0
 1325036022.292689	CXWv6p3arKYeMETxOg	130.126.142.250	50276	130.126.140.229	20000	WRITE	RESPONSE	0
 1325036024.820857	CXWv6p3arKYeMETxOg	130.126.142.250	50276	130.126.140.229	20000	CLOSE_FILE	RESPONSE	0
-#close	2014-08-16-15-58-48
+#close	2015-04-15-23-54-06
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/output b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/output
index feb59be3f3..f7cdc29b74 100644
--- a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/output
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/output
@@ -12,13 +12,13 @@ dnp3_application_request_header, T, 207, 1
 dnp3_object_header, T, 17925, 91, 1, 1, 0
 dnp3_object_prefix, T, 8
 dnp3_file_transport, T, 305419896, 0
-                                                  ^J
+                                                  \x0a
 dnp3_header_block, F, 25605, 255, 68, 3, 4
 dnp3_application_response_header, F, 239, 129, 4096
 dnp3_object_header, F, 17925, 91, 1, 1, 0
 dnp3_object_prefix, F, 838
 dnp3_file_transport, F, 305419896, 2147483648
-0000  ef bb bf 3c 3f 78 6d 6c  20 76 65 72 73 69 6f 6e  ...<?xml  version^J0010  3d 22 31 2e 30 22 20 65  6e 63 6f 64 69 6e 67 3d  ="1.0" e ncoding=^J0020  22 75 74 66 2d 38 22 3f  3e 0d 0a 3c 3f 78 6d 6c  "utf-8"? >..<?xml^J0030  2d 73 74 79 6c 65 73 68  65 65 74 20 74 79 70 65  -stylesh eet type^J0040  3d 27 74 65 78 74 2f 78  73 6c 27 20 68 72 65 66  ='text/x sl' href^J0050  3d 27 44 4e 50 33 44 65  76 69 63 65 50 72 6f 66  ='DNP3De viceProf^J0060  69 6c 65 4a 61 6e 32 30  31 30 2e 78 73 6c 74 27  ileJan20 10.xslt'^J0070  20 6d 65 64 69 61 3d 27  73 63 72 65 65 6e 27 3f   media=' screen'?^J0080  3e 0d 0a 3c 44 4e 50 33  44 65 76 69 63 65 50 72  >..<DNP3 DevicePr^J0090  6f 66 69 6c 65 44 6f 63  75 6d 65 6e 74 20 78 6d  ofileDoc ument xm^J00a0  6c 6e 73 3a 78 73 69 3d  22 68 74 74 70 3a 2f 2f  lns:xsi= "http://^J00b0  77 77 77 2e 77 33 2e 6f  72 67 2f 32 30 30 31 2f  www.w3.o rg/2001/^J00c0  58 4d 4c 53 63 68 65 6d  61 2d 69 6e 73 74 61 6e  XMLSchem a-instan^J00d0  63 65 22 20 78 6d 6c 6e  73 3a 78 73 64 3d 22 68  ce" xmln s:xsd="h^J00e0  74 74 70 3a 2f 2f 77 77  77 2e 77 33 2e 6f 72 67  ttp://ww w.w3.org^J00f0  2f 32 30 30 31 2f 58 4d  4c 53 63 68 65 6d 61 22  /2001/XM LSchema"^J0100  20 73 63 68 65 6d 61 56  65 72 73 69 6f 6e 3d 22   schemaV ersion="^J0110  32 2e 30 37 2e 30 30 22  20 78 6d 6c 6e 73 3d 22  2.07.00"  xmlns="^J0120  68 74 74 70 3a 2f 2f 77  77 77 2e 64 6e 70 33 2e  http://w ww.dnp3.^J0130  6f 72 67 2f 44 4e 50 33  2f 44 65 76 69 63 65 50  org/DNP3 /DeviceP^J0140  72 6f 66 69 6c 65 2f 4a  61 6e 32 30 31 30 22 3e  rofile/J an2010">^J0150  0d 0a 20 20 3c 21 2d 2d  44 6f 63 75 6d 65 6e 74  ..  <!-- Document^J0160  20 48 65 61 64 65 72 2d  2d 3e 0d 0a 20 20 3c 64   Header- ->..  <d^J0170  6f 63 75 6d 65 6e 74 48  65 61 64 65 72 3e 0d 0a  ocumentH eader>..^J0180  20 20 20 20 3c 64 6f 63  75 6d 65 6e 74 4e 61 6d      <doc umentNam^J0190  65 3e 41 20 44 4e 50 33  20 58 4d 4c 20 46 69 6c  e>A DNP3  XML Fil^J01a0  65 3c 2f 64 6f 63 75 6d  65 6e 74 4e 61 6d 65 3e  e</docum entName>^J01b0  0d 0a 20 20 20 20 3c 64  6f 63 75 6d 65 6e 74 44  ..    <d ocumentD^J01c0  65 73 63 72 69 70 74 69  6f 6e 3e 54 68 69 73 20  escripti on>This ^J01d0  69 73 20 61 20 44 4e 50  33 20 43 6f 6d 70 6c 65  is a DNP 3 Comple^J01e0  74 65 20 44 65 76 69 63  65 20 50 72 6f 66 69 6c  te Devic e Profil^J01f0  65 20 66 6f 72 20 44 4e  50 20 4f 75 74 73 74 61  e for DN P Outsta^J0200  74 69 6f 6e 20 69 6e 20  74 68 65 20 54 4d 57 20  tion in  the TMW ^J0210  43 6f 6d 6d 75 6e 69 63  61 74 69 6f 6e 20 50 72  Communic ation Pr^J0220  6f 74 6f 63 6f 6c 20 54  65 73 74 20 48 61 72 6e  otocol T est Harn^J0230  65 73 73 3c 2f 64 6f 63  75 6d 65 6e 74 44 65 73  ess</doc umentDes^J0240  63 72 69 70 74 69 6f 6e  3e 0d 0a 20 20 20 20 3c  cription >..    <^J0250  72 65 76 69 73 69 6f 6e  48 69 73 74 6f 72 79 20  revision History ^J0260  76 65 72 73 69 6f 6e 3d  22 32 22 3e 0d 0a 20 20  version= "2">..  ^J0270  20 20 20 20 3c 64 61 74  65 3e 32 30 31 30 2d 31      <dat e>2010-1^J0280  32 2d 30 31 3c 2f 64 61  74 65 3e 0d 0a 20 20 20  2-01</da te>..   ^J0290  20 20 20 3c 61 75 74 68  6f 72 3e 53 74 65 76 65     <auth or>Steve^J02a0  20 4d 63 43 6f 79 3c 2f  61 75 74 68 6f 72 3e 0d   McCoy</ author>.^J02b0  0a 20 20 20 20 20 20 3c  72 65 61 73 6f 6e 3e 44  .      < reason>D^J02c0  6f 63 75 6d 65 6e 74 65  64 20 54 65 73 74 20 48  ocumente d Test H^J02d0  61 72 6e 65 73 73 20 53  44 4e 50 20 44 65 76 69  arness S DNP Devi^J02e0  63 65 20 50 72 6f 66 69  6c 65 3c 2f 72 65 61 73  ce Profi le</reas^J02f0  6f 6e 3e 0d 0a 20 20 20  20 3c 2f 72 65 76 69 73  on>..     </revis^J0300  69 6f 6e 48 69 73 74 6f  72 79 3e 0d 0a 20 20 3c  ionHisto ry>..  <^J0310  2f 64 6f 63 75 6d 65 6e  74 48 65 61 64 65 72 3e  /documen tHeader>^J0320  0d 0a 3c 2f 44 4e 50 33  44 65 76 69 63 65 50 72  ..</DNP3 DevicePr^J0330  6f 66 69 6c 65 44 6f 63  75 6d 65 6e 74 3e        ofileDoc ument>^J
+0000  ef bb bf 3c 3f 78 6d 6c  20 76 65 72 73 69 6f 6e  ...<?xml  version\x0a0010  3d 22 31 2e 30 22 20 65  6e 63 6f 64 69 6e 67 3d  ="1.0" e ncoding=\x0a0020  22 75 74 66 2d 38 22 3f  3e 0d 0a 3c 3f 78 6d 6c  "utf-8"? >..<?xml\x0a0030  2d 73 74 79 6c 65 73 68  65 65 74 20 74 79 70 65  -stylesh eet type\x0a0040  3d 27 74 65 78 74 2f 78  73 6c 27 20 68 72 65 66  ='text/x sl' href\x0a0050  3d 27 44 4e 50 33 44 65  76 69 63 65 50 72 6f 66  ='DNP3De viceProf\x0a0060  69 6c 65 4a 61 6e 32 30  31 30 2e 78 73 6c 74 27  ileJan20 10.xslt'\x0a0070  20 6d 65 64 69 61 3d 27  73 63 72 65 65 6e 27 3f   media=' screen'?\x0a0080  3e 0d 0a 3c 44 4e 50 33  44 65 76 69 63 65 50 72  >..<DNP3 DevicePr\x0a0090  6f 66 69 6c 65 44 6f 63  75 6d 65 6e 74 20 78 6d  ofileDoc ument xm\x0a00a0  6c 6e 73 3a 78 73 69 3d  22 68 74 74 70 3a 2f 2f  lns:xsi= "http://\x0a00b0  77 77 77 2e 77 33 2e 6f  72 67 2f 32 30 30 31 2f  www.w3.o rg/2001/\x0a00c0  58 4d 4c 53 63 68 65 6d  61 2d 69 6e 73 74 61 6e  XMLSchem a-instan\x0a00d0  63 65 22 20 78 6d 6c 6e  73 3a 78 73 64 3d 22 68  ce" xmln s:xsd="h\x0a00e0  74 74 70 3a 2f 2f 77 77  77 2e 77 33 2e 6f 72 67  ttp://ww w.w3.org\x0a00f0  2f 32 30 30 31 2f 58 4d  4c 53 63 68 65 6d 61 22  /2001/XM LSchema"\x0a0100  20 73 63 68 65 6d 61 56  65 72 73 69 6f 6e 3d 22   schemaV ersion="\x0a0110  32 2e 30 37 2e 30 30 22  20 78 6d 6c 6e 73 3d 22  2.07.00"  xmlns="\x0a0120  68 74 74 70 3a 2f 2f 77  77 77 2e 64 6e 70 33 2e  http://w ww.dnp3.\x0a0130  6f 72 67 2f 44 4e 50 33  2f 44 65 76 69 63 65 50  org/DNP3 /DeviceP\x0a0140  72 6f 66 69 6c 65 2f 4a  61 6e 32 30 31 30 22 3e  rofile/J an2010">\x0a0150  0d 0a 20 20 3c 21 2d 2d  44 6f 63 75 6d 65 6e 74  ..  <!-- Document\x0a0160  20 48 65 61 64 65 72 2d  2d 3e 0d 0a 20 20 3c 64   Header- ->..  <d\x0a0170  6f 63 75 6d 65 6e 74 48  65 61 64 65 72 3e 0d 0a  ocumentH eader>..\x0a0180  20 20 20 20 3c 64 6f 63  75 6d 65 6e 74 4e 61 6d      <doc umentNam\x0a0190  65 3e 41 20 44 4e 50 33  20 58 4d 4c 20 46 69 6c  e>A DNP3  XML Fil\x0a01a0  65 3c 2f 64 6f 63 75 6d  65 6e 74 4e 61 6d 65 3e  e</docum entName>\x0a01b0  0d 0a 20 20 20 20 3c 64  6f 63 75 6d 65 6e 74 44  ..    <d ocumentD\x0a01c0  65 73 63 72 69 70 74 69  6f 6e 3e 54 68 69 73 20  escripti on>This \x0a01d0  69 73 20 61 20 44 4e 50  33 20 43 6f 6d 70 6c 65  is a DNP 3 Comple\x0a01e0  74 65 20 44 65 76 69 63  65 20 50 72 6f 66 69 6c  te Devic e Profil\x0a01f0  65 20 66 6f 72 20 44 4e  50 20 4f 75 74 73 74 61  e for DN P Outsta\x0a0200  74 69 6f 6e 20 69 6e 20  74 68 65 20 54 4d 57 20  tion in  the TMW \x0a0210  43 6f 6d 6d 75 6e 69 63  61 74 69 6f 6e 20 50 72  Communic ation Pr\x0a0220  6f 74 6f 63 6f 6c 20 54  65 73 74 20 48 61 72 6e  otocol T est Harn\x0a0230  65 73 73 3c 2f 64 6f 63  75 6d 65 6e 74 44 65 73  ess</doc umentDes\x0a0240  63 72 69 70 74 69 6f 6e  3e 0d 0a 20 20 20 20 3c  cription >..    <\x0a0250  72 65 76 69 73 69 6f 6e  48 69 73 74 6f 72 79 20  revision History \x0a0260  76 65 72 73 69 6f 6e 3d  22 32 22 3e 0d 0a 20 20  version= "2">..  \x0a0270  20 20 20 20 3c 64 61 74  65 3e 32 30 31 30 2d 31      <dat e>2010-1\x0a0280  32 2d 30 31 3c 2f 64 61  74 65 3e 0d 0a 20 20 20  2-01</da te>..   \x0a0290  20 20 20 3c 61 75 74 68  6f 72 3e 53 74 65 76 65     <auth or>Steve\x0a02a0  20 4d 63 43 6f 79 3c 2f  61 75 74 68 6f 72 3e 0d   McCoy</ author>.\x0a02b0  0a 20 20 20 20 20 20 3c  72 65 61 73 6f 6e 3e 44  .      < reason>D\x0a02c0  6f 63 75 6d 65 6e 74 65  64 20 54 65 73 74 20 48  ocumente d Test H\x0a02d0  61 72 6e 65 73 73 20 53  44 4e 50 20 44 65 76 69  arness S DNP Devi\x0a02e0  63 65 20 50 72 6f 66 69  6c 65 3c 2f 72 65 61 73  ce Profi le</reas\x0a02f0  6f 6e 3e 0d 0a 20 20 20  20 3c 2f 72 65 76 69 73  on>..     </revis\x0a0300  69 6f 6e 48 69 73 74 6f  72 79 3e 0d 0a 20 20 3c  ionHisto ry>..  <\x0a0310  2f 64 6f 63 75 6d 65 6e  74 48 65 61 64 65 72 3e  /documen tHeader>\x0a0320  0d 0a 3c 2f 44 4e 50 33  44 65 76 69 63 65 50 72  ..</DNP3 DevicePr\x0a0330  6f 66 69 6c 65 44 6f 63  75 6d 65 6e 74 3e        ofileDoc ument>\x0a
 dnp3_response_data_object, F, 255
 dnp3_header_block, T, 25605, 8, 196, 4, 3
 dnp3_application_request_header, T, 207, 0
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/dnp3.log b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/dnp3.log
index 064bcb5aed..5cc9e2d9c9 100644
--- a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/dnp3.log
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/dnp3.log
@@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dnp3
-#open	2014-08-16-15-58-49
+#open	2015-04-15-23-54-07
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
 #types	time	string	addr	port	addr	port	string	string	count
 1325043635.216629	CXWv6p3arKYeMETxOg	130.126.142.250	50300	130.126.140.229	20000	OPEN_FILE	RESPONSE	0
 1325043637.790287	CXWv6p3arKYeMETxOg	130.126.142.250	50300	130.126.140.229	20000	WRITE	RESPONSE	0
 1325043638.820071	CXWv6p3arKYeMETxOg	130.126.142.250	50300	130.126.140.229	20000	CLOSE_FILE	RESPONSE	0
-#close	2014-08-16-15-58-49
+#close	2015-04-15-23-54-07
diff --git a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/output b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/output
index 3fefea6ea7..1e4a23c30f 100644
--- a/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/output
+++ b/testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/output
@@ -12,7 +12,7 @@ dnp3_application_request_header, T, 199, 2
 dnp3_object_header, T, 17925, 91, 1, 1, 0
 dnp3_object_prefix, T, 838
 dnp3_file_transport, T, 305419896, 2147483648
-0000  ef bb bf 3c 3f 78 6d 6c  20 76 65 72 73 69 6f 6e  ...<?xml  version^J0010  3d 22 31 2e 30 22 20 65  6e 63 6f 64 69 6e 67 3d  ="1.0" e ncoding=^J0020  22 75 74 66 2d 38 22 3f  3e 0d 0a 3c 3f 78 6d 6c  "utf-8"? >..<?xml^J0030  2d 73 74 79 6c 65 73 68  65 65 74 20 74 79 70 65  -stylesh eet type^J0040  3d 27 74 65 78 74 2f 78  73 6c 27 20 68 72 65 66  ='text/x sl' href^J0050  3d 27 44 4e 50 33 44 65  76 69 63 65 50 72 6f 66  ='DNP3De viceProf^J0060  69 6c 65 4a 61 6e 32 30  31 30 2e 78 73 6c 74 27  ileJan20 10.xslt'^J0070  20 6d 65 64 69 61 3d 27  73 63 72 65 65 6e 27 3f   media=' screen'?^J0080  3e 0d 0a 3c 44 4e 50 33  44 65 76 69 63 65 50 72  >..<DNP3 DevicePr^J0090  6f 66 69 6c 65 44 6f 63  75 6d 65 6e 74 20 78 6d  ofileDoc ument xm^J00a0  6c 6e 73 3a 78 73 69 3d  22 68 74 74 70 3a 2f 2f  lns:xsi= "http://^J00b0  77 77 77 2e 77 33 2e 6f  72 67 2f 32 30 30 31 2f  www.w3.o rg/2001/^J00c0  58 4d 4c 53 63 68 65 6d  61 2d 69 6e 73 74 61 6e  XMLSchem a-instan^J00d0  63 65 22 20 78 6d 6c 6e  73 3a 78 73 64 3d 22 68  ce" xmln s:xsd="h^J00e0  74 74 70 3a 2f 2f 77 77  77 2e 77 33 2e 6f 72 67  ttp://ww w.w3.org^J00f0  2f 32 30 30 31 2f 58 4d  4c 53 63 68 65 6d 61 22  /2001/XM LSchema"^J0100  20 73 63 68 65 6d 61 56  65 72 73 69 6f 6e 3d 22   schemaV ersion="^J0110  32 2e 30 37 2e 30 30 22  20 78 6d 6c 6e 73 3d 22  2.07.00"  xmlns="^J0120  68 74 74 70 3a 2f 2f 77  77 77 2e 64 6e 70 33 2e  http://w ww.dnp3.^J0130  6f 72 67 2f 44 4e 50 33  2f 44 65 76 69 63 65 50  org/DNP3 /DeviceP^J0140  72 6f 66 69 6c 65 2f 4a  61 6e 32 30 31 30 22 3e  rofile/J an2010">^J0150  0d 0a 20 20 3c 21 2d 2d  44 6f 63 75 6d 65 6e 74  ..  <!-- Document^J0160  20 48 65 61 64 65 72 2d  2d 3e 0d 0a 20 20 3c 64   Header- ->..  <d^J0170  6f 63 75 6d 65 6e 74 48  65 61 64 65 72 3e 0d 0a  ocumentH eader>..^J0180  20 20 20 20 3c 64 6f 63  75 6d 65 6e 74 4e 61 6d      <doc umentNam^J0190  65 3e 41 20 44 4e 50 33  20 58 4d 4c 20 46 69 6c  e>A DNP3  XML Fil^J01a0  65 3c 2f 64 6f 63 75 6d  65 6e 74 4e 61 6d 65 3e  e</docum entName>^J01b0  0d 0a 20 20 20 20 3c 64  6f 63 75 6d 65 6e 74 44  ..    <d ocumentD^J01c0  65 73 63 72 69 70 74 69  6f 6e 3e 54 68 69 73 20  escripti on>This ^J01d0  69 73 20 61 20 44 4e 50  33 20 43 6f 6d 70 6c 65  is a DNP 3 Comple^J01e0  74 65 20 44 65 76 69 63  65 20 50 72 6f 66 69 6c  te Devic e Profil^J01f0  65 20 66 6f 72 20 44 4e  50 20 4f 75 74 73 74 61  e for DN P Outsta^J0200  74 69 6f 6e 20 69 6e 20  74 68 65 20 54 4d 57 20  tion in  the TMW ^J0210  43 6f 6d 6d 75 6e 69 63  61 74 69 6f 6e 20 50 72  Communic ation Pr^J0220  6f 74 6f 63 6f 6c 20 54  65 73 74 20 48 61 72 6e  otocol T est Harn^J0230  65 73 73 3c 2f 64 6f 63  75 6d 65 6e 74 44 65 73  ess</doc umentDes^J0240  63 72 69 70 74 69 6f 6e  3e 0d 0a 20 20 20 20 3c  cription >..    <^J0250  72 65 76 69 73 69 6f 6e  48 69 73 74 6f 72 79 20  revision History ^J0260  76 65 72 73 69 6f 6e 3d  22 32 22 3e 0d 0a 20 20  version= "2">..  ^J0270  20 20 20 20 3c 64 61 74  65 3e 32 30 31 30 2d 31      <dat e>2010-1^J0280  32 2d 30 31 3c 2f 64 61  74 65 3e 0d 0a 20 20 20  2-01</da te>..   ^J0290  20 20 20 3c 61 75 74 68  6f 72 3e 53 74 65 76 65     <auth or>Steve^J02a0  20 4d 63 43 6f 79 3c 2f  61 75 74 68 6f 72 3e 0d   McCoy</ author>.^J02b0  0a 20 20 20 20 20 20 3c  72 65 61 73 6f 6e 3e 44  .      < reason>D^J02c0  6f 63 75 6d 65 6e 74 65  64 20 54 65 73 74 20 48  ocumente d Test H^J02d0  61 72 6e 65 73 73 20 53  44 4e 50 20 44 65 76 69  arness S DNP Devi^J02e0  63 65 20 50 72 6f 66 69  6c 65 3c 2f 72 65 61 73  ce Profi le</reas^J02f0  6f 6e 3e 0d 0a 20 20 20  20 3c 2f 72 65 76 69 73  on>..     </revis^J0300  69 6f 6e 48 69 73 74 6f  72 79 3e 0d 0a 20 20 3c  ionHisto ry>..  <^J0310  2f 64 6f 63 75 6d 65 6e  74 48 65 61 64 65 72 3e  /documen tHeader>^J0320  0d 0a 3c 2f 44 4e 50 33  44 65 76 69 63 65 50 72  ..</DNP3 DevicePr^J0330  6f 66 69 6c 65 44 6f 63  75 6d 65 6e 74 3e        ofileDoc ument>^J
+0000  ef bb bf 3c 3f 78 6d 6c  20 76 65 72 73 69 6f 6e  ...<?xml  version\x0a0010  3d 22 31 2e 30 22 20 65  6e 63 6f 64 69 6e 67 3d  ="1.0" e ncoding=\x0a0020  22 75 74 66 2d 38 22 3f  3e 0d 0a 3c 3f 78 6d 6c  "utf-8"? >..<?xml\x0a0030  2d 73 74 79 6c 65 73 68  65 65 74 20 74 79 70 65  -stylesh eet type\x0a0040  3d 27 74 65 78 74 2f 78  73 6c 27 20 68 72 65 66  ='text/x sl' href\x0a0050  3d 27 44 4e 50 33 44 65  76 69 63 65 50 72 6f 66  ='DNP3De viceProf\x0a0060  69 6c 65 4a 61 6e 32 30  31 30 2e 78 73 6c 74 27  ileJan20 10.xslt'\x0a0070  20 6d 65 64 69 61 3d 27  73 63 72 65 65 6e 27 3f   media=' screen'?\x0a0080  3e 0d 0a 3c 44 4e 50 33  44 65 76 69 63 65 50 72  >..<DNP3 DevicePr\x0a0090  6f 66 69 6c 65 44 6f 63  75 6d 65 6e 74 20 78 6d  ofileDoc ument xm\x0a00a0  6c 6e 73 3a 78 73 69 3d  22 68 74 74 70 3a 2f 2f  lns:xsi= "http://\x0a00b0  77 77 77 2e 77 33 2e 6f  72 67 2f 32 30 30 31 2f  www.w3.o rg/2001/\x0a00c0  58 4d 4c 53 63 68 65 6d  61 2d 69 6e 73 74 61 6e  XMLSchem a-instan\x0a00d0  63 65 22 20 78 6d 6c 6e  73 3a 78 73 64 3d 22 68  ce" xmln s:xsd="h\x0a00e0  74 74 70 3a 2f 2f 77 77  77 2e 77 33 2e 6f 72 67  ttp://ww w.w3.org\x0a00f0  2f 32 30 30 31 2f 58 4d  4c 53 63 68 65 6d 61 22  /2001/XM LSchema"\x0a0100  20 73 63 68 65 6d 61 56  65 72 73 69 6f 6e 3d 22   schemaV ersion="\x0a0110  32 2e 30 37 2e 30 30 22  20 78 6d 6c 6e 73 3d 22  2.07.00"  xmlns="\x0a0120  68 74 74 70 3a 2f 2f 77  77 77 2e 64 6e 70 33 2e  http://w ww.dnp3.\x0a0130  6f 72 67 2f 44 4e 50 33  2f 44 65 76 69 63 65 50  org/DNP3 /DeviceP\x0a0140  72 6f 66 69 6c 65 2f 4a  61 6e 32 30 31 30 22 3e  rofile/J an2010">\x0a0150  0d 0a 20 20 3c 21 2d 2d  44 6f 63 75 6d 65 6e 74  ..  <!-- Document\x0a0160  20 48 65 61 64 65 72 2d  2d 3e 0d 0a 20 20 3c 64   Header- ->..  <d\x0a0170  6f 63 75 6d 65 6e 74 48  65 61 64 65 72 3e 0d 0a  ocumentH eader>..\x0a0180  20 20 20 20 3c 64 6f 63  75 6d 65 6e 74 4e 61 6d      <doc umentNam\x0a0190  65 3e 41 20 44 4e 50 33  20 58 4d 4c 20 46 69 6c  e>A DNP3  XML Fil\x0a01a0  65 3c 2f 64 6f 63 75 6d  65 6e 74 4e 61 6d 65 3e  e</docum entName>\x0a01b0  0d 0a 20 20 20 20 3c 64  6f 63 75 6d 65 6e 74 44  ..    <d ocumentD\x0a01c0  65 73 63 72 69 70 74 69  6f 6e 3e 54 68 69 73 20  escripti on>This \x0a01d0  69 73 20 61 20 44 4e 50  33 20 43 6f 6d 70 6c 65  is a DNP 3 Comple\x0a01e0  74 65 20 44 65 76 69 63  65 20 50 72 6f 66 69 6c  te Devic e Profil\x0a01f0  65 20 66 6f 72 20 44 4e  50 20 4f 75 74 73 74 61  e for DN P Outsta\x0a0200  74 69 6f 6e 20 69 6e 20  74 68 65 20 54 4d 57 20  tion in  the TMW \x0a0210  43 6f 6d 6d 75 6e 69 63  61 74 69 6f 6e 20 50 72  Communic ation Pr\x0a0220  6f 74 6f 63 6f 6c 20 54  65 73 74 20 48 61 72 6e  otocol T est Harn\x0a0230  65 73 73 3c 2f 64 6f 63  75 6d 65 6e 74 44 65 73  ess</doc umentDes\x0a0240  63 72 69 70 74 69 6f 6e  3e 0d 0a 20 20 20 20 3c  cription >..    <\x0a0250  72 65 76 69 73 69 6f 6e  48 69 73 74 6f 72 79 20  revision History \x0a0260  76 65 72 73 69 6f 6e 3d  22 32 22 3e 0d 0a 20 20  version= "2">..  \x0a0270  20 20 20 20 3c 64 61 74  65 3e 32 30 31 30 2d 31      <dat e>2010-1\x0a0280  32 2d 30 31 3c 2f 64 61  74 65 3e 0d 0a 20 20 20  2-01</da te>..   \x0a0290  20 20 20 3c 61 75 74 68  6f 72 3e 53 74 65 76 65     <auth or>Steve\x0a02a0  20 4d 63 43 6f 79 3c 2f  61 75 74 68 6f 72 3e 0d   McCoy</ author>.\x0a02b0  0a 20 20 20 20 20 20 3c  72 65 61 73 6f 6e 3e 44  .      < reason>D\x0a02c0  6f 63 75 6d 65 6e 74 65  64 20 54 65 73 74 20 48  ocumente d Test H\x0a02d0  61 72 6e 65 73 73 20 53  44 4e 50 20 44 65 76 69  arness S DNP Devi\x0a02e0  63 65 20 50 72 6f 66 69  6c 65 3c 2f 72 65 61 73  ce Profi le</reas\x0a02f0  6f 6e 3e 0d 0a 20 20 20  20 3c 2f 72 65 76 69 73  on>..     </revis\x0a0300  69 6f 6e 48 69 73 74 6f  72 79 3e 0d 0a 20 20 3c  ionHisto ry>..  <\x0a0310  2f 64 6f 63 75 6d 65 6e  74 48 65 61 64 65 72 3e  /documen tHeader>\x0a0320  0d 0a 3c 2f 44 4e 50 33  44 65 76 69 63 65 50 72  ..</DNP3 DevicePr\x0a0330  6f 66 69 6c 65 44 6f 63  75 6d 65 6e 74 3e        ofileDoc ument>\x0a
 dnp3_header_block, F, 25605, 25, 68, 3, 4
 dnp3_application_response_header, F, 199, 129, 0
 dnp3_object_header, F, 17926, 91, 1, 1, 0
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log b/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log
index 6e2a0a4699..7e09f39404 100644
--- a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log
@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dns
-#open	2014-01-28-14-58-56
+#open	2015-03-19-15-44-23
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
 #types	time	string	addr	port	addr	port	enum	count	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
 1363716396.798072	CXWv6p3arKYeMETxOg	55.247.223.174	27285	222.195.43.124	53	udp	21140	www.cmu.edu	1	C_INTERNET	1	A	0	NOERROR	T	F	F	F	1	www-cmu.andrew.cmu.edu,<unknown type=46>,www-cmu-2.andrew.cmu.edu,128.2.10.163	86400.000000,86400.000000,5.000000,21600.000000	F
-1363716396.798374	CXWv6p3arKYeMETxOg	55.247.223.174	27285	222.195.43.124	53	udp	21140	-	-	-	-	-	0	NOERROR	T	F	F	F	0	www-cmu.andrew.cmu.edu,<unknown type=46>,www-cmu-2.andrew.cmu.edu,128.2.10.163	86400.000000,86400.000000,5.000000,21600.000000	F
-#close	2014-01-28-14-58-56
+1363716396.798374	CXWv6p3arKYeMETxOg	55.247.223.174	27285	222.195.43.124	53	udp	21140	www.cmu.edu	-	-	-	-	0	NOERROR	T	F	F	F	0	www-cmu.andrew.cmu.edu,<unknown type=46>,www-cmu-2.andrew.cmu.edu,128.2.10.163	86400.000000,86400.000000,5.000000,21600.000000	F
+#close	2015-03-19-15-44-23
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log b/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log
index 295de4ec2c..5b9f54dbf1 100644
--- a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log
@@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2014-02-13-20-36-35
+#open	2015-03-19-15-44-23
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-1363716396.798286	CXWv6p3arKYeMETxOg	55.247.223.174	27285	222.195.43.124	53	DNS_RR_unknown_type	-	F	bro
+1363716396.798286	CXWv6p3arKYeMETxOg	55.247.223.174	27285	222.195.43.124	53	DNS_RR_unknown_type	46	F	bro
 1363716396.798374	CXWv6p3arKYeMETxOg	55.247.223.174	27285	222.195.43.124	53	dns_unmatched_reply	-	F	bro
 1363716396.798374	-	-	-	-	-	dns_unmatched_msg	-	F	bro
-#close	2014-02-13-20-36-35
+#close	2015-03-19-15-44-23
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.flip/dns.log b/testing/btest/Baseline/scripts.base.protocols.dns.flip/dns.log
new file mode 100644
index 0000000000..3a86abc5d6
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.flip/dns.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dns
+#open	2015-03-19-16-50-45
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
+#types	time	string	addr	port	addr	port	enum	count	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
+964953086.310131	CXWv6p3arKYeMETxOg	10.20.1.31	53	207.158.192.40	53	udp	25701	us.v27.distributed.net	-	-	-	-	0	NOERROR	T	F	F	T	0	206.109.64.186,216.1.205.81,205.149.163.211,134.53.131.135,134.53.131.192,128.104.18.148,204.152.186.139,63.77.33.226	900.000000,900.000000,900.000000,900.000000,900.000000,900.000000,900.000000,900.000000	F
+#close	2015-03-19-16-50-45
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.multiple-txt-strings/dns.log b/testing/btest/Baseline/scripts.base.protocols.dns.multiple-txt-strings/dns.log
index ba73d16c82..eb95e1dcc8 100644
--- a/testing/btest/Baseline/scripts.base.protocols.dns.multiple-txt-strings/dns.log
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.multiple-txt-strings/dns.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dns
-#open	2014-04-24-23-33-57
+#open	2015-03-19-15-44-24
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
 #types	time	string	addr	port	addr	port	enum	count	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
-1398382067.286885	CXWv6p3arKYeMETxOg	192.150.187.50	51946	68.142.255.16	53	udp	28079	-	-	-	-	-	0	NOERROR	T	F	F	F	0	fa14._domainkey.flickr.com,fa14._domainkey.yahoo.com,TXT 127 k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPdPfyJM2R2GqMyZM1flTzFeDIU+e7KmiKRw5yz3Xht+cgEIiHmm5lIGBuWCc5rtiy0CcxePpqccPKjn TXT 98 HSrDI23PU+HOuqJ6ergE1IOsL6LOEgG6YT53vMb8Z6UiBSsYPlrDEC+8CUIkTLMLXJauRK5bNRKV1ATGzGFpf3TjZtWwIDAQAB	900.000000,900.000000,7200.000000	F
-#close	2014-04-24-23-33-57
+1398382067.286885	CXWv6p3arKYeMETxOg	192.150.187.50	51946	68.142.255.16	53	udp	28079	flkr._domainkey.flickr.com	-	-	-	-	0	NOERROR	T	F	F	F	0	fa14._domainkey.flickr.com,fa14._domainkey.yahoo.com,TXT 127 k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPdPfyJM2R2GqMyZM1flTzFeDIU+e7KmiKRw5yz3Xht+cgEIiHmm5lIGBuWCc5rtiy0CcxePpqccPKjn TXT 98 HSrDI23PU+HOuqJ6ergE1IOsL6LOEgG6YT53vMb8Z6UiBSsYPlrDEC+8CUIkTLMLXJauRK5bNRKV1ATGzGFpf3TjZtWwIDAQAB	900.000000,900.000000,7200.000000	F
+#close	2015-03-19-15-44-24
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.tsig/out b/testing/btest/Baseline/scripts.base.protocols.dns.tsig/out
index ddeb775ec8..4894e93d4b 100644
--- a/testing/btest/Baseline/scripts.base.protocols.dns.tsig/out
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.tsig/out
@@ -1,2 +1,2 @@
-[query=secret-key, qtype=3, alg_name=hmac-md5.sig-alg.reg.int, sig=F\xbd\xbf1\xef^B6\xb8\xeb\xae1u,\x87\xdb^?, time_signed=21513.794, fudge=300.0, orig_id=9703, rr_error=0, is_query=1]
+[query=secret-key, qtype=3, alg_name=hmac-md5.sig-alg.reg.int, sig=F\xbd\xbf1\xef\x026\xb8\xeb\xae1u,\x87\xdb\x7f, time_signed=21513.794, fudge=300.0, orig_id=9703, rr_error=0, is_query=1]
 16
diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/conn.log b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/conn.log
index 9c58298dbe..96e81100ca 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/conn.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/conn.log
@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-43-47
+#open	2015-04-17-16-45-58
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
 1348168976.274919	CXWv6p3arKYeMETxOg	192.168.57.103	60108	192.168.57.101	2811	tcp	ssl,ftp,gridftp	0.294743	4491	6659	SF	-	-	0	ShAdDaFf	22	5643	21	7759	(empty)
-1348168976.546371	CjhGID4nQcgTWjvg4c	192.168.57.103	35391	192.168.57.101	55968	tcp	ssl,gridftp-data	0.011938	2135	3196	S1	-	-	0	ShADad	8	2559	6	3516	(empty)
-#close	2015-02-23-21-43-47
+1348168976.546371	CjhGID4nQcgTWjvg4c	192.168.57.103	35391	192.168.57.101	55968	tcp	ssl,gridftp-data	0.010760	2109	3196	S1	-	-	0	ShADad	7	2481	6	3516	(empty)
+#close	2015-04-17-16-45-58
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.entity-gap/entity_data b/testing/btest/Baseline/scripts.base.protocols.http.entity-gap/entity_data
index 37d10fb294..be54ab1abc 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.entity-gap/entity_data
+++ b/testing/btest/Baseline/scripts.base.protocols.http.entity-gap/entity_data
@@ -1,4 +1,4 @@
-^J0.26 | 2012-08-24 15:10:04 -0700^J^J  * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)^J^J  * Fixing GPG signing script. (Robin Sommer)^J^J0.25 | 2012-08-01 13:55:46 -0500^J^J  * Fix configure script to exit with non-zero status on error (Jon Siwek)^J^J0.24 | 2012-07-05 12:50:43 -0700^J^J  * Raise minimum required CMake version to 2.6.3 (Jon Siwek)^J^J  * Adding script to delete old fully-merged branches. (Robin Sommer)^J^J0.23-2 | 2012-01-25 13:24:01 -0800^J^J  * Fix a bro-cut error message. (Daniel Thayer)^J^J0.23 | 2012-01-11 12:16:11 -0800^J^J  * Tweaks to release scripts, plus a new one for signing files.^J    (Robin Sommer)^J^J0.22 | 2012-01-10 16:45:19 -0800^J^J  * Tweaks for OpenBSD support. (Jon Siwek)^J^J  * bro-cut extensions and fixes.  (Robin Sommer)^J    ^J    - If no field names are given on the command line, we now pass through^J      all fields. Adresses #657.^J^J    - Removing some GNUism from awk script. Addresses #653.^J^J    - Added option for time output in UTC. Addresses #668.^J^J    - Added output field separator option -F. Addresses #649.^J^J    - Fixing option -c: only some header lines were passed through^J   
+\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a  * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a  * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a  * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a  * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a  * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a  * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a  * Tweaks to release scripts, plus a new one for signing files.\x0a    (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a  * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a  * bro-cut extensions and fixes.  (Robin Sommer)\x0a    \x0a    - If no field names are given on the command line, we now pass through\x0a      all fields. Adresses #657.\x0a\x0a    - Removing some GNUism from awk script. Addresses #653.\x0a\x0a    - Added option for time output in UTC. Addresses #668.\x0a\x0a    - Added output field separator option -F. Addresses #649.\x0a\x0a    - Fixing option -c: only some header lines were passed through\x0a   
 <1448 byte gap>
-s/check-release to run before making releases.^J    (Robin Sommer)^J^J  * devel-tools/update-changes gets a new option -a to amend to^J    previous commit if possible. Default is now not to (used to be the^J    opposite). (Robin Sommer)^J^J  * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)^J^J  * Change distclean to only remove build dir. (Jon Siwek)^J^J  * Make dist now cleans the copied source (Jon Siwek)^J^J  * Small tweak to make-release for forced git-clean. (Jon Siwek)^J^J  * Fix to not let updates scripts loose their executable permissions.^J    (Robin Sommer)^J^J  * devel-tools/update-changes now looks for a 'release' tag to^J    idenfify the stable version, and 'beta' for the beta versions.^J    (Robin Sommer).^J^J  * Distribution cleanup. (Robin Sommer)^J^J  * New script devel-tools/make-release to create source tar balls.^J    (Robin Sommer)^J^J  * Removing bdcat. With the new log format, this isn't very useful^J    anymore. (Robin Sommer)^J^J  * Adding script that shows all pending git fastpath commits. (Robin^J    Sommer)^J^J  * Script to measure CPU time by loading an increasing set of^J    scripts. (Robin Sommer)^J^J  * extract-conn script now deals wit *.gz files. (Robin Sommer)^J^J  * Tiny update to output a valid CA list file for SSL cert^J    validation. (Seth Hall)^J^J  * Adding "install-aux" target. Addresses #622. (Jon Siwek)^J^J  * Distribution cleanup. (Jon Siwek and Robin Sommer)^J^J  * FindPCAP now links against
- thread library when necessary (e.g.^J    PF_RING's libpcap) (Jon Siwek)^J^J  * Install binaries with an RPATH (Jon Siwek)^J^J  * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)^J^J  * Rewrite of the update-changes script. (Robin Sommer)^J^J0.1-1 | 2011-06-14 21:12:41 -0700^J^J  * Add a script for generating Mozilla's CA list for the SSL analyzer.^J    (Seth Hall)^J^J0.1 | 2011-04-01 16:28:22 -0700^J^J  * Converting build process to CMake. (Jon Siwek)^J^J  * Removing cf/hf/ca-* from distribution. The README has a note where^J    to find them now. (Robin Sommer)^J^J  * General cleanup. (Robin Sommer)^J^J  * Initial import of bro/aux from SVN r7088. (Jon Siwek)^J
+s/check-release to run before making releases.\x0a    (Robin Sommer)\x0a\x0a  * devel-tools/update-changes gets a new option -a to amend to\x0a    previous commit if possible. Default is now not to (used to be the\x0a    opposite). (Robin Sommer)\x0a\x0a  * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a  * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a  * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a  * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a  * Fix to not let updates scripts loose their executable permissions.\x0a    (Robin Sommer)\x0a\x0a  * devel-tools/update-changes now looks for a 'release' tag to\x0a    idenfify the stable version, and 'beta' for the beta versions.\x0a    (Robin Sommer).\x0a\x0a  * Distribution cleanup. (Robin Sommer)\x0a\x0a  * New script devel-tools/make-release to create source tar balls.\x0a    (Robin Sommer)\x0a\x0a  * Removing bdcat. With the new log format, this isn't very useful\x0a    anymore. (Robin Sommer)\x0a\x0a  * Adding script that shows all pending git fastpath commits. (Robin\x0a    Sommer)\x0a\x0a  * Script to measure CPU time by loading an increasing set of\x0a    scripts. (Robin Sommer)\x0a\x0a  * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a  * Tiny update to output a valid CA list file for SSL cert\x0a    validation. (Seth Hall)\x0a\x0a  * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a  * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a  * FindPCAP now links against
+ thread library when necessary (e.g.\x0a    PF_RING's libpcap) (Jon Siwek)\x0a\x0a  * Install binaries with an RPATH (Jon Siwek)\x0a\x0a  * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a  * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a  * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a    (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a  * Converting build process to CMake. (Jon Siwek)\x0a\x0a  * Removing cf/hf/ca-* from distribution. The README has a note where\x0a    to find them now. (Robin Sommer)\x0a\x0a  * General cleanup. (Robin Sommer)\x0a\x0a  * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.entity-gap2/entity_data b/testing/btest/Baseline/scripts.base.protocols.http.entity-gap2/entity_data
index c6e5999e07..63001e975d 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.entity-gap2/entity_data
+++ b/testing/btest/Baseline/scripts.base.protocols.http.entity-gap2/entity_data
@@ -1,4 +1,4 @@
-^J0.26 | 2012-08-24 15:10:04 -0700^J^J  * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)^J^J  * Fixing GPG signing script. (Robin Sommer)^J^J0.25 | 2012-08-01 13:55:46 -0500^J^J  * Fix configure script to exit with non-zero status on error (Jon Siwek)^J^J0.24 | 2012-07-05 12:50:43 -0700^J^J  * Raise minimum required CMake version to 2.6.3 (Jon Siwek)^J^J  * Adding script to delete old fully-merged branches. (Robin Sommer)^J^J0.23-2 | 2012-01-25 13:24:01 -0800^J^J  * Fix a bro-cut error message. (Daniel Thayer)^J^J0.23 | 2012-01-11 12:16:11 -0800^J^J  * Tweaks to release scripts, plus a new one for signing files.^J    (Robin Sommer)^J^J0.22 | 2012-01-10 16:45:19 -0800^J^J  * Tweaks for OpenBSD support. (Jon Siwek)^J^J  * bro-cut extensions and fixes.  (Robin Sommer)^J    ^J    - If no field names are given on the command line, we now pass through^J      all fields. Adresses #657.^J^J    - Removing some GNUism from awk script. Addresses #653.^J^J    - Added option for time output in UTC. Addresses #668.^J^J    - Added output field separator option -F. Addresses #649.^J^J    - Fixing option -c: only some header lines were passed through^J   
-   rather than all. (Robin Sommer)^J^J  * Fix parallel make portability. (Jon Siwek)^J^J0.21-9 | 2011-11-07 05:44:14 -0800^J^J  * Fixing compiler warnings. Addresses #388. (Jon Siwek)^J^J0.21-2 | 2011-11-02 18:12:13 -0700^J^J  * Fix for misnaming temp file in update-changes script. (Robin Sommer)^J^J0.21-1 | 2011-11-02 18:10:39 -0700^J^J  * Little fix for make-release script, which could pick out the wrong^J    tag. (Robin Sommer)^J^J0.21 | 2011-10-27 17:40:45 -0700^J^J  * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)^J^J  * Bugfix in update-changes script. (Robin Sommer)^J^J  * update-changes now ignores commits it did itself. (Robin Sommer)^J^J  * Fix a bug in the update-changes script. (Robin Sommer)^J^J  * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)^J^J  * Options to adjust time format for bro-cut. (Robin Sommer)^J^J    The default with -d is now ISO format. The new option "-D <fmt>"^J    specifies a custom strftime()-style format string. Alternatively,^J    the environment variable BRO_CUT_TIMEFMT can set the format as^J    well.^J^J  * bro-cut now understands the field separator header. (Robin Sommer)^J^J  * Renaming options -h/-H -> -c/-C, and doing some general cleanup.^J^J0.2 | 2011-10-25 19:53:57 -0700^J^J  * Adding support for replacing version string in a setup.py. (Robin^J    Sommer)^J^J  * Change generated root cert DN indices format for RFC2253^J    compliance. (Jon Siwek)^J^J  * New tool devel-tool
+\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a  * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a  * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a  * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a  * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a  * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a  * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a  * Tweaks to release scripts, plus a new one for signing files.\x0a    (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a  * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a  * bro-cut extensions and fixes.  (Robin Sommer)\x0a    \x0a    - If no field names are given on the command line, we now pass through\x0a      all fields. Adresses #657.\x0a\x0a    - Removing some GNUism from awk script. Addresses #653.\x0a\x0a    - Added option for time output in UTC. Addresses #668.\x0a\x0a    - Added output field separator option -F. Addresses #649.\x0a\x0a    - Fixing option -c: only some header lines were passed through\x0a   
+   rather than all. (Robin Sommer)\x0a\x0a  * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a  * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a  * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a  * Little fix for make-release script, which could pick out the wrong\x0a    tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a  * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a  * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a  * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a  * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a  * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a  * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a    The default with -d is now ISO format. The new option "-D <fmt>"\x0a    specifies a custom strftime()-style format string. Alternatively,\x0a    the environment variable BRO_CUT_TIMEFMT can set the format as\x0a    well.\x0a\x0a  * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a  * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a  * Adding support for replacing version string in a setup.py. (Robin\x0a    Sommer)\x0a\x0a  * Change generated root cert DN indices format for RFC2253\x0a    compliance. (Jon Siwek)\x0a\x0a  * New tool devel-tool
 <1448 byte gap>
- thread library when necessary (e.g.^J    PF_RING's libpcap) (Jon Siwek)^J^J  * Install binaries with an RPATH (Jon Siwek)^J^J  * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)^J^J  * Rewrite of the update-changes script. (Robin Sommer)^J^J0.1-1 | 2011-06-14 21:12:41 -0700^J^J  * Add a script for generating Mozilla's CA list for the SSL analyzer.^J    (Seth Hall)^J^J0.1 | 2011-04-01 16:28:22 -0700^J^J  * Converting build process to CMake. (Jon Siwek)^J^J  * Removing cf/hf/ca-* from distribution. The README has a note where^J    to find them now. (Robin Sommer)^J^J  * General cleanup. (Robin Sommer)^J^J  * Initial import of bro/aux from SVN r7088. (Jon Siwek)^J
+ thread library when necessary (e.g.\x0a    PF_RING's libpcap) (Jon Siwek)\x0a\x0a  * Install binaries with an RPATH (Jon Siwek)\x0a\x0a  * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a  * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a  * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a    (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a  * Converting build process to CMake. (Jon Siwek)\x0a\x0a  * Removing cf/hf/ca-* from distribution. The README has a note where\x0a    to find them now. (Robin Sommer)\x0a\x0a  * General cleanup. (Robin Sommer)\x0a\x0a  * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log
index 8a00755e8d..d8a78a38b1 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log
@@ -3,56 +3,56 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
-#open	2014-04-01-23-16-03
+#open	2015-04-20-12-36-37
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	orig_fuids	orig_mime_types	resp_fuids	resp_mime_types
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]
 1354328870.191989	CXWv6p3arKYeMETxOg	128.2.6.136	46562	173.194.75.103	80	1	OPTIONS	www.google.com	*	-	-	0	962	405	Method Not Allowed	-	-	-	(empty)	-	-	-	-	-	FKgccv1sOsIPuN3b73	text/html
 1354328874.237327	CjhGID4nQcgTWjvg4c	128.2.6.136	46563	173.194.75.103	80	1	OPTIONS	www.google.com	HTTP/1.1	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FWUdF12OgqGLhf3NPl	text/html
-1354328874.299063	CCvvfg3TEfuqmmG4bh	128.2.6.136	46564	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FE9yCx4wFg8js0ey37	text/html
-1354328874.342591	CsRx2w45OKnoww6xl4	128.2.6.136	46565	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FNt1Jq2h23tJ5Hwp2b	text/html
+1354328874.299063	CCvvfg3TEfuqmmG4bh	128.2.6.136	46564	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FrYoRN2EwpZyXbyvF8	text/html
+1354328874.342591	CsRx2w45OKnoww6xl4	128.2.6.136	46565	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FJPouz1lbXUsa4Ef1	text/html
 1354328874.364020	CRJuHdVW0XPVINV8a	128.2.6.136	46566	173.194.75.103	80	1	GET	www.google.com	/	-	-	0	43911	200	OK	-	-	-	(empty)	-	-	-	-	-	FbONWS332vB7QP1sDi	text/html
 1354328878.470424	CPbrpk1qSsw6ESzHV4	128.2.6.136	46567	173.194.75.103	80	1	GET	www.google.com	/	-	-	0	43983	200	OK	-	-	-	(empty)	-	-	-	-	-	Fw8xGD2taqNAOVvI88	text/html
 1354328882.575456	C6pKV8GSxOnSLghOa	128.2.6.136	46568	173.194.75.103	80	1	GET	www.google.com	/HTTP/1.1	-	-	0	1207	403	Forbidden	-	-	-	(empty)	-	-	-	-	-	FdEQPY3H4Z608y5yq1	text/html
-1354328882.928027	CIPOse170MGiRM1Qf4	128.2.6.136	46569	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	Fe1D9QLJph7d7eq5l	text/html
-1354328882.968948	C7XEbhP654jzLoe3a	128.2.6.136	46570	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FxJ9Xg33X67Nyx01C2	text/html
+1354328882.928027	CIPOse170MGiRM1Qf4	128.2.6.136	46569	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FcNjaW3kDUju84cG3	text/html
+1354328882.968948	C7XEbhP654jzLoe3a	128.2.6.136	46570	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	Fe8v8c49yLvORp3zva	text/html
 1354328882.990373	CJ3xTn1c4Zw9TmAE05	128.2.6.136	46571	173.194.75.103	80	1	GET	www.google.com	/	-	-	0	43913	200	OK	-	-	-	(empty)	-	-	-	-	-	FAbDo7c8yz5wducYb	text/html
-1354328887.114613	CMXxB5GvmoxJFXdTa	128.2.6.136	46572	173.194.75.103	80	0	-	-	-	-	-	0	961	405	Method Not Allowed	-	-	-	(empty)	-	-	-	-	-	Fz1p2N3K0efiD4l7kc	text/html
-1354328891.161077	Caby8b1slFea8xwSmb	128.2.6.136	46573	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FnhBKS2ssy1v8C41Jf	text/html
-1354328891.204740	Che1bq3i2rO3KD1Syg	128.2.6.136	46574	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FWs6es4rYFRUFyUzC1	text/html
-1354328891.245592	C3SfNE4BWaU4aSuwkc	128.2.6.136	46575	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FNQNbG1yFFfHE0L8O7	text/html
-1354328891.287655	CEle3f3zno26fFZkrh	128.2.6.136	46576	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FzDULh4an8RDf3xKpi	text/html
+1354328887.114613	CMXxB5GvmoxJFXdTa	128.2.6.136	46572	173.194.75.103	80	1	-	-	-	-	-	0	961	405	Method Not Allowed	-	-	-	(empty)	-	-	-	-	-	F7zifu3d5nGrdGffO4	text/html
+1354328891.161077	Caby8b1slFea8xwSmb	128.2.6.136	46573	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FNf9mc2b0BWWP1UxWe	text/html
+1354328891.204740	Che1bq3i2rO3KD1Syg	128.2.6.136	46574	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FG2K813sKEZvZ2TNY4	text/html
+1354328891.245592	C3SfNE4BWaU4aSuwkc	128.2.6.136	46575	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FOOeqs4Vg0Zs3rcVYi	text/html
+1354328891.287655	CEle3f3zno26fFZkrh	128.2.6.136	46576	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	F2wfYn1yFdeOeHFYA8	text/html
 1354328891.309065	CwSkQu4eWZCH7OONC1	128.2.6.136	46577	173.194.75.103	80	1	CCM_POST	www.google.com	/	-	-	0	963	405	Method Not Allowed	-	-	-	(empty)	-	-	-	-	-	F1d9bG11AdUoYIAPna	text/html
 1354328895.355012	CfTOmO0HKorjr8Zp7	128.2.6.136	46578	173.194.75.103	80	1	CCM_POST	www.google.com	/HTTP/1.1	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	F73Xpt400aDAjp1tOj	text/html
-1354328895.416133	CzA03V1VcgagLjnO92	128.2.6.136	46579	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FlniJMJjcc7kx6rhj	text/html
-1354328895.459490	CyAhVIzHqb7t7kv28	128.2.6.136	46580	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FihiZm4nJV0LOus1F1	text/html
+1354328895.416133	CzA03V1VcgagLjnO92	128.2.6.136	46579	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FANgwp2fEJblWfGtqk	text/html
+1354328895.459490	CyAhVIzHqb7t7kv28	128.2.6.136	46580	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FUelQv4zC3B2JEWwQ6	text/html
 1354328895.480865	Cab0vO1xNYSS2hJkle	128.2.6.136	46581	173.194.75.103	80	1	CCM_POST	www.google.com	/	-	-	0	963	405	Method Not Allowed	-	-	-	(empty)	-	-	-	-	-	FodlEg40uUijFetJb9	text/html
 1354328899.526682	Cx2FqO23omNawSNrxj	128.2.6.136	46582	173.194.75.103	80	1	CONNECT	www.google.com	/	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FgQlB81dSyLHN5T8Q4	text/html
 1354328903.572533	Cx3C534wEyF3OvvcQe	128.2.6.136	46583	173.194.75.103	80	1	CONNECT	www.google.com	/HTTP/1.1	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FW2UCD2e0jxAndsTK3	text/html
-1354328903.634196	CkDsfG2YIeWJmXWNWj	128.2.6.136	46584	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FNzD1t4XvaMaqIEamf	text/html
-1354328903.676395	CUKS0W3HFYOnBqSE5e	128.2.6.136	46585	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	Fq1Oia2lyBocfl9sX6	text/html
+1354328903.634196	CkDsfG2YIeWJmXWNWj	128.2.6.136	46584	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FKANAL2sLvMgJdaEKa	text/html
+1354328903.676395	CUKS0W3HFYOnBqSE5e	128.2.6.136	46585	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FNRuYy4eahAmiehFvd	text/html
 1354328903.697693	CRrfvP2lalMAYOCLhj	128.2.6.136	46586	173.194.75.103	80	1	CONNECT	www.google.com	/	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FAVGIL2N6x9nLyfGHh	text/html
 1354328907.743696	Cn78a440HlxuyZKs6f	128.2.6.136	46587	173.194.75.103	80	1	TRACE	www.google.com	/	-	-	0	960	405	Method Not Allowed	-	-	-	(empty)	-	-	-	-	-	FKbiICMAvCsO6CFjk	text/html
 1354328911.790590	CUof3F2yAIid8QS3dk	128.2.6.136	46588	173.194.75.103	80	1	TRACE	www.google.com	/HTTP/1.1	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FD5riIpYe5BLR0aok	text/html
-1354328911.853464	CojBOU3CXcLHl1r6x1	128.2.6.136	46589	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FHB2lg2TvAjywhH0Yc	text/html
-1354328911.897044	CJzVQRGJrX6V15ik7	128.2.6.136	46590	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FIcQHt2xzPeH47BMdl	text/html
+1354328911.853464	CojBOU3CXcLHl1r6x1	128.2.6.136	46589	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FUzHwP1gT2UJYnUpUi	text/html
+1354328911.897044	CJzVQRGJrX6V15ik7	128.2.6.136	46590	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FfLe59279TLFl2hHKc	text/html
 1354328911.918511	ClAbxY1nmdjCuo0Le2	128.2.6.136	46591	173.194.75.103	80	1	TRACE	www.google.com	/	-	-	0	960	405	Method Not Allowed	-	-	-	(empty)	-	-	-	-	-	FQrvtP3qpKeKPxn5Gf	text/html
 1354328915.964678	CwG0BF1VXE0gWgs78	128.2.6.136	46592	173.194.75.103	80	1	DELETE	www.google.com	/	-	-	0	961	405	Method Not Allowed	-	-	-	(empty)	-	-	-	-	-	Fs5qiV3XoBOExKLdi4	text/html
 1354328920.010458	CisNaL1Cm73CiNOmcg	128.2.6.136	46593	173.194.75.103	80	1	DELETE	www.google.com	/HTTP/1.1	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FpkucFbcGcM4CNkZf	text/html
-1354328920.072101	CBQnJn22qN8TOeeZil	128.2.6.136	46594	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FcavKi2ltkvguBtFh4	text/html
-1354328920.114526	CbEsuD3dgDDngdlbKf	128.2.6.136	46595	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FWc18o1CNTndDqC3Sc	text/html
+1354328920.072101	CBQnJn22qN8TOeeZil	128.2.6.136	46594	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FBu6A04t7ZjbY0dCi8	text/html
+1354328920.114526	CbEsuD3dgDDngdlbKf	128.2.6.136	46595	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	Fk7Se84fbLvbZEfBCd	text/html
 1354328920.136714	Cktvtw2VqwbTG0OgWk	128.2.6.136	46596	173.194.75.103	80	1	DELETE	www.google.com	/	-	-	0	961	405	Method Not Allowed	-	-	-	(empty)	-	-	-	-	-	FNb8ZY2Zvw0MpF1qU4	text/html
 1354328924.183211	CKfF8L3XSsgT2WYDN	128.2.6.136	46597	173.194.75.103	80	1	PUT	www.google.com	/	-	-	0	934	411	Length Required	-	-	-	(empty)	-	-	-	-	-	Fo23U03XCMamm7QQWe	text/html
 1354328924.224567	CHrnr1115j0JRSXjG6	128.2.6.136	46598	173.194.75.103	80	1	PUT	www.google.com	/HTTP/1.1	-	-	0	934	411	Length Required	-	-	-	(empty)	-	-	-	-	-	FqyVeZqSV8Tz7hfT1	text/html
-1354328924.287402	Cnkr172qPtDAaK7Xd	128.2.6.136	46599	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FeaMQe4sztncIKuIdg	text/html
-1354328924.328257	CcxZj6188NwHGl3a16	128.2.6.136	46600	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FVZu7439jNbDyOjNDj	text/html
+1354328924.287402	Cnkr172qPtDAaK7Xd	128.2.6.136	46599	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	Ft15j5I9xSpfcA7Fh	text/html
+1354328924.328257	CcxZj6188NwHGl3a16	128.2.6.136	46600	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FyF5ac1kxwCDvXZKz7	text/html
 1354328924.350343	CUqYZc2XzbfnZKbgT	128.2.6.136	46601	173.194.75.103	80	1	PUT	www.google.com	/	-	-	0	934	411	Length Required	-	-	-	(empty)	-	-	-	-	-	FuGiTK15gnR7f8Uti2	text/html
 1354328924.391728	CVdnYXVEtNT1lQVL6	128.2.6.136	46602	173.194.75.103	80	1	POST	www.google.com	/	-	-	0	934	411	Length Required	-	-	-	(empty)	-	-	-	-	-	F93zuy2MGUDDPwg0xl	text/html
 1354328924.433150	CbNmy32YFt3gdIjV8	128.2.6.136	46603	173.194.75.103	80	1	POST	www.google.com	/HTTP/1.1	-	-	0	934	411	Length Required	-	-	-	(empty)	-	-	-	-	-	FRJvy31aqXlFemaBfc	text/html
-1354328924.496732	COTmF91mGWcb4zV7W5	128.2.6.136	46604	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FMJLB42ry1sw3MMTq8	text/html
-1354328924.537671	CuChlg202P8sUFuXrg	128.2.6.136	46605	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	Fx4bPY2OFFAByxhLAl	text/html
+1354328924.496732	COTmF91mGWcb4zV7W5	128.2.6.136	46604	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	Fcnnrf1A8AgOFzLHM	text/html
+1354328924.537671	CuChlg202P8sUFuXrg	128.2.6.136	46605	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FI3I73110YtFWCuaG3	text/html
 1354328924.559704	CZTTFm2GrMAs8leAyl	128.2.6.136	46606	173.194.75.103	80	1	HEAD	www.google.com	/	-	-	0	0	200	OK	-	-	-	(empty)	-	-	-	-	-	-	-
 1354328928.625437	CV23rC3tBHfPhMUPtf	128.2.6.136	46607	173.194.75.103	80	1	HEAD	www.google.com	/	-	-	0	0	200	OK	-	-	-	(empty)	-	-	-	-	-	-	-
 1354328932.692706	CkaPGx2P0Y3W5aHVFk	128.2.6.136	46608	173.194.75.103	80	1	HEAD	www.google.com	/HTTP/1.1	-	-	0	0	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	-	-
-1354328932.754657	CY93mM3aViMiLKuSw3	128.2.6.136	46609	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	F04ZTu63dLSqJQpwa	text/html
-1354328932.796568	CXgISq6dA2DVPzqp9	128.2.6.136	46610	173.194.75.103	80	0	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FVoxfM2o0FqsBuQkDa	text/html
-#close	2014-04-01-23-16-03
+1354328932.754657	CY93mM3aViMiLKuSw3	128.2.6.136	46609	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FaVAsywxxOtGAzel8	text/html
+1354328932.796568	CXgISq6dA2DVPzqp9	128.2.6.136	46610	173.194.75.103	80	1	-	-	-	-	-	0	925	400	Bad Request	-	-	-	(empty)	-	-	-	-	-	FmzgEKnyfPnyZqmh	text/html
+#close	2015-04-20-12-36-37
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log
index 9b9ba53885..1721f8f79f 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log
@@ -3,56 +3,33 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2013-08-26-19-04-10
+#open	2015-03-20-16-03-02
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1354328874.278822	CCvvfg3TEfuqmmG4bh	128.2.6.136	46564	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328874.299063	CCvvfg3TEfuqmmG4bh	128.2.6.136	46564	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328874.321792	CsRx2w45OKnoww6xl4	128.2.6.136	46565	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328874.342591	CsRx2w45OKnoww6xl4	128.2.6.136	46565	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328882.908690	CIPOse170MGiRM1Qf4	128.2.6.136	46569	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328882.928027	CIPOse170MGiRM1Qf4	128.2.6.136	46569	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328882.949510	C7XEbhP654jzLoe3a	128.2.6.136	46570	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328882.968948	C7XEbhP654jzLoe3a	128.2.6.136	46570	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328887.094494	CMXxB5GvmoxJFXdTa	128.2.6.136	46572	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328887.114613	CMXxB5GvmoxJFXdTa	128.2.6.136	46572	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328891.141058	Caby8b1slFea8xwSmb	128.2.6.136	46573	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328891.161077	Caby8b1slFea8xwSmb	128.2.6.136	46573	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328891.183942	Che1bq3i2rO3KD1Syg	128.2.6.136	46574	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328891.204740	Che1bq3i2rO3KD1Syg	128.2.6.136	46574	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328891.226199	C3SfNE4BWaU4aSuwkc	128.2.6.136	46575	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328891.245592	C3SfNE4BWaU4aSuwkc	128.2.6.136	46575	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328891.267625	CEle3f3zno26fFZkrh	128.2.6.136	46576	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328891.287655	CEle3f3zno26fFZkrh	128.2.6.136	46576	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328891.309065	CwSkQu4eWZCH7OONC1	128.2.6.136	46577	173.194.75.103	80	unknown_HTTP_method	CCM_POST	F	bro
 1354328895.355012	CfTOmO0HKorjr8Zp7	128.2.6.136	46578	173.194.75.103	80	unknown_HTTP_method	CCM_POST	F	bro
 1354328895.396634	CzA03V1VcgagLjnO92	128.2.6.136	46579	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328895.416133	CzA03V1VcgagLjnO92	128.2.6.136	46579	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328895.438812	CyAhVIzHqb7t7kv28	128.2.6.136	46580	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328895.459490	CyAhVIzHqb7t7kv28	128.2.6.136	46580	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328895.480865	Cab0vO1xNYSS2hJkle	128.2.6.136	46581	173.194.75.103	80	unknown_HTTP_method	CCM_POST	F	bro
 1354328903.614145	CkDsfG2YIeWJmXWNWj	128.2.6.136	46584	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328903.634196	CkDsfG2YIeWJmXWNWj	128.2.6.136	46584	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328903.656369	CUKS0W3HFYOnBqSE5e	128.2.6.136	46585	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328903.676395	CUKS0W3HFYOnBqSE5e	128.2.6.136	46585	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328911.832856	CojBOU3CXcLHl1r6x1	128.2.6.136	46589	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328911.853464	CojBOU3CXcLHl1r6x1	128.2.6.136	46589	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328911.876341	CJzVQRGJrX6V15ik7	128.2.6.136	46590	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328911.897044	CJzVQRGJrX6V15ik7	128.2.6.136	46590	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328920.052085	CBQnJn22qN8TOeeZil	128.2.6.136	46594	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328920.072101	CBQnJn22qN8TOeeZil	128.2.6.136	46594	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328920.094072	CbEsuD3dgDDngdlbKf	128.2.6.136	46595	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328920.114526	CbEsuD3dgDDngdlbKf	128.2.6.136	46595	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328924.266693	Cnkr172qPtDAaK7Xd	128.2.6.136	46599	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328924.287402	Cnkr172qPtDAaK7Xd	128.2.6.136	46599	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328924.308714	CcxZj6188NwHGl3a16	128.2.6.136	46600	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328924.328257	CcxZj6188NwHGl3a16	128.2.6.136	46600	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328924.476011	COTmF91mGWcb4zV7W5	128.2.6.136	46604	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328924.496732	COTmF91mGWcb4zV7W5	128.2.6.136	46604	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328924.518204	CuChlg202P8sUFuXrg	128.2.6.136	46605	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328924.537671	CuChlg202P8sUFuXrg	128.2.6.136	46605	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328932.734579	CY93mM3aViMiLKuSw3	128.2.6.136	46609	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328932.754657	CY93mM3aViMiLKuSw3	128.2.6.136	46609	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328932.776609	CXgISq6dA2DVPzqp9	128.2.6.136	46610	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328932.796568	CXgISq6dA2DVPzqp9	128.2.6.136	46610	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
-#close	2013-08-26-19-04-10
+#close	2015-03-20-16-03-02
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.multipart-extract/http.log b/testing/btest/Baseline/scripts.base.protocols.http.multipart-extract/http.log
index e3f52e2283..a9cf1ccfaf 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.multipart-extract/http.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.multipart-extract/http.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
-#open	2014-04-01-23-16-15
+#open	2015-04-20-12-37-23
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	orig_fuids	orig_mime_types	resp_fuids	resp_mime_types
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]
-1369159408.455878	CXWv6p3arKYeMETxOg	141.142.228.5	57262	54.243.88.146	80	1	POST	httpbin.org	/post	-	curl/7.30.0	370	465	200	OK	-	-	-	(empty)	-	-	-	F2yGNX2vGXLxfZeD12,Fq4rJh2kLHKa8YC1q1,F9sKY71Rb9megdy7sg	-	FjeopJ2lRk9U1CNNb5	text/plain
-#close	2014-04-01-23-16-15
+1369159408.455878	CXWv6p3arKYeMETxOg	141.142.228.5	57262	54.243.88.146	80	1	POST	httpbin.org	/post	-	curl/7.30.0	370	465	200	OK	-	-	-	(empty)	-	-	-	F2yGNX2vGXLxfZeD12,Fq4rJh2kLHKa8YC1q1,F9sKY71Rb9megdy7sg	-	FjeopJ2lRk9U1CNNb5	text/json
+#close	2015-04-20-12-37-23
diff --git a/testing/btest/Baseline/scripts.base.protocols.krb.kinit/kerberos.log b/testing/btest/Baseline/scripts.base.protocols.krb.kinit/kerberos.log
new file mode 100644
index 0000000000..c1cae6fa32
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.krb.kinit/kerberos.log
@@ -0,0 +1,94 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	kerberos
+#open	2015-04-21-22-56-23
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	request_type	client	service	success	error_msg	from	till	cipher	forwardable	renewable	client_cert_subject	client_cert_fuid	server_cert_subject	server_cert_fuid
+#types	time	string	addr	port	addr	port	string	string	string	bool	string	time	time	string	bool	bool	string	string	string	string
+1421708030.829536	CXWv6p3arKYeMETxOg	192.168.1.31	63081	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708099.000000	aes256-cts-hmac-sha1-96	F	F	-	-	-	-
+1421708032.445604	CjhGID4nQcgTWjvg4c	192.168.1.31	51493	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708100.000000	aes256-cts-hmac-sha1-96	F	F	-	-	-	-
+1421708034.802659	CCvvfg3TEfuqmmG4bh	192.168.1.31	60050	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708103.000000	aes256-cts-hmac-sha1-96	F	F	-	-	-	-
+1421708035.466272	CsRx2w45OKnoww6xl4	192.168.1.31	58931	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708103.000000	aes256-cts-hmac-sha1-96	F	F	-	-	-	-
+1421708037.939568	CRJuHdVW0XPVINV8a	192.168.1.31	56791	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708106.000000	aes256-cts-hmac-sha1-96	F	T	-	-	-	-
+1421708038.047453	CPbrpk1qSsw6ESzHV4	192.168.1.31	55445	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708106.000000	aes256-cts-hmac-sha1-96	F	T	-	-	-	-
+1421708038.231194	C6pKV8GSxOnSLghOa	192.168.1.31	63576	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708205.000000	1421708206.000000	aes256-cts-hmac-sha1-96	F	F	-	-	-	-
+1421708038.348910	CIPOse170MGiRM1Qf4	192.168.1.31	52608	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708205.000000	1421708206.000000	aes256-cts-hmac-sha1-96	F	F	-	-	-	-
+1421708038.581883	C7XEbhP654jzLoe3a	192.168.1.31	56676	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708206.000000	1421708207.000000	aes256-cts-hmac-sha1-96	F	T	-	-	-	-
+1421708038.706766	CJ3xTn1c4Zw9TmAE05	192.168.1.31	55835	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708206.000000	1421708207.000000	aes256-cts-hmac-sha1-96	F	T	-	-	-	-
+1421708038.950840	CMXxB5GvmoxJFXdTa	192.168.1.31	64722	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708107.000000	aes256-cts-hmac-sha1-96	F	F	-	-	-	-
+1421708039.055531	Caby8b1slFea8xwSmb	192.168.1.31	52467	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708107.000000	aes256-cts-hmac-sha1-96	F	F	-	-	-	-
+1421708039.280107	Che1bq3i2rO3KD1Syg	192.168.1.31	59211	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708107.000000	aes256-cts-hmac-sha1-96	F	T	-	-	-	-
+1421708039.382422	C3SfNE4BWaU4aSuwkc	192.168.1.31	52212	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708107.000000	aes256-cts-hmac-sha1-96	F	T	-	-	-	-
+1421708039.603067	CEle3f3zno26fFZkrh	192.168.1.31	51407	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708207.000000	1421708208.000000	aes256-cts-hmac-sha1-96	F	F	-	-	-	-
+1421708039.703129	CwSkQu4eWZCH7OONC1	192.168.1.31	53047	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708207.000000	1421708208.000000	aes256-cts-hmac-sha1-96	F	F	-	-	-	-
+1421708039.948021	CfTOmO0HKorjr8Zp7	192.168.1.31	50046	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708207.000000	1421708208.000000	aes256-cts-hmac-sha1-96	F	T	-	-	-	-
+1421708040.045749	CzA03V1VcgagLjnO92	192.168.1.31	49375	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708207.000000	1421708208.000000	aes256-cts-hmac-sha1-96	F	T	-	-	-	-
+1421708040.285774	CyAhVIzHqb7t7kv28	192.168.1.31	51726	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708108.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708040.454600	Cab0vO1xNYSS2hJkle	192.168.1.31	58473	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708108.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708040.690359	Cx2FqO23omNawSNrxj	192.168.1.31	50660	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708109.000000	aes256-cts-hmac-sha1-96	T	T	-	-	-	-
+1421708040.813359	Cx3C534wEyF3OvvcQe	192.168.1.31	62792	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708109.000000	aes256-cts-hmac-sha1-96	T	T	-	-	-	-
+1421708041.005373	CkDsfG2YIeWJmXWNWj	192.168.1.31	60184	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708208.000000	1421708209.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708041.161882	CUKS0W3HFYOnBqSE5e	192.168.1.31	52249	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708208.000000	1421708209.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708041.388665	CRrfvP2lalMAYOCLhj	192.168.1.31	51176	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708208.000000	1421708209.000000	aes256-cts-hmac-sha1-96	T	T	-	-	-	-
+1421708041.489260	Cn78a440HlxuyZKs6f	192.168.1.31	52769	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708208.000000	1421708209.000000	aes256-cts-hmac-sha1-96	T	T	-	-	-	-
+1421708041.689426	CUof3F2yAIid8QS3dk	192.168.1.31	62270	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708110.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708041.815004	CojBOU3CXcLHl1r6x1	192.168.1.31	54869	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708110.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708042.034626	CJzVQRGJrX6V15ik7	192.168.1.31	61152	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708110.000000	aes256-cts-hmac-sha1-96	T	T	-	-	-	-
+1421708042.150415	ClAbxY1nmdjCuo0Le2	192.168.1.31	59216	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708110.000000	aes256-cts-hmac-sha1-96	T	T	-	-	-	-
+1421708042.361108	CwG0BF1VXE0gWgs78	192.168.1.31	55732	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708209.000000	1421708210.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708042.465102	CisNaL1Cm73CiNOmcg	192.168.1.31	64580	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708209.000000	1421708210.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708042.708560	CBQnJn22qN8TOeeZil	192.168.1.31	54920	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708210.000000	1421708211.000000	aes256-cts-hmac-sha1-96	T	T	-	-	-	-
+1421708042.869696	CbEsuD3dgDDngdlbKf	192.168.1.31	56255	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	1421708210.000000	1421708211.000000	aes256-cts-hmac-sha1-96	T	T	-	-	-	-
+1421708043.079360	Cktvtw2VqwbTG0OgWk	192.168.1.31	64726	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708111.000000	aes256-cts-hmac-sha1-96	F	T	-	-	-	-
+1421708043.196544	CKfF8L3XSsgT2WYDN	192.168.1.31	58922	192.168.1.32	88	TGS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	TICKET NOT RENEWABLE	-	1421708111.000000	-	F	F	-	-	-	-
+1421708043.293166	CHrnr1115j0JRSXjG6	192.168.1.31	51008	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708111.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708043.405843	Cnkr172qPtDAaK7Xd	192.168.1.31	50147	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708111.000000	-	T	F	-	-	-	-
+1421708043.507789	CcxZj6188NwHGl3a16	192.168.1.31	60066	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708111.000000	-	T	F	-	-	-	-
+1421708043.606458	CUqYZc2XzbfnZKbgT	192.168.1.31	65249	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708112.000000	-	T	F	-	-	-	-
+1421708043.713526	CVdnYXVEtNT1lQVL6	192.168.1.31	58757	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708112.000000	-	T	F	-	-	-	-
+1421708043.833329	CbNmy32YFt3gdIjV8	192.168.1.31	56297	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708112.000000	-	T	F	-	-	-	-
+1421708043.945558	COTmF91mGWcb4zV7W5	192.168.1.31	58130	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708112.000000	-	T	F	-	-	-	-
+1421708044.028622	CuChlg202P8sUFuXrg	192.168.1.31	56197	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708112.000000	-	T	F	-	-	-	-
+1421708044.139497	CZTTFm2GrMAs8leAyl	192.168.1.31	64727	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708112.000000	-	T	F	-	-	-	-
+1421708044.235831	CV23rC3tBHfPhMUPtf	192.168.1.31	60976	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708112.000000	-	T	F	-	-	-	-
+1421708044.388813	CkaPGx2P0Y3W5aHVFk	192.168.1.31	54813	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708112.000000	-	T	F	-	-	-	-
+1421708046.468166	CY93mM3aViMiLKuSw3	192.168.1.31	55441	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708112.000000	-	T	F	-	-	-	-
+1421708046.560077	CXgISq6dA2DVPzqp9	192.168.1.31	61453	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708115.000000	-	T	F	-	-	-	-
+1421708046.662644	CZsZpw11dKq1lfKlZ2	192.168.1.31	64416	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708115.000000	-	T	F	-	-	-	-
+1421708046.819387	CEUVdwlDjueJrpLM8	192.168.1.31	61016	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708115.000000	-	T	F	-	-	-	-
+1421708046.906507	CC2xVC1BsV6nQpv5td	192.168.1.31	64099	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708115.000000	-	T	F	-	-	-	-
+1421708047.014106	ClJyiY2z7Q7sBqiVzi	192.168.1.31	59085	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708115.000000	-	T	F	-	-	-	-
+1421708047.126250	Czho5e46i7wHP90KYc	192.168.1.31	54805	192.168.1.32	88	AS	enterprise_principal@AD.VLADG.NET/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708115.000000	-	T	F	-	-	-	-
+1421708047.319535	COR5A63SA18oL2dIai	192.168.1.31	61826	192.168.1.32	88	AS	invalid_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708115.000000	-	T	F	-	-	-	-
+1421708047.559798	CeuBcl4xzXkMhlzGId	192.168.1.31	51274	192.168.1.32	88	AS	invalid_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT_NOT_FOUND	-	1421708116.000000	-	T	F	-	-	-	-
+1421708047.758613	Czn9fX2lxI5uFY1wPi	192.168.1.31	59623	192.168.1.32	88	AS	expired_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT EXPIRED	-	1421708116.000000	-	T	F	-	-	-	-
+1421708048.019152	CvCU1d4iH1bbE8SoIc	192.168.1.31	54213	192.168.1.32	88	AS	expired_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT EXPIRED	-	1421708116.000000	-	T	F	-	-	-	-
+1421708048.204245	CsXsN73WB1i2whLmUh	192.168.1.31	60558	192.168.1.32	88	AS	expired_password_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT KEY EXPIRED	-	1421708116.000000	-	T	F	-	-	-	-
+1421708048.401870	CIoUpm46m1BK32ruC3	192.168.1.31	51666	192.168.1.32	88	AS	expired_password_client_principal/VLADG.NET	kadmin/changepw	T	-	-	1421708415.000000	aes256-cts-hmac-sha1-96	F	F	-	-	-	-
+1421708048.512869	CfZDpnMpZDRjkQ2v9	192.168.1.31	62781	192.168.1.32	88	AS	expired_password_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	CLIENT KEY EXPIRED	-	1421708116.000000	-	T	F	-	-	-	-
+1421708048.720612	CLwZWs1XFcOM7iBjU2	192.168.1.31	58361	192.168.1.32	88	AS	expired_password_client_principal/VLADG.NET	kadmin/changepw	T	-	-	1421708416.000000	aes256-cts-hmac-sha1-96	F	F	-	-	-	-
+1421708048.837590	CEhezzjBpxfv5AJH8	192.168.1.31	50947	192.168.1.32	88	AS	nokey_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	CANT_FIND_CLIENT_KEY	-	1421708117.000000	-	T	F	-	-	-	-
+1421708049.108614	CICTgG1vKwtb1AfTcj	192.168.1.31	55757	192.168.1.32	88	AS	nokey_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	CANT_FIND_CLIENT_KEY	-	1421708117.000000	-	T	F	-	-	-	-
+1421708049.433130	CTTMY13eLdwxQmEUei	192.168.1.31	55027	192.168.1.32	88	AS	requires_preauth_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708050.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708049.697274	CK6jRb3kTdEuLIHF79	192.168.1.31	59881	192.168.1.32	88	AS	requires_preauth_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	PREAUTH_FAILED	-	1421708050.000000	-	T	F	-	-	-	-
+1421708050.073356	CRoZFixWa6KOZLbn8	192.168.1.31	61965	192.168.1.32	88	AS	lockout_policy_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	PREAUTH_FAILED	-	1421708050.000000	-	T	F	-	-	-	-
+1421708050.448418	Ci4nvvIq18BcUgo39	192.168.1.31	57788	192.168.1.32	88	AS	lockout_policy_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	PREAUTH_FAILED	-	1421708051.000000	-	T	F	-	-	-	-
+1421708050.884921	C7eoRlrwCUo9pqyt8	192.168.1.31	58648	192.168.1.32	88	AS	lockout_policy_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	PREAUTH_FAILED	-	1421708051.000000	-	T	F	-	-	-	-
+1421708051.164253	CuWDuG1ldpCSGAVyh3	192.168.1.31	61514	192.168.1.32	88	AS	lockout_policy_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	LOCKED_OUT	-	1421708119.000000	-	T	F	-	-	-	-
+1421708051.379575	C6npSrR6rnQ7mGXVi	192.168.1.31	57313	192.168.1.32	88	AS	lockout_policy_client_principal/VLADG.NET	krbtgt/VLADG.NET	F	LOCKED_OUT	-	1421708119.000000	-	T	F	-	-	-	-
+1421708051.577782	C7RRQ84J0tIGqljo3d	192.168.1.31	52122	192.168.1.32	88	AS	valid_service_principal/test.vladg.net/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708120.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708051.675214	C7IRj33SI5yaZ4hVti	192.168.1.31	57648	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708120.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708051.798212	CiwtDh4K6dTM7OTwGc	192.168.1.31	53777	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	valid_service_principal/test.vladg.net	T	-	-	1421708052.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708051.930061	CilBVa3bdrx6FGk4m6	192.168.1.31	61457	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708120.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708052.087635	CLptx82v1x9lXWSsf1	192.168.1.31	62590	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	valid_service_principal/test.vladg.net	T	-	-	1421708052.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708052.313146	CNd3MSw9PkrXt85E5	192.168.1.31	64799	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708120.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708052.481159	CiwZIk2awvs5Da4Yr	192.168.1.31	56059	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	invalid_service_principal/test.vladg.net	F	SERVER_NOT_FOUND	-	1421708053.000000	-	T	F	-	-	-	-
+1421708052.781345	CGz2461mxmzf9ZOrYl	192.168.1.31	55133	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708121.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708052.943789	ChmVrx3oarFtAtSK5g	192.168.1.31	51708	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	invalid_service_principal/test.vladg.net	F	SERVER_NOT_FOUND	-	1421708053.000000	-	T	F	-	-	-	-
+1421708053.152350	C3QcSr2ZDlx00fzYXk	192.168.1.31	50542	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708121.000000	aes256-cts-hmac-sha1-96	F	F	-	-	-	-
+1421708053.270885	C6ckYH3BVvJkFjfNaf	192.168.1.31	49704	192.168.1.32	88	AS	valid_client_principal/VLADG.NET	valid_service_principal/test.vladg.net	T	-	-	1421708054.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+1421708060.902363	ClAddt27pKadxnuZcl	192.168.1.31	64789	192.168.1.32	88	AS	WELLKNOWN/ANONYMOUS/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708061.000000	aes256-cts-hmac-sha1-96	T	F	-	FTdcei1GvkQID8MTng	CN=vladg.net,O=Bro Testing\\, LLC,L=Champaign,ST=Illinois,C=US	F53U9G4HwGdxJU3uOg
+1421708063.056134	C4CB2H39KpiLwHQNpf	192.168.1.31	55442	192.168.1.32	88	AS	WELLKNOWN/ANONYMOUS/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708061.000000	aes256-cts-hmac-sha1-96	T	F	-	FrqiFrAJSc34dc7y	CN=vladg.net,O=Bro Testing\\, LLC,L=Champaign,ST=Illinois,C=US	F9wG9t1siEttnnQWo1
+1421708129.719401	CTDwXVm5qFJDYrrK5	192.168.1.31	55447	192.168.1.32	88	AS	test_pkinit/VLADG.NET	krbtgt/VLADG.NET	T	-	-	1421708128.000000	aes256-cts-hmac-sha1-96	T	F	CN=test_pkinit,O=Bro Testing\\, LLC,L=Champaign,ST=Illinois,C=US	FmwhO242VMnF9qz2Ke	CN=vladg.net,O=Bro Testing\\, LLC,L=Champaign,ST=Illinois,C=US	FMn7E33C7tqv9k5EXb
+#close	2015-04-21-22-56-23
diff --git a/testing/btest/Baseline/scripts.base.protocols.krb.kinit/output b/testing/btest/Baseline/scripts.base.protocols.krb.kinit/output
new file mode 100644
index 0000000000..0bec7ee13c
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.krb.kinit/output
@@ -0,0 +1,3 @@
+KRB_AP_REQUEST
+[pvno=5, realm=VLADG.NET, service_name=krbtgt/VLADG.NET, cipher=18]
+[use_session_key=F, mutual_required=F]
diff --git a/testing/btest/Baseline/scripts.base.protocols.krb.tgs/kerberos.log b/testing/btest/Baseline/scripts.base.protocols.krb.tgs/kerberos.log
new file mode 100644
index 0000000000..ff1098580e
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.krb.tgs/kerberos.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	kerberos
+#open	2015-04-21-19-22-29
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	request_type	client	service	success	error_msg	from	till	cipher	forwardable	renewable	client_cert_subject	client_cert_fuid	server_cert_subject	server_cert_fuid
+#types	time	string	addr	port	addr	port	string	string	string	bool	string	time	time	string	bool	bool	string	string	string	string
+1429583645.478441	CXWv6p3arKYeMETxOg	192.168.1.31	64889	192.168.1.32	88	TGS	vladg/VLADG.NET	krbtgt/VLADG.NET	T	-	-	0.000000	aes256-cts-hmac-sha1-96	T	F	-	-	-	-
+#close	2015-04-21-19-22-29
diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log
new file mode 100644
index 0000000000..43395650a0
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log
@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	rdp
+#open	2015-04-15-23-54-11
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	cookie	result	security_protocol	keyboard_layout	client_build	client_name	client_dig_product_id	desktop_width	desktop_height	requested_color_depth	cert_type	cert_count	cert_permanent	encryption_level	encryption_method
+#types	time	string	addr	port	addr	port	string	string	string	string	string	string	string	count	count	string	string	count	bool	string	string
+1193369795.014346	CXWv6p3arKYeMETxOg	172.21.128.16	1311	10.226.24.52	3389	FTBCO\\A70	SSL_NOT_ALLOWED_BY_SERVER	-	-	-	-	-	-	-	-	-	0	-	-	-
+1193369797.582740	CjhGID4nQcgTWjvg4c	172.21.128.16	1312	10.226.24.52	3389	FTBCO\\A70	Success	RDP	English - United States	RDP 6.0	FROG-POND	(empty)	1152	864	32bit	RSA	1	T	High	128bit
+#close	2015-04-15-23-54-11
diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log
new file mode 100644
index 0000000000..69bf203e0c
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log
@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	rdp
+#open	2015-03-05-18-38-05
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	cookie	result	security_protocol	keyboard_layout	client_build	client_name	client_dig_product_id	desktop_width	desktop_height	requested_color_depth	cert_type	cert_count	cert_permanent	encryption_level	encryption_method
+#types	time	string	addr	port	addr	port	string	string	string	string	string	string	string	count	count	string	string	count	bool	string	string
+1297551041.284715	CXWv6p3arKYeMETxOg	192.168.1.200	49206	192.168.1.150	3389	AWAKECODI	encrypted	HYBRID	-	-	-	-	-	-	-	-	0	-	-	-
+1297551078.958821	CjhGID4nQcgTWjvg4c	192.168.1.200	49207	192.168.1.150	3389	AWAKECODI	encrypted	HYBRID	-	-	-	-	-	-	-	-	0	-	-	-
+#close	2015-03-05-18-38-05
diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/ssl.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/ssl.log
new file mode 100644
index 0000000000..980188fc09
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/ssl.log
@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open	2015-03-04-17-53-51
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1297551044.626170	CXWv6p3arKYeMETxOg	192.168.1.200	49206	192.168.1.150	3389	TLSv10	TLS_RSA_WITH_AES_128_CBC_SHA	-	192.168.1.150	F	-	-	T	FQWlpb1SuS5r4ERXej	(empty)	CN=WIN2K8R2.awakecoding.ath.cx	CN=WIN2K8R2.awakecoding.ath.cx	-	-
+1297551078.965110	CjhGID4nQcgTWjvg4c	192.168.1.200	49207	192.168.1.150	3389	TLSv10	TLS_RSA_WITH_AES_128_CBC_SHA	-	192.168.1.150	F	-	-	T	F4ERrj2uG50Lwz8259	(empty)	CN=WIN2K8R2.awakecoding.ath.cx	CN=WIN2K8R2.awakecoding.ath.cx	-	-
+#close	2015-03-04-17-53-51
diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log
new file mode 100644
index 0000000000..fef969d467
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	rdp
+#open	2015-04-15-23-54-11
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	cookie	result	security_protocol	keyboard_layout	client_build	client_name	client_dig_product_id	desktop_width	desktop_height	requested_color_depth	cert_type	cert_count	cert_permanent	encryption_level	encryption_method
+#types	time	string	addr	port	addr	port	string	string	string	string	string	string	string	count	count	string	string	count	bool	string	string
+1423755598.202845	CXWv6p3arKYeMETxOg	192.168.1.1	54990	192.168.1.2	3389	JOHN-PC  	Success	RDP	English - United States	RDP 8.1	JOHN-PC-LAPTOP	3c571ed0-3415-474b-ae94-74e151b	1920	1080	16bit	X.509	2	F	Client compatible	128bit
+#close	2015-04-15-23-54-11
diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log
new file mode 100644
index 0000000000..523ec7fc99
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log
@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	x509
+#open	2015-04-15-23-54-11
+#fields	ts	id	certificate.version	certificate.serial	certificate.subject	certificate.issuer	certificate.not_valid_before	certificate.not_valid_after	certificate.key_alg	certificate.sig_alg	certificate.key_type	certificate.key_length	certificate.exponent	certificate.curve	san.dns	san.uri	san.email	san.ip	basic_constraints.ca	basic_constraints.path_len
+#types	time	string	count	string	string	string	time	time	string	string	string	count	string	string	vector[string]	vector[string]	vector[string]	vector[addr]	bool	count
+1423755602.103140	F71ADVSn3rOqVhNh1	3	59EB28CB02B1A0D4	L=TURNBKL+CN=SERVR	L=TURNBKL+CN=SERVR	1423664106.000000	1431388800.000000	rsaEncryption	sha1WithRSA	rsa	512	65537	-	-	-	-	-	T	0
+1423755602.103140	F71ADVSn3rOqVhNh1	3	0100000001	serialNumber=1BcKefYSF97EvkaiCqahPY8uPd0=\\0D\\0A+L=ncalrpc:SERVR+CN=ncalrpc:SERVR	L=TURNBKL+CN=SERVR	1365174955.000000	1483228799.000000	md5WithRSAEncryption	sha1WithRSA	rsa	512	65537	-	-	-	-	-	-	-
+#close	2015-04-15-23-54-11
diff --git a/testing/btest/Baseline/scripts.base.protocols.sip.wireshark/sip.log b/testing/btest/Baseline/scripts.base.protocols.sip.wireshark/sip.log
new file mode 100644
index 0000000000..19f05ec1b9
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.sip.wireshark/sip.log
@@ -0,0 +1,44 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	sip
+#open	2015-04-30-03-33-33
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	uri	date	request_from	request_to	response_from	response_to	reply_to	call_id	seq	subject	request_path	response_path	user_agent	status_code	status_msg	warning	request_body_len	response_body_len	content_type
+#types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	string	string	string	string	string	vector[string]	vector[string]	string	count	string	string	string	string	string
+1120469572.844249	CXWv6p3arKYeMETxOg	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>;tag=00-04092-1701af62-120c67172	-	578222729-4665d775@578222732-4665d772	68 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	401	Unauthorized	-	0	0	-
+1120469590.259876	CXWv6p3arKYeMETxOg	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>	-	578222729-4665d775@578222732-4665d772	69 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	100	Trying	-	0	0	-
+1120469590.259876	CXWv6p3arKYeMETxOg	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>;tag=00-04085-1701af98-51a65b340	-	578222729-4665d775@578222732-4665d772	69 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	403	Wrong password	-	0	0	-
+1120469680.188467	CjhGID4nQcgTWjvg4c	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>;tag=00-04089-1701b050-61ac4c943	-	578222729-4665d775@578222732-4665d772	70 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	401	Unauthorized	-	0	0	-
+1120469697.469146	CjhGID4nQcgTWjvg4c	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>	<sip:voi18063@sip.cybercity.dk>;tag=00-04089-1701b067-320ad2da3	-	578222729-4665d775@578222732-4665d772	71 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	401	nonce has changed	-	0	0	-
+1120469847.669186	CCvvfg3TEfuqmmG4bh	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>;tag=00-04071-1701b172-22e1cc470	-	578222729-4665d775@578222732-4665d772	72 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	401	Unauthorized	-	0	0	-
+1120469864.994366	CCvvfg3TEfuqmmG4bh	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>;tag=00-04086-1701b193-645204ed6	-	578222729-4665d775@578222732-4665d772	73 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	401	nonce has changed	-	0	0	-
+1120469938.910409	CsRx2w45OKnoww6xl4	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>;tag=00-04089-1701b236-2b7211607	-	578222729-4665d775@578222732-4665d772	74 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	401	Unauthorized	-	0	0	-
+1120469956.235447	CsRx2w45OKnoww6xl4	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	-	578222729-4665d775@578222732-4665d772	75 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	100	Trying	-	0	0	-
+1120469956.235447	CsRx2w45OKnoww6xl4	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>;tag=00-04081-1701b256-5586b7324	-	578222729-4665d775@578222732-4665d772	75 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	200	OK	-	0	0	-
+1120470049.188993	CRJuHdVW0XPVINV8a	192.168.1.2	5060	200.68.120.81	5060	0	INVITE	sip:97239287044@voip.brujula.net	-	"arik" <sip:816666@voip.brurjula.net>	<sip:97239287044@voip.brujula.net>	"arik" <sip:816666@voip.brurjula.net>	<sip:97239287044@voip.brujula.net>	-	105090259-446faf7a@192.168.1.2	1 INVITE	-	SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2:5060	SIP/2.0/UDP 192.168.1.2:5060	Nero SIPPS IP Phone Version 2.0.51.16	100	trying -- your call is important to us	392 200.68.120.81:5060 "Noisy feedback tells:  pid=32642 req_src_ip=80.230.219.70 req_src_port=5060 in_uri=sip:97239287044@voip.brujula.net out_uri=sip:97239287044@voip.brujula.net via_cnt==1"	272	0	-
+1120470049.188993	CRJuHdVW0XPVINV8a	192.168.1.2	5060	200.68.120.81	5060	0	CANCEL	sip:97239287044@voip.brujula.net	-	"arik" <sip:816666@voip.brurjula.net>	<sip:97239287044@voip.brujula.net>	"arik" <sip:816666@voip.brurjula.net>	<sip:97239287044@voip.brujula.net>;tag=a6a1c5f60faecf035a1ae5b6e96e979a-6167	-	105090259-446faf7a@192.168.1.2	1 CANCEL	-	SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2,SIP/2.0/UDP 192.168.1.2,SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2:5060	Nero SIPPS IP Phone Version 2.0.51.16	408	Request Timeout	392 200.68.120.81:5060 "Noisy feedback tells:  pid=32753 req_src_ip=80.230.219.70 req_src_port=5060 in_uri=sip:97239287044@voip.brujula.net out_uri=sip:97239287044@voip.brujula.net via_cnt==0"	0	0	-
+1120470085.969731	CRJuHdVW0XPVINV8a	192.168.1.2	5060	200.68.120.81	5060	0	CANCEL	sip:97239287044@voip.brujula.net	-	"arik" <sip:816666@voip.brurjula.net>	<sip:97239287044@voip.brujula.net>	"arik" <sip:816666@voip.brurjula.net>	<sip:97239287044@voip.brujula.net>;tag=a6a1c5f60faecf035a1ae5b6e96e979a-e525	-	105090259-446faf7a@192.168.1.2	1 CANCEL	-	SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2,SIP/2.0/UDP 192.168.1.2,SIP/2.0/UDP 192.168.1.2,SIP/2.0/UDP 192.168.1.2,SIP/2.0/UDP 192.168.1.2,SIP/2.0/UDP 192.168.1.2,SIP/2.0/UDP 192.168.1.2,SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2	Nero SIPPS IP Phone Version 2.0.51.16	408	Request Timeout	392 200.68.120.81:5060 "Noisy feedback tells:  pid=32753 req_src_ip=80.230.219.70 req_src_port=5060 in_uri=sip:97239287044@voip.brujula.net out_uri=sip:97239287044@voip.brujula.net via_cnt==0"	0	0	-
+1120470233.794463	CPbrpk1qSsw6ESzHV4	192.168.1.2	5060	212.242.33.35	5060	0	INVITE	sip:0097239287044@sip.cybercity.dk	-	"arik" <sip:voi18062@sip.cybercity.dk>	<sip:0097239287044@sip.cybercity.dk>	"arik" <sip:voi18062@sip.cybercity.dk>	<sip:0097239287044@sip.cybercity.dk>;tag=00-04073-1701b482-069239f90	-	85216695-42dcdb1d@192.168.1.2	1 INVITE	-	SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2:5060	SIP/2.0/UDP 192.168.1.2:5060;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	407	authentication required	-	270	0	-
+1120470235.521078	CPbrpk1qSsw6ESzHV4	192.168.1.2	5060	212.242.33.35	5060	0	INVITE	sip:0097239287044@sip.cybercity.dk	Mon, 04 Jul 2005 09:43:55 GMT	"arik" <sip:voi18062@sip.cybercity.dk>	<sip:0097239287044@sip.cybercity.dk>	"arik" <sip:voi18062@sip.cybercity.dk>	<sip:0097239287044@sip.cybercity.dk>;tag=00-04071-1701b4ad-52a186e31	-	85216695-42dcdb1d@192.168.1.2	2 INVITE	-	SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	403	Wrong password or domain	-	270	0	-
+1120470268.180956	CPbrpk1qSsw6ESzHV4	192.168.1.2	5060	212.242.33.35	5060	0	ACK	sip:0097239287044@sip.cybercity.dk	-	"arik" <sip:voi18062@sip.cybercity.dk>	<sip:0097239287044@sip.cybercity.dk>;tag=00-04071-1701b4ad-52a186e31	-	-	-	85216695-42dcdb1d@192.168.1.2	2 ACK	-	SIP/2.0/UDP 192.168.1.2	(empty)	-	-	-	-	0	-	-
+1120470456.154119	C6pKV8GSxOnSLghOa	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>;tag=00-04090-1701b651-15c238ce6	-	578222729-4665d775@578222732-4665d772	76 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	401	Unauthorized	-	0	0	-
+1120470473.529233	C6pKV8GSxOnSLghOa	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>	<sip:voi18062@sip.cybercity.dk>;tag=00-04089-1701b683-18ec171b5	-	578222729-4665d775@578222732-4665d772	77 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	401	nonce has changed	-	0	0	-
+1120470490.643822	C6pKV8GSxOnSLghOa	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>;tag=00-04077-1701b6ab-13935c834	-	578222729-4665d775@578222732-4665d772	78 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	401	Unauthorized	-	0	0	-
+1120470509.450894	C6pKV8GSxOnSLghOa	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>;tag=00-04083-1701b6dd-051f5dc31	-	578222729-4665d775@578222732-4665d772	79 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	401	nonce has changed	-	0	0	-
+1120470796.804243	CIPOse170MGiRM1Qf4	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>;tag=00-04072-1701b941-779945843	-	29858147-465b0752@29858051-465b07b2	1 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	401	Unauthorized	-	0	0	-
+1120470814.189540	CIPOse170MGiRM1Qf4	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	-	29858147-465b0752@29858051-465b07b2	2 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	100	Trying	-	0	0	-
+1120470814.189540	CIPOse170MGiRM1Qf4	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>;tag=00-04095-1701b95f-5bde7e420	-	29858147-465b0752@29858051-465b07b2	2 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	200	OK	-	0	0	-
+1120470831.403943	CIPOse170MGiRM1Qf4	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>;tag=00-04095-1701b970-463ba6b36	-	29858147-465b0752@29858051-465b07b2	3 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	401	Unauthorized	-	0	0	-
+1120470848.528833	CIPOse170MGiRM1Qf4	192.168.1.2	5060	212.242.33.35	5060	0	INVITE	sip:0097239287044@sip.cybercity.dk	-	"arik" <sip:35104723@sip.cybercity.dk>	<sip:0097239287044@sip.cybercity.dk>	"arik" <sip:35104723@sip.cybercity.dk>	<sip:0097239287044@sip.cybercity.dk>;tag=00-04095-1701b9a0-13c92a672	-	24487391-449bf2a0@192.168.1.2	1 INVITE	-	SIP/2.0/UDP 192.168.1.2:5060	SIP/2.0/UDP 192.168.1.2:5060;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	407	authentication required	-	270	0	-
+1120470848.686860	CIPOse170MGiRM1Qf4	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>;tag=00-04085-1701b9c9-48e7b0863	-	29858147-465b0752@29858051-465b07b2	4 REGISTER	-	SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	401	nonce has changed	-	0	0	-
+1120470899.862890	CIPOse170MGiRM1Qf4	192.168.1.2	5060	212.242.33.35	5060	0	INVITE	sip:0097239287044@sip.cybercity.dk	Mon, 04 Jul 2005 09:54:25 GMT	"arik" <sip:35104723@sip.cybercity.dk>	<sip:0097239287044@sip.cybercity.dk>	"arik" <sip:35104723@sip.cybercity.dk>	<sip:0097239287044@sip.cybercity.dk>	-	24487391-449bf2a0@192.168.1.2	2 INVITE	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	100	Trying	-	270	0	-
+1120470899.862890	CIPOse170MGiRM1Qf4	192.168.1.2	5060	212.242.33.35	5060	0	INVITE	sip:0097239287044@sip.cybercity.dk	Mon, 04 Jul 2005 09:54:25 GMT	"arik" <sip:35104723@sip.cybercity.dk>	<sip:0097239287044@sip.cybercity.dk>	"arik" <sip:35104723@sip.cybercity.dk>	<sip:0097239287044@sip.cybercity.dk>;tag=00-04083-1701ba17-57d493ef5	-	24487391-449bf2a0@192.168.1.2	2 INVITE	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	403	Wrong password or domain	-	270	0	-
+1120470900.060556	CIPOse170MGiRM1Qf4	192.168.1.2	5060	212.242.33.35	5060	0	ACK	sip:0097239287044@sip.cybercity.dk	-	"arik" <sip:35104723@sip.cybercity.dk>	<sip:0097239287044@sip.cybercity.dk>;tag=00-04083-1701ba17-57d493ef5	-	-	-	24487391-449bf2a0@192.168.1.2	2 ACK	-	SIP/2.0/UDP 192.168.1.2	(empty)	-	-	-	-	0	-	-
+1120470966.443914	C7XEbhP654jzLoe3a	192.168.1.2	5060	212.242.33.35	5060	0	INVITE	sip:35104724@sip.cybercity.dk	-	"arik" <sip:35104723@sip.cybercity.dk>	<sip:35104724@sip.cybercity.dk>	"arik" <sip:35104723@sip.cybercity.dk>	<sip:35104724@sip.cybercity.dk>;tag=00-04079-1701ba6f-3e08e2f66	-	11894297-4432a9f8@192.168.1.2	1 INVITE	-	SIP/2.0/UDP 192.168.1.2:5060	SIP/2.0/UDP 192.168.1.2:5060;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	407	authentication required	-	270	0	-
+1120470966.606422	C7XEbhP654jzLoe3a	192.168.1.2	5060	212.242.33.35	5060	0	INVITE	sip:35104724@sip.cybercity.dk	Mon, 04 Jul 2005 09:56:06 GMT	"arik" <sip:35104723@sip.cybercity.dk>	<sip:35104724@sip.cybercity.dk>	"arik" <sip:35104723@sip.cybercity.dk>	<sip:35104724@sip.cybercity.dk>	-	11894297-4432a9f8@192.168.1.2	2 INVITE	-	SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	100	Trying	-	270	0	-
+1120470966.606422	C7XEbhP654jzLoe3a	192.168.1.2	5060	212.242.33.35	5060	0	INVITE	sip:35104724@sip.cybercity.dk	Mon, 04 Jul 2005 09:56:06 GMT	"arik" <sip:35104723@sip.cybercity.dk>	<sip:35104724@sip.cybercity.dk>	"arik" <sip:35104723@sip.cybercity.dk>	<sip:35104724@sip.cybercity.dk>;tag=00-04075-1701baa2-2dfdf7c21	-	11894297-4432a9f8@192.168.1.2	2 INVITE	-	SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	480	Error	-	270	0	application/sdp
+1120470984.353086	C7XEbhP654jzLoe3a	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>;tag=00-04074-1701bac9-1daa0b4c5	-	29858147-465b0752@29858051-465b07b2	5 REGISTER	-	SIP/2.0/UDP 192.168.1.2,SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	401	Unauthorized	-	0	0	-
+1120471018.723316	C7XEbhP654jzLoe3a	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	-	29858147-465b0752@29858051-465b07b2	6 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	100	Trying	-	0	0	-
+1120471018.723316	C7XEbhP654jzLoe3a	192.168.1.2	5060	212.242.33.35	5060	0	REGISTER	sip:sip.cybercity.dk	-	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>	<sip:35104723@sip.cybercity.dk>;tag=00-04087-1701bae7-76fb74995	-	29858147-465b0752@29858051-465b07b2	6 REGISTER	-	SIP/2.0/UDP 192.168.1.2	SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060	Nero SIPPS IP Phone Version 2.0.51.16	200	OK	-	0	0	-
+#close	2015-04-30-03-33-33
diff --git a/testing/btest/Baseline/scripts.base.protocols.snmp.v1/out1 b/testing/btest/Baseline/scripts.base.protocols.snmp.v1/out1
index f564ee0c62..958d5c7c3f 100644
--- a/testing/btest/Baseline/scripts.base.protocols.snmp.v1/out1
+++ b/testing/btest/Baseline/scripts.base.protocols.snmp.v1/out1
@@ -55,7 +55,7 @@ snmp_response
     error_stat: 0
     error_idx:  0
     oid: 1.3.6.1.2.1.2.2.1.6.1
-    value (tag=0x04): ^H\07^U\xe6\xbc
+    value (tag=0x04): \x08\x007\x15\xe6\xbc
 snmp_get_request
   [orig_h=172.31.19.54, orig_p=15919/udp, resp_h=172.31.19.73, resp_p=161/udp]
   is_orig: T
@@ -175,7 +175,7 @@ snmp_response
     error_stat: 0
     error_idx:  0
     oid: 1.3.6.1.2.1.2.2.1.6.1
-    value (tag=0x04): ^H\07^U\xe6\xbc
+    value (tag=0x04): \x08\x007\x15\xe6\xbc
 snmp_get_request
   [orig_h=172.31.19.54, orig_p=15925/udp, resp_h=172.31.19.73, resp_p=161/udp]
   is_orig: T
@@ -295,7 +295,7 @@ snmp_response
     error_stat: 0
     error_idx:  0
     oid: 1.3.6.1.2.1.2.2.1.6.1
-    value (tag=0x04): ^H\07^U\xe6\xbc
+    value (tag=0x04): \x08\x007\x15\xe6\xbc
 snmp_get_request
   [orig_h=172.31.19.54, orig_p=15931/udp, resp_h=172.31.19.73, resp_p=161/udp]
   is_orig: T
diff --git a/testing/btest/Baseline/scripts.base.protocols.snmp.v3/out1 b/testing/btest/Baseline/scripts.base.protocols.snmp.v3/out1
index 20f6d45ab0..2044f304cd 100644
--- a/testing/btest/Baseline/scripts.base.protocols.snmp.v3/out1
+++ b/testing/btest/Baseline/scripts.base.protocols.snmp.v3/out1
@@ -1,14 +1,14 @@
 snmp_get_request
   [orig_h=127.0.0.1, orig_p=54211/udp, resp_h=127.0.0.1, resp_p=161/udp]
   is_orig: T
-  [id=544943986, max_size=16384, flags=4, auth_flag=F, priv_flag=F, reportable_flag=T, security_model=3, security_params=0^N^D\0^B^A*^B^A*^D\0^D\0^D\0, pdu_context=[engine_id=, name=]]
+  [id=544943986, max_size=16384, flags=4, auth_flag=F, priv_flag=F, reportable_flag=T, security_model=3, security_params=0\x0e\x04\x00\x02\x01*\x02\x01*\x04\x00\x04\x00\x04\x00, pdu_context=[engine_id=, name=]]
     request_id: 544943986
     error_stat: 0
     error_idx:  0
 snmp_report
   [orig_h=127.0.0.1, orig_p=54211/udp, resp_h=127.0.0.1, resp_p=161/udp]
   is_orig: F
-  [id=544943986, max_size=16384, flags=0, auth_flag=F, priv_flag=F, reportable_flag=F, security_model=3, security_params=0\x1b^D^M\x80\0\x1f\x88\x80\xa9I\x8e^:,0C^B^A\xdd^B^A\xdd^D\0^D\0^D\0, pdu_context=[engine_id=\x80\0\x1f\x88\x80\xa9I\x8e^:,0C, name=]]
+  [id=544943986, max_size=16384, flags=0, auth_flag=F, priv_flag=F, reportable_flag=F, security_model=3, security_params=0\x1b\x04\x0d\x80\x00\x1f\x88\x80\xa9I\x8e^:,0C\x02\x01\xdd\x02\x01\xdd\x04\x00\x04\x00\x04\x00, pdu_context=[engine_id=\x80\x00\x1f\x88\x80\xa9I\x8e^:,0C, name=]]
     request_id: 544943986
     error_stat: 0
     error_idx:  0
@@ -17,7 +17,7 @@ snmp_report
 snmp_get_request
   [orig_h=127.0.0.1, orig_p=54211/udp, resp_h=127.0.0.1, resp_p=161/udp]
   is_orig: T
-  [id=544943986, max_size=16384, flags=4, auth_flag=F, priv_flag=F, reportable_flag=T, security_model=3, security_params=0/^D^M\x80\0\x1f\x88\x80\xa9I\x8e^:,0C^B^A\xdd^B^A\xdd^D^Husername^D^L\0\0\0\0\0\0\0\0\0\0\0\0^D\0, pdu_context=[engine_id=\x80\0\x1f\x88\x80\xa9I\x8e^:,0C, name=]]
+  [id=544943986, max_size=16384, flags=4, auth_flag=F, priv_flag=F, reportable_flag=T, security_model=3, security_params=0/\x04\x0d\x80\x00\x1f\x88\x80\xa9I\x8e^:,0C\x02\x01\xdd\x02\x01\xdd\x04\x08username\x04\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00, pdu_context=[engine_id=\x80\x00\x1f\x88\x80\xa9I\x8e^:,0C, name=]]
     request_id: 544943986
     error_stat: 0
     error_idx:  0
@@ -26,7 +26,7 @@ snmp_get_request
 snmp_response
   [orig_h=127.0.0.1, orig_p=54211/udp, resp_h=127.0.0.1, resp_p=161/udp]
   is_orig: F
-  [id=544943986, max_size=16384, flags=0, auth_flag=F, priv_flag=F, reportable_flag=F, security_model=3, security_params=0#^D^M\x80\0\x1f\x88\x80\xa9I\x8e^:,0C^B^A\xdd^B^A\xdd^D^Husername^D\0^D\0, pdu_context=[engine_id=\x80\0\x1f\x88\x80\xa9I\x8e^:,0C, name=]]
+  [id=544943986, max_size=16384, flags=0, auth_flag=F, priv_flag=F, reportable_flag=F, security_model=3, security_params=0#\x04\x0d\x80\x00\x1f\x88\x80\xa9I\x8e^:,0C\x02\x01\xdd\x02\x01\xdd\x04\x08username\x04\x00\x04\x00, pdu_context=[engine_id=\x80\x00\x1f\x88\x80\xa9I\x8e^:,0C, name=]]
     request_id: 544943986
     error_stat: 0
     error_idx:  0
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssh.basic/ssh.log b/testing/btest/Baseline/scripts.base.protocols.ssh.basic/ssh.log
new file mode 100644
index 0000000000..58e8a2f742
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssh.basic/ssh.log
@@ -0,0 +1,31 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssh
+#open	2015-03-17-17-44-34
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	auth_success	direction	client	server	cipher_alg	mac_alg	compression_alg	kex_alg	host_key_alg	host_key
+#types	time	string	addr	port	addr	port	count	bool	enum	string	string	string	string	string	string	string	string
+1324071333.793037	CXWv6p3arKYeMETxOg	192.168.1.79	51880	131.159.21.1	22	2	F	-	SSH-2.0-OpenSSH_5.9	SSH-2.0-OpenSSH_5.8	aes128-ctr	hmac-md5	none	ecdh-sha2-nistp256	ssh-rsa	a7:26:62:3f:75:1f:33:8a:f3:32:90:8b:73:fd:2c:83
+1409516196.413240	CjhGID4nQcgTWjvg4c	10.0.0.18	40184	128.2.6.88	41644	2	T	-	SSH-2.0-OpenSSH_6.6	SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1	aes128-ctr	hmac-md5	none	ecdh-sha2-nistp256	ssh-rsa	8a:8d:55:28:1e:71:04:99:94:43:22:89:e5:ff:e9:03
+1419870189.491788	CCvvfg3TEfuqmmG4bh	192.168.2.1	57189	192.168.2.158	22	2	T	-	SSH-2.0-OpenSSH_6.2	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	aes128-ctr	hmac-md5-etm@openssh.com	none	diffie-hellman-group-exchange-sha256	ssh-rsa	28:78:65:c1:c3:26:f7:1b:65:6a:44:14:d0:04:8f:b3
+1419870206.112061	CsRx2w45OKnoww6xl4	192.168.2.1	57191	192.168.2.158	22	1	-	-	SSH-1.5-OpenSSH_6.2	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	-	-	-	-	-	a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
+1419996264.344957	CRJuHdVW0XPVINV8a	192.168.2.1	55179	192.168.2.158	2200	2	T	-	SSH-2.0-OpenSSH_6.2	SSH-2.0-paramiko_1.15.2	aes128-ctr	hmac-sha1	none	diffie-hellman-group14-sha1	ssh-rsa	60:73:38:44:cb:51:86:65:7f:de:da:a2:2b:5a:57:d5
+1420588548.729724	CPbrpk1qSsw6ESzHV4	192.168.2.1	56594	192.168.2.158	22	1	-	-	SSH-1.5-OpenSSH_5.3	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	-	-	-	-	-	a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
+1420590124.886029	C6pKV8GSxOnSLghOa	192.168.2.1	56821	192.168.2.158	22	1	-	-	SSH-1.5-OpenSSH_6.2	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	-	-	-	-	-	a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
+1420590308.781417	CIPOse170MGiRM1Qf4	192.168.2.1	56837	192.168.2.158	22	1	-	-	SSH-1.5-OpenSSH_6.2	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	-	-	-	-	-	a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
+1420590322.682734	C7XEbhP654jzLoe3a	192.168.2.1	56845	192.168.2.158	22	1	-	-	SSH-1.5-OpenSSH_6.2	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	-	-	-	-	-	a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
+1420590636.482870	CJ3xTn1c4Zw9TmAE05	192.168.2.1	56875	192.168.2.158	22	1	-	-	SSH-1.5-OpenSSH_6.2	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	-	-	-	-	-	a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
+1420590659.429753	CMXxB5GvmoxJFXdTa	192.168.2.1	56878	192.168.2.158	22	1	-	-	SSH-1.5-OpenSSH_6.2	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	-	-	-	-	-	a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
+1420591379.658841	Caby8b1slFea8xwSmb	192.168.2.1	56940	192.168.2.158	22	1	-	-	SSH-1.5-OpenSSH_6.2	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	-	-	-	-	-	a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
+1420599430.828624	Che1bq3i2rO3KD1Syg	192.168.2.1	57831	192.168.2.158	22	1	-	-	SSH-1.5-OpenSSH_6.2	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	-	-	-	-	-	a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
+1420851448.317515	C3SfNE4BWaU4aSuwkc	192.168.2.1	59246	192.168.2.158	22	2	T	-	SSH-2.0-OpenSSH_6.2	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	arcfour256	hmac-md5-etm@openssh.com	none	diffie-hellman-group-exchange-sha256	ssh-rsa	28:78:65:c1:c3:26:f7:1b:65:6a:44:14:d0:04:8f:b3
+1420860283.083659	CEle3f3zno26fFZkrh	192.168.1.32	41164	128.2.10.238	22	2	T	-	SSH-2.0-OpenSSH_6.6p1-hpn14v4	SSH-1.99-OpenSSH_3.4+p1+gssapi+OpenSSH_3.7.1buf_fix+2006100301	aes128-cbc	hmac-md5	none	diffie-hellman-group-exchange-sha1	ssh-rsa	7f:e5:81:92:26:77:05:44:c4:60:fb:cd:89:c8:81:ee
+1420860616.459806	CwSkQu4eWZCH7OONC1	192.168.1.32	33910	128.2.13.133	22	2	T	-	SSH-2.0-OpenSSH_6.6p1-hpn14v4	SSH-2.0-OpenSSH_5.3	aes128-ctr	hmac-md5	none	diffie-hellman-group-exchange-sha256	ssh-rsa	93:d8:4c:0d:b2:c3:2e:da:b9:c0:67:db:e4:8f:95:04
+1420868281.691929	CfTOmO0HKorjr8Zp7	192.168.1.32	41268	128.2.10.238	22	2	F	-	SSH-2.0-OpenSSH_6.6	SSH-1.99-OpenSSH_3.4+p1+gssapi+OpenSSH_3.7.1buf_fix+2006100301	aes128-cbc	hmac-md5	none	diffie-hellman-group-exchange-sha1	ssh-rsa	7f:e5:81:92:26:77:05:44:c4:60:fb:cd:89:c8:81:ee
+1420917487.230379	Cab0vO1xNYSS2hJkle	192.168.1.31	52294	192.168.1.32	22	2	T	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_6.7	chacha20-poly1305@openssh.com	hmac-sha2-512-etm@openssh.com	none	curve25519-sha256@libssh.org	ssh-ed25519	e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1
+1421006072.225176	Cx2FqO23omNawSNrxj	192.168.1.31	51489	192.168.1.32	22	2	T	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_6.7	chacha20-poly1305@openssh.com	hmac-sha2-512-etm@openssh.com	none	curve25519-sha256@libssh.org	ssh-ed25519	e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1
+1421041177.043845	CkDsfG2YIeWJmXWNWj	192.168.1.32	58641	131.103.20.168	22	2	F	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_5.3	aes128-ctr	hmac-md5	none	diffie-hellman-group-exchange-sha256	ssh-rsa	97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
+1421041299.824707	CUKS0W3HFYOnBqSE5e	192.168.1.32	58646	131.103.20.168	22	2	T	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_5.3	aes128-ctr	hmac-md5	none	diffie-hellman-group-exchange-sha256	ssh-rsa	97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
+1421041526.397714	CRrfvP2lalMAYOCLhj	192.168.1.32	58649	131.103.20.168	22	2	T	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_5.3	aes128-ctr	hmac-md5	none	diffie-hellman-group-exchange-sha256	ssh-rsa	97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
+#close	2015-03-17-17-44-34
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.common_name/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.common_name/.stdout
new file mode 100644
index 0000000000..0642f10875
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.common_name/.stdout
@@ -0,0 +1,3 @@
+*.gstatic.com
+Google Internet Authority
+No CN
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.dtls/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.dtls/ssl.log
new file mode 100644
index 0000000000..cd9d04e020
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.dtls/ssl.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open	2015-03-12-22-40-14
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1425932016.520157	CXWv6p3arKYeMETxOg	192.168.6.86	63721	104.236.167.107	4433	DTLSv10	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	secp256r1	-	F	-	-	T	FZi2Ct2AcCswhiIjKe	(empty)	CN=bro	CN=bro	-	-
+#close	2015-03-12-22-40-14
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.dtls/x509.log b/testing/btest/Baseline/scripts.base.protocols.ssl.dtls/x509.log
new file mode 100644
index 0000000000..290c5bfb49
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.dtls/x509.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	x509
+#open	2015-03-12-22-40-14
+#fields	ts	id	certificate.version	certificate.serial	certificate.subject	certificate.issuer	certificate.not_valid_before	certificate.not_valid_after	certificate.key_alg	certificate.sig_alg	certificate.key_type	certificate.key_length	certificate.exponent	certificate.curve	san.dns	san.uri	san.email	san.ip	basic_constraints.ca	basic_constraints.path_len
+#types	time	string	count	string	string	string	time	time	string	string	string	count	string	string	vector[string]	vector[string]	vector[string]	vector[addr]	bool	count
+1425932016.611299	FZi2Ct2AcCswhiIjKe	3	E8E48E456C32945F	CN=bro	CN=bro	1425931873.000000	1457467873.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	-
+#close	2015-03-12-22-40-14
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.fragment/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.fragment/.stdout
new file mode 100644
index 0000000000..5caff40c4a
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.fragment/.stdout
@@ -0,0 +1 @@
+10000
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.fragment/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.fragment/ssl.log
new file mode 100644
index 0000000000..c8278858e5
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.fragment/ssl.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open	2015-03-12-01-22-34
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1426117218.083491	CXWv6p3arKYeMETxOg	192.168.6.86	61454	104.236.167.107	4433	TLSv12	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384	secp256r1	104.236.167.107	F	-	-	F	FsQdqWuF9t3e4W0d	(empty)	-	-	-	-
+#close	2015-03-12-01-22-34
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-random/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-random/.stdout
index d71e0171ce..85bc19633e 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-random/.stdout
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-random/.stdout
@@ -1,2 +1,2 @@
-8\xd0U@\xf1\xaamI\xb5SE^K\x82\xa4\xe0\x9eG\xf3\xdd\x1f\xeey\xa6[\xcc\xd7^D\x90
-\xa7^B\xf4'&^E]|c\x83KN\xb0^N6F\xbez\xbb^Ny\xbf^O\x85p\x83\x8dX
+8\xd0U@\xf1\xaamI\xb5SE\x0b\x82\xa4\xe0\x9eG\xf3\xdd\x1f\xeey\xa6[\xcc\xd7\x04\x90
+\xa7\x02\xf4'&\x05]|c\x83KN\xb0\x0e6F\xbez\xbb\x0ey\xbf\x0f\x85p\x83\x8dX
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.x509_extensions/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.x509_extensions/.stdout
index c33135d3f8..5401c97d92 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.x509_extensions/.stdout
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.x509_extensions/.stdout
@@ -1,18 +1,18 @@
-[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:3F:D5:B5:D0:D6:44:79:50:4A:17:A3:9B:8C:4A:DC:B8:B0:22:64:6B^J]
+[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:3F:D5:B5:D0:D6:44:79:50:4A:17:A3:9B:8C:4A:DC:B8:B0:22:64:6B\x0a]
 [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=A2:76:09:20:A8:40:FD:A1:AC:C8:E9:35:B9:11:A6:61:FF:8C:FF:A3]
 [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Digital Signature, Key Encipherment]
 [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE]
 [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication]
-[name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.6449.1.2.1.3.4^J  CPS: https://secure.comodo.com/CPS^J]
-[name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://crt.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crt^JOCSP - URI:http://ocsp.comodoca.com^J]
+[name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.6449.1.2.1.3.4\x0a  CPS: https://secure.comodo.com/CPS\x0a]
+[name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://crt.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crt\x0aOCSP - URI:http://ocsp.comodoca.com\x0a]
 [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:*.taleo.net, DNS:taleo.net]
-[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A^J]
+[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A\x0a]
 [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=3F:D5:B5:D0:D6:44:79:50:4A:17:A3:9B:8C:4A:DC:B8:B0:22:64:6B]
 [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign]
 [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0]
-[name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: X509v3 Any Policy^J]
-[name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://crt.usertrust.com/AddTrustExternalCARoot.p7c^JCA Issuers - URI:http://crt.usertrust.com/AddTrustUTNSGCCA.crt^JOCSP - URI:http://ocsp.usertrust.com^J]
+[name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: X509v3 Any Policy\x0a]
+[name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://crt.usertrust.com/AddTrustExternalCARoot.p7c\x0aCA Issuers - URI:http://crt.usertrust.com/AddTrustUTNSGCCA.crt\x0aOCSP - URI:http://ocsp.usertrust.com\x0a]
 [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A]
 [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]
 [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE]
-[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A^JDirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root^Jserial:01^J]
+[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A\x0aDirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root\x0aserial:01\x0a]
diff --git a/testing/btest/Baseline/scripts.base.utils.active-http/output b/testing/btest/Baseline/scripts.base.utils.active-http/output
index 43b13ff29a..8245073ec2 100644
--- a/testing/btest/Baseline/scripts.base.utils.active-http/output
+++ b/testing/btest/Baseline/scripts.base.utils.active-http/output
@@ -4,7 +4,7 @@
 [Date] =  July 22, 2013
 [Server] =  1.0,
 [Server] =  1.0,
-test1, [code=200, msg=OK^M, body=It works!, headers={
-test2, [code=200, msg=OK^M, body=, headers={
+test1, [code=200, msg=OK\x0d, body=It works!, headers={
+test2, [code=200, msg=OK\x0d, body=, headers={
 }]
 }]
diff --git a/testing/btest/Baseline/scripts.base.utils.decompose_uri/output b/testing/btest/Baseline/scripts.base.utils.decompose_uri/output
index c31851d8bd..0c471df190 100644
--- a/testing/btest/Baseline/scripts.base.utils.decompose_uri/output
+++ b/testing/btest/Baseline/scripts.base.utils.decompose_uri/output
@@ -1,5 +1,5 @@
 https://www.bro.org:42/documentation/faq.html?k1=v1&k2=v2
-    -> [scheme=https, netlocation=www.bro.org, portnum=42, path=/documentation/faq.html, file_name=faq.html, file_base=faq, file_ext=html, params={^J^I[k2] = v2,^J^I[k1] = v1^J}]
+    -> [scheme=https, netlocation=www.bro.org, portnum=42, path=/documentation/faq.html, file_name=faq.html, file_base=faq, file_ext=html, params={\x0a\x09[k2] = v2,\x0a\x09[k1] = v1\x0a}]
 
 
     -> [scheme=<uninitialized>, netlocation=, portnum=<uninitialized>, path=/, file_name=<uninitialized>, file_base=<uninitialized>, file_ext=<uninitialized>, params=<uninitialized>]
@@ -32,20 +32,20 @@ https://www.bro.org/documentation/faq.html
     -> [scheme=https, netlocation=www.bro.org, portnum=<uninitialized>, path=/documentation/faq.html, file_name=faq.html, file_base=faq, file_ext=html, params=<uninitialized>]
 
 https://www.bro.org/documentation/faq.html?
-    -> [scheme=https, netlocation=www.bro.org, portnum=<uninitialized>, path=/documentation/faq.html, file_name=faq.html, file_base=faq, file_ext=html, params={^J^J}]
+    -> [scheme=https, netlocation=www.bro.org, portnum=<uninitialized>, path=/documentation/faq.html, file_name=faq.html, file_base=faq, file_ext=html, params={\x0a\x0a}]
 
 https://www.bro.org/documentation/faq.html?k=v
-    -> [scheme=https, netlocation=www.bro.org, portnum=<uninitialized>, path=/documentation/faq.html, file_name=faq.html, file_base=faq, file_ext=html, params={^J^I[k] = v^J}]
+    -> [scheme=https, netlocation=www.bro.org, portnum=<uninitialized>, path=/documentation/faq.html, file_name=faq.html, file_base=faq, file_ext=html, params={\x0a\x09[k] = v\x0a}]
 
 https://www.bro.org/documentation/faq.html?k=
-    -> [scheme=https, netlocation=www.bro.org, portnum=<uninitialized>, path=/documentation/faq.html, file_name=faq.html, file_base=faq, file_ext=html, params={^J^I[k] = ^J}]
+    -> [scheme=https, netlocation=www.bro.org, portnum=<uninitialized>, path=/documentation/faq.html, file_name=faq.html, file_base=faq, file_ext=html, params={\x0a\x09[k] = \x0a}]
 
 https://www.bro.org/documentation/faq.html?=v
-    -> [scheme=https, netlocation=www.bro.org, portnum=<uninitialized>, path=/documentation/faq.html, file_name=faq.html, file_base=faq, file_ext=html, params={^J^I[] = v^J}]
+    -> [scheme=https, netlocation=www.bro.org, portnum=<uninitialized>, path=/documentation/faq.html, file_name=faq.html, file_base=faq, file_ext=html, params={\x0a\x09[] = v\x0a}]
 
 file:///documentation/faq.html?=v
-    -> [scheme=file, netlocation=, portnum=<uninitialized>, path=/documentation/faq.html, file_name=faq.html, file_base=faq, file_ext=html, params={^J^I[] = v^J}]
+    -> [scheme=file, netlocation=, portnum=<uninitialized>, path=/documentation/faq.html, file_name=faq.html, file_base=faq, file_ext=html, params={\x0a\x09[] = v\x0a}]
 
 www.bro.org/?foo=bar
-    -> [scheme=<uninitialized>, netlocation=www.bro.org, portnum=<uninitialized>, path=/, file_name=<uninitialized>, file_base=<uninitialized>, file_ext=<uninitialized>, params={^J^I[foo] = bar^J}]
+    -> [scheme=<uninitialized>, netlocation=www.bro.org, portnum=<uninitialized>, path=/, file_name=<uninitialized>, file_base=<uninitialized>, file_ext=<uninitialized>, params={\x0a\x09[foo] = bar\x0a}]
 
diff --git a/testing/btest/Baseline/scripts.base.utils.strings/output b/testing/btest/Baseline/scripts.base.utils.strings/output
index 4f5f06eca1..2aa35008c6 100644
--- a/testing/btest/Baseline/scripts.base.utils.strings/output
+++ b/testing/btest/Baseline/scripts.base.utils.strings/output
@@ -1,7 +1,7 @@
 'hello' is NOT considered binary
-'\xff\xff\xff\0' IS considered binary
-'\0\0\xff\0' IS considered binary
-'\0\0\0\0' is NOT considered binary
+'\xff\xff\xff\x00' IS considered binary
+'\x00\x00\xff\x00' IS considered binary
+'\x00\x00\x00\x00' is NOT considered binary
 two, one, three
 one
 hell\o w\orl\d
diff --git a/testing/btest/Baseline/scripts.policy.frameworks.intel.seen.certs/intel-all.log b/testing/btest/Baseline/scripts.policy.frameworks.intel.seen.certs/intel-all.log
new file mode 100644
index 0000000000..ba1afe4239
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.frameworks.intel.seen.certs/intel-all.log
@@ -0,0 +1,22 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	intel
+#open	2015-03-14-01-47-46
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	seen.indicator	seen.indicator_type	seen.where	seen.node	sources
+#types	time	string	addr	port	addr	port	string	string	string	string	enum	enum	string	set[string]
+1416942644.593119	CXWv6p3arKYeMETxOg	192.168.4.149	49422	23.92.19.75	443	F0txuw2pvrkZOn04a8	application/pkix-cert	23.92.19.75:443/tcp	www.pantz.org	Intel::DOMAIN	X509::IN_CERT	bro	source1
+#close	2015-03-14-01-47-46
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	intel
+#open	2015-03-14-01-47-46
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	seen.indicator	seen.indicator_type	seen.where	seen.node	sources
+#types	time	string	addr	port	addr	port	string	string	string	string	enum	enum	string	set[string]
+1170717505.934612	CXWv6p3arKYeMETxOg	192.150.187.164	58868	194.127.84.106	443	-	-	-	www.dresdner-privat.de	Intel::DOMAIN	X509::IN_CERT	bro	source1
+1170717509.082241	CjhGID4nQcgTWjvg4c	192.150.187.164	58869	194.127.84.106	443	-	-	-	www.dresdner-privat.de	Intel::DOMAIN	X509::IN_CERT	bro	source1
+1170717512.108799	CCvvfg3TEfuqmmG4bh	192.150.187.164	58870	194.127.84.106	443	-	-	-	www.dresdner-privat.de	Intel::DOMAIN	X509::IN_CERT	bro	source1
+#close	2015-03-14-01-47-46
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
index f5e53044b9..f2f38ae958 100644
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
@@ -59,7 +59,7 @@
 1254722770.692743 file_over_new_connection
 1254722770.692743 mime_end_entity
 1254722770.692743 get_file_handle
-1254722770.692743 file_mime_type
+1254722770.692743 file_sniff
 1254722770.692743 file_state_remove
 1254722770.692743 get_file_handle
 1254722770.692743 mime_begin_entity
@@ -70,7 +70,7 @@
 1254722770.692743 file_over_new_connection
 1254722770.692804 mime_end_entity
 1254722770.692804 get_file_handle
-1254722770.692804 file_mime_type
+1254722770.692804 file_sniff
 1254722770.692804 file_state_remove
 1254722770.692804 get_file_handle
 1254722770.692804 mime_end_entity
@@ -84,7 +84,7 @@
 1254722770.692804 file_new
 1254722770.692804 file_over_new_connection
 1254722770.695115 new_connection
-1254722771.494181 file_mime_type
+1254722771.494181 file_sniff
 1254722771.858334 mime_end_entity
 1254722771.858334 get_file_handle
 1254722771.858334 file_state_remove
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
index 1aa93d5a04..01e584b047 100644
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
@@ -1,62 +1,62 @@
          0.000000 bro_init
          0.000000 filter_change_tracking
 1254722767.492060 protocol_confirmation
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={\x0a\x0a}, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] atype: enum        = Analyzer::ANALYZER_DNS
                   [2] aid: count         = 3
 
 1254722767.492060 ChecksumOffloading::check
 1254722767.492060 filter_change_tracking
 1254722767.492060 new_connection
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={\x0aDNS\x0a}, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722767.492060 dns_message
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={\x0aDNS\x0a}, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=F, AA=F, TC=F, RD=T, RA=F, Z=0, num_queries=1, num_answers=0, num_auth=0, num_addl=0]
                   [3] len: count         = 34
 
 1254722767.492060 dns_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=<uninitialized>, qclass=<uninitialized>, qclass_name=<uninitialized>, qtype=<uninitialized>, qtype_name=<uninitialized>, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=F, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=<uninitialized>, qclass=<uninitialized>, qclass_name=<uninitialized>, qtype=<uninitialized>, qtype_name=<uninitialized>, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=F, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F]^J^I}, settings=[max_len=<uninitialized>], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={\x0aDNS\x0a}, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=<uninitialized>, qclass=<uninitialized>, qclass_name=<uninitialized>, qtype=<uninitialized>, qtype_name=<uninitialized>, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=F, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F], dns_state=[pending_queries={\x0a\x09[31062] = [initialized=T, vals={\x0a\x09\x09[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=<uninitialized>, qclass=<uninitialized>, qclass_name=<uninitialized>, qtype=<uninitialized>, qtype_name=<uninitialized>, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=F, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F]\x0a\x09}, settings=[max_len=<uninitialized>], top=1, bottom=0, size=0]\x0a}, pending_replies={\x0a\x0a}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=F, AA=F, TC=F, RD=T, RA=F, Z=0, num_queries=1, num_answers=0, num_auth=0, num_addl=0]
                   [2] query: string      = mail.patriots.in
                   [3] qtype: count       = 1
                   [4] qclass: count      = 1
 
 1254722767.492060 dns_end
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F]^J^I}, settings=[max_len=<uninitialized>], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={\x0aDNS\x0a}, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F], dns_state=[pending_queries={\x0a\x09[31062] = [initialized=T, vals={\x0a\x09\x09[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F]\x0a\x09}, settings=[max_len=<uninitialized>], top=1, bottom=0, size=0]\x0a}, pending_replies={\x0a\x0a}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=F, AA=F, TC=F, RD=T, RA=F, Z=0, num_queries=1, num_answers=0, num_auth=0, num_addl=0]
 
 1254722767.526085 dns_message
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=T, saw_reply=F]^J^I}, settings=[max_len=<uninitialized>], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={\x0aDNS\x0a}, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=T, saw_reply=F], dns_state=[pending_queries={\x0a\x09[31062] = [initialized=T, vals={\x0a\x09\x09[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=T, saw_reply=F]\x0a\x09}, settings=[max_len=<uninitialized>], top=1, bottom=0, size=0]\x0a}, pending_replies={\x0a\x0a}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0]
                   [3] len: count         = 100
 
 1254722767.526085 dns_CNAME_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={\x0aDNS\x0a}, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={\x0a\x0a}, pending_replies={\x0a\x0a}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0]
                   [2] ans: dns_answer    = [answer_type=1, query=mail.patriots.in, qtype=5, qclass=1, TTL=3.0 hrs 27.0 secs]
                   [3] name: string       = patriots.in
 
 1254722767.526085 dns_A_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=T, Z=0, answers=[patriots.in], TTLs=[3.0 hrs 27.0 secs], rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={\x0aDNS\x0a}, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=T, Z=0, answers=[patriots.in], TTLs=[3.0 hrs 27.0 secs], rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={\x0a\x0a}, pending_replies={\x0a\x0a}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0]
                   [2] ans: dns_answer    = [answer_type=1, query=patriots.in, qtype=1, qclass=1, TTL=3.0 hrs 28.0 secs]
                   [3] a: addr            = 74.53.140.153
 
 1254722767.526085 dns_end
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=T, Z=0, answers=[patriots.in, 74.53.140.153], TTLs=[3.0 hrs 27.0 secs, 3.0 hrs 28.0 secs], rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={\x0aDNS\x0a}, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=T, Z=0, answers=[patriots.in, 74.53.140.153], TTLs=[3.0 hrs 27.0 secs, 3.0 hrs 28.0 secs], rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={\x0a\x0a}, pending_replies={\x0a\x0a}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0]
 
 1254722767.529046 new_connection
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.529046, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.529046, duration=0.0, service={\x0a\x0a}, history=, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722767.875996 connection_established
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.529046, duration=0.34695, service={^J^J}, addl=, hot=0, history=Sh, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.529046, duration=0.34695, service={\x0a\x0a}, history=Sh, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722768.219663 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={\x0a\x0a}, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 220
                   [3] cmd: string        = >
@@ -64,7 +64,7 @@
                   [5] cont_resp: bool    = T
 
 1254722768.219663 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={\x0a\x0a}, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 220
                   [3] cmd: string        = >
@@ -72,7 +72,7 @@
                   [5] cont_resp: bool    = T
 
 1254722768.219663 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={\x0a\x0a}, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 220
                   [3] cmd: string        = >
@@ -80,18 +80,18 @@
                   [5] cont_resp: bool    = F
 
 1254722768.224809 protocol_confirmation
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={\x0a\x0a}, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] atype: enum        = Analyzer::ANALYZER_SMTP
                   [2] aid: count         = 7
 
 1254722768.224809 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={\x0aSMTP\x0a}, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = EHLO
                   [3] arg: string        = GP
 
 1254722768.566183 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = EHLO
@@ -99,7 +99,7 @@
                   [5] cont_resp: bool    = T
 
 1254722768.566183 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = EHLO
@@ -107,7 +107,7 @@
                   [5] cont_resp: bool    = T
 
 1254722768.566183 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = EHLO
@@ -115,7 +115,7 @@
                   [5] cont_resp: bool    = T
 
 1254722768.566183 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = EHLO
@@ -123,7 +123,7 @@
                   [5] cont_resp: bool    = T
 
 1254722768.566183 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = EHLO
@@ -131,7 +131,7 @@
                   [5] cont_resp: bool    = T
 
 1254722768.566183 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = EHLO
@@ -139,13 +139,13 @@
                   [5] cont_resp: bool    = F
 
 1254722768.568729 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.039683, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.039683, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = AUTH
                   [3] arg: string        = LOGIN
 
 1254722768.911081 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.382035, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.382035, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 334
                   [3] cmd: string        = AUTH
@@ -153,13 +153,13 @@
                   [5] cont_resp: bool    = F
 
 1254722768.911655 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.382609, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.382609, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = **
                   [3] arg: string        = Z3VycGFydGFwQHBhdHJpb3RzLmlu
 
 1254722769.253544 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.724498, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.724498, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 334
                   [3] cmd: string        = AUTH_ANSWER
@@ -167,13 +167,13 @@
                   [5] cont_resp: bool    = F
 
 1254722769.254118 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=1.725072, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=1.725072, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = **
                   [3] arg: string        = cHVuamFiQDEyMw==
 
 1254722769.613798 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=2.084752, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=2.084752, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 235
                   [3] cmd: string        = AUTH_ANSWER
@@ -181,13 +181,13 @@
                   [5] cont_resp: bool    = F
 
 1254722769.614414 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.085368, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.085368, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = MAIL
                   [3] arg: string        = FROM: <gurpartap@patriots.in>
 
 1254722769.956765 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.427719, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.427719, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = MAIL
@@ -195,13 +195,13 @@
                   [5] cont_resp: bool    = F
 
 1254722769.957250 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.428204, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.428204, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = RCPT
                   [3] arg: string        = TO: <raj_deol2002in@yahoo.co.in>
 
 1254722770.319708 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.790662, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.790662, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = RCPT
@@ -209,16 +209,16 @@
                   [5] cont_resp: bool    = F
 
 1254722770.320203 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = DATA
                   [3] arg: string        = 
 
 1254722770.320203 mime_begin_entity
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722770.661679 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=3.132633, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=3.132633, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 354
                   [3] cmd: string        = DATA
@@ -226,243 +226,243 @@
                   [5] cont_resp: bool    = F
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] h: mime_header_rec = [name=FROM, value="Gurpartap Singh" <gurpartap@patriots.in>]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from="Gurpartap Singh" <gurpartap@patriots.in>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=<uninitialized>, from="Gurpartap Singh" <gurpartap@patriots.in>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] h: mime_header_rec = [name=TO, value=<raj_deol2002in@yahoo.co.in>]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=<uninitialized>, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] h: mime_header_rec = [name=SUBJECT, value=SMTP]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=<uninitialized>, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] h: mime_header_rec = [name=DATE, value=Mon, 5 Oct 2009 11:36:07 +0530]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] h: mime_header_rec = [name=MESSAGE-ID, value=<000301ca4581$ef9e57f0$cedb07d0$@in>]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] h: mime_header_rec = [name=MIME-VERSION, value=1.0]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=multipart/mixed;^Iboundary="----=_NextPart_000_0004_01CA45B0.095693F0"]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=multipart/mixed;\x09boundary="----=_NextPart_000_0004_01CA45B0.095693F0"]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] h: mime_header_rec = [name=X-MAILER, value=Microsoft Office Outlook 12.0]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] h: mime_header_rec = [name=THREAD-INDEX, value=AcpFgem9BvjjZEDeR1Kh8i+hUyVo0A==]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] h: mime_header_rec = [name=CONTENT-LANGUAGE, value=en-us]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] h: mime_header_rec = [name=X-CR-HASHEDPUZZLE, value=SeA= AAR2 ADaH BpiO C4G1 D1gW FNB1 FPkR Fn+W HFCP HnYJ JO7s Kum6 KytW LFcI LjUt;1;cgBhAGoAXwBkAGUAbwBsADIAMAAwADIAaQBuAEAAeQBhAGgAbwBvAC4AYwBvAC4AaQBuAA==;Sosha1_v1;7;{CAA37F59-1850-45C7-8540-AA27696B5398};ZwB1AHIAcABhAHIAdABhAHAAQABwAGEAdAByAGkAbwB0AHMALgBpAG4A;Mon, 05 Oct 2009 06:06:01 GMT;UwBNAFQAUAA=]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] h: mime_header_rec = [name=X-CR-PUZZLEID, value={CAA37F59-1850-45C7-8540-AA27696B5398}]
 
 1254722770.692743 mime_begin_entity
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=2], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=multipart/alternative;^Iboundary="----=_NextPart_001_0005_01CA45B0.095693F0"]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=2], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=multipart/alternative;\x09boundary="----=_NextPart_001_0005_01CA45B0.095693F0"]
 
 1254722770.692743 mime_begin_entity
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=2], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=2], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/plain;^Icharset="us-ascii"]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/plain;\x09charset="us-ascii"]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] h: mime_header_rec = [name=CONTENT-TRANSFER-ENCODING, value=7bit]
 
 1254722770.692743 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
 1254722770.692743 file_new
-                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
 
 1254722770.692743 file_over_new_connection
-                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={\x0a\x0a}, rx_hosts={\x0a\x0a}, conn_uids={\x0a\x0a}, source=SMTP, depth=0, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
 1254722770.692743 mime_end_entity
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722770.692743 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = T
 
-1254722770.692743 file_mime_type
-                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692743, seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Hello^M^J^M^J ^M^J^M^JI send u smtp pcap file ^M^J^M^JFind the attachment^M^J^M^J ^M^J^M^JGPS^M^J^M^J, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=3, analyzers={^J^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
-                  [1] mime_type: string  = text/plain
+1254722770.692743 file_sniff
+                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Hello\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aI send u smtp pcap file \x0d\x0a\x0d\x0aFind the attachment\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aGPS\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={\x0a\x0974.53.140.153\x0a}, rx_hosts={\x0a\x0910.10.1.4\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=3, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [1] meta: fa_metadata  = [mime_type=text/plain, mime_types=[[strength=-20, mime=text/plain]]]
 
 1254722770.692743 file_state_remove
-                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692743, seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Hello^M^J^M^J ^M^J^M^JI send u smtp pcap file ^M^J^M^JFind the attachment^M^J^M^J ^M^J^M^JGPS^M^J^M^J, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=3, analyzers={^J^J}, mime_type=text/plain, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Hello\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aI send u smtp pcap file \x0d\x0a\x0d\x0aFind the attachment\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aGPS\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={\x0a\x0974.53.140.153\x0a}, rx_hosts={\x0a\x0910.10.1.4\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=3, analyzers={\x0a\x0a}, mime_type=text/plain, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
 
 1254722770.692743 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
 1254722770.692743 mime_begin_entity
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/html;^Icharset="us-ascii"]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/html;\x09charset="us-ascii"]
 
 1254722770.692743 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] h: mime_header_rec = [name=CONTENT-TRANSFER-ENCODING, value=quoted-printable]
 
 1254722770.692743 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
 1254722770.692743 file_new
-                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
 
 1254722770.692743 file_over_new_connection
-                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={\x0a\x0a}, rx_hosts={\x0a\x0a}, conn_uids={\x0a\x0a}, source=SMTP, depth=0, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
 1254722770.692804 mime_end_entity
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722770.692804 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = T
 
-1254722770.692804 file_mime_type
-                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692804, seen_bytes=1868, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">^M^J^M^J<head>^M^J<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">^M^J<meta name=Generator content="Microsoft Word 12 (filtered medium)">^M^J<style>^M^J<!--^M^J /* Font Definitions */^M^J @font-face^M^J^I{font-family:"Cambria Math";^M^J^Ipanose-1:2 4 5 3 5 4 6 3 2 4;}^M^J@font-face^M^J^I{font-family:Calibri;^M^J^Ipanose-1:2 15 5 2 2 2 4 3 2 4;}^M^J /* Style Definitions */^M^J p.MsoNormal, li.MsoNormal, div.MsoNormal^M^J^I{margin:0in;^M^J^Imargin-bottom:.0001pt;^M^J^Ifont-size:11.0pt;^M^J^Ifont-family:"Calibri","sans-serif";}^M^Ja:link, span.MsoHyperlink^M^J^I{mso-style-priority:99;^M^J^Icolor:blue;^M^J^Itext-decoration:underline;}^M^Ja:visited, span.MsoHyperlinkFollowed^M^J^I{mso-style-priority:99;^M^J^Icolor:purple;^M^J^Itext-decoration:underline;}^M^Jspan.EmailStyle17^M^J^I{mso-style-type:personal-compose;^M^J^Ifont-family:"Calibri","sans-serif";^M^J^Icolor:windowtext;}^M^J.MsoChpDefault^M^J^I{mso-style-type:export-only;}^M^J@page Section1^M^J^I{size:8.5in 11.0in;^M^J^Imargin:1.0in 1.0in 1.0in 1.0in;}^M^Jdiv.Section1^M^J^I{page:Section1;}^M^J-->^M^J</style>^M^J<!--[if gte mso 9]><xml>^M^J <o:shapedefaults v:ext="edit" spidmax="1026" />^M^J</xml><![endif]--><!--[if gte mso 9]><xml>^M^J <o:shapelayout v:ext="edit">^M^J  <o:idmap v:ext="edit" data="1" />^M^J </o:shapelayout></xml><![endif]-->^M^J</head>^M^J^M^J<body lang=EN-US link=blue vlink=purple>^M^J^M^J<div class=Section1>^M^J^M^J<p class=MsoNormal>Hello<o:p></o:p></p>^M^J^M^J<p class=MsoNormal><o:p>&nbsp;</o:p></p>^M^J^M^J<p class=MsoNormal>I send u smtp pcap file <o:p></o:p></p>^M^J^M^J<p class=MsoNormal>Find the attachment<o:p></o:p></p>^M^J^M^J<p class=MsoNormal><o:p>&nbsp;</o:p></p>^M^J^M^J<p class=MsoNormal>GPS<o:p></o:p></p>^M^J^M^J</div>^M^J^M^J</body>^M^J^M^J</html>^M^J^M^J, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=4, analyzers={^J^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
-                  [1] mime_type: string  = text/html
+1254722770.692804 file_sniff
+                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=1868, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">\x0d\x0a\x0d\x0a<head>\x0d\x0a<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">\x0d\x0a<meta name=Generator content="Microsoft Word 12 (filtered medium)">\x0d\x0a<style>\x0d\x0a<!--\x0d\x0a /* Font Definitions */\x0d\x0a @font-face\x0d\x0a\x09{font-family:"Cambria Math";\x0d\x0a\x09panose-1:2 4 5 3 5 4 6 3 2 4;}\x0d\x0a@font-face\x0d\x0a\x09{font-family:Calibri;\x0d\x0a\x09panose-1:2 15 5 2 2 2 4 3 2 4;}\x0d\x0a /* Style Definitions */\x0d\x0a p.MsoNormal, li.MsoNormal, div.MsoNormal\x0d\x0a\x09{margin:0in;\x0d\x0a\x09margin-bottom:.0001pt;\x0d\x0a\x09font-size:11.0pt;\x0d\x0a\x09font-family:"Calibri","sans-serif";}\x0d\x0aa:link, span.MsoHyperlink\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:blue;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aa:visited, span.MsoHyperlinkFollowed\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:purple;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aspan.EmailStyle17\x0d\x0a\x09{mso-style-type:personal-compose;\x0d\x0a\x09font-family:"Calibri","sans-serif";\x0d\x0a\x09color:windowtext;}\x0d\x0a.MsoChpDefault\x0d\x0a\x09{mso-style-type:export-only;}\x0d\x0a@page Section1\x0d\x0a\x09{size:8.5in 11.0in;\x0d\x0a\x09margin:1.0in 1.0in 1.0in 1.0in;}\x0d\x0adiv.Section1\x0d\x0a\x09{page:Section1;}\x0d\x0a-->\x0d\x0a</style>\x0d\x0a<!--[if gte mso 9]><xml>\x0d\x0a <o:shapedefaults v:ext="edit" spidmax="1026" />\x0d\x0a</xml><![endif]--><!--[if gte mso 9]><xml>\x0d\x0a <o:shapelayout v:ext="edit">\x0d\x0a  <o:idmap v:ext="edit" data="1" />\x0d\x0a </o:shapelayout></xml><![endif]-->\x0d\x0a</head>\x0d\x0a\x0d\x0a<body lang=EN-US link=blue vlink=purple>\x0d\x0a\x0d\x0a<div class=Section1>\x0d\x0a\x0d\x0a<p class=MsoNormal>Hello<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>I send u smtp pcap file <o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>Find the attachment<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>GPS<o:p></o:p></p>\x0d\x0a\x0d\x0a</div>\x0d\x0a\x0d\x0a</body>\x0d\x0a\x0d\x0a</html>\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={\x0a\x0974.53.140.153\x0a}, rx_hosts={\x0a\x0910.10.1.4\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=4, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [1] meta: fa_metadata  = [mime_type=text/html, mime_types=[[strength=100, mime=text/html], [strength=20, mime=text/html], [strength=-20, mime=text/plain]]]
 
 1254722770.692804 file_state_remove
-                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692804, seen_bytes=1868, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">^M^J^M^J<head>^M^J<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">^M^J<meta name=Generator content="Microsoft Word 12 (filtered medium)">^M^J<style>^M^J<!--^M^J /* Font Definitions */^M^J @font-face^M^J^I{font-family:"Cambria Math";^M^J^Ipanose-1:2 4 5 3 5 4 6 3 2 4;}^M^J@font-face^M^J^I{font-family:Calibri;^M^J^Ipanose-1:2 15 5 2 2 2 4 3 2 4;}^M^J /* Style Definitions */^M^J p.MsoNormal, li.MsoNormal, div.MsoNormal^M^J^I{margin:0in;^M^J^Imargin-bottom:.0001pt;^M^J^Ifont-size:11.0pt;^M^J^Ifont-family:"Calibri","sans-serif";}^M^Ja:link, span.MsoHyperlink^M^J^I{mso-style-priority:99;^M^J^Icolor:blue;^M^J^Itext-decoration:underline;}^M^Ja:visited, span.MsoHyperlinkFollowed^M^J^I{mso-style-priority:99;^M^J^Icolor:purple;^M^J^Itext-decoration:underline;}^M^Jspan.EmailStyle17^M^J^I{mso-style-type:personal-compose;^M^J^Ifont-family:"Calibri","sans-serif";^M^J^Icolor:windowtext;}^M^J.MsoChpDefault^M^J^I{mso-style-type:export-only;}^M^J@page Section1^M^J^I{size:8.5in 11.0in;^M^J^Imargin:1.0in 1.0in 1.0in 1.0in;}^M^Jdiv.Section1^M^J^I{page:Section1;}^M^J-->^M^J</style>^M^J<!--[if gte mso 9]><xml>^M^J <o:shapedefaults v:ext="edit" spidmax="1026" />^M^J</xml><![endif]--><!--[if gte mso 9]><xml>^M^J <o:shapelayout v:ext="edit">^M^J  <o:idmap v:ext="edit" data="1" />^M^J </o:shapelayout></xml><![endif]-->^M^J</head>^M^J^M^J<body lang=EN-US link=blue vlink=purple>^M^J^M^J<div class=Section1>^M^J^M^J<p class=MsoNormal>Hello<o:p></o:p></p>^M^J^M^J<p class=MsoNormal><o:p>&nbsp;</o:p></p>^M^J^M^J<p class=MsoNormal>I send u smtp pcap file <o:p></o:p></p>^M^J^M^J<p class=MsoNormal>Find the attachment<o:p></o:p></p>^M^J^M^J<p class=MsoNormal><o:p>&nbsp;</o:p></p>^M^J^M^J<p class=MsoNormal>GPS<o:p></o:p></p>^M^J^M^J</div>^M^J^M^J</body>^M^J^M^J</html>^M^J^M^J, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=4, analyzers={^J^J}, mime_type=text/html, filename=<uninitialized>, duration=61.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1868, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=1868, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">\x0d\x0a\x0d\x0a<head>\x0d\x0a<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">\x0d\x0a<meta name=Generator content="Microsoft Word 12 (filtered medium)">\x0d\x0a<style>\x0d\x0a<!--\x0d\x0a /* Font Definitions */\x0d\x0a @font-face\x0d\x0a\x09{font-family:"Cambria Math";\x0d\x0a\x09panose-1:2 4 5 3 5 4 6 3 2 4;}\x0d\x0a@font-face\x0d\x0a\x09{font-family:Calibri;\x0d\x0a\x09panose-1:2 15 5 2 2 2 4 3 2 4;}\x0d\x0a /* Style Definitions */\x0d\x0a p.MsoNormal, li.MsoNormal, div.MsoNormal\x0d\x0a\x09{margin:0in;\x0d\x0a\x09margin-bottom:.0001pt;\x0d\x0a\x09font-size:11.0pt;\x0d\x0a\x09font-family:"Calibri","sans-serif";}\x0d\x0aa:link, span.MsoHyperlink\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:blue;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aa:visited, span.MsoHyperlinkFollowed\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:purple;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aspan.EmailStyle17\x0d\x0a\x09{mso-style-type:personal-compose;\x0d\x0a\x09font-family:"Calibri","sans-serif";\x0d\x0a\x09color:windowtext;}\x0d\x0a.MsoChpDefault\x0d\x0a\x09{mso-style-type:export-only;}\x0d\x0a@page Section1\x0d\x0a\x09{size:8.5in 11.0in;\x0d\x0a\x09margin:1.0in 1.0in 1.0in 1.0in;}\x0d\x0adiv.Section1\x0d\x0a\x09{page:Section1;}\x0d\x0a-->\x0d\x0a</style>\x0d\x0a<!--[if gte mso 9]><xml>\x0d\x0a <o:shapedefaults v:ext="edit" spidmax="1026" />\x0d\x0a</xml><![endif]--><!--[if gte mso 9]><xml>\x0d\x0a <o:shapelayout v:ext="edit">\x0d\x0a  <o:idmap v:ext="edit" data="1" />\x0d\x0a </o:shapelayout></xml><![endif]-->\x0d\x0a</head>\x0d\x0a\x0d\x0a<body lang=EN-US link=blue vlink=purple>\x0d\x0a\x0d\x0a<div class=Section1>\x0d\x0a\x0d\x0a<p class=MsoNormal>Hello<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>I send u smtp pcap file <o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>Find the attachment<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>GPS<o:p></o:p></p>\x0d\x0a\x0d\x0a</div>\x0d\x0a\x0d\x0a</body>\x0d\x0a\x0d\x0a</html>\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={\x0a\x0974.53.140.153\x0a}, rx_hosts={\x0a\x0910.10.1.4\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=4, analyzers={\x0a\x0a}, mime_type=text/html, filename=<uninitialized>, duration=61.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1868, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
 
 1254722770.692804 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
 1254722770.692804 mime_end_entity
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722770.692804 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = T
 
 1254722770.692804 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
 1254722770.692804 mime_begin_entity
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722770.692804 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/plain;^Iname="NEWS.txt"]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/plain;\x09name="NEWS.txt"]
 
 1254722770.692804 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] h: mime_header_rec = [name=CONTENT-TRANSFER-ENCODING, value=quoted-printable]
 
 1254722770.692804 mime_one_header
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] h: mime_header_rec = [name=CONTENT-DISPOSITION, value=attachment;^Ifilename="NEWS.txt"]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-DISPOSITION, value=attachment;\x09filename="NEWS.txt"]
 
 1254722770.692804 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
 1254722770.692804 file_new
-                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692804, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
 
 1254722770.692804 file_over_new_connection
-                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692804, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={\x0a\x0a}, rx_hosts={\x0a\x0a}, conn_uids={\x0a\x0a}, source=SMTP, depth=0, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
 1254722770.695115 new_connection
-                  [0] c: connection      = [id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722770.695115, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722770.695115, duration=0.0, service={\x0a\x0a}, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1254722771.494181 file_mime_type
-                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722771.494181, seen_bytes=4027, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Version 4.9.9.1^M^J* Many bug fixes^M^J* Improved editor^M^J^M^JVersion 4.9.9.0^M^J* Support for latest Mingw compiler system builds^M^J* Bug fixes^M^J^M^JVersion 4.9.8.9^M^J* New code tooltip display^M^J* Improved Indent/Unindent and Remove Comment^M^J* Improved automatic indent^M^J* Added support for the "interface" keyword^M^J* WebUpdate should now report installation problems from PackMan^M^J* New splash screen and association icons^M^J* Improved installer^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.7^M^J* Added support for GCC > 3.2^M^J* Debug variables are now resent during next debug session^M^J* Watched Variables not in correct context are now kept and updated when it is needed^M^J* Added new compiler/linker options: ^M^J  - Strip executable^M^J  - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, ^M^J    k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)^M^J  - Enable use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow)^M^J* "Default" button in Compiler Options is back^M^J* Error messages parsing improved^M^J* Bug fixes^M^J^M^JVersion 4.9.8.5^M^J* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value")^M^J* During Dev-C++ First Time COnfiguration window, users can now choose between using or not class browser and code completion features.^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.4^M^J* Added the possibility to specify an include directory for the code completion cache to be created at Dev-C++ first startup^M^J* Improved code completion cache^M^J* WebUpdate will now backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executable in devcpp.exe.BACKUP^M^J* Big speed up in function parameters listing while editing^M^J* Bug fixes^M^J^M^JVersion 4.9.8.3^M^J* On Dev-C++ first time configuration dialog, a code completion cache of all the standard ^M^J  include files can now be generated.^M^J* Improved WebUpdate module^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.2^M^J* New debug feature for DLLs: attach to a running process^M^J* New project option: Use custom Makefile. ^M^J* New WebUpdater module.^M^J* Allow user to specify an alternate configuration file in Environment Options ^M^J  (still can be overriden by using "-c" command line parameter).^M^J* Lots of bug fixes.^M^J^M^JVersion 4.9.8.1^M^J* When creating a DLL, the created static lib respects now the project-defined output directory^M^J^M^JVersion 4.9.8.0^M^J* Changed position of compiler/linker parameters in Project Options.^M^J* Improved help file^M^J* Bug fixes^M^J^M^JVersion 4.9.7.9^M^J* Resource errors are now reported in the Resource sheet^M^J* Many bug fixes^M^J^M^JVersion 4.9.7.8^M^J* Made whole bottom report control floating instead of only debug output.^M^J* Many bug fixes^M^J^M^JVersion 4.9.7.7^M^J* Printing settings are now saved^M^J* New environment options : "watch variable under mouse" and "Report watch errors"^M^J* Bug fixes^M^J^M^JVersion 4.9.7.6^M^J* Debug variable browser^M^J* Added possibility to include in a Template the Project's directories (include, libs and ressources)^M^J* Changed tint of Class browser pictures colors to match the New Look style^M^J* Bug fixes^M^J^M^JVersion 4.9.7.5^M^J* Bug fixes^M^J^M^JVersion 4.9.7.4^M^J* When compiling with debugging symbols, an extra definition is passed to the^M^J  compiler: -D__DEBUG__^M^J* Each project creates a <project_name>_private.h file containing version^M^J  information definitions^M^J* When compiling the current file only, no dependency checks are performed^M^J* ~300% Speed-up in class parser^M^J* Added "External programs" in Tools/Environment Options (for units "Open with")^M^J* Added "Open with" in project units context menu^M^J* Added "Classes" toolbar^M^J* Fixed pre-compilation dependency checks to work correctly^M^J* Added new file menu entry: Save Project As^M^J* Bug-fix for double quotes in devcpp.cfg file read by vUpdate^M^J* Other bug fixes^M^J^M^JVersion 4.9.7.3^M^J* When adding debugging symbols on request, remove "-s" option from linker^M^J* Compiling progress window^M^J* Environment options : "Show progress window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=5, analyzers={^J^J}, mime_type=<uninitialized>, filename=NEWS.txt, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
-                  [1] mime_type: string  = text/plain
+1254722771.494181 file_sniff
+                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722771.494181, seen_bytes=4027, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Version 4.9.9.1\x0d\x0a* Many bug fixes\x0d\x0a* Improved editor\x0d\x0a\x0d\x0aVersion 4.9.9.0\x0d\x0a* Support for latest Mingw compiler system builds\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.9\x0d\x0a* New code tooltip display\x0d\x0a* Improved Indent/Unindent and Remove Comment\x0d\x0a* Improved automatic indent\x0d\x0a* Added support for the "interface" keyword\x0d\x0a* WebUpdate should now report installation problems from PackMan\x0d\x0a* New splash screen and association icons\x0d\x0a* Improved installer\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.7\x0d\x0a* Added support for GCC > 3.2\x0d\x0a* Debug variables are now resent during next debug session\x0d\x0a* Watched Variables not in correct context are now kept and updated when it is needed\x0d\x0a* Added new compiler/linker options: \x0d\x0a  - Strip executable\x0d\x0a  - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, \x0d\x0a    k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)\x0d\x0a  - Enable use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow)\x0d\x0a* "Default" button in Compiler Options is back\x0d\x0a* Error messages parsing improved\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.5\x0d\x0a* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value")\x0d\x0a* During Dev-C++ First Time COnfiguration window, users can now choose between using or not class browser and code completion features.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.4\x0d\x0a* Added the possibility to specify an include directory for the code completion cache to be created at Dev-C++ first startup\x0d\x0a* Improved code completion cache\x0d\x0a* WebUpdate will now backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executable in devcpp.exe.BACKUP\x0d\x0a* Big speed up in function parameters listing while editing\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.3\x0d\x0a* On Dev-C++ first time configuration dialog, a code completion cache of all the standard \x0d\x0a  include files can now be generated.\x0d\x0a* Improved WebUpdate module\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.2\x0d\x0a* New debug feature for DLLs: attach to a running process\x0d\x0a* New project option: Use custom Makefile. \x0d\x0a* New WebUpdater module.\x0d\x0a* Allow user to specify an alternate configuration file in Environment Options \x0d\x0a  (still can be overriden by using "-c" command line parameter).\x0d\x0a* Lots of bug fixes.\x0d\x0a\x0d\x0aVersion 4.9.8.1\x0d\x0a* When creating a DLL, the created static lib respects now the project-defined output directory\x0d\x0a\x0d\x0aVersion 4.9.8.0\x0d\x0a* Changed position of compiler/linker parameters in Project Options.\x0d\x0a* Improved help file\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.9\x0d\x0a* Resource errors are now reported in the Resource sheet\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.8\x0d\x0a* Made whole bottom report control floating instead of only debug output.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.7\x0d\x0a* Printing settings are now saved\x0d\x0a* New environment options : "watch variable under mouse" and "Report watch errors"\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.6\x0d\x0a* Debug variable browser\x0d\x0a* Added possibility to include in a Template the Project's directories (include, libs and ressources)\x0d\x0a* Changed tint of Class browser pictures colors to match the New Look style\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.5\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.4\x0d\x0a* When compiling with debugging symbols, an extra definition is passed to the\x0d\x0a  compiler: -D__DEBUG__\x0d\x0a* Each project creates a <project_name>_private.h file containing version\x0d\x0a  information definitions\x0d\x0a* When compiling the current file only, no dependency checks are performed\x0d\x0a* ~300% Speed-up in class parser\x0d\x0a* Added "External programs" in Tools/Environment Options (for units "Open with")\x0d\x0a* Added "Open with" in project units context menu\x0d\x0a* Added "Classes" toolbar\x0d\x0a* Fixed pre-compilation dependency checks to work correctly\x0d\x0a* Added new file menu entry: Save Project As\x0d\x0a* Bug-fix for double quotes in devcpp.cfg file read by vUpdate\x0d\x0a* Other bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.3\x0d\x0a* When adding debugging symbols on request, remove "-s" option from linker\x0d\x0a* Compiling progress window\x0d\x0a* Environment options : "Show progress window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={\x0a\x0974.53.140.153\x0a}, rx_hosts={\x0a\x0910.10.1.4\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=5, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=NEWS.txt, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
+                  [1] meta: fa_metadata  = [mime_type=text/plain, mime_types=[[strength=-20, mime=text/plain]]]
 
 1254722771.858334 mime_end_entity
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722771.858334 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = T
 
 1254722771.858334 file_state_remove
-                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722771.858316, seen_bytes=10809, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Version 4.9.9.1^M^J* Many bug fixes^M^J* Improved editor^M^J^M^JVersion 4.9.9.0^M^J* Support for latest Mingw compiler system builds^M^J* Bug fixes^M^J^M^JVersion 4.9.8.9^M^J* New code tooltip display^M^J* Improved Indent/Unindent and Remove Comment^M^J* Improved automatic indent^M^J* Added support for the "interface" keyword^M^J* WebUpdate should now report installation problems from PackMan^M^J* New splash screen and association icons^M^J* Improved installer^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.7^M^J* Added support for GCC > 3.2^M^J* Debug variables are now resent during next debug session^M^J* Watched Variables not in correct context are now kept and updated when it is needed^M^J* Added new compiler/linker options: ^M^J  - Strip executable^M^J  - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, ^M^J    k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)^M^J  - Enable use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow)^M^J* "Default" button in Compiler Options is back^M^J* Error messages parsing improved^M^J* Bug fixes^M^J^M^JVersion 4.9.8.5^M^J* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value")^M^J* During Dev-C++ First Time COnfiguration window, users can now choose between using or not class browser and code completion features.^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.4^M^J* Added the possibility to specify an include directory for the code completion cache to be created at Dev-C++ first startup^M^J* Improved code completion cache^M^J* WebUpdate will now backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executable in devcpp.exe.BACKUP^M^J* Big speed up in function parameters listing while editing^M^J* Bug fixes^M^J^M^JVersion 4.9.8.3^M^J* On Dev-C++ first time configuration dialog, a code completion cache of all the standard ^M^J  include files can now be generated.^M^J* Improved WebUpdate module^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.2^M^J* New debug feature for DLLs: attach to a running process^M^J* New project option: Use custom Makefile. ^M^J* New WebUpdater module.^M^J* Allow user to specify an alternate configuration file in Environment Options ^M^J  (still can be overriden by using "-c" command line parameter).^M^J* Lots of bug fixes.^M^J^M^JVersion 4.9.8.1^M^J* When creating a DLL, the created static lib respects now the project-defined output directory^M^J^M^JVersion 4.9.8.0^M^J* Changed position of compiler/linker parameters in Project Options.^M^J* Improved help file^M^J* Bug fixes^M^J^M^JVersion 4.9.7.9^M^J* Resource errors are now reported in the Resource sheet^M^J* Many bug fixes^M^J^M^JVersion 4.9.7.8^M^J* Made whole bottom report control floating instead of only debug output.^M^J* Many bug fixes^M^J^M^JVersion 4.9.7.7^M^J* Printing settings are now saved^M^J* New environment options : "watch variable under mouse" and "Report watch errors"^M^J* Bug fixes^M^J^M^JVersion 4.9.7.6^M^J* Debug variable browser^M^J* Added possibility to include in a Template the Project's directories (include, libs and ressources)^M^J* Changed tint of Class browser pictures colors to match the New Look style^M^J* Bug fixes^M^J^M^JVersion 4.9.7.5^M^J* Bug fixes^M^J^M^JVersion 4.9.7.4^M^J* When compiling with debugging symbols, an extra definition is passed to the^M^J  compiler: -D__DEBUG__^M^J* Each project creates a <project_name>_private.h file containing version^M^J  information definitions^M^J* When compiling the current file only, no dependency checks are performed^M^J* ~300% Speed-up in class parser^M^J* Added "External programs" in Tools/Environment Options (for units "Open with")^M^J* Added "Open with" in project units context menu^M^J* Added "Classes" toolbar^M^J* Fixed pre-compilation dependency checks to work correctly^M^J* Added new file menu entry: Save Project As^M^J* Bug-fix for double quotes in devcpp.cfg file read by vUpdate^M^J* Other bug fixes^M^J^M^JVersion 4.9.7.3^M^J* When adding debugging symbols on request, remove "-s" option from linker^M^J* Compiling progress window^M^J* Environment options : "Show progress window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=5, analyzers={^J^J}, mime_type=text/plain, filename=NEWS.txt, duration=801.0 msecs 376.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4027, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
+                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722771.858316, seen_bytes=10809, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Version 4.9.9.1\x0d\x0a* Many bug fixes\x0d\x0a* Improved editor\x0d\x0a\x0d\x0aVersion 4.9.9.0\x0d\x0a* Support for latest Mingw compiler system builds\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.9\x0d\x0a* New code tooltip display\x0d\x0a* Improved Indent/Unindent and Remove Comment\x0d\x0a* Improved automatic indent\x0d\x0a* Added support for the "interface" keyword\x0d\x0a* WebUpdate should now report installation problems from PackMan\x0d\x0a* New splash screen and association icons\x0d\x0a* Improved installer\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.7\x0d\x0a* Added support for GCC > 3.2\x0d\x0a* Debug variables are now resent during next debug session\x0d\x0a* Watched Variables not in correct context are now kept and updated when it is needed\x0d\x0a* Added new compiler/linker options: \x0d\x0a  - Strip executable\x0d\x0a  - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, \x0d\x0a    k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)\x0d\x0a  - Enable use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow)\x0d\x0a* "Default" button in Compiler Options is back\x0d\x0a* Error messages parsing improved\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.5\x0d\x0a* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value")\x0d\x0a* During Dev-C++ First Time COnfiguration window, users can now choose between using or not class browser and code completion features.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.4\x0d\x0a* Added the possibility to specify an include directory for the code completion cache to be created at Dev-C++ first startup\x0d\x0a* Improved code completion cache\x0d\x0a* WebUpdate will now backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executable in devcpp.exe.BACKUP\x0d\x0a* Big speed up in function parameters listing while editing\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.3\x0d\x0a* On Dev-C++ first time configuration dialog, a code completion cache of all the standard \x0d\x0a  include files can now be generated.\x0d\x0a* Improved WebUpdate module\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.2\x0d\x0a* New debug feature for DLLs: attach to a running process\x0d\x0a* New project option: Use custom Makefile. \x0d\x0a* New WebUpdater module.\x0d\x0a* Allow user to specify an alternate configuration file in Environment Options \x0d\x0a  (still can be overriden by using "-c" command line parameter).\x0d\x0a* Lots of bug fixes.\x0d\x0a\x0d\x0aVersion 4.9.8.1\x0d\x0a* When creating a DLL, the created static lib respects now the project-defined output directory\x0d\x0a\x0d\x0aVersion 4.9.8.0\x0d\x0a* Changed position of compiler/linker parameters in Project Options.\x0d\x0a* Improved help file\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.9\x0d\x0a* Resource errors are now reported in the Resource sheet\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.8\x0d\x0a* Made whole bottom report control floating instead of only debug output.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.7\x0d\x0a* Printing settings are now saved\x0d\x0a* New environment options : "watch variable under mouse" and "Report watch errors"\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.6\x0d\x0a* Debug variable browser\x0d\x0a* Added possibility to include in a Template the Project's directories (include, libs and ressources)\x0d\x0a* Changed tint of Class browser pictures colors to match the New Look style\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.5\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.4\x0d\x0a* When compiling with debugging symbols, an extra definition is passed to the\x0d\x0a  compiler: -D__DEBUG__\x0d\x0a* Each project creates a <project_name>_private.h file containing version\x0d\x0a  information definitions\x0d\x0a* When compiling the current file only, no dependency checks are performed\x0d\x0a* ~300% Speed-up in class parser\x0d\x0a* Added "External programs" in Tools/Environment Options (for units "Open with")\x0d\x0a* Added "Open with" in project units context menu\x0d\x0a* Added "Classes" toolbar\x0d\x0a* Fixed pre-compilation dependency checks to work correctly\x0d\x0a* Added new file menu entry: Save Project As\x0d\x0a* Bug-fix for double quotes in devcpp.cfg file read by vUpdate\x0d\x0a* Other bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.3\x0d\x0a* When adding debugging symbols on request, remove "-s" option from linker\x0d\x0a* Compiling progress window\x0d\x0a* Environment options : "Show progress window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={\x0a\x0974.53.140.153\x0a}, rx_hosts={\x0a\x0910.10.1.4\x0a}, conn_uids={\x0aCjhGID4nQcgTWjvg4c\x0a}, source=SMTP, depth=5, analyzers={\x0a\x0a}, mime_type=text/plain, filename=NEWS.txt, duration=801.0 msecs 376.0 usecs, local_orig=<uninitialized>, is_orig=F, seen_bytes=4027, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>, u2_events=<uninitialized>]
 
 1254722771.858334 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
 1254722771.858334 mime_end_entity
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722771.858334 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = T
 
 1254722771.858334 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
 1254722771.858334 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = T
 
 1254722771.858334 get_file_handle
                   [0] tag: enum          = Analyzer::ANALYZER_SMTP
-                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
 1254722771.858334 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = .
                   [3] arg: string        = .
 
