diff --git a/Makefile b/Makefile index 77f0626cdc..863440661e 100644 --- a/Makefile +++ b/Makefile @@ -5,15 +5,12 @@ # to offer. For more, execute that one directly. # -BUILD=build -BROCCOLI=aux/broccoli -BROCTL=aux/broctl - -# CMake/CPack versions before 2.8.2 have bugs that can create bad packages -CMAKE_PACK_REQ=2.8.2 -CMAKE_VER=`cmake -version` - -OSX_VER_CMD=sw_vers | sed -n 's/ProductVersion://p' | cut -d . -f 2 +SOURCE=$(PWD) +BUILD=$(SOURCE)/build +TMP=/tmp/bro-dist.$(UID) +BRO_V=`cat $(SOURCE)/VERSION` +BROCCOLI_V=`cat $(SOURCE)/aux/broccoli/VERSION` +BROCTL_V=`cat $(SOURCE)/aux/broctl/VERSION` all: configured ( cd $(BUILD) && make ) @@ -31,39 +28,25 @@ doc: configured docclean: configured ( cd $(BUILD) && make docclean && make restclean ) -dist: cmake_version - # Minimum Bro source package - ( \ - ./configure --ignore-dirs='aux/broctl;aux/broccoli' --pkg-name-prefix=Bro && \ - cd $(BUILD) && \ - make package_source \ - ) - # Full Bro source package - ( \ - ./configure --pkg-name-prefix=Bro-all && \ - cd $(BUILD) && \ - make package_source \ - ) - # Broccoli source package - ( \ - cd $(BROCCOLI) && \ - ./configure && \ - cd $(BUILD) && \ - make package_source && \ - mv Broccoli*.tar.gz ../../../$(BUILD)/ && \ - cd .. && \ - rm -r $(BUILD) \ - ) - # Broctl source package - ( \ - cd $(BROCTL) && \ - ./configure && \ - cd $(BUILD) && \ - make package_source && \ - mv Broctl*.tar.gz ../../../$(BUILD)/ && \ - cd .. && \ - rm -r $(BUILD) \ - ) +dist: + @( mkdir -p $(BUILD) && rm -rf $(TMP) && mkdir $(TMP) ) + @cp -R $(SOURCE) $(TMP)/Bro-$(BRO_V) + @( cd $(TMP) && find . -name .git\* | xargs rm -rf ) + @( cd $(TMP) && find . -name \*.swp | xargs rm -rf ) + @( cd $(TMP) && find . -type d -name build | xargs rm -rf ) + @( cd $(TMP) && tar -czf $(BUILD)/Bro-all-$(BRO_V).tar.gz Bro-$(BRO_V) ) + @( cd $(TMP)/Bro-$(BRO_V)/aux && mv broccoli Broccoli-$(BROCCOLI_V) && \ + tar -czf $(BUILD)/Broccoli-$(BROCCOLI_V).tar.gz Broccoli-$(BROCCOLI_V) ) + @( cd $(TMP)/Bro-$(BRO_V)/aux && mv broctl Broctl-$(BROCTL_V) && \ + tar -czf $(BUILD)/Broctl-$(BROCTL_V).tar.gz Broctl-$(BROCTL_V) ) + @( cd $(TMP)/Bro-$(BRO_V)/aux && rm -rf Broctl* Broccoli* ) + @( cd $(TMP) && tar -czf $(BUILD)/Bro-$(BRO_V).tar.gz Bro-$(BRO_V) ) + @rm -rf $(TMP) + @echo "Distribution source tarballs have been compiled in $(BUILD)" + +bindist: + @( cd pkg && ( ./make-deb-packages || ./make-mac-packages || \ + ./make-rpm-packages ) ) distclean: rm -rf $(BUILD) @@ -72,7 +55,4 @@ configured: @test -d $(BUILD) || ( echo "Error: No build/ directory found. Did you run configure?" && exit 1 ) @test -e $(BUILD)/Makefile || ( echo "Error: No build/Makefile found. Did you run configure?" && exit 1 ) -cmake_version: - @test "$(CMAKE_VER)" \> "cmake version $(CMAKE_PACK_REQ)" || ( echo "Error: please use a CMake version greater than $(CMAKE_PACK_REQ)" && exit 1 ) - -.PHONY : all install clean distclean configured cmake_version +.PHONY : all install clean doc docclean dist bindist distclean configured diff --git a/aux/bro-aux b/aux/bro-aux index 14a7cfe4ea..1a610bced1 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 14a7cfe4ea2ff6c7f5301dcb81a869adcd6e9834 +Subproject commit 1a610bced1c83644a5bfaeb6e98cf75380fe61a1 diff --git a/aux/broccoli b/aux/broccoli index 7c20b1a410..8843da57dc 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 7c20b1a41016471eb03ee7a0fbfe1fb34bdc084a +Subproject commit 8843da57dc8aee433550727dcbd1199824ca9da4 diff --git a/aux/broctl b/aux/broctl index c4eaf7c747..ad9528f679 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit c4eaf7c7471ab04ae8af0f2913cb8350d9ae0b3a +Subproject commit ad9528f6795f104db8ec2f1425fc0b69d77ab92d diff --git a/aux/btest b/aux/btest index d0154a7e88..a9aeb2e1a8 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit d0154a7e88cd1b6bccc11c042e451fcb9b5459bf +Subproject commit a9aeb2e1a8434c583c75f5941b58dc69a7517444 diff --git a/cmake/ConfigurePackaging.cmake b/cmake/ConfigurePackaging.cmake index f77dcc0fae..6d7cb3d76f 100644 --- a/cmake/ConfigurePackaging.cmake +++ b/cmake/ConfigurePackaging.cmake @@ -63,10 +63,7 @@ endmacro(SetPackageVersion) # # Darwin - PackageMaker # Linux - RPM if the platform has rpmbuild installed -# DEB is ommitted because CPack does not give enough -# control over how the package is created and lacks support -# for automatic dependency detection. -# +# DEB if the platform has dpkg-shlibdeps installed # # CPACK_GENERATOR is set by this macro # CPACK_SOURCE_GENERATOR is set by this macro @@ -77,9 +74,14 @@ macro(SetPackageGenerators) list(APPEND CPACK_GENERATOR PackageMaker) elseif (${CMAKE_SYSTEM_NAME} MATCHES "Linux") find_program(RPMBUILD_EXE rpmbuild) + find_program(DPKGSHLIB_EXE dpkg-shlibdeps) if (RPMBUILD_EXE) set(CPACK_GENERATOR ${CPACK_GENERATOR} RPM) endif () + if (DPKGSHLIB_EXE) + set(CPACK_GENERATOR ${CPACK_GENERATOR} DEB) + set(CPACK_DEBIAN_PACKAGE_SHLIBDEPS true) + endif () endif () endmacro(SetPackageGenerators) @@ -159,11 +161,27 @@ macro(SetPackageInstallScripts VERSION) endif () if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") + # DEB packages can automatically handle configuration files + # if provided in a "conffiles" file in the packaging + set(conffiles_file ${CMAKE_CURRENT_BINARY_DIR}/conffiles) + if (INSTALLED_CONFIG_FILES) + string(REPLACE " " ";" conffiles ${INSTALLED_CONFIG_FILES}) + endif () + file(WRITE ${conffiles_file} "") + foreach (_file ${conffiles}) + file(APPEND ${conffiles_file} "${_file}\n") + endforeach () + + list(APPEND CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA + ${CMAKE_CURRENT_BINARY_DIR}/conffiles) + + # RPMs don't need any explicit direction regarding config files. + # Leaving the set of installed config files empty will just - # bypass the logic in the pre/post install scripts and let - # the RPM do their own thing (regarding backups, etc.) + # bypass the logic in the default pre/post install scripts and let + # the RPMs/DEBs do their own thing (regarding backups, etc.) # when upgrading packages. - set (INSTALLED_CONFIG_FILES "") + set(INSTALLED_CONFIG_FILES "") endif () if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_preinstall.sh.in) @@ -171,10 +189,16 @@ macro(SetPackageInstallScripts VERSION) ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_preinstall.sh.in ${CMAKE_CURRENT_BINARY_DIR}/package_preinstall.sh @ONLY) + configure_file( + ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_preinstall.sh.in + ${CMAKE_CURRENT_BINARY_DIR}/preinst + @ONLY) set(CPACK_PREFLIGHT_SCRIPT ${CMAKE_CURRENT_BINARY_DIR}/package_preinstall.sh) set(CPACK_RPM_PRE_INSTALL_SCRIPT_FILE ${CMAKE_CURRENT_BINARY_DIR}/package_preinstall.sh) + list(APPEND CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA + ${CMAKE_CURRENT_BINARY_DIR}/preinst) endif () if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_postupgrade.sh.in) @@ -182,10 +206,16 @@ macro(SetPackageInstallScripts VERSION) ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_postupgrade.sh.in ${CMAKE_CURRENT_BINARY_DIR}/package_postupgrade.sh @ONLY) + configure_file( + ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_postupgrade.sh.in + ${CMAKE_CURRENT_BINARY_DIR}/postinst + @ONLY) set(CPACK_POSTUPGRADE_SCRIPT ${CMAKE_CURRENT_BINARY_DIR}/package_postupgrade.sh) set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_CURRENT_BINARY_DIR}/package_postupgrade.sh) + list(APPEND CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA + ${CMAKE_CURRENT_BINARY_DIR}/postinst) endif () endmacro(SetPackageInstallScripts) diff --git a/cmake/package_postupgrade.sh.in b/cmake/package_postupgrade.sh.in index 0ef78413c3..4e199d005c 100755 --- a/cmake/package_postupgrade.sh.in +++ b/cmake/package_postupgrade.sh.in @@ -48,21 +48,13 @@ if [ -n "${sampleFiles}" ]; then EOF fi -# make sure that world-writeable dirs have the sticky bit set -# so that unprivileged can't rename/remove files within - -if [ -d /var/opt/bro/spool ]; then - chmod +t /var/opt/bro/spool -fi - -if [ -d /var/opt/bro/spool/tmp ]; then - chmod +t /var/opt/bro/spool/tmp -fi - -if [ -d /var/opt/bro/spool/policy ]; then - chmod +t /var/opt/bro/spool/policy -fi - -if [ -d /var/opt/bro/logs ]; then - chmod +t /var/opt/bro/logs +# Set up world writeable spool and logs directory for broctl, making sure +# to set the sticky bit so that unprivileged users can't rename/remove files. +# (CMake/CPack is supposed to install them, but has problems with empty dirs) +if [ -n "@EMPTY_WORLD_DIRS@" ]; then + for dir in "@EMPTY_WORLD_DIRS@"; do + mkdir -p ${dir} + chmod 777 ${dir} + chmod +t ${dir} + done fi diff --git a/pkg/check-cmake b/pkg/check-cmake new file mode 100755 index 0000000000..2c3ed765a6 --- /dev/null +++ b/pkg/check-cmake @@ -0,0 +1,14 @@ +#!/bin/sh + +# CMake/CPack versions before 2.8.3 have bugs that can create bad packages +# Since packages will be built on several different systems, a single +# version of CMake is required to obtain consistency, but can be increased +# as new versions of CMake come out that also produce working packages. + +CMAKE_PACK_REQ="cmake version 2.8.4" +CMAKE_VER=`cmake -version` + +if [ "${CMAKE_VER}" != "${CMAKE_PACK_REQ}" ]; then + echo "Package creation requires ${CMAKE_PACK_REQ}" >&2 + exit 1 +fi diff --git a/pkg/make-deb-packages b/pkg/make-deb-packages new file mode 100755 index 0000000000..a9de210e52 --- /dev/null +++ b/pkg/make-deb-packages @@ -0,0 +1,47 @@ +#!/bin/sh + +# This script generates binary DEB packages. +# They can be found in ../build/ after running. + +./check-cmake || { exit 1; } + +# The DEB CPack generator depends on `dpkg-shlibdeps` to automatically +# determine what dependencies to set for the packages +type dpkg-shlibdeps > /dev/null 2>&1 || { + echo "\ +Creating DEB packages requires the "dpkg-shlibs" command, usually provided by +the 'dpkg-dev' package, please install it first. +" >&2; + exit 1; +} + +prefix=/opt/bro + +# During the packaging process, `dpkg-shlibs` will fail if used on a library +# that links to other internal/project libraries unless an RPATH is used or +# we set LD_LIBRARY_PATH such that it can find the internal/project library +# in the temporary packaging tree. +export LD_LIBRARY_PATH=./${prefix}/lib + +cd .. + +# Minimum Bro +./configure --prefix=${prefix} --disable-broccoli --disable-broctl \ + --pkg-name-prefix=Bro --binary-package +( cd build && make package ) + +# Full Bro package +./configure --prefix=${prefix} --pkg-name-prefix=Bro-all --binary-package +( cd build && make package ) + +# Broccoli +cd aux/broccoli +./configure --prefix=${prefix} --binary-package +( cd build && make package && mv Broccoli*.deb ../../../build/ ) +cd ../.. + +# Broctl +cd aux/broctl +./configure --prefix=${prefix} --binary-package +( cd build && make package && mv Broctl*.deb ../../../build/ ) +cd ../.. diff --git a/make-mac-packages b/pkg/make-mac-packages similarity index 84% rename from make-mac-packages rename to pkg/make-mac-packages index c3b6736d20..a8f7f965c8 100755 --- a/make-mac-packages +++ b/pkg/make-mac-packages @@ -1,18 +1,9 @@ #!/bin/sh # This script creates binary packages for Mac OS X. -# They can be found in build/ after running. +# They can be found in ../build/ after running. -prefix=/opt/bro - -# CMake/CPack versions before 2.8.2 have bugs that can create bad packages -CMAKE_PACK_REQ=2.8.3 -CMAKE_VER=`cmake -version` - -if [ "${CMAKE_VER}" \< "${CMAKE_PACK_REQ}" ]; then - echo "Package creation requires CMake > 2.8.2" >&2 - exit 1 -fi +./check-cmake || { exit 1; } type sw_vers > /dev/null 2>&1 || { echo "Unable to get Mac OS X version" >&2; @@ -38,6 +29,10 @@ else arch=x86_64 fi +prefix=/opt/bro + +cd .. + # Minimum Bro CMAKE_OSX_ARCHITECTURES=${arch} ./configure --prefix=${prefix} \ --disable-broccoli --disable-broctl --pkg-name-prefix=Bro \ diff --git a/make-rpm-packages b/pkg/make-rpm-packages similarity index 65% rename from make-rpm-packages rename to pkg/make-rpm-packages index 503d80ef4e..ac8dfa97b4 100755 --- a/make-rpm-packages +++ b/pkg/make-rpm-packages @@ -1,18 +1,22 @@ #!/bin/sh # This script generates binary RPM packages. -# They can be found in build/ after running. +# They can be found in ../build/ after running. + +./check-cmake || { exit 1; } + +# The RPM CPack generator depends on `rpmbuild` to create packages +type rpmbuild > /dev/null 2>&1 || { + echo "\ +Creating RPM packages requires the "rpmbuild" command, usually provided by +the 'rpm-build' package, please install it first. +" >&2; + exit 1; +} prefix=/opt/bro -# CMake/CPack versions before 2.8.2 have bugs that can create bad packages -CMAKE_PACK_REQ=2.8.2 -CMAKE_VER=`cmake -version` - -if [ "${CMAKE_VER}" \< "${CMAKE_PACK_REQ}" ]; then - echo "Package creation requires CMake > 2.8.2" >&2 - exit 1 -fi +cd .. # Minimum Bro ./configure --prefix=${prefix} --disable-broccoli --disable-broctl \ diff --git a/policy/bro.init b/policy/bro.init index ab883bdc72..77509ce85e 100644 --- a/policy/bro.init +++ b/policy/bro.init @@ -11,9 +11,12 @@ global no_handler: event(name: string, val: any); # Type declarations type string_array: table[count] of string; type string_set: set[string]; +type count_set: set[count]; type index_vec: vector of count; type string_vec: vector of string; +type table_string_of_string: table[string] of string; + type transport_proto: enum { unknown_transport, tcp, udp, icmp }; type conn_id: record { @@ -718,47 +721,43 @@ const RPC_status = { }; module NFS3; + export { - # Should the read and write events return the file data that - # has been read/written? + # Should the read and write events return the file data that has been + # read/written? const return_data = F &redef; - # If nfs_return_data==T: how much data should be returned at most + # If nfs_return_data is true, how much data should be returned at most. const return_data_max = 512 &redef; - # If nfs_return_data==T: whether to *only* return data if the read or - # write offset is 0, i.e., only return data for the beginning of the - # file - const return_data_first_only = T &redef; - # This record summarizes the general results and status - # of NFSv3 request/reply pairs. It's part of every NFSv3 - # event - + # If nfs_return_data is true, whether to *only* return data if the read or write + # offset is 0, i.e., only return data for the beginning of the file. + const return_data_first_only = T &redef; + + # This record summarizes the general results and status of NFSv3 request/reply + # pairs. It's part of every NFSv3 event. type info_t: record { - rpc_stat: rpc_status; # if this indicates not successful, the reply record in the - # events will be a empty and contain uninitialized fields, so - # don't use it! + rpc_stat: rpc_status; # If this indicates not successful, the reply record in the + # events will be empty and contain uninitialized fields, so + # don't use it. nfs_stat: status_t; - # the start time, duration, and length in bytes of the - # request (call). - # NOTE that the start and end time might not be accurate. For TCP we - # record the time when a chunk of data is delivered to the analyzer. Depending - # on the Reassembler, this might be well after the first packet of the request + # The start time, duration, and length in bytes of the request (call). Note that + # the start and end time might not be accurate. For TCP, we record the + # time when a chunk of data is delivered to the analyzer. Depending on the + # Reassembler, this might be well after the first packet of the request # was received. req_start: time; req_dur: interval; req_len: count; - # Same for the reply + # Same for the reply. rep_start: time; rep_dur: interval; rep_len: count; }; - - # NFSv3 types - # type names are based on RFC 1813 + # NFSv3 types. Type names are based on RFC 1813. type fattr_t: record { ftype: file_type_t; mode: count; @@ -777,15 +776,15 @@ export { }; type diropargs_t : record { - dirfh: string; # the file handle of the directory - fname: string; # the name of the file we are interested in + dirfh: string; # the file handle of the directory + fname: string; # the name of the file we are interested in }; - # Note, we don't need a post_op_attr type. We can always use - # an fattr_t &optional + # Note, we don't need a "post_op_attr" type. We use an "fattr_t &optional" + # instead. type lookup_reply_t: record { - # If the lookup failed, dir_attr may be set. + # If the lookup failed, dir_attr may be set. # If the lookup succeeded, fh is always set and obj_attr and dir_attr may be set. fh: string &optional; # file handle of object looked up obj_attr: fattr_t &optional; # optional attributes associated w/ file @@ -793,33 +792,33 @@ export { }; type readargs_t: record { - fh: string; # file handle to read from - offset: count; # Offset in file. Should really go to 64 bit int here - size: count; # number of bytes to read + fh: string; # file handle to read from + offset: count; # offset in file + size: count; # number of bytes to read }; type read_reply_t: record { - # if the lookup fails attr may be set. - # if the lookup succeeds, attr may be set and all other fields are set - attr: fattr_t &optional; # attributes - size: count &optional; # number of bytes read - eof: bool &optional; # did the read end at EOF - data: string &optional; # the actual data. NOT IMPLEMENTED YET. + # If the lookup fails, attr may be set. If the lookup succeeds, attr may be set + # and all other fields are set. + attr: fattr_t &optional; # attributes + size: count &optional; # number of bytes read + eof: bool &optional; # did the read end at EOF + data: string &optional; # the actual data; not yet implemented. }; type readlink_reply_t: record { - # if the request fails attr may be set. - # if the request succeeds, attr may be set and all other fields are set - attr: fattr_t &optional; # attributes - nfspath: string &optional; # the contents of the symlink. In general a pathname as text + # If the request fails, attr may be set. If the request succeeds, attr may be + # set and all other fields are set. + attr: fattr_t &optional; # attributes + nfspath: string &optional; # the contents of the symlink; in general a pathname as text }; type writeargs_t: record { - fh: string; # file handle to write to - offset: count; # Offset in file. Should really go to 64 bit int here - size: count; # number of bytes to write - stable: stable_how_t; # how and when data is commited - data: string &optional; # the actual data. NOT IMPLEMENTED YET. + fh: string; # file handle to write to + offset: count; # offset in file + size: count; # number of bytes to write + stable: stable_how_t; # how and when data is commited + data: string &optional; # the actual data; not implemented yet }; type wcc_attr_t: record { @@ -829,65 +828,64 @@ export { }; type write_reply_t: record { - # if the request fails pre|post attr may be set. - # if the request succeeds, pre|post attr may be set and all other fields are set - preattr: wcc_attr_t &optional; # pre operation attributes - postattr: fattr_t &optional; # post operation attributes + # If the request fails, pre|post attr may be set. If the request succeeds, + # pre|post attr may be set and all other fields are set. + preattr: wcc_attr_t &optional; # pre operation attributes + postattr: fattr_t &optional; # post operation attributes size: count &optional; - commited: stable_how_t &optional; + commited: stable_how_t &optional; verf: count &optional; # write verifier cookue }; # reply for create, mkdir, symlink type newobj_reply_t: record { - # If the proc failed, dir_*_attr may be set. - # If the proc succeeded, fh and the attr's may be set. - # Note no guarantee that fh is set after success - fh: string &optional; # file handle of object created. - obj_attr: fattr_t &optional; # optional attributes associated w/ new object - dir_pre_attr: wcc_attr_t &optional; # optional attributes associated w/ dir. - dir_post_attr: fattr_t &optional; # optional attributes associated w/ dir. + # If the proc failed, dir_*_attr may be set. If the proc succeeded, fh and + # the attr's may be set. Note: no guarantee that fh is set after + # success. + fh: string &optional; # file handle of object created + obj_attr: fattr_t &optional; # optional attributes associated w/ new object + dir_pre_attr: wcc_attr_t &optional; # optional attributes associated w/ dir + dir_post_attr: fattr_t &optional; # optional attributes associated w/ dir }; # reply for remove, rmdir - # == wcc_data + # Corresponds to "wcc_data" in the spec. type delobj_reply_t: record { - dir_pre_attr: wcc_attr_t &optional; # optional attributes associated w/ dir. - dir_post_attr: fattr_t &optional; # optional attributes associated w/ dir. + dir_pre_attr: wcc_attr_t &optional; # optional attributes associated w/ dir + dir_post_attr: fattr_t &optional; # optional attributes associated w/ dir }; - # This record is used for both readdir and readdirplus + # This record is used for both readdir and readdirplus. type readdirargs_t: record { - isplus: bool; # is this a readdirplus request? - dirfh: string; # the directory filehandle - cookie: count; # cookie / pos in dir. 0 for first call - cookieverf: count; # the cookie verifier - dircount: count; # "count" field for readdir, maxcount otherwise. in bytes - maxcount: count &optional; # only used for readdirplus. in bytes + isplus: bool; # is this a readdirplus request? + dirfh: string; # the directory filehandle + cookie: count; # cookie / pos in dir; 0 for first call + cookieverf: count; # the cookie verifier + dircount: count; # "count" field for readdir; maxcount otherwise (in bytes) + maxcount: count &optional; # only used for readdirplus. in bytes }; type direntry_t: record { - # fh and attr are used for readdirplus. However, even for readdirplus they need not - # be filled out. - fileid: count; # e.g., inode number - fname: string; # filename - cookie: count; - attr: fattr_t &optional; # readdirplus: the FH attributes for the entry - fh: string &optional; # readdirplus: the FH for the entry + # fh and attr are used for readdirplus. However, even for readdirplus they may + # not be filled out. + fileid: count; # e.g., inode number + fname: string; # filename + cookie: count; + attr: fattr_t &optional; # readdirplus: the FH attributes for the entry + fh: string &optional; # readdirplus: the FH for the entry }; type direntry_vec_t: vector of direntry_t; - # used for readdir and readdirplus + # Used for readdir and readdirplus. type readdir_reply_t: record { - isplus: bool; # is the reply for a readdirplus request - # if error: dir_attr might be set - # if success: dir_attr may be set, all others must be set - dir_attr: fattr_t &optional; + # If error: dir_attr might be set. If success: dir_attr may be set, all others + # must be set. + isplus: bool; # is the reply for a readdirplus request + dir_attr: fattr_t &optional; cookieverf: count &optional; entries: direntry_vec_t &optional; - eof: bool; # if T: no more entries in dir. - + eof: bool; # if true, no more entries in dir. }; type fsstat_t: record { @@ -903,6 +901,7 @@ export { } # end export module GLOBAL; + type ntp_msg: record { id: count; code: count; @@ -1069,16 +1068,20 @@ global dns_max_queries = 5; # has bigger cipherspecs, we won't do a comparisons of cipherspecs. const ssl_max_cipherspec_size = 68 &redef; -# SSL and X.509 types. -type cipher_suites_list: set[count]; -type SSL_sessionID: table[count] of count; -type X509_extension: table[count] of string; +type X509_extensions: table[count] of string; + type X509: record { - issuer: string; + version: count; + serial: string; subject: string; - orig_addr: addr; + issuer: string; + not_valid_before: time; + not_valid_after: time; }; +# This is indexed with the CA's name and yields a DER (binary) encoded certificate. +const root_ca_certs: table[string] of string = {} &redef; + type http_stats_rec: record { num_requests: count; num_replies: count; @@ -1383,7 +1386,7 @@ const gap_report_freq = 1.0 sec &redef; # Whether we want content_gap and drop reports for partial connections # (a connection is partial if it is missing a full handshake). Note that -# gap reports for partial connections might not be reliable. +# gap reports for partial connections might not be reliable. const report_gaps_for_partial = F &redef; # Globals associated with entire-run statistics on gaps (useful diff --git a/policy/conn.bro b/policy/conn.bro index 52993b0aec..1c9b434ff4 100644 --- a/policy/conn.bro +++ b/policy/conn.bro @@ -18,6 +18,10 @@ global have_SMTP = F; # if true, we've loaded smtp.bro # TODO: Do we have a nicer way of defining this prototype? export { global FTP::is_ftp_data_conn: function(c: connection): bool; } +# Whether to include connection state history in the logs generated +# by record_connection. +const record_state_history = F &redef; + # Whether to add 4 more columns to conn.log with # orig_packet orig_ip_bytes resp_packets resp_ip_bytes # Requires use_conn_size_analyzer=T @@ -311,6 +315,10 @@ function record_connection(f: file, c: connection) conn_size(c$orig, trans), conn_size(c$resp, trans), conn_state(c, trans), flags); + if ( record_state_history ) + log_msg = fmt("%s %s", log_msg, + c$history == "" ? "X" : c$history); + if ( use_conn_size_analyzer && report_conn_size_analyzer ) log_msg = fmt("%s %s %s", log_msg, conn_size_from_analyzer(c$orig), conn_size_from_analyzer(c$resp)); diff --git a/policy/nfs.bro b/policy/nfs.bro index 1d8397cb93..d8db0b4ef8 100644 --- a/policy/nfs.bro +++ b/policy/nfs.bro @@ -10,17 +10,16 @@ export { global names_log_file = open_log_file("nfs-files") &redef; global readdir_log = open_log_file("nfs-readdir") &redef; - # we want to estiamte how long it takes to lookup a chain of FH - # (directories) until we reach a FH that is used in a read or write - # operation. Whenever we get a new FH, we check how long ago we - # got the FH's parent. If this is less than fh_chain_maxtime, we - # assume that they belong to a lookup chain and set the dt value for - # the FH accordingly. + # We want to estimate how long it takes to lookup a chain of FH (directories) + # until we reach a FH that is used in a read or write operation. Whenever we + # get a new FH, we check how long ago we got the FH's parent. If this is less + # than fh_chain_maxtime, we assume that they belong to a lookup chain and set + # the dt value for the FH accordingly. global fh_chain_maxtime = 100 msec; } -redef capture_filters += { +redef capture_filters += { ["nfs"] = "port 2049", # NFS UDP packets are often fragmented. ["nfs-frag"] = "(ip[6:2] & 0x3fff != 0) and udp", @@ -30,13 +29,13 @@ global nfs_ports = { 2049/tcp, 2049/udp } &redef; redef dpd_config += { [ANALYZER_NFS] = [$ports = nfs_ports] }; # Information about a filehandle -type fh_info : record { +type fh_info : record { id: count; # A unique ID (counter) for more readable representation of the FH pathname: string &default="@"; # the path leading to this FH basename: string &default=""; # the name of this FHs file or directory mimetype: string &default=""; t0: time &default=double_to_time(0); # time when we first saw this FH - dt: interval &default=0 sec; # time it took to get this FH (assuming a chain of + dt: interval &default=0 sec; # time it took to get this FH (assuming a chain of # procedures that ultimately yield the FH for the file # a client is interested in chainlen: count &default=0; @@ -66,7 +65,7 @@ function get_fh_info(c: connection, fh: string): fh_info return fh_map[c$id$resp_h, fh]; } -function log_filename(proc: string, info: fh_info) +function log_filename(proc: string, info: fh_info) { print names_log_file, fmt("%.6f %s path FH%d %s/%s", network_time(), proc, info$id, info$pathname, info$basename); @@ -75,7 +74,7 @@ function log_filename(proc: string, info: fh_info) function fmt_attr(a: fattr_t): string { - local s = fmt("%s %s %d %d %d %d %d %d %d %d %d %.2f %.2f %.2f", + local s = fmt("%s %s %d %d %d %d %d %d %d %d %d %.2f %.2f %.2f", a$ftype, mode2string(a$mode), a$nlink, a$uid, a$gid, a$size, a$used, a$rdev1, a$rdev2, a$fsid, a$fileid, a$atime, a$mtime, a$ctime); return s; @@ -85,11 +84,11 @@ function log_attributes(c: connection, proc: string, fh: string, attr: fattr_t) { local info = get_fh_info(c,fh); local did_change = F; - # check whether the attributes have changes - if (info?$attr) + # check whether the attributes have changes + if (info?$attr) { - # We can't compare records for equality :-(. So we use a hack. - # We add the two instance we want to compare to a set. If there + # We can't compare records for equality :-(. So we use a hack. + # We add the two instance we want to compare to a set. If there # are two elements in the set, the records are not equal... local dummy: set[fattr_t]; add dummy[info$attr]; @@ -102,13 +101,13 @@ function log_attributes(c: connection, proc: string, fh: string, attr: fattr_t) if (did_change) { info$attr = attr; - print names_log_file, fmt("%.6f %s attr FH%d %s", network_time(), proc, + print names_log_file, fmt("%.6f %s attr FH%d %s", network_time(), proc, info$id, fmt_attr(attr)); } } # Update (or add) a filehandle mapping. -# parentfh ... parent (directory) +# parentfh ... parent (directory) # name ....... the name for this FH # fh ......... the new FH function add_update_fh(c: connection, proc: string, parentfh: string, name: string, fh: string) @@ -120,11 +119,11 @@ function add_update_fh(c: connection, proc: string, parentfh: string, name: stri if (name == ".") return; info$basename = name; - if (parentfh != "") + if (parentfh != "") { local parentinfo = get_fh_info(c, parentfh); info$pathname = cat(parentinfo$pathname, "/", parentinfo$basename); - if ( (network_time() - parentinfo$t0) < fh_chain_maxtime + if ( (network_time() - parentinfo$t0) < fh_chain_maxtime && info$dt < 0 sec ) { # The FH is part of lookup chain and it doesn't yet have a dt value @@ -151,15 +150,15 @@ function set_fh_mimetype(c: connection, fh: string, proc:string, data: string) } } -# Get the total time of the lookup chain for this FH to the -# current network time. Returns a negative interal if no +# Get the total time of the lookup chain for this FH to the +# current network time. Returns a negative interal if no # lookup chain was found function get_fh_chaintime_str(c:connection, fh:string): string { local info = get_fh_info(c, fh); if ((network_time() - info$t0) < fh_chain_maxtime) return fmt("%d %.6f", info$chainlen, info$dt + (network_time() - info$t0)); - else + else return fmt("%d %.6f", 0, 0.0); } @@ -187,7 +186,7 @@ function print_attr(attr: fattr_t): string return fmt("%s", attr); } -function map_conn(cid: conn_id): count +function map_conn(cid: conn_id): count { if (cid !in nfs_conns) nfs_conns[cid] = ++num_nfs_conns; @@ -208,16 +207,16 @@ function is_rpc_success(info: info_t): bool function nfs_get_log_prefix(c: connection, info: info_t, proc: string): string { local nfs_stat_str = (info$rpc_stat == RPC_SUCCESS) ? fmt("%s", info$nfs_stat) : "X"; - return fmt("%.06f %.06f %d %.06f %.06f %d %s %s %d %s %s %s", + return fmt("%.06f %.06f %d %.06f %.06f %d %s %s %d %s %s %s", info$req_start, info$req_dur, info$req_len, info$rep_start, info$rep_dur, info$rep_len, id_string(c$id), get_port_transport_proto(c$id$orig_p), - map_conn(c$id), + map_conn(c$id), proc, info$rpc_stat, nfs_stat_str); } -event nfs_proc_not_implemented(c: connection, info: info_t, proc: proc_t) +event nfs_proc_not_implemented(c: connection, info: info_t, proc: proc_t) { local prefix = nfs_get_log_prefix(c, info, fmt("%s", proc)); @@ -231,13 +230,13 @@ event nfs_proc_null(c: connection, info: info_t) print log_file, prefix; } -event nfs_proc_getattr (c: connection, info: info_t, fh: string, attrs: fattr_t) +event nfs_proc_getattr (c: connection, info: info_t, fh: string, attrs: fattr_t) { local prefix = nfs_get_log_prefix(c, info, "getattr"); if (is_success(info)) log_attributes(c, "getattr", fh, attrs); - + print log_file, fmt("%s %s", prefix, get_fh_id(c,fh)); } @@ -257,7 +256,7 @@ event nfs_proc_lookup(c: connection, info: info_t, req: diropargs_t, rep: lookup log_attributes(c, "lookup", rep$fh, rep$obj_attr); add_update_fh(c, "lookup", req$dirfh, req$fname, rep$fh); print log_file, fmt("%s %s + %s => %s", prefix, get_fh_id(c, req$dirfh), req$fname, get_fh_id(c, rep$fh)); - + } event nfs_proc_read(c: connection, info: info_t, req: readargs_t, rep: read_reply_t) @@ -267,7 +266,7 @@ event nfs_proc_read(c: connection, info: info_t, req: readargs_t, rep: read_repl msg = fmt("%s %s @%d: %d", msg, get_fh_id(c, req$fh), req$offset, req$size); if (is_success(info)) { - msg = fmt("%s got %d bytes %s %s", msg, rep$size, (rep$eof) ? "" : "x", + msg = fmt("%s got %d bytes %s %s", msg, rep$size, (rep$eof) ? "" : "x", get_fh_chaintime_str(c, req$fh)); if (rep?$data && req$offset==0 && rep$size>0) set_fh_mimetype(c, req$fh, "read", rep$data); @@ -278,7 +277,7 @@ event nfs_proc_read(c: connection, info: info_t, req: readargs_t, rep: read_repl print log_file, msg; } -event nfs_proc_readlink(c: connection, info: info_t, fh: string, rep: readlink_reply_t) +event nfs_proc_readlink(c: connection, info: info_t, fh: string, rep: readlink_reply_t) { local msg = nfs_get_log_prefix(c, info, "readlink"); @@ -300,7 +299,7 @@ event nfs_proc_write(c: connection, info: info_t, req: writeargs_t, rep: write_r msg = fmt("%s %s @%d: %d %s", msg, get_fh_id(c, req$fh), req$offset, req$size, req$stable); if (is_success(info)) { - msg = fmt("%s wrote %d bytes %s %s", msg, rep$size, rep$commited, + msg = fmt("%s wrote %d bytes %s %s", msg, rep$size, rep$commited, get_fh_chaintime_str(c, req$fh)); if (req?$data && req$offset==0 && rep$size>0) set_fh_mimetype(c, req$fh, "write", req$data); @@ -370,7 +369,7 @@ function fmt_direntry(c: connection, e: direntry_t): string if (e?$fh) rv = fmt("%s %s", rv, get_fh_id(c, e$fh)); return rv; - + } event nfs_proc_readdir(c: connection, info: info_t, req: readdirargs_t, rep: readdir_reply_t) diff --git a/policy/pcap.bro b/policy/pcap.bro index 42004e1c4c..021884a700 100644 --- a/policy/pcap.bro +++ b/policy/pcap.bro @@ -58,8 +58,13 @@ function build_default_pcap_filter(): string return cmd_line_bpf_filter; if ( all_packets ) + { # Return an "always true" filter. - return "ip or not ip"; + if ( bro_has_ipv6() ) + return "ip or not ip"; + else + return "not ip6"; + } ## Build filter dynamically. @@ -76,6 +81,10 @@ function build_default_pcap_filter(): string # Finally, join them. local filter = join_filters(cfilter, rfilter); + # Exclude IPv6 if we don't support it. + if ( ! bro_has_ipv6() ) + filter = fmt("(not ip6) and (%s)", filter); + return filter; } diff --git a/policy/portmapper.bro b/policy/portmapper.bro index 8332b2a7d5..2a038674e0 100644 --- a/policy/portmapper.bro +++ b/policy/portmapper.bro @@ -118,6 +118,8 @@ export { # Indexed by the portmapper request and a boolean that's T if # the request was answered, F it was attempted but not answered. + # If there's an entry in the set, then the access won't lead to a + # NOTICE (unless the connection is hot for some other reason). # If there's an entry in the set, then the access won't lead to a # NOTICE (unless the connection is hot for some other reason). const RPC_do_not_complain: set[string, bool] = { @@ -140,7 +142,7 @@ export { # Logs all portmapper mappings that we observe (i.e., getport and # dump replies. Format: # timestamp orig_h orig_p resp_h resp_p proto localInit PortmapProcedure RPCprogram version port proto - # the mapping is then: accepts with + # the mapping is then: accepts with # calls on . We learned this mapping via const mapping_log_file = open_log_file("portmapper-maps") &redef; } @@ -151,7 +153,7 @@ const portmapper_ports = { 111/tcp, 111/udp } &redef; redef dpd_config += { [ANALYZER_PORTMAPPER] = [$ports = portmapper_ports] }; # Indexed by source and destination addresses, plus the portmapper service. -# If the tuple is in the set, then we already created a NOTICE for it and +# If the tuple is in the set, then we already created a NOTICE for it and # shouldn't do so again. global did_pm_notice: set[addr, addr, string]; @@ -185,7 +187,7 @@ function rpc_prog(p: count): string function pm_get_conn_string(cid: conn_id) : string { - return fmt("%s %d %s %d %s %s", + return fmt("%s %d %s %d %s %s", cid$orig_h, cid$orig_p, cid$resp_h, cid$resp_p, get_port_transport_proto(cid$resp_p), @@ -194,9 +196,9 @@ function pm_get_conn_string(cid: conn_id) : string } # Log a pm_request or pm_attempt to the log file -function pm_log(r: connection, proc: string, msg: string, success: bool) +function pm_log(r: connection, proc: string, msg: string, success: bool) { - print log_file, fmt("%f %s %s %s %s", network_time(), + print log_file, fmt("%f %s %s %s %s", network_time(), pm_get_conn_string(r$id), proc, success, msg); } @@ -218,9 +220,9 @@ function pm_log_mapping_dump(r: connection, m: pm_mappings) } # Log portmapper mappings received from a getport procedure -# Unfortunately, pm_request_getport doesn't return pm_mapping, +# Unfortunately, pm_request_getport doesn't return pm_mapping, # but returns the parameters separately .... -function pm_log_mapping_getport(r: connection, pr: pm_port_request, p: port) +function pm_log_mapping_getport(r: connection, pr: pm_port_request, p: port) { local prog = rpc_prog(pr$program); local ver = pr$version; @@ -229,7 +231,7 @@ function pm_log_mapping_getport(r: connection, pr: pm_port_request, p: port) pm_get_conn_string(r$id), prog, ver, p, get_port_transport_proto(p)); } - + function pm_check_getport(r: connection, prog: string): bool @@ -377,7 +379,7 @@ event pm_request_dump(r: connection, m: pm_mappings) { local do_notice = [r$id$orig_h, r$id$resp_h] !in RPC_dump_okay; # pm_mapping_to_text has the side-effect of updating RPC_server_map - pm_request(r, "pm_dump", + pm_request(r, "pm_dump", length(m) == 0 ? "(nil)" : pm_mapping_to_text(r$id$resp_h, m), do_notice); pm_log_mapping_dump(r, m); diff --git a/policy/ssl-mozilla-CAs.bro b/policy/ssl-mozilla-CAs.bro new file mode 100644 index 0000000000..5d92e27dbd --- /dev/null +++ b/policy/ssl-mozilla-CAs.bro @@ -0,0 +1,131 @@ +redef root_ca_certs += { + ["GTE CyberTrust Global Root"] = "\x30\x82\x02\x5a\x30\x82\x01\xc3\x02\x02\x01\xa5\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x75\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x18\x30\x16\x06\x03\x55\x04\x0a\x13\x0f\x47\x54\x45\x20\x43\x6f\x72\x70\x6f\x72\x61\x74\x69\x6f\x6e\x31\x27\x30\x25\x06\x03\x55\x04\x0b\x13\x1e\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x53\x6f\x6c\x75\x74\x69\x6f\x6e\x73\x2c\x20\x49\x6e\x63\x2e\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1a\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x39\x38\x30\x38\x31\x33\x30\x30\x32\x39\x30\x30\x5a\x17\x0d\x31\x38\x30\x38\x31\x33\x32\x33\x35\x39\x30\x30\x5a\x30\x75\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x18\x30\x16\x06\x03\x55\x04\x0a\x13\x0f\x47\x54\x45\x20\x43\x6f\x72\x70\x6f\x72\x61\x74\x69\x6f\x6e\x31\x27\x30\x25\x06\x03\x55\x04\x0b\x13\x1e\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x53\x6f\x6c\x75\x74\x69\x6f\x6e\x73\x2c\x20\x49\x6e\x63\x2e\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1a\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\x95\x0f\xa0\xb6\xf0\x50\x9c\xe8\x7a\xc7\x88\xcd\xdd\x17\x0e\x2e\xb0\x94\xd0\x1b\x3d\x0e\xf6\x94\xc0\x8a\x94\xc7\x06\xc8\x90\x97\xc8\xb8\x64\x1a\x7a\x7e\x6c\x3c\x53\xe1\x37\x28\x73\x60\x7f\xb2\x97\x53\x07\x9f\x53\xf9\x6d\x58\x94\xd2\xaf\x8d\x6d\x88\x67\x80\xe6\xed\xb2\x95\xcf\x72\x31\xca\xa5\x1c\x72\xba\x5c\x02\xe7\x64\x42\xe7\xf9\xa9\x2c\xd6\x3a\x0d\xac\x8d\x42\xaa\x24\x01\x39\xe6\x9c\x3f\x01\x85\x57\x0d\x58\x87\x45\xf8\xd3\x85\xaa\x93\x69\x26\x85\x70\x48\x80\x3f\x12\x15\xc7\x79\xb4\x1f\x05\x2f\x3b\x62\x99\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x6d\xeb\x1b\x09\xe9\x5e\xd9\x51\xdb\x67\x22\x61\xa4\x2a\x3c\x48\x77\xe3\xa0\x7c\xa6\xde\x73\xa2\x14\x03\x85\x3d\xfb\xab\x0e\x30\xc5\x83\x16\x33\x81\x13\x08\x9e\x7b\x34\x4e\xdf\x40\xc8\x74\xd7\xb9\x7d\xdc\xf4\x76\x55\x7d\x9b\x63\x54\x18\xe9\xf0\xea\xf3\x5c\xb1\xd9\x8b\x42\x1e\xb9\xc0\x95\x4e\xba\xfa\xd5\xe2\x7c\xf5\x68\x61\xbf\x8e\xec\x05\x97\x5f\x5b\xb0\xd7\xa3\x85\x34\xc4\x24\xa7\x0d\x0f\x95\x93\xef\xcb\x94\xd8\x9e\x1f\x9d\x5c\x85\x6d\xc7\xaa\xae\x4f\x1f\x22\xb5\xcd\x95\xad\xba\xa7\xcc\xf9\xab\x0b\x7a\x7f", + ["Thawte Server CA"] = "\x30\x82\x03\x13\x30\x82\x02\x7c\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\xc4\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5a\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0c\x57\x65\x73\x74\x65\x72\x6e\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6f\x77\x6e\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6f\x6e\x73\x75\x6c\x74\x69\x6e\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x54\x68\x61\x77\x74\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x26\x30\x24\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x17\x73\x65\x72\x76\x65\x72\x2d\x63\x65\x72\x74\x73\x40\x74\x68\x61\x77\x74\x65\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x39\x36\x30\x38\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x30\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xc4\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5a\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0c\x57\x65\x73\x74\x65\x72\x6e\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6f\x77\x6e\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6f\x6e\x73\x75\x6c\x74\x69\x6e\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x54\x68\x61\x77\x74\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x26\x30\x24\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x17\x73\x65\x72\x76\x65\x72\x2d\x63\x65\x72\x74\x73\x40\x74\x68\x61\x77\x74\x65\x2e\x63\x6f\x6d\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xd3\xa4\x50\x6e\xc8\xff\x56\x6b\xe6\xcf\x5d\xb6\xea\x0c\x68\x75\x47\xa2\xaa\xc2\xda\x84\x25\xfc\xa8\xf4\x47\x51\xda\x85\xb5\x20\x74\x94\x86\x1e\x0f\x75\xc9\xe9\x08\x61\xf5\x06\x6d\x30\x6e\x15\x19\x02\xe9\x52\xc0\x62\xdb\x4d\x99\x9e\xe2\x6a\x0c\x44\x38\xcd\xfe\xbe\xe3\x64\x09\x70\xc5\xfe\xb1\x6b\x29\xb6\x2f\x49\xc8\x3b\xd4\x27\x04\x25\x10\x97\x2f\xe7\x90\x6d\xc0\x28\x42\x99\xd7\x4c\x43\xde\xc3\xf5\x21\x6d\x54\x9f\x5d\xc3\x58\xe1\xc0\xe4\xd9\x5b\xb0\xb8\xdc\xb4\x7b\xdf\x36\x3a\xc2\xb5\x66\x22\x12\xd6\x87\x0d\x02\x03\x01\x00\x01\xa3\x13\x30\x11\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x07\xfa\x4c\x69\x5c\xfb\x95\xcc\x46\xee\x85\x83\x4d\x21\x30\x8e\xca\xd9\xa8\x6f\x49\x1a\xe6\xda\x51\xe3\x60\x70\x6c\x84\x61\x11\xa1\x1a\xc8\x48\x3e\x59\x43\x7d\x4f\x95\x3d\xa1\x8b\xb7\x0b\x62\x98\x7a\x75\x8a\xdd\x88\x4e\x4e\x9e\x40\xdb\xa8\xcc\x32\x74\xb9\x6f\x0d\xc6\xe3\xb3\x44\x0b\xd9\x8a\x6f\x9a\x29\x9b\x99\x18\x28\x3b\xd1\xe3\x40\x28\x9a\x5a\x3c\xd5\xb5\xe7\x20\x1b\x8b\xca\xa4\xab\x8d\xe9\x51\xd9\xe2\x4c\x2c\x59\xa9\xda\xb9\xb2\x75\x1b\xf6\x42\xf2\xef\xc7\xf2\x18\xf9\x89\xbc\xa3\xff\x8a\x23\x2e\x70\x47", + ["Thawte Premium Server CA"] = "\x30\x82\x03\x27\x30\x82\x02\x90\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\xce\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5a\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0c\x57\x65\x73\x74\x65\x72\x6e\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6f\x77\x6e\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6f\x6e\x73\x75\x6c\x74\x69\x6e\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x54\x68\x61\x77\x74\x65\x20\x50\x72\x65\x6d\x69\x75\x6d\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x28\x30\x26\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x19\x70\x72\x65\x6d\x69\x75\x6d\x2d\x73\x65\x72\x76\x65\x72\x40\x74\x68\x61\x77\x74\x65\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x39\x36\x30\x38\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x30\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xce\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5a\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0c\x57\x65\x73\x74\x65\x72\x6e\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6f\x77\x6e\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6f\x6e\x73\x75\x6c\x74\x69\x6e\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x54\x68\x61\x77\x74\x65\x20\x50\x72\x65\x6d\x69\x75\x6d\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x28\x30\x26\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x19\x70\x72\x65\x6d\x69\x75\x6d\x2d\x73\x65\x72\x76\x65\x72\x40\x74\x68\x61\x77\x74\x65\x2e\x63\x6f\x6d\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xd2\x36\x36\x6a\x8b\xd7\xc2\x5b\x9e\xda\x81\x41\x62\x8f\x38\xee\x49\x04\x55\xd6\xd0\xef\x1c\x1b\x95\x16\x47\xef\x18\x48\x35\x3a\x52\xf4\x2b\x6a\x06\x8f\x3b\x2f\xea\x56\xe3\xaf\x86\x8d\x9e\x17\xf7\x9e\xb4\x65\x75\x02\x4d\xef\xcb\x09\xa2\x21\x51\xd8\x9b\xd0\x67\xd0\xba\x0d\x92\x06\x14\x73\xd4\x93\xcb\x97\x2a\x00\x9c\x5c\x4e\x0c\xbc\xfa\x15\x52\xfc\xf2\x44\x6e\xda\x11\x4a\x6e\x08\x9f\x2f\x2d\xe3\xf9\xaa\x3a\x86\x73\xb6\x46\x53\x58\xc8\x89\x05\xbd\x83\x11\xb8\x73\x3f\xaa\x07\x8d\xf4\x42\x4d\xe7\x40\x9d\x1c\x37\x02\x03\x01\x00\x01\xa3\x13\x30\x11\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x26\x48\x2c\x16\xc2\x58\xfa\xe8\x16\x74\x0c\xaa\xaa\x5f\x54\x3f\xf2\xd7\xc9\x78\x60\x5e\x5e\x6e\x37\x63\x22\x77\x36\x7e\xb2\x17\xc4\x34\xb9\xf5\x08\x85\xfc\xc9\x01\x38\xff\x4d\xbe\xf2\x16\x42\x43\xe7\xbb\x5a\x46\xfb\xc1\xc6\x11\x1f\xf1\x4a\xb0\x28\x46\xc9\xc3\xc4\x42\x7d\xbc\xfa\xab\x59\x6e\xd5\xb7\x51\x88\x11\xe3\xa4\x85\x19\x6b\x82\x4c\xa4\x0c\x12\xad\xe9\xa4\xae\x3f\xf1\xc3\x49\x65\x9a\x8c\xc5\xc8\x3e\x25\xb7\x94\x99\xbb\x92\x32\x71\x07\xf0\x86\x5e\xed\x50\x27\xa6\x0d\xa6\x23\xf9\xbb\xcb\xa6\x07\x14\x42", + ["Equifax Secure CA"] = "\x30\x82\x03\x20\x30\x82\x02\x89\xa0\x03\x02\x01\x02\x02\x04\x35\xde\xf4\xcf\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2d\x30\x2b\x06\x03\x55\x04\x0b\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x39\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5a\x17\x0d\x31\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5a\x30\x4e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2d\x30\x2b\x06\x03\x55\x04\x0b\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xc1\x5d\xb1\x58\x67\x08\x62\xee\xa0\x9a\x2d\x1f\x08\x6d\x91\x14\x68\x98\x0a\x1e\xfe\xda\x04\x6f\x13\x84\x62\x21\xc3\xd1\x7c\xce\x9f\x05\xe0\xb8\x01\xf0\x4e\x34\xec\xe2\x8a\x95\x04\x64\xac\xf1\x6b\x53\x5f\x05\xb3\xcb\x67\x80\xbf\x42\x02\x8e\xfe\xdd\x01\x09\xec\xe1\x00\x14\x4f\xfc\xfb\xf0\x0c\xdd\x43\xba\x5b\x2b\xe1\x1f\x80\x70\x99\x15\x57\x93\x16\xf1\x0f\x97\x6a\xb7\xc2\x68\x23\x1c\xcc\x4d\x59\x30\xac\x51\x1e\x3b\xaf\x2b\xd6\xee\x63\x45\x7b\xc5\xd9\x5f\x50\xd2\xe3\x50\x0f\x3a\x88\xe7\xbf\x14\xfd\xe0\xc7\xb9\x02\x03\x01\x00\x01\xa3\x82\x01\x09\x30\x82\x01\x05\x30\x70\x06\x03\x55\x1d\x1f\x04\x69\x30\x67\x30\x65\xa0\x63\xa0\x61\xa4\x5f\x30\x5d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2d\x30\x2b\x06\x03\x55\x04\x0b\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4c\x31\x30\x1a\x06\x03\x55\x1d\x10\x04\x13\x30\x11\x81\x0f\x32\x30\x31\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x48\xe6\x68\xf9\x2b\xd2\xb2\x95\xd7\x47\xd8\x23\x20\x10\x4f\x33\x98\x90\x9f\xd4\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x48\xe6\x68\xf9\x2b\xd2\xb2\x95\xd7\x47\xd8\x23\x20\x10\x4f\x33\x98\x90\x9f\xd4\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x1a\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x0d\x30\x0b\x1b\x05\x56\x33\x2e\x30\x63\x03\x02\x06\xc0\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x58\xce\x29\xea\xfc\xf7\xde\xb5\xce\x02\xb9\x17\xb5\x85\xd1\xb9\xe3\xe0\x95\xcc\x25\x31\x0d\x00\xa6\x92\x6e\x7f\xb6\x92\x63\x9e\x50\x95\xd1\x9a\x6f\xe4\x11\xde\x63\x85\x6e\x98\xee\xa8\xff\x5a\xc8\xd3\x55\xb2\x66\x71\x57\xde\xc0\x21\xeb\x3d\x2a\xa7\x23\x49\x01\x04\x86\x42\x7b\xfc\xee\x7f\xa2\x16\x52\xb5\x67\x67\xd3\x40\xdb\x3b\x26\x58\xb2\x28\x77\x3d\xae\x14\x77\x61\xd6\xfa\x2a\x66\x27\xa0\x0d\xfa\xa7\x73\x5c\xea\x70\xf1\x94\x21\x65\x44\x5f\xfa\xfc\xef\x29\x68\xa9\xa2\x87\x79\xef\x79\xef\x4f\xac\x07\x77\x38", + ["Digital Signature Trust Co. Global CA 1"] = "\x30\x82\x03\x29\x30\x82\x02\x92\xa0\x03\x02\x01\x02\x02\x04\x36\x70\x15\x96\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x46\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x43\x41\x20\x45\x31\x30\x1e\x17\x0d\x39\x38\x31\x32\x31\x30\x31\x38\x31\x30\x32\x33\x5a\x17\x0d\x31\x38\x31\x32\x31\x30\x31\x38\x34\x30\x32\x33\x5a\x30\x46\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x43\x41\x20\x45\x31\x30\x81\x9d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8b\x00\x30\x81\x87\x02\x81\x81\x00\xa0\x6c\x81\xa9\xcf\x34\x1e\x24\xdd\xfe\x86\x28\xcc\xde\x83\x2f\xf9\x5e\xd4\x42\xd2\xe8\x74\x60\x66\x13\x98\x06\x1c\xa9\x51\x12\x69\x6f\x31\x55\xb9\x49\x72\x00\x08\x7e\xd3\xa5\x62\x44\x37\x24\x99\x8f\xd9\x83\x48\x8f\x99\x6d\x95\x13\xbb\x43\x3b\x2e\x49\x4e\x88\x37\xc1\xbb\x58\x7f\xfe\xe1\xbd\xf8\xbb\x61\xcd\xf3\x47\xc0\x99\xa6\xf1\xf3\x91\xe8\x78\x7c\x00\xcb\x61\xc9\x44\x27\x71\x69\x55\x4a\x7e\x49\x4d\xed\xa2\xa3\xbe\x02\x4c\x00\xca\x02\xa8\xee\x01\x02\x31\x64\x0f\x52\x2d\x13\x74\x76\x36\xb5\x7a\xb4\x2d\x71\x02\x01\x03\xa3\x82\x01\x24\x30\x82\x01\x20\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x68\x06\x03\x55\x1d\x1f\x04\x61\x30\x5f\x30\x5d\xa0\x5b\xa0\x59\xa4\x57\x30\x55\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x43\x41\x20\x45\x31\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4c\x31\x30\x2b\x06\x03\x55\x1d\x10\x04\x24\x30\x22\x80\x0f\x31\x39\x39\x38\x31\x32\x31\x30\x31\x38\x31\x30\x32\x33\x5a\x81\x0f\x32\x30\x31\x38\x31\x32\x31\x30\x31\x38\x31\x30\x32\x33\x5a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x6a\x79\x7e\x91\x69\x46\x18\x13\x0a\x02\x77\xa5\x59\x5b\x60\x98\x25\x0e\xa2\xf8\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x6a\x79\x7e\x91\x69\x46\x18\x13\x0a\x02\x77\xa5\x59\x5b\x60\x98\x25\x0e\xa2\xf8\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x19\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x0c\x30\x0a\x1b\x04\x56\x34\x2e\x30\x03\x02\x04\x90\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x22\x12\xd8\x7a\x1d\xdc\x81\x06\xb6\x09\x65\xb2\x87\xc8\x1f\x5e\xb4\x2f\xe9\xc4\x1e\xf2\x3c\xc1\xbb\x04\x90\x11\x4a\x83\x4e\x7e\x93\xb9\x4d\x42\xc7\x92\x26\xa0\x5c\x34\x9a\x38\x72\xf8\xfd\x6b\x16\x3e\x20\xee\x82\x8b\x31\x2a\x93\x36\x85\x23\x88\x8a\x3c\x03\x68\xd3\xc9\x09\x0f\x4d\xfc\x6c\xa4\xda\x28\x72\x93\x0e\x89\x80\xb0\x7d\xfe\x80\x6f\x65\x6d\x18\x33\x97\x8b\xc2\x6b\x89\xee\x60\x3d\xc8\x9b\xef\x7f\x2b\x32\x62\x73\x93\xcb\x3c\xe3\x7b\xe2\x76\x78\x45\xbc\xa1\x93\x04\xbb\x86\x9f\x3a\x5b\x43\x7a\xc3\x8a\x65", + ["Digital Signature Trust Co. Global CA 3"] = "\x30\x82\x03\x29\x30\x82\x02\x92\xa0\x03\x02\x01\x02\x02\x04\x36\x6e\xd3\xce\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x46\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x30\x1e\x17\x0d\x39\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5a\x17\x0d\x31\x38\x31\x32\x30\x39\x31\x39\x34\x37\x32\x36\x5a\x30\x46\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x30\x81\x9d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8b\x00\x30\x81\x87\x02\x81\x81\x00\xbf\x93\x8f\x17\x92\xef\x33\x13\x18\xeb\x10\x7f\x4e\x16\xbf\xff\x06\x8f\x2a\x85\xbc\x5e\xf9\x24\xa6\x24\x88\xb6\x03\xb7\xc1\xc3\x5f\x03\x5b\xd1\x6f\xae\x7e\x42\xea\x66\x23\xb8\x63\x83\x56\xfb\x28\x2d\xe1\x38\x8b\xb4\xee\xa8\x01\xe1\xce\x1c\xb6\x88\x2a\x22\x46\x85\xfb\x9f\xa7\x70\xa9\x47\x14\x3f\xce\xde\x65\xf0\xa8\x71\xf7\x4f\x26\x6c\x8c\xbc\xc6\xb5\xef\xde\x49\x27\xff\x48\x2a\x7d\xe8\x4d\x03\xcc\xc7\xb2\x52\xc6\x17\x31\x13\x3b\xb5\x4d\xdb\xc8\xc4\xf6\xc3\x0f\x24\x2a\xda\x0c\x9d\xe7\x91\x5b\x80\xcd\x94\x9d\x02\x01\x03\xa3\x82\x01\x24\x30\x82\x01\x20\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x68\x06\x03\x55\x1d\x1f\x04\x61\x30\x5f\x30\x5d\xa0\x5b\xa0\x59\xa4\x57\x30\x55\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4c\x31\x30\x2b\x06\x03\x55\x1d\x10\x04\x24\x30\x22\x80\x0f\x31\x39\x39\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5a\x81\x0f\x32\x30\x31\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x1e\x82\x4d\x28\x65\x80\x3c\xc9\x41\x6e\xac\x35\x2e\x5a\xcb\xde\xee\xf8\x39\x5b\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x1e\x82\x4d\x28\x65\x80\x3c\xc9\x41\x6e\xac\x35\x2e\x5a\xcb\xde\xee\xf8\x39\x5b\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x19\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x0c\x30\x0a\x1b\x04\x56\x34\x2e\x30\x03\x02\x04\x90\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x47\x8d\x83\xad\x62\xf2\xdb\xb0\x9e\x45\x22\x05\xb9\xa2\xd6\x03\x0e\x38\x72\xe7\x9e\xfc\x7b\xe6\x93\xb6\x9a\xa5\xa2\x94\xc8\x34\x1d\x91\xd1\xc5\xd7\xf4\x0a\x25\x0f\x3d\x78\x81\x9e\x0f\xb1\x67\xc4\x90\x4c\x63\xdd\x5e\xa7\xe2\xba\x9f\xf5\xf7\x4d\xa5\x31\x7b\x9c\x29\x2d\x4c\xfe\x64\x3e\xec\xb6\x53\xfe\xea\x9b\xed\x82\xdb\x74\x75\x4b\x07\x79\x6e\x1e\xd8\x19\x83\x73\xde\xf5\x3e\xd0\xb5\xde\xe7\x4b\x68\x7d\x43\x2e\x2a\x20\xe1\x7e\xa0\x78\x44\x9e\x08\xf5\x98\xf9\xc7\x7f\x1b\x1b\xd6\x06\x20\x02\x58\xa1\xc3\xa2\x03", + ["Verisign Class 3 Public Primary Certification Authority"] = "\x30\x82\x02\x3c\x30\x82\x01\xa5\x02\x10\x70\xba\xe4\x1d\x10\xd9\x29\x34\xb6\x38\xca\x7b\x03\xcc\xba\xbf\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x02\x05\x00\x30\x5f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x0b\x13\x2e\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x39\x36\x30\x31\x32\x39\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x5f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x0b\x13\x2e\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xc9\x5c\x59\x9e\xf2\x1b\x8a\x01\x14\xb4\x10\xdf\x04\x40\xdb\xe3\x57\xaf\x6a\x45\x40\x8f\x84\x0c\x0b\xd1\x33\xd9\xd9\x11\xcf\xee\x02\x58\x1f\x25\xf7\x2a\xa8\x44\x05\xaa\xec\x03\x1f\x78\x7f\x9e\x93\xb9\x9a\x00\xaa\x23\x7d\xd6\xac\x85\xa2\x63\x45\xc7\x72\x27\xcc\xf4\x4c\xc6\x75\x71\xd2\x39\xef\x4f\x42\xf0\x75\xdf\x0a\x90\xc6\x8e\x20\x6f\x98\x0f\xf8\xac\x23\x5f\x70\x29\x36\xa4\xc9\x86\xe7\xb1\x9a\x20\xcb\x53\xa5\x85\xe7\x3d\xbe\x7d\x9a\xfe\x24\x45\x33\xdc\x76\x15\xed\x0f\xa2\x71\x64\x4c\x65\x2e\x81\x68\x45\xa7\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x02\x05\x00\x03\x81\x81\x00\xbb\x4c\x12\x2b\xcf\x2c\x26\x00\x4f\x14\x13\xdd\xa6\xfb\xfc\x0a\x11\x84\x8c\xf3\x28\x1c\x67\x92\x2f\x7c\xb6\xc5\xfa\xdf\xf0\xe8\x95\xbc\x1d\x8f\x6c\x2c\xa8\x51\xcc\x73\xd8\xa4\xc0\x53\xf0\x4e\xd6\x26\xc0\x76\x01\x57\x81\x92\x5e\x21\xf1\xd1\xb1\xff\xe7\xd0\x21\x58\xcd\x69\x17\xe3\x44\x1c\x9c\x19\x44\x39\x89\x5c\xdc\x9c\x00\x0f\x56\x8d\x02\x99\xed\xa2\x90\x45\x4c\xe4\xbb\x10\xa4\x3d\xf0\x32\x03\x0e\xf1\xce\xf8\xe8\xc9\x51\x8c\xe6\x62\x9f\xe6\x9f\xc0\x7d\xb7\x72\x9c\xc9\x36\x3a\x6b\x9f\x4e\xa8\xff\x64\x0d\x64", + ["Verisign Class 3 Public Primary Certification Authority - G2"] = "\x30\x82\x03\x02\x30\x82\x02\x6b\x02\x10\x7d\xd9\xfe\x07\xcf\xa8\x1e\xb7\x10\x79\x67\xfb\xa7\x89\x34\xc6\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xc1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x3c\x30\x3a\x06\x03\x55\x04\x0b\x13\x33\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x32\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x30\x1e\x17\x0d\x39\x38\x30\x35\x31\x38\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xc1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x3c\x30\x3a\x06\x03\x55\x04\x0b\x13\x33\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x32\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xcc\x5e\xd1\x11\x5d\x5c\x69\xd0\xab\xd3\xb9\x6a\x4c\x99\x1f\x59\x98\x30\x8e\x16\x85\x20\x46\x6d\x47\x3f\xd4\x85\x20\x84\xe1\x6d\xb3\xf8\xa4\xed\x0c\xf1\x17\x0f\x3b\xf9\xa7\xf9\x25\xd7\xc1\xcf\x84\x63\xf2\x7c\x63\xcf\xa2\x47\xf2\xc6\x5b\x33\x8e\x64\x40\x04\x68\xc1\x80\xb9\x64\x1c\x45\x77\xc7\xd8\x6e\xf5\x95\x29\x3c\x50\xe8\x34\xd7\x78\x1f\xa8\xba\x6d\x43\x91\x95\x8f\x45\x57\x5e\x7e\xc5\xfb\xca\xa4\x04\xeb\xea\x97\x37\x54\x30\x6f\xbb\x01\x47\x32\x33\xcd\xdc\x57\x9b\x64\x69\x61\xf8\x9b\x1d\x1c\x89\x4f\x5c\x67\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x51\x4d\xcd\xbe\x5c\xcb\x98\x19\x9c\x15\xb2\x01\x39\x78\x2e\x4d\x0f\x67\x70\x70\x99\xc6\x10\x5a\x94\xa4\x53\x4d\x54\x6d\x2b\xaf\x0d\x5d\x40\x8b\x64\xd3\xd7\xee\xde\x56\x61\x92\x5f\xa6\xc4\x1d\x10\x61\x36\xd3\x2c\x27\x3c\xe8\x29\x09\xb9\x11\x64\x74\xcc\xb5\x73\x9f\x1c\x48\xa9\xbc\x61\x01\xee\xe2\x17\xa6\x0c\xe3\x40\x08\x3b\x0e\xe7\xeb\x44\x73\x2a\x9a\xf1\x69\x92\xef\x71\x14\xc3\x39\xac\x71\xa7\x91\x09\x6f\xe4\x71\x06\xb3\xba\x59\x57\x26\x79\x00\xf6\xf8\x0d\xa2\x33\x30\x28\xd4\xaa\x58\xa0\x9d\x9d\x69\x91\xfd", + ["Verisign Class 4 Public Primary Certification Authority - G2"] = "\x30\x82\x03\x02\x30\x82\x02\x6b\x02\x10\x32\x88\x8e\x9a\xd2\xf5\xeb\x13\x47\xf8\x7f\xc4\x20\x37\x25\xf8\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xc1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x3c\x30\x3a\x06\x03\x55\x04\x0b\x13\x33\x43\x6c\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x32\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x30\x1e\x17\x0d\x39\x38\x30\x35\x31\x38\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xc1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x3c\x30\x3a\x06\x03\x55\x04\x0b\x13\x33\x43\x6c\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x32\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xba\xf0\xe4\xcf\xf9\xc4\xae\x85\x54\xb9\x07\x57\xf9\x8f\xc5\x7f\x68\x11\xf8\xc4\x17\xb0\x44\xdc\xe3\x30\x73\xd5\x2a\x62\x2a\xb8\xd0\xcc\x1c\xed\x28\x5b\x7e\xbd\x6a\xdc\xb3\x91\x24\xca\x41\x62\x3c\xfc\x02\x01\xbf\x1c\x16\x31\x94\x05\x97\x76\x6e\xa2\xad\xbd\x61\x17\x6c\x4e\x30\x86\xf0\x51\x37\x2a\x50\xc7\xa8\x62\x81\xdc\x5b\x4a\xaa\xc1\xa0\xb4\x6e\xeb\x2f\xe5\x57\xc5\xb1\x2b\x40\x70\xdb\x5a\x4d\xa1\x8e\x1f\xbd\x03\x1f\xd8\x03\xd4\x8f\x4c\x99\x71\xbc\xe2\x82\xcc\x58\xe8\x98\x3a\x86\xd3\x86\x38\xf3\x00\x29\x1f\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x85\x8c\x12\xc1\xa7\xb9\x50\x15\x7a\xcb\x3e\xac\xb8\x43\x8a\xdc\xaa\xdd\x14\xba\x89\x81\x7e\x01\x3c\x23\x71\x21\x88\x2f\x82\xdc\x63\xfa\x02\x45\xac\x45\x59\xd7\x2a\x58\x44\x5b\xb7\x9f\x81\x3b\x92\x68\x3d\xe2\x37\x24\xf5\x7b\x6c\x8f\x76\x35\x96\x09\xa8\x59\x9d\xb9\xce\x23\xab\x74\xd6\x83\xfd\x32\x73\x27\xd8\x69\x3e\x43\x74\xf6\xae\xc5\x89\x9a\xe7\x53\x7c\xe9\x7b\xf6\x4b\xf3\xc1\x65\x83\xde\x8d\x8a\x9c\x3c\x88\x8d\x39\x59\xfc\xaa\x3f\x22\x8d\xa1\xc1\x66\x50\x81\x72\x4c\xed\x22\x64\x4f\x4f\xca\x80\x91\xb6\x29", + ["GlobalSign Root CA"] = "\x30\x82\x03\x75\x30\x82\x02\x5d\xa0\x03\x02\x01\x02\x02\x0b\x04\x00\x00\x00\x00\x01\x15\x4b\x5a\xc3\x94\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x57\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x6e\x76\x2d\x73\x61\x31\x10\x30\x0e\x06\x03\x55\x04\x0b\x13\x07\x52\x6f\x6f\x74\x20\x43\x41\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x39\x38\x30\x39\x30\x31\x31\x32\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x30\x31\x32\x38\x31\x32\x30\x30\x30\x30\x5a\x30\x57\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x6e\x76\x2d\x73\x61\x31\x10\x30\x0e\x06\x03\x55\x04\x0b\x13\x07\x52\x6f\x6f\x74\x20\x43\x41\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xda\x0e\xe6\x99\x8d\xce\xa3\xe3\x4f\x8a\x7e\xfb\xf1\x8b\x83\x25\x6b\xea\x48\x1f\xf1\x2a\xb0\xb9\x95\x11\x04\xbd\xf0\x63\xd1\xe2\x67\x66\xcf\x1c\xdd\xcf\x1b\x48\x2b\xee\x8d\x89\x8e\x9a\xaf\x29\x80\x65\xab\xe9\xc7\x2d\x12\xcb\xab\x1c\x4c\x70\x07\xa1\x3d\x0a\x30\xcd\x15\x8d\x4f\xf8\xdd\xd4\x8c\x50\x15\x1c\xef\x50\xee\xc4\x2e\xf7\xfc\xe9\x52\xf2\x91\x7d\xe0\x6d\xd5\x35\x30\x8e\x5e\x43\x73\xf2\x41\xe9\xd5\x6a\xe3\xb2\x89\x3a\x56\x39\x38\x6f\x06\x3c\x88\x69\x5b\x2a\x4d\xc5\xa7\x54\xb8\x6c\x89\xcc\x9b\xf9\x3c\xca\xe5\xfd\x89\xf5\x12\x3c\x92\x78\x96\xd6\xdc\x74\x6e\x93\x44\x61\xd1\x8d\xc7\x46\xb2\x75\x0e\x86\xe8\x19\x8a\xd5\x6d\x6c\xd5\x78\x16\x95\xa2\xe9\xc8\x0a\x38\xeb\xf2\x24\x13\x4f\x73\x54\x93\x13\x85\x3a\x1b\xbc\x1e\x34\xb5\x8b\x05\x8c\xb9\x77\x8b\xb1\xdb\x1f\x20\x91\xab\x09\x53\x6e\x90\xce\x7b\x37\x74\xb9\x70\x47\x91\x22\x51\x63\x16\x79\xae\xb1\xae\x41\x26\x08\xc8\x19\x2b\xd1\x46\xaa\x48\xd6\x64\x2a\xd7\x83\x34\xff\x2c\x2a\xc1\x6c\x19\x43\x4a\x07\x85\xe7\xd3\x7c\xf6\x21\x68\xef\xea\xf2\x52\x9f\x7f\x93\x90\xcf\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x60\x7b\x66\x1a\x45\x0d\x97\xca\x89\x50\x2f\x7d\x04\xcd\x34\xa8\xff\xfc\xfd\x4b\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xd6\x73\xe7\x7c\x4f\x76\xd0\x8d\xbf\xec\xba\xa2\xbe\x34\xc5\x28\x32\xb5\x7c\xfc\x6c\x9c\x2c\x2b\xbd\x09\x9e\x53\xbf\x6b\x5e\xaa\x11\x48\xb6\xe5\x08\xa3\xb3\xca\x3d\x61\x4d\xd3\x46\x09\xb3\x3e\xc3\xa0\xe3\x63\x55\x1b\xf2\xba\xef\xad\x39\xe1\x43\xb9\x38\xa3\xe6\x2f\x8a\x26\x3b\xef\xa0\x50\x56\xf9\xc6\x0a\xfd\x38\xcd\xc4\x0b\x70\x51\x94\x97\x98\x04\xdf\xc3\x5f\x94\xd5\x15\xc9\x14\x41\x9c\xc4\x5d\x75\x64\x15\x0d\xff\x55\x30\xec\x86\x8f\xff\x0d\xef\x2c\xb9\x63\x46\xf6\xaa\xfc\xdf\xbc\x69\xfd\x2e\x12\x48\x64\x9a\xe0\x95\xf0\xa6\xef\x29\x8f\x01\xb1\x15\xb5\x0c\x1d\xa5\xfe\x69\x2c\x69\x24\x78\x1e\xb3\xa7\x1c\x71\x62\xee\xca\xc8\x97\xac\x17\x5d\x8a\xc2\xf8\x47\x86\x6e\x2a\xc4\x56\x31\x95\xd0\x67\x89\x85\x2b\xf9\x6c\xa6\x5d\x46\x9d\x0c\xaa\x82\xe4\x99\x51\xdd\x70\xb7\xdb\x56\x3d\x61\xe4\x6a\xe1\x5c\xd6\xf6\xfe\x3d\xde\x41\xcc\x07\xae\x63\x52\xbf\x53\x53\xf4\x2b\xe9\xc7\xfd\xb6\xf7\x82\x5f\x85\xd2\x41\x18\xdb\x81\xb3\x04\x1c\xc5\x1f\xa4\x80\x6f\x15\x20\xc9\xde\x0c\x88\x0a\x1d\xd6\x66\x55\xe2\xfc\x48\xc9\x29\x26\x69\xe0", + ["GlobalSign Root CA - R2"] = "\x30\x82\x03\xba\x30\x82\x02\xa2\xa0\x03\x02\x01\x02\x02\x0b\x04\x00\x00\x00\x00\x01\x0f\x86\x26\xe6\x0d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4c\x31\x20\x30\x1e\x06\x03\x55\x04\x0b\x13\x17\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x52\x32\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x30\x1e\x17\x0d\x30\x36\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5a\x17\x0d\x32\x31\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5a\x30\x4c\x31\x20\x30\x1e\x06\x03\x55\x04\x0b\x13\x17\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x52\x32\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa6\xcf\x24\x0e\xbe\x2e\x6f\x28\x99\x45\x42\xc4\xab\x3e\x21\x54\x9b\x0b\xd3\x7f\x84\x70\xfa\x12\xb3\xcb\xbf\x87\x5f\xc6\x7f\x86\xd3\xb2\x30\x5c\xd6\xfd\xad\xf1\x7b\xdc\xe5\xf8\x60\x96\x09\x92\x10\xf5\xd0\x53\xde\xfb\x7b\x7e\x73\x88\xac\x52\x88\x7b\x4a\xa6\xca\x49\xa6\x5e\xa8\xa7\x8c\x5a\x11\xbc\x7a\x82\xeb\xbe\x8c\xe9\xb3\xac\x96\x25\x07\x97\x4a\x99\x2a\x07\x2f\xb4\x1e\x77\xbf\x8a\x0f\xb5\x02\x7c\x1b\x96\xb8\xc5\xb9\x3a\x2c\xbc\xd6\x12\xb9\xeb\x59\x7d\xe2\xd0\x06\x86\x5f\x5e\x49\x6a\xb5\x39\x5e\x88\x34\xec\xbc\x78\x0c\x08\x98\x84\x6c\xa8\xcd\x4b\xb4\xa0\x7d\x0c\x79\x4d\xf0\xb8\x2d\xcb\x21\xca\xd5\x6c\x5b\x7d\xe1\xa0\x29\x84\xa1\xf9\xd3\x94\x49\xcb\x24\x62\x91\x20\xbc\xdd\x0b\xd5\xd9\xcc\xf9\xea\x27\x0a\x2b\x73\x91\xc6\x9d\x1b\xac\xc8\xcb\xe8\xe0\xa0\xf4\x2f\x90\x8b\x4d\xfb\xb0\x36\x1b\xf6\x19\x7a\x85\xe0\x6d\xf2\x61\x13\x88\x5c\x9f\xe0\x93\x0a\x51\x97\x8a\x5a\xce\xaf\xab\xd5\xf7\xaa\x09\xaa\x60\xbd\xdc\xd9\x5f\xdf\x72\xa9\x60\x13\x5e\x00\x01\xc9\x4a\xfa\x3f\xa4\xea\x07\x03\x21\x02\x8e\x82\xca\x03\xc2\x9b\x8f\x02\x03\x01\x00\x01\xa3\x81\x9c\x30\x81\x99\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x9b\xe2\x07\x57\x67\x1c\x1e\xc0\x6a\x06\xde\x59\xb4\x9a\x2d\xdf\xdc\x19\x86\x2e\x30\x36\x06\x03\x55\x1d\x1f\x04\x2f\x30\x2d\x30\x2b\xa0\x29\xa0\x27\x86\x25\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x67\x6c\x6f\x62\x61\x6c\x73\x69\x67\x6e\x2e\x6e\x65\x74\x2f\x72\x6f\x6f\x74\x2d\x72\x32\x2e\x63\x72\x6c\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x9b\xe2\x07\x57\x67\x1c\x1e\xc0\x6a\x06\xde\x59\xb4\x9a\x2d\xdf\xdc\x19\x86\x2e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x99\x81\x53\x87\x1c\x68\x97\x86\x91\xec\xe0\x4a\xb8\x44\x0b\xab\x81\xac\x27\x4f\xd6\xc1\xb8\x1c\x43\x78\xb3\x0c\x9a\xfc\xea\x2c\x3c\x6e\x61\x1b\x4d\x4b\x29\xf5\x9f\x05\x1d\x26\xc1\xb8\xe9\x83\x00\x62\x45\xb6\xa9\x08\x93\xb9\xa9\x33\x4b\x18\x9a\xc2\xf8\x87\x88\x4e\xdb\xdd\x71\x34\x1a\xc1\x54\xda\x46\x3f\xe0\xd3\x2a\xab\x6d\x54\x22\xf5\x3a\x62\xcd\x20\x6f\xba\x29\x89\xd7\xdd\x91\xee\xd3\x5c\xa2\x3e\xa1\x5b\x41\xf5\xdf\xe5\x64\x43\x2d\xe9\xd5\x39\xab\xd2\xa2\xdf\xb7\x8b\xd0\xc0\x80\x19\x1c\x45\xc0\x2d\x8c\xe8\xf8\x2d\xa4\x74\x56\x49\xc5\x05\xb5\x4f\x15\xde\x6e\x44\x78\x39\x87\xa8\x7e\xbb\xf3\x79\x18\x91\xbb\xf4\x6f\x9d\xc1\xf0\x8c\x35\x8c\x5d\x01\xfb\xc3\x6d\xb9\xef\x44\x6d\x79\x46\x31\x7e\x0a\xfe\xa9\x82\xc1\xff\xef\xab\x6e\x20\xc4\x50\xc9\x5f\x9d\x4d\x9b\x17\x8c\x0c\xe5\x01\xc9\xa0\x41\x6a\x73\x53\xfa\xa5\x50\xb4\x6e\x25\x0f\xfb\x4c\x18\xf4\xfd\x52\xd9\x8e\x69\xb1\xe8\x11\x0f\xde\x88\xd8\xfb\x1d\x49\xf7\xaa\xde\x95\xcf\x20\x78\xc2\x60\x12\xdb\x25\x40\x8c\x6a\xfc\x7e\x42\x38\x40\x64\x12\xf7\x9e\x81\xe1\x93\x2e", + ["ValiCert Class 1 VA"] = "\x30\x82\x02\xe7\x30\x82\x02\x50\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xbb\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1b\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x61\x6c\x69\x43\x65\x72\x74\x2c\x20\x49\x6e\x63\x2e\x31\x35\x30\x33\x06\x03\x55\x04\x0b\x13\x2c\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x43\x6c\x61\x73\x73\x20\x31\x20\x50\x6f\x6c\x69\x63\x79\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x2f\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x39\x39\x30\x36\x32\x35\x32\x32\x32\x33\x34\x38\x5a\x17\x0d\x31\x39\x30\x36\x32\x35\x32\x32\x32\x33\x34\x38\x5a\x30\x81\xbb\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1b\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x61\x6c\x69\x43\x65\x72\x74\x2c\x20\x49\x6e\x63\x2e\x31\x35\x30\x33\x06\x03\x55\x04\x0b\x13\x2c\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x43\x6c\x61\x73\x73\x20\x31\x20\x50\x6f\x6c\x69\x63\x79\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x2f\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xd8\x59\x82\x7a\x89\xb8\x96\xba\xa6\x2f\x68\x6f\x58\x2e\xa7\x54\x1c\x06\x6e\xf4\xea\x8d\x48\xbc\x31\x94\x17\xf0\xf3\x4e\xbc\xb2\xb8\x35\x92\x76\xb0\xd0\xa5\xa5\x01\xd7\x00\x03\x12\x22\x19\x08\xf8\xff\x11\x23\x9b\xce\x07\xf5\xbf\x69\x1a\x26\xfe\x4e\xe9\xd1\x7f\x9d\x2c\x40\x1d\x59\x68\x6e\xa6\xf8\x58\xb0\x9d\x1a\x8f\xd3\x3f\xf1\xdc\x19\x06\x81\xa8\x0e\xe0\x3a\xdd\xc8\x53\x45\x09\x06\xe6\x0f\x70\xc3\xfa\x40\xa6\x0e\xe2\x56\x05\x0f\x18\x4d\xfc\x20\x82\xd1\x73\x55\x74\x8d\x76\x72\xa0\x1d\x9d\x1d\xc0\xdd\x3f\x71\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x50\x68\x3d\x49\xf4\x2c\x1c\x06\x94\xdf\x95\x60\x7f\x96\x7b\x17\xfe\x4f\x71\xad\x64\xc8\xdd\x77\xd2\xef\x59\x55\xe8\x3f\xe8\x8e\x05\x2a\x21\xf2\x07\xd2\xb5\xa7\x52\xfe\x9c\xb1\xb6\xe2\x5b\x77\x17\x40\xea\x72\xd6\x23\xcb\x28\x81\x32\xc3\x00\x79\x18\xec\x59\x17\x89\xc9\xc6\x6a\x1e\x71\xc9\xfd\xb7\x74\xa5\x25\x45\x69\xc5\x48\xab\x19\xe1\x45\x8a\x25\x6b\x19\xee\xe5\xbb\x12\xf5\x7f\xf7\xa6\x8d\x51\xc3\xf0\x9d\x74\xb7\xa9\x3e\xa0\xa5\xff\xb6\x49\x03\x13\xda\x22\xcc\xed\x71\x82\x2b\x99\xcf\x3a\xb7\xf5\x2d\x72\xc8", + ["ValiCert Class 2 VA"] = "\x30\x82\x02\xe7\x30\x82\x02\x50\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xbb\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1b\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x61\x6c\x69\x43\x65\x72\x74\x2c\x20\x49\x6e\x63\x2e\x31\x35\x30\x33\x06\x03\x55\x04\x0b\x13\x2c\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x50\x6f\x6c\x69\x63\x79\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x2f\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x39\x39\x30\x36\x32\x36\x30\x30\x31\x39\x35\x34\x5a\x17\x0d\x31\x39\x30\x36\x32\x36\x30\x30\x31\x39\x35\x34\x5a\x30\x81\xbb\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1b\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x61\x6c\x69\x43\x65\x72\x74\x2c\x20\x49\x6e\x63\x2e\x31\x35\x30\x33\x06\x03\x55\x04\x0b\x13\x2c\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x50\x6f\x6c\x69\x63\x79\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x2f\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xce\x3a\x71\xca\xe5\xab\xc8\x59\x92\x55\xd7\xab\xd8\x74\x0e\xf9\xee\xd9\xf6\x55\x47\x59\x65\x47\x0e\x05\x55\xdc\xeb\x98\x36\x3c\x5c\x53\x5d\xd3\x30\xcf\x38\xec\xbd\x41\x89\xed\x25\x42\x09\x24\x6b\x0a\x5e\xb3\x7c\xdd\x52\x2d\x4c\xe6\xd4\xd6\x7d\x5a\x59\xa9\x65\xd4\x49\x13\x2d\x24\x4d\x1c\x50\x6f\xb5\xc1\x85\x54\x3b\xfe\x71\xe4\xd3\x5c\x42\xf9\x80\xe0\x91\x1a\x0a\x5b\x39\x36\x67\xf3\x3f\x55\x7c\x1b\x3f\xb4\x5f\x64\x73\x34\xe3\xb4\x12\xbf\x87\x64\xf8\xda\x12\xff\x37\x27\xc1\xb3\x43\xbb\xef\x7b\x6e\x2e\x69\xf7\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x3b\x7f\x50\x6f\x6f\x50\x94\x99\x49\x62\x38\x38\x1f\x4b\xf8\xa5\xc8\x3e\xa7\x82\x81\xf6\x2b\xc7\xe8\xc5\xce\xe8\x3a\x10\x82\xcb\x18\x00\x8e\x4d\xbd\xa8\x58\x7f\xa1\x79\x00\xb5\xbb\xe9\x8d\xaf\x41\xd9\x0f\x34\xee\x21\x81\x19\xa0\x32\x49\x28\xf4\xc4\x8e\x56\xd5\x52\x33\xfd\x50\xd5\x7e\x99\x6c\x03\xe4\xc9\x4c\xfc\xcb\x6c\xab\x66\xb3\x4a\x21\x8c\xe5\xb5\x0c\x32\x3e\x10\xb2\xcc\x6c\xa1\xdc\x9a\x98\x4c\x02\x5b\xf3\xce\xb9\x9e\xa5\x72\x0e\x4a\xb7\x3f\x3c\xe6\x16\x68\xf8\xbe\xed\x74\x4c\xbc\x5b\xd5\x62\x1f\x43\xdd", + ["RSA Root Certificate 1"] = "\x30\x82\x02\xe7\x30\x82\x02\x50\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xbb\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1b\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x61\x6c\x69\x43\x65\x72\x74\x2c\x20\x49\x6e\x63\x2e\x31\x35\x30\x33\x06\x03\x55\x04\x0b\x13\x2c\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x6f\x6c\x69\x63\x79\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x2f\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x39\x39\x30\x36\x32\x36\x30\x30\x32\x32\x33\x33\x5a\x17\x0d\x31\x39\x30\x36\x32\x36\x30\x30\x32\x32\x33\x33\x5a\x30\x81\xbb\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1b\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x61\x6c\x69\x43\x65\x72\x74\x2c\x20\x49\x6e\x63\x2e\x31\x35\x30\x33\x06\x03\x55\x04\x0b\x13\x2c\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x6f\x6c\x69\x63\x79\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x2f\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xe3\x98\x51\x96\x1c\xe8\xd5\xb1\x06\x81\x6a\x57\xc3\x72\x75\x93\xab\xcf\x9e\xa6\xfc\xf3\x16\x52\xd6\x2d\x4d\x9f\x35\x44\xa8\x2e\x04\x4d\x07\x49\x8a\x38\x29\xf5\x77\x37\xe7\xb7\xab\x5d\xdf\x36\x71\x14\x99\x8f\xdc\xc2\x92\xf1\xe7\x60\x92\x97\xec\xd8\x48\xdc\xbf\xc1\x02\x20\xc6\x24\xa4\x28\x4c\x30\x5a\x76\x6d\xb1\x5c\xf3\xdd\xde\x9e\x10\x71\xa1\x88\xc7\x5b\x9b\x41\x6d\xca\xb0\xb8\x8e\x15\xee\xad\x33\x2b\xcf\x47\x04\x5c\x75\x71\x0a\x98\x24\x98\x29\xa7\x49\x59\xa5\xdd\xf8\xb7\x43\x62\x61\xf3\xd3\xe2\xd0\x55\x3f\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x56\xbb\x02\x58\x84\x67\x08\x2c\xdf\x1f\xdb\x7b\x49\x33\xf5\xd3\x67\x9d\xf4\xb4\x0a\x10\xb3\xc9\xc5\x2c\xe2\x92\x6a\x71\x78\x27\xf2\x70\x83\x42\xd3\x3e\xcf\xa9\x54\xf4\xf1\xd8\x92\x16\x8c\xd1\x04\xcb\x4b\xab\xc9\x9f\x45\xae\x3c\x8a\xa9\xb0\x71\x33\x5d\xc8\xc5\x57\xdf\xaf\xa8\x35\xb3\x7f\x89\x87\xe9\xe8\x25\x92\xb8\x7f\x85\x7a\xae\xd6\xbc\x1e\x37\x58\x2a\x67\xc9\x91\xcf\x2a\x81\x3e\xed\xc6\x39\xdf\xc0\x3e\x19\x9c\x19\xcc\x13\x4d\x82\x41\xb5\x8c\xde\xe0\x3d\x60\x08\x20\x0f\x45\x7e\x6b\xa2\x7f\xa3\x8c\x15\xee", + ["Verisign Class 3 Public Primary Certification Authority - G3"] = "\x30\x82\x04\x1a\x30\x82\x03\x02\x02\x11\x00\x9b\x7e\x06\x49\xa3\x3e\x62\xb9\xd5\xee\x90\x48\x71\x29\xef\x57\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x33\x30\x1e\x17\x0d\x39\x39\x31\x30\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x33\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xcb\xba\x9c\x52\xfc\x78\x1f\x1a\x1e\x6f\x1b\x37\x73\xbd\xf8\xc9\x6b\x94\x12\x30\x4f\xf0\x36\x47\xf5\xd0\x91\x0a\xf5\x17\xc8\xa5\x61\xc1\x16\x40\x4d\xfb\x8a\x61\x90\xe5\x76\x20\xc1\x11\x06\x7d\xab\x2c\x6e\xa6\xf5\x11\x41\x8e\xfa\x2d\xad\x2a\x61\x59\xa4\x67\x26\x4c\xd0\xe8\xbc\x52\x5b\x70\x20\x04\x58\xd1\x7a\xc9\xa4\x69\xbc\x83\x17\x64\xad\x05\x8b\xbc\xd0\x58\xce\x8d\x8c\xf5\xeb\xf0\x42\x49\x0b\x9d\x97\x27\x67\x32\x6e\xe1\xae\x93\x15\x1c\x70\xbc\x20\x4d\x2f\x18\xde\x92\x88\xe8\x6c\x85\x57\x11\x1a\xe9\x7e\xe3\x26\x11\x54\xa2\x45\x96\x55\x83\xca\x30\x89\xe8\xdc\xd8\xa3\xed\x2a\x80\x3f\x7f\x79\x65\x57\x3e\x15\x20\x66\x08\x2f\x95\x93\xbf\xaa\x47\x2f\xa8\x46\x97\xf0\x12\xe2\xfe\xc2\x0a\x2b\x51\xe6\x76\xe6\xb7\x46\xb7\xe2\x0d\xa6\xcc\xa8\xc3\x4c\x59\x55\x89\xe6\xe8\x53\x5c\x1c\xea\x9d\xf0\x62\x16\x0b\xa7\xc9\x5f\x0c\xf0\xde\xc2\x76\xce\xaf\xf7\x6a\xf2\xfa\x41\xa6\xa2\x33\x14\xc9\xe5\x7a\x63\xd3\x9e\x62\x37\xd5\x85\x65\x9e\x0e\xe6\x53\x24\x74\x1b\x5e\x1d\x12\x53\x5b\xc7\x2c\xe7\x83\x49\x3b\x15\xae\x8a\x68\xb9\x57\x97\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x11\x14\x96\xc1\xab\x92\x08\xf7\x3f\x2f\xc9\xb2\xfe\xe4\x5a\x9f\x64\xde\xdb\x21\x4f\x86\x99\x34\x76\x36\x57\xdd\xd0\x15\x2f\xc5\xad\x7f\x15\x1f\x37\x62\x73\x3e\xd4\xe7\x5f\xce\x17\x03\xdb\x35\xfa\x2b\xdb\xae\x60\x09\x5f\x1e\x5f\x8f\x6e\xbb\x0b\x3d\xea\x5a\x13\x1e\x0c\x60\x6f\xb5\xc0\xb5\x23\x22\x2e\x07\x0b\xcb\xa9\x74\xcb\x47\xbb\x1d\xc1\xd7\xa5\x6b\xcc\x2f\xd2\x42\xfd\x49\xdd\xa7\x89\xcf\x53\xba\xda\x00\x5a\x28\xbf\x82\xdf\xf8\xba\x13\x1d\x50\x86\x82\xfd\x8e\x30\x8f\x29\x46\xb0\x1e\x3d\x35\xda\x38\x62\x16\x18\x4a\xad\xe6\xb6\x51\x6c\xde\xaf\x62\xeb\x01\xd0\x1e\x24\xfe\x7a\x8f\x12\x1a\x12\x68\xb8\xfb\x66\x99\x14\x14\x45\x5c\xae\xe7\xae\x69\x17\x81\x2b\x5a\x37\xc9\x5e\x2a\xf4\xc6\xe2\xa1\x5c\x54\x9b\xa6\x54\x00\xcf\xf0\xf1\xc1\xc7\x98\x30\x1a\x3b\x36\x16\xdb\xa3\x6e\xea\xfd\xad\xb2\xc2\xda\xef\x02\x47\x13\x8a\xc0\xf1\xb3\x31\xad\x4f\x1c\xe1\x4f\x9c\xaf\x0f\x0c\x9d\xf7\x78\x0d\xd8\xf4\x35\x56\x80\xda\xb7\x6d\x17\x8f\x9d\x1e\x81\x64\xe1\xfe\xc5\x45\xba\xad\x6b\xb9\x0a\x7a\x4e\x4f\x4b\x84\xee\x4b\xf1\x7d\xdd\x11", + ["Verisign Class 4 Public Primary Certification Authority - G3"] = "\x30\x82\x04\x1a\x30\x82\x03\x02\x02\x11\x00\xec\xa0\xa7\x8b\x6e\x75\x6a\x01\xcf\xc4\x7c\xcc\x2f\x94\x5e\xd7\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x33\x30\x1e\x17\x0d\x39\x39\x31\x30\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x33\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xad\xcb\xa5\x11\x69\xc6\x59\xab\xf1\x8f\xb5\x19\x0f\x56\xce\xcc\xb5\x1f\x20\xe4\x9e\x26\x25\x4b\xe0\x73\x65\x89\x59\xde\xd0\x83\xe4\xf5\x0f\xb5\xbb\xad\xf1\x7c\xe8\x21\xfc\xe4\xe8\x0c\xee\x7c\x45\x22\x19\x76\x92\xb4\x13\xb7\x20\x5b\x09\xfa\x61\xae\xa8\xf2\xa5\x8d\x85\xc2\x2a\xd6\xde\x66\x36\xd2\x9b\x02\xf4\xa8\x92\x60\x7c\x9c\x69\xb4\x8f\x24\x1e\xd0\x86\x52\xf6\x32\x9c\x41\x58\x1e\x22\xbd\xcd\x45\x62\x95\x08\x6e\xd0\x66\xdd\x53\xa2\xcc\xf0\x10\xdc\x54\x73\x8b\x04\xa1\x46\x33\x33\x5c\x17\x40\xb9\x9e\x4d\xd3\xf3\xbe\x55\x83\xe8\xb1\x89\x8e\x5a\x7c\x9a\x96\x22\x90\x3b\x88\x25\xf2\xd2\x53\x88\x02\x0c\x0b\x78\xf2\xe6\x37\x17\x4b\x30\x46\x07\xe4\x80\x6d\xa6\xd8\x96\x2e\xe8\x2c\xf8\x11\xb3\x38\x0d\x66\xa6\x9b\xea\xc9\x23\x5b\xdb\x8e\xe2\xf3\x13\x8e\x1a\x59\x2d\xaa\x02\xf0\xec\xa4\x87\x66\xdc\xc1\x3f\xf5\xd8\xb9\xf4\xec\x82\xc6\xd2\x3d\x95\x1d\xe5\xc0\x4f\x84\xc9\xd9\xa3\x44\x28\x06\x6a\xd7\x45\xac\xf0\x6b\x6a\xef\x4e\x5f\xf8\x11\x82\x1e\x38\x63\x34\x66\x50\xd4\x3e\x93\x73\xfa\x30\xc3\x66\xad\xff\x93\x2d\x97\xef\x03\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8f\xfa\x25\x6b\x4f\x5b\xe4\xa4\x4e\x27\x55\xab\x22\x15\x59\x3c\xca\xb5\x0a\xd4\x4a\xdb\xab\xdd\xa1\x5f\x53\xc5\xa0\x57\x39\xc2\xce\x47\x2b\xbe\x3a\xc8\x56\xbf\xc2\xd9\x27\x10\x3a\xb1\x05\x3c\xc0\x77\x31\xbb\x3a\xd3\x05\x7b\x6d\x9a\x1c\x30\x8c\x80\xcb\x93\x93\x2a\x83\xab\x05\x51\x82\x02\x00\x11\x67\x6b\xf3\x88\x61\x47\x5f\x03\x93\xd5\x5b\x0d\xe0\xf1\xd4\xa1\x32\x35\x85\xb2\x3a\xdb\xb0\x82\xab\xd1\xcb\x0a\xbc\x4f\x8c\x5b\xc5\x4b\x00\x3b\x1f\x2a\x82\xa6\x7e\x36\x85\xdc\x7e\x3c\x67\x00\xb5\xe4\x3b\x52\xe0\xa8\xeb\x5d\x15\xf9\xc6\x6d\xf0\xad\x1d\x0e\x85\xb7\xa9\x9a\x73\x14\x5a\x5b\x8f\x41\x28\xc0\xd5\xe8\x2d\x4d\xa4\x5e\xcd\xaa\xd9\xed\xce\xdc\xd8\xd5\x3c\x42\x1d\x17\xc1\x12\x5d\x45\x38\xc3\x38\xf3\xfc\x85\x2e\x83\x46\x48\xb2\xd7\x20\x5f\x92\x36\x8f\xe7\x79\x0f\x98\x5e\x99\xe8\xf0\xd0\xa4\xbb\xf5\x53\xbd\x2a\xce\x59\xb0\xaf\x6e\x7f\x6c\xbb\xd2\x1e\x00\xb0\x21\xed\xf8\x41\x62\x82\xb9\xd8\xb2\xc4\xbb\x46\x50\xf3\x31\xc5\x8f\x01\xa8\x74\xeb\xf5\x78\x27\xda\xe7\xf7\x66\x43\xf3\x9e\x83\x3e\x20\xaa\xc3\x35\x60\x91\xce", + ["Entrust.net Secure Server CA"] = "\x30\x82\x04\xd8\x30\x82\x04\x41\xa0\x03\x02\x01\x02\x02\x04\x37\x4a\xd2\x43\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xc3\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x31\x3b\x30\x39\x06\x03\x55\x04\x0b\x13\x32\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x50\x53\x20\x69\x6e\x63\x6f\x72\x70\x2e\x20\x62\x79\x20\x72\x65\x66\x2e\x20\x28\x6c\x69\x6d\x69\x74\x73\x20\x6c\x69\x61\x62\x2e\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x3a\x30\x38\x06\x03\x55\x04\x03\x13\x31\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x53\x65\x63\x75\x72\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x39\x39\x30\x35\x32\x35\x31\x36\x30\x39\x34\x30\x5a\x17\x0d\x31\x39\x30\x35\x32\x35\x31\x36\x33\x39\x34\x30\x5a\x30\x81\xc3\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x31\x3b\x30\x39\x06\x03\x55\x04\x0b\x13\x32\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x50\x53\x20\x69\x6e\x63\x6f\x72\x70\x2e\x20\x62\x79\x20\x72\x65\x66\x2e\x20\x28\x6c\x69\x6d\x69\x74\x73\x20\x6c\x69\x61\x62\x2e\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x3a\x30\x38\x06\x03\x55\x04\x03\x13\x31\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x53\x65\x63\x75\x72\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x81\x9d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8b\x00\x30\x81\x87\x02\x81\x81\x00\xcd\x28\x83\x34\x54\x1b\x89\xf3\x0f\xaf\x37\x91\x31\xff\xaf\x31\x60\xc9\xa8\xe8\xb2\x10\x68\xed\x9f\xe7\x93\x36\xf1\x0a\x64\xbb\x47\xf5\x04\x17\x3f\x23\x47\x4d\xc5\x27\x19\x81\x26\x0c\x54\x72\x0d\x88\x2d\xd9\x1f\x9a\x12\x9f\xbc\xb3\x71\xd3\x80\x19\x3f\x47\x66\x7b\x8c\x35\x28\xd2\xb9\x0a\xdf\x24\xda\x9c\xd6\x50\x79\x81\x7a\x5a\xd3\x37\xf7\xc2\x4a\xd8\x29\x92\x26\x64\xd1\xe4\x98\x6c\x3a\x00\x8a\xf5\x34\x9b\x65\xf8\xed\xe3\x10\xff\xfd\xb8\x49\x58\xdc\xa0\xde\x82\x39\x6b\x81\xb1\x16\x19\x61\xb9\x54\xb6\xe6\x43\x02\x01\x03\xa3\x82\x01\xd7\x30\x82\x01\xd3\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x82\x01\x19\x06\x03\x55\x1d\x1f\x04\x82\x01\x10\x30\x82\x01\x0c\x30\x81\xde\xa0\x81\xdb\xa0\x81\xd8\xa4\x81\xd5\x30\x81\xd2\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x31\x3b\x30\x39\x06\x03\x55\x04\x0b\x13\x32\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x50\x53\x20\x69\x6e\x63\x6f\x72\x70\x2e\x20\x62\x79\x20\x72\x65\x66\x2e\x20\x28\x6c\x69\x6d\x69\x74\x73\x20\x6c\x69\x61\x62\x2e\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x3a\x30\x38\x06\x03\x55\x04\x03\x13\x31\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x53\x65\x63\x75\x72\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4c\x31\x30\x29\xa0\x27\xa0\x25\x86\x23\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x52\x4c\x2f\x6e\x65\x74\x31\x2e\x63\x72\x6c\x30\x2b\x06\x03\x55\x1d\x10\x04\x24\x30\x22\x80\x0f\x31\x39\x39\x39\x30\x35\x32\x35\x31\x36\x30\x39\x34\x30\x5a\x81\x0f\x32\x30\x31\x39\x30\x35\x32\x35\x31\x36\x30\x39\x34\x30\x5a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xf0\x17\x62\x13\x55\x3d\xb3\xff\x0a\x00\x6b\xfb\x50\x84\x97\xf3\xed\x62\xd0\x1a\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xf0\x17\x62\x13\x55\x3d\xb3\xff\x0a\x00\x6b\xfb\x50\x84\x97\xf3\xed\x62\xd0\x1a\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x19\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x0c\x30\x0a\x1b\x04\x56\x34\x2e\x30\x03\x02\x04\x90\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x90\xdc\x30\x02\xfa\x64\x74\xc2\xa7\x0a\xa5\x7c\x21\x8d\x34\x17\xa8\xfb\x47\x0e\xff\x25\x7c\x8d\x13\x0a\xfb\xe4\x98\xb5\xef\x8c\xf8\xc5\x10\x0d\xf7\x92\xbe\xf1\xc3\xd5\xd5\x95\x6a\x04\xbb\x2c\xce\x26\x36\x65\xc8\x31\xc6\xe7\xee\x3f\xe3\x57\x75\x84\x7a\x11\xef\x46\x4f\x18\xf4\xd3\x98\xbb\xa8\x87\x32\xba\x72\xf6\x3c\xe2\x3d\x9f\xd7\x1d\xd9\xc3\x60\x43\x8c\x58\x0e\x22\x96\x2f\x62\xa3\x2c\x1f\xba\xad\x05\xef\xab\x32\x78\x87\xa0\x54\x73\x19\xb5\x5c\x05\xf9\x52\x3e\x6d\x2d\x45\x0b\xf7\x0a\x93\xea\xed\x06\xf9\xb2", + ["Entrust.net Premium 2048 Secure Server CA"] = "\x30\x82\x04\x5c\x30\x82\x03\x44\xa0\x03\x02\x01\x02\x02\x04\x38\x63\xb9\x66\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xb4\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x31\x40\x30\x3e\x06\x03\x55\x04\x0b\x14\x37\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x50\x53\x5f\x32\x30\x34\x38\x20\x69\x6e\x63\x6f\x72\x70\x2e\x20\x62\x79\x20\x72\x65\x66\x2e\x20\x28\x6c\x69\x6d\x69\x74\x73\x20\x6c\x69\x61\x62\x2e\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x33\x30\x31\x06\x03\x55\x04\x03\x13\x2a\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x28\x32\x30\x34\x38\x29\x30\x1e\x17\x0d\x39\x39\x31\x32\x32\x34\x31\x37\x35\x30\x35\x31\x5a\x17\x0d\x31\x39\x31\x32\x32\x34\x31\x38\x32\x30\x35\x31\x5a\x30\x81\xb4\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x31\x40\x30\x3e\x06\x03\x55\x04\x0b\x14\x37\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x50\x53\x5f\x32\x30\x34\x38\x20\x69\x6e\x63\x6f\x72\x70\x2e\x20\x62\x79\x20\x72\x65\x66\x2e\x20\x28\x6c\x69\x6d\x69\x74\x73\x20\x6c\x69\x61\x62\x2e\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x33\x30\x31\x06\x03\x55\x04\x03\x13\x2a\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x28\x32\x30\x34\x38\x29\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xad\x4d\x4b\xa9\x12\x86\xb2\xea\xa3\x20\x07\x15\x16\x64\x2a\x2b\x4b\xd1\xbf\x0b\x4a\x4d\x8e\xed\x80\x76\xa5\x67\xb7\x78\x40\xc0\x73\x42\xc8\x68\xc0\xdb\x53\x2b\xdd\x5e\xb8\x76\x98\x35\x93\x8b\x1a\x9d\x7c\x13\x3a\x0e\x1f\x5b\xb7\x1e\xcf\xe5\x24\x14\x1e\xb1\x81\xa9\x8d\x7d\xb8\xcc\x6b\x4b\x03\xf1\x02\x0c\xdc\xab\xa5\x40\x24\x00\x7f\x74\x94\xa1\x9d\x08\x29\xb3\x88\x0b\xf5\x87\x77\x9d\x55\xcd\xe4\xc3\x7e\xd7\x6a\x64\xab\x85\x14\x86\x95\x5b\x97\x32\x50\x6f\x3d\xc8\xba\x66\x0c\xe3\xfc\xbd\xb8\x49\xc1\x76\x89\x49\x19\xfd\xc0\xa8\xbd\x89\xa3\x67\x2f\xc6\x9f\xbc\x71\x19\x60\xb8\x2d\xe9\x2c\xc9\x90\x76\x66\x7b\x94\xe2\xaf\x78\xd6\x65\x53\x5d\x3c\xd6\x9c\xb2\xcf\x29\x03\xf9\x2f\xa4\x50\xb2\xd4\x48\xce\x05\x32\x55\x8a\xfd\xb2\x64\x4c\x0e\xe4\x98\x07\x75\xdb\x7f\xdf\xb9\x08\x55\x60\x85\x30\x29\xf9\x7b\x48\xa4\x69\x86\xe3\x35\x3f\x1e\x86\x5d\x7a\x7a\x15\xbd\xef\x00\x8e\x15\x22\x54\x17\x00\x90\x26\x93\xbc\x0e\x49\x68\x91\xbf\xf8\x47\xd3\x9d\x95\x42\xc1\x0e\x4d\xdf\x6f\x26\xcf\xc3\x18\x21\x62\x66\x43\x70\xd6\xd5\xc0\x07\xe1\x02\x03\x01\x00\x01\xa3\x74\x30\x72\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x55\xe4\x81\xd1\x11\x80\xbe\xd8\x89\xb9\x08\xa3\x31\xf9\xa1\x24\x09\x16\xb9\x70\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x55\xe4\x81\xd1\x11\x80\xbe\xd8\x89\xb9\x08\xa3\x31\xf9\xa1\x24\x09\x16\xb9\x70\x30\x1d\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x10\x30\x0e\x1b\x08\x56\x35\x2e\x30\x3a\x34\x2e\x30\x03\x02\x04\x90\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x59\x47\xac\x21\x84\x8a\x17\xc9\x9c\x89\x53\x1e\xba\x80\x85\x1a\xc6\x3c\x4e\x3e\xb1\x9c\xb6\x7c\xc6\x92\x5d\x18\x64\x02\xe3\xd3\x06\x08\x11\x61\x7c\x63\xe3\x2b\x9d\x31\x03\x70\x76\xd2\xa3\x28\xa0\xf4\xbb\x9a\x63\x73\xed\x6d\xe5\x2a\xdb\xed\x14\xa9\x2b\xc6\x36\x11\xd0\x2b\xeb\x07\x8b\xa5\xda\x9e\x5c\x19\x9d\x56\x12\xf5\x54\x29\xc8\x05\xed\xb2\x12\x2a\x8d\xf4\x03\x1b\xff\xe7\x92\x10\x87\xb0\x3a\xb5\xc3\x9d\x05\x37\x12\xa3\xc7\xf4\x15\xb9\xd5\xa4\x39\x16\x9b\x53\x3a\x23\x91\xf1\xa8\x82\xa2\x6a\x88\x68\xc1\x79\x02\x22\xbc\xaa\xa6\xd6\xae\xdf\xb0\x14\x5f\xb8\x87\xd0\xdd\x7c\x7f\x7b\xff\xaf\x1c\xcf\xe6\xdb\x07\xad\x5e\xdb\x85\x9d\xd0\x2b\x0d\x33\xdb\x04\xd1\xe6\x49\x40\x13\x2b\x76\xfb\x3e\xe9\x9c\x89\x0f\x15\xce\x18\xb0\x85\x78\x21\x4f\x6b\x4f\x0e\xfa\x36\x67\xcd\x07\xf2\xff\x08\xd0\xe2\xde\xd9\xbf\x2a\xaf\xb8\x87\x86\x21\x3c\x04\xca\xb7\x94\x68\x7f\xcf\x3c\xe9\x98\xd7\x38\xff\xec\xc0\xd9\x50\xf0\x2e\x4b\x58\xae\x46\x6f\xd0\x2e\xc3\x60\xda\x72\x55\x72\xbd\x4c\x45\x9e\x61\xba\xbf\x84\x81\x92\x03\xd1\xd2\x69\x7c\xc5", + ["Baltimore CyberTrust Root"] = "\x30\x82\x03\x77\x30\x82\x02\x5f\xa0\x03\x02\x01\x02\x02\x04\x02\x00\x00\xb9\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x5a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x45\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x13\x09\x42\x61\x6c\x74\x69\x6d\x6f\x72\x65\x31\x13\x30\x11\x06\x03\x55\x04\x0b\x13\x0a\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x42\x61\x6c\x74\x69\x6d\x6f\x72\x65\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x30\x30\x35\x31\x32\x31\x38\x34\x36\x30\x30\x5a\x17\x0d\x32\x35\x30\x35\x31\x32\x32\x33\x35\x39\x30\x30\x5a\x30\x5a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x45\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x13\x09\x42\x61\x6c\x74\x69\x6d\x6f\x72\x65\x31\x13\x30\x11\x06\x03\x55\x04\x0b\x13\x0a\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x42\x61\x6c\x74\x69\x6d\x6f\x72\x65\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x52\x6f\x6f\x74\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa3\x04\xbb\x22\xab\x98\x3d\x57\xe8\x26\x72\x9a\xb5\x79\xd4\x29\xe2\xe1\xe8\x95\x80\xb1\xb0\xe3\x5b\x8e\x2b\x29\x9a\x64\xdf\xa1\x5d\xed\xb0\x09\x05\x6d\xdb\x28\x2e\xce\x62\xa2\x62\xfe\xb4\x88\xda\x12\xeb\x38\xeb\x21\x9d\xc0\x41\x2b\x01\x52\x7b\x88\x77\xd3\x1c\x8f\xc7\xba\xb9\x88\xb5\x6a\x09\xe7\x73\xe8\x11\x40\xa7\xd1\xcc\xca\x62\x8d\x2d\xe5\x8f\x0b\xa6\x50\xd2\xa8\x50\xc3\x28\xea\xf5\xab\x25\x87\x8a\x9a\x96\x1c\xa9\x67\xb8\x3f\x0c\xd5\xf7\xf9\x52\x13\x2f\xc2\x1b\xd5\x70\x70\xf0\x8f\xc0\x12\xca\x06\xcb\x9a\xe1\xd9\xca\x33\x7a\x77\xd6\xf8\xec\xb9\xf1\x68\x44\x42\x48\x13\xd2\xc0\xc2\xa4\xae\x5e\x60\xfe\xb6\xa6\x05\xfc\xb4\xdd\x07\x59\x02\xd4\x59\x18\x98\x63\xf5\xa5\x63\xe0\x90\x0c\x7d\x5d\xb2\x06\x7a\xf3\x85\xea\xeb\xd4\x03\xae\x5e\x84\x3e\x5f\xff\x15\xed\x69\xbc\xf9\x39\x36\x72\x75\xcf\x77\x52\x4d\xf3\xc9\x90\x2c\xb9\x3d\xe5\xc9\x23\x53\x3f\x1f\x24\x98\x21\x5c\x07\x99\x29\xbd\xc6\x3a\xec\xe7\x6e\x86\x3a\x6b\x97\x74\x63\x33\xbd\x68\x18\x31\xf0\x78\x8d\x76\xbf\xfc\x9e\x8e\x5d\x2a\x86\xa7\x4d\x90\xdc\x27\x1a\x39\x02\x03\x01\x00\x01\xa3\x45\x30\x43\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xe5\x9d\x59\x30\x82\x47\x58\xcc\xac\xfa\x08\x54\x36\x86\x7b\x3a\xb5\x04\x4d\xf0\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x03\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x85\x0c\x5d\x8e\xe4\x6f\x51\x68\x42\x05\xa0\xdd\xbb\x4f\x27\x25\x84\x03\xbd\xf7\x64\xfd\x2d\xd7\x30\xe3\xa4\x10\x17\xeb\xda\x29\x29\xb6\x79\x3f\x76\xf6\x19\x13\x23\xb8\x10\x0a\xf9\x58\xa4\xd4\x61\x70\xbd\x04\x61\x6a\x12\x8a\x17\xd5\x0a\xbd\xc5\xbc\x30\x7c\xd6\xe9\x0c\x25\x8d\x86\x40\x4f\xec\xcc\xa3\x7e\x38\xc6\x37\x11\x4f\xed\xdd\x68\x31\x8e\x4c\xd2\xb3\x01\x74\xee\xbe\x75\x5e\x07\x48\x1a\x7f\x70\xff\x16\x5c\x84\xc0\x79\x85\xb8\x05\xfd\x7f\xbe\x65\x11\xa3\x0f\xc0\x02\xb4\xf8\x52\x37\x39\x04\xd5\xa9\x31\x7a\x18\xbf\xa0\x2a\xf4\x12\x99\xf7\xa3\x45\x82\xe3\x3c\x5e\xf5\x9d\x9e\xb5\xc8\x9e\x7c\x2e\xc8\xa4\x9e\x4e\x08\x14\x4b\x6d\xfd\x70\x6d\x6b\x1a\x63\xbd\x64\xe6\x1f\xb7\xce\xf0\xf2\x9f\x2e\xbb\x1b\xb7\xf2\x50\x88\x73\x92\xc2\xe2\xe3\x16\x8d\x9a\x32\x02\xab\x8e\x18\xdd\xe9\x10\x11\xee\x7e\x35\xab\x90\xaf\x3e\x30\x94\x7a\xd0\x33\x3d\xa7\x65\x0f\xf5\xfc\x8e\x9e\x62\xcf\x47\x44\x2c\x01\x5d\xbb\x1d\xb5\x32\xd2\x47\xd2\x38\x2e\xd0\xfe\x81\xdc\x32\x6a\x1e\xb5\xee\x3c\xd5\xfc\xe7\x81\x1d\x19\xc3\x24\x42\xea\x63\x39\xa9", + ["Equifax Secure Global eBusiness CA"] = "\x30\x82\x02\x90\x30\x82\x01\xf9\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x5a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6e\x63\x2e\x31\x2d\x30\x2b\x06\x03\x55\x04\x03\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x47\x6c\x6f\x62\x61\x6c\x20\x65\x42\x75\x73\x69\x6e\x65\x73\x73\x20\x43\x41\x2d\x31\x30\x1e\x17\x0d\x39\x39\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5a\x17\x0d\x32\x30\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5a\x30\x5a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6e\x63\x2e\x31\x2d\x30\x2b\x06\x03\x55\x04\x03\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x47\x6c\x6f\x62\x61\x6c\x20\x65\x42\x75\x73\x69\x6e\x65\x73\x73\x20\x43\x41\x2d\x31\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xba\xe7\x17\x90\x02\x65\xb1\x34\x55\x3c\x49\xc2\x51\xd5\xdf\xa7\xd1\x37\x8f\xd1\xe7\x81\x73\x41\x52\x60\x9b\x9d\xa1\x17\x26\x78\xad\xc7\xb1\xe8\x26\x94\x32\xb5\xde\x33\x8d\x3a\x2f\xdb\xf2\x9a\x7a\x5a\x73\x98\xa3\x5c\xe9\xfb\x8a\x73\x1b\x5c\xe7\xc3\xbf\x80\x6c\xcd\xa9\xf4\xd6\x2b\xc0\xf7\xf9\x99\xaa\x63\xa2\xb1\x47\x02\x0f\xd4\xe4\x51\x3a\x12\x3c\x6c\x8a\x5a\x54\x84\x70\xdb\xc1\xc5\x90\xcf\x72\x45\xcb\xa8\x59\xc0\xcd\x33\x9d\x3f\xa3\x96\xeb\x85\x33\x21\x1c\x3e\x1e\x3e\x60\x6e\x76\x9c\x67\x85\xc5\xc8\xc3\x61\x02\x03\x01\x00\x01\xa3\x66\x30\x64\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xbe\xa8\xa0\x74\x72\x50\x6b\x44\xb7\xc9\x23\xd8\xfb\xa8\xff\xb3\x57\x6b\x68\x6c\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xbe\xa8\xa0\x74\x72\x50\x6b\x44\xb7\xc9\x23\xd8\xfb\xa8\xff\xb3\x57\x6b\x68\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x30\xe2\x01\x51\xaa\xc7\xea\x5f\xda\xb9\xd0\x65\x0f\x30\xd6\x3e\xda\x0d\x14\x49\x6e\x91\x93\x27\x14\x31\xef\xc4\xf7\x2d\x45\xf8\xec\xc7\xbf\xa2\x41\x0d\x23\xb4\x92\xf9\x19\x00\x67\xbd\x01\xaf\xcd\xe0\x71\xfc\x5a\xcf\x64\xc4\xe0\x96\x98\xd0\xa3\x40\xe2\x01\x8a\xef\x27\x07\xf1\x65\x01\x8a\x44\x2d\x06\x65\x75\x52\xc0\x86\x10\x20\x21\x5f\x6c\x6b\x0f\x6c\xae\x09\x1c\xaf\xf2\xa2\x18\x34\xc4\x75\xa4\x73\x1c\xf1\x8d\xdc\xef\xad\xf9\xb3\x76\xb4\x92\xbf\xdc\x95\x10\x1e\xbe\xcb\xc8\x3b\x5a\x84\x60\x19\x56\x94\xa9\x55", + ["Equifax Secure eBusiness CA 1"] = "\x30\x82\x02\x82\x30\x82\x01\xeb\xa0\x03\x02\x01\x02\x02\x01\x04\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6e\x63\x2e\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1d\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6e\x65\x73\x73\x20\x43\x41\x2d\x31\x30\x1e\x17\x0d\x39\x39\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5a\x17\x0d\x32\x30\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5a\x30\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6e\x63\x2e\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1d\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6e\x65\x73\x73\x20\x43\x41\x2d\x31\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xce\x2f\x19\xbc\x17\xb7\x77\xde\x93\xa9\x5f\x5a\x0d\x17\x4f\x34\x1a\x0c\x98\xf4\x22\xd9\x59\xd4\xc4\x68\x46\xf0\xb4\x35\xc5\x85\x03\x20\xc6\xaf\x45\xa5\x21\x51\x45\x41\xeb\x16\x58\x36\x32\x6f\xe2\x50\x62\x64\xf9\xfd\x51\x9c\xaa\x24\xd9\xf4\x9d\x83\x2a\x87\x0a\x21\xd3\x12\x38\x34\x6c\x8d\x00\x6e\x5a\xa0\xd9\x42\xee\x1a\x21\x95\xf9\x52\x4c\x55\x5a\xc5\x0f\x38\x4f\x46\xfa\x6d\xf8\x2e\x35\xd6\x1d\x7c\xeb\xe2\xf0\xb0\x75\x80\xc8\xa9\x13\xac\xbe\x88\xef\x3a\x6e\xab\x5f\x2a\x38\x62\x02\xb0\x12\x7b\xfe\x8f\xa6\x03\x02\x03\x01\x00\x01\xa3\x66\x30\x64\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x4a\x78\x32\x52\x11\xdb\x59\x16\x36\x5e\xdf\xc1\x14\x36\x40\x6a\x47\x7c\x4c\xa1\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x4a\x78\x32\x52\x11\xdb\x59\x16\x36\x5e\xdf\xc1\x14\x36\x40\x6a\x47\x7c\x4c\xa1\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x75\x5b\xa8\x9b\x03\x11\xe6\xe9\x56\x4c\xcd\xf9\xa9\x4c\xc0\x0d\x9a\xf3\xcc\x65\x69\xe6\x25\x76\xcc\x59\xb7\xd6\x54\xc3\x1d\xcd\x99\xac\x19\xdd\xb4\x85\xd5\xe0\x3d\xfc\x62\x20\xa7\x84\x4b\x58\x65\xf1\xe2\xf9\x95\x21\x3f\xf5\xd4\x7e\x58\x1e\x47\x87\x54\x3e\x58\xa1\xb5\xb5\xf8\x2a\xef\x71\xe7\xbc\xc3\xf6\xb1\x49\x46\xe2\xd7\xa0\x6b\xe5\x56\x7a\x9a\x27\x98\x7c\x46\x62\x14\xe7\xc9\xfc\x6e\x03\x12\x79\x80\x38\x1d\x48\x82\x8d\xfc\x17\xfe\x2a\x96\x2b\xb5\x62\xa6\xa6\x3d\xbd\x7f\x92\x59\xcd\x5a\x2a\x82\xb2\x37\x79", + ["Equifax Secure eBusiness CA 2"] = "\x30\x82\x03\x20\x30\x82\x02\x89\xa0\x03\x02\x01\x02\x02\x04\x37\x70\xcf\xb5\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x31\x26\x30\x24\x06\x03\x55\x04\x0b\x13\x1d\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6e\x65\x73\x73\x20\x43\x41\x2d\x32\x30\x1e\x17\x0d\x39\x39\x30\x36\x32\x33\x31\x32\x31\x34\x34\x35\x5a\x17\x0d\x31\x39\x30\x36\x32\x33\x31\x32\x31\x34\x34\x35\x5a\x30\x4e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x31\x26\x30\x24\x06\x03\x55\x04\x0b\x13\x1d\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6e\x65\x73\x73\x20\x43\x41\x2d\x32\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xe4\x39\x39\x93\x1e\x52\x06\x1b\x28\x36\xf8\xb2\xa3\x29\xc5\xed\x8e\xb2\x11\xbd\xfe\xeb\xe7\xb4\x74\xc2\x8f\xff\x05\xe7\xd9\x9d\x06\xbf\x12\xc8\x3f\x0e\xf2\xd6\xd1\x24\xb2\x11\xde\xd1\x73\x09\x8a\xd4\xb1\x2c\x98\x09\x0d\x1e\x50\x46\xb2\x83\xa6\x45\x8d\x62\x68\xbb\x85\x1b\x20\x70\x32\xaa\x40\xcd\xa6\x96\x5f\xc4\x71\x37\x3f\x04\xf3\xb7\x41\x24\x39\x07\x1a\x1e\x2e\x61\x58\xa0\x12\x0b\xe5\xa5\xdf\xc5\xab\xea\x37\x71\xcc\x1c\xc8\x37\x3a\xb9\x97\x52\xa7\xac\xc5\x6a\x24\x94\x4e\x9c\x7b\xcf\xc0\x6a\xd6\xdf\x21\xbd\x02\x03\x01\x00\x01\xa3\x82\x01\x09\x30\x82\x01\x05\x30\x70\x06\x03\x55\x1d\x1f\x04\x69\x30\x67\x30\x65\xa0\x63\xa0\x61\xa4\x5f\x30\x5d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x31\x26\x30\x24\x06\x03\x55\x04\x0b\x13\x1d\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6e\x65\x73\x73\x20\x43\x41\x2d\x32\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4c\x31\x30\x1a\x06\x03\x55\x1d\x10\x04\x13\x30\x11\x81\x0f\x32\x30\x31\x39\x30\x36\x32\x33\x31\x32\x31\x34\x34\x35\x5a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x50\x9e\x0b\xea\xaf\x5e\xb9\x20\x48\xa6\x50\x6a\xcb\xfd\xd8\x20\x7a\xa7\x82\x76\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x50\x9e\x0b\xea\xaf\x5e\xb9\x20\x48\xa6\x50\x6a\xcb\xfd\xd8\x20\x7a\xa7\x82\x76\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x1a\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x0d\x30\x0b\x1b\x05\x56\x33\x2e\x30\x63\x03\x02\x06\xc0\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x0c\x86\x82\xad\xe8\x4e\x1a\xf5\x8e\x89\x27\xe2\x35\x58\x3d\x29\xb4\x07\x8f\x36\x50\x95\xbf\x6e\xc1\x9e\xeb\xc4\x90\xb2\x85\xa8\xbb\xb7\x42\xe0\x0f\x07\x39\xdf\xfb\x9e\x90\xb2\xd1\xc1\x3e\x53\x9f\x03\x44\xb0\x7e\x4b\xf4\x6f\xe4\x7c\x1f\xe7\xe2\xb1\xe4\xb8\x9a\xef\xc3\xbd\xce\xde\x0b\x32\x34\xd9\xde\x28\xed\x33\x6b\xc4\xd4\xd7\x3d\x12\x58\xab\x7d\x09\x2d\xcb\x70\xf5\x13\x8a\x94\xa1\x27\xa4\xd6\x70\xc5\x6d\x94\xb5\xc9\x7d\x9d\xa0\xd2\xc6\x08\x49\xd9\x66\x9b\xa6\xd3\xf4\x0b\xdc\xc5\x26\x57\xe1\x91\x30\xea\xcd", + ["AddTrust Low-Value Services Root"] = "\x30\x82\x04\x18\x30\x82\x03\x00\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x65\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6c\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x30\x30\x35\x33\x30\x31\x30\x33\x38\x33\x31\x5a\x17\x0d\x32\x30\x30\x35\x33\x30\x31\x30\x33\x38\x33\x31\x5a\x30\x65\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6c\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x96\x96\xd4\x21\x49\x60\xe2\x6b\xe8\x41\x07\x0c\xde\xc4\xe0\xdc\x13\x23\xcd\xc1\x35\xc7\xfb\xd6\x4e\x11\x0a\x67\x5e\xf5\x06\x5b\x6b\xa5\x08\x3b\x5b\x29\x16\x3a\xe7\x87\xb2\x34\x06\xc5\xbc\x05\xa5\x03\x7c\x82\xcb\x29\x10\xae\xe1\x88\x81\xbd\xd6\x9e\xd3\xfe\x2d\x56\xc1\x15\xce\xe3\x26\x9d\x15\x2e\x10\xfb\x06\x8f\x30\x04\xde\xa7\xb4\x63\xb4\xff\xb1\x9c\xae\x3c\xaf\x77\xb6\x56\xc5\xb5\xab\xa2\xe9\x69\x3a\x3d\x0e\x33\x79\x32\x3f\x70\x82\x92\x99\x61\x6d\x8d\x30\x08\x8f\x71\x3f\xa6\x48\x57\x19\xf8\x25\xdc\x4b\x66\x5c\xa5\x74\x8f\x98\xae\xc8\xf9\xc0\x06\x22\xe7\xac\x73\xdf\xa5\x2e\xfb\x52\xdc\xb1\x15\x65\x20\xfa\x35\x66\x69\xde\xdf\x2c\xf1\x6e\xbc\x30\xdb\x2c\x24\x12\xdb\xeb\x35\x35\x68\x90\xcb\x00\xb0\x97\x21\x3d\x74\x21\x23\x65\x34\x2b\xbb\x78\x59\xa3\xd6\xe1\x76\x39\x9a\xa4\x49\x8e\x8c\x74\xaf\x6e\xa4\x9a\xa3\xd9\x9b\xd2\x38\x5c\x9b\xa2\x18\xcc\x75\x23\x84\xbe\xeb\xe2\x4d\x33\x71\x8e\x1a\xf0\xc2\xf8\xc7\x1d\xa2\xad\x03\x97\x2c\xf8\xcf\x25\xc6\xf6\xb8\x24\x31\xb1\x63\x5d\x92\x7f\x63\xf0\x25\xc9\x53\x2e\x1f\xbf\x4d\x02\x03\x01\x00\x01\xa3\x81\xd2\x30\x81\xcf\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x95\xb1\xb4\xf0\x94\xb6\xbd\xc7\xda\xd1\x11\x09\x21\xbe\xc1\xaf\x49\xfd\x10\x7b\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\x8f\x06\x03\x55\x1d\x23\x04\x81\x87\x30\x81\x84\x80\x14\x95\xb1\xb4\xf0\x94\xb6\xbd\xc7\xda\xd1\x11\x09\x21\xbe\xc1\xaf\x49\xfd\x10\x7b\xa1\x69\xa4\x67\x30\x65\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6c\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6f\x6f\x74\x82\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x2c\x6d\x64\x1b\x1f\xcd\x0d\xdd\xb9\x01\xfa\x96\x63\x34\x32\x48\x47\x99\xae\x97\xed\xfd\x72\x16\xa6\x73\x47\x5a\xf4\xeb\xdd\xe9\xf5\xd6\xfb\x45\xcc\x29\x89\x44\x5d\xbf\x46\x39\x3d\xe8\xee\xbc\x4d\x54\x86\x1e\x1d\x6c\xe3\x17\x27\x43\xe1\x89\x56\x2b\xa9\x6f\x72\x4e\x49\x33\xe3\x72\x7c\x2a\x23\x9a\xbc\x3e\xff\x28\x2a\xed\xa3\xff\x1c\x23\xba\x43\x57\x09\x67\x4d\x4b\x62\x06\x2d\xf8\xff\x6c\x9d\x60\x1e\xd8\x1c\x4b\x7d\xb5\x31\x2f\xd9\xd0\x7c\x5d\xf8\xde\x6b\x83\x18\x78\x37\x57\x2f\xe8\x33\x07\x67\xdf\x1e\xc7\x6b\x2a\x95\x76\xae\x8f\x57\xa3\xf0\xf4\x52\xb4\xa9\x53\x08\xcf\xe0\x4f\xd3\x7a\x53\x8b\xfd\xbb\x1c\x56\x36\xf2\xfe\xb2\xb6\xe5\x76\xbb\xd5\x22\x65\xa7\x3f\xfe\xd1\x66\xad\x0b\xbc\x6b\x99\x86\xef\x3f\x7d\xf3\x18\x32\xca\x7b\xc6\xe3\xab\x64\x46\x95\xf8\x26\x69\xd9\x55\x83\x7b\x2c\x96\x07\xff\x59\x2c\x44\xa3\xc6\xe5\xe9\xa9\xdc\xa1\x63\x80\x5a\x21\x5e\x21\xcf\x53\x54\xf0\xba\x6f\x89\xdb\xa8\xaa\x95\xcf\x8b\xe3\x71\xcc\x1e\x1b\x20\x44\x08\xc0\x7a\xb6\x40\xfd\xc4\xe4\x35\xe1\x1d\x16\x1c\xd0\xbc\x2b\x8e\xd6\x71\xd9", + ["AddTrust External Root"] = "\x30\x82\x04\x36\x30\x82\x03\x1e\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x6f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0b\x13\x1d\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6e\x61\x6c\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6e\x61\x6c\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x30\x30\x35\x33\x30\x31\x30\x34\x38\x33\x38\x5a\x17\x0d\x32\x30\x30\x35\x33\x30\x31\x30\x34\x38\x33\x38\x5a\x30\x6f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0b\x13\x1d\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6e\x61\x6c\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6e\x61\x6c\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb7\xf7\x1a\x33\xe6\xf2\x00\x04\x2d\x39\xe0\x4e\x5b\xed\x1f\xbc\x6c\x0f\xcd\xb5\xfa\x23\xb6\xce\xde\x9b\x11\x33\x97\xa4\x29\x4c\x7d\x93\x9f\xbd\x4a\xbc\x93\xed\x03\x1a\xe3\x8f\xcf\xe5\x6d\x50\x5a\xd6\x97\x29\x94\x5a\x80\xb0\x49\x7a\xdb\x2e\x95\xfd\xb8\xca\xbf\x37\x38\x2d\x1e\x3e\x91\x41\xad\x70\x56\xc7\xf0\x4f\x3f\xe8\x32\x9e\x74\xca\xc8\x90\x54\xe9\xc6\x5f\x0f\x78\x9d\x9a\x40\x3c\x0e\xac\x61\xaa\x5e\x14\x8f\x9e\x87\xa1\x6a\x50\xdc\xd7\x9a\x4e\xaf\x05\xb3\xa6\x71\x94\x9c\x71\xb3\x50\x60\x0a\xc7\x13\x9d\x38\x07\x86\x02\xa8\xe9\xa8\x69\x26\x18\x90\xab\x4c\xb0\x4f\x23\xab\x3a\x4f\x84\xd8\xdf\xce\x9f\xe1\x69\x6f\xbb\xd7\x42\xd7\x6b\x44\xe4\xc7\xad\xee\x6d\x41\x5f\x72\x5a\x71\x08\x37\xb3\x79\x65\xa4\x59\xa0\x94\x37\xf7\x00\x2f\x0d\xc2\x92\x72\xda\xd0\x38\x72\xdb\x14\xa8\x45\xc4\x5d\x2a\x7d\xb7\xb4\xd6\xc4\xee\xac\xcd\x13\x44\xb7\xc9\x2b\xdd\x43\x00\x25\xfa\x61\xb9\x69\x6a\x58\x23\x11\xb7\xa7\x33\x8f\x56\x75\x59\xf5\xcd\x29\xd7\x46\xb7\x0a\x2b\x65\xb6\xd3\x42\x6f\x15\xb2\xb8\x7b\xfb\xef\xe9\x5d\x53\xd5\x34\x5a\x27\x02\x03\x01\x00\x01\xa3\x81\xdc\x30\x81\xd9\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xad\xbd\x98\x7a\x34\xb4\x26\xf7\xfa\xc4\x26\x54\xef\x03\xbd\xe0\x24\xcb\x54\x1a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\x99\x06\x03\x55\x1d\x23\x04\x81\x91\x30\x81\x8e\x80\x14\xad\xbd\x98\x7a\x34\xb4\x26\xf7\xfa\xc4\x26\x54\xef\x03\xbd\xe0\x24\xcb\x54\x1a\xa1\x73\xa4\x71\x30\x6f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0b\x13\x1d\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6e\x61\x6c\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6e\x61\x6c\x20\x43\x41\x20\x52\x6f\x6f\x74\x82\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xb0\x9b\xe0\x85\x25\xc2\xd6\x23\xe2\x0f\x96\x06\x92\x9d\x41\x98\x9c\xd9\x84\x79\x81\xd9\x1e\x5b\x14\x07\x23\x36\x65\x8f\xb0\xd8\x77\xbb\xac\x41\x6c\x47\x60\x83\x51\xb0\xf9\x32\x3d\xe7\xfc\xf6\x26\x13\xc7\x80\x16\xa5\xbf\x5a\xfc\x87\xcf\x78\x79\x89\x21\x9a\xe2\x4c\x07\x0a\x86\x35\xbc\xf2\xde\x51\xc4\xd2\x96\xb7\xdc\x7e\x4e\xee\x70\xfd\x1c\x39\xeb\x0c\x02\x51\x14\x2d\x8e\xbd\x16\xe0\xc1\xdf\x46\x75\xe7\x24\xad\xec\xf4\x42\xb4\x85\x93\x70\x10\x67\xba\x9d\x06\x35\x4a\x18\xd3\x2b\x7a\xcc\x51\x42\xa1\x7a\x63\xd1\xe6\xbb\xa1\xc5\x2b\xc2\x36\xbe\x13\x0d\xe6\xbd\x63\x7e\x79\x7b\xa7\x09\x0d\x40\xab\x6a\xdd\x8f\x8a\xc3\xf6\xf6\x8c\x1a\x42\x05\x51\xd4\x45\xf5\x9f\xa7\x62\x21\x68\x15\x20\x43\x3c\x99\xe7\x7c\xbd\x24\xd8\xa9\x91\x17\x73\x88\x3f\x56\x1b\x31\x38\x18\xb4\x71\x0f\x9a\xcd\xc8\x0e\x9e\x8e\x2e\x1b\xe1\x8c\x98\x83\xcb\x1f\x31\xf1\x44\x4c\xc6\x04\x73\x49\x76\x60\x0f\xc7\xf8\xbd\x17\x80\x6b\x2e\xe9\xcc\x4c\x0e\x5a\x9a\x79\x0f\x20\x0a\x2e\xd5\x9e\x63\x26\x1e\x55\x92\x94\xd8\x82\x17\x5a\x7b\xd0\xbc\xc7\x8f\x4e\x86\x04", + ["AddTrust Public Services Root"] = "\x30\x82\x04\x15\x30\x82\x02\xfd\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x64\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6c\x69\x63\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x30\x30\x35\x33\x30\x31\x30\x34\x31\x35\x30\x5a\x17\x0d\x32\x30\x30\x35\x33\x30\x31\x30\x34\x31\x35\x30\x5a\x30\x64\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6c\x69\x63\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xe9\x1a\x30\x8f\x83\x88\x14\xc1\x20\xd8\x3c\x9b\x8f\x1b\x7e\x03\x74\xbb\xda\x69\xd3\x46\xa5\xf8\x8e\xc2\x0c\x11\x90\x51\xa5\x2f\x66\x54\x40\x55\xea\xdb\x1f\x4a\x56\xee\x9f\x23\x6e\xf4\x39\xcb\xa1\xb9\x6f\xf2\x7e\xf9\x5d\x87\x26\x61\x9e\x1c\xf8\xe2\xec\xa6\x81\xf8\x21\xc5\x24\xcc\x11\x0c\x3f\xdb\x26\x72\x7a\xc7\x01\x97\x07\x17\xf9\xd7\x18\x2c\x30\x7d\x0e\x7a\x1e\x62\x1e\xc6\x4b\xc0\xfd\x7d\x62\x77\xd3\x44\x1e\x27\xf6\x3f\x4b\x44\xb3\xb7\x38\xd9\x39\x1f\x60\xd5\x51\x92\x73\x03\xb4\x00\x69\xe3\xf3\x14\x4e\xee\xd1\xdc\x09\xcf\x77\x34\x46\x50\xb0\xf8\x11\xf2\xfe\x38\x79\xf7\x07\x39\xfe\x51\x92\x97\x0b\x5b\x08\x5f\x34\x86\x01\xad\x88\x97\xeb\x66\xcd\x5e\xd1\xff\xdc\x7d\xf2\x84\xda\xba\x77\xad\xdc\x80\x08\xc7\xa7\x87\xd6\x55\x9f\x97\x6a\xe8\xc8\x11\x64\xba\xe7\x19\x29\x3f\x11\xb3\x78\x90\x84\x20\x52\x5b\x11\xef\x78\xd0\x83\xf6\xd5\x48\x90\xd0\x30\x1c\xcf\x80\xf9\x60\xfe\x79\xe4\x88\xf2\xdd\x00\xeb\x94\x45\xeb\x65\x94\x69\x40\xba\xc0\xd5\xb4\xb8\xba\x7d\x04\x11\xa8\xeb\x31\x05\x96\x94\x4e\x58\x21\x8e\x9f\xd0\x60\xfd\x02\x03\x01\x00\x01\xa3\x81\xd1\x30\x81\xce\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x81\x3e\x37\xd8\x92\xb0\x1f\x77\x9f\x5c\xb4\xab\x73\xaa\xe7\xf6\x34\x60\x2f\xfa\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\x8e\x06\x03\x55\x1d\x23\x04\x81\x86\x30\x81\x83\x80\x14\x81\x3e\x37\xd8\x92\xb0\x1f\x77\x9f\x5c\xb4\xab\x73\xaa\xe7\xf6\x34\x60\x2f\xfa\xa1\x68\xa4\x66\x30\x64\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6c\x69\x63\x20\x43\x41\x20\x52\x6f\x6f\x74\x82\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xf7\x15\x4a\xf8\x24\xda\x23\x56\x16\x93\x76\xdd\x36\x28\xb9\xae\x1b\xb8\xc3\xf1\x64\xba\x20\x18\x78\x95\x29\x27\x57\x05\xbc\x7c\x2a\xf4\xb9\x51\x55\xda\x87\x02\xde\x0f\x16\x17\x31\xf8\xaa\x79\x2e\x09\x13\xbb\xaf\xb2\x20\x19\x12\xe5\x93\xf9\x4b\xf9\x83\xe8\x44\xd5\xb2\x41\x25\xbf\x88\x75\x6f\xff\x10\xfc\x4a\x54\xd0\x5f\xf0\xfa\xef\x36\x73\x7d\x1b\x36\x45\xc6\x21\x6d\xb4\x15\xb8\x4e\xcf\x9c\x5c\xa5\x3d\x5a\x00\x8e\x06\xe3\x3c\x6b\x32\x7b\xf2\x9f\xf0\xb6\xfd\xdf\xf0\x28\x18\x48\xf0\xc6\xbc\xd0\xbf\x34\x80\x96\xc2\x4a\xb1\x6d\x8e\xc7\x90\x45\xde\x2f\x67\xac\x45\x04\xa3\x7a\xdc\x55\x92\xc9\x47\x66\xd8\x1a\x8c\xc7\xed\x9c\x4e\x9a\xe0\x12\xbb\xb5\x6a\x4c\x84\xe1\xe1\x22\x0d\x87\x00\x64\xfe\x8c\x7d\x62\x39\x65\xa6\xef\x42\xb6\x80\x25\x12\x61\x01\xa8\x24\x13\x70\x00\x11\x26\x5f\xfa\x35\x50\xc5\x48\xcc\x06\x47\xe8\x27\xd8\x70\x8d\x5f\x64\xe6\xa1\x44\x26\x5e\x22\xec\x92\xcd\xff\x42\x9a\x44\x21\x6d\x5c\xc5\xe3\x22\x1d\x5f\x47\x12\xe7\xce\x5f\x5d\xfa\xd8\xaa\xb1\x33\x2d\xd9\x76\xf2\x4e\x3a\x33\x0c\x2b\xb3\x2d\x90\x06", + ["AddTrust Qualified Certificates Root"] = "\x30\x82\x04\x1e\x30\x82\x03\x06\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x67\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1a\x41\x64\x64\x54\x72\x75\x73\x74\x20\x51\x75\x61\x6c\x69\x66\x69\x65\x64\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x30\x30\x35\x33\x30\x31\x30\x34\x34\x35\x30\x5a\x17\x0d\x32\x30\x30\x35\x33\x30\x31\x30\x34\x34\x35\x30\x5a\x30\x67\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1a\x41\x64\x64\x54\x72\x75\x73\x74\x20\x51\x75\x61\x6c\x69\x66\x69\x65\x64\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xe4\x1e\x9a\xfe\xdc\x09\x5a\x87\xa4\x9f\x47\xbe\x11\x5f\xaf\x84\x34\xdb\x62\x3c\x79\x78\xb7\xe9\x30\xb5\xec\x0c\x1c\x2a\xc4\x16\xff\xe0\xec\x71\xeb\x8a\xf5\x11\x6e\xed\x4f\x0d\x91\xd2\x12\x18\x2d\x49\x15\x01\xc2\xa4\x22\x13\xc7\x11\x64\xff\x22\x12\x9a\xb9\x8e\x5c\x2f\x08\xcf\x71\x6a\xb3\x67\x01\x59\xf1\x5d\x46\xf3\xb0\x78\xa5\xf6\x0e\x42\x7a\xe3\x7f\x1b\xcc\xd0\xf0\xb7\x28\xfd\x2a\xea\x9e\xb3\xb0\xb9\x04\xaa\xfd\xf6\xc7\xb4\xb1\xb8\x2a\xa0\xfb\x58\xf1\x19\xa0\x6f\x70\x25\x7e\x3e\x69\x4a\x7f\x0f\x22\xd8\xef\xad\x08\x11\x9a\x29\x99\xe1\xaa\x44\x45\x9a\x12\x5e\x3e\x9d\x6d\x52\xfc\xe7\xa0\x3d\x68\x2f\xf0\x4b\x70\x7c\x13\x38\xad\xbc\x15\x25\xf1\xd6\xce\xab\xa2\xc0\x31\xd6\x2f\x9f\xe0\xff\x14\x59\xfc\x84\x93\xd9\x87\x7c\x4c\x54\x13\xeb\x9f\xd1\x2d\x11\xf8\x18\x3a\x3a\xde\x25\xd9\xf7\xd3\x40\xed\xa4\x06\x12\xc4\x3b\xe1\x91\xc1\x56\x35\xf0\x14\xdc\x65\x36\x09\x6e\xab\xa4\x07\xc7\x35\xd1\xc2\x03\x33\x36\x5b\x75\x26\x6d\x42\xf1\x12\x6b\x43\x6f\x4b\x71\x94\xfa\x34\x1d\xed\x13\x6e\xca\x80\x7f\x98\x2f\x6c\xb9\x65\xd8\xe9\x02\x03\x01\x00\x01\xa3\x81\xd4\x30\x81\xd1\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x39\x95\x8b\x62\x8b\x5c\xc9\xd4\x80\xba\x58\x0f\x97\x3f\x15\x08\x43\xcc\x98\xa7\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\x91\x06\x03\x55\x1d\x23\x04\x81\x89\x30\x81\x86\x80\x14\x39\x95\x8b\x62\x8b\x5c\xc9\xd4\x80\xba\x58\x0f\x97\x3f\x15\x08\x43\xcc\x98\xa7\xa1\x6b\xa4\x69\x30\x67\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1a\x41\x64\x64\x54\x72\x75\x73\x74\x20\x51\x75\x61\x6c\x69\x66\x69\x65\x64\x20\x43\x41\x20\x52\x6f\x6f\x74\x82\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x19\xab\x75\xea\xf8\x8b\x65\x61\x95\x13\xba\x69\x04\xef\x86\xca\x13\xa0\xc7\xaa\x4f\x64\x1b\x3f\x18\xf6\xa8\x2d\x2c\x55\x8f\x05\xb7\x30\xea\x42\x6a\x1d\xc0\x25\x51\x2d\xa7\xbf\x0c\xb3\xed\xef\x08\x7f\x6c\x3c\x46\x1a\xea\x18\x43\xdf\x76\xcc\xf9\x66\x86\x9c\x2c\x68\xf5\xe9\x17\xf8\x31\xb3\x18\xc4\xd6\x48\x7d\x23\x4c\x68\xc1\x7e\xbb\x01\x14\x6f\xc5\xd9\x6e\xde\xbb\x04\x42\x6a\xf8\xf6\x5c\x7d\xe5\xda\xfa\x87\xeb\x0d\x35\x52\x67\xd0\x9e\x97\x76\x05\x93\x3f\x95\xc7\x01\xe6\x69\x55\x38\x7f\x10\x61\x99\xc9\xe3\x5f\xa6\xca\x3e\x82\x63\x48\xaa\xe2\x08\x48\x3e\xaa\xf2\xb2\x85\x62\xa6\xb4\xa7\xd9\xbd\x37\x9c\x68\xb5\x2d\x56\x7d\xb0\xb7\x3f\xa0\xb1\x07\xd6\xe9\x4f\xdc\xde\x45\x71\x30\x32\x7f\x1b\x2e\x09\xf9\xbf\x52\xa1\xee\xc2\x80\x3e\x06\x5c\x2e\x55\x40\xc1\x1b\xf5\x70\x45\xb0\xdc\x5d\xfa\xf6\x72\x5a\x77\xd2\x63\xcd\xcf\x58\x89\x00\x42\x63\x3f\x79\x39\xd0\x44\xb0\x82\x6e\x41\x19\xe8\xdd\xe0\xc1\x88\x5a\xd1\x1e\x71\x93\x1f\x24\x30\x74\xe5\x1e\xa8\xde\x3c\x27\x37\x7f\x83\xae\x9e\x77\xcf\xf0\x30\xb1\xff\x4b\x99\xe8\xc6\xa1", + ["Thawte Time Stamping CA"] = "\x30\x82\x02\xa1\x30\x82\x02\x0a\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\x8b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5a\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0c\x57\x65\x73\x74\x65\x72\x6e\x20\x43\x61\x70\x65\x31\x14\x30\x12\x06\x03\x55\x04\x07\x13\x0b\x44\x75\x72\x62\x61\x6e\x76\x69\x6c\x6c\x65\x31\x0f\x30\x0d\x06\x03\x55\x04\x0a\x13\x06\x54\x68\x61\x77\x74\x65\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x54\x68\x61\x77\x74\x65\x20\x54\x69\x6d\x65\x73\x74\x61\x6d\x70\x69\x6e\x67\x20\x43\x41\x30\x1e\x17\x0d\x39\x37\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x30\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\x8b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5a\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0c\x57\x65\x73\x74\x65\x72\x6e\x20\x43\x61\x70\x65\x31\x14\x30\x12\x06\x03\x55\x04\x07\x13\x0b\x44\x75\x72\x62\x61\x6e\x76\x69\x6c\x6c\x65\x31\x0f\x30\x0d\x06\x03\x55\x04\x0a\x13\x06\x54\x68\x61\x77\x74\x65\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x54\x68\x61\x77\x74\x65\x20\x54\x69\x6d\x65\x73\x74\x61\x6d\x70\x69\x6e\x67\x20\x43\x41\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xd6\x2b\x58\x78\x61\x45\x86\x53\xea\x34\x7b\x51\x9c\xed\xb0\xe6\x2e\x18\x0e\xfe\xe0\x5f\xa8\x27\xd3\xb4\xc9\xe0\x7c\x59\x4e\x16\x0e\x73\x54\x60\xc1\x7f\xf6\x9f\x2e\xe9\x3a\x85\x24\x15\x3c\xdb\x47\x04\x63\xc3\x9e\xc4\x94\x1a\x5a\xdf\x4c\x7a\xf3\xd9\x43\x1d\x3c\x10\x7a\x79\x25\xdb\x90\xfe\xf0\x51\xe7\x30\xd6\x41\x00\xfd\x9f\x28\xdf\x79\xbe\x94\xbb\x9d\xb6\x14\xe3\x23\x85\xd7\xa9\x41\xe0\x4c\xa4\x79\xb0\x2b\x1a\x8b\xf2\xf8\x3b\x8a\x3e\x45\xac\x71\x92\x00\xb4\x90\x41\x98\xfb\x5f\xed\xfa\xb7\x2e\x8a\xf8\x88\x37\x02\x03\x01\x00\x01\xa3\x13\x30\x11\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x67\xdb\xe2\xc2\xe6\x87\x3d\x40\x83\x86\x37\x35\x7d\x1f\xce\x9a\xc3\x0c\x66\x20\xa8\xba\xaa\x04\x89\x86\xc2\xf5\x10\x08\x0d\xbf\xcb\xa2\x05\x8a\xd0\x4d\x36\x3e\xf4\xd7\xef\x69\xc6\x5e\xe4\xb0\x94\x6f\x4a\xb9\xe7\xde\x5b\x88\xb6\x7b\xdb\xe3\x27\xe5\x76\xc3\xf0\x35\xc1\xcb\xb5\x27\x9b\x33\x79\xdc\x90\xa6\x00\x9e\x77\xfa\xfc\xcd\x27\x94\x42\x16\x9c\xd3\x1c\x68\xec\xbf\x5c\xdd\xe5\xa9\x7b\x10\x0a\x32\x74\x54\x13\x31\x8b\x85\x03\x84\x91\xb7\x58\x01\x30\x14\x38\xaf\x28\xca\xfc\xb1\x50\x19\x19\x09\xac\x89\x49\xd3", + ["Entrust Root Certification Authority"] = "\x30\x82\x04\x91\x30\x82\x03\x79\xa0\x03\x02\x01\x02\x02\x04\x45\x6b\x50\x54\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xb0\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x45\x6e\x74\x72\x75\x73\x74\x2c\x20\x49\x6e\x63\x2e\x31\x39\x30\x37\x06\x03\x55\x04\x0b\x13\x30\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x50\x53\x20\x69\x73\x20\x69\x6e\x63\x6f\x72\x70\x6f\x72\x61\x74\x65\x64\x20\x62\x79\x20\x72\x65\x66\x65\x72\x65\x6e\x63\x65\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x28\x63\x29\x20\x32\x30\x30\x36\x20\x45\x6e\x74\x72\x75\x73\x74\x2c\x20\x49\x6e\x63\x2e\x31\x2d\x30\x2b\x06\x03\x55\x04\x03\x13\x24\x45\x6e\x74\x72\x75\x73\x74\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x36\x31\x31\x32\x37\x32\x30\x32\x33\x34\x32\x5a\x17\x0d\x32\x36\x31\x31\x32\x37\x32\x30\x35\x33\x34\x32\x5a\x30\x81\xb0\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x45\x6e\x74\x72\x75\x73\x74\x2c\x20\x49\x6e\x63\x2e\x31\x39\x30\x37\x06\x03\x55\x04\x0b\x13\x30\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x50\x53\x20\x69\x73\x20\x69\x6e\x63\x6f\x72\x70\x6f\x72\x61\x74\x65\x64\x20\x62\x79\x20\x72\x65\x66\x65\x72\x65\x6e\x63\x65\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x28\x63\x29\x20\x32\x30\x30\x36\x20\x45\x6e\x74\x72\x75\x73\x74\x2c\x20\x49\x6e\x63\x2e\x31\x2d\x30\x2b\x06\x03\x55\x04\x03\x13\x24\x45\x6e\x74\x72\x75\x73\x74\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb6\x95\xb6\x43\x42\xfa\xc6\x6d\x2a\x6f\x48\xdf\x94\x4c\x39\x57\x05\xee\xc3\x79\x11\x41\x68\x36\xed\xec\xfe\x9a\x01\x8f\xa1\x38\x28\xfc\xf7\x10\x46\x66\x2e\x4d\x1e\x1a\xb1\x1a\x4e\xc6\xd1\xc0\x95\x88\xb0\xc9\xff\x31\x8b\x33\x03\xdb\xb7\x83\x7b\x3e\x20\x84\x5e\xed\xb2\x56\x28\xa7\xf8\xe0\xb9\x40\x71\x37\xc5\xcb\x47\x0e\x97\x2a\x68\xc0\x22\x95\x62\x15\xdb\x47\xd9\xf5\xd0\x2b\xff\x82\x4b\xc9\xad\x3e\xde\x4c\xdb\x90\x80\x50\x3f\x09\x8a\x84\x00\xec\x30\x0a\x3d\x18\xcd\xfb\xfd\x2a\x59\x9a\x23\x95\x17\x2c\x45\x9e\x1f\x6e\x43\x79\x6d\x0c\x5c\x98\xfe\x48\xa7\xc5\x23\x47\x5c\x5e\xfd\x6e\xe7\x1e\xb4\xf6\x68\x45\xd1\x86\x83\x5b\xa2\x8a\x8d\xb1\xe3\x29\x80\xfe\x25\x71\x88\xad\xbe\xbc\x8f\xac\x52\x96\x4b\xaa\x51\x8d\xe4\x13\x31\x19\xe8\x4e\x4d\x9f\xdb\xac\xb3\x6a\xd5\xbc\x39\x54\x71\xca\x7a\x7a\x7f\x90\xdd\x7d\x1d\x80\xd9\x81\xbb\x59\x26\xc2\x11\xfe\xe6\x93\xe2\xf7\x80\xe4\x65\xfb\x34\x37\x0e\x29\x80\x70\x4d\xaf\x38\x86\x2e\x9e\x7f\x57\xaf\x9e\x17\xae\xeb\x1c\xcb\x28\x21\x5f\xb6\x1c\xd8\xe7\xa2\x04\x22\xf9\xd3\xda\xd8\xcb\x02\x03\x01\x00\x01\xa3\x81\xb0\x30\x81\xad\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x2b\x06\x03\x55\x1d\x10\x04\x24\x30\x22\x80\x0f\x32\x30\x30\x36\x31\x31\x32\x37\x32\x30\x32\x33\x34\x32\x5a\x81\x0f\x32\x30\x32\x36\x31\x31\x32\x37\x32\x30\x35\x33\x34\x32\x5a\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x68\x90\xe4\x67\xa4\xa6\x53\x80\xc7\x86\x66\xa4\xf1\xf7\x4b\x43\xfb\x84\xbd\x6d\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x68\x90\xe4\x67\xa4\xa6\x53\x80\xc7\x86\x66\xa4\xf1\xf7\x4b\x43\xfb\x84\xbd\x6d\x30\x1d\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x10\x30\x0e\x1b\x08\x56\x37\x2e\x31\x3a\x34\x2e\x30\x03\x02\x04\x90\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x93\xd4\x30\xb0\xd7\x03\x20\x2a\xd0\xf9\x63\xe8\x91\x0c\x05\x20\xa9\x5f\x19\xca\x7b\x72\x4e\xd4\xb1\xdb\xd0\x96\xfb\x54\x5a\x19\x2c\x0c\x08\xf7\xb2\xbc\x85\xa8\x9d\x7f\x6d\x3b\x52\xb3\x2a\xdb\xe7\xd4\x84\x8c\x63\xf6\x0f\xcb\x26\x01\x91\x50\x6c\xf4\x5f\x14\xe2\x93\x74\xc0\x13\x9e\x30\x3a\x50\xe3\xb4\x60\xc5\x1c\xf0\x22\x44\x8d\x71\x47\xac\xc8\x1a\xc9\xe9\x9b\x9a\x00\x60\x13\xff\x70\x7e\x5f\x11\x4d\x49\x1b\xb3\x15\x52\x7b\xc9\x54\xda\xbf\x9d\x95\xaf\x6b\x9a\xd8\x9e\xe9\xf1\xe4\x43\x8d\xe2\x11\x44\x3a\xbf\xaf\xbd\x83\x42\x73\x52\x8b\xaa\xbb\xa7\x29\xcf\xf5\x64\x1c\x0a\x4d\xd1\xbc\xaa\xac\x9f\x2a\xd0\xff\x7f\x7f\xda\x7d\xea\xb1\xed\x30\x25\xc1\x84\xda\x34\xd2\x5b\x78\x83\x56\xec\x9c\x36\xc3\x26\xe2\x11\xf6\x67\x49\x1d\x92\xab\x8c\xfb\xeb\xff\x7a\xee\x85\x4a\xa7\x50\x80\xf0\xa7\x5c\x4a\x94\x2e\x5f\x05\x99\x3c\x52\x41\xe0\xcd\xb4\x63\xcf\x01\x43\xba\x9c\x83\xdc\x8f\x60\x3b\xf3\x5a\xb4\xb4\x7b\xae\xda\x0b\x90\x38\x75\xef\x81\x1d\x66\xd2\xf7\x57\x70\x36\xb3\xbf\xfc\x28\xaf\x71\x25\x85\x5b\x13\xfe\x1e\x7f\x5a\xb4\x3c", + ["AOL Time Warner Root Certification Authority 1"] = "\x30\x82\x03\xe6\x30\x82\x02\xce\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x83\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x49\x6e\x63\x2e\x31\x1c\x30\x1a\x06\x03\x55\x04\x0b\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x03\x13\x2e\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x31\x30\x1e\x17\x0d\x30\x32\x30\x35\x32\x39\x30\x36\x30\x30\x30\x30\x5a\x17\x0d\x33\x37\x31\x31\x32\x30\x31\x35\x30\x33\x30\x30\x5a\x30\x81\x83\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x49\x6e\x63\x2e\x31\x1c\x30\x1a\x06\x03\x55\x04\x0b\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x03\x13\x2e\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x99\xde\x8f\xc3\x25\xa3\x69\x34\xe8\x05\xf7\x74\xb9\xbf\x5a\x97\x19\xb9\x2f\x94\xd2\x93\xe5\x2d\x89\xca\x84\x7c\x3f\x10\x43\x1b\x8c\x8b\x7c\x84\x58\xf8\x24\x7c\x48\xcf\x2a\xfd\xc0\x15\xd9\x18\x7e\x84\x1a\x17\xd3\xdb\x9e\xd7\xca\xe4\xd9\xd7\xaa\x58\x51\x87\xf0\xf0\x8b\x48\x4e\xe2\xc2\xc4\x59\x69\x30\x62\xb6\x30\xa2\x8c\x0b\x11\x99\x61\x35\x6d\x7e\xef\xc5\xb1\x19\x06\x20\x12\x8e\x42\xe1\xdf\x0f\x96\x10\x52\xa8\xcf\x9c\x5f\x95\x14\xd8\xaf\x3b\x75\x0b\x31\x20\x1f\x44\x2f\xa2\x62\x41\xb3\xbb\x18\x21\xdb\xca\x71\x3c\x8c\xec\xb6\xb9\x0d\x9f\xef\x51\xef\x4d\x7b\x12\xf2\x0b\x0c\xe1\xac\x40\x8f\x77\x7f\xb0\xca\x78\x71\x0c\x5d\x16\x71\x70\xa2\xd7\xc2\x3a\x85\xcd\x0e\x9a\xc4\xe0\x00\xb0\xd5\x25\xea\xdc\x2b\xe4\x94\x2d\x38\x9c\x89\x41\x57\x64\x28\x65\x19\x1c\xb6\x44\xb4\xc8\x31\x6b\x8e\x01\x7b\x76\x59\x25\x7f\x15\x1c\x84\x08\x7c\x73\x65\x20\x0a\xa1\x04\x2e\x1a\x32\xa8\x9a\x20\xb1\x9c\x2c\x21\x59\xe7\xfb\xcf\xee\x70\x2d\x08\xca\x63\x3e\x2c\x9b\x93\x19\x6a\xa4\xc2\x97\xff\xb7\x86\x57\x88\x85\x6c\x9e\x15\x16\x2b\x4d\x2c\xb3\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xa1\x36\x30\x16\xcb\x86\x90\x00\x45\x80\x53\xb1\x8f\xc8\xd8\x3d\x7c\xbe\x5f\x12\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xa1\x36\x30\x16\xcb\x86\x90\x00\x45\x80\x53\xb1\x8f\xc8\xd8\x3d\x7c\xbe\x5f\x12\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8a\x20\x18\xa5\xbe\xb3\x2f\xb4\xa6\x84\x00\x40\x30\x29\xfa\xb4\x14\x73\x4c\x79\x45\xa7\xf6\x70\xe0\xe8\x7e\x64\x1e\x0a\x95\x7c\x6a\x61\xc2\xef\x4e\x1f\xbe\xff\xc9\x99\x1f\x07\x61\x4a\xe1\x5d\x4c\xcd\xad\xee\xd0\x52\x32\xd9\x59\x32\xbc\xda\x79\x72\xd6\x7b\x09\xe8\x02\x81\x35\xd3\x0a\xdf\x11\x1d\xc9\x79\xa0\x80\x4d\xfe\x5a\xd7\x56\xd6\xed\x0f\x2a\xaf\xa7\x18\x75\x33\x0c\xea\xc1\x61\x05\x4f\x6a\x9a\x89\xf2\x8d\xb9\x9f\x2e\xef\xb0\x5f\x5a\x00\xeb\xbe\xad\xa0\xf8\x44\x05\x67\xbc\xcb\x04\xef\x9e\x64\xc5\xe9\xc8\x3f\x05\xbf\xc6\x2f\x07\x1c\xc3\x36\x71\x86\xca\x38\x66\x4a\xcd\xd6\xb8\x4b\xc6\x6c\xa7\x97\x3b\xfa\x13\x2d\x6e\x23\x61\x87\xa1\x63\x42\xac\xc2\xcb\x97\x9f\x61\x68\xcf\x2d\x4c\x04\x9d\xd7\x25\x4f\x0a\x0e\x4d\x90\x8b\x18\x56\xa8\x93\x48\x57\xdc\x6f\xae\xbd\x9e\x67\x57\x77\x89\x50\xb3\xbe\x11\x9b\x45\x67\x83\x86\x19\x87\xd3\x98\xbd\x08\x1a\x16\x1f\x58\x82\x0b\xe1\x96\x69\x05\x4b\x8e\xec\x83\x51\x31\x07\xd5\xd4\x9f\xff\x59\x7b\xa8\x6e\x85\xcf\xd3\x4b\xa9\x49\xb0\x5f\xb0\x39\x28\x68\x0e\x73\xdd\x25\x9a\xde\x12", + ["AOL Time Warner Root Certification Authority 2"] = "\x30\x82\x05\xe6\x30\x82\x03\xce\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x83\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x49\x6e\x63\x2e\x31\x1c\x30\x1a\x06\x03\x55\x04\x0b\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x03\x13\x2e\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x32\x30\x1e\x17\x0d\x30\x32\x30\x35\x32\x39\x30\x36\x30\x30\x30\x30\x5a\x17\x0d\x33\x37\x30\x39\x32\x38\x32\x33\x34\x33\x30\x30\x5a\x30\x81\x83\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x49\x6e\x63\x2e\x31\x1c\x30\x1a\x06\x03\x55\x04\x0b\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x03\x13\x2e\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x32\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xb4\x37\x5a\x08\x16\x99\x14\xe8\x55\xb1\x1b\x24\x6b\xfc\xc7\x8b\xe6\x87\xa9\x89\xee\x8b\x99\xcd\x4f\x40\x86\xa4\xb6\x4d\xc9\xd9\xb1\xdc\x3c\x4d\x0d\x85\x4c\x15\x6c\x46\x8b\x52\x78\x9f\xf8\x23\xfd\x67\xf5\x24\x3a\x68\x5d\xd0\xf7\x64\x61\x41\x54\xa3\x8b\xa5\x08\xd2\x29\x5b\x9b\x60\x4f\x26\x83\xd1\x63\x12\x56\x49\x76\xa4\x16\xc2\xa5\x9d\x45\xac\x8b\x84\x95\xa8\x16\xb1\xec\x9f\xea\x24\x1a\xef\xb9\x57\x5c\x9a\x24\x21\x2c\x4d\x0e\x71\x1f\xa6\xac\x5d\x45\x74\x03\x98\xc4\x54\x8c\x16\x4a\x41\x77\x86\x95\x75\x0c\x47\x01\x66\x60\xfc\x15\xf1\x0f\xea\xf5\x14\x78\xc7\x0e\xd7\x6e\x81\x1c\x5e\xbf\x5e\xe7\x3a\x2a\xd8\x97\x17\x30\x7c\x00\xad\x08\x9d\x33\xaf\xb8\x99\x61\x80\x8b\xa8\x95\x7e\x14\xdc\x12\x6c\xa4\xd0\xd8\xef\x40\x49\x02\x36\xf9\x6e\xa9\xd6\x1d\x96\x56\x04\xb2\xb3\x2d\x16\x56\x86\x8f\xd9\x20\x57\x80\xcd\x67\x10\x6d\xb0\x4c\xf0\xda\x46\xb6\xea\x25\x2e\x46\xaf\x8d\xb0\x85\x38\x34\x8b\x14\x26\x82\x2b\xac\xae\x99\x0b\x8e\x14\xd7\x52\xbd\x9e\x69\xc3\x86\x02\x0b\xea\x76\x75\x31\x09\xce\x33\x19\x21\x85\x43\xe6\x89\x2d\x9f\x25\x37\x67\xf1\x23\x6a\xd2\x00\x6d\x97\xf9\x9f\xe7\x29\xca\xdd\x1f\xd7\x06\xea\xb8\xc9\xb9\x09\x21\x9f\xc8\x3f\x06\xc5\xd2\xe9\x12\x46\x00\x4e\x7b\x08\xeb\x42\x3d\x2b\x48\x6e\x9d\x67\xdd\x4b\x02\xe4\x44\xf3\x93\x19\xa5\x27\xce\x69\x7a\xbe\x67\xd3\xfc\x50\xa4\x2c\xab\xc3\x6b\xb9\xe3\x80\x4c\xcf\x05\x61\x4b\x2b\xdc\x1b\xb9\xa6\xd2\xd0\xaa\xf5\x2b\x73\xfb\xce\x90\x35\x9f\x0c\x52\x1c\xbf\x5c\x21\x61\x11\x5b\x15\x4b\xa9\x24\x51\xfc\xa4\x5c\xf7\x17\x9d\xb0\xd2\xfa\x07\xe9\x8f\x56\xe4\x1a\x8c\x68\x8a\x04\xd3\x7c\x5a\xe3\x9e\xa2\xa1\xca\x71\x5b\xa2\xd4\xa0\xe7\x29\x85\x5d\x03\x68\x2a\x4f\xd2\x06\xd7\x3d\xf9\xc3\x03\x2f\x3f\x65\xf9\x67\x1e\x47\x40\xd3\x63\x0f\xe3\xd5\x8e\xf9\x85\xab\x97\x4c\xb3\xd7\x26\xeb\x96\x0a\x94\xde\x85\x36\x9c\xc8\x7f\x81\x09\x02\x49\x2a\x0e\xf5\x64\x32\x0c\x82\xd1\xba\x6a\x82\x1b\xb3\x4b\x74\x11\xf3\x8c\x77\xd6\x9f\xbf\xdc\x37\xa4\xa7\x55\x04\x2f\xd4\x31\xe8\xd3\x46\xb9\x03\x7c\xda\x12\x4e\x59\x64\xb7\x51\x31\x31\x50\xa0\xca\x1c\x27\xd9\x10\x2e\xad\xd6\xbd\x10\x66\x2b\xc3\xb0\x22\x4a\x12\x5b\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x4f\x69\x6d\x03\x7e\x9d\x9f\x07\x18\x43\xbc\xb7\x10\x4e\xd5\xbf\xa9\xc4\x20\x28\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x4f\x69\x6d\x03\x7e\x9d\x9f\x07\x18\x43\xbc\xb7\x10\x4e\xd5\xbf\xa9\xc4\x20\x28\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x3b\xf3\xae\xca\xe8\x2e\x87\x85\xfb\x65\x59\xe7\xad\x11\x14\xa5\x57\xbc\x58\x9f\x24\x12\x57\xbb\xfb\x3f\x34\xda\xee\xad\x7a\x2a\x34\x72\x70\x31\x6b\xc7\x19\x98\x80\xc9\x82\xde\x37\x77\x5e\x54\x8b\x8e\xf2\xea\x67\x4f\xc9\x74\x84\x91\x56\x09\xd5\xe5\x7a\x9a\x81\xb6\x81\xc2\xad\x36\xe4\xf1\x54\x11\x53\xf3\x34\x45\x01\x26\xc8\xe5\x1a\xbc\x34\x44\x21\xde\xad\x25\xfc\x76\x16\x77\x21\x90\x80\x98\x57\x9d\x4e\xea\xec\x2f\xaa\x3c\x14\x7b\x57\xc1\x7e\x18\x14\x67\xee\x24\xc6\xbd\xba\x15\xb0\xd2\x18\xbd\xb7\x55\x81\xac\x53\xc0\xe8\xdd\x69\x12\x13\x42\xb7\x02\xb5\x05\x41\xca\x79\x50\x6e\x82\x0e\x71\x72\x93\x46\xe8\x9d\x0d\x5d\xbd\xae\xce\x29\xad\x63\xd5\x55\x16\x80\x30\x27\xff\x76\xba\xf7\xb8\xd6\x4a\xe3\xd9\xb5\xf9\x52\xd0\x4e\x40\xa9\xc7\xe5\xc2\x32\xc7\xaa\x76\x24\xe1\x6b\x05\x50\xeb\xc5\xbf\x0a\x54\xe5\xb9\x42\x3c\x24\xfb\xb7\x07\x9c\x30\x9f\x79\x5a\xe6\xe0\x40\x52\x15\xf4\xfc\xaa\xf4\x56\xf9\x44\x97\x87\xed\x0e\x65\x72\x5e\xbe\x26\xfb\x4d\xa4\x2d\x08\x07\xde\xd8\x5c\xa0\xdc\x81\x33\x99\x18\x25\x11\x77\xa7\xeb\xfd\x58\x09\x2c\x99\x6b\x1b\x8a\xf3\x52\x3f\x1a\x4d\x48\x60\xf1\xa0\xf6\x33\x02\x53\x8b\xed\x25\x09\xb8\x0d\x2d\xed\x97\x73\xec\xd7\x96\x1f\x8e\x60\x0e\xda\x10\x9b\x2f\x18\x24\xf6\xa6\x4d\x0a\xf9\x3b\xcb\x75\xc2\xcc\x2f\xce\x24\x69\xc9\x0a\x22\x8e\x59\xa7\xf7\x82\x0c\xd7\xd7\x6b\x35\x9c\x43\x00\x6a\xc4\x95\x67\xba\x9c\x45\xcb\xb8\x0e\x37\xf7\xdc\x4e\x01\x4f\xbe\x0a\xb6\x03\xd3\xad\x8a\x45\xf7\xda\x27\x4d\x29\xb1\x48\xdf\xe4\x11\xe4\x96\x46\xbd\x6c\x02\x3e\xd6\x51\xc8\x95\x17\x01\x15\xa9\xf2\xaa\xaa\xf2\xbf\x2f\x65\x1b\x6f\xd0\xb9\x1a\x93\xf5\x8e\x35\xc4\x80\x87\x3e\x94\x2f\x66\xe4\xe9\xa8\xff\x41\x9c\x70\x2a\x4f\x2a\x39\x18\x95\x1e\x7e\xfb\x61\x01\x3c\x51\x08\x2e\x28\x18\xa4\x16\x0f\x31\xfd\x3a\x6c\x23\x93\x20\x76\xe1\xfd\x07\x85\xd1\x5b\x3f\xd2\x1c\x73\x32\xdd\xfa\xb9\xf8\x8c\xcf\x02\x87\x7a\x9a\x96\xe4\xed\x4f\x89\x8d\x53\x43\xab\x0e\x13\xc0\x01\x15\xb4\x79\x38\xdb\xfc\x6e\x3d\x9e\x51\xb6\xb8\x13\x8b\x67\xcf\xf9\x7c\xd9\x22\x1d\xf6\x5d\xc5\x1c\x01\x2f\x98\xe8\x7a\x24\x18\xbc\x84\xd7\xfa\xdc\x72\x5b\xf7\xc1\x3a\x68", + ["RSA Security 2048 v3"] = "\x30\x82\x03\x61\x30\x82\x02\x49\xa0\x03\x02\x01\x02\x02\x10\x0a\x01\x01\x01\x00\x00\x02\x7c\x00\x00\x00\x0a\x00\x00\x00\x02\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3a\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x52\x53\x41\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x49\x6e\x63\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x52\x53\x41\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x32\x30\x34\x38\x20\x56\x33\x30\x1e\x17\x0d\x30\x31\x30\x32\x32\x32\x32\x30\x33\x39\x32\x33\x5a\x17\x0d\x32\x36\x30\x32\x32\x32\x32\x30\x33\x39\x32\x33\x5a\x30\x3a\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x52\x53\x41\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x49\x6e\x63\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x52\x53\x41\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x32\x30\x34\x38\x20\x56\x33\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb7\x8f\x55\x71\xd2\x80\xdd\x7b\x69\x79\xa7\xf0\x18\x50\x32\x3c\x62\x67\xf6\x0a\x95\x07\xdd\xe6\x1b\xf3\x9e\xd9\xd2\x41\x54\x6b\xad\x9f\x7c\xbe\x19\xcd\xfb\x46\xab\x41\x68\x1e\x18\xea\x55\xc8\x2f\x91\x78\x89\x28\xfb\x27\x29\x60\xff\xdf\x8f\x8c\x3b\xc9\x49\x9b\xb5\xa4\x94\xce\x01\xea\x3e\xb5\x63\x7b\x7f\x26\xfd\x19\xdd\xc0\x21\xbd\x84\xd1\x2d\x4f\x46\xc3\x4e\xdc\xd8\x37\x39\x3b\x28\xaf\xcb\x9d\x1a\xea\x2b\xaf\x21\xa5\xc1\x23\x22\xb8\xb8\x1b\x5a\x13\x87\x57\x83\xd1\xf0\x20\xe7\xe8\x4f\x23\x42\xb0\x00\xa5\x7d\x89\xe9\xe9\x61\x73\x94\x98\x71\x26\xbc\x2d\x6a\xe0\xf7\x4d\xf0\xf1\xb6\x2a\x38\x31\x81\x0d\x29\xe1\x00\xc1\x51\x0f\x4c\x52\xf8\x04\x5a\xaa\x7d\x72\xd3\xb8\x87\x2a\xbb\x63\x10\x03\x2a\xb3\xa1\x4f\x0d\x5a\x5e\x46\xb7\x3d\x0e\xf5\x74\xec\x99\x9f\xf9\x3d\x24\x81\x88\xa6\xdd\x60\x54\xe8\x95\x36\x3d\xc6\x09\x93\x9a\xa3\x12\x80\x00\x55\x99\x19\x47\xbd\xd0\xa5\x7c\xc3\xba\xfb\x1f\xf7\xf5\x0f\xf8\xac\xb9\xb5\xf4\x37\x98\x13\x18\xde\x85\x5b\xb7\x0c\x82\x3b\x87\x6f\x95\x39\x58\x30\xda\x6e\x01\x68\x17\x22\xcc\xc0\x0b\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x07\xc3\x51\x30\xa4\xaa\xe9\x45\xae\x35\x24\xfa\xff\x24\x2c\x33\xd0\xb1\x9d\x8c\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x07\xc3\x51\x30\xa4\xaa\xe9\x45\xae\x35\x24\xfa\xff\x24\x2c\x33\xd0\xb1\x9d\x8c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5f\x3e\x86\x76\x6e\xb8\x35\x3c\x4e\x36\x1c\x1e\x79\x98\xbf\xfd\xd5\x12\x11\x79\x52\x0e\xee\x31\x89\xbc\xdd\x7f\xf9\xd1\xc6\x15\x21\xe8\x8a\x01\x54\x0d\x3a\xfb\x54\xb9\xd6\x63\xd4\xb1\xaa\x96\x4d\xa2\x42\x4d\xd4\x53\x1f\x8b\x10\xde\x7f\x65\xbe\x60\x13\x27\x71\x88\xa4\x73\xe3\x84\x63\xd1\xa4\x55\xe1\x50\x93\xe6\x1b\x0e\x79\xd0\x67\xbc\x46\xc8\xbf\x3f\x17\x0d\x95\xe6\xc6\x90\x69\xde\xe7\xb4\x2f\xde\x95\x7d\xd0\x12\x3f\x3d\x3e\x7f\x4d\x3f\x14\x68\xf5\x11\x50\xd5\xc1\xf4\x90\xa5\x08\x1d\x31\x60\xff\x60\x8c\x23\x54\x0a\xaf\xfe\xa1\x6e\xc5\xd1\x7a\x2a\x68\x78\xcf\x1e\x82\x0a\x20\xb4\x1f\xad\xe5\x85\xb2\x6a\x68\x75\x4e\xad\x25\x37\x94\x85\xbe\xbd\xa1\xd4\xea\xb7\x0c\x4b\x3c\x9d\xe8\x12\x00\xf0\x5f\xac\x0d\xe1\xac\x70\x63\x73\xf7\x7f\x79\x9f\x32\x25\x42\x74\x05\x80\x28\xbf\xbd\xc1\x24\x96\x58\x15\xb1\x17\x21\xe9\x89\x4b\xdb\x07\x88\x67\xf4\x15\xad\x70\x3e\x2f\x4d\x85\x3b\xc2\xb7\xdb\xfe\x98\x68\x23\x89\xe1\x74\x0f\xde\xf4\xc5\x84\x63\x29\x1b\xcc\xcb\x07\xc9\x00\xa4\xa9\xd7\xc2\x22\x4f\x67\xd7\x77\xec\x20\x05\x61\xde", + ["GeoTrust Global CA"] = "\x30\x82\x03\x54\x30\x82\x02\x3c\xa0\x03\x02\x01\x02\x02\x03\x02\x34\x56\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x42\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x41\x30\x1e\x17\x0d\x30\x32\x30\x35\x32\x31\x30\x34\x30\x30\x30\x30\x5a\x17\x0d\x32\x32\x30\x35\x32\x31\x30\x34\x30\x30\x30\x30\x5a\x30\x42\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xda\xcc\x18\x63\x30\xfd\xf4\x17\x23\x1a\x56\x7e\x5b\xdf\x3c\x6c\x38\xe4\x71\xb7\x78\x91\xd4\xbc\xa1\xd8\x4c\xf8\xa8\x43\xb6\x03\xe9\x4d\x21\x07\x08\x88\xda\x58\x2f\x66\x39\x29\xbd\x05\x78\x8b\x9d\x38\xe8\x05\xb7\x6a\x7e\x71\xa4\xe6\xc4\x60\xa6\xb0\xef\x80\xe4\x89\x28\x0f\x9e\x25\xd6\xed\x83\xf3\xad\xa6\x91\xc7\x98\xc9\x42\x18\x35\x14\x9d\xad\x98\x46\x92\x2e\x4f\xca\xf1\x87\x43\xc1\x16\x95\x57\x2d\x50\xef\x89\x2d\x80\x7a\x57\xad\xf2\xee\x5f\x6b\xd2\x00\x8d\xb9\x14\xf8\x14\x15\x35\xd9\xc0\x46\xa3\x7b\x72\xc8\x91\xbf\xc9\x55\x2b\xcd\xd0\x97\x3e\x9c\x26\x64\xcc\xdf\xce\x83\x19\x71\xca\x4e\xe6\xd4\xd5\x7b\xa9\x19\xcd\x55\xde\xc8\xec\xd2\x5e\x38\x53\xe5\x5c\x4f\x8c\x2d\xfe\x50\x23\x36\xfc\x66\xe6\xcb\x8e\xa4\x39\x19\x00\xb7\x95\x02\x39\x91\x0b\x0e\xfe\x38\x2e\xd1\x1d\x05\x9a\xf6\x4d\x3e\x6f\x0f\x07\x1d\xaf\x2c\x1e\x8f\x60\x39\xe2\xfa\x36\x53\x13\x39\xd4\x5e\x26\x2b\xdb\x3d\xa8\x14\xbd\x32\xeb\x18\x03\x28\x52\x04\x71\xe5\xab\x33\x3d\xe1\x38\xbb\x07\x36\x84\x62\x9c\x79\xea\x16\x30\xf4\x5f\xc0\x2b\xe8\x71\x6b\xe4\xf9\x02\x03\x01\x00\x01\xa3\x53\x30\x51\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xc0\x7a\x98\x68\x8d\x89\xfb\xab\x05\x64\x0c\x11\x7d\xaa\x7d\x65\xb8\xca\xcc\x4e\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xc0\x7a\x98\x68\x8d\x89\xfb\xab\x05\x64\x0c\x11\x7d\xaa\x7d\x65\xb8\xca\xcc\x4e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x35\xe3\x29\x6a\xe5\x2f\x5d\x54\x8e\x29\x50\x94\x9f\x99\x1a\x14\xe4\x8f\x78\x2a\x62\x94\xa2\x27\x67\x9e\xd0\xcf\x1a\x5e\x47\xe9\xc1\xb2\xa4\xcf\xdd\x41\x1a\x05\x4e\x9b\x4b\xee\x4a\x6f\x55\x52\xb3\x24\xa1\x37\x0a\xeb\x64\x76\x2a\x2e\x2c\xf3\xfd\x3b\x75\x90\xbf\xfa\x71\xd8\xc7\x3d\x37\xd2\xb5\x05\x95\x62\xb9\xa6\xde\x89\x3d\x36\x7b\x38\x77\x48\x97\xac\xa6\x20\x8f\x2e\xa6\xc9\x0c\xc2\xb2\x99\x45\x00\xc7\xce\x11\x51\x22\x22\xe0\xa5\xea\xb6\x15\x48\x09\x64\xea\x5e\x4f\x74\xf7\x05\x3e\xc7\x8a\x52\x0c\xdb\x15\xb4\xbd\x6d\x9b\xe5\xc6\xb1\x54\x68\xa9\xe3\x69\x90\xb6\x9a\xa5\x0f\xb8\xb9\x3f\x20\x7d\xae\x4a\xb5\xb8\x9c\xe4\x1d\xb6\xab\xe6\x94\xa5\xc1\xc7\x83\xad\xdb\xf5\x27\x87\x0e\x04\x6c\xd5\xff\xdd\xa0\x5d\xed\x87\x52\xb7\x2b\x15\x02\xae\x39\xa6\x6a\x74\xe9\xda\xc4\xe7\xbc\x4d\x34\x1e\xa9\x5c\x4d\x33\x5f\x92\x09\x2f\x88\x66\x5d\x77\x97\xc7\x1d\x76\x13\xa9\xd5\xe5\xf1\x16\x09\x11\x35\xd5\xac\xdb\x24\x71\x70\x2c\x98\x56\x0b\xd9\x17\xb4\xd1\xe3\x51\x2b\x5e\x75\xe8\xd5\xd0\xdc\x4f\x34\xed\xc2\x05\x66\x80\xa1\xcb\xe6\x33", + ["GeoTrust Global CA 2"] = "\x30\x82\x03\x66\x30\x82\x02\x4e\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x44\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x1d\x30\x1b\x06\x03\x55\x04\x03\x13\x14\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x41\x20\x32\x30\x1e\x17\x0d\x30\x34\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5a\x17\x0d\x31\x39\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5a\x30\x44\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x1d\x30\x1b\x06\x03\x55\x04\x03\x13\x14\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x41\x20\x32\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xef\x3c\x4d\x40\x3d\x10\xdf\x3b\x53\x00\xe1\x67\xfe\x94\x60\x15\x3e\x85\x88\xf1\x89\x0d\x90\xc8\x28\x23\x99\x05\xe8\x2b\x20\x9d\xc6\xf3\x60\x46\xd8\xc1\xb2\xd5\x8c\x31\xd9\xdc\x20\x79\x24\x81\xbf\x35\x32\xfc\x63\x69\xdb\xb1\x2a\x6b\xee\x21\x58\xf2\x08\xe9\x78\xcb\x6f\xcb\xfc\x16\x52\xc8\x91\xc4\xff\x3d\x73\xde\xb1\x3e\xa7\xc2\x7d\x66\xc1\xf5\x7e\x52\x24\x1a\xe2\xd5\x67\x91\xd0\x82\x10\xd7\x78\x4b\x4f\x2b\x42\x39\xbd\x64\x2d\x40\xa0\xb0\x10\xd3\x38\x48\x46\x88\xa1\x0c\xbb\x3a\x33\x2a\x62\x98\xfb\x00\x9d\x13\x59\x7f\x6f\x3b\x72\xaa\xee\xa6\x0f\x86\xf9\x05\x61\xea\x67\x7f\x0c\x37\x96\x8b\xe6\x69\x16\x47\x11\xc2\x27\x59\x03\xb3\xa6\x60\xc2\x21\x40\x56\xfa\xa0\xc7\x7d\x3a\x13\xe3\xec\x57\xc7\xb3\xd6\xae\x9d\x89\x80\xf7\x01\xe7\x2c\xf6\x96\x2b\x13\x0d\x79\x2c\xd9\xc0\xe4\x86\x7b\x4b\x8c\x0c\x72\x82\x8a\xfb\x17\xcd\x00\x6c\x3a\x13\x3c\xb0\x84\x87\x4b\x16\x7a\x29\xb2\x4f\xdb\x1d\xd4\x0b\xf3\x66\x37\xbd\xd8\xf6\x57\xbb\x5e\x24\x7a\xb8\x3c\x8b\xb9\xfa\x92\x1a\x1a\x84\x9e\xd8\x74\x8f\xaa\x1b\x7f\x5e\xf4\xfe\x45\x22\x21\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x71\x38\x36\xf2\x02\x31\x53\x47\x2b\x6e\xba\x65\x46\xa9\x10\x15\x58\x20\x05\x09\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x71\x38\x36\xf2\x02\x31\x53\x47\x2b\x6e\xba\x65\x46\xa9\x10\x15\x58\x20\x05\x09\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xf7\xb5\x2b\xab\x5d\x10\xfc\x7b\xb2\xb2\x5e\xac\x9b\x0e\x7e\x53\x78\x59\x3e\x42\x04\xfe\x75\xa3\xad\xac\x81\x4e\xd7\x02\x8b\x5e\xc4\x2d\xc8\x52\x76\xc7\x2c\x1f\xfc\x81\x32\x98\xd1\x4b\xc6\x92\x93\x33\x35\x31\x2f\xfc\xd8\x1d\x44\xdd\xe0\x81\x7f\x9d\xe9\x8b\xe1\x64\x91\x62\x0b\x39\x08\x8c\xac\x74\x9d\x59\xd9\x7a\x59\x52\x97\x11\xb9\x16\x7b\x6f\x45\xd3\x96\xd9\x31\x7d\x02\x36\x0f\x9c\x3b\x6e\xcf\x2c\x0d\x03\x46\x45\xeb\xa0\xf4\x7f\x48\x44\xc6\x08\x40\xcc\xde\x1b\x70\xb5\x29\xad\xba\x8b\x3b\x34\x65\x75\x1b\x71\x21\x1d\x2c\x14\x0a\xb0\x96\x95\xb8\xd6\xea\xf2\x65\xfb\x29\xba\x4f\xea\x91\x93\x74\x69\xb6\xf2\xff\xe1\x1a\xd0\x0c\xd1\x76\x85\xcb\x8a\x25\xbd\x97\x5e\x2c\x6f\x15\x99\x26\xe7\xb6\x29\xff\x22\xec\xc9\x02\xc7\x56\x00\xcd\x49\xb9\xb3\x6c\x7b\x53\x04\x1a\xe2\xa8\xc9\xaa\x12\x05\x23\xc2\xce\xe7\xbb\x04\x02\xcc\xc0\x47\xa2\xe4\xc4\x29\x2f\x5b\x45\x57\x89\x51\xee\x3c\xeb\x52\x08\xff\x07\x35\x1e\x9f\x35\x6a\x47\x4a\x56\x98\xd1\x5a\x85\x1f\x8c\xf5\x22\xbf\xab\xce\x83\xf3\xe2\x22\x29\xae\x7d\x83\x40\xa8\xba\x6c", + ["GeoTrust Universal CA"] = "\x30\x82\x05\x68\x30\x82\x03\x50\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x1e\x30\x1c\x06\x03\x55\x04\x03\x13\x15\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x30\x1e\x17\x0d\x30\x34\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5a\x17\x0d\x32\x39\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5a\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x1e\x30\x1c\x06\x03\x55\x04\x03\x13\x15\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xa6\x15\x55\xa0\xa3\xc6\xe0\x1f\x8c\x9d\x21\x50\xd7\xc1\xbe\x2b\x5b\xb5\xa4\x9e\xa1\xd9\x72\x58\xbd\x00\x1b\x4c\xbf\x61\xc9\x14\x1d\x45\x82\xab\xc6\x1d\x80\xd6\x3d\xeb\x10\x9c\x3a\xaf\x6d\x24\xf8\xbc\x71\x01\x9e\x06\xf5\x7c\x5f\x1e\xc1\x0e\x55\xca\x83\x9a\x59\x30\xae\x19\xcb\x30\x48\x95\xed\x22\x37\x8d\xf4\x4a\x9a\x72\x66\x3e\xad\x95\xc0\xe0\x16\x00\xe0\x10\x1f\x2b\x31\x0e\xd7\x94\x54\xd3\x42\x33\xa0\x34\x1d\x1e\x45\x76\xdd\x4f\xca\x18\x37\xec\x85\x15\x7a\x19\x08\xfc\xd5\xc7\x9c\xf0\xf2\xa9\x2e\x10\xa9\x92\xe6\x3d\x58\x3d\xa9\x16\x68\x3c\x2f\x75\x21\x18\x7f\x28\x77\xa5\xe1\x61\x17\xb7\xa6\xe9\xf8\x1e\x99\xdb\x73\x6e\xf4\x0a\xa2\x21\x6c\xee\xda\xaa\x85\x92\x66\xaf\xf6\x7a\x6b\x82\xda\xba\x22\x08\x35\x0f\xcf\x42\xf1\x35\xfa\x6a\xee\x7e\x2b\x25\xcc\x3a\x11\xe4\x6d\xaf\x73\xb2\x76\x1d\xad\xd0\xb2\x78\x67\x1a\xa4\x39\x1c\x51\x0b\x67\x56\x83\xfd\x38\x5d\x0d\xce\xdd\xf0\xbb\x2b\x96\x1f\xde\x7b\x32\x52\xfd\x1d\xbb\xb5\x06\xa1\xb2\x21\x5e\xa5\xd6\x95\x68\x7f\xf0\x99\x9e\xdc\x45\x08\x3e\xe7\xd2\x09\x0d\x35\x94\xdd\x80\x4e\x53\x97\xd7\xb5\x09\x44\x20\x64\x16\x17\x03\x02\x4c\x53\x0d\x68\xde\xd5\xaa\x72\x4d\x93\x6d\x82\x0e\xdb\x9c\xbd\xcf\xb4\xf3\x5c\x5d\x54\x7a\x69\x09\x96\xd6\xdb\x11\xc1\x8d\x75\xa8\xb4\xcf\x39\xc8\xce\x3c\xbc\x24\x7c\xe6\x62\xca\xe1\xbd\x7d\xa7\xbd\x57\x65\x0b\xe4\xfe\x25\xed\xb6\x69\x10\xdc\x28\x1a\x46\xbd\x01\x1d\xd0\x97\xb5\xe1\x98\x3b\xc0\x37\x64\xd6\x3d\x94\xee\x0b\xe1\xf5\x28\xae\x0b\x56\xbf\x71\x8b\x23\x29\x41\x8e\x86\xc5\x4b\x52\x7b\xd8\x71\xab\x1f\x8a\x15\xa6\x3b\x83\x5a\xd7\x58\x01\x51\xc6\x4c\x41\xd9\x7f\xd8\x41\x67\x72\xa2\x28\xdf\x60\x83\xa9\x9e\xc8\x7b\xfc\x53\x73\x72\x59\xf5\x93\x7a\x17\x76\x0e\xce\xf7\xe5\x5c\xd9\x0b\x55\x34\xa2\xaa\x5b\xb5\x6a\x54\xe7\x13\xca\x57\xec\x97\x6d\xf4\x5e\x06\x2f\x45\x8b\x58\xd4\x23\x16\x92\xe4\x16\x6e\x28\x63\x59\x30\xdf\x50\x01\x9c\x63\x89\x1a\x9f\xdb\x17\x94\x82\x70\x37\xc3\x24\x9e\x9a\x47\xd6\x5a\xca\x4e\xa8\x69\x89\x72\x1f\x91\x6c\xdb\x7e\x9e\x1b\xad\xc7\x1f\x73\xdd\x2c\x4f\x19\x65\xfd\x7f\x93\x40\x10\x2e\xd2\xf0\xed\x3c\x9e\x2e\x28\x3e\x69\x26\x33\xc5\x7b\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xda\xbb\x2e\xaa\xb0\x0c\xb8\x88\x26\x51\x74\x5c\x6d\x03\xd3\xc0\xd8\x8f\x7a\xd6\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xda\xbb\x2e\xaa\xb0\x0c\xb8\x88\x26\x51\x74\x5c\x6d\x03\xd3\xc0\xd8\x8f\x7a\xd6\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x31\x78\xe6\xc7\xb5\xdf\xb8\x94\x40\xc9\x71\xc4\xa8\x35\xec\x46\x1d\xc2\x85\xf3\x28\x58\x86\xb0\x0b\xfc\x8e\xb2\x39\x8f\x44\x55\xab\x64\x84\x5c\x69\xa9\xd0\x9a\x38\x3c\xfa\xe5\x1f\x35\xe5\x44\xe3\x80\x79\x94\x68\xa4\xbb\xc4\x9f\x3d\xe1\x34\xcd\x30\x46\x8b\x54\x2b\x95\xa5\xef\xf7\x3f\x99\x84\xfd\x35\xe6\xcf\x31\xc6\xdc\x6a\xbf\xa7\xd7\x23\x08\xe1\x98\x5e\xc3\x5a\x08\x76\xa9\xa6\xaf\x77\x2f\xb7\x60\xbd\x44\x46\x6a\xef\x97\xff\x73\x95\xc1\x8e\xe8\x93\xfb\xfd\x31\xb7\xec\x57\x11\x11\x45\x9b\x30\xf1\x1a\x88\x39\xc1\x4f\x3c\xa7\x00\xd5\xc7\xfc\xab\x6d\x80\x22\x70\xa5\x0c\xe0\x5d\x04\x29\x02\xfb\xcb\xa0\x91\xd1\x7c\xd6\xc3\x7e\x50\xd5\x9d\x58\xbe\x41\x38\xeb\xb9\x75\x3c\x15\xd9\x9b\xc9\x4a\x83\x59\xc0\xda\x53\xfd\x33\xbb\x36\x18\x9b\x85\x0f\x15\xdd\xee\x2d\xac\x76\x93\xb9\xd9\x01\x8d\x48\x10\xa8\xfb\xf5\x38\x86\xf1\xdb\x0a\xc6\xbd\x84\xa3\x23\x41\xde\xd6\x77\x6f\x85\xd4\x85\x1c\x50\xe0\xae\x51\x8a\xba\x8d\x3e\x76\xe2\xb9\xca\x27\xf2\x5f\x9f\xef\x6e\x59\x0d\x06\xd8\x2b\x17\xa4\xd2\x7c\x6b\xbb\x5f\x14\x1a\x48\x8f\x1a\x4c\xe7\xb3\x47\x1c\x8e\x4c\x45\x2b\x20\xee\x48\xdf\xe7\xdd\x09\x8e\x18\xa8\xda\x40\x8d\x92\x26\x11\x53\x61\x73\x5d\xeb\xbd\xe7\xc4\x4d\x29\x37\x61\xeb\xac\x39\x2d\x67\x2e\x16\xd6\xf5\x00\x83\x85\xa1\xcc\x7f\x76\xc4\x7d\xe4\xb7\x4b\x66\xef\x03\x45\x60\x69\xb6\x0c\x52\x96\x92\x84\x5e\xa6\xa3\xb5\xa4\x3e\x2b\xd9\xcc\xd8\x1b\x47\xaa\xf2\x44\xda\x4f\xf9\x03\xe8\xf0\x14\xcb\x3f\xf3\x83\xde\xd0\xc1\x54\xe3\xb7\xe8\x0a\x37\x4d\x8b\x20\x59\x03\x30\x19\xa1\x2c\xc8\xbd\x11\x1f\xdf\xae\xc9\x4a\xc5\xf3\x27\x66\x66\x86\xac\x68\x91\xff\xd9\xe6\x53\x1c\x0f\x8b\x5c\x69\x65\x0a\x26\xc8\x1e\x34\xc3\x5d\x51\x7b\xd7\xa9\x9c\x06\xa1\x36\xdd\xd5\x89\x94\xbc\xd9\xe4\x2d\x0c\x5e\x09\x6c\x08\x97\x7c\xa3\x3d\x7c\x93\xff\x3f\xa1\x14\xa7\xcf\xb5\x5d\xeb\xdb\xdb\x1c\xc4\x76\xdf\x88\xb9\xbd\x45\x05\x95\x1b\xae\xfc\x46\x6a\x4c\xaf\x48\xe3\xce\xae\x0f\xd2\x7e\xeb\xe6\x6c\x9c\x4f\x81\x6a\x7a\x64\xac\xbb\x3e\xd5\xe7\xcb\x76\x2e\xc5\xa7\x48\xc1\x5c\x90\x0f\xcb\xc8\x3f\xfa\xe6\x32\xe1\x8d\x1b\x6f\xa4\xe6\x8e\xd8\xf9\x29\x48\x8a\xce\x73\xfe\x2c", + ["GeoTrust Universal CA 2"] = "\x30\x82\x05\x6c\x30\x82\x03\x54\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x47\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x20\x32\x30\x1e\x17\x0d\x30\x34\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5a\x17\x0d\x32\x39\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5a\x30\x47\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x20\x32\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xb3\x54\x52\xc1\xc9\x3e\xf2\xd9\xdc\xb1\x53\x1a\x59\x29\xe7\xb1\xc3\x45\x28\xe5\xd7\xd1\xed\xc5\xc5\x4b\xa1\xaa\x74\x7b\x57\xaf\x4a\x26\xfc\xd8\xf5\x5e\xa7\x6e\x19\xdb\x74\x0c\x4f\x35\x5b\x32\x0b\x01\xe3\xdb\xeb\x7a\x77\x35\xea\xaa\x5a\xe0\xd6\xe8\xa1\x57\x94\xf0\x90\xa3\x74\x56\x94\x44\x30\x03\x1e\x5c\x4e\x2b\x85\x26\x74\x82\x7a\x0c\x76\xa0\x6f\x4d\xce\x41\x2d\xa0\x15\x06\x14\x5f\xb7\x42\xcd\x7b\x8f\x58\x61\x34\xdc\x2a\x08\xf9\x2e\xc3\x01\xa6\x22\x44\x1c\x4c\x07\x82\xe6\x5b\xce\xd0\x4a\x7c\x04\xd3\x19\x73\x27\xf0\xaa\x98\x7f\x2e\xaf\x4e\xeb\x87\x1e\x24\x77\x6a\x5d\xb6\xe8\x5b\x45\xba\xdc\xc3\xa1\x05\x6f\x56\x8e\x8f\x10\x26\xa5\x49\xc3\x2e\xd7\x41\x87\x22\xe0\x4f\x86\xca\x60\xb5\xea\xa1\x63\xc0\x01\x97\x10\x79\xbd\x00\x3c\x12\x6d\x2b\x15\xb1\xac\x4b\xb1\xee\x18\xb9\x4e\x96\xdc\xdc\x76\xff\x3b\xbe\xcf\x5f\x03\xc0\xfc\x3b\xe8\xbe\x46\x1b\xff\xda\x40\xc2\x52\xf7\xfe\xe3\x3a\xf7\x6a\x77\x35\xd0\xda\x8d\xeb\x5e\x18\x6a\x31\xc7\x1e\xba\x3c\x1b\x28\xd6\x6b\x54\xc6\xaa\x5b\xd7\xa2\x2c\x1b\x19\xcc\xa2\x02\xf6\x9b\x59\xbd\x37\x6b\x86\xb5\x6d\x82\xba\xd8\xea\xc9\x56\xbc\xa9\x36\x58\xfd\x3e\x19\xf3\xed\x0c\x26\xa9\x93\x38\xf8\x4f\xc1\x5d\x22\x06\xd0\x97\xea\xe1\xad\xc6\x55\xe0\x81\x2b\x28\x83\x3a\xfa\xf4\x7b\x21\x51\x00\xbe\x52\x38\xce\xcd\x66\x79\xa8\xf4\x81\x56\xe2\xd0\x83\x09\x47\x51\x5b\x50\x6a\xcf\xdb\x48\x1a\x5d\x3e\xf7\xcb\xf6\x65\xf7\x6c\xf1\x95\xf8\x02\x3b\x32\x56\x82\x39\x7a\x5b\xbd\x2f\x89\x1b\xbf\xa1\xb4\xe8\xff\x7f\x8d\x8c\xdf\x03\xf1\x60\x4e\x58\x11\x4c\xeb\xa3\x3f\x10\x2b\x83\x9a\x01\x73\xd9\x94\x6d\x84\x00\x27\x66\xac\xf0\x70\x40\x09\x42\x92\xad\x4f\x93\x0d\x61\x09\x51\x24\xd8\x92\xd5\x0b\x94\x61\xb2\x87\xb2\xed\xff\x9a\x35\xff\x85\x54\xca\xed\x44\x43\xac\x1b\x3c\x16\x6b\x48\x4a\x0a\x1c\x40\x88\x1f\x92\xc2\x0b\x00\x05\xff\xf2\xc8\x02\x4a\xa4\xaa\xa9\xcc\x99\x96\x9c\x2f\x58\xe0\x7d\xe1\xbe\xbb\x07\xdc\x5f\x04\x72\x5c\x31\x34\xc3\xec\x5f\x2d\xe0\x3d\x64\x90\x22\xe6\xd1\xec\xb8\x2e\xdd\x59\xae\xd9\xa1\x37\xbf\x54\x35\xdc\x73\x32\x4f\x8c\x04\x1e\x33\xb2\xc9\x46\xf1\xd8\x5c\xc8\x55\x50\xc9\x68\xbd\xa8\xba\x36\x09\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x76\xf3\x55\xe1\xfa\xa4\x36\xfb\xf0\x9f\x5c\x62\x71\xed\x3c\xf4\x47\x38\x10\x2b\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x76\xf3\x55\xe1\xfa\xa4\x36\xfb\xf0\x9f\x5c\x62\x71\xed\x3c\xf4\x47\x38\x10\x2b\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x66\xc1\xc6\x23\xf3\xd9\xe0\x2e\x6e\x5f\xe8\xcf\xae\xb0\xb0\x25\x4d\x2b\xf8\x3b\x58\x9b\x40\x24\x37\x5a\xcb\xab\x16\x49\xff\xb3\x75\x79\x33\xa1\x2f\x6d\x70\x17\x34\x91\xfe\x67\x7e\x8f\xec\x9b\xe5\x5e\x82\xa9\x55\x1f\x2f\xdc\xd4\x51\x07\x12\xfe\xac\x16\x3e\x2c\x35\xc6\x63\xfc\xdc\x10\xeb\x0d\xa3\xaa\xd0\x7c\xcc\xd1\xd0\x2f\x51\x2e\xc4\x14\x5a\xde\xe8\x19\xe1\x3e\xc6\xcc\xa4\x29\xe7\x2e\x84\xaa\x06\x30\x78\x76\x54\x73\x28\x98\x59\x38\xe0\x00\x0d\x62\xd3\x42\x7d\x21\x9f\xae\x3d\x3a\x8c\xd5\xfa\x77\x0d\x18\x2b\x16\x0e\x5f\x36\xe1\xfc\x2a\xb5\x30\x24\xcf\xe0\x63\x0c\x7b\x58\x1a\xfe\x99\xba\x42\x12\xb1\x91\xf4\x7c\x68\xe2\xc8\xe8\xaf\x2c\xea\xc9\x7e\xae\xbb\x2a\x3d\x0d\x15\xdc\x34\x95\xb6\x18\x74\xa8\x6a\x0f\xc7\xb4\xf4\x13\xc4\xe4\x5b\xed\x0a\xd2\xa4\x97\x4c\x2a\xed\x2f\x6c\x12\x89\x3d\xf1\x27\x70\xaa\x6a\x03\x52\x21\x9f\x40\xa8\x67\x50\xf2\xf3\x5a\x1f\xdf\xdf\x23\xf6\xdc\x78\x4e\xe6\x98\x4f\x55\x3a\x53\xe3\xef\xf2\xf4\x9f\xc7\x7c\xd8\x58\xaf\x29\x22\x97\xb8\xe0\xbd\x91\x2e\xb0\x76\xec\x57\x11\xcf\xef\x29\x44\xf3\xe9\x85\x7a\x60\x63\xe4\x5d\x33\x89\x17\xd9\x31\xaa\xda\xd6\xf3\x18\x35\x72\xcf\x87\x2b\x2f\x63\x23\x84\x5d\x84\x8c\x3f\x57\xa0\x88\xfc\x99\x91\x28\x26\x69\x99\xd4\x8f\x97\x44\xbe\x8e\xd5\x48\xb1\xa4\x28\x29\xf1\x15\xb4\xe1\xe5\x9e\xdd\xf8\x8f\xa6\x6f\x26\xd7\x09\x3c\x3a\x1c\x11\x0e\xa6\x6c\x37\xf7\xad\x44\x87\x2c\x28\xc7\xd8\x74\x82\xb3\xd0\x6f\x4a\x57\xbb\x35\x29\x27\xa0\x8b\xe8\x21\xa7\x87\x64\x36\x5d\xcc\xd8\x16\xac\xc7\xb2\x27\x40\x92\x55\x38\x28\x8d\x51\x6e\xdd\x14\x67\x53\x6c\x71\x5c\x26\x84\x4d\x75\x5a\xb6\x7e\x60\x56\xa9\x4d\xad\xfb\x9b\x1e\x97\xf3\x0d\xd9\xd2\x97\x54\x77\xda\x3d\x12\xb7\xe0\x1e\xef\x08\x06\xac\xf9\x85\x87\xe9\xa2\xdc\xaf\x7e\x18\x12\x83\xfd\x56\x17\x41\x2e\xd5\x29\x82\x7d\x99\xf4\x31\xf6\x71\xa9\xcf\x2c\x01\x27\xa5\x05\xb9\xaa\xb2\x48\x4e\x2a\xef\x9f\x93\x52\x51\x95\x3c\x52\x73\x8e\x56\x4c\x17\x40\xc0\x09\x28\xe4\x8b\x6a\x48\x53\xdb\xec\xcd\x55\x55\xf1\xc6\xf8\xe9\xa2\x2c\x4c\xa6\xd1\x26\x5f\x7e\xaf\x5a\x4c\xda\x1f\xa6\xf2\x1c\x2c\x7e\xae\x02\x16\xd2\x56\xd0\x2f\x57\x53\x47\xe8\x92", + ["America Online Root Certification Authority 1"] = "\x30\x82\x03\xa4\x30\x82\x02\x8c\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x63\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x31\x30\x1e\x17\x0d\x30\x32\x30\x35\x32\x38\x30\x36\x30\x30\x30\x30\x5a\x17\x0d\x33\x37\x31\x31\x31\x39\x32\x30\x34\x33\x30\x30\x5a\x30\x63\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa8\x2f\xe8\xa4\x69\x06\x03\x47\xc3\xe9\x2a\x98\xff\x19\xa2\x70\x9a\xc6\x50\xb2\x7e\xa5\xdf\x68\x4d\x1b\x7c\x0f\xb6\x97\x68\x7d\x2d\xa6\x8b\x97\xe9\x64\x86\xc9\xa3\xef\xa0\x86\xbf\x60\x65\x9c\x4b\x54\x88\xc2\x48\xc5\x4a\x39\xbf\x14\xe3\x59\x55\xe5\x19\xb4\x74\xc8\xb4\x05\x39\x5c\x16\xa5\xe2\x95\x05\xe0\x12\xae\x59\x8b\xa2\x33\x68\x58\x1c\xa6\xd4\x15\xb7\xd8\x9f\xd7\xdc\x71\xab\x7e\x9a\xbf\x9b\x8e\x33\x0f\x22\xfd\x1f\x2e\xe7\x07\x36\xef\x62\x39\xc5\xdd\xcb\xba\x25\x14\x23\xde\x0c\xc6\x3d\x3c\xce\x82\x08\xe6\x66\x3e\xda\x51\x3b\x16\x3a\xa3\x05\x7f\xa0\xdc\x87\xd5\x9c\xfc\x72\xa9\xa0\x7d\x78\xe4\xb7\x31\x55\x1e\x65\xbb\xd4\x61\xb0\x21\x60\xed\x10\x32\x72\xc5\x92\x25\x1e\xf8\x90\x4a\x18\x78\x47\xdf\x7e\x30\x37\x3e\x50\x1b\xdb\x1c\xd3\x6b\x9a\x86\x53\x07\xb0\xef\xac\x06\x78\xf8\x84\x99\xfe\x21\x8d\x4c\x80\xb6\x0c\x82\xf6\x66\x70\x79\x1a\xd3\x4f\xa3\xcf\xf1\xcf\x46\xb0\x4b\x0f\x3e\xdd\x88\x62\xb8\x8c\xa9\x09\x28\x3b\x7a\xc7\x97\xe1\x1e\xe5\xf4\x9f\xc0\xc0\xae\x24\xa0\xc8\xa1\xd9\x0f\xd6\x7b\x26\x82\x69\x32\x3d\xa7\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x00\xad\xd9\xa3\xf6\x79\xf6\x6e\x74\xa9\x7f\x33\x3d\x81\x17\xd7\x4c\xcf\x33\xde\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x00\xad\xd9\xa3\xf6\x79\xf6\x6e\x74\xa9\x7f\x33\x3d\x81\x17\xd7\x4c\xcf\x33\xde\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7c\x8a\xd1\x1f\x18\x37\x82\xe0\xb8\xb0\xa3\xed\x56\x95\xc8\x62\x61\x9c\x05\xa2\xcd\xc2\x62\x26\x61\xcd\x10\x16\xd7\xcc\xb4\x65\x34\xd0\x11\x8a\xad\xa8\xa9\x05\x66\xef\x74\xf3\x6d\x5f\x9d\x99\xaf\xf6\x8b\xfb\xeb\x52\xb2\x05\x98\xa2\x6f\x2a\xc5\x54\xbd\x25\xbd\x5f\xae\xc8\x86\xea\x46\x2c\xc1\xb3\xbd\xc1\xe9\x49\x70\x18\x16\x97\x08\x13\x8c\x20\xe0\x1b\x2e\x3a\x47\xcb\x1e\xe4\x00\x30\x95\x5b\xf4\x45\xa3\xc0\x1a\xb0\x01\x4e\xab\xbd\xc0\x23\x6e\x63\x3f\x80\x4a\xc5\x07\xed\xdc\xe2\x6f\xc7\xc1\x62\xf1\xe3\x72\xd6\x04\xc8\x74\x67\x0b\xfa\x88\xab\xa1\x01\xc8\x6f\xf0\x14\xaf\xd2\x99\xcd\x51\x93\x7e\xed\x2e\x38\xc7\xbd\xce\x46\x50\x3d\x72\xe3\x79\x25\x9d\x9b\x88\x2b\x10\x20\xdd\xa5\xb8\x32\x9f\x8d\xe0\x29\xdf\x21\x74\x86\x82\xdb\x2f\x82\x30\xc6\xc7\x35\x86\xb3\xf9\x96\x5f\x46\xdb\x0c\x45\xfd\xf3\x50\xc3\x6f\xc6\xc3\x48\xad\x46\xa6\xe1\x27\x47\x0a\x1d\x0e\x9b\xb6\xc2\x77\x7f\x63\xf2\xe0\x7d\x1a\xbe\xfc\xe0\xdf\xd7\xc7\xa7\x6c\xb0\xf9\xae\xba\x3c\xfd\x74\xb4\x11\xe8\x58\x0d\x80\xbc\xd3\xa8\x80\x3a\x99\xed\x75\xcc\x46\x7b", + ["America Online Root Certification Authority 2"] = "\x30\x82\x05\xa4\x30\x82\x03\x8c\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x63\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x32\x30\x1e\x17\x0d\x30\x32\x30\x35\x32\x38\x30\x36\x30\x30\x30\x30\x5a\x17\x0d\x33\x37\x30\x39\x32\x39\x31\x34\x30\x38\x30\x30\x5a\x30\x63\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x32\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xcc\x41\x45\x1d\xe9\x3d\x4d\x10\xf6\x8c\xb1\x41\xc9\xe0\x5e\xcb\x0d\xb7\xbf\x47\x73\xd3\xf0\x55\x4d\xdd\xc6\x0c\xfa\xb1\x66\x05\x6a\xcd\x78\xb4\xdc\x02\xdb\x4e\x81\xf3\xd7\xa7\x7c\x71\xbc\x75\x63\xa0\x5d\xe3\x07\x0c\x48\xec\x25\xc4\x03\x20\xf4\xff\x0e\x3b\x12\xff\x9b\x8d\xe1\xc6\xd5\x1b\xb4\x6d\x22\xe3\xb1\xdb\x7f\x21\x64\xaf\x86\xbc\x57\x22\x2a\xd6\x47\x81\x57\x44\x82\x56\x53\xbd\x86\x14\x01\x0b\xfc\x7f\x74\xa4\x5a\xae\xf1\xba\x11\xb5\x9b\x58\x5a\x80\xb4\x37\x78\x09\x33\x7c\x32\x47\x03\x5c\xc4\xa5\x83\x48\xf4\x57\x56\x6e\x81\x36\x27\x18\x4f\xec\x9b\x28\xc2\xd4\xb4\xd7\x7c\x0c\x3e\x0c\x2b\xdf\xca\x04\xd7\xc6\x8e\xea\x58\x4e\xa8\xa4\xa5\x18\x1c\x6c\x45\x98\xa3\x41\xd1\x2d\xd2\xc7\x6d\x8d\x19\xf1\xad\x79\xb7\x81\x3f\xbd\x06\x82\x27\x2d\x10\x58\x05\xb5\x78\x05\xb9\x2f\xdb\x0c\x6b\x90\x90\x7e\x14\x59\x38\xbb\x94\x24\x13\xe5\xd1\x9d\x14\xdf\xd3\x82\x4d\x46\xf0\x80\x39\x52\x32\x0f\xe3\x84\xb2\x7a\x43\xf2\x5e\xde\x5f\x3f\x1d\xdd\xe3\xb2\x1b\xa0\xa1\x2a\x23\x03\x6e\x2e\x01\x15\x87\x5c\xa6\x75\x75\xc7\x97\x61\xbe\xde\x86\xdc\xd4\x48\xdb\xbd\x2a\xbf\x4a\x55\xda\xe8\x7d\x50\xfb\xb4\x80\x17\xb8\x94\xbf\x01\x3d\xea\xda\xba\x7c\xe0\x58\x67\x17\xb9\x58\xe0\x88\x86\x46\x67\x6c\x9d\x10\x47\x58\x32\xd0\x35\x7c\x79\x2a\x90\xa2\x5a\x10\x11\x23\x35\xad\x2f\xcc\xe4\x4a\x5b\xa7\xc8\x27\xf2\x83\xde\x5e\xbb\x5e\x77\xe7\xe8\xa5\x6e\x63\xc2\x0d\x5d\x61\xd0\x8c\xd2\x6c\x5a\x21\x0e\xca\x28\xa3\xce\x2a\xe9\x95\xc7\x48\xcf\x96\x6f\x1d\x92\x25\xc8\xc6\xc6\xc1\xc1\x0c\x05\xac\x26\xc4\xd2\x75\xd2\xe1\x2a\x67\xc0\x3d\x5b\xa5\x9a\xeb\xcf\x7b\x1a\xa8\x9d\x14\x45\xe5\x0f\xa0\x9a\x65\xde\x2f\x28\xbd\xce\x6f\x94\x66\x83\x48\x29\xd8\xea\x65\x8c\xaf\x93\xd9\x64\x9f\x55\x57\x26\xbf\x6f\xcb\x37\x31\x99\xa3\x60\xbb\x1c\xad\x89\x34\x32\x62\xb8\x43\x21\x06\x72\x0c\xa1\x5c\x6d\x46\xc5\xfa\x29\xcf\x30\xde\x89\xdc\x71\x5b\xdd\xb6\x37\x3e\xdf\x50\xf5\xb8\x07\x25\x26\xe5\xbc\xb5\xfe\x3c\x02\xb3\xb7\xf8\xbe\x43\xc1\x87\x11\x94\x9e\x23\x6c\x17\x8a\xb8\x8a\x27\x0c\x54\x47\xf0\xa9\xb3\xc0\x80\x8c\xa0\x27\xeb\x1d\x19\xe3\x07\x8e\x77\x70\xca\x2b\xf4\x7d\x76\xe0\x78\x67\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x4d\x45\xc1\x68\x38\xbb\x73\xa9\x69\xa1\x20\xe7\xed\xf5\x22\xa1\x23\x14\xd7\x9e\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x4d\x45\xc1\x68\x38\xbb\x73\xa9\x69\xa1\x20\xe7\xed\xf5\x22\xa1\x23\x14\xd7\x9e\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x67\x6b\x06\xb9\x5f\x45\x3b\x2a\x4b\x33\xb3\xe6\x1b\x6b\x59\x4e\x22\xcc\xb9\xb7\xa4\x25\xc9\xa7\xc4\xf0\x54\x96\x0b\x64\xf3\xb1\x58\x4f\x5e\x51\xfc\xb2\x97\x7b\x27\x65\xc2\xe5\xca\xe7\x0d\x0c\x25\x7b\x62\xe3\xfa\x9f\xb4\x87\xb7\x45\x46\xaf\x83\xa5\x97\x48\x8c\xa5\xbd\xf1\x16\x2b\x9b\x76\x2c\x7a\x35\x60\x6c\x11\x80\x97\xcc\xa9\x92\x52\xe6\x2b\xe6\x69\xed\xa9\xf8\x36\x2d\x2c\x77\xbf\x61\x48\xd1\x63\x0b\xb9\x5b\x52\xed\x18\xb0\x43\x42\x22\xa6\xb1\x77\xae\xde\x69\xc5\xcd\xc7\x1c\xa1\xb1\xa5\x1c\x10\xfb\x18\xbe\x1a\x70\xdd\xc1\x92\x4b\xbe\x29\x5a\x9d\x3f\x35\xbe\xe5\x7d\x51\xf8\x55\xe0\x25\x75\x23\x87\x1e\x5c\xdc\xba\x9d\xb0\xac\xb3\x69\xdb\x17\x83\xc9\xf7\xde\x0c\xbc\x08\xdc\x91\x9e\xa8\xd0\xd7\x15\x37\x73\xa5\x35\xb8\xfc\x7e\xc5\x44\x40\x06\xc3\xeb\xf8\x22\x80\x5c\x47\xce\x02\xe3\x11\x9f\x44\xff\xfd\x9a\x32\xcc\x7d\x64\x51\x0e\xeb\x57\x26\x76\x3a\xe3\x1e\x22\x3c\xc2\xa6\x36\xdd\x19\xef\xa7\xfc\x12\xf3\x26\xc0\x59\x31\x85\x4c\x9c\xd8\xcf\xdf\xa4\xcc\xcc\x29\x93\xff\x94\x6d\x76\x5c\x13\x08\x97\xf2\xed\xa5\x0b\x4d\xdd\xe8\xc9\x68\x0e\x66\xd3\x00\x0e\x33\x12\x5b\xbc\x95\xe5\x32\x90\xa8\xb3\xc6\x6c\x83\xad\x77\xee\x8b\x7e\x7e\xb1\xa9\xab\xd3\xe1\xf1\xb6\xc0\xb1\xea\x88\xc0\xe7\xd3\x90\xe9\x28\x92\x94\x7b\x68\x7b\x97\x2a\x0a\x67\x2d\x85\x02\x38\x10\xe4\x03\x61\xd4\xda\x25\x36\xc7\x08\x58\x2d\xa1\xa7\x51\xaf\x30\x0a\x49\xf5\xa6\x69\x87\x07\x2d\x44\x46\x76\x8e\x2a\xe5\x9a\x3b\xd7\x18\xa2\xfc\x9c\x38\x10\xcc\xc6\x3b\xd2\xb5\x17\x3a\x6f\xfd\xae\x25\xbd\xf5\x72\x59\x64\xb1\x74\x2a\x38\x5f\x18\x4c\xdf\xcf\x71\x04\x5a\x36\xd4\xbf\x2f\x99\x9c\xe8\xd9\xba\xb1\x95\xe6\x02\x4b\x21\xa1\x5b\xd5\xc1\x4f\x8f\xae\x69\x6d\x53\xdb\x01\x93\xb5\x5c\x1e\x18\xdd\x64\x5a\xca\x18\x28\x3e\x63\x04\x11\xfd\x1c\x8d\x00\x0f\xb8\x37\xdf\x67\x8a\x9d\x66\xa9\x02\x6a\x91\xff\x13\xca\x2f\x5d\x83\xbc\x87\x93\x6c\xdc\x24\x51\x16\x04\x25\x66\xfa\xb3\xd9\xc2\xba\x29\xbe\x9a\x48\x38\x82\x99\xf4\xbf\x3b\x4a\x31\x19\xf9\xbf\x8e\x21\x33\x14\xca\x4f\x54\x5f\xfb\xce\xfb\x8f\x71\x7f\xfd\x5e\x19\xa0\x0f\x4b\x91\xb8\xc4\x54\xbc\x06\xb0\x45\x8f\x26\x91\xa2\x8e\xfe\xa9", + ["Visa eCommerce Root"] = "\x30\x82\x03\xa2\x30\x82\x02\x8a\xa0\x03\x02\x01\x02\x02\x10\x13\x86\x35\x4d\x1d\x3f\x06\xf2\xc1\xf9\x65\x05\xd5\x90\x1c\x62\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x6b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0d\x30\x0b\x06\x03\x55\x04\x0a\x13\x04\x56\x49\x53\x41\x31\x2f\x30\x2d\x06\x03\x55\x04\x0b\x13\x26\x56\x69\x73\x61\x20\x49\x6e\x74\x65\x72\x6e\x61\x74\x69\x6f\x6e\x61\x6c\x20\x53\x65\x72\x76\x69\x63\x65\x20\x41\x73\x73\x6f\x63\x69\x61\x74\x69\x6f\x6e\x31\x1c\x30\x1a\x06\x03\x55\x04\x03\x13\x13\x56\x69\x73\x61\x20\x65\x43\x6f\x6d\x6d\x65\x72\x63\x65\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x32\x30\x36\x32\x36\x30\x32\x31\x38\x33\x36\x5a\x17\x0d\x32\x32\x30\x36\x32\x34\x30\x30\x31\x36\x31\x32\x5a\x30\x6b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0d\x30\x0b\x06\x03\x55\x04\x0a\x13\x04\x56\x49\x53\x41\x31\x2f\x30\x2d\x06\x03\x55\x04\x0b\x13\x26\x56\x69\x73\x61\x20\x49\x6e\x74\x65\x72\x6e\x61\x74\x69\x6f\x6e\x61\x6c\x20\x53\x65\x72\x76\x69\x63\x65\x20\x41\x73\x73\x6f\x63\x69\x61\x74\x69\x6f\x6e\x31\x1c\x30\x1a\x06\x03\x55\x04\x03\x13\x13\x56\x69\x73\x61\x20\x65\x43\x6f\x6d\x6d\x65\x72\x63\x65\x20\x52\x6f\x6f\x74\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xaf\x57\xde\x56\x1e\x6e\xa1\xda\x60\xb1\x94\x27\xcb\x17\xdb\x07\x3f\x80\x85\x4f\xc8\x9c\xb6\xd0\xf4\x6f\x4f\xcf\x99\xd8\xe1\xdb\xc2\x48\x5c\x3a\xac\x39\x33\xc7\x1f\x6a\x8b\x26\x3d\x2b\x35\xf5\x48\xb1\x91\xc1\x02\x4e\x04\x96\x91\x7b\xb0\x33\xf0\xb1\x14\x4e\x11\x6f\xb5\x40\xaf\x1b\x45\xa5\x4a\xef\x7e\xb6\xac\xf2\xa0\x1f\x58\x3f\x12\x46\x60\x3c\x8d\xa1\xe0\x7d\xcf\x57\x3e\x33\x1e\xfb\x47\xf1\xaa\x15\x97\x07\x55\x66\xa5\xb5\x2d\x2e\xd8\x80\x59\xb2\xa7\x0d\xb7\x46\xec\x21\x63\xff\x35\xab\xa5\x02\xcf\x2a\xf4\x4c\xfe\x7b\xf5\x94\x5d\x84\x4d\xa8\xf2\x60\x8f\xdb\x0e\x25\x3c\x9f\x73\x71\xcf\x94\xdf\x4a\xea\xdb\xdf\x72\x38\x8c\xf3\x96\xbd\xf1\x17\xbc\xd2\xba\x3b\x45\x5a\xc6\xa7\xf6\xc6\x17\x8b\x01\x9d\xfc\x19\xa8\x2a\x83\x16\xb8\x3a\x48\xfe\x4e\x3e\xa0\xab\x06\x19\xe9\x53\xf3\x80\x13\x07\xed\x2d\xbf\x3f\x0a\x3c\x55\x20\x39\x2c\x2c\x00\x69\x74\x95\x4a\xbc\x20\xb2\xa9\x79\xe5\x18\x89\x91\xa8\xdc\x1c\x4d\xef\xbb\x7e\x37\x0b\x5d\xfe\x39\xa5\x88\x52\x8c\x00\x6c\xec\x18\x7c\x41\xbd\xf6\x8b\x75\x77\xba\x60\x9d\x84\xe7\xfe\x2d\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x15\x38\x83\x0f\x3f\x2c\x3f\x70\x33\x1e\xcd\x46\xfe\x07\x8c\x20\xe0\xd7\xc3\xb7\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5f\xf1\x41\x7d\x7c\x5c\x08\xb9\x2b\xe0\xd5\x92\x47\xfa\x67\x5c\xa5\x13\xc3\x03\x21\x9b\x2b\x4c\x89\x46\xcf\x59\x4d\xc9\xfe\xa5\x40\xb6\x63\xcd\xdd\x71\x28\x95\x67\x11\xcc\x24\xac\xd3\x44\x6c\x71\xae\x01\x20\x6b\x03\xa2\x8f\x18\xb7\x29\x3a\x7d\xe5\x16\x60\x53\x78\x3c\xc0\xaf\x15\x83\xf7\x8f\x52\x33\x24\xbd\x64\x93\x97\xee\x8b\xf7\xdb\x18\xa8\x6d\x71\xb3\xf7\x2c\x17\xd0\x74\x25\x69\xf7\xfe\x6b\x3c\x94\xbe\x4d\x4b\x41\x8c\x4e\xe2\x73\xd0\xe3\x90\x22\x73\x43\xcd\xf3\xef\xea\x73\xce\x45\x8a\xb0\xa6\x49\xff\x4c\x7d\x9d\x71\x88\xc4\x76\x1d\x90\x5b\x1d\xee\xfd\xcc\xf7\xee\xfd\x60\xa5\xb1\x7a\x16\x71\xd1\x16\xd0\x7c\x12\x3c\x6c\x69\x97\xdb\xae\x5f\x39\x9a\x70\x2f\x05\x3c\x19\x46\x04\x99\x20\x36\xd0\x60\x6e\x61\x06\xbb\x16\x42\x8c\x70\xf7\x30\xfb\xe0\xdb\x66\xa3\x00\x01\xbd\xe6\x2c\xda\x91\x5f\xa0\x46\x8b\x4d\x6a\x9c\x3d\x3d\xdd\x05\x46\xfe\x76\xbf\xa0\x0a\x3c\xe4\x00\xe6\x27\xb7\xff\x84\x2d\xde\xba\x22\x27\x96\x10\x71\xeb\x22\xed\xdf\xdf\x33\x9c\xcf\xe3\xad\xae\x8e\xd4\x8e\xe6\x4f\x51\xaf\x16\x92\xe0\x5c\xf6\x07\x0f", + ["TC TrustCenter, Germany, Class 2 CA"] = "\x30\x82\x03\x5c\x30\x82\x02\xc5\xa0\x03\x02\x01\x02\x02\x02\x03\xea\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\xbc\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0e\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x3a\x30\x38\x06\x03\x55\x04\x0a\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x66\x6f\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6e\x20\x44\x61\x74\x61\x20\x4e\x65\x74\x77\x6f\x72\x6b\x73\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x1a\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x30\x1e\x17\x0d\x39\x38\x30\x33\x30\x39\x31\x31\x35\x39\x35\x39\x5a\x17\x0d\x31\x31\x30\x31\x30\x31\x31\x31\x35\x39\x35\x39\x5a\x30\x81\xbc\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0e\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x3a\x30\x38\x06\x03\x55\x04\x0a\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x66\x6f\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6e\x20\x44\x61\x74\x61\x20\x4e\x65\x74\x77\x6f\x72\x6b\x73\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x1a\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xda\x38\xe8\xed\x32\x00\x29\x71\x83\x01\x0d\xbf\x8c\x01\xdc\xda\xc6\xad\x39\xa4\xa9\x8a\x2f\xd5\x8b\x5c\x68\x5f\x50\xc6\x62\xf5\x66\xbd\xca\x91\x22\xec\xaa\x1d\x51\xd7\x3d\xb3\x51\xb2\x83\x4e\x5d\xcb\x49\xb0\xf0\x4c\x55\xe5\x6b\x2d\xc7\x85\x0b\x30\x1c\x92\x4e\x82\xd4\xca\x02\xed\xf7\x6f\xbe\xdc\xe0\xe3\x14\xb8\x05\x53\xf2\x9a\xf4\x56\x8b\x5a\x9e\x85\x93\xd1\xb4\x82\x56\xae\x4d\xbb\xa8\x4b\x57\x16\xbc\xfe\xf8\x58\x9e\xf8\x29\x8d\xb0\x7b\xcd\x78\xc9\x4f\xac\x8b\x67\x0c\xf1\x9c\xfb\xfc\x57\x9b\x57\x5c\x4f\x0d\x02\x03\x01\x00\x01\xa3\x6b\x30\x69\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x33\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x08\x04\x26\x16\x24\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x2f\x67\x75\x69\x64\x65\x6c\x69\x6e\x65\x73\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x84\x52\xfb\x28\xdf\xff\x1f\x75\x01\xbc\x01\xbe\x04\x56\x97\x6a\x74\x42\x24\x31\x83\xf9\x46\xb1\x06\x8a\x89\xcf\x96\x2c\x33\xbf\x8c\xb5\x5f\x7a\x72\xa1\x85\x06\xce\x86\xf8\x05\x8e\xe8\xf9\x25\xca\xda\x83\x8c\x06\xac\xeb\x36\x6d\x85\x91\x34\x04\x36\xf4\x42\xf0\xf8\x79\x2e\x0a\x48\x5c\xab\xcc\x51\x4f\x78\x76\xa0\xd9\xac\x19\xbd\x2a\xd1\x69\x04\x28\x91\xca\x36\x10\x27\x80\x57\x5b\xd2\x5c\xf5\xc2\x5b\xab\x64\x81\x63\x74\x51\xf4\x97\xbf\xcd\x12\x28\xf7\x4d\x66\x7f\xa7\xf0\x1c\x01\x26\x78\xb2\x66\x47\x70\x51\x64", + ["TC TrustCenter, Germany, Class 3 CA"] = "\x30\x82\x03\x5c\x30\x82\x02\xc5\xa0\x03\x02\x01\x02\x02\x02\x03\xeb\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\xbc\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0e\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x3a\x30\x38\x06\x03\x55\x04\x0a\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x66\x6f\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6e\x20\x44\x61\x74\x61\x20\x4e\x65\x74\x77\x6f\x72\x6b\x73\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x1a\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x30\x1e\x17\x0d\x39\x38\x30\x33\x30\x39\x31\x31\x35\x39\x35\x39\x5a\x17\x0d\x31\x31\x30\x31\x30\x31\x31\x31\x35\x39\x35\x39\x5a\x30\x81\xbc\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0e\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x3a\x30\x38\x06\x03\x55\x04\x0a\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x66\x6f\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6e\x20\x44\x61\x74\x61\x20\x4e\x65\x74\x77\x6f\x72\x6b\x73\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x1a\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xb6\xb4\xc1\x35\x05\x2e\x0d\x8d\xec\xa0\x40\x6a\x1c\x0e\x27\xa6\x50\x92\x6b\x50\x1b\x07\xde\x2e\xe7\x76\xcc\xe0\xda\xfc\x84\xa8\x5e\x8c\x63\x6a\x2b\x4d\xd9\x4e\x02\x76\x11\xc1\x0b\xf2\x8d\x79\xca\x00\xb6\xf1\xb0\x0e\xd7\xfb\xa4\x17\x3d\xaf\xab\x69\x7a\x96\x27\xbf\xaf\x33\xa1\x9a\x2a\x59\xaa\xc4\xb5\x37\x08\xf2\x12\xa5\x31\xb6\x43\xf5\x32\x96\x71\x28\x28\xab\x8d\x28\x86\xdf\xbb\xee\xe3\x0c\x7d\x30\xd6\xc3\x52\xab\x8f\x5d\x27\x9c\x6b\xc0\xa3\xe7\x05\x6b\x57\x49\x44\xb3\x6e\xea\x64\xcf\xd2\x8e\x7a\x50\x77\x77\x02\x03\x01\x00\x01\xa3\x6b\x30\x69\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x33\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x08\x04\x26\x16\x24\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x2f\x67\x75\x69\x64\x65\x6c\x69\x6e\x65\x73\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x16\x3d\xc6\xcd\xc1\xbb\x85\x71\x85\x46\x9f\x3e\x20\x8f\x51\x28\x99\xec\x2d\x45\x21\x63\x23\x5b\x04\xbb\x4c\x90\xb8\x88\x92\x04\x4d\xbd\x7d\x01\xa3\x3f\xf6\xec\xce\xf1\xde\xfe\x7d\xe5\xe1\x3e\xbb\xc6\xab\x5e\x0b\xdd\x3d\x96\xc4\xcb\xa9\xd4\xf9\x26\xe6\x06\x4e\x9e\x0c\xa5\x7a\xba\x6e\xc3\x7c\x82\x19\xd1\xc7\xb1\xb1\xc3\xdb\x0d\x8e\x9b\x40\x7c\x37\x0b\xf1\x5d\xe8\xfd\x1f\x90\x88\xa5\x0e\x4e\x37\x64\x21\xa8\x4e\x8d\xb4\x9f\xf1\xde\x48\xad\xd5\x56\x18\x52\x29\x8b\x47\x34\x12\x09\xd4\xbb\x92\x35\xef\x0f\xdb\x34", + ["Certum Root CA"] = "\x30\x82\x03\x0c\x30\x82\x01\xf4\xa0\x03\x02\x01\x02\x02\x03\x01\x00\x20\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4c\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x55\x6e\x69\x7a\x65\x74\x6f\x20\x53\x70\x2e\x20\x7a\x20\x6f\x2e\x6f\x2e\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13\x09\x43\x65\x72\x74\x75\x6d\x20\x43\x41\x30\x1e\x17\x0d\x30\x32\x30\x36\x31\x31\x31\x30\x34\x36\x33\x39\x5a\x17\x0d\x32\x37\x30\x36\x31\x31\x31\x30\x34\x36\x33\x39\x5a\x30\x3e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4c\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x55\x6e\x69\x7a\x65\x74\x6f\x20\x53\x70\x2e\x20\x7a\x20\x6f\x2e\x6f\x2e\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13\x09\x43\x65\x72\x74\x75\x6d\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xce\xb1\xc1\x2e\xd3\x4f\x7c\xcd\x25\xce\x18\x3e\x4f\xc4\x8c\x6f\x80\x6a\x73\xc8\x5b\x51\xf8\x9b\xd2\xdc\xbb\x00\x5c\xb1\xa0\xfc\x75\x03\xee\x81\xf0\x88\xee\x23\x52\xe9\xe6\x15\x33\x8d\xac\x2d\x09\xc5\x76\xf9\x2b\x39\x80\x89\xe4\x97\x4b\x90\xa5\xa8\x78\xf8\x73\x43\x7b\xa4\x61\xb0\xd8\x58\xcc\xe1\x6c\x66\x7e\x9c\xf3\x09\x5e\x55\x63\x84\xd5\xa8\xef\xf3\xb1\x2e\x30\x68\xb3\xc4\x3c\xd8\xac\x6e\x8d\x99\x5a\x90\x4e\x34\xdc\x36\x9a\x8f\x81\x88\x50\xb7\x6d\x96\x42\x09\xf3\xd7\x95\x83\x0d\x41\x4b\xb0\x6a\x6b\xf8\xfc\x0f\x7e\x62\x9f\x67\xc4\xed\x26\x5f\x10\x26\x0f\x08\x4f\xf0\xa4\x57\x28\xce\x8f\xb8\xed\x45\xf6\x6e\xee\x25\x5d\xaa\x6e\x39\xbe\xe4\x93\x2f\xd9\x47\xa0\x72\xeb\xfa\xa6\x5b\xaf\xca\x53\x3f\xe2\x0e\xc6\x96\x56\x11\x6e\xf7\xe9\x66\xa9\x26\xd8\x7f\x95\x53\xed\x0a\x85\x88\xba\x4f\x29\xa5\x42\x8c\x5e\xb6\xfc\x85\x20\x00\xaa\x68\x0b\xa1\x1a\x85\x01\x9c\xc4\x46\x63\x82\x88\xb6\x22\xb1\xee\xfe\xaa\x46\x59\x7e\xcf\x35\x2c\xd5\xb6\xda\x5d\xf7\x48\x33\x14\x54\xb6\xeb\xd9\x6f\xce\xcd\x88\xd6\xab\x1b\xda\x96\x3b\x1d\x59\x02\x03\x01\x00\x01\xa3\x13\x30\x11\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xb8\x8d\xce\xef\xe7\x14\xba\xcf\xee\xb0\x44\x92\x6c\xb4\x39\x3e\xa2\x84\x6e\xad\xb8\x21\x77\xd2\xd4\x77\x82\x87\xe6\x20\x41\x81\xee\xe2\xf8\x11\xb7\x63\xd1\x17\x37\xbe\x19\x76\x24\x1c\x04\x1a\x4c\xeb\x3d\xaa\x67\x6f\x2d\xd4\xcd\xfe\x65\x31\x70\xc5\x1b\xa6\x02\x0a\xba\x60\x7b\x6d\x58\xc2\x9a\x49\xfe\x63\x32\x0b\x6b\xe3\x3a\xc0\xac\xab\x3b\xb0\xe8\xd3\x09\x51\x8c\x10\x83\xc6\x34\xe0\xc5\x2b\xe0\x1a\xb6\x60\x14\x27\x6c\x32\x77\x8c\xbc\xb2\x72\x98\xcf\xcd\xcc\x3f\xb9\xc8\x24\x42\x14\xd6\x57\xfc\xe6\x26\x43\xa9\x1d\xe5\x80\x90\xce\x03\x54\x28\x3e\xf7\x3f\xd3\xf8\x4d\xed\x6a\x0a\x3a\x93\x13\x9b\x3b\x14\x23\x13\x63\x9c\x3f\xd1\x87\x27\x79\xe5\x4c\x51\xe3\x01\xad\x85\x5d\x1a\x3b\xb1\xd5\x73\x10\xa4\xd3\xf2\xbc\x6e\x64\xf5\x5a\x56\x90\xa8\xc7\x0e\x4c\x74\x0f\x2e\x71\x3b\xf7\xc8\x47\xf4\x69\x6f\x15\xf2\x11\x5e\x83\x1e\x9c\x7c\x52\xae\xfd\x02\xda\x12\xa8\x59\x67\x18\xdb\xbc\x70\xdd\x9b\xb1\x69\xed\x80\xce\x89\x40\x48\x6a\x0e\x35\xca\x29\x66\x15\x21\x94\x2c\xe8\x60\x2a\x9b\x85\x4a\x40\xf3\x6b\x8a\x24\xec\x06\x16\x2c\x73", + ["Comodo AAA Services root"] = "\x30\x82\x04\x32\x30\x82\x03\x1a\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x0c\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x0c\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x0c\x11\x43\x6f\x6d\x6f\x64\x6f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x0c\x18\x41\x41\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x1e\x17\x0d\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x7b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x0c\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x0c\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x0c\x11\x43\x6f\x6d\x6f\x64\x6f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x0c\x18\x41\x41\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbe\x40\x9d\xf4\x6e\xe1\xea\x76\x87\x1c\x4d\x45\x44\x8e\xbe\x46\xc8\x83\x06\x9d\xc1\x2a\xfe\x18\x1f\x8e\xe4\x02\xfa\xf3\xab\x5d\x50\x8a\x16\x31\x0b\x9a\x06\xd0\xc5\x70\x22\xcd\x49\x2d\x54\x63\xcc\xb6\x6e\x68\x46\x0b\x53\xea\xcb\x4c\x24\xc0\xbc\x72\x4e\xea\xf1\x15\xae\xf4\x54\x9a\x12\x0a\xc3\x7a\xb2\x33\x60\xe2\xda\x89\x55\xf3\x22\x58\xf3\xde\xdc\xcf\xef\x83\x86\xa2\x8c\x94\x4f\x9f\x68\xf2\x98\x90\x46\x84\x27\xc7\x76\xbf\xe3\xcc\x35\x2c\x8b\x5e\x07\x64\x65\x82\xc0\x48\xb0\xa8\x91\xf9\x61\x9f\x76\x20\x50\xa8\x91\xc7\x66\xb5\xeb\x78\x62\x03\x56\xf0\x8a\x1a\x13\xea\x31\xa3\x1e\xa0\x99\xfd\x38\xf6\xf6\x27\x32\x58\x6f\x07\xf5\x6b\xb8\xfb\x14\x2b\xaf\xb7\xaa\xcc\xd6\x63\x5f\x73\x8c\xda\x05\x99\xa8\x38\xa8\xcb\x17\x78\x36\x51\xac\xe9\x9e\xf4\x78\x3a\x8d\xcf\x0f\xd9\x42\xe2\x98\x0c\xab\x2f\x9f\x0e\x01\xde\xef\x9f\x99\x49\xf1\x2d\xdf\xac\x74\x4d\x1b\x98\xb5\x47\xc5\xe5\x29\xd1\xf9\x90\x18\xc7\x62\x9c\xbe\x83\xc7\x26\x7b\x3e\x8a\x25\xc7\xc0\xdd\x9d\xe6\x35\x68\x10\x20\x9d\x8f\xd8\xde\xd2\xc3\x84\x9c\x0d\x5e\xe8\x2f\xc9\x02\x03\x01\x00\x01\xa3\x81\xc0\x30\x81\xbd\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xa0\x11\x0a\x23\x3e\x96\xf1\x07\xec\xe2\xaf\x29\xef\x82\xa5\x7f\xd0\x30\xa4\xb4\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x7b\x06\x03\x55\x1d\x1f\x04\x74\x30\x72\x30\x38\xa0\x36\xa0\x34\x86\x32\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f\x63\x61\x2e\x63\x6f\x6d\x2f\x41\x41\x41\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2e\x63\x72\x6c\x30\x36\xa0\x34\xa0\x32\x86\x30\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f\x2e\x6e\x65\x74\x2f\x41\x41\x41\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2e\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x08\x56\xfc\x02\xf0\x9b\xe8\xff\xa4\xfa\xd6\x7b\xc6\x44\x80\xce\x4f\xc4\xc5\xf6\x00\x58\xcc\xa6\xb6\xbc\x14\x49\x68\x04\x76\xe8\xe6\xee\x5d\xec\x02\x0f\x60\xd6\x8d\x50\x18\x4f\x26\x4e\x01\xe3\xe6\xb0\xa5\xee\xbf\xbc\x74\x54\x41\xbf\xfd\xfc\x12\xb8\xc7\x4f\x5a\xf4\x89\x60\x05\x7f\x60\xb7\x05\x4a\xf3\xf6\xf1\xc2\xbf\xc4\xb9\x74\x86\xb6\x2d\x7d\x6b\xcc\xd2\xf3\x46\xdd\x2f\xc6\xe0\x6a\xc3\xc3\x34\x03\x2c\x7d\x96\xdd\x5a\xc2\x0e\xa7\x0a\x99\xc1\x05\x8b\xab\x0c\x2f\xf3\x5c\x3a\xcf\x6c\x37\x55\x09\x87\xde\x53\x40\x6c\x58\xef\xfc\xb6\xab\x65\x6e\x04\xf6\x1b\xdc\x3c\xe0\x5a\x15\xc6\x9e\xd9\xf1\x59\x48\x30\x21\x65\x03\x6c\xec\xe9\x21\x73\xec\x9b\x03\xa1\xe0\x37\xad\xa0\x15\x18\x8f\xfa\xba\x02\xce\xa7\x2c\xa9\x10\x13\x2c\xd4\xe5\x08\x26\xab\x22\x97\x60\xf8\x90\x5e\x74\xd4\xa2\x9a\x53\xbd\xf2\xa9\x68\xe0\xa2\x6e\xc2\xd7\x6c\xb1\xa3\x0f\x9e\xbf\xeb\x68\xe7\x56\xf2\xae\xf2\xe3\x2b\x38\x3a\x09\x81\xb5\x6b\x85\xd7\xbe\x2d\xed\x3f\x1a\xb7\xb2\x63\xe2\xf5\x62\x2c\x82\xd4\x6a\x00\x41\x50\xf1\x39\x83\x9f\x95\xe9\x36\x96\x98\x6e", + ["Comodo Secure Services root"] = "\x30\x82\x04\x3f\x30\x82\x03\x27\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x0c\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x0c\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x0c\x11\x43\x6f\x6d\x6f\x64\x6f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x24\x30\x22\x06\x03\x55\x04\x03\x0c\x1b\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x1e\x17\x0d\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x7e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x0c\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x0c\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x0c\x11\x43\x6f\x6d\x6f\x64\x6f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x24\x30\x22\x06\x03\x55\x04\x03\x0c\x1b\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc0\x71\x33\x82\x8a\xd0\x70\xeb\x73\x87\x82\x40\xd5\x1d\xe4\xcb\xc9\x0e\x42\x90\xf9\xde\x34\xb9\xa1\xba\x11\xf4\x25\x85\xf3\xcc\x72\x6d\xf2\x7b\x97\x6b\xb3\x07\xf1\x77\x24\x91\x5f\x25\x8f\xf6\x74\x3d\xe4\x80\xc2\xf8\x3c\x0d\xf3\xbf\x40\xea\xf7\xc8\x52\xd1\x72\x6f\xef\xc8\xab\x41\xb8\x6e\x2e\x17\x2a\x95\x69\x0c\xcd\xd2\x1e\x94\x7b\x2d\x94\x1d\xaa\x75\xd7\xb3\x98\xcb\xac\xbc\x64\x53\x40\xbc\x8f\xac\xac\x36\xcb\x5c\xad\xbb\xdd\xe0\x94\x17\xec\xd1\x5c\xd0\xbf\xef\xa5\x95\xc9\x90\xc5\xb0\xac\xfb\x1b\x43\xdf\x7a\x08\x5d\xb7\xb8\xf2\x40\x1b\x2b\x27\x9e\x50\xce\x5e\x65\x82\x88\x8c\x5e\xd3\x4e\x0c\x7a\xea\x08\x91\xb6\x36\xaa\x2b\x42\xfb\xea\xc2\xa3\x39\xe5\xdb\x26\x38\xad\x8b\x0a\xee\x19\x63\xc7\x1c\x24\xdf\x03\x78\xda\xe6\xea\xc1\x47\x1a\x0b\x0b\x46\x09\xdd\x02\xfc\xde\xcb\x87\x5f\xd7\x30\x63\x68\xa1\xae\xdc\x32\xa1\xba\xbe\xfe\x44\xab\x68\xb6\xa5\x17\x15\xfd\xbd\xd5\xa7\xa7\x9a\xe4\x44\x33\xe9\x88\x8e\xfc\xed\x51\xeb\x93\x71\x4e\xad\x01\xe7\x44\x8e\xab\x2d\xcb\xa8\xfe\x01\x49\x48\xf0\xc0\xdd\xc7\x68\xd8\x92\xfe\x3d\x02\x03\x01\x00\x01\xa3\x81\xc7\x30\x81\xc4\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x3c\xd8\x93\x88\xc2\xc0\x82\x09\xcc\x01\x99\x06\x93\x20\xe9\x9e\x70\x09\x63\x4f\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\x81\x06\x03\x55\x1d\x1f\x04\x7a\x30\x78\x30\x3b\xa0\x39\xa0\x37\x86\x35\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f\x63\x61\x2e\x63\x6f\x6d\x2f\x53\x65\x63\x75\x72\x65\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2e\x63\x72\x6c\x30\x39\xa0\x37\xa0\x35\x86\x33\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f\x2e\x6e\x65\x74\x2f\x53\x65\x63\x75\x72\x65\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2e\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x87\x01\x6d\x23\x1d\x7e\x5b\x17\x7d\xc1\x61\x32\xcf\x8f\xe7\xf3\x8a\x94\x59\x66\xe0\x9e\x28\xa8\x5e\xd3\xb7\xf4\x34\xe6\xaa\x39\xb2\x97\x16\xc5\x82\x6f\x32\xa4\xe9\x8c\xe7\xaf\xfd\xef\xc2\xe8\xb9\x4b\xaa\xa3\xf4\xe6\xda\x8d\x65\x21\xfb\xba\x80\xeb\x26\x28\x85\x1a\xfe\x39\x8c\xde\x5b\x04\x04\xb4\x54\xf9\xa3\x67\x9e\x41\xfa\x09\x52\xcc\x05\x48\xa8\xc9\x3f\x21\x04\x1e\xce\x48\x6b\xfc\x85\xe8\xc2\x7b\xaf\x7f\xb7\xcc\xf8\x5f\x3a\xfd\x35\xc6\x0d\xef\x97\xdc\x4c\xab\x11\xe1\x6b\xcb\x31\xd1\x6c\xfb\x48\x80\xab\xdc\x9c\x37\xb8\x21\x14\x4b\x0d\x71\x3d\xec\x83\x33\x6e\xd1\x6e\x32\x16\xec\x98\xc7\x16\x8b\x59\xa6\x34\xab\x05\x57\x2d\x93\xf7\xaa\x13\xcb\xd2\x13\xe2\xb7\x2e\x3b\xcd\x6b\x50\x17\x09\x68\x3e\xb5\x26\x57\xee\xb6\xe0\xb6\xdd\xb9\x29\x80\x79\x7d\x8f\xa3\xf0\xa4\x28\xa4\x15\xc4\x85\xf4\x27\xd4\x6b\xbf\xe5\x5c\xe4\x65\x02\x76\x54\xb4\xe3\x37\x66\x24\xd3\x19\x61\xc8\x52\x10\xe5\x8b\x37\x9a\xb9\xa9\xf9\x1d\xbf\xea\x99\x92\x61\x96\xff\x01\xcd\xa1\x5f\x0d\xbc\x71\xbc\x0e\xac\x0b\x1d\x47\x45\x1d\xc1\xec\x7c\xec\xfd\x29", + ["Comodo Trusted Services root"] = "\x30\x82\x04\x43\x30\x82\x03\x2b\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x0c\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x0c\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x0c\x11\x43\x6f\x6d\x6f\x64\x6f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0c\x1c\x54\x72\x75\x73\x74\x65\x64\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x1e\x17\x0d\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x0c\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x0c\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x0c\x11\x43\x6f\x6d\x6f\x64\x6f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0c\x1c\x54\x72\x75\x73\x74\x65\x64\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xdf\x71\x6f\x36\x58\x53\x5a\xf2\x36\x54\x57\x80\xc4\x74\x08\x20\xed\x18\x7f\x2a\x1d\xe6\x35\x9a\x1e\x25\xac\x9c\xe5\x96\x7e\x72\x52\xa0\x15\x42\xdb\x59\xdd\x64\x7a\x1a\xd0\xb8\x7b\xdd\x39\x15\xbc\x55\x48\xc4\xed\x3a\x00\xea\x31\x11\xba\xf2\x71\x74\x1a\x67\xb8\xcf\x33\xcc\xa8\x31\xaf\xa3\xe3\xd7\x7f\xbf\x33\x2d\x4c\x6a\x3c\xec\x8b\xc3\x92\xd2\x53\x77\x24\x74\x9c\x07\x6e\x70\xfc\xbd\x0b\x5b\x76\xba\x5f\xf2\xff\xd7\x37\x4b\x4a\x60\x78\xf7\xf0\xfa\xca\x70\xb4\xea\x59\xaa\xa3\xce\x48\x2f\xa9\xc3\xb2\x0b\x7e\x17\x72\x16\x0c\xa6\x07\x0c\x1b\x38\xcf\xc9\x62\xb7\x3f\xa0\x93\xa5\x87\x41\xf2\xb7\x70\x40\x77\xd8\xbe\x14\x7c\xe3\xa8\xc0\x7a\x8e\xe9\x63\x6a\xd1\x0f\x9a\xc6\xd2\xf4\x8b\x3a\x14\x04\x56\xd4\xed\xb8\xcc\x6e\xf5\xfb\xe2\x2c\x58\xbd\x7f\x4f\x6b\x2b\xf7\x60\x24\x58\x24\xce\x26\xef\x34\x91\x3a\xd5\xe3\x81\xd0\xb2\xf0\x04\x02\xd7\x5b\xb7\x3e\x92\xac\x6b\x12\x8a\xf9\xe4\x05\xb0\x3b\x91\x49\x5c\xb2\xeb\x53\xea\xf8\x9f\x47\x86\xee\xbf\x95\xc0\xc0\x06\x9f\xd2\x5b\x5e\x11\x1b\xf4\xc7\x04\x35\x29\xd2\x55\x5c\xe4\xed\xeb\x02\x03\x01\x00\x01\xa3\x81\xc9\x30\x81\xc6\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xc5\x7b\x58\xbd\xed\xda\x25\x69\xd2\xf7\x59\x16\xa8\xb3\x32\xc0\x7b\x27\x5b\xf4\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\x83\x06\x03\x55\x1d\x1f\x04\x7c\x30\x7a\x30\x3c\xa0\x3a\xa0\x38\x86\x36\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f\x63\x61\x2e\x63\x6f\x6d\x2f\x54\x72\x75\x73\x74\x65\x64\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2e\x63\x72\x6c\x30\x3a\xa0\x38\xa0\x36\x86\x34\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f\x2e\x6e\x65\x74\x2f\x54\x72\x75\x73\x74\x65\x64\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2e\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xc8\x93\x81\x3b\x89\xb4\xaf\xb8\x84\x12\x4c\x8d\xd2\xf0\xdb\x70\xba\x57\x86\x15\x34\x10\xb9\x2f\x7f\x1e\xb0\xa8\x89\x60\xa1\x8a\xc2\x77\x0c\x50\x4a\x9b\x00\x8b\xd8\x8b\xf4\x41\xe2\xd0\x83\x8a\x4a\x1c\x14\x06\xb0\xa3\x68\x05\x70\x31\x30\xa7\x53\x9b\x0e\xe9\x4a\xa0\x58\x69\x67\x0e\xae\x9d\xf6\xa5\x2c\x41\xbf\x3c\x06\x6b\xe4\x59\xcc\x6d\x10\xf1\x96\x6f\x1f\xdf\xf4\x04\x02\xa4\x9f\x45\x3e\xc8\xd8\xfa\x36\x46\x44\x50\x3f\x82\x97\x91\x1f\x28\xdb\x18\x11\x8c\x2a\xe4\x65\x83\x57\x12\x12\x8c\x17\x3f\x94\x36\xfe\x5d\xb0\xc0\x04\x77\x13\xb8\xf4\x15\xd5\x3f\x38\xcc\x94\x3a\x55\xd0\xac\x98\xf5\xba\x00\x5f\xe0\x86\x19\x81\x78\x2f\x28\xc0\x7e\xd3\xcc\x42\x0a\xf5\xae\x50\xa0\xd1\x3e\xc6\xa1\x71\xec\x3f\xa0\x20\x8c\x66\x3a\x89\xb4\x8e\xd4\xd8\xb1\x4d\x25\x47\xee\x2f\x88\xc8\xb5\xe1\x05\x45\xc0\xbe\x14\x71\xde\x7a\xfd\x8e\x7b\x7d\x4d\x08\x96\xa5\x12\x73\xf0\x2d\xca\x37\x27\x74\x12\x27\x4c\xcb\xb6\x97\xe9\xd9\xae\x08\x6d\x5a\x39\x40\xdd\x05\x47\x75\x6a\x5a\x21\xb3\xa3\x18\xcf\x4e\xf7\x2e\x57\xb7\x98\x70\x5e\xc8\xc4\x78\xb0\x62", + ["QuoVadis Root CA"] = "\x30\x82\x05\xd0\x30\x82\x04\xb8\xa0\x03\x02\x01\x02\x02\x04\x3a\xb6\x50\x8b\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x2e\x30\x2c\x06\x03\x55\x04\x03\x13\x25\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x31\x30\x33\x31\x39\x31\x38\x33\x33\x33\x33\x5a\x17\x0d\x32\x31\x30\x33\x31\x37\x31\x38\x33\x33\x33\x33\x5a\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x2e\x30\x2c\x06\x03\x55\x04\x03\x13\x25\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbf\x61\xb5\x95\x53\xba\x57\xfc\xfa\xf2\x67\x0b\x3a\x1a\xdf\x11\x80\x64\x95\xb4\xd1\xbc\xcd\x7a\xcf\xf6\x29\x96\x2e\x24\x54\x40\x24\x38\xf7\x1a\x85\xdc\x58\x4c\xcb\xa4\x27\x42\x97\xd0\x9f\x83\x8a\xc3\xe4\x06\x03\x5b\x00\xa5\x51\x1e\x70\x04\x74\xe2\xc1\xd4\x3a\xab\xd7\xad\x3b\x07\x18\x05\x8e\xfd\x83\xac\xea\x66\xd9\x18\x1b\x68\x8a\xf5\x57\x1a\x98\xba\xf5\xed\x76\x3d\x7c\xd9\xde\x94\x6a\x3b\x4b\x17\xc1\xd5\x8f\xbd\x65\x38\x3a\x95\xd0\x3d\x55\x36\x4e\xdf\x79\x57\x31\x2a\x1e\xd8\x59\x65\x49\x58\x20\x98\x7e\xab\x5f\x7e\x9f\xe9\xd6\x4d\xec\x83\x74\xa9\xc7\x6c\xd8\xee\x29\x4a\x85\x2a\x06\x14\xf9\x54\xe6\xd3\xda\x65\x07\x8b\x63\x37\x12\xd7\xd0\xec\xc3\x7b\x20\x41\x44\xa3\xed\xcb\xa0\x17\xe1\x71\x65\xce\x1d\x66\x31\xf7\x76\x01\x19\xc8\x7d\x03\x58\xb6\x95\x49\x1d\xa6\x12\x26\xe8\xc6\x0c\x76\xe0\xe3\x66\xcb\xea\x5d\xa6\x26\xee\xe5\xcc\x5f\xbd\x67\xa7\x01\x27\x0e\xa2\xca\x54\xc5\xb1\x7a\x95\x1d\x71\x1e\x4a\x29\x8a\x03\xdc\x6a\x45\xc1\xa4\x19\x5e\x6f\x36\xcd\xc3\xa2\xb0\xb7\xfe\x5c\x38\xe2\x52\xbc\xf8\x44\x43\xe6\x90\xbb\x02\x03\x01\x00\x01\xa3\x82\x02\x52\x30\x82\x02\x4e\x30\x3d\x06\x08\x2b\x06\x01\x05\x05\x07\x01\x01\x04\x31\x30\x2f\x30\x2d\x06\x08\x2b\x06\x01\x05\x05\x07\x30\x01\x86\x21\x68\x74\x74\x70\x73\x3a\x2f\x2f\x6f\x63\x73\x70\x2e\x71\x75\x6f\x76\x61\x64\x69\x73\x6f\x66\x66\x73\x68\x6f\x72\x65\x2e\x63\x6f\x6d\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x82\x01\x1a\x06\x03\x55\x1d\x20\x04\x82\x01\x11\x30\x82\x01\x0d\x30\x82\x01\x09\x06\x09\x2b\x06\x01\x04\x01\xbe\x58\x00\x01\x30\x81\xfb\x30\x81\xd4\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x81\xc7\x1a\x81\xc4\x52\x65\x6c\x69\x61\x6e\x63\x65\x20\x6f\x6e\x20\x74\x68\x65\x20\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x62\x79\x20\x61\x6e\x79\x20\x70\x61\x72\x74\x79\x20\x61\x73\x73\x75\x6d\x65\x73\x20\x61\x63\x63\x65\x70\x74\x61\x6e\x63\x65\x20\x6f\x66\x20\x74\x68\x65\x20\x74\x68\x65\x6e\x20\x61\x70\x70\x6c\x69\x63\x61\x62\x6c\x65\x20\x73\x74\x61\x6e\x64\x61\x72\x64\x20\x74\x65\x72\x6d\x73\x20\x61\x6e\x64\x20\x63\x6f\x6e\x64\x69\x74\x69\x6f\x6e\x73\x20\x6f\x66\x20\x75\x73\x65\x2c\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x70\x72\x61\x63\x74\x69\x63\x65\x73\x2c\x20\x61\x6e\x64\x20\x74\x68\x65\x20\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x50\x6f\x6c\x69\x63\x79\x2e\x30\x22\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x16\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x71\x75\x6f\x76\x61\x64\x69\x73\x2e\x62\x6d\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x8b\x4b\x6d\xed\xd3\x29\xb9\x06\x19\xec\x39\x39\xa9\xf0\x97\x84\x6a\xcb\xef\xdf\x30\x81\xae\x06\x03\x55\x1d\x23\x04\x81\xa6\x30\x81\xa3\x80\x14\x8b\x4b\x6d\xed\xd3\x29\xb9\x06\x19\xec\x39\x39\xa9\xf0\x97\x84\x6a\xcb\xef\xdf\xa1\x81\x84\xa4\x81\x81\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x2e\x30\x2c\x06\x03\x55\x04\x03\x13\x25\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x82\x04\x3a\xb6\x50\x8b\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8a\xd4\x14\xb5\xfe\xf4\x9a\x92\xa7\x19\xd4\xa4\x7e\x72\x18\x8f\xd9\x68\x7c\x52\x24\xdd\x67\x6f\x39\x7a\xc4\xaa\x5e\x3d\xe2\x58\xb0\x4d\x70\x98\x84\x61\xe8\x1b\xe3\x69\x18\x0e\xce\xfb\x47\x50\xa0\x4e\xff\xf0\x24\x1f\xbd\xb2\xce\xf5\x27\xfc\xec\x2f\x53\xaa\x73\x7b\x03\x3d\x74\x6e\xe6\x16\x9e\xeb\xa5\x2e\xc4\xbf\x56\x27\x50\x2b\x62\xba\xbe\x4b\x1c\x3c\x55\x5c\x41\x1d\x24\xbe\x82\x20\x47\x5d\xd5\x44\x7e\x7a\x16\x68\xdf\x7d\x4d\x51\x70\x78\x57\x1d\x33\x1e\xfd\x02\x99\x9c\x0c\xcd\x0a\x05\x4f\xc7\xbb\x8e\xa4\x75\xfa\x4a\x6d\xb1\x80\x8e\x09\x56\xb9\x9c\x1a\x60\xfe\x5d\xc1\xd7\x7a\xdc\x11\x78\xd0\xd6\x5d\xc1\xb7\xd5\xad\x32\x99\x03\x3a\x8a\xcc\x54\x25\x39\x31\x81\x7b\x13\x22\x51\xba\x46\x6c\xa1\xbb\x9e\xfa\x04\x6c\x49\x26\x74\x8f\xd2\x73\xeb\xcc\x30\xa2\xe6\xea\x59\x22\x87\xf8\x97\xf5\x0e\xfd\xea\xcc\x92\xa4\x16\xc4\x52\x18\xea\x21\xce\xb1\xf1\xe6\x84\x81\xe5\xba\xa9\x86\x28\xf2\x43\x5a\x5d\x12\x9d\xac\x1e\xd9\xa8\xe5\x0a\x6a\xa7\x7f\xa0\x87\x29\xcf\xf2\x89\x4d\xd4\xec\xc5\xe2\xe6\x7a\xd0\x36\x23\x8a\x4a\x74\x36\xf9", + ["QuoVadis Root CA 2"] = "\x30\x82\x05\xb7\x30\x82\x03\x9f\xa0\x03\x02\x01\x02\x02\x02\x05\x09\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x32\x30\x1e\x17\x0d\x30\x36\x31\x31\x32\x34\x31\x38\x32\x37\x30\x30\x5a\x17\x0d\x33\x31\x31\x31\x32\x34\x31\x38\x32\x33\x33\x33\x5a\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x32\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\x9a\x18\xca\x4b\x94\x0d\x00\x2d\xaf\x03\x29\x8a\xf0\x0f\x81\xc8\xae\x4c\x19\x85\x1d\x08\x9f\xab\x29\x44\x85\xf3\x2f\x81\xad\x32\x1e\x90\x46\xbf\xa3\x86\x26\x1a\x1e\xfe\x7e\x1c\x18\x3a\x5c\x9c\x60\x17\x2a\x3a\x74\x83\x33\x30\x7d\x61\x54\x11\xcb\xed\xab\xe0\xe6\xd2\xa2\x7e\xf5\x6b\x6f\x18\xb7\x0a\x0b\x2d\xfd\xe9\x3e\xef\x0a\xc6\xb3\x10\xe9\xdc\xc2\x46\x17\xf8\x5d\xfd\xa4\xda\xff\x9e\x49\x5a\x9c\xe6\x33\xe6\x24\x96\xf7\x3f\xba\x5b\x2b\x1c\x7a\x35\xc2\xd6\x67\xfe\xab\x66\x50\x8b\x6d\x28\x60\x2b\xef\xd7\x60\xc3\xc7\x93\xbc\x8d\x36\x91\xf3\x7f\xf8\xdb\x11\x13\xc4\x9c\x77\x76\xc1\xae\xb7\x02\x6a\x81\x7a\xa9\x45\x83\xe2\x05\xe6\xb9\x56\xc1\x94\x37\x8f\x48\x71\x63\x22\xec\x17\x65\x07\x95\x8a\x4b\xdf\x8f\xc6\x5a\x0a\xe5\xb0\xe3\x5f\x5e\x6b\x11\xab\x0c\xf9\x85\xeb\x44\xe9\xf8\x04\x73\xf2\xe9\xfe\x5c\x98\x8c\xf5\x73\xaf\x6b\xb4\x7e\xcd\xd4\x5c\x02\x2b\x4c\x39\xe1\xb2\x95\x95\x2d\x42\x87\xd7\xd5\xb3\x90\x43\xb7\x6c\x13\xf1\xde\xdd\xf6\xc4\xf8\x89\x3f\xd1\x75\xf5\x92\xc3\x91\xd5\x8a\x88\xd0\x90\xec\xdc\x6d\xde\x89\xc2\x65\x71\x96\x8b\x0d\x03\xfd\x9c\xbf\x5b\x16\xac\x92\xdb\xea\xfe\x79\x7c\xad\xeb\xaf\xf7\x16\xcb\xdb\xcd\x25\x2b\xe5\x1f\xfb\x9a\x9f\xe2\x51\xcc\x3a\x53\x0c\x48\xe6\x0e\xbd\xc9\xb4\x76\x06\x52\xe6\x11\x13\x85\x72\x63\x03\x04\xe0\x04\x36\x2b\x20\x19\x02\xe8\x74\xa7\x1f\xb6\xc9\x56\x66\xf0\x75\x25\xdc\x67\xc1\x0e\x61\x60\x88\xb3\x3e\xd1\xa8\xfc\xa3\xda\x1d\xb0\xd1\xb1\x23\x54\xdf\x44\x76\x6d\xed\x41\xd8\xc1\xb2\x22\xb6\x53\x1c\xdf\x35\x1d\xdc\xa1\x77\x2a\x31\xe4\x2d\xf5\xe5\xe5\xdb\xc8\xe0\xff\xe5\x80\xd7\x0b\x63\xa0\xff\x33\xa1\x0f\xba\x2c\x15\x15\xea\x97\xb3\xd2\xa2\xb5\xbe\xf2\x8c\x96\x1e\x1a\x8f\x1d\x6c\xa4\x61\x37\xb9\x86\x73\x33\xd7\x97\x96\x9e\x23\x7d\x82\xa4\x4c\x81\xe2\xa1\xd1\xba\x67\x5f\x95\x07\xa3\x27\x11\xee\x16\x10\x7b\xbc\x45\x4a\x4c\xb2\x04\xd2\xab\xef\xd5\xfd\x0c\x51\xce\x50\x6a\x08\x31\xf9\x91\xda\x0c\x8f\x64\x5c\x03\xc3\x3a\x8b\x20\x3f\x6e\x8d\x67\x3d\x3a\xd6\xfe\x7d\x5b\x88\xc9\x5e\xfb\xcc\x61\xdc\x8b\x33\x77\xd3\x44\x32\x35\x09\x62\x04\x92\x16\x10\xd8\x9e\x27\x47\xfb\x3b\x21\xe3\xf8\xeb\x1d\x5b\x02\x03\x01\x00\x01\xa3\x81\xb0\x30\x81\xad\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x1a\x84\x62\xbc\x48\x4c\x33\x25\x04\xd4\xee\xd0\xf6\x03\xc4\x19\x46\xd1\x94\x6b\x30\x6e\x06\x03\x55\x1d\x23\x04\x67\x30\x65\x80\x14\x1a\x84\x62\xbc\x48\x4c\x33\x25\x04\xd4\xee\xd0\xf6\x03\xc4\x19\x46\xd1\x94\x6b\xa1\x49\xa4\x47\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x32\x82\x02\x05\x09\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x3e\x0a\x16\x4d\x9f\x06\x5b\xa8\xae\x71\x5d\x2f\x05\x2f\x67\xe6\x13\x45\x83\xc4\x36\xf6\xf3\xc0\x26\x0c\x0d\xb5\x47\x64\x5d\xf8\xb4\x72\xc9\x46\xa5\x03\x18\x27\x55\x89\x78\x7d\x76\xea\x96\x34\x80\x17\x20\xdc\xe7\x83\xf8\x8d\xfc\x07\xb8\xda\x5f\x4d\x2e\x67\xb2\x84\xfd\xd9\x44\xfc\x77\x50\x81\xe6\x7c\xb4\xc9\x0d\x0b\x72\x53\xf8\x76\x07\x07\x41\x47\x96\x0c\xfb\xe0\x82\x26\x93\x55\x8c\xfe\x22\x1f\x60\x65\x7c\x5f\xe7\x26\xb3\xf7\x32\x90\x98\x50\xd4\x37\x71\x55\xf6\x92\x21\x78\xf7\x95\x79\xfa\xf8\x2d\x26\x87\x66\x56\x30\x77\xa6\x37\x78\x33\x52\x10\x58\xae\x3f\x61\x8e\xf2\x6a\xb1\xef\x18\x7e\x4a\x59\x63\xca\x8d\xa2\x56\xd5\xa7\x2f\xbc\x56\x1f\xcf\x39\xc1\xe2\xfb\x0a\xa8\x15\x2c\x7d\x4d\x7a\x63\xc6\x6c\x97\x44\x3c\xd2\x6f\xc3\x4a\x17\x0a\xf8\x90\xd2\x57\xa2\x19\x51\xa5\x2d\x97\x41\xda\x07\x4f\xa9\x50\xda\x90\x8d\x94\x46\xe1\x3e\xf0\x94\xfd\x10\x00\x38\xf5\x3b\xe8\x40\xe1\xb4\x6e\x56\x1a\x20\xcc\x6f\x58\x8d\xed\x2e\x45\x8f\xd6\xe9\x93\x3f\xe7\xb1\x2c\xdf\x3a\xd6\x22\x8c\xdc\x84\xbb\x22\x6f\xd0\xf8\xe4\xc6\x39\xe9\x04\x88\x3c\xc3\xba\xeb\x55\x7a\x6d\x80\x99\x24\xf5\x6c\x01\xfb\xf8\x97\xb0\x94\x5b\xeb\xfd\xd2\x6f\xf1\x77\x68\x0d\x35\x64\x23\xac\xb8\x55\xa1\x03\xd1\x4d\x42\x19\xdc\xf8\x75\x59\x56\xa3\xf9\xa8\x49\x79\xf8\xaf\x0e\xb9\x11\xa0\x7c\xb7\x6a\xed\x34\xd0\xb6\x26\x62\x38\x1a\x87\x0c\xf8\xe8\xfd\x2e\xd3\x90\x7f\x07\x91\x2a\x1d\xd6\x7e\x5c\x85\x83\x99\xb0\x38\x08\x3f\xe9\x5e\xf9\x35\x07\xe4\xc9\x62\x6e\x57\x7f\xa7\x50\x95\xf7\xba\xc8\x9b\xe6\x8e\xa2\x01\xc5\xd6\x66\xbf\x79\x61\xf3\x3c\x1c\xe1\xb9\x82\x5c\x5d\xa0\xc3\xe9\xd8\x48\xbd\x19\xa2\x11\x14\x19\x6e\xb2\x86\x1b\x68\x3e\x48\x37\x1a\x88\xb7\x5d\x96\x5e\x9c\xc7\xef\x27\x62\x08\xe2\x91\x19\x5c\xd2\xf1\x21\xdd\xba\x17\x42\x82\x97\x71\x81\x53\x31\xa9\x9f\xf6\x7d\x62\xbf\x72\xe1\xa3\x93\x1d\xcc\x8a\x26\x5a\x09\x38\xd0\xce\xd7\x0d\x80\x16\xb4\x78\xa5\x3a\x87\x4c\x8d\x8a\xa5\xd5\x46\x97\xf2\x2c\x10\xb9\xbc\x54\x22\xc0\x01\x50\x69\x43\x9e\xf4\xb2\xef\x6d\xf8\xec\xda\xf1\xe3\xb1\xef\xdf\x91\x8f\x54\x2a\x0b\x25\xc1\x26\x19\xc4\x52\x10\x05\x65\xd5\x82\x10\xea\xc2\x31\xcd\x2e", + ["QuoVadis Root CA 3"] = "\x30\x82\x06\x9d\x30\x82\x04\x85\xa0\x03\x02\x01\x02\x02\x02\x05\xc6\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x33\x30\x1e\x17\x0d\x30\x36\x31\x31\x32\x34\x31\x39\x31\x31\x32\x33\x5a\x17\x0d\x33\x31\x31\x31\x32\x34\x31\x39\x30\x36\x34\x34\x5a\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x33\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xcc\x57\x42\x16\x54\x9c\xe6\x98\xd3\xd3\x4d\xee\xfe\xed\xc7\x9f\x43\x39\x4a\x65\xb3\xe8\x16\x88\x34\xdb\x0d\x59\x91\x74\xcf\x92\xb8\x04\x40\xad\x02\x4b\x31\xab\xbc\x8d\x91\x68\xd8\x20\x0e\x1a\x01\xe2\x1a\x7b\x4e\x17\x5d\xe2\x8a\xb7\x3f\x99\x1a\xcd\xeb\x61\xab\xc2\x65\xa6\x1f\xb7\xb7\xbd\xb7\x8f\xfc\xfd\x70\x8f\x0b\xa0\x67\xbe\x01\xa2\x59\xcf\x71\xe6\x0f\x29\x76\xff\xb1\x56\x79\x45\x2b\x1f\x9e\x7a\x54\xe8\xa3\x29\x35\x68\xa4\x01\x4f\x0f\xa4\x2e\x37\xef\x1b\xbf\xe3\x8f\x10\xa8\x72\xab\x58\x57\xe7\x54\x86\xc8\xc9\xf3\x5b\xda\x2c\xda\x5d\x8e\x6e\x3c\xa3\x3e\xda\xfb\x82\xe5\xdd\xf2\x5c\xb2\x05\x33\x6f\x8a\x36\xce\xd0\x13\x4e\xff\xbf\x4a\x0c\x34\x4c\xa6\xc3\x21\xbd\x50\x04\x55\xeb\xb1\xbb\x9d\xfb\x45\x1e\x64\x15\xde\x55\x01\x8c\x02\x76\xb5\xcb\xa1\x3f\x42\x69\xbc\x2f\xbd\x68\x43\x16\x56\x89\x2a\x37\x61\x91\xfd\xa6\xae\x4e\xc0\xcb\x14\x65\x94\x37\x4b\x92\x06\xef\x04\xd0\xc8\x9c\x88\xdb\x0b\x7b\x81\xaf\xb1\x3d\x2a\xc4\x65\x3a\x78\xb6\xee\xdc\x80\xb1\xd2\xd3\x99\x9c\x3a\xee\x6b\x5a\x6b\xb3\x8d\xb7\xd5\xce\x9c\xc2\xbe\xa5\x4b\x2f\x16\xb1\x9e\x68\x3b\x06\x6f\xae\x7d\x9f\xf8\xde\xec\xcc\x29\xa7\x98\xa3\x25\x43\x2f\xef\xf1\x5f\x26\xe1\x88\x4d\xf8\x5e\x6e\xd7\xd9\x14\x6e\x19\x33\x69\xa7\x3b\x84\x89\x93\xc4\x53\x55\x13\xa1\x51\x78\x40\xf8\xb8\xc9\xa2\xee\x7b\xba\x52\x42\x83\x9e\x14\xed\x05\x52\x5a\x59\x56\xa7\x97\xfc\x9d\x3f\x0a\x29\xd8\xdc\x4f\x91\x0e\x13\xbc\xde\x95\xa4\xdf\x8b\x99\xbe\xac\x9b\x33\x88\xef\xb5\x81\xaf\x1b\xc6\x22\x53\xc8\xf6\xc7\xee\x97\x14\xb0\xc5\x7c\x78\x52\xc8\xf0\xce\x6e\x77\x60\x84\xa6\xe9\x2a\x76\x20\xed\x58\x01\x17\x30\x93\xe9\x1a\x8b\xe0\x73\x63\xd9\x6a\x92\x94\x49\x4e\xb4\xad\x4a\x85\xc4\xa3\x22\x30\xfc\x09\xed\x68\x22\x73\xa6\x88\x0c\x55\x21\x58\xc5\xe1\x3a\x9f\x2a\xdd\xca\xe1\x90\xe0\xd9\x73\xab\x6c\x80\xb8\xe8\x0b\x64\x93\xa0\x9c\x8c\x19\xff\xb3\xd2\x0c\xec\x91\x26\x87\x8a\xb3\xa2\xe1\x70\x8f\x2c\x0a\xe5\xcd\x6d\x68\x51\xeb\xda\x3f\x05\x7f\x8b\x32\xe6\x13\x5c\x6b\xfe\x5f\x40\xe2\x22\xc8\xb4\xb4\x64\x4f\xd6\xba\x7d\x48\x3e\xa8\x69\x0c\xd7\xbb\x86\x71\xc9\x73\xb8\x3f\x3b\x9d\x25\x4b\xda\xff\x40\xeb\x02\x03\x01\x00\x01\xa3\x82\x01\x95\x30\x82\x01\x91\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\xe1\x06\x03\x55\x1d\x20\x04\x81\xd9\x30\x81\xd6\x30\x81\xd3\x06\x09\x2b\x06\x01\x04\x01\xbe\x58\x00\x03\x30\x81\xc5\x30\x81\x93\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x81\x86\x1a\x81\x83\x41\x6e\x79\x20\x75\x73\x65\x20\x6f\x66\x20\x74\x68\x69\x73\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x63\x6f\x6e\x73\x74\x69\x74\x75\x74\x65\x73\x20\x61\x63\x63\x65\x70\x74\x61\x6e\x63\x65\x20\x6f\x66\x20\x74\x68\x65\x20\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x33\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x50\x6f\x6c\x69\x63\x79\x20\x2f\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x50\x72\x61\x63\x74\x69\x63\x65\x20\x53\x74\x61\x74\x65\x6d\x65\x6e\x74\x2e\x30\x2d\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x21\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x71\x75\x6f\x76\x61\x64\x69\x73\x67\x6c\x6f\x62\x61\x6c\x2e\x63\x6f\x6d\x2f\x63\x70\x73\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xf2\xc0\x13\xe0\x82\x43\x3e\xfb\xee\x2f\x67\x32\x96\x35\x5c\xdb\xb8\xcb\x02\xd0\x30\x6e\x06\x03\x55\x1d\x23\x04\x67\x30\x65\x80\x14\xf2\xc0\x13\xe0\x82\x43\x3e\xfb\xee\x2f\x67\x32\x96\x35\x5c\xdb\xb8\xcb\x02\xd0\xa1\x49\xa4\x47\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x33\x82\x02\x05\xc6\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x4f\xad\xa0\x2c\x4c\xfa\xc0\xf2\x6f\xf7\x66\x55\xab\x23\x34\xee\xe7\x29\xda\xc3\x5b\xb6\xb0\x83\xd9\xd0\xd0\xe2\x21\xfb\xf3\x60\xa7\x3b\x5d\x60\x53\x27\xa2\x9b\xf6\x08\x22\x2a\xe7\xbf\xa0\x72\xe5\x9c\x24\x6a\x31\xb1\x90\x7a\x27\xdb\x84\x11\x89\x27\xa6\x77\x5a\x38\xd7\xbf\xac\x86\xfc\xee\x5d\x83\xbc\x06\xc6\xd1\x77\x6b\x0f\x6d\x24\x2f\x4b\x7a\x6c\xa7\x07\x96\xca\xe3\x84\x9f\xad\x88\x8b\x1d\xab\x16\x8d\x5b\x66\x17\xd9\x16\xf4\x8b\x80\xd2\xdd\xf8\xb2\x76\xc3\xfc\x38\x13\xaa\x0c\xde\x42\x69\x2b\x6e\xf3\x3c\xeb\x80\x27\xdb\xf5\xa6\x44\x0d\x9f\x5a\x55\x59\x0b\xd5\x0d\x52\x48\xc5\xae\x9f\xf2\x2f\x80\xc5\xea\x32\x50\x35\x12\x97\x2e\xc1\xe1\xff\xf1\x23\x88\x51\x38\x9f\xf2\x66\x56\x76\xe7\x0f\x51\x97\xa5\x52\x0c\x4d\x49\x51\x95\x36\x3d\xbf\xa2\x4b\x0c\x10\x1d\x86\x99\x4c\xaa\xf3\x72\x11\x93\xe4\xea\xf6\x9b\xda\xa8\x5d\xa7\x4d\xb7\x9e\x02\xae\x73\x00\xc8\xda\x23\x03\xe8\xf9\xea\x19\x74\x62\x00\x94\xcb\x22\x20\xbe\x94\xa7\x59\xb5\x82\x6a\xbe\x99\x79\x7a\xa9\xf2\x4a\x24\x52\xf7\x74\xfd\xba\x4e\xe6\xa8\x1d\x02\x6e\xb1\x0d\x80\x44\xc1\xae\xd3\x23\x37\x5f\xbb\x85\x7c\x2b\x92\x2e\xe8\x7e\xa5\x8b\xdd\x99\xe1\xbf\x27\x6f\x2d\x5d\xaa\x7b\x87\xfe\x0a\xdd\x4b\xfc\x8e\xf5\x26\xe4\x6e\x70\x42\x6e\x33\xec\x31\x9e\x7b\x93\xc1\xe4\xc9\x69\x1a\x3d\xc0\x6b\x4e\x22\x6d\xee\xab\x58\x4d\xc6\xd0\x41\xc1\x2b\xea\x4f\x12\x87\x5e\xeb\x45\xd8\x6c\xf5\x98\x02\xd3\xa0\xd8\x55\x8a\x06\x99\x19\xa2\xa0\x77\xd1\x30\x9e\xac\xcc\x75\xee\x83\xf5\xb0\x62\x39\xcf\x6c\x57\xe2\x4c\xd2\x91\x0b\x0e\x75\x28\x1b\x9a\xbf\xfd\x1a\x43\xf1\xca\x77\xfb\x3b\x8f\x61\xb8\x69\x28\x16\x42\x04\x5e\x70\x2a\x1c\x21\xd8\x8f\xe1\xbd\x23\x5b\x2d\x74\x40\x92\xd9\x63\x19\x0d\x73\xdd\x69\xbc\x62\x47\xbc\xe0\x74\x2b\xb2\xeb\x7d\xbe\x41\x1b\xb5\xc0\x46\xc5\xa1\x22\xcb\x5f\x4e\xc1\x28\x92\xde\x18\xba\xd5\x2a\x28\xbb\x11\x8b\x17\x93\x98\x99\x60\x94\x5c\x23\xcf\x5a\x27\x97\x5e\x0b\x05\x06\x93\x37\x1e\x3b\x69\x36\xeb\xa9\x9e\x61\x1d\x8f\x32\xda\x8e\x0c\xd6\x74\x3e\x7b\x09\x24\xda\x01\x77\x47\xc4\x3b\xcd\x34\x8c\x99\xf5\xca\xe1\x25\x61\x33\xb2\x59\x1b\xe2\x6e\xd7\x37\x57\xb6\x0d\xa9\x12\xda", + ["Security Communication Root CA"] = "\x30\x82\x03\x5a\x30\x82\x02\x42\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x50\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x18\x30\x16\x06\x03\x55\x04\x0a\x13\x0f\x53\x45\x43\x4f\x4d\x20\x54\x72\x75\x73\x74\x2e\x6e\x65\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0b\x13\x1e\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6f\x6d\x6d\x75\x6e\x69\x63\x61\x74\x69\x6f\x6e\x20\x52\x6f\x6f\x74\x43\x41\x31\x30\x1e\x17\x0d\x30\x33\x30\x39\x33\x30\x30\x34\x32\x30\x34\x39\x5a\x17\x0d\x32\x33\x30\x39\x33\x30\x30\x34\x32\x30\x34\x39\x5a\x30\x50\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x18\x30\x16\x06\x03\x55\x04\x0a\x13\x0f\x53\x45\x43\x4f\x4d\x20\x54\x72\x75\x73\x74\x2e\x6e\x65\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0b\x13\x1e\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6f\x6d\x6d\x75\x6e\x69\x63\x61\x74\x69\x6f\x6e\x20\x52\x6f\x6f\x74\x43\x41\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb3\xb3\xfe\x7f\xd3\x6d\xb1\xef\x16\x7c\x57\xa5\x0c\x6d\x76\x8a\x2f\x4b\xbf\x64\xfb\x4c\xee\x8a\xf0\xf3\x29\x7c\xf5\xff\xee\x2a\xe0\xe9\xe9\xba\x5b\x64\x22\x9a\x9a\x6f\x2c\x3a\x26\x69\x51\x05\x99\x26\xdc\xd5\x1c\x6a\x71\xc6\x9a\x7d\x1e\x9d\xdd\x7c\x6c\xc6\x8c\x67\x67\x4a\x3e\xf8\x71\xb0\x19\x27\xa9\x09\x0c\xa6\x95\xbf\x4b\x8c\x0c\xfa\x55\x98\x3b\xd8\xe8\x22\xa1\x4b\x71\x38\x79\xac\x97\x92\x69\xb3\x89\x7e\xea\x21\x68\x06\x98\x14\x96\x87\xd2\x61\x36\xbc\x6d\x27\x56\x9e\x57\xee\xc0\xc0\x56\xfd\x32\xcf\xa4\xd9\x8e\xc2\x23\xd7\x8d\xa8\xf3\xd8\x25\xac\x97\xe4\x70\x38\xf4\xb6\x3a\xb4\x9d\x3b\x97\x26\x43\xa3\xa1\xbc\x49\x59\x72\x4c\x23\x30\x87\x01\x58\xf6\x4e\xbe\x1c\x68\x56\x66\xaf\xcd\x41\x5d\xc8\xb3\x4d\x2a\x55\x46\xab\x1f\xda\x1e\xe2\x40\x3d\xdb\xcd\x7d\xb9\x92\x80\x9c\x37\xdd\x0c\x96\x64\x9d\xdc\x22\xf7\x64\x8b\xdf\x61\xde\x15\x94\x52\x15\xa0\x7d\x52\xc9\x4b\xa8\x21\xc9\xc6\xb1\xed\xcb\xc3\x95\x60\xd1\x0f\xf0\xab\x70\xf8\xdf\xcb\x4d\x7e\xec\xd6\xfa\xab\xd9\xbd\x7f\x54\xf2\xa5\xe9\x79\xfa\xd9\xd6\x76\x24\x28\x73\x02\x03\x01\x00\x01\xa3\x3f\x30\x3d\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xa0\x73\x49\x99\x68\xdc\x85\x5b\x65\xe3\x9b\x28\x2f\x57\x9f\xbd\x33\xbc\x07\x48\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x68\x40\xa9\xa8\xbb\xe4\x4f\x5d\x79\xb3\x05\xb5\x17\xb3\x60\x13\xeb\xc6\x92\x5d\xe0\xd1\xd3\x6a\xfe\xfb\xbe\x9b\x6d\xbf\xc7\x05\x6d\x59\x20\xc4\x1c\xf0\xb7\xda\x84\x58\x02\x63\xfa\x48\x16\xef\x4f\xa5\x0b\xf7\x4a\x98\xf2\x3f\x9e\x1b\xad\x47\x6b\x63\xce\x08\x47\xeb\x52\x3f\x78\x9c\xaf\x4d\xae\xf8\xd5\x4f\xcf\x9a\x98\x2a\x10\x41\x39\x52\xc4\xdd\xd9\x9b\x0e\xef\x93\x01\xae\xb2\x2e\xca\x68\x42\x24\x42\x6c\xb0\xb3\x3a\x3e\xcd\xe9\xda\x48\xc4\x15\xcb\xe9\xf9\x07\x0f\x92\x50\x49\x8a\xdd\x31\x97\x5f\xc9\xe9\x37\xaa\x3b\x59\x65\x97\x94\x32\xc9\xb3\x9f\x3e\x3a\x62\x58\xc5\x49\xad\x62\x0e\x71\xa5\x32\xaa\x2f\xc6\x89\x76\x43\x40\x13\x13\x67\x3d\xa2\x54\x25\x10\xcb\xf1\x3a\xf2\xd9\xfa\xdb\x49\x56\xbb\xa6\xfe\xa7\x41\x35\xc3\xe0\x88\x61\xc9\x88\xc7\xdf\x36\x10\x22\x98\x59\xea\xb0\x4a\xfb\x56\x16\x73\x6e\xac\x4d\xf7\x22\xa1\x4f\xad\x1d\x7a\x2d\x45\x27\xe5\x30\xc1\x5e\xf2\xda\x13\xcb\x25\x42\x51\x95\x47\x03\x8c\x6c\x21\xcc\x74\x42\xed\x53\xff\x33\x8b\x8f\x0f\x57\x01\x16\x2f\xcf\xa6\xee\xc9\x70\x22\x14\xbd\xfd\xbe\x6c\x0b\x03", + ["Sonera Class 2 Root CA"] = "\x30\x82\x03\x20\x30\x82\x02\x08\xa0\x03\x02\x01\x02\x02\x01\x1d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x39\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x49\x31\x0f\x30\x0d\x06\x03\x55\x04\x0a\x13\x06\x53\x6f\x6e\x65\x72\x61\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x6f\x6e\x65\x72\x61\x20\x43\x6c\x61\x73\x73\x32\x20\x43\x41\x30\x1e\x17\x0d\x30\x31\x30\x34\x30\x36\x30\x37\x32\x39\x34\x30\x5a\x17\x0d\x32\x31\x30\x34\x30\x36\x30\x37\x32\x39\x34\x30\x5a\x30\x39\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x49\x31\x0f\x30\x0d\x06\x03\x55\x04\x0a\x13\x06\x53\x6f\x6e\x65\x72\x61\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x6f\x6e\x65\x72\x61\x20\x43\x6c\x61\x73\x73\x32\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x90\x17\x4a\x35\x9d\xca\xf0\x0d\x96\xc7\x44\xfa\x16\x37\xfc\x48\xbd\xbd\x7f\x80\x2d\x35\x3b\xe1\x6f\xa8\x67\xa9\xbf\x03\x1c\x4d\x8c\x6f\x32\x47\xd5\x41\x68\xa4\x13\x04\xc1\x35\x0c\x9a\x84\x43\xfc\x5c\x1d\xff\x89\xb3\xe8\x17\x18\xcd\x91\x5f\xfb\x89\xe3\xea\xbf\x4e\x5d\x7c\x1b\x26\xd3\x75\x79\xed\xe6\x84\xe3\x57\xe5\xad\x29\xc4\xf4\x3a\x28\xe7\xa5\x7b\x84\x36\x69\xb3\xfd\x5e\x76\xbd\xa3\x2d\x99\xd3\x90\x4e\x23\x28\x7d\x18\x63\xf1\x54\x3b\x26\x9d\x76\x5b\x97\x42\xb2\xff\xae\xf0\x4e\xec\xdd\x39\x95\x4e\x83\x06\x7f\xe7\x49\x40\xc8\xc5\x01\xb2\x54\x5a\x66\x1d\x3d\xfc\xf9\xe9\x3c\x0a\x9e\x81\xb8\x70\xf0\x01\x8b\xe4\x23\x54\x7c\xc8\xae\xf8\x90\x1e\x00\x96\x72\xd4\x54\xcf\x61\x23\xbc\xea\xfb\x9d\x02\x95\xd1\xb6\xb9\x71\x3a\x69\x08\x3f\x0f\xb4\xe1\x42\xc7\x88\xf5\x3f\x98\xa8\xa7\xba\x1c\xe0\x71\x71\xef\x58\x57\x81\x50\x7a\x5c\x6b\x74\x46\x0e\x83\x03\x98\xc3\x8e\xa8\x6e\xf2\x76\x32\x6e\x27\x83\xc2\x73\xf3\xdc\x18\xe8\xb4\x93\xea\x75\x44\x6b\x04\x60\x20\x71\x57\x87\x9d\xf3\xbe\xa0\x90\x23\x3d\x8a\x24\xe1\xda\x21\xdb\xc3\x02\x03\x01\x00\x01\xa3\x33\x30\x31\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x11\x06\x03\x55\x1d\x0e\x04\x0a\x04\x08\x4a\xa0\xaa\x58\x84\xd3\x5e\x3c\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5a\xce\x87\xf9\x16\x72\x15\x57\x4b\x1d\xd9\x9b\xe7\xa2\x26\x30\xec\x93\x67\xdf\xd6\x2d\xd2\x34\xaf\xf7\x38\xa5\xce\xab\x16\xb9\xab\x2f\x7c\x35\xcb\xac\xd0\x0f\xb4\x4c\x2b\xfc\x80\xef\x6b\x8c\x91\x5f\x36\x76\xf7\xdb\xb3\x1b\x19\xea\xf4\xb2\x11\xfd\x61\x71\x44\xbf\x28\xb3\x3a\x1d\xbf\xb3\x43\xe8\x9f\xbf\xdc\x31\x08\x71\xb0\x9d\x8d\xd6\x34\x47\x32\x90\xc6\x65\x24\xf7\xa0\x4a\x7c\x04\x73\x8f\x39\x6f\x17\x8c\x72\xb5\xbd\x4b\xc8\x7a\xf8\x7b\x83\xc3\x28\x4e\x9c\x09\xea\x67\x3f\xb2\x67\x04\x1b\xc3\x14\xda\xf8\xe7\x49\x24\x91\xd0\x1d\x6a\xfa\x61\x39\xef\x6b\xe7\x21\x75\x06\x07\xd8\x12\xb4\x21\x20\x70\x42\x71\x81\xda\x3c\x9a\x36\xbe\xa6\x5b\x0d\x6a\x6c\x9a\x1f\x91\x7b\xf9\xf9\xef\x42\xba\x4e\x4e\x9e\xcc\x0c\x8d\x94\xdc\xd9\x45\x9c\x5e\xec\x42\x50\x63\xae\xf4\x5d\xc4\xb1\x12\xdc\xca\x3b\xa8\x2e\x9d\x14\x5a\x05\x75\xb7\xec\xd7\x63\xe2\xba\x35\xb6\x04\x08\x91\xe8\xda\x9d\x9c\xf6\x66\xb5\x18\xac\x0a\xa6\x54\x26\x34\x33\xd2\x1b\xc1\xd4\x7f\x1a\x3a\x8e\x0b\xaa\x32\x6e\xdb\xfc\x4f\x25\x9f\xd9\x32\xc7\x96\x5a\x70\xac\xdf\x4c", + ["Staat der Nederlanden Root CA"] = "\x30\x82\x03\xba\x30\x82\x02\xa2\xa0\x03\x02\x01\x02\x02\x04\x00\x98\x96\x8a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x55\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4c\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x13\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1d\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x32\x31\x32\x31\x37\x30\x39\x32\x33\x34\x39\x5a\x17\x0d\x31\x35\x31\x32\x31\x36\x30\x39\x31\x35\x33\x38\x5a\x30\x55\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4c\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x13\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1d\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x98\xd2\xb5\x51\x11\x7a\x81\xa6\x14\x98\x71\x6d\xbe\xcc\xe7\x13\x1b\xd6\x27\x0e\x7a\xb3\x6a\x18\x1c\xb6\x61\x5a\xd5\x61\x09\xbf\xde\x90\x13\xc7\x67\xee\xdd\xf3\xda\xc5\x0c\x12\x9e\x35\x55\x3e\x2c\x27\x88\x40\x6b\xf7\xdc\xdd\x22\x61\xf5\xc2\xc7\x0e\xf5\xf6\xd5\x76\x53\x4d\x8f\x8c\xbc\x18\x76\x37\x85\x9d\xe8\xca\x49\xc7\xd2\x4f\x98\x13\x09\xa2\x3e\x22\x88\x9c\x7f\xd6\xf2\x10\x65\xb4\xee\x5f\x18\xd5\x17\xe3\xf8\xc5\xfd\xe2\x9d\xa2\xef\x53\x0e\x85\x77\xa2\x0f\xe1\x30\x47\xee\x00\xe7\x33\x7d\x44\x67\x1a\x0b\x51\xe8\x8b\xa0\x9e\x50\x98\x68\x34\x52\x1f\x2e\x6d\x01\xf2\x60\x45\xf2\x31\xeb\xa9\x31\x68\x29\xbb\x7a\x41\x9e\xc6\x19\x7f\x94\xb4\x51\x39\x03\x7f\xb2\xde\xa7\x32\x9b\xb4\x47\x8e\x6f\xb4\x4a\xae\xe5\xaf\xb1\xdc\xb0\x1b\x61\xbc\x99\x72\xde\xe4\x89\xb7\x7a\x26\x5d\xda\x33\x49\x5b\x52\x9c\x0e\xf5\x8a\xad\xc3\xb8\x3d\xe8\x06\x6a\xc2\xd5\x2a\x0b\x6c\x7b\x84\xbd\x56\x05\xcb\x86\x65\x92\xec\x44\x2b\xb0\x8e\xb9\xdc\x70\x0b\x46\xda\xad\xbc\x63\x88\x39\xfa\xdb\x6a\xfe\x23\xfa\xbc\xe4\x48\xf4\x67\x2b\x6a\x11\x10\x21\x49\x02\x03\x01\x00\x01\xa3\x81\x91\x30\x81\x8e\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x4f\x06\x03\x55\x1d\x20\x04\x48\x30\x46\x30\x44\x06\x04\x55\x1d\x20\x00\x30\x3c\x30\x3a\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x2e\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x70\x6b\x69\x6f\x76\x65\x72\x68\x65\x69\x64\x2e\x6e\x6c\x2f\x70\x6f\x6c\x69\x63\x69\x65\x73\x2f\x72\x6f\x6f\x74\x2d\x70\x6f\x6c\x69\x63\x79\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xa8\x7d\xeb\xbc\x63\xa4\x74\x13\x74\x00\xec\x96\xe0\xd3\x34\xc1\x2c\xbf\x6c\xf8\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x05\x84\x87\x55\x74\x36\x61\xc1\xbb\xd1\xd4\xc6\x15\xa8\x13\xb4\x9f\xa4\xfe\xbb\xee\x15\xb4\x2f\x06\x0c\x29\xf2\xa8\x92\xa4\x61\x0d\xfc\xab\x5c\x08\x5b\x51\x13\x2b\x4d\xc2\x2a\x61\xc8\xf8\x09\x58\xfc\x2d\x02\xb2\x39\x7d\x99\x66\x81\xbf\x6e\x5c\x95\x45\x20\x6c\xe6\x79\xa7\xd1\xd8\x1c\x29\xfc\xc2\x20\x27\x51\xc8\xf1\x7c\x5d\x34\x67\x69\x85\x11\x30\xc6\x00\xd2\xd7\xf3\xd3\x7c\xb6\xf0\x31\x57\x28\x12\x82\x73\xe9\x33\x2f\xa6\x55\xb4\x0b\x91\x94\x47\x9c\xfa\xbb\x7a\x42\x32\xe8\xae\x7e\x2d\xc8\xbc\xac\x14\xbf\xd9\x0f\xd9\x5b\xfc\xc1\xf9\x7a\x95\xe1\x7d\x7e\x96\xfc\x71\xb0\xc2\x4c\xc8\xdf\x45\x34\xc9\xce\x0d\xf2\x9c\x64\x08\xd0\x3b\xc3\x29\xc5\xb2\xed\x90\x04\xc1\xb1\x29\x91\xc5\x30\x6f\xc1\xa9\x72\x33\xcc\xfe\x5d\x16\x17\x2c\x11\x69\xe7\x7e\xfe\xc5\x83\x08\xdf\xbc\xdc\x22\x3a\x2e\x20\x69\x23\x39\x56\x60\x67\x90\x8b\x2e\x76\x39\xfb\x11\x88\x97\xf6\x7c\xbd\x4b\xb8\x20\x16\x67\x05\x8d\xe2\x3b\xc1\x72\x3f\x94\x95\x37\xc7\x5d\xb9\x9e\xd8\x93\xa1\x17\x8f\xff\x0c\x66\x15\xc1\x24\x7c\x32\x7c\x03\x1d\x3b\xa1\x58\x45\x32\x93", + ["TDC Internet Root CA"] = "\x30\x82\x04\x2b\x30\x82\x03\x13\xa0\x03\x02\x01\x02\x02\x04\x3a\xcc\xa5\x4c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x43\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4b\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x54\x44\x43\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x54\x44\x43\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x31\x30\x34\x30\x35\x31\x36\x33\x33\x31\x37\x5a\x17\x0d\x32\x31\x30\x34\x30\x35\x31\x37\x30\x33\x31\x37\x5a\x30\x43\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4b\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x54\x44\x43\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x54\x44\x43\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc4\xb8\x40\xbc\x91\xd5\x63\x1f\xd7\x99\xa0\x8b\x0c\x40\x1e\x74\xb7\x48\x9d\x46\x8c\x02\xb2\xe0\x24\x5f\xf0\x19\x13\xa7\x37\x83\x6b\x5d\xc7\x8e\xf9\x84\x30\xce\x1a\x3b\xfa\xfb\xce\x8b\x6d\x23\xc6\xc3\x6e\x66\x9f\x89\xa5\xdf\xe0\x42\x50\x67\xfa\x1f\x6c\x1e\xf4\xd0\x05\xd6\xbf\xca\xd6\x4e\xe4\x68\x60\x6c\x46\xaa\x1c\x5d\x63\xe1\x07\x86\x0e\x65\x00\xa7\x2e\xa6\x71\xc6\xbc\xb9\x81\xa8\x3a\x7d\x1a\xd2\xf9\xd1\xac\x4b\xcb\xce\x75\xaf\xdc\x7b\xfa\x81\x73\xd4\xfc\xba\xbd\x41\x88\xd4\x74\xb3\xf9\x5e\x38\x3a\x3c\x43\xa8\xd2\x95\x4e\x77\x6d\x13\x0c\x9d\x8f\x78\x01\xb7\x5a\x20\x1f\x03\x37\x35\xe2\x2c\xdb\x4b\x2b\x2c\x78\xb9\x49\xdb\xc4\xd0\xc7\x9c\x9c\xe4\x8a\x20\x09\x21\x16\x56\x66\xff\x05\xec\x5b\xe3\xf0\xcf\xab\x24\x24\x5e\xc3\x7f\x70\x7a\x12\xc4\xd2\xb5\x10\xa0\xb6\x21\xe1\x8d\x78\x69\x55\x44\x69\xf5\xca\x96\x1c\x34\x85\x17\x25\x77\xe2\xf6\x2f\x27\x98\x78\xfd\x79\x06\x3a\xa2\xd6\x5a\x43\xc1\xff\xec\x04\x3b\xee\x13\xef\xd3\x58\x5a\xff\x92\xeb\xec\xae\xda\xf2\x37\x03\x47\x41\xb6\x97\xc9\x2d\x0a\x41\x22\xbb\xbb\xe6\xa7\x02\x03\x01\x00\x01\xa3\x82\x01\x25\x30\x82\x01\x21\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x65\x06\x03\x55\x1d\x1f\x04\x5e\x30\x5c\x30\x5a\xa0\x58\xa0\x56\xa4\x54\x30\x52\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4b\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x54\x44\x43\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x54\x44\x43\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x20\x52\x6f\x6f\x74\x20\x43\x41\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4c\x31\x30\x2b\x06\x03\x55\x1d\x10\x04\x24\x30\x22\x80\x0f\x32\x30\x30\x31\x30\x34\x30\x35\x31\x36\x33\x33\x31\x37\x5a\x81\x0f\x32\x30\x32\x31\x30\x34\x30\x35\x31\x37\x30\x33\x31\x37\x5a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x6c\x64\x01\xc7\xfd\x85\x6d\xac\xc8\xda\x9e\x50\x08\x85\x08\xb5\x3c\x56\xa8\x50\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x6c\x64\x01\xc7\xfd\x85\x6d\xac\xc8\xda\x9e\x50\x08\x85\x08\xb5\x3c\x56\xa8\x50\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x10\x30\x0e\x1b\x08\x56\x35\x2e\x30\x3a\x34\x2e\x30\x03\x02\x04\x90\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4e\x43\xcc\xd1\xdd\x1d\x10\x1b\x06\x7f\xb7\xa4\xfa\xd3\xd9\x4d\xfb\x23\x9f\x23\x54\x5b\xe6\x8b\x2f\x04\x28\x8b\xb5\x27\x6d\x89\xa1\xec\x98\x69\xdc\xe7\x8d\x26\x83\x05\x79\x74\xec\xb4\xb9\xa3\x97\xc1\x35\x00\xfd\x15\xda\x39\x81\x3a\x95\x31\x90\xde\x97\xe9\x86\xa8\x99\x77\x0c\xe5\x5a\xa0\x84\xff\x12\x16\xac\x6e\xb8\x8d\xc3\x7b\x92\xc2\xac\x2e\xd0\x7d\x28\xec\xb6\xf3\x60\x38\x69\x6f\x3e\xd8\x04\x55\x3e\x9e\xcc\x55\xd2\xba\xfe\xbb\x47\x04\xd7\x0a\xd9\x16\x0a\x34\x29\xf5\x58\x13\xd5\x4f\xcf\x8f\x56\x4b\xb3\x1e\xee\xd3\x98\x79\xda\x08\x1e\x0c\x6f\xb8\xf8\x16\x27\xef\xc2\x6f\x3d\xf6\xa3\x4b\x3e\x0e\xe4\x6d\x6c\xdb\x3b\x41\x12\x9b\xbd\x0d\x47\x23\x7f\x3c\x4a\xd0\xaf\xc0\xaf\xf6\xef\x1b\xb5\x15\xc4\xeb\x83\xc4\x09\x5f\x74\x8b\xd9\x11\xfb\xc2\x56\xb1\x3c\xf8\x70\xca\x34\x8d\x43\x40\x13\x8c\xfd\x99\x03\x54\x79\xc6\x2e\xea\x86\xa1\xf6\x3a\xd4\x09\xbc\xf4\xbc\x66\xcc\x3d\x58\xd0\x57\x49\x0a\xee\x25\xe2\x41\xee\x13\xf9\x9b\x38\x34\xd1\x00\xf5\x7e\xe7\x94\x1d\xfc\x69\x03\x62\xb8\x99\x05\x05\x3d\x6b\x78\x12\xbd\xb0\x6f\x65", + ["TDC