 1254722772.248789 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0], start_time=1254722767.529046, duration=4.719743, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0], start_time=1254722767.529046, duration=4.719743, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = .
@@ -470,13 +470,13 @@
                   [5] cont_resp: bool    = F
 
 1254722774.763825 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.234779, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.234779, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = QUIT
                   [3] arg: string        = 
 
 1254722775.105467 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.576421, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaF, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.576421, service={\x0aSMTP\x0a}, history=ShAdDaF, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 221
                   [3] cmd: string        = QUIT
@@ -484,24 +484,24 @@
                   [5] cont_resp: bool    = F
 
 1254722776.690444 new_connection
-                  [0] c: connection      = [id=[orig_h=10.10.1.20, orig_p=138/udp, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722776.690444, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CsRx2w45OKnoww6xl4, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.20, orig_p=138/udp, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722776.690444, duration=0.0, service={\x0a\x0a}, history=, uid=CsRx2w45OKnoww6xl4, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722776.690444 net_done
                   [0] t: time            = 1254722776.690444
 
 1254722776.690444 ChecksumOffloading::check
 1254722776.690444 connection_state_remove
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=1, num_bytes_ip=128, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=1, num_bytes_ip=128, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={\x0aDNS\x0a}, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=[pending_queries={\x0a\x0a}, pending_replies={\x0a\x0a}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722776.690444 filter_change_tracking
 1254722776.690444 connection_state_remove
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=28, num_bytes_ip=21673, flow_label=0], resp=[size=538, state=5, num_pkts=25, num_bytes_ip=1546, flow_label=0], start_time=1254722767.529046, duration=7.576953, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaFf, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=221 xc90.websitewelcome.com closing connection, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=28, num_bytes_ip=21673, flow_label=0], resp=[size=538, state=5, num_pkts=25, num_bytes_ip=1546, flow_label=0], start_time=1254722767.529046, duration=7.576953, service={\x0aSMTP\x0a}, history=ShAdDaFf, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=221 xc90.websitewelcome.com closing connection, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722776.690444 connection_state_remove
-                  [0] c: connection      = [id=[orig_h=10.10.1.20, orig_p=138/udp, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=201, state=1, num_pkts=1, num_bytes_ip=229, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722776.690444, duration=0.0, service={^J^J}, addl=, hot=0, history=D, uid=CsRx2w45OKnoww6xl4, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.20, orig_p=138/udp, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=201, state=1, num_pkts=1, num_bytes_ip=229, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722776.690444, duration=0.0, service={\x0a\x0a}, history=D, uid=CsRx2w45OKnoww6xl4, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722776.690444 connection_state_remove
-                  [0] c: connection      = [id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=2192, state=1, num_pkts=4, num_bytes_ip=2304, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722770.695115, duration=0.001519, service={^J^J}, addl=, hot=0, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=2192, state=1, num_pkts=4, num_bytes_ip=2304, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722770.695115, duration=0.001519, service={\x0a\x0a}, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1254722776.690444 bro_done
 1254722776.690444 ChecksumOffloading::check
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
index fbe9032fe7..f6b3b649bb 100644
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
@@ -1,5 +1,5 @@
 1254722768.219663 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={\x0a\x0a}, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 220
                   [3] cmd: string        = >
@@ -7,7 +7,7 @@
                   [5] cont_resp: bool    = T
 
 1254722768.219663 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={\x0a\x0a}, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 220
                   [3] cmd: string        = >
@@ -15,7 +15,7 @@
                   [5] cont_resp: bool    = T
 
 1254722768.219663 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={\x0a\x0a}, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 220
                   [3] cmd: string        = >
@@ -23,13 +23,13 @@
                   [5] cont_resp: bool    = F
 
 1254722768.224809 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={\x0aSMTP\x0a}, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = EHLO
                   [3] arg: string        = GP
 
 1254722768.566183 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = EHLO
@@ -37,7 +37,7 @@
                   [5] cont_resp: bool    = T
 
 1254722768.566183 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = EHLO
@@ -45,7 +45,7 @@
                   [5] cont_resp: bool    = T
 
 1254722768.566183 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = EHLO
@@ -53,7 +53,7 @@
                   [5] cont_resp: bool    = T
 
 1254722768.566183 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = EHLO
@@ -61,7 +61,7 @@
                   [5] cont_resp: bool    = T
 
 1254722768.566183 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = EHLO
@@ -69,7 +69,7 @@
                   [5] cont_resp: bool    = T
 
 1254722768.566183 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = EHLO
@@ -77,13 +77,13 @@
                   [5] cont_resp: bool    = F
 
 1254722768.568729 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.039683, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.039683, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = AUTH
                   [3] arg: string        = LOGIN
 
 1254722768.911081 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.382035, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.382035, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 334
                   [3] cmd: string        = AUTH
@@ -91,13 +91,13 @@
                   [5] cont_resp: bool    = F
 
 1254722768.911655 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.382609, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.382609, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = **
                   [3] arg: string        = Z3VycGFydGFwQHBhdHJpb3RzLmlu
 
 1254722769.253544 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.724498, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.724498, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 334
                   [3] cmd: string        = AUTH_ANSWER
@@ -105,13 +105,13 @@
                   [5] cont_resp: bool    = F
 
 1254722769.254118 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=1.725072, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=1.725072, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = **
                   [3] arg: string        = cHVuamFiQDEyMw==
 
 1254722769.613798 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=2.084752, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=2.084752, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 235
                   [3] cmd: string        = AUTH_ANSWER
@@ -119,13 +119,13 @@
                   [5] cont_resp: bool    = F
 
 1254722769.614414 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.085368, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.085368, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = MAIL
                   [3] arg: string        = FROM: <gurpartap@patriots.in>
 
 1254722769.956765 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.427719, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.427719, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = MAIL
@@ -133,13 +133,13 @@
                   [5] cont_resp: bool    = F
 
 1254722769.957250 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.428204, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.428204, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = RCPT
                   [3] arg: string        = TO: <raj_deol2002in@yahoo.co.in>
 
 1254722770.319708 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.790662, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.790662, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = RCPT
@@ -147,13 +147,13 @@
                   [5] cont_resp: bool    = F
 
 1254722770.320203 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = DATA
                   [3] arg: string        = 
 
 1254722770.661679 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=3.132633, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=3.132633, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 354
                   [3] cmd: string        = DATA
@@ -161,13 +161,13 @@
                   [5] cont_resp: bool    = F
 
 1254722771.858334 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = .
                   [3] arg: string        = .
 
 1254722772.248789 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0], start_time=1254722767.529046, duration=4.719743, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0], start_time=1254722767.529046, duration=4.719743, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 250
                   [3] cmd: string        = .
@@ -175,13 +175,13 @@
                   [5] cont_resp: bool    = F
 
 1254722774.763825 smtp_request
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.234779, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.234779, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = T
                   [2] command: string    = QUIT
                   [3] arg: string        = 
 
 1254722775.105467 smtp_reply
-                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.576421, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaF, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.576421, service={\x0aSMTP\x0a}, history=ShAdDaF, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] is_orig: bool      = F
                   [2] code: count        = 221
                   [3] cmd: string        = QUIT
diff --git a/testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log b/testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log
new file mode 100644
index 0000000000..ca510300c2
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log
@@ -0,0 +1,23 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	http
+#open	2015-03-16-20-10-52
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	orig_fuids	orig_mime_types	resp_fuids	resp_mime_types	client_header_names	server_header_names
+#types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
+1300475168.784020	CRJuHdVW0XPVINV8a	141.142.220.118	48649	208.80.152.118	80	1	GET	bits.wikimedia.org	/skins-1.5/monobook/main.css	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-	-	HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL	DATE,VIA,X-VARNISH,LAST-MODIFIED,ETAG,VARY,CONNECTION
+1300475168.916018	CJ3xTn1c4Zw9TmAE05	141.142.220.118	49997	208.80.152.3	80	1	GET	upload.wikimedia.org	/wikipedia/commons/6/63/Wikipedia-logo.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-	-	HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL	DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
+1300475168.916183	C7XEbhP654jzLoe3a	141.142.220.118	49996	208.80.152.3	80	1	GET	upload.wikimedia.org	/wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-	-	HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL	DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
+1300475168.918358	C3SfNE4BWaU4aSuwkc	141.142.220.118	49998	208.80.152.3	80	1	GET	upload.wikimedia.org	/wikipedia/commons/b/bd/Bookshelf-40x201_6.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-	-	HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL	DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
+1300475168.952307	CyAhVIzHqb7t7kv28	141.142.220.118	50000	208.80.152.3	80	1	GET	upload.wikimedia.org	/wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-	-	HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL	DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
+1300475168.952296	CzA03V1VcgagLjnO92	141.142.220.118	49999	208.80.152.3	80	1	GET	upload.wikimedia.org	/wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-	-	HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL	DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
+1300475168.954820	CkDsfG2YIeWJmXWNWj	141.142.220.118	50001	208.80.152.3	80	1	GET	upload.wikimedia.org	/wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-	-	HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL	DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
+1300475168.962687	Cn78a440HlxuyZKs6f	141.142.220.118	35642	208.80.152.2	80	1	GET	meta.wikimedia.org	/images/wikimedia-button.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-	-	HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL	DATE,CONTENT-TYPE,EXPIRES,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
+1300475168.975934	CJ3xTn1c4Zw9TmAE05	141.142.220.118	49997	208.80.152.3	80	2	GET	upload.wikimedia.org	/wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-	-	HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL	DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
+1300475168.976436	C7XEbhP654jzLoe3a	141.142.220.118	49996	208.80.152.3	80	2	GET	upload.wikimedia.org	/wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-	-	HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL	DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
+1300475168.979264	C3SfNE4BWaU4aSuwkc	141.142.220.118	49998	208.80.152.3	80	2	GET	upload.wikimedia.org	/wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-	-	HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL	DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
+1300475169.014619	CyAhVIzHqb7t7kv28	141.142.220.118	50000	208.80.152.3	80	2	GET	upload.wikimedia.org	/wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-	-	HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL	DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
+1300475169.014593	CzA03V1VcgagLjnO92	141.142.220.118	49999	208.80.152.3	80	2	GET	upload.wikimedia.org	/wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-	-	HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL	DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
+1300475169.014927	CkDsfG2YIeWJmXWNWj	141.142.220.118	50001	208.80.152.3	80	2	GET	upload.wikimedia.org	/wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-	-	HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL	DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
+#close	2015-03-16-20-10-52
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssh.detect-bruteforcing/notice.log b/testing/btest/Baseline/scripts.policy.protocols.ssh.detect-bruteforcing/notice.log
new file mode 100644
index 0000000000..ee206db117
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssh.detect-bruteforcing/notice.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	notice
+#open	2015-03-30-15-43-30
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
+#types	time	string	addr	port	addr	port	string	string	string	enum	enum	string	string	addr	addr	port	count	string	set[enum]	interval	bool	string	string	string	double	double
+1427726711.398575	-	-	-	-	-	-	-	-	-	SSH::Password_Guessing	192.168.56.1 appears to be guessing SSH passwords (seen in 10 connections).	Sampled servers:  192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103	192.168.56.1	-	-	-	bro	Notice::ACTION_LOG	3600.000000	F	-	-	-	-	-
+#close	2015-03-30-15-43-30
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.expiring-certs/notice.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.expiring-certs/notice.log
index 218feeb750..3b67a891ca 100644
--- a/testing/btest/Baseline/scripts.policy.protocols.ssl.expiring-certs/notice.log
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.expiring-certs/notice.log
@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	notice
-#open	2014-04-01-23-16-27
+#open	2015-04-15-23-54-27
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
 #types	time	string	addr	port	addr	port	string	string	string	enum	enum	string	string	addr	addr	port	count	string	set[enum]	interval	bool	string	string	string	double	double
 1394745603.293028	CXWv6p3arKYeMETxOg	192.168.4.149	60539	87.98.220.10	443	F1fX1R2cDOzbvg17ye	-	-	tcp	SSL::Certificate_Expired	Certificate CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated expired at 2014-03-04-23:59:59.000000000	-	192.168.4.149	87.98.220.10	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
-1394745619.197766	CjhGID4nQcgTWjvg4c	192.168.4.149	60540	122.1.240.204	443	F6NAbK127LhNBaEe5c	-	-	tcp	SSL::Certificate_Expires_Soon	Certificate CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP is going to expire at 2014-03-14-23:59:59.000000000	-	192.168.4.149	122.1.240.204	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
-#close	2014-04-01-23-16-27
+1394745619.197766	CjhGID4nQcgTWjvg4c	192.168.4.149	60540	122.1.240.204	443	F6NAbK127LhNBaEe5c	-	-	tcp	SSL::Certificate_Expires_Soon	Certificate CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP is going to expire at 2014-03-14-23:59:59.000000000	-	192.168.4.149	122.1.240.204	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
+#close	2015-04-15-23-54-27
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-cluster/ssl.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-cluster/ssl.log
new file mode 100644
index 0000000000..df2cdf9732
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-cluster/ssl.log
@@ -0,0 +1,15 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open	2015-03-09-19-32-44
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer	validation_status
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	string	string	string
+1425929564.247511	CXWv6p3arKYeMETxOg	192.168.4.149	58529	128.32.169.140	443	TLSv10	TLS_RSA_WITH_RC4_128_MD5	-	-	F	-	-	T	FTzCuuqU5y7w85H89	(empty)	CN=www.cviis.org,OU=Domain Control Validated	CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US	-	-	unable to get local issuer certificate
+1425929565.270104	CXWv6p3arKYeMETxOg	192.168.4.149	58529	128.32.169.140	443	TLSv10	TLS_RSA_WITH_RC4_128_MD5	-	-	F	-	-	T	FXzQOu1ZSKSF7H8Ez6	(empty)	CN=www.cviis.org,OU=Domain Control Validated	CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US	-	-	unable to get local issuer certificate
+1425929566.843026	CjhGID4nQcgTWjvg4c	192.168.4.149	58530	72.167.102.91	443	TLSv12	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	secp256r1	-	F	-	-	T	F5l2dVkZHiwiOWR67,Fkw2ETDXfIXIvatba,Fbgf8A3V6m8v33wTcj	(empty)	CN=valid.sfig2.catest.starfieldtech.com,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US,serialNumber=R-1724741-6,businessCategory=Private Organization,jurisdictionST=Arizona,jurisdictionC=US	CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US	-	-	ok
+1425929571.372511	CCvvfg3TEfuqmmG4bh	192.168.4.149	58532	128.32.169.140	443	TLSv10	TLS_RSA_WITH_RC4_128_MD5	-	-	F	-	-	T	FhEtvg4pQ90832J56f	(empty)	CN=www.cviis.org,OU=Domain Control Validated	CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US	-	-	ok
+1425929567.865619	CjhGID4nQcgTWjvg4c	192.168.4.149	58530	72.167.102.91	443	TLSv12	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	secp256r1	-	F	-	-	T	Fyc6cQ2rMCAhpIGcM5,FoJ8j735m9ogDYopYj,FHaYhA3ykzVlKPnnsc	(empty)	CN=valid.sfig2.catest.starfieldtech.com,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US,serialNumber=R-1724741-6,businessCategory=Private Organization,jurisdictionST=Arizona,jurisdictionC=US	CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US	-	-	ok
+1425929572.395104	CCvvfg3TEfuqmmG4bh	192.168.4.149	58532	128.32.169.140	443	TLSv10	TLS_RSA_WITH_RC4_128_MD5	-	-	F	-	-	T	FwZZ8034tgyXSponwg	(empty)	CN=www.cviis.org,OU=Domain Control Validated	CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US	-	-	ok
+#close	2015-03-09-19-32-53
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-no-cache/ssl.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-no-cache/ssl.log
new file mode 100644
index 0000000000..9f33703649
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-no-cache/ssl.log
@@ -0,0 +1,12 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open	2015-03-09-19-51-25
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer	validation_status
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	string	string	string
+1417039703.224578	CXWv6p3arKYeMETxOg	192.168.4.149	58529	128.32.169.140	443	TLSv10	TLS_RSA_WITH_RC4_128_MD5	-	-	F	-	-	T	FghNi02cFL9n6ttuMa	(empty)	CN=www.cviis.org,OU=Domain Control Validated	CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US	-	-	unable to get local issuer certificate
+1417039705.820093	CjhGID4nQcgTWjvg4c	192.168.4.149	58530	72.167.102.91	443	TLSv12	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	secp256r1	-	F	-	-	T	Fz7gr4fSm2T2sEyDl,FhjNBG25vvoBO6CS79,FQFHJA20WL56NP6LXk	(empty)	CN=valid.sfig2.catest.starfieldtech.com,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US,serialNumber=R-1724741-6,businessCategory=Private Organization,jurisdictionST=Arizona,jurisdictionC=US	CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US	-	-	ok
+1417039710.349578	CCvvfg3TEfuqmmG4bh	192.168.4.149	58532	128.32.169.140	443	TLSv10	TLS_RSA_WITH_RC4_128_MD5	-	-	F	-	-	T	FRcFYq3e3hgYkZ8dS1	(empty)	CN=www.cviis.org,OU=Domain Control Validated	CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US	-	-	unable to get local issuer certificate
+#close	2015-03-09-19-51-25
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl-all.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl-all.log
new file mode 100644
index 0000000000..77ba9233ae
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl-all.log
@@ -0,0 +1,23 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open	2015-03-09-19-44-42
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer	validation_status
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	string	string	string
+1394745602.951961	CXWv6p3arKYeMETxOg	192.168.4.149	60539	87.98.220.10	443	TLSv10	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	-	-	F	-	-	T	F1fX1R2cDOzbvg17ye,FqPEQR2eytAQybroyl	(empty)	CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated	CN=COMODO SSL CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	-	-	certificate has expired
+1394745618.791420	CjhGID4nQcgTWjvg4c	192.168.4.149	60540	122.1.240.204	443	TLSv10	TLS_RSA_WITH_AES_256_CBC_SHA	-	-	F	-	-	T	F6NAbK127LhNBaEe5c,FDhmPt28vyXlGMTxP7,F0ROCKibhE1KntJ1h	(empty)	CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP	CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US	-	-	ok
+#close	2015-03-09-19-44-42
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open	2015-03-09-19-44-42
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer	validation_status
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	string	string	string
+1417039703.224578	CXWv6p3arKYeMETxOg	192.168.4.149	58529	128.32.169.140	443	TLSv10	TLS_RSA_WITH_RC4_128_MD5	-	-	F	-	-	T	FghNi02cFL9n6ttuMa	(empty)	CN=www.cviis.org,OU=Domain Control Validated	CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US	-	-	unable to get local issuer certificate
+1417039705.820093	CjhGID4nQcgTWjvg4c	192.168.4.149	58530	72.167.102.91	443	TLSv12	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	secp256r1	-	F	-	-	T	Fz7gr4fSm2T2sEyDl,FhjNBG25vvoBO6CS79,FQFHJA20WL56NP6LXk	(empty)	CN=valid.sfig2.catest.starfieldtech.com,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US,serialNumber=R-1724741-6,businessCategory=Private Organization,jurisdictionST=Arizona,jurisdictionC=US	CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US	-	-	ok
+1417039710.349578	CCvvfg3TEfuqmmG4bh	192.168.4.149	58532	128.32.169.140	443	TLSv10	TLS_RSA_WITH_RC4_128_MD5	-	-	F	-	-	T	FRcFYq3e3hgYkZ8dS1	(empty)	CN=www.cviis.org,OU=Domain Control Validated	CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US	-	-	ok
+#close	2015-03-09-19-44-42
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log
deleted file mode 100644
index a464c64670..0000000000
--- a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log
+++ /dev/null
@@ -1,11 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	ssl
-#open	2014-08-08-17-13-58
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer	validation_status
-#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	string	string	string
-1394745602.951961	CXWv6p3arKYeMETxOg	192.168.4.149	60539	87.98.220.10	443	TLSv10	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	-	-	F	-	-	T	F1fX1R2cDOzbvg17ye,FqPEQR2eytAQybroyl	(empty)	CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated	CN=COMODO SSL CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	-	-	certificate has expired
-1394745618.791420	CjhGID4nQcgTWjvg4c	192.168.4.149	60540	122.1.240.204	443	TLSv10	TLS_RSA_WITH_AES_256_CBC_SHA	-	-	F	-	-	T	F6NAbK127LhNBaEe5c,FDhmPt28vyXlGMTxP7,F0ROCKibhE1KntJ1h	(empty)	CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP	CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US	-	-	ok
-#close	2014-08-08-17-13-58
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice-out.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice-out.log
new file mode 100644
index 0000000000..f39d2d2adb
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice-out.log
@@ -0,0 +1,33 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	notice
+#open	2015-02-25-21-37-10
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
+#types	time	string	addr	port	addr	port	string	string	string	enum	enum	string	string	addr	addr	port	count	string	set[enum]	interval	bool	string	string	string	double	double
+1398558136.430417	CXWv6p3arKYeMETxOg	192.168.18.50	62277	162.219.2.166	443	-	-	-	tcp	SSL::Weak_Key	Host uses weak DH parameters with 1024 key bits	-	192.168.18.50	162.219.2.166	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
+1398558136.430417	CXWv6p3arKYeMETxOg	192.168.18.50	62277	162.219.2.166	443	-	-	-	tcp	SSL::Weak_Key	DH key length of 1024 bits is smaller certificate key length of 2048 bits	-	192.168.18.50	162.219.2.166	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
+1398558136.542637	CXWv6p3arKYeMETxOg	192.168.18.50	62277	162.219.2.166	443	-	-	-	tcp	SSL::Weak_Key	Host uses weak certificate with 2048 bit key	-	192.168.18.50	162.219.2.166	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
+#close	2015-02-25-21-37-10
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	notice
+#open	2015-02-25-21-37-10
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
+#types	time	string	addr	port	addr	port	string	string	string	enum	enum	string	string	addr	addr	port	count	string	set[enum]	interval	bool	string	string	string	double	double
+1397165496.713940	CXWv6p3arKYeMETxOg	192.168.4.149	59062	91.227.4.92	443	-	-	-	tcp	SSL::Old_Version	Host uses protocol version SSLv2 which is lower than the safe minimum TLSv10	-	192.168.4.149	91.227.4.92	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
+#close	2015-02-25-21-37-11
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	notice
+#open	2015-02-25-21-37-11
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
+#types	time	string	addr	port	addr	port	string	string	string	enum	enum	string	string	addr	addr	port	count	string	set[enum]	interval	bool	string	string	string	double	double
+1170717505.734145	CXWv6p3arKYeMETxOg	192.150.187.164	58868	194.127.84.106	443	-	-	-	tcp	SSL::Weak_Cipher	Host established connection using unsafe ciper suite TLS_RSA_WITH_RC4_128_MD5	-	192.150.187.164	194.127.84.106	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
+1170717505.934612	CXWv6p3arKYeMETxOg	192.150.187.164	58868	194.127.84.106	443	-	-	-	tcp	SSL::Weak_Key	Host uses weak certificate with 1024 bit key	-	192.150.187.164	194.127.84.106	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
+#close	2015-02-25-21-37-11
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice.log
deleted file mode 100644
index b44fb54b70..0000000000
--- a/testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice.log
+++ /dev/null
@@ -1,12 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	notice
-#open	2014-04-27-07-15-32
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
-#types	time	string	addr	port	addr	port	string	string	string	enum	enum	string	string	addr	addr	port	count	string	set[enum]	interval	bool	string	string	string	double	double
-1398558136.430417	CXWv6p3arKYeMETxOg	192.168.18.50	62277	162.219.2.166	443	-	-	-	tcp	SSL::Weak_Key	Host uses weak DH parameters with 1024 key bits	-	192.168.18.50	162.219.2.166	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
-1398558136.430417	CXWv6p3arKYeMETxOg	192.168.18.50	62277	162.219.2.166	443	-	-	-	tcp	SSL::Weak_Key	DH key length of 1024 bits is smaller certificate key length of 2048 bits	-	192.168.18.50	162.219.2.166	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
-1398558136.542637	CXWv6p3arKYeMETxOg	192.168.18.50	62277	162.219.2.166	443	-	-	-	tcp	SSL::Weak_Key	Host uses weak certificate with 2048 bit key	-	192.168.18.50	162.219.2.166	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
-#close	2014-04-27-07-15-32
diff --git a/testing/btest/Baseline/signatures.load-sigs/output b/testing/btest/Baseline/signatures.load-sigs/output
index 2a22b47ad4..52e0eeb92c 100644
--- a/testing/btest/Baseline/signatures.load-sigs/output
+++ b/testing/btest/Baseline/signatures.load-sigs/output
@@ -1,3 +1,3 @@
 [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
 works
-GET /images/wikimedia-button.png HTTP/1.1^M^JHost: meta.wikimedia.org^M^JUser-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Geck...
+GET /images/wikimedia-button.png HTTP/1.1\x0d\x0aHost: meta.wikimedia.org\x0d\x0aUser-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Geck...
diff --git a/testing/btest/Baseline/signatures.udp-packetwise-match/out b/testing/btest/Baseline/signatures.udp-packetwise-match/out
new file mode 100644
index 0000000000..5b5066d638
--- /dev/null
+++ b/testing/btest/Baseline/signatures.udp-packetwise-match/out
@@ -0,0 +1,6 @@
+signature match, Found .*XXXX, XXXX
+signature match, Found .*YYYY, YYYY
+signature match, Found XXXX, XXXX
+signature match, Found YYYY, YYYY
+signature match, Found ^XXXX, XXXX
+signature match, Found ^YYYY, YYYY
diff --git a/testing/btest/Traces/dns53.pcap b/testing/btest/Traces/dns53.pcap
new file mode 100644
index 0000000000..2d97acad74
Binary files /dev/null and b/testing/btest/Traces/dns53.pcap differ
diff --git a/testing/btest/Traces/http/zero-length-bodies-with-drops.pcap b/testing/btest/Traces/http/zero-length-bodies-with-drops.pcap
new file mode 100644
index 0000000000..6de1f1efc5
Binary files /dev/null and b/testing/btest/Traces/http/zero-length-bodies-with-drops.pcap differ
diff --git a/testing/btest/Traces/icmp/icmp_sent.pcap b/testing/btest/Traces/icmp/icmp_sent.pcap
new file mode 100644
index 0000000000..0f0cfcb73e
Binary files /dev/null and b/testing/btest/Traces/icmp/icmp_sent.pcap differ
diff --git a/testing/btest/Traces/krb/auth.trace b/testing/btest/Traces/krb/auth.trace
new file mode 100644
index 0000000000..e9f1ba9521
Binary files /dev/null and b/testing/btest/Traces/krb/auth.trace differ
diff --git a/testing/btest/Traces/krb/kinit.trace b/testing/btest/Traces/krb/kinit.trace
new file mode 100644
index 0000000000..a465086903
Binary files /dev/null and b/testing/btest/Traces/krb/kinit.trace differ
diff --git a/testing/btest/Traces/pe/pe.trace b/testing/btest/Traces/pe/pe.trace
new file mode 100644
index 0000000000..c70c9e6afe
Binary files /dev/null and b/testing/btest/Traces/pe/pe.trace differ
diff --git a/testing/btest/Traces/rdp/rdp-proprietary-encryption.pcap b/testing/btest/Traces/rdp/rdp-proprietary-encryption.pcap
new file mode 100644
index 0000000000..a26dd5637f
Binary files /dev/null and b/testing/btest/Traces/rdp/rdp-proprietary-encryption.pcap differ
diff --git a/testing/btest/Traces/rdp/rdp-to-ssl.pcap b/testing/btest/Traces/rdp/rdp-to-ssl.pcap
new file mode 100644
index 0000000000..e57d4b7cf7
Binary files /dev/null and b/testing/btest/Traces/rdp/rdp-to-ssl.pcap differ
diff --git a/testing/btest/Traces/rdp/rdp-x509.pcap b/testing/btest/Traces/rdp/rdp-x509.pcap
new file mode 100644
index 0000000000..073d03e4ee
Binary files /dev/null and b/testing/btest/Traces/rdp/rdp-x509.pcap differ
diff --git a/testing/btest/Traces/sip/wireshark.trace b/testing/btest/Traces/sip/wireshark.trace
new file mode 100644
index 0000000000..f91ab49b4a
Binary files /dev/null and b/testing/btest/Traces/sip/wireshark.trace differ
diff --git a/testing/btest/Traces/ssh-on-port-80.trace b/testing/btest/Traces/ssh/ssh-on-port-80.trace
similarity index 100%
rename from testing/btest/Traces/ssh-on-port-80.trace
rename to testing/btest/Traces/ssh/ssh-on-port-80.trace
diff --git a/testing/btest/Traces/ssh/ssh.trace b/testing/btest/Traces/ssh/ssh.trace
new file mode 100644
index 0000000000..54980005e2
Binary files /dev/null and b/testing/btest/Traces/ssh/ssh.trace differ
diff --git a/testing/btest/Traces/ssh/sshguess.pcap b/testing/btest/Traces/ssh/sshguess.pcap
new file mode 100644
index 0000000000..7408acc948
Binary files /dev/null and b/testing/btest/Traces/ssh/sshguess.pcap differ
diff --git a/testing/btest/Traces/tls/cert-no-cn.pcap b/testing/btest/Traces/tls/cert-no-cn.pcap
new file mode 100644
index 0000000000..d208c696b5
Binary files /dev/null and b/testing/btest/Traces/tls/cert-no-cn.pcap differ
diff --git a/testing/btest/Traces/tls/dtls-openssl.pcap b/testing/btest/Traces/tls/dtls-openssl.pcap
new file mode 100644
index 0000000000..b07e6921a1
Binary files /dev/null and b/testing/btest/Traces/tls/dtls-openssl.pcap differ
diff --git a/testing/btest/Traces/tls/missing-intermediate.pcap b/testing/btest/Traces/tls/missing-intermediate.pcap
new file mode 100644
index 0000000000..9f44e3e4d2
Binary files /dev/null and b/testing/btest/Traces/tls/missing-intermediate.pcap differ
diff --git a/testing/btest/Traces/tls/tls-fragmented-handshake.pcap.gz b/testing/btest/Traces/tls/tls-fragmented-handshake.pcap.gz
new file mode 100644
index 0000000000..6642502fa0
Binary files /dev/null and b/testing/btest/Traces/tls/tls-fragmented-handshake.pcap.gz differ
diff --git a/testing/btest/Traces/udp-signature-test.pcap b/testing/btest/Traces/udp-signature-test.pcap
new file mode 100644
index 0000000000..01a880fae1
Binary files /dev/null and b/testing/btest/Traces/udp-signature-test.pcap differ
diff --git a/testing/btest/bifs/to_count.bro b/testing/btest/bifs/to_count.bro
index 33754117d4..8de8c5c674 100644
--- a/testing/btest/bifs/to_count.bro
+++ b/testing/btest/bifs/to_count.bro
@@ -24,4 +24,12 @@ event bro_init()
 	local e: port = 123/tcp;
 	print port_to_count(e);
 
+	local origString =        "9223372036854775808";
+	local directCount: count = 9223372036854775808;
+	local fromStringCount: count = to_count(origString);
+
+	if ( directCount == fromStringCount )
+	   print fmt("%s and %s are the same", directCount, fromStringCount);
+	else
+	   print fmt("%s and %s are not the same", directCount, fromStringCount);
 	}
diff --git a/testing/btest/bifs/x509_verify.bro b/testing/btest/bifs/x509_verify.bro
index 7fe9a69c6e..59939180c8 100644
--- a/testing/btest/bifs/x509_verify.bro
+++ b/testing/btest/bifs/x509_verify.bro
@@ -1,6 +1,10 @@
-# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT 
+# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT
 # @TEST-EXEC: btest-diff .stdout
 
+redef SSL::root_certs += {
+	["OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x02\x3C\x30\x82\x01\xA5\x02\x10\x70\xBA\xE4\x1D\x10\xD9\x29\x34\xB6\x38\xCA\x7B\x03\xCC\xBA\xBF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x36\x30\x31\x32\x39\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xC9\x5C\x59\x9E\xF2\x1B\x8A\x01\x14\xB4\x10\xDF\x04\x40\xDB\xE3\x57\xAF\x6A\x45\x40\x8F\x84\x0C\x0B\xD1\x33\xD9\xD9\x11\xCF\xEE\x02\x58\x1F\x25\xF7\x2A\xA8\x44\x05\xAA\xEC\x03\x1F\x78\x7F\x9E\x93\xB9\x9A\x00\xAA\x23\x7D\xD6\xAC\x85\xA2\x63\x45\xC7\x72\x27\xCC\xF4\x4C\xC6\x75\x71\xD2\x39\xEF\x4F\x42\xF0\x75\xDF\x0A\x90\xC6\x8E\x20\x6F\x98\x0F\xF8\xAC\x23\x5F\x70\x29\x36\xA4\xC9\x86\xE7\xB1\x9A\x20\xCB\x53\xA5\x85\xE7\x3D\xBE\x7D\x9A\xFE\x24\x45\x33\xDC\x76\x15\xED\x0F\xA2\x71\x64\x4C\x65\x2E\x81\x68\x45\xA7\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x03\x81\x81\x00\xBB\x4C\x12\x2B\xCF\x2C\x26\x00\x4F\x14\x13\xDD\xA6\xFB\xFC\x0A\x11\x84\x8C\xF3\x28\x1C\x67\x92\x2F\x7C\xB6\xC5\xFA\xDF\xF0\xE8\x95\xBC\x1D\x8F\x6C\x2C\xA8\x51\xCC\x73\xD8\xA4\xC0\x53\xF0\x4E\xD6\x26\xC0\x76\x01\x57\x81\x92\x5E\x21\xF1\xD1\xB1\xFF\xE7\xD0\x21\x58\xCD\x69\x17\xE3\x44\x1C\x9C\x19\x44\x39\x89\x5C\xDC\x9C\x00\x0F\x56\x8D\x02\x99\xED\xA2\x90\x45\x4C\xE4\xBB\x10\xA4\x3D\xF0\x32\x03\x0E\xF1\xCE\xF8\xE8\xC9\x51\x8C\xE6\x62\x9F\xE6\x9F\xC0\x7D\xB7\x72\x9C\xC9\x36\x3A\x6B\x9F\x4E\xA8\xFF\x64\x0D\x64"
+};
+
 event ssl_established(c: connection) &priority=3
 	{
 	local chain: vector of opaque of x509 = vector();
diff --git a/testing/btest/broker/clone_store.bro b/testing/btest/broker/clone_store.bro
new file mode 100644
index 0000000000..1973595bab
--- /dev/null
+++ b/testing/btest/broker/clone_store.bro
@@ -0,0 +1,125 @@
+# @TEST-SERIALIZE: brokercomm
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+
+# @TEST-EXEC: btest-bg-run clone "bro -b -r $TRACES/wikipedia.trace ../clone.bro broker_port=$BROKER_PORT >clone.out"
+# @TEST-EXEC: btest-bg-run master "bro -b -r $TRACES/wikipedia.trace ../master.bro broker_port=$BROKER_PORT >master.out"
+
+# @TEST-EXEC: btest-bg-wait 60
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff clone/clone.out
+# @TEST-EXEC: btest-diff master/master.out
+
+@TEST-START-FILE clone.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+global h: opaque of BrokerStore::Handle;
+global expected_key_count = 4;
+global key_count = 0;
+
+global query_timeout = 30sec;
+
+function do_lookup(key: string)
+	{
+	when ( local res = BrokerStore::lookup(h, BrokerComm::data(key)) )
+		{
+		++key_count;
+		print "lookup", key, res;
+
+		if ( key_count == expected_key_count )
+			terminate();
+		}
+	timeout query_timeout
+		{
+		print "clone lookup query timeout";
+		terminate();
+		}
+	}
+
+event ready()
+	{
+	h = BrokerStore::create_clone("mystore");
+
+	when ( local res = BrokerStore::keys(h) )
+		{
+		print "clone keys", res;
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 0)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 1)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 2)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 3)));
+		}
+	timeout query_timeout
+		{
+		print "clone keys query timeout";
+		terminate();
+		}
+	}
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_events("bro/event/ready");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE master.bro
+
+global query_timeout = 15sec;
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+global h: opaque of BrokerStore::Handle;
+
+function dv(d: BrokerComm::Data): BrokerComm::DataVector
+	{
+	local rval: BrokerComm::DataVector;
+	rval[0] = d;
+	return rval;
+	}
+
+global ready: event();
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	local myset: set[string] = {"a", "b", "c"};
+	local myvec: vector of string = {"alpha", "beta", "gamma"};
+	h = BrokerStore::create_master("mystore");
+	BrokerStore::insert(h, BrokerComm::data("one"), BrokerComm::data(110));
+	BrokerStore::insert(h, BrokerComm::data("two"), BrokerComm::data(223));
+	BrokerStore::insert(h, BrokerComm::data("myset"), BrokerComm::data(myset));
+	BrokerStore::insert(h, BrokerComm::data("myvec"), BrokerComm::data(myvec));
+	BrokerStore::increment(h, BrokerComm::data("one"));
+	BrokerStore::decrement(h, BrokerComm::data("two"));
+	BrokerStore::add_to_set(h, BrokerComm::data("myset"), BrokerComm::data("d"));
+	BrokerStore::remove_from_set(h, BrokerComm::data("myset"), BrokerComm::data("b"));
+	BrokerStore::push_left(h, BrokerComm::data("myvec"), dv(BrokerComm::data("delta")));
+	BrokerStore::push_right(h, BrokerComm::data("myvec"), dv(BrokerComm::data("omega")));
+
+	when ( local res = BrokerStore::size(h) )
+		{ event ready(); }
+	timeout query_timeout
+		{
+		print "master size query timeout";
+		terminate();
+		}
+	}
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::auto_event("bro/event/ready", ready);
+	BrokerComm::connect("127.0.0.1", broker_port, 1secs);
+	}
+
+@TEST-END-FILE
diff --git a/testing/btest/broker/connection_updates.bro b/testing/btest/broker/connection_updates.bro
new file mode 100644
index 0000000000..1bbe90ccb5
--- /dev/null
+++ b/testing/btest/broker/connection_updates.bro
@@ -0,0 +1,57 @@
+# @TEST-SERIALIZE: brokercomm
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+
+# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
+# @TEST-EXEC: btest-bg-run send "bro -b ../send.bro broker_port=$BROKER_PORT >send.out"
+
+# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-diff recv/recv.out
+# @TEST-EXEC: btest-diff send/send.out
+
+@TEST-START-FILE recv.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "listener";
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established", peer_name;;
+	}
+
+event BrokerComm::incoming_connection_broken(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_broken", peer_name;;
+	terminate();
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE send.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "connector";
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::connect("127.0.0.1", broker_port, 1sec);
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established",
+	      peer_address, peer_port, peer_name;;
+	terminate();
+	}
+
+@TEST-END-FILE
diff --git a/testing/btest/broker/data.bro b/testing/btest/broker/data.bro
new file mode 100644
index 0000000000..bac7242c85
--- /dev/null
+++ b/testing/btest/broker/data.bro
@@ -0,0 +1,222 @@
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+
+# @TEST-EXEC: bro -b %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+type bro_set: set[string];
+type bro_table: table[string] of count;
+type bro_vector: vector of string;
+
+type bro_record : record {
+	a: string &optional;
+	b: string &default = "bee";
+	c: count;
+};
+
+function comm_record_to_bro_record_recurse(it: opaque of BrokerComm::RecordIterator,
+                                           rval: bro_record,
+                                           idx: count): bro_record
+	{
+	if ( BrokerComm::record_iterator_last(it) )
+		return rval;
+
+	local field_value = BrokerComm::record_iterator_value(it);
+
+	if ( field_value?$d )
+		switch ( idx ) {
+		case 0:
+			rval$a = BrokerComm::refine_to_string(field_value);
+			break;
+		case 1:
+			rval$b = BrokerComm::refine_to_string(field_value);
+			break;
+		case 2:
+			rval$c = BrokerComm::refine_to_count(field_value);
+			break;
+		};
+
+	++idx;
+	BrokerComm::record_iterator_next(it);
+	return comm_record_to_bro_record_recurse(it, rval, idx);
+	}
+
+function comm_record_to_bro_record(d: BrokerComm::Data): bro_record
+	{
+	return comm_record_to_bro_record_recurse(BrokerComm::record_iterator(d),
+	                                         bro_record($c = 0), 0);
+	}
+
+function
+comm_set_to_bro_set_recurse(it: opaque of BrokerComm::SetIterator,
+                            rval: bro_set): bro_set
+	{
+	if ( BrokerComm::set_iterator_last(it) )
+		return rval;
+
+	add rval[BrokerComm::refine_to_string(BrokerComm::set_iterator_value(it))];
+	BrokerComm::set_iterator_next(it);
+	return comm_set_to_bro_set_recurse(it, rval);
+	}
+
+
+function comm_set_to_bro_set(d: BrokerComm::Data): bro_set
+	{
+	return comm_set_to_bro_set_recurse(BrokerComm::set_iterator(d), bro_set());
+	}
+
+function
+comm_table_to_bro_table_recurse(it: opaque of BrokerComm::TableIterator,
+                                rval: bro_table): bro_table
+	{
+	if ( BrokerComm::table_iterator_last(it) )
+		return rval;
+
+	local item = BrokerComm::table_iterator_value(it);
+	rval[BrokerComm::refine_to_string(item$key)] = BrokerComm::refine_to_count(item$val);
+	BrokerComm::table_iterator_next(it);
+	return comm_table_to_bro_table_recurse(it, rval);
+	}
+
+function comm_table_to_bro_table(d: BrokerComm::Data): bro_table
+	{
+	return comm_table_to_bro_table_recurse(BrokerComm::table_iterator(d),
+	                                       bro_table());
+	}
+
+function comm_vector_to_bro_vector_recurse(it: opaque of BrokerComm::VectorIterator,
+                                           rval: bro_vector): bro_vector
+	{
+	if ( BrokerComm::vector_iterator_last(it) )
+		return rval;
+
+	rval[|rval|] = BrokerComm::refine_to_string(BrokerComm::vector_iterator_value(it));
+	BrokerComm::vector_iterator_next(it);
+	return comm_vector_to_bro_vector_recurse(it, rval);
+	}
+
+function comm_vector_to_bro_vector(d: BrokerComm::Data): bro_vector
+	{
+	return comm_vector_to_bro_vector_recurse(BrokerComm::vector_iterator(d),
+	                                         bro_vector());
+	}
+
+event bro_init()
+{
+BrokerComm::enable();
+print BrokerComm::data_type(BrokerComm::data(T));
+print BrokerComm::data_type(BrokerComm::data(+1));
+print BrokerComm::data_type(BrokerComm::data(1));
+print BrokerComm::data_type(BrokerComm::data(1.1));
+print BrokerComm::data_type(BrokerComm::data("1 (how creative)"));
+print BrokerComm::data_type(BrokerComm::data(1.1.1.1));
+print BrokerComm::data_type(BrokerComm::data(1.1.1.1/1));
+print BrokerComm::data_type(BrokerComm::data(1/udp));
+print BrokerComm::data_type(BrokerComm::data(double_to_time(1)));
+print BrokerComm::data_type(BrokerComm::data(1sec));
+print BrokerComm::data_type(BrokerComm::data(BrokerComm::BOOL));
+local s: bro_set = bro_set("one", "two", "three");
+local t: bro_table = bro_table(["one"] = 1, ["two"] = 2, ["three"] = 3);
+local v: bro_vector = bro_vector("zero", "one", "two");
+local r: bro_record = bro_record($c = 1);
+print BrokerComm::data_type(BrokerComm::data(s));
+print BrokerComm::data_type(BrokerComm::data(t));
+print BrokerComm::data_type(BrokerComm::data(v));
+print BrokerComm::data_type(BrokerComm::data(r));
+
+print "***************************";
+
+print BrokerComm::refine_to_bool(BrokerComm::data(T));
+print BrokerComm::refine_to_bool(BrokerComm::data(F));
+print BrokerComm::refine_to_int(BrokerComm::data(+1));
+print BrokerComm::refine_to_int(BrokerComm::data(+0));
+print BrokerComm::refine_to_int(BrokerComm::data(-1));
+print BrokerComm::refine_to_count(BrokerComm::data(1));
+print BrokerComm::refine_to_count(BrokerComm::data(0));
+print BrokerComm::refine_to_double(BrokerComm::data(1.1));
+print BrokerComm::refine_to_double(BrokerComm::data(-11.1));
+print BrokerComm::refine_to_string(BrokerComm::data("hello"));
+print BrokerComm::refine_to_addr(BrokerComm::data(1.2.3.4));
+print BrokerComm::refine_to_subnet(BrokerComm::data(192.168.1.1/16));
+print BrokerComm::refine_to_port(BrokerComm::data(22/tcp));
+print BrokerComm::refine_to_time(BrokerComm::data(double_to_time(42)));
+print BrokerComm::refine_to_interval(BrokerComm::data(3min));
+print BrokerComm::refine_to_enum_name(BrokerComm::data(BrokerComm::BOOL));
+
+print "***************************";
+
+local cs = BrokerComm::data(s);
+print comm_set_to_bro_set(cs);
+cs = BrokerComm::set_create();
+print BrokerComm::set_size(cs);
+print BrokerComm::set_insert(cs, BrokerComm::data("hi"));
+print BrokerComm::set_size(cs);
+print BrokerComm::set_contains(cs, BrokerComm::data("hi"));
+print BrokerComm::set_contains(cs, BrokerComm::data("bye"));
+print BrokerComm::set_insert(cs, BrokerComm::data("bye"));
+print BrokerComm::set_size(cs);
+print BrokerComm::set_remove(cs, BrokerComm::data("hi"));
+print BrokerComm::set_size(cs);
+print BrokerComm::set_remove(cs, BrokerComm::data("hi"));
+print comm_set_to_bro_set(cs);
+BrokerComm::set_clear(cs);
+print BrokerComm::set_size(cs);
+
+print "***************************";
+
+local ct = BrokerComm::data(t);
+print comm_table_to_bro_table(ct);
+ct = BrokerComm::table_create();
+print BrokerComm::table_size(ct);
+print BrokerComm::table_insert(ct, BrokerComm::data("hi"), BrokerComm::data(42));
+print BrokerComm::table_size(ct);
+print BrokerComm::table_contains(ct, BrokerComm::data("hi"));
+print BrokerComm::refine_to_count(BrokerComm::table_lookup(ct, BrokerComm::data("hi")));
+print BrokerComm::table_contains(ct, BrokerComm::data("bye"));
+print BrokerComm::table_insert(ct, BrokerComm::data("bye"), BrokerComm::data(7));
+print BrokerComm::table_size(ct);
+print BrokerComm::table_insert(ct, BrokerComm::data("bye"), BrokerComm::data(37));
+print BrokerComm::table_size(ct);
+print BrokerComm::refine_to_count(BrokerComm::table_lookup(ct, BrokerComm::data("bye")));
+print BrokerComm::table_remove(ct, BrokerComm::data("hi"));
+print BrokerComm::table_size(ct);
+
+print "***************************";
+
+local cv = BrokerComm::data(v);
+print comm_vector_to_bro_vector(cv);
+cv = BrokerComm::vector_create();
+print BrokerComm::vector_size(cv);
+print BrokerComm::vector_insert(cv, BrokerComm::data("hi"), 0);
+print BrokerComm::vector_insert(cv, BrokerComm::data("hello"), 1);
+print BrokerComm::vector_insert(cv, BrokerComm::data("greetings"), 2);
+print BrokerComm::vector_insert(cv, BrokerComm::data("salutations"), 1);
+print comm_vector_to_bro_vector(cv);
+print BrokerComm::vector_size(cv);
+print BrokerComm::vector_replace(cv, BrokerComm::data("bah"), 2);
+print BrokerComm::vector_lookup(cv, 2);
+print BrokerComm::vector_lookup(cv, 0);
+print comm_vector_to_bro_vector(cv);
+print BrokerComm::vector_remove(cv, 2);
+print comm_vector_to_bro_vector(cv);
+print BrokerComm::vector_size(cv);
+
+print "***************************";
+
+local cr = BrokerComm::data(r);
+print comm_record_to_bro_record(cr);
+r$a = "test";
+cr = BrokerComm::data(r);
+print comm_record_to_bro_record(cr);
+r$b = "testagain";
+cr = BrokerComm::data(r);
+print comm_record_to_bro_record(cr);
+cr = BrokerComm::record_create(3);
+print BrokerComm::record_size(cr);
+print BrokerComm::record_assign(cr, BrokerComm::data("hi"), 0);
+print BrokerComm::record_assign(cr, BrokerComm::data("hello"), 1);
+print BrokerComm::record_assign(cr, BrokerComm::data(37), 2);
+print BrokerComm::record_lookup(cr, 0);
+print BrokerComm::record_lookup(cr, 1);
+print BrokerComm::record_lookup(cr, 2);
+print BrokerComm::record_size(cr);
+}
diff --git a/testing/btest/broker/master_store.bro b/testing/btest/broker/master_store.bro
new file mode 100644
index 0000000000..3863822988
--- /dev/null
+++ b/testing/btest/broker/master_store.bro
@@ -0,0 +1,181 @@
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+
+# @TEST-EXEC: btest-bg-run master "bro -b -r $TRACES/wikipedia.trace %INPUT >out"
+# @TEST-EXEC: btest-bg-wait 60
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out
+
+redef exit_only_after_terminate = T;
+
+global h: opaque of BrokerStore::Handle;
+global lookup_count = 0;
+const lookup_expect_count = 5;
+global exists_count = 0;
+const exists_expect_count = 4;
+global pop_count = 0;
+const pop_expect_count = 2;
+
+global test_size: event(where: string &default = "");
+
+global query_timeout = 30sec;
+
+event test_clear()
+	{
+	BrokerStore::clear(h);
+	event test_size("after clear");
+	}
+
+event test_size(where: string)
+	{
+	when ( local res = BrokerStore::size(h) )
+		{
+		if ( where == "" )
+			{
+			print fmt("size: %s", res);
+			event test_clear();
+			}
+		else
+			{
+			print fmt("size (%s): %s", where, res);
+			terminate();
+			}
+		}
+	timeout query_timeout
+		{
+		print "'size' query timeout";
+
+		if ( where == "" )
+			event test_clear();
+		else
+			terminate();
+		}
+	}
+
+event test_keys()
+	{
+	when ( local res = BrokerStore::keys(h) )
+		{
+		print fmt("keys: %s", res);
+		event test_size();
+		}
+	timeout query_timeout
+		{
+		print "'keys' query timeout";
+		event test_size();
+		}
+	}
+
+event test_pop(key: string)
+	{
+	when ( local lres = BrokerStore::pop_left(h, BrokerComm::data(key)) )
+		{
+		print fmt("pop_left(%s): %s", key, lres);
+		++pop_count;
+
+		if ( pop_count == pop_expect_count )
+			event test_keys();
+		}
+	timeout query_timeout
+		{
+		print "'pop_left' timeout";
+		++pop_count;
+
+		if ( pop_count == pop_expect_count )
+			event test_keys();
+		}
+
+	when ( local rres = BrokerStore::pop_right(h, BrokerComm::data(key)) )
+		{
+		print fmt("pop_right(%s): %s", key, rres);
+		++pop_count;
+
+		if ( pop_count == pop_expect_count )
+			event test_keys();
+		}
+	timeout query_timeout
+		{
+		print "'pop_right' timeout";
+		++pop_count;
+
+		if ( pop_count == pop_expect_count )
+			event test_keys();
+		}
+	}
+
+function do_exists(key: string)
+	{
+	when ( local res = BrokerStore::exists(h, BrokerComm::data(key)) )
+		{
+		print fmt("exists(%s): %s", key, res);
+		++exists_count;
+
+		if ( exists_count == exists_expect_count )
+			event test_pop("myvec");
+		}
+	timeout query_timeout
+		{
+		print "'exists' query timeout";
+		++exists_count;
+
+		if ( exists_count == exists_expect_count )
+			event test_pop("myvec");
+		}
+	}
+
+event test_erase()
+	{
+	BrokerStore::erase(h, BrokerComm::data("two"));
+	do_exists("one");
+	do_exists("two");
+	do_exists("myset");
+	do_exists("four");
+	}
+
+function do_lookup(key: string)
+	{
+	when ( local res = BrokerStore::lookup(h, BrokerComm::data(key)) )
+		{
+		print fmt("lookup(%s): %s", key, res);
+		++lookup_count;
+
+		if ( lookup_count == lookup_expect_count )
+			event test_erase();
+		}
+	timeout query_timeout
+		{
+		print "'lookup' query timeout";
+		++lookup_count;
+
+		if ( lookup_count == lookup_expect_count )
+			event test_erase();
+		}
+	}
+
+function dv(d: BrokerComm::Data): BrokerComm::DataVector
+	{
+	local rval: BrokerComm::DataVector;
+	rval[0] = d;
+	return rval;
+	}
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	local myset: set[string] = {"a", "b", "c"};
+	local myvec: vector of string = {"alpha", "beta", "gamma"};
+	h = BrokerStore::create_master("master");
+	BrokerStore::insert(h, BrokerComm::data("one"), BrokerComm::data(110));
+	BrokerStore::insert(h, BrokerComm::data("two"), BrokerComm::data(223));
+	BrokerStore::insert(h, BrokerComm::data("myset"), BrokerComm::data(myset));
+	BrokerStore::insert(h, BrokerComm::data("myvec"), BrokerComm::data(myvec));
+	BrokerStore::increment(h, BrokerComm::data("one"));
+	BrokerStore::decrement(h, BrokerComm::data("two"));
+	BrokerStore::add_to_set(h, BrokerComm::data("myset"), BrokerComm::data("d"));
+	BrokerStore::remove_from_set(h, BrokerComm::data("myset"), BrokerComm::data("b"));
+	BrokerStore::push_left(h, BrokerComm::data("myvec"), dv(BrokerComm::data("delta")));
+	BrokerStore::push_right(h, BrokerComm::data("myvec"), dv(BrokerComm::data("omega")));
+	do_lookup("one");
+	do_lookup("two");
+	do_lookup("myset");
+	do_lookup("four");
+	do_lookup("myvec");
+	}
diff --git a/testing/btest/broker/remote_event.test b/testing/btest/broker/remote_event.test
new file mode 100644
index 0000000000..6dbf8e77a0
--- /dev/null
+++ b/testing/btest/broker/remote_event.test
@@ -0,0 +1,94 @@
+# @TEST-SERIALIZE: brokercomm
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+
+# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
+# @TEST-EXEC: btest-bg-run send "bro -b ../send.bro broker_port=$BROKER_PORT >send.out"
+
+# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-diff recv/recv.out
+# @TEST-EXEC: btest-diff send/send.out
+
+@TEST-START-FILE recv.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+global event_handler: event(msg: string, c: count);
+global auto_event_handler: event(msg: string, c: count);
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_events("bro/event/");
+	BrokerComm::auto_event("bro/event/my_topic", auto_event_handler);
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+global event_count = 0;
+global events_to_recv = 6;
+
+event event_handler(msg: string, n: count)
+	{
+	++event_count;
+	print "got event msg", msg, n;
+
+	if ( event_count == events_to_recv )
+		{
+		terminate();
+		return;
+		}
+
+	event auto_event_handler(msg, n);
+	local args = BrokerComm::event_args(event_handler, "pong", n);
+	BrokerComm::event("bro/event/my_topic", args);
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE send.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+global event_handler: event(msg: string, c: count);
+global auto_event_handler: event(msg: string, c: count);
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_events("bro/event/my_topic");
+	BrokerComm::connect("127.0.0.1", broker_port, 1secs);
+	}
+
+global event_count = 0;
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established", peer_address, peer_port;
+	local args = BrokerComm::event_args(event_handler, "ping", event_count);
+	BrokerComm::event("bro/event/hi", args);
+	++event_count;
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+event event_handler(msg: string, n: count)
+	{
+	print "got event msg", msg, n;
+	local args = BrokerComm::event_args(event_handler, "ping", event_count);
+    BrokerComm::event("bro/event/hi", args);
+	++event_count;
+	}
+
+event auto_event_handler(msg: string, n: count)
+	{
+	print "got auto event msg", msg, n;
+	}
+	
+@TEST-END-FILE
diff --git a/testing/btest/broker/remote_log.test b/testing/btest/broker/remote_log.test
new file mode 100644
index 0000000000..d481f0ae25
--- /dev/null
+++ b/testing/btest/broker/remote_log.test
@@ -0,0 +1,97 @@
+# @TEST-SERIALIZE: brokercomm
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+
+# @TEST-EXEC: btest-bg-run recv "bro -b ../common.bro ../recv.bro broker_port=$BROKER_PORT >recv.out"
+# @TEST-EXEC: btest-bg-run send "bro -b ../common.bro ../send.bro broker_port=$BROKER_PORT >send.out"
+
+# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-diff recv/recv.out
+# @TEST-EXEC: btest-diff recv/test.log
+# @TEST-EXEC: btest-diff send/send.out
+# @TEST-EXEC: btest-diff send/test.log
+
+@TEST-START-FILE common.bro
+
+module Test;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Info: record {
+		msg: string &log;
+		num: count &log;
+		nolog: string &default="no";
+	};
+
+	global log_test: event(rec: Test::Info);
+}
+
+event bro_init() &priority=5
+	{
+	BrokerComm::enable();
+	Log::create_stream(Test::LOG, [$columns=Test::Info, $ev=log_test]);
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE recv.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+event bro_init()
+	{
+	BrokerComm::subscribe_to_logs("bro/log/");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event Test::log_test(rec: Test::Info)
+	{
+	print "wrote log", rec;
+
+	if ( rec$num == 5 )
+		terminate();
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE send.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+event bro_init()
+	{
+	BrokerComm::enable_remote_logs(Test::LOG);
+	BrokerComm::connect("127.0.0.1", broker_port, 1secs);
+	}
+
+global n = 0;
+
+event do_write()
+	{
+	if ( n == 6 )
+		return;
+	else
+		{
+		Log::write(Test::LOG, [$msg = "ping", $num = n]);
+		++n;
+		event do_write();
+		}
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established", peer_address, peer_port;
+	event do_write();
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+@TEST-END-FILE
diff --git a/testing/btest/broker/remote_print.test b/testing/btest/broker/remote_print.test
new file mode 100644
index 0000000000..b6430ec3be
--- /dev/null
+++ b/testing/btest/broker/remote_print.test
@@ -0,0 +1,83 @@
+# @TEST-SERIALIZE: brokercomm
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+
+# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
+# @TEST-EXEC: btest-bg-run send "bro -b ../send.bro broker_port=$BROKER_PORT >send.out"
+
+# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-diff recv/recv.out
+# @TEST-EXEC: btest-diff send/send.out
+
+@TEST-START-FILE recv.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	BrokerComm::subscribe_to_prints("bro/print/");
+	}
+
+global messages_to_recv = 6;
+global messages_sent = 0;
+global messages_recv = 0;
+
+event BrokerComm::print_handler(msg: string)
+	{
+	++messages_recv;
+	print "got print msg", msg;
+
+	if ( messages_to_recv == messages_recv )
+		{
+		terminate();
+		return;
+		}
+
+	BrokerComm::print("bro/print/my_topic", fmt("pong %d", messages_sent));
+	++messages_sent;
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE send.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_prints("bro/print/my_topic");
+	BrokerComm::connect("127.0.0.1", broker_port, 1secs);
+	}
+
+global messages_sent = 0;
+global messages_recv = 0;
+global peer_disconnected = F;
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established", peer_address, peer_port;
+	BrokerComm::print("bro/print/hi", fmt("ping %d", messages_sent));
+	++messages_sent;
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+event BrokerComm::print_handler(msg: string)
+	{
+	++messages_recv;
+	print "got print msg", msg;
+	BrokerComm::print("bro/print/hi", fmt("ping %d", messages_sent));
+	++messages_sent;
+	}
+
+@TEST-END-FILE
diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg
index 43f29d40a1..cfddb92899 100644
--- a/testing/btest/btest.cfg
+++ b/testing/btest/btest.cfg
@@ -1,5 +1,5 @@
 [btest]
-TestDirs    = doc bifs language core scripts istate coverage signatures plugins
+TestDirs    = doc bifs language core scripts istate coverage signatures plugins broker
 TmpDir      = %(testbase)s/.tmp
 BaselineDir = %(testbase)s/Baseline
 IgnoreDirs  = .svn CVS .tmp
@@ -13,7 +13,7 @@ BRO_PLUGIN_PATH=
 TZ=UTC
 LC_ALL=C
 BTEST_PATH=%(testbase)s/../../aux/btest
-PATH=%(testbase)s/../../build/src:%(testbase)s/../scripts:%(testbase)s/../../aux/btest:%(testbase)s/../../build/aux/bro-aux/bro-cut:%(default_path)s:%(testbase)s/../../aux/btest/sphinx:%(default_path)s
+PATH=%(testbase)s/../../build/src:%(testbase)s/../scripts:%(testbase)s/../../aux/btest:%(testbase)s/../../build/aux/bro-aux/bro-cut:%(testbase)s/../../aux/btest/sphinx:%(default_path)s:/sbin
 TRACES=%(testbase)s/Traces
 FILES=%(testbase)s/Files
 SCRIPTS=%(testbase)s/../scripts
@@ -25,3 +25,4 @@ TMPDIR=%(testbase)s/.tmp
 BRO_PROFILER_FILE=%(testbase)s/.tmp/script-coverage.XXXXXX
 BTEST_RST_FILTER=$SCRIPTS/rst-filter
 BRO_DNS_FAKE=1
+BROKER_PORT=9999/tcp
diff --git a/testing/btest/core/check-unused-event-handlers.test b/testing/btest/core/check-unused-event-handlers.test
index f9ad105ff6..3836414054 100644
--- a/testing/btest/core/check-unused-event-handlers.test
+++ b/testing/btest/core/check-unused-event-handlers.test
@@ -1,6 +1,6 @@
 # This test should print a warning that the event handler is never invoked.
 # @TEST-EXEC: bro -b %INPUT check_for_unused_event_handlers=T
-# @TEST-EXEC: btest-diff .stderr
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff .stderr
 
 event this_is_never_used()
 	{
diff --git a/testing/btest/core/conn-size-threshold.bro b/testing/btest/core/conn-size-threshold.bro
new file mode 100644
index 0000000000..ce83e5939d
--- /dev/null
+++ b/testing/btest/core/conn-size-threshold.bro
@@ -0,0 +1,32 @@
+# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event connection_established(c: connection)
+	{
+	print get_current_conn_bytes_threshold(c$id, T);
+	print get_current_conn_bytes_threshold(c$id, F);
+	print get_current_conn_packets_threshold(c$id, T);
+	print get_current_conn_packets_threshold(c$id, F);
+
+	print fmt("Threshold set for %s", cat(c$id));
+	set_current_conn_bytes_threshold(c$id, 3000, T);
+	set_current_conn_bytes_threshold(c$id, 2000, F);
+
+	set_current_conn_packets_threshold(c$id, 50, F);
+	set_current_conn_packets_threshold(c$id, 63, T);
+
+	print get_current_conn_bytes_threshold(c$id, T);
+	print get_current_conn_bytes_threshold(c$id, F);
+	print get_current_conn_packets_threshold(c$id, T);
+	print get_current_conn_packets_threshold(c$id, F);
+	}
+
+event conn_bytes_threshold_crossed(c: connection, threshold: count, is_orig: bool)
+	{
+	print "triggered bytes", c$id, threshold, is_orig;
+	}
+
+event conn_packets_threshold_crossed(c: connection, threshold: count, is_orig: bool)
+	{
+	print "triggered packets", c$id, threshold, is_orig;
+	}
diff --git a/testing/btest/core/icmp/icmp_sent.bro b/testing/btest/core/icmp/icmp_sent.bro
new file mode 100644
index 0000000000..406ca637ba
--- /dev/null
+++ b/testing/btest/core/icmp/icmp_sent.bro
@@ -0,0 +1,12 @@
+# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp_sent.pcap %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+event icmp_sent(c: connection, icmp: icmp_conn)
+	{
+	print "icmp_sent", c$id, icmp;
+	}
+
+event icmp_sent_payload(c: connection, icmp: icmp_conn, payload: string)
+	{
+	print "icmp_sent_payload", c$id, icmp, |payload|;
+	}
diff --git a/testing/btest/core/leaks/ayiya.test b/testing/btest/core/leaks/ayiya.test
index bf9f867cdd..3572cf98ba 100644
--- a/testing/btest/core/leaks/ayiya.test
+++ b/testing/btest/core/leaks/ayiya.test
@@ -5,4 +5,4 @@
 # @TEST-GROUP: leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/ayiya3.trace
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 60
diff --git a/testing/btest/core/leaks/basic-cluster.bro b/testing/btest/core/leaks/basic-cluster.bro
index 2d93469850..7c9df36b9a 100644
--- a/testing/btest/core/leaks/basic-cluster.bro
+++ b/testing/btest/core/leaks/basic-cluster.bro
@@ -9,7 +9,7 @@
 # @TEST-EXEC: sleep 1
 # @TEST-EXEC: btest-bg-run worker-1  HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro -m %INPUT
 # @TEST-EXEC: btest-bg-run worker-2  HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro -m %INPUT
-# @TEST-EXEC: btest-bg-wait 25
+# @TEST-EXEC: btest-bg-wait 60
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
diff --git a/testing/btest/core/leaks/bloomfilter.bro b/testing/btest/core/leaks/bloomfilter.bro
index e35294f98c..e93bfe23cc 100644
--- a/testing/btest/core/leaks/bloomfilter.bro
+++ b/testing/btest/core/leaks/bloomfilter.bro
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 60
 
 function test_basic_bloom_filter()
   {
diff --git a/testing/btest/core/leaks/broker/clone_store.bro b/testing/btest/core/leaks/broker/clone_store.bro
new file mode 100644
index 0000000000..06df81e1d5
--- /dev/null
+++ b/testing/btest/core/leaks/broker/clone_store.bro
@@ -0,0 +1,113 @@
+# @TEST-SERIALIZE: brokercomm
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
+# @TEST-GROUP: leak
+
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run clone "bro -m -b ../clone.bro broker_port=$BROKER_PORT >clone.out"
+# @TEST-EXEC: btest-bg-run master "bro -b ../master.bro broker_port=$BROKER_PORT >master.out"
+
+# @TEST-EXEC: btest-bg-wait 45
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff clone/clone.out
+
+@TEST-START-FILE clone.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+global h: opaque of BrokerStore::Handle;
+global expected_key_count = 4;
+global key_count = 0;
+
+function do_lookup(key: string)
+	{
+	when ( local res = BrokerStore::lookup(h, BrokerComm::data(key)) )
+		{
+		++key_count;
+		print "lookup", key, res;
+
+		if ( key_count == expected_key_count )
+			terminate();
+		}
+	timeout 10sec
+		{ print "timeout"; }
+	}
+
+event ready()
+	{
+	h = BrokerStore::create_clone("mystore");
+
+	when ( local res = BrokerStore::keys(h) )
+		{
+		print "clone keys", res;
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 0)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 1)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 2)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 3)));
+		}
+	timeout 10sec
+		{ print "timeout"; }
+	}
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	BrokerComm::subscribe_to_events("bro/event/ready");
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE master.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+global h: opaque of BrokerStore::Handle;
+
+function dv(d: BrokerComm::Data): BrokerComm::DataVector
+	{
+	local rval: BrokerComm::DataVector;
+	rval[0] = d;
+	return rval;
+	}
+
+global ready: event();
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	local myset: set[string] = {"a", "b", "c"};
+	local myvec: vector of string = {"alpha", "beta", "gamma"};
+	BrokerStore::insert(h, BrokerComm::data("one"), BrokerComm::data(110));
+	BrokerStore::insert(h, BrokerComm::data("two"), BrokerComm::data(223));
+	BrokerStore::insert(h, BrokerComm::data("myset"), BrokerComm::data(myset));
+	BrokerStore::insert(h, BrokerComm::data("myvec"), BrokerComm::data(myvec));
+	BrokerStore::increment(h, BrokerComm::data("one"));
+	BrokerStore::decrement(h, BrokerComm::data("two"));
+	BrokerStore::add_to_set(h, BrokerComm::data("myset"), BrokerComm::data("d"));
+	BrokerStore::remove_from_set(h, BrokerComm::data("myset"), BrokerComm::data("b"));
+	BrokerStore::push_left(h, BrokerComm::data("myvec"), dv(BrokerComm::data("delta")));
+	BrokerStore::push_right(h, BrokerComm::data("myvec"), dv(BrokerComm::data("omega")));
+
+	when ( local res = BrokerStore::size(h) )
+		{ event ready(); }
+	timeout 10sec
+		{ print "timeout"; }
+	}
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	h = BrokerStore::create_master("mystore");
+	BrokerComm::connect("127.0.0.1", broker_port, 1secs);
+	BrokerComm::auto_event("bro/event/ready", ready);
+	}
+
+@TEST-END-FILE
diff --git a/testing/btest/core/leaks/broker/data.bro b/testing/btest/core/leaks/broker/data.bro
new file mode 100644
index 0000000000..d4f6402ae3
--- /dev/null
+++ b/testing/btest/core/leaks/broker/data.bro
@@ -0,0 +1,233 @@
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
+# @TEST-GROUP: leaks
+
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT
+# @TEST-EXEC: btest-bg-wait 45
+# @TEST-EXEC: btest-diff bro/.stdout
+
+type bro_set: set[string];
+type bro_table: table[string] of count;
+type bro_vector: vector of string;
+
+type bro_record : record {
+	a: string &optional;
+	b: string &default = "bee";
+	c: count;
+};
+
+function comm_record_to_bro_record_recurse(it: opaque of BrokerComm::RecordIterator,
+                                           rval: bro_record,
+                                           idx: count): bro_record
+	{
+	if ( BrokerComm::record_iterator_last(it) )
+		return rval;
+
+	local field_value = BrokerComm::record_iterator_value(it);
+
+	if ( field_value?$d )
+		switch ( idx ) {
+		case 0:
+			rval$a = BrokerComm::refine_to_string(field_value);
+			break;
+		case 1:
+			rval$b = BrokerComm::refine_to_string(field_value);
+			break;
+		case 2:
+			rval$c = BrokerComm::refine_to_count(field_value);
+			break;
+		};
+
+	++idx;
+	BrokerComm::record_iterator_next(it);
+	return comm_record_to_bro_record_recurse(it, rval, idx);
+	}
+
+function comm_record_to_bro_record(d: BrokerComm::Data): bro_record
+	{
+	return comm_record_to_bro_record_recurse(BrokerComm::record_iterator(d),
+	                                         bro_record($c = 0), 0);
+	}
+
+function
+comm_set_to_bro_set_recurse(it: opaque of BrokerComm::SetIterator,
+                            rval: bro_set): bro_set
+	{
+	if ( BrokerComm::set_iterator_last(it) )
+		return rval;
+
+	add rval[BrokerComm::refine_to_string(BrokerComm::set_iterator_value(it))];
+	BrokerComm::set_iterator_next(it);
+	return comm_set_to_bro_set_recurse(it, rval);
+	}
+
+
+function comm_set_to_bro_set(d: BrokerComm::Data): bro_set
+	{
+	return comm_set_to_bro_set_recurse(BrokerComm::set_iterator(d), bro_set());
+	}
+
+function
+comm_table_to_bro_table_recurse(it: opaque of BrokerComm::TableIterator,
+                                rval: bro_table): bro_table
+	{
+	if ( BrokerComm::table_iterator_last(it) )
+		return rval;
+
+	local item = BrokerComm::table_iterator_value(it);
+	rval[BrokerComm::refine_to_string(item$key)] = BrokerComm::refine_to_count(item$val);
+	BrokerComm::table_iterator_next(it);
+	return comm_table_to_bro_table_recurse(it, rval);
+	}
+
+function comm_table_to_bro_table(d: BrokerComm::Data): bro_table
+	{
+	return comm_table_to_bro_table_recurse(BrokerComm::table_iterator(d),
+	                                       bro_table());
+	}
+
+function comm_vector_to_bro_vector_recurse(it: opaque of BrokerComm::VectorIterator,
+                                           rval: bro_vector): bro_vector
+	{
+	if ( BrokerComm::vector_iterator_last(it) )
+		return rval;
+
+	rval[|rval|] = BrokerComm::refine_to_string(BrokerComm::vector_iterator_value(it));
+	BrokerComm::vector_iterator_next(it);
+	return comm_vector_to_bro_vector_recurse(it, rval);
+	}
+
+function comm_vector_to_bro_vector(d: BrokerComm::Data): bro_vector
+	{
+	return comm_vector_to_bro_vector_recurse(BrokerComm::vector_iterator(d),
+	                                         bro_vector());
+	}
+
+event bro_init()
+	{
+BrokerComm::enable();
+	}
+
+global did_it = F;
+
+event new_connection(c: connection)
+	{
+if ( did_it ) return;
+did_it = T;
+print BrokerComm::data_type(BrokerComm::data(T));
+print BrokerComm::data_type(BrokerComm::data(+1));
+print BrokerComm::data_type(BrokerComm::data(1));
+print BrokerComm::data_type(BrokerComm::data(1.1));
+print BrokerComm::data_type(BrokerComm::data("1 (how creative)"));
+print BrokerComm::data_type(BrokerComm::data(1.1.1.1));
+print BrokerComm::data_type(BrokerComm::data(1.1.1.1/1));
+print BrokerComm::data_type(BrokerComm::data(1/udp));
+print BrokerComm::data_type(BrokerComm::data(double_to_time(1)));
+print BrokerComm::data_type(BrokerComm::data(1sec));
+print BrokerComm::data_type(BrokerComm::data(BrokerComm::BOOL));
+local s: bro_set = bro_set("one", "two", "three");
+local t: bro_table = bro_table(["one"] = 1, ["two"] = 2, ["three"] = 3);
+local v: bro_vector = bro_vector("zero", "one", "two");
+local r: bro_record = bro_record($c = 1);
+print BrokerComm::data_type(BrokerComm::data(s));
+print BrokerComm::data_type(BrokerComm::data(t));
+print BrokerComm::data_type(BrokerComm::data(v));
+print BrokerComm::data_type(BrokerComm::data(r));
+
+print "***************************";
+
+print BrokerComm::refine_to_bool(BrokerComm::data(T));
+print BrokerComm::refine_to_bool(BrokerComm::data(F));
+print BrokerComm::refine_to_int(BrokerComm::data(+1));
+print BrokerComm::refine_to_int(BrokerComm::data(+0));
+print BrokerComm::refine_to_int(BrokerComm::data(-1));
+print BrokerComm::refine_to_count(BrokerComm::data(1));
+print BrokerComm::refine_to_count(BrokerComm::data(0));
+print BrokerComm::refine_to_double(BrokerComm::data(1.1));
+print BrokerComm::refine_to_double(BrokerComm::data(-11.1));
+print BrokerComm::refine_to_string(BrokerComm::data("hello"));
+print BrokerComm::refine_to_addr(BrokerComm::data(1.2.3.4));
+print BrokerComm::refine_to_subnet(BrokerComm::data(192.168.1.1/16));
+print BrokerComm::refine_to_port(BrokerComm::data(22/tcp));
+print BrokerComm::refine_to_time(BrokerComm::data(double_to_time(42)));
+print BrokerComm::refine_to_interval(BrokerComm::data(3min));
+print BrokerComm::refine_to_enum_name(BrokerComm::data(BrokerComm::BOOL));
+
+print "***************************";
+
+local cs = BrokerComm::data(s);
+print comm_set_to_bro_set(cs);
+cs = BrokerComm::set_create();
+print BrokerComm::set_size(cs);
+print BrokerComm::set_insert(cs, BrokerComm::data("hi"));
+print BrokerComm::set_size(cs);
+print BrokerComm::set_contains(cs, BrokerComm::data("hi"));
+print BrokerComm::set_contains(cs, BrokerComm::data("bye"));
+print BrokerComm::set_insert(cs, BrokerComm::data("bye"));
+print BrokerComm::set_size(cs);
+print BrokerComm::set_remove(cs, BrokerComm::data("hi"));
+print BrokerComm::set_size(cs);
+print BrokerComm::set_remove(cs, BrokerComm::data("hi"));
+print comm_set_to_bro_set(cs);
+BrokerComm::set_clear(cs);
+print BrokerComm::set_size(cs);
+
+print "***************************";
+
+local ct = BrokerComm::data(t);
+print comm_table_to_bro_table(ct);
+ct = BrokerComm::table_create();
+print BrokerComm::table_size(ct);
+print BrokerComm::table_insert(ct, BrokerComm::data("hi"), BrokerComm::data(42));
+print BrokerComm::table_size(ct);
+print BrokerComm::table_contains(ct, BrokerComm::data("hi"));
+print BrokerComm::refine_to_count(BrokerComm::table_lookup(ct, BrokerComm::data("hi")));
+print BrokerComm::table_contains(ct, BrokerComm::data("bye"));
+print BrokerComm::table_insert(ct, BrokerComm::data("bye"), BrokerComm::data(7));
+print BrokerComm::table_size(ct);
+print BrokerComm::table_insert(ct, BrokerComm::data("bye"), BrokerComm::data(37));
+print BrokerComm::table_size(ct);
+print BrokerComm::refine_to_count(BrokerComm::table_lookup(ct, BrokerComm::data("bye")));
+print BrokerComm::table_remove(ct, BrokerComm::data("hi"));
+print BrokerComm::table_size(ct);
+
+print "***************************";
+
+local cv = BrokerComm::data(v);
+print comm_vector_to_bro_vector(cv);
+cv = BrokerComm::vector_create();
+print BrokerComm::vector_size(cv);
+print BrokerComm::vector_insert(cv, BrokerComm::data("hi"), 0);
+print BrokerComm::vector_insert(cv, BrokerComm::data("hello"), 1);
+print BrokerComm::vector_insert(cv, BrokerComm::data("greetings"), 2);
+print BrokerComm::vector_insert(cv, BrokerComm::data("salutations"), 1);
+print comm_vector_to_bro_vector(cv);
+print BrokerComm::vector_size(cv);
+print BrokerComm::vector_replace(cv, BrokerComm::data("bah"), 2);
+print BrokerComm::vector_lookup(cv, 2);
+print BrokerComm::vector_lookup(cv, 0);
+print comm_vector_to_bro_vector(cv);
+print BrokerComm::vector_remove(cv, 2);
+print comm_vector_to_bro_vector(cv);
+print BrokerComm::vector_size(cv);
+
+print "***************************";
+
+local cr = BrokerComm::data(r);
+print comm_record_to_bro_record(cr);
+r$a = "test";
+cr = BrokerComm::data(r);
+print comm_record_to_bro_record(cr);
+r$b = "testagain";
+cr = BrokerComm::data(r);
+print comm_record_to_bro_record(cr);
+cr = BrokerComm::record_create(3);
+print BrokerComm::record_size(cr);
+print BrokerComm::record_assign(cr, BrokerComm::data("hi"), 0);
+print BrokerComm::record_assign(cr, BrokerComm::data("hello"), 1);
+print BrokerComm::record_assign(cr, BrokerComm::data(37), 2);
+print BrokerComm::record_lookup(cr, 0);
+print BrokerComm::record_lookup(cr, 1);
+print BrokerComm::record_lookup(cr, 2);
+print BrokerComm::record_size(cr);
+}
diff --git a/testing/btest/core/leaks/broker/master_store.bro b/testing/btest/core/leaks/broker/master_store.bro
new file mode 100644
index 0000000000..19c63236f5
--- /dev/null
+++ b/testing/btest/core/leaks/broker/master_store.bro
@@ -0,0 +1,155 @@
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
+# @TEST-GROUP: leaks
+
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT
+# @TEST-EXEC: btest-bg-wait 45
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stdout
+
+redef exit_only_after_terminate = T;
+
+global h: opaque of BrokerStore::Handle;
+global lookup_count = 0;
+const lookup_expect_count = 5;
+global exists_count = 0;
+const exists_expect_count = 4;
+global pop_count = 0;
+const pop_expect_count = 2;
+
+global test_size: event(where: string &default = "");
+
+event test_clear()
+	{
+	BrokerStore::clear(h);
+	event test_size("after clear");
+	}
+
+event test_size(where: string)
+	{
+	when ( local res = BrokerStore::size(h) )
+		{
+		if ( where == "" )
+			{
+			print fmt("size: %s", res);
+			event test_clear();
+			}
+		else
+			{
+			print fmt("size (%s): %s", where, res);
+			terminate();
+			}
+		}
+	timeout 10sec
+		{ print "timeout"; }
+	}
+
+event test_keys()
+	{
+	when ( local res = BrokerStore::keys(h) )
+		{
+		print fmt("keys: %s", res);
+		event test_size();
+		}
+	timeout 10sec
+		{ print "timeout"; }
+	}
+
+event test_pop(key: string)
+	{
+	when ( local lres = BrokerStore::pop_left(h, BrokerComm::data(key)) )
+		{
+		print fmt("pop_left(%s): %s", key, lres);
+		++pop_count;
+
+		if ( pop_count == pop_expect_count )
+			event test_keys();
+		}
+	timeout 10sec
+		{ print "timeout"; }
+
+	when ( local rres = BrokerStore::pop_right(h, BrokerComm::data(key)) )
+		{
+		print fmt("pop_right(%s): %s", key, rres);
+		++pop_count;
+
+		if ( pop_count == pop_expect_count )
+			event test_keys();
+		}
+	timeout 10sec
+		{ print "timeout"; }
+	}
+
+function do_exists(key: string)
+	{
+	when ( local res = BrokerStore::exists(h, BrokerComm::data(key)) )
+		{
+		print fmt("exists(%s): %s", key, res);
+		++exists_count;
+
+		if ( exists_count == exists_expect_count )
+			event test_pop("myvec");
+		}
+	timeout 10sec
+		{ print "timeout"; }
+	}
+
+event test_erase()
+	{
+	BrokerStore::erase(h, BrokerComm::data("two"));
+	do_exists("one");
+	do_exists("two");
+	do_exists("myset");
+	do_exists("four");
+	}
+
+function do_lookup(key: string)
+	{
+	when ( local res = BrokerStore::lookup(h, BrokerComm::data(key)) )
+		{
+		print fmt("lookup(%s): %s", key, res);
+		++lookup_count;
+
+		if ( lookup_count == lookup_expect_count )
+			event test_erase();
+		}
+	timeout 10sec
+		{ print "timeout"; }
+	}
+
+function dv(d: BrokerComm::Data): BrokerComm::DataVector
+	{
+	local rval: BrokerComm::DataVector;
+	rval[0] = d;
+	return rval;
+	}
+
+global did_it = F;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	h = BrokerStore::create_master("master");
+	}
+
+event new_connection(c: connection)
+	{
+	if ( did_it ) return;
+	did_it = T;
+	local myset: set[string] = {"a", "b", "c"};
+	local myvec: vector of string = {"alpha", "beta", "gamma"};
+	BrokerStore::insert(h, BrokerComm::data("one"), BrokerComm::data(110));
+	BrokerStore::insert(h, BrokerComm::data("two"), BrokerComm::data(223));
+	BrokerStore::insert(h, BrokerComm::data("myset"), BrokerComm::data(myset));
+	BrokerStore::insert(h, BrokerComm::data("myvec"), BrokerComm::data(myvec));
+	BrokerStore::increment(h, BrokerComm::data("one"));
+	BrokerStore::decrement(h, BrokerComm::data("two"));
+	BrokerStore::add_to_set(h, BrokerComm::data("myset"), BrokerComm::data("d"));
+	BrokerStore::remove_from_set(h, BrokerComm::data("myset"), BrokerComm::data("b"));
+	BrokerStore::push_left(h, BrokerComm::data("myvec"), dv(BrokerComm::data("delta")));
+	BrokerStore::push_right(h, BrokerComm::data("myvec"), dv(BrokerComm::data("omega")));
+	do_lookup("one");
+	do_lookup("two");
+	do_lookup("myset");
+	do_lookup("four");
+	do_lookup("myvec");
+	}
diff --git a/testing/btest/core/leaks/broker/remote_event.test b/testing/btest/core/leaks/broker/remote_event.test
new file mode 100644
index 0000000000..243d3b04d3
--- /dev/null
+++ b/testing/btest/core/leaks/broker/remote_event.test
@@ -0,0 +1,96 @@
+# @TEST-SERIALIZE: brokercomm
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
+# @TEST-GROUP: leak
+
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "bro -m -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "bro -m -b ../send.bro broker_port=$BROKER_PORT >send.out"
+
+# @TEST-EXEC: btest-bg-wait 45
+# @TEST-EXEC: btest-diff recv/recv.out
+# @TEST-EXEC: btest-diff send/send.out
+
+@TEST-START-FILE recv.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+global event_handler: event(msg: string, c: count);
+global auto_event_handler: event(msg: string, c: count);
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	BrokerComm::subscribe_to_events("bro/event/");
+	BrokerComm::auto_event("bro/event/my_topic", auto_event_handler);
+	}
+
+global event_count = 0;
+global events_to_recv = 6;
+
+event event_handler(msg: string, n: count)
+	{
+	++event_count;
+	print "got event msg", msg, n;
+
+	if ( event_count == events_to_recv )
+		{
+		terminate();
+		return;
+		}
+
+	event auto_event_handler(msg, n);
+	local args = BrokerComm::event_args(event_handler, "pong", n);
+	BrokerComm::event("bro/event/my_topic", args);
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE send.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+global event_handler: event(msg: string, c: count);
+global auto_event_handler: event(msg: string, c: count);
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_events("bro/event/my_topic");
+	BrokerComm::connect("127.0.0.1", broker_port, 1secs);
+	}
+
+global event_count = 0;
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established", peer_address, peer_port;
+	local args = BrokerComm::event_args(event_handler, "ping", event_count);
+	BrokerComm::event("bro/event/hi", args);
+	++event_count;
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+event event_handler(msg: string, n: count)
+	{
+	print "got event msg", msg, n;
+	local args = BrokerComm::event_args(event_handler, "ping", event_count);
+    BrokerComm::event("bro/event/hi", args);
+	++event_count;
+	}
+
+event auto_event_handler(msg: string, n: count)
+	{
+	print "got auto event msg", msg, n;
+	}
+	
+@TEST-END-FILE
diff --git a/testing/btest/core/leaks/broker/remote_log.test b/testing/btest/core/leaks/broker/remote_log.test
new file mode 100644
index 0000000000..f6c0c41fda
--- /dev/null
+++ b/testing/btest/core/leaks/broker/remote_log.test
@@ -0,0 +1,98 @@
+# @TEST-SERIALIZE: brokercomm
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
+# @TEST-GROUP: leak
+
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "bro -m -b ../common.bro ../recv.bro broker_port=$BROKER_PORT >recv.out"
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "bro -m -b ../common.bro ../send.bro broker_port=$BROKER_PORT >send.out"
+
+# @TEST-EXEC: btest-bg-wait 45
+# @TEST-EXEC: btest-diff recv/recv.out
+# @TEST-EXEC: btest-diff recv/test.log
+# @TEST-EXEC: btest-diff send/send.out
+# @TEST-EXEC: btest-diff send/test.log
+
+@TEST-START-FILE common.bro
+
+module Test;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Info: record {
+		msg: string &log;
+		num: count &log;
+	};
+
+	global log_test: event(rec: Test::Info);
+}
+
+event bro_init() &priority=5
+	{
+	BrokerComm::enable();
+	Log::create_stream(Test::LOG, [$columns=Test::Info, $ev=log_test]);
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE recv.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+event bro_init()
+	{
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	BrokerComm::subscribe_to_logs("bro/log/");
+	}
+
+event Test::log_test(rec: Test::Info)
+	{
+	print "wrote log", rec;
+
+	if ( rec$num == 5 )
+		terminate();
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE send.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+event bro_init()
+	{
+	BrokerComm::enable_remote_logs(Test::LOG);
+	BrokerComm::connect("127.0.0.1", broker_port, 1secs);
+	}
+
+global n = 0;
+
+event do_write()
+	{
+	if ( n == 6 )
+		return;
+	else
+		{
+		Log::write(Test::LOG, [$msg = "ping", $num = n]);
+		++n;
+		event do_write();
+		}
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established", peer_address, peer_port;
+	event do_write();
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+@TEST-END-FILE
diff --git a/testing/btest/core/leaks/broker/remote_print.test b/testing/btest/core/leaks/broker/remote_print.test
new file mode 100644
index 0000000000..e77881c694
--- /dev/null
+++ b/testing/btest/core/leaks/broker/remote_print.test
@@ -0,0 +1,85 @@
+# @TEST-SERIALIZE: brokercomm
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
+# @TEST-GROUP: leak
+
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "bro -m -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "bro -m -b ../send.bro broker_port=$BROKER_PORT >send.out"
+
+# @TEST-EXEC: btest-bg-wait 45
+# @TEST-EXEC: btest-diff recv/recv.out
+# @TEST-EXEC: btest-diff send/send.out
+
+@TEST-START-FILE recv.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	BrokerComm::subscribe_to_prints("bro/print/");
+	}
+
+global messages_to_recv = 6;
+global messages_sent = 0;
+global messages_recv = 0;
+
+event BrokerComm::print_handler(msg: string)
+	{
+	++messages_recv;
+	print "got print msg", msg;
+
+	if ( messages_to_recv == messages_recv )
+		{
+		terminate();
+		return;
+		}
+
+	BrokerComm::print("bro/print/my_topic", fmt("pong %d", messages_sent));
+	++messages_sent;
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE send.bro
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_prints("bro/print/my_topic");
+	BrokerComm::connect("127.0.0.1", broker_port, 1secs);
+	}
+
+global messages_sent = 0;
+global messages_recv = 0;
+global peer_disconnected = F;
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established", peer_address, peer_port;
+	BrokerComm::print("bro/print/hi", fmt("ping %d", messages_sent));
+	++messages_sent;
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+event BrokerComm::print_handler(msg: string)
+	{
+	++messages_recv;
+	print "got print msg", msg;
+	BrokerComm::print("bro/print/hi", fmt("ping %d", messages_sent));
+	++messages_sent;
+	}
+
+@TEST-END-FILE
diff --git a/testing/btest/core/leaks/dns-txt.bro b/testing/btest/core/leaks/dns-txt.bro
index 44b7c04a0c..e47e19f9c9 100644
--- a/testing/btest/core/leaks/dns-txt.bro
+++ b/testing/btest/core/leaks/dns-txt.bro
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 @load base/frameworks/communication # keep network time running
 redef exit_only_after_terminate = T;
diff --git a/testing/btest/core/leaks/dns.bro b/testing/btest/core/leaks/dns.bro
index d02d7b6f3c..570c66cf56 100644
--- a/testing/btest/core/leaks/dns.bro
+++ b/testing/btest/core/leaks/dns.bro
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 @load base/frameworks/communication # keep network time running
 redef exit_only_after_terminate = T;
diff --git a/testing/btest/core/leaks/dtls.bro b/testing/btest/core/leaks/dtls.bro
new file mode 100644
index 0000000000..57b5479fac
--- /dev/null
+++ b/testing/btest/core/leaks/dtls.bro
@@ -0,0 +1,15 @@
+# Needs perftools support.
+#
+# @TEST-GROUP: leaks
+#
+# @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
+#
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/dtls-openssl.pcap %INPUT
+# @TEST-EXEC: btest-bg-wait 60
+
+@load base/protocols/ssl
+
+event ssl_established(c: connection) &priority=3
+	{
+	print "established";
+	}
diff --git a/testing/btest/core/leaks/exec.test b/testing/btest/core/leaks/exec.test
index 38e3b30a69..8ae054cf63 100644
--- a/testing/btest/core/leaks/exec.test
+++ b/testing/btest/core/leaks/exec.test
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b ../exectest.bro
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 @TEST-START-FILE exectest.bro
 
diff --git a/testing/btest/core/leaks/file-analysis-http-get.bro b/testing/btest/core/leaks/file-analysis-http-get.bro
index aa4708305e..29aa6535a3 100644
--- a/testing/btest/core/leaks/file-analysis-http-get.bro
+++ b/testing/btest/core/leaks/file-analysis-http-get.bro
@@ -5,7 +5,7 @@
 # @TEST-GROUP: leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT
-# @TEST-EXEC: btest-bg-wait 25
+# @TEST-EXEC: btest-bg-wait 60
 
 redef test_file_analysis_source = "HTTP";
 
diff --git a/testing/btest/core/leaks/gridftp.test b/testing/btest/core/leaks/gridftp.test
index f0ba6cf8e6..4c7d31937d 100644
--- a/testing/btest/core/leaks/gridftp.test
+++ b/testing/btest/core/leaks/gridftp.test
@@ -5,7 +5,7 @@
 # @TEST-GROUP: leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/globus-url-copy.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 60
 
 @load base/protocols/ftp/gridftp
 
diff --git a/testing/btest/core/leaks/gtp_opt_header.test b/testing/btest/core/leaks/gtp_opt_header.test
index 4205766ee0..79cc50d752 100644
--- a/testing/btest/core/leaks/gtp_opt_header.test
+++ b/testing/btest/core/leaks/gtp_opt_header.test
@@ -5,7 +5,7 @@
 # @TEST-GROUP: leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 60
 
 # Some GTPv1 headers have some optional fields totaling to a 4-byte extension
 # of the mandatory header.
diff --git a/testing/btest/core/leaks/hll_cluster.bro b/testing/btest/core/leaks/hll_cluster.bro
index a843452e00..3ba46005e1 100644
--- a/testing/btest/core/leaks/hll_cluster.bro
+++ b/testing/btest/core/leaks/hll_cluster.bro
@@ -10,7 +10,7 @@
 # @TEST-EXEC: sleep 2
 # @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro runnumber=1 %INPUT
 # @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro runnumber=2 %INPUT
-# @TEST-EXEC: btest-bg-wait 25
+# @TEST-EXEC: btest-bg-wait 60
 #
 # @TEST-EXEC: btest-diff manager-1/.stdout
 # @TEST-EXEC: btest-diff worker-1/.stdout
diff --git a/testing/btest/core/leaks/hook.bro b/testing/btest/core/leaks/hook.bro
index 210b559ef1..0d991bc9a0 100644
--- a/testing/btest/core/leaks/hook.bro
+++ b/testing/btest/core/leaks/hook.bro
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 type rec: record {
 	a: count;
diff --git a/testing/btest/core/leaks/http-connect.bro b/testing/btest/core/leaks/http-connect.bro
index fe42f3ec0a..8a7f1c8146 100644
--- a/testing/btest/core/leaks/http-connect.bro
+++ b/testing/btest/core/leaks/http-connect.bro
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/http/connect-with-smtp.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 60
 
 @load base/protocols/conn
 @load base/protocols/http
diff --git a/testing/btest/core/leaks/incr-vec-expr.test b/testing/btest/core/leaks/incr-vec-expr.test
index fca0ab3264..42d9d9f820 100644
--- a/testing/btest/core/leaks/incr-vec-expr.test
+++ b/testing/btest/core/leaks/incr-vec-expr.test
@@ -5,7 +5,7 @@
 # @TEST-GROUP: leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 type rec: record {
     a: count;
diff --git a/testing/btest/core/leaks/input-basic.bro b/testing/btest/core/leaks/input-basic.bro
index 5a58e0465d..2f2ecf802d 100644
--- a/testing/btest/core/leaks/input-basic.bro
+++ b/testing/btest/core/leaks/input-basic.bro
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 redef exit_only_after_terminate = T;
 
diff --git a/testing/btest/core/leaks/input-missing-enum.bro b/testing/btest/core/leaks/input-missing-enum.bro
new file mode 100644
index 0000000000..9037e15ed0
--- /dev/null
+++ b/testing/btest/core/leaks/input-missing-enum.bro
@@ -0,0 +1,41 @@
+# Needs perftools support.
+#
+# @TEST-GROUP: leaks
+#
+# @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
+#
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT
+# @TEST-EXEC: btest-bg-wait 60
+
+@TEST-START-FILE input.log
+#fields	e	i
+IdoNot::Exist	1
+@TEST-END-FILE
+
+redef exit_only_after_terminate = T;
+
+module A;
+
+type Idx: record {
+	i: int;
+};
+
+type Val: record {
+	e: Log::ID;
+};
+
+global etable: table[int] of Log::ID = table();
+
+event bro_init()
+	{
+	# first read in the old stuff into the table...
+	Input::add_table([$source="../input.log", $name="enum", $idx=Idx, $val=Val, $destination=etable, $want_record=F]);
+	}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	print "Table:";
+	print etable;
+	Input::remove("enum");
+	terminate();
+	}
diff --git a/testing/btest/core/leaks/input-optional-event.bro b/testing/btest/core/leaks/input-optional-event.bro
index 72e62bb285..ca141e1c4e 100644
--- a/testing/btest/core/leaks/input-optional-event.bro
+++ b/testing/btest/core/leaks/input-optional-event.bro
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 @TEST-START-FILE input.log
 #separator \x09
diff --git a/testing/btest/core/leaks/input-optional-table.bro b/testing/btest/core/leaks/input-optional-table.bro
index c15589a948..95871b1516 100644
--- a/testing/btest/core/leaks/input-optional-table.bro
+++ b/testing/btest/core/leaks/input-optional-table.bro
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 @TEST-START-FILE input.log
 #separator \x09
diff --git a/testing/btest/core/leaks/input-raw.bro b/testing/btest/core/leaks/input-raw.bro
index 7329a7c70f..cec50682fb 100644
--- a/testing/btest/core/leaks/input-raw.bro
+++ b/testing/btest/core/leaks/input-raw.bro
@@ -10,7 +10,7 @@
 # @TEST-EXEC: cat input2.log >> input.log
 # @TEST-EXEC: sleep 5
 # @TEST-EXEC: cat input3.log >> input.log
-# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-bg-wait 60
 
 redef exit_only_after_terminate = T;
 
diff --git a/testing/btest/core/leaks/input-reread.bro b/testing/btest/core/leaks/input-reread.bro
index e9aab062d0..f71873c776 100644
--- a/testing/btest/core/leaks/input-reread.bro
+++ b/testing/btest/core/leaks/input-reread.bro
@@ -14,7 +14,7 @@
 # @TEST-EXEC: cp input4.log input.log
 # @TEST-EXEC: sleep 10
 # @TEST-EXEC: cp input5.log input.log
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 60
 
 @TEST-START-FILE input1.log
 #separator \x09
diff --git a/testing/btest/core/leaks/input-sqlite.bro b/testing/btest/core/leaks/input-sqlite.bro
index 0de1069b5e..ae1df163c8 100644
--- a/testing/btest/core/leaks/input-sqlite.bro
+++ b/testing/btest/core/leaks/input-sqlite.bro
@@ -7,7 +7,7 @@
 #
 # @TEST-EXEC: cat conn.sql | sqlite3 conn.sqlite
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT
-# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-bg-wait 60
 
 @TEST-START-FILE conn.sql
 PRAGMA foreign_keys=OFF;
@@ -26,6 +26,7 @@ CREATE TABLE conn (
 'resp_bytes' integer,
 'conn_state' text,
 'local_orig' boolean,
+'local_resp' boolean,
 'missed_bytes' integer,
 'history' text,
 'orig_pkts' integer,
@@ -34,40 +35,40 @@ CREATE TABLE conn (
 'resp_ip_bytes' integer,
 'tunnel_parents' text
 );
-INSERT INTO "conn" VALUES(1.30047516709653496744e+09,'dnGM1AdIVyh','141.142.220.202',5353,'224.0.0.251',5353,'udp','dns',NULL,NULL,NULL,'S0',NULL,0,'D',1,73,0,0,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516709701204296e+09,'fv9q7WjEgp1','fe80::217:f2ff:fed7:cf65',5353,'ff02::fb',5353,'udp',NULL,NULL,NULL,NULL,'S0',NULL,0,'D',1,199,0,0,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516709981608392e+09,'0Ox0H56yl88','141.142.220.50',5353,'224.0.0.251',5353,'udp',NULL,NULL,NULL,NULL,'S0',NULL,0,'D',1,179,0,0,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516885389900212e+09,'rvmSc7rDQub','141.142.220.118',43927,'141.142.2.2',53,'udp','dns',4.351139068603515625e-04,38,89,'SF',NULL,0,'Dd',1,66,1,117,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516885437798497e+09,'ogkztouSArh','141.142.220.118',37676,'141.142.2.2',53,'udp','dns',4.20093536376953125e-04,52,99,'SF',NULL,0,'Dd',1,80,1,127,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516885483694076e+09,'0UIDdXFt7Tb','141.142.220.118',40526,'141.142.2.2',53,'udp','dns',3.9196014404296875e-04,38,183,'SF',NULL,0,'Dd',1,66,1,211,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516885795593258e+09,'WqFYV51UIq7','141.142.220.118',32902,'141.142.2.2',53,'udp','dns',3.17096710205078125e-04,38,89,'SF',NULL,0,'Dd',1,66,1,117,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516885830593104e+09,'ylcqZpbz6K2','141.142.220.118',59816,'141.142.2.2',53,'udp','dns',3.430843353271484375e-04,52,99,'SF',NULL,0,'Dd',1,80,1,127,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516885871291159e+09,'blhldTzA7Y6','141.142.220.118',59714,'141.142.2.2',53,'udp','dns',3.750324249267578125e-04,38,183,'SF',NULL,0,'Dd',1,66,1,211,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516889164400098e+09,'Sc34cGJo3Kg','141.142.220.118',58206,'141.142.2.2',53,'udp','dns',3.39031219482421875e-04,38,89,'SF',NULL,0,'Dd',1,66,1,117,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516889203691487e+09,'RzvFrfXSRfk','141.142.220.118',38911,'141.142.2.2',53,'udp','dns',3.349781036376953125e-04,52,99,'SF',NULL,0,'Dd',1,80,1,127,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516889241409298e+09,'GaaFI58mpbe','141.142.220.118',59746,'141.142.2.2',53,'udp','dns',4.208087921142578125e-04,38,183,'SF',NULL,0,'Dd',1,66,1,211,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516889398789407e+09,'tr7M6tvAIQa','141.142.220.118',45000,'141.142.2.2',53,'udp','dns',3.840923309326171875e-04,38,89,'SF',NULL,0,'Dd',1,66,1,117,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516889442205426e+09,'gV0TcSc2pb4','141.142.220.118',48479,'141.142.2.2',53,'udp','dns',3.168582916259765625e-04,52,99,'SF',NULL,0,'Dd',1,80,1,127,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516889478707315e+09,'MOG0z4PYOhk','141.142.220.118',48128,'141.142.2.2',53,'udp','dns',4.22954559326171875e-04,38,183,'SF',NULL,0,'Dd',1,66,1,211,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516890174889565e+09,'PlehgEduUyj','141.142.220.118',56056,'141.142.2.2',53,'udp','dns',4.022121429443359375e-04,36,131,'SF',NULL,0,'Dd',1,64,1,159,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516890219497676e+09,'4eZgk09f2Re','141.142.220.118',55092,'141.142.2.2',53,'udp','dns',3.740787506103515625e-04,36,198,'SF',NULL,0,'Dd',1,64,1,226,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516989943790432e+09,'3xwJPc7mQ9a','141.142.220.44',5353,'224.0.0.251',5353,'udp','dns',NULL,NULL,NULL,'S0',NULL,0,'D',1,85,0,0,'(empty)');
-INSERT INTO "conn" VALUES(1.30047517086238408089e+09,'yxTcvvTKWQ4','141.142.220.226',137,'141.142.220.255',137,'udp','dns',2.61301684379577636718e+00,350,0,'S0',NULL,0,'D',7,546,0,0,'(empty)');
-INSERT INTO "conn" VALUES(1.30047517167537188525e+09,'8bLW3XNfhCj','fe80::3074:17d5:2052:c324',65373,'ff02::1:3',5355,'udp','dns',1.00096225738525390625e-01,66,0,'S0',NULL,0,'D',2,162,0,0,'(empty)');
-INSERT INTO "conn" VALUES(1.30047517167708110807e+09,'rqjhiiRPjEe','141.142.220.226',55131,'224.0.0.252',5355,'udp','dns',1.00020885467529296875e-01,66,0,'S0',NULL,0,'D',2,122,0,0,'(empty)');
-INSERT INTO "conn" VALUES(1.30047517311674904827e+09,'hTPyfL3QSGa','fe80::3074:17d5:2052:c324',54213,'ff02::1:3',5355,'udp','dns',9.980106353759765625e-02,66,0,'S0',NULL,0,'D',2,162,0,0,'(empty)');
-INSERT INTO "conn" VALUES(1.30047517311736202235e+09,'EruUQ9AJRj4','141.142.220.226',55671,'224.0.0.252',5355,'udp','dns',9.98489856719970703125e-02,66,0,'S0',NULL,0,'D',2,122,0,0,'(empty)');
-INSERT INTO "conn" VALUES(1.30047517315367889406e+09,'sw1bKJOMjuk','141.142.220.238',56641,'141.142.220.255',137,'udp','dns',NULL,NULL,NULL,'S0',NULL,0,'D',1,78,0,0,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516872400689127e+09,'NPHCuyWykE7','141.142.220.118',48649,'208.80.152.118',80,'tcp','http',1.19904994964599609375e-01,525,232,'S1',NULL,0,'ShADad',4,741,3,396,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516889293599126e+09,'VapPqRhPgJ4','141.142.220.118',50000,'208.80.152.3',80,'tcp','http',2.29603052139282226562e-01,1148,734,'S1',NULL,0,'ShADad',6,1468,4,950,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516885916304588e+09,'3607hh8C3bc','141.142.220.118',49998,'208.80.152.3',80,'tcp','http',2.15893030166625976562e-01,1130,734,'S1',NULL,0,'ShADad',6,1450,4,950,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516885530495647e+09,'tgYMrIvzDSg','141.142.220.118',49996,'208.80.152.3',80,'tcp','http',2.1850109100341796875e-01,1171,733,'S1',NULL,0,'ShADad',6,1491,4,949,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516889526700977e+09,'xQsjPwNBrXd','141.142.220.118',50001,'208.80.152.3',80,'tcp','http',2.27283954620361328125e-01,1178,734,'S1',NULL,0,'ShADad',6,1498,4,950,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516890263509747e+09,'Ap3GzMI1vM9','141.142.220.118',35642,'208.80.152.2',80,'tcp','http',1.200408935546875e-01,534,412,'S1',NULL,0,'ShADad',4,750,3,576,'(empty)');
-INSERT INTO "conn" VALUES(1300475168.85533,'FTVcgrmNy52','141.142.220.118',49997,'208.80.152.3',80,'tcp','http',2.19720125198364257812e-01,1125,734,'S1',NULL,0,'ShADad',6,1445,4,950,'(empty)');
-INSERT INTO "conn" VALUES(1.30047516978033089643e+09,'1xFx4PGdeq5','141.142.220.235',6705,'173.192.163.128',80,'tcp',NULL,NULL,NULL,NULL,'OTH',NULL,0,'h',0,0,1,48,'(empty)');
-INSERT INTO "conn" VALUES(1.3004751686520030498e+09,'WIG1ud65z22','141.142.220.118',35634,'208.80.152.2',80,'tcp',NULL,6.1328887939453125e-02,463,350,'OTH',NULL,0,'DdA',2,567,1,402,'(empty)');
-INSERT INTO "conn" VALUES(1.3004751688929131031e+09,'o2gAkl4V7sa','141.142.220.118',49999,'208.80.152.3',80,'tcp','http',2.20960855484008789062e-01,1137,733,'S1',NULL,0,'ShADad',6,1457,4,949,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516709653496744e+09,'dnGM1AdIVyh','141.142.220.202',5353,'224.0.0.251',5353,'udp','dns',NULL,NULL,NULL,'S0',NULL,NULL,0,'D',1,73,0,0,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516709701204296e+09,'fv9q7WjEgp1','fe80::217:f2ff:fed7:cf65',5353,'ff02::fb',5353,'udp',NULL,NULL,NULL,NULL,'S0',NULL,NULL,0,'D',1,199,0,0,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516709981608392e+09,'0Ox0H56yl88','141.142.220.50',5353,'224.0.0.251',5353,'udp',NULL,NULL,NULL,NULL,'S0',NULL,NULL,0,'D',1,179,0,0,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516885389900212e+09,'rvmSc7rDQub','141.142.220.118',43927,'141.142.2.2',53,'udp','dns',4.351139068603515625e-04,38,89,'SF',NULL,NULL,0,'Dd',1,66,1,117,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516885437798497e+09,'ogkztouSArh','141.142.220.118',37676,'141.142.2.2',53,'udp','dns',4.20093536376953125e-04,52,99,'SF',NULL,NULL,0,'Dd',1,80,1,127,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516885483694076e+09,'0UIDdXFt7Tb','141.142.220.118',40526,'141.142.2.2',53,'udp','dns',3.9196014404296875e-04,38,183,'SF',NULL,NULL,0,'Dd',1,66,1,211,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516885795593258e+09,'WqFYV51UIq7','141.142.220.118',32902,'141.142.2.2',53,'udp','dns',3.17096710205078125e-04,38,89,'SF',NULL,NULL,0,'Dd',1,66,1,117,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516885830593104e+09,'ylcqZpbz6K2','141.142.220.118',59816,'141.142.2.2',53,'udp','dns',3.430843353271484375e-04,52,99,'SF',NULL,NULL,0,'Dd',1,80,1,127,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516885871291159e+09,'blhldTzA7Y6','141.142.220.118',59714,'141.142.2.2',53,'udp','dns',3.750324249267578125e-04,38,183,'SF',NULL,NULL,0,'Dd',1,66,1,211,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516889164400098e+09,'Sc34cGJo3Kg','141.142.220.118',58206,'141.142.2.2',53,'udp','dns',3.39031219482421875e-04,38,89,'SF',NULL,NULL,0,'Dd',1,66,1,117,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516889203691487e+09,'RzvFrfXSRfk','141.142.220.118',38911,'141.142.2.2',53,'udp','dns',3.349781036376953125e-04,52,99,'SF',NULL,NULL,0,'Dd',1,80,1,127,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516889241409298e+09,'GaaFI58mpbe','141.142.220.118',59746,'141.142.2.2',53,'udp','dns',4.208087921142578125e-04,38,183,'SF',NULL,NULL,0,'Dd',1,66,1,211,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516889398789407e+09,'tr7M6tvAIQa','141.142.220.118',45000,'141.142.2.2',53,'udp','dns',3.840923309326171875e-04,38,89,'SF',NULL,NULL,0,'Dd',1,66,1,117,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516889442205426e+09,'gV0TcSc2pb4','141.142.220.118',48479,'141.142.2.2',53,'udp','dns',3.168582916259765625e-04,52,99,'SF',NULL,NULL,0,'Dd',1,80,1,127,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516889478707315e+09,'MOG0z4PYOhk','141.142.220.118',48128,'141.142.2.2',53,'udp','dns',4.22954559326171875e-04,38,183,'SF',NULL,NULL,0,'Dd',1,66,1,211,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516890174889565e+09,'PlehgEduUyj','141.142.220.118',56056,'141.142.2.2',53,'udp','dns',4.022121429443359375e-04,36,131,'SF',NULL,NULL,0,'Dd',1,64,1,159,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516890219497676e+09,'4eZgk09f2Re','141.142.220.118',55092,'141.142.2.2',53,'udp','dns',3.740787506103515625e-04,36,198,'SF',NULL,NULL,0,'Dd',1,64,1,226,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516989943790432e+09,'3xwJPc7mQ9a','141.142.220.44',5353,'224.0.0.251',5353,'udp','dns',NULL,NULL,NULL,'S0',NULL,NULL,0,'D',1,85,0,0,'(empty)');
+INSERT INTO "conn" VALUES(1.30047517086238408089e+09,'yxTcvvTKWQ4','141.142.220.226',137,'141.142.220.255',137,'udp','dns',2.61301684379577636718e+00,350,0,'S0',NULL,NULL,0,'D',7,546,0,0,'(empty)');
+INSERT INTO "conn" VALUES(1.30047517167537188525e+09,'8bLW3XNfhCj','fe80::3074:17d5:2052:c324',65373,'ff02::1:3',5355,'udp','dns',1.00096225738525390625e-01,66,0,'S0',NULL,NULL,0,'D',2,162,0,0,'(empty)');
+INSERT INTO "conn" VALUES(1.30047517167708110807e+09,'rqjhiiRPjEe','141.142.220.226',55131,'224.0.0.252',5355,'udp','dns',1.00020885467529296875e-01,66,0,'S0',NULL,NULL,0,'D',2,122,0,0,'(empty)');
+INSERT INTO "conn" VALUES(1.30047517311674904827e+09,'hTPyfL3QSGa','fe80::3074:17d5:2052:c324',54213,'ff02::1:3',5355,'udp','dns',9.980106353759765625e-02,66,0,'S0',NULL,NULL,0,'D',2,162,0,0,'(empty)');
+INSERT INTO "conn" VALUES(1.30047517311736202235e+09,'EruUQ9AJRj4','141.142.220.226',55671,'224.0.0.252',5355,'udp','dns',9.98489856719970703125e-02,66,0,'S0',NULL,NULL,0,'D',2,122,0,0,'(empty)');
+INSERT INTO "conn" VALUES(1.30047517315367889406e+09,'sw1bKJOMjuk','141.142.220.238',56641,'141.142.220.255',137,'udp','dns',NULL,NULL,NULL,'S0',NULL,NULL,0,'D',1,78,0,0,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516872400689127e+09,'NPHCuyWykE7','141.142.220.118',48649,'208.80.152.118',80,'tcp','http',1.19904994964599609375e-01,525,232,'S1',NULL,NULL,0,'ShADad',4,741,3,396,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516889293599126e+09,'VapPqRhPgJ4','141.142.220.118',50000,'208.80.152.3',80,'tcp','http',2.29603052139282226562e-01,1148,734,'S1',NULL,NULL,0,'ShADad',6,1468,4,950,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516885916304588e+09,'3607hh8C3bc','141.142.220.118',49998,'208.80.152.3',80,'tcp','http',2.15893030166625976562e-01,1130,734,'S1',NULL,NULL,0,'ShADad',6,1450,4,950,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516885530495647e+09,'tgYMrIvzDSg','141.142.220.118',49996,'208.80.152.3',80,'tcp','http',2.1850109100341796875e-01,1171,733,'S1',NULL,NULL,0,'ShADad',6,1491,4,949,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516889526700977e+09,'xQsjPwNBrXd','141.142.220.118',50001,'208.80.152.3',80,'tcp','http',2.27283954620361328125e-01,1178,734,'S1',NULL,NULL,0,'ShADad',6,1498,4,950,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516890263509747e+09,'Ap3GzMI1vM9','141.142.220.118',35642,'208.80.152.2',80,'tcp','http',1.200408935546875e-01,534,412,'S1',NULL,NULL,0,'ShADad',4,750,3,576,'(empty)');
+INSERT INTO "conn" VALUES(1300475168.85533,'FTVcgrmNy52','141.142.220.118',49997,'208.80.152.3',80,'tcp','http',2.19720125198364257812e-01,1125,734,'S1',NULL,NULL,0,'ShADad',6,1445,4,950,'(empty)');
+INSERT INTO "conn" VALUES(1.30047516978033089643e+09,'1xFx4PGdeq5','141.142.220.235',6705,'173.192.163.128',80,'tcp',NULL,NULL,NULL,NULL,'OTH',NULL,NULL,0,'h',0,0,1,48,'(empty)');
+INSERT INTO "conn" VALUES(1.3004751686520030498e+09,'WIG1ud65z22','141.142.220.118',35634,'208.80.152.2',80,'tcp',NULL,6.1328887939453125e-02,463,350,'OTH',NULL,NULL,0,'DdA',2,567,1,402,'(empty)');
+INSERT INTO "conn" VALUES(1.3004751688929131031e+09,'o2gAkl4V7sa','141.142.220.118',49999,'208.80.152.3',80,'tcp','http',2.20960855484008789062e-01,1137,733,'S1',NULL,NULL,0,'ShADad',6,1457,4,949,'(empty)');
 COMMIT;
 @TEST-END-FILE
 
diff --git a/testing/btest/core/leaks/input-with-remove.bro b/testing/btest/core/leaks/input-with-remove.bro
index 62fcfa0a4e..ba58d7b2f6 100644
--- a/testing/btest/core/leaks/input-with-remove.bro
+++ b/testing/btest/core/leaks/input-with-remove.bro
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 @load base/frameworks/input
 
diff --git a/testing/btest/core/leaks/ip-in-ip.test b/testing/btest/core/leaks/ip-in-ip.test
index d1654de8e6..3ceae55d49 100644
--- a/testing/btest/core/leaks/ip-in-ip.test
+++ b/testing/btest/core/leaks/ip-in-ip.test
@@ -7,7 +7,7 @@
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro1 bro -m -b -r $TRACES/tunnels/6in6.pcap %INPUT
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro2 bro -m -b -r $TRACES/tunnels/6in6in6.pcap %INPUT
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro3 bro -m -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 event new_connection(c: connection)
 	{
diff --git a/testing/btest/core/leaks/ipv6_ext_headers.test b/testing/btest/core/leaks/ipv6_ext_headers.test
index 7cf2c7ea0e..3b6f8d467c 100644
--- a/testing/btest/core/leaks/ipv6_ext_headers.test
+++ b/testing/btest/core/leaks/ipv6_ext_headers.test
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 # Just check that the event is raised correctly for a packet containing
 # extension headers.
diff --git a/testing/btest/core/leaks/krb.test b/testing/btest/core/leaks/krb.test
new file mode 100644
index 0000000000..7bfb7a550d
--- /dev/null
+++ b/testing/btest/core/leaks/krb.test
@@ -0,0 +1,10 @@
+# Needs perftools support.
+#
+# @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
+#
+# @TEST-GROUP: leaks
+#
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/krb/kinit.trace %INPUT
+# @TEST-EXEC: btest-bg-wait 30
+
+@load base/protocols/krb
\ No newline at end of file
diff --git a/testing/btest/core/leaks/mysql.test b/testing/btest/core/leaks/mysql.test
index 363e3069fd..2e9ec6990f 100644
--- a/testing/btest/core/leaks/mysql.test
+++ b/testing/btest/core/leaks/mysql.test
@@ -5,6 +5,6 @@
 # @TEST-GROUP: leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/mysql/mysql.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 60
 
 @load base/protocols/mysql
diff --git a/testing/btest/core/leaks/pe.test b/testing/btest/core/leaks/pe.test
new file mode 100644
index 0000000000..d951cdbd47
--- /dev/null
+++ b/testing/btest/core/leaks/pe.test
@@ -0,0 +1,12 @@
+# Needs perftools support.
+#
+# @TEST-GROUP: leaks
+#
+# @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
+#
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/pe/pe.trace %INPUT
+# @TEST-EXEC: btest-bg-wait 60
+
+@load base/protocols/ftp
+@load base/files/pe
+
diff --git a/testing/btest/core/leaks/radius.test b/testing/btest/core/leaks/radius.test
index 478912e8b2..228973c47e 100644
--- a/testing/btest/core/leaks/radius.test
+++ b/testing/btest/core/leaks/radius.test
@@ -5,6 +5,6 @@
 # @TEST-GROUP: leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/radius/radius.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 60
 
 @load base/protocols/radius
diff --git a/testing/btest/core/leaks/remote.bro b/testing/btest/core/leaks/remote.bro
index 41bbaec076..f9d412b8e9 100644
--- a/testing/btest/core/leaks/remote.bro
+++ b/testing/btest/core/leaks/remote.bro
@@ -9,7 +9,7 @@
 # @TEST-EXEC: sleep 1
 # @TEST-EXEC: btest-bg-run receiver HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -b -m --pseudo-realtime %INPUT ../receiver.bro
 # @TEST-EXEC: sleep 1
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 60
 # @TEST-EXEC: btest-diff sender/test.log
 # @TEST-EXEC: btest-diff sender/test.failure.log
 # @TEST-EXEC: btest-diff sender/test.success.log
diff --git a/testing/btest/core/leaks/returnwhen.bro b/testing/btest/core/leaks/returnwhen.bro
index 9fd9a794cd..f5160ef250 100644
--- a/testing/btest/core/leaks/returnwhen.bro
+++ b/testing/btest/core/leaks/returnwhen.bro
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: btest-bg-run bro HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 redef exit_only_after_terminate = T;
 
diff --git a/testing/btest/core/leaks/sip.test b/testing/btest/core/leaks/sip.test
new file mode 100644
index 0000000000..1aac2b30e0
--- /dev/null
+++ b/testing/btest/core/leaks/sip.test
@@ -0,0 +1,10 @@
+# Needs perftools support.
+#
+# @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
+#
+# @TEST-GROUP: leaks
+#
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/sip/wireshark.trace %INPUT
+# @TEST-EXEC: btest-bg-wait 60
+
+@load base/protocols/sip
diff --git a/testing/btest/core/leaks/snmp.test b/testing/btest/core/leaks/snmp.test
index c58c1f5b58..4f212d2699 100644
--- a/testing/btest/core/leaks/snmp.test
+++ b/testing/btest/core/leaks/snmp.test
@@ -5,6 +5,6 @@
 # @TEST-GROUP: leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/snmp/snmpv1_get.pcap -r $TRACES/snmp/snmpv1_get_short.pcap -r $TRACES/snmp/snmpv1_set.pcap -r $TRACES/snmp/snmpv1_trap.pcap -r $TRACES/snmp/snmpv2_get_bulk.pcap -r $TRACES/snmp/snmpv2_get_next.pcap -r $TRACES/snmp/snmpv2_get.pcap -r $TRACES/snmp/snmpv3_get_next.pcap $SCRIPTS/snmp-test.bro %INPUT
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 60
 
 @load base/protocols/snmp
diff --git a/testing/btest/core/leaks/ssh.test b/testing/btest/core/leaks/ssh.test
new file mode 100644
index 0000000000..714d7bb3eb
--- /dev/null
+++ b/testing/btest/core/leaks/ssh.test
@@ -0,0 +1,10 @@
+# Needs perftools support.
+#
+# @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
+#
+# @TEST-GROUP: leaks
+#
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/ssh/ssh.trace %INPUT
+# @TEST-EXEC: btest-bg-wait 60
+
+@load base/protocols/ssh
diff --git a/testing/btest/core/leaks/string-indexing.bro b/testing/btest/core/leaks/string-indexing.bro
index 13182e7d38..37f7868190 100644
--- a/testing/btest/core/leaks/string-indexing.bro
+++ b/testing/btest/core/leaks/string-indexing.bro
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 
 event new_connection(c: connection)
diff --git a/testing/btest/core/leaks/switch-statement.bro b/testing/btest/core/leaks/switch-statement.bro
index 67e3fc94ad..e5145f9227 100644
--- a/testing/btest/core/leaks/switch-statement.bro
+++ b/testing/btest/core/leaks/switch-statement.bro
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 type MyEnum: enum {
 	RED,
diff --git a/testing/btest/core/leaks/teredo.bro b/testing/btest/core/leaks/teredo.bro
index a97172271e..c83a501705 100644
--- a/testing/btest/core/leaks/teredo.bro
+++ b/testing/btest/core/leaks/teredo.bro
@@ -5,7 +5,7 @@
 # @TEST-GROUP: leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/Teredo.pcap %INPUT >output
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 60
 
 function print_teredo(name: string, outer: connection, inner: teredo_hdr)
 	{
diff --git a/testing/btest/core/leaks/test-all.bro b/testing/btest/core/leaks/test-all.bro
index 7cdccb202a..d4f8a040ec 100644
--- a/testing/btest/core/leaks/test-all.bro
+++ b/testing/btest/core/leaks/test-all.bro
@@ -5,4 +5,4 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/wikipedia.trace test-all-policy
-# @TEST-EXEC: btest-bg-wait 25
+# @TEST-EXEC: btest-bg-wait 60
diff --git a/testing/btest/core/leaks/vector-val-bifs.test b/testing/btest/core/leaks/vector-val-bifs.test
index 0cc81a099c..9e9caece69 100644
--- a/testing/btest/core/leaks/vector-val-bifs.test
+++ b/testing/btest/core/leaks/vector-val-bifs.test
@@ -9,7 +9,7 @@
 # leaked that memeory.
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/ftp/ipv4.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 60
 
 function myfunc(aa: interval, bb: interval): int
     {
diff --git a/testing/btest/core/leaks/while.bro b/testing/btest/core/leaks/while.bro
index eac6f2622e..44f17e9b69 100644
--- a/testing/btest/core/leaks/while.bro
+++ b/testing/btest/core/leaks/while.bro
@@ -2,7 +2,7 @@
 # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
 
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 60
 
 function test_noop()
 	{
diff --git a/testing/btest/core/leaks/x509_ocsp_verify.bro b/testing/btest/core/leaks/x509_ocsp_verify.bro
index 1b21e8609a..ab24f28ee8 100644
--- a/testing/btest/core/leaks/x509_ocsp_verify.bro
+++ b/testing/btest/core/leaks/x509_ocsp_verify.bro
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/ocsp-stapling.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 60
 
 @load base/protocols/ssl
 
diff --git a/testing/btest/core/leaks/x509_verify.bro b/testing/btest/core/leaks/x509_verify.bro
index f4a5ddc7d1..7db2581a8b 100644
--- a/testing/btest/core/leaks/x509_verify.bro
+++ b/testing/btest/core/leaks/x509_verify.bro
@@ -5,7 +5,7 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/tls-expired-cert.trace %INPUT
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 60
 
 @load base/protocols/ssl
 
diff --git a/testing/btest/doc/sphinx/conditional-notice.btest b/testing/btest/doc/sphinx/conditional-notice.btest
new file mode 100644
index 0000000000..ff3eea1132
--- /dev/null
+++ b/testing/btest/doc/sphinx/conditional-notice.btest
@@ -0,0 +1,2 @@
+@TEST-EXEC: btest-rst-cmd bro -r ${TRACES}/tls/tls-expired-cert.trace ${DOC_ROOT}/quickstart/conditional-notice.bro
+@TEST-EXEC: btest-rst-cmd cat notice.log
diff --git a/testing/btest/doc/sphinx/include-doc_frameworks_broker_connecting-connector_bro.btest b/testing/btest/doc/sphinx/include-doc_frameworks_broker_connecting-connector_bro.btest
new file mode 100644
index 0000000000..0953d88a3e
--- /dev/null
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_broker_connecting-connector_bro.btest
@@ -0,0 +1,23 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+connecting-connector.bro
+
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "connector";
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::connect("127.0.0.1", broker_port, 1sec);
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established",
+		  peer_address, peer_port, peer_name;
+	terminate();
+	}
diff --git a/testing/btest/doc/sphinx/include-doc_frameworks_broker_connecting-listener_bro.btest b/testing/btest/doc/sphinx/include-doc_frameworks_broker_connecting-listener_bro.btest
new file mode 100644
index 0000000000..2879beb396
--- /dev/null
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_broker_connecting-listener_bro.btest
@@ -0,0 +1,25 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+connecting-listener.bro
+
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "listener";
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established", peer_name;
+	}
+
+event BrokerComm::incoming_connection_broken(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_broken", peer_name;
+	terminate();
+	}
diff --git a/testing/btest/doc/sphinx/include-doc_frameworks_broker_events-connector_bro.btest b/testing/btest/doc/sphinx/include-doc_frameworks_broker_events-connector_bro.btest
new file mode 100644
index 0000000000..fe97fdb4ce
--- /dev/null
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_broker_events-connector_bro.btest
@@ -0,0 +1,35 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+events-connector.bro
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "connector";
+global my_event: event(msg: string, c: count);
+global my_auto_event: event(msg: string, c: count);
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::connect("127.0.0.1", broker_port, 1sec);
+	BrokerComm::auto_event("bro/event/my_auto_event", my_auto_event);
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established",
+	      peer_address, peer_port, peer_name;
+	BrokerComm::event("bro/event/my_event", BrokerComm::event_args(my_event, "hi", 0));
+	event my_auto_event("stuff", 88);
+	BrokerComm::event("bro/event/my_event", BrokerComm::event_args(my_event, "...", 1));
+	event my_auto_event("more stuff", 51);
+	BrokerComm::event("bro/event/my_event", BrokerComm::event_args(my_event, "bye", 2));
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
diff --git a/testing/btest/doc/sphinx/include-doc_frameworks_broker_events-listener_bro.btest b/testing/btest/doc/sphinx/include-doc_frameworks_broker_events-listener_bro.btest
new file mode 100644
index 0000000000..59e697601b
--- /dev/null
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_broker_events-listener_bro.btest
@@ -0,0 +1,41 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+events-listener.bro
+
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "listener";
+global msg_count = 0;
+global my_event: event(msg: string, c: count);
+global my_auto_event: event(msg: string, c: count);
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_events("bro/event/");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established", peer_name;
+	}
+
+event my_event(msg: string, c: count)
+	{
+	++msg_count;
+	print "got my_event", msg, c;
+
+	if ( msg_count == 5 )
+		terminate();
+	}
+
+event my_auto_event(msg: string, c: count)
+	{
+	++msg_count;
+	print "got my_auto_event", msg, c;
+
+	if ( msg_count == 5 )
+		terminate();
+	}
diff --git a/testing/btest/doc/sphinx/include-doc_frameworks_broker_logs-connector_bro.btest b/testing/btest/doc/sphinx/include-doc_frameworks_broker_logs-connector_bro.btest
new file mode 100644
index 0000000000..6884d5e4d6
--- /dev/null
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_broker_logs-connector_bro.btest
@@ -0,0 +1,44 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+logs-connector.bro
+
+@load ./testlog
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "connector";
+redef Log::enable_local_logging = F;
+redef Log::enable_remote_logging = F;
+global n = 0;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::enable_remote_logs(Test::LOG);
+	BrokerComm::connect("127.0.0.1", broker_port, 1sec);
+	}
+
+event do_write()
+	{
+	if ( n == 6 )
+		return;
+
+	Log::write(Test::LOG, [$msg = "ping", $num = n]);
+	++n;
+	event do_write();
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established",
+	      peer_address, peer_port, peer_name;
+	event do_write();
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
diff --git a/testing/btest/doc/sphinx/include-doc_frameworks_broker_logs-listener_bro.btest b/testing/btest/doc/sphinx/include-doc_frameworks_broker_logs-listener_bro.btest
new file mode 100644
index 0000000000..1610bde502
--- /dev/null
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_broker_logs-listener_bro.btest
@@ -0,0 +1,29 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+logs-listener.bro
+
+@load ./testlog
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "listener";
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_logs("bro/log/Test::LOG");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established", peer_name;
+	}
+
+event Test::log_test(rec: Test::Info)
+	{
+	print "wrote log", rec;
+
+	if ( rec$num == 5 )
+		terminate();
+	}
diff --git a/testing/btest/doc/sphinx/include-doc_frameworks_broker_printing-connector_bro.btest b/testing/btest/doc/sphinx/include-doc_frameworks_broker_printing-connector_bro.btest
new file mode 100644
index 0000000000..86ad4f459f
--- /dev/null
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_broker_printing-connector_bro.btest
@@ -0,0 +1,30 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+printing-connector.bro
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "connector";
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::connect("127.0.0.1", broker_port, 1sec);
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established",
+	      peer_address, peer_port, peer_name;
+	BrokerComm::print("bro/print/hi", "hello");
+	BrokerComm::print("bro/print/stuff", "...");
+	BrokerComm::print("bro/print/bye", "goodbye");
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
diff --git a/testing/btest/doc/sphinx/include-doc_frameworks_broker_printing-listener_bro.btest b/testing/btest/doc/sphinx/include-doc_frameworks_broker_printing-listener_bro.btest
new file mode 100644
index 0000000000..9cb48a0528
--- /dev/null
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_broker_printing-listener_bro.btest
@@ -0,0 +1,30 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+printing-listener.bro
+
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+redef BrokerComm::endpoint_name = "listener";
+global msg_count = 0;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_prints("bro/print/");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established", peer_name;
+	}
+
+event BrokerComm::print_handler(msg: string)
+	{
+	++msg_count;
+	print "got print message", msg;
+
+	if ( msg_count == 3 )
+		terminate();
+	}
diff --git a/testing/btest/doc/sphinx/include-doc_frameworks_broker_stores-connector_bro.btest b/testing/btest/doc/sphinx/include-doc_frameworks_broker_stores-connector_bro.btest
new file mode 100644
index 0000000000..6ca9e3b49b
--- /dev/null
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_broker_stores-connector_bro.btest
@@ -0,0 +1,57 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+stores-connector.bro
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+
+global h: opaque of BrokerStore::Handle;
+
+function dv(d: BrokerComm::Data): BrokerComm::DataVector
+	{
+	local rval: BrokerComm::DataVector;
+	rval[0] = d;
+	return rval;
+	}
+
+global ready: event();
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	local myset: set[string] = {"a", "b", "c"};
+	local myvec: vector of string = {"alpha", "beta", "gamma"};
+	h = BrokerStore::create_master("mystore");
+	BrokerStore::insert(h, BrokerComm::data("one"), BrokerComm::data(110));
+	BrokerStore::insert(h, BrokerComm::data("two"), BrokerComm::data(223));
+	BrokerStore::insert(h, BrokerComm::data("myset"), BrokerComm::data(myset));
+	BrokerStore::insert(h, BrokerComm::data("myvec"), BrokerComm::data(myvec));
+	BrokerStore::increment(h, BrokerComm::data("one"));
+	BrokerStore::decrement(h, BrokerComm::data("two"));
+	BrokerStore::add_to_set(h, BrokerComm::data("myset"), BrokerComm::data("d"));
+	BrokerStore::remove_from_set(h, BrokerComm::data("myset"), BrokerComm::data("b"));
+	BrokerStore::push_left(h, BrokerComm::data("myvec"), dv(BrokerComm::data("delta")));
+	BrokerStore::push_right(h, BrokerComm::data("myvec"), dv(BrokerComm::data("omega")));
+
+	when ( local res = BrokerStore::size(h) )
+		{
+		print "master size", res;
+		event ready();
+		}
+	timeout 10sec
+		{ print "timeout"; }
+	}
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::connect("127.0.0.1", broker_port, 1secs);
+	BrokerComm::auto_event("bro/event/ready", ready);
+	}
diff --git a/testing/btest/doc/sphinx/include-doc_frameworks_broker_stores-listener_bro.btest b/testing/btest/doc/sphinx/include-doc_frameworks_broker_stores-listener_bro.btest
new file mode 100644
index 0000000000..6942ec17d2
--- /dev/null
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_broker_stores-listener_bro.btest
@@ -0,0 +1,47 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+stores-listener.bro
+
+const broker_port: port = 9999/tcp &redef;
+redef exit_only_after_terminate = T;
+
+global h: opaque of BrokerStore::Handle;
+global expected_key_count = 4;
+global key_count = 0;
+
+function do_lookup(key: string)
+	{
+	when ( local res = BrokerStore::lookup(h, BrokerComm::data(key)) )
+		{
+		++key_count;
+		print "lookup", key, res;
+
+		if ( key_count == expected_key_count )
+			terminate();
+		}
+	timeout 10sec
+		{ print "timeout", key; }
+	}
+
+event ready()
+	{
+	h = BrokerStore::create_clone("mystore");
+
+	when ( local res = BrokerStore::keys(h) )
+		{
+		print "clone keys", res;
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 0)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 1)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 2)));
+		do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 3)));
+		}
+	timeout 10sec
+		{ print "timeout"; }
+	}
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_events("bro/event/ready");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
diff --git a/testing/btest/doc/sphinx/include-doc_frameworks_broker_testlog_bro.btest b/testing/btest/doc/sphinx/include-doc_frameworks_broker_testlog_bro.btest
new file mode 100644
index 0000000000..da2261ebc4
--- /dev/null
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_broker_testlog_bro.btest
@@ -0,0 +1,23 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+testlog.bro
+
+
+module Test;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Info: record {
+		msg: string &log;
+		num: count &log;
+	};
+
+	global log_test: event(rec: Test::Info);
+}
+
+event bro_init() &priority=5
+	{
+	BrokerComm::enable();
+	Log::create_stream(Test::LOG, [$columns=Test::Info, $ev=log_test, $path="test"]);
+	}
diff --git a/testing/btest/doc/sphinx/include-doc_frameworks_file_analysis_02_bro.btest b/testing/btest/doc/sphinx/include-doc_frameworks_file_analysis_02_bro.btest
index 5e86c8d685..7c0b7eb8f0 100644
--- a/testing/btest/doc/sphinx/include-doc_frameworks_file_analysis_02_bro.btest
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_file_analysis_02_bro.btest
@@ -2,10 +2,11 @@
 
 file_analysis_02.bro
 
-event file_mime_type(f: fa_file, mime_type: string)
+event file_sniff(f: fa_file, meta: fa_metadata)
     {
+	if ( ! meta?$mime_type ) return;
     print "new file", f$id;
-    if ( mime_type == "text/plain" )
+    if ( meta$mime_type == "text/plain" )
         Files::add_analyzer(f, Files::ANALYZER_MD5);
     }
 
diff --git a/testing/btest/doc/sphinx/include-doc_frameworks_notice_ssh_guesser_bro.btest b/testing/btest/doc/sphinx/include-doc_frameworks_notice_ssh_guesser_bro.btest
new file mode 100644
index 0000000000..11b77dd1ba
--- /dev/null
+++ b/testing/btest/doc/sphinx/include-doc_frameworks_notice_ssh_guesser_bro.btest
@@ -0,0 +1,14 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+notice_ssh_guesser.bro
+
+
+@load protocols/ssh/detect-bruteforcing
+
+redef SSH::password_guesses_limit=10;
+
+hook Notice::policy(n: Notice::Info)
+	{
+	if ( n$note == SSH::Password_Guessing && /192\.168\.56\.103/ in n$sub )
+		add n$actions[Notice::ACTION_EMAIL];
+	}
diff --git a/testing/btest/doc/sphinx/include-doc_httpmonitor_file_extraction_bro.btest b/testing/btest/doc/sphinx/include-doc_httpmonitor_file_extraction_bro.btest
index b193e4a530..729947ff72 100644
--- a/testing/btest/doc/sphinx/include-doc_httpmonitor_file_extraction_bro.btest
+++ b/testing/btest/doc/sphinx/include-doc_httpmonitor_file_extraction_bro.btest
@@ -11,15 +11,18 @@ global mime_to_ext: table[string] of string = {
 	["text/html"] = "html",
 };
 
-event file_mime_type(f: fa_file, mime_type: string)
+event file_sniff(f: fa_file, meta: fa_metadata)
 	{
 	if ( f$source != "HTTP" )
 		return;
 
-	if ( mime_type !in mime_to_ext )
+	if ( ! meta?$mime_type )
 		return;
 
-	local fname = fmt("%s-%s.%s", f$source, f$id, mime_to_ext[mime_type]);
+	if ( meta$mime_type !in mime_to_ext )
+		return;
+
+	local fname = fmt("%s-%s.%s", f$source, f$id, mime_to_ext[meta$mime_type]);
 	print fmt("Extracting file %s", fname);
 	Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);
-	}
\ No newline at end of file
+	}
diff --git a/testing/btest/doc/sphinx/include-doc_mimestats_mimestats_bro@4.btest b/testing/btest/doc/sphinx/include-doc_mimestats_mimestats_bro@4.btest
index 0e97a0b14e..10c7b6bb34 100644
--- a/testing/btest/doc/sphinx/include-doc_mimestats_mimestats_bro@4.btest
+++ b/testing/btest/doc/sphinx/include-doc_mimestats_mimestats_bro@4.btest
@@ -34,7 +34,7 @@ export {
 
 event bro_init() &priority=3
 	{
-	Log::create_stream(MimeMetrics::LOG, [$columns=Info]);
+	Log::create_stream(MimeMetrics::LOG, [$columns=Info, $path="mime_metrics"]);
 	local r1: SumStats::Reducer = [$stream="mime.bytes",
 	                               $apply=set(SumStats::SUM)];
 	local r2: SumStats::Reducer = [$stream="mime.hits", 
diff --git a/testing/btest/doc/sphinx/include-doc_quickstart_conditional-notice_bro.btest b/testing/btest/doc/sphinx/include-doc_quickstart_conditional-notice_bro.btest
new file mode 100644
index 0000000000..8412154ec4
--- /dev/null
+++ b/testing/btest/doc/sphinx/include-doc_quickstart_conditional-notice_bro.btest
@@ -0,0 +1,28 @@
+# @TEST-EXEC: cat %INPUT >output && btest-diff output
+
+conditional-notice.bro
+
+@load protocols/ssl/expiring-certs
+
+const watched_servers: set[addr] = {
+	87.98.220.10,
+} &redef;
+
+# Site::local_nets usually isn't something you need to modify if
+# BroControl automatically sets it up from networks.cfg.  It's
+# shown here for completeness.
+redef Site::local_nets += {
+	87.98.0.0/16,
+};
+
+hook Notice::policy(n: Notice::Info)
+	{
+	if ( n$note != SSL::Certificate_Expired )
+		return;
+
+	if ( n$id$resp_h !in watched_servers )
+		return;
+
+	add n$actions[Notice::ACTION_EMAIL];
+	}
+
diff --git a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_02_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_02_bro.btest
index 34af08d8f1..19932699b6 100644
--- a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_02_bro.btest
+++ b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_02_bro.btest
@@ -27,7 +27,7 @@ function factorial(n: count): count
 event bro_init()
     {
     # Create the logging stream.
-    Log::create_stream(LOG, [$columns=Info]);
+    Log::create_stream(LOG, [$columns=Info, $path="factor"]);
     }
 
 event bro_done()
diff --git a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_03_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_03_bro.btest
index 631875ba2a..d5d1c23b2b 100644
--- a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_03_bro.btest
+++ b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_03_bro.btest
@@ -4,7 +4,7 @@ framework_logging_factorial_03.bro
 
 event bro_init()
     {
-    Log::create_stream(LOG, [$columns=Info]);
+    Log::create_stream(LOG, [$columns=Info, $path="factor"]);
     
     local filter: Log::Filter = [$name="split-mod5s", $path_func=mod5];
     Log::add_filter(Factor::LOG, filter);
diff --git a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_04_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_04_bro.btest
index 035f8d90bc..c0f8d8ddac 100644
--- a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_04_bro.btest
+++ b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_04_bro.btest
@@ -26,7 +26,7 @@ function factorial(n: count): count
 
 event bro_init()
     {
-    Log::create_stream(LOG, [$columns=Info, $ev=log_factor]);
+    Log::create_stream(LOG, [$columns=Info, $ev=log_factor, $path="factor"]);
     }
 
 event bro_done()
diff --git a/testing/btest/doc/sphinx/include-scripts_base_protocols_conn_main_bro.btest b/testing/btest/doc/sphinx/include-scripts_base_protocols_conn_main_bro.btest
index 9966341119..83e9d5bea1 100644
--- a/testing/btest/doc/sphinx/include-scripts_base_protocols_conn_main_bro.btest
+++ b/testing/btest/doc/sphinx/include-scripts_base_protocols_conn_main_bro.btest
@@ -17,6 +17,7 @@ export {
 		resp_bytes:   count           &log &optional;
 		conn_state:   string          &log &optional;
 		local_orig:   bool            &log &optional;
+		local_resp:   bool            &log &optional;
 		missed_bytes: count           &log &default=0;
 		history:      string          &log &optional;
 		orig_pkts:     count      &log &optional;
diff --git a/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest b/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest
index af9ea0dc83..7905ffd953 100644
--- a/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest
+++ b/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest
@@ -31,7 +31,7 @@ export {
 			/^ftp[0-9]*\./  &redef;
 }
 
-event SSH::heuristic_successful_login(c: connection)
+event ssh_auth_successful(c: connection, auth_method_none: bool)
 	{
 	for ( host in set(c$id$orig_h, c$id$resp_h) )
 		{
diff --git a/testing/btest/doc/sphinx/notice_ssh_guesser.bro.btest b/testing/btest/doc/sphinx/notice_ssh_guesser.bro.btest
new file mode 100644
index 0000000000..50d6f17694
--- /dev/null
+++ b/testing/btest/doc/sphinx/notice_ssh_guesser.bro.btest
@@ -0,0 +1,2 @@
+@TEST-EXEC: btest-rst-cmd bro -C -r ${TRACES}/ssh/sshguess.pcap ${DOC_ROOT}/frameworks/notice_ssh_guesser.bro
+@TEST-EXEC: btest-rst-cmd cat notice.log
diff --git a/testing/btest/language/record-coerce-clash.bro b/testing/btest/language/record-coerce-clash.bro
new file mode 100644
index 0000000000..a0bd6f21ad
--- /dev/null
+++ b/testing/btest/language/record-coerce-clash.bro
@@ -0,0 +1,15 @@
+# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
+# Record coercion attempt should report mismatched field types.
+global wrong = "80/tcp";
+
+type myrec: record {
+	cid: conn_id;
+};
+
+event bro_init()
+	{
+	local mr: myrec;
+	mr = [$cid = [$orig_h=1.2.3.4,$orig_p=0/tcp,$resp_h=0.0.0.0,$resp_p=wrong]];
+	get_port_transport_proto(mr$cid$resp_p);
+	}
diff --git a/testing/btest/language/set-type-checking.bro b/testing/btest/language/set-type-checking.bro
index bf774fb9f9..3c82a29730 100644
--- a/testing/btest/language/set-type-checking.bro
+++ b/testing/btest/language/set-type-checking.bro
@@ -43,3 +43,18 @@ event bro_init()
     {
     local lea: MySet = set(1003); # type clash
     }
+
+type MyRecord: record {
+	user: string;
+	host: string;
+	host_port: count &default=22;
+	path: string;
+};
+
+global set_of_records: set[MyRecord];
+
+event bro_init()
+	{
+	# Set ctor w/ anonymous record ctor should coerce.
+	set_of_records = set([$user="testuser", $host="testhost", $path="testpath"]);
+	}
diff --git a/testing/btest/plugins/hooks-plugin/src/Plugin.cc b/testing/btest/plugins/hooks-plugin/src/Plugin.cc
index a9d0a529ba..407ad1c242 100644
--- a/testing/btest/plugins/hooks-plugin/src/Plugin.cc
+++ b/testing/btest/plugins/hooks-plugin/src/Plugin.cc
@@ -48,7 +48,7 @@ int Plugin::HookLoadFile(const std::string& file, const std::string& ext)
 	return -1;
 	}
 
-Val* Plugin::HookCallFunction(const Func* func, val_list* args)
+std::pair<bool, Val*> Plugin::HookCallFunction(const Func* func, Frame* frame, val_list* args)
 	{
 	ODesc d;
 	d.SetShort();
@@ -57,7 +57,7 @@ Val* Plugin::HookCallFunction(const Func* func, val_list* args)
 	fprintf(stderr, "%.6f %-15s %s\n", network_time, "| HookCallFunction",
 		d.Description());
 
-	return 0;
+	return std::pair<bool, Val*>(false, NULL);
 	}
 
 bool Plugin::HookQueueEvent(Event* event)
diff --git a/testing/btest/plugins/hooks-plugin/src/Plugin.h b/testing/btest/plugins/hooks-plugin/src/Plugin.h
index 3bfa66a83f..efbd25bc2d 100644
--- a/testing/btest/plugins/hooks-plugin/src/Plugin.h
+++ b/testing/btest/plugins/hooks-plugin/src/Plugin.h
@@ -11,7 +11,7 @@ class Plugin : public ::plugin::Plugin
 {
 protected:
 	virtual int HookLoadFile(const std::string& file, const std::string& ext);
-	virtual Val* HookCallFunction(const Func* func, val_list* args);
+	virtual std::pair<bool, Val*> HookCallFunction(const Func* func, Frame* frame, val_list* args);
 	virtual bool HookQueueEvent(Event* event);
 	virtual void HookDrainEvents();
 	virtual void HookUpdateNetworkTime(double network_time);
diff --git a/testing/btest/scripts/base/files/pe/basic.test b/testing/btest/scripts/base/files/pe/basic.test
new file mode 100644
index 0000000000..4ca9ceecef
--- /dev/null
+++ b/testing/btest/scripts/base/files/pe/basic.test
@@ -0,0 +1,5 @@
+# This tests the PE analyzer against a PCAP of 4 PE files being downloaded via FTP.
+# The files are a mix of DLL/EXEs, signed/unsigned, and 32/64-bit files.
+
+# @TEST-EXEC: bro -r $TRACES/pe/pe.trace %INPUT
+# @TEST-EXEC: btest-diff pe.log
diff --git a/testing/btest/scripts/base/frameworks/analyzer/register-for-port.bro b/testing/btest/scripts/base/frameworks/analyzer/register-for-port.bro
index f3b54177e2..a764cc79c3 100644
--- a/testing/btest/scripts/base/frameworks/analyzer/register-for-port.bro
+++ b/testing/btest/scripts/base/frameworks/analyzer/register-for-port.bro
@@ -1,8 +1,8 @@
 #
-# @TEST-EXEC: bro -r ${TRACES}/ssh-on-port-80.trace %INPUT dpd_buffer_size=0;
+# @TEST-EXEC: bro -r ${TRACES}/ssh/ssh-on-port-80.trace %INPUT dpd_buffer_size=0;
 # @TEST-EXEC: cat conn.log | bro-cut service | grep -q ssh
 #
-# @TEST-EXEC: bro -r ${TRACES}/ssh-on-port-80.trace dpd_buffer_size=0;
+# @TEST-EXEC: bro -r ${TRACES}/ssh/ssh-on-port-80.trace dpd_buffer_size=0;
 # @TEST-EXEC: cat conn.log | bro-cut service | grep -vq ssh
 
 event bro_init()
diff --git a/testing/btest/scripts/base/frameworks/input/missing-enum.bro b/testing/btest/scripts/base/frameworks/input/missing-enum.bro
new file mode 100644
index 0000000000..0d37aae453
--- /dev/null
+++ b/testing/btest/scripts/base/frameworks/input/missing-enum.bro
@@ -0,0 +1,37 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-diff bro/.stderr
+# @TEST-EXEC: btest-diff bro/.stdout
+
+@TEST-START-FILE input.log
+#fields	e	i
+IdoNot::Exist	1
+@TEST-END-FILE
+
+redef exit_only_after_terminate = T;
+
+module A;
+
+type Idx: record {
+	i: int;
+};
+
+type Val: record {
+	e: Log::ID;
+};
+
+global etable: table[int] of Log::ID = table();
+
+event bro_init()
+	{
+	# first read in the old stuff into the table...
+	Input::add_table([$source="../input.log", $name="enum", $idx=Idx, $val=Val, $destination=etable, $want_record=F]);
+	}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	print "Table:";
+	print etable;
+	Input::remove("enum");
+	terminate();
+	}
diff --git a/testing/btest/scripts/base/frameworks/input/raw/offset.bro b/testing/btest/scripts/base/frameworks/input/raw/offset.bro
new file mode 100644
index 0000000000..8161785fdd
--- /dev/null
+++ b/testing/btest/scripts/base/frameworks/input/raw/offset.bro
@@ -0,0 +1,45 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 5
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
+
+@TEST-START-FILE input.log
+sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
+@TEST-END-FILE
+
+redef exit_only_after_terminate = T;
+
+global outfile: file;
+global try: count;
+
+module A;
+
+type Val: record {
+	s: string;
+};
+
+event line(description: Input::EventDescription, tpe: Input::Event, s: string)
+	{
+	print outfile, s;
+	try = try + 1;
+	if ( try == 2 )
+		{
+		Input::remove("input");
+		close(outfile);
+		terminate();
+		}
+	}
+
+event bro_init()
+	{
+	try = 0;
+	outfile = open("../out");
+	local config_strings: table[string] of string = {
+		 ["offset"] = "2",
+	};
+	local config_strings_two: table[string] of string = {
+		 ["offset"] = "-3", # 2 characters before end, last char is newline.
+	};
+
+	Input::add_event([$source="../input.log", $config=config_strings, $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line, $want_record=F]);
+	Input::add_event([$source="../input.log", $config=config_strings_two, $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input2", $fields=Val, $ev=line, $want_record=F]);
+	}
diff --git a/testing/btest/scripts/base/frameworks/input/stream.bro b/testing/btest/scripts/base/frameworks/input/stream.bro
index ed497859aa..75228ee102 100644
--- a/testing/btest/scripts/base/frameworks/input/stream.bro
+++ b/testing/btest/scripts/base/frameworks/input/stream.bro
@@ -21,6 +21,7 @@ T	-43	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz
 F	-43	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
 @TEST-END-FILE
 
+@load base/frameworks/communication # keep network time running
 @load base/protocols/ssh
 redef exit_only_after_terminate = T;
 
diff --git a/testing/btest/scripts/base/frameworks/input/twotables.bro b/testing/btest/scripts/base/frameworks/input/twotables.bro
index f0bedb2673..0e4436afa2 100644
--- a/testing/btest/scripts/base/frameworks/input/twotables.bro
+++ b/testing/btest/scripts/base/frameworks/input/twotables.bro
@@ -30,6 +30,7 @@ T	-43	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz
 F	-44	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
 @TEST-END-FILE
 
+@load base/frameworks/communication # keep network time running
 @load base/protocols/ssh
 redef exit_only_after_terminate = T;
 
diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.bro
new file mode 100644
index 0000000000..3df3ea1d25
--- /dev/null
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.bro
@@ -0,0 +1,48 @@
+# @TEST-EXEC: bro -b %INPUT >output
+# @TEST-EXEC: btest-diff test.log
+# @TEST-EXEC: btest-diff output
+
+module Test;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Log: record {
+		s: string;
+	} &log;
+}
+
+event bro_init()
+{
+	local a = "abc\0def";
+	local b = escape_string(a);
+	local c = fmt("%s", a);
+
+	Log::create_stream(Test::LOG, [$columns=Log]);
+	Log::write(Test::LOG, [$s="AB\0CD\0"]);
+	Log::write(Test::LOG, [$s="AB\xffCD\0"]);
+	Log::write(Test::LOG, [$s="AB\\xffCD\0"]);
+	Log::write(Test::LOG, [$s=" "]);
+	Log::write(Test::LOG, [$s=b]);
+	Log::write(Test::LOG, [$s=" "]);
+	Log::write(Test::LOG, [$s=c]);
+	Log::write(Test::LOG, [$s=" "]);
+	Log::write(Test::LOG, [$s="foo \xc2\xae bar \\xc2\\xae baz"]);
+	Log::write(Test::LOG, [$s="foo\x00bar\\0baz"]);
+	Log::write(Test::LOG, [$s="foo \16 bar ^N baz"]);
+
+	print "AB\0CD\0";
+	print "AB\xffCD\0";
+	print "AB\\xffCD\0";
+	print "";
+	print b;
+	print "";
+	print c;
+	print "";
+	print "foo \xc2\xae bar \\xc2\\xae baz";
+	print "foo\x00bar\\0baz";
+	print "foo \16 bar ^N baz";
+
+	print "";
+}
+
diff --git a/testing/btest/scripts/base/protocols/conn/threshold.bro b/testing/btest/scripts/base/protocols/conn/threshold.bro
new file mode 100644
index 0000000000..13daa8fff0
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/conn/threshold.bro
@@ -0,0 +1,30 @@
+# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event connection_established(c: connection)
+	{
+	print fmt("Threshold set for %s", cat(c$id));
+	ConnThreshold::set_bytes_threshold(c, 1, T);
+	ConnThreshold::set_bytes_threshold(c, 2500, T);
+	ConnThreshold::set_bytes_threshold(c, 2700, T);
+	ConnThreshold::set_bytes_threshold(c, 3000, T);
+	ConnThreshold::delete_bytes_threshold(c, 3000, T);
+	ConnThreshold::set_bytes_threshold(c, 2000, F);
+
+	ConnThreshold::set_packets_threshold(c, 50, F);
+	ConnThreshold::set_packets_threshold(c, 51, F);
+	ConnThreshold::set_packets_threshold(c, 52, F);
+	ConnThreshold::delete_packets_threshold(c, 51, F);
+	ConnThreshold::set_packets_threshold(c, 63, T);
+	ConnThreshold::delete_packets_threshold(c, 63, T);
+	}
+
+event ConnThreshold::bytes_threshold_crossed(c: connection, threshold: count, is_orig: bool)
+	{
+	print "triggered bytes", c$id, threshold, is_orig;
+	}
+
+event ConnThreshold::packets_threshold_crossed(c: connection, threshold: count, is_orig: bool)
+	{
+	print "triggered packets", c$id, threshold, is_orig;
+	}
diff --git a/testing/btest/scripts/base/protocols/dns/flip.bro b/testing/btest/scripts/base/protocols/dns/flip.bro
new file mode 100644
index 0000000000..66987ee27d
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dns/flip.bro
@@ -0,0 +1,3 @@
+# @TEST-EXEC: bro -r $TRACES/dns53.pcap
+# @TEST-EXEC: btest-diff dns.log
+# If the DNS reply is seen first, should be able to correctly set orig/resp.
diff --git a/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.bro b/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.bro
new file mode 100644
index 0000000000..ccf397617e
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.bro
@@ -0,0 +1,10 @@
+# This tests an issue with interaction between zero length
+# http bodies and the file analysis code.  It is creating
+# files when there isn't actually any body there and shouldn't
+# create a file.
+#
+# @TEST-EXEC: bro -r $TRACES/http/zero-length-bodies-with-drops.pcap %INPUT
+
+# There shouldn't be a files log (no files!)
+# @TEST-EXEC: test ! -f files.log
+
diff --git a/testing/btest/scripts/base/protocols/krb/kinit.test b/testing/btest/scripts/base/protocols/krb/kinit.test
new file mode 100644
index 0000000000..d9e4097361
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/krb/kinit.test
@@ -0,0 +1,16 @@
+# This test exercises many of the Linux kinit options against a KDC
+
+# @TEST-EXEC: bro -b -r $TRACES/krb/kinit.trace %INPUT > output
+# @TEST-EXEC: btest-diff kerberos.log
+# @TEST-EXEC: btest-diff output
+
+@load base/protocols/krb
+
+event krb_ap_request(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options)
+	{
+	print "KRB_AP_REQUEST";
+	print ticket;
+	print opts;
+	}
+
+
diff --git a/testing/btest/scripts/base/protocols/krb/tgs.test b/testing/btest/scripts/base/protocols/krb/tgs.test
new file mode 100644
index 0000000000..bbf99762f6
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/krb/tgs.test
@@ -0,0 +1,7 @@
+# This test exercises a Kerberos authentication to a Kerberized SSH server
+
+# @TEST-EXEC: bro -b -r $TRACES/krb/auth.trace %INPUT
+# @TEST-EXEC: btest-diff kerberos.log
+
+@load base/protocols/krb
+
diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.bro b/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.bro
new file mode 100644
index 0000000000..99305087ba
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.bro
@@ -0,0 +1,4 @@
+# @TEST-EXEC: bro -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT
+# @TEST-EXEC: btest-diff rdp.log
+
+@load base/protocols/rdp
diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.bro b/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.bro
new file mode 100644
index 0000000000..1be2bd7e8e
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.bro
@@ -0,0 +1,5 @@
+# @TEST-EXEC: bro -r $TRACES/rdp/rdp-to-ssl.pcap %INPUT
+# @TEST-EXEC: btest-diff rdp.log
+# @TEST-EXEC: btest-diff ssl.log
+
+@load base/protocols/rdp
diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-x509.bro b/testing/btest/scripts/base/protocols/rdp/rdp-x509.bro
new file mode 100644
index 0000000000..ae1eb8b542
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/rdp/rdp-x509.bro
@@ -0,0 +1,5 @@
+# @TEST-EXEC: bro -r $TRACES/rdp/rdp-x509.pcap %INPUT
+# @TEST-EXEC: btest-diff rdp.log
+# @TEST-EXEC: btest-diff x509.log
+
+@load base/protocols/rdp
diff --git a/testing/btest/scripts/base/protocols/sip/wireshark.test b/testing/btest/scripts/base/protocols/sip/wireshark.test
new file mode 100644
index 0000000000..8c4611c880
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/sip/wireshark.test
@@ -0,0 +1,6 @@
+# This tests a PCAP with a few SIP commands from the Wireshark samples.
+
+# @TEST-EXEC: bro -b -r $TRACES/sip/wireshark.trace %INPUT
+# @TEST-EXEC: btest-diff sip.log
+
+@load base/protocols/sip
\ No newline at end of file
diff --git a/testing/btest/scripts/base/protocols/ssh/basic.test b/testing/btest/scripts/base/protocols/ssh/basic.test
new file mode 100644
index 0000000000..30e726e1f5
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/ssh/basic.test
@@ -0,0 +1,4 @@
+# This tests some SSH connections and the output log.
+
+# @TEST-EXEC: bro -r $TRACES/ssh/ssh.trace %INPUT
+# @TEST-EXEC: btest-diff ssh.log
\ No newline at end of file
diff --git a/testing/btest/scripts/base/protocols/ssl/common_name.test b/testing/btest/scripts/base/protocols/ssl/common_name.test
new file mode 100644
index 0000000000..fa14e19045
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/ssl/common_name.test
@@ -0,0 +1,13 @@
+# This tests a normal SSL connection and the log it outputs.
+
+# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
+# @TEST-EXEC: bro -C -r $TRACES/tls/cert-no-cn.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate)
+	{
+	if ( cert?$cn )
+		print cert$cn;
+	else
+		print "No CN";
+	}
diff --git a/testing/btest/scripts/base/protocols/ssl/dtls.test b/testing/btest/scripts/base/protocols/ssl/dtls.test
new file mode 100644
index 0000000000..46b74d2b78
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/ssl/dtls.test
@@ -0,0 +1,5 @@
+# This tests a normal SSL connection and the log it outputs.
+
+# @TEST-EXEC: bro -r $TRACES/tls/dtls-openssl.pcap %INPUT
+# @TEST-EXEC: btest-diff ssl.log
+# @TEST-EXEC: btest-diff x509.log
diff --git a/testing/btest/scripts/base/protocols/ssl/fragment.test b/testing/btest/scripts/base/protocols/ssl/fragment.test
new file mode 100644
index 0000000000..b01a78a07a
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/ssl/fragment.test
@@ -0,0 +1,12 @@
+# Test a heavily fragmented tls connection
+
+# @TEST-EXEC: cat $TRACES/tls/tls-fragmented-handshake.pcap.gz | gunzip | bro -r - %INPUT
+# @TEST-EXEC: btest-diff ssl.log
+# @TEST-EXEC: btest-diff .stdout
+
+# Certificate has 10,000 alternative names :)
+event x509_ext_subject_alternative_name(f: fa_file, ext: X509::SubjectAlternativeName)
+	{
+	print |ext$dns|;
+	}
+
diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test b/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test
index 1114335811..6424f263f1 100644
--- a/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test
+++ b/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test
@@ -1,6 +1,10 @@
 # @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
 # @TEST-EXEC: btest-diff .stdout
 
+redef SSL::root_certs += {
+	["OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x02\x3C\x30\x82\x01\xA5\x02\x10\x70\xBA\xE4\x1D\x10\xD9\x29\x34\xB6\x38\xCA\x7B\x03\xCC\xBA\xBF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x36\x30\x31\x32\x39\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xC9\x5C\x59\x9E\xF2\x1B\x8A\x01\x14\xB4\x10\xDF\x04\x40\xDB\xE3\x57\xAF\x6A\x45\x40\x8F\x84\x0C\x0B\xD1\x33\xD9\xD9\x11\xCF\xEE\x02\x58\x1F\x25\xF7\x2A\xA8\x44\x05\xAA\xEC\x03\x1F\x78\x7F\x9E\x93\xB9\x9A\x00\xAA\x23\x7D\xD6\xAC\x85\xA2\x63\x45\xC7\x72\x27\xCC\xF4\x4C\xC6\x75\x71\xD2\x39\xEF\x4F\x42\xF0\x75\xDF\x0A\x90\xC6\x8E\x20\x6F\x98\x0F\xF8\xAC\x23\x5F\x70\x29\x36\xA4\xC9\x86\xE7\xB1\x9A\x20\xCB\x53\xA5\x85\xE7\x3D\xBE\x7D\x9A\xFE\x24\x45\x33\xDC\x76\x15\xED\x0F\xA2\x71\x64\x4C\x65\x2E\x81\x68\x45\xA7\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x03\x81\x81\x00\xBB\x4C\x12\x2B\xCF\x2C\x26\x00\x4F\x14\x13\xDD\xA6\xFB\xFC\x0A\x11\x84\x8C\xF3\x28\x1C\x67\x92\x2F\x7C\xB6\xC5\xFA\xDF\xF0\xE8\x95\xBC\x1D\x8F\x6C\x2C\xA8\x51\xCC\x73\xD8\xA4\xC0\x53\xF0\x4E\xD6\x26\xC0\x76\x01\x57\x81\x92\x5E\x21\xF1\xD1\xB1\xFF\xE7\xD0\x21\x58\xCD\x69\x17\xE3\x44\x1C\x9C\x19\x44\x39\x89\x5C\xDC\x9C\x00\x0F\x56\x8D\x02\x99\xED\xA2\x90\x45\x4C\xE4\xBB\x10\xA4\x3D\xF0\x32\x03\x0E\xF1\xCE\xF8\xE8\xC9\x51\x8C\xE6\x62\x9F\xE6\x9F\xC0\x7D\xB7\x72\x9C\xC9\x36\x3A\x6B\x9F\x4E\xA8\xFF\x64\x0D\x64",
+};
+
 event ssl_stapled_ocsp(c: connection, is_orig: bool, response: string)
 	{
 	local chain: vector of opaque of x509 = vector();
diff --git a/testing/btest/scripts/policy/frameworks/files/extract-all.bro b/testing/btest/scripts/policy/frameworks/files/extract-all.bro
new file mode 100644
index 0000000000..f54b2e299d
--- /dev/null
+++ b/testing/btest/scripts/policy/frameworks/files/extract-all.bro
@@ -0,0 +1,2 @@
+# @TEST-EXEC: bro -r $TRACES/http/get.trace frameworks/files/extract-all-files
+# @TEST-EXEC: grep -q EXTRACT files.log
diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/certs.bro b/testing/btest/scripts/policy/frameworks/intel/seen/certs.bro
new file mode 100644
index 0000000000..afddc6b2d9
--- /dev/null
+++ b/testing/btest/scripts/policy/frameworks/intel/seen/certs.bro
@@ -0,0 +1,18 @@
+# @TEST-EXEC: bro -r $TRACES/tls/ecdsa-cert.pcap %INPUT
+# @TEST-EXEC: cat intel.log > intel-all.log
+# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT
+# @TEST-EXEC: cat intel.log >> intel-all.log
+# @TEST-EXEC: btest-diff intel-all.log
+
+@TEST-START-FILE intel.dat
+#fields	indicator	indicator_type	meta.source	meta.desc	meta.url
+www.pantz.org	Intel::DOMAIN	source1	test entry	http://some-data-distributor.com/100000
+www.dresdner-privat.de	Intel::DOMAIN	source1	test entry	http://some-data-distributor.com/100000
+@TEST-END-FILE
+
+@load base/frameworks/intel
+@load base/protocols/ssl
+@load frameworks/intel/seen
+
+redef Intel::read_files += { "intel.dat" };
+
diff --git a/testing/btest/scripts/policy/protocols/http/header-names.bro b/testing/btest/scripts/policy/protocols/http/header-names.bro
new file mode 100644
index 0000000000..30b1de7fdb
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/http/header-names.bro
@@ -0,0 +1,5 @@
+# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT
+# @TEST-EXEC: btest-diff http.log
+
+@load protocols/http/header-names
+redef HTTP::log_server_header_names=T;
diff --git a/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.bro b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.bro
new file mode 100644
index 0000000000..e28ebf5b49
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.bro
@@ -0,0 +1,5 @@
+# @TEST-EXEC: bro -C -r $TRACES/ssh/sshguess.pcap %INPUT
+# @TEST-EXEC: btest-diff notice.log
+
+@load protocols/ssh/detect-bruteforcing
+redef SSH::password_guesses_limit=10;
diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro
new file mode 100644
index 0000000000..795aa78c40
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro
@@ -0,0 +1,37 @@
+# @TEST-SERIALIZE: comm
+#
+# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT"
+# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-run proxy-1   "cp ../cluster-layout.bro . && CLUSTER_NODE=proxy-1 bro %INPUT"
+# @TEST-EXEC: btest-bg-run proxy-2   "cp ../cluster-layout.bro . && CLUSTER_NODE=proxy-2 bro %INPUT"
+# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/missing-intermediate.pcap %INPUT"
+# @TEST-EXEC: btest-bg-run worker-2  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/missing-intermediate.pcap %INPUT"
+# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: cat manager-1/ssl*.log > ssl.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-file-ids btest-diff ssl.log
+#
+
+redef Log::default_rotation_interval = 0secs;
+
+@TEST-START-FILE cluster-layout.bro
+redef Cluster::nodes = {
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
+	["proxy-1"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37758/tcp, $manager="manager-1", $workers=set("worker-1", "worker-2")],
+	["proxy-2"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37759/tcp, $manager="manager-1", $workers=set("worker-2")],
+	["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $proxy="proxy-1", $interface="eth0"],
+	["worker-2"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $proxy="proxy-1", $interface="eth1"],
+};
+@TEST-END-FILE
+
+event terminate_me() {
+	terminate();
+}
+
+event remote_connection_closed(p: event_peer) {
+	schedule 1sec { terminate_me() };
+}
+
+
+@load base/frameworks/cluster
+@load protocols/ssl/validate-certs.bro
diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro
new file mode 100644
index 0000000000..343b2fb196
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro
@@ -0,0 +1,6 @@
+# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl.log
+
+@load protocols/ssl/validate-certs.bro
+
+redef SSL::ssl_cache_intermediate_ca = F;
diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro
index 56408483f0..40e5e09361 100644
--- a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro
+++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro
@@ -1,4 +1,7 @@
 # @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT
-# @TEST-EXEC: btest-diff ssl.log
+# @TEST-EXEC: cat ssl.log > ssl-all.log
+# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl-all.log
 
-@load protocols/ssl/validate-certs
+@load protocols/ssl/validate-certs.bro
diff --git a/testing/btest/scripts/policy/protocols/ssl/weak-keys.bro b/testing/btest/scripts/policy/protocols/ssl/weak-keys.bro
index 42ef2ecc16..f4d51f8016 100644
--- a/testing/btest/scripts/policy/protocols/ssl/weak-keys.bro
+++ b/testing/btest/scripts/policy/protocols/ssl/weak-keys.bro
@@ -1,5 +1,10 @@
 # @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT
-# @TEST-EXEC: btest-diff notice.log
+# @TEST-EXEC: cp notice.log notice-out.log
+# @TEST-EXEC: bro -r $TRACES/tls/ssl-v2.trace %INPUT
+# @TEST-EXEC: cat notice.log >> notice-out.log
+# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT
+# @TEST-EXEC: cat notice.log >> notice-out.log
+# @TEST-EXEC: btest-diff notice-out.log
 
 @load protocols/ssl/weak-keys
 
diff --git a/testing/btest/scripts/site/local-compat.test b/testing/btest/scripts/site/local-compat.test
new file mode 100644
index 0000000000..b7ed0ad932
--- /dev/null
+++ b/testing/btest/scripts/site/local-compat.test
@@ -0,0 +1,189 @@
+# @TEST-EXEC: bro local-`cat $DIST/VERSION | sed 's/\([0-9].[0-9]\).*/\1/g'`.bro
+
+# This tests the compatibility of the past release's site/local.bro
+# script with the current version of Bro.  If the test fails because
+# it doesn't find the right file, that means everything stayed
+# compatibile between releases, so just add a TEST-START-FILE with
+# the contents the latest Bro version's site/local.bro script.
+# If the test fails while loading the old local.bro, it usually
+# indicates a note will need to be made in NEWS explaining to users
+# how to migrate to the new version and this test's TEST-START-FILE
+# should be updated with the latest contents of site/local.bro.
+
+@TEST-START-FILE local-2.4.bro
+##! Local site policy. Customize as appropriate. 
+##!
+##! This file will not be overwritten when upgrading or reinstalling!
+
+# This script logs which scripts were loaded during each run.
+@load misc/loaded-scripts
+
+# Apply the default tuning scripts for common tuning settings.
+@load tuning/defaults
+
+# Load the scan detection script.
+@load misc/scan
+
+# Log some information about web applications being used by users 
+# on your network.
+@load misc/app-stats
+
+# Detect traceroute being run on the network.  
+@load misc/detect-traceroute
+
+# Generate notices when vulnerable versions of software are discovered.
+# The default is to only monitor software found in the address space defined
+# as "local".  Refer to the software framework's documentation for more 
+# information.
+@load frameworks/software/vulnerable
+
+# Detect software changing (e.g. attacker installing hacked SSHD).
+@load frameworks/software/version-changes
+
+# This adds signatures to detect cleartext forward and reverse windows shells.
+@load-sigs frameworks/signatures/detect-windows-shells
+
+# Load all of the scripts that detect software in various protocols.
+@load protocols/ftp/software
+@load protocols/smtp/software
+@load protocols/ssh/software
+@load protocols/http/software
+# The detect-webapps script could possibly cause performance trouble when 
+# running on live traffic.  Enable it cautiously.
+#@load protocols/http/detect-webapps
+
+# This script detects DNS results pointing toward your Site::local_nets 
+# where the name is not part of your local DNS zone and is being hosted 
+# externally.  Requires that the Site::local_zones variable is defined.
+@load protocols/dns/detect-external-names
+
+# Script to detect various activity in FTP sessions.
+@load protocols/ftp/detect
+
+# Scripts that do asset tracking.
+@load protocols/conn/known-hosts
+@load protocols/conn/known-services
+@load protocols/ssl/known-certs
+
+# This script enables SSL/TLS certificate validation.
+@load protocols/ssl/validate-certs
+
+# This script prevents the logging of SSL CA certificates in x509.log
+@load protocols/ssl/log-hostcerts-only
+
+# Uncomment the following line to check each SSL certificate hash against the ICSI
+# certificate notary service; see http://notary.icsi.berkeley.edu .
+# @load protocols/ssl/notary
+
+# If you have libGeoIP support built in, do some geographic detections and 
+# logging for SSH traffic.
+@load protocols/ssh/geo-data
+# Detect hosts doing SSH bruteforce attacks.
+@load protocols/ssh/detect-bruteforcing
+# Detect logins using "interesting" hostnames.
+@load protocols/ssh/interesting-hostnames
+
+# Detect SQL injection attacks.
+@load protocols/http/detect-sqli
+
+#### Network File Handling ####
+
+# Enable MD5 and SHA1 hashing for all files.
+@load frameworks/files/hash-all-files
+
+# Detect SHA1 sums in Team Cymru's Malware Hash Registry.
+@load frameworks/files/detect-MHR
+
+# Uncomment the following line to enable detection of the heartbleed attack. Enabling
+# this might impact performance a bit.
+# @load policy/protocols/ssl/heartbleed
+@TEST-END-FILE
+
+@TEST-START-FILE local-2.3.bro
+##! Local site policy. Customize as appropriate. 
+##!
+##! This file will not be overwritten when upgrading or reinstalling!
+
+# This script logs which scripts were loaded during each run.
+@load misc/loaded-scripts
+
+# Apply the default tuning scripts for common tuning settings.
+@load tuning/defaults
+
+# Load the scan detection script.
+@load misc/scan
+
+# Log some information about web applications being used by users 
+# on your network.
+@load misc/app-stats
+
+# Detect traceroute being run on the network.  
+@load misc/detect-traceroute
+
+# Generate notices when vulnerable versions of software are discovered.
+# The default is to only monitor software found in the address space defined
+# as "local".  Refer to the software framework's documentation for more 
+# information.
+@load frameworks/software/vulnerable
+
+# Detect software changing (e.g. attacker installing hacked SSHD).
+@load frameworks/software/version-changes
+
+# This adds signatures to detect cleartext forward and reverse windows shells.
+@load-sigs frameworks/signatures/detect-windows-shells
+
+# Load all of the scripts that detect software in various protocols.
+@load protocols/ftp/software
+@load protocols/smtp/software
+@load protocols/ssh/software
+@load protocols/http/software
+# The detect-webapps script could possibly cause performance trouble when 
+# running on live traffic.  Enable it cautiously.
+#@load protocols/http/detect-webapps
+
+# This script detects DNS results pointing toward your Site::local_nets 
+# where the name is not part of your local DNS zone and is being hosted 
+# externally.  Requires that the Site::local_zones variable is defined.
+@load protocols/dns/detect-external-names
+
+# Script to detect various activity in FTP sessions.
+@load protocols/ftp/detect
+
+# Scripts that do asset tracking.
+@load protocols/conn/known-hosts
+@load protocols/conn/known-services
+@load protocols/ssl/known-certs
+
+# This script enables SSL/TLS certificate validation.
+@load protocols/ssl/validate-certs
+
+# This script prevents the logging of SSL CA certificates in x509.log
+@load protocols/ssl/log-hostcerts-only
+
+# Uncomment the following line to check each SSL certificate hash against the ICSI
+# certificate notary service; see http://notary.icsi.berkeley.edu .
+# @load protocols/ssl/notary
+
+# If you have libGeoIP support built in, do some geographic detections and 
+# logging for SSH traffic.
+@load protocols/ssh/geo-data
+# Detect hosts doing SSH bruteforce attacks.
+@load protocols/ssh/detect-bruteforcing
+# Detect logins using "interesting" hostnames.
+@load protocols/ssh/interesting-hostnames
+
+# Detect SQL injection attacks.
+@load protocols/http/detect-sqli
+
+#### Network File Handling ####
+
+# Enable MD5 and SHA1 hashing for all files.
+@load frameworks/files/hash-all-files
+
+# Detect SHA1 sums in Team Cymru's Malware Hash Registry.
+@load frameworks/files/detect-MHR
+
+# Uncomment the following line to enable detection of the heartbleed attack. Enabling
+# this might impact performance a bit.
+# @load policy/protocols/ssl/heartbleed
+@TEST-END-FILE
diff --git a/testing/btest/signatures/udp-packetwise-match.bro b/testing/btest/signatures/udp-packetwise-match.bro
new file mode 100644
index 0000000000..706b632dd7
--- /dev/null
+++ b/testing/btest/signatures/udp-packetwise-match.bro
@@ -0,0 +1,53 @@
+# @TEST-EXEC: bro -r $TRACES/udp-signature-test.pcap %INPUT | sort >out
+# @TEST-EXEC: btest-diff out
+
+@load-sigs test.sig
+
+@TEST-START-FILE test.sig
+signature xxxx {
+ ip-proto = udp
+ payload /XXXX/
+ event "Found XXXX"
+}
+
+signature axxxx {
+ ip-proto = udp
+ payload /^XXXX/
+ event "Found ^XXXX"
+}
+
+signature sxxxx {
+ ip-proto = udp
+ payload /.*XXXX/
+ event "Found .*XXXX"
+}
+
+signature yyyy {
+ ip-proto = udp
+ payload /YYYY/
+ event "Found YYYY"
+}
+
+signature ayyyy {
+ ip-proto = udp
+ payload /^YYYY/
+ event "Found ^YYYY"
+}
+
+signature syyyy {
+ ip-proto = udp
+ payload /.*YYYY/
+ event "Found .*YYYY"
+}
+
+signature nope {
+ ip-proto = udp
+ payload /.*nope/
+ event "Found .*nope"
+}
+@TEST-END-FILE
+
+event signature_match(state: signature_state, msg: string, data: string)
+	{
+	print "signature match", msg, data;
+	}
diff --git a/testing/external/scripts/external-ca-list.bro b/testing/external/scripts/external-ca-list.bro
new file mode 100644
index 0000000000..7450692fdd
--- /dev/null
+++ b/testing/external/scripts/external-ca-list.bro
@@ -0,0 +1,158 @@
+# Don't edit!  This file is automatically generated.
+# Generated at: 2014-02-28 03:34:22 -0800
+# Generated from: http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1
+#
+# The original source file comes with this licensing statement:
+#
+#   This Source Code Form is subject to the terms of the Mozilla Public
+#   License, v. 2.0. If a copy of the MPL was not distributed with this
+#   file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+@load base/protocols/ssl
+module SSL;
+redef root_certs += {
+	["emailAddress=server-certs@thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA"] = "\x30\x82\x03\x13\x30\x82\x02\x7C\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x81\xC4\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5A\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0C\x57\x65\x73\x74\x65\x72\x6E\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6F\x77\x6E\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6F\x6E\x73\x75\x6C\x74\x69\x6E\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x54\x68\x61\x77\x74\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x26\x30\x24\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x17\x73\x65\x72\x76\x65\x72\x2D\x63\x65\x72\x74\x73\x40\x74\x68\x61\x77\x74\x65\x2E\x63\x6F\x6D\x30\x1E\x17\x0D\x39\x36\x30\x38\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x30\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xC4\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5A\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0C\x57\x65\x73\x74\x65\x72\x6E\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6F\x77\x6E\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6F\x6E\x73\x75\x6C\x74\x69\x6E\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x54\x68\x61\x77\x74\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x26\x30\x24\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x17\x73\x65\x72\x76\x65\x72\x2D\x63\x65\x72\x74\x73\x40\x74\x68\x61\x77\x74\x65\x2E\x63\x6F\x6D\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xD3\xA4\x50\x6E\xC8\xFF\x56\x6B\xE6\xCF\x5D\xB6\xEA\x0C\x68\x75\x47\xA2\xAA\xC2\xDA\x84\x25\xFC\xA8\xF4\x47\x51\xDA\x85\xB5\x20\x74\x94\x86\x1E\x0F\x75\xC9\xE9\x08\x61\xF5\x06\x6D\x30\x6E\x15\x19\x02\xE9\x52\xC0\x62\xDB\x4D\x99\x9E\xE2\x6A\x0C\x44\x38\xCD\xFE\xBE\xE3\x64\x09\x70\xC5\xFE\xB1\x6B\x29\xB6\x2F\x49\xC8\x3B\xD4\x27\x04\x25\x10\x97\x2F\xE7\x90\x6D\xC0\x28\x42\x99\xD7\x4C\x43\xDE\xC3\xF5\x21\x6D\x54\x9F\x5D\xC3\x58\xE1\xC0\xE4\xD9\x5B\xB0\xB8\xDC\xB4\x7B\xDF\x36\x3A\xC2\xB5\x66\x22\x12\xD6\x87\x0D\x02\x03\x01\x00\x01\xA3\x13\x30\x11\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x07\xFA\x4C\x69\x5C\xFB\x95\xCC\x46\xEE\x85\x83\x4D\x21\x30\x8E\xCA\xD9\xA8\x6F\x49\x1A\xE6\xDA\x51\xE3\x60\x70\x6C\x84\x61\x11\xA1\x1A\xC8\x48\x3E\x59\x43\x7D\x4F\x95\x3D\xA1\x8B\xB7\x0B\x62\x98\x7A\x75\x8A\xDD\x88\x4E\x4E\x9E\x40\xDB\xA8\xCC\x32\x74\xB9\x6F\x0D\xC6\xE3\xB3\x44\x0B\xD9\x8A\x6F\x9A\x29\x9B\x99\x18\x28\x3B\xD1\xE3\x40\x28\x9A\x5A\x3C\xD5\xB5\xE7\x20\x1B\x8B\xCA\xA4\xAB\x8D\xE9\x51\xD9\xE2\x4C\x2C\x59\xA9\xDA\xB9\xB2\x75\x1B\xF6\x42\xF2\xEF\xC7\xF2\x18\xF9\x89\xBC\xA3\xFF\x8A\x23\x2E\x70\x47",
+	["emailAddress=premium-server@thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA"] = "\x30\x82\x03\x27\x30\x82\x02\x90\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x81\xCE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5A\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0C\x57\x65\x73\x74\x65\x72\x6E\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6F\x77\x6E\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6F\x6E\x73\x75\x6C\x74\x69\x6E\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x54\x68\x61\x77\x74\x65\x20\x50\x72\x65\x6D\x69\x75\x6D\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x28\x30\x26\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x19\x70\x72\x65\x6D\x69\x75\x6D\x2D\x73\x65\x72\x76\x65\x72\x40\x74\x68\x61\x77\x74\x65\x2E\x63\x6F\x6D\x30\x1E\x17\x0D\x39\x36\x30\x38\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x30\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xCE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5A\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0C\x57\x65\x73\x74\x65\x72\x6E\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6F\x77\x6E\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6F\x6E\x73\x75\x6C\x74\x69\x6E\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x54\x68\x61\x77\x74\x65\x20\x50\x72\x65\x6D\x69\x75\x6D\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x28\x30\x26\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x19\x70\x72\x65\x6D\x69\x75\x6D\x2D\x73\x65\x72\x76\x65\x72\x40\x74\x68\x61\x77\x74\x65\x2E\x63\x6F\x6D\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xD2\x36\x36\x6A\x8B\xD7\xC2\x5B\x9E\xDA\x81\x41\x62\x8F\x38\xEE\x49\x04\x55\xD6\xD0\xEF\x1C\x1B\x95\x16\x47\xEF\x18\x48\x35\x3A\x52\xF4\x2B\x6A\x06\x8F\x3B\x2F\xEA\x56\xE3\xAF\x86\x8D\x9E\x17\xF7\x9E\xB4\x65\x75\x02\x4D\xEF\xCB\x09\xA2\x21\x51\xD8\x9B\xD0\x67\xD0\xBA\x0D\x92\x06\x14\x73\xD4\x93\xCB\x97\x2A\x00\x9C\x5C\x4E\x0C\xBC\xFA\x15\x52\xFC\xF2\x44\x6E\xDA\x11\x4A\x6E\x08\x9F\x2F\x2D\xE3\xF9\xAA\x3A\x86\x73\xB6\x46\x53\x58\xC8\x89\x05\xBD\x83\x11\xB8\x73\x3F\xAA\x07\x8D\xF4\x42\x4D\xE7\x40\x9D\x1C\x37\x02\x03\x01\x00\x01\xA3\x13\x30\x11\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x26\x48\x2C\x16\xC2\x58\xFA\xE8\x16\x74\x0C\xAA\xAA\x5F\x54\x3F\xF2\xD7\xC9\x78\x60\x5E\x5E\x6E\x37\x63\x22\x77\x36\x7E\xB2\x17\xC4\x34\xB9\xF5\x08\x85\xFC\xC9\x01\x38\xFF\x4D\xBE\xF2\x16\x42\x43\xE7\xBB\x5A\x46\xFB\xC1\xC6\x11\x1F\xF1\x4A\xB0\x28\x46\xC9\xC3\xC4\x42\x7D\xBC\xFA\xAB\x59\x6E\xD5\xB7\x51\x88\x11\xE3\xA4\x85\x19\x6B\x82\x4C\xA4\x0C\x12\xAD\xE9\xA4\xAE\x3F\xF1\xC3\x49\x65\x9A\x8C\xC5\xC8\x3E\x25\xB7\x94\x99\xBB\x92\x32\x71\x07\xF0\x86\x5E\xED\x50\x27\xA6\x0D\xA6\x23\xF9\xBB\xCB\xA6\x07\x14\x42",
+	["OU=Equifax Secure Certificate Authority,O=Equifax,C=US"] = "\x30\x82\x03\x20\x30\x82\x02\x89\xA0\x03\x02\x01\x02\x02\x04\x35\xDE\xF4\xCF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2D\x30\x2B\x06\x03\x55\x04\x0B\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5A\x17\x0D\x31\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5A\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2D\x30\x2B\x06\x03\x55\x04\x0B\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xC1\x5D\xB1\x58\x67\x08\x62\xEE\xA0\x9A\x2D\x1F\x08\x6D\x91\x14\x68\x98\x0A\x1E\xFE\xDA\x04\x6F\x13\x84\x62\x21\xC3\xD1\x7C\xCE\x9F\x05\xE0\xB8\x01\xF0\x4E\x34\xEC\xE2\x8A\x95\x04\x64\xAC\xF1\x6B\x53\x5F\x05\xB3\xCB\x67\x80\xBF\x42\x02\x8E\xFE\xDD\x01\x09\xEC\xE1\x00\x14\x4F\xFC\xFB\xF0\x0C\xDD\x43\xBA\x5B\x2B\xE1\x1F\x80\x70\x99\x15\x57\x93\x16\xF1\x0F\x97\x6A\xB7\xC2\x68\x23\x1C\xCC\x4D\x59\x30\xAC\x51\x1E\x3B\xAF\x2B\xD6\xEE\x63\x45\x7B\xC5\xD9\x5F\x50\xD2\xE3\x50\x0F\x3A\x88\xE7\xBF\x14\xFD\xE0\xC7\xB9\x02\x03\x01\x00\x01\xA3\x82\x01\x09\x30\x82\x01\x05\x30\x70\x06\x03\x55\x1D\x1F\x04\x69\x30\x67\x30\x65\xA0\x63\xA0\x61\xA4\x5F\x30\x5D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2D\x30\x2B\x06\x03\x55\x04\x0B\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x1A\x06\x03\x55\x1D\x10\x04\x13\x30\x11\x81\x0F\x32\x30\x31\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x48\xE6\x68\xF9\x2B\xD2\xB2\x95\xD7\x47\xD8\x23\x20\x10\x4F\x33\x98\x90\x9F\xD4\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x48\xE6\x68\xF9\x2B\xD2\xB2\x95\xD7\x47\xD8\x23\x20\x10\x4F\x33\x98\x90\x9F\xD4\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x1A\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x0D\x30\x0B\x1B\x05\x56\x33\x2E\x30\x63\x03\x02\x06\xC0\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x58\xCE\x29\xEA\xFC\xF7\xDE\xB5\xCE\x02\xB9\x17\xB5\x85\xD1\xB9\xE3\xE0\x95\xCC\x25\x31\x0D\x00\xA6\x92\x6E\x7F\xB6\x92\x63\x9E\x50\x95\xD1\x9A\x6F\xE4\x11\xDE\x63\x85\x6E\x98\xEE\xA8\xFF\x5A\xC8\xD3\x55\xB2\x66\x71\x57\xDE\xC0\x21\xEB\x3D\x2A\xA7\x23\x49\x01\x04\x86\x42\x7B\xFC\xEE\x7F\xA2\x16\x52\xB5\x67\x67\xD3\x40\xDB\x3B\x26\x58\xB2\x28\x77\x3D\xAE\x14\x77\x61\xD6\xFA\x2A\x66\x27\xA0\x0D\xFA\xA7\x73\x5C\xEA\x70\xF1\x94\x21\x65\x44\x5F\xFA\xFC\xEF\x29\x68\xA9\xA2\x87\x79\xEF\x79\xEF\x4F\xAC\x07\x77\x38",
+	["OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x02\x3C\x30\x82\x01\xA5\x02\x10\x70\xBA\xE4\x1D\x10\xD9\x29\x34\xB6\x38\xCA\x7B\x03\xCC\xBA\xBF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x36\x30\x31\x32\x39\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xC9\x5C\x59\x9E\xF2\x1B\x8A\x01\x14\xB4\x10\xDF\x04\x40\xDB\xE3\x57\xAF\x6A\x45\x40\x8F\x84\x0C\x0B\xD1\x33\xD9\xD9\x11\xCF\xEE\x02\x58\x1F\x25\xF7\x2A\xA8\x44\x05\xAA\xEC\x03\x1F\x78\x7F\x9E\x93\xB9\x9A\x00\xAA\x23\x7D\xD6\xAC\x85\xA2\x63\x45\xC7\x72\x27\xCC\xF4\x4C\xC6\x75\x71\xD2\x39\xEF\x4F\x42\xF0\x75\xDF\x0A\x90\xC6\x8E\x20\x6F\x98\x0F\xF8\xAC\x23\x5F\x70\x29\x36\xA4\xC9\x86\xE7\xB1\x9A\x20\xCB\x53\xA5\x85\xE7\x3D\xBE\x7D\x9A\xFE\x24\x45\x33\xDC\x76\x15\xED\x0F\xA2\x71\x64\x4C\x65\x2E\x81\x68\x45\xA7\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x03\x81\x81\x00\xBB\x4C\x12\x2B\xCF\x2C\x26\x00\x4F\x14\x13\xDD\xA6\xFB\xFC\x0A\x11\x84\x8C\xF3\x28\x1C\x67\x92\x2F\x7C\xB6\xC5\xFA\xDF\xF0\xE8\x95\xBC\x1D\x8F\x6C\x2C\xA8\x51\xCC\x73\xD8\xA4\xC0\x53\xF0\x4E\xD6\x26\xC0\x76\x01\x57\x81\x92\x5E\x21\xF1\xD1\xB1\xFF\xE7\xD0\x21\x58\xCD\x69\x17\xE3\x44\x1C\x9C\x19\x44\x39\x89\x5C\xDC\x9C\x00\x0F\x56\x8D\x02\x99\xED\xA2\x90\x45\x4C\xE4\xBB\x10\xA4\x3D\xF0\x32\x03\x0E\xF1\xCE\xF8\xE8\xC9\x51\x8C\xE6\x62\x9F\xE6\x9F\xC0\x7D\xB7\x72\x9C\xC9\x36\x3A\x6B\x9F\x4E\xA8\xFF\x64\x0D\x64",
+	["OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x03\x02\x30\x82\x02\x6B\x02\x10\x7D\xD9\xFE\x07\xCF\xA8\x1E\xB7\x10\x79\x67\xFB\xA7\x89\x34\xC6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xC1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x0B\x13\x33\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x30\x1E\x17\x0D\x39\x38\x30\x35\x31\x38\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xC1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x0B\x13\x33\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xCC\x5E\xD1\x11\x5D\x5C\x69\xD0\xAB\xD3\xB9\x6A\x4C\x99\x1F\x59\x98\x30\x8E\x16\x85\x20\x46\x6D\x47\x3F\xD4\x85\x20\x84\xE1\x6D\xB3\xF8\xA4\xED\x0C\xF1\x17\x0F\x3B\xF9\xA7\xF9\x25\xD7\xC1\xCF\x84\x63\xF2\x7C\x63\xCF\xA2\x47\xF2\xC6\x5B\x33\x8E\x64\x40\x04\x68\xC1\x80\xB9\x64\x1C\x45\x77\xC7\xD8\x6E\xF5\x95\x29\x3C\x50\xE8\x34\xD7\x78\x1F\xA8\xBA\x6D\x43\x91\x95\x8F\x45\x57\x5E\x7E\xC5\xFB\xCA\xA4\x04\xEB\xEA\x97\x37\x54\x30\x6F\xBB\x01\x47\x32\x33\xCD\xDC\x57\x9B\x64\x69\x61\xF8\x9B\x1D\x1C\x89\x4F\x5C\x67\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x51\x4D\xCD\xBE\x5C\xCB\x98\x19\x9C\x15\xB2\x01\x39\x78\x2E\x4D\x0F\x67\x70\x70\x99\xC6\x10\x5A\x94\xA4\x53\x4D\x54\x6D\x2B\xAF\x0D\x5D\x40\x8B\x64\xD3\xD7\xEE\xDE\x56\x61\x92\x5F\xA6\xC4\x1D\x10\x61\x36\xD3\x2C\x27\x3C\xE8\x29\x09\xB9\x11\x64\x74\xCC\xB5\x73\x9F\x1C\x48\xA9\xBC\x61\x01\xEE\xE2\x17\xA6\x0C\xE3\x40\x08\x3B\x0E\xE7\xEB\x44\x73\x2A\x9A\xF1\x69\x92\xEF\x71\x14\xC3\x39\xAC\x71\xA7\x91\x09\x6F\xE4\x71\x06\xB3\xBA\x59\x57\x26\x79\x00\xF6\xF8\x0D\xA2\x33\x30\x28\xD4\xAA\x58\xA0\x9D\x9D\x69\x91\xFD",
+	["CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE"] = "\x30\x82\x03\x75\x30\x82\x02\x5D\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x15\x4B\x5A\xC3\x94\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x39\x38\x30\x39\x30\x31\x31\x32\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x31\x32\x38\x31\x32\x30\x30\x30\x30\x5A\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDA\x0E\xE6\x99\x8D\xCE\xA3\xE3\x4F\x8A\x7E\xFB\xF1\x8B\x83\x25\x6B\xEA\x48\x1F\xF1\x2A\xB0\xB9\x95\x11\x04\xBD\xF0\x63\xD1\xE2\x67\x66\xCF\x1C\xDD\xCF\x1B\x48\x2B\xEE\x8D\x89\x8E\x9A\xAF\x29\x80\x65\xAB\xE9\xC7\x2D\x12\xCB\xAB\x1C\x4C\x70\x07\xA1\x3D\x0A\x30\xCD\x15\x8D\x4F\xF8\xDD\xD4\x8C\x50\x15\x1C\xEF\x50\xEE\xC4\x2E\xF7\xFC\xE9\x52\xF2\x91\x7D\xE0\x6D\xD5\x35\x30\x8E\x5E\x43\x73\xF2\x41\xE9\xD5\x6A\xE3\xB2\x89\x3A\x56\x39\x38\x6F\x06\x3C\x88\x69\x5B\x2A\x4D\xC5\xA7\x54\xB8\x6C\x89\xCC\x9B\xF9\x3C\xCA\xE5\xFD\x89\xF5\x12\x3C\x92\x78\x96\xD6\xDC\x74\x6E\x93\x44\x61\xD1\x8D\xC7\x46\xB2\x75\x0E\x86\xE8\x19\x8A\xD5\x6D\x6C\xD5\x78\x16\x95\xA2\xE9\xC8\x0A\x38\xEB\xF2\x24\x13\x4F\x73\x54\x93\x13\x85\x3A\x1B\xBC\x1E\x34\xB5\x8B\x05\x8C\xB9\x77\x8B\xB1\xDB\x1F\x20\x91\xAB\x09\x53\x6E\x90\xCE\x7B\x37\x74\xB9\x70\x47\x91\x22\x51\x63\x16\x79\xAE\xB1\xAE\x41\x26\x08\xC8\x19\x2B\xD1\x46\xAA\x48\xD6\x64\x2A\xD7\x83\x34\xFF\x2C\x2A\xC1\x6C\x19\x43\x4A\x07\x85\xE7\xD3\x7C\xF6\x21\x68\xEF\xEA\xF2\x52\x9F\x7F\x93\x90\xCF\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x60\x7B\x66\x1A\x45\x0D\x97\xCA\x89\x50\x2F\x7D\x04\xCD\x34\xA8\xFF\xFC\xFD\x4B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xD6\x73\xE7\x7C\x4F\x76\xD0\x8D\xBF\xEC\xBA\xA2\xBE\x34\xC5\x28\x32\xB5\x7C\xFC\x6C\x9C\x2C\x2B\xBD\x09\x9E\x53\xBF\x6B\x5E\xAA\x11\x48\xB6\xE5\x08\xA3\xB3\xCA\x3D\x61\x4D\xD3\x46\x09\xB3\x3E\xC3\xA0\xE3\x63\x55\x1B\xF2\xBA\xEF\xAD\x39\xE1\x43\xB9\x38\xA3\xE6\x2F\x8A\x26\x3B\xEF\xA0\x50\x56\xF9\xC6\x0A\xFD\x38\xCD\xC4\x0B\x70\x51\x94\x97\x98\x04\xDF\xC3\x5F\x94\xD5\x15\xC9\x14\x41\x9C\xC4\x5D\x75\x64\x15\x0D\xFF\x55\x30\xEC\x86\x8F\xFF\x0D\xEF\x2C\xB9\x63\x46\xF6\xAA\xFC\xDF\xBC\x69\xFD\x2E\x12\x48\x64\x9A\xE0\x95\xF0\xA6\xEF\x29\x8F\x01\xB1\x15\xB5\x0C\x1D\xA5\xFE\x69\x2C\x69\x24\x78\x1E\xB3\xA7\x1C\x71\x62\xEE\xCA\xC8\x97\xAC\x17\x5D\x8A\xC2\xF8\x47\x86\x6E\x2A\xC4\x56\x31\x95\xD0\x67\x89\x85\x2B\xF9\x6C\xA6\x5D\x46\x9D\x0C\xAA\x82\xE4\x99\x51\xDD\x70\xB7\xDB\x56\x3D\x61\xE4\x6A\xE1\x5C\xD6\xF6\xFE\x3D\xDE\x41\xCC\x07\xAE\x63\x52\xBF\x53\x53\xF4\x2B\xE9\xC7\xFD\xB6\xF7\x82\x5F\x85\xD2\x41\x18\xDB\x81\xB3\x04\x1C\xC5\x1F\xA4\x80\x6F\x15\x20\xC9\xDE\x0C\x88\x0A\x1D\xD6\x66\x55\xE2\xFC\x48\xC9\x29\x26\x69\xE0",
+	["CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2"] = "\x30\x82\x03\xBA\x30\x82\x02\xA2\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x0F\x86\x26\xE6\x0D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x32\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x1E\x17\x0D\x30\x36\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5A\x17\x0D\x32\x31\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5A\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x32\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA6\xCF\x24\x0E\xBE\x2E\x6F\x28\x99\x45\x42\xC4\xAB\x3E\x21\x54\x9B\x0B\xD3\x7F\x84\x70\xFA\x12\xB3\xCB\xBF\x87\x5F\xC6\x7F\x86\xD3\xB2\x30\x5C\xD6\xFD\xAD\xF1\x7B\xDC\xE5\xF8\x60\x96\x09\x92\x10\xF5\xD0\x53\xDE\xFB\x7B\x7E\x73\x88\xAC\x52\x88\x7B\x4A\xA6\xCA\x49\xA6\x5E\xA8\xA7\x8C\x5A\x11\xBC\x7A\x82\xEB\xBE\x8C\xE9\xB3\xAC\x96\x25\x07\x97\x4A\x99\x2A\x07\x2F\xB4\x1E\x77\xBF\x8A\x0F\xB5\x02\x7C\x1B\x96\xB8\xC5\xB9\x3A\x2C\xBC\xD6\x12\xB9\xEB\x59\x7D\xE2\xD0\x06\x86\x5F\x5E\x49\x6A\xB5\x39\x5E\x88\x34\xEC\xBC\x78\x0C\x08\x98\x84\x6C\xA8\xCD\x4B\xB4\xA0\x7D\x0C\x79\x4D\xF0\xB8\x2D\xCB\x21\xCA\xD5\x6C\x5B\x7D\xE1\xA0\x29\x84\xA1\xF9\xD3\x94\x49\xCB\x24\x62\x91\x20\xBC\xDD\x0B\xD5\xD9\xCC\xF9\xEA\x27\x0A\x2B\x73\x91\xC6\x9D\x1B\xAC\xC8\xCB\xE8\xE0\xA0\xF4\x2F\x90\x8B\x4D\xFB\xB0\x36\x1B\xF6\x19\x7A\x85\xE0\x6D\xF2\x61\x13\x88\x5C\x9F\xE0\x93\x0A\x51\x97\x8A\x5A\xCE\xAF\xAB\xD5\xF7\xAA\x09\xAA\x60\xBD\xDC\xD9\x5F\xDF\x72\xA9\x60\x13\x5E\x00\x01\xC9\x4A\xFA\x3F\xA4\xEA\x07\x03\x21\x02\x8E\x82\xCA\x03\xC2\x9B\x8F\x02\x03\x01\x00\x01\xA3\x81\x9C\x30\x81\x99\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x9B\xE2\x07\x57\x67\x1C\x1E\xC0\x6A\x06\xDE\x59\xB4\x9A\x2D\xDF\xDC\x19\x86\x2E\x30\x36\x06\x03\x55\x1D\x1F\x04\x2F\x30\x2D\x30\x2B\xA0\x29\xA0\x27\x86\x25\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x67\x6C\x6F\x62\x61\x6C\x73\x69\x67\x6E\x2E\x6E\x65\x74\x2F\x72\x6F\x6F\x74\x2D\x72\x32\x2E\x63\x72\x6C\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x9B\xE2\x07\x57\x67\x1C\x1E\xC0\x6A\x06\xDE\x59\xB4\x9A\x2D\xDF\xDC\x19\x86\x2E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x99\x81\x53\x87\x1C\x68\x97\x86\x91\xEC\xE0\x4A\xB8\x44\x0B\xAB\x81\xAC\x27\x4F\xD6\xC1\xB8\x1C\x43\x78\xB3\x0C\x9A\xFC\xEA\x2C\x3C\x6E\x61\x1B\x4D\x4B\x29\xF5\x9F\x05\x1D\x26\xC1\xB8\xE9\x83\x00\x62\x45\xB6\xA9\x08\x93\xB9\xA9\x33\x4B\x18\x9A\xC2\xF8\x87\x88\x4E\xDB\xDD\x71\x34\x1A\xC1\x54\xDA\x46\x3F\xE0\xD3\x2A\xAB\x6D\x54\x22\xF5\x3A\x62\xCD\x20\x6F\xBA\x29\x89\xD7\xDD\x91\xEE\xD3\x5C\xA2\x3E\xA1\x5B\x41\xF5\xDF\xE5\x64\x43\x2D\xE9\xD5\x39\xAB\xD2\xA2\xDF\xB7\x8B\xD0\xC0\x80\x19\x1C\x45\xC0\x2D\x8C\xE8\xF8\x2D\xA4\x74\x56\x49\xC5\x05\xB5\x4F\x15\xDE\x6E\x44\x78\x39\x87\xA8\x7E\xBB\xF3\x79\x18\x91\xBB\xF4\x6F\x9D\xC1\xF0\x8C\x35\x8C\x5D\x01\xFB\xC3\x6D\xB9\xEF\x44\x6D\x79\x46\x31\x7E\x0A\xFE\xA9\x82\xC1\xFF\xEF\xAB\x6E\x20\xC4\x50\xC9\x5F\x9D\x4D\x9B\x17\x8C\x0C\xE5\x01\xC9\xA0\x41\x6A\x73\x53\xFA\xA5\x50\xB4\x6E\x25\x0F\xFB\x4C\x18\xF4\xFD\x52\xD9\x8E\x69\xB1\xE8\x11\x0F\xDE\x88\xD8\xFB\x1D\x49\xF7\xAA\xDE\x95\xCF\x20\x78\xC2\x60\x12\xDB\x25\x40\x8C\x6A\xFC\x7E\x42\x38\x40\x64\x12\xF7\x9E\x81\xE1\x93\x2E",
+	["CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU=(c) 1999 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x04\x1A\x30\x82\x03\x02\x02\x11\x00\x9B\x7E\x06\x49\xA3\x3E\x62\xB9\xD5\xEE\x90\x48\x71\x29\xEF\x57\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x1E\x17\x0D\x39\x39\x31\x30\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCB\xBA\x9C\x52\xFC\x78\x1F\x1A\x1E\x6F\x1B\x37\x73\xBD\xF8\xC9\x6B\x94\x12\x30\x4F\xF0\x36\x47\xF5\xD0\x91\x0A\xF5\x17\xC8\xA5\x61\xC1\x16\x40\x4D\xFB\x8A\x61\x90\xE5\x76\x20\xC1\x11\x06\x7D\xAB\x2C\x6E\xA6\xF5\x11\x41\x8E\xFA\x2D\xAD\x2A\x61\x59\xA4\x67\x26\x4C\xD0\xE8\xBC\x52\x5B\x70\x20\x04\x58\xD1\x7A\xC9\xA4\x69\xBC\x83\x17\x64\xAD\x05\x8B\xBC\xD0\x58\xCE\x8D\x8C\xF5\xEB\xF0\x42\x49\x0B\x9D\x97\x27\x67\x32\x6E\xE1\xAE\x93\x15\x1C\x70\xBC\x20\x4D\x2F\x18\xDE\x92\x88\xE8\x6C\x85\x57\x11\x1A\xE9\x7E\xE3\x26\x11\x54\xA2\x45\x96\x55\x83\xCA\x30\x89\xE8\xDC\xD8\xA3\xED\x2A\x80\x3F\x7F\x79\x65\x57\x3E\x15\x20\x66\x08\x2F\x95\x93\xBF\xAA\x47\x2F\xA8\x46\x97\xF0\x12\xE2\xFE\xC2\x0A\x2B\x51\xE6\x76\xE6\xB7\x46\xB7\xE2\x0D\xA6\xCC\xA8\xC3\x4C\x59\x55\x89\xE6\xE8\x53\x5C\x1C\xEA\x9D\xF0\x62\x16\x0B\xA7\xC9\x5F\x0C\xF0\xDE\xC2\x76\xCE\xAF\xF7\x6A\xF2\xFA\x41\xA6\xA2\x33\x14\xC9\xE5\x7A\x63\xD3\x9E\x62\x37\xD5\x85\x65\x9E\x0E\xE6\x53\x24\x74\x1B\x5E\x1D\x12\x53\x5B\xC7\x2C\xE7\x83\x49\x3B\x15\xAE\x8A\x68\xB9\x57\x97\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x11\x14\x96\xC1\xAB\x92\x08\xF7\x3F\x2F\xC9\xB2\xFE\xE4\x5A\x9F\x64\xDE\xDB\x21\x4F\x86\x99\x34\x76\x36\x57\xDD\xD0\x15\x2F\xC5\xAD\x7F\x15\x1F\x37\x62\x73\x3E\xD4\xE7\x5F\xCE\x17\x03\xDB\x35\xFA\x2B\xDB\xAE\x60\x09\x5F\x1E\x5F\x8F\x6E\xBB\x0B\x3D\xEA\x5A\x13\x1E\x0C\x60\x6F\xB5\xC0\xB5\x23\x22\x2E\x07\x0B\xCB\xA9\x74\xCB\x47\xBB\x1D\xC1\xD7\xA5\x6B\xCC\x2F\xD2\x42\xFD\x49\xDD\xA7\x89\xCF\x53\xBA\xDA\x00\x5A\x28\xBF\x82\xDF\xF8\xBA\x13\x1D\x50\x86\x82\xFD\x8E\x30\x8F\x29\x46\xB0\x1E\x3D\x35\xDA\x38\x62\x16\x18\x4A\xAD\xE6\xB6\x51\x6C\xDE\xAF\x62\xEB\x01\xD0\x1E\x24\xFE\x7A\x8F\x12\x1A\x12\x68\xB8\xFB\x66\x99\x14\x14\x45\x5C\xAE\xE7\xAE\x69\x17\x81\x2B\x5A\x37\xC9\x5E\x2A\xF4\xC6\xE2\xA1\x5C\x54\x9B\xA6\x54\x00\xCF\xF0\xF1\xC1\xC7\x98\x30\x1A\x3B\x36\x16\xDB\xA3\x6E\xEA\xFD\xAD\xB2\xC2\xDA\xEF\x02\x47\x13\x8A\xC0\xF1\xB3\x31\xAD\x4F\x1C\xE1\x4F\x9C\xAF\x0F\x0C\x9D\xF7\x78\x0D\xD8\xF4\x35\x56\x80\xDA\xB7\x6D\x17\x8F\x9D\x1E\x81\x64\xE1\xFE\xC5\x45\xBA\xAD\x6B\xB9\x0A\x7A\x4E\x4F\x4B\x84\xEE\x4B\xF1\x7D\xDD\x11",
+	["CN=VeriSign Class 4 Public Primary Certification Authority - G3,OU=(c) 1999 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x04\x1A\x30\x82\x03\x02\x02\x11\x00\xEC\xA0\xA7\x8B\x6E\x75\x6A\x01\xCF\xC4\x7C\xCC\x2F\x94\x5E\xD7\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x1E\x17\x0D\x39\x39\x31\x30\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAD\xCB\xA5\x11\x69\xC6\x59\xAB\xF1\x8F\xB5\x19\x0F\x56\xCE\xCC\xB5\x1F\x20\xE4\x9E\x26\x25\x4B\xE0\x73\x65\x89\x59\xDE\xD0\x83\xE4\xF5\x0F\xB5\xBB\xAD\xF1\x7C\xE8\x21\xFC\xE4\xE8\x0C\xEE\x7C\x45\x22\x19\x76\x92\xB4\x13\xB7\x20\x5B\x09\xFA\x61\xAE\xA8\xF2\xA5\x8D\x85\xC2\x2A\xD6\xDE\x66\x36\xD2\x9B\x02\xF4\xA8\x92\x60\x7C\x9C\x69\xB4\x8F\x24\x1E\xD0\x86\x52\xF6\x32\x9C\x41\x58\x1E\x22\xBD\xCD\x45\x62\x95\x08\x6E\xD0\x66\xDD\x53\xA2\xCC\xF0\x10\xDC\x54\x73\x8B\x04\xA1\x46\x33\x33\x5C\x17\x40\xB9\x9E\x4D\xD3\xF3\xBE\x55\x83\xE8\xB1\x89\x8E\x5A\x7C\x9A\x96\x22\x90\x3B\x88\x25\xF2\xD2\x53\x88\x02\x0C\x0B\x78\xF2\xE6\x37\x17\x4B\x30\x46\x07\xE4\x80\x6D\xA6\xD8\x96\x2E\xE8\x2C\xF8\x11\xB3\x38\x0D\x66\xA6\x9B\xEA\xC9\x23\x5B\xDB\x8E\xE2\xF3\x13\x8E\x1A\x59\x2D\xAA\x02\xF0\xEC\xA4\x87\x66\xDC\xC1\x3F\xF5\xD8\xB9\xF4\xEC\x82\xC6\xD2\x3D\x95\x1D\xE5\xC0\x4F\x84\xC9\xD9\xA3\x44\x28\x06\x6A\xD7\x45\xAC\xF0\x6B\x6A\xEF\x4E\x5F\xF8\x11\x82\x1E\x38\x63\x34\x66\x50\xD4\x3E\x93\x73\xFA\x30\xC3\x66\xAD\xFF\x93\x2D\x97\xEF\x03\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8F\xFA\x25\x6B\x4F\x5B\xE4\xA4\x4E\x27\x55\xAB\x22\x15\x59\x3C\xCA\xB5\x0A\xD4\x4A\xDB\xAB\xDD\xA1\x5F\x53\xC5\xA0\x57\x39\xC2\xCE\x47\x2B\xBE\x3A\xC8\x56\xBF\xC2\xD9\x27\x10\x3A\xB1\x05\x3C\xC0\x77\x31\xBB\x3A\xD3\x05\x7B\x6D\x9A\x1C\x30\x8C\x80\xCB\x93\x93\x2A\x83\xAB\x05\x51\x82\x02\x00\x11\x67\x6B\xF3\x88\x61\x47\x5F\x03\x93\xD5\x5B\x0D\xE0\xF1\xD4\xA1\x32\x35\x85\xB2\x3A\xDB\xB0\x82\xAB\xD1\xCB\x0A\xBC\x4F\x8C\x5B\xC5\x4B\x00\x3B\x1F\x2A\x82\xA6\x7E\x36\x85\xDC\x7E\x3C\x67\x00\xB5\xE4\x3B\x52\xE0\xA8\xEB\x5D\x15\xF9\xC6\x6D\xF0\xAD\x1D\x0E\x85\xB7\xA9\x9A\x73\x14\x5A\x5B\x8F\x41\x28\xC0\xD5\xE8\x2D\x4D\xA4\x5E\xCD\xAA\xD9\xED\xCE\xDC\xD8\xD5\x3C\x42\x1D\x17\xC1\x12\x5D\x45\x38\xC3\x38\xF3\xFC\x85\x2E\x83\x46\x48\xB2\xD7\x20\x5F\x92\x36\x8F\xE7\x79\x0F\x98\x5E\x99\xE8\xF0\xD0\xA4\xBB\xF5\x53\xBD\x2A\xCE\x59\xB0\xAF\x6E\x7F\x6C\xBB\xD2\x1E\x00\xB0\x21\xED\xF8\x41\x62\x82\xB9\xD8\xB2\xC4\xBB\x46\x50\xF3\x31\xC5\x8F\x01\xA8\x74\xEB\xF5\x78\x27\xDA\xE7\xF7\x66\x43\xF3\x9E\x83\x3E\x20\xAA\xC3\x35\x60\x91\xCE",
+	["CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net"] = "\x30\x82\x04\x2A\x30\x82\x03\x12\xA0\x03\x02\x01\x02\x02\x04\x38\x63\xDE\xF8\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xB4\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x40\x30\x3E\x06\x03\x55\x04\x0B\x14\x37\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x50\x53\x5F\x32\x30\x34\x38\x20\x69\x6E\x63\x6F\x72\x70\x2E\x20\x62\x79\x20\x72\x65\x66\x2E\x20\x28\x6C\x69\x6D\x69\x74\x73\x20\x6C\x69\x61\x62\x2E\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x33\x30\x31\x06\x03\x55\x04\x03\x13\x2A\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x28\x32\x30\x34\x38\x29\x30\x1E\x17\x0D\x39\x39\x31\x32\x32\x34\x31\x37\x35\x30\x35\x31\x5A\x17\x0D\x32\x39\x30\x37\x32\x34\x31\x34\x31\x35\x31\x32\x5A\x30\x81\xB4\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x40\x30\x3E\x06\x03\x55\x04\x0B\x14\x37\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x50\x53\x5F\x32\x30\x34\x38\x20\x69\x6E\x63\x6F\x72\x70\x2E\x20\x62\x79\x20\x72\x65\x66\x2E\x20\x28\x6C\x69\x6D\x69\x74\x73\x20\x6C\x69\x61\x62\x2E\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x33\x30\x31\x06\x03\x55\x04\x03\x13\x2A\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x28\x32\x30\x34\x38\x29\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAD\x4D\x4B\xA9\x12\x86\xB2\xEA\xA3\x20\x07\x15\x16\x64\x2A\x2B\x4B\xD1\xBF\x0B\x4A\x4D\x8E\xED\x80\x76\xA5\x67\xB7\x78\x40\xC0\x73\x42\xC8\x68\xC0\xDB\x53\x2B\xDD\x5E\xB8\x76\x98\x35\x93\x8B\x1A\x9D\x7C\x13\x3A\x0E\x1F\x5B\xB7\x1E\xCF\xE5\x24\x14\x1E\xB1\x81\xA9\x8D\x7D\xB8\xCC\x6B\x4B\x03\xF1\x02\x0C\xDC\xAB\xA5\x40\x24\x00\x7F\x74\x94\xA1\x9D\x08\x29\xB3\x88\x0B\xF5\x87\x77\x9D\x55\xCD\xE4\xC3\x7E\xD7\x6A\x64\xAB\x85\x14\x86\x95\x5B\x97\x32\x50\x6F\x3D\xC8\xBA\x66\x0C\xE3\xFC\xBD\xB8\x49\xC1\x76\x89\x49\x19\xFD\xC0\xA8\xBD\x89\xA3\x67\x2F\xC6\x9F\xBC\x71\x19\x60\xB8\x2D\xE9\x2C\xC9\x90\x76\x66\x7B\x94\xE2\xAF\x78\xD6\x65\x53\x5D\x3C\xD6\x9C\xB2\xCF\x29\x03\xF9\x2F\xA4\x50\xB2\xD4\x48\xCE\x05\x32\x55\x8A\xFD\xB2\x64\x4C\x0E\xE4\x98\x07\x75\xDB\x7F\xDF\xB9\x08\x55\x60\x85\x30\x29\xF9\x7B\x48\xA4\x69\x86\xE3\x35\x3F\x1E\x86\x5D\x7A\x7A\x15\xBD\xEF\x00\x8E\x15\x22\x54\x17\x00\x90\x26\x93\xBC\x0E\x49\x68\x91\xBF\xF8\x47\xD3\x9D\x95\x42\xC1\x0E\x4D\xDF\x6F\x26\xCF\xC3\x18\x21\x62\x66\x43\x70\xD6\xD5\xC0\x07\xE1\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x55\xE4\x81\xD1\x11\x80\xBE\xD8\x89\xB9\x08\xA3\x31\xF9\xA1\x24\x09\x16\xB9\x70\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3B\x9B\x8F\x56\x9B\x30\xE7\x53\x99\x7C\x7A\x79\xA7\x4D\x97\xD7\x19\x95\x90\xFB\x06\x1F\xCA\x33\x7C\x46\x63\x8F\x96\x66\x24\xFA\x40\x1B\x21\x27\xCA\xE6\x72\x73\xF2\x4F\xFE\x31\x99\xFD\xC8\x0C\x4C\x68\x53\xC6\x80\x82\x13\x98\xFA\xB6\xAD\xDA\x5D\x3D\xF1\xCE\x6E\xF6\x15\x11\x94\x82\x0C\xEE\x3F\x95\xAF\x11\xAB\x0F\xD7\x2F\xDE\x1F\x03\x8F\x57\x2C\x1E\xC9\xBB\x9A\x1A\x44\x95\xEB\x18\x4F\xA6\x1F\xCD\x7D\x57\x10\x2F\x9B\x04\x09\x5A\x84\xB5\x6E\xD8\x1D\x3A\xE1\xD6\x9E\xD1\x6C\x79\x5E\x79\x1C\x14\xC5\xE3\xD0\x4C\x93\x3B\x65\x3C\xED\xDF\x3D\xBE\xA6\xE5\x95\x1A\xC3\xB5\x19\xC3\xBD\x5E\x5B\xBB\xFF\x23\xEF\x68\x19\xCB\x12\x93\x27\x5C\x03\x2D\x6F\x30\xD0\x1E\xB6\x1A\xAC\xDE\x5A\xF7\xD1\xAA\xA8\x27\xA6\xFE\x79\x81\xC4\x79\x99\x33\x57\xBA\x12\xB0\xA9\xE0\x42\x6C\x93\xCA\x56\xDE\xFE\x6D\x84\x0B\x08\x8B\x7E\x8D\xEA\xD7\x98\x21\xC6\xF3\xE7\x3C\x79\x2F\x5E\x9C\xD1\x4C\x15\x8D\xE1\xEC\x22\x37\xCC\x9A\x43\x0B\x97\xDC\x80\x90\x8D\xB3\x67\x9B\x6F\x48\x08\x15\x56\xCF\xBF\xF1\x2B\x7C\x5E\x9A\x76\xE9\x59\x90\xC5\x7C\x83\x35\x11\x65\x51",
+	["CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE"] = "\x30\x82\x03\x77\x30\x82\x02\x5F\xA0\x03\x02\x01\x02\x02\x04\x02\x00\x00\xB9\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x45\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x13\x09\x42\x61\x6C\x74\x69\x6D\x6F\x72\x65\x31\x13\x30\x11\x06\x03\x55\x04\x0B\x13\x0A\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x42\x61\x6C\x74\x69\x6D\x6F\x72\x65\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x30\x30\x35\x31\x32\x31\x38\x34\x36\x30\x30\x5A\x17\x0D\x32\x35\x30\x35\x31\x32\x32\x33\x35\x39\x30\x30\x5A\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x45\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x13\x09\x42\x61\x6C\x74\x69\x6D\x6F\x72\x65\x31\x13\x30\x11\x06\x03\x55\x04\x0B\x13\x0A\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x42\x61\x6C\x74\x69\x6D\x6F\x72\x65\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA3\x04\xBB\x22\xAB\x98\x3D\x57\xE8\x26\x72\x9A\xB5\x79\xD4\x29\xE2\xE1\xE8\x95\x80\xB1\xB0\xE3\x5B\x8E\x2B\x29\x9A\x64\xDF\xA1\x5D\xED\xB0\x09\x05\x6D\xDB\x28\x2E\xCE\x62\xA2\x62\xFE\xB4\x88\xDA\x12\xEB\x38\xEB\x21\x9D\xC0\x41\x2B\x01\x52\x7B\x88\x77\xD3\x1C\x8F\xC7\xBA\xB9\x88\xB5\x6A\x09\xE7\x73\xE8\x11\x40\xA7\xD1\xCC\xCA\x62\x8D\x2D\xE5\x8F\x0B\xA6\x50\xD2\xA8\x50\xC3\x28\xEA\xF5\xAB\x25\x87\x8A\x9A\x96\x1C\xA9\x67\xB8\x3F\x0C\xD5\xF7\xF9\x52\x13\x2F\xC2\x1B\xD5\x70\x70\xF0\x8F\xC0\x12\xCA\x06\xCB\x9A\xE1\xD9\xCA\x33\x7A\x77\xD6\xF8\xEC\xB9\xF1\x68\x44\x42\x48\x13\xD2\xC0\xC2\xA4\xAE\x5E\x60\xFE\xB6\xA6\x05\xFC\xB4\xDD\x07\x59\x02\xD4\x59\x18\x98\x63\xF5\xA5\x63\xE0\x90\x0C\x7D\x5D\xB2\x06\x7A\xF3\x85\xEA\xEB\xD4\x03\xAE\x5E\x84\x3E\x5F\xFF\x15\xED\x69\xBC\xF9\x39\x36\x72\x75\xCF\x77\x52\x4D\xF3\xC9\x90\x2C\xB9\x3D\xE5\xC9\x23\x53\x3F\x1F\x24\x98\x21\x5C\x07\x99\x29\xBD\xC6\x3A\xEC\xE7\x6E\x86\x3A\x6B\x97\x74\x63\x33\xBD\x68\x18\x31\xF0\x78\x8D\x76\xBF\xFC\x9E\x8E\x5D\x2A\x86\xA7\x4D\x90\xDC\x27\x1A\x39\x02\x03\x01\x00\x01\xA3\x45\x30\x43\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE5\x9D\x59\x30\x82\x47\x58\xCC\xAC\xFA\x08\x54\x36\x86\x7B\x3A\xB5\x04\x4D\xF0\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x03\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x85\x0C\x5D\x8E\xE4\x6F\x51\x68\x42\x05\xA0\xDD\xBB\x4F\x27\x25\x84\x03\xBD\xF7\x64\xFD\x2D\xD7\x30\xE3\xA4\x10\x17\xEB\xDA\x29\x29\xB6\x79\x3F\x76\xF6\x19\x13\x23\xB8\x10\x0A\xF9\x58\xA4\xD4\x61\x70\xBD\x04\x61\x6A\x12\x8A\x17\xD5\x0A\xBD\xC5\xBC\x30\x7C\xD6\xE9\x0C\x25\x8D\x86\x40\x4F\xEC\xCC\xA3\x7E\x38\xC6\x37\x11\x4F\xED\xDD\x68\x31\x8E\x4C\xD2\xB3\x01\x74\xEE\xBE\x75\x5E\x07\x48\x1A\x7F\x70\xFF\x16\x5C\x84\xC0\x79\x85\xB8\x05\xFD\x7F\xBE\x65\x11\xA3\x0F\xC0\x02\xB4\xF8\x52\x37\x39\x04\xD5\xA9\x31\x7A\x18\xBF\xA0\x2A\xF4\x12\x99\xF7\xA3\x45\x82\xE3\x3C\x5E\xF5\x9D\x9E\xB5\xC8\x9E\x7C\x2E\xC8\xA4\x9E\x4E\x08\x14\x4B\x6D\xFD\x70\x6D\x6B\x1A\x63\xBD\x64\xE6\x1F\xB7\xCE\xF0\xF2\x9F\x2E\xBB\x1B\xB7\xF2\x50\x88\x73\x92\xC2\xE2\xE3\x16\x8D\x9A\x32\x02\xAB\x8E\x18\xDD\xE9\x10\x11\xEE\x7E\x35\xAB\x90\xAF\x3E\x30\x94\x7A\xD0\x33\x3D\xA7\x65\x0F\xF5\xFC\x8E\x9E\x62\xCF\x47\x44\x2C\x01\x5D\xBB\x1D\xB5\x32\xD2\x47\xD2\x38\x2E\xD0\xFE\x81\xDC\x32\x6A\x1E\xB5\xEE\x3C\xD5\xFC\xE7\x81\x1D\x19\xC3\x24\x42\xEA\x63\x39\xA9",
+	["CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US"] = "\x30\x82\x02\x90\x30\x82\x01\xF9\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6E\x63\x2E\x31\x2D\x30\x2B\x06\x03\x55\x04\x03\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x47\x6C\x6F\x62\x61\x6C\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x31\x30\x1E\x17\x0D\x39\x39\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5A\x17\x0D\x32\x30\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5A\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6E\x63\x2E\x31\x2D\x30\x2B\x06\x03\x55\x04\x03\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x47\x6C\x6F\x62\x61\x6C\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x31\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xBA\xE7\x17\x90\x02\x65\xB1\x34\x55\x3C\x49\xC2\x51\xD5\xDF\xA7\xD1\x37\x8F\xD1\xE7\x81\x73\x41\x52\x60\x9B\x9D\xA1\x17\x26\x78\xAD\xC7\xB1\xE8\x26\x94\x32\xB5\xDE\x33\x8D\x3A\x2F\xDB\xF2\x9A\x7A\x5A\x73\x98\xA3\x5C\xE9\xFB\x8A\x73\x1B\x5C\xE7\xC3\xBF\x80\x6C\xCD\xA9\xF4\xD6\x2B\xC0\xF7\xF9\x99\xAA\x63\xA2\xB1\x47\x02\x0F\xD4\xE4\x51\x3A\x12\x3C\x6C\x8A\x5A\x54\x84\x70\xDB\xC1\xC5\x90\xCF\x72\x45\xCB\xA8\x59\xC0\xCD\x33\x9D\x3F\xA3\x96\xEB\x85\x33\x21\x1C\x3E\x1E\x3E\x60\x6E\x76\x9C\x67\x85\xC5\xC8\xC3\x61\x02\x03\x01\x00\x01\xA3\x66\x30\x64\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xBE\xA8\xA0\x74\x72\x50\x6B\x44\xB7\xC9\x23\xD8\xFB\xA8\xFF\xB3\x57\x6B\x68\x6C\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xBE\xA8\xA0\x74\x72\x50\x6B\x44\xB7\xC9\x23\xD8\xFB\xA8\xFF\xB3\x57\x6B\x68\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x30\xE2\x01\x51\xAA\xC7\xEA\x5F\xDA\xB9\xD0\x65\x0F\x30\xD6\x3E\xDA\x0D\x14\x49\x6E\x91\x93\x27\x14\x31\xEF\xC4\xF7\x2D\x45\xF8\xEC\xC7\xBF\xA2\x41\x0D\x23\xB4\x92\xF9\x19\x00\x67\xBD\x01\xAF\xCD\xE0\x71\xFC\x5A\xCF\x64\xC4\xE0\x96\x98\xD0\xA3\x40\xE2\x01\x8A\xEF\x27\x07\xF1\x65\x01\x8A\x44\x2D\x06\x65\x75\x52\xC0\x86\x10\x20\x21\x5F\x6C\x6B\x0F\x6C\xAE\x09\x1C\xAF\xF2\xA2\x18\x34\xC4\x75\xA4\x73\x1C\xF1\x8D\xDC\xEF\xAD\xF9\xB3\x76\xB4\x92\xBF\xDC\x95\x10\x1E\xBE\xCB\xC8\x3B\x5A\x84\x60\x19\x56\x94\xA9\x55",
+	["CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US"] = "\x30\x82\x02\x82\x30\x82\x01\xEB\xA0\x03\x02\x01\x02\x02\x01\x04\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6E\x63\x2E\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x31\x30\x1E\x17\x0D\x39\x39\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5A\x17\x0D\x32\x30\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5A\x30\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6E\x63\x2E\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x31\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xCE\x2F\x19\xBC\x17\xB7\x77\xDE\x93\xA9\x5F\x5A\x0D\x17\x4F\x34\x1A\x0C\x98\xF4\x22\xD9\x59\xD4\xC4\x68\x46\xF0\xB4\x35\xC5\x85\x03\x20\xC6\xAF\x45\xA5\x21\x51\x45\x41\xEB\x16\x58\x36\x32\x6F\xE2\x50\x62\x64\xF9\xFD\x51\x9C\xAA\x24\xD9\xF4\x9D\x83\x2A\x87\x0A\x21\xD3\x12\x38\x34\x6C\x8D\x00\x6E\x5A\xA0\xD9\x42\xEE\x1A\x21\x95\xF9\x52\x4C\x55\x5A\xC5\x0F\x38\x4F\x46\xFA\x6D\xF8\x2E\x35\xD6\x1D\x7C\xEB\xE2\xF0\xB0\x75\x80\xC8\xA9\x13\xAC\xBE\x88\xEF\x3A\x6E\xAB\x5F\x2A\x38\x62\x02\xB0\x12\x7B\xFE\x8F\xA6\x03\x02\x03\x01\x00\x01\xA3\x66\x30\x64\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x4A\x78\x32\x52\x11\xDB\x59\x16\x36\x5E\xDF\xC1\x14\x36\x40\x6A\x47\x7C\x4C\xA1\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4A\x78\x32\x52\x11\xDB\x59\x16\x36\x5E\xDF\xC1\x14\x36\x40\x6A\x47\x7C\x4C\xA1\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x75\x5B\xA8\x9B\x03\x11\xE6\xE9\x56\x4C\xCD\xF9\xA9\x4C\xC0\x0D\x9A\xF3\xCC\x65\x69\xE6\x25\x76\xCC\x59\xB7\xD6\x54\xC3\x1D\xCD\x99\xAC\x19\xDD\xB4\x85\xD5\xE0\x3D\xFC\x62\x20\xA7\x84\x4B\x58\x65\xF1\xE2\xF9\x95\x21\x3F\xF5\xD4\x7E\x58\x1E\x47\x87\x54\x3E\x58\xA1\xB5\xB5\xF8\x2A\xEF\x71\xE7\xBC\xC3\xF6\xB1\x49\x46\xE2\xD7\xA0\x6B\xE5\x56\x7A\x9A\x27\x98\x7C\x46\x62\x14\xE7\xC9\xFC\x6E\x03\x12\x79\x80\x38\x1D\x48\x82\x8D\xFC\x17\xFE\x2A\x96\x2B\xB5\x62\xA6\xA6\x3D\xBD\x7F\x92\x59\xCD\x5A\x2A\x82\xB2\x37\x79",
+	["CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE"] = "\x30\x82\x04\x18\x30\x82\x03\x00\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6C\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x30\x30\x35\x33\x30\x31\x30\x33\x38\x33\x31\x5A\x17\x0D\x32\x30\x30\x35\x33\x30\x31\x30\x33\x38\x33\x31\x5A\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6C\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x96\x96\xD4\x21\x49\x60\xE2\x6B\xE8\x41\x07\x0C\xDE\xC4\xE0\xDC\x13\x23\xCD\xC1\x35\xC7\xFB\xD6\x4E\x11\x0A\x67\x5E\xF5\x06\x5B\x6B\xA5\x08\x3B\x5B\x29\x16\x3A\xE7\x87\xB2\x34\x06\xC5\xBC\x05\xA5\x03\x7C\x82\xCB\x29\x10\xAE\xE1\x88\x81\xBD\xD6\x9E\xD3\xFE\x2D\x56\xC1\x15\xCE\xE3\x26\x9D\x15\x2E\x10\xFB\x06\x8F\x30\x04\xDE\xA7\xB4\x63\xB4\xFF\xB1\x9C\xAE\x3C\xAF\x77\xB6\x56\xC5\xB5\xAB\xA2\xE9\x69\x3A\x3D\x0E\x33\x79\x32\x3F\x70\x82\x92\x99\x61\x6D\x8D\x30\x08\x8F\x71\x3F\xA6\x48\x57\x19\xF8\x25\xDC\x4B\x66\x5C\xA5\x74\x8F\x98\xAE\xC8\xF9\xC0\x06\x22\xE7\xAC\x73\xDF\xA5\x2E\xFB\x52\xDC\xB1\x15\x65\x20\xFA\x35\x66\x69\xDE\xDF\x2C\xF1\x6E\xBC\x30\xDB\x2C\x24\x12\xDB\xEB\x35\x35\x68\x90\xCB\x00\xB0\x97\x21\x3D\x74\x21\x23\x65\x34\x2B\xBB\x78\x59\xA3\xD6\xE1\x76\x39\x9A\xA4\x49\x8E\x8C\x74\xAF\x6E\xA4\x9A\xA3\xD9\x9B\xD2\x38\x5C\x9B\xA2\x18\xCC\x75\x23\x84\xBE\xEB\xE2\x4D\x33\x71\x8E\x1A\xF0\xC2\xF8\xC7\x1D\xA2\xAD\x03\x97\x2C\xF8\xCF\x25\xC6\xF6\xB8\x24\x31\xB1\x63\x5D\x92\x7F\x63\xF0\x25\xC9\x53\x2E\x1F\xBF\x4D\x02\x03\x01\x00\x01\xA3\x81\xD2\x30\x81\xCF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x95\xB1\xB4\xF0\x94\xB6\xBD\xC7\xDA\xD1\x11\x09\x21\xBE\xC1\xAF\x49\xFD\x10\x7B\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x8F\x06\x03\x55\x1D\x23\x04\x81\x87\x30\x81\x84\x80\x14\x95\xB1\xB4\xF0\x94\xB6\xBD\xC7\xDA\xD1\x11\x09\x21\xBE\xC1\xAF\x49\xFD\x10\x7B\xA1\x69\xA4\x67\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6C\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6F\x6F\x74\x82\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x2C\x6D\x64\x1B\x1F\xCD\x0D\xDD\xB9\x01\xFA\x96\x63\x34\x32\x48\x47\x99\xAE\x97\xED\xFD\x72\x16\xA6\x73\x47\x5A\xF4\xEB\xDD\xE9\xF5\xD6\xFB\x45\xCC\x29\x89\x44\x5D\xBF\x46\x39\x3D\xE8\xEE\xBC\x4D\x54\x86\x1E\x1D\x6C\xE3\x17\x27\x43\xE1\x89\x56\x2B\xA9\x6F\x72\x4E\x49\x33\xE3\x72\x7C\x2A\x23\x9A\xBC\x3E\xFF\x28\x2A\xED\xA3\xFF\x1C\x23\xBA\x43\x57\x09\x67\x4D\x4B\x62\x06\x2D\xF8\xFF\x6C\x9D\x60\x1E\xD8\x1C\x4B\x7D\xB5\x31\x2F\xD9\xD0\x7C\x5D\xF8\xDE\x6B\x83\x18\x78\x37\x57\x2F\xE8\x33\x07\x67\xDF\x1E\xC7\x6B\x2A\x95\x76\xAE\x8F\x57\xA3\xF0\xF4\x52\xB4\xA9\x53\x08\xCF\xE0\x4F\xD3\x7A\x53\x8B\xFD\xBB\x1C\x56\x36\xF2\xFE\xB2\xB6\xE5\x76\xBB\xD5\x22\x65\xA7\x3F\xFE\xD1\x66\xAD\x0B\xBC\x6B\x99\x86\xEF\x3F\x7D\xF3\x18\x32\xCA\x7B\xC6\xE3\xAB\x64\x46\x95\xF8\x26\x69\xD9\x55\x83\x7B\x2C\x96\x07\xFF\x59\x2C\x44\xA3\xC6\xE5\xE9\xA9\xDC\xA1\x63\x80\x5A\x21\x5E\x21\xCF\x53\x54\xF0\xBA\x6F\x89\xDB\xA8\xAA\x95\xCF\x8B\xE3\x71\xCC\x1E\x1B\x20\x44\x08\xC0\x7A\xB6\x40\xFD\xC4\xE4\x35\xE1\x1D\x16\x1C\xD0\xBC\x2B\x8E\xD6\x71\xD9",
+	["CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE"] = "\x30\x82\x04\x36\x30\x82\x03\x1E\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x30\x30\x35\x33\x30\x31\x30\x34\x38\x33\x38\x5A\x17\x0D\x32\x30\x30\x35\x33\x30\x31\x30\x34\x38\x33\x38\x5A\x30\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB7\xF7\x1A\x33\xE6\xF2\x00\x04\x2D\x39\xE0\x4E\x5B\xED\x1F\xBC\x6C\x0F\xCD\xB5\xFA\x23\xB6\xCE\xDE\x9B\x11\x33\x97\xA4\x29\x4C\x7D\x93\x9F\xBD\x4A\xBC\x93\xED\x03\x1A\xE3\x8F\xCF\xE5\x6D\x50\x5A\xD6\x97\x29\x94\x5A\x80\xB0\x49\x7A\xDB\x2E\x95\xFD\xB8\xCA\xBF\x37\x38\x2D\x1E\x3E\x91\x41\xAD\x70\x56\xC7\xF0\x4F\x3F\xE8\x32\x9E\x74\xCA\xC8\x90\x54\xE9\xC6\x5F\x0F\x78\x9D\x9A\x40\x3C\x0E\xAC\x61\xAA\x5E\x14\x8F\x9E\x87\xA1\x6A\x50\xDC\xD7\x9A\x4E\xAF\x05\xB3\xA6\x71\x94\x9C\x71\xB3\x50\x60\x0A\xC7\x13\x9D\x38\x07\x86\x02\xA8\xE9\xA8\x69\x26\x18\x90\xAB\x4C\xB0\x4F\x23\xAB\x3A\x4F\x84\xD8\xDF\xCE\x9F\xE1\x69\x6F\xBB\xD7\x42\xD7\x6B\x44\xE4\xC7\xAD\xEE\x6D\x41\x5F\x72\x5A\x71\x08\x37\xB3\x79\x65\xA4\x59\xA0\x94\x37\xF7\x00\x2F\x0D\xC2\x92\x72\xDA\xD0\x38\x72\xDB\x14\xA8\x45\xC4\x5D\x2A\x7D\xB7\xB4\xD6\xC4\xEE\xAC\xCD\x13\x44\xB7\xC9\x2B\xDD\x43\x00\x25\xFA\x61\xB9\x69\x6A\x58\x23\x11\xB7\xA7\x33\x8F\x56\x75\x59\xF5\xCD\x29\xD7\x46\xB7\x0A\x2B\x65\xB6\xD3\x42\x6F\x15\xB2\xB8\x7B\xFB\xEF\xE9\x5D\x53\xD5\x34\x5A\x27\x02\x03\x01\x00\x01\xA3\x81\xDC\x30\x81\xD9\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xAD\xBD\x98\x7A\x34\xB4\x26\xF7\xFA\xC4\x26\x54\xEF\x03\xBD\xE0\x24\xCB\x54\x1A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x99\x06\x03\x55\x1D\x23\x04\x81\x91\x30\x81\x8E\x80\x14\xAD\xBD\x98\x7A\x34\xB4\x26\xF7\xFA\xC4\x26\x54\xEF\x03\xBD\xE0\x24\xCB\x54\x1A\xA1\x73\xA4\x71\x30\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x43\x41\x20\x52\x6F\x6F\x74\x82\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xB0\x9B\xE0\x85\x25\xC2\xD6\x23\xE2\x0F\x96\x06\x92\x9D\x41\x98\x9C\xD9\x84\x79\x81\xD9\x1E\x5B\x14\x07\x23\x36\x65\x8F\xB0\xD8\x77\xBB\xAC\x41\x6C\x47\x60\x83\x51\xB0\xF9\x32\x3D\xE7\xFC\xF6\x26\x13\xC7\x80\x16\xA5\xBF\x5A\xFC\x87\xCF\x78\x79\x89\x21\x9A\xE2\x4C\x07\x0A\x86\x35\xBC\xF2\xDE\x51\xC4\xD2\x96\xB7\xDC\x7E\x4E\xEE\x70\xFD\x1C\x39\xEB\x0C\x02\x51\x14\x2D\x8E\xBD\x16\xE0\xC1\xDF\x46\x75\xE7\x24\xAD\xEC\xF4\x42\xB4\x85\x93\x70\x10\x67\xBA\x9D\x06\x35\x4A\x18\xD3\x2B\x7A\xCC\x51\x42\xA1\x7A\x63\xD1\xE6\xBB\xA1\xC5\x2B\xC2\x36\xBE\x13\x0D\xE6\xBD\x63\x7E\x79\x7B\xA7\x09\x0D\x40\xAB\x6A\xDD\x8F\x8A\xC3\xF6\xF6\x8C\x1A\x42\x05\x51\xD4\x45\xF5\x9F\xA7\x62\x21\x68\x15\x20\x43\x3C\x99\xE7\x7C\xBD\x24\xD8\xA9\x91\x17\x73\x88\x3F\x56\x1B\x31\x38\x18\xB4\x71\x0F\x9A\xCD\xC8\x0E\x9E\x8E\x2E\x1B\xE1\x8C\x98\x83\xCB\x1F\x31\xF1\x44\x4C\xC6\x04\x73\x49\x76\x60\x0F\xC7\xF8\xBD\x17\x80\x6B\x2E\xE9\xCC\x4C\x0E\x5A\x9A\x79\x0F\x20\x0A\x2E\xD5\x9E\x63\x26\x1E\x55\x92\x94\xD8\x82\x17\x5A\x7B\xD0\xBC\xC7\x8F\x4E\x86\x04",
+	["CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE"] = "\x30\x82\x04\x15\x30\x82\x02\xFD\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6C\x69\x63\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x30\x30\x35\x33\x30\x31\x30\x34\x31\x35\x30\x5A\x17\x0D\x32\x30\x30\x35\x33\x30\x31\x30\x34\x31\x35\x30\x5A\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6C\x69\x63\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xE9\x1A\x30\x8F\x83\x88\x14\xC1\x20\xD8\x3C\x9B\x8F\x1B\x7E\x03\x74\xBB\xDA\x69\xD3\x46\xA5\xF8\x8E\xC2\x0C\x11\x90\x51\xA5\x2F\x66\x54\x40\x55\xEA\xDB\x1F\x4A\x56\xEE\x9F\x23\x6E\xF4\x39\xCB\xA1\xB9\x6F\xF2\x7E\xF9\x5D\x87\x26\x61\x9E\x1C\xF8\xE2\xEC\xA6\x81\xF8\x21\xC5\x24\xCC\x11\x0C\x3F\xDB\x26\x72\x7A\xC7\x01\x97\x07\x17\xF9\xD7\x18\x2C\x30\x7D\x0E\x7A\x1E\x62\x1E\xC6\x4B\xC0\xFD\x7D\x62\x77\xD3\x44\x1E\x27\xF6\x3F\x4B\x44\xB3\xB7\x38\xD9\x39\x1F\x60\xD5\x51\x92\x73\x03\xB4\x00\x69\xE3\xF3\x14\x4E\xEE\xD1\xDC\x09\xCF\x77\x34\x46\x50\xB0\xF8\x11\xF2\xFE\x38\x79\xF7\x07\x39\xFE\x51\x92\x97\x0B\x5B\x08\x5F\x34\x86\x01\xAD\x88\x97\xEB\x66\xCD\x5E\xD1\xFF\xDC\x7D\xF2\x84\xDA\xBA\x77\xAD\xDC\x80\x08\xC7\xA7\x87\xD6\x55\x9F\x97\x6A\xE8\xC8\x11\x64\xBA\xE7\x19\x29\x3F\x11\xB3\x78\x90\x84\x20\x52\x5B\x11\xEF\x78\xD0\x83\xF6\xD5\x48\x90\xD0\x30\x1C\xCF\x80\xF9\x60\xFE\x79\xE4\x88\xF2\xDD\x00\xEB\x94\x45\xEB\x65\x94\x69\x40\xBA\xC0\xD5\xB4\xB8\xBA\x7D\x04\x11\xA8\xEB\x31\x05\x96\x94\x4E\x58\x21\x8E\x9F\xD0\x60\xFD\x02\x03\x01\x00\x01\xA3\x81\xD1\x30\x81\xCE\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x81\x3E\x37\xD8\x92\xB0\x1F\x77\x9F\x5C\xB4\xAB\x73\xAA\xE7\xF6\x34\x60\x2F\xFA\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x8E\x06\x03\x55\x1D\x23\x04\x81\x86\x30\x81\x83\x80\x14\x81\x3E\x37\xD8\x92\xB0\x1F\x77\x9F\x5C\xB4\xAB\x73\xAA\xE7\xF6\x34\x60\x2F\xFA\xA1\x68\xA4\x66\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6C\x69\x63\x20\x43\x41\x20\x52\x6F\x6F\x74\x82\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xF7\x15\x4A\xF8\x24\xDA\x23\x56\x16\x93\x76\xDD\x36\x28\xB9\xAE\x1B\xB8\xC3\xF1\x64\xBA\x20\x18\x78\x95\x29\x27\x57\x05\xBC\x7C\x2A\xF4\xB9\x51\x55\xDA\x87\x02\xDE\x0F\x16\x17\x31\xF8\xAA\x79\x2E\x09\x13\xBB\xAF\xB2\x20\x19\x12\xE5\x93\xF9\x4B\xF9\x83\xE8\x44\xD5\xB2\x41\x25\xBF\x88\x75\x6F\xFF\x10\xFC\x4A\x54\xD0\x5F\xF0\xFA\xEF\x36\x73\x7D\x1B\x36\x45\xC6\x21\x6D\xB4\x15\xB8\x4E\xCF\x9C\x5C\xA5\x3D\x5A\x00\x8E\x06\xE3\x3C\x6B\x32\x7B\xF2\x9F\xF0\xB6\xFD\xDF\xF0\x28\x18\x48\xF0\xC6\xBC\xD0\xBF\x34\x80\x96\xC2\x4A\xB1\x6D\x8E\xC7\x90\x45\xDE\x2F\x67\xAC\x45\x04\xA3\x7A\xDC\x55\x92\xC9\x47\x66\xD8\x1A\x8C\xC7\xED\x9C\x4E\x9A\xE0\x12\xBB\xB5\x6A\x4C\x84\xE1\xE1\x22\x0D\x87\x00\x64\xFE\x8C\x7D\x62\x39\x65\xA6\xEF\x42\xB6\x80\x25\x12\x61\x01\xA8\x24\x13\x70\x00\x11\x26\x5F\xFA\x35\x50\xC5\x48\xCC\x06\x47\xE8\x27\xD8\x70\x8D\x5F\x64\xE6\xA1\x44\x26\x5E\x22\xEC\x92\xCD\xFF\x42\x9A\x44\x21\x6D\x5C\xC5\xE3\x22\x1D\x5F\x47\x12\xE7\xCE\x5F\x5D\xFA\xD8\xAA\xB1\x33\x2D\xD9\x76\xF2\x4E\x3A\x33\x0C\x2B\xB3\x2D\x90\x06",
+	["CN=AddTrust Qualified CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE"] = "\x30\x82\x04\x1E\x30\x82\x03\x06\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1A\x41\x64\x64\x54\x72\x75\x73\x74\x20\x51\x75\x61\x6C\x69\x66\x69\x65\x64\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x30\x30\x35\x33\x30\x31\x30\x34\x34\x35\x30\x5A\x17\x0D\x32\x30\x30\x35\x33\x30\x31\x30\x34\x34\x35\x30\x5A\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1A\x41\x64\x64\x54\x72\x75\x73\x74\x20\x51\x75\x61\x6C\x69\x66\x69\x65\x64\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xE4\x1E\x9A\xFE\xDC\x09\x5A\x87\xA4\x9F\x47\xBE\x11\x5F\xAF\x84\x34\xDB\x62\x3C\x79\x78\xB7\xE9\x30\xB5\xEC\x0C\x1C\x2A\xC4\x16\xFF\xE0\xEC\x71\xEB\x8A\xF5\x11\x6E\xED\x4F\x0D\x91\xD2\x12\x18\x2D\x49\x15\x01\xC2\xA4\x22\x13\xC7\x11\x64\xFF\x22\x12\x9A\xB9\x8E\x5C\x2F\x08\xCF\x71\x6A\xB3\x67\x01\x59\xF1\x5D\x46\xF3\xB0\x78\xA5\xF6\x0E\x42\x7A\xE3\x7F\x1B\xCC\xD0\xF0\xB7\x28\xFD\x2A\xEA\x9E\xB3\xB0\xB9\x04\xAA\xFD\xF6\xC7\xB4\xB1\xB8\x2A\xA0\xFB\x58\xF1\x19\xA0\x6F\x70\x25\x7E\x3E\x69\x4A\x7F\x0F\x22\xD8\xEF\xAD\x08\x11\x9A\x29\x99\xE1\xAA\x44\x45\x9A\x12\x5E\x3E\x9D\x6D\x52\xFC\xE7\xA0\x3D\x68\x2F\xF0\x4B\x70\x7C\x13\x38\xAD\xBC\x15\x25\xF1\xD6\xCE\xAB\xA2\xC0\x31\xD6\x2F\x9F\xE0\xFF\x14\x59\xFC\x84\x93\xD9\x87\x7C\x4C\x54\x13\xEB\x9F\xD1\x2D\x11\xF8\x18\x3A\x3A\xDE\x25\xD9\xF7\xD3\x40\xED\xA4\x06\x12\xC4\x3B\xE1\x91\xC1\x56\x35\xF0\x14\xDC\x65\x36\x09\x6E\xAB\xA4\x07\xC7\x35\xD1\xC2\x03\x33\x36\x5B\x75\x26\x6D\x42\xF1\x12\x6B\x43\x6F\x4B\x71\x94\xFA\x34\x1D\xED\x13\x6E\xCA\x80\x7F\x98\x2F\x6C\xB9\x65\xD8\xE9\x02\x03\x01\x00\x01\xA3\x81\xD4\x30\x81\xD1\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x39\x95\x8B\x62\x8B\x5C\xC9\xD4\x80\xBA\x58\x0F\x97\x3F\x15\x08\x43\xCC\x98\xA7\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x91\x06\x03\x55\x1D\x23\x04\x81\x89\x30\x81\x86\x80\x14\x39\x95\x8B\x62\x8B\x5C\xC9\xD4\x80\xBA\x58\x0F\x97\x3F\x15\x08\x43\xCC\x98\xA7\xA1\x6B\xA4\x69\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1A\x41\x64\x64\x54\x72\x75\x73\x74\x20\x51\x75\x61\x6C\x69\x66\x69\x65\x64\x20\x43\x41\x20\x52\x6F\x6F\x74\x82\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x19\xAB\x75\xEA\xF8\x8B\x65\x61\x95\x13\xBA\x69\x04\xEF\x86\xCA\x13\xA0\xC7\xAA\x4F\x64\x1B\x3F\x18\xF6\xA8\x2D\x2C\x55\x8F\x05\xB7\x30\xEA\x42\x6A\x1D\xC0\x25\x51\x2D\xA7\xBF\x0C\xB3\xED\xEF\x08\x7F\x6C\x3C\x46\x1A\xEA\x18\x43\xDF\x76\xCC\xF9\x66\x86\x9C\x2C\x68\xF5\xE9\x17\xF8\x31\xB3\x18\xC4\xD6\x48\x7D\x23\x4C\x68\xC1\x7E\xBB\x01\x14\x6F\xC5\xD9\x6E\xDE\xBB\x04\x42\x6A\xF8\xF6\x5C\x7D\xE5\xDA\xFA\x87\xEB\x0D\x35\x52\x67\xD0\x9E\x97\x76\x05\x93\x3F\x95\xC7\x01\xE6\x69\x55\x38\x7F\x10\x61\x99\xC9\xE3\x5F\xA6\xCA\x3E\x82\x63\x48\xAA\xE2\x08\x48\x3E\xAA\xF2\xB2\x85\x62\xA6\xB4\xA7\xD9\xBD\x37\x9C\x68\xB5\x2D\x56\x7D\xB0\xB7\x3F\xA0\xB1\x07\xD6\xE9\x4F\xDC\xDE\x45\x71\x30\x32\x7F\x1B\x2E\x09\xF9\xBF\x52\xA1\xEE\xC2\x80\x3E\x06\x5C\x2E\x55\x40\xC1\x1B\xF5\x70\x45\xB0\xDC\x5D\xFA\xF6\x72\x5A\x77\xD2\x63\xCD\xCF\x58\x89\x00\x42\x63\x3F\x79\x39\xD0\x44\xB0\x82\x6E\x41\x19\xE8\xDD\xE0\xC1\x88\x5A\xD1\x1E\x71\x93\x1F\x24\x30\x74\xE5\x1E\xA8\xDE\x3C\x27\x37\x7F\x83\xAE\x9E\x77\xCF\xF0\x30\xB1\xFF\x4B\x99\xE8\xC6\xA1",
+	["CN=Entrust Root Certification Authority,OU=(c) 2006 Entrust\, Inc.,OU=www.entrust.net/CPS is incorporated by reference,O=Entrust\, Inc.,C=US"] = "\x30\x82\x04\x91\x30\x82\x03\x79\xA0\x03\x02\x01\x02\x02\x04\x45\x6B\x50\x54\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xB0\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x45\x6E\x74\x72\x75\x73\x74\x2C\x20\x49\x6E\x63\x2E\x31\x39\x30\x37\x06\x03\x55\x04\x0B\x13\x30\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x50\x53\x20\x69\x73\x20\x69\x6E\x63\x6F\x72\x70\x6F\x72\x61\x74\x65\x64\x20\x62\x79\x20\x72\x65\x66\x65\x72\x65\x6E\x63\x65\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x28\x63\x29\x20\x32\x30\x30\x36\x20\x45\x6E\x74\x72\x75\x73\x74\x2C\x20\x49\x6E\x63\x2E\x31\x2D\x30\x2B\x06\x03\x55\x04\x03\x13\x24\x45\x6E\x74\x72\x75\x73\x74\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x36\x31\x31\x32\x37\x32\x30\x32\x33\x34\x32\x5A\x17\x0D\x32\x36\x31\x31\x32\x37\x32\x30\x35\x33\x34\x32\x5A\x30\x81\xB0\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x45\x6E\x74\x72\x75\x73\x74\x2C\x20\x49\x6E\x63\x2E\x31\x39\x30\x37\x06\x03\x55\x04\x0B\x13\x30\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x50\x53\x20\x69\x73\x20\x69\x6E\x63\x6F\x72\x70\x6F\x72\x61\x74\x65\x64\x20\x62\x79\x20\x72\x65\x66\x65\x72\x65\x6E\x63\x65\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x28\x63\x29\x20\x32\x30\x30\x36\x20\x45\x6E\x74\x72\x75\x73\x74\x2C\x20\x49\x6E\x63\x2E\x31\x2D\x30\x2B\x06\x03\x55\x04\x03\x13\x24\x45\x6E\x74\x72\x75\x73\x74\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB6\x95\xB6\x43\x42\xFA\xC6\x6D\x2A\x6F\x48\xDF\x94\x4C\x39\x57\x05\xEE\xC3\x79\x11\x41\x68\x36\xED\xEC\xFE\x9A\x01\x8F\xA1\x38\x28\xFC\xF7\x10\x46\x66\x2E\x4D\x1E\x1A\xB1\x1A\x4E\xC6\xD1\xC0\x95\x88\xB0\xC9\xFF\x31\x8B\x33\x03\xDB\xB7\x83\x7B\x3E\x20\x84\x5E\xED\xB2\x56\x28\xA7\xF8\xE0\xB9\x40\x71\x37\xC5\xCB\x47\x0E\x97\x2A\x68\xC0\x22\x95\x62\x15\xDB\x47\xD9\xF5\xD0\x2B\xFF\x82\x4B\xC9\xAD\x3E\xDE\x4C\xDB\x90\x80\x50\x3F\x09\x8A\x84\x00\xEC\x30\x0A\x3D\x18\xCD\xFB\xFD\x2A\x59\x9A\x23\x95\x17\x2C\x45\x9E\x1F\x6E\x43\x79\x6D\x0C\x5C\x98\xFE\x48\xA7\xC5\x23\x47\x5C\x5E\xFD\x6E\xE7\x1E\xB4\xF6\x68\x45\xD1\x86\x83\x5B\xA2\x8A\x8D\xB1\xE3\x29\x80\xFE\x25\x71\x88\xAD\xBE\xBC\x8F\xAC\x52\x96\x4B\xAA\x51\x8D\xE4\x13\x31\x19\xE8\x4E\x4D\x9F\xDB\xAC\xB3\x6A\xD5\xBC\x39\x54\x71\xCA\x7A\x7A\x7F\x90\xDD\x7D\x1D\x80\xD9\x81\xBB\x59\x26\xC2\x11\xFE\xE6\x93\xE2\xF7\x80\xE4\x65\xFB\x34\x37\x0E\x29\x80\x70\x4D\xAF\x38\x86\x2E\x9E\x7F\x57\xAF\x9E\x17\xAE\xEB\x1C\xCB\x28\x21\x5F\xB6\x1C\xD8\xE7\xA2\x04\x22\xF9\xD3\xDA\xD8\xCB\x02\x03\x01\x00\x01\xA3\x81\xB0\x30\x81\xAD\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x2B\x06\x03\x55\x1D\x10\x04\x24\x30\x22\x80\x0F\x32\x30\x30\x36\x31\x31\x32\x37\x32\x30\x32\x33\x34\x32\x5A\x81\x0F\x32\x30\x32\x36\x31\x31\x32\x37\x32\x30\x35\x33\x34\x32\x5A\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x68\x90\xE4\x67\xA4\xA6\x53\x80\xC7\x86\x66\xA4\xF1\xF7\x4B\x43\xFB\x84\xBD\x6D\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x68\x90\xE4\x67\xA4\xA6\x53\x80\xC7\x86\x66\xA4\xF1\xF7\x4B\x43\xFB\x84\xBD\x6D\x30\x1D\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x10\x30\x0E\x1B\x08\x56\x37\x2E\x31\x3A\x34\x2E\x30\x03\x02\x04\x90\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x93\xD4\x30\xB0\xD7\x03\x20\x2A\xD0\xF9\x63\xE8\x91\x0C\x05\x20\xA9\x5F\x19\xCA\x7B\x72\x4E\xD4\xB1\xDB\xD0\x96\xFB\x54\x5A\x19\x2C\x0C\x08\xF7\xB2\xBC\x85\xA8\x9D\x7F\x6D\x3B\x52\xB3\x2A\xDB\xE7\xD4\x84\x8C\x63\xF6\x0F\xCB\x26\x01\x91\x50\x6C\xF4\x5F\x14\xE2\x93\x74\xC0\x13\x9E\x30\x3A\x50\xE3\xB4\x60\xC5\x1C\xF0\x22\x44\x8D\x71\x47\xAC\xC8\x1A\xC9\xE9\x9B\x9A\x00\x60\x13\xFF\x70\x7E\x5F\x11\x4D\x49\x1B\xB3\x15\x52\x7B\xC9\x54\xDA\xBF\x9D\x95\xAF\x6B\x9A\xD8\x9E\xE9\xF1\xE4\x43\x8D\xE2\x11\x44\x3A\xBF\xAF\xBD\x83\x42\x73\x52\x8B\xAA\xBB\xA7\x29\xCF\xF5\x64\x1C\x0A\x4D\xD1\xBC\xAA\xAC\x9F\x2A\xD0\xFF\x7F\x7F\xDA\x7D\xEA\xB1\xED\x30\x25\xC1\x84\xDA\x34\xD2\x5B\x78\x83\x56\xEC\x9C\x36\xC3\x26\xE2\x11\xF6\x67\x49\x1D\x92\xAB\x8C\xFB\xEB\xFF\x7A\xEE\x85\x4A\xA7\x50\x80\xF0\xA7\x5C\x4A\x94\x2E\x5F\x05\x99\x3C\x52\x41\xE0\xCD\xB4\x63\xCF\x01\x43\xBA\x9C\x83\xDC\x8F\x60\x3B\xF3\x5A\xB4\xB4\x7B\xAE\xDA\x0B\x90\x38\x75\xEF\x81\x1D\x66\xD2\xF7\x57\x70\x36\xB3\xBF\xFC\x28\xAF\x71\x25\x85\x5B\x13\xFE\x1E\x7F\x5A\xB4\x3C",
+	["OU=RSA Security 2048 V3,O=RSA Security Inc"] = "\x30\x82\x03\x61\x30\x82\x02\x49\xA0\x03\x02\x01\x02\x02\x10\x0A\x01\x01\x01\x00\x00\x02\x7C\x00\x00\x00\x0A\x00\x00\x00\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x3A\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x52\x53\x41\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x49\x6E\x63\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x52\x53\x41\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x32\x30\x34\x38\x20\x56\x33\x30\x1E\x17\x0D\x30\x31\x30\x32\x32\x32\x32\x30\x33\x39\x32\x33\x5A\x17\x0D\x32\x36\x30\x32\x32\x32\x32\x30\x33\x39\x32\x33\x5A\x30\x3A\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x52\x53\x41\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x49\x6E\x63\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x52\x53\x41\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x32\x30\x34\x38\x20\x56\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB7\x8F\x55\x71\xD2\x80\xDD\x7B\x69\x79\xA7\xF0\x18\x50\x32\x3C\x62\x67\xF6\x0A\x95\x07\xDD\xE6\x1B\xF3\x9E\xD9\xD2\x41\x54\x6B\xAD\x9F\x7C\xBE\x19\xCD\xFB\x46\xAB\x41\x68\x1E\x18\xEA\x55\xC8\x2F\x91\x78\x89\x28\xFB\x27\x29\x60\xFF\xDF\x8F\x8C\x3B\xC9\x49\x9B\xB5\xA4\x94\xCE\x01\xEA\x3E\xB5\x63\x7B\x7F\x26\xFD\x19\xDD\xC0\x21\xBD\x84\xD1\x2D\x4F\x46\xC3\x4E\xDC\xD8\x37\x39\x3B\x28\xAF\xCB\x9D\x1A\xEA\x2B\xAF\x21\xA5\xC1\x23\x22\xB8\xB8\x1B\x5A\x13\x87\x57\x83\xD1\xF0\x20\xE7\xE8\x4F\x23\x42\xB0\x00\xA5\x7D\x89\xE9\xE9\x61\x73\x94\x98\x71\x26\xBC\x2D\x6A\xE0\xF7\x4D\xF0\xF1\xB6\x2A\x38\x31\x81\x0D\x29\xE1\x00\xC1\x51\x0F\x4C\x52\xF8\x04\x5A\xAA\x7D\x72\xD3\xB8\x87\x2A\xBB\x63\x10\x03\x2A\xB3\xA1\x4F\x0D\x5A\x5E\x46\xB7\x3D\x0E\xF5\x74\xEC\x99\x9F\xF9\x3D\x24\x81\x88\xA6\xDD\x60\x54\xE8\x95\x36\x3D\xC6\x09\x93\x9A\xA3\x12\x80\x00\x55\x99\x19\x47\xBD\xD0\xA5\x7C\xC3\xBA\xFB\x1F\xF7\xF5\x0F\xF8\xAC\xB9\xB5\xF4\x37\x98\x13\x18\xDE\x85\x5B\xB7\x0C\x82\x3B\x87\x6F\x95\x39\x58\x30\xDA\x6E\x01\x68\x17\x22\xCC\xC0\x0B\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x07\xC3\x51\x30\xA4\xAA\xE9\x45\xAE\x35\x24\xFA\xFF\x24\x2C\x33\xD0\xB1\x9D\x8C\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x07\xC3\x51\x30\xA4\xAA\xE9\x45\xAE\x35\x24\xFA\xFF\x24\x2C\x33\xD0\xB1\x9D\x8C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5F\x3E\x86\x76\x6E\xB8\x35\x3C\x4E\x36\x1C\x1E\x79\x98\xBF\xFD\xD5\x12\x11\x79\x52\x0E\xEE\x31\x89\xBC\xDD\x7F\xF9\xD1\xC6\x15\x21\xE8\x8A\x01\x54\x0D\x3A\xFB\x54\xB9\xD6\x63\xD4\xB1\xAA\x96\x4D\xA2\x42\x4D\xD4\x53\x1F\x8B\x10\xDE\x7F\x65\xBE\x60\x13\x27\x71\x88\xA4\x73\xE3\x84\x63\xD1\xA4\x55\xE1\x50\x93\xE6\x1B\x0E\x79\xD0\x67\xBC\x46\xC8\xBF\x3F\x17\x0D\x95\xE6\xC6\x90\x69\xDE\xE7\xB4\x2F\xDE\x95\x7D\xD0\x12\x3F\x3D\x3E\x7F\x4D\x3F\x14\x68\xF5\x11\x50\xD5\xC1\xF4\x90\xA5\x08\x1D\x31\x60\xFF\x60\x8C\x23\x54\x0A\xAF\xFE\xA1\x6E\xC5\xD1\x7A\x2A\x68\x78\xCF\x1E\x82\x0A\x20\xB4\x1F\xAD\xE5\x85\xB2\x6A\x68\x75\x4E\xAD\x25\x37\x94\x85\xBE\xBD\xA1\xD4\xEA\xB7\x0C\x4B\x3C\x9D\xE8\x12\x00\xF0\x5F\xAC\x0D\xE1\xAC\x70\x63\x73\xF7\x7F\x79\x9F\x32\x25\x42\x74\x05\x80\x28\xBF\xBD\xC1\x24\x96\x58\x15\xB1\x17\x21\xE9\x89\x4B\xDB\x07\x88\x67\xF4\x15\xAD\x70\x3E\x2F\x4D\x85\x3B\xC2\xB7\xDB\xFE\x98\x68\x23\x89\xE1\x74\x0F\xDE\xF4\xC5\x84\x63\x29\x1B\xCC\xCB\x07\xC9\x00\xA4\xA9\xD7\xC2\x22\x4F\x67\xD7\x77\xEC\x20\x05\x61\xDE",
+	["CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US"] = "\x30\x82\x03\x54\x30\x82\x02\x3C\xA0\x03\x02\x01\x02\x02\x03\x02\x34\x56\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x42\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x43\x41\x30\x1E\x17\x0D\x30\x32\x30\x35\x32\x31\x30\x34\x30\x30\x30\x30\x5A\x17\x0D\x32\x32\x30\x35\x32\x31\x30\x34\x30\x30\x30\x30\x5A\x30\x42\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDA\xCC\x18\x63\x30\xFD\xF4\x17\x23\x1A\x56\x7E\x5B\xDF\x3C\x6C\x38\xE4\x71\xB7\x78\x91\xD4\xBC\xA1\xD8\x4C\xF8\xA8\x43\xB6\x03\xE9\x4D\x21\x07\x08\x88\xDA\x58\x2F\x66\x39\x29\xBD\x05\x78\x8B\x9D\x38\xE8\x05\xB7\x6A\x7E\x71\xA4\xE6\xC4\x60\xA6\xB0\xEF\x80\xE4\x89\x28\x0F\x9E\x25\xD6\xED\x83\xF3\xAD\xA6\x91\xC7\x98\xC9\x42\x18\x35\x14\x9D\xAD\x98\x46\x92\x2E\x4F\xCA\xF1\x87\x43\xC1\x16\x95\x57\x2D\x50\xEF\x89\x2D\x80\x7A\x57\xAD\xF2\xEE\x5F\x6B\xD2\x00\x8D\xB9\x14\xF8\x14\x15\x35\xD9\xC0\x46\xA3\x7B\x72\xC8\x91\xBF\xC9\x55\x2B\xCD\xD0\x97\x3E\x9C\x26\x64\xCC\xDF\xCE\x83\x19\x71\xCA\x4E\xE6\xD4\xD5\x7B\xA9\x19\xCD\x55\xDE\xC8\xEC\xD2\x5E\x38\x53\xE5\x5C\x4F\x8C\x2D\xFE\x50\x23\x36\xFC\x66\xE6\xCB\x8E\xA4\x39\x19\x00\xB7\x95\x02\x39\x91\x0B\x0E\xFE\x38\x2E\xD1\x1D\x05\x9A\xF6\x4D\x3E\x6F\x0F\x07\x1D\xAF\x2C\x1E\x8F\x60\x39\xE2\xFA\x36\x53\x13\x39\xD4\x5E\x26\x2B\xDB\x3D\xA8\x14\xBD\x32\xEB\x18\x03\x28\x52\x04\x71\xE5\xAB\x33\x3D\xE1\x38\xBB\x07\x36\x84\x62\x9C\x79\xEA\x16\x30\xF4\x5F\xC0\x2B\xE8\x71\x6B\xE4\xF9\x02\x03\x01\x00\x01\xA3\x53\x30\x51\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xC0\x7A\x98\x68\x8D\x89\xFB\xAB\x05\x64\x0C\x11\x7D\xAA\x7D\x65\xB8\xCA\xCC\x4E\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xC0\x7A\x98\x68\x8D\x89\xFB\xAB\x05\x64\x0C\x11\x7D\xAA\x7D\x65\xB8\xCA\xCC\x4E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x35\xE3\x29\x6A\xE5\x2F\x5D\x54\x8E\x29\x50\x94\x9F\x99\x1A\x14\xE4\x8F\x78\x2A\x62\x94\xA2\x27\x67\x9E\xD0\xCF\x1A\x5E\x47\xE9\xC1\xB2\xA4\xCF\xDD\x41\x1A\x05\x4E\x9B\x4B\xEE\x4A\x6F\x55\x52\xB3\x24\xA1\x37\x0A\xEB\x64\x76\x2A\x2E\x2C\xF3\xFD\x3B\x75\x90\xBF\xFA\x71\xD8\xC7\x3D\x37\xD2\xB5\x05\x95\x62\xB9\xA6\xDE\x89\x3D\x36\x7B\x38\x77\x48\x97\xAC\xA6\x20\x8F\x2E\xA6\xC9\x0C\xC2\xB2\x99\x45\x00\xC7\xCE\x11\x51\x22\x22\xE0\xA5\xEA\xB6\x15\x48\x09\x64\xEA\x5E\x4F\x74\xF7\x05\x3E\xC7\x8A\x52\x0C\xDB\x15\xB4\xBD\x6D\x9B\xE5\xC6\xB1\x54\x68\xA9\xE3\x69\x90\xB6\x9A\xA5\x0F\xB8\xB9\x3F\x20\x7D\xAE\x4A\xB5\xB8\x9C\xE4\x1D\xB6\xAB\xE6\x94\xA5\xC1\xC7\x83\xAD\xDB\xF5\x27\x87\x0E\x04\x6C\xD5\xFF\xDD\xA0\x5D\xED\x87\x52\xB7\x2B\x15\x02\xAE\x39\xA6\x6A\x74\xE9\xDA\xC4\xE7\xBC\x4D\x34\x1E\xA9\x5C\x4D\x33\x5F\x92\x09\x2F\x88\x66\x5D\x77\x97\xC7\x1D\x76\x13\xA9\xD5\xE5\xF1\x16\x09\x11\x35\xD5\xAC\xDB\x24\x71\x70\x2C\x98\x56\x0B\xD9\x17\xB4\xD1\xE3\x51\x2B\x5E\x75\xE8\xD5\xD0\xDC\x4F\x34\xED\xC2\x05\x66\x80\xA1\xCB\xE6\x33",
+	["CN=GeoTrust Global CA 2,O=GeoTrust Inc.,C=US"] = "\x30\x82\x03\x66\x30\x82\x02\x4E\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x44\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x1D\x30\x1B\x06\x03\x55\x04\x03\x13\x14\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x43\x41\x20\x32\x30\x1E\x17\x0D\x30\x34\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5A\x17\x0D\x31\x39\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5A\x30\x44\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x1D\x30\x1B\x06\x03\x55\x04\x03\x13\x14\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x43\x41\x20\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xEF\x3C\x4D\x40\x3D\x10\xDF\x3B\x53\x00\xE1\x67\xFE\x94\x60\x15\x3E\x85\x88\xF1\x89\x0D\x90\xC8\x28\x23\x99\x05\xE8\x2B\x20\x9D\xC6\xF3\x60\x46\xD8\xC1\xB2\xD5\x8C\x31\xD9\xDC\x20\x79\x24\x81\xBF\x35\x32\xFC\x63\x69\xDB\xB1\x2A\x6B\xEE\x21\x58\xF2\x08\xE9\x78\xCB\x6F\xCB\xFC\x16\x52\xC8\x91\xC4\xFF\x3D\x73\xDE\xB1\x3E\xA7\xC2\x7D\x66\xC1\xF5\x7E\x52\x24\x1A\xE2\xD5\x67\x91\xD0\x82\x10\xD7\x78\x4B\x4F\x2B\x42\x39\xBD\x64\x2D\x40\xA0\xB0\x10\xD3\x38\x48\x46\x88\xA1\x0C\xBB\x3A\x33\x2A\x62\x98\xFB\x00\x9D\x13\x59\x7F\x6F\x3B\x72\xAA\xEE\xA6\x0F\x86\xF9\x05\x61\xEA\x67\x7F\x0C\x37\x96\x8B\xE6\x69\x16\x47\x11\xC2\x27\x59\x03\xB3\xA6\x60\xC2\x21\x40\x56\xFA\xA0\xC7\x7D\x3A\x13\xE3\xEC\x57\xC7\xB3\xD6\xAE\x9D\x89\x80\xF7\x01\xE7\x2C\xF6\x96\x2B\x13\x0D\x79\x2C\xD9\xC0\xE4\x86\x7B\x4B\x8C\x0C\x72\x82\x8A\xFB\x17\xCD\x00\x6C\x3A\x13\x3C\xB0\x84\x87\x4B\x16\x7A\x29\xB2\x4F\xDB\x1D\xD4\x0B\xF3\x66\x37\xBD\xD8\xF6\x57\xBB\x5E\x24\x7A\xB8\x3C\x8B\xB9\xFA\x92\x1A\x1A\x84\x9E\xD8\x74\x8F\xAA\x1B\x7F\x5E\xF4\xFE\x45\x22\x21\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x71\x38\x36\xF2\x02\x31\x53\x47\x2B\x6E\xBA\x65\x46\xA9\x10\x15\x58\x20\x05\x09\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x71\x38\x36\xF2\x02\x31\x53\x47\x2B\x6E\xBA\x65\x46\xA9\x10\x15\x58\x20\x05\x09\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xF7\xB5\x2B\xAB\x5D\x10\xFC\x7B\xB2\xB2\x5E\xAC\x9B\x0E\x7E\x53\x78\x59\x3E\x42\x04\xFE\x75\xA3\xAD\xAC\x81\x4E\xD7\x02\x8B\x5E\xC4\x2D\xC8\x52\x76\xC7\x2C\x1F\xFC\x81\x32\x98\xD1\x4B\xC6\x92\x93\x33\x35\x31\x2F\xFC\xD8\x1D\x44\xDD\xE0\x81\x7F\x9D\xE9\x8B\xE1\x64\x91\x62\x0B\x39\x08\x8C\xAC\x74\x9D\x59\xD9\x7A\x59\x52\x97\x11\xB9\x16\x7B\x6F\x45\xD3\x96\xD9\x31\x7D\x02\x36\x0F\x9C\x3B\x6E\xCF\x2C\x0D\x03\x46\x45\xEB\xA0\xF4\x7F\x48\x44\xC6\x08\x40\xCC\xDE\x1B\x70\xB5\x29\xAD\xBA\x8B\x3B\x34\x65\x75\x1B\x71\x21\x1D\x2C\x14\x0A\xB0\x96\x95\xB8\xD6\xEA\xF2\x65\xFB\x29\xBA\x4F\xEA\x91\x93\x74\x69\xB6\xF2\xFF\xE1\x1A\xD0\x0C\xD1\x76\x85\xCB\x8A\x25\xBD\x97\x5E\x2C\x6F\x15\x99\x26\xE7\xB6\x29\xFF\x22\xEC\xC9\x02\xC7\x56\x00\xCD\x49\xB9\xB3\x6C\x7B\x53\x04\x1A\xE2\xA8\xC9\xAA\x12\x05\x23\xC2\xCE\xE7\xBB\x04\x02\xCC\xC0\x47\xA2\xE4\xC4\x29\x2F\x5B\x45\x57\x89\x51\xEE\x3C\xEB\x52\x08\xFF\x07\x35\x1E\x9F\x35\x6A\x47\x4A\x56\x98\xD1\x5A\x85\x1F\x8C\xF5\x22\xBF\xAB\xCE\x83\xF3\xE2\x22\x29\xAE\x7D\x83\x40\xA8\xBA\x6C",
+	["CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US"] = "\x30\x82\x05\x68\x30\x82\x03\x50\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x13\x15\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x30\x1E\x17\x0D\x30\x34\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5A\x17\x0D\x32\x39\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5A\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x13\x15\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA6\x15\x55\xA0\xA3\xC6\xE0\x1F\x8C\x9D\x21\x50\xD7\xC1\xBE\x2B\x5B\xB5\xA4\x9E\xA1\xD9\x72\x58\xBD\x00\x1B\x4C\xBF\x61\xC9\x14\x1D\x45\x82\xAB\xC6\x1D\x80\xD6\x3D\xEB\x10\x9C\x3A\xAF\x6D\x24\xF8\xBC\x71\x01\x9E\x06\xF5\x7C\x5F\x1E\xC1\x0E\x55\xCA\x83\x9A\x59\x30\xAE\x19\xCB\x30\x48\x95\xED\x22\x37\x8D\xF4\x4A\x9A\x72\x66\x3E\xAD\x95\xC0\xE0\x16\x00\xE0\x10\x1F\x2B\x31\x0E\xD7\x94\x54\xD3\x42\x33\xA0\x34\x1D\x1E\x45\x76\xDD\x4F\xCA\x18\x37\xEC\x85\x15\x7A\x19\x08\xFC\xD5\xC7\x9C\xF0\xF2\xA9\x2E\x10\xA9\x92\xE6\x3D\x58\x3D\xA9\x16\x68\x3C\x2F\x75\x21\x18\x7F\x28\x77\xA5\xE1\x61\x17\xB7\xA6\xE9\xF8\x1E\x99\xDB\x73\x6E\xF4\x0A\xA2\x21\x6C\xEE\xDA\xAA\x85\x92\x66\xAF\xF6\x7A\x6B\x82\xDA\xBA\x22\x08\x35\x0F\xCF\x42\xF1\x35\xFA\x6A\xEE\x7E\x2B\x25\xCC\x3A\x11\xE4\x6D\xAF\x73\xB2\x76\x1D\xAD\xD0\xB2\x78\x67\x1A\xA4\x39\x1C\x51\x0B\x67\x56\x83\xFD\x38\x5D\x0D\xCE\xDD\xF0\xBB\x2B\x96\x1F\xDE\x7B\x32\x52\xFD\x1D\xBB\xB5\x06\xA1\xB2\x21\x5E\xA5\xD6\x95\x68\x7F\xF0\x99\x9E\xDC\x45\x08\x3E\xE7\xD2\x09\x0D\x35\x94\xDD\x80\x4E\x53\x97\xD7\xB5\x09\x44\x20\x64\x16\x17\x03\x02\x4C\x53\x0D\x68\xDE\xD5\xAA\x72\x4D\x93\x6D\x82\x0E\xDB\x9C\xBD\xCF\xB4\xF3\x5C\x5D\x54\x7A\x69\x09\x96\xD6\xDB\x11\xC1\x8D\x75\xA8\xB4\xCF\x39\xC8\xCE\x3C\xBC\x24\x7C\xE6\x62\xCA\xE1\xBD\x7D\xA7\xBD\x57\x65\x0B\xE4\xFE\x25\xED\xB6\x69\x10\xDC\x28\x1A\x46\xBD\x01\x1D\xD0\x97\xB5\xE1\x98\x3B\xC0\x37\x64\xD6\x3D\x94\xEE\x0B\xE1\xF5\x28\xAE\x0B\x56\xBF\x71\x8B\x23\x29\x41\x8E\x86\xC5\x4B\x52\x7B\xD8\x71\xAB\x1F\x8A\x15\xA6\x3B\x83\x5A\xD7\x58\x01\x51\xC6\x4C\x41\xD9\x7F\xD8\x41\x67\x72\xA2\x28\xDF\x60\x83\xA9\x9E\xC8\x7B\xFC\x53\x73\x72\x59\xF5\x93\x7A\x17\x76\x0E\xCE\xF7\xE5\x5C\xD9\x0B\x55\x34\xA2\xAA\x5B\xB5\x6A\x54\xE7\x13\xCA\x57\xEC\x97\x6D\xF4\x5E\x06\x2F\x45\x8B\x58\xD4\x23\x16\x92\xE4\x16\x6E\x28\x63\x59\x30\xDF\x50\x01\x9C\x63\x89\x1A\x9F\xDB\x17\x94\x82\x70\x37\xC3\x24\x9E\x9A\x47\xD6\x5A\xCA\x4E\xA8\x69\x89\x72\x1F\x91\x6C\xDB\x7E\x9E\x1B\xAD\xC7\x1F\x73\xDD\x2C\x4F\x19\x65\xFD\x7F\x93\x40\x10\x2E\xD2\xF0\xED\x3C\x9E\x2E\x28\x3E\x69\x26\x33\xC5\x7B\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xDA\xBB\x2E\xAA\xB0\x0C\xB8\x88\x26\x51\x74\x5C\x6D\x03\xD3\xC0\xD8\x8F\x7A\xD6\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xDA\xBB\x2E\xAA\xB0\x0C\xB8\x88\x26\x51\x74\x5C\x6D\x03\xD3\xC0\xD8\x8F\x7A\xD6\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x31\x78\xE6\xC7\xB5\xDF\xB8\x94\x40\xC9\x71\xC4\xA8\x35\xEC\x46\x1D\xC2\x85\xF3\x28\x58\x86\xB0\x0B\xFC\x8E\xB2\x39\x8F\x44\x55\xAB\x64\x84\x5C\x69\xA9\xD0\x9A\x38\x3C\xFA\xE5\x1F\x35\xE5\x44\xE3\x80\x79\x94\x68\xA4\xBB\xC4\x9F\x3D\xE1\x34\xCD\x30\x46\x8B\x54\x2B\x95\xA5\xEF\xF7\x3F\x99\x84\xFD\x35\xE6\xCF\x31\xC6\xDC\x6A\xBF\xA7\xD7\x23\x08\xE1\x98\x5E\xC3\x5A\x08\x76\xA9\xA6\xAF\x77\x2F\xB7\x60\xBD\x44\x46\x6A\xEF\x97\xFF\x73\x95\xC1\x8E\xE8\x93\xFB\xFD\x31\xB7\xEC\x57\x11\x11\x45\x9B\x30\xF1\x1A\x88\x39\xC1\x4F\x3C\xA7\x00\xD5\xC7\xFC\xAB\x6D\x80\x22\x70\xA5\x0C\xE0\x5D\x04\x29\x02\xFB\xCB\xA0\x91\xD1\x7C\xD6\xC3\x7E\x50\xD5\x9D\x58\xBE\x41\x38\xEB\xB9\x75\x3C\x15\xD9\x9B\xC9\x4A\x83\x59\xC0\xDA\x53\xFD\x33\xBB\x36\x18\x9B\x85\x0F\x15\xDD\xEE\x2D\xAC\x76\x93\xB9\xD9\x01\x8D\x48\x10\xA8\xFB\xF5\x38\x86\xF1\xDB\x0A\xC6\xBD\x84\xA3\x23\x41\xDE\xD6\x77\x6F\x85\xD4\x85\x1C\x50\xE0\xAE\x51\x8A\xBA\x8D\x3E\x76\xE2\xB9\xCA\x27\xF2\x5F\x9F\xEF\x6E\x59\x0D\x06\xD8\x2B\x17\xA4\xD2\x7C\x6B\xBB\x5F\x14\x1A\x48\x8F\x1A\x4C\xE7\xB3\x47\x1C\x8E\x4C\x45\x2B\x20\xEE\x48\xDF\xE7\xDD\x09\x8E\x18\xA8\xDA\x40\x8D\x92\x26\x11\x53\x61\x73\x5D\xEB\xBD\xE7\xC4\x4D\x29\x37\x61\xEB\xAC\x39\x2D\x67\x2E\x16\xD6\xF5\x00\x83\x85\xA1\xCC\x7F\x76\xC4\x7D\xE4\xB7\x4B\x66\xEF\x03\x45\x60\x69\xB6\x0C\x52\x96\x92\x84\x5E\xA6\xA3\xB5\xA4\x3E\x2B\xD9\xCC\xD8\x1B\x47\xAA\xF2\x44\xDA\x4F\xF9\x03\xE8\xF0\x14\xCB\x3F\xF3\x83\xDE\xD0\xC1\x54\xE3\xB7\xE8\x0A\x37\x4D\x8B\x20\x59\x03\x30\x19\xA1\x2C\xC8\xBD\x11\x1F\xDF\xAE\xC9\x4A\xC5\xF3\x27\x66\x66\x86\xAC\x68\x91\xFF\xD9\xE6\x53\x1C\x0F\x8B\x5C\x69\x65\x0A\x26\xC8\x1E\x34\xC3\x5D\x51\x7B\xD7\xA9\x9C\x06\xA1\x36\xDD\xD5\x89\x94\xBC\xD9\xE4\x2D\x0C\x5E\x09\x6C\x08\x97\x7C\xA3\x3D\x7C\x93\xFF\x3F\xA1\x14\xA7\xCF\xB5\x5D\xEB\xDB\xDB\x1C\xC4\x76\xDF\x88\xB9\xBD\x45\x05\x95\x1B\xAE\xFC\x46\x6A\x4C\xAF\x48\xE3\xCE\xAE\x0F\xD2\x7E\xEB\xE6\x6C\x9C\x4F\x81\x6A\x7A\x64\xAC\xBB\x3E\xD5\xE7\xCB\x76\x2E\xC5\xA7\x48\xC1\x5C\x90\x0F\xCB\xC8\x3F\xFA\xE6\x32\xE1\x8D\x1B\x6F\xA4\xE6\x8E\xD8\xF9\x29\x48\x8A\xCE\x73\xFE\x2C",
+	["CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US"] = "\x30\x82\x05\x6C\x30\x82\x03\x54\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x47\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x20\x32\x30\x1E\x17\x0D\x30\x34\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5A\x17\x0D\x32\x39\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5A\x30\x47\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x20\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xB3\x54\x52\xC1\xC9\x3E\xF2\xD9\xDC\xB1\x53\x1A\x59\x29\xE7\xB1\xC3\x45\x28\xE5\xD7\xD1\xED\xC5\xC5\x4B\xA1\xAA\x74\x7B\x57\xAF\x4A\x26\xFC\xD8\xF5\x5E\xA7\x6E\x19\xDB\x74\x0C\x4F\x35\x5B\x32\x0B\x01\xE3\xDB\xEB\x7A\x77\x35\xEA\xAA\x5A\xE0\xD6\xE8\xA1\x57\x94\xF0\x90\xA3\x74\x56\x94\x44\x30\x03\x1E\x5C\x4E\x2B\x85\x26\x74\x82\x7A\x0C\x76\xA0\x6F\x4D\xCE\x41\x2D\xA0\x15\x06\x14\x5F\xB7\x42\xCD\x7B\x8F\x58\x61\x34\xDC\x2A\x08\xF9\x2E\xC3\x01\xA6\x22\x44\x1C\x4C\x07\x82\xE6\x5B\xCE\xD0\x4A\x7C\x04\xD3\x19\x73\x27\xF0\xAA\x98\x7F\x2E\xAF\x4E\xEB\x87\x1E\x24\x77\x6A\x5D\xB6\xE8\x5B\x45\xBA\xDC\xC3\xA1\x05\x6F\x56\x8E\x8F\x10\x26\xA5\x49\xC3\x2E\xD7\x41\x87\x22\xE0\x4F\x86\xCA\x60\xB5\xEA\xA1\x63\xC0\x01\x97\x10\x79\xBD\x00\x3C\x12\x6D\x2B\x15\xB1\xAC\x4B\xB1\xEE\x18\xB9\x4E\x96\xDC\xDC\x76\xFF\x3B\xBE\xCF\x5F\x03\xC0\xFC\x3B\xE8\xBE\x46\x1B\xFF\xDA\x40\xC2\x52\xF7\xFE\xE3\x3A\xF7\x6A\x77\x35\xD0\xDA\x8D\xEB\x5E\x18\x6A\x31\xC7\x1E\xBA\x3C\x1B\x28\xD6\x6B\x54\xC6\xAA\x5B\xD7\xA2\x2C\x1B\x19\xCC\xA2\x02\xF6\x9B\x59\xBD\x37\x6B\x86\xB5\x6D\x82\xBA\xD8\xEA\xC9\x56\xBC\xA9\x36\x58\xFD\x3E\x19\xF3\xED\x0C\x26\xA9\x93\x38\xF8\x4F\xC1\x5D\x22\x06\xD0\x97\xEA\xE1\xAD\xC6\x55\xE0\x81\x2B\x28\x83\x3A\xFA\xF4\x7B\x21\x51\x00\xBE\x52\x38\xCE\xCD\x66\x79\xA8\xF4\x81\x56\xE2\xD0\x83\x09\x47\x51\x5B\x50\x6A\xCF\xDB\x48\x1A\x5D\x3E\xF7\xCB\xF6\x65\xF7\x6C\xF1\x95\xF8\x02\x3B\x32\x56\x82\x39\x7A\x5B\xBD\x2F\x89\x1B\xBF\xA1\xB4\xE8\xFF\x7F\x8D\x8C\xDF\x03\xF1\x60\x4E\x58\x11\x4C\xEB\xA3\x3F\x10\x2B\x83\x9A\x01\x73\xD9\x94\x6D\x84\x00\x27\x66\xAC\xF0\x70\x40\x09\x42\x92\xAD\x4F\x93\x0D\x61\x09\x51\x24\xD8\x92\xD5\x0B\x94\x61\xB2\x87\xB2\xED\xFF\x9A\x35\xFF\x85\x54\xCA\xED\x44\x43\xAC\x1B\x3C\x16\x6B\x48\x4A\x0A\x1C\x40\x88\x1F\x92\xC2\x0B\x00\x05\xFF\xF2\xC8\x02\x4A\xA4\xAA\xA9\xCC\x99\x96\x9C\x2F\x58\xE0\x7D\xE1\xBE\xBB\x07\xDC\x5F\x04\x72\x5C\x31\x34\xC3\xEC\x5F\x2D\xE0\x3D\x64\x90\x22\xE6\xD1\xEC\xB8\x2E\xDD\x59\xAE\xD9\xA1\x37\xBF\x54\x35\xDC\x73\x32\x4F\x8C\x04\x1E\x33\xB2\xC9\x46\xF1\xD8\x5C\xC8\x55\x50\xC9\x68\xBD\xA8\xBA\x36\x09\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x76\xF3\x55\xE1\xFA\xA4\x36\xFB\xF0\x9F\x5C\x62\x71\xED\x3C\xF4\x47\x38\x10\x2B\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x76\xF3\x55\xE1\xFA\xA4\x36\xFB\xF0\x9F\x5C\x62\x71\xED\x3C\xF4\x47\x38\x10\x2B\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x66\xC1\xC6\x23\xF3\xD9\xE0\x2E\x6E\x5F\xE8\xCF\xAE\xB0\xB0\x25\x4D\x2B\xF8\x3B\x58\x9B\x40\x24\x37\x5A\xCB\xAB\x16\x49\xFF\xB3\x75\x79\x33\xA1\x2F\x6D\x70\x17\x34\x91\xFE\x67\x7E\x8F\xEC\x9B\xE5\x5E\x82\xA9\x55\x1F\x2F\xDC\xD4\x51\x07\x12\xFE\xAC\x16\x3E\x2C\x35\xC6\x63\xFC\xDC\x10\xEB\x0D\xA3\xAA\xD0\x7C\xCC\xD1\xD0\x2F\x51\x2E\xC4\x14\x5A\xDE\xE8\x19\xE1\x3E\xC6\xCC\xA4\x29\xE7\x2E\x84\xAA\x06\x30\x78\x76\x54\x73\x28\x98\x59\x38\xE0\x00\x0D\x62\xD3\x42\x7D\x21\x9F\xAE\x3D\x3A\x8C\xD5\xFA\x77\x0D\x18\x2B\x16\x0E\x5F\x36\xE1\xFC\x2A\xB5\x30\x24\xCF\xE0\x63\x0C\x7B\x58\x1A\xFE\x99\xBA\x42\x12\xB1\x91\xF4\x7C\x68\xE2\xC8\xE8\xAF\x2C\xEA\xC9\x7E\xAE\xBB\x2A\x3D\x0D\x15\xDC\x34\x95\xB6\x18\x74\xA8\x6A\x0F\xC7\xB4\xF4\x13\xC4\xE4\x5B\xED\x0A\xD2\xA4\x97\x4C\x2A\xED\x2F\x6C\x12\x89\x3D\xF1\x27\x70\xAA\x6A\x03\x52\x21\x9F\x40\xA8\x67\x50\xF2\xF3\x5A\x1F\xDF\xDF\x23\xF6\xDC\x78\x4E\xE6\x98\x4F\x55\x3A\x53\xE3\xEF\xF2\xF4\x9F\xC7\x7C\xD8\x58\xAF\x29\x22\x97\xB8\xE0\xBD\x91\x2E\xB0\x76\xEC\x57\x11\xCF\xEF\x29\x44\xF3\xE9\x85\x7A\x60\x63\xE4\x5D\x33\x89\x17\xD9\x31\xAA\xDA\xD6\xF3\x18\x35\x72\xCF\x87\x2B\x2F\x63\x23\x84\x5D\x84\x8C\x3F\x57\xA0\x88\xFC\x99\x91\x28\x26\x69\x99\xD4\x8F\x97\x44\xBE\x8E\xD5\x48\xB1\xA4\x28\x29\xF1\x15\xB4\xE1\xE5\x9E\xDD\xF8\x8F\xA6\x6F\x26\xD7\x09\x3C\x3A\x1C\x11\x0E\xA6\x6C\x37\xF7\xAD\x44\x87\x2C\x28\xC7\xD8\x74\x82\xB3\xD0\x6F\x4A\x57\xBB\x35\x29\x27\xA0\x8B\xE8\x21\xA7\x87\x64\x36\x5D\xCC\xD8\x16\xAC\xC7\xB2\x27\x40\x92\x55\x38\x28\x8D\x51\x6E\xDD\x14\x67\x53\x6C\x71\x5C\x26\x84\x4D\x75\x5A\xB6\x7E\x60\x56\xA9\x4D\xAD\xFB\x9B\x1E\x97\xF3\x0D\xD9\xD2\x97\x54\x77\xDA\x3D\x12\xB7\xE0\x1E\xEF\x08\x06\xAC\xF9\x85\x87\xE9\xA2\xDC\xAF\x7E\x18\x12\x83\xFD\x56\x17\x41\x2E\xD5\x29\x82\x7D\x99\xF4\x31\xF6\x71\xA9\xCF\x2C\x01\x27\xA5\x05\xB9\xAA\xB2\x48\x4E\x2A\xEF\x9F\x93\x52\x51\x95\x3C\x52\x73\x8E\x56\x4C\x17\x40\xC0\x09\x28\xE4\x8B\x6A\x48\x53\xDB\xEC\xCD\x55\x55\xF1\xC6\xF8\xE9\xA2\x2C\x4C\xA6\xD1\x26\x5F\x7E\xAF\x5A\x4C\xDA\x1F\xA6\xF2\x1C\x2C\x7E\xAE\x02\x16\xD2\x56\xD0\x2F\x57\x53\x47\xE8\x92",
+	["CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US"] = "\x30\x82\x03\xA4\x30\x82\x02\x8C\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x31\x30\x1E\x17\x0D\x30\x32\x30\x35\x32\x38\x30\x36\x30\x30\x30\x30\x5A\x17\x0D\x33\x37\x31\x31\x31\x39\x32\x30\x34\x33\x30\x30\x5A\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA8\x2F\xE8\xA4\x69\x06\x03\x47\xC3\xE9\x2A\x98\xFF\x19\xA2\x70\x9A\xC6\x50\xB2\x7E\xA5\xDF\x68\x4D\x1B\x7C\x0F\xB6\x97\x68\x7D\x2D\xA6\x8B\x97\xE9\x64\x86\xC9\xA3\xEF\xA0\x86\xBF\x60\x65\x9C\x4B\x54\x88\xC2\x48\xC5\x4A\x39\xBF\x14\xE3\x59\x55\xE5\x19\xB4\x74\xC8\xB4\x05\x39\x5C\x16\xA5\xE2\x95\x05\xE0\x12\xAE\x59\x8B\xA2\x33\x68\x58\x1C\xA6\xD4\x15\xB7\xD8\x9F\xD7\xDC\x71\xAB\x7E\x9A\xBF\x9B\x8E\x33\x0F\x22\xFD\x1F\x2E\xE7\x07\x36\xEF\x62\x39\xC5\xDD\xCB\xBA\x25\x14\x23\xDE\x0C\xC6\x3D\x3C\xCE\x82\x08\xE6\x66\x3E\xDA\x51\x3B\x16\x3A\xA3\x05\x7F\xA0\xDC\x87\xD5\x9C\xFC\x72\xA9\xA0\x7D\x78\xE4\xB7\x31\x55\x1E\x65\xBB\xD4\x61\xB0\x21\x60\xED\x10\x32\x72\xC5\x92\x25\x1E\xF8\x90\x4A\x18\x78\x47\xDF\x7E\x30\x37\x3E\x50\x1B\xDB\x1C\xD3\x6B\x9A\x86\x53\x07\xB0\xEF\xAC\x06\x78\xF8\x84\x99\xFE\x21\x8D\x4C\x80\xB6\x0C\x82\xF6\x66\x70\x79\x1A\xD3\x4F\xA3\xCF\xF1\xCF\x46\xB0\x4B\x0F\x3E\xDD\x88\x62\xB8\x8C\xA9\x09\x28\x3B\x7A\xC7\x97\xE1\x1E\xE5\xF4\x9F\xC0\xC0\xAE\x24\xA0\xC8\xA1\xD9\x0F\xD6\x7B\x26\x82\x69\x32\x3D\xA7\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x00\xAD\xD9\xA3\xF6\x79\xF6\x6E\x74\xA9\x7F\x33\x3D\x81\x17\xD7\x4C\xCF\x33\xDE\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x00\xAD\xD9\xA3\xF6\x79\xF6\x6E\x74\xA9\x7F\x33\x3D\x81\x17\xD7\x4C\xCF\x33\xDE\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7C\x8A\xD1\x1F\x18\x37\x82\xE0\xB8\xB0\xA3\xED\x56\x95\xC8\x62\x61\x9C\x05\xA2\xCD\xC2\x62\x26\x61\xCD\x10\x16\xD7\xCC\xB4\x65\x34\xD0\x11\x8A\xAD\xA8\xA9\x05\x66\xEF\x74\xF3\x6D\x5F\x9D\x99\xAF\xF6\x8B\xFB\xEB\x52\xB2\x05\x98\xA2\x6F\x2A\xC5\x54\xBD\x25\xBD\x5F\xAE\xC8\x86\xEA\x46\x2C\xC1\xB3\xBD\xC1\xE9\x49\x70\x18\x16\x97\x08\x13\x8C\x20\xE0\x1B\x2E\x3A\x47\xCB\x1E\xE4\x00\x30\x95\x5B\xF4\x45\xA3\xC0\x1A\xB0\x01\x4E\xAB\xBD\xC0\x23\x6E\x63\x3F\x80\x4A\xC5\x07\xED\xDC\xE2\x6F\xC7\xC1\x62\xF1\xE3\x72\xD6\x04\xC8\x74\x67\x0B\xFA\x88\xAB\xA1\x01\xC8\x6F\xF0\x14\xAF\xD2\x99\xCD\x51\x93\x7E\xED\x2E\x38\xC7\xBD\xCE\x46\x50\x3D\x72\xE3\x79\x25\x9D\x9B\x88\x2B\x10\x20\xDD\xA5\xB8\x32\x9F\x8D\xE0\x29\xDF\x21\x74\x86\x82\xDB\x2F\x82\x30\xC6\xC7\x35\x86\xB3\xF9\x96\x5F\x46\xDB\x0C\x45\xFD\xF3\x50\xC3\x6F\xC6\xC3\x48\xAD\x46\xA6\xE1\x27\x47\x0A\x1D\x0E\x9B\xB6\xC2\x77\x7F\x63\xF2\xE0\x7D\x1A\xBE\xFC\xE0\xDF\xD7\xC7\xA7\x6C\xB0\xF9\xAE\xBA\x3C\xFD\x74\xB4\x11\xE8\x58\x0D\x80\xBC\xD3\xA8\x80\x3A\x99\xED\x75\xCC\x46\x7B",
+	["CN=America Online Root Certification Authority 2,O=America Online Inc.,C=US"] = "\x30\x82\x05\xA4\x30\x82\x03\x8C\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x32\x30\x1E\x17\x0D\x30\x32\x30\x35\x32\x38\x30\x36\x30\x30\x30\x30\x5A\x17\x0D\x33\x37\x30\x39\x32\x39\x31\x34\x30\x38\x30\x30\x5A\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xCC\x41\x45\x1D\xE9\x3D\x4D\x10\xF6\x8C\xB1\x41\xC9\xE0\x5E\xCB\x0D\xB7\xBF\x47\x73\xD3\xF0\x55\x4D\xDD\xC6\x0C\xFA\xB1\x66\x05\x6A\xCD\x78\xB4\xDC\x02\xDB\x4E\x81\xF3\xD7\xA7\x7C\x71\xBC\x75\x63\xA0\x5D\xE3\x07\x0C\x48\xEC\x25\xC4\x03\x20\xF4\xFF\x0E\x3B\x12\xFF\x9B\x8D\xE1\xC6\xD5\x1B\xB4\x6D\x22\xE3\xB1\xDB\x7F\x21\x64\xAF\x86\xBC\x57\x22\x2A\xD6\x47\x81\x57\x44\x82\x56\x53\xBD\x86\x14\x01\x0B\xFC\x7F\x74\xA4\x5A\xAE\xF1\xBA\x11\xB5\x9B\x58\x5A\x80\xB4\x37\x78\x09\x33\x7C\x32\x47\x03\x5C\xC4\xA5\x83\x48\xF4\x57\x56\x6E\x81\x36\x27\x18\x4F\xEC\x9B\x28\xC2\xD4\xB4\xD7\x7C\x0C\x3E\x0C\x2B\xDF\xCA\x04\xD7\xC6\x8E\xEA\x58\x4E\xA8\xA4\xA5\x18\x1C\x6C\x45\x98\xA3\x41\xD1\x2D\xD2\xC7\x6D\x8D\x19\xF1\xAD\x79\xB7\x81\x3F\xBD\x06\x82\x27\x2D\x10\x58\x05\xB5\x78\x05\xB9\x2F\xDB\x0C\x6B\x90\x90\x7E\x14\x59\x38\xBB\x94\x24\x13\xE5\xD1\x9D\x14\xDF\xD3\x82\x4D\x46\xF0\x80\x39\x52\x32\x0F\xE3\x84\xB2\x7A\x43\xF2\x5E\xDE\x5F\x3F\x1D\xDD\xE3\xB2\x1B\xA0\xA1\x2A\x23\x03\x6E\x2E\x01\x15\x87\x5C\xA6\x75\x75\xC7\x97\x61\xBE\xDE\x86\xDC\xD4\x48\xDB\xBD\x2A\xBF\x4A\x55\xDA\xE8\x7D\x50\xFB\xB4\x80\x17\xB8\x94\xBF\x01\x3D\xEA\xDA\xBA\x7C\xE0\x58\x67\x17\xB9\x58\xE0\x88\x86\x46\x67\x6C\x9D\x10\x47\x58\x32\xD0\x35\x7C\x79\x2A\x90\xA2\x5A\x10\x11\x23\x35\xAD\x2F\xCC\xE4\x4A\x5B\xA7\xC8\x27\xF2\x83\xDE\x5E\xBB\x5E\x77\xE7\xE8\xA5\x6E\x63\xC2\x0D\x5D\x61\xD0\x8C\xD2\x6C\x5A\x21\x0E\xCA\x28\xA3\xCE\x2A\xE9\x95\xC7\x48\xCF\x96\x6F\x1D\x92\x25\xC8\xC6\xC6\xC1\xC1\x0C\x05\xAC\x26\xC4\xD2\x75\xD2\xE1\x2A\x67\xC0\x3D\x5B\xA5\x9A\xEB\xCF\x7B\x1A\xA8\x9D\x14\x45\xE5\x0F\xA0\x9A\x65\xDE\x2F\x28\xBD\xCE\x6F\x94\x66\x83\x48\x29\xD8\xEA\x65\x8C\xAF\x93\xD9\x64\x9F\x55\x57\x26\xBF\x6F\xCB\x37\x31\x99\xA3\x60\xBB\x1C\xAD\x89\x34\x32\x62\xB8\x43\x21\x06\x72\x0C\xA1\x5C\x6D\x46\xC5\xFA\x29\xCF\x30\xDE\x89\xDC\x71\x5B\xDD\xB6\x37\x3E\xDF\x50\xF5\xB8\x07\x25\x26\xE5\xBC\xB5\xFE\x3C\x02\xB3\xB7\xF8\xBE\x43\xC1\x87\x11\x94\x9E\x23\x6C\x17\x8A\xB8\x8A\x27\x0C\x54\x47\xF0\xA9\xB3\xC0\x80\x8C\xA0\x27\xEB\x1D\x19\xE3\x07\x8E\x77\x70\xCA\x2B\xF4\x7D\x76\xE0\x78\x67\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4D\x45\xC1\x68\x38\xBB\x73\xA9\x69\xA1\x20\xE7\xED\xF5\x22\xA1\x23\x14\xD7\x9E\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x4D\x45\xC1\x68\x38\xBB\x73\xA9\x69\xA1\x20\xE7\xED\xF5\x22\xA1\x23\x14\xD7\x9E\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x67\x6B\x06\xB9\x5F\x45\x3B\x2A\x4B\x33\xB3\xE6\x1B\x6B\x59\x4E\x22\xCC\xB9\xB7\xA4\x25\xC9\xA7\xC4\xF0\x54\x96\x0B\x64\xF3\xB1\x58\x4F\x5E\x51\xFC\xB2\x97\x7B\x27\x65\xC2\xE5\xCA\xE7\x0D\x0C\x25\x7B\x62\xE3\xFA\x9F\xB4\x87\xB7\x45\x46\xAF\x83\xA5\x97\x48\x8C\xA5\xBD\xF1\x16\x2B\x9B\x76\x2C\x7A\x35\x60\x6C\x11\x80\x97\xCC\xA9\x92\x52\xE6\x2B\xE6\x69\xED\xA9\xF8\x36\x2D\x2C\x77\xBF\x61\x48\xD1\x63\x0B\xB9\x5B\x52\xED\x18\xB0\x43\x42\x22\xA6\xB1\x77\xAE\xDE\x69\xC5\xCD\xC7\x1C\xA1\xB1\xA5\x1C\x10\xFB\x18\xBE\x1A\x70\xDD\xC1\x92\x4B\xBE\x29\x5A\x9D\x3F\x35\xBE\xE5\x7D\x51\xF8\x55\xE0\x25\x75\x23\x87\x1E\x5C\xDC\xBA\x9D\xB0\xAC\xB3\x69\xDB\x17\x83\xC9\xF7\xDE\x0C\xBC\x08\xDC\x91\x9E\xA8\xD0\xD7\x15\x37\x73\xA5\x35\xB8\xFC\x7E\xC5\x44\x40\x06\xC3\xEB\xF8\x22\x80\x5C\x47\xCE\x02\xE3\x11\x9F\x44\xFF\xFD\x9A\x32\xCC\x7D\x64\x51\x0E\xEB\x57\x26\x76\x3A\xE3\x1E\x22\x3C\xC2\xA6\x36\xDD\x19\xEF\xA7\xFC\x12\xF3\x26\xC0\x59\x31\x85\x4C\x9C\xD8\xCF\xDF\xA4\xCC\xCC\x29\x93\xFF\x94\x6D\x76\x5C\x13\x08\x97\xF2\xED\xA5\x0B\x4D\xDD\xE8\xC9\x68\x0E\x66\xD3\x00\x0E\x33\x12\x5B\xBC\x95\xE5\x32\x90\xA8\xB3\xC6\x6C\x83\xAD\x77\xEE\x8B\x7E\x7E\xB1\xA9\xAB\xD3\xE1\xF1\xB6\xC0\xB1\xEA\x88\xC0\xE7\xD3\x90\xE9\x28\x92\x94\x7B\x68\x7B\x97\x2A\x0A\x67\x2D\x85\x02\x38\x10\xE4\x03\x61\xD4\xDA\x25\x36\xC7\x08\x58\x2D\xA1\xA7\x51\xAF\x30\x0A\x49\xF5\xA6\x69\x87\x07\x2D\x44\x46\x76\x8E\x2A\xE5\x9A\x3B\xD7\x18\xA2\xFC\x9C\x38\x10\xCC\xC6\x3B\xD2\xB5\x17\x3A\x6F\xFD\xAE\x25\xBD\xF5\x72\x59\x64\xB1\x74\x2A\x38\x5F\x18\x4C\xDF\xCF\x71\x04\x5A\x36\xD4\xBF\x2F\x99\x9C\xE8\xD9\xBA\xB1\x95\xE6\x02\x4B\x21\xA1\x5B\xD5\xC1\x4F\x8F\xAE\x69\x6D\x53\xDB\x01\x93\xB5\x5C\x1E\x18\xDD\x64\x5A\xCA\x18\x28\x3E\x63\x04\x11\xFD\x1C\x8D\x00\x0F\xB8\x37\xDF\x67\x8A\x9D\x66\xA9\x02\x6A\x91\xFF\x13\xCA\x2F\x5D\x83\xBC\x87\x93\x6C\xDC\x24\x51\x16\x04\x25\x66\xFA\xB3\xD9\xC2\xBA\x29\xBE\x9A\x48\x38\x82\x99\xF4\xBF\x3B\x4A\x31\x19\xF9\xBF\x8E\x21\x33\x14\xCA\x4F\x54\x5F\xFB\xCE\xFB\x8F\x71\x7F\xFD\x5E\x19\xA0\x0F\x4B\x91\xB8\xC4\x54\xBC\x06\xB0\x45\x8F\x26\x91\xA2\x8E\xFE\xA9",
+	["CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US"] = "\x30\x82\x03\xA2\x30\x82\x02\x8A\xA0\x03\x02\x01\x02\x02\x10\x13\x86\x35\x4D\x1D\x3F\x06\xF2\xC1\xF9\x65\x05\xD5\x90\x1C\x62\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x6B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x56\x49\x53\x41\x31\x2F\x30\x2D\x06\x03\x55\x04\x0B\x13\x26\x56\x69\x73\x61\x20\x49\x6E\x74\x65\x72\x6E\x61\x74\x69\x6F\x6E\x61\x6C\x20\x53\x65\x72\x76\x69\x63\x65\x20\x41\x73\x73\x6F\x63\x69\x61\x74\x69\x6F\x6E\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x56\x69\x73\x61\x20\x65\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x32\x30\x36\x32\x36\x30\x32\x31\x38\x33\x36\x5A\x17\x0D\x32\x32\x30\x36\x32\x34\x30\x30\x31\x36\x31\x32\x5A\x30\x6B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x56\x49\x53\x41\x31\x2F\x30\x2D\x06\x03\x55\x04\x0B\x13\x26\x56\x69\x73\x61\x20\x49\x6E\x74\x65\x72\x6E\x61\x74\x69\x6F\x6E\x61\x6C\x20\x53\x65\x72\x76\x69\x63\x65\x20\x41\x73\x73\x6F\x63\x69\x61\x74\x69\x6F\x6E\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x56\x69\x73\x61\x20\x65\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAF\x57\xDE\x56\x1E\x6E\xA1\xDA\x60\xB1\x94\x27\xCB\x17\xDB\x07\x3F\x80\x85\x4F\xC8\x9C\xB6\xD0\xF4\x6F\x4F\xCF\x99\xD8\xE1\xDB\xC2\x48\x5C\x3A\xAC\x39\x33\xC7\x1F\x6A\x8B\x26\x3D\x2B\x35\xF5\x48\xB1\x91\xC1\x02\x4E\x04\x96\x91\x7B\xB0\x33\xF0\xB1\x14\x4E\x11\x6F\xB5\x40\xAF\x1B\x45\xA5\x4A\xEF\x7E\xB6\xAC\xF2\xA0\x1F\x58\x3F\x12\x46\x60\x3C\x8D\xA1\xE0\x7D\xCF\x57\x3E\x33\x1E\xFB\x47\xF1\xAA\x15\x97\x07\x55\x66\xA5\xB5\x2D\x2E\xD8\x80\x59\xB2\xA7\x0D\xB7\x46\xEC\x21\x63\xFF\x35\xAB\xA5\x02\xCF\x2A\xF4\x4C\xFE\x7B\xF5\x94\x5D\x84\x4D\xA8\xF2\x60\x8F\xDB\x0E\x25\x3C\x9F\x73\x71\xCF\x94\xDF\x4A\xEA\xDB\xDF\x72\x38\x8C\xF3\x96\xBD\xF1\x17\xBC\xD2\xBA\x3B\x45\x5A\xC6\xA7\xF6\xC6\x17\x8B\x01\x9D\xFC\x19\xA8\x2A\x83\x16\xB8\x3A\x48\xFE\x4E\x3E\xA0\xAB\x06\x19\xE9\x53\xF3\x80\x13\x07\xED\x2D\xBF\x3F\x0A\x3C\x55\x20\x39\x2C\x2C\x00\x69\x74\x95\x4A\xBC\x20\xB2\xA9\x79\xE5\x18\x89\x91\xA8\xDC\x1C\x4D\xEF\xBB\x7E\x37\x0B\x5D\xFE\x39\xA5\x88\x52\x8C\x00\x6C\xEC\x18\x7C\x41\xBD\xF6\x8B\x75\x77\xBA\x60\x9D\x84\xE7\xFE\x2D\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x15\x38\x83\x0F\x3F\x2C\x3F\x70\x33\x1E\xCD\x46\xFE\x07\x8C\x20\xE0\xD7\xC3\xB7\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5F\xF1\x41\x7D\x7C\x5C\x08\xB9\x2B\xE0\xD5\x92\x47\xFA\x67\x5C\xA5\x13\xC3\x03\x21\x9B\x2B\x4C\x89\x46\xCF\x59\x4D\xC9\xFE\xA5\x40\xB6\x63\xCD\xDD\x71\x28\x95\x67\x11\xCC\x24\xAC\xD3\x44\x6C\x71\xAE\x01\x20\x6B\x03\xA2\x8F\x18\xB7\x29\x3A\x7D\xE5\x16\x60\x53\x78\x3C\xC0\xAF\x15\x83\xF7\x8F\x52\x33\x24\xBD\x64\x93\x97\xEE\x8B\xF7\xDB\x18\xA8\x6D\x71\xB3\xF7\x2C\x17\xD0\x74\x25\x69\xF7\xFE\x6B\x3C\x94\xBE\x4D\x4B\x41\x8C\x4E\xE2\x73\xD0\xE3\x90\x22\x73\x43\xCD\xF3\xEF\xEA\x73\xCE\x45\x8A\xB0\xA6\x49\xFF\x4C\x7D\x9D\x71\x88\xC4\x76\x1D\x90\x5B\x1D\xEE\xFD\xCC\xF7\xEE\xFD\x60\xA5\xB1\x7A\x16\x71\xD1\x16\xD0\x7C\x12\x3C\x6C\x69\x97\xDB\xAE\x5F\x39\x9A\x70\x2F\x05\x3C\x19\x46\x04\x99\x20\x36\xD0\x60\x6E\x61\x06\xBB\x16\x42\x8C\x70\xF7\x30\xFB\xE0\xDB\x66\xA3\x00\x01\xBD\xE6\x2C\xDA\x91\x5F\xA0\x46\x8B\x4D\x6A\x9C\x3D\x3D\xDD\x05\x46\xFE\x76\xBF\xA0\x0A\x3C\xE4\x00\xE6\x27\xB7\xFF\x84\x2D\xDE\xBA\x22\x27\x96\x10\x71\xEB\x22\xED\xDF\xDF\x33\x9C\xCF\xE3\xAD\xAE\x8E\xD4\x8E\xE6\x4F\x51\xAF\x16\x92\xE0\x5C\xF6\x07\x0F",
+	["CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL"] = "\x30\x82\x03\x0C\x30\x82\x01\xF4\xA0\x03\x02\x01\x02\x02\x03\x01\x00\x20\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x3E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4C\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x55\x6E\x69\x7A\x65\x74\x6F\x20\x53\x70\x2E\x20\x7A\x20\x6F\x2E\x6F\x2E\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13\x09\x43\x65\x72\x74\x75\x6D\x20\x43\x41\x30\x1E\x17\x0D\x30\x32\x30\x36\x31\x31\x31\x30\x34\x36\x33\x39\x5A\x17\x0D\x32\x37\x30\x36\x31\x31\x31\x30\x34\x36\x33\x39\x5A\x30\x3E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4C\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x55\x6E\x69\x7A\x65\x74\x6F\x20\x53\x70\x2E\x20\x7A\x20\x6F\x2E\x6F\x2E\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13\x09\x43\x65\x72\x74\x75\x6D\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCE\xB1\xC1\x2E\xD3\x4F\x7C\xCD\x25\xCE\x18\x3E\x4F\xC4\x8C\x6F\x80\x6A\x73\xC8\x5B\x51\xF8\x9B\xD2\xDC\xBB\x00\x5C\xB1\xA0\xFC\x75\x03\xEE\x81\xF0\x88\xEE\x23\x52\xE9\xE6\x15\x33\x8D\xAC\x2D\x09\xC5\x76\xF9\x2B\x39\x80\x89\xE4\x97\x4B\x90\xA5\xA8\x78\xF8\x73\x43\x7B\xA4\x61\xB0\xD8\x58\xCC\xE1\x6C\x66\x7E\x9C\xF3\x09\x5E\x55\x63\x84\xD5\xA8\xEF\xF3\xB1\x2E\x30\x68\xB3\xC4\x3C\xD8\xAC\x6E\x8D\x99\x5A\x90\x4E\x34\xDC\x36\x9A\x8F\x81\x88\x50\xB7\x6D\x96\x42\x09\xF3\xD7\x95\x83\x0D\x41\x4B\xB0\x6A\x6B\xF8\xFC\x0F\x7E\x62\x9F\x67\xC4\xED\x26\x5F\x10\x26\x0F\x08\x4F\xF0\xA4\x57\x28\xCE\x8F\xB8\xED\x45\xF6\x6E\xEE\x25\x5D\xAA\x6E\x39\xBE\xE4\x93\x2F\xD9\x47\xA0\x72\xEB\xFA\xA6\x5B\xAF\xCA\x53\x3F\xE2\x0E\xC6\x96\x56\x11\x6E\xF7\xE9\x66\xA9\x26\xD8\x7F\x95\x53\xED\x0A\x85\x88\xBA\x4F\x29\xA5\x42\x8C\x5E\xB6\xFC\x85\x20\x00\xAA\x68\x0B\xA1\x1A\x85\x01\x9C\xC4\x46\x63\x82\x88\xB6\x22\xB1\xEE\xFE\xAA\x46\x59\x7E\xCF\x35\x2C\xD5\xB6\xDA\x5D\xF7\x48\x33\x14\x54\xB6\xEB\xD9\x6F\xCE\xCD\x88\xD6\xAB\x1B\xDA\x96\x3B\x1D\x59\x02\x03\x01\x00\x01\xA3\x13\x30\x11\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xB8\x8D\xCE\xEF\xE7\x14\xBA\xCF\xEE\xB0\x44\x92\x6C\xB4\x39\x3E\xA2\x84\x6E\xAD\xB8\x21\x77\xD2\xD4\x77\x82\x87\xE6\x20\x41\x81\xEE\xE2\xF8\x11\xB7\x63\xD1\x17\x37\xBE\x19\x76\x24\x1C\x04\x1A\x4C\xEB\x3D\xAA\x67\x6F\x2D\xD4\xCD\xFE\x65\x31\x70\xC5\x1B\xA6\x02\x0A\xBA\x60\x7B\x6D\x58\xC2\x9A\x49\xFE\x63\x32\x0B\x6B\xE3\x3A\xC0\xAC\xAB\x3B\xB0\xE8\xD3\x09\x51\x8C\x10\x83\xC6\x34\xE0\xC5\x2B\xE0\x1A\xB6\x60\x14\x27\x6C\x32\x77\x8C\xBC\xB2\x72\x98\xCF\xCD\xCC\x3F\xB9\xC8\x24\x42\x14\xD6\x57\xFC\xE6\x26\x43\xA9\x1D\xE5\x80\x90\xCE\x03\x54\x28\x3E\xF7\x3F\xD3\xF8\x4D\xED\x6A\x0A\x3A\x93\x13\x9B\x3B\x14\x23\x13\x63\x9C\x3F\xD1\x87\x27\x79\xE5\x4C\x51\xE3\x01\xAD\x85\x5D\x1A\x3B\xB1\xD5\x73\x10\xA4\xD3\xF2\xBC\x6E\x64\xF5\x5A\x56\x90\xA8\xC7\x0E\x4C\x74\x0F\x2E\x71\x3B\xF7\xC8\x47\xF4\x69\x6F\x15\xF2\x11\x5E\x83\x1E\x9C\x7C\x52\xAE\xFD\x02\xDA\x12\xA8\x59\x67\x18\xDB\xBC\x70\xDD\x9B\xB1\x69\xED\x80\xCE\x89\x40\x48\x6A\x0E\x35\xCA\x29\x66\x15\x21\x94\x2C\xE8\x60\x2A\x9B\x85\x4A\x40\xF3\x6B\x8A\x24\xEC\x06\x16\x2C\x73",
+	["CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB"] = "\x30\x82\x04\x32\x30\x82\x03\x1A\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x0C\x18\x41\x41\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x1E\x17\x0D\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x7B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x0C\x18\x41\x41\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBE\x40\x9D\xF4\x6E\xE1\xEA\x76\x87\x1C\x4D\x45\x44\x8E\xBE\x46\xC8\x83\x06\x9D\xC1\x2A\xFE\x18\x1F\x8E\xE4\x02\xFA\xF3\xAB\x5D\x50\x8A\x16\x31\x0B\x9A\x06\xD0\xC5\x70\x22\xCD\x49\x2D\x54\x63\xCC\xB6\x6E\x68\x46\x0B\x53\xEA\xCB\x4C\x24\xC0\xBC\x72\x4E\xEA\xF1\x15\xAE\xF4\x54\x9A\x12\x0A\xC3\x7A\xB2\x33\x60\xE2\xDA\x89\x55\xF3\x22\x58\xF3\xDE\xDC\xCF\xEF\x83\x86\xA2\x8C\x94\x4F\x9F\x68\xF2\x98\x90\x46\x84\x27\xC7\x76\xBF\xE3\xCC\x35\x2C\x8B\x5E\x07\x64\x65\x82\xC0\x48\xB0\xA8\x91\xF9\x61\x9F\x76\x20\x50\xA8\x91\xC7\x66\xB5\xEB\x78\x62\x03\x56\xF0\x8A\x1A\x13\xEA\x31\xA3\x1E\xA0\x99\xFD\x38\xF6\xF6\x27\x32\x58\x6F\x07\xF5\x6B\xB8\xFB\x14\x2B\xAF\xB7\xAA\xCC\xD6\x63\x5F\x73\x8C\xDA\x05\x99\xA8\x38\xA8\xCB\x17\x78\x36\x51\xAC\xE9\x9E\xF4\x78\x3A\x8D\xCF\x0F\xD9\x42\xE2\x98\x0C\xAB\x2F\x9F\x0E\x01\xDE\xEF\x9F\x99\x49\xF1\x2D\xDF\xAC\x74\x4D\x1B\x98\xB5\x47\xC5\xE5\x29\xD1\xF9\x90\x18\xC7\x62\x9C\xBE\x83\xC7\x26\x7B\x3E\x8A\x25\xC7\xC0\xDD\x9D\xE6\x35\x68\x10\x20\x9D\x8F\xD8\xDE\xD2\xC3\x84\x9C\x0D\x5E\xE8\x2F\xC9\x02\x03\x01\x00\x01\xA3\x81\xC0\x30\x81\xBD\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA0\x11\x0A\x23\x3E\x96\xF1\x07\xEC\xE2\xAF\x29\xEF\x82\xA5\x7F\xD0\x30\xA4\xB4\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x7B\x06\x03\x55\x1D\x1F\x04\x74\x30\x72\x30\x38\xA0\x36\xA0\x34\x86\x32\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x63\x61\x2E\x63\x6F\x6D\x2F\x41\x41\x41\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x36\xA0\x34\xA0\x32\x86\x30\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x2E\x6E\x65\x74\x2F\x41\x41\x41\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x08\x56\xFC\x02\xF0\x9B\xE8\xFF\xA4\xFA\xD6\x7B\xC6\x44\x80\xCE\x4F\xC4\xC5\xF6\x00\x58\xCC\xA6\xB6\xBC\x14\x49\x68\x04\x76\xE8\xE6\xEE\x5D\xEC\x02\x0F\x60\xD6\x8D\x50\x18\x4F\x26\x4E\x01\xE3\xE6\xB0\xA5\xEE\xBF\xBC\x74\x54\x41\xBF\xFD\xFC\x12\xB8\xC7\x4F\x5A\xF4\x89\x60\x05\x7F\x60\xB7\x05\x4A\xF3\xF6\xF1\xC2\xBF\xC4\xB9\x74\x86\xB6\x2D\x7D\x6B\xCC\xD2\xF3\x46\xDD\x2F\xC6\xE0\x6A\xC3\xC3\x34\x03\x2C\x7D\x96\xDD\x5A\xC2\x0E\xA7\x0A\x99\xC1\x05\x8B\xAB\x0C\x2F\xF3\x5C\x3A\xCF\x6C\x37\x55\x09\x87\xDE\x53\x40\x6C\x58\xEF\xFC\xB6\xAB\x65\x6E\x04\xF6\x1B\xDC\x3C\xE0\x5A\x15\xC6\x9E\xD9\xF1\x59\x48\x30\x21\x65\x03\x6C\xEC\xE9\x21\x73\xEC\x9B\x03\xA1\xE0\x37\xAD\xA0\x15\x18\x8F\xFA\xBA\x02\xCE\xA7\x2C\xA9\x10\x13\x2C\xD4\xE5\x08\x26\xAB\x22\x97\x60\xF8\x90\x5E\x74\xD4\xA2\x9A\x53\xBD\xF2\xA9\x68\xE0\xA2\x6E\xC2\xD7\x6C\xB1\xA3\x0F\x9E\xBF\xEB\x68\xE7\x56\xF2\xAE\xF2\xE3\x2B\x38\x3A\x09\x81\xB5\x6B\x85\xD7\xBE\x2D\xED\x3F\x1A\xB7\xB2\x63\xE2\xF5\x62\x2C\x82\xD4\x6A\x00\x41\x50\xF1\x39\x83\x9F\x95\xE9\x36\x96\x98\x6E",
+	["CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB"] = "\x30\x82\x04\x3F\x30\x82\x03\x27\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x24\x30\x22\x06\x03\x55\x04\x03\x0C\x1B\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x1E\x17\x0D\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x7E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x24\x30\x22\x06\x03\x55\x04\x03\x0C\x1B\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC0\x71\x33\x82\x8A\xD0\x70\xEB\x73\x87\x82\x40\xD5\x1D\xE4\xCB\xC9\x0E\x42\x90\xF9\xDE\x34\xB9\xA1\xBA\x11\xF4\x25\x85\xF3\xCC\x72\x6D\xF2\x7B\x97\x6B\xB3\x07\xF1\x77\x24\x91\x5F\x25\x8F\xF6\x74\x3D\xE4\x80\xC2\xF8\x3C\x0D\xF3\xBF\x40\xEA\xF7\xC8\x52\xD1\x72\x6F\xEF\xC8\xAB\x41\xB8\x6E\x2E\x17\x2A\x95\x69\x0C\xCD\xD2\x1E\x94\x7B\x2D\x94\x1D\xAA\x75\xD7\xB3\x98\xCB\xAC\xBC\x64\x53\x40\xBC\x8F\xAC\xAC\x36\xCB\x5C\xAD\xBB\xDD\xE0\x94\x17\xEC\xD1\x5C\xD0\xBF\xEF\xA5\x95\xC9\x90\xC5\xB0\xAC\xFB\x1B\x43\xDF\x7A\x08\x5D\xB7\xB8\xF2\x40\x1B\x2B\x27\x9E\x50\xCE\x5E\x65\x82\x88\x8C\x5E\xD3\x4E\x0C\x7A\xEA\x08\x91\xB6\x36\xAA\x2B\x42\xFB\xEA\xC2\xA3\x39\xE5\xDB\x26\x38\xAD\x8B\x0A\xEE\x19\x63\xC7\x1C\x24\xDF\x03\x78\xDA\xE6\xEA\xC1\x47\x1A\x0B\x0B\x46\x09\xDD\x02\xFC\xDE\xCB\x87\x5F\xD7\x30\x63\x68\xA1\xAE\xDC\x32\xA1\xBA\xBE\xFE\x44\xAB\x68\xB6\xA5\x17\x15\xFD\xBD\xD5\xA7\xA7\x9A\xE4\x44\x33\xE9\x88\x8E\xFC\xED\x51\xEB\x93\x71\x4E\xAD\x01\xE7\x44\x8E\xAB\x2D\xCB\xA8\xFE\x01\x49\x48\xF0\xC0\xDD\xC7\x68\xD8\x92\xFE\x3D\x02\x03\x01\x00\x01\xA3\x81\xC7\x30\x81\xC4\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x3C\xD8\x93\x88\xC2\xC0\x82\x09\xCC\x01\x99\x06\x93\x20\xE9\x9E\x70\x09\x63\x4F\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x81\x06\x03\x55\x1D\x1F\x04\x7A\x30\x78\x30\x3B\xA0\x39\xA0\x37\x86\x35\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x63\x61\x2E\x63\x6F\x6D\x2F\x53\x65\x63\x75\x72\x65\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x39\xA0\x37\xA0\x35\x86\x33\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x2E\x6E\x65\x74\x2F\x53\x65\x63\x75\x72\x65\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x87\x01\x6D\x23\x1D\x7E\x5B\x17\x7D\xC1\x61\x32\xCF\x8F\xE7\xF3\x8A\x94\x59\x66\xE0\x9E\x28\xA8\x5E\xD3\xB7\xF4\x34\xE6\xAA\x39\xB2\x97\x16\xC5\x82\x6F\x32\xA4\xE9\x8C\xE7\xAF\xFD\xEF\xC2\xE8\xB9\x4B\xAA\xA3\xF4\xE6\xDA\x8D\x65\x21\xFB\xBA\x80\xEB\x26\x28\x85\x1A\xFE\x39\x8C\xDE\x5B\x04\x04\xB4\x54\xF9\xA3\x67\x9E\x41\xFA\x09\x52\xCC\x05\x48\xA8\xC9\x3F\x21\x04\x1E\xCE\x48\x6B\xFC\x85\xE8\xC2\x7B\xAF\x7F\xB7\xCC\xF8\x5F\x3A\xFD\x35\xC6\x0D\xEF\x97\xDC\x4C\xAB\x11\xE1\x6B\xCB\x31\xD1\x6C\xFB\x48\x80\xAB\xDC\x9C\x37\xB8\x21\x14\x4B\x0D\x71\x3D\xEC\x83\x33\x6E\xD1\x6E\x32\x16\xEC\x98\xC7\x16\x8B\x59\xA6\x34\xAB\x05\x57\x2D\x93\xF7\xAA\x13\xCB\xD2\x13\xE2\xB7\x2E\x3B\xCD\x6B\x50\x17\x09\x68\x3E\xB5\x26\x57\xEE\xB6\xE0\xB6\xDD\xB9\x29\x80\x79\x7D\x8F\xA3\xF0\xA4\x28\xA4\x15\xC4\x85\xF4\x27\xD4\x6B\xBF\xE5\x5C\xE4\x65\x02\x76\x54\xB4\xE3\x37\x66\x24\xD3\x19\x61\xC8\x52\x10\xE5\x8B\x37\x9A\xB9\xA9\xF9\x1D\xBF\xEA\x99\x92\x61\x96\xFF\x01\xCD\xA1\x5F\x0D\xBC\x71\xBC\x0E\xAC\x0B\x1D\x47\x45\x1D\xC1\xEC\x7C\xEC\xFD\x29",