OCES Root CA"] = "\x30\x82\x05\x19\x30\x82\x04\x01\xa0\x03\x02\x01\x02\x02\x04\x3e\x48\xbd\xc4\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x31\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4b\x31\x0c\x30\x0a\x06\x03\x55\x04\x0a\x13\x03\x54\x44\x43\x31\x14\x30\x12\x06\x03\x55\x04\x03\x13\x0b\x54\x44\x43\x20\x4f\x43\x45\x53\x20\x43\x41\x30\x1e\x17\x0d\x30\x33\x30\x32\x31\x31\x30\x38\x33\x39\x33\x30\x5a\x17\x0d\x33\x37\x30\x32\x31\x31\x30\x39\x30\x39\x33\x30\x5a\x30\x31\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4b\x31\x0c\x30\x0a\x06\x03\x55\x04\x0a\x13\x03\x54\x44\x43\x31\x14\x30\x12\x06\x03\x55\x04\x03\x13\x0b\x54\x44\x43\x20\x4f\x43\x45\x53\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xac\x62\xf6\x61\x20\xb2\xcf\xc0\xc6\x85\xd7\xe3\x79\xe6\xcc\xed\xf2\x39\x92\xa4\x97\x2e\x64\xa3\x84\x5b\x87\x9c\x4c\xfd\xa4\xf3\xc4\x5f\x21\xbd\x56\x10\xeb\xdb\x2e\x61\xec\x93\x69\xe3\xa3\xcc\xbd\x99\xc3\x05\xfc\x06\xb8\xca\x36\x1c\xfe\x90\x8e\x49\x4c\xc4\x56\x9a\x2f\x56\xbc\xcf\x7b\x0c\xf1\x6f\x47\xa6\x0d\x43\x4d\xe2\xe9\x1d\x39\x34\xcd\x8d\x2c\xd9\x12\x98\xf9\xe3\xe1\xc1\x4a\x7c\x86\x38\xc4\xa9\xc4\x61\x88\xd2\x5e\xaf\x1a\x26\x4d\xd5\xe4\xa0\x22\x47\x84\xd9\x64\xb7\x19\x96\xfc\xec\x19\xe4\xb2\x97\x26\x4e\x4a\x4c\xcb\x8f\x24\x8b\x54\x18\x1c\x48\x61\x7b\xd5\x88\x68\xda\x5d\xb5\xea\xcd\x1a\x30\xc1\x80\x83\x76\x50\xaa\x4f\xd1\xd4\xdd\x38\xf0\xef\x16\xf4\xe1\x0c\x50\x06\xbf\xea\xfb\x7a\x49\xa1\x28\x2b\x1c\xf6\xfc\x15\x32\xa3\x74\x6a\x8f\xa9\xc3\x62\x29\x71\x31\xe5\x3b\xa4\x60\x17\x5e\x74\xe6\xda\x13\xed\xe9\x1f\x1f\x1b\xd1\xb2\x68\x73\xc6\x10\x34\x75\x46\x10\x10\xe3\x90\x00\x76\x40\xcb\x8b\xb7\x43\x09\x21\xff\xab\x4e\x93\xc6\x58\xe9\xa5\x82\xdb\x77\xc4\x3a\x99\xb1\x72\x95\x49\x04\xf0\xb7\x2b\xfa\x7b\x59\x8e\xdd\x02\x03\x01\x00\x01\xa3\x82\x02\x37\x30\x82\x02\x33\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x81\xec\x06\x03\x55\x1d\x20\x04\x81\xe4\x30\x81\xe1\x30\x81\xde\x06\x08\x2a\x81\x50\x81\x29\x01\x01\x01\x30\x81\xd1\x30\x2f\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x63\x65\x72\x74\x69\x66\x69\x6b\x61\x74\x2e\x64\x6b\x2f\x72\x65\x70\x6f\x73\x69\x74\x6f\x72\x79\x30\x81\x9d\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x81\x90\x30\x0a\x16\x03\x54\x44\x43\x30\x03\x02\x01\x01\x1a\x81\x81\x43\x65\x72\x74\x69\x66\x69\x6b\x61\x74\x65\x72\x20\x66\x72\x61\x20\x64\x65\x6e\x6e\x65\x20\x43\x41\x20\x75\x64\x73\x74\x65\x64\x65\x73\x20\x75\x6e\x64\x65\x72\x20\x4f\x49\x44\x20\x31\x2e\x32\x2e\x32\x30\x38\x2e\x31\x36\x39\x2e\x31\x2e\x31\x2e\x31\x2e\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x73\x20\x66\x72\x6f\x6d\x20\x74\x68\x69\x73\x20\x43\x41\x20\x61\x72\x65\x20\x69\x73\x73\x75\x65\x64\x20\x75\x6e\x64\x65\x72\x20\x4f\x49\x44\x20\x31\x2e\x32\x2e\x32\x30\x38\x2e\x31\x36\x39\x2e\x31\x2e\x31\x2e\x31\x2e\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x81\x81\x06\x03\x55\x1d\x1f\x04\x7a\x30\x78\x30\x48\xa0\x46\xa0\x44\xa4\x42\x30\x40\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4b\x31\x0c\x30\x0a\x06\x03\x55\x04\x0a\x13\x03\x54\x44\x43\x31\x14\x30\x12\x06\x03\x55\x04\x03\x13\x0b\x54\x44\x43\x20\x4f\x43\x45\x53\x20\x43\x41\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4c\x31\x30\x2c\xa0\x2a\xa0\x28\x86\x26\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x6f\x63\x65\x73\x2e\x63\x65\x72\x74\x69\x66\x69\x6b\x61\x74\x2e\x64\x6b\x2f\x6f\x63\x65\x73\x2e\x63\x72\x6c\x30\x2b\x06\x03\x55\x1d\x10\x04\x24\x30\x22\x80\x0f\x32\x30\x30\x33\x30\x32\x31\x31\x30\x38\x33\x39\x33\x30\x5a\x81\x0f\x32\x30\x33\x37\x30\x32\x31\x31\x30\x39\x30\x39\x33\x30\x5a\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x60\xb5\x85\xec\x56\x64\x7e\x12\x19\x27\x67\x1d\x50\x15\x4b\x73\xae\x3b\xf9\x12\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x60\xb5\x85\xec\x56\x64\x7e\x12\x19\x27\x67\x1d\x50\x15\x4b\x73\xae\x3b\xf9\x12\x30\x1d\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x10\x30\x0e\x1b\x08\x56\x36\x2e\x30\x3a\x34\x2e\x30\x03\x02\x04\x90\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x0a\xba\x26\x26\x46\xd3\x73\xa8\x09\xf3\x6b\x0b\x30\x99\xfd\x8a\xe1\x57\x7a\x11\xd3\xb8\x94\xd7\x09\x10\x6e\xa3\xb1\x38\x03\xd1\xb6\xf2\x43\x41\x29\x62\xa7\x72\xd8\xfb\x7c\x05\xe6\x31\x70\x27\x54\x18\x4e\x8a\x7c\x4e\xe5\xd1\xca\x8c\x78\x88\xcf\x1b\xd3\x90\x8b\xe6\x23\xf8\x0b\x0e\x33\x43\x7d\x9c\xe2\x0a\x19\x8f\xc9\x01\x3e\x74\x5d\x74\xc9\x8b\x1c\x03\xe5\x18\xc8\x01\x4c\x3f\xcb\x97\x05\x5d\x98\x71\xa6\x98\x6f\xb6\x7c\xbd\x37\x7f\xbe\xe1\x93\x25\x6d\x6f\xf0\x0a\xad\x17\x18\xe1\x03\xbc\x07\x29\xc8\xad\x26\xe8\xf8\x61\xf0\xfd\x21\x09\x7e\x9a\x8e\xa9\x68\x7d\x48\x62\x72\xbd\x00\xea\x01\x99\xb8\x06\x82\x51\x81\x4e\xf1\xf5\xb4\x91\x54\xb9\x23\x7a\x00\x9a\x9f\x5d\x8d\xe0\x3c\x64\xb9\x1a\x12\x92\x2a\xc7\x82\x44\x72\x39\xdc\xe2\x3c\xc6\xd8\x55\xf5\x15\x4e\xc8\x05\x0e\xdb\xc6\xd0\x62\xa6\xec\x15\xb4\xb5\x02\x82\xdb\xac\x8c\xa2\x81\xf0\x9b\x99\x31\xf5\x20\x20\xa8\x88\x61\x0a\x07\x9f\x94\xfc\xd0\xd7\x1b\xcc\x2e\x17\xf3\x04\x27\x76\x67\xeb\x54\x83\xfd\xa4\x90\x7e\x06\x3d\x04\xa3\x43\x2d\xda\xfc\x0b\x62\xea\x2f\x5f\x62\x53", + ["UTN DATACorp SGC Root CA"] = "\x30\x82\x04\x5e\x30\x82\x03\x46\xa0\x03\x02\x01\x02\x02\x10\x44\xbe\x0c\x8b\x50\x00\x21\xb4\x11\xd3\x2a\x68\x06\xa9\xad\x69\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x93\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0e\x53\x61\x6c\x74\x20\x4c\x61\x6b\x65\x20\x43\x69\x74\x79\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x21\x30\x1f\x06\x03\x55\x04\x0b\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x55\x54\x4e\x20\x2d\x20\x44\x41\x54\x41\x43\x6f\x72\x70\x20\x53\x47\x43\x30\x1e\x17\x0d\x39\x39\x30\x36\x32\x34\x31\x38\x35\x37\x32\x31\x5a\x17\x0d\x31\x39\x30\x36\x32\x34\x31\x39\x30\x36\x33\x30\x5a\x30\x81\x93\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0e\x53\x61\x6c\x74\x20\x4c\x61\x6b\x65\x20\x43\x69\x74\x79\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x21\x30\x1f\x06\x03\x55\x04\x0b\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x55\x54\x4e\x20\x2d\x20\x44\x41\x54\x41\x43\x6f\x72\x70\x20\x53\x47\x43\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xdf\xee\x58\x10\xa2\x2b\x6e\x55\xc4\x8e\xbf\x2e\x46\x09\xe7\xe0\x08\x0f\x2e\x2b\x7a\x13\x94\x1b\xbd\xf6\xb6\x80\x8e\x65\x05\x93\x00\x1e\xbc\xaf\xe2\x0f\x8e\x19\x0d\x12\x47\xec\xac\xad\xa3\xfa\x2e\x70\xf8\xde\x6e\xfb\x56\x42\x15\x9e\x2e\x5c\xef\x23\xde\x21\xb9\x05\x76\x27\x19\x0f\x4f\xd6\xc3\x9c\xb4\xbe\x94\x19\x63\xf2\xa6\x11\x0a\xeb\x53\x48\x9c\xbe\xf2\x29\x3b\x16\xe8\x1a\xa0\x4c\xa6\xc9\xf4\x18\x59\x68\xc0\x70\xf2\x53\x00\xc0\x5e\x50\x82\xa5\x56\x6f\x36\xf9\x4a\xe0\x44\x86\xa0\x4d\x4e\xd6\x47\x6e\x49\x4a\xcb\x67\xd7\xa6\xc4\x05\xb9\x8e\x1e\xf4\xfc\xff\xcd\xe7\x36\xe0\x9c\x05\x6c\xb2\x33\x22\x15\xd0\xb4\xe0\xcc\x17\xc0\xb2\xc0\xf4\xfe\x32\x3f\x29\x2a\x95\x7b\xd8\xf2\xa7\x4e\x0f\x54\x7c\xa1\x0d\x80\xb3\x09\x03\xc1\xff\x5c\xdd\x5e\x9a\x3e\xbc\xae\xbc\x47\x8a\x6a\xae\x71\xca\x1f\xb1\x2a\xb8\x5f\x42\x05\x0b\xec\x46\x30\xd1\x72\x0b\xca\xe9\x56\x6d\xf5\xef\xdf\x78\xbe\x61\xba\xb2\xa5\xae\x04\x4c\xbc\xa8\xac\x69\x15\x97\xbd\xef\xeb\xb4\x8c\xbf\x35\xf8\xd4\xc3\xd1\x28\x0e\x5c\x3a\x9f\x70\x18\x33\x20\x77\xc4\xa2\xaf\x02\x03\x01\x00\x01\xa3\x81\xab\x30\x81\xa8\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\xc6\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x53\x32\xd1\xb3\xcf\x7f\xfa\xe0\xf1\xa0\x5d\x85\x4e\x92\xd2\x9e\x45\x1d\xb4\x4f\x30\x3d\x06\x03\x55\x1d\x1f\x04\x36\x30\x34\x30\x32\xa0\x30\xa0\x2e\x86\x2c\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x2f\x55\x54\x4e\x2d\x44\x41\x54\x41\x43\x6f\x72\x70\x53\x47\x43\x2e\x63\x72\x6c\x30\x2a\x06\x03\x55\x1d\x25\x04\x23\x30\x21\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x0a\x03\x03\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x04\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x27\x35\x97\x00\x8a\x8b\x28\xbd\xc6\x33\x30\x1e\x29\xfc\xe2\xf7\xd5\x98\xd4\x40\xbb\x60\xca\xbf\xab\x17\x2c\x09\x36\x7f\x50\xfa\x41\xdc\xae\x96\x3a\x0a\x23\x3e\x89\x59\xc9\xa3\x07\xed\x1b\x37\xad\xfc\x7c\xbe\x51\x49\x5a\xde\x3a\x0a\x54\x08\x16\x45\xc2\x99\xb1\x87\xcd\x8c\x68\xe0\x69\x03\xe9\xc4\x4e\x98\xb2\x3b\x8c\x16\xb3\x0e\xa0\x0c\x98\x50\x9b\x93\xa9\x70\x09\xc8\x2c\xa3\x8f\xdf\x02\xe4\xe0\x71\x3a\xf1\xb4\x23\x72\xa0\xaa\x01\xdf\xdf\x98\x3e\x14\x50\xa0\x31\x26\xbd\x28\xe9\x5a\x30\x26\x75\xf9\x7b\x60\x1c\x8d\xf3\xcd\x50\x26\x6d\x04\x27\x9a\xdf\xd5\x0d\x45\x47\x29\x6b\x2c\xe6\x76\xd9\xa9\x29\x7d\x32\xdd\xc9\x36\x3c\xbd\xae\x35\xf1\x11\x9e\x1d\xbb\x90\x3f\x12\x47\x4e\x8e\xd7\x7e\x0f\x62\x73\x1d\x52\x26\x38\x1c\x18\x49\xfd\x30\x74\x9a\xc4\xe5\x22\x2f\xd8\xc0\x8d\xed\x91\x7a\x4c\x00\x8f\x72\x7f\x5d\xda\xdd\x1b\x8b\x45\x6b\xe7\xdd\x69\x97\xa8\xc5\x56\x4c\x0f\x0c\xf6\x9f\x7a\x91\x37\xf6\x97\x82\xe0\xdd\x71\x69\xff\x76\x3f\x60\x4d\x3c\xcf\xf7\x99\xf9\xc6\x57\xf4\xc9\x55\x39\x78\xba\x2c\x79\xc9\xa6\x88\x2b\xf4\x08", + ["UTN USERFirst Hardware Root CA"] = "\x30\x82\x04\x74\x30\x82\x03\x5c\xa0\x03\x02\x01\x02\x02\x10\x44\xbe\x0c\x8b\x50\x00\x24\xb4\x11\xd3\x36\x2a\xfe\x65\x0a\xfd\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x97\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0e\x53\x61\x6c\x74\x20\x4c\x61\x6b\x65\x20\x43\x69\x74\x79\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x21\x30\x1f\x06\x03\x55\x04\x0b\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x55\x54\x4e\x2d\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2d\x48\x61\x72\x64\x77\x61\x72\x65\x30\x1e\x17\x0d\x39\x39\x30\x37\x30\x39\x31\x38\x31\x30\x34\x32\x5a\x17\x0d\x31\x39\x30\x37\x30\x39\x31\x38\x31\x39\x32\x32\x5a\x30\x81\x97\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0e\x53\x61\x6c\x74\x20\x4c\x61\x6b\x65\x20\x43\x69\x74\x79\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x21\x30\x1f\x06\x03\x55\x04\x0b\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x55\x54\x4e\x2d\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2d\x48\x61\x72\x64\x77\x61\x72\x65\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb1\xf7\xc3\x38\x3f\xb4\xa8\x7f\xcf\x39\x82\x51\x67\xd0\x6d\x9f\xd2\xff\x58\xf3\xe7\x9f\x2b\xec\x0d\x89\x54\x99\xb9\x38\x99\x16\xf7\xe0\x21\x79\x48\xc2\xbb\x61\x74\x12\x96\x1d\x3c\x6a\x72\xd5\x3c\x10\x67\x3a\x39\xed\x2b\x13\xcd\x66\xeb\x95\x09\x33\xa4\x6c\x97\xb1\xe8\xc6\xec\xc1\x75\x79\x9c\x46\x5e\x8d\xab\xd0\x6a\xfd\xb9\x2a\x55\x17\x10\x54\xb3\x19\xf0\x9a\xf6\xf1\xb1\x5d\xb6\xa7\x6d\xfb\xe0\x71\x17\x6b\xa2\x88\xfb\x00\xdf\xfe\x1a\x31\x77\x0c\x9a\x01\x7a\xb1\x32\xe3\x2b\x01\x07\x38\x6e\xc3\xa5\x5e\x23\xbc\x45\x9b\x7b\x50\xc1\xc9\x30\x8f\xdb\xe5\x2b\x7a\xd3\x5b\xfb\x33\x40\x1e\xa0\xd5\x98\x17\xbc\x8b\x87\xc3\x89\xd3\x5d\xa0\x8e\xb2\xaa\xaa\xf6\x8e\x69\x88\x06\xc5\xfa\x89\x21\xf3\x08\x9d\x69\x2e\x09\x33\x9b\x29\x0d\x46\x0f\x8c\xcc\x49\x34\xb0\x69\x51\xbd\xf9\x06\xcd\x68\xad\x66\x4c\xbc\x3e\xac\x61\xbd\x0a\x88\x0e\xc8\xdf\x3d\xee\x7c\x04\x4c\x9d\x0a\x5e\x6b\x91\xd6\xee\xc7\xed\x28\x8d\xab\x4d\x87\x89\x73\xd0\x6e\xa4\xd0\x1e\x16\x8b\x14\xe1\x76\x44\x03\x7f\x63\xac\xe4\xcd\x49\x9c\xc5\x92\xf4\xab\x32\xa1\x48\x5b\x02\x03\x01\x00\x01\xa3\x81\xb9\x30\x81\xb6\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\xc6\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xa1\x72\x5f\x26\x1b\x28\x98\x43\x95\x5d\x07\x37\xd5\x85\x96\x9d\x4b\xd2\xc3\x45\x30\x44\x06\x03\x55\x1d\x1f\x04\x3d\x30\x3b\x30\x39\xa0\x37\xa0\x35\x86\x33\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x2f\x55\x54\x4e\x2d\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2d\x48\x61\x72\x64\x77\x61\x72\x65\x2e\x63\x72\x6c\x30\x31\x06\x03\x55\x1d\x25\x04\x2a\x30\x28\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x05\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x06\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x07\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x47\x19\x0f\xde\x74\xc6\x99\x97\xaf\xfc\xad\x28\x5e\x75\x8e\xeb\x2d\x67\xee\x4e\x7b\x2b\xd7\x0c\xff\xf6\xde\xcb\x55\xa2\x0a\xe1\x4c\x54\x65\x93\x60\x6b\x9f\x12\x9c\xad\x5e\x83\x2c\xeb\x5a\xae\xc0\xe4\x2d\xf4\x00\x63\x1d\xb8\xc0\x6c\xf2\xcf\x49\xbb\x4d\x93\x6f\x06\xa6\x0a\x22\xb2\x49\x62\x08\x4e\xff\xc8\xc8\x14\xb2\x88\x16\x5d\xe7\x01\xe4\x12\x95\xe5\x45\x34\xb3\x8b\x69\xbd\xcf\xb4\x85\x8f\x75\x51\x9e\x7d\x3a\x38\x3a\x14\x48\x12\xc6\xfb\xa7\x3b\x1a\x8d\x0d\x82\x40\x07\xe8\x04\x08\x90\xa1\x89\xcb\x19\x50\xdf\xca\x1c\x01\xbc\x1d\x04\x19\x7b\x10\x76\x97\x3b\xee\x90\x90\xca\xc4\x0e\x1f\x16\x6e\x75\xef\x33\xf8\xd3\x6f\x5b\x1e\x96\xe3\xe0\x74\x77\x74\x7b\x8a\xa2\x6e\x2d\xdd\x76\xd6\x39\x30\x82\xf0\xab\x9c\x52\xf2\x2a\xc7\xaf\x49\x5e\x7e\xc7\x68\xe5\x82\x81\xc8\x6a\x27\xf9\x27\x88\x2a\xd5\x58\x50\x95\x1f\xf0\x3b\x1c\x57\xbb\x7d\x14\x39\x62\x2b\x9a\xc9\x94\x92\x2a\xa3\x22\x0c\xff\x89\x26\x7d\x5f\x23\x2b\x47\xd7\x15\x1d\xa9\x6a\x9e\x51\x0d\x2a\x51\x9e\x81\xf9\xd4\x3b\x5e\x70\x12\x7f\x10\x32\x9c\x1e\xbb\x9d\xf8\x66\xa8", + ["Camerfirma Chambers of Commerce Root"] = "\x30\x82\x04\xbd\x30\x82\x03\xa5\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0b\x13\x1a\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x43\x68\x61\x6d\x62\x65\x72\x73\x20\x6f\x66\x20\x43\x6f\x6d\x6d\x65\x72\x63\x65\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x33\x30\x39\x33\x30\x31\x36\x31\x33\x34\x33\x5a\x17\x0d\x33\x37\x30\x39\x33\x30\x31\x36\x31\x33\x34\x34\x5a\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0b\x13\x1a\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x43\x68\x61\x6d\x62\x65\x72\x73\x20\x6f\x66\x20\x43\x6f\x6d\x6d\x65\x72\x63\x65\x20\x52\x6f\x6f\x74\x30\x82\x01\x20\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0d\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xb7\x36\x55\xe5\xa5\x5d\x18\x30\xe0\xda\x89\x54\x91\xfc\xc8\xc7\x52\xf8\x2f\x50\xd9\xef\xb1\x75\x73\x65\x47\x7d\x1b\x5b\xba\x75\xc5\xfc\xa1\x88\x24\xfa\x2f\xed\xca\x08\x4a\x39\x54\xc4\x51\x7a\xb5\xda\x60\xea\x38\x3c\x81\xb2\xcb\xf1\xbb\xd9\x91\x23\x3f\x48\x01\x70\x75\xa9\x05\x2a\xad\x1f\x71\xf3\xc9\x54\x3d\x1d\x06\x6a\x40\x3e\xb3\x0c\x85\xee\x5c\x1b\x79\xc2\x62\xc4\xb8\x36\x8e\x35\x5d\x01\x0c\x23\x04\x47\x35\xaa\x9b\x60\x4e\xa0\x66\x3d\xcb\x26\x0a\x9c\x40\xa1\xf4\x5d\x98\xbf\x71\xab\xa5\x00\x68\x2a\xed\x83\x7a\x0f\xa2\x14\xb5\xd4\x22\xb3\x80\xb0\x3c\x0c\x5a\x51\x69\x2d\x58\x18\x8f\xed\x99\x9e\xf1\xae\xe2\x95\xe6\xf6\x47\xa8\xd6\x0c\x0f\xb0\x58\x58\xdb\xc3\x66\x37\x9e\x9b\x91\x54\x33\x37\xd2\x94\x1c\x6a\x48\xc9\xc9\xf2\xa5\xda\xa5\x0c\x23\xf7\x23\x0e\x9c\x32\x55\x5e\x71\x9c\x84\x05\x51\x9a\x2d\xfd\xe6\x4e\x2a\x34\x5a\xde\xca\x40\x37\x67\x0c\x54\x21\x55\x77\xda\x0a\x0c\xcc\x97\xae\x80\xdc\x94\x36\x4a\xf4\x3e\xce\x36\x13\x1e\x53\xe4\xac\x4e\x3a\x05\xec\xdb\xae\x72\x9c\x38\x8b\xd0\x39\x3b\x89\x0a\x3e\x77\xfe\x75\x02\x01\x03\xa3\x82\x01\x44\x30\x82\x01\x40\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x0c\x30\x3c\x06\x03\x55\x1d\x1f\x04\x35\x30\x33\x30\x31\xa0\x2f\xa0\x2d\x86\x2b\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x2f\x63\x68\x61\x6d\x62\x65\x72\x73\x72\x6f\x6f\x74\x2e\x63\x72\x6c\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xe3\x94\xf5\xb1\x4d\xe9\xdb\xa1\x29\x5b\x57\x8b\x4d\x76\x06\x76\xe1\xd1\xa2\x8a\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x27\x06\x03\x55\x1d\x11\x04\x20\x30\x1e\x81\x1c\x63\x68\x61\x6d\x62\x65\x72\x73\x72\x6f\x6f\x74\x40\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x30\x27\x06\x03\x55\x1d\x12\x04\x20\x30\x1e\x81\x1c\x63\x68\x61\x6d\x62\x65\x72\x73\x72\x6f\x6f\x74\x40\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x30\x58\x06\x03\x55\x1d\x20\x04\x51\x30\x4f\x30\x4d\x06\x0b\x2b\x06\x01\x04\x01\x81\x87\x2e\x0a\x03\x01\x30\x3e\x30\x3c\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x30\x68\x74\x74\x70\x3a\x2f\x2f\x63\x70\x73\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x2f\x63\x70\x73\x2f\x63\x68\x61\x6d\x62\x65\x72\x73\x72\x6f\x6f\x74\x2e\x68\x74\x6d\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x0c\x41\x97\xc2\x1a\x86\xc0\x22\x7c\x9f\xfb\x90\xf3\x1a\xd1\x03\xb1\xef\x13\xf9\x21\x5f\x04\x9c\xda\xc9\xa5\x8d\x27\x6c\x96\x87\x91\xbe\x41\x90\x01\x72\x93\xe7\x1e\x7d\x5f\xf6\x89\xc6\x5d\xa7\x40\x09\x3d\xac\x49\x45\x45\xdc\x2e\x8d\x30\x68\xb2\x09\xba\xfb\xc3\x2f\xcc\xba\x0b\xdf\x3f\x77\x7b\x46\x7d\x3a\x12\x24\x8e\x96\x8f\x3c\x05\x0a\x6f\xd2\x94\x28\x1d\x6d\x0c\xc0\x2e\x88\x22\xd5\xd8\xcf\x1d\x13\xc7\xf0\x48\xd7\xd7\x05\xa7\xcf\xc7\x47\x9e\x3b\x3c\x34\xc8\x80\x4f\xd4\x14\xbb\xfc\x0d\x50\xf7\xfa\xb3\xec\x42\x5f\xa9\xdd\x6d\xc8\xf4\x75\xcf\x7b\xc1\x72\x26\xb1\x01\x1c\x5c\x2c\xfd\x7a\x4e\xb4\x01\xc5\x05\x57\xb9\xe7\x3c\xaa\x05\xd9\x88\xe9\x07\x46\x41\xce\xef\x41\x81\xae\x58\xdf\x83\xa2\xae\xca\xd7\x77\x1f\xe7\x00\x3c\x9d\x6f\x8e\xe4\x32\x09\x1d\x4d\x78\x34\x78\x34\x3c\x94\x9b\x26\xed\x4f\x71\xc6\x19\x7a\xbd\x20\x22\x48\x5a\xfe\x4b\x7d\x03\xb7\xe7\x58\xbe\xc6\x32\x4e\x74\x1e\x68\xdd\xa8\x68\x5b\xb3\x3e\xee\x62\x7d\xd9\x80\xe8\x0a\x75\x7a\xb7\xee\xb4\x65\x9a\x21\x90\xe0\xaa\xd0\x98\xbc\x38\xb5\x73\x3c\x8b\xf8\xdc", + ["Camerfirma Global Chambersign Root"] = "\x30\x82\x04\xc5\x30\x82\x03\xad\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0b\x13\x1a\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x47\x6c\x6f\x62\x61\x6c\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x33\x30\x39\x33\x30\x31\x36\x31\x34\x31\x38\x5a\x17\x0d\x33\x37\x30\x39\x33\x30\x31\x36\x31\x34\x31\x38\x5a\x30\x7d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0b\x13\x1a\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x47\x6c\x6f\x62\x61\x6c\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x20\x52\x6f\x6f\x74\x30\x82\x01\x20\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0d\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xa2\x70\xa2\xd0\x9f\x42\xae\x5b\x17\xc7\xd8\x7d\xcf\x14\x83\xfc\x4f\xc9\xa1\xb7\x13\xaf\x8a\xd7\x9e\x3e\x04\x0a\x92\x8b\x60\x56\xfa\xb4\x32\x2f\x88\x4d\xa1\x60\x08\xf4\xb7\x09\x4e\xa0\x49\x2f\x49\xd6\xd3\xdf\x9d\x97\x5a\x9f\x94\x04\x70\xec\x3f\x59\xd9\xb7\xcc\x66\x8b\x98\x52\x28\x09\x02\xdf\xc5\x2f\x84\x8d\x7a\x97\x77\xbf\xec\x40\x9d\x25\x72\xab\xb5\x3f\x32\x98\xfb\xb7\xb7\xfc\x72\x84\xe5\x35\x87\xf9\x55\xfa\xa3\x1f\x0e\x6f\x2e\x28\xdd\x69\xa0\xd9\x42\x10\xc6\xf8\xb5\x44\xc2\xd0\x43\x7f\xdb\xbc\xe4\xa2\x3c\x6a\x55\x78\x0a\x77\xa9\xd8\xea\x19\x32\xb7\x2f\xfe\x5c\x3f\x1b\xee\xb1\x98\xec\xca\xad\x7a\x69\x45\xe3\x96\x0f\x55\xf6\xe6\xed\x75\xea\x65\xe8\x32\x56\x93\x46\x89\xa8\x25\x8a\x65\x06\xee\x6b\xbf\x79\x07\xd0\xf1\xb7\xaf\xed\x2c\x4d\x92\xbb\xc0\xa8\x5f\xa7\x67\x7d\x04\xf2\x15\x08\x70\xac\x92\xd6\x7d\x04\xd2\x33\xfb\x4c\xb6\x0b\x0b\xfb\x1a\xc9\xc4\x8d\x03\xa9\x7e\x5c\xf2\x50\xab\x12\xa5\xa1\xcf\x48\x50\xa5\xef\xd2\xc8\x1a\x13\xfa\xb0\x7f\xb1\x82\x1c\x77\x6a\x0f\x5f\xdc\x0b\x95\x8f\xef\x43\x7e\xe6\x45\x09\x25\x02\x01\x03\xa3\x82\x01\x50\x30\x82\x01\x4c\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x0c\x30\x3f\x06\x03\x55\x1d\x1f\x04\x38\x30\x36\x30\x34\xa0\x32\xa0\x30\x86\x2e\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x2f\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x72\x6f\x6f\x74\x2e\x63\x72\x6c\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x43\x9c\x36\x9f\xb0\x9e\x30\x4d\xc6\xce\x5f\xad\x10\xab\xe5\x03\xa5\xfa\xa9\x14\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x2a\x06\x03\x55\x1d\x11\x04\x23\x30\x21\x81\x1f\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x72\x6f\x6f\x74\x40\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x30\x2a\x06\x03\x55\x1d\x12\x04\x23\x30\x21\x81\x1f\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x72\x6f\x6f\x74\x40\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x30\x5b\x06\x03\x55\x1d\x20\x04\x54\x30\x52\x30\x50\x06\x0b\x2b\x06\x01\x04\x01\x81\x87\x2e\x0a\x01\x01\x30\x41\x30\x3f\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x33\x68\x74\x74\x70\x3a\x2f\x2f\x63\x70\x73\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x2f\x63\x70\x73\x2f\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x72\x6f\x6f\x74\x2e\x68\x74\x6d\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3c\x3b\x70\x91\xf9\x04\x54\x27\x91\xe1\xed\xed\xfe\x68\x7f\x61\x5d\xe5\x41\x65\x4f\x32\xf1\x18\x05\x94\x6a\x1c\xde\x1f\x70\xdb\x3e\x7b\x32\x02\x34\xb5\x0c\x6c\xa1\x8a\x7c\xa5\xf4\x8f\xff\xd4\xd8\xad\x17\xd5\x2d\x04\xd1\x3f\x58\x80\xe2\x81\x59\x88\xbe\xc0\xe3\x46\x93\x24\xfe\x90\xbd\x26\xa2\x30\x2d\xe8\x97\x26\x57\x35\x89\x74\x96\x18\xf6\x15\xe2\xaf\x24\x19\x56\x02\x02\xb2\xba\x0f\x14\xea\xc6\x8a\x66\xc1\x86\x45\x55\x8b\xbe\x92\xbe\x9c\xa4\x04\xc7\x49\x3c\x9e\xe8\x29\x7a\x89\xd7\xfe\xaf\xff\x68\xf5\xa5\x17\x90\xbd\xac\x99\xcc\xa5\x86\x57\x09\x67\x46\xdb\xd6\x16\xc2\x46\xf1\xe4\xa9\x50\xf5\x8f\xd1\x92\x15\xd3\x5f\x3e\xc6\x00\x49\x3a\x6e\x58\xb2\xd1\xd1\x27\x0d\x25\xc8\x32\xf8\x20\x11\xcd\x7d\x32\x33\x48\x94\x54\x4c\xdd\xdc\x79\xc4\x30\x9f\xeb\x8e\xb8\x55\xb5\xd7\x88\x5c\xc5\x6a\x24\x3d\xb2\xd3\x05\x03\x51\xc6\x07\xef\xcc\x14\x72\x74\x3d\x6e\x72\xce\x18\x28\x8c\x4a\xa0\x77\xe5\x09\x2b\x45\x44\x47\xac\xb7\x67\x7f\x01\x8a\x05\x5a\x93\xbe\xa1\xc1\xff\xf8\xe7\x0e\x67\xa4\x47\x49\x76\x5d\x75\x90\x1a\xf5\x26\x8f\xf0", + ["NetLock Notary (Class A) Root"] = "\x30\x82\x06\x7d\x30\x82\x05\x65\xa0\x03\x02\x01\x02\x02\x02\x01\x03\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\xaf\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x10\x30\x0e\x06\x03\x55\x04\x08\x13\x07\x48\x75\x6e\x67\x61\x72\x79\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x48\x61\x6c\x6f\x7a\x61\x74\x62\x69\x7a\x74\x6f\x6e\x73\x61\x67\x69\x20\x4b\x66\x74\x2e\x31\x1a\x30\x18\x06\x03\x55\x04\x0b\x13\x11\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x6b\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x6f\x7a\x6a\x65\x67\x79\x7a\x6f\x69\x20\x28\x43\x6c\x61\x73\x73\x20\x41\x29\x20\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x30\x1e\x17\x0d\x39\x39\x30\x32\x32\x34\x32\x33\x31\x34\x34\x37\x5a\x17\x0d\x31\x39\x30\x32\x31\x39\x32\x33\x31\x34\x34\x37\x5a\x30\x81\xaf\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x10\x30\x0e\x06\x03\x55\x04\x08\x13\x07\x48\x75\x6e\x67\x61\x72\x79\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x48\x61\x6c\x6f\x7a\x61\x74\x62\x69\x7a\x74\x6f\x6e\x73\x61\x67\x69\x20\x4b\x66\x74\x2e\x31\x1a\x30\x18\x06\x03\x55\x04\x0b\x13\x11\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x6b\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x6f\x7a\x6a\x65\x67\x79\x7a\x6f\x69\x20\x28\x43\x6c\x61\x73\x73\x20\x41\x29\x20\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbc\x74\x8c\x0f\xbb\x4c\xf4\x37\x1e\xa9\x05\x82\xd8\xe6\xe1\x6c\x70\xea\x78\xb5\x6e\xd1\x38\x44\x0d\xa8\x83\xce\x5d\xd2\xd6\xd5\x81\xc5\xd4\x4b\xe7\x5b\x94\x70\x26\xdb\x3b\x9d\x6a\x4c\x62\xf7\x71\xf3\x64\xd6\x61\x3b\x3d\xeb\x73\xa3\x37\xd9\xcf\xea\x8c\x92\x3b\xcd\xf7\x07\xdc\x66\x74\x97\xf4\x45\x22\xdd\xf4\x5c\xe0\xbf\x6d\xf3\xbe\x65\x33\xe4\x15\x3a\xbf\xdb\x98\x90\x55\x38\xc4\xed\xa6\x55\x63\x0b\xb0\x78\x04\xf4\xe3\x6e\xc1\x3f\x8e\xfc\x51\x78\x1f\x92\x9e\x83\xc2\xfe\xd9\xb0\xa9\xc9\xbc\x5a\x00\xff\xa9\xa8\x98\x74\xfb\xf6\x2c\x3e\x15\x39\x0d\xb6\x04\x55\xa8\x0e\x98\x20\x42\xb3\xb1\x25\xad\x7e\x9a\x6f\x5d\x53\xb1\xab\x0c\xfc\xeb\xe0\xf3\x7a\xb3\xa8\xb3\xff\x46\xf6\x63\xa2\xd8\x3a\x98\x7b\xb6\xac\x85\xff\xb0\x25\x4f\x74\x63\xe7\x13\x07\xa5\x0a\x8f\x05\xf7\xc0\x64\x6f\x7e\xa7\x27\x80\x96\xde\xd4\x2e\x86\x60\xc7\x6b\x2b\x5e\x73\x7b\x17\xe7\x91\x3f\x64\x0c\xd8\x4b\x22\x34\x2b\x9b\x32\xf2\x48\x1f\x9f\xa1\x0a\x84\x7a\xe2\xc2\xad\x97\x3d\x8e\xd5\xc1\xf9\x56\xa3\x50\xe9\xc6\xb4\xfa\x98\xa2\xee\x95\xe6\x2a\x03\x8c\xdf\x02\x03\x01\x00\x01\xa3\x82\x02\x9f\x30\x82\x02\x9b\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x00\x06\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x04\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x82\x02\x60\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x0d\x04\x82\x02\x51\x16\x82\x02\x4d\x46\x49\x47\x59\x45\x4c\x45\x4d\x21\x20\x45\x7a\x65\x6e\x20\x74\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x41\x6c\x74\x61\x6c\x61\x6e\x6f\x73\x20\x53\x7a\x6f\x6c\x67\x61\x6c\x74\x61\x74\x61\x73\x69\x20\x46\x65\x6c\x74\x65\x74\x65\x6c\x65\x69\x62\x65\x6e\x20\x6c\x65\x69\x72\x74\x20\x65\x6c\x6a\x61\x72\x61\x73\x6f\x6b\x20\x61\x6c\x61\x70\x6a\x61\x6e\x20\x6b\x65\x73\x7a\x75\x6c\x74\x2e\x20\x41\x20\x68\x69\x74\x65\x6c\x65\x73\x69\x74\x65\x73\x20\x66\x6f\x6c\x79\x61\x6d\x61\x74\x61\x74\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x74\x65\x72\x6d\x65\x6b\x66\x65\x6c\x65\x6c\x6f\x73\x73\x65\x67\x2d\x62\x69\x7a\x74\x6f\x73\x69\x74\x61\x73\x61\x20\x76\x65\x64\x69\x2e\x20\x41\x20\x64\x69\x67\x69\x74\x61\x6c\x69\x73\x20\x61\x6c\x61\x69\x72\x61\x73\x20\x65\x6c\x66\x6f\x67\x61\x64\x61\x73\x61\x6e\x61\x6b\x20\x66\x65\x6c\x74\x65\x74\x65\x6c\x65\x20\x61\x7a\x20\x65\x6c\x6f\x69\x72\x74\x20\x65\x6c\x6c\x65\x6e\x6f\x72\x7a\x65\x73\x69\x20\x65\x6c\x6a\x61\x72\x61\x73\x20\x6d\x65\x67\x74\x65\x74\x65\x6c\x65\x2e\x20\x41\x7a\x20\x65\x6c\x6a\x61\x72\x61\x73\x20\x6c\x65\x69\x72\x61\x73\x61\x20\x6d\x65\x67\x74\x61\x6c\x61\x6c\x68\x61\x74\x6f\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x20\x68\x6f\x6e\x6c\x61\x70\x6a\x61\x6e\x20\x61\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2f\x64\x6f\x63\x73\x20\x63\x69\x6d\x65\x6e\x20\x76\x61\x67\x79\x20\x6b\x65\x72\x68\x65\x74\x6f\x20\x61\x7a\x20\x65\x6c\x6c\x65\x6e\x6f\x72\x7a\x65\x73\x40\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x20\x65\x2d\x6d\x61\x69\x6c\x20\x63\x69\x6d\x65\x6e\x2e\x20\x49\x4d\x50\x4f\x52\x54\x41\x4e\x54\x21\x20\x54\x68\x65\x20\x69\x73\x73\x75\x61\x6e\x63\x65\x20\x61\x6e\x64\x20\x74\x68\x65\x20\x75\x73\x65\x20\x6f\x66\x20\x74\x68\x69\x73\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x69\x73\x20\x73\x75\x62\x6a\x65\x63\x74\x20\x74\x6f\x20\x74\x68\x65\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x43\x50\x53\x20\x61\x76\x61\x69\x6c\x61\x62\x6c\x65\x20\x61\x74\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2f\x64\x6f\x63\x73\x20\x6f\x72\x20\x62\x79\x20\x65\x2d\x6d\x61\x69\x6c\x20\x61\x74\x20\x63\x70\x73\x40\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x82\x01\x01\x00\x48\x24\x46\xf7\xba\x56\x6f\xfa\xc8\x28\x03\x40\x4e\xe5\x31\x39\x6b\x26\x6b\x53\x7f\xdb\xdf\xdf\xf3\x71\x3d\x26\xc0\x14\x0e\xc6\x67\x7b\x23\xa8\x0c\x73\xdd\x01\xbb\xc6\xca\x6e\x37\x39\x55\xd5\xc7\x8c\x56\x20\x0e\x28\x0a\x0e\xd2\x2a\xa4\xb0\x49\x52\xc6\x38\x07\xfe\xbe\x0a\x09\x8c\xd1\x98\xcf\xca\xda\x14\x31\xa1\x4f\xd2\x39\xfc\x0f\x11\x2c\x43\xc3\xdd\xab\x93\xc7\x55\x3e\x47\x7c\x18\x1a\x00\xdc\xf3\x7b\xd8\xf2\x7f\x52\x6c\x20\xf4\x0b\x5f\x69\x52\xf4\xee\xf8\xb2\x29\x60\xeb\xe3\x49\x31\x21\x0d\xd6\xb5\x10\x41\xe2\x41\x09\x6c\xe2\x1a\x9a\x56\x4b\x77\x02\xf6\xa0\x9b\x9a\x27\x87\xe8\x55\x29\x71\xc2\x90\x9f\x45\x78\x1a\xe1\x15\x64\x3d\xd0\x0e\xd8\xa0\x76\x9f\xae\xc5\xd0\x2e\xea\xd6\x0f\x56\xec\x64\x7f\x5a\x9b\x14\x58\x01\x27\x7e\x13\x50\xc7\x6b\x2a\xe6\x68\x3c\xbf\x5c\xa0\x0a\x1b\xe1\x0e\x7a\xe9\xe2\x80\xc3\xe9\xe9\xf6\xfd\x6c\x11\x9e\xd0\xe5\x28\x27\x2b\x54\x32\x42\x14\x82\x75\xe6\x4a\xf0\x2b\x66\x75\x63\x8c\xa2\xfb\x04\x3e\x83\x0e\x9b\x36\xf0\x18\xe4\x26\x20\xc3\x8c\xf0\x28\x07\xad\x3c\x17\x66\x88\xb5\xfd\xb6\x88", + ["NetLock Business (Class B) Root"] = "\x30\x82\x05\x4b\x30\x82\x04\xb4\xa0\x03\x02\x01\x02\x02\x01\x69\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\x99\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x48\x61\x6c\x6f\x7a\x61\x74\x62\x69\x7a\x74\x6f\x6e\x73\x61\x67\x69\x20\x4b\x66\x74\x2e\x31\x1a\x30\x18\x06\x03\x55\x04\x0b\x13\x11\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x6b\x31\x32\x30\x30\x06\x03\x55\x04\x03\x13\x29\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x55\x7a\x6c\x65\x74\x69\x20\x28\x43\x6c\x61\x73\x73\x20\x42\x29\x20\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x30\x1e\x17\x0d\x39\x39\x30\x32\x32\x35\x31\x34\x31\x30\x32\x32\x5a\x17\x0d\x31\x39\x30\x32\x32\x30\x31\x34\x31\x30\x32\x32\x5a\x30\x81\x99\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x48\x61\x6c\x6f\x7a\x61\x74\x62\x69\x7a\x74\x6f\x6e\x73\x61\x67\x69\x20\x4b\x66\x74\x2e\x31\x1a\x30\x18\x06\x03\x55\x04\x0b\x13\x11\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x6b\x31\x32\x30\x30\x06\x03\x55\x04\x03\x13\x29\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x55\x7a\x6c\x65\x74\x69\x20\x28\x43\x6c\x61\x73\x73\x20\x42\x29\x20\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xb1\xea\x04\xec\x20\xa0\x23\xc2\x8f\x38\x60\xcf\xc7\x46\xb3\xd5\x1b\xfe\xfb\xb9\x99\x9e\x04\xdc\x1c\x7f\x8c\x4a\x81\x98\xee\xa4\xd4\xca\x8a\x17\xb9\x22\x7f\x83\x0a\x75\x4c\x9b\xc0\x69\xd8\x64\x39\xa3\xed\x92\xa3\xfd\x5b\x5c\x74\x1a\xc0\x47\xca\x3a\x69\x76\x9a\xba\xe2\x44\x17\xfc\x4c\xa3\xd5\xfe\xb8\x97\x88\xaf\x88\x03\x89\x1f\xa4\xf2\x04\x3e\xc8\x07\x0b\xe6\xf9\xb3\x2f\x7a\x62\x14\x09\x46\x14\xca\x64\xf5\x8b\x80\xb5\x62\xa8\xd8\x6b\xd6\x71\x93\x2d\xb3\xbf\x09\x54\x58\xed\x06\xeb\xa8\x7b\xdc\x43\xb1\xa1\x69\x02\x03\x01\x00\x01\xa3\x82\x02\x9f\x30\x82\x02\x9b\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x04\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x00\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x82\x02\x60\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x0d\x04\x82\x02\x51\x16\x82\x02\x4d\x46\x49\x47\x59\x45\x4c\x45\x4d\x21\x20\x45\x7a\x65\x6e\x20\x74\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x41\x6c\x74\x61\x6c\x61\x6e\x6f\x73\x20\x53\x7a\x6f\x6c\x67\x61\x6c\x74\x61\x74\x61\x73\x69\x20\x46\x65\x6c\x74\x65\x74\x65\x6c\x65\x69\x62\x65\x6e\x20\x6c\x65\x69\x72\x74\x20\x65\x6c\x6a\x61\x72\x61\x73\x6f\x6b\x20\x61\x6c\x61\x70\x6a\x61\x6e\x20\x6b\x65\x73\x7a\x75\x6c\x74\x2e\x20\x41\x20\x68\x69\x74\x65\x6c\x65\x73\x69\x74\x65\x73\x20\x66\x6f\x6c\x79\x61\x6d\x61\x74\x61\x74\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x74\x65\x72\x6d\x65\x6b\x66\x65\x6c\x65\x6c\x6f\x73\x73\x65\x67\x2d\x62\x69\x7a\x74\x6f\x73\x69\x74\x61\x73\x61\x20\x76\x65\x64\x69\x2e\x20\x41\x20\x64\x69\x67\x69\x74\x61\x6c\x69\x73\x20\x61\x6c\x61\x69\x72\x61\x73\x20\x65\x6c\x66\x6f\x67\x61\x64\x61\x73\x61\x6e\x61\x6b\x20\x66\x65\x6c\x74\x65\x74\x65\x6c\x65\x20\x61\x7a\x20\x65\x6c\x6f\x69\x72\x74\x20\x65\x6c\x6c\x65\x6e\x6f\x72\x7a\x65\x73\x69\x20\x65\x6c\x6a\x61\x72\x61\x73\x20\x6d\x65\x67\x74\x65\x74\x65\x6c\x65\x2e\x20\x41\x7a\x20\x65\x6c\x6a\x61\x72\x61\x73\x20\x6c\x65\x69\x72\x61\x73\x61\x20\x6d\x65\x67\x74\x61\x6c\x61\x6c\x68\x61\x74\x6f\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x20\x68\x6f\x6e\x6c\x61\x70\x6a\x61\x6e\x20\x61\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2f\x64\x6f\x63\x73\x20\x63\x69\x6d\x65\x6e\x20\x76\x61\x67\x79\x20\x6b\x65\x72\x68\x65\x74\x6f\x20\x61\x7a\x20\x65\x6c\x6c\x65\x6e\x6f\x72\x7a\x65\x73\x40\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x20\x65\x2d\x6d\x61\x69\x6c\x20\x63\x69\x6d\x65\x6e\x2e\x20\x49\x4d\x50\x4f\x52\x54\x41\x4e\x54\x21\x20\x54\x68\x65\x20\x69\x73\x73\x75\x61\x6e\x63\x65\x20\x61\x6e\x64\x20\x74\x68\x65\x20\x75\x73\x65\x20\x6f\x66\x20\x74\x68\x69\x73\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x69\x73\x20\x73\x75\x62\x6a\x65\x63\x74\x20\x74\x6f\x20\x74\x68\x65\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x43\x50\x53\x20\x61\x76\x61\x69\x6c\x61\x62\x6c\x65\x20\x61\x74\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2f\x64\x6f\x63\x73\x20\x6f\x72\x20\x62\x79\x20\x65\x2d\x6d\x61\x69\x6c\x20\x61\x74\x20\x63\x70\x73\x40\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x04\xdb\xae\x8c\x17\xaf\xf8\x0e\x90\x31\x4e\xcd\x3e\x09\xc0\x6d\x3a\xb0\xf8\x33\x4c\x47\x4c\xe3\x75\x88\x10\x97\xac\xb0\x38\x15\x91\xc6\x29\x96\xcc\x21\xc0\x6d\x3c\xa5\x74\xcf\xd8\x82\xa5\x39\xc3\x65\xe3\x42\x70\xbb\x22\x90\xe3\x7d\xdb\x35\x76\xe1\xa0\xb5\xda\x9f\x70\x6e\x93\x1a\x30\x39\x1d\x30\xdb\x2e\xe3\x7c\xb2\x91\xb2\xd1\x37\x29\xfa\xb9\xd6\x17\x5c\x47\x4f\xe3\x1d\x38\xeb\x9f\xd5\x7b\x95\xa8\x28\x9e\x15\x4a\xd1\xd1\xd0\x2b\x00\x97\xa0\xe2\x92\x36\x2b\x63\xac\x58\x01\x6b\x33\x29\x50\x86\x83\xf1\x01\x48", + ["NetLock Express (Class C) Root"] = "\x30\x82\x05\x4f\x30\x82\x04\xb8\xa0\x03\x02\x01\x02\x02\x01\x68\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\x9b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x48\x61\x6c\x6f\x7a\x61\x74\x62\x69\x7a\x74\x6f\x6e\x73\x61\x67\x69\x20\x4b\x66\x74\x2e\x31\x1a\x30\x18\x06\x03\x55\x04\x0b\x13\x11\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x6b\x31\x34\x30\x32\x06\x03\x55\x04\x03\x13\x2b\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x45\x78\x70\x72\x65\x73\x73\x7a\x20\x28\x43\x6c\x61\x73\x73\x20\x43\x29\x20\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x30\x1e\x17\x0d\x39\x39\x30\x32\x32\x35\x31\x34\x30\x38\x31\x31\x5a\x17\x0d\x31\x39\x30\x32\x32\x30\x31\x34\x30\x38\x31\x31\x5a\x30\x81\x9b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x48\x61\x6c\x6f\x7a\x61\x74\x62\x69\x7a\x74\x6f\x6e\x73\x61\x67\x69\x20\x4b\x66\x74\x2e\x31\x1a\x30\x18\x06\x03\x55\x04\x0b\x13\x11\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x6b\x31\x34\x30\x32\x06\x03\x55\x04\x03\x13\x2b\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x45\x78\x70\x72\x65\x73\x73\x7a\x20\x28\x43\x6c\x61\x73\x73\x20\x43\x29\x20\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xeb\xec\xb0\x6c\x61\x8a\x23\x25\xaf\x60\x20\xe3\xd9\x9f\xfc\x93\x0b\xdb\x5d\x8d\xb0\xa1\xb3\x40\x3a\x82\xce\xfd\x75\xe0\x78\x32\x03\x86\x5a\x86\x95\x91\xed\x53\xfa\x9d\x40\xfc\xe6\xe8\xdd\xd9\x5b\x7a\x03\xbd\x5d\xf3\x3b\x0c\xc3\x51\x79\x9b\xad\x55\xa0\xe9\xd0\x03\x10\xaf\x0a\xba\x14\x42\xd9\x52\x26\x11\x22\xc7\xd2\x20\xcc\x82\xa4\x9a\xa9\xfe\xb8\x81\x76\x9d\x6a\xb7\xd2\x36\x75\x3e\xb1\x86\x09\xf6\x6e\x6d\x7e\x4e\xb7\x7a\xec\xae\x71\x84\xf6\x04\x33\x08\x25\x32\xeb\x74\xac\x16\x44\xc6\xe4\x40\x93\x1d\x7f\xad\x02\x03\x01\x00\x01\xa3\x82\x02\x9f\x30\x82\x02\x9b\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x04\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x00\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x82\x02\x60\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x0d\x04\x82\x02\x51\x16\x82\x02\x4d\x46\x49\x47\x59\x45\x4c\x45\x4d\x21\x20\x45\x7a\x65\x6e\x20\x74\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x41\x6c\x74\x61\x6c\x61\x6e\x6f\x73\x20\x53\x7a\x6f\x6c\x67\x61\x6c\x74\x61\x74\x61\x73\x69\x20\x46\x65\x6c\x74\x65\x74\x65\x6c\x65\x69\x62\x65\x6e\x20\x6c\x65\x69\x72\x74\x20\x65\x6c\x6a\x61\x72\x61\x73\x6f\x6b\x20\x61\x6c\x61\x70\x6a\x61\x6e\x20\x6b\x65\x73\x7a\x75\x6c\x74\x2e\x20\x41\x20\x68\x69\x74\x65\x6c\x65\x73\x69\x74\x65\x73\x20\x66\x6f\x6c\x79\x61\x6d\x61\x74\x61\x74\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x74\x65\x72\x6d\x65\x6b\x66\x65\x6c\x65\x6c\x6f\x73\x73\x65\x67\x2d\x62\x69\x7a\x74\x6f\x73\x69\x74\x61\x73\x61\x20\x76\x65\x64\x69\x2e\x20\x41\x20\x64\x69\x67\x69\x74\x61\x6c\x69\x73\x20\x61\x6c\x61\x69\x72\x61\x73\x20\x65\x6c\x66\x6f\x67\x61\x64\x61\x73\x61\x6e\x61\x6b\x20\x66\x65\x6c\x74\x65\x74\x65\x6c\x65\x20\x61\x7a\x20\x65\x6c\x6f\x69\x72\x74\x20\x65\x6c\x6c\x65\x6e\x6f\x72\x7a\x65\x73\x69\x20\x65\x6c\x6a\x61\x72\x61\x73\x20\x6d\x65\x67\x74\x65\x74\x65\x6c\x65\x2e\x20\x41\x7a\x20\x65\x6c\x6a\x61\x72\x61\x73\x20\x6c\x65\x69\x72\x61\x73\x61\x20\x6d\x65\x67\x74\x61\x6c\x61\x6c\x68\x61\x74\x6f\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x20\x68\x6f\x6e\x6c\x61\x70\x6a\x61\x6e\x20\x61\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2f\x64\x6f\x63\x73\x20\x63\x69\x6d\x65\x6e\x20\x76\x61\x67\x79\x20\x6b\x65\x72\x68\x65\x74\x6f\x20\x61\x7a\x20\x65\x6c\x6c\x65\x6e\x6f\x72\x7a\x65\x73\x40\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x20\x65\x2d\x6d\x61\x69\x6c\x20\x63\x69\x6d\x65\x6e\x2e\x20\x49\x4d\x50\x4f\x52\x54\x41\x4e\x54\x21\x20\x54\x68\x65\x20\x69\x73\x73\x75\x61\x6e\x63\x65\x20\x61\x6e\x64\x20\x74\x68\x65\x20\x75\x73\x65\x20\x6f\x66\x20\x74\x68\x69\x73\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x69\x73\x20\x73\x75\x62\x6a\x65\x63\x74\x20\x74\x6f\x20\x74\x68\x65\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x43\x50\x53\x20\x61\x76\x61\x69\x6c\x61\x62\x6c\x65\x20\x61\x74\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2f\x64\x6f\x63\x73\x20\x6f\x72\x20\x62\x79\x20\x65\x2d\x6d\x61\x69\x6c\x20\x61\x74\x20\x63\x70\x73\x40\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x10\xad\x7f\xd7\x0c\x32\x80\x0a\xd8\x86\xf1\x79\x98\xb5\xad\xd4\xcd\xb3\x36\xc4\x96\x48\xc1\x5c\xcd\x9a\xd9\x05\x2e\x9f\xbe\x50\xeb\xf4\x26\x14\x10\x2d\xd4\x66\x17\xf8\x9e\xc1\x27\xfd\xf1\xed\xe4\x7b\x4b\xa0\x6c\xb5\xab\x9a\x57\x70\xa6\xed\xa0\xa4\xed\x2e\xf5\xfd\xfc\xbd\xfe\x4d\x37\x08\x0c\xbc\xe3\x96\x83\x22\xf5\x49\x1b\x7f\x4b\x2b\xb4\x54\xc1\x80\x7c\x99\x4e\x1d\xd0\x8c\xee\xd0\xac\xe5\x92\xfa\x75\x56\xfe\x64\xa0\x13\x8f\xb8\xb8\x16\x9d\x61\x05\x67\x80\xc8\xd0\xd8\xa5\x07\x02\x34\x98\x04\x8d\x33\x04\xd4", + ["XRamp Global CA Root"] = "\x30\x82\x04\x30\x30\x82\x03\x18\xa0\x03\x02\x01\x02\x02\x10\x50\x94\x6c\xec\x18\xea\xd5\x9c\x4d\xd5\x97\xef\x75\x8f\xa0\xad\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1e\x30\x1c\x06\x03\x55\x04\x0b\x13\x15\x77\x77\x77\x2e\x78\x72\x61\x6d\x70\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x63\x6f\x6d\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x58\x52\x61\x6d\x70\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x49\x6e\x63\x31\x2d\x30\x2b\x06\x03\x55\x04\x03\x13\x24\x58\x52\x61\x6d\x70\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x34\x31\x31\x30\x31\x31\x37\x31\x34\x30\x34\x5a\x17\x0d\x33\x35\x30\x31\x30\x31\x30\x35\x33\x37\x31\x39\x5a\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1e\x30\x1c\x06\x03\x55\x04\x0b\x13\x15\x77\x77\x77\x2e\x78\x72\x61\x6d\x70\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x63\x6f\x6d\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x58\x52\x61\x6d\x70\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x49\x6e\x63\x31\x2d\x30\x2b\x06\x03\x55\x04\x03\x13\x24\x58\x52\x61\x6d\x70\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x98\x24\x1e\xbd\x15\xb4\xba\xdf\xc7\x8c\xa5\x27\xb6\x38\x0b\x69\xf3\xb6\x4e\xa8\x2c\x2e\x21\x1d\x5c\x44\xdf\x21\x5d\x7e\x23\x74\xfe\x5e\x7e\xb4\x4a\xb7\xa6\xad\x1f\xae\xe0\x06\x16\xe2\x9b\x5b\xd9\x67\x74\x6b\x5d\x80\x8f\x29\x9d\x86\x1b\xd9\x9c\x0d\x98\x6d\x76\x10\x28\x58\xe4\x65\xb0\x7f\x4a\x98\x79\x9f\xe0\xc3\x31\x7e\x80\x2b\xb5\x8c\xc0\x40\x3b\x11\x86\xd0\xcb\xa2\x86\x36\x60\xa4\xd5\x30\x82\x6d\xd9\x6e\xd0\x0f\x12\x04\x33\x97\x5f\x4f\x61\x5a\xf0\xe4\xf9\x91\xab\xe7\x1d\x3b\xbc\xe8\xcf\xf4\x6b\x2d\x34\x7c\xe2\x48\x61\x1c\x8e\xf3\x61\x44\xcc\x6f\xa0\x4a\xa9\x94\xb0\x4d\xda\xe7\xa9\x34\x7a\x72\x38\xa8\x41\xcc\x3c\x94\x11\x7d\xeb\xc8\xa6\x8c\xb7\x86\xcb\xca\x33\x3b\xd9\x3d\x37\x8b\xfb\x7a\x3e\x86\x2c\xe7\x73\xd7\x0a\x57\xac\x64\x9b\x19\xeb\xf4\x0f\x04\x08\x8a\xac\x03\x17\x19\x64\xf4\x5a\x25\x22\x8d\x34\x2c\xb2\xf6\x68\x1d\x12\x6d\xd3\x8a\x1e\x14\xda\xc4\x8f\xa6\xe2\x23\x85\xd5\x7a\x0d\xbd\x6a\xe0\xe9\xec\xec\x17\xbb\x42\x1b\x67\xaa\x25\xed\x45\x83\x21\xfc\xc1\xc9\x7c\xd5\x62\x3e\xfa\xf2\xc5\x2d\xd3\xfd\xd4\x65\x02\x03\x01\x00\x01\xa3\x81\x9f\x30\x81\x9c\x30\x13\x06\x09\x2b\x06\x01\x04\x01\x82\x37\x14\x02\x04\x06\x1e\x04\x00\x43\x00\x41\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x86\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xc6\x4f\xa2\x3d\x06\x63\x84\x09\x9c\xce\x62\xe4\x04\xac\x8d\x5c\xb5\xe9\xb6\x1b\x30\x36\x06\x03\x55\x1d\x1f\x04\x2f\x30\x2d\x30\x2b\xa0\x29\xa0\x27\x86\x25\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x78\x72\x61\x6d\x70\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x63\x6f\x6d\x2f\x58\x47\x43\x41\x2e\x63\x72\x6c\x30\x10\x06\x09\x2b\x06\x01\x04\x01\x82\x37\x15\x01\x04\x03\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x91\x15\x39\x03\x01\x1b\x67\xfb\x4a\x1c\xf9\x0a\x60\x5b\xa1\xda\x4d\x97\x62\xf9\x24\x53\x27\xd7\x82\x64\x4e\x90\x2e\xc3\x49\x1b\x2b\x9a\xdc\xfc\xa8\x78\x67\x35\xf1\x1d\xf0\x11\xbd\xb7\x48\xe3\x10\xf6\x0d\xdf\x3f\xd2\xc9\xb6\xaa\x55\xa4\x48\xba\x02\xdb\xde\x59\x2e\x15\x5b\x3b\x9d\x16\x7d\x47\xd7\x37\xea\x5f\x4d\x76\x12\x36\xbb\x1f\xd7\xa1\x81\x04\x46\x20\xa3\x2c\x6d\xa9\x9e\x01\x7e\x3f\x29\xce\x00\x93\xdf\xfd\xc9\x92\x73\x89\x89\x64\x9e\xe7\x2b\xe4\x1c\x91\x2c\xd2\xb9\xce\x7d\xce\x6f\x31\x99\xd3\xe6\xbe\xd2\x1e\x90\xf0\x09\x14\x79\x5c\x23\xab\x4d\xd2\xda\x21\x1f\x4d\x99\x79\x9d\xe1\xcf\x27\x9f\x10\x9b\x1c\x88\x0d\xb0\x8a\x64\x41\x31\xb8\x0e\x6c\x90\x24\xa4\x9b\x5c\x71\x8f\xba\xbb\x7e\x1c\x1b\xdb\x6a\x80\x0f\x21\xbc\xe9\xdb\xa6\xb7\x40\xf4\xb2\x8b\xa9\xb1\xe4\xef\x9a\x1a\xd0\x3d\x69\x99\xee\xa8\x28\xa3\xe1\x3c\xb3\xf0\xb2\x11\x9c\xcf\x7c\x40\xe6\xdd\xe7\x43\x7d\xa2\xd8\x3a\xb5\xa9\x8d\xf2\x34\x99\xc4\xd4\x10\xe1\x06\xfd\x09\x84\x10\x3b\xee\xc4\x4c\xf4\xec\x27\x7c\x42\xc2\x74\x7c\x82\x8a\x09\xc9\xb4\x03\x25\xbc", + ["Go Daddy Class 2 CA"] = "\x30\x82\x04\x00\x30\x82\x02\xe8\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x63\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1f\x06\x03\x55\x04\x0a\x13\x18\x54\x68\x65\x20\x47\x6f\x20\x44\x61\x64\x64\x79\x20\x47\x72\x6f\x75\x70\x2c\x20\x49\x6e\x63\x2e\x31\x31\x30\x2f\x06\x03\x55\x04\x0b\x13\x28\x47\x6f\x20\x44\x61\x64\x64\x79\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x34\x30\x36\x32\x39\x31\x37\x30\x36\x32\x30\x5a\x17\x0d\x33\x34\x30\x36\x32\x39\x31\x37\x30\x36\x32\x30\x5a\x30\x63\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1f\x06\x03\x55\x04\x0a\x13\x18\x54\x68\x65\x20\x47\x6f\x20\x44\x61\x64\x64\x79\x20\x47\x72\x6f\x75\x70\x2c\x20\x49\x6e\x63\x2e\x31\x31\x30\x2f\x06\x03\x55\x04\x0b\x13\x28\x47\x6f\x20\x44\x61\x64\x64\x79\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x20\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0d\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xde\x9d\xd7\xea\x57\x18\x49\xa1\x5b\xeb\xd7\x5f\x48\x86\xea\xbe\xdd\xff\xe4\xef\x67\x1c\xf4\x65\x68\xb3\x57\x71\xa0\x5e\x77\xbb\xed\x9b\x49\xe9\x70\x80\x3d\x56\x18\x63\x08\x6f\xda\xf2\xcc\xd0\x3f\x7f\x02\x54\x22\x54\x10\xd8\xb2\x81\xd4\xc0\x75\x3d\x4b\x7f\xc7\x77\xc3\x3e\x78\xab\x1a\x03\xb5\x20\x6b\x2f\x6a\x2b\xb1\xc5\x88\x7e\xc4\xbb\x1e\xb0\xc1\xd8\x45\x27\x6f\xaa\x37\x58\xf7\x87\x26\xd7\xd8\x2d\xf6\xa9\x17\xb7\x1f\x72\x36\x4e\xa6\x17\x3f\x65\x98\x92\xdb\x2a\x6e\x5d\xa2\xfe\x88\xe0\x0b\xde\x7f\xe5\x8d\x15\xe1\xeb\xcb\x3a\xd5\xe2\x12\xa2\x13\x2d\xd8\x8e\xaf\x5f\x12\x3d\xa0\x08\x05\x08\xb6\x5c\xa5\x65\x38\x04\x45\x99\x1e\xa3\x60\x60\x74\xc5\x41\xa5\x72\x62\x1b\x62\xc5\x1f\x6f\x5f\x1a\x42\xbe\x02\x51\x65\xa8\xae\x23\x18\x6a\xfc\x78\x03\xa9\x4d\x7f\x80\xc3\xfa\xab\x5a\xfc\xa1\x40\xa4\xca\x19\x16\xfe\xb2\xc8\xef\x5e\x73\x0d\xee\x77\xbd\x9a\xf6\x79\x98\xbc\xb1\x07\x67\xa2\x15\x0d\xdd\xa0\x58\xc6\x44\x7b\x0a\x3e\x62\x28\x5f\xba\x41\x07\x53\x58\xcf\x11\x7e\x38\x74\xc5\xf8\xff\xb5\x69\x90\x8f\x84\x74\xea\x97\x1b\xaf\x02\x01\x03\xa3\x81\xc0\x30\x81\xbd\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xd2\xc4\xb0\xd2\x91\xd4\x4c\x11\x71\xb3\x61\xcb\x3d\xa1\xfe\xdd\xa8\x6a\xd4\xe3\x30\x81\x8d\x06\x03\x55\x1d\x23\x04\x81\x85\x30\x81\x82\x80\x14\xd2\xc4\xb0\xd2\x91\xd4\x4c\x11\x71\xb3\x61\xcb\x3d\xa1\xfe\xdd\xa8\x6a\xd4\xe3\xa1\x67\xa4\x65\x30\x63\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1f\x06\x03\x55\x04\x0a\x13\x18\x54\x68\x65\x20\x47\x6f\x20\x44\x61\x64\x64\x79\x20\x47\x72\x6f\x75\x70\x2c\x20\x49\x6e\x63\x2e\x31\x31\x30\x2f\x06\x03\x55\x04\x0b\x13\x28\x47\x6f\x20\x44\x61\x64\x64\x79\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x82\x01\x00\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x32\x4b\xf3\xb2\xca\x3e\x91\xfc\x12\xc6\xa1\x07\x8c\x8e\x77\xa0\x33\x06\x14\x5c\x90\x1e\x18\xf7\x08\xa6\x3d\x0a\x19\xf9\x87\x80\x11\x6e\x69\xe4\x96\x17\x30\xff\x34\x91\x63\x72\x38\xee\xcc\x1c\x01\xa3\x1d\x94\x28\xa4\x31\xf6\x7a\xc4\x54\xd7\xf6\xe5\x31\x58\x03\xa2\xcc\xce\x62\xdb\x94\x45\x73\xb5\xbf\x45\xc9\x24\xb5\xd5\x82\x02\xad\x23\x79\x69\x8d\xb8\xb6\x4d\xce\xcf\x4c\xca\x33\x23\xe8\x1c\x88\xaa\x9d\x8b\x41\x6e\x16\xc9\x20\xe5\x89\x9e\xcd\x3b\xda\x70\xf7\x7e\x99\x26\x20\x14\x54\x25\xab\x6e\x73\x85\xe6\x9b\x21\x9d\x0a\x6c\x82\x0e\xa8\xf8\xc2\x0c\xfa\x10\x1e\x6c\x96\xef\x87\x0d\xc4\x0f\x61\x8b\xad\xee\x83\x2b\x95\xf8\x8e\x92\x84\x72\x39\xeb\x20\xea\x83\xed\x83\xcd\x97\x6e\x08\xbc\xeb\x4e\x26\xb6\x73\x2b\xe4\xd3\xf6\x4c\xfe\x26\x71\xe2\x61\x11\x74\x4a\xff\x57\x1a\x87\x0f\x75\x48\x2e\xcf\x51\x69\x17\xa0\x02\x12\x61\x95\xd5\xd1\x40\xb2\x10\x4c\xee\xc4\xac\x10\x43\xa6\xa5\x9e\x0a\xd5\x95\x62\x9a\x0d\xcf\x88\x82\xc5\x32\x0c\xe4\x2b\x9f\x45\xe6\x0d\x9f\x28\x9c\xb1\xb9\x2a\x5a\x57\xad\x37\x0f\xaf\x1d\x7f\xdb\xbd\x9f", + ["Starfield Class 2 CA"] = "\x30\x82\x04\x0f\x30\x82\x02\xf7\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x68\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x25\x30\x23\x06\x03\x55\x04\x0a\x13\x1c\x53\x74\x61\x72\x66\x69\x65\x6c\x64\x20\x54\x65\x63\x68\x6e\x6f\x6c\x6f\x67\x69\x65\x73\x2c\x20\x49\x6e\x63\x2e\x31\x32\x30\x30\x06\x03\x55\x04\x0b\x13\x29\x53\x74\x61\x72\x66\x69\x65\x6c\x64\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x34\x30\x36\x32\x39\x31\x37\x33\x39\x31\x36\x5a\x17\x0d\x33\x34\x30\x36\x32\x39\x31\x37\x33\x39\x31\x36\x5a\x30\x68\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x25\x30\x23\x06\x03\x55\x04\x0a\x13\x1c\x53\x74\x61\x72\x66\x69\x65\x6c\x64\x20\x54\x65\x63\x68\x6e\x6f\x6c\x6f\x67\x69\x65\x73\x2c\x20\x49\x6e\x63\x2e\x31\x32\x30\x30\x06\x03\x55\x04\x0b\x13\x29\x53\x74\x61\x72\x66\x69\x65\x6c\x64\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x20\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0d\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xb7\x32\xc8\xfe\xe9\x71\xa6\x04\x85\xad\x0c\x11\x64\xdf\xce\x4d\xef\xc8\x03\x18\x87\x3f\xa1\xab\xfb\x3c\xa6\x9f\xf0\xc3\xa1\xda\xd4\xd8\x6e\x2b\x53\x90\xfb\x24\xa4\x3e\x84\xf0\x9e\xe8\x5f\xec\xe5\x27\x44\xf5\x28\xa6\x3f\x7b\xde\xe0\x2a\xf0\xc8\xaf\x53\x2f\x9e\xca\x05\x01\x93\x1e\x8f\x66\x1c\x39\xa7\x4d\xfa\x5a\xb6\x73\x04\x25\x66\xeb\x77\x7f\xe7\x59\xc6\x4a\x99\x25\x14\x54\xeb\x26\xc7\xf3\x7f\x19\xd5\x30\x70\x8f\xaf\xb0\x46\x2a\xff\xad\xeb\x29\xed\xd7\x9f\xaa\x04\x87\xa3\xd4\xf9\x89\xa5\x34\x5f\xdb\x43\x91\x82\x36\xd9\x66\x3c\xb1\xb8\xb9\x82\xfd\x9c\x3a\x3e\x10\xc8\x3b\xef\x06\x65\x66\x7a\x9b\x19\x18\x3d\xff\x71\x51\x3c\x30\x2e\x5f\xbe\x3d\x77\x73\xb2\x5d\x06\x6c\xc3\x23\x56\x9a\x2b\x85\x26\x92\x1c\xa7\x02\xb3\xe4\x3f\x0d\xaf\x08\x79\x82\xb8\x36\x3d\xea\x9c\xd3\x35\xb3\xbc\x69\xca\xf5\xcc\x9d\xe8\xfd\x64\x8d\x17\x80\x33\x6e\x5e\x4a\x5d\x99\xc9\x1e\x87\xb4\x9d\x1a\xc0\xd5\x6e\x13\x35\x23\x5e\xdf\x9b\x5f\x3d\xef\xd6\xf7\x76\xc2\xea\x3e\xbb\x78\x0d\x1c\x42\x67\x6b\x04\xd8\xf8\xd6\xda\x6f\x8b\xf2\x44\xa0\x01\xab\x02\x01\x03\xa3\x81\xc5\x30\x81\xc2\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xbf\x5f\xb7\xd1\xce\xdd\x1f\x86\xf4\x5b\x55\xac\xdc\xd7\x10\xc2\x0e\xa9\x88\xe7\x30\x81\x92\x06\x03\x55\x1d\x23\x04\x81\x8a\x30\x81\x87\x80\x14\xbf\x5f\xb7\xd1\xce\xdd\x1f\x86\xf4\x5b\x55\xac\xdc\xd7\x10\xc2\x0e\xa9\x88\xe7\xa1\x6c\xa4\x6a\x30\x68\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x25\x30\x23\x06\x03\x55\x04\x0a\x13\x1c\x53\x74\x61\x72\x66\x69\x65\x6c\x64\x20\x54\x65\x63\x68\x6e\x6f\x6c\x6f\x67\x69\x65\x73\x2c\x20\x49\x6e\x63\x2e\x31\x32\x30\x30\x06\x03\x55\x04\x0b\x13\x29\x53\x74\x61\x72\x66\x69\x65\x6c\x64\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x82\x01\x00\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x05\x9d\x3f\x88\x9d\xd1\xc9\x1a\x55\xa1\xac\x69\xf3\xf3\x59\xda\x9b\x01\x87\x1a\x4f\x57\xa9\xa1\x79\x09\x2a\xdb\xf7\x2f\xb2\x1e\xcc\xc7\x5e\x6a\xd8\x83\x87\xa1\x97\xef\x49\x35\x3e\x77\x06\x41\x58\x62\xbf\x8e\x58\xb8\x0a\x67\x3f\xec\xb3\xdd\x21\x66\x1f\xc9\x54\xfa\x72\xcc\x3d\x4c\x40\xd8\x81\xaf\x77\x9e\x83\x7a\xbb\xa2\xc7\xf5\x34\x17\x8e\xd9\x11\x40\xf4\xfc\x2c\x2a\x4d\x15\x7f\xa7\x62\x5d\x2e\x25\xd3\x00\x0b\x20\x1a\x1d\x68\xf9\x17\xb8\xf4\xbd\x8b\xed\x28\x59\xdd\x4d\x16\x8b\x17\x83\xc8\xb2\x65\xc7\x2d\x7a\xa5\xaa\xbc\x53\x86\x6d\xdd\x57\xa4\xca\xf8\x20\x41\x0b\x68\xf0\xf4\xfb\x74\xbe\x56\x5d\x7a\x79\xf5\xf9\x1d\x85\xe3\x2d\x95\xbe\xf5\x71\x90\x43\xcc\x8d\x1f\x9a\x00\x0a\x87\x29\xe9\x55\x22\x58\x00\x23\xea\xe3\x12\x43\x29\x5b\x47\x08\xdd\x8c\x41\x6a\x65\x06\xa8\xe5\x21\xaa\x41\xb4\x95\x21\x95\xb9\x7d\xd1\x34\xab\x13\xd6\xad\xbc\xdc\xe2\x3d\x39\xcd\xbd\x3e\x75\x70\xa1\x18\x59\x03\xc9\x22\xb4\x8f\x9c\xd5\x5e\x2a\xd7\xa5\xb6\xd4\x0a\x6d\xf8\xb7\x40\x11\x46\x9a\x1f\x79\x0e\x62\xbf\x0f\x97\xec\xe0\x2f\x1f\x17\x94", + ["StartCom Certification Authority"] = "\x30\x82\x07\xc9\x30\x82\x05\xb1\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4c\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x53\x74\x61\x72\x74\x43\x6f\x6d\x20\x4c\x74\x64\x2e\x31\x2b\x30\x29\x06\x03\x55\x04\x0b\x13\x22\x53\x65\x63\x75\x72\x65\x20\x44\x69\x67\x69\x74\x61\x6c\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x69\x67\x6e\x69\x6e\x67\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x53\x74\x61\x72\x74\x43\x6f\x6d\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x36\x30\x39\x31\x37\x31\x39\x34\x36\x33\x36\x5a\x17\x0d\x33\x36\x30\x39\x31\x37\x31\x39\x34\x36\x33\x36\x5a\x30\x7d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4c\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x53\x74\x61\x72\x74\x43\x6f\x6d\x20\x4c\x74\x64\x2e\x31\x2b\x30\x29\x06\x03\x55\x04\x0b\x13\x22\x53\x65\x63\x75\x72\x65\x20\x44\x69\x67\x69\x74\x61\x6c\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x69\x67\x6e\x69\x6e\x67\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x53\x74\x61\x72\x74\x43\x6f\x6d\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xc1\x88\xdb\x09\xbc\x6c\x46\x7c\x78\x9f\x95\x7b\xb5\x33\x90\xf2\x72\x62\xd6\xc1\x36\x20\x22\x24\x5e\xce\xe9\x77\xf2\x43\x0a\xa2\x06\x64\xa4\xcc\x8e\x36\xf8\x38\xe6\x23\xf0\x6e\x6d\xb1\x3c\xdd\x72\xa3\x85\x1c\xa1\xd3\x3d\xb4\x33\x2b\xd3\x2f\xaf\xfe\xea\xb0\x41\x59\x67\xb6\xc4\x06\x7d\x0a\x9e\x74\x85\xd6\x79\x4c\x80\x37\x7a\xdf\x39\x05\x52\x59\xf7\xf4\x1b\x46\x43\xa4\xd2\x85\x85\xd2\xc3\x71\xf3\x75\x62\x34\xba\x2c\x8a\x7f\x1e\x8f\xee\xed\x34\xd0\x11\xc7\x96\xcd\x52\x3d\xba\x33\xd6\xdd\x4d\xde\x0b\x3b\x4a\x4b\x9f\xc2\x26\x2f\xfa\xb5\x16\x1c\x72\x35\x77\xca\x3c\x5d\xe6\xca\xe1\x26\x8b\x1a\x36\x76\x5c\x01\xdb\x74\x14\x25\xfe\xed\xb5\xa0\x88\x0f\xdd\x78\xca\x2d\x1f\x07\x97\x30\x01\x2d\x72\x79\xfa\x46\xd6\x13\x2a\xa8\xb9\xa6\xab\x83\x49\x1d\xe5\xf2\xef\xdd\xe4\x01\x8e\x18\x0a\x8f\x63\x53\x16\x85\x62\xa9\x0e\x19\x3a\xcc\xb5\x66\xa6\xc2\x6b\x74\x07\xe4\x2b\xe1\x76\x3e\xb4\x6d\xd8\xf6\x44\xe1\x73\x62\x1f\x3b\xc4\xbe\xa0\x53\x56\x25\x6c\x51\x09\xf7\xaa\xab\xca\xbf\x76\xfd\x6d\x9b\xf3\x9d\xdb\xbf\x3d\x66\xbc\x0c\x56\xaa\xaf\x98\x48\x95\x3a\x4b\xdf\xa7\x58\x50\xd9\x38\x75\xa9\x5b\xea\x43\x0c\x02\xff\x99\xeb\xe8\x6c\x4d\x70\x5b\x29\x65\x9c\xdd\xaa\x5d\xcc\xaf\x01\x31\xec\x0c\xeb\xd2\x8d\xe8\xea\x9c\x7b\xe6\x6e\xf7\x27\x66\x0c\x1a\x48\xd7\x6e\x42\xe3\x3f\xde\x21\x3e\x7b\xe1\x0d\x70\xfb\x63\xaa\xa8\x6c\x1a\x54\xb4\x5c\x25\x7a\xc9\xa2\xc9\x8b\x16\xa6\xbb\x2c\x7e\x17\x5e\x05\x4d\x58\x6e\x12\x1d\x01\xee\x12\x10\x0d\xc6\x32\x7f\x18\xff\xfc\xf4\xfa\xcd\x6e\x91\xe8\x36\x49\xbe\x1a\x48\x69\x8b\xc2\x96\x4d\x1a\x12\xb2\x69\x17\xc1\x0a\x90\xd6\xfa\x79\x22\x48\xbf\xba\x7b\x69\xf8\x70\xc7\xfa\x7a\x37\xd8\xd8\x0d\xd2\x76\x4f\x57\xff\x90\xb7\xe3\x91\xd2\xdd\xef\xc2\x60\xb7\x67\x3a\xdd\xfe\xaa\x9c\xf0\xd4\x8b\x7f\x72\x22\xce\xc6\x9f\x97\xb6\xf8\xaf\x8a\xa0\x10\xa8\xd9\xfb\x18\xc6\xb6\xb5\x5c\x52\x3c\x89\xb6\x19\x2a\x73\x01\x0a\x0f\x03\xb3\x12\x60\xf2\x7a\x2f\x81\xdb\xa3\x6e\xff\x26\x30\x97\xf5\x8b\xdd\x89\x57\xb6\xad\x3d\xb3\xaf\x2b\xc5\xb7\x76\x02\xf0\xa5\xd6\x2b\x9a\x86\x14\x2a\x72\xf6\xe3\x33\x8c\x5d\x09\x4b\x13\xdf\xbb\x8c\x74\x13\x52\x4b\x02\x03\x01\x00\x01\xa3\x82\x02\x52\x30\x82\x02\x4e\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\xae\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x4e\x0b\xef\x1a\xa4\x40\x5b\xa5\x17\x69\x87\x30\xca\x34\x68\x43\xd0\x41\xae\xf2\x30\x64\x06\x03\x55\x1d\x1f\x04\x5d\x30\x5b\x30\x2c\xa0\x2a\xa0\x28\x86\x26\x68\x74\x74\x70\x3a\x2f\x2f\x63\x65\x72\x74\x2e\x73\x74\x61\x72\x74\x63\x6f\x6d\x2e\x6f\x72\x67\x2f\x73\x66\x73\x63\x61\x2d\x63\x72\x6c\x2e\x63\x72\x6c\x30\x2b\xa0\x29\xa0\x27\x86\x25\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x73\x74\x61\x72\x74\x63\x6f\x6d\x2e\x6f\x72\x67\x2f\x73\x66\x73\x63\x61\x2d\x63\x72\x6c\x2e\x63\x72\x6c\x30\x82\x01\x5d\x06\x03\x55\x1d\x20\x04\x82\x01\x54\x30\x82\x01\x50\x30\x82\x01\x4c\x06\x0b\x2b\x06\x01\x04\x01\x81\xb5\x37\x01\x01\x01\x30\x82\x01\x3b\x30\x2f\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3a\x2f\x2f\x63\x65\x72\x74\x2e\x73\x74\x61\x72\x74\x63\x6f\x6d\x2e\x6f\x72\x67\x2f\x70\x6f\x6c\x69\x63\x79\x2e\x70\x64\x66\x30\x35\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x29\x68\x74\x74\x70\x3a\x2f\x2f\x63\x65\x72\x74\x2e\x73\x74\x61\x72\x74\x63\x6f\x6d\x2e\x6f\x72\x67\x2f\x69\x6e\x74\x65\x72\x6d\x65\x64\x69\x61\x74\x65\x2e\x70\x64\x66\x30\x81\xd0\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x81\xc3\x30\x27\x16\x20\x53\x74\x61\x72\x74\x20\x43\x6f\x6d\x6d\x65\x72\x63\x69\x61\x6c\x20\x28\x53\x74\x61\x72\x74\x43\x6f\x6d\x29\x20\x4c\x74\x64\x2e\x30\x03\x02\x01\x01\x1a\x81\x97\x4c\x69\x6d\x69\x74\x65\x64\x20\x4c\x69\x61\x62\x69\x6c\x69\x74\x79\x2c\x20\x72\x65\x61\x64\x20\x74\x68\x65\x20\x73\x65\x63\x74\x69\x6f\x6e\x20\x2a\x4c\x65\x67\x61\x6c\x20\x4c\x69\x6d\x69\x74\x61\x74\x69\x6f\x6e\x73\x2a\x20\x6f\x66\x20\x74\x68\x65\x20\x53\x74\x61\x72\x74\x43\x6f\x6d\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x50\x6f\x6c\x69\x63\x79\x20\x61\x76\x61\x69\x6c\x61\x62\x6c\x65\x20\x61\x74\x20\x68\x74\x74\x70\x3a\x2f\x2f\x63\x65\x72\x74\x2e\x73\x74\x61\x72\x74\x63\x6f\x6d\x2e\x6f\x72\x67\x2f\x70\x6f\x6c\x69\x63\x79\x2e\x70\x64\x66\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x38\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x0d\x04\x2b\x16\x29\x53\x74\x61\x72\x74\x43\x6f\x6d\x20\x46\x72\x65\x65\x20\x53\x53\x4c\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x16\x6c\x99\xf4\x66\x0c\x34\xf5\xd0\x85\x5e\x7d\x0a\xec\xda\x10\x4e\x38\x1c\x5e\xdf\xa6\x25\x05\x4b\x91\x32\xc1\xe8\x3b\xf1\x3d\xdd\x44\x09\x5b\x07\x49\x8a\x29\xcb\x66\x02\xb7\xb1\x9a\xf7\x25\x98\x09\x3c\x8e\x1b\xe1\xdd\x36\x87\x2b\x4b\xbb\x68\xd3\x39\x66\x3d\xa0\x26\xc7\xf2\x39\x91\x1d\x51\xab\x82\x7b\x7e\xd5\xce\x5a\xe4\xe2\x03\x57\x70\x69\x97\x08\xf9\x5e\x58\xa6\x0a\xdf\x8c\x06\x9a\x45\x16\x16\x38\x0a\x5e\x57\xf6\x62\xc7\x7a\x02\x05\xe6\xbc\x1e\xb5\xf2\x9e\xf4\xa9\x29\x83\xf8\xb2\x14\xe3\x6e\x28\x87\x44\xc3\x90\x1a\xde\x38\xa9\x3c\xac\x43\x4d\x64\x45\xce\xdd\x28\xa9\x5c\xf2\x73\x7b\x04\xf8\x17\xe8\xab\xb1\xf3\x2e\x5c\x64\x6e\x73\x31\x3a\x12\xb8\xbc\xb3\x11\xe4\x7d\x8f\x81\x51\x9a\x3b\x8d\x89\xf4\x4d\x93\x66\x7b\x3c\x03\xed\xd3\x9a\x1d\x9a\xf3\x65\x50\xf5\xa0\xd0\x75\x9f\x2f\xaf\xf0\xea\x82\x43\x98\xf8\x69\x9c\x89\x79\xc4\x43\x8e\x46\x72\xe3\x64\x36\x12\xaf\xf7\x25\x1e\x38\x89\x90\x77\x7e\xc3\x6b\x6a\xb9\xc3\xcb\x44\x4b\xac\x78\x90\x8b\xe7\xc7\x2c\x1e\x4b\x11\x44\xc8\x34\x52\x27\xcd\x0a\x5d\x9f\x85\xc1\x89\xd5\x1a\x78\xf2\x95\x10\x53\x32\xdd\x80\x84\x66\x75\xd9\xb5\x68\x28\xfb\x61\x2e\xbe\x84\xa8\x38\xc0\x99\x12\x86\xa5\x1e\x67\x64\xad\x06\x2e\x2f\xa9\x70\x85\xc7\x96\x0f\x7c\x89\x65\xf5\x8e\x43\x54\x0e\xab\xdd\xa5\x80\x39\x94\x60\xc0\x34\xc9\x96\x70\x2c\xa3\x12\xf5\x1f\x48\x7b\xbd\x1c\x7e\x6b\xb7\x9d\x90\xf4\x22\x3b\xae\xf8\xfc\x2a\xca\xfa\x82\x52\xa0\xef\xaf\x4b\x55\x93\xeb\xc1\xb5\xf0\x22\x8b\xac\x34\x4e\x26\x22\x04\xa1\x87\x2c\x75\x4a\xb7\xe5\x7d\x13\xd7\xb8\x0c\x64\xc0\x36\xd2\xc9\x2f\x86\x12\x8c\x23\x09\xc1\x1b\x82\x3b\x73\x49\xa3\x6a\x57\x87\x94\xe5\xd6\x78\xc5\x99\x43\x63\xe3\x4d\xe0\x77\x2d\xe1\x65\x99\x72\x69\x04\x1a\x47\x09\xe6\x0f\x01\x56\x24\xfb\x1f\xbf\x0e\x79\xa9\x58\x2e\xb9\xc4\x09\x01\x7e\x95\xba\x6d\x00\x06\x3e\xb2\xea\x4a\x10\x39\xd8\xd0\x2b\xf5\xbf\xec\x75\xbf\x97\x02\xc5\x09\x1b\x08\xdc\x55\x37\xe2\x81\xfb\x37\x84\x43\x62\x20\xca\xe7\x56\x4b\x65\xea\xfe\x6c\xc1\x24\x93\x24\xa1\x34\xeb\x05\xff\x9a\x22\xae\x9b\x7d\x3f\xf1\x65\x51\x0a\xa6\x30\x6a\xb3\xf4\x88\x1c\x80\x0d\xfc\x72\x8a\xe8\x83\x5e", + ["Taiwan GRCA"] = "\x30\x82\x05\x72\x30\x82\x03\x5a\xa0\x03\x02\x01\x02\x02\x10\x1f\x9d\x59\x5a\xd7\x2f\xc2\x06\x44\xa5\x80\x08\x69\xe3\x5e\xf6\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x30\x30\x2e\x06\x03\x55\x04\x0a\x0c\x27\x47\x6f\x76\x65\x72\x6e\x6d\x65\x6e\x74\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x32\x31\x32\x30\x35\x31\x33\x32\x33\x33\x33\x5a\x17\x0d\x33\x32\x31\x32\x30\x35\x31\x33\x32\x33\x33\x33\x5a\x30\x3f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x30\x30\x2e\x06\x03\x55\x04\x0a\x0c\x27\x47\x6f\x76\x65\x72\x6e\x6d\x65\x6e\x74\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\x9a\x25\xb8\xec\xcc\xa2\x75\xa8\x7b\xf7\xce\x5b\x59\x8a\xc9\xd1\x86\x12\x08\x54\xec\x9c\xf2\xe7\x46\xf6\x88\xf3\x7c\xe9\xa5\xdf\x4c\x47\x36\xa4\x1b\x01\x1c\x7f\x1e\x57\x8a\x8d\xc3\xc5\xd1\x21\xe3\xda\x24\x3f\x48\x2b\xfb\x9f\x2e\xa1\x94\xe7\x2c\x1c\x93\xd1\xbf\x1b\x01\x87\x53\x99\xce\xa7\xf5\x0a\x21\x76\x77\xff\xa9\xb7\xc6\x73\x94\x4f\x46\xf7\x10\x49\x37\xfa\xa8\x59\x49\x5d\x6a\x81\x07\x56\xf2\x8a\xf9\x06\xd0\xf7\x70\x22\x4d\xb4\xb7\x41\xb9\x32\xb8\xb1\xf0\xb1\xc3\x9c\x3f\x70\xfd\x53\xdd\x81\xaa\xd8\x63\x78\xf6\xd8\x53\x6e\xa1\xac\x6a\x84\x24\x72\x54\x86\xc6\xd2\xb2\xca\x1c\x0e\x79\x81\xd6\xb5\x70\x62\x08\x01\x2e\x4e\x4f\x0e\xd5\x11\xaf\xa9\xaf\xe5\x9a\xbf\xdc\xcc\x87\x6d\x26\xe4\xc9\x57\xa2\xfb\x96\xf9\xcc\xe1\x3f\x53\x8c\x6c\x4c\x7e\x9b\x53\x08\x0b\x6c\x17\xfb\x67\xc8\xc2\xad\xb1\xcd\x80\xb4\x97\xdc\x76\x01\x16\x15\xe9\x6a\xd7\xa4\xe1\x78\x47\xce\x86\xd5\xfb\x31\xf3\xfa\x31\xbe\x34\xaa\x28\xfb\x70\x4c\x1d\x49\xc7\xaf\x2c\x9d\x6d\x66\xa6\xb6\x8d\x64\x7e\xb5\x20\x6a\x9d\x3b\x81\xb6\x8f\x40\x00\x67\x4b\x89\x86\xb8\xcc\x65\xfe\x15\x53\xe9\x04\xc1\xd6\x5f\x1d\x44\xd7\x0a\x2f\x27\x9a\x46\x7d\xa1\x0d\x75\xad\x54\x86\x15\xdc\x49\x3b\xf1\x96\xce\x0f\x9b\xa0\xec\xa3\x7a\x5d\xbe\xd5\x2a\x75\x42\xe5\x7b\xde\xa5\xb6\xaa\xaf\x28\xac\xac\x90\xac\x38\xb7\xd5\x68\x35\x26\x7a\xdc\xf7\x3b\xf3\xfd\x45\x9b\xd1\xbb\x43\x78\x6e\x6f\xf1\x42\x54\x6a\x98\xf0\x0d\xad\x97\xe9\x52\x5e\xe9\xd5\x6a\x72\xde\x6a\xf7\x1b\x60\x14\xf4\xa5\xe4\xb6\x71\x67\xaa\x1f\xea\xe2\x4d\xc1\x42\x40\xfe\x67\x46\x17\x38\x2f\x47\x3f\x71\x9c\xae\xe5\x21\xca\x61\x2d\x6d\x07\xa8\x84\x7c\x2d\xee\x51\x25\xf1\x63\x90\x9e\xfd\xe1\x57\x88\x6b\xef\x8a\x23\x6d\xb1\xe6\xbd\x3f\xad\xd1\x3d\x96\x0b\x85\x8d\xcd\x6b\x27\xbb\xb7\x05\x9b\xec\xbb\x91\xa9\x0a\x07\x12\x02\x97\x4e\x20\x90\xf0\xff\x0d\x1e\xe2\x41\x3b\xd3\x40\x3a\xe7\x8d\x5d\xda\x66\xe4\x02\xb0\x07\x52\x98\x5c\x0e\x8e\x33\x9c\xc2\xa6\x95\xfb\x55\x19\x6e\x4c\x8e\xae\x4b\x0f\xbd\xc1\x38\x4d\x5e\x8f\x84\x1d\x66\xcd\xc5\x60\x96\xb4\x52\x5a\x05\x89\x8e\x95\x7a\x98\xc1\x91\x3c\x95\x23\xb2\x0e\xf4\x79\xb4\xc9\x7c\xc1\x4a\x21\x02\x03\x01\x00\x01\xa3\x6a\x30\x68\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xcc\xcc\xef\xcc\x29\x60\xa4\x3b\xb1\x92\xb6\x3c\xfa\x32\x62\x8f\xac\x25\x15\x3b\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x39\x06\x04\x67\x2a\x07\x00\x04\x31\x30\x2f\x30\x2d\x02\x01\x00\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x30\x07\x06\x05\x67\x2a\x03\x00\x00\x04\x14\x03\x9b\xf0\x22\x13\xff\x95\x28\x36\xd3\xdc\x9e\xc0\x32\xfb\x31\x3a\x8a\x51\x65\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x40\x80\x4a\xfa\x26\xc9\xce\x5e\x30\xdd\x4f\x86\x74\x76\x58\xf5\xae\xb3\x83\x33\x78\xa4\x7a\x74\x17\x19\x4e\xe9\x52\xb5\xb9\xe0\x0a\x74\x62\xaa\x68\xca\x78\xa0\x4c\x9a\x8e\x2c\x23\x2e\xd5\x6a\x12\x24\xbf\xd4\x68\xd3\x8a\xd0\xd8\x9c\x9f\xb4\x1f\x0c\xde\x38\x7e\x57\x38\xfc\x8d\xe2\x4f\x5e\x0c\x9f\xab\x3b\xd2\xff\x75\x97\xcb\xa4\xe3\x67\x08\xff\xe5\xc0\x16\xb5\x48\x01\x7d\xe9\xf9\x0a\xff\x1b\xe5\x6a\x69\xbf\x78\x21\xa8\xc2\xa7\x23\xa9\x86\xab\x76\x56\xe8\x0e\x0c\xf6\x13\xdd\x2a\x66\x8a\x64\x49\x3d\x1a\x18\x87\x90\x04\x9f\x42\x52\xb7\x4f\xcb\xfe\x47\x41\x76\x35\xef\xff\x00\x76\x36\x45\x32\x9b\xc6\x46\x85\x5d\xe2\x24\xb0\x1e\xe3\x48\x96\x98\x57\x47\x94\x55\x7a\x0f\x41\xb1\x44\x24\xf3\xc1\xfe\x1a\x6b\xbf\x88\xfd\xc1\xa6\xda\x93\x60\x5e\x81\x4a\x99\x20\x9c\x48\x66\x19\xb5\x00\x79\x54\x0f\xb8\x2c\x2f\x4b\xbc\xa9\x5d\x5b\x60\x7f\x8c\x87\xa5\xe0\x52\x63\x2a\xbe\xd8\x3b\x85\x40\x15\xfe\x1e\xb6\x65\x3f\xc5\x4b\xda\x7e\xb5\x7a\x35\x29\xa3\x2e\x7a\x98\x60\x22\xa3\xf4\x7d\x27\x4e\x2d\xea\xb4\x74\x3c\xe9\x0f\xa4\x33\x0f\x10\x11\xbc\x13\x01\xd6\xe5\x0e\xd3\xbf\xb5\x12\xa2\xe1\x45\x23\xc0\xcc\x08\x6e\x61\xb7\x89\xab\x83\xe3\x24\x1e\xe6\x5d\x07\xe7\x1f\x20\x3e\xcf\x67\xc8\xe7\xac\x30\x6d\x27\x4b\x68\x6e\x4b\x2a\x5c\x02\x08\x34\xdb\xf8\x76\xe4\x67\xa3\x26\x9c\x3f\xa2\x32\xc2\x4a\xc5\x81\x18\x31\x10\x56\xaa\x84\xef\x2d\x0a\xff\xb8\x1f\x77\xd2\xbf\xa5\x58\xa0\x62\xe4\xd7\x4b\x91\x75\x8d\x89\x80\x98\x7e\x6d\xcb\x53\x4e\x5e\xaf\xf6\xb2\x97\x85\x97\xb9\xda\x55\x06\xb9\x24\xee\xd7\xc6\x38\x1e\x63\x1b\x12\x3b\x95\xe1\x58\xac\xf2\xdf\x84\xd5\x5f\x99\x2f\x0d\x55\x5b\xe6\x38\xdb\x2e\x3f\x72\xe9\x48\x85\xcb\xbb\x29\x13\x8f\x1e\x38\x55\xb9\xf3\xb2\xc4\x30\x99\x23\x4e\x5d\xf2\x48\xa1\x12\x0c\xdc\x12\x90\x09\x90\x54\x91\x03\x3c\x47\xe5\xd5\xc9\x65\xe0\xb7\x4b\x7d\xec\x47\xd3\xb3\x0b\x3e\xad\x9e\xd0\x74\x00\x0e\xeb\xbd\x51\xad\xc0\xde\x2c\xc0\xc3\x6a\xfe\xef\xdc\x0b\xa7\xfa\x46\xdf\x60\xdb\x9c\xa6\x59\x50\x75\x23\x69\x73\x93\xb2\xf9\xfc\x02\xd3\x47\xe6\x71\xce\x10\x02\xee\x27\x8c\x84\xff\xac\x45\x0d\x13\x5c\x83\x32\xe0\x25\xa5\x86\x2c\x7c\xf4\x12", + ["Firmaprofesional Root CA"] = "\x30\x82\x04\x57\x30\x82\x03\x3f\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x9d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x22\x30\x20\x06\x03\x55\x04\x07\x13\x19\x43\x2f\x20\x4d\x75\x6e\x74\x61\x6e\x65\x72\x20\x32\x34\x34\x20\x42\x61\x72\x63\x65\x6c\x6f\x6e\x61\x31\x42\x30\x40\x06\x03\x55\x04\x03\x13\x39\x41\x75\x74\x6f\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6f\x6e\x20\x46\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x20\x43\x49\x46\x20\x41\x36\x32\x36\x33\x34\x30\x36\x38\x31\x26\x30\x24\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x17\x63\x61\x40\x66\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x30\x31\x31\x30\x32\x34\x32\x32\x30\x30\x30\x30\x5a\x17\x0d\x31\x33\x31\x30\x32\x34\x32\x32\x30\x30\x30\x30\x5a\x30\x81\x9d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x22\x30\x20\x06\x03\x55\x04\x07\x13\x19\x43\x2f\x20\x4d\x75\x6e\x74\x61\x6e\x65\x72\x20\x32\x34\x34\x20\x42\x61\x72\x63\x65\x6c\x6f\x6e\x61\x31\x42\x30\x40\x06\x03\x55\x04\x03\x13\x39\x41\x75\x74\x6f\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6f\x6e\x20\x46\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x20\x43\x49\x46\x20\x41\x36\x32\x36\x33\x34\x30\x36\x38\x31\x26\x30\x24\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x17\x63\x61\x40\x66\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x2e\x63\x6f\x6d\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xe7\x23\x03\x6f\x6f\x23\xa5\x5e\x78\xce\x95\x2c\xed\x94\x1e\x6e\x0a\x9e\x01\xc7\xea\x30\xd1\x2c\x9d\xdd\x37\xe8\x9b\x98\x79\x56\xd3\xfc\x73\xdf\xd0\x8a\xde\x55\x8f\x51\xf9\x5a\xea\xde\xb5\x70\xc4\xed\xa4\xed\xff\xa3\x0d\x6e\x0f\x64\x50\x31\xaf\x01\x27\x58\xae\xfe\x6c\xa7\x4a\x2f\x17\x2d\xd3\x73\xd5\x13\x1c\x8f\x59\xa5\x34\x2c\x1d\x54\x04\x45\xcd\x68\xb8\xa0\xc0\x03\xa5\xcf\x85\x42\x47\x95\x28\x5b\xcf\xef\x80\x6c\xe0\x90\x97\x8a\x01\x3c\x1d\xf3\x87\x10\x30\x26\x48\x7d\xd7\xfc\xe9\x9d\x91\x71\xff\x41\x9a\xa9\x40\xb5\x37\x9c\x29\x20\x4f\x1f\x52\xe3\xa0\x7d\x13\x6d\x54\xb7\x0a\xde\xe9\x6a\x4e\x07\xac\xac\x19\x5f\xdc\x7e\x62\x74\xf6\xb2\x05\x00\xba\x85\xa0\xfd\x1d\x38\x6e\xcb\x5a\xbb\x86\xbc\x94\x67\x33\x35\x83\x2c\x1f\x23\xcd\xf8\xc8\x91\x71\xcc\x97\x8b\xef\xae\x0f\xdc\x29\x03\x1b\xc0\x39\xeb\x70\xed\xc1\x6e\x0e\xd8\x67\x0b\x89\xa9\xbc\x35\xe4\xef\xb6\x34\xb4\xa5\xb6\xc4\x2d\xa5\xbe\xd0\xc3\x94\x24\x48\xdb\xdf\x96\xd3\x00\xb5\x66\x1a\x8b\x66\x05\x0f\xdd\x3f\x3f\xcb\x3f\xaa\x5e\x9a\x4a\xf8\xb4\x4a\xef\x95\x37\x1b\x02\x03\x01\x00\x01\xa3\x81\x9f\x30\x81\x9c\x30\x2a\x06\x03\x55\x1d\x11\x04\x23\x30\x21\x86\x1f\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x66\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x2e\x63\x6f\x6d\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x01\x30\x2b\x06\x03\x55\x1d\x10\x04\x24\x30\x22\x80\x0f\x32\x30\x30\x31\x31\x30\x32\x34\x32\x32\x30\x30\x30\x30\x5a\x81\x0f\x32\x30\x31\x33\x31\x30\x32\x34\x32\x32\x30\x30\x30\x30\x5a\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x33\x0b\xa0\x66\xd1\xea\xda\xce\xde\x62\x93\x04\x28\x52\xb5\x14\x7f\x38\x68\xb7\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x47\x73\xfe\x8d\x27\x54\xf0\xf5\xd4\x77\x9c\x27\x79\x57\x57\xb7\x15\x56\xec\xc7\xd8\x58\xb7\x01\x02\xf4\x33\xed\x93\x50\x88\x9e\x7c\x46\xb1\xbd\x3f\x14\x6f\xf1\xb3\x47\x48\x8b\x8c\x97\x06\xd7\xea\x7e\xa3\x5c\x2a\xbb\x4d\x2f\x47\xe2\xf8\x39\x06\xc9\x9c\x2e\x31\x1a\x03\x78\xf4\xbc\x38\xc6\x22\x8b\x33\x31\xf0\x16\x04\x04\x7d\xf9\x76\xe4\x4b\xd7\xc0\xe6\x83\xec\x59\xcc\x3f\xde\xff\x4f\x6b\xb7\x67\x7e\xa6\x86\x81\x32\x23\x03\x9d\xc8\xf7\x5f\xc1\x4a\x60\xa5\x92\xa9\xb1\xa4\xa0\x60\xc3\x78\x87\xb3\x22\xf3\x2a\xeb\x5b\xa9\xed\x05\xab\x37\x0f\xb1\xe2\xd3\x95\x76\x63\x56\x74\x8c\x58\x72\x1b\x37\xe5\x64\xa1\xbe\x4d\x0c\x93\x98\x0c\x97\xf6\x87\x6d\xb3\x3f\xe7\xcb\x80\xa6\xed\x88\xc7\x5f\x50\x62\x02\xe8\x99\x74\x16\xd0\xe6\xb4\x39\xf1\x27\xcb\xc8\x40\xd6\xe3\x86\x10\xa9\x23\x12\x92\xe0\x69\x41\x63\xa7\xaf\x25\x0b\xc0\xc5\x92\xcb\x1e\x98\xa3\x5a\xba\xc5\x33\x0f\xa0\x97\x01\xdd\x7f\xe0\x7b\xd6\x06\x54\xcf\xa1\xe2\x4d\x38\xeb\x4b\x50\xb5\xcb\x26\xf4\xca\xda\x70\x4a\x6a\xa1\xe2\x79\xaa\xe1\xa7\x33\xf6\xfd\x4a\x1f\xf6\xd9\x60", + ["Wells Fargo Root CA"] = "\x30\x82\x03\xe5\x30\x82\x02\xcd\xa0\x03\x02\x01\x02\x02\x04\x39\xe4\x97\x9e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x31\x2c\x30\x2a\x06\x03\x55\x04\x0b\x13\x23\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x2f\x30\x2d\x06\x03\x55\x04\x03\x13\x26\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x30\x31\x30\x31\x31\x31\x36\x34\x31\x32\x38\x5a\x17\x0d\x32\x31\x30\x31\x31\x34\x31\x36\x34\x31\x32\x38\x5a\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x31\x2c\x30\x2a\x06\x03\x55\x04\x0b\x13\x23\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x2f\x30\x2d\x06\x03\x55\x04\x03\x13\x26\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xd5\xa8\x33\x3b\x26\xf9\x34\xff\xcd\x9b\x7e\xe5\x04\x47\xce\x00\xe2\x7d\x77\xe7\x31\xc2\x2e\x27\xa5\x4d\x68\xb9\x31\xba\x8d\x43\x59\x97\xc7\x73\xaa\x7f\x3d\x5c\x40\x9e\x05\xe5\xa1\xe2\x89\xd9\x4c\xb8\x3f\x9b\xf9\x0c\xb4\xc8\x62\x19\x2c\x45\xae\x91\x1e\x73\x71\x41\xc4\x4b\x13\xfd\x70\xc2\x25\xac\x22\xf5\x75\x0b\xb7\x53\xe4\xa5\x2b\xdd\xce\xbd\x1c\x3a\x7a\xc3\xf7\x13\x8f\x26\x54\x9c\x16\x6b\x6b\xaf\xfb\xd8\x96\xb1\x60\x9a\x48\xe0\x25\x22\x24\x79\x34\xce\x0e\x26\x00\x0b\x4e\xab\xfd\x8b\xce\x82\xd7\x2f\x08\x70\x68\xc1\xa8\x0a\xf9\x74\x4f\x07\xab\xa4\xf9\xe2\x83\x7e\x27\x73\x74\x3e\xb8\xf9\x38\x42\xfc\xa5\xa8\x5b\x48\x23\xb3\xeb\xe3\x25\xb2\x80\xae\x96\xd4\x0a\x9c\xc2\x78\x9a\xc6\x68\x18\xae\x37\x62\x37\x5e\x51\x75\xa8\x58\x63\xc0\x51\xee\x40\x78\x7e\xa8\xaf\x1a\xa0\xe1\xb0\x78\x9d\x50\x8c\x7b\xe7\xb3\xfc\x8e\x23\xb0\xdb\x65\x00\x70\x84\x01\x08\x00\x14\x6e\x54\x86\x9a\xba\xcc\xf9\x37\x10\xf6\xe0\xde\x84\x2d\x9d\xa4\x85\x37\xd3\x87\xe3\x15\xd0\xc1\x17\x90\x7e\x19\x21\x6a\x12\xa9\x76\xfd\x12\x02\xe9\x4f\x21\x5e\x17\x02\x03\x01\x00\x01\xa3\x61\x30\x5f\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x4c\x06\x03\x55\x1d\x20\x04\x45\x30\x43\x30\x41\x06\x0b\x60\x86\x48\x01\x86\xfb\x7b\x87\x07\x01\x0b\x30\x32\x30\x30\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x24\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x77\x65\x6c\x6c\x73\x66\x61\x72\x67\x6f\x2e\x63\x6f\x6d\x2f\x63\x65\x72\x74\x70\x6f\x6c\x69\x63\x79\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xd2\x27\xdd\x9c\x0a\x77\x2b\xbb\x22\xf2\x02\xb5\x4a\x4a\x91\xf9\xd1\x2d\xbe\xe4\xbb\x1a\x68\xef\x0e\xa4\x00\xe9\xee\xe7\xef\xee\xf6\xf9\xe5\x74\xa4\xc2\xd8\x52\x58\xc4\x74\xfb\xce\x6b\xb5\x3b\x29\x79\x18\x5a\xef\x9b\xed\x1f\x6b\x36\xee\x48\x25\x25\x14\xb6\x56\xa2\x10\xe8\xee\xa7\x7f\xd0\x3f\xa3\xd0\xc3\x5d\x26\xee\x07\xcc\xc3\xc1\x24\x21\x87\x1e\xdf\x2a\x12\x53\x6f\x41\x16\xe7\xed\xae\x94\xfa\x8c\x72\xfa\x13\x47\xf0\x3c\x7e\xae\x7d\x11\x3a\x13\xec\xed\xfa\x6f\x72\x64\x7b\x9d\x7d\x7f\x26\xfd\x7a\xfb\x25\xad\xea\x3e\x29\x7f\x4c\xe3\x00\x57\x32\xb0\xb3\xe9\xed\x53\x17\xd9\x8b\xb2\x14\x0e\x30\xe8\xe5\xd5\x13\xc6\x64\xaf\xc4\x00\xd5\xd8\x58\x24\xfc\xf5\x8f\xec\xf1\xc7\x7d\xa5\xdb\x0f\x27\xd1\xc6\xf2\x40\x88\xe6\x1f\xf6\x61\xa8\xf4\x42\xc8\xb9\x37\xd3\xa9\xbe\x2c\x56\x78\xc2\x72\x9b\x59\x5d\x35\x40\x8a\xe8\x4e\x63\x1a\xb6\xe9\x20\x6a\x51\xe2\xce\xa4\x90\xdf\x76\x70\x99\x5c\x70\x43\x4d\xb7\xb6\xa7\x19\x64\x4e\x92\xb7\xc5\x91\x3c\x7f\x48\x16\x65\x7b\x16\xfd\xcb\xfc\xfb\xd9\xd5\xd6\x4f\x21\x65\x3b\x4a\x7f\x47\xa3\xfb", + ["Swisscom Root CA 1"] = "\x30\x82\x05\xd9\x30\x82\x03\xc1\xa0\x03\x02\x01\x02\x02\x10\x5c\x0b\x85\x5c\x0b\xe7\x59\x41\xdf\x57\xcc\x3f\x7f\x9d\xa8\x36\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x64\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x63\x68\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x13\x08\x53\x77\x69\x73\x73\x63\x6f\x6d\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x44\x69\x67\x69\x74\x61\x6c\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x53\x77\x69\x73\x73\x63\x6f\x6d\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x31\x30\x1e\x17\x0d\x30\x35\x30\x38\x31\x38\x31\x32\x30\x36\x32\x30\x5a\x17\x0d\x32\x35\x30\x38\x31\x38\x32\x32\x30\x36\x32\x30\x5a\x30\x64\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x63\x68\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x13\x08\x53\x77\x69\x73\x73\x63\x6f\x6d\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x44\x69\x67\x69\x74\x61\x6c\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x53\x77\x69\x73\x73\x63\x6f\x6d\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x31\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xd0\xb9\xb0\xa8\x0c\xd9\xbb\x3f\x21\xf8\x1b\xd5\x33\x93\x80\x16\x65\x20\x75\xb2\x3d\x9b\x60\x6d\x46\xc8\x8c\x31\x6f\x17\xc3\xfa\x9a\x6c\x56\xed\x3c\xc5\x91\x57\xc3\xcd\xab\x96\x49\x90\x2a\x19\x4b\x1e\xa3\x6d\x57\xdd\xf1\x2b\x62\x28\x75\x45\x5e\xaa\xd6\x5b\xfa\x0b\x25\xd8\xa1\x16\xf9\x1c\xc4\x2e\xe6\x95\x2a\x67\xcc\xd0\x29\x6e\x3c\x85\x34\x38\x61\x49\xb1\x00\x9f\xd6\x3a\x71\x5f\x4d\x6d\xce\x5f\xb9\xa9\xe4\x89\x7f\x6a\x52\xfa\xca\x9b\xf2\xdc\xa9\xf9\x9d\x99\x47\x3f\x4e\x29\x5f\xb4\xa6\x8d\x5d\x7b\x0b\x99\x11\x03\x03\xfe\xe7\xdb\xdb\xa3\xff\x1d\xa5\xcd\x90\x1e\x01\x1f\x35\xb0\x7f\x00\xdb\x90\x6f\xc6\x7e\x7b\xd1\xee\x7a\x7a\xa7\xaa\x0c\x57\x6f\xa4\x6d\xc5\x13\x3b\xb0\xa5\xd9\xed\x32\x1c\xb4\x5e\x67\x8b\x54\xdc\x73\x87\xe5\xd3\x17\x7c\x66\x50\x72\x5d\xd4\x1a\x58\xc1\xd9\xcf\xd8\x89\x02\x6f\xa7\x49\xb4\x36\x5d\xd0\xa4\xde\x07\x2c\xb6\x75\xb7\x28\x91\xd6\x97\xbe\x28\xf5\x98\x1e\xea\x5b\x26\xc9\xbd\xb0\x97\x73\xda\xae\x91\x26\xeb\x68\xc1\xf9\x39\x15\xd6\x67\x4b\x0a\x6d\x4f\xcb\xcf\xb0\xe4\x42\x71\x8c\x53\x79\xe7\xee\xe1\xdb\x1d\xa0\x6e\x1d\x8c\x1a\x77\x35\x5c\x16\x1e\x2b\x53\x1f\x34\x8b\xd1\x6c\xfc\xf2\x67\x07\x7a\xf5\xad\xed\xd6\x9a\xab\xa1\xb1\x4b\xe1\xcc\x37\x5f\xfd\x7f\xcd\x4d\xae\xb8\x1f\x9c\x43\xf9\x2a\x58\x55\x43\x45\xbc\x96\xcd\x70\x0e\xfc\xc9\xe3\x66\xba\x4e\x8d\x3b\x81\xcb\x15\x64\x7b\xb9\x94\xe8\x5d\x33\x52\x85\x71\x2e\x4f\x8e\xa2\x06\x11\x51\xc9\xe3\xcb\xa1\x6e\x31\x08\x64\x0c\xc2\xd2\x3c\xf5\x36\xe8\xd7\xd0\x0e\x78\x23\x20\x91\xc9\x24\x2a\x65\x29\x5b\x22\xf7\x21\xce\x83\x5e\xa4\xf3\xde\x4b\xd3\x68\x8f\x46\x75\x5c\x83\x09\x6e\x29\x6b\xc4\x70\x8c\xf5\x9d\xd7\x20\x2f\xff\x46\xd2\x2b\x38\xc2\x2f\x75\x1c\x3d\x7e\xda\xa5\xef\x1e\x60\x85\x69\x42\xd3\xcc\xf8\x63\xfe\x1e\x43\x39\x85\xa6\xb6\x63\x41\x10\xb3\x73\x1e\xbc\xd3\xfa\xca\x7d\x16\x47\xe2\xa7\xd5\xd0\xa3\x8a\x0a\x08\x96\x62\x56\x6e\x34\xdb\xd9\x02\xb9\x30\x75\xe3\x04\xd2\xe7\x8f\xc2\xb0\x11\x40\x0a\xac\xd5\x71\x02\x62\x8b\x31\xbe\xdd\xc6\x23\x58\x31\x42\x43\x2d\x74\xf9\xc6\x9e\xa6\x8a\x0f\xe9\xfe\xbf\x83\xe6\x43\x57\x24\xba\xef\x46\x34\xaa\xd7\x12\x01\x38\xed\x02\x03\x01\x00\x01\xa3\x81\x86\x30\x81\x83\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x1d\x06\x03\x55\x1d\x21\x04\x16\x30\x14\x30\x12\x06\x07\x60\x85\x74\x01\x53\x00\x01\x06\x07\x60\x85\x74\x01\x53\x00\x01\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x07\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x03\x25\x2f\xde\x6f\x82\x01\x3a\x5c\x2c\xdc\x2b\xa1\x69\xb5\x67\xd4\x8c\xd3\xfd\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x03\x25\x2f\xde\x6f\x82\x01\x3a\x5c\x2c\xdc\x2b\xa1\x69\xb5\x67\xd4\x8c\xd3\xfd\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x35\x10\xcb\xec\xa6\x04\x0d\x0d\x0f\xcd\xc0\xdb\xab\xa8\xf2\x88\x97\x0c\xdf\x93\x2f\x4d\x7c\x40\x56\x31\x7a\xeb\xa4\x0f\x60\xcd\x7a\xf3\xbe\xc3\x27\x8e\x03\x3e\xa4\xdd\x12\xef\x7e\x1e\x74\x06\x3c\x3f\x31\xf2\x1c\x7b\x91\x31\x21\xb4\xf0\xd0\x6c\x97\xd4\xe9\x97\xb2\x24\x56\x1e\x56\xc3\x35\xbd\x88\x05\x0f\x5b\x10\x1a\x64\xe1\xc7\x82\x30\xf9\x32\xad\x9e\x50\x2c\xe7\x78\x05\xd0\x31\xb1\x5a\x98\x8a\x75\x4e\x90\x5c\x6a\x14\x2a\xe0\x52\x47\x82\x60\xe6\x1e\xda\x81\xb1\xfb\x14\x0b\x5a\xf1\x9f\xd2\x95\xba\x3e\xd0\x1b\xd6\x15\x1d\xa3\xbe\x86\xd5\xdb\x0f\xc0\x49\x64\xbb\x2e\x50\x19\x4b\xd2\x24\xf8\xdd\x1e\x07\x56\xd0\x38\xa0\x95\x70\x20\x76\x8c\xd7\xdd\x1e\xde\x9f\x71\xc4\x23\xef\x83\x13\x5c\xa3\x24\x15\x4d\x29\x40\x3c\x6a\xc4\xa9\xd8\xb7\xa6\x44\xa5\x0d\xf4\xe0\x9d\x77\x1e\x40\x70\x26\xfc\xda\xd9\x36\xe4\x79\xe4\xb5\x3f\xbc\x9b\x65\xbe\xbb\x11\x96\xcf\xdb\xc6\x28\x39\x3a\x08\xce\x47\x5b\x53\x5a\xc5\x99\xfe\x5d\xa9\xdd\xef\x4c\xd4\xc6\xa5\xad\x02\xe6\x8c\x07\x12\x1e\x6f\x03\xd1\x6f\xa0\xa3\xf3\x29\xbd\x12\xc7\x50\xa2\xb0\x7f\x88\xa9\x99\x77\x9a\xb1\xc0\xa5\x39\x2e\x5c\x7c\x69\xe2\x2c\xb0\xea\x37\x6a\xa4\xe1\x5a\xe1\xf5\x50\xe5\x83\xef\xa5\xbb\x2a\x88\xe7\x8c\xdb\xfd\x6d\x5e\x97\x19\xa8\x7e\x66\x75\x6b\x71\xea\xbf\xb1\xc7\x6f\xa0\xf4\x8e\xa4\xec\x34\x51\x5b\x8c\x26\x03\x70\xa1\x77\xd5\x01\x12\x57\x00\x35\xdb\x23\xde\x0e\x8a\x28\x99\xfd\xb1\x10\x6f\x4b\xff\x38\x2d\x60\x4e\x2c\x9c\xeb\x67\xb5\xad\x49\xee\x4b\x1f\xac\xaf\xfb\x0d\x90\x5a\x66\x60\x70\x5d\xaa\xcd\x78\xd4\x24\xee\xc8\x41\xa0\x93\x01\x92\x9c\x6a\x9e\xfc\xb9\x24\xc5\xb3\x15\x82\x7e\xbe\xae\x95\x2b\xeb\xb1\xc0\xda\xe3\x01\x60\x0b\x5e\x69\xac\x84\x56\x61\xbe\x71\x17\xfe\x1d\x13\x0f\xfe\xc6\x87\x45\xe9\xfe\x32\xa0\x1a\x0d\x13\xa4\x94\x55\x71\xa5\x16\x8b\xba\xca\x89\xb0\xb2\xc7\xfc\x8f\xd8\x54\xb5\x93\x62\x9d\xce\xcf\x59\xfb\x3d\x18\xce\x2a\xcb\x35\x15\x82\x5d\xff\x54\x22\x5b\x71\x52\xfb\xb7\xc9\xfe\x60\x9b\x00\x41\x64\xf0\xaa\x2a\xec\xb6\x42\x43\xce\x89\x66\x81\xc8\x8b\x9f\x39\x54\x03\x25\xd3\x16\x35\x8e\x84\xd0\x5f\xfa\x30\x1a\xf5\x9a\x6c\xf4\x0e\x53\xf9\x3a\x5b\xd1\x1c", + ["DigiCert Assured ID Root CA"] = "\x30\x82\x03\xb7\x30\x82\x02\x9f\xa0\x03\x02\x01\x02\x02\x10\x0c\xe7\xe0\xe5\x17\xd8\x46\xfe\x8f\xe5\x60\xfc\x1b\xf0\x30\x39\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x65\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6e\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x77\x77\x77\x2e\x64\x69\x67\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1b\x44\x69\x67\x69\x43\x65\x72\x74\x20\x41\x73\x73\x75\x72\x65\x64\x20\x49\x44\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x36\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x31\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5a\x30\x65\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6e\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x77\x77\x77\x2e\x64\x69\x67\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1b\x44\x69\x67\x69\x43\x65\x72\x74\x20\x41\x73\x73\x75\x72\x65\x64\x20\x49\x44\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xad\x0e\x15\xce\xe4\x43\x80\x5c\xb1\x87\xf3\xb7\x60\xf9\x71\x12\xa5\xae\xdc\x26\x94\x88\xaa\xf4\xce\xf5\x20\x39\x28\x58\x60\x0c\xf8\x80\xda\xa9\x15\x95\x32\x61\x3c\xb5\xb1\x28\x84\x8a\x8a\xdc\x9f\x0a\x0c\x83\x17\x7a\x8f\x90\xac\x8a\xe7\x79\x53\x5c\x31\x84\x2a\xf6\x0f\x98\x32\x36\x76\xcc\xde\xdd\x3c\xa8\xa2\xef\x6a\xfb\x21\xf2\x52\x61\xdf\x9f\x20\xd7\x1f\xe2\xb1\xd9\xfe\x18\x64\xd2\x12\x5b\x5f\xf9\x58\x18\x35\xbc\x47\xcd\xa1\x36\xf9\x6b\x7f\xd4\xb0\x38\x3e\xc1\x1b\xc3\x8c\x33\xd9\xd8\x2f\x18\xfe\x28\x0f\xb3\xa7\x83\xd6\xc3\x6e\x44\xc0\x61\x35\x96\x16\xfe\x59\x9c\x8b\x76\x6d\xd7\xf1\xa2\x4b\x0d\x2b\xff\x0b\x72\xda\x9e\x60\xd0\x8e\x90\x35\xc6\x78\x55\x87\x20\xa1\xcf\xe5\x6d\x0a\xc8\x49\x7c\x31\x98\x33\x6c\x22\xe9\x87\xd0\x32\x5a\xa2\xba\x13\x82\x11\xed\x39\x17\x9d\x99\x3a\x72\xa1\xe6\xfa\xa4\xd9\xd5\x17\x31\x75\xae\x85\x7d\x22\xae\x3f\x01\x46\x86\xf6\x28\x79\xc8\xb1\xda\xe4\x57\x17\xc4\x7e\x1c\x0e\xb0\xb4\x92\xa6\x56\xb3\xbd\xb2\x97\xed\xaa\xa7\xf0\xb7\xc5\xa8\x3f\x95\x16\xd0\xff\xa1\x96\xeb\x08\x5f\x18\x77\x4f\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x45\xeb\xa2\xaf\xf4\x92\xcb\x82\x31\x2d\x51\x8b\xa7\xa7\x21\x9d\xf3\x6d\xc8\x0f\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x45\xeb\xa2\xaf\xf4\x92\xcb\x82\x31\x2d\x51\x8b\xa7\xa7\x21\x9d\xf3\x6d\xc8\x0f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xa2\x0e\xbc\xdf\xe2\xed\xf0\xe3\x72\x73\x7a\x64\x94\xbf\xf7\x72\x66\xd8\x32\xe4\x42\x75\x62\xae\x87\xeb\xf2\xd5\xd9\xde\x56\xb3\x9f\xcc\xce\x14\x28\xb9\x0d\x97\x60\x5c\x12\x4c\x58\xe4\xd3\x3d\x83\x49\x45\x58\x97\x35\x69\x1a\xa8\x47\xea\x56\xc6\x79\xab\x12\xd8\x67\x81\x84\xdf\x7f\x09\x3c\x94\xe6\xb8\x26\x2c\x20\xbd\x3d\xb3\x28\x89\xf7\x5f\xff\x22\xe2\x97\x84\x1f\xe9\x65\xef\x87\xe0\xdf\xc1\x67\x49\xb3\x5d\xeb\xb2\x09\x2a\xeb\x26\xed\x78\xbe\x7d\x3f\x2b\xf3\xb7\x26\x35\x6d\x5f\x89\x01\xb6\x49\x5b\x9f\x01\x05\x9b\xab\x3d\x25\xc1\xcc\xb6\x7f\xc2\xf1\x6f\x86\xc6\xfa\x64\x68\xeb\x81\x2d\x94\xeb\x42\xb7\xfa\x8c\x1e\xdd\x62\xf1\xbe\x50\x67\xb7\x6c\xbd\xf3\xf1\x1f\x6b\x0c\x36\x07\x16\x7f\x37\x7c\xa9\x5b\x6d\x7a\xf1\x12\x46\x60\x83\xd7\x27\x04\xbe\x4b\xce\x97\xbe\xc3\x67\x2a\x68\x11\xdf\x80\xe7\x0c\x33\x66\xbf\x13\x0d\x14\x6e\xf3\x7f\x1f\x63\x10\x1e\xfa\x8d\x1b\x25\x6d\x6c\x8f\xa5\xb7\x61\x01\xb1\xd2\xa3\x26\xa1\x10\x71\x9d\xad\xe2\xc3\xf9\xc3\x99\x51\xb7\x2b\x07\x08\xce\x2e\xe6\x50\xb2\xa7\xfa\x0a\x45\x2f\xa2\xf0\xf2", + ["DigiCert Global Root CA"] = "\x30\x82\x03\xaf\x30\x82\x02\x97\xa0\x03\x02\x01\x02\x02\x10\x08\x3b\xe0\x56\x90\x42\x46\xb1\xa1\x75\x6a\xc9\x59\x91\xc7\x4a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x61\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6e\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x77\x77\x77\x2e\x64\x69\x67\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x44\x69\x67\x69\x43\x65\x72\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x36\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x31\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5a\x30\x61\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6e\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x77\x77\x77\x2e\x64\x69\x67\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x44\x69\x67\x69\x43\x65\x72\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xe2\x3b\xe1\x11\x72\xde\xa8\xa4\xd3\xa3\x57\xaa\x50\xa2\x8f\x0b\x77\x90\xc9\xa2\xa5\xee\x12\xce\x96\x5b\x01\x09\x20\xcc\x01\x93\xa7\x4e\x30\xb7\x53\xf7\x43\xc4\x69\x00\x57\x9d\xe2\x8d\x22\xdd\x87\x06\x40\x00\x81\x09\xce\xce\x1b\x83\xbf\xdf\xcd\x3b\x71\x46\xe2\xd6\x66\xc7\x05\xb3\x76\x27\x16\x8f\x7b\x9e\x1e\x95\x7d\xee\xb7\x48\xa3\x08\xda\xd6\xaf\x7a\x0c\x39\x06\x65\x7f\x4a\x5d\x1f\xbc\x17\xf8\xab\xbe\xee\x28\xd7\x74\x7f\x7a\x78\x99\x59\x85\x68\x6e\x5c\x23\x32\x4b\xbf\x4e\xc0\xe8\x5a\x6d\xe3\x70\xbf\x77\x10\xbf\xfc\x01\xf6\x85\xd9\xa8\x44\x10\x58\x32\xa9\x75\x18\xd5\xd1\xa2\xbe\x47\xe2\x27\x6a\xf4\x9a\x33\xf8\x49\x08\x60\x8b\xd4\x5f\xb4\x3a\x84\xbf\xa1\xaa\x4a\x4c\x7d\x3e\xcf\x4f\x5f\x6c\x76\x5e\xa0\x4b\x37\x91\x9e\xdc\x22\xe6\x6d\xce\x14\x1a\x8e\x6a\xcb\xfe\xcd\xb3\x14\x64\x17\xc7\x5b\x29\x9e\x32\xbf\xf2\xee\xfa\xd3\x0b\x42\xd4\xab\xb7\x41\x32\xda\x0c\xd4\xef\xf8\x81\xd5\xbb\x8d\x58\x3f\xb5\x1b\xe8\x49\x28\xa2\x70\xda\x31\x04\xdd\xf7\xb2\x16\xf2\x4c\x0a\x4e\x07\xa8\xed\x4a\x3d\x5e\xb5\x7f\xa3\x90\xc3\xaf\x27\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x03\xde\x50\x35\x56\xd1\x4c\xbb\x66\xf0\xa3\xe2\x1b\x1b\xc3\x97\xb2\x3d\xd1\x55\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x03\xde\x50\x35\x56\xd1\x4c\xbb\x66\xf0\xa3\xe2\x1b\x1b\xc3\x97\xb2\x3d\xd1\x55\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xcb\x9c\x37\xaa\x48\x13\x12\x0a\xfa\xdd\x44\x9c\x4f\x52\xb0\xf4\xdf\xae\x04\xf5\x79\x79\x08\xa3\x24\x18\xfc\x4b\x2b\x84\xc0\x2d\xb9\xd5\xc7\xfe\xf4\xc1\x1f\x58\xcb\xb8\x6d\x9c\x7a\x74\xe7\x98\x29\xab\x11\xb5\xe3\x70\xa0\xa1\xcd\x4c\x88\x99\x93\x8c\x91\x70\xe2\xab\x0f\x1c\xbe\x93\xa9\xff\x63\xd5\xe4\x07\x60\xd3\xa3\xbf\x9d\x5b\x09\xf1\xd5\x8e\xe3\x53\xf4\x8e\x63\xfa\x3f\xa7\xdb\xb4\x66\xdf\x62\x66\xd6\xd1\x6e\x41\x8d\xf2\x2d\xb5\xea\x77\x4a\x9f\x9d\x58\xe2\x2b\x59\xc0\x40\x23\xed\x2d\x28\x82\x45\x3e\x79\x54\x92\x26\x98\xe0\x80\x48\xa8\x37\xef\xf0\xd6\x79\x60\x16\xde\xac\xe8\x0e\xcd\x6e\xac\x44\x17\x38\x2f\x49\xda\xe1\x45\x3e\x2a\xb9\x36\x53\xcf\x3a\x50\x06\xf7\x2e\xe8\xc4\x57\x49\x6c\x61\x21\x18\xd5\x04\xad\x78\x3c\x2c\x3a\x80\x6b\xa7\xeb\xaf\x15\x14\xe9\xd8\x89\xc1\xb9\x38\x6c\xe2\x91\x6c\x8a\xff\x64\xb9\x77\x25\x57\x30\xc0\x1b\x24\xa3\xe1\xdc\xe9\xdf\x47\x7c\xb5\xb4\x24\x08\x05\x30\xec\x2d\xbd\x0b\xbf\x45\xbf\x50\xb9\xa9\xf3\xeb\x98\x01\x12\xad\xc8\x88\xc6\x98\x34\x5f\x8d\x0a\x3c\xc6\xe9\xd5\x95\x95\x6d\xde", + ["DigiCert High Assurance EV Root CA"] = "\x30\x82\x03\xc5\x30\x82\x02\xad\xa0\x03\x02\x01\x02\x02\x10\x02\xac\x5c\x26\x6a\x0b\x40\x9b\x8f\x0b\x79\xf2\xae\x46\x25\x77\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x6c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6e\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x77\x77\x77\x2e\x64\x69\x67\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x31\x2b\x30\x29\x06\x03\x55\x04\x03\x13\x22\x44\x69\x67\x69\x43\x65\x72\x74\x20\x48\x69\x67\x68\x20\x41\x73\x73\x75\x72\x61\x6e\x63\x65\x20\x45\x56\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x36\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x31\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5a\x30\x6c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6e\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x77\x77\x77\x2e\x64\x69\x67\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x31\x2b\x30\x29\x06\x03\x55\x04\x03\x13\x22\x44\x69\x67\x69\x43\x65\x72\x74\x20\x48\x69\x67\x68\x20\x41\x73\x73\x75\x72\x61\x6e\x63\x65\x20\x45\x56\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc6\xcc\xe5\x73\xe6\xfb\xd4\xbb\xe5\x2d\x2d\x32\xa6\xdf\xe5\x81\x3f\xc9\xcd\x25\x49\xb6\x71\x2a\xc3\xd5\x94\x34\x67\xa2\x0a\x1c\xb0\x5f\x69\xa6\x40\xb1\xc4\xb7\xb2\x8f\xd0\x98\xa4\xa9\x41\x59\x3a\xd3\xdc\x94\xd6\x3c\xdb\x74\x38\xa4\x4a\xcc\x4d\x25\x82\xf7\x4a\xa5\x53\x12\x38\xee\xf3\x49\x6d\x71\x91\x7e\x63\xb6\xab\xa6\x5f\xc3\xa4\x84\xf8\x4f\x62\x51\xbe\xf8\xc5\xec\xdb\x38\x92\xe3\x06\xe5\x08\x91\x0c\xc4\x28\x41\x55\xfb\xcb\x5a\x89\x15\x7e\x71\xe8\x35\xbf\x4d\x72\x09\x3d\xbe\x3a\x38\x50\x5b\x77\x31\x1b\x8d\xb3\xc7\x24\x45\x9a\xa7\xac\x6d\x00\x14\x5a\x04\xb7\xba\x13\xeb\x51\x0a\x98\x41\x41\x22\x4e\x65\x61\x87\x81\x41\x50\xa6\x79\x5c\x89\xde\x19\x4a\x57\xd5\x2e\xe6\x5d\x1c\x53\x2c\x7e\x98\xcd\x1a\x06\x16\xa4\x68\x73\xd0\x34\x04\x13\x5c\xa1\x71\xd3\x5a\x7c\x55\xdb\x5e\x64\xe1\x37\x87\x30\x56\x04\xe5\x11\xb4\x29\x80\x12\xf1\x79\x39\x88\xa2\x02\x11\x7c\x27\x66\xb7\x88\xb7\x78\xf2\xca\x0a\xa8\x38\xab\x0a\x64\xc2\xbf\x66\x5d\x95\x84\xc1\xa1\x25\x1e\x87\x5d\x1a\x50\x0b\x20\x12\xcc\x41\xbb\x6e\x0b\x51\x38\xb8\x4b\xcb\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xb1\x3e\xc3\x69\x03\xf8\xbf\x47\x01\xd4\x98\x26\x1a\x08\x02\xef\x63\x64\x2b\xc3\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xb1\x3e\xc3\x69\x03\xf8\xbf\x47\x01\xd4\x98\x26\x1a\x08\x02\xef\x63\x64\x2b\xc3\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x1c\x1a\x06\x97\xdc\xd7\x9c\x9f\x3c\x88\x66\x06\x08\x57\x21\xdb\x21\x47\xf8\x2a\x67\xaa\xbf\x18\x32\x76\x40\x10\x57\xc1\x8a\xf3\x7a\xd9\x11\x65\x8e\x35\xfa\x9e\xfc\x45\xb5\x9e\xd9\x4c\x31\x4b\xb8\x91\xe8\x43\x2c\x8e\xb3\x78\xce\xdb\xe3\x53\x79\x71\xd6\xe5\x21\x94\x01\xda\x55\x87\x9a\x24\x64\xf6\x8a\x66\xcc\xde\x9c\x37\xcd\xa8\x34\xb1\x69\x9b\x23\xc8\x9e\x78\x22\x2b\x70\x43\xe3\x55\x47\x31\x61\x19\xef\x58\xc5\x85\x2f\x4e\x30\xf6\xa0\x31\x16\x23\xc8\xe7\xe2\x65\x16\x33\xcb\xbf\x1a\x1b\xa0\x3d\xf8\xca\x5e\x8b\x31\x8b\x60\x08\x89\x2d\x0c\x06\x5c\x52\xb7\xc4\xf9\x0a\x98\xd1\x15\x5f\x9f\x12\xbe\x7c\x36\x63\x38\xbd\x44\xa4\x7f\xe4\x26\x2b\x0a\xc4\x97\x69\x0d\xe9\x8c\xe2\xc0\x10\x57\xb8\xc8\x76\x12\x91\x55\xf2\x48\x69\xd8\xbc\x2a\x02\x5b\x0f\x44\xd4\x20\x31\xdb\xf4\xba\x70\x26\x5d\x90\x60\x9e\xbc\x4b\x17\x09\x2f\xb4\xcb\x1e\x43\x68\xc9\x07\x27\xc1\xd2\x5c\xf7\xea\x21\xb9\x68\x12\x9c\x3c\x9c\xbf\x9e\xfc\x80\x5c\x9b\x63\xcd\xec\x47\xaa\x25\x27\x67\xa0\x37\xf3\x00\x82\x7d\x54\xd7\xa9\xf8\xe9\x2e\x13\xa3\x77\xe8\x1f\x4a", + ["Certplus Class 2 Primary CA"] = "\x30\x82\x03\x92\x30\x82\x02\x7a\xa0\x03\x02\x01\x02\x02\x11\x00\x85\xbd\x4b\xf3\xd8\xda\xe3\x69\xf6\x94\xd7\x5f\xc3\xa5\x44\x23\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x13\x08\x43\x65\x72\x74\x70\x6c\x75\x73\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x43\x6c\x61\x73\x73\x20\x32\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x41\x30\x1e\x17\x0d\x39\x39\x30\x37\x30\x37\x31\x37\x30\x35\x30\x30\x5a\x17\x0d\x31\x39\x30\x37\x30\x36\x32\x33\x35\x39\x35\x39\x5a\x30\x3d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x13\x08\x43\x65\x72\x74\x70\x6c\x75\x73\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x43\x6c\x61\x73\x73\x20\x32\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xdc\x50\x96\xd0\x12\xf8\x35\xd2\x08\x78\x7a\xb6\x52\x70\xfd\x6f\xee\xcf\xb9\x11\xcb\x5d\x77\xe1\xec\xe9\x7e\x04\x8d\xd6\xcc\x6f\x73\x43\x57\x60\xac\x33\x0a\x44\xec\x03\x5f\x1c\x80\x24\x91\xe5\xa8\x91\x56\x12\x82\xf7\xe0\x2b\xf4\xdb\xae\x61\x2e\x89\x10\x8d\x6b\x6c\xba\xb3\x02\xbd\xd5\x36\xc5\x48\x37\x23\xe2\xf0\x5a\x37\x52\x33\x17\x12\xe2\xd1\x60\x4d\xbe\x2f\x41\x11\xe3\xf6\x17\x25\x0c\x8b\x91\xc0\x1b\x99\x7b\x99\x56\x0d\xaf\xee\xd2\xbc\x47\x57\xe3\x79\x49\x7b\x34\x89\x27\x24\x84\xde\xb1\xec\xe9\x58\x4e\xfe\x4e\xdf\x5a\xbe\x41\xad\xac\x08\xc5\x18\x0e\xef\xd2\x53\xee\x6c\xd0\x9d\x12\x01\x13\x8d\xdc\x80\x62\xf7\x95\xa9\x44\x88\x4a\x71\x4e\x60\x55\x9e\xdb\x23\x19\x79\x56\x07\x0c\x3f\x63\x0b\x5c\xb0\xe2\xbe\x7e\x15\xfc\x94\x33\x58\x41\x38\x74\xc4\xe1\x8f\x8b\xdf\x26\xac\x1f\xb5\x8b\x3b\xb7\x43\x59\x6b\xb0\x24\xa6\x6d\x90\x8b\xc4\x72\xea\x5d\x33\x98\xb7\xcb\xde\x5e\x7b\xef\x94\xf1\x1b\x3e\xca\xc9\x21\xc1\xc5\x98\x02\xaa\xa2\xf6\x5b\x77\x9b\xf5\x7e\x96\x55\x34\x1c\x67\x69\xc0\xf1\x42\xe3\x47\xac\xfc\x28\x1c\x66\x55\x02\x03\x01\x00\x01\xa3\x81\x8c\x30\x81\x89\x30\x0f\x06\x03\x55\x1d\x13\x04\x08\x30\x06\x01\x01\xff\x02\x01\x0a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xe3\x73\x2d\xdf\xcb\x0e\x28\x0c\xde\xdd\xb3\xa4\xca\x79\xb8\x8e\xbb\xe8\x30\x89\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x01\x06\x30\x37\x06\x03\x55\x1d\x1f\x04\x30\x30\x2e\x30\x2c\xa0\x2a\xa0\x28\x86\x26\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x63\x65\x72\x74\x70\x6c\x75\x73\x2e\x63\x6f\x6d\x2f\x43\x52\x4c\x2f\x63\x6c\x61\x73\x73\x32\x2e\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xa7\x54\xcf\x88\x44\x19\xcb\xdf\xd4\x7f\x00\xdf\x56\x33\x62\xb5\xf7\x51\x01\x90\xeb\xc3\x3f\xd1\x88\x44\xe9\x24\x5d\xef\xe7\x14\xbd\x20\xb7\x9a\x3c\x00\xfe\x6d\x9f\xdb\x90\xdc\xd7\xf4\x62\xd6\x8b\x70\x5d\xe7\xe5\x04\x48\xa9\x68\x7c\xc9\xf1\x42\xf3\x6c\x7f\xc5\x7a\x7c\x1d\x51\x88\xba\xd2\x0a\x3e\x27\x5d\xde\x2d\x51\x4e\xd3\x13\x64\x69\xe4\x2e\xe3\xd3\xe7\x9b\x09\x99\xa6\xe0\x95\x9b\xce\x1a\xd7\x7f\xbe\x3c\xce\x52\xb3\x11\x15\xc1\x0f\x17\xcd\x03\xbb\x9c\x25\x15\xba\xa2\x76\x89\xfc\x06\xf1\x18\xd0\x93\x4b\x0e\x7c\x82\xb7\xa5\xf4\xf6\x5f\xfe\xed\x40\xa6\x9d\x84\x74\x39\xb9\xdc\x1e\x85\x16\xda\x29\x1b\x86\x23\x00\xc9\xbb\x89\x7e\x6e\x80\x88\x1e\x2f\x14\xb4\x03\x24\xa8\x32\x6f\x03\x9a\x47\x2c\x30\xbe\x56\xc6\xa7\x42\x02\x70\x1b\xea\x40\xd8\xba\x05\x03\x70\x07\xa4\x96\xff\xfd\x48\x33\x0a\xe1\xdc\xa5\x81\x90\x9b\x4d\xdd\x7d\xe7\xe7\xb2\xcd\x5c\xc8\x6a\x95\xf8\xa5\xf6\x8d\xc4\x5d\x78\x08\xbe\x7b\x06\xd6\x49\xcf\x19\x36\x50\x23\x2e\x08\xe6\x9e\x05\x4d\x47\x18\xd5\x16\xe9\xb1\xd6\xb6\x10\xd5\xbb\x97\xbf\xa2\x8e\xb4\x54", + ["DST Root CA X3"] = "\x30\x82\x03\x4a\x30\x82\x02\x32\xa0\x03\x02\x01\x02\x02\x10\x44\xaf\xb0\x80\xd6\xa3\x27\xba\x89\x30\x39\x86\x2e\xf8\x40\x6b\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3f\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x44\x53\x54\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x58\x33\x30\x1e\x17\x0d\x30\x30\x30\x39\x33\x30\x32\x31\x31\x32\x31\x39\x5a\x17\x0d\x32\x31\x30\x39\x33\x30\x31\x34\x30\x31\x31\x35\x5a\x30\x3f\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x44\x53\x54\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x58\x33\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xdf\xaf\xe9\x97\x50\x08\x83\x57\xb4\xcc\x62\x65\xf6\x90\x82\xec\xc7\xd3\x2c\x6b\x30\xca\x5b\xec\xd9\xc3\x7d\xc7\x40\xc1\x18\x14\x8b\xe0\xe8\x33\x76\x49\x2a\xe3\x3f\x21\x49\x93\xac\x4e\x0e\xaf\x3e\x48\xcb\x65\xee\xfc\xd3\x21\x0f\x65\xd2\x2a\xd9\x32\x8f\x8c\xe5\xf7\x77\xb0\x12\x7b\xb5\x95\xc0\x89\xa3\xa9\xba\xed\x73\x2e\x7a\x0c\x06\x32\x83\xa2\x7e\x8a\x14\x30\xcd\x11\xa0\xe1\x2a\x38\xb9\x79\x0a\x31\xfd\x50\xbd\x80\x65\xdf\xb7\x51\x63\x83\xc8\xe2\x88\x61\xea\x4b\x61\x81\xec\x52\x6b\xb9\xa2\xe2\x4b\x1a\x28\x9f\x48\xa3\x9e\x0c\xda\x09\x8e\x3e\x17\x2e\x1e\xdd\x20\xdf\x5b\xc6\x2a\x8a\xab\x2e\xbd\x70\xad\xc5\x0b\x1a\x25\x90\x74\x72\xc5\x7b\x6a\xab\x34\xd6\x30\x89\xff\xe5\x68\x13\x7b\x54\x0b\xc8\xd6\xae\xec\x5a\x9c\x92\x1e\x3d\x64\xb3\x8c\xc6\xdf\xbf\xc9\x41\x70\xec\x16\x72\xd5\x26\xec\x38\x55\x39\x43\xd0\xfc\xfd\x18\x5c\x40\xf1\x97\xeb\xd5\x9a\x9b\x8d\x1d\xba\xda\x25\xb9\xc6\xd8\xdf\xc1\x15\x02\x3a\xab\xda\x6e\xf1\x3e\x2e\xf5\x5c\x08\x9c\x3c\xd6\x83\x69\xe4\x10\x9b\x19\x2a\xb6\x29\x57\xe3\xe5\x3d\x9b\x9f\xf0\x02\x5d\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xc4\xa7\xb1\xa4\x7b\x2c\x71\xfa\xdb\xe1\x4b\x90\x75\xff\xc4\x15\x60\x85\x89\x10\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xa3\x1a\x2c\x9b\x17\x00\x5c\xa9\x1e\xee\x28\x66\x37\x3a\xbf\x83\xc7\x3f\x4b\xc3\x09\xa0\x95\x20\x5d\xe3\xd9\x59\x44\xd2\x3e\x0d\x3e\xbd\x8a\x4b\xa0\x74\x1f\xce\x10\x82\x9c\x74\x1a\x1d\x7e\x98\x1a\xdd\xcb\x13\x4b\xb3\x20\x44\xe4\x91\xe9\xcc\xfc\x7d\xa5\xdb\x6a\xe5\xfe\xe6\xfd\xe0\x4e\xdd\xb7\x00\x3a\xb5\x70\x49\xaf\xf2\xe5\xeb\x02\xf1\xd1\x02\x8b\x19\xcb\x94\x3a\x5e\x48\xc4\x18\x1e\x58\x19\x5f\x1e\x02\x5a\xf0\x0c\xf1\xb1\xad\xa9\xdc\x59\x86\x8b\x6e\xe9\x91\xf5\x86\xca\xfa\xb9\x66\x33\xaa\x59\x5b\xce\xe2\xa7\x16\x73\x47\xcb\x2b\xcc\x99\xb0\x37\x48\xcf\xe3\x56\x4b\xf5\xcf\x0f\x0c\x72\x32\x87\xc6\xf0\x44\xbb\x53\x72\x6d\x43\xf5\x26\x48\x9a\x52\x67\xb7\x58\xab\xfe\x67\x76\x71\x78\xdb\x0d\xa2\x56\x14\x13\x39\x24\x31\x85\xa2\xa8\x02\x5a\x30\x47\xe1\xdd\x50\x07\xbc\x02\x09\x90\x00\xeb\x64\x63\x60\x9b\x16\xbc\x88\xc9\x12\xe6\xd2\x7d\x91\x8b\xf9\x3d\x32\x8d\x65\xb4\xe9\x7c\xb1\x57\x76\xea\xc5\xb6\x28\x39\xbf\x15\x65\x1c\xc8\xf6\x77\x96\x6a\x0a\x8d\x77\x0b\xd8\x91\x0b\x04\x8e\x07\xdb\x29\xb6\x0a\xee\x9d\x82\x35\x35\x10", + ["DST ACES CA X6"] = "\x30\x82\x04\x09\x30\x82\x02\xf1\xa0\x03\x02\x01\x02\x02\x10\x0d\x5e\x99\x0a\xd6\x9d\xb7\x78\xec\xd8\x07\x56\x3b\x86\x15\xd9\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x5b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x13\x17\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x20\x41\x43\x45\x53\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x44\x53\x54\x20\x41\x43\x45\x53\x20\x43\x41\x20\x58\x36\x30\x1e\x17\x0d\x30\x33\x31\x31\x32\x30\x32\x31\x31\x39\x35\x38\x5a\x17\x0d\x31\x37\x31\x31\x32\x30\x32\x31\x31\x39\x35\x38\x5a\x30\x5b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x13\x17\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x20\x41\x43\x45\x53\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x44\x53\x54\x20\x41\x43\x45\x53\x20\x43\x41\x20\x58\x36\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb9\x3d\xf5\x2c\xc9\x94\xdc\x75\x8a\x95\x5d\x63\xe8\x84\x77\x76\x66\xb9\x59\x91\x5c\x46\xdd\x92\x3e\x9f\xf9\x0e\x03\xb4\x3d\x61\x92\xbd\x23\x26\xb5\x63\xee\x92\xd2\x9e\xd6\x3c\xc8\x0d\x90\x5f\x64\x81\xb1\xa8\x08\x0d\x4c\xd8\xf9\xd3\x05\x28\x52\xb4\x01\x25\xc5\x95\x1c\x0c\x7e\x3e\x10\x84\x75\xcf\xc1\x19\x91\x63\xcf\xe8\xa8\x91\x88\xb9\x43\x52\xbb\x80\xb1\x55\x89\x8b\x31\xfa\xd0\xb7\x76\xbe\x41\x3d\x30\x9a\xa4\x22\x25\x17\x73\xe8\x1e\xe2\xd3\xac\x2a\xbd\x5b\x38\x21\xd5\x2a\x4b\xd7\x55\x7d\xe3\x3a\x55\xbd\xd7\x6d\x6b\x02\x57\x6b\xe6\x47\x7c\x08\xc8\x82\xba\xde\xa7\x87\x3d\xa1\x6d\xb8\x30\x56\xc2\xb3\x02\x81\x5f\x2d\xf5\xe2\x9a\x30\x18\x28\xb8\x66\xd3\xcb\x01\x96\x6f\xea\x8a\x45\x55\xd6\xe0\x9d\xff\x67\x2b\x17\x02\xa6\x4e\x1a\x6a\x11\x0b\x7e\xb7\x7b\xe7\x98\xd6\x8c\x76\x6f\xc1\x3b\xdb\x50\x93\x7e\xe5\xd0\x8e\x1f\x37\xb8\xbd\xba\xc6\x9f\x6c\xe9\x7c\x33\xf2\x32\x3c\x26\x47\xfa\x27\x24\x02\xc9\x7e\x1d\x5b\x88\x42\x13\x6a\x35\x7c\x7d\x35\xe9\x2e\x66\x91\x72\x93\xd5\x32\x26\xc4\x74\xf5\x53\xa3\xb3\x5d\x9a\xf6\x09\xcb\x02\x03\x01\x00\x01\xa3\x81\xc8\x30\x81\xc5\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xc6\x30\x1f\x06\x03\x55\x1d\x11\x04\x18\x30\x16\x81\x14\x70\x6b\x69\x2d\x6f\x70\x73\x40\x74\x72\x75\x73\x74\x64\x73\x74\x2e\x63\x6f\x6d\x30\x62\x06\x03\x55\x1d\x20\x04\x5b\x30\x59\x30\x57\x06\x0a\x60\x86\x48\x01\x65\x03\x02\x01\x01\x01\x30\x49\x30\x47\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x3b\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x72\x75\x73\x74\x64\x73\x74\x2e\x63\x6f\x6d\x2f\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x73\x2f\x70\x6f\x6c\x69\x63\x79\x2f\x41\x43\x45\x53\x2d\x69\x6e\x64\x65\x78\x2e\x68\x74\x6d\x6c\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x09\x72\x06\x4e\x18\x43\x0f\xe5\xd6\xcc\xc3\x6a\x8b\x31\x7b\x78\x8f\xa8\x83\xb8\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xa3\xd8\x8e\xd6\xb2\xdb\xce\x05\xe7\x32\xcd\x01\xd3\x04\x03\xe5\x76\xe4\x56\x2b\x9c\x99\x90\xe8\x08\x30\x6c\xdf\x7d\x3d\xee\xe5\xbf\xb5\x24\x40\x84\x49\xe1\xd1\x28\xae\xc4\xc2\x3a\x53\x30\x88\xf1\xf5\x77\x6e\x51\xca\xfa\xff\x99\xaf\x24\x5f\x1b\xa0\xfd\xf2\xac\x84\xca\xdf\xa9\xf0\x5f\x04\x2e\xad\x16\xbf\x21\x97\x10\x81\x3d\xe3\xff\x87\x8d\x32\xdc\x94\xe5\x47\x8a\x5e\x6a\x13\xc9\x94\x95\x3d\xd2\xee\xc8\x34\x95\xd0\x80\xd4\xad\x32\x08\x80\x54\x3c\xe0\xbd\x52\x53\xd7\x52\x7c\xb2\x69\x3f\x7f\x7a\xcf\x6a\x74\xca\xfa\x04\x2a\x9c\x4c\x5a\x06\xa5\xe9\x20\xad\x45\x66\x0f\x69\xf1\xdd\xbf\xe9\xe3\x32\x8b\xfa\xe0\xc1\x86\x4d\x72\x3c\x2e\xd8\x93\x78\x0a\x2a\xf8\xd8\xd2\x27\x3d\x19\x89\x5f\x5a\x7b\x8a\x3b\xcc\x0c\xda\x51\xae\xc7\x0b\xf7\x2b\xb0\x37\x05\xec\xbc\x57\x23\xe2\x38\xd2\x9b\x68\xf3\x56\x12\x88\x4f\x42\x7c\xb8\x31\xc4\xb5\xdb\xe4\xc8\x21\x34\xe9\x48\x11\x35\xee\xfa\xc7\x92\x57\xc5\x9f\x34\xe4\xc7\xf6\xf7\x0e\x0b\x4c\x9c\x68\x78\x7b\x71\x31\xc7\xeb\x1e\xe0\x67\x41\xf3\xb7\xa0\xa7\xcd\xe5\x7a\x33\x36\x6a\xfa\x9a\x2b", + ["TURKTRUST Certificate Services Provider Root 1"] = "\x30\x82\x03\xfb\x30\x82\x02\xe3\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xb7\x31\x3f\x30\x3d\x06\x03\x55\x04\x03\x0c\x36\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x0c\x02\x54\x52\x31\x0f\x30\x0d\x06\x03\x55\x04\x07\x0c\x06\x41\x4e\x4b\x41\x52\x41\x31\x56\x30\x54\x06\x03\x55\x04\x0a\x0c\x4d\x28\x63\x29\x20\x32\x30\x30\x35\x20\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x42\x69\x6c\x67\x69\x20\xc4\xb0\x6c\x65\x74\x69\xc5\x9f\x69\x6d\x20\x76\x65\x20\x42\x69\x6c\x69\xc5\x9f\x69\x6d\x20\x47\xc3\xbc\x76\x65\x6e\x6c\x69\xc4\x9f\x69\x20\x48\x69\x7a\x6d\x65\x74\x6c\x65\x72\x69\x20\x41\x2e\xc5\x9e\x2e\x30\x1e\x17\x0d\x30\x35\x30\x35\x31\x33\x31\x30\x32\x37\x31\x37\x5a\x17\x0d\x31\x35\x30\x33\x32\x32\x31\x30\x32\x37\x31\x37\x5a\x30\x81\xb7\x31\x3f\x30\x3d\x06\x03\x55\x04\x03\x0c\x36\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x0c\x02\x54\x52\x31\x0f\x30\x0d\x06\x03\x55\x04\x07\x0c\x06\x41\x4e\x4b\x41\x52\x41\x31\x56\x30\x54\x06\x03\x55\x04\x0a\x0c\x4d\x28\x63\x29\x20\x32\x30\x30\x35\x20\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x42\x69\x6c\x67\x69\x20\xc4\xb0\x6c\x65\x74\x69\xc5\x9f\x69\x6d\x20\x76\x65\x20\x42\x69\x6c\x69\xc5\x9f\x69\x6d\x20\x47\xc3\xbc\x76\x65\x6e\x6c\x69\xc4\x9f\x69\x20\x48\x69\x7a\x6d\x65\x74\x6c\x65\x72\x69\x20\x41\x2e\xc5\x9e\x2e\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xca\x52\x05\xd6\x63\x03\xd8\x1c\x5f\xdd\xd2\x7b\x5d\xf2\x0c\x60\x61\x5b\x6b\x3b\x74\x2b\x78\x0d\x7d\x45\xbd\x22\x74\xe8\x8c\x03\xc1\xc6\x11\x2a\x3d\x95\xbc\xa9\x94\xb0\xbb\x91\x97\xc8\x69\x7c\x84\xc5\xb4\x91\x6c\x6c\x13\x6a\xa4\x55\xad\xa4\x85\xe8\x95\x7e\xb3\x00\xaf\x00\xc2\x05\x18\xf5\x70\x9d\x36\x8b\xae\xcb\xe4\x1b\x81\x7f\x93\x88\xfb\x6a\x55\xbb\x7d\x85\x92\xce\xba\x58\x9f\xdb\x32\xc5\xbd\x5d\xef\x22\x4a\x2f\x41\x07\x7e\x49\x61\xb3\x86\xec\x4e\xa6\x41\x6e\x84\xbc\x03\xec\xf5\x3b\x1c\xc8\x1f\xc2\xee\xa8\xee\xea\x12\x4a\x8d\x14\xcf\xf3\x0a\xe0\x50\x39\xf9\x08\x35\xf8\x11\x59\xad\xe7\x22\xea\x4b\xca\x14\x06\xde\x42\xba\xb2\x99\xf3\x2d\x54\x88\x10\x06\xea\xe1\x1a\x3e\x3d\x67\x1f\xfb\xce\xfb\x7c\x82\xe8\x11\x5d\x4a\xc1\xb9\x14\xea\x54\xd9\x66\x9b\x7c\x89\x7d\x04\x9a\x62\xc9\xe9\x52\x3c\x9e\x9c\xef\xd2\xf5\x26\xe4\xe6\xe5\x18\x7c\x8b\x6e\xdf\x6c\xcc\x78\x5b\x4f\x72\xb2\xcb\x5c\x3f\x8c\x05\x8d\xd1\x4c\x8c\xad\x92\xc7\xe1\x78\x7f\x65\x6c\x49\x06\x50\x2c\x9e\x32\xc2\xd7\x4a\xc6\x75\x8a\x59\x4e\x75\x6f\x47\x5e\xc1\x02\x03\x01\x00\x01\xa3\x10\x30\x0e\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x15\xf5\x55\xff\x37\x96\x80\x59\x21\xa4\xfc\xa1\x15\x4c\x20\xf6\xd4\x5f\xda\x03\x24\xfc\xcf\x90\x1a\xf4\x21\x0a\x9a\xee\x3a\xb1\x6a\xef\xef\xf8\x60\xd1\x4c\x36\x66\x45\x1d\xf3\x66\x02\x74\x04\x7b\x92\x30\xa8\xde\x0a\x76\x0f\xef\x95\x6e\xbd\xc9\x37\xe6\x1a\x0d\xac\x89\x48\x5b\xcc\x83\x36\xc2\xf5\x46\x5c\x59\x82\x56\xb4\xd5\xfe\x23\xb4\xd8\x54\x1c\x44\xab\xc4\xa7\xe5\x14\xce\x3c\x41\x61\x7c\x43\xe6\xcd\xc4\x81\x09\x8b\x24\xfb\x54\x25\xd6\x16\xa8\x96\x0c\x67\x07\x6f\xb3\x50\x47\xe3\x1c\x24\x28\xdd\x2a\x98\xa4\x61\xfe\xdb\xea\x12\x37\xbc\x01\x1a\x34\x85\xbd\x6e\x4f\xe7\x91\x72\x07\x44\x85\x1e\x58\xca\x54\x44\xdd\xf7\xac\xb9\xcb\x89\x21\x72\xdb\x8f\xc0\x69\x29\x97\x2a\xa3\xae\x18\x23\x97\x1c\x41\x2a\x8b\x7c\x2a\xc1\x7c\x90\xe8\xa9\x28\xc0\xd3\x91\xc6\xad\x28\x87\x40\x68\xb5\xff\xec\xa7\xd2\xd3\x38\x18\x9c\xd3\x7d\x69\x5d\xf0\xc6\xa5\x1e\x24\x1b\xa3\x47\xfc\x69\x07\x68\xe7\xe4\x9a\xb4\xed\x0f\xa1\x87\x87\x02\xce\x87\xd2\x48\x4e\xe1\xbc\xff\xcb\xf1\x72\x92\x44\x64\x03\x25\xea\xde\x5b\x6e\x9f\xc9\xf2\x4e\xac\xdd\xc7", + ["TURKTRUST Certificate Services Provider Root 2"] = "\x30\x82\x04\x3c\x30\x82\x03\x24\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xbe\x31\x3f\x30\x3d\x06\x03\x55\x04\x03\x0c\x36\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x0f\x30\x0d\x06\x03\x55\x04\x07\x0c\x06\x41\x6e\x6b\x61\x72\x61\x31\x5d\x30\x5b\x06\x03\x55\x04\x0a\x0c\x54\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x42\x69\x6c\x67\x69\x20\xc4\xb0\x6c\x65\x74\x69\xc5\x9f\x69\x6d\x20\x76\x65\x20\x42\x69\x6c\x69\xc5\x9f\x69\x6d\x20\x47\xc3\xbc\x76\x65\x6e\x6c\x69\xc4\x9f\x69\x20\x48\x69\x7a\x6d\x65\x74\x6c\x65\x72\x69\x20\x41\x2e\xc5\x9e\x2e\x20\x28\x63\x29\x20\x4b\x61\x73\xc4\xb1\x6d\x20\x32\x30\x30\x35\x30\x1e\x17\x0d\x30\x35\x31\x31\x30\x37\x31\x30\x30\x37\x35\x37\x5a\x17\x0d\x31\x35\x30\x39\x31\x36\x31\x30\x30\x37\x35\x37\x5a\x30\x81\xbe\x31\x3f\x30\x3d\x06\x03\x55\x04\x03\x0c\x36\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x0f\x30\x0d\x06\x03\x55\x04\x07\x0c\x06\x41\x6e\x6b\x61\x72\x61\x31\x5d\x30\x5b\x06\x03\x55\x04\x0a\x0c\x54\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x42\x69\x6c\x67\x69\x20\xc4\xb0\x6c\x65\x74\x69\xc5\x9f\x69\x6d\x20\x76\x65\x20\x42\x69\x6c\x69\xc5\x9f\x69\x6d\x20\x47\xc3\xbc\x76\x65\x6e\x6c\x69\xc4\x9f\x69\x20\x48\x69\x7a\x6d\x65\x74\x6c\x65\x72\x69\x20\x41\x2e\xc5\x9e\x2e\x20\x28\x63\x29\x20\x4b\x61\x73\xc4\xb1\x6d\x20\x32\x30\x30\x35\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa9\x36\x7e\xc3\x91\x43\x4c\xc3\x19\x98\x08\xc8\xc7\x58\x7b\x4f\x16\x8c\xa5\xce\x49\x01\x1f\x73\x0e\xac\x75\x13\xa6\xfa\x9e\x2c\x20\xde\xd8\x90\x0e\x0a\xd1\x69\xd2\x27\xfb\xaa\x77\x9f\x27\x52\x25\xe2\xcb\x5d\xd8\xd8\x83\x50\x17\x7d\x8a\xb5\x82\x3f\x04\x8e\xb4\xd5\xf0\x49\xa7\x64\xb7\x1e\x2e\x5f\x20\x9c\x50\x75\x4f\xaf\xe1\xb5\x41\x14\xf4\x98\x92\x88\xc7\xe5\xe5\x64\x47\x61\x47\x79\xfd\xc0\x51\xf1\xc1\x99\xe7\xdc\xce\x6a\xfb\xaf\xb5\x01\x30\xdc\x46\x1c\xef\x8a\xec\x95\xef\xdc\xff\xaf\x10\x1c\xeb\x9d\xd8\xb0\xaa\x6a\x85\x18\x0d\x17\xc9\x3e\xbf\xf1\x9b\xd0\x09\x89\x42\xfd\xa0\x42\xb4\x9d\x89\x51\x55\x29\xcf\x1b\x70\xbc\x84\x54\xad\xc1\x13\x1f\x98\xf4\x2e\x76\x60\x8b\x5d\x3f\x9a\xad\xca\x0c\xbf\xa7\x56\x5b\x8f\x77\xb8\xd5\x9e\x79\x49\x92\x3f\xe0\xf1\x97\x24\x7a\x6c\x9b\x17\x0f\x6d\xef\x53\x98\x91\x2b\xe4\x0f\xbe\x59\x79\x07\x78\xbb\x97\x95\xf4\x9f\x69\xd4\x58\x87\x0a\xa9\xe3\xcc\xb6\x58\x19\x9f\x26\x21\xb1\xc4\x59\x8d\xb2\x41\x75\xc0\xad\x69\xce\x9c\x00\x08\xf2\x36\xff\x3e\xf0\xa1\x0f\x1a\xac\x14\xfd\xa6\x60\x0f\x02\x03\x01\x00\x01\xa3\x43\x30\x41\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xd9\x37\xb3\x4e\x05\xfd\xd9\xcf\x9f\x12\x16\xae\xb6\x89\x2f\xeb\x25\x3a\x88\x1c\x30\x0f\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x05\x03\x03\x07\x06\x00\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x72\x60\x96\xb7\xc9\xdc\xd8\x29\x5e\x23\x85\x5f\xb2\xb3\x2d\x76\xfb\x88\xd7\x17\xfe\x7b\x6d\x45\xb8\xf6\x85\x6c\x9f\x22\xfc\x2a\x10\x22\xec\xaa\xb9\x30\xf6\xab\x58\xd6\x39\x10\x31\x99\x29\x00\xbd\x89\x66\x41\xfb\x74\xde\x91\xc1\x18\x0b\x9f\xb5\x61\xcb\x9d\x3a\xbe\xf5\xa8\x94\xa3\x22\x55\x6e\x17\x49\xff\xd2\x29\xf1\x38\x26\x5d\xef\xa5\xaa\x3a\xf9\x71\x7b\xe6\xda\x58\x1d\xd3\x74\xc2\x01\xfa\x3e\x69\x58\x5f\xad\xcb\x68\xbe\x14\x2e\x9b\x6c\xc0\xb6\xdc\xa0\x26\xfa\x77\x1a\xe2\x24\xda\x1a\x37\xe0\x67\xad\xd1\x73\x83\x0d\xa5\x1a\x1d\x6e\x12\x92\x7e\x84\x62\x00\x17\xbd\xbc\x25\x18\x57\xf2\xd7\xa9\x6f\x59\x88\xbc\x34\xb7\x2e\x85\x78\x9d\x96\xdc\x14\xc3\x2c\x8a\x52\x9b\x96\x8c\x52\x66\x3d\x86\x16\x8b\x47\xb8\x51\x09\x8c\xea\x7d\xcd\x88\x72\xb3\x60\x33\xb1\xf0\x0a\x44\xef\x0f\xf5\x09\x37\x88\x24\x0e\x2c\x6b\x20\x3a\xa2\xfa\x11\xf2\x40\x35\x9c\x44\x68\x63\x3b\xac\x33\x6f\x63\xbc\x2c\xbb\xf2\xd2\xcb\x76\x7d\x7d\x88\xd8\x1d\xc8\x05\x1d\x6e\xbc\x94\xa9\x66\x8c\x77\x71\xc7\xfa\x91\xfa\x2f\x51\x9e\xe9\x39\x52\xb6\xe7\x04\x42", + ["SwissSign Gold CA - G2"] = "\x30\x82\x05\xba\x30\x82\x03\xa2\xa0\x03\x02\x01\x02\x02\x09\x00\xbb\x40\x1c\x43\xf5\x5e\x4f\xb0\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x41\x47\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x47\x6f\x6c\x64\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x1e\x17\x0d\x30\x36\x31\x30\x32\x35\x30\x38\x33\x30\x33\x35\x5a\x17\x0d\x33\x36\x31\x30\x32\x35\x30\x38\x33\x30\x33\x35\x5a\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x41\x47\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x47\x6f\x6c\x64\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xaf\xe4\xee\x7e\x8b\x24\x0e\x12\x6e\xa9\x50\x2d\x16\x44\x3b\x92\x92\x5c\xca\xb8\x5d\x84\x92\x42\x13\x2a\xbc\x65\x57\x82\x40\x3e\x57\x24\xcd\x50\x8b\x25\x2a\xb7\x6f\xfc\xef\xa2\xd0\xc0\x1f\x02\x24\x4a\x13\x96\x8f\x23\x13\xe6\x28\x58\x00\xa3\x47\xc7\x06\xa7\x84\x23\x2b\xbb\xbd\x96\x2b\x7f\x55\xcc\x8b\xc1\x57\x1f\x0e\x62\x65\x0f\xdd\x3d\x56\x8a\x73\xda\xae\x7e\x6d\xba\x81\x1c\x7e\x42\x8c\x20\x35\xd9\x43\x4d\x84\xfa\x84\xdb\x52\x2c\xf3\x0e\x27\x77\x0b\x6b\xbf\x11\x2f\x72\x78\x9f\x2e\xd8\x3e\xe6\x18\x37\x5a\x2a\x72\xf9\xda\x62\x90\x92\x95\xca\x1f\x9c\xe9\xb3\x3c\x2b\xcb\xf3\x01\x13\xbf\x5a\xcf\xc1\xb5\x0a\x60\xbd\xdd\xb5\x99\x64\x53\xb8\xa0\x96\xb3\x6f\xe2\x26\x77\x91\x8c\xe0\x62\x10\x02\x9f\x34\x0f\xa4\xd5\x92\x33\x51\xde\xbe\x8d\xba\x84\x7a\x60\x3c\x6a\xdb\x9f\x2b\xec\xde\xde\x01\x3f\x6e\x4d\xe5\x50\x86\xcb\xb4\xaf\xed\x44\x40\xc5\xca\x5a\x8c\xda\xd2\x2b\x7c\xa8\xee\xbe\xa6\xe5\x0a\xaa\x0e\xa5\xdf\x05\x52\xb7\x55\xc7\x22\x5d\x32\x6a\x97\x97\x63\x13\xdb\xc9\xdb\x79\x36\x7b\x85\x3a\x4a\xc5\x52\x89\xf9\x24\xe7\x9d\x77\xa9\x82\xff\x55\x1c\xa5\x71\x69\x2b\xd1\x02\x24\xf2\xb3\x26\xd4\x6b\xda\x04\x55\xe5\xc1\x0a\xc7\x6d\x30\x37\x90\x2a\xe4\x9e\x14\x33\x5e\x16\x17\x55\xc5\x5b\xb5\xcb\x34\x89\x92\xf1\x9d\x26\x8f\xa1\x07\xd4\xc6\xb2\x78\x50\xdb\x0c\x0c\x0b\x7c\x0b\x8c\x41\xd7\xb9\xe9\xdd\x8c\x88\xf7\xa3\x4d\xb2\x32\xcc\xd8\x17\xda\xcd\xb7\xce\x66\x9d\xd4\xfd\x5e\xff\xbd\x97\x3e\x29\x75\xe7\x7e\xa7\x62\x58\xaf\x25\x34\xa5\x41\xc7\x3d\xbc\x0d\x50\xca\x03\x03\x0f\x08\x5a\x1f\x95\x73\x78\x62\xbf\xaf\x72\x14\x69\x0e\xa5\xe5\x03\x0e\x78\x8e\x26\x28\x42\xf0\x07\x0b\x62\x20\x10\x67\x39\x46\xfa\xa9\x03\xcc\x04\x38\x7a\x66\xef\x20\x83\xb5\x8c\x4a\x56\x8e\x91\x00\xfc\x8e\x5c\x82\xde\x88\xa0\xc3\xe2\x68\x6e\x7d\x8d\xef\x3c\xdd\x65\xf4\x5d\xac\x51\xef\x24\x80\xae\xaa\x56\x97\x6f\xf9\xad\x7d\xda\x61\x3f\x98\x77\x3c\xa5\x91\xb6\x1c\x8c\x26\xda\x65\xa2\x09\x6d\xc1\xe2\x54\xe3\xb9\xca\x4c\x4c\x80\x8f\x77\x7b\x60\x9a\x1e\xdf\xb6\xf2\x48\x1e\x0e\xba\x4e\x54\x6d\x98\xe0\xe1\xa2\x1a\xa2\x77\x50\xcf\xc4\x63\x92\xec\x47\x19\x9d\xeb\xe6\x6b\xce\xc1\x02\x03\x01\x00\x01\xa3\x81\xac\x30\x81\xa9\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x5b\x25\x7b\x96\xa4\x65\x51\x7e\xb8\x39\xf3\xc0\x78\x66\x5e\xe8\x3a\xe7\xf0\xee\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x5b\x25\x7b\x96\xa4\x65\x51\x7e\xb8\x39\xf3\xc0\x78\x66\x5e\xe8\x3a\xe7\xf0\xee\x30\x46\x06\x03\x55\x1d\x20\x04\x3f\x30\x3d\x30\x3b\x06\x09\x60\x85\x74\x01\x59\x01\x02\x01\x01\x30\x2e\x30\x2c\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x20\x68\x74\x74\x70\x3a\x2f\x2f\x72\x65\x70\x6f\x73\x69\x74\x6f\x72\x79\x2e\x73\x77\x69\x73\x73\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x27\xba\xe3\x94\x7c\xf1\xae\xc0\xde\x17\xe6\xe5\xd8\xd5\xf5\x54\xb0\x83\xf4\xbb\xcd\x5e\x05\x7b\x4f\x9f\x75\x66\xaf\x3c\xe8\x56\x7e\xfc\x72\x78\x38\x03\xd9\x2b\x62\x1b\x00\xb9\xf8\xe9\x60\xcd\xcc\xce\x51\x8a\xc7\x50\x31\x6e\xe1\x4a\x7e\x18\x2f\x69\x59\xb6\x3d\x64\x81\x2b\xe3\x83\x84\xe6\x22\x87\x8e\x7d\xe0\xee\x02\x99\x61\xb8\x1e\xf4\xb8\x2b\x88\x12\x16\x84\xc2\x31\x93\x38\x96\x31\xa6\xb9\x3b\x53\x3f\xc3\x24\x93\x56\x5b\x69\x92\xec\xc5\xc1\xbb\x38\x00\xe3\xec\x17\xa9\xb8\xdc\xc7\x7c\x01\x83\x9f\x32\x47\xba\x52\x22\x34\x1d\x32\x7a\x09\x56\xa7\x7c\x25\x36\xa9\x3d\x4b\xda\xc0\x82\x6f\x0a\xbb\x12\xc8\x87\x4b\x27\x11\xf9\x1e\x2d\xc7\x93\x3f\x9e\xdb\x5f\x26\x6b\x52\xd9\x2e\x8a\xf1\x14\xc6\x44\x8d\x15\xa9\xb7\xbf\xbd\xde\xa6\x1a\xee\xae\x2d\xfb\x48\x77\x17\xfe\xbb\xec\xaf\x18\xf5\x2a\x51\xf0\x39\x84\x97\x95\x6c\x6e\x1b\xc3\x2b\xc4\x74\x60\x79\x25\xb0\x0a\x27\xdf\xdf\x5e\xd2\x39\xcf\x45\x7d\x42\x4b\xdf\xb3\x2c\x1e\xc5\xc6\x5d\xca\x55\x3a\xa0\x9c\x69\x9a\x8f\xda\xef\xb2\xb0\x3c\x9f\x87\x6c\x12\x2b\x65\x70\x15\x52\x31\x1a\x24\xcf\x6f\x31\x23\x50\x1f\x8c\x4f\x8f\x23\xc3\x74\x41\x63\x1c\x55\xa8\x14\xdd\x3e\xe0\x51\x50\xcf\xf1\x1b\x30\x56\x0e\x92\xb0\x82\x85\xd8\x83\xcb\x22\x64\xbc\x2d\xb8\x25\xd5\x54\xa2\xb8\x06\xea\xad\x92\xa4\x24\xa0\xc1\x86\xb5\x4a\x13\x6a\x47\xcf\x2e\x0b\x56\x95\x54\xcb\xce\x9a\xdb\x6a\xb4\xa6\xb2\xdb\x41\x08\x86\x27\x77\xf7\x6a\xa0\x42\x6c\x0b\x38\xce\xd7\x75\x50\x32\x92\xc2\xdf\x2b\x30\x22\x48\xd0\xd5\x41\x38\x25\x5d\xa4\xe9\x5d\x9f\xc6\x94\x75\xd0\x45\xfd\x30\x97\x43\x8f\x90\xab\x0a\xc7\x86\x73\x60\x4a\x69\x2d\xde\xa5\x78\xd7\x06\xda\x6a\x9e\x4b\x3e\x77\x3a\x20\x13\x22\x01\xd0\xbf\x68\x9e\x63\x60\x6b\x35\x4d\x0b\x6d\xba\xa1\x3d\xc0\x93\xe0\x7f\x23\xb3\x55\xad\x72\x25\x4e\x46\xf9\xd2\x16\xef\xb0\x64\xc1\x01\x9e\xe9\xca\xa0\x6a\x98\x0e\xcf\xd8\x60\xf2\x2f\x49\xb8\xe4\x42\xe1\x38\x35\x16\xf4\xc8\x6e\x4f\xf7\x81\x56\xe8\xba\xa3\xbe\x23\xaf\xae\xfd\x6f\x03\xe0\x02\x3b\x30\x76\xfa\x1b\x6d\x41\xcf\x01\xb1\xe9\xb8\xc9\x66\xf4\xdb\x26\xf3\x3a\xa4\x74\xf2\x49\x24\x5b\xc9\xb0\xd0\x57\xc1\xfa\x3e\x7a\xe1\x97\xc9", + ["SwissSign Silver CA - G2"] = "\x30\x82\x05\xbd\x30\x82\x03\xa5\xa0\x03\x02\x01\x02\x02\x08\x4f\x1b\xd4\x2f\x54\xbb\x2f\x4b\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x47\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x41\x47\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x53\x69\x6c\x76\x65\x72\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x1e\x17\x0d\x30\x36\x31\x30\x32\x35\x30\x38\x33\x32\x34\x36\x5a\x17\x0d\x33\x36\x31\x30\x32\x35\x30\x38\x33\x32\x34\x36\x5a\x30\x47\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x41\x47\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x53\x69\x6c\x76\x65\x72\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xc4\xf1\x87\x7f\xd3\x78\x31\xf7\x38\xc9\xf8\xc3\x99\x43\xbc\xc7\xf7\xbc\x37\xe7\x4e\x71\xba\x4b\x8f\xa5\x73\x1d\x5c\x6e\x98\xae\x03\x57\xae\x38\x37\x43\x2f\x17\x3d\x1f\xc8\xce\x68\x10\xc1\x78\xae\x19\x03\x2b\x10\xfa\x2c\x79\x83\xf6\xe8\xb9\x68\xb9\x55\xf2\x04\x44\xa7\x39\xf9\xfc\x04\x8b\x1e\xf1\xa2\x4d\x27\xf9\x61\x7b\xba\xb7\xe5\xa2\x13\xb6\xeb\x61\x3e\xd0\x6c\xd1\xe6\xfb\xfa\x5e\xed\x1d\xb4\x9e\xa0\x35\x5b\xa1\x92\xcb\xf0\x49\x92\xfe\x85\x0a\x05\x3e\xe6\xd9\x0b\xe2\x4f\xbb\xdc\x95\x37\xfc\x91\xe9\x32\x35\x22\xd1\x1f\x3a\x4e\x27\x85\x9d\xb0\x15\x94\x32\xda\x61\x0d\x47\x4d\x60\x42\xae\x92\x47\xe8\x83\x5a\x50\x58\xe9\x8a\x8b\xb9\x5d\xa1\xdc\xdd\x99\x4a\x1f\x36\x67\xbb\x48\xe4\x83\xb6\x37\xeb\x48\x3a\xaf\x0f\x67\x8f\x17\x07\xe8\x04\xca\xef\x6a\x31\x87\xd4\xc0\xb6\xf9\x94\x71\x7b\x67\x64\xb8\xb6\x91\x4a\x42\x7b\x65\x2e\x30\x6a\x0c\xf5\x90\xee\x95\xe6\xf2\xcd\x82\xec\xd9\xa1\x4a\xec\xf6\xb2\x4b\xe5\x45\x85\xe6\x6d\x78\x93\x04\x2e\x9c\x82\x6d\x36\xa9\xc4\x31\x64\x1f\x86\x83\x0b\x2a\xf4\x35\x0a\x78\xc9\x55\xcf\x41\xb0\x47\xe9\x30\x9f\x99\xbe\x61\xa8\x06\x84\xb9\x28\x7a\x5f\x38\xd9\x1b\xa9\x38\xb0\x83\x7f\x73\xc1\xc3\x3b\x48\x2a\x82\x0f\x21\x9b\xb8\xcc\xa8\x35\xc3\x84\x1b\x83\xb3\x3e\xbe\xa4\x95\x69\x01\x3a\x89\x00\x78\x04\xd9\xc9\xf4\x99\x19\xab\x56\x7e\x5b\x8b\x86\x39\x15\x91\xa4\x10\x2c\x09\x32\x80\x60\xb3\x93\xc0\x2a\xb6\x18\x0b\x9d\x7e\x8d\x49\xf2\x10\x4a\x7f\xf9\xd5\x46\x2f\x19\x92\xa3\x99\xa7\x26\xac\xbb\x8c\x3c\xe6\x0e\xbc\x47\x07\xdc\x73\x51\xf1\x70\x64\x2f\x08\xf9\xb4\x47\x1d\x30\x6c\x44\xea\x29\x37\x85\x92\x68\x66\xbc\x83\x38\xfe\x7b\x39\x2e\xd3\x50\xf0\x1f\xfb\x5e\x60\xb6\xa9\xa6\xfa\x27\x41\xf1\x9b\x18\x72\xf2\xf5\x84\x74\x4a\xc9\x67\xc4\x54\xae\x48\x64\xdf\x8c\xd1\x6e\xb0\x1d\xe1\x07\x8f\x08\x1e\x99\x9c\x71\xe9\x4c\xd8\xa5\xf7\x47\x12\x1f\x74\xd1\x51\x9e\x86\xf3\xc2\xa2\x23\x40\x0b\x73\xdb\x4b\xa6\xe7\x73\x06\x8c\xc1\xa0\xe9\xc1\x59\xac\x46\xfa\xe6\x2f\xf8\xcf\x71\x9c\x46\x6d\xb9\xc4\x15\x8d\x38\x79\x03\x45\x48\xef\xc4\x5d\xd7\x08\xee\x87\x39\x22\x86\xb2\x0d\x0f\x58\x43\xf7\x71\xa9\x48\x2e\xfd\xea\xd6\x1f\x02\x03\x01\x00\x01\xa3\x81\xac\x30\x81\xa9\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x17\xa0\xcd\xc1\xe4\x41\xb6\x3a\x5b\x3b\xcb\x45\x9d\xbd\x1c\xc2\x98\xfa\x86\x58\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x17\xa0\xcd\xc1\xe4\x41\xb6\x3a\x5b\x3b\xcb\x45\x9d\xbd\x1c\xc2\x98\xfa\x86\x58\x30\x46\x06\x03\x55\x1d\x20\x04\x3f\x30\x3d\x30\x3b\x06\x09\x60\x85\x74\x01\x59\x01\x03\x01\x01\x30\x2e\x30\x2c\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x20\x68\x74\x74\x70\x3a\x2f\x2f\x72\x65\x70\x6f\x73\x69\x74\x6f\x72\x79\x2e\x73\x77\x69\x73\x73\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x73\xc6\x81\xe0\x27\xd2\x2d\x0f\xe0\x95\x30\xe2\x9a\x41\x7f\x50\x2c\x5f\x5f\x62\x61\xa9\x86\x6a\x69\x18\x0c\x74\x49\xd6\x5d\x84\xea\x41\x52\x18\x6f\x58\xad\x50\x56\x20\x6a\xc6\xbd\x28\x69\x58\x91\xdc\x91\x11\x35\xa9\x3a\x1d\xbc\x1a\xa5\x60\x9e\xd8\x1f\x7f\x45\x91\x69\xd9\x7e\xbb\x78\x72\xc1\x06\x0f\x2a\xce\x8f\x85\x70\x61\xac\xa0\xcd\x0b\xb8\x39\x29\x56\x84\x32\x4e\x86\xbb\x3d\xc4\x2a\xd9\xd7\x1f\x72\xee\xfe\x51\xa1\x22\x41\xb1\x71\x02\x63\x1a\x82\xb0\x62\xab\x5e\x57\x12\x1f\xdf\xcb\xdd\x75\xa0\xc0\x5d\x79\x90\x8c\x1b\xe0\x50\xe6\xde\x31\xfe\x98\x7b\x70\x5f\xa5\x90\xd8\xad\xf8\x02\xb6\x6f\xd3\x60\xdd\x40\x4b\x22\xc5\x3d\xad\x3a\x7a\x9f\x1a\x1a\x47\x91\x79\x33\xba\x82\xdc\x32\x69\x03\x96\x6e\x1f\x4b\xf0\x71\xfe\xe3\x67\x72\xa0\xb1\xbf\x5c\x8b\xe4\xfa\x99\x22\xc7\x84\xb9\x1b\x8d\x23\x97\x3f\xed\x25\xe0\xcf\x65\xbb\xf5\x61\x04\xef\xdd\x1e\xb2\x5a\x41\x22\x5a\xa1\x9f\x5d\x2c\xe8\x5b\xc9\x6d\xa9\x0c\x0c\x78\xaa\x60\xc6\x56\x8f\x01\x5a\x0c\x68\xbc\x69\x19\x79\xc4\x1f\x7e\x97\x05\xbf\xc5\xe9\x24\x51\x5e\xd4\xd5\x4b\x53\xed\xd9\x23\x5a\x36\x03\x65\xa3\xc1\x03\xad\x41\x30\xf3\x46\x1b\x85\x90\xaf\x65\xb5\xd5\xb1\xe4\x16\x5b\x78\x75\x1d\x97\x7a\x6d\x59\xa9\x2a\x8f\x7b\xde\xc3\x87\x89\x10\x99\x49\x73\x78\xc8\x3d\xbd\x51\x35\x74\x2a\xd5\xf1\x7e\x69\x1b\x2a\xbb\x3b\xbd\x25\xb8\x9a\x5a\x3d\x72\x61\x90\x66\x87\xee\x0c\xd6\x4d\xd4\x11\x74\x0b\x6a\xfe\x0b\x03\xfc\xa3\x55\x57\x89\xfe\x4a\xcb\xae\x5b\x17\x05\xc8\xf2\x8d\x23\x31\x53\x38\xd2\x2d\x6a\x3f\x82\xb9\x8d\x08\x6a\xf7\x5e\x41\x74\x6e\xc3\x11\x7e\x07\xac\x29\x60\x91\x3f\x38\xca\x57\x10\x0d\xbd\x30\x2f\xc7\xa5\xe6\x41\xa0\xda\xae\x05\x87\x9a\xa0\xa4\x65\x6c\x4c\x09\x0c\x89\xba\xb8\xd3\xb9\xc0\x93\x8a\x30\xfa\x8d\xe5\x9a\x6b\x15\x01\x4e\x67\xaa\xda\x62\x56\x3e\x84\x08\x66\xd2\xc4\x36\x7d\xa7\x3e\x10\xfc\x88\xe0\xd4\x80\xe5\x00\xbd\xaa\xf3\x4e\x06\xa3\x7a\x6a\xf9\x62\x72\xe3\x09\x4f\xeb\x9b\x0e\x01\x23\xf1\x9f\xbb\x7c\xdc\xdc\x6c\x11\x97\x25\xb2\xf2\xb4\x63\x14\xd2\x06\x2a\x67\x8c\x83\xf5\xce\xea\x07\xd8\x9a\x6a\x1e\xec\xe4\x0a\xbb\x2a\x4c\xeb\x09\x60\x39\xce\xca\x62\xd8\x2e\x6e", + ["GeoTrust Primary Certification Authority"] = "\x30\x82\x03\x7c\x30\x82\x02\x64\xa0\x03\x02\x01\x02\x02\x10\x18\xac\xb5\x6a\xfd\x69\xb6\x15\x3a\x63\x6c\xaf\xda\xfa\xc4\xa1\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x58\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x31\x30\x2f\x06\x03\x55\x04\x03\x13\x28\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x36\x31\x31\x32\x37\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5a\x30\x58\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x31\x30\x2f\x06\x03\x55\x04\x03\x13\x28\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbe\xb8\x15\x7b\xff\xd4\x7c\x7d\x67\xad\x83\x64\x7b\xc8\x42\x53\x2d\xdf\xf6\x84\x08\x20\x61\xd6\x01\x59\x6a\x9c\x44\x11\xaf\xef\x76\xfd\x95\x7e\xce\x61\x30\xbb\x7a\x83\x5f\x02\xbd\x01\x66\xca\xee\x15\x8d\x6f\xa1\x30\x9c\xbd\xa1\x85\x9e\x94\x3a\xf3\x56\x88\x00\x31\xcf\xd8\xee\x6a\x96\x02\xd9\xed\x03\x8c\xfb\x75\x6d\xe7\xea\xb8\x55\x16\x05\x16\x9a\xf4\xe0\x5e\xb1\x88\xc0\x64\x85\x5c\x15\x4d\x88\xc7\xb7\xba\xe0\x75\xe9\xad\x05\x3d\x9d\xc7\x89\x48\xe0\xbb\x28\xc8\x03\xe1\x30\x93\x64\x5e\x52\xc0\x59\x70\x22\x35\x57\x88\x8a\xf1\x95\x0a\x83\xd7\xbc\x31\x73\x01\x34\xed\xef\x46\x71\xe0\x6b\x02\xa8\x35\x72\x6b\x97\x9b\x66\xe0\xcb\x1c\x79\x5f\xd8\x1a\x04\x68\x1e\x47\x02\xe6\x9d\x60\xe2\x36\x97\x01\xdf\xce\x35\x92\xdf\xbe\x67\xc7\x6d\x77\x59\x3b\x8f\x9d\xd6\x90\x15\x94\xbc\x42\x34\x10\xc1\x39\xf9\xb1\x27\x3e\x7e\xd6\x8a\x75\xc5\xb2\xaf\x96\xd3\xa2\xde\x9b\xe4\x98\xbe\x7d\xe1\xe9\x81\xad\xb6\x6f\xfc\xd7\x0e\xda\xe0\x34\xb0\x0d\x1a\x77\xe7\xe3\x08\x98\xef\x58\xfa\x9c\x84\xb7\x36\xaf\xc2\xdf\xac\xd2\xf4\x10\x06\x70\x71\x35\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x2c\xd5\x50\x41\x97\x15\x8b\xf0\x8f\x36\x61\x5b\x4a\xfb\x6b\xd9\x99\xc9\x33\x92\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5a\x70\x7f\x2c\xdd\xb7\x34\x4f\xf5\x86\x51\xa9\x26\xbe\x4b\xb8\xaa\xf1\x71\x0d\xdc\x61\xc7\xa0\xea\x34\x1e\x7a\x77\x0f\x04\x35\xe8\x27\x8f\x6c\x90\xbf\x91\x16\x24\x46\x3e\x4a\x4e\xce\x2b\x16\xd5\x0b\x52\x1d\xfc\x1f\x67\xa2\x02\x45\x31\x4f\xce\xf3\xfa\x03\xa7\x79\x9d\x53\x6a\xd9\xda\x63\x3a\xf8\x80\xd7\xd3\x99\xe1\xa5\xe1\xbe\xd4\x55\x71\x98\x35\x3a\xbe\x93\xea\xae\xad\x42\xb2\x90\x6f\xe0\xfc\x21\x4d\x35\x63\x33\x89\x49\xd6\x9b\x4e\xca\xc7\xe7\x4e\x09\x00\xf7\xda\xc7\xef\x99\x62\x99\x77\xb6\x95\x22\x5e\x8a\xa0\xab\xf4\xb8\x78\x98\xca\x38\x19\x99\xc9\x72\x9e\x78\xcd\x4b\xac\xaf\x19\xa0\x73\x12\x2d\xfc\xc2\x41\xba\x81\x91\xda\x16\x5a\x31\xb7\xf9\xb4\x71\x80\x12\x48\x99\x72\x73\x5a\x59\x53\xc1\x63\x52\x33\xed\xa7\xc9\xd2\x39\x02\x70\xfa\xe0\xb1\x42\x66\x29\xaa\x9b\x51\xed\x30\x54\x22\x14\x5f\xd9\xab\x1d\xc1\xe4\x94\xf0\xf8\xf5\x2b\xf7\xea\xca\x78\x46\xd6\xb8\x91\xfd\xa6\x0d\x2b\x1a\x14\x01\x3e\x80\xf0\x42\xa0\x95\x07\x5e\x6d\xcd\xcc\x4b\xa4\x45\x8d\xab\x12\xe8\xb3\xde\x5a\xe5\xa0\x7c\xe8\x0f\x22\x1d\x5a\xe9\x59", + ["thawte Primary Root CA"] = "\x30\x82\x04\x20\x30\x82\x03\x08\xa0\x03\x02\x01\x02\x02\x10\x34\x4e\xd5\x57\x20\xd5\xed\xec\x49\xf4\x2f\xce\x37\xdb\x2b\x6d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xa9\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x38\x30\x36\x06\x03\x55\x04\x0b\x13\x2f\x28\x63\x29\x20\x32\x30\x30\x36\x20\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x36\x31\x31\x31\x37\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xa9\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x38\x30\x36\x06\x03\x55\x04\x0b\x13\x2f\x28\x63\x29\x20\x32\x30\x30\x36\x20\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xac\xa0\xf0\xfb\x80\x59\xd4\x9c\xc7\xa4\xcf\x9d\xa1\x59\x73\x09\x10\x45\x0c\x0d\x2c\x6e\x68\xf1\x6c\x5b\x48\x68\x49\x59\x37\xfc\x0b\x33\x19\xc2\x77\x7f\xcc\x10\x2d\x95\x34\x1c\xe6\xeb\x4d\x09\xa7\x1c\xd2\xb8\xc9\x97\x36\x02\xb7\x89\xd4\x24\x5f\x06\xc0\xcc\x44\x94\x94\x8d\x02\x62\x6f\xeb\x5a\xdd\x11\x8d\x28\x9a\x5c\x84\x90\x10\x7a\x0d\xbd\x74\x66\x2f\x6a\x38\xa0\xe2\xd5\x54\x44\xeb\x1d\x07\x9f\x07\xba\x6f\xee\xe9\xfd\x4e\x0b\x29\xf5\x3e\x84\xa0\x01\xf1\x9c\xab\xf8\x1c\x7e\x89\xa4\xe8\xa1\xd8\x71\x65\x0d\xa3\x51\x7b\xee\xbc\xd2\x22\x60\x0d\xb9\x5b\x9d\xdf\xba\xfc\x51\x5b\x0b\xaf\x98\xb2\xe9\x2e\xe9\x04\xe8\x62\x87\xde\x2b\xc8\xd7\x4e\xc1\x4c\x64\x1e\xdd\xcf\x87\x58\xba\x4a\x4f\xca\x68\x07\x1d\x1c\x9d\x4a\xc6\xd5\x2f\x91\xcc\x7c\x71\x72\x1c\xc5\xc0\x67\xeb\x32\xfd\xc9\x92\x5c\x94\xda\x85\xc0\x9b\xbf\x53\x7d\x2b\x09\xf4\x8c\x9d\x91\x1f\x97\x6a\x52\xcb\xde\x09\x36\xa4\x77\xd8\x7b\x87\x50\x44\xd5\x3e\x6e\x29\x69\xfb\x39\x49\x26\x1e\x09\xa5\x80\x7b\x40\x2d\xeb\xe8\x27\x85\xc9\xfe\x61\xfd\x7e\xe6\x7c\x97\x1d\xd5\x9d\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x7b\x5b\x45\xcf\xaf\xce\xcb\x7a\xfd\x31\x92\x1a\x6a\xb6\xf3\x46\xeb\x57\x48\x50\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x79\x11\xc0\x4b\xb3\x91\xb6\xfc\xf0\xe9\x67\xd4\x0d\x6e\x45\xbe\x55\xe8\x93\xd2\xce\x03\x3f\xed\xda\x25\xb0\x1d\x57\xcb\x1e\x3a\x76\xa0\x4c\xec\x50\x76\xe8\x64\x72\x0c\xa4\xa9\xf1\xb8\x8b\xd6\xd6\x87\x84\xbb\x32\xe5\x41\x11\xc0\x77\xd9\xb3\x60\x9d\xeb\x1b\xd5\xd1\x6e\x44\x44\xa9\xa6\x01\xec\x55\x62\x1d\x77\xb8\x5c\x8e\x48\x49\x7c\x9c\x3b\x57\x11\xac\xad\x73\x37\x8e\x2f\x78\x5c\x90\x68\x47\xd9\x60\x60\xe6\xfc\x07\x3d\x22\x20\x17\xc4\xf7\x16\xe9\xc4\xd8\x72\xf9\xc8\x73\x7c\xdf\x16\x2f\x15\xa9\x3e\xfd\x6a\x27\xb6\xa1\xeb\x5a\xba\x98\x1f\xd5\xe3\x4d\x64\x0a\x9d\x13\xc8\x61\xba\xf5\x39\x1c\x87\xba\xb8\xbd\x7b\x22\x7f\xf6\xfe\xac\x40\x79\xe5\xac\x10\x6f\x3d\x8f\x1b\x79\x76\x8b\xc4\x37\xb3\x21\x18\x84\xe5\x36\x00\xeb\x63\x20\x99\xb9\xe9\xfe\x33\x04\xbb\x41\xc8\xc1\x02\xf9\x44\x63\x20\x9e\x81\xce\x42\xd3\xd6\x3f\x2c\x76\xd3\x63\x9c\x59\xdd\x8f\xa6\xe1\x0e\xa0\x2e\x41\xf7\x2e\x95\x47\xcf\xbc\xfd\x33\xf3\xf6\x0b\x61\x7e\x7e\x91\x2b\x81\x47\xc2\x27\x30\xee\xa7\x10\x5d\x37\x8f\x5c\x39\x2b\xe4\x04\xf0\x7b\x8d\x56\x8c\x68", + ["VeriSign Class 3 Public Primary Certification Authority - G5"] = "\x30\x82\x04\xd3\x30\x82\x03\xbb\xa0\x03\x02\x01\x02\x02\x10\x18\xda\xd1\x9e\x26\x7d\xe8\xbb\x4a\x21\x58\xcd\xcc\x6b\x3b\x4a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x32\x30\x30\x36\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x35\x30\x1e\x17\x0d\x30\x36\x31\x31\x30\x38\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x32\x30\x30\x36\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x35\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xaf\x24\x08\x08\x29\x7a\x35\x9e\x60\x0c\xaa\xe7\x4b\x3b\x4e\xdc\x7c\xbc\x3c\x45\x1c\xbb\x2b\xe0\xfe\x29\x02\xf9\x57\x08\xa3\x64\x85\x15\x27\xf5\xf1\xad\xc8\x31\x89\x5d\x22\xe8\x2a\xaa\xa6\x42\xb3\x8f\xf8\xb9\x55\xb7\xb1\xb7\x4b\xb3\xfe\x8f\x7e\x07\x57\xec\xef\x43\xdb\x66\x62\x15\x61\xcf\x60\x0d\xa4\xd8\xde\xf8\xe0\xc3\x62\x08\x3d\x54\x13\xeb\x49\xca\x59\x54\x85\x26\xe5\x2b\x8f\x1b\x9f\xeb\xf5\xa1\x91\xc2\x33\x49\xd8\x43\x63\x6a\x52\x4b\xd2\x8f\xe8\x70\x51\x4d\xd1\x89\x69\x7b\xc7\x70\xf6\xb3\xdc\x12\x74\xdb\x7b\x5d\x4b\x56\xd3\x96\xbf\x15\x77\xa1\xb0\xf4\xa2\x25\xf2\xaf\x1c\x92\x67\x18\xe5\xf4\x06\x04\xef\x90\xb9\xe4\x00\xe4\xdd\x3a\xb5\x19\xff\x02\xba\xf4\x3c\xee\xe0\x8b\xeb\x37\x8b\xec\xf4\xd7\xac\xf2\xf6\xf0\x3d\xaf\xdd\x75\x91\x33\x19\x1d\x1c\x40\xcb\x74\x24\x19\x21\x93\xd9\x14\xfe\xac\x2a\x52\xc7\x8f\xd5\x04\x49\xe4\x8d\x63\x47\x88\x3c\x69\x83\xcb\xfe\x47\xbd\x2b\x7e\x4f\xc5\x95\xae\x0e\x9d\xd4\xd1\x43\xc0\x67\x73\xe3\x14\x08\x7e\xe5\x3f\x9f\x73\xb8\x33\x0a\xcf\x5d\x3f\x34\x87\x96\x8a\xee\x53\xe8\x25\x15\x02\x03\x01\x00\x01\xa3\x81\xb2\x30\x81\xaf\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x6d\x06\x08\x2b\x06\x01\x05\x05\x07\x01\x0c\x04\x61\x30\x5f\xa1\x5d\xa0\x5b\x30\x59\x30\x57\x30\x55\x16\x09\x69\x6d\x61\x67\x65\x2f\x67\x69\x66\x30\x21\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14\x8f\xe5\xd3\x1a\x86\xac\x8d\x8e\x6b\xc3\xcf\x80\x6a\xd4\x48\x18\x2c\x7b\x19\x2e\x30\x25\x16\x23\x68\x74\x74\x70\x3a\x2f\x2f\x6c\x6f\x67\x6f\x2e\x76\x65\x72\x69\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x76\x73\x6c\x6f\x67\x6f\x2e\x67\x69\x66\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x7f\xd3\x65\xa7\xc2\xdd\xec\xbb\xf0\x30\x09\xf3\x43\x39\xfa\x02\xaf\x33\x31\x33\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x93\x24\x4a\x30\x5f\x62\xcf\xd8\x1a\x98\x2f\x3d\xea\xdc\x99\x2d\xbd\x77\xf6\xa5\x79\x22\x38\xec\xc4\xa7\xa0\x78\x12\xad\x62\x0e\x45\x70\x64\xc5\xe7\x97\x66\x2d\x98\x09\x7e\x5f\xaf\xd6\xcc\x28\x65\xf2\x01\xaa\x08\x1a\x47\xde\xf9\xf9\x7c\x92\x5a\x08\x69\x20\x0d\xd9\x3e\x6d\x6e\x3c\x0d\x6e\xd8\xe6\x06\x91\x40\x18\xb9\xf8\xc1\xed\xdf\xdb\x41\xaa\xe0\x96\x20\xc9\xcd\x64\x15\x38\x81\xc9\x94\xee\xa2\x84\x29\x0b\x13\x6f\x8e\xdb\x0c\xdd\x25\x02\xdb\xa4\x8b\x19\x44\xd2\x41\x7a\x05\x69\x4a\x58\x4f\x60\xca\x7e\x82\x6a\x0b\x02\xaa\x25\x17\x39\xb5\xdb\x7f\xe7\x84\x65\x2a\x95\x8a\xbd\x86\xde\x5e\x81\x16\x83\x2d\x10\xcc\xde\xfd\xa8\x82\x2a\x6d\x28\x1f\x0d\x0b\xc4\xe5\xe7\x1a\x26\x19\xe1\xf4\x11\x6f\x10\xb5\x95\xfc\xe7\x42\x05\x32\xdb\xce\x9d\x51\x5e\x28\xb6\x9e\x85\xd3\x5b\xef\xa5\x7d\x45\x40\x72\x8e\xb7\x0e\x6b\x0e\x06\xfb\x33\x35\x48\x71\xb8\x9d\x27\x8b\xc4\x65\x5f\x0d\x86\x76\x9c\x44\x7a\xf6\x95\x5c\xf6\x5d\x32\x08\x33\xa4\x54\xb6\x18\x3f\x68\x5c\xf2\x42\x4a\x85\x38\x54\x83\x5f\xd1\xe8\x2c\xf2\xac\x11\xd6\xa8\xed\x63\x6a", + ["SecureTrust CA"] = "\x30\x82\x03\xb8\x30\x82\x02\xa0\xa0\x03\x02\x01\x02\x02\x10\x0c\xf0\x8e\x5c\x08\x16\xa5\xad\x42\x7f\xf0\xeb\x27\x18\x59\xd0\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x48\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x13\x17\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x6f\x72\x70\x6f\x72\x61\x74\x69\x6f\x6e\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x36\x31\x31\x30\x37\x31\x39\x33\x31\x31\x38\x5a\x17\x0d\x32\x39\x31\x32\x33\x31\x31\x39\x34\x30\x35\x35\x5a\x30\x48\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x13\x17\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x6f\x72\x70\x6f\x72\x61\x74\x69\x6f\x6e\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xab\xa4\x81\xe5\x95\xcd\xf5\xf6\x14\x8e\xc2\x4f\xca\xd4\xe2\x78\x95\x58\x9c\x41\xe1\x0d\x99\x40\x24\x17\x39\x91\x33\x66\xe9\xbe\xe1\x83\xaf\x62\x5c\x89\xd1\xfc\x24\x5b\x61\xb3\xe0\x11\x11\x41\x1c\x1d\x6e\xf0\xb8\xbb\xf8\xde\xa7\x81\xba\xa6\x48\xc6\x9f\x1d\xbd\xbe\x8e\xa9\x41\x3e\xb8\x94\xed\x29\x1a\xd4\x8e\xd2\x03\x1d\x03\xef\x6d\x0d\x67\x1c\x57\xd7\x06\xad\xca\xc8\xf5\xfe\x0e\xaf\x66\x25\x48\x04\x96\x0b\x5d\xa3\xba\x16\xc3\x08\x4f\xd1\x46\xf8\x14\x5c\xf2\xc8\x5e\x01\x99\x6d\xfd\x88\xcc\x86\xa8\xc1\x6f\x31\x42\x6c\x52\x3e\x68\xcb\xf3\x19\x34\xdf\xbb\x87\x18\x56\x80\x26\xc4\xd0\xdc\xc0\x6f\xdf\xde\xa0\xc2\x91\x16\xa0\x64\x11\x4b\x44\xbc\x1e\xf6\xe7\xfa\x63\xde\x66\xac\x76\xa4\x71\xa3\xec\x36\x94\x68\x7a\x77\xa4\xb1\xe7\x0e\x2f\x81\x7a\xe2\xb5\x72\x86\xef\xa2\x6b\x8b\xf0\x0f\xdb\xd3\x59\x3f\xba\x72\xbc\x44\x24\x9c\xe3\x73\xb3\xf7\xaf\x57\x2f\x42\x26\x9d\xa9\x74\xba\x00\x52\xf2\x4b\xcd\x53\x7c\x47\x0b\x36\x85\x0e\x66\xa9\x08\x97\x16\x34\x57\xc1\x66\xf7\x80\xe3\xed\x70\x54\xc7\x93\xe0\x2e\x28\x15\x59\x87\xba\xbb\x02\x03\x01\x00\x01\xa3\x81\x9d\x30\x81\x9a\x30\x13\x06\x09\x2b\x06\x01\x04\x01\x82\x37\x14\x02\x04\x06\x1e\x04\x00\x43\x00\x41\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x86\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x42\x32\xb6\x16\xfa\x04\xfd\xfe\x5d\x4b\x7a\xc3\xfd\xf7\x4c\x40\x1d\x5a\x43\xaf\x30\x34\x06\x03\x55\x1d\x1f\x04\x2d\x30\x2b\x30\x29\xa0\x27\xa0\x25\x86\x23\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x73\x65\x63\x75\x72\x65\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x2f\x53\x54\x43\x41\x2e\x63\x72\x6c\x30\x10\x06\x09\x2b\x06\x01\x04\x01\x82\x37\x15\x01\x04\x03\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x30\xed\x4f\x4a\xe1\x58\x3a\x52\x72\x5b\xb5\xa6\xa3\x65\x18\xa6\xbb\x51\x3b\x77\xe9\x9d\xea\xd3\x9f\x5c\xe0\x45\x65\x7b\x0d\xca\x5b\xe2\x70\x50\xb2\x94\x05\x14\xae\x49\xc7\x8d\x41\x07\x12\x73\x94\x7e\x0c\x23\x21\xfd\xbc\x10\x7f\x60\x10\x5a\x72\xf5\x98\x0e\xac\xec\xb9\x7f\xdd\x7a\x6f\x5d\xd3\x1c\xf4\xff\x88\x05\x69\x42\xa9\x05\x71\xc8\xb7\xac\x26\xe8\x2e\xb4\x8c\x6a\xff\x71\xdc\xb8\xb1\xdf\x99\xbc\x7c\x21\x54\x2b\xe4\x58\xa2\xbb\x57\x29\xae\x9e\xa9\xa3\x19\x26\x0f\x99\x2e\x08\xb0\xef\xfd\x69\xcf\x99\x1a\x09\x8d\xe3\xa7\x9f\x2b\xc9\x36\x34\x7b\x24\xb3\x78\x4c\x95\x17\xa4\x06\x26\x1e\xb6\x64\x52\x36\x5f\x60\x67\xd9\x9c\xc5\x05\x74\x0b\xe7\x67\x23\xd2\x08\xfc\x88\xe9\xae\x8b\x7f\xe1\x30\xf4\x37\x7e\xfd\xc6\x32\xda\x2d\x9e\x44\x30\x30\x6c\xee\x07\xde\xd2\x34\xfc\xd2\xff\x40\xf6\x4b\xf4\x66\x46\x06\x54\xa6\xf2\x32\x0a\x63\x26\x30\x6b\x9b\xd1\xdc\x8b\x47\xba\xe1\xb9\xd5\x62\xd0\xa2\xa0\xf4\x67\x05\x78\x29\x63\x1a\x6f\x04\xd6\xf8\xc6\x4c\xa3\x9a\xb1\x37\xb4\x8d\xe5\x28\x4b\x1d\x9e\x2c\xc2\xb8\x68\xbc\xed\x02\xee\x31", + ["Secure Global CA"] = "\x30\x82\x03\xbc\x30\x82\x02\xa4\xa0\x03\x02\x01\x02\x02\x10\x07\x56\x22\xa4\xe8\xd4\x8a\x89\x4d\xf4\x13\xc8\xf0\xf8\xea\xa5\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x13\x17\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x6f\x72\x70\x6f\x72\x61\x74\x69\x6f\x6e\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x65\x63\x75\x72\x65\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x41\x30\x1e\x17\x0d\x30\x36\x31\x31\x30\x37\x31\x39\x34\x32\x32\x38\x5a\x17\x0d\x32\x39\x31\x32\x33\x31\x31\x39\x35\x32\x30\x36\x5a\x30\x4a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x13\x17\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x6f\x72\x70\x6f\x72\x61\x74\x69\x6f\x6e\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x65\x63\x75\x72\x65\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xaf\x35\x2e\xd8\xac\x6c\x55\x69\x06\x71\xe5\x13\x68\x24\xb3\x4f\xd8\xcc\x21\x47\xf8\xf1\x60\x38\x89\x89\x03\xe9\xbd\xea\x5e\x46\x53\x09\xdc\x5c\xf5\x5a\xe8\xf7\x45\x2a\x02\xeb\x31\x61\xd7\x29\x33\x4c\xce\xc7\x7c\x0a\x37\x7e\x0f\xba\x32\x98\xe1\x1d\x97\xaf\x8f\xc7\xdc\xc9\x38\x96\xf3\xdb\x1a\xfc\x51\xed\x68\xc6\xd0\x6e\xa4\x7c\x24\xd1\xae\x42\xc8\x96\x50\x63\x2e\xe0\xfe\x75\xfe\x98\xa7\x5f\x49\x2e\x95\xe3\x39\x33\x64\x8e\x1e\xa4\x5f\x90\xd2\x67\x3c\xb2\xd9\xfe\x41\xb9\x55\xa7\x09\x8e\x72\x05\x1e\x8b\xdd\x44\x85\x82\x42\xd0\x49\xc0\x1d\x60\xf0\xd1\x17\x2c\x95\xeb\xf6\xa5\xc1\x92\xa3\xc5\xc2\xa7\x08\x60\x0d\x60\x04\x10\x96\x79\x9e\x16\x34\xe6\xa9\xb6\xfa\x25\x45\x39\xc8\x1e\x65\xf9\x93\xf5\xaa\xf1\x52\xdc\x99\x98\x3d\xa5\x86\x1a\x0c\x35\x33\xfa\x4b\xa5\x04\x06\x15\x1c\x31\x80\xef\xaa\x18\x6b\xc2\x7b\xd7\xda\xce\xf9\x33\x20\xd5\xf5\xbd\x6a\x33\x2d\x81\x04\xfb\xb0\x5c\xd4\x9c\xa3\xe2\x5c\x1d\xe3\xa9\x42\x75\x5e\x7b\xd4\x77\xef\x39\x54\xba\xc9\x0a\x18\x1b\x12\x99\x49\x2f\x88\x4b\xfd\x50\x62\xd1\x73\xe7\x8f\x7a\x43\x02\x03\x01\x00\x01\xa3\x81\x9d\x30\x81\x9a\x30\x13\x06\x09\x2b\x06\x01\x04\x01\x82\x37\x14\x02\x04\x06\x1e\x04\x00\x43\x00\x41\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x86\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xaf\x44\x04\xc2\x41\x7e\x48\x83\xdb\x4e\x39\x02\xec\xec\x84\x7a\xe6\xce\xc9\xa4\x30\x34\x06\x03\x55\x1d\x1f\x04\x2d\x30\x2b\x30\x29\xa0\x27\xa0\x25\x86\x23\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x73\x65\x63\x75\x72\x65\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x2f\x53\x47\x43\x41\x2e\x63\x72\x6c\x30\x10\x06\x09\x2b\x06\x01\x04\x01\x82\x37\x15\x01\x04\x03\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x63\x1a\x08\x40\x7d\xa4\x5e\x53\x0d\x77\xd8\x7a\xae\x1f\x0d\x0b\x51\x16\x03\xef\x18\x7c\xc8\xe3\xaf\x6a\x58\x93\x14\x60\x91\xb2\x84\xdc\x88\x4e\xbe\x39\x8a\x3a\xf3\xe6\x82\x89\x5d\x01\x37\xb3\xab\x24\xa4\x15\x0e\x92\x35\x5a\x4a\x44\x5e\x4e\x57\xfa\x75\xce\x1f\x48\xce\x66\xf4\x3c\x40\x26\x92\x98\x6c\x1b\xee\x24\x46\x0c\x17\xb3\x52\xa5\xdb\xa5\x91\x91\xcf\x37\xd3\x6f\xe7\x27\x08\x3a\x4e\x19\x1f\x3a\xa7\x58\x5c\x17\xcf\x79\x3f\x8b\xe4\xa7\xd3\x26\x23\x9d\x26\x0f\x58\x69\xfc\x47\x7e\xb2\xd0\x8d\x8b\x93\xbf\x29\x4f\x43\x69\x74\x76\x67\x4b\xcf\x07\x8c\xe6\x02\xf7\xb5\xe1\xb4\x43\xb5\x4b\x2d\x14\x9f\xf9\xdc\x26\x0d\xbf\xa6\x47\x74\x06\xd8\x88\xd1\x3a\x29\x30\x84\xce\xd2\x39\x80\x62\x1b\xa8\xc7\x57\x49\xbc\x6a\x55\x51\x67\x15\x4a\xbe\x35\x07\xe4\xd5\x75\x98\x37\x79\x30\x14\xdb\x29\x9d\x6c\xc5\x69\xcc\x47\x55\xa2\x30\xf7\xcc\x5c\x7f\xc2\xc3\x98\x1c\x6b\x4e\x16\x80\xeb\x7a\x78\x65\x45\xa2\x00\x1a\xaf\x0c\x0d\x55\x64\x34\x48\xb8\x92\xb9\xf1\xb4\x50\x29\xf2\x4f\x23\x1f\xda\x6c\xac\x1f\x44\xe1\xdd\x23\x78\x51\x5b\xc7\x16", + ["COMODO Certification Authority"] = "\x30\x82\x04\x1d\x30\x82\x03\x05\xa0\x03\x02\x01\x02\x02\x10\x4e\x81\x2d\x8a\x82\x65\xe0\x0b\x02\xee\x3e\x35\x02\x46\xe5\x3d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x81\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x13\x11\x43\x4f\x4d\x4f\x44\x4f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1e\x43\x4f\x4d\x4f\x44\x4f\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x36\x31\x32\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x39\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\x81\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x13\x11\x43\x4f\x4d\x4f\x44\x4f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1e\x43\x4f\x4d\x4f\x44\x4f\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xd0\x40\x8b\x8b\x72\xe3\x91\x1b\xf7\x51\xc1\x1b\x54\x04\x98\xd3\xa9\xbf\xc1\xe6\x8a\x5d\x3b\x87\xfb\xbb\x88\xce\x0d\xe3\x2f\x3f\x06\x96\xf0\xa2\x29\x50\x99\xae\xdb\x3b\xa1\x57\xb0\x74\x51\x71\xcd\xed\x42\x91\x4d\x41\xfe\xa9\xc8\xd8\x6a\x86\x77\x44\xbb\x59\x66\x97\x50\x5e\xb4\xd4\x2c\x70\x44\xcf\xda\x37\x95\x42\x69\x3c\x30\xc4\x71\xb3\x52\xf0\x21\x4d\xa1\xd8\xba\x39\x7c\x1c\x9e\xa3\x24\x9d\xf2\x83\x16\x98\xaa\x16\x7c\x43\x9b\x15\x5b\xb7\xae\x34\x91\xfe\xd4\x62\x26\x18\x46\x9a\x3f\xeb\xc1\xf9\xf1\x90\x57\xeb\xac\x7a\x0d\x8b\xdb\x72\x30\x6a\x66\xd5\xe0\x46\xa3\x70\xdc\x68\xd9\xff\x04\x48\x89\x77\xde\xb5\xe9\xfb\x67\x6d\x41\xe9\xbc\x39\xbd\x32\xd9\x62\x02\xf1\xb1\xa8\x3d\x6e\x37\x9c\xe2\x2f\xe2\xd3\xa2\x26\x8b\xc6\xb8\x55\x43\x88\xe1\x23\x3e\xa5\xd2\x24\x39\x6a\x47\xab\x00\xd4\xa1\xb3\xa9\x25\xfe\x0d\x3f\xa7\x1d\xba\xd3\x51\xc1\x0b\xa4\xda\xac\x38\xef\x55\x50\x24\x05\x65\x46\x93\x34\x4f\x2d\x8d\xad\xc6\xd4\x21\x19\xd2\x8e\xca\x05\x61\x71\x07\x73\x47\xe5\x8a\x19\x12\xbd\x04\x4d\xce\x4e\x9c\xa5\x48\xac\xbb\x26\xf7\x02\x03\x01\x00\x01\xa3\x81\x8e\x30\x81\x8b\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x0b\x58\xe5\x8b\xc6\x4c\x15\x37\xa4\x40\xa9\x30\xa9\x21\xbe\x47\x36\x5a\x56\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x49\x06\x03\x55\x1d\x1f\x04\x42\x30\x40\x30\x3e\xa0\x3c\xa0\x3a\x86\x38\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f\x63\x61\x2e\x63\x6f\x6d\x2f\x43\x4f\x4d\x4f\x44\x4f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x2e\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3e\x98\x9e\x9b\xf6\x1b\xe9\xd7\x39\xb7\x78\xae\x1d\x72\x18\x49\xd3\x87\xe4\x43\x82\xeb\x3f\xc9\xaa\xf5\xa8\xb5\xef\x55\x7c\x21\x52\x65\xf9\xd5\x0d\xe1\x6c\xf4\x3e\x8c\x93\x73\x91\x2e\x02\xc4\x4e\x07\x71\x6f\xc0\x8f\x38\x61\x08\xa8\x1e\x81\x0a\xc0\x2f\x20\x2f\x41\x8b\x91\xdc\x48\x45\xbc\xf1\xc6\xde\xba\x76\x6b\x33\xc8\x00\x2d\x31\x46\x4c\xed\xe7\x9d\xcf\x88\x94\xff\x33\xc0\x56\xe8\x24\x86\x26\xb8\xd8\x38\x38\xdf\x2a\x6b\xdd\x12\xcc\xc7\x3f\x47\x17\x4c\xa2\xc2\x06\x96\x09\xd6\xdb\xfe\x3f\x3c\x46\x41\xdf\x58\xe2\x56\x0f\x3c\x3b\xc1\x1c\x93\x35\xd9\x38\x52\xac\xee\xc8\xec\x2e\x30\x4e\x94\x35\xb4\x24\x1f\x4b\x78\x69\xda\xf2\x02\x38\xcc\x95\x52\x93\xf0\x70\x25\x59\x9c\x20\x67\xc4\xee\xf9\x8b\x57\x61\xf4\x92\x76\x7d\x3f\x84\x8d\x55\xb7\xe8\xe5\xac\xd5\xf1\xf5\x19\x56\xa6\x5a\xfb\x90\x1c\xaf\x93\xeb\xe5\x1c\xd4\x67\x97\x5d\x04\x0e\xbe\x0b\x83\xa6\x17\x83\xb9\x30\x12\xa0\xc5\x33\x15\x05\xb9\x0d\xfb\xc7\x05\x76\xe3\xd8\x4a\x8d\xfc\x34\x17\xa3\xc6\x21\x28\xbe\x30\x45\x31\x1e\xc7\x78\xbe\x58\x61\x38\xac\x3b\xe2\x01\x65", + ["DigiNotar Root CA"] = "\x30\x82\x05\x8a\x30\x82\x03\x72\xa0\x03\x02\x01\x02\x02\x10\x0c\x76\xda\x9c\x91\x0c\x4e\x2c\x9e\xfe\x15\xd0\x58\x93\x3c\x4c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x5f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4c\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x13\x09\x44\x69\x67\x69\x4e\x6f\x74\x61\x72\x31\x1a\x30\x18\x06\x03\x55\x04\x03\x13\x11\x44\x69\x67\x69\x4e\x6f\x74\x61\x72\x20\x52\x6f\x6f\x74\x20\x43\x41\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x64\x69\x67\x69\x6e\x6f\x74\x61\x72\x2e\x6e\x6c\x30\x1e\x17\x0d\x30\x37\x30\x35\x31\x36\x31\x37\x31\x39\x33\x36\x5a\x17\x0d\x32\x35\x30\x33\x33\x31\x31\x38\x31\x39\x32\x31\x5a\x30\x5f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4c\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x13\x09\x44\x69\x67\x69\x4e\x6f\x74\x61\x72\x31\x1a\x30\x18\x06\x03\x55\x04\x03\x13\x11\x44\x69\x67\x69\x4e\x6f\x74\x61\x72\x20\x52\x6f\x6f\x74\x20\x43\x41\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x64\x69\x67\x69\x6e\x6f\x74\x61\x72\x2e\x6e\x6c\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xac\xb0\x58\xc1\x00\xbd\xd8\x21\x08\x0b\x2b\x9a\xfe\x6e\x56\x30\x05\x9f\x1b\x77\x90\x10\x41\x5c\xc3\x0d\x87\x11\x77\x8e\x81\xf1\xca\x7c\xe9\x8c\x6a\xed\x38\x74\x35\xbb\xda\xdf\xf9\xbb\xc0\x09\x37\xb4\x96\x73\x81\x7d\x33\x1a\x98\x39\xf7\x93\x6f\x95\x7f\x3d\xb9\xb1\x75\x87\xba\x51\x48\xe8\x8b\x70\x3e\x95\x04\xc5\xd8\xb6\xc3\x16\xd9\x88\xb0\xb1\x87\x1d\x70\xda\x86\xb4\x0f\x14\x8b\x7a\xcf\x10\xd1\x74\x36\xa2\x12\x7b\x77\x86\x4a\x79\xe6\x7b\xdf\x02\x11\x68\xa5\x4e\x86\xae\x34\x58\x9b\x24\x13\x78\x56\x22\x25\x1e\x01\x8b\x4b\x51\x71\xfb\x82\xcc\x59\x96\x69\x88\x5a\x68\x53\xc5\xb9\x0d\x02\x37\xcb\x4b\xbc\x66\x4a\x90\x7e\x2a\x0b\x05\x07\xed\x16\x5f\x55\x90\x75\xd8\x46\xc9\x1b\x83\xe2\x08\xbe\xf1\x23\xcc\x99\x1d\xd6\x2a\x0f\x83\x20\x15\x58\x27\x82\x2e\xfa\xe2\x22\xc2\x49\xb1\xb9\x01\x81\x6a\x9d\x6d\x9d\x40\x77\x68\x76\x4e\x21\x2a\x6d\x84\x40\x85\x4e\x76\x99\x7c\x82\xf3\xf3\xb7\x02\x59\xd4\x26\x01\x1b\x8e\xdf\xad\x53\x06\xd1\xae\x18\xdd\xe2\xb2\x3a\xcb\xd7\x88\x38\x8e\xac\x5b\x29\xb9\x19\xd3\x98\xf9\x18\x03\xcf\x48\x82\x86\x66\x0b\x1b\x69\x0f\xc9\xeb\x38\x88\x7a\x26\x1a\x05\x4c\x92\xd7\x24\xd4\x96\xf2\xac\x52\x2d\xa3\x47\xd5\x52\xf6\x3f\xfe\xce\x84\x06\x70\xa6\xaa\x3e\xa2\xf2\xb6\x56\x34\x18\x57\xa2\xe4\x81\x6d\xe7\xca\xf0\x6a\xd3\xc7\x91\x6b\x02\x83\x41\x7c\x15\xef\x6b\x9a\x64\x5e\xe3\xd0\x3c\xe5\xb1\xeb\x7b\x5d\x86\xfb\xcb\xe6\x77\x49\xcd\xa3\x65\xdc\xf7\xb9\x9c\xb8\xe4\x0b\x5f\x93\xcf\xcc\x30\x1a\x32\x1c\xce\x1c\x63\x95\xa5\xf9\xea\xe1\x74\x8b\x9e\xe9\x2b\xa9\x30\x7b\xa0\x18\x1f\x0e\x18\x0b\xe5\x5b\xa9\xd3\xd1\x6c\x1e\x07\x67\x8f\x91\x4b\xa9\x8a\xbc\xd2\x66\xaa\x93\x01\x88\xb2\x91\xfa\x31\x5c\xd5\xa6\xc1\x52\x08\x09\xcd\x0a\x63\xa2\xd3\x22\xa6\xe8\xa1\xd9\x39\x06\x97\xf5\x6e\x8d\x02\x90\x8c\x14\x7b\x3f\x80\xcd\x1b\x9c\xba\xc4\x58\x72\x23\xaf\xb6\x56\x9f\xc6\x7a\x42\x33\x29\x07\x3f\x82\xc9\xe6\x1f\x05\x0d\xcd\x4c\x28\x36\x8b\xd3\xc8\x3e\x1c\xc6\x88\xef\x5e\xee\x89\x64\xe9\x1d\xeb\xda\x89\x7e\x32\xa6\x69\xd1\xdd\xcc\x88\x9f\xd1\xd0\xc9\x66\x21\xdc\x06\x67\xc5\x94\x7a\x9a\x6d\x62\x4c\x7d\xcc\xe0\x64\x80\xb2\x9e\x47\x8e\xa3\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x88\x68\xbf\xe0\x8e\x35\xc4\x3b\x38\x6b\x62\xf7\x28\x3b\x84\x81\xc8\x0c\xd7\x4d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x3b\x02\x8d\xcb\x3c\x30\xe8\x6e\xa0\xad\xf2\x73\xb3\x5f\x9e\x25\x13\x04\x05\xd3\xf6\xe3\x8b\xbb\x0b\x79\xce\x53\xde\xe4\x96\xc5\xd1\xaf\x73\xbc\xd5\xc3\xd0\x40\x55\x7c\x40\x7f\xcd\x1b\x5f\x09\xd5\xf2\x7c\x9f\x68\x1d\xbb\x5d\xce\x7a\x39\xc2\x8c\xd6\x98\x7b\xc5\x83\x55\xa8\xd5\x7d\x40\xca\xe0\x1e\xf7\x89\x5e\x63\x5d\xa1\x13\xc2\x5d\x8a\xb6\x8a\x7c\x00\xf3\x23\xc3\xed\x85\x5f\x71\x76\xf0\x68\x63\xaa\x45\x21\x39\x48\x61\x78\x36\xdc\xf1\x43\x93\xd4\x25\xc7\xf2\x80\x65\xe1\x53\x02\x75\x51\xfc\x7a\x3a\xef\x37\xab\x84\x28\x57\x0c\xd8\xd4\xd4\x99\x56\x6c\xe3\xa2\xfe\x59\x84\xb4\x31\xe8\x33\xf8\x64\x94\x94\x51\x97\xab\x39\xc5\x4b\xed\xda\xdd\x80\x0b\x6f\x7c\x29\x0d\xc4\x8e\x8a\x72\x0d\xe7\x53\x14\xb2\x60\x41\x3d\x84\x91\x31\x68\x3d\x27\x44\xdb\xe5\xde\xf4\xfa\x63\x45\xc8\x4c\x3e\x98\xf5\x3f\x41\xba\x4e\xcb\x37\x0d\xba\x66\x98\xf1\xdd\xcb\x9f\x5c\xf7\x54\x36\x82\x6b\x2c\xbc\x13\x61\x97\x42\xf8\x78\xbb\xcc\xc8\xa2\x9f\xca\xf0\x68\xbd\x6b\x1d\xb2\xdf\x8d\x6f\x07\x9d\xda\x8e\x67\xc7\x47\x1e\xca\xb9\xbf\x2a\x42\x91\xb7\x63\x53\x66\xf1\x42\xa3\xe1\xf4\x5a\x4d\x58\x6b\xb5\xe4\xa4\x33\xad\x5c\x70\x1d\xdc\xe0\xf2\xeb\x73\x14\x91\x9a\x03\xc1\xea\x00\x65\xbc\x07\xfc\xcf\x12\x11\x22\x2c\xae\xa0\xbd\x3a\xe0\xa2\x2a\xd8\x59\xe9\x29\xd3\x18\x35\xa4\xac\x11\x5f\x19\xb5\xb5\x1b\xff\x22\x4a\x5c\xc6\x7a\xe4\x17\xef\x20\xa9\xa7\xf4\x3f\xad\x8a\xa7\x9a\x04\x25\x9d\x0e\xca\x37\xe6\x50\xfd\x8c\x42\x29\x04\x9a\xec\xb9\xcf\x4b\x72\xbd\xe2\x08\x36\xaf\x23\x2f\x62\xe5\xca\x01\xd3\x70\xdb\x7c\x82\x23\x2c\x16\x31\x0c\xc6\x36\x07\x90\x7a\xb1\x1f\x67\x58\xc4\x3b\x58\x59\x89\xb0\x8c\x8c\x50\xb3\xd8\x86\xcb\x68\xa3\xc4\x0a\xe7\x69\x4b\x20\xce\xc1\x1e\x56\x4b\x95\xa9\x23\x68\xd8\x30\xd8\xc3\xeb\xb0\x55\x51\xcd\xe5\xfd\x2b\xb8\xf5\xbb\x11\x9f\x53\x54\xf6\x34\x19\x8c\x79\x09\x36\xca\x61\x17\x25\x17\x0b\x82\x98\x73\x0c\x77\x74\xc3\xd5\x0d\xc7\xa8\x12\x4c\xc7\xa7\x54\x71\x47\x2e\x2c\x1a\x7d\xc9\xe3\x2b\x3b\x48\xde\x27\x84\xa7\x63\x36\xb3\x7d\x8f\xa0\x64\x39\x24\x0d\x3d\x7b\x87\xaf\x66\x5c\x74\x1b\x4b\x73\xb2\xe5\x8c\xf0\x86\x99\xb8\xe5\xc5\xdf\x84\xc1\xb7\xeb", + ["Network Solutions Certificate Authority"] = "\x30\x82\x03\xe6\x30\x82\x02\xce\xa0\x03\x02\x01\x02\x02\x10\x57\xcb\x33\x6f\xc2\x5c\x16\xe6\x47\x16\x17\xe3\x90\x31\x68\xe0\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x62\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1f\x06\x03\x55\x04\x0a\x13\x18\x4e\x65\x74\x77\x6f\x72\x6b\x20\x53\x6f\x6c\x75\x74\x69\x6f\x6e\x73\x20\x4c\x2e\x4c\x2e\x43\x2e\x31\x30\x30\x2e\x06\x03\x55\x04\x03\x13\x27\x4e\x65\x74\x77\x6f\x72\x6b\x20\x53\x6f\x6c\x75\x74\x69\x6f\x6e\x73\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x36\x31\x32\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x39\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x62\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1f\x06\x03\x55\x04\x0a\x13\x18\x4e\x65\x74\x77\x6f\x72\x6b\x20\x53\x6f\x6c\x75\x74\x69\x6f\x6e\x73\x20\x4c\x2e\x4c\x2e\x43\x2e\x31\x30\x30\x2e\x06\x03\x55\x04\x03\x13\x27\x4e\x65\x74\x77\x6f\x72\x6b\x20\x53\x6f\x6c\x75\x74\x69\x6f\x6e\x73\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xe4\xbc\x7e\x92\x30\x6d\xc6\xd8\x8e\x2b\x0b\xbc\x46\xce\xe0\x27\x96\xde\xde\xf9\xfa\x12\xd3\x3c\x33\x73\xb3\x04\x2f\xbc\x71\x8c\xe5\x9f\xb6\x22\x60\x3e\x5f\x5d\xce\x09\xff\x82\x0c\x1b\x9a\x51\x50\x1a\x26\x89\xdd\xd5\x61\x5d\x19\xdc\x12\x0f\x2d\x0a\xa2\x43\x5d\x17\xd0\x34\x92\x20\xea\x73\xcf\x38\x2c\x06\x26\x09\x7a\x72\xf7\xfa\x50\x32\xf8\xc2\x93\xd3\x69\xa2\x23\xce\x41\xb1\xcc\xe4\xd5\x1f\x36\xd1\x8a\x3a\xf8\x8c\x63\xe2\x14\x59\x69\xed\x0d\xd3\x7f\x6b\xe8\xb8\x03\xe5\x4f\x6a\xe5\x98\x63\x69\x48\x05\xbe\x2e\xff\x33\xb6\xe9\x97\x59\x69\xf8\x67\x19\xae\x93\x61\x96\x44\x15\xd3\x72\xb0\x3f\xbc\x6a\x7d\xec\x48\x7f\x8d\xc3\xab\xaa\x71\x2b\x53\x69\x41\x53\x34\xb5\xb0\xb9\xc5\x06\x0a\xc4\xb0\x45\xf5\x41\x5d\x6e\x89\x45\x7b\x3d\x3b\x26\x8c\x74\xc2\xe5\xd2\xd1\x7d\xb2\x11\xd4\xfb\x58\x32\x22\x9a\x80\xc9\xdc\xfd\x0c\xe9\x7f\x5e\x03\x97\xce\x3b\x00\x14\x87\x27\x70\x38\xa9\x8e\x6e\xb3\x27\x76\x98\x51\xe0\x05\xe3\x21\xab\x1a\xd5\x85\x22\x3c\x29\xb5\x9a\x16\xc5\x80\xa8\xf4\xbb\x6b\x30\x8f\x2f\x46\x02\xa2\xb1\x0c\x22\xe0\xd3\x02\x03\x01\x00\x01\xa3\x81\x97\x30\x81\x94\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x21\x30\xc9\xfb\x00\xd7\x4e\x98\xda\x87\xaa\x2a\xd0\xa7\x2e\xb1\x40\x31\xa7\x4c\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x52\x06\x03\x55\x1d\x1f\x04\x4b\x30\x49\x30\x47\xa0\x45\xa0\x43\x86\x41\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x6e\x65\x74\x73\x6f\x6c\x73\x73\x6c\x2e\x63\x6f\x6d\x2f\x4e\x65\x74\x77\x6f\x72\x6b\x53\x6f\x6c\x75\x74\x69\x6f\x6e\x73\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x2e\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xbb\xae\x4b\xe7\xb7\x57\xeb\x7f\xaa\x2d\xb7\x73\x47\x85\x6a\xc1\xe4\xa5\x1d\xe4\xe7\x3c\xe9\xf4\x59\x65\x77\xb5\x7a\x5b\x5a\x8d\x25\x36\xe0\x7a\x97\x2e\x38\xc0\x57\x60\x83\x98\x06\x83\x9f\xb9\x76\x7a\x6e\x50\xe0\xba\x88\x2c\xfc\x45\xcc\x18\xb0\x99\x95\x51\x0e\xec\x1d\xb8\x88\xff\x87\x50\x1c\x82\xc2\xe3\xe0\x32\x80\xbf\xa0\x0b\x47\xc8\xc3\x31\xef\x99\x67\x32\x80\x4f\x17\x21\x79\x0c\x69\x5c\xde\x5e\x34\xae\x02\xb5\x26\xea\x50\xdf\x7f\x18\x65\x2c\xc9\xf2\x63\xe1\xa9\x07\xfe\x7c\x71\x1f\x6b\x33\x24\x6a\x1e\x05\xf7\x05\x68\xc0\x6a\x12\xcb\x2e\x5e\x61\xcb\xae\x28\xd3\x7e\xc2\xb4\x66\x91\x26\x5f\x3c\x2e\x24\x5f\xcb\x58\x0f\xeb\x28\xec\xaf\x11\x96\xf3\xdc\x7b\x6f\xc0\xa7\x88\xf2\x53\x77\xb3\x60\x5e\xae\xae\x28\xda\x35\x2c\x6f\x34\x45\xd3\x26\xe1\xde\xec\x5b\x4f\x27\x6b\x16\x7c\xbd\x44\x04\x18\x82\xb3\x89\x79\x17\x10\x71\x3d\x7a\xa2\x16\x4e\xf5\x01\xcd\xa4\x6c\x65\x68\xa1\x49\x76\x5c\x43\xc9\xd8\xbc\x36\x67\x6c\xa5\x94\xb5\xd4\xcc\xb9\xbd\x6a\x35\x56\x21\xde\xd8\xc3\xeb\xfb\xcb\xa4\x60\x4c\xb0\x55\xa0\xa0\x7b\x57\xb2", + ["WellsSecure Public Root Certificate Authority"] = "\x30\x82\x04\xbd\x30\x82\x03\xa5\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x85\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x0c\x17\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x57\x65\x6c\x6c\x73\x53\x65\x63\x75\x72\x65\x31\x1c\x30\x1a\x06\x03\x55\x04\x0b\x0c\x13\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x42\x61\x6e\x6b\x20\x4e\x41\x31\x36\x30\x34\x06\x03\x55\x04\x03\x0c\x2d\x57\x65\x6c\x6c\x73\x53\x65\x63\x75\x72\x65\x20\x50\x75\x62\x6c\x69\x63\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x37\x31\x32\x31\x33\x31\x37\x30\x37\x35\x34\x5a\x17\x0d\x32\x32\x31\x32\x31\x34\x30\x30\x30\x37\x35\x34\x5a\x30\x81\x85\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x0c\x17\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x57\x65\x6c\x6c\x73\x53\x65\x63\x75\x72\x65\x31\x1c\x30\x1a\x06\x03\x55\x04\x0b\x0c\x13\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x42\x61\x6e\x6b\x20\x4e\x41\x31\x36\x30\x34\x06\x03\x55\x04\x03\x0c\x2d\x57\x65\x6c\x6c\x73\x53\x65\x63\x75\x72\x65\x20\x50\x75\x62\x6c\x69\x63\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xee\x6f\xb4\xbd\x79\xe2\x8f\x08\x21\x9e\x38\x04\x41\x25\xef\xab\x5b\x1c\x53\x92\xac\x6d\x9e\xdd\xc2\xc4\x2e\x45\x94\x03\x35\x88\x67\x74\x57\xe3\xdf\x8c\xb8\xa7\x76\x8f\x3b\xf7\xa8\xc4\xdb\x29\x63\x0e\x91\x68\x36\x8a\x97\x8e\x8a\x71\x68\x09\x07\xe4\xe8\xd4\x0e\x4f\xf8\xd6\x2b\x4c\xa4\x16\xf9\xef\x43\x98\x8f\xb3\x9e\x52\xdf\x6d\x91\x39\x8f\x38\xbd\x77\x8b\x43\x63\xeb\xb7\x93\xfc\x30\x4c\x1c\x01\x93\xb6\x13\xfb\xf7\xa1\x1f\xbf\x25\xe1\x74\x37\x2c\x1e\xa4\x5e\x3c\x68\xf8\x4b\xbf\x0d\xb9\x1e\x2e\x36\xe8\xa9\xe4\xa7\xf8\x0f\xcb\x82\x75\x7c\x35\x2d\x22\xd6\xc2\xbf\x0b\xf3\xb4\xfc\x6c\x95\x61\x1e\x57\xd7\x04\x81\x32\x83\x52\x79\xe6\x83\x63\xcf\xb7\xcb\x63\x8b\x11\xe2\xbd\x5e\xeb\xf6\x8d\xed\x95\x72\x28\xb4\xac\x12\x62\xe9\x4a\x33\xe6\x83\x32\xae\x05\x75\x95\xbd\x84\x95\xdb\x2a\x5c\x9b\x8e\x2e\x0c\xb8\x81\x2b\x41\xe6\x38\x56\x9f\x49\x9b\x6c\x76\xfa\x8a\x5d\xf7\x01\x79\x81\x7c\xc1\x83\x40\x05\xfe\x71\xfd\x0c\x3f\xcc\x4e\x60\x09\x0e\x65\x47\x10\x2f\x01\xc0\x05\x3f\x8f\xf8\xb3\x41\xef\x5a\x42\x7e\x59\xef\xd2\x97\x0c\x65\x02\x03\x01\x00\x01\xa3\x82\x01\x34\x30\x82\x01\x30\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x39\x06\x03\x55\x1d\x1f\x04\x32\x30\x30\x30\x2e\xa0\x2c\xa0\x2a\x86\x28\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x70\x6b\x69\x2e\x77\x65\x6c\x6c\x73\x66\x61\x72\x67\x6f\x2e\x63\x6f\x6d\x2f\x77\x73\x70\x72\x63\x61\x2e\x63\x72\x6c\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xc6\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x26\x95\x19\x10\xd9\xe8\xa1\x97\x91\xff\xdc\x19\xd9\xb5\x04\x3e\xd2\x73\x0a\x6a\x30\x81\xb2\x06\x03\x55\x1d\x23\x04\x81\xaa\x30\x81\xa7\x80\x14\x26\x95\x19\x10\xd9\xe8\xa1\x97\x91\xff\xdc\x19\xd9\xb5\x04\x3e\xd2\x73\x0a\x6a\xa1\x81\x8b\xa4\x81\x88\x30\x81\x85\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x0c\x17\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x57\x65\x6c\x6c\x73\x53\x65\x63\x75\x72\x65\x31\x1c\x30\x1a\x06\x03\x55\x04\x0b\x0c\x13\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x42\x61\x6e\x6b\x20\x4e\x41\x31\x36\x30\x34\x06\x03\x55\x04\x03\x0c\x2d\x57\x65\x6c\x6c\x73\x53\x65\x63\x75\x72\x65\x20\x50\x75\x62\x6c\x69\x63\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x82\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xb9\x15\xb1\x44\x91\xcc\x23\xc8\x2b\x4d\x77\xe3\xf8\x9a\x7b\x27\x0d\xcd\x72\xbb\x99\x00\xca\x7c\x66\x19\x50\xc6\xd5\x98\xed\xab\xbf\x03\x5a\xe5\x4d\xe5\x1e\xc8\x4f\x71\x97\x86\xd5\xe3\x1d\xfd\x90\xc9\x3c\x75\x77\x57\x7a\x7d\xf8\xde\xf4\xd4\xd5\xf7\x95\xe6\x74\x6e\x1d\x3c\xae\x7c\x9d\xdb\x02\x03\x05\x2c\x71\x4b\x25\x3e\x07\xe3\x5e\x9a\xf5\x66\x17\x29\x88\x1a\x38\x9f\xcf\xaa\x41\x03\x84\x97\x6b\x93\x38\x7a\xca\x30\x44\x1b\x24\x44\x33\xd0\xe4\xd1\xdc\x28\x38\xf4\x13\x43\x35\x35\x29\x63\xa8\x7c\xa2\xb5\xad\x38\xa4\xed\xad\xfd\xc6\x9a\x1f\xff\x97\x73\xfe\xfb\xb3\x35\xa7\x93\x86\xc6\x76\x91\x00\xe6\xac\x51\x16\xc4\x27\x32\x5c\xdb\x73\xda\xa5\x93\x57\x8e\x3e\x6d\x35\x26\x08\x59\xd5\xe7\x44\xd7\x76\x20\x63\xe7\xac\x13\x67\xc3\x6d\xb1\x70\x46\x7c\xd5\x96\x11\x3d\x89\x6f\x5d\xa8\xa1\xeb\x8d\x0a\xda\xc3\x1d\x33\x6c\xa3\xea\x67\x19\x9a\x99\x7f\x4b\x3d\x83\x51\x2a\x1d\xca\x2f\x86\x0c\xa2\x7e\x10\x2d\x2b\xd4\x16\x95\x0b\x07\xaa\x2e\x14\x92\x49\xb7\x29\x6f\xd8\x6d\x31\x7d\xf5\xfc\xa1\x10\x07\x87\xce\x2f\x59\xdc\x3e\x58\xdb", + ["COMODO ECC Certification Authority"] = "\x30\x82\x02\x89\x30\x82\x02\x0f\xa0\x03\x02\x01\x02\x02\x10\x1f\x47\xaf\xaa\x62\x00\x70\x50\x54\x4c\x01\x9e\x9b\x63\x99\x2a\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x30\x81\x85\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x13\x11\x43\x4f\x4d\x4f\x44\x4f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x2b\x30\x29\x06\x03\x55\x04\x03\x13\x22\x43\x4f\x4d\x4f\x44\x4f\x20\x45\x43\x43\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x38\x30\x33\x30\x36\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5a\x30\x81\x85\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x13\x11\x43\x4f\x4d\x4f\x44\x4f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x2b\x30\x29\x06\x03\x55\x04\x03\x13\x22\x43\x4f\x4d\x4f\x44\x4f\x20\x45\x43\x43\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x76\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04\x00\x22\x03\x62\x00\x04\x03\x47\x7b\x2f\x75\xc9\x82\x15\x85\xfb\x75\xe4\x91\x16\xd4\xab\x62\x99\xf5\x3e\x52\x0b\x06\xce\x41\x00\x7f\x97\xe1\x0a\x24\x3c\x1d\x01\x04\xee\x3d\xd2\x8d\x09\x97\x0c\xe0\x75\xe4\xfa\xfb\x77\x8a\x2a\xf5\x03\x60\x4b\x36\x8b\x16\x23\x16\xad\x09\x71\xf4\x4a\xf4\x28\x50\xb4\xfe\x88\x1c\x6e\x3f\x6c\x2f\x2f\x09\x59\x5b\xa5\x5b\x0b\x33\x99\xe2\xc3\x3d\x89\xf9\x6a\x2c\xef\xb2\xd3\x06\xe9\xa3\x42\x30\x40\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x75\x71\xa7\x19\x48\x19\xbc\x9d\x9d\xea\x41\x47\xdf\x94\xc4\x48\x77\x99\xd3\x79\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x03\x68\x00\x30\x65\x02\x31\x00\xef\x03\x5b\x7a\xac\xb7\x78\x0a\x72\xb7\x88\xdf\xff\xb5\x46\x14\x09\x0a\xfa\xa0\xe6\x7d\x08\xc6\x1a\x87\xbd\x18\xa8\x73\xbd\x26\xca\x60\x0c\x9d\xce\x99\x9f\xcf\x5c\x0f\x30\xe1\xbe\x14\x31\xea\x02\x30\x14\xf4\x93\x3c\x49\xa7\x33\x7a\x90\x46\x47\xb3\x63\x7d\x13\x9b\x4e\xb7\x6f\x18\x37\x80\x53\xfe\xdd\x20\xe0\x35\x9a\x36\xd1\xc7\x01\xb9\xe6\xdc\xdd\xf3\xff\x1d\x2c\x3a\x16\x57\xd9\x92\x39\xd6", + ["IGC/A"] = "\x30\x82\x04\x02\x30\x82\x02\xea\xa0\x03\x02\x01\x02\x02\x05\x39\x11\x45\x10\x94\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x85\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x0f\x30\x0d\x06\x03\x55\x04\x08\x13\x06\x46\x72\x61\x6e\x63\x65\x31\x0e\x30\x0c\x06\x03\x55\x04\x07\x13\x05\x50\x61\x72\x69\x73\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x50\x4d\x2f\x53\x47\x44\x4e\x31\x0e\x30\x0c\x06\x03\x55\x04\x0b\x13\x05\x44\x43\x53\x53\x49\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x49\x47\x43\x2f\x41\x31\x23\x30\x21\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x14\x69\x67\x63\x61\x40\x73\x67\x64\x6e\x2e\x70\x6d\x2e\x67\x6f\x75\x76\x2e\x66\x72\x30\x1e\x17\x0d\x30\x32\x31\x32\x31\x33\x31\x34\x32\x39\x32\x33\x5a\x17\x0d\x32\x30\x31\x30\x31\x37\x31\x34\x32\x39\x32\x32\x5a\x30\x81\x85\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x0f\x30\x0d\x06\x03\x55\x04\x08\x13\x06\x46\x72\x61\x6e\x63\x65\x31\x0e\x30\x0c\x06\x03\x55\x04\x07\x13\x05\x50\x61\x72\x69\x73\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x50\x4d\x2f\x53\x47\x44\x4e\x31\x0e\x30\x0c\x06\x03\x55\x04\x0b\x13\x05\x44\x43\x53\x53\x49\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x49\x47\x43\x2f\x41\x31\x23\x30\x21\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x14\x69\x67\x63\x61\x40\x73\x67\x64\x6e\x2e\x70\x6d\x2e\x67\x6f\x75\x76\x2e\x66\x72\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb2\x1f\xd1\xd0\x62\xc5\x33\x3b\xc0\x04\x86\x88\xb3\xdc\xf8\x88\xf7\xfd\xdf\x43\xdf\x7a\x8d\x9a\x49\x5c\xf6\x4e\xaa\xcc\x1c\xb9\xa1\xeb\x27\x89\xf2\x46\xe9\x3b\x4a\x71\xd5\x1d\x8e\x2d\xcf\xe6\xad\xab\x63\x50\xc7\x54\x0b\x6e\x12\xc9\x90\x36\xc6\xd8\x2f\xda\x91\xaa\x68\xc5\x72\xfe\x17\x0a\xb2\x17\x7e\x79\xb5\x32\x88\x70\xca\x70\xc0\x96\x4a\x8e\xe4\x55\xcd\x1d\x27\x94\xbf\xce\x72\x2a\xec\x5c\xf9\x73\x20\xfe\xbd\xf7\x2e\x89\x67\xb8\xbb\x47\x73\x12\xf7\xd1\x35\x69\x3a\xf2\x0a\xb9\xae\xff\x46\x42\x46\xa2\xbf\xa1\x85\x1a\xf9\xbf\xe4\xff\x49\x85\xf7\xa3\x70\x86\x32\x1c\x5d\x9f\x60\xf7\xa9\xad\xa5\xff\xcf\xd1\x34\xf9\x7d\x5b\x17\xc6\xdc\xd6\x0e\x28\x6b\xc2\xdd\xf1\xf5\x33\x68\x9d\x4e\xfc\x87\x7c\x36\x12\xd6\xa3\x80\xe8\x43\x0d\x55\x61\x94\xea\x64\x37\x47\xea\x77\xca\xd0\xb2\x58\x05\xc3\x5d\x7e\xb1\xa8\x46\x90\x31\x56\xce\x70\x2a\x96\xb2\x30\xb8\x77\xe6\x79\xc0\xbd\x29\x3b\xfd\x94\x77\x4c\xbd\x20\xcd\x41\x25\xe0\x2e\xc7\x1b\xbb\xee\xa4\x04\x41\xd2\x5d\xad\x12\x6a\x8a\x9b\x47\xfb\xc9\xdd\x46\x40\xe1\x9d\x3c\x33\xd0\xb5\x02\x03\x01\x00\x01\xa3\x77\x30\x75\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x46\x30\x15\x06\x03\x55\x1d\x20\x04\x0e\x30\x0c\x30\x0a\x06\x08\x2a\x81\x7a\x01\x79\x01\x01\x01\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xa3\x05\x2f\x18\x60\x50\xc2\x89\x0a\xdd\x2b\x21\x4f\xff\x8e\x4e\xa8\x30\x31\x36\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xa3\x05\x2f\x18\x60\x50\xc2\x89\x0a\xdd\x2b\x21\x4f\xff\x8e\x4e\xa8\x30\x31\x36\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x05\xdc\x26\xd8\xfa\x77\x15\x44\x68\xfc\x2f\x66\x3a\x74\xe0\x5d\xe4\x29\xff\x06\x07\x13\x84\x4a\xab\xcf\x6d\xa0\x1f\x51\x94\xf8\x49\xcb\x74\x36\x14\xbc\x15\xdd\xdb\x89\x2f\xdd\x8f\xa0\x5d\x7c\xf5\x12\xeb\x9f\x9e\x38\xa4\x47\xcc\xb3\x96\xd9\xbe\x9c\x25\xab\x03\x7e\x33\x0f\x95\x81\x0d\xfd\x16\xe0\x88\xbe\x37\xf0\x6c\x5d\xd0\x31\x9b\x32\x2b\x5d\x17\x65\x93\x98\x60\xbc\x6e\x8f\xb1\xa8\x3c\x1e\xd9\x1c\xf3\xa9\x26\x42\xf9\x64\x1d\xc2\xe7\x92\xf6\xf4\x1e\x5a\xaa\x19\x52\x5d\xaf\xe8\xa2\xf7\x60\xa0\xf6\x8d\xf0\x89\xf5\x6e\xe0\x0a\x05\x01\x95\xc9\x8b\x20\x0a\xba\x5a\xfc\x9a\x2c\x3c\xbd\xc3\xb7\xc9\x5d\x78\x25\x05\x3f\x56\x14\x9b\x0c\xda\xfb\x3a\x48\xfe\x97\x69\x5e\xca\x10\x86\xf7\x4e\x96\x04\x08\x4d\xec\xb0\xbe\x5d\xdc\x3b\x8e\x4f\xc1\xfd\x9a\x36\x34\x9a\x4c\x54\x7e\x17\x03\x48\x95\x08\x11\x1c\x07\x6f\x85\x08\x7e\x5d\x4d\xc4\x9d\xdb\xfb\xae\xce\xb2\xd1\xb3\xb8\x83\x6c\x1d\xb2\xb3\x79\xf1\xd8\x70\x99\x7e\xf0\x13\x02\xce\x5e\xdd\x51\xd3\xdf\x36\x81\xa1\x1b\x78\x2f\x71\xb3\xf1\x59\x4c\x46\x18\x28\xab\x85\xd2\x60\x56\x5a", + ["Security Communication EV RootCA1"] = "\x30\x82\x03\x7d\x30\x82\x02\x65\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x60\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x25\x30\x23\x06\x03\x55\x04\x0a\x13\x1c\x53\x45\x43\x4f\x4d\x20\x54\x72\x75\x73\x74\x20\x53\x79\x73\x74\x65\x6d\x73\x20\x43\x4f\x2e\x2c\x4c\x54\x44\x2e\x31\x2a\x30\x28\x06\x03\x55\x04\x0b\x13\x21\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6f\x6d\x6d\x75\x6e\x69\x63\x61\x74\x69\x6f\x6e\x20\x45\x56\x20\x52\x6f\x6f\x74\x43\x41\x31\x30\x1e\x17\x0d\x30\x37\x30\x36\x30\x36\x30\x32\x31\x32\x33\x32\x5a\x17\x0d\x33\x37\x30\x36\x30\x36\x30\x32\x31\x32\x33\x32\x5a\x30\x60\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x25\x30\x23\x06\x03\x55\x04\x0a\x13\x1c\x53\x45\x43\x4f\x4d\x20\x54\x72\x75\x73\x74\x20\x53\x79\x73\x74\x65\x6d\x73\x20\x43\x4f\x2e\x2c\x4c\x54\x44\x2e\x31\x2a\x30\x28\x06\x03\x55\x04\x0b\x13\x21\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6f\x6d\x6d\x75\x6e\x69\x63\x61\x74\x69\x6f\x6e\x20\x45\x56\x20\x52\x6f\x6f\x74\x43\x41\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbc\x7f\xec\x57\x9b\x24\xe0\xfe\x9c\xba\x42\x79\xa9\x88\x8a\xfa\x80\xe0\xf5\x07\x29\x43\xea\x8e\x0a\x34\x36\x8d\x1c\xfa\xa7\xb5\x39\x78\xff\x97\x75\xf7\x2f\xe4\xaa\x6b\x04\x84\x44\xca\xa6\xe2\x68\x8e\xfd\x55\x50\x62\x0f\xa4\x71\x0e\xce\x07\x38\x2d\x42\x85\x50\xad\x3c\x96\x6f\x8b\xd5\xa2\x0e\xcf\xde\x49\x89\x3d\xd6\x64\x2e\x38\xe5\x1e\x6c\xb5\x57\x8a\x9e\xef\x48\x0e\xcd\x7a\x69\x16\x87\x44\xb5\x90\xe4\x06\x9d\xae\xa1\x04\x97\x58\x79\xef\x20\x4a\x82\x6b\x8c\x22\xbf\xec\x1f\x0f\xe9\x84\x71\xed\xf1\x0e\xe4\xb8\x18\x13\xcc\x56\x36\x5d\xd1\x9a\x1e\x51\x6b\x39\x6e\x60\x76\x88\x34\x0b\xf3\xb3\xd1\xb0\x9d\xca\x61\xe2\x64\x1d\xc1\x46\x07\xb8\x63\xdd\x1e\x33\x65\xb3\x8e\x09\x55\x52\x3d\xb5\xbd\xff\x07\xeb\xad\x61\x55\x18\x2c\xa9\x69\x98\x4a\xaa\x40\xc5\x33\x14\x65\x74\x00\xf9\x91\xde\xaf\x03\x48\xc5\x40\x54\xdc\x0f\x84\x90\x68\x20\xc5\x92\x96\xdc\x2e\xe5\x02\x45\xaa\xc0\x5f\x54\xf8\x6d\xea\x49\xcf\x5d\x6c\x4b\xaf\xef\x9a\xc2\x56\x5c\xc6\x35\x56\x42\x6a\x30\x5f\xc2\xab\xf6\xe2\x3d\x3f\xb3\xc9\x11\x8f\x31\x4c\xd7\x9f\x49\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x35\x4a\xf5\x4d\xaf\x3f\xd7\x82\x38\xac\xab\x71\x65\x17\x75\x8c\x9d\x55\x93\xe6\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xa8\x87\xe9\xec\xf8\x40\x67\x5d\xc3\xc1\x66\xc7\x40\x4b\x97\xfc\x87\x13\x90\x5a\xc4\xef\xa0\xca\x5f\x8b\xb7\xa7\xb7\xf1\xd6\xb5\x64\xb7\x8a\xb3\xb8\x1b\xcc\xda\xfb\xac\x66\x88\x41\xce\xe8\xfc\xe4\xdb\x1e\x88\xa6\xed\x27\x50\x1b\x02\x30\x24\x46\x79\xfe\x04\x87\x70\x97\x40\x73\xd1\xc0\xc1\x57\x19\x9a\x69\xa5\x27\x99\xab\x9d\x62\x84\xf6\x51\xc1\x2c\xc9\x23\x15\xd8\x28\xb7\xab\x25\x13\xb5\x46\xe1\x86\x02\xff\x26\x8c\xc4\x88\x92\x1d\x56\xfe\x19\x67\xf2\x55\xe4\x80\xa3\x6b\x9c\xab\x77\xe1\x51\x71\x0d\x20\xdb\x10\x9a\xdb\xbd\x76\x79\x07\x77\x99\x28\xad\x9a\x5e\xda\xb1\x4f\x44\x2c\x35\x8e\xa5\x96\xc7\xfd\x83\xf0\x58\xc6\x79\xd6\x98\x7c\xa8\x8d\xfe\x86\x3e\x07\x16\x92\xe1\x7b\xe7\x1d\xec\x33\x76\x7e\x42\x2e\x4a\x85\xf9\x91\x89\x68\x84\x03\x81\xa5\x9b\x9a\xbe\xe3\x37\xc5\x54\xab\x56\x3b\x18\x2d\x41\xa4\x0c\xf8\x42\xdb\x99\xa0\xe0\x72\x6f\xbb\x5d\xe1\x16\x4f\x53\x0a\x64\xf9\x4e\xf4\xbf\x4e\x54\xbd\x78\x6c\x88\xea\xbf\x9c\x13\x24\xc2\x70\x69\xa2\x7f\x0f\xc8\x3c\xad\x08\xc9\xb0\x98\x40\xa3\x2a\xe7\x88\x83\xed\x77\x8f\x74", + ["OISTE WISeKey Global Root GA CA"] = "\x30\x82\x03\xf1\x30\x82\x02\xd9\xa0\x03\x02\x01\x02\x02\x10\x41\x3d\x72\xc7\xf4\x6b\x1f\x81\x43\x7d\xf1\xd2\x28\x54\xdf\x9a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x8a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x57\x49\x53\x65\x4b\x65\x79\x31\x1b\x30\x19\x06\x03\x55\x04\x0b\x13\x12\x43\x6f\x70\x79\x72\x69\x67\x68\x74\x20\x28\x63\x29\x20\x32\x30\x30\x35\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x4f\x49\x53\x54\x45\x20\x46\x6f\x75\x6e\x64\x61\x74\x69\x6f\x6e\x20\x45\x6e\x64\x6f\x72\x73\x65\x64\x31\x28\x30\x26\x06\x03\x55\x04\x03\x13\x1f\x4f\x49\x53\x54\x45\x20\x57\x49\x53\x65\x4b\x65\x79\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x20\x47\x41\x20\x43\x41\x30\x1e\x17\x0d\x30\x35\x31\x32\x31\x31\x31\x36\x30\x33\x34\x34\x5a\x17\x0d\x33\x37\x31\x32\x31\x31\x31\x36\x30\x39\x35\x31\x5a\x30\x81\x8a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x57\x49\x53\x65\x4b\x65\x79\x31\x1b\x30\x19\x06\x03\x55\x04\x0b\x13\x12\x43\x6f\x70\x79\x72\x69\x67\x68\x74\x20\x28\x63\x29\x20\x32\x30\x30\x35\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x4f\x49\x53\x54\x45\x20\x46\x6f\x75\x6e\x64\x61\x74\x69\x6f\x6e\x20\x45\x6e\x64\x6f\x72\x73\x65\x64\x31\x28\x30\x26\x06\x03\x55\x04\x03\x13\x1f\x4f\x49\x53\x54\x45\x20\x57\x49\x53\x65\x4b\x65\x79\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x20\x47\x41\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xcb\x4f\xb3\x00\x9b\x3d\x36\xdd\xf9\xd1\x49\x6a\x6b\x10\x49\x1f\xec\xd8\x2b\xb2\xc6\xf8\x32\x81\x29\x43\x95\x4c\x9a\x19\x23\x21\x15\x45\xde\xe3\xc8\x1c\x51\x55\x5b\xae\x93\xe8\x37\xff\x2b\x6b\xe9\xd4\xea\xbe\x2a\xdd\xa8\x51\x2b\xd7\x66\xc3\x61\x5c\x60\x02\xc8\xf5\xce\x72\x7b\x3b\xb8\xf2\x4e\x65\x08\x9a\xcd\xa4\x6a\x19\xc1\x01\xbb\x73\xa6\xd7\xf6\xc3\xdd\xcd\xbc\xa4\x8b\xb5\x99\x61\xb8\x01\xa2\xa3\xd4\x4d\xd4\x05\x3d\x91\xad\xf8\xb4\x08\x71\x64\xaf\x70\xf1\x1c\x6b\x7e\xf6\xc3\x77\x9d\x24\x73\x7b\xe4\x0c\x8c\xe1\xd9\x36\xe1\x99\x8b\x05\x99\x0b\xed\x45\x31\x09\xca\xc2\x00\xdb\xf7\x72\xa0\x96\xaa\x95\x87\xd0\x8e\xc7\xb6\x61\x73\x0d\x76\x66\x8c\xdc\x1b\xb4\x63\xa2\x9f\x7f\x93\x13\x30\xf1\xa1\x27\xdb\xd9\xff\x2c\x55\x88\x91\xa0\xe0\x4f\x07\xb0\x28\x56\x8c\x18\x1b\x97\x44\x8e\x89\xdd\xe0\x17\x6e\xe7\x2a\xef\x8f\x39\x0a\x31\x84\x82\xd8\x40\x14\x49\x2e\x7a\x41\xe4\xa7\xfe\xe3\x64\xcc\xc1\x59\x71\x4b\x2c\x21\xa7\x5b\x7d\xe0\x1d\xd1\x2e\x81\x9b\xc3\xd8\x68\xf7\xbd\x96\x1b\xac\x70\xb1\x16\x14\x0b\xdb\x60\xb9\x26\x01\x05\x02\x03\x01\x00\x01\xa3\x51\x30\x4f\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x86\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xb3\x03\x7e\xae\x36\xbc\xb0\x79\xd1\xdc\x94\x26\xb6\x11\xbe\x21\xb2\x69\x86\x94\x30\x10\x06\x09\x2b\x06\x01\x04\x01\x82\x37\x15\x01\x04\x03\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4b\xa1\xff\x0b\x87\x6e\xb3\xf9\xc1\x43\xb1\x48\xf3\x28\xc0\x1d\x2e\xc9\x09\x41\xfa\x94\x00\x1c\xa4\xa4\xab\x49\x4f\x8f\x3d\x1e\xef\x4d\x6f\xbd\xbc\xa4\xf6\xf2\x26\x30\xc9\x10\xca\x1d\x88\xfb\x74\x19\x1f\x85\x45\xbd\xb0\x6c\x51\xf9\x36\x7e\xdb\xf5\x4c\x32\x3a\x41\x4f\x5b\x47\xcf\xe8\x0b\x2d\xb6\xc4\x19\x9d\x74\xc5\x47\xc6\x3b\x6a\x0f\xac\x14\xdb\x3c\xf4\x73\x9c\xa9\x05\xdf\x00\xdc\x74\x78\xfa\xf8\x35\x60\x59\x02\x13\x18\x7c\xbc\xfb\x4d\xb0\x20\x6d\x43\xbb\x60\x30\x7a\x67\x33\x5c\xc5\x99\xd1\xf8\x2d\x39\x52\x73\xfb\x8c\xaa\x97\x25\x5c\x72\xd9\x08\x1e\xab\x4e\x3c\xe3\x81\x31\x9f\x03\xa6\xfb\xc0\xfe\x29\x88\x55\xda\x84\xd5\x50\x03\xb6\xe2\x84\xa3\xa6\x36\xaa\x11\x3a\x01\xe1\x18\x4b\xd6\x44\x68\xb3\x3d\xf9\x53\x74\x84\xb3\x46\x91\x46\x96\x00\xb7\x80\x2c\xb6\xe1\xe3\x10\xe2\xdb\xa2\xe7\x28\x8f\x01\x96\x62\x16\x3e\x00\xe3\x1c\xa5\x36\x81\x18\xa2\x4c\x52\x76\xc0\x11\xa3\x6e\xe6\x1d\xba\xe3\x5a\xbe\x36\x53\xc5\x3e\x75\x8f\x86\x69\x29\x58\x53\xb5\x9c\xbb\x6f\x9f\x5c\xc5\x18\xec\xdd\x2f\xe1\x98\xc9\xfc\xbe\xdf\x0a\x0d", + ["Microsec e-Szigno Root CA"] = "\x30\x82\x07\xa8\x30\x82\x06\x90\xa0\x03\x02\x01\x02\x02\x11\x00\xcc\xb8\xe7\xbf\x4e\x29\x1a\xfd\xa2\xdc\x66\xa5\x1c\x2c\x0f\x11\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x72\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x4c\x74\x64\x2e\x31\x14\x30\x12\x06\x03\x55\x04\x0b\x13\x0b\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x43\x41\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x35\x30\x34\x30\x36\x31\x32\x32\x38\x34\x34\x5a\x17\x0d\x31\x37\x30\x34\x30\x36\x31\x32\x32\x38\x34\x34\x5a\x30\x72\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x4c\x74\x64\x2e\x31\x14\x30\x12\x06\x03\x55\x04\x0b\x13\x0b\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x43\x41\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xed\xc8\x00\xd5\x81\x7b\xcd\x38\x00\x47\xcc\xdb\x84\xc1\x21\x69\x2c\x74\x90\x0c\x21\xd9\x53\x87\xed\x3e\x43\x44\x53\xaf\xab\xf8\x80\x9b\x3c\x78\x8d\xd4\x8d\xae\xb8\xef\xd3\x11\xdc\x81\xe6\xcf\x3b\x96\x8c\xd6\x6f\x15\xc6\x77\x7e\xa1\x2f\xe0\x5f\x92\xb6\x27\xd7\x76\x9a\x1d\x43\x3c\xea\xd9\xec\x2f\xee\x39\xf3\x6a\x67\x4b\x8b\x82\xcf\x22\xf8\x65\x55\xfe\x2c\xcb\x2f\x7d\x48\x7a\x3d\x75\xf9\xaa\xa0\x27\xbb\x78\xc2\x06\xca\x51\xc2\x7e\x66\x4b\xaf\xcd\xa2\xa7\x4d\x02\x82\x3f\x82\xac\x85\xc6\xe1\x0f\x90\x47\x99\x94\x0a\x71\x72\x93\x2a\xc9\xa6\xc0\xbe\x3c\x56\x4c\x73\x92\x27\xf1\x6b\xb5\xf5\xfd\xfc\x30\x05\x60\x92\xc6\xeb\x96\x7e\x01\x91\xc2\x69\xb1\x1e\x1d\x7b\x53\x45\xb8\xdc\x41\x1f\xc9\x8b\x71\xd6\x54\x14\xe3\x8b\x54\x78\x3f\xbe\xf4\x62\x3b\x5b\xf5\xa3\xec\xd5\x92\x74\xe2\x74\x30\xef\x01\xdb\xe1\xd4\xab\x99\x9b\x2a\x6b\xf8\xbd\xa6\x1c\x86\x23\x42\x5f\xec\x49\xde\x9a\x8b\x5b\xf4\x72\x3a\x40\xc5\x49\x3e\xa5\xbe\x8e\xaa\x71\xeb\x6c\xfa\xf5\x1a\xe4\x6a\xfd\x7b\x7d\x55\x40\xef\x58\x6e\xe6\xd9\xd5\xbc\x24\xab\xc1\xef\xb7\x02\x03\x01\x00\x01\xa3\x82\x04\x37\x30\x82\x04\x33\x30\x67\x06\x08\x2b\x06\x01\x05\x05\x07\x01\x01\x04\x5b\x30\x59\x30\x28\x06\x08\x2b\x06\x01\x05\x05\x07\x30\x01\x86\x1c\x68\x74\x74\x70\x73\x3a\x2f\x2f\x72\x63\x61\x2e\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x2f\x6f\x63\x73\x70\x30\x2d\x06\x08\x2b\x06\x01\x05\x05\x07\x30\x02\x86\x21\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x2f\x52\x6f\x6f\x74\x43\x41\x2e\x63\x72\x74\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x82\x01\x73\x06\x03\x55\x1d\x20\x04\x82\x01\x6a\x30\x82\x01\x66\x30\x82\x01\x62\x06\x0c\x2b\x06\x01\x04\x01\x81\xa8\x18\x02\x01\x01\x01\x30\x82\x01\x50\x30\x28\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x1c\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x2f\x53\x5a\x53\x5a\x2f\x30\x82\x01\x22\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x82\x01\x14\x1e\x82\x01\x10\x00\x41\x00\x20\x00\x74\x00\x61\x00\x6e\x00\xfa\x00\x73\x00\xed\x00\x74\x00\x76\x00\xe1\x00\x6e\x00\x79\x00\x20\x00\xe9\x00\x72\x00\x74\x00\x65\x00\x6c\x00\x6d\x00\x65\x00\x7a\x00\xe9\x00\x73\x00\xe9\x00\x68\x00\x65\x00\x7a\x00\x20\x00\xe9\x00\x73\x00\x20\x00\x65\x00\x6c\x00\x66\x00\x6f\x00\x67\x00\x61\x00\x64\x00\xe1\x00\x73\x00\xe1\x00\x68\x00\x6f\x00\x7a\x00\x20\x00\x61\x00\x20\x00\x53\x00\x7a\x00\x6f\x00\x6c\x00\x67\x00\xe1\x00\x6c\x00\x74\x00\x61\x00\x74\x00\xf3\x00\x20\x00\x53\x00\x7a\x00\x6f\x00\x6c\x00\x67\x00\xe1\x00\x6c\x00\x74\x00\x61\x00\x74\x00\xe1\x00\x73\x00\x69\x00\x20\x00\x53\x00\x7a\x00\x61\x00\x62\x00\xe1\x00\x6c\x00\x79\x00\x7a\x00\x61\x00\x74\x00\x61\x00\x20\x00\x73\x00\x7a\x00\x65\x00\x72\x00\x69\x00\x6e\x00\x74\x00\x20\x00\x6b\x00\x65\x00\x6c\x00\x6c\x00\x20\x00\x65\x00\x6c\x00\x6a\x00\xe1\x00\x72\x00\x6e\x00\x69\x00\x3a\x00\x20\x00\x68\x00\x74\x00\x74\x00\x70\x00\x3a\x00\x2f\x00\x2f\x00\x77\x00\x77\x00\x77\x00\x2e\x00\x65\x00\x2d\x00\x73\x00\x7a\x00\x69\x00\x67\x00\x6e\x00\x6f\x00\x2e\x00\x68\x00\x75\x00\x2f\x00\x53\x00\x5a\x00\x53\x00\x5a\x00\x2f\x30\x81\xc8\x06\x03\x55\x1d\x1f\x04\x81\xc0\x30\x81\xbd\x30\x81\xba\xa0\x81\xb7\xa0\x81\xb4\x86\x21\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x2f\x52\x6f\x6f\x74\x43\x41\x2e\x63\x72\x6c\x86\x81\x8e\x6c\x64\x61\x70\x3a\x2f\x2f\x6c\x64\x61\x70\x2e\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x2f\x43\x4e\x3d\x4d\x69\x63\x72\x6f\x73\x65\x63\x25\x32\x30\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x25\x32\x30\x52\x6f\x6f\x74\x25\x32\x30\x43\x41\x2c\x4f\x55\x3d\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x25\x32\x30\x43\x41\x2c\x4f\x3d\x4d\x69\x63\x72\x6f\x73\x65\x63\x25\x32\x30\x4c\x74\x64\x2e\x2c\x4c\x3d\x42\x75\x64\x61\x70\x65\x73\x74\x2c\x43\x3d\x48\x55\x3f\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x52\x65\x76\x6f\x63\x61\x74\x69\x6f\x6e\x4c\x69\x73\x74\x3b\x62\x69\x6e\x61\x72\x79\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x81\x96\x06\x03\x55\x1d\x11\x04\x81\x8e\x30\x81\x8b\x81\x10\x69\x6e\x66\x6f\x40\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\xa4\x77\x30\x75\x31\x23\x30\x21\x06\x03\x55\x04\x03\x0c\x1a\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x65\x2d\x53\x7a\x69\x67\x6e\xc3\xb3\x20\x52\x6f\x6f\x74\x20\x43\x41\x31\x16\x30\x14\x06\x03\x55\x04\x0b\x0c\x0d\x65\x2d\x53\x7a\x69\x67\x6e\xc3\xb3\x20\x48\x53\x5a\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x4b\x66\x74\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x30\x81\xac\x06\x03\x55\x1d\x23\x04\x81\xa4\x30\x81\xa1\x80\x14\xc7\xa0\x49\x75\x16\x61\x84\xdb\x31\x4b\x84\xd2\xf1\x37\x40\x90\xef\x4e\xdc\xf7\xa1\x76\xa4\x74\x30\x72\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x4c\x74\x64\x2e\x31\x14\x30\x12\x06\x03\x55\x04\x0b\x13\x0b\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x43\x41\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x52\x6f\x6f\x74\x20\x43\x41\x82\x11\x00\xcc\xb8\xe7\xbf\x4e\x29\x1a\xfd\xa2\xdc\x66\xa5\x1c\x2c\x0f\x11\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xc7\xa0\x49\x75\x16\x61\x84\xdb\x31\x4b\x84\xd2\xf1\x37\x40\x90\xef\x4e\xdc\xf7\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xd3\x13\x9c\x66\x63\x59\x2e\xca\x5c\x70\x0c\xfc\x83\xbc\x55\xb1\xf4\x8e\x07\x6c\x66\x27\xce\xc1\x3b\x20\xa9\x1c\xbb\x46\x54\x70\xee\x5a\xcc\xa0\x77\xea\x68\x44\x27\xeb\xf2\x29\xdd\x77\xa9\xd5\xfb\xe3\xd4\xa7\x04\xc4\x95\xb8\x0b\xe1\x44\x68\x60\x07\x43\x30\x31\x42\x61\xe5\xee\xd9\xe5\x24\xd5\x1b\xdf\xe1\x4a\x1b\xaa\x9f\xc7\x5f\xf8\x7a\x11\xea\x13\x93\x00\xca\x8a\x58\xb1\xee\xed\x0e\x4d\xb4\xd7\xa8\x36\x26\x7c\xe0\x3a\xc1\xd5\x57\x82\xf1\x75\xb6\xfd\x89\x5f\xda\xf3\xa8\x38\x9f\x35\x06\x08\xce\x22\x95\xbe\xcd\xd5\xfc\xbe\x5b\xde\x79\x6b\xdc\x7a\xa9\x65\x66\xbe\xb1\x25\x5a\x5f\xed\x7e\xd3\xac\x46\x6d\x4c\xf4\x32\x87\xb4\x20\x04\xe0\x6c\x78\xb0\x77\xd1\x85\x46\x4b\xa6\x12\xb7\x75\xe8\x4a\xc9\x56\x6c\xd7\x92\xab\x9d\xf5\x49\x38\xd2\x4f\x53\xe3\x55\x90\x11\xdb\x98\x96\xc6\x49\xf2\x3e\xf4\x9f\x1b\xe0\xf7\x88\xdc\x25\x62\x99\x44\xd8\x73\xbf\x3f\x30\xf3\x0c\x37\x3e\xd4\xc2\x28\x80\x73\xb1\x01\xb7\x9d\x5a\x96\x14\x01\x4b\xa9\x11\x9d\x29\x6a\x2e\xd0\x5d\x81\xc0\xcf\xb2\x20\x43\xc7\x03\xe0\x37\x4e\x5d\x0a\xdc\x59\x20\x25", + ["Certigna"] = "\x30\x82\x03\xa8\x30\x82\x02\x90\xa0\x03\x02\x01\x02\x02\x09\x00\xfe\xdc\xe3\x01\x0f\xc9\x48\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x34\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x0c\x09\x44\x68\x69\x6d\x79\x6f\x74\x69\x73\x31\x11\x30\x0f\x06\x03\x55\x04\x03\x0c\x08\x43\x65\x72\x74\x69\x67\x6e\x61\x30\x1e\x17\x0d\x30\x37\x30\x36\x32\x39\x31\x35\x31\x33\x30\x35\x5a\x17\x0d\x32\x37\x30\x36\x32\x39\x31\x35\x31\x33\x30\x35\x5a\x30\x34\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x0c\x09\x44\x68\x69\x6d\x79\x6f\x74\x69\x73\x31\x11\x30\x0f\x06\x03\x55\x04\x03\x0c\x08\x43\x65\x72\x74\x69\x67\x6e\x61\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc8\x68\xf1\xc9\xd6\xd6\xb3\x34\x75\x26\x82\x1e\xec\xb4\xbe\xea\x5c\xe1\x26\xed\x11\x47\x61\xe1\xa2\x7c\x16\x78\x40\x21\xe4\x60\x9e\x5a\xc8\x63\xe1\xc4\xb1\x96\x92\xff\x18\x6d\x69\x23\xe1\x2b\x62\xf7\xdd\xe2\x36\x2f\x91\x07\xb9\x48\xcf\x0e\xec\x79\xb6\x2c\xe7\x34\x4b\x70\x08\x25\xa3\x3c\x87\x1b\x19\xf2\x81\x07\x0f\x38\x90\x19\xd3\x11\xfe\x86\xb4\xf2\xd1\x5e\x1e\x1e\x96\xcd\x80\x6c\xce\x3b\x31\x93\xb6\xf2\xa0\xd0\xa9\x95\x12\x7d\xa5\x9a\xcc\x6b\xc8\x84\x56\x8a\x33\xa9\xe7\x22\x15\x53\x16\xf0\xcc\x17\xec\x57\x5f\xe9\xa2\x0a\x98\x09\xde\xe3\x5f\x9c\x6f\xdc\x48\xe3\x85\x0b\x15\x5a\xa6\xba\x9f\xac\x48\xe3\x09\xb2\xf7\xf4\x32\xde\x5e\x34\xbe\x1c\x78\x5d\x42\x5b\xce\x0e\x22\x8f\x4d\x90\xd7\x7d\x32\x18\xb3\x0b\x2c\x6a\xbf\x8e\x3f\x14\x11\x89\x20\x0e\x77\x14\xb5\x3d\x94\x08\x87\xf7\x25\x1e\xd5\xb2\x60\x00\xec\x6f\x2a\x28\x25\x6e\x2a\x3e\x18\x63\x17\x25\x3f\x3e\x44\x20\x16\xf6\x26\xc8\x25\xae\x05\x4a\xb4\xe7\x63\x2c\xf3\x8c\x16\x53\x7e\x5c\xfb\x11\x1a\x08\xc1\x46\x62\x9f\x22\xb8\xf1\xc2\x8d\x69\xdc\xfa\x3a\x58\x06\xdf\x02\x03\x01\x00\x01\xa3\x81\xbc\x30\x81\xb9\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x1a\xed\xfe\x41\x39\x90\xb4\x24\x59\xbe\x01\xf2\x52\xd5\x45\xf6\x5a\x39\xdc\x11\x30\x64\x06\x03\x55\x1d\x23\x04\x5d\x30\x5b\x80\x14\x1a\xed\xfe\x41\x39\x90\xb4\x24\x59\xbe\x01\xf2\x52\xd5\x45\xf6\x5a\x39\xdc\x11\xa1\x38\xa4\x36\x30\x34\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x0c\x09\x44\x68\x69\x6d\x79\x6f\x74\x69\x73\x31\x11\x30\x0f\x06\x03\x55\x04\x03\x0c\x08\x43\x65\x72\x74\x69\x67\x6e\x61\x82\x09\x00\xfe\xdc\xe3\x01\x0f\xc9\x48\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x85\x03\x1e\x92\x71\xf6\x42\xaf\xe1\xa3\x61\x9e\xeb\xf3\xc0\x0f\xf2\xa5\xd4\xda\x95\xe6\xd6\xbe\x68\x36\x3d\x7e\x6e\x1f\x4c\x8a\xef\xd1\x0f\x21\x6d\x5e\xa5\x52\x63\xce\x12\xf8\xef\x2a\xda\x6f\xeb\x37\xfe\x13\x02\xc7\xcb\x3b\x3e\x22\x6b\xda\x61\x2e\x7f\xd4\x72\x3d\xdd\x30\xe1\x1e\x4c\x40\x19\x8c\x0f\xd7\x9c\xd1\x83\x30\x7b\x98\x59\xdc\x7d\xc6\xb9\x0c\x29\x4c\xa1\x33\xa2\xeb\x67\x3a\x65\x84\xd3\x96\xe2\xed\x76\x45\x70\x8f\xb5\x2b\xde\xf9\x23\xd6\x49\x6e\x3c\x14\xb5\xc6\x9f\x35\x1e\x50\xd0\xc1\x8f\x6a\x70\x44\x02\x62\xcb\xae\x1d\x68\x41\xa7\xaa\x57\xe8\x53\xaa\x07\xd2\x06\xf6\xd5\x14\x06\x0b\x91\x03\x75\x2c\x6c\x72\xb5\x61\x95\x9a\x0d\x8b\xb9\x0d\xe7\xf5\xdf\x54\xcd\xde\xe6\xd8\xd6\x09\x08\x97\x63\xe5\xc1\x2e\xb0\xb7\x44\x26\xc0\x26\xc0\xaf\x55\x30\x9e\x3b\xd5\x36\x2a\x19\x04\xf4\x5c\x1e\xff\xcf\x2c\xb7\xff\xd0\xfd\x87\x40\x11\xd5\x11\x23\xbb\x48\xc0\x21\xa9\xa4\x28\x2d\xfd\x15\xf8\xb0\x4e\x2b\xf4\x30\x5b\x21\xfc\x11\x91\x34\xbe\x41\xef\x7b\x9d\x97\x75\xff\x97\x95\xc0\x96\x58\x2f\xea\xbb\x46\xd7\xbb\xe4\xd9\x2e", + ["AC Ra\xC3\xADz Certic\xC3\xA1mara S.A."] = "\x30\x82\x06\x66\x30\x82\x04\x4e\xa0\x03\x02\x01\x02\x02\x0f\x07\x7e\x52\x93\x7b\xe0\x15\xe3\x57\xf0\x69\x8c\xcb\xec\x0c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4f\x31\x47\x30\x45\x06\x03\x55\x04\x0a\x0c\x3e\x53\x6f\x63\x69\x65\x64\x61\x64\x20\x43\x61\x6d\x65\x72\x61\x6c\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\xc3\xb3\x6e\x20\x44\x69\x67\x69\x74\x61\x6c\x20\x2d\x20\x43\x65\x72\x74\x69\x63\xc3\xa1\x6d\x61\x72\x61\x20\x53\x2e\x41\x2e\x31\x23\x30\x21\x06\x03\x55\x04\x03\x0c\x1a\x41\x43\x20\x52\x61\xc3\xad\x7a\x20\x43\x65\x72\x74\x69\x63\xc3\xa1\x6d\x61\x72\x61\x20\x53\x2e\x41\x2e\x30\x1e\x17\x0d\x30\x36\x31\x31\x32\x37\x32\x30\x34\x36\x32\x39\x5a\x17\x0d\x33\x30\x30\x34\x30\x32\x32\x31\x34\x32\x30\x32\x5a\x30\x7b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4f\x31\x47\x30\x45\x06\x03\x55\x04\x0a\x0c\x3e\x53\x6f\x63\x69\x65\x64\x61\x64\x20\x43\x61\x6d\x65\x72\x61\x6c\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\xc3\xb3\x6e\x20\x44\x69\x67\x69\x74\x61\x6c\x20\x2d\x20\x43\x65\x72\x74\x69\x63\xc3\xa1\x6d\x61\x72\x61\x20\x53\x2e\x41\x2e\x31\x23\x30\x21\x06\x03\x55\x04\x03\x0c\x1a\x41\x43\x20\x52\x61\xc3\xad\x7a\x20\x43\x65\x72\x74\x69\x63\xc3\xa1\x6d\x61\x72\x61\x20\x53\x2e\x41\x2e\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xab\x6b\x89\xa3\x53\xcc\x48\x23\x08\xfb\xc3\xcf\x51\x96\x08\x2e\xb8\x08\x7a\x6d\x3c\x90\x17\x86\xa9\xe9\xed\x2e\x13\x34\x47\xb2\xd0\x70\xdc\xc9\x3c\xd0\x8d\xca\xee\x4b\x17\xab\xd0\x85\xb0\xa7\x23\x04\xcb\xa8\xa2\xfc\xe5\x75\xdb\x40\xca\x62\x89\x8f\x50\x9e\x01\x3d\x26\x5b\x18\x84\x1c\xcb\x7c\x37\xb7\x7d\xec\xd3\x7f\x73\x19\xb0\x6a\xb2\xd8\x88\x8a\x2d\x45\x74\xa8\xf7\xb3\xb8\xc0\xd4\xda\xcd\x22\x89\x74\x4d\x5a\x15\x39\x73\x18\x74\x4f\xb5\xeb\x99\xa7\xc1\x1e\x88\xb4\xc2\x93\x90\x63\x97\xf3\xa7\xa7\x12\xb2\x09\x22\x07\x33\xd9\x91\xcd\x0e\x9c\x1f\x0e\x20\xc7\xee\xbb\x33\x8d\x8f\xc2\xd2\x58\xa7\x5f\xfd\x65\x37\xe2\x88\xc2\xd8\x8f\x86\x75\x5e\xf9\x2d\xa7\x87\x33\xf2\x78\x37\x2f\x8b\xbc\x1d\x86\x37\x39\xb1\x94\xf2\xd8\xbc\x4a\x9c\x83\x18\x5a\x06\xfc\xf3\xd4\xd4\xba\x8c\x15\x09\x25\xf0\xf9\xb6\x8d\x04\x7e\x17\x12\x33\x6b\x57\x48\x4c\x4f\xdb\x26\x1e\xeb\xcc\x90\xe7\x8b\xf9\x68\x7c\x70\x0f\xa3\x2a\xd0\x3a\x38\xdf\x37\x97\xe2\x5b\xde\x80\x61\xd3\x80\xd8\x91\x83\x42\x5a\x4c\x04\x89\x68\x11\x3c\xac\x5f\x68\x80\x41\xcc\x60\x42\xce\x0d\x5a\x2a\x0c\x0f\x9b\x30\xc0\xa6\xf0\x86\xdb\xab\x49\xd7\x97\x6d\x48\x8b\xf9\x03\xc0\x52\x67\x9b\x12\xf7\xc2\xf2\x2e\x98\x65\x42\xd9\xd6\x9a\xe3\xd0\x19\x31\x0c\xad\x87\xd5\x57\x02\x7a\x30\xe8\x86\x26\xfb\x8f\x23\x8a\x54\x87\xe4\xbf\x3c\xee\xeb\xc3\x75\x48\x5f\x1e\x39\x6f\x81\x62\x6c\xc5\x2d\xc4\x17\x54\x19\xb7\x37\x8d\x9c\x37\x91\xc8\xf6\x0b\xd5\xea\x63\x6f\x83\xac\x38\xc2\xf3\x3f\xde\x9a\xfb\xe1\x23\x61\xf0\xc8\x26\xcb\x36\xc8\xa1\xf3\x30\x8f\xa4\xa3\xa2\xa1\xdd\x53\xb3\xde\xf0\x9a\x32\x1f\x83\x91\x79\x30\xc1\xa9\x1f\x53\x9b\x53\xa2\x15\x53\x3f\xdd\x9d\xb3\x10\x3b\x48\x7d\x89\x0f\xfc\xed\x03\xf5\xfb\x25\x64\x75\x0e\x17\x19\x0d\x8f\x00\x16\x67\x79\x7a\x40\xfc\x2d\x59\x07\xd9\x90\xfa\x9a\xad\x3d\xdc\x80\x8a\xe6\x5c\x35\xa2\x67\x4c\x11\x6b\xb1\xf8\x80\x64\x00\x2d\x6f\x22\x61\xc5\xac\x4b\x26\xe5\x5a\x10\x82\x9b\xa4\x83\x7b\x34\xf7\x9e\x89\x91\x20\x97\x8e\xb7\x42\xc7\x66\xc3\xd0\xe9\xa4\xd6\xf5\x20\x8d\xc4\xc3\x95\xac\x44\x0a\x9d\x5b\x73\x3c\x26\x3d\x2f\x4a\xbe\xa7\xc9\xa7\x10\x1e\xfb\x9f\x50\x69\xf3\x02\x03\x01\x00\x01\xa3\x81\xe6\x30\x81\xe3\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xd1\x09\xd0\xe9\xd7\xce\x79\x74\x54\xf9\x3a\x30\xb3\xf4\x6d\x2c\x03\x03\x1b\x68\x30\x81\xa0\x06\x03\x55\x1d\x20\x04\x81\x98\x30\x81\x95\x30\x81\x92\x06\x04\x55\x1d\x20\x00\x30\x81\x89\x30\x2b\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x1f\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x63\x65\x72\x74\x69\x63\x61\x6d\x61\x72\x61\x2e\x63\x6f\x6d\x2f\x64\x70\x63\x2f\x30\x5a\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x4e\x1a\x4c\x4c\x69\x6d\x69\x74\x61\x63\x69\x6f\x6e\x65\x73\x20\x64\x65\x20\x67\x61\x72\x61\x6e\x74\xed\x61\x73\x20\x64\x65\x20\x65\x73\x74\x65\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x64\x6f\x20\x73\x65\x20\x70\x75\x65\x64\x65\x6e\x20\x65\x6e\x63\x6f\x6e\x74\x72\x61\x72\x20\x65\x6e\x20\x6c\x61\x20\x44\x50\x43\x2e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x5c\x94\xb5\xb8\x45\x91\x4d\x8e\x61\x1f\x03\x28\x0f\x53\x7c\xe6\xa4\x59\xa9\xb3\x8a\x7a\xc5\xb0\xff\x08\x7c\x2c\xa3\x71\x1c\x21\x13\x67\xa1\x95\x12\x40\x35\x83\x83\x8f\x74\xdb\x33\x5c\xf0\x49\x76\x0a\x81\x52\xdd\x49\xd4\x9a\x32\x33\xef\x9b\xa7\xcb\x75\xe5\x7a\xcb\x97\x12\x90\x5c\xba\x7b\xc5\x9b\xdf\xbb\x39\x23\xc8\xff\x98\xce\x0a\x4d\x22\x01\x48\x07\x7e\x8a\xc0\xd5\x20\x42\x94\x44\xef\xbf\x77\xa2\x89\x67\x48\x1b\x40\x03\x05\xa1\x89\xec\xcf\x62\xe3\x3d\x25\x76\x66\xbf\x26\xb7\xbb\x22\xbe\x6f\xff\x39\x57\x74\xba\x7a\xc9\x01\x95\xc1\x95\x51\xe8\xab\x2c\xf8\xb1\x86\x20\xe9\x3f\xcb\x35\x5b\xd2\x17\xe9\x2a\xfe\x83\x13\x17\x40\xee\x88\x62\x65\x5b\xd5\x3b\x60\xe9\x7b\x3c\xb8\xc9\xd5\x7f\x36\x02\x25\xaa\x68\xc2\x31\x15\xb7\x30\x65\xeb\x7f\x1d\x48\x79\xb1\xcf\x39\xe2\x42\x80\x16\xd3\xf5\x93\x23\xfc\x4c\x97\xc9\x5a\x37\x6c\x7c\x22\xd8\x4a\xcd\xd2\x8e\x36\x83\x39\x91\x90\x10\xc8\xf1\xc9\x35\x7e\x3f\xb8\xd3\x81\xc6\x20\x64\x1a\xb6\x50\xc2\x21\xa4\x78\xdc\xd0\x2f\x3b\x64\x93\x74\xf0\x96\x90\xf1\xef\xfb\x09\x5a\x34\x40\x96\xf0\x36\x12\xc1\xa3\x74\x8c\x93\x7e\x41\xde\x77\x8b\xec\x86\xd9\xd2\x0f\x3f\x2d\xd1\xcc\x40\xa2\x89\x66\x48\x1e\x20\xb3\x9c\x23\x59\x73\xa9\x44\x73\xbc\x24\x79\x90\x56\x37\xb3\xc6\x29\x7e\xa3\x0f\xf1\x29\x39\xef\x7e\x5c\x28\x32\x70\x35\xac\xda\xb8\xc8\x75\x66\xfc\x9b\x4c\x39\x47\x8e\x1b\x6f\x9b\x4d\x02\x54\x22\x33\xef\x61\xba\x9e\x29\x84\xef\x4e\x4b\x33\x47\x76\x97\x6a\xcb\x7e\x5f\xfd\x15\xa6\x9e\x42\x43\x5b\x66\x5a\x8a\x88\x0d\xf7\x16\xb9\x3f\x51\x65\x2b\x66\x6a\x8b\xd1\x38\x52\xa2\xd6\x46\x11\xfa\xfc\x9a\x1c\x74\x9e\x8f\x97\x0b\x02\x4f\x64\xc6\xf5\x68\xd3\x4b\x2d\xff\xa4\x37\x1e\x8b\x3f\xbf\x44\xbe\x61\x46\xa1\x84\x3d\x08\x27\x4c\x81\x20\x77\x89\x08\xea\x67\x40\x5e\x6c\x08\x51\x5f\x34\x5a\x8c\x96\x68\xcd\xd7\xf7\x89\xc2\x1c\xd3\x32\x00\xaf\x52\xcb\xd3\x60\x5b\x2a\x3a\x47\x7e\x6b\x30\x33\xa1\x62\x29\x7f\x4a\xb9\xe1\x2d\xe7\x14\x23\x0e\x0e\x18\x47\xe1\x79\xfc\x15\x55\xd0\xb1\xfc\x25\x71\x63\x75\x33\x1c\x23\x2b\xaf\x5c\xd9\xed\x47\x77\x60\x0e\x3b\x0f\x1e\xd2\xc0\xdc\x64\x05\x89\xfc\x78\xd6\x5c\x2c\x26\x43\xa9", + ["TC TrustCenter Class 2 CA II"] = "\x30\x82\x04\xaa\x30\x82\x03\x92\xa0\x03\x02\x01\x02\x02\x0e\x2e\x6a\x00\x01\x00\x02\x1f\xd7\x52\x21\x2c\x11\x5c\x3b\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x76\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1c\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x20\x49\x49\x30\x1e\x17\x0d\x30\x36\x30\x31\x31\x32\x31\x34\x33\x38\x34\x33\x5a\x17\x0d\x32\x35\x31\x32\x33\x31\x32\x32\x35\x39\x35\x39\x5a\x30\x76\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1c\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x20\x49\x49\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xab\x80\x87\x9b\x8e\xf0\xc3\x7c\x87\xd7\xe8\x24\x82\x11\xb3\x3c\xdd\x43\x62\xee\xf8\xc3\x45\xda\xe8\xe1\xa0\x5f\xd1\x2a\xb2\xea\x93\x68\xdf\xb4\xc8\xd6\x43\xe9\xc4\x75\x59\x7f\xfc\xe1\x1d\xf8\x31\x70\x23\x1b\x88\x9e\x27\xb9\x7b\xfd\x3a\xd2\xc9\xa9\xe9\x14\x2f\x90\xbe\x03\x52\xc1\x49\xcd\xf6\xfd\xe4\x08\x66\x0b\x57\x8a\xa2\x42\xa0\xb8\xd5\x7f\x69\x5c\x90\x32\xb2\x97\x0d\xca\x4a\xdc\x46\x3e\x02\x55\x89\x53\xe3\x1a\x5a\xcb\x36\xc6\x07\x56\xf7\x8c\xcf\x11\xf4\x4c\xbb\x30\x70\x04\x95\xa5\xf6\x39\x8c\xfd\x73\x81\x08\x7d\x89\x5e\x32\x1e\x22\xa9\x22\x45\x4b\xb0\x66\x2e\x30\xcc\x9f\x65\xfd\xfc\xcb\x81\xa9\xf1\xe0\x3b\xaf\xa3\x86\xd1\x89\xea\xc4\x45\x79\x50\x5d\xae\xe9\x21\x74\x92\x4d\x8b\x59\x82\x8f\x94\xe3\xe9\x4a\xf1\xe7\x49\xb0\x14\xe3\xf5\x62\xcb\xd5\x72\xbd\x1f\xb9\xd2\x9f\xa0\xcd\xa8\xfa\x01\xc8\xd9\x0d\xdf\xda\xfc\x47\x9d\xb3\xc8\x54\xdf\x49\x4a\xf1\x21\xa9\xfe\x18\x4e\xee\x48\xd4\x19\xbb\xef\x7d\xe4\xe2\x9d\xcb\x5b\xb6\x6e\xff\xe3\xcd\x5a\xe7\x74\x82\x05\xba\x80\x25\x38\xcb\xe4\x69\x9e\xaf\x41\xaa\x1a\x84\xf5\x02\x03\x01\x00\x01\xa3\x82\x01\x34\x30\x82\x01\x30\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xe3\xab\x54\x4c\x80\xa1\xdb\x56\x43\xb7\x91\x4a\xcb\xf3\x82\x7a\x13\x5c\x08\xab\x30\x81\xed\x06\x03\x55\x1d\x1f\x04\x81\xe5\x30\x81\xe2\x30\x81\xdf\xa0\x81\xdc\xa0\x81\xd9\x86\x35\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x2f\x63\x72\x6c\x2f\x76\x32\x2f\x74\x63\x5f\x63\x6c\x61\x73\x73\x5f\x32\x5f\x63\x61\x5f\x49\x49\x2e\x63\x72\x6c\x86\x81\x9f\x6c\x64\x61\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x2f\x43\x4e\x3d\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x25\x32\x30\x43\x6c\x61\x73\x73\x25\x32\x30\x32\x25\x32\x30\x43\x41\x25\x32\x30\x49\x49\x2c\x4f\x3d\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x25\x32\x30\x47\x6d\x62\x48\x2c\x4f\x55\x3d\x72\x6f\x6f\x74\x63\x65\x72\x74\x73\x2c\x44\x43\x3d\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2c\x44\x43\x3d\x64\x65\x3f\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x52\x65\x76\x6f\x63\x61\x74\x69\x6f\x6e\x4c\x69\x73\x74\x3f\x62\x61\x73\x65\x3f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8c\xd7\xdf\x7e\xee\x1b\x80\x10\xb3\x83\xf5\xdb\x11\xea\x6b\x4b\xa8\x92\x18\xd9\xf7\x07\x39\xf5\x2c\xbe\x06\x75\x7a\x68\x53\x15\x1c\xea\x4a\xed\x5e\xfc\x23\xb2\x13\xa0\xd3\x09\xff\xf6\xf6\x2e\x6b\x41\x71\x79\xcd\xe2\x6d\xfd\xae\x59\x6b\x85\x1d\xb8\x4e\x22\x9a\xed\x66\x39\x6e\x4b\x94\xe6\x55\xfc\x0b\x1b\x8b\x77\xc1\x53\x13\x66\x89\xd9\x28\xd6\x8b\xf3\x45\x4a\x63\xb7\xfd\x7b\x0b\x61\x5d\xb8\x6d\xbe\xc3\xdc\x5b\x79\xd2\xed\x86\xe5\xa2\x4d\xbe\x5e\x74\x7c\x6a\xed\x16\x38\x1f\x7f\x58\x81\x5a\x1a\xeb\x32\x88\x2d\xb2\xf3\x39\x77\x80\xaf\x5e\xb6\x61\x75\x29\xdb\x23\x4d\x88\xca\x50\x28\xcb\x85\xd2\xd3\x10\xa2\x59\x6e\xd3\x93\x54\x00\x7a\xa2\x46\x95\x86\x05\x9c\xa9\x19\x98\xe5\x31\x72\x0c\x00\xe2\x67\xd9\x40\xe0\x24\x33\x7b\x6f\x2c\xb9\x5c\xab\x65\x9d\x2c\xac\x76\xea\x35\x99\xf5\x97\xb9\x0f\x24\xec\xc7\x76\x21\x28\x65\xae\x57\xe8\x07\x88\x75\x4a\x56\xa0\xd2\x05\x3a\xa4\xe6\x8d\x92\x88\x2c\xf3\xf2\xe1\xc1\xc6\x61\xdb\x41\xc5\xc7\x9b\xf7\x0e\x1a\x51\x45\xc2\x61\x6b\xdc\x64\x27\x17\x8c\x5a\xb7\xda\x74\x28\xcd\x97\xe4\xbd", + ["TC TrustCenter Class 3 CA II"] = "\x30\x82\x04\xaa\x30\x82\x03\x92\xa0\x03\x02\x01\x02\x02\x0e\x4a\x47\x00\x01\x00\x02\xe5\xa0\x5d\xd6\x3f\x00\x51\xbf\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x76\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1c\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x20\x49\x49\x30\x1e\x17\x0d\x30\x36\x30\x31\x31\x32\x31\x34\x34\x31\x35\x37\x5a\x17\x0d\x32\x35\x31\x32\x33\x31\x32\x32\x35\x39\x35\x39\x5a\x30\x76\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1c\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x20\x49\x49\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb4\xe0\xbb\x51\xbb\x39\x5c\x8b\x04\xc5\x4c\x79\x1c\x23\x86\x31\x10\x63\x43\x55\x27\x3f\xc6\x45\xc7\xa4\x3d\xec\x09\x0d\x1a\x1e\x20\xc2\x56\x1e\xde\x1b\x37\x07\x30\x22\x2f\x6f\xf1\x06\xf1\xab\xad\xd6\xc8\xab\x61\xa3\x2f\x43\xc4\xb0\xb2\x2d\xfc\xc3\x96\x69\x7b\x7e\x8a\xe4\xcc\xc0\x39\x12\x90\x42\x60\xc9\xcc\x35\x68\xee\xda\x5f\x90\x56\x5f\xcd\x1c\x4d\x5b\x58\x49\xeb\x0e\x01\x4f\x64\xfa\x2c\x3c\x89\x58\xd8\x2f\x2e\xe2\xb0\x68\xe9\x22\x3b\x75\x89\xd6\x44\x1a\x65\xf2\x1b\x97\x26\x1d\x28\x6d\xac\xe8\xbd\x59\x1d\x2b\x24\xf6\xd6\x84\x03\x66\x88\x24\x00\x78\x60\xf1\xf8\xab\xfe\x02\xb2\x6b\xfb\x22\xfb\x35\xe6\x16\xd1\xad\xf6\x2e\x12\xe4\xfa\x35\x6a\xe5\x19\xb9\x5d\xdb\x3b\x1e\x1a\xfb\xd3\xff\x15\x14\x08\xd8\x09\x6a\xba\x45\x9d\x14\x79\x60\x7d\xaf\x40\x8a\x07\x73\xb3\x93\x96\xd3\x74\x34\x8d\x3a\x37\x29\xde\x5c\xec\xf5\xee\x2e\x31\xc2\x20\xdc\xbe\xf1\x4f\x7f\x23\x52\xd9\x5b\xe2\x64\xd9\x9c\xaa\x07\x08\xb5\x45\xbd\xd1\xd0\x31\xc1\xab\x54\x9f\xa9\xd2\xc3\x62\x60\x03\xf1\xbb\x39\x4a\x92\x4a\x3d\x0a\xb9\x9d\xc5\xa0\xfe\x37\x02\x03\x01\x00\x01\xa3\x82\x01\x34\x30\x82\x01\x30\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xd4\xa2\xfc\x9f\xb3\xc3\xd8\x03\xd3\x57\x5c\x07\xa4\xd0\x24\xa7\xc0\xf2\x00\xd4\x30\x81\xed\x06\x03\x55\x1d\x1f\x04\x81\xe5\x30\x81\xe2\x30\x81\xdf\xa0\x81\xdc\xa0\x81\xd9\x86\x35\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x2f\x63\x72\x6c\x2f\x76\x32\x2f\x74\x63\x5f\x63\x6c\x61\x73\x73\x5f\x33\x5f\x63\x61\x5f\x49\x49\x2e\x63\x72\x6c\x86\x81\x9f\x6c\x64\x61\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x2f\x43\x4e\x3d\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x25\x32\x30\x43\x6c\x61\x73\x73\x25\x32\x30\x33\x25\x32\x30\x43\x41\x25\x32\x30\x49\x49\x2c\x4f\x3d\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x25\x32\x30\x47\x6d\x62\x48\x2c\x4f\x55\x3d\x72\x6f\x6f\x74\x63\x65\x72\x74\x73\x2c\x44\x43\x3d\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2c\x44\x43\x3d\x64\x65\x3f\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x52\x65\x76\x6f\x63\x61\x74\x69\x6f\x6e\x4c\x69\x73\x74\x3f\x62\x61\x73\x65\x3f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x36\x60\xe4\x70\xf7\x06\x20\x43\xd9\x23\x1a\x42\xf2\xf8\xa3\xb2\xb9\x4d\x8a\xb4\xf3\xc2\x9a\x55\x31\x7c\xc4\x3b\x67\x9a\xb4\xdf\x4d\x0e\x8a\x93\x4a\x17\x8b\x1b\x8d\xca\x89\xe1\xcf\x3a\x1e\xac\x1d\xf1\x9c\x32\xb4\x8e\x59\x76\xa2\x41\x85\x25\x37\xa0\x13\xd0\xf5\x7c\x4e\xd5\xea\x96\xe2\x6e\x72\xc1\xbb\x2a\xfe\x6c\x6e\xf8\x91\x98\x46\xfc\xc9\x1b\x57\x5b\xea\xc8\x1a\x3b\x3f\xb0\x51\x98\x3c\x07\xda\x2c\x59\x01\xda\x8b\x44\xe8\xe1\x74\xfd\xa7\x68\xdd\x54\xba\x83\x46\xec\xc8\x46\xb5\xf8\xaf\x97\xc0\x3b\x09\x1c\x8f\xce\x72\x96\x3d\x33\x56\x70\xbc\x96\xcb\xd8\xd5\x7d\x20\x9a\x83\x9f\x1a\xdc\x39\xf1\xc5\x72\xa3\x11\x03\xfd\x3b\x42\x52\x29\xdb\xe8\x01\xf7\x9b\x5e\x8c\xd6\x8d\x86\x4e\x19\xfa\xbc\x1c\xbe\xc5\x21\xa5\x87\x9e\x78\x2e\x36\xdb\x09\x71\xa3\x72\x34\xf8\x6c\xe3\x06\x09\xf2\x5e\x56\xa5\xd3\xdd\x98\xfa\xd4\xe6\x06\xf4\xf0\xb6\x20\x63\x4b\xea\x29\xbd\xaa\x82\x66\x1e\xfb\x81\xaa\xa7\x37\xad\x13\x18\xe6\x92\xc3\x81\xc1\x33\xbb\x88\x1e\xa1\xe7\xe2\xb4\xbd\x31\x6c\x0e\x51\x3d\x6f\xfb\x96\x56\x80\xe2\x36\x17\xd1\xdc\xe4", + ["TC TrustCenter Universal CA I"] = "\x30\x82\x03\xdd\x30\x82\x02\xc5\xa0\x03\x02\x01\x02\x02\x0e\x1d\xa2\x00\x01\x00\x02\xec\xb7\x60\x80\x78\x8d\xb6\x06\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x79\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x24\x30\x22\x06\x03\x55\x04\x0b\x13\x1b\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1d\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x20\x49\x30\x1e\x17\x0d\x30\x36\x30\x33\x32\x32\x31\x35\x35\x34\x32\x38\x5a\x17\x0d\x32\x35\x31\x32\x33\x31\x32\x32\x35\x39\x35\x39\x5a\x30\x79\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x24\x30\x22\x06\x03\x55\x04\x0b\x13\x1b\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1d\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x20\x49\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa4\x77\x23\x96\x44\xaf\x90\xf4\x31\xa7\x10\xf4\x26\x87\x9c\xf3\x38\xd9\x0f\x5e\xde\xcf\x41\xe8\x31\xad\xc6\x74\x91\x24\x96\x78\x1e\x09\xa0\x9b\x9a\x95\x4a\x4a\xf5\x62\x7c\x02\xa8\xca\xac\xfb\x5a\x04\x76\x39\xde\x5f\xf1\xf9\xb3\xbf\xf3\x03\x58\x55\xd2\xaa\xb7\xe3\x04\x22\xd1\xf8\x94\xda\x22\x08\x00\x8d\xd3\x7c\x26\x5d\xcc\x77\x79\xe7\x2c\x78\x39\xa8\x26\x73\x0e\xa2\x5d\x25\x69\x85\x4f\x55\x0e\x9a\xef\xc6\xb9\x44\xe1\x57\x3d\xdf\x1f\x54\x22\xe5\x6f\x65\xaa\x33\x84\x3a\xf3\xce\x7a\xbe\x55\x97\xae\x8d\x12\x0f\x14\x33\xe2\x50\x70\xc3\x49\x87\x13\xbc\x51\xde\xd7\x98\x12\x5a\xef\x3a\x83\x33\x92\x06\x75\x8b\x92\x7c\x12\x68\x7b\x70\x6a\x0f\xb5\x9b\xb6\x77\x5b\x48\x59\x9d\xe4\xef\x5a\xad\xf3\xc1\x9e\xd4\xd7\x45\x4e\xca\x56\x34\x21\xbc\x3e\x17\x5b\x6f\x77\x0c\x48\x01\x43\x29\xb0\xdd\x3f\x96\x6e\xe6\x95\xaa\x0c\xc0\x20\xb6\xfd\x3e\x36\x27\x9c\xe3\x5c\xcf\x4e\x81\xdc\x19\xbb\x91\x90\x7d\xec\xe6\x97\x04\x1e\x93\xcc\x22\x49\xd7\x97\x86\xb6\x13\x0a\x3c\x43\x23\x77\x7e\xf0\xdc\xe6\xcd\x24\x1f\x3b\x83\x9b\x34\x3a\x83\x34\xe3\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x92\xa4\x75\x2c\xa4\x9e\xbe\x81\x44\xeb\x79\xfc\x8a\xc5\x95\xa5\xeb\x10\x75\x73\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x92\xa4\x75\x2c\xa4\x9e\xbe\x81\x44\xeb\x79\xfc\x8a\xc5\x95\xa5\xeb\x10\x75\x73\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x28\xd2\xe0\x86\xd5\xe6\xf8\x7b\xf0\x97\xdc\x22\x6b\x3b\x95\x14\x56\x0f\x11\x30\xa5\x9a\x4f\x3a\xb0\x3a\xe0\x06\xcb\x65\xf5\xed\xc6\x97\x27\xfe\x25\xf2\x57\xe6\x5e\x95\x8c\x3e\x64\x60\x15\x5a\x7f\x2f\x0d\x01\xc5\xb1\x60\xfd\x45\x35\xcf\xf0\xb2\xbf\x06\xd9\xef\x5a\xbe\xb3\x62\x21\xb4\xd7\xab\x35\x7c\x53\x3e\xa6\x27\xf1\xa1\x2d\xda\x1a\x23\x9d\xcc\xdd\xec\x3c\x2d\x9e\x27\x34\x5d\x0f\xc2\x36\x79\xbc\xc9\x4a\x62\x2d\xed\x6b\xd9\x7d\x41\x43\x7c\xb6\xaa\xca\xed\x61\xb1\x37\x82\x15\x09\x1a\x8a\x16\x30\xd8\xec\xc9\xd6\x47\x72\x78\x4b\x10\x46\x14\x8e\x5f\x0e\xaf\xec\xc7\x2f\xab\x10\xd7\xb6\xf1\x6e\xec\x86\xb2\xc2\xe8\x0d\x92\x73\xdc\xa2\xf4\x0f\x3a\xbf\x61\x23\x10\x89\x9c\x48\x40\x6e\x70\x00\xb3\xd3\xba\x37\x44\x58\x11\x7a\x02\x6a\x88\xf0\x37\x34\xf0\x19\xe9\xac\xd4\x65\x73\xf6\x69\x8c\x64\x94\x3a\x79\x85\x29\xb0\x16\x2b\x0c\x82\x3f\x06\x9c\xc7\xfd\x10\x2b\x9e\x0f\x2c\xb6\x9e\xe3\x15\xbf\xd9\x36\x1c\xba\x25\x1a\x52\x3d\x1a\xec\x22\x0c\x1c\xe0\xa4\xa2\x3d\xf0\xe8\x39\xcf\x81\xc0\x7b\xed\x5d\x1f\x6f\xc5\xd0\x0b\xd7\x98", + ["Deutsche Telekom Root CA 2"] = "\x30\x82\x03\x9f\x30\x82\x02\x87\xa0\x03\x02\x01\x02\x02\x01\x26\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x71\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6c\x65\x6b\x6f\x6d\x20\x41\x47\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x54\x2d\x54\x65\x6c\x65\x53\x65\x63\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6e\x74\x65\x72\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1a\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6c\x65\x6b\x6f\x6d\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x32\x30\x1e\x17\x0d\x39\x39\x30\x37\x30\x39\x31\x32\x31\x31\x30\x30\x5a\x17\x0d\x31\x39\x30\x37\x30\x39\x32\x33\x35\x39\x30\x30\x5a\x30\x71\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6c\x65\x6b\x6f\x6d\x20\x41\x47\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x54\x2d\x54\x65\x6c\x65\x53\x65\x63\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6e\x74\x65\x72\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1a\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6c\x65\x6b\x6f\x6d\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x32\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xab\x0b\xa3\x35\xe0\x8b\x29\x14\xb1\x14\x85\xaf\x3c\x10\xe4\x39\x6f\x35\x5d\x4a\xae\xdd\xea\x61\x8d\x95\x49\xf4\x6f\x64\xa3\x1a\x60\x66\xa4\xa9\x40\x22\x84\xd9\xd4\xa5\xe5\x78\x93\x0e\x68\x01\xad\xb9\x4d\x5c\x3a\xce\xd3\xb8\xa8\x42\x40\xdf\xcf\xa3\xba\x82\x59\x6a\x92\x1b\xac\x1c\x9a\xda\x08\x2b\x25\x27\xf9\x69\x23\x47\xf1\xe0\xeb\x2c\x7a\x9b\xf5\x13\x02\xd0\x7e\x34\x7c\xc2\x9e\x3c\x00\x59\xab\xf5\xda\x0c\xf5\x32\x3c\x2b\xac\x50\xda\xd6\xc3\xde\x83\x94\xca\xa8\x0c\x99\x32\x0e\x08\x48\x56\x5b\x6a\xfb\xda\xe1\x58\x58\x01\x49\x5f\x72\x41\x3c\x15\x06\x01\x8e\x5d\xad\xaa\xb8\x93\xb4\xcd\x9e\xeb\xa7\xe8\x6a\x2d\x52\x34\xdb\x3a\xef\x5c\x75\x51\xda\xdb\xf3\x31\xf9\xee\x71\x98\x32\xc4\x54\x15\x44\x0c\xf9\x9b\x55\xed\xad\xdf\x18\x08\xa0\xa3\x86\x8a\x49\xee\x53\x05\x8f\x19\x4c\xd5\xde\x58\x79\x9b\xd2\x6a\x1c\x42\xab\xc5\xd5\xa7\xcf\x68\x0f\x96\xe4\xe1\x61\x98\x76\x61\xc8\x91\x7c\xd6\x3e\x00\xe2\x91\x50\x87\xe1\x9d\x0a\xe6\xad\x97\xd2\x1d\xc6\x3a\x7d\xcb\xbc\xda\x03\x34\xd5\x8e\x5b\x01\xf5\x6a\x07\xb7\x16\xb6\x6e\x4a\x7f\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x31\xc3\x79\x1b\xba\xf5\x53\xd7\x17\xe0\x89\x7a\x2d\x17\x6c\x0a\xb3\x2b\x9d\x33\x30\x0f\x06\x03\x55\x1d\x13\x04\x08\x30\x06\x01\x01\xff\x02\x01\x05\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x94\x64\x59\xad\x39\x64\xe7\x29\xeb\x13\xfe\x5a\xc3\x8b\x13\x57\xc8\x04\x24\xf0\x74\x77\xc0\x60\xe3\x67\xfb\xe9\x89\xa6\x83\xbf\x96\x82\x7c\x6e\xd4\xc3\x3d\xef\x9e\x80\x6e\xbb\x29\xb4\x98\x7a\xb1\x3b\x54\xeb\x39\x17\x47\x7e\x1a\x8e\x0b\xfc\x1f\x31\x59\x31\x04\xb2\xce\x17\xf3\x2c\xc7\x62\x36\x55\xe2\x22\xd8\x89\x55\xb4\x98\x48\xaa\x64\xfa\xd6\x1c\x36\xd8\x44\x78\x5a\x5a\x23\x3a\x57\x97\xf5\x7a\x30\x4f\xae\x9f\x6a\x4c\x4b\x2b\x8e\xa0\x03\xe3\x3e\xe0\xa9\xd4\xd2\x7b\xd2\xb3\xa8\xe2\x72\x3c\xad\x9e\xff\x80\x59\xe4\x9b\x45\xb4\xf6\x3b\xb0\xcd\x39\x19\x98\x32\xe5\xea\x21\x61\x90\xe4\x31\x21\x8e\x34\xb1\xf7\x2f\x35\x4a\x85\x10\xda\xe7\x8a\x37\x21\xbe\x59\x63\xe0\xf2\x85\x88\x31\x53\xd4\x54\x14\x85\x70\x79\xf4\x2e\x06\x77\x27\x75\x2f\x1f\xb8\x8a\xf9\xfe\xc5\xba\xd8\x36\xe4\x83\xec\xe7\x65\xb7\xbf\x63\x5a\xf3\x46\xaf\x81\x94\x37\xd4\x41\x8c\xd6\x23\xd6\x1e\xcf\xf5\x68\x1b\x44\x63\xa2\x5a\xba\xa7\x35\x59\xa1\xe5\x70\x05\x9b\x0e\x23\x57\x99\x94\x0a\x6d\xba\x39\x63\x28\x86\x92\xf3\x18\x84\xd8\xfb\xd1\xcf\x05\x56\x64\x57", + ["ComSign Secured CA"] = "\x30\x82\x03\xab\x30\x82\x02\x93\xa0\x03\x02\x01\x02\x02\x11\x00\xc7\x28\x47\x09\xb3\xb8\x6c\x45\x8c\x1d\xfa\x24\xf5\x36\x4e\xe9\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3c\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x43\x6f\x6d\x53\x69\x67\x6e\x20\x53\x65\x63\x75\x72\x65\x64\x20\x43\x41\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x43\x6f\x6d\x53\x69\x67\x6e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4c\x30\x1e\x17\x0d\x30\x34\x30\x33\x32\x34\x31\x31\x33\x37\x32\x30\x5a\x17\x0d\x32\x39\x30\x33\x31\x36\x31\x35\x30\x34\x35\x36\x5a\x30\x3c\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x43\x6f\x6d\x53\x69\x67\x6e\x20\x53\x65\x63\x75\x72\x65\x64\x20\x43\x41\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x43\x6f\x6d\x53\x69\x67\x6e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4c\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc6\xb5\x68\x5f\x1d\x94\x15\xc3\xa4\x08\x55\x2d\xe3\xa0\x57\x7a\xef\xe9\x74\x2a\xbb\xb9\x7c\x57\x49\x1a\x11\x5e\x4f\x29\x87\x0c\x48\xd6\x6a\xe7\x8f\xd4\x7e\x57\x24\xb9\x06\x89\xe4\x1c\x3c\xea\xac\xe3\xda\x21\x80\x73\x21\x0a\xef\x79\x98\x6c\x1f\x08\xff\xa1\x50\x7d\xf2\x98\x1b\xc9\x54\x6f\x3e\xa5\x28\xec\x21\x04\x0f\x45\xbb\x07\x3d\xa1\xc0\xfa\x2a\x98\x1d\x4e\x06\x93\xfb\xf5\x88\x3b\xab\x5f\xcb\x16\xbf\xe6\xf3\x9e\x4a\x87\xed\x19\xea\xc2\x9f\x43\xe4\xf1\x81\xa5\x7f\x10\x4f\x3e\xd1\x4a\x62\xad\x53\x1b\xcb\x83\xff\x07\x65\xa5\x92\x2d\x66\xa9\x5b\xb8\x5a\xf4\x1d\xb4\x21\x91\x4a\x17\x7b\x9e\x32\xfe\x56\x24\x39\xb2\x54\x84\x43\xf5\x84\xc2\xd8\xbc\x41\x90\xcc\x9d\xd6\x68\xda\xe9\x82\x50\xa9\x3b\x68\xcf\xb5\x5d\x02\x94\x60\x16\xb1\x43\xd9\x43\x5d\xdd\x5d\x87\x6e\xea\xbb\xb3\xc9\x6b\xf6\x03\x94\x09\x70\xde\x16\x11\x7a\x2b\xe8\x76\x8f\x49\x10\x98\x77\xb9\x63\x5c\x8b\x33\x97\x75\xf6\x0b\x8c\xb2\xab\x5b\xde\x74\x20\x25\x3f\xe3\xf3\x11\xf9\x87\x68\x86\x35\x71\xc3\x1d\x8c\x2d\xeb\xe5\x1a\xac\x0f\x73\xd5\x82\x59\x40\x80\xd3\x02\x03\x01\x00\x01\xa3\x81\xa7\x30\x81\xa4\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x44\x06\x03\x55\x1d\x1f\x04\x3d\x30\x3b\x30\x39\xa0\x37\xa0\x35\x86\x33\x68\x74\x74\x70\x3a\x2f\x2f\x66\x65\x64\x69\x72\x2e\x63\x6f\x6d\x73\x69\x67\x6e\x2e\x63\x6f\x2e\x69\x6c\x2f\x63\x72\x6c\x2f\x43\x6f\x6d\x53\x69\x67\x6e\x53\x65\x63\x75\x72\x65\x64\x43\x41\x2e\x63\x72\x6c\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xc1\x4b\xed\x70\xb6\xf7\x3e\x7c\x00\x3b\x00\x8f\xc7\x3e\x0e\x45\x9f\x1e\x5d\xec\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xc1\x4b\xed\x70\xb6\xf7\x3e\x7c\x00\x3b\x00\x8f\xc7\x3e\x0e\x45\x9f\x1e\x5d\xec\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x16\xcf\xee\x92\x13\x50\xab\x7b\x14\x9e\x33\xb6\x42\x20\x6a\xd4\x15\xbd\x09\xab\xfc\x72\xe8\xef\x47\x7a\x90\xac\x51\xc1\x64\x4e\xe9\x88\xbd\x43\x45\x81\xe3\x66\x23\x3f\x12\x86\x4d\x19\xe4\x05\xb0\xe6\x37\xc2\x8d\xda\x06\x28\xc9\x0f\x89\xa4\x53\xa9\x75\x3f\xb0\x96\xfb\xab\x4c\x33\x55\xf9\x78\x26\x46\x6f\x1b\x36\x98\xfb\x42\x76\xc1\x82\xb9\x8e\xde\xfb\x45\xf9\x63\x1b\x62\x3b\x39\x06\xca\x77\x7a\xa8\x3c\x09\xcf\x6c\x36\x3d\x0f\x0a\x45\x4b\x69\x16\x1a\x45\x7d\x33\x03\x65\xf9\x52\x71\x90\x26\x95\xac\x4c\x0c\xf5\x8b\x93\x3f\xcc\x75\x74\x85\x98\xba\xff\x62\x7a\x4d\x1f\x89\xfe\xae\xbd\x94\x00\x99\xbf\x11\xa5\xdc\xe0\x79\xc5\x16\x0b\x7d\x02\x61\x1d\xea\x85\xf9\x02\x15\x4f\xe7\x5a\x89\x4e\x14\x6f\xe3\x37\x4b\x85\xf5\xc1\x3c\x61\xe0\xfd\x05\x41\xb2\x92\x7f\xc3\x1d\xa0\xd0\xae\x52\x64\x60\x6b\x18\xc6\x26\x9c\xd8\xf5\x64\xe4\x36\x1a\x62\x9f\x8a\x0f\x3e\xff\x6d\x4e\x19\x56\x4e\x20\x91\x6c\x9f\x34\x33\x3a\x34\x57\x50\x3a\x6f\x81\x5e\x06\xc6\xf5\x3e\x7c\x4e\x8e\x2b\xce\x65\x06\x2e\x5d\xd2\x2a\x53\x74\x5e\xd3\x6e\x27\x9e\x8f", + ["Cybertrust Global Root"] = "\x30\x82\x03\xa1\x30\x82\x02\x89\xa0\x03\x02\x01\x02\x02\x0b\x04\x00\x00\x00\x00\x01\x0f\x85\xaa\x2d\x48\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3b\x31\x18\x30\x16\x06\x03\x55\x04\x0a\x13\x0f\x43\x79\x62\x65\x72\x74\x72\x75\x73\x74\x2c\x20\x49\x6e\x63\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x43\x79\x62\x65\x72\x74\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x36\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5a\x17\x0d\x32\x31\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5a\x30\x3b\x31\x18\x30\x16\x06\x03\x55\x04\x0a\x13\x0f\x43\x79\x62\x65\x72\x74\x72\x75\x73\x74\x2c\x20\x49\x6e\x63\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x43\x79\x62\x65\x72\x74\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xf8\xc8\xbc\xbd\x14\x50\x66\x13\xff\xf0\xd3\x79\xec\x23\xf2\xb7\x1a\xc7\x8e\x85\xf1\x12\x73\xa6\x19\xaa\x10\xdb\x9c\xa2\x65\x74\x5a\x77\x3e\x51\x7d\x56\xf6\xdc\x23\xb6\xd4\xed\x5f\x58\xb1\x37\x4d\xd5\x49\x0e\x6e\xf5\x6a\x87\xd6\xd2\x8c\xd2\x27\xc6\xe2\xff\x36\x9f\x98\x65\xa0\x13\x4e\xc6\x2a\x64\x9b\xd5\x90\x12\xcf\x14\x06\xf4\x3b\xe3\xd4\x28\xbe\xe8\x0e\xf8\xab\x4e\x48\x94\x6d\x8e\x95\x31\x10\x5c\xed\xa2\x2d\xbd\xd5\x3a\x6d\xb2\x1c\xbb\x60\xc0\x46\x4b\x01\xf5\x49\xae\x7e\x46\x8a\xd0\x74\x8d\xa1\x0c\x02\xce\xee\xfc\xe7\x8f\xb8\x6b\x66\xf3\x7f\x44\x00\xbf\x66\x25\x14\x2b\xdd\x10\x30\x1d\x07\x96\x3f\x4d\xf6\x6b\xb8\x8f\xb7\x7b\x0c\xa5\x38\xeb\xde\x47\xdb\xd5\x5d\x39\xfc\x88\xa7\xf3\xd7\x2a\x74\xf1\xe8\x5a\xa2\x3b\x9f\x50\xba\xa6\x8c\x45\x35\xc2\x50\x65\x95\xdc\x63\x82\xef\xdd\xbf\x77\x4d\x9c\x62\xc9\x63\x73\x16\xd0\x29\x0f\x49\xa9\x48\xf0\xb3\xaa\xb7\x6c\xc5\xa7\x30\x39\x40\x5d\xae\xc4\xe2\x5d\x26\x53\xf0\xce\x1c\x23\x08\x61\xa8\x94\x19\xba\x04\x62\x40\xec\x1f\x38\x70\x77\x12\x06\x71\xa7\x30\x18\x5d\x25\x27\xa5\x02\x03\x01\x00\x01\xa3\x81\xa5\x30\x81\xa2\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xb6\x08\x7b\x0d\x7a\xcc\xac\x20\x4c\x86\x56\x32\x5e\xcf\xab\x6e\x85\x2d\x70\x57\x30\x3f\x06\x03\x55\x1d\x1f\x04\x38\x30\x36\x30\x34\xa0\x32\xa0\x30\x86\x2e\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x32\x2e\x70\x75\x62\x6c\x69\x63\x2d\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x2f\x63\x72\x6c\x2f\x63\x74\x2f\x63\x74\x72\x6f\x6f\x74\x2e\x63\x72\x6c\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xb6\x08\x7b\x0d\x7a\xcc\xac\x20\x4c\x86\x56\x32\x5e\xcf\xab\x6e\x85\x2d\x70\x57\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x56\xef\x0a\x23\xa0\x54\x4e\x95\x97\xc9\xf8\x89\xda\x45\xc1\xd4\xa3\x00\x25\xf4\x1f\x13\xab\xb7\xa3\x85\x58\x69\xc2\x30\xad\xd8\x15\x8a\x2d\xe3\xc9\xcd\x81\x5a\xf8\x73\x23\x5a\xa7\x7c\x05\xf3\xfd\x22\x3b\x0e\xd1\x06\xc4\xdb\x36\x4c\x73\x04\x8e\xe5\xb0\x22\xe4\xc5\xf3\x2e\xa5\xd9\x23\xe3\xb8\x4e\x4a\x20\xa7\x6e\x02\x24\x9f\x22\x60\x67\x7b\x8b\x1d\x72\x09\xc5\x31\x5c\xe9\x79\x9f\x80\x47\x3d\xad\xa1\x0b\x07\x14\x3d\x47\xff\x03\x69\x1a\x0c\x0b\x44\xe7\x63\x25\xa7\x7f\xb2\xc9\xb8\x76\x84\xed\x23\xf6\x7d\x07\xab\x45\x7e\xd3\xdf\xb3\xbf\xe9\x8a\xb6\xcd\xa8\xa2\x67\x2b\x52\xd5\xb7\x65\xf0\x39\x4c\x63\xa0\x91\x79\x93\x52\x0f\x54\xdd\x83\xbb\x9f\xd1\x8f\xa7\x53\x73\xc3\xcb\xff\x30\xec\x7c\x04\xb8\xd8\x44\x1f\x93\x5f\x71\x09\x22\xb7\x6e\x3e\xea\x1c\x03\x4e\x9d\x1a\x20\x61\xfb\x81\x37\xec\x5e\xfc\x0a\x45\xab\xd7\xe7\x17\x55\xd0\xa0\xea\x60\x9b\xa6\xf6\xe3\x8c\x5b\x29\xc2\x06\x60\x14\x9d\x2d\x97\x4c\xa9\x93\x15\x9d\x61\xc4\x01\x5f\x48\xd6\x58\xbd\x56\x31\x12\x4e\x11\xc8\x21\xe0\xb3\x11\x91\x65\xdb\xb4\xa6\x88\x38\xce\x55", + ["ePKI Root Certification