+	["CN=Trusted Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB"] = "\x30\x82\x04\x43\x30\x82\x03\x2B\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0C\x1C\x54\x72\x75\x73\x74\x65\x64\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x1E\x17\x0D\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x7F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0C\x1C\x54\x72\x75\x73\x74\x65\x64\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDF\x71\x6F\x36\x58\x53\x5A\xF2\x36\x54\x57\x80\xC4\x74\x08\x20\xED\x18\x7F\x2A\x1D\xE6\x35\x9A\x1E\x25\xAC\x9C\xE5\x96\x7E\x72\x52\xA0\x15\x42\xDB\x59\xDD\x64\x7A\x1A\xD0\xB8\x7B\xDD\x39\x15\xBC\x55\x48\xC4\xED\x3A\x00\xEA\x31\x11\xBA\xF2\x71\x74\x1A\x67\xB8\xCF\x33\xCC\xA8\x31\xAF\xA3\xE3\xD7\x7F\xBF\x33\x2D\x4C\x6A\x3C\xEC\x8B\xC3\x92\xD2\x53\x77\x24\x74\x9C\x07\x6E\x70\xFC\xBD\x0B\x5B\x76\xBA\x5F\xF2\xFF\xD7\x37\x4B\x4A\x60\x78\xF7\xF0\xFA\xCA\x70\xB4\xEA\x59\xAA\xA3\xCE\x48\x2F\xA9\xC3\xB2\x0B\x7E\x17\x72\x16\x0C\xA6\x07\x0C\x1B\x38\xCF\xC9\x62\xB7\x3F\xA0\x93\xA5\x87\x41\xF2\xB7\x70\x40\x77\xD8\xBE\x14\x7C\xE3\xA8\xC0\x7A\x8E\xE9\x63\x6A\xD1\x0F\x9A\xC6\xD2\xF4\x8B\x3A\x14\x04\x56\xD4\xED\xB8\xCC\x6E\xF5\xFB\xE2\x2C\x58\xBD\x7F\x4F\x6B\x2B\xF7\x60\x24\x58\x24\xCE\x26\xEF\x34\x91\x3A\xD5\xE3\x81\xD0\xB2\xF0\x04\x02\xD7\x5B\xB7\x3E\x92\xAC\x6B\x12\x8A\xF9\xE4\x05\xB0\x3B\x91\x49\x5C\xB2\xEB\x53\xEA\xF8\x9F\x47\x86\xEE\xBF\x95\xC0\xC0\x06\x9F\xD2\x5B\x5E\x11\x1B\xF4\xC7\x04\x35\x29\xD2\x55\x5C\xE4\xED\xEB\x02\x03\x01\x00\x01\xA3\x81\xC9\x30\x81\xC6\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xC5\x7B\x58\xBD\xED\xDA\x25\x69\xD2\xF7\x59\x16\xA8\xB3\x32\xC0\x7B\x27\x5B\xF4\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x83\x06\x03\x55\x1D\x1F\x04\x7C\x30\x7A\x30\x3C\xA0\x3A\xA0\x38\x86\x36\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x63\x61\x2E\x63\x6F\x6D\x2F\x54\x72\x75\x73\x74\x65\x64\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x3A\xA0\x38\xA0\x36\x86\x34\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x2E\x6E\x65\x74\x2F\x54\x72\x75\x73\x74\x65\x64\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xC8\x93\x81\x3B\x89\xB4\xAF\xB8\x84\x12\x4C\x8D\xD2\xF0\xDB\x70\xBA\x57\x86\x15\x34\x10\xB9\x2F\x7F\x1E\xB0\xA8\x89\x60\xA1\x8A\xC2\x77\x0C\x50\x4A\x9B\x00\x8B\xD8\x8B\xF4\x41\xE2\xD0\x83\x8A\x4A\x1C\x14\x06\xB0\xA3\x68\x05\x70\x31\x30\xA7\x53\x9B\x0E\xE9\x4A\xA0\x58\x69\x67\x0E\xAE\x9D\xF6\xA5\x2C\x41\xBF\x3C\x06\x6B\xE4\x59\xCC\x6D\x10\xF1\x96\x6F\x1F\xDF\xF4\x04\x02\xA4\x9F\x45\x3E\xC8\xD8\xFA\x36\x46\x44\x50\x3F\x82\x97\x91\x1F\x28\xDB\x18\x11\x8C\x2A\xE4\x65\x83\x57\x12\x12\x8C\x17\x3F\x94\x36\xFE\x5D\xB0\xC0\x04\x77\x13\xB8\xF4\x15\xD5\x3F\x38\xCC\x94\x3A\x55\xD0\xAC\x98\xF5\xBA\x00\x5F\xE0\x86\x19\x81\x78\x2F\x28\xC0\x7E\xD3\xCC\x42\x0A\xF5\xAE\x50\xA0\xD1\x3E\xC6\xA1\x71\xEC\x3F\xA0\x20\x8C\x66\x3A\x89\xB4\x8E\xD4\xD8\xB1\x4D\x25\x47\xEE\x2F\x88\xC8\xB5\xE1\x05\x45\xC0\xBE\x14\x71\xDE\x7A\xFD\x8E\x7B\x7D\x4D\x08\x96\xA5\x12\x73\xF0\x2D\xCA\x37\x27\x74\x12\x27\x4C\xCB\xB6\x97\xE9\xD9\xAE\x08\x6D\x5A\x39\x40\xDD\x05\x47\x75\x6A\x5A\x21\xB3\xA3\x18\xCF\x4E\xF7\x2E\x57\xB7\x98\x70\x5E\xC8\xC4\x78\xB0\x62",
+	["CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM"] = "\x30\x82\x05\xD0\x30\x82\x04\xB8\xA0\x03\x02\x01\x02\x02\x04\x3A\xB6\x50\x8B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x2E\x30\x2C\x06\x03\x55\x04\x03\x13\x25\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x31\x30\x33\x31\x39\x31\x38\x33\x33\x33\x33\x5A\x17\x0D\x32\x31\x30\x33\x31\x37\x31\x38\x33\x33\x33\x33\x5A\x30\x7F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x2E\x30\x2C\x06\x03\x55\x04\x03\x13\x25\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBF\x61\xB5\x95\x53\xBA\x57\xFC\xFA\xF2\x67\x0B\x3A\x1A\xDF\x11\x80\x64\x95\xB4\xD1\xBC\xCD\x7A\xCF\xF6\x29\x96\x2E\x24\x54\x40\x24\x38\xF7\x1A\x85\xDC\x58\x4C\xCB\xA4\x27\x42\x97\xD0\x9F\x83\x8A\xC3\xE4\x06\x03\x5B\x00\xA5\x51\x1E\x70\x04\x74\xE2\xC1\xD4\x3A\xAB\xD7\xAD\x3B\x07\x18\x05\x8E\xFD\x83\xAC\xEA\x66\xD9\x18\x1B\x68\x8A\xF5\x57\x1A\x98\xBA\xF5\xED\x76\x3D\x7C\xD9\xDE\x94\x6A\x3B\x4B\x17\xC1\xD5\x8F\xBD\x65\x38\x3A\x95\xD0\x3D\x55\x36\x4E\xDF\x79\x57\x31\x2A\x1E\xD8\x59\x65\x49\x58\x20\x98\x7E\xAB\x5F\x7E\x9F\xE9\xD6\x4D\xEC\x83\x74\xA9\xC7\x6C\xD8\xEE\x29\x4A\x85\x2A\x06\x14\xF9\x54\xE6\xD3\xDA\x65\x07\x8B\x63\x37\x12\xD7\xD0\xEC\xC3\x7B\x20\x41\x44\xA3\xED\xCB\xA0\x17\xE1\x71\x65\xCE\x1D\x66\x31\xF7\x76\x01\x19\xC8\x7D\x03\x58\xB6\x95\x49\x1D\xA6\x12\x26\xE8\xC6\x0C\x76\xE0\xE3\x66\xCB\xEA\x5D\xA6\x26\xEE\xE5\xCC\x5F\xBD\x67\xA7\x01\x27\x0E\xA2\xCA\x54\xC5\xB1\x7A\x95\x1D\x71\x1E\x4A\x29\x8A\x03\xDC\x6A\x45\xC1\xA4\x19\x5E\x6F\x36\xCD\xC3\xA2\xB0\xB7\xFE\x5C\x38\xE2\x52\xBC\xF8\x44\x43\xE6\x90\xBB\x02\x03\x01\x00\x01\xA3\x82\x02\x52\x30\x82\x02\x4E\x30\x3D\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x01\x04\x31\x30\x2F\x30\x2D\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x01\x86\x21\x68\x74\x74\x70\x73\x3A\x2F\x2F\x6F\x63\x73\x70\x2E\x71\x75\x6F\x76\x61\x64\x69\x73\x6F\x66\x66\x73\x68\x6F\x72\x65\x2E\x63\x6F\x6D\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x82\x01\x1A\x06\x03\x55\x1D\x20\x04\x82\x01\x11\x30\x82\x01\x0D\x30\x82\x01\x09\x06\x09\x2B\x06\x01\x04\x01\xBE\x58\x00\x01\x30\x81\xFB\x30\x81\xD4\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x81\xC7\x1A\x81\xC4\x52\x65\x6C\x69\x61\x6E\x63\x65\x20\x6F\x6E\x20\x74\x68\x65\x20\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x62\x79\x20\x61\x6E\x79\x20\x70\x61\x72\x74\x79\x20\x61\x73\x73\x75\x6D\x65\x73\x20\x61\x63\x63\x65\x70\x74\x61\x6E\x63\x65\x20\x6F\x66\x20\x74\x68\x65\x20\x74\x68\x65\x6E\x20\x61\x70\x70\x6C\x69\x63\x61\x62\x6C\x65\x20\x73\x74\x61\x6E\x64\x61\x72\x64\x20\x74\x65\x72\x6D\x73\x20\x61\x6E\x64\x20\x63\x6F\x6E\x64\x69\x74\x69\x6F\x6E\x73\x20\x6F\x66\x20\x75\x73\x65\x2C\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x70\x72\x61\x63\x74\x69\x63\x65\x73\x2C\x20\x61\x6E\x64\x20\x74\x68\x65\x20\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x50\x6F\x6C\x69\x63\x79\x2E\x30\x22\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x16\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x71\x75\x6F\x76\x61\x64\x69\x73\x2E\x62\x6D\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x8B\x4B\x6D\xED\xD3\x29\xB9\x06\x19\xEC\x39\x39\xA9\xF0\x97\x84\x6A\xCB\xEF\xDF\x30\x81\xAE\x06\x03\x55\x1D\x23\x04\x81\xA6\x30\x81\xA3\x80\x14\x8B\x4B\x6D\xED\xD3\x29\xB9\x06\x19\xEC\x39\x39\xA9\xF0\x97\x84\x6A\xCB\xEF\xDF\xA1\x81\x84\xA4\x81\x81\x30\x7F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x2E\x30\x2C\x06\x03\x55\x04\x03\x13\x25\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x82\x04\x3A\xB6\x50\x8B\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8A\xD4\x14\xB5\xFE\xF4\x9A\x92\xA7\x19\xD4\xA4\x7E\x72\x18\x8F\xD9\x68\x7C\x52\x24\xDD\x67\x6F\x39\x7A\xC4\xAA\x5E\x3D\xE2\x58\xB0\x4D\x70\x98\x84\x61\xE8\x1B\xE3\x69\x18\x0E\xCE\xFB\x47\x50\xA0\x4E\xFF\xF0\x24\x1F\xBD\xB2\xCE\xF5\x27\xFC\xEC\x2F\x53\xAA\x73\x7B\x03\x3D\x74\x6E\xE6\x16\x9E\xEB\xA5\x2E\xC4\xBF\x56\x27\x50\x2B\x62\xBA\xBE\x4B\x1C\x3C\x55\x5C\x41\x1D\x24\xBE\x82\x20\x47\x5D\xD5\x44\x7E\x7A\x16\x68\xDF\x7D\x4D\x51\x70\x78\x57\x1D\x33\x1E\xFD\x02\x99\x9C\x0C\xCD\x0A\x05\x4F\xC7\xBB\x8E\xA4\x75\xFA\x4A\x6D\xB1\x80\x8E\x09\x56\xB9\x9C\x1A\x60\xFE\x5D\xC1\xD7\x7A\xDC\x11\x78\xD0\xD6\x5D\xC1\xB7\xD5\xAD\x32\x99\x03\x3A\x8A\xCC\x54\x25\x39\x31\x81\x7B\x13\x22\x51\xBA\x46\x6C\xA1\xBB\x9E\xFA\x04\x6C\x49\x26\x74\x8F\xD2\x73\xEB\xCC\x30\xA2\xE6\xEA\x59\x22\x87\xF8\x97\xF5\x0E\xFD\xEA\xCC\x92\xA4\x16\xC4\x52\x18\xEA\x21\xCE\xB1\xF1\xE6\x84\x81\xE5\xBA\xA9\x86\x28\xF2\x43\x5A\x5D\x12\x9D\xAC\x1E\xD9\xA8\xE5\x0A\x6A\xA7\x7F\xA0\x87\x29\xCF\xF2\x89\x4D\xD4\xEC\xC5\xE2\xE6\x7A\xD0\x36\x23\x8A\x4A\x74\x36\xF9",
+	["CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM"] = "\x30\x82\x05\xB7\x30\x82\x03\x9F\xA0\x03\x02\x01\x02\x02\x02\x05\x09\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x1E\x17\x0D\x30\x36\x31\x31\x32\x34\x31\x38\x32\x37\x30\x30\x5A\x17\x0D\x33\x31\x31\x31\x32\x34\x31\x38\x32\x33\x33\x33\x5A\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\x9A\x18\xCA\x4B\x94\x0D\x00\x2D\xAF\x03\x29\x8A\xF0\x0F\x81\xC8\xAE\x4C\x19\x85\x1D\x08\x9F\xAB\x29\x44\x85\xF3\x2F\x81\xAD\x32\x1E\x90\x46\xBF\xA3\x86\x26\x1A\x1E\xFE\x7E\x1C\x18\x3A\x5C\x9C\x60\x17\x2A\x3A\x74\x83\x33\x30\x7D\x61\x54\x11\xCB\xED\xAB\xE0\xE6\xD2\xA2\x7E\xF5\x6B\x6F\x18\xB7\x0A\x0B\x2D\xFD\xE9\x3E\xEF\x0A\xC6\xB3\x10\xE9\xDC\xC2\x46\x17\xF8\x5D\xFD\xA4\xDA\xFF\x9E\x49\x5A\x9C\xE6\x33\xE6\x24\x96\xF7\x3F\xBA\x5B\x2B\x1C\x7A\x35\xC2\xD6\x67\xFE\xAB\x66\x50\x8B\x6D\x28\x60\x2B\xEF\xD7\x60\xC3\xC7\x93\xBC\x8D\x36\x91\xF3\x7F\xF8\xDB\x11\x13\xC4\x9C\x77\x76\xC1\xAE\xB7\x02\x6A\x81\x7A\xA9\x45\x83\xE2\x05\xE6\xB9\x56\xC1\x94\x37\x8F\x48\x71\x63\x22\xEC\x17\x65\x07\x95\x8A\x4B\xDF\x8F\xC6\x5A\x0A\xE5\xB0\xE3\x5F\x5E\x6B\x11\xAB\x0C\xF9\x85\xEB\x44\xE9\xF8\x04\x73\xF2\xE9\xFE\x5C\x98\x8C\xF5\x73\xAF\x6B\xB4\x7E\xCD\xD4\x5C\x02\x2B\x4C\x39\xE1\xB2\x95\x95\x2D\x42\x87\xD7\xD5\xB3\x90\x43\xB7\x6C\x13\xF1\xDE\xDD\xF6\xC4\xF8\x89\x3F\xD1\x75\xF5\x92\xC3\x91\xD5\x8A\x88\xD0\x90\xEC\xDC\x6D\xDE\x89\xC2\x65\x71\x96\x8B\x0D\x03\xFD\x9C\xBF\x5B\x16\xAC\x92\xDB\xEA\xFE\x79\x7C\xAD\xEB\xAF\xF7\x16\xCB\xDB\xCD\x25\x2B\xE5\x1F\xFB\x9A\x9F\xE2\x51\xCC\x3A\x53\x0C\x48\xE6\x0E\xBD\xC9\xB4\x76\x06\x52\xE6\x11\x13\x85\x72\x63\x03\x04\xE0\x04\x36\x2B\x20\x19\x02\xE8\x74\xA7\x1F\xB6\xC9\x56\x66\xF0\x75\x25\xDC\x67\xC1\x0E\x61\x60\x88\xB3\x3E\xD1\xA8\xFC\xA3\xDA\x1D\xB0\xD1\xB1\x23\x54\xDF\x44\x76\x6D\xED\x41\xD8\xC1\xB2\x22\xB6\x53\x1C\xDF\x35\x1D\xDC\xA1\x77\x2A\x31\xE4\x2D\xF5\xE5\xE5\xDB\xC8\xE0\xFF\xE5\x80\xD7\x0B\x63\xA0\xFF\x33\xA1\x0F\xBA\x2C\x15\x15\xEA\x97\xB3\xD2\xA2\xB5\xBE\xF2\x8C\x96\x1E\x1A\x8F\x1D\x6C\xA4\x61\x37\xB9\x86\x73\x33\xD7\x97\x96\x9E\x23\x7D\x82\xA4\x4C\x81\xE2\xA1\xD1\xBA\x67\x5F\x95\x07\xA3\x27\x11\xEE\x16\x10\x7B\xBC\x45\x4A\x4C\xB2\x04\xD2\xAB\xEF\xD5\xFD\x0C\x51\xCE\x50\x6A\x08\x31\xF9\x91\xDA\x0C\x8F\x64\x5C\x03\xC3\x3A\x8B\x20\x3F\x6E\x8D\x67\x3D\x3A\xD6\xFE\x7D\x5B\x88\xC9\x5E\xFB\xCC\x61\xDC\x8B\x33\x77\xD3\x44\x32\x35\x09\x62\x04\x92\x16\x10\xD8\x9E\x27\x47\xFB\x3B\x21\xE3\xF8\xEB\x1D\x5B\x02\x03\x01\x00\x01\xA3\x81\xB0\x30\x81\xAD\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x1A\x84\x62\xBC\x48\x4C\x33\x25\x04\xD4\xEE\xD0\xF6\x03\xC4\x19\x46\xD1\x94\x6B\x30\x6E\x06\x03\x55\x1D\x23\x04\x67\x30\x65\x80\x14\x1A\x84\x62\xBC\x48\x4C\x33\x25\x04\xD4\xEE\xD0\xF6\x03\xC4\x19\x46\xD1\x94\x6B\xA1\x49\xA4\x47\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x82\x02\x05\x09\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x3E\x0A\x16\x4D\x9F\x06\x5B\xA8\xAE\x71\x5D\x2F\x05\x2F\x67\xE6\x13\x45\x83\xC4\x36\xF6\xF3\xC0\x26\x0C\x0D\xB5\x47\x64\x5D\xF8\xB4\x72\xC9\x46\xA5\x03\x18\x27\x55\x89\x78\x7D\x76\xEA\x96\x34\x80\x17\x20\xDC\xE7\x83\xF8\x8D\xFC\x07\xB8\xDA\x5F\x4D\x2E\x67\xB2\x84\xFD\xD9\x44\xFC\x77\x50\x81\xE6\x7C\xB4\xC9\x0D\x0B\x72\x53\xF8\x76\x07\x07\x41\x47\x96\x0C\xFB\xE0\x82\x26\x93\x55\x8C\xFE\x22\x1F\x60\x65\x7C\x5F\xE7\x26\xB3\xF7\x32\x90\x98\x50\xD4\x37\x71\x55\xF6\x92\x21\x78\xF7\x95\x79\xFA\xF8\x2D\x26\x87\x66\x56\x30\x77\xA6\x37\x78\x33\x52\x10\x58\xAE\x3F\x61\x8E\xF2\x6A\xB1\xEF\x18\x7E\x4A\x59\x63\xCA\x8D\xA2\x56\xD5\xA7\x2F\xBC\x56\x1F\xCF\x39\xC1\xE2\xFB\x0A\xA8\x15\x2C\x7D\x4D\x7A\x63\xC6\x6C\x97\x44\x3C\xD2\x6F\xC3\x4A\x17\x0A\xF8\x90\xD2\x57\xA2\x19\x51\xA5\x2D\x97\x41\xDA\x07\x4F\xA9\x50\xDA\x90\x8D\x94\x46\xE1\x3E\xF0\x94\xFD\x10\x00\x38\xF5\x3B\xE8\x40\xE1\xB4\x6E\x56\x1A\x20\xCC\x6F\x58\x8D\xED\x2E\x45\x8F\xD6\xE9\x93\x3F\xE7\xB1\x2C\xDF\x3A\xD6\x22\x8C\xDC\x84\xBB\x22\x6F\xD0\xF8\xE4\xC6\x39\xE9\x04\x88\x3C\xC3\xBA\xEB\x55\x7A\x6D\x80\x99\x24\xF5\x6C\x01\xFB\xF8\x97\xB0\x94\x5B\xEB\xFD\xD2\x6F\xF1\x77\x68\x0D\x35\x64\x23\xAC\xB8\x55\xA1\x03\xD1\x4D\x42\x19\xDC\xF8\x75\x59\x56\xA3\xF9\xA8\x49\x79\xF8\xAF\x0E\xB9\x11\xA0\x7C\xB7\x6A\xED\x34\xD0\xB6\x26\x62\x38\x1A\x87\x0C\xF8\xE8\xFD\x2E\xD3\x90\x7F\x07\x91\x2A\x1D\xD6\x7E\x5C\x85\x83\x99\xB0\x38\x08\x3F\xE9\x5E\xF9\x35\x07\xE4\xC9\x62\x6E\x57\x7F\xA7\x50\x95\xF7\xBA\xC8\x9B\xE6\x8E\xA2\x01\xC5\xD6\x66\xBF\x79\x61\xF3\x3C\x1C\xE1\xB9\x82\x5C\x5D\xA0\xC3\xE9\xD8\x48\xBD\x19\xA2\x11\x14\x19\x6E\xB2\x86\x1B\x68\x3E\x48\x37\x1A\x88\xB7\x5D\x96\x5E\x9C\xC7\xEF\x27\x62\x08\xE2\x91\x19\x5C\xD2\xF1\x21\xDD\xBA\x17\x42\x82\x97\x71\x81\x53\x31\xA9\x9F\xF6\x7D\x62\xBF\x72\xE1\xA3\x93\x1D\xCC\x8A\x26\x5A\x09\x38\xD0\xCE\xD7\x0D\x80\x16\xB4\x78\xA5\x3A\x87\x4C\x8D\x8A\xA5\xD5\x46\x97\xF2\x2C\x10\xB9\xBC\x54\x22\xC0\x01\x50\x69\x43\x9E\xF4\xB2\xEF\x6D\xF8\xEC\xDA\xF1\xE3\xB1\xEF\xDF\x91\x8F\x54\x2A\x0B\x25\xC1\x26\x19\xC4\x52\x10\x05\x65\xD5\x82\x10\xEA\xC2\x31\xCD\x2E",
+	["CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM"] = "\x30\x82\x06\x9D\x30\x82\x04\x85\xA0\x03\x02\x01\x02\x02\x02\x05\xC6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x33\x30\x1E\x17\x0D\x30\x36\x31\x31\x32\x34\x31\x39\x31\x31\x32\x33\x5A\x17\x0D\x33\x31\x31\x31\x32\x34\x31\x39\x30\x36\x34\x34\x5A\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x33\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xCC\x57\x42\x16\x54\x9C\xE6\x98\xD3\xD3\x4D\xEE\xFE\xED\xC7\x9F\x43\x39\x4A\x65\xB3\xE8\x16\x88\x34\xDB\x0D\x59\x91\x74\xCF\x92\xB8\x04\x40\xAD\x02\x4B\x31\xAB\xBC\x8D\x91\x68\xD8\x20\x0E\x1A\x01\xE2\x1A\x7B\x4E\x17\x5D\xE2\x8A\xB7\x3F\x99\x1A\xCD\xEB\x61\xAB\xC2\x65\xA6\x1F\xB7\xB7\xBD\xB7\x8F\xFC\xFD\x70\x8F\x0B\xA0\x67\xBE\x01\xA2\x59\xCF\x71\xE6\x0F\x29\x76\xFF\xB1\x56\x79\x45\x2B\x1F\x9E\x7A\x54\xE8\xA3\x29\x35\x68\xA4\x01\x4F\x0F\xA4\x2E\x37\xEF\x1B\xBF\xE3\x8F\x10\xA8\x72\xAB\x58\x57\xE7\x54\x86\xC8\xC9\xF3\x5B\xDA\x2C\xDA\x5D\x8E\x6E\x3C\xA3\x3E\xDA\xFB\x82\xE5\xDD\xF2\x5C\xB2\x05\x33\x6F\x8A\x36\xCE\xD0\x13\x4E\xFF\xBF\x4A\x0C\x34\x4C\xA6\xC3\x21\xBD\x50\x04\x55\xEB\xB1\xBB\x9D\xFB\x45\x1E\x64\x15\xDE\x55\x01\x8C\x02\x76\xB5\xCB\xA1\x3F\x42\x69\xBC\x2F\xBD\x68\x43\x16\x56\x89\x2A\x37\x61\x91\xFD\xA6\xAE\x4E\xC0\xCB\x14\x65\x94\x37\x4B\x92\x06\xEF\x04\xD0\xC8\x9C\x88\xDB\x0B\x7B\x81\xAF\xB1\x3D\x2A\xC4\x65\x3A\x78\xB6\xEE\xDC\x80\xB1\xD2\xD3\x99\x9C\x3A\xEE\x6B\x5A\x6B\xB3\x8D\xB7\xD5\xCE\x9C\xC2\xBE\xA5\x4B\x2F\x16\xB1\x9E\x68\x3B\x06\x6F\xAE\x7D\x9F\xF8\xDE\xEC\xCC\x29\xA7\x98\xA3\x25\x43\x2F\xEF\xF1\x5F\x26\xE1\x88\x4D\xF8\x5E\x6E\xD7\xD9\x14\x6E\x19\x33\x69\xA7\x3B\x84\x89\x93\xC4\x53\x55\x13\xA1\x51\x78\x40\xF8\xB8\xC9\xA2\xEE\x7B\xBA\x52\x42\x83\x9E\x14\xED\x05\x52\x5A\x59\x56\xA7\x97\xFC\x9D\x3F\x0A\x29\xD8\xDC\x4F\x91\x0E\x13\xBC\xDE\x95\xA4\xDF\x8B\x99\xBE\xAC\x9B\x33\x88\xEF\xB5\x81\xAF\x1B\xC6\x22\x53\xC8\xF6\xC7\xEE\x97\x14\xB0\xC5\x7C\x78\x52\xC8\xF0\xCE\x6E\x77\x60\x84\xA6\xE9\x2A\x76\x20\xED\x58\x01\x17\x30\x93\xE9\x1A\x8B\xE0\x73\x63\xD9\x6A\x92\x94\x49\x4E\xB4\xAD\x4A\x85\xC4\xA3\x22\x30\xFC\x09\xED\x68\x22\x73\xA6\x88\x0C\x55\x21\x58\xC5\xE1\x3A\x9F\x2A\xDD\xCA\xE1\x90\xE0\xD9\x73\xAB\x6C\x80\xB8\xE8\x0B\x64\x93\xA0\x9C\x8C\x19\xFF\xB3\xD2\x0C\xEC\x91\x26\x87\x8A\xB3\xA2\xE1\x70\x8F\x2C\x0A\xE5\xCD\x6D\x68\x51\xEB\xDA\x3F\x05\x7F\x8B\x32\xE6\x13\x5C\x6B\xFE\x5F\x40\xE2\x22\xC8\xB4\xB4\x64\x4F\xD6\xBA\x7D\x48\x3E\xA8\x69\x0C\xD7\xBB\x86\x71\xC9\x73\xB8\x3F\x3B\x9D\x25\x4B\xDA\xFF\x40\xEB\x02\x03\x01\x00\x01\xA3\x82\x01\x95\x30\x82\x01\x91\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\xE1\x06\x03\x55\x1D\x20\x04\x81\xD9\x30\x81\xD6\x30\x81\xD3\x06\x09\x2B\x06\x01\x04\x01\xBE\x58\x00\x03\x30\x81\xC5\x30\x81\x93\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x81\x86\x1A\x81\x83\x41\x6E\x79\x20\x75\x73\x65\x20\x6F\x66\x20\x74\x68\x69\x73\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x63\x6F\x6E\x73\x74\x69\x74\x75\x74\x65\x73\x20\x61\x63\x63\x65\x70\x74\x61\x6E\x63\x65\x20\x6F\x66\x20\x74\x68\x65\x20\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x33\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x50\x6F\x6C\x69\x63\x79\x20\x2F\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x50\x72\x61\x63\x74\x69\x63\x65\x20\x53\x74\x61\x74\x65\x6D\x65\x6E\x74\x2E\x30\x2D\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x21\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x71\x75\x6F\x76\x61\x64\x69\x73\x67\x6C\x6F\x62\x61\x6C\x2E\x63\x6F\x6D\x2F\x63\x70\x73\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xF2\xC0\x13\xE0\x82\x43\x3E\xFB\xEE\x2F\x67\x32\x96\x35\x5C\xDB\xB8\xCB\x02\xD0\x30\x6E\x06\x03\x55\x1D\x23\x04\x67\x30\x65\x80\x14\xF2\xC0\x13\xE0\x82\x43\x3E\xFB\xEE\x2F\x67\x32\x96\x35\x5C\xDB\xB8\xCB\x02\xD0\xA1\x49\xA4\x47\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4D\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6F\x56\x61\x64\x69\x73\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x33\x82\x02\x05\xC6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x4F\xAD\xA0\x2C\x4C\xFA\xC0\xF2\x6F\xF7\x66\x55\xAB\x23\x34\xEE\xE7\x29\xDA\xC3\x5B\xB6\xB0\x83\xD9\xD0\xD0\xE2\x21\xFB\xF3\x60\xA7\x3B\x5D\x60\x53\x27\xA2\x9B\xF6\x08\x22\x2A\xE7\xBF\xA0\x72\xE5\x9C\x24\x6A\x31\xB1\x90\x7A\x27\xDB\x84\x11\x89\x27\xA6\x77\x5A\x38\xD7\xBF\xAC\x86\xFC\xEE\x5D\x83\xBC\x06\xC6\xD1\x77\x6B\x0F\x6D\x24\x2F\x4B\x7A\x6C\xA7\x07\x96\xCA\xE3\x84\x9F\xAD\x88\x8B\x1D\xAB\x16\x8D\x5B\x66\x17\xD9\x16\xF4\x8B\x80\xD2\xDD\xF8\xB2\x76\xC3\xFC\x38\x13\xAA\x0C\xDE\x42\x69\x2B\x6E\xF3\x3C\xEB\x80\x27\xDB\xF5\xA6\x44\x0D\x9F\x5A\x55\x59\x0B\xD5\x0D\x52\x48\xC5\xAE\x9F\xF2\x2F\x80\xC5\xEA\x32\x50\x35\x12\x97\x2E\xC1\xE1\xFF\xF1\x23\x88\x51\x38\x9F\xF2\x66\x56\x76\xE7\x0F\x51\x97\xA5\x52\x0C\x4D\x49\x51\x95\x36\x3D\xBF\xA2\x4B\x0C\x10\x1D\x86\x99\x4C\xAA\xF3\x72\x11\x93\xE4\xEA\xF6\x9B\xDA\xA8\x5D\xA7\x4D\xB7\x9E\x02\xAE\x73\x00\xC8\xDA\x23\x03\xE8\xF9\xEA\x19\x74\x62\x00\x94\xCB\x22\x20\xBE\x94\xA7\x59\xB5\x82\x6A\xBE\x99\x79\x7A\xA9\xF2\x4A\x24\x52\xF7\x74\xFD\xBA\x4E\xE6\xA8\x1D\x02\x6E\xB1\x0D\x80\x44\xC1\xAE\xD3\x23\x37\x5F\xBB\x85\x7C\x2B\x92\x2E\xE8\x7E\xA5\x8B\xDD\x99\xE1\xBF\x27\x6F\x2D\x5D\xAA\x7B\x87\xFE\x0A\xDD\x4B\xFC\x8E\xF5\x26\xE4\x6E\x70\x42\x6E\x33\xEC\x31\x9E\x7B\x93\xC1\xE4\xC9\x69\x1A\x3D\xC0\x6B\x4E\x22\x6D\xEE\xAB\x58\x4D\xC6\xD0\x41\xC1\x2B\xEA\x4F\x12\x87\x5E\xEB\x45\xD8\x6C\xF5\x98\x02\xD3\xA0\xD8\x55\x8A\x06\x99\x19\xA2\xA0\x77\xD1\x30\x9E\xAC\xCC\x75\xEE\x83\xF5\xB0\x62\x39\xCF\x6C\x57\xE2\x4C\xD2\x91\x0B\x0E\x75\x28\x1B\x9A\xBF\xFD\x1A\x43\xF1\xCA\x77\xFB\x3B\x8F\x61\xB8\x69\x28\x16\x42\x04\x5E\x70\x2A\x1C\x21\xD8\x8F\xE1\xBD\x23\x5B\x2D\x74\x40\x92\xD9\x63\x19\x0D\x73\xDD\x69\xBC\x62\x47\xBC\xE0\x74\x2B\xB2\xEB\x7D\xBE\x41\x1B\xB5\xC0\x46\xC5\xA1\x22\xCB\x5F\x4E\xC1\x28\x92\xDE\x18\xBA\xD5\x2A\x28\xBB\x11\x8B\x17\x93\x98\x99\x60\x94\x5C\x23\xCF\x5A\x27\x97\x5E\x0B\x05\x06\x93\x37\x1E\x3B\x69\x36\xEB\xA9\x9E\x61\x1D\x8F\x32\xDA\x8E\x0C\xD6\x74\x3E\x7B\x09\x24\xDA\x01\x77\x47\xC4\x3B\xCD\x34\x8C\x99\xF5\xCA\xE1\x25\x61\x33\xB2\x59\x1B\xE2\x6E\xD7\x37\x57\xB6\x0D\xA9\x12\xDA",
+	["OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP"] = "\x30\x82\x03\x5A\x30\x82\x02\x42\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x50\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x53\x45\x43\x4F\x4D\x20\x54\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6F\x6D\x6D\x75\x6E\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x43\x41\x31\x30\x1E\x17\x0D\x30\x33\x30\x39\x33\x30\x30\x34\x32\x30\x34\x39\x5A\x17\x0D\x32\x33\x30\x39\x33\x30\x30\x34\x32\x30\x34\x39\x5A\x30\x50\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x53\x45\x43\x4F\x4D\x20\x54\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6F\x6D\x6D\x75\x6E\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x43\x41\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB3\xB3\xFE\x7F\xD3\x6D\xB1\xEF\x16\x7C\x57\xA5\x0C\x6D\x76\x8A\x2F\x4B\xBF\x64\xFB\x4C\xEE\x8A\xF0\xF3\x29\x7C\xF5\xFF\xEE\x2A\xE0\xE9\xE9\xBA\x5B\x64\x22\x9A\x9A\x6F\x2C\x3A\x26\x69\x51\x05\x99\x26\xDC\xD5\x1C\x6A\x71\xC6\x9A\x7D\x1E\x9D\xDD\x7C\x6C\xC6\x8C\x67\x67\x4A\x3E\xF8\x71\xB0\x19\x27\xA9\x09\x0C\xA6\x95\xBF\x4B\x8C\x0C\xFA\x55\x98\x3B\xD8\xE8\x22\xA1\x4B\x71\x38\x79\xAC\x97\x92\x69\xB3\x89\x7E\xEA\x21\x68\x06\x98\x14\x96\x87\xD2\x61\x36\xBC\x6D\x27\x56\x9E\x57\xEE\xC0\xC0\x56\xFD\x32\xCF\xA4\xD9\x8E\xC2\x23\xD7\x8D\xA8\xF3\xD8\x25\xAC\x97\xE4\x70\x38\xF4\xB6\x3A\xB4\x9D\x3B\x97\x26\x43\xA3\xA1\xBC\x49\x59\x72\x4C\x23\x30\x87\x01\x58\xF6\x4E\xBE\x1C\x68\x56\x66\xAF\xCD\x41\x5D\xC8\xB3\x4D\x2A\x55\x46\xAB\x1F\xDA\x1E\xE2\x40\x3D\xDB\xCD\x7D\xB9\x92\x80\x9C\x37\xDD\x0C\x96\x64\x9D\xDC\x22\xF7\x64\x8B\xDF\x61\xDE\x15\x94\x52\x15\xA0\x7D\x52\xC9\x4B\xA8\x21\xC9\xC6\xB1\xED\xCB\xC3\x95\x60\xD1\x0F\xF0\xAB\x70\xF8\xDF\xCB\x4D\x7E\xEC\xD6\xFA\xAB\xD9\xBD\x7F\x54\xF2\xA5\xE9\x79\xFA\xD9\xD6\x76\x24\x28\x73\x02\x03\x01\x00\x01\xA3\x3F\x30\x3D\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA0\x73\x49\x99\x68\xDC\x85\x5B\x65\xE3\x9B\x28\x2F\x57\x9F\xBD\x33\xBC\x07\x48\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x68\x40\xA9\xA8\xBB\xE4\x4F\x5D\x79\xB3\x05\xB5\x17\xB3\x60\x13\xEB\xC6\x92\x5D\xE0\xD1\xD3\x6A\xFE\xFB\xBE\x9B\x6D\xBF\xC7\x05\x6D\x59\x20\xC4\x1C\xF0\xB7\xDA\x84\x58\x02\x63\xFA\x48\x16\xEF\x4F\xA5\x0B\xF7\x4A\x98\xF2\x3F\x9E\x1B\xAD\x47\x6B\x63\xCE\x08\x47\xEB\x52\x3F\x78\x9C\xAF\x4D\xAE\xF8\xD5\x4F\xCF\x9A\x98\x2A\x10\x41\x39\x52\xC4\xDD\xD9\x9B\x0E\xEF\x93\x01\xAE\xB2\x2E\xCA\x68\x42\x24\x42\x6C\xB0\xB3\x3A\x3E\xCD\xE9\xDA\x48\xC4\x15\xCB\xE9\xF9\x07\x0F\x92\x50\x49\x8A\xDD\x31\x97\x5F\xC9\xE9\x37\xAA\x3B\x59\x65\x97\x94\x32\xC9\xB3\x9F\x3E\x3A\x62\x58\xC5\x49\xAD\x62\x0E\x71\xA5\x32\xAA\x2F\xC6\x89\x76\x43\x40\x13\x13\x67\x3D\xA2\x54\x25\x10\xCB\xF1\x3A\xF2\xD9\xFA\xDB\x49\x56\xBB\xA6\xFE\xA7\x41\x35\xC3\xE0\x88\x61\xC9\x88\xC7\xDF\x36\x10\x22\x98\x59\xEA\xB0\x4A\xFB\x56\x16\x73\x6E\xAC\x4D\xF7\x22\xA1\x4F\xAD\x1D\x7A\x2D\x45\x27\xE5\x30\xC1\x5E\xF2\xDA\x13\xCB\x25\x42\x51\x95\x47\x03\x8C\x6C\x21\xCC\x74\x42\xED\x53\xFF\x33\x8B\x8F\x0F\x57\x01\x16\x2F\xCF\xA6\xEE\xC9\x70\x22\x14\xBD\xFD\xBE\x6C\x0B\x03",
+	["CN=Sonera Class2 CA,O=Sonera,C=FI"] = "\x30\x82\x03\x20\x30\x82\x02\x08\xA0\x03\x02\x01\x02\x02\x01\x1D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x39\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x49\x31\x0F\x30\x0D\x06\x03\x55\x04\x0A\x13\x06\x53\x6F\x6E\x65\x72\x61\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x6F\x6E\x65\x72\x61\x20\x43\x6C\x61\x73\x73\x32\x20\x43\x41\x30\x1E\x17\x0D\x30\x31\x30\x34\x30\x36\x30\x37\x32\x39\x34\x30\x5A\x17\x0D\x32\x31\x30\x34\x30\x36\x30\x37\x32\x39\x34\x30\x5A\x30\x39\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x49\x31\x0F\x30\x0D\x06\x03\x55\x04\x0A\x13\x06\x53\x6F\x6E\x65\x72\x61\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x6F\x6E\x65\x72\x61\x20\x43\x6C\x61\x73\x73\x32\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x90\x17\x4A\x35\x9D\xCA\xF0\x0D\x96\xC7\x44\xFA\x16\x37\xFC\x48\xBD\xBD\x7F\x80\x2D\x35\x3B\xE1\x6F\xA8\x67\xA9\xBF\x03\x1C\x4D\x8C\x6F\x32\x47\xD5\x41\x68\xA4\x13\x04\xC1\x35\x0C\x9A\x84\x43\xFC\x5C\x1D\xFF\x89\xB3\xE8\x17\x18\xCD\x91\x5F\xFB\x89\xE3\xEA\xBF\x4E\x5D\x7C\x1B\x26\xD3\x75\x79\xED\xE6\x84\xE3\x57\xE5\xAD\x29\xC4\xF4\x3A\x28\xE7\xA5\x7B\x84\x36\x69\xB3\xFD\x5E\x76\xBD\xA3\x2D\x99\xD3\x90\x4E\x23\x28\x7D\x18\x63\xF1\x54\x3B\x26\x9D\x76\x5B\x97\x42\xB2\xFF\xAE\xF0\x4E\xEC\xDD\x39\x95\x4E\x83\x06\x7F\xE7\x49\x40\xC8\xC5\x01\xB2\x54\x5A\x66\x1D\x3D\xFC\xF9\xE9\x3C\x0A\x9E\x81\xB8\x70\xF0\x01\x8B\xE4\x23\x54\x7C\xC8\xAE\xF8\x90\x1E\x00\x96\x72\xD4\x54\xCF\x61\x23\xBC\xEA\xFB\x9D\x02\x95\xD1\xB6\xB9\x71\x3A\x69\x08\x3F\x0F\xB4\xE1\x42\xC7\x88\xF5\x3F\x98\xA8\xA7\xBA\x1C\xE0\x71\x71\xEF\x58\x57\x81\x50\x7A\x5C\x6B\x74\x46\x0E\x83\x03\x98\xC3\x8E\xA8\x6E\xF2\x76\x32\x6E\x27\x83\xC2\x73\xF3\xDC\x18\xE8\xB4\x93\xEA\x75\x44\x6B\x04\x60\x20\x71\x57\x87\x9D\xF3\xBE\xA0\x90\x23\x3D\x8A\x24\xE1\xDA\x21\xDB\xC3\x02\x03\x01\x00\x01\xA3\x33\x30\x31\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x11\x06\x03\x55\x1D\x0E\x04\x0A\x04\x08\x4A\xA0\xAA\x58\x84\xD3\x5E\x3C\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5A\xCE\x87\xF9\x16\x72\x15\x57\x4B\x1D\xD9\x9B\xE7\xA2\x26\x30\xEC\x93\x67\xDF\xD6\x2D\xD2\x34\xAF\xF7\x38\xA5\xCE\xAB\x16\xB9\xAB\x2F\x7C\x35\xCB\xAC\xD0\x0F\xB4\x4C\x2B\xFC\x80\xEF\x6B\x8C\x91\x5F\x36\x76\xF7\xDB\xB3\x1B\x19\xEA\xF4\xB2\x11\xFD\x61\x71\x44\xBF\x28\xB3\x3A\x1D\xBF\xB3\x43\xE8\x9F\xBF\xDC\x31\x08\x71\xB0\x9D\x8D\xD6\x34\x47\x32\x90\xC6\x65\x24\xF7\xA0\x4A\x7C\x04\x73\x8F\x39\x6F\x17\x8C\x72\xB5\xBD\x4B\xC8\x7A\xF8\x7B\x83\xC3\x28\x4E\x9C\x09\xEA\x67\x3F\xB2\x67\x04\x1B\xC3\x14\xDA\xF8\xE7\x49\x24\x91\xD0\x1D\x6A\xFA\x61\x39\xEF\x6B\xE7\x21\x75\x06\x07\xD8\x12\xB4\x21\x20\x70\x42\x71\x81\xDA\x3C\x9A\x36\xBE\xA6\x5B\x0D\x6A\x6C\x9A\x1F\x91\x7B\xF9\xF9\xEF\x42\xBA\x4E\x4E\x9E\xCC\x0C\x8D\x94\xDC\xD9\x45\x9C\x5E\xEC\x42\x50\x63\xAE\xF4\x5D\xC4\xB1\x12\xDC\xCA\x3B\xA8\x2E\x9D\x14\x5A\x05\x75\xB7\xEC\xD7\x63\xE2\xBA\x35\xB6\x04\x08\x91\xE8\xDA\x9D\x9C\xF6\x66\xB5\x18\xAC\x0A\xA6\x54\x26\x34\x33\xD2\x1B\xC1\xD4\x7F\x1A\x3A\x8E\x0B\xAA\x32\x6E\xDB\xFC\x4F\x25\x9F\xD9\x32\xC7\x96\x5A\x70\xAC\xDF\x4C",
+	["CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL"] = "\x30\x82\x03\xBA\x30\x82\x02\xA2\xA0\x03\x02\x01\x02\x02\x04\x00\x98\x96\x8A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4C\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x32\x31\x32\x31\x37\x30\x39\x32\x33\x34\x39\x5A\x17\x0D\x31\x35\x31\x32\x31\x36\x30\x39\x31\x35\x33\x38\x5A\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4C\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x98\xD2\xB5\x51\x11\x7A\x81\xA6\x14\x98\x71\x6D\xBE\xCC\xE7\x13\x1B\xD6\x27\x0E\x7A\xB3\x6A\x18\x1C\xB6\x61\x5A\xD5\x61\x09\xBF\xDE\x90\x13\xC7\x67\xEE\xDD\xF3\xDA\xC5\x0C\x12\x9E\x35\x55\x3E\x2C\x27\x88\x40\x6B\xF7\xDC\xDD\x22\x61\xF5\xC2\xC7\x0E\xF5\xF6\xD5\x76\x53\x4D\x8F\x8C\xBC\x18\x76\x37\x85\x9D\xE8\xCA\x49\xC7\xD2\x4F\x98\x13\x09\xA2\x3E\x22\x88\x9C\x7F\xD6\xF2\x10\x65\xB4\xEE\x5F\x18\xD5\x17\xE3\xF8\xC5\xFD\xE2\x9D\xA2\xEF\x53\x0E\x85\x77\xA2\x0F\xE1\x30\x47\xEE\x00\xE7\x33\x7D\x44\x67\x1A\x0B\x51\xE8\x8B\xA0\x9E\x50\x98\x68\x34\x52\x1F\x2E\x6D\x01\xF2\x60\x45\xF2\x31\xEB\xA9\x31\x68\x29\xBB\x7A\x41\x9E\xC6\x19\x7F\x94\xB4\x51\x39\x03\x7F\xB2\xDE\xA7\x32\x9B\xB4\x47\x8E\x6F\xB4\x4A\xAE\xE5\xAF\xB1\xDC\xB0\x1B\x61\xBC\x99\x72\xDE\xE4\x89\xB7\x7A\x26\x5D\xDA\x33\x49\x5B\x52\x9C\x0E\xF5\x8A\xAD\xC3\xB8\x3D\xE8\x06\x6A\xC2\xD5\x2A\x0B\x6C\x7B\x84\xBD\x56\x05\xCB\x86\x65\x92\xEC\x44\x2B\xB0\x8E\xB9\xDC\x70\x0B\x46\xDA\xAD\xBC\x63\x88\x39\xFA\xDB\x6A\xFE\x23\xFA\xBC\xE4\x48\xF4\x67\x2B\x6A\x11\x10\x21\x49\x02\x03\x01\x00\x01\xA3\x81\x91\x30\x81\x8E\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x4F\x06\x03\x55\x1D\x20\x04\x48\x30\x46\x30\x44\x06\x04\x55\x1D\x20\x00\x30\x3C\x30\x3A\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x2E\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x70\x6B\x69\x6F\x76\x65\x72\x68\x65\x69\x64\x2E\x6E\x6C\x2F\x70\x6F\x6C\x69\x63\x69\x65\x73\x2F\x72\x6F\x6F\x74\x2D\x70\x6F\x6C\x69\x63\x79\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA8\x7D\xEB\xBC\x63\xA4\x74\x13\x74\x00\xEC\x96\xE0\xD3\x34\xC1\x2C\xBF\x6C\xF8\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x05\x84\x87\x55\x74\x36\x61\xC1\xBB\xD1\xD4\xC6\x15\xA8\x13\xB4\x9F\xA4\xFE\xBB\xEE\x15\xB4\x2F\x06\x0C\x29\xF2\xA8\x92\xA4\x61\x0D\xFC\xAB\x5C\x08\x5B\x51\x13\x2B\x4D\xC2\x2A\x61\xC8\xF8\x09\x58\xFC\x2D\x02\xB2\x39\x7D\x99\x66\x81\xBF\x6E\x5C\x95\x45\x20\x6C\xE6\x79\xA7\xD1\xD8\x1C\x29\xFC\xC2\x20\x27\x51\xC8\xF1\x7C\x5D\x34\x67\x69\x85\x11\x30\xC6\x00\xD2\xD7\xF3\xD3\x7C\xB6\xF0\x31\x57\x28\x12\x82\x73\xE9\x33\x2F\xA6\x55\xB4\x0B\x91\x94\x47\x9C\xFA\xBB\x7A\x42\x32\xE8\xAE\x7E\x2D\xC8\xBC\xAC\x14\xBF\xD9\x0F\xD9\x5B\xFC\xC1\xF9\x7A\x95\xE1\x7D\x7E\x96\xFC\x71\xB0\xC2\x4C\xC8\xDF\x45\x34\xC9\xCE\x0D\xF2\x9C\x64\x08\xD0\x3B\xC3\x29\xC5\xB2\xED\x90\x04\xC1\xB1\x29\x91\xC5\x30\x6F\xC1\xA9\x72\x33\xCC\xFE\x5D\x16\x17\x2C\x11\x69\xE7\x7E\xFE\xC5\x83\x08\xDF\xBC\xDC\x22\x3A\x2E\x20\x69\x23\x39\x56\x60\x67\x90\x8B\x2E\x76\x39\xFB\x11\x88\x97\xF6\x7C\xBD\x4B\xB8\x20\x16\x67\x05\x8D\xE2\x3B\xC1\x72\x3F\x94\x95\x37\xC7\x5D\xB9\x9E\xD8\x93\xA1\x17\x8F\xFF\x0C\x66\x15\xC1\x24\x7C\x32\x7C\x03\x1D\x3B\xA1\x58\x45\x32\x93",
+	["OU=TDC Internet Root CA,O=TDC Internet,C=DK"] = "\x30\x82\x04\x2B\x30\x82\x03\x13\xA0\x03\x02\x01\x02\x02\x04\x3A\xCC\xA5\x4C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x43\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x31\x30\x34\x30\x35\x31\x36\x33\x33\x31\x37\x5A\x17\x0D\x32\x31\x30\x34\x30\x35\x31\x37\x30\x33\x31\x37\x5A\x30\x43\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC4\xB8\x40\xBC\x91\xD5\x63\x1F\xD7\x99\xA0\x8B\x0C\x40\x1E\x74\xB7\x48\x9D\x46\x8C\x02\xB2\xE0\x24\x5F\xF0\x19\x13\xA7\x37\x83\x6B\x5D\xC7\x8E\xF9\x84\x30\xCE\x1A\x3B\xFA\xFB\xCE\x8B\x6D\x23\xC6\xC3\x6E\x66\x9F\x89\xA5\xDF\xE0\x42\x50\x67\xFA\x1F\x6C\x1E\xF4\xD0\x05\xD6\xBF\xCA\xD6\x4E\xE4\x68\x60\x6C\x46\xAA\x1C\x5D\x63\xE1\x07\x86\x0E\x65\x00\xA7\x2E\xA6\x71\xC6\xBC\xB9\x81\xA8\x3A\x7D\x1A\xD2\xF9\xD1\xAC\x4B\xCB\xCE\x75\xAF\xDC\x7B\xFA\x81\x73\xD4\xFC\xBA\xBD\x41\x88\xD4\x74\xB3\xF9\x5E\x38\x3A\x3C\x43\xA8\xD2\x95\x4E\x77\x6D\x13\x0C\x9D\x8F\x78\x01\xB7\x5A\x20\x1F\x03\x37\x35\xE2\x2C\xDB\x4B\x2B\x2C\x78\xB9\x49\xDB\xC4\xD0\xC7\x9C\x9C\xE4\x8A\x20\x09\x21\x16\x56\x66\xFF\x05\xEC\x5B\xE3\xF0\xCF\xAB\x24\x24\x5E\xC3\x7F\x70\x7A\x12\xC4\xD2\xB5\x10\xA0\xB6\x21\xE1\x8D\x78\x69\x55\x44\x69\xF5\xCA\x96\x1C\x34\x85\x17\x25\x77\xE2\xF6\x2F\x27\x98\x78\xFD\x79\x06\x3A\xA2\xD6\x5A\x43\xC1\xFF\xEC\x04\x3B\xEE\x13\xEF\xD3\x58\x5A\xFF\x92\xEB\xEC\xAE\xDA\xF2\x37\x03\x47\x41\xB6\x97\xC9\x2D\x0A\x41\x22\xBB\xBB\xE6\xA7\x02\x03\x01\x00\x01\xA3\x82\x01\x25\x30\x82\x01\x21\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x65\x06\x03\x55\x1D\x1F\x04\x5E\x30\x5C\x30\x5A\xA0\x58\xA0\x56\xA4\x54\x30\x52\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x52\x6F\x6F\x74\x20\x43\x41\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x2B\x06\x03\x55\x1D\x10\x04\x24\x30\x22\x80\x0F\x32\x30\x30\x31\x30\x34\x30\x35\x31\x36\x33\x33\x31\x37\x5A\x81\x0F\x32\x30\x32\x31\x30\x34\x30\x35\x31\x37\x30\x33\x31\x37\x5A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x6C\x64\x01\xC7\xFD\x85\x6D\xAC\xC8\xDA\x9E\x50\x08\x85\x08\xB5\x3C\x56\xA8\x50\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x6C\x64\x01\xC7\xFD\x85\x6D\xAC\xC8\xDA\x9E\x50\x08\x85\x08\xB5\x3C\x56\xA8\x50\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x10\x30\x0E\x1B\x08\x56\x35\x2E\x30\x3A\x34\x2E\x30\x03\x02\x04\x90\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4E\x43\xCC\xD1\xDD\x1D\x10\x1B\x06\x7F\xB7\xA4\xFA\xD3\xD9\x4D\xFB\x23\x9F\x23\x54\x5B\xE6\x8B\x2F\x04\x28\x8B\xB5\x27\x6D\x89\xA1\xEC\x98\x69\xDC\xE7\x8D\x26\x83\x05\x79\x74\xEC\xB4\xB9\xA3\x97\xC1\x35\x00\xFD\x15\xDA\x39\x81\x3A\x95\x31\x90\xDE\x97\xE9\x86\xA8\x99\x77\x0C\xE5\x5A\xA0\x84\xFF\x12\x16\xAC\x6E\xB8\x8D\xC3\x7B\x92\xC2\xAC\x2E\xD0\x7D\x28\xEC\xB6\xF3\x60\x38\x69\x6F\x3E\xD8\x04\x55\x3E\x9E\xCC\x55\xD2\xBA\xFE\xBB\x47\x04\xD7\x0A\xD9\x16\x0A\x34\x29\xF5\x58\x13\xD5\x4F\xCF\x8F\x56\x4B\xB3\x1E\xEE\xD3\x98\x79\xDA\x08\x1E\x0C\x6F\xB8\xF8\x16\x27\xEF\xC2\x6F\x3D\xF6\xA3\x4B\x3E\x0E\xE4\x6D\x6C\xDB\x3B\x41\x12\x9B\xBD\x0D\x47\x23\x7F\x3C\x4A\xD0\xAF\xC0\xAF\xF6\xEF\x1B\xB5\x15\xC4\xEB\x83\xC4\x09\x5F\x74\x8B\xD9\x11\xFB\xC2\x56\xB1\x3C\xF8\x70\xCA\x34\x8D\x43\x40\x13\x8C\xFD\x99\x03\x54\x79\xC6\x2E\xEA\x86\xA1\xF6\x3A\xD4\x09\xBC\xF4\xBC\x66\xCC\x3D\x58\xD0\x57\x49\x0A\xEE\x25\xE2\x41\xEE\x13\xF9\x9B\x38\x34\xD1\x00\xF5\x7E\xE7\x94\x1D\xFC\x69\x03\x62\xB8\x99\x05\x05\x3D\x6B\x78\x12\xBD\xB0\x6F\x65",
+	["CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US"] = "\x30\x82\x04\x5E\x30\x82\x03\x46\xA0\x03\x02\x01\x02\x02\x10\x44\xBE\x0C\x8B\x50\x00\x21\xB4\x11\xD3\x2A\x68\x06\xA9\xAD\x69\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x93\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x55\x54\x4E\x20\x2D\x20\x44\x41\x54\x41\x43\x6F\x72\x70\x20\x53\x47\x43\x30\x1E\x17\x0D\x39\x39\x30\x36\x32\x34\x31\x38\x35\x37\x32\x31\x5A\x17\x0D\x31\x39\x30\x36\x32\x34\x31\x39\x30\x36\x33\x30\x5A\x30\x81\x93\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x55\x54\x4E\x20\x2D\x20\x44\x41\x54\x41\x43\x6F\x72\x70\x20\x53\x47\x43\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDF\xEE\x58\x10\xA2\x2B\x6E\x55\xC4\x8E\xBF\x2E\x46\x09\xE7\xE0\x08\x0F\x2E\x2B\x7A\x13\x94\x1B\xBD\xF6\xB6\x80\x8E\x65\x05\x93\x00\x1E\xBC\xAF\xE2\x0F\x8E\x19\x0D\x12\x47\xEC\xAC\xAD\xA3\xFA\x2E\x70\xF8\xDE\x6E\xFB\x56\x42\x15\x9E\x2E\x5C\xEF\x23\xDE\x21\xB9\x05\x76\x27\x19\x0F\x4F\xD6\xC3\x9C\xB4\xBE\x94\x19\x63\xF2\xA6\x11\x0A\xEB\x53\x48\x9C\xBE\xF2\x29\x3B\x16\xE8\x1A\xA0\x4C\xA6\xC9\xF4\x18\x59\x68\xC0\x70\xF2\x53\x00\xC0\x5E\x50\x82\xA5\x56\x6F\x36\xF9\x4A\xE0\x44\x86\xA0\x4D\x4E\xD6\x47\x6E\x49\x4A\xCB\x67\xD7\xA6\xC4\x05\xB9\x8E\x1E\xF4\xFC\xFF\xCD\xE7\x36\xE0\x9C\x05\x6C\xB2\x33\x22\x15\xD0\xB4\xE0\xCC\x17\xC0\xB2\xC0\xF4\xFE\x32\x3F\x29\x2A\x95\x7B\xD8\xF2\xA7\x4E\x0F\x54\x7C\xA1\x0D\x80\xB3\x09\x03\xC1\xFF\x5C\xDD\x5E\x9A\x3E\xBC\xAE\xBC\x47\x8A\x6A\xAE\x71\xCA\x1F\xB1\x2A\xB8\x5F\x42\x05\x0B\xEC\x46\x30\xD1\x72\x0B\xCA\xE9\x56\x6D\xF5\xEF\xDF\x78\xBE\x61\xBA\xB2\xA5\xAE\x04\x4C\xBC\xA8\xAC\x69\x15\x97\xBD\xEF\xEB\xB4\x8C\xBF\x35\xF8\xD4\xC3\xD1\x28\x0E\x5C\x3A\x9F\x70\x18\x33\x20\x77\xC4\xA2\xAF\x02\x03\x01\x00\x01\xA3\x81\xAB\x30\x81\xA8\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\xC6\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x53\x32\xD1\xB3\xCF\x7F\xFA\xE0\xF1\xA0\x5D\x85\x4E\x92\xD2\x9E\x45\x1D\xB4\x4F\x30\x3D\x06\x03\x55\x1D\x1F\x04\x36\x30\x34\x30\x32\xA0\x30\xA0\x2E\x86\x2C\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x2F\x55\x54\x4E\x2D\x44\x41\x54\x41\x43\x6F\x72\x70\x53\x47\x43\x2E\x63\x72\x6C\x30\x2A\x06\x03\x55\x1D\x25\x04\x23\x30\x21\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x03\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x04\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x27\x35\x97\x00\x8A\x8B\x28\xBD\xC6\x33\x30\x1E\x29\xFC\xE2\xF7\xD5\x98\xD4\x40\xBB\x60\xCA\xBF\xAB\x17\x2C\x09\x36\x7F\x50\xFA\x41\xDC\xAE\x96\x3A\x0A\x23\x3E\x89\x59\xC9\xA3\x07\xED\x1B\x37\xAD\xFC\x7C\xBE\x51\x49\x5A\xDE\x3A\x0A\x54\x08\x16\x45\xC2\x99\xB1\x87\xCD\x8C\x68\xE0\x69\x03\xE9\xC4\x4E\x98\xB2\x3B\x8C\x16\xB3\x0E\xA0\x0C\x98\x50\x9B\x93\xA9\x70\x09\xC8\x2C\xA3\x8F\xDF\x02\xE4\xE0\x71\x3A\xF1\xB4\x23\x72\xA0\xAA\x01\xDF\xDF\x98\x3E\x14\x50\xA0\x31\x26\xBD\x28\xE9\x5A\x30\x26\x75\xF9\x7B\x60\x1C\x8D\xF3\xCD\x50\x26\x6D\x04\x27\x9A\xDF\xD5\x0D\x45\x47\x29\x6B\x2C\xE6\x76\xD9\xA9\x29\x7D\x32\xDD\xC9\x36\x3C\xBD\xAE\x35\xF1\x11\x9E\x1D\xBB\x90\x3F\x12\x47\x4E\x8E\xD7\x7E\x0F\x62\x73\x1D\x52\x26\x38\x1C\x18\x49\xFD\x30\x74\x9A\xC4\xE5\x22\x2F\xD8\xC0\x8D\xED\x91\x7A\x4C\x00\x8F\x72\x7F\x5D\xDA\xDD\x1B\x8B\x45\x6B\xE7\xDD\x69\x97\xA8\xC5\x56\x4C\x0F\x0C\xF6\x9F\x7A\x91\x37\xF6\x97\x82\xE0\xDD\x71\x69\xFF\x76\x3F\x60\x4D\x3C\xCF\xF7\x99\xF9\xC6\x57\xF4\xC9\x55\x39\x78\xBA\x2C\x79\xC9\xA6\x88\x2B\xF4\x08",
+	["CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US"] = "\x30\x82\x04\x74\x30\x82\x03\x5C\xA0\x03\x02\x01\x02\x02\x10\x44\xBE\x0C\x8B\x50\x00\x24\xB4\x11\xD3\x36\x2A\xFE\x65\x0A\xFD\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x97\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x13\x16\x55\x54\x4E\x2D\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2D\x48\x61\x72\x64\x77\x61\x72\x65\x30\x1E\x17\x0D\x39\x39\x30\x37\x30\x39\x31\x38\x31\x30\x34\x32\x5A\x17\x0D\x31\x39\x30\x37\x30\x39\x31\x38\x31\x39\x32\x32\x5A\x30\x81\x97\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x13\x16\x55\x54\x4E\x2D\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2D\x48\x61\x72\x64\x77\x61\x72\x65\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB1\xF7\xC3\x38\x3F\xB4\xA8\x7F\xCF\x39\x82\x51\x67\xD0\x6D\x9F\xD2\xFF\x58\xF3\xE7\x9F\x2B\xEC\x0D\x89\x54\x99\xB9\x38\x99\x16\xF7\xE0\x21\x79\x48\xC2\xBB\x61\x74\x12\x96\x1D\x3C\x6A\x72\xD5\x3C\x10\x67\x3A\x39\xED\x2B\x13\xCD\x66\xEB\x95\x09\x33\xA4\x6C\x97\xB1\xE8\xC6\xEC\xC1\x75\x79\x9C\x46\x5E\x8D\xAB\xD0\x6A\xFD\xB9\x2A\x55\x17\x10\x54\xB3\x19\xF0\x9A\xF6\xF1\xB1\x5D\xB6\xA7\x6D\xFB\xE0\x71\x17\x6B\xA2\x88\xFB\x00\xDF\xFE\x1A\x31\x77\x0C\x9A\x01\x7A\xB1\x32\xE3\x2B\x01\x07\x38\x6E\xC3\xA5\x5E\x23\xBC\x45\x9B\x7B\x50\xC1\xC9\x30\x8F\xDB\xE5\x2B\x7A\xD3\x5B\xFB\x33\x40\x1E\xA0\xD5\x98\x17\xBC\x8B\x87\xC3\x89\xD3\x5D\xA0\x8E\xB2\xAA\xAA\xF6\x8E\x69\x88\x06\xC5\xFA\x89\x21\xF3\x08\x9D\x69\x2E\x09\x33\x9B\x29\x0D\x46\x0F\x8C\xCC\x49\x34\xB0\x69\x51\xBD\xF9\x06\xCD\x68\xAD\x66\x4C\xBC\x3E\xAC\x61\xBD\x0A\x88\x0E\xC8\xDF\x3D\xEE\x7C\x04\x4C\x9D\x0A\x5E\x6B\x91\xD6\xEE\xC7\xED\x28\x8D\xAB\x4D\x87\x89\x73\xD0\x6E\xA4\xD0\x1E\x16\x8B\x14\xE1\x76\x44\x03\x7F\x63\xAC\xE4\xCD\x49\x9C\xC5\x92\xF4\xAB\x32\xA1\x48\x5B\x02\x03\x01\x00\x01\xA3\x81\xB9\x30\x81\xB6\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\xC6\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA1\x72\x5F\x26\x1B\x28\x98\x43\x95\x5D\x07\x37\xD5\x85\x96\x9D\x4B\xD2\xC3\x45\x30\x44\x06\x03\x55\x1D\x1F\x04\x3D\x30\x3B\x30\x39\xA0\x37\xA0\x35\x86\x33\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x2F\x55\x54\x4E\x2D\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2D\x48\x61\x72\x64\x77\x61\x72\x65\x2E\x63\x72\x6C\x30\x31\x06\x03\x55\x1D\x25\x04\x2A\x30\x28\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x05\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x06\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x07\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x47\x19\x0F\xDE\x74\xC6\x99\x97\xAF\xFC\xAD\x28\x5E\x75\x8E\xEB\x2D\x67\xEE\x4E\x7B\x2B\xD7\x0C\xFF\xF6\xDE\xCB\x55\xA2\x0A\xE1\x4C\x54\x65\x93\x60\x6B\x9F\x12\x9C\xAD\x5E\x83\x2C\xEB\x5A\xAE\xC0\xE4\x2D\xF4\x00\x63\x1D\xB8\xC0\x6C\xF2\xCF\x49\xBB\x4D\x93\x6F\x06\xA6\x0A\x22\xB2\x49\x62\x08\x4E\xFF\xC8\xC8\x14\xB2\x88\x16\x5D\xE7\x01\xE4\x12\x95\xE5\x45\x34\xB3\x8B\x69\xBD\xCF\xB4\x85\x8F\x75\x51\x9E\x7D\x3A\x38\x3A\x14\x48\x12\xC6\xFB\xA7\x3B\x1A\x8D\x0D\x82\x40\x07\xE8\x04\x08\x90\xA1\x89\xCB\x19\x50\xDF\xCA\x1C\x01\xBC\x1D\x04\x19\x7B\x10\x76\x97\x3B\xEE\x90\x90\xCA\xC4\x0E\x1F\x16\x6E\x75\xEF\x33\xF8\xD3\x6F\x5B\x1E\x96\xE3\xE0\x74\x77\x74\x7B\x8A\xA2\x6E\x2D\xDD\x76\xD6\x39\x30\x82\xF0\xAB\x9C\x52\xF2\x2A\xC7\xAF\x49\x5E\x7E\xC7\x68\xE5\x82\x81\xC8\x6A\x27\xF9\x27\x88\x2A\xD5\x58\x50\x95\x1F\xF0\x3B\x1C\x57\xBB\x7D\x14\x39\x62\x2B\x9A\xC9\x94\x92\x2A\xA3\x22\x0C\xFF\x89\x26\x7D\x5F\x23\x2B\x47\xD7\x15\x1D\xA9\x6A\x9E\x51\x0D\x2A\x51\x9E\x81\xF9\xD4\x3B\x5E\x70\x12\x7F\x10\x32\x9C\x1E\xBB\x9D\xF8\x66\xA8",
+	["CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU"] = "\x30\x82\x04\xBD\x30\x82\x03\xA5\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0A\x13\x1E\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0B\x13\x1A\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x43\x68\x61\x6D\x62\x65\x72\x73\x20\x6F\x66\x20\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x33\x30\x39\x33\x30\x31\x36\x31\x33\x34\x33\x5A\x17\x0D\x33\x37\x30\x39\x33\x30\x31\x36\x31\x33\x34\x34\x5A\x30\x7F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0A\x13\x1E\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0B\x13\x1A\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x43\x68\x61\x6D\x62\x65\x72\x73\x20\x6F\x66\x20\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x82\x01\x20\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0D\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xB7\x36\x55\xE5\xA5\x5D\x18\x30\xE0\xDA\x89\x54\x91\xFC\xC8\xC7\x52\xF8\x2F\x50\xD9\xEF\xB1\x75\x73\x65\x47\x7D\x1B\x5B\xBA\x75\xC5\xFC\xA1\x88\x24\xFA\x2F\xED\xCA\x08\x4A\x39\x54\xC4\x51\x7A\xB5\xDA\x60\xEA\x38\x3C\x81\xB2\xCB\xF1\xBB\xD9\x91\x23\x3F\x48\x01\x70\x75\xA9\x05\x2A\xAD\x1F\x71\xF3\xC9\x54\x3D\x1D\x06\x6A\x40\x3E\xB3\x0C\x85\xEE\x5C\x1B\x79\xC2\x62\xC4\xB8\x36\x8E\x35\x5D\x01\x0C\x23\x04\x47\x35\xAA\x9B\x60\x4E\xA0\x66\x3D\xCB\x26\x0A\x9C\x40\xA1\xF4\x5D\x98\xBF\x71\xAB\xA5\x00\x68\x2A\xED\x83\x7A\x0F\xA2\x14\xB5\xD4\x22\xB3\x80\xB0\x3C\x0C\x5A\x51\x69\x2D\x58\x18\x8F\xED\x99\x9E\xF1\xAE\xE2\x95\xE6\xF6\x47\xA8\xD6\x0C\x0F\xB0\x58\x58\xDB\xC3\x66\x37\x9E\x9B\x91\x54\x33\x37\xD2\x94\x1C\x6A\x48\xC9\xC9\xF2\xA5\xDA\xA5\x0C\x23\xF7\x23\x0E\x9C\x32\x55\x5E\x71\x9C\x84\x05\x51\x9A\x2D\xFD\xE6\x4E\x2A\x34\x5A\xDE\xCA\x40\x37\x67\x0C\x54\x21\x55\x77\xDA\x0A\x0C\xCC\x97\xAE\x80\xDC\x94\x36\x4A\xF4\x3E\xCE\x36\x13\x1E\x53\xE4\xAC\x4E\x3A\x05\xEC\xDB\xAE\x72\x9C\x38\x8B\xD0\x39\x3B\x89\x0A\x3E\x77\xFE\x75\x02\x01\x03\xA3\x82\x01\x44\x30\x82\x01\x40\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x0C\x30\x3C\x06\x03\x55\x1D\x1F\x04\x35\x30\x33\x30\x31\xA0\x2F\xA0\x2D\x86\x2B\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x2F\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x2E\x63\x72\x6C\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE3\x94\xF5\xB1\x4D\xE9\xDB\xA1\x29\x5B\x57\x8B\x4D\x76\x06\x76\xE1\xD1\xA2\x8A\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x27\x06\x03\x55\x1D\x11\x04\x20\x30\x1E\x81\x1C\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x40\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x30\x27\x06\x03\x55\x1D\x12\x04\x20\x30\x1E\x81\x1C\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x40\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x30\x58\x06\x03\x55\x1D\x20\x04\x51\x30\x4F\x30\x4D\x06\x0B\x2B\x06\x01\x04\x01\x81\x87\x2E\x0A\x03\x01\x30\x3E\x30\x3C\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x30\x68\x74\x74\x70\x3A\x2F\x2F\x63\x70\x73\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x2F\x63\x70\x73\x2F\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x2E\x68\x74\x6D\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x0C\x41\x97\xC2\x1A\x86\xC0\x22\x7C\x9F\xFB\x90\xF3\x1A\xD1\x03\xB1\xEF\x13\xF9\x21\x5F\x04\x9C\xDA\xC9\xA5\x8D\x27\x6C\x96\x87\x91\xBE\x41\x90\x01\x72\x93\xE7\x1E\x7D\x5F\xF6\x89\xC6\x5D\xA7\x40\x09\x3D\xAC\x49\x45\x45\xDC\x2E\x8D\x30\x68\xB2\x09\xBA\xFB\xC3\x2F\xCC\xBA\x0B\xDF\x3F\x77\x7B\x46\x7D\x3A\x12\x24\x8E\x96\x8F\x3C\x05\x0A\x6F\xD2\x94\x28\x1D\x6D\x0C\xC0\x2E\x88\x22\xD5\xD8\xCF\x1D\x13\xC7\xF0\x48\xD7\xD7\x05\xA7\xCF\xC7\x47\x9E\x3B\x3C\x34\xC8\x80\x4F\xD4\x14\xBB\xFC\x0D\x50\xF7\xFA\xB3\xEC\x42\x5F\xA9\xDD\x6D\xC8\xF4\x75\xCF\x7B\xC1\x72\x26\xB1\x01\x1C\x5C\x2C\xFD\x7A\x4E\xB4\x01\xC5\x05\x57\xB9\xE7\x3C\xAA\x05\xD9\x88\xE9\x07\x46\x41\xCE\xEF\x41\x81\xAE\x58\xDF\x83\xA2\xAE\xCA\xD7\x77\x1F\xE7\x00\x3C\x9D\x6F\x8E\xE4\x32\x09\x1D\x4D\x78\x34\x78\x34\x3C\x94\x9B\x26\xED\x4F\x71\xC6\x19\x7A\xBD\x20\x22\x48\x5A\xFE\x4B\x7D\x03\xB7\xE7\x58\xBE\xC6\x32\x4E\x74\x1E\x68\xDD\xA8\x68\x5B\xB3\x3E\xEE\x62\x7D\xD9\x80\xE8\x0A\x75\x7A\xB7\xEE\xB4\x65\x9A\x21\x90\xE0\xAA\xD0\x98\xBC\x38\xB5\x73\x3C\x8B\xF8\xDC",
+	["CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU"] = "\x30\x82\x04\xC5\x30\x82\x03\xAD\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0A\x13\x1E\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0B\x13\x1A\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x47\x6C\x6F\x62\x61\x6C\x20\x43\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x33\x30\x39\x33\x30\x31\x36\x31\x34\x31\x38\x5A\x17\x0D\x33\x37\x30\x39\x33\x30\x31\x36\x31\x34\x31\x38\x5A\x30\x7D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0A\x13\x1E\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0B\x13\x1A\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x47\x6C\x6F\x62\x61\x6C\x20\x43\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x20\x52\x6F\x6F\x74\x30\x82\x01\x20\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0D\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xA2\x70\xA2\xD0\x9F\x42\xAE\x5B\x17\xC7\xD8\x7D\xCF\x14\x83\xFC\x4F\xC9\xA1\xB7\x13\xAF\x8A\xD7\x9E\x3E\x04\x0A\x92\x8B\x60\x56\xFA\xB4\x32\x2F\x88\x4D\xA1\x60\x08\xF4\xB7\x09\x4E\xA0\x49\x2F\x49\xD6\xD3\xDF\x9D\x97\x5A\x9F\x94\x04\x70\xEC\x3F\x59\xD9\xB7\xCC\x66\x8B\x98\x52\x28\x09\x02\xDF\xC5\x2F\x84\x8D\x7A\x97\x77\xBF\xEC\x40\x9D\x25\x72\xAB\xB5\x3F\x32\x98\xFB\xB7\xB7\xFC\x72\x84\xE5\x35\x87\xF9\x55\xFA\xA3\x1F\x0E\x6F\x2E\x28\xDD\x69\xA0\xD9\x42\x10\xC6\xF8\xB5\x44\xC2\xD0\x43\x7F\xDB\xBC\xE4\xA2\x3C\x6A\x55\x78\x0A\x77\xA9\xD8\xEA\x19\x32\xB7\x2F\xFE\x5C\x3F\x1B\xEE\xB1\x98\xEC\xCA\xAD\x7A\x69\x45\xE3\x96\x0F\x55\xF6\xE6\xED\x75\xEA\x65\xE8\x32\x56\x93\x46\x89\xA8\x25\x8A\x65\x06\xEE\x6B\xBF\x79\x07\xD0\xF1\xB7\xAF\xED\x2C\x4D\x92\xBB\xC0\xA8\x5F\xA7\x67\x7D\x04\xF2\x15\x08\x70\xAC\x92\xD6\x7D\x04\xD2\x33\xFB\x4C\xB6\x0B\x0B\xFB\x1A\xC9\xC4\x8D\x03\xA9\x7E\x5C\xF2\x50\xAB\x12\xA5\xA1\xCF\x48\x50\xA5\xEF\xD2\xC8\x1A\x13\xFA\xB0\x7F\xB1\x82\x1C\x77\x6A\x0F\x5F\xDC\x0B\x95\x8F\xEF\x43\x7E\xE6\x45\x09\x25\x02\x01\x03\xA3\x82\x01\x50\x30\x82\x01\x4C\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x0C\x30\x3F\x06\x03\x55\x1D\x1F\x04\x38\x30\x36\x30\x34\xA0\x32\xA0\x30\x86\x2E\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x2F\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x72\x6F\x6F\x74\x2E\x63\x72\x6C\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x43\x9C\x36\x9F\xB0\x9E\x30\x4D\xC6\xCE\x5F\xAD\x10\xAB\xE5\x03\xA5\xFA\xA9\x14\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x2A\x06\x03\x55\x1D\x11\x04\x23\x30\x21\x81\x1F\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x72\x6F\x6F\x74\x40\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x30\x2A\x06\x03\x55\x1D\x12\x04\x23\x30\x21\x81\x1F\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x72\x6F\x6F\x74\x40\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x30\x5B\x06\x03\x55\x1D\x20\x04\x54\x30\x52\x30\x50\x06\x0B\x2B\x06\x01\x04\x01\x81\x87\x2E\x0A\x01\x01\x30\x41\x30\x3F\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x33\x68\x74\x74\x70\x3A\x2F\x2F\x63\x70\x73\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x2F\x63\x70\x73\x2F\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x72\x6F\x6F\x74\x2E\x68\x74\x6D\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3C\x3B\x70\x91\xF9\x04\x54\x27\x91\xE1\xED\xED\xFE\x68\x7F\x61\x5D\xE5\x41\x65\x4F\x32\xF1\x18\x05\x94\x6A\x1C\xDE\x1F\x70\xDB\x3E\x7B\x32\x02\x34\xB5\x0C\x6C\xA1\x8A\x7C\xA5\xF4\x8F\xFF\xD4\xD8\xAD\x17\xD5\x2D\x04\xD1\x3F\x58\x80\xE2\x81\x59\x88\xBE\xC0\xE3\x46\x93\x24\xFE\x90\xBD\x26\xA2\x30\x2D\xE8\x97\x26\x57\x35\x89\x74\x96\x18\xF6\x15\xE2\xAF\x24\x19\x56\x02\x02\xB2\xBA\x0F\x14\xEA\xC6\x8A\x66\xC1\x86\x45\x55\x8B\xBE\x92\xBE\x9C\xA4\x04\xC7\x49\x3C\x9E\xE8\x29\x7A\x89\xD7\xFE\xAF\xFF\x68\xF5\xA5\x17\x90\xBD\xAC\x99\xCC\xA5\x86\x57\x09\x67\x46\xDB\xD6\x16\xC2\x46\xF1\xE4\xA9\x50\xF5\x8F\xD1\x92\x15\xD3\x5F\x3E\xC6\x00\x49\x3A\x6E\x58\xB2\xD1\xD1\x27\x0D\x25\xC8\x32\xF8\x20\x11\xCD\x7D\x32\x33\x48\x94\x54\x4C\xDD\xDC\x79\xC4\x30\x9F\xEB\x8E\xB8\x55\xB5\xD7\x88\x5C\xC5\x6A\x24\x3D\xB2\xD3\x05\x03\x51\xC6\x07\xEF\xCC\x14\x72\x74\x3D\x6E\x72\xCE\x18\x28\x8C\x4A\xA0\x77\xE5\x09\x2B\x45\x44\x47\xAC\xB7\x67\x7F\x01\x8A\x05\x5A\x93\xBE\xA1\xC1\xFF\xF8\xE7\x0E\x67\xA4\x47\x49\x76\x5D\x75\x90\x1A\xF5\x26\x8F\xF0",
+	["CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,ST=Hungary,C=HU"] = "\x30\x82\x06\x7D\x30\x82\x05\x65\xA0\x03\x02\x01\x02\x02\x02\x01\x03\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x81\xAF\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x48\x75\x6E\x67\x61\x72\x79\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0A\x13\x1E\x4E\x65\x74\x4C\x6F\x63\x6B\x20\x48\x61\x6C\x6F\x7A\x61\x74\x62\x69\x7A\x74\x6F\x6E\x73\x61\x67\x69\x20\x4B\x66\x74\x2E\x31\x1A\x30\x18\x06\x03\x55\x04\x0B\x13\x11\x54\x61\x6E\x75\x73\x69\x74\x76\x61\x6E\x79\x6B\x69\x61\x64\x6F\x6B\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x4E\x65\x74\x4C\x6F\x63\x6B\x20\x4B\x6F\x7A\x6A\x65\x67\x79\x7A\x6F\x69\x20\x28\x43\x6C\x61\x73\x73\x20\x41\x29\x20\x54\x61\x6E\x75\x73\x69\x74\x76\x61\x6E\x79\x6B\x69\x61\x64\x6F\x30\x1E\x17\x0D\x39\x39\x30\x32\x32\x34\x32\x33\x31\x34\x34\x37\x5A\x17\x0D\x31\x39\x30\x32\x31\x39\x32\x33\x31\x34\x34\x37\x5A\x30\x81\xAF\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x48\x75\x6E\x67\x61\x72\x79\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0A\x13\x1E\x4E\x65\x74\x4C\x6F\x63\x6B\x20\x48\x61\x6C\x6F\x7A\x61\x74\x62\x69\x7A\x74\x6F\x6E\x73\x61\x67\x69\x20\x4B\x66\x74\x2E\x31\x1A\x30\x18\x06\x03\x55\x04\x0B\x13\x11\x54\x61\x6E\x75\x73\x69\x74\x76\x61\x6E\x79\x6B\x69\x61\x64\x6F\x6B\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x4E\x65\x74\x4C\x6F\x63\x6B\x20\x4B\x6F\x7A\x6A\x65\x67\x79\x7A\x6F\x69\x20\x28\x43\x6C\x61\x73\x73\x20\x41\x29\x20\x54\x61\x6E\x75\x73\x69\x74\x76\x61\x6E\x79\x6B\x69\x61\x64\x6F\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBC\x74\x8C\x0F\xBB\x4C\xF4\x37\x1E\xA9\x05\x82\xD8\xE6\xE1\x6C\x70\xEA\x78\xB5\x6E\xD1\x38\x44\x0D\xA8\x83\xCE\x5D\xD2\xD6\xD5\x81\xC5\xD4\x4B\xE7\x5B\x94\x70\x26\xDB\x3B\x9D\x6A\x4C\x62\xF7\x71\xF3\x64\xD6\x61\x3B\x3D\xEB\x73\xA3\x37\xD9\xCF\xEA\x8C\x92\x3B\xCD\xF7\x07\xDC\x66\x74\x97\xF4\x45\x22\xDD\xF4\x5C\xE0\xBF\x6D\xF3\xBE\x65\x33\xE4\x15\x3A\xBF\xDB\x98\x90\x55\x38\xC4\xED\xA6\x55\x63\x0B\xB0\x78\x04\xF4\xE3\x6E\xC1\x3F\x8E\xFC\x51\x78\x1F\x92\x9E\x83\xC2\xFE\xD9\xB0\xA9\xC9\xBC\x5A\x00\xFF\xA9\xA8\x98\x74\xFB\xF6\x2C\x3E\x15\x39\x0D\xB6\x04\x55\xA8\x0E\x98\x20\x42\xB3\xB1\x25\xAD\x7E\x9A\x6F\x5D\x53\xB1\xAB\x0C\xFC\xEB\xE0\xF3\x7A\xB3\xA8\xB3\xFF\x46\xF6\x63\xA2\xD8\x3A\x98\x7B\xB6\xAC\x85\xFF\xB0\x25\x4F\x74\x63\xE7\x13\x07\xA5\x0A\x8F\x05\xF7\xC0\x64\x6F\x7E\xA7\x27\x80\x96\xDE\xD4\x2E\x86\x60\xC7\x6B\x2B\x5E\x73\x7B\x17\xE7\x91\x3F\x64\x0C\xD8\x4B\x22\x34\x2B\x9B\x32\xF2\x48\x1F\x9F\xA1\x0A\x84\x7A\xE2\xC2\xAD\x97\x3D\x8E\xD5\xC1\xF9\x56\xA3\x50\xE9\xC6\xB4\xFA\x98\xA2\xEE\x95\xE6\x2A\x03\x8C\xDF\x02\x03\x01\x00\x01\xA3\x82\x02\x9F\x30\x82\x02\x9B\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x00\x06\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x04\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x82\x02\x60\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x0D\x04\x82\x02\x51\x16\x82\x02\x4D\x46\x49\x47\x59\x45\x4C\x45\x4D\x21\x20\x45\x7A\x65\x6E\x20\x74\x61\x6E\x75\x73\x69\x74\x76\x61\x6E\x79\x20\x61\x20\x4E\x65\x74\x4C\x6F\x63\x6B\x20\x4B\x66\x74\x2E\x20\x41\x6C\x74\x61\x6C\x61\x6E\x6F\x73\x20\x53\x7A\x6F\x6C\x67\x61\x6C\x74\x61\x74\x61\x73\x69\x20\x46\x65\x6C\x74\x65\x74\x65\x6C\x65\x69\x62\x65\x6E\x20\x6C\x65\x69\x72\x74\x20\x65\x6C\x6A\x61\x72\x61\x73\x6F\x6B\x20\x61\x6C\x61\x70\x6A\x61\x6E\x20\x6B\x65\x73\x7A\x75\x6C\x74\x2E\x20\x41\x20\x68\x69\x74\x65\x6C\x65\x73\x69\x74\x65\x73\x20\x66\x6F\x6C\x79\x61\x6D\x61\x74\x61\x74\x20\x61\x20\x4E\x65\x74\x4C\x6F\x63\x6B\x20\x4B\x66\x74\x2E\x20\x74\x65\x72\x6D\x65\x6B\x66\x65\x6C\x65\x6C\x6F\x73\x73\x65\x67\x2D\x62\x69\x7A\x74\x6F\x73\x69\x74\x61\x73\x61\x20\x76\x65\x64\x69\x2E\x20\x41\x20\x64\x69\x67\x69\x74\x61\x6C\x69\x73\x20\x61\x6C\x61\x69\x72\x61\x73\x20\x65\x6C\x66\x6F\x67\x61\x64\x61\x73\x61\x6E\x61\x6B\x20\x66\x65\x6C\x74\x65\x74\x65\x6C\x65\x20\x61\x7A\x20\x65\x6C\x6F\x69\x72\x74\x20\x65\x6C\x6C\x65\x6E\x6F\x72\x7A\x65\x73\x69\x20\x65\x6C\x6A\x61\x72\x61\x73\x20\x6D\x65\x67\x74\x65\x74\x65\x6C\x65\x2E\x20\x41\x7A\x20\x65\x6C\x6A\x61\x72\x61\x73\x20\x6C\x65\x69\x72\x61\x73\x61\x20\x6D\x65\x67\x74\x61\x6C\x61\x6C\x68\x61\x74\x6F\x20\x61\x20\x4E\x65\x74\x4C\x6F\x63\x6B\x20\x4B\x66\x74\x2E\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x68\x6F\x6E\x6C\x61\x70\x6A\x61\x6E\x20\x61\x20\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x6E\x65\x74\x6C\x6F\x63\x6B\x2E\x6E\x65\x74\x2F\x64\x6F\x63\x73\x20\x63\x69\x6D\x65\x6E\x20\x76\x61\x67\x79\x20\x6B\x65\x72\x68\x65\x74\x6F\x20\x61\x7A\x20\x65\x6C\x6C\x65\x6E\x6F\x72\x7A\x65\x73\x40\x6E\x65\x74\x6C\x6F\x63\x6B\x2E\x6E\x65\x74\x20\x65\x2D\x6D\x61\x69\x6C\x20\x63\x69\x6D\x65\x6E\x2E\x20\x49\x4D\x50\x4F\x52\x54\x41\x4E\x54\x21\x20\x54\x68\x65\x20\x69\x73\x73\x75\x61\x6E\x63\x65\x20\x61\x6E\x64\x20\x74\x68\x65\x20\x75\x73\x65\x20\x6F\x66\x20\x74\x68\x69\x73\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x69\x73\x20\x73\x75\x62\x6A\x65\x63\x74\x20\x74\x6F\x20\x74\x68\x65\x20\x4E\x65\x74\x4C\x6F\x63\x6B\x20\x43\x50\x53\x20\x61\x76\x61\x69\x6C\x61\x62\x6C\x65\x20\x61\x74\x20\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x6E\x65\x74\x6C\x6F\x63\x6B\x2E\x6E\x65\x74\x2F\x64\x6F\x63\x73\x20\x6F\x72\x20\x62\x79\x20\x65\x2D\x6D\x61\x69\x6C\x20\x61\x74\x20\x63\x70\x73\x40\x6E\x65\x74\x6C\x6F\x63\x6B\x2E\x6E\x65\x74\x2E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x82\x01\x01\x00\x48\x24\x46\xF7\xBA\x56\x6F\xFA\xC8\x28\x03\x40\x4E\xE5\x31\x39\x6B\x26\x6B\x53\x7F\xDB\xDF\xDF\xF3\x71\x3D\x26\xC0\x14\x0E\xC6\x67\x7B\x23\xA8\x0C\x73\xDD\x01\xBB\xC6\xCA\x6E\x37\x39\x55\xD5\xC7\x8C\x56\x20\x0E\x28\x0A\x0E\xD2\x2A\xA4\xB0\x49\x52\xC6\x38\x07\xFE\xBE\x0A\x09\x8C\xD1\x98\xCF\xCA\xDA\x14\x31\xA1\x4F\xD2\x39\xFC\x0F\x11\x2C\x43\xC3\xDD\xAB\x93\xC7\x55\x3E\x47\x7C\x18\x1A\x00\xDC\xF3\x7B\xD8\xF2\x7F\x52\x6C\x20\xF4\x0B\x5F\x69\x52\xF4\xEE\xF8\xB2\x29\x60\xEB\xE3\x49\x31\x21\x0D\xD6\xB5\x10\x41\xE2\x41\x09\x6C\xE2\x1A\x9A\x56\x4B\x77\x02\xF6\xA0\x9B\x9A\x27\x87\xE8\x55\x29\x71\xC2\x90\x9F\x45\x78\x1A\xE1\x15\x64\x3D\xD0\x0E\xD8\xA0\x76\x9F\xAE\xC5\xD0\x2E\xEA\xD6\x0F\x56\xEC\x64\x7F\x5A\x9B\x14\x58\x01\x27\x7E\x13\x50\xC7\x6B\x2A\xE6\x68\x3C\xBF\x5C\xA0\x0A\x1B\xE1\x0E\x7A\xE9\xE2\x80\xC3\xE9\xE9\xF6\xFD\x6C\x11\x9E\xD0\xE5\x28\x27\x2B\x54\x32\x42\x14\x82\x75\xE6\x4A\xF0\x2B\x66\x75\x63\x8C\xA2\xFB\x04\x3E\x83\x0E\x9B\x36\xF0\x18\xE4\x26\x20\xC3\x8C\xF0\x28\x07\xAD\x3C\x17\x66\x88\xB5\xFD\xB6\x88",
+	["CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US"] = "\x30\x82\x04\x30\x30\x82\x03\x18\xA0\x03\x02\x01\x02\x02\x10\x50\x94\x6C\xEC\x18\xEA\xD5\x9C\x4D\xD5\x97\xEF\x75\x8F\xA0\xAD\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x13\x15\x77\x77\x77\x2E\x78\x72\x61\x6D\x70\x73\x65\x63\x75\x72\x69\x74\x79\x2E\x63\x6F\x6D\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x58\x52\x61\x6D\x70\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x49\x6E\x63\x31\x2D\x30\x2B\x06\x03\x55\x04\x03\x13\x24\x58\x52\x61\x6D\x70\x20\x47\x6C\x6F\x62\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x34\x31\x31\x30\x31\x31\x37\x31\x34\x30\x34\x5A\x17\x0D\x33\x35\x30\x31\x30\x31\x30\x35\x33\x37\x31\x39\x5A\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x13\x15\x77\x77\x77\x2E\x78\x72\x61\x6D\x70\x73\x65\x63\x75\x72\x69\x74\x79\x2E\x63\x6F\x6D\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x58\x52\x61\x6D\x70\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x49\x6E\x63\x31\x2D\x30\x2B\x06\x03\x55\x04\x03\x13\x24\x58\x52\x61\x6D\x70\x20\x47\x6C\x6F\x62\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x98\x24\x1E\xBD\x15\xB4\xBA\xDF\xC7\x8C\xA5\x27\xB6\x38\x0B\x69\xF3\xB6\x4E\xA8\x2C\x2E\x21\x1D\x5C\x44\xDF\x21\x5D\x7E\x23\x74\xFE\x5E\x7E\xB4\x4A\xB7\xA6\xAD\x1F\xAE\xE0\x06\x16\xE2\x9B\x5B\xD9\x67\x74\x6B\x5D\x80\x8F\x29\x9D\x86\x1B\xD9\x9C\x0D\x98\x6D\x76\x10\x28\x58\xE4\x65\xB0\x7F\x4A\x98\x79\x9F\xE0\xC3\x31\x7E\x80\x2B\xB5\x8C\xC0\x40\x3B\x11\x86\xD0\xCB\xA2\x86\x36\x60\xA4\xD5\x30\x82\x6D\xD9\x6E\xD0\x0F\x12\x04\x33\x97\x5F\x4F\x61\x5A\xF0\xE4\xF9\x91\xAB\xE7\x1D\x3B\xBC\xE8\xCF\xF4\x6B\x2D\x34\x7C\xE2\x48\x61\x1C\x8E\xF3\x61\x44\xCC\x6F\xA0\x4A\xA9\x94\xB0\x4D\xDA\xE7\xA9\x34\x7A\x72\x38\xA8\x41\xCC\x3C\x94\x11\x7D\xEB\xC8\xA6\x8C\xB7\x86\xCB\xCA\x33\x3B\xD9\x3D\x37\x8B\xFB\x7A\x3E\x86\x2C\xE7\x73\xD7\x0A\x57\xAC\x64\x9B\x19\xEB\xF4\x0F\x04\x08\x8A\xAC\x03\x17\x19\x64\xF4\x5A\x25\x22\x8D\x34\x2C\xB2\xF6\x68\x1D\x12\x6D\xD3\x8A\x1E\x14\xDA\xC4\x8F\xA6\xE2\x23\x85\xD5\x7A\x0D\xBD\x6A\xE0\xE9\xEC\xEC\x17\xBB\x42\x1B\x67\xAA\x25\xED\x45\x83\x21\xFC\xC1\xC9\x7C\xD5\x62\x3E\xFA\xF2\xC5\x2D\xD3\xFD\xD4\x65\x02\x03\x01\x00\x01\xA3\x81\x9F\x30\x81\x9C\x30\x13\x06\x09\x2B\x06\x01\x04\x01\x82\x37\x14\x02\x04\x06\x1E\x04\x00\x43\x00\x41\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x86\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xC6\x4F\xA2\x3D\x06\x63\x84\x09\x9C\xCE\x62\xE4\x04\xAC\x8D\x5C\xB5\xE9\xB6\x1B\x30\x36\x06\x03\x55\x1D\x1F\x04\x2F\x30\x2D\x30\x2B\xA0\x29\xA0\x27\x86\x25\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x78\x72\x61\x6D\x70\x73\x65\x63\x75\x72\x69\x74\x79\x2E\x63\x6F\x6D\x2F\x58\x47\x43\x41\x2E\x63\x72\x6C\x30\x10\x06\x09\x2B\x06\x01\x04\x01\x82\x37\x15\x01\x04\x03\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x91\x15\x39\x03\x01\x1B\x67\xFB\x4A\x1C\xF9\x0A\x60\x5B\xA1\xDA\x4D\x97\x62\xF9\x24\x53\x27\xD7\x82\x64\x4E\x90\x2E\xC3\x49\x1B\x2B\x9A\xDC\xFC\xA8\x78\x67\x35\xF1\x1D\xF0\x11\xBD\xB7\x48\xE3\x10\xF6\x0D\xDF\x3F\xD2\xC9\xB6\xAA\x55\xA4\x48\xBA\x02\xDB\xDE\x59\x2E\x15\x5B\x3B\x9D\x16\x7D\x47\xD7\x37\xEA\x5F\x4D\x76\x12\x36\xBB\x1F\xD7\xA1\x81\x04\x46\x20\xA3\x2C\x6D\xA9\x9E\x01\x7E\x3F\x29\xCE\x00\x93\xDF\xFD\xC9\x92\x73\x89\x89\x64\x9E\xE7\x2B\xE4\x1C\x91\x2C\xD2\xB9\xCE\x7D\xCE\x6F\x31\x99\xD3\xE6\xBE\xD2\x1E\x90\xF0\x09\x14\x79\x5C\x23\xAB\x4D\xD2\xDA\x21\x1F\x4D\x99\x79\x9D\xE1\xCF\x27\x9F\x10\x9B\x1C\x88\x0D\xB0\x8A\x64\x41\x31\xB8\x0E\x6C\x90\x24\xA4\x9B\x5C\x71\x8F\xBA\xBB\x7E\x1C\x1B\xDB\x6A\x80\x0F\x21\xBC\xE9\xDB\xA6\xB7\x40\xF4\xB2\x8B\xA9\xB1\xE4\xEF\x9A\x1A\xD0\x3D\x69\x99\xEE\xA8\x28\xA3\xE1\x3C\xB3\xF0\xB2\x11\x9C\xCF\x7C\x40\xE6\xDD\xE7\x43\x7D\xA2\xD8\x3A\xB5\xA9\x8D\xF2\x34\x99\xC4\xD4\x10\xE1\x06\xFD\x09\x84\x10\x3B\xEE\xC4\x4C\xF4\xEC\x27\x7C\x42\xC2\x74\x7C\x82\x8A\x09\xC9\xB4\x03\x25\xBC",
+	["OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US"] = "\x30\x82\x04\x00\x30\x82\x02\xE8\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1F\x06\x03\x55\x04\x0A\x13\x18\x54\x68\x65\x20\x47\x6F\x20\x44\x61\x64\x64\x79\x20\x47\x72\x6F\x75\x70\x2C\x20\x49\x6E\x63\x2E\x31\x31\x30\x2F\x06\x03\x55\x04\x0B\x13\x28\x47\x6F\x20\x44\x61\x64\x64\x79\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x34\x30\x36\x32\x39\x31\x37\x30\x36\x32\x30\x5A\x17\x0D\x33\x34\x30\x36\x32\x39\x31\x37\x30\x36\x32\x30\x5A\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1F\x06\x03\x55\x04\x0A\x13\x18\x54\x68\x65\x20\x47\x6F\x20\x44\x61\x64\x64\x79\x20\x47\x72\x6F\x75\x70\x2C\x20\x49\x6E\x63\x2E\x31\x31\x30\x2F\x06\x03\x55\x04\x0B\x13\x28\x47\x6F\x20\x44\x61\x64\x64\x79\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x01\x20\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0D\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xDE\x9D\xD7\xEA\x57\x18\x49\xA1\x5B\xEB\xD7\x5F\x48\x86\xEA\xBE\xDD\xFF\xE4\xEF\x67\x1C\xF4\x65\x68\xB3\x57\x71\xA0\x5E\x77\xBB\xED\x9B\x49\xE9\x70\x80\x3D\x56\x18\x63\x08\x6F\xDA\xF2\xCC\xD0\x3F\x7F\x02\x54\x22\x54\x10\xD8\xB2\x81\xD4\xC0\x75\x3D\x4B\x7F\xC7\x77\xC3\x3E\x78\xAB\x1A\x03\xB5\x20\x6B\x2F\x6A\x2B\xB1\xC5\x88\x7E\xC4\xBB\x1E\xB0\xC1\xD8\x45\x27\x6F\xAA\x37\x58\xF7\x87\x26\xD7\xD8\x2D\xF6\xA9\x17\xB7\x1F\x72\x36\x4E\xA6\x17\x3F\x65\x98\x92\xDB\x2A\x6E\x5D\xA2\xFE\x88\xE0\x0B\xDE\x7F\xE5\x8D\x15\xE1\xEB\xCB\x3A\xD5\xE2\x12\xA2\x13\x2D\xD8\x8E\xAF\x5F\x12\x3D\xA0\x08\x05\x08\xB6\x5C\xA5\x65\x38\x04\x45\x99\x1E\xA3\x60\x60\x74\xC5\x41\xA5\x72\x62\x1B\x62\xC5\x1F\x6F\x5F\x1A\x42\xBE\x02\x51\x65\xA8\xAE\x23\x18\x6A\xFC\x78\x03\xA9\x4D\x7F\x80\xC3\xFA\xAB\x5A\xFC\xA1\x40\xA4\xCA\x19\x16\xFE\xB2\xC8\xEF\x5E\x73\x0D\xEE\x77\xBD\x9A\xF6\x79\x98\xBC\xB1\x07\x67\xA2\x15\x0D\xDD\xA0\x58\xC6\x44\x7B\x0A\x3E\x62\x28\x5F\xBA\x41\x07\x53\x58\xCF\x11\x7E\x38\x74\xC5\xF8\xFF\xB5\x69\x90\x8F\x84\x74\xEA\x97\x1B\xAF\x02\x01\x03\xA3\x81\xC0\x30\x81\xBD\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xD2\xC4\xB0\xD2\x91\xD4\x4C\x11\x71\xB3\x61\xCB\x3D\xA1\xFE\xDD\xA8\x6A\xD4\xE3\x30\x81\x8D\x06\x03\x55\x1D\x23\x04\x81\x85\x30\x81\x82\x80\x14\xD2\xC4\xB0\xD2\x91\xD4\x4C\x11\x71\xB3\x61\xCB\x3D\xA1\xFE\xDD\xA8\x6A\xD4\xE3\xA1\x67\xA4\x65\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1F\x06\x03\x55\x04\x0A\x13\x18\x54\x68\x65\x20\x47\x6F\x20\x44\x61\x64\x64\x79\x20\x47\x72\x6F\x75\x70\x2C\x20\x49\x6E\x63\x2E\x31\x31\x30\x2F\x06\x03\x55\x04\x0B\x13\x28\x47\x6F\x20\x44\x61\x64\x64\x79\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x82\x01\x00\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x32\x4B\xF3\xB2\xCA\x3E\x91\xFC\x12\xC6\xA1\x07\x8C\x8E\x77\xA0\x33\x06\x14\x5C\x90\x1E\x18\xF7\x08\xA6\x3D\x0A\x19\xF9\x87\x80\x11\x6E\x69\xE4\x96\x17\x30\xFF\x34\x91\x63\x72\x38\xEE\xCC\x1C\x01\xA3\x1D\x94\x28\xA4\x31\xF6\x7A\xC4\x54\xD7\xF6\xE5\x31\x58\x03\xA2\xCC\xCE\x62\xDB\x94\x45\x73\xB5\xBF\x45\xC9\x24\xB5\xD5\x82\x02\xAD\x23\x79\x69\x8D\xB8\xB6\x4D\xCE\xCF\x4C\xCA\x33\x23\xE8\x1C\x88\xAA\x9D\x8B\x41\x6E\x16\xC9\x20\xE5\x89\x9E\xCD\x3B\xDA\x70\xF7\x7E\x99\x26\x20\x14\x54\x25\xAB\x6E\x73\x85\xE6\x9B\x21\x9D\x0A\x6C\x82\x0E\xA8\xF8\xC2\x0C\xFA\x10\x1E\x6C\x96\xEF\x87\x0D\xC4\x0F\x61\x8B\xAD\xEE\x83\x2B\x95\xF8\x8E\x92\x84\x72\x39\xEB\x20\xEA\x83\xED\x83\xCD\x97\x6E\x08\xBC\xEB\x4E\x26\xB6\x73\x2B\xE4\xD3\xF6\x4C\xFE\x26\x71\xE2\x61\x11\x74\x4A\xFF\x57\x1A\x87\x0F\x75\x48\x2E\xCF\x51\x69\x17\xA0\x02\x12\x61\x95\xD5\xD1\x40\xB2\x10\x4C\xEE\xC4\xAC\x10\x43\xA6\xA5\x9E\x0A\xD5\x95\x62\x9A\x0D\xCF\x88\x82\xC5\x32\x0C\xE4\x2B\x9F\x45\xE6\x0D\x9F\x28\x9C\xB1\xB9\x2A\x5A\x57\xAD\x37\x0F\xAF\x1D\x7F\xDB\xBD\x9F",
+	["OU=Starfield Class 2 Certification Authority,O=Starfield Technologies\, Inc.,C=US"] = "\x30\x82\x04\x0F\x30\x82\x02\xF7\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x68\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x74\x61\x72\x66\x69\x65\x6C\x64\x20\x54\x65\x63\x68\x6E\x6F\x6C\x6F\x67\x69\x65\x73\x2C\x20\x49\x6E\x63\x2E\x31\x32\x30\x30\x06\x03\x55\x04\x0B\x13\x29\x53\x74\x61\x72\x66\x69\x65\x6C\x64\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x34\x30\x36\x32\x39\x31\x37\x33\x39\x31\x36\x5A\x17\x0D\x33\x34\x30\x36\x32\x39\x31\x37\x33\x39\x31\x36\x5A\x30\x68\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x74\x61\x72\x66\x69\x65\x6C\x64\x20\x54\x65\x63\x68\x6E\x6F\x6C\x6F\x67\x69\x65\x73\x2C\x20\x49\x6E\x63\x2E\x31\x32\x30\x30\x06\x03\x55\x04\x0B\x13\x29\x53\x74\x61\x72\x66\x69\x65\x6C\x64\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x01\x20\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0D\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xB7\x32\xC8\xFE\xE9\x71\xA6\x04\x85\xAD\x0C\x11\x64\xDF\xCE\x4D\xEF\xC8\x03\x18\x87\x3F\xA1\xAB\xFB\x3C\xA6\x9F\xF0\xC3\xA1\xDA\xD4\xD8\x6E\x2B\x53\x90\xFB\x24\xA4\x3E\x84\xF0\x9E\xE8\x5F\xEC\xE5\x27\x44\xF5\x28\xA6\x3F\x7B\xDE\xE0\x2A\xF0\xC8\xAF\x53\x2F\x9E\xCA\x05\x01\x93\x1E\x8F\x66\x1C\x39\xA7\x4D\xFA\x5A\xB6\x73\x04\x25\x66\xEB\x77\x7F\xE7\x59\xC6\x4A\x99\x25\x14\x54\xEB\x26\xC7\xF3\x7F\x19\xD5\x30\x70\x8F\xAF\xB0\x46\x2A\xFF\xAD\xEB\x29\xED\xD7\x9F\xAA\x04\x87\xA3\xD4\xF9\x89\xA5\x34\x5F\xDB\x43\x91\x82\x36\xD9\x66\x3C\xB1\xB8\xB9\x82\xFD\x9C\x3A\x3E\x10\xC8\x3B\xEF\x06\x65\x66\x7A\x9B\x19\x18\x3D\xFF\x71\x51\x3C\x30\x2E\x5F\xBE\x3D\x77\x73\xB2\x5D\x06\x6C\xC3\x23\x56\x9A\x2B\x85\x26\x92\x1C\xA7\x02\xB3\xE4\x3F\x0D\xAF\x08\x79\x82\xB8\x36\x3D\xEA\x9C\xD3\x35\xB3\xBC\x69\xCA\xF5\xCC\x9D\xE8\xFD\x64\x8D\x17\x80\x33\x6E\x5E\x4A\x5D\x99\xC9\x1E\x87\xB4\x9D\x1A\xC0\xD5\x6E\x13\x35\x23\x5E\xDF\x9B\x5F\x3D\xEF\xD6\xF7\x76\xC2\xEA\x3E\xBB\x78\x0D\x1C\x42\x67\x6B\x04\xD8\xF8\xD6\xDA\x6F\x8B\xF2\x44\xA0\x01\xAB\x02\x01\x03\xA3\x81\xC5\x30\x81\xC2\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xBF\x5F\xB7\xD1\xCE\xDD\x1F\x86\xF4\x5B\x55\xAC\xDC\xD7\x10\xC2\x0E\xA9\x88\xE7\x30\x81\x92\x06\x03\x55\x1D\x23\x04\x81\x8A\x30\x81\x87\x80\x14\xBF\x5F\xB7\xD1\xCE\xDD\x1F\x86\xF4\x5B\x55\xAC\xDC\xD7\x10\xC2\x0E\xA9\x88\xE7\xA1\x6C\xA4\x6A\x30\x68\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x74\x61\x72\x66\x69\x65\x6C\x64\x20\x54\x65\x63\x68\x6E\x6F\x6C\x6F\x67\x69\x65\x73\x2C\x20\x49\x6E\x63\x2E\x31\x32\x30\x30\x06\x03\x55\x04\x0B\x13\x29\x53\x74\x61\x72\x66\x69\x65\x6C\x64\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x82\x01\x00\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x05\x9D\x3F\x88\x9D\xD1\xC9\x1A\x55\xA1\xAC\x69\xF3\xF3\x59\xDA\x9B\x01\x87\x1A\x4F\x57\xA9\xA1\x79\x09\x2A\xDB\xF7\x2F\xB2\x1E\xCC\xC7\x5E\x6A\xD8\x83\x87\xA1\x97\xEF\x49\x35\x3E\x77\x06\x41\x58\x62\xBF\x8E\x58\xB8\x0A\x67\x3F\xEC\xB3\xDD\x21\x66\x1F\xC9\x54\xFA\x72\xCC\x3D\x4C\x40\xD8\x81\xAF\x77\x9E\x83\x7A\xBB\xA2\xC7\xF5\x34\x17\x8E\xD9\x11\x40\xF4\xFC\x2C\x2A\x4D\x15\x7F\xA7\x62\x5D\x2E\x25\xD3\x00\x0B\x20\x1A\x1D\x68\xF9\x17\xB8\xF4\xBD\x8B\xED\x28\x59\xDD\x4D\x16\x8B\x17\x83\xC8\xB2\x65\xC7\x2D\x7A\xA5\xAA\xBC\x53\x86\x6D\xDD\x57\xA4\xCA\xF8\x20\x41\x0B\x68\xF0\xF4\xFB\x74\xBE\x56\x5D\x7A\x79\xF5\xF9\x1D\x85\xE3\x2D\x95\xBE\xF5\x71\x90\x43\xCC\x8D\x1F\x9A\x00\x0A\x87\x29\xE9\x55\x22\x58\x00\x23\xEA\xE3\x12\x43\x29\x5B\x47\x08\xDD\x8C\x41\x6A\x65\x06\xA8\xE5\x21\xAA\x41\xB4\x95\x21\x95\xB9\x7D\xD1\x34\xAB\x13\xD6\xAD\xBC\xDC\xE2\x3D\x39\xCD\xBD\x3E\x75\x70\xA1\x18\x59\x03\xC9\x22\xB4\x8F\x9C\xD5\x5E\x2A\xD7\xA5\xB6\xD4\x0A\x6D\xF8\xB7\x40\x11\x46\x9A\x1F\x79\x0E\x62\xBF\x0F\x97\xEC\xE0\x2F\x1F\x17\x94",
+	["CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL"] = "\x30\x82\x07\xC9\x30\x82\x05\xB1\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4C\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x4C\x74\x64\x2E\x31\x2B\x30\x29\x06\x03\x55\x04\x0B\x13\x22\x53\x65\x63\x75\x72\x65\x20\x44\x69\x67\x69\x74\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x69\x67\x6E\x69\x6E\x67\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x36\x30\x39\x31\x37\x31\x39\x34\x36\x33\x36\x5A\x17\x0D\x33\x36\x30\x39\x31\x37\x31\x39\x34\x36\x33\x36\x5A\x30\x7D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4C\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x4C\x74\x64\x2E\x31\x2B\x30\x29\x06\x03\x55\x04\x0B\x13\x22\x53\x65\x63\x75\x72\x65\x20\x44\x69\x67\x69\x74\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x69\x67\x6E\x69\x6E\x67\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xC1\x88\xDB\x09\xBC\x6C\x46\x7C\x78\x9F\x95\x7B\xB5\x33\x90\xF2\x72\x62\xD6\xC1\x36\x20\x22\x24\x5E\xCE\xE9\x77\xF2\x43\x0A\xA2\x06\x64\xA4\xCC\x8E\x36\xF8\x38\xE6\x23\xF0\x6E\x6D\xB1\x3C\xDD\x72\xA3\x85\x1C\xA1\xD3\x3D\xB4\x33\x2B\xD3\x2F\xAF\xFE\xEA\xB0\x41\x59\x67\xB6\xC4\x06\x7D\x0A\x9E\x74\x85\xD6\x79\x4C\x80\x37\x7A\xDF\x39\x05\x52\x59\xF7\xF4\x1B\x46\x43\xA4\xD2\x85\x85\xD2\xC3\x71\xF3\x75\x62\x34\xBA\x2C\x8A\x7F\x1E\x8F\xEE\xED\x34\xD0\x11\xC7\x96\xCD\x52\x3D\xBA\x33\xD6\xDD\x4D\xDE\x0B\x3B\x4A\x4B\x9F\xC2\x26\x2F\xFA\xB5\x16\x1C\x72\x35\x77\xCA\x3C\x5D\xE6\xCA\xE1\x26\x8B\x1A\x36\x76\x5C\x01\xDB\x74\x14\x25\xFE\xED\xB5\xA0\x88\x0F\xDD\x78\xCA\x2D\x1F\x07\x97\x30\x01\x2D\x72\x79\xFA\x46\xD6\x13\x2A\xA8\xB9\xA6\xAB\x83\x49\x1D\xE5\xF2\xEF\xDD\xE4\x01\x8E\x18\x0A\x8F\x63\x53\x16\x85\x62\xA9\x0E\x19\x3A\xCC\xB5\x66\xA6\xC2\x6B\x74\x07\xE4\x2B\xE1\x76\x3E\xB4\x6D\xD8\xF6\x44\xE1\x73\x62\x1F\x3B\xC4\xBE\xA0\x53\x56\x25\x6C\x51\x09\xF7\xAA\xAB\xCA\xBF\x76\xFD\x6D\x9B\xF3\x9D\xDB\xBF\x3D\x66\xBC\x0C\x56\xAA\xAF\x98\x48\x95\x3A\x4B\xDF\xA7\x58\x50\xD9\x38\x75\xA9\x5B\xEA\x43\x0C\x02\xFF\x99\xEB\xE8\x6C\x4D\x70\x5B\x29\x65\x9C\xDD\xAA\x5D\xCC\xAF\x01\x31\xEC\x0C\xEB\xD2\x8D\xE8\xEA\x9C\x7B\xE6\x6E\xF7\x27\x66\x0C\x1A\x48\xD7\x6E\x42\xE3\x3F\xDE\x21\x3E\x7B\xE1\x0D\x70\xFB\x63\xAA\xA8\x6C\x1A\x54\xB4\x5C\x25\x7A\xC9\xA2\xC9\x8B\x16\xA6\xBB\x2C\x7E\x17\x5E\x05\x4D\x58\x6E\x12\x1D\x01\xEE\x12\x10\x0D\xC6\x32\x7F\x18\xFF\xFC\xF4\xFA\xCD\x6E\x91\xE8\x36\x49\xBE\x1A\x48\x69\x8B\xC2\x96\x4D\x1A\x12\xB2\x69\x17\xC1\x0A\x90\xD6\xFA\x79\x22\x48\xBF\xBA\x7B\x69\xF8\x70\xC7\xFA\x7A\x37\xD8\xD8\x0D\xD2\x76\x4F\x57\xFF\x90\xB7\xE3\x91\xD2\xDD\xEF\xC2\x60\xB7\x67\x3A\xDD\xFE\xAA\x9C\xF0\xD4\x8B\x7F\x72\x22\xCE\xC6\x9F\x97\xB6\xF8\xAF\x8A\xA0\x10\xA8\xD9\xFB\x18\xC6\xB6\xB5\x5C\x52\x3C\x89\xB6\x19\x2A\x73\x01\x0A\x0F\x03\xB3\x12\x60\xF2\x7A\x2F\x81\xDB\xA3\x6E\xFF\x26\x30\x97\xF5\x8B\xDD\x89\x57\xB6\xAD\x3D\xB3\xAF\x2B\xC5\xB7\x76\x02\xF0\xA5\xD6\x2B\x9A\x86\x14\x2A\x72\xF6\xE3\x33\x8C\x5D\x09\x4B\x13\xDF\xBB\x8C\x74\x13\x52\x4B\x02\x03\x01\x00\x01\xA3\x82\x02\x52\x30\x82\x02\x4E\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\xAE\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4E\x0B\xEF\x1A\xA4\x40\x5B\xA5\x17\x69\x87\x30\xCA\x34\x68\x43\xD0\x41\xAE\xF2\x30\x64\x06\x03\x55\x1D\x1F\x04\x5D\x30\x5B\x30\x2C\xA0\x2A\xA0\x28\x86\x26\x68\x74\x74\x70\x3A\x2F\x2F\x63\x65\x72\x74\x2E\x73\x74\x61\x72\x74\x63\x6F\x6D\x2E\x6F\x72\x67\x2F\x73\x66\x73\x63\x61\x2D\x63\x72\x6C\x2E\x63\x72\x6C\x30\x2B\xA0\x29\xA0\x27\x86\x25\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x73\x74\x61\x72\x74\x63\x6F\x6D\x2E\x6F\x72\x67\x2F\x73\x66\x73\x63\x61\x2D\x63\x72\x6C\x2E\x63\x72\x6C\x30\x82\x01\x5D\x06\x03\x55\x1D\x20\x04\x82\x01\x54\x30\x82\x01\x50\x30\x82\x01\x4C\x06\x0B\x2B\x06\x01\x04\x01\x81\xB5\x37\x01\x01\x01\x30\x82\x01\x3B\x30\x2F\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3A\x2F\x2F\x63\x65\x72\x74\x2E\x73\x74\x61\x72\x74\x63\x6F\x6D\x2E\x6F\x72\x67\x2F\x70\x6F\x6C\x69\x63\x79\x2E\x70\x64\x66\x30\x35\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x29\x68\x74\x74\x70\x3A\x2F\x2F\x63\x65\x72\x74\x2E\x73\x74\x61\x72\x74\x63\x6F\x6D\x2E\x6F\x72\x67\x2F\x69\x6E\x74\x65\x72\x6D\x65\x64\x69\x61\x74\x65\x2E\x70\x64\x66\x30\x81\xD0\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x81\xC3\x30\x27\x16\x20\x53\x74\x61\x72\x74\x20\x43\x6F\x6D\x6D\x65\x72\x63\x69\x61\x6C\x20\x28\x53\x74\x61\x72\x74\x43\x6F\x6D\x29\x20\x4C\x74\x64\x2E\x30\x03\x02\x01\x01\x1A\x81\x97\x4C\x69\x6D\x69\x74\x65\x64\x20\x4C\x69\x61\x62\x69\x6C\x69\x74\x79\x2C\x20\x72\x65\x61\x64\x20\x74\x68\x65\x20\x73\x65\x63\x74\x69\x6F\x6E\x20\x2A\x4C\x65\x67\x61\x6C\x20\x4C\x69\x6D\x69\x74\x61\x74\x69\x6F\x6E\x73\x2A\x20\x6F\x66\x20\x74\x68\x65\x20\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x50\x6F\x6C\x69\x63\x79\x20\x61\x76\x61\x69\x6C\x61\x62\x6C\x65\x20\x61\x74\x20\x68\x74\x74\x70\x3A\x2F\x2F\x63\x65\x72\x74\x2E\x73\x74\x61\x72\x74\x63\x6F\x6D\x2E\x6F\x72\x67\x2F\x70\x6F\x6C\x69\x63\x79\x2E\x70\x64\x66\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x38\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x0D\x04\x2B\x16\x29\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x46\x72\x65\x65\x20\x53\x53\x4C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x16\x6C\x99\xF4\x66\x0C\x34\xF5\xD0\x85\x5E\x7D\x0A\xEC\xDA\x10\x4E\x38\x1C\x5E\xDF\xA6\x25\x05\x4B\x91\x32\xC1\xE8\x3B\xF1\x3D\xDD\x44\x09\x5B\x07\x49\x8A\x29\xCB\x66\x02\xB7\xB1\x9A\xF7\x25\x98\x09\x3C\x8E\x1B\xE1\xDD\x36\x87\x2B\x4B\xBB\x68\xD3\x39\x66\x3D\xA0\x26\xC7\xF2\x39\x91\x1D\x51\xAB\x82\x7B\x7E\xD5\xCE\x5A\xE4\xE2\x03\x57\x70\x69\x97\x08\xF9\x5E\x58\xA6\x0A\xDF\x8C\x06\x9A\x45\x16\x16\x38\x0A\x5E\x57\xF6\x62\xC7\x7A\x02\x05\xE6\xBC\x1E\xB5\xF2\x9E\xF4\xA9\x29\x83\xF8\xB2\x14\xE3\x6E\x28\x87\x44\xC3\x90\x1A\xDE\x38\xA9\x3C\xAC\x43\x4D\x64\x45\xCE\xDD\x28\xA9\x5C\xF2\x73\x7B\x04\xF8\x17\xE8\xAB\xB1\xF3\x2E\x5C\x64\x6E\x73\x31\x3A\x12\xB8\xBC\xB3\x11\xE4\x7D\x8F\x81\x51\x9A\x3B\x8D\x89\xF4\x4D\x93\x66\x7B\x3C\x03\xED\xD3\x9A\x1D\x9A\xF3\x65\x50\xF5\xA0\xD0\x75\x9F\x2F\xAF\xF0\xEA\x82\x43\x98\xF8\x69\x9C\x89\x79\xC4\x43\x8E\x46\x72\xE3\x64\x36\x12\xAF\xF7\x25\x1E\x38\x89\x90\x77\x7E\xC3\x6B\x6A\xB9\xC3\xCB\x44\x4B\xAC\x78\x90\x8B\xE7\xC7\x2C\x1E\x4B\x11\x44\xC8\x34\x52\x27\xCD\x0A\x5D\x9F\x85\xC1\x89\xD5\x1A\x78\xF2\x95\x10\x53\x32\xDD\x80\x84\x66\x75\xD9\xB5\x68\x28\xFB\x61\x2E\xBE\x84\xA8\x38\xC0\x99\x12\x86\xA5\x1E\x67\x64\xAD\x06\x2E\x2F\xA9\x70\x85\xC7\x96\x0F\x7C\x89\x65\xF5\x8E\x43\x54\x0E\xAB\xDD\xA5\x80\x39\x94\x60\xC0\x34\xC9\x96\x70\x2C\xA3\x12\xF5\x1F\x48\x7B\xBD\x1C\x7E\x6B\xB7\x9D\x90\xF4\x22\x3B\xAE\xF8\xFC\x2A\xCA\xFA\x82\x52\xA0\xEF\xAF\x4B\x55\x93\xEB\xC1\xB5\xF0\x22\x8B\xAC\x34\x4E\x26\x22\x04\xA1\x87\x2C\x75\x4A\xB7\xE5\x7D\x13\xD7\xB8\x0C\x64\xC0\x36\xD2\xC9\x2F\x86\x12\x8C\x23\x09\xC1\x1B\x82\x3B\x73\x49\xA3\x6A\x57\x87\x94\xE5\xD6\x78\xC5\x99\x43\x63\xE3\x4D\xE0\x77\x2D\xE1\x65\x99\x72\x69\x04\x1A\x47\x09\xE6\x0F\x01\x56\x24\xFB\x1F\xBF\x0E\x79\xA9\x58\x2E\xB9\xC4\x09\x01\x7E\x95\xBA\x6D\x00\x06\x3E\xB2\xEA\x4A\x10\x39\xD8\xD0\x2B\xF5\xBF\xEC\x75\xBF\x97\x02\xC5\x09\x1B\x08\xDC\x55\x37\xE2\x81\xFB\x37\x84\x43\x62\x20\xCA\xE7\x56\x4B\x65\xEA\xFE\x6C\xC1\x24\x93\x24\xA1\x34\xEB\x05\xFF\x9A\x22\xAE\x9B\x7D\x3F\xF1\x65\x51\x0A\xA6\x30\x6A\xB3\xF4\x88\x1C\x80\x0D\xFC\x72\x8A\xE8\x83\x5E",
+	["O=Government Root Certification Authority,C=TW"] = "\x30\x82\x05\x72\x30\x82\x03\x5A\xA0\x03\x02\x01\x02\x02\x10\x1F\x9D\x59\x5A\xD7\x2F\xC2\x06\x44\xA5\x80\x08\x69\xE3\x5E\xF6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x3F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x30\x30\x2E\x06\x03\x55\x04\x0A\x0C\x27\x47\x6F\x76\x65\x72\x6E\x6D\x65\x6E\x74\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x32\x31\x32\x30\x35\x31\x33\x32\x33\x33\x33\x5A\x17\x0D\x33\x32\x31\x32\x30\x35\x31\x33\x32\x33\x33\x33\x5A\x30\x3F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x30\x30\x2E\x06\x03\x55\x04\x0A\x0C\x27\x47\x6F\x76\x65\x72\x6E\x6D\x65\x6E\x74\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\x9A\x25\xB8\xEC\xCC\xA2\x75\xA8\x7B\xF7\xCE\x5B\x59\x8A\xC9\xD1\x86\x12\x08\x54\xEC\x9C\xF2\xE7\x46\xF6\x88\xF3\x7C\xE9\xA5\xDF\x4C\x47\x36\xA4\x1B\x01\x1C\x7F\x1E\x57\x8A\x8D\xC3\xC5\xD1\x21\xE3\xDA\x24\x3F\x48\x2B\xFB\x9F\x2E\xA1\x94\xE7\x2C\x1C\x93\xD1\xBF\x1B\x01\x87\x53\x99\xCE\xA7\xF5\x0A\x21\x76\x77\xFF\xA9\xB7\xC6\x73\x94\x4F\x46\xF7\x10\x49\x37\xFA\xA8\x59\x49\x5D\x6A\x81\x07\x56\xF2\x8A\xF9\x06\xD0\xF7\x70\x22\x4D\xB4\xB7\x41\xB9\x32\xB8\xB1\xF0\xB1\xC3\x9C\x3F\x70\xFD\x53\xDD\x81\xAA\xD8\x63\x78\xF6\xD8\x53\x6E\xA1\xAC\x6A\x84\x24\x72\x54\x86\xC6\xD2\xB2\xCA\x1C\x0E\x79\x81\xD6\xB5\x70\x62\x08\x01\x2E\x4E\x4F\x0E\xD5\x11\xAF\xA9\xAF\xE5\x9A\xBF\xDC\xCC\x87\x6D\x26\xE4\xC9\x57\xA2\xFB\x96\xF9\xCC\xE1\x3F\x53\x8C\x6C\x4C\x7E\x9B\x53\x08\x0B\x6C\x17\xFB\x67\xC8\xC2\xAD\xB1\xCD\x80\xB4\x97\xDC\x76\x01\x16\x15\xE9\x6A\xD7\xA4\xE1\x78\x47\xCE\x86\xD5\xFB\x31\xF3\xFA\x31\xBE\x34\xAA\x28\xFB\x70\x4C\x1D\x49\xC7\xAF\x2C\x9D\x6D\x66\xA6\xB6\x8D\x64\x7E\xB5\x20\x6A\x9D\x3B\x81\xB6\x8F\x40\x00\x67\x4B\x89\x86\xB8\xCC\x65\xFE\x15\x53\xE9\x04\xC1\xD6\x5F\x1D\x44\xD7\x0A\x2F\x27\x9A\x46\x7D\xA1\x0D\x75\xAD\x54\x86\x15\xDC\x49\x3B\xF1\x96\xCE\x0F\x9B\xA0\xEC\xA3\x7A\x5D\xBE\xD5\x2A\x75\x42\xE5\x7B\xDE\xA5\xB6\xAA\xAF\x28\xAC\xAC\x90\xAC\x38\xB7\xD5\x68\x35\x26\x7A\xDC\xF7\x3B\xF3\xFD\x45\x9B\xD1\xBB\x43\x78\x6E\x6F\xF1\x42\x54\x6A\x98\xF0\x0D\xAD\x97\xE9\x52\x5E\xE9\xD5\x6A\x72\xDE\x6A\xF7\x1B\x60\x14\xF4\xA5\xE4\xB6\x71\x67\xAA\x1F\xEA\xE2\x4D\xC1\x42\x40\xFE\x67\x46\x17\x38\x2F\x47\x3F\x71\x9C\xAE\xE5\x21\xCA\x61\x2D\x6D\x07\xA8\x84\x7C\x2D\xEE\x51\x25\xF1\x63\x90\x9E\xFD\xE1\x57\x88\x6B\xEF\x8A\x23\x6D\xB1\xE6\xBD\x3F\xAD\xD1\x3D\x96\x0B\x85\x8D\xCD\x6B\x27\xBB\xB7\x05\x9B\xEC\xBB\x91\xA9\x0A\x07\x12\x02\x97\x4E\x20\x90\xF0\xFF\x0D\x1E\xE2\x41\x3B\xD3\x40\x3A\xE7\x8D\x5D\xDA\x66\xE4\x02\xB0\x07\x52\x98\x5C\x0E\x8E\x33\x9C\xC2\xA6\x95\xFB\x55\x19\x6E\x4C\x8E\xAE\x4B\x0F\xBD\xC1\x38\x4D\x5E\x8F\x84\x1D\x66\xCD\xC5\x60\x96\xB4\x52\x5A\x05\x89\x8E\x95\x7A\x98\xC1\x91\x3C\x95\x23\xB2\x0E\xF4\x79\xB4\xC9\x7C\xC1\x4A\x21\x02\x03\x01\x00\x01\xA3\x6A\x30\x68\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xCC\xCC\xEF\xCC\x29\x60\xA4\x3B\xB1\x92\xB6\x3C\xFA\x32\x62\x8F\xAC\x25\x15\x3B\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x39\x06\x04\x67\x2A\x07\x00\x04\x31\x30\x2F\x30\x2D\x02\x01\x00\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x30\x07\x06\x05\x67\x2A\x03\x00\x00\x04\x14\x03\x9B\xF0\x22\x13\xFF\x95\x28\x36\xD3\xDC\x9E\xC0\x32\xFB\x31\x3A\x8A\x51\x65\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x40\x80\x4A\xFA\x26\xC9\xCE\x5E\x30\xDD\x4F\x86\x74\x76\x58\xF5\xAE\xB3\x83\x33\x78\xA4\x7A\x74\x17\x19\x4E\xE9\x52\xB5\xB9\xE0\x0A\x74\x62\xAA\x68\xCA\x78\xA0\x4C\x9A\x8E\x2C\x23\x2E\xD5\x6A\x12\x24\xBF\xD4\x68\xD3\x8A\xD0\xD8\x9C\x9F\xB4\x1F\x0C\xDE\x38\x7E\x57\x38\xFC\x8D\xE2\x4F\x5E\x0C\x9F\xAB\x3B\xD2\xFF\x75\x97\xCB\xA4\xE3\x67\x08\xFF\xE5\xC0\x16\xB5\x48\x01\x7D\xE9\xF9\x0A\xFF\x1B\xE5\x6A\x69\xBF\x78\x21\xA8\xC2\xA7\x23\xA9\x86\xAB\x76\x56\xE8\x0E\x0C\xF6\x13\xDD\x2A\x66\x8A\x64\x49\x3D\x1A\x18\x87\x90\x04\x9F\x42\x52\xB7\x4F\xCB\xFE\x47\x41\x76\x35\xEF\xFF\x00\x76\x36\x45\x32\x9B\xC6\x46\x85\x5D\xE2\x24\xB0\x1E\xE3\x48\x96\x98\x57\x47\x94\x55\x7A\x0F\x41\xB1\x44\x24\xF3\xC1\xFE\x1A\x6B\xBF\x88\xFD\xC1\xA6\xDA\x93\x60\x5E\x81\x4A\x99\x20\x9C\x48\x66\x19\xB5\x00\x79\x54\x0F\xB8\x2C\x2F\x4B\xBC\xA9\x5D\x5B\x60\x7F\x8C\x87\xA5\xE0\x52\x63\x2A\xBE\xD8\x3B\x85\x40\x15\xFE\x1E\xB6\x65\x3F\xC5\x4B\xDA\x7E\xB5\x7A\x35\x29\xA3\x2E\x7A\x98\x60\x22\xA3\xF4\x7D\x27\x4E\x2D\xEA\xB4\x74\x3C\xE9\x0F\xA4\x33\x0F\x10\x11\xBC\x13\x01\xD6\xE5\x0E\xD3\xBF\xB5\x12\xA2\xE1\x45\x23\xC0\xCC\x08\x6E\x61\xB7\x89\xAB\x83\xE3\x24\x1E\xE6\x5D\x07\xE7\x1F\x20\x3E\xCF\x67\xC8\xE7\xAC\x30\x6D\x27\x4B\x68\x6E\x4B\x2A\x5C\x02\x08\x34\xDB\xF8\x76\xE4\x67\xA3\x26\x9C\x3F\xA2\x32\xC2\x4A\xC5\x81\x18\x31\x10\x56\xAA\x84\xEF\x2D\x0A\xFF\xB8\x1F\x77\xD2\xBF\xA5\x58\xA0\x62\xE4\xD7\x4B\x91\x75\x8D\x89\x80\x98\x7E\x6D\xCB\x53\x4E\x5E\xAF\xF6\xB2\x97\x85\x97\xB9\xDA\x55\x06\xB9\x24\xEE\xD7\xC6\x38\x1E\x63\x1B\x12\x3B\x95\xE1\x58\xAC\xF2\xDF\x84\xD5\x5F\x99\x2F\x0D\x55\x5B\xE6\x38\xDB\x2E\x3F\x72\xE9\x48\x85\xCB\xBB\x29\x13\x8F\x1E\x38\x55\xB9\xF3\xB2\xC4\x30\x99\x23\x4E\x5D\xF2\x48\xA1\x12\x0C\xDC\x12\x90\x09\x90\x54\x91\x03\x3C\x47\xE5\xD5\xC9\x65\xE0\xB7\x4B\x7D\xEC\x47\xD3\xB3\x0B\x3E\xAD\x9E\xD0\x74\x00\x0E\xEB\xBD\x51\xAD\xC0\xDE\x2C\xC0\xC3\x6A\xFE\xEF\xDC\x0B\xA7\xFA\x46\xDF\x60\xDB\x9C\xA6\x59\x50\x75\x23\x69\x73\x93\xB2\xF9\xFC\x02\xD3\x47\xE6\x71\xCE\x10\x02\xEE\x27\x8C\x84\xFF\xAC\x45\x0D\x13\x5C\x83\x32\xE0\x25\xA5\x86\x2C\x7C\xF4\x12",
+	["CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch"] = "\x30\x82\x05\xD9\x30\x82\x03\xC1\xA0\x03\x02\x01\x02\x02\x10\x5C\x0B\x85\x5C\x0B\xE7\x59\x41\xDF\x57\xCC\x3F\x7F\x9D\xA8\x36\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x63\x68\x31\x11\x30\x0F\x06\x03\x55\x04\x0A\x13\x08\x53\x77\x69\x73\x73\x63\x6F\x6D\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x44\x69\x67\x69\x74\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x53\x77\x69\x73\x73\x63\x6F\x6D\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x31\x30\x1E\x17\x0D\x30\x35\x30\x38\x31\x38\x31\x32\x30\x36\x32\x30\x5A\x17\x0D\x32\x35\x30\x38\x31\x38\x32\x32\x30\x36\x32\x30\x5A\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x63\x68\x31\x11\x30\x0F\x06\x03\x55\x04\x0A\x13\x08\x53\x77\x69\x73\x73\x63\x6F\x6D\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x44\x69\x67\x69\x74\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x53\x77\x69\x73\x73\x63\x6F\x6D\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x31\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xD0\xB9\xB0\xA8\x0C\xD9\xBB\x3F\x21\xF8\x1B\xD5\x33\x93\x80\x16\x65\x20\x75\xB2\x3D\x9B\x60\x6D\x46\xC8\x8C\x31\x6F\x17\xC3\xFA\x9A\x6C\x56\xED\x3C\xC5\x91\x57\xC3\xCD\xAB\x96\x49\x90\x2A\x19\x4B\x1E\xA3\x6D\x57\xDD\xF1\x2B\x62\x28\x75\x45\x5E\xAA\xD6\x5B\xFA\x0B\x25\xD8\xA1\x16\xF9\x1C\xC4\x2E\xE6\x95\x2A\x67\xCC\xD0\x29\x6E\x3C\x85\x34\x38\x61\x49\xB1\x00\x9F\xD6\x3A\x71\x5F\x4D\x6D\xCE\x5F\xB9\xA9\xE4\x89\x7F\x6A\x52\xFA\xCA\x9B\xF2\xDC\xA9\xF9\x9D\x99\x47\x3F\x4E\x29\x5F\xB4\xA6\x8D\x5D\x7B\x0B\x99\x11\x03\x03\xFE\xE7\xDB\xDB\xA3\xFF\x1D\xA5\xCD\x90\x1E\x01\x1F\x35\xB0\x7F\x00\xDB\x90\x6F\xC6\x7E\x7B\xD1\xEE\x7A\x7A\xA7\xAA\x0C\x57\x6F\xA4\x6D\xC5\x13\x3B\xB0\xA5\xD9\xED\x32\x1C\xB4\x5E\x67\x8B\x54\xDC\x73\x87\xE5\xD3\x17\x7C\x66\x50\x72\x5D\xD4\x1A\x58\xC1\xD9\xCF\xD8\x89\x02\x6F\xA7\x49\xB4\x36\x5D\xD0\xA4\xDE\x07\x2C\xB6\x75\xB7\x28\x91\xD6\x97\xBE\x28\xF5\x98\x1E\xEA\x5B\x26\xC9\xBD\xB0\x97\x73\xDA\xAE\x91\x26\xEB\x68\xC1\xF9\x39\x15\xD6\x67\x4B\x0A\x6D\x4F\xCB\xCF\xB0\xE4\x42\x71\x8C\x53\x79\xE7\xEE\xE1\xDB\x1D\xA0\x6E\x1D\x8C\x1A\x77\x35\x5C\x16\x1E\x2B\x53\x1F\x34\x8B\xD1\x6C\xFC\xF2\x67\x07\x7A\xF5\xAD\xED\xD6\x9A\xAB\xA1\xB1\x4B\xE1\xCC\x37\x5F\xFD\x7F\xCD\x4D\xAE\xB8\x1F\x9C\x43\xF9\x2A\x58\x55\x43\x45\xBC\x96\xCD\x70\x0E\xFC\xC9\xE3\x66\xBA\x4E\x8D\x3B\x81\xCB\x15\x64\x7B\xB9\x94\xE8\x5D\x33\x52\x85\x71\x2E\x4F\x8E\xA2\x06\x11\x51\xC9\xE3\xCB\xA1\x6E\x31\x08\x64\x0C\xC2\xD2\x3C\xF5\x36\xE8\xD7\xD0\x0E\x78\x23\x20\x91\xC9\x24\x2A\x65\x29\x5B\x22\xF7\x21\xCE\x83\x5E\xA4\xF3\xDE\x4B\xD3\x68\x8F\x46\x75\x5C\x83\x09\x6E\x29\x6B\xC4\x70\x8C\xF5\x9D\xD7\x20\x2F\xFF\x46\xD2\x2B\x38\xC2\x2F\x75\x1C\x3D\x7E\xDA\xA5\xEF\x1E\x60\x85\x69\x42\xD3\xCC\xF8\x63\xFE\x1E\x43\x39\x85\xA6\xB6\x63\x41\x10\xB3\x73\x1E\xBC\xD3\xFA\xCA\x7D\x16\x47\xE2\xA7\xD5\xD0\xA3\x8A\x0A\x08\x96\x62\x56\x6E\x34\xDB\xD9\x02\xB9\x30\x75\xE3\x04\xD2\xE7\x8F\xC2\xB0\x11\x40\x0A\xAC\xD5\x71\x02\x62\x8B\x31\xBE\xDD\xC6\x23\x58\x31\x42\x43\x2D\x74\xF9\xC6\x9E\xA6\x8A\x0F\xE9\xFE\xBF\x83\xE6\x43\x57\x24\xBA\xEF\x46\x34\xAA\xD7\x12\x01\x38\xED\x02\x03\x01\x00\x01\xA3\x81\x86\x30\x81\x83\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1D\x06\x03\x55\x1D\x21\x04\x16\x30\x14\x30\x12\x06\x07\x60\x85\x74\x01\x53\x00\x01\x06\x07\x60\x85\x74\x01\x53\x00\x01\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x07\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x03\x25\x2F\xDE\x6F\x82\x01\x3A\x5C\x2C\xDC\x2B\xA1\x69\xB5\x67\xD4\x8C\xD3\xFD\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x03\x25\x2F\xDE\x6F\x82\x01\x3A\x5C\x2C\xDC\x2B\xA1\x69\xB5\x67\xD4\x8C\xD3\xFD\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x35\x10\xCB\xEC\xA6\x04\x0D\x0D\x0F\xCD\xC0\xDB\xAB\xA8\xF2\x88\x97\x0C\xDF\x93\x2F\x4D\x7C\x40\x56\x31\x7A\xEB\xA4\x0F\x60\xCD\x7A\xF3\xBE\xC3\x27\x8E\x03\x3E\xA4\xDD\x12\xEF\x7E\x1E\x74\x06\x3C\x3F\x31\xF2\x1C\x7B\x91\x31\x21\xB4\xF0\xD0\x6C\x97\xD4\xE9\x97\xB2\x24\x56\x1E\x56\xC3\x35\xBD\x88\x05\x0F\x5B\x10\x1A\x64\xE1\xC7\x82\x30\xF9\x32\xAD\x9E\x50\x2C\xE7\x78\x05\xD0\x31\xB1\x5A\x98\x8A\x75\x4E\x90\x5C\x6A\x14\x2A\xE0\x52\x47\x82\x60\xE6\x1E\xDA\x81\xB1\xFB\x14\x0B\x5A\xF1\x9F\xD2\x95\xBA\x3E\xD0\x1B\xD6\x15\x1D\xA3\xBE\x86\xD5\xDB\x0F\xC0\x49\x64\xBB\x2E\x50\x19\x4B\xD2\x24\xF8\xDD\x1E\x07\x56\xD0\x38\xA0\x95\x70\x20\x76\x8C\xD7\xDD\x1E\xDE\x9F\x71\xC4\x23\xEF\x83\x13\x5C\xA3\x24\x15\x4D\x29\x40\x3C\x6A\xC4\xA9\xD8\xB7\xA6\x44\xA5\x0D\xF4\xE0\x9D\x77\x1E\x40\x70\x26\xFC\xDA\xD9\x36\xE4\x79\xE4\xB5\x3F\xBC\x9B\x65\xBE\xBB\x11\x96\xCF\xDB\xC6\x28\x39\x3A\x08\xCE\x47\x5B\x53\x5A\xC5\x99\xFE\x5D\xA9\xDD\xEF\x4C\xD4\xC6\xA5\xAD\x02\xE6\x8C\x07\x12\x1E\x6F\x03\xD1\x6F\xA0\xA3\xF3\x29\xBD\x12\xC7\x50\xA2\xB0\x7F\x88\xA9\x99\x77\x9A\xB1\xC0\xA5\x39\x2E\x5C\x7C\x69\xE2\x2C\xB0\xEA\x37\x6A\xA4\xE1\x5A\xE1\xF5\x50\xE5\x83\xEF\xA5\xBB\x2A\x88\xE7\x8C\xDB\xFD\x6D\x5E\x97\x19\xA8\x7E\x66\x75\x6B\x71\xEA\xBF\xB1\xC7\x6F\xA0\xF4\x8E\xA4\xEC\x34\x51\x5B\x8C\x26\x03\x70\xA1\x77\xD5\x01\x12\x57\x00\x35\xDB\x23\xDE\x0E\x8A\x28\x99\xFD\xB1\x10\x6F\x4B\xFF\x38\x2D\x60\x4E\x2C\x9C\xEB\x67\xB5\xAD\x49\xEE\x4B\x1F\xAC\xAF\xFB\x0D\x90\x5A\x66\x60\x70\x5D\xAA\xCD\x78\xD4\x24\xEE\xC8\x41\xA0\x93\x01\x92\x9C\x6A\x9E\xFC\xB9\x24\xC5\xB3\x15\x82\x7E\xBE\xAE\x95\x2B\xEB\xB1\xC0\xDA\xE3\x01\x60\x0B\x5E\x69\xAC\x84\x56\x61\xBE\x71\x17\xFE\x1D\x13\x0F\xFE\xC6\x87\x45\xE9\xFE\x32\xA0\x1A\x0D\x13\xA4\x94\x55\x71\xA5\x16\x8B\xBA\xCA\x89\xB0\xB2\xC7\xFC\x8F\xD8\x54\xB5\x93\x62\x9D\xCE\xCF\x59\xFB\x3D\x18\xCE\x2A\xCB\x35\x15\x82\x5D\xFF\x54\x22\x5B\x71\x52\xFB\xB7\xC9\xFE\x60\x9B\x00\x41\x64\xF0\xAA\x2A\xEC\xB6\x42\x43\xCE\x89\x66\x81\xC8\x8B\x9F\x39\x54\x03\x25\xD3\x16\x35\x8E\x84\xD0\x5F\xFA\x30\x1A\xF5\x9A\x6C\xF4\x0E\x53\xF9\x3A\x5B\xD1\x1C",
+	["CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US"] = "\x30\x82\x03\xB7\x30\x82\x02\x9F\xA0\x03\x02\x01\x02\x02\x10\x0C\xE7\xE0\xE5\x17\xD8\x46\xFE\x8F\xE5\x60\xFC\x1B\xF0\x30\x39\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1B\x44\x69\x67\x69\x43\x65\x72\x74\x20\x41\x73\x73\x75\x72\x65\x64\x20\x49\x44\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x36\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x31\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5A\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1B\x44\x69\x67\x69\x43\x65\x72\x74\x20\x41\x73\x73\x75\x72\x65\x64\x20\x49\x44\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAD\x0E\x15\xCE\xE4\x43\x80\x5C\xB1\x87\xF3\xB7\x60\xF9\x71\x12\xA5\xAE\xDC\x26\x94\x88\xAA\xF4\xCE\xF5\x20\x39\x28\x58\x60\x0C\xF8\x80\xDA\xA9\x15\x95\x32\x61\x3C\xB5\xB1\x28\x84\x8A\x8A\xDC\x9F\x0A\x0C\x83\x17\x7A\x8F\x90\xAC\x8A\xE7\x79\x53\x5C\x31\x84\x2A\xF6\x0F\x98\x32\x36\x76\xCC\xDE\xDD\x3C\xA8\xA2\xEF\x6A\xFB\x21\xF2\x52\x61\xDF\x9F\x20\xD7\x1F\xE2\xB1\xD9\xFE\x18\x64\xD2\x12\x5B\x5F\xF9\x58\x18\x35\xBC\x47\xCD\xA1\x36\xF9\x6B\x7F\xD4\xB0\x38\x3E\xC1\x1B\xC3\x8C\x33\xD9\xD8\x2F\x18\xFE\x28\x0F\xB3\xA7\x83\xD6\xC3\x6E\x44\xC0\x61\x35\x96\x16\xFE\x59\x9C\x8B\x76\x6D\xD7\xF1\xA2\x4B\x0D\x2B\xFF\x0B\x72\xDA\x9E\x60\xD0\x8E\x90\x35\xC6\x78\x55\x87\x20\xA1\xCF\xE5\x6D\x0A\xC8\x49\x7C\x31\x98\x33\x6C\x22\xE9\x87\xD0\x32\x5A\xA2\xBA\x13\x82\x11\xED\x39\x17\x9D\x99\x3A\x72\xA1\xE6\xFA\xA4\xD9\xD5\x17\x31\x75\xAE\x85\x7D\x22\xAE\x3F\x01\x46\x86\xF6\x28\x79\xC8\xB1\xDA\xE4\x57\x17\xC4\x7E\x1C\x0E\xB0\xB4\x92\xA6\x56\xB3\xBD\xB2\x97\xED\xAA\xA7\xF0\xB7\xC5\xA8\x3F\x95\x16\xD0\xFF\xA1\x96\xEB\x08\x5F\x18\x77\x4F\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x45\xEB\xA2\xAF\xF4\x92\xCB\x82\x31\x2D\x51\x8B\xA7\xA7\x21\x9D\xF3\x6D\xC8\x0F\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x45\xEB\xA2\xAF\xF4\x92\xCB\x82\x31\x2D\x51\x8B\xA7\xA7\x21\x9D\xF3\x6D\xC8\x0F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xA2\x0E\xBC\xDF\xE2\xED\xF0\xE3\x72\x73\x7A\x64\x94\xBF\xF7\x72\x66\xD8\x32\xE4\x42\x75\x62\xAE\x87\xEB\xF2\xD5\xD9\xDE\x56\xB3\x9F\xCC\xCE\x14\x28\xB9\x0D\x97\x60\x5C\x12\x4C\x58\xE4\xD3\x3D\x83\x49\x45\x58\x97\x35\x69\x1A\xA8\x47\xEA\x56\xC6\x79\xAB\x12\xD8\x67\x81\x84\xDF\x7F\x09\x3C\x94\xE6\xB8\x26\x2C\x20\xBD\x3D\xB3\x28\x89\xF7\x5F\xFF\x22\xE2\x97\x84\x1F\xE9\x65\xEF\x87\xE0\xDF\xC1\x67\x49\xB3\x5D\xEB\xB2\x09\x2A\xEB\x26\xED\x78\xBE\x7D\x3F\x2B\xF3\xB7\x26\x35\x6D\x5F\x89\x01\xB6\x49\x5B\x9F\x01\x05\x9B\xAB\x3D\x25\xC1\xCC\xB6\x7F\xC2\xF1\x6F\x86\xC6\xFA\x64\x68\xEB\x81\x2D\x94\xEB\x42\xB7\xFA\x8C\x1E\xDD\x62\xF1\xBE\x50\x67\xB7\x6C\xBD\xF3\xF1\x1F\x6B\x0C\x36\x07\x16\x7F\x37\x7C\xA9\x5B\x6D\x7A\xF1\x12\x46\x60\x83\xD7\x27\x04\xBE\x4B\xCE\x97\xBE\xC3\x67\x2A\x68\x11\xDF\x80\xE7\x0C\x33\x66\xBF\x13\x0D\x14\x6E\xF3\x7F\x1F\x63\x10\x1E\xFA\x8D\x1B\x25\x6D\x6C\x8F\xA5\xB7\x61\x01\xB1\xD2\xA3\x26\xA1\x10\x71\x9D\xAD\xE2\xC3\xF9\xC3\x99\x51\xB7\x2B\x07\x08\xCE\x2E\xE6\x50\xB2\xA7\xFA\x0A\x45\x2F\xA2\xF0\xF2",
+	["CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US"] = "\x30\x82\x03\xAF\x30\x82\x02\x97\xA0\x03\x02\x01\x02\x02\x10\x08\x3B\xE0\x56\x90\x42\x46\xB1\xA1\x75\x6A\xC9\x59\x91\xC7\x4A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x61\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x44\x69\x67\x69\x43\x65\x72\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x36\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x31\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5A\x30\x61\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x44\x69\x67\x69\x43\x65\x72\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xE2\x3B\xE1\x11\x72\xDE\xA8\xA4\xD3\xA3\x57\xAA\x50\xA2\x8F\x0B\x77\x90\xC9\xA2\xA5\xEE\x12\xCE\x96\x5B\x01\x09\x20\xCC\x01\x93\xA7\x4E\x30\xB7\x53\xF7\x43\xC4\x69\x00\x57\x9D\xE2\x8D\x22\xDD\x87\x06\x40\x00\x81\x09\xCE\xCE\x1B\x83\xBF\xDF\xCD\x3B\x71\x46\xE2\xD6\x66\xC7\x05\xB3\x76\x27\x16\x8F\x7B\x9E\x1E\x95\x7D\xEE\xB7\x48\xA3\x08\xDA\xD6\xAF\x7A\x0C\x39\x06\x65\x7F\x4A\x5D\x1F\xBC\x17\xF8\xAB\xBE\xEE\x28\xD7\x74\x7F\x7A\x78\x99\x59\x85\x68\x6E\x5C\x23\x32\x4B\xBF\x4E\xC0\xE8\x5A\x6D\xE3\x70\xBF\x77\x10\xBF\xFC\x01\xF6\x85\xD9\xA8\x44\x10\x58\x32\xA9\x75\x18\xD5\xD1\xA2\xBE\x47\xE2\x27\x6A\xF4\x9A\x33\xF8\x49\x08\x60\x8B\xD4\x5F\xB4\x3A\x84\xBF\xA1\xAA\x4A\x4C\x7D\x3E\xCF\x4F\x5F\x6C\x76\x5E\xA0\x4B\x37\x91\x9E\xDC\x22\xE6\x6D\xCE\x14\x1A\x8E\x6A\xCB\xFE\xCD\xB3\x14\x64\x17\xC7\x5B\x29\x9E\x32\xBF\xF2\xEE\xFA\xD3\x0B\x42\xD4\xAB\xB7\x41\x32\xDA\x0C\xD4\xEF\xF8\x81\xD5\xBB\x8D\x58\x3F\xB5\x1B\xE8\x49\x28\xA2\x70\xDA\x31\x04\xDD\xF7\xB2\x16\xF2\x4C\x0A\x4E\x07\xA8\xED\x4A\x3D\x5E\xB5\x7F\xA3\x90\xC3\xAF\x27\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x03\xDE\x50\x35\x56\xD1\x4C\xBB\x66\xF0\xA3\xE2\x1B\x1B\xC3\x97\xB2\x3D\xD1\x55\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x03\xDE\x50\x35\x56\xD1\x4C\xBB\x66\xF0\xA3\xE2\x1B\x1B\xC3\x97\xB2\x3D\xD1\x55\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xCB\x9C\x37\xAA\x48\x13\x12\x0A\xFA\xDD\x44\x9C\x4F\x52\xB0\xF4\xDF\xAE\x04\xF5\x79\x79\x08\xA3\x24\x18\xFC\x4B\x2B\x84\xC0\x2D\xB9\xD5\xC7\xFE\xF4\xC1\x1F\x58\xCB\xB8\x6D\x9C\x7A\x74\xE7\x98\x29\xAB\x11\xB5\xE3\x70\xA0\xA1\xCD\x4C\x88\x99\x93\x8C\x91\x70\xE2\xAB\x0F\x1C\xBE\x93\xA9\xFF\x63\xD5\xE4\x07\x60\xD3\xA3\xBF\x9D\x5B\x09\xF1\xD5\x8E\xE3\x53\xF4\x8E\x63\xFA\x3F\xA7\xDB\xB4\x66\xDF\x62\x66\xD6\xD1\x6E\x41\x8D\xF2\x2D\xB5\xEA\x77\x4A\x9F\x9D\x58\xE2\x2B\x59\xC0\x40\x23\xED\x2D\x28\x82\x45\x3E\x79\x54\x92\x26\x98\xE0\x80\x48\xA8\x37\xEF\xF0\xD6\x79\x60\x16\xDE\xAC\xE8\x0E\xCD\x6E\xAC\x44\x17\x38\x2F\x49\xDA\xE1\x45\x3E\x2A\xB9\x36\x53\xCF\x3A\x50\x06\xF7\x2E\xE8\xC4\x57\x49\x6C\x61\x21\x18\xD5\x04\xAD\x78\x3C\x2C\x3A\x80\x6B\xA7\xEB\xAF\x15\x14\xE9\xD8\x89\xC1\xB9\x38\x6C\xE2\x91\x6C\x8A\xFF\x64\xB9\x77\x25\x57\x30\xC0\x1B\x24\xA3\xE1\xDC\xE9\xDF\x47\x7C\xB5\xB4\x24\x08\x05\x30\xEC\x2D\xBD\x0B\xBF\x45\xBF\x50\xB9\xA9\xF3\xEB\x98\x01\x12\xAD\xC8\x88\xC6\x98\x34\x5F\x8D\x0A\x3C\xC6\xE9\xD5\x95\x95\x6D\xDE",
+	["CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US"] = "\x30\x82\x03\xC5\x30\x82\x02\xAD\xA0\x03\x02\x01\x02\x02\x10\x02\xAC\x5C\x26\x6A\x0B\x40\x9B\x8F\x0B\x79\xF2\xAE\x46\x25\x77\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x6C\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x2B\x30\x29\x06\x03\x55\x04\x03\x13\x22\x44\x69\x67\x69\x43\x65\x72\x74\x20\x48\x69\x67\x68\x20\x41\x73\x73\x75\x72\x61\x6E\x63\x65\x20\x45\x56\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x36\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x31\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5A\x30\x6C\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6E\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x77\x77\x77\x2E\x64\x69\x67\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x31\x2B\x30\x29\x06\x03\x55\x04\x03\x13\x22\x44\x69\x67\x69\x43\x65\x72\x74\x20\x48\x69\x67\x68\x20\x41\x73\x73\x75\x72\x61\x6E\x63\x65\x20\x45\x56\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC6\xCC\xE5\x73\xE6\xFB\xD4\xBB\xE5\x2D\x2D\x32\xA6\xDF\xE5\x81\x3F\xC9\xCD\x25\x49\xB6\x71\x2A\xC3\xD5\x94\x34\x67\xA2\x0A\x1C\xB0\x5F\x69\xA6\x40\xB1\xC4\xB7\xB2\x8F\xD0\x98\xA4\xA9\x41\x59\x3A\xD3\xDC\x94\xD6\x3C\xDB\x74\x38\xA4\x4A\xCC\x4D\x25\x82\xF7\x4A\xA5\x53\x12\x38\xEE\xF3\x49\x6D\x71\x91\x7E\x63\xB6\xAB\xA6\x5F\xC3\xA4\x84\xF8\x4F\x62\x51\xBE\xF8\xC5\xEC\xDB\x38\x92\xE3\x06\xE5\x08\x91\x0C\xC4\x28\x41\x55\xFB\xCB\x5A\x89\x15\x7E\x71\xE8\x35\xBF\x4D\x72\x09\x3D\xBE\x3A\x38\x50\x5B\x77\x31\x1B\x8D\xB3\xC7\x24\x45\x9A\xA7\xAC\x6D\x00\x14\x5A\x04\xB7\xBA\x13\xEB\x51\x0A\x98\x41\x41\x22\x4E\x65\x61\x87\x81\x41\x50\xA6\x79\x5C\x89\xDE\x19\x4A\x57\xD5\x2E\xE6\x5D\x1C\x53\x2C\x7E\x98\xCD\x1A\x06\x16\xA4\x68\x73\xD0\x34\x04\x13\x5C\xA1\x71\xD3\x5A\x7C\x55\xDB\x5E\x64\xE1\x37\x87\x30\x56\x04\xE5\x11\xB4\x29\x80\x12\xF1\x79\x39\x88\xA2\x02\x11\x7C\x27\x66\xB7\x88\xB7\x78\xF2\xCA\x0A\xA8\x38\xAB\x0A\x64\xC2\xBF\x66\x5D\x95\x84\xC1\xA1\x25\x1E\x87\x5D\x1A\x50\x0B\x20\x12\xCC\x41\xBB\x6E\x0B\x51\x38\xB8\x4B\xCB\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xB1\x3E\xC3\x69\x03\xF8\xBF\x47\x01\xD4\x98\x26\x1A\x08\x02\xEF\x63\x64\x2B\xC3\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xB1\x3E\xC3\x69\x03\xF8\xBF\x47\x01\xD4\x98\x26\x1A\x08\x02\xEF\x63\x64\x2B\xC3\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x1C\x1A\x06\x97\xDC\xD7\x9C\x9F\x3C\x88\x66\x06\x08\x57\x21\xDB\x21\x47\xF8\x2A\x67\xAA\xBF\x18\x32\x76\x40\x10\x57\xC1\x8A\xF3\x7A\xD9\x11\x65\x8E\x35\xFA\x9E\xFC\x45\xB5\x9E\xD9\x4C\x31\x4B\xB8\x91\xE8\x43\x2C\x8E\xB3\x78\xCE\xDB\xE3\x53\x79\x71\xD6\xE5\x21\x94\x01\xDA\x55\x87\x9A\x24\x64\xF6\x8A\x66\xCC\xDE\x9C\x37\xCD\xA8\x34\xB1\x69\x9B\x23\xC8\x9E\x78\x22\x2B\x70\x43\xE3\x55\x47\x31\x61\x19\xEF\x58\xC5\x85\x2F\x4E\x30\xF6\xA0\x31\x16\x23\xC8\xE7\xE2\x65\x16\x33\xCB\xBF\x1A\x1B\xA0\x3D\xF8\xCA\x5E\x8B\x31\x8B\x60\x08\x89\x2D\x0C\x06\x5C\x52\xB7\xC4\xF9\x0A\x98\xD1\x15\x5F\x9F\x12\xBE\x7C\x36\x63\x38\xBD\x44\xA4\x7F\xE4\x26\x2B\x0A\xC4\x97\x69\x0D\xE9\x8C\xE2\xC0\x10\x57\xB8\xC8\x76\x12\x91\x55\xF2\x48\x69\xD8\xBC\x2A\x02\x5B\x0F\x44\xD4\x20\x31\xDB\xF4\xBA\x70\x26\x5D\x90\x60\x9E\xBC\x4B\x17\x09\x2F\xB4\xCB\x1E\x43\x68\xC9\x07\x27\xC1\xD2\x5C\xF7\xEA\x21\xB9\x68\x12\x9C\x3C\x9C\xBF\x9E\xFC\x80\x5C\x9B\x63\xCD\xEC\x47\xAA\x25\x27\x67\xA0\x37\xF3\x00\x82\x7D\x54\xD7\xA9\xF8\xE9\x2E\x13\xA3\x77\xE8\x1F\x4A",
+	["CN=Class 2 Primary CA,O=Certplus,C=FR"] = "\x30\x82\x03\x92\x30\x82\x02\x7A\xA0\x03\x02\x01\x02\x02\x11\x00\x85\xBD\x4B\xF3\xD8\xDA\xE3\x69\xF6\x94\xD7\x5F\xC3\xA5\x44\x23\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x3D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x11\x30\x0F\x06\x03\x55\x04\x0A\x13\x08\x43\x65\x72\x74\x70\x6C\x75\x73\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x43\x6C\x61\x73\x73\x20\x32\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x41\x30\x1E\x17\x0D\x39\x39\x30\x37\x30\x37\x31\x37\x30\x35\x30\x30\x5A\x17\x0D\x31\x39\x30\x37\x30\x36\x32\x33\x35\x39\x35\x39\x5A\x30\x3D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x11\x30\x0F\x06\x03\x55\x04\x0A\x13\x08\x43\x65\x72\x74\x70\x6C\x75\x73\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x43\x6C\x61\x73\x73\x20\x32\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDC\x50\x96\xD0\x12\xF8\x35\xD2\x08\x78\x7A\xB6\x52\x70\xFD\x6F\xEE\xCF\xB9\x11\xCB\x5D\x77\xE1\xEC\xE9\x7E\x04\x8D\xD6\xCC\x6F\x73\x43\x57\x60\xAC\x33\x0A\x44\xEC\x03\x5F\x1C\x80\x24\x91\xE5\xA8\x91\x56\x12\x82\xF7\xE0\x2B\xF4\xDB\xAE\x61\x2E\x89\x10\x8D\x6B\x6C\xBA\xB3\x02\xBD\xD5\x36\xC5\x48\x37\x23\xE2\xF0\x5A\x37\x52\x33\x17\x12\xE2\xD1\x60\x4D\xBE\x2F\x41\x11\xE3\xF6\x17\x25\x0C\x8B\x91\xC0\x1B\x99\x7B\x99\x56\x0D\xAF\xEE\xD2\xBC\x47\x57\xE3\x79\x49\x7B\x34\x89\x27\x24\x84\xDE\xB1\xEC\xE9\x58\x4E\xFE\x4E\xDF\x5A\xBE\x41\xAD\xAC\x08\xC5\x18\x0E\xEF\xD2\x53\xEE\x6C\xD0\x9D\x12\x01\x13\x8D\xDC\x80\x62\xF7\x95\xA9\x44\x88\x4A\x71\x4E\x60\x55\x9E\xDB\x23\x19\x79\x56\x07\x0C\x3F\x63\x0B\x5C\xB0\xE2\xBE\x7E\x15\xFC\x94\x33\x58\x41\x38\x74\xC4\xE1\x8F\x8B\xDF\x26\xAC\x1F\xB5\x8B\x3B\xB7\x43\x59\x6B\xB0\x24\xA6\x6D\x90\x8B\xC4\x72\xEA\x5D\x33\x98\xB7\xCB\xDE\x5E\x7B\xEF\x94\xF1\x1B\x3E\xCA\xC9\x21\xC1\xC5\x98\x02\xAA\xA2\xF6\x5B\x77\x9B\xF5\x7E\x96\x55\x34\x1C\x67\x69\xC0\xF1\x42\xE3\x47\xAC\xFC\x28\x1C\x66\x55\x02\x03\x01\x00\x01\xA3\x81\x8C\x30\x81\x89\x30\x0F\x06\x03\x55\x1D\x13\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x0A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE3\x73\x2D\xDF\xCB\x0E\x28\x0C\xDE\xDD\xB3\xA4\xCA\x79\xB8\x8E\xBB\xE8\x30\x89\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x01\x06\x30\x37\x06\x03\x55\x1D\x1F\x04\x30\x30\x2E\x30\x2C\xA0\x2A\xA0\x28\x86\x26\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x65\x72\x74\x70\x6C\x75\x73\x2E\x63\x6F\x6D\x2F\x43\x52\x4C\x2F\x63\x6C\x61\x73\x73\x32\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xA7\x54\xCF\x88\x44\x19\xCB\xDF\xD4\x7F\x00\xDF\x56\x33\x62\xB5\xF7\x51\x01\x90\xEB\xC3\x3F\xD1\x88\x44\xE9\x24\x5D\xEF\xE7\x14\xBD\x20\xB7\x9A\x3C\x00\xFE\x6D\x9F\xDB\x90\xDC\xD7\xF4\x62\xD6\x8B\x70\x5D\xE7\xE5\x04\x48\xA9\x68\x7C\xC9\xF1\x42\xF3\x6C\x7F\xC5\x7A\x7C\x1D\x51\x88\xBA\xD2\x0A\x3E\x27\x5D\xDE\x2D\x51\x4E\xD3\x13\x64\x69\xE4\x2E\xE3\xD3\xE7\x9B\x09\x99\xA6\xE0\x95\x9B\xCE\x1A\xD7\x7F\xBE\x3C\xCE\x52\xB3\x11\x15\xC1\x0F\x17\xCD\x03\xBB\x9C\x25\x15\xBA\xA2\x76\x89\xFC\x06\xF1\x18\xD0\x93\x4B\x0E\x7C\x82\xB7\xA5\xF4\xF6\x5F\xFE\xED\x40\xA6\x9D\x84\x74\x39\xB9\xDC\x1E\x85\x16\xDA\x29\x1B\x86\x23\x00\xC9\xBB\x89\x7E\x6E\x80\x88\x1E\x2F\x14\xB4\x03\x24\xA8\x32\x6F\x03\x9A\x47\x2C\x30\xBE\x56\xC6\xA7\x42\x02\x70\x1B\xEA\x40\xD8\xBA\x05\x03\x70\x07\xA4\x96\xFF\xFD\x48\x33\x0A\xE1\xDC\xA5\x81\x90\x9B\x4D\xDD\x7D\xE7\xE7\xB2\xCD\x5C\xC8\x6A\x95\xF8\xA5\xF6\x8D\xC4\x5D\x78\x08\xBE\x7B\x06\xD6\x49\xCF\x19\x36\x50\x23\x2E\x08\xE6\x9E\x05\x4D\x47\x18\xD5\x16\xE9\xB1\xD6\xB6\x10\xD5\xBB\x97\xBF\xA2\x8E\xB4\x54",