Authority"] = "\x30\x82\x05\xb0\x30\x82\x03\x98\xa0\x03\x02\x01\x02\x02\x10\x15\xc8\xbd\x65\x47\x5c\xaf\xb8\x97\x00\x5e\xe4\x06\xd2\xbc\x9d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x5e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x23\x30\x21\x06\x03\x55\x04\x0a\x0c\x1a\x43\x68\x75\x6e\x67\x68\x77\x61\x20\x54\x65\x6c\x65\x63\x6f\x6d\x20\x43\x6f\x2e\x2c\x20\x4c\x74\x64\x2e\x31\x2a\x30\x28\x06\x03\x55\x04\x0b\x0c\x21\x65\x50\x4b\x49\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x34\x31\x32\x32\x30\x30\x32\x33\x31\x32\x37\x5a\x17\x0d\x33\x34\x31\x32\x32\x30\x30\x32\x33\x31\x32\x37\x5a\x30\x5e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x23\x30\x21\x06\x03\x55\x04\x0a\x0c\x1a\x43\x68\x75\x6e\x67\x68\x77\x61\x20\x54\x65\x6c\x65\x63\x6f\x6d\x20\x43\x6f\x2e\x2c\x20\x4c\x74\x64\x2e\x31\x2a\x30\x28\x06\x03\x55\x04\x0b\x0c\x21\x65\x50\x4b\x49\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xe1\x25\x0f\xee\x8d\xdb\x88\x33\x75\x67\xcd\xad\x1f\x7d\x3a\x4e\x6d\x9d\xd3\x2f\x14\xf3\x63\x74\xcb\x01\x21\x6a\x37\xea\x84\x50\x07\x4b\x26\x5b\x09\x43\x6c\x21\x9e\x6a\xc8\xd5\x03\xf5\x60\x69\x8f\xcc\xf0\x22\xe4\x1f\xe7\xf7\x6a\x22\x31\xb7\x2c\x15\xf2\xe0\xfe\x00\x6a\x43\xff\x87\x65\xc6\xb5\x1a\xc1\xa7\x4c\x6d\x22\x70\x21\x8a\x31\xf2\x97\x74\x89\x09\x12\x26\x1c\x9e\xca\xd9\x12\xa2\x95\x3c\xda\xe9\x67\xbf\x08\xa0\x64\xe3\xd6\x42\xb7\x45\xef\x97\xf4\xf6\xf5\xd7\xb5\x4a\x15\x02\x58\x7d\x98\x58\x4b\x60\xbc\xcd\xd7\x0d\x9a\x13\x33\x53\xd1\x61\xf9\x7a\xd5\xd7\x78\xb3\x9a\x33\xf7\x00\x86\xce\x1d\x4d\x94\x38\xaf\xa8\xec\x78\x51\x70\x8a\x5c\x10\x83\x51\x21\xf7\x11\x3d\x34\x86\x5e\xe5\x48\xcd\x97\x81\x82\x35\x4c\x19\xec\x65\xf6\x6b\xc5\x05\xa1\xee\x47\x13\xd6\xb3\x21\x27\x94\x10\x0a\xd9\x24\x3b\xba\xbe\x44\x13\x46\x30\x3f\x97\x3c\xd8\xd7\xd7\x6a\xee\x3b\x38\xe3\x2b\xd4\x97\x0e\xb9\x1b\xe7\x07\x49\x7f\x37\x2a\xf9\x77\x78\xcf\x54\xed\x5b\x46\x9d\xa3\x80\x0e\x91\x43\xc1\xd6\x5b\x5f\x14\xba\x9f\xa6\x8d\x24\x47\x40\x59\xbf\x72\x38\xb2\x36\x6c\x37\xff\x99\xd1\x5d\x0e\x59\x0a\xab\x69\xf7\xc0\xb2\x04\x45\x7a\x54\x00\xae\xbe\x53\xf6\xb5\xe7\xe1\xf8\x3c\xa3\x31\xd2\xa9\xfe\x21\x52\x64\xc5\xa6\x67\xf0\x75\x07\x06\x94\x14\x81\x55\xc6\x27\xe4\x01\x8f\x17\xc1\x6a\x71\xd7\xbe\x4b\xfb\x94\x58\x7d\x7e\x11\x33\xb1\x42\xf7\x62\x6c\x18\xd6\xcf\x09\x68\x3e\x7f\x6c\xf6\x1e\x8f\x62\xad\xa5\x63\xdb\x09\xa7\x1f\x22\x42\x41\x1e\x6f\x99\x8a\x3e\xd7\xf9\x3f\x40\x7a\x79\xb0\xa5\x01\x92\xd2\x9d\x3d\x08\x15\xa5\x10\x01\x2d\xb3\x32\x76\xa8\x95\x0d\xb3\x7a\x9a\xfb\x07\x10\x78\x11\x6f\xe1\x8f\xc7\xba\x0f\x25\x1a\x74\x2a\xe5\x1c\x98\x41\x99\xdf\x21\x87\xe8\x95\x06\x6a\x0a\xb3\x6a\x47\x76\x65\xf6\x3a\xcf\x8f\x62\x17\x19\x7b\x0a\x28\xcd\x1a\xd2\x83\x1e\x21\xc7\x2c\xbf\xbe\xff\x61\x68\xb7\x67\x1b\xbb\x78\x4d\x8d\xce\x67\xe5\xe4\xc1\x8e\xb7\x23\x66\xe2\x9d\x90\x75\x34\x98\xa9\x36\x2b\x8a\x9a\x94\xb9\x9d\xec\xcc\x8a\xb1\xf8\x25\x89\x5c\x5a\xb6\x2f\x8c\x1f\x6d\x79\x24\xa7\x52\x68\xc3\x84\x35\xe2\x66\x8d\x63\x0e\x25\x4d\xd5\x19\xb2\xe6\x79\x37\xa7\x22\x9d\x54\x31\x02\x03\x01\x00\x01\xa3\x6a\x30\x68\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x1e\x0c\xf7\xb6\x67\xf2\xe1\x92\x26\x09\x45\xc0\x55\x39\x2e\x77\x3f\x42\x4a\xa2\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x39\x06\x04\x67\x2a\x07\x00\x04\x31\x30\x2f\x30\x2d\x02\x01\x00\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x30\x07\x06\x05\x67\x2a\x03\x00\x00\x04\x14\x45\xb0\xc2\xc7\x0a\x56\x7c\xee\x5b\x78\x0c\x95\xf9\x18\x53\xc1\xa6\x1c\xd8\x10\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x09\xb3\x83\x53\x59\x01\x3e\x95\x49\xb9\xf1\x81\xba\xf9\x76\x20\x23\xb5\x27\x60\x74\xd4\x6a\x99\x34\x5e\x6c\x00\x53\xd9\x9f\xf2\xa6\xb1\x24\x07\x44\x6a\x2a\xc6\xa5\x8e\x78\x12\xe8\x47\xd9\x58\x1b\x13\x2a\x5e\x79\x9b\x9f\x0a\x2a\x67\xa6\x25\x3f\x06\x69\x56\x73\xc3\x8a\x66\x48\xfb\x29\x81\x57\x74\x06\xca\x9c\xea\x28\xe8\x38\x67\x26\x2b\xf1\xd5\xb5\x3f\x65\x93\xf8\x36\x5d\x8e\x8d\x8d\x40\x20\x87\x19\xea\xef\x27\xc0\x3d\xb4\x39\x0f\x25\x7b\x68\x50\x74\x55\x9c\x0c\x59\x7d\x5a\x3d\x41\x94\x25\x52\x08\xe0\x47\x2c\x15\x31\x19\xd5\xbf\x07\x55\xc6\xbb\x12\xb5\x97\xf4\x5f\x83\x85\xba\x71\xc1\xd9\x6c\x81\x11\x76\x0a\x0a\xb0\xbf\x82\x97\xf7\xea\x3d\xfa\xfa\xec\x2d\xa9\x28\x94\x3b\x56\xdd\xd2\x51\x2e\xae\xc0\xbd\x08\x15\x8c\x77\x52\x34\x96\xd6\x9b\xac\xd3\x1d\x8e\x61\x0f\x35\x7b\x9b\xae\x39\x69\x0b\x62\x60\x40\x20\x36\x8f\xaf\xfb\x36\xee\x2d\x08\x4a\x1d\xb8\xbf\x9b\x5c\xf8\xea\xa5\x1b\xa0\x73\xa6\xd8\xf8\x6e\xe0\x33\x04\x5f\x68\xaa\x27\x87\xed\xd9\xc1\x90\x9c\xed\xbd\xe3\x6a\x35\xaf\x63\xdf\xab\x18\xd9\xba\xe6\xe9\x4a\xea\x50\x8a\x0f\x61\x93\x1e\xe2\x2d\x19\xe2\x30\x94\x35\x92\x5d\x0e\xb6\x07\xaf\x19\x80\x8f\x47\x90\x51\x4b\x2e\x4d\xdd\x85\xe2\xd2\x0a\x52\x0a\x17\x9a\xfc\x1a\xb0\x50\x02\xe5\x01\xa3\x63\x37\x21\x4c\x44\xc4\x9b\x51\x99\x11\x0e\x73\x9c\x06\x8f\x54\x2e\xa7\x28\x5e\x44\x39\x87\x56\x2d\x37\xbd\x85\x44\x94\xe1\x0c\x4b\x2c\x9c\xc3\x92\x85\x34\x61\xcb\x0f\xb8\x9b\x4a\x43\x52\xfe\x34\x3a\x7d\xb8\xe9\x29\xdc\x76\xa9\xc8\x30\xf8\x14\x71\x80\xc6\x1e\x36\x48\x74\x22\x41\x5c\x87\x82\xe8\x18\x71\x8b\x41\x89\x44\xe7\x7e\x58\x5b\xa8\xb8\x8d\x13\xe9\xa7\x6c\xc3\x47\xed\xb3\x1a\x9d\x62\xae\x8d\x82\xea\x94\x9e\xdd\x59\x10\xc3\xad\xdd\xe2\x4d\xe3\x31\xd5\xc7\xec\xe8\xf2\xb0\xfe\x92\x1e\x16\x0a\x1a\xfc\xd9\xf3\xf8\x27\xb6\xc9\xbe\x1d\xb4\x6c\x64\x90\x7f\xf4\xe4\xc4\x5b\xd7\x37\xae\x42\x0e\xdd\xa4\x1a\x6f\x7c\x88\x54\xc5\x16\x6e\xe1\x7a\x68\x2e\xf8\x3a\xbf\x0d\xa4\x3c\x89\x3b\x78\xa7\x4e\x63\x83\x04\x21\x08\x67\x8d\xf2\x82\x49\xd0\x5b\xfd\xb1\xcd\x0f\x83\x84\xd4\x3e\x20\x85\xf7\x4a\x3d\x2b\x9c\xfd\x2a\x0a\x09\x4d\xea\x81\xf8\x11\x9c", + ["T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3"] = "\x30\x82\x05\x17\x30\x82\x03\xff\xa0\x03\x02\x01\x02\x02\x01\x11\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x82\x01\x2b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x18\x30\x16\x06\x03\x55\x04\x07\x0c\x0f\x47\x65\x62\x7a\x65\x20\x2d\x20\x4b\x6f\x63\x61\x65\x6c\x69\x31\x47\x30\x45\x06\x03\x55\x04\x0a\x0c\x3e\x54\xc3\xbc\x72\x6b\x69\x79\x65\x20\x42\x69\x6c\x69\x6d\x73\x65\x6c\x20\x76\x65\x20\x54\x65\x6b\x6e\x6f\x6c\x6f\x6a\x69\x6b\x20\x41\x72\x61\xc5\x9f\x74\xc4\xb1\x72\x6d\x61\x20\x4b\x75\x72\x75\x6d\x75\x20\x2d\x20\x54\xc3\x9c\x42\xc4\xb0\x54\x41\x4b\x31\x48\x30\x46\x06\x03\x55\x04\x0b\x0c\x3f\x55\x6c\x75\x73\x61\x6c\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x76\x65\x20\x4b\x72\x69\x70\x74\x6f\x6c\x6f\x6a\x69\x20\x41\x72\x61\xc5\x9f\x74\xc4\xb1\x72\x6d\x61\x20\x45\x6e\x73\x74\x69\x74\xc3\xbc\x73\xc3\xbc\x20\x2d\x20\x55\x45\x4b\x41\x45\x31\x23\x30\x21\x06\x03\x55\x04\x0b\x0c\x1a\x4b\x61\x6d\x75\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x73\x79\x6f\x6e\x20\x4d\x65\x72\x6b\x65\x7a\x69\x31\x4a\x30\x48\x06\x03\x55\x04\x03\x0c\x41\x54\xc3\x9c\x42\xc4\xb0\x54\x41\x4b\x20\x55\x45\x4b\x41\x45\x20\x4b\xc3\xb6\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x20\x2d\x20\x53\xc3\xbc\x72\xc3\xbc\x6d\x20\x33\x30\x1e\x17\x0d\x30\x37\x30\x38\x32\x34\x31\x31\x33\x37\x30\x37\x5a\x17\x0d\x31\x37\x30\x38\x32\x31\x31\x31\x33\x37\x30\x37\x5a\x30\x82\x01\x2b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x18\x30\x16\x06\x03\x55\x04\x07\x0c\x0f\x47\x65\x62\x7a\x65\x20\x2d\x20\x4b\x6f\x63\x61\x65\x6c\x69\x31\x47\x30\x45\x06\x03\x55\x04\x0a\x0c\x3e\x54\xc3\xbc\x72\x6b\x69\x79\x65\x20\x42\x69\x6c\x69\x6d\x73\x65\x6c\x20\x76\x65\x20\x54\x65\x6b\x6e\x6f\x6c\x6f\x6a\x69\x6b\x20\x41\x72\x61\xc5\x9f\x74\xc4\xb1\x72\x6d\x61\x20\x4b\x75\x72\x75\x6d\x75\x20\x2d\x20\x54\xc3\x9c\x42\xc4\xb0\x54\x41\x4b\x31\x48\x30\x46\x06\x03\x55\x04\x0b\x0c\x3f\x55\x6c\x75\x73\x61\x6c\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x76\x65\x20\x4b\x72\x69\x70\x74\x6f\x6c\x6f\x6a\x69\x20\x41\x72\x61\xc5\x9f\x74\xc4\xb1\x72\x6d\x61\x20\x45\x6e\x73\x74\x69\x74\xc3\xbc\x73\xc3\xbc\x20\x2d\x20\x55\x45\x4b\x41\x45\x31\x23\x30\x21\x06\x03\x55\x04\x0b\x0c\x1a\x4b\x61\x6d\x75\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x73\x79\x6f\x6e\x20\x4d\x65\x72\x6b\x65\x7a\x69\x31\x4a\x30\x48\x06\x03\x55\x04\x03\x0c\x41\x54\xc3\x9c\x42\xc4\xb0\x54\x41\x4b\x20\x55\x45\x4b\x41\x45\x20\x4b\xc3\xb6\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x20\x2d\x20\x53\xc3\xbc\x72\xc3\xbc\x6d\x20\x33\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x8a\x6d\x4b\xff\x10\x88\x3a\xc3\xf6\x7e\x94\xe8\xea\x20\x64\x70\xae\x21\x81\xbe\x3a\x7b\x3c\xdb\xf1\x1d\x52\x7f\x59\xfa\xf3\x22\x4c\x95\xa0\x90\xbc\x48\x4e\x11\xab\xfb\xb7\xb5\x8d\x7a\x83\x28\x8c\x26\x46\xd8\x4e\x95\x40\x87\x61\x9f\xc5\x9e\x6d\x81\x87\x57\x6c\x8a\x3b\xb4\x66\xea\xcc\x40\xfc\xe3\xaa\x6c\xb2\xcb\x01\xdb\x32\xbf\xd2\xeb\x85\xcf\xa1\x0d\x55\xc3\x5b\x38\x57\x70\xb8\x75\xc6\x79\xd1\x14\x30\xed\x1b\x58\x5b\x6b\xef\x35\xf2\xa1\x21\x4e\xc5\xce\x7c\x99\x5f\x6c\xb9\xb8\x22\x93\x50\xa7\xcd\x4c\x70\x6a\xbe\x6a\x05\x7f\x13\x9c\x2b\x1e\xea\xfe\x47\xce\x04\xa5\x6f\xac\x93\x2e\x7c\x2b\x9f\x9e\x79\x13\x91\xe8\xea\x9e\xca\x38\x75\x8e\x62\xb0\x95\x93\x2a\xe5\xdf\xe9\x5e\x97\x6e\x20\x5f\x5f\x84\x7a\x44\x39\x19\x40\x1c\xba\x55\x2b\xfb\x30\xb2\x81\xef\x84\xe3\xdc\xec\x98\x38\x39\x03\x85\x08\xa9\x54\x03\x05\x29\xf0\xc9\x8f\x8b\xea\x0b\x86\x65\x19\x11\xd3\xe9\x09\x23\xde\x68\x93\x03\xc9\x36\x1c\x21\x6e\xce\x8c\x66\xf1\x99\x30\xd8\xd7\xb3\xc3\x1d\xf8\x81\x2e\xa8\xbd\x82\x0b\x66\xfe\x82\xcb\xe1\xe0\x1a\x82\xc3\x40\x81\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xbd\x88\x87\xc9\x8f\xf6\xa4\x0a\x0b\xaa\xeb\xc5\xfe\x91\x23\x9d\xab\x4a\x8a\x32\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x1d\x7c\xfa\x49\x8f\x34\xe9\xb7\x26\x92\x16\x9a\x05\x74\xe7\x4b\xd0\x6d\x39\x6c\xc3\x26\xf6\xce\xb8\x31\xbc\xc4\xdf\xbc\x2a\xf8\x37\x91\x18\xdc\x04\xc8\x64\x99\x2b\x18\x6d\x80\x03\x59\xc9\xae\xf8\x58\xd0\x3e\xed\xc3\x23\x9f\x69\x3c\x86\x38\x1c\x9e\xef\xda\x27\x78\xd1\x84\x37\x71\x8a\x3c\x4b\x39\xcf\x7e\x45\x06\xd6\x2d\xd8\x8a\x4d\x78\x12\xd6\xad\xc2\xd3\xcb\xd2\xd0\x41\xf3\x26\x36\x4a\x9b\x95\x6c\x0c\xee\xe5\xd1\x43\x27\x66\xc1\x88\xf7\x7a\xb3\x20\x6c\xea\xb0\x69\x2b\xc7\x20\xe8\x0c\x03\xc4\x41\x05\x99\xe2\x3f\xe4\x6b\xf8\xa0\x86\x81\xc7\x84\xc6\x1f\xd5\x4b\x81\x12\xb2\x16\x21\x2c\x13\xa1\x80\xb2\x5e\x0c\x4a\x13\x9e\x20\xd8\x62\x40\xab\x90\xea\x64\x4a\x2f\xac\x0d\x01\x12\x79\x45\xa8\x2f\x87\x19\x68\xc8\xe2\x85\xc7\x30\xb2\x75\xf9\x38\x3f\xb2\xc0\x93\xb4\x6b\xe2\x03\x44\xce\x67\xa0\xdf\x89\xd6\xad\x8c\x76\xa3\x13\xc3\x94\x61\x2b\x6b\xd9\x6c\xc1\x07\x0a\x22\x07\x85\x6c\x85\x24\x46\xa9\xbe\x3f\x8b\x78\x84\x82\x7e\x24\x0c\x9d\xfd\x81\x37\xe3\x25\xa8\xed\x36\x4e\x95\x2c\xc9\x9c\x90\xda\xec\xa9\x42\x3c\xad\xb6\x02", + ["Buypass Class 2 CA 1"] = "\x30\x82\x03\x53\x30\x82\x02\x3b\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4f\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2d\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x1d\x30\x1b\x06\x03\x55\x04\x03\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x20\x31\x30\x1e\x17\x0d\x30\x36\x31\x30\x31\x33\x31\x30\x32\x35\x30\x39\x5a\x17\x0d\x31\x36\x31\x30\x31\x33\x31\x30\x32\x35\x30\x39\x5a\x30\x4b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4f\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2d\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x1d\x30\x1b\x06\x03\x55\x04\x03\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x20\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x8b\x3c\x07\x45\xd8\xf6\xdf\xe6\xc7\xca\xba\x8d\x43\xc5\x47\x8d\xb0\x5a\xc1\x38\xdb\x92\x84\x1c\xaf\x13\xd4\x0f\x6f\x36\x46\x20\xc4\x2e\xcc\x71\x70\x34\xa2\x34\xd3\x37\x2e\xd8\xdd\x3a\x77\x2f\xc0\xeb\x29\xe8\x5c\xd2\xb5\xa9\x91\x34\x87\x22\x59\xfe\xcc\xdb\xe7\x99\xaf\x96\xc1\xa8\xc7\x40\xdd\xa5\x15\x8c\x6e\xc8\x7c\x97\x03\xcb\xe6\x20\xf2\xd7\x97\x5f\x31\xa1\x2f\x37\xd2\xbe\xee\xbe\xa9\xad\xa8\x4c\x9e\x21\x66\x43\x3b\xa8\xbc\xf3\x09\xa3\x38\xd5\x59\x24\xc1\xc2\x47\x76\xb1\x88\x5c\x82\x3b\xbb\x2b\xa6\x04\xd7\x8c\x07\x8f\xcd\xd5\x41\x1d\xf0\xae\xb8\x29\x2c\x94\x52\x60\x34\x94\x3b\xda\xe0\x38\xd1\x9d\x33\x3e\x15\xf4\x93\x32\xc5\x00\xda\xb5\x29\x66\x0e\x3a\x78\x0f\x21\x52\x5f\x02\xe5\x92\x7b\x25\xd3\x92\x1e\x2f\x15\x9d\x81\xe4\x9d\x8e\xe8\xef\x89\xce\x14\x4c\x54\x1d\x1c\x81\x12\x4d\x70\xa8\xbe\x10\x05\x17\x7e\x1f\xd1\xb8\x57\x55\xed\xcd\xbb\x52\xc2\xb0\x1e\x78\xc2\x4d\x36\x68\xcb\x56\x26\xc1\x52\xc1\xbd\x76\xf7\x58\xd5\x72\x7e\x1f\x44\x76\xbb\x00\x89\x1d\x16\x9d\x51\x35\xef\x4d\xc2\x56\xef\x6b\xe0\x8c\x3b\x0d\xe9\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x3f\x8d\x9a\x59\x8b\xfc\x7b\x7b\x9c\xa3\xaf\x38\xb0\x39\xed\x90\x71\x80\xd6\xc8\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x15\x1a\x7e\x13\x8a\xb9\xe8\x07\xa3\x4b\x27\x32\xb2\x40\x91\xf2\x21\xd1\x64\x85\xbe\x63\x6a\xd2\xcf\x81\xc2\x15\xd5\x7a\x7e\x0c\x29\xac\x37\x1e\x1c\x7c\x76\x52\x95\xda\xb5\x7f\x23\xa1\x29\x77\x65\xc9\x32\x9d\xa8\x2e\x56\xab\x60\x76\xce\x16\xb4\x8d\x7f\x78\xc0\xd5\x99\x51\x83\x7f\x5e\xd9\xbe\x0c\xa8\x50\xed\x22\xc7\xad\x05\x4c\x76\xfb\xed\xee\x1e\x47\x64\xf6\xf7\x27\x7d\x5c\x28\x0f\x45\xc5\x5c\x62\x5e\xa6\x9a\x91\x91\xb7\x53\x17\x2e\xdc\xad\x60\x9d\x96\x64\x39\xbd\x67\x68\xb2\xae\x05\xcb\x4d\xe7\x5f\x1f\x57\x86\xd5\x20\x9c\x28\xfb\x6f\x13\x38\xf5\xf6\x11\x92\xf6\x7d\x99\x5e\x1f\x0c\xe8\xab\x44\x24\x29\x72\x40\x3d\x36\x52\xaf\x8c\x58\x90\x73\xc1\xec\x61\x2c\x79\xa1\xec\x87\xb5\x3f\xda\x4d\xd9\x21\x00\x30\xde\x90\xda\x0e\xd3\x1a\x48\xa9\x3e\x85\x0b\x14\x8b\x8c\xbc\x41\x9e\x6a\xf7\x0e\x70\xc0\x35\xf7\x39\xa2\x5d\x66\xd0\x7b\x59\x9f\xa8\x47\x12\x9a\x27\x23\xa4\x2d\x8e\x27\x83\x92\x20\xa1\xd7\x15\x7f\xf1\x2e\x18\xee\xf4\x48\x7f\x2f\x7f\xf1\xa1\x18\xb5\xa1\x0b\x94\xa0\x62\x20\x32\x9c\x1d\xf6\xd4\xef\xbf\x4c\x88\x68", + ["Buypass Class 3 CA 1"] = "\x30\x82\x03\x53\x30\x82\x02\x3b\xa0\x03\x02\x01\x02\x02\x01\x02\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4f\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2d\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x1d\x30\x1b\x06\x03\x55\x04\x03\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x20\x31\x30\x1e\x17\x0d\x30\x35\x30\x35\x30\x39\x31\x34\x31\x33\x30\x33\x5a\x17\x0d\x31\x35\x30\x35\x30\x39\x31\x34\x31\x33\x30\x33\x5a\x30\x4b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4f\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2d\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x1d\x30\x1b\x06\x03\x55\x04\x03\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x20\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa4\x8e\xd7\x74\xd9\x29\x64\xde\x5f\x1f\x87\x80\x91\xea\x4e\x39\xe6\x19\xc6\x44\x0b\x80\xd5\x0b\xaf\x53\x07\x8b\x12\xbd\xe6\x67\xf0\x02\xb1\x89\xf6\x60\x8a\xc4\x5b\xb0\x42\xd1\xc0\x21\xa8\xcb\xe1\x9b\xef\x64\x51\xb6\xa7\xcf\x15\xf5\x74\x80\x68\x04\x90\xa0\x58\xa2\xe6\x74\xa6\x53\x53\x55\x48\x63\x3f\x92\x56\xdd\x24\x4e\x8e\xf8\xba\x2b\xff\xf3\x34\x8a\x9e\x28\xd7\x34\x9f\xac\x2f\xd6\x0f\xf1\xa4\x2f\xbd\x52\xb2\x49\x85\x6d\x39\x35\xf0\x44\x30\x93\x46\x24\xf3\xb6\xe7\x53\xfb\xbc\x61\xaf\xa9\xa3\x14\xfb\xc2\x17\x17\x84\x6c\xe0\x7c\x88\xf8\xc9\x1c\x57\x2c\xf0\x3d\x7e\x94\xbc\x25\x93\x84\xe8\x9a\x00\x9a\x45\x05\x42\x57\x80\xf4\x4e\xce\xd9\xae\x39\xf6\xc8\x53\x10\x0c\x65\x3a\x47\x7b\x60\xc2\xd6\xfa\x91\xc9\xc6\x71\x6c\xbd\x91\x87\x3c\x91\x86\x49\xab\xf3\x0f\xa0\x6c\x26\x76\x5e\x1c\xac\x9b\x71\xe5\x8d\xbc\x9b\x21\x1e\x9c\xd6\x38\x7e\x24\x80\x15\x31\x82\x96\xb1\x49\xd3\x62\x37\x5b\x88\x0c\x0a\x62\x34\xfe\xa7\x48\x7e\x99\xb1\x30\x8b\x90\x37\x95\x1c\xa8\x1f\xa5\x2c\x8d\xf4\x55\xc8\xdb\xdd\x59\x0a\xc2\xad\x78\xa0\xf4\x8b\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x38\x14\xe6\xc8\xf0\xa9\xa4\x03\xf4\x4e\x3e\x22\xa3\x5b\xf2\xd6\xe0\xad\x40\x74\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x01\x67\xa3\x8c\xc9\x25\x3d\x13\x63\x5d\x16\x6f\xec\xa1\x3e\x09\x5c\x91\x15\x2a\x2a\xd9\x80\x21\x4f\x05\xdc\xbb\xa5\x89\xab\x13\x33\x2a\x9e\x38\xb7\x8c\x6f\x02\x72\x63\xc7\x73\x77\x1e\x09\x06\xba\x3b\x28\x7b\xa4\x47\xc9\x61\x6b\x08\x08\x20\xfc\x8a\x05\x8a\x1f\xbc\xba\xc6\xc2\xfe\xcf\x6e\xec\x13\x33\x71\x67\x2e\x69\xfa\xa9\x2c\x3f\x66\xc0\x12\x59\x4d\x0b\x54\x02\x92\x84\xbb\xdb\x12\xef\x83\x70\x70\x78\xc8\x53\xfa\xdf\xc6\xc6\xff\xdc\x88\x2f\x07\xc0\x49\x9d\x32\x57\x60\xd3\xf2\xf6\x99\x29\x5f\xe7\xaa\x01\xcc\xac\x33\xa8\x1c\x0a\xbb\x91\xc4\x03\xa0\x6f\xb6\x34\xf9\x86\xd3\xb3\x76\x54\x98\xf4\x4a\x81\xb3\x53\x9d\x4d\x40\xec\xe5\x77\x13\x45\xaf\x5b\xaa\x1f\xd8\x2f\x4c\x82\x7b\xfe\x2a\xc4\x58\xbb\x4f\xfc\x9e\xfd\x03\x65\x1a\x2a\x0e\xc3\xa5\x20\x16\x94\x6b\x79\xa6\xa2\x12\xb4\xbb\x1a\xa4\x23\x7a\x5f\xf0\xae\x84\x24\xe4\xf3\x2b\xfb\x8a\x24\xa3\x27\x98\x65\xda\x30\x75\x76\xfc\x19\x91\xe8\xdb\xeb\x9b\x3f\x32\xbf\x40\x97\x07\x26\xba\xcc\xf3\x94\x85\x4a\x7a\x27\x93\xcf\x90\x42\xd4\xb8\x5b\x16\xa6\xe7\xcb\x40\x03\xdd\x79", + ["EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1"] = "\x30\x82\x05\xe7\x30\x82\x03\xcf\xa0\x03\x02\x01\x02\x02\x08\x4c\xaf\x73\x42\x1c\x8e\x74\x02\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x80\x31\x38\x30\x36\x06\x03\x55\x04\x03\x0c\x2f\x45\x42\x47\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x31\x37\x30\x35\x06\x03\x55\x04\x0a\x0c\x2e\x45\x42\x47\x20\x42\x69\x6c\x69\xc5\x9f\x69\x6d\x20\x54\x65\x6b\x6e\x6f\x6c\x6f\x6a\x69\x6c\x65\x72\x69\x20\x76\x65\x20\x48\x69\x7a\x6d\x65\x74\x6c\x65\x72\x69\x20\x41\x2e\xc5\x9e\x2e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x30\x1e\x17\x0d\x30\x36\x30\x38\x31\x37\x30\x30\x32\x31\x30\x39\x5a\x17\x0d\x31\x36\x30\x38\x31\x34\x30\x30\x33\x31\x30\x39\x5a\x30\x81\x80\x31\x38\x30\x36\x06\x03\x55\x04\x03\x0c\x2f\x45\x42\x47\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x31\x37\x30\x35\x06\x03\x55\x04\x0a\x0c\x2e\x45\x42\x47\x20\x42\x69\x6c\x69\xc5\x9f\x69\x6d\x20\x54\x65\x6b\x6e\x6f\x6c\x6f\x6a\x69\x6c\x65\x72\x69\x20\x76\x65\x20\x48\x69\x7a\x6d\x65\x74\x6c\x65\x72\x69\x20\x41\x2e\xc5\x9e\x2e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xee\xa0\x84\x61\xd0\x3a\x6a\x66\x10\x32\xd8\x31\x38\x7f\xa7\xa7\xe5\xfd\xa1\xe1\xfb\x97\x77\xb8\x71\x96\xe8\x13\x96\x46\x83\x4f\xb6\xf2\x5f\x72\x56\x6e\x13\x60\xa5\x01\x91\xe2\x5b\xc5\xcd\x57\x1f\x77\x63\x51\xff\x2f\x3d\xdb\xb9\x3f\xaa\xa9\x35\xe7\x79\xd0\xf5\xd0\x24\xb6\x21\xea\xeb\x23\x94\xfe\x29\xbf\xfb\x89\x91\x0c\x64\x9a\x05\x4a\x2b\xcc\x0c\xee\xf1\x3d\x9b\x82\x69\xa4\x4c\xf8\x9a\x6f\xe7\x22\xda\x10\xba\x5f\x92\xfc\x18\x27\x0a\xa8\xaa\x44\xfa\x2e\x2c\xb4\xfb\x46\x9a\x08\x03\x83\x72\xab\x88\xe4\x6a\x72\xc9\xe5\x65\x1f\x6e\x2a\x0f\x9d\xb3\xe8\x3b\xe4\x0c\x6e\x7a\xda\x57\xfd\xd7\xeb\x79\x8b\x5e\x20\x06\xd3\x76\x0b\x6c\x02\x95\xa3\x96\xe4\xcb\x76\x51\xd1\x28\x9d\xa1\x1a\xfc\x44\xa2\x4d\xcc\x7a\x76\xa8\x0d\x3d\xbf\x17\x4f\x22\x88\x50\xfd\xae\xb6\xec\x90\x50\x4a\x5b\x9f\x95\x41\xaa\xca\x0f\xb2\x4a\xfe\x80\x99\x4e\xa3\x46\x15\xab\xf8\x73\x42\x6a\xc2\x66\x76\xb1\x0a\x26\x15\xdd\x93\x92\xec\xdb\xa9\x5f\x54\x22\x52\x91\x70\x5d\x13\xea\x48\xec\x6e\x03\x6c\xd9\xdd\x6c\xfc\xeb\x0d\x03\xff\xa6\x83\x12\x9b\xf1\xa9\x93\x0f\xc5\x26\x4c\x31\xb2\x63\x99\x61\x72\xe7\x2a\x64\x99\xd2\xb8\xe9\x75\xe2\x7c\xa9\xa9\x9a\x1a\xaa\xc3\x56\xdb\x10\x9a\x3c\x83\x52\xb6\x7b\x96\xb7\xac\x87\x77\xa8\xb9\xf2\x67\x0b\x94\x43\xb3\xaf\x3e\x73\xfa\x42\x36\xb1\x25\xc5\x0a\x31\x26\x37\x56\x67\xba\xa3\x0b\x7d\xd6\xf7\x89\xcd\x67\xa1\xb7\x3a\x1e\x66\x4f\xf6\xa0\x55\x14\x25\x4c\x2c\x33\x0d\xa6\x41\x8c\xbd\x04\x31\x6a\x10\x72\x0a\x9d\x0e\x2e\x76\xbd\x5e\xf3\x51\x89\x8b\xa8\x3f\x55\x73\xbf\xdb\x3a\xc6\x24\x05\x96\x92\x48\xaa\x4b\x8d\x2a\x03\xe5\x57\x91\x10\xf4\x6a\x28\x15\x6e\x47\x77\x84\x5c\x51\x74\x9f\x19\xe9\xe6\x1e\x63\x16\x39\xe3\x11\x15\xe3\x58\x1a\x44\xbd\xcb\xc4\x6c\x66\xd7\x84\x06\xdf\x30\xf4\x37\xa2\x43\x22\x79\xd2\x10\x6c\xdf\xbb\xe6\x13\x11\xfc\x9d\x84\x0a\x13\x7b\xf0\x3b\xd0\xfc\xa3\x0a\xd7\x89\xea\x96\x7e\x8d\x48\x85\x1e\x64\x5f\xdb\x54\xa2\xac\xd5\x7a\x02\x79\x6b\xd2\x8a\xf0\x67\xda\x65\x72\x0d\x14\x70\xe4\xe9\x8e\x78\x8f\x32\x74\x7c\x57\xf2\xd6\xd6\xf4\x36\x89\x1b\xf8\x29\x6c\x8b\xb9\xf6\x97\xd1\xa4\x2e\xaa\xbe\x0b\x19\xc2\x45\xe9\x70\x5d\x02\x03\x00\x9d\xd9\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xe7\xce\xc6\x4f\xfc\x16\x67\x96\xfa\x4a\xa3\x07\xc1\x04\xa7\xcb\x6a\xde\xda\x47\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xe7\xce\xc6\x4f\xfc\x16\x67\x96\xfa\x4a\xa3\x07\xc1\x04\xa7\xcb\x6a\xde\xda\x47\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x9b\x98\x9a\x5d\xbe\xf3\x28\x23\x76\xc6\x6c\xf7\x7f\xe6\x40\x9e\xc0\x36\xdc\x95\x0d\x1d\xad\x15\xc5\x36\xd8\xd5\x39\xef\xf2\x1e\x22\x5e\xb3\x82\xb4\x5d\xbb\x4c\x1a\xca\x92\x0d\xdf\x47\x24\x1e\xb3\x24\xda\x91\x88\xe9\x83\x70\xdd\x93\xd7\xe9\xba\xb3\xdf\x16\x5a\x3e\xde\xe0\xc8\xfb\xd3\xfd\x6c\x29\xf8\x15\x46\xa0\x68\x26\xcc\x93\x52\xae\x82\x01\x93\x90\xca\x77\xca\x4d\x49\xef\xe2\x5a\xd9\x2a\xbd\x30\xce\x4c\xb2\x81\xb6\x30\xce\x59\x4f\xda\x59\x1d\x6a\x7a\xa4\x45\xb0\x82\x26\x81\x86\x76\xf5\xf5\x10\x00\xb8\xee\xb3\x09\xe8\x4f\x87\x02\x07\xae\x24\x5c\xf0\x5f\xac\x0a\x30\xcc\x8a\x40\xa0\x73\x04\xc1\xfb\x89\x24\xf6\x9a\x1c\x5c\xb7\x3c\x0a\x67\x36\x05\x08\x31\xb3\xaf\xd8\x01\x68\x2a\xe0\x78\x8f\x74\xde\xb8\x51\xa4\x8c\x6c\x20\x3d\xa2\xfb\xb3\xd4\x09\xfd\x7b\xc2\x80\xaa\x93\x6c\x29\x98\x21\xa8\xbb\x16\xf3\xa9\x12\x5f\x74\xb5\x87\x98\xf2\x95\x26\xdf\x34\xef\x8a\x53\x91\x88\x5d\x1a\x94\xa3\x3f\x7c\x22\xf8\xd7\x88\xba\xa6\x8c\x96\xa8\x3d\x52\x34\x62\x9f\x00\x1e\x54\x55\x42\x67\xc6\x4d\x46\x8f\xbb\x14\x45\x3d\x0a\x96\x16\x8e\x10\xa1\x97\x99\xd5\xd3\x30\x85\xcc\xde\xb4\x72\xb7\xbc\x8a\x3c\x18\x29\x68\xfd\xdc\x71\x07\xee\x24\x39\x6a\xfa\xed\xa5\xac\x38\x2f\xf9\x1e\x10\x0e\x06\x71\x1a\x10\x4c\xfe\x75\x7e\xff\x1e\x57\x39\x42\xca\xd7\xe1\x15\xa1\x56\x55\x59\x1b\xd1\xa3\xaf\x11\xd8\x4e\xc3\xa5\x2b\xef\x90\xbf\xc0\xec\x82\x13\x5b\x8d\xd6\x72\x2c\x93\x4e\x8f\x6a\x29\xdf\x85\x3c\xd3\x0d\xe0\xa2\x18\x12\xcc\x55\x2f\x47\xb7\xa7\x9b\x02\xfe\x41\xf6\x88\x4c\x6d\xda\xa9\x01\x47\x83\x64\x27\x62\x10\x82\xd6\x12\x7b\x5e\x03\x1f\x34\xa9\xc9\x91\xfe\xaf\x5d\x6d\x86\x27\xb7\x23\xaa\x75\x18\xca\x20\xe7\xb0\x0f\xd7\x89\x0e\xa6\x67\x22\x63\xf4\x83\x41\x2b\x06\x4b\xbb\x58\xd5\xd1\xd7\xb7\xb9\x10\x63\xd8\x89\x4a\xb4\xaa\xdd\x16\x63\xf5\x6e\xbe\x60\xa1\xf8\xed\xe8\xd6\x90\x4f\x1a\xc6\xc5\xa0\x29\xd3\xa7\x21\xa8\xf5\x5a\x3c\xf7\xc7\x49\xa2\x21\x9a\x4a\x95\x52\x20\x96\x72\x9a\x66\xcb\xf7\xd2\x86\x43\x7c\x22\xbe\x96\xf9\xbd\x01\xa8\x47\xdd\xe5\x3b\x40\xf9\x75\x2b\x9b\x2b\x46\x64\x86\x8d\x1e\xf4\x8f\xfb\x07\x77\xd0\xea\x49\xa2\x1c\x8d\x52\x14\xa6\x0a\x93", + ["certSIGN ROOT CA"] = "\x30\x82\x03\x38\x30\x82\x02\x20\xa0\x03\x02\x01\x02\x02\x06\x20\x06\x05\x16\x70\x02\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x52\x4f\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x13\x08\x63\x65\x72\x74\x53\x49\x47\x4e\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x63\x65\x72\x74\x53\x49\x47\x4e\x20\x52\x4f\x4f\x54\x20\x43\x41\x30\x1e\x17\x0d\x30\x36\x30\x37\x30\x34\x31\x37\x32\x30\x30\x34\x5a\x17\x0d\x33\x31\x30\x37\x30\x34\x31\x37\x32\x30\x30\x34\x5a\x30\x3b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x52\x4f\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x13\x08\x63\x65\x72\x74\x53\x49\x47\x4e\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x63\x65\x72\x74\x53\x49\x47\x4e\x20\x52\x4f\x4f\x54\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb7\x33\xb9\x7e\xc8\x25\x4a\x8e\xb5\xdb\xb4\x28\x1b\xaa\x57\x90\xe8\xd1\x22\xd3\x64\xba\xd3\x93\xe8\xd4\xac\x86\x61\x40\x6a\x60\x57\x68\x54\x84\x4d\xbc\x6a\x54\x02\x05\xff\xdf\x9b\x9a\x2a\xae\x5d\x07\x8f\x4a\xc3\x28\x7f\xef\xfb\x2b\xfa\x79\xf1\xc7\xad\xf0\x10\x53\x24\x90\x8b\x66\xc9\xa8\x88\xab\xaf\x5a\xa3\x00\xe9\xbe\xba\x46\xee\x5b\x73\x7b\x2c\x17\x82\x81\x5e\x62\x2c\xa1\x02\x65\xb3\xbd\xc5\x2b\x00\x7e\xc4\xfc\x03\x33\x57\x0d\xed\xe2\xfa\xce\x5d\x45\xd6\x38\xcd\x35\xb6\xb2\xc1\xd0\x9c\x81\x4a\xaa\xe4\xb2\x01\x5c\x1d\x8f\x5f\x99\xc4\xb1\xad\xdb\x88\x21\xeb\x90\x08\x82\x80\xf3\x30\xa3\x43\xe6\x90\x82\xae\x55\x28\x49\xed\x5b\xd7\xa9\x10\x38\x0e\xfe\x8f\x4c\x5b\x9b\x46\xea\x41\xf5\xb0\x08\x74\xc3\xd0\x88\x33\xb6\x7c\xd7\x74\xdf\xdc\x84\xd1\x43\x0e\x75\x39\xa1\x25\x40\x28\xea\x78\xcb\x0e\x2c\x2e\x39\x9d\x8c\x8b\x6e\x16\x1c\x2f\x26\x82\x10\xe2\xe3\x65\x94\x0a\x04\xc0\x5e\xf7\x5d\x5b\xf8\x10\xe2\xd0\xba\x7a\x4b\xfb\xde\x37\x00\x00\x1a\x5b\x28\xe3\xd2\x9c\x73\x3e\x32\x87\x98\xa1\xc9\x51\x2f\xd7\xde\xac\x33\xb3\x4f\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xc6\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xe0\x8c\x9b\xdb\x25\x49\xb3\xf1\x7c\x86\xd6\xb2\x42\x87\x0b\xd0\x6b\xa0\xd9\xe4\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3e\xd2\x1c\x89\x2e\x35\xfc\xf8\x75\xdd\xe6\x7f\x65\x88\xf4\x72\x4c\xc9\x2c\xd7\x32\x4e\xf3\xdd\x19\x79\x47\xbd\x8e\x3b\x5b\x93\x0f\x50\x49\x24\x13\x6b\x14\x06\x72\xef\x09\xd3\xa1\xa1\xe3\x40\x84\xc9\xe7\x18\x32\x74\x3c\x48\x6e\x0f\x9f\x4b\xd4\xf7\x1e\xd3\x93\x86\x64\x54\x97\x63\x72\x50\xd5\x55\xcf\xfa\x20\x93\x02\xa2\x9b\xc3\x23\x93\x4e\x16\x55\x76\xa0\x70\x79\x6d\xcd\x21\x1f\xcf\x2f\x2d\xbc\x19\xe3\x88\x31\xf8\x59\x1a\x81\x09\xc8\x97\xa6\x74\xc7\x60\xc4\x5b\xcc\x57\x8e\xb2\x75\xfd\x1b\x02\x09\xdb\x59\x6f\x72\x93\x69\xf7\x31\x41\xd6\x88\x38\xbf\x87\xb2\xbd\x16\x79\xf9\xaa\xe4\xbe\x88\x25\xdd\x61\x27\x23\x1c\xb5\x31\x07\x04\x36\xb4\x1a\x90\xbd\xa0\x74\x71\x50\x89\x6d\xbc\x14\xe3\x0f\x86\xae\xf1\xab\x3e\xc7\xa0\x09\xcc\xa3\x48\xd1\xe0\xdb\x64\xe7\x92\xb5\xcf\xaf\x72\x43\x70\x8b\xf9\xc3\x84\x3c\x13\xaa\x7e\x92\x9b\x57\x53\x93\xfa\x70\xc2\x91\x0e\x31\xf9\x9b\x67\x5d\xe9\x96\x38\x5e\x5f\xb3\x73\x4e\x88\x15\x67\xde\x9e\x76\x10\x62\x20\xbe\x55\x69\x95\x43\x00\x39\x4d\xf6\xee\xb0\x5a\x4e\x49\x44\x54\x58\x5f\x42\x83", + ["CNNIC ROOT"] = "\x30\x82\x03\x55\x30\x82\x02\x3d\xa0\x03\x02\x01\x02\x02\x04\x49\x33\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x32\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4e\x31\x0e\x30\x0c\x06\x03\x55\x04\x0a\x13\x05\x43\x4e\x4e\x49\x43\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0a\x43\x4e\x4e\x49\x43\x20\x52\x4f\x4f\x54\x30\x1e\x17\x0d\x30\x37\x30\x34\x31\x36\x30\x37\x30\x39\x31\x34\x5a\x17\x0d\x32\x37\x30\x34\x31\x36\x30\x37\x30\x39\x31\x34\x5a\x30\x32\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4e\x31\x0e\x30\x0c\x06\x03\x55\x04\x0a\x13\x05\x43\x4e\x4e\x49\x43\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0a\x43\x4e\x4e\x49\x43\x20\x52\x4f\x4f\x54\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xd3\x35\xf7\x3f\x73\x77\xad\xe8\x5b\x73\x17\xc2\xd1\x6f\xed\x55\xbc\x6e\xea\xe8\xa4\x79\xb2\x6c\xc3\xa3\xef\xe1\x9f\xb1\x3b\x48\x85\xf5\x9a\x5c\x21\x22\x10\x2c\xc5\x82\xce\xda\xe3\x9a\x6e\x37\xe1\x87\x2c\xdc\xb9\x0c\x5a\xba\x88\x55\xdf\xfd\xaa\xdb\x1f\x31\xea\x01\xf1\xdf\x39\x01\xc1\x13\xfd\x48\x52\x21\xc4\x55\xdf\xda\xd8\xb3\x54\x76\xba\x74\xb1\xb7\x7d\xd7\xc0\xe8\xf6\x59\xc5\x4d\xc8\xbd\xad\x1f\x14\xda\xdf\x58\x44\x25\x32\x19\x2a\xc7\x7e\x7e\x8e\xae\x38\xb0\x30\x7b\x47\x72\x09\x31\xf0\x30\xdb\xc3\x1b\x76\x29\xbb\x69\x76\x4e\x57\xf9\x1b\x64\xa2\x93\x56\xb7\x6f\x99\x6e\xdb\x0a\x04\x9c\x11\xe3\x80\x1f\xcb\x63\x94\x10\x0a\xa9\xe1\x64\x82\x31\xf9\x8c\x27\xed\xa6\x99\x00\xf6\x70\x93\x18\xf8\xa1\x34\x86\xa3\xdd\x7a\xc2\x18\x79\xf6\x7a\x65\x35\xcf\x90\xeb\xbd\x33\x93\x9f\x53\xab\x73\x3b\xe6\x9b\x34\x20\x2f\x1d\xef\xa9\x1d\x63\x1a\xa0\x80\xdb\x03\x2f\xf9\x26\x1a\x86\xd2\x8d\xbb\xa9\xbe\x52\x3a\x87\x67\x48\x0d\xbf\xb4\xa0\xd8\x26\xbe\x23\x5f\x73\x37\x7f\x26\xe6\x92\x04\xa3\x7f\xcf\x20\xa7\xb7\xf3\x3a\xca\xcb\x99\xcb\x02\x03\x01\x00\x01\xa3\x73\x30\x71\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x65\xf2\x31\xad\x2a\xf7\xf7\xdd\x52\x96\x0a\xc7\x02\xc1\x0e\xef\xa6\xd5\x3b\x11\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\xfe\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x65\xf2\x31\xad\x2a\xf7\xf7\xdd\x52\x96\x0a\xc7\x02\xc1\x0e\xef\xa6\xd5\x3b\x11\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4b\x35\xee\xcc\xe4\xae\xbf\xc3\x6e\xad\x9f\x95\x3b\x4b\x3f\x5b\x1e\xdf\x57\x29\xa2\x59\xca\x38\xe2\xb9\x1a\xff\x9e\xe6\x6e\x32\xdd\x1e\xae\xea\x35\xb7\xf5\x93\x91\x4e\xda\x42\xe1\xc3\x17\x60\x50\xf2\xd1\x5c\x26\xb9\x82\xb7\xea\x6d\xe4\x9c\x84\xe7\x03\x79\x17\xaf\x98\x3d\x94\xdb\xc7\xba\x00\xe7\xb8\xbf\x01\x57\xc1\x77\x45\x32\x0c\x3b\xf1\xb4\x1c\x08\xb0\xfd\x51\xa0\xa1\xdd\x9a\x1d\x13\x36\x9a\x6d\xb7\xc7\x3c\xb9\xe1\xc5\xd9\x17\xfa\x83\xd5\x3d\x15\xa0\x3c\xbb\x1e\x0b\xe2\xc8\x90\x3f\xa8\x86\x0c\xfc\xf9\x8b\x5e\x85\xcb\x4f\x5b\x4b\x62\x11\x47\xc5\x45\x7c\x05\x2f\x41\xb1\x9e\x10\x69\x1b\x99\x96\xe0\x55\x79\xfb\x4e\x86\x99\xb8\x94\xda\x86\x38\x6a\x93\xa3\xe7\xcb\x6e\xe5\xdf\xea\x21\x55\x89\x9c\x7d\x7d\x7f\x98\xf5\x00\x89\xee\xe3\x84\xc0\x5c\x96\xb5\xc5\x46\xea\x46\xe0\x85\x55\xb6\x1b\xc9\x12\xd6\xc1\xcd\xcd\x80\xf3\x02\x01\x3c\xc8\x69\xcb\x45\x48\x63\xd8\x94\xd0\xec\x85\x0e\x3b\x4e\x11\x65\xf4\x82\x8c\xa6\x3d\xae\x2e\x22\x94\x09\xc8\x5c\xea\x3c\x81\x5d\x16\x2a\x03\x97\x16\x55\x09\xdb\x8a\x41\x82\x9e\x66\x9b\x11", + ["ApplicationCA - Japanese Government"] = "\x30\x82\x03\xa0\x30\x82\x02\x88\xa0\x03\x02\x01\x02\x02\x01\x31\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x43\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x4a\x61\x70\x61\x6e\x65\x73\x65\x20\x47\x6f\x76\x65\x72\x6e\x6d\x65\x6e\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0b\x13\x0d\x41\x70\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x43\x41\x30\x1e\x17\x0d\x30\x37\x31\x32\x31\x32\x31\x35\x30\x30\x30\x30\x5a\x17\x0d\x31\x37\x31\x32\x31\x32\x31\x35\x30\x30\x30\x30\x5a\x30\x43\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x4a\x61\x70\x61\x6e\x65\x73\x65\x20\x47\x6f\x76\x65\x72\x6e\x6d\x65\x6e\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0b\x13\x0d\x41\x70\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa7\x6d\xe0\x74\x4e\x87\x8f\xa5\x06\xde\x68\xa2\xdb\x86\x99\x4b\x64\x0d\x71\xf0\x0a\x05\x9b\x8e\xaa\xe1\xcc\x2e\xd2\x6a\x3b\xc1\x7a\xb4\x97\x61\x8d\x8a\xbe\xc6\x9a\x9c\x06\xb4\x86\x51\xe4\x37\x0e\x74\x78\x7e\x5f\x8a\x7f\x94\xa4\xd7\x47\x08\xfd\x50\x5a\x56\xe4\x68\xac\x28\x73\xa0\x7b\xe9\x7f\x18\x92\x40\x4f\x2d\x9d\xf5\xae\x44\x48\x73\x36\x06\x9e\x64\x2c\x3b\x34\x23\xdb\x5c\x26\xe4\x71\x79\x8f\xd4\x6e\x79\x22\xb9\x93\xc1\xca\xcd\xc1\x56\xed\x88\x6a\xd7\xa0\x39\x21\x04\x57\x2c\xa2\xf5\xbc\x47\x41\x4f\x5e\x34\x22\x95\xb5\x1f\x29\x6d\x5e\x4a\xf3\x4d\x72\xbe\x41\x56\x20\x87\xfc\xe9\x50\x47\xd7\x30\x14\xee\x5c\x8c\x55\xba\x59\x8d\x87\xfc\x23\xde\x93\xd0\x04\x8c\xfd\xef\x6d\xbd\xd0\x7a\xc9\xa5\x3a\x6a\x72\x33\xc6\x4a\x0d\x05\x17\x2a\x2d\x7b\xb1\xa7\xd8\xd6\xf0\xbe\xf4\x3f\xea\x0e\x28\x6d\x41\x61\x23\x76\x78\xc3\xb8\x65\xa4\xf3\x5a\xae\xcc\xc2\xaa\xd9\xe7\x58\xde\xb6\x7e\x9d\x85\x6e\x9f\x2a\x0a\x6f\x9f\x03\x29\x30\x97\x28\x1d\xbc\xb7\xcf\x54\x29\x4e\x51\x31\xf9\x27\xb6\x28\x26\xfe\xa2\x63\xe6\x41\x16\xf0\x33\x98\x47\x02\x03\x01\x00\x01\xa3\x81\x9e\x30\x81\x9b\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x54\x5a\xcb\x26\x3f\x71\xcc\x94\x46\x0d\x96\x53\xea\x6b\x48\xd0\x93\xfe\x42\x75\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x59\x06\x03\x55\x1d\x11\x04\x52\x30\x50\xa4\x4e\x30\x4c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x18\x30\x16\x06\x03\x55\x04\x0a\x0c\x0f\xe6\x97\xa5\xe6\x9c\xac\xe5\x9b\xbd\xe6\x94\xbf\xe5\xba\x9c\x31\x23\x30\x21\x06\x03\x55\x04\x0b\x0c\x1a\xe3\x82\xa2\xe3\x83\x97\xe3\x83\xaa\xe3\x82\xb1\xe3\x83\xbc\xe3\x82\xb7\xe3\x83\xa7\xe3\x83\xb3\x43\x41\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x39\x6a\x44\x76\x77\x38\x3a\xec\xa3\x67\x46\x0f\xf9\x8b\x06\xa8\xfb\x6a\x90\x31\xce\x7e\xec\xda\xd1\x89\x7c\x7a\xeb\x2e\x0c\xbd\x99\x32\xe7\xb0\x24\xd6\xc3\xff\xf5\xb2\x88\x09\x87\x2c\xe3\x54\xe1\xa3\xa6\xb2\x08\x0b\xc0\x85\xa8\xc8\xd2\x9c\x71\xf6\x1d\x9f\x60\xfc\x38\x33\x13\xe1\x9e\xdc\x0b\x5f\xda\x16\x50\x29\x7b\x2f\x70\x91\x0f\x99\xba\x34\x34\x8d\x95\x74\xc5\x7e\x78\xa9\x66\x5d\xbd\xca\x21\x77\x42\x10\xac\x66\x26\x3d\xde\x91\xab\xfd\x15\xf0\x6f\xed\x6c\x5f\x10\xf8\xf3\x16\xf6\x03\x8a\x8f\xa7\x12\x11\x0c\xcb\xfd\x3f\x79\xc1\x9c\xfd\x62\xee\xa3\xcf\x54\x0c\xd1\x2b\x5f\x17\x3e\xe3\x3e\xbf\xc0\x2b\x3e\x09\x9b\xfe\x88\xa6\x7e\xb4\x92\x17\xfc\x23\x94\x81\xbd\x6e\xa7\xc5\x8c\xc2\xeb\x11\x45\xdb\xf8\x41\xc9\x96\x76\xea\x70\x5f\x79\x12\x6b\xe4\xa3\x07\x5a\x05\xef\x27\x49\xcf\x21\x9f\x8a\x4c\x09\x70\x66\xa9\x26\xc1\x2b\x11\x4e\x33\xd2\x0e\xfc\xd6\x6c\xd2\x0e\x32\x64\x68\xff\xad\x05\x78\x5f\x03\x1d\xa8\xe3\x90\xac\x24\xe0\x0f\x40\xa7\x4b\xae\x8b\x28\xb7\x82\xca\x18\x07\xe6\xb7\x5b\x74\xe9\x20\x19\x7f\xb2\x1b\x89\x54", + ["GeoTrust Primary Certification Authority - G3"] = "\x30\x82\x03\xfe\x30\x82\x02\xe6\xa0\x03\x02\x01\x02\x02\x10\x15\xac\x6e\x94\x19\xb2\x79\x4b\x41\xf6\x27\xa9\xc3\x18\x0f\x1f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x81\x98\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x39\x30\x37\x06\x03\x55\x04\x0b\x13\x30\x28\x63\x29\x20\x32\x30\x30\x38\x20\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x33\x30\x1e\x17\x0d\x30\x38\x30\x34\x30\x32\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x37\x31\x32\x30\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\x98\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x39\x30\x37\x06\x03\x55\x04\x0b\x13\x30\x28\x63\x29\x20\x32\x30\x30\x38\x20\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x33\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xdc\xe2\x5e\x62\x58\x1d\x33\x57\x39\x32\x33\xfa\xeb\xcb\x87\x8c\xa7\xd4\x4a\xdd\x06\x88\xea\x64\x8e\x31\x98\xa5\x38\x90\x1e\x98\xcf\x2e\x63\x2b\xf0\x46\xbc\x44\xb2\x89\xa1\xc0\x28\x0c\x49\x70\x21\x95\x9f\x64\xc0\xa6\x93\x12\x02\x65\x26\x86\xc6\xa5\x89\xf0\xfa\xd7\x84\xa0\x70\xaf\x4f\x1a\x97\x3f\x06\x44\xd5\xc9\xeb\x72\x10\x7d\xe4\x31\x28\xfb\x1c\x61\xe6\x28\x07\x44\x73\x92\x22\x69\xa7\x03\x88\x6c\x9d\x63\xc8\x52\xda\x98\x27\xe7\x08\x4c\x70\x3e\xb4\xc9\x12\xc1\xc5\x67\x83\x5d\x33\xf3\x03\x11\xec\x6a\xd0\x53\xe2\xd1\xba\x36\x60\x94\x80\xbb\x61\x63\x6c\x5b\x17\x7e\xdf\x40\x94\x1e\xab\x0d\xc2\x21\x28\x70\x88\xff\xd6\x26\x6c\x6c\x60\x04\x25\x4e\x55\x7e\x7d\xef\xbf\x94\x48\xde\xb7\x1d\xdd\x70\x8d\x05\x5f\x88\xa5\x9b\xf2\xc2\xee\xea\xd1\x40\x41\x6d\x62\x38\x1d\x56\x06\xc5\x03\x47\x51\x20\x19\xfc\x7b\x10\x0b\x0e\x62\xae\x76\x55\xbf\x5f\x77\xbe\x3e\x49\x01\x53\x3d\x98\x25\x03\x76\x24\x5a\x1d\xb4\xdb\x89\xea\x79\xe5\xb6\xb3\x3b\x3f\xba\x4c\x28\x41\x7f\x06\xac\x6a\x8e\xc1\xd0\xf6\x05\x1d\x7d\xe6\x42\x86\xe3\xa5\xd5\x47\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xc4\x79\xca\x8e\xa1\x4e\x03\x1d\x1c\xdc\x6b\xdb\x31\x5b\x94\x3e\x3f\x30\x7f\x2d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x2d\xc5\x13\xcf\x56\x80\x7b\x7a\x78\xbd\x9f\xae\x2c\x99\xe7\xef\xda\xdf\x94\x5e\x09\x69\xa7\xe7\x6e\x68\x8c\xbd\x72\xbe\x47\xa9\x0e\x97\x12\xb8\x4a\xf1\x64\xd3\x39\xdf\x25\x34\xd4\xc1\xcd\x4e\x81\xf0\x0f\x04\xc4\x24\xb3\x34\x96\xc6\xa6\xaa\x30\xdf\x68\x61\x73\xd7\xf9\x8e\x85\x89\xef\x0e\x5e\x95\x28\x4a\x2a\x27\x8f\x10\x8e\x2e\x7c\x86\xc4\x02\x9e\xda\x0c\x77\x65\x0e\x44\x0d\x92\xfd\xfd\xb3\x16\x36\xfa\x11\x0d\x1d\x8c\x0e\x07\x89\x6a\x29\x56\xf7\x72\xf4\xdd\x15\x9c\x77\x35\x66\x57\xab\x13\x53\xd8\x8e\xc1\x40\xc5\xd7\x13\x16\x5a\x72\xc7\xb7\x69\x01\xc4\x7a\xb1\x83\x01\x68\x7d\x8d\x41\xa1\x94\x18\xc1\x25\x5c\xfc\xf0\xfe\x83\x02\x87\x7c\x0d\x0d\xcf\x2e\x08\x5c\x4a\x40\x0d\x3e\xec\x81\x61\xe6\x24\xdb\xca\xe0\x0e\x2d\x07\xb2\x3e\x56\xdc\x8d\xf5\x41\x85\x07\x48\x9b\x0c\x0b\xcb\x49\x3f\x7d\xec\xb7\xfd\xcb\x8d\x67\x89\x1a\xab\xed\xbb\x1e\xa3\x00\x08\x08\x17\x2a\x82\x5c\x31\x5d\x46\x8a\x2d\x0f\x86\x9b\x74\xd9\x45\xfb\xd4\x40\xb1\x7a\xaa\x68\x2d\x86\xb2\x99\x22\xe1\xc1\x2b\xc7\x9c\xf8\xf3\x5f\xa8\x82\x12\xeb\x19\x11\x2d", + ["thawte Primary Root CA - G2"] = "\x30\x82\x02\x88\x30\x82\x02\x0d\xa0\x03\x02\x01\x02\x02\x10\x35\xfc\x26\x5c\xd9\x84\x4f\xc9\x3d\x26\x3d\x57\x9b\xae\xd7\x56\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x30\x81\x84\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x31\x38\x30\x36\x06\x03\x55\x04\x0b\x13\x2f\x28\x63\x29\x20\x32\x30\x30\x37\x20\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1b\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x1e\x17\x0d\x30\x37\x31\x31\x30\x35\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5a\x30\x81\x84\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x31\x38\x30\x36\x06\x03\x55\x04\x0b\x13\x2f\x28\x63\x29\x20\x32\x30\x30\x37\x20\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1b\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x76\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04\x00\x22\x03\x62\x00\x04\xa2\xd5\x9c\x82\x7b\x95\x9d\xf1\x52\x78\x87\xfe\x8a\x16\xbf\x05\xe6\xdf\xa3\x02\x4f\x0d\x07\xc6\x00\x51\xba\x0c\x02\x52\x2d\x22\xa4\x42\x39\xc4\xfe\x8f\xea\xc9\xc1\xbe\xd4\x4d\xff\x9f\x7a\x9e\xe2\xb1\x7c\x9a\xad\xa7\x86\x09\x73\x87\xd1\xe7\x9a\xe3\x7a\xa5\xaa\x6e\xfb\xba\xb3\x70\xc0\x67\x88\xa2\x35\xd4\xa3\x9a\xb1\xfd\xad\xc2\xef\x31\xfa\xa8\xb9\xf3\xfb\x08\xc6\x91\xd1\xfb\x29\x95\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x9a\xd8\x00\x30\x00\xe7\x6b\x7f\x85\x18\xee\x8b\xb6\xce\x8a\x0c\xf8\x11\xe1\xbb\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x03\x69\x00\x30\x66\x02\x31\x00\xdd\xf8\xe0\x57\x47\x5b\xa7\xe6\x0a\xc3\xbd\xf5\x80\x8a\x97\x35\x0d\x1b\x89\x3c\x54\x86\x77\x28\xca\xa1\xf4\x79\xde\xb5\xe6\x38\xb0\xf0\x65\x70\x8c\x7f\x02\x54\xc2\xbf\xff\xd8\xa1\x3e\xd9\xcf\x02\x31\x00\xc4\x8d\x94\xfc\xdc\x53\xd2\xdc\x9d\x78\x16\x1f\x15\x33\x23\x53\x52\xe3\x5a\x31\x5d\x9d\xca\xae\xbd\x13\x29\x44\x0d\x27\x5b\xa8\xe7\x68\x9c\x12\xf7\x58\x3f\x2e\x72\x02\x57\xa3\x8f\xa1\x14\x2e", + ["thawte Primary Root CA - G3"] = "\x30\x82\x04\x2a\x30\x82\x03\x12\xa0\x03\x02\x01\x02\x02\x10\x60\x01\x97\xb7\x46\xa7\xea\xb4\xb4\x9a\xd6\x4b\x2f\xf7\x90\xfb\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x81\xae\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x38\x30\x36\x06\x03\x55\x04\x0b\x13\x2f\x28\x63\x29\x20\x32\x30\x30\x38\x20\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1b\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x47\x33\x30\x1e\x17\x0d\x30\x38\x30\x34\x30\x32\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x37\x31\x32\x30\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xae\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x38\x30\x36\x06\x03\x55\x04\x0b\x13\x2f\x28\x63\x29\x20\x32\x30\x30\x38\x20\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1b\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x47\x33\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb2\xbf\x27\x2c\xfb\xdb\xd8\x5b\xdd\x78\x7b\x1b\x9e\x77\x66\x81\xcb\x3e\xbc\x7c\xae\xf3\xa6\x27\x9a\x34\xa3\x68\x31\x71\x38\x33\x62\xe4\xf3\x71\x66\x79\xb1\xa9\x65\xa3\xa5\x8b\xd5\x8f\x60\x2d\x3f\x42\xcc\xaa\x6b\x32\xc0\x23\xcb\x2c\x41\xdd\xe4\xdf\xfc\x61\x9c\xe2\x73\xb2\x22\x95\x11\x43\x18\x5f\xc4\xb6\x1f\x57\x6c\x0a\x05\x58\x22\xc8\x36\x4c\x3a\x7c\xa5\xd1\xcf\x86\xaf\x88\xa7\x44\x02\x13\x74\x71\x73\x0a\x42\x59\x02\xf8\x1b\x14\x6b\x42\xdf\x6f\x5f\xba\x6b\x82\xa2\x9d\x5b\xe7\x4a\xbd\x1e\x01\x72\xdb\x4b\x74\xe8\x3b\x7f\x7f\x7d\x1f\x04\xb4\x26\x9b\xe0\xb4\x5a\xac\x47\x3d\x55\xb8\xd7\xb0\x26\x52\x28\x01\x31\x40\x66\xd8\xd9\x24\xbd\xf6\x2a\xd8\xec\x21\x49\x5c\x9b\xf6\x7a\xe9\x7f\x55\x35\x7e\x96\x6b\x8d\x93\x93\x27\xcb\x92\xbb\xea\xac\x40\xc0\x9f\xc2\xf8\x80\xcf\x5d\xf4\x5a\xdc\xce\x74\x86\xa6\x3e\x6c\x0b\x53\xca\xbd\x92\xce\x19\x06\x72\xe6\x0c\x5c\x38\x69\xc7\x04\xd6\xbc\x6c\xce\x5b\xf6\xf7\x68\x9c\xdc\x25\x15\x48\x88\xa1\xe9\xa9\xf8\x98\x9c\xe0\xf3\xd5\x31\x28\x61\x11\x6c\x67\x96\x8d\x39\x99\xcb\xc2\x45\x24\x39\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xad\x6c\xaa\x94\x60\x9c\xed\xe4\xff\xfa\x3e\x0a\x74\x2b\x63\x03\xf7\xb6\x59\xbf\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x1a\x40\xd8\x95\x65\xac\x09\x92\x89\xc6\x39\xf4\x10\xe5\xa9\x0e\x66\x53\x5d\x78\xde\xfa\x24\x91\xbb\xe7\x44\x51\xdf\xc6\x16\x34\x0a\xef\x6a\x44\x51\xea\x2b\x07\x8a\x03\x7a\xc3\xeb\x3f\x0a\x2c\x52\x16\xa0\x2b\x43\xb9\x25\x90\x3f\x70\xa9\x33\x25\x6d\x45\x1a\x28\x3b\x27\xcf\xaa\xc3\x29\x42\x1b\xdf\x3b\x4c\xc0\x33\x34\x5b\x41\x88\xbf\x6b\x2b\x65\xaf\x28\xef\xb2\xf5\xc3\xaa\x66\xce\x7b\x56\xee\xb7\xc8\xcb\x67\xc1\xc9\x9c\x1a\x18\xb8\xc4\xc3\x49\x03\xf1\x60\x0e\x50\xcd\x46\xc5\xf3\x77\x79\xf7\xb6\x15\xe0\x38\xdb\xc7\x2f\x28\xa0\x0c\x3f\x77\x26\x74\xd9\x25\x12\xda\x31\xda\x1a\x1e\xdc\x29\x41\x91\x22\x3c\x69\xa7\xbb\x02\xf2\xb6\x5c\x27\x03\x89\xf4\x06\xea\x9b\xe4\x72\x82\xe3\xa1\x09\xc1\xe9\x00\x19\xd3\x3e\xd4\x70\x6b\xba\x71\xa6\xaa\x58\xae\xf4\xbb\xe9\x6c\xb6\xef\x87\xcc\x9b\xbb\xff\x39\xe6\x56\x61\xd3\x0a\xa7\xc4\x5c\x4c\x60\x7b\x05\x77\x26\x7a\xbf\xd8\x07\x52\x2c\x62\xf7\x70\x63\xd9\x39\xbc\x6f\x1c\xc2\x79\xdc\x76\x29\xaf\xce\xc5\x2c\x64\x04\x5e\x88\x36\x6e\x31\xd4\x40\x1a\x62\x34\x36\x3f\x35\x01\xae\xac\x63\xa0", + ["GeoTrust Primary Certification Authority - G2"] = "\x30\x82\x02\xae\x30\x82\x02\x35\xa0\x03\x02\x01\x02\x02\x10\x3c\xb2\xf4\x48\x0a\x00\xe2\xfe\xeb\x24\x3b\x5e\x60\x3e\xc3\x6b\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x30\x81\x98\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x39\x30\x37\x06\x03\x55\x04\x0b\x13\x30\x28\x63\x29\x20\x32\x30\x30\x37\x20\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x32\x30\x1e\x17\x0d\x30\x37\x31\x31\x30\x35\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5a\x30\x81\x98\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x39\x30\x37\x06\x03\x55\x04\x0b\x13\x30\x28\x63\x29\x20\x32\x30\x30\x37\x20\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x32\x30\x76\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04\x00\x22\x03\x62\x00\x04\x15\xb1\xe8\xfd\x03\x15\x43\xe5\xac\xeb\x87\x37\x11\x62\xef\xd2\x83\x36\x52\x7d\x45\x57\x0b\x4a\x8d\x7b\x54\x3b\x3a\x6e\x5f\x15\x02\xc0\x50\xa6\xcf\x25\x2f\x7d\xca\x48\xb8\xc7\x50\x63\x1c\x2a\x21\x08\x7c\x9a\x36\xd8\x0b\xfe\xd1\x26\xc5\x58\x31\x30\x28\x25\xf3\x5d\x5d\xa3\xb8\xb6\xa5\xb4\x92\xed\x6c\x2c\x9f\xeb\xdd\x43\x89\xa2\x3c\x4b\x48\x91\x1d\x50\xec\x26\xdf\xd6\x60\x2e\xbd\x21\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x15\x5f\x35\x57\x51\x55\xfb\x25\xb2\xad\x03\x69\xfc\x01\xa3\xfa\xbe\x11\x55\xd5\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x03\x67\x00\x30\x64\x02\x30\x64\x96\x59\xa6\xe8\x09\xde\x8b\xba\xfa\x5a\x88\x88\xf0\x1f\x91\xd3\x46\xa8\xf2\x4a\x4c\x02\x63\xfb\x6c\x5f\x38\xdb\x2e\x41\x93\xa9\x0e\xe6\x9d\xdc\x31\x1c\xb2\xa0\xa7\x18\x1c\x79\xe1\xc7\x36\x02\x30\x3a\x56\xaf\x9a\x74\x6c\xf6\xfb\x83\xe0\x33\xd3\x08\x5f\xa1\x9c\xc2\x5b\x9f\x46\xd6\xb6\xcb\x91\x06\x63\xa2\x06\xe7\x33\xac\x3e\xa8\x81\x12\xd0\xcb\xba\xd0\x92\x0b\xb6\x9e\x96\xaa\x04\x0f\x8a", + ["VeriSign Universal Root Certification Authority"] = "\x30\x82\x04\xb9\x30\x82\x03\xa1\xa0\x03\x02\x01\x02\x02\x10\x40\x1a\xc4\x64\x21\xb3\x13\x21\x03\x0e\xbb\xe4\x12\x1a\xc5\x1d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x81\xbd\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x32\x30\x30\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x38\x30\x36\x06\x03\x55\x04\x03\x13\x2f\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x38\x30\x34\x30\x32\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x37\x31\x32\x30\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xbd\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x32\x30\x30\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x38\x30\x36\x06\x03\x55\x04\x03\x13\x2f\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc7\x61\x37\x5e\xb1\x01\x34\xdb\x62\xd7\x15\x9b\xff\x58\x5a\x8c\x23\x23\xd6\x60\x8e\x91\xd7\x90\x98\x83\x7a\xe6\x58\x19\x38\x8c\xc5\xf6\xe5\x64\x85\xb4\xa2\x71\xfb\xed\xbd\xb9\xda\xcd\x4d\x00\xb4\xc8\x2d\x73\xa5\xc7\x69\x71\x95\x1f\x39\x3c\xb2\x44\x07\x9c\xe8\x0e\xfa\x4d\x4a\xc4\x21\xdf\x29\x61\x8f\x32\x22\x61\x82\xc5\x87\x1f\x6e\x8c\x7c\x5f\x16\x20\x51\x44\xd1\x70\x4f\x57\xea\xe3\x1c\xe3\xcc\x79\xee\x58\xd8\x0e\xc2\xb3\x45\x93\xc0\x2c\xe7\x9a\x17\x2b\x7b\x00\x37\x7a\x41\x33\x78\xe1\x33\xe2\xf3\x10\x1a\x7f\x87\x2c\xbe\xf6\xf5\xf7\x42\xe2\xe5\xbf\x87\x62\x89\x5f\x00\x4b\xdf\xc5\xdd\xe4\x75\x44\x32\x41\x3a\x1e\x71\x6e\x69\xcb\x0b\x75\x46\x08\xd1\xca\xd2\x2b\x95\xd0\xcf\xfb\xb9\x40\x6b\x64\x8c\x57\x4d\xfc\x13\x11\x79\x84\xed\x5e\x54\xf6\x34\x9f\x08\x01\xf3\x10\x25\x06\x17\x4a\xda\xf1\x1d\x7a\x66\x6b\x98\x60\x66\xa4\xd9\xef\xd2\x2e\x82\xf1\xf0\xef\x09\xea\x44\xc9\x15\x6a\xe2\x03\x6e\x33\xd3\xac\x9f\x55\x00\xc7\xf6\x08\x6a\x94\xb9\x5f\xdc\xe0\x33\xf1\x84\x60\xf9\x5b\x27\x11\xb4\xfc\x16\xf2\xbb\x56\x6a\x80\x25\x8d\x02\x03\x01\x00\x01\xa3\x81\xb2\x30\x81\xaf\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x6d\x06\x08\x2b\x06\x01\x05\x05\x07\x01\x0c\x04\x61\x30\x5f\xa1\x5d\xa0\x5b\x30\x59\x30\x57\x30\x55\x16\x09\x69\x6d\x61\x67\x65\x2f\x67\x69\x66\x30\x21\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14\x8f\xe5\xd3\x1a\x86\xac\x8d\x8e\x6b\xc3\xcf\x80\x6a\xd4\x48\x18\x2c\x7b\x19\x2e\x30\x25\x16\x23\x68\x74\x74\x70\x3a\x2f\x2f\x6c\x6f\x67\x6f\x2e\x76\x65\x72\x69\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x76\x73\x6c\x6f\x67\x6f\x2e\x67\x69\x66\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xb6\x77\xfa\x69\x48\x47\x9f\x53\x12\xd5\xc2\xea\x07\x32\x76\x07\xd1\x97\x07\x19\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x4a\xf8\xf8\xb0\x03\xe6\x2c\x67\x7b\xe4\x94\x77\x63\xcc\x6e\x4c\xf9\x7d\x0e\x0d\xdc\xc8\xb9\x35\xb9\x70\x4f\x63\xfa\x24\xfa\x6c\x83\x8c\x47\x9d\x3b\x63\xf3\x9a\xf9\x76\x32\x95\x91\xb1\x77\xbc\xac\x9a\xbe\xb1\xe4\x31\x21\xc6\x81\x95\x56\x5a\x0e\xb1\xc2\xd4\xb1\xa6\x59\xac\xf1\x63\xcb\xb8\x4c\x1d\x59\x90\x4a\xef\x90\x16\x28\x1f\x5a\xae\x10\xfb\x81\x50\x38\x0c\x6c\xcc\xf1\x3d\xc3\xf5\x63\xe3\xb3\xe3\x21\xc9\x24\x39\xe9\xfd\x15\x66\x46\xf4\x1b\x11\xd0\x4d\x73\xa3\x7d\x46\xf9\x3d\xed\xa8\x5f\x62\xd4\xf1\x3f\xf8\xe0\x74\x57\x2b\x18\x9d\x81\xb4\xc4\x28\xda\x94\x97\xa5\x70\xeb\xac\x1d\xbe\x07\x11\xf0\xd5\xdb\xdd\xe5\x8c\xf0\xd5\x32\xb0\x83\xe6\x57\xe2\x8f\xbf\xbe\xa1\xaa\xbf\x3d\x1d\xb5\xd4\x38\xea\xd7\xb0\x5c\x3a\x4f\x6a\x3f\x8f\xc0\x66\x6c\x63\xaa\xe9\xd9\xa4\x16\xf4\x81\xd1\x95\x14\x0e\x7d\xcd\x95\x34\xd9\xd2\x8f\x70\x73\x81\x7b\x9c\x7e\xbd\x98\x61\xd8\x45\x87\x98\x90\xc5\xeb\x86\x30\xc6\x35\xbf\xf0\xff\xc3\x55\x88\x83\x4b\xef\x05\x92\x06\x71\xf2\xb8\x98\x93\xb7\xec\xcd\x82\x61\xf1\x38\xe6\x4f\x97\x98\x2a\x5a\x8d", + ["VeriSign Class 3 Public Primary Certification Authority - G4"] = "\x30\x82\x03\x84\x30\x82\x03\x0a\xa0\x03\x02\x01\x02\x02\x10\x2f\x80\xfe\x23\x8c\x0e\x22\x0f\x48\x67\x12\x28\x91\x87\xac\xb3\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x32\x30\x30\x37\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x34\x30\x1e\x17\x0d\x30\x37\x31\x31\x30\x35\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x32\x30\x30\x37\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x34\x30\x76\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04\x00\x22\x03\x62\x00\x04\xa7\x56\x7a\x7c\x52\xda\x64\x9b\x0e\x2d\x5c\xd8\x5e\xac\x92\x3d\xfe\x01\xe6\x19\x4a\x3d\x14\x03\x4b\xfa\x60\x27\x20\xd9\x83\x89\x69\xfa\x54\xc6\x9a\x18\x5e\x55\x2a\x64\xde\x06\xf6\x8d\x4a\x3b\xad\x10\x3c\x65\x3d\x90\x88\x04\x89\xe0\x30\x61\xb3\xae\x5d\x01\xa7\x7b\xde\x7c\xb2\xbe\xca\x65\x61\x00\x86\xae\xda\x8f\x7b\xd0\x89\xad\x4d\x1d\x59\x9a\x41\xb1\xbc\x47\x80\xdc\x9e\x62\xc3\xf9\xa3\x81\xb2\x30\x81\xaf\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x6d\x06\x08\x2b\x06\x01\x05\x05\x07\x01\x0c\x04\x61\x30\x5f\xa1\x5d\xa0\x5b\x30\x59\x30\x57\x30\x55\x16\x09\x69\x6d\x61\x67\x65\x2f\x67\x69\x66\x30\x21\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14\x8f\xe5\xd3\x1a\x86\xac\x8d\x8e\x6b\xc3\xcf\x80\x6a\xd4\x48\x18\x2c\x7b\x19\x2e\x30\x25\x16\x23\x68\x74\x74\x70\x3a\x2f\x2f\x6c\x6f\x67\x6f\x2e\x76\x65\x72\x69\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x76\x73\x6c\x6f\x67\x6f\x2e\x67\x69\x66\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xb3\x16\x91\xfd\xee\xa6\x6e\xe4\xb5\x2e\x49\x8f\x87\x78\x81\x80\xec\xe5\xb1\xb5\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x03\x68\x00\x30\x65\x02\x30\x66\x21\x0c\x18\x26\x60\x5a\x38\x7b\x56\x42\xe0\xa7\xfc\x36\x84\x51\x91\x20\x2c\x76\x4d\x43\x3d\xc4\x1d\x84\x23\xd0\xac\xd6\x7c\x35\x06\xce\xcd\x69\xbd\x90\x0d\xdb\x6c\x48\x42\x1d\x0e\xaa\x42\x02\x31\x00\x9c\x3d\x48\x39\x23\x39\x58\x1a\x15\x12\x59\x6a\x9e\xef\xd5\x59\xb2\x1d\x52\x2c\x99\x71\xcd\xc7\x29\xdf\x1b\x2a\x61\x7b\x71\xd1\xde\xf3\xc0\xe5\x0d\x3a\x4a\xaa\x2d\xa7\xd8\x86\x2a\xdd\x2e\x10", + ["NetLock Arany (Class Gold) FÅ‘tanúsítvány"] = "\x30\x82\x04\x15\x30\x82\x02\xfd\xa0\x03\x02\x01\x02\x02\x06\x49\x41\x2c\xe4\x00\x10\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x81\xa7\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x0c\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x0c\x0c\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x0b\x0c\x2e\x54\x61\x6e\xc3\xba\x73\xc3\xad\x74\x76\xc3\xa1\x6e\x79\x6b\x69\x61\x64\xc3\xb3\x6b\x20\x28\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x29\x31\x35\x30\x33\x06\x03\x55\x04\x03\x0c\x2c\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x41\x72\x61\x6e\x79\x20\x28\x43\x6c\x61\x73\x73\x20\x47\x6f\x6c\x64\x29\x20\x46\xc5\x91\x74\x61\x6e\xc3\xba\x73\xc3\xad\x74\x76\xc3\xa1\x6e\x79\x30\x1e\x17\x0d\x30\x38\x31\x32\x31\x31\x31\x35\x30\x38\x32\x31\x5a\x17\x0d\x32\x38\x31\x32\x30\x36\x31\x35\x30\x38\x32\x31\x5a\x30\x81\xa7\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x0c\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x0c\x0c\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x0b\x0c\x2e\x54\x61\x6e\xc3\xba\x73\xc3\xad\x74\x76\xc3\xa1\x6e\x79\x6b\x69\x61\x64\xc3\xb3\x6b\x20\x28\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x29\x31\x35\x30\x33\x06\x03\x55\x04\x03\x0c\x2c\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x41\x72\x61\x6e\x79\x20\x28\x43\x6c\x61\x73\x73\x20\x47\x6f\x6c\x64\x29\x20\x46\xc5\x91\x74\x61\x6e\xc3\xba\x73\xc3\xad\x74\x76\xc3\xa1\x6e\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc4\x24\x5e\x73\xbe\x4b\x6d\x14\xc3\xa1\xf4\xe3\x97\x90\x6e\xd2\x30\x45\x1e\x3c\xee\x67\xd9\x64\xe0\x1a\x8a\x7f\xca\x30\xca\x83\xe3\x20\xc1\xe3\xf4\x3a\xd3\x94\x5f\x1a\x7c\x5b\x6d\xbf\x30\x4f\x84\x27\xf6\x9f\x1f\x49\xbc\xc6\x99\x0a\x90\xf2\x0f\xf5\x7f\x43\x84\x37\x63\x51\x8b\x7a\xa5\x70\xfc\x7a\x58\xcd\x8e\x9b\xed\xc3\x46\x6c\x84\x70\x5d\xda\xf3\x01\x90\x23\xfc\x4e\x30\xa9\x7e\xe1\x27\x63\xe7\xed\x64\x3c\xa0\xb8\xc9\x33\x63\xfe\x16\x90\xff\xb0\xb8\xfd\xd7\xa8\xc0\xc0\x94\x43\x0b\xb6\xd5\x59\xa6\x9e\x56\xd0\x24\x1f\x70\x79\xaf\xdb\x39\x54\x0d\x65\x75\xd9\x15\x41\x94\x01\xaf\x5e\xec\xf6\x8d\xf1\xff\xad\x64\xfe\x20\x9a\xd7\x5c\xeb\xfe\xa6\x1f\x08\x64\xa3\x8b\x76\x55\xad\x1e\x3b\x28\x60\x2e\x87\x25\xe8\xaa\xaf\x1f\xc6\x64\x46\x20\xb7\x70\x7f\x3c\xde\x48\xdb\x96\x53\xb7\x39\x77\xe4\x1a\xe2\xc7\x16\x84\x76\x97\x5b\x2f\xbb\x19\x15\x85\xf8\x69\x85\xf5\x99\xa7\xa9\xf2\x34\xa7\xa9\xb6\xa6\x03\xfc\x6f\x86\x3d\x54\x7c\x76\x04\x9b\x6b\xf9\x40\x5d\x00\x34\xc7\x2e\x99\x75\x9d\xe5\x88\x03\xaa\x4d\xf8\x03\xd2\x42\x76\xc0\x1b\x02\x03\x00\xa8\x8b\xa3\x45\x30\x43\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x04\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xcc\xfa\x67\x93\xf0\xb6\xb8\xd0\xa5\xc0\x1e\xf3\x53\xfd\x8c\x53\xdf\x83\xd7\x96\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\xab\x7f\xee\x1c\x16\xa9\x9c\x3c\x51\x00\xa0\xc0\x11\x08\x05\xa7\x99\xe6\x6f\x01\x88\x54\x61\x6e\xf1\xb9\x18\xad\x4a\xad\xfe\x81\x40\x23\x94\x2f\xfb\x75\x7c\x2f\x28\x4b\x62\x24\x81\x82\x0b\xf5\x61\xf1\x1c\x6e\xb8\x61\x38\xeb\x81\xfa\x62\xa1\x3b\x5a\x62\xd3\x94\x65\xc4\xe1\xe6\x6d\x82\xf8\x2f\x25\x70\xb2\x21\x26\xc1\x72\x51\x1f\x8c\x2c\xc3\x84\x90\xc3\x5a\x8f\xba\xcf\xf4\xa7\x65\xa5\xeb\x98\xd1\xfb\x05\xb2\x46\x75\x15\x23\x6a\x6f\x85\x63\x30\x80\xf0\xd5\x9e\x1f\x29\x1c\xc2\x6c\xb0\x50\x59\x5d\x90\x5b\x3b\xa8\x0d\x30\xcf\xbf\x7d\x7f\xce\xf1\x9d\x83\xbd\xc9\x46\x6e\x20\xa6\xf9\x61\x51\xba\x21\x2f\x7b\xbe\xa5\x15\x63\xa1\xd4\x95\x87\xf1\x9e\xb9\xf3\x89\xf3\x3d\x85\xb8\xb8\xdb\xbe\xb5\xb9\x29\xf9\xda\x37\x05\x00\x49\x94\x03\x84\x44\xe7\xbf\x43\x31\xcf\x75\x8b\x25\xd1\xf4\xa6\x64\xf5\x92\xf6\xab\x05\xeb\x3d\xe9\xa5\x0b\x36\x62\xda\xcc\x06\x5f\x36\x8b\xb6\x5e\x31\xb8\x2a\xfb\x5e\xf6\x71\xdf\x44\x26\x9e\xc4\xe6\x0d\x91\xb4\x2e\x75\x95\x80\x51\x6a\x4b\x30\xa6\xb0\x62\xa1\x93\xf1\x9b\xd8\xce\xc4\x63\x75\x3f\x59\x47\xb1", + ["Staat der Nederlanden Root CA - G2"] = "\x30\x82\x05\xca\x30\x82\x03\xb2\xa0\x03\x02\x01\x02\x02\x04\x00\x98\x96\x8c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x5a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4c\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x0c\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x31\x2b\x30\x29\x06\x03\x55\x04\x03\x0c\x22\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x1e\x17\x0d\x30\x38\x30\x33\x32\x36\x31\x31\x31\x38\x31\x37\x5a\x17\x0d\x32\x30\x30\x33\x32\x35\x31\x31\x30\x33\x31\x30\x5a\x30\x5a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4c\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x0c\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x31\x2b\x30\x29\x06\x03\x55\x04\x03\x0c\x22\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xc5\x59\xe7\x6f\x75\xaa\x3e\x4b\x9c\xb5\xb8\xac\x9e\x0b\xe4\xf9\xd9\xca\xab\x5d\x8f\xb5\x39\x10\x82\xd7\xaf\x51\xe0\x3b\xe1\x00\x48\x6a\xcf\xda\xe1\x06\x43\x11\x99\xaa\x14\x25\x12\xad\x22\xe8\x00\x6d\x43\xc4\xa9\xb8\xe5\x1f\x89\x4b\x67\xbd\x61\x48\xef\xfd\xd2\xe0\x60\x88\xe5\xb9\x18\x60\x28\xc3\x77\x2b\xad\xb0\x37\xaa\x37\xde\x64\x59\x2a\x46\x57\xe4\x4b\xb9\xf8\x37\x7c\xd5\x36\xe7\x80\xc1\xb6\xf3\xd4\x67\x9b\x96\xe8\xce\xd7\xc6\x0a\x53\xd0\x6b\x49\x96\xf3\xa3\x0b\x05\x77\x48\xf7\x25\xe5\x70\xac\x30\x14\x20\x25\xe3\x7f\x75\x5a\xe5\x48\xf8\x4e\x7b\x03\x07\x04\xfa\x82\x61\x87\x6e\xf0\x3b\xc4\xa4\xc7\xd0\xf5\x74\x3e\xa5\x5d\x1a\x08\xf2\x9b\x25\xd2\xf6\xac\x04\x26\x3e\x55\x3a\x62\x28\xa5\x7b\xb2\x30\xaf\xf8\x37\xc2\xd1\xba\xd6\x38\xfd\xf4\xef\x49\x30\x37\x99\x26\x21\x48\x85\x01\xa9\xe5\x16\xe7\xdc\x90\x55\xdf\x0f\xe8\x38\xcd\x99\x37\x21\x4f\x5d\xf5\x22\x6f\x6a\xc5\x12\x16\x60\x17\x55\xf2\x65\x66\xa6\xa7\x30\x91\x38\xc1\x38\x1d\x86\x04\x84\xba\x1a\x25\x78\x5e\x9d\xaf\xcc\x50\x60\xd6\x13\x87\x52\xed\x63\x1f\x6d\x65\x7d\xc2\x15\x18\x74\xca\xe1\x7e\x64\x29\x8c\x72\xd8\x16\x13\x7d\x0b\x49\x4a\xf1\x28\x1b\x20\x74\x6b\xc5\x3d\xdd\xb0\xaa\x48\x09\x3d\x2e\x82\x94\xcd\x1a\x65\xd9\x2b\x88\x9a\x99\xbc\x18\x7e\x9f\xee\x7d\x66\x7c\x3e\xbd\x94\xb8\x81\xce\xcd\x98\x30\x78\xc1\x6f\x67\xd0\xbe\x5f\xe0\x68\xed\xde\xe2\xb1\xc9\x2c\x59\x78\x92\xaa\xdf\x2b\x60\x63\xf2\xe5\x5e\xb9\xe3\xca\xfa\x7f\x50\x86\x3e\xa2\x34\x18\x0c\x09\x68\x28\x11\x1c\xe4\xe1\xb9\x5c\x3e\x47\xba\x32\x3f\x18\xcc\x5b\x84\xf5\xf3\x6b\x74\xc4\x72\x74\xe1\xe3\x8b\xa0\x4a\xbd\x8d\x66\x2f\xea\xad\x35\xda\x20\xd3\x88\x82\x61\xf0\x12\x22\xb6\xbc\xd0\xd5\xa4\xec\xaf\x54\x88\x25\x24\x3c\xa7\x6d\xb1\x72\x29\x3f\x3e\x57\xa6\x7f\x55\xaf\x6e\x26\xc6\xfe\xe7\xcc\x40\x5c\x51\x44\x81\x0a\x78\xde\x4a\xce\x55\xbf\x1d\xd5\xd9\xb7\x56\xef\xf0\x76\xff\x0b\x79\xb5\xaf\xbd\xfb\xa9\x69\x91\x46\x97\x68\x80\x14\x36\x1d\xb3\x7f\xbb\x29\x98\x36\xa5\x20\xfa\x82\x60\x62\x33\xa4\xec\xd6\xba\x07\xa7\x6e\xc5\xcf\x14\xa6\xe7\xd6\x92\x34\xd8\x81\xf5\xfc\x1d\x5d\xaa\x5c\x1e\xf6\xa3\x4d\x3b\xb8\xf7\x39\x02\x03\x01\x00\x01\xa3\x81\x97\x30\x81\x94\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x52\x06\x03\x55\x1d\x20\x04\x4b\x30\x49\x30\x47\x06\x04\x55\x1d\x20\x00\x30\x3f\x30\x3d\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x31\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x70\x6b\x69\x6f\x76\x65\x72\x68\x65\x69\x64\x2e\x6e\x6c\x2f\x70\x6f\x6c\x69\x63\x69\x65\x73\x2f\x72\x6f\x6f\x74\x2d\x70\x6f\x6c\x69\x63\x79\x2d\x47\x32\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x91\x68\x32\x87\x15\x1d\x89\xe2\xb5\xf1\xac\x36\x28\x34\x8d\x0b\x7c\x62\x88\xeb\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x02\x01\x00\xa8\x41\x4a\x67\x2a\x92\x81\x82\x50\x6e\xe1\xd7\xd8\xb3\x39\x3b\xf3\x02\x15\x09\x50\x51\xef\x2d\xbd\x24\x7b\x88\x86\x3b\xf9\xb4\xbc\x92\x09\x96\xb9\xf6\xc0\xab\x23\x60\x06\x79\x8c\x11\x4e\x51\xd2\x79\x80\x33\xfb\x9d\x48\xbe\xec\x41\x43\x81\x1f\x7e\x47\x40\x1c\xe5\x7a\x08\xca\xaa\x8b\x75\xad\x14\xc4\xc2\xe8\x66\x3c\x82\x07\xa7\xe6\x27\x82\x5b\x18\xe6\x0f\x6e\xd9\x50\x3e\x8a\x42\x18\x29\xc6\xb4\x56\xfc\x56\x10\xa0\x05\x17\xbd\x0c\x23\x7f\xf4\x93\xed\x9c\x1a\x51\xbe\xdd\x45\x41\xbf\x91\x24\xb4\x1f\x8c\xe9\x5f\xcf\x7b\x21\x99\x9f\x95\x9f\x39\x3a\x46\x1c\x6c\xf9\xcd\x7b\x9c\x90\xcd\x28\xa9\xc7\xa9\x55\xbb\xac\x62\x34\x62\x35\x13\x4b\x14\x3a\x55\x83\xb9\x86\x8d\x92\xa6\xc6\xf4\x07\x25\x54\xcc\x16\x57\x12\x4a\x82\x78\xc8\x14\xd9\x17\x82\x26\x2d\x5d\x20\x1f\x79\xae\xfe\xd4\x70\x16\x16\x95\x83\xd8\x35\x39\xff\x52\x5d\x75\x1c\x16\xc5\x13\x55\xcf\x47\xcc\x75\x65\x52\x4a\xde\xf0\xb0\xa7\xe4\x0a\x96\x0b\xfb\xad\xc2\xe2\x25\x84\xb2\xdd\xe4\xbd\x7e\x59\x6c\x9b\xf0\xf0\xd8\xe7\xca\xf2\xe9\x97\x38\x7e\x89\xbe\xcc\xfb\x39\x17\x61\x3f\x72\xdb\x3a\x91\xd8\x65\x01\x19\x1d\xad\x50\xa4\x57\x0a\x7c\x4b\xbc\x9c\x71\x73\x2a\x45\x51\x19\x85\xcc\x8e\xfd\x47\xa7\x74\x95\x1d\xa8\xd1\xaf\x4e\x17\xb1\x69\x26\xc2\xaa\x78\x57\x5b\xc5\x4d\xa7\xe5\x9e\x05\x17\x94\xca\xb2\x5f\xa0\x49\x18\x8d\x34\xe9\x26\x6c\x48\x1e\xaa\x68\x92\x05\xe1\x82\x73\x5a\x9b\xdc\x07\x5b\x08\x6d\x7d\x9d\xd7\x8d\x21\xd9\xfc\x14\x20\xaa\xc2\x45\xdf\x3f\xe7\x00\xb2\x51\xe4\xc2\xf8\x05\xb9\x79\x1a\x8c\x34\xf3\x9e\x5b\xe4\x37\x5b\x6b\x4a\xdf\x2c\x57\x8a\x40\x5a\x36\xba\xdd\x75\x44\x08\x37\x42\x70\x0c\xfe\xdc\x5e\x21\xa0\xa3\x8a\xc0\x90\x9c\x68\xda\x50\xe6\x45\x10\x47\x78\xb6\x4e\xd2\x65\xc9\xc3\x37\xdf\xe1\x42\x63\xb0\x57\x37\x45\x2d\x7b\x8a\x9c\xbf\x05\xea\x65\x55\x33\xf7\x39\x10\xc5\x28\x2a\x21\x7a\x1b\x8a\xc4\x24\xf9\x3f\x15\xc8\x9a\x15\x20\xf5\x55\x62\x96\xed\x6d\x93\x50\xbc\xe4\xaa\x78\xad\xd9\xcb\x0a\x65\x87\xa6\x66\xc1\xc4\x81\xa3\x77\x3a\x58\x1e\x0b\xee\x83\x8b\x9d\x1e\xd2\x52\xa4\xcc\x1d\x6f\xb0\x98\x6d\x94\x31\xb5\xf8\x71\x0a\xdc\xb9\xfc\x7d\x32\x60\xe6\xeb\xaf\x8a\x01", + ["CA Disig"] = "\x30\x82\x04\x0f\x30\x82\x02\xf7\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x4b\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0a\x42\x72\x61\x74\x69\x73\x6c\x61\x76\x61\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a\x44\x69\x73\x69\x67\x20\x61\x2e\x73\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x03\x13\x08\x43\x41\x20\x44\x69\x73\x69\x67\x30\x1e\x17\x0d\x30\x36\x30\x33\x32\x32\x30\x31\x33\x39\x33\x34\x5a\x17\x0d\x31\x36\x30\x33\x32\x32\x30\x31\x33\x39\x33\x34\x5a\x30\x4a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x4b\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0a\x42\x72\x61\x74\x69\x73\x6c\x61\x76\x61\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a\x44\x69\x73\x69\x67\x20\x61\x2e\x73\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x03\x13\x08\x43\x41\x20\x44\x69\x73\x69\x67\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x92\xf6\x31\xc1\x7d\x88\xfd\x99\x01\xa9\xd8\x7b\xf2\x71\x75\xf1\x31\xc6\xf3\x75\x66\xfa\x51\x28\x46\x84\x97\x78\x34\xbc\x6c\xfc\xbc\x45\x59\x88\x26\x18\x4a\xc4\x37\x1f\xa1\x4a\x44\xbd\xe3\x71\x04\xf5\x44\x17\xe2\x3f\xfc\x48\x58\x6f\x5c\x9e\x7a\x09\xba\x51\x37\x22\x23\x66\x43\x21\xb0\x3c\x64\xa2\xf8\x6a\x15\x0e\x3f\xeb\x51\xe1\x54\xa9\xdd\x06\x99\xd7\x9a\x3c\x54\x8b\x39\x03\x3f\x0f\xc5\xce\xc6\xeb\x83\x72\x02\xa8\x1f\x71\xf3\x2d\xf8\x75\x08\xdb\x62\x4c\xe8\xfa\xce\xf9\xe7\x6a\x1f\xb6\x6b\x35\x82\xba\xe2\x8f\x16\x92\x7d\x05\x0c\x6c\x46\x03\x5d\xc0\xed\x69\xbf\x3a\xc1\x8a\xa0\xe8\x8e\xd9\xb9\x45\x28\x87\x08\xec\xb4\xca\x15\xbe\x82\xdd\xb5\x44\x8b\x2d\xad\x86\x0c\x68\x62\x6d\x85\x56\xf2\xac\x14\x63\x3a\xc6\xd1\x99\xac\x34\x78\x56\x4b\xcf\xb6\xad\x3f\x8c\x8a\xd7\x04\xe5\xe3\x78\x4c\xf5\x86\xaa\xf5\x8f\xfa\x3d\x6c\x71\xa3\x2d\xca\x67\xeb\x68\x7b\x6e\x33\xa9\x0c\x82\x28\xa8\x4c\x6a\x21\x40\x15\x20\x0c\x26\x5b\x83\xc2\xa9\x16\x15\xc0\x24\x82\x5d\x2b\x16\xad\xca\x63\xf6\x74\x00\xb0\xdf\x43\xc4\x10\x60\x56\x67\x63\x45\x02\x03\x01\x00\x01\xa3\x81\xff\x30\x81\xfc\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x8d\xb2\x49\x68\x9d\x72\x08\x25\xb9\xc0\x27\xf5\x50\x93\x56\x48\x46\x71\xf9\x8f\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x36\x06\x03\x55\x1d\x11\x04\x2f\x30\x2d\x81\x13\x63\x61\x6f\x70\x65\x72\x61\x74\x6f\x72\x40\x64\x69\x73\x69\x67\x2e\x73\x6b\x86\x16\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x64\x69\x73\x69\x67\x2e\x73\x6b\x2f\x63\x61\x30\x66\x06\x03\x55\x1d\x1f\x04\x5f\x30\x5d\x30\x2d\xa0\x2b\xa0\x29\x86\x27\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x64\x69\x73\x69\x67\x2e\x73\x6b\x2f\x63\x61\x2f\x63\x72\x6c\x2f\x63\x61\x5f\x64\x69\x73\x69\x67\x2e\x63\x72\x6c\x30\x2c\xa0\x2a\xa0\x28\x86\x26\x68\x74\x74\x70\x3a\x2f\x2f\x63\x61\x2e\x64\x69\x73\x69\x67\x2e\x73\x6b\x2f\x63\x61\x2f\x63\x72\x6c\x2f\x63\x61\x5f\x64\x69\x73\x69\x67\x2e\x63\x72\x6c\x30\x1a\x06\x03\x55\x1d\x20\x04\x13\x30\x11\x30\x0f\x06\x0d\x2b\x81\x1e\x91\x93\xe6\x0a\x00\x00\x00\x01\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5d\x34\x74\x61\x4c\xaf\x3b\xd8\xff\x9f\x6d\x58\x36\x1c\x3d\x0b\x81\x0d\x12\x2b\x46\x10\x80\xfd\xe7\x3c\x27\xd0\x7a\xc8\xa9\xb6\x7e\x74\x30\x33\xa3\x3a\x8a\x7b\x74\xc0\x79\x79\x42\x93\x6d\xff\xb1\x29\x14\x82\xab\x21\x8c\x2f\x17\xf9\x3f\x26\x2f\xf5\x59\xc6\xef\x80\x06\xb7\x9a\x49\x29\xec\xce\x7e\x71\x3c\x6a\x10\x41\xc0\xf6\xd3\x9a\xb2\x7c\x5a\x91\x9c\xc0\xac\x5b\xc8\x4d\x5e\xf7\xe1\x53\xff\x43\x77\xfc\x9e\x4b\x67\x6c\xd7\xf3\x83\xd1\xa0\xe0\x7f\x25\xdf\xb8\x98\x0b\x9a\x32\x38\x6c\x30\xa0\xf3\xff\x08\x15\x33\xf7\x50\x4a\x7b\x3e\xa3\x3e\x20\xa9\xdc\x2f\x56\x80\x0a\xed\x41\x50\xb0\xc9\xf4\xec\xb2\xe3\x26\x44\x00\x0e\x6f\x9e\x06\xbc\x22\x96\x53\x70\x65\xc4\x50\x0a\x46\x6b\xa4\x2f\x27\x81\x12\x27\x13\x5f\x10\xa1\x76\xce\x8a\x7b\x37\xea\xc3\x39\x61\x03\x95\x98\x3a\xe7\x6c\x88\x25\x08\xfc\x79\x68\x0d\x87\x7d\x62\xf8\xb4\x5f\xfb\xc5\xd8\x4c\xbd\x58\xbc\x3f\x43\x5b\xd4\x1e\x01\x4d\x3c\x63\xbe\x23\xef\x8c\xcd\x5a\x50\xb8\x68\x54\xf9\x0a\x99\x33\x11\x00\xe1\x9e\xc2\x46\x77\x82\xf5\x59\x06\x8c\x21\x4c\x87\x09\xcd\xe5\xa8", + ["Juur-SK"] = "\x30\x82\x04\xe6\x30\x82\x03\xce\xa0\x03\x02\x01\x02\x02\x04\x3b\x8e\x4b\xfc\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x5d\x31\x18\x30\x16\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x09\x70\x6b\x69\x40\x73\x6b\x2e\x65\x65\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x45\x31\x22\x30\x20\x06\x03\x55\x04\x0a\x13\x19\x41\x53\x20\x53\x65\x72\x74\x69\x66\x69\x74\x73\x65\x65\x72\x69\x6d\x69\x73\x6b\x65\x73\x6b\x75\x73\x31\x10\x30\x0e\x06\x03\x55\x04\x03\x13\x07\x4a\x75\x75\x72\x2d\x53\x4b\x30\x1e\x17\x0d\x30\x31\x30\x38\x33\x30\x31\x34\x32\x33\x30\x31\x5a\x17\x0d\x31\x36\x30\x38\x32\x36\x31\x34\x32\x33\x30\x31\x5a\x30\x5d\x31\x18\x30\x16\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x09\x70\x6b\x69\x40\x73\x6b\x2e\x65\x65\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x45\x31\x22\x30\x20\x06\x03\x55\x04\x0a\x13\x19\x41\x53\x20\x53\x65\x72\x74\x69\x66\x69\x74\x73\x65\x65\x72\x69\x6d\x69\x73\x6b\x65\x73\x6b\x75\x73\x31\x10\x30\x0e\x06\x03\x55\x04\x03\x13\x07\x4a\x75\x75\x72\x2d\x53\x4b\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x81\x71\x36\x3e\x33\x07\xd6\xe3\x30\x8d\x13\x7e\x77\x32\x46\xcb\xcf\x19\xb2\x60\x31\x46\x97\x86\xf4\x98\x46\xa4\xc2\x65\x45\xcf\xd3\x40\x7c\xe3\x5a\x22\xa8\x10\x78\x33\xcc\x88\xb1\xd3\x81\x4a\xf6\x62\x17\x7b\x5f\x4d\x0a\x2e\xd0\xcf\x8b\x23\xee\x4f\x02\x4e\xbb\xeb\x0e\xca\xbd\x18\x63\xe8\x80\x1c\x8d\xe1\x1c\x8d\x3d\xe0\xff\x5b\x5f\xea\x64\xe5\x97\xe8\x3f\x99\x7f\x0c\x0a\x09\x33\x00\x1a\x53\xa7\x21\xe1\x38\x4b\xd6\x83\x1b\xad\xaf\x64\xc2\xf9\x1c\x7a\x8c\x66\x48\x4d\x66\x1f\x18\x0a\xe2\x3e\xbb\x1f\x07\x65\x93\x85\xb9\x1a\xb0\xb9\xc4\xfb\x0d\x11\xf6\xf5\xd6\xf9\x1b\xc7\x2c\x2b\xb7\x18\x51\xfe\xe0\x7b\xf6\xa8\x48\xaf\x6c\x3b\x4f\x2f\xef\xf8\xd1\x47\x1e\x26\x57\xf0\x51\x1d\x33\x96\xff\xef\x59\x3d\xda\x4d\xd1\x15\x34\xc7\xea\x3f\x16\x48\x7b\x91\x1c\x80\x43\x0f\x3d\xb8\x05\x3e\xd1\xb3\x95\xcd\xd8\xca\x0f\xc2\x43\x67\xdb\xb7\x93\xe0\x22\x82\x2e\xbe\xf5\x68\x28\x83\xb9\xc1\x3b\x69\x7b\x20\xda\x4e\x9c\x6d\xe1\xba\xcd\x8f\x7a\x6c\xb0\x09\x22\xd7\x8b\x0b\xdb\x1c\xd5\x5a\x26\x5b\x0d\xc0\xea\xe5\x60\xd0\x9f\xfe\x35\xdf\x3f\x02\x03\x01\x00\x01\xa3\x82\x01\xac\x30\x82\x01\xa8\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x82\x01\x16\x06\x03\x55\x1d\x20\x04\x82\x01\x0d\x30\x82\x01\x09\x30\x82\x01\x05\x06\x0a\x2b\x06\x01\x04\x01\xce\x1f\x01\x01\x01\x30\x81\xf6\x30\x81\xd0\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x81\xc3\x1e\x81\xc0\x00\x53\x00\x65\x00\x65\x00\x20\x00\x73\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x6b\x00\x61\x00\x61\x00\x74\x00\x20\x00\x6f\x00\x6e\x00\x20\x00\x76\x00\xe4\x00\x6c\x00\x6a\x00\x61\x00\x73\x00\x74\x00\x61\x00\x74\x00\x75\x00\x64\x00\x20\x00\x41\x00\x53\x00\x2d\x00\x69\x00\x73\x00\x20\x00\x53\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x74\x00\x73\x00\x65\x00\x65\x00\x72\x00\x69\x00\x6d\x00\x69\x00\x73\x00\x6b\x00\x65\x00\x73\x00\x6b\x00\x75\x00\x73\x00\x20\x00\x61\x00\x6c\x00\x61\x00\x6d\x00\x2d\x00\x53\x00\x4b\x00\x20\x00\x73\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x6b\x00\x61\x00\x61\x00\x74\x00\x69\x00\x64\x00\x65\x00\x20\x00\x6b\x00\x69\x00\x6e\x00\x6e\x00\x69\x00\x74\x00\x61\x00\x6d\x00\x69\x00\x73\x00\x65\x00\x6b\x00\x73\x30\x21\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x15\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x73\x6b\x2e\x65\x65\x2f\x63\x70\x73\x2f\x30\x2b\x06\x03\x55\x1d\x1f\x04\x24\x30\x22\x30\x20\xa0\x1e\xa0\x1c\x86\x1a\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x73\x6b\x2e\x65\x65\x2f\x6a\x75\x75\x72\x2f\x63\x72\x6c\x2f\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x04\xaa\x7a\x47\xa3\xe4\x89\xaf\x1a\xcf\x0a\x40\xa7\x18\x3f\x6f\xef\xe9\x7d\xbe\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x04\xaa\x7a\x47\xa3\xe4\x89\xaf\x1a\xcf\x0a\x40\xa7\x18\x3f\x6f\xef\xe9\x7d\xbe\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xe6\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7b\xc1\x18\x94\x53\xa2\x09\xf3\xfe\x26\x67\x9a\x50\xe4\xc3\x05\x2f\x2b\x35\x78\x91\x4c\x7c\xa8\x11\x11\x79\x4c\x49\x59\xac\xc8\xf7\x85\x65\x5c\x46\xbb\x3b\x10\xa0\x02\xaf\xcd\x4f\xb5\xcc\x36\x2a\xec\x5d\xfe\xef\xa0\x91\xc9\xb6\x93\x6f\x7c\x80\x54\xec\xc7\x08\x70\x0d\x8e\xfb\x82\xec\x2a\x60\x78\x69\x36\x36\xd1\xc5\x9c\x8b\x69\xb5\x40\xc8\x94\x65\x77\xf2\x57\x21\x66\x3b\xce\x85\x40\xb6\x33\x63\x1a\xbf\x79\x1e\xfc\x5c\x1d\xd3\x1d\x93\x1b\x8b\x0c\x5d\x85\xbd\x99\x30\x32\x18\x09\x91\x52\xe9\x7c\xa1\xba\xff\x64\x92\x9a\xec\xfe\x35\xee\x8c\x2f\xae\xfc\x20\x86\xec\x4a\xde\x1b\x78\x32\x37\xa6\x81\xd2\x9d\xaf\x5a\x12\x16\xca\x99\x5b\xfc\x6f\x6d\x0e\xc5\xa0\x1e\x86\xc9\x91\xd0\x5c\x98\x82\x5f\x63\x0c\x8a\x5a\xab\xd8\x95\xa6\xcc\xcb\x8a\xd6\xbf\x64\x4b\x8e\xca\x8a\xb2\xb0\xe9\x21\x32\x9e\xaa\xa8\x85\x98\x34\x81\x39\x21\x3b\xa8\x3a\x52\x32\x3d\xf6\x6b\x37\x86\x06\x5a\x15\x98\xdc\xf0\x11\x66\xfe\x34\x20\xb7\x03\xf4\x41\x10\x7d\x39\x84\x79\x96\x72\x63\xb6\x96\x02\xe5\x6b\xb9\xad\x19\x4d\xbb\xc6\x44\xdb\x36\xcb\x2a\x9c\x8e", + ["Hongkong Post Root CA 1"] = "\x30\x82\x03\x30\x30\x82\x02\x18\xa0\x03\x02\x01\x02\x02\x02\x03\xe8\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x47\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x4b\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x48\x6f\x6e\x67\x6b\x6f\x6e\x67\x20\x50\x6f\x73\x74\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x48\x6f\x6e\x67\x6b\x6f\x6e\x67\x20\x50\x6f\x73\x74\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x31\x30\x1e\x17\x0d\x30\x33\x30\x35\x31\x35\x30\x35\x31\x33\x31\x34\x5a\x17\x0d\x32\x33\x30\x35\x31\x35\x30\x34\x35\x32\x32\x39\x5a\x30\x47\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x4b\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x48\x6f\x6e\x67\x6b\x6f\x6e\x67\x20\x50\x6f\x73\x74\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x48\x6f\x6e\x67\x6b\x6f\x6e\x67\x20\x50\x6f\x73\x74\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xac\xff\x38\xb6\xe9\x66\x02\x49\xe3\xa2\xb4\xe1\x90\xf9\x40\x8f\x79\xf9\xe2\xbd\x79\xfe\x02\xbd\xee\x24\x92\x1d\x22\xf6\xda\x85\x72\x69\xfe\xd7\x3f\x09\xd4\xdd\x91\xb5\x02\x9c\xd0\x8d\x5a\xe1\x55\xc3\x50\x86\xb9\x29\x26\xc2\xe3\xd9\xa0\xf1\x69\x03\x28\x20\x80\x45\x22\x2d\x56\xa7\x3b\x54\x95\x56\x22\x59\x1f\x28\xdf\x1f\x20\x3d\x6d\xa2\x36\xbe\x23\xa0\xb1\x6e\xb5\xb1\x27\x3f\x39\x53\x09\xea\xab\x6a\xe8\x74\xb2\xc2\x65\x5c\x8e\xbf\x7c\xc3\x78\x84\xcd\x9e\x16\xfc\xf5\x2e\x4f\x20\x2a\x08\x9f\x77\xf3\xc5\x1e\xc4\x9a\x52\x66\x1e\x48\x5e\xe3\x10\x06\x8f\x22\x98\xe1\x65\x8e\x1b\x5d\x23\x66\x3b\xb8\xa5\x32\x51\xc8\x86\xaa\xa1\xa9\x9e\x7f\x76\x94\xc2\xa6\x6c\xb7\x41\xf0\xd5\xc8\x06\x38\xe6\xd4\x0c\xe2\xf3\x3b\x4c\x6d\x50\x8c\xc4\x83\x27\xc1\x13\x84\x59\x3d\x9e\x75\x74\xb6\xd8\x02\x5e\x3a\x90\x7a\xc0\x42\x36\x72\xec\x6a\x4d\xdc\xef\xc4\x00\xdf\x13\x18\x57\x5f\x26\x78\xc8\xd6\x0a\x79\x77\xbf\xf7\xaf\xb7\x76\xb9\xa5\x0b\x84\x17\x5d\x10\xea\x6f\xe1\xab\x95\x11\x5f\x6d\x3c\xa3\x5c\x4d\x83\x5b\xf2\xb3\x19\x8a\x80\x8b\x0b\x87\x02\x03\x01\x00\x01\xa3\x26\x30\x24\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x03\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xc6\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x0e\x46\xd5\x3c\xae\xe2\x87\xd9\x5e\x81\x8b\x02\x98\x41\x08\x8c\x4c\xbc\xda\xdb\xee\x27\x1b\x82\xe7\x6a\x45\xec\x16\x8b\x4f\x85\xa0\xf3\xb2\x70\xbd\x5a\x96\xba\xca\x6e\x6d\xee\x46\x8b\x6e\xe7\x2a\x2e\x96\xb3\x19\x33\xeb\xb4\x9f\xa8\xb2\x37\xee\x98\xa8\x97\xb6\x2e\xb6\x67\x27\xd4\xa6\x49\xfd\x1c\x93\x65\x76\x9e\x42\x2f\xdc\x22\x6c\x9a\x4f\xf2\x5a\x15\x39\xb1\x71\xd7\x2b\x51\xe8\x6d\x1c\x98\xc0\xd9\x2a\xf4\xa1\x82\x7b\xd5\xc9\x41\xa2\x23\x01\x74\x38\x55\x8b\x0f\xb9\x2e\x67\xa2\x20\x04\x37\xda\x9c\x0b\xd3\x17\x21\xe0\x8f\x97\x79\x34\x6f\x84\x48\x02\x20\x33\x1b\xe6\x34\x44\x9f\x91\x70\xf4\x80\x5e\x84\x43\xc2\x29\xd2\x6c\x12\x14\xe4\x61\x8d\xac\x10\x90\x9e\x84\x50\xbb\xf0\x96\x6f\x45\x9f\x8a\xf3\xca\x6c\x4f\xfa\x11\x3a\x15\x15\x46\xc3\xcd\x1f\x83\x5b\x2d\x41\x12\xed\x50\x67\x41\x13\x3d\x21\xab\x94\x8a\xaa\x4e\x7c\xc1\xb1\xfb\xa7\xd6\xb5\x27\x2f\x97\xab\x6e\xe0\x1d\xe2\xd1\x1c\x2c\x1f\x44\xe2\xfc\xbe\x91\xa1\x9c\xfb\xd6\x29\x53\x73\x86\x9f\x53\xd8\x43\x0e\x5d\xd6\x63\x82\x71\x1d\x80\x74\xca\xf6\xe2\x02\x6b\xd9\x5a", + ["SecureSign RootCA11"] = "\x30\x82\x03\x6d\x30\x82\x02\x55\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x58\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x2b\x30\x29\x06\x03\x55\x04\x0a\x13\x22\x4a\x61\x70\x61\x6e\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x2c\x20\x49\x6e\x63\x2e\x31\x1c\x30\x1a\x06\x03\x55\x04\x03\x13\x13\x53\x65\x63\x75\x72\x65\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x43\x41\x31\x31\x30\x1e\x17\x0d\x30\x39\x30\x34\x30\x38\x30\x34\x35\x36\x34\x37\x5a\x17\x0d\x32\x39\x30\x34\x30\x38\x30\x34\x35\x36\x34\x37\x5a\x30\x58\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x2b\x30\x29\x06\x03\x55\x04\x0a\x13\x22\x4a\x61\x70\x61\x6e\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x2c\x20\x49\x6e\x63\x2e\x31\x1c\x30\x1a\x06\x03\x55\x04\x03\x13\x13\x53\x65\x63\x75\x72\x65\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x43\x41\x31\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xfd\x77\xaa\xa5\x1c\x90\x05\x3b\xcb\x4c\x9b\x33\x8b\x5a\x14\x45\xa4\xe7\x90\x16\xd1\xdf\x57\xd2\x21\x10\xa4\x17\xfd\xdf\xac\xd6\x1f\xa7\xe4\xdb\x7c\xf7\xec\xdf\xb8\x03\xda\x94\x58\xfd\x5d\x72\x7c\x8c\x3f\x5f\x01\x67\x74\x15\x96\xe3\x02\x3c\x87\xdb\xae\xcb\x01\x8e\xc2\xf3\x66\xc6\x85\x45\xf4\x02\xc6\x3a\xb5\x62\xb2\xaf\xfa\x9c\xbf\xa4\xe6\xd4\x80\x30\x98\xf3\x0d\xb6\x93\x8f\xa9\xd4\xd8\x36\xf2\xb0\xfc\x8a\xca\x2c\xa1\x15\x33\x95\x31\xda\xc0\x1b\xf2\xee\x62\x99\x86\x63\x3f\xbf\xdd\x93\x2a\x83\xa8\x76\xb9\x13\x1f\xb7\xce\x4e\x42\x85\x8f\x22\xe7\x2e\x1a\xf2\x95\x09\xb2\x05\xb5\x44\x4e\x77\xa1\x20\xbd\xa9\xf2\x4e\x0a\x7d\x50\xad\xf5\x05\x0d\x45\x4f\x46\x71\xfd\x28\x3e\x53\xfb\x04\xd8\x2d\xd7\x65\x1d\x4a\x1b\xfa\xcf\x3b\xb0\x31\x9a\x35\x6e\xc8\x8b\x06\xd3\x00\x91\xf2\x94\x08\x65\x4c\xb1\x34\x06\x00\x7a\x89\xe2\xf0\xc7\x03\x59\xcf\xd5\xd6\xe8\xa7\x32\xb3\xe6\x98\x40\x86\xc5\xcd\x27\x12\x8b\xcc\x7b\xce\xb7\x11\x3c\x62\x60\x07\x23\x3e\x2b\x40\x6e\x94\x80\x09\x6d\xb6\xb3\x6f\x77\x6f\x35\x08\x50\xfb\x02\x87\xc5\x3e\x89\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x5b\xf8\x4d\x4f\xb2\xa5\x86\xd4\x3a\xd2\xf1\x63\x9a\xa0\xbe\x09\xf6\x57\xb7\xde\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xa0\xa1\x38\x16\x66\x2e\xa7\x56\x1f\x21\x9c\x06\xfa\x1d\xed\xb9\x22\xc5\x38\x26\xd8\x4e\x4f\xec\xa3\x7f\x79\xde\x46\x21\xa1\x87\x77\x8f\x07\x08\x9a\xb2\xa4\xc5\xaf\x0f\x32\x98\x0b\x7c\x66\x29\xb6\x9b\x7d\x25\x52\x49\x43\xab\x4c\x2e\x2b\x6e\x7a\x70\xaf\x16\x0e\xe3\x02\x6c\xfb\x42\xe6\x18\x9d\x45\xd8\x55\xc8\xe8\x3b\xdd\xe7\xe1\xf4\x2e\x0b\x1c\x34\x5c\x6c\x58\x4a\xfb\x8c\x88\x50\x5f\x95\x1c\xbf\xed\xab\x22\xb5\x65\xb3\x85\xba\x9e\x0f\xb8\xad\xe5\x7a\x1b\x8a\x50\x3a\x1d\xbd\x0d\xbc\x7b\x54\x50\x0b\xb9\x42\xaf\x55\xa0\x18\x81\xad\x65\x99\xef\xbe\xe4\x9c\xbf\xc4\x85\xab\x41\xb2\x54\x6f\xdc\x25\xcd\xed\x78\xe2\x8e\x0c\x8d\x09\x49\xdd\x63\x7b\x5a\x69\x96\x02\x21\xa8\xbd\x52\x59\xe9\x7d\x35\xcb\xc8\x52\xca\x7f\x81\xfe\xd9\x6b\xd3\xf7\x11\xed\x25\xdf\xf8\xe7\xf9\xa4\xfa\x72\x97\x84\x53\x0d\xa5\xd0\x32\x18\x51\x76\x59\x14\x6c\x0f\xeb\xec\x5f\x80\x8c\x75\x43\x83\xc3\x85\x98\xff\x4c\x9e\x2d\x0d\xe4\x77\x83\x93\x4e\xb5\x96\x07\x8b\x28\x13\x9b\x8c\x19\x8d\x41\x27\x49\x40\xee\xde\xe6\x23\x44\x39\xdc\xa1\x22\xd6\xba\x03\xf2", + ["ACEDICOM Root"] = "\x30\x82\x05\xb5\x30\x82\x03\x9d\xa0\x03\x02\x01\x02\x02\x08\x61\x8d\xc7\x86\x3b\x01\x82\x05\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x44\x31\x16\x30\x14\x06\x03\x55\x04\x03\x0c\x0d\x41\x43\x45\x44\x49\x43\x4f\x4d\x20\x52\x6f\x6f\x74\x31\x0c\x30\x0a\x06\x03\x55\x04\x0b\x0c\x03\x50\x4b\x49\x31\x0f\x30\x0d\x06\x03\x55\x04\x0a\x0c\x06\x45\x44\x49\x43\x4f\x4d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x30\x1e\x17\x0d\x30\x38\x30\x34\x31\x38\x31\x36\x32\x34\x32\x32\x5a\x17\x0d\x32\x38\x30\x34\x31\x33\x31\x36\x32\x34\x32\x32\x5a\x30\x44\x31\x16\x30\x14\x06\x03\x55\x04\x03\x0c\x0d\x41\x43\x45\x44\x49\x43\x4f\x4d\x20\x52\x6f\x6f\x74\x31\x0c\x30\x0a\x06\x03\x55\x04\x0b\x0c\x03\x50\x4b\x49\x31\x0f\x30\x0d\x06\x03\x55\x04\x0a\x0c\x06\x45\x44\x49\x43\x4f\x4d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xff\x92\x95\xe1\x68\x06\x76\xb4\x2c\xc8\x58\x48\xca\xfd\x80\x54\x29\x55\x63\x24\xff\x90\x65\x9b\x10\x75\x7b\xc3\x6a\xdb\x62\x02\x01\xf2\x18\x86\xb5\x7c\x5a\x38\xb1\xe4\x58\xb9\xfb\xd3\xd8\x2d\x9f\xbd\x32\x37\xbf\x2c\x15\x6d\xbe\xb5\xf4\x21\xd2\x13\x91\xd9\x07\xad\x01\x05\xd6\xf3\xbd\x77\xce\x5f\x42\x81\x0a\xf9\x6a\xe3\x83\x00\xa8\x2b\x2e\x55\x13\x63\x81\xca\x47\x1c\x7b\x5c\x16\x57\x7a\x1b\x83\x60\x04\x3a\x3e\x65\xc3\xcd\x01\xde\xde\xa4\xd6\x0c\xba\x8e\xde\xd9\x04\xee\x17\x56\x22\x9b\x8f\x63\xfd\x4d\x16\x0b\xb7\x7b\x77\x8c\xf9\x25\xb5\xd1\x6d\x99\x12\x2e\x4f\x1a\xb8\xe6\xea\x04\x92\xae\x3d\x11\xb9\x51\x42\x3d\x87\xb0\x31\x85\xaf\x79\x5a\x9c\xfe\xe7\x4e\x5e\x92\x4f\x43\xfc\xab\x3a\xad\xa5\x12\x26\x66\xb9\xe2\x0c\xd7\x98\xce\xd4\x58\xa5\x95\x40\x0a\xb7\x44\x9d\x13\x74\x2b\xc2\xa5\xeb\x22\x15\x98\x10\xd8\x8b\xc5\x04\x9f\x1d\x8f\x60\xe5\x06\x1b\x9b\xcf\xb9\x79\xa0\x3d\xa2\x23\x3f\x42\x3f\x6b\xfa\x1c\x03\x7b\x30\x8d\xce\x6c\xc0\xbf\xe6\x1b\x5f\xbf\x67\xb8\x84\x19\xd5\x15\xef\x7b\xcb\x90\x36\x31\x62\xc9\xbc\x02\xab\x46\x5f\x9b\xfe\x1a\x68\x94\x34\x3d\x90\x8e\xad\xf6\xe4\x1d\x09\x7f\x4a\x88\x38\x3f\xbe\x67\xfd\x34\x96\xf5\x1d\xbc\x30\x74\xcb\x38\xee\xd5\x6c\xab\xd4\xfc\xf4\x00\xb7\x00\x5b\x85\x32\x16\x76\x33\xe9\xd8\xa3\x99\x9d\x05\x00\xaa\x16\xe6\xf3\x81\x7d\x6f\x7d\xaa\x86\x6d\xad\x15\x74\xd3\xc4\xa2\x71\xaa\xf4\x14\x7d\xe7\x32\xb8\x1f\xbc\xd5\xf1\x4e\xbd\x6f\x17\x02\x39\xd7\x0e\x95\x42\x3a\xc7\x00\x3e\xe9\x26\x63\x11\xea\x0b\xd1\x4a\xff\x18\x9d\xb2\xd7\x7b\x2f\x3a\xd9\x96\xfb\xe8\x1e\x92\xae\x13\x55\xc8\xd9\x27\xf6\xdc\x48\x1b\xb0\x24\xc1\x85\xe3\x77\x9d\x9a\xa4\xf3\x0c\x11\x1d\x0d\xc8\xb4\x14\xee\xb5\x82\x57\x09\xbf\x20\x58\x7f\x2f\x22\x23\xd8\x70\xcb\x79\x6c\xc9\x4b\xf2\xa9\x2a\xc8\xfc\x87\x2b\xd7\x1a\x50\xf8\x27\xe8\x2f\x43\xe3\x3a\xbd\xd8\x57\x71\xfd\xce\xa6\x52\x5b\xf9\xdd\x4d\xed\xe5\xf6\x6f\x89\xed\xbb\x93\x9c\x76\x21\x75\xf0\x92\x4c\x29\xf7\x2f\x9c\x01\x2e\xfe\x50\x46\x9e\x64\x0c\x14\xb3\x07\x5b\xc5\xc2\x73\x6c\xf1\x07\x5c\x45\x24\x14\x35\xae\x83\xf1\x6a\x4d\x89\x7a\xfa\xb3\xd8\x2d\x66\xf0\x36\x87\xf5\x2b\x53\x02\x03\x01\x00\x01\xa3\x81\xaa\x30\x81\xa7\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xa6\xb3\xe1\x2b\x2b\x49\xb6\xd7\x73\xa1\xaa\x94\xf5\x01\xe7\x73\x65\x4c\xac\x50\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xa6\xb3\xe1\x2b\x2b\x49\xb6\xd7\x73\xa1\xaa\x94\xf5\x01\xe7\x73\x65\x4c\xac\x50\x30\x44\x06\x03\x55\x1d\x20\x04\x3d\x30\x3b\x30\x39\x06\x04\x55\x1d\x20\x00\x30\x31\x30\x2f\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3a\x2f\x2f\x61\x63\x65\x64\x69\x63\x6f\x6d\x2e\x65\x64\x69\x63\x6f\x6d\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6d\x2f\x64\x6f\x63\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\xce\x2c\x0b\x52\x51\x62\x26\x7d\x0c\x27\x83\x8f\xc5\xf6\xda\xa0\x68\x7b\x4f\x92\x5e\xea\xa4\x73\x32\x11\x53\x44\xb2\x44\xcb\x9d\xec\x0f\x79\x42\xb3\x10\xa6\xc7\x0d\x9d\xcb\xb6\xfa\x3f\x3a\x7c\xea\xbf\x88\x53\x1b\x3c\xf7\x82\xfa\x05\x35\x33\xe1\x35\xa8\x57\xc0\xe7\xfd\x8d\x4f\x3f\x93\x32\x4f\x78\x66\x03\x77\x07\x58\xe9\x95\xc8\x7e\x3e\xd0\x79\x00\x8c\xf2\x1b\x51\x33\x9b\xbc\x94\xe9\x3a\x7b\x6e\x52\x2d\x32\x9e\x23\xa4\x45\xfb\xb6\x2e\x13\xb0\x8b\x18\xb1\xdd\xce\xd5\x1d\xa7\x42\x7f\x55\xbe\xfb\x5b\xbb\x47\xd4\xfc\x24\xcd\x04\xae\x96\x05\x15\xd6\xac\xce\x30\xf3\xca\x0b\xc5\xba\xe2\x22\xe0\xa6\xad\x22\xe4\x02\xee\x74\x11\x7f\x4c\xff\x78\x1d\x35\xda\xe6\x02\x34\xeb\x18\x12\x61\x77\x06\x09\x16\x63\xea\x18\xad\xa2\x87\x1f\xf2\xc7\x80\x09\x09\x75\x4e\x10\xa8\x8f\x3d\x86\xb8\x75\x11\xc0\x24\x62\x8a\x96\x7b\x4a\x45\xe9\xec\x59\xc5\xbe\x6b\x83\xe6\xe1\xe8\xac\xb5\x30\x1e\xfe\x05\x07\x80\xf9\xe1\x23\x0d\x50\x8f\x05\x98\xff\x2c\x5f\xe8\x3b\xb6\xad\xcf\x81\xb5\x21\x87\xca\x08\x2a\x23\x27\x30\x20\x2b\xcf\xed\x94\x5b\xac\xb2\x7a\xd2\xc7\x28\xa1\x8a\x0b\x9b\x4d\x4a\x2c\x6d\x85\x3f\x09\x72\x3c\x67\xe2\xd9\xdc\x07\xba\xeb\x65\x7b\x5a\x01\x63\xd6\x90\x5b\x4f\x17\x66\x3d\x7f\x0b\x19\xa3\x93\x63\x10\x52\x2a\x9f\x14\x16\x58\xe2\xdc\xa5\xf4\xa1\x16\x8b\x0e\x91\x8b\x81\xca\x9b\x59\xfa\xd8\x6b\x91\x07\x65\x55\x5f\x52\x1f\xaf\x3a\xfb\x90\xdd\x69\xa5\x5b\x9c\x6d\x0e\x2c\xb6\xfa\xce\xac\xa5\x7c\x32\x4a\x67\x40\xdc\x30\x34\x23\xdd\xd7\x04\x23\x66\xf0\xfc\x55\x80\xa7\xfb\x66\x19\x82\x35\x67\x62\x70\x39\x5e\x6f\xc7\xea\x90\x40\x44\x08\x1e\xb8\xb2\xd6\xdb\xee\x59\xa7\x0d\x18\x79\x34\xbc\x54\x18\x5e\x53\xca\x34\x51\xed\x45\x0a\xe6\x8e\xc7\x82\x36\x3e\xa7\x38\x63\xa9\x30\x2c\x17\x10\x60\x92\x9f\x55\x87\x12\x59\x10\xc2\x0f\x67\x69\x11\xcc\x4e\x1e\x7e\x4a\x9a\xad\xaf\x40\xa8\x75\xac\x56\x90\x74\xb8\xa0\x9c\xa5\x79\x6f\xdc\xe9\x1a\xc8\x69\x05\xe9\xba\xfa\x03\xb3\x7c\xe4\xe0\x4e\xc2\xce\x9d\xe8\xb6\x46\x0d\x6e\x7e\x57\x3a\x67\x94\xc2\xcb\x1f\x9c\x77\x4a\x67\x4e\x69\x86\x43\x93\x38\xfb\xb6\xdb\x4f\x83\x91\xd4\x60\x7e\x4b\x3e\x2b\x38\x07\x55\x98\x5e\xa4", + ["Verisign Class 3 Public Primary Certification Authority"] = "\x30\x82\x02\x3c\x30\x82\x01\xa5\x02\x10\x3c\x91\x31\xcb\x1f\xf6\xd0\x1b\x0e\x9a\xb8\xd0\x44\xbf\x12\xbe\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x5f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x0b\x13\x2e\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x39\x36\x30\x31\x32\x39\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x30\x38\x30\x32\x32\x33\x35\x39\x35\x39\x5a\x30\x5f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x0b\x13\x2e\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xc9\x5c\x59\x9e\xf2\x1b\x8a\x01\x14\xb4\x10\xdf\x04\x40\xdb\xe3\x57\xaf\x6a\x45\x40\x8f\x84\x0c\x0b\xd1\x33\xd9\xd9\x11\xcf\xee\x02\x58\x1f\x25\xf7\x2a\xa8\x44\x05\xaa\xec\x03\x1f\x78\x7f\x9e\x93\xb9\x9a\x00\xaa\x23\x7d\xd6\xac\x85\xa2\x63\x45\xc7\x72\x27\xcc\xf4\x4c\xc6\x75\x71\xd2\x39\xef\x4f\x42\xf0\x75\xdf\x0a\x90\xc6\x8e\x20\x6f\x98\x0f\xf8\xac\x23\x5f\x70\x29\x36\xa4\xc9\x86\xe7\xb1\x9a\x20\xcb\x53\xa5\x85\xe7\x3d\xbe\x7d\x9a\xfe\x24\x45\x33\xdc\x76\x15\xed\x0f\xa2\x71\x64\x4c\x65\x2e\x81\x68\x45\xa7\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x10\x72\x52\xa9\x05\x14\x19\x32\x08\x41\xf0\xc5\x6b\x0a\xcc\x7e\x0f\x21\x19\xcd\xe4\x67\xdc\x5f\xa9\x1b\xe6\xca\xe8\x73\x9d\x22\xd8\x98\x6e\x73\x03\x61\x91\xc5\x7c\xb0\x45\x40\x6e\x44\x9d\x8d\xb0\xb1\x96\x74\x61\x2d\x0d\xa9\x45\xd2\xa4\x92\x2a\xd6\x9a\x75\x97\x6e\x3f\x53\xfd\x45\x99\x60\x1d\xa8\x2b\x4c\xf9\x5e\xa7\x09\xd8\x75\x30\xd7\xd2\x65\x60\x3d\x67\xd6\x48\x55\x75\x69\x3f\x91\xf5\x48\x0b\x47\x69\x22\x69\x82\x96\xbe\xc9\xc8\x38\x86\x4a\x7a\x2c\x73\x19\x48\x69\x4e\x6b\x7c\x65\xbf\x0f\xfc\x70\xce\x88\x90", + ["Microsec e-Szigno Root CA 2009"] = "\x30\x82\x04\x0a\x30\x82\x02\xf2\xa0\x03\x02\x01\x02\x02\x09\x00\xc2\x7e\x43\x04\x4e\x47\x3f\x19\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x0c\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x0c\x0d\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x4c\x74\x64\x2e\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0c\x1e\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x32\x30\x30\x39\x31\x1f\x30\x1d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x10\x69\x6e\x66\x6f\x40\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x30\x1e\x17\x0d\x30\x39\x30\x36\x31\x36\x31\x31\x33\x30\x31\x38\x5a\x17\x0d\x32\x39\x31\x32\x33\x30\x31\x31\x33\x30\x31\x38\x5a\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x0c\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x0c\x0d\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x4c\x74\x64\x2e\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0c\x1e\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x32\x30\x30\x39\x31\x1f\x30\x1d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x10\x69\x6e\x66\x6f\x40\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xe9\xf8\x8f\xf3\x63\xad\xda\x86\xd8\xa7\xe0\x42\xfb\xcf\x91\xde\xa6\x26\xf8\x99\xa5\x63\x70\xad\x9b\xae\xca\x33\x40\x7d\x6d\x96\x6e\xa1\x0e\x44\xee\xe1\x13\x9d\x94\x42\x52\x9a\xbd\x75\x85\x74\x2c\xa8\x0e\x1d\x93\xb6\x18\xb7\x8c\x2c\xa8\xcf\xfb\x5c\x71\xb9\xda\xec\xfe\xe8\x7e\x8f\xe4\x2f\x1d\xb2\xa8\x75\x87\xd8\xb7\xa1\xe5\x3b\xcf\x99\x4a\x46\xd0\x83\x19\x7d\xc0\xa1\x12\x1c\x95\x6d\x4a\xf4\xd8\xc7\xa5\x4d\x33\x2e\x85\x39\x40\x75\x7e\x14\x7c\x80\x12\x98\x50\xc7\x41\x67\xb8\xa0\x80\x61\x54\xa6\x6c\x4e\x1f\xe0\x9d\x0e\x07\xe9\xc9\xba\x33\xe7\xfe\xc0\x55\x28\x2c\x02\x80\xa7\x19\xf5\x9e\xdc\x55\x53\x03\x97\x7b\x07\x48\xff\x99\xfb\x37\x8a\x24\xc4\x59\xcc\x50\x10\x63\x8e\xaa\xa9\x1a\xb0\x84\x1a\x86\xf9\x5f\xbb\xb1\x50\x6e\xa4\xd1\x0a\xcc\xd5\x71\x7e\x1f\xa7\x1b\x7c\xf5\x53\x6e\x22\x5f\xcb\x2b\xe6\xd4\x7c\x5d\xae\xd6\xc2\xc6\x4c\xe5\x05\x01\xd9\xed\x57\xfc\xc1\x23\x79\xfc\xfa\xc8\x24\x83\x95\xf3\xb5\x6a\x51\x01\xd0\x77\xd6\xe9\x12\xa1\xf9\x1a\x83\xfb\x82\x1b\xb9\xb0\x97\xf4\x76\x06\x33\x43\x49\xa0\xff\x0b\xb5\xfa\xb5\x02\x03\x01\x00\x01\xa3\x81\x80\x30\x7e\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xcb\x0f\xc6\xdf\x42\x43\xcc\x3d\xcb\xb5\x48\x23\xa1\x1a\x7a\xa6\x2a\xbb\x34\x68\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xcb\x0f\xc6\xdf\x42\x43\xcc\x3d\xcb\xb5\x48\x23\xa1\x1a\x7a\xa6\x2a\xbb\x34\x68\x30\x1b\x06\x03\x55\x1d\x11\x04\x14\x30\x12\x81\x10\x69\x6e\x66\x6f\x40\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\xc9\xd1\x0e\x5e\x2e\xd5\xcc\xb3\x7c\x3e\xcb\xfc\x3d\xff\x0d\x28\x95\x93\x04\xc8\xbf\xda\xcd\x79\xb8\x43\x90\xf0\xa4\xbe\xef\xf2\xef\x21\x98\xbc\xd4\xd4\x5d\x06\xf6\xee\x42\xec\x30\x6c\xa0\xaa\xa9\xca\xf1\xaf\x8a\xfa\x3f\x0b\x73\x6a\x3e\xea\x2e\x40\x7e\x1f\xae\x54\x61\x79\xeb\x2e\x08\x37\xd7\x23\xf3\x8c\x9f\xbe\x1d\xb1\xe1\xa4\x75\xdb\xa0\xe2\x54\x14\xb1\xba\x1c\x29\xa4\x18\xf6\x12\xba\xa2\x14\x14\xe3\x31\x35\xc8\x40\xff\xb7\xe0\x05\x76\x57\xc1\x1c\x59\xf2\xf8\xbf\xe4\xed\x25\x62\x5c\x84\xf0\x7e\x7e\x1f\xb3\xbe\xf9\xb7\x21\x11\xcc\x03\x01\x56\x70\xa7\x10\x92\x1e\x1b\x34\x81\x1e\xad\x9c\x1a\xc3\x04\x3c\xed\x02\x61\xd6\x1e\x06\xf3\x5f\x3a\x87\xf2\x2b\xf1\x45\x87\xe5\x3d\xac\xd1\xc7\x57\x84\xbd\x6b\xae\xdc\xd8\xf9\xb6\x1b\x62\x70\x0b\x3d\x36\xc9\x42\xf2\x32\xd7\x7a\x61\xe6\xd2\xdb\x3d\xcf\xc8\xa9\xc9\x9b\xdc\xdb\x58\x44\xd7\x6f\x38\xaf\x7f\x78\xd3\xa3\xad\x1a\x75\xba\x1c\xc1\x36\x7c\x8f\x1e\x6d\x1c\xc3\x75\x46\xae\x35\x05\xa6\xf6\x5c\x3d\x21\xee\x56\xf0\xc9\x82\x22\x2d\x7a\x54\xab\x70\xc3\x7d\x22\x65\x82\x70\x96", + ["E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi"] = "\x30\x82\x03\xb6\x30\x82\x02\x9e\xa0\x03\x02\x01\x02\x02\x10\x44\x99\x8d\x3c\xc0\x03\x27\xbd\x9c\x76\x95\xb9\xea\xdb\xac\xb5\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x75\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x28\x30\x26\x06\x03\x55\x04\x0a\x13\x1f\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x42\x69\x6c\x67\x69\x20\x47\x75\x76\x65\x6e\x6c\x69\x67\x69\x20\x41\x2e\x53\x2e\x31\x3c\x30\x3a\x06\x03\x55\x04\x03\x13\x33\x65\x2d\x47\x75\x76\x65\x6e\x20\x4b\x6f\x6b\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\x67\x6c\x61\x79\x69\x63\x69\x73\x69\x30\x1e\x17\x0d\x30\x37\x30\x31\x30\x34\x31\x31\x33\x32\x34\x38\x5a\x17\x0d\x31\x37\x30\x31\x30\x34\x31\x31\x33\x32\x34\x38\x5a\x30\x75\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x28\x30\x26\x06\x03\x55\x04\x0a\x13\x1f\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x42\x69\x6c\x67\x69\x20\x47\x75\x76\x65\x6e\x6c\x69\x67\x69\x20\x41\x2e\x53\x2e\x31\x3c\x30\x3a\x06\x03\x55\x04\x03\x13\x33\x65\x2d\x47\x75\x76\x65\x6e\x20\x4b\x6f\x6b\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\x67\x6c\x61\x79\x69\x63\x69\x73\x69\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc3\x12\x20\x9e\xb0\x5e\x00\x65\x8d\x4e\x46\xbb\x80\x5c\xe9\x2c\x06\x97\xd5\xf3\x72\xc9\x70\xb9\xe7\x4b\x65\x80\xc1\x4b\xbe\x7e\x3c\xd7\x54\x31\x94\xde\xd5\x12\xba\x53\x16\x02\xea\x58\x63\xef\x5b\xd8\xf3\xed\x2a\x1a\xaa\x71\x48\xa3\xdc\x10\x2d\x5f\x5f\xeb\x5c\x4b\x9c\x96\x08\x42\x25\x28\x11\xcc\x8a\x5a\x62\x01\x50\xd5\xeb\x09\x53\x2f\xf8\xc3\x8f\xfe\xb3\xfc\xfd\x9d\xa2\xe3\x5f\x7d\xbe\xed\x0b\xe0\x60\xeb\x69\xec\x33\xed\xd8\x8d\xfb\x12\x49\x83\x00\xc9\x8b\x97\x8c\x3b\x73\x2a\x32\xb3\x12\xf7\xb9\x4d\xf2\xf4\x4d\x6d\xc7\xe6\xd6\x26\x37\x08\xf2\xd9\xfd\x6b\x5c\xa3\xe5\x48\x5c\x58\xbc\x42\xbe\x03\x5a\x81\xba\x1c\x35\x0c\x00\xd3\xf5\x23\x7e\x71\x30\x08\x26\x38\xdc\x25\x11\x47\x2d\xf3\xba\x23\x10\xa5\xbf\xbc\x02\xf7\x43\x5e\xc7\xfe\xb0\x37\x50\x99\x7b\x0f\x93\xce\xe6\x43\x2c\xc3\x7e\x0d\xf2\x1c\x43\x66\x60\xcb\x61\x31\x47\x87\xa3\x4f\xae\xbd\x56\x6c\x4c\xbc\xbc\xf8\x05\xca\x64\xf4\xe9\x34\xa1\x2c\xb5\x73\xe1\xc2\x3e\xe8\xc8\xc9\x34\x25\x08\x5c\xf3\xed\xa6\xc7\x94\x9f\xad\x88\x43\x25\xd7\xe1\x39\x60\xfe\xac\x39\x59\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x9f\xee\x44\xb3\x94\xd5\xfa\x91\x4f\x2e\xd9\x55\x9a\x04\x56\xdb\x2d\xc4\xdb\xa5\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7f\x5f\xb9\x53\x5b\x63\x3d\x75\x32\xe7\xfa\xc4\x74\x1a\xcb\x46\xdf\x46\x69\x1c\x52\xcf\xaa\x4f\xc2\x68\xeb\xff\x80\xa9\x51\xe8\x3d\x62\x77\x89\x3d\x0a\x75\x39\xf1\x6e\x5d\x17\x87\x6f\x68\x05\xc1\x94\x6c\xd9\x5d\xdf\xda\xb2\x59\xcb\xa5\x10\x8a\xca\xcc\x39\xcd\x9f\xeb\x4e\xde\x52\xff\x0c\xf0\xf4\x92\xa9\xf2\x6c\x53\xab\x9b\xd2\x47\xa0\x1f\x74\xf7\x9b\x9a\xf1\x2f\x15\x9f\x7a\x64\x30\x18\x07\x3c\x2a\x0f\x67\xca\xfc\x0f\x89\x61\x9d\x65\xa5\x3c\xe5\xbc\x13\x5b\x08\xdb\xe3\xff\xed\xbb\x06\xbb\x6a\x06\xb1\x7a\x4f\x65\xc6\x82\xfd\x1e\x9c\x8b\xb5\x0d\xee\x48\xbb\xb8\xbd\xaa\x08\xb4\xfb\xa3\x7c\xcb\x9f\xcd\x90\x76\x5c\x86\x96\x78\x57\x0a\x66\xf9\x58\x1a\x9d\xfd\x97\x29\x60\xde\x11\xa6\x90\x1c\x19\x1c\xee\x01\x96\x22\x34\x34\x2e\x91\xf9\xb7\xc4\x27\xd1\x7b\xe6\xbf\xfb\x80\x44\x5a\x16\xe5\xeb\xe0\xd4\x0a\x38\xbc\xe4\x91\xe3\xd5\xeb\x5c\xc1\xac\xdf\x1b\x6a\x7c\x9e\xe5\x75\xd2\xb6\x97\x87\xdb\xcc\x87\x2b\x43\x3a\x84\x08\xaf\xab\x3c\xdb\xf7\x3c\x66\x31\x86\xb0\x9d\x53\x79\xed\xf8\x23\xde\x42\xe3\x2d\x82\xf1\x0f\xe5\xfa\x97", + ["GlobalSign Root CA - R3"] = "\x30\x82\x03\x5f\x30\x82\x02\x47\xa0\x03\x02\x01\x02\x02\x0b\x04\x00\x00\x00\x00\x01\x21\x58\x53\x08\xa2\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x4c\x31\x20\x30\x1e\x06\x03\x55\x04\x0b\x13\x17\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x52\x33\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x30\x1e\x17\x0d\x30\x39\x30\x33\x31\x38\x31\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x39\x30\x33\x31\x38\x31\x30\x30\x30\x30\x30\x5a\x30\x4c\x31\x20\x30\x1e\x06\x03\x55\x04\x0b\x13\x17\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x52\x33\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xcc\x25\x76\x90\x79\x06\x78\x22\x16\xf5\xc0\x83\xb6\x84\xca\x28\x9e\xfd\x05\x76\x11\xc5\xad\x88\x72\xfc\x46\x02\x43\xc7\xb2\x8a\x9d\x04\x5f\x24\xcb\x2e\x4b\xe1\x60\x82\x46\xe1\x52\xab\x0c\x81\x47\x70\x6c\xdd\x64\xd1\xeb\xf5\x2c\xa3\x0f\x82\x3d\x0c\x2b\xae\x97\xd7\xb6\x14\x86\x10\x79\xbb\x3b\x13\x80\x77\x8c\x08\xe1\x49\xd2\x6a\x62\x2f\x1f\x5e\xfa\x96\x68\xdf\x89\x27\x95\x38\x9f\x06\xd7\x3e\xc9\xcb\x26\x59\x0d\x73\xde\xb0\xc8\xe9\x26\x0e\x83\x15\xc6\xef\x5b\x8b\xd2\x04\x60\xca\x49\xa6\x28\xf6\x69\x3b\xf6\xcb\xc8\x28\x91\xe5\x9d\x8a\x61\x57\x37\xac\x74\x14\xdc\x74\xe0\x3a\xee\x72\x2f\x2e\x9c\xfb\xd0\xbb\xbf\xf5\x3d\x00\xe1\x06\x33\xe8\x82\x2b\xae\x53\xa6\x3a\x16\x73\x8c\xdd\x41\x0e\x20\x3a\xc0\xb4\xa7\xa1\xe9\xb2\x4f\x90\x2e\x32\x60\xe9\x57\xcb\xb9\x04\x92\x68\x68\xe5\x38\x26\x60\x75\xb2\x9f\x77\xff\x91\x14\xef\xae\x20\x49\xfc\xad\x40\x15\x48\xd1\x02\x31\x61\x19\x5e\xb8\x97\xef\xad\x77\xb7\x64\x9a\x7a\xbf\x5f\xc1\x13\xef\x9b\x62\xfb\x0d\x6c\xe0\x54\x69\x16\xa9\x03\xda\x6e\xe9\x83\x93\x71\x76\xc6\x69\x85\x82\x17\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x8f\xf0\x4b\x7f\xa8\x2e\x45\x24\xae\x4d\x50\xfa\x63\x9a\x8b\xde\xe2\xdd\x1b\xbc\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x4b\x40\xdb\xc0\x50\xaa\xfe\xc8\x0c\xef\xf7\x96\x54\x45\x49\xbb\x96\x00\x09\x41\xac\xb3\x13\x86\x86\x28\x07\x33\xca\x6b\xe6\x74\xb9\xba\x00\x2d\xae\xa4\x0a\xd3\xf5\xf1\xf1\x0f\x8a\xbf\x73\x67\x4a\x83\xc7\x44\x7b\x78\xe0\xaf\x6e\x6c\x6f\x03\x29\x8e\x33\x39\x45\xc3\x8e\xe4\xb9\x57\x6c\xaa\xfc\x12\x96\xec\x53\xc6\x2d\xe4\x24\x6c\xb9\x94\x63\xfb\xdc\x53\x68\x67\x56\x3e\x83\xb8\xcf\x35\x21\xc3\xc9\x68\xfe\xce\xda\xc2\x53\xaa\xcc\x90\x8a\xe9\xf0\x5d\x46\x8c\x95\xdd\x7a\x58\x28\x1a\x2f\x1d\xde\xcd\x00\x37\x41\x8f\xed\x44\x6d\xd7\x53\x28\x97\x7e\xf3\x67\x04\x1e\x15\xd7\x8a\x96\xb4\xd3\xde\x4c\x27\xa4\x4c\x1b\x73\x73\x76\xf4\x17\x99\xc2\x1f\x7a\x0e\xe3\x2d\x08\xad\x0a\x1c\x2c\xff\x3c\xab\x55\x0e\x0f\x91\x7e\x36\xeb\xc3\x57\x49\xbe\xe1\x2e\x2d\x7c\x60\x8b\xc3\x41\x51\x13\x23\x9d\xce\xf7\x32\x6b\x94\x01\xa8\x99\xe7\x2c\x33\x1f\x3a\x3b\x25\xd2\x86\x40\xce\x3b\x2c\x86\x78\xc9\x61\x2f\x14\xba\xee\xdb\x55\x6f\xdf\x84\xee\x05\x09\x4d\xbd\x28\xd8\x72\xce\xd3\x62\x50\x65\x1e\xeb\x92\x97\x83\x31\xd9\xb3\xb5\xca\x47\x58\x3f\x5f", + ["TC TrustCenter Universal CA III"] = "\x30\x82\x03\xe1\x30\x82\x02\xc9\xa0\x03\x02\x01\x02\x02\x0e\x63\x25\x00\x01\x00\x02\x14\x8d\x33\x15\x02\xe4\x6c\xf4\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x24\x30\x22\x06\x03\x55\x04\x0b\x13\x1b\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x31\x28\x30\x26\x06\x03\x55\x04\x03\x13\x1f\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x20\x49\x49\x49\x30\x1e\x17\x0d\x30\x39\x30\x39\x30\x39\x30\x38\x31\x35\x32\x37\x5a\x17\x0d\x32\x39\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x7b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x24\x30\x22\x06\x03\x55\x04\x0b\x13\x1b\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x31\x28\x30\x26\x06\x03\x55\x04\x03\x13\x1f\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x20\x49\x49\x49\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc2\xda\x9c\x62\xb0\xb9\x71\x12\xb0\x0b\xc8\x1a\x57\xb2\xae\x83\x14\x99\xb3\x34\x4b\x9b\x90\xa2\xc5\xe7\xe7\x2f\x02\xa0\x4d\x2d\xa4\xfa\x85\xda\x9b\x25\x85\x2d\x40\x28\x20\x6d\xea\xe0\xbd\xb1\x48\x83\x22\x29\x44\x9f\x4e\x83\xee\x35\x51\x13\x73\x74\xd5\xbc\xf2\x30\x66\x94\x53\xc0\x40\x36\x2f\x0c\x84\x65\xce\x0f\x6e\xc2\x58\x93\xe8\x2c\x0b\x3a\xe9\xc1\x8e\xfb\xf2\x6b\xca\x3c\xe2\x9c\x4e\x8e\xe4\xf9\x7d\xd3\x27\x9f\x1b\xd5\x67\x78\x87\x2d\x7f\x0b\x47\xb3\xc7\xe8\xc9\x48\x7c\xaf\x2f\xcc\x0a\xd9\x41\xef\x9f\xfe\x9a\xe1\xb2\xae\xf9\x53\xb5\xe5\xe9\x46\x9f\x60\xe3\xdf\x8d\xd3\x7f\xfb\x96\x7e\xb3\xb5\x72\xf8\x4b\xad\x08\x79\xcd\x69\x89\x40\x27\xf5\x2a\xc1\xad\x43\xec\xa4\x53\xc8\x61\xb6\xf7\xd2\x79\x2a\x67\x18\x76\x48\x6d\x5b\x25\x01\xd1\x26\xc5\xb7\x57\x69\x23\x15\x5b\x61\x8a\xad\xf0\x1b\x2d\xd9\xaf\x5c\xf1\x26\x90\x69\xa9\xd5\x0c\x40\xf5\x33\x80\x43\x8f\x9c\xa3\x76\x2a\x45\xb4\xaf\xbf\x7f\x3e\x87\x3f\x76\xc5\xcd\x2a\xde\x20\xc5\x16\x58\xcb\xf9\x1b\xf5\x0f\xcb\x0d\x11\x52\x64\xb8\xd2\x76\x62\x77\x83\xf1\x58\x9f\xff\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x56\xe7\xe1\x5b\x25\x43\x80\xe0\xf6\x8c\xe1\x71\xbc\x8e\xe5\x80\x2f\xc4\x48\xe2\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x56\xe7\xe1\x5b\x25\x43\x80\xe0\xf6\x8c\xe1\x71\xbc\x8e\xe5\x80\x2f\xc4\x48\xe2\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x83\xc7\xaf\xea\x7f\x4d\x0a\x3c\x39\xb1\x68\xbe\x7b\x6d\x89\x2e\xe9\xb3\x09\xe7\x18\x57\x8d\x85\x9a\x17\xf3\x76\x42\x50\x13\x0f\xc7\x90\x6f\x33\xad\xc5\x49\x60\x2b\x6c\x49\x58\x19\xd4\xe2\xbe\xb7\xbf\xab\x49\xbc\x94\xc8\xab\xbe\x28\x6c\x16\x68\xe0\xc8\x97\x46\x20\xa0\x68\x67\x60\x88\x39\x20\x51\xd8\x68\x01\x11\xce\xa7\xf6\x11\x07\xf6\xec\xec\xac\x1a\x1f\xb2\x66\x6e\x56\x67\x60\x7a\x74\x5e\xc0\x6d\x97\x36\xae\xb5\x0d\x5d\x66\x73\xc0\x25\x32\x45\xd8\x4a\x06\x07\x8f\xc4\xb7\x07\xb1\x4d\x06\x0d\xe1\xa5\xeb\xf4\x75\xca\xba\x9c\xd0\xbd\xb3\xd3\x32\x24\x4c\xee\x7e\xe2\x76\x04\x4b\x49\x53\xd8\xf2\xe9\x54\x33\xfc\xe5\x71\x1f\x3d\x14\x5c\x96\x4b\xf1\x3a\xf2\x00\xbb\x6c\xb4\xfa\x96\x55\x08\x88\x09\xc1\xcc\x91\x19\x29\xb0\x20\x2d\xff\xcb\x38\xa4\x40\xe1\x17\xbe\x79\x61\x80\xff\x07\x03\x86\x4c\x4e\x7b\x06\x9f\x11\x86\x8d\x89\xee\x27\xc4\xdb\xe2\xbc\x19\x8e\x0b\xc3\xc3\x13\xc7\x2d\x03\x63\x3b\xd3\xe8\xe4\xa2\x2a\xc2\x82\x08\x94\x16\x54\xf0\xef\x1f\x27\x90\x25\xb8\x0d\x0e\x28\x1b\x47\x77\x47\xbd\x1c\xa8\x25\xf1\x94\xb4\x66", + ["Autoridad de Certificacion Firmaprofesional CIF A62634068"] = "\x30\x82\x06\x14\x30\x82\x03\xfc\xa0\x03\x02\x01\x02\x02\x08\x53\xec\x3b\xee\xfb\xb2\x48\x5f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x51\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x42\x30\x40\x06\x03\x55\x04\x03\x0c\x39\x41\x75\x74\x6f\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6f\x6e\x20\x46\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x20\x43\x49\x46\x20\x41\x36\x32\x36\x33\x34\x30\x36\x38\x30\x1e\x17\x0d\x30\x39\x30\x35\x32\x30\x30\x38\x33\x38\x31\x35\x5a\x17\x0d\x33\x30\x31\x32\x33\x31\x30\x38\x33\x38\x31\x35\x5a\x30\x51\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x42\x30\x40\x06\x03\x55\x04\x03\x0c\x39\x41\x75\x74\x6f\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6f\x6e\x20\x46\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x20\x43\x49\x46\x20\x41\x36\x32\x36\x33\x34\x30\x36\x38\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xca\x96\x6b\x8e\xea\xf8\xfb\xf1\xa2\x35\xe0\x7f\x4c\xda\xe0\xc3\x52\xd7\x7d\xb6\x10\xc8\x02\x5e\xb3\x43\x2a\xc4\x4f\x6a\xb2\xca\x1c\x5d\x28\x9a\x78\x11\x1a\x69\x59\x57\xaf\xb5\x20\x42\xe4\x8b\x0f\xe6\xdf\x5b\xa6\x03\x92\x2f\xf5\x11\xe4\x62\xd7\x32\x71\x38\xd9\x04\x0c\x71\xab\x3d\x51\x7e\x0f\x07\xdf\x63\x05\x5c\xe9\xbf\x94\x6f\xc1\x29\x82\xc0\xb4\xda\x51\xb0\xc1\x3c\xbb\xad\x37\x4a\x5c\xca\xf1\x4b\x36\x0e\x24\xab\xbf\xc3\x84\x77\xfd\xa8\x50\xf4\xb1\xe7\xc6\x2f\xd2\x2d\x59\x8d\x7a\x0a\x4e\x96\x69\x52\x02\xaa\x36\x98\xec\xfc\xfa\x14\x83\x0c\x37\x1f\xc9\x92\x37\x7f\xd7\x81\x2d\xe5\xc4\xb9\xe0\x3e\x34\xfe\x67\xf4\x3e\x66\xd1\xd3\xf4\x40\xcf\x5e\x62\x34\x0f\x70\x06\x3e\x20\x18\x5a\xce\xf7\x72\x1b\x25\x6c\x93\x74\x14\x93\xa3\x73\xb1\x0e\xaa\x87\x10\x23\x59\x5f\x20\x05\x19\x47\xed\x68\x8e\x92\x12\xca\x5d\xfc\xd6\x2b\xb2\x92\x3c\x20\xcf\xe1\x5f\xaf\x20\xbe\xa0\x76\x7f\x76\xe5\xec\x1a\x86\x61\x33\x3e\xe7\x7b\xb4\x3f\xa0\x0f\x8e\xa2\xb9\x6a\x6f\xb9\x87\x26\x6f\x41\x6c\x88\xa6\x50\xfd\x6a\x63\x0b\xf5\x93\x16\x1b\x19\x8f\xb2\xed\x9b\x9b\xc9\x90\xf5\x01\x0c\xdf\x19\x3d\x0f\x3e\x38\x23\xc9\x2f\x8f\x0c\xd1\x02\xfe\x1b\x55\xd6\x4e\xd0\x8d\x3c\xaf\x4f\xa4\xf3\xfe\xaf\x2a\xd3\x05\x9d\x79\x08\xa1\xcb\x57\x31\xb4\x9c\xc8\x90\xb2\x67\xf4\x18\x16\x93\x3a\xfc\x47\xd8\xd1\x78\x96\x31\x1f\xba\x2b\x0c\x5f\x5d\x99\xad\x63\x89\x5a\x24\x20\x76\xd8\xdf\xfd\xab\x4e\xa6\x22\xaa\x9d\x5e\xe6\x27\x8a\x7d\x68\x29\xa3\xe7\x8a\xb8\xda\x11\xbb\x17\x2d\x99\x9d\x13\x24\x46\xf7\xc5\xe2\xd8\x9f\x8e\x7f\xc7\x8f\x74\x6d\x5a\xb2\xe8\x72\xf5\xac\xee\x24\x10\xad\x2f\x14\xda\xff\x2d\x9a\x46\x71\x47\xbe\x42\xdf\xbb\x01\xdb\xf4\x7f\xd3\x28\x8f\x31\x59\x5b\xd3\xc9\x02\xa6\xb4\x52\xca\x6e\x97\xfb\x43\xc5\x08\x26\x6f\x8a\xf4\xbb\xfd\x9f\x28\xaa\x0d\xd5\x45\xf3\x13\x3a\x1d\xd8\xc0\x78\x8f\x41\x67\x3c\x1e\x94\x64\xae\x7b\x0b\xc5\xe8\xd9\x01\x88\x39\x1a\x97\x86\x64\x41\xd5\x3b\x87\x0c\x6e\xfa\x0f\xc6\xbd\x48\x14\xbf\x39\x4d\xd4\x9e\x41\xb6\x8f\x96\x1d\x63\x96\x93\xd9\x95\x06\x78\x31\x68\x9e\x37\x06\x3b\x80\x89\x45\x61\x39\x23\xc7\x1b\x44\xa3\x15\xe5\x1c\xf8\x92\x30\xbb\x02\x03\x01\x00\x01\xa3\x81\xef\x30\x81\xec\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x01\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x65\xcd\xeb\xab\x35\x1e\x00\x3e\x7e\xd5\x74\xc0\x1c\xb4\x73\x47\x0e\x1a\x64\x2f\x30\x81\xa6\x06\x03\x55\x1d\x20\x04\x81\x9e\x30\x81\x9b\x30\x81\x98\x06\x04\x55\x1d\x20\x00\x30\x81\x8f\x30\x2f\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x66\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x2e\x63\x6f\x6d\x2f\x63\x70\x73\x30\x5c\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x50\x1e\x4e\x00\x50\x00\x61\x00\x73\x00\x65\x00\x6f\x00\x20\x00\x64\x00\x65\x00\x20\x00\x6c\x00\x61\x00\x20\x00\x42\x00\x6f\x00\x6e\x00\x61\x00\x6e\x00\x6f\x00\x76\x00\x61\x00\x20\x00\x34\x00\x37\x00\x20\x00\x42\x00\x61\x00\x72\x00\x63\x00\x65\x00\x6c\x00\x6f\x00\x6e\x00\x61\x00\x20\x00\x30\x00\x38\x00\x30\x00\x31\x00\x37\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x17\x7d\xa0\xf9\xb4\xdd\xc5\xc5\xeb\xad\x4b\x24\xb5\xa1\x02\xab\xdd\xa5\x88\x4a\xb2\x0f\x55\x4b\x2b\x57\x8c\x3b\xe5\x31\xdd\xfe\xc4\x32\xf1\xe7\x5b\x64\x96\x36\x32\x18\xec\xa5\x32\x77\xd7\xe3\x44\xb6\xc0\x11\x2a\x80\xb9\x3d\x6a\x6e\x7c\x9b\xd3\xad\xfc\xc3\xd6\xa3\xe6\x64\x29\x7c\xd1\xe1\x38\x1e\x82\x2b\xff\x27\x65\xaf\xfb\x16\x15\xc4\x2e\x71\x84\xe5\xb5\xff\xfa\xa4\x47\xbd\x64\x32\xbb\xf6\x25\x84\xa2\x27\x42\xf5\x20\xb0\xc2\x13\x10\x11\xcd\x10\x15\xba\x42\x90\x2a\xd2\x44\xe1\x96\x26\xeb\x31\x48\x12\xfd\x2a\xda\xc9\x06\xcf\x74\x1e\xa9\x4b\xd5\x87\x28\xf9\x79\x34\x92\x3e\x2e\x44\xe8\xf6\x8f\x4f\x8f\x35\x3f\x25\xb3\x39\xdc\x63\x2a\x90\x6b\x20\x5f\xc4\x52\x12\x4e\x97\x2c\x2a\xac\x9d\x97\xde\x48\xf2\xa3\x66\xdb\xc2\xd2\x83\x95\xa6\x66\xa7\x9e\x25\x0f\xe9\x0b\x33\x91\x65\x0a\x5a\xc3\xd9\x54\x12\xdd\xaf\xc3\x4e\x0e\x1f\x26\x5e\x0d\xdc\xb3\x8d\xec\xd5\x81\x70\xde\xd2\x4f\x24\x05\xf3\x6c\x4e\xf5\x4c\x49\x66\x8d\xd1\xff\xd2\x0b\x25\x41\x48\xfe\x51\x84\xc6\x42\xaf\x80\x04\xcf\xd0\x7e\x64\x49\xe4\xf2\xdf\xa2\xec\xb1\x4c\xc0\x2a\x1d\xe7\xb4\xb1\x65\xa2\xc4\xbc\xf1\x98\xf4\xaa\x70\x07\x63\xb4\xb8\xda\x3b\x4c\xfa\x40\x22\x30\x5b\x11\xa6\xf0\x05\x0e\xc6\x02\x03\x48\xab\x86\x9b\x85\xdd\xdb\xdd\xea\xa2\x76\x80\x73\x7d\xf5\x9c\x04\xc4\x45\x8d\xe7\xb9\x1c\x8b\x9e\xea\xd7\x75\xd1\x72\xb1\xde\x75\x44\xe7\x42\x7d\xe2\x57\x6b\x7d\xdc\x99\xbc\x3d\x83\x28\xea\x80\x93\x8d\xc5\x4c\x65\xc1\x70\x81\xb8\x38\xfc\x43\x31\xb2\xf6\x03\x34\x47\xb2\xac\xfb\x22\x06\xcb\x1e\xdd\x17\x47\x1c\x5f\x66\xb9\xd3\x1a\xa2\xda\x11\xb1\xa4\xbc\x23\xc9\xe4\xbe\x87\xff\xb9\x94\xb6\xf8\x5d\x20\x4a\xd4\x5f\xe7\xbd\x68\x7b\x65\xf2\x15\x1e\xd2\x3a\xa9\x2d\xe9\xd8\x6b\x24\xac\x97\x58\x44\x47\xad\x59\x18\xf1\x21\x65\x70\xde\xce\x34\x60\xa8\x40\xf1\xf3\x3c\xa4\xc3\x28\x23\x8c\xfe\x27\x33\x43\x40\xa0\x17\x3c\xeb\xea\x3b\xb0\x72\xa6\xa3\xb9\x4a\x4b\x5e\x16\x48\xf4\xb2\xbc\xc8\x8c\x92\xc5\x9d\x9f\xac\x72\x36\xbc\x34\x80\x34\x6b\xa9\x8b\x92\xc0\xb8\x17\xed\xec\x76\x53\xf5\x24\x01\x8c\xb3\x22\xe8\x4b\x7c\x55\xc6\x9d\xfa\xa3\x14\xbb\x65\x85\x6e\x6e\x4f\x12\x7e\x0a\x3c\x9d\x95", + ["Izenpe.com"] = "\x30\x82\x05\xf1\x30\x82\x03\xd9\xa0\x03\x02\x01\x02\x02\x10\x00\xb0\xb7\x5a\x16\x48\x5f\xbf\xe1\xcb\xf5\x8b\xd7\x19\xe6\x7d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x38\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x0c\x0b\x49\x5a\x45\x4e\x50\x45\x20\x53\x2e\x41\x2e\x31\x13\x30\x11\x06\x03\x55\x04\x03\x0c\x0a\x49\x7a\x65\x6e\x70\x65\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x30\x37\x31\x32\x31\x33\x31\x33\x30\x38\x32\x38\x5a\x17\x0d\x33\x37\x31\x32\x31\x33\x30\x38\x32\x37\x32\x35\x5a\x30\x38\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x0c\x0b\x49\x5a\x45\x4e\x50\x45\x20\x53\x2e\x41\x2e\x31\x13\x30\x11\x06\x03\x55\x04\x03\x0c\x0a\x49\x7a\x65\x6e\x70\x65\x2e\x63\x6f\x6d\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xc9\xd3\x7a\xca\x0f\x1e\xac\xa7\x86\xe8\x16\x65\x6a\xb1\xc2\x1b\x45\x32\x71\x95\xd9\xfe\x10\x5b\xcc\xaf\xe7\xa5\x79\x01\x8f\x89\xc3\xca\xf2\x55\x71\xf7\x77\xbe\x77\x94\xf3\x72\xa4\x2c\x44\xd8\x9e\x92\x9b\x14\x3a\xa1\xe7\x24\x90\x0a\x0a\x56\x8e\xc5\xd8\x26\x94\xe1\xd9\x48\xe1\x2d\x3e\xda\x0a\x72\xdd\xa3\x99\x15\xda\x81\xa2\x87\xf4\x7b\x6e\x26\x77\x89\x58\xad\xd6\xeb\x0c\xb2\x41\x7a\x73\x6e\x6d\xdb\x7a\x78\x41\xe9\x08\x88\x12\x7e\x87\x2e\x66\x11\x63\x6c\x54\xfb\x3c\x9d\x72\xc0\xbc\x2e\xff\xc2\xb7\xdd\x0d\x76\xe3\x3a\xd7\xf7\xb4\x68\xbe\xa2\xf5\xe3\x81\x6e\xc1\x46\x6f\x5d\x8d\xe0\x4d\xc6\x54\x55\x89\x1a\x33\x31\x0a\xb1\x57\xb9\xa3\x8a\x98\xc3\xec\x3b\x34\xc5\x95\x41\x69\x7e\x75\xc2\x3c\x20\xc5\x61\xba\x51\x47\xa0\x20\x90\x93\xa1\x90\x4b\xf3\x4e\x7c\x85\x45\x54\x9a\xd1\x05\x26\x41\xb0\xb5\x4d\x1d\x33\xbe\xc4\x03\xc8\x25\x7c\xc1\x70\xdb\x3b\xf4\x09\x2d\x54\x27\x48\xac\x2f\xe1\xc4\xac\x3e\xc8\xcb\x92\x4c\x53\x39\x37\x23\xec\xd3\x01\xf9\xe0\x09\x44\x4d\x4d\x64\xc0\xe1\x0d\x5a\x87\x22\xbc\xad\x1b\xa3\xfe\x26\xb5\x15\xf3\xa7\xfc\x84\x19\xe9\xec\xa1\x88\xb4\x44\x69\x84\x83\xf3\x89\xd1\x74\x06\xa9\xcc\x0b\xd6\xc2\xde\x27\x85\x50\x26\xca\x17\xb8\xc9\x7a\x87\x56\x2c\x1a\x01\x1e\x6c\xbe\x13\xad\x10\xac\xb5\x24\xf5\x38\x91\xa1\xd6\x4b\xda\xf1\xbb\xd2\xde\x47\xb5\xf1\xbc\x81\xf6\x59\x6b\xcf\x19\x53\xe9\x8d\x15\xcb\x4a\xcb\xa9\x6f\x44\xe5\x1b\x41\xcf\xe1\x86\xa7\xca\xd0\x6a\x9f\xbc\x4c\x8d\x06\x33\x5a\xa2\x85\xe5\x90\x35\xa0\x62\x5c\x16\x4e\xf0\xe3\xa2\xfa\x03\x1a\xb4\x2c\x71\xb3\x58\x2c\xde\x7b\x0b\xdb\x1a\x0f\xeb\xde\x21\x1f\x06\x77\x06\x03\xb0\xc9\xef\x99\xfc\xc0\xb9\x4f\x0b\x86\x28\xfe\xd2\xb9\xea\xe3\xda\xa5\xc3\x47\x69\x12\xe0\xdb\xf0\xf6\x19\x8b\xed\x7b\x70\xd7\x02\xd6\xed\x87\x18\x28\x2c\x04\x24\x4c\x77\xe4\x48\x8a\x1a\xc6\x3b\x9a\xd4\x0f\xca\xfa\x75\xd2\x01\x40\x5a\x8d\x79\xbf\x8b\xcf\x4b\xcf\xaa\x16\xc1\x95\xe4\xad\x4c\x8a\x3e\x17\x91\xd4\xb1\x62\xe5\x82\xe5\x80\x04\xa4\x03\x7e\x8d\xbf\xda\x7f\xa2\x0f\x97\x4f\x0c\xd3\x0d\xfb\xd7\xd1\xe5\x72\x7e\x1c\xc8\x77\xff\x5b\x9a\x0f\xb7\xae\x05\x46\xe5\xf1\xa8\x16\xec\x47\xa4\x17\x02\x03\x01\x00\x01\xa3\x81\xf6\x30\x81\xf3\x30\x81\xb0\x06\x03\x55\x1d\x11\x04\x81\xa8\x30\x81\xa5\x81\x0f\x69\x6e\x66\x6f\x40\x69\x7a\x65\x6e\x70\x65\x2e\x63\x6f\x6d\xa4\x81\x91\x30\x81\x8e\x31\x47\x30\x45\x06\x03\x55\x04\x0a\x0c\x3e\x49\x5a\x45\x4e\x50\x45\x20\x53\x2e\x41\x2e\x20\x2d\x20\x43\x49\x46\x20\x41\x30\x31\x33\x33\x37\x32\x36\x30\x2d\x52\x4d\x65\x72\x63\x2e\x56\x69\x74\x6f\x72\x69\x61\x2d\x47\x61\x73\x74\x65\x69\x7a\x20\x54\x31\x30\x35\x35\x20\x46\x36\x32\x20\x53\x38\x31\x43\x30\x41\x06\x03\x55\x04\x09\x0c\x3a\x41\x76\x64\x61\x20\x64\x65\x6c\x20\x4d\x65\x64\x69\x74\x65\x72\x72\x61\x6e\x65\x6f\x20\x45\x74\x6f\x72\x62\x69\x64\x65\x61\x20\x31\x34\x20\x2d\x20\x30\x31\x30\x31\x30\x20\x56\x69\x74\x6f\x72\x69\x61\x2d\x47\x61\x73\x74\x65\x69\x7a\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x1d\x1c\x65\x0e\xa8\xf2\x25\x7b\xb4\x91\xcf\xe4\xb1\xb1\xe6\xbd\x55\x74\x6c\x05\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x02\x01\x00\x78\xa6\x0c\x16\x4a\x9f\x4c\x88\x3a\xc0\xcb\x0e\xa5\x16\x7d\x9f\xb9\x48\x5f\x18\x8f\x0d\x62\x36\xf6\xcd\x19\x6b\xac\xab\xd5\xf6\x91\x7d\xae\x71\xf3\x3f\xb3\x0e\x78\x85\x9b\x95\xa4\x27\x21\x47\x42\x4a\x7c\x48\x3a\xf5\x45\x7c\xb3\x0c\x8e\x51\x78\xac\x95\x13\xde\xc6\xfd\x7d\xb8\x1a\x90\x4c\xab\x92\x03\xc7\xed\x42\x01\xce\x0f\xd8\xb1\xfa\xa2\x92\xe1\x60\x6d\xae\x7a\x6b\x09\xaa\xc6\x29\xee\x68\x49\x67\x30\x80\x24\x7a\x31\x16\x39\x5b\x7e\xf1\x1c\x2e\xdd\x6c\x09\xad\xf2\x31\xc1\x82\x4e\xb9\xbb\xf9\xbe\xbf\x2a\x85\x3f\xc0\x40\xa3\x3a\x59\xfc\x59\x4b\x3c\x28\x24\xdb\xb4\x15\x75\xae\x0d\x88\xba\x2e\x73\xc0\xbd\x58\x87\xe5\x42\xf2\xeb\x5e\xee\x1e\x30\x22\x99\xcb\x37\xd1\xc4\x21\x6c\x81\xec\xbe\x6d\x26\xe6\x1c\xe4\x42\x20\x9e\x47\xb0\xac\x83\x59\x70\x2c\x35\xd6\xaf\x36\x34\xb4\xcd\x3b\xf8\x32\xa8\xef\xe3\x78\x89\xfb\x8d\x45\x2c\xda\x9c\xb8\x7e\x40\x1c\x61\xe7\x3e\xa2\x92\x2c\x4b\xf2\xcd\xfa\x98\xb6\x29\xff\xf3\xf2\x7b\xa9\x1f\x2e\xa0\x93\x57\x2b\xde\x85\x03\xf9\x69\x37\xcb\x9e\x78\x6a\x05\xb4\xc5\x31\x78\x89\xec\x7a\xa7\x85\xe1\xb9\x7b\x3c\xde\xbe\x1e\x79\x84\xce\x9f\x70\x0e\x59\xc2\x35\x2e\x90\x2a\x31\xd9\xe4\x45\x7a\x41\xa4\x2e\x13\x9b\x34\x0e\x66\x7b\x49\xab\x64\x97\xd0\x46\xc3\x79\x9d\x72\x50\x63\xa6\x98\x5b\x06\xbd\x48\x6d\xd8\x39\x83\x70\xe8\x35\xf0\x05\xd1\xaa\xbc\xe3\xdb\xc8\x02\xea\x7c\xfd\x82\xda\xc2\x5b\x52\x35\xae\x98\x3a\xad\xba\x35\x93\x23\xa7\x1f\x48\xdd\x35\x46\x98\xb2\x10\x68\xe4\xa5\x31\xc2\x0a\x58\x2e\x19\x81\x10\xc9\x50\x75\xfc\xea\x5a\x16\xce\x11\xd7\xee\xef\x50\x88\x2d\x61\xff\x3f\x42\x73\x05\x94\x43\xd5\x8e\x3c\x4e\x01\x3a\x19\xa5\x1f\x46\x4e\x77\xd0\x5d\xe5\x81\x22\x21\x87\xfe\x94\x7d\x84\xd8\x93\xad\xd6\x68\x43\x48\xb2\xdb\xeb\x73\x24\xe7\x91\x7f\x54\xa4\xb6\x80\x3e\x9d\xa3\x3c\x4c\x72\xc2\x57\xc4\xa0\xd4\xcc\x38\x27\xce\xd5\x06\x9e\xa2\x48\xd9\xe9\x9f\xce\x82\x70\x36\x93\x9a\x3b\xdf\x96\x21\xe3\x59\xb7\x0c\xda\x91\x37\xf0\xfd\x59\x5a\xb3\x99\xc8\x69\x6c\x43\x26\x01\x35\x63\x60\x55\x89\x03\x3a\x75\xd8\xba\x4a\xd9\x54\xff\xee\xde\x80\xd8\x2d\xd1\x38\xd5\x5e\x2d\x0b\x98\x7d\x3e\x6c\xdb\xfc\x26\x88\xc7", + ["Chambers of Commerce Root - 2008"] = "\x30\x82\x07\x4f\x30\x82\x05\x37\xa0\x03\x02\x01\x02\x02\x09\x00\xa3\xda\x42\x7e\xa4\xb1\xae\xda\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xae\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3a\x4d\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6e\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x2f\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x2e\x41\x2e\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x20\x6f\x66\x20\x43\x6f\x6d\x6d\x65\x72\x63\x65\x20\x52\x6f\x6f\x74\x20\x2d\x20\x32\x30\x30\x38\x30\x1e\x17\x0d\x30\x38\x30\x38\x30\x31\x31\x32\x32\x39\x35\x30\x5a\x17\x0d\x33\x38\x30\x37\x33\x31\x31\x32\x32\x39\x35\x30\x5a\x30\x81\xae\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3a\x4d\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6e\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x2f\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x2e\x41\x2e\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x20\x6f\x66\x20\x43\x6f\x6d\x6d\x65\x72\x63\x65\x20\x52\x6f\x6f\x74\x20\x2d\x20\x32\x30\x30\x38\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xaf\x00\xcb\x70\x37\x2b\x80\x5a\x4a\x3a\x6c\x78\x94\x7d\xa3\x7f\x1a\x1f\xf6\x35\xd5\xbd\xdb\xcb\x0d\x44\x72\x3e\x26\xb2\x90\x52\xba\x63\x3b\x28\x58\x6f\xa5\xb3\x6d\x94\xa6\xf3\xdd\x64\x0c\x55\xf6\xf6\xe7\xf2\x22\x22\x80\x5e\xe1\x62\xc6\xb6\x29\xe1\x81\x6c\xf2\xbf\xe5\x7d\x32\x6a\x54\xa0\x32\x19\x59\xfe\x1f\x8b\xd7\x3d\x60\x86\x85\x24\x6f\xe3\x11\xb3\x77\x3e\x20\x96\x35\x21\x6b\xb3\x08\xd9\x70\x2e\x64\xf7\x84\x92\x53\xd6\x0e\xb0\x90\x8a\x8a\xe3\x87\x8d\x06\xd3\xbd\x90\x0e\xe2\x99\xa1\x1b\x86\x0e\xda\x9a\x0a\xbb\x0b\x61\x50\x06\x52\xf1\x9e\x7f\x76\xec\xcb\x0f\xd0\x1e\x0d\xcf\x99\x30\x3d\x1c\xc4\x45\x10\x58\xac\xd6\xd3\xe8\xd7\xe5\xea\xc5\x01\x07\x77\xd6\x51\xe6\x03\x7f\x8a\x48\xa5\x4d\x68\x75\xb9\xe9\xbc\x9e\x4e\x19\x71\xf5\x32\x4b\x9c\x6d\x60\x19\x0b\xfb\xcc\x9d\x75\xdc\xbf\x26\xcd\x8f\x93\x78\x39\x79\x73\x5e\x25\x0e\xca\x5c\xeb\x77\x12\x07\xcb\x64\x41\x47\x72\x93\xab\x50\xc3\xeb\x09\x76\x64\x34\xd2\x39\xb7\x76\x11\x09\x0d\x76\x45\xc4\xa9\xae\x3d\x6a\xaf\xb5\x7d\x65\x2f\x94\x58\x10\xec\x5c\x7c\xaf\x7e\xe2\xb6\x18\xd9\xd0\x9b\x4e\x5a\x49\xdf\xa9\x66\x0b\xcc\x3c\xc6\x78\x7c\xa7\x9c\x1d\xe3\xce\x8e\x53\xbe\x05\xde\x60\x0f\x6b\xe5\x1a\xdb\x3f\xe3\xe1\x21\xc9\x29\xc1\xf1\xeb\x07\x9c\x52\x1b\x01\x44\x51\x3c\x7b\x25\xd7\xc4\xe5\x52\x54\x5d\x25\x07\xca\x16\x20\xb8\xad\xe4\x41\xee\x7a\x08\xfe\x99\x6f\x83\xa6\x91\x02\xb0\x6c\x36\x55\x6a\xe7\x7d\xf5\x96\xe6\xca\x81\xd6\x97\xf1\x94\x83\xe9\xed\xb0\xb1\x6b\x12\x69\x1e\xac\xfb\x5d\xa9\xc5\x98\xe9\xb4\x5b\x58\x7a\xbe\x3d\xa2\x44\x3a\x63\x59\xd4\x0b\x25\xde\x1b\x4f\xbd\xe5\x01\x9e\xcd\xd2\x29\xd5\x9f\x17\x19\x0a\x6f\xbf\x0c\x90\xd3\x09\x5f\xd9\xe3\x8a\x35\xcc\x79\x5a\x4d\x19\x37\x92\xb7\xc4\xc1\xad\xaf\xf4\x79\x24\x9a\xb2\x01\x0b\xb1\xaf\x5c\x96\xf3\x80\x32\xfb\x5c\x3d\x98\xf1\xa0\x3f\x4a\xde\xbe\xaf\x94\x2e\xd9\x55\x9a\x17\x6e\x60\x9d\x63\x6c\xb8\x63\xc9\xae\x81\x5c\x18\x35\xe0\x90\xbb\xbe\x3c\x4f\x37\x22\xb9\x7e\xeb\xcf\x9e\x77\x21\xa6\x3d\x38\x81\xfb\x48\xda\x31\x3d\x2b\xe3\x89\xf5\xd0\xb5\xbd\x7e\xe0\x50\xc4\x12\x89\xb3\x23\x9a\x10\x31\x85\xdb\xae\x6f\xef\x38\x33\x18\x76\x11\x02\x03\x01\x00\x01\xa3\x82\x01\x6c\x30\x82\x01\x68\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x0c\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xf9\x24\xac\x0f\xb2\xb5\xf8\x79\xc0\xfa\x60\x88\x1b\xc4\xd9\x4d\x02\x9e\x17\x19\x30\x81\xe3\x06\x03\x55\x1d\x23\x04\x81\xdb\x30\x81\xd8\x80\x14\xf9\x24\xac\x0f\xb2\xb5\xf8\x79\xc0\xfa\x60\x88\x1b\xc4\xd9\x4d\x02\x9e\x17\x19\xa1\x81\xb4\xa4\x81\xb1\x30\x81\xae\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3a\x4d\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6e\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x2f\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x2e\x41\x2e\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x20\x6f\x66\x20\x43\x6f\x6d\x6d\x65\x72\x63\x65\x20\x52\x6f\x6f\x74\x20\x2d\x20\x32\x30\x30\x38\x82\x09\x00\xa3\xda\x42\x7e\xa4\xb1\xae\xda\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x3d\x06\x03\x55\x1d\x20\x04\x36\x30\x34\x30\x32\x06\x04\x55\x1d\x20\x00\x30\x2a\x30\x28\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x1c\x68\x74\x74\x70\x3a\x2f\x2f\x70\x6f\x6c\x69\x63\x79\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x90\x12\xaf\x22\x35\xc2\xa3\x39\xf0\x2e\xde\xe9\xb5\xe9\x78\x7c\x48\xbe\x3f\x7d\x45\x92\x5e\xe9\xda\xb1\x19\xfc\x16\x3c\x9f\xb4\x5b\x66\x9e\x6a\xe7\xc3\xb9\x5d\x88\xe8\x0f\xad\xcf\x23\x0f\xde\x25\x3a\x5e\xcc\x4f\xa5\xc1\xb5\x2d\xac\x24\xd2\x58\x07\xde\xa2\xcf\x69\x84\x60\x33\xe8\x10\x0d\x13\xa9\x23\xd0\x85\xe5\x8e\x7b\xa6\x9e\x3d\x72\x13\x72\x33\xf5\xaa\x7d\xc6\x63\x1f\x08\xf4\xfe\x01\x7f\x24\xcf\x2b\x2c\x54\x09\xde\xe2\x2b\x6d\x92\xc6\x39\x4f\x16\xea\x3c\x7e\x7a\x46\xd4\x45\x6a\x46\xa8\xeb\x75\x82\x56\xa7\xab\xa0\x7c\x68\x13\x33\xf6\x9d\x30\xf0\x6f\x27\x39\x24\x23\x2a\x90\xfd\x90\x29\x35\xf2\x93\xdf\x34\xa5\xc6\xf7\xf8\xef\x8c\x0f\x62\x4a\x7c\xae\xd3\xf5\x54\xf8\x8d\xb6\x9a\x56\x87\x16\x82\x3a\x33\xab\x5a\x22\x08\xf7\x82\xba\xea\x2e\xe0\x47\x9a\xb4\xb5\x45\xa3\x05\x3b\xd9\xdc\x2e\x45\x40\x3b\xea\xdc\x7f\xe8\x3b\xeb\xd1\xec\x26\xd8\x35\xa4\x30\xc5\x3a\xac\x57\x9e\xb3\x76\xa5\x20\x7b\xf9\x1e\x4a\x05\x62\x01\xa6\x28\x75\x60\x97\x92\x0d\x6e\x3e\x4d\x37\x43\x0d\x92\x15\x9c\x18\x22\xcd\x51\x99\xa0\x29\x1a\x3c\x5f\x8a\x32\x33\x5b\x30\xc7\x89\x2f\x47\x98\x0f\xa3\x03\xc6\xf6\xf1\xac\xdf\x32\xf0\xd9\x81\x1a\xe4\x9c\xbd\xf6\x80\x14\xf0\xd1\x2c\xb9\x85\xf5\xd8\xa3\xb1\xc8\xa5\x21\xe5\x1c\x13\x97\xee\x0e\xbd\xdf\x29\xa9\xef\x34\x53\x5b\xd3\xe4\x6a\x13\x84\x06\xb6\x32\x02\xc4\x52\xae\x22\xd2\xdc\xb2\x21\x42\x1a\xda\x40\xf0\x29\xc9\xec\x0a\x0c\x5c\xe2\xd0\xba\xcc\x48\xd3\x37\x0a\xcc\x12\x0a\x8a\x79\xb0\x3d\x03\x7f\x69\x4b\xf4\x34\x20\x7d\xb3\x34\xea\x8e\x4b\x64\xf5\x3e\xfd\xb3\x23\x67\x15\x0d\x04\xb8\xf0\x2d\xc1\x09\x51\x3c\xb2\x6c\x15\xf0\xa5\x23\xd7\x83\x74\xe4\xe5\x2e\xc9\xfe\x98\x27\x42\xc6\xab\xc6\x9e\xb0\xd0\x5b\x38\xa5\x9b\x50\xde\x7e\x18\x98\xb5\x45\x3b\xf6\x79\xb4\xe8\xf7\x1a\x7b\x06\x83\xfb\xd0\x8b\xda\xbb\xc7\xbd\x18\xab\x08\x6f\x3c\x80\x6b\x40\x3f\x19\x19\xba\x65\x8a\xe6\xbe\xd5\x5c\xd3\x36\xd7\xef\x40\x52\x24\x60\x38\x67\x04\x31\xec\x8f\xf3\x82\xc6\xde\xb9\x55\xf3\x3b\x31\x91\x5a\xdc\xb5\x08\x15\xad\x76\x25\x0a\x0d\x7b\x2e\x87\xe2\x0c\xa6\x06\xbc\x26\x10\x6d\x37\x9d\xec\xdd\x78\x8c\x7c\x80\xc5\xf0\xd9\x77\x48\xd0", + ["Global Chambersign Root - 2008"] = "\x30\x82\x07\x49\x30\x82\x05\x31\xa0\x03\x02\x01\x02\x02\x09\x00\xc9\xcd\xd3\xe9\xd5\x7d\x23\xce\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xac\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3a\x4d\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6e\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x2f\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x2e\x41\x2e\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1e\x47\x6c\x6f\x62\x61\x6c\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x2d\x20\x32\x30\x30\x38\x30\x1e\x17\x0d\x30\x38\x30\x38\x30\x31\x31\x32\x33\x31\x34\x30\x5a\x17\x0d\x33\x38\x30\x37\x33\x31\x31\x32\x33\x31\x34\x30\x5a\x30\x81\xac\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3a\x4d\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6e\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x2f\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x2e\x41\x2e\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1e\x47\x6c\x6f\x62\x61\x6c\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x2d\x20\x32\x30\x30\x38\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xc0\xdf\x56\xd3\xe4\x3a\x9b\x76\x45\xb4\x13\xdb\xff\xc1\xb6\x19\x8b\x37\x41\x18\x95\x52\x47\xeb\x17\x9d\x29\x88\x8e\x35\x6c\x06\x32\x2e\x47\x62\xf3\x49\x04\xbf\x7d\x44\x36\xb1\x71\xcc\xbd\x5a\x09\x73\xd5\xd9\x85\x44\xff\x91\x57\x25\xdf\x5e\x36\x8e\x70\xd1\x5c\x71\x43\x1d\xd9\xda\xef\x5c\xd2\xfb\x1b\xbd\x3a\xb5\xcb\xad\xa3\xcc\x44\xa7\x0d\xae\x21\x15\x3f\xb9\x7a\x5b\x92\x75\xd8\xa4\x12\x38\x89\x19\x8a\xb7\x80\xd2\xe2\x32\x6f\x56\x9c\x91\xd6\x88\x10\x0b\xb3\x74\x64\x92\x74\x60\xf3\xf6\xcf\x18\x4f\x60\xb2\x23\xd0\xc7\x3b\xce\x61\x4b\x99\x8f\xc2\x0c\xd0\x40\xb2\x98\xdc\x0d\xa8\x4e\xa3\xb9\x0a\xae\x60\xa0\xad\x45\x52\x63\xba\x66\xbd\x68\xe0\xf9\xbe\x1a\xa8\x81\xbb\x1e\x41\x78\x75\xd3\xc1\xfe\x00\x55\xb0\x87\x54\xe8\x27\x90\x35\x1d\x4c\x33\xad\x97\xfc\x97\x2e\x98\x84\xbf\x2c\xc9\xa3\xbf\xd1\x98\x11\x14\xed\x63\xf8\xca\x98\x88\x58\x17\x99\xed\x45\x03\x97\x7e\x3c\x86\x1e\x88\x8c\xbe\xf2\x91\x84\x8f\x65\x34\xd8\x00\x4c\x7d\xb7\x31\x17\x5a\x29\x7a\x0a\x18\x24\x30\xa3\x37\xb5\x7a\xa9\x01\x7d\x26\xd6\xf9\x0e\x8e\x59\xf1\xfd\x1b\x33\xb5\x29\x3b\x17\x3b\x41\xb6\x21\xdd\xd4\xc0\x3d\xa5\x9f\x9f\x1f\x43\x50\xc9\xbb\xbc\x6c\x7a\x97\x98\xee\xcd\x8c\x1f\xfb\x9c\x51\xae\x8b\x70\xbd\x27\x9f\x71\xc0\x6b\xac\x7d\x90\x66\xe8\xd7\x5d\x3a\x0d\xb0\xd5\xc2\x8d\xd5\xc8\x9d\x9d\xc1\x6d\xd0\xd0\xbf\x51\xe4\xe3\xf8\xc3\x38\x36\xae\xd6\xa7\x75\xe6\xaf\x84\x43\x5d\x93\x92\x0c\x6a\x07\xde\x3b\x1d\x98\x22\xd6\xac\xc1\x35\xdb\xa3\xa0\x25\xff\x72\xb5\x76\x1d\xde\x6d\xe9\x2c\x66\x2c\x52\x84\xd0\x45\x92\xce\x1c\xe5\xe5\x33\x1d\xdc\x07\x53\x54\xa3\xaa\x82\x3b\x9a\x37\x2f\xdc\xdd\xa0\x64\xe9\xe6\xdd\xbd\xae\xfc\x64\x85\x1d\x3c\xa7\xc9\x06\xde\x84\xff\x6b\xe8\x6b\x1a\x3c\xc5\xa2\xb3\x42\xfb\x8b\x09\x3e\x5f\x08\x52\xc7\x62\xc4\xd4\x05\x71\xbf\xc4\x64\xe4\xf8\xa1\x83\xe8\x3e\x12\x9b\xa8\x1e\xd4\x36\x4d\x2f\x71\xf6\x8d\x28\xf6\x83\xa9\x13\xd2\x61\xc1\x91\xbb\x48\xc0\x34\x8f\x41\x8c\x4b\x4c\xdb\x69\x12\xff\x50\x94\x9c\x20\x83\x59\x73\xed\x7c\xa1\xf2\xf1\xfd\xdd\xf7\x49\xd3\x43\x58\xa0\x56\x63\xca\x3d\x3d\xe5\x35\x56\x59\xe9\x0e\xca\x20\xcc\x2b\x4b\x93\x29\x0f\x02\x03\x01\x00\x01\xa3\x82\x01\x6a\x30\x82\x01\x66\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x0c\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xb9\x09\xca\x9c\x1e\xdb\xd3\x6c\x3a\x6b\xae\xed\x54\xf1\x5b\x93\x06\x35\x2e\x5e\x30\x81\xe1\x06\x03\x55\x1d\x23\x04\x81\xd9\x30\x81\xd6\x80\x14\xb9\x09\xca\x9c\x1e\xdb\xd3\x6c\x3a\x6b\xae\xed\x54\xf1\x5b\x93\x06\x35\x2e\x5e\xa1\x81\xb2\xa4\x81\xaf\x30\x81\xac\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3a\x4d\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6e\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x2f\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x2e\x41\x2e\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1e\x47\x6c\x6f\x62\x61\x6c\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x2d\x20\x32\x30\x30\x38\x82\x09\x00\xc9\xcd\xd3\xe9\xd5\x7d\x23\xce\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x3d\x06\x03\x55\x1d\x20\x04\x36\x30\x34\x30\x32\x06\x04\x55\x1d\x20\x00\x30\x2a\x30\x28\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x1c\x68\x74\x74\x70\x3a\x2f\x2f\x70\x6f\x6c\x69\x63\x79\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x80\x88\x7f\x70\xde\x92\x28\xd9\x05\x94\x46\xff\x90\x57\xa9\xf1\x2f\xdf\x1a\x0d\x6b\xfa\x7c\x0e\x1c\x49\x24\x79\x27\xd8\x46\xaa\x6f\x29\x59\x52\x88\x70\x12\xea\xdd\x3d\xf5\x9b\x53\x54\x6f\xe1\x60\xa2\xa8\x09\xb9\xec\xeb\x59\x7c\xc6\x35\xf1\xdc\x18\xe9\xf1\x67\xe5\xaf\xba\x45\xe0\x09\xde\xca\x44\x0f\xc2\x17\x0e\x77\x91\x45\x7a\x33\x5f\x5f\x96\x2c\x68\x8b\xc1\x47\x8f\x98\x9b\x3d\xc0\xec\xcb\xf5\xd5\x82\x92\x84\x35\xd1\xbe\x36\x38\x56\x72\x31\x5b\x47\x2d\xaa\x17\xa4\x63\x51\xeb\x0a\x01\xad\x7f\xec\x75\x9e\xcb\xa1\x1f\xf1\x7f\x12\xb1\xb9\xe4\x64\x7f\x67\xd6\x23\x2a\xf4\xb8\x39\x5d\x98\xe8\x21\xa7\xe1\xbd\x3d\x42\x1a\x74\x9a\x70\xaf\x68\x6c\x50\x5d\x49\xcf\xff\xfb\x0e\x5d\xe6\x2c\x47\xd7\x81\x3a\x59\x00\xb5\x73\x6b\x63\x20\xf6\x31\x45\x08\x39\x0e\xf4\x70\x7e\x40\x70\x5a\x3f\xd0\x6b\x42\xa9\x74\x3d\x28\x2f\x02\x6d\x75\x72\x95\x09\x8d\x48\x63\xc6\xc6\x23\x57\x92\x93\x5e\x35\xc1\x8d\xf9\x0a\xf7\x2c\x9d\x62\x1c\xf6\xad\x7c\xdd\xa6\x31\x1e\xb6\xb1\xc7\x7e\x85\x26\xfa\xa4\x6a\xb5\xda\x63\x30\xd1\xef\x93\x37\xb2\x66\x2f\x7d\x05\xf7\xe7\xb7\x4b\x98\x94\x35\xc0\xd9\x3a\x29\xc1\x9d\xb2\x50\x33\x1d\x4a\xa9\x5a\xa6\xc9\x03\xef\xed\xf4\xe7\xa8\x6e\x8a\xb4\x57\x84\xeb\xa4\x3f\xd0\xee\xaa\xaa\x87\x5b\x63\xe8\x93\xe2\x6b\xa8\xd4\xb8\x72\x78\x6b\x1b\xed\x39\xe4\x5d\xcb\x9b\xaa\x87\xd5\x4f\x4e\x00\xfe\xd9\x6a\x9f\x3c\x31\x0f\x28\x02\x01\x7d\x98\xe8\xa7\xb0\xa2\x64\x9e\x79\xf8\x48\xf2\x15\xa9\xcc\xe6\xc8\x44\xeb\x3f\x78\x99\xf2\x7b\x71\x3e\x3c\xf1\x98\xa7\xc5\x18\x12\x3f\xe6\xbb\x28\x33\x42\xe9\x45\x0a\x7c\x6d\xf2\x86\x79\x2f\xc5\x82\x19\x7d\x09\x89\x7c\xb2\x54\x76\x88\xae\xde\xc1\xf3\xcc\xe1\x6e\xdb\x31\xd6\x93\xae\x99\xa0\xef\x25\x6a\x73\x98\x89\x5b\x3a\x2e\x13\x88\x1e\xbf\xc0\x92\x94\x34\x1b\xe3\x27\xb7\x8b\x1e\x6f\x42\xff\xe7\xe9\x37\x9b\x50\x1d\x2d\xa2\xf9\x02\xee\xcb\x58\x58\x3a\x71\xbc\x68\xe3\xaa\xc1\xaf\x1c\x28\x1f\xa2\xdc\x23\x65\x3f\x81\xea\xae\x99\xd3\xd8\x30\xcf\x13\x0d\x4f\x15\xc9\x84\xbc\xa7\x48\x2d\xf8\x30\x23\x77\xd8\x46\x4b\x79\x6d\xf6\x8c\xed\x3a\x7f\x60\x11\x78\xf4\xe9\x9b\xae\xd5\x54\xc0\x74\x80\xd1\x0b\x42\x9f\xc1", +}; diff --git a/policy/ssl.bro b/policy/ssl.bro index 6a347a14cc..9b40a736b9 100644 --- a/policy/ssl.bro +++ b/policy/ssl.bro @@ -1,17 +1,7 @@ -# $Id: ssl.bro 5988 2008-07-19 07:02:12Z vern $ +@load conn-id +@load ssl-mozilla-CAs -@load notice -@load conn -@load weird -@load ssl-ciphers -@load ssl-errors - -global ssl_log = open_log_file("ssl") &redef; - -redef enum Notice += { - SSL_X509Violation, # blanket X509 error - SSL_SessConIncon, # session data not consistent with connection -}; +global ssl_log = open_log_file("ssl") &raw_output &redef; const SSLv2 = 0x0002; @@ -22,36 +12,36 @@ const TLSv11 = 0x0302; # If true, Bro stores the client and server cipher specs and performs # additional tests. This costs an extra amount of memory (normally # only for a short time) but enables detecting of non-intersecting -# cipher sets, for example. -const ssl_compare_cipherspecs = T &redef; - -# Whether to analyze certificates seen in SSL connections. -const ssl_analyze_certificates = T &redef; - -# If we analyze SSL certificates, we can choose to store them. -const ssl_store_certificates = T &redef; - -# Path where we dump the certificates into. If it's empty, -# use the current directory. -const ssl_store_cert_path = "certs" &redef; - -# If we analyze SSL certificates, we can choose to verify them. -const ssl_verify_certificates = T &redef; - -# This is the path where OpenSSL looks after the trusted certificates. -# If empty, the default path will be used. -const x509_trusted_cert_path = "" &redef; - -# Whether to store key-material exchanged in the handshaking phase. -const ssl_store_key_material = F &redef; - -# Report weak/unknown ciphers in CLIENT_HELLO, SSLv2 SERVER_HELLO. -const ssl_report_client_weak = F &redef; -const ssl_report_client_unknown = F &redef; -const ssl_report_server_weak = F &redef; - -# Log all ciphers. -const ssl_log_ciphers = T &redef; +## cipher sets, for example. +#const ssl_compare_cipherspecs = T &redef; +# +## Whether to analyze certificates seen in SSL connections. +#const ssl_analyze_certificates = T &redef; +# +## If we analyze SSL certificates, we can choose to store them. +#const ssl_store_certificates = T &redef; +# +## Path where we dump the certificates into. If it's empty, +## use the current directory. +#const ssl_store_cert_path = "certs" &redef; +# +## If we analyze SSL certificates, we can choose to verify them. +#const ssl_verify_certificates = T &redef; +# +## This is the path where OpenSSL looks after the trusted certificates. +## If empty, the default path will be used. +#const x509_trusted_cert_path = "" &redef; +# +## Whether to store key-material exchanged in the handshaking phase. +#const ssl_store_key_material = F &redef; +# +## Report weak/unknown ciphers in CLIENT_HELLO, SSLv2 SERVER_HELLO. +#const ssl_report_client_weak = F &redef; +#const ssl_report_client_unknown = F &redef; +#const ssl_report_server_weak = F &redef; +# +## Log all ciphers. +#const ssl_log_ciphers = T &redef; # NOTE: this is a 'local' port format for your site # --- well-known ports for ssl --------- @@ -75,139 +65,9 @@ global ssl_ports = { } &redef; redef dpd_config += { - [[ANALYZER_SSL, ANALYZER_SSL_BINPAC]] = [$ports = ssl_ports] + [[ANALYZER_SSL]] = [$ports = ssl_ports] }; -# --- Weak Cipher Demo ------------- - -const myWeakCiphers: set[count] = { - SSLv20_CK_RC4_128_EXPORT40_WITH_MD5, - SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5, - SSLv20_CK_DES_64_CBC_WITH_MD5, - - TLS_NULL_WITH_NULL_NULL, - TLS_RSA_WITH_NULL_MD5, - TLS_RSA_WITH_NULL_SHA, - TLS_RSA_EXPORT_WITH_RC4_40_MD5, - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, - TLS_RSA_WITH_DES_CBC_SHA, - - TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, - TLS_DH_DSS_WITH_DES_CBC_SHA, - TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, - TLS_DH_RSA_WITH_DES_CBC_SHA, - TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - TLS_DHE_DSS_WITH_DES_CBC_SHA, - TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - TLS_DHE_RSA_WITH_DES_CBC_SHA, - - TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, - TLS_DH_ANON_WITH_RC4_128_MD5, - TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, - TLS_DH_ANON_WITH_DES_CBC_SHA, - TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, -}; - -const x509_ignore_errors: set[int] = { - X509_V_OK, - # X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE -}; - -const x509_hot_errors: set[int] = { - X509_V_ERR_CRL_SIGNATURE_FAILURE, - X509_V_ERR_CERT_NOT_YET_VALID, - X509_V_ERR_CERT_HAS_EXPIRED, - X509_V_ERR_CERT_REVOKED, - X509_V_ERR_SUBJECT_ISSUER_MISMATCH, - # X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE # for testing -}; - -redef Weird::weird_action += { - [["SSLv2: Unknown CIPHER-SPEC in CLIENT-HELLO!", - "SSLv2: Client has CipherSpecs > MAX_CIPHERSPEC_SIZE", - "unexpected_SSLv3_record", - "SSLv3_data_without_full_handshake"]] = Weird::WEIRD_IGNORE -}; - - -global SSL_cipherCount: table[count] of count &default = 0; - -type ssl_connection_info: record { - id: count; # the log identifier number - connection_id: conn_id; # IP connection information - version: string; # version assosciated with connection - client_cert: X509; - server_cert: X509; - id_index: string; # index for associated SSL_sessionID - handshake_cipher: string; # agreed-upon cipher for session/conn. -}; - -# SSL_sessionID index - used to track version assosciated with a session id. -type SSL_sessionID_record: record { - num_reuse: count; - id: SSL_sessionID; # literal session ID - - # everything below is an example of session vs connection monitoring. - version: string; # version assosciated with session id - client_cert: X509; - server_cert: X509; - handshake_cipher: string; -}; - -global ssl_connections: table[conn_id] of ssl_connection_info; -global ssl_sessionIDs: table[string] of SSL_sessionID_record - &read_expire = 2 hrs; -global ssl_connection_id = 0; - -# Used when there's no issuer/subject/cipher. -const NONE = ""; - -# --- SSL helper functions --------- -function new_ssl_connection(c: connection) - { - local conn = c$id; - local new_id = ++ssl_connection_id; - - local info: ssl_connection_info; - info$id = new_id; - info$id_index = md5_hash(info$id); - info$version = ""; - info$client_cert$issuer = NONE; - info$client_cert$subject = NONE; - info$server_cert$issuer = NONE; - info$server_cert$subject = NONE; - info$handshake_cipher = NONE; - info$connection_id = conn; - - ssl_connections[conn] = info; - append_addl(c, fmt("#%d", new_id)); - - print ssl_log, fmt("%.6f #%d %s start", - network_time(), new_id, id_string(conn)); - } - -function new_sessionID_record(session: SSL_sessionID) - { - local info: SSL_sessionID_record; - - info$num_reuse = 1; - info$client_cert$issuer = NONE; - info$client_cert$subject = NONE; - info$server_cert$issuer = NONE; - info$server_cert$subject = NONE; - info$handshake_cipher = NONE; - - local index = md5_hash(session); - ssl_sessionIDs[index] = info; - } - -function ssl_get_cipher_name(cipherSuite: count): string - { - return cipherSuite in ssl_cipher_desc ? - ssl_cipher_desc[cipherSuite] : "UNKNOWN"; - } - function ssl_get_version_string(version: count): string { if ( version == SSLv2 ) @@ -222,315 +82,510 @@ function ssl_get_version_string(version: count): string return "?.?"; } -function ssl_con2str(c: connection): string +event ssl_client_hello(c: connection, version: count, possible_ts: time, session_id: string, ciphers: count_set) { - return fmt("%s:%s -> %s:%s", - c$id$orig_h, c$id$orig_p, c$id$resp_h, c$id$resp_p); + print ssl_log, cat_sep("\t", "\\N", network_time(), id_string(c$id), + "Client Hello", + ssl_get_version_string(version), + fmt("0x%s", bytestring_to_hexstr(session_id)), + fmt("%D", possible_ts)); } -function lookup_ssl_conn(c: connection, func: string, log_if_new: bool) +event ssl_extension(c: connection, code: count, val: string) { - if ( c$id !in ssl_connections ) - { - new_ssl_connection(c); - - if ( log_if_new ) - print ssl_log, - fmt("%.6f #%d creating new SSL connection in %s", - network_time(), ssl_connections[c$id]$id, func); - } + if ( code == 0 ) + print ssl_log, cat_sep("\t", "\\N", network_time(), id_string(c$id), + "ssl_extension", "server_name", sub(val, /^...../, "")); } -event ssl_conn_weak(name: string, c: connection) +event ssl_server_hello(c: connection, version: count, possible_ts: time, session_id: string, cipher: count, comp_method: count) { - lookup_ssl_conn(c, "ssl_conn_weak", T); - print ssl_log, fmt("%.6f #%d %s", - network_time(), ssl_connections[c$id]$id, name); + print ssl_log, cat_sep("\t", "\\N", network_time(), id_string(c$id), + "Server Hello", + ssl_get_version_string(version), + fmt("0x%s", bytestring_to_hexstr(session_id)), + fmt("%D", possible_ts)); } -# --- SSL events ------------------- - -event ssl_certificate_seen(c: connection, is_server: bool) +event ssl_established(c: connection) { - # Called whenever there's an certificate to analyze. - # we could do something here, like... - - # if ( c$id$orig_h in hostsToIgnore ) - # { - # ssl_store_certificates = F; - # ssl_verify_certificates = F; - # } - # else - # { - # ssl_store_certificates = T; - # ssl_verify_certificates = T; - # } + print ssl_log, cat_sep("\t", "\\N", network_time(), id_string(c$id), + "SSL session established"); } -event ssl_certificate(c: connection, cert: X509, is_server: bool) +event x509_certificate(c: connection, cert: X509, is_server: bool, chain_idx: count, chain_len: count, der_cert: string) { - local direction = is_local_addr(c$id$orig_h) ? "client" : "server"; - - lookup_ssl_conn(c, "ssl_certificate", T); - local conn = ssl_connections[c$id]; - - if( direction == "client" ) - conn$client_cert = cert; - else - { - conn$server_cert = cert; - - # We have not filled in the field for the master session - # for this connection. Do it now, but only if this is not a - # SSLv2 connection (no session information in that case). - if ( conn$id_index in ssl_sessionIDs && - ssl_sessionIDs[conn$id_index]$server_cert$subject == NONE ) - ssl_sessionIDs[conn$id_index]$server_cert$subject = - cert$subject; - } - - print ssl_log, fmt("%.6f #%d X.509 %s issuer %s", - network_time(), conn$id, direction, cert$issuer); - - print ssl_log, fmt("%.6f #%d X.509 %s subject %s", - network_time(), conn$id, direction, cert$subject); + print ssl_log, cat_sep("\t", "\\N", network_time(), id_string(c$id), + "X509 certificate", chain_idx, + cert$subject, cert$issuer, + fmt("%D", cert$not_valid_before), + fmt("%D", cert$not_valid_after)); } -event ssl_conn_attempt(c: connection, version: count, - ciphers: cipher_suites_list) +event x509_cert_body(c: connection, cert: string) { - lookup_ssl_conn(c, "ssl_conn_attempt", F); - local conn = ssl_connections[c$id]; - local version_string = ssl_get_version_string(version); + print ssl_log, cat_sep("\t", "\\N", network_time(), id_string(c$id), + "X509 certificate body", fmt("0x%s", bytestring_to_hexstr(cert))); - print ssl_log, fmt("%.6f #%d SSL connection attempt %s", - network_time(), conn$id, version_string); - - conn$version = version_string; - - for ( cs in ciphers ) - { # display a list of the cipher suites - # Demo: report clients who support weak ciphers. - if ( ssl_report_client_weak && cs in myWeakCiphers ) - event ssl_conn_weak( - fmt("SSL client supports weak cipher: %s (0x%x)", - ssl_get_cipher_name(cs), cs), c); - - # Demo: report unknown ciphers. - if ( ssl_report_client_unknown && cs !in ssl_cipher_desc ) - event ssl_conn_weak( - fmt("SSL: unknown cipher-spec: %s (0x%x)", - ssl_get_cipher_name(cs), cs), c); - - if ( ssl_log_ciphers ) - print ssl_log, fmt("%.6f #%d client cipher %s (0x%x)", - network_time(), conn$id, - ssl_get_cipher_name(cs), cs); - } } -event ssl_conn_server_reply(c: connection, version: count, - ciphers: cipher_suites_list) - { - lookup_ssl_conn(c, "ssl_conn_server_reply", T); +## Old Code Below here!!!! - local conn = ssl_connections[c$id]; - local version_string = ssl_get_version_string(version); +## --- Weak Cipher Demo ------------- +# +#const myWeakCiphers: set[count] = { +# SSLv20_CK_RC4_128_EXPORT40_WITH_MD5, +# SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5, +# SSLv20_CK_DES_64_CBC_WITH_MD5, +# +# TLS_NULL_WITH_NULL_NULL, +# TLS_RSA_WITH_NULL_MD5, +# TLS_RSA_WITH_NULL_SHA, +# TLS_RSA_EXPORT_WITH_RC4_40_MD5, +# TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, +# TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, +# TLS_RSA_WITH_DES_CBC_SHA, +# +# TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, +# TLS_DH_DSS_WITH_DES_CBC_SHA, +# TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, +# TLS_DH_RSA_WITH_DES_CBC_SHA, +# TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, +# TLS_DHE_DSS_WITH_DES_CBC_SHA, +# TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, +# TLS_DHE_RSA_WITH_DES_CBC_SHA, +# +# TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, +# TLS_DH_ANON_WITH_RC4_128_MD5, +# TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, +# TLS_DH_ANON_WITH_DES_CBC_SHA, +# TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, +#}; +# +#const x509_ignore_errors: set[int] = { +# X509_V_OK, +# # X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE +#}; +# +#const x509_hot_errors: set[int] = { +# X509_V_ERR_CRL_SIGNATURE_FAILURE, +# X509_V_ERR_CERT_NOT_YET_VALID, +# X509_V_ERR_CERT_HAS_EXPIRED, +# X509_V_ERR_CERT_REVOKED, +# X509_V_ERR_SUBJECT_ISSUER_MISMATCH, +# # X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE # for testing +#}; +# +#redef Weird::weird_action += { +# [["SSLv2: Unknown CIPHER-SPEC in CLIENT-HELLO!", +# "SSLv2: Client has CipherSpecs > MAX_CIPHERSPEC_SIZE", +# "unexpected_SSLv3_record", +# "SSLv3_data_without_full_handshake"]] = Weird::WEIRD_IGNORE +#}; - print ssl_log, fmt("%.6f #%d SSL connection server reply, %s", - network_time(), conn$id, version_string); - conn$version = version_string; +#global SSL_cipherCount: table[count] of count &default = 0; +# +#type ssl_connection_info: record { +# id: count; # the log identifier number +# connection_id: conn_id; # IP connection information +# version: string; # version assosciated with connection +# client_cert: X509; +# server_cert: X509; +# id_index: string; # index for associated SSL_sessionID +# handshake_cipher: string; # agreed-upon cipher for session/conn. +#}; - for ( cs in ciphers ) - { - # Demo: report servers who support weak ciphers. - if ( ssl_report_server_weak && version == SSLv2 && - cs in myWeakCiphers ) - event ssl_conn_weak( - fmt("SSLv2 server supports weak cipher: %s (0x%x)", - ssl_get_cipher_name(cs), cs), c); +# SSL_sessionID index - used to track version assosciated with a session id. +#type SSL_sessionID_record: record { +# num_reuse: count; +# id: string; # literal session ID +# +# # everything below is an example of session vs connection monitoring. +# version: string; # version assosciated with session id +# client_cert: X509; +# server_cert: X509; +# handshake_cipher: string; +#}; +# +#global ssl_connections: table[conn_id] of ssl_connection_info; +#global ssl_sessionIDs: table[string] of SSL_sessionID_record +# &read_expire = 2 hrs; +#global ssl_connection_id = 0; +# +## Used when there's no issuer/subject/cipher. +#const NONE = ""; +# +## --- SSL helper functions --------- +#function new_ssl_connection(c: connection) +# { +# local conn = c$id; +# local new_id = ++ssl_connection_id; +# +# local info: ssl_connection_info; +# info$id = new_id; +# info$id_index = md5_hash(info$id); +# info$version = ""; +# info$client_cert$issuer = NONE; +# info$client_cert$subject = NONE; +# info$server_cert$issuer = NONE; +# info$server_cert$subject = NONE; +# info$handshake_cipher = NONE; +# info$connection_id = conn; +# +# ssl_connections[conn] = info; +# append_addl(c, fmt("#%d", new_id)); +# +# print ssl_log, fmt("%.6f #%d %s start", +# network_time(), new_id, id_string(conn)); +# } +# +#function new_sessionID_record(session: string) +# { +# local info: SSL_sessionID_record; +# +# info$num_reuse = 1; +# info$client_cert$issuer = NONE; +# info$client_cert$subject = NONE; +# info$server_cert$issuer = NONE; +# info$server_cert$subject = NONE; +# info$handshake_cipher = NONE; +# +# local index = md5_hash(session); +# ssl_sessionIDs[index] = info; +# } +# +#function ssl_get_cipher_name(cipherSuite: count): string +# { +# return cipherSuite in ssl_cipher_desc ? +# ssl_cipher_desc[cipherSuite] : "UNKNOWN"; +# } +# +#function ssl_get_version_string(version: count): string +# { +# if ( version == SSLv2 ) +# return "SSL version 2"; +# else if ( version == SSLv3 ) +# return "SSL version 3"; +# else if ( version == TLSv10 ) +# return "TLS version 1.0"; +# else if ( version == TLSv11 ) +# return "TLS version 1.1"; +# else +# return "?.?"; +# } +# +#function ssl_con2str(c: connection): string +# { +# return fmt("%s:%s -> %s:%s", +# c$id$orig_h, c$id$orig_p, c$id$resp_h, c$id$resp_p); +# } +# +#function lookup_ssl_conn(c: connection, func: string, log_if_new: bool) +# { +# if ( c$id !in ssl_connections ) +# { +# new_ssl_connection(c); +# +# if ( log_if_new ) +# print ssl_log, +# fmt("%.6f #%d creating new SSL connection in %s", +# network_time(), ssl_connections[c$id]$id, func); +# } +# } - if ( ssl_log_ciphers ) - print ssl_log, fmt("%.6f #%d server cipher %s (0x%x)", - network_time(), conn$id, - ssl_get_cipher_name(cs), cs); - } - } - -event ssl_conn_established(c: connection, version: count, cipher_suite: count) - { - lookup_ssl_conn(c, "ssl_conn_established", T); - - local conn = ssl_connections[c$id]; - local version_string = ssl_get_version_string(version); - - print ssl_log, - fmt("%.6f #%d handshake finished, %s", - network_time(), conn$id, version_string); - - if ( cipher_suite in myWeakCiphers ) - event ssl_conn_weak(fmt("%.6f #%d weak cipher: %s (0x%x)", - network_time(), conn$id, - ssl_get_cipher_name(cipher_suite), cipher_suite), c); - - if ( ssl_log_ciphers ) - print ssl_log, fmt("%.6f #%d connection cipher %s (0x%x)", - network_time(), conn$id, - ssl_get_cipher_name(cipher_suite), cipher_suite); - - ++SSL_cipherCount[cipher_suite]; - - # This should be the version identified with the session, unless - # there is some renegotiation. That will be caught later. - conn$version = version_string; - } - -event process_X509_extensions(c: connection, ex: X509_extension) - { - lookup_ssl_conn(c, "process_X509_extensions", T); - local conn = ssl_connections[c$id]; - - local msg = fmt("%.6f #%d X.509 extensions: ", network_time(), conn$id); - for ( i in ex ) - msg = fmt("%s, %s", msg, ex[i]); - - print ssl_log, msg; - } - -event ssl_session_insertion(c: connection, id: SSL_sessionID) - { - local idd = c$id; - - if ( idd !in ssl_connections) - { - new_ssl_connection(c); - - print ssl_log, - fmt("%.6f #%d creating new SSL connection in ssl_session_insertion", - network_time(), ssl_connections[c$id]$id); - - # None of the conn$object values will exist, so we leave this - # to prevent needless crashing. - return; - } - - local conn = ssl_connections[idd]; - local id_index = md5_hash(id); - - # If there is no session with thIS id we create (a typical) one, - # otherwise we move on. - if ( id_index !in ssl_sessionIDs ) - { - new_sessionID_record(id); - - local session = ssl_sessionIDs[id_index]; - session$version = conn$version; - session$client_cert$subject = conn$client_cert$subject; - session$server_cert$subject = conn$server_cert$subject; - session$handshake_cipher = conn$handshake_cipher; - session$id = id; - - conn$id_index = id_index; - } - - else - { # should we ever get here? - session = ssl_sessionIDs[id_index]; - conn$id_index = id_index; - } - } - -event ssl_conn_reused(c: connection, session_id: SSL_sessionID) - { - lookup_ssl_conn(c, "ssl_conn_reused", T); - local conn = ssl_connections[c$id]; - local id_index = md5_hash(session_id); - - print ssl_log, fmt("%.6f #%d reusing former SSL session: %s", - network_time(), conn$id, id_index); - - # We cannot track sessions with SSLv2. - if ( conn$version == ssl_get_version_string(SSLv2) ) - return; - - if ( id_index !in ssl_sessionIDs ) - { - new_sessionID_record(session_id); - local session = ssl_sessionIDs[id_index]; - session$version = conn$version; - session$client_cert$subject = conn$client_cert$subject; - session$server_cert$subject = conn$server_cert$subject; - session$id = session_id; - } - else - session = ssl_sessionIDs[id_index]; - - ++session$num_reuse; - - # At this point, the connection values have been set. We can then - # compare session and connection values with some confidence. - if ( session$version != conn$version || - session$handshake_cipher != conn$handshake_cipher ) - { - NOTICE([$note=SSL_SessConIncon, $conn=c, - $msg="session violation"]); - ++c$hot; - } - } - -event ssl_X509_error(c: connection, err: int, err_string: string) - { - if ( err in x509_ignore_errors ) - return; - - lookup_ssl_conn(c, "ssl_X509_error", T); - local conn = ssl_connections[c$id]; - local error = - err in x509_errors ? x509_errors[err] : "unknown X.509 error"; - - local severity = "warning"; - if ( err in x509_hot_errors ) - { - NOTICE([$note=SSL_X509Violation, $conn=c, $msg=error]); - ++c$hot; - severity = "error"; - } - - print ssl_log, - fmt("%.6f #%d X.509 %s %s (%s)", - network_time(), conn$id, severity, error, err_string); - } - -event connection_state_remove(c: connection) - { - delete ssl_connections[c$id]; - } - -event bro_init() - { - if ( ssl_store_cert_path != "" ) - # The event engine will generate a run-time if this fails for - # reasons other than that the directory already exists. - mkdir(ssl_store_cert_path); - } - -event bro_done() - { - print ssl_log, "Cipher suite statistics: "; - for ( i in SSL_cipherCount ) - print ssl_log, fmt("%s (0x%x): %d", ssl_get_cipher_name(i), i, - SSL_cipherCount[i]); - - print ssl_log, ("count session ID"); - print ssl_log, ("----- ---------------------------------"); - for ( j in ssl_sessionIDs ) - if ( ssl_sessionIDs[j]$server_cert$subject != NONE ) - { - print ssl_log, - fmt("(%s) %s %s", - ssl_sessionIDs[j]$num_reuse, - ssl_sessionIDs[j]$server_cert$subject, - j); - } - } +#event ssl_conn_weak(name: string, c: connection) +# { +# lookup_ssl_conn(c, "ssl_conn_weak", T); +# print ssl_log, fmt("%.6f #%d %s", +# network_time(), ssl_connections[c$id]$id, name); +# } +# +## --- SSL events ------------------- +# +#event ssl_certificate_seen(c: connection, is_server: bool) +# { +# print "ssl_certificate_seen"; +# # Called whenever there's an certificate to analyze. +# # we could do something here, like... +# +# # if ( c$id$orig_h in hostsToIgnore ) +# # { +# # ssl_store_certificates = F; +# # ssl_verify_certificates = F; +# # } +# # else +# # { +# # ssl_store_certificates = T; +# # ssl_verify_certificates = T; +# # } +# } +# +#event ssl_certificate(c: connection, cert: X509, is_server: bool) +# { +# print "ssl cert!"; +# local direction = is_local_addr(c$id$orig_h) ? "client" : "server"; +# +# lookup_ssl_conn(c, "ssl_certificate", T); +# local conn = ssl_connections[c$id]; +# +# if( direction == "client" ) +# conn$client_cert = cert; +# else +# { +# conn$server_cert = cert; +# +# # We have not filled in the field for the master session +# # for this connection. Do it now, but only if this is not a +# # SSLv2 connection (no session information in that case). +# if ( conn$id_index in ssl_sessionIDs && +# ssl_sessionIDs[conn$id_index]$server_cert$subject == NONE ) +# ssl_sessionIDs[conn$id_index]$server_cert$subject = +# cert$subject; +# } +# +# print ssl_log, fmt("%.6f #%d X.509 %s issuer %s", +# network_time(), conn$id, direction, cert$issuer); +# +# print ssl_log, fmt("%.6f #%d X.509 %s subject %s", +# network_time(), conn$id, direction, cert$subject); +# } +# +#event ssl_conn_attempt(c: connection, version: count, +# ciphers: CipherSuitesList) +# { +# lookup_ssl_conn(c, "ssl_conn_attempt", F); +# local conn = ssl_connections[c$id]; +# local version_string = ssl_get_version_string(version); +# +# print ssl_log, fmt("%.6f #%d SSL connection attempt %s", +# network_time(), conn$id, version_string); +# +# conn$version = version_string; +# +# for ( cs in ciphers ) +# { # display a list of the cipher suites +# # Demo: report clients who support weak ciphers. +# if ( ssl_report_client_weak && cs in myWeakCiphers ) +# event ssl_conn_weak( +# fmt("SSL client supports weak cipher: %s (0x%x)", +# ssl_get_cipher_name(cs), cs), c); +# +# # Demo: report unknown ciphers. +# if ( ssl_report_client_unknown && cs !in ssl_cipher_desc ) +# event ssl_conn_weak( +# fmt("SSL: unknown cipher-spec: %s (0x%x)", +# ssl_get_cipher_name(cs), cs), c); +# +# if ( ssl_log_ciphers ) +# print ssl_log, fmt("%.6f #%d client cipher %s (0x%x)", +# network_time(), conn$id, +# ssl_get_cipher_name(cs), cs); +# } +# } +# +#event ssl_conn_server_reply(c: connection, version: count, +# ciphers: CipherSuitesList) +# { +# lookup_ssl_conn(c, "ssl_conn_server_reply", T); +# +# local conn = ssl_connections[c$id]; +# local version_string = ssl_get_version_string(version); +# +# print ssl_log, fmt("%.6f #%d SSL connection server reply, %s", +# network_time(), conn$id, version_string); +# +# conn$version = version_string; +# +# for ( cs in ciphers ) +# { +# # Demo: report servers who support weak ciphers. +# if ( ssl_report_server_weak && version == SSLv2 && +# cs in myWeakCiphers ) +# event ssl_conn_weak( +# fmt("SSLv2 server supports weak cipher: %s (0x%x)", +# ssl_get_cipher_name(cs), cs), c); +# +# if ( ssl_log_ciphers ) +# print ssl_log, fmt("%.6f #%d server cipher %s (0x%x)", +# network_time(), conn$id, +# ssl_get_cipher_name(cs), cs); +# } +# } +# +#event ssl_conn_established(c: connection, version: count, cipher_suite: count) +# { +# lookup_ssl_conn(c, "ssl_conn_established", T); +# +# local conn = ssl_connections[c$id]; +# local version_string = ssl_get_version_string(version); +# +# print ssl_log, +# fmt("%.6f #%d handshake finished, %s", +# network_time(), conn$id, version_string); +# +# if ( cipher_suite in myWeakCiphers ) +# event ssl_conn_weak(fmt("%.6f #%d weak cipher: %s (0x%x)", +# network_time(), conn$id, +# ssl_get_cipher_name(cipher_suite), cipher_suite), c); +# +# if ( ssl_log_ciphers ) +# print ssl_log, fmt("%.6f #%d connection cipher %s (0x%x)", +# network_time(), conn$id, +# ssl_get_cipher_name(cipher_suite), cipher_suite); +# +# ++SSL_cipherCount[cipher_suite]; +# +# # This should be the version identified with the session, unless +# # there is some renegotiation. That will be caught later. +# conn$version = version_string; +# } +# +#event process_X509_extensions(c: connection, ex: X509_extension) +# { +# lookup_ssl_conn(c, "process_X509_extensions", T); +# local conn = ssl_connections[c$id]; +# +# local msg = fmt("%.6f #%d X.509 extensions: ", network_time(), conn$id); +# for ( i in ex ) +# msg = fmt("%s, %s", msg, ex[i]); +# +# print ssl_log, msg; +# } +# +#event ssl_session_insertion(c: connection, id: string) +# { +# local idd = c$id; +# +# if ( idd !in ssl_connections) +# { +# new_ssl_connection(c); +# +# print ssl_log, +# fmt("%.6f #%d creating new SSL connection in ssl_session_insertion", +# network_time(), ssl_connections[c$id]$id); +# +# # None of the conn$object values will exist, so we leave this +# # to prevent needless crashing. +# return; +# } +# +# local conn = ssl_connections[idd]; +# local id_index = md5_hash(id); +# +# # If there is no session with thIS id we create (a typical) one, +# # otherwise we move on. +# if ( id_index !in ssl_sessionIDs ) +# { +# new_sessionID_record(id); +# +# local session = ssl_sessionIDs[id_index]; +# session$version = conn$version; +# session$client_cert$subject = conn$client_cert$subject; +# session$server_cert$subject = conn$server_cert$subject; +# session$handshake_cipher = conn$handshake_cipher; +# session$id = id; +# +# conn$id_index = id_index; +# } +# +# else +# { # should we ever get here? +# session = ssl_sessionIDs[id_index]; +# conn$id_index = id_index; +# } +# } +# +#event ssl_conn_reused(c: connection, session_id: string) +# { +# lookup_ssl_conn(c, "ssl_conn_reused", T); +# local conn = ssl_connections[c$id]; +# local id_index = md5_hash(session_id); +# +# print ssl_log, fmt("%.6f #%d reusing former SSL session: %s", +# network_time(), conn$id, id_index); +# +# # We cannot track sessions with SSLv2. +# if ( conn$version == ssl_get_version_string(SSLv2) ) +# return; +# +# if ( id_index !in ssl_sessionIDs ) +# { +# new_sessionID_record(session_id); +# local session = ssl_sessionIDs[id_index]; +# session$version = conn$version; +# session$client_cert$subject = conn$client_cert$subject; +# session$server_cert$subject = conn$server_cert$subject; +# session$id = session_id; +# } +# else +# session = ssl_sessionIDs[id_index]; +# +# ++session$num_reuse; +# +# # At this point, the connection values have been set. We can then +# # compare session and connection values with some confidence. +# if ( session$version != conn$version || +# session$handshake_cipher != conn$handshake_cipher ) +# { +# NOTICE([$note=SSL_SessConIncon, $conn=c, +# $msg="session violation"]); +# ++c$hot; +# } +# } +# +#event ssl_X509_error(c: connection, err: int, err_string: string) +# { +# if ( err in x509_ignore_errors ) +# return; +# +# lookup_ssl_conn(c, "ssl_X509_error", T); +# local conn = ssl_connections[c$id]; +# local error = +# err in x509_errors ? x509_errors[err] : "unknown X.509 error"; +# +# local severity = "warning"; +# if ( err in x509_hot_errors ) +# { +# NOTICE([$note=SSL_X509Violation, $conn=c, $msg=error]); +# ++c$hot; +# severity = "error"; +# } +# +# print ssl_log, +# fmt("%.6f #%d X.509 %s %s (%s)", +# network_time(), conn$id, severity, error, err_string); +# } +# +#event connection_state_remove(c: connection) +# { +# delete ssl_connections[c$id]; +# } +# +#event bro_init() +# { +# if ( ssl_store_cert_path != "" ) +# # The event engine will generate a run-time if this fails for +# # reasons other than that the directory already exists. +# mkdir(ssl_store_cert_path); +# } +# +#event bro_done() +# { +# print ssl_log, "Cipher suite statistics: "; +# for ( i in SSL_cipherCount ) +# print ssl_log, fmt("%s (0x%x): %d", ssl_get_cipher_name(i), i, +# SSL_cipherCount[i]); +# +# print ssl_log, ("count session ID"); +# print ssl_log, ("----- ---------------------------------"); +# for ( j in ssl_sessionIDs ) +# if ( ssl_sessionIDs[j]$server_cert$subject != NONE ) +# { +# print ssl_log, +# fmt("(%s) %s %s", +# ssl_sessionIDs[j]$num_reuse, +# ssl_sessionIDs[j]$server_cert$subject, +# j); +# } +# } diff --git a/src/Analyzer.cc b/src/Analyzer.cc index df6b4dac84..a9c17dde36 100644 --- a/src/Analyzer.cc +++ b/src/Analyzer.cc @@ -1,5 +1,7 @@ // $Id: Analyzer.cc,v 1.1.4.28 2006/06/01 17:18:10 sommer Exp $ +#include + #include "Analyzer.h" #include "PIA.h" #include "Event.h" @@ -34,8 +36,8 @@ #include "Portmap.h" #include "POP3.h" #include "SSH.h" -#include "SSLProxy.h" #include "SSL-binpac.h" +#include "Syslog-binpac.h" #include "ConnSizeAnalyzer.h" #include @@ -60,6 +62,9 @@ const Analyzer::Config Analyzer::analyzer_configs[] = { { AnalyzerTag::ICMP_Echo, "ICMP_ECHO", ICMP_Echo_Analyzer::InstantiateAnalyzer, ICMP_Echo_Analyzer::Available, 0, false }, + { AnalyzerTag::ICMP_Redir, "ICMP_REDIR", + ICMP_Redir_Analyzer::InstantiateAnalyzer, + ICMP_Redir_Analyzer::Available, 0, false }, { AnalyzerTag::TCP, "TCP", TCP_Analyzer::InstantiateAnalyzer, TCP_Analyzer::Available, 0, false }, @@ -116,8 +121,6 @@ const Analyzer::Config Analyzer::analyzer_configs[] = { SMTP_Analyzer::Available, 0, false }, { AnalyzerTag::SSH, "SSH", SSH_Analyzer::InstantiateAnalyzer, SSH_Analyzer::Available, 0, false }, - { AnalyzerTag::SSL, "SSL", SSLProxy_Analyzer::InstantiateAnalyzer, - SSLProxy_Analyzer::Available, 0, false }, { AnalyzerTag::Telnet, "TELNET", Telnet_Analyzer::InstantiateAnalyzer, Telnet_Analyzer::Available, 0, false }, @@ -133,9 +136,12 @@ const Analyzer::Config Analyzer::analyzer_configs[] = { { AnalyzerTag::HTTP_BINPAC, "HTTP_BINPAC", HTTP_Analyzer_binpac::InstantiateAnalyzer, HTTP_Analyzer_binpac::Available, 0, false }, - { AnalyzerTag::SSL_BINPAC, "SSL_BINPAC", + { AnalyzerTag::SSL, "SSL", SSL_Analyzer_binpac::InstantiateAnalyzer, SSL_Analyzer_binpac::Available, 0, false }, + { AnalyzerTag::SYSLOG_BINPAC, "SYSLOG_BINPAC", + Syslog_Analyzer_binpac::InstantiateAnalyzer, + Syslog_Analyzer_binpac::Available, 0, false }, { AnalyzerTag::File, "FILE", File_Analyzer::InstantiateAnalyzer, File_Analyzer::Available, 0, false }, @@ -168,7 +174,6 @@ const Analyzer::Config Analyzer::analyzer_configs[] = { { AnalyzerTag::Contents_SMB, "CONTENTS_SMB", 0, 0, 0, false }, { AnalyzerTag::Contents_RPC, "CONTENTS_RPC", 0, 0, 0, false }, { AnalyzerTag::Contents_NFS, "CONTENTS_NFS", 0, 0, 0, false }, - { AnalyzerTag::Contents_SSL, "CONTENTS_SSL", 0, 0, 0, false }, }; AnalyzerTimer::~AnalyzerTimer() diff --git a/src/AnalyzerTags.h b/src/AnalyzerTags.h index 725354830c..e64a4ec76e 100644 --- a/src/AnalyzerTags.h +++ b/src/AnalyzerTags.h @@ -22,19 +22,20 @@ namespace AnalyzerTag { PIA_TCP, PIA_UDP, // Transport-layer analyzers. - ICMP, ICMP_TimeExceeded, ICMP_Unreachable, ICMP_Echo, TCP, UDP, + ICMP, + ICMP_TimeExceeded, ICMP_Unreachable, ICMP_Echo, ICMP_Redir, + TCP, UDP, // Application-layer analyzers (hand-written). BitTorrent, BitTorrentTracker, DCE_RPC, DNS, Finger, FTP, Gnutella, HTTP, Ident, IRC, Login, NCP, NetbiosSSN, NFS, NTP, POP3, Portmapper, Rlogin, RPC, Rsh, SMB, SMTP, SSH, - SSL, Telnet, // Application-layer analyzers, binpac-generated. DHCP_BINPAC, DNS_TCP_BINPAC, DNS_UDP_BINPAC, - HTTP_BINPAC, SSL_BINPAC, + HTTP_BINPAC, SSL, SYSLOG_BINPAC, // Other File, Backdoor, InterConn, SteppingStone, TCPStats, @@ -45,7 +46,6 @@ namespace AnalyzerTag { Contents, ContentLine, NVT, Zip, Contents_DNS, Contents_NCP, Contents_NetbiosSSN, Contents_Rlogin, Contents_Rsh, Contents_DCE_RPC, Contents_SMB, Contents_RPC, Contents_NFS, - Contents_SSL, // End-marker. LastAnalyzer }; diff --git a/src/BroString.cc b/src/BroString.cc index 0ee6b77728..0ad923c848 100644 --- a/src/BroString.cc +++ b/src/BroString.cc @@ -7,6 +7,8 @@ #include #include +#include + #include "BroString.h" #include "Var.h" diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 2b89d881ce..316a9cdf33 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -197,8 +197,8 @@ binpac_target(smb.pac smb-protocol.pac smb-pipe.pac smb-mailslot.pac) binpac_target(ssl.pac ssl-defs.pac ssl-protocol.pac ssl-analyzer.pac) -binpac_target(ssl-record-layer.pac - ssl-defs.pac ssl.pac) +binpac_target(syslog.pac + syslog-protocol.pac syslog-analyzer.pac) ######################################################################## ## bro target @@ -239,16 +239,6 @@ set(dns_SRCS nb_dns.c) set_source_files_properties(nb_dns.c PROPERTIES COMPILE_FLAGS -fno-strict-aliasing) -set(openssl_SRCS - X509.cc - SSLCiphers.cc - SSLInterpreter.cc - SSLProxy.cc - SSLv2.cc - SSLv3.cc - SSLv3Automaton.cc -) - if (USE_NMALLOC) set(malloc_SRCS malloc.c) endif () @@ -389,6 +379,7 @@ set(bro_SRCS Stats.cc SteppingStone.cc Stmt.cc + Syslog-binpac.cc TCP.cc TCP_Endpoint.cc TCP_Reassembler.cc diff --git a/src/Conn.cc b/src/Conn.cc index 8ef756b134..fbc53a9d9a 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -216,56 +216,6 @@ Connection::~Connection() --external_connections; } -uint64 Connection::uid_counter = 0; -uint64 Connection::uid_instance = 0; - -uint64 Connection::CalculateNextUID() - { - if ( uid_instance == 0 ) - { - // This is the first time we need a UID. - - if ( ! have_random_seed() ) - { - // If we don't need deterministic output (as - // indicated by a set seed), we calculate the - // instance ID by hashing something likely to be - // globally unique. - struct { - char hostname[128]; - struct timeval time; - pid_t pid; - int rnd; - } unique; - - gethostname(unique.hostname, 128); - unique.hostname[sizeof(unique.hostname)-1] = '\0'; - gettimeofday(&unique.time, 0); - unique.pid = getpid(); - unique.rnd = bro_random(); - - uid_instance = HashKey::HashBytes(&unique, sizeof(unique)); - ++uid_instance; // Now it's larger than zero. - } - - else - // Generate determistic UIDs. - uid_instance = 1; - } - - // Now calculate the unique ID for this connection. - struct { - uint64 counter; - hash_t instance; - } key; - - key.counter = ++uid_counter; - key.instance = uid_instance; - - uint64_t h = HashKey::HashBytes(&key, sizeof(key)); - return h; - } - void Connection::Done() { finished = 1; @@ -417,7 +367,7 @@ RecordVal* Connection::BuildConnVal() conn_val->Assign(8, new StringVal("")); // history if ( ! uid ) - uid = CalculateNextUID(); + uid = calculate_unique_id(); char tmp[20]; conn_val->Assign(9, new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62))); diff --git a/src/Conn.h b/src/Conn.h index 8a178d783a..8c962b9bb7 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -303,8 +303,6 @@ public: void SetUID(uint64 arg_uid) { uid = arg_uid; } - static uint64 CalculateNextUID(); - protected: Connection() { persistent = 0; } @@ -363,9 +361,6 @@ protected: PIA* primary_PIA; uint64 uid; // Globally unique connection ID. - - static uint64 uid_counter; // Counter for uids. - static uint64 uid_instance; // Instance ID, computed once. }; class ConnectionTimer : public Timer { diff --git a/src/ConnCompressor.cc b/src/ConnCompressor.cc index e6428aeebe..7c82b12af0 100644 --- a/src/ConnCompressor.cc +++ b/src/ConnCompressor.cc @@ -620,7 +620,7 @@ void ConnCompressor::PktHdrToPendingConn(double time, const HashKey* key, c->FIN = (tp->th_flags & TH_FIN) != 0; c->RST = (tp->th_flags & TH_RST) != 0; c->ACK = (tp->th_flags & TH_ACK) != 0; - c->uid = Connection::CalculateNextUID(); + c->uid = calculate_unique_id(); c->num_bytes_ip = ip->TotalLen(); c->num_pkts = 1; c->invalid = 0; diff --git a/src/ContentLine.cc b/src/ContentLine.cc index 1c20b1f8bd..bd5c48f6f1 100644 --- a/src/ContentLine.cc +++ b/src/ContentLine.cc @@ -1,5 +1,7 @@ // $Id: ContentLine.cc,v 1.1.2.8 2006/06/01 01:55:42 sommer Exp $ +#include + #include "ContentLine.h" #include "TCP.h" diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 77bcd8eddf..6101688181 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -29,6 +29,8 @@ #endif #include +#include + #include "DNS_Mgr.h" #include "Event.h" #include "Net.h" diff --git a/src/DPM.cc b/src/DPM.cc index 3e27a0501d..95c219182e 100644 --- a/src/DPM.cc +++ b/src/DPM.cc @@ -229,6 +229,14 @@ bool DPM::BuildInitialAnalyzerTree(TransportProto proto, Connection* conn, } break; + case ICMP_REDIRECT: + if ( ICMP_Redir_Analyzer::Available() ) + { + root = new ICMP_Redir_Analyzer(conn); + DBG_DPD(conn, "activated ICMP Redir analyzer"); + } + break; + case ICMP_UNREACH: if ( ICMP_Unreachable_Analyzer::Available() ) { diff --git a/src/Debug.cc b/src/Debug.cc index da67c941e4..272d6739ae 100644 --- a/src/Debug.cc +++ b/src/Debug.cc @@ -343,7 +343,7 @@ vector parse_location_string(const string& s) plr.type = plrUnknown; FILE* throwaway = search_for_file(filename.c_str(), "bro", - &full_filename); + &full_filename, true); if ( ! throwaway ) { debug_msg("No such policy file: %s.\n", filename.c_str()); diff --git a/src/Desc.cc b/src/Desc.cc index ce6083800c..c15a461bb2 100644 --- a/src/Desc.cc +++ b/src/Desc.cc @@ -207,41 +207,71 @@ void ODesc::Indent() } } -static const char hex_chars[] = "0123456789ABCDEF"; +static const char hex_chars[] = "0123456789abcdef"; + +static const char* find_first_unprintable(ODesc* d, const char* bytes, unsigned int n) + { + if ( d->IsBinary() ) + return 0; + + while ( n-- ) + { + if ( ! isprint(*bytes) ) + return bytes; + ++bytes; + } + + return 0; + } void ODesc::AddBytes(const void* bytes, unsigned int n) { - if ( ! escape ) - return AddBytesRaw(bytes, n); - const char* s = (const char*) bytes; const char* e = (const char*) bytes + n; while ( s < e ) { - const char* t = (const char*) memchr(s, escape[0], e - s); + const char* t1 = escape ? (const char*) memchr(s, escape[0], e - s) : e; + const char* t2 = find_first_unprintable(this, s, t1 ? e - t1 : e - s); - if ( ! t ) + if ( t2 && (t2 < t1 || ! t1) ) + { + AddBytesRaw(s, t2 - s); + + char hex[6] = "\\x00"; + hex[2] = hex_chars[((*t2) & 0xf0) >> 4]; + hex[3] = hex_chars[(*t2) & 0x0f]; + AddBytesRaw(hex, sizeof(hex)); + + s = t2 + 1; + continue; + } + + if ( ! escape ) break; - if ( memcmp(t, escape, escape_len) != 0 ) + if ( ! t1 ) break; - AddBytesRaw(s, t - s); + if ( memcmp(t1, escape, escape_len) != 0 ) + break; + + AddBytesRaw(s, t1 - s); for ( int i = 0; i < escape_len; ++i ) { char hex[5] = "\\x00"; - hex[2] = hex_chars[(*t) >> 4]; - hex[3] = hex_chars[(*t) & 0x0f]; + hex[2] = hex_chars[((*t1) & 0xf0) >> 4]; + hex[3] = hex_chars[(*t1) & 0x0f]; AddBytesRaw(hex, sizeof(hex)); - ++t; + ++t1; } - s = t; + s = t1; } - AddBytesRaw(s, e - s); + if ( s < e ) + AddBytesRaw(s, e - s); } void ODesc::AddBytesRaw(const void* bytes, unsigned int n) diff --git a/src/Discard.cc b/src/Discard.cc index 98ccfab398..7d3b53f49a 100644 --- a/src/Discard.cc +++ b/src/Discard.cc @@ -2,6 +2,8 @@ // // See the file "COPYING" in the main distribution directory for copyright. +#include + #include "config.h" #include "Net.h" diff --git a/src/File.cc b/src/File.cc index 541a06d42a..03a7ddafde 100644 --- a/src/File.cc +++ b/src/File.cc @@ -20,6 +20,8 @@ #include #include +#include + #include "File.h" #include "Type.h" #include "Timer.h" diff --git a/src/FileAnalyzer.cc b/src/FileAnalyzer.cc index 6045d36797..4e7401f99f 100644 --- a/src/FileAnalyzer.cc +++ b/src/FileAnalyzer.cc @@ -1,5 +1,7 @@ // $Id: FileAnalyzer.cc,v 1.1.4.2 2006/06/01 17:18:10 sommer Exp $ +#include + #include "FileAnalyzer.h" #include diff --git a/src/Gnutella.cc b/src/Gnutella.cc index e668d24eaa..9787147400 100644 --- a/src/Gnutella.cc +++ b/src/Gnutella.cc @@ -6,14 +6,14 @@ #include +#include + #include "NetVar.h" #include "HTTP.h" #include "Gnutella.h" #include "Event.h" #include "PIA.h" -#include - GnutellaMsgState::GnutellaMsgState() { buffer = ""; diff --git a/src/ICMP.cc b/src/ICMP.cc index cbed5cd333..66982ed767 100644 --- a/src/ICMP.cc +++ b/src/ICMP.cc @@ -2,6 +2,8 @@ // // See the file "COPYING" in the main distribution directory for copyright. +#include + #include "config.h" #include "Net.h" @@ -323,6 +325,24 @@ void ICMP_Echo_Analyzer::NextICMP(double t, const struct icmp* icmpp, int len, ConnectionEvent(f, vl); } +ICMP_Redir_Analyzer::ICMP_Redir_Analyzer(Connection* c) +: ICMP_Analyzer(AnalyzerTag::ICMP_Redir, c) + { + } + +void ICMP_Redir_Analyzer::NextICMP(double t, const struct icmp* icmpp, int len, + int caplen, const u_char*& data) + { + uint32 addr = ntohl(icmpp->icmp_hun.ih_void); + + val_list* vl = new val_list; + vl->append(BuildConnVal()); + vl->append(BuildICMPVal()); + vl->append(new AddrVal(htonl(addr))); + + ConnectionEvent(icmp_redirect, vl); + } + void ICMP_Context_Analyzer::NextICMP(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data) diff --git a/src/ICMP.h b/src/ICMP.h index db1984e860..62b859beba 100644 --- a/src/ICMP.h +++ b/src/ICMP.h @@ -74,6 +74,22 @@ protected: int len, int caplen, const u_char*& data); }; +class ICMP_Redir_Analyzer : public ICMP_Analyzer { +public: + ICMP_Redir_Analyzer(Connection* conn); + + static Analyzer* InstantiateAnalyzer(Connection* conn) + { return new ICMP_Redir_Analyzer(conn); } + + static bool Available() { return icmp_redirect; } + +protected: + ICMP_Redir_Analyzer() { } + + virtual void NextICMP(double t, const struct icmp* icmpp, + int len, int caplen, const u_char*& data); +}; + class ICMP_Context_Analyzer : public ICMP_Analyzer { public: ICMP_Context_Analyzer(AnalyzerTag::Tag tag, Connection* conn) diff --git a/src/IOSource.cc b/src/IOSource.cc index 6eed83b1ac..05a5b8a05b 100644 --- a/src/IOSource.cc +++ b/src/IOSource.cc @@ -5,6 +5,8 @@ #include #include +#include + #include "util.h" #include "IOSource.h" diff --git a/src/LogMgr.cc b/src/LogMgr.cc index 834829591a..6a23728ac0 100644 --- a/src/LogMgr.cc +++ b/src/LogMgr.cc @@ -1089,7 +1089,7 @@ LogVal** LogMgr::RecordToFilterVals(Stream* stream, Filter* filter, if ( ! val ) { // Value, or any of its parents, is not set. - vals[i] = new LogVal(type, false); + vals[i] = new LogVal(filter->fields[i]->type, false); break; } } diff --git a/src/LogWriterAscii.cc b/src/LogWriterAscii.cc index 4c54e76715..d831960a3c 100644 --- a/src/LogWriterAscii.cc +++ b/src/LogWriterAscii.cc @@ -223,7 +223,7 @@ bool LogWriterAscii::DoWrite(int num_fields, const LogField* const * fields, return false; } - desc.Add("\n"); + desc.AddRaw("\n", 1); if ( fwrite(desc.Bytes(), desc.Len(), 1, file) != 1 ) { diff --git a/src/NFS.cc b/src/NFS.cc index 21fa72bd98..9f21f4368f 100644 --- a/src/NFS.cc +++ b/src/NFS.cc @@ -2,6 +2,8 @@ // // See the file "COPYING" in the main distribution directory for copyright. +#include + #include "config.h" #include "NetVar.h" @@ -9,16 +11,13 @@ #include "NFS.h" #include "Event.h" -#include - - int NFS_Interp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n) { if ( c->Program() != 100003 ) Weird(fmt("bad_RPC_program (%d)", c->Program())); uint32 proc = c->Proc(); - // the call arguments, depends on the call type obviously... + // The call arguments, depends on the call type obviously ... Val *callarg = 0; switch ( proc ) { @@ -47,15 +46,15 @@ int NFS_Interp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n) case BifEnum::NFS3::PROC_CREATE: callarg = nfs3_diropargs(buf, n); - // TODO: implement create attributes. - // For now we just skip over them + // TODO: implement create attributes. For now we just skip + // over them. n = 0; break; case BifEnum::NFS3::PROC_MKDIR: callarg = nfs3_diropargs(buf, n); - // TODO: implement mkdir attributes. - // For now we just skip over them + // TODO: implement mkdir attributes. For now we just skip + // over them. n = 0; break; @@ -78,43 +77,47 @@ int NFS_Interp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n) default: callarg = 0; if ( proc < BifEnum::NFS3::PROC_END_OF_PROCS ) - { // We know the procedure but haven't implemented it - n = 0; // otherwise DeliverRPC complains about excess_RPC + { + // We know the procedure but haven't implemented it. + // Otherwise DeliverRPC would complain about + // excess_RPC. + n = 0; } - else + else Weird(fmt("unknown_NFS_request(%u)", proc)); // Return 1 so that replies to unprocessed calls will still - // be processed, and the return status extracted + // be processed, and the return status extracted. return 1; } - if ( !buf ) + if ( ! buf ) { - // There was a parse error while trying to extract the call - // arguments. However, we don't know where exactly it happened - // and whether Vals where already allocated (e.g., a RecordVal - // was allocated but we failed to fill it). - // So we Unref() the call arguments, and we are fine. + // There was a parse error while trying to extract the call + // arguments. However, we don't know where exactly it + // happened and whether Vals where already allocated (e.g., a + // RecordVal was allocated but we failed to fill it). So we + // Unref() the call arguments, and we are fine. Unref(callarg); callarg = 0; return 0; } - c->AddVal(callarg); // it's save to AddVal(0). + + c->AddVal(callarg); // It's save to AddVal(0). return 1; } int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, - const u_char*& buf, int& n, double start_time, double last_time, - int reply_len) + const u_char*& buf, int& n, double start_time, + double last_time, int reply_len) { EventHandlerPtr event = 0; Val *reply = 0; BifEnum::NFS3::status_t nfs_status = BifEnum::NFS3::NFS3ERR_OK; bool rpc_success = ( rpc_status == BifEnum::RPC_SUCCESS ); - // reply always starts with the NFS status + // Reply always starts with the NFS status. if ( rpc_success ) { if ( n >= 4 ) @@ -126,17 +129,19 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, if ( nfs_reply_status ) { val_list* vl = event_common_vl(c, rpc_status, nfs_status, - start_time, last_time, reply_len); + start_time, last_time, reply_len); analyzer->ConnectionEvent(nfs_reply_status, vl); } - if (!rpc_success) + if ( ! rpc_success ) { - // We set the buffer to NULL, the function that extract the reply - // from the data stream will then return empty records. + // We set the buffer to NULL, the function that extract the + // reply from the data stream will then return empty records. + // buf = NULL; n = 0; } + switch ( c->Proc() ) { case BifEnum::NFS3::PROC_NULL: event = nfs_proc_null; @@ -153,11 +158,9 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, break; case BifEnum::NFS3::PROC_READ: - { bro_uint_t offset; offset = c->RequestVal()->AsRecordVal()->Lookup(1)->AsCount(); reply = nfs3_read_reply(buf, n, nfs_status, offset); - } event = nfs_proc_read; break; @@ -205,8 +208,11 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, default: if ( c->Proc() < BifEnum::NFS3::PROC_END_OF_PROCS ) - { // We know the procedure but haven't implemented it - n = 0; // otherwise DeliverRPC complains about excess_RPC + { + // We know the procedure but haven't implemented it. + // Otherwise DeliverRPC would complain about + // excess_RPC. + n = 0; reply = new EnumVal(c->Proc(), BifType::Enum::NFS3::proc_t); event = nfs_proc_not_implemented; } @@ -214,31 +220,37 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, return 0; } - if (rpc_success && !buf) + if ( rpc_success && ! buf ) { - // There was a parse error. We have to unref the reply. - // (see also comments in RPC_BuildCall + // There was a parse error. We have to unref the reply. (see + // also comments in RPC_BuildCall. Unref(reply); reply = 0; return 0; } - // Note: if reply == 0, it won't be added to the val_list for the event. - // While we can check for that on the policy layer it's kinda ugly, because - // it's contrary to the event prototype. But having this optional argument to - // the event is really helpful.... Otherwise I have to let reply - // point to a RecordVal where all fields are optional and all are set - // to 0... - if (event) + + // Note: if reply == 0, it won't be added to the val_list for the + // event. While we can check for that on the policy layer it's kinda + // ugly, because it's contrary to the event prototype. But having + // this optional argument to the event is really helpful. Otherwise I + // have to let reply point to a RecordVal where all fields are + // optional and all are set to 0 ... + if ( event ) { val_list* vl = event_common_vl(c, rpc_status, nfs_status, start_time, last_time, reply_len); + Val *request = c->TakeRequestVal(); + if ( request ) vl->append(request); + if ( reply ) vl->append(reply); + analyzer->ConnectionEvent(event, vl); } + return 1; } @@ -247,33 +259,38 @@ StringVal* NFS_Interp::nfs3_file_data(const u_char*& buf, int& n, uint64_t offse int data_n; // extract the data, move buf and n - const u_char *data = extract_XDR_opaque(buf, n, data_n, 1<<30, true); + const u_char *data = extract_XDR_opaque(buf, n, data_n, 1 << 30, true); - // check whether we have to deliver data to the event - if (!BifConst::NFS3::return_data) + // check whether we have to deliver data to the event + if ( ! BifConst::NFS3::return_data ) return 0; - if (BifConst::NFS3::return_data_first_only && offset!=0) + + if ( BifConst::NFS3::return_data_first_only && offset != 0 ) return 0; + // Ok, so we want to return some data data_n = min(data_n, size); data_n = min(data_n, int(BifConst::NFS3::return_data_max)); - if (data_n>0) + + if ( data_n > 0 ) return new StringVal(new BroString(data, data_n, 0)); + return 0; } -val_list* NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, - BifEnum::NFS3::status_t nfs_status, double rep_start_time, double rep_last_time, - int reply_len) +val_list* NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, + BifEnum::NFS3::status_t nfs_status, + double rep_start_time, + double rep_last_time, int reply_len) { - // returns a new val_list that already has a conn_val, and nfs3_info - // These are the first parameters for each nfs_* event... + // Returns a new val_list that already has a conn_val, and nfs3_info. + // These are the first parameters for each nfs_* event ... val_list *vl = new val_list; vl->append(analyzer->BuildConnVal()); RecordVal *info = new RecordVal(BifType::Record::NFS3::info_t); - info->Assign(0, new EnumVal(rpc_status, BifType::Enum::rpc_status)); - info->Assign(1, new EnumVal(nfs_status, BifType::Enum::NFS3::status_t)); + info->Assign(0, new EnumVal(rpc_status, BifType::Enum::rpc_status)); + info->Assign(1, new EnumVal(nfs_status, BifType::Enum::NFS3::status_t)); info->Assign(2, new Val(c->StartTime(), TYPE_TIME)); info->Assign(3, new Val(c->LastTime()-c->StartTime(), TYPE_INTERVAL)); info->Assign(4, new Val(c->RPCLen(), TYPE_COUNT)); @@ -299,6 +316,7 @@ StringVal* NFS_Interp::nfs3_fh(const u_char*& buf, int& n) RecordVal* NFS_Interp::nfs3_fattr(const u_char*& buf, int& n) { RecordVal* attrs = new RecordVal(BifType::Record::NFS3::fattr_t); + attrs->Assign(0, nfs3_ftype(buf, n)); // file type attrs->Assign(1, ExtractUint32(buf, n)); // mode attrs->Assign(2, ExtractUint32(buf, n)); // nlink @@ -317,7 +335,7 @@ RecordVal* NFS_Interp::nfs3_fattr(const u_char*& buf, int& n) return attrs; } -EnumVal* NFS_Interp::nfs3_ftype(const u_char*& buf, int& n) +EnumVal* NFS_Interp::nfs3_ftype(const u_char*& buf, int& n) { BifEnum::NFS3::file_type_t t = (BifEnum::NFS3::file_type_t)extract_XDR_uint32(buf, n); return new EnumVal(t, BifType::Enum::NFS3::file_type_t); @@ -326,6 +344,7 @@ EnumVal* NFS_Interp::nfs3_ftype(const u_char*& buf, int& n) RecordVal* NFS_Interp::nfs3_wcc_attr(const u_char*& buf, int& n) { RecordVal* attrs = new RecordVal(BifType::Record::NFS3::wcc_attr_t); + attrs->Assign(0, ExtractUint64(buf, n)); // size attrs->Assign(1, ExtractTime(buf, n)); // mtime attrs->Assign(2, ExtractTime(buf, n)); // ctime @@ -333,18 +352,21 @@ RecordVal* NFS_Interp::nfs3_wcc_attr(const u_char*& buf, int& n) return attrs; } -StringVal *NFS_Interp::nfs3_filename(const u_char*& buf, int& n) +StringVal *NFS_Interp::nfs3_filename(const u_char*& buf, int& n) { int name_len; const u_char* name = extract_XDR_opaque(buf, n, name_len); - if ( !name ) + + if ( ! name ) return 0; + return new StringVal(new BroString(name, name_len, 0)); } RecordVal *NFS_Interp::nfs3_diropargs(const u_char*& buf, int& n) { RecordVal *diropargs = new RecordVal(BifType::Record::NFS3::diropargs_t); + diropargs->Assign(0, nfs3_fh(buf, n)); diropargs->Assign(1, nfs3_filename(buf, n)); @@ -358,6 +380,7 @@ RecordVal* NFS_Interp::nfs3_post_op_attr(const u_char*& buf, int& n) if ( have_attrs ) return nfs3_fattr(buf, n); + return 0; } @@ -367,6 +390,7 @@ StringVal* NFS_Interp::nfs3_post_op_fh(const u_char*& buf, int& n) if ( have_fh ) return nfs3_fh(buf, n); + return 0; } @@ -379,7 +403,7 @@ RecordVal* NFS_Interp::nfs3_pre_op_attr(const u_char*& buf, int& n) return 0; } -EnumVal *NFS_Interp::nfs3_stable_how(const u_char*& buf, int& n) +EnumVal *NFS_Interp::nfs3_stable_how(const u_char*& buf, int& n) { BifEnum::NFS3::stable_how_t stable = (BifEnum::NFS3::stable_how_t)extract_XDR_uint32(buf, n); return new EnumVal(stable, BifType::Enum::NFS3::stable_how_t); @@ -388,7 +412,8 @@ EnumVal *NFS_Interp::nfs3_stable_how(const u_char*& buf, int& n) RecordVal* NFS_Interp::nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status) { RecordVal *rep = new RecordVal(BifType::Record::NFS3::lookup_reply_t); - if (status == BifEnum::NFS3::NFS3ERR_OK) + + if ( status == BifEnum::NFS3::NFS3ERR_OK ) { rep->Assign(0, nfs3_fh(buf,n)); rep->Assign(1, nfs3_post_op_attr(buf, n)); @@ -406,16 +431,19 @@ RecordVal* NFS_Interp::nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NF RecordVal *NFS_Interp::nfs3_readargs(const u_char*& buf, int& n) { RecordVal *readargs = new RecordVal(BifType::Record::NFS3::readargs_t); + readargs->Assign(0, nfs3_fh(buf, n)); readargs->Assign(1, ExtractUint64(buf, n)); // offset - readargs->Assign(2, ExtractUint32(buf,n)); // size + readargs->Assign(2, ExtractUint32(buf,n)); // size + return readargs; } -RecordVal* NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status, +RecordVal* NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status, bro_uint_t offset) { RecordVal *rep = new RecordVal(BifType::Record::NFS3::read_reply_t); + if (status == BifEnum::NFS3::NFS3ERR_OK) { uint32_t bytes_read; @@ -430,12 +458,14 @@ RecordVal* NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3 { rep->Assign(0, nfs3_post_op_attr(buf, n)); } + return rep; } RecordVal* NFS_Interp::nfs3_readlink_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status) { RecordVal *rep = new RecordVal(BifType::Record::NFS3::readlink_reply_t); + if (status == BifEnum::NFS3::NFS3ERR_OK) { rep->Assign(0, nfs3_post_op_attr(buf, n)); @@ -445,6 +475,7 @@ RecordVal* NFS_Interp::nfs3_readlink_reply(const u_char*& buf, int& n, BifEnum:: { rep->Assign(0, nfs3_post_op_attr(buf, n)); } + return rep; } @@ -453,40 +484,48 @@ RecordVal *NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n) uint32_t bytes; uint64_t offset; RecordVal *writeargs = new RecordVal(BifType::Record::NFS3::writeargs_t); - writeargs->Assign(0, nfs3_fh(buf, n)); + offset = extract_XDR_uint64(buf, n); bytes = extract_XDR_uint32(buf, n); + + writeargs->Assign(0, nfs3_fh(buf, n)); writeargs->Assign(1, new Val(offset, TYPE_COUNT)); writeargs->Assign(2, new Val(bytes, TYPE_COUNT)); writeargs->Assign(3, nfs3_stable_how(buf, n)); writeargs->Assign(4, nfs3_file_data(buf, n, offset, bytes)); + return writeargs; } RecordVal *NFS_Interp::nfs3_write_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status) { RecordVal *rep = new RecordVal(BifType::Record::NFS3::write_reply_t); - if (status == BifEnum::NFS3::NFS3ERR_OK) + + if ( status == BifEnum::NFS3::NFS3ERR_OK ) { rep->Assign(0, nfs3_pre_op_attr(buf, n)); rep->Assign(1, nfs3_post_op_attr(buf, n)); rep->Assign(2, ExtractUint32(buf, n)); rep->Assign(3, nfs3_stable_how(buf, n)); - rep->Assign(4, ExtractUint64(buf, n)); // Writeverf. While the RFC says that this - // should be a fixed length opaque, it specifies the lenght as 8 bytes, so we can - // also just as easily extract a uint64 + + // Writeverf. While the RFC says that this should be a fixed + // length opaque, it specifies the lenght as 8 bytes, so we + // can also just as easily extract a uint64. + rep->Assign(4, ExtractUint64(buf, n)); } else { rep->Assign(0, nfs3_post_op_attr(buf, n)); rep->Assign(1, nfs3_pre_op_attr(buf, n)); } + return rep; } RecordVal* NFS_Interp::nfs3_newobj_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status) { RecordVal *rep = new RecordVal(BifType::Record::NFS3::newobj_reply_t); + if (status == BifEnum::NFS3::NFS3ERR_OK) { int i = 0; @@ -503,28 +542,34 @@ RecordVal* NFS_Interp::nfs3_newobj_reply(const u_char*& buf, int& n, BifEnum::NF rep->Assign(2, nfs3_pre_op_attr(buf, n)); rep->Assign(3, nfs3_post_op_attr(buf, n)); } + return rep; } RecordVal* NFS_Interp::nfs3_delobj_reply(const u_char*& buf, int& n) { RecordVal *rep = new RecordVal(BifType::Record::NFS3::delobj_reply_t); + // wcc_data rep->Assign(0, nfs3_pre_op_attr(buf, n)); rep->Assign(1, nfs3_post_op_attr(buf, n)); + return rep; } -RecordVal* NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf, int&n) +RecordVal* NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf, int&n) { RecordVal *args = new RecordVal(BifType::Record::NFS3::readdirargs_t); + args->Assign(0, new Val(isplus, TYPE_BOOL)); args->Assign(1, nfs3_fh(buf, n)); - args->Assign(2, ExtractUint64(buf,n)); // cookie - args->Assign(3, ExtractUint64(buf,n)); // cookieverf - args->Assign(4, ExtractUint32(buf,n)); // dircount - if (isplus) + args->Assign(2, ExtractUint64(buf,n)); // cookie + args->Assign(3, ExtractUint64(buf,n)); // cookieverf + args->Assign(4, ExtractUint32(buf,n)); // dircount + + if ( isplus ) args->Assign(5, ExtractUint32(buf,n)); + return args; } @@ -534,29 +579,36 @@ RecordVal* NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf, RecordVal *rep = new RecordVal(BifType::Record::NFS3::readdir_reply_t); rep->Assign(0, new Val(isplus, TYPE_BOOL)); - if (status == BifEnum::NFS3::NFS3ERR_OK) + + if ( status == BifEnum::NFS3::NFS3ERR_OK ) { - VectorVal *entries = new VectorVal(BifType::Vector::NFS3::direntry_vec_t); unsigned pos; + VectorVal *entries = new VectorVal(BifType::Vector::NFS3::direntry_vec_t); + rep->Assign(1, nfs3_post_op_attr(buf,n)); // dir_attr rep->Assign(2, ExtractUint64(buf,n)); // cookieverf + pos = 1; - while ( extract_XDR_uint32(buf,n) ) + + while ( extract_XDR_uint32(buf,n) ) { RecordVal *entry = new RecordVal(BifType::Record::NFS3::direntry_t); - entry->Assign(0, ExtractUint64(buf,n)); // fileid + entry->Assign(0, ExtractUint64(buf,n)); // fileid entry->Assign(1, nfs3_filename(buf,n)); // fname - entry->Assign(2, ExtractUint64(buf,n)); // cookie - if (isplus) + entry->Assign(2, ExtractUint64(buf,n)); // cookie + + if ( isplus ) { entry->Assign(3, nfs3_post_op_attr(buf,n)); entry->Assign(4, nfs3_post_op_fh(buf,n)); } + entries->Assign(pos, entry, 0); pos++; } + rep->Assign(3, entries); - rep->Assign(4, ExtractBool(buf,n)); // eof + rep->Assign(4, ExtractBool(buf,n)); // eof } else { @@ -565,6 +617,9 @@ RecordVal* NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf, return rep; } + return rep; + } + Val* NFS_Interp::ExtractUint32(const u_char*& buf, int& n) { return new Val(extract_XDR_uint32(buf, n), TYPE_COUNT); @@ -592,7 +647,7 @@ Val* NFS_Interp::ExtractBool(const u_char*& buf, int& n) NFS_Analyzer::NFS_Analyzer(Connection* conn) -: RPC_Analyzer(AnalyzerTag::NFS, conn, new NFS_Interp(this)) + : RPC_Analyzer(AnalyzerTag::NFS, conn, new NFS_Interp(this)) { orig_rpc = resp_rpc = 0; } diff --git a/src/NFS.h b/src/NFS.h index bf3e308697..1d642674aa 100644 --- a/src/NFS.h +++ b/src/NFS.h @@ -16,31 +16,35 @@ public: protected: int RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n); int RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, - const u_char*& buf, int& n, double start_time, double last_time, + const u_char*& buf, int& n, double start_time, + double last_time, int reply_len); + + // Returns a new val_list that already has a conn_val, rpc_status and + // nfs_status. These are the first parameters for each nfs_* event + // ... + val_list* event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, + BifEnum::NFS3::status_t nfs_status, + double rep_start_time, double rep_last_time, int reply_len); - // returns a new val_list that already has a conn_val, rpc_status and nfs_status. - // These are the first parameters for each nfs_* event... - val_list* event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, - BifEnum::NFS3::status_t nfs_status, double rep_start_time, double rep_last_time, - int reply_len); - - - // These methods parse the appropriate NFSv3 "type" out of buf. If - // there are any errors (i.e., buffer to short, etc), buf will be - // set to 0. However, the methods might still return an allocated - // Val * ! - // So, you might want to Unref() the Val if buf is 0. - // Method names are based on the type names of RFC 1813 + // These methods parse the appropriate NFSv3 "type" out of buf. If + // there are any errors (i.e., buffer to short, etc), buf will be set + // to 0. However, the methods might still return an allocated Val * ! + // So, you might want to Unref() the Val if buf is 0. Method names + // are based on the type names of RFC 1813. StringVal* nfs3_fh(const u_char*& buf, int& n); RecordVal* nfs3_fattr(const u_char*& buf, int& n); EnumVal* nfs3_ftype(const u_char*& buf, int& n); RecordVal* nfs3_wcc_attr(const u_char*& buf, int& n); RecordVal* nfs3_diropargs(const u_char*&buf, int &n); StringVal* nfs3_filename(const u_char*& buf, int& n); - StringVal* nfs3_nfspath(const u_char*& buf, int& n) { return nfs3_filename(buf,n); } - RecordVal* nfs3_post_op_attr(const u_char*&buf, int &n); // Return 0 or an fattr - RecordVal* nfs3_pre_op_attr(const u_char*&buf, int &n); // Return 0 or an wcc_attr + StringVal* nfs3_nfspath(const u_char*& buf, int& n) + { + return nfs3_filename(buf,n); + } + + RecordVal* nfs3_post_op_attr(const u_char*&buf, int &n); // Return 0 or an fattr + RecordVal* nfs3_pre_op_attr(const u_char*&buf, int &n); // Return 0 or an wcc_attr RecordVal* nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status); RecordVal* nfs3_readargs(const u_char*& buf, int& n); RecordVal* nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status, bro_uint_t offset); @@ -53,14 +57,13 @@ protected: StringVal* nfs3_post_op_fh(const u_char*& buf, int& n); RecordVal* nfs3_readdirargs(bool isplus, const u_char*& buf, int&n); RecordVal* nfs3_readdir_reply(bool isplus, const u_char*& buf, int&n, BifEnum::NFS3::status_t status); - // consumes the file data in the RPC message. Depending on NFS::return_data* consts - // in bro.init returns NULL or the data as string val + + // Consumes the file data in the RPC message. Depending on NFS::return_data* consts + // in bro.init returns NULL or the data as string val: // * offset is the offset of the read/write call // * size is the amount of bytes read (or requested to be written), StringVal* nfs3_file_data(const u_char*& buf, int& n, uint64_t offset, int size); - - RecordVal* ExtractOptAttrs(const u_char*& buf, int& n); Val* ExtractUint32(const u_char*& buf, int& n); Val* ExtractUint64(const u_char*& buf, int& n); @@ -77,50 +80,18 @@ public: static Analyzer* InstantiateAnalyzer(Connection* conn) { return new NFS_Analyzer(conn); } - //static bool Available() { return nfs_request_getattr || rpc_call; } - static bool Available() { return true; } -}; - -#if 0 -namespace nfs3_types { -#define NFS3_MAX_FHSIZE 64 - class nfs3_type { - public: - //nfs3_type(const u_char*&buf, int& len) = 0; - virtual ~nfs3_type() - { - } - virtual Val *GetVal() = 0; - bool IsValid() { return valid; }; - - bool valid; - }; - - // A file handle - class nfs3_fh : public nfs3_type { - public: - nfs3_fh(const u_char*&buf, int& len) { - const u_char *fh_tmp; - int fh_len; - valid = false; - fh_tmp = extract_XDR_opaque(buf,len,fh_len,NFS3_MAX_FHSIZE); - if (fh_tmp) { - fh = new StringVal(new BroString(fh, fh_len, 0)); - valid = true; - } - else - fh = 0; + static bool Available() + { + return ( nfs_proc_null || nfs_proc_not_implemented || nfs_proc_getattr || + nfs_proc_lookup || nfs_proc_read || nfs_proc_readlink || + nfs_proc_write || nfs_proc_create || nfs_proc_mkdir || + nfs_proc_remove || nfs_proc_rmdir || nfs_proc_readdir || + nfs_reply_status || + rpc_dialogue || rpc_call || rpc_reply ); } - - ~nfs3_fh() { printf("~nfs3_fh\n"); } - - Val *GetVal() { return fh; } - - // Data - StringVal *fh; - }; // nfs3_fh - }; + + #endif #endif diff --git a/src/NetVar.cc b/src/NetVar.cc index 8a63398ae1..52f14d9dab 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -18,6 +18,7 @@ RecordType* pcap_packet; RecordType* signature_state; EnumType* transport_proto; TableType* string_set; +TableType* count_set; RecordType* net_stats; @@ -195,8 +196,6 @@ StringVal* ssl_private_key; StringVal* ssl_passphrase; StringVal* x509_crl_file; -TableType* x509_extension; -TableType* SSL_sessionID; Val* profiling_file; double profiling_interval; @@ -367,10 +366,7 @@ void init_net_var() x509_trusted_cert_path = opt_internal_string("X509_trusted_cert_path"); ssl_store_cert_path = opt_internal_string("ssl_store_cert_path"); x509_type = internal_type("X509")->AsRecordType(); - cipher_suites_list = internal_type("cipher_suites_list")->AsTableType(); x509_crl_file = opt_internal_string("X509_crl_file"); - x509_extension = internal_type("X509_extension")->AsTableType(); - SSL_sessionID = internal_type("SSL_sessionID")->AsTableType(); non_analyzed_lifetime = opt_internal_double("non_analyzed_lifetime"); tcp_inactivity_timeout = opt_internal_double("tcp_inactivity_timeout"); diff --git a/src/NetVar.h b/src/NetVar.h index 21067fca9a..90df40b6fd 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -21,6 +21,7 @@ extern RecordType* SYN_packet; extern RecordType* pcap_packet; extern EnumType* transport_proto; extern TableType* string_set; +extern TableType* count_set; extern RecordType* net_stats; @@ -61,11 +62,8 @@ extern int ssl_store_key_material; extern int ssl_max_cipherspec_size; extern StringVal* ssl_store_cert_path; extern StringVal* x509_trusted_cert_path; -extern TableType* cipher_suites_list; extern RecordType* x509_type; extern StringVal* x509_crl_file; -extern TableType* x509_extension; -extern TableType* SSL_sessionID; extern double non_analyzed_lifetime; extern double tcp_inactivity_timeout; diff --git a/src/OSFinger.cc b/src/OSFinger.cc index 8d3d2057bf..f7b4903700 100644 --- a/src/OSFinger.cc +++ b/src/OSFinger.cc @@ -295,7 +295,7 @@ void OSFingerprint::load_config(const char* file) uint32 ln=0; char buf[MAXLINE]; char* p; - FILE* c = search_for_file( file, "osf", 0); + FILE* c = search_for_file( file, "osf", 0, false); if (!c) { diff --git a/src/POP3.cc b/src/POP3.cc index 4f1f2a5ea7..5d38b4c3d1 100644 --- a/src/POP3.cc +++ b/src/POP3.cc @@ -576,9 +576,11 @@ void POP3_Analyzer::ProcessReply(int length, const char* line) if ( multiLine == true ) { bool terminator = - length > 1 && line[0] == '.' && - (line[1] == '\n' || - (length > 2 && line[1] == '\r' && line[2] == '\n')); + line[0] == '.' && + (length == 1 || + (length > 1 && + (line[1] == '\n' || + (length > 2 && line[1] == '\r' && line[2] == '\n')))); if ( terminator ) { diff --git a/src/Portmap.cc b/src/Portmap.cc index a52eaffd7a..9751f0c560 100644 --- a/src/Portmap.cc +++ b/src/Portmap.cc @@ -72,12 +72,13 @@ int PortmapperInterp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n) } int PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status status, - const u_char*& buf, int& n, double start_time, double last_time, - int reply_len) + const u_char*& buf, int& n, + double start_time, double last_time, + int reply_len) { EventHandlerPtr event; Val *reply = 0; - int success = status == BifEnum::RPC_SUCCESS; + int success = (status == BifEnum::RPC_SUCCESS); switch ( c->Proc() ) { @@ -283,6 +284,7 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); + if ( status == BifEnum::RPC_SUCCESS ) { if ( request ) diff --git a/src/Portmap.h b/src/Portmap.h index 8d09b7ee4f..cb2cb1293c 100644 --- a/src/Portmap.h +++ b/src/Portmap.h @@ -14,8 +14,8 @@ public: protected: int RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n); int RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status success, - const u_char*& buf, int& n, double start_time, double last_time, - int reply_len); + const u_char*& buf, int& n, double start_time, + double last_time, int reply_len); uint32 CheckPort(uint32 port); void Event(EventHandlerPtr f, Val* request, BifEnum::rpc_status status, Val* reply); diff --git a/src/RPC.cc b/src/RPC.cc index 5ab1f48351..c877e53490 100644 --- a/src/RPC.cc +++ b/src/RPC.cc @@ -2,10 +2,12 @@ // // See the file "COPYING" in the main distribution directory for copyright. -#include "config.h" - #include +#include + +#include "config.h" + #include "NetVar.h" #include "XDR.h" #include "RPC.h" @@ -83,11 +85,12 @@ RPC_Interpreter::~RPC_Interpreter() { } -int RPC_Interpreter::DeliverRPC(const u_char* buf, int n, int rpclen, int is_orig, double start_time, double last_time) +int RPC_Interpreter::DeliverRPC(const u_char* buf, int n, int rpclen, + int is_orig, double start_time, double last_time) { uint32 xid = extract_XDR_uint32(buf, n); uint32 msg_type = extract_XDR_uint32(buf, n); - int rpc_len = n; + int rpc_len = n; if ( ! buf ) return 0; @@ -107,9 +110,14 @@ int RPC_Interpreter::DeliverRPC(const u_char* buf, int n, int rpclen, int is_ori call->SetStartTime(start_time); call->SetLastTime(last_time); + // TODO: Should we update start_time and last_time or + // not?? + call->SetStartTime(start_time); + call->SetLastTime(last_time); + // TODO: Not sure whether the handling if rexmit - // inconsistencies are correct. Maybe we should use the info in the new - // call for further processing. + // inconsistencies are correct. Maybe we should use + // the info in the new call for further processing. if ( call->HeaderLen() > n ) { Weird("RPC_underflow"); @@ -137,6 +145,11 @@ int RPC_Interpreter::DeliverRPC(const u_char* buf, int n, int rpclen, int is_ori // TODO: What to do in case of a rexmit_inconistency?? Event_RPC_Call(call); + // We now have a valid RPC_CallInfo (either the previous one + // in case of a rexmit or the current one). + // TODO: What to do in case of a rexmit_inconistency?? + Event_RPC_Call(call); + if ( RPC_BuildCall(call, buf, n) ) call->SetValidCall(); else @@ -217,10 +230,9 @@ int RPC_Interpreter::DeliverRPC(const u_char* buf, int n, int rpclen, int is_ori else Weird("bad_RPC"); - // We now have extracted the status we want to use. + // We now have extracted the status we want to use. Event_RPC_Reply(xid, status, n); - if ( call ) { if ( ! call->IsValidCall() ) @@ -277,10 +289,12 @@ void RPC_Interpreter::Timeout() while ( (c = calls.NextEntry(cookie)) ) { Event_RPC_Dialogue(c, BifEnum::RPC_TIMEOUT, 0); + if ( c->IsValidCall() ) { const u_char* buf; int n = 0; + if ( ! RPC_BuildReply(c, BifEnum::RPC_TIMEOUT, buf, n, network_time, network_time, 0) ) Weird("bad_RPC"); } @@ -339,7 +353,7 @@ void RPC_Interpreter::Weird(const char* msg) void RPC_Reasm_Buffer::Init(int64_t arg_maxsize, int64_t arg_expected) { - if (buf) + if ( buf ) delete [] buf; expected = arg_expected; maxsize = arg_maxsize; @@ -347,23 +361,25 @@ void RPC_Reasm_Buffer::Init(int64_t arg_maxsize, int64_t arg_expected) { buf = new u_char[maxsize]; }; -bool RPC_Reasm_Buffer::ConsumeChunk(const u_char*& data, int& len) +bool RPC_Reasm_Buffer::ConsumeChunk(const u_char*& data, int& len) { - // How many bytes to we want to process with this call? - // Either the all of the bytes available or the number of bytes - // that we are still missing - int64_t to_process = min( int64_t(len), (expected-processed) ); + // How many bytes do we want to process with this call? Either the + // all of the bytes available or the number of bytes that we are + // still missing. + int64_t to_process = min(int64_t(len), (expected-processed)); - if (fill < maxsize) + if ( fill < maxsize ) { - // We haven't yet filled the buffer. - // How many bytes to copy into the buff. Either all of the bytes - // we want to process or the number of bytes until we reach maxsize - int64_t to_copy = min( to_process, (maxsize-fill) ); - if (to_copy) + // We haven't yet filled the buffer. How many bytes to copy + // into the buff. Either all of the bytes we want to process + // or the number of bytes until we reach maxsize. + int64_t to_copy = min( to_process, (maxsize-fill) ); + if ( to_copy ) memcpy(buf+fill, data, to_copy); + fill += to_copy; } + processed += to_process; len -= to_process; data += to_process; @@ -372,7 +388,7 @@ bool RPC_Reasm_Buffer::ConsumeChunk(const u_char*& data, int& len) Contents_RPC::Contents_RPC(Connection* conn, bool orig, RPC_Interpreter* arg_interp) -: TCP_SupportAnalyzer(AnalyzerTag::Contents_RPC, conn, orig) + : TCP_SupportAnalyzer(AnalyzerTag::Contents_RPC, conn, orig) { interp = arg_interp; state = WAIT_FOR_MESSAGE; @@ -387,7 +403,6 @@ void Contents_RPC::Init() TCP_SupportAnalyzer::Init(); } - Contents_RPC::~Contents_RPC() { } @@ -407,7 +422,7 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig) bool discard_this_chunk = false; - if (resync_state == RESYNC_INIT) + if ( resync_state == RESYNC_INIT ) { // First time CheckResync is called. If the TCP endpoint // is fully established we are in sync (since it's the first chunk @@ -417,8 +432,8 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig) static_cast(Parent())->TCP(); assert(tcp); - if ((IsOrig() ? tcp->OrigState() : tcp->RespState()) != - TCP_ENDPOINT_ESTABLISHED) + if ( (IsOrig() ? tcp->OrigState() : tcp->RespState()) != + TCP_ENDPOINT_ESTABLISHED ) { NeedResync(); } @@ -426,41 +441,41 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig) resync_state = INSYNC; } - if (resync_state == INSYNC) + if ( resync_state == INSYNC ) return true; - // This is an attempt to re-synchronize the stream with RPC - // frames after a content gap. - // Returns true if we are in sync. - // Returns false otherwise (we are in resync mode) + // This is an attempt to re-synchronize the stream with RPC frames + // after a content gap. Returns true if we are in sync. Returns + // false otherwise (we are in resync mode) // - // We try to look for the beginning of a RPC frame, assuming - // RPC frames begin at packet boundaries (though they may span - // over multiple packets) (note that the data* of DeliverStream() - // usually starts at a packet boundrary). + // We try to look for the beginning of a RPC frame, assuming RPC + // frames begin at packet boundaries (though they may span over + // multiple packets) (note that the data* of DeliverStream() usually + // starts at a packet boundrary). // - // If we see a frame start that makes sense (direction and - // frame lenght seem ok), we try to read (skip over) the next RPC - // message. If this is successfull and we the place we are seems - // like a valid start of a RPC msg (direction and frame length - // seem ok). We assume that we have successfully resync'ed. - + // If we see a frame start that makes sense (direction and frame + // lenght seem ok), we try to read (skip over) the next RPC message. + // If this is successfull and we the place we are seems like a valid + // start of a RPC msg (direction and frame length seem ok). We assume + // that we have successfully resync'ed. + // Assuming RPC frames align with packet boundaries ... while (len > 0) { - if (resync_toskip) + if ( resync_toskip ) { if ( DEBUG_rpc_resync ) DEBUG_MSG("RPC resync: skipping %d bytes.\n", len); - // We have some bytes to skip over. - if (resync_toskip < len) + + // We have some bytes to skip over. + if ( resync_toskip < len ) { len -= resync_toskip; data += resync_toskip; resync_toskip = 0; } - else + else { resync_toskip -= len; data += len; @@ -469,22 +484,18 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig) } } - if (resync_toskip != 0) - { - // Should never happen + if ( resync_toskip != 0 ) + // Should never happen. internal_error("RPC resync: skipping over data failed"); - NeedResync(); - return false; - } - // Now lets see whether data points to the beginning of a - // RPC frame. If the resync processs is successful, we should - // be at the beginning of a frame. + // Now lets see whether data points to the beginning of a RPC + // frame. If the resync processs is successful, we should be + // at the beginning of a frame. + - if ( len < 12 ) { - // Ignore small chunks. + // Ignore small chunks. if ( len != 1 && DEBUG_rpc_resync ) { // One-byte fragments are likely caused by @@ -496,6 +507,7 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig) fmt("RPC resync: discard %d bytes\n", len)); } + NeedResync(); return false; } @@ -517,22 +529,23 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig) discard_this_chunk = true; - // Make sure the frame isn't too long. - // TODO: Could possible even reduce this number even further. - if (frame_len > MAX_RPC_LEN) + // Make sure the frame isn't too long. + // TODO: Could possible even reduce this number even further. + if ( frame_len > MAX_RPC_LEN ) discard_this_chunk = true; - if (discard_this_chunk) + if ( discard_this_chunk ) { // Skip this chunk if ( DEBUG_rpc_resync ) DEBUG_MSG("RPC resync: Need to resync. dicarding %d bytes.\n", len); + NeedResync(); // let's try the resync again from the beginning return false; } - // Looks like we are at the start of a frame and have successfully - // extracted the frame length (marker). + // Looks like we are at the start of a frame and have successfully + // extracted the frame length (marker). switch (resync_state) { case NEED_RESYNC: @@ -540,30 +553,33 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig) // Initial phase of resyncing. Skip frames until we get a frame // with the last_fragment bit set. resync_toskip = frame_len + 4; - if (last_frag) + + if ( last_frag ) resync_state = RESYNC_WAIT_FOR_FULL_MSG; - else + else resync_state = RESYNC_WAIT_FOR_MSG_START; break; case RESYNC_WAIT_FOR_FULL_MSG: - // If the resync was successful so far, we should now be the start + // If the resync was successful so far, we should now be the start // of a new RPC message. Try to skip over it. resync_toskip = frame_len + 4; - if (last_frag) + + if ( last_frag ) resync_state = RESYNC_HAD_FULL_MSG; break; - + case RESYNC_HAD_FULL_MSG: - // We have now successfully skipped over a full RPC message. - // If we got that far, we are in sync. + // We have now successfully skipped over a full RPC message. + // If we got that far, we are in sync. resync_state = INSYNC; + if ( DEBUG_rpc_resync ) DEBUG_MSG("RPC resync: success.