+	["CN=DST Root CA X3,O=Digital Signature Trust Co."] = "\x30\x82\x03\x4A\x30\x82\x02\x32\xA0\x03\x02\x01\x02\x02\x10\x44\xAF\xB0\x80\xD6\xA3\x27\xBA\x89\x30\x39\x86\x2E\xF8\x40\x6B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x3F\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6F\x2E\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0E\x44\x53\x54\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x58\x33\x30\x1E\x17\x0D\x30\x30\x30\x39\x33\x30\x32\x31\x31\x32\x31\x39\x5A\x17\x0D\x32\x31\x30\x39\x33\x30\x31\x34\x30\x31\x31\x35\x5A\x30\x3F\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6F\x2E\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0E\x44\x53\x54\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x58\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDF\xAF\xE9\x97\x50\x08\x83\x57\xB4\xCC\x62\x65\xF6\x90\x82\xEC\xC7\xD3\x2C\x6B\x30\xCA\x5B\xEC\xD9\xC3\x7D\xC7\x40\xC1\x18\x14\x8B\xE0\xE8\x33\x76\x49\x2A\xE3\x3F\x21\x49\x93\xAC\x4E\x0E\xAF\x3E\x48\xCB\x65\xEE\xFC\xD3\x21\x0F\x65\xD2\x2A\xD9\x32\x8F\x8C\xE5\xF7\x77\xB0\x12\x7B\xB5\x95\xC0\x89\xA3\xA9\xBA\xED\x73\x2E\x7A\x0C\x06\x32\x83\xA2\x7E\x8A\x14\x30\xCD\x11\xA0\xE1\x2A\x38\xB9\x79\x0A\x31\xFD\x50\xBD\x80\x65\xDF\xB7\x51\x63\x83\xC8\xE2\x88\x61\xEA\x4B\x61\x81\xEC\x52\x6B\xB9\xA2\xE2\x4B\x1A\x28\x9F\x48\xA3\x9E\x0C\xDA\x09\x8E\x3E\x17\x2E\x1E\xDD\x20\xDF\x5B\xC6\x2A\x8A\xAB\x2E\xBD\x70\xAD\xC5\x0B\x1A\x25\x90\x74\x72\xC5\x7B\x6A\xAB\x34\xD6\x30\x89\xFF\xE5\x68\x13\x7B\x54\x0B\xC8\xD6\xAE\xEC\x5A\x9C\x92\x1E\x3D\x64\xB3\x8C\xC6\xDF\xBF\xC9\x41\x70\xEC\x16\x72\xD5\x26\xEC\x38\x55\x39\x43\xD0\xFC\xFD\x18\x5C\x40\xF1\x97\xEB\xD5\x9A\x9B\x8D\x1D\xBA\xDA\x25\xB9\xC6\xD8\xDF\xC1\x15\x02\x3A\xAB\xDA\x6E\xF1\x3E\x2E\xF5\x5C\x08\x9C\x3C\xD6\x83\x69\xE4\x10\x9B\x19\x2A\xB6\x29\x57\xE3\xE5\x3D\x9B\x9F\xF0\x02\x5D\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xC4\xA7\xB1\xA4\x7B\x2C\x71\xFA\xDB\xE1\x4B\x90\x75\xFF\xC4\x15\x60\x85\x89\x10\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xA3\x1A\x2C\x9B\x17\x00\x5C\xA9\x1E\xEE\x28\x66\x37\x3A\xBF\x83\xC7\x3F\x4B\xC3\x09\xA0\x95\x20\x5D\xE3\xD9\x59\x44\xD2\x3E\x0D\x3E\xBD\x8A\x4B\xA0\x74\x1F\xCE\x10\x82\x9C\x74\x1A\x1D\x7E\x98\x1A\xDD\xCB\x13\x4B\xB3\x20\x44\xE4\x91\xE9\xCC\xFC\x7D\xA5\xDB\x6A\xE5\xFE\xE6\xFD\xE0\x4E\xDD\xB7\x00\x3A\xB5\x70\x49\xAF\xF2\xE5\xEB\x02\xF1\xD1\x02\x8B\x19\xCB\x94\x3A\x5E\x48\xC4\x18\x1E\x58\x19\x5F\x1E\x02\x5A\xF0\x0C\xF1\xB1\xAD\xA9\xDC\x59\x86\x8B\x6E\xE9\x91\xF5\x86\xCA\xFA\xB9\x66\x33\xAA\x59\x5B\xCE\xE2\xA7\x16\x73\x47\xCB\x2B\xCC\x99\xB0\x37\x48\xCF\xE3\x56\x4B\xF5\xCF\x0F\x0C\x72\x32\x87\xC6\xF0\x44\xBB\x53\x72\x6D\x43\xF5\x26\x48\x9A\x52\x67\xB7\x58\xAB\xFE\x67\x76\x71\x78\xDB\x0D\xA2\x56\x14\x13\x39\x24\x31\x85\xA2\xA8\x02\x5A\x30\x47\xE1\xDD\x50\x07\xBC\x02\x09\x90\x00\xEB\x64\x63\x60\x9B\x16\xBC\x88\xC9\x12\xE6\xD2\x7D\x91\x8B\xF9\x3D\x32\x8D\x65\xB4\xE9\x7C\xB1\x57\x76\xEA\xC5\xB6\x28\x39\xBF\x15\x65\x1C\xC8\xF6\x77\x96\x6A\x0A\x8D\x77\x0B\xD8\x91\x0B\x04\x8E\x07\xDB\x29\xB6\x0A\xEE\x9D\x82\x35\x35\x10",
+	["CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US"] = "\x30\x82\x04\x09\x30\x82\x02\xF1\xA0\x03\x02\x01\x02\x02\x10\x0D\x5E\x99\x0A\xD6\x9D\xB7\x78\xEC\xD8\x07\x56\x3B\x86\x15\xD9\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x5B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1E\x06\x03\x55\x04\x0A\x13\x17\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x31\x11\x30\x0F\x06\x03\x55\x04\x0B\x13\x08\x44\x53\x54\x20\x41\x43\x45\x53\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0E\x44\x53\x54\x20\x41\x43\x45\x53\x20\x43\x41\x20\x58\x36\x30\x1E\x17\x0D\x30\x33\x31\x31\x32\x30\x32\x31\x31\x39\x35\x38\x5A\x17\x0D\x31\x37\x31\x31\x32\x30\x32\x31\x31\x39\x35\x38\x5A\x30\x5B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1E\x06\x03\x55\x04\x0A\x13\x17\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x31\x11\x30\x0F\x06\x03\x55\x04\x0B\x13\x08\x44\x53\x54\x20\x41\x43\x45\x53\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0E\x44\x53\x54\x20\x41\x43\x45\x53\x20\x43\x41\x20\x58\x36\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB9\x3D\xF5\x2C\xC9\x94\xDC\x75\x8A\x95\x5D\x63\xE8\x84\x77\x76\x66\xB9\x59\x91\x5C\x46\xDD\x92\x3E\x9F\xF9\x0E\x03\xB4\x3D\x61\x92\xBD\x23\x26\xB5\x63\xEE\x92\xD2\x9E\xD6\x3C\xC8\x0D\x90\x5F\x64\x81\xB1\xA8\x08\x0D\x4C\xD8\xF9\xD3\x05\x28\x52\xB4\x01\x25\xC5\x95\x1C\x0C\x7E\x3E\x10\x84\x75\xCF\xC1\x19\x91\x63\xCF\xE8\xA8\x91\x88\xB9\x43\x52\xBB\x80\xB1\x55\x89\x8B\x31\xFA\xD0\xB7\x76\xBE\x41\x3D\x30\x9A\xA4\x22\x25\x17\x73\xE8\x1E\xE2\xD3\xAC\x2A\xBD\x5B\x38\x21\xD5\x2A\x4B\xD7\x55\x7D\xE3\x3A\x55\xBD\xD7\x6D\x6B\x02\x57\x6B\xE6\x47\x7C\x08\xC8\x82\xBA\xDE\xA7\x87\x3D\xA1\x6D\xB8\x30\x56\xC2\xB3\x02\x81\x5F\x2D\xF5\xE2\x9A\x30\x18\x28\xB8\x66\xD3\xCB\x01\x96\x6F\xEA\x8A\x45\x55\xD6\xE0\x9D\xFF\x67\x2B\x17\x02\xA6\x4E\x1A\x6A\x11\x0B\x7E\xB7\x7B\xE7\x98\xD6\x8C\x76\x6F\xC1\x3B\xDB\x50\x93\x7E\xE5\xD0\x8E\x1F\x37\xB8\xBD\xBA\xC6\x9F\x6C\xE9\x7C\x33\xF2\x32\x3C\x26\x47\xFA\x27\x24\x02\xC9\x7E\x1D\x5B\x88\x42\x13\x6A\x35\x7C\x7D\x35\xE9\x2E\x66\x91\x72\x93\xD5\x32\x26\xC4\x74\xF5\x53\xA3\xB3\x5D\x9A\xF6\x09\xCB\x02\x03\x01\x00\x01\xA3\x81\xC8\x30\x81\xC5\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\xC6\x30\x1F\x06\x03\x55\x1D\x11\x04\x18\x30\x16\x81\x14\x70\x6B\x69\x2D\x6F\x70\x73\x40\x74\x72\x75\x73\x74\x64\x73\x74\x2E\x63\x6F\x6D\x30\x62\x06\x03\x55\x1D\x20\x04\x5B\x30\x59\x30\x57\x06\x0A\x60\x86\x48\x01\x65\x03\x02\x01\x01\x01\x30\x49\x30\x47\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x3B\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x74\x72\x75\x73\x74\x64\x73\x74\x2E\x63\x6F\x6D\x2F\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x73\x2F\x70\x6F\x6C\x69\x63\x79\x2F\x41\x43\x45\x53\x2D\x69\x6E\x64\x65\x78\x2E\x68\x74\x6D\x6C\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x09\x72\x06\x4E\x18\x43\x0F\xE5\xD6\xCC\xC3\x6A\x8B\x31\x7B\x78\x8F\xA8\x83\xB8\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xA3\xD8\x8E\xD6\xB2\xDB\xCE\x05\xE7\x32\xCD\x01\xD3\x04\x03\xE5\x76\xE4\x56\x2B\x9C\x99\x90\xE8\x08\x30\x6C\xDF\x7D\x3D\xEE\xE5\xBF\xB5\x24\x40\x84\x49\xE1\xD1\x28\xAE\xC4\xC2\x3A\x53\x30\x88\xF1\xF5\x77\x6E\x51\xCA\xFA\xFF\x99\xAF\x24\x5F\x1B\xA0\xFD\xF2\xAC\x84\xCA\xDF\xA9\xF0\x5F\x04\x2E\xAD\x16\xBF\x21\x97\x10\x81\x3D\xE3\xFF\x87\x8D\x32\xDC\x94\xE5\x47\x8A\x5E\x6A\x13\xC9\x94\x95\x3D\xD2\xEE\xC8\x34\x95\xD0\x80\xD4\xAD\x32\x08\x80\x54\x3C\xE0\xBD\x52\x53\xD7\x52\x7C\xB2\x69\x3F\x7F\x7A\xCF\x6A\x74\xCA\xFA\x04\x2A\x9C\x4C\x5A\x06\xA5\xE9\x20\xAD\x45\x66\x0F\x69\xF1\xDD\xBF\xE9\xE3\x32\x8B\xFA\xE0\xC1\x86\x4D\x72\x3C\x2E\xD8\x93\x78\x0A\x2A\xF8\xD8\xD2\x27\x3D\x19\x89\x5F\x5A\x7B\x8A\x3B\xCC\x0C\xDA\x51\xAE\xC7\x0B\xF7\x2B\xB0\x37\x05\xEC\xBC\x57\x23\xE2\x38\xD2\x9B\x68\xF3\x56\x12\x88\x4F\x42\x7C\xB8\x31\xC4\xB5\xDB\xE4\xC8\x21\x34\xE9\x48\x11\x35\xEE\xFA\xC7\x92\x57\xC5\x9F\x34\xE4\xC7\xF6\xF7\x0E\x0B\x4C\x9C\x68\x78\x7B\x71\x31\xC7\xEB\x1E\xE0\x67\x41\xF3\xB7\xA0\xA7\xCD\xE5\x7A\x33\x36\x6A\xFA\x9A\x2B",
+	["O=(c) 2005 T\C3\9CRKTRUST Bilgi \C4\B0leti\C5\9Fim ve Bili\C5\9Fim G\C3\BCvenli\C4\9Fi Hizmetleri A.\C5\9E.,L=ANKARA,C=TR,CN=T\C3\9CRKTRUST Elektronik Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1"] = "\x30\x82\x03\xFB\x30\x82\x02\xE3\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xB7\x31\x3F\x30\x3D\x06\x03\x55\x04\x03\x0C\x36\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\xC4\x9F\x6C\x61\x79\xC4\xB1\x63\xC4\xB1\x73\xC4\xB1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x0C\x02\x54\x52\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x0C\x06\x41\x4E\x4B\x41\x52\x41\x31\x56\x30\x54\x06\x03\x55\x04\x0A\x0C\x4D\x28\x63\x29\x20\x32\x30\x30\x35\x20\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x42\x69\x6C\x67\x69\x20\xC4\xB0\x6C\x65\x74\x69\xC5\x9F\x69\x6D\x20\x76\x65\x20\x42\x69\x6C\x69\xC5\x9F\x69\x6D\x20\x47\xC3\xBC\x76\x65\x6E\x6C\x69\xC4\x9F\x69\x20\x48\x69\x7A\x6D\x65\x74\x6C\x65\x72\x69\x20\x41\x2E\xC5\x9E\x2E\x30\x1E\x17\x0D\x30\x35\x30\x35\x31\x33\x31\x30\x32\x37\x31\x37\x5A\x17\x0D\x31\x35\x30\x33\x32\x32\x31\x30\x32\x37\x31\x37\x5A\x30\x81\xB7\x31\x3F\x30\x3D\x06\x03\x55\x04\x03\x0C\x36\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\xC4\x9F\x6C\x61\x79\xC4\xB1\x63\xC4\xB1\x73\xC4\xB1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x0C\x02\x54\x52\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x0C\x06\x41\x4E\x4B\x41\x52\x41\x31\x56\x30\x54\x06\x03\x55\x04\x0A\x0C\x4D\x28\x63\x29\x20\x32\x30\x30\x35\x20\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x42\x69\x6C\x67\x69\x20\xC4\xB0\x6C\x65\x74\x69\xC5\x9F\x69\x6D\x20\x76\x65\x20\x42\x69\x6C\x69\xC5\x9F\x69\x6D\x20\x47\xC3\xBC\x76\x65\x6E\x6C\x69\xC4\x9F\x69\x20\x48\x69\x7A\x6D\x65\x74\x6C\x65\x72\x69\x20\x41\x2E\xC5\x9E\x2E\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCA\x52\x05\xD6\x63\x03\xD8\x1C\x5F\xDD\xD2\x7B\x5D\xF2\x0C\x60\x61\x5B\x6B\x3B\x74\x2B\x78\x0D\x7D\x45\xBD\x22\x74\xE8\x8C\x03\xC1\xC6\x11\x2A\x3D\x95\xBC\xA9\x94\xB0\xBB\x91\x97\xC8\x69\x7C\x84\xC5\xB4\x91\x6C\x6C\x13\x6A\xA4\x55\xAD\xA4\x85\xE8\x95\x7E\xB3\x00\xAF\x00\xC2\x05\x18\xF5\x70\x9D\x36\x8B\xAE\xCB\xE4\x1B\x81\x7F\x93\x88\xFB\x6A\x55\xBB\x7D\x85\x92\xCE\xBA\x58\x9F\xDB\x32\xC5\xBD\x5D\xEF\x22\x4A\x2F\x41\x07\x7E\x49\x61\xB3\x86\xEC\x4E\xA6\x41\x6E\x84\xBC\x03\xEC\xF5\x3B\x1C\xC8\x1F\xC2\xEE\xA8\xEE\xEA\x12\x4A\x8D\x14\xCF\xF3\x0A\xE0\x50\x39\xF9\x08\x35\xF8\x11\x59\xAD\xE7\x22\xEA\x4B\xCA\x14\x06\xDE\x42\xBA\xB2\x99\xF3\x2D\x54\x88\x10\x06\xEA\xE1\x1A\x3E\x3D\x67\x1F\xFB\xCE\xFB\x7C\x82\xE8\x11\x5D\x4A\xC1\xB9\x14\xEA\x54\xD9\x66\x9B\x7C\x89\x7D\x04\x9A\x62\xC9\xE9\x52\x3C\x9E\x9C\xEF\xD2\xF5\x26\xE4\xE6\xE5\x18\x7C\x8B\x6E\xDF\x6C\xCC\x78\x5B\x4F\x72\xB2\xCB\x5C\x3F\x8C\x05\x8D\xD1\x4C\x8C\xAD\x92\xC7\xE1\x78\x7F\x65\x6C\x49\x06\x50\x2C\x9E\x32\xC2\xD7\x4A\xC6\x75\x8A\x59\x4E\x75\x6F\x47\x5E\xC1\x02\x03\x01\x00\x01\xA3\x10\x30\x0E\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x15\xF5\x55\xFF\x37\x96\x80\x59\x21\xA4\xFC\xA1\x15\x4C\x20\xF6\xD4\x5F\xDA\x03\x24\xFC\xCF\x90\x1A\xF4\x21\x0A\x9A\xEE\x3A\xB1\x6A\xEF\xEF\xF8\x60\xD1\x4C\x36\x66\x45\x1D\xF3\x66\x02\x74\x04\x7B\x92\x30\xA8\xDE\x0A\x76\x0F\xEF\x95\x6E\xBD\xC9\x37\xE6\x1A\x0D\xAC\x89\x48\x5B\xCC\x83\x36\xC2\xF5\x46\x5C\x59\x82\x56\xB4\xD5\xFE\x23\xB4\xD8\x54\x1C\x44\xAB\xC4\xA7\xE5\x14\xCE\x3C\x41\x61\x7C\x43\xE6\xCD\xC4\x81\x09\x8B\x24\xFB\x54\x25\xD6\x16\xA8\x96\x0C\x67\x07\x6F\xB3\x50\x47\xE3\x1C\x24\x28\xDD\x2A\x98\xA4\x61\xFE\xDB\xEA\x12\x37\xBC\x01\x1A\x34\x85\xBD\x6E\x4F\xE7\x91\x72\x07\x44\x85\x1E\x58\xCA\x54\x44\xDD\xF7\xAC\xB9\xCB\x89\x21\x72\xDB\x8F\xC0\x69\x29\x97\x2A\xA3\xAE\x18\x23\x97\x1C\x41\x2A\x8B\x7C\x2A\xC1\x7C\x90\xE8\xA9\x28\xC0\xD3\x91\xC6\xAD\x28\x87\x40\x68\xB5\xFF\xEC\xA7\xD2\xD3\x38\x18\x9C\xD3\x7D\x69\x5D\xF0\xC6\xA5\x1E\x24\x1B\xA3\x47\xFC\x69\x07\x68\xE7\xE4\x9A\xB4\xED\x0F\xA1\x87\x87\x02\xCE\x87\xD2\x48\x4E\xE1\xBC\xFF\xCB\xF1\x72\x92\x44\x64\x03\x25\xEA\xDE\x5B\x6E\x9F\xC9\xF2\x4E\xAC\xDD\xC7",
+	["O=T\C3\9CRKTRUST Bilgi \C4\B0leti\C5\9Fim ve Bili\C5\9Fim G\C3\BCvenli\C4\9Fi Hizmetleri A.\C5\9E. (c) Kas\C4\B1m 2005,L=Ankara,C=TR,CN=T\C3\9CRKTRUST Elektronik Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1"] = "\x30\x82\x04\x3C\x30\x82\x03\x24\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xBE\x31\x3F\x30\x3D\x06\x03\x55\x04\x03\x0C\x36\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\xC4\x9F\x6C\x61\x79\xC4\xB1\x63\xC4\xB1\x73\xC4\xB1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x0C\x06\x41\x6E\x6B\x61\x72\x61\x31\x5D\x30\x5B\x06\x03\x55\x04\x0A\x0C\x54\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x42\x69\x6C\x67\x69\x20\xC4\xB0\x6C\x65\x74\x69\xC5\x9F\x69\x6D\x20\x76\x65\x20\x42\x69\x6C\x69\xC5\x9F\x69\x6D\x20\x47\xC3\xBC\x76\x65\x6E\x6C\x69\xC4\x9F\x69\x20\x48\x69\x7A\x6D\x65\x74\x6C\x65\x72\x69\x20\x41\x2E\xC5\x9E\x2E\x20\x28\x63\x29\x20\x4B\x61\x73\xC4\xB1\x6D\x20\x32\x30\x30\x35\x30\x1E\x17\x0D\x30\x35\x31\x31\x30\x37\x31\x30\x30\x37\x35\x37\x5A\x17\x0D\x31\x35\x30\x39\x31\x36\x31\x30\x30\x37\x35\x37\x5A\x30\x81\xBE\x31\x3F\x30\x3D\x06\x03\x55\x04\x03\x0C\x36\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\xC4\x9F\x6C\x61\x79\xC4\xB1\x63\xC4\xB1\x73\xC4\xB1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x0C\x06\x41\x6E\x6B\x61\x72\x61\x31\x5D\x30\x5B\x06\x03\x55\x04\x0A\x0C\x54\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x42\x69\x6C\x67\x69\x20\xC4\xB0\x6C\x65\x74\x69\xC5\x9F\x69\x6D\x20\x76\x65\x20\x42\x69\x6C\x69\xC5\x9F\x69\x6D\x20\x47\xC3\xBC\x76\x65\x6E\x6C\x69\xC4\x9F\x69\x20\x48\x69\x7A\x6D\x65\x74\x6C\x65\x72\x69\x20\x41\x2E\xC5\x9E\x2E\x20\x28\x63\x29\x20\x4B\x61\x73\xC4\xB1\x6D\x20\x32\x30\x30\x35\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA9\x36\x7E\xC3\x91\x43\x4C\xC3\x19\x98\x08\xC8\xC7\x58\x7B\x4F\x16\x8C\xA5\xCE\x49\x01\x1F\x73\x0E\xAC\x75\x13\xA6\xFA\x9E\x2C\x20\xDE\xD8\x90\x0E\x0A\xD1\x69\xD2\x27\xFB\xAA\x77\x9F\x27\x52\x25\xE2\xCB\x5D\xD8\xD8\x83\x50\x17\x7D\x8A\xB5\x82\x3F\x04\x8E\xB4\xD5\xF0\x49\xA7\x64\xB7\x1E\x2E\x5F\x20\x9C\x50\x75\x4F\xAF\xE1\xB5\x41\x14\xF4\x98\x92\x88\xC7\xE5\xE5\x64\x47\x61\x47\x79\xFD\xC0\x51\xF1\xC1\x99\xE7\xDC\xCE\x6A\xFB\xAF\xB5\x01\x30\xDC\x46\x1C\xEF\x8A\xEC\x95\xEF\xDC\xFF\xAF\x10\x1C\xEB\x9D\xD8\xB0\xAA\x6A\x85\x18\x0D\x17\xC9\x3E\xBF\xF1\x9B\xD0\x09\x89\x42\xFD\xA0\x42\xB4\x9D\x89\x51\x55\x29\xCF\x1B\x70\xBC\x84\x54\xAD\xC1\x13\x1F\x98\xF4\x2E\x76\x60\x8B\x5D\x3F\x9A\xAD\xCA\x0C\xBF\xA7\x56\x5B\x8F\x77\xB8\xD5\x9E\x79\x49\x92\x3F\xE0\xF1\x97\x24\x7A\x6C\x9B\x17\x0F\x6D\xEF\x53\x98\x91\x2B\xE4\x0F\xBE\x59\x79\x07\x78\xBB\x97\x95\xF4\x9F\x69\xD4\x58\x87\x0A\xA9\xE3\xCC\xB6\x58\x19\x9F\x26\x21\xB1\xC4\x59\x8D\xB2\x41\x75\xC0\xAD\x69\xCE\x9C\x00\x08\xF2\x36\xFF\x3E\xF0\xA1\x0F\x1A\xAC\x14\xFD\xA6\x60\x0F\x02\x03\x01\x00\x01\xA3\x43\x30\x41\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xD9\x37\xB3\x4E\x05\xFD\xD9\xCF\x9F\x12\x16\xAE\xB6\x89\x2F\xEB\x25\x3A\x88\x1C\x30\x0F\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x05\x03\x03\x07\x06\x00\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x72\x60\x96\xB7\xC9\xDC\xD8\x29\x5E\x23\x85\x5F\xB2\xB3\x2D\x76\xFB\x88\xD7\x17\xFE\x7B\x6D\x45\xB8\xF6\x85\x6C\x9F\x22\xFC\x2A\x10\x22\xEC\xAA\xB9\x30\xF6\xAB\x58\xD6\x39\x10\x31\x99\x29\x00\xBD\x89\x66\x41\xFB\x74\xDE\x91\xC1\x18\x0B\x9F\xB5\x61\xCB\x9D\x3A\xBE\xF5\xA8\x94\xA3\x22\x55\x6E\x17\x49\xFF\xD2\x29\xF1\x38\x26\x5D\xEF\xA5\xAA\x3A\xF9\x71\x7B\xE6\xDA\x58\x1D\xD3\x74\xC2\x01\xFA\x3E\x69\x58\x5F\xAD\xCB\x68\xBE\x14\x2E\x9B\x6C\xC0\xB6\xDC\xA0\x26\xFA\x77\x1A\xE2\x24\xDA\x1A\x37\xE0\x67\xAD\xD1\x73\x83\x0D\xA5\x1A\x1D\x6E\x12\x92\x7E\x84\x62\x00\x17\xBD\xBC\x25\x18\x57\xF2\xD7\xA9\x6F\x59\x88\xBC\x34\xB7\x2E\x85\x78\x9D\x96\xDC\x14\xC3\x2C\x8A\x52\x9B\x96\x8C\x52\x66\x3D\x86\x16\x8B\x47\xB8\x51\x09\x8C\xEA\x7D\xCD\x88\x72\xB3\x60\x33\xB1\xF0\x0A\x44\xEF\x0F\xF5\x09\x37\x88\x24\x0E\x2C\x6B\x20\x3A\xA2\xFA\x11\xF2\x40\x35\x9C\x44\x68\x63\x3B\xAC\x33\x6F\x63\xBC\x2C\xBB\xF2\xD2\xCB\x76\x7D\x7D\x88\xD8\x1D\xC8\x05\x1D\x6E\xBC\x94\xA9\x66\x8C\x77\x71\xC7\xFA\x91\xFA\x2F\x51\x9E\xE9\x39\x52\xB6\xE7\x04\x42",
+	["CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH"] = "\x30\x82\x05\xBA\x30\x82\x03\xA2\xA0\x03\x02\x01\x02\x02\x09\x00\xBB\x40\x1C\x43\xF5\x5E\x4F\xB0\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x53\x77\x69\x73\x73\x53\x69\x67\x6E\x20\x41\x47\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x13\x16\x53\x77\x69\x73\x73\x53\x69\x67\x6E\x20\x47\x6F\x6C\x64\x20\x43\x41\x20\x2D\x20\x47\x32\x30\x1E\x17\x0D\x30\x36\x31\x30\x32\x35\x30\x38\x33\x30\x33\x35\x5A\x17\x0D\x33\x36\x31\x30\x32\x35\x30\x38\x33\x30\x33\x35\x5A\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x53\x77\x69\x73\x73\x53\x69\x67\x6E\x20\x41\x47\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x13\x16\x53\x77\x69\x73\x73\x53\x69\x67\x6E\x20\x47\x6F\x6C\x64\x20\x43\x41\x20\x2D\x20\x47\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xAF\xE4\xEE\x7E\x8B\x24\x0E\x12\x6E\xA9\x50\x2D\x16\x44\x3B\x92\x92\x5C\xCA\xB8\x5D\x84\x92\x42\x13\x2A\xBC\x65\x57\x82\x40\x3E\x57\x24\xCD\x50\x8B\x25\x2A\xB7\x6F\xFC\xEF\xA2\xD0\xC0\x1F\x02\x24\x4A\x13\x96\x8F\x23\x13\xE6\x28\x58\x00\xA3\x47\xC7\x06\xA7\x84\x23\x2B\xBB\xBD\x96\x2B\x7F\x55\xCC\x8B\xC1\x57\x1F\x0E\x62\x65\x0F\xDD\x3D\x56\x8A\x73\xDA\xAE\x7E\x6D\xBA\x81\x1C\x7E\x42\x8C\x20\x35\xD9\x43\x4D\x84\xFA\x84\xDB\x52\x2C\xF3\x0E\x27\x77\x0B\x6B\xBF\x11\x2F\x72\x78\x9F\x2E\xD8\x3E\xE6\x18\x37\x5A\x2A\x72\xF9\xDA\x62\x90\x92\x95\xCA\x1F\x9C\xE9\xB3\x3C\x2B\xCB\xF3\x01\x13\xBF\x5A\xCF\xC1\xB5\x0A\x60\xBD\xDD\xB5\x99\x64\x53\xB8\xA0\x96\xB3\x6F\xE2\x26\x77\x91\x8C\xE0\x62\x10\x02\x9F\x34\x0F\xA4\xD5\x92\x33\x51\xDE\xBE\x8D\xBA\x84\x7A\x60\x3C\x6A\xDB\x9F\x2B\xEC\xDE\xDE\x01\x3F\x6E\x4D\xE5\x50\x86\xCB\xB4\xAF\xED\x44\x40\xC5\xCA\x5A\x8C\xDA\xD2\x2B\x7C\xA8\xEE\xBE\xA6\xE5\x0A\xAA\x0E\xA5\xDF\x05\x52\xB7\x55\xC7\x22\x5D\x32\x6A\x97\x97\x63\x13\xDB\xC9\xDB\x79\x36\x7B\x85\x3A\x4A\xC5\x52\x89\xF9\x24\xE7\x9D\x77\xA9\x82\xFF\x55\x1C\xA5\x71\x69\x2B\xD1\x02\x24\xF2\xB3\x26\xD4\x6B\xDA\x04\x55\xE5\xC1\x0A\xC7\x6D\x30\x37\x90\x2A\xE4\x9E\x14\x33\x5E\x16\x17\x55\xC5\x5B\xB5\xCB\x34\x89\x92\xF1\x9D\x26\x8F\xA1\x07\xD4\xC6\xB2\x78\x50\xDB\x0C\x0C\x0B\x7C\x0B\x8C\x41\xD7\xB9\xE9\xDD\x8C\x88\xF7\xA3\x4D\xB2\x32\xCC\xD8\x17\xDA\xCD\xB7\xCE\x66\x9D\xD4\xFD\x5E\xFF\xBD\x97\x3E\x29\x75\xE7\x7E\xA7\x62\x58\xAF\x25\x34\xA5\x41\xC7\x3D\xBC\x0D\x50\xCA\x03\x03\x0F\x08\x5A\x1F\x95\x73\x78\x62\xBF\xAF\x72\x14\x69\x0E\xA5\xE5\x03\x0E\x78\x8E\x26\x28\x42\xF0\x07\x0B\x62\x20\x10\x67\x39\x46\xFA\xA9\x03\xCC\x04\x38\x7A\x66\xEF\x20\x83\xB5\x8C\x4A\x56\x8E\x91\x00\xFC\x8E\x5C\x82\xDE\x88\xA0\xC3\xE2\x68\x6E\x7D\x8D\xEF\x3C\xDD\x65\xF4\x5D\xAC\x51\xEF\x24\x80\xAE\xAA\x56\x97\x6F\xF9\xAD\x7D\xDA\x61\x3F\x98\x77\x3C\xA5\x91\xB6\x1C\x8C\x26\xDA\x65\xA2\x09\x6D\xC1\xE2\x54\xE3\xB9\xCA\x4C\x4C\x80\x8F\x77\x7B\x60\x9A\x1E\xDF\xB6\xF2\x48\x1E\x0E\xBA\x4E\x54\x6D\x98\xE0\xE1\xA2\x1A\xA2\x77\x50\xCF\xC4\x63\x92\xEC\x47\x19\x9D\xEB\xE6\x6B\xCE\xC1\x02\x03\x01\x00\x01\xA3\x81\xAC\x30\x81\xA9\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x5B\x25\x7B\x96\xA4\x65\x51\x7E\xB8\x39\xF3\xC0\x78\x66\x5E\xE8\x3A\xE7\xF0\xEE\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x5B\x25\x7B\x96\xA4\x65\x51\x7E\xB8\x39\xF3\xC0\x78\x66\x5E\xE8\x3A\xE7\xF0\xEE\x30\x46\x06\x03\x55\x1D\x20\x04\x3F\x30\x3D\x30\x3B\x06\x09\x60\x85\x74\x01\x59\x01\x02\x01\x01\x30\x2E\x30\x2C\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x20\x68\x74\x74\x70\x3A\x2F\x2F\x72\x65\x70\x6F\x73\x69\x74\x6F\x72\x79\x2E\x73\x77\x69\x73\x73\x73\x69\x67\x6E\x2E\x63\x6F\x6D\x2F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x27\xBA\xE3\x94\x7C\xF1\xAE\xC0\xDE\x17\xE6\xE5\xD8\xD5\xF5\x54\xB0\x83\xF4\xBB\xCD\x5E\x05\x7B\x4F\x9F\x75\x66\xAF\x3C\xE8\x56\x7E\xFC\x72\x78\x38\x03\xD9\x2B\x62\x1B\x00\xB9\xF8\xE9\x60\xCD\xCC\xCE\x51\x8A\xC7\x50\x31\x6E\xE1\x4A\x7E\x18\x2F\x69\x59\xB6\x3D\x64\x81\x2B\xE3\x83\x84\xE6\x22\x87\x8E\x7D\xE0\xEE\x02\x99\x61\xB8\x1E\xF4\xB8\x2B\x88\x12\x16\x84\xC2\x31\x93\x38\x96\x31\xA6\xB9\x3B\x53\x3F\xC3\x24\x93\x56\x5B\x69\x92\xEC\xC5\xC1\xBB\x38\x00\xE3\xEC\x17\xA9\xB8\xDC\xC7\x7C\x01\x83\x9F\x32\x47\xBA\x52\x22\x34\x1D\x32\x7A\x09\x56\xA7\x7C\x25\x36\xA9\x3D\x4B\xDA\xC0\x82\x6F\x0A\xBB\x12\xC8\x87\x4B\x27\x11\xF9\x1E\x2D\xC7\x93\x3F\x9E\xDB\x5F\x26\x6B\x52\xD9\x2E\x8A\xF1\x14\xC6\x44\x8D\x15\xA9\xB7\xBF\xBD\xDE\xA6\x1A\xEE\xAE\x2D\xFB\x48\x77\x17\xFE\xBB\xEC\xAF\x18\xF5\x2A\x51\xF0\x39\x84\x97\x95\x6C\x6E\x1B\xC3\x2B\xC4\x74\x60\x79\x25\xB0\x0A\x27\xDF\xDF\x5E\xD2\x39\xCF\x45\x7D\x42\x4B\xDF\xB3\x2C\x1E\xC5\xC6\x5D\xCA\x55\x3A\xA0\x9C\x69\x9A\x8F\xDA\xEF\xB2\xB0\x3C\x9F\x87\x6C\x12\x2B\x65\x70\x15\x52\x31\x1A\x24\xCF\x6F\x31\x23\x50\x1F\x8C\x4F\x8F\x23\xC3\x74\x41\x63\x1C\x55\xA8\x14\xDD\x3E\xE0\x51\x50\xCF\xF1\x1B\x30\x56\x0E\x92\xB0\x82\x85\xD8\x83\xCB\x22\x64\xBC\x2D\xB8\x25\xD5\x54\xA2\xB8\x06\xEA\xAD\x92\xA4\x24\xA0\xC1\x86\xB5\x4A\x13\x6A\x47\xCF\x2E\x0B\x56\x95\x54\xCB\xCE\x9A\xDB\x6A\xB4\xA6\xB2\xDB\x41\x08\x86\x27\x77\xF7\x6A\xA0\x42\x6C\x0B\x38\xCE\xD7\x75\x50\x32\x92\xC2\xDF\x2B\x30\x22\x48\xD0\xD5\x41\x38\x25\x5D\xA4\xE9\x5D\x9F\xC6\x94\x75\xD0\x45\xFD\x30\x97\x43\x8F\x90\xAB\x0A\xC7\x86\x73\x60\x4A\x69\x2D\xDE\xA5\x78\xD7\x06\xDA\x6A\x9E\x4B\x3E\x77\x3A\x20\x13\x22\x01\xD0\xBF\x68\x9E\x63\x60\x6B\x35\x4D\x0B\x6D\xBA\xA1\x3D\xC0\x93\xE0\x7F\x23\xB3\x55\xAD\x72\x25\x4E\x46\xF9\xD2\x16\xEF\xB0\x64\xC1\x01\x9E\xE9\xCA\xA0\x6A\x98\x0E\xCF\xD8\x60\xF2\x2F\x49\xB8\xE4\x42\xE1\x38\x35\x16\xF4\xC8\x6E\x4F\xF7\x81\x56\xE8\xBA\xA3\xBE\x23\xAF\xAE\xFD\x6F\x03\xE0\x02\x3B\x30\x76\xFA\x1B\x6D\x41\xCF\x01\xB1\xE9\xB8\xC9\x66\xF4\xDB\x26\xF3\x3A\xA4\x74\xF2\x49\x24\x5B\xC9\xB0\xD0\x57\xC1\xFA\x3E\x7A\xE1\x97\xC9",
+	["CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH"] = "\x30\x82\x05\xBD\x30\x82\x03\xA5\xA0\x03\x02\x01\x02\x02\x08\x4F\x1B\xD4\x2F\x54\xBB\x2F\x4B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x47\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x53\x77\x69\x73\x73\x53\x69\x67\x6E\x20\x41\x47\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x53\x77\x69\x73\x73\x53\x69\x67\x6E\x20\x53\x69\x6C\x76\x65\x72\x20\x43\x41\x20\x2D\x20\x47\x32\x30\x1E\x17\x0D\x30\x36\x31\x30\x32\x35\x30\x38\x33\x32\x34\x36\x5A\x17\x0D\x33\x36\x31\x30\x32\x35\x30\x38\x33\x32\x34\x36\x5A\x30\x47\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x53\x77\x69\x73\x73\x53\x69\x67\x6E\x20\x41\x47\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x53\x77\x69\x73\x73\x53\x69\x67\x6E\x20\x53\x69\x6C\x76\x65\x72\x20\x43\x41\x20\x2D\x20\x47\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xC4\xF1\x87\x7F\xD3\x78\x31\xF7\x38\xC9\xF8\xC3\x99\x43\xBC\xC7\xF7\xBC\x37\xE7\x4E\x71\xBA\x4B\x8F\xA5\x73\x1D\x5C\x6E\x98\xAE\x03\x57\xAE\x38\x37\x43\x2F\x17\x3D\x1F\xC8\xCE\x68\x10\xC1\x78\xAE\x19\x03\x2B\x10\xFA\x2C\x79\x83\xF6\xE8\xB9\x68\xB9\x55\xF2\x04\x44\xA7\x39\xF9\xFC\x04\x8B\x1E\xF1\xA2\x4D\x27\xF9\x61\x7B\xBA\xB7\xE5\xA2\x13\xB6\xEB\x61\x3E\xD0\x6C\xD1\xE6\xFB\xFA\x5E\xED\x1D\xB4\x9E\xA0\x35\x5B\xA1\x92\xCB\xF0\x49\x92\xFE\x85\x0A\x05\x3E\xE6\xD9\x0B\xE2\x4F\xBB\xDC\x95\x37\xFC\x91\xE9\x32\x35\x22\xD1\x1F\x3A\x4E\x27\x85\x9D\xB0\x15\x94\x32\xDA\x61\x0D\x47\x4D\x60\x42\xAE\x92\x47\xE8\x83\x5A\x50\x58\xE9\x8A\x8B\xB9\x5D\xA1\xDC\xDD\x99\x4A\x1F\x36\x67\xBB\x48\xE4\x83\xB6\x37\xEB\x48\x3A\xAF\x0F\x67\x8F\x17\x07\xE8\x04\xCA\xEF\x6A\x31\x87\xD4\xC0\xB6\xF9\x94\x71\x7B\x67\x64\xB8\xB6\x91\x4A\x42\x7B\x65\x2E\x30\x6A\x0C\xF5\x90\xEE\x95\xE6\xF2\xCD\x82\xEC\xD9\xA1\x4A\xEC\xF6\xB2\x4B\xE5\x45\x85\xE6\x6D\x78\x93\x04\x2E\x9C\x82\x6D\x36\xA9\xC4\x31\x64\x1F\x86\x83\x0B\x2A\xF4\x35\x0A\x78\xC9\x55\xCF\x41\xB0\x47\xE9\x30\x9F\x99\xBE\x61\xA8\x06\x84\xB9\x28\x7A\x5F\x38\xD9\x1B\xA9\x38\xB0\x83\x7F\x73\xC1\xC3\x3B\x48\x2A\x82\x0F\x21\x9B\xB8\xCC\xA8\x35\xC3\x84\x1B\x83\xB3\x3E\xBE\xA4\x95\x69\x01\x3A\x89\x00\x78\x04\xD9\xC9\xF4\x99\x19\xAB\x56\x7E\x5B\x8B\x86\x39\x15\x91\xA4\x10\x2C\x09\x32\x80\x60\xB3\x93\xC0\x2A\xB6\x18\x0B\x9D\x7E\x8D\x49\xF2\x10\x4A\x7F\xF9\xD5\x46\x2F\x19\x92\xA3\x99\xA7\x26\xAC\xBB\x8C\x3C\xE6\x0E\xBC\x47\x07\xDC\x73\x51\xF1\x70\x64\x2F\x08\xF9\xB4\x47\x1D\x30\x6C\x44\xEA\x29\x37\x85\x92\x68\x66\xBC\x83\x38\xFE\x7B\x39\x2E\xD3\x50\xF0\x1F\xFB\x5E\x60\xB6\xA9\xA6\xFA\x27\x41\xF1\x9B\x18\x72\xF2\xF5\x84\x74\x4A\xC9\x67\xC4\x54\xAE\x48\x64\xDF\x8C\xD1\x6E\xB0\x1D\xE1\x07\x8F\x08\x1E\x99\x9C\x71\xE9\x4C\xD8\xA5\xF7\x47\x12\x1F\x74\xD1\x51\x9E\x86\xF3\xC2\xA2\x23\x40\x0B\x73\xDB\x4B\xA6\xE7\x73\x06\x8C\xC1\xA0\xE9\xC1\x59\xAC\x46\xFA\xE6\x2F\xF8\xCF\x71\x9C\x46\x6D\xB9\xC4\x15\x8D\x38\x79\x03\x45\x48\xEF\xC4\x5D\xD7\x08\xEE\x87\x39\x22\x86\xB2\x0D\x0F\x58\x43\xF7\x71\xA9\x48\x2E\xFD\xEA\xD6\x1F\x02\x03\x01\x00\x01\xA3\x81\xAC\x30\x81\xA9\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x17\xA0\xCD\xC1\xE4\x41\xB6\x3A\x5B\x3B\xCB\x45\x9D\xBD\x1C\xC2\x98\xFA\x86\x58\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x17\xA0\xCD\xC1\xE4\x41\xB6\x3A\x5B\x3B\xCB\x45\x9D\xBD\x1C\xC2\x98\xFA\x86\x58\x30\x46\x06\x03\x55\x1D\x20\x04\x3F\x30\x3D\x30\x3B\x06\x09\x60\x85\x74\x01\x59\x01\x03\x01\x01\x30\x2E\x30\x2C\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x20\x68\x74\x74\x70\x3A\x2F\x2F\x72\x65\x70\x6F\x73\x69\x74\x6F\x72\x79\x2E\x73\x77\x69\x73\x73\x73\x69\x67\x6E\x2E\x63\x6F\x6D\x2F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x73\xC6\x81\xE0\x27\xD2\x2D\x0F\xE0\x95\x30\xE2\x9A\x41\x7F\x50\x2C\x5F\x5F\x62\x61\xA9\x86\x6A\x69\x18\x0C\x74\x49\xD6\x5D\x84\xEA\x41\x52\x18\x6F\x58\xAD\x50\x56\x20\x6A\xC6\xBD\x28\x69\x58\x91\xDC\x91\x11\x35\xA9\x3A\x1D\xBC\x1A\xA5\x60\x9E\xD8\x1F\x7F\x45\x91\x69\xD9\x7E\xBB\x78\x72\xC1\x06\x0F\x2A\xCE\x8F\x85\x70\x61\xAC\xA0\xCD\x0B\xB8\x39\x29\x56\x84\x32\x4E\x86\xBB\x3D\xC4\x2A\xD9\xD7\x1F\x72\xEE\xFE\x51\xA1\x22\x41\xB1\x71\x02\x63\x1A\x82\xB0\x62\xAB\x5E\x57\x12\x1F\xDF\xCB\xDD\x75\xA0\xC0\x5D\x79\x90\x8C\x1B\xE0\x50\xE6\xDE\x31\xFE\x98\x7B\x70\x5F\xA5\x90\xD8\xAD\xF8\x02\xB6\x6F\xD3\x60\xDD\x40\x4B\x22\xC5\x3D\xAD\x3A\x7A\x9F\x1A\x1A\x47\x91\x79\x33\xBA\x82\xDC\x32\x69\x03\x96\x6E\x1F\x4B\xF0\x71\xFE\xE3\x67\x72\xA0\xB1\xBF\x5C\x8B\xE4\xFA\x99\x22\xC7\x84\xB9\x1B\x8D\x23\x97\x3F\xED\x25\xE0\xCF\x65\xBB\xF5\x61\x04\xEF\xDD\x1E\xB2\x5A\x41\x22\x5A\xA1\x9F\x5D\x2C\xE8\x5B\xC9\x6D\xA9\x0C\x0C\x78\xAA\x60\xC6\x56\x8F\x01\x5A\x0C\x68\xBC\x69\x19\x79\xC4\x1F\x7E\x97\x05\xBF\xC5\xE9\x24\x51\x5E\xD4\xD5\x4B\x53\xED\xD9\x23\x5A\x36\x03\x65\xA3\xC1\x03\xAD\x41\x30\xF3\x46\x1B\x85\x90\xAF\x65\xB5\xD5\xB1\xE4\x16\x5B\x78\x75\x1D\x97\x7A\x6D\x59\xA9\x2A\x8F\x7B\xDE\xC3\x87\x89\x10\x99\x49\x73\x78\xC8\x3D\xBD\x51\x35\x74\x2A\xD5\xF1\x7E\x69\x1B\x2A\xBB\x3B\xBD\x25\xB8\x9A\x5A\x3D\x72\x61\x90\x66\x87\xEE\x0C\xD6\x4D\xD4\x11\x74\x0B\x6A\xFE\x0B\x03\xFC\xA3\x55\x57\x89\xFE\x4A\xCB\xAE\x5B\x17\x05\xC8\xF2\x8D\x23\x31\x53\x38\xD2\x2D\x6A\x3F\x82\xB9\x8D\x08\x6A\xF7\x5E\x41\x74\x6E\xC3\x11\x7E\x07\xAC\x29\x60\x91\x3F\x38\xCA\x57\x10\x0D\xBD\x30\x2F\xC7\xA5\xE6\x41\xA0\xDA\xAE\x05\x87\x9A\xA0\xA4\x65\x6C\x4C\x09\x0C\x89\xBA\xB8\xD3\xB9\xC0\x93\x8A\x30\xFA\x8D\xE5\x9A\x6B\x15\x01\x4E\x67\xAA\xDA\x62\x56\x3E\x84\x08\x66\xD2\xC4\x36\x7D\xA7\x3E\x10\xFC\x88\xE0\xD4\x80\xE5\x00\xBD\xAA\xF3\x4E\x06\xA3\x7A\x6A\xF9\x62\x72\xE3\x09\x4F\xEB\x9B\x0E\x01\x23\xF1\x9F\xBB\x7C\xDC\xDC\x6C\x11\x97\x25\xB2\xF2\xB4\x63\x14\xD2\x06\x2A\x67\x8C\x83\xF5\xCE\xEA\x07\xD8\x9A\x6A\x1E\xEC\xE4\x0A\xBB\x2A\x4C\xEB\x09\x60\x39\xCE\xCA\x62\xD8\x2E\x6E",
+	["CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US"] = "\x30\x82\x03\x7C\x30\x82\x02\x64\xA0\x03\x02\x01\x02\x02\x10\x18\xAC\xB5\x6A\xFD\x69\xB6\x15\x3A\x63\x6C\xAF\xDA\xFA\xC4\xA1\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x58\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x31\x30\x2F\x06\x03\x55\x04\x03\x13\x28\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x36\x31\x31\x32\x37\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5A\x30\x58\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x31\x30\x2F\x06\x03\x55\x04\x03\x13\x28\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBE\xB8\x15\x7B\xFF\xD4\x7C\x7D\x67\xAD\x83\x64\x7B\xC8\x42\x53\x2D\xDF\xF6\x84\x08\x20\x61\xD6\x01\x59\x6A\x9C\x44\x11\xAF\xEF\x76\xFD\x95\x7E\xCE\x61\x30\xBB\x7A\x83\x5F\x02\xBD\x01\x66\xCA\xEE\x15\x8D\x6F\xA1\x30\x9C\xBD\xA1\x85\x9E\x94\x3A\xF3\x56\x88\x00\x31\xCF\xD8\xEE\x6A\x96\x02\xD9\xED\x03\x8C\xFB\x75\x6D\xE7\xEA\xB8\x55\x16\x05\x16\x9A\xF4\xE0\x5E\xB1\x88\xC0\x64\x85\x5C\x15\x4D\x88\xC7\xB7\xBA\xE0\x75\xE9\xAD\x05\x3D\x9D\xC7\x89\x48\xE0\xBB\x28\xC8\x03\xE1\x30\x93\x64\x5E\x52\xC0\x59\x70\x22\x35\x57\x88\x8A\xF1\x95\x0A\x83\xD7\xBC\x31\x73\x01\x34\xED\xEF\x46\x71\xE0\x6B\x02\xA8\x35\x72\x6B\x97\x9B\x66\xE0\xCB\x1C\x79\x5F\xD8\x1A\x04\x68\x1E\x47\x02\xE6\x9D\x60\xE2\x36\x97\x01\xDF\xCE\x35\x92\xDF\xBE\x67\xC7\x6D\x77\x59\x3B\x8F\x9D\xD6\x90\x15\x94\xBC\x42\x34\x10\xC1\x39\xF9\xB1\x27\x3E\x7E\xD6\x8A\x75\xC5\xB2\xAF\x96\xD3\xA2\xDE\x9B\xE4\x98\xBE\x7D\xE1\xE9\x81\xAD\xB6\x6F\xFC\xD7\x0E\xDA\xE0\x34\xB0\x0D\x1A\x77\xE7\xE3\x08\x98\xEF\x58\xFA\x9C\x84\xB7\x36\xAF\xC2\xDF\xAC\xD2\xF4\x10\x06\x70\x71\x35\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x2C\xD5\x50\x41\x97\x15\x8B\xF0\x8F\x36\x61\x5B\x4A\xFB\x6B\xD9\x99\xC9\x33\x92\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5A\x70\x7F\x2C\xDD\xB7\x34\x4F\xF5\x86\x51\xA9\x26\xBE\x4B\xB8\xAA\xF1\x71\x0D\xDC\x61\xC7\xA0\xEA\x34\x1E\x7A\x77\x0F\x04\x35\xE8\x27\x8F\x6C\x90\xBF\x91\x16\x24\x46\x3E\x4A\x4E\xCE\x2B\x16\xD5\x0B\x52\x1D\xFC\x1F\x67\xA2\x02\x45\x31\x4F\xCE\xF3\xFA\x03\xA7\x79\x9D\x53\x6A\xD9\xDA\x63\x3A\xF8\x80\xD7\xD3\x99\xE1\xA5\xE1\xBE\xD4\x55\x71\x98\x35\x3A\xBE\x93\xEA\xAE\xAD\x42\xB2\x90\x6F\xE0\xFC\x21\x4D\x35\x63\x33\x89\x49\xD6\x9B\x4E\xCA\xC7\xE7\x4E\x09\x00\xF7\xDA\xC7\xEF\x99\x62\x99\x77\xB6\x95\x22\x5E\x8A\xA0\xAB\xF4\xB8\x78\x98\xCA\x38\x19\x99\xC9\x72\x9E\x78\xCD\x4B\xAC\xAF\x19\xA0\x73\x12\x2D\xFC\xC2\x41\xBA\x81\x91\xDA\x16\x5A\x31\xB7\xF9\xB4\x71\x80\x12\x48\x99\x72\x73\x5A\x59\x53\xC1\x63\x52\x33\xED\xA7\xC9\xD2\x39\x02\x70\xFA\xE0\xB1\x42\x66\x29\xAA\x9B\x51\xED\x30\x54\x22\x14\x5F\xD9\xAB\x1D\xC1\xE4\x94\xF0\xF8\xF5\x2B\xF7\xEA\xCA\x78\x46\xD6\xB8\x91\xFD\xA6\x0D\x2B\x1A\x14\x01\x3E\x80\xF0\x42\xA0\x95\x07\x5E\x6D\xCD\xCC\x4B\xA4\x45\x8D\xAB\x12\xE8\xB3\xDE\x5A\xE5\xA0\x7C\xE8\x0F\x22\x1D\x5A\xE9\x59",
+	["CN=thawte Primary Root CA,OU=(c) 2006 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US"] = "\x30\x82\x04\x20\x30\x82\x03\x08\xA0\x03\x02\x01\x02\x02\x10\x34\x4E\xD5\x57\x20\xD5\xED\xEC\x49\xF4\x2F\xCE\x37\xDB\x2B\x6D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xA9\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x74\x68\x61\x77\x74\x65\x2C\x20\x49\x6E\x63\x2E\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x38\x30\x36\x06\x03\x55\x04\x0B\x13\x2F\x28\x63\x29\x20\x32\x30\x30\x36\x20\x74\x68\x61\x77\x74\x65\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x13\x16\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x36\x31\x31\x31\x37\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xA9\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x74\x68\x61\x77\x74\x65\x2C\x20\x49\x6E\x63\x2E\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x38\x30\x36\x06\x03\x55\x04\x0B\x13\x2F\x28\x63\x29\x20\x32\x30\x30\x36\x20\x74\x68\x61\x77\x74\x65\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x13\x16\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAC\xA0\xF0\xFB\x80\x59\xD4\x9C\xC7\xA4\xCF\x9D\xA1\x59\x73\x09\x10\x45\x0C\x0D\x2C\x6E\x68\xF1\x6C\x5B\x48\x68\x49\x59\x37\xFC\x0B\x33\x19\xC2\x77\x7F\xCC\x10\x2D\x95\x34\x1C\xE6\xEB\x4D\x09\xA7\x1C\xD2\xB8\xC9\x97\x36\x02\xB7\x89\xD4\x24\x5F\x06\xC0\xCC\x44\x94\x94\x8D\x02\x62\x6F\xEB\x5A\xDD\x11\x8D\x28\x9A\x5C\x84\x90\x10\x7A\x0D\xBD\x74\x66\x2F\x6A\x38\xA0\xE2\xD5\x54\x44\xEB\x1D\x07\x9F\x07\xBA\x6F\xEE\xE9\xFD\x4E\x0B\x29\xF5\x3E\x84\xA0\x01\xF1\x9C\xAB\xF8\x1C\x7E\x89\xA4\xE8\xA1\xD8\x71\x65\x0D\xA3\x51\x7B\xEE\xBC\xD2\x22\x60\x0D\xB9\x5B\x9D\xDF\xBA\xFC\x51\x5B\x0B\xAF\x98\xB2\xE9\x2E\xE9\x04\xE8\x62\x87\xDE\x2B\xC8\xD7\x4E\xC1\x4C\x64\x1E\xDD\xCF\x87\x58\xBA\x4A\x4F\xCA\x68\x07\x1D\x1C\x9D\x4A\xC6\xD5\x2F\x91\xCC\x7C\x71\x72\x1C\xC5\xC0\x67\xEB\x32\xFD\xC9\x92\x5C\x94\xDA\x85\xC0\x9B\xBF\x53\x7D\x2B\x09\xF4\x8C\x9D\x91\x1F\x97\x6A\x52\xCB\xDE\x09\x36\xA4\x77\xD8\x7B\x87\x50\x44\xD5\x3E\x6E\x29\x69\xFB\x39\x49\x26\x1E\x09\xA5\x80\x7B\x40\x2D\xEB\xE8\x27\x85\xC9\xFE\x61\xFD\x7E\xE6\x7C\x97\x1D\xD5\x9D\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x7B\x5B\x45\xCF\xAF\xCE\xCB\x7A\xFD\x31\x92\x1A\x6A\xB6\xF3\x46\xEB\x57\x48\x50\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x79\x11\xC0\x4B\xB3\x91\xB6\xFC\xF0\xE9\x67\xD4\x0D\x6E\x45\xBE\x55\xE8\x93\xD2\xCE\x03\x3F\xED\xDA\x25\xB0\x1D\x57\xCB\x1E\x3A\x76\xA0\x4C\xEC\x50\x76\xE8\x64\x72\x0C\xA4\xA9\xF1\xB8\x8B\xD6\xD6\x87\x84\xBB\x32\xE5\x41\x11\xC0\x77\xD9\xB3\x60\x9D\xEB\x1B\xD5\xD1\x6E\x44\x44\xA9\xA6\x01\xEC\x55\x62\x1D\x77\xB8\x5C\x8E\x48\x49\x7C\x9C\x3B\x57\x11\xAC\xAD\x73\x37\x8E\x2F\x78\x5C\x90\x68\x47\xD9\x60\x60\xE6\xFC\x07\x3D\x22\x20\x17\xC4\xF7\x16\xE9\xC4\xD8\x72\xF9\xC8\x73\x7C\xDF\x16\x2F\x15\xA9\x3E\xFD\x6A\x27\xB6\xA1\xEB\x5A\xBA\x98\x1F\xD5\xE3\x4D\x64\x0A\x9D\x13\xC8\x61\xBA\xF5\x39\x1C\x87\xBA\xB8\xBD\x7B\x22\x7F\xF6\xFE\xAC\x40\x79\xE5\xAC\x10\x6F\x3D\x8F\x1B\x79\x76\x8B\xC4\x37\xB3\x21\x18\x84\xE5\x36\x00\xEB\x63\x20\x99\xB9\xE9\xFE\x33\x04\xBB\x41\xC8\xC1\x02\xF9\x44\x63\x20\x9E\x81\xCE\x42\xD3\xD6\x3F\x2C\x76\xD3\x63\x9C\x59\xDD\x8F\xA6\xE1\x0E\xA0\x2E\x41\xF7\x2E\x95\x47\xCF\xBC\xFD\x33\xF3\xF6\x0B\x61\x7E\x7E\x91\x2B\x81\x47\xC2\x27\x30\xEE\xA7\x10\x5D\x37\x8F\x5C\x39\x2B\xE4\x04\xF0\x7B\x8D\x56\x8C\x68",
+	["CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x04\xD3\x30\x82\x03\xBB\xA0\x03\x02\x01\x02\x02\x10\x18\xDA\xD1\x9E\x26\x7D\xE8\xBB\x4A\x21\x58\xCD\xCC\x6B\x3B\x4A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x32\x30\x30\x36\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x35\x30\x1E\x17\x0D\x30\x36\x31\x31\x30\x38\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x32\x30\x30\x36\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x35\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAF\x24\x08\x08\x29\x7A\x35\x9E\x60\x0C\xAA\xE7\x4B\x3B\x4E\xDC\x7C\xBC\x3C\x45\x1C\xBB\x2B\xE0\xFE\x29\x02\xF9\x57\x08\xA3\x64\x85\x15\x27\xF5\xF1\xAD\xC8\x31\x89\x5D\x22\xE8\x2A\xAA\xA6\x42\xB3\x8F\xF8\xB9\x55\xB7\xB1\xB7\x4B\xB3\xFE\x8F\x7E\x07\x57\xEC\xEF\x43\xDB\x66\x62\x15\x61\xCF\x60\x0D\xA4\xD8\xDE\xF8\xE0\xC3\x62\x08\x3D\x54\x13\xEB\x49\xCA\x59\x54\x85\x26\xE5\x2B\x8F\x1B\x9F\xEB\xF5\xA1\x91\xC2\x33\x49\xD8\x43\x63\x6A\x52\x4B\xD2\x8F\xE8\x70\x51\x4D\xD1\x89\x69\x7B\xC7\x70\xF6\xB3\xDC\x12\x74\xDB\x7B\x5D\x4B\x56\xD3\x96\xBF\x15\x77\xA1\xB0\xF4\xA2\x25\xF2\xAF\x1C\x92\x67\x18\xE5\xF4\x06\x04\xEF\x90\xB9\xE4\x00\xE4\xDD\x3A\xB5\x19\xFF\x02\xBA\xF4\x3C\xEE\xE0\x8B\xEB\x37\x8B\xEC\xF4\xD7\xAC\xF2\xF6\xF0\x3D\xAF\xDD\x75\x91\x33\x19\x1D\x1C\x40\xCB\x74\x24\x19\x21\x93\xD9\x14\xFE\xAC\x2A\x52\xC7\x8F\xD5\x04\x49\xE4\x8D\x63\x47\x88\x3C\x69\x83\xCB\xFE\x47\xBD\x2B\x7E\x4F\xC5\x95\xAE\x0E\x9D\xD4\xD1\x43\xC0\x67\x73\xE3\x14\x08\x7E\xE5\x3F\x9F\x73\xB8\x33\x0A\xCF\x5D\x3F\x34\x87\x96\x8A\xEE\x53\xE8\x25\x15\x02\x03\x01\x00\x01\xA3\x81\xB2\x30\x81\xAF\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x6D\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x0C\x04\x61\x30\x5F\xA1\x5D\xA0\x5B\x30\x59\x30\x57\x30\x55\x16\x09\x69\x6D\x61\x67\x65\x2F\x67\x69\x66\x30\x21\x30\x1F\x30\x07\x06\x05\x2B\x0E\x03\x02\x1A\x04\x14\x8F\xE5\xD3\x1A\x86\xAC\x8D\x8E\x6B\xC3\xCF\x80\x6A\xD4\x48\x18\x2C\x7B\x19\x2E\x30\x25\x16\x23\x68\x74\x74\x70\x3A\x2F\x2F\x6C\x6F\x67\x6F\x2E\x76\x65\x72\x69\x73\x69\x67\x6E\x2E\x63\x6F\x6D\x2F\x76\x73\x6C\x6F\x67\x6F\x2E\x67\x69\x66\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x7F\xD3\x65\xA7\xC2\xDD\xEC\xBB\xF0\x30\x09\xF3\x43\x39\xFA\x02\xAF\x33\x31\x33\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x93\x24\x4A\x30\x5F\x62\xCF\xD8\x1A\x98\x2F\x3D\xEA\xDC\x99\x2D\xBD\x77\xF6\xA5\x79\x22\x38\xEC\xC4\xA7\xA0\x78\x12\xAD\x62\x0E\x45\x70\x64\xC5\xE7\x97\x66\x2D\x98\x09\x7E\x5F\xAF\xD6\xCC\x28\x65\xF2\x01\xAA\x08\x1A\x47\xDE\xF9\xF9\x7C\x92\x5A\x08\x69\x20\x0D\xD9\x3E\x6D\x6E\x3C\x0D\x6E\xD8\xE6\x06\x91\x40\x18\xB9\xF8\xC1\xED\xDF\xDB\x41\xAA\xE0\x96\x20\xC9\xCD\x64\x15\x38\x81\xC9\x94\xEE\xA2\x84\x29\x0B\x13\x6F\x8E\xDB\x0C\xDD\x25\x02\xDB\xA4\x8B\x19\x44\xD2\x41\x7A\x05\x69\x4A\x58\x4F\x60\xCA\x7E\x82\x6A\x0B\x02\xAA\x25\x17\x39\xB5\xDB\x7F\xE7\x84\x65\x2A\x95\x8A\xBD\x86\xDE\x5E\x81\x16\x83\x2D\x10\xCC\xDE\xFD\xA8\x82\x2A\x6D\x28\x1F\x0D\x0B\xC4\xE5\xE7\x1A\x26\x19\xE1\xF4\x11\x6F\x10\xB5\x95\xFC\xE7\x42\x05\x32\xDB\xCE\x9D\x51\x5E\x28\xB6\x9E\x85\xD3\x5B\xEF\xA5\x7D\x45\x40\x72\x8E\xB7\x0E\x6B\x0E\x06\xFB\x33\x35\x48\x71\xB8\x9D\x27\x8B\xC4\x65\x5F\x0D\x86\x76\x9C\x44\x7A\xF6\x95\x5C\xF6\x5D\x32\x08\x33\xA4\x54\xB6\x18\x3F\x68\x5C\xF2\x42\x4A\x85\x38\x54\x83\x5F\xD1\xE8\x2C\xF2\xAC\x11\xD6\xA8\xED\x63\x6A",
+	["CN=SecureTrust CA,O=SecureTrust Corporation,C=US"] = "\x30\x82\x03\xB8\x30\x82\x02\xA0\xA0\x03\x02\x01\x02\x02\x10\x0C\xF0\x8E\x5C\x08\x16\xA5\xAD\x42\x7F\xF0\xEB\x27\x18\x59\xD0\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x48\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1E\x06\x03\x55\x04\x0A\x13\x17\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x6F\x72\x70\x6F\x72\x61\x74\x69\x6F\x6E\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0E\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x36\x31\x31\x30\x37\x31\x39\x33\x31\x31\x38\x5A\x17\x0D\x32\x39\x31\x32\x33\x31\x31\x39\x34\x30\x35\x35\x5A\x30\x48\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1E\x06\x03\x55\x04\x0A\x13\x17\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x6F\x72\x70\x6F\x72\x61\x74\x69\x6F\x6E\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0E\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAB\xA4\x81\xE5\x95\xCD\xF5\xF6\x14\x8E\xC2\x4F\xCA\xD4\xE2\x78\x95\x58\x9C\x41\xE1\x0D\x99\x40\x24\x17\x39\x91\x33\x66\xE9\xBE\xE1\x83\xAF\x62\x5C\x89\xD1\xFC\x24\x5B\x61\xB3\xE0\x11\x11\x41\x1C\x1D\x6E\xF0\xB8\xBB\xF8\xDE\xA7\x81\xBA\xA6\x48\xC6\x9F\x1D\xBD\xBE\x8E\xA9\x41\x3E\xB8\x94\xED\x29\x1A\xD4\x8E\xD2\x03\x1D\x03\xEF\x6D\x0D\x67\x1C\x57\xD7\x06\xAD\xCA\xC8\xF5\xFE\x0E\xAF\x66\x25\x48\x04\x96\x0B\x5D\xA3\xBA\x16\xC3\x08\x4F\xD1\x46\xF8\x14\x5C\xF2\xC8\x5E\x01\x99\x6D\xFD\x88\xCC\x86\xA8\xC1\x6F\x31\x42\x6C\x52\x3E\x68\xCB\xF3\x19\x34\xDF\xBB\x87\x18\x56\x80\x26\xC4\xD0\xDC\xC0\x6F\xDF\xDE\xA0\xC2\x91\x16\xA0\x64\x11\x4B\x44\xBC\x1E\xF6\xE7\xFA\x63\xDE\x66\xAC\x76\xA4\x71\xA3\xEC\x36\x94\x68\x7A\x77\xA4\xB1\xE7\x0E\x2F\x81\x7A\xE2\xB5\x72\x86\xEF\xA2\x6B\x8B\xF0\x0F\xDB\xD3\x59\x3F\xBA\x72\xBC\x44\x24\x9C\xE3\x73\xB3\xF7\xAF\x57\x2F\x42\x26\x9D\xA9\x74\xBA\x00\x52\xF2\x4B\xCD\x53\x7C\x47\x0B\x36\x85\x0E\x66\xA9\x08\x97\x16\x34\x57\xC1\x66\xF7\x80\xE3\xED\x70\x54\xC7\x93\xE0\x2E\x28\x15\x59\x87\xBA\xBB\x02\x03\x01\x00\x01\xA3\x81\x9D\x30\x81\x9A\x30\x13\x06\x09\x2B\x06\x01\x04\x01\x82\x37\x14\x02\x04\x06\x1E\x04\x00\x43\x00\x41\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x86\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x42\x32\xB6\x16\xFA\x04\xFD\xFE\x5D\x4B\x7A\xC3\xFD\xF7\x4C\x40\x1D\x5A\x43\xAF\x30\x34\x06\x03\x55\x1D\x1F\x04\x2D\x30\x2B\x30\x29\xA0\x27\xA0\x25\x86\x23\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x73\x65\x63\x75\x72\x65\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x2F\x53\x54\x43\x41\x2E\x63\x72\x6C\x30\x10\x06\x09\x2B\x06\x01\x04\x01\x82\x37\x15\x01\x04\x03\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x30\xED\x4F\x4A\xE1\x58\x3A\x52\x72\x5B\xB5\xA6\xA3\x65\x18\xA6\xBB\x51\x3B\x77\xE9\x9D\xEA\xD3\x9F\x5C\xE0\x45\x65\x7B\x0D\xCA\x5B\xE2\x70\x50\xB2\x94\x05\x14\xAE\x49\xC7\x8D\x41\x07\x12\x73\x94\x7E\x0C\x23\x21\xFD\xBC\x10\x7F\x60\x10\x5A\x72\xF5\x98\x0E\xAC\xEC\xB9\x7F\xDD\x7A\x6F\x5D\xD3\x1C\xF4\xFF\x88\x05\x69\x42\xA9\x05\x71\xC8\xB7\xAC\x26\xE8\x2E\xB4\x8C\x6A\xFF\x71\xDC\xB8\xB1\xDF\x99\xBC\x7C\x21\x54\x2B\xE4\x58\xA2\xBB\x57\x29\xAE\x9E\xA9\xA3\x19\x26\x0F\x99\x2E\x08\xB0\xEF\xFD\x69\xCF\x99\x1A\x09\x8D\xE3\xA7\x9F\x2B\xC9\x36\x34\x7B\x24\xB3\x78\x4C\x95\x17\xA4\x06\x26\x1E\xB6\x64\x52\x36\x5F\x60\x67\xD9\x9C\xC5\x05\x74\x0B\xE7\x67\x23\xD2\x08\xFC\x88\xE9\xAE\x8B\x7F\xE1\x30\xF4\x37\x7E\xFD\xC6\x32\xDA\x2D\x9E\x44\x30\x30\x6C\xEE\x07\xDE\xD2\x34\xFC\xD2\xFF\x40\xF6\x4B\xF4\x66\x46\x06\x54\xA6\xF2\x32\x0A\x63\x26\x30\x6B\x9B\xD1\xDC\x8B\x47\xBA\xE1\xB9\xD5\x62\xD0\xA2\xA0\xF4\x67\x05\x78\x29\x63\x1A\x6F\x04\xD6\xF8\xC6\x4C\xA3\x9A\xB1\x37\xB4\x8D\xE5\x28\x4B\x1D\x9E\x2C\xC2\xB8\x68\xBC\xED\x02\xEE\x31",
+	["CN=Secure Global CA,O=SecureTrust Corporation,C=US"] = "\x30\x82\x03\xBC\x30\x82\x02\xA4\xA0\x03\x02\x01\x02\x02\x10\x07\x56\x22\xA4\xE8\xD4\x8A\x89\x4D\xF4\x13\xC8\xF0\xF8\xEA\xA5\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x4A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1E\x06\x03\x55\x04\x0A\x13\x17\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x6F\x72\x70\x6F\x72\x61\x74\x69\x6F\x6E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x65\x63\x75\x72\x65\x20\x47\x6C\x6F\x62\x61\x6C\x20\x43\x41\x30\x1E\x17\x0D\x30\x36\x31\x31\x30\x37\x31\x39\x34\x32\x32\x38\x5A\x17\x0D\x32\x39\x31\x32\x33\x31\x31\x39\x35\x32\x30\x36\x5A\x30\x4A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1E\x06\x03\x55\x04\x0A\x13\x17\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x6F\x72\x70\x6F\x72\x61\x74\x69\x6F\x6E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x65\x63\x75\x72\x65\x20\x47\x6C\x6F\x62\x61\x6C\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAF\x35\x2E\xD8\xAC\x6C\x55\x69\x06\x71\xE5\x13\x68\x24\xB3\x4F\xD8\xCC\x21\x47\xF8\xF1\x60\x38\x89\x89\x03\xE9\xBD\xEA\x5E\x46\x53\x09\xDC\x5C\xF5\x5A\xE8\xF7\x45\x2A\x02\xEB\x31\x61\xD7\x29\x33\x4C\xCE\xC7\x7C\x0A\x37\x7E\x0F\xBA\x32\x98\xE1\x1D\x97\xAF\x8F\xC7\xDC\xC9\x38\x96\xF3\xDB\x1A\xFC\x51\xED\x68\xC6\xD0\x6E\xA4\x7C\x24\xD1\xAE\x42\xC8\x96\x50\x63\x2E\xE0\xFE\x75\xFE\x98\xA7\x5F\x49\x2E\x95\xE3\x39\x33\x64\x8E\x1E\xA4\x5F\x90\xD2\x67\x3C\xB2\xD9\xFE\x41\xB9\x55\xA7\x09\x8E\x72\x05\x1E\x8B\xDD\x44\x85\x82\x42\xD0\x49\xC0\x1D\x60\xF0\xD1\x17\x2C\x95\xEB\xF6\xA5\xC1\x92\xA3\xC5\xC2\xA7\x08\x60\x0D\x60\x04\x10\x96\x79\x9E\x16\x34\xE6\xA9\xB6\xFA\x25\x45\x39\xC8\x1E\x65\xF9\x93\xF5\xAA\xF1\x52\xDC\x99\x98\x3D\xA5\x86\x1A\x0C\x35\x33\xFA\x4B\xA5\x04\x06\x15\x1C\x31\x80\xEF\xAA\x18\x6B\xC2\x7B\xD7\xDA\xCE\xF9\x33\x20\xD5\xF5\xBD\x6A\x33\x2D\x81\x04\xFB\xB0\x5C\xD4\x9C\xA3\xE2\x5C\x1D\xE3\xA9\x42\x75\x5E\x7B\xD4\x77\xEF\x39\x54\xBA\xC9\x0A\x18\x1B\x12\x99\x49\x2F\x88\x4B\xFD\x50\x62\xD1\x73\xE7\x8F\x7A\x43\x02\x03\x01\x00\x01\xA3\x81\x9D\x30\x81\x9A\x30\x13\x06\x09\x2B\x06\x01\x04\x01\x82\x37\x14\x02\x04\x06\x1E\x04\x00\x43\x00\x41\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x86\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xAF\x44\x04\xC2\x41\x7E\x48\x83\xDB\x4E\x39\x02\xEC\xEC\x84\x7A\xE6\xCE\xC9\xA4\x30\x34\x06\x03\x55\x1D\x1F\x04\x2D\x30\x2B\x30\x29\xA0\x27\xA0\x25\x86\x23\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x73\x65\x63\x75\x72\x65\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x2F\x53\x47\x43\x41\x2E\x63\x72\x6C\x30\x10\x06\x09\x2B\x06\x01\x04\x01\x82\x37\x15\x01\x04\x03\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x63\x1A\x08\x40\x7D\xA4\x5E\x53\x0D\x77\xD8\x7A\xAE\x1F\x0D\x0B\x51\x16\x03\xEF\x18\x7C\xC8\xE3\xAF\x6A\x58\x93\x14\x60\x91\xB2\x84\xDC\x88\x4E\xBE\x39\x8A\x3A\xF3\xE6\x82\x89\x5D\x01\x37\xB3\xAB\x24\xA4\x15\x0E\x92\x35\x5A\x4A\x44\x5E\x4E\x57\xFA\x75\xCE\x1F\x48\xCE\x66\xF4\x3C\x40\x26\x92\x98\x6C\x1B\xEE\x24\x46\x0C\x17\xB3\x52\xA5\xDB\xA5\x91\x91\xCF\x37\xD3\x6F\xE7\x27\x08\x3A\x4E\x19\x1F\x3A\xA7\x58\x5C\x17\xCF\x79\x3F\x8B\xE4\xA7\xD3\x26\x23\x9D\x26\x0F\x58\x69\xFC\x47\x7E\xB2\xD0\x8D\x8B\x93\xBF\x29\x4F\x43\x69\x74\x76\x67\x4B\xCF\x07\x8C\xE6\x02\xF7\xB5\xE1\xB4\x43\xB5\x4B\x2D\x14\x9F\xF9\xDC\x26\x0D\xBF\xA6\x47\x74\x06\xD8\x88\xD1\x3A\x29\x30\x84\xCE\xD2\x39\x80\x62\x1B\xA8\xC7\x57\x49\xBC\x6A\x55\x51\x67\x15\x4A\xBE\x35\x07\xE4\xD5\x75\x98\x37\x79\x30\x14\xDB\x29\x9D\x6C\xC5\x69\xCC\x47\x55\xA2\x30\xF7\xCC\x5C\x7F\xC2\xC3\x98\x1C\x6B\x4E\x16\x80\xEB\x7A\x78\x65\x45\xA2\x00\x1A\xAF\x0C\x0D\x55\x64\x34\x48\xB8\x92\xB9\xF1\xB4\x50\x29\xF2\x4F\x23\x1F\xDA\x6C\xAC\x1F\x44\xE1\xDD\x23\x78\x51\x5B\xC7\x16",
+	["CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB"] = "\x30\x82\x04\x1D\x30\x82\x03\x05\xA0\x03\x02\x01\x02\x02\x10\x4E\x81\x2D\x8A\x82\x65\xE0\x0B\x02\xEE\x3E\x35\x02\x46\xE5\x3D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x81\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x13\x11\x43\x4F\x4D\x4F\x44\x4F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x43\x4F\x4D\x4F\x44\x4F\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x36\x31\x32\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x39\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x81\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x13\x11\x43\x4F\x4D\x4F\x44\x4F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x43\x4F\x4D\x4F\x44\x4F\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xD0\x40\x8B\x8B\x72\xE3\x91\x1B\xF7\x51\xC1\x1B\x54\x04\x98\xD3\xA9\xBF\xC1\xE6\x8A\x5D\x3B\x87\xFB\xBB\x88\xCE\x0D\xE3\x2F\x3F\x06\x96\xF0\xA2\x29\x50\x99\xAE\xDB\x3B\xA1\x57\xB0\x74\x51\x71\xCD\xED\x42\x91\x4D\x41\xFE\xA9\xC8\xD8\x6A\x86\x77\x44\xBB\x59\x66\x97\x50\x5E\xB4\xD4\x2C\x70\x44\xCF\xDA\x37\x95\x42\x69\x3C\x30\xC4\x71\xB3\x52\xF0\x21\x4D\xA1\xD8\xBA\x39\x7C\x1C\x9E\xA3\x24\x9D\xF2\x83\x16\x98\xAA\x16\x7C\x43\x9B\x15\x5B\xB7\xAE\x34\x91\xFE\xD4\x62\x26\x18\x46\x9A\x3F\xEB\xC1\xF9\xF1\x90\x57\xEB\xAC\x7A\x0D\x8B\xDB\x72\x30\x6A\x66\xD5\xE0\x46\xA3\x70\xDC\x68\xD9\xFF\x04\x48\x89\x77\xDE\xB5\xE9\xFB\x67\x6D\x41\xE9\xBC\x39\xBD\x32\xD9\x62\x02\xF1\xB1\xA8\x3D\x6E\x37\x9C\xE2\x2F\xE2\xD3\xA2\x26\x8B\xC6\xB8\x55\x43\x88\xE1\x23\x3E\xA5\xD2\x24\x39\x6A\x47\xAB\x00\xD4\xA1\xB3\xA9\x25\xFE\x0D\x3F\xA7\x1D\xBA\xD3\x51\xC1\x0B\xA4\xDA\xAC\x38\xEF\x55\x50\x24\x05\x65\x46\x93\x34\x4F\x2D\x8D\xAD\xC6\xD4\x21\x19\xD2\x8E\xCA\x05\x61\x71\x07\x73\x47\xE5\x8A\x19\x12\xBD\x04\x4D\xCE\x4E\x9C\xA5\x48\xAC\xBB\x26\xF7\x02\x03\x01\x00\x01\xA3\x81\x8E\x30\x81\x8B\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x0B\x58\xE5\x8B\xC6\x4C\x15\x37\xA4\x40\xA9\x30\xA9\x21\xBE\x47\x36\x5A\x56\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x49\x06\x03\x55\x1D\x1F\x04\x42\x30\x40\x30\x3E\xA0\x3C\xA0\x3A\x86\x38\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x63\x61\x2E\x63\x6F\x6D\x2F\x43\x4F\x4D\x4F\x44\x4F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3E\x98\x9E\x9B\xF6\x1B\xE9\xD7\x39\xB7\x78\xAE\x1D\x72\x18\x49\xD3\x87\xE4\x43\x82\xEB\x3F\xC9\xAA\xF5\xA8\xB5\xEF\x55\x7C\x21\x52\x65\xF9\xD5\x0D\xE1\x6C\xF4\x3E\x8C\x93\x73\x91\x2E\x02\xC4\x4E\x07\x71\x6F\xC0\x8F\x38\x61\x08\xA8\x1E\x81\x0A\xC0\x2F\x20\x2F\x41\x8B\x91\xDC\x48\x45\xBC\xF1\xC6\xDE\xBA\x76\x6B\x33\xC8\x00\x2D\x31\x46\x4C\xED\xE7\x9D\xCF\x88\x94\xFF\x33\xC0\x56\xE8\x24\x86\x26\xB8\xD8\x38\x38\xDF\x2A\x6B\xDD\x12\xCC\xC7\x3F\x47\x17\x4C\xA2\xC2\x06\x96\x09\xD6\xDB\xFE\x3F\x3C\x46\x41\xDF\x58\xE2\x56\x0F\x3C\x3B\xC1\x1C\x93\x35\xD9\x38\x52\xAC\xEE\xC8\xEC\x2E\x30\x4E\x94\x35\xB4\x24\x1F\x4B\x78\x69\xDA\xF2\x02\x38\xCC\x95\x52\x93\xF0\x70\x25\x59\x9C\x20\x67\xC4\xEE\xF9\x8B\x57\x61\xF4\x92\x76\x7D\x3F\x84\x8D\x55\xB7\xE8\xE5\xAC\xD5\xF1\xF5\x19\x56\xA6\x5A\xFB\x90\x1C\xAF\x93\xEB\xE5\x1C\xD4\x67\x97\x5D\x04\x0E\xBE\x0B\x83\xA6\x17\x83\xB9\x30\x12\xA0\xC5\x33\x15\x05\xB9\x0D\xFB\xC7\x05\x76\xE3\xD8\x4A\x8D\xFC\x34\x17\xA3\xC6\x21\x28\xBE\x30\x45\x31\x1E\xC7\x78\xBE\x58\x61\x38\xAC\x3B\xE2\x01\x65",
+	["CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US"] = "\x30\x82\x03\xE6\x30\x82\x02\xCE\xA0\x03\x02\x01\x02\x02\x10\x57\xCB\x33\x6F\xC2\x5C\x16\xE6\x47\x16\x17\xE3\x90\x31\x68\xE0\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x62\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1F\x06\x03\x55\x04\x0A\x13\x18\x4E\x65\x74\x77\x6F\x72\x6B\x20\x53\x6F\x6C\x75\x74\x69\x6F\x6E\x73\x20\x4C\x2E\x4C\x2E\x43\x2E\x31\x30\x30\x2E\x06\x03\x55\x04\x03\x13\x27\x4E\x65\x74\x77\x6F\x72\x6B\x20\x53\x6F\x6C\x75\x74\x69\x6F\x6E\x73\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x36\x31\x32\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x39\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x62\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1F\x06\x03\x55\x04\x0A\x13\x18\x4E\x65\x74\x77\x6F\x72\x6B\x20\x53\x6F\x6C\x75\x74\x69\x6F\x6E\x73\x20\x4C\x2E\x4C\x2E\x43\x2E\x31\x30\x30\x2E\x06\x03\x55\x04\x03\x13\x27\x4E\x65\x74\x77\x6F\x72\x6B\x20\x53\x6F\x6C\x75\x74\x69\x6F\x6E\x73\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xE4\xBC\x7E\x92\x30\x6D\xC6\xD8\x8E\x2B\x0B\xBC\x46\xCE\xE0\x27\x96\xDE\xDE\xF9\xFA\x12\xD3\x3C\x33\x73\xB3\x04\x2F\xBC\x71\x8C\xE5\x9F\xB6\x22\x60\x3E\x5F\x5D\xCE\x09\xFF\x82\x0C\x1B\x9A\x51\x50\x1A\x26\x89\xDD\xD5\x61\x5D\x19\xDC\x12\x0F\x2D\x0A\xA2\x43\x5D\x17\xD0\x34\x92\x20\xEA\x73\xCF\x38\x2C\x06\x26\x09\x7A\x72\xF7\xFA\x50\x32\xF8\xC2\x93\xD3\x69\xA2\x23\xCE\x41\xB1\xCC\xE4\xD5\x1F\x36\xD1\x8A\x3A\xF8\x8C\x63\xE2\x14\x59\x69\xED\x0D\xD3\x7F\x6B\xE8\xB8\x03\xE5\x4F\x6A\xE5\x98\x63\x69\x48\x05\xBE\x2E\xFF\x33\xB6\xE9\x97\x59\x69\xF8\x67\x19\xAE\x93\x61\x96\x44\x15\xD3\x72\xB0\x3F\xBC\x6A\x7D\xEC\x48\x7F\x8D\xC3\xAB\xAA\x71\x2B\x53\x69\x41\x53\x34\xB5\xB0\xB9\xC5\x06\x0A\xC4\xB0\x45\xF5\x41\x5D\x6E\x89\x45\x7B\x3D\x3B\x26\x8C\x74\xC2\xE5\xD2\xD1\x7D\xB2\x11\xD4\xFB\x58\x32\x22\x9A\x80\xC9\xDC\xFD\x0C\xE9\x7F\x5E\x03\x97\xCE\x3B\x00\x14\x87\x27\x70\x38\xA9\x8E\x6E\xB3\x27\x76\x98\x51\xE0\x05\xE3\x21\xAB\x1A\xD5\x85\x22\x3C\x29\xB5\x9A\x16\xC5\x80\xA8\xF4\xBB\x6B\x30\x8F\x2F\x46\x02\xA2\xB1\x0C\x22\xE0\xD3\x02\x03\x01\x00\x01\xA3\x81\x97\x30\x81\x94\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x21\x30\xC9\xFB\x00\xD7\x4E\x98\xDA\x87\xAA\x2A\xD0\xA7\x2E\xB1\x40\x31\xA7\x4C\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x52\x06\x03\x55\x1D\x1F\x04\x4B\x30\x49\x30\x47\xA0\x45\xA0\x43\x86\x41\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x6E\x65\x74\x73\x6F\x6C\x73\x73\x6C\x2E\x63\x6F\x6D\x2F\x4E\x65\x74\x77\x6F\x72\x6B\x53\x6F\x6C\x75\x74\x69\x6F\x6E\x73\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xBB\xAE\x4B\xE7\xB7\x57\xEB\x7F\xAA\x2D\xB7\x73\x47\x85\x6A\xC1\xE4\xA5\x1D\xE4\xE7\x3C\xE9\xF4\x59\x65\x77\xB5\x7A\x5B\x5A\x8D\x25\x36\xE0\x7A\x97\x2E\x38\xC0\x57\x60\x83\x98\x06\x83\x9F\xB9\x76\x7A\x6E\x50\xE0\xBA\x88\x2C\xFC\x45\xCC\x18\xB0\x99\x95\x51\x0E\xEC\x1D\xB8\x88\xFF\x87\x50\x1C\x82\xC2\xE3\xE0\x32\x80\xBF\xA0\x0B\x47\xC8\xC3\x31\xEF\x99\x67\x32\x80\x4F\x17\x21\x79\x0C\x69\x5C\xDE\x5E\x34\xAE\x02\xB5\x26\xEA\x50\xDF\x7F\x18\x65\x2C\xC9\xF2\x63\xE1\xA9\x07\xFE\x7C\x71\x1F\x6B\x33\x24\x6A\x1E\x05\xF7\x05\x68\xC0\x6A\x12\xCB\x2E\x5E\x61\xCB\xAE\x28\xD3\x7E\xC2\xB4\x66\x91\x26\x5F\x3C\x2E\x24\x5F\xCB\x58\x0F\xEB\x28\xEC\xAF\x11\x96\xF3\xDC\x7B\x6F\xC0\xA7\x88\xF2\x53\x77\xB3\x60\x5E\xAE\xAE\x28\xDA\x35\x2C\x6F\x34\x45\xD3\x26\xE1\xDE\xEC\x5B\x4F\x27\x6B\x16\x7C\xBD\x44\x04\x18\x82\xB3\x89\x79\x17\x10\x71\x3D\x7A\xA2\x16\x4E\xF5\x01\xCD\xA4\x6C\x65\x68\xA1\x49\x76\x5C\x43\xC9\xD8\xBC\x36\x67\x6C\xA5\x94\xB5\xD4\xCC\xB9\xBD\x6A\x35\x56\x21\xDE\xD8\xC3\xEB\xFB\xCB\xA4\x60\x4C\xB0\x55\xA0\xA0\x7B\x57\xB2",
+	["CN=WellsSecure Public Root Certificate Authority,OU=Wells Fargo Bank NA,O=Wells Fargo WellsSecure,C=US"] = "\x30\x82\x04\xBD\x30\x82\x03\xA5\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1E\x06\x03\x55\x04\x0A\x0C\x17\x57\x65\x6C\x6C\x73\x20\x46\x61\x72\x67\x6F\x20\x57\x65\x6C\x6C\x73\x53\x65\x63\x75\x72\x65\x31\x1C\x30\x1A\x06\x03\x55\x04\x0B\x0C\x13\x57\x65\x6C\x6C\x73\x20\x46\x61\x72\x67\x6F\x20\x42\x61\x6E\x6B\x20\x4E\x41\x31\x36\x30\x34\x06\x03\x55\x04\x03\x0C\x2D\x57\x65\x6C\x6C\x73\x53\x65\x63\x75\x72\x65\x20\x50\x75\x62\x6C\x69\x63\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x37\x31\x32\x31\x33\x31\x37\x30\x37\x35\x34\x5A\x17\x0D\x32\x32\x31\x32\x31\x34\x30\x30\x30\x37\x35\x34\x5A\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1E\x06\x03\x55\x04\x0A\x0C\x17\x57\x65\x6C\x6C\x73\x20\x46\x61\x72\x67\x6F\x20\x57\x65\x6C\x6C\x73\x53\x65\x63\x75\x72\x65\x31\x1C\x30\x1A\x06\x03\x55\x04\x0B\x0C\x13\x57\x65\x6C\x6C\x73\x20\x46\x61\x72\x67\x6F\x20\x42\x61\x6E\x6B\x20\x4E\x41\x31\x36\x30\x34\x06\x03\x55\x04\x03\x0C\x2D\x57\x65\x6C\x6C\x73\x53\x65\x63\x75\x72\x65\x20\x50\x75\x62\x6C\x69\x63\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xEE\x6F\xB4\xBD\x79\xE2\x8F\x08\x21\x9E\x38\x04\x41\x25\xEF\xAB\x5B\x1C\x53\x92\xAC\x6D\x9E\xDD\xC2\xC4\x2E\x45\x94\x03\x35\x88\x67\x74\x57\xE3\xDF\x8C\xB8\xA7\x76\x8F\x3B\xF7\xA8\xC4\xDB\x29\x63\x0E\x91\x68\x36\x8A\x97\x8E\x8A\x71\x68\x09\x07\xE4\xE8\xD4\x0E\x4F\xF8\xD6\x2B\x4C\xA4\x16\xF9\xEF\x43\x98\x8F\xB3\x9E\x52\xDF\x6D\x91\x39\x8F\x38\xBD\x77\x8B\x43\x63\xEB\xB7\x93\xFC\x30\x4C\x1C\x01\x93\xB6\x13\xFB\xF7\xA1\x1F\xBF\x25\xE1\x74\x37\x2C\x1E\xA4\x5E\x3C\x68\xF8\x4B\xBF\x0D\xB9\x1E\x2E\x36\xE8\xA9\xE4\xA7\xF8\x0F\xCB\x82\x75\x7C\x35\x2D\x22\xD6\xC2\xBF\x0B\xF3\xB4\xFC\x6C\x95\x61\x1E\x57\xD7\x04\x81\x32\x83\x52\x79\xE6\x83\x63\xCF\xB7\xCB\x63\x8B\x11\xE2\xBD\x5E\xEB\xF6\x8D\xED\x95\x72\x28\xB4\xAC\x12\x62\xE9\x4A\x33\xE6\x83\x32\xAE\x05\x75\x95\xBD\x84\x95\xDB\x2A\x5C\x9B\x8E\x2E\x0C\xB8\x81\x2B\x41\xE6\x38\x56\x9F\x49\x9B\x6C\x76\xFA\x8A\x5D\xF7\x01\x79\x81\x7C\xC1\x83\x40\x05\xFE\x71\xFD\x0C\x3F\xCC\x4E\x60\x09\x0E\x65\x47\x10\x2F\x01\xC0\x05\x3F\x8F\xF8\xB3\x41\xEF\x5A\x42\x7E\x59\xEF\xD2\x97\x0C\x65\x02\x03\x01\x00\x01\xA3\x82\x01\x34\x30\x82\x01\x30\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x39\x06\x03\x55\x1D\x1F\x04\x32\x30\x30\x30\x2E\xA0\x2C\xA0\x2A\x86\x28\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x70\x6B\x69\x2E\x77\x65\x6C\x6C\x73\x66\x61\x72\x67\x6F\x2E\x63\x6F\x6D\x2F\x77\x73\x70\x72\x63\x61\x2E\x63\x72\x6C\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\xC6\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x26\x95\x19\x10\xD9\xE8\xA1\x97\x91\xFF\xDC\x19\xD9\xB5\x04\x3E\xD2\x73\x0A\x6A\x30\x81\xB2\x06\x03\x55\x1D\x23\x04\x81\xAA\x30\x81\xA7\x80\x14\x26\x95\x19\x10\xD9\xE8\xA1\x97\x91\xFF\xDC\x19\xD9\xB5\x04\x3E\xD2\x73\x0A\x6A\xA1\x81\x8B\xA4\x81\x88\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1E\x06\x03\x55\x04\x0A\x0C\x17\x57\x65\x6C\x6C\x73\x20\x46\x61\x72\x67\x6F\x20\x57\x65\x6C\x6C\x73\x53\x65\x63\x75\x72\x65\x31\x1C\x30\x1A\x06\x03\x55\x04\x0B\x0C\x13\x57\x65\x6C\x6C\x73\x20\x46\x61\x72\x67\x6F\x20\x42\x61\x6E\x6B\x20\x4E\x41\x31\x36\x30\x34\x06\x03\x55\x04\x03\x0C\x2D\x57\x65\x6C\x6C\x73\x53\x65\x63\x75\x72\x65\x20\x50\x75\x62\x6C\x69\x63\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x82\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xB9\x15\xB1\x44\x91\xCC\x23\xC8\x2B\x4D\x77\xE3\xF8\x9A\x7B\x27\x0D\xCD\x72\xBB\x99\x00\xCA\x7C\x66\x19\x50\xC6\xD5\x98\xED\xAB\xBF\x03\x5A\xE5\x4D\xE5\x1E\xC8\x4F\x71\x97\x86\xD5\xE3\x1D\xFD\x90\xC9\x3C\x75\x77\x57\x7A\x7D\xF8\xDE\xF4\xD4\xD5\xF7\x95\xE6\x74\x6E\x1D\x3C\xAE\x7C\x9D\xDB\x02\x03\x05\x2C\x71\x4B\x25\x3E\x07\xE3\x5E\x9A\xF5\x66\x17\x29\x88\x1A\x38\x9F\xCF\xAA\x41\x03\x84\x97\x6B\x93\x38\x7A\xCA\x30\x44\x1B\x24\x44\x33\xD0\xE4\xD1\xDC\x28\x38\xF4\x13\x43\x35\x35\x29\x63\xA8\x7C\xA2\xB5\xAD\x38\xA4\xED\xAD\xFD\xC6\x9A\x1F\xFF\x97\x73\xFE\xFB\xB3\x35\xA7\x93\x86\xC6\x76\x91\x00\xE6\xAC\x51\x16\xC4\x27\x32\x5C\xDB\x73\xDA\xA5\x93\x57\x8E\x3E\x6D\x35\x26\x08\x59\xD5\xE7\x44\xD7\x76\x20\x63\xE7\xAC\x13\x67\xC3\x6D\xB1\x70\x46\x7C\xD5\x96\x11\x3D\x89\x6F\x5D\xA8\xA1\xEB\x8D\x0A\xDA\xC3\x1D\x33\x6C\xA3\xEA\x67\x19\x9A\x99\x7F\x4B\x3D\x83\x51\x2A\x1D\xCA\x2F\x86\x0C\xA2\x7E\x10\x2D\x2B\xD4\x16\x95\x0B\x07\xAA\x2E\x14\x92\x49\xB7\x29\x6F\xD8\x6D\x31\x7D\xF5\xFC\xA1\x10\x07\x87\xCE\x2F\x59\xDC\x3E\x58\xDB",
+	["CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB"] = "\x30\x82\x02\x89\x30\x82\x02\x0F\xA0\x03\x02\x01\x02\x02\x10\x1F\x47\xAF\xAA\x62\x00\x70\x50\x54\x4C\x01\x9E\x9B\x63\x99\x2A\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x13\x11\x43\x4F\x4D\x4F\x44\x4F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x2B\x30\x29\x06\x03\x55\x04\x03\x13\x22\x43\x4F\x4D\x4F\x44\x4F\x20\x45\x43\x43\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x38\x30\x33\x30\x36\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x13\x11\x43\x4F\x4D\x4F\x44\x4F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x2B\x30\x29\x06\x03\x55\x04\x03\x13\x22\x43\x4F\x4D\x4F\x44\x4F\x20\x45\x43\x43\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x76\x30\x10\x06\x07\x2A\x86\x48\xCE\x3D\x02\x01\x06\x05\x2B\x81\x04\x00\x22\x03\x62\x00\x04\x03\x47\x7B\x2F\x75\xC9\x82\x15\x85\xFB\x75\xE4\x91\x16\xD4\xAB\x62\x99\xF5\x3E\x52\x0B\x06\xCE\x41\x00\x7F\x97\xE1\x0A\x24\x3C\x1D\x01\x04\xEE\x3D\xD2\x8D\x09\x97\x0C\xE0\x75\xE4\xFA\xFB\x77\x8A\x2A\xF5\x03\x60\x4B\x36\x8B\x16\x23\x16\xAD\x09\x71\xF4\x4A\xF4\x28\x50\xB4\xFE\x88\x1C\x6E\x3F\x6C\x2F\x2F\x09\x59\x5B\xA5\x5B\x0B\x33\x99\xE2\xC3\x3D\x89\xF9\x6A\x2C\xEF\xB2\xD3\x06\xE9\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x75\x71\xA7\x19\x48\x19\xBC\x9D\x9D\xEA\x41\x47\xDF\x94\xC4\x48\x77\x99\xD3\x79\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x03\x68\x00\x30\x65\x02\x31\x00\xEF\x03\x5B\x7A\xAC\xB7\x78\x0A\x72\xB7\x88\xDF\xFF\xB5\x46\x14\x09\x0A\xFA\xA0\xE6\x7D\x08\xC6\x1A\x87\xBD\x18\xA8\x73\xBD\x26\xCA\x60\x0C\x9D\xCE\x99\x9F\xCF\x5C\x0F\x30\xE1\xBE\x14\x31\xEA\x02\x30\x14\xF4\x93\x3C\x49\xA7\x33\x7A\x90\x46\x47\xB3\x63\x7D\x13\x9B\x4E\xB7\x6F\x18\x37\x80\x53\xFE\xDD\x20\xE0\x35\x9A\x36\xD1\xC7\x01\xB9\xE6\xDC\xDD\xF3\xFF\x1D\x2C\x3A\x16\x57\xD9\x92\x39\xD6",
+	["emailAddress=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR"] = "\x30\x82\x04\x02\x30\x82\x02\xEA\xA0\x03\x02\x01\x02\x02\x05\x39\x11\x45\x10\x94\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x0F\x30\x0D\x06\x03\x55\x04\x08\x13\x06\x46\x72\x61\x6E\x63\x65\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x13\x05\x50\x61\x72\x69\x73\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x50\x4D\x2F\x53\x47\x44\x4E\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13\x05\x44\x43\x53\x53\x49\x31\x0E\x30\x0C\x06\x03\x55\x04\x03\x13\x05\x49\x47\x43\x2F\x41\x31\x23\x30\x21\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x14\x69\x67\x63\x61\x40\x73\x67\x64\x6E\x2E\x70\x6D\x2E\x67\x6F\x75\x76\x2E\x66\x72\x30\x1E\x17\x0D\x30\x32\x31\x32\x31\x33\x31\x34\x32\x39\x32\x33\x5A\x17\x0D\x32\x30\x31\x30\x31\x37\x31\x34\x32\x39\x32\x32\x5A\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x0F\x30\x0D\x06\x03\x55\x04\x08\x13\x06\x46\x72\x61\x6E\x63\x65\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x13\x05\x50\x61\x72\x69\x73\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x50\x4D\x2F\x53\x47\x44\x4E\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13\x05\x44\x43\x53\x53\x49\x31\x0E\x30\x0C\x06\x03\x55\x04\x03\x13\x05\x49\x47\x43\x2F\x41\x31\x23\x30\x21\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x14\x69\x67\x63\x61\x40\x73\x67\x64\x6E\x2E\x70\x6D\x2E\x67\x6F\x75\x76\x2E\x66\x72\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB2\x1F\xD1\xD0\x62\xC5\x33\x3B\xC0\x04\x86\x88\xB3\xDC\xF8\x88\xF7\xFD\xDF\x43\xDF\x7A\x8D\x9A\x49\x5C\xF6\x4E\xAA\xCC\x1C\xB9\xA1\xEB\x27\x89\xF2\x46\xE9\x3B\x4A\x71\xD5\x1D\x8E\x2D\xCF\xE6\xAD\xAB\x63\x50\xC7\x54\x0B\x6E\x12\xC9\x90\x36\xC6\xD8\x2F\xDA\x91\xAA\x68\xC5\x72\xFE\x17\x0A\xB2\x17\x7E\x79\xB5\x32\x88\x70\xCA\x70\xC0\x96\x4A\x8E\xE4\x55\xCD\x1D\x27\x94\xBF\xCE\x72\x2A\xEC\x5C\xF9\x73\x20\xFE\xBD\xF7\x2E\x89\x67\xB8\xBB\x47\x73\x12\xF7\xD1\x35\x69\x3A\xF2\x0A\xB9\xAE\xFF\x46\x42\x46\xA2\xBF\xA1\x85\x1A\xF9\xBF\xE4\xFF\x49\x85\xF7\xA3\x70\x86\x32\x1C\x5D\x9F\x60\xF7\xA9\xAD\xA5\xFF\xCF\xD1\x34\xF9\x7D\x5B\x17\xC6\xDC\xD6\x0E\x28\x6B\xC2\xDD\xF1\xF5\x33\x68\x9D\x4E\xFC\x87\x7C\x36\x12\xD6\xA3\x80\xE8\x43\x0D\x55\x61\x94\xEA\x64\x37\x47\xEA\x77\xCA\xD0\xB2\x58\x05\xC3\x5D\x7E\xB1\xA8\x46\x90\x31\x56\xCE\x70\x2A\x96\xB2\x30\xB8\x77\xE6\x79\xC0\xBD\x29\x3B\xFD\x94\x77\x4C\xBD\x20\xCD\x41\x25\xE0\x2E\xC7\x1B\xBB\xEE\xA4\x04\x41\xD2\x5D\xAD\x12\x6A\x8A\x9B\x47\xFB\xC9\xDD\x46\x40\xE1\x9D\x3C\x33\xD0\xB5\x02\x03\x01\x00\x01\xA3\x77\x30\x75\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x46\x30\x15\x06\x03\x55\x1D\x20\x04\x0E\x30\x0C\x30\x0A\x06\x08\x2A\x81\x7A\x01\x79\x01\x01\x01\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA3\x05\x2F\x18\x60\x50\xC2\x89\x0A\xDD\x2B\x21\x4F\xFF\x8E\x4E\xA8\x30\x31\x36\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xA3\x05\x2F\x18\x60\x50\xC2\x89\x0A\xDD\x2B\x21\x4F\xFF\x8E\x4E\xA8\x30\x31\x36\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x05\xDC\x26\xD8\xFA\x77\x15\x44\x68\xFC\x2F\x66\x3A\x74\xE0\x5D\xE4\x29\xFF\x06\x07\x13\x84\x4A\xAB\xCF\x6D\xA0\x1F\x51\x94\xF8\x49\xCB\x74\x36\x14\xBC\x15\xDD\xDB\x89\x2F\xDD\x8F\xA0\x5D\x7C\xF5\x12\xEB\x9F\x9E\x38\xA4\x47\xCC\xB3\x96\xD9\xBE\x9C\x25\xAB\x03\x7E\x33\x0F\x95\x81\x0D\xFD\x16\xE0\x88\xBE\x37\xF0\x6C\x5D\xD0\x31\x9B\x32\x2B\x5D\x17\x65\x93\x98\x60\xBC\x6E\x8F\xB1\xA8\x3C\x1E\xD9\x1C\xF3\xA9\x26\x42\xF9\x64\x1D\xC2\xE7\x92\xF6\xF4\x1E\x5A\xAA\x19\x52\x5D\xAF\xE8\xA2\xF7\x60\xA0\xF6\x8D\xF0\x89\xF5\x6E\xE0\x0A\x05\x01\x95\xC9\x8B\x20\x0A\xBA\x5A\xFC\x9A\x2C\x3C\xBD\xC3\xB7\xC9\x5D\x78\x25\x05\x3F\x56\x14\x9B\x0C\xDA\xFB\x3A\x48\xFE\x97\x69\x5E\xCA\x10\x86\xF7\x4E\x96\x04\x08\x4D\xEC\xB0\xBE\x5D\xDC\x3B\x8E\x4F\xC1\xFD\x9A\x36\x34\x9A\x4C\x54\x7E\x17\x03\x48\x95\x08\x11\x1C\x07\x6F\x85\x08\x7E\x5D\x4D\xC4\x9D\xDB\xFB\xAE\xCE\xB2\xD1\xB3\xB8\x83\x6C\x1D\xB2\xB3\x79\xF1\xD8\x70\x99\x7E\xF0\x13\x02\xCE\x5E\xDD\x51\xD3\xDF\x36\x81\xA1\x1B\x78\x2F\x71\xB3\xF1\x59\x4C\x46\x18\x28\xAB\x85\xD2\x60\x56\x5A",
+	["OU=Security Communication EV RootCA1,O=SECOM Trust Systems CO.\,LTD.,C=JP"] = "\x30\x82\x03\x7D\x30\x82\x02\x65\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x60\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x45\x43\x4F\x4D\x20\x54\x72\x75\x73\x74\x20\x53\x79\x73\x74\x65\x6D\x73\x20\x43\x4F\x2E\x2C\x4C\x54\x44\x2E\x31\x2A\x30\x28\x06\x03\x55\x04\x0B\x13\x21\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6F\x6D\x6D\x75\x6E\x69\x63\x61\x74\x69\x6F\x6E\x20\x45\x56\x20\x52\x6F\x6F\x74\x43\x41\x31\x30\x1E\x17\x0D\x30\x37\x30\x36\x30\x36\x30\x32\x31\x32\x33\x32\x5A\x17\x0D\x33\x37\x30\x36\x30\x36\x30\x32\x31\x32\x33\x32\x5A\x30\x60\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x45\x43\x4F\x4D\x20\x54\x72\x75\x73\x74\x20\x53\x79\x73\x74\x65\x6D\x73\x20\x43\x4F\x2E\x2C\x4C\x54\x44\x2E\x31\x2A\x30\x28\x06\x03\x55\x04\x0B\x13\x21\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6F\x6D\x6D\x75\x6E\x69\x63\x61\x74\x69\x6F\x6E\x20\x45\x56\x20\x52\x6F\x6F\x74\x43\x41\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBC\x7F\xEC\x57\x9B\x24\xE0\xFE\x9C\xBA\x42\x79\xA9\x88\x8A\xFA\x80\xE0\xF5\x07\x29\x43\xEA\x8E\x0A\x34\x36\x8D\x1C\xFA\xA7\xB5\x39\x78\xFF\x97\x75\xF7\x2F\xE4\xAA\x6B\x04\x84\x44\xCA\xA6\xE2\x68\x8E\xFD\x55\x50\x62\x0F\xA4\x71\x0E\xCE\x07\x38\x2D\x42\x85\x50\xAD\x3C\x96\x6F\x8B\xD5\xA2\x0E\xCF\xDE\x49\x89\x3D\xD6\x64\x2E\x38\xE5\x1E\x6C\xB5\x57\x8A\x9E\xEF\x48\x0E\xCD\x7A\x69\x16\x87\x44\xB5\x90\xE4\x06\x9D\xAE\xA1\x04\x97\x58\x79\xEF\x20\x4A\x82\x6B\x8C\x22\xBF\xEC\x1F\x0F\xE9\x84\x71\xED\xF1\x0E\xE4\xB8\x18\x13\xCC\x56\x36\x5D\xD1\x9A\x1E\x51\x6B\x39\x6E\x60\x76\x88\x34\x0B\xF3\xB3\xD1\xB0\x9D\xCA\x61\xE2\x64\x1D\xC1\x46\x07\xB8\x63\xDD\x1E\x33\x65\xB3\x8E\x09\x55\x52\x3D\xB5\xBD\xFF\x07\xEB\xAD\x61\x55\x18\x2C\xA9\x69\x98\x4A\xAA\x40\xC5\x33\x14\x65\x74\x00\xF9\x91\xDE\xAF\x03\x48\xC5\x40\x54\xDC\x0F\x84\x90\x68\x20\xC5\x92\x96\xDC\x2E\xE5\x02\x45\xAA\xC0\x5F\x54\xF8\x6D\xEA\x49\xCF\x5D\x6C\x4B\xAF\xEF\x9A\xC2\x56\x5C\xC6\x35\x56\x42\x6A\x30\x5F\xC2\xAB\xF6\xE2\x3D\x3F\xB3\xC9\x11\x8F\x31\x4C\xD7\x9F\x49\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x35\x4A\xF5\x4D\xAF\x3F\xD7\x82\x38\xAC\xAB\x71\x65\x17\x75\x8C\x9D\x55\x93\xE6\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xA8\x87\xE9\xEC\xF8\x40\x67\x5D\xC3\xC1\x66\xC7\x40\x4B\x97\xFC\x87\x13\x90\x5A\xC4\xEF\xA0\xCA\x5F\x8B\xB7\xA7\xB7\xF1\xD6\xB5\x64\xB7\x8A\xB3\xB8\x1B\xCC\xDA\xFB\xAC\x66\x88\x41\xCE\xE8\xFC\xE4\xDB\x1E\x88\xA6\xED\x27\x50\x1B\x02\x30\x24\x46\x79\xFE\x04\x87\x70\x97\x40\x73\xD1\xC0\xC1\x57\x19\x9A\x69\xA5\x27\x99\xAB\x9D\x62\x84\xF6\x51\xC1\x2C\xC9\x23\x15\xD8\x28\xB7\xAB\x25\x13\xB5\x46\xE1\x86\x02\xFF\x26\x8C\xC4\x88\x92\x1D\x56\xFE\x19\x67\xF2\x55\xE4\x80\xA3\x6B\x9C\xAB\x77\xE1\x51\x71\x0D\x20\xDB\x10\x9A\xDB\xBD\x76\x79\x07\x77\x99\x28\xAD\x9A\x5E\xDA\xB1\x4F\x44\x2C\x35\x8E\xA5\x96\xC7\xFD\x83\xF0\x58\xC6\x79\xD6\x98\x7C\xA8\x8D\xFE\x86\x3E\x07\x16\x92\xE1\x7B\xE7\x1D\xEC\x33\x76\x7E\x42\x2E\x4A\x85\xF9\x91\x89\x68\x84\x03\x81\xA5\x9B\x9A\xBE\xE3\x37\xC5\x54\xAB\x56\x3B\x18\x2D\x41\xA4\x0C\xF8\x42\xDB\x99\xA0\xE0\x72\x6F\xBB\x5D\xE1\x16\x4F\x53\x0A\x64\xF9\x4E\xF4\xBF\x4E\x54\xBD\x78\x6C\x88\xEA\xBF\x9C\x13\x24\xC2\x70\x69\xA2\x7F\x0F\xC8\x3C\xAD\x08\xC9\xB0\x98\x40\xA3\x2A\xE7\x88\x83\xED\x77\x8F\x74",
+	["CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH"] = "\x30\x82\x03\xF1\x30\x82\x02\xD9\xA0\x03\x02\x01\x02\x02\x10\x41\x3D\x72\xC7\xF4\x6B\x1F\x81\x43\x7D\xF1\xD2\x28\x54\xDF\x9A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x8A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x57\x49\x53\x65\x4B\x65\x79\x31\x1B\x30\x19\x06\x03\x55\x04\x0B\x13\x12\x43\x6F\x70\x79\x72\x69\x67\x68\x74\x20\x28\x63\x29\x20\x32\x30\x30\x35\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x4F\x49\x53\x54\x45\x20\x46\x6F\x75\x6E\x64\x61\x74\x69\x6F\x6E\x20\x45\x6E\x64\x6F\x72\x73\x65\x64\x31\x28\x30\x26\x06\x03\x55\x04\x03\x13\x1F\x4F\x49\x53\x54\x45\x20\x57\x49\x53\x65\x4B\x65\x79\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x20\x47\x41\x20\x43\x41\x30\x1E\x17\x0D\x30\x35\x31\x32\x31\x31\x31\x36\x30\x33\x34\x34\x5A\x17\x0D\x33\x37\x31\x32\x31\x31\x31\x36\x30\x39\x35\x31\x5A\x30\x81\x8A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x57\x49\x53\x65\x4B\x65\x79\x31\x1B\x30\x19\x06\x03\x55\x04\x0B\x13\x12\x43\x6F\x70\x79\x72\x69\x67\x68\x74\x20\x28\x63\x29\x20\x32\x30\x30\x35\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x4F\x49\x53\x54\x45\x20\x46\x6F\x75\x6E\x64\x61\x74\x69\x6F\x6E\x20\x45\x6E\x64\x6F\x72\x73\x65\x64\x31\x28\x30\x26\x06\x03\x55\x04\x03\x13\x1F\x4F\x49\x53\x54\x45\x20\x57\x49\x53\x65\x4B\x65\x79\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x20\x47\x41\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCB\x4F\xB3\x00\x9B\x3D\x36\xDD\xF9\xD1\x49\x6A\x6B\x10\x49\x1F\xEC\xD8\x2B\xB2\xC6\xF8\x32\x81\x29\x43\x95\x4C\x9A\x19\x23\x21\x15\x45\xDE\xE3\xC8\x1C\x51\x55\x5B\xAE\x93\xE8\x37\xFF\x2B\x6B\xE9\xD4\xEA\xBE\x2A\xDD\xA8\x51\x2B\xD7\x66\xC3\x61\x5C\x60\x02\xC8\xF5\xCE\x72\x7B\x3B\xB8\xF2\x4E\x65\x08\x9A\xCD\xA4\x6A\x19\xC1\x01\xBB\x73\xA6\xD7\xF6\xC3\xDD\xCD\xBC\xA4\x8B\xB5\x99\x61\xB8\x01\xA2\xA3\xD4\x4D\xD4\x05\x3D\x91\xAD\xF8\xB4\x08\x71\x64\xAF\x70\xF1\x1C\x6B\x7E\xF6\xC3\x77\x9D\x24\x73\x7B\xE4\x0C\x8C\xE1\xD9\x36\xE1\x99\x8B\x05\x99\x0B\xED\x45\x31\x09\xCA\xC2\x00\xDB\xF7\x72\xA0\x96\xAA\x95\x87\xD0\x8E\xC7\xB6\x61\x73\x0D\x76\x66\x8C\xDC\x1B\xB4\x63\xA2\x9F\x7F\x93\x13\x30\xF1\xA1\x27\xDB\xD9\xFF\x2C\x55\x88\x91\xA0\xE0\x4F\x07\xB0\x28\x56\x8C\x18\x1B\x97\x44\x8E\x89\xDD\xE0\x17\x6E\xE7\x2A\xEF\x8F\x39\x0A\x31\x84\x82\xD8\x40\x14\x49\x2E\x7A\x41\xE4\xA7\xFE\xE3\x64\xCC\xC1\x59\x71\x4B\x2C\x21\xA7\x5B\x7D\xE0\x1D\xD1\x2E\x81\x9B\xC3\xD8\x68\xF7\xBD\x96\x1B\xAC\x70\xB1\x16\x14\x0B\xDB\x60\xB9\x26\x01\x05\x02\x03\x01\x00\x01\xA3\x51\x30\x4F\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x86\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xB3\x03\x7E\xAE\x36\xBC\xB0\x79\xD1\xDC\x94\x26\xB6\x11\xBE\x21\xB2\x69\x86\x94\x30\x10\x06\x09\x2B\x06\x01\x04\x01\x82\x37\x15\x01\x04\x03\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4B\xA1\xFF\x0B\x87\x6E\xB3\xF9\xC1\x43\xB1\x48\xF3\x28\xC0\x1D\x2E\xC9\x09\x41\xFA\x94\x00\x1C\xA4\xA4\xAB\x49\x4F\x8F\x3D\x1E\xEF\x4D\x6F\xBD\xBC\xA4\xF6\xF2\x26\x30\xC9\x10\xCA\x1D\x88\xFB\x74\x19\x1F\x85\x45\xBD\xB0\x6C\x51\xF9\x36\x7E\xDB\xF5\x4C\x32\x3A\x41\x4F\x5B\x47\xCF\xE8\x0B\x2D\xB6\xC4\x19\x9D\x74\xC5\x47\xC6\x3B\x6A\x0F\xAC\x14\xDB\x3C\xF4\x73\x9C\xA9\x05\xDF\x00\xDC\x74\x78\xFA\xF8\x35\x60\x59\x02\x13\x18\x7C\xBC\xFB\x4D\xB0\x20\x6D\x43\xBB\x60\x30\x7A\x67\x33\x5C\xC5\x99\xD1\xF8\x2D\x39\x52\x73\xFB\x8C\xAA\x97\x25\x5C\x72\xD9\x08\x1E\xAB\x4E\x3C\xE3\x81\x31\x9F\x03\xA6\xFB\xC0\xFE\x29\x88\x55\xDA\x84\xD5\x50\x03\xB6\xE2\x84\xA3\xA6\x36\xAA\x11\x3A\x01\xE1\x18\x4B\xD6\x44\x68\xB3\x3D\xF9\x53\x74\x84\xB3\x46\x91\x46\x96\x00\xB7\x80\x2C\xB6\xE1\xE3\x10\xE2\xDB\xA2\xE7\x28\x8F\x01\x96\x62\x16\x3E\x00\xE3\x1C\xA5\x36\x81\x18\xA2\x4C\x52\x76\xC0\x11\xA3\x6E\xE6\x1D\xBA\xE3\x5A\xBE\x36\x53\xC5\x3E\x75\x8F\x86\x69\x29\x58\x53\xB5\x9C\xBB\x6F\x9F\x5C\xC5\x18\xEC\xDD\x2F\xE1\x98\xC9\xFC\xBE\xDF\x0A\x0D",
+	["CN=Microsec e-Szigno Root CA,OU=e-Szigno CA,O=Microsec Ltd.,L=Budapest,C=HU"] = "\x30\x82\x07\xA8\x30\x82\x06\x90\xA0\x03\x02\x01\x02\x02\x11\x00\xCC\xB8\xE7\xBF\x4E\x29\x1A\xFD\xA2\xDC\x66\xA5\x1C\x2C\x0F\x11\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x72\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x4C\x74\x64\x2E\x31\x14\x30\x12\x06\x03\x55\x04\x0B\x13\x0B\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x43\x41\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x35\x30\x34\x30\x36\x31\x32\x32\x38\x34\x34\x5A\x17\x0D\x31\x37\x30\x34\x30\x36\x31\x32\x32\x38\x34\x34\x5A\x30\x72\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x4C\x74\x64\x2E\x31\x14\x30\x12\x06\x03\x55\x04\x0B\x13\x0B\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x43\x41\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xED\xC8\x00\xD5\x81\x7B\xCD\x38\x00\x47\xCC\xDB\x84\xC1\x21\x69\x2C\x74\x90\x0C\x21\xD9\x53\x87\xED\x3E\x43\x44\x53\xAF\xAB\xF8\x80\x9B\x3C\x78\x8D\xD4\x8D\xAE\xB8\xEF\xD3\x11\xDC\x81\xE6\xCF\x3B\x96\x8C\xD6\x6F\x15\xC6\x77\x7E\xA1\x2F\xE0\x5F\x92\xB6\x27\xD7\x76\x9A\x1D\x43\x3C\xEA\xD9\xEC\x2F\xEE\x39\xF3\x6A\x67\x4B\x8B\x82\xCF\x22\xF8\x65\x55\xFE\x2C\xCB\x2F\x7D\x48\x7A\x3D\x75\xF9\xAA\xA0\x27\xBB\x78\xC2\x06\xCA\x51\xC2\x7E\x66\x4B\xAF\xCD\xA2\xA7\x4D\x02\x82\x3F\x82\xAC\x85\xC6\xE1\x0F\x90\x47\x99\x94\x0A\x71\x72\x93\x2A\xC9\xA6\xC0\xBE\x3C\x56\x4C\x73\x92\x27\xF1\x6B\xB5\xF5\xFD\xFC\x30\x05\x60\x92\xC6\xEB\x96\x7E\x01\x91\xC2\x69\xB1\x1E\x1D\x7B\x53\x45\xB8\xDC\x41\x1F\xC9\x8B\x71\xD6\x54\x14\xE3\x8B\x54\x78\x3F\xBE\xF4\x62\x3B\x5B\xF5\xA3\xEC\xD5\x92\x74\xE2\x74\x30\xEF\x01\xDB\xE1\xD4\xAB\x99\x9B\x2A\x6B\xF8\xBD\xA6\x1C\x86\x23\x42\x5F\xEC\x49\xDE\x9A\x8B\x5B\xF4\x72\x3A\x40\xC5\x49\x3E\xA5\xBE\x8E\xAA\x71\xEB\x6C\xFA\xF5\x1A\xE4\x6A\xFD\x7B\x7D\x55\x40\xEF\x58\x6E\xE6\xD9\xD5\xBC\x24\xAB\xC1\xEF\xB7\x02\x03\x01\x00\x01\xA3\x82\x04\x37\x30\x82\x04\x33\x30\x67\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x01\x04\x5B\x30\x59\x30\x28\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x01\x86\x1C\x68\x74\x74\x70\x73\x3A\x2F\x2F\x72\x63\x61\x2E\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x2F\x6F\x63\x73\x70\x30\x2D\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x02\x86\x21\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x2F\x52\x6F\x6F\x74\x43\x41\x2E\x63\x72\x74\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x82\x01\x73\x06\x03\x55\x1D\x20\x04\x82\x01\x6A\x30\x82\x01\x66\x30\x82\x01\x62\x06\x0C\x2B\x06\x01\x04\x01\x81\xA8\x18\x02\x01\x01\x01\x30\x82\x01\x50\x30\x28\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x1C\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x2F\x53\x5A\x53\x5A\x2F\x30\x82\x01\x22\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x82\x01\x14\x1E\x82\x01\x10\x00\x41\x00\x20\x00\x74\x00\x61\x00\x6E\x00\xFA\x00\x73\x00\xED\x00\x74\x00\x76\x00\xE1\x00\x6E\x00\x79\x00\x20\x00\xE9\x00\x72\x00\x74\x00\x65\x00\x6C\x00\x6D\x00\x65\x00\x7A\x00\xE9\x00\x73\x00\xE9\x00\x68\x00\x65\x00\x7A\x00\x20\x00\xE9\x00\x73\x00\x20\x00\x65\x00\x6C\x00\x66\x00\x6F\x00\x67\x00\x61\x00\x64\x00\xE1\x00\x73\x00\xE1\x00\x68\x00\x6F\x00\x7A\x00\x20\x00\x61\x00\x20\x00\x53\x00\x7A\x00\x6F\x00\x6C\x00\x67\x00\xE1\x00\x6C\x00\x74\x00\x61\x00\x74\x00\xF3\x00\x20\x00\x53\x00\x7A\x00\x6F\x00\x6C\x00\x67\x00\xE1\x00\x6C\x00\x74\x00\x61\x00\x74\x00\xE1\x00\x73\x00\x69\x00\x20\x00\x53\x00\x7A\x00\x61\x00\x62\x00\xE1\x00\x6C\x00\x79\x00\x7A\x00\x61\x00\x74\x00\x61\x00\x20\x00\x73\x00\x7A\x00\x65\x00\x72\x00\x69\x00\x6E\x00\x74\x00\x20\x00\x6B\x00\x65\x00\x6C\x00\x6C\x00\x20\x00\x65\x00\x6C\x00\x6A\x00\xE1\x00\x72\x00\x6E\x00\x69\x00\x3A\x00\x20\x00\x68\x00\x74\x00\x74\x00\x70\x00\x3A\x00\x2F\x00\x2F\x00\x77\x00\x77\x00\x77\x00\x2E\x00\x65\x00\x2D\x00\x73\x00\x7A\x00\x69\x00\x67\x00\x6E\x00\x6F\x00\x2E\x00\x68\x00\x75\x00\x2F\x00\x53\x00\x5A\x00\x53\x00\x5A\x00\x2F\x30\x81\xC8\x06\x03\x55\x1D\x1F\x04\x81\xC0\x30\x81\xBD\x30\x81\xBA\xA0\x81\xB7\xA0\x81\xB4\x86\x21\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x2F\x52\x6F\x6F\x74\x43\x41\x2E\x63\x72\x6C\x86\x81\x8E\x6C\x64\x61\x70\x3A\x2F\x2F\x6C\x64\x61\x70\x2E\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x2F\x43\x4E\x3D\x4D\x69\x63\x72\x6F\x73\x65\x63\x25\x32\x30\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x25\x32\x30\x52\x6F\x6F\x74\x25\x32\x30\x43\x41\x2C\x4F\x55\x3D\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x25\x32\x30\x43\x41\x2C\x4F\x3D\x4D\x69\x63\x72\x6F\x73\x65\x63\x25\x32\x30\x4C\x74\x64\x2E\x2C\x4C\x3D\x42\x75\x64\x61\x70\x65\x73\x74\x2C\x43\x3D\x48\x55\x3F\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x52\x65\x76\x6F\x63\x61\x74\x69\x6F\x6E\x4C\x69\x73\x74\x3B\x62\x69\x6E\x61\x72\x79\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x81\x96\x06\x03\x55\x1D\x11\x04\x81\x8E\x30\x81\x8B\x81\x10\x69\x6E\x66\x6F\x40\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\xA4\x77\x30\x75\x31\x23\x30\x21\x06\x03\x55\x04\x03\x0C\x1A\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x65\x2D\x53\x7A\x69\x67\x6E\xC3\xB3\x20\x52\x6F\x6F\x74\x20\x43\x41\x31\x16\x30\x14\x06\x03\x55\x04\x0B\x0C\x0D\x65\x2D\x53\x7A\x69\x67\x6E\xC3\xB3\x20\x48\x53\x5A\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x4B\x66\x74\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x30\x81\xAC\x06\x03\x55\x1D\x23\x04\x81\xA4\x30\x81\xA1\x80\x14\xC7\xA0\x49\x75\x16\x61\x84\xDB\x31\x4B\x84\xD2\xF1\x37\x40\x90\xEF\x4E\xDC\xF7\xA1\x76\xA4\x74\x30\x72\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x4C\x74\x64\x2E\x31\x14\x30\x12\x06\x03\x55\x04\x0B\x13\x0B\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x43\x41\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x52\x6F\x6F\x74\x20\x43\x41\x82\x11\x00\xCC\xB8\xE7\xBF\x4E\x29\x1A\xFD\xA2\xDC\x66\xA5\x1C\x2C\x0F\x11\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xC7\xA0\x49\x75\x16\x61\x84\xDB\x31\x4B\x84\xD2\xF1\x37\x40\x90\xEF\x4E\xDC\xF7\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xD3\x13\x9C\x66\x63\x59\x2E\xCA\x5C\x70\x0C\xFC\x83\xBC\x55\xB1\xF4\x8E\x07\x6C\x66\x27\xCE\xC1\x3B\x20\xA9\x1C\xBB\x46\x54\x70\xEE\x5A\xCC\xA0\x77\xEA\x68\x44\x27\xEB\xF2\x29\xDD\x77\xA9\xD5\xFB\xE3\xD4\xA7\x04\xC4\x95\xB8\x0B\xE1\x44\x68\x60\x07\x43\x30\x31\x42\x61\xE5\xEE\xD9\xE5\x24\xD5\x1B\xDF\xE1\x4A\x1B\xAA\x9F\xC7\x5F\xF8\x7A\x11\xEA\x13\x93\x00\xCA\x8A\x58\xB1\xEE\xED\x0E\x4D\xB4\xD7\xA8\x36\x26\x7C\xE0\x3A\xC1\xD5\x57\x82\xF1\x75\xB6\xFD\x89\x5F\xDA\xF3\xA8\x38\x9F\x35\x06\x08\xCE\x22\x95\xBE\xCD\xD5\xFC\xBE\x5B\xDE\x79\x6B\xDC\x7A\xA9\x65\x66\xBE\xB1\x25\x5A\x5F\xED\x7E\xD3\xAC\x46\x6D\x4C\xF4\x32\x87\xB4\x20\x04\xE0\x6C\x78\xB0\x77\xD1\x85\x46\x4B\xA6\x12\xB7\x75\xE8\x4A\xC9\x56\x6C\xD7\x92\xAB\x9D\xF5\x49\x38\xD2\x4F\x53\xE3\x55\x90\x11\xDB\x98\x96\xC6\x49\xF2\x3E\xF4\x9F\x1B\xE0\xF7\x88\xDC\x25\x62\x99\x44\xD8\x73\xBF\x3F\x30\xF3\x0C\x37\x3E\xD4\xC2\x28\x80\x73\xB1\x01\xB7\x9D\x5A\x96\x14\x01\x4B\xA9\x11\x9D\x29\x6A\x2E\xD0\x5D\x81\xC0\xCF\xB2\x20\x43\xC7\x03\xE0\x37\x4E\x5D\x0A\xDC\x59\x20\x25",
+	["CN=Certigna,O=Dhimyotis,C=FR"] = "\x30\x82\x03\xA8\x30\x82\x02\x90\xA0\x03\x02\x01\x02\x02\x09\x00\xFE\xDC\xE3\x01\x0F\xC9\x48\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x34\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x0C\x09\x44\x68\x69\x6D\x79\x6F\x74\x69\x73\x31\x11\x30\x0F\x06\x03\x55\x04\x03\x0C\x08\x43\x65\x72\x74\x69\x67\x6E\x61\x30\x1E\x17\x0D\x30\x37\x30\x36\x32\x39\x31\x35\x31\x33\x30\x35\x5A\x17\x0D\x32\x37\x30\x36\x32\x39\x31\x35\x31\x33\x30\x35\x5A\x30\x34\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x0C\x09\x44\x68\x69\x6D\x79\x6F\x74\x69\x73\x31\x11\x30\x0F\x06\x03\x55\x04\x03\x0C\x08\x43\x65\x72\x74\x69\x67\x6E\x61\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC8\x68\xF1\xC9\xD6\xD6\xB3\x34\x75\x26\x82\x1E\xEC\xB4\xBE\xEA\x5C\xE1\x26\xED\x11\x47\x61\xE1\xA2\x7C\x16\x78\x40\x21\xE4\x60\x9E\x5A\xC8\x63\xE1\xC4\xB1\x96\x92\xFF\x18\x6D\x69\x23\xE1\x2B\x62\xF7\xDD\xE2\x36\x2F\x91\x07\xB9\x48\xCF\x0E\xEC\x79\xB6\x2C\xE7\x34\x4B\x70\x08\x25\xA3\x3C\x87\x1B\x19\xF2\x81\x07\x0F\x38\x90\x19\xD3\x11\xFE\x86\xB4\xF2\xD1\x5E\x1E\x1E\x96\xCD\x80\x6C\xCE\x3B\x31\x93\xB6\xF2\xA0\xD0\xA9\x95\x12\x7D\xA5\x9A\xCC\x6B\xC8\x84\x56\x8A\x33\xA9\xE7\x22\x15\x53\x16\xF0\xCC\x17\xEC\x57\x5F\xE9\xA2\x0A\x98\x09\xDE\xE3\x5F\x9C\x6F\xDC\x48\xE3\x85\x0B\x15\x5A\xA6\xBA\x9F\xAC\x48\xE3\x09\xB2\xF7\xF4\x32\xDE\x5E\x34\xBE\x1C\x78\x5D\x42\x5B\xCE\x0E\x22\x8F\x4D\x90\xD7\x7D\x32\x18\xB3\x0B\x2C\x6A\xBF\x8E\x3F\x14\x11\x89\x20\x0E\x77\x14\xB5\x3D\x94\x08\x87\xF7\x25\x1E\xD5\xB2\x60\x00\xEC\x6F\x2A\x28\x25\x6E\x2A\x3E\x18\x63\x17\x25\x3F\x3E\x44\x20\x16\xF6\x26\xC8\x25\xAE\x05\x4A\xB4\xE7\x63\x2C\xF3\x8C\x16\x53\x7E\x5C\xFB\x11\x1A\x08\xC1\x46\x62\x9F\x22\xB8\xF1\xC2\x8D\x69\xDC\xFA\x3A\x58\x06\xDF\x02\x03\x01\x00\x01\xA3\x81\xBC\x30\x81\xB9\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x1A\xED\xFE\x41\x39\x90\xB4\x24\x59\xBE\x01\xF2\x52\xD5\x45\xF6\x5A\x39\xDC\x11\x30\x64\x06\x03\x55\x1D\x23\x04\x5D\x30\x5B\x80\x14\x1A\xED\xFE\x41\x39\x90\xB4\x24\x59\xBE\x01\xF2\x52\xD5\x45\xF6\x5A\x39\xDC\x11\xA1\x38\xA4\x36\x30\x34\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x0C\x09\x44\x68\x69\x6D\x79\x6F\x74\x69\x73\x31\x11\x30\x0F\x06\x03\x55\x04\x03\x0C\x08\x43\x65\x72\x74\x69\x67\x6E\x61\x82\x09\x00\xFE\xDC\xE3\x01\x0F\xC9\x48\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x85\x03\x1E\x92\x71\xF6\x42\xAF\xE1\xA3\x61\x9E\xEB\xF3\xC0\x0F\xF2\xA5\xD4\xDA\x95\xE6\xD6\xBE\x68\x36\x3D\x7E\x6E\x1F\x4C\x8A\xEF\xD1\x0F\x21\x6D\x5E\xA5\x52\x63\xCE\x12\xF8\xEF\x2A\xDA\x6F\xEB\x37\xFE\x13\x02\xC7\xCB\x3B\x3E\x22\x6B\xDA\x61\x2E\x7F\xD4\x72\x3D\xDD\x30\xE1\x1E\x4C\x40\x19\x8C\x0F\xD7\x9C\xD1\x83\x30\x7B\x98\x59\xDC\x7D\xC6\xB9\x0C\x29\x4C\xA1\x33\xA2\xEB\x67\x3A\x65\x84\xD3\x96\xE2\xED\x76\x45\x70\x8F\xB5\x2B\xDE\xF9\x23\xD6\x49\x6E\x3C\x14\xB5\xC6\x9F\x35\x1E\x50\xD0\xC1\x8F\x6A\x70\x44\x02\x62\xCB\xAE\x1D\x68\x41\xA7\xAA\x57\xE8\x53\xAA\x07\xD2\x06\xF6\xD5\x14\x06\x0B\x91\x03\x75\x2C\x6C\x72\xB5\x61\x95\x9A\x0D\x8B\xB9\x0D\xE7\xF5\xDF\x54\xCD\xDE\xE6\xD8\xD6\x09\x08\x97\x63\xE5\xC1\x2E\xB0\xB7\x44\x26\xC0\x26\xC0\xAF\x55\x30\x9E\x3B\xD5\x36\x2A\x19\x04\xF4\x5C\x1E\xFF\xCF\x2C\xB7\xFF\xD0\xFD\x87\x40\x11\xD5\x11\x23\xBB\x48\xC0\x21\xA9\xA4\x28\x2D\xFD\x15\xF8\xB0\x4E\x2B\xF4\x30\x5B\x21\xFC\x11\x91\x34\xBE\x41\xEF\x7B\x9D\x97\x75\xFF\x97\x95\xC0\x96\x58\x2F\xEA\xBB\x46\xD7\xBB\xE4\xD9\x2E",
+	["CN=AC Ra\C3\ADz Certic\C3\A1mara S.A.,O=Sociedad Cameral de Certificaci\C3\B3n Digital - Certic\C3\A1mara S.A.,C=CO"] = "\x30\x82\x06\x66\x30\x82\x04\x4E\xA0\x03\x02\x01\x02\x02\x0F\x07\x7E\x52\x93\x7B\xE0\x15\xE3\x57\xF0\x69\x8C\xCB\xEC\x0C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4F\x31\x47\x30\x45\x06\x03\x55\x04\x0A\x0C\x3E\x53\x6F\x63\x69\x65\x64\x61\x64\x20\x43\x61\x6D\x65\x72\x61\x6C\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\xC3\xB3\x6E\x20\x44\x69\x67\x69\x74\x61\x6C\x20\x2D\x20\x43\x65\x72\x74\x69\x63\xC3\xA1\x6D\x61\x72\x61\x20\x53\x2E\x41\x2E\x31\x23\x30\x21\x06\x03\x55\x04\x03\x0C\x1A\x41\x43\x20\x52\x61\xC3\xAD\x7A\x20\x43\x65\x72\x74\x69\x63\xC3\xA1\x6D\x61\x72\x61\x20\x53\x2E\x41\x2E\x30\x1E\x17\x0D\x30\x36\x31\x31\x32\x37\x32\x30\x34\x36\x32\x39\x5A\x17\x0D\x33\x30\x30\x34\x30\x32\x32\x31\x34\x32\x30\x32\x5A\x30\x7B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4F\x31\x47\x30\x45\x06\x03\x55\x04\x0A\x0C\x3E\x53\x6F\x63\x69\x65\x64\x61\x64\x20\x43\x61\x6D\x65\x72\x61\x6C\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\xC3\xB3\x6E\x20\x44\x69\x67\x69\x74\x61\x6C\x20\x2D\x20\x43\x65\x72\x74\x69\x63\xC3\xA1\x6D\x61\x72\x61\x20\x53\x2E\x41\x2E\x31\x23\x30\x21\x06\x03\x55\x04\x03\x0C\x1A\x41\x43\x20\x52\x61\xC3\xAD\x7A\x20\x43\x65\x72\x74\x69\x63\xC3\xA1\x6D\x61\x72\x61\x20\x53\x2E\x41\x2E\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xAB\x6B\x89\xA3\x53\xCC\x48\x23\x08\xFB\xC3\xCF\x51\x96\x08\x2E\xB8\x08\x7A\x6D\x3C\x90\x17\x86\xA9\xE9\xED\x2E\x13\x34\x47\xB2\xD0\x70\xDC\xC9\x3C\xD0\x8D\xCA\xEE\x4B\x17\xAB\xD0\x85\xB0\xA7\x23\x04\xCB\xA8\xA2\xFC\xE5\x75\xDB\x40\xCA\x62\x89\x8F\x50\x9E\x01\x3D\x26\x5B\x18\x84\x1C\xCB\x7C\x37\xB7\x7D\xEC\xD3\x7F\x73\x19\xB0\x6A\xB2\xD8\x88\x8A\x2D\x45\x74\xA8\xF7\xB3\xB8\xC0\xD4\xDA\xCD\x22\x89\x74\x4D\x5A\x15\x39\x73\x18\x74\x4F\xB5\xEB\x99\xA7\xC1\x1E\x88\xB4\xC2\x93\x90\x63\x97\xF3\xA7\xA7\x12\xB2\x09\x22\x07\x33\xD9\x91\xCD\x0E\x9C\x1F\x0E\x20\xC7\xEE\xBB\x33\x8D\x8F\xC2\xD2\x58\xA7\x5F\xFD\x65\x37\xE2\x88\xC2\xD8\x8F\x86\x75\x5E\xF9\x2D\xA7\x87\x33\xF2\x78\x37\x2F\x8B\xBC\x1D\x86\x37\x39\xB1\x94\xF2\xD8\xBC\x4A\x9C\x83\x18\x5A\x06\xFC\xF3\xD4\xD4\xBA\x8C\x15\x09\x25\xF0\xF9\xB6\x8D\x04\x7E\x17\x12\x33\x6B\x57\x48\x4C\x4F\xDB\x26\x1E\xEB\xCC\x90\xE7\x8B\xF9\x68\x7C\x70\x0F\xA3\x2A\xD0\x3A\x38\xDF\x37\x97\xE2\x5B\xDE\x80\x61\xD3\x80\xD8\x91\x83\x42\x5A\x4C\x04\x89\x68\x11\x3C\xAC\x5F\x68\x80\x41\xCC\x60\x42\xCE\x0D\x5A\x2A\x0C\x0F\x9B\x30\xC0\xA6\xF0\x86\xDB\xAB\x49\xD7\x97\x6D\x48\x8B\xF9\x03\xC0\x52\x67\x9B\x12\xF7\xC2\xF2\x2E\x98\x65\x42\xD9\xD6\x9A\xE3\xD0\x19\x31\x0C\xAD\x87\xD5\x57\x02\x7A\x30\xE8\x86\x26\xFB\x8F\x23\x8A\x54\x87\xE4\xBF\x3C\xEE\xEB\xC3\x75\x48\x5F\x1E\x39\x6F\x81\x62\x6C\xC5\x2D\xC4\x17\x54\x19\xB7\x37\x8D\x9C\x37\x91\xC8\xF6\x0B\xD5\xEA\x63\x6F\x83\xAC\x38\xC2\xF3\x3F\xDE\x9A\xFB\xE1\x23\x61\xF0\xC8\x26\xCB\x36\xC8\xA1\xF3\x30\x8F\xA4\xA3\xA2\xA1\xDD\x53\xB3\xDE\xF0\x9A\x32\x1F\x83\x91\x79\x30\xC1\xA9\x1F\x53\x9B\x53\xA2\x15\x53\x3F\xDD\x9D\xB3\x10\x3B\x48\x7D\x89\x0F\xFC\xED\x03\xF5\xFB\x25\x64\x75\x0E\x17\x19\x0D\x8F\x00\x16\x67\x79\x7A\x40\xFC\x2D\x59\x07\xD9\x90\xFA\x9A\xAD\x3D\xDC\x80\x8A\xE6\x5C\x35\xA2\x67\x4C\x11\x6B\xB1\xF8\x80\x64\x00\x2D\x6F\x22\x61\xC5\xAC\x4B\x26\xE5\x5A\x10\x82\x9B\xA4\x83\x7B\x34\xF7\x9E\x89\x91\x20\x97\x8E\xB7\x42\xC7\x66\xC3\xD0\xE9\xA4\xD6\xF5\x20\x8D\xC4\xC3\x95\xAC\x44\x0A\x9D\x5B\x73\x3C\x26\x3D\x2F\x4A\xBE\xA7\xC9\xA7\x10\x1E\xFB\x9F\x50\x69\xF3\x02\x03\x01\x00\x01\xA3\x81\xE6\x30\x81\xE3\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xD1\x09\xD0\xE9\xD7\xCE\x79\x74\x54\xF9\x3A\x30\xB3\xF4\x6D\x2C\x03\x03\x1B\x68\x30\x81\xA0\x06\x03\x55\x1D\x20\x04\x81\x98\x30\x81\x95\x30\x81\x92\x06\x04\x55\x1D\x20\x00\x30\x81\x89\x30\x2B\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x1F\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x65\x72\x74\x69\x63\x61\x6D\x61\x72\x61\x2E\x63\x6F\x6D\x2F\x64\x70\x63\x2F\x30\x5A\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x4E\x1A\x4C\x4C\x69\x6D\x69\x74\x61\x63\x69\x6F\x6E\x65\x73\x20\x64\x65\x20\x67\x61\x72\x61\x6E\x74\xED\x61\x73\x20\x64\x65\x20\x65\x73\x74\x65\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x64\x6F\x20\x73\x65\x20\x70\x75\x65\x64\x65\x6E\x20\x65\x6E\x63\x6F\x6E\x74\x72\x61\x72\x20\x65\x6E\x20\x6C\x61\x20\x44\x50\x43\x2E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x5C\x94\xB5\xB8\x45\x91\x4D\x8E\x61\x1F\x03\x28\x0F\x53\x7C\xE6\xA4\x59\xA9\xB3\x8A\x7A\xC5\xB0\xFF\x08\x7C\x2C\xA3\x71\x1C\x21\x13\x67\xA1\x95\x12\x40\x35\x83\x83\x8F\x74\xDB\x33\x5C\xF0\x49\x76\x0A\x81\x52\xDD\x49\xD4\x9A\x32\x33\xEF\x9B\xA7\xCB\x75\xE5\x7A\xCB\x97\x12\x90\x5C\xBA\x7B\xC5\x9B\xDF\xBB\x39\x23\xC8\xFF\x98\xCE\x0A\x4D\x22\x01\x48\x07\x7E\x8A\xC0\xD5\x20\x42\x94\x44\xEF\xBF\x77\xA2\x89\x67\x48\x1B\x40\x03\x05\xA1\x89\xEC\xCF\x62\xE3\x3D\x25\x76\x66\xBF\x26\xB7\xBB\x22\xBE\x6F\xFF\x39\x57\x74\xBA\x7A\xC9\x01\x95\xC1\x95\x51\xE8\xAB\x2C\xF8\xB1\x86\x20\xE9\x3F\xCB\x35\x5B\xD2\x17\xE9\x2A\xFE\x83\x13\x17\x40\xEE\x88\x62\x65\x5B\xD5\x3B\x60\xE9\x7B\x3C\xB8\xC9\xD5\x7F\x36\x02\x25\xAA\x68\xC2\x31\x15\xB7\x30\x65\xEB\x7F\x1D\x48\x79\xB1\xCF\x39\xE2\x42\x80\x16\xD3\xF5\x93\x23\xFC\x4C\x97\xC9\x5A\x37\x6C\x7C\x22\xD8\x4A\xCD\xD2\x8E\x36\x83\x39\x91\x90\x10\xC8\xF1\xC9\x35\x7E\x3F\xB8\xD3\x81\xC6\x20\x64\x1A\xB6\x50\xC2\x21\xA4\x78\xDC\xD0\x2F\x3B\x64\x93\x74\xF0\x96\x90\xF1\xEF\xFB\x09\x5A\x34\x40\x96\xF0\x36\x12\xC1\xA3\x74\x8C\x93\x7E\x41\xDE\x77\x8B\xEC\x86\xD9\xD2\x0F\x3F\x2D\xD1\xCC\x40\xA2\x89\x66\x48\x1E\x20\xB3\x9C\x23\x59\x73\xA9\x44\x73\xBC\x24\x79\x90\x56\x37\xB3\xC6\x29\x7E\xA3\x0F\xF1\x29\x39\xEF\x7E\x5C\x28\x32\x70\x35\xAC\xDA\xB8\xC8\x75\x66\xFC\x9B\x4C\x39\x47\x8E\x1B\x6F\x9B\x4D\x02\x54\x22\x33\xEF\x61\xBA\x9E\x29\x84\xEF\x4E\x4B\x33\x47\x76\x97\x6A\xCB\x7E\x5F\xFD\x15\xA6\x9E\x42\x43\x5B\x66\x5A\x8A\x88\x0D\xF7\x16\xB9\x3F\x51\x65\x2B\x66\x6A\x8B\xD1\x38\x52\xA2\xD6\x46\x11\xFA\xFC\x9A\x1C\x74\x9E\x8F\x97\x0B\x02\x4F\x64\xC6\xF5\x68\xD3\x4B\x2D\xFF\xA4\x37\x1E\x8B\x3F\xBF\x44\xBE\x61\x46\xA1\x84\x3D\x08\x27\x4C\x81\x20\x77\x89\x08\xEA\x67\x40\x5E\x6C\x08\x51\x5F\x34\x5A\x8C\x96\x68\xCD\xD7\xF7\x89\xC2\x1C\xD3\x32\x00\xAF\x52\xCB\xD3\x60\x5B\x2A\x3A\x47\x7E\x6B\x30\x33\xA1\x62\x29\x7F\x4A\xB9\xE1\x2D\xE7\x14\x23\x0E\x0E\x18\x47\xE1\x79\xFC\x15\x55\xD0\xB1\xFC\x25\x71\x63\x75\x33\x1C\x23\x2B\xAF\x5C\xD9\xED\x47\x77\x60\x0E\x3B\x0F\x1E\xD2\xC0\xDC\x64\x05\x89\xFC\x78\xD6\x5C\x2C\x26\x43\xA9",
+	["CN=TC TrustCenter Class 2 CA II,OU=TC TrustCenter Class 2 CA,O=TC TrustCenter GmbH,C=DE"] = "\x30\x82\x04\xAA\x30\x82\x03\x92\xA0\x03\x02\x01\x02\x02\x0E\x2E\x6A\x00\x01\x00\x02\x1F\xD7\x52\x21\x2C\x11\x5C\x3B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x76\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1C\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x41\x20\x49\x49\x30\x1E\x17\x0D\x30\x36\x30\x31\x31\x32\x31\x34\x33\x38\x34\x33\x5A\x17\x0D\x32\x35\x31\x32\x33\x31\x32\x32\x35\x39\x35\x39\x5A\x30\x76\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1C\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x41\x20\x49\x49\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAB\x80\x87\x9B\x8E\xF0\xC3\x7C\x87\xD7\xE8\x24\x82\x11\xB3\x3C\xDD\x43\x62\xEE\xF8\xC3\x45\xDA\xE8\xE1\xA0\x5F\xD1\x2A\xB2\xEA\x93\x68\xDF\xB4\xC8\xD6\x43\xE9\xC4\x75\x59\x7F\xFC\xE1\x1D\xF8\x31\x70\x23\x1B\x88\x9E\x27\xB9\x7B\xFD\x3A\xD2\xC9\xA9\xE9\x14\x2F\x90\xBE\x03\x52\xC1\x49\xCD\xF6\xFD\xE4\x08\x66\x0B\x57\x8A\xA2\x42\xA0\xB8\xD5\x7F\x69\x5C\x90\x32\xB2\x97\x0D\xCA\x4A\xDC\x46\x3E\x02\x55\x89\x53\xE3\x1A\x5A\xCB\x36\xC6\x07\x56\xF7\x8C\xCF\x11\xF4\x4C\xBB\x30\x70\x04\x95\xA5\xF6\x39\x8C\xFD\x73\x81\x08\x7D\x89\x5E\x32\x1E\x22\xA9\x22\x45\x4B\xB0\x66\x2E\x30\xCC\x9F\x65\xFD\xFC\xCB\x81\xA9\xF1\xE0\x3B\xAF\xA3\x86\xD1\x89\xEA\xC4\x45\x79\x50\x5D\xAE\xE9\x21\x74\x92\x4D\x8B\x59\x82\x8F\x94\xE3\xE9\x4A\xF1\xE7\x49\xB0\x14\xE3\xF5\x62\xCB\xD5\x72\xBD\x1F\xB9\xD2\x9F\xA0\xCD\xA8\xFA\x01\xC8\xD9\x0D\xDF\xDA\xFC\x47\x9D\xB3\xC8\x54\xDF\x49\x4A\xF1\x21\xA9\xFE\x18\x4E\xEE\x48\xD4\x19\xBB\xEF\x7D\xE4\xE2\x9D\xCB\x5B\xB6\x6E\xFF\xE3\xCD\x5A\xE7\x74\x82\x05\xBA\x80\x25\x38\xCB\xE4\x69\x9E\xAF\x41\xAA\x1A\x84\xF5\x02\x03\x01\x00\x01\xA3\x82\x01\x34\x30\x82\x01\x30\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE3\xAB\x54\x4C\x80\xA1\xDB\x56\x43\xB7\x91\x4A\xCB\xF3\x82\x7A\x13\x5C\x08\xAB\x30\x81\xED\x06\x03\x55\x1D\x1F\x04\x81\xE5\x30\x81\xE2\x30\x81\xDF\xA0\x81\xDC\xA0\x81\xD9\x86\x35\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x2F\x63\x72\x6C\x2F\x76\x32\x2F\x74\x63\x5F\x63\x6C\x61\x73\x73\x5F\x32\x5F\x63\x61\x5F\x49\x49\x2E\x63\x72\x6C\x86\x81\x9F\x6C\x64\x61\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x2F\x43\x4E\x3D\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x25\x32\x30\x43\x6C\x61\x73\x73\x25\x32\x30\x32\x25\x32\x30\x43\x41\x25\x32\x30\x49\x49\x2C\x4F\x3D\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x25\x32\x30\x47\x6D\x62\x48\x2C\x4F\x55\x3D\x72\x6F\x6F\x74\x63\x65\x72\x74\x73\x2C\x44\x43\x3D\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2C\x44\x43\x3D\x64\x65\x3F\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x52\x65\x76\x6F\x63\x61\x74\x69\x6F\x6E\x4C\x69\x73\x74\x3F\x62\x61\x73\x65\x3F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8C\xD7\xDF\x7E\xEE\x1B\x80\x10\xB3\x83\xF5\xDB\x11\xEA\x6B\x4B\xA8\x92\x18\xD9\xF7\x07\x39\xF5\x2C\xBE\x06\x75\x7A\x68\x53\x15\x1C\xEA\x4A\xED\x5E\xFC\x23\xB2\x13\xA0\xD3\x09\xFF\xF6\xF6\x2E\x6B\x41\x71\x79\xCD\xE2\x6D\xFD\xAE\x59\x6B\x85\x1D\xB8\x4E\x22\x9A\xED\x66\x39\x6E\x4B\x94\xE6\x55\xFC\x0B\x1B\x8B\x77\xC1\x53\x13\x66\x89\xD9\x28\xD6\x8B\xF3\x45\x4A\x63\xB7\xFD\x7B\x0B\x61\x5D\xB8\x6D\xBE\xC3\xDC\x5B\x79\xD2\xED\x86\xE5\xA2\x4D\xBE\x5E\x74\x7C\x6A\xED\x16\x38\x1F\x7F\x58\x81\x5A\x1A\xEB\x32\x88\x2D\xB2\xF3\x39\x77\x80\xAF\x5E\xB6\x61\x75\x29\xDB\x23\x4D\x88\xCA\x50\x28\xCB\x85\xD2\xD3\x10\xA2\x59\x6E\xD3\x93\x54\x00\x7A\xA2\x46\x95\x86\x05\x9C\xA9\x19\x98\xE5\x31\x72\x0C\x00\xE2\x67\xD9\x40\xE0\x24\x33\x7B\x6F\x2C\xB9\x5C\xAB\x65\x9D\x2C\xAC\x76\xEA\x35\x99\xF5\x97\xB9\x0F\x24\xEC\xC7\x76\x21\x28\x65\xAE\x57\xE8\x07\x88\x75\x4A\x56\xA0\xD2\x05\x3A\xA4\xE6\x8D\x92\x88\x2C\xF3\xF2\xE1\xC1\xC6\x61\xDB\x41\xC5\xC7\x9B\xF7\x0E\x1A\x51\x45\xC2\x61\x6B\xDC\x64\x27\x17\x8C\x5A\xB7\xDA\x74\x28\xCD\x97\xE4\xBD",
+	["CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE"] = "\x30\x82\x04\xAA\x30\x82\x03\x92\xA0\x03\x02\x01\x02\x02\x0E\x4A\x47\x00\x01\x00\x02\xE5\xA0\x5D\xD6\x3F\x00\x51\xBF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x76\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1C\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x20\x49\x49\x30\x1E\x17\x0D\x30\x36\x30\x31\x31\x32\x31\x34\x34\x31\x35\x37\x5A\x17\x0D\x32\x35\x31\x32\x33\x31\x32\x32\x35\x39\x35\x39\x5A\x30\x76\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1C\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x20\x49\x49\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB4\xE0\xBB\x51\xBB\x39\x5C\x8B\x04\xC5\x4C\x79\x1C\x23\x86\x31\x10\x63\x43\x55\x27\x3F\xC6\x45\xC7\xA4\x3D\xEC\x09\x0D\x1A\x1E\x20\xC2\x56\x1E\xDE\x1B\x37\x07\x30\x22\x2F\x6F\xF1\x06\xF1\xAB\xAD\xD6\xC8\xAB\x61\xA3\x2F\x43\xC4\xB0\xB2\x2D\xFC\xC3\x96\x69\x7B\x7E\x8A\xE4\xCC\xC0\x39\x12\x90\x42\x60\xC9\xCC\x35\x68\xEE\xDA\x5F\x90\x56\x5F\xCD\x1C\x4D\x5B\x58\x49\xEB\x0E\x01\x4F\x64\xFA\x2C\x3C\x89\x58\xD8\x2F\x2E\xE2\xB0\x68\xE9\x22\x3B\x75\x89\xD6\x44\x1A\x65\xF2\x1B\x97\x26\x1D\x28\x6D\xAC\xE8\xBD\x59\x1D\x2B\x24\xF6\xD6\x84\x03\x66\x88\x24\x00\x78\x60\xF1\xF8\xAB\xFE\x02\xB2\x6B\xFB\x22\xFB\x35\xE6\x16\xD1\xAD\xF6\x2E\x12\xE4\xFA\x35\x6A\xE5\x19\xB9\x5D\xDB\x3B\x1E\x1A\xFB\xD3\xFF\x15\x14\x08\xD8\x09\x6A\xBA\x45\x9D\x14\x79\x60\x7D\xAF\x40\x8A\x07\x73\xB3\x93\x96\xD3\x74\x34\x8D\x3A\x37\x29\xDE\x5C\xEC\xF5\xEE\x2E\x31\xC2\x20\xDC\xBE\xF1\x4F\x7F\x23\x52\xD9\x5B\xE2\x64\xD9\x9C\xAA\x07\x08\xB5\x45\xBD\xD1\xD0\x31\xC1\xAB\x54\x9F\xA9\xD2\xC3\x62\x60\x03\xF1\xBB\x39\x4A\x92\x4A\x3D\x0A\xB9\x9D\xC5\xA0\xFE\x37\x02\x03\x01\x00\x01\xA3\x82\x01\x34\x30\x82\x01\x30\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xD4\xA2\xFC\x9F\xB3\xC3\xD8\x03\xD3\x57\x5C\x07\xA4\xD0\x24\xA7\xC0\xF2\x00\xD4\x30\x81\xED\x06\x03\x55\x1D\x1F\x04\x81\xE5\x30\x81\xE2\x30\x81\xDF\xA0\x81\xDC\xA0\x81\xD9\x86\x35\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x2F\x63\x72\x6C\x2F\x76\x32\x2F\x74\x63\x5F\x63\x6C\x61\x73\x73\x5F\x33\x5F\x63\x61\x5F\x49\x49\x2E\x63\x72\x6C\x86\x81\x9F\x6C\x64\x61\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x2F\x43\x4E\x3D\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x25\x32\x30\x43\x6C\x61\x73\x73\x25\x32\x30\x33\x25\x32\x30\x43\x41\x25\x32\x30\x49\x49\x2C\x4F\x3D\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x25\x32\x30\x47\x6D\x62\x48\x2C\x4F\x55\x3D\x72\x6F\x6F\x74\x63\x65\x72\x74\x73\x2C\x44\x43\x3D\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2C\x44\x43\x3D\x64\x65\x3F\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x52\x65\x76\x6F\x63\x61\x74\x69\x6F\x6E\x4C\x69\x73\x74\x3F\x62\x61\x73\x65\x3F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x36\x60\xE4\x70\xF7\x06\x20\x43\xD9\x23\x1A\x42\xF2\xF8\xA3\xB2\xB9\x4D\x8A\xB4\xF3\xC2\x9A\x55\x31\x7C\xC4\x3B\x67\x9A\xB4\xDF\x4D\x0E\x8A\x93\x4A\x17\x8B\x1B\x8D\xCA\x89\xE1\xCF\x3A\x1E\xAC\x1D\xF1\x9C\x32\xB4\x8E\x59\x76\xA2\x41\x85\x25\x37\xA0\x13\xD0\xF5\x7C\x4E\xD5\xEA\x96\xE2\x6E\x72\xC1\xBB\x2A\xFE\x6C\x6E\xF8\x91\x98\x46\xFC\xC9\x1B\x57\x5B\xEA\xC8\x1A\x3B\x3F\xB0\x51\x98\x3C\x07\xDA\x2C\x59\x01\xDA\x8B\x44\xE8\xE1\x74\xFD\xA7\x68\xDD\x54\xBA\x83\x46\xEC\xC8\x46\xB5\xF8\xAF\x97\xC0\x3B\x09\x1C\x8F\xCE\x72\x96\x3D\x33\x56\x70\xBC\x96\xCB\xD8\xD5\x7D\x20\x9A\x83\x9F\x1A\xDC\x39\xF1\xC5\x72\xA3\x11\x03\xFD\x3B\x42\x52\x29\xDB\xE8\x01\xF7\x9B\x5E\x8C\xD6\x8D\x86\x4E\x19\xFA\xBC\x1C\xBE\xC5\x21\xA5\x87\x9E\x78\x2E\x36\xDB\x09\x71\xA3\x72\x34\xF8\x6C\xE3\x06\x09\xF2\x5E\x56\xA5\xD3\xDD\x98\xFA\xD4\xE6\x06\xF4\xF0\xB6\x20\x63\x4B\xEA\x29\xBD\xAA\x82\x66\x1E\xFB\x81\xAA\xA7\x37\xAD\x13\x18\xE6\x92\xC3\x81\xC1\x33\xBB\x88\x1E\xA1\xE7\xE2\xB4\xBD\x31\x6C\x0E\x51\x3D\x6F\xFB\x96\x56\x80\xE2\x36\x17\xD1\xDC\xE4",
+	["CN=TC TrustCenter Universal CA I,OU=TC TrustCenter Universal CA,O=TC TrustCenter GmbH,C=DE"] = "\x30\x82\x03\xDD\x30\x82\x02\xC5\xA0\x03\x02\x01\x02\x02\x0E\x1D\xA2\x00\x01\x00\x02\xEC\xB7\x60\x80\x78\x8D\xB6\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x79\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x47\x6D\x62\x48\x31\x24\x30\x22\x06\x03\x55\x04\x0B\x13\x1B\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x20\x49\x30\x1E\x17\x0D\x30\x36\x30\x33\x32\x32\x31\x35\x35\x34\x32\x38\x5A\x17\x0D\x32\x35\x31\x32\x33\x31\x32\x32\x35\x39\x35\x39\x5A\x30\x79\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x47\x6D\x62\x48\x31\x24\x30\x22\x06\x03\x55\x04\x0B\x13\x1B\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x20\x49\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA4\x77\x23\x96\x44\xAF\x90\xF4\x31\xA7\x10\xF4\x26\x87\x9C\xF3\x38\xD9\x0F\x5E\xDE\xCF\x41\xE8\x31\xAD\xC6\x74\x91\x24\x96\x78\x1E\x09\xA0\x9B\x9A\x95\x4A\x4A\xF5\x62\x7C\x02\xA8\xCA\xAC\xFB\x5A\x04\x76\x39\xDE\x5F\xF1\xF9\xB3\xBF\xF3\x03\x58\x55\xD2\xAA\xB7\xE3\x04\x22\xD1\xF8\x94\xDA\x22\x08\x00\x8D\xD3\x7C\x26\x5D\xCC\x77\x79\xE7\x2C\x78\x39\xA8\x26\x73\x0E\xA2\x5D\x25\x69\x85\x4F\x55\x0E\x9A\xEF\xC6\xB9\x44\xE1\x57\x3D\xDF\x1F\x54\x22\xE5\x6F\x65\xAA\x33\x84\x3A\xF3\xCE\x7A\xBE\x55\x97\xAE\x8D\x12\x0F\x14\x33\xE2\x50\x70\xC3\x49\x87\x13\xBC\x51\xDE\xD7\x98\x12\x5A\xEF\x3A\x83\x33\x92\x06\x75\x8B\x92\x7C\x12\x68\x7B\x70\x6A\x0F\xB5\x9B\xB6\x77\x5B\x48\x59\x9D\xE4\xEF\x5A\xAD\xF3\xC1\x9E\xD4\xD7\x45\x4E\xCA\x56\x34\x21\xBC\x3E\x17\x5B\x6F\x77\x0C\x48\x01\x43\x29\xB0\xDD\x3F\x96\x6E\xE6\x95\xAA\x0C\xC0\x20\xB6\xFD\x3E\x36\x27\x9C\xE3\x5C\xCF\x4E\x81\xDC\x19\xBB\x91\x90\x7D\xEC\xE6\x97\x04\x1E\x93\xCC\x22\x49\xD7\x97\x86\xB6\x13\x0A\x3C\x43\x23\x77\x7E\xF0\xDC\xE6\xCD\x24\x1F\x3B\x83\x9B\x34\x3A\x83\x34\xE3\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x92\xA4\x75\x2C\xA4\x9E\xBE\x81\x44\xEB\x79\xFC\x8A\xC5\x95\xA5\xEB\x10\x75\x73\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x92\xA4\x75\x2C\xA4\x9E\xBE\x81\x44\xEB\x79\xFC\x8A\xC5\x95\xA5\xEB\x10\x75\x73\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x28\xD2\xE0\x86\xD5\xE6\xF8\x7B\xF0\x97\xDC\x22\x6B\x3B\x95\x14\x56\x0F\x11\x30\xA5\x9A\x4F\x3A\xB0\x3A\xE0\x06\xCB\x65\xF5\xED\xC6\x97\x27\xFE\x25\xF2\x57\xE6\x5E\x95\x8C\x3E\x64\x60\x15\x5A\x7F\x2F\x0D\x01\xC5\xB1\x60\xFD\x45\x35\xCF\xF0\xB2\xBF\x06\xD9\xEF\x5A\xBE\xB3\x62\x21\xB4\xD7\xAB\x35\x7C\x53\x3E\xA6\x27\xF1\xA1\x2D\xDA\x1A\x23\x9D\xCC\xDD\xEC\x3C\x2D\x9E\x27\x34\x5D\x0F\xC2\x36\x79\xBC\xC9\x4A\x62\x2D\xED\x6B\xD9\x7D\x41\x43\x7C\xB6\xAA\xCA\xED\x61\xB1\x37\x82\x15\x09\x1A\x8A\x16\x30\xD8\xEC\xC9\xD6\x47\x72\x78\x4B\x10\x46\x14\x8E\x5F\x0E\xAF\xEC\xC7\x2F\xAB\x10\xD7\xB6\xF1\x6E\xEC\x86\xB2\xC2\xE8\x0D\x92\x73\xDC\xA2\xF4\x0F\x3A\xBF\x61\x23\x10\x89\x9C\x48\x40\x6E\x70\x00\xB3\xD3\xBA\x37\x44\x58\x11\x7A\x02\x6A\x88\xF0\x37\x34\xF0\x19\xE9\xAC\xD4\x65\x73\xF6\x69\x8C\x64\x94\x3A\x79\x85\x29\xB0\x16\x2B\x0C\x82\x3F\x06\x9C\xC7\xFD\x10\x2B\x9E\x0F\x2C\xB6\x9E\xE3\x15\xBF\xD9\x36\x1C\xBA\x25\x1A\x52\x3D\x1A\xEC\x22\x0C\x1C\xE0\xA4\xA2\x3D\xF0\xE8\x39\xCF\x81\xC0\x7B\xED\x5D\x1F\x6F\xC5\xD0\x0B\xD7\x98",
+	["CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE"] = "\x30\x82\x03\x9F\x30\x82\x02\x87\xA0\x03\x02\x01\x02\x02\x01\x26\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x71\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6C\x65\x6B\x6F\x6D\x20\x41\x47\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x54\x2D\x54\x65\x6C\x65\x53\x65\x63\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6E\x74\x65\x72\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1A\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6C\x65\x6B\x6F\x6D\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x1E\x17\x0D\x39\x39\x30\x37\x30\x39\x31\x32\x31\x31\x30\x30\x5A\x17\x0D\x31\x39\x30\x37\x30\x39\x32\x33\x35\x39\x30\x30\x5A\x30\x71\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6C\x65\x6B\x6F\x6D\x20\x41\x47\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x54\x2D\x54\x65\x6C\x65\x53\x65\x63\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6E\x74\x65\x72\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1A\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6C\x65\x6B\x6F\x6D\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAB\x0B\xA3\x35\xE0\x8B\x29\x14\xB1\x14\x85\xAF\x3C\x10\xE4\x39\x6F\x35\x5D\x4A\xAE\xDD\xEA\x61\x8D\x95\x49\xF4\x6F\x64\xA3\x1A\x60\x66\xA4\xA9\x40\x22\x84\xD9\xD4\xA5\xE5\x78\x93\x0E\x68\x01\xAD\xB9\x4D\x5C\x3A\xCE\xD3\xB8\xA8\x42\x40\xDF\xCF\xA3\xBA\x82\x59\x6A\x92\x1B\xAC\x1C\x9A\xDA\x08\x2B\x25\x27\xF9\x69\x23\x47\xF1\xE0\xEB\x2C\x7A\x9B\xF5\x13\x02\xD0\x7E\x34\x7C\xC2\x9E\x3C\x00\x59\xAB\xF5\xDA\x0C\xF5\x32\x3C\x2B\xAC\x50\xDA\xD6\xC3\xDE\x83\x94\xCA\xA8\x0C\x99\x32\x0E\x08\x48\x56\x5B\x6A\xFB\xDA\xE1\x58\x58\x01\x49\x5F\x72\x41\x3C\x15\x06\x01\x8E\x5D\xAD\xAA\xB8\x93\xB4\xCD\x9E\xEB\xA7\xE8\x6A\x2D\x52\x34\xDB\x3A\xEF\x5C\x75\x51\xDA\xDB\xF3\x31\xF9\xEE\x71\x98\x32\xC4\x54\x15\x44\x0C\xF9\x9B\x55\xED\xAD\xDF\x18\x08\xA0\xA3\x86\x8A\x49\xEE\x53\x05\x8F\x19\x4C\xD5\xDE\x58\x79\x9B\xD2\x6A\x1C\x42\xAB\xC5\xD5\xA7\xCF\x68\x0F\x96\xE4\xE1\x61\x98\x76\x61\xC8\x91\x7C\xD6\x3E\x00\xE2\x91\x50\x87\xE1\x9D\x0A\xE6\xAD\x97\xD2\x1D\xC6\x3A\x7D\xCB\xBC\xDA\x03\x34\xD5\x8E\x5B\x01\xF5\x6A\x07\xB7\x16\xB6\x6E\x4A\x7F\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x31\xC3\x79\x1B\xBA\xF5\x53\xD7\x17\xE0\x89\x7A\x2D\x17\x6C\x0A\xB3\x2B\x9D\x33\x30\x0F\x06\x03\x55\x1D\x13\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x05\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x94\x64\x59\xAD\x39\x64\xE7\x29\xEB\x13\xFE\x5A\xC3\x8B\x13\x57\xC8\x04\x24\xF0\x74\x77\xC0\x60\xE3\x67\xFB\xE9\x89\xA6\x83\xBF\x96\x82\x7C\x6E\xD4\xC3\x3D\xEF\x9E\x80\x6E\xBB\x29\xB4\x98\x7A\xB1\x3B\x54\xEB\x39\x17\x47\x7E\x1A\x8E\x0B\xFC\x1F\x31\x59\x31\x04\xB2\xCE\x17\xF3\x2C\xC7\x62\x36\x55\xE2\x22\xD8\x89\x55\xB4\x98\x48\xAA\x64\xFA\xD6\x1C\x36\xD8\x44\x78\x5A\x5A\x23\x3A\x57\x97\xF5\x7A\x30\x4F\xAE\x9F\x6A\x4C\x4B\x2B\x8E\xA0\x03\xE3\x3E\xE0\xA9\xD4\xD2\x7B\xD2\xB3\xA8\xE2\x72\x3C\xAD\x9E\xFF\x80\x59\xE4\x9B\x45\xB4\xF6\x3B\xB0\xCD\x39\x19\x98\x32\xE5\xEA\x21\x61\x90\xE4\x31\x21\x8E\x34\xB1\xF7\x2F\x35\x4A\x85\x10\xDA\xE7\x8A\x37\x21\xBE\x59\x63\xE0\xF2\x85\x88\x31\x53\xD4\x54\x14\x85\x70\x79\xF4\x2E\x06\x77\x27\x75\x2F\x1F\xB8\x8A\xF9\xFE\xC5\xBA\xD8\x36\xE4\x83\xEC\xE7\x65\xB7\xBF\x63\x5A\xF3\x46\xAF\x81\x94\x37\xD4\x41\x8C\xD6\x23\xD6\x1E\xCF\xF5\x68\x1B\x44\x63\xA2\x5A\xBA\xA7\x35\x59\xA1\xE5\x70\x05\x9B\x0E\x23\x57\x99\x94\x0A\x6D\xBA\x39\x63\x28\x86\x92\xF3\x18\x84\xD8\xFB\xD1\xCF\x05\x56\x64\x57",