\n"); return true; default: - // Shoult never happen + // Should never happen. NeedResync(); return false; } // end switch @@ -571,7 +587,7 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig) return false; } - + @@ -581,41 +597,45 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig) uint32 marker; bool last_frag; - if (!CheckResync(len, data, orig)) - return; // Not in sync yet. Still resyncing + if ( ! CheckResync(len, data, orig) ) + return; // Not in sync yet. Still resyncing. + // Should be in sync now. - - // Should be in sync now - - while (len > 0) + while (len > 0) { last_time = network_time; - switch (state) { - case WAIT_FOR_MESSAGE: - // A new RPC message is starting. Initialize state - // We expect and want 4 bytes of the frame markers + switch (state) { + case WAIT_FOR_MESSAGE: + // A new RPC message is starting. Initialize state. + + // We expect and want 4 bytes of the frame markers. marker_buf.Init(4,4); - // We want at most 64KB of message data and we don't know - // yet how much we expect, so we set expected to 0 + + // We want at most 64KB of message data and we don't + // know yet how much we expect, so we set expected to + // 0. msg_buf.Init(MAX_RPC_LEN, 0); last_frag = 0; state = WAIT_FOR_MARKER; start_time = network_time; // no break. fall through - + case WAIT_FOR_MARKER: { bool got_marker = marker_buf.ConsumeChunk(data,len); - if (got_marker) + + if ( got_marker ) { const u_char *dummy_p = marker_buf.GetBuf(); int dummy_len = (int) marker_buf.GetFill(); + // have full marker marker = extract_XDR_uint32(dummy_p, dummy_len); marker_buf.Init(4,4); - if ( ! dummy_p ) + + if ( ! dummy_p ) { internal_error("inconsistent RPC record marker extraction"); } @@ -624,41 +644,49 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig) marker &= 0x7fffffff; //printf("%.6f %d marker= %u <> last_frag= %d <> expected=%llu <> processed= %llu <> len = %d\n", // network_time, IsOrig(), marker, last_frag, msg_buf.GetExpected(), msg_buf.GetProcessed(), len); - if (!msg_buf.AddToExpected(marker)) + + if ( ! msg_buf.AddToExpected(marker) ) Conn()->Weird(fmt("RPC_message_too_long (%" PRId64 ")" , msg_buf.GetExpected())); - if (last_frag) + + if ( last_frag ) state = WAIT_FOR_LAST_DATA; else state = WAIT_FOR_DATA; } } - // else remain in state. Haven't got the full 4 bytes for the marker yet + // Else remain in state. Haven't got the full 4 bytes + // for the marker yet. break; case WAIT_FOR_DATA: case WAIT_FOR_LAST_DATA: { bool got_all_data = msg_buf.ConsumeChunk(data, len); - if (got_all_data) + + if ( got_all_data ) { - // got all the data we expected. Now let's see whether there is - // another fragment coming or whether we just finished the last - // fragment. - if (state == WAIT_FOR_LAST_DATA) + // Got all the data we expected. Now let's + // see whether there is another fragment + // coming or whether we just finished the + // last fragment. + if ( state == WAIT_FOR_LAST_DATA ) { const u_char *dummy_p = msg_buf.GetBuf(); int dummy_len = (int) msg_buf.GetFill(); + if ( ! interp->DeliverRPC(dummy_p, dummy_len, (int)msg_buf.GetExpected(), IsOrig(), start_time, last_time) ) Conn()->Weird("partial_RPC"); + state = WAIT_FOR_MESSAGE; } else state = WAIT_FOR_MARKER; } - // else remain in state. Haven't read all the data yet. + // Else remain in state. Haven't read all the data + // yet. } break; - } // end switch + } // end switch } // end while } @@ -701,29 +729,6 @@ void RPC_Analyzer::Done() TCP_ApplicationAnalyzer::Done(); interp->Timeout(); -#if 0 -TODO: maybe put this check back in. But there are so many other -things the RPC analyzer might miss.... - // This code was replicated in NFS.cc and Portmap.cc, so we factor - // it into here. The semantics have slightly changed - it used - // to be we'd always execute interp->Timeout(), but now we only - // do for UDP. - - if ( Conn()->ConnTransport() == TRANSPORT_TCP && TCP() ) - { - - if ( orig_rpc->State() != RPC_COMPLETE && - (TCP()->OrigState() == TCP_ENDPOINT_CLOSED || - TCP()->OrigPrevState() == TCP_ENDPOINT_CLOSED) && - // Sometimes things like tcpwrappers will immediately - // close the connection, without any data having been - // transferred. Don't bother flagging these. - TCP()->Orig()->Size() > 0 ) - Weird("partial_RPC_request"); - } - else - interp->Timeout(); -#endif } void RPC_Analyzer::ExpireTimer(double /* t */) @@ -731,4 +736,3 @@ void RPC_Analyzer::ExpireTimer(double /* t */) Event(connection_timeout); sessions->Remove(Conn()); } - diff --git a/src/RPC.h b/src/RPC.h index 410d41a552..1b75b6cc48 100644 --- a/src/RPC.h +++ b/src/RPC.h @@ -49,7 +49,8 @@ enum { class RPC_CallInfo { public: - RPC_CallInfo(uint32 xid, const u_char*& buf, int& n, double start_time, double last_time, int rpc_len); + RPC_CallInfo(uint32 xid, const u_char*& buf, int& n, double start_time, + double last_time, int rpc_len); ~RPC_CallInfo(); void AddVal(Val* arg_v) { Unref(v); v = arg_v; } @@ -63,11 +64,11 @@ public: uint32 Proc() const { return proc; } double StartTime() const { return start_time; } - void SetStartTime(double t) { start_time = t; } + void SetStartTime(double t) { start_time = t; } double LastTime() const { return last_time; } - void SetLastTime(double t) { last_time = t; } + void SetLastTime(double t) { last_time = t; } int CallLen() const { return call_n; } - int RPCLen() const { return rpc_len; } + int RPCLen() const { return rpc_len; } int HeaderLen() const { return header_len; } uint32 XID() const { return xid; } @@ -81,7 +82,7 @@ protected: u_char* call_buf; // copy of original call buffer double start_time; double last_time; - int rpc_len; // size of the full RPC call, incl. xid and msg_type + int rpc_len; // size of the full RPC call, incl. xid and msg_type int call_n; // size of call buf int header_len; // size of data before the arguments bool valid_call; // whether call was well-formed @@ -106,8 +107,8 @@ public: protected: virtual int RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n) = 0; virtual int RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status success, - const u_char*& buf, int& n, double start_time, double last_time, - int reply_len) = 0; + const u_char*& buf, int& n, double start_time, double last_time, + int reply_len) = 0; void Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status status, int reply_len); void Event_RPC_Call(RPC_CallInfo* c); @@ -121,22 +122,22 @@ protected: /* A simple buffer for reassembling the fragments that RPC-over-TCP - * uses. Only needed by RPC_Contents + * uses. Only needed by RPC_Contents. + * However, RPC messages can be quite large. As a first step, we only - * extract and analyzer the first part of an RPC message and skip + * extract and analyzer the first part of an RPC message and skip * over the rest. * * We specify: - * maxsize ... the number of bytes we want to copy into the buffer - * to analyze. - * expected .. the total number of bytes in the RPC message. Can be - * quite large. We will be "skipping over" expected-maxsize bytes. + * maxsize: the number of bytes we want to copy into the buffer to analyze. + * expected: the total number of bytes in the RPC message. Can be + * quite large. We will be "skipping over" expected-maxsize bytes. * * We can extend "expected" (by calling AddToExpected()), but maxsize is - * fixed. + * fixed. * * TODO: grow buffer dynamically - */ + */ class RPC_Reasm_Buffer { public: RPC_Reasm_Buffer() { @@ -149,33 +150,34 @@ public: void Init(int64_t arg_maxsize, int64_t arg_expected); - const u_char *GetBuf() { return buf; } // Pointer to the buffer - int64_t GetFill() { return fill; } // Number of bytes in buf - int64_t GetSkipped() { return processed-fill; } // How many bytes did we skipped? - int64_t GetExpected() { return expected; } // How many bytes are we expecting? - int64_t GetProcessed() { return processed; } // How many bytes are we expecting? + const u_char *GetBuf() { return buf; } // Pointer to the buffer + int64_t GetFill() { return fill; } // Number of bytes in buf + int64_t GetSkipped() { return processed-fill; } // How many bytes did we skipped? + int64_t GetExpected() { return expected; } // How many bytes are we expecting? + int64_t GetProcessed() { return processed; } // How many bytes are we expecting? - // Expand expected by delta bytes. - // Returns false if the number of expected bytes exceeds maxsize - // (which means that we will truncate the message). - bool AddToExpected(int64_t delta) { expected += delta; return !(expected>maxsize); } + // Expand expected by delta bytes. Returns false if the number of + // expected bytes exceeds maxsize (which means that we will truncate + // the message). + bool AddToExpected(int64_t delta) + { expected += delta; return ! (expected > maxsize); } - // Consume a chunk of input data (pointed to by data, up len in size). - // data and len will be adjustes accordingly. - // Returns true if "exptected" bytes have been processed, i.e., returns - // true when we don't expect any more data. + // Consume a chunk of input data (pointed to by data, up len in + // size). data and len will be adjusted accordingly. Returns true if + // "expected" bytes have been processed, i.e., returns true when we + // don't expect any more data. bool ConsumeChunk(const u_char*& data, int& len); protected: - int64_t fill; // how many bytes we currently have in the buffer - int64_t maxsize; // maximum buffer size we want to allocate - int64_t processed; // number of bytes we have processed so far - int64_t expected; // number of input bytes we expect + int64_t fill; // how many bytes we currently have in the buffer + int64_t maxsize; // maximum buffer size we want to allocate + int64_t processed; // number of bytes we have processed so far + int64_t expected; // number of input bytes we expect u_char *buf; }; -/* Support Analyzer for reassembling RPC-over-TCP messages */ +/* Support Analyzer for reassembling RPC-over-TCP messages */ class Contents_RPC : public TCP_SupportAnalyzer { public: Contents_RPC(Connection* conn, bool orig, RPC_Interpreter* interp); @@ -188,6 +190,7 @@ protected: WAIT_FOR_DATA, WAIT_FOR_LAST_DATA, } state_t; + typedef enum { NEED_RESYNC, RESYNC_WAIT_FOR_MSG_START, @@ -196,6 +199,7 @@ protected: INSYNC, RESYNC_INIT, } resync_state_t; + virtual void Init(); virtual bool CheckResync(int& len, const u_char*& data, bool orig); virtual void DeliverStream(int len, const u_char* data, bool orig); @@ -209,8 +213,8 @@ protected: RPC_Interpreter* interp; - RPC_Reasm_Buffer marker_buf; // Reassembles the 32bit RPC-over-TCP marker - RPC_Reasm_Buffer msg_buf; // Reassembles RPC messages + RPC_Reasm_Buffer marker_buf; // reassembles the 32bit RPC-over-TCP marker + RPC_Reasm_Buffer msg_buf; // reassembles RPC messages state_t state; double start_time; @@ -240,5 +244,4 @@ protected: Contents_RPC* resp_rpc; }; - #endif diff --git a/src/Reassem.cc b/src/Reassem.cc index a1deb01405..12cb59d7f4 100644 --- a/src/Reassem.cc +++ b/src/Reassem.cc @@ -2,6 +2,8 @@ // // See the file "COPYING" in the main distribution directory for copyright. +#include + #include "config.h" #include "Reassem.h" diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index f395392db6..7238da3b9a 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -1,5 +1,7 @@ // $Id: RuleMatcher.cc 6724 2009-06-07 09:23:03Z vern $ +#include + #include "config.h" #include "Analyzer.h" @@ -197,7 +199,7 @@ bool RuleMatcher::ReadFiles(const name_list& files) for ( int i = 0; i < files.length(); ++i ) { - rules_in = search_for_file( files[i], "sig", 0); + rules_in = search_for_file( files[i], "sig", 0, false); if ( ! rules_in ) { error("Can't open signature file", files[i]); diff --git a/src/SSL-binpac.cc b/src/SSL-binpac.cc index 551861aaee..e1b8147e0c 100644 --- a/src/SSL-binpac.cc +++ b/src/SSL-binpac.cc @@ -1,5 +1,3 @@ -// $Id:$ - #include "SSL-binpac.h" #include "TCP_Reassembler.h" #include "util.h" @@ -8,13 +6,10 @@ bool SSL_Analyzer_binpac::warnings_generated = false; SSL_Analyzer_binpac::SSL_Analyzer_binpac(Connection* c) -: TCP_ApplicationAnalyzer(AnalyzerTag::SSL_BINPAC, c) +: TCP_ApplicationAnalyzer(AnalyzerTag::SSL, c) { - ssl = new binpac::SSL::SSLAnalyzer; - ssl->set_bro_analyzer(this); - - records = new binpac::SSLRecordLayer::SSLRecordLayerAnalyzer; - records->set_ssl_analyzer(ssl); + interp = new binpac::SSL::SSLAnalyzer; + interp->set_bro_analyzer(this); if ( ! warnings_generated ) generate_warnings(); @@ -22,23 +17,21 @@ SSL_Analyzer_binpac::SSL_Analyzer_binpac(Connection* c) SSL_Analyzer_binpac::~SSL_Analyzer_binpac() { - delete records; - delete ssl; + delete interp; } void SSL_Analyzer_binpac::Done() { TCP_ApplicationAnalyzer::Done(); - records->FlowEOF(true); - records->FlowEOF(false); + interp->FlowEOF(true); + interp->FlowEOF(false); } void SSL_Analyzer_binpac::EndpointEOF(TCP_Reassembler* endp) { TCP_ApplicationAnalyzer::EndpointEOF(endp); - records->FlowEOF(endp->IsOrig()); - ssl->FlowEOF(endp->IsOrig()); + interp->FlowEOF(endp->IsOrig()); } void SSL_Analyzer_binpac::DeliverStream(int len, const u_char* data, bool orig) @@ -50,13 +43,13 @@ void SSL_Analyzer_binpac::DeliverStream(int len, const u_char* data, bool orig) if ( TCP()->IsPartial() ) return; - records->NewData(orig, data, data + len); + interp->NewData(orig, data, data + len); } void SSL_Analyzer_binpac::Undelivered(int seq, int len, bool orig) { TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); - records->NewGap(orig, len); + interp->NewGap(orig, len); } void SSL_Analyzer_binpac::warn_(const char* msg) diff --git a/src/SSL-binpac.h b/src/SSL-binpac.h index 79b8b4d7fa..7adbd42784 100644 --- a/src/SSL-binpac.h +++ b/src/SSL-binpac.h @@ -1,12 +1,9 @@ -// $Id:$ - #ifndef ssl_binpac_h #define ssl_binpac_h #include "TCP.h" #include "ssl_pac.h" -#include "ssl-record-layer_pac.h" class SSL_Analyzer_binpac : public TCP_ApplicationAnalyzer { public: @@ -23,11 +20,9 @@ public: static bool Available() { - return FLAGS_use_binpac && - (ssl_certificate_seen || ssl_certificate || - ssl_conn_attempt || ssl_conn_server_reply || - ssl_conn_established || ssl_conn_reused || - ssl_conn_alert); + return ( ssl_client_hello || ssl_server_hello || + ssl_established || ssl_extension || ssl_alert || + x509_certificate || x509_extension || x509_error ); } static bool warnings_generated; @@ -35,8 +30,7 @@ public: static void generate_warnings(); protected: - binpac::SSLRecordLayer::SSLRecordLayerAnalyzer* records; - binpac::SSL::SSLAnalyzer* ssl; + binpac::SSL::SSLAnalyzer* interp; }; #endif diff --git a/src/SSLCiphers.cc b/src/SSLCiphers.cc deleted file mode 100644 index 267e8998e3..0000000000 --- a/src/SSLCiphers.cc +++ /dev/null @@ -1,1073 +0,0 @@ -// $Id: SSLCiphers.cc 1678 2005-11-08 19:16:37Z vern $ - -#include "SSLCiphers.h" - -PDict(SSL_CipherSpec) SSL_CipherSpecDict; - -// --- definitions for ssl cipher handling ------------------------------------ - -SSL_CipherSpec SSL_CipherSpecs[] = { - // --- SSL 2.0 cipher specs - { SSL_CK_RC4_128_WITH_MD5, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_SSLv20, - SSL_CIPHER_RC4, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 128 - }, - { SSL_CK_RC4_128_EXPORT40_WITH_MD5, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv20, - SSL_CIPHER_RC4, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 88, - 40, - 128 - }, - { SSL_CK_RC2_128_CBC_WITH_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_RC2, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 128 - }, - { SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv20, - SSL_CIPHER_RC2, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 88, - 40, - 128 - }, - { SSL_CK_IDEA_128_CBC_WITH_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_IDEA, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 128 - }, - { SSL_CK_DES_64_CBC_WITH_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_DES, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 64, - 128 - }, - { SSL_CK_DES_192_EDE3_CBC_WITH_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_3DES, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 192, - 128 - }, - { SSL_CK_RC4_64_WITH_MD5, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_SSLv20, - SSL_CIPHER_RC4, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 64, - 128 - }, - // --- SSL 3.0 / 3.1 cipher specs - { TLS_NULL_WITH_NULL_NULL, - SSL_CIPHER_TYPE_NULL, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_NULL, - SSL_KEY_EXCHANGE_NULL, - 0, - 0, - 0 - }, - { TLS_RSA_WITH_NULL_MD5, - SSL_CIPHER_TYPE_NULL, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 0, - 128 - }, - { TLS_RSA_WITH_NULL_SHA, - SSL_CIPHER_TYPE_NULL, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 0, - 160 - }, - { TLS_RSA_EXPORT_WITH_RC4_40_MD5, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA_EXPORT, - 0, - 40, - 128 - }, - { TLS_RSA_WITH_RC4_128_MD5, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 128 - }, - { TLS_RSA_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 160 - }, - { TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC2, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA_EXPORT, - 0, - 40, - 128 - }, - { TLS_RSA_WITH_IDEA_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_IDEA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 160 - }, - { TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES40, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA_EXPORT, - 0, - 40, - 160 - }, - { TLS_RSA_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 56, - 160 - }, - { TLS_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 168, - 160 - }, - { TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES40, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS_EXPORT, - 0, - 40, - 160 - }, - { TLS_DH_DSS_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS, - 0, - 56, - 160 - }, - { TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS, - 0, - 168, - 160 - }, - { TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES40, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA_EXPORT, - 0, - 168, - 160 - }, - { TLS_DH_RSA_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA, - 0, - 56, - 160 - }, - { TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA, - 0, - 168, - 160 - }, - { TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES40, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS_EXPORT, - 0, - 40, - 160 - }, - { TLS_DHE_DSS_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 56, - 160 - }, - { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 168, - 160 - }, - { TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES40, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA_EXPORT, - 0, - 40, - 160 - }, - { TLS_DHE_RSA_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA, - 0, - 56, - 160 - }, - { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA, - 0, - 168, - 160 - }, - { TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_DH_anon_EXPORT, - 0, - 40, - 128 - }, - { TLS_DH_anon_WITH_RC4_128_MD5, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 128, - 128 - }, - { TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES40, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 40, - 160 - }, - { TLS_DH_anon_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 56, - 160 - }, - { TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 168, - 160 - }, - { SSL_FORTEZZA_KEA_WITH_NULL_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30, - SSL_CIPHER_NULL, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_FORTEZZA_KEA, - 0, - 0, - 160 - }, - { SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30, - SSL_CIPHER_FORTEZZA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_FORTEZZA_KEA, - 0, - 96, - 160 - }, - - { SSL_RSA_WITH_RC2_CBC_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_RC2, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 56, - 160 - }, - { SSL_RSA_WITH_IDEA_CBC_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_IDEA, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 160 - }, - { SSL_RSA_WITH_DES_CBC_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_DES, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 56, - 160 - }, - { SSL_RSA_WITH_3DES_EDE_CBC_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_3DES, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 168, - 160 - }, - - // --- special SSLv3 FIPS ciphers - { SSL_RSA_FIPS_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 56, - 160 - }, - { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 168, - 160 - }, - // --- new 56 bit export ciphers - { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA_EXPORT1024, - 0, - 56, - 160 - }, - { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA_EXPORT1024, - 0, - 56, - 160 - }, - { TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024, - 0, - 56, - 160 - }, - { TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024, - 0, - 56, - 160 - }, - { TLS_DHE_DSS_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 128, - 160 - }, - // --- new AES ciphers - { TLS_RSA_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 160 - }, - { TLS_DH_DSS_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS, - 0, - 128, - 160 - }, - { TLS_DH_RSA_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA, - 0, - 128, - 160 - }, - { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 128, - 160 - }, - { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA, - 0, - 128, - 160 - }, - { TLS_DH_anon_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 128, - 160 - }, - { TLS_RSA_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 256, - 160 - }, - { TLS_DH_DSS_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS, - 0, - 256, - 160 - }, - { TLS_DH_RSA_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA, - 0, - 256, - 160 - }, - { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 256, - 160 - }, - { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA, - 0, - 256, - 160 - }, - { TLS_DH_anon_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 256, - 160 - }, - { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 160 - }, - { TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS, - 0, - 128, - 160 - }, - { TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA, - 0, - 128, - 160 - }, - { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 128, - 160 - }, - { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA, - 0, - 128, - 160 - }, - { TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 128, - 160 - }, - { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 256, - 160 - }, - { TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS, - 0, - 256, - 160 - }, - { TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA, - 0, - 256, - 160 - }, - { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 256, - 160 - }, - { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA, - 0, - 256, - 160 - }, - { TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 256, - 160 - }, - { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - 168, - 160 - }, - { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - 128, - 160 - }, - { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - 256, - 160 - }, - { TLS_ECDHE_ECDSA_WITH_NULL_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - 0, - 160 - }, - { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - 128, - 160 - }, - { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_RSA, - 0, - 168, - 160 - }, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_RSA, - 0, - 128, - 160 - }, - { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_RSA, - 0, - 256, - 160 - }, - { TLS_ECDHE_RSA_WITH_NULL_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_RSA, - 0, - 0, - 160 - }, - { TLS_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_RSA, - 0, - 128, - 160 - }, - { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ECDSA, - 0, - 168, - 160 - }, - { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ECDSA, - 0, - 128, - 160 - }, - { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ECDSA, - 0, - 256, - 160 - }, - { TLS_ECDH_ECDSA_WITH_NULL_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ECDSA, - 0, - 0, - 160 - }, - { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ECDSA, - 0, - 128, - 160 - }, - { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_RSA, - 0, - 168, - 160 - }, - { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_RSA, - 0, - 128, - 160 - }, - { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_RSA, - 0, - 256, - 160 - }, - { TLS_ECDH_RSA_WITH_NULL_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_RSA, - 0, - 0, - 160 - }, - { TLS_ECDH_RSA_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_RSA, - 0, - 128, - 160 - }, - { TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_anon, - 0, - 168, - 160 - }, - { TLS_ECDH_anon_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_anon, - 0, - 128, - 160 - }, - { TLS_ECDH_anon_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_anon, - 0, - 256, - 160 - }, - { TLS_ECDH_anon_WITH_NULL_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_anon, - 0, - 0, - 160 - }, - { TLS_ECDH_anon_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_anon, - 0, - 128, - 160 - }, - { TLS_RSA_WITH_SEED_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_SEED, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 160 - }, - { TLS_DH_DSS_WITH_SEED_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_SEED, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS, - 0, - 128, - 160 - }, - { TLS_DH_RSA_WITH_SEED_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_SEED, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA, - 0, - 128, - 160 - }, - { TLS_DHE_DSS_WITH_SEED_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_SEED, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 128, - 160 - }, - { TLS_DHE_RSA_WITH_SEED_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_SEED, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA, - 0, - 128, - 160 - }, - { TLS_DH_anon_WITH_SEED_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_SEED, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 128, - 160 - }, - - { TLS_EMPTY_RENEGOTIATION_INFO_SCSV, - SSL_CIPHER_TYPE_NULL, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_NULL, - SSL_KEY_EXCHANGE_NULL, - 0, - 0, - 0 - }, - - -}; - -const uint SSL_CipherSpecs_Count = - sizeof(SSL_CipherSpecs) / sizeof(SSL_CipherSpec); diff --git a/src/SSLCiphers.h b/src/SSLCiphers.h deleted file mode 100644 index 12b3ecc0aa..0000000000 --- a/src/SSLCiphers.h +++ /dev/null @@ -1,367 +0,0 @@ -// $Id: SSLCiphers.h 1678 2005-11-08 19:16:37Z vern $ - -#ifndef SSL_CIPHERS_H -#define SSL_CIPHERS_H - -#include "Dict.h" - -// --- definitions for sslv3x cipher handling --------------------------------- - -/*! - * In SSLv2, a cipher spec consists of three bytes. - */ -enum SSLv2_CipherSpec { - // --- standard SSLv2 ciphers - SSL_CK_RC4_128_WITH_MD5 = 0x010080, - SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080, - SSL_CK_RC2_128_CBC_WITH_MD5 = 0x030080, - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080, - SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x050080, - SSL_CK_DES_64_CBC_WITH_MD5 = 0x060040, - SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0, - SSL_CK_RC4_64_WITH_MD5 = 0x080080 -}; - - -/*! - * In SSLv3x, a cipher spec consists of two bytes. - */ -enum SSL3_1_CipherSpec { - // --- standard SSLv3x ciphers - TLS_NULL_WITH_NULL_NULL = 0x0000, - TLS_RSA_WITH_NULL_MD5 = 0x0001, - TLS_RSA_WITH_NULL_SHA = 0x0002, - TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003, - TLS_RSA_WITH_RC4_128_MD5 = 0x0004, - TLS_RSA_WITH_RC4_128_SHA = 0x0005, - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006, - TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007, - TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008, - TLS_RSA_WITH_DES_CBC_SHA = 0x0009, - TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, - TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B, - TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C, - TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, - TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E, - TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F, - TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, - TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011, - TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012, - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, - TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014, - TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015, - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, - TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017, - TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018, - TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019, - TLS_DH_anon_WITH_DES_CBC_SHA = 0x001A, - TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B, - // --- special SSLv3 ciphers - SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C, - SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D, - //SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x001E, - // -- RFC 2712 (ciphers not fully described in SSLCiphers.cc) - TLS_KRB5_WITH_DES_CBC_SHA = 0x001E, - TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F, - TLS_KRB5_WITH_RC4_128_SHA = 0x0020, - TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021, - TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022, - TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023, - TLS_KRB5_WITH_RC4_128_MD5 = 0x0024, - TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025, - TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026, - TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027, - TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028, - TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029, - TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A, - TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B, - - // --- new AES ciphers - TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, - TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030, - TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, - TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034, - TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, - TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036, - TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, - TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A, - TLS_RSA_WITH_NULL_SHA256 = 0x003B, - TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, - TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, - TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E, - TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040, - // -- RFC 4132 - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041, - TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042, - TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043, - TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044, - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045, - TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 0x0046, - // -- Non-RFC. Widely deployed implementation (ciphers not fully described in SSLCiphers.cc) - TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060, - TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061, - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062, - TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063, - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064, - TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065, - TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066, - // -- RFC 5246 (ciphers not fully described in SSLCiphers.cc) - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067, - TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068, - TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, - TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C, - TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D, - // -- RFC 5932 - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084, - TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085, - TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086, - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087, - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088, - TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 0x0089, - // -- RFC 4279 (ciphers not fully described in SSLCiphers.cc) - TLS_PSK_WITH_RC4_128_SHA = 0x008A, - TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B, - TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C, - TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D, - TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E, - TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F, - TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090, - TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091, - TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092, - TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093, - TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094, - TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095, - // -- RFC 4162 - TLS_RSA_WITH_SEED_CBC_SHA = 0x0096, - TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097, - TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098, - TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099, - TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A, - TLS_DH_anon_WITH_SEED_CBC_SHA = 0x009B, - // -- RFC 5288 (ciphers not fully described in SSLCiphers.cc) - TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C, - TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D, - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E, - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F, - TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0, - TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1, - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2, - TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3, - TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4, - TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5, - TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6, - TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7, - // -- RFC 5487 (ciphers not fully described in SSLCiphers.cc) - TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8, - TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9, - TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA, - TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB, - TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC, - TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD, - TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE, - TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF, - TLS_PSK_WITH_NULL_SHA256 = 0x00B0, - TLS_PSK_WITH_NULL_SHA384 = 0x00B1, - TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2, - TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3, - TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4, - TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5, - TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6, - TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7, - TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8, - TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9, - // -- RFC 5932 (ciphers not fully described in SSLCiphers.cc) - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA, - TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB, - TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC, - TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD, - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE, - TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF, - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0, - TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1, - TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2, - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3, - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4, - TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5, - // -- RFC 4492 - TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001, - TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002, - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005, - TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006, - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007, - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A, - TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B, - TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C, - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E, - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F, - TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010, - TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011, - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, - TLS_ECDH_anon_WITH_NULL_SHA = 0xC015, - TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016, - TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017, - TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018, - TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019, - // -- RFC 5054 (ciphers not fully described in SSLCiphers.cc) - TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A, - TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B, - TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C, - TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D, - TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E, - TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F, - TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020, - TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021, - TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022, - // -- RFC 5289 (ciphers not fully described in SSLCiphers.cc) - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029, - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A, - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C, - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D, - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030, - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031, - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032, - // -- RFC 5489 (ciphers not fully described in SSLCiphers.cc) - TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033, - TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034, - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035, - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036, - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037, - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038, - TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039, - TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A, - TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B, - - // --- special SSLv3 FIPS ciphers - SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE, - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF, - SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1, - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0, - - // Tags for SSL 2 cipher kinds which are not specified for SSL 3. - SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80, - SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81, - SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82, - SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83, - - TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF, -}; - -enum SSL_CipherType { - SSL_CIPHER_TYPE_STREAM, - SSL_CIPHER_TYPE_BLOCK, - SSL_CIPHER_TYPE_NULL -}; - -enum SSL_BulkCipherAlgorithm { - SSL_CIPHER_NULL, - SSL_CIPHER_RC4, - SSL_CIPHER_RC2, - SSL_CIPHER_DES, - SSL_CIPHER_3DES, - SSL_CIPHER_DES40, - SSL_CIPHER_FORTEZZA, - SSL_CIPHER_IDEA, - SSL_CIPHER_AES, - SSL_CIPHER_CAMELLIA, - SSL_CIPHER_SEED, -}; - -enum SSL_MACAlgorithm { - SSL_MAC_NULL, - SSL_MAC_MD5, - SSL_MAC_SHA -}; - -enum SSL_KeyExchangeAlgorithm { - SSL_KEY_EXCHANGE_NULL, - SSL_KEY_EXCHANGE_RSA, - SSL_KEY_EXCHANGE_RSA_EXPORT, - SSL_KEY_EXCHANGE_DH, - SSL_KEY_EXCHANGE_DH_DSS, - SSL_KEY_EXCHANGE_DH_DSS_EXPORT, - SSL_KEY_EXCHANGE_DH_RSA, - SSL_KEY_EXCHANGE_DH_RSA_EXPORT, - SSL_KEY_EXCHANGE_DHE_DSS, - SSL_KEY_EXCHANGE_DHE_DSS_EXPORT, - SSL_KEY_EXCHANGE_DHE_RSA, - SSL_KEY_EXCHANGE_DHE_RSA_EXPORT, - SSL_KEY_EXCHANGE_DH_anon, - SSL_KEY_EXCHANGE_DH_anon_EXPORT, - SSL_KEY_EXCHANGE_FORTEZZA_KEA, - // --- new 56 bit export ciphers - SSL_KEY_EXCHANGE_RSA_EXPORT1024, - SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024, - // -- Elliptic Curve key change algorithms (rfc4492) - SSL_KEY_EXCHANGE_ECDH_ECDSA, - SSL_KEY_EXCHANGE_ECDHE_ECDSA, - SSL_KEY_EXCHANGE_ECDH_RSA, - SSL_KEY_EXCHANGE_ECDHE_RSA, - SSL_KEY_EXCHANGE_ECDH_anon, -}; - -#if 0 -struct SSL_CipherSpecImprove { - uint32 identifier; - - // SSL_CipherType cipherType; - SSL_BulkCipherAlgorithm encryptionAlgorithm; - SSL_BulkCipherAlgorithm authenticationAlgorithm; - SSL_BulkCipherAlgorithm keyAlgorithm; - SSL_MACAlgorithm macAlgorithm; - - int clearkeySize; - int encryptedkeySize; - uint32 flags; // IsExportable IsSSLv2 IsSSLv30 IsSSLv31 - const char* fullName = "TLS_WITH_NULL_NULL"; - -}; -#endif - -struct SSL_CipherSpec { - uint32 identifier; ///< type code of the CIPHER-SPEC (2 or 3 Bytes) - - SSL_CipherType cipherType; - uint32 flags; - SSL_BulkCipherAlgorithm bulkCipherAlgorithm; - SSL_MACAlgorithm macAlgorithm; - SSL_KeyExchangeAlgorithm keyExchangeAlgorithm; - - int clearKeySize; ///< size in bits of plaintext part of master key - int encryptedKeySize; ///< size in bits of encrypted part of master key - int hashSize; -}; - -const uint32 SSL_FLAG_EXPORT = 0x0001; ///< set if exportable cipher -const uint32 SSL_FLAG_SSLv20 = 0x0002; ///< set if cipher defined for SSLv20 -const uint32 SSL_FLAG_SSLv30 = 0x0004; ///< set if cipher defined for SSLv30 -const uint32 SSL_FLAG_SSLv31 = 0x0008; ///< set if cipher defined for SSLv31 - -declare(PDict, SSL_CipherSpec); -extern PDict(SSL_CipherSpec) SSL_CipherSpecDict; -extern SSL_CipherSpec SSL_CipherSpecs[]; -extern const uint SSL_CipherSpecs_Count; - -#endif diff --git a/src/SSLDefines.h b/src/SSLDefines.h deleted file mode 100644 index 331a03157a..0000000000 --- a/src/SSLDefines.h +++ /dev/null @@ -1,48 +0,0 @@ -// $Id: SSLDefines.h 80 2004-07-14 20:15:50Z jason $ - -// Defines the states and transitions in the ssl-protocol-machine. - -#ifndef SSL_DEFINES_H -#define SSL_DEFINES_H - -const int SSL3_1_NUM_STATES = 20; -enum SSL3_1_States { - SSL3_1_STATE_ERROR = 0, - SSL3_1_STATE_INIT = 1, - SSL3_1_STATE_SERVER_HELLO_REQ_SENT = 2, - SSL3_1_STATE_CLIENT_HELLO_SENT = 3, - SSL3_1_STATE_SERVER_HELLO_SENT = 4, - SSL3_1_STATE_SERVER_CERT_SENT = 5, - SSL3_1_STATE_SERVER_KEY_EXCHANGE_SENT = 6, - SSL3_1_STATE_SERVER_CERT_REQ_SENT = 7, - SSL3_1_STATE_SERVER_HELLO_DONE_SENT_A = 8, - SSL3_1_STATE_SERVER_HELLO_DONE_SENT_B = 9, - SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_A = 10, - SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_B = 11, - SSL3_1_STATE_CLIENT_CERT_SENT = 12, - SSL3_1_STATE_CLIENT_CERT_VERIFY_SENT = 13, - SSL3_1_STATE_CLIENT_FIN_SENT_A = 14, - SSL3_1_STATE_SERVER_FIN_SENT_A = 15, - SSL3_1_STATE_CLIENT_FIN_SENT_B = 16, - SSL3_1_STATE_SERVER_FIN_SENT_B = 17, - SSL3_1_STATE_HS_FIN_A = 18, - SSL3_1_STATE_HS_FIN_B = 19 -}; - -const int SSL3_1_NUM_TRANS = 11; -enum SSL_3_1_Transitions { - SSL3_1_TRANS_SERVER_HELLO_REQ = 0, - SSL3_1_TRANS_CLIENT_HELLO = 1, - SSL3_1_TRANS_SERVER_HELLO = 2, - SSL3_1_TRANS_SERVER_CERT = 3, - SSL3_1_TRANS_SERVER_KEY_EXCHANGE = 4, - SSL3_1_TRANS_SERVER_CERT_REQ = 5, - SSL3_1_TRANS_SERVER_HELLO_DONE = 6, - SSL3_1_TRANS_CLIENT_CERT = 3, - SSL3_1_TRANS_CLIENT_KEY_EXCHANGE = 7, - SSL3_1_TRANS_CLIENT_CERT_VERIFY = 8, - SSL3_1_TRANS_CLIENT_FIN = 9, - SSL3_1_TRANS_SERVER_FIN = 10 -}; - -#endif diff --git a/src/SSLInterpreter.cc b/src/SSLInterpreter.cc deleted file mode 100644 index 7e185c9e7f..0000000000 --- a/src/SSLInterpreter.cc +++ /dev/null @@ -1,553 +0,0 @@ -// $Id: SSLInterpreter.cc 5988 2008-07-19 07:02:12Z vern $ - -#include "SSLInterpreter.h" -#include "SSLv2.h" - -#include "X509.h" - -#include -#include -#include - -declare(PDict, CertStore); -PDict(CertStore) cert_states; - -// --- Initalization of static variables -------------------------------------- - -uint32 SSL_Interpreter::analyzedCertificates = 0; -uint32 SSL_Interpreter::verifiedCertificates = 0; -uint32 SSL_Interpreter::failedCertificates = 0; -uint32 SSL_Interpreter::certificateChains = 0; - -// --- SSL_Interpreter -------------------------------------------------------- - -/*! - * The constructor. - * - * \param proxy Pointer to the SSLProxy_Analyzer which created this instance. - */ -SSL_Interpreter::SSL_Interpreter(SSLProxy_Analyzer* proxy) - { - this->proxy = proxy; - } - -/*! - * The destructor. - */ -SSL_Interpreter::~SSL_Interpreter() - { - delete orig; - delete resp; - } - -/*! - * Analogous to TCP_Connection::Init(), this method calls - * BuildInterpreterEndpoints() to create the corresponding endpoints. - */ -void SSL_Interpreter::Init() - { - BuildInterpreterEndpoints(); - orig->SetPeer(resp); - resp->SetPeer(orig); - } - -/*! - * This method analyzes a given certificate (chain), using the OpenSSL library. - * - * \param s Pointer to the SSL_InterpreterEndpoint which received the - * cerificate (chain). - * \param data Pointer to the data block which contains the certificate (chain). - * \param length Size of the data block. - * \param type the certificate type - * \param isChain false if data is pointing to a single certificate, - * true if data is pointing to a certificate chain - * mod by scott in: - * uint32 ip_address = *(s->proxyEndpoint->Endpoint()->dst_addr); - * uint16 port = (uint16) s->proxyEndpoint->Endpoint()->conn->RespPort(); - * inserting endpoint - */ -void SSL_Interpreter::analyzeCertificate(SSL_InterpreterEndpoint* s, - const u_char* data, int length, uint8 type, bool isChain) - { - // See if we should continue with this certificate. - if ( ssl_certificate_seen ) - { - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(new Val(! s->IsOrig(), TYPE_BOOL)); - proxy->ConnectionEvent(ssl_certificate_seen, vl); - } - - ++analyzedCertificates; - - const u_char* pCert = data; - uint32 certLength = length; - uint certCount = 0; - - if ( isChain ) - { - ++certificateChains; - - // Sum of all cert sizes has to match certListLength. - int tempLength = 0; - while ( tempLength < length ) - { - ++certCount; - uint32 certLength = - uint32((data[tempLength + 0] << 16) | - data[tempLength + 1] << 8) | - data[tempLength + 2]; - - tempLength += certLength + 3; - } - - if ( tempLength > length ) - { - Weird( "SSLv3x: sum of size of certificates doesn't match size of certificate chain" ); - return; - } - - // Get the first certificate. - pCert = data + 3; - certLength = uint32((data[0] << 16) | data[1] << 8) | data[2]; - } - - // Create a hashsum of the current certificate. - hash_t hashsum = HashKey::HashBytes(pCert, certLength); - - if ( ! proxy->TCP() ) - return; - - TCP_Endpoint* endp = s->IsOrig() ? proxy->TCP()->Orig() : proxy->TCP()->Resp(); - - // Check if we've seen a certificate from this addr/port before. - uint8 key[6]; - // ### Won't work for IPv6. - uint32 ip_address = *(endp->dst_addr); - uint16 port = uint16(proxy->Conn()->RespPort()); - memcpy(key, &ip_address, 4); - memcpy(&key[4], &port, 2); - - HashKey h(key, sizeof(key)); - CertStore* pCertState = 0; - pCertState = (CertStore*) cert_states.Lookup(&h); - if ( ! pCertState ) - { // new address - pCertState = new CertStore(ip_address, port, hashsum, certLength); - cert_states.Insert(&h, pCertState); - } - else - { - // We've seen this address/certificate before. Check if - // certificate changed. - if ( ! pCertState->isSameCert(hashsum, certLength) ) - { - // This shouldn't happen; ### make a stronger error. - Weird("SSL: Certificate changed for this ip+port !!!"); - - // Update status. - ++pCertState->changes; - pCertState->certHash = hashsum; - pCertState->certSize = certLength; - pCertState->isValid = -1; - } - else - { // cert didn't change - if ( pCertState->isValid == 0 ) - { - // This is an invalid cert, but we - // warned before. - } - - // Save time - don't analyze it any further. - return; - } - } - - // Certificate verification. - if ( ssl_verify_certificates != 0 ) - { - ++verifiedCertificates; - int invalid = 0; - switch ( type ) { - case SSLv2_CT_X509_CERTIFICATE: - if ( ! isChain ) - invalid = X509_Cert::verify(s->GetProxyEndpoint(), - pCert, certLength); - else - invalid = X509_Cert::verifyChain(s->GetProxyEndpoint(), - data, length); - break; - - default: - Weird("SSL: Unknown CERTIFICATE-TYPE!"); - invalid = 1; // quick 'n dirty :) - break; - } - - if ( invalid ) - { - proxy->Weak("SSL: Certificate check FAILED!"); - pCertState->isValid = 0; - ++failedCertificates; - } - else - pCertState->isValid = 1; - } - - // Store the certificate. - if ( ssl_store_certificates != 0 ) - { - // Let's hope the address is currently in network byte order! - in_addr addr; - addr.s_addr = ip_address; - char* pDummy = inet_ntoa(addr); - char sFileName[PATH_MAX]; - - if ( ssl_store_cert_path && - ssl_store_cert_path->AsString()->Len() > 0 ) - { - const BroString* pString = ssl_store_cert_path->AsString(); - safe_snprintf(sFileName, PATH_MAX, "%s/cert.%s-server-c%i.der", - pString->Bytes(), pDummy, pCertState->changes); - } - else - safe_snprintf(sFileName, PATH_MAX, "cert.%s-server-c%i.der", - pDummy, pCertState->changes); - - FILE* certFile = fopen(sFileName, "wb"); - if ( ! certFile ) - { - Weird(fmt("SSL_Interpreter::analyzeCertificate(): Error opening '%s'!\n", sFileName)); - return; - } - - fwrite(pCert, 1, certLength, certFile); - fclose(certFile); - } - - // TODO: test if cert is valid for the address we got it from. - } - - -/*! - * \return the originating SSL_InterpreterEndpoint - */ -SSL_InterpreterEndpoint* SSL_Interpreter::Orig() const - { - return orig; - } - -/*! - * \return the responding SSL_InterpreterEndpoint - */ -SSL_InterpreterEndpoint* SSL_Interpreter::Resp() const - { - return resp; - } - -/*! - * \param p Pointer to an SSL_InterpreterEndpoint to test - * - * \return true if p is the originating SSL_InterpreterEndpoint, - * false otherwise - */ -int SSL_Interpreter::Is_Orig(SSL_InterpreterEndpoint* p) const - { - return p == orig; - } - -/*! - * \return the responding SSL_InterpreterEndpoint - */ -SSLProxy_Analyzer* SSL_Interpreter::Proxy() const - { - return proxy; - } - -/*! - * This methods prints a string into the "weird" log file. - * - * \param name String to log into the "weird" file. - */ -void SSL_Interpreter::Weird(const char* name) const - { - proxy->Weird(name); - } - -/*! - * Prints some counters. - */ -void SSL_Interpreter::printStats() - { - printf("SSL_Interpreter:\n"); - printf("analyzedCertificates = %u\n", analyzedCertificates); - printf("verifiedCertificates = %u\n", verifiedCertificates); - printf("failedCertificates = %u\n", failedCertificates); - printf("certificateChains = %u\n", certificateChains); - } - -/*! - * Wrapper function for the event ssl_conn_attempt. - * - * \param sslVersion the SSL version for which the event occured - * - * \see SSLProxy_Analyzer::SSL_Versions - */ -void SSL_Interpreter::fire_ssl_conn_attempt(uint16 sslVersion, - TableVal* currentCipherSuites) - { - EventHandlerPtr event = ssl_conn_attempt; - if ( event ) - { - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(new Val(sslVersion, TYPE_INT)); - vl->append(currentCipherSuites); - - proxy->ConnectionEvent(event, vl); - } - } - -/*! - * Wrapper function for the event ssl_conn_server_reply. - * - * \param sslVersion the SSL version for which the event occured - * - * \see SSLProxy_Analyzer::SSL_Versions - */ -void SSL_Interpreter::fire_ssl_conn_server_reply(uint16 sslVersion, - TableVal* currentCipherSuites) - { - EventHandlerPtr event = ssl_conn_server_reply; - if ( event ) - { - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(new Val(sslVersion, TYPE_INT)); - vl->append(currentCipherSuites); - - proxy->ConnectionEvent(event, vl); - } - } - -/*! - * Wrapper function for the event ssl_conn_established. - * - * \param sslVersion the SSL version for which the event occured - * \param cipherSuite constant indicating the used SSL cipher suite - * - * \see SSLProxy_Analyzer::SSL_Versions, SSLv2_CipherSpecs and SSL3_1_CipherSpec. - */ -void SSL_Interpreter::fire_ssl_conn_established(uint16 sslVersion, - uint32 cipherSuite) - { - EventHandlerPtr event = ssl_conn_established; - if ( event ) - { - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(new Val(sslVersion, TYPE_INT)); - vl->append(new Val(cipherSuite, TYPE_COUNT)); - - proxy->ConnectionEvent(event, vl); - } - - } - -/*! - * Wrapper function for the event ssl_conn_reused - * - * \param pData Pointer to a SSL_DataBlock which contains the SSL session ID - * of the originating ssl session. - */ -void SSL_Interpreter::fire_ssl_conn_reused(const SSL_DataBlock* pData) - { - EventHandlerPtr event = ssl_conn_reused; - if ( event ) - { - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(MakeSessionID(pData->data, pData->len)); - proxy->ConnectionEvent(event, vl); - } - } - -/*! - * Wrapper function for the event ssl_conn_alert - * - * \param sslVersion the SSL version for which the event occured - * \param level constant indicating the level of severity - * \param description constant indicating the type of alert/error - * - * \see SSLProxy_Analyzer::SSL_Versions, SSL3x_AlertLevel, SSL3_1_AlertDescription - * and SSLv2_ErrorCodes. - */ -void SSL_Interpreter::fire_ssl_conn_alert(uint16 sslVersion, uint16 level, - uint16 description) - { - if ( ssl_conn_alert ) - { - EventHandlerPtr event = ssl_conn_alert; - if ( event ) - { - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(new Val(sslVersion, TYPE_INT)); - vl->append(new Val(level, TYPE_COUNT)); - vl->append(new Val(description, TYPE_COUNT)); - - proxy->ConnectionEvent(event, vl); - } - } - } - -// Generate a session ID table. Returns an empty table -// if len is zero. -TableVal* SSL_Interpreter::MakeSessionID(const u_char* data, int len) - { - TableVal* sessionIDTable = new TableVal(SSL_sessionID); - - if ( ! len ) - return sessionIDTable; - - for ( int i = 0; i < len; i += 4 ) - { - uint32 temp = (data[i] << 24) | (data[i + 1] << 16) | - (data[i + 2] << 8) | data[i + 3]; - - Val* index = new Val(i / 4, TYPE_COUNT); - - sessionIDTable->Assign(index, new Val(temp, TYPE_COUNT)); - - Unref(index); - } - - return sessionIDTable; - } - - -//--- SSL_InterpreterEndpoint ------------------------------------------------- - -/*! - * The constructor. - * - * \param interpreter Pointer to the instance of an SSL_Interpreter to which - * this endpoint belongs to. - * \param is_orig true if this endpoint is the originator of the connection, - * false otherwise - * SC: an adjustment was made here since the endpoints are now assosciated with - * TCP_Contents base objects rather than TCP_Endpoint. - */ -SSL_InterpreterEndpoint::SSL_InterpreterEndpoint(SSL_Interpreter* arg_interpreter, - bool arg_is_orig ) - { - interpreter = arg_interpreter; - is_orig = arg_is_orig; - proxyEndpoint = new Contents_SSL(interpreter->Proxy()->Conn(), is_orig); - ourProxyEndpoint = true; - } - -/*! - * The destructor. - */ -SSL_InterpreterEndpoint::~SSL_InterpreterEndpoint() - { - SetProxyEndpoint(0); - } - -/*! - * \return true if there's currently data pending for this endpoint, - * false otherwise - */ -bool SSL_InterpreterEndpoint::isDataPending() - { - return proxyEndpoint->isDataPending(); - } - -/*! - * Sets the peer of this endpoint. - * - * \param p Pointer to an interpreter endpoint which will be set as the peer - * of this endpoint. - */ -void SSL_InterpreterEndpoint::SetPeer(SSL_InterpreterEndpoint* p) - { - peer = p; - } - -/*! - * Sets the proxy endpoint of this endpoint. - * - * \param p Pointer to a Contents_SSL analyzer which will be set as the proxy endpoint - * of this endpoint. - */ -void SSL_InterpreterEndpoint::SetProxyEndpoint(Contents_SSL* p) - { - if ( ourProxyEndpoint ) - { - proxyEndpoint->Done(); - delete proxyEndpoint; - ourProxyEndpoint = false; - } - - proxyEndpoint = p; - } - -/*! - * \return is_orig true if this endpoint is the originator of the connection, - * false otherwise - */ -int SSL_InterpreterEndpoint::IsOrig() const - { - return is_orig; - } - -/*! - * \return the peer of this endpoint - */ -SSL_InterpreterEndpoint* SSL_InterpreterEndpoint::Peer() const - { - return peer; - } - -/*! - * \return the interpreter of this endpoint - */ -SSL_Interpreter* SSL_InterpreterEndpoint::Interpreter() const - { - return interpreter; - } - -// --- CertStore -------------------------------------------------------------- - -/* - * The constructor. - * - * \param ip ip adress where this certificate came from - * \param port port number where this certificate came from - * \param hash hahssum for this certificate - * \param size of this certificate in bytes - */ -CertStore::CertStore(uint32 ip, uint32 arg_port, hash_t hash, int size) - { - ip_addr = ip; - certHash = hash; - certSize = size; - isValid = -1; - changes = 0; - port = arg_port; - } - -/* - * This method can be used to compare certificates by certain criterias. - * - * \param hash hashsum of the certificate to compare - * \param size size of the certificate to compare - * - * \return true if the criterias match, false otherwise - */ -bool CertStore::isSameCert(hash_t hash, int length) - { - return hash == certHash && length == certSize; - } diff --git a/src/SSLInterpreter.h b/src/SSLInterpreter.h deleted file mode 100644 index 27ef2500d5..0000000000 --- a/src/SSLInterpreter.h +++ /dev/null @@ -1,142 +0,0 @@ -// $Id: SSLInterpreter.h 5988 2008-07-19 07:02:12Z vern $ - -#ifndef sslinterpreter_h -#define sslinterpreter_h - -#include "util.h" -#include "SSLProxy.h" - -// --- forward declarations ---------------------------------------------------- - -class SSLProxy_Analyzer; -class Contents_SSL; -class SSL_InterpreterEndpoint; -class SSL_DataBlock; - -// --- SSL_Interpreter -------------------------------------------------------- - -/*! - * \brief This class is the abstract base-class for the different ssl - * interpreters used for the different ssl versions. - * - * Since there is currently no support in Bro for a change of the connection - * type (IMAP -> TLS, for example), we decided not to inherit from the class - * Connection. This way, we can easily switch to SSLv3x after we've seen (and - * analyzed) a SSLv2 client hello record with a version number > SSLv2. - * - * There currently two (non-abstract) interpreters: SSLv2_Interpreter and - * SSLv3_Interpreter. The first one supports SSL 2.0, the second one supports - * both SSL 3.0 and SSL 3.1/TLS 1.0. - * - * See SSLProxy_Analyzer for additional information. - */ -class SSL_Interpreter { -public: - SSL_Interpreter(SSLProxy_Analyzer* proxy); - virtual ~SSL_Interpreter(); - - static uint32 analyzedCertificates; ///< how often analyzeCertificate() has been called - static uint32 verifiedCertificates; ///< how many certificates have actually been verified - static uint32 failedCertificates; ///< how many certificates have failed verification - static uint32 certificateChains; ///< counter for certificate chains - - // In order to initialize the correct SSL_InterpreterEndpoints, - // override it in the corresponding subclass. - virtual void BuildInterpreterEndpoints() = 0; - virtual void Init(); - - SSL_InterpreterEndpoint* Orig() const; - SSL_InterpreterEndpoint* Resp() const; - SSLProxy_Analyzer* Proxy() const; - int Is_Orig(SSL_InterpreterEndpoint* p) const; - - virtual void analyzeCertificate(SSL_InterpreterEndpoint* s, - const u_char* data, int length, - uint8 type, bool isChain); - - void Weird(const char* name) const; - - static void printStats(); - - void fire_ssl_conn_attempt(uint16 sslVersion, - TableVal* currentCipherSuites); - void fire_ssl_conn_server_reply(uint16 sslVersion, - TableVal* currentCipherSuites); - void fire_ssl_conn_established(uint16 sslVersion, uint32 cipherSuite); - void fire_ssl_conn_reused(const SSL_DataBlock* pData); - void fire_ssl_conn_alert(uint16 sslVersion, uint16 level, - uint16 description); - -protected: - TableVal* MakeSessionID(const u_char* data, int len); - - SSLProxy_Analyzer* proxy; - SSL_InterpreterEndpoint* orig; - SSL_InterpreterEndpoint* resp; -}; - -// --- SSL_InterpreterEndpoint ------------------------------------------------ - -/*! - * \brief This abstract class represents the SSL_InterpreterEndpoints for the - * SSL_Interpreter. - * - * The key-method is Deliver() which receives the ssl records - * from the SSLProxy_Analyzer. So overwrite the Deliver()-method and do - * whatever analysis on the record content (and/or pass it to the corresponding - * SSL_Interpreter). - */ -class SSL_InterpreterEndpoint { -public: - SSL_InterpreterEndpoint(SSL_Interpreter* interpreter, bool is_orig); - virtual ~SSL_InterpreterEndpoint(); - - /**This method is called by corresponding SSLProxy_Analyzer and - * delivers the data. - * @param t time, when the segment was received by bro (?) - * @param len length of TCP-Segment - * @param data content of TCP-Segment - */ - virtual void Deliver(int len, const u_char* data) = 0; - bool isDataPending(); - void SetPeer(SSL_InterpreterEndpoint* p); - int IsOrig() const; - SSL_InterpreterEndpoint* Peer() const; - SSL_Interpreter* Interpreter() const; - - Contents_SSL* GetProxyEndpoint() { return proxyEndpoint; } - - void SetProxyEndpoint(Contents_SSL* proxyEndpoint); - -protected: - SSL_Interpreter* interpreter; ///< Pointer to the SSL_Interpreter to which this endpoint belongs to - SSL_InterpreterEndpoint* peer; ///< Pointer to the peer of this endpoint - Contents_SSL* proxyEndpoint; ///< Pointer to the corresponding Contents_SSL - bool ourProxyEndpoint; // true if we need to delete the proxyEndpoint - int is_orig; ///< true if this endpoint is the originator of the connection, false otherwise -}; - -// --- class CertStore -------------------------------------------------------- -/*! - * \brief This class is used to store some information about a X509 certificate. - * - * To save memory, we only store some characteristic criterias about a - * certificate, that's currently it's size and a hashsum. - * - * \note This class is currently experimental. - */ -class CertStore { -public: - uint32 ip_addr; ///< ip address where this certificate is from - uint32 port; ///< port number where this certificate is from - - int certSize; ///< size of the certificate in bytes - hash_t certHash; ///< hashsum obver the entire certificate - int isValid; ///< boolean value indicating if the certificate is valid - int changes; ///< counter for how often this certificate has changed for the above ip + port number - - CertStore(uint32 ip, uint32 port, hash_t hash, int size); - bool isSameCert(hash_t hash, int length); -}; - -#endif diff --git a/src/SSLProxy.cc b/src/SSLProxy.cc deleted file mode 100644 index 85fd29898f..0000000000 --- a/src/SSLProxy.cc +++ /dev/null @@ -1,830 +0,0 @@ -// $Id: SSLProxy.cc 6008 2008-07-23 00:24:22Z vern $ - -#include "SSLProxy.h" -#include "SSLv3.h" -#include "SSLv2.h" - -// --- Initalization of static variables -------------------------------------- - -uint SSLProxy_Analyzer::totalPackets = 0; -uint SSLProxy_Analyzer::totalRecords = 0; -uint SSLProxy_Analyzer::nonSSLConnections = 0; - -// --- SSL_DataBlock -------------------------------------------------------- - -/*! - * This constructor will allocate a block of data on the heap. If min_len is - * given, it will determine the minimum size of the new block. The data block - * referenced by data will be then be copied into the new block. - * - * \param data Pointer to the data which will be copied into the newly - * allocated heap block. - * \param len Length of the data block to copy. - * \param min_len The minimum size of data to allocate on the heap, can be omitted. - */ - -SSL_DataBlock::SSL_DataBlock(const u_char* arg_data, int len, int min_len) - { - // For performance reasons, we allocate at least min_len. - if ( len < min_len ) - { - data = new u_char[min_len]; - size = min_len; - } - else - { - data = new u_char[len]; - this->size = len; - } - - memcpy(data, arg_data, len); - this->len = len; - next = 0; - } - -/*! - * This is an experimental function which will print the contents of the - * internal data block in a human-readable fashion to a stream. - * - * \param stream The stream for printing the data block to. - */ - -void SSL_DataBlock::toStream(FILE* stream) const - { - if ( len <= 0 ) - return; - - int idx; - for ( idx = 0; idx < len-1; ++idx ) - fprintf(stream, "%02X:", data[idx]); - - fprintf(stream, "%02X", data[idx]); - } - -/*! - * This is an experimental function which will print the contents of the - * internal data block in a human-readable fashion to a string. - * - * \return A string which has to be freed by the caller. - */ - -char* SSL_DataBlock::toString() const - { - if ( len <= 0 ) - { - // Currently, we return an empty string if data block is empty. - char* pDummy = new char[1]; - pDummy[0] = '\0'; - return pDummy; - } - - char* pString = new char[len*3]; - char* pItx = pString; - - int idx; - for ( idx = 0; idx < len-1; ++idx ) - { - sprintf(pItx, "%02X:", data[idx]); - pItx += 3; - } - - sprintf(pItx, "%02X", data[idx]); - - return pString; - } - -// --- SSL_RecordBuilder ------------------------------------------------------ - -uint SSL_RecordBuilder::maxAllocCount = 0; -uint SSL_RecordBuilder::maxFragmentCount = 0; -uint SSL_RecordBuilder::fragmentedHeaders = 0; - -/*! - * The constructor takes an Contents_SSL as parameter. Whenever a SSL - * record has been reassembled, the DoDeliver() function of this - * Contents_SSL will be called. - * - * \param sslEndpoint The Contents_SSL to which this instance of - * SSL_RecordBuilder is bound. - */ - -SSL_RecordBuilder::SSL_RecordBuilder(Contents_SSL* arg_sslEndpoint) - { - head = tail = 0; - currentSize = 0; - expectedSize = -1; // -1 means we don't know yet - hasPendingData = false; - fragmentCounter = 0; - neededSize = 5; // we need at least 5 bytes to determine version - - sslEndpoint = arg_sslEndpoint; - } - -/*! - * The destructor frees the chain of SSL_DataBlocks. - */ - -SSL_RecordBuilder::~SSL_RecordBuilder() - { - // Free the data chain. - SSL_DataBlock* idx = head; - SSL_DataBlock* rm; - - while ( idx ) - { - rm = idx; - idx = idx->next; - delete rm; - } - } - -/*! - * This function is the main entry point of the class. Call it with a segment - * of data to process. - * - * \param data pointer to a data segment that will be reassembled - * \param length length of the data segment to be reassembled - * - * \return true if succesfull, false otherwise - */ - -bool SSL_RecordBuilder::addSegment(const u_char* data, int length) - { - while ( length > 0 ) - { - if ( ! head ) - { - // This is the first fragment of a SSLv2 record, - // so we analyze the header. - - // Special case: SSL header has been fragmented. - if ( length < neededSize ) - { - // We can't determine the record size yet, - // so we just add this stuff. - ++fragmentedHeaders; - head = tail = new SSL_DataBlock(data, length, - MIN_ALLOC_SIZE); - currentSize += length; - expectedSize = -1; // special meaning - break; - } - - // Get the expected length of this record. - if ( ! computeExpectedSize(data, length) ) - return false; - - if ( neededSize > expectedSize ) - { - sslEndpoint->Weird("SSL_RecordBuilder::addSegment neededSize > expectedSize"); - return false; - } - - if ( tail != 0 ) - { - sslEndpoint->Parent()->Weird("SSL_RecordBuilder::addSegment tail != 0"); - return false; - } - - if ( length > expectedSize ) - { - // No fragmentation -> no memory-reallocation. - // We have additional data pending. - hasPendingData = true; - sslEndpoint->DoDeliver(expectedSize, data); - length -= expectedSize; - data += expectedSize; - expectedSize = -1; - } - - else if ( length == expectedSize ) - { - // No fragmentation -> no memory-reallocation. - // No additional data pending. - hasPendingData = false; - sslEndpoint->DoDeliver(expectedSize, data); - length -= expectedSize; - data += expectedSize; - expectedSize = -1; - break; - } - else - - { - // First fragment of a record. - head = tail = new SSL_DataBlock(data, length, - MIN_ALLOC_SIZE); - currentSize += length; - break; - } - - continue; - } - - // ! head. - // We already have some data, so add the current - // segment special case. - if ( expectedSize < 0 ) - { - // We don't know the expected size of - // this record yet. - if ( currentSize + length < neededSize ) - { - // We still can't determine the expected size, - // so we just add the current fragment. - addData(data, length); - break; - } - - // Now we can determine the expected size the - // header has been fragmented, so we have to - // reassemble it. - uint8 Header[neededSize]; - memcpy(Header, head->data, head->len); - memcpy(Header + head->len, data, neededSize - head->len); - if ( ! computeExpectedSize(Header, neededSize) ) - { - // Since neededSize <= MIN_ALLOC_SIZE, - // we free only head. - delete head; - head = tail = 0; - return false; - } - - if ( neededSize > expectedSize ) - { - sslEndpoint->Parent()->Weird("SSL_RecordBuilder::addSegment neededSize > expectedSize"); - return false; - } - - // No break, go on with this packet. - } - - if ( currentSize + length == expectedSize ) - { // this is exactly the last segment of the record - hasPendingData = false; - - // Create a continuous data structure and call - // DoDeliver(). - u_char* pBlock = assembleBlocks(data, length); - sslEndpoint->DoDeliver(expectedSize, pBlock); - delete [] pBlock; - expectedSize = -1; - break; - } - - else if ( currentSize + length < expectedSize ) - { // another (middle) segment - if ( length <= MIN_FRAGMENT_SIZE ) - sslEndpoint->Parent()->Weird("SSLProxy: Excessive small TCP Segment!"); - addData(data, length); - break; - } - - else - { - // This is the last fragment of the current record, - // but there's more data in this segment. - int deltaSize = expectedSize - currentSize; - hasPendingData = true; - - // Create a continuous data structure and call - // DoDeliver(). - u_char* pBlock = assembleBlocks(data, deltaSize); - sslEndpoint->DoDeliver(expectedSize, pBlock); - delete [] pBlock; - expectedSize = -1; - - // Process the rest. - length -= deltaSize; - data += deltaSize; - } - } // while - - return true; - } - -/*! - * This function is called internally by addSegment(), and add's a new SSL - * record fragment to the internally used list of SSL_DataBlocks. Note that - * the data will be copied! - * - * \param data pointer to the data that will be added - * \param length length of the data that will be added - */ - -inline void SSL_RecordBuilder::addData(const u_char* data, int length) - { - ++fragmentCounter; - - // Check if there's some space left in the last datablock. - int bytesLeft = tail->size - tail->len; - if ( bytesLeft > 0 ) - { - // There's some space left in the last data block. - if ( bytesLeft >= length ) - { - // We can store all bytes in the last data block. - memcpy(tail->data + tail->len, data, length); - tail->len += length; - currentSize += length; - } - else - { - // We cannot store all bytes in the last data block, - // so we also need to add a new one. - memcpy(tail->data + tail->len, data, bytesLeft); - tail->len = tail->size; - currentSize += length; - - data += bytesLeft; - length -= bytesLeft; - - tail->next = new SSL_DataBlock(data, length, MIN_ALLOC_SIZE); - tail = tail->next; - } - } - - else - { - // Last data block is full. - tail->next = new SSL_DataBlock(data, length, MIN_ALLOC_SIZE); - tail = tail->next; - currentSize += length; - } - } - -/*! - * This function is called internally by addSegment(), whenever a SSL record - * has been fully received. It creates a single data block from the list of - * SSL record fragments while freeing them. - * - * \param data pointer to the last SSL record fragment - * \param length size of the last SSL record fragment - * - * \return pointer to a data block which contains the reassembled SSL record - */ - -u_char* SSL_RecordBuilder::assembleBlocks(const u_char* data, int length) - { - // We don't store the last SSL record fragment in a DataBlock, - // instead we get it directly as parameter. - u_char* dataptr = new u_char[currentSize + length]; - u_char* nextseg = dataptr; - - SSL_DataBlock* idx = head; - SSL_DataBlock* rm; - uint allocCounter = 0; - - while ( idx ) - { - ++allocCounter; - memcpy(nextseg, idx->data, idx->len); - nextseg += idx->len; - rm = idx; - idx = idx->next; - delete rm; - } - - // The last fragment isn't stored in a datablock. - memcpy(nextseg, data, length); - - // The first and last fragments aren't counted. - fragmentCounter += 2; - - // Update statistics. - if ( allocCounter > maxAllocCount ) - maxAllocCount = allocCounter; - - if ( fragmentCounter > maxFragmentCount ) - maxFragmentCount = fragmentCounter; - - fragmentCounter = 0; - currentSize = 0; - head = tail = 0; - - return dataptr; - } - -/*! - * This method is called internally by computeExpectedSize(), when the SSL - * record format has not been determined yet. It tries to do so by using - * heuristics, since there's no definitive way to distinguish SSLv2 vs. SSLv3 - * record headers. - * - * \param data pointer to a data block containing the SSL record to analyze - * \param length length of the SSL record to analyze, has to be >= neededSize! - * - * \return - * - 2 for SSLv2 record format - * - 3 for SSLv3 record format - * - -1 if an error occurred - */ - -int SSL_RecordBuilder::analyzeSSLRecordFormat(const u_char* data, int length) - { - // We have to use heuristics for this one. - - if ( length < neededSize ) - { - sslEndpoint->Parent()->Weird("SSLProxy: analyzeSSLRecordFormat length < neededSize"); - return -1; - } - - bool found_ssl3x = 0; - bool found_ssl2x = 0; - - // SSLv3x-check. - SSL3_1_ContentType ct = SSL3_1_ContentType(uint8(*data)); - switch ( ct ) { - case SSL3_1_TYPE_CHANGE_CIPHER_SPEC: - case SSL3_1_TYPE_ALERT: - case SSL3_1_TYPE_HANDSHAKE: - case SSL3_1_TYPE_APPLICATION_DATA: - { - sslEndpoint->sslVersion = ((data[1]) << 8) | data[2]; - uint16 v = sslEndpoint->sslVersion; - if ( v == uint16(SSLProxy_Analyzer::SSLv30) || - v == uint16(SSLProxy_Analyzer::SSLv31) ) - found_ssl3x = true; - break; - } - } - - // SSLv2 check. - // We look for CLIENT-HELLOs, SERVER-HELLOs and ERRORs. - const u_char* pContents = data; - uint offset = 0; - uint16 size = 0; - if ( (data[0] & 0x80) > 0 ) - { // we have a two-byte record header - offset = 2; - size = (((data[0] & 0x7f) << 8) | data[1]) + 2; - } - else - { // we have a three-byte record header - offset = 3; - size = (((data[0] & 0x3f) << 8) | data[1]) + 3; - } - pContents += offset; - - switch ( SSLv2_MessageTypes(pContents[0]) ) { - case SSLv2_MT_ERROR: - if ( size == SSLv2_ERROR_RECORD_SIZE + offset) - { - found_ssl2x = true; - sslEndpoint->sslVersion = - uint16(SSLProxy_Analyzer::SSLv20); - } - break; - - case SSLv2_MT_CLIENT_HELLO: - { - sslEndpoint->sslVersion = - uint16(pContents[1] << 8) | pContents[2]; - uint16 v = sslEndpoint->sslVersion; - - if ( v == SSLProxy_Analyzer::SSLv20 || - v == SSLProxy_Analyzer::SSLv30 || - v == SSLProxy_Analyzer::SSLv31 ) - found_ssl2x = true; - break; - } - - case SSLv2_MT_SERVER_HELLO: - { - sslEndpoint->sslVersion = - uint16(pContents[3] << 8) | pContents[4]; - uint16 v = sslEndpoint->sslVersion; - - if ( v == SSLProxy_Analyzer::SSLv20 || - v == SSLProxy_Analyzer::SSLv30 || - v == SSLProxy_Analyzer::SSLv31 ) - found_ssl2x = true; - break; - } - - default: - break; - } - - // Consistency checks. - if ( (found_ssl3x || found_ssl2x) == false ) - { - sslEndpoint->Parent()->Weird("SSLProxy: Could not determine SSL version!"); - return -1; - } - - if ( (found_ssl3x && found_ssl2x) == true ) - { - sslEndpoint->Parent()->Weird("SSLProxy: Found ambigous SSL version!"); - return -1; - } - - if ( found_ssl2x ) - return 2; - else - return 3; - } - -/*! - * This method is called internally by addSegment() to determine the expected - * size of a SSL record. - * - * \param data pointer to the SSL record to analyze - * \param length length of the SSL record to analyze - * - * \return true if succesfull, false otherwise - */ - -bool SSL_RecordBuilder::computeExpectedSize(const u_char* data, int length) - { - if ( sslEndpoint->sslRecordVersion < 0 ) - { - // We don't know the ssl record format yet, so we try - // to find out. - sslEndpoint->sslRecordVersion = - analyzeSSLRecordFormat(data, length); - - if ( sslEndpoint->sslRecordVersion != 2 && - sslEndpoint->sslRecordVersion != 3 ) - // We could not determine the ssl record version. - return false; - } - - // Get the expected length of this record. - if ( sslEndpoint->sslRecordVersion == 2 ) - { - if ( (data[0] & 0x80) > 0 ) - // We have a two-byte record header. - expectedSize = (((data[0] & 0x7f) << 8) | data[1]) + 2; - else - // We have a three-byte record header. - expectedSize = (((data[0] & 0x3f) << 8) | data[1]) + 3; - } - - else if ( sslEndpoint->sslRecordVersion == 3 ) - expectedSize = ((data[3] << 8) | data[4]) + 5; - - if ( expectedSize < neededSize ) - { - // This should never happen (otherwise: UNTESTED). - sslEndpoint->Parent()->Weird( "SSLProxy: expectedSize < neededSize in RecordBuilder!" ); - return false; - } - - return true; - } - - -// --- SSL_Connection_Proxy --------------------------------------------------- - -bool SSLProxy_Analyzer::bInited = false; - -SSLProxy_Analyzer::SSLProxy_Analyzer(Connection* conn) -: TCP_ApplicationAnalyzer(AnalyzerTag::SSL, conn) - { - sSLv2Interpreter = new SSLv2_Interpreter(this); - sSLv3xInterpreter = new SSLv3_Interpreter(this); - sSLInterpreter = 0; - bPassThrough = false; - if ( ! bInited ) - { - BuildCipherDict(); - bInited = true; - } - - AddSupportAnalyzer(sslpeo = new Contents_SSL(conn, true)); - AddSupportAnalyzer(sslper = new Contents_SSL(conn, false)); - } - -SSLProxy_Analyzer::~SSLProxy_Analyzer() - { - delete sSLv2Interpreter; - delete sSLv3xInterpreter; - } - -void SSLProxy_Analyzer::Init() - { - TCP_ApplicationAnalyzer::Init(); - - sSLv2Interpreter->Init(); - sSLv3xInterpreter->Init(); - - sSLv2Interpreter->Orig() - ->SetProxyEndpoint(sSLv3xInterpreter->Orig()->GetProxyEndpoint()); - sSLv2Interpreter->Resp() - ->SetProxyEndpoint(sSLv3xInterpreter->Resp()->GetProxyEndpoint()); - } - -void SSLProxy_Analyzer::BuildCipherDict() - { - for ( uint idx = 0; idx < SSL_CipherSpecs_Count; ++idx ) - { - HashKey h(static_cast(SSL_CipherSpecs[idx].identifier)); - SSL_CipherSpecDict.Insert(&h, &SSL_CipherSpecs[idx]); - } - } - -void SSLProxy_Analyzer::NewSSLRecord(Contents_SSL* endp, - int len, const u_char* data) - { - // This is to extract only SSLv2 traffic. - if ( recordSSLv2Traffic ) - { - uint16 sslVersion = 0; - if ( (data[0] & 0x80) > 0 ) - // We have a two-byte record header. - sslVersion = (data[3] << 8) | data[4]; - else - // We have a three-byte record header. - sslVersion = (data[4] << 8) | data[5]; - - if ( ! endp->IsSSLv2Record() || - sslVersion != SSLProxy_Analyzer::SSLv20 ) - { - SetSkip(1); - Conn()->SetRecordPackets(0); - Conn()->SetRecordContents(0); - // FIXME: Could do memory cleanup here. - } - else - // No analysis - only recording. - SetSkip(1); - - return; - } - - if ( bPassThrough ) - { - DoDeliver(len, data, endp->IsOrig()); - return; - } - - if ( ! endp->IsSSLv2Record() ) - { - // It's TLS or SSLv3, so we are done ... - sSLInterpreter = sSLv3xInterpreter; - bPassThrough = true; - // Tell the other record builder we have SSLv3x. - endp->sslRecordVersion = 3; - DoDeliver(len, data, endp->IsOrig()); - } - - else - { // we have a SSLv2 record ... - sSLInterpreter = sSLv2Interpreter; - - // Check whether it's the first or second we've seen ... - if ( sslpeo->VersionRecognized() && - sslper->VersionRecognized() ) - { - // Second record we've seen. - // O.K. Both endpoints recognized the version. - // So this needs to be an SSLv2-Connection ... - bPassThrough = true; - DoDeliver(len, data, endp->IsOrig()); - } - - // First record we see. - // The next one may be SSLv2 or SSLv3x, - // we don't know yet ... - else if ( endp->sslVersion == SSLv20 ) - { - // The client supports only SSLv2, so we're done. - bPassThrough = true; - endp->sslRecordVersion = 2; - endp->sslVersion = SSLv20; - DoDeliver(len, data, endp->IsOrig()); - } - - else - { - bPassThrough = false; - DoDeliver(len, data, endp->IsOrig()); - - // Transfer the state of the SSLv2-Interpreter - // to the state of the SSLv3x-Interpreter ... - if ( ((SSLv2_Interpreter*) sSLInterpreter)->ConnState() == CLIENT_HELLO_SEEN ) - ((SSLv3_Interpreter*) sSLv3xInterpreter)->SetState(SSL3_1_STATE_CLIENT_HELLO_SENT); - } - } - } - -void SSLProxy_Analyzer::DoDeliver(int len, const u_char* data, bool orig) - { - if ( orig ) - sSLInterpreter->Orig()->Deliver(len, data); - else - sSLInterpreter->Resp()->Deliver(len, data); - } - -void SSLProxy_Analyzer::printStats() - { - printf("SSLProxy_Analyzer::totalPackets = %u\n", totalPackets); - printf("SSLProxy_Analyzer::totalRecords = %u\n", totalRecords); - printf("SSLProxy_Analyzer::nonSSLConnections = %u\n", nonSSLConnections); - } - - -void SSLProxy_Analyzer::Weak(const char* name) - { - if ( ssl_conn_weak ) - Event(ssl_conn_weak, name); - } - -// --- Contents_SSL ------------------------------------------------------ - -/*! - * mod Contents_SSL::Contents_SSL( TCP_Endpoint* arg_endpt, int stop_on_gap ) - * : TCP_Contents( arg_conn, stop_on_gap, punt_on_partial ) - */ - -Contents_SSL::Contents_SSL(Connection* conn, bool orig) -: TCP_SupportAnalyzer(AnalyzerTag::Contents_SSL, conn, orig) - { - sslRecordBuilder = new SSL_RecordBuilder(this); - bVersionRecognized = false; - bIsSSLv2Record = false; - - sslRecordVersion = -1; // -1 means we don't know yet - sslVersion = 0; // 0 means we don't know yet - } - -Contents_SSL::~Contents_SSL() - { - delete sslRecordBuilder; - } - -bool Contents_SSL::isDataPending() - { - return sslRecordBuilder->isDataPending(); - } - -void Contents_SSL::DeliverStream(int len, const u_char* data, bool orig) - { - TCP_SupportAnalyzer::DeliverStream(len, data, orig); - - TCP_Analyzer* tcp = static_cast(Parent())->TCP(); - assert(tcp); - - if ( tcp->HadGap(orig) || tcp->IsPartial() ) - return; - - ++SSLProxy_Analyzer::totalPackets; - - TCP_Endpoint* endp = orig ? tcp->Orig() : tcp->Resp(); - -#if 0 - // FIXME: What's this??? - int ack = endp->AckSeq() - endp->StartSeq(); - int top_seq = seq + len; - - if ( top_seq <= ack ) - // There is no new data in this packet. - return; -#endif - - if ( len <= 0 ) - return; - - // No further processing if we have a partial connection. - if ( endp->state == TCP_ENDPOINT_PARTIAL || - endp->peer->state == TCP_ENDPOINT_PARTIAL ) - { - Parent()->SetSkip(1); - Conn()->SetRecordPackets(0); - return; - } - - if ( ! sslRecordBuilder->addSegment(data, len) ) - { - // The RecordBuilder failed to determine the SSL record version, - // so we can't analyze this connection any further. - ++SSLProxy_Analyzer::nonSSLConnections; - Parent()->Weird("SSL: Skipping connection (not an SSL connection?!)!"); - Parent()->SetSkip(1); - Conn()->SetRecordPackets(0); - } - } - -// Called by the RecordBuilder with a complete SSL record. -void Contents_SSL::DoDeliver(int len, const u_char* data) - { - ++SSLProxy_Analyzer::totalRecords; - - bIsSSLv2Record = sslRecordVersion == 2; - bVersionRecognized = true; - - ((SSLProxy_Analyzer*) Parent())->NewSSLRecord(this, len, data); - } - -bool Contents_SSL::IsSSLv2Record() - { - return bIsSSLv2Record; - } - -bool Contents_SSL::VersionRecognized() - { - return bVersionRecognized; - } diff --git a/src/SSLProxy.h b/src/SSLProxy.h deleted file mode 100644 index f1b9984ea5..0000000000 --- a/src/SSLProxy.h +++ /dev/null @@ -1,289 +0,0 @@ -// $Id: SSLProxy.h 5952 2008-07-13 19:45:15Z vern $ - -#ifndef SSLPROXY_H -#define SSLPROXY_H - -#include "TCP.h" -#include "SSLInterpreter.h" -#include "binpac_bro.h" - -#include - -// --- forward declarations --------------------------------------------------- - -class SSL_Interpreter; -class SSL_RecordBuilder; -class Contents_SSL; - -// --- class SSL_DataBlock ---------------------------------------------------- - -/*! - * \brief This class is used to store a block of data on the heap, which is - * allocated and copied by the constructor, and freed by the destructor. - * - * It is mainly used by the SSL_RecordBuilder to store the received data. To - * reduce heap operations (HeapOps), which can be quite expensive, it is - * possible to let the constructor allocate a minimum heap block size. The - * class members keep track of how much data has been allocated and how much of - * it has been used. Plus, there's a pointer to the next SSL_DataBlock, for - * easy creation of a single-linked list. - */ - -class SSL_DataBlock { -public: - SSL_DataBlock(const u_char* data, int len, int min_len = 0); - - int len; ///< The used size of the reserved heap block. - int size; ///< The allocated size of the reserved heap block. - u_char* data; ///< Pointer to the allocated heap block. - SSL_DataBlock* next; ///< Pointer to the next SSL_Datablock in the chain. - - /*! - * The destructor will free the allocated data block. - */ - ~SSL_DataBlock() { delete [] data; } - - void toStream(FILE* stream) const; - char* toString() const; -}; - -// --- class SSL_RecordBuilder ------------------------------------------------ - -/*! - * \brief This class is used to reassemble SSL records from a stream of data. - * - * It supports both SSLv2 and SSLv3 record formats at the same time. The record - * builder has been designed to be robust, efficient and hard to attack. To add - * a segments of data, call addSegment(). Whenever a SSL record has been - * reassembled, the DoDeliver() function of the corresponding Contents_SSL - * will be called. - * - * Two forms of attack have been taken into consideration: - * -# The "fake size" attack, where the actual size of the SSL record is much - * smaller then the size given in the record header. This way, an attacker - * could force Bro to allocate a huge amount of memory and make it crash. - * -# The "small fragment" attack, where an attacker sends huge SSL records - * in very small (1 byte or so) TCP segments. This could lead to a huge - * amount of very small memory blocks allocated by Bro. After the last byte - * of an SSL record has been received, all allocated blocks have to be - * freed. Freeing something like 32K blocks of memory can be quite expensive, - * so packet drops may occur, which could prevent Bro from detecting an - * attacker. - * - * The current implementation always allocates a minimum size of data on the - * heap, which is MIN_ALLOC_SIZE. The processed SSL record fragments are stored - * in a single-linked list of type SSL_DataBlock. - * - * The following assumptions are made: - * - neededSize <= min( expectedSize ) - * - neededSize <= MIN_ALLOC_SIZE, so the data needed to determine the SSL - * record version fits in one SSL_DataBlock - */ - -class SSL_RecordBuilder { -public: - SSL_RecordBuilder(Contents_SSL* sslEndpoint); - ~SSL_RecordBuilder(); - - static const uint MIN_ALLOC_SIZE = 16; ///< min. size of memory to alloc - static const int MIN_FRAGMENT_SIZE = 100; ///< min. size of a middle TCP Segment - static uint maxAllocCount; ///< max. number of allocated data blocks for an instance of a reassembler - static uint maxFragmentCount; ///< max. number of fragments for a ssl record - static uint fragmentedHeaders; ///< counter for the number of fragmented headers (header=neededSize) - - bool addSegment(const u_char* data, int length); - - /*! - * Calls this method to see if there's currently data in the - * record builder pending. - * \return true if there's data pending, false otherwise - */ - bool isDataPending() { return hasPendingData; }; - -protected: - u_char* assembleBlocks(const u_char* data, int length); - int analyzeSSLRecordFormat(const u_char* data, int length); - bool computeExpectedSize (const u_char* data, int length); - void addData(const u_char* data, int length); - - SSL_DataBlock* head; ///< pointer to the first element in the linked list of SSL_DataBlocks - SSL_DataBlock* tail; ///< pointer to the last element in the linked list of SSL_DataBlocks - Contents_SSL* sslEndpoint; ///< pointer to the containing Contents_SSL - int expectedSize; ///< expected size of SSLv2 record including header - int currentSize; ///< current bytes stored in data blocks (that is, processed size of actual record) - int neededSize; ///< min. size in bytes so that the length of the current record can be determinded - bool hasPendingData; ///< true if there's data following in the current tcp segment - uint fragmentCounter; ///< counter for the number of tcp segments for the current record -}; - - -// --- class SSLProxy_Analyzer ---------------------------------------------- - -/** This class represents an SSL_Connection with two SSL_ConnectionEndpoints. - * Note, that this class acts as a proxy, because there are different versions - * of the SSL protocol in use and you don't know in advance which SSL version - * really will be used. This depends on the first two messages of the SSL handshake - * process. Because Bro offers no possibility for switching connections we - * decided only to inherit this proxy from TCP_Connection. - * The different SSL versions are implemented in classed derived from - * SSL_Interpreter/SSL_InterpreterEndpoint and so, we can easily switch the flow - * of data to the appropriate SSL Interpreter. - * Currently, we support SSL Version 2.0 and 3.0/3.1(TLS)(@see SSLv2_Interpreter and @see - * SSLv3_Interpreter). - * This class holds an instance of both SSLv2- and SSLv3_Interpreter. The version - * of the SSL that is used for a connection is negotiated within the first - * two records (SSL messages): client hello and server hello. - * So after scanning this two records (which is mainly done in @see SSL_RecordBuilder and - * @see Contents_SSL) and determing the versions, it is clear which - * SSL version will be used for the succeding SSL records. From now - * on, they can be directly passed through to the appropriate SSL_Interpreter. - * - * FIXME: Now we have a dynamic analyzer framework so this could be restructured. - */ -class SSLProxy_Analyzer: public TCP_ApplicationAnalyzer { -public: - SSLProxy_Analyzer(Connection* conn); - virtual ~SSLProxy_Analyzer(); - - static uint totalPackets; ///< counter for total ssl packets seen - static uint totalRecords; ///< counter for total ssl records seen - static uint nonSSLConnections; ///< counter for connections where we couldn't reassemble a ssl record - - static const bool recordSSLv2Traffic = false; ///< if true, only recording of SSLv2 connections is done (no analysis) - - static bool bInited; - - enum SSL_Versions { - SSLv20 = 0x0002, - SSLv30 = 0x0300, - SSLv31 = 0x0301 // = TLS 1.0 - }; - - /* This method is called from the corresponding Contents_SSL to - * deliver the data to the SSL_ProxyConnection. It decides which - * SSL_Interpreter (Version 2 or Version 3x) gets the record or - * directly passes it through, if it's already clear which version - * this SSL connection uses. - * @param endp the sending endpoint - * @param len length of SSL record - * @param data the SSL record - * - * SC mod - pass a TCP_Contents rather than endpoint in terms of an actual - * Contents_SSL. There is much less overall work to do since we - * have already done the assosciation. - */ - void NewSSLRecord(Contents_SSL* endp, int len, const u_char* data); - - // Initialises the SSLv2- and SSLv3_Interpreters. - virtual void Init(); - - // This method is used for passing messages to Bro that contain - // information about weaknesses in the choosen SSL encryption - // (short keys, unverifyable certificates, ...) - // @param name the name of the weakness. - void Weak(const char* name); - - static Analyzer* InstantiateAnalyzer(Connection* conn) - { return new SSLProxy_Analyzer(conn); } - - static bool Available() - { - return (ssl_certificate_seen || ssl_certificate || - ssl_conn_attempt || ssl_conn_server_reply || - ssl_conn_established || ssl_conn_reused || - ssl_conn_alert) - && ! FLAGS_use_binpac; - } - - static void printStats(); - -protected: - bool bPassThrough; ///< whether it is clear which SSL version the connection will use - - SSL_Interpreter* sSLv2Interpreter; ///< Interpreter for SSL version 2 - SSL_Interpreter* sSLv3xInterpreter; ///< Interpreter for SSL version 3.0 and 3.1 - SSL_Interpreter* sSLInterpreter; ///< Pointer to the interpreter currently in use - - Contents_SSL* sslpeo; - Contents_SSL* sslper; - - /** Internally called from this class Deliver()-method. - * It delivers the data to the correct corresponding - * SSL_InterpreterEndpoint. - * @param endp the sending endpoint - * @param t time, when the segment was received by bro (not used) - * @param seq relative sequenze number (from Endpoint::start_seq) (not used) - * @param len length of SSL record - * @param data the SSL record - */ - void DoDeliver(int len, const u_char* data, bool orig); - - // Initialises the dictionary where the SSL cipher specs are stored. - // It needs only to be called once for a whole bro. @see SSLDefines.h - void BuildCipherDict(); -}; - -// --- class Contents_SSL ------------------------------------------------ - -/** This class represents an endpoint of a SSLProxy_Analyzer. - * It receives the new data (TCP segments) within the Deliver()-method, does - * some basic checks on the segment and passes it on to the SSL_RecordBuilder, - * which reassembles the segments into SSL records and determines the - * versions of the records. If the SSL_RecordBuilder was able to determine - * the versions of the records it delivers the reassembled records back tho this - * Contents_SSL by calling the DoDeliver()-method. - * The Contents_SSL then hands the record over to the corresponding - * SSLProxy_Analyzer by invoking it's NewSSLRecord()-method. - * - * SC mod: change class Contents_SSL: public TCP_EndpointContents - * to class Contents_SSL: public TCP_Contents - * this is done since the class uses the Deliver() method to take care of data. - * - */ -class Contents_SSL: public TCP_SupportAnalyzer { -public: - /* The constructor builds up and initialises the Contents_SSL. - * @param conn the corresponding Connection - * @param whether this is the originator - */ - Contents_SSL(Connection* conn, bool orig); - ~Contents_SSL(); - - int sslRecordVersion; ///< record version of the first SSL record seen (set by SSLProxy_Analyzer and SSL_RecordBuilder) - uint16 sslVersion; ///< SSL version of the SSL record seen (set by SSL_RecordBuilder) - - /** Via this method, this Contents_SSL receives the - * TCP segments. - * @param len length of TCP-Segment - * @param data content of TCP-Segment - * @param orig whether sending endpoint is originator - */ - virtual void DeliverStream(int len, const u_char* data, bool orig); - - /** This method is called by the corresponding SSL_RecordBuilder - * upon delivering a new reassembled SSL record. - * @param len the length of the record - * @param data the record - */ - void DoDeliver(int len, const u_char* data); - - /* @return whether we have already seen the first record of the connection of this endpoint yet - */ - bool VersionRecognized(); - - /* @return whether the first record was of SSL version 2.0 - */ - bool IsSSLv2Record(); - - /* @return whether the corresponding SSL_RecordBuilder has pending data - */ - bool isDataPending(); // should be inline - - SSL_RecordBuilder* sslRecordBuilder; - -protected: - bool bVersionRecognized; ///< False, if we haven't seen the first record of the connection of this endpoint yet - bool bIsSSLv2Record; ///< Was the first record of SSL version 2.0 -}; - -#endif diff --git a/src/SSLv2.cc b/src/SSLv2.cc deleted file mode 100644 index 0252e4cb15..0000000000 --- a/src/SSLv2.cc +++ /dev/null @@ -1,946 +0,0 @@ -// $Id: SSLv2.cc 5988 2008-07-19 07:02:12Z vern $ - -#include "SSLv2.h" -#include "SSLv3.h" - -// --- Initalization of static variables -------------------------------------- - -uint SSLv2_Interpreter::totalConnections = 0; -uint SSLv2_Interpreter::analyzedConnections = 0; -uint SSLv2_Interpreter::openedConnections = 0; -uint SSLv2_Interpreter::failedConnections = 0; -uint SSLv2_Interpreter::weirdConnections = 0; -uint SSLv2_Interpreter::totalRecords = 0; -uint SSLv2_Interpreter::clientHelloRecords = 0; -uint SSLv2_Interpreter::serverHelloRecords = 0; -uint SSLv2_Interpreter::clientMasterKeyRecords = 0; -uint SSLv2_Interpreter::errorRecords = 0; - - -// --- SSLv2_Interpreter ------------------------------------------------------- - -/*! - * The Constructor. - * - * \param proxy Pointer to the SSLProxy_Analyzer who created this instance. - */ -SSLv2_Interpreter::SSLv2_Interpreter(SSLProxy_Analyzer* proxy) -: SSL_Interpreter(proxy) - { - ++totalConnections; - records = 0; - bAnalyzedCounted = false; - connState = START; - - pServerCipherSpecs = 0; - pClientCipherSpecs = 0; - bClientWantsCachedSession = false; - usedCipherSpec = (SSLv2_CipherSpec) 0; - - pConnectionId = 0; - pChallenge = 0; - pSessionId = 0; - pMasterClearKey = 0; - pMasterEncryptedKey = 0; - pClientReadKey = 0; - pServerReadKey = 0; - } - -/*! - * The Destructor. - */ -SSLv2_Interpreter::~SSLv2_Interpreter() - { - if ( connState != CLIENT_MASTERKEY_SEEN && - connState != CACHED_SESSION && - connState != START && // we only complain if we saw some data - connState != ERROR_SEEN ) - ++failedConnections; - - if ( connState != CLIENT_MASTERKEY_SEEN && connState != CACHED_SESSION ) - ++weirdConnections; - - delete pServerCipherSpecs; - delete pClientCipherSpecs; - delete pConnectionId; - delete pChallenge; - delete pSessionId; - delete pMasterClearKey; - delete pMasterEncryptedKey; - delete pClientReadKey; - delete pServerReadKey; - } - -/*! - * This method implements SSL_Interpreter::BuildInterpreterEndpoints() - */ -void SSLv2_Interpreter::BuildInterpreterEndpoints() - { - orig = new SSLv2_Endpoint(this, 1); - resp = new SSLv2_Endpoint(this, 0); - } - -/*! - * This method prints some counters. - */ -void SSLv2_Interpreter::printStats() - { - printf("SSLv2:\n"); - printf("totalConnections = %u\n", totalConnections); - printf("analyzedConnections = %u\n", analyzedConnections); - printf("openedConnections = %u\n", openedConnections); - printf("failedConnections = %u\n", failedConnections); - printf("weirdConnections = %u\n", weirdConnections); - - printf("totalRecords = %u\n", totalRecords); - printf("clientHelloRecords = %u\n", clientHelloRecords); - printf("serverHelloRecords = %u\n", serverHelloRecords); - printf("clientMasterKeyRecords = %u\n", clientMasterKeyRecords); - printf("errorRecords = %u\n", errorRecords); - - printf("SSL_RecordBuilder::maxAllocCount = %u\n", SSL_RecordBuilder::maxAllocCount); - printf("SSL_RecordBuilder::maxFragmentCount = %u\n", SSL_RecordBuilder::maxFragmentCount); - printf("SSL_RecordBuilder::fragmentedHeaders = %u\n", SSL_RecordBuilder::fragmentedHeaders); - } - -/*! - * \return the current state of the ssl connection - */ -SSLv2_States SSLv2_Interpreter::ConnState() - { - return connState; - } - -/*! - * This method is called by SSLv2_Endpoint::Deliver(). It is the main entry - * point of this class. The header of the given SSLV2 record is analyzed and - * its contents are then passed to the corresponding analyzer method. After - * the record has been analyzed, the ssl connection state is updated. - * - * \param s Pointer to the endpoint which sent the record - * \param length length of SSLv2 record - * \param data pointer to SSLv2 record to analyze - */ -void SSLv2_Interpreter::NewSSLRecord(SSL_InterpreterEndpoint* s, - int length, const u_char* data) - { - ++records; - ++totalRecords; - - if ( ! bAnalyzedCounted ) - { - ++analyzedConnections; - bAnalyzedCounted = true; - } - - // We should see a maximum of 4 cleartext records. - if ( records == 5 ) - { // so this should never happen - Weird("SSLv2: Saw more than 4 records, skipping connection..."); - proxy->SetSkip(1); - return; - } - - // SSLv2 record header analysis - uint32 recordLength = 0; // data length of SSLv2 record - bool isEscape = false; - uint8 padding = 0; - const u_char* contents; - - if ( (data[0] & 0x80) > 0 ) - { // we have a two-byte record header - recordLength = ((data[0] & 0x7f) << 8) | data[1]; - contents = data + 2; - if ( recordLength + 2 != uint32(length) ) - { - // This should never happen, otherwise - // we have a bug in the SSL_RecordBuilder. - Weird("SSLv2: FATAL: recordLength doesn't match data block length!"); - connState = ERROR_REQUIRED; - proxy->SetSkip(1); - return; - } - } - else - { // We have a three-byte record header. - recordLength = ((data[0] & 0x3f) << 8) | data[1]; - isEscape = (data[0] & 0x40) != 0; - padding = data[2]; - contents = data + 3; - if ( recordLength + 3 != uint32(length) ) - { - // This should never happen, otherwise - // we have a bug in the SSL_RecordBuilder. - Weird("SSLv2: FATAL: recordLength doesn't match data block length!"); - connState = ERROR_REQUIRED; - proxy->SetSkip(1); - return; - } - - if ( padding == 0 && ! isEscape ) - Weird("SSLv2: 3 Byte record header, but no escape, no padding!"); - } - - if ( recordLength == 0 ) - { - Weird("SSLv2: Record length is zero (no record data)!"); - return; - } - - if ( isEscape ) - Weird("SSLv2: Record has escape bit set (security escape)!"); - - if ( padding > 0 && connState != CACHED_SESSION && - connState != CLIENT_MASTERKEY_SEEN ) - Weird("SSLv2 record with padding > 0 in cleartext!"); - - // MISSING: - // A final consistency check is done when a block cipher is used - // and the protocol is using encryption. The amount of data present - // in a record (RECORD-LENGTH))must be a multiple of the cipher's - // block size. If the received record is not a multiple of the - // cipher's block size then the record is considered damaged, and it - // is to be treated as if an "I/O Error" had occurred (i.e. an - // unrecoverable error is asserted and the connection is closed). - - switch ( connState ) { - case START: - // Only CLIENT-HELLLOs allowed here. - if ( contents[0] != SSLv2_MT_CLIENT_HELLO ) - { - Weird("SSLv2: First packet is not a CLIENT-HELLO!"); - analyzeRecord(s, recordLength, contents); - connState = ERROR_REQUIRED; - } - else - connState = ClientHelloRecord(s, recordLength, contents); - break; - - case CLIENT_HELLO_SEEN: - // Only SERVER-HELLOs or ERRORs allowed here. - if ( contents[0] == SSLv2_MT_SERVER_HELLO ) - connState = ServerHelloRecord(s, recordLength, contents); - else if ( contents[0] == SSLv2_MT_ERROR ) - connState = ErrorRecord(s, recordLength, contents); - else - { - Weird("SSLv2: State violation in CLIENT_HELLO_SEEN!"); - analyzeRecord(s, recordLength, contents); - connState = ERROR_REQUIRED; - } - break; - - case NEW_SESSION: - // We expect a client master key. - if ( contents[0] == SSLv2_MT_CLIENT_MASTER_KEY ) - connState = ClientMasterKeyRecord(s, recordLength, contents); - else if ( contents[0] == SSLv2_MT_ERROR ) - connState = ErrorRecord(s, recordLength, contents); - else - { - Weird("SSLv2: State violation in NEW_SESSION or encrypted record!"); - analyzeRecord(s, recordLength, contents); - connState = ERROR_REQUIRED; - } - - delete pServerCipherSpecs; - pServerCipherSpecs = 0; - break; - - case CACHED_SESSION: - delete pServerCipherSpecs; - pServerCipherSpecs = 0; - // No break here. - - case CLIENT_MASTERKEY_SEEN: - // If no error record, no further analysis. - if ( contents[0] == SSLv2_MT_ERROR && - recordLength == SSLv2_ERROR_RECORD_SIZE ) - connState = ErrorRecord(s, recordLength, contents); - else - { - // So we finished the cleartext handshake. - // Skip all further data. - - proxy->SetSkip(1); - ++openedConnections; - } - break; - - case ERROR_REQUIRED: - if ( contents[0] == SSLv2_MT_ERROR ) - connState = ErrorRecord(s, recordLength, contents); - else - { - // We lost tracking: this should not happen. - Weird("SSLv2: State inconsistency in ERROR_REQUIRED (lost tracking!)