+	["C=IL,O=ComSign,CN=ComSign Secured CA"] = "\x30\x82\x03\xAB\x30\x82\x02\x93\xA0\x03\x02\x01\x02\x02\x11\x00\xC7\x28\x47\x09\xB3\xB8\x6C\x45\x8C\x1D\xFA\x24\xF5\x36\x4E\xE9\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x3C\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x43\x6F\x6D\x53\x69\x67\x6E\x20\x53\x65\x63\x75\x72\x65\x64\x20\x43\x41\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x43\x6F\x6D\x53\x69\x67\x6E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4C\x30\x1E\x17\x0D\x30\x34\x30\x33\x32\x34\x31\x31\x33\x37\x32\x30\x5A\x17\x0D\x32\x39\x30\x33\x31\x36\x31\x35\x30\x34\x35\x36\x5A\x30\x3C\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x43\x6F\x6D\x53\x69\x67\x6E\x20\x53\x65\x63\x75\x72\x65\x64\x20\x43\x41\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x43\x6F\x6D\x53\x69\x67\x6E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4C\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC6\xB5\x68\x5F\x1D\x94\x15\xC3\xA4\x08\x55\x2D\xE3\xA0\x57\x7A\xEF\xE9\x74\x2A\xBB\xB9\x7C\x57\x49\x1A\x11\x5E\x4F\x29\x87\x0C\x48\xD6\x6A\xE7\x8F\xD4\x7E\x57\x24\xB9\x06\x89\xE4\x1C\x3C\xEA\xAC\xE3\xDA\x21\x80\x73\x21\x0A\xEF\x79\x98\x6C\x1F\x08\xFF\xA1\x50\x7D\xF2\x98\x1B\xC9\x54\x6F\x3E\xA5\x28\xEC\x21\x04\x0F\x45\xBB\x07\x3D\xA1\xC0\xFA\x2A\x98\x1D\x4E\x06\x93\xFB\xF5\x88\x3B\xAB\x5F\xCB\x16\xBF\xE6\xF3\x9E\x4A\x87\xED\x19\xEA\xC2\x9F\x43\xE4\xF1\x81\xA5\x7F\x10\x4F\x3E\xD1\x4A\x62\xAD\x53\x1B\xCB\x83\xFF\x07\x65\xA5\x92\x2D\x66\xA9\x5B\xB8\x5A\xF4\x1D\xB4\x21\x91\x4A\x17\x7B\x9E\x32\xFE\x56\x24\x39\xB2\x54\x84\x43\xF5\x84\xC2\xD8\xBC\x41\x90\xCC\x9D\xD6\x68\xDA\xE9\x82\x50\xA9\x3B\x68\xCF\xB5\x5D\x02\x94\x60\x16\xB1\x43\xD9\x43\x5D\xDD\x5D\x87\x6E\xEA\xBB\xB3\xC9\x6B\xF6\x03\x94\x09\x70\xDE\x16\x11\x7A\x2B\xE8\x76\x8F\x49\x10\x98\x77\xB9\x63\x5C\x8B\x33\x97\x75\xF6\x0B\x8C\xB2\xAB\x5B\xDE\x74\x20\x25\x3F\xE3\xF3\x11\xF9\x87\x68\x86\x35\x71\xC3\x1D\x8C\x2D\xEB\xE5\x1A\xAC\x0F\x73\xD5\x82\x59\x40\x80\xD3\x02\x03\x01\x00\x01\xA3\x81\xA7\x30\x81\xA4\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x44\x06\x03\x55\x1D\x1F\x04\x3D\x30\x3B\x30\x39\xA0\x37\xA0\x35\x86\x33\x68\x74\x74\x70\x3A\x2F\x2F\x66\x65\x64\x69\x72\x2E\x63\x6F\x6D\x73\x69\x67\x6E\x2E\x63\x6F\x2E\x69\x6C\x2F\x63\x72\x6C\x2F\x43\x6F\x6D\x53\x69\x67\x6E\x53\x65\x63\x75\x72\x65\x64\x43\x41\x2E\x63\x72\x6C\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xC1\x4B\xED\x70\xB6\xF7\x3E\x7C\x00\x3B\x00\x8F\xC7\x3E\x0E\x45\x9F\x1E\x5D\xEC\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xC1\x4B\xED\x70\xB6\xF7\x3E\x7C\x00\x3B\x00\x8F\xC7\x3E\x0E\x45\x9F\x1E\x5D\xEC\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x16\xCF\xEE\x92\x13\x50\xAB\x7B\x14\x9E\x33\xB6\x42\x20\x6A\xD4\x15\xBD\x09\xAB\xFC\x72\xE8\xEF\x47\x7A\x90\xAC\x51\xC1\x64\x4E\xE9\x88\xBD\x43\x45\x81\xE3\x66\x23\x3F\x12\x86\x4D\x19\xE4\x05\xB0\xE6\x37\xC2\x8D\xDA\x06\x28\xC9\x0F\x89\xA4\x53\xA9\x75\x3F\xB0\x96\xFB\xAB\x4C\x33\x55\xF9\x78\x26\x46\x6F\x1B\x36\x98\xFB\x42\x76\xC1\x82\xB9\x8E\xDE\xFB\x45\xF9\x63\x1B\x62\x3B\x39\x06\xCA\x77\x7A\xA8\x3C\x09\xCF\x6C\x36\x3D\x0F\x0A\x45\x4B\x69\x16\x1A\x45\x7D\x33\x03\x65\xF9\x52\x71\x90\x26\x95\xAC\x4C\x0C\xF5\x8B\x93\x3F\xCC\x75\x74\x85\x98\xBA\xFF\x62\x7A\x4D\x1F\x89\xFE\xAE\xBD\x94\x00\x99\xBF\x11\xA5\xDC\xE0\x79\xC5\x16\x0B\x7D\x02\x61\x1D\xEA\x85\xF9\x02\x15\x4F\xE7\x5A\x89\x4E\x14\x6F\xE3\x37\x4B\x85\xF5\xC1\x3C\x61\xE0\xFD\x05\x41\xB2\x92\x7F\xC3\x1D\xA0\xD0\xAE\x52\x64\x60\x6B\x18\xC6\x26\x9C\xD8\xF5\x64\xE4\x36\x1A\x62\x9F\x8A\x0F\x3E\xFF\x6D\x4E\x19\x56\x4E\x20\x91\x6C\x9F\x34\x33\x3A\x34\x57\x50\x3A\x6F\x81\x5E\x06\xC6\xF5\x3E\x7C\x4E\x8E\x2B\xCE\x65\x06\x2E\x5D\xD2\x2A\x53\x74\x5E\xD3\x6E\x27\x9E\x8F",
+	["CN=Cybertrust Global Root,O=Cybertrust\, Inc"] = "\x30\x82\x03\xA1\x30\x82\x02\x89\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x0F\x85\xAA\x2D\x48\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x3B\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x43\x79\x62\x65\x72\x74\x72\x75\x73\x74\x2C\x20\x49\x6E\x63\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x13\x16\x43\x79\x62\x65\x72\x74\x72\x75\x73\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x36\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5A\x17\x0D\x32\x31\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5A\x30\x3B\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x43\x79\x62\x65\x72\x74\x72\x75\x73\x74\x2C\x20\x49\x6E\x63\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x13\x16\x43\x79\x62\x65\x72\x74\x72\x75\x73\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xF8\xC8\xBC\xBD\x14\x50\x66\x13\xFF\xF0\xD3\x79\xEC\x23\xF2\xB7\x1A\xC7\x8E\x85\xF1\x12\x73\xA6\x19\xAA\x10\xDB\x9C\xA2\x65\x74\x5A\x77\x3E\x51\x7D\x56\xF6\xDC\x23\xB6\xD4\xED\x5F\x58\xB1\x37\x4D\xD5\x49\x0E\x6E\xF5\x6A\x87\xD6\xD2\x8C\xD2\x27\xC6\xE2\xFF\x36\x9F\x98\x65\xA0\x13\x4E\xC6\x2A\x64\x9B\xD5\x90\x12\xCF\x14\x06\xF4\x3B\xE3\xD4\x28\xBE\xE8\x0E\xF8\xAB\x4E\x48\x94\x6D\x8E\x95\x31\x10\x5C\xED\xA2\x2D\xBD\xD5\x3A\x6D\xB2\x1C\xBB\x60\xC0\x46\x4B\x01\xF5\x49\xAE\x7E\x46\x8A\xD0\x74\x8D\xA1\x0C\x02\xCE\xEE\xFC\xE7\x8F\xB8\x6B\x66\xF3\x7F\x44\x00\xBF\x66\x25\x14\x2B\xDD\x10\x30\x1D\x07\x96\x3F\x4D\xF6\x6B\xB8\x8F\xB7\x7B\x0C\xA5\x38\xEB\xDE\x47\xDB\xD5\x5D\x39\xFC\x88\xA7\xF3\xD7\x2A\x74\xF1\xE8\x5A\xA2\x3B\x9F\x50\xBA\xA6\x8C\x45\x35\xC2\x50\x65\x95\xDC\x63\x82\xEF\xDD\xBF\x77\x4D\x9C\x62\xC9\x63\x73\x16\xD0\x29\x0F\x49\xA9\x48\xF0\xB3\xAA\xB7\x6C\xC5\xA7\x30\x39\x40\x5D\xAE\xC4\xE2\x5D\x26\x53\xF0\xCE\x1C\x23\x08\x61\xA8\x94\x19\xBA\x04\x62\x40\xEC\x1F\x38\x70\x77\x12\x06\x71\xA7\x30\x18\x5D\x25\x27\xA5\x02\x03\x01\x00\x01\xA3\x81\xA5\x30\x81\xA2\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xB6\x08\x7B\x0D\x7A\xCC\xAC\x20\x4C\x86\x56\x32\x5E\xCF\xAB\x6E\x85\x2D\x70\x57\x30\x3F\x06\x03\x55\x1D\x1F\x04\x38\x30\x36\x30\x34\xA0\x32\xA0\x30\x86\x2E\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x32\x2E\x70\x75\x62\x6C\x69\x63\x2D\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x2F\x63\x72\x6C\x2F\x63\x74\x2F\x63\x74\x72\x6F\x6F\x74\x2E\x63\x72\x6C\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xB6\x08\x7B\x0D\x7A\xCC\xAC\x20\x4C\x86\x56\x32\x5E\xCF\xAB\x6E\x85\x2D\x70\x57\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x56\xEF\x0A\x23\xA0\x54\x4E\x95\x97\xC9\xF8\x89\xDA\x45\xC1\xD4\xA3\x00\x25\xF4\x1F\x13\xAB\xB7\xA3\x85\x58\x69\xC2\x30\xAD\xD8\x15\x8A\x2D\xE3\xC9\xCD\x81\x5A\xF8\x73\x23\x5A\xA7\x7C\x05\xF3\xFD\x22\x3B\x0E\xD1\x06\xC4\xDB\x36\x4C\x73\x04\x8E\xE5\xB0\x22\xE4\xC5\xF3\x2E\xA5\xD9\x23\xE3\xB8\x4E\x4A\x20\xA7\x6E\x02\x24\x9F\x22\x60\x67\x7B\x8B\x1D\x72\x09\xC5\x31\x5C\xE9\x79\x9F\x80\x47\x3D\xAD\xA1\x0B\x07\x14\x3D\x47\xFF\x03\x69\x1A\x0C\x0B\x44\xE7\x63\x25\xA7\x7F\xB2\xC9\xB8\x76\x84\xED\x23\xF6\x7D\x07\xAB\x45\x7E\xD3\xDF\xB3\xBF\xE9\x8A\xB6\xCD\xA8\xA2\x67\x2B\x52\xD5\xB7\x65\xF0\x39\x4C\x63\xA0\x91\x79\x93\x52\x0F\x54\xDD\x83\xBB\x9F\xD1\x8F\xA7\x53\x73\xC3\xCB\xFF\x30\xEC\x7C\x04\xB8\xD8\x44\x1F\x93\x5F\x71\x09\x22\xB7\x6E\x3E\xEA\x1C\x03\x4E\x9D\x1A\x20\x61\xFB\x81\x37\xEC\x5E\xFC\x0A\x45\xAB\xD7\xE7\x17\x55\xD0\xA0\xEA\x60\x9B\xA6\xF6\xE3\x8C\x5B\x29\xC2\x06\x60\x14\x9D\x2D\x97\x4C\xA9\x93\x15\x9D\x61\xC4\x01\x5F\x48\xD6\x58\xBD\x56\x31\x12\x4E\x11\xC8\x21\xE0\xB3\x11\x91\x65\xDB\xB4\xA6\x88\x38\xCE\x55",
+	["OU=ePKI Root Certification Authority,O=Chunghwa Telecom Co.\, Ltd.,C=TW"] = "\x30\x82\x05\xB0\x30\x82\x03\x98\xA0\x03\x02\x01\x02\x02\x10\x15\xC8\xBD\x65\x47\x5C\xAF\xB8\x97\x00\x5E\xE4\x06\xD2\xBC\x9D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x5E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x23\x30\x21\x06\x03\x55\x04\x0A\x0C\x1A\x43\x68\x75\x6E\x67\x68\x77\x61\x20\x54\x65\x6C\x65\x63\x6F\x6D\x20\x43\x6F\x2E\x2C\x20\x4C\x74\x64\x2E\x31\x2A\x30\x28\x06\x03\x55\x04\x0B\x0C\x21\x65\x50\x4B\x49\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x34\x31\x32\x32\x30\x30\x32\x33\x31\x32\x37\x5A\x17\x0D\x33\x34\x31\x32\x32\x30\x30\x32\x33\x31\x32\x37\x5A\x30\x5E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x23\x30\x21\x06\x03\x55\x04\x0A\x0C\x1A\x43\x68\x75\x6E\x67\x68\x77\x61\x20\x54\x65\x6C\x65\x63\x6F\x6D\x20\x43\x6F\x2E\x2C\x20\x4C\x74\x64\x2E\x31\x2A\x30\x28\x06\x03\x55\x04\x0B\x0C\x21\x65\x50\x4B\x49\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xE1\x25\x0F\xEE\x8D\xDB\x88\x33\x75\x67\xCD\xAD\x1F\x7D\x3A\x4E\x6D\x9D\xD3\x2F\x14\xF3\x63\x74\xCB\x01\x21\x6A\x37\xEA\x84\x50\x07\x4B\x26\x5B\x09\x43\x6C\x21\x9E\x6A\xC8\xD5\x03\xF5\x60\x69\x8F\xCC\xF0\x22\xE4\x1F\xE7\xF7\x6A\x22\x31\xB7\x2C\x15\xF2\xE0\xFE\x00\x6A\x43\xFF\x87\x65\xC6\xB5\x1A\xC1\xA7\x4C\x6D\x22\x70\x21\x8A\x31\xF2\x97\x74\x89\x09\x12\x26\x1C\x9E\xCA\xD9\x12\xA2\x95\x3C\xDA\xE9\x67\xBF\x08\xA0\x64\xE3\xD6\x42\xB7\x45\xEF\x97\xF4\xF6\xF5\xD7\xB5\x4A\x15\x02\x58\x7D\x98\x58\x4B\x60\xBC\xCD\xD7\x0D\x9A\x13\x33\x53\xD1\x61\xF9\x7A\xD5\xD7\x78\xB3\x9A\x33\xF7\x00\x86\xCE\x1D\x4D\x94\x38\xAF\xA8\xEC\x78\x51\x70\x8A\x5C\x10\x83\x51\x21\xF7\x11\x3D\x34\x86\x5E\xE5\x48\xCD\x97\x81\x82\x35\x4C\x19\xEC\x65\xF6\x6B\xC5\x05\xA1\xEE\x47\x13\xD6\xB3\x21\x27\x94\x10\x0A\xD9\x24\x3B\xBA\xBE\x44\x13\x46\x30\x3F\x97\x3C\xD8\xD7\xD7\x6A\xEE\x3B\x38\xE3\x2B\xD4\x97\x0E\xB9\x1B\xE7\x07\x49\x7F\x37\x2A\xF9\x77\x78\xCF\x54\xED\x5B\x46\x9D\xA3\x80\x0E\x91\x43\xC1\xD6\x5B\x5F\x14\xBA\x9F\xA6\x8D\x24\x47\x40\x59\xBF\x72\x38\xB2\x36\x6C\x37\xFF\x99\xD1\x5D\x0E\x59\x0A\xAB\x69\xF7\xC0\xB2\x04\x45\x7A\x54\x00\xAE\xBE\x53\xF6\xB5\xE7\xE1\xF8\x3C\xA3\x31\xD2\xA9\xFE\x21\x52\x64\xC5\xA6\x67\xF0\x75\x07\x06\x94\x14\x81\x55\xC6\x27\xE4\x01\x8F\x17\xC1\x6A\x71\xD7\xBE\x4B\xFB\x94\x58\x7D\x7E\x11\x33\xB1\x42\xF7\x62\x6C\x18\xD6\xCF\x09\x68\x3E\x7F\x6C\xF6\x1E\x8F\x62\xAD\xA5\x63\xDB\x09\xA7\x1F\x22\x42\x41\x1E\x6F\x99\x8A\x3E\xD7\xF9\x3F\x40\x7A\x79\xB0\xA5\x01\x92\xD2\x9D\x3D\x08\x15\xA5\x10\x01\x2D\xB3\x32\x76\xA8\x95\x0D\xB3\x7A\x9A\xFB\x07\x10\x78\x11\x6F\xE1\x8F\xC7\xBA\x0F\x25\x1A\x74\x2A\xE5\x1C\x98\x41\x99\xDF\x21\x87\xE8\x95\x06\x6A\x0A\xB3\x6A\x47\x76\x65\xF6\x3A\xCF\x8F\x62\x17\x19\x7B\x0A\x28\xCD\x1A\xD2\x83\x1E\x21\xC7\x2C\xBF\xBE\xFF\x61\x68\xB7\x67\x1B\xBB\x78\x4D\x8D\xCE\x67\xE5\xE4\xC1\x8E\xB7\x23\x66\xE2\x9D\x90\x75\x34\x98\xA9\x36\x2B\x8A\x9A\x94\xB9\x9D\xEC\xCC\x8A\xB1\xF8\x25\x89\x5C\x5A\xB6\x2F\x8C\x1F\x6D\x79\x24\xA7\x52\x68\xC3\x84\x35\xE2\x66\x8D\x63\x0E\x25\x4D\xD5\x19\xB2\xE6\x79\x37\xA7\x22\x9D\x54\x31\x02\x03\x01\x00\x01\xA3\x6A\x30\x68\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x1E\x0C\xF7\xB6\x67\xF2\xE1\x92\x26\x09\x45\xC0\x55\x39\x2E\x77\x3F\x42\x4A\xA2\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x39\x06\x04\x67\x2A\x07\x00\x04\x31\x30\x2F\x30\x2D\x02\x01\x00\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x30\x07\x06\x05\x67\x2A\x03\x00\x00\x04\x14\x45\xB0\xC2\xC7\x0A\x56\x7C\xEE\x5B\x78\x0C\x95\xF9\x18\x53\xC1\xA6\x1C\xD8\x10\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x09\xB3\x83\x53\x59\x01\x3E\x95\x49\xB9\xF1\x81\xBA\xF9\x76\x20\x23\xB5\x27\x60\x74\xD4\x6A\x99\x34\x5E\x6C\x00\x53\xD9\x9F\xF2\xA6\xB1\x24\x07\x44\x6A\x2A\xC6\xA5\x8E\x78\x12\xE8\x47\xD9\x58\x1B\x13\x2A\x5E\x79\x9B\x9F\x0A\x2A\x67\xA6\x25\x3F\x06\x69\x56\x73\xC3\x8A\x66\x48\xFB\x29\x81\x57\x74\x06\xCA\x9C\xEA\x28\xE8\x38\x67\x26\x2B\xF1\xD5\xB5\x3F\x65\x93\xF8\x36\x5D\x8E\x8D\x8D\x40\x20\x87\x19\xEA\xEF\x27\xC0\x3D\xB4\x39\x0F\x25\x7B\x68\x50\x74\x55\x9C\x0C\x59\x7D\x5A\x3D\x41\x94\x25\x52\x08\xE0\x47\x2C\x15\x31\x19\xD5\xBF\x07\x55\xC6\xBB\x12\xB5\x97\xF4\x5F\x83\x85\xBA\x71\xC1\xD9\x6C\x81\x11\x76\x0A\x0A\xB0\xBF\x82\x97\xF7\xEA\x3D\xFA\xFA\xEC\x2D\xA9\x28\x94\x3B\x56\xDD\xD2\x51\x2E\xAE\xC0\xBD\x08\x15\x8C\x77\x52\x34\x96\xD6\x9B\xAC\xD3\x1D\x8E\x61\x0F\x35\x7B\x9B\xAE\x39\x69\x0B\x62\x60\x40\x20\x36\x8F\xAF\xFB\x36\xEE\x2D\x08\x4A\x1D\xB8\xBF\x9B\x5C\xF8\xEA\xA5\x1B\xA0\x73\xA6\xD8\xF8\x6E\xE0\x33\x04\x5F\x68\xAA\x27\x87\xED\xD9\xC1\x90\x9C\xED\xBD\xE3\x6A\x35\xAF\x63\xDF\xAB\x18\xD9\xBA\xE6\xE9\x4A\xEA\x50\x8A\x0F\x61\x93\x1E\xE2\x2D\x19\xE2\x30\x94\x35\x92\x5D\x0E\xB6\x07\xAF\x19\x80\x8F\x47\x90\x51\x4B\x2E\x4D\xDD\x85\xE2\xD2\x0A\x52\x0A\x17\x9A\xFC\x1A\xB0\x50\x02\xE5\x01\xA3\x63\x37\x21\x4C\x44\xC4\x9B\x51\x99\x11\x0E\x73\x9C\x06\x8F\x54\x2E\xA7\x28\x5E\x44\x39\x87\x56\x2D\x37\xBD\x85\x44\x94\xE1\x0C\x4B\x2C\x9C\xC3\x92\x85\x34\x61\xCB\x0F\xB8\x9B\x4A\x43\x52\xFE\x34\x3A\x7D\xB8\xE9\x29\xDC\x76\xA9\xC8\x30\xF8\x14\x71\x80\xC6\x1E\x36\x48\x74\x22\x41\x5C\x87\x82\xE8\x18\x71\x8B\x41\x89\x44\xE7\x7E\x58\x5B\xA8\xB8\x8D\x13\xE9\xA7\x6C\xC3\x47\xED\xB3\x1A\x9D\x62\xAE\x8D\x82\xEA\x94\x9E\xDD\x59\x10\xC3\xAD\xDD\xE2\x4D\xE3\x31\xD5\xC7\xEC\xE8\xF2\xB0\xFE\x92\x1E\x16\x0A\x1A\xFC\xD9\xF3\xF8\x27\xB6\xC9\xBE\x1D\xB4\x6C\x64\x90\x7F\xF4\xE4\xC4\x5B\xD7\x37\xAE\x42\x0E\xDD\xA4\x1A\x6F\x7C\x88\x54\xC5\x16\x6E\xE1\x7A\x68\x2E\xF8\x3A\xBF\x0D\xA4\x3C\x89\x3B\x78\xA7\x4E\x63\x83\x04\x21\x08\x67\x8D\xF2\x82\x49\xD0\x5B\xFD\xB1\xCD\x0F\x83\x84\xD4\x3E\x20\x85\xF7\x4A\x3D\x2B\x9C\xFD\x2A\x0A\x09\x4D\xEA\x81\xF8\x11\x9C",
+	["CN=T\C3\9CB\C4\B0TAK UEKAE K\C3\B6k Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1 - S\C3\BCr\C3\BCm 3,OU=Kamu Sertifikasyon Merkezi,OU=Ulusal Elektronik ve Kriptoloji Ara\C5\9Ft\C4\B1rma Enstit\C3\BCs\C3\BC - UEKAE,O=T\C3\BCrkiye Bilimsel ve Teknolojik Ara\C5\9Ft\C4\B1rma Kurumu - T\C3\9CB\C4\B0TAK,L=Gebze - Kocaeli,C=TR"] = "\x30\x82\x05\x17\x30\x82\x03\xFF\xA0\x03\x02\x01\x02\x02\x01\x11\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x82\x01\x2B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x18\x30\x16\x06\x03\x55\x04\x07\x0C\x0F\x47\x65\x62\x7A\x65\x20\x2D\x20\x4B\x6F\x63\x61\x65\x6C\x69\x31\x47\x30\x45\x06\x03\x55\x04\x0A\x0C\x3E\x54\xC3\xBC\x72\x6B\x69\x79\x65\x20\x42\x69\x6C\x69\x6D\x73\x65\x6C\x20\x76\x65\x20\x54\x65\x6B\x6E\x6F\x6C\x6F\x6A\x69\x6B\x20\x41\x72\x61\xC5\x9F\x74\xC4\xB1\x72\x6D\x61\x20\x4B\x75\x72\x75\x6D\x75\x20\x2D\x20\x54\xC3\x9C\x42\xC4\xB0\x54\x41\x4B\x31\x48\x30\x46\x06\x03\x55\x04\x0B\x0C\x3F\x55\x6C\x75\x73\x61\x6C\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x76\x65\x20\x4B\x72\x69\x70\x74\x6F\x6C\x6F\x6A\x69\x20\x41\x72\x61\xC5\x9F\x74\xC4\xB1\x72\x6D\x61\x20\x45\x6E\x73\x74\x69\x74\xC3\xBC\x73\xC3\xBC\x20\x2D\x20\x55\x45\x4B\x41\x45\x31\x23\x30\x21\x06\x03\x55\x04\x0B\x0C\x1A\x4B\x61\x6D\x75\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x73\x79\x6F\x6E\x20\x4D\x65\x72\x6B\x65\x7A\x69\x31\x4A\x30\x48\x06\x03\x55\x04\x03\x0C\x41\x54\xC3\x9C\x42\xC4\xB0\x54\x41\x4B\x20\x55\x45\x4B\x41\x45\x20\x4B\xC3\xB6\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\xC4\x9F\x6C\x61\x79\xC4\xB1\x63\xC4\xB1\x73\xC4\xB1\x20\x2D\x20\x53\xC3\xBC\x72\xC3\xBC\x6D\x20\x33\x30\x1E\x17\x0D\x30\x37\x30\x38\x32\x34\x31\x31\x33\x37\x30\x37\x5A\x17\x0D\x31\x37\x30\x38\x32\x31\x31\x31\x33\x37\x30\x37\x5A\x30\x82\x01\x2B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x18\x30\x16\x06\x03\x55\x04\x07\x0C\x0F\x47\x65\x62\x7A\x65\x20\x2D\x20\x4B\x6F\x63\x61\x65\x6C\x69\x31\x47\x30\x45\x06\x03\x55\x04\x0A\x0C\x3E\x54\xC3\xBC\x72\x6B\x69\x79\x65\x20\x42\x69\x6C\x69\x6D\x73\x65\x6C\x20\x76\x65\x20\x54\x65\x6B\x6E\x6F\x6C\x6F\x6A\x69\x6B\x20\x41\x72\x61\xC5\x9F\x74\xC4\xB1\x72\x6D\x61\x20\x4B\x75\x72\x75\x6D\x75\x20\x2D\x20\x54\xC3\x9C\x42\xC4\xB0\x54\x41\x4B\x31\x48\x30\x46\x06\x03\x55\x04\x0B\x0C\x3F\x55\x6C\x75\x73\x61\x6C\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x76\x65\x20\x4B\x72\x69\x70\x74\x6F\x6C\x6F\x6A\x69\x20\x41\x72\x61\xC5\x9F\x74\xC4\xB1\x72\x6D\x61\x20\x45\x6E\x73\x74\x69\x74\xC3\xBC\x73\xC3\xBC\x20\x2D\x20\x55\x45\x4B\x41\x45\x31\x23\x30\x21\x06\x03\x55\x04\x0B\x0C\x1A\x4B\x61\x6D\x75\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x73\x79\x6F\x6E\x20\x4D\x65\x72\x6B\x65\x7A\x69\x31\x4A\x30\x48\x06\x03\x55\x04\x03\x0C\x41\x54\xC3\x9C\x42\xC4\xB0\x54\x41\x4B\x20\x55\x45\x4B\x41\x45\x20\x4B\xC3\xB6\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\xC4\x9F\x6C\x61\x79\xC4\xB1\x63\xC4\xB1\x73\xC4\xB1\x20\x2D\x20\x53\xC3\xBC\x72\xC3\xBC\x6D\x20\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x8A\x6D\x4B\xFF\x10\x88\x3A\xC3\xF6\x7E\x94\xE8\xEA\x20\x64\x70\xAE\x21\x81\xBE\x3A\x7B\x3C\xDB\xF1\x1D\x52\x7F\x59\xFA\xF3\x22\x4C\x95\xA0\x90\xBC\x48\x4E\x11\xAB\xFB\xB7\xB5\x8D\x7A\x83\x28\x8C\x26\x46\xD8\x4E\x95\x40\x87\x61\x9F\xC5\x9E\x6D\x81\x87\x57\x6C\x8A\x3B\xB4\x66\xEA\xCC\x40\xFC\xE3\xAA\x6C\xB2\xCB\x01\xDB\x32\xBF\xD2\xEB\x85\xCF\xA1\x0D\x55\xC3\x5B\x38\x57\x70\xB8\x75\xC6\x79\xD1\x14\x30\xED\x1B\x58\x5B\x6B\xEF\x35\xF2\xA1\x21\x4E\xC5\xCE\x7C\x99\x5F\x6C\xB9\xB8\x22\x93\x50\xA7\xCD\x4C\x70\x6A\xBE\x6A\x05\x7F\x13\x9C\x2B\x1E\xEA\xFE\x47\xCE\x04\xA5\x6F\xAC\x93\x2E\x7C\x2B\x9F\x9E\x79\x13\x91\xE8\xEA\x9E\xCA\x38\x75\x8E\x62\xB0\x95\x93\x2A\xE5\xDF\xE9\x5E\x97\x6E\x20\x5F\x5F\x84\x7A\x44\x39\x19\x40\x1C\xBA\x55\x2B\xFB\x30\xB2\x81\xEF\x84\xE3\xDC\xEC\x98\x38\x39\x03\x85\x08\xA9\x54\x03\x05\x29\xF0\xC9\x8F\x8B\xEA\x0B\x86\x65\x19\x11\xD3\xE9\x09\x23\xDE\x68\x93\x03\xC9\x36\x1C\x21\x6E\xCE\x8C\x66\xF1\x99\x30\xD8\xD7\xB3\xC3\x1D\xF8\x81\x2E\xA8\xBD\x82\x0B\x66\xFE\x82\xCB\xE1\xE0\x1A\x82\xC3\x40\x81\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xBD\x88\x87\xC9\x8F\xF6\xA4\x0A\x0B\xAA\xEB\xC5\xFE\x91\x23\x9D\xAB\x4A\x8A\x32\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x1D\x7C\xFA\x49\x8F\x34\xE9\xB7\x26\x92\x16\x9A\x05\x74\xE7\x4B\xD0\x6D\x39\x6C\xC3\x26\xF6\xCE\xB8\x31\xBC\xC4\xDF\xBC\x2A\xF8\x37\x91\x18\xDC\x04\xC8\x64\x99\x2B\x18\x6D\x80\x03\x59\xC9\xAE\xF8\x58\xD0\x3E\xED\xC3\x23\x9F\x69\x3C\x86\x38\x1C\x9E\xEF\xDA\x27\x78\xD1\x84\x37\x71\x8A\x3C\x4B\x39\xCF\x7E\x45\x06\xD6\x2D\xD8\x8A\x4D\x78\x12\xD6\xAD\xC2\xD3\xCB\xD2\xD0\x41\xF3\x26\x36\x4A\x9B\x95\x6C\x0C\xEE\xE5\xD1\x43\x27\x66\xC1\x88\xF7\x7A\xB3\x20\x6C\xEA\xB0\x69\x2B\xC7\x20\xE8\x0C\x03\xC4\x41\x05\x99\xE2\x3F\xE4\x6B\xF8\xA0\x86\x81\xC7\x84\xC6\x1F\xD5\x4B\x81\x12\xB2\x16\x21\x2C\x13\xA1\x80\xB2\x5E\x0C\x4A\x13\x9E\x20\xD8\x62\x40\xAB\x90\xEA\x64\x4A\x2F\xAC\x0D\x01\x12\x79\x45\xA8\x2F\x87\x19\x68\xC8\xE2\x85\xC7\x30\xB2\x75\xF9\x38\x3F\xB2\xC0\x93\xB4\x6B\xE2\x03\x44\xCE\x67\xA0\xDF\x89\xD6\xAD\x8C\x76\xA3\x13\xC3\x94\x61\x2B\x6B\xD9\x6C\xC1\x07\x0A\x22\x07\x85\x6C\x85\x24\x46\xA9\xBE\x3F\x8B\x78\x84\x82\x7E\x24\x0C\x9D\xFD\x81\x37\xE3\x25\xA8\xED\x36\x4E\x95\x2C\xC9\x9C\x90\xDA\xEC\xA9\x42\x3C\xAD\xB6\x02",
+	["CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO"] = "\x30\x82\x03\x53\x30\x82\x02\x3B\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x4B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x1D\x30\x1B\x06\x03\x55\x04\x03\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x41\x20\x31\x30\x1E\x17\x0D\x30\x36\x31\x30\x31\x33\x31\x30\x32\x35\x30\x39\x5A\x17\x0D\x31\x36\x31\x30\x31\x33\x31\x30\x32\x35\x30\x39\x5A\x30\x4B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x1D\x30\x1B\x06\x03\x55\x04\x03\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x41\x20\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x8B\x3C\x07\x45\xD8\xF6\xDF\xE6\xC7\xCA\xBA\x8D\x43\xC5\x47\x8D\xB0\x5A\xC1\x38\xDB\x92\x84\x1C\xAF\x13\xD4\x0F\x6F\x36\x46\x20\xC4\x2E\xCC\x71\x70\x34\xA2\x34\xD3\x37\x2E\xD8\xDD\x3A\x77\x2F\xC0\xEB\x29\xE8\x5C\xD2\xB5\xA9\x91\x34\x87\x22\x59\xFE\xCC\xDB\xE7\x99\xAF\x96\xC1\xA8\xC7\x40\xDD\xA5\x15\x8C\x6E\xC8\x7C\x97\x03\xCB\xE6\x20\xF2\xD7\x97\x5F\x31\xA1\x2F\x37\xD2\xBE\xEE\xBE\xA9\xAD\xA8\x4C\x9E\x21\x66\x43\x3B\xA8\xBC\xF3\x09\xA3\x38\xD5\x59\x24\xC1\xC2\x47\x76\xB1\x88\x5C\x82\x3B\xBB\x2B\xA6\x04\xD7\x8C\x07\x8F\xCD\xD5\x41\x1D\xF0\xAE\xB8\x29\x2C\x94\x52\x60\x34\x94\x3B\xDA\xE0\x38\xD1\x9D\x33\x3E\x15\xF4\x93\x32\xC5\x00\xDA\xB5\x29\x66\x0E\x3A\x78\x0F\x21\x52\x5F\x02\xE5\x92\x7B\x25\xD3\x92\x1E\x2F\x15\x9D\x81\xE4\x9D\x8E\xE8\xEF\x89\xCE\x14\x4C\x54\x1D\x1C\x81\x12\x4D\x70\xA8\xBE\x10\x05\x17\x7E\x1F\xD1\xB8\x57\x55\xED\xCD\xBB\x52\xC2\xB0\x1E\x78\xC2\x4D\x36\x68\xCB\x56\x26\xC1\x52\xC1\xBD\x76\xF7\x58\xD5\x72\x7E\x1F\x44\x76\xBB\x00\x89\x1D\x16\x9D\x51\x35\xEF\x4D\xC2\x56\xEF\x6B\xE0\x8C\x3B\x0D\xE9\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x3F\x8D\x9A\x59\x8B\xFC\x7B\x7B\x9C\xA3\xAF\x38\xB0\x39\xED\x90\x71\x80\xD6\xC8\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x15\x1A\x7E\x13\x8A\xB9\xE8\x07\xA3\x4B\x27\x32\xB2\x40\x91\xF2\x21\xD1\x64\x85\xBE\x63\x6A\xD2\xCF\x81\xC2\x15\xD5\x7A\x7E\x0C\x29\xAC\x37\x1E\x1C\x7C\x76\x52\x95\xDA\xB5\x7F\x23\xA1\x29\x77\x65\xC9\x32\x9D\xA8\x2E\x56\xAB\x60\x76\xCE\x16\xB4\x8D\x7F\x78\xC0\xD5\x99\x51\x83\x7F\x5E\xD9\xBE\x0C\xA8\x50\xED\x22\xC7\xAD\x05\x4C\x76\xFB\xED\xEE\x1E\x47\x64\xF6\xF7\x27\x7D\x5C\x28\x0F\x45\xC5\x5C\x62\x5E\xA6\x9A\x91\x91\xB7\x53\x17\x2E\xDC\xAD\x60\x9D\x96\x64\x39\xBD\x67\x68\xB2\xAE\x05\xCB\x4D\xE7\x5F\x1F\x57\x86\xD5\x20\x9C\x28\xFB\x6F\x13\x38\xF5\xF6\x11\x92\xF6\x7D\x99\x5E\x1F\x0C\xE8\xAB\x44\x24\x29\x72\x40\x3D\x36\x52\xAF\x8C\x58\x90\x73\xC1\xEC\x61\x2C\x79\xA1\xEC\x87\xB5\x3F\xDA\x4D\xD9\x21\x00\x30\xDE\x90\xDA\x0E\xD3\x1A\x48\xA9\x3E\x85\x0B\x14\x8B\x8C\xBC\x41\x9E\x6A\xF7\x0E\x70\xC0\x35\xF7\x39\xA2\x5D\x66\xD0\x7B\x59\x9F\xA8\x47\x12\x9A\x27\x23\xA4\x2D\x8E\x27\x83\x92\x20\xA1\xD7\x15\x7F\xF1\x2E\x18\xEE\xF4\x48\x7F\x2F\x7F\xF1\xA1\x18\xB5\xA1\x0B\x94\xA0\x62\x20\x32\x9C\x1D\xF6\xD4\xEF\xBF\x4C\x88\x68",
+	["CN=Buypass Class 3 CA 1,O=Buypass AS-983163327,C=NO"] = "\x30\x82\x03\x53\x30\x82\x02\x3B\xA0\x03\x02\x01\x02\x02\x01\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x4B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x1D\x30\x1B\x06\x03\x55\x04\x03\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x20\x31\x30\x1E\x17\x0D\x30\x35\x30\x35\x30\x39\x31\x34\x31\x33\x30\x33\x5A\x17\x0D\x31\x35\x30\x35\x30\x39\x31\x34\x31\x33\x30\x33\x5A\x30\x4B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x1D\x30\x1B\x06\x03\x55\x04\x03\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x20\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA4\x8E\xD7\x74\xD9\x29\x64\xDE\x5F\x1F\x87\x80\x91\xEA\x4E\x39\xE6\x19\xC6\x44\x0B\x80\xD5\x0B\xAF\x53\x07\x8B\x12\xBD\xE6\x67\xF0\x02\xB1\x89\xF6\x60\x8A\xC4\x5B\xB0\x42\xD1\xC0\x21\xA8\xCB\xE1\x9B\xEF\x64\x51\xB6\xA7\xCF\x15\xF5\x74\x80\x68\x04\x90\xA0\x58\xA2\xE6\x74\xA6\x53\x53\x55\x48\x63\x3F\x92\x56\xDD\x24\x4E\x8E\xF8\xBA\x2B\xFF\xF3\x34\x8A\x9E\x28\xD7\x34\x9F\xAC\x2F\xD6\x0F\xF1\xA4\x2F\xBD\x52\xB2\x49\x85\x6D\x39\x35\xF0\x44\x30\x93\x46\x24\xF3\xB6\xE7\x53\xFB\xBC\x61\xAF\xA9\xA3\x14\xFB\xC2\x17\x17\x84\x6C\xE0\x7C\x88\xF8\xC9\x1C\x57\x2C\xF0\x3D\x7E\x94\xBC\x25\x93\x84\xE8\x9A\x00\x9A\x45\x05\x42\x57\x80\xF4\x4E\xCE\xD9\xAE\x39\xF6\xC8\x53\x10\x0C\x65\x3A\x47\x7B\x60\xC2\xD6\xFA\x91\xC9\xC6\x71\x6C\xBD\x91\x87\x3C\x91\x86\x49\xAB\xF3\x0F\xA0\x6C\x26\x76\x5E\x1C\xAC\x9B\x71\xE5\x8D\xBC\x9B\x21\x1E\x9C\xD6\x38\x7E\x24\x80\x15\x31\x82\x96\xB1\x49\xD3\x62\x37\x5B\x88\x0C\x0A\x62\x34\xFE\xA7\x48\x7E\x99\xB1\x30\x8B\x90\x37\x95\x1C\xA8\x1F\xA5\x2C\x8D\xF4\x55\xC8\xDB\xDD\x59\x0A\xC2\xAD\x78\xA0\xF4\x8B\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x38\x14\xE6\xC8\xF0\xA9\xA4\x03\xF4\x4E\x3E\x22\xA3\x5B\xF2\xD6\xE0\xAD\x40\x74\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x01\x67\xA3\x8C\xC9\x25\x3D\x13\x63\x5D\x16\x6F\xEC\xA1\x3E\x09\x5C\x91\x15\x2A\x2A\xD9\x80\x21\x4F\x05\xDC\xBB\xA5\x89\xAB\x13\x33\x2A\x9E\x38\xB7\x8C\x6F\x02\x72\x63\xC7\x73\x77\x1E\x09\x06\xBA\x3B\x28\x7B\xA4\x47\xC9\x61\x6B\x08\x08\x20\xFC\x8A\x05\x8A\x1F\xBC\xBA\xC6\xC2\xFE\xCF\x6E\xEC\x13\x33\x71\x67\x2E\x69\xFA\xA9\x2C\x3F\x66\xC0\x12\x59\x4D\x0B\x54\x02\x92\x84\xBB\xDB\x12\xEF\x83\x70\x70\x78\xC8\x53\xFA\xDF\xC6\xC6\xFF\xDC\x88\x2F\x07\xC0\x49\x9D\x32\x57\x60\xD3\xF2\xF6\x99\x29\x5F\xE7\xAA\x01\xCC\xAC\x33\xA8\x1C\x0A\xBB\x91\xC4\x03\xA0\x6F\xB6\x34\xF9\x86\xD3\xB3\x76\x54\x98\xF4\x4A\x81\xB3\x53\x9D\x4D\x40\xEC\xE5\x77\x13\x45\xAF\x5B\xAA\x1F\xD8\x2F\x4C\x82\x7B\xFE\x2A\xC4\x58\xBB\x4F\xFC\x9E\xFD\x03\x65\x1A\x2A\x0E\xC3\xA5\x20\x16\x94\x6B\x79\xA6\xA2\x12\xB4\xBB\x1A\xA4\x23\x7A\x5F\xF0\xAE\x84\x24\xE4\xF3\x2B\xFB\x8A\x24\xA3\x27\x98\x65\xDA\x30\x75\x76\xFC\x19\x91\xE8\xDB\xEB\x9B\x3F\x32\xBF\x40\x97\x07\x26\xBA\xCC\xF3\x94\x85\x4A\x7A\x27\x93\xCF\x90\x42\xD4\xB8\x5B\x16\xA6\xE7\xCB\x40\x03\xDD\x79",
+	["C=TR,O=EBG Bili\C5\9Fim Teknolojileri ve Hizmetleri A.\C5\9E.,CN=EBG Elektronik Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1"] = "\x30\x82\x05\xE7\x30\x82\x03\xCF\xA0\x03\x02\x01\x02\x02\x08\x4C\xAF\x73\x42\x1C\x8E\x74\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x80\x31\x38\x30\x36\x06\x03\x55\x04\x03\x0C\x2F\x45\x42\x47\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\xC4\x9F\x6C\x61\x79\xC4\xB1\x63\xC4\xB1\x73\xC4\xB1\x31\x37\x30\x35\x06\x03\x55\x04\x0A\x0C\x2E\x45\x42\x47\x20\x42\x69\x6C\x69\xC5\x9F\x69\x6D\x20\x54\x65\x6B\x6E\x6F\x6C\x6F\x6A\x69\x6C\x65\x72\x69\x20\x76\x65\x20\x48\x69\x7A\x6D\x65\x74\x6C\x65\x72\x69\x20\x41\x2E\xC5\x9E\x2E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x30\x1E\x17\x0D\x30\x36\x30\x38\x31\x37\x30\x30\x32\x31\x30\x39\x5A\x17\x0D\x31\x36\x30\x38\x31\x34\x30\x30\x33\x31\x30\x39\x5A\x30\x81\x80\x31\x38\x30\x36\x06\x03\x55\x04\x03\x0C\x2F\x45\x42\x47\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\xC4\x9F\x6C\x61\x79\xC4\xB1\x63\xC4\xB1\x73\xC4\xB1\x31\x37\x30\x35\x06\x03\x55\x04\x0A\x0C\x2E\x45\x42\x47\x20\x42\x69\x6C\x69\xC5\x9F\x69\x6D\x20\x54\x65\x6B\x6E\x6F\x6C\x6F\x6A\x69\x6C\x65\x72\x69\x20\x76\x65\x20\x48\x69\x7A\x6D\x65\x74\x6C\x65\x72\x69\x20\x41\x2E\xC5\x9E\x2E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xEE\xA0\x84\x61\xD0\x3A\x6A\x66\x10\x32\xD8\x31\x38\x7F\xA7\xA7\xE5\xFD\xA1\xE1\xFB\x97\x77\xB8\x71\x96\xE8\x13\x96\x46\x83\x4F\xB6\xF2\x5F\x72\x56\x6E\x13\x60\xA5\x01\x91\xE2\x5B\xC5\xCD\x57\x1F\x77\x63\x51\xFF\x2F\x3D\xDB\xB9\x3F\xAA\xA9\x35\xE7\x79\xD0\xF5\xD0\x24\xB6\x21\xEA\xEB\x23\x94\xFE\x29\xBF\xFB\x89\x91\x0C\x64\x9A\x05\x4A\x2B\xCC\x0C\xEE\xF1\x3D\x9B\x82\x69\xA4\x4C\xF8\x9A\x6F\xE7\x22\xDA\x10\xBA\x5F\x92\xFC\x18\x27\x0A\xA8\xAA\x44\xFA\x2E\x2C\xB4\xFB\x46\x9A\x08\x03\x83\x72\xAB\x88\xE4\x6A\x72\xC9\xE5\x65\x1F\x6E\x2A\x0F\x9D\xB3\xE8\x3B\xE4\x0C\x6E\x7A\xDA\x57\xFD\xD7\xEB\x79\x8B\x5E\x20\x06\xD3\x76\x0B\x6C\x02\x95\xA3\x96\xE4\xCB\x76\x51\xD1\x28\x9D\xA1\x1A\xFC\x44\xA2\x4D\xCC\x7A\x76\xA8\x0D\x3D\xBF\x17\x4F\x22\x88\x50\xFD\xAE\xB6\xEC\x90\x50\x4A\x5B\x9F\x95\x41\xAA\xCA\x0F\xB2\x4A\xFE\x80\x99\x4E\xA3\x46\x15\xAB\xF8\x73\x42\x6A\xC2\x66\x76\xB1\x0A\x26\x15\xDD\x93\x92\xEC\xDB\xA9\x5F\x54\x22\x52\x91\x70\x5D\x13\xEA\x48\xEC\x6E\x03\x6C\xD9\xDD\x6C\xFC\xEB\x0D\x03\xFF\xA6\x83\x12\x9B\xF1\xA9\x93\x0F\xC5\x26\x4C\x31\xB2\x63\x99\x61\x72\xE7\x2A\x64\x99\xD2\xB8\xE9\x75\xE2\x7C\xA9\xA9\x9A\x1A\xAA\xC3\x56\xDB\x10\x9A\x3C\x83\x52\xB6\x7B\x96\xB7\xAC\x87\x77\xA8\xB9\xF2\x67\x0B\x94\x43\xB3\xAF\x3E\x73\xFA\x42\x36\xB1\x25\xC5\x0A\x31\x26\x37\x56\x67\xBA\xA3\x0B\x7D\xD6\xF7\x89\xCD\x67\xA1\xB7\x3A\x1E\x66\x4F\xF6\xA0\x55\x14\x25\x4C\x2C\x33\x0D\xA6\x41\x8C\xBD\x04\x31\x6A\x10\x72\x0A\x9D\x0E\x2E\x76\xBD\x5E\xF3\x51\x89\x8B\xA8\x3F\x55\x73\xBF\xDB\x3A\xC6\x24\x05\x96\x92\x48\xAA\x4B\x8D\x2A\x03\xE5\x57\x91\x10\xF4\x6A\x28\x15\x6E\x47\x77\x84\x5C\x51\x74\x9F\x19\xE9\xE6\x1E\x63\x16\x39\xE3\x11\x15\xE3\x58\x1A\x44\xBD\xCB\xC4\x6C\x66\xD7\x84\x06\xDF\x30\xF4\x37\xA2\x43\x22\x79\xD2\x10\x6C\xDF\xBB\xE6\x13\x11\xFC\x9D\x84\x0A\x13\x7B\xF0\x3B\xD0\xFC\xA3\x0A\xD7\x89\xEA\x96\x7E\x8D\x48\x85\x1E\x64\x5F\xDB\x54\xA2\xAC\xD5\x7A\x02\x79\x6B\xD2\x8A\xF0\x67\xDA\x65\x72\x0D\x14\x70\xE4\xE9\x8E\x78\x8F\x32\x74\x7C\x57\xF2\xD6\xD6\xF4\x36\x89\x1B\xF8\x29\x6C\x8B\xB9\xF6\x97\xD1\xA4\x2E\xAA\xBE\x0B\x19\xC2\x45\xE9\x70\x5D\x02\x03\x00\x9D\xD9\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE7\xCE\xC6\x4F\xFC\x16\x67\x96\xFA\x4A\xA3\x07\xC1\x04\xA7\xCB\x6A\xDE\xDA\x47\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xE7\xCE\xC6\x4F\xFC\x16\x67\x96\xFA\x4A\xA3\x07\xC1\x04\xA7\xCB\x6A\xDE\xDA\x47\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x9B\x98\x9A\x5D\xBE\xF3\x28\x23\x76\xC6\x6C\xF7\x7F\xE6\x40\x9E\xC0\x36\xDC\x95\x0D\x1D\xAD\x15\xC5\x36\xD8\xD5\x39\xEF\xF2\x1E\x22\x5E\xB3\x82\xB4\x5D\xBB\x4C\x1A\xCA\x92\x0D\xDF\x47\x24\x1E\xB3\x24\xDA\x91\x88\xE9\x83\x70\xDD\x93\xD7\xE9\xBA\xB3\xDF\x16\x5A\x3E\xDE\xE0\xC8\xFB\xD3\xFD\x6C\x29\xF8\x15\x46\xA0\x68\x26\xCC\x93\x52\xAE\x82\x01\x93\x90\xCA\x77\xCA\x4D\x49\xEF\xE2\x5A\xD9\x2A\xBD\x30\xCE\x4C\xB2\x81\xB6\x30\xCE\x59\x4F\xDA\x59\x1D\x6A\x7A\xA4\x45\xB0\x82\x26\x81\x86\x76\xF5\xF5\x10\x00\xB8\xEE\xB3\x09\xE8\x4F\x87\x02\x07\xAE\x24\x5C\xF0\x5F\xAC\x0A\x30\xCC\x8A\x40\xA0\x73\x04\xC1\xFB\x89\x24\xF6\x9A\x1C\x5C\xB7\x3C\x0A\x67\x36\x05\x08\x31\xB3\xAF\xD8\x01\x68\x2A\xE0\x78\x8F\x74\xDE\xB8\x51\xA4\x8C\x6C\x20\x3D\xA2\xFB\xB3\xD4\x09\xFD\x7B\xC2\x80\xAA\x93\x6C\x29\x98\x21\xA8\xBB\x16\xF3\xA9\x12\x5F\x74\xB5\x87\x98\xF2\x95\x26\xDF\x34\xEF\x8A\x53\x91\x88\x5D\x1A\x94\xA3\x3F\x7C\x22\xF8\xD7\x88\xBA\xA6\x8C\x96\xA8\x3D\x52\x34\x62\x9F\x00\x1E\x54\x55\x42\x67\xC6\x4D\x46\x8F\xBB\x14\x45\x3D\x0A\x96\x16\x8E\x10\xA1\x97\x99\xD5\xD3\x30\x85\xCC\xDE\xB4\x72\xB7\xBC\x8A\x3C\x18\x29\x68\xFD\xDC\x71\x07\xEE\x24\x39\x6A\xFA\xED\xA5\xAC\x38\x2F\xF9\x1E\x10\x0E\x06\x71\x1A\x10\x4C\xFE\x75\x7E\xFF\x1E\x57\x39\x42\xCA\xD7\xE1\x15\xA1\x56\x55\x59\x1B\xD1\xA3\xAF\x11\xD8\x4E\xC3\xA5\x2B\xEF\x90\xBF\xC0\xEC\x82\x13\x5B\x8D\xD6\x72\x2C\x93\x4E\x8F\x6A\x29\xDF\x85\x3C\xD3\x0D\xE0\xA2\x18\x12\xCC\x55\x2F\x47\xB7\xA7\x9B\x02\xFE\x41\xF6\x88\x4C\x6D\xDA\xA9\x01\x47\x83\x64\x27\x62\x10\x82\xD6\x12\x7B\x5E\x03\x1F\x34\xA9\xC9\x91\xFE\xAF\x5D\x6D\x86\x27\xB7\x23\xAA\x75\x18\xCA\x20\xE7\xB0\x0F\xD7\x89\x0E\xA6\x67\x22\x63\xF4\x83\x41\x2B\x06\x4B\xBB\x58\xD5\xD1\xD7\xB7\xB9\x10\x63\xD8\x89\x4A\xB4\xAA\xDD\x16\x63\xF5\x6E\xBE\x60\xA1\xF8\xED\xE8\xD6\x90\x4F\x1A\xC6\xC5\xA0\x29\xD3\xA7\x21\xA8\xF5\x5A\x3C\xF7\xC7\x49\xA2\x21\x9A\x4A\x95\x52\x20\x96\x72\x9A\x66\xCB\xF7\xD2\x86\x43\x7C\x22\xBE\x96\xF9\xBD\x01\xA8\x47\xDD\xE5\x3B\x40\xF9\x75\x2B\x9B\x2B\x46\x64\x86\x8D\x1E\xF4\x8F\xFB\x07\x77\xD0\xEA\x49\xA2\x1C\x8D\x52\x14\xA6\x0A\x93",
+	["OU=certSIGN ROOT CA,O=certSIGN,C=RO"] = "\x30\x82\x03\x38\x30\x82\x02\x20\xA0\x03\x02\x01\x02\x02\x06\x20\x06\x05\x16\x70\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x3B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x52\x4F\x31\x11\x30\x0F\x06\x03\x55\x04\x0A\x13\x08\x63\x65\x72\x74\x53\x49\x47\x4E\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x63\x65\x72\x74\x53\x49\x47\x4E\x20\x52\x4F\x4F\x54\x20\x43\x41\x30\x1E\x17\x0D\x30\x36\x30\x37\x30\x34\x31\x37\x32\x30\x30\x34\x5A\x17\x0D\x33\x31\x30\x37\x30\x34\x31\x37\x32\x30\x30\x34\x5A\x30\x3B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x52\x4F\x31\x11\x30\x0F\x06\x03\x55\x04\x0A\x13\x08\x63\x65\x72\x74\x53\x49\x47\x4E\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x13\x10\x63\x65\x72\x74\x53\x49\x47\x4E\x20\x52\x4F\x4F\x54\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB7\x33\xB9\x7E\xC8\x25\x4A\x8E\xB5\xDB\xB4\x28\x1B\xAA\x57\x90\xE8\xD1\x22\xD3\x64\xBA\xD3\x93\xE8\xD4\xAC\x86\x61\x40\x6A\x60\x57\x68\x54\x84\x4D\xBC\x6A\x54\x02\x05\xFF\xDF\x9B\x9A\x2A\xAE\x5D\x07\x8F\x4A\xC3\x28\x7F\xEF\xFB\x2B\xFA\x79\xF1\xC7\xAD\xF0\x10\x53\x24\x90\x8B\x66\xC9\xA8\x88\xAB\xAF\x5A\xA3\x00\xE9\xBE\xBA\x46\xEE\x5B\x73\x7B\x2C\x17\x82\x81\x5E\x62\x2C\xA1\x02\x65\xB3\xBD\xC5\x2B\x00\x7E\xC4\xFC\x03\x33\x57\x0D\xED\xE2\xFA\xCE\x5D\x45\xD6\x38\xCD\x35\xB6\xB2\xC1\xD0\x9C\x81\x4A\xAA\xE4\xB2\x01\x5C\x1D\x8F\x5F\x99\xC4\xB1\xAD\xDB\x88\x21\xEB\x90\x08\x82\x80\xF3\x30\xA3\x43\xE6\x90\x82\xAE\x55\x28\x49\xED\x5B\xD7\xA9\x10\x38\x0E\xFE\x8F\x4C\x5B\x9B\x46\xEA\x41\xF5\xB0\x08\x74\xC3\xD0\x88\x33\xB6\x7C\xD7\x74\xDF\xDC\x84\xD1\x43\x0E\x75\x39\xA1\x25\x40\x28\xEA\x78\xCB\x0E\x2C\x2E\x39\x9D\x8C\x8B\x6E\x16\x1C\x2F\x26\x82\x10\xE2\xE3\x65\x94\x0A\x04\xC0\x5E\xF7\x5D\x5B\xF8\x10\xE2\xD0\xBA\x7A\x4B\xFB\xDE\x37\x00\x00\x1A\x5B\x28\xE3\xD2\x9C\x73\x3E\x32\x87\x98\xA1\xC9\x51\x2F\xD7\xDE\xAC\x33\xB3\x4F\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\xC6\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE0\x8C\x9B\xDB\x25\x49\xB3\xF1\x7C\x86\xD6\xB2\x42\x87\x0B\xD0\x6B\xA0\xD9\xE4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3E\xD2\x1C\x89\x2E\x35\xFC\xF8\x75\xDD\xE6\x7F\x65\x88\xF4\x72\x4C\xC9\x2C\xD7\x32\x4E\xF3\xDD\x19\x79\x47\xBD\x8E\x3B\x5B\x93\x0F\x50\x49\x24\x13\x6B\x14\x06\x72\xEF\x09\xD3\xA1\xA1\xE3\x40\x84\xC9\xE7\x18\x32\x74\x3C\x48\x6E\x0F\x9F\x4B\xD4\xF7\x1E\xD3\x93\x86\x64\x54\x97\x63\x72\x50\xD5\x55\xCF\xFA\x20\x93\x02\xA2\x9B\xC3\x23\x93\x4E\x16\x55\x76\xA0\x70\x79\x6D\xCD\x21\x1F\xCF\x2F\x2D\xBC\x19\xE3\x88\x31\xF8\x59\x1A\x81\x09\xC8\x97\xA6\x74\xC7\x60\xC4\x5B\xCC\x57\x8E\xB2\x75\xFD\x1B\x02\x09\xDB\x59\x6F\x72\x93\x69\xF7\x31\x41\xD6\x88\x38\xBF\x87\xB2\xBD\x16\x79\xF9\xAA\xE4\xBE\x88\x25\xDD\x61\x27\x23\x1C\xB5\x31\x07\x04\x36\xB4\x1A\x90\xBD\xA0\x74\x71\x50\x89\x6D\xBC\x14\xE3\x0F\x86\xAE\xF1\xAB\x3E\xC7\xA0\x09\xCC\xA3\x48\xD1\xE0\xDB\x64\xE7\x92\xB5\xCF\xAF\x72\x43\x70\x8B\xF9\xC3\x84\x3C\x13\xAA\x7E\x92\x9B\x57\x53\x93\xFA\x70\xC2\x91\x0E\x31\xF9\x9B\x67\x5D\xE9\x96\x38\x5E\x5F\xB3\x73\x4E\x88\x15\x67\xDE\x9E\x76\x10\x62\x20\xBE\x55\x69\x95\x43\x00\x39\x4D\xF6\xEE\xB0\x5A\x4E\x49\x44\x54\x58\x5F\x42\x83",
+	["CN=CNNIC ROOT,O=CNNIC,C=CN"] = "\x30\x82\x03\x55\x30\x82\x02\x3D\xA0\x03\x02\x01\x02\x02\x04\x49\x33\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x32\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x0E\x30\x0C\x06\x03\x55\x04\x0A\x13\x05\x43\x4E\x4E\x49\x43\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x43\x4E\x4E\x49\x43\x20\x52\x4F\x4F\x54\x30\x1E\x17\x0D\x30\x37\x30\x34\x31\x36\x30\x37\x30\x39\x31\x34\x5A\x17\x0D\x32\x37\x30\x34\x31\x36\x30\x37\x30\x39\x31\x34\x5A\x30\x32\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x0E\x30\x0C\x06\x03\x55\x04\x0A\x13\x05\x43\x4E\x4E\x49\x43\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x43\x4E\x4E\x49\x43\x20\x52\x4F\x4F\x54\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xD3\x35\xF7\x3F\x73\x77\xAD\xE8\x5B\x73\x17\xC2\xD1\x6F\xED\x55\xBC\x6E\xEA\xE8\xA4\x79\xB2\x6C\xC3\xA3\xEF\xE1\x9F\xB1\x3B\x48\x85\xF5\x9A\x5C\x21\x22\x10\x2C\xC5\x82\xCE\xDA\xE3\x9A\x6E\x37\xE1\x87\x2C\xDC\xB9\x0C\x5A\xBA\x88\x55\xDF\xFD\xAA\xDB\x1F\x31\xEA\x01\xF1\xDF\x39\x01\xC1\x13\xFD\x48\x52\x21\xC4\x55\xDF\xDA\xD8\xB3\x54\x76\xBA\x74\xB1\xB7\x7D\xD7\xC0\xE8\xF6\x59\xC5\x4D\xC8\xBD\xAD\x1F\x14\xDA\xDF\x58\x44\x25\x32\x19\x2A\xC7\x7E\x7E\x8E\xAE\x38\xB0\x30\x7B\x47\x72\x09\x31\xF0\x30\xDB\xC3\x1B\x76\x29\xBB\x69\x76\x4E\x57\xF9\x1B\x64\xA2\x93\x56\xB7\x6F\x99\x6E\xDB\x0A\x04\x9C\x11\xE3\x80\x1F\xCB\x63\x94\x10\x0A\xA9\xE1\x64\x82\x31\xF9\x8C\x27\xED\xA6\x99\x00\xF6\x70\x93\x18\xF8\xA1\x34\x86\xA3\xDD\x7A\xC2\x18\x79\xF6\x7A\x65\x35\xCF\x90\xEB\xBD\x33\x93\x9F\x53\xAB\x73\x3B\xE6\x9B\x34\x20\x2F\x1D\xEF\xA9\x1D\x63\x1A\xA0\x80\xDB\x03\x2F\xF9\x26\x1A\x86\xD2\x8D\xBB\xA9\xBE\x52\x3A\x87\x67\x48\x0D\xBF\xB4\xA0\xD8\x26\xBE\x23\x5F\x73\x37\x7F\x26\xE6\x92\x04\xA3\x7F\xCF\x20\xA7\xB7\xF3\x3A\xCA\xCB\x99\xCB\x02\x03\x01\x00\x01\xA3\x73\x30\x71\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x65\xF2\x31\xAD\x2A\xF7\xF7\xDD\x52\x96\x0A\xC7\x02\xC1\x0E\xEF\xA6\xD5\x3B\x11\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\xFE\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x65\xF2\x31\xAD\x2A\xF7\xF7\xDD\x52\x96\x0A\xC7\x02\xC1\x0E\xEF\xA6\xD5\x3B\x11\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4B\x35\xEE\xCC\xE4\xAE\xBF\xC3\x6E\xAD\x9F\x95\x3B\x4B\x3F\x5B\x1E\xDF\x57\x29\xA2\x59\xCA\x38\xE2\xB9\x1A\xFF\x9E\xE6\x6E\x32\xDD\x1E\xAE\xEA\x35\xB7\xF5\x93\x91\x4E\xDA\x42\xE1\xC3\x17\x60\x50\xF2\xD1\x5C\x26\xB9\x82\xB7\xEA\x6D\xE4\x9C\x84\xE7\x03\x79\x17\xAF\x98\x3D\x94\xDB\xC7\xBA\x00\xE7\xB8\xBF\x01\x57\xC1\x77\x45\x32\x0C\x3B\xF1\xB4\x1C\x08\xB0\xFD\x51\xA0\xA1\xDD\x9A\x1D\x13\x36\x9A\x6D\xB7\xC7\x3C\xB9\xE1\xC5\xD9\x17\xFA\x83\xD5\x3D\x15\xA0\x3C\xBB\x1E\x0B\xE2\xC8\x90\x3F\xA8\x86\x0C\xFC\xF9\x8B\x5E\x85\xCB\x4F\x5B\x4B\x62\x11\x47\xC5\x45\x7C\x05\x2F\x41\xB1\x9E\x10\x69\x1B\x99\x96\xE0\x55\x79\xFB\x4E\x86\x99\xB8\x94\xDA\x86\x38\x6A\x93\xA3\xE7\xCB\x6E\xE5\xDF\xEA\x21\x55\x89\x9C\x7D\x7D\x7F\x98\xF5\x00\x89\xEE\xE3\x84\xC0\x5C\x96\xB5\xC5\x46\xEA\x46\xE0\x85\x55\xB6\x1B\xC9\x12\xD6\xC1\xCD\xCD\x80\xF3\x02\x01\x3C\xC8\x69\xCB\x45\x48\x63\xD8\x94\xD0\xEC\x85\x0E\x3B\x4E\x11\x65\xF4\x82\x8C\xA6\x3D\xAE\x2E\x22\x94\x09\xC8\x5C\xEA\x3C\x81\x5D\x16\x2A\x03\x97\x16\x55\x09\xDB\x8A\x41\x82\x9E\x66\x9B\x11",
+	["OU=ApplicationCA,O=Japanese Government,C=JP"] = "\x30\x82\x03\xA0\x30\x82\x02\x88\xA0\x03\x02\x01\x02\x02\x01\x31\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x43\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x4A\x61\x70\x61\x6E\x65\x73\x65\x20\x47\x6F\x76\x65\x72\x6E\x6D\x65\x6E\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0B\x13\x0D\x41\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x43\x41\x30\x1E\x17\x0D\x30\x37\x31\x32\x31\x32\x31\x35\x30\x30\x30\x30\x5A\x17\x0D\x31\x37\x31\x32\x31\x32\x31\x35\x30\x30\x30\x30\x5A\x30\x43\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x4A\x61\x70\x61\x6E\x65\x73\x65\x20\x47\x6F\x76\x65\x72\x6E\x6D\x65\x6E\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0B\x13\x0D\x41\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA7\x6D\xE0\x74\x4E\x87\x8F\xA5\x06\xDE\x68\xA2\xDB\x86\x99\x4B\x64\x0D\x71\xF0\x0A\x05\x9B\x8E\xAA\xE1\xCC\x2E\xD2\x6A\x3B\xC1\x7A\xB4\x97\x61\x8D\x8A\xBE\xC6\x9A\x9C\x06\xB4\x86\x51\xE4\x37\x0E\x74\x78\x7E\x5F\x8A\x7F\x94\xA4\xD7\x47\x08\xFD\x50\x5A\x56\xE4\x68\xAC\x28\x73\xA0\x7B\xE9\x7F\x18\x92\x40\x4F\x2D\x9D\xF5\xAE\x44\x48\x73\x36\x06\x9E\x64\x2C\x3B\x34\x23\xDB\x5C\x26\xE4\x71\x79\x8F\xD4\x6E\x79\x22\xB9\x93\xC1\xCA\xCD\xC1\x56\xED\x88\x6A\xD7\xA0\x39\x21\x04\x57\x2C\xA2\xF5\xBC\x47\x41\x4F\x5E\x34\x22\x95\xB5\x1F\x29\x6D\x5E\x4A\xF3\x4D\x72\xBE\x41\x56\x20\x87\xFC\xE9\x50\x47\xD7\x30\x14\xEE\x5C\x8C\x55\xBA\x59\x8D\x87\xFC\x23\xDE\x93\xD0\x04\x8C\xFD\xEF\x6D\xBD\xD0\x7A\xC9\xA5\x3A\x6A\x72\x33\xC6\x4A\x0D\x05\x17\x2A\x2D\x7B\xB1\xA7\xD8\xD6\xF0\xBE\xF4\x3F\xEA\x0E\x28\x6D\x41\x61\x23\x76\x78\xC3\xB8\x65\xA4\xF3\x5A\xAE\xCC\xC2\xAA\xD9\xE7\x58\xDE\xB6\x7E\x9D\x85\x6E\x9F\x2A\x0A\x6F\x9F\x03\x29\x30\x97\x28\x1D\xBC\xB7\xCF\x54\x29\x4E\x51\x31\xF9\x27\xB6\x28\x26\xFE\xA2\x63\xE6\x41\x16\xF0\x33\x98\x47\x02\x03\x01\x00\x01\xA3\x81\x9E\x30\x81\x9B\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x54\x5A\xCB\x26\x3F\x71\xCC\x94\x46\x0D\x96\x53\xEA\x6B\x48\xD0\x93\xFE\x42\x75\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x59\x06\x03\x55\x1D\x11\x04\x52\x30\x50\xA4\x4E\x30\x4C\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x0C\x0F\xE6\x97\xA5\xE6\x9C\xAC\xE5\x9B\xBD\xE6\x94\xBF\xE5\xBA\x9C\x31\x23\x30\x21\x06\x03\x55\x04\x0B\x0C\x1A\xE3\x82\xA2\xE3\x83\x97\xE3\x83\xAA\xE3\x82\xB1\xE3\x83\xBC\xE3\x82\xB7\xE3\x83\xA7\xE3\x83\xB3\x43\x41\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x39\x6A\x44\x76\x77\x38\x3A\xEC\xA3\x67\x46\x0F\xF9\x8B\x06\xA8\xFB\x6A\x90\x31\xCE\x7E\xEC\xDA\xD1\x89\x7C\x7A\xEB\x2E\x0C\xBD\x99\x32\xE7\xB0\x24\xD6\xC3\xFF\xF5\xB2\x88\x09\x87\x2C\xE3\x54\xE1\xA3\xA6\xB2\x08\x0B\xC0\x85\xA8\xC8\xD2\x9C\x71\xF6\x1D\x9F\x60\xFC\x38\x33\x13\xE1\x9E\xDC\x0B\x5F\xDA\x16\x50\x29\x7B\x2F\x70\x91\x0F\x99\xBA\x34\x34\x8D\x95\x74\xC5\x7E\x78\xA9\x66\x5D\xBD\xCA\x21\x77\x42\x10\xAC\x66\x26\x3D\xDE\x91\xAB\xFD\x15\xF0\x6F\xED\x6C\x5F\x10\xF8\xF3\x16\xF6\x03\x8A\x8F\xA7\x12\x11\x0C\xCB\xFD\x3F\x79\xC1\x9C\xFD\x62\xEE\xA3\xCF\x54\x0C\xD1\x2B\x5F\x17\x3E\xE3\x3E\xBF\xC0\x2B\x3E\x09\x9B\xFE\x88\xA6\x7E\xB4\x92\x17\xFC\x23\x94\x81\xBD\x6E\xA7\xC5\x8C\xC2\xEB\x11\x45\xDB\xF8\x41\xC9\x96\x76\xEA\x70\x5F\x79\x12\x6B\xE4\xA3\x07\x5A\x05\xEF\x27\x49\xCF\x21\x9F\x8A\x4C\x09\x70\x66\xA9\x26\xC1\x2B\x11\x4E\x33\xD2\x0E\xFC\xD6\x6C\xD2\x0E\x32\x64\x68\xFF\xAD\x05\x78\x5F\x03\x1D\xA8\xE3\x90\xAC\x24\xE0\x0F\x40\xA7\x4B\xAE\x8B\x28\xB7\x82\xCA\x18\x07\xE6\xB7\x5B\x74\xE9\x20\x19\x7F\xB2\x1B\x89\x54",
+	["CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US"] = "\x30\x82\x03\xFE\x30\x82\x02\xE6\xA0\x03\x02\x01\x02\x02\x10\x15\xAC\x6E\x94\x19\xB2\x79\x4B\x41\xF6\x27\xA9\xC3\x18\x0F\x1F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\x98\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x39\x30\x37\x06\x03\x55\x04\x0B\x13\x30\x28\x63\x29\x20\x32\x30\x30\x38\x20\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x1E\x17\x0D\x30\x38\x30\x34\x30\x32\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x37\x31\x32\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x98\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x39\x30\x37\x06\x03\x55\x04\x0B\x13\x30\x28\x63\x29\x20\x32\x30\x30\x38\x20\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDC\xE2\x5E\x62\x58\x1D\x33\x57\x39\x32\x33\xFA\xEB\xCB\x87\x8C\xA7\xD4\x4A\xDD\x06\x88\xEA\x64\x8E\x31\x98\xA5\x38\x90\x1E\x98\xCF\x2E\x63\x2B\xF0\x46\xBC\x44\xB2\x89\xA1\xC0\x28\x0C\x49\x70\x21\x95\x9F\x64\xC0\xA6\x93\x12\x02\x65\x26\x86\xC6\xA5\x89\xF0\xFA\xD7\x84\xA0\x70\xAF\x4F\x1A\x97\x3F\x06\x44\xD5\xC9\xEB\x72\x10\x7D\xE4\x31\x28\xFB\x1C\x61\xE6\x28\x07\x44\x73\x92\x22\x69\xA7\x03\x88\x6C\x9D\x63\xC8\x52\xDA\x98\x27\xE7\x08\x4C\x70\x3E\xB4\xC9\x12\xC1\xC5\x67\x83\x5D\x33\xF3\x03\x11\xEC\x6A\xD0\x53\xE2\xD1\xBA\x36\x60\x94\x80\xBB\x61\x63\x6C\x5B\x17\x7E\xDF\x40\x94\x1E\xAB\x0D\xC2\x21\x28\x70\x88\xFF\xD6\x26\x6C\x6C\x60\x04\x25\x4E\x55\x7E\x7D\xEF\xBF\x94\x48\xDE\xB7\x1D\xDD\x70\x8D\x05\x5F\x88\xA5\x9B\xF2\xC2\xEE\xEA\xD1\x40\x41\x6D\x62\x38\x1D\x56\x06\xC5\x03\x47\x51\x20\x19\xFC\x7B\x10\x0B\x0E\x62\xAE\x76\x55\xBF\x5F\x77\xBE\x3E\x49\x01\x53\x3D\x98\x25\x03\x76\x24\x5A\x1D\xB4\xDB\x89\xEA\x79\xE5\xB6\xB3\x3B\x3F\xBA\x4C\x28\x41\x7F\x06\xAC\x6A\x8E\xC1\xD0\xF6\x05\x1D\x7D\xE6\x42\x86\xE3\xA5\xD5\x47\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xC4\x79\xCA\x8E\xA1\x4E\x03\x1D\x1C\xDC\x6B\xDB\x31\x5B\x94\x3E\x3F\x30\x7F\x2D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x2D\xC5\x13\xCF\x56\x80\x7B\x7A\x78\xBD\x9F\xAE\x2C\x99\xE7\xEF\xDA\xDF\x94\x5E\x09\x69\xA7\xE7\x6E\x68\x8C\xBD\x72\xBE\x47\xA9\x0E\x97\x12\xB8\x4A\xF1\x64\xD3\x39\xDF\x25\x34\xD4\xC1\xCD\x4E\x81\xF0\x0F\x04\xC4\x24\xB3\x34\x96\xC6\xA6\xAA\x30\xDF\x68\x61\x73\xD7\xF9\x8E\x85\x89\xEF\x0E\x5E\x95\x28\x4A\x2A\x27\x8F\x10\x8E\x2E\x7C\x86\xC4\x02\x9E\xDA\x0C\x77\x65\x0E\x44\x0D\x92\xFD\xFD\xB3\x16\x36\xFA\x11\x0D\x1D\x8C\x0E\x07\x89\x6A\x29\x56\xF7\x72\xF4\xDD\x15\x9C\x77\x35\x66\x57\xAB\x13\x53\xD8\x8E\xC1\x40\xC5\xD7\x13\x16\x5A\x72\xC7\xB7\x69\x01\xC4\x7A\xB1\x83\x01\x68\x7D\x8D\x41\xA1\x94\x18\xC1\x25\x5C\xFC\xF0\xFE\x83\x02\x87\x7C\x0D\x0D\xCF\x2E\x08\x5C\x4A\x40\x0D\x3E\xEC\x81\x61\xE6\x24\xDB\xCA\xE0\x0E\x2D\x07\xB2\x3E\x56\xDC\x8D\xF5\x41\x85\x07\x48\x9B\x0C\x0B\xCB\x49\x3F\x7D\xEC\xB7\xFD\xCB\x8D\x67\x89\x1A\xAB\xED\xBB\x1E\xA3\x00\x08\x08\x17\x2A\x82\x5C\x31\x5D\x46\x8A\x2D\x0F\x86\x9B\x74\xD9\x45\xFB\xD4\x40\xB1\x7A\xAA\x68\x2D\x86\xB2\x99\x22\xE1\xC1\x2B\xC7\x9C\xF8\xF3\x5F\xA8\x82\x12\xEB\x19\x11\x2D",
+	["CN=thawte Primary Root CA - G2,OU=(c) 2007 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US"] = "\x30\x82\x02\x88\x30\x82\x02\x0D\xA0\x03\x02\x01\x02\x02\x10\x35\xFC\x26\x5C\xD9\x84\x4F\xC9\x3D\x26\x3D\x57\x9B\xAE\xD7\x56\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x30\x81\x84\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x74\x68\x61\x77\x74\x65\x2C\x20\x49\x6E\x63\x2E\x31\x38\x30\x36\x06\x03\x55\x04\x0B\x13\x2F\x28\x63\x29\x20\x32\x30\x30\x37\x20\x74\x68\x61\x77\x74\x65\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1B\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x47\x32\x30\x1E\x17\x0D\x30\x37\x31\x31\x30\x35\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x84\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x74\x68\x61\x77\x74\x65\x2C\x20\x49\x6E\x63\x2E\x31\x38\x30\x36\x06\x03\x55\x04\x0B\x13\x2F\x28\x63\x29\x20\x32\x30\x30\x37\x20\x74\x68\x61\x77\x74\x65\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1B\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x47\x32\x30\x76\x30\x10\x06\x07\x2A\x86\x48\xCE\x3D\x02\x01\x06\x05\x2B\x81\x04\x00\x22\x03\x62\x00\x04\xA2\xD5\x9C\x82\x7B\x95\x9D\xF1\x52\x78\x87\xFE\x8A\x16\xBF\x05\xE6\xDF\xA3\x02\x4F\x0D\x07\xC6\x00\x51\xBA\x0C\x02\x52\x2D\x22\xA4\x42\x39\xC4\xFE\x8F\xEA\xC9\xC1\xBE\xD4\x4D\xFF\x9F\x7A\x9E\xE2\xB1\x7C\x9A\xAD\xA7\x86\x09\x73\x87\xD1\xE7\x9A\xE3\x7A\xA5\xAA\x6E\xFB\xBA\xB3\x70\xC0\x67\x88\xA2\x35\xD4\xA3\x9A\xB1\xFD\xAD\xC2\xEF\x31\xFA\xA8\xB9\xF3\xFB\x08\xC6\x91\xD1\xFB\x29\x95\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x9A\xD8\x00\x30\x00\xE7\x6B\x7F\x85\x18\xEE\x8B\xB6\xCE\x8A\x0C\xF8\x11\xE1\xBB\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x03\x69\x00\x30\x66\x02\x31\x00\xDD\xF8\xE0\x57\x47\x5B\xA7\xE6\x0A\xC3\xBD\xF5\x80\x8A\x97\x35\x0D\x1B\x89\x3C\x54\x86\x77\x28\xCA\xA1\xF4\x79\xDE\xB5\xE6\x38\xB0\xF0\x65\x70\x8C\x7F\x02\x54\xC2\xBF\xFF\xD8\xA1\x3E\xD9\xCF\x02\x31\x00\xC4\x8D\x94\xFC\xDC\x53\xD2\xDC\x9D\x78\x16\x1F\x15\x33\x23\x53\x52\xE3\x5A\x31\x5D\x9D\xCA\xAE\xBD\x13\x29\x44\x0D\x27\x5B\xA8\xE7\x68\x9C\x12\xF7\x58\x3F\x2E\x72\x02\x57\xA3\x8F\xA1\x14\x2E",
+	["CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US"] = "\x30\x82\x04\x2A\x30\x82\x03\x12\xA0\x03\x02\x01\x02\x02\x10\x60\x01\x97\xB7\x46\xA7\xEA\xB4\xB4\x9A\xD6\x4B\x2F\xF7\x90\xFB\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\xAE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x74\x68\x61\x77\x74\x65\x2C\x20\x49\x6E\x63\x2E\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x38\x30\x36\x06\x03\x55\x04\x0B\x13\x2F\x28\x63\x29\x20\x32\x30\x30\x38\x20\x74\x68\x61\x77\x74\x65\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1B\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x47\x33\x30\x1E\x17\x0D\x30\x38\x30\x34\x30\x32\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x37\x31\x32\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xAE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x74\x68\x61\x77\x74\x65\x2C\x20\x49\x6E\x63\x2E\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x38\x30\x36\x06\x03\x55\x04\x0B\x13\x2F\x28\x63\x29\x20\x32\x30\x30\x38\x20\x74\x68\x61\x77\x74\x65\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1B\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x47\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB2\xBF\x27\x2C\xFB\xDB\xD8\x5B\xDD\x78\x7B\x1B\x9E\x77\x66\x81\xCB\x3E\xBC\x7C\xAE\xF3\xA6\x27\x9A\x34\xA3\x68\x31\x71\x38\x33\x62\xE4\xF3\x71\x66\x79\xB1\xA9\x65\xA3\xA5\x8B\xD5\x8F\x60\x2D\x3F\x42\xCC\xAA\x6B\x32\xC0\x23\xCB\x2C\x41\xDD\xE4\xDF\xFC\x61\x9C\xE2\x73\xB2\x22\x95\x11\x43\x18\x5F\xC4\xB6\x1F\x57\x6C\x0A\x05\x58\x22\xC8\x36\x4C\x3A\x7C\xA5\xD1\xCF\x86\xAF\x88\xA7\x44\x02\x13\x74\x71\x73\x0A\x42\x59\x02\xF8\x1B\x14\x6B\x42\xDF\x6F\x5F\xBA\x6B\x82\xA2\x9D\x5B\xE7\x4A\xBD\x1E\x01\x72\xDB\x4B\x74\xE8\x3B\x7F\x7F\x7D\x1F\x04\xB4\x26\x9B\xE0\xB4\x5A\xAC\x47\x3D\x55\xB8\xD7\xB0\x26\x52\x28\x01\x31\x40\x66\xD8\xD9\x24\xBD\xF6\x2A\xD8\xEC\x21\x49\x5C\x9B\xF6\x7A\xE9\x7F\x55\x35\x7E\x96\x6B\x8D\x93\x93\x27\xCB\x92\xBB\xEA\xAC\x40\xC0\x9F\xC2\xF8\x80\xCF\x5D\xF4\x5A\xDC\xCE\x74\x86\xA6\x3E\x6C\x0B\x53\xCA\xBD\x92\xCE\x19\x06\x72\xE6\x0C\x5C\x38\x69\xC7\x04\xD6\xBC\x6C\xCE\x5B\xF6\xF7\x68\x9C\xDC\x25\x15\x48\x88\xA1\xE9\xA9\xF8\x98\x9C\xE0\xF3\xD5\x31\x28\x61\x11\x6C\x67\x96\x8D\x39\x99\xCB\xC2\x45\x24\x39\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xAD\x6C\xAA\x94\x60\x9C\xED\xE4\xFF\xFA\x3E\x0A\x74\x2B\x63\x03\xF7\xB6\x59\xBF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x1A\x40\xD8\x95\x65\xAC\x09\x92\x89\xC6\x39\xF4\x10\xE5\xA9\x0E\x66\x53\x5D\x78\xDE\xFA\x24\x91\xBB\xE7\x44\x51\xDF\xC6\x16\x34\x0A\xEF\x6A\x44\x51\xEA\x2B\x07\x8A\x03\x7A\xC3\xEB\x3F\x0A\x2C\x52\x16\xA0\x2B\x43\xB9\x25\x90\x3F\x70\xA9\x33\x25\x6D\x45\x1A\x28\x3B\x27\xCF\xAA\xC3\x29\x42\x1B\xDF\x3B\x4C\xC0\x33\x34\x5B\x41\x88\xBF\x6B\x2B\x65\xAF\x28\xEF\xB2\xF5\xC3\xAA\x66\xCE\x7B\x56\xEE\xB7\xC8\xCB\x67\xC1\xC9\x9C\x1A\x18\xB8\xC4\xC3\x49\x03\xF1\x60\x0E\x50\xCD\x46\xC5\xF3\x77\x79\xF7\xB6\x15\xE0\x38\xDB\xC7\x2F\x28\xA0\x0C\x3F\x77\x26\x74\xD9\x25\x12\xDA\x31\xDA\x1A\x1E\xDC\x29\x41\x91\x22\x3C\x69\xA7\xBB\x02\xF2\xB6\x5C\x27\x03\x89\xF4\x06\xEA\x9B\xE4\x72\x82\xE3\xA1\x09\xC1\xE9\x00\x19\xD3\x3E\xD4\x70\x6B\xBA\x71\xA6\xAA\x58\xAE\xF4\xBB\xE9\x6C\xB6\xEF\x87\xCC\x9B\xBB\xFF\x39\xE6\x56\x61\xD3\x0A\xA7\xC4\x5C\x4C\x60\x7B\x05\x77\x26\x7A\xBF\xD8\x07\x52\x2C\x62\xF7\x70\x63\xD9\x39\xBC\x6F\x1C\xC2\x79\xDC\x76\x29\xAF\xCE\xC5\x2C\x64\x04\x5E\x88\x36\x6E\x31\xD4\x40\x1A\x62\x34\x36\x3F\x35\x01\xAE\xAC\x63\xA0",
+	["CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US"] = "\x30\x82\x02\xAE\x30\x82\x02\x35\xA0\x03\x02\x01\x02\x02\x10\x3C\xB2\xF4\x48\x0A\x00\xE2\xFE\xEB\x24\x3B\x5E\x60\x3E\xC3\x6B\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x30\x81\x98\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x39\x30\x37\x06\x03\x55\x04\x0B\x13\x30\x28\x63\x29\x20\x32\x30\x30\x37\x20\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x30\x1E\x17\x0D\x30\x37\x31\x31\x30\x35\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x98\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x31\x39\x30\x37\x06\x03\x55\x04\x0B\x13\x30\x28\x63\x29\x20\x32\x30\x30\x37\x20\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x47\x65\x6F\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x30\x76\x30\x10\x06\x07\x2A\x86\x48\xCE\x3D\x02\x01\x06\x05\x2B\x81\x04\x00\x22\x03\x62\x00\x04\x15\xB1\xE8\xFD\x03\x15\x43\xE5\xAC\xEB\x87\x37\x11\x62\xEF\xD2\x83\x36\x52\x7D\x45\x57\x0B\x4A\x8D\x7B\x54\x3B\x3A\x6E\x5F\x15\x02\xC0\x50\xA6\xCF\x25\x2F\x7D\xCA\x48\xB8\xC7\x50\x63\x1C\x2A\x21\x08\x7C\x9A\x36\xD8\x0B\xFE\xD1\x26\xC5\x58\x31\x30\x28\x25\xF3\x5D\x5D\xA3\xB8\xB6\xA5\xB4\x92\xED\x6C\x2C\x9F\xEB\xDD\x43\x89\xA2\x3C\x4B\x48\x91\x1D\x50\xEC\x26\xDF\xD6\x60\x2E\xBD\x21\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x15\x5F\x35\x57\x51\x55\xFB\x25\xB2\xAD\x03\x69\xFC\x01\xA3\xFA\xBE\x11\x55\xD5\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x03\x67\x00\x30\x64\x02\x30\x64\x96\x59\xA6\xE8\x09\xDE\x8B\xBA\xFA\x5A\x88\x88\xF0\x1F\x91\xD3\x46\xA8\xF2\x4A\x4C\x02\x63\xFB\x6C\x5F\x38\xDB\x2E\x41\x93\xA9\x0E\xE6\x9D\xDC\x31\x1C\xB2\xA0\xA7\x18\x1C\x79\xE1\xC7\x36\x02\x30\x3A\x56\xAF\x9A\x74\x6C\xF6\xFB\x83\xE0\x33\xD3\x08\x5F\xA1\x9C\xC2\x5B\x9F\x46\xD6\xB6\xCB\x91\x06\x63\xA2\x06\xE7\x33\xAC\x3E\xA8\x81\x12\xD0\xCB\xBA\xD0\x92\x0B\xB6\x9E\x96\xAA\x04\x0F\x8A",
+	["CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x04\xB9\x30\x82\x03\xA1\xA0\x03\x02\x01\x02\x02\x10\x40\x1A\xC4\x64\x21\xB3\x13\x21\x03\x0E\xBB\xE4\x12\x1A\xC5\x1D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\xBD\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x32\x30\x30\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x38\x30\x36\x06\x03\x55\x04\x03\x13\x2F\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x38\x30\x34\x30\x32\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x37\x31\x32\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xBD\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x32\x30\x30\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x38\x30\x36\x06\x03\x55\x04\x03\x13\x2F\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC7\x61\x37\x5E\xB1\x01\x34\xDB\x62\xD7\x15\x9B\xFF\x58\x5A\x8C\x23\x23\xD6\x60\x8E\x91\xD7\x90\x98\x83\x7A\xE6\x58\x19\x38\x8C\xC5\xF6\xE5\x64\x85\xB4\xA2\x71\xFB\xED\xBD\xB9\xDA\xCD\x4D\x00\xB4\xC8\x2D\x73\xA5\xC7\x69\x71\x95\x1F\x39\x3C\xB2\x44\x07\x9C\xE8\x0E\xFA\x4D\x4A\xC4\x21\xDF\x29\x61\x8F\x32\x22\x61\x82\xC5\x87\x1F\x6E\x8C\x7C\x5F\x16\x20\x51\x44\xD1\x70\x4F\x57\xEA\xE3\x1C\xE3\xCC\x79\xEE\x58\xD8\x0E\xC2\xB3\x45\x93\xC0\x2C\xE7\x9A\x17\x2B\x7B\x00\x37\x7A\x41\x33\x78\xE1\x33\xE2\xF3\x10\x1A\x7F\x87\x2C\xBE\xF6\xF5\xF7\x42\xE2\xE5\xBF\x87\x62\x89\x5F\x00\x4B\xDF\xC5\xDD\xE4\x75\x44\x32\x41\x3A\x1E\x71\x6E\x69\xCB\x0B\x75\x46\x08\xD1\xCA\xD2\x2B\x95\xD0\xCF\xFB\xB9\x40\x6B\x64\x8C\x57\x4D\xFC\x13\x11\x79\x84\xED\x5E\x54\xF6\x34\x9F\x08\x01\xF3\x10\x25\x06\x17\x4A\xDA\xF1\x1D\x7A\x66\x6B\x98\x60\x66\xA4\xD9\xEF\xD2\x2E\x82\xF1\xF0\xEF\x09\xEA\x44\xC9\x15\x6A\xE2\x03\x6E\x33\xD3\xAC\x9F\x55\x00\xC7\xF6\x08\x6A\x94\xB9\x5F\xDC\xE0\x33\xF1\x84\x60\xF9\x5B\x27\x11\xB4\xFC\x16\xF2\xBB\x56\x6A\x80\x25\x8D\x02\x03\x01\x00\x01\xA3\x81\xB2\x30\x81\xAF\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x6D\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x0C\x04\x61\x30\x5F\xA1\x5D\xA0\x5B\x30\x59\x30\x57\x30\x55\x16\x09\x69\x6D\x61\x67\x65\x2F\x67\x69\x66\x30\x21\x30\x1F\x30\x07\x06\x05\x2B\x0E\x03\x02\x1A\x04\x14\x8F\xE5\xD3\x1A\x86\xAC\x8D\x8E\x6B\xC3\xCF\x80\x6A\xD4\x48\x18\x2C\x7B\x19\x2E\x30\x25\x16\x23\x68\x74\x74\x70\x3A\x2F\x2F\x6C\x6F\x67\x6F\x2E\x76\x65\x72\x69\x73\x69\x67\x6E\x2E\x63\x6F\x6D\x2F\x76\x73\x6C\x6F\x67\x6F\x2E\x67\x69\x66\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xB6\x77\xFA\x69\x48\x47\x9F\x53\x12\xD5\xC2\xEA\x07\x32\x76\x07\xD1\x97\x07\x19\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x4A\xF8\xF8\xB0\x03\xE6\x2C\x67\x7B\xE4\x94\x77\x63\xCC\x6E\x4C\xF9\x7D\x0E\x0D\xDC\xC8\xB9\x35\xB9\x70\x4F\x63\xFA\x24\xFA\x6C\x83\x8C\x47\x9D\x3B\x63\xF3\x9A\xF9\x76\x32\x95\x91\xB1\x77\xBC\xAC\x9A\xBE\xB1\xE4\x31\x21\xC6\x81\x95\x56\x5A\x0E\xB1\xC2\xD4\xB1\xA6\x59\xAC\xF1\x63\xCB\xB8\x4C\x1D\x59\x90\x4A\xEF\x90\x16\x28\x1F\x5A\xAE\x10\xFB\x81\x50\x38\x0C\x6C\xCC\xF1\x3D\xC3\xF5\x63\xE3\xB3\xE3\x21\xC9\x24\x39\xE9\xFD\x15\x66\x46\xF4\x1B\x11\xD0\x4D\x73\xA3\x7D\x46\xF9\x3D\xED\xA8\x5F\x62\xD4\xF1\x3F\xF8\xE0\x74\x57\x2B\x18\x9D\x81\xB4\xC4\x28\xDA\x94\x97\xA5\x70\xEB\xAC\x1D\xBE\x07\x11\xF0\xD5\xDB\xDD\xE5\x8C\xF0\xD5\x32\xB0\x83\xE6\x57\xE2\x8F\xBF\xBE\xA1\xAA\xBF\x3D\x1D\xB5\xD4\x38\xEA\xD7\xB0\x5C\x3A\x4F\x6A\x3F\x8F\xC0\x66\x6C\x63\xAA\xE9\xD9\xA4\x16\xF4\x81\xD1\x95\x14\x0E\x7D\xCD\x95\x34\xD9\xD2\x8F\x70\x73\x81\x7B\x9C\x7E\xBD\x98\x61\xD8\x45\x87\x98\x90\xC5\xEB\x86\x30\xC6\x35\xBF\xF0\xFF\xC3\x55\x88\x83\x4B\xEF\x05\x92\x06\x71\xF2\xB8\x98\x93\xB7\xEC\xCD\x82\x61\xF1\x38\xE6\x4F\x97\x98\x2A\x5A\x8D",
+	["CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU=(c) 2007 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x03\x84\x30\x82\x03\x0A\xA0\x03\x02\x01\x02\x02\x10\x2F\x80\xFE\x23\x8C\x0E\x22\x0F\x48\x67\x12\x28\x91\x87\xAC\xB3\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x32\x30\x30\x37\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x34\x30\x1E\x17\x0D\x30\x37\x31\x31\x30\x35\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x32\x30\x30\x37\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x34\x30\x76\x30\x10\x06\x07\x2A\x86\x48\xCE\x3D\x02\x01\x06\x05\x2B\x81\x04\x00\x22\x03\x62\x00\x04\xA7\x56\x7A\x7C\x52\xDA\x64\x9B\x0E\x2D\x5C\xD8\x5E\xAC\x92\x3D\xFE\x01\xE6\x19\x4A\x3D\x14\x03\x4B\xFA\x60\x27\x20\xD9\x83\x89\x69\xFA\x54\xC6\x9A\x18\x5E\x55\x2A\x64\xDE\x06\xF6\x8D\x4A\x3B\xAD\x10\x3C\x65\x3D\x90\x88\x04\x89\xE0\x30\x61\xB3\xAE\x5D\x01\xA7\x7B\xDE\x7C\xB2\xBE\xCA\x65\x61\x00\x86\xAE\xDA\x8F\x7B\xD0\x89\xAD\x4D\x1D\x59\x9A\x41\xB1\xBC\x47\x80\xDC\x9E\x62\xC3\xF9\xA3\x81\xB2\x30\x81\xAF\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x6D\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x0C\x04\x61\x30\x5F\xA1\x5D\xA0\x5B\x30\x59\x30\x57\x30\x55\x16\x09\x69\x6D\x61\x67\x65\x2F\x67\x69\x66\x30\x21\x30\x1F\x30\x07\x06\x05\x2B\x0E\x03\x02\x1A\x04\x14\x8F\xE5\xD3\x1A\x86\xAC\x8D\x8E\x6B\xC3\xCF\x80\x6A\xD4\x48\x18\x2C\x7B\x19\x2E\x30\x25\x16\x23\x68\x74\x74\x70\x3A\x2F\x2F\x6C\x6F\x67\x6F\x2E\x76\x65\x72\x69\x73\x69\x67\x6E\x2E\x63\x6F\x6D\x2F\x76\x73\x6C\x6F\x67\x6F\x2E\x67\x69\x66\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xB3\x16\x91\xFD\xEE\xA6\x6E\xE4\xB5\x2E\x49\x8F\x87\x78\x81\x80\xEC\xE5\xB1\xB5\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x03\x68\x00\x30\x65\x02\x30\x66\x21\x0C\x18\x26\x60\x5A\x38\x7B\x56\x42\xE0\xA7\xFC\x36\x84\x51\x91\x20\x2C\x76\x4D\x43\x3D\xC4\x1D\x84\x23\xD0\xAC\xD6\x7C\x35\x06\xCE\xCD\x69\xBD\x90\x0D\xDB\x6C\x48\x42\x1D\x0E\xAA\x42\x02\x31\x00\x9C\x3D\x48\x39\x23\x39\x58\x1A\x15\x12\x59\x6A\x9E\xEF\xD5\x59\xB2\x1D\x52\x2C\x99\x71\xCD\xC7\x29\xDF\x1B\x2A\x61\x7B\x71\xD1\xDE\xF3\xC0\xE5\x0D\x3A\x4A\xAA\x2D\xA7\xD8\x86\x2A\xDD\x2E\x10",
+	["CN=NetLock Arany (Class Gold) F\C5\91tan\C3\BAs\C3\ADtv\C3\A1ny,OU=Tan\C3\BAs\C3\ADtv\C3\A1nykiad\C3\B3k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU"] = "\x30\x82\x04\x15\x30\x82\x02\xFD\xA0\x03\x02\x01\x02\x02\x06\x49\x41\x2C\xE4\x00\x10\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\xA7\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x0C\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x0C\x0C\x4E\x65\x74\x4C\x6F\x63\x6B\x20\x4B\x66\x74\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x0C\x2E\x54\x61\x6E\xC3\xBA\x73\xC3\xAD\x74\x76\xC3\xA1\x6E\x79\x6B\x69\x61\x64\xC3\xB3\x6B\x20\x28\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x29\x31\x35\x30\x33\x06\x03\x55\x04\x03\x0C\x2C\x4E\x65\x74\x4C\x6F\x63\x6B\x20\x41\x72\x61\x6E\x79\x20\x28\x43\x6C\x61\x73\x73\x20\x47\x6F\x6C\x64\x29\x20\x46\xC5\x91\x74\x61\x6E\xC3\xBA\x73\xC3\xAD\x74\x76\xC3\xA1\x6E\x79\x30\x1E\x17\x0D\x30\x38\x31\x32\x31\x31\x31\x35\x30\x38\x32\x31\x5A\x17\x0D\x32\x38\x31\x32\x30\x36\x31\x35\x30\x38\x32\x31\x5A\x30\x81\xA7\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x0C\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x0C\x0C\x4E\x65\x74\x4C\x6F\x63\x6B\x20\x4B\x66\x74\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x0C\x2E\x54\x61\x6E\xC3\xBA\x73\xC3\xAD\x74\x76\xC3\xA1\x6E\x79\x6B\x69\x61\x64\xC3\xB3\x6B\x20\x28\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x29\x31\x35\x30\x33\x06\x03\x55\x04\x03\x0C\x2C\x4E\x65\x74\x4C\x6F\x63\x6B\x20\x41\x72\x61\x6E\x79\x20\x28\x43\x6C\x61\x73\x73\x20\x47\x6F\x6C\x64\x29\x20\x46\xC5\x91\x74\x61\x6E\xC3\xBA\x73\xC3\xAD\x74\x76\xC3\xA1\x6E\x79\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC4\x24\x5E\x73\xBE\x4B\x6D\x14\xC3\xA1\xF4\xE3\x97\x90\x6E\xD2\x30\x45\x1E\x3C\xEE\x67\xD9\x64\xE0\x1A\x8A\x7F\xCA\x30\xCA\x83\xE3\x20\xC1\xE3\xF4\x3A\xD3\x94\x5F\x1A\x7C\x5B\x6D\xBF\x30\x4F\x84\x27\xF6\x9F\x1F\x49\xBC\xC6\x99\x0A\x90\xF2\x0F\xF5\x7F\x43\x84\x37\x63\x51\x8B\x7A\xA5\x70\xFC\x7A\x58\xCD\x8E\x9B\xED\xC3\x46\x6C\x84\x70\x5D\xDA\xF3\x01\x90\x23\xFC\x4E\x30\xA9\x7E\xE1\x27\x63\xE7\xED\x64\x3C\xA0\xB8\xC9\x33\x63\xFE\x16\x90\xFF\xB0\xB8\xFD\xD7\xA8\xC0\xC0\x94\x43\x0B\xB6\xD5\x59\xA6\x9E\x56\xD0\x24\x1F\x70\x79\xAF\xDB\x39\x54\x0D\x65\x75\xD9\x15\x41\x94\x01\xAF\x5E\xEC\xF6\x8D\xF1\xFF\xAD\x64\xFE\x20\x9A\xD7\x5C\xEB\xFE\xA6\x1F\x08\x64\xA3\x8B\x76\x55\xAD\x1E\x3B\x28\x60\x2E\x87\x25\xE8\xAA\xAF\x1F\xC6\x64\x46\x20\xB7\x70\x7F\x3C\xDE\x48\xDB\x96\x53\xB7\x39\x77\xE4\x1A\xE2\xC7\x16\x84\x76\x97\x5B\x2F\xBB\x19\x15\x85\xF8\x69\x85\xF5\x99\xA7\xA9\xF2\x34\xA7\xA9\xB6\xA6\x03\xFC\x6F\x86\x3D\x54\x7C\x76\x04\x9B\x6B\xF9\x40\x5D\x00\x34\xC7\x2E\x99\x75\x9D\xE5\x88\x03\xAA\x4D\xF8\x03\xD2\x42\x76\xC0\x1B\x02\x03\x00\xA8\x8B\xA3\x45\x30\x43\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x04\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xCC\xFA\x67\x93\xF0\xB6\xB8\xD0\xA5\xC0\x1E\xF3\x53\xFD\x8C\x53\xDF\x83\xD7\x96\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\xAB\x7F\xEE\x1C\x16\xA9\x9C\x3C\x51\x00\xA0\xC0\x11\x08\x05\xA7\x99\xE6\x6F\x01\x88\x54\x61\x6E\xF1\xB9\x18\xAD\x4A\xAD\xFE\x81\x40\x23\x94\x2F\xFB\x75\x7C\x2F\x28\x4B\x62\x24\x81\x82\x0B\xF5\x61\xF1\x1C\x6E\xB8\x61\x38\xEB\x81\xFA\x62\xA1\x3B\x5A\x62\xD3\x94\x65\xC4\xE1\xE6\x6D\x82\xF8\x2F\x25\x70\xB2\x21\x26\xC1\x72\x51\x1F\x8C\x2C\xC3\x84\x90\xC3\x5A\x8F\xBA\xCF\xF4\xA7\x65\xA5\xEB\x98\xD1\xFB\x05\xB2\x46\x75\x15\x23\x6A\x6F\x85\x63\x30\x80\xF0\xD5\x9E\x1F\x29\x1C\xC2\x6C\xB0\x50\x59\x5D\x90\x5B\x3B\xA8\x0D\x30\xCF\xBF\x7D\x7F\xCE\xF1\x9D\x83\xBD\xC9\x46\x6E\x20\xA6\xF9\x61\x51\xBA\x21\x2F\x7B\xBE\xA5\x15\x63\xA1\xD4\x95\x87\xF1\x9E\xB9\xF3\x89\xF3\x3D\x85\xB8\xB8\xDB\xBE\xB5\xB9\x29\xF9\xDA\x37\x05\x00\x49\x94\x03\x84\x44\xE7\xBF\x43\x31\xCF\x75\x8B\x25\xD1\xF4\xA6\x64\xF5\x92\xF6\xAB\x05\xEB\x3D\xE9\xA5\x0B\x36\x62\xDA\xCC\x06\x5F\x36\x8B\xB6\x5E\x31\xB8\x2A\xFB\x5E\xF6\x71\xDF\x44\x26\x9E\xC4\xE6\x0D\x91\xB4\x2E\x75\x95\x80\x51\x6A\x4B\x30\xA6\xB0\x62\xA1\x93\xF1\x9B\xD8\xCE\xC4\x63\x75\x3F\x59\x47\xB1",
+	["CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL"] = "\x30\x82\x05\xCA\x30\x82\x03\xB2\xA0\x03\x02\x01\x02\x02\x04\x00\x98\x96\x8C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4C\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x0C\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x31\x2B\x30\x29\x06\x03\x55\x04\x03\x0C\x22\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x47\x32\x30\x1E\x17\x0D\x30\x38\x30\x33\x32\x36\x31\x31\x31\x38\x31\x37\x5A\x17\x0D\x32\x30\x30\x33\x32\x35\x31\x31\x30\x33\x31\x30\x5A\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4C\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x0C\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x31\x2B\x30\x29\x06\x03\x55\x04\x03\x0C\x22\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x47\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xC5\x59\xE7\x6F\x75\xAA\x3E\x4B\x9C\xB5\xB8\xAC\x9E\x0B\xE4\xF9\xD9\xCA\xAB\x5D\x8F\xB5\x39\x10\x82\xD7\xAF\x51\xE0\x3B\xE1\x00\x48\x6A\xCF\xDA\xE1\x06\x43\x11\x99\xAA\x14\x25\x12\xAD\x22\xE8\x00\x6D\x43\xC4\xA9\xB8\xE5\x1F\x89\x4B\x67\xBD\x61\x48\xEF\xFD\xD2\xE0\x60\x88\xE5\xB9\x18\x60\x28\xC3\x77\x2B\xAD\xB0\x37\xAA\x37\xDE\x64\x59\x2A\x46\x57\xE4\x4B\xB9\xF8\x37\x7C\xD5\x36\xE7\x80\xC1\xB6\xF3\xD4\x67\x9B\x96\xE8\xCE\xD7\xC6\x0A\x53\xD0\x6B\x49\x96\xF3\xA3\x0B\x05\x77\x48\xF7\x25\xE5\x70\xAC\x30\x14\x20\x25\xE3\x7F\x75\x5A\xE5\x48\xF8\x4E\x7B\x03\x07\x04\xFA\x82\x61\x87\x6E\xF0\x3B\xC4\xA4\xC7\xD0\xF5\x74\x3E\xA5\x5D\x1A\x08\xF2\x9B\x25\xD2\xF6\xAC\x04\x26\x3E\x55\x3A\x62\x28\xA5\x7B\xB2\x30\xAF\xF8\x37\xC2\xD1\xBA\xD6\x38\xFD\xF4\xEF\x49\x30\x37\x99\x26\x21\x48\x85\x01\xA9\xE5\x16\xE7\xDC\x90\x55\xDF\x0F\xE8\x38\xCD\x99\x37\x21\x4F\x5D\xF5\x22\x6F\x6A\xC5\x12\x16\x60\x17\x55\xF2\x65\x66\xA6\xA7\x30\x91\x38\xC1\x38\x1D\x86\x04\x84\xBA\x1A\x25\x78\x5E\x9D\xAF\xCC\x50\x60\xD6\x13\x87\x52\xED\x63\x1F\x6D\x65\x7D\xC2\x15\x18\x74\xCA\xE1\x7E\x64\x29\x8C\x72\xD8\x16\x13\x7D\x0B\x49\x4A\xF1\x28\x1B\x20\x74\x6B\xC5\x3D\xDD\xB0\xAA\x48\x09\x3D\x2E\x82\x94\xCD\x1A\x65\xD9\x2B\x88\x9A\x99\xBC\x18\x7E\x9F\xEE\x7D\x66\x7C\x3E\xBD\x94\xB8\x81\xCE\xCD\x98\x30\x78\xC1\x6F\x67\xD0\xBE\x5F\xE0\x68\xED\xDE\xE2\xB1\xC9\x2C\x59\x78\x92\xAA\xDF\x2B\x60\x63\xF2\xE5\x5E\xB9\xE3\xCA\xFA\x7F\x50\x86\x3E\xA2\x34\x18\x0C\x09\x68\x28\x11\x1C\xE4\xE1\xB9\x5C\x3E\x47\xBA\x32\x3F\x18\xCC\x5B\x84\xF5\xF3\x6B\x74\xC4\x72\x74\xE1\xE3\x8B\xA0\x4A\xBD\x8D\x66\x2F\xEA\xAD\x35\xDA\x20\xD3\x88\x82\x61\xF0\x12\x22\xB6\xBC\xD0\xD5\xA4\xEC\xAF\x54\x88\x25\x24\x3C\xA7\x6D\xB1\x72\x29\x3F\x3E\x57\xA6\x7F\x55\xAF\x6E\x26\xC6\xFE\xE7\xCC\x40\x5C\x51\x44\x81\x0A\x78\xDE\x4A\xCE\x55\xBF\x1D\xD5\xD9\xB7\x56\xEF\xF0\x76\xFF\x0B\x79\xB5\xAF\xBD\xFB\xA9\x69\x91\x46\x97\x68\x80\x14\x36\x1D\xB3\x7F\xBB\x29\x98\x36\xA5\x20\xFA\x82\x60\x62\x33\xA4\xEC\xD6\xBA\x07\xA7\x6E\xC5\xCF\x14\xA6\xE7\xD6\x92\x34\xD8\x81\xF5\xFC\x1D\x5D\xAA\x5C\x1E\xF6\xA3\x4D\x3B\xB8\xF7\x39\x02\x03\x01\x00\x01\xA3\x81\x97\x30\x81\x94\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x52\x06\x03\x55\x1D\x20\x04\x4B\x30\x49\x30\x47\x06\x04\x55\x1D\x20\x00\x30\x3F\x30\x3D\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x31\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x70\x6B\x69\x6F\x76\x65\x72\x68\x65\x69\x64\x2E\x6E\x6C\x2F\x70\x6F\x6C\x69\x63\x69\x65\x73\x2F\x72\x6F\x6F\x74\x2D\x70\x6F\x6C\x69\x63\x79\x2D\x47\x32\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x91\x68\x32\x87\x15\x1D\x89\xE2\xB5\xF1\xAC\x36\x28\x34\x8D\x0B\x7C\x62\x88\xEB\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\xA8\x41\x4A\x67\x2A\x92\x81\x82\x50\x6E\xE1\xD7\xD8\xB3\x39\x3B\xF3\x02\x15\x09\x50\x51\xEF\x2D\xBD\x24\x7B\x88\x86\x3B\xF9\xB4\xBC\x92\x09\x96\xB9\xF6\xC0\xAB\x23\x60\x06\x79\x8C\x11\x4E\x51\xD2\x79\x80\x33\xFB\x9D\x48\xBE\xEC\x41\x43\x81\x1F\x7E\x47\x40\x1C\xE5\x7A\x08\xCA\xAA\x8B\x75\xAD\x14\xC4\xC2\xE8\x66\x3C\x82\x07\xA7\xE6\x27\x82\x5B\x18\xE6\x0F\x6E\xD9\x50\x3E\x8A\x42\x18\x29\xC6\xB4\x56\xFC\x56\x10\xA0\x05\x17\xBD\x0C\x23\x7F\xF4\x93\xED\x9C\x1A\x51\xBE\xDD\x45\x41\xBF\x91\x24\xB4\x1F\x8C\xE9\x5F\xCF\x7B\x21\x99\x9F\x95\x9F\x39\x3A\x46\x1C\x6C\xF9\xCD\x7B\x9C\x90\xCD\x28\xA9\xC7\xA9\x55\xBB\xAC\x62\x34\x62\x35\x13\x4B\x14\x3A\x55\x83\xB9\x86\x8D\x92\xA6\xC6\xF4\x07\x25\x54\xCC\x16\x57\x12\x4A\x82\x78\xC8\x14\xD9\x17\x82\x26\x2D\x5D\x20\x1F\x79\xAE\xFE\xD4\x70\x16\x16\x95\x83\xD8\x35\x39\xFF\x52\x5D\x75\x1C\x16\xC5\x13\x55\xCF\x47\xCC\x75\x65\x52\x4A\xDE\xF0\xB0\xA7\xE4\x0A\x96\x0B\xFB\xAD\xC2\xE2\x25\x84\xB2\xDD\xE4\xBD\x7E\x59\x6C\x9B\xF0\xF0\xD8\xE7\xCA\xF2\xE9\x97\x38\x7E\x89\xBE\xCC\xFB\x39\x17\x61\x3F\x72\xDB\x3A\x91\xD8\x65\x01\x19\x1D\xAD\x50\xA4\x57\x0A\x7C\x4B\xBC\x9C\x71\x73\x2A\x45\x51\x19\x85\xCC\x8E\xFD\x47\xA7\x74\x95\x1D\xA8\xD1\xAF\x4E\x17\xB1\x69\x26\xC2\xAA\x78\x57\x5B\xC5\x4D\xA7\xE5\x9E\x05\x17\x94\xCA\xB2\x5F\xA0\x49\x18\x8D\x34\xE9\x26\x6C\x48\x1E\xAA\x68\x92\x05\xE1\x82\x73\x5A\x9B\xDC\x07\x5B\x08\x6D\x7D\x9D\xD7\x8D\x21\xD9\xFC\x14\x20\xAA\xC2\x45\xDF\x3F\xE7\x00\xB2\x51\xE4\xC2\xF8\x05\xB9\x79\x1A\x8C\x34\xF3\x9E\x5B\xE4\x37\x5B\x6B\x4A\xDF\x2C\x57\x8A\x40\x5A\x36\xBA\xDD\x75\x44\x08\x37\x42\x70\x0C\xFE\xDC\x5E\x21\xA0\xA3\x8A\xC0\x90\x9C\x68\xDA\x50\xE6\x45\x10\x47\x78\xB6\x4E\xD2\x65\xC9\xC3\x37\xDF\xE1\x42\x63\xB0\x57\x37\x45\x2D\x7B\x8A\x9C\xBF\x05\xEA\x65\x55\x33\xF7\x39\x10\xC5\x28\x2A\x21\x7A\x1B\x8A\xC4\x24\xF9\x3F\x15\xC8\x9A\x15\x20\xF5\x55\x62\x96\xED\x6D\x93\x50\xBC\xE4\xAA\x78\xAD\xD9\xCB\x0A\x65\x87\xA6\x66\xC1\xC4\x81\xA3\x77\x3A\x58\x1E\x0B\xEE\x83\x8B\x9D\x1E\xD2\x52\xA4\xCC\x1D\x6F\xB0\x98\x6D\x94\x31\xB5\xF8\x71\x0A\xDC\xB9\xFC\x7D\x32\x60\xE6\xEB\xAF\x8A\x01",
+	["CN=CA Disig,O=Disig a.s.,L=Bratislava,C=SK"] = "\x30\x82\x04\x0F\x30\x82\x02\xF7\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x4A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x4B\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x42\x72\x61\x74\x69\x73\x6C\x61\x76\x61\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x44\x69\x73\x69\x67\x20\x61\x2E\x73\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x03\x13\x08\x43\x41\x20\x44\x69\x73\x69\x67\x30\x1E\x17\x0D\x30\x36\x30\x33\x32\x32\x30\x31\x33\x39\x33\x34\x5A\x17\x0D\x31\x36\x30\x33\x32\x32\x30\x31\x33\x39\x33\x34\x5A\x30\x4A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x4B\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x42\x72\x61\x74\x69\x73\x6C\x61\x76\x61\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x44\x69\x73\x69\x67\x20\x61\x2E\x73\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x03\x13\x08\x43\x41\x20\x44\x69\x73\x69\x67\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x92\xF6\x31\xC1\x7D\x88\xFD\x99\x01\xA9\xD8\x7B\xF2\x71\x75\xF1\x31\xC6\xF3\x75\x66\xFA\x51\x28\x46\x84\x97\x78\x34\xBC\x6C\xFC\xBC\x45\x59\x88\x26\x18\x4A\xC4\x37\x1F\xA1\x4A\x44\xBD\xE3\x71\x04\xF5\x44\x17\xE2\x3F\xFC\x48\x58\x6F\x5C\x9E\x7A\x09\xBA\x51\x37\x22\x23\x66\x43\x21\xB0\x3C\x64\xA2\xF8\x6A\x15\x0E\x3F\xEB\x51\xE1\x54\xA9\xDD\x06\x99\xD7\x9A\x3C\x54\x8B\x39\x03\x3F\x0F\xC5\xCE\xC6\xEB\x83\x72\x02\xA8\x1F\x71\xF3\x2D\xF8\x75\x08\xDB\x62\x4C\xE8\xFA\xCE\xF9\xE7\x6A\x1F\xB6\x6B\x35\x82\xBA\xE2\x8F\x16\x92\x7D\x05\x0C\x6C\x46\x03\x5D\xC0\xED\x69\xBF\x3A\xC1\x8A\xA0\xE8\x8E\xD9\xB9\x45\x28\x87\x08\xEC\xB4\xCA\x15\xBE\x82\xDD\xB5\x44\x8B\x2D\xAD\x86\x0C\x68\x62\x6D\x85\x56\xF2\xAC\x14\x63\x3A\xC6\xD1\x99\xAC\x34\x78\x56\x4B\xCF\xB6\xAD\x3F\x8C\x8A\xD7\x04\xE5\xE3\x78\x4C\xF5\x86\xAA\xF5\x8F\xFA\x3D\x6C\x71\xA3\x2D\xCA\x67\xEB\x68\x7B\x6E\x33\xA9\x0C\x82\x28\xA8\x4C\x6A\x21\x40\x15\x20\x0C\x26\x5B\x83\xC2\xA9\x16\x15\xC0\x24\x82\x5D\x2B\x16\xAD\xCA\x63\xF6\x74\x00\xB0\xDF\x43\xC4\x10\x60\x56\x67\x63\x45\x02\x03\x01\x00\x01\xA3\x81\xFF\x30\x81\xFC\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x8D\xB2\x49\x68\x9D\x72\x08\x25\xB9\xC0\x27\xF5\x50\x93\x56\x48\x46\x71\xF9\x8F\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x36\x06\x03\x55\x1D\x11\x04\x2F\x30\x2D\x81\x13\x63\x61\x6F\x70\x65\x72\x61\x74\x6F\x72\x40\x64\x69\x73\x69\x67\x2E\x73\x6B\x86\x16\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x64\x69\x73\x69\x67\x2E\x73\x6B\x2F\x63\x61\x30\x66\x06\x03\x55\x1D\x1F\x04\x5F\x30\x5D\x30\x2D\xA0\x2B\xA0\x29\x86\x27\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x64\x69\x73\x69\x67\x2E\x73\x6B\x2F\x63\x61\x2F\x63\x72\x6C\x2F\x63\x61\x5F\x64\x69\x73\x69\x67\x2E\x63\x72\x6C\x30\x2C\xA0\x2A\xA0\x28\x86\x26\x68\x74\x74\x70\x3A\x2F\x2F\x63\x61\x2E\x64\x69\x73\x69\x67\x2E\x73\x6B\x2F\x63\x61\x2F\x63\x72\x6C\x2F\x63\x61\x5F\x64\x69\x73\x69\x67\x2E\x63\x72\x6C\x30\x1A\x06\x03\x55\x1D\x20\x04\x13\x30\x11\x30\x0F\x06\x0D\x2B\x81\x1E\x91\x93\xE6\x0A\x00\x00\x00\x01\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5D\x34\x74\x61\x4C\xAF\x3B\xD8\xFF\x9F\x6D\x58\x36\x1C\x3D\x0B\x81\x0D\x12\x2B\x46\x10\x80\xFD\xE7\x3C\x27\xD0\x7A\xC8\xA9\xB6\x7E\x74\x30\x33\xA3\x3A\x8A\x7B\x74\xC0\x79\x79\x42\x93\x6D\xFF\xB1\x29\x14\x82\xAB\x21\x8C\x2F\x17\xF9\x3F\x26\x2F\xF5\x59\xC6\xEF\x80\x06\xB7\x9A\x49\x29\xEC\xCE\x7E\x71\x3C\x6A\x10\x41\xC0\xF6\xD3\x9A\xB2\x7C\x5A\x91\x9C\xC0\xAC\x5B\xC8\x4D\x5E\xF7\xE1\x53\xFF\x43\x77\xFC\x9E\x4B\x67\x6C\xD7\xF3\x83\xD1\xA0\xE0\x7F\x25\xDF\xB8\x98\x0B\x9A\x32\x38\x6C\x30\xA0\xF3\xFF\x08\x15\x33\xF7\x50\x4A\x7B\x3E\xA3\x3E\x20\xA9\xDC\x2F\x56\x80\x0A\xED\x41\x50\xB0\xC9\xF4\xEC\xB2\xE3\x26\x44\x00\x0E\x6F\x9E\x06\xBC\x22\x96\x53\x70\x65\xC4\x50\x0A\x46\x6B\xA4\x2F\x27\x81\x12\x27\x13\x5F\x10\xA1\x76\xCE\x8A\x7B\x37\xEA\xC3\x39\x61\x03\x95\x98\x3A\xE7\x6C\x88\x25\x08\xFC\x79\x68\x0D\x87\x7D\x62\xF8\xB4\x5F\xFB\xC5\xD8\x4C\xBD\x58\xBC\x3F\x43\x5B\xD4\x1E\x01\x4D\x3C\x63\xBE\x23\xEF\x8C\xCD\x5A\x50\xB8\x68\x54\xF9\x0A\x99\x33\x11\x00\xE1\x9E\xC2\x46\x77\x82\xF5\x59\x06\x8C\x21\x4C\x87\x09\xCD\xE5\xA8",
+	["CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,emailAddress=pki@sk.ee"] = "\x30\x82\x04\xE6\x30\x82\x03\xCE\xA0\x03\x02\x01\x02\x02\x04\x3B\x8E\x4B\xFC\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x5D\x31\x18\x30\x16\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x09\x70\x6B\x69\x40\x73\x6B\x2E\x65\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x45\x31\x22\x30\x20\x06\x03\x55\x04\x0A\x13\x19\x41\x53\x20\x53\x65\x72\x74\x69\x66\x69\x74\x73\x65\x65\x72\x69\x6D\x69\x73\x6B\x65\x73\x6B\x75\x73\x31\x10\x30\x0E\x06\x03\x55\x04\x03\x13\x07\x4A\x75\x75\x72\x2D\x53\x4B\x30\x1E\x17\x0D\x30\x31\x30\x38\x33\x30\x31\x34\x32\x33\x30\x31\x5A\x17\x0D\x31\x36\x30\x38\x32\x36\x31\x34\x32\x33\x30\x31\x5A\x30\x5D\x31\x18\x30\x16\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x09\x70\x6B\x69\x40\x73\x6B\x2E\x65\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x45\x31\x22\x30\x20\x06\x03\x55\x04\x0A\x13\x19\x41\x53\x20\x53\x65\x72\x74\x69\x66\x69\x74\x73\x65\x65\x72\x69\x6D\x69\x73\x6B\x65\x73\x6B\x75\x73\x31\x10\x30\x0E\x06\x03\x55\x04\x03\x13\x07\x4A\x75\x75\x72\x2D\x53\x4B\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x81\x71\x36\x3E\x33\x07\xD6\xE3\x30\x8D\x13\x7E\x77\x32\x46\xCB\xCF\x19\xB2\x60\x31\x46\x97\x86\xF4\x98\x46\xA4\xC2\x65\x45\xCF\xD3\x40\x7C\xE3\x5A\x22\xA8\x10\x78\x33\xCC\x88\xB1\xD3\x81\x4A\xF6\x62\x17\x7B\x5F\x4D\x0A\x2E\xD0\xCF\x8B\x23\xEE\x4F\x02\x4E\xBB\xEB\x0E\xCA\xBD\x18\x63\xE8\x80\x1C\x8D\xE1\x1C\x8D\x3D\xE0\xFF\x5B\x5F\xEA\x64\xE5\x97\xE8\x3F\x99\x7F\x0C\x0A\x09\x33\x00\x1A\x53\xA7\x21\xE1\x38\x4B\xD6\x83\x1B\xAD\xAF\x64\xC2\xF9\x1C\x7A\x8C\x66\x48\x4D\x66\x1F\x18\x0A\xE2\x3E\xBB\x1F\x07\x65\x93\x85\xB9\x1A\xB0\xB9\xC4\xFB\x0D\x11\xF6\xF5\xD6\xF9\x1B\xC7\x2C\x2B\xB7\x18\x51\xFE\xE0\x7B\xF6\xA8\x48\xAF\x6C\x3B\x4F\x2F\xEF\xF8\xD1\x47\x1E\x26\x57\xF0\x51\x1D\x33\x96\xFF\xEF\x59\x3D\xDA\x4D\xD1\x15\x34\xC7\xEA\x3F\x16\x48\x7B\x91\x1C\x80\x43\x0F\x3D\xB8\x05\x3E\xD1\xB3\x95\xCD\xD8\xCA\x0F\xC2\x43\x67\xDB\xB7\x93\xE0\x22\x82\x2E\xBE\xF5\x68\x28\x83\xB9\xC1\x3B\x69\x7B\x20\xDA\x4E\x9C\x6D\xE1\xBA\xCD\x8F\x7A\x6C\xB0\x09\x22\xD7\x8B\x0B\xDB\x1C\xD5\x5A\x26\x5B\x0D\xC0\xEA\xE5\x60\xD0\x9F\xFE\x35\xDF\x3F\x02\x03\x01\x00\x01\xA3\x82\x01\xAC\x30\x82\x01\xA8\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x82\x01\x16\x06\x03\x55\x1D\x20\x04\x82\x01\x0D\x30\x82\x01\x09\x30\x82\x01\x05\x06\x0A\x2B\x06\x01\x04\x01\xCE\x1F\x01\x01\x01\x30\x81\xF6\x30\x81\xD0\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x81\xC3\x1E\x81\xC0\x00\x53\x00\x65\x00\x65\x00\x20\x00\x73\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x6B\x00\x61\x00\x61\x00\x74\x00\x20\x00\x6F\x00\x6E\x00\x20\x00\x76\x00\xE4\x00\x6C\x00\x6A\x00\x61\x00\x73\x00\x74\x00\x61\x00\x74\x00\x75\x00\x64\x00\x20\x00\x41\x00\x53\x00\x2D\x00\x69\x00\x73\x00\x20\x00\x53\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x74\x00\x73\x00\x65\x00\x65\x00\x72\x00\x69\x00\x6D\x00\x69\x00\x73\x00\x6B\x00\x65\x00\x73\x00\x6B\x00\x75\x00\x73\x00\x20\x00\x61\x00\x6C\x00\x61\x00\x6D\x00\x2D\x00\x53\x00\x4B\x00\x20\x00\x73\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x6B\x00\x61\x00\x61\x00\x74\x00\x69\x00\x64\x00\x65\x00\x20\x00\x6B\x00\x69\x00\x6E\x00\x6E\x00\x69\x00\x74\x00\x61\x00\x6D\x00\x69\x00\x73\x00\x65\x00\x6B\x00\x73\x30\x21\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x15\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x73\x6B\x2E\x65\x65\x2F\x63\x70\x73\x2F\x30\x2B\x06\x03\x55\x1D\x1F\x04\x24\x30\x22\x30\x20\xA0\x1E\xA0\x1C\x86\x1A\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x73\x6B\x2E\x65\x65\x2F\x6A\x75\x75\x72\x2F\x63\x72\x6C\x2F\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x04\xAA\x7A\x47\xA3\xE4\x89\xAF\x1A\xCF\x0A\x40\xA7\x18\x3F\x6F\xEF\xE9\x7D\xBE\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x04\xAA\x7A\x47\xA3\xE4\x89\xAF\x1A\xCF\x0A\x40\xA7\x18\x3F\x6F\xEF\xE9\x7D\xBE\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\xE6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7B\xC1\x18\x94\x53\xA2\x09\xF3\xFE\x26\x67\x9A\x50\xE4\xC3\x05\x2F\x2B\x35\x78\x91\x4C\x7C\xA8\x11\x11\x79\x4C\x49\x59\xAC\xC8\xF7\x85\x65\x5C\x46\xBB\x3B\x10\xA0\x02\xAF\xCD\x4F\xB5\xCC\x36\x2A\xEC\x5D\xFE\xEF\xA0\x91\xC9\xB6\x93\x6F\x7C\x80\x54\xEC\xC7\x08\x70\x0D\x8E\xFB\x82\xEC\x2A\x60\x78\x69\x36\x36\xD1\xC5\x9C\x8B\x69\xB5\x40\xC8\x94\x65\x77\xF2\x57\x21\x66\x3B\xCE\x85\x40\xB6\x33\x63\x1A\xBF\x79\x1E\xFC\x5C\x1D\xD3\x1D\x93\x1B\x8B\x0C\x5D\x85\xBD\x99\x30\x32\x18\x09\x91\x52\xE9\x7C\xA1\xBA\xFF\x64\x92\x9A\xEC\xFE\x35\xEE\x8C\x2F\xAE\xFC\x20\x86\xEC\x4A\xDE\x1B\x78\x32\x37\xA6\x81\xD2\x9D\xAF\x5A\x12\x16\xCA\x99\x5B\xFC\x6F\x6D\x0E\xC5\xA0\x1E\x86\xC9\x91\xD0\x5C\x98\x82\x5F\x63\x0C\x8A\x5A\xAB\xD8\x95\xA6\xCC\xCB\x8A\xD6\xBF\x64\x4B\x8E\xCA\x8A\xB2\xB0\xE9\x21\x32\x9E\xAA\xA8\x85\x98\x34\x81\x39\x21\x3B\xA8\x3A\x52\x32\x3D\xF6\x6B\x37\x86\x06\x5A\x15\x98\xDC\xF0\x11\x66\xFE\x34\x20\xB7\x03\xF4\x41\x10\x7D\x39\x84\x79\x96\x72\x63\xB6\x96\x02\xE5\x6B\xB9\xAD\x19\x4D\xBB\xC6\x44\xDB\x36\xCB\x2A\x9C\x8E",
+	["CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK"] = "\x30\x82\x03\x30\x30\x82\x02\x18\xA0\x03\x02\x01\x02\x02\x02\x03\xE8\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x47\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x4B\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x48\x6F\x6E\x67\x6B\x6F\x6E\x67\x20\x50\x6F\x73\x74\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x48\x6F\x6E\x67\x6B\x6F\x6E\x67\x20\x50\x6F\x73\x74\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x31\x30\x1E\x17\x0D\x30\x33\x30\x35\x31\x35\x30\x35\x31\x33\x31\x34\x5A\x17\x0D\x32\x33\x30\x35\x31\x35\x30\x34\x35\x32\x32\x39\x5A\x30\x47\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x4B\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x48\x6F\x6E\x67\x6B\x6F\x6E\x67\x20\x50\x6F\x73\x74\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x48\x6F\x6E\x67\x6B\x6F\x6E\x67\x20\x50\x6F\x73\x74\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAC\xFF\x38\xB6\xE9\x66\x02\x49\xE3\xA2\xB4\xE1\x90\xF9\x40\x8F\x79\xF9\xE2\xBD\x79\xFE\x02\xBD\xEE\x24\x92\x1D\x22\xF6\xDA\x85\x72\x69\xFE\xD7\x3F\x09\xD4\xDD\x91\xB5\x02\x9C\xD0\x8D\x5A\xE1\x55\xC3\x50\x86\xB9\x29\x26\xC2\xE3\xD9\xA0\xF1\x69\x03\x28\x20\x80\x45\x22\x2D\x56\xA7\x3B\x54\x95\x56\x22\x59\x1F\x28\xDF\x1F\x20\x3D\x6D\xA2\x36\xBE\x23\xA0\xB1\x6E\xB5\xB1\x27\x3F\x39\x53\x09\xEA\xAB\x6A\xE8\x74\xB2\xC2\x65\x5C\x8E\xBF\x7C\xC3\x78\x84\xCD\x9E\x16\xFC\xF5\x2E\x4F\x20\x2A\x08\x9F\x77\xF3\xC5\x1E\xC4\x9A\x52\x66\x1E\x48\x5E\xE3\x10\x06\x8F\x22\x98\xE1\x65\x8E\x1B\x5D\x23\x66\x3B\xB8\xA5\x32\x51\xC8\x86\xAA\xA1\xA9\x9E\x7F\x76\x94\xC2\xA6\x6C\xB7\x41\xF0\xD5\xC8\x06\x38\xE6\xD4\x0C\xE2\xF3\x3B\x4C\x6D\x50\x8C\xC4\x83\x27\xC1\x13\x84\x59\x3D\x9E\x75\x74\xB6\xD8\x02\x5E\x3A\x90\x7A\xC0\x42\x36\x72\xEC\x6A\x4D\xDC\xEF\xC4\x00\xDF\x13\x18\x57\x5F\x26\x78\xC8\xD6\x0A\x79\x77\xBF\xF7\xAF\xB7\x76\xB9\xA5\x0B\x84\x17\x5D\x10\xEA\x6F\xE1\xAB\x95\x11\x5F\x6D\x3C\xA3\x5C\x4D\x83\x5B\xF2\xB3\x19\x8A\x80\x8B\x0B\x87\x02\x03\x01\x00\x01\xA3\x26\x30\x24\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x03\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\xC6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x0E\x46\xD5\x3C\xAE\xE2\x87\xD9\x5E\x81\x8B\x02\x98\x41\x08\x8C\x4C\xBC\xDA\xDB\xEE\x27\x1B\x82\xE7\x6A\x45\xEC\x16\x8B\x4F\x85\xA0\xF3\xB2\x70\xBD\x5A\x96\xBA\xCA\x6E\x6D\xEE\x46\x8B\x6E\xE7\x2A\x2E\x96\xB3\x19\x33\xEB\xB4\x9F\xA8\xB2\x37\xEE\x98\xA8\x97\xB6\x2E\xB6\x67\x27\xD4\xA6\x49\xFD\x1C\x93\x65\x76\x9E\x42\x2F\xDC\x22\x6C\x9A\x4F\xF2\x5A\x15\x39\xB1\x71\xD7\x2B\x51\xE8\x6D\x1C\x98\xC0\xD9\x2A\xF4\xA1\x82\x7B\xD5\xC9\x41\xA2\x23\x01\x74\x38\x55\x8B\x0F\xB9\x2E\x67\xA2\x20\x04\x37\xDA\x9C\x0B\xD3\x17\x21\xE0\x8F\x97\x79\x34\x6F\x84\x48\x02\x20\x33\x1B\xE6\x34\x44\x9F\x91\x70\xF4\x80\x5E\x84\x43\xC2\x29\xD2\x6C\x12\x14\xE4\x61\x8D\xAC\x10\x90\x9E\x84\x50\xBB\xF0\x96\x6F\x45\x9F\x8A\xF3\xCA\x6C\x4F\xFA\x11\x3A\x15\x15\x46\xC3\xCD\x1F\x83\x5B\x2D\x41\x12\xED\x50\x67\x41\x13\x3D\x21\xAB\x94\x8A\xAA\x4E\x7C\xC1\xB1\xFB\xA7\xD6\xB5\x27\x2F\x97\xAB\x6E\xE0\x1D\xE2\xD1\x1C\x2C\x1F\x44\xE2\xFC\xBE\x91\xA1\x9C\xFB\xD6\x29\x53\x73\x86\x9F\x53\xD8\x43\x0E\x5D\xD6\x63\x82\x71\x1D\x80\x74\xCA\xF6\xE2\x02\x6B\xD9\x5A",
+	["CN=SecureSign RootCA11,O=Japan Certification Services\, Inc.,C=JP"] = "\x30\x82\x03\x6D\x30\x82\x02\x55\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x58\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x2B\x30\x29\x06\x03\x55\x04\x0A\x13\x22\x4A\x61\x70\x61\x6E\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x2C\x20\x49\x6E\x63\x2E\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x53\x65\x63\x75\x72\x65\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x43\x41\x31\x31\x30\x1E\x17\x0D\x30\x39\x30\x34\x30\x38\x30\x34\x35\x36\x34\x37\x5A\x17\x0D\x32\x39\x30\x34\x30\x38\x30\x34\x35\x36\x34\x37\x5A\x30\x58\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x2B\x30\x29\x06\x03\x55\x04\x0A\x13\x22\x4A\x61\x70\x61\x6E\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x2C\x20\x49\x6E\x63\x2E\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x53\x65\x63\x75\x72\x65\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x43\x41\x31\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xFD\x77\xAA\xA5\x1C\x90\x05\x3B\xCB\x4C\x9B\x33\x8B\x5A\x14\x45\xA4\xE7\x90\x16\xD1\xDF\x57\xD2\x21\x10\xA4\x17\xFD\xDF\xAC\xD6\x1F\xA7\xE4\xDB\x7C\xF7\xEC\xDF\xB8\x03\xDA\x94\x58\xFD\x5D\x72\x7C\x8C\x3F\x5F\x01\x67\x74\x15\x96\xE3\x02\x3C\x87\xDB\xAE\xCB\x01\x8E\xC2\xF3\x66\xC6\x85\x45\xF4\x02\xC6\x3A\xB5\x62\xB2\xAF\xFA\x9C\xBF\xA4\xE6\xD4\x80\x30\x98\xF3\x0D\xB6\x93\x8F\xA9\xD4\xD8\x36\xF2\xB0\xFC\x8A\xCA\x2C\xA1\x15\x33\x95\x31\xDA\xC0\x1B\xF2\xEE\x62\x99\x86\x63\x3F\xBF\xDD\x93\x2A\x83\xA8\x76\xB9\x13\x1F\xB7\xCE\x4E\x42\x85\x8F\x22\xE7\x2E\x1A\xF2\x95\x09\xB2\x05\xB5\x44\x4E\x77\xA1\x20\xBD\xA9\xF2\x4E\x0A\x7D\x50\xAD\xF5\x05\x0D\x45\x4F\x46\x71\xFD\x28\x3E\x53\xFB\x04\xD8\x2D\xD7\x65\x1D\x4A\x1B\xFA\xCF\x3B\xB0\x31\x9A\x35\x6E\xC8\x8B\x06\xD3\x00\x91\xF2\x94\x08\x65\x4C\xB1\x34\x06\x00\x7A\x89\xE2\xF0\xC7\x03\x59\xCF\xD5\xD6\xE8\xA7\x32\xB3\xE6\x98\x40\x86\xC5\xCD\x27\x12\x8B\xCC\x7B\xCE\xB7\x11\x3C\x62\x60\x07\x23\x3E\x2B\x40\x6E\x94\x80\x09\x6D\xB6\xB3\x6F\x77\x6F\x35\x08\x50\xFB\x02\x87\xC5\x3E\x89\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x5B\xF8\x4D\x4F\xB2\xA5\x86\xD4\x3A\xD2\xF1\x63\x9A\xA0\xBE\x09\xF6\x57\xB7\xDE\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xA0\xA1\x38\x16\x66\x2E\xA7\x56\x1F\x21\x9C\x06\xFA\x1D\xED\xB9\x22\xC5\x38\x26\xD8\x4E\x4F\xEC\xA3\x7F\x79\xDE\x46\x21\xA1\x87\x77\x8F\x07\x08\x9A\xB2\xA4\xC5\xAF\x0F\x32\x98\x0B\x7C\x66\x29\xB6\x9B\x7D\x25\x52\x49\x43\xAB\x4C\x2E\x2B\x6E\x7A\x70\xAF\x16\x0E\xE3\x02\x6C\xFB\x42\xE6\x18\x9D\x45\xD8\x55\xC8\xE8\x3B\xDD\xE7\xE1\xF4\x2E\x0B\x1C\x34\x5C\x6C\x58\x4A\xFB\x8C\x88\x50\x5F\x95\x1C\xBF\xED\xAB\x22\xB5\x65\xB3\x85\xBA\x9E\x0F\xB8\xAD\xE5\x7A\x1B\x8A\x50\x3A\x1D\xBD\x0D\xBC\x7B\x54\x50\x0B\xB9\x42\xAF\x55\xA0\x18\x81\xAD\x65\x99\xEF\xBE\xE4\x9C\xBF\xC4\x85\xAB\x41\xB2\x54\x6F\xDC\x25\xCD\xED\x78\xE2\x8E\x0C\x8D\x09\x49\xDD\x63\x7B\x5A\x69\x96\x02\x21\xA8\xBD\x52\x59\xE9\x7D\x35\xCB\xC8\x52\xCA\x7F\x81\xFE\xD9\x6B\xD3\xF7\x11\xED\x25\xDF\xF8\xE7\xF9\xA4\xFA\x72\x97\x84\x53\x0D\xA5\xD0\x32\x18\x51\x76\x59\x14\x6C\x0F\xEB\xEC\x5F\x80\x8C\x75\x43\x83\xC3\x85\x98\xFF\x4C\x9E\x2D\x0D\xE4\x77\x83\x93\x4E\xB5\x96\x07\x8B\x28\x13\x9B\x8C\x19\x8D\x41\x27\x49\x40\xEE\xDE\xE6\x23\x44\x39\xDC\xA1\x22\xD6\xBA\x03\xF2",
+	["C=ES,O=EDICOM,OU=PKI,CN=ACEDICOM Root"] = "\x30\x82\x05\xB5\x30\x82\x03\x9D\xA0\x03\x02\x01\x02\x02\x08\x61\x8D\xC7\x86\x3B\x01\x82\x05\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x44\x31\x16\x30\x14\x06\x03\x55\x04\x03\x0C\x0D\x41\x43\x45\x44\x49\x43\x4F\x4D\x20\x52\x6F\x6F\x74\x31\x0C\x30\x0A\x06\x03\x55\x04\x0B\x0C\x03\x50\x4B\x49\x31\x0F\x30\x0D\x06\x03\x55\x04\x0A\x0C\x06\x45\x44\x49\x43\x4F\x4D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x30\x1E\x17\x0D\x30\x38\x30\x34\x31\x38\x31\x36\x32\x34\x32\x32\x5A\x17\x0D\x32\x38\x30\x34\x31\x33\x31\x36\x32\x34\x32\x32\x5A\x30\x44\x31\x16\x30\x14\x06\x03\x55\x04\x03\x0C\x0D\x41\x43\x45\x44\x49\x43\x4F\x4D\x20\x52\x6F\x6F\x74\x31\x0C\x30\x0A\x06\x03\x55\x04\x0B\x0C\x03\x50\x4B\x49\x31\x0F\x30\x0D\x06\x03\x55\x04\x0A\x0C\x06\x45\x44\x49\x43\x4F\x4D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xFF\x92\x95\xE1\x68\x06\x76\xB4\x2C\xC8\x58\x48\xCA\xFD\x80\x54\x29\x55\x63\x24\xFF\x90\x65\x9B\x10\x75\x7B\xC3\x6A\xDB\x62\x02\x01\xF2\x18\x86\xB5\x7C\x5A\x38\xB1\xE4\x58\xB9\xFB\xD3\xD8\x2D\x9F\xBD\x32\x37\xBF\x2C\x15\x6D\xBE\xB5\xF4\x21\xD2\x13\x91\xD9\x07\xAD\x01\x05\xD6\xF3\xBD\x77\xCE\x5F\x42\x81\x0A\xF9\x6A\xE3\x83\x00\xA8\x2B\x2E\x55\x13\x63\x81\xCA\x47\x1C\x7B\x5C\x16\x57\x7A\x1B\x83\x60\x04\x3A\x3E\x65\xC3\xCD\x01\xDE\xDE\xA4\xD6\x0C\xBA\x8E\xDE\xD9\x04\xEE\x17\x56\x22\x9B\x8F\x63\xFD\x4D\x16\x0B\xB7\x7B\x77\x8C\xF9\x25\xB5\xD1\x6D\x99\x12\x2E\x4F\x1A\xB8\xE6\xEA\x04\x92\xAE\x3D\x11\xB9\x51\x42\x3D\x87\xB0\x31\x85\xAF\x79\x5A\x9C\xFE\xE7\x4E\x5E\x92\x4F\x43\xFC\xAB\x3A\xAD\xA5\x12\x26\x66\xB9\xE2\x0C\xD7\x98\xCE\xD4\x58\xA5\x95\x40\x0A\xB7\x44\x9D\x13\x74\x2B\xC2\xA5\xEB\x22\x15\x98\x10\xD8\x8B\xC5\x04\x9F\x1D\x8F\x60\xE5\x06\x1B\x9B\xCF\xB9\x79\xA0\x3D\xA2\x23\x3F\x42\x3F\x6B\xFA\x1C\x03\x7B\x30\x8D\xCE\x6C\xC0\xBF\xE6\x1B\x5F\xBF\x67\xB8\x84\x19\xD5\x15\xEF\x7B\xCB\x90\x36\x31\x62\xC9\xBC\x02\xAB\x46\x5F\x9B\xFE\x1A\x68\x94\x34\x3D\x90\x8E\xAD\xF6\xE4\x1D\x09\x7F\x4A\x88\x38\x3F\xBE\x67\xFD\x34\x96\xF5\x1D\xBC\x30\x74\xCB\x38\xEE\xD5\x6C\xAB\xD4\xFC\xF4\x00\xB7\x00\x5B\x85\x32\x16\x76\x33\xE9\xD8\xA3\x99\x9D\x05\x00\xAA\x16\xE6\xF3\x81\x7D\x6F\x7D\xAA\x86\x6D\xAD\x15\x74\xD3\xC4\xA2\x71\xAA\xF4\x14\x7D\xE7\x32\xB8\x1F\xBC\xD5\xF1\x4E\xBD\x6F\x17\x02\x39\xD7\x0E\x95\x42\x3A\xC7\x00\x3E\xE9\x26\x63\x11\xEA\x0B\xD1\x4A\xFF\x18\x9D\xB2\xD7\x7B\x2F\x3A\xD9\x96\xFB\xE8\x1E\x92\xAE\x13\x55\xC8\xD9\x27\xF6\xDC\x48\x1B\xB0\x24\xC1\x85\xE3\x77\x9D\x9A\xA4\xF3\x0C\x11\x1D\x0D\xC8\xB4\x14\xEE\xB5\x82\x57\x09\xBF\x20\x58\x7F\x2F\x22\x23\xD8\x70\xCB\x79\x6C\xC9\x4B\xF2\xA9\x2A\xC8\xFC\x87\x2B\xD7\x1A\x50\xF8\x27\xE8\x2F\x43\xE3\x3A\xBD\xD8\x57\x71\xFD\xCE\xA6\x52\x5B\xF9\xDD\x4D\xED\xE5\xF6\x6F\x89\xED\xBB\x93\x9C\x76\x21\x75\xF0\x92\x4C\x29\xF7\x2F\x9C\x01\x2E\xFE\x50\x46\x9E\x64\x0C\x14\xB3\x07\x5B\xC5\xC2\x73\x6C\xF1\x07\x5C\x45\x24\x14\x35\xAE\x83\xF1\x6A\x4D\x89\x7A\xFA\xB3\xD8\x2D\x66\xF0\x36\x87\xF5\x2B\x53\x02\x03\x01\x00\x01\xA3\x81\xAA\x30\x81\xA7\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xA6\xB3\xE1\x2B\x2B\x49\xB6\xD7\x73\xA1\xAA\x94\xF5\x01\xE7\x73\x65\x4C\xAC\x50\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA6\xB3\xE1\x2B\x2B\x49\xB6\xD7\x73\xA1\xAA\x94\xF5\x01\xE7\x73\x65\x4C\xAC\x50\x30\x44\x06\x03\x55\x1D\x20\x04\x3D\x30\x3B\x30\x39\x06\x04\x55\x1D\x20\x00\x30\x31\x30\x2F\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3A\x2F\x2F\x61\x63\x65\x64\x69\x63\x6F\x6D\x2E\x65\x64\x69\x63\x6F\x6D\x67\x72\x6F\x75\x70\x2E\x63\x6F\x6D\x2F\x64\x6F\x63\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\xCE\x2C\x0B\x52\x51\x62\x26\x7D\x0C\x27\x83\x8F\xC5\xF6\xDA\xA0\x68\x7B\x4F\x92\x5E\xEA\xA4\x73\x32\x11\x53\x44\xB2\x44\xCB\x9D\xEC\x0F\x79\x42\xB3\x10\xA6\xC7\x0D\x9D\xCB\xB6\xFA\x3F\x3A\x7C\xEA\xBF\x88\x53\x1B\x3C\xF7\x82\xFA\x05\x35\x33\xE1\x35\xA8\x57\xC0\xE7\xFD\x8D\x4F\x3F\x93\x32\x4F\x78\x66\x03\x77\x07\x58\xE9\x95\xC8\x7E\x3E\xD0\x79\x00\x8C\xF2\x1B\x51\x33\x9B\xBC\x94\xE9\x3A\x7B\x6E\x52\x2D\x32\x9E\x23\xA4\x45\xFB\xB6\x2E\x13\xB0\x8B\x18\xB1\xDD\xCE\xD5\x1D\xA7\x42\x7F\x55\xBE\xFB\x5B\xBB\x47\xD4\xFC\x24\xCD\x04\xAE\x96\x05\x15\xD6\xAC\xCE\x30\xF3\xCA\x0B\xC5\xBA\xE2\x22\xE0\xA6\xAD\x22\xE4\x02\xEE\x74\x11\x7F\x4C\xFF\x78\x1D\x35\xDA\xE6\x02\x34\xEB\x18\x12\x61\x77\x06\x09\x16\x63\xEA\x18\xAD\xA2\x87\x1F\xF2\xC7\x80\x09\x09\x75\x4E\x10\xA8\x8F\x3D\x86\xB8\x75\x11\xC0\x24\x62\x8A\x96\x7B\x4A\x45\xE9\xEC\x59\xC5\xBE\x6B\x83\xE6\xE1\xE8\xAC\xB5\x30\x1E\xFE\x05\x07\x80\xF9\xE1\x23\x0D\x50\x8F\x05\x98\xFF\x2C\x5F\xE8\x3B\xB6\xAD\xCF\x81\xB5\x21\x87\xCA\x08\x2A\x23\x27\x30\x20\x2B\xCF\xED\x94\x5B\xAC\xB2\x7A\xD2\xC7\x28\xA1\x8A\x0B\x9B\x4D\x4A\x2C\x6D\x85\x3F\x09\x72\x3C\x67\xE2\xD9\xDC\x07\xBA\xEB\x65\x7B\x5A\x01\x63\xD6\x90\x5B\x4F\x17\x66\x3D\x7F\x0B\x19\xA3\x93\x63\x10\x52\x2A\x9F\x14\x16\x58\xE2\xDC\xA5\xF4\xA1\x16\x8B\x0E\x91\x8B\x81\xCA\x9B\x59\xFA\xD8\x6B\x91\x07\x65\x55\x5F\x52\x1F\xAF\x3A\xFB\x90\xDD\x69\xA5\x5B\x9C\x6D\x0E\x2C\xB6\xFA\xCE\xAC\xA5\x7C\x32\x4A\x67\x40\xDC\x30\x34\x23\xDD\xD7\x04\x23\x66\xF0\xFC\x55\x80\xA7\xFB\x66\x19\x82\x35\x67\x62\x70\x39\x5E\x6F\xC7\xEA\x90\x40\x44\x08\x1E\xB8\xB2\xD6\xDB\xEE\x59\xA7\x0D\x18\x79\x34\xBC\x54\x18\x5E\x53\xCA\x34\x51\xED\x45\x0A\xE6\x8E\xC7\x82\x36\x3E\xA7\x38\x63\xA9\x30\x2C\x17\x10\x60\x92\x9F\x55\x87\x12\x59\x10\xC2\x0F\x67\x69\x11\xCC\x4E\x1E\x7E\x4A\x9A\xAD\xAF\x40\xA8\x75\xAC\x56\x90\x74\xB8\xA0\x9C\xA5\x79\x6F\xDC\xE9\x1A\xC8\x69\x05\xE9\xBA\xFA\x03\xB3\x7C\xE4\xE0\x4E\xC2\xCE\x9D\xE8\xB6\x46\x0D\x6E\x7E\x57\x3A\x67\x94\xC2\xCB\x1F\x9C\x77\x4A\x67\x4E\x69\x86\x43\x93\x38\xFB\xB6\xDB\x4F\x83\x91\xD4\x60\x7E\x4B\x3E\x2B\x38\x07\x55\x98\x5E\xA4",
+	["emailAddress=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU"] = "\x30\x82\x04\x0A\x30\x82\x02\xF2\xA0\x03\x02\x01\x02\x02\x09\x00\xC2\x7E\x43\x04\x4E\x47\x3F\x19\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x0C\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x0C\x0D\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x4C\x74\x64\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x30\x39\x31\x1F\x30\x1D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x10\x69\x6E\x66\x6F\x40\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x30\x1E\x17\x0D\x30\x39\x30\x36\x31\x36\x31\x31\x33\x30\x31\x38\x5A\x17\x0D\x32\x39\x31\x32\x33\x30\x31\x31\x33\x30\x31\x38\x5A\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x0C\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x0C\x0D\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x4C\x74\x64\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x30\x39\x31\x1F\x30\x1D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x10\x69\x6E\x66\x6F\x40\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xE9\xF8\x8F\xF3\x63\xAD\xDA\x86\xD8\xA7\xE0\x42\xFB\xCF\x91\xDE\xA6\x26\xF8\x99\xA5\x63\x70\xAD\x9B\xAE\xCA\x33\x40\x7D\x6D\x96\x6E\xA1\x0E\x44\xEE\xE1\x13\x9D\x94\x42\x52\x9A\xBD\x75\x85\x74\x2C\xA8\x0E\x1D\x93\xB6\x18\xB7\x8C\x2C\xA8\xCF\xFB\x5C\x71\xB9\xDA\xEC\xFE\xE8\x7E\x8F\xE4\x2F\x1D\xB2\xA8\x75\x87\xD8\xB7\xA1\xE5\x3B\xCF\x99\x4A\x46\xD0\x83\x19\x7D\xC0\xA1\x12\x1C\x95\x6D\x4A\xF4\xD8\xC7\xA5\x4D\x33\x2E\x85\x39\x40\x75\x7E\x14\x7C\x80\x12\x98\x50\xC7\x41\x67\xB8\xA0\x80\x61\x54\xA6\x6C\x4E\x1F\xE0\x9D\x0E\x07\xE9\xC9\xBA\x33\xE7\xFE\xC0\x55\x28\x2C\x02\x80\xA7\x19\xF5\x9E\xDC\x55\x53\x03\x97\x7B\x07\x48\xFF\x99\xFB\x37\x8A\x24\xC4\x59\xCC\x50\x10\x63\x8E\xAA\xA9\x1A\xB0\x84\x1A\x86\xF9\x5F\xBB\xB1\x50\x6E\xA4\xD1\x0A\xCC\xD5\x71\x7E\x1F\xA7\x1B\x7C\xF5\x53\x6E\x22\x5F\xCB\x2B\xE6\xD4\x7C\x5D\xAE\xD6\xC2\xC6\x4C\xE5\x05\x01\xD9\xED\x57\xFC\xC1\x23\x79\xFC\xFA\xC8\x24\x83\x95\xF3\xB5\x6A\x51\x01\xD0\x77\xD6\xE9\x12\xA1\xF9\x1A\x83\xFB\x82\x1B\xB9\xB0\x97\xF4\x76\x06\x33\x43\x49\xA0\xFF\x0B\xB5\xFA\xB5\x02\x03\x01\x00\x01\xA3\x81\x80\x30\x7E\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xCB\x0F\xC6\xDF\x42\x43\xCC\x3D\xCB\xB5\x48\x23\xA1\x1A\x7A\xA6\x2A\xBB\x34\x68\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xCB\x0F\xC6\xDF\x42\x43\xCC\x3D\xCB\xB5\x48\x23\xA1\x1A\x7A\xA6\x2A\xBB\x34\x68\x30\x1B\x06\x03\x55\x1D\x11\x04\x14\x30\x12\x81\x10\x69\x6E\x66\x6F\x40\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\xC9\xD1\x0E\x5E\x2E\xD5\xCC\xB3\x7C\x3E\xCB\xFC\x3D\xFF\x0D\x28\x95\x93\x04\xC8\xBF\xDA\xCD\x79\xB8\x43\x90\xF0\xA4\xBE\xEF\xF2\xEF\x21\x98\xBC\xD4\xD4\x5D\x06\xF6\xEE\x42\xEC\x30\x6C\xA0\xAA\xA9\xCA\xF1\xAF\x8A\xFA\x3F\x0B\x73\x6A\x3E\xEA\x2E\x40\x7E\x1F\xAE\x54\x61\x79\xEB\x2E\x08\x37\xD7\x23\xF3\x8C\x9F\xBE\x1D\xB1\xE1\xA4\x75\xDB\xA0\xE2\x54\x14\xB1\xBA\x1C\x29\xA4\x18\xF6\x12\xBA\xA2\x14\x14\xE3\x31\x35\xC8\x40\xFF\xB7\xE0\x05\x76\x57\xC1\x1C\x59\xF2\xF8\xBF\xE4\xED\x25\x62\x5C\x84\xF0\x7E\x7E\x1F\xB3\xBE\xF9\xB7\x21\x11\xCC\x03\x01\x56\x70\xA7\x10\x92\x1E\x1B\x34\x81\x1E\xAD\x9C\x1A\xC3\x04\x3C\xED\x02\x61\xD6\x1E\x06\xF3\x5F\x3A\x87\xF2\x2B\xF1\x45\x87\xE5\x3D\xAC\xD1\xC7\x57\x84\xBD\x6B\xAE\xDC\xD8\xF9\xB6\x1B\x62\x70\x0B\x3D\x36\xC9\x42\xF2\x32\xD7\x7A\x61\xE6\xD2\xDB\x3D\xCF\xC8\xA9\xC9\x9B\xDC\xDB\x58\x44\xD7\x6F\x38\xAF\x7F\x78\xD3\xA3\xAD\x1A\x75\xBA\x1C\xC1\x36\x7C\x8F\x1E\x6D\x1C\xC3\x75\x46\xAE\x35\x05\xA6\xF6\x5C\x3D\x21\xEE\x56\xF0\xC9\x82\x22\x2D\x7A\x54\xAB\x70\xC3\x7D\x22\x65\x82\x70\x96",
+	["CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi,O=Elektronik Bilgi Guvenligi A.S.,C=TR"] = "\x30\x82\x03\xB6\x30\x82\x02\x9E\xA0\x03\x02\x01\x02\x02\x10\x44\x99\x8D\x3C\xC0\x03\x27\xBD\x9C\x76\x95\xB9\xEA\xDB\xAC\xB5\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x28\x30\x26\x06\x03\x55\x04\x0A\x13\x1F\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x42\x69\x6C\x67\x69\x20\x47\x75\x76\x65\x6E\x6C\x69\x67\x69\x20\x41\x2E\x53\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x03\x13\x33\x65\x2D\x47\x75\x76\x65\x6E\x20\x4B\x6F\x6B\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\x67\x6C\x61\x79\x69\x63\x69\x73\x69\x30\x1E\x17\x0D\x30\x37\x30\x31\x30\x34\x31\x31\x33\x32\x34\x38\x5A\x17\x0D\x31\x37\x30\x31\x30\x34\x31\x31\x33\x32\x34\x38\x5A\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x28\x30\x26\x06\x03\x55\x04\x0A\x13\x1F\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x42\x69\x6C\x67\x69\x20\x47\x75\x76\x65\x6E\x6C\x69\x67\x69\x20\x41\x2E\x53\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x03\x13\x33\x65\x2D\x47\x75\x76\x65\x6E\x20\x4B\x6F\x6B\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\x67\x6C\x61\x79\x69\x63\x69\x73\x69\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC3\x12\x20\x9E\xB0\x5E\x00\x65\x8D\x4E\x46\xBB\x80\x5C\xE9\x2C\x06\x97\xD5\xF3\x72\xC9\x70\xB9\xE7\x4B\x65\x80\xC1\x4B\xBE\x7E\x3C\xD7\x54\x31\x94\xDE\xD5\x12\xBA\x53\x16\x02\xEA\x58\x63\xEF\x5B\xD8\xF3\xED\x2A\x1A\xAA\x71\x48\xA3\xDC\x10\x2D\x5F\x5F\xEB\x5C\x4B\x9C\x96\x08\x42\x25\x28\x11\xCC\x8A\x5A\x62\x01\x50\xD5\xEB\x09\x53\x2F\xF8\xC3\x8F\xFE\xB3\xFC\xFD\x9D\xA2\xE3\x5F\x7D\xBE\xED\x0B\xE0\x60\xEB\x69\xEC\x33\xED\xD8\x8D\xFB\x12\x49\x83\x00\xC9\x8B\x97\x8C\x3B\x73\x2A\x32\xB3\x12\xF7\xB9\x4D\xF2\xF4\x4D\x6D\xC7\xE6\xD6\x26\x37\x08\xF2\xD9\xFD\x6B\x5C\xA3\xE5\x48\x5C\x58\xBC\x42\xBE\x03\x5A\x81\xBA\x1C\x35\x0C\x00\xD3\xF5\x23\x7E\x71\x30\x08\x26\x38\xDC\x25\x11\x47\x2D\xF3\xBA\x23\x10\xA5\xBF\xBC\x02\xF7\x43\x5E\xC7\xFE\xB0\x37\x50\x99\x7B\x0F\x93\xCE\xE6\x43\x2C\xC3\x7E\x0D\xF2\x1C\x43\x66\x60\xCB\x61\x31\x47\x87\xA3\x4F\xAE\xBD\x56\x6C\x4C\xBC\xBC\xF8\x05\xCA\x64\xF4\xE9\x34\xA1\x2C\xB5\x73\xE1\xC2\x3E\xE8\xC8\xC9\x34\x25\x08\x5C\xF3\xED\xA6\xC7\x94\x9F\xAD\x88\x43\x25\xD7\xE1\x39\x60\xFE\xAC\x39\x59\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x9F\xEE\x44\xB3\x94\xD5\xFA\x91\x4F\x2E\xD9\x55\x9A\x04\x56\xDB\x2D\xC4\xDB\xA5\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7F\x5F\xB9\x53\x5B\x63\x3D\x75\x32\xE7\xFA\xC4\x74\x1A\xCB\x46\xDF\x46\x69\x1C\x52\xCF\xAA\x4F\xC2\x68\xEB\xFF\x80\xA9\x51\xE8\x3D\x62\x77\x89\x3D\x0A\x75\x39\xF1\x6E\x5D\x17\x87\x6F\x68\x05\xC1\x94\x6C\xD9\x5D\xDF\xDA\xB2\x59\xCB\xA5\x10\x8A\xCA\xCC\x39\xCD\x9F\xEB\x4E\xDE\x52\xFF\x0C\xF0\xF4\x92\xA9\xF2\x6C\x53\xAB\x9B\xD2\x47\xA0\x1F\x74\xF7\x9B\x9A\xF1\x2F\x15\x9F\x7A\x64\x30\x18\x07\x3C\x2A\x0F\x67\xCA\xFC\x0F\x89\x61\x9D\x65\xA5\x3C\xE5\xBC\x13\x5B\x08\xDB\xE3\xFF\xED\xBB\x06\xBB\x6A\x06\xB1\x7A\x4F\x65\xC6\x82\xFD\x1E\x9C\x8B\xB5\x0D\xEE\x48\xBB\xB8\xBD\xAA\x08\xB4\xFB\xA3\x7C\xCB\x9F\xCD\x90\x76\x5C\x86\x96\x78\x57\x0A\x66\xF9\x58\x1A\x9D\xFD\x97\x29\x60\xDE\x11\xA6\x90\x1C\x19\x1C\xEE\x01\x96\x22\x34\x34\x2E\x91\xF9\xB7\xC4\x27\xD1\x7B\xE6\xBF\xFB\x80\x44\x5A\x16\xE5\xEB\xE0\xD4\x0A\x38\xBC\xE4\x91\xE3\xD5\xEB\x5C\xC1\xAC\xDF\x1B\x6A\x7C\x9E\xE5\x75\xD2\xB6\x97\x87\xDB\xCC\x87\x2B\x43\x3A\x84\x08\xAF\xAB\x3C\xDB\xF7\x3C\x66\x31\x86\xB0\x9D\x53\x79\xED\xF8\x23\xDE\x42\xE3\x2D\x82\xF1\x0F\xE5\xFA\x97",
+	["CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3"] = "\x30\x82\x03\x5F\x30\x82\x02\x47\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x21\x58\x53\x08\xA2\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x33\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x1E\x17\x0D\x30\x39\x30\x33\x31\x38\x31\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x39\x30\x33\x31\x38\x31\x30\x30\x30\x30\x30\x5A\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x33\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCC\x25\x76\x90\x79\x06\x78\x22\x16\xF5\xC0\x83\xB6\x84\xCA\x28\x9E\xFD\x05\x76\x11\xC5\xAD\x88\x72\xFC\x46\x02\x43\xC7\xB2\x8A\x9D\x04\x5F\x24\xCB\x2E\x4B\xE1\x60\x82\x46\xE1\x52\xAB\x0C\x81\x47\x70\x6C\xDD\x64\xD1\xEB\xF5\x2C\xA3\x0F\x82\x3D\x0C\x2B\xAE\x97\xD7\xB6\x14\x86\x10\x79\xBB\x3B\x13\x80\x77\x8C\x08\xE1\x49\xD2\x6A\x62\x2F\x1F\x5E\xFA\x96\x68\xDF\x89\x27\x95\x38\x9F\x06\xD7\x3E\xC9\xCB\x26\x59\x0D\x73\xDE\xB0\xC8\xE9\x26\x0E\x83\x15\xC6\xEF\x5B\x8B\xD2\x04\x60\xCA\x49\xA6\x28\xF6\x69\x3B\xF6\xCB\xC8\x28\x91\xE5\x9D\x8A\x61\x57\x37\xAC\x74\x14\xDC\x74\xE0\x3A\xEE\x72\x2F\x2E\x9C\xFB\xD0\xBB\xBF\xF5\x3D\x00\xE1\x06\x33\xE8\x82\x2B\xAE\x53\xA6\x3A\x16\x73\x8C\xDD\x41\x0E\x20\x3A\xC0\xB4\xA7\xA1\xE9\xB2\x4F\x90\x2E\x32\x60\xE9\x57\xCB\xB9\x04\x92\x68\x68\xE5\x38\x26\x60\x75\xB2\x9F\x77\xFF\x91\x14\xEF\xAE\x20\x49\xFC\xAD\x40\x15\x48\xD1\x02\x31\x61\x19\x5E\xB8\x97\xEF\xAD\x77\xB7\x64\x9A\x7A\xBF\x5F\xC1\x13\xEF\x9B\x62\xFB\x0D\x6C\xE0\x54\x69\x16\xA9\x03\xDA\x6E\xE9\x83\x93\x71\x76\xC6\x69\x85\x82\x17\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x8F\xF0\x4B\x7F\xA8\x2E\x45\x24\xAE\x4D\x50\xFA\x63\x9A\x8B\xDE\xE2\xDD\x1B\xBC\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x4B\x40\xDB\xC0\x50\xAA\xFE\xC8\x0C\xEF\xF7\x96\x54\x45\x49\xBB\x96\x00\x09\x41\xAC\xB3\x13\x86\x86\x28\x07\x33\xCA\x6B\xE6\x74\xB9\xBA\x00\x2D\xAE\xA4\x0A\xD3\xF5\xF1\xF1\x0F\x8A\xBF\x73\x67\x4A\x83\xC7\x44\x7B\x78\xE0\xAF\x6E\x6C\x6F\x03\x29\x8E\x33\x39\x45\xC3\x8E\xE4\xB9\x57\x6C\xAA\xFC\x12\x96\xEC\x53\xC6\x2D\xE4\x24\x6C\xB9\x94\x63\xFB\xDC\x53\x68\x67\x56\x3E\x83\xB8\xCF\x35\x21\xC3\xC9\x68\xFE\xCE\xDA\xC2\x53\xAA\xCC\x90\x8A\xE9\xF0\x5D\x46\x8C\x95\xDD\x7A\x58\x28\x1A\x2F\x1D\xDE\xCD\x00\x37\x41\x8F\xED\x44\x6D\xD7\x53\x28\x97\x7E\xF3\x67\x04\x1E\x15\xD7\x8A\x96\xB4\xD3\xDE\x4C\x27\xA4\x4C\x1B\x73\x73\x76\xF4\x17\x99\xC2\x1F\x7A\x0E\xE3\x2D\x08\xAD\x0A\x1C\x2C\xFF\x3C\xAB\x55\x0E\x0F\x91\x7E\x36\xEB\xC3\x57\x49\xBE\xE1\x2E\x2D\x7C\x60\x8B\xC3\x41\x51\x13\x23\x9D\xCE\xF7\x32\x6B\x94\x01\xA8\x99\xE7\x2C\x33\x1F\x3A\x3B\x25\xD2\x86\x40\xCE\x3B\x2C\x86\x78\xC9\x61\x2F\x14\xBA\xEE\xDB\x55\x6F\xDF\x84\xEE\x05\x09\x4D\xBD\x28\xD8\x72\xCE\xD3\x62\x50\x65\x1E\xEB\x92\x97\x83\x31\xD9\xB3\xB5\xCA\x47\x58\x3F\x5F",
+	["CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES"] = "\x30\x82\x06\x14\x30\x82\x03\xFC\xA0\x03\x02\x01\x02\x02\x08\x53\xEC\x3B\xEE\xFB\xB2\x48\x5F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x51\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x42\x30\x40\x06\x03\x55\x04\x03\x0C\x39\x41\x75\x74\x6F\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x46\x69\x72\x6D\x61\x70\x72\x6F\x66\x65\x73\x69\x6F\x6E\x61\x6C\x20\x43\x49\x46\x20\x41\x36\x32\x36\x33\x34\x30\x36\x38\x30\x1E\x17\x0D\x30\x39\x30\x35\x32\x30\x30\x38\x33\x38\x31\x35\x5A\x17\x0D\x33\x30\x31\x32\x33\x31\x30\x38\x33\x38\x31\x35\x5A\x30\x51\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x42\x30\x40\x06\x03\x55\x04\x03\x0C\x39\x41\x75\x74\x6F\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x46\x69\x72\x6D\x61\x70\x72\x6F\x66\x65\x73\x69\x6F\x6E\x61\x6C\x20\x43\x49\x46\x20\x41\x36\x32\x36\x33\x34\x30\x36\x38\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xCA\x96\x6B\x8E\xEA\xF8\xFB\xF1\xA2\x35\xE0\x7F\x4C\xDA\xE0\xC3\x52\xD7\x7D\xB6\x10\xC8\x02\x5E\xB3\x43\x2A\xC4\x4F\x6A\xB2\xCA\x1C\x5D\x28\x9A\x78\x11\x1A\x69\x59\x57\xAF\xB5\x20\x42\xE4\x8B\x0F\xE6\xDF\x5B\xA6\x03\x92\x2F\xF5\x11\xE4\x62\xD7\x32\x71\x38\xD9\x04\x0C\x71\xAB\x3D\x51\x7E\x0F\x07\xDF\x63\x05\x5C\xE9\xBF\x94\x6F\xC1\x29\x82\xC0\xB4\xDA\x51\xB0\xC1\x3C\xBB\xAD\x37\x4A\x5C\xCA\xF1\x4B\x36\x0E\x24\xAB\xBF\xC3\x84\x77\xFD\xA8\x50\xF4\xB1\xE7\xC6\x2F\xD2\x2D\x59\x8D\x7A\x0A\x4E\x96\x69\x52\x02\xAA\x36\x98\xEC\xFC\xFA\x14\x83\x0C\x37\x1F\xC9\x92\x37\x7F\xD7\x81\x2D\xE5\xC4\xB9\xE0\x3E\x34\xFE\x67\xF4\x3E\x66\xD1\xD3\xF4\x40\xCF\x5E\x62\x34\x0F\x70\x06\x3E\x20\x18\x5A\xCE\xF7\x72\x1B\x25\x6C\x93\x74\x14\x93\xA3\x73\xB1\x0E\xAA\x87\x10\x23\x59\x5F\x20\x05\x19\x47\xED\x68\x8E\x92\x12\xCA\x5D\xFC\xD6\x2B\xB2\x92\x3C\x20\xCF\xE1\x5F\xAF\x20\xBE\xA0\x76\x7F\x76\xE5\xEC\x1A\x86\x61\x33\x3E\xE7\x7B\xB4\x3F\xA0\x0F\x8E\xA2\xB9\x6A\x6F\xB9\x87\x26\x6F\x41\x6C\x88\xA6\x50\xFD\x6A\x63\x0B\xF5\x93\x16\x1B\x19\x8F\xB2\xED\x9B\x9B\xC9\x90\xF5\x01\x0C\xDF\x19\x3D\x0F\x3E\x38\x23\xC9\x2F\x8F\x0C\xD1\x02\xFE\x1B\x55\xD6\x4E\xD0\x8D\x3C\xAF\x4F\xA4\xF3\xFE\xAF\x2A\xD3\x05\x9D\x79\x08\xA1\xCB\x57\x31\xB4\x9C\xC8\x90\xB2\x67\xF4\x18\x16\x93\x3A\xFC\x47\xD8\xD1\x78\x96\x31\x1F\xBA\x2B\x0C\x5F\x5D\x99\xAD\x63\x89\x5A\x24\x20\x76\xD8\xDF\xFD\xAB\x4E\xA6\x22\xAA\x9D\x5E\xE6\x27\x8A\x7D\x68\x29\xA3\xE7\x8A\xB8\xDA\x11\xBB\x17\x2D\x99\x9D\x13\x24\x46\xF7\xC5\xE2\xD8\x9F\x8E\x7F\xC7\x8F\x74\x6D\x5A\xB2\xE8\x72\xF5\xAC\xEE\x24\x10\xAD\x2F\x14\xDA\xFF\x2D\x9A\x46\x71\x47\xBE\x42\xDF\xBB\x01\xDB\xF4\x7F\xD3\x28\x8F\x31\x59\x5B\xD3\xC9\x02\xA6\xB4\x52\xCA\x6E\x97\xFB\x43\xC5\x08\x26\x6F\x8A\xF4\xBB\xFD\x9F\x28\xAA\x0D\xD5\x45\xF3\x13\x3A\x1D\xD8\xC0\x78\x8F\x41\x67\x3C\x1E\x94\x64\xAE\x7B\x0B\xC5\xE8\xD9\x01\x88\x39\x1A\x97\x86\x64\x41\xD5\x3B\x87\x0C\x6E\xFA\x0F\xC6\xBD\x48\x14\xBF\x39\x4D\xD4\x9E\x41\xB6\x8F\x96\x1D\x63\x96\x93\xD9\x95\x06\x78\x31\x68\x9E\x37\x06\x3B\x80\x89\x45\x61\x39\x23\xC7\x1B\x44\xA3\x15\xE5\x1C\xF8\x92\x30\xBB\x02\x03\x01\x00\x01\xA3\x81\xEF\x30\x81\xEC\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x01\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x65\xCD\xEB\xAB\x35\x1E\x00\x3E\x7E\xD5\x74\xC0\x1C\xB4\x73\x47\x0E\x1A\x64\x2F\x30\x81\xA6\x06\x03\x55\x1D\x20\x04\x81\x9E\x30\x81\x9B\x30\x81\x98\x06\x04\x55\x1D\x20\x00\x30\x81\x8F\x30\x2F\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x66\x69\x72\x6D\x61\x70\x72\x6F\x66\x65\x73\x69\x6F\x6E\x61\x6C\x2E\x63\x6F\x6D\x2F\x63\x70\x73\x30\x5C\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x50\x1E\x4E\x00\x50\x00\x61\x00\x73\x00\x65\x00\x6F\x00\x20\x00\x64\x00\x65\x00\x20\x00\x6C\x00\x61\x00\x20\x00\x42\x00\x6F\x00\x6E\x00\x61\x00\x6E\x00\x6F\x00\x76\x00\x61\x00\x20\x00\x34\x00\x37\x00\x20\x00\x42\x00\x61\x00\x72\x00\x63\x00\x65\x00\x6C\x00\x6F\x00\x6E\x00\x61\x00\x20\x00\x30\x00\x38\x00\x30\x00\x31\x00\x37\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x17\x7D\xA0\xF9\xB4\xDD\xC5\xC5\xEB\xAD\x4B\x24\xB5\xA1\x02\xAB\xDD\xA5\x88\x4A\xB2\x0F\x55\x4B\x2B\x57\x8C\x3B\xE5\x31\xDD\xFE\xC4\x32\xF1\xE7\x5B\x64\x96\x36\x32\x18\xEC\xA5\x32\x77\xD7\xE3\x44\xB6\xC0\x11\x2A\x80\xB9\x3D\x6A\x6E\x7C\x9B\xD3\xAD\xFC\xC3\xD6\xA3\xE6\x64\x29\x7C\xD1\xE1\x38\x1E\x82\x2B\xFF\x27\x65\xAF\xFB\x16\x15\xC4\x2E\x71\x84\xE5\xB5\xFF\xFA\xA4\x47\xBD\x64\x32\xBB\xF6\x25\x84\xA2\x27\x42\xF5\x20\xB0\xC2\x13\x10\x11\xCD\x10\x15\xBA\x42\x90\x2A\xD2\x44\xE1\x96\x26\xEB\x31\x48\x12\xFD\x2A\xDA\xC9\x06\xCF\x74\x1E\xA9\x4B\xD5\x87\x28\xF9\x79\x34\x92\x3E\x2E\x44\xE8\xF6\x8F\x4F\x8F\x35\x3F\x25\xB3\x39\xDC\x63\x2A\x90\x6B\x20\x5F\xC4\x52\x12\x4E\x97\x2C\x2A\xAC\x9D\x97\xDE\x48\xF2\xA3\x66\xDB\xC2\xD2\x83\x95\xA6\x66\xA7\x9E\x25\x0F\xE9\x0B\x33\x91\x65\x0A\x5A\xC3\xD9\x54\x12\xDD\xAF\xC3\x4E\x0E\x1F\x26\x5E\x0D\xDC\xB3\x8D\xEC\xD5\x81\x70\xDE\xD2\x4F\x24\x05\xF3\x6C\x4E\xF5\x4C\x49\x66\x8D\xD1\xFF\xD2\x0B\x25\x41\x48\xFE\x51\x84\xC6\x42\xAF\x80\x04\xCF\xD0\x7E\x64\x49\xE4\xF2\xDF\xA2\xEC\xB1\x4C\xC0\x2A\x1D\xE7\xB4\xB1\x65\xA2\xC4\xBC\xF1\x98\xF4\xAA\x70\x07\x63\xB4\xB8\xDA\x3B\x4C\xFA\x40\x22\x30\x5B\x11\xA6\xF0\x05\x0E\xC6\x02\x03\x48\xAB\x86\x9B\x85\xDD\xDB\xDD\xEA\xA2\x76\x80\x73\x7D\xF5\x9C\x04\xC4\x45\x8D\xE7\xB9\x1C\x8B\x9E\xEA\xD7\x75\xD1\x72\xB1\xDE\x75\x44\xE7\x42\x7D\xE2\x57\x6B\x7D\xDC\x99\xBC\x3D\x83\x28\xEA\x80\x93\x8D\xC5\x4C\x65\xC1\x70\x81\xB8\x38\xFC\x43\x31\xB2\xF6\x03\x34\x47\xB2\xAC\xFB\x22\x06\xCB\x1E\xDD\x17\x47\x1C\x5F\x66\xB9\xD3\x1A\xA2\xDA\x11\xB1\xA4\xBC\x23\xC9\xE4\xBE\x87\xFF\xB9\x94\xB6\xF8\x5D\x20\x4A\xD4\x5F\xE7\xBD\x68\x7B\x65\xF2\x15\x1E\xD2\x3A\xA9\x2D\xE9\xD8\x6B\x24\xAC\x97\x58\x44\x47\xAD\x59\x18\xF1\x21\x65\x70\xDE\xCE\x34\x60\xA8\x40\xF1\xF3\x3C\xA4\xC3\x28\x23\x8C\xFE\x27\x33\x43\x40\xA0\x17\x3C\xEB\xEA\x3B\xB0\x72\xA6\xA3\xB9\x4A\x4B\x5E\x16\x48\xF4\xB2\xBC\xC8\x8C\x92\xC5\x9D\x9F\xAC\x72\x36\xBC\x34\x80\x34\x6B\xA9\x8B\x92\xC0\xB8\x17\xED\xEC\x76\x53\xF5\x24\x01\x8C\xB3\x22\xE8\x4B\x7C\x55\xC6\x9D\xFA\xA3\x14\xBB\x65\x85\x6E\x6E\x4F\x12\x7E\x0A\x3C\x9D\x95",
+	["CN=Izenpe.com,O=IZENPE S.A.,C=ES"] = "\x30\x82\x05\xF1\x30\x82\x03\xD9\xA0\x03\x02\x01\x02\x02\x10\x00\xB0\xB7\x5A\x16\x48\x5F\xBF\xE1\xCB\xF5\x8B\xD7\x19\xE6\x7D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x38\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x49\x5A\x45\x4E\x50\x45\x20\x53\x2E\x41\x2E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x0C\x0A\x49\x7A\x65\x6E\x70\x65\x2E\x63\x6F\x6D\x30\x1E\x17\x0D\x30\x37\x31\x32\x31\x33\x31\x33\x30\x38\x32\x38\x5A\x17\x0D\x33\x37\x31\x32\x31\x33\x30\x38\x32\x37\x32\x35\x5A\x30\x38\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x49\x5A\x45\x4E\x50\x45\x20\x53\x2E\x41\x2E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x0C\x0A\x49\x7A\x65\x6E\x70\x65\x2E\x63\x6F\x6D\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xC9\xD3\x7A\xCA\x0F\x1E\xAC\xA7\x86\xE8\x16\x65\x6A\xB1\xC2\x1B\x45\x32\x71\x95\xD9\xFE\x10\x5B\xCC\xAF\xE7\xA5\x79\x01\x8F\x89\xC3\xCA\xF2\x55\x71\xF7\x77\xBE\x77\x94\xF3\x72\xA4\x2C\x44\xD8\x9E\x92\x9B\x14\x3A\xA1\xE7\x24\x90\x0A\x0A\x56\x8E\xC5\xD8\x26\x94\xE1\xD9\x48\xE1\x2D\x3E\xDA\x0A\x72\xDD\xA3\x99\x15\xDA\x81\xA2\x87\xF4\x7B\x6E\x26\x77\x89\x58\xAD\xD6\xEB\x0C\xB2\x41\x7A\x73\x6E\x6D\xDB\x7A\x78\x41\xE9\x08\x88\x12\x7E\x87\x2E\x66\x11\x63\x6C\x54\xFB\x3C\x9D\x72\xC0\xBC\x2E\xFF\xC2\xB7\xDD\x0D\x76\xE3\x3A\xD7\xF7\xB4\x68\xBE\xA2\xF5\xE3\x81\x6E\xC1\x46\x6F\x5D\x8D\xE0\x4D\xC6\x54\x55\x89\x1A\x33\x31\x0A\xB1\x57\xB9\xA3\x8A\x98\xC3\xEC\x3B\x34\xC5\x95\x41\x69\x7E\x75\xC2\x3C\x20\xC5\x61\xBA\x51\x47\xA0\x20\x90\x93\xA1\x90\x4B\xF3\x4E\x7C\x85\x45\x54\x9A\xD1\x05\x26\x41\xB0\xB5\x4D\x1D\x33\xBE\xC4\x03\xC8\x25\x7C\xC1\x70\xDB\x3B\xF4\x09\x2D\x54\x27\x48\xAC\x2F\xE1\xC4\xAC\x3E\xC8\xCB\x92\x4C\x53\x39\x37\x23\xEC\xD3\x01\xF9\xE0\x09\x44\x4D\x4D\x64\xC0\xE1\x0D\x5A\x87\x22\xBC\xAD\x1B\xA3\xFE\x26\xB5\x15\xF3\xA7\xFC\x84\x19\xE9\xEC\xA1\x88\xB4\x44\x69\x84\x83\xF3\x89\xD1\x74\x06\xA9\xCC\x0B\xD6\xC2\xDE\x27\x85\x50\x26\xCA\x17\xB8\xC9\x7A\x87\x56\x2C\x1A\x01\x1E\x6C\xBE\x13\xAD\x10\xAC\xB5\x24\xF5\x38\x91\xA1\xD6\x4B\xDA\xF1\xBB\xD2\xDE\x47\xB5\xF1\xBC\x81\xF6\x59\x6B\xCF\x19\x53\xE9\x8D\x15\xCB\x4A\xCB\xA9\x6F\x44\xE5\x1B\x41\xCF\xE1\x86\xA7\xCA\xD0\x6A\x9F\xBC\x4C\x8D\x06\x33\x5A\xA2\x85\xE5\x90\x35\xA0\x62\x5C\x16\x4E\xF0\xE3\xA2\xFA\x03\x1A\xB4\x2C\x71\xB3\x58\x2C\xDE\x7B\x0B\xDB\x1A\x0F\xEB\xDE\x21\x1F\x06\x77\x06\x03\xB0\xC9\xEF\x99\xFC\xC0\xB9\x4F\x0B\x86\x28\xFE\xD2\xB9\xEA\xE3\xDA\xA5\xC3\x47\x69\x12\xE0\xDB\xF0\xF6\x19\x8B\xED\x7B\x70\xD7\x02\xD6\xED\x87\x18\x28\x2C\x04\x24\x4C\x77\xE4\x48\x8A\x1A\xC6\x3B\x9A\xD4\x0F\xCA\xFA\x75\xD2\x01\x40\x5A\x8D\x79\xBF\x8B\xCF\x4B\xCF\xAA\x16\xC1\x95\xE4\xAD\x4C\x8A\x3E\x17\x91\xD4\xB1\x62\xE5\x82\xE5\x80\x04\xA4\x03\x7E\x8D\xBF\xDA\x7F\xA2\x0F\x97\x4F\x0C\xD3\x0D\xFB\xD7\xD1\xE5\x72\x7E\x1C\xC8\x77\xFF\x5B\x9A\x0F\xB7\xAE\x05\x46\xE5\xF1\xA8\x16\xEC\x47\xA4\x17\x02\x03\x01\x00\x01\xA3\x81\xF6\x30\x81\xF3\x30\x81\xB0\x06\x03\x55\x1D\x11\x04\x81\xA8\x30\x81\xA5\x81\x0F\x69\x6E\x66\x6F\x40\x69\x7A\x65\x6E\x70\x65\x2E\x63\x6F\x6D\xA4\x81\x91\x30\x81\x8E\x31\x47\x30\x45\x06\x03\x55\x04\x0A\x0C\x3E\x49\x5A\x45\x4E\x50\x45\x20\x53\x2E\x41\x2E\x20\x2D\x20\x43\x49\x46\x20\x41\x30\x31\x33\x33\x37\x32\x36\x30\x2D\x52\x4D\x65\x72\x63\x2E\x56\x69\x74\x6F\x72\x69\x61\x2D\x47\x61\x73\x74\x65\x69\x7A\x20\x54\x31\x30\x35\x35\x20\x46\x36\x32\x20\x53\x38\x31\x43\x30\x41\x06\x03\x55\x04\x09\x0C\x3A\x41\x76\x64\x61\x20\x64\x65\x6C\x20\x4D\x65\x64\x69\x74\x65\x72\x72\x61\x6E\x65\x6F\x20\x45\x74\x6F\x72\x62\x69\x64\x65\x61\x20\x31\x34\x20\x2D\x20\x30\x31\x30\x31\x30\x20\x56\x69\x74\x6F\x72\x69\x61\x2D\x47\x61\x73\x74\x65\x69\x7A\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x1D\x1C\x65\x0E\xA8\xF2\x25\x7B\xB4\x91\xCF\xE4\xB1\xB1\xE6\xBD\x55\x74\x6C\x05\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x78\xA6\x0C\x16\x4A\x9F\x4C\x88\x3A\xC0\xCB\x0E\xA5\x16\x7D\x9F\xB9\x48\x5F\x18\x8F\x0D\x62\x36\xF6\xCD\x19\x6B\xAC\xAB\xD5\xF6\x91\x7D\xAE\x71\xF3\x3F\xB3\x0E\x78\x85\x9B\x95\xA4\x27\x21\x47\x42\x4A\x7C\x48\x3A\xF5\x45\x7C\xB3\x0C\x8E\x51\x78\xAC\x95\x13\xDE\xC6\xFD\x7D\xB8\x1A\x90\x4C\xAB\x92\x03\xC7\xED\x42\x01\xCE\x0F\xD8\xB1\xFA\xA2\x92\xE1\x60\x6D\xAE\x7A\x6B\x09\xAA\xC6\x29\xEE\x68\x49\x67\x30\x80\x24\x7A\x31\x16\x39\x5B\x7E\xF1\x1C\x2E\xDD\x6C\x09\xAD\xF2\x31\xC1\x82\x4E\xB9\xBB\xF9\xBE\xBF\x2A\x85\x3F\xC0\x40\xA3\x3A\x59\xFC\x59\x4B\x3C\x28\x24\xDB\xB4\x15\x75\xAE\x0D\x88\xBA\x2E\x73\xC0\xBD\x58\x87\xE5\x42\xF2\xEB\x5E\xEE\x1E\x30\x22\x99\xCB\x37\xD1\xC4\x21\x6C\x81\xEC\xBE\x6D\x26\xE6\x1C\xE4\x42\x20\x9E\x47\xB0\xAC\x83\x59\x70\x2C\x35\xD6\xAF\x36\x34\xB4\xCD\x3B\xF8\x32\xA8\xEF\xE3\x78\x89\xFB\x8D\x45\x2C\xDA\x9C\xB8\x7E\x40\x1C\x61\xE7\x3E\xA2\x92\x2C\x4B\xF2\xCD\xFA\x98\xB6\x29\xFF\xF3\xF2\x7B\xA9\x1F\x2E\xA0\x93\x57\x2B\xDE\x85\x03\xF9\x69\x37\xCB\x9E\x78\x6A\x05\xB4\xC5\x31\x78\x89\xEC\x7A\xA7\x85\xE1\xB9\x7B\x3C\xDE\xBE\x1E\x79\x84\xCE\x9F\x70\x0E\x59\xC2\x35\x2E\x90\x2A\x31\xD9\xE4\x45\x7A\x41\xA4\x2E\x13\x9B\x34\x0E\x66\x7B\x49\xAB\x64\x97\xD0\x46\xC3\x79\x9D\x72\x50\x63\xA6\x98\x5B\x06\xBD\x48\x6D\xD8\x39\x83\x70\xE8\x35\xF0\x05\xD1\xAA\xBC\xE3\xDB\xC8\x02\xEA\x7C\xFD\x82\xDA\xC2\x5B\x52\x35\xAE\x98\x3A\xAD\xBA\x35\x93\x23\xA7\x1F\x48\xDD\x35\x46\x98\xB2\x10\x68\xE4\xA5\x31\xC2\x0A\x58\x2E\x19\x81\x10\xC9\x50\x75\xFC\xEA\x5A\x16\xCE\x11\xD7\xEE\xEF\x50\x88\x2D\x61\xFF\x3F\x42\x73\x05\x94\x43\xD5\x8E\x3C\x4E\x01\x3A\x19\xA5\x1F\x46\x4E\x77\xD0\x5D\xE5\x81\x22\x21\x87\xFE\x94\x7D\x84\xD8\x93\xAD\xD6\x68\x43\x48\xB2\xDB\xEB\x73\x24\xE7\x91\x7F\x54\xA4\xB6\x80\x3E\x9D\xA3\x3C\x4C\x72\xC2\x57\xC4\xA0\xD4\xCC\x38\x27\xCE\xD5\x06\x9E\xA2\x48\xD9\xE9\x9F\xCE\x82\x70\x36\x93\x9A\x3B\xDF\x96\x21\xE3\x59\xB7\x0C\xDA\x91\x37\xF0\xFD\x59\x5A\xB3\x99\xC8\x69\x6C\x43\x26\x01\x35\x63\x60\x55\x89\x03\x3A\x75\xD8\xBA\x4A\xD9\x54\xFF\xEE\xDE\x80\xD8\x2D\xD1\x38\xD5\x5E\x2D\x0B\x98\x7D\x3E\x6C\xDB\xFC\x26\x88\xC7",
+	["CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU"] = "\x30\x82\x07\x4F\x30\x82\x05\x37\xA0\x03\x02\x01\x02\x02\x09\x00\xA3\xDA\x42\x7E\xA4\xB1\xAE\xDA\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xAE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3A\x4D\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6E\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2E\x63\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x2E\x63\x6F\x6D\x2F\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x2E\x41\x2E\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x43\x68\x61\x6D\x62\x65\x72\x73\x20\x6F\x66\x20\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x20\x2D\x20\x32\x30\x30\x38\x30\x1E\x17\x0D\x30\x38\x30\x38\x30\x31\x31\x32\x32\x39\x35\x30\x5A\x17\x0D\x33\x38\x30\x37\x33\x31\x31\x32\x32\x39\x35\x30\x5A\x30\x81\xAE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3A\x4D\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6E\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2E\x63\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x2E\x63\x6F\x6D\x2F\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x2E\x41\x2E\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x43\x68\x61\x6D\x62\x65\x72\x73\x20\x6F\x66\x20\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x20\x2D\x20\x32\x30\x30\x38\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xAF\x00\xCB\x70\x37\x2B\x80\x5A\x4A\x3A\x6C\x78\x94\x7D\xA3\x7F\x1A\x1F\xF6\x35\xD5\xBD\xDB\xCB\x0D\x44\x72\x3E\x26\xB2\x90\x52\xBA\x63\x3B\x28\x58\x6F\xA5\xB3\x6D\x94\xA6\xF3\xDD\x64\x0C\x55\xF6\xF6\xE7\xF2\x22\x22\x80\x5E\xE1\x62\xC6\xB6\x29\xE1\x81\x6C\xF2\xBF\xE5\x7D\x32\x6A\x54\xA0\x32\x19\x59\xFE\x1F\x8B\xD7\x3D\x60\x86\x85\x24\x6F\xE3\x11\xB3\x77\x3E\x20\x96\x35\x21\x6B\xB3\x08\xD9\x70\x2E\x64\xF7\x84\x92\x53\xD6\x0E\xB0\x90\x8A\x8A\xE3\x87\x8D\x06\xD3\xBD\x90\x0E\xE2\x99\xA1\x1B\x86\x0E\xDA\x9A\x0A\xBB\x0B\x61\x50\x06\x52\xF1\x9E\x7F\x76\xEC\xCB\x0F\xD0\x1E\x0D\xCF\x99\x30\x3D\x1C\xC4\x45\x10\x58\xAC\xD6\xD3\xE8\xD7\xE5\xEA\xC5\x01\x07\x77\xD6\x51\xE6\x03\x7F\x8A\x48\xA5\x4D\x68\x75\xB9\xE9\xBC\x9E\x4E\x19\x71\xF5\x32\x4B\x9C\x6D\x60\x19\x0B\xFB\xCC\x9D\x75\xDC\xBF\x26\xCD\x8F\x93\x78\x39\x79\x73\x5E\x25\x0E\xCA\x5C\xEB\x77\x12\x07\xCB\x64\x41\x47\x72\x93\xAB\x50\xC3\xEB\x09\x76\x64\x34\xD2\x39\xB7\x76\x11\x09\x0D\x76\x45\xC4\xA9\xAE\x3D\x6A\xAF\xB5\x7D\x65\x2F\x94\x58\x10\xEC\x5C\x7C\xAF\x7E\xE2\xB6\x18\xD9\xD0\x9B\x4E\x5A\x49\xDF\xA9\x66\x0B\xCC\x3C\xC6\x78\x7C\xA7\x9C\x1D\xE3\xCE\x8E\x53\xBE\x05\xDE\x60\x0F\x6B\xE5\x1A\xDB\x3F\xE3\xE1\x21\xC9\x29\xC1\xF1\xEB\x07\x9C\x52\x1B\x01\x44\x51\x3C\x7B\x25\xD7\xC4\xE5\x52\x54\x5D\x25\x07\xCA\x16\x20\xB8\xAD\xE4\x41\xEE\x7A\x08\xFE\x99\x6F\x83\xA6\x91\x02\xB0\x6C\x36\x55\x6A\xE7\x7D\xF5\x96\xE6\xCA\x81\xD6\x97\xF1\x94\x83\xE9\xED\xB0\xB1\x6B\x12\x69\x1E\xAC\xFB\x5D\xA9\xC5\x98\xE9\xB4\x5B\x58\x7A\xBE\x3D\xA2\x44\x3A\x63\x59\xD4\x0B\x25\xDE\x1B\x4F\xBD\xE5\x01\x9E\xCD\xD2\x29\xD5\x9F\x17\x19\x0A\x6F\xBF\x0C\x90\xD3\x09\x5F\xD9\xE3\x8A\x35\xCC\x79\x5A\x4D\x19\x37\x92\xB7\xC4\xC1\xAD\xAF\xF4\x79\x24\x9A\xB2\x01\x0B\xB1\xAF\x5C\x96\xF3\x80\x32\xFB\x5C\x3D\x98\xF1\xA0\x3F\x4A\xDE\xBE\xAF\x94\x2E\xD9\x55\x9A\x17\x6E\x60\x9D\x63\x6C\xB8\x63\xC9\xAE\x81\x5C\x18\x35\xE0\x90\xBB\xBE\x3C\x4F\x37\x22\xB9\x7E\xEB\xCF\x9E\x77\x21\xA6\x3D\x38\x81\xFB\x48\xDA\x31\x3D\x2B\xE3\x89\xF5\xD0\xB5\xBD\x7E\xE0\x50\xC4\x12\x89\xB3\x23\x9A\x10\x31\x85\xDB\xAE\x6F\xEF\x38\x33\x18\x76\x11\x02\x03\x01\x00\x01\xA3\x82\x01\x6C\x30\x82\x01\x68\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x0C\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xF9\x24\xAC\x0F\xB2\xB5\xF8\x79\xC0\xFA\x60\x88\x1B\xC4\xD9\x4D\x02\x9E\x17\x19\x30\x81\xE3\x06\x03\x55\x1D\x23\x04\x81\xDB\x30\x81\xD8\x80\x14\xF9\x24\xAC\x0F\xB2\xB5\xF8\x79\xC0\xFA\x60\x88\x1B\xC4\xD9\x4D\x02\x9E\x17\x19\xA1\x81\xB4\xA4\x81\xB1\x30\x81\xAE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3A\x4D\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6E\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2E\x63\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x2E\x63\x6F\x6D\x2F\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x2E\x41\x2E\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x43\x68\x61\x6D\x62\x65\x72\x73\x20\x6F\x66\x20\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x20\x2D\x20\x32\x30\x30\x38\x82\x09\x00\xA3\xDA\x42\x7E\xA4\xB1\xAE\xDA\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x3D\x06\x03\x55\x1D\x20\x04\x36\x30\x34\x30\x32\x06\x04\x55\x1D\x20\x00\x30\x2A\x30\x28\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x1C\x68\x74\x74\x70\x3A\x2F\x2F\x70\x6F\x6C\x69\x63\x79\x2E\x63\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x2E\x63\x6F\x6D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x90\x12\xAF\x22\x35\xC2\xA3\x39\xF0\x2E\xDE\xE9\xB5\xE9\x78\x7C\x48\xBE\x3F\x7D\x45\x92\x5E\xE9\xDA\xB1\x19\xFC\x16\x3C\x9F\xB4\x5B\x66\x9E\x6A\xE7\xC3\xB9\x5D\x88\xE8\x0F\xAD\xCF\x23\x0F\xDE\x25\x3A\x5E\xCC\x4F\xA5\xC1\xB5\x2D\xAC\x24\xD2\x58\x07\xDE\xA2\xCF\x69\x84\x60\x33\xE8\x10\x0D\x13\xA9\x23\xD0\x85\xE5\x8E\x7B\xA6\x9E\x3D\x72\x13\x72\x33\xF5\xAA\x7D\xC6\x63\x1F\x08\xF4\xFE\x01\x7F\x24\xCF\x2B\x2C\x54\x09\xDE\xE2\x2B\x6D\x92\xC6\x39\x4F\x16\xEA\x3C\x7E\x7A\x46\xD4\x45\x6A\x46\xA8\xEB\x75\x82\x56\xA7\xAB\xA0\x7C\x68\x13\x33\xF6\x9D\x30\xF0\x6F\x27\x39\x24\x23\x2A\x90\xFD\x90\x29\x35\xF2\x93\xDF\x34\xA5\xC6\xF7\xF8\xEF\x8C\x0F\x62\x4A\x7C\xAE\xD3\xF5\x54\xF8\x8D\xB6\x9A\x56\x87\x16\x82\x3A\x33\xAB\x5A\x22\x08\xF7\x82\xBA\xEA\x2E\xE0\x47\x9A\xB4\xB5\x45\xA3\x05\x3B\xD9\xDC\x2E\x45\x40\x3B\xEA\xDC\x7F\xE8\x3B\xEB\xD1\xEC\x26\xD8\x35\xA4\x30\xC5\x3A\xAC\x57\x9E\xB3\x76\xA5\x20\x7B\xF9\x1E\x4A\x05\x62\x01\xA6\x28\x75\x60\x97\x92\x0D\x6E\x3E\x4D\x37\x43\x0D\x92\x15\x9C\x18\x22\xCD\x51\x99\xA0\x29\x1A\x3C\x5F\x8A\x32\x33\x5B\x30\xC7\x89\x2F\x47\x98\x0F\xA3\x03\xC6\xF6\xF1\xAC\xDF\x32\xF0\xD9\x81\x1A\xE4\x9C\xBD\xF6\x80\x14\xF0\xD1\x2C\xB9\x85\xF5\xD8\xA3\xB1\xC8\xA5\x21\xE5\x1C\x13\x97\xEE\x0E\xBD\xDF\x29\xA9\xEF\x34\x53\x5B\xD3\xE4\x6A\x13\x84\x06\xB6\x32\x02\xC4\x52\xAE\x22\xD2\xDC\xB2\x21\x42\x1A\xDA\x40\xF0\x29\xC9\xEC\x0A\x0C\x5C\xE2\xD0\xBA\xCC\x48\xD3\x37\x0A\xCC\x12\x0A\x8A\x79\xB0\x3D\x03\x7F\x69\x4B\xF4\x34\x20\x7D\xB3\x34\xEA\x8E\x4B\x64\xF5\x3E\xFD\xB3\x23\x67\x15\x0D\x04\xB8\xF0\x2D\xC1\x09\x51\x3C\xB2\x6C\x15\xF0\xA5\x23\xD7\x83\x74\xE4\xE5\x2E\xC9\xFE\x98\x27\x42\xC6\xAB\xC6\x9E\xB0\xD0\x5B\x38\xA5\x9B\x50\xDE\x7E\x18\x98\xB5\x45\x3B\xF6\x79\xB4\xE8\xF7\x1A\x7B\x06\x83\xFB\xD0\x8B\xDA\xBB\xC7\xBD\x18\xAB\x08\x6F\x3C\x80\x6B\x40\x3F\x19\x19\xBA\x65\x8A\xE6\xBE\xD5\x5C\xD3\x36\xD7\xEF\x40\x52\x24\x60\x38\x67\x04\x31\xEC\x8F\xF3\x82\xC6\xDE\xB9\x55\xF3\x3B\x31\x91\x5A\xDC\xB5\x08\x15\xAD\x76\x25\x0A\x0D\x7B\x2E\x87\xE2\x0C\xA6\x06\xBC\x26\x10\x6D\x37\x9D\xEC\xDD\x78\x8C\x7C\x80\xC5\xF0\xD9\x77\x48\xD0",
+	["CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU"] = "\x30\x82\x07\x49\x30\x82\x05\x31\xA0\x03\x02\x01\x02\x02\x09\x00\xC9\xCD\xD3\xE9\xD5\x7D\x23\xCE\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xAC\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3A\x4D\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6E\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2E\x63\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x2E\x63\x6F\x6D\x2F\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x2E\x41\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x47\x6C\x6F\x62\x61\x6C\x20\x43\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x2D\x20\x32\x30\x30\x38\x30\x1E\x17\x0D\x30\x38\x30\x38\x30\x31\x31\x32\x33\x31\x34\x30\x5A\x17\x0D\x33\x38\x30\x37\x33\x31\x31\x32\x33\x31\x34\x30\x5A\x30\x81\xAC\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3A\x4D\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6E\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2E\x63\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x2E\x63\x6F\x6D\x2F\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x2E\x41\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x47\x6C\x6F\x62\x61\x6C\x20\x43\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x2D\x20\x32\x30\x30\x38\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xC0\xDF\x56\xD3\xE4\x3A\x9B\x76\x45\xB4\x13\xDB\xFF\xC1\xB6\x19\x8B\x37\x41\x18\x95\x52\x47\xEB\x17\x9D\x29\x88\x8E\x35\x6C\x06\x32\x2E\x47\x62\xF3\x49\x04\xBF\x7D\x44\x36\xB1\x71\xCC\xBD\x5A\x09\x73\xD5\xD9\x85\x44\xFF\x91\x57\x25\xDF\x5E\x36\x8E\x70\xD1\x5C\x71\x43\x1D\xD9\xDA\xEF\x5C\xD2\xFB\x1B\xBD\x3A\xB5\xCB\xAD\xA3\xCC\x44\xA7\x0D\xAE\x21\x15\x3F\xB9\x7A\x5B\x92\x75\xD8\xA4\x12\x38\x89\x19\x8A\xB7\x80\xD2\xE2\x32\x6F\x56\x9C\x91\xD6\x88\x10\x0B\xB3\x74\x64\x92\x74\x60\xF3\xF6\xCF\x18\x4F\x60\xB2\x23\xD0\xC7\x3B\xCE\x61\x4B\x99\x8F\xC2\x0C\xD0\x40\xB2\x98\xDC\x0D\xA8\x4E\xA3\xB9\x0A\xAE\x60\xA0\xAD\x45\x52\x63\xBA\x66\xBD\x68\xE0\xF9\xBE\x1A\xA8\x81\xBB\x1E\x41\x78\x75\xD3\xC1\xFE\x00\x55\xB0\x87\x54\xE8\x27\x90\x35\x1D\x4C\x33\xAD\x97\xFC\x97\x2E\x98\x84\xBF\x2C\xC9\xA3\xBF\xD1\x98\x11\x14\xED\x63\xF8\xCA\x98\x88\x58\x17\x99\xED\x45\x03\x97\x7E\x3C\x86\x1E\x88\x8C\xBE\xF2\x91\x84\x8F\x65\x34\xD8\x00\x4C\x7D\xB7\x31\x17\x5A\x29\x7A\x0A\x18\x24\x30\xA3\x37\xB5\x7A\xA9\x01\x7D\x26\xD6\xF9\x0E\x8E\x59\xF1\xFD\x1B\x33\xB5\x29\x3B\x17\x3B\x41\xB6\x21\xDD\xD4\xC0\x3D\xA5\x9F\x9F\x1F\x43\x50\xC9\xBB\xBC\x6C\x7A\x97\x98\xEE\xCD\x8C\x1F\xFB\x9C\x51\xAE\x8B\x70\xBD\x27\x9F\x71\xC0\x6B\xAC\x7D\x90\x66\xE8\xD7\x5D\x3A\x0D\xB0\xD5\xC2\x8D\xD5\xC8\x9D\x9D\xC1\x6D\xD0\xD0\xBF\x51\xE4\xE3\xF8\xC3\x38\x36\xAE\xD6\xA7\x75\xE6\xAF\x84\x43\x5D\x93\x92\x0C\x6A\x07\xDE\x3B\x1D\x98\x22\xD6\xAC\xC1\x35\xDB\xA3\xA0\x25\xFF\x72\xB5\x76\x1D\xDE\x6D\xE9\x2C\x66\x2C\x52\x84\xD0\x45\x92\xCE\x1C\xE5\xE5\x33\x1D\xDC\x07\x53\x54\xA3\xAA\x82\x3B\x9A\x37\x2F\xDC\xDD\xA0\x64\xE9\xE6\xDD\xBD\xAE\xFC\x64\x85\x1D\x3C\xA7\xC9\x06\xDE\x84\xFF\x6B\xE8\x6B\x1A\x3C\xC5\xA2\xB3\x42\xFB\x8B\x09\x3E\x5F\x08\x52\xC7\x62\xC4\xD4\x05\x71\xBF\xC4\x64\xE4\xF8\xA1\x83\xE8\x3E\x12\x9B\xA8\x1E\xD4\x36\x4D\x2F\x71\xF6\x8D\x28\xF6\x83\xA9\x13\xD2\x61\xC1\x91\xBB\x48\xC0\x34\x8F\x41\x8C\x4B\x4C\xDB\x69\x12\xFF\x50\x94\x9C\x20\x83\x59\x73\xED\x7C\xA1\xF2\xF1\xFD\xDD\xF7\x49\xD3\x43\x58\xA0\x56\x63\xCA\x3D\x3D\xE5\x35\x56\x59\xE9\x0E\xCA\x20\xCC\x2B\x4B\x93\x29\x0F\x02\x03\x01\x00\x01\xA3\x82\x01\x6A\x30\x82\x01\x66\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x0C\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xB9\x09\xCA\x9C\x1E\xDB\xD3\x6C\x3A\x6B\xAE\xED\x54\xF1\x5B\x93\x06\x35\x2E\x5E\x30\x81\xE1\x06\x03\x55\x1D\x23\x04\x81\xD9\x30\x81\xD6\x80\x14\xB9\x09\xCA\x9C\x1E\xDB\xD3\x6C\x3A\x6B\xAE\xED\x54\xF1\x5B\x93\x06\x35\x2E\x5E\xA1\x81\xB2\xA4\x81\xAF\x30\x81\xAC\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3A\x4D\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6E\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2E\x63\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x2E\x63\x6F\x6D\x2F\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x2E\x41\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x47\x6C\x6F\x62\x61\x6C\x20\x43\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x2D\x20\x32\x30\x30\x38\x82\x09\x00\xC9\xCD\xD3\xE9\xD5\x7D\x23\xCE\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x3D\x06\x03\x55\x1D\x20\x04\x36\x30\x34\x30\x32\x06\x04\x55\x1D\x20\x00\x30\x2A\x30\x28\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x1C\x68\x74\x74\x70\x3A\x2F\x2F\x70\x6F\x6C\x69\x63\x79\x2E\x63\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x2E\x63\x6F\x6D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x80\x88\x7F\x70\xDE\x92\x28\xD9\x05\x94\x46\xFF\x90\x57\xA9\xF1\x2F\xDF\x1A\x0D\x6B\xFA\x7C\x0E\x1C\x49\x24\x79\x27\xD8\x46\xAA\x6F\x29\x59\x52\x88\x70\x12\xEA\xDD\x3D\xF5\x9B\x53\x54\x6F\xE1\x60\xA2\xA8\x09\xB9\xEC\xEB\x59\x7C\xC6\x35\xF1\xDC\x18\xE9\xF1\x67\xE5\xAF\xBA\x45\xE0\x09\xDE\xCA\x44\x0F\xC2\x17\x0E\x77\x91\x45\x7A\x33\x5F\x5F\x96\x2C\x68\x8B\xC1\x47\x8F\x98\x9B\x3D\xC0\xEC\xCB\xF5\xD5\x82\x92\x84\x35\xD1\xBE\x36\x38\x56\x72\x31\x5B\x47\x2D\xAA\x17\xA4\x63\x51\xEB\x0A\x01\xAD\x7F\xEC\x75\x9E\xCB\xA1\x1F\xF1\x7F\x12\xB1\xB9\xE4\x64\x7F\x67\xD6\x23\x2A\xF4\xB8\x39\x5D\x98\xE8\x21\xA7\xE1\xBD\x3D\x42\x1A\x74\x9A\x70\xAF\x68\x6C\x50\x5D\x49\xCF\xFF\xFB\x0E\x5D\xE6\x2C\x47\xD7\x81\x3A\x59\x00\xB5\x73\x6B\x63\x20\xF6\x31\x45\x08\x39\x0E\xF4\x70\x7E\x40\x70\x5A\x3F\xD0\x6B\x42\xA9\x74\x3D\x28\x2F\x02\x6D\x75\x72\x95\x09\x8D\x48\x63\xC6\xC6\x23\x57\x92\x93\x5E\x35\xC1\x8D\xF9\x0A\xF7\x2C\x9D\x62\x1C\xF6\xAD\x7C\xDD\xA6\x31\x1E\xB6\xB1\xC7\x7E\x85\x26\xFA\xA4\x6A\xB5\xDA\x63\x30\xD1\xEF\x93\x37\xB2\x66\x2F\x7D\x05\xF7\xE7\xB7\x4B\x98\x94\x35\xC0\xD9\x3A\x29\xC1\x9D\xB2\x50\x33\x1D\x4A\xA9\x5A\xA6\xC9\x03\xEF\xED\xF4\xE7\xA8\x6E\x8A\xB4\x57\x84\xEB\xA4\x3F\xD0\xEE\xAA\xAA\x87\x5B\x63\xE8\x93\xE2\x6B\xA8\xD4\xB8\x72\x78\x6B\x1B\xED\x39\xE4\x5D\xCB\x9B\xAA\x87\xD5\x4F\x4E\x00\xFE\xD9\x6A\x9F\x3C\x31\x0F\x28\x02\x01\x7D\x98\xE8\xA7\xB0\xA2\x64\x9E\x79\xF8\x48\xF2\x15\xA9\xCC\xE6\xC8\x44\xEB\x3F\x78\x99\xF2\x7B\x71\x3E\x3C\xF1\x98\xA7\xC5\x18\x12\x3F\xE6\xBB\x28\x33\x42\xE9\x45\x0A\x7C\x6D\xF2\x86\x79\x2F\xC5\x82\x19\x7D\x09\x89\x7C\xB2\x54\x76\x88\xAE\xDE\xC1\xF3\xCC\xE1\x6E\xDB\x31\xD6\x93\xAE\x99\xA0\xEF\x25\x6A\x73\x98\x89\x5B\x3A\x2E\x13\x88\x1E\xBF\xC0\x92\x94\x34\x1B\xE3\x27\xB7\x8B\x1E\x6F\x42\xFF\xE7\xE9\x37\x9B\x50\x1D\x2D\xA2\xF9\x02\xEE\xCB\x58\x58\x3A\x71\xBC\x68\xE3\xAA\xC1\xAF\x1C\x28\x1F\xA2\xDC\x23\x65\x3F\x81\xEA\xAE\x99\xD3\xD8\x30\xCF\x13\x0D\x4F\x15\xC9\x84\xBC\xA7\x48\x2D\xF8\x30\x23\x77\xD8\x46\x4B\x79\x6D\xF6\x8C\xED\x3A\x7F\x60\x11\x78\xF4\xE9\x9B\xAE\xD5\x54\xC0\x74\x80\xD1\x0B\x42\x9F\xC1",
+	["CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US"] = "\x30\x82\x03\xC5\x30\x82\x02\xAD\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\x83\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x41\x72\x69\x7A\x6F\x6E\x61\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x53\x63\x6F\x74\x74\x73\x64\x61\x6C\x65\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x13\x11\x47\x6F\x44\x61\x64\x64\x79\x2E\x63\x6F\x6D\x2C\x20\x49\x6E\x63\x2E\x31\x31\x30\x2F\x06\x03\x55\x04\x03\x13\x28\x47\x6F\x20\x44\x61\x64\x64\x79\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x30\x1E\x17\x0D\x30\x39\x30\x39\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x37\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x83\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x41\x72\x69\x7A\x6F\x6E\x61\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x53\x63\x6F\x74\x74\x73\x64\x61\x6C\x65\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x13\x11\x47\x6F\x44\x61\x64\x64\x79\x2E\x63\x6F\x6D\x2C\x20\x49\x6E\x63\x2E\x31\x31\x30\x2F\x06\x03\x55\x04\x03\x13\x28\x47\x6F\x20\x44\x61\x64\x64\x79\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBF\x71\x62\x08\xF1\xFA\x59\x34\xF7\x1B\xC9\x18\xA3\xF7\x80\x49\x58\xE9\x22\x83\x13\xA6\xC5\x20\x43\x01\x3B\x84\xF1\xE6\x85\x49\x9F\x27\xEA\xF6\x84\x1B\x4E\xA0\xB4\xDB\x70\x98\xC7\x32\x01\xB1\x05\x3E\x07\x4E\xEE\xF4\xFA\x4F\x2F\x59\x30\x22\xE7\xAB\x19\x56\x6B\xE2\x80\x07\xFC\xF3\x16\x75\x80\x39\x51\x7B\xE5\xF9\x35\xB6\x74\x4E\xA9\x8D\x82\x13\xE4\xB6\x3F\xA9\x03\x83\xFA\xA2\xBE\x8A\x15\x6A\x7F\xDE\x0B\xC3\xB6\x19\x14\x05\xCA\xEA\xC3\xA8\x04\x94\x3B\x46\x7C\x32\x0D\xF3\x00\x66\x22\xC8\x8D\x69\x6D\x36\x8C\x11\x18\xB7\xD3\xB2\x1C\x60\xB4\x38\xFA\x02\x8C\xCE\xD3\xDD\x46\x07\xDE\x0A\x3E\xEB\x5D\x7C\xC8\x7C\xFB\xB0\x2B\x53\xA4\x92\x62\x69\x51\x25\x05\x61\x1A\x44\x81\x8C\x2C\xA9\x43\x96\x23\xDF\xAC\x3A\x81\x9A\x0E\x29\xC5\x1C\xA9\xE9\x5D\x1E\xB6\x9E\x9E\x30\x0A\x39\xCE\xF1\x88\x80\xFB\x4B\x5D\xCC\x32\xEC\x85\x62\x43\x25\x34\x02\x56\x27\x01\x91\xB4\x3B\x70\x2A\x3F\x6E\xB1\xE8\x9C\x88\x01\x7D\x9F\xD4\xF9\xDB\x53\x6D\x60\x9D\xBF\x2C\xE7\x58\xAB\xB8\x5F\x46\xFC\xCE\xC4\x1B\x03\x3C\x09\xEB\x49\x31\x5C\x69\x46\xB3\xE0\x47\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x3A\x9A\x85\x07\x10\x67\x28\xB6\xEF\xF6\xBD\x05\x41\x6E\x20\xC1\x94\xDA\x0F\xDE\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x99\xDB\x5D\x79\xD5\xF9\x97\x59\x67\x03\x61\xF1\x7E\x3B\x06\x31\x75\x2D\xA1\x20\x8E\x4F\x65\x87\xB4\xF7\xA6\x9C\xBC\xD8\xE9\x2F\xD0\xDB\x5A\xEE\xCF\x74\x8C\x73\xB4\x38\x42\xDA\x05\x7B\xF8\x02\x75\xB8\xFD\xA5\xB1\xD7\xAE\xF6\xD7\xDE\x13\xCB\x53\x10\x7E\x8A\x46\xD1\x97\xFA\xB7\x2E\x2B\x11\xAB\x90\xB0\x27\x80\xF9\xE8\x9F\x5A\xE9\x37\x9F\xAB\xE4\xDF\x6C\xB3\x85\x17\x9D\x3D\xD9\x24\x4F\x79\x91\x35\xD6\x5F\x04\xEB\x80\x83\xAB\x9A\x02\x2D\xB5\x10\xF4\xD8\x90\xC7\x04\x73\x40\xED\x72\x25\xA0\xA9\x9F\xEC\x9E\xAB\x68\x12\x99\x57\xC6\x8F\x12\x3A\x09\xA4\xBD\x44\xFD\x06\x15\x37\xC1\x9B\xE4\x32\xA3\xED\x38\xE8\xD8\x64\xF3\x2C\x7E\x14\xFC\x02\xEA\x9F\xCD\xFF\x07\x68\x17\xDB\x22\x90\x38\x2D\x7A\x8D\xD1\x54\xF1\x69\xE3\x5F\x33\xCA\x7A\x3D\x7B\x0A\xE3\xCA\x7F\x5F\x39\xE5\xE2\x75\xBA\xC5\x76\x18\x33\xCE\x2C\xF0\x2F\x4C\xAD\xF7\xB1\xE7\xCE\x4F\xA8\xC4\x9B\x4A\x54\x06\xC5\x7F\x7D\xD5\x08\x0F\xE2\x1C\xFE\x7E\x17\xB8\xAC\x5E\xF6\xD4\x16\xB2\x43\x09\x0C\x4D\xF6\xA7\x6B\xB4\x99\x84\x65\xCA\x7A\x88\xE2\xE2\x44\xBE\x5C\xF7\xEA\x1C\xF5",
+	["CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US"] = "\x30\x82\x03\xDD\x30\x82\x02\xC5\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\x8F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x41\x72\x69\x7A\x6F\x6E\x61\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x53\x63\x6F\x74\x74\x73\x64\x61\x6C\x65\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x74\x61\x72\x66\x69\x65\x6C\x64\x20\x54\x65\x63\x68\x6E\x6F\x6C\x6F\x67\x69\x65\x73\x2C\x20\x49\x6E\x63\x2E\x31\x32\x30\x30\x06\x03\x55\x04\x03\x13\x29\x53\x74\x61\x72\x66\x69\x65\x6C\x64\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x30\x1E\x17\x0D\x30\x39\x30\x39\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x37\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x8F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x41\x72\x69\x7A\x6F\x6E\x61\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x53\x63\x6F\x74\x74\x73\x64\x61\x6C\x65\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x74\x61\x72\x66\x69\x65\x6C\x64\x20\x54\x65\x63\x68\x6E\x6F\x6C\x6F\x67\x69\x65\x73\x2C\x20\x49\x6E\x63\x2E\x31\x32\x30\x30\x06\x03\x55\x04\x03\x13\x29\x53\x74\x61\x72\x66\x69\x65\x6C\x64\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBD\xED\xC1\x03\xFC\xF6\x8F\xFC\x02\xB1\x6F\x5B\x9F\x48\xD9\x9D\x79\xE2\xA2\xB7\x03\x61\x56\x18\xC3\x47\xB6\xD7\xCA\x3D\x35\x2E\x89\x43\xF7\xA1\x69\x9B\xDE\x8A\x1A\xFD\x13\x20\x9C\xB4\x49\x77\x32\x29\x56\xFD\xB9\xEC\x8C\xDD\x22\xFA\x72\xDC\x27\x61\x97\xEE\xF6\x5A\x84\xEC\x6E\x19\xB9\x89\x2C\xDC\x84\x5B\xD5\x74\xFB\x6B\x5F\xC5\x89\xA5\x10\x52\x89\x46\x55\xF4\xB8\x75\x1C\xE6\x7F\xE4\x54\xAE\x4B\xF8\x55\x72\x57\x02\x19\xF8\x17\x71\x59\xEB\x1E\x28\x07\x74\xC5\x9D\x48\xBE\x6C\xB4\xF4\xA4\xB0\xF3\x64\x37\x79\x92\xC0\xEC\x46\x5E\x7F\xE1\x6D\x53\x4C\x62\xAF\xCD\x1F\x0B\x63\xBB\x3A\x9D\xFB\xFC\x79\x00\x98\x61\x74\xCF\x26\x82\x40\x63\xF3\xB2\x72\x6A\x19\x0D\x99\xCA\xD4\x0E\x75\xCC\x37\xFB\x8B\x89\xC1\x59\xF1\x62\x7F\x5F\xB3\x5F\x65\x30\xF8\xA7\xB7\x4D\x76\x5A\x1E\x76\x5E\x34\xC0\xE8\x96\x56\x99\x8A\xB3\xF0\x7F\xA4\xCD\xBD\xDC\x32\x31\x7C\x91\xCF\xE0\x5F\x11\xF8\x6B\xAA\x49\x5C\xD1\x99\x94\xD1\xA2\xE3\x63\x5B\x09\x76\xB5\x56\x62\xE1\x4B\x74\x1D\x96\xD4\x26\xD4\x08\x04\x59\xD0\x98\x0E\x0E\xE6\xDE\xFC\xC3\xEC\x1F\x90\xF1\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x7C\x0C\x32\x1F\xA7\xD9\x30\x7F\xC4\x7D\x68\xA3\x62\xA8\xA1\xCE\xAB\x07\x5B\x27\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x11\x59\xFA\x25\x4F\x03\x6F\x94\x99\x3B\x9A\x1F\x82\x85\x39\xD4\x76\x05\x94\x5E\xE1\x28\x93\x6D\x62\x5D\x09\xC2\xA0\xA8\xD4\xB0\x75\x38\xF1\x34\x6A\x9D\xE4\x9F\x8A\x86\x26\x51\xE6\x2C\xD1\xC6\x2D\x6E\x95\x20\x4A\x92\x01\xEC\xB8\x8A\x67\x7B\x31\xE2\x67\x2E\x8C\x95\x03\x26\x2E\x43\x9D\x4A\x31\xF6\x0E\xB5\x0C\xBB\xB7\xE2\x37\x7F\x22\xBA\x00\xA3\x0E\x7B\x52\xFB\x6B\xBB\x3B\xC4\xD3\x79\x51\x4E\xCD\x90\xF4\x67\x07\x19\xC8\x3C\x46\x7A\x0D\x01\x7D\xC5\x58\xE7\x6D\xE6\x85\x30\x17\x9A\x24\xC4\x10\xE0\x04\xF7\xE0\xF2\x7F\xD4\xAA\x0A\xFF\x42\x1D\x37\xED\x94\xE5\x64\x59\x12\x20\x77\x38\xD3\x32\x3E\x38\x81\x75\x96\x73\xFA\x68\x8F\xB1\xCB\xCE\x1F\xC5\xEC\xFA\x9C\x7E\xCF\x7E\xB1\xF1\x07\x2D\xB6\xFC\xBF\xCA\xA4\xBF\xD0\x97\x05\x4A\xBC\xEA\x18\x28\x02\x90\xBD\x54\x78\x09\x21\x71\xD3\xD1\x7D\x1D\xD9\x16\xB0\xA9\x61\x3D\xD0\x0A\x00\x22\xFC\xC7\x7B\xCB\x09\x64\x45\x0B\x3B\x40\x81\xF7\x7D\x7C\x32\xF5\x98\xCA\x58\x8E\x7D\x2A\xEE\x90\x59\x73\x64\xF9\x36\x74\x5E\x25\xA1\xF5\x66\x05\x2E\x7F\x39\x15\xA9\x2A\xFB\x50\x8B\x8E\x85\x69\xF4",
+	["CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US"] = "\x30\x82\x03\xEF\x30\x82\x02\xD7\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\x98\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x41\x72\x69\x7A\x6F\x6E\x61\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x53\x63\x6F\x74\x74\x73\x64\x61\x6C\x65\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x74\x61\x72\x66\x69\x65\x6C\x64\x20\x54\x65\x63\x68\x6E\x6F\x6C\x6F\x67\x69\x65\x73\x2C\x20\x49\x6E\x63\x2E\x31\x3B\x30\x39\x06\x03\x55\x04\x03\x13\x32\x53\x74\x61\x72\x66\x69\x65\x6C\x64\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x30\x1E\x17\x0D\x30\x39\x30\x39\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x37\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x98\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x41\x72\x69\x7A\x6F\x6E\x61\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x53\x63\x6F\x74\x74\x73\x64\x61\x6C\x65\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x74\x61\x72\x66\x69\x65\x6C\x64\x20\x54\x65\x63\x68\x6E\x6F\x6C\x6F\x67\x69\x65\x73\x2C\x20\x49\x6E\x63\x2E\x31\x3B\x30\x39\x06\x03\x55\x04\x03\x13\x32\x53\x74\x61\x72\x66\x69\x65\x6C\x64\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xD5\x0C\x3A\xC4\x2A\xF9\x4E\xE2\xF5\xBE\x19\x97\x5F\x8E\x88\x53\xB1\x1F\x3F\xCB\xCF\x9F\x20\x13\x6D\x29\x3A\xC8\x0F\x7D\x3C\xF7\x6B\x76\x38\x63\xD9\x36\x60\xA8\x9B\x5E\x5C\x00\x80\xB2\x2F\x59\x7F\xF6\x87\xF9\x25\x43\x86\xE7\x69\x1B\x52\x9A\x90\xE1\x71\xE3\xD8\x2D\x0D\x4E\x6F\xF6\xC8\x49\xD9\xB6\xF3\x1A\x56\xAE\x2B\xB6\x74\x14\xEB\xCF\xFB\x26\xE3\x1A\xBA\x1D\x96\x2E\x6A\x3B\x58\x94\x89\x47\x56\xFF\x25\xA0\x93\x70\x53\x83\xDA\x84\x74\x14\xC3\x67\x9E\x04\x68\x3A\xDF\x8E\x40\x5A\x1D\x4A\x4E\xCF\x43\x91\x3B\xE7\x56\xD6\x00\x70\xCB\x52\xEE\x7B\x7D\xAE\x3A\xE7\xBC\x31\xF9\x45\xF6\xC2\x60\xCF\x13\x59\x02\x2B\x80\xCC\x34\x47\xDF\xB9\xDE\x90\x65\x6D\x02\xCF\x2C\x91\xA6\xA6\xE7\xDE\x85\x18\x49\x7C\x66\x4E\xA3\x3A\x6D\xA9\xB5\xEE\x34\x2E\xBA\x0D\x03\xB8\x33\xDF\x47\xEB\xB1\x6B\x8D\x25\xD9\x9B\xCE\x81\xD1\x45\x46\x32\x96\x70\x87\xDE\x02\x0E\x49\x43\x85\xB6\x6C\x73\xBB\x64\xEA\x61\x41\xAC\xC9\xD4\x54\xDF\x87\x2F\xC7\x22\xB2\x26\xCC\x9F\x59\x54\x68\x9F\xFC\xBE\x2A\x2F\xC4\x55\x1C\x75\x40\x60\x17\x85\x02\x55\x39\x8B\x7F\x05\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x9C\x5F\x00\xDF\xAA\x01\xD7\x30\x2B\x38\x88\xA2\xB8\x6D\x4A\x9C\xF2\x11\x91\x83\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x4B\x36\xA6\x84\x77\x69\xDD\x3B\x19\x9F\x67\x23\x08\x6F\x0E\x61\xC9\xFD\x84\xDC\x5F\xD8\x36\x81\xCD\xD8\x1B\x41\x2D\x9F\x60\xDD\xC7\x1A\x68\xD9\xD1\x6E\x86\xE1\x88\x23\xCF\x13\xDE\x43\xCF\xE2\x34\xB3\x04\x9D\x1F\x29\xD5\xBF\xF8\x5E\xC8\xD5\xC1\xBD\xEE\x92\x6F\x32\x74\xF2\x91\x82\x2F\xBD\x82\x42\x7A\xAD\x2A\xB7\x20\x7D\x4D\xBC\x7A\x55\x12\xC2\x15\xEA\xBD\xF7\x6A\x95\x2E\x6C\x74\x9F\xCF\x1C\xB4\xF2\xC5\x01\xA3\x85\xD0\x72\x3E\xAD\x73\xAB\x0B\x9B\x75\x0C\x6D\x45\xB7\x8E\x94\xAC\x96\x37\xB5\xA0\xD0\x8F\x15\x47\x0E\xE3\xE8\x83\xDD\x8F\xFD\xEF\x41\x01\x77\xCC\x27\xA9\x62\x85\x33\xF2\x37\x08\xEF\x71\xCF\x77\x06\xDE\xC8\x19\x1D\x88\x40\xCF\x7D\x46\x1D\xFF\x1E\xC7\xE1\xCE\xFF\x23\xDB\xC6\xFA\x8D\x55\x4E\xA9\x02\xE7\x47\x11\x46\x3E\xF4\xFD\xBD\x7B\x29\x26\xBB\xA9\x61\x62\x37\x28\xB6\x2D\x2A\xF6\x10\x86\x64\xC9\x70\xA7\xD2\xAD\xB7\x29\x70\x79\xEA\x3C\xDA\x63\x25\x9F\xFD\x68\xB7\x30\xEC\x70\xFB\x75\x8A\xB7\x6D\x60\x67\xB2\x1E\xC8\xB9\xE9\xD8\xA8\x6F\x02\x8B\x67\x0D\x4D\x26\x57\x71\xDA\x20\xFC\xC1\x4A\x50\x8D\xB1\x28\xBA",
+	["CN=AffirmTrust Commercial,O=AffirmTrust,C=US"] = "\x30\x82\x03\x4C\x30\x82\x02\x34\xA0\x03\x02\x01\x02\x02\x08\x77\x77\x06\x27\x26\xA9\xB1\x7C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x44\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x0C\x16\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x20\x43\x6F\x6D\x6D\x65\x72\x63\x69\x61\x6C\x30\x1E\x17\x0D\x31\x30\x30\x31\x32\x39\x31\x34\x30\x36\x30\x36\x5A\x17\x0D\x33\x30\x31\x32\x33\x31\x31\x34\x30\x36\x30\x36\x5A\x30\x44\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x0C\x16\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x20\x43\x6F\x6D\x6D\x65\x72\x63\x69\x61\x6C\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xF6\x1B\x4F\x67\x07\x2B\xA1\x15\xF5\x06\x22\xCB\x1F\x01\xB2\xE3\x73\x45\x06\x44\x49\x2C\xBB\x49\x25\x14\xD6\xCE\xC3\xB7\xAB\x2C\x4F\xC6\x41\x32\x94\x57\xFA\x12\xA7\x5B\x0E\xE2\x8F\x1F\x1E\x86\x19\xA7\xAA\xB5\x2D\xB9\x5F\x0D\x8A\xC2\xAF\x85\x35\x79\x32\x2D\xBB\x1C\x62\x37\xF2\xB1\x5B\x4A\x3D\xCA\xCD\x71\x5F\xE9\x42\xBE\x94\xE8\xC8\xDE\xF9\x22\x48\x64\xC6\xE5\xAB\xC6\x2B\x6D\xAD\x05\xF0\xFA\xD5\x0B\xCF\x9A\xE5\xF0\x50\xA4\x8B\x3B\x47\xA5\x23\x5B\x7A\x7A\xF8\x33\x3F\xB8\xEF\x99\x97\xE3\x20\xC1\xD6\x28\x89\xCF\x94\xFB\xB9\x45\xED\xE3\x40\x17\x11\xD4\x74\xF0\x0B\x31\xE2\x2B\x26\x6A\x9B\x4C\x57\xAE\xAC\x20\x3E\xBA\x45\x7A\x05\xF3\xBD\x9B\x69\x15\xAE\x7D\x4E\x20\x63\xC4\x35\x76\x3A\x07\x02\xC9\x37\xFD\xC7\x47\xEE\xE8\xF1\x76\x1D\x73\x15\xF2\x97\xA4\xB5\xC8\x7A\x79\xD9\x42\xAA\x2B\x7F\x5C\xFE\xCE\x26\x4F\xA3\x66\x81\x35\xAF\x44\xBA\x54\x1E\x1C\x30\x32\x65\x9D\xE6\x3C\x93\x5E\x50\x4E\x7A\xE3\x3A\xD4\x6E\xCC\x1A\xFB\xF9\xD2\x37\xAE\x24\x2A\xAB\x57\x03\x22\x28\x0D\x49\x75\x7F\xB7\x28\xDA\x75\xBF\x8E\xE3\xDC\x0E\x79\x31\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x9D\x93\xC6\x53\x8B\x5E\xCA\xAF\x3F\x9F\x1E\x0F\xE5\x99\x95\xBC\x24\xF6\x94\x8F\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x58\xAC\xF4\x04\x0E\xCD\xC0\x0D\xFF\x0A\xFD\xD4\xBA\x16\x5F\x29\xBD\x7B\x68\x99\x58\x49\xD2\xB4\x1D\x37\x4D\x7F\x27\x7D\x46\x06\x5D\x43\xC6\x86\x2E\x3E\x73\xB2\x26\x7D\x4F\x93\xA9\xB6\xC4\x2A\x9A\xAB\x21\x97\x14\xB1\xDE\x8C\xD3\xAB\x89\x15\xD8\x6B\x24\xD4\xF1\x16\xAE\xD8\xA4\x5C\xD4\x7F\x51\x8E\xED\x18\x01\xB1\x93\x63\xBD\xBC\xF8\x61\x80\x9A\x9E\xB1\xCE\x42\x70\xE2\xA9\x7D\x06\x25\x7D\x27\xA1\xFE\x6F\xEC\xB3\x1E\x24\xDA\xE3\x4B\x55\x1A\x00\x3B\x35\xB4\x3B\xD9\xD7\x5D\x30\xFD\x81\x13\x89\xF2\xC2\x06\x2B\xED\x67\xC4\x8E\xC9\x43\xB2\x5C\x6B\x15\x89\x02\xBC\x62\xFC\x4E\xF2\xB5\x33\xAA\xB2\x6F\xD3\x0A\xA2\x50\xE3\xF6\x3B\xE8\x2E\x44\xC2\xDB\x66\x38\xA9\x33\x56\x48\xF1\x6D\x1B\x33\x8D\x0D\x8C\x3F\x60\x37\x9D\xD3\xCA\x6D\x7E\x34\x7E\x0D\x9F\x72\x76\x8B\x1B\x9F\x72\xFD\x52\x35\x41\x45\x02\x96\x2F\x1C\xB2\x9A\x73\x49\x21\xB1\x49\x47\x45\x47\xB4\xEF\x6A\x34\x11\xC9\x4D\x9A\xCC\x59\xB7\xD6\x02\x9E\x5A\x4E\x65\xB5\x94\xAE\x1B\xDF\x29\xB0\x16\xF1\xBF\x00\x9E\x07\x3A\x17\x64\xB5\x04\xB5\x23\x21\x99\x0A\x95\x3B\x97\x7C\xEF",
+	["CN=AffirmTrust Networking,O=AffirmTrust,C=US"] = "\x30\x82\x03\x4C\x30\x82\x02\x34\xA0\x03\x02\x01\x02\x02\x08\x7C\x4F\x04\x39\x1C\xD4\x99\x2D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x44\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x0C\x16\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x69\x6E\x67\x30\x1E\x17\x0D\x31\x30\x30\x31\x32\x39\x31\x34\x30\x38\x32\x34\x5A\x17\x0D\x33\x30\x31\x32\x33\x31\x31\x34\x30\x38\x32\x34\x5A\x30\x44\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x0C\x16\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x69\x6E\x67\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB4\x84\xCC\x33\x17\x2E\x6B\x94\x6C\x6B\x61\x52\xA0\xEB\xA3\xCF\x79\x94\x4C\xE5\x94\x80\x99\xCB\x55\x64\x44\x65\x8F\x67\x64\xE2\x06\xE3\x5C\x37\x49\xF6\x2F\x9B\x84\x84\x1E\x2D\xF2\x60\x9D\x30\x4E\xCC\x84\x85\xE2\x2C\xCF\x1E\x9E\xFE\x36\xAB\x33\x77\x35\x44\xD8\x35\x96\x1A\x3D\x36\xE8\x7A\x0E\xD8\xD5\x47\xA1\x6A\x69\x8B\xD9\xFC\xBB\x3A\xAE\x79\x5A\xD5\xF4\xD6\x71\xBB\x9A\x90\x23\x6B\x9A\xB7\x88\x74\x87\x0C\x1E\x5F\xB9\x9E\x2D\xFA\xAB\x53\x2B\xDC\xBB\x76\x3E\x93\x4C\x08\x08\x8C\x1E\xA2\x23\x1C\xD4\x6A\xAD\x22\xBA\x99\x01\x2E\x6D\x65\xCB\xBE\x24\x66\x55\x24\x4B\x40\x44\xB1\x1B\xD7\xE1\xC2\x85\xC0\xDE\x10\x3F\x3D\xED\xB8\xFC\xF1\xF1\x23\x53\xDC\xBF\x65\x97\x6F\xD9\xF9\x40\x71\x8D\x7D\xBD\x95\xD4\xCE\xBE\xA0\x5E\x27\x23\xDE\xFD\xA6\xD0\x26\x0E\x00\x29\xEB\x3C\x46\xF0\x3D\x60\xBF\x3F\x50\xD2\xDC\x26\x41\x51\x9E\x14\x37\x42\x04\xA3\x70\x57\xA8\x1B\x87\xED\x2D\xFA\x7B\xEE\x8C\x0A\xE3\xA9\x66\x89\x19\xCB\x41\xF9\xDD\x44\x36\x61\xCF\xE2\x77\x46\xC8\x7D\xF6\xF4\x92\x81\x36\xFD\xDB\x34\xF1\x72\x7E\xF3\x0C\x16\xBD\xB4\x15\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x07\x1F\xD2\xE7\x9C\xDA\xC2\x6E\xA2\x40\xB4\xB0\x7A\x50\x10\x50\x74\xC4\xC8\xBD\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x89\x57\xB2\x16\x7A\xA8\xC2\xFD\xD6\xD9\x9B\x9B\x34\xC2\x9C\xB4\x32\x14\x4D\xA7\xA4\xDF\xEC\xBE\xA7\xBE\xF8\x43\xDB\x91\x37\xCE\xB4\x32\x2E\x50\x55\x1A\x35\x4E\x76\x43\x71\x20\xEF\x93\x77\x4E\x15\x70\x2E\x87\xC3\xC1\x1D\x6D\xDC\xCB\xB5\x27\xD4\x2C\x56\xD1\x52\x53\x3A\x44\xD2\x73\xC8\xC4\x1B\x05\x65\x5A\x62\x92\x9C\xEE\x41\x8D\x31\xDB\xE7\x34\xEA\x59\x21\xD5\x01\x7A\xD7\x64\xB8\x64\x39\xCD\xC9\xED\xAF\xED\x4B\x03\x48\xA7\xA0\x99\x01\x80\xDC\x65\xA3\x36\xAE\x65\x59\x48\x4F\x82\x4B\xC8\x65\xF1\x57\x1D\xE5\x59\x2E\x0A\x3F\x6C\xD8\xD1\xF5\xE5\x09\xB4\x6C\x54\x00\x0A\xE0\x15\x4D\x87\x75\x6D\xB7\x58\x96\x5A\xDD\x6D\xD2\x00\xA0\xF4\x9B\x48\xBE\xC3\x37\xA4\xBA\x36\xE0\x7C\x87\x85\x97\x1A\x15\xA2\xDE\x2E\xA2\x5B\xBD\xAF\x18\xF9\x90\x50\xCD\x70\x59\xF8\x27\x67\x47\xCB\xC7\xA0\x07\x3A\x7D\xD1\x2C\x5D\x6C\x19\x3A\x66\xB5\x7D\xFD\x91\x6F\x82\xB1\xBE\x08\x93\xDB\x14\x47\xF1\xA2\x37\xC7\x45\x9E\x3C\xC7\x77\xAF\x64\xA8\x93\xDF\xF6\x69\x83\x82\x60\xF2\x49\x42\x34\xED\x5A\x00\x54\x85\x1C\x16\x36\x92\x0C\x5C\xFA\xA6\xAD\xBF\xDB",
+	["CN=AffirmTrust Premium,O=AffirmTrust,C=US"] = "\x30\x82\x05\x46\x30\x82\x03\x2E\xA0\x03\x02\x01\x02\x02\x08\x6D\x8C\x14\x46\xB1\xA6\x0A\xEE\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C\x05\x00\x30\x41\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x0C\x13\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x20\x50\x72\x65\x6D\x69\x75\x6D\x30\x1E\x17\x0D\x31\x30\x30\x31\x32\x39\x31\x34\x31\x30\x33\x36\x5A\x17\x0D\x34\x30\x31\x32\x33\x31\x31\x34\x31\x30\x33\x36\x5A\x30\x41\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x0C\x13\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x20\x50\x72\x65\x6D\x69\x75\x6D\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xC4\x12\xDF\xA9\x5F\xFE\x41\xDD\xDD\xF5\x9F\x8A\xE3\xF6\xAC\xE1\x3C\x78\x9A\xBC\xD8\xF0\x7F\x7A\xA0\x33\x2A\xDC\x8D\x20\x5B\xAE\x2D\x6F\xE7\x93\xD9\x36\x70\x6A\x68\xCF\x8E\x51\xA3\x85\x5B\x67\x04\xA0\x10\x24\x6F\x5D\x28\x82\xC1\x97\x57\xD8\x48\x29\x13\xB6\xE1\xBE\x91\x4D\xDF\x85\x0C\x53\x18\x9A\x1E\x24\xA2\x4F\x8F\xF0\xA2\x85\x0B\xCB\xF4\x29\x7F\xD2\xA4\x58\xEE\x26\x4D\xC9\xAA\xA8\x7B\x9A\xD9\xFA\x38\xDE\x44\x57\x15\xE5\xF8\x8C\xC8\xD9\x48\xE2\x0D\x16\x27\x1D\x1E\xC8\x83\x85\x25\xB7\xBA\xAA\x55\x41\xCC\x03\x22\x4B\x2D\x91\x8D\x8B\xE6\x89\xAF\x66\xC7\xE9\xFF\x2B\xE9\x3C\xAC\xDA\xD2\xB3\xC3\xE1\x68\x9C\x89\xF8\x7A\x00\x56\xDE\xF4\x55\x95\x6C\xFB\xBA\x64\xDD\x62\x8B\xDF\x0B\x77\x32\xEB\x62\xCC\x26\x9A\x9B\xBB\xAA\x62\x83\x4C\xB4\x06\x7A\x30\xC8\x29\xBF\xED\x06\x4D\x97\xB9\x1C\xC4\x31\x2B\xD5\x5F\xBC\x53\x12\x17\x9C\x99\x57\x29\x66\x77\x61\x21\x31\x07\x2E\x25\x49\x9D\x18\xF2\xEE\xF3\x2B\x71\x8C\xB5\xBA\x39\x07\x49\x77\xFC\xEF\x2E\x92\x90\x05\x8D\x2D\x2F\x77\x7B\xEF\x43\xBF\x35\xBB\x9A\xD8\xF9\x73\xA7\x2C\xF2\xD0\x57\xEE\x28\x4E\x26\x5F\x8F\x90\x68\x09\x2F\xB8\xF8\xDC\x06\xE9\x2E\x9A\x3E\x51\xA7\xD1\x22\xC4\x0A\xA7\x38\x48\x6C\xB3\xF9\xFF\x7D\xAB\x86\x57\xE3\xBA\xD6\x85\x78\x77\xBA\x43\xEA\x48\x7F\xF6\xD8\xBE\x23\x6D\x1E\xBF\xD1\x36\x6C\x58\x5C\xF1\xEE\xA4\x19\x54\x1A\xF5\x03\xD2\x76\xE6\xE1\x8C\xBD\x3C\xB3\xD3\x48\x4B\xE2\xC8\xF8\x7F\x92\xA8\x76\x46\x9C\x42\x65\x3E\xA4\x1E\xC1\x07\x03\x5A\x46\x2D\xB8\x97\xF3\xB7\xD5\xB2\x55\x21\xEF\xBA\xDC\x4C\x00\x97\xFB\x14\x95\x27\x33\xBF\xE8\x43\x47\x46\xD2\x08\x99\x16\x60\x3B\x9A\x7E\xD2\xE6\xED\x38\xEA\xEC\x01\x1E\x3C\x48\x56\x49\x09\xC7\x4C\x37\x00\x9E\x88\x0E\xC0\x73\xE1\x6F\x66\xE9\x72\x47\x30\x3E\x10\xE5\x0B\x03\xC9\x9A\x42\x00\x6C\xC5\x94\x7E\x61\xC4\x8A\xDF\x7F\x82\x1A\x0B\x59\xC4\x59\x32\x77\xB3\xBC\x60\x69\x56\x39\xFD\xB4\x06\x7B\x2C\xD6\x64\x36\xD9\xBD\x48\xED\x84\x1F\x7E\xA5\x22\x8F\x2A\xB8\x42\xF4\x82\xB7\xD4\x53\x90\x78\x4E\x2D\x1A\xFD\x81\x6F\x44\xD7\x3B\x01\x74\x96\x42\xE0\x00\xE2\x2E\x6B\xEA\xC5\xEE\x72\xAC\xBB\xBF\xFE\xEA\xAA\xA8\xF8\xDC\xF6\xB2\x79\x8A\xB6\x67\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x9D\xC0\x67\xA6\x0C\x22\xD9\x26\xF5\x45\xAB\xA6\x65\x52\x11\x27\xD8\x45\xAC\x63\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C\x05\x00\x03\x82\x02\x01\x00\xB3\x57\x4D\x10\x62\x4E\x3A\xE4\xAC\xEA\xB8\x1C\xAF\x32\x23\xC8\xB3\x49\x5A\x51\x9C\x76\x28\x8D\x79\xAA\x57\x46\x17\xD5\xF5\x52\xF6\xB7\x44\xE8\x08\x44\xBF\x18\x84\xD2\x0B\x80\xCD\xC5\x12\xFD\x00\x55\x05\x61\x87\x41\xDC\xB5\x24\x9E\x3C\xC4\xD8\xC8\xFB\x70\x9E\x2F\x78\x96\x83\x20\x36\xDE\x7C\x0F\x69\x13\x88\xA5\x75\x36\x98\x08\xA6\xC6\xDF\xAC\xCE\xE3\x58\xD6\xB7\x3E\xDE\xBA\xF3\xEB\x34\x40\xD8\xA2\x81\xF5\x78\x3F\x2F\xD5\xA5\xFC\xD9\xA2\xD4\x5E\x04\x0E\x17\xAD\xFE\x41\xF0\xE5\xB2\x72\xFA\x44\x82\x33\x42\xE8\x2D\x58\xF7\x56\x8C\x62\x3F\xBA\x42\xB0\x9C\x0C\x5C\x7E\x2E\x65\x26\x5C\x53\x4F\x00\xB2\x78\x7E\xA1\x0D\x99\x2D\x8D\xB8\x1D\x8E\xA2\xC4\xB0\xFD\x60\xD0\x30\xA4\x8E\xC8\x04\x62\xA9\xC4\xED\x35\xDE\x7A\x97\xED\x0E\x38\x5E\x92\x2F\x93\x70\xA5\xA9\x9C\x6F\xA7\x7D\x13\x1D\x7E\xC6\x08\x48\xB1\x5E\x67\xEB\x51\x08\x25\xE9\xE6\x25\x6B\x52\x29\x91\x9C\xD2\x39\x73\x08\x57\xDE\x99\x06\xB4\x5B\x9D\x10\x06\xE1\xC2\x00\xA8\xB8\x1C\x4A\x02\x0A\x14\xD0\xC1\x41\xCA\xFB\x8C\x35\x21\x7D\x82\x38\xF2\xA9\x54\x91\x19\x35\x93\x94\x6D\x6A\x3A\xC5\xB2\xD0\xBB\x89\x86\x93\xE8\x9B\xC9\x0F\x3A\xA7\x7A\xB8\xA1\xF0\x78\x46\xFA\xFC\x37\x2F\xE5\x8A\x84\xF3\xDF\xFE\x04\xD9\xA1\x68\xA0\x2F\x24\xE2\x09\x95\x06\xD5\x95\xCA\xE1\x24\x96\xEB\x7C\xF6\x93\x05\xBB\xED\x73\xE9\x2D\xD1\x75\x39\xD7\xE7\x24\xDB\xD8\x4E\x5F\x43\x8F\x9E\xD0\x14\x39\xBF\x55\x70\x48\x99\x57\x31\xB4\x9C\xEE\x4A\x98\x03\x96\x30\x1F\x60\x06\xEE\x1B\x23\xFE\x81\x60\x23\x1A\x47\x62\x85\xA5\xCC\x19\x34\x80\x6F\xB3\xAC\x1A\xE3\x9F\xF0\x7B\x48\xAD\xD5\x01\xD9\x67\xB6\xA9\x72\x93\xEA\x2D\x66\xB5\xB2\xB8\xE4\x3D\x3C\xB2\xEF\x4C\x8C\xEA\xEB\x07\xBF\xAB\x35\x9A\x55\x86\xBC\x18\xA6\xB5\xA8\x5E\xB4\x83\x6C\x6B\x69\x40\xD3\x9F\xDC\xF1\xC3\x69\x6B\xB9\xE1\x6D\x09\xF4\xF1\xAA\x50\x76\x0A\x7A\x7D\x7A\x17\xA1\x55\x96\x42\x99\x31\x09\xDD\x60\x11\x8D\x05\x30\x7E\xE6\x8E\x46\xD1\x9D\x14\xDA\xC7\x17\xE4\x05\x96\x8C\xC4\x24\xB5\x1B\xCF\x14\x07\xB2\x40\xF8\xA3\x9E\x41\x86\xBC\x04\xD0\x6B\x96\xC8\x2A\x80\x34\xFD\xBF\xEF\x06\xA3\xDD\x58\xC5\x85\x3D\x3E\x8F\xFE\x9E\x29\xE0\xB6\xB8\x09\x68\x19\x1C\x18\x43",
+	["CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US"] = "\x30\x82\x01\xFE\x30\x82\x01\x85\xA0\x03\x02\x01\x02\x02\x08\x74\x97\x25\x8A\xC7\x3F\x7A\x54\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x20\x50\x72\x65\x6D\x69\x75\x6D\x20\x45\x43\x43\x30\x1E\x17\x0D\x31\x30\x30\x31\x32\x39\x31\x34\x32\x30\x32\x34\x5A\x17\x0D\x34\x30\x31\x32\x33\x31\x31\x34\x32\x30\x32\x34\x5A\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x41\x66\x66\x69\x72\x6D\x54\x72\x75\x73\x74\x20\x50\x72\x65\x6D\x69\x75\x6D\x20\x45\x43\x43\x30\x76\x30\x10\x06\x07\x2A\x86\x48\xCE\x3D\x02\x01\x06\x05\x2B\x81\x04\x00\x22\x03\x62\x00\x04\x0D\x30\x5E\x1B\x15\x9D\x03\xD0\xA1\x79\x35\xB7\x3A\x3C\x92\x7A\xCA\x15\x1C\xCD\x62\xF3\x9C\x26\x5C\x07\x3D\xE5\x54\xFA\xA3\xD6\xCC\x12\xEA\xF4\x14\x5F\xE8\x8E\x19\xAB\x2F\x2E\x48\xE6\xAC\x18\x43\x78\xAC\xD0\x37\xC3\xBD\xB2\xCD\x2C\xE6\x47\xE2\x1A\xE6\x63\xB8\x3D\x2E\x2F\x78\xC4\x4F\xDB\xF4\x0F\xA4\x68\x4C\x55\x72\x6B\x95\x1D\x4E\x18\x42\x95\x78\xCC\x37\x3C\x91\xE2\x9B\x65\x2B\x29\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x9A\xAF\x29\x7A\xC0\x11\x35\x35\x26\x51\x30\x00\xC3\x6A\xFE\x40\xD5\xAE\xD6\x3C\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0A\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03\x03\x67\x00\x30\x64\x02\x30\x17\x09\xF3\x87\x88\x50\x5A\xAF\xC8\xC0\x42\xBF\x47\x5F\xF5\x6C\x6A\x86\xE0\xC4\x27\x74\xE4\x38\x53\xD7\x05\x7F\x1B\x34\xE3\xC6\x2F\xB3\xCA\x09\x3C\x37\x9D\xD7\xE7\xB8\x46\xF1\xFD\xA1\xE2\x71\x02\x30\x42\x59\x87\x43\xD4\x51\xDF\xBA\xD3\x09\x32\x5A\xCE\x88\x7E\x57\x3D\x9C\x5F\x42\x6B\xF5\x07\x2D\xB5\xF0\x82\x93\xF9\x59\x6F\xAE\x64\xFA\x58\xE5\x8B\x1E\xE3\x63\xBE\xB5\x81\xCD\x6F\x02\x8C\x79",
+	["CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL"] = "\x30\x82\x03\xBB\x30\x82\x02\xA3\xA0\x03\x02\x01\x02\x02\x03\x04\x44\xC0\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4C\x31\x22\x30\x20\x06\x03\x55\x04\x0A\x13\x19\x55\x6E\x69\x7A\x65\x74\x6F\x20\x54\x65\x63\x68\x6E\x6F\x6C\x6F\x67\x69\x65\x73\x20\x53\x2E\x41\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x43\x65\x72\x74\x75\x6D\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x43\x65\x72\x74\x75\x6D\x20\x54\x72\x75\x73\x74\x65\x64\x20\x4E\x65\x74\x77\x6F\x72\x6B\x20\x43\x41\x30\x1E\x17\x0D\x30\x38\x31\x30\x32\x32\x31\x32\x30\x37\x33\x37\x5A\x17\x0D\x32\x39\x31\x32\x33\x31\x31\x32\x30\x37\x33\x37\x5A\x30\x7E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4C\x31\x22\x30\x20\x06\x03\x55\x04\x0A\x13\x19\x55\x6E\x69\x7A\x65\x74\x6F\x20\x54\x65\x63\x68\x6E\x6F\x6C\x6F\x67\x69\x65\x73\x20\x53\x2E\x41\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x43\x65\x72\x74\x75\x6D\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x43\x65\x72\x74\x75\x6D\x20\x54\x72\x75\x73\x74\x65\x64\x20\x4E\x65\x74\x77\x6F\x72\x6B\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xE3\xFB\x7D\xA3\x72\xBA\xC2\xF0\xC9\x14\x87\xF5\x6B\x01\x4E\xE1\x6E\x40\x07\xBA\x6D\x27\x5D\x7F\xF7\x5B\x2D\xB3\x5A\xC7\x51\x5F\xAB\xA4\x32\xA6\x61\x87\xB6\x6E\x0F\x86\xD2\x30\x02\x97\xF8\xD7\x69\x57\xA1\x18\x39\x5D\x6A\x64\x79\xC6\x01\x59\xAC\x3C\x31\x4A\x38\x7C\xD2\x04\xD2\x4B\x28\xE8\x20\x5F\x3B\x07\xA2\xCC\x4D\x73\xDB\xF3\xAE\x4F\xC7\x56\xD5\x5A\xA7\x96\x89\xFA\xF3\xAB\x68\xD4\x23\x86\x59\x27\xCF\x09\x27\xBC\xAC\x6E\x72\x83\x1C\x30\x72\xDF\xE0\xA2\xE9\xD2\xE1\x74\x75\x19\xBD\x2A\x9E\x7B\x15\x54\x04\x1B\xD7\x43\x39\xAD\x55\x28\xC5\xE2\x1A\xBB\xF4\xC0\xE4\xAE\x38\x49\x33\xCC\x76\x85\x9F\x39\x45\xD2\xA4\x9E\xF2\x12\x8C\x51\xF8\x7C\xE4\x2D\x7F\xF5\xAC\x5F\xEB\x16\x9F\xB1\x2D\xD1\xBA\xCC\x91\x42\x77\x4C\x25\xC9\x90\x38\x6F\xDB\xF0\xCC\xFB\x8E\x1E\x97\x59\x3E\xD5\x60\x4E\xE6\x05\x28\xED\x49\x79\x13\x4B\xBA\x48\xDB\x2F\xF9\x72\xD3\x39\xCA\xFE\x1F\xD8\x34\x72\xF5\xB4\x40\xCF\x31\x01\xC3\xEC\xDE\x11\x2D\x17\x5D\x1F\xB8\x50\xD1\x5E\x19\xA7\x69\xDE\x07\x33\x28\xCA\x50\x95\xF9\xA7\x54\xCB\x54\x86\x50\x45\xA9\xF9\x49\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x08\x76\xCD\xCB\x07\xFF\x24\xF6\xC5\xCD\xED\xBB\x90\xBC\xE2\x84\x37\x46\x75\xF7\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xA6\xA8\xAD\x22\xCE\x01\x3D\xA6\xA3\xFF\x62\xD0\x48\x9D\x8B\x5E\x72\xB0\x78\x44\xE3\xDC\x1C\xAF\x09\xFD\x23\x48\xFA\xBD\x2A\xC4\xB9\x55\x04\xB5\x10\xA3\x8D\x27\xDE\x0B\x82\x63\xD0\xEE\xDE\x0C\x37\x79\x41\x5B\x22\xB2\xB0\x9A\x41\x5C\xA6\x70\xE0\xD4\xD0\x77\xCB\x23\xD3\x00\xE0\x6C\x56\x2F\xE1\x69\x0D\x0D\xD9\xAA\xBF\x21\x81\x50\xD9\x06\xA5\xA8\xFF\x95\x37\xD0\xAA\xFE\xE2\xB3\xF5\x99\x2D\x45\x84\x8A\xE5\x42\x09\xD7\x74\x02\x2F\xF7\x89\xD8\x99\xE9\xBC\x27\xD4\x47\x8D\xBA\x0D\x46\x1C\x77\xCF\x14\xA4\x1C\xB9\xA4\x31\xC4\x9C\x28\x74\x03\x34\xFF\x33\x19\x26\xA5\xE9\x0D\x74\xB7\x3E\x97\xC6\x76\xE8\x27\x96\xA3\x66\xDD\xE1\xAE\xF2\x41\x5B\xCA\x98\x56\x83\x73\x70\xE4\x86\x1A\xD2\x31\x41\xBA\x2F\xBE\x2D\x13\x5A\x76\x6F\x4E\xE8\x4E\x81\x0E\x3F\x5B\x03\x22\xA0\x12\xBE\x66\x58\x11\x4A\xCB\x03\xC4\xB4\x2A\x2A\x2D\x96\x17\xE0\x39\x54\xBC\x48\xD3\x76\x27\x9D\x9A\x2D\x06\xA6\xC9\xEC\x39\xD2\xAB\xDB\x9F\x9A\x0B\x27\x02\x35\x29\xB1\x40\x95\xE7\xF9\xE8\x9C\x55\x88\x19\x46\xD6\xB7\x34\xF5\x7E\xCE\x39\x9A\xD9\x38\xF1\x51\xF7\x4F\x2C",
+	["CN=Certinomis - Autorit\C3\A9 Racine,OU=0002 433998903,O=Certinomis,C=FR"] = "\x30\x82\x05\x9C\x30\x82\x03\x84\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x43\x65\x72\x74\x69\x6E\x6F\x6D\x69\x73\x31\x17\x30\x15\x06\x03\x55\x04\x0B\x13\x0E\x30\x30\x30\x32\x20\x34\x33\x33\x39\x39\x38\x39\x30\x33\x31\x26\x30\x24\x06\x03\x55\x04\x03\x0C\x1D\x43\x65\x72\x74\x69\x6E\x6F\x6D\x69\x73\x20\x2D\x20\x41\x75\x74\x6F\x72\x69\x74\xC3\xA9\x20\x52\x61\x63\x69\x6E\x65\x30\x1E\x17\x0D\x30\x38\x30\x39\x31\x37\x30\x38\x32\x38\x35\x39\x5A\x17\x0D\x32\x38\x30\x39\x31\x37\x30\x38\x32\x38\x35\x39\x5A\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x43\x65\x72\x74\x69\x6E\x6F\x6D\x69\x73\x31\x17\x30\x15\x06\x03\x55\x04\x0B\x13\x0E\x30\x30\x30\x32\x20\x34\x33\x33\x39\x39\x38\x39\x30\x33\x31\x26\x30\x24\x06\x03\x55\x04\x03\x0C\x1D\x43\x65\x72\x74\x69\x6E\x6F\x6D\x69\x73\x20\x2D\x20\x41\x75\x74\x6F\x72\x69\x74\xC3\xA9\x20\x52\x61\x63\x69\x6E\x65\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\x9D\x85\x9F\x86\xD3\xE3\xAF\xC7\xB2\x6B\x6E\x33\xE0\x9E\xB7\x42\x34\x55\x9D\xF9\x81\xBE\x63\xD8\x23\x76\x0E\x97\x54\xCD\x99\x4C\x1A\xF1\x39\xC7\x88\xD8\x17\x50\x0C\x9E\x61\xDA\xC0\x4E\x55\xDE\xE7\x5A\xB8\x7A\x4E\x77\x87\x0D\xE5\xB8\xEB\xFA\x9E\x5E\x7B\x1E\xC4\xCF\x28\x74\xC7\x93\xF5\x14\xC6\x22\x28\x04\xF9\x91\xC3\xAB\x27\x73\x6A\x0E\x2E\x4D\xF3\x2E\x28\x1F\x70\xDF\x55\x2F\x4E\xED\xC7\x71\x6F\x09\x72\x2E\xED\xD5\x32\x97\xD0\xF1\x58\x77\xD1\x60\xBC\x4E\x5E\xDB\x9A\x84\xF6\x47\x61\x45\x2B\xF6\x50\xA6\x7F\x6A\x71\x27\x48\x84\x35\x9E\xAC\xFE\x69\xA9\x9E\x7A\x5E\x35\x25\xFA\xB4\xA7\x49\x35\x77\x96\xA7\x36\x5B\xE1\xCD\xDF\x23\x70\xD8\x5D\x4C\xA5\x08\x83\xF1\xA6\x24\x38\x13\xA8\xEC\x2F\xA8\xA1\x67\xC7\xA6\x2D\x86\x47\xEE\x8A\xFC\xEC\x9B\x0E\x74\xF4\x2B\x49\x02\x7B\x90\x75\x8C\xFC\x99\x39\x01\x39\xD6\x4A\x89\xE5\x9E\x76\xAB\x3E\x96\x28\x38\x26\x8B\xDD\x8D\x8C\xC0\xF6\x01\x1E\x6F\xA5\x31\x12\x38\x7D\x95\xC2\x71\xEE\xED\x74\xAE\xE4\x36\xA2\x43\x75\xD5\xF1\x00\x9B\xE2\xE4\xD7\xCC\x42\x03\x4B\x78\x7A\xE5\x7D\xBB\xB8\xAE\x2E\x20\x93\xD3\xE4\x61\xDF\x71\xE1\x76\x67\x97\x3F\xB6\xDF\x6A\x73\x5A\x64\x22\xE5\x42\xDB\xCF\x81\x03\x93\xD8\xF4\xE3\x10\xE0\x72\xF6\x00\x70\xAC\xF0\xC1\x7A\x0F\x05\x7F\xCF\x34\x69\x45\xB5\x93\xE4\x19\xDB\x52\x16\x23\x05\x89\x0E\x8D\x48\xE4\x25\x6F\xB3\x78\xBF\x62\xF5\x07\xFA\x95\x24\xC2\x96\xB2\xE8\xA3\x23\xC2\x5D\x03\xFC\xC3\xD3\xE5\x7C\xC9\x75\x23\xD7\xF4\xF5\xBC\xDE\xE4\xDF\xCD\x80\xBF\x91\x88\x7D\xA7\x13\xB4\x39\xBA\x2C\xBA\xBD\xD1\x6B\xCC\xF3\xA5\x28\xED\x44\x9E\x7D\x52\xA3\x6F\x96\x2E\x19\x7E\x1C\xF3\x5B\xC7\x16\x8E\xBB\x60\x7D\x77\x66\x47\x54\x82\x00\x11\x60\x6C\x32\xC1\xA8\x38\x1B\xEB\x6E\x98\x13\xD6\xEE\x38\xF5\xF0\x9F\x0E\xEF\xFE\x31\x81\xC1\xD2\x24\x95\x2F\x53\x7A\x69\xA2\xF0\x0F\x86\x45\x8E\x58\x82\x2B\x4C\x22\xD4\x5E\xA0\xE7\x7D\x26\x27\x48\xDF\x25\x46\x8D\x4A\x28\x7C\x86\x9E\xF9\x9B\x1A\x59\xB9\x65\xBF\x05\xDD\xB6\x42\x5D\x3D\xE6\x00\x48\x82\x5E\x20\xF7\x11\x82\xDE\xCA\xD8\x9F\xE6\x37\x47\x26\x1E\xEB\x78\xF7\x61\xC3\x41\x64\x58\x02\x41\xF9\xDA\xE0\xD1\xF8\xF9\xE8\xFD\x52\x38\xB6\xF5\x89\xDF\x02\x03\x01\x00\x01\xA3\x5B\x30\x59\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x0D\x8C\xB6\x61\xDA\x44\xB8\xD1\x14\x7D\xC3\xBE\x7D\x5E\x48\xF0\xCE\xCA\x6A\xB0\x30\x17\x06\x03\x55\x1D\x20\x04\x10\x30\x0E\x30\x0C\x06\x0A\x2A\x81\x7A\x01\x56\x02\x02\x00\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x24\x3E\x60\x06\x7E\x1D\xEF\x3A\x3E\xDB\xEA\xAF\x1C\x9A\x2C\x01\x0B\xF4\xC5\xB5\xD9\x49\x31\xF4\x5D\x41\x8D\x89\x0C\x4E\xFF\x6C\xA2\xFD\xFF\xE2\x06\xC8\x39\x9F\xF1\x5A\xA9\xDD\x22\x58\x15\xA8\x8A\xD3\xB1\xE6\x32\x09\x82\x03\x6C\xD7\x3F\x08\xC7\xF8\xB9\xBA\x00\x6D\xB9\xD6\xFC\x52\x32\x5D\xA4\x7F\xA4\x31\x94\xBB\xB6\x4C\x38\x7F\x28\x30\x35\xFF\x9F\x23\x53\xB7\xB6\xEE\x14\x70\x00\x40\x2B\xDA\x47\xAB\x34\x7E\x5E\xA7\x56\x30\x61\x2B\x8B\x43\xAC\xFD\xB6\x88\x28\xF5\x6B\xB6\x3E\x60\x4A\xBA\x42\x90\x34\x67\x8D\xEA\xEB\x5F\x45\x54\x3B\x17\xAC\x8B\xE4\xC6\x65\x0F\xEE\xD0\x8C\x5D\x66\x39\xCE\x32\xA7\xD8\x10\x97\xC0\x7E\x34\x9C\x9F\x94\xF3\xF6\x86\x1F\xCF\x1B\x73\xAD\x94\x79\x87\x68\x70\xC3\x33\xA5\x70\xE7\xD8\xD5\x38\x94\x6F\x63\x79\xEB\xBF\x0A\x0E\x08\xE7\xC5\x2F\x0F\x42\xA0\x2B\x14\x40\xFF\x21\xE0\x05\xC5\x27\xE1\x84\x11\x13\xBA\xD6\x86\x1D\x41\x0B\x13\x23\x89\xD3\xC9\x0B\xE8\x8A\xBA\x7A\xA3\xA3\x73\x37\x35\x80\x7D\x12\xB8\x33\x77\x40\x38\xC0\xFA\x5E\x30\xD2\xF2\xB6\xA3\xB1\xD6\xA2\x95\x97\x81\x9B\x52\xED\x69\x4C\xFF\x80\xE4\x53\xDB\x54\x5B\x03\x6D\x54\x5F\xB1\xB8\xEF\x24\xBD\x6F\x9F\x11\xC3\xC7\x64\xC2\x0F\x28\x62\x85\x66\x5E\x1A\x7B\xB2\xB7\xEF\xAE\x35\xC9\x19\x33\xA8\xB8\x27\xDB\x33\x55\xBF\x68\xE1\x75\x48\x44\x56\xFB\xCD\xD3\x48\xBB\x47\x89\x3A\xAC\x69\xF5\x80\xC6\xE4\x44\x50\x2F\x54\xC4\xAA\x43\xC5\x31\x31\x58\xBD\x96\xC5\xEA\x75\x6C\x9A\x75\xB1\x4D\xF8\xF7\x97\xFF\x96\x16\xF2\x97\x4D\xE8\xF6\xF3\x11\xF9\x3A\x7D\x8A\x38\x6E\x04\xCB\xE1\xD3\x45\x15\xAA\xA5\xD1\x1D\x9D\x5D\x63\xE8\x24\xE6\x36\x14\xE2\x87\xAD\x1B\x59\xF5\x44\x9B\xFB\xD7\x77\x7C\x1F\x01\x70\x62\xA1\x20\x1A\xA2\xC5\x1A\x28\xF4\x21\x03\xEE\x2E\xD9\xC1\x80\xEA\xB9\xD9\x82\xD6\x5B\x76\xC2\xCB\x3B\xB5\xD2\x00\xF0\xA3\x0E\xE1\xAD\x6E\x40\xF7\xDB\xA0\xB4\xD0\x46\xAE\x15\xD7\x44\xC2\x4D\x35\xF9\xD2\x0B\xF2\x17\xF6\xAC\x66\xD5\x24\xB2\x4F\xD1\x1C\x99\xC0\x6E\xF5\x7D\xEB\x74\x04\xB8\xF9\x4D\x77\x09\xD7\xB4\xCF\x07\x30\x09\xF1\xB8\x00\x56\xD9\x17\x16\x16\x0A\x2B\x86\xDF\x8F\x01\x19\x1A\xE5\xBB\x82\x63\xFF\xBE\x0B\x76\x16\x5E\x37\x37\xE6\xD8\x74\x97\xA2\x99\x45\x79",
+	["CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES"] = "\x30\x82\x06\x8B\x30\x82\x05\x73\xA0\x03\x02\x01\x02\x02\x04\x3B\x45\xE5\x68\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x68\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x1F\x30\x1D\x06\x03\x55\x04\x0A\x13\x16\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x31\x0F\x30\x0D\x06\x03\x55\x04\x0B\x13\x06\x50\x4B\x49\x47\x56\x41\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x52\x6F\x6F\x74\x20\x43\x41\x20\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x30\x1E\x17\x0D\x30\x31\x30\x37\x30\x36\x31\x36\x32\x32\x34\x37\x5A\x17\x0D\x32\x31\x30\x37\x30\x31\x31\x35\x32\x32\x34\x37\x5A\x30\x68\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x1F\x30\x1D\x06\x03\x55\x04\x0A\x13\x16\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x31\x0F\x30\x0D\x06\x03\x55\x04\x0B\x13\x06\x50\x4B\x49\x47\x56\x41\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x52\x6F\x6F\x74\x20\x43\x41\x20\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC6\x2A\xAB\x57\x11\x37\x2F\x22\x8A\xCA\x03\x74\x1D\xCA\xED\x2D\xA2\x0B\xBC\x33\x52\x40\x26\x47\xBE\x5A\x69\xA6\x3B\x72\x36\x17\x4C\xE8\xDF\xB8\xBB\x2F\x76\xE1\x40\x46\x74\x65\x02\x90\x52\x08\xB4\xFF\xA8\x8C\xC1\xE0\xC7\x89\x56\x10\x39\x33\xEF\x68\xB4\x5F\x5F\xDA\x6D\x23\xA1\x89\x5E\x22\xA3\x4A\x06\xF0\x27\xF0\x57\xB9\xF8\xE9\x4E\x32\x77\x0A\x3F\x41\x64\xF3\xEB\x65\xEE\x76\xFE\x54\xAA\x7D\x1D\x20\xAE\xF3\xD7\x74\xC2\x0A\x5F\xF5\x08\x28\x52\x08\xCC\x55\x5D\xD2\x0F\xDB\x9A\x81\xA5\xBB\xA1\xB3\xC1\x94\xCD\x54\xE0\x32\x75\x31\x91\x1A\x62\xB2\xDE\x75\xE2\xCF\x4F\x89\xD9\x91\x90\x0F\x41\x1B\xB4\x5A\x4A\x77\xBD\x67\x83\xE0\x93\xE7\x5E\xA7\x0C\xE7\x81\xD3\xF4\x52\xAC\x53\xB2\x03\xC7\x44\x26\xFB\x79\xE5\xCB\x34\x60\x50\x10\x7B\x1B\xDB\x6B\xD7\x47\xAB\x5F\x7C\x68\xCA\x6E\x9D\x41\x03\x10\xEE\x6B\x99\x7B\x5E\x25\xA8\xC2\xAB\xE4\xC0\xF3\x5C\x9C\xE3\xBE\xCE\x31\x4C\x64\x1E\x5E\x80\xA2\xF5\x83\x7E\x0C\xD6\xCA\x8C\x55\x8E\xBE\xE0\xBE\x49\x07\x0F\xA3\x24\x41\x7A\x58\x1D\x84\xEA\x58\x12\xC8\xE1\xB7\xED\xEF\x93\xDE\x94\x08\x31\x02\x03\x01\x00\x01\xA3\x82\x03\x3B\x30\x82\x03\x37\x30\x32\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x01\x04\x26\x30\x24\x30\x22\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x01\x86\x16\x68\x74\x74\x70\x3A\x2F\x2F\x6F\x63\x73\x70\x2E\x70\x6B\x69\x2E\x67\x76\x61\x2E\x65\x73\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x02\x30\x82\x02\x34\x06\x03\x55\x1D\x20\x04\x82\x02\x2B\x30\x82\x02\x27\x30\x82\x02\x23\x06\x0A\x2B\x06\x01\x04\x01\xBF\x55\x02\x01\x00\x30\x82\x02\x13\x30\x82\x01\xE8\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x82\x01\xDA\x1E\x82\x01\xD6\x00\x41\x00\x75\x00\x74\x00\x6F\x00\x72\x00\x69\x00\x64\x00\x61\x00\x64\x00\x20\x00\x64\x00\x65\x00\x20\x00\x43\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x52\x00\x61\x00\xED\x00\x7A\x00\x20\x00\x64\x00\x65\x00\x20\x00\x6C\x00\x61\x00\x20\x00\x47\x00\x65\x00\x6E\x00\x65\x00\x72\x00\x61\x00\x6C\x00\x69\x00\x74\x00\x61\x00\x74\x00\x20\x00\x56\x00\x61\x00\x6C\x00\x65\x00\x6E\x00\x63\x00\x69\x00\x61\x00\x6E\x00\x61\x00\x2E\x00\x0D\x00\x0A\x00\x4C\x00\x61\x00\x20\x00\x44\x00\x65\x00\x63\x00\x6C\x00\x61\x00\x72\x00\x61\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x64\x00\x65\x00\x20\x00\x50\x00\x72\x00\xE1\x00\x63\x00\x74\x00\x69\x00\x63\x00\x61\x00\x73\x00\x20\x00\x64\x00\x65\x00\x20\x00\x43\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x71\x00\x75\x00\x65\x00\x20\x00\x72\x00\x69\x00\x67\x00\x65\x00\x20\x00\x65\x00\x6C\x00\x20\x00\x66\x00\x75\x00\x6E\x00\x63\x00\x69\x00\x6F\x00\x6E\x00\x61\x00\x6D\x00\x69\x00\x65\x00\x6E\x00\x74\x00\x6F\x00\x20\x00\x64\x00\x65\x00\x20\x00\x6C\x00\x61\x00\x20\x00\x70\x00\x72\x00\x65\x00\x73\x00\x65\x00\x6E\x00\x74\x00\x65\x00\x20\x00\x41\x00\x75\x00\x74\x00\x6F\x00\x72\x00\x69\x00\x64\x00\x61\x00\x64\x00\x20\x00\x64\x00\x65\x00\x20\x00\x43\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x73\x00\x65\x00\x20\x00\x65\x00\x6E\x00\x63\x00\x75\x00\x65\x00\x6E\x00\x74\x00\x72\x00\x61\x00\x20\x00\x65\x00\x6E\x00\x20\x00\x6C\x00\x61\x00\x20\x00\x64\x00\x69\x00\x72\x00\x65\x00\x63\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x77\x00\x65\x00\x62\x00\x20\x00\x68\x00\x74\x00\x74\x00\x70\x00\x3A\x00\x2F\x00\x2F\x00\x77\x00\x77\x00\x77\x00\x2E\x00\x70\x00\x6B\x00\x69\x00\x2E\x00\x67\x00\x76\x00\x61\x00\x2E\x00\x65\x00\x73\x00\x2F\x00\x63\x00\x70\x00\x73\x30\x25\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x19\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x70\x6B\x69\x2E\x67\x76\x61\x2E\x65\x73\x2F\x63\x70\x73\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x7B\x35\xD3\x40\xD2\x1C\x78\x19\x66\xEF\x74\x10\x28\xDC\x3E\x4F\xB2\x78\x04\xFC\x30\x81\x95\x06\x03\x55\x1D\x23\x04\x81\x8D\x30\x81\x8A\x80\x14\x7B\x35\xD3\x40\xD2\x1C\x78\x19\x66\xEF\x74\x10\x28\xDC\x3E\x4F\xB2\x78\x04\xFC\xA1\x6C\xA4\x6A\x30\x68\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x1F\x30\x1D\x06\x03\x55\x04\x0A\x13\x16\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x31\x0F\x30\x0D\x06\x03\x55\x04\x0B\x13\x06\x50\x4B\x49\x47\x56\x41\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x52\x6F\x6F\x74\x20\x43\x41\x20\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x82\x04\x3B\x45\xE5\x68\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x24\x61\x4E\xF5\xB5\xC8\x42\x02\x2A\xB3\x5C\x75\xAD\xC5\x6D\xCA\xE7\x94\x3F\xA5\x68\x95\x88\xC1\x54\xC0\x10\x69\xA2\x12\x2F\x18\x3F\x25\x50\xA8\x7C\x4A\xEA\xC6\x09\xD9\xF4\x75\xC6\x40\xDA\xAF\x50\x9D\x3D\xA5\x16\xBB\x6D\x31\xC6\xC7\x73\x0A\x48\xFE\x20\x72\xED\x6F\xCC\xE8\x83\x61\x16\x46\x90\x01\x95\x4B\x7D\x8E\x9A\x52\x09\x2F\xF6\x6F\x1C\xE4\xA1\x71\xCF\x8C\x2A\x5A\x17\x73\x83\x47\x4D\x0F\x36\xFB\x04\x4D\x49\x51\xE2\x14\xC9\x64\x61\xFB\xD4\x14\xE0\xF4\x9E\xB7\x34\x8F\x0A\x26\xBD\x97\x5C\xF4\x79\x3A\x4A\x30\x19\xCC\xAD\x4F\xA0\x98\x8A\xB4\x31\x97\x2A\xE2\x73\x6D\x7E\x78\xB8\xF8\x88\x89\x4F\xB1\x22\x91\x64\x4B\xF5\x50\xDE\x03\xDB\xE5\xC5\x76\xE7\x13\x66\x75\x7E\x65\xFB\x01\x9F\x93\x87\x88\x9D\xF9\x46\x57\x7C\x4D\x60\xAF\x98\x73\x13\x23\xA4\x20\x91\x81\xFA\xD0\x61\x66\xB8\x7D\xD1\xAF\xD6\x6F\x1E\x6C\x3D\xE9\x11\xFD\xA9\xF9\x82\x22\x86\x99\x33\x71\x5A\xEA\x19\x57\x3D\x91\xCD\xA9\xC0\xA3\x6E\x07\x13\xA6\xC9\xED\xF8\x68\xA3\x9E\xC3\x5A\x72\x09\x87\x28\xD1\xC4\x73\xC4\x73\x18\x5F\x50\x75\x16\x31\x9F\xB7\xE8\x7C\xC3",
+	["CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT"] = "\x30\x82\x03\xCF\x30\x82\x02\xB7\xA0\x03\x02\x01\x02\x02\x03\x01\x6C\x1E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x8D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x41\x54\x31\x48\x30\x46\x06\x03\x55\x04\x0A\x0C\x3F\x41\x2D\x54\x72\x75\x73\x74\x20\x47\x65\x73\x2E\x20\x66\x2E\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x73\x79\x73\x74\x65\x6D\x65\x20\x69\x6D\x20\x65\x6C\x65\x6B\x74\x72\x2E\x20\x44\x61\x74\x65\x6E\x76\x65\x72\x6B\x65\x68\x72\x20\x47\x6D\x62\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x0C\x10\x41\x2D\x54\x72\x75\x73\x74\x2D\x6E\x51\x75\x61\x6C\x2D\x30\x33\x31\x19\x30\x17\x06\x03\x55\x04\x03\x0C\x10\x41\x2D\x54\x72\x75\x73\x74\x2D\x6E\x51\x75\x61\x6C\x2D\x30\x33\x30\x1E\x17\x0D\x30\x35\x30\x38\x31\x37\x32\x32\x30\x30\x30\x30\x5A\x17\x0D\x31\x35\x30\x38\x31\x37\x32\x32\x30\x30\x30\x30\x5A\x30\x81\x8D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x41\x54\x31\x48\x30\x46\x06\x03\x55\x04\x0A\x0C\x3F\x41\x2D\x54\x72\x75\x73\x74\x20\x47\x65\x73\x2E\x20\x66\x2E\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x73\x79\x73\x74\x65\x6D\x65\x20\x69\x6D\x20\x65\x6C\x65\x6B\x74\x72\x2E\x20\x44\x61\x74\x65\x6E\x76\x65\x72\x6B\x65\x68\x72\x20\x47\x6D\x62\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x0C\x10\x41\x2D\x54\x72\x75\x73\x74\x2D\x6E\x51\x75\x61\x6C\x2D\x30\x33\x31\x19\x30\x17\x06\x03\x55\x04\x03\x0C\x10\x41\x2D\x54\x72\x75\x73\x74\x2D\x6E\x51\x75\x61\x6C\x2D\x30\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAD\x3D\x61\x6E\x03\xF3\x90\x3B\xC0\x41\x0B\x84\x80\xCD\xEC\x2A\xA3\x9D\x6B\xBB\x6E\xC2\x42\x84\xF7\x51\x14\xE1\xA0\xA8\x2D\x51\xA3\x51\xF2\xDE\x23\xF0\x34\x44\xFF\x94\xEB\xCC\x05\x23\x95\x40\xB9\x07\x78\xA5\x25\xF6\x0A\xBD\x45\x86\xE8\xD9\xBD\xC0\x04\x8E\x85\x44\x61\xEF\x7F\xA7\xC9\xFA\xC1\x25\xCC\x85\x2C\x63\x3F\x05\x60\x73\x49\x05\xE0\x60\x78\x95\x10\x4B\xDC\xF9\x11\x59\xCE\x71\x7F\x40\x9B\x8A\xAA\x24\xDF\x0B\x42\xE2\xDB\x56\xBC\x4A\xD2\xA5\x0C\x9B\xB7\x43\x3E\xDD\x83\xD3\x26\x10\x02\xCF\xEA\x23\xC4\x49\x4E\xE5\xD3\xE9\xB4\x88\xAB\x0C\xAE\x62\x92\xD4\x65\x87\xD9\x6A\xD7\xF4\x85\x9F\xE4\x33\x22\x25\xA5\xE5\xC8\x33\xBA\xC3\xC7\x41\xDC\x5F\xC6\x6A\xCC\x00\x0E\x6D\x32\xA8\xB6\x87\x36\x00\x62\x77\x9B\x1E\x1F\x34\xCB\x90\x3C\x78\x88\x74\x05\xEB\x79\xF5\x93\x71\x65\xCA\x9D\xC7\x6B\x18\x2D\x3D\x5C\x4E\xE7\xD5\xF8\x3F\x31\x7D\x8F\x87\xEC\x0A\x22\x2F\x23\xE9\xFE\xBB\x7D\xC9\xE0\xF4\xEC\xEB\x7C\xC4\xB0\xC3\x2D\x62\xB5\x9A\x71\xD6\xB1\x6A\xE8\xEC\xD9\xED\xD5\x72\xEC\xBE\x57\x01\xCE\x05\x55\x9F\xDE\xD1\x60\x88\x10\xB3\x02\x03\x01\x00\x01\xA3\x36\x30\x34\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x11\x06\x03\x55\x1D\x0E\x04\x0A\x04\x08\x44\x6A\x95\x67\x55\x79\x11\x4F\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x55\xD4\x54\xD1\x59\x48\x5C\xB3\x93\x85\xAA\xBF\x63\x2F\xE4\x80\xCE\x34\xA3\x34\x62\x3E\xF6\xD8\xEE\x67\x88\x31\x04\x03\x6F\x0B\xD4\x07\xFB\x4E\x75\x0F\xD3\x2E\xD3\xC0\x17\xC7\xC6\x28\xEC\x06\x0D\x11\x24\x0E\x0E\xA5\x5D\xBF\x8C\xB2\x13\x96\x71\xDC\xD4\xCE\x0E\x0D\x0A\x68\x32\x6C\xB9\x41\x31\x19\xAB\xB1\x07\x7B\x4D\x98\xD3\x5C\xB0\xD1\xF0\xA7\x42\xA0\xB5\xC4\x8E\xAF\xFE\xF1\x3F\xF4\xEF\x4F\x46\x00\x76\xEB\x02\xFB\xF9\x9D\xD2\x40\x96\xC7\x88\x3A\xB8\x9F\x11\x79\xF3\x80\x65\xA8\xBD\x1F\xD3\x78\x81\xA0\x51\x4C\x37\xB4\xA6\x5D\x25\x70\xD1\x66\xC9\x68\xF9\x2E\x11\x14\x68\xF1\x54\x98\x08\xAC\x26\x92\x0F\xDE\x89\x9E\xD4\xFA\xB3\x79\x2B\xD2\xA3\x79\xD4\xEC\x8B\xAC\x87\x53\x68\x42\x4C\x51\x51\x74\x1E\x1B\x27\x2E\xE3\xF5\x1F\x29\x74\x4D\xED\xAF\xF7\xE1\x92\x99\x81\xE8\xBE\x3A\xC7\x17\x50\xF6\xB7\xC6\xFC\x9B\xB0\x8A\x6B\xD6\x88\x03\x91\x8F\x06\x77\x3A\x85\x02\xDD\x98\xD5\x43\x78\x3F\xC6\x30\x15\xAC\x9B\x6B\xCB\x57\xB7\x89\x51\x8B\x3A\xE8\xC9\x84\x0C\xDB\xB1\x50\x20\x0A\x1A\x4A\xBA\x6A\x1A\xBD\xEC\x1B\xC8\xC5\x84\x9A\xCD",
+	["CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW"] = "\x30\x82\x03\x7B\x30\x82\x02\x63\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x0C\x09\x54\x41\x49\x57\x41\x4E\x2D\x43\x41\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x0C\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x0C\x21\x54\x57\x43\x41\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x38\x30\x38\x32\x38\x30\x37\x32\x34\x33\x33\x5A\x17\x0D\x33\x30\x31\x32\x33\x31\x31\x35\x35\x39\x35\x39\x5A\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x0C\x09\x54\x41\x49\x57\x41\x4E\x2D\x43\x41\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x0C\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x0C\x21\x54\x57\x43\x41\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB0\x7E\x72\xB8\xA4\x03\x94\xE6\xA7\xDE\x09\x38\x91\x4A\x11\x40\x87\xA7\x7C\x59\x64\x14\x7B\xB5\x11\x10\xDD\xFE\xBF\xD5\xC0\xBB\x56\xE2\x85\x25\xF4\x35\x72\x0F\xF8\x53\xD0\x41\xE1\x44\x01\xC2\xB4\x1C\xC3\x31\x42\x16\x47\x85\x33\x22\x76\xB2\x0A\x6F\x0F\xE5\x25\x50\x4F\x85\x86\xBE\xBF\x98\x2E\x10\x67\x1E\xBE\x11\x05\x86\x05\x90\xC4\x59\xD0\x7C\x78\x10\xB0\x80\x5C\xB7\xE1\xC7\x2B\x75\xCB\x7C\x9F\xAE\xB5\xD1\x9D\x23\x37\x63\xA7\xDC\x42\xA2\x2D\x92\x04\x1B\x50\xC1\x7B\xB8\x3E\x1B\xC9\x56\x04\x8B\x2F\x52\x9B\xAD\xA9\x56\xE9\xC1\xFF\xAD\xA9\x58\x87\x30\xB6\x81\xF7\x97\x45\xFC\x19\x57\x3B\x2B\x6F\xE4\x47\xF4\x99\x45\xFE\x1D\xF1\xF8\x97\xA3\x88\x1D\x37\x1C\x5C\x8F\xE0\x76\x25\x9A\x50\xF8\xA0\x54\xFF\x44\x90\x76\x23\xD2\x32\xC6\xC3\xAB\x06\xBF\xFC\xFB\xBF\xF3\xAD\x7D\x92\x62\x02\x5B\x29\xD3\x35\xA3\x93\x9A\x43\x64\x60\x5D\xB2\xFA\x32\xFF\x3B\x04\xAF\x4D\x40\x6A\xF9\xC7\xE3\xEF\x23\xFD\x6B\xCB\xE5\x0F\x8B\x38\x0D\xEE\x0A\xFC\xFE\x0F\x98\x9F\x30\x31\xDD\x6C\x52\x65\xF9\x8B\x81\xBE\x22\xE1\x1C\x58\x03\xBA\x91\x1B\x89\x07\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x6A\x38\x5B\x26\x8D\xDE\x8B\x5A\xF2\x4F\x7A\x54\x83\x19\x18\xE3\x08\x35\xA6\xBA\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3C\xD5\x77\x3D\xDA\xDF\x89\xBA\x87\x0C\x08\x54\x6A\x20\x50\x92\xBE\xB0\x41\x3D\xB9\x26\x64\x83\x0A\x2F\xE8\x40\xC0\x97\x28\x27\x82\x30\x4A\xC9\x93\xFF\x6A\xE7\xA6\x00\x7F\x89\x42\x9A\xD6\x11\xE5\x53\xCE\x2F\xCC\xF2\xDA\x05\xC4\xFE\xE2\x50\xC4\x3A\x86\x7D\xCC\xDA\x7E\x10\x09\x3B\x92\x35\x2A\x53\xB2\xFE\xEB\x2B\x05\xD9\x6C\x5D\xE6\xD0\xEF\xD3\x6A\x66\x9E\x15\x28\x85\x7A\xE8\x82\x00\xAC\x1E\xA7\x09\x69\x56\x42\xD3\x68\x51\x18\xBE\x54\x9A\xBF\x44\x41\xBA\x49\xBE\x20\xBA\x69\x5C\xEE\xB8\x77\xCD\xCE\x6C\x1F\xAD\x83\x96\x18\x7D\x0E\xB5\x14\x39\x84\xF1\x28\xE9\x2D\xA3\x9E\x7B\x1E\x7A\x72\x5A\x83\xB3\x79\x6F\xEF\xB4\xFC\xD0\x0A\xA5\x58\x4F\x46\xDF\xFB\x6D\x79\x59\xF2\x84\x22\x52\xAE\x0F\xCC\xFB\x7C\x3B\xE7\x6A\xCA\x47\x61\xC3\x7A\xF8\xD3\x92\x04\x1F\xB8\x20\x84\xE1\x36\x54\x16\xC7\x40\xDE\x3B\x8A\x73\xDC\xDF\xC6\x09\x4C\xDF\xEC\xDA\xFF\xD4\x53\x42\xA1\xC9\xF2\x62\x1D\x22\x83\x3C\x97\xC5\xF9\x19\x62\x27\xAC\x65\x22\xD7\xD3\x3C\xC6\xE5\x8E\xB2\x53\xCC\x49\xCE\xBC\x30\xFE\x7B\x0E\x33\x90\xFB\xED\xD2\x14\x91\x1F\x07\xAF",
+	["OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP"] = "\x30\x82\x03\x77\x30\x82\x02\x5F\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x5D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x45\x43\x4F\x4D\x20\x54\x72\x75\x73\x74\x20\x53\x79\x73\x74\x65\x6D\x73\x20\x43\x4F\x2E\x2C\x4C\x54\x44\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6F\x6D\x6D\x75\x6E\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x43\x41\x32\x30\x1E\x17\x0D\x30\x39\x30\x35\x32\x39\x30\x35\x30\x30\x33\x39\x5A\x17\x0D\x32\x39\x30\x35\x32\x39\x30\x35\x30\x30\x33\x39\x5A\x30\x5D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x45\x43\x4F\x4D\x20\x54\x72\x75\x73\x74\x20\x53\x79\x73\x74\x65\x6D\x73\x20\x43\x4F\x2E\x2C\x4C\x54\x44\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6F\x6D\x6D\x75\x6E\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x43\x41\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xD0\x15\x39\x52\xB1\x52\xB3\xBA\xC5\x59\x82\xC4\x5D\x52\xAE\x3A\x43\x65\x80\x4B\xC7\xF2\x96\xBC\xDB\x36\x97\xD6\xA6\x64\x8C\xA8\x5E\xF0\xE3\x0A\x1C\xF7\xDF\x97\x3D\x4B\xAE\xF6\x5D\xEC\x21\xB5\x41\xAB\xCD\xB9\x7E\x76\x9F\xBE\xF9\x3E\x36\x34\xA0\x3B\xC1\xF6\x31\x11\x45\x74\x93\x3D\x57\x80\xC5\xF9\x89\x99\xCA\xE5\xAB\x6A\xD4\xB5\xDA\x41\x90\x10\xC1\xD6\xD6\x42\x89\xC2\xBF\xF4\x38\x12\x95\x4C\x54\x05\xF7\x36\xE4\x45\x83\x7B\x14\x65\xD6\xDC\x0C\x4D\xD1\xDE\x7E\x0C\xAB\x3B\xC4\x15\xBE\x3A\x56\xA6\x5A\x6F\x76\x69\x52\xA9\x7A\xB9\xC8\xEB\x6A\x9A\x5D\x52\xD0\x2D\x0A\x6B\x35\x16\x09\x10\x84\xD0\x6A\xCA\x3A\x06\x00\x37\x47\xE4\x7E\x57\x4F\x3F\x8B\xEB\x67\xB8\x88\xAA\xC5\xBE\x53\x55\xB2\x91\xC4\x7D\xB9\xB0\x85\x19\x06\x78\x2E\xDB\x61\x1A\xFA\x85\xF5\x4A\x91\xA1\xE7\x16\xD5\x8E\xA2\x39\xDF\x94\xB8\x70\x1F\x28\x3F\x8B\xFC\x40\x5E\x63\x83\x3C\x83\x2A\x1A\x99\x6B\xCF\xDE\x59\x6A\x3B\xFC\x6F\x16\xD7\x1F\xFD\x4A\x10\xEB\x4E\x82\x16\x3A\xAC\x27\x0C\x53\xF1\xAD\xD5\x24\xB0\x6B\x03\x50\xC1\x2D\x3C\x16\xDD\x44\x34\x27\x1A\x75\xFB\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x0A\x85\xA9\x77\x65\x05\x98\x7C\x40\x81\xF8\x0F\x97\x2C\x38\xF1\x0A\xEC\x3C\xCF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x4C\x3A\xA3\x44\xAC\xB9\x45\xB1\xC7\x93\x7E\xC8\x0B\x0A\x42\xDF\x64\xEA\x1C\xEE\x59\x6C\x08\xBA\x89\x5F\x6A\xCA\x4A\x95\x9E\x7A\x8F\x07\xC5\xDA\x45\x72\x82\x71\x0E\x3A\xD2\xCC\x6F\xA7\xB4\xA1\x23\xBB\xF6\x24\x9F\xCB\x17\xFE\x8C\xA6\xCE\xC2\xD2\xDB\xCC\x8D\xFC\x71\xFC\x03\x29\xC1\x6C\x5D\x33\x5F\x64\xB6\x65\x3B\x89\x6F\x18\x76\x78\xF5\xDC\xA2\x48\x1F\x19\x3F\x8E\x93\xEB\xF1\xFA\x17\xEE\xCD\x4E\xE3\x04\x12\x55\xD6\xE5\xE4\xDD\xFB\x3E\x05\x7C\xE2\x1D\x5E\xC6\xA7\xBC\x97\x4F\x68\x3A\xF5\xE9\x2E\x0A\x43\xB6\xAF\x57\x5C\x62\x68\x7C\xB7\xFD\xA3\x8A\x84\xA0\xAC\x62\xBE\x2B\x09\x87\x34\xF0\x6A\x01\xBB\x9B\x29\x56\x3C\xFE\x00\x37\xCF\x23\x6C\xF1\x4E\xAA\xB6\x74\x46\x12\x6C\x91\xEE\x34\xD5\xEC\x9A\x91\xE7\x44\xBE\x90\x31\x72\xD5\x49\x02\xF6\x02\xE5\xF4\x1F\xEB\x7C\xD9\x96\x55\xA9\xFF\xEC\x8A\xF9\x99\x47\xFF\x35\x5A\x02\xAA\x04\xCB\x8A\x5B\x87\x71\x29\x91\xBD\xA4\xB4\x7A\x0D\xBD\x9A\xF5\x57\x23\x00\x07\x21\x17\x3F\x4A\x39\xD1\x05\x49\x0B\xA7\xB6\x37\x81\xA5\x5D\x8C\xAA\x33\x5E\x81\x28\x7C\xA7\x7D\x27\xEB\x00\xAE\x8D\x37",
+	["CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES"] = "\x30\x82\x05\x56\x30\x82\x04\x3E\xA0\x03\x02\x01\x02\x02\x10\xEE\x2B\x3D\xEB\xD4\x21\xDE\x14\xA8\x62\xAC\x04\xF3\xDD\xC4\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xF3\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x3B\x30\x39\x06\x03\x55\x04\x0A\x13\x32\x41\x67\x65\x6E\x63\x69\x61\x20\x43\x61\x74\x61\x6C\x61\x6E\x61\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x20\x28\x4E\x49\x46\x20\x51\x2D\x30\x38\x30\x31\x31\x37\x36\x2D\x49\x29\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x53\x65\x72\x76\x65\x69\x73\x20\x50\x75\x62\x6C\x69\x63\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x56\x65\x67\x65\x75\x20\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x2F\x76\x65\x72\x61\x72\x72\x65\x6C\x20\x28\x63\x29\x30\x33\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x4A\x65\x72\x61\x72\x71\x75\x69\x61\x20\x45\x6E\x74\x69\x74\x61\x74\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x20\x43\x61\x74\x61\x6C\x61\x6E\x65\x73\x31\x0F\x30\x0D\x06\x03\x55\x04\x03\x13\x06\x45\x43\x2D\x41\x43\x43\x30\x1E\x17\x0D\x30\x33\x30\x31\x30\x37\x32\x33\x30\x30\x30\x30\x5A\x17\x0D\x33\x31\x30\x31\x30\x37\x32\x32\x35\x39\x35\x39\x5A\x30\x81\xF3\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x3B\x30\x39\x06\x03\x55\x04\x0A\x13\x32\x41\x67\x65\x6E\x63\x69\x61\x20\x43\x61\x74\x61\x6C\x61\x6E\x61\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x20\x28\x4E\x49\x46\x20\x51\x2D\x30\x38\x30\x31\x31\x37\x36\x2D\x49\x29\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x53\x65\x72\x76\x65\x69\x73\x20\x50\x75\x62\x6C\x69\x63\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x56\x65\x67\x65\x75\x20\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x2F\x76\x65\x72\x61\x72\x72\x65\x6C\x20\x28\x63\x29\x30\x33\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x4A\x65\x72\x61\x72\x71\x75\x69\x61\x20\x45\x6E\x74\x69\x74\x61\x74\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x20\x43\x61\x74\x61\x6C\x61\x6E\x65\x73\x31\x0F\x30\x0D\x06\x03\x55\x04\x03\x13\x06\x45\x43\x2D\x41\x43\x43\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB3\x22\xC7\x4F\xE2\x97\x42\x95\x88\x47\x83\x40\xF6\x1D\x17\xF3\x83\x73\x24\x1E\x51\xF3\x98\x8A\xC3\x92\xB8\xFF\x40\x90\x05\x70\x87\x60\xC9\x00\xA9\xB5\x94\x65\x19\x22\x15\x17\xC2\x43\x6C\x66\x44\x9A\x0D\x04\x3E\x39\x6F\xA5\x4B\x7A\xAA\x63\xB7\x8A\x44\x9D\xD9\x63\x91\x84\x66\xE0\x28\x0F\xBA\x42\xE3\x6E\x8E\xF7\x14\x27\x93\x69\xEE\x91\x0E\xA3\x5F\x0E\xB1\xEB\x66\xA2\x72\x4F\x12\x13\x86\x65\x7A\x3E\xDB\x4F\x07\xF4\xA7\x09\x60\xDA\x3A\x42\x99\xC7\xB2\x7F\xB3\x16\x95\x1C\xC7\xF9\x34\xB5\x94\x85\xD5\x99\x5E\xA0\x48\xA0\x7E\xE7\x17\x65\xB8\xA2\x75\xB8\x1E\xF3\xE5\x42\x7D\xAF\xED\xF3\x8A\x48\x64\x5D\x82\x14\x93\xD8\xC0\xE4\xFF\xB3\x50\x72\xF2\x76\xF6\xB3\x5D\x42\x50\x79\xD0\x94\x3E\x6B\x0C\x00\xBE\xD8\x6B\x0E\x4E\x2A\xEC\x3E\xD2\xCC\x82\xA2\x18\x65\x33\x13\x77\x9E\x9A\x5D\x1A\x13\xD8\xC3\xDB\x3D\xC8\x97\x7A\xEE\x70\xED\xA7\xE6\x7C\xDB\x71\xCF\x2D\x94\x62\xDF\x6D\xD6\xF5\x38\xBE\x3F\xA5\x85\x0A\x19\xB8\xA8\xD8\x09\x75\x42\x70\xC4\xEA\xEF\xCB\x0E\xC8\x34\xA8\x12\x22\x98\x0C\xB8\x13\x94\xB6\x4B\xEC\xF0\xD0\x90\xE7\x27\x02\x03\x01\x00\x01\xA3\x81\xE3\x30\x81\xE0\x30\x1D\x06\x03\x55\x1D\x11\x04\x16\x30\x14\x81\x12\x65\x63\x5F\x61\x63\x63\x40\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA0\xC3\x8B\x44\xAA\x37\xA5\x45\xBF\x97\x80\x5A\xD1\xF1\x78\xA2\x9B\xE9\x5D\x8D\x30\x7F\x06\x03\x55\x1D\x20\x04\x78\x30\x76\x30\x74\x06\x0B\x2B\x06\x01\x04\x01\xF5\x78\x01\x03\x01\x0A\x30\x65\x30\x2C\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x20\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x2F\x76\x65\x72\x61\x72\x72\x65\x6C\x30\x35\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x29\x1A\x27\x56\x65\x67\x65\x75\x20\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x2F\x76\x65\x72\x61\x72\x72\x65\x6C\x20\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xA0\x48\x5B\x82\x01\xF6\x4D\x48\xB8\x39\x55\x35\x9C\x80\x7A\x53\x99\xD5\x5A\xFF\xB1\x71\x3B\xCC\x39\x09\x94\x5E\xD6\xDA\xEF\xBE\x01\x5B\x5D\xD3\x1E\xD8\xFD\x7D\x4F\xCD\xA0\x41\xE0\x34\x93\xBF\xCB\xE2\x86\x9C\x37\x92\x90\x56\x1C\xDC\xEB\x29\x05\xE5\xC4\x9E\xC7\x35\xDF\x8A\x0C\xCD\xC5\x21\x43\xE9\xAA\x88\xE5\x35\xC0\x19\x42\x63\x5A\x02\x5E\xA4\x48\x18\x3A\x85\x6F\xDC\x9D\xBC\x3F\x9D\x9C\xC1\x87\xB8\x7A\x61\x08\xE9\x77\x0B\x7F\x70\xAB\x7A\xDD\xD9\x97\x2C\x64\x1E\x85\xBF\xBC\x74\x96\xA1\xC3\x7A\x12\xEC\x0C\x1A\x6E\x83\x0C\x3C\xE8\x72\x46\x9F\xFB\x48\xD5\x5E\x97\xE6\xB1\xA1\xF8\xE4\xEF\x46\x25\x94\x9C\x89\xDB\x69\x38\xBE\xEC\x5C\x0E\x56\xC7\x65\x51\xE5\x50\x88\x88\xBF\x42\xD5\x2B\x3D\xE5\xF9\xBA\x9E\x2E\xB3\xCA\xF4\x73\x92\x02\x0B\xBE\x4C\x66\xEB\x20\xFE\xB9\xCB\xB5\x99\x7F\xE6\xB6\x13\xFA\xCA\x4B\x4D\xD9\xEE\x53\x46\x06\x3B\xC6\x4E\xAD\x93\x5A\x81\x7E\x6C\x2A\x4B\x6A\x05\x45\x8C\xF2\x21\xA4\x31\x90\x87\x6C\x65\x9C\x9D\xA5\x60\x95\x3A\x52\x7F\xF5\xD1\xAB\x08\x6E\xF3\xEE\x5B\xF9\x88\x3D\x7E\xB8\x6F\x6E\x03\xE4\x42",
+	["CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR"] = "\x30\x82\x04\x31\x30\x82\x03\x19\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x95\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x52\x31\x44\x30\x42\x06\x03\x55\x04\x0A\x13\x3B\x48\x65\x6C\x6C\x65\x6E\x69\x63\x20\x41\x63\x61\x64\x65\x6D\x69\x63\x20\x61\x6E\x64\x20\x52\x65\x73\x65\x61\x72\x63\x68\x20\x49\x6E\x73\x74\x69\x74\x75\x74\x69\x6F\x6E\x73\x20\x43\x65\x72\x74\x2E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x40\x30\x3E\x06\x03\x55\x04\x03\x13\x37\x48\x65\x6C\x6C\x65\x6E\x69\x63\x20\x41\x63\x61\x64\x65\x6D\x69\x63\x20\x61\x6E\x64\x20\x52\x65\x73\x65\x61\x72\x63\x68\x20\x49\x6E\x73\x74\x69\x74\x75\x74\x69\x6F\x6E\x73\x20\x52\x6F\x6F\x74\x43\x41\x20\x32\x30\x31\x31\x30\x1E\x17\x0D\x31\x31\x31\x32\x30\x36\x31\x33\x34\x39\x35\x32\x5A\x17\x0D\x33\x31\x31\x32\x30\x31\x31\x33\x34\x39\x35\x32\x5A\x30\x81\x95\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x52\x31\x44\x30\x42\x06\x03\x55\x04\x0A\x13\x3B\x48\x65\x6C\x6C\x65\x6E\x69\x63\x20\x41\x63\x61\x64\x65\x6D\x69\x63\x20\x61\x6E\x64\x20\x52\x65\x73\x65\x61\x72\x63\x68\x20\x49\x6E\x73\x74\x69\x74\x75\x74\x69\x6F\x6E\x73\x20\x43\x65\x72\x74\x2E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x40\x30\x3E\x06\x03\x55\x04\x03\x13\x37\x48\x65\x6C\x6C\x65\x6E\x69\x63\x20\x41\x63\x61\x64\x65\x6D\x69\x63\x20\x61\x6E\x64\x20\x52\x65\x73\x65\x61\x72\x63\x68\x20\x49\x6E\x73\x74\x69\x74\x75\x74\x69\x6F\x6E\x73\x20\x52\x6F\x6F\x74\x43\x41\x20\x32\x30\x31\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA9\x53\x00\xE3\x2E\xA6\xF6\x8E\xFA\x60\xD8\x2D\x95\x3E\xF8\x2C\x2A\x54\x4E\xCD\xB9\x84\x61\x94\x58\x4F\x8F\x3D\x8B\xE4\x43\xF3\x75\x89\x8D\x51\xE4\xC3\x37\xD2\x8A\x88\x4D\x79\x1E\xB7\x12\xDD\x43\x78\x4A\x8A\x92\xE6\xD7\x48\xD5\x0F\xA4\x3A\x29\x44\x35\xB8\x07\xF6\x68\x1D\x55\xCD\x38\x51\xF0\x8C\x24\x31\x85\xAF\x83\xC9\x7D\xE9\x77\xAF\xED\x1A\x7B\x9D\x17\xF9\xB3\x9D\x38\x50\x0F\xA6\x5A\x79\x91\x80\xAF\x37\xAE\xA6\xD3\x31\xFB\xB5\x26\x09\x9D\x3C\x5A\xEF\x51\xC5\x2B\xDF\x96\x5D\xEB\x32\x1E\x02\xDA\x70\x49\xEC\x6E\x0C\xC8\x9A\x37\x8D\xF7\xF1\x36\x60\x4B\x26\x2C\x82\x9E\xD0\x78\xF3\x0D\x0F\x63\xA4\x51\x30\xE1\xF9\x2B\x27\x12\x07\xD8\xEA\xBD\x18\x62\x98\xB0\x59\x37\x7D\xBE\xEE\xF3\x20\x51\x42\x5A\x83\xEF\x93\xBA\x69\x15\xF1\x62\x9D\x9F\x99\x39\x82\xA1\xB7\x74\x2E\x8B\xD4\xC5\x0B\x7B\x2F\xF0\xC8\x0A\xDA\x3D\x79\x0A\x9A\x93\x1C\xA5\x28\x72\x73\x91\x43\x9A\xA7\xD1\x4D\x85\x84\xB9\xA9\x74\x8F\x14\x40\xC7\xDC\xDE\xAC\x41\x64\x6C\xB4\x19\x9B\x02\x63\x6D\x24\x64\x8F\x44\xB2\x25\xEA\xCE\x5D\x74\x0C\x63\x32\x5C\x8D\x87\xE5\x02\x03\x01\x00\x01\xA3\x81\x89\x30\x81\x86\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA6\x91\x42\xFD\x13\x61\x4A\x23\x9E\x08\xA4\x29\xE5\xD8\x13\x04\x23\xEE\x41\x25\x30\x47\x06\x03\x55\x1D\x1E\x04\x40\x30\x3E\xA0\x3C\x30\x05\x82\x03\x2E\x67\x72\x30\x05\x82\x03\x2E\x65\x75\x30\x06\x82\x04\x2E\x65\x64\x75\x30\x06\x82\x04\x2E\x6F\x72\x67\x30\x05\x81\x03\x2E\x67\x72\x30\x05\x81\x03\x2E\x65\x75\x30\x06\x81\x04\x2E\x65\x64\x75\x30\x06\x81\x04\x2E\x6F\x72\x67\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x1F\xEF\x79\x41\xE1\x7B\x6E\x3F\xB2\x8C\x86\x37\x42\x4A\x4E\x1C\x37\x1E\x8D\x66\xBA\x24\x81\xC9\x4F\x12\x0F\x21\xC0\x03\x97\x86\x25\x6D\x5D\xD3\x22\x29\xA8\x6C\xA2\x0D\xA9\xEB\x3D\x06\x5B\x99\x3A\xC7\xCC\xC3\x9A\x34\x7F\xAB\x0E\xC8\x4E\x1C\xE1\xFA\xE4\xDC\xCD\x0D\xBE\xBF\x24\xFE\x6C\xE7\x6B\xC2\x0D\xC8\x06\x9E\x4E\x8D\x61\x28\xA6\x6A\xFD\xE5\xF6\x62\xEA\x18\x3C\x4E\xA0\x53\x9D\xB2\x3A\x9C\xEB\xA5\x9C\x91\x16\xB6\x4D\x82\xE0\x0C\x05\x48\xA9\x6C\xF5\xCC\xF8\xCB\x9D\x49\xB4\xF0\x02\xA5\xFD\x70\x03\xED\x8A\x21\xA5\xAE\x13\x86\x49\xC3\x33\x73\xBE\x87\x3B\x74\x8B\x17\x45\x26\x4C\x16\x91\x83\xFE\x67\x7D\xCD\x4D\x63\x67\xFA\xF3\x03\x12\x96\x78\x06\x8D\xB1\x67\xED\x8E\x3F\xBE\x9F\x4F\x02\xF5\xB3\x09\x2F\xF3\x4C\x87\xDF\x2A\xCB\x95\x7C\x01\xCC\xAC\x36\x7A\xBF\xA2\x73\x7A\xF7\x8F\xC1\xB5\x9A\xA1\x14\xB2\x8F\x33\x9F\x0D\xEF\x22\xDC\x66\x7B\x84\xBD\x45\x17\x06\x3D\x3C\xCA\xB9\x77\x34\x8F\xCA\xEA\xCF\x3F\x31\x3E\xE3\x88\xE3\x80\x49\x25\xC8\x97\xB5\x9D\x9A\x99\x4D\xB0\x3C\xF8\x4A\x00\x9B\x64\xDD\x9F\x39\x4B\xD1\x27\xD7\xB8",
+	["CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT"] = "\x30\x82\x05\xBB\x30\x82\x03\xA3\xA0\x03\x02\x01\x02\x02\x08\x57\x0A\x11\x97\x42\xC4\xE3\xCC\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x6B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x54\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x0C\x05\x4D\x69\x6C\x61\x6E\x31\x23\x30\x21\x06\x03\x55\x04\x0A\x0C\x1A\x41\x63\x74\x61\x6C\x69\x73\x20\x53\x2E\x70\x2E\x41\x2E\x2F\x30\x33\x33\x35\x38\x35\x32\x30\x39\x36\x37\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x41\x63\x74\x61\x6C\x69\x73\x20\x41\x75\x74\x68\x65\x6E\x74\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x31\x31\x30\x39\x32\x32\x31\x31\x32\x32\x30\x32\x5A\x17\x0D\x33\x30\x30\x39\x32\x32\x31\x31\x32\x32\x30\x32\x5A\x30\x6B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x54\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x0C\x05\x4D\x69\x6C\x61\x6E\x31\x23\x30\x21\x06\x03\x55\x04\x0A\x0C\x1A\x41\x63\x74\x61\x6C\x69\x73\x20\x53\x2E\x70\x2E\x41\x2E\x2F\x30\x33\x33\x35\x38\x35\x32\x30\x39\x36\x37\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x41\x63\x74\x61\x6C\x69\x73\x20\x41\x75\x74\x68\x65\x6E\x74\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA7\xC6\xC4\xA5\x29\xA4\x2C\xEF\xE5\x18\xC5\xB0\x50\xA3\x6F\x51\x3B\x9F\x0A\x5A\xC9\xC2\x48\x38\x0A\xC2\x1C\xA0\x18\x7F\x91\xB5\x87\xB9\x40\x3F\xDD\x1D\x68\x1F\x08\x83\xD5\x2D\x1E\x88\xA0\xF8\x8F\x56\x8F\x6D\x99\x02\x92\x90\x16\xD5\x5F\x08\x6C\x89\xD7\xE1\xAC\xBC\x20\xC2\xB1\xE0\x83\x51\x8A\x69\x4D\x00\x96\x5A\x6F\x2F\xC0\x44\x7E\xA3\x0E\xE4\x91\xCD\x58\xEE\xDC\xFB\xC7\x1E\x45\x47\xDD\x27\xB9\x08\x01\x9F\xA6\x21\x1D\xF5\x41\x2D\x2F\x4C\xFD\x28\xAD\xE0\x8A\xAD\x22\xB4\x56\x65\x8E\x86\x54\x8F\x93\x43\x29\xDE\x39\x46\x78\xA3\x30\x23\xBA\xCD\xF0\x7D\x13\x57\xC0\x5D\xD2\x83\x6B\x48\x4C\xC4\xAB\x9F\x80\x5A\x5B\x3A\xBD\xC9\xA7\x22\x3F\x80\x27\x33\x5B\x0E\xB7\x8A\x0C\x5D\x07\x37\x08\xCB\x6C\xD2\x7A\x47\x22\x44\x35\xC5\xCC\xCC\x2E\x8E\xDD\x2A\xED\xB7\x7D\x66\x0D\x5F\x61\x51\x22\x55\x1B\xE3\x46\xE3\xE3\x3D\xD0\x35\x62\x9A\xDB\xAF\x14\xC8\x5B\xA1\xCC\x89\x1B\xE1\x30\x26\xFC\xA0\x9B\x1F\x81\xA7\x47\x1F\x04\xEB\xA3\x39\x92\x06\x9F\x99\xD3\xBF\xD3\xEA\x4F\x50\x9C\x19\xFE\x96\x87\x1E\x3C\x65\xF6\xA3\x18\x24\x83\x86\x10\xE7\x54\x3E\xA8\x3A\x76\x24\x4F\x81\x21\xC5\xE3\x0F\x02\xF8\x93\x94\x47\x20\xBB\xFE\xD4\x0E\xD3\x68\xB9\xDD\xC4\x7A\x84\x82\xE3\x53\x54\x79\xDD\xDB\x9C\xD2\xF2\x07\x9B\x2E\xB6\xBC\x3E\xED\x85\x6D\xEF\x25\x11\xF2\x97\x1A\x42\x61\xF7\x4A\x97\xE8\x8B\xB1\x10\x07\xFA\x65\x81\xB2\xA2\x39\xCF\xF7\x3C\xFF\x18\xFB\xC6\xF1\x5A\x8B\x59\xE2\x02\xAC\x7B\x92\xD0\x4E\x14\x4F\x59\x45\xF6\x0C\x5E\x28\x5F\xB0\xE8\x3F\x45\xCF\xCF\xAF\x9B\x6F\xFB\x84\xD3\x77\x5A\x95\x6F\xAC\x94\x84\x9E\xEE\xBC\xC0\x4A\x8F\x4A\x93\xF8\x44\x21\xE2\x31\x45\x61\x50\x4E\x10\xD8\xE3\x35\x7C\x4C\x19\xB4\xDE\x05\xBF\xA3\x06\x9F\xC8\xB5\xCD\xE4\x1F\xD7\x17\x06\x0D\x7A\x95\x74\x55\x0D\x68\x1A\xFC\x10\x1B\x62\x64\x9D\x6D\xE0\x95\xA0\xC3\x94\x07\x57\x0D\x14\xE6\xBD\x05\xFB\xB8\x9F\xE6\xDF\x8B\xE2\xC6\xE7\x7E\x96\xF6\x53\xC5\x80\x34\x50\x28\x58\xF0\x12\x50\x71\x17\x30\xBA\xE6\x78\x63\xBC\xF4\xB2\xAD\x9B\x2B\xB2\xFE\xE1\x39\x8C\x5E\xBA\x0B\x20\x94\xDE\x7B\x83\xB8\xFF\xE3\x56\x8D\xB7\x11\xE9\x3B\x8C\xF2\xB1\xC1\x5D\x9D\xA4\x0B\x4C\x2B\xD9\xB2\x18\xF5\xB5\x9F\x4B\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x52\xD8\x88\x3A\xC8\x9F\x78\x66\xED\x89\xF3\x7B\x38\x70\x94\xC9\x02\x02\x36\xD0\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x52\xD8\x88\x3A\xC8\x9F\x78\x66\xED\x89\xF3\x7B\x38\x70\x94\xC9\x02\x02\x36\xD0\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x0B\x7B\x72\x87\xC0\x60\xA6\x49\x4C\x88\x58\xE6\x1D\x88\xF7\x14\x64\x48\xA6\xD8\x58\x0A\x0E\x4F\x13\x35\xDF\x35\x1D\xD4\xED\x06\x31\xC8\x81\x3E\x6A\xD5\xDD\x3B\x1A\x32\xEE\x90\x3D\x11\xD2\x2E\xF4\x8E\xC3\x63\x2E\x23\x66\xB0\x67\xBE\x6F\xB6\xC0\x13\x39\x60\xAA\xA2\x34\x25\x93\x75\x52\xDE\xA7\x9D\xAD\x0E\x87\x89\x52\x71\x6A\x16\x3C\x19\x1D\x83\xF8\x9A\x29\x65\xBE\xF4\x3F\x9A\xD9\xF0\xF3\x5A\x87\x21\x71\x80\x4D\xCB\xE0\x38\x9B\x3F\xBB\xFA\xE0\x30\x4D\xCF\x86\xD3\x65\x10\x19\x18\xD1\x97\x02\xB1\x2B\x72\x42\x68\xAC\xA0\xBD\x4E\x5A\xDA\x18\xBF\x6B\x98\x81\xD0\xFD\x9A\xBE\x5E\x15\x48\xCD\x11\x15\xB9\xC0\x29\x5C\xB4\xE8\x88\xF7\x3E\x36\xAE\xB7\x62\xFD\x1E\x62\xDE\x70\x78\x10\x1C\x48\x5B\xDA\xBC\xA4\x38\xBA\x67\xED\x55\x3E\x5E\x57\xDF\xD4\x03\x40\x4C\x81\xA4\xD2\x4F\x63\xA7\x09\x42\x09\x14\xFC\x00\xA9\xC2\x80\x73\x4F\x2E\xC0\x40\xD9\x11\x7B\x48\xEA\x7A\x02\xC0\xD3\xEB\x28\x01\x26\x58\x74\xC1\xC0\x73\x22\x6D\x93\x95\xFD\x39\x7D\xBB\x2A\xE3\xF6\x82\xE3\x2C\x97\x5F\x4E\x1F\x91\x94\xFA\xFE\x2C\xA3\xD8\x76\x1A\xB8\x4D\xB2\x38\x4F\x9B\xFA\x1D\x48\x60\x79\x26\xE2\xF3\xFD\xA9\xD0\x9A\xE8\x70\x8F\x49\x7A\xD6\xE5\xBD\x0A\x0E\xDB\x2D\xF3\x8D\xBF\xEB\xE3\xA4\x7D\xCB\xC7\x95\x71\xE8\xDA\xA3\x7C\xC5\xC2\xF8\x74\x92\x04\x1B\x86\xAC\xA4\x22\x53\x40\xB6\xAC\xFE\x4C\x76\xCF\xFB\x94\x32\xC0\x35\x9F\x76\x3F\x6E\xE5\x90\x6E\xA0\xA6\x26\xA2\xB8\x2C\xBE\xD1\x2B\x85\xFD\xA7\x68\xC8\xBA\x01\x2B\xB1\x6C\x74\x1D\xB8\x73\x95\xE7\xEE\xB7\xC7\x25\xF0\x00\x4C\x00\xB2\x7E\xB6\x0B\x8B\x1C\xF3\xC0\x50\x9E\x25\xB9\xE0\x08\xDE\x36\x66\xFF\x37\xA5\xD1\xBB\x54\x64\x2C\xC9\x27\xB5\x4B\x92\x7E\x65\xFF\xD3\x2D\xE1\xB9\x4E\xBC\x7F\xA4\x41\x21\x90\x41\x77\xA6\x39\x1F\xEA\x9E\xE3\x9F\xD0\x66\x6F\x05\xEC\xAA\x76\x7E\xBF\x6B\x16\xA0\xEB\xB5\xC7\xFC\x92\x54\x2F\x2B\x11\x27\x25\x37\x78\x4C\x51\x6A\xB0\xF3\xCC\x58\x5D\x14\xF1\x6A\x48\x15\xFF\xC2\x07\xB6\xB1\x8D\x0F\x8E\x5C\x50\x46\xB3\x3D\xBF\x01\x98\x4F\xB2\x59\x54\x47\x3E\x34\x7B\x78\x6D\x56\x93\x2E\x73\xEA\x66\x28\x78\xCD\x1D\x14\xBF\xA0\x8F\x2F\x2E\xB8\x2E\x8E\xF2\x14\x8A\xCC\xE9\xB5\x7C\xFB\x6C\x9D\x0C\xA5\xE1\x96",
+	["OU=Trustis FPS Root CA,O=Trustis Limited,C=GB"] = "\x30\x82\x03\x67\x30\x82\x02\x4F\xA0\x03\x02\x01\x02\x02\x10\x1B\x1F\xAD\xB6\x20\xF9\x24\xD3\x36\x6B\xF7\xC7\xF1\x8C\xA0\x59\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x54\x72\x75\x73\x74\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1C\x30\x1A\x06\x03\x55\x04\x0B\x13\x13\x54\x72\x75\x73\x74\x69\x73\x20\x46\x50\x53\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x33\x31\x32\x32\x33\x31\x32\x31\x34\x30\x36\x5A\x17\x0D\x32\x34\x30\x31\x32\x31\x31\x31\x33\x36\x35\x34\x5A\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x54\x72\x75\x73\x74\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1C\x30\x1A\x06\x03\x55\x04\x0B\x13\x13\x54\x72\x75\x73\x74\x69\x73\x20\x46\x50\x53\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC5\x50\x7B\x9E\x3B\x35\xD0\xDF\xC4\x8C\xCD\x8E\x9B\xED\xA3\xC0\x36\x99\xF4\x42\xEA\xA7\x3E\x80\x83\x0F\xA6\xA7\x59\x87\xC9\x90\x45\x43\x7E\x00\xEA\x86\x79\x2A\x03\xBD\x3D\x37\x99\x89\x66\xB7\xE5\x8A\x56\x86\x93\x9C\x68\x4B\x68\x04\x8C\x93\x93\x02\x3E\x30\xD2\x37\x3A\x22\x61\x89\x1C\x85\x4E\x7D\x8F\xD5\xAF\x7B\x35\xF6\x7E\x28\x47\x89\x31\xDC\x0E\x79\x64\x1F\x99\xD2\x5B\xBA\xFE\x7F\x60\xBF\xAD\xEB\xE7\x3C\x38\x29\x6A\x2F\xE5\x91\x0B\x55\xFF\xEC\x6F\x58\xD5\x2D\xC9\xDE\x4C\x66\x71\x8F\x0C\xD7\x04\xDA\x07\xE6\x1E\x18\xE3\xBD\x29\x02\xA8\xFA\x1C\xE1\x5B\xB9\x83\xA8\x41\x48\xBC\x1A\x71\x8D\xE7\x62\xE5\x2D\xB2\xEB\xDF\x7C\xCF\xDB\xAB\x5A\xCA\x31\xF1\x4C\x22\xF3\x05\x13\xF7\x82\xF9\x73\x79\x0C\xBE\xD7\x4B\x1C\xC0\xD1\x15\x3C\x93\x41\x64\xD1\xE6\xBE\x23\x17\x22\x00\x89\x5E\x1F\x6B\xA5\xAC\x6E\xA7\x4B\x8C\xED\xA3\x72\xE6\xAF\x63\x4D\x2F\x85\xD2\x14\x35\x9A\x2E\x4E\x8C\xEA\x32\x98\x28\x86\xA1\x91\x09\x41\x3A\xB4\xE1\xE3\xF2\xFA\xF0\xC9\x0A\xA2\x41\xDD\xA9\xE3\x03\xC7\x88\x15\x3B\x1C\xD4\x1A\x94\xD7\x9F\x64\x59\x12\x6D\x02\x03\x01\x00\x01\xA3\x53\x30\x51\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xBA\xFA\x71\x25\x79\x8B\x57\x41\x25\x21\x86\x0B\x71\xEB\xB2\x64\x0E\x8B\x21\x67\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xBA\xFA\x71\x25\x79\x8B\x57\x41\x25\x21\x86\x0B\x71\xEB\xB2\x64\x0E\x8B\x21\x67\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7E\x58\xFF\xFD\x35\x19\x7D\x9C\x18\x4F\x9E\xB0\x2B\xBC\x8E\x8C\x14\xFF\x2C\xA0\xDA\x47\x5B\xC3\xEF\x81\x2D\xAF\x05\xEA\x74\x48\x5B\xF3\x3E\x4E\x07\xC7\x6D\xC5\xB3\x93\xCF\x22\x35\x5C\xB6\x3F\x75\x27\x5F\x09\x96\xCD\xA0\xFE\xBE\x40\x0C\x5C\x12\x55\xF8\x93\x82\xCA\x29\xE9\x5E\x3F\x56\x57\x8B\x38\x36\xF7\x45\x1A\x4C\x28\xCD\x9E\x41\xB8\xED\x56\x4C\x84\xA4\x40\xC8\xB8\xB0\xA5\x2B\x69\x70\x04\x6A\xC3\xF8\xD4\x12\x32\xF9\x0E\xC3\xB1\xDC\x32\x84\x44\x2C\x6F\xCB\x46\x0F\xEA\x66\x41\x0F\x4F\xF1\x58\xA5\xA6\x0D\x0D\x0F\x61\xDE\xA5\x9E\x5D\x7D\x65\xA1\x3C\x17\xE7\xA8\x55\x4E\xEF\xA0\xC7\xED\xC6\x44\x7F\x54\xF5\xA3\xE0\x8F\xF0\x7C\x55\x22\x8F\x29\xB6\x81\xA3\xE1\x6D\x4E\x2C\x1B\x80\x67\xEC\xAD\x20\x9F\x0C\x62\x61\xD5\x97\xFF\x43\xED\x2D\xC1\xDA\x5D\x29\x2A\x85\x3F\xAC\x65\xEE\x86\x0F\x05\x8D\x90\x5F\xDF\xEE\x9F\xF4\xBF\xEE\x1D\xFB\x98\xE4\x7F\x90\x2B\x84\x78\x10\x0E\x6C\x49\x53\xEF\x15\x5B\x65\x46\x4A\x5D\xAF\xBA\xFB\x3A\x72\x1D\xCD\xF6\x25\x88\x1E\x97\xCC\x21\x9C\x29\x01\x0D\x65\xEB\x57\xD9\xF3\x57\x96\xBB\x48\xCD\x81",
+	["CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL"] = "\x30\x82\x05\x63\x30\x82\x03\x4B\xA0\x03\x02\x01\x02\x02\x01\x3B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4C\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x4C\x74\x64\x2E\x31\x2C\x30\x2A\x06\x03\x55\x04\x03\x13\x23\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x47\x32\x30\x1E\x17\x0D\x31\x30\x30\x31\x30\x31\x30\x31\x30\x30\x30\x31\x5A\x17\x0D\x33\x39\x31\x32\x33\x31\x32\x33\x35\x39\x30\x31\x5A\x30\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4C\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x4C\x74\x64\x2E\x31\x2C\x30\x2A\x06\x03\x55\x04\x03\x13\x23\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x47\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xB6\x89\x36\x5B\x07\xB7\x20\x36\xBD\x82\xBB\xE1\x16\x20\x03\x95\x7A\xAF\x0E\xA3\x55\xC9\x25\x99\x4A\xC5\xD0\x56\x41\x87\x90\x4D\x21\x60\xA4\x14\x87\x3B\xCD\xFD\xB2\x3E\xB4\x67\x03\x6A\xED\xE1\x0F\x4B\xC0\x91\x85\x70\x45\xE0\x42\x9E\xDE\x29\x23\xD4\x01\x0D\xA0\x10\x79\xB8\xDB\x03\xBD\xF3\xA9\x2F\xD1\xC6\xE0\x0F\xCB\x9E\x8A\x14\x0A\xB8\xBD\xF6\x56\x62\xF1\xC5\x72\xB6\x32\x25\xD9\xB2\xF3\xBD\x65\xC5\x0D\x2C\x6E\xD5\x92\x6F\x18\x8B\x00\x41\x14\x82\x6F\x40\x20\x26\x7A\x28\x0F\xF5\x1E\x7F\x27\xF7\x94\xB1\x37\x3D\xB7\xC7\x91\xF7\xE2\x01\xEC\xFD\x94\x89\xE1\xCC\x6E\xD3\x36\xD6\x0A\x19\x79\xAE\xD7\x34\x82\x65\xFF\x7C\x42\xBB\xB6\xDD\x0B\xA6\x34\xAF\x4B\x60\xFE\x7F\x43\x49\x06\x8B\x8C\x43\xB8\x56\xF2\xD9\x7F\x21\x43\x17\xEA\xA7\x48\x95\x01\x75\x75\xEA\x2B\xA5\x43\x95\xEA\x15\x84\x9D\x08\x8D\x26\x6E\x55\x9B\xAB\xDC\xD2\x39\xD2\x31\x1D\x60\xE2\xAC\xCC\x56\x45\x24\xF5\x1C\x54\xAB\xEE\x86\xDD\x96\x32\x85\xF8\x4C\x4F\xE8\x95\x76\xB6\x05\xDD\x36\x23\x67\xBC\xFF\x15\xE2\xCA\x3B\xE6\xA6\xEC\x3B\xEC\x26\x11\x34\x48\x8D\xF6\x80\x2B\x1A\x23\x02\xEB\x8A\x1C\x3A\x76\x2A\x7B\x56\x16\x1C\x72\x2A\xB3\xAA\xE3\x60\xA5\x00\x9F\x04\x9B\xE2\x6F\x1E\x14\x58\x5B\xA5\x6C\x8B\x58\x3C\xC3\xBA\x4E\x3A\x5C\xF7\xE1\x96\x2B\x3E\xEF\x07\xBC\xA4\xE5\x5D\xCC\x4D\x9F\x0D\xE1\xDC\xAA\xBB\xE1\x6E\x1A\xEC\x8F\xE1\xB6\x4C\x4D\x79\x72\x5D\x17\x35\x0B\x1D\xD7\xC1\x47\xDA\x96\x24\xE0\xD0\x72\xA8\x5A\x5F\x66\x2D\x10\xDC\x2F\x2A\x13\xAE\x26\xFE\x0A\x1C\x19\xCC\xD0\x3E\x0B\x9C\xC8\x09\x2E\xF9\x5B\x96\x7A\x47\x9C\xE9\x7A\xF3\x05\x50\x74\x95\x73\x9E\x30\x09\xF3\x97\x82\x5E\xE6\x8F\x39\x08\x1E\x59\xE5\x35\x14\x42\x13\xFF\x00\x9C\xF7\xBE\xAA\x50\xCF\xE2\x51\x48\xD7\xB8\x6F\xAF\xF8\x4E\x7E\x33\x98\x92\x14\x62\x3A\x75\x63\xCF\x7B\xFA\xDE\x82\x3B\xA9\xBB\x39\xE2\xC4\xBD\x2C\x00\x0E\xC8\x17\xAC\x13\xEF\x4D\x25\x8E\xD8\xB3\x90\x2F\xA9\xDA\x29\x7D\x1D\xAF\x74\x3A\xB2\x27\xC0\xC1\x1E\x3E\x75\xA3\x16\xA9\xAF\x7A\x22\x5D\x9F\x13\x1A\xCF\xA7\xA0\xEB\xE3\x86\x0A\xD3\xFD\xE6\x96\x95\xD7\x23\xC8\x37\xDD\xC4\x7C\xAA\x36\xAC\x98\x1A\x12\xB1\xE0\x4E\xE8\xB1\x3B\xF5\xD6\x6F\xF1\x30\xD7\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4B\xC5\xB4\x40\x6B\xAD\x1C\xB3\xA5\x1C\x65\x6E\x46\x36\x89\x87\x05\x0C\x0E\xB6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x73\x57\x3F\x2C\xD5\x95\x32\x7E\x37\xDB\x96\x92\xEB\x19\x5E\x7E\x53\xE7\x41\xEC\x11\xB6\x47\xEF\xB5\xDE\xED\x74\x5C\xC5\xF1\x8E\x49\xE0\xFC\x6E\x99\x13\xCD\x9F\x8A\xDA\xCD\x3A\x0A\xD8\x3A\x5A\x09\x3F\x5F\x34\xD0\x2F\x03\xD2\x66\x1D\x1A\xBD\x9C\x90\x37\xC8\x0C\x8E\x07\x5A\x94\x45\x46\x2A\xE6\xBE\x7A\xDA\xA1\xA9\xA4\x69\x12\x92\xB0\x7D\x36\xD4\x44\x87\xD7\x51\xF1\x29\x63\xD6\x75\xCD\x16\xE4\x27\x89\x1D\xF8\xC2\x32\x48\xFD\xDB\x99\xD0\x8F\x5F\x54\x74\xCC\xAC\x67\x34\x11\x62\xD9\x0C\x0A\x37\x87\xD1\xA3\x17\x48\x8E\xD2\x17\x1D\xF6\xD7\xFD\xDB\x65\xEB\xFD\xA8\xD4\xF5\xD6\x4F\xA4\x5B\x75\xE8\xC5\xD2\x60\xB2\xDB\x09\x7E\x25\x8B\x7B\xBA\x52\x92\x9E\x3E\xE8\xC5\x77\xA1\x3C\xE0\x4A\x73\x6B\x61\xCF\x86\xDC\x43\xFF\xFF\x21\xFE\x23\x5D\x24\x4A\xF5\xD3\x6D\x0F\x62\x04\x05\x57\x82\xDA\x6E\xA4\x33\x25\x79\x4B\x2E\x54\x19\x8B\xCC\x2C\x3D\x30\xE9\xD1\x06\xFF\xE8\x32\x46\xBE\xB5\x33\x76\x77\xA8\x01\x5D\x96\xC1\xC1\xD5\xBE\xAE\x25\xC0\xC9\x1E\x0A\x09\x20\x88\xA1\x0E\xC9\xF3\x6F\x4D\x82\x54\x00\x20\xA7\xD2\x8F\xE4\x39\x54\x17\x2E\x8D\x1E\xB8\x1B\xBB\x1B\xBD\x9A\x4E\x3B\x10\x34\xDC\x9C\x88\x53\xEF\xA2\x31\x5B\x58\x4F\x91\x62\xC8\xC2\x9A\x9A\xCD\x15\x5D\x38\xA9\xD6\xBE\xF8\x13\xB5\x9F\x12\x69\xF2\x50\x62\xAC\xFB\x17\x37\xF4\xEE\xB8\x75\x67\x60\x10\xFB\x83\x50\xF9\x44\xB5\x75\x9C\x40\x17\xB2\xFE\xFD\x79\x5D\x6E\x58\x58\x5F\x30\xFC\x00\xAE\xAF\x33\xC1\x0E\x4E\x6C\xBA\xA7\xA6\xA1\x7F\x32\xDB\x38\xE0\xB1\x72\x17\x0A\x2B\x91\xEC\x6A\x63\x26\xED\x89\xD4\x78\xCC\x74\x1E\x05\xF8\x6B\xFE\x8C\x6A\x76\x39\x29\xAE\x65\x23\x12\x95\x08\x22\x1C\x97\xCE\x5B\x06\xEE\x0C\xE2\xBB\xBC\x1F\x44\x93\xF6\xD8\x38\x45\x05\x21\xED\xE4\xAD\xAB\x12\xB6\x03\xA4\x42\x2E\x2D\xC4\x09\x3A\x03\x67\x69\x84\x9A\xE1\x59\x90\x8A\x28\x85\xD5\x5D\x74\xB1\xD1\x0E\x20\x58\x9B\x13\xA5\xB0\x63\xA6\xED\x7B\x47\xFD\x45\x55\x30\xA4\xEE\x9A\xD4\xE6\xE2\x87\xEF\x98\xC9\x32\x82\x11\x29\x22\xBC\x00\x0A\x31\x5E\x2D\x0F\xC0\x8E\xE9\x6B\xB2\x8F\x2E\x06\xD8\xD1\x91\xC7\xC6\x12\xF4\x4C\xFD\x30\x17\xC3\xC1\xDA\x38\x5B\xE3\xA9\xEA\xE6\xA1\xBA\x79\xEF\x73\xD8\xB6\x53\x57\x2D\xF6\xD0\xE1\xD7\x48",
+	["CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO"] = "\x30\x82\x05\x59\x30\x82\x03\x41\xA0\x03\x02\x01\x02\x02\x01\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x31\x30\x31\x30\x32\x36\x30\x38\x33\x38\x30\x33\x5A\x17\x0D\x34\x30\x31\x30\x32\x36\x30\x38\x33\x38\x30\x33\x5A\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xD7\xC7\x5E\xF7\xC1\x07\xD4\x77\xFB\x43\x21\xF4\xF4\xF5\x69\xE4\xEE\x32\x01\xDB\xA3\x86\x1F\xE4\x59\x0D\xBA\xE7\x75\x83\x52\xEB\xEA\x1C\x61\x15\x48\xBB\x1D\x07\xCA\x8C\xAE\xB0\xDC\x96\x9D\xEA\xC3\x60\x92\x86\x82\x28\x73\x9C\x56\x06\xFF\x4B\x64\xF0\x0C\x2A\x37\x49\xB5\xE5\xCF\x0C\x7C\xEE\xF1\x4A\xBB\x73\x30\x65\xF3\xD5\x2F\x83\xB6\x7E\xE3\xE7\xF5\x9E\xAB\x60\xF9\xD3\xF1\x9D\x92\x74\x8A\xE4\x1C\x96\xAC\x5B\x80\xE9\xB5\xF4\x31\x87\xA3\x51\xFC\xC7\x7E\xA1\x6F\x8E\x53\x77\xD4\x97\xC1\x55\x33\x92\x3E\x18\x2F\x75\xD4\xAD\x86\x49\xCB\x95\xAF\x54\x06\x6C\xD8\x06\x13\x8D\x5B\xFF\xE1\x26\x19\x59\xC0\x24\xBA\x81\x71\x79\x90\x44\x50\x68\x24\x94\x5F\xB8\xB3\x11\xF1\x29\x41\x61\xA3\x41\xCB\x23\x36\xD5\xC1\xF1\x32\x50\x10\x4E\x7F\xF4\x86\x93\xEC\x84\xD3\x8E\xBC\x4B\xBF\x5C\x01\x4E\x07\x3D\xDC\x14\x8A\x94\x0A\xA4\xEA\x73\xFB\x0B\x51\xE8\x13\x07\x18\xFA\x0E\xF1\x2B\xD1\x54\x15\x7D\x3C\xE1\xF7\xB4\x19\x42\x67\x62\x5E\x77\xE0\xA2\x55\xEC\xB6\xD9\x69\x17\xD5\x3A\xAF\x44\xED\x4A\xC5\x9E\xE4\x7A\x27\x7C\xE5\x75\xD7\xAA\xCB\x25\xE7\xDF\x6B\x0A\xDB\x0F\x4D\x93\x4E\xA8\xA0\xCD\x7B\x2E\xF2\x59\x01\x6A\xB7\x0D\xB8\x07\x81\x7E\x8B\x38\x1B\x38\xE6\x0A\x57\x99\x3D\xEE\x21\xE8\xA3\xF5\x0C\x16\xDD\x8B\xEC\x34\x8E\x9C\x2A\x1C\x00\x15\x17\x8D\x68\x83\xD2\x70\x9F\x18\x08\xCD\x11\x68\xD5\xC9\x6B\x52\xCD\xC4\x46\x8F\xDC\xB5\xF3\xD8\x57\x73\x1E\xE9\x94\x39\x04\xBF\xD3\xDE\x38\xDE\xB4\x53\xEC\x69\x1C\xA2\x7E\xC4\x8F\xE4\x1B\x70\xAD\xF2\xA2\xF9\xFB\xF7\x16\x64\x66\x69\x9F\x49\x51\xA2\xE2\x15\x18\x67\x06\x4A\x7F\xD5\x6C\xB5\x4D\xB3\x33\xE0\x61\xEB\x5D\xBE\xE9\x98\x0F\x32\xD7\x1D\x4B\x3C\x2E\x5A\x01\x52\x91\x09\xF2\xDF\xEA\x8D\xD8\x06\x40\x63\xAA\x11\xE4\xFE\xC3\x37\x9E\x14\x52\x3F\xF4\xE2\xCC\xF2\x61\x93\xD1\xFD\x67\x6B\xD7\x52\xAE\xBF\x68\xAB\x40\x43\xA0\x57\x35\x53\x78\xF0\x53\xF8\x61\x42\x07\x64\xC6\xD7\x6F\x9B\x4C\x38\x0D\x63\xAC\x62\xAF\x36\x8B\xA2\x73\x0A\x0D\xF5\x21\xBD\x74\xAA\x4D\xEA\x72\x03\x49\xDB\xC7\x5F\x1D\x62\x63\xC7\xFD\xDD\x91\xEC\x33\xEE\xF5\x6D\xB4\x6E\x30\x68\xDE\xC8\xD6\x26\xB0\x75\x5E\x7B\xB4\x07\x20\x98\xA1\x76\x32\xB8\x4D\x6C\x4F\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xC9\x80\x77\xE0\x62\x92\x82\xF5\x46\x9C\xF3\xBA\xF7\x4C\xC3\xDE\xB8\xA3\xAD\x39\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x53\x5F\x21\xF5\xBA\xB0\x3A\x52\x39\x2C\x92\xB0\x6C\x00\xC9\xEF\xCE\x20\xEF\x06\xF2\x96\x9E\xE9\xA4\x74\x7F\x7A\x16\xFC\xB7\xF5\xB6\xFB\x15\x1B\x3F\xAB\xA6\xC0\x72\x5D\x10\xB1\x71\xEE\xBC\x4F\xE3\xAD\xAC\x03\x6D\x2E\x71\x2E\xAF\xC4\xE3\xAD\xA3\xBD\x0C\x11\xA7\xB4\xFF\x4A\xB2\x7B\x10\x10\x1F\xA7\x57\x41\xB2\xC0\xAE\xF4\x2C\x59\xD6\x47\x10\x88\xF3\x21\x51\x29\x30\xCA\x60\x86\xAF\x46\xAB\x1D\xED\x3A\x5B\xB0\x94\xDE\x44\xE3\x41\x08\xA2\xC1\xEC\x1D\xD6\xFD\x4F\xB6\xD6\x47\xD0\x14\x0B\xCA\xE6\xCA\xB5\x7B\x77\x7E\x41\x1F\x5E\x83\xC7\xB6\x8C\x39\x96\xB0\x3F\x96\x81\x41\x6F\x60\x90\xE2\xE8\xF9\xFB\x22\x71\xD9\x7D\xB3\x3D\x46\xBF\xB4\x84\xAF\x90\x1C\x0F\x8F\x12\x6A\xAF\xEF\xEE\x1E\x7A\xAE\x02\x4A\x8A\x17\x2B\x76\xFE\xAC\x54\x89\x24\x2C\x4F\x3F\xB6\xB2\xA7\x4E\x8C\xA8\x91\x97\xFB\x29\xC6\x7B\x5C\x2D\xB9\xCB\x66\xB6\xB7\xA8\x5B\x12\x51\x85\xB5\x09\x7E\x62\x78\x70\xFE\xA9\x6A\x60\xB6\x1D\x0E\x79\x0C\xFD\xCA\xEA\x24\x80\x72\xC3\x97\x3F\xF2\x77\xAB\x43\x22\x0A\xC7\xEB\xB6\x0C\x84\x82\x2C\x80\x6B\x41\x8A\x08\xC0\xEB\xA5\x6B\xDF\x99\x12\xCB\x8A\xD5\x5E\x80\x0C\x91\xE0\x26\x08\x36\x48\xC5\xFA\x38\x11\x35\xFF\x25\x83\x2D\xF2\x7A\xBF\xDA\xFD\x8E\xFE\xA5\xCB\x45\x2C\x1F\xC4\x88\x53\xAE\x77\x0E\xD9\x9A\x76\xC5\x8E\x2C\x1D\xA3\xBA\xD5\xEC\x32\xAE\xC0\xAA\xAC\xF7\xD1\x7A\x4D\xEB\xD4\x07\xE2\x48\xF7\x22\x8E\xB0\xA4\x9F\x6A\xCE\x8E\xB2\xB2\x60\xF4\xA3\x22\xD0\x23\xEB\x94\x5A\x7A\x69\xDD\x0F\xBF\x40\x57\xAC\x6B\x59\x50\xD9\xA3\x99\xE1\x6E\xFE\x8D\x01\x79\x27\x23\x15\xDE\x92\x9D\x7B\x09\x4D\x5A\xE7\x4B\x48\x30\x5A\x18\xE6\x0A\x6D\xE6\x8F\xE0\xD2\xBB\xE6\xDF\x7C\x6E\x21\x82\xC1\x68\x39\x4D\xB4\x98\x58\x66\x62\xCC\x4A\x90\x5E\xC3\xFA\x27\x04\xB1\x79\x15\x74\x99\xCC\xBE\xAD\x20\xDE\x26\x60\x1C\xEB\x56\x51\xA6\xA3\xEA\xE4\xA3\x3F\xA7\xFF\x61\xDC\xF1\x5A\x4D\x6C\x32\x23\x43\xEE\xAC\xA8\xEE\xEE\x4A\x12\x09\x3C\x5D\x71\xC2\xBE\x79\xFA\xC2\x87\x68\x1D\x0B\xFD\x5C\x69\xCC\x06\xD0\x9A\x7D\x54\x99\x2A\xC9\x39\x1A\x19\xAF\x4B\x2A\x43\xF3\x63\x5D\x5A\x58\xE2\x2F\xE3\x1D\xE4\xA9\xD6\xD0\x0A\xD0\x9E\xBF\xD7\x81\x09\xF1\xC9\xC7\x26\x0D\xAC\x98\x16\x56\xA0",
+	["CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO"] = "\x30\x82\x05\x59\x30\x82\x03\x41\xA0\x03\x02\x01\x02\x02\x01\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x31\x30\x31\x30\x32\x36\x30\x38\x32\x38\x35\x38\x5A\x17\x0D\x34\x30\x31\x30\x32\x36\x30\x38\x32\x38\x35\x38\x5A\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA5\xDA\x0A\x95\x16\x50\xE3\x95\xF2\x5E\x9D\x76\x31\x06\x32\x7A\x9B\xF1\x10\x76\xB8\x00\x9A\xB5\x52\x36\xCD\x24\x47\xB0\x9F\x18\x64\xBC\x9A\xF6\xFA\xD5\x79\xD8\x90\x62\x4C\x22\x2F\xDE\x38\x3D\xD6\xE0\xA8\xE9\x1C\x2C\xDB\x78\x11\xE9\x8E\x68\x51\x15\x72\xC7\xF3\x33\x87\xE4\xA0\x5D\x0B\x5C\xE0\x57\x07\x2A\x30\xF5\xCD\xC4\x37\x77\x28\x4D\x18\x91\xE6\xBF\xD5\x52\xFD\x71\x2D\x70\x3E\xE7\xC6\xC4\x8A\xE3\xF0\x28\x0B\xF4\x76\x98\xA1\x8B\x87\x55\xB2\x3A\x13\xFC\xB7\x3E\x27\x37\x8E\x22\xE3\xA8\x4F\x2A\xEF\x60\xBB\x3D\xB7\x39\xC3\x0E\x01\x47\x99\x5D\x12\x4F\xDB\x43\xFA\x57\xA1\xED\xF9\x9D\xBE\x11\x47\x26\x5B\x13\x98\xAB\x5D\x16\x8A\xB0\x37\x1C\x57\x9D\x45\xFF\x88\x96\x36\xBF\xBB\xCA\x07\x7B\x6F\x87\x63\xD7\xD0\x32\x6A\xD6\x5D\x6C\x0C\xF1\xB3\x6E\x39\xE2\x6B\x31\x2E\x39\x00\x27\x14\xDE\x38\xC0\xEC\x19\x66\x86\x12\xE8\x9D\x72\x16\x13\x64\x52\xC7\xA9\x37\x1C\xFD\x82\x30\xED\x84\x18\x1D\xF4\xAE\x5C\xFF\x70\x13\x00\xEB\xB1\xF5\x33\x7A\x4B\xD6\x55\xF8\x05\x8D\x4B\x69\xB0\xF5\xB3\x28\x36\x5C\x14\xC4\x51\x73\x4D\x6B\x0B\xF1\x34\x07\xDB\x17\x39\xD7\xDC\x28\x7B\x6B\xF5\x9F\xF3\x2E\xC1\x4F\x17\x2A\x10\xF3\xCC\xCA\xE8\xEB\xFD\x6B\xAB\x2E\x9A\x9F\x2D\x82\x6E\x04\xD4\x52\x01\x93\x2D\x3D\x86\xFC\x7E\xFC\xDF\xEF\x42\x1D\xA6\x6B\xEF\xB9\x20\xC6\xF7\xBD\xA0\xA7\x95\xFD\xA7\xE6\x89\x24\xD8\xCC\x8C\x34\x6C\xE2\x23\x2F\xD9\x12\x1A\x21\xB9\x55\x91\x6F\x0B\x91\x79\x19\x0C\xAD\x40\x88\x0B\x70\xE2\x7A\xD2\x0E\xD8\x68\x48\xBB\x82\x13\x39\x10\x58\xE9\xD8\x2A\x07\xC6\x12\xDB\x58\xDB\xD2\x3B\x55\x10\x47\x05\x15\x67\x62\x7E\x18\x63\xA6\x46\x3F\x09\x0E\x54\x32\x5E\xBF\x0D\x62\x7A\x27\xEF\x80\xE8\xDB\xD9\x4B\x06\x5A\x37\x5A\x25\xD0\x08\x12\x77\xD4\x6F\x09\x50\x97\x3D\xC8\x1D\xC3\xDF\x8C\x45\x30\x56\xC6\xD3\x64\xAB\x66\xF3\xC0\x5E\x96\x9C\xC3\xC4\xEF\xC3\x7C\x6B\x8B\x3A\x79\x7F\xB3\x49\xCF\x3D\xE2\x89\x9F\xA0\x30\x4B\x85\xB9\x9C\x94\x24\x79\x8F\x7D\x6B\xA9\x45\x68\x0F\x2B\xD0\xF1\xDA\x1C\xCB\x69\xB8\xCA\x49\x62\x6D\xC8\xD0\x63\x62\xDD\x60\x0F\x58\xAA\x8F\xA1\xBC\x05\xA5\x66\xA2\xCF\x1B\x76\xB2\x84\x64\xB1\x4C\x39\x52\xC0\x30\xBA\xF0\x8C\x4B\x02\xB0\xB6\xB7\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x47\xB8\xCD\xFF\xE5\x6F\xEE\xF8\xB2\xEC\x2F\x4E\x0E\xF9\x25\xB0\x8E\x3C\x6B\xC3\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x00\x20\x23\x41\x35\x04\x90\xC2\x40\x62\x60\xEF\xE2\x35\x4C\xD7\x3F\xAC\xE2\x34\x90\xB8\xA1\x6F\x76\xFA\x16\x16\xA4\x48\x37\x2C\xE9\x90\xC2\xF2\x3C\xF8\x0A\x9F\xD8\x81\xE5\xBB\x5B\xDA\x25\x2C\xA4\xA7\x55\x71\x24\x32\xF6\xC8\x0B\xF2\xBC\x6A\xF8\x93\xAC\xB2\x07\xC2\x5F\x9F\xDB\xCC\xC8\x8A\xAA\xBE\x6A\x6F\xE1\x49\x10\xCC\x31\xD7\x80\xBB\xBB\xC8\xD8\xA2\x0E\x64\x57\xEA\xA2\xF5\xC2\xA9\x31\x15\xD2\x20\x6A\xEC\xFC\x22\x01\x28\xCF\x86\xB8\x80\x1E\xA9\xCC\x11\xA5\x3C\xF2\x16\xB3\x47\x9D\xFC\xD2\x80\x21\xC4\xCB\xD0\x47\x70\x41\xA1\xCA\x83\x19\x08\x2C\x6D\xF2\x5D\x77\x9C\x8A\x14\x13\xD4\x36\x1C\x92\xF0\xE5\x06\x37\xDC\xA6\xE6\x90\x9B\x38\x8F\x5C\x6B\x1B\x46\x86\x43\x42\x5F\x3E\x01\x07\x53\x54\x5D\x65\x7D\xF7\x8A\x73\xA1\x9A\x54\x5A\x1F\x29\x43\x14\x27\xC2\x85\x0F\xB5\x88\x7B\x1A\x3B\x94\xB7\x1D\x60\xA7\xB5\x9C\xE7\x29\x69\x57\x5A\x9B\x93\x7A\x43\x30\x1B\x03\xD7\x62\xC8\x40\xA6\xAA\xFC\x64\xE4\x4A\xD7\x91\x53\x01\xA8\x20\x88\x6E\x9C\x5F\x44\xB9\xCB\x60\x81\x34\xEC\x6F\xD3\x7D\xDA\x48\x5F\xEB\xB4\x90\xBC\x2D\xA9\x1C\x0B\xAC\x1C\xD5\xA2\x68\x20\x80\x04\xD6\xFC\xB1\x8F\x2F\xBB\x4A\x31\x0D\x4A\x86\x1C\xEB\xE2\x36\x29\x26\xF5\xDA\xD8\xC4\xF2\x75\x61\xCF\x7E\xAE\x76\x63\x4A\x7A\x40\x65\x93\x87\xF8\x1E\x80\x8C\x86\xE5\x86\xD6\x8F\x0E\xFC\x53\x2C\x60\xE8\x16\x61\x1A\xA2\x3E\x43\x7B\xCD\x39\x60\x54\x6A\xF5\xF2\x89\x26\x01\x68\x83\x48\xA2\x33\xE8\xC9\x04\x91\xB2\x11\x34\x11\x3E\xEA\xD0\x43\x19\x1F\x03\x93\x90\x0C\xFF\x51\x3D\x57\xF4\x41\x6E\xE1\xCB\xA0\xBE\xEB\xC9\x63\xCD\x6D\xCC\xE4\xF8\x36\xAA\x68\x9D\xED\xBD\x5D\x97\x70\x44\x0D\xB6\x0E\x35\xDC\xE1\x0C\x5D\xBB\xA0\x51\x94\xCB\x7E\x16\xEB\x11\x2F\xA3\x92\x45\xC8\x4C\x71\xD9\xBC\xC9\x99\x52\x57\x46\x2F\x50\xCF\xBD\x35\x69\xF4\x3D\x15\xCE\x06\xA5\x2C\x0F\x3E\xF6\x81\xBA\x94\xBB\xC3\xBB\xBF\x65\x78\xD2\x86\x79\xFF\x49\x3B\x1A\x83\x0C\xF0\xDE\x78\xEC\xC8\xF2\x4D\x4C\x1A\xDE\x82\x29\xF8\xC1\x5A\xDA\xED\xEE\xE6\x27\x5E\xE8\x45\xD0\x9D\x1C\x51\xA8\x68\xAB\x44\xE3\xD0\x8B\x6A\xE3\xF8\x3B\xBB\xDC\x4D\xD7\x64\xF2\x51\xBE\xE6\xAA\xAB\x5A\xE9\x31\xEE\x06\xBC\x73\xBF\x13\x62\x0A\x9F\xC7\xB9\x97",
+	["CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE"] = "\x30\x82\x03\xC3\x30\x82\x02\xAB\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x2B\x30\x29\x06\x03\x55\x04\x0A\x0C\x22\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x45\x6E\x74\x65\x72\x70\x72\x69\x73\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x47\x6D\x62\x48\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x0C\x16\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6E\x74\x65\x72\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0C\x1C\x54\x2D\x54\x65\x6C\x65\x53\x65\x63\x20\x47\x6C\x6F\x62\x61\x6C\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x30\x1E\x17\x0D\x30\x38\x31\x30\x30\x31\x31\x30\x32\x39\x35\x36\x5A\x17\x0D\x33\x33\x31\x30\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x2B\x30\x29\x06\x03\x55\x04\x0A\x0C\x22\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x45\x6E\x74\x65\x72\x70\x72\x69\x73\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x47\x6D\x62\x48\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x0C\x16\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6E\x74\x65\x72\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0C\x1C\x54\x2D\x54\x65\x6C\x65\x53\x65\x63\x20\x47\x6C\x6F\x62\x61\x6C\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBD\x75\x93\xF0\x62\x22\x6F\x24\xAE\xE0\x7A\x76\xAC\x7D\xBD\xD9\x24\xD5\xB8\xB7\xFC\xCD\xF0\x42\xE0\xEB\x78\x88\x56\x5E\x9B\x9A\x54\x1D\x4D\x0C\x8A\xF6\xD3\xCF\x70\xF4\x52\xB5\xD8\x93\x04\xE3\x46\x86\x71\x41\x4A\x2B\xF0\x2A\x2C\x55\x03\xD6\x48\xC3\xE0\x39\x38\xED\xF2\x5C\x3C\x3F\x44\xBC\x93\x3D\x61\xAB\x4E\xCD\x0D\xBE\xF0\x20\x27\x58\x0E\x44\x7F\x04\x1A\x87\xA5\xD7\x96\x14\x36\x90\xD0\x49\x7B\xA1\x75\xFB\x1A\x6B\x73\xB1\xF8\xCE\xA9\x09\x2C\xF2\x53\xD5\xC3\x14\x44\xB8\x86\xA5\xF6\x8B\x2B\x39\xDA\xA3\x33\x54\xD9\xFA\x72\x1A\xF7\x22\x15\x1C\x88\x91\x6B\x7F\x66\xE5\xC3\x6A\x80\xB0\x24\xF3\xDF\x86\x45\x88\xFD\x19\x7F\x75\x87\x1F\x1F\xB1\x1B\x0A\x73\x24\x5B\xB9\x65\xE0\x2C\x54\xC8\x60\xD3\x66\x17\x3F\xE1\xCC\x54\x33\x73\x91\x02\x3A\xA6\x7F\x7B\x76\x39\xA2\x1F\x96\xB6\x38\xAE\xB5\xC8\x93\x74\x1D\x9E\xB9\xB4\xE5\x60\x9D\x2F\x56\xD1\xE0\xEB\x5E\x5B\x4C\x12\x70\x0C\x6C\x44\x20\xAB\x11\xD8\xF4\x19\xF6\xD2\x9C\x52\x37\xE7\xFA\xB6\xC2\x31\x3B\x4A\xD4\x14\x99\xAD\xC7\x1A\xF5\x5D\x5F\xFA\x07\xB8\x7C\x0D\x1F\xD6\x83\x1E\xB3\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xB5\x03\xF7\x76\x3B\x61\x82\x6A\x12\xAA\x18\x53\xEB\x03\x21\x94\xBF\xFE\xCE\xCA\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x56\x3D\xEF\x94\xD5\xBD\xDA\x73\xB2\x58\xBE\xAE\x90\xAD\x98\x27\x97\xFE\x01\xB1\xB0\x52\x00\xB8\x4D\xE4\x1B\x21\x74\x1B\x7E\xC0\xEE\x5E\x69\x2A\x25\xAF\x5C\xD6\x1D\xDA\xD2\x79\xC9\xF3\x97\x29\xE0\x86\x87\xDE\x04\x59\x0F\xF1\x59\xD4\x64\x85\x4B\x99\xAF\x25\x04\x1E\xC9\x46\xA9\x97\xDE\x82\xB2\x1B\x70\x9F\x9C\xF6\xAF\x71\x31\xDD\x7B\x05\xA5\x2C\xD3\xB9\xCA\x47\xF6\xCA\xF2\xF6\xE7\xAD\xB9\x48\x3F\xBC\x16\xB7\xC1\x6D\xF4\xEA\x09\xAF\xEC\xF3\xB5\xE7\x05\x9E\xA6\x1E\x8A\x53\x51\xD6\x93\x81\xCC\x74\x93\xF6\xB9\xDA\xA6\x25\x05\x74\x79\x5A\x7E\x40\x3E\x82\x4B\x26\x11\x30\x6E\xE1\x3F\x41\xC7\x47\x00\x35\xD5\xF5\xD3\xF7\x54\x3E\x81\x3D\xDA\x49\x6A\x9A\xB3\xEF\x10\x3D\xE6\xEB\x6F\xD1\xC8\x22\x47\xCB\xCC\xCF\x01\x31\x92\xD9\x18\xE3\x22\xBE\x09\x1E\x1A\x3E\x5A\xB2\xE4\x6B\x0C\x54\x7A\x7D\x43\x4E\xB8\x89\xA5\x7B\xD7\xA2\x3D\x96\x86\xCC\xF2\x26\x34\x2D\x6A\x92\x9D\x9A\x1A\xD0\x30\xE2\x5D\x4E\x04\xB0\x5F\x8B\x20\x7E\x77\xC1\x3D\x95\x82\xD1\x46\x9A\x3B\x3C\x78\xB8\x6F\xA1\xD0\x0D\x64\xA2\x78\x1E\x29\x4E\x93\xC3\xA4\x54\x14\x5B",
+	["emailAddress=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE"] = "\x30\x82\x04\x03\x30\x82\x02\xEB\xA0\x03\x02\x01\x02\x02\x10\x54\x80\xF9\xA0\x73\xED\x3F\x00\x4C\xCA\x89\xD8\xE3\x71\xE6\x4A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x45\x31\x22\x30\x20\x06\x03\x55\x04\x0A\x0C\x19\x41\x53\x20\x53\x65\x72\x74\x69\x66\x69\x74\x73\x65\x65\x72\x69\x6D\x69\x73\x6B\x65\x73\x6B\x75\x73\x31\x28\x30\x26\x06\x03\x55\x04\x03\x0C\x1F\x45\x45\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x72\x65\x20\x52\x6F\x6F\x74\x20\x43\x41\x31\x18\x30\x16\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x09\x70\x6B\x69\x40\x73\x6B\x2E\x65\x65\x30\x22\x18\x0F\x32\x30\x31\x30\x31\x30\x33\x30\x31\x30\x31\x30\x33\x30\x5A\x18\x0F\x32\x30\x33\x30\x31\x32\x31\x37\x32\x33\x35\x39\x35\x39\x5A\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x45\x31\x22\x30\x20\x06\x03\x55\x04\x0A\x0C\x19\x41\x53\x20\x53\x65\x72\x74\x69\x66\x69\x74\x73\x65\x65\x72\x69\x6D\x69\x73\x6B\x65\x73\x6B\x75\x73\x31\x28\x30\x26\x06\x03\x55\x04\x03\x0C\x1F\x45\x45\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x72\x65\x20\x52\x6F\x6F\x74\x20\x43\x41\x31\x18\x30\x16\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x09\x70\x6B\x69\x40\x73\x6B\x2E\x65\x65\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC8\x20\xC0\xEC\xE0\xC5\x4B\xAB\x07\x78\x95\xF3\x44\xEE\xFB\x0B\x0C\xFF\x74\x8E\x61\xBB\xB1\x62\xEA\x23\xD8\xAB\xA1\x65\x32\x7A\xEB\x8E\x17\x4F\x96\xD8\x0A\x7B\x91\xA2\x63\x6C\xC7\x8C\x4C\x2E\x79\xBF\xA9\x05\xFC\x69\x5C\x95\x8D\x62\xF9\xB9\x70\xED\xC3\x51\x7D\xD0\x93\xE6\x6C\xEB\x30\x4B\xE1\xBC\x7D\xBF\x52\x9B\xCE\x6E\x7B\x65\xF2\x38\xB1\xC0\xA2\x32\xEF\x62\xB2\x68\xE0\x61\x53\xC1\x36\x95\xFF\xEC\x94\xBA\x36\xAE\x9C\x1C\xA7\x32\x0F\xE5\x7C\xB4\xC6\x6F\x74\xFD\x7B\x18\xE8\xAC\x57\xED\x06\x20\x4B\x32\x30\x58\x5B\xFD\xCD\xA8\xE6\xA1\xFC\x70\xBC\x8E\x92\x73\xDB\x97\xA7\x7C\x21\xAE\x3D\xC1\xF5\x48\x87\x6C\x27\xBD\x9F\x25\x74\x81\x55\xB0\xF7\x75\xF6\x3D\xA4\x64\x6B\xD6\x4F\xE7\xCE\x40\xAD\x0F\xDD\x32\xD3\xBC\x8A\x12\x53\x98\xC9\x89\xFB\x10\x1D\x4D\x7E\xCD\x7E\x1F\x56\x0D\x21\x70\x85\xF6\x20\x83\x1F\xF6\xBA\x1F\x04\x8F\xEA\x77\x88\x35\xC4\xFF\xEA\x4E\xA1\x8B\x4D\x3F\x63\x1B\x44\xC3\x44\xD4\x25\x76\xCA\xB7\x8D\xD7\x1E\x4A\x66\x64\xCD\x5C\xC5\x9C\x83\xE1\xC2\x08\x88\x9A\xEC\x4E\xA3\xF1\x3E\x1C\x2C\xD9\x6C\x1D\xA1\x4B\x02\x03\x01\x00\x01\xA3\x81\x8A\x30\x81\x87\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x12\xF2\x5A\x3E\xEA\x56\x1C\xBF\xCD\x06\xAC\xF1\xF1\x25\xC9\xA9\x4B\xD4\x14\x99\x30\x45\x06\x03\x55\x1D\x25\x04\x3E\x30\x3C\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x02\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x03\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x04\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x08\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7B\xF6\xE4\xC0\x0D\xAA\x19\x47\xB7\x4D\x57\xA3\xFE\xAD\xBB\xB1\x6A\xD5\x0F\x9E\xDB\xE4\x63\xC5\x8E\xA1\x50\x56\x93\x96\xB8\x38\xC0\x24\x22\x66\xBC\x53\x14\x61\x95\xBF\xD0\xC7\x2A\x96\x39\x3F\x7D\x28\xB3\x10\x40\x21\x6A\xC4\xAF\xB0\x52\x77\x18\xE1\x96\xD8\x56\x5D\xE3\xDD\x36\x5E\x1D\xA7\x50\x54\xA0\xC5\x2A\xE4\xAA\x8C\x94\x8A\x4F\x9D\x35\xFF\x76\xA4\x06\x13\x91\xA2\xA2\x7D\x00\x44\x3F\x55\xD3\x82\x3C\x1A\xD5\x5B\xBC\x56\x4C\x22\x2E\x46\x43\x8A\x24\x40\x2D\xF3\x12\xB8\x3B\x70\x1A\xA4\x96\xB9\x1A\xAF\x87\x41\x1A\x6A\x18\x0D\x06\x4F\xC7\x3E\x6E\xB9\x29\x4D\x0D\x49\x89\x11\x87\x32\x5B\xE6\x4B\x04\xC8\xE4\x5C\xE6\x74\x73\x94\x5D\x16\x98\x13\x95\xFE\xFB\xDB\xB1\x44\xE5\x3A\x70\xAC\x37\x6B\xE6\xB3\x33\x72\x28\xC9\xB3\x57\xA0\xF6\x02\x16\x88\x06\x0B\xB6\xA6\x4B\x20\x28\xD4\xDE\x3D\x8B\xAD\x37\x05\x53\x74\xFE\x6E\xCC\xBC\x43\x17\x71\x5E\xF9\xC5\xCC\x1A\xA9\x61\xEE\xF7\x76\x0C\xF3\x72\xF4\x72\xAD\xCF\x72\x02\x36\x07\x47\xCF\xEF\x19\x50\x89\x60\xCC\xE9\x24\x95\x0F\xC2\xCB\x1D\xF2\x6F\x76\x90\xC7\xCC\x75\xC1\x96\xC5\x9D",
+	["O=T\C3\9CRKTRUST Bilgi \C4\B0leti\C5\9Fim ve Bili\C5\9Fim G\C3\BCvenli\C4\9Fi Hizmetleri A.\C5\9E. (c) Aral\C4\B1k 2007,L=Ankara,C=TR,CN=T\C3\9CRKTRUST Elektronik Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1"] = "\x30\x82\x04\x3D\x30\x82\x03\x25\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xBF\x31\x3F\x30\x3D\x06\x03\x55\x04\x03\x0C\x36\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\xC4\x9F\x6C\x61\x79\xC4\xB1\x63\xC4\xB1\x73\xC4\xB1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x0C\x06\x41\x6E\x6B\x61\x72\x61\x31\x5E\x30\x5C\x06\x03\x55\x04\x0A\x0C\x55\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x42\x69\x6C\x67\x69\x20\xC4\xB0\x6C\x65\x74\x69\xC5\x9F\x69\x6D\x20\x76\x65\x20\x42\x69\x6C\x69\xC5\x9F\x69\x6D\x20\x47\xC3\xBC\x76\x65\x6E\x6C\x69\xC4\x9F\x69\x20\x48\x69\x7A\x6D\x65\x74\x6C\x65\x72\x69\x20\x41\x2E\xC5\x9E\x2E\x20\x28\x63\x29\x20\x41\x72\x61\x6C\xC4\xB1\x6B\x20\x32\x30\x30\x37\x30\x1E\x17\x0D\x30\x37\x31\x32\x32\x35\x31\x38\x33\x37\x31\x39\x5A\x17\x0D\x31\x37\x31\x32\x32\x32\x31\x38\x33\x37\x31\x39\x5A\x30\x81\xBF\x31\x3F\x30\x3D\x06\x03\x55\x04\x03\x0C\x36\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\xC4\x9F\x6C\x61\x79\xC4\xB1\x63\xC4\xB1\x73\xC4\xB1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x0C\x06\x41\x6E\x6B\x61\x72\x61\x31\x5E\x30\x5C\x06\x03\x55\x04\x0A\x0C\x55\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x42\x69\x6C\x67\x69\x20\xC4\xB0\x6C\x65\x74\x69\xC5\x9F\x69\x6D\x20\x76\x65\x20\x42\x69\x6C\x69\xC5\x9F\x69\x6D\x20\x47\xC3\xBC\x76\x65\x6E\x6C\x69\xC4\x9F\x69\x20\x48\x69\x7A\x6D\x65\x74\x6C\x65\x72\x69\x20\x41\x2E\xC5\x9E\x2E\x20\x28\x63\x29\x20\x41\x72\x61\x6C\xC4\xB1\x6B\x20\x32\x30\x30\x37\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAB\xB7\x3E\x0A\x8C\xC8\xA5\x58\x15\xE6\x8A\xEF\x27\x3D\x4A\xB4\xE8\x25\xD3\xCD\x33\xC2\x20\xDC\x19\xEE\x88\x3F\x4D\x62\xF0\xDD\x13\x77\x8F\x61\xA9\x2A\xB5\xD4\xF2\xB9\x31\x58\x29\x3B\x2F\x3F\x6A\x9C\x6F\x73\x76\x25\xEE\x34\x20\x80\xEE\xEA\xB7\xF0\xC4\x0A\xCD\x2B\x86\x94\xC9\xE3\x60\xB1\x44\x52\xB2\x5A\x29\xB4\x91\x97\x83\xD8\xB7\xA6\x14\x2F\x29\x49\xA2\xF3\x05\x06\xFB\xB4\x4F\xDA\xA1\x6C\x9A\x66\x9F\xF0\x43\x09\xCA\xEA\x72\x8F\xEB\x00\xD7\x35\x39\xD7\x56\x17\x47\x17\x30\xF4\xBE\xBF\x3F\xC2\x68\xAF\x36\x40\xC1\xA9\xF4\xA9\xA7\xE8\x10\x6B\x08\x8A\xF7\x86\x1E\xDC\x9A\x2A\x15\x06\xF6\xA3\xF0\xF4\xE0\xC7\x14\xD4\x51\x7F\xCF\xB4\xDB\x6D\xAF\x47\x96\x17\x9B\x77\x71\xD8\xA7\x71\x9D\x24\x0C\xF6\x94\x3F\x85\x31\x12\x4F\xBA\xEE\x4E\x82\xB8\xB9\x3E\x8F\x23\x37\x5E\xCC\xA2\xAA\x75\xF7\x18\x6F\x09\xD3\xAE\xA7\x54\x28\x34\xFB\xE1\xE0\x3B\x60\x7D\xA0\xBE\x79\x89\x86\xC8\x9F\x2D\xF9\x0A\x4B\xC4\x50\xA2\xE7\xFD\x79\x16\xC7\x7A\x0B\x18\xCF\xCE\x4C\xEF\x7D\xD6\x07\x6F\x98\xF1\xAF\xB1\xC1\x7A\xD7\x81\x35\xB8\xAA\x17\xB4\xE0\xCB\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x29\xC5\x90\xAB\x25\xAF\x11\xE4\x61\xBF\xA3\xFF\x88\x61\x91\xE6\x0E\xFE\x9C\x81\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x10\x0D\xDA\xF8\x3A\xEC\x28\xD1\x14\x95\x82\xB1\x12\x2C\x51\x7A\x41\x25\x36\x4C\x9F\xEC\x3F\x1F\x84\x9D\x65\x54\x5C\xA8\x16\x02\x40\xFA\x6E\x1A\x37\x84\xEF\x72\x9D\x86\x0A\x55\x9D\x56\x28\xAC\x66\x2C\xD0\x3A\x56\x93\x34\x07\x25\xAD\x08\xB0\x8F\xC8\x0F\x09\x59\xCA\x9D\x98\x1C\xE5\x54\xF8\xB9\x45\x7F\x6A\x97\x6F\x88\x68\x4D\x4A\x06\x26\x37\x88\x02\x0E\xB6\xC6\xD6\x72\x99\xCE\x6B\x77\xDA\x62\x31\xA4\x56\x1F\xAE\x5F\x8D\x77\xDA\x5D\xF6\x88\xFC\x1A\xD9\x9E\xB5\x81\xF0\x32\xB8\xE3\x88\xD0\x9C\xF3\x6A\xA0\xB9\x9B\x14\x59\x35\x36\x4F\xCF\xF3\x8E\x5E\x5D\x17\xAD\x15\x95\xD8\xDD\xB2\xD5\x15\x6E\x00\x4E\xB3\x4B\xCF\x66\x94\xE4\xE0\xCD\xB5\x05\xDA\x63\x57\x8B\xE5\xB3\xAA\xDB\xC0\x2E\x1C\x90\x44\xDB\x1A\x5D\x18\xA4\xEE\xBE\x04\x5B\x99\xD5\x71\x5F\x55\x65\x64\x62\xD5\xA2\x9B\x04\x59\x86\xC8\x62\x77\xE7\x7C\x82\x45\x6A\x3D\x17\xBF\xEC\x9D\x75\x0C\xAE\xA3\x6F\x5A\xD3\x2F\x98\x36\xF4\xF0\xF5\x19\xAB\x11\x5D\xC8\xA6\xE3\x2A\x58\x6A\x42\x09\xC3\xBD\x92\x26\x66\x32\x0D\x5D\x08\x55\x74\xFF\x8C\x98\xD0\x0A\xA6\x84\x6A\xD1\x39\x7D",
+	["CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE"] = "\x30\x82\x04\x33\x30\x82\x03\x1B\xA0\x03\x02\x01\x02\x02\x03\x09\x83\xF3\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x0C\x0C\x44\x2D\x54\x72\x75\x73\x74\x20\x47\x6D\x62\x48\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x44\x2D\x54\x52\x55\x53\x54\x20\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x20\x32\x20\x32\x30\x30\x39\x30\x1E\x17\x0D\x30\x39\x31\x31\x30\x35\x30\x38\x33\x35\x35\x38\x5A\x17\x0D\x32\x39\x31\x31\x30\x35\x30\x38\x33\x35\x35\x38\x5A\x30\x4D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x0C\x0C\x44\x2D\x54\x72\x75\x73\x74\x20\x47\x6D\x62\x48\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x44\x2D\x54\x52\x55\x53\x54\x20\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x20\x32\x20\x32\x30\x30\x39\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xD3\xB2\x4A\xCF\x7A\x47\xEF\x75\x9B\x23\xFA\x3A\x2F\xD6\x50\x45\x89\x35\x3A\xC6\x6B\xDB\xFE\xDB\x00\x68\xA8\xE0\x03\x11\x1D\x37\x50\x08\x9F\x4D\x4A\x68\x94\x35\xB3\x53\xD1\x94\x63\xA7\x20\x56\xAF\xDE\x51\x78\xEC\x2A\x3D\xF3\x48\x48\x50\x3E\x0A\xDF\x46\x55\x8B\x27\x6D\xC3\x10\x4D\x0D\x91\x52\x43\xD8\x87\xE0\x5D\x4E\x36\xB5\x21\xCA\x5F\x39\x40\x04\x5F\x5B\x7E\xCC\xA3\xC6\x2B\xA9\x40\x1E\xD9\x36\x84\xD6\x48\xF3\x92\x1E\x34\x46\x20\x24\xC1\xA4\x51\x8E\x4A\x1A\xEF\x50\x3F\x69\x5D\x19\x7F\x45\xC3\xC7\x01\x8F\x51\xC9\x23\xE8\x72\xAE\xB4\xBC\x56\x09\x7F\x12\xCB\x1C\xB1\xAF\x29\x90\x0A\xC9\x55\xCC\x0F\xD3\xB4\x1A\xED\x47\x35\x5A\x4A\xED\x9C\x73\x04\x21\xD0\xAA\xBD\x0C\x13\xB5\x00\xCA\x26\x6C\xC4\x6B\x0C\x94\x5A\x95\x94\xDA\x50\x9A\xF1\xFF\xA5\x2B\x66\x31\xA4\xC9\x38\xA0\xDF\x1D\x1F\xB8\x09\x2E\xF3\xA7\xE8\x67\x52\xAB\x95\x1F\xE0\x46\x3E\xD8\xA4\xC3\xCA\x5A\xC5\x31\x80\xE8\x48\x9A\x9F\x94\x69\xFE\x19\xDD\xD8\x73\x7C\x81\xCA\x96\xDE\x8E\xED\xB3\x32\x05\x65\x84\x34\xE6\xE6\xFD\x57\x10\xB5\x5F\x76\xBF\x2F\xB0\x10\x0D\xC5\x02\x03\x01\x00\x01\xA3\x82\x01\x1A\x30\x82\x01\x16\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xFD\xDA\x14\xC4\x9F\x30\xDE\x21\xBD\x1E\x42\x39\xFC\xAB\x63\x23\x49\xE0\xF1\x84\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x81\xD3\x06\x03\x55\x1D\x1F\x04\x81\xCB\x30\x81\xC8\x30\x81\x80\xA0\x7E\xA0\x7C\x86\x7A\x6C\x64\x61\x70\x3A\x2F\x2F\x64\x69\x72\x65\x63\x74\x6F\x72\x79\x2E\x64\x2D\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x4E\x3D\x44\x2D\x54\x52\x55\x53\x54\x25\x32\x30\x52\x6F\x6F\x74\x25\x32\x30\x43\x6C\x61\x73\x73\x25\x32\x30\x33\x25\x32\x30\x43\x41\x25\x32\x30\x32\x25\x32\x30\x32\x30\x30\x39\x2C\x4F\x3D\x44\x2D\x54\x72\x75\x73\x74\x25\x32\x30\x47\x6D\x62\x48\x2C\x43\x3D\x44\x45\x3F\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x72\x65\x76\x6F\x63\x61\x74\x69\x6F\x6E\x6C\x69\x73\x74\x30\x43\xA0\x41\xA0\x3F\x86\x3D\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x64\x2D\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x63\x72\x6C\x2F\x64\x2D\x74\x72\x75\x73\x74\x5F\x72\x6F\x6F\x74\x5F\x63\x6C\x61\x73\x73\x5F\x33\x5F\x63\x61\x5F\x32\x5F\x32\x30\x30\x39\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x7F\x97\xDB\x30\xC8\xDF\xA4\x9C\x7D\x21\x7A\x80\x70\xCE\x14\x12\x69\x88\x14\x95\x60\x44\x01\xAC\xB2\xE9\x30\x4F\x9B\x50\xC2\x66\xD8\x7E\x8D\x30\xB5\x70\x31\xE9\xE2\x69\xC7\xF3\x70\xDB\x20\x15\x86\xD0\x0D\xF0\xBE\xAC\x01\x75\x84\xCE\x7E\x9F\x4D\xBF\xB7\x60\x3B\x9C\xF3\xCA\x1D\xE2\x5E\x68\xD8\xA3\x9D\x97\xE5\x40\x60\xD2\x36\x21\xFE\xD0\xB4\xB8\x17\xDA\x74\xA3\x7F\xD4\xDF\xB0\x98\x02\xAC\x6F\x6B\x6B\x2C\x25\x24\x72\xA1\x65\xEE\x25\x5A\xE5\xE6\x32\xE7\xF2\xDF\xAB\x49\xFA\xF3\x90\x69\x23\xDB\x04\xD9\xE7\x5C\x58\xFC\x65\xD4\x97\xBE\xCC\xFC\x2E\x0A\xCC\x25\x2A\x35\x04\xF8\x60\x91\x15\x75\x3D\x41\xFF\x23\x1F\x19\xC8\x6C\xEB\x82\x53\x04\xA6\xE4\x4C\x22\x4D\x8D\x8C\xBA\xCE\x5B\x73\xEC\x64\x54\x50\x6D\xD1\x9C\x55\xFB\x69\xC3\x36\xC3\x8C\xBC\x3C\x85\xA6\x6B\x0A\x26\x0D\xE0\x93\x98\x60\xAE\x7E\xC6\x24\x97\x8A\x61\x5F\x91\x8E\x66\x92\x09\x87\x36\xCD\x8B\x9B\x2D\x3E\xF6\x51\xD4\x50\xD4\x59\x28\xBD\x83\xF2\xCC\x28\x7B\x53\x86\x6D\xD8\x26\x88\x70\xD7\xEA\x91\xCD\x3E\xB9\xCA\xC0\x90\x6E\x5A\xC6\x5E\x74\x65\xD7\x5C\xFE\xA3\xE2",
+	["CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE"] = "\x30\x82\x04\x43\x30\x82\x03\x2B\xA0\x03\x02\x01\x02\x02\x03\x09\x83\xF4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x50\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x0C\x0C\x44\x2D\x54\x72\x75\x73\x74\x20\x47\x6D\x62\x48\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x0C\x21\x44\x2D\x54\x52\x55\x53\x54\x20\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x20\x32\x20\x45\x56\x20\x32\x30\x30\x39\x30\x1E\x17\x0D\x30\x39\x31\x31\x30\x35\x30\x38\x35\x30\x34\x36\x5A\x17\x0D\x32\x39\x31\x31\x30\x35\x30\x38\x35\x30\x34\x36\x5A\x30\x50\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x0C\x0C\x44\x2D\x54\x72\x75\x73\x74\x20\x47\x6D\x62\x48\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x0C\x21\x44\x2D\x54\x52\x55\x53\x54\x20\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x20\x32\x20\x45\x56\x20\x32\x30\x30\x39\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x99\xF1\x84\x34\x70\xBA\x2F\xB7\x30\xA0\x8E\xBD\x7C\x04\xCF\xBE\x62\xBC\x99\xFD\x82\x97\xD2\x7A\x0A\x67\x96\x38\x09\xF6\x10\x4E\x95\x22\x73\x99\x8D\xDA\x15\x2D\xE7\x05\xFC\x19\x73\x22\xB7\x8E\x98\x00\xBC\x3C\x3D\xAC\xA1\x6C\xFB\xD6\x79\x25\x4B\xAD\xF0\xCC\x64\xDA\x88\x3E\x29\xB8\x0F\x09\xD3\x34\xDD\x33\xF5\x62\xD1\xE1\xCD\x19\xE9\xEE\x18\x4F\x4C\x58\xAE\xE2\x1E\xD6\x0C\x5B\x15\x5A\xD8\x3A\xB8\xC4\x18\x64\x1E\xE3\x33\xB2\xB5\x89\x77\x4E\x0C\xBF\xD9\x94\x6B\x13\x97\x6F\x12\xA3\xFE\x99\xA9\x04\xCC\x15\xEC\x60\x68\x36\xED\x08\x7B\xB7\xF5\xBF\x93\xED\x66\x31\x83\x8C\xC6\x71\x34\x87\x4E\x17\xEA\xAF\x8B\x91\x8D\x1C\x56\x41\xAE\x22\x37\x5E\x37\xF2\x1D\xD9\xD1\x2D\x0D\x2F\x69\x51\xA7\xBE\x66\xA6\x8A\x3A\x2A\xBD\xC7\x1A\xB1\xE1\x14\xF0\xBE\x3A\x1D\xB9\xCF\x5B\xB1\x6A\xFE\xB4\xB1\x46\x20\xA2\xFB\x1E\x3B\x70\xEF\x93\x98\x7D\x8C\x73\x96\xF2\xC5\xEF\x85\x70\xAD\x29\x26\xFC\x1E\x04\x3E\x1C\xA0\xD8\x0F\xCB\x52\x83\x62\x7C\xEE\x8B\x53\x95\x90\xA9\x57\xA2\xEA\x61\x05\xD8\xF9\x4D\xC4\x27\xFA\x6E\xAD\xED\xF9\xD7\x51\xF7\x6B\xA5\x02\x03\x01\x00\x01\xA3\x82\x01\x24\x30\x82\x01\x20\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xD3\x94\x8A\x4C\x62\x13\x2A\x19\x2E\xCC\xAF\x72\x8A\x7D\x36\xD7\x9A\x1C\xDC\x67\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x81\xDD\x06\x03\x55\x1D\x1F\x04\x81\xD5\x30\x81\xD2\x30\x81\x87\xA0\x81\x84\xA0\x81\x81\x86\x7F\x6C\x64\x61\x70\x3A\x2F\x2F\x64\x69\x72\x65\x63\x74\x6F\x72\x79\x2E\x64\x2D\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x4E\x3D\x44\x2D\x54\x52\x55\x53\x54\x25\x32\x30\x52\x6F\x6F\x74\x25\x32\x30\x43\x6C\x61\x73\x73\x25\x32\x30\x33\x25\x32\x30\x43\x41\x25\x32\x30\x32\x25\x32\x30\x45\x56\x25\x32\x30\x32\x30\x30\x39\x2C\x4F\x3D\x44\x2D\x54\x72\x75\x73\x74\x25\x32\x30\x47\x6D\x62\x48\x2C\x43\x3D\x44\x45\x3F\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x72\x65\x76\x6F\x63\x61\x74\x69\x6F\x6E\x6C\x69\x73\x74\x30\x46\xA0\x44\xA0\x42\x86\x40\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x64\x2D\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x63\x72\x6C\x2F\x64\x2D\x74\x72\x75\x73\x74\x5F\x72\x6F\x6F\x74\x5F\x63\x6C\x61\x73\x73\x5F\x33\x5F\x63\x61\x5F\x32\x5F\x65\x76\x5F\x32\x30\x30\x39\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x34\xED\x7B\x5A\x3C\xA4\x94\x88\xEF\x1A\x11\x75\x07\x2F\xB3\xFE\x3C\xFA\x1E\x51\x26\xEB\x87\xF6\x29\xDE\xE0\xF1\xD4\xC6\x24\x09\xE9\xC1\xCF\x55\x1B\xB4\x30\xD9\xCE\x1A\xFE\x06\x51\xA6\x15\xA4\x2D\xEF\xB2\x4B\xBF\x20\x28\x25\x49\xD1\xA6\x36\x77\x34\xE8\x64\xDF\x52\xB1\x11\xC7\x73\x7A\xCD\x39\x9E\xC2\xAD\x8C\x71\x21\xF2\x5A\x6B\xAF\xDF\x3C\x4E\x55\xAF\xB2\x84\x65\x14\x89\xB9\x77\xCB\x2A\x31\xBE\xCF\xA3\x6D\xCF\x6F\x48\x94\x32\x46\x6F\xE7\x71\x8C\xA0\xA6\x84\x19\x37\x07\xF2\x03\x45\x09\x2B\x86\x75\x7C\xDF\x5F\x69\x57\x00\xDB\x6E\xD8\xA6\x72\x22\x4B\x50\xD4\x75\x98\x56\xDF\xB7\x18\xFF\x43\x43\x50\xAE\x7A\x44\x7B\xF0\x79\x51\xD7\x43\x3D\xA7\xD3\x81\xD3\xF0\xC9\x4F\xB9\xDA\xC6\x97\x86\xD0\x82\xC3\xE4\x42\x6D\xFE\xB0\xE2\x64\x4E\x0E\x26\xE7\x40\x34\x26\xB5\x08\x89\xD7\x08\x63\x63\x38\x27\x75\x1E\x33\xEA\x6E\xA8\xDD\x9F\x99\x4F\x74\x4D\x81\x89\x80\x4B\xDD\x9A\x97\x29\x5C\x2F\xBE\x81\x41\xB9\x8C\xFF\xEA\x7D\x60\x06\x9E\xCD\xD7\x3D\xD3\x2E\xA3\x15\xBC\xA8\xE6\x26\xE5\x6F\xC3\xDC\xB8\x03\x21\xEA\x9F\x16\xF1\x2C\x54\xB5",
+	["CN=PSCProcert,C=VE,O=Sistema Nacional de Certificacion Electronica,OU=Proveedor de Certificados PROCERT,ST=Miranda,L=Chacao,emailAddress=contacto@procert.net.ve"] = "\x30\x82\x09\x86\x30\x82\x07\x6E\xA0\x03\x02\x01\x02\x02\x01\x0B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x82\x01\x1E\x31\x3E\x30\x3C\x06\x03\x55\x04\x03\x13\x35\x41\x75\x74\x6F\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x52\x61\x69\x7A\x20\x64\x65\x6C\x20\x45\x73\x74\x61\x64\x6F\x20\x56\x65\x6E\x65\x7A\x6F\x6C\x61\x6E\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x56\x45\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x43\x61\x72\x61\x63\x61\x73\x31\x19\x30\x17\x06\x03\x55\x04\x08\x13\x10\x44\x69\x73\x74\x72\x69\x74\x6F\x20\x43\x61\x70\x69\x74\x61\x6C\x31\x36\x30\x34\x06\x03\x55\x04\x0A\x13\x2D\x53\x69\x73\x74\x65\x6D\x61\x20\x4E\x61\x63\x69\x6F\x6E\x61\x6C\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x45\x6C\x65\x63\x74\x72\x6F\x6E\x69\x63\x61\x31\x43\x30\x41\x06\x03\x55\x04\x0B\x13\x3A\x53\x75\x70\x65\x72\x69\x6E\x74\x65\x6E\x64\x65\x6E\x63\x69\x61\x20\x64\x65\x20\x53\x65\x72\x76\x69\x63\x69\x6F\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x45\x6C\x65\x63\x74\x72\x6F\x6E\x69\x63\x61\x31\x25\x30\x23\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x16\x61\x63\x72\x61\x69\x7A\x40\x73\x75\x73\x63\x65\x72\x74\x65\x2E\x67\x6F\x62\x2E\x76\x65\x30\x1E\x17\x0D\x31\x30\x31\x32\x32\x38\x31\x36\x35\x31\x30\x30\x5A\x17\x0D\x32\x30\x31\x32\x32\x35\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xD1\x31\x26\x30\x24\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x17\x63\x6F\x6E\x74\x61\x63\x74\x6F\x40\x70\x72\x6F\x63\x65\x72\x74\x2E\x6E\x65\x74\x2E\x76\x65\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x13\x06\x43\x68\x61\x63\x61\x6F\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x4D\x69\x72\x61\x6E\x64\x61\x31\x2A\x30\x28\x06\x03\x55\x04\x0B\x13\x21\x50\x72\x6F\x76\x65\x65\x64\x6F\x72\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x64\x6F\x73\x20\x50\x52\x4F\x43\x45\x52\x54\x31\x36\x30\x34\x06\x03\x55\x04\x0A\x13\x2D\x53\x69\x73\x74\x65\x6D\x61\x20\x4E\x61\x63\x69\x6F\x6E\x61\x6C\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x45\x6C\x65\x63\x74\x72\x6F\x6E\x69\x63\x61\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x56\x45\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x50\x53\x43\x50\x72\x6F\x63\x65\x72\x74\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xD5\xB7\xF4\xA3\x94\x33\xA1\x46\xA9\x55\x61\x49\x0D\xA8\x87\x73\x5E\x91\x2D\x70\xC1\x06\x1A\x94\xDA\x3D\xEC\x15\x42\xC1\xF5\x8C\xAE\x6A\x17\xF1\x8A\xAD\xFC\x80\x95\xEA\x83\x44\xA2\x5B\x7A\x55\xCE\x4F\xA7\xA5\xD5\xBA\xB8\x1F\xA0\x27\xC0\x50\x53\x3E\x8D\xB9\xC0\x0E\xB8\x15\xDC\xD6\x6C\xF8\x9E\xF8\x04\x25\xDF\x80\x8F\x10\x85\xDD\x7D\x2F\x7B\x80\xDD\x57\x00\x64\x23\xF8\x6E\xC9\xBE\x95\x4F\xE1\x75\xEC\xE0\x7E\x5E\x95\xCD\xB1\xEF\xBE\x7A\x42\xD8\xC9\x2C\xD3\xEB\x1A\x1A\x22\x8B\xB7\x7F\x06\x89\xE5\x3C\xF5\x12\xC0\xBB\xD3\x0B\x99\x5F\x90\x7C\x8E\x2D\x2F\x77\x33\x92\x4A\x21\x46\xA8\xA9\x08\xAC\xF1\xF6\x11\x02\xD9\x95\x16\x9E\x8D\x2F\x96\xE6\x02\xDD\x75\xC2\x14\x2A\x5A\xD6\xC9\x7D\x25\xC2\xC1\xFC\xAA\x67\x85\xE2\xEC\xBE\xD1\x7C\x3C\xFA\xAF\xD5\x6E\xFF\x53\x41\xD4\xF5\x32\x38\xB1\xE2\x5F\xC4\xF9\x8E\x10\xEF\x06\xA9\x02\x89\xFF\xE3\x0C\x6E\x97\xE0\xDF\x9D\xDB\x21\xD0\xF4\x3E\x08\x69\x6C\xD8\xD4\xE4\x36\xF8\x83\xB6\xB2\x36\x8F\x9C\xEF\x3A\x37\x16\x7D\xBF\xA2\x69\xD7\x3B\x5B\x72\xD0\xAF\xAA\x3F\x5C\x66\x93\xAC\x0A\x22\x61\xB6\xD2\xA0\x99\xC8\x54\x93\x5D\xA8\xB6\xD1\xBD\x5D\x0A\x5E\x77\x94\xA2\x2D\xC0\x82\x8E\xBC\xCA\x03\x2A\x34\xAE\x73\xF1\xD4\xB5\x0C\xBD\xBE\x67\x9B\x54\xEB\xE1\xFA\xA0\x5A\xEC\x38\x7E\x3E\xC1\xCC\xA2\xC7\x44\x31\x75\xEA\x3F\xE5\x07\xD2\xAB\xA1\x25\x96\xF6\xE6\xE4\xA0\x5D\x37\x18\x39\x61\x00\x33\x5D\x46\xD4\x00\xC4\xB4\xCA\x3C\xF1\xA2\xA3\x3E\xF3\x3A\xFF\x69\x30\x2E\x40\xDD\xF6\x9F\x9C\x26\xC9\x96\x37\xAD\xE7\x39\xA2\xBF\xEA\x69\xDB\x55\x22\x95\x53\x2A\x94\xB5\xDF\xAD\x16\x38\x81\x75\x66\xE3\xC7\x2C\x1B\x93\x9C\xAA\x8C\xA3\xCA\xD9\x6C\x3C\x17\x6D\x9C\xDC\x7C\x53\xE0\x20\x27\x43\x36\xF9\x12\xE1\x3C\x5C\xBD\x66\xBF\xA2\x69\x23\x38\xB8\x99\x60\x99\x0E\x56\x53\x3A\x9C\x7E\x14\x8C\xB0\x06\x6F\xF1\x86\x76\x90\xAF\xFD\xAF\xFE\x90\xC6\x8F\x9F\x7F\x8B\x92\x23\x9C\xE7\x15\x76\x8F\xD5\x8B\x94\x13\x72\x69\xFB\x2B\x61\x63\x88\xEF\xE6\xA4\x5E\xE6\xA3\x17\x6A\x58\x47\xCB\x71\x4F\x14\x0B\x5E\xC8\x02\x08\x26\xA2\xCB\xE9\xAF\x6B\x8A\x19\xC7\xCB\x14\x56\xF5\xE1\xDA\xB5\xD9\xFC\xBF\x73\x38\xDA\xF9\xE7\xAF\x6E\xA4\x37\xE2\x07\x27\x02\x03\x01\x00\x01\xA3\x82\x03\x17\x30\x82\x03\x13\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x01\x30\x37\x06\x03\x55\x1D\x12\x04\x30\x30\x2E\x82\x0F\x73\x75\x73\x63\x65\x72\x74\x65\x2E\x67\x6F\x62\x2E\x76\x65\xA0\x1B\x06\x05\x60\x86\x5E\x02\x02\xA0\x12\x0C\x10\x52\x49\x46\x2D\x47\x2D\x32\x30\x30\x30\x34\x30\x33\x36\x2D\x30\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x41\x0F\x19\x38\xAA\x99\x7F\x42\x0B\xA4\xD7\x27\x98\x54\xA2\x17\x4C\x2D\x51\x54\x30\x82\x01\x50\x06\x03\x55\x1D\x23\x04\x82\x01\x47\x30\x82\x01\x43\x80\x14\xAD\xBB\x22\x1D\xC6\xE0\xD2\x01\xA8\xFD\x76\x50\x52\x93\xED\x98\xC1\x4D\xAE\xD3\xA1\x82\x01\x26\xA4\x82\x01\x22\x30\x82\x01\x1E\x31\x3E\x30\x3C\x06\x03\x55\x04\x03\x13\x35\x41\x75\x74\x6F\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x52\x61\x69\x7A\x20\x64\x65\x6C\x20\x45\x73\x74\x61\x64\x6F\x20\x56\x65\x6E\x65\x7A\x6F\x6C\x61\x6E\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x56\x45\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x43\x61\x72\x61\x63\x61\x73\x31\x19\x30\x17\x06\x03\x55\x04\x08\x13\x10\x44\x69\x73\x74\x72\x69\x74\x6F\x20\x43\x61\x70\x69\x74\x61\x6C\x31\x36\x30\x34\x06\x03\x55\x04\x0A\x13\x2D\x53\x69\x73\x74\x65\x6D\x61\x20\x4E\x61\x63\x69\x6F\x6E\x61\x6C\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x45\x6C\x65\x63\x74\x72\x6F\x6E\x69\x63\x61\x31\x43\x30\x41\x06\x03\x55\x04\x0B\x13\x3A\x53\x75\x70\x65\x72\x69\x6E\x74\x65\x6E\x64\x65\x6E\x63\x69\x61\x20\x64\x65\x20\x53\x65\x72\x76\x69\x63\x69\x6F\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x45\x6C\x65\x63\x74\x72\x6F\x6E\x69\x63\x61\x31\x25\x30\x23\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x16\x61\x63\x72\x61\x69\x7A\x40\x73\x75\x73\x63\x65\x72\x74\x65\x2E\x67\x6F\x62\x2E\x76\x65\x82\x01\x0A\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x4D\x06\x03\x55\x1D\x11\x04\x46\x30\x44\x82\x0E\x70\x72\x6F\x63\x65\x72\x74\x2E\x6E\x65\x74\x2E\x76\x65\xA0\x15\x06\x05\x60\x86\x5E\x02\x01\xA0\x0C\x0C\x0A\x50\x53\x43\x2D\x30\x30\x30\x30\x30\x32\xA0\x1B\x06\x05\x60\x86\x5E\x02\x02\xA0\x12\x0C\x10\x52\x49\x46\x2D\x4A\x2D\x33\x31\x36\x33\x35\x33\x37\x33\x2D\x37\x30\x76\x06\x03\x55\x1D\x1F\x04\x6F\x30\x6D\x30\x46\xA0\x44\xA0\x42\x86\x40\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x73\x75\x73\x63\x65\x72\x74\x65\x2E\x67\x6F\x62\x2E\x76\x65\x2F\x6C\x63\x72\x2F\x43\x45\x52\x54\x49\x46\x49\x43\x41\x44\x4F\x2D\x52\x41\x49\x5A\x2D\x53\x48\x41\x33\x38\x34\x43\x52\x4C\x44\x45\x52\x2E\x63\x72\x6C\x30\x23\xA0\x21\xA0\x1F\x86\x1D\x6C\x64\x61\x70\x3A\x2F\x2F\x61\x63\x72\x61\x69\x7A\x2E\x73\x75\x73\x63\x65\x72\x74\x65\x2E\x67\x6F\x62\x2E\x76\x65\x30\x37\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x01\x04\x2B\x30\x29\x30\x27\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x01\x86\x1B\x68\x74\x74\x70\x3A\x2F\x2F\x6F\x63\x73\x70\x2E\x73\x75\x73\x63\x65\x72\x74\x65\x2E\x67\x6F\x62\x2E\x76\x65\x30\x41\x06\x03\x55\x1D\x20\x04\x3A\x30\x38\x30\x36\x06\x06\x60\x86\x5E\x03\x01\x02\x30\x2C\x30\x2A\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x1E\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x73\x75\x73\x63\x65\x72\x74\x65\x2E\x67\x6F\x62\x2E\x76\x65\x2F\x64\x70\x63\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x2B\x59\xEB\x22\x99\xBB\x84\xAA\x4F\xDE\x90\xC6\xD1\x86\x71\x23\x9E\x4B\x03\x91\x47\x70\xBB\xC0\x92\x60\xEC\xE0\xD4\xE7\x6D\xC6\xD3\xED\x67\x83\x77\x52\xD5\xF2\xE5\x77\xA7\x36\xB2\xE3\x54\xBE\xD9\xBB\x0A\x9B\x11\xEF\x61\xF4\xC6\x99\x33\x99\xF5\xAF\x00\x39\x8D\x83\xBF\xA6\xBD\x35\x7E\x2C\x5C\x31\x34\x6F\x6C\xDB\xF3\x64\x01\x98\xAA\x94\x2C\x41\xDD\x15\x86\xCA\x6B\x29\x4E\x16\xC0\x49\xFC\xD7\x83\x48\x13\x07\x51\x84\x31\x52\x88\xBB\x86\x17\xC7\x6B\x2F\x8A\x20\xAD\xC5\x0B\x8F\x70\x3E\x2A\xBB\x1B\x71\x8F\xB9\xA4\xA0\xFD\xD8\x95\xD9\xAF\x59\xBF\x25\x2B\x98\xE9\x63\x93\x2F\x60\x1E\xC4\xAA\xF8\x77\xF5\x8B\x6C\x2F\xED\x7E\x2E\xB5\x4F\x40\x0D\xEE\xBC\x57\x77\xE7\xD9\xB6\xD4\x3F\x95\x27\x3A\x20\xD5\xE5\xAE\xAB\x6C\x35\x9F\xC1\xA1\x1D\x59\xDC\x84\x81\xEE\x4D\x07\xE2\x48\xB6\x9E\x4B\x95\x2D\x41\xB1\xE1\xE8\xDE\x7E\x2F\x05\x1E\x68\xEE\xBF\xBB\x90\x65\x3A\xC8\xEE\xEA\xB1\x18\x37\x1C\x62\x93\xA4\xA0\x31\xEC\x71\x6C\x91\xE6\xA4\x79\x89\x5A\x14\xA7\x14\x50\x05\x4C\xA4\x00\x57\x30\x2C\xC1\xB5\x61\x96\xDC\x3E\x1E\x84\xAF\x39\x42\xCF\xE5\xD0\x2C\xB1\x24\xBC\xDF\x40\xC3\xED\x7F\x63\x4A\xBD\xE1\x4F\x12\x64\x86\x95\xF3\xB0\xE7\xC8\xB7\xE1\x53\xBD\x92\xE6\xF3\x0C\x96\xB9\xEB\xE8\xE6\x92\xED\xA7\x81\x09\x14\x0B\xFC\x95\x7A\xCF\x8F\xD6\x34\x4F\x36\x12\xDC\x5E\xD1\x34\x75\xC6\x46\x80\x2F\x95\x04\x8C\xC7\x86\xC4\xA8\x26\x89\xA8\x3F\x19\x9B\x81\xBB\x51\xA4\x4A\x86\xAB\x0B\x11\x0F\xB1\xAE\x63\x53\x6D\x28\xEA\xDD\x33\x56\x38\x1C\xB2\xAD\x80\xD3\xD7\x72\xBD\x9A\x6C\x99\x63\xE8\x00\xBB\x41\x76\x05\xB7\x5B\x99\x18\x8A\xC3\xB8\x12\x5C\x56\xCF\x56\x0C\x7D\xE8\xE2\xCF\xED\xBC\x74\x47\xFB\xEE\xD3\x17\x4E\x22\x4F\x56\xFF\x50\xF3\x2E\xE6\x39\xA6\x82\xD6\x71\xCA\xDE\xB7\xD5\xBA\x68\x08\xED\x99\xCC\xFD\xA2\x92\xCB\x69\xB8\x9D\xF9\x0A\xA4\xA6\x3E\x4F\x93\x28\x2A\x61\x6C\x07\x26\x00\xFF\x96\x5F\x68\x86\xB8\xB8\xCE\xCA\x55\xE0\xAB\xB1\x3D\x7F\x98\xD7\x33\x0E\x5A\x3D\xD8\x78\xC2\xC4\x60\x2F\xC7\x62\xF0\x61\x91\xD2\x38\xB0\xF6\x9E\x55\xDB\x40\x80\x05\x12\x33\xCE\x1D\x92\x9B\xD1\x69\xB3\xFF\xBF\xF1\x92\x0A\x61\x35\x3F\xDD\xFE\x86\xF4\xBC\xE0\x1A\x71\xB3\x62\xA6",
+	["CN=China Internet Network Information Center EV Certificates Root,O=China Internet Network Information Center,C=CN"] = "\x30\x82\x03\xF7\x30\x82\x02\xDF\xA0\x03\x02\x01\x02\x02\x04\x48\x9F\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x8A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x32\x30\x30\x06\x03\x55\x04\x0A\x0C\x29\x43\x68\x69\x6E\x61\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x20\x49\x6E\x66\x6F\x72\x6D\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x65\x72\x31\x47\x30\x45\x06\x03\x55\x04\x03\x0C\x3E\x43\x68\x69\x6E\x61\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x20\x49\x6E\x66\x6F\x72\x6D\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x65\x72\x20\x45\x56\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x73\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x31\x30\x30\x38\x33\x31\x30\x37\x31\x31\x32\x35\x5A\x17\x0D\x33\x30\x30\x38\x33\x31\x30\x37\x31\x31\x32\x35\x5A\x30\x81\x8A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x32\x30\x30\x06\x03\x55\x04\x0A\x0C\x29\x43\x68\x69\x6E\x61\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x20\x49\x6E\x66\x6F\x72\x6D\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x65\x72\x31\x47\x30\x45\x06\x03\x55\x04\x03\x0C\x3E\x43\x68\x69\x6E\x61\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x20\x49\x6E\x66\x6F\x72\x6D\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x65\x72\x20\x45\x56\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x73\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x9B\x7E\x73\xEE\xBD\x3B\x78\xAA\x64\x43\x41\xF5\x50\xDF\x94\xF2\x2E\xB2\x8D\x4A\x8E\x46\x54\xD2\x21\x12\xC8\x39\x32\x42\x06\xE9\x83\xD5\x9F\x52\xED\xE5\x67\x03\x3B\x54\xC1\x8C\x99\x99\xCC\xE9\xC0\x0F\xFF\x0D\xD9\x84\x11\xB2\xB8\xD1\xCB\x5B\xDC\x1E\xF9\x68\x31\x64\xE1\x9B\xFA\x74\xEB\x68\xB9\x20\x95\xF7\xC6\x0F\x8D\x47\xAC\x5A\x06\xDD\x61\xAB\xE2\xEC\xD8\x9F\x17\x2D\x9C\xCA\x3C\x35\x97\x55\x71\xCD\x43\x85\xB1\x47\x16\xF5\x2C\x53\x80\x76\xCF\xD3\x00\x64\xBD\x40\x99\xDD\xCC\xD8\xDB\xC4\x9F\xD6\x13\x5F\x41\x83\x8B\xF9\x0D\x87\x92\x56\x34\x6C\x1A\x10\x0B\x17\xD5\x5A\x1C\x97\x58\x84\x3C\x84\x1A\x2E\x5C\x91\x34\x6E\x19\x5F\x7F\x17\x69\xC5\x65\xEF\x6B\x21\xC6\xD5\x50\x3A\xBF\x61\xB9\x05\x8D\xEF\x6F\x34\x3A\xB2\x6F\x14\x63\xBF\x16\x3B\x9B\xA9\x2A\xFD\xB7\x2B\x38\x66\x06\xC5\x2C\xE2\xAA\x67\x1E\x45\xA7\x8D\x04\x66\x42\xF6\x8F\x2B\xEF\x88\x20\x69\x8F\x32\x8C\x14\x73\xDA\x2B\x86\x91\x63\x22\x9A\xF2\xA7\xDB\xCE\x89\x8B\xAB\x5D\xC7\x14\xC1\x5B\x30\x6A\x1F\xB1\xB7\x9E\x2E\x81\x01\x02\xED\xCF\x96\x5E\x63\xDB\xA8\xE6\x38\xB7\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x7C\x72\x4B\x39\xC7\xC0\xDB\x62\xA5\x4F\x9B\xAA\x18\x34\x92\xA2\xCA\x83\x82\x59\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x7C\x72\x4B\x39\xC7\xC0\xDB\x62\xA5\x4F\x9B\xAA\x18\x34\x92\xA2\xCA\x83\x82\x59\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x2A\xC3\xC7\x43\x37\x8F\xDD\xAD\xA4\xB2\x0C\xEE\xDC\x14\x6D\x8F\x28\xA4\x98\x49\xCB\x0C\x80\xEA\xF3\xED\x23\x66\x75\x7D\xC5\xD3\x21\x67\x79\xD1\x73\xC5\xB5\x03\xB7\x58\xAC\x0C\x54\x2F\xC6\x56\x13\x0F\x31\xDA\x06\xE7\x65\x3B\x1D\x6F\x36\xDB\xC8\x1D\xF9\xFD\x80\x06\xCA\xA3\x3D\x66\x16\xA8\x9D\x4C\x16\x7D\xC0\x95\x46\xB5\x51\xE4\xE2\x1F\xD7\xEA\x06\x4D\x63\x8D\x96\x8C\xEF\xE7\x33\x57\x42\x3A\xEB\x8C\xC1\x79\xC8\x4D\x76\x7D\xDE\xF6\xB1\xB7\x81\xE0\xA0\xF9\xA1\x78\x46\x17\x1A\x56\x98\xF0\x4E\x3D\xAB\x1C\xED\xEC\x39\xDC\x07\x48\xF7\x63\xFE\x06\xAE\xC2\xA4\x5C\x6A\x5B\x32\x88\xC5\xC7\x33\x85\xAC\x66\x42\x47\xC2\x58\x24\x99\xE1\xE5\x3E\xE5\x75\x2C\x8E\x43\xD6\x5D\x3C\x78\x1E\xA8\x95\x82\x29\x50\xD1\xD1\x16\xBA\xEF\xC1\xBE\x7A\xD9\xB4\xD8\xCC\x1E\x4C\x46\xE1\x77\xB1\x31\xAB\xBD\x2A\xC8\xCE\x8F\x6E\xA1\x5D\x7F\x03\x75\x34\xE4\xAD\x89\x45\x54\x5E\xBE\xAE\x28\xA5\xBB\x3F\x78\x79\xEB\x73\xB3\x0A\x0D\xFD\xBE\xC9\xF7\x56\xAC\xF6\xB7\xED\x2F\x9B\x21\x29\xC7\x38\xB6\x95\xC4\x04\xF2\xC3\x2D\xFD\x14\x2A\x90\x99\xB9\x07\xCC\x9F",
+	["CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch"] = "\x30\x82\x05\xD9\x30\x82\x03\xC1\xA0\x03\x02\x01\x02\x02\x10\x1E\x9E\x28\xE8\x48\xF2\xE5\xEF\xC3\x7C\x4A\x1E\x5A\x18\x67\xB6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x63\x68\x31\x11\x30\x0F\x06\x03\x55\x04\x0A\x13\x08\x53\x77\x69\x73\x73\x63\x6F\x6D\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x44\x69\x67\x69\x74\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x53\x77\x69\x73\x73\x63\x6F\x6D\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x1E\x17\x0D\x31\x31\x30\x36\x32\x34\x30\x38\x33\x38\x31\x34\x5A\x17\x0D\x33\x31\x30\x36\x32\x35\x30\x37\x33\x38\x31\x34\x5A\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x63\x68\x31\x11\x30\x0F\x06\x03\x55\x04\x0A\x13\x08\x53\x77\x69\x73\x73\x63\x6F\x6D\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x44\x69\x67\x69\x74\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x53\x77\x69\x73\x73\x63\x6F\x6D\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\x95\x42\x4E\x84\x9D\x51\xE6\xD3\x09\xE8\x72\x5A\x23\x69\xDB\x78\x70\x8E\x16\xF1\x2B\x8F\x0D\x03\xCE\x93\xCC\x2E\x00\x08\x7B\xAB\x33\x8C\xF4\xE9\x40\xE6\x17\x4C\xAB\x9E\xB8\x47\x14\x32\x77\x32\xDD\x28\x0C\xDE\x18\x4B\x5F\x76\x9F\xF8\x39\x3B\xFC\x4E\x89\xD8\x7C\xC5\x67\xEF\xAB\xD2\xB9\x34\x5F\x6B\x3A\xF3\x64\x36\xCE\xC2\xB0\xCF\x13\x68\xCA\xC8\xCB\xEB\xB5\xE2\x3D\x2E\x21\xDF\xEA\x2C\xD4\xE0\xF9\x70\x96\x4C\xFF\x6A\x58\x98\xB7\x17\xE4\x1B\x52\xE5\x7E\x07\x00\x1D\x5F\xDA\xE6\x3E\x95\x04\xB7\x69\x88\x39\xA1\x41\x60\x25\x61\x4B\x95\x39\x68\x62\x1C\xB1\x0B\x05\x89\xC0\x36\x82\x14\x21\x3F\xAE\xDB\xA1\xFD\xBC\x6F\x1C\x60\x86\xB6\x53\x94\x49\xB9\x2B\x46\xC5\x4F\x00\x2B\xBF\xA1\xBB\xCB\x3F\xE0\xC7\x57\x1C\x57\xE8\xD6\x69\xF8\xC1\x24\x52\x9D\x88\x55\xDD\xC2\x87\x2E\x74\x23\xD0\x14\xFD\x2A\x47\x5A\xBB\xA6\x9D\xFD\x94\xE4\xD1\x8A\xA5\x5F\x86\x63\x76\x85\xCB\xAF\xFF\x49\x28\xFC\x80\xED\x4C\x79\xD2\xBB\xE4\xC0\xEF\x01\xEE\x50\x41\x08\x35\x23\x70\x2B\xA9\x16\xB4\x8C\x6E\x85\xE9\xB6\x11\xCF\x31\xDD\x53\x26\x1B\xDF\x2D\x5A\x4A\x02\x40\xFC\xC4\xC0\xB6\xE9\x31\x1A\x08\x28\xE5\x60\xC3\x1F\xC4\x90\x8E\x10\x62\x60\x44\x0D\xEC\x0A\xBE\x55\x18\x71\x2C\xA5\xF4\xB2\xBC\x15\x62\xFF\x1C\xE3\xBE\x1D\xDA\x1E\x57\xB3\x3C\x7E\xCD\x82\x1D\x91\xE3\x4B\xEB\x2C\x52\x34\xB0\x8A\xFD\x12\x4E\x96\xB0\xEB\x70\x7F\x9E\x39\xF7\x66\x42\xB1\xAB\xAC\x52\xDA\x76\x40\x57\x7B\x2A\xBD\xE8\x6E\x03\xB2\x0B\x80\x85\x88\x9D\x0C\xC7\xC2\x77\xB0\x9A\x9A\x57\xF4\xB8\xFA\x13\x5C\x68\x93\x3A\x67\xA4\x97\xD0\x1B\x99\xB7\x86\x32\x4B\x60\xD8\xCE\xEF\xD0\x0C\x7F\x95\x9F\x6F\x87\x4F\x87\x8A\x8E\x5F\x08\x7C\xAA\x5B\xFC\x5A\xBE\xA1\x91\x9F\x55\x7D\x4E\xB0\x0B\x69\xCC\xB0\x94\xA8\xA7\x87\xF2\xD3\x4A\x50\xDC\x5F\x72\xB0\x16\x75\x1E\xCB\xB4\x18\x62\x9A\xB0\xA7\x39\xAA\x9B\x9F\x66\xD8\x8D\xA6\x6C\x96\x15\xE3\xE6\xF2\xF8\xF1\x83\x62\x6C\xBB\x55\xE9\x61\x93\xA3\x3D\xF5\xB1\x57\x8B\x4F\x23\xB0\x9B\xE5\x94\x6A\x2F\xDF\x8C\xDF\x95\x51\x29\x60\xA1\x0B\x29\xE4\x5C\x55\x58\xB7\xA8\xFC\x99\xEE\x25\x4D\x4C\x0E\xB3\xD3\x4C\x8F\x84\xE8\x29\x0F\xFD\x10\x54\x02\x85\xC8\xF9\xE5\xC3\x8B\xCF\xE7\x0F\x02\x03\x01\x00\x01\xA3\x81\x86\x30\x81\x83\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1D\x06\x03\x55\x1D\x21\x04\x16\x30\x14\x30\x12\x06\x07\x60\x85\x74\x01\x53\x02\x01\x06\x07\x60\x85\x74\x01\x53\x02\x01\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x07\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4D\x26\x20\x22\x89\x4B\xD3\xD5\xA4\x0A\xA1\x6F\xDE\xE2\x12\x81\xC5\xF1\x3C\x2E\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x4D\x26\x20\x22\x89\x4B\xD3\xD5\xA4\x0A\xA1\x6F\xDE\xE2\x12\x81\xC5\xF1\x3C\x2E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x32\x0A\xB2\xA4\x1B\xCB\x7D\xBE\x82\x57\x89\xB9\x6A\x7F\xF3\xF4\xC1\x2E\x11\x7D\xB8\x19\x3E\x79\xB7\xA8\xA8\x72\x37\x66\x9B\x1A\xED\xAC\x13\x3B\x0E\xBF\x62\xF0\x9C\xDF\x9E\x7B\xA1\x53\x48\x0E\x41\x7A\xCA\x20\xA7\x17\x1B\xB6\x78\xEC\x40\x91\xF3\x42\xAD\x10\xC3\x5C\xEF\xFF\x60\x59\x7F\xCD\x85\xA3\x8B\x3D\x48\x1C\x25\x02\x3C\x67\x7D\xF5\x32\xE9\x2F\x30\xE5\x7D\xA5\x7A\x38\xD0\xF3\x66\x2A\x66\x1E\x8D\x33\x83\x8A\x6F\x7C\x6E\xA8\x5A\x75\x9A\xB8\xD7\xDA\x58\x48\x44\x47\xA8\x4C\xFA\x4C\x49\x0A\x4A\xC2\x12\x37\xA8\x40\x0C\xC3\xC8\xE1\xD0\x57\x0D\x97\x32\x95\xC7\x3A\x9F\x97\xD3\x57\xF8\x0B\xDE\xE5\x72\xF3\xA3\xDB\xFF\xB5\xD8\x59\xB2\x73\xDD\x4D\x2A\x71\xB2\xBA\x49\xF5\xCB\x1C\xD5\xF5\x79\xC8\x99\xB3\xFC\xC1\x4C\x74\xE3\xB4\xBD\x29\x37\x15\x04\x28\x1E\xDE\x45\x46\x70\xEC\xAF\xBA\x78\x0E\x8A\x2A\xCE\x00\x79\xDC\xC0\x5F\x19\x67\x2C\x6B\x4B\xEF\x68\x68\x0B\x43\xE3\xAC\xC1\x62\x09\xEF\xA6\xDD\x65\x61\xA0\xAF\x84\x55\x48\x91\x52\x1C\xC6\x25\x91\x2A\xD0\xC1\x22\x23\x61\x59\xAF\x45\x11\x85\x1D\x01\x24\x34\x8F\xCF\xB3\xFF\x17\x72\x20\x13\xC2\x80\xAA\x21\x2C\x71\x39\x0E\xD0\x8F\x5C\xC1\xD3\xD1\x8E\x22\x72\x46\x4C\x1D\x96\xAE\x4F\x71\xB1\xE1\x05\x29\x96\x59\xF4\xBB\x9E\x75\x3D\xCF\x0D\x37\x0D\x62\xDB\x26\x8C\x63\xA9\x23\xDF\x67\x06\x3C\x7C\x3A\xDA\x34\x42\xE1\x66\xB4\x46\x04\xDE\xC6\x96\x98\x0F\x4B\x48\x7A\x24\x32\x75\x91\x9F\xAC\xF7\x68\xE9\x2A\xB9\x55\x65\xCE\x5D\x61\xD3\x27\x70\xD8\x37\xFE\x9F\xB9\xAF\xA0\x2E\x56\xB7\xA3\x65\x51\xED\x3B\xAB\x14\xBF\x4C\x51\x03\xE8\x5F\x8A\x05\x9B\xEE\x8A\x6E\x9C\xEF\xBF\x68\xFA\xC8\xDA\x0B\xE3\x42\xC9\xD0\x17\x14\x9C\xB7\x4A\xE0\xAF\x93\x27\x21\x55\x26\xB5\x64\x2F\x8D\xF1\xFF\xA6\x40\x05\x85\x05\x5C\xCA\x07\x19\x5C\x0B\x13\x28\x4C\x58\x7F\xC2\xA5\xEF\x45\xDA\x60\xD3\xAE\x65\x61\x9D\x53\x83\x74\xC2\xAE\xF2\x5C\xC2\x16\xED\x92\x3E\x84\x3E\x73\x60\x88\xBC\x76\xF4\x2C\xCF\xD0\x7D\x7D\xD3\xB8\x5E\xD1\x91\x12\x10\xE9\xCD\xDD\xCA\x25\xE3\xD5\xED\x99\x2F\xBE\x75\x81\x4B\x24\xF9\x45\x46\x94\xC9\x29\x21\x53\x9C\x26\x45\xAA\x13\x17\xE4\xE7\xCD\x78\xE2\x39\xC1\x2B\x12\x9E\xA6\x9E\x1B\xC5\xE6\x0E\xD9\x31\xD9",
+	["CN=Swisscom Root EV CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch"] = "\x30\x82\x05\xE0\x30\x82\x03\xC8\xA0\x03\x02\x01\x02\x02\x11\x00\xF2\xFA\x64\xE2\x74\x63\xD3\x8D\xFD\x10\x1D\x04\x1F\x76\xCA\x58\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x63\x68\x31\x11\x30\x0F\x06\x03\x55\x04\x0A\x13\x08\x53\x77\x69\x73\x73\x63\x6F\x6D\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x44\x69\x67\x69\x74\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x13\x15\x53\x77\x69\x73\x73\x63\x6F\x6D\x20\x52\x6F\x6F\x74\x20\x45\x56\x20\x43\x41\x20\x32\x30\x1E\x17\x0D\x31\x31\x30\x36\x32\x34\x30\x39\x34\x35\x30\x38\x5A\x17\x0D\x33\x31\x30\x36\x32\x35\x30\x38\x34\x35\x30\x38\x5A\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x63\x68\x31\x11\x30\x0F\x06\x03\x55\x04\x0A\x13\x08\x53\x77\x69\x73\x73\x63\x6F\x6D\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x44\x69\x67\x69\x74\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x13\x15\x53\x77\x69\x73\x73\x63\x6F\x6D\x20\x52\x6F\x6F\x74\x20\x45\x56\x20\x43\x41\x20\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xC4\xF7\x1D\x2F\x57\xEA\x57\x6C\xF7\x70\x5D\x63\xB0\x71\x52\x09\x60\x44\x28\x33\xA3\x7A\x4E\x0A\xFA\xD8\xEA\x6C\x8B\x51\x16\x1A\x55\xAE\x54\x26\xC4\xCC\x45\x07\x41\x4F\x10\x79\x7F\x71\xD2\x7A\x4E\x3F\x38\x4E\xB3\x00\xC6\x95\xCA\x5B\xCD\xC1\x2A\x83\xD7\x27\x1F\x31\x0E\x23\x16\xB7\x25\xCB\x1C\xB4\xB9\x80\x32\x5E\x1A\x9D\x93\xF1\xE8\x3C\x60\x2C\xA7\x5E\x57\x19\x58\x51\x5E\xBC\x2C\x56\x0B\xB8\xD8\xEF\x8B\x82\xB4\x3C\xB8\xC2\x24\xA8\x13\xC7\xA0\x21\x36\x1B\x7A\x57\x29\x28\xA7\x2E\xBF\x71\x25\x90\xF3\x44\x83\x69\x50\xA4\xE4\xE1\x1B\x62\x19\x94\x09\xA3\xF3\xC3\xBC\xEF\xF4\xBD\xEC\xDB\x13\x9D\xCF\x9D\x48\x09\x52\x67\xC0\x37\x29\x11\x1E\xFB\xD2\x11\xA7\x85\x18\x74\x79\xE4\x4F\x85\x14\xEB\x52\x37\xE2\xB1\x45\xD8\xCC\x0D\x43\x7F\xAE\x13\xD2\x6B\x2B\x3F\xA7\xC2\xE2\xA8\x6D\x76\x5B\x43\x9F\xBE\xB4\x9D\xB3\x26\x86\x3B\x1F\x7F\xE5\xF2\xE8\x66\x28\x16\x25\xD0\x4B\x97\x38\xA7\xE4\xCF\x09\xD1\x36\xC3\x0B\xBE\xDA\x3B\x44\x58\x8D\xBE\xF1\x9E\x09\x6B\x3E\xF3\x32\xC7\x2B\x87\xC6\xEC\x5E\x9C\xF6\x87\x65\xAD\x33\x29\xC4\x2F\x89\xD9\xB9\xCB\xC9\x03\x9D\xFB\x6C\x94\x51\x97\x10\x1B\x86\x0B\x1A\x1B\x3F\xF6\x02\x7E\x7B\xD4\xC5\x51\x64\x28\x9D\xF5\xD3\xAC\x83\x81\x88\xD3\x74\xB4\x59\x9D\xC1\xEB\x61\x33\x5A\x45\xD1\xCB\x39\xD0\x06\x6A\x53\x60\x1D\xAF\xF6\xFB\x69\xBC\x6A\xDC\x01\xCF\xBD\xF9\x8F\xD9\xBD\x5B\xC1\x3A\x5F\x8E\xDA\x0F\x4B\xA9\x9B\x9D\x2A\x28\x6B\x1A\x0A\x7C\x3C\xAB\x22\x0B\xE5\x77\x2D\x71\xF6\x82\x35\x81\xAE\xF8\x7B\x81\xE6\xEA\xFE\xAC\xF4\x1A\x9B\x74\x5C\xE8\x8F\x24\xF6\x5D\x9D\x46\xC4\x2C\xD2\x1E\x2B\x21\x6A\x83\x27\x67\x55\x4A\xA4\xE3\xC8\x32\x97\x66\x90\x72\xDA\xE3\xD4\x64\x2E\x5F\xE3\xA1\x6A\xF6\x60\xD4\xE7\x35\xCD\xCA\xC4\x68\x8D\xD7\x71\xC8\xD3\x24\x33\x73\xB1\x6C\xF9\x6A\xE1\x28\xDB\x5F\xC6\x3D\xE8\xBE\x55\xE6\x37\x1B\xED\x24\xD9\x0F\x19\x8F\x5F\x63\x18\x58\x50\x81\x51\x65\x6F\xF2\x9F\x7E\x6A\x04\xE7\x34\x24\x71\xBA\x76\x4B\x58\x1E\x19\xBD\x15\x60\x45\xAA\x0C\x12\x40\x01\x9D\x10\xE2\xC7\x38\x07\x72\x0A\x65\xC0\xB6\xBB\x25\x29\xDA\x16\x9E\x8B\x35\x8B\x61\xED\xE5\x71\x57\x83\xB5\x3C\x71\x9F\xE3\x4F\xBF\x7E\x1E\x81\x9F\x41\x97\x02\x03\x01\x00\x01\xA3\x81\x86\x30\x81\x83\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1D\x06\x03\x55\x1D\x21\x04\x16\x30\x14\x30\x12\x06\x07\x60\x85\x74\x01\x53\x02\x02\x06\x07\x60\x85\x74\x01\x53\x02\x02\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x03\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x45\xD9\xA5\x81\x6E\x3D\x88\x4D\x8D\x71\xD2\x46\xC1\x6E\x45\x1E\xF3\xC4\x80\x9D\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x45\xD9\xA5\x81\x6E\x3D\x88\x4D\x8D\x71\xD2\x46\xC1\x6E\x45\x1E\xF3\xC4\x80\x9D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x94\x3A\x73\x06\x9F\x52\x4B\x30\x5C\xD4\xFE\xB1\x5C\x25\xF9\xD7\x8E\x6F\xF5\x87\x64\x9F\xED\x14\x8E\xB8\x04\x8E\x28\x4B\x8F\xAA\x7B\x8E\x39\xB4\xD9\x58\xF6\x7B\xA1\x35\x0A\xA1\x9D\x8A\xF7\x63\xE5\xEB\xBD\x39\x82\xD4\xE3\x7A\x2D\x6F\xDF\x13\x3C\xBA\xFE\x7E\x56\x98\x0B\xF3\x54\x9F\xCD\x44\x4E\x6E\x3C\xE1\x3E\x15\xBF\x06\x26\x9D\xE4\xF0\x90\xB6\xD4\xC2\x9E\x30\x2E\x1F\xEF\xC7\x7A\xC4\x50\xC7\xEA\x7B\xDA\x50\xCB\x7A\x26\xCB\x00\xB4\x5A\xAB\xB5\x93\x1F\x80\x89\x84\x04\x95\x8D\x8D\x7F\x09\x93\xBF\xD4\xA8\xA8\xE4\x63\x6D\xD9\x64\xE4\xB8\x29\x5A\x08\xBF\x50\xE1\x84\x0F\x55\x7B\x5F\x08\x22\x1B\xF5\xBD\x99\x1E\x14\xF6\xCE\xF4\x58\x10\x82\xB3\x0A\x3D\x19\xC1\xBF\x5B\xAB\xAA\x99\xD8\xF2\x31\xBD\xE5\x38\x66\xDC\x58\x05\xC7\xED\x63\x1A\x2E\x0A\x97\x7C\x87\x93\x2B\xB2\x8A\xE3\xF1\xEC\x18\xE5\x75\xB6\x29\x87\xE7\xDC\x8B\x1A\x7E\xB4\xD8\xC9\xD3\x8A\x17\x6C\x7D\x29\x44\xBE\x8A\xAA\xF5\x7E\x3A\x2E\x68\x31\x93\xB9\x6A\xDA\x9A\xE0\xDB\xE9\x2E\xA5\x84\xCD\x1C\x0A\xB8\x4A\x08\xF9\x9C\xF1\x61\x26\x98\x93\xB7\x7B\x66\xEC\x91\x5E\xDD\x51\x3F\xDB\x73\x0F\xAD\x04\x58\x09\xDD\x04\x02\x95\x0A\x3E\xD3\x76\xDF\xA6\x10\x1E\x80\x3D\xE8\xCD\xA4\x64\xD1\x33\xC7\x92\xC7\xE2\x4E\x44\xE3\x09\xC9\x4E\xC2\x5D\x87\x0E\x12\x9E\xBF\x0F\xC9\x05\x10\xDE\x7A\xA3\xB1\x3C\xF2\x3F\xA5\xAA\x27\x79\xAD\x31\x7D\x1F\xFD\xFC\x19\x69\xC5\xDD\xB9\x3F\x7C\xCD\xC6\xB4\xC2\x30\x1E\x7E\x6E\x92\xD7\x7F\x61\x76\x5A\x8F\xEB\x95\x4D\xBC\x11\x6E\x21\x7C\x59\x37\x99\xD0\x06\xBC\xF9\x06\x6D\x32\x16\xA5\xD9\x69\xA8\xE1\xDC\x3C\x80\x1E\x60\x51\xDC\xD7\x54\x21\x1E\xCA\x62\x77\x4F\xFA\xD8\x8F\xB3\x2B\x3A\x0D\x78\x72\xC9\x68\x41\x5A\x47\x4A\xC2\xA3\xEB\x1A\xD7\x0A\xAB\x3C\x32\x55\xC8\x0A\x11\x9C\xDF\x74\xD6\xF0\x40\x15\x1D\xC8\xB9\x8F\xB5\x36\xC5\xAF\xF8\x22\xB8\xCA\x1D\xF3\xD6\xB6\x19\x0F\x9F\x61\x65\x6A\xEA\x74\xC8\x7C\x8F\xC3\x4F\x5D\x65\x82\x1F\xD9\x0D\x89\xDA\x75\x72\xFB\xEF\xF1\x47\x67\x13\xB3\xC8\xD1\x19\x88\x27\x26\x9A\x99\x79\x7F\x1E\xE4\x2C\x3F\x7B\xEE\xF1\xDE\x4D\x8B\x96\x97\xC3\xD5\x3F\x7C\x1B\x23\xED\xA4\xB3\x1D\x16\x72\x43\x4B\x20\xE1\x59\x7E\xC2\xE8\xAD\x26\xBF\xA2\xF7",
+	["CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK"] = "\x30\x82\x05\x69\x30\x82\x03\x51\xA0\x03\x02\x01\x02\x02\x09\x00\xC3\x03\x9A\xEE\x50\x90\x6E\x28\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x52\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x4B\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x42\x72\x61\x74\x69\x73\x6C\x61\x76\x61\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x44\x69\x73\x69\x67\x20\x61\x2E\x73\x2E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x43\x41\x20\x44\x69\x73\x69\x67\x20\x52\x6F\x6F\x74\x20\x52\x31\x30\x1E\x17\x0D\x31\x32\x30\x37\x31\x39\x30\x39\x30\x36\x35\x36\x5A\x17\x0D\x34\x32\x30\x37\x31\x39\x30\x39\x30\x36\x35\x36\x5A\x30\x52\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x4B\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x42\x72\x61\x74\x69\x73\x6C\x61\x76\x61\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x44\x69\x73\x69\x67\x20\x61\x2E\x73\x2E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x43\x41\x20\x44\x69\x73\x69\x67\x20\x52\x6F\x6F\x74\x20\x52\x31\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xAA\xC3\x78\xF7\xDC\x98\xA3\xA7\x5A\x5E\x77\x18\xB2\xDD\x04\x64\x0F\x63\xFD\x9B\x96\x09\x80\xD5\xE8\xAA\xA5\xE2\x9C\x26\x94\x3A\xE8\x99\x73\x8C\x9D\xDF\xD7\xDF\x83\xF3\x78\x4F\x40\xE1\x7F\xD2\xA7\xD2\xE5\xCA\x13\x93\xE7\xED\xC6\x77\x5F\x36\xB5\x94\xAF\xE8\x38\x8E\xDB\x9B\xE5\x7C\xBB\xCC\x8D\xEB\x75\x73\xE1\x24\xCD\xE6\xA7\x2D\x19\x2E\xD8\xD6\x8A\x6B\x14\xEB\x08\x62\x0A\xD8\xDC\xB3\x00\x4D\xC3\x23\x7C\x5F\x43\x08\x23\x32\x12\xDC\xED\x0C\xAD\xC0\x7D\x0F\xA5\x7A\x42\xD9\x5A\x70\xD9\xBF\xA7\xD7\x01\x1C\xF6\x9B\xAB\x8E\xB7\x4A\x86\x78\xA0\x1E\x56\x31\xAE\xEF\x82\x0A\x80\x41\xF7\x1B\xC9\xAE\xAB\x32\x26\xD4\x2C\x6B\xED\x7D\x6B\xE4\xE2\x5E\x22\x0A\x45\xCB\x84\x31\x4D\xAC\xFE\xDB\xD1\x47\xBA\xF9\x60\x97\x39\xB1\x65\xC7\xDE\xFB\x99\xE4\x0A\x22\xB1\x2D\x4D\xE5\x48\x26\x69\xAB\xE2\xAA\xF3\xFB\xFC\x92\x29\x32\xE9\xB3\x3E\x4D\x1F\x27\xA1\xCD\x8E\xB9\x17\xFB\x25\x3E\xC9\x6E\xF3\x77\xDA\x0D\x12\xF6\x5D\xC7\xBB\x36\x10\xD5\x54\xD6\xF3\xE0\xE2\x47\x48\xE6\xDE\x14\xDA\x61\x52\xAF\x26\xB4\xF5\x71\x4F\xC9\xD7\xD2\x06\xDF\x63\xCA\xFF\x21\xE8\x59\x06\xE0\x08\xD5\x84\x15\x53\xF7\x43\xE5\x7C\xC5\xA0\x89\x98\x6B\x73\xC6\x68\xCE\x65\xDE\xBD\x7F\x05\xF7\xB1\xEE\xF6\x57\xA1\x60\x95\xC5\xCC\xEA\x93\x3A\xBE\x99\xAE\x9B\x02\xA3\xAD\xC9\x16\xB5\xCE\xDD\x5E\x99\x78\x7E\x1A\x39\x7E\xB2\xC0\x05\xA4\xC0\x82\xA5\xA3\x47\x9E\x8C\xEA\x5C\xB6\xBC\x67\xDB\xE6\x2A\x4D\xD2\x04\xDC\xA3\xAE\x45\xF7\xBC\x8B\x9C\x1C\xA7\xD6\xD5\x03\xDC\x08\xCB\x2E\x16\xCA\x5C\x40\x33\xE8\x67\xC3\x2E\xE7\xA6\x44\xEA\x11\x45\x1C\x35\x65\x2D\x1E\x45\x61\x24\x1B\x82\x2E\xA5\x9D\x33\x5D\x65\xF8\x41\xF9\x2E\xCB\x94\x3F\x1F\xA3\x0C\x31\x24\x44\xED\xC7\x5E\xAD\x50\xBA\xC6\x41\x9B\xAC\xF0\x17\x65\xC0\xF8\x5D\x6F\x5B\xA0\x0A\x34\x3C\xEE\xD7\xEA\x88\x9F\x98\xF9\xAF\x4E\x24\xFA\x97\xB2\x64\x76\xDA\xAB\xF4\xED\xE3\xC3\x60\xEF\xD5\xF9\x02\xC8\x2D\x9F\x83\xAF\x67\x69\x06\xA7\x31\x55\xD5\xCF\x4B\x6F\xFF\x04\x05\xC7\x58\xAC\x5F\x16\x1B\xE5\xD2\xA3\xEB\x31\xDB\x1F\x33\x15\x4D\xD0\xF2\xA5\x53\xF5\xCB\xE1\x3D\x4E\x68\x2D\xD8\x12\xDD\xAA\xF2\xE6\x4D\x9B\x49\xE5\xC5\x28\xA1\xBA\xB0\x5A\xC6\xA0\xB5\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x89\x0A\xB4\x38\x93\x1A\xE6\xAB\xEE\x9B\x91\x18\xF9\xF5\x3C\x3E\x35\xD0\xD3\x82\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x32\x8B\xF6\x9D\x4A\xC9\xBE\x14\xE5\x8C\xAC\x38\xCA\x3A\x09\xD4\x1B\xCE\x86\xB3\xDD\xEB\xD4\xBA\x28\xBE\x12\xAE\x45\x2C\x04\x74\xAC\x13\x51\xC5\x58\x18\x66\x4D\x82\xDA\xD5\xDC\x93\xC0\x27\xE1\xBE\x7C\x9F\x52\x9E\x12\x56\xF6\xD5\x9C\xA9\xF4\x75\x9C\xFA\x37\x12\x8F\x1C\x93\xEC\x57\xFE\x07\x0F\xAB\xD5\x12\xF7\x0F\xAE\x61\x5E\x56\x80\x49\xF5\xFC\x30\xF5\x9B\x4F\x1F\x41\x2F\x1C\x84\xD3\x89\xC7\xE2\xDA\x02\x76\xED\x09\xCF\x6C\xC1\xB8\x1C\x83\x1C\x16\xFA\x94\xCD\x7D\xA0\xC8\x18\xD2\xC8\x9D\x6E\xF5\xBD\x69\xD4\x6D\x3D\x35\xE8\x1E\xA2\x4F\x60\xD7\x07\x29\xFC\xB2\xA3\xA4\x9D\x6E\x15\x92\x56\x19\x4C\x0A\xB0\xE9\x7C\xD2\x19\x4D\x42\x46\xEC\xBD\xFD\xF6\x57\x5B\xDD\x98\x7E\xA4\x4D\xCC\x72\x03\x83\x58\x5D\xEF\x93\x3A\x41\x7A\x63\xAA\x7C\x3A\xA8\xF5\xAC\xA4\xD1\xDD\xA2\x2D\xB6\x2A\xFC\x9F\x01\x8E\xE2\x10\xB1\xC4\xCA\xE4\x67\xDB\x55\x25\x19\x3F\xFD\xE8\x36\x7E\xB3\xE1\xE1\x81\xAF\x11\x16\x8B\x50\x97\x60\x19\x82\x00\xC0\x6B\x4D\x73\xB8\xD1\x13\x07\x3E\xEA\xB6\x31\x4F\xF0\x42\x9A\x6D\xE2\x11\x74\xE5\x94\xAC\x8D\x84\x95\x3C\x21\xAF\xC5\xDA\x47\xC8\xDF\x39\x62\x62\xCB\x5B\x50\x0B\xD7\x81\x40\x05\x9C\x9B\xED\xBA\xB6\x8B\x1E\x04\x6F\x96\x20\x39\xED\xA4\x7D\x29\xDB\x48\xCE\x82\xDC\xD4\x02\x8D\x1D\x04\x31\x5A\xC7\x4B\xF0\x6C\x61\x52\xD7\xB4\x51\xC2\x81\x6C\xCD\xE1\xFB\xA7\xA1\xD2\x92\x76\xCF\xB1\x0F\x37\x58\xA4\xF2\x52\x71\x67\x3F\x0C\x88\x78\x80\x89\xC1\xC8\xB5\x1F\x92\x63\xBE\xA7\x7A\x8A\x56\x2C\x1A\xA8\xA6\x9C\xB5\x5D\xB3\x63\xD0\x13\x20\xA1\xEB\x91\x6C\xD0\x8D\x7D\xAF\xDF\x0B\xE4\x17\xB9\x86\x9E\x38\xB1\x94\x0C\x58\x8C\xE0\x55\xAA\x3B\x63\x6D\x9A\x89\x60\xB8\x64\x2A\x92\xC6\x37\xF4\x7E\x43\x43\xB7\x73\xE8\x01\xE7\x7F\x97\x0F\xD7\xF2\x7B\x19\xFD\x1A\xD7\x8F\xC9\xFA\x85\x6B\x7A\x9D\x9E\x89\xB6\xA6\x28\x99\x93\x88\x40\xF7\x3E\xCD\x51\xA3\xCA\xEA\xEF\x79\x47\x21\xB5\xFE\x32\xE2\xC7\xC3\x51\x6F\xBE\x80\x74\xF0\xA4\xC3\x3A\xF2\x4F\xE9\x5F\xDF\x19\x0A\xF2\x3B\x13\x43\xAC\x31\xA4\xB3\xE7\xEB\xFC\x18\xD6\x01\xA9\xF3\x2A\x8F\x36\x0E\xEB\xB4\xB1\xBC\xB7\x4C\xC9\x6B\xBF\xA1\xF3\xD9\xF4\xED\xE2\xF0\xE3\xED\x64\x9E\x3D\x2F\x96\x52\x4F\x80\x53\x8B",
+	["CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK"] = "\x30\x82\x05\x69\x30\x82\x03\x51\xA0\x03\x02\x01\x02\x02\x09\x00\x92\xB8\x88\xDB\xB0\x8A\xC1\x63\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x52\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x4B\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x42\x72\x61\x74\x69\x73\x6C\x61\x76\x61\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x44\x69\x73\x69\x67\x20\x61\x2E\x73\x2E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x43\x41\x20\x44\x69\x73\x69\x67\x20\x52\x6F\x6F\x74\x20\x52\x32\x30\x1E\x17\x0D\x31\x32\x30\x37\x31\x39\x30\x39\x31\x35\x33\x30\x5A\x17\x0D\x34\x32\x30\x37\x31\x39\x30\x39\x31\x35\x33\x30\x5A\x30\x52\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x4B\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x42\x72\x61\x74\x69\x73\x6C\x61\x76\x61\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x44\x69\x73\x69\x67\x20\x61\x2E\x73\x2E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x43\x41\x20\x44\x69\x73\x69\x67\x20\x52\x6F\x6F\x74\x20\x52\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA2\xA3\xC4\x00\x09\xD6\x85\x5D\x2D\x6D\x14\xF6\xC2\xC3\x73\x9E\x35\xC2\x71\x55\x7E\x81\xFB\xAB\x46\x50\xE0\xC1\x7C\x49\x78\xE6\xAB\x79\x58\x3C\xDA\xFF\x7C\x1C\x9F\xD8\x97\x02\x78\x3E\x6B\x41\x04\xE9\x41\xBD\xBE\x03\x2C\x45\xF6\x2F\x64\xD4\xAB\x5D\xA3\x47\x3D\x64\x9B\xE9\x68\x9A\xC6\xCC\x1B\x3F\xBA\xBE\xB2\x8B\x34\x02\x2E\x98\x55\x19\xFC\x8C\x6F\xAA\x5F\xDA\x4C\xCE\x4D\x03\x21\xA3\xD8\xD2\x34\x93\x56\x96\xCB\x4C\x0C\x00\x16\x3C\x5F\x1A\xCD\xC8\xC7\x6C\xA6\xAD\xD3\x31\xA7\xBC\xE8\xE5\xE1\x66\xD6\xD2\xFB\x03\xB4\x41\x65\xC9\x10\xAE\x0E\x05\x63\xC6\x80\x6A\x69\x30\xFD\xD2\xEE\x90\xEF\x0D\x27\xDF\x9F\x95\x73\xF4\xE1\x25\xDA\x6C\x16\xDE\x41\x38\x34\xEA\x8B\xFC\xD1\xE8\x04\x14\x61\x2D\x41\x7E\xAC\xC7\x77\x4E\xCB\x51\x54\xFB\x5E\x92\x18\x1B\x04\x5A\x68\xC6\xC9\xC4\xFA\xB7\x13\xA0\x98\xB7\x11\x2B\xB7\xD6\x57\xCC\x7C\x9E\x17\xD1\xCB\x25\xFE\x86\x4E\x24\x2E\x56\x0C\x78\x4D\x9E\x01\x12\xA6\x2B\xA7\x01\x65\x6E\x7C\x62\x1D\x84\x84\xDF\xEA\xC0\x6B\xB5\xA5\x2A\x95\x83\xC3\x53\x11\x0C\x73\x1D\x0B\xB2\x46\x90\xD1\x42\x3A\xCE\x40\x6E\x95\xAD\xFF\xC6\x94\xAD\x6E\x97\x84\x8E\x7D\x6F\x9E\x8A\x80\x0D\x49\x6D\x73\xE2\x7B\x92\x1E\xC3\xF3\xC1\xF3\xEB\x2E\x05\x6F\xD9\x1B\xCF\x37\x76\x04\xC8\xB4\x5A\xE4\x17\xA7\xCB\xDD\x76\x1F\xD0\x19\x76\xE8\x2C\x05\xB3\xD6\x9C\x34\xD8\x96\xDC\x61\x87\x91\x05\xE4\x44\x08\x33\xC1\xDA\xB9\x08\x65\xD4\xAE\xB2\x36\x0D\xEB\xBA\x38\xBA\x0C\xE5\x9B\x9E\xEB\x8D\x66\xDD\x99\xCF\xD6\x89\x41\xF6\x04\x92\x8A\x29\x29\x6D\x6B\x3A\x1C\xE7\x75\x7D\x02\x71\x0E\xF3\xC0\xE7\xBD\xCB\x19\xDD\x9D\x60\xB2\xC2\x66\x60\xB6\xB1\x04\xEE\xC9\xE6\x86\xB9\x9A\x66\x40\xA8\xE7\x11\xED\x81\x45\x03\x8B\xF6\x67\x59\xE8\xC1\x06\x11\xBD\xDD\xCF\x80\x02\x4F\x65\x40\x78\x5C\x47\x50\xC8\x9B\xE6\x1F\x81\x7B\xE4\x44\xA8\x5B\x85\x9A\xE2\xDE\x5A\xD5\xC7\xF9\x3A\x44\x66\x4B\xE4\x32\x54\x7C\xE4\x6C\x9C\xB3\x0E\x3D\x17\xA2\xB2\x34\x12\xD6\x7E\xB2\xA8\x49\xBB\xD1\x7A\x28\x40\xBE\xA2\x16\x1F\xDF\xE4\x37\x1F\x11\x73\xFB\x90\x0A\x65\x43\xA2\x0D\x7C\xF8\x06\x01\x55\x33\x7D\xB0\x0D\xB8\xF4\xF5\xAE\xA5\x42\x57\x7C\x36\x11\x8C\x7B\x5E\xC4\x03\x9D\x8C\x79\x9D\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xB5\x99\xF8\xAF\xB0\x94\xF5\xE3\x20\xD6\x0A\xAD\xCE\x4E\x56\xA4\x2E\x6E\x42\xED\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x26\x06\x5E\x70\xE7\x65\x33\xC8\x82\x6E\xD9\x9C\x17\x3A\x1B\x7A\x66\xB2\x01\xF6\x78\x3B\x69\x5E\x2F\xEA\xFF\x4E\xF9\x28\xC3\x98\x2A\x61\x4C\xB4\x24\x12\x8A\x7D\x6D\x11\x14\xF7\x9C\xB5\xCA\xE6\xBC\x9E\x27\x8E\x4C\x19\xC8\xA9\xBD\x7A\xC0\xD7\x36\x0E\x6D\x85\x72\x6E\xA8\xC6\xA2\x6D\xF6\xFA\x73\x63\x7F\xBC\x6E\x79\x08\x1C\x9D\x8A\x9F\x1A\x8A\x53\xA6\xD8\xBB\xD9\x35\x55\xB1\x11\xC5\xA9\x03\xB3\x56\x3B\xB9\x84\x93\x22\x5E\x7E\xC1\xF6\x12\x52\x8B\xEA\x2C\x67\xBC\xFE\x36\x4C\xF5\xB8\xCF\xD1\xB3\x49\x92\x3B\xD3\x29\x0E\x99\x1B\x96\xF7\x61\xB8\x3B\xC4\x2B\xB6\x78\x6C\xB4\x23\x6F\xF0\xFD\xD3\xB2\x5E\x75\x1F\x99\x95\xA8\xAC\xF6\xDA\xE1\xC5\x31\x7B\xFB\xD1\x46\xB3\xD2\xBC\x67\xB4\x62\x54\xBA\x09\xF7\x63\xB0\x93\xA2\x9A\xF9\xE9\x52\x2E\x8B\x60\x12\xAB\xFC\xF5\x60\x56\xEF\x10\x5C\x8B\xC4\x1A\x42\xDC\x83\x5B\x64\x0E\xCB\xB5\xBC\xD6\x4F\xC1\x7C\x3C\x6E\x8D\x13\x6D\xFB\x7B\xEB\x30\xD0\xDC\x4D\xAF\xC5\xD5\xB6\xA5\x4C\x5B\x71\xC9\xE8\x31\xBE\xE8\x38\x06\x48\xA1\x1A\xE2\xEA\xD2\xDE\x12\x39\x58\x1A\xFF\x80\x0E\x82\x75\xE6\xB7\xC9\x07\x6C\x0E\xEF\xFF\x38\xF1\x98\x71\xC4\xB7\x7F\x0E\x15\xD0\x25\x69\xBD\x22\x9D\x2B\xED\x05\xF6\x46\x47\xAC\xED\xC0\xF0\xD4\x3B\xE2\xEC\xEE\x96\x5B\x90\x13\x4E\x1E\x56\x3A\xEB\xB0\xEF\x96\xBB\x96\x23\x11\xBA\xF2\x43\x86\x74\x64\x95\xC8\x28\x75\xDF\x1D\x35\xBA\xD2\x37\x83\x38\x53\x38\x36\x3B\xCF\x6C\xE9\xF9\x6B\x0E\xD0\xFB\x04\xE8\x4F\x77\xD7\x65\x01\x78\x86\x0C\x7A\x3E\x21\x62\xF1\x7F\x63\x71\x0C\xC9\x9F\x44\xDB\xA8\x27\xA2\x75\xBE\x6E\x81\x3E\xD7\xC0\xEB\x1B\x98\x0F\x70\x5C\x34\xB2\x8A\xCC\xC0\x85\x18\xEB\x6E\x7A\xB3\xF7\x5A\xA1\x07\xBF\xA9\x42\x92\xF3\x60\x22\x97\xE4\x14\xA1\x07\x9B\x4E\x76\xC0\x8E\x7D\xFD\xA4\x25\xC7\x47\xED\xFF\x1F\x73\xAC\xCC\xC3\xA5\xE9\x6F\x0A\x8E\x9B\x65\xC2\x50\x85\xB5\xA3\xA0\x53\x12\xCC\x55\x87\x61\xF3\x81\xAE\x10\x46\x61\xBD\x44\x21\xB8\xC2\x3D\x74\xCF\x7E\x24\x35\xFA\x1C\x07\x0E\x9B\x3D\x22\xCA\xEF\x31\x2F\x8C\xAC\x12\xBD\xEF\x40\x28\xFC\x29\x67\x9F\xB2\x13\x4F\x66\x24\xC4\x53\x19\xE9\x1E\x29\x15\xEF\xE6\x6D\xB0\x7F\x2D\x67\xFD\xF3\x6C\x1B\x75\x46\xA3\xE5\x4A\x17\xE9\xA4\xD7\x0B",
+	["C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1"] = "\x30\x82\x07\xD3\x30\x82\x05\xBB\xA0\x03\x02\x01\x02\x02\x08\x5E\xC3\xB7\xA6\x43\x7F\xA4\xE0\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x42\x31\x12\x30\x10\x06\x03\x55\x04\x03\x0C\x09\x41\x43\x43\x56\x52\x41\x49\x5A\x31\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x0C\x07\x50\x4B\x49\x41\x43\x43\x56\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x0C\x04\x41\x43\x43\x56\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x30\x1E\x17\x0D\x31\x31\x30\x35\x30\x35\x30\x39\x33\x37\x33\x37\x5A\x17\x0D\x33\x30\x31\x32\x33\x31\x30\x39\x33\x37\x33\x37\x5A\x30\x42\x31\x12\x30\x10\x06\x03\x55\x04\x03\x0C\x09\x41\x43\x43\x56\x52\x41\x49\x5A\x31\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x0C\x07\x50\x4B\x49\x41\x43\x43\x56\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x0C\x04\x41\x43\x43\x56\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\x9B\xA9\xAB\xBF\x61\x4A\x97\xAF\x2F\x97\x66\x9A\x74\x5F\xD0\xD9\x96\xFD\xCF\xE2\xE4\x66\xEF\x1F\x1F\x47\x33\xC2\x44\xA3\xDF\x9A\xDE\x1F\xB5\x54\xDD\x15\x7C\x69\x35\x11\x6F\xBB\xC8\x0C\x8E\x6A\x18\x1E\xD8\x8F\xD9\x16\xBC\x10\x48\x36\x5C\xF0\x63\xB3\x90\x5A\x5C\x24\x37\xD7\xA3\xD6\xCB\x09\x71\xB9\xF1\x01\x72\x84\xB0\x7D\xDB\x4D\x80\xCD\xFC\xD3\x6F\xC9\xF8\xDA\xB6\x0E\x82\xD2\x45\x85\xA8\x1B\x68\xA8\x3D\xE8\xF4\x44\x6C\xBD\xA1\xC2\xCB\x03\xBE\x8C\x3E\x13\x00\x84\xDF\x4A\x48\xC0\xE3\x22\x0A\xE8\xE9\x37\xA7\x18\x4C\xB1\x09\x0D\x23\x56\x7F\x04\x4D\xD9\x17\x84\x18\xA5\xC8\xDA\x40\x94\x73\xEB\xCE\x0E\x57\x3C\x03\x81\x3A\x9D\x0A\xA1\x57\x43\x69\xAC\x57\x6D\x79\x90\x78\xE5\xB5\xB4\x3B\xD8\xBC\x4C\x8D\x28\xA1\xA7\xA3\xA7\xBA\x02\x4E\x25\xD1\x2A\xAE\xED\xAE\x03\x22\xB8\x6B\x20\x0F\x30\x28\x54\x95\x7F\xE0\xEE\xCE\x0A\x66\x9D\xD1\x40\x2D\x6E\x22\xAF\x9D\x1A\xC1\x05\x19\xD2\x6F\xC0\xF2\x9F\xF8\x7B\xB3\x02\x42\xFB\x50\xA9\x1D\x2D\x93\x0F\x23\xAB\xC6\xC1\x0F\x92\xFF\xD0\xA2\x15\xF5\x53\x09\x71\x1C\xFF\x45\x13\x84\xE6\x26\x5E\xF8\xE0\x88\x1C\x0A\xFC\x16\xB6\xA8\x73\x06\xB8\xF0\x63\x84\x02\xA0\xC6\x5A\xEC\xE7\x74\xDF\x70\xAE\xA3\x83\x25\xEA\xD6\xC7\x97\x87\x93\xA7\xC6\x8A\x8A\x33\x97\x60\x37\x10\x3E\x97\x3E\x6E\x29\x15\xD6\xA1\x0F\xD1\x88\x2C\x12\x9F\x6F\xAA\xA4\xC6\x42\xEB\x41\xA2\xE3\x95\x43\xD3\x01\x85\x6D\x8E\xBB\x3B\xF3\x23\x36\xC7\xFE\x3B\xE0\xA1\x25\x07\x48\xAB\xC9\x89\x74\xFF\x08\x8F\x80\xBF\xC0\x96\x65\xF3\xEE\xEC\x4B\x68\xBD\x9D\x88\xC3\x31\xB3\x40\xF1\xE8\xCF\xF6\x38\xBB\x9C\xE4\xD1\x7F\xD4\xE5\x58\x9B\x7C\xFA\xD4\xF3\x0E\x9B\x75\x91\xE4\xBA\x52\x2E\x19\x7E\xD1\xF5\xCD\x5A\x19\xFC\xBA\x06\xF6\xFB\x52\xA8\x4B\x99\x04\xDD\xF8\xF9\xB4\x8B\x50\xA3\x4E\x62\x89\xF0\x87\x24\xFA\x83\x42\xC1\x87\xFA\xD5\x2D\x29\x2A\x5A\x71\x7A\x64\x6A\xD7\x27\x60\x63\x0D\xDB\xCE\x49\xF5\x8D\x1F\x90\x89\x32\x17\xF8\x73\x43\xB8\xD2\x5A\x93\x86\x61\xD6\xE1\x75\x0A\xEA\x79\x66\x76\x88\x4F\x71\xEB\x04\x25\xD6\x0A\x5A\x7A\x93\xE5\xB9\x4B\x17\x40\x0F\xB1\xB6\xB9\xF5\xDE\x4F\xDC\xE0\xB3\xAC\x3B\x11\x70\x60\x84\x4A\x43\x6E\x99\x20\xC0\x29\x71\x0A\xC0\x65\x02\x03\x01\x00\x01\xA3\x82\x02\xCB\x30\x82\x02\xC7\x30\x7D\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x01\x04\x71\x30\x6F\x30\x4C\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x02\x86\x40\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x61\x63\x63\x76\x2E\x65\x73\x2F\x66\x69\x6C\x65\x61\x64\x6D\x69\x6E\x2F\x41\x72\x63\x68\x69\x76\x6F\x73\x2F\x63\x65\x72\x74\x69\x66\x69\x63\x61\x64\x6F\x73\x2F\x72\x61\x69\x7A\x61\x63\x63\x76\x31\x2E\x63\x72\x74\x30\x1F\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x01\x86\x13\x68\x74\x74\x70\x3A\x2F\x2F\x6F\x63\x73\x70\x2E\x61\x63\x63\x76\x2E\x65\x73\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xD2\x87\xB4\xE3\xDF\x37\x27\x93\x55\xF6\x56\xEA\x81\xE5\x36\xCC\x8C\x1E\x3F\xBD\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xD2\x87\xB4\xE3\xDF\x37\x27\x93\x55\xF6\x56\xEA\x81\xE5\x36\xCC\x8C\x1E\x3F\xBD\x30\x82\x01\x73\x06\x03\x55\x1D\x20\x04\x82\x01\x6A\x30\x82\x01\x66\x30\x82\x01\x62\x06\x04\x55\x1D\x20\x00\x30\x82\x01\x58\x30\x82\x01\x22\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x82\x01\x14\x1E\x82\x01\x10\x00\x41\x00\x75\x00\x74\x00\x6F\x00\x72\x00\x69\x00\x64\x00\x61\x00\x64\x00\x20\x00\x64\x00\x65\x00\x20\x00\x43\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x52\x00\x61\x00\xED\x00\x7A\x00\x20\x00\x64\x00\x65\x00\x20\x00\x6C\x00\x61\x00\x20\x00\x41\x00\x43\x00\x43\x00\x56\x00\x20\x00\x28\x00\x41\x00\x67\x00\x65\x00\x6E\x00\x63\x00\x69\x00\x61\x00\x20\x00\x64\x00\x65\x00\x20\x00\x54\x00\x65\x00\x63\x00\x6E\x00\x6F\x00\x6C\x00\x6F\x00\x67\x00\xED\x00\x61\x00\x20\x00\x79\x00\x20\x00\x43\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x45\x00\x6C\x00\x65\x00\x63\x00\x74\x00\x72\x00\xF3\x00\x6E\x00\x69\x00\x63\x00\x61\x00\x2C\x00\x20\x00\x43\x00\x49\x00\x46\x00\x20\x00\x51\x00\x34\x00\x36\x00\x30\x00\x31\x00\x31\x00\x35\x00\x36\x00\x45\x00\x29\x00\x2E\x00\x20\x00\x43\x00\x50\x00\x53\x00\x20\x00\x65\x00\x6E\x00\x20\x00\x68\x00\x74\x00\x74\x00\x70\x00\x3A\x00\x2F\x00\x2F\x00\x77\x00\x77\x00\x77\x00\x2E\x00\x61\x00\x63\x00\x63\x00\x76\x00\x2E\x00\x65\x00\x73\x30\x30\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x24\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x61\x63\x63\x76\x2E\x65\x73\x2F\x6C\x65\x67\x69\x73\x6C\x61\x63\x69\x6F\x6E\x5F\x63\x2E\x68\x74\x6D\x30\x55\x06\x03\x55\x1D\x1F\x04\x4E\x30\x4C\x30\x4A\xA0\x48\xA0\x46\x86\x44\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x61\x63\x63\x76\x2E\x65\x73\x2F\x66\x69\x6C\x65\x61\x64\x6D\x69\x6E\x2F\x41\x72\x63\x68\x69\x76\x6F\x73\x2F\x63\x65\x72\x74\x69\x66\x69\x63\x61\x64\x6F\x73\x2F\x72\x61\x69\x7A\x61\x63\x63\x76\x31\x5F\x64\x65\x72\x2E\x63\x72\x6C\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x17\x06\x03\x55\x1D\x11\x04\x10\x30\x0E\x81\x0C\x61\x63\x63\x76\x40\x61\x63\x63\x76\x2E\x65\x73\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x97\x31\x02\x9F\xE7\xFD\x43\x67\x48\x44\x14\xE4\x29\x87\xED\x4C\x28\x66\xD0\x8F\x35\xDA\x4D\x61\xB7\x4A\x97\x4D\xB5\xDB\x90\xE0\x05\x2E\x0E\xC6\x79\xD0\xF2\x97\x69\x0F\xBD\x04\x47\xD9\xBE\xDB\xB5\x29\xDA\x9B\xD9\xAE\xA9\x99\xD5\xD3\x3C\x30\x93\xF5\x8D\xA1\xA8\xFC\x06\x8D\x44\xF4\xCA\x16\x95\x7C\x33\xDC\x62\x8B\xA8\x37\xF8\x27\xD8\x09\x2D\x1B\xEF\xC8\x14\x27\x20\xA9\x64\x44\xFF\x2E\xD6\x75\xAA\x6C\x4D\x60\x40\x19\x49\x43\x54\x63\xDA\xE2\xCC\xBA\x66\xE5\x4F\x44\x7A\x5B\xD9\x6A\x81\x2B\x40\xD5\x7F\xF9\x01\x27\x58\x2C\xC8\xED\x48\x91\x7C\x3F\xA6\x00\xCF\xC4\x29\x73\x11\x36\xDE\x86\x19\x3E\x9D\xEE\x19\x8A\x1B\xD5\xB0\xED\x8E\x3D\x9C\x2A\xC0\x0D\xD8\x3D\x66\xE3\x3C\x0D\xBD\xD5\x94\x5C\xE2\xE2\xA7\x35\x1B\x04\x00\xF6\x3F\x5A\x8D\xEA\x43\xBD\x5F\x89\x1D\xA9\xC1\xB0\xCC\x99\xE2\x4D\x00\x0A\xDA\xC9\x27\x5B\xE7\x13\x90\x5C\xE4\xF5\x33\xA2\x55\x6D\xDC\xE0\x09\x4D\x2F\xB1\x26\x5B\x27\x75\x00\x09\xC4\x62\x77\x29\x08\x5F\x9E\x59\xAC\xB6\x7E\xAD\x9F\x54\x30\x22\x03\xC1\x1E\x71\x64\xFE\xF9\x38\x0A\x96\x18\xDD\x02\x14\xAC\x23\xCB\x06\x1C\x1E\xA4\x7D\x8D\x0D\xDE\x27\x41\xE8\xAD\xDA\x15\xB7\xB0\x23\xDD\x2B\xA8\xD3\xDA\x25\x87\xED\xE8\x55\x44\x4D\x88\xF4\x36\x7E\x84\x9A\x78\xAC\xF7\x0E\x56\x49\x0E\xD6\x33\x25\xD6\x84\x50\x42\x6C\x20\x12\x1D\x2A\xD5\xBE\xBC\xF2\x70\x81\xA4\x70\x60\xBE\x05\xB5\x9B\x9E\x04\x44\xBE\x61\x23\xAC\xE9\xA5\x24\x8C\x11\x80\x94\x5A\xA2\xA2\xB9\x49\xD2\xC1\xDC\xD1\xA7\xED\x31\x11\x2C\x9E\x19\xA6\xEE\xE1\x55\xE1\xC0\xEA\xCF\x0D\x84\xE4\x17\xB7\xA2\x7C\xA5\xDE\x55\x25\x06\xEE\xCC\xC0\x87\x5C\x40\xDA\xCC\x95\x3F\x55\xE0\x35\xC7\xB8\x84\xBE\xB4\x5D\xCD\x7A\x83\x01\x72\xEE\x87\xE6\x5F\x1D\xAE\xB5\x85\xC6\x26\xDF\xE6\xC1\x9A\xE9\x1E\x02\x47\x9F\x2A\xA8\x6D\xA9\x5B\xCF\xEC\x45\x77\x7F\x98\x27\x9A\x32\x5D\x2A\xE3\x84\xEE\xC5\x98\x66\x2F\x96\x20\x1D\xDD\xD8\xC3\x27\xD7\xB0\xF9\xFE\xD9\x7D\xCD\xD0\x9F\x8F\x0B\x14\x58\x51\x9F\x2F\x8B\xC3\x38\x2D\xDE\xE8\x8F\xD6\x8D\x87\xA4\xF5\x56\x43\x16\x99\x2C\xF4\xA4\x56\xB4\x34\xB8\x61\x37\xC9\xC2\x58\x80\x1B\xA0\x97\xA1\xFC\x59\x8D\xE9\x11\xF6\xD1\x0F\x4B\x55\x34\x46\x2A\x8B\x86\x3B",
+	["CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW"] = "\x30\x82\x05\x41\x30\x82\x03\x29\xA0\x03\x02\x01\x02\x02\x02\x0C\xBE\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x51\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x13\x09\x54\x41\x49\x57\x41\x4E\x2D\x43\x41\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x54\x57\x43\x41\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x31\x32\x30\x36\x32\x37\x30\x36\x32\x38\x33\x33\x5A\x17\x0D\x33\x30\x31\x32\x33\x31\x31\x35\x35\x39\x35\x39\x5A\x30\x51\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x13\x09\x54\x41\x49\x57\x41\x4E\x2D\x43\x41\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x54\x57\x43\x41\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xB0\x05\xDB\xC8\xEB\x8C\xC4\x6E\x8A\x21\xEF\x8E\x4D\x9C\x71\x0A\x1F\x52\x70\xED\x6D\x82\x9C\x97\xC5\xD7\x4C\x4E\x45\x49\xCB\x40\x42\xB5\x12\x34\x6C\x19\xC2\x74\xA4\x31\x5F\x85\x02\x97\xEC\x43\x33\x0A\x53\xD2\x9C\x8C\x8E\xB7\xB8\x79\xDB\x2B\xD5\x6A\xF2\x8E\x66\xC4\xEE\x2B\x01\x07\x92\xD4\xB3\xD0\x02\xDF\x50\xF6\x55\xAF\x66\x0E\xCB\xE0\x47\x60\x2F\x2B\x32\x39\x35\x52\x3A\x28\x83\xF8\x7B\x16\xC6\x18\xB8\x62\xD6\x47\x25\x91\xCE\xF0\x19\x12\x4D\xAD\x63\xF5\xD3\x3F\x75\x5F\x29\xF0\xA1\x30\x1C\x2A\xA0\x98\xA6\x15\xBD\xEE\xFD\x19\x36\xF0\xE2\x91\x43\x8F\xFA\xCA\xD6\x10\x27\x49\x4C\xEF\xDD\xC1\xF1\x85\x70\x9B\xCA\xEA\xA8\x5A\x43\xFC\x6D\x86\x6F\x73\xE9\x37\x45\xA9\xF0\x36\xC7\xCC\x88\x75\x1E\xBB\x6C\x06\xFF\x9B\x6B\x3E\x17\xEC\x61\xAA\x71\x7C\xC6\x1D\xA2\xF7\x49\xE9\x15\xB5\x3C\xD6\xA1\x61\xF5\x11\xF7\x05\x6F\x1D\xFD\x11\xBE\xD0\x30\x07\xC2\x29\xB0\x09\x4E\x26\xDC\xE3\xA2\xA8\x91\x6A\x1F\xC2\x91\x45\x88\x5C\xE5\x98\xB8\x71\xA5\x15\x19\xC9\x7C\x75\x11\xCC\x70\x74\x4F\x2D\x9B\x1D\x91\x44\xFD\x56\x28\xA0\xFE\xBB\x86\x6A\xC8\xFA\x5C\x0B\x58\xDC\xC6\x4B\x76\xC8\xAB\x22\xD9\x73\x0F\xA5\xF4\x5A\x02\x89\x3F\x4F\x9E\x22\x82\xEE\xA2\x74\x53\x2A\x3D\x53\x27\x69\x1D\x6C\x8E\x32\x2C\x64\x00\x26\x63\x61\x36\x4E\xA3\x46\xB7\x3F\x7D\xB3\x2D\xAC\x6D\x90\xA2\x95\xA2\xCE\xCF\xDA\x82\xE7\x07\x34\x19\x96\xE9\xB8\x21\xAA\x29\x7E\xA6\x38\xBE\x8E\x29\x4A\x21\x66\x79\x1F\xB3\xC3\xB5\x09\x67\xDE\xD6\xD4\x07\x46\xF3\x2A\xDA\xE6\x22\x37\x60\xCB\x81\xB6\x0F\xA0\x0F\xE9\xC8\x95\x7F\xBF\x55\x91\x05\x7A\xCF\x3D\x15\xC0\x6F\xDE\x09\x94\x01\x83\xD7\x34\x1B\xCC\x40\xA5\xF0\xB8\x9B\x67\xD5\x98\x91\x3B\xA7\x84\x78\x95\x26\xA4\x5A\x08\xF8\x2B\x74\xB4\x00\x04\x3C\xDF\xB8\x14\x8E\xE8\xDF\xA9\x8D\x6C\x67\x92\x33\x1D\xC0\xB7\xD2\xEC\x92\xC8\xBE\x09\xBF\x2C\x29\x05\x6F\x02\x6B\x9E\xEF\xBC\xBF\x2A\xBC\x5B\xC0\x50\x8F\x41\x70\x71\x87\xB2\x4D\xB7\x04\xA9\x84\xA3\x32\xAF\xAE\xEE\x6B\x17\x8B\xB2\xB1\xFE\x6C\xE1\x90\x8C\x88\xA8\x97\x48\xCE\xC8\x4D\xCB\xF3\x06\xCF\x5F\x6A\x0A\x42\xB1\x1E\x1E\x77\x2F\x8E\xA0\xE6\x92\x0E\x06\xFC\x05\x22\xD2\x26\xE1\x31\x51\x7D\x32\xDC\x0F\x02\x03\x01\x00\x01\xA3\x23\x30\x21\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x5F\x34\x81\x76\xEF\x96\x1D\xD5\xE5\xB5\xD9\x02\x63\x84\x16\xC1\xAE\xA0\x70\x51\xA7\xF7\x4C\x47\x35\xC8\x0B\xD7\x28\x3D\x89\x71\xD9\xAA\x33\x41\xEA\x14\x1B\x6C\x21\x00\xC0\x6C\x42\x19\x7E\x9F\x69\x5B\x20\x42\xDF\xA2\xD2\xDA\xC4\x7C\x97\x4B\x8D\xB0\xE8\xAC\xC8\xEE\xA5\x69\x04\x99\x0A\x92\xA6\xAB\x27\x2E\x1A\x4D\x81\xBF\x84\xD4\x70\x1E\xAD\x47\xFE\xFD\x4A\x9D\x33\xE0\xF2\xB9\xC4\x45\x08\x21\x0A\xDA\x69\x69\x73\x72\x0D\xBE\x34\xFE\x94\x8B\xAD\xC3\x1E\x35\xD7\xA2\x83\xEF\xE5\x38\xC7\xA5\x85\x1F\xAB\xCF\x34\xEC\x3F\x28\xFE\x0C\xF1\x57\x86\x4E\xC9\x55\xF7\x1C\xD4\xD8\xA5\x7D\x06\x7A\x6F\xD5\xDF\x10\xDF\x81\x4E\x21\x65\xB1\xB6\xE1\x17\x79\x95\x45\x06\xCE\x5F\xCC\xDC\x46\x89\x63\x68\x44\x8D\x93\xF4\x64\x70\xA0\x3D\x9D\x28\x05\xC3\x39\x70\xB8\x62\x7B\x20\xFD\xE4\xDB\xE9\x08\xA1\xB8\x9E\x3D\x09\xC7\x4F\xFB\x2C\xF8\x93\x76\x41\xDE\x52\xE0\xE1\x57\xD2\x9D\x03\xBC\x77\x9E\xFE\x9E\x29\x5E\xF7\xC1\x51\x60\x1F\xDE\xDA\x0B\xB2\x2D\x75\xB7\x43\x48\x93\xE7\xF6\x79\xC6\x84\x5D\x80\x59\x60\x94\xFC\x78\x98\x8F\x3C\x93\x51\xED\x40\x90\x07\xDF\x64\x63\x24\xCB\x4E\x71\x05\xA1\xD7\x94\x1A\x88\x32\xF1\x22\x74\x22\xAE\xA5\xA6\xD8\x12\x69\x4C\x60\xA3\x02\xEE\x2B\xEC\xD4\x63\x92\x0B\x5E\xBE\x2F\x76\x6B\xA3\xB6\x26\xBC\x8F\x03\xD8\x0A\xF2\x4C\x64\x46\xBD\x39\x62\xE5\x96\xEB\x34\x63\x11\x28\xCC\x95\xF1\xAD\xEF\xEF\xDC\x80\x58\x48\xE9\x4B\xB8\xEA\x65\xAC\xE9\xFC\x80\xB5\xB5\xC8\x45\xF9\xAC\xC1\x9F\xD9\xB9\xEA\x62\x88\x8E\xC4\xF1\x4B\x83\x12\xAD\xE6\x8B\x84\xD6\x9E\xC2\xEB\x83\x18\x9F\x6A\xBB\x1B\x24\x60\x33\x70\xCC\xEC\xF7\x32\xF3\x5C\xD9\x79\x7D\xEF\x9E\xA4\xFE\xC9\x23\xC3\x24\xEE\x15\x92\xB1\x3D\x91\x4F\x26\x86\xBD\x66\x73\x24\x13\xEA\xA4\xAE\x63\xC1\xAD\x7D\x84\x03\x3C\x10\x78\x86\x1B\x79\xE3\xC4\xF3\xF2\x04\x95\x20\xAE\x23\x82\xC4\xB3\x3A\x00\x62\xBF\xE6\x36\x24\xE1\x57\xBA\xC7\x1E\x90\x75\xD5\x5F\x3F\x95\x61\x2B\xC1\x3B\xCD\xE5\xB3\x68\x61\xD0\x46\x26\xA9\x21\x52\x69\x2D\xEB\x2E\xC7\xEB\x77\xCE\xA6\x3A\xB5\x03\x33\x4F\x76\xD1\xE7\x5C\x54\x01\x5D\xCB\x78\xF4\xC9\x0C\xBF\xCF\x12\x8E\x17\x2D\x23\x68\x94\xE7\xAB\xFE\xA9\xB2\x2B\x06\xD0\x04\xCD",
+	["CN=TeliaSonera Root CA v1,O=TeliaSonera"] = "\x30\x82\x05\x38\x30\x82\x03\x20\xA0\x03\x02\x01\x02\x02\x11\x00\x95\xBE\x16\xA0\xF7\x2E\x46\xF1\x7B\x39\x82\x72\xFA\x8B\xCD\x96\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x37\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x54\x65\x6C\x69\x61\x53\x6F\x6E\x65\x72\x61\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x0C\x16\x54\x65\x6C\x69\x61\x53\x6F\x6E\x65\x72\x61\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x76\x31\x30\x1E\x17\x0D\x30\x37\x31\x30\x31\x38\x31\x32\x30\x30\x35\x30\x5A\x17\x0D\x33\x32\x31\x30\x31\x38\x31\x32\x30\x30\x35\x30\x5A\x30\x37\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x54\x65\x6C\x69\x61\x53\x6F\x6E\x65\x72\x61\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x0C\x16\x54\x65\x6C\x69\x61\x53\x6F\x6E\x65\x72\x61\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x76\x31\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xC2\xBE\xEB\x27\xF0\x21\xA3\xF3\x69\x26\x55\x7E\x9D\xC5\x55\x16\x91\x5C\xFD\xEF\x21\xBF\x53\x80\x7A\x2D\xD2\x91\x8C\x63\x31\xF0\xEC\x24\xF0\xC3\xA5\xD2\x72\x7C\x10\x6D\xF4\x37\xB7\xE5\xE6\x7C\x79\xEA\x8C\xB5\x82\x8B\xAE\x48\xB6\xAC\x00\xDC\x65\x75\xEC\x2A\x4D\x5F\xC1\x87\xF5\x20\x65\x2B\x81\xA8\x47\x3E\x89\x23\x95\x30\x16\x90\x7F\xE8\x57\x07\x48\xE7\x19\xAE\xBF\x45\x67\xB1\x37\x1B\x06\x2A\xFE\xDE\xF9\xAC\x7D\x83\xFB\x5E\xBA\xE4\x8F\x97\x67\xBE\x4B\x8E\x8D\x64\x07\x57\x38\x55\x69\x34\x36\x3D\x13\x48\xEF\x4F\xE2\xD3\x66\x1E\xA4\xCF\x1A\xB7\x5E\x36\x33\xD4\xB4\x06\xBD\x18\x01\xFD\x77\x84\x50\x00\x45\xF5\x8C\x5D\xE8\x23\xBC\x7E\xFE\x35\xE1\xED\x50\x7B\xA9\x30\x8D\x19\xD3\x09\x8E\x68\x67\x5D\xBF\x3C\x97\x18\x53\xBB\x29\x62\xC5\xCA\x5E\x72\xC1\xC7\x96\xD4\xDB\x2D\xA0\xB4\x1F\x69\x03\xEC\xEA\xE2\x50\xF1\x0C\x3C\xF0\xAC\xF3\x53\x2D\xF0\x1C\xF5\xED\x6C\x39\x39\x73\x80\x16\xC8\x52\xB0\x23\xCD\xE0\x3E\xDC\xDD\x3C\x47\xA0\xBB\x35\x8A\xE2\x98\x68\x8B\xBE\xE5\xBF\x72\xEE\xD2\xFA\xA5\xED\x12\xED\xFC\x98\x18\xA9\x26\x76\xDC\x28\x4B\x10\x20\x1C\xD3\x7F\x16\x77\x2D\xED\x6F\x80\xF7\x49\xBB\x53\x05\xBB\x5D\x68\xC7\xD4\xC8\x75\x16\x3F\x89\x5A\x8B\xF7\x17\x47\xD4\x4C\xF1\xD2\x89\x79\x3E\x4D\x3D\x98\xA8\x61\xDE\x3A\x1E\xD2\xF8\x5E\x03\xE0\xC1\xC9\x1C\x8C\xD3\x8D\x4D\xD3\x95\x36\xB3\x37\x5F\x63\x63\x9B\x33\x14\xF0\x2D\x26\x6B\x53\x7C\x89\x8C\x32\xC2\x6E\xEC\x3D\x21\x00\x39\xC9\xA1\x68\xE2\x50\x83\x2E\xB0\x3A\x2B\xF3\x36\xA0\xAC\x2F\xE4\x6F\x61\xC2\x51\x09\x39\x3E\x8B\x53\xB9\xBB\x67\xDA\xDC\x53\xB9\x76\x59\x36\x9D\x43\xE5\x20\xE0\x3D\x32\x60\x85\x22\x51\xB7\xC7\x33\xBB\xDD\x15\x2F\xA4\x78\xA6\x07\x7B\x81\x46\x36\x04\x86\xDD\x79\x35\xC7\x95\x2C\x3B\xB0\xA3\x17\x35\xE5\x73\x1F\xB4\x5C\x59\xEF\xDA\xEA\x10\x65\x7B\x7A\xD0\x7F\x9F\xB3\xB4\x2A\x37\x3B\x70\x8B\x9B\x5B\xB9\x2B\xB7\xEC\xB2\x51\x12\x97\x53\x29\x5A\xD4\xF0\x12\x10\xDC\x4F\x02\xBB\x12\x92\x2F\x62\xD4\x3F\x69\x43\x7C\x0D\xD6\xFC\x58\x75\x01\x88\x9D\x58\x16\x4B\xDE\xBA\x90\xFF\x47\x01\x89\x06\x6A\xF6\x5F\xB2\x90\x6A\xB3\x02\xA6\x02\x88\xBF\xB3\x47\x7E\x2A\xD9\xD5\xFA\x68\x78\x35\x4D\x02\x03\x01\x00\x01\xA3\x3F\x30\x3D\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xF0\x8F\x59\x38\x00\xB3\xF5\x8F\x9A\x96\x0C\xD5\xEB\xFA\x7B\xAA\x17\xE8\x13\x12\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\xBE\xE4\x5C\x62\x4E\x24\xF4\x0C\x08\xFF\xF0\xD3\x0C\x68\xE4\x93\x49\x22\x3F\x44\x27\x6F\xBB\x6D\xDE\x83\x66\xCE\xA8\xCC\x0D\xFC\xF5\x9A\x06\xE5\x77\x14\x91\xEB\x9D\x41\x7B\x99\x2A\x84\xE5\xFF\xFC\x21\xC1\x5D\xF0\xE4\x1F\x57\xB7\x75\xA9\xA1\x5F\x02\x26\xFF\xD7\xC7\xF7\x4E\xDE\x4F\xF8\xF7\x1C\x46\xC0\x7A\x4F\x40\x2C\x22\x35\xF0\x19\xB1\xD0\x6B\x67\x2C\xB0\xA8\xE0\xC0\x40\x37\x35\xF6\x84\x5C\x5C\xE3\xAF\x42\x78\xFE\xA7\xC9\x0D\x50\xEA\x0D\x84\x76\xF6\x51\xEF\x83\x53\xC6\x7A\xFF\x0E\x56\x49\x2E\x8F\x7A\xD6\x0C\xE6\x27\x54\xE3\x4D\x0A\x60\x72\x62\xCD\x91\x07\xD6\xA5\xBF\xC8\x99\x6B\xED\xC4\x19\xE6\xAB\x4C\x11\x38\xC5\x6F\x31\xE2\x6E\x49\xC8\x3F\x76\x80\x26\x03\x26\x29\xE0\x36\xF6\xF6\x20\x53\xE3\x17\x70\x34\x17\x9D\x63\x68\x1E\x6B\xEC\xC3\x4D\x86\xB8\x13\x30\x2F\x5D\x46\x0D\x47\x43\xD5\x1B\xAA\x59\x0E\xB9\x5C\x8D\x06\x48\xAD\x74\x87\x5F\xC7\xFC\x31\x54\x41\x13\xE2\xC7\x21\x0E\x9E\xE0\x1E\x0D\xE1\xC0\x7B\x43\x85\x90\xC5\x8A\x58\xC6\x65\x0A\x78\x57\xF2\xC6\x23\x0F\x01\xD9\x20\x4B\xDE\x0F\xFB\x92\x85\x75\x2A\x5C\x73\x8D\x6D\x7B\x25\x91\xCA\xEE\x45\xAE\x06\x4B\x00\xCC\xD3\xB1\x59\x50\xDA\x3A\x88\x3B\x29\x43\x46\x5E\x97\x2B\x54\xCE\x53\x6F\x8D\x4A\xE7\x96\xFA\xBF\x71\x0E\x42\x8B\x7C\xFD\x28\xA0\xD0\x48\xCA\xDA\xC4\x81\x4C\xBB\xA2\x73\x93\x26\xC8\xEB\x0C\xD6\x26\x88\xB6\xC0\x24\xCF\xBB\xBD\x5B\xEB\x75\x7D\xE9\x08\x8E\x86\x33\x2C\x79\x77\x09\x69\xA5\x89\xFC\xB3\x70\x90\x87\x76\x8F\xD3\x22\xBB\x42\xCE\xBD\x73\x0B\x20\x26\x2A\xD0\x9B\x3D\x70\x1E\x24\x6C\xCD\x87\x76\xA9\x17\x96\xB7\xCF\x0D\x92\xFB\x8E\x18\xA9\x98\x49\xD1\x9E\xFE\x60\x44\x72\x21\xB9\x19\xED\xC2\xF5\x31\xF1\x39\x48\x88\x90\x24\x75\x54\x16\xAD\xCE\xF4\xF8\x69\x14\x64\x39\xFB\xA3\xB8\xBA\x70\x40\xC7\x27\x1C\xBF\xC4\x56\x53\xFA\x63\x65\xD0\xF3\x1C\x0E\x16\xF5\x6B\x86\x58\x4D\x18\xD4\xE4\x0D\x8E\xA5\x9D\x5B\x91\xDC\x76\x24\x50\x3F\xC6\x2A\xFB\xD9\xB7\x9C\xB5\xD6\xE6\xD0\xD9\xE8\x19\x8B\x15\x71\x48\xAD\xB7\xEA\xD8\x59\x88\xD4\x90\xBF\x16\xB3\xD9\xE9\xAC\x59\x61\x54\xC8\x1C\xBA\xCA\xC1\xCA\xE1\xB9\x20\x4C\x8F\x3A\x93\x89\xA5\xA0\xCC\xBF\xD3\xF6\x75\xA4\x75\x96\x6D\x56",
+	["CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu\C4\9Fra EBG Bili\C5\9Fim Teknolojileri ve Hizmetleri A.\C5\9E.,L=Ankara,C=TR"] = "\x30\x82\x06\x4B\x30\x82\x04\x33\xA0\x03\x02\x01\x02\x02\x08\x6A\x68\x3E\x9C\x51\x9B\xCB\x53\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\xB2\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x0C\x06\x41\x6E\x6B\x61\x72\x61\x31\x40\x30\x3E\x06\x03\x55\x04\x0A\x0C\x37\x45\x2D\x54\x75\xC4\x9F\x72\x61\x20\x45\x42\x47\x20\x42\x69\x6C\x69\xC5\x9F\x69\x6D\x20\x54\x65\x6B\x6E\x6F\x6C\x6F\x6A\x69\x6C\x65\x72\x69\x20\x76\x65\x20\x48\x69\x7A\x6D\x65\x74\x6C\x65\x72\x69\x20\x41\x2E\xC5\x9E\x2E\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x0C\x1D\x45\x2D\x54\x75\x67\x72\x61\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x73\x79\x6F\x6E\x20\x4D\x65\x72\x6B\x65\x7A\x69\x31\x28\x30\x26\x06\x03\x55\x04\x03\x0C\x1F\x45\x2D\x54\x75\x67\x72\x61\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x31\x33\x30\x33\x30\x35\x31\x32\x30\x39\x34\x38\x5A\x17\x0D\x32\x33\x30\x33\x30\x33\x31\x32\x30\x39\x34\x38\x5A\x30\x81\xB2\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x0C\x06\x41\x6E\x6B\x61\x72\x61\x31\x40\x30\x3E\x06\x03\x55\x04\x0A\x0C\x37\x45\x2D\x54\x75\xC4\x9F\x72\x61\x20\x45\x42\x47\x20\x42\x69\x6C\x69\xC5\x9F\x69\x6D\x20\x54\x65\x6B\x6E\x6F\x6C\x6F\x6A\x69\x6C\x65\x72\x69\x20\x76\x65\x20\x48\x69\x7A\x6D\x65\x74\x6C\x65\x72\x69\x20\x41\x2E\xC5\x9E\x2E\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x0C\x1D\x45\x2D\x54\x75\x67\x72\x61\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x73\x79\x6F\x6E\x20\x4D\x65\x72\x6B\x65\x7A\x69\x31\x28\x30\x26\x06\x03\x55\x04\x03\x0C\x1F\x45\x2D\x54\x75\x67\x72\x61\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xE2\xF5\x3F\x93\x05\x51\x1E\x85\x62\x54\x5E\x7A\x0B\xF5\x18\x07\x83\xAE\x7E\xAF\x7C\xF7\xD4\x8A\x6B\xA5\x63\x43\x39\xB9\x4B\xF7\xC3\xC6\x64\x89\x3D\x94\x2E\x54\x80\x52\x39\x39\x07\x4B\x4B\xDD\x85\x07\x76\x87\xCC\xBF\x2F\x95\x4C\xCC\x7D\xA7\x3D\xBC\x47\x0F\x98\x70\xF8\x8C\x85\x1E\x74\x8E\x92\x6D\x1B\x40\xD1\x99\x0D\xBB\x75\x6E\xC8\xA9\x6B\x9A\xC0\x84\x31\xAF\xCA\x43\xCB\xEB\x2B\x34\xE8\x8F\x97\x6B\x01\x9B\xD5\x0E\x4A\x08\xAA\x5B\x92\x74\x85\x43\xD3\x80\xAE\xA1\x88\x5B\xAE\xB3\xEA\x5E\xCB\x16\x9A\x77\x44\xC8\xA1\xF6\x54\x68\xCE\xDE\x8F\x97\x2B\xBA\x5B\x40\x02\x0C\x64\x17\xC0\xB5\x93\xCD\xE1\xF1\x13\x66\xCE\x0C\x79\xEF\xD1\x91\x28\xAB\x5F\xA0\x12\x52\x30\x73\x19\x8E\x8F\xE1\x8C\x07\xA2\xC3\xBB\x4A\xF0\xEA\x1F\x15\xA8\xEE\x25\xCC\xA4\x46\xF8\x1B\x22\xEF\xB3\x0E\x43\xBA\x2C\x24\xB8\xC5\x2C\x5C\xD4\x1C\xF8\x5D\x64\xBD\xC3\x93\x5E\x28\xA7\x3F\x27\xF1\x8E\x1E\xD3\x2A\x50\x05\xA3\x55\xD9\xCB\xE7\x39\x53\xC0\x98\x9E\x8C\x54\x62\x8B\x26\xB0\xF7\x7D\x8D\x7C\xE4\xC6\x9E\x66\x42\x55\x82\x47\xE7\xB2\x58\x8D\x66\xF7\x07\x7C\x2E\x36\xE6\x50\x1C\x3F\xDB\x43\x24\xC5\xBF\x86\x47\x79\xB3\x79\x1C\xF7\x5A\xF4\x13\xEC\x6C\xF8\x3F\xE2\x59\x1F\x95\xEE\x42\x3E\xB9\xAD\xA8\x32\x85\x49\x97\x46\xFE\x4B\x31\x8F\x5A\xCB\xAD\x74\x47\x1F\xE9\x91\xB7\xDF\x28\x04\x22\xA0\xD4\x0F\x5D\xE2\x79\x4F\xEA\x6C\x85\x86\xBD\xA8\xA6\xCE\xE4\xFA\xC3\xE1\xB3\xAE\xDE\x3C\x51\xEE\xCB\x13\x7C\x01\x7F\x84\x0E\x5D\x51\x94\x9E\x13\x0C\xB6\x2E\xA5\x4C\xF9\x39\x70\x36\x6F\x96\xCA\x2E\x0C\x44\x55\xC5\xCA\xFA\x5D\x02\xA3\xDF\xD6\x64\x8C\x5A\xB3\x01\x0A\xA9\xB5\x0A\x47\x17\xFF\xEF\x91\x40\x2A\x8E\xA1\x46\x3A\x31\x98\xE5\x11\xFC\xCC\xBB\x49\x56\x8A\xFC\xB9\xD0\x61\x9A\x6F\x65\x6C\xE6\xC3\xCB\x3E\x75\x49\xFE\x8F\xA7\xE2\x89\xC5\x67\xD7\x9D\x46\x13\x4E\x31\x76\x3B\x24\xB3\x9E\x11\x65\x86\xAB\x7F\xEF\x1D\xD4\xF8\xBC\xE7\xAC\x5A\x5C\xB7\x5A\x47\x5C\x55\xCE\x55\xB4\x22\x71\x5B\x5B\x0B\xF0\xCF\xDC\xA0\x61\x64\xEA\xA9\xD7\x68\x0A\x63\xA7\xE0\x0D\x3F\xA0\xAF\xD3\xAA\xD2\x7E\xEF\x51\xA0\xE6\x51\x2B\x55\x92\x15\x17\x53\xCB\xB7\x66\x0E\x66\x4C\xF8\xF9\x75\x4C\x90\xE7\x12\x70\xC7\x45\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x2E\xE3\xDB\xB2\x49\xD0\x9C\x54\x79\x5C\xFA\x27\x2A\xFE\xCC\x4E\xD2\xE8\x4E\x54\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x2E\xE3\xDB\xB2\x49\xD0\x9C\x54\x79\x5C\xFA\x27\x2A\xFE\xCC\x4E\xD2\xE8\x4E\x54\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x05\x37\x3A\xF4\x4D\xB7\x45\xE2\x45\x75\x24\x8F\xB6\x77\x52\xE8\x1C\xD8\x10\x93\x65\xF3\xF2\x59\x06\xA4\x3E\x1E\x29\xEC\x5D\xD1\xD0\xAB\x7C\xE0\x0A\x90\x48\x78\xED\x4E\x98\x03\x99\xFE\x28\x60\x91\x1D\x30\x1D\xB8\x63\x7C\xA8\xE6\x35\xB5\xFA\xD3\x61\x76\xE6\xD6\x07\x4B\xCA\x69\x9A\xB2\x84\x7A\x77\x93\x45\x17\x15\x9F\x24\xD0\x98\x13\x12\xFF\xBB\xA0\x2E\xFD\x4E\x4C\x87\xF8\xCE\x5C\xAA\x98\x1B\x05\xE0\x00\x46\x4A\x82\x80\xA5\x33\x8B\x28\xDC\xED\x38\xD3\xDF\xE5\x3E\xE9\xFE\xFB\x59\xDD\x61\x84\x4F\xD2\x54\x96\x13\x61\x13\x3E\x8F\x80\x69\xBE\x93\x47\xB5\x35\x43\xD2\x5A\xBB\x3D\x5C\xEF\xB3\x42\x47\xCD\x3B\x55\x13\x06\xB0\x09\xDB\xFD\x63\xF6\x3A\x88\x0A\x99\x6F\x7E\xE1\xCE\x1B\x53\x6A\x44\x66\x23\x51\x08\x7B\xBC\x5B\x52\xA2\xFD\x06\x37\x38\x40\x61\x8F\x4A\x96\xB8\x90\x37\xF8\x66\xC7\x78\x90\x00\x15\x2E\x8B\xAD\x51\x35\x53\x07\xA8\x6B\x68\xAE\xF9\x4E\x3C\x07\x26\xCD\x08\x05\x70\xCC\x39\x3F\x76\xBD\xA5\xD3\x67\x26\x01\x86\xA6\x53\xD2\x60\x3B\x7C\x43\x7F\x55\x8A\xBC\x95\x1A\xC1\x28\x39\x4C\x1F\x43\xD2\x91\xF4\x72\x59\x8A\xB9\x56\xFC\x3F\xB4\x9D\xDA\x70\x9C\x76\x5A\x8C\x43\x50\xEE\x8E\x30\x72\x4D\xDF\xFF\x49\xF7\xC6\xA9\x67\xD9\x6D\xAC\x02\x11\xE2\x3A\x16\x25\xA7\x58\x08\xCB\x6F\x53\x41\x9C\x48\x38\x47\x68\x33\xD1\xD7\xC7\x8F\xD4\x74\x21\xD4\xC3\x05\x90\x7A\xFF\xCE\x96\x88\xB1\x15\x29\x5D\x23\xAB\xD0\x60\xA1\x12\x4F\xDE\xF4\x17\xCD\x32\xE5\xC9\xBF\xC8\x43\xAD\xFD\x2E\x8E\xF1\xAF\xE2\xF4\x98\xFA\x12\x1F\x20\xD8\xC0\xA7\x0C\x85\xC5\x90\xF4\x3B\x2D\x96\x26\xB1\x2C\xBE\x4C\xAB\xEB\xB1\xD2\x8A\xC9\xDB\x78\x13\x0F\x1E\x09\x9D\x6D\x8F\x00\x9F\x02\xDA\xC1\xFA\x1F\x7A\x7A\x09\xC4\x4A\xE6\x88\x2A\x97\x9F\x89\x8B\xFD\x37\x5F\x5F\x3A\xCE\x38\x59\x86\x4B\xAF\x71\x0B\xB4\xD8\xF2\x70\x4F\x9F\x32\x13\xE3\xB0\xA7\x57\xE5\xDA\xDA\x43\xCB\x84\x34\xF2\x28\xC4\xEA\x6D\xF4\x2A\xEF\xC1\x6B\x76\xDA\xFB\x7E\xBB\x85\x3C\xD2\x53\xC2\x4D\xBE\x71\xE1\x45\xD1\xFD\x23\x67\x0D\x13\x75\xFB\xCF\x65\x67\x22\x9D\xAE\xB0\x09\xD1\x09\xFF\x1D\x34\xBF\xFE\x23\x97\x37\xD2\x39\xFA\x3D\x0D\x06\x0B\xB4\xDB\x3B\xA3\xAB\x6F\x5C\x1D\xB6\x7E\xE8\xB3\x82\x34\xED\x06\x5C\x24",
+	["CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE"] = "\x30\x82\x03\xC3\x30\x82\x02\xAB\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x2B\x30\x29\x06\x03\x55\x04\x0A\x0C\x22\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x45\x6E\x74\x65\x72\x70\x72\x69\x73\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x47\x6D\x62\x48\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x0C\x16\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6E\x74\x65\x72\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0C\x1C\x54\x2D\x54\x65\x6C\x65\x53\x65\x63\x20\x47\x6C\x6F\x62\x61\x6C\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x32\x30\x1E\x17\x0D\x30\x38\x31\x30\x30\x31\x31\x30\x34\x30\x31\x34\x5A\x17\x0D\x33\x33\x31\x30\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x2B\x30\x29\x06\x03\x55\x04\x0A\x0C\x22\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x45\x6E\x74\x65\x72\x70\x72\x69\x73\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x47\x6D\x62\x48\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x0C\x16\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6E\x74\x65\x72\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0C\x1C\x54\x2D\x54\x65\x6C\x65\x53\x65\x63\x20\x47\x6C\x6F\x62\x61\x6C\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAA\x5F\xDA\x1B\x5F\xE8\x73\x91\xE5\xDA\x5C\xF4\xA2\xE6\x47\xE5\xF3\x68\x55\x60\x05\x1D\x02\xA4\xB3\x9B\x59\xF3\x1E\x8A\xAF\x34\xAD\xFC\x0D\xC2\xD9\x48\x19\xEE\x69\x8F\xC9\x20\xFC\x21\xAA\x07\x19\xED\xB0\x5C\xAC\x65\xC7\x5F\xED\x02\x7C\x7B\x7C\x2D\x1B\xD6\xBA\xB9\x80\xC2\x18\x82\x16\x84\xFA\x66\xB0\x08\xC6\x54\x23\x81\xE4\xCD\xB9\x49\x3F\xF6\x4F\x6E\x37\x48\x28\x38\x0F\xC5\xBE\xE7\x68\x70\xFD\x39\x97\x4D\xD2\xC7\x98\x91\x50\xAA\xC4\x44\xB3\x23\x7D\x39\x47\xE9\x52\x62\xD6\x12\x93\x5E\xB7\x31\x96\x42\x05\xFB\x76\xA7\x1E\xA3\xF5\xC2\xFC\xE9\x7A\xC5\x6C\xA9\x71\x4F\xEA\xCB\x78\xBC\x60\xAF\xC7\xDE\xF4\xD9\xCB\xBE\x7E\x33\xA5\x6E\x94\x83\xF0\x34\xFA\x21\xAB\xEA\x8E\x72\xA0\x3F\xA4\xDE\x30\x5B\xEF\x86\x4D\x6A\x95\x5B\x43\x44\xA8\x10\x15\x1C\xE5\x01\x57\xC5\x98\xF1\xE6\x06\x28\x91\xAA\x20\xC5\xB7\x53\x26\x51\x43\xB2\x0B\x11\x95\x58\xE1\xC0\x0F\x76\xD9\xC0\x8D\x7C\x81\xF3\x72\x70\x9E\x6F\xFE\x1A\x8E\xD9\x5F\x35\xC6\xB2\x6F\x34\x7C\xBE\x48\x4F\xE2\x5A\x39\xD7\xD8\x9D\x78\x9E\x9F\x86\x3E\x03\x5E\x19\x8B\x44\xA2\xD5\xC7\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xBF\x59\x20\x36\x00\x79\xA0\xA0\x22\x6B\x8C\xD5\xF2\x61\xD2\xB8\x2C\xCB\x82\x4A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x31\x03\xA2\x61\x0B\x1F\x74\xE8\x72\x36\xC6\x6D\xF9\x4D\x9E\xFA\x22\xA8\xE1\x81\x56\xCF\xCD\xBB\x9F\xEA\xAB\x91\x19\x38\xAF\xAA\x7C\x15\x4D\xF3\xB6\xA3\x8D\xA5\xF4\x8E\xF6\x44\xA9\xA7\xE8\x21\x95\xAD\x3E\x00\x62\x16\x88\xF0\x02\xBA\xFC\x61\x23\xE6\x33\x9B\x30\x7A\x6B\x36\x62\x7B\xAD\x04\x23\x84\x58\x65\xE2\xDB\x2B\x8A\xE7\x25\x53\x37\x62\x53\x5F\xBC\xDA\x01\x62\x29\xA2\xA6\x27\x71\xE6\x3A\x22\x7E\xC1\x6F\x1D\x95\x70\x20\x4A\x07\x34\xDF\xEA\xFF\x15\x80\xE5\xBA\xD7\x7A\xD8\x5B\x75\x7C\x05\x7A\x29\x47\x7E\x40\xA8\x31\x13\x77\xCD\x40\x3B\xB4\x51\x47\x7A\x2E\x11\xE3\x47\x11\xDE\x9D\x66\xD0\x8B\xD5\x54\x66\xFA\x83\x55\xEA\x7C\xC2\x29\x89\x1B\xE9\x6F\xB3\xCE\xE2\x05\x84\xC9\x2F\x3E\x78\x85\x62\x6E\xC9\x5F\xC1\x78\x63\x74\x58\xC0\x48\x18\x0C\x99\x39\xEB\xA4\xCC\x1A\xB5\x79\x5A\x8D\x15\x9C\xD8\x14\x0D\xF6\x7A\x07\x57\xC7\x22\x83\x05\x2D\x3C\x9B\x25\x26\x3D\x18\xB3\xA9\x43\x7C\xC8\xC8\xAB\x64\x8F\x0E\xA3\xBF\x9C\x1B\x9D\x30\xDB\xDA\xD0\x19\x2E\xAA\x3C\xF1\xFB\x33\x80\x76\xE4\xCD\xAD\x19\x4F\x05\x27\x8E\x13\xA1\x6E\xC2",
+	["C=DE,O=Atos,CN=Atos TrustedRoot 2011"] = "\x30\x82\x03\x77\x30\x82\x02\x5F\xA0\x03\x02\x01\x02\x02\x08\x5C\x33\xCB\x62\x2C\x5F\xB3\x32\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x3C\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x0C\x15\x41\x74\x6F\x73\x20\x54\x72\x75\x73\x74\x65\x64\x52\x6F\x6F\x74\x20\x32\x30\x31\x31\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x0C\x04\x41\x74\x6F\x73\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x30\x1E\x17\x0D\x31\x31\x30\x37\x30\x37\x31\x34\x35\x38\x33\x30\x5A\x17\x0D\x33\x30\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x3C\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x0C\x15\x41\x74\x6F\x73\x20\x54\x72\x75\x73\x74\x65\x64\x52\x6F\x6F\x74\x20\x32\x30\x31\x31\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x0C\x04\x41\x74\x6F\x73\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x95\x85\x3B\x97\x6F\x2A\x3B\x2E\x3B\xCF\xA6\xF3\x29\x35\xBE\xCF\x18\xAC\x3E\xAA\xD9\xF8\x4D\xA0\x3E\x1A\x47\xB9\xBC\x9A\xDF\xF2\xFE\xCC\x3E\x47\xE8\x7A\x96\xC2\x24\x8E\x35\xF4\xA9\x0C\xFC\x82\xFD\x6D\xC1\x72\x62\x27\xBD\xEA\x6B\xEB\xE7\x8A\xCC\x54\x3E\x90\x50\xCF\x80\xD4\x95\xFB\xE8\xB5\x82\xD4\x14\xC5\xB6\xA9\x55\x25\x57\xDB\xB1\x50\xF6\xB0\x60\x64\x59\x7A\x69\xCF\x03\xB7\x6F\x0D\xBE\xCA\x3E\x6F\x74\x72\xEA\xAA\x30\x2A\x73\x62\xBE\x49\x91\x61\xC8\x11\xFE\x0E\x03\x2A\xF7\x6A\x20\xDC\x02\x15\x0D\x5E\x15\x6A\xFC\xE3\x82\xC1\xB5\xC5\x9D\x64\x09\x6C\xA3\x59\x98\x07\x27\xC7\x1B\x96\x2B\x61\x74\x71\x6C\x43\xF1\xF7\x35\x89\x10\xE0\x9E\xEC\x55\xA1\x37\x22\xA2\x87\x04\x05\x2C\x47\x7D\xB4\x1C\xB9\x62\x29\x66\x28\xCA\xB7\xE1\x93\xF5\xA4\x94\x03\x99\xB9\x70\x85\xB5\xE6\x48\xEA\x8D\x50\xFC\xD9\xDE\xCC\x6F\x07\x0E\xDD\x0B\x72\x9D\x80\x30\x16\x07\x95\x3F\x28\x0E\xFD\xC5\x75\x4F\x53\xD6\x74\x9A\xB4\x24\x2E\x8E\x02\x91\xCF\x76\xC5\x9B\x1E\x55\x74\x9C\x78\x21\xB1\xF0\x2D\xF1\x0B\x9F\xC2\xD5\x96\x18\x1F\xF0\x54\x22\x7A\x8C\x07\x02\x03\x01\x00\x01\xA3\x7D\x30\x7B\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA7\xA5\x06\xB1\x2C\xA6\x09\x60\xEE\xD1\x97\xE9\x70\xAE\xBC\x3B\x19\x6C\xDB\x21\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xA7\xA5\x06\xB1\x2C\xA6\x09\x60\xEE\xD1\x97\xE9\x70\xAE\xBC\x3B\x19\x6C\xDB\x21\x30\x18\x06\x03\x55\x1D\x20\x04\x11\x30\x0F\x30\x0D\x06\x0B\x2B\x06\x01\x04\x01\xB0\x2D\x03\x04\x01\x01\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x26\x77\x34\xDB\x94\x48\x86\x2A\x41\x9D\x2C\x3E\x06\x90\x60\xC4\x8C\xAC\x0B\x54\xB8\x1F\xB9\x7B\xD3\x07\x39\xE4\xFA\x3E\x7B\xB2\x3D\x4E\xED\x9F\x23\xBD\x97\xF3\x6B\x5C\xEF\xEE\xFD\x40\xA6\xDF\xA1\x93\xA1\x0A\x86\xAC\xEF\x20\xD0\x79\x01\xBD\x78\xF7\x19\xD8\x24\x31\x34\x04\x01\xA6\xBA\x15\x9A\xC3\x27\xDC\xD8\x4F\x0F\xCC\x18\x63\xFF\x99\x0F\x0E\x91\x6B\x75\x16\xE1\x21\xFC\xD8\x26\xC7\x47\xB7\xA6\xCF\x58\x72\x71\x7E\xBA\xE1\x4D\x95\x47\x3B\xC9\xAF\x6D\xA1\xB4\xC1\xEC\x89\xF6\xB4\x0F\x38\xB5\xE2\x64\xDC\x25\xCF\xA6\xDB\xEB\x9A\x5C\x99\xA1\xC5\x08\xDE\xFD\xE6\xDA\xD5\xD6\x5A\x45\x0C\xC4\xB7\xC2\xB5\x14\xEF\xB4\x11\xFF\x0E\x15\xB5\xF5\xF5\xDB\xC6\xBD\xEB\x5A\xA7\xF0\x56\x22\xA9\x3C\x65\x54\xC6\x15\xA8\xBD\x86\x9E\xCD\x83\x96\x68\x7A\x71\x81\x89\xE1\x0B\xE1\xEA\x11\x1B\x68\x08\xCC\x69\x9E\xEC\x9E\x41\x9E\x44\x32\x26\x7A\xE2\x87\x0A\x71\x3D\xEB\xE4\x5A\xA4\xD2\xDB\xC5\xCD\xC6\xDE\x60\x7F\xB9\xF3\x4F\x44\x92\xEF\x2A\xB7\x18\x3E\xA7\x19\xD9\x0B\x7D\xB1\x37\x41\x42\xB0\xBA\x60\x1D\xF2\xFE\x09\x11\xB0\xF0\x87\x7B\xA7\x9D",
+};
diff --git a/testing/external/scripts/testing-setup.bro b/testing/external/scripts/testing-setup.bro
index 282cf41119..a56a72aee5 100644
--- a/testing/external/scripts/testing-setup.bro
+++ b/testing/external/scripts/testing-setup.bro
@@ -1,5 +1,7 @@
 # Sets some testing specific options.
 
+@load external-ca-list.bro
+
 @ifdef ( SMTP::never_calc_md5 )
 	# MDD5s can depend on libmagic output.
 	redef SMTP::never_calc_md5 = T;