!"); - analyzeRecord(s, recordLength, contents); - connState = ERROR_REQUIRED; - } - break; - - case ERROR_SEEN: - // We don't have recoverable errors in cleartext phase, - // so we shouldn't see anymore packets. - Weird("SSLv2: Traffic after error record!"); - analyzeRecord(s, recordLength, contents); - break; - - default: - internal_error("SSLv2: unknown state"); - break; - } - } - -/*! - * This method is called whenever the connection tracking failed. It calls - * the corresponding analyzer method for the given SSLv2 record, but does not - * update the ssl connection state. - * - * \param s Pointer to the endpoint which sent the record - * \param length length of SSLv2 record - * \param data pointer to SSLv2 record to analyze - */ -void SSLv2_Interpreter::analyzeRecord(SSL_InterpreterEndpoint* s, - int length, const u_char* data) - { - switch ( data[0] ) { - case SSLv2_MT_ERROR: - ErrorRecord(s, length, data); - break; - - case SSLv2_MT_CLIENT_HELLO: - ClientHelloRecord(s, length, data); - break; - - case SSLv2_MT_CLIENT_MASTER_KEY: - ClientMasterKeyRecord(s, length, data); - break; - - case SSLv2_MT_SERVER_HELLO: - ServerHelloRecord(s, length, data); - break; - - case SSLv2_MT_CLIENT_FINISHED: - case SSLv2_MT_SERVER_VERIFY: - case SSLv2_MT_SERVER_FINISHED: - case SSLv2_MT_REQUEST_CERTIFICATE: - case SSLv2_MT_CLIENT_CERTIFICATE: - Weird("SSLv2: Encrypted record type seems to be in cleartext"); - break; - - default: - // Unknown record type. - Weird("SSLv2: Unknown record type or encrypted record"); - break; - } - } - -/*! - * This method analyses a SSLv2 CLIENT-HELLO record. - * - * \param s Pointer to the endpoint which sent the record - * \param length length of SSLv2 CLIENT-HELLO record - * \param data pointer to SSLv2 CLIENT-HELLO record to analyze - * - * \return the updated state of the current ssl connection - */ -SSLv2_States SSLv2_Interpreter::ClientHelloRecord(SSL_InterpreterEndpoint* s, - int recordLength, const u_char* recordData) - { - // This method gets the record's data (without the header). - ++clientHelloRecords; - - if ( s != orig ) - Weird("SSLv2: CLIENT-HELLO record from server!"); - - // There should not be any pending data in the SSLv2 reassembler, - // because the client should wait for a server response. - if ( ((SSLv2_Endpoint*) s)->isDataPending() ) - Weird("SSLv2: Pending data in SSL_RecordBuilder after CLIENT-HELLO!"); - - // Client hello minimum header size check. - if ( recordLength < SSLv2_CLIENT_HELLO_HEADER_SIZE ) - { - Weird("SSLv2: CLIENT-HELLO is too small!"); - return ERROR_REQUIRED; - } - - // Extract the data of the client hello header. - SSLv2_ClientHelloHeader ch; - ch.clientVersion = uint16(recordData[1] << 8) | recordData[2]; - ch.cipherSpecLength = uint16(recordData[3] << 8) | recordData[4]; - ch.sessionIdLength = uint16(recordData[5] << 8) | recordData[6]; - ch.challengeLength = uint16(recordData[7] << 8) | recordData[8]; - - if ( ch.clientVersion != SSLProxy_Analyzer::SSLv20 && - ch.clientVersion != SSLProxy_Analyzer::SSLv30 && - ch.clientVersion != SSLProxy_Analyzer::SSLv31 ) - { - Weird("SSLv2: Unsupported SSL-Version in CLIENT-HELLO"); - return ERROR_REQUIRED; - } - - if ( ch.challengeLength + ch.cipherSpecLength + ch.sessionIdLength + - SSLv2_CLIENT_HELLO_HEADER_SIZE != recordLength ) - { - Weird("SSLv2: Size inconsistency in CLIENT-HELLO"); - return ERROR_REQUIRED; - } - - // The CIPHER-SPECS-LENGTH must be > 0 and a multiple of 3. - if ( ch.cipherSpecLength == 0 || ch.cipherSpecLength % 3 != 0 ) - { - Weird("SSLv2: Nonconform CIPHER-SPECS-LENGTH in CLIENT-HELLO."); - return ERROR_REQUIRED; - } - - // The SESSION-ID-LENGTH must either be zero or 16. - if ( ch.sessionIdLength != 0 && ch.sessionIdLength != 16 ) - Weird("SSLv2: Nonconform SESSION-ID-LENGTH in CLIENT-HELLO."); - - if ( (ch.challengeLength < 16) || (ch.challengeLength > 32)) - Weird("SSLv2: Nonconform CHALLENGE-LENGTH in CLIENT-HELLO."); - - const u_char* ptr = recordData; - ptr += SSLv2_CLIENT_HELLO_HEADER_SIZE + ch.cipherSpecLength; - - pSessionId = new SSL_DataBlock(ptr, ch.sessionIdLength); - - // If decrypting, store the challenge. - if ( ssl_store_key_material && ch.challengeLength <= 32 ) - pChallenge = new SSL_DataBlock(ptr, ch.challengeLength); - - bClientWantsCachedSession = ch.sessionIdLength != 0; - - TableVal* currentCipherSuites = - analyzeCiphers(s, ch.cipherSpecLength, - recordData + SSLv2_CLIENT_HELLO_HEADER_SIZE); - - fire_ssl_conn_attempt(ch.clientVersion, currentCipherSuites); - - return CLIENT_HELLO_SEEN; - } - -/*! - * This method analyses a SSLv2 SERVER-HELLO record. - * - * \param s Pointer to the endpoint which sent the record - * \param length length of SSLv2 SERVER-HELLO record - * \param data pointer to SSLv2 SERVER-HELLO record to analyze - * - * \return the updated state of the current ssl connection - */ -SSLv2_States SSLv2_Interpreter::ServerHelloRecord(SSL_InterpreterEndpoint* s, - int recordLength, const u_char* recordData) - { - ++serverHelloRecords; - TableVal* currentCipherSuites = NULL; - - if ( s != resp ) - Weird("SSLv2: SERVER-HELLO from client!"); - - if ( recordLength < SSLv2_SERVER_HELLO_HEADER_SIZE ) - { - Weird("SSLv2: SERVER-HELLO is too small!"); - return ERROR_REQUIRED; - } - - // Extract the data of the client hello header. - SSLv2_ServerHelloHeader sh; - sh.sessionIdHit = recordData[1]; - sh.certificateType = recordData[2]; - sh.serverVersion = uint16(recordData[3] << 8) | recordData[4]; - sh.certificateLength = uint16(recordData[5] << 8) | recordData[6]; - sh.cipherSpecLength = uint16(recordData[7] << 8) | recordData[8]; - sh.connectionIdLength = uint16(recordData[9] << 8) | recordData[10]; - - if ( sh.serverVersion != SSLProxy_Analyzer::SSLv20 ) - { - Weird("SSLv2: Unsupported SSL-Version in SERVER-HELLO"); - return ERROR_REQUIRED; - } - - if ( sh.certificateLength + sh.cipherSpecLength + - sh.connectionIdLength + - SSLv2_SERVER_HELLO_HEADER_SIZE != recordLength ) - { - Weird("SSLv2: Size inconsistency in SERVER-HELLO"); - return ERROR_REQUIRED; - } - - // The length of the CONNECTION-ID must be between 16 and 32 bytes. - if ( sh.connectionIdLength < 16 || sh.connectionIdLength > 32 ) - Weird("SSLv2: Nonconform CONNECTION-ID-LENGTH in SERVER-HELLO"); - - // If decrypting, store the connection ID. - if ( ssl_store_key_material && sh.connectionIdLength <= 32 ) - { - const u_char* ptr = recordData; - - ptr += SSLv2_SERVER_HELLO_HEADER_SIZE + sh.cipherSpecLength + - sh.certificateLength; - - pConnectionId = new SSL_DataBlock(ptr, sh.connectionIdLength); - } - - if ( sh.sessionIdHit == 0 ) - { - // Generating reusing-connection event. - EventHandlerPtr event = ssl_session_insertion; - - if ( event ) - { - TableVal* sessionIDTable = - MakeSessionID( - recordData + - SSLv2_SERVER_HELLO_HEADER_SIZE + - sh.certificateLength + - sh.cipherSpecLength, - sh.connectionIdLength); - - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(sessionIDTable); - - proxy->ConnectionEvent(ssl_session_insertion, vl); - } - } - - SSLv2_States nextState; - - if ( sh.sessionIdHit != 0 ) - { // we're using a cached session - - // There should not be any pending data in the SSLv2 - // reassembler, because the server should wait for a - // client response. - if ( ((SSLv2_Endpoint*) s)->isDataPending() ) - { - // But turns out some SSL Implementations do this - // when using a cached session. - } - - // Consistency check for SESSION-ID-HIT. - if ( ! bClientWantsCachedSession ) - Weird("SSLv2: SESSION-ID hit in SERVER-HELLO, but no SESSION-ID in CLIENT-HELLO!"); - - // If the SESSION-ID-HIT flag is non-zero then the - // CERTIFICATE-TYPE, CERTIFICATE-LENGTH and - // CIPHER-SPECS-LENGTH fields will be zero. - if ( sh.certificateType != 0 || sh.certificateLength != 0 || - sh.cipherSpecLength != 0 ) - Weird("SSLv2: SESSION-ID-HIT, but session data in SERVER-HELLO"); - - // Generate reusing-connection event. - if ( pSessionId ) - { - fire_ssl_conn_reused(pSessionId); - delete pSessionId; - pSessionId = 0; - } - - nextState = CACHED_SESSION; - } - else - { // we're starting a new session - - // There should not be any pending data in the SSLv2 - // reassembler, because the server should wait for - // a client response. - if ( ((SSLv2_Endpoint*) s)->isDataPending() ) - Weird("SSLv2: Pending data in SSL_RecordBuilder after SERVER-HELLO (new session)!"); - - // TODO: check certificate length ??? - if ( sh.certificateLength == 0 ) - Weird("SSLv2: No certificate in SERVER-HELLO!"); - - // The CIPHER-SPECS-LENGTH must be > zero and a multiple of 3. - if ( sh.cipherSpecLength == 0 ) - Weird("SSLv2: No CIPHER-SPECS in SERVER-HELLO!"); - - if ( sh.cipherSpecLength % 3 != 0 ) - { - Weird("SSLv2: Nonconform CIPHER-SPECS-LENGTH in SERVER-HELLO"); - return ERROR_REQUIRED; - } - - const u_char* ptr = recordData; - ptr += sh.certificateLength + SSLv2_SERVER_HELLO_HEADER_SIZE; - currentCipherSuites = analyzeCiphers(s, sh.cipherSpecLength, ptr); - - nextState = NEW_SESSION; - } - - // Check if at least one cipher is supported by the client. - if ( pClientCipherSpecs && pServerCipherSpecs ) - { - bool bFound = false; - for ( int i = 0; i < pClientCipherSpecs->len; i += 3 ) - { - for ( int j = 0; j < pServerCipherSpecs->len; j += 3 ) - { - if ( memcmp(pClientCipherSpecs + i, - pServerCipherSpecs + j, 3) == 0 ) - { - bFound = true; - i = pClientCipherSpecs->len; - break; - } - } - } - - if ( ! bFound ) - { - Weird("SSLv2: Client's and server's CIPHER-SPECS don't match!"); - nextState = ERROR_REQUIRED; - } - - delete pClientCipherSpecs; - pClientCipherSpecs = 0; - } - - // Certificate analysis. - if ( sh.certificateLength > 0 && ssl_analyze_certificates != 0 ) - { - analyzeCertificate(s, recordData + SSLv2_SERVER_HELLO_HEADER_SIZE, - sh.certificateLength, sh.certificateType, false); - } - - if ( nextState == NEW_SESSION ) - // generate server-reply event - fire_ssl_conn_server_reply(sh.serverVersion, currentCipherSuites); - - else if ( nextState == CACHED_SESSION ) - { // generate server-reply event - fire_ssl_conn_server_reply(sh.serverVersion, currentCipherSuites); - // Generate a connection-established event with a dummy - // cipher suite, since we can't remember session information - // (yet). - // Note: A new session identifier is sent encrypted in SSLv2! - fire_ssl_conn_established(sh.serverVersion, 0xABCD); - } - else - // Unref, since the table is not delivered to any event. - Unref(currentCipherSuites); - - return nextState; - } - -/*! - * This method analyses a SSLv2 CLIENT-MASTER-KEY record. - * - * \param s Pointer to the endpoint which sent the record - * \param length length of SSLv2 CLIENT-MASTER-KEY record - * \param data pointer to SSLv2 CLIENT-MASTER-KEY record to analyze - * - * \return the updated state of the current ssl connection - */ -SSLv2_States SSLv2_Interpreter:: - ClientMasterKeyRecord(SSL_InterpreterEndpoint* s, int recordLength, - const u_char* recordData) - { - ++clientMasterKeyRecords; - SSLv2_States nextState = CLIENT_MASTERKEY_SEEN; - - if ( s != orig ) - Weird("SSLv2: CLIENT-MASTER-KEY from server!"); - - if ( recordLength < SSLv2_CLIENT_MASTER_KEY_HEADER_SIZE ) - { - Weird("SSLv2: CLIENT-MASTER-KEY is too small!"); - return ERROR_REQUIRED; - } - - // Extract the data of the client master key header. - SSLv2_ClientMasterKeyHeader cmk; - cmk.cipherKind = - ((recordData[1] << 16) | recordData[2] << 8) | recordData[3]; - cmk.clearKeyLength = uint16(recordData[4] << 8) | recordData[5]; - cmk.encryptedKeyLength = uint16(recordData[6] << 8) | recordData[7]; - cmk.keyArgLength = uint16(recordData[8] << 8) | recordData[9]; - - if ( cmk.clearKeyLength + cmk.encryptedKeyLength + cmk.keyArgLength + - SSLv2_CLIENT_MASTER_KEY_HEADER_SIZE != recordLength ) - { - Weird("SSLv2: Size inconsistency in CLIENT-MASTER-KEY"); - return ERROR_REQUIRED; - } - - // Check if cipher is supported by the server. - if ( pServerCipherSpecs ) - { - bool bFound = false; - for ( int i = 0; i < pServerCipherSpecs->len; i += 3 ) - { - uint32 cipherSpec = - ((pServerCipherSpecs->data[i] << 16) | - pServerCipherSpecs->data[i+1] << 8) | - pServerCipherSpecs->data[i+2]; - - if ( cmk.cipherKind == cipherSpec ) - { - bFound = true; - break; - } - } - - if ( ! bFound ) - { - Weird("SSLv2: Client chooses unadvertised cipher in CLIENT-MASTER-KEY!"); - nextState = ERROR_REQUIRED; - } - else - nextState = CLIENT_MASTERKEY_SEEN; - - delete pServerCipherSpecs; - pServerCipherSpecs = 0; - } - - // TODO: check if cipher has been advertised before. - - SSL_CipherSpec* pCipherSpecTemp = 0; - - HashKey h(static_cast(cmk.cipherKind)); - pCipherSpecTemp = (SSL_CipherSpec*) SSL_CipherSpecDict.Lookup(&h); - if ( ! pCipherSpecTemp || ! (pCipherSpecTemp->flags & SSL_FLAG_SSLv20) ) - Weird("SSLv2: Unknown CIPHER-SPEC in CLIENT-MASTER-KEY!"); - else - { // check for conistency of clearKeyLength - if ( cmk.clearKeyLength * 8 != pCipherSpecTemp->clearKeySize ) - { - Weird("SSLv2: Inconsistency of clearKeyLength in CLIENT-MASTER-KEY!"); - // nextState = ERROR_REQUIRED; - } - - // TODO: check for consistency of encryptedKeyLength. - // TODO: check for consistency of keyArgLength. -// switch ( cmk.cipherKind ) -// { -// case SSL_CK_RC4_128_WITH_MD5: -// case SSL_CK_RC4_128_EXPORT40_WITH_MD5: -// if ( cmk.keyArgLength != 0 ) -// { -// Weird("SSLv2: Inconsistency of keyArgLength in CLIENT-MASTER-KEY!"); -// //nextState = ERROR_REQUIRED; -// } -// break; -// case SSL_CK_DES_64_CBC_WITH_MD5: -// case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5: -// case SSL_CK_RC2_128_CBC_WITH_MD5: -// case SSL_CK_IDEA_128_CBC_WITH_MD5: -// case SSL_CK_DES_192_EDE3_CBC_WITH_MD5: -// if ( cmk.keyArgLength != 8 ) -// { -// Weird("SSLv2: Inconsistency of keyArgLength in CLIENT-MASTER-KEY!"); -// } -// break; -// } - } - - // Remember the used cipher spec. - usedCipherSpec = SSLv2_CipherSpec(cmk.cipherKind); - - // If decrypting, store the clear key part of the master key. - if ( ssl_store_key_material /* && cmk.clearKeyLength == 11 */ ) - { - pMasterClearKey = - new SSL_DataBlock((recordData + SSLv2_CLIENT_MASTER_KEY_HEADER_SIZE), cmk.clearKeyLength); - - pMasterEncryptedKey = - new SSL_DataBlock((recordData + SSLv2_CLIENT_MASTER_KEY_HEADER_SIZE + cmk.clearKeyLength ), cmk.encryptedKeyLength); - } - - if ( nextState == CLIENT_MASTERKEY_SEEN ) - fire_ssl_conn_established(SSLProxy_Analyzer::SSLv20, - cmk.cipherKind); - - return nextState; - } - - -/*! - * This method analyses a SSLv2 ERROR record. - * - * \param s Pointer to the endpoint which sent the record - * \param length length of SSLv2 ERROR record - * \param data pointer to SSLv2 ERROR record to analyze - * - * \return the updated state of the current ssl connection - */ -SSLv2_States SSLv2_Interpreter::ErrorRecord(SSL_InterpreterEndpoint* s, - int recordLength, const u_char* recordData) - { - ++errorRecords; - - if ( unsigned(recordLength) != SSLv2_ERROR_RECORD_SIZE ) - { - Weird("SSLv2: Size mismatch in Error Record!"); - return ERROR_REQUIRED; - } - - SSLv2_ErrorRecord er; - er.errorCode = (recordData[1] << 8) | recordData[2]; - SSL3x_AlertLevel al = SSL3x_AlertLevel(255); - - switch ( er.errorCode ) { - case SSLv2_PE_NO_CIPHER: - // The client doesn't support a cipher which the server - // supports. Only from client to server and not recoverable! - al = SSL3x_ALERT_LEVEL_FATAL; - break; - - case SSLv2_PE_NO_CERTIFICATE: - if ( s == orig ) - // from client to server: not recoverable - al = SSL3x_ALERT_LEVEL_FATAL; - else - // from server to client: recoverable - al = SSL3x_ALERT_LEVEL_WARNING; - break; - - case SSLv2_PE_BAD_CERTIFICATE: - if ( s == orig ) - // from client to server: not recoverable - al = SSL3x_ALERT_LEVEL_FATAL; - else - // from server to client: recoverable - al = SSL3x_ALERT_LEVEL_WARNING; - break; - - case SSLv2_PE_UNSUPPORTED_CERTIFICATE_TYPE: - if ( s == orig ) - // from client to server: not recoverable - al = SSL3x_ALERT_LEVEL_FATAL; - else - // from server to client: recoverable - al = SSL3x_ALERT_LEVEL_WARNING; - break; - - default: - al = SSL3x_ALERT_LEVEL_FATAL; - break; - } - - fire_ssl_conn_alert(SSLProxy_Analyzer::SSLv20, al, er.errorCode); - - return ERROR_SEEN; - } - -/*! - * This method analyses a set of SSLv2 cipher suites. - * - * \param s Pointer to the endpoint which sent the cipher suites - * \param length length of cipher suites - * \param data pointer to cipher suites to analyze - * - * \return a pointer to a Bro TableVal (of type cipher_suites_list) which contains - * the cipher suites list of the current analyzed record - */ -TableVal* SSLv2_Interpreter::analyzeCiphers(SSL_InterpreterEndpoint* s, - int length, const u_char* data) - { - if ( length > MAX_CIPHERSPEC_SIZE ) - { - if ( s == orig ) - Weird("SSLv2: Client has CipherSpecs > MAX_CIPHERSPEC_SIZE"); - else - Weird("SSLv2: Server has CipherSpecs > MAX_CIPHERSPEC_SIZE"); - } - else - { // cipher specs are not too big - if ( ssl_compare_cipherspecs ) - { // store cipher specs for state analysis - if ( s == resp ) - pServerCipherSpecs = - new SSL_DataBlock(data, length); - else - pClientCipherSpecs = - new SSL_DataBlock(data, length); - } - } - - const u_char* pCipher = data; - bool bExtractCipherSuite = false; - TableVal* pCipherTable = 0; - - // We only extract the cipher suite when the corresponding - // ssl events are defined (otherwise we do work for nothing - // and suffer a memory leak). - // FIXME: This check needs to be done only once! - if ( (s == orig && ssl_conn_attempt) || - (s == resp && ssl_conn_server_reply) ) - { - pCipherTable = new TableVal(cipher_suites_list); - bExtractCipherSuite = true; - } - - for ( int i = 0; i < length; i += 3 ) - { - SSL_CipherSpec* pCurrentCipherSpec; - uint32 cipherSpecID = - ((pCipher[0] << 16) | pCipher[1] << 8) | pCipher[2]; - - // Check for unknown cipher specs. - HashKey h(static_cast(cipherSpecID)); - pCurrentCipherSpec = - (SSL_CipherSpec*) SSL_CipherSpecDict.Lookup(&h); - - if ( ! pCurrentCipherSpec ) - { - if ( s == orig ) - Weird("SSLv2: Unknown CIPHER-SPEC in CLIENT-HELLO!"); - else - Weird("SSLv2: Unknown CIPHER-SPEC in SERVER-HELLO!"); - } - - if ( bExtractCipherSuite ) - { - Val* index = new Val(cipherSpecID, TYPE_COUNT); - pCipherTable->Assign(index, 0); - Unref(index); - } - - pCipher += 3; - } - - return pCipherTable; - } - -// --- SSLv2_EndPoint --------------------------------------------------------- - -/*! - * The constructor. - * - * \param interpreter Pointer to the SSLv2 interpreter to whom this endpoint belongs to - * \param is_orig true if this is the originating endpoint of the ssl connection, - * false otherwise - */ -SSLv2_Endpoint::SSLv2_Endpoint(SSLv2_Interpreter* interpreter, int is_orig) -: SSL_InterpreterEndpoint(interpreter, is_orig) - { - sentRecords = 0; - } - -/*! - * The destructor. - */ -SSLv2_Endpoint::~SSLv2_Endpoint() - { - } - -/*! - * This method is called by the SSLProxy_Analyzer with a complete reassembled - * SSLv2 record. It passes the record to SSLv2_Interpreter::NewSSLRecord(). - * - * \param t reserved (always zero) - * \param seq reserved (always zero) - * \param len length of the data block containing the ssl record - * \param data pointer to the data block containing the ssl record - */ -void SSLv2_Endpoint::Deliver(int len, const u_char* data) - { - ++((SSLv2_Endpoint*)peer)->sentRecords; - - ((SSLv2_Interpreter*)interpreter)->NewSSLRecord(this, len, data); - } diff --git a/src/SSLv2.h b/src/SSLv2.h deleted file mode 100644 index d4719a20c6..0000000000 --- a/src/SSLv2.h +++ /dev/null @@ -1,239 +0,0 @@ -// $Id: SSLv2.h 3526 2006-09-12 07:32:21Z vern $ - -#ifndef SSLV2_H -#define SSLV2_H - -#include "SSLInterpreter.h" -#include "SSLCiphers.h" - -// --- constants for SSLv2 --------------------------------------------------- - -/*! - * In SSLv2, each record is of a special message type. Note that the message - * type is encrypted if the record has been encrypted, so we can determine - * the message type only if we have a cleartext record. - */ -enum SSLv2_MessageTypes { - SSLv2_MT_ERROR = 0, ///< can be in cleartext or encrypted - SSLv2_MT_CLIENT_HELLO = 1, ///< always in cleartext - SSLv2_MT_CLIENT_MASTER_KEY = 2, ///< always in cleartext - SSLv2_MT_CLIENT_FINISHED = 3, ///< always encrypted - SSLv2_MT_SERVER_HELLO = 4, ///< always in cleartext - SSLv2_MT_SERVER_VERIFY = 5, ///< always encrypted - SSLv2_MT_SERVER_FINISHED = 6, ///< always encrypted - SSLv2_MT_REQUEST_CERTIFICATE = 7, ///< always encrypted - SSLv2_MT_CLIENT_CERTIFICATE = 8, ///< always encrypted -}; - -// Certificate Type Codes. -// -// Authentication Type Codes -// #define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01 -// Upper/Lower Bounds -// #define SSL_MAX_MASTER_KEY_LENGTH_IN_BITS 256 -// #define SSL_MAX_SESSION_ID_LENGTH_IN_BYTES 16 -// #define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES 64 -// #define SSL_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767 -// #define SSL_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 - -const uint8 SSLv2_CT_X509_CERTIFICATE = 0x01; - -/*! - * Error codes used in the error record. - */ -enum SSLv2_ErrorCodes { - SSLv2_PE_NO_CIPHER = 0x0001, - SSLv2_PE_NO_CERTIFICATE = 0x0002, - SSLv2_PE_BAD_CERTIFICATE = 0x0004, - SSLv2_PE_UNSUPPORTED_CERTIFICATE_TYPE = 0x0006 -}; - -// --- structs ---------------------------------------------------------------- - -const int SSLv2_CLIENT_HELLO_HEADER_SIZE = 9; -struct SSLv2_ClientHelloHeader { - uint8 messageType; - uint16 clientVersion; - uint16 cipherSpecLength; - uint16 sessionIdLength; - uint16 challengeLength; -}; - -const int SSLv2_SERVER_HELLO_HEADER_SIZE = 11; -struct SSLv2_ServerHelloHeader { - uint8 messageType; - uint8 sessionIdHit; - uint8 certificateType; - uint16 serverVersion; - uint16 certificateLength; - uint16 cipherSpecLength; - uint16 connectionIdLength; -}; - -const int SSLv2_CLIENT_MASTER_KEY_HEADER_SIZE = 10; -struct SSLv2_ClientMasterKeyHeader { - uint8 messageType; - uint32 cipherKind; // caution: is an uint24 - uint16 clearKeyLength; - uint16 encryptedKeyLength; - uint16 keyArgLength; -}; - -const unsigned int SSLv2_ERROR_RECORD_SIZE = 3; -struct SSLv2_ErrorRecord { - uint8 messageType; - uint16 errorCode; -}; - -const unsigned int SSLv2_CLIENT_FINISHED_HEADER_SIZE = 1; -struct SSLv2_ClientFinished { - uint8 messageType; - //char CONNECTION-ID[N-1] -}; - -struct SSLv2_ServerVerify { - uint8 messageType; - //char CHALLENGE-DATA[N-1] -}; - -struct SSLv2_ServerFinished { - uint8 messageType; - //char SESSION-ID-DATA[N-1] -}; - -// MISSING: -// CLIENT-CERTIFICATE -// REQUEST-CERTIFICATE - -/*! - * States used by the internal SSLv2 automaton. - */ -enum SSLv2_States { - START, ///< start state, no data seen yet - CLIENT_HELLO_SEEN, ///< client hello flew by - NEW_SESSION, ///< server hello with sessionIdHit == 0 seen - CACHED_SESSION, ///< server hello with sessionIdHit != 0 seen - CLIENT_MASTERKEY_SEEN, ///< we saw a client master key record - ERROR_SEEN, ///< we saw an error record - ERROR_REQUIRED ///< one of our critical checks failed, so we think we should see an error record -}; - - -// --- forward declarations --------------------------------------------------- - -class SSLv2_Interpreter; -class SSLv2_Endpoint; -class SSLv2_Record; -class SSL_DataBlock; -class SSL_RecordBuilder; - -// --- class SSLv2_Interpreter ------------------------------------------------ - -/*! - * \brief This class is used to analyze SSLv2 connections. - * - * Since there's currently no support for decrypting ssl connections, analysis - * stops when a connection switches to encrypted communication. - * The interpreter does several checks, both record- and connection-orientated. - * - * The record checks mainly consist of consistency checks, where the correct - * use of the SSL 2.0 specification is checked. Furthermore, the CIPHER-SPECS - * of the client and the server can be compared to detect non-intersecting sets. - * - * The connection check monitors the handshaking process for invalid transitions, - * until the end of the cleartext phase. - * - * Several events are thrown for BroScript, including client connection attempt, - * server reply, ssl connection establishment/reuse of former connection, proposed - * cipher suites and certificates seen. - * - * \see SSLv2_Endpoint - */ -class SSLv2_Interpreter : public SSL_Interpreter { -public: - SSLv2_Interpreter(SSLProxy_Analyzer* proxy); - ~SSLv2_Interpreter(); - - void NewSSLRecord(SSL_InterpreterEndpoint* s, int length, const u_char* data); - void analyzeRecord(SSL_InterpreterEndpoint* s, int length, const u_char* data); - SSLv2_States ClientHelloRecord(SSL_InterpreterEndpoint* s, - int recordLength, - const u_char* recordData); - SSLv2_States ServerHelloRecord(SSL_InterpreterEndpoint* s, - int recordLength, const u_char* recordData); - SSLv2_States ClientMasterKeyRecord(SSL_InterpreterEndpoint* s, - int recordLength, - const u_char* recordData); - SSLv2_States ErrorRecord(SSL_InterpreterEndpoint* s, - int recordLength, - const u_char* recordData); - - TableVal* analyzeCiphers(SSL_InterpreterEndpoint* s, - int length, const u_char* data); - SSLv2_States ConnState(); - - static void printStats(); - -#define MAX_CIPHERSPEC_SIZE ssl_max_cipherspec_size - - // Global connection counters. - static uint totalConnections; ///< counter for total sslv2 connections - static uint analyzedConnections; ///< counter for analyzed (=not partial) connections - static uint openedConnections; ///< counter for SSLv2 connections with complete handshake - static uint failedConnections; ///< counter for SSLv2 connections with failed but correct handshake - static uint weirdConnections; ///< counter for SSLv2 connections with failed and weird handshake - - // Global record counters. - static uint totalRecords; ///< counter for total SSLv2 records seen - static uint clientHelloRecords; ///< counter for SSLv2 CLIENT-HELLOs seen - static uint serverHelloRecords; ///< counter for SSLv2 SERVER-HELLOs seen - static uint clientMasterKeyRecords; ///< counter for SSLv2 CLIENT-MASTER-KEYSs seen - static uint errorRecords; ///< counter for SSLv2 ERRORs seen - - // Counters for this instance. - uint32 records; ///< counter for SSLv2 records of this connection - SSLv2_States connState; ///< state of connection - - bool bAnalyzedCounted; ///< flag for counting analyzedConnections - - // FIXME: this should be states. - bool bClientWantsCachedSession; ///< true if the client wants a cached session, false otherwise - - -protected: - void BuildInterpreterEndpoints(); - - SSL_DataBlock* pClientCipherSpecs; ///< the CIPHER-SPECs from the client - SSL_DataBlock* pServerCipherSpecs; ///< the CIPHER-SPECs from the server - SSLv2_CipherSpec usedCipherSpec; ///< the used CIPHER-SPEC for this connection - - // Currently experimental: - SSL_DataBlock* pConnectionId; // 16 <= ConnectionId <= 32 - SSL_DataBlock* pChallenge; // 16 <= Challenge <= 32 - SSL_DataBlock* pSessionId; // has to be 16 Bytes - SSL_DataBlock* pMasterClearKey; - SSL_DataBlock* pMasterEncryptedKey; - SSL_DataBlock* pClientReadKey; - SSL_DataBlock* pServerReadKey; -}; - -// --- class SSLv2_Endpoint --------------------------------------------------- - -/*! - * \brief This class represents an endpoint of an SSLv2 connection. - * - * Fully reassembled SSLv2 records are passed to its Deliver() function. - * There, some counters are updated and the record is then passed to - * SSLv2_Interpreter::NewSSLRecord(). - */ -class SSLv2_Endpoint: public SSL_InterpreterEndpoint { -public: - SSLv2_Endpoint(SSLv2_Interpreter* interpreter, int is_orig); - virtual ~SSLv2_Endpoint(); - - void Deliver(int len, const u_char* data); - - uint32 sentRecords; ///< counter for sent records of this endpoint -}; - -#endif diff --git a/src/SSLv3.cc b/src/SSLv3.cc deleted file mode 100644 index bebc7a076f..0000000000 --- a/src/SSLv3.cc +++ /dev/null @@ -1,1471 +0,0 @@ -// $Id: SSLv3.cc 5988 2008-07-19 07:02:12Z vern $ - -#include "SSLv3.h" -#include "SSLCiphers.h" - -// --- Initalization of static variables -------------------------------------- - -bool SSLv3_Interpreter::bInited = false; - -uint SSLv3_Interpreter::totalConnections = 0; -uint SSLv3_Interpreter::openedConnections = 0; -uint SSLv3_Interpreter::totalRecords = 0; -uint SSLv3_Interpreter::handshakeRecords = 0; -uint SSLv3_Interpreter::clientHelloRecords = 0; -uint SSLv3_Interpreter::serverHelloRecords = 0; -uint SSLv3_Interpreter::alertRecords = 0; -uint SSLv3_Interpreter::changeCipherRecords = 0; - - -// ---SSLv3_Interpreter-------------------------------------------------------- - -// Initialize static: -SSLv3_Automaton SSLv3_Interpreter::sslAutomaton(SSL3_1_NUM_STATES, - SSL3_1_NUM_TRANS, SSL3_1_STATE_ERROR); - -SSLv3_Interpreter::SSLv3_Interpreter(SSLProxy_Analyzer* proxy) -: SSL_Interpreter(proxy) - { - pCipherSuite = 0; - cipherSuiteIdentifier = 0; - pClientCipherSpecs = 0; - clientSessionID = 0; - serverSessionID = 0; - clientRandom = 0; - serverRandom = 0; - serverRSApars = 0; - serverDHPars = 0; - encryptedPreSecret = 0; - clientDHpublic = 0; - // keyXAlgorithm = SSL_KEY_EXCHANGE_NULL; - change_cipher_client_seen = false; - change_cipher_server_seen = false; - fin_client_seen = false; - fin_server_seen = false; - helloRequestValid = true; - - if ( ! bInited ) - { - BuildAutomaton(); - // BuildCipherDict(); - bInited = true; - } - - currentState = SSL3_1_STATE_INIT; - ++totalConnections; - } - -SSLv3_Interpreter::~SSLv3_Interpreter() - { - delete pClientCipherSpecs; - delete clientSessionID; - delete serverSessionID; - - if ( ssl_store_key_material ) - { - if ( clientRandom ) - delete clientRandom->random_bytes; - delete clientRandom; - if ( serverRandom ) - delete serverRandom->random_bytes; - delete serverRandom; - delete serverRSApars; - delete serverDHPars; - delete encryptedPreSecret; - delete clientDHpublic; - } - } - -void SSLv3_Interpreter::BuildInterpreterEndpoints() - { - orig = new SSLv3_Endpoint(this, 1); - resp = new SSLv3_Endpoint(this, 0); - } - -void SSLv3_Interpreter::BuildAutomaton() - { - sslAutomaton.addTrans(SSL3_1_STATE_INIT, SSL3_1_TRANS_SERVER_HELLO_REQ, - SSL3_1_STATE_SERVER_HELLO_REQ_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_HELLO_REQ_SENT, - SSL3_1_TRANS_CLIENT_HELLO, SSL3_1_STATE_CLIENT_HELLO_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_INIT, SSL3_1_TRANS_CLIENT_HELLO, - SSL3_1_STATE_CLIENT_HELLO_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_HELLO_SENT, - SSL3_1_TRANS_SERVER_HELLO, SSL3_1_STATE_SERVER_HELLO_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_HELLO_SENT, - SSL3_1_TRANS_SERVER_CERT, SSL3_1_STATE_SERVER_CERT_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_HELLO_SENT, - SSL3_1_TRANS_SERVER_KEY_EXCHANGE, - SSL3_1_STATE_SERVER_KEY_EXCHANGE_SENT); - - // Server key-exchange and/or server requests cert from client. - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_CERT_SENT, - SSL3_1_TRANS_SERVER_KEY_EXCHANGE, - SSL3_1_STATE_SERVER_KEY_EXCHANGE_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_KEY_EXCHANGE_SENT, - SSL3_1_TRANS_SERVER_HELLO_DONE, - SSL3_1_STATE_SERVER_HELLO_DONE_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_KEY_EXCHANGE_SENT, - SSL3_1_TRANS_SERVER_CERT_REQ, - SSL3_1_STATE_SERVER_CERT_REQ_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_CERT_SENT, - SSL3_1_TRANS_SERVER_CERT_REQ, - SSL3_1_STATE_SERVER_CERT_REQ_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_CERT_REQ_SENT, - SSL3_1_TRANS_SERVER_HELLO_DONE, - SSL3_1_STATE_SERVER_HELLO_DONE_SENT_B); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_HELLO_DONE_SENT_B, - SSL3_1_TRANS_CLIENT_CERT, SSL3_1_STATE_CLIENT_CERT_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_CERT_SENT, - SSL3_1_TRANS_CLIENT_KEY_EXCHANGE, - SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_B); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_B, - SSL3_1_TRANS_CLIENT_CERT_VERIFY, - SSL3_1_STATE_CLIENT_CERT_VERIFY_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_B, - SSL3_1_TRANS_CLIENT_FIN, SSL3_1_STATE_CLIENT_FIN_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_CERT_VERIFY_SENT, - SSL3_1_TRANS_CLIENT_FIN, SSL3_1_STATE_CLIENT_FIN_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_FIN_SENT_A, - SSL3_1_TRANS_SERVER_FIN, SSL3_1_STATE_HS_FIN_A); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_B, - SSL3_1_TRANS_SERVER_FIN, SSL3_1_STATE_SERVER_FIN_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_CERT_VERIFY_SENT, - SSL3_1_TRANS_SERVER_FIN, SSL3_1_STATE_SERVER_FIN_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_FIN_SENT_A, - SSL3_1_TRANS_CLIENT_FIN, SSL3_1_STATE_HS_FIN_A); - - // Server hello done after server cert sent. - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_CERT_SENT, - SSL3_1_TRANS_SERVER_HELLO_DONE, - SSL3_1_STATE_SERVER_HELLO_DONE_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_HELLO_DONE_SENT_A, - SSL3_1_TRANS_CLIENT_KEY_EXCHANGE, - SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_A, - SSL3_1_TRANS_CLIENT_FIN, SSL3_1_STATE_CLIENT_FIN_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_A, - SSL3_1_TRANS_SERVER_FIN, SSL3_1_STATE_SERVER_FIN_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_FIN_SENT_A, - SSL3_1_TRANS_SERVER_FIN, SSL3_1_STATE_HS_FIN_A); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_FIN_SENT_A, - SSL3_1_TRANS_CLIENT_FIN, SSL3_1_STATE_HS_FIN_A); - - // When reestablishing a session: - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_HELLO_SENT, - SSL3_1_TRANS_CLIENT_FIN, SSL3_1_STATE_CLIENT_FIN_SENT_B); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_HELLO_SENT, - SSL3_1_TRANS_SERVER_FIN, SSL3_1_STATE_SERVER_FIN_SENT_B); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_FIN_SENT_B, - SSL3_1_TRANS_SERVER_FIN, SSL3_1_STATE_HS_FIN_B); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_FIN_SENT_B, - SSL3_1_TRANS_CLIENT_FIN, SSL3_1_STATE_HS_FIN_B); - - sslAutomaton.setStartState(SSL3_1_STATE_INIT); - } - -void SSLv3_Interpreter::printStats() - { - printf( "SSLv3x:\n" ); - printf( "Note: Because handshake messages may be coalesced into a \n"); - printf( " single SSLv3x record, the number of total messages for SSLv3x plus \n"); - printf( " the number of total records seen for SSLv3 won't match \n"); - printf( " SSLProxy_Analyzer::totalRecords! \n"); - printf( "total connections = %u\n", totalConnections ); - printf( "opened connections (complete handshake) = %u\n", openedConnections ); - - printf( "total messages seen = %u\n", totalRecords ); - printf( "handshake messages seen = %u\n", handshakeRecords ); - printf( "alert records seen = %u\n", alertRecords ); - printf( "change cipher records seen = %u\n", changeCipherRecords ); - printf( "client hello messages seen = %u\n", clientHelloRecords ); - printf( "server hello messages seen = %u\n", serverHelloRecords ); - } - -int SSLv3_Interpreter::HandshakeType2Trans(int type) - { - switch ( SSL3_1_HandshakeType(type) ) { - case SSL3_1_HELLO_REQUEST: return SSL3_1_TRANS_SERVER_HELLO_REQ; - case SSL3_1_CLIENT_HELLO: return SSL3_1_TRANS_CLIENT_HELLO; - case SSL3_1_SERVER_HELLO: return SSL3_1_TRANS_SERVER_HELLO; - - case SSL3_1_CERTIFICATE: - // Client- and server certificate handshake records lead - // to the same transition in the SSL automaton - // (see SSLDefines.h) - return SSL3_1_TRANS_SERVER_CERT; - - case SSL3_1_SERVER_KEY_EXCHANGE: return SSL3_1_TRANS_SERVER_KEY_EXCHANGE; - case SSL3_1_CERTIFICATE_REQUEST: return SSL3_1_TRANS_SERVER_CERT_REQ; - case SSL3_1_SERVER_HELLO_DONE: return SSL3_1_TRANS_SERVER_HELLO_DONE; - case SSL3_1_CERTIFICATE_VERIFY: return SSL3_1_TRANS_CLIENT_CERT_VERIFY; - case SSL3_1_CLIENT_KEY_EXCHANGE: return SSL3_1_TRANS_CLIENT_KEY_EXCHANGE; - - case SSL3_1_FINISHED: - // Client- and server certificate handshake records lead - // to the same transition in the SSL automaton - // (see SSLDefines.h) - return SSL3_1_TRANS_CLIENT_FIN; - default: - return -1; - } - } - -void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec) - { - ++SSLv3_Interpreter::totalRecords; - ++SSLv3_Interpreter::handshakeRecords; - - TableVal* currentCipherSuites = 0; - - // First: consistency checks. - // Special treatment for finished messages, because they are - // already encrypted (encrypted handshake message). - if ( (change_cipher_client_seen && (rec->endp)->IsOrig() && - ! fin_client_seen) || - (change_cipher_server_seen && ! rec->endp->IsOrig() && - ! fin_server_seen) ) - { - // no checks can be performed due encryption... - } - else - { - SSL3_1_HandshakeType ht = SSL3_1_HandshakeType(rec->type); - switch ( ht ) { - case SSL3_1_HELLO_REQUEST: - if ( rec->length != 0 ) - Weird("SSLv3x: Hello request too long!"); - if ( ! helloRequestValid ) - Weird("SSLv3x: Received hello request during handshake!"); - // There should only be sent one hello request at a - // time. - helloRequestValid = false; - break; - - case SSL3_1_CLIENT_HELLO: - { - ++SSLv3_Interpreter::clientHelloRecords; - - // During the handshaking phase, we don't want any - // more hello requests. - helloRequestValid = false; - - if ( rec->checkClientHello() == 0 ) - return; - - const u_char* pTemp = rec->data; - uint8 sessionIDLength = uint8(pTemp[38]); - clientSessionID = - new SSL_DataBlock((pTemp + 39), sessionIDLength); - uint16 cipherSuiteLength = - uint16(pTemp[39 + sessionIDLength] << 8 ) | - pTemp[40 + sessionIDLength]; - - currentCipherSuites = - analyzeCiphers(rec->endp, cipherSuiteLength, - rec->data + 41 + sessionIDLength, - rec->sslVersion); - - if ( ssl_store_key_material ) - { - clientRandom = new SSLv3x_Random(); - clientRandom->random_bytes = 0; - clientRandom->gmt_unix_time = - uint32(((pTemp[6] << 24) | - pTemp[7] << 16) | - pTemp[8] << 8) | pTemp[9]; - - clientRandom->random_bytes = - new SSL_DataBlock(pTemp + 10, 28); - } - break; - } - - case SSL3_1_SERVER_HELLO: - { - ++SSLv3_Interpreter::serverHelloRecords; - if ( rec->checkServerHello() == 0) - return; - - const u_char* pTemp = rec->data; - uint8 sessionIDLength = uint8(pTemp[38]); - serverSessionID = - new SSL_DataBlock(pTemp + 39, sessionIDLength); - currentCipherSuites = - analyzeCiphers(rec->endp, 2, - rec->data + 39 + sessionIDLength, - rec->sslVersion); - - // Check whether the cipher suite the server choose - // was included in the cipher suites the client - // anounced. - if ( pClientCipherSpecs && pCipherSuite ) - { - bool bFound = false; - uint16 tempClientCipher; - for ( int i = 0; i < pClientCipherSpecs->len; - i += 2 ) - { - tempClientCipher = - (pClientCipherSpecs->data[i] << 8) | - pClientCipherSpecs->data[i+1]; - - if ( tempClientCipher == - pCipherSuite->identifier ) - { - bFound = true; - i = pClientCipherSpecs->len; - } - } - - if ( ! bFound ) - Weird("SSLv3x: Server choosed cipher spec that client didn't anounce!"); - - delete pClientCipherSpecs; - pClientCipherSpecs = 0; - } - - if ( ssl_store_key_material ) - { - serverRandom = new SSLv3x_Random(); - serverRandom->gmt_unix_time = - uint32(((pTemp[6] << 8) | - pTemp[7] << 8) | - pTemp[8] << 8) | pTemp[9]; - serverRandom->random_bytes = - new SSL_DataBlock(pTemp + 10, 28); - } - - // Insert session injection into here. - - if ( ! ssl_session_insertion ) - break; // in place of below - - TableVal* sessionIDTable = - serverSessionID ? - MakeSessionID(serverSessionID->data, - serverSessionID->len) : - MakeSessionID(0, 0); - - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(sessionIDTable); - - proxy->ConnectionEvent(ssl_session_insertion, vl); - break; - } - - case SSL3_1_CERTIFICATE: - { - const u_char* pData = rec->data; - uint32 certListLength = - uint32((pData[4] << 16) | - pData[5] << 8) | pData[6]; - - // Sum of all cert sizes has to match - // certListLength. - uint tempLength = 0; - uint certCount = 0; - while ( tempLength < certListLength ) - { - if ( tempLength + 3 <= certListLength ) - { - ++certCount; - uint32 certLength = - uint32((pData[tempLength + 7] << 16) | pData[tempLength + 8] << 8) | pData[tempLength + 9]; - tempLength += certLength + 3; - } - else - { - Weird("SSLv3x: Corrupt length field in certificate list!"); - return; - } - } - - if ( tempLength > certListLength ) - { - Weird("SSLv3x: sum of size of certificates doesn't match size of certificate chain"); - return; - } - - SSL_InterpreterEndpoint* pEp = - (SSL_InterpreterEndpoint*) rec->endp; - - if ( certCount == 0 ) - { - // we don't have a certificate, but this is valid - // according to RFC2246 - if ( rec->endp->IsOrig() ) - { - Weird("SSLv3x: Client certificate is missing!"); - break; - } - else - { - Weird("SSLv3x: Server certificate is missing!"); - break; - } - } - - if ( certCount > 1 ) - { // we have a chain - analyzeCertificate(pEp, - rec->data + 7, - certListLength, 1, true); - } - else - { - // We have a single certificate. - // FIXME. - analyzeCertificate(pEp, - rec->data + 10, - certListLength-3, 1, false); - } - - break; - } - - case SSL3_1_SERVER_KEY_EXCHANGE: - { - /* - switch (cipherSuite) - { - // It would be necessary to have the RSA key length - // out of the server's certificate. If the cipher suite - // is EXPORT, than a RSA key length larger than 512 bits - // is not allowed for encryption and thus, the server needs - // to send a key-exchange-message in order to negotiate the - // pre-master secret (see rfc 2246 page 39) - case TLS_RSA_WITH_NULL_MD5: - case TLS_RSA_WITH_NULL_SHA: - // case TLS_RSA_EXPORT_WITH_RC4_40_MD5: //see comment above - case TLS_RSA_WITH_RC4_128_MD5: - case TLS_RSA_WITH_RC4_128_SHA: - // case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5: //see comment above - case TLS_RSA_WITH_IDEA_CBC_SHA: - // case TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: //see comment above - case TLS_RSA_WITH_DES_CBC_SHA: - case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - case TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: - case TLS_DH_DSS_WITH_DES_CBC_SHA: - case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: - case TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: - case TLS_DH_RSA_WITH_DES_CBC_SHA: - case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: - { - Weird("SSLv3x: Sending server-key-exchange not allowed for this cipher suite!"); - return; - break; - } - default: - break; - } - */ - - if ( ! pCipherSuite ) - // If we have an unknown CIPHER-SPEC, - // we can't do our weird checks. - break; - - SSL_KeyExchangeAlgorithm keyXAlgorithm = - pCipherSuite->keyExchangeAlgorithm; - - if ( keyXAlgorithm == SSL_KEY_EXCHANGE_RSA || - keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || - keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA ) - { - Weird("SSLv3x: Sending server-key-exchange not allowed for this cipher suite!"); - return; - - } - // FIXME: check where DHE_RSA etc. belongs to - const u_char* pTemp = rec->data; - if ( ssl_store_key_material ) - { - if ( keyXAlgorithm == SSL_KEY_EXCHANGE_RSA || - keyXAlgorithm == SSL_KEY_EXCHANGE_RSA || - keyXAlgorithm == SSL_KEY_EXCHANGE_RSA_EXPORT1024 ) - { // some weird checks - if ( rec->length < 2 ) - { - Weird("SSLv3x: server-key-exchange empty!"); - return; - } - - uint16 modulusLength = uint16(pTemp[4] << 8 ) | pTemp[5]; - if ( modulusLength + 4 > rec->length ) - { - Weird("SSLv3x: Corrupt length fields in server-key-exchange!"); - break; - } - - uint16 exponentLength = uint16(pTemp[6 + modulusLength] << 8 ) | pTemp[7 + modulusLength]; - if ( modulusLength + exponentLength + 4 > rec->length ) - { - Weird("SSLv3x: Corrupt length fields in server-key-exchange!"); - return; - } - - serverRSApars = - new SSLv3x_ServerRSAParams; - serverRSApars->rsa_modulus = - new SSL_DataBlock(pTemp + 6, modulusLength); - serverRSApars->rsa_exponent = - new SSL_DataBlock( pTemp + 8 + modulusLength, exponentLength); - } - else - { - if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 ) - { - if ( rec->length < 2 ) - { - Weird("SSLv3x: server-key-exchange empty!"); - return; - } - - uint16 dh_pLength = (uint16) (pTemp[4] << 8 ) | pTemp[5]; - if ( dh_pLength + 4 > rec->length ) - { - Weird("SSLv3x: Corrupt length fields in server-key-exchange!"); - break; - } - - uint16 dh_gLength = uint16(pTemp[6 + dh_pLength] << 8 ) | pTemp[7 + dh_pLength]; - uint16 dh_YsLength = uint16(pTemp[8 + dh_pLength + dh_gLength] << 8 ) | pTemp[9 + dh_pLength + dh_gLength]; - if ( dh_pLength + dh_gLength + dh_YsLength + 6 > rec->length ) - { - Weird("SSLv3x: Corrupt length fields in server-key-exchange!"); - printf("xxx %u > %u \n", (dh_pLength + dh_gLength + dh_YsLength + 6), rec->length); - return; - } - - serverDHPars = new SSLv3x_ServerDHParams; - serverDHPars->dh_p = new SSL_DataBlock(pTemp + 6 , dh_pLength); - serverDHPars->dh_g = new SSL_DataBlock(pTemp + 8 + dh_pLength, dh_gLength); - serverDHPars->dh_Ys = new SSL_DataBlock(pTemp + 10 + dh_pLength + dh_gLength, dh_YsLength); - } - } - } - break; - } - - case SSL3_1_CERTIFICATE_REQUEST: - { - // Only if server not anonymous - /* - switch (cipherSuite) - { - case TLS_NULL_WITH_NULL_NULL: - case TLS_DH_anon_EXPORT_WITH_RC4_40_MD5: - case TLS_DH_anon_WITH_RC4_128_MD5: - case TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: - case TLS_DH_anon_WITH_DES_CBC_SHA: - case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: - { - Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!"); - break; - } - default: - { - break; - } - } - */ - - if ( ! pCipherSuite ) - { - // if we have an unknown CIPHER-SPEC, - // we can't do our weird checks. - break; - } - - if ( pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_anon || pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT ) - Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!"); - - // FIXME: Insert weird checks! - break; - } - - case SSL3_1_SERVER_HELLO_DONE: - { - if ( rec->length != 0 ) - Weird("SSLv3x: Server hello too long!"); - break; - } - - case SSL3_1_CLIENT_KEY_EXCHANGE: - { - if ( ! pCipherSuite ) - // if we have an unknown CIPHER-SPEC, - // we can't do our weird checks - break; - - const u_char* pTemp = rec->data; - if ( ssl_store_key_material ) - { - SSL_KeyExchangeAlgorithm keyXAlgorithm = - pCipherSuite->keyExchangeAlgorithm; - - if ( keyXAlgorithm == SSL_KEY_EXCHANGE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA ) - { - encryptedPreSecret = - new SSLv3x_EncryptedPremasterSecret; - encryptedPreSecret->encryptedSecret = - new SSL_DataBlock( pTemp + 4, rec->length); - } - else - { - if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 ) - { - if ( rec->length < 2 ) - { - // This can happen (see RFC 2246, p. 45). - return; - } - - uint16 DHpublicLength = - uint16(pTemp[4] << 8) | pTemp[5]; - if ( DHpublicLength + 2 < rec->length ) - { - Weird("SSLv3x: Corrupt length fields in client-key-exchange!"); - return; - } - - clientDHpublic = new SSLv3x_ClientDHPublic; - clientDHpublic->dh_Yc = new SSL_DataBlock(pTemp + 6, DHpublicLength); - } - } - - } - break; - } - - case SSL3_1_CERTIFICATE_VERIFY: - { - // FIXME: Insert Weird checks! - break; - } - - case SSL3_1_FINISHED: - { - // We won't get here, because finished messages - // are already encrypted, so we can't get - // the content type of this handshake-message... - break; - } - - default: - { - if ( currentState == SSL3_1_STATE_SERVER_FIN_SENT_A || - currentState == SSL3_1_STATE_CLIENT_FIN_SENT_B ) - { - Weird("SSLv3x: Handshake message (unknown type) after finished message!"); - return; - } - else - { - Weird("SSLv3x: Invalid HandshakeType! Maybe finished message without predecessing change-cipher-message!"); - return; } - } - } - } - - int oldState = currentState; - bool alreadySwitchedState = false; - - // First: Special handling of finished messages. They must be - // sent immediately after a change cipher message - already encrypted. - // from client? - if ( rec->endp->IsOrig() && change_cipher_client_seen ) - { - if ( ! fin_client_seen ) - { - // This must be a (valid) client finished. - // We assume it to be one, because the predecessing - // message was a change cipher. - fin_client_seen = true; - change_cipher_client_seen = false; - alreadySwitchedState = true; - currentState = sslAutomaton.getNextState(currentState, - SSL3_1_TRANS_CLIENT_FIN); - } - else - { - // We already saw a client finished (should not be - // possible). - Weird("SSLv3x: Already received client finished message!"); - currentState = sslAutomaton.getNextState(currentState, - SSL3_1_TRANS_CLIENT_FIN); - fin_client_seen = true; - change_cipher_client_seen = false; - alreadySwitchedState = true; - } - } - - // from server - else if ( ! rec->endp->IsOrig() && change_cipher_server_seen ) - { - if ( ! fin_server_seen ) - { - // This must be a (valid) server finished. - // We assume it to be one, because the predecessing - // message was a change cipher. - fin_server_seen = true; - change_cipher_server_seen = false; - alreadySwitchedState = true; - currentState = sslAutomaton.getNextState(currentState, - SSL3_1_TRANS_SERVER_FIN); - } - else - { - // We already saw a server-finished (should not be - // possible). - Weird("SSLv3x: Already received server finished message!"); - currentState = sslAutomaton.getNextState(currentState, - SSL3_1_TRANS_SERVER_FIN); - alreadySwitchedState = true; - fin_server_seen = true; - change_cipher_server_seen = false; - } - } - - if ( ! alreadySwitchedState ) - { - // Check whether we are already finished with the - // handshaking process... - switch ( currentState ) { - case SSL3_1_STATE_HS_FIN_A: - case SSL3_1_STATE_HS_FIN_B: - Weird("SSLv3x: Received handshake message after finishing handshake!"); - break; - - default: - // It's a "normal" handshake message... - currentState = sslAutomaton.getNextState(currentState, - HandshakeType2Trans(rec->type)); - break; - } - } - - if ( currentState == SSL3_1_STATE_ERROR ) - { - // proxy->SetSkip(1); - } - - // Only if we changed the currentState, we need to call GenerateEvents - // because event generation in GenerateEvents() is based on - // currentState. - if ( oldState != currentState ) - GenerateEvents(rec, currentCipherSuites); - else - Unref(currentCipherSuites); - } - -void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_AlertRecord* rec) - { - ++SSLv3_Interpreter::totalRecords; - ++SSLv3_Interpreter::alertRecords; - - // First: consistency-checks. - // Only if handshake not already finished. - // Otherwise alerts may be encrypted, so we could do nothing... - if ( currentState == SSL3_1_STATE_SERVER_FIN_SENT_A || - currentState == SSL3_1_STATE_CLIENT_FIN_SENT_B || - currentState == SSL3_1_STATE_CLIENT_FIN_SENT_A || - currentState == SSL3_1_STATE_SERVER_FIN_SENT_B || - currentState == SSL3_1_STATE_HS_FIN_A || - currentState == SSL3_1_STATE_HS_FIN_B || - change_cipher_client_seen || change_cipher_server_seen ) - return; - - if ( rec->level != SSL3x_ALERT_LEVEL_WARNING && - rec->level != SSL3x_ALERT_LEVEL_FATAL ) - Weird("SSLv3x: Unknown ssl alert level"); - - SSL3_1_AlertDescription ad = SSL3_1_AlertDescription(rec->description); - switch ( ad ) { - case SSL3_1_CLOSE_NOTIFY: - case SSL3_1_UNEXPECTED_MESSAGE: - case SSL3_1_BAD_RECORD_MAC: - case SSL3_1_DECRYPTION_FAILED: - case SSL3_1_RECORD_OVERFLOW: - case SSL3_1_DECOMPRESSION_FAILURE: - case SSL3_1_HANDSHAKE_FAILURE: - break; - - case SSL3_0_NO_CERTIFICATE: - // This may happen ONLY in SSLv3.0 when the server sends - // a certificate request but the client has none. - if ( rec->sslVersion == SSLProxy_Analyzer::SSLv30 ) - currentState = SSL3_1_STATE_SERVER_HELLO_DONE_SENT_A; - else - Weird("SSLv3x: No certificate alert not defined for SSL 3.1!"); - break; - - case SSL3_1_BAD_CERTIFICATE: - case SSL3_1_UNSUPPORTED_CERTIFICATE: - case SSL3_1_CERTIFICATE_REVOKED: - case SSL3_1_CERTIFICATE_EXPIRED: - case SSL3_1_CERTIFICATE_UNKNOWN: - case SSL3_1_ILLEGAL_PARAMETER: - case SSL3_1_UNKNOWN_CA: - case SSL3_1_ACCESS_DENIED: - case SSL3_1_DECODE_ERROR: - case SSL3_1_DECRYPT_ERROR: - case SSL3_1_EXPORT_RESTRICTION: - case SSL3_1_PROTOCOL_VERSION: - case SSL3_1_INSUFFICIENT_SECURITY: - case SSL3_1_INTERNAL_ERROR: - case SSL3_1_USER_CANCELED: - case SSL3_1_NO_RENEGOTIATION: - break; - - default: - Weird(" SSLv3x: Unknown ssl alert description!" ); - break; - } - - if ( rec->level == 2 ) - // Fatal alert! - currentState = SSL3_1_STATE_INIT; - - if ( rec->level == 1 && ad == SSL3_1_CLOSE_NOTIFY ) - currentState = SSL3_1_STATE_INIT; - - fire_ssl_conn_alert(rec->sslVersion, rec->level, rec->description); - } - -void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_ChangeCipherRecord* rec) - { - ++SSLv3_Interpreter::totalRecords; - ++SSLv3_Interpreter::changeCipherRecords; - - if ( rec->type != 1 ) - Weird("SSLv3x: Unknown change cipher type!"); - if ( rec->recordLength != 1 ) - Weird("SSLv3x: Change cipher message too long!"); - - // After receiving a change cipher spec message, the next message sent - // MUST be a finished message. So we set the appropriate flag: - // change_cipher_client/server_seen. - if ( rec->endp->IsOrig()) - { - if ( change_cipher_client_seen ) - Weird("SSLv3x: Received multiple change cipher message from client!"); - change_cipher_client_seen = true; - fin_client_seen = false; - } - else - { - if ( change_cipher_server_seen ) - Weird("SSLv3x: Received multiple change cipher message from server!"); - change_cipher_server_seen = true; - fin_server_seen = false; - } - - if ( currentState == SSL3_1_STATE_ERROR ) - { - // proxy->SetSkip(1); - } - - // We don't need a GenerateEvents here, because we didn't change - // the currentState of the SSL automaton. (Event generation - // in GenerateEvents() is done based on currentState.) - // GenerateEvents(rec); - } - -void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_ApplicationRecord* rec) - { - ++SSLv3_Interpreter::totalRecords; - - if ( currentState == SSL3_1_STATE_HS_FIN_A || - currentState == SSL3_1_STATE_HS_FIN_B ) - // O.K., sending application data is valid - // this was the last record we analyzed... - proxy->SetSkip(1); - else - { - // Sending application data now is not valid, so the SSL - // connection is probably already established and we - // didn't get the handshake. - Weird("SSLv3_data_without_full_handshake"); - currentState = SSL3_1_STATE_ERROR; - GenerateEvents(rec, 0); - } - } - -TableVal* SSLv3_Interpreter::analyzeCiphers(const SSLv3_Endpoint* s, int length, - const u_char* data, uint16 version) - { - int is_orig = (SSL_InterpreterEndpoint*) s == orig; - - const u_char* pCipher = data; - SSL_CipherSpec* pCipherSuiteTemp = 0; - uint16 cipherSuite; - for ( int i = 0; i < length; i += 2 ) - { - cipherSuite = uint16(pCipher[0+i] << 8) | pCipher[1+i]; - HashKey h(static_cast(cipherSuite)); - - pCipherSuiteTemp = - (SSL_CipherSpec*) SSL_CipherSpecDict.Lookup(&h); - if ( ! pCipherSuiteTemp ) - { - if ( is_orig ) - proxy->Weird("SSLv3x: Unknown CIPHER-SPEC in CLIENT-HELLO"); - else - proxy->Weird("SSLv3x: Unknown CIPHER-SPEC in SERVER-HELLO"); - } - } - - // Store server's cipher specs. - if ( ! is_orig ) - { - pCipherSuite = pCipherSuiteTemp; - if ( ! pCipherSuite ) - { - // Special case: we store the identifier directly - // for unknown cipher-specs. - cipherSuiteIdentifier = - uint16(pCipher[0] << 8) | pCipher[1]; - } - } - - if ( ssl_compare_cipherspecs && length <= ssl_max_cipherspec_size ) - { - // Store cipher specs for analysis: was the choosen - // server cipher suite announced by the client? - if ( is_orig ) - { - pClientCipherSpecs = - new SSL_DataBlock(data, length); - } - } - - if ( (! is_orig && ssl_conn_server_reply) || - (is_orig && ssl_conn_attempt) ) - { - TableVal* pCipherTable = new TableVal(cipher_suites_list); - for ( int i = 0; i < length; i += 2 ) - { - uint32 cipherSpec = (pCipher[0] << 8) | pCipher[1]; - Val* index = new Val(cipherSpec, TYPE_COUNT); - pCipherTable->Assign(index, 0); - Unref(index); - pCipher += 2; - } - - return pCipherTable; - } - - else - return 0; - } - -void SSLv3_Interpreter::GenerateEvents(SSLv3_Record* rec, TableVal* curCipherSuites) - { - if ( curCipherSuites && - currentState != SSL3_1_STATE_CLIENT_HELLO_SENT && - currentState != SSL3_1_STATE_SERVER_HELLO_SENT ) - // Unref here, since the events won't do so in this case. - Unref(curCipherSuites); - - switch ( currentState ) { - case SSL3_1_STATE_CLIENT_HELLO_SENT: - fire_ssl_conn_attempt(rec->sslVersion, curCipherSuites); - break; - - case SSL3_1_STATE_SERVER_HELLO_SENT: - fire_ssl_conn_server_reply(rec->sslVersion, curCipherSuites); - break; - - case SSL3_1_STATE_HS_FIN_A: - case SSL3_1_STATE_HS_FIN_B: - ++SSLv3_Interpreter::openedConnections; - fire_ssl_conn_established(rec->sslVersion, - pCipherSuite ? - pCipherSuite->identifier : 0); - - // We finished handshake. Skip all further data. - proxy->SetSkip(1); - helloRequestValid = true; - break; - - case SSL3_1_STATE_SERVER_FIN_SENT_B: - // First, check for session-ID match. - if ( clientSessionID && serverSessionID && - memcmp(clientSessionID->data, serverSessionID->data, - clientSessionID->len) != 0 ) - Weird("SSLv3x: Reusing session but session ID mismatch!"); - fire_ssl_conn_reused(serverSessionID); - break; - - case SSL3_1_STATE_ERROR: - Weird("unexpected_SSLv3_record"); - proxy->SetSkip(1); - } - } - -void SSLv3_Interpreter::SetState(int i) - { - if ( i >= 0 && i < SSL3_1_NUM_STATES ) - currentState = i; - } - -// ---SSLv3_Endpoint-------------------------------------------------------------- - -SSLv3_Endpoint::SSLv3_Endpoint(SSL_Interpreter* interpreter, int is_orig) -: SSL_InterpreterEndpoint(interpreter, is_orig) - { - sslVersion = 0; - } - -SSLv3_Endpoint::~SSLv3_Endpoint() - { - } - -void SSLv3_Endpoint::Deliver(int len, const u_char* data) - { - if ( SSL3_1_LENGTHOFFSET + sizeof(uint16) <= unsigned(len) ) - { - currentMessage_length = - uint16(data[SSL3_1_LENGTHOFFSET] << 8) | - data[SSL3_1_LENGTHOFFSET+1]; - - // ### where does this magic number come from? - if ( currentMessage_length > 18432 ) - interpreter->Weird("SSLv3x: Message length too long!"); - } - else - { - interpreter->Weird("SSLv3x: Could not determine message length!"); - return; - } - - if ( currentMessage_length + 2 + SSL3_1_LENGTHOFFSET != len ) - { - // This should never happen; otherwise there is a bug in the - // SSL_RecordBuilder. - interpreter->Weird("SSLv3x: FATAL: recordLength doesn't match data block length!"); - interpreter->Proxy()->SetSkip(1); - return; - } - - ProcessMessage(data, len); - } - -void SSLv3_Endpoint::ProcessMessage(const u_char* data, int len) - { - SSL3_1_ContentType ct = ExtractContentType(data, len); - if ( ! ExtractVersion(data, len) ) - return; - - switch ( ct ) { - case SSL3_1_TYPE_CHANGE_CIPHER_SPEC: - { - SSLv3_ChangeCipherRecord* rec = new - SSLv3_ChangeCipherRecord(data + SSL3_1_HEADERLENGTH, - len - SSL3_1_HEADERLENGTH, sslVersion, this); - - // Multiple handshake messages may be coalesced into - // a single record. - rec->Deliver((SSLv3_Interpreter*) interpreter); - Unref(rec); - break; - } - - case SSL3_1_TYPE_ALERT: - { - SSLv3_AlertRecord* rec = new - SSLv3_AlertRecord(data + SSL3_1_HEADERLENGTH, - len - SSL3_1_HEADERLENGTH, sslVersion, this); - rec->Deliver((SSLv3_Interpreter*) interpreter); - Unref(rec); - break; - } - - case SSL3_1_TYPE_HANDSHAKE: - { - SSLv3_HandshakeRecord* rec = - new SSLv3_HandshakeRecord(data + SSL3_1_HEADERLENGTH, - len - SSL3_1_HEADERLENGTH, sslVersion, this); - rec->Deliver((SSLv3_Interpreter*) interpreter); - Unref(rec); - break; - } - - case SSL3_1_TYPE_APPLICATION_DATA: - { - SSLv3_ApplicationRecord* rec = - new SSLv3_ApplicationRecord(data + SSL3_1_HEADERLENGTH, - len - SSL3_1_HEADERLENGTH, sslVersion, this); - rec->Deliver((SSLv3_Interpreter*) interpreter); - Unref(rec); - break; - } - - default: - { - interpreter->Weird("SSLv3x: Could not determine content type!"); - break; - } - } - } - -SSL3_1_ContentType SSLv3_Endpoint::ExtractContentType(const u_char* data, - int len) - { - return SSL3_1_ContentType(uint8(*(data + SSL3_1_CONTENTTYPEOFFSET))); - } - -int SSLv3_Endpoint::ExtractVersion(const u_char* data, int len) - { - sslVersion = uint16(data[SSL3_1_VERSIONTYPEOFFSET] << 8) | - data[SSL3_1_VERSIONTYPEOFFSET + 1]; - - if ( sslVersion != SSLProxy_Analyzer::SSLv30 && - sslVersion != SSLProxy_Analyzer::SSLv31 ) - { - interpreter->Weird("SSLv3x: Unsupported SSL-Version (not SSLv3x)!"); - return 0; - } - else - return 1; - } - -// ---SSLv3_Record---------------------------------------------------------------- - -SSLv3_Record::SSLv3_Record(const u_char* data, int len, - uint16 version, SSLv3_Endpoint const* e) - { - recordLength = len; - sslVersion = version; - endp = e; - this->data = data; - } - -SSLv3_Record::~SSLv3_Record() - { - // The memory for data is deleted after processing the ssl record - // in the common ssl reassembler. - } - -void SSLv3_Record::Describe(ODesc* d) const - { - d->Add("sslrecord"); - } - -SSLv3_Endpoint const* SSLv3_Record::GetEndpoint() const - { - return endp; - } - -const u_char* SSLv3_Record::GetData() const - { - return data; - } - -int SSLv3_Record::ExtractInt24(const u_char* data, int len, int offset) - { - if ( offset + int(sizeof(unsigned long)) - 1 > len) - return 0; - - uint32 val; - - val = 0; - val = uint32(*(data + offset + 2)); - val |= uint32(*(data + offset + 1)) << 8; - val |= uint32(*(data + offset)) << 16; - - return val; - } - -int SSLv3_Record::GetRecordLength() const - { - return recordLength; - } - -SSLv3_HandshakeRecord::SSLv3_HandshakeRecord(const u_char* data, int len, - uint16 version, SSLv3_Endpoint const* e) -: SSLv3_Record(data, len, version, e) - { - // Don't analyze encrypted client handshake messages. - if ( e->IsOrig() && - ((SSLv3_Interpreter*) e->Interpreter())->change_cipher_client_seen && - ! ((SSLv3_Interpreter*) e->Interpreter())->fin_client_seen ) - { - type = 255; - length = 0; - next = 0; - return; - } - - // Don't analyze encrypted server handshake messages. - if ( ! e->IsOrig() && - ((SSLv3_Interpreter*) e->Interpreter())->change_cipher_server_seen && - ! ((SSLv3_Interpreter*) e->Interpreter())->fin_server_seen ) - { - type = 255; - length = 0; - next = 0; - return; - } - - type = uint8(*(this->data)); - length = ExtractInt24(data, len, 1); - - if ( length == 0 ) // this is a special case to deal with 0 length certs - next = 0; - else if ( length + 4 < len ) - next = new SSLv3_HandshakeRecord(data + length + 4, - len - (length + 4), version, e); - else if ( length + 4 > len ) - { - e->Interpreter()->Weird("SSLv3x: Handshake-header-length inconsistent (too big)"); - next = 0; - } - else - next = 0; - } - -SSLv3_HandshakeRecord::~SSLv3_HandshakeRecord() - { - if ( next ) - { - delete next; - } - } - -void SSLv3_HandshakeRecord::Deliver(SSLv3_Interpreter* conn) - { - SSLv3_HandshakeRecord* it = this; - while ( it != 0) - { - conn->DeliverSSLv3_Record(it); - it = it->GetNext(); - } - } - -int SSLv3_HandshakeRecord::GetType() const - { - return type; - } - -int SSLv3_HandshakeRecord::GetLength() const - { - return length; - } - -SSLv3_HandshakeRecord* SSLv3_HandshakeRecord::GetNext() - { - return next; - } - -int SSLv3_HandshakeRecord::checkClientHello() - { - if ( recordLength < 42 ) - { - endp->Interpreter()->Weird("SSLv3x: Client hello too small!"); - return 0; - } - - uint16 version = uint16(data[4] << 8 ) | data[5]; - if ( version != SSLProxy_Analyzer::SSLv30 && - version != SSLProxy_Analyzer::SSLv31 ) - endp->Interpreter()->Weird("SSLv3x: Corrupt version information in Client hello!"); - - uint16 offset = 38; - uint8 sessionIDLength = uint8(data[offset]); - offset += (1 + sessionIDLength); - if ( sessionIDLength > 32 ) - { - endp->Interpreter()->Weird("SSLv3x: SessionID too long in Client hello!"); - return 0; - } - - uint16 cipherSuiteLength = - uint16(data[offset] << 8) | data[offset+1]; - offset += (2 + cipherSuiteLength); - if ( cipherSuiteLength < 2 ) - endp->Interpreter()->Weird("SSLv3x: CipherSuite length too small!"); - - if ( offset > recordLength ) - { - endp->Interpreter()->Weird("SSLv3x: Client hello too small, corrupt length fields!"); - return 0; - } - - uint8 compressionMethodLength = uint8(data[offset]); - offset += (1 + compressionMethodLength); - if ( compressionMethodLength < 1 ) - endp->Interpreter()->Weird("SSLv3x: CompressionMethod length too small!"); - - if ( offset < length ) - { - uint16 sslExtensionsLength = - uint16(data[offset] << 8) | data[offset+1]; - offset += 2; - if ( sslExtensionsLength < 4 ) - endp->Interpreter()->Weird("SSLv3x: Extensions length too small!"); - - // TODO: extract SSL extensions here - - offset += sslExtensionsLength; - if ( offset != length+4 ) - { - endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Client hello!"); - return 0; - } - } - - return 1; - } - -int SSLv3_HandshakeRecord::checkServerHello() - { - if ( recordLength < 42 ) - { - endp->Interpreter()->Weird("SSLv3x: Server hello too small!"); - return 0; - } - - uint16 version = uint16(data[4] << 8) | data[5]; - if ( version != SSLProxy_Analyzer::SSLv30 && - version != SSLProxy_Analyzer::SSLv31 ) - endp->Interpreter()->Weird("SSLv3x: Corrupt version information in Server hello!"); - - uint16 offset = 38; - uint8 sessionIDLength = uint8(data[offset]); - if ( sessionIDLength > 32 ) - { - endp->Interpreter()->Weird("SSLv3x: SessionID too long in Server hello!"); - return 0; - } - offset += (1 + sessionIDLength); - - offset += 3; // account for cipher and compression method - if ( offset < length ) - { - uint16 sslExtensionsLength = - uint16(data[offset] << 8) | data[offset+1]; - offset += 2; - if ( sslExtensionsLength < 4 ) - endp->Interpreter()->Weird("SSLv3x: Extensions length too small!"); - - // TODO: extract SSL extensions here - offset += sslExtensionsLength; - - if ( offset != length+4 ) - { - endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Server hello!"); - return 0; - } - - return 0; - } - - return 1; - } - -SSLv3_AlertRecord::SSLv3_AlertRecord(const u_char* data, int len, - uint16 version, SSLv3_Endpoint const* e) -: SSLv3_Record(data, len, version, e) - { - if ( len < 2 ) - { - e->Interpreter()->Weird("SSLv3x: Alert header length too small!"); - level = 255; - description = 255; - } - - // No further consistency-check, because alerts may be - // already encrypted. - level = uint8(*((this->data) + SSL3_1_ALERT_LEVEL_OFFSET)); - description = uint8(*((this->data) + SSL3_1_ALERT_DESCRIPTION_OFFSET)); - } - -SSLv3_AlertRecord::~SSLv3_AlertRecord() - { - } - -int SSLv3_AlertRecord::GetDescription() const - { - return description; - } - -int SSLv3_AlertRecord::GetLevel() const - { - return level; - } - -void SSLv3_AlertRecord::Deliver(SSLv3_Interpreter* conn) - { - conn->DeliverSSLv3_Record(this); - } - -SSLv3_ChangeCipherRecord::SSLv3_ChangeCipherRecord(const u_char* data, int len, - uint16 version, SSLv3_Endpoint const* e) -: SSLv3_Record(data, len, version, e) - { - if ( len < 1 ) - { - e->Interpreter()->Weird("SSLv3x: Change cipher header length too small!"); - type = 255; - } - else - type = uint8(*((this->data) + SSL3_1_CHANGE_CIPHER_TYPE_OFFSET)); - } - -SSLv3_ChangeCipherRecord::~SSLv3_ChangeCipherRecord() - { - } - -int SSLv3_ChangeCipherRecord::GetType() const - { - return type; - } - -void SSLv3_ChangeCipherRecord::Deliver(SSLv3_Interpreter* conn) - { - conn->DeliverSSLv3_Record(this); - } - -SSLv3_ApplicationRecord::SSLv3_ApplicationRecord(const u_char* data, int len, uint16 version, SSLv3_Endpoint const* e) -: SSLv3_Record(data, len, version, e) - { - } - -SSLv3_ApplicationRecord::~SSLv3_ApplicationRecord() - { - } - -void SSLv3_ApplicationRecord::Deliver(SSLv3_Interpreter* conn) - { - conn->DeliverSSLv3_Record(this); - } diff --git a/src/SSLv3.h b/src/SSLv3.h deleted file mode 100644 index c3c3f4634e..0000000000 --- a/src/SSLv3.h +++ /dev/null @@ -1,590 +0,0 @@ -// $Id: SSLv3.h 3526 2006-09-12 07:32:21Z vern $ - -#ifndef sslv3_h -#define sslv3_h - -#include "SSLInterpreter.h" -#include "SSLProxy.h" -#include "SSLv3Automaton.h" -#include "SSLDefines.h" - -// Offsets in SSL record layer header. -const int SSL3_1_CONTENTTYPEOFFSET = 0; -const int SSL3_1_VERSIONTYPEOFFSET = 1; -const int SSL3_1_LENGTHOFFSET = 3; -const int SSL3_1_HEADERLENGTH = 5; - -// --- forward declarations --------------------------------------------------- - -class SSL_Interpreter; -class SSL_InterpreterEndpoint; -class SSLProxy_Analyzer; -class SSLv3_Endpoint; -class SSLv3_Record; -class SSLv3_HandshakeRecord; -class SSLv3_AlertRecord; -class SSLv3_ApplicationRecord; -class SSLv3_ChangeCipherRecord; -class CertStore; -struct SSL_CipherSpec; - -// --- enums for SSLv3.0/3.1 message handling --------------------------------- - -enum SSL3_1_ContentType { - SSL3_1_TYPE_CHANGE_CIPHER_SPEC = 20, - SSL3_1_TYPE_ALERT = 21, - SSL3_1_TYPE_HANDSHAKE = 22, - SSL3_1_TYPE_APPLICATION_DATA = 23 -}; - -enum SSL3_1_HandshakeType { - SSL3_1_HELLO_REQUEST = 0, - SSL3_1_CLIENT_HELLO = 1, - SSL3_1_SERVER_HELLO = 2, - SSL3_1_CERTIFICATE = 11, - SSL3_1_SERVER_KEY_EXCHANGE = 12, - SSL3_1_CERTIFICATE_REQUEST = 13, - SSL3_1_SERVER_HELLO_DONE = 14, - SSL3_1_CERTIFICATE_VERIFY = 15, - SSL3_1_CLIENT_KEY_EXCHANGE = 16, - SSL3_1_FINISHED = 20 -}; - -enum SSL3_1_AlertDescription { - SSL3_1_CLOSE_NOTIFY = 0, - SSL3_1_UNEXPECTED_MESSAGE = 10, - SSL3_1_BAD_RECORD_MAC = 20, - SSL3_1_DECRYPTION_FAILED = 21, - SSL3_1_RECORD_OVERFLOW = 22, - SSL3_1_DECOMPRESSION_FAILURE = 30, - SSL3_1_HANDSHAKE_FAILURE = 40, - SSL3_0_NO_CERTIFICATE = 41, - SSL3_1_BAD_CERTIFICATE = 42, - SSL3_1_UNSUPPORTED_CERTIFICATE = 43, - SSL3_1_CERTIFICATE_REVOKED = 44, - SSL3_1_CERTIFICATE_EXPIRED = 45, - SSL3_1_CERTIFICATE_UNKNOWN = 46, - SSL3_1_ILLEGAL_PARAMETER = 47, - SSL3_1_UNKNOWN_CA = 48, - SSL3_1_ACCESS_DENIED = 49, - SSL3_1_DECODE_ERROR = 50, - SSL3_1_DECRYPT_ERROR = 51, - SSL3_1_EXPORT_RESTRICTION = 60, - SSL3_1_PROTOCOL_VERSION = 70, - SSL3_1_INSUFFICIENT_SECURITY = 71, - SSL3_1_INTERNAL_ERROR = 80, - SSL3_1_USER_CANCELED = 90, - SSL3_1_NO_RENEGOTIATION = 100 -}; - -enum SSL3x_AlertLevel { - SSL3x_ALERT_LEVEL_WARNING = 1, - SSL3x_ALERT_LEVEL_FATAL = 2 -}; - -// --- structs ---------------------------------------------------------------- - -struct SSLv3x_Random { - uint32 gmt_unix_time; - SSL_DataBlock* random_bytes; // 28-bytes -}; - -struct SSLv3x_ServerRSAParams { - SSL_DataBlock* rsa_modulus; // <1..2^16-1> - SSL_DataBlock* rsa_exponent; // <1..2^16-1> -}; - -struct SSLv3x_ServerDHParams{ - SSL_DataBlock* dh_p; // <1..2^16-1> - SSL_DataBlock* dh_g; // <1..2^16-1> - SSL_DataBlock* dh_Ys; // <1..2^16-1> -}; - -struct SSLv3x_EncryptedPremasterSecret{ - SSL_DataBlock* encryptedSecret; -}; - -struct SSLv3x_ClientDHPublic{ - SSL_DataBlock* dh_Yc; // <1..2^16-1> -}; - -// ---------------------------------------------------------------------------- - -/** - * Class SSLv3_Interpreter is the implementation for a SSLv3.0/SSLv3.1 connection - * interpreter (derived from the abstract class SSL_Interpreter). - * - * The corresponding SSLProxy_Analyzer creates an instance of this class and - * properly initialises the corresponding SSLv3_Endpoints by calling the - * SSL_Interpreter's Init() method which then invokes the BuildInterpreterEndpoints() method - * (of the SSLv3_Interpreter) which causes the SSLv3_Endpoints to be created properly. - * - * The SSLv3_Interpreter receives the four various SSLv3_Records: - * - SSLv3_HandshakeRecord - * - SSLv3_AlertRecord - * - SSLv3_ChangeCipherRecord - * - SSLv3_ApplicationRecord - * via the DeliverSSLv3_Record() methods from the two corresponding SSLv3_Endpoints - * (which get fed by the SSLProxy_Analyzer). - * - * There is one global static SSLv3_Automaton which describes the possible transitions - * in the SSLv3.0/SSLv3.1 state machine for the handshaking phase. This automaton - * is initialised once, when Bro sees the first SSL connection. By the attribute - * currentState every instance of SSLv3_Interpreter holds the automaton state it - * is currently in and so is able - * to track the correctness of the SSL handshaking process. It weird-checks and verifies - * all arriving SSL records up to the point where handshaking is finished or an - * error occures caused by weird SSL records or not allowed transitions in the - * state machine. Information that was negotiated between the client and server - * during the handshaking phase is/may also be stored. That is: - * - used SSL version - * - negotiated cipher suite - * - session ID - * - client/server random - * - key exchange algorithms - * - cryptographic parameters - * - encrypted pre-master secret - * - * The certificates are verified using the analyzeCertificate() method of the - * SSL_Interpreter class. - * Events for Bro scripting are thrown for client connection attempt, server reply, - * ssl connection establishment/reuse of former connection, proposed cipher suites and - * seen certificates. - * - * @see SSLv3_Endpoint - */ -class SSLv3_Interpreter : public SSL_Interpreter { -public: - /** The constructor takes the SSLProxy_Analyzer as argument, - * that created this SSLv3_Interpreter. - * - * @param proxy the creating SSL_ConectionProxy - */ - SSLv3_Interpreter(SSLProxy_Analyzer* proxy); - ~SSLv3_Interpreter(); - - /** Delivers an SSLv3_HandshakeRecord to the SSLv3_Interpreter. - * The record gets verified and it is checked whether it is allowed - * in the current phase of the handshaking process. - * - * @param rec the SSLv3_HandshakeRecord - */ - void DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec); - - /** Delivers an SSLv3_AlertRecord to the SSLv3_Interpreter. - * The record gets verified and weird checked. - * - * @param rec the SSLv3_AlertRecord - */ - void DeliverSSLv3_Record(SSLv3_AlertRecord* rec); - - /** Delivers an SSLv3_ChangeCipherRecord to the SSLv3_Interpreter. - * The record gets verified and weird checked. If a change cipher - * record is received the next record from this endpoint needs - * to be a finished message. - * - * @param rec the SSLv3_ChangeCipherRecord - */ - void DeliverSSLv3_Record(SSLv3_ChangeCipherRecord* rec); - - /** Delivers a SSLv3_ApplicationRecord to the SSLv3_Interpreter. - * It is checked, whether handshaking phase is already finished - * and sending application data is valid (the normal case is, - * that after finishing the handshaking phase, all further data - * is skipped). - * - * @param rec the SSLv3_AlertRecord - */ - void DeliverSSLv3_Record(SSLv3_ApplicationRecord* rec); - - /** This method sets the currentState variable of this SSLv3_Interpreter - * and so sets the SSLv3.0/SSLv3.1 state machine to the state passed - * as parameter.It is invoked in the SSLProxy_Analyzer to enable - * this SSLv3_Interpreter to start work without having seen the first - * handshake record. This happens, when the client hello is sent in - * SSLv2 format and processed by the SSLv2_Interpreter but the further - * SSL connection taking place as a SSLv3.0/SSLv3.1 session. - * - * @param i the new state of the sslAutomaton - */ - void SetState(int i); - - static void printStats(); - - // Total SSLv3x connections. - static uint totalConnections; - - // Total SSLv3x connections with complete handshake. - static uint openedConnections; - - static uint totalRecords; ///< counter for total SSLv3x records seen - static uint handshakeRecords; ///< counter for SSLv3x handshake records seen - static uint clientHelloRecords; ///< counter for SSLv3x client hellos seen - static uint serverHelloRecords; ///< counter for SSLv3x server hellos seen - static uint alertRecords; ///< counter for SSLv3x alert records seen - static uint changeCipherRecords; ///< counter for SSLv3x change cipher records seen - - /**Flags for handling the change-cipher-messages and fin-handshake- - * messages - */ - bool change_cipher_client_seen; ///< whether a client change cipher record was seen - bool change_cipher_server_seen; ///< whether a server change cipher record was seen - bool fin_client_seen; ///< whether a client finished handshake message was seen (must immediately follow the client change cipher) - bool fin_server_seen; ///< whether a server finished handshake message was seen (must immediately follow the server change cipher) - -protected: - static SSLv3_Automaton sslAutomaton; ///< represents the SSLv3.0/SSLv3.1 automaton - static bool bInited; ///< whether the automaton is already initialised (has to be only done once) - int currentState; ///< the current state of the SSL automaton in this SSLv3_Interpreter instance - - // uint16 cipherSuite; ///< the cipher spec client and server agreed upon - SSL_DataBlock* pClientCipherSpecs; ///< the CIPHER-SPECs from the client - SSL_CipherSpec* pCipherSuite; ///< pointer to the cipher spec definition client and server agreed upon - uint32 cipherSuiteIdentifier; ///< only used for unknown cipher-specs - SSL_DataBlock* clientSessionID; ///< the session ID of the client hello record - SSL_DataBlock* serverSessionID; ///< the session ID for this SSL session - - /**Attributes for cryptographic computations*/ - SSLv3x_Random* clientRandom; - SSLv3x_Random* serverRandom; - //SSL_KeyExchangeAlgorithm keyXAlgorithm; - SSLv3x_ServerRSAParams* serverRSApars; - SSLv3x_ServerDHParams* serverDHPars; - SSLv3x_EncryptedPremasterSecret* encryptedPreSecret; - SSLv3x_ClientDHPublic* clientDHpublic; - - bool helloRequestValid; ///< Whether sending a hello request is valid (normally after handshaking phase) - - /** This method builds the corresponding SSLv3_Endpoints for this SSLv3_Interpreter. - * It is called in the SSL_Interpreter's Init() method. - */ - void BuildInterpreterEndpoints(); - - /** This method initialises the SSL state automaton; sets the states and transitions. - * It needs only to be called once for a whole bro. @see SSLDefines.h - */ - void BuildAutomaton(); - - /** This helper method translates the handshake types included in the SSL handshake - * records to the corresponding transition of the SSL automaton. It is invoked within - * the DeliverSSLv3_Record(SSLv3_HandshakeRecord*) method. - * - * @param type the handshake type of the handshake record - */ - int HandshakeType2Trans(int type); - - /** This method is used for event generation during the handshaking phase and - * generates the connection-attempt, server-reply, connection-established, connection-reused - * events dependant on the currentState of the SSL Automaton. - * It calls the appropriate fire_* methods of the SSL_Interpreter for this. - * The method is called within the the DeliverSSLv3_Record() methods. - * - * @param rec the SSLv3_Record which is currently processed - */ - void GenerateEvents(SSLv3_Record* rec, TableVal* curCipherSuites); - - /** This method analyzes the cipher suites the client and server offer - * each other during handshaking phase. It checks, whether it's a 'common' - * cipher suite and sets the pCipherSuite attribute according to the - * cipher suite client and server agreed on. - * - * @param s the SSLv3_Endpoint which sent the SSL record with the cipher suite(s) to be analyzed - * @param length length of data - * @param data pointer to where the cipher suites can be found - * @param version SSL version of the SSL record that contained the cipher suite(s) - * @return a pointer to a Bro TableVal (of type cipher_suites_list) which contains - * the cipher suites list of the current analyzed record - */ - TableVal* analyzeCiphers(const SSLv3_Endpoint* s, int length, const u_char* data, uint16 version); - -}; - -// ---------------------------------------------------------------------------- - -/** Class SSLv3_Endpoint is the implementation for SSLv3.0/SSLv3.1 connection - * endpoints (derived from the abstract class SSL_InterpreterEndpoint). - * - * A SSLv3_Endpoint gets completely reassembled ssl records via the method - * Deliver(), which is invoked in this Endpoint's corresponding SSLProxy_Analyzer. - * The defragmentation and reassembling already took place in the - * SSLProxy_Analyzer's SSL_RecordBuilder. - * The Deliver()-method does some basic weird checks and then calls - * ProcessMessage() which determines the content type of the ssl record - * and, dependant on that, creates an instance of the appropriate SSLv3_Record. - * This is passed on to this endpoint's corresponding SSLv3_Interpreter via - * the DeliverSSLv3_Record()-method. - */ -class SSLv3_Endpoint : public SSL_InterpreterEndpoint { -public: - /** The constructor takes the corresponding SSL_Interpreter as argument. - * is_orig sets this endpoint as originator of the connection (1), and - * responder otherwise (0). - * - * @param interpreter the SSL_Interpreter this endpoint is bound to. - * @param is_orig whether this endpoint is the originator (1) of the - * connection or not (0). - */ - SSLv3_Endpoint(SSL_Interpreter* interpreter, int is_orig); - virtual ~SSLv3_Endpoint(); - - /** This method is invoked by this endpoint's corresponding - * SSLProxy_Analyzer and receives completely reassembled SSL - * records (by the data argument). - * - * @param t time is always 0 (former: when the segment was received - * by bro (?)) - * @param len length of SSL record - * @param data content of SSL record - */ - void Deliver(int len, const u_char* data); - -protected: - uint16 sslVersion; ///< holds the version of the just delivered SSL record - uint16 currentMessage_length; ///< the length of the just delivered SSL record - - /** This method extracts the content type of the SSL record passed - * in the first parameter. - * - * @param data the SSL record - * @param len length of the record - * @return SSL3_1_ContentType of SSL record - */ - SSL3_1_ContentType ExtractContentType(const u_char* data, int len); - - /** This method determines the version of the SSL record passed to it. - * It sets the field sslVersion of this endpoint an is called within - * the method ProcessMessage(). - * - * @param data the SSL record - * @param len length of the record - * @return 0 if version is NOT 3.0/3.1, 1 otherwise - */ - int ExtractVersion(const u_char* data, int len); - - /** This method processes a complete SSL record. It - * determines the content type of the SSL record - * (handshake, alert, change-cipher-spec, application), - * cuts away the SSL record layer header and generates - * the appropriate SSLv3_Record. Then it calls the SSLv3_Record's - * Deliver() method, which manages the delivery of the record - * to the corresponding SSLv3_Interpreter - * - * @param data the complete SSL record - * @param len data's (record's) length - */ - void ProcessMessage(const u_char* data, int len); -}; - -// ---------------------------------------------------------------------------- - -// Offsets are now relative to the end of the SSL record layer header -#define SSL3_1_CHANGE_CIPHER_TYPE_OFFSET (SSL3_1_HEADERLENGTH - 5) -#define SSL3_1_ALERT_LEVEL_OFFSET (SSL3_1_HEADERLENGTH - 5) -#define SSL3_1_ALERT_DESCRIPTION_OFFSET (SSL3_1_HEADERLENGTH - 4) -#define SSL3_1_SESSION_ID_LENGTH_OFFSET 38 -#define SSL3_1_SESSION_ID_OFFSET 39 - -/** This class is an abstract base class for the four different - * SSLv3.0/SSLv3.1 record types (handshake, alert, change-cipher-spec, - * application). - * - * It contains a pointer to the data of the SSL record without - * the SSL record layer header, it's length and the version information, which - * was present in the now cut away SSL record layer header. - * - * (Note: the version field of the SSL record layer header may differ from - * the version of the record format that was used when sending the record. - * (e.g. a client may send a SSLv2 record including - * a version field containing 3.1 (for SSLv3.1) to show, that he supports - * version 3.1.)) - * - * Every subclass of SSLv3_Record implements the Deliver() method, which - * manages the delivery of the record to the corresponding SSLv3_Interpreter. - * Instances of SSLv3_Record (resp. it's subclasses) are created within - * the ProcessMessage() method of a SSLv3_Endpoint. - * */ -class SSLv3_Record : public BroObj{ -public: - /** The constructor gets a pointer to the SSL record without the - * record layer header, it's length, the version information - * contained in the record layer header and a pointer to the - * SSLv3_Endpoint that created this instance of SSLv3_Record. - * - * @param data pointer to the SSL record without record layer header - * @param data's length - * @param version version information contained in the SSL record layer header - * @param e the SSLv3_Endpoint that created this instance - */ - SSLv3_Record(const u_char* data, int len, uint16 version, - SSLv3_Endpoint const* e); - ~SSLv3_Record(); - - void Describe(ODesc* d) const; - - int GetRecordLength() const; - const u_char* GetData() const; - uint16 GetVersion() const; - SSLv3_Endpoint const* GetEndpoint() const; - - /** This abstract method is implemented by the various SSLv3_Record - * subclasses for handshake, alert, change cipher spec and application - * records. It manages the delivery of the SSLv3_Record to the - * SSLv3_Interpreter passed as argument. - * SSLv3_Records are created within the ProcessMessage() method of the - * SSLv3_Endpoint which then calls the just created SSLv3_Records - * Deliver() method with it's corresponding SSLv3_Interpreter as - * argument which then receives the (evtl. preprocessed) SSLv3_Record - * (via the method(s) DeliverSSLv3_Record()). - * - * @param conn the SSLv3_Interpreter to which this SSLv3_Record should be deliverd - */ - virtual void Deliver(SSLv3_Interpreter* conn) =0; - - /** Helper function that converts from 24-bit big endian integer - * starting at offset to 32 bit integer in little endian format. - * - * @param data the ssl-record - * @param len length of data (record) - * @param offset where the 24 bit big endian starts - * @return 32 bit little endian - */ - int ExtractInt24(const u_char* data, int len, int offset); - - int recordLength; ///< total length of the SSL record without the record layer header - const u_char* data; ///< pointer to the SSL record without the record layer header - SSLv3_Endpoint const* endp; ///< pointer to the SSLv3_Endpoint that created this instance of SSLv3_Record - uint16 sslVersion; ///< version information of the SSL record layer header -}; - -// ---------------------------------------------------------------------------- - -/* This class represents a handshake record used in SSLv3.0/SSLv3.1. - * - * Handshake records in SSLv3.0/SSLv3.1 need a special treatment, - * because it is possible that multiple handshake messages are coalesced into - * a single SSLv3.0/SSLv3.1 record. - * I think, this only can happen to - * handshake records (even RFC2246 page 16 generally talks about all - * messages of a same content type), because only handshake records - * have got an own length descriptor within and thus make de-coalescing - * possible. - * So when generating a new instance of a SSLv3_HandshakeRecord, it is checked whether there - * are more handshake records within data. - * If so, they are put apart and linked together to a chain by using - * the next-pointer. - * The Deliver() method takes this into account and delivers every single - * handshake record one by one to the SSLv3_Interpreter. - */ -class SSLv3_HandshakeRecord : public SSLv3_Record{ -public: - SSLv3_HandshakeRecord(const u_char* data, int len, uint16 version, - SSLv3_Endpoint const* e); - ~SSLv3_HandshakeRecord(); - - int GetType() const; - int GetLength() const; - - /** This method delivers the SSLv3_HandshakeRecord(s) to the - * SSLv3_Interpreter passed as argument. The method follows - * the next-pointer and delivers every SSLv3_HandshakeRecord - * contained in this list to the SSLv3_Interpreter. - * - * @param conn the SSLv3_Interpreter to which this SSLv3_HandshakeRecord should be deliverd - */ - void Deliver(SSLv3_Interpreter* conn); - - /* This method is invoked within the SSLv3_Interpreter and does lots of - * weird and consistency checks on a client hello SSL handshake record. - * - * @return 0 if further processing of this client hello is not - * possible due to inconsistency and 1 otherwise. - */ - int checkClientHello(); - - /* This method is invoked within the SSLv3_Interpreter and does lots of - * weird and consistency checks on a server hello SSL handshake record. - * - * @return 0 if further processing of this server hello is not - * possible due to inconsistency and 1 otherwise. - */ - int checkServerHello(); - - int type; ///< holds the handshake type of the handshake record (first byte) - int length; ///< holds the length of this handshake record (which is needed due to coalesced handshake messages) - -private: - SSLv3_HandshakeRecord* next; ///< pointer to the next ssl handshake record if they are coalesced into a single record - - SSLv3_HandshakeRecord* GetNext(); -}; - -// ---------------------------------------------------------------------------- - -/** This class represents an alert record used in SSLv3.0/SSLv3.1. - * - * description holds the SSL alert description and level the alert level. - */ -class SSLv3_AlertRecord : public SSLv3_Record { -public: - SSLv3_AlertRecord(const u_char* data, int len, uint16 version, - SSLv3_Endpoint const* e); - ~SSLv3_AlertRecord(); - - int GetDescription() const; - int GetLevel() const; - - /** This method delivers the SSLv3_AlertRecord to the SSLv3_Interpreter passed as - * argument. - * - * @param conn the SSLv3_Interpreter to which this SSLv3_AlertRecord should be deliverd - */ - void Deliver(SSLv3_Interpreter* conn); - - int description; ///< holds the alert description - int level; ///< holds the alert level -}; - -// ---------------------------------------------------------------------------- - -/** This class represents a change cipher record used in SSLv3.0/SSLv3.1. - * - * type holds the change cipher type used (currently only 1 is valid (rfc 2246)) - */ -class SSLv3_ChangeCipherRecord : public SSLv3_Record{ -public: - SSLv3_ChangeCipherRecord(const u_char* data, int len, uint16 version, - SSLv3_Endpoint const* e); - ~SSLv3_ChangeCipherRecord(); - int GetType() const; - - /** This method delivers the SSLv3_ChangeCipherRecord to the - * SSLv3_Interpreter passed as argument. - * - * @param conn the SSLv3_Interpreter to which this - * SSLv3_ChangeCipherRecord should be delivered - */ - void Deliver(SSLv3_Interpreter* conn); - - int type; ///< holds the change cipher type -}; - -// ---------------------------------------------------------------------------- - -/** This class represents an application record used in SSLv3.0/SSLv3.1. - */ -class SSLv3_ApplicationRecord : public SSLv3_Record { -public: - SSLv3_ApplicationRecord(const u_char* data, int len, uint16 version, - SSLv3_Endpoint const* e); - ~SSLv3_ApplicationRecord(); - - /** This method delivers the SSLv3_ApplicationRecord to the - * SSLv3_Interpreter passed as argument. - * - * @param conn the SSLv3_Interpreter to which this - * SSLv3_ApplicationRecord should be deliverd - */ - void Deliver(SSLv3_Interpreter* conn); -}; - -#endif diff --git a/src/SSLv3Automaton.cc b/src/SSLv3Automaton.cc deleted file mode 100644 index a79c81bd7c..0000000000 --- a/src/SSLv3Automaton.cc +++ /dev/null @@ -1,83 +0,0 @@ -// $Id: SSLv3Automaton.cc 80 2004-07-14 20:15:50Z jason $ - -// ---SSLv3_Automaton---------------------------------------------------------- - -#include "SSLv3Automaton.h" - -SSLv3_Automaton::SSLv3_Automaton(int arg_num_states, int num_trans, - int error_state) - { - num_states = arg_num_states; - states = new SSLv3_State*[num_states]; - for ( int i = 0; i < num_states; ++i ) - states[i] = new SSLv3_State(num_trans, error_state); - } - -SSLv3_Automaton::~SSLv3_Automaton() - { - for ( int i = 0; i < num_states; ++i ) - delete states[i]; - delete [] states; - } - -void SSLv3_Automaton::Describe(ODesc* d) const - { - d->Add("sslAutomaton"); - } - -void SSLv3_Automaton::setStartState(int state) - { - if ( state < num_states ) - startState = state; - } - -void SSLv3_Automaton::addTrans(int state1, int trans, int state2) - { - if ( state1 < num_states && state2 < num_states ) - states[state1]->addTrans(trans, state2); - } - -int SSLv3_Automaton::getNextState(int state, int trans) - { - if ( state < num_states ) - return states[state]->getNextState(trans); - else - return 0; - } - -int SSLv3_Automaton::getStartState() - { - if (startState >= 0) - return startState; - else - return -1; - } - -// ---SSLv3_State-------------------------------------------------------------- - -SSLv3_State::SSLv3_State(int num_trans, int error_state) - { - this->num_trans = num_trans; - transitions = new int[num_trans]; - for ( int i = 0; i < num_trans; ++i ) - transitions[i] = error_state; - } - -SSLv3_State::~SSLv3_State() - { - delete [] transitions; - } - -void SSLv3_State::addTrans(int trans, int state) - { - if ( trans < num_trans ) - transitions[trans] = state; - } - -int SSLv3_State::getNextState(int trans) - { - if ( trans < num_trans ) - return transitions[trans]; - else - return 0; - } diff --git a/src/SSLv3Automaton.h b/src/SSLv3Automaton.h deleted file mode 100644 index f581edbde2..0000000000 --- a/src/SSLv3Automaton.h +++ /dev/null @@ -1,107 +0,0 @@ -// $Id: SSLv3Automaton.h 80 2004-07-14 20:15:50Z jason $ - -#ifndef ssl_v3_automaton_h -#define ssl_v3_automaton_h - -#include "Obj.h" -#include "SSLDefines.h" - -class SSLv3_State; - -/** Class SSLv3_Automaton is there for holding the transitions of a state machine. - * The States are simply Integer Constants >= 0. Same for the transitions. - * The SSLv3_Automaton holds a pointer to an array of pointers to the - * states of the automaton. The array is indexed by the integer that - * represents the corresponding state. - * By default, the automaton is initialized with every transition leading to - * the error_state. - * By calling addTrans() (done in the SSLv3_Interpreter's BuildAutomaton()-method) - * the proper transitions for the SSL automaton are created. - * When calling getNextState(state, trans), you get the next state of the - * automaton, according to state and trans. - * */ -class SSLv3_Automaton : public BroObj { -public: - /* The constructor initialises the states 2-dim. array - * (which's size depends on num_states and num_trans). - * By default, every transition from every state leads to the error_state. - * @param num_states how many states the automaton has - * @param num_trans how many different transitions the automaton has - * @param error_state which Integer the error_state has - */ - SSLv3_Automaton(int num_states, int num_trans, int error_state); - ~SSLv3_Automaton(); - void Describe(ODesc* d) const; - - /* Sets the start state of the automaton. - * @param state the start state - */ - void setStartState(int state); - - /* This method is used for building up the automaton and defining - * from which state you get to which state which what transition. - * @param state1 the state from which the transition starts - * @param trans the transition itself - * @param to which state the transition leads - */ - void addTrans(int state1, int trans, int state2); - - /* Used for determinig into which state the automaton gets by using the - * given transition in the given state. - * @param state the state from which the transition starts - * @param trans the transition itself - * @return the state to which the transition leads - */ - int getNextState(int state, int trans); - int getStartState(); - int OutRef() - { - return RefCnt(); - } - -protected: - int num_states; ///< how many states the automaton has - SSLv3_State** states; ///< the pointer to the array of pointers that holds the states - int startState; ///< the start state of the automaton - -}; - -// ---------------------------------------------------------------------------- - -/** This class represents a state of the SSLv3_Automaton. - * It holds a pointer to an array of integers, which corresponds to the - * succeeding states of this state when "taking" a transition. - * The transition array is indexed by the integer-values corresponding to - * the transitions of the automaton. - * */ -class SSLv3_State { -public: - /* The constructor initialises the state. By default, every transition - * of the automaton leads to the error_state. - * @param num_trans how many different transitions the automaton has - * @param error_state how many different transitions the automaton has - */ - SSLv3_State(int num_trans, int error_state); - ~SSLv3_State(); - - /* This method is used for building up the automaton and is invoked by - * the SSLv3_Automaton's addTrans()-method. It defines the successing state - * of the automaton by taking the transition trans in this state. - * @param trans the transition, - * @param that leads to the state - */ - void addTrans(int trans, int state); - - /* Used for determinig into which state the automaton gets by using the - * given transition in the this state. - * @param trans which transition is to be taken - * @return the resulting state of the automaton - */ - int getNextState(int trans); - -protected: - int num_trans; ///< how many transitions the automaton has - int* transitions; ///< the array of successing states of this state by taking the transition that indexes this array -}; - -#endif diff --git a/src/SerializationFormat.cc b/src/SerializationFormat.cc index d385121cca..b9b3da5fef 100644 --- a/src/SerializationFormat.cc +++ b/src/SerializationFormat.cc @@ -21,6 +21,7 @@ void SerializationFormat::StartRead(char* data, uint32 arg_len) input = data; input_len = arg_len; input_pos = 0; + bytes_read = 0; } void SerializationFormat::EndRead() @@ -44,7 +45,6 @@ void SerializationFormat::StartWrite() output_pos = 0; bytes_written = 0; - bytes_read = 0; } uint32 SerializationFormat::EndWrite(char** data) diff --git a/src/Syslog-binpac.cc b/src/Syslog-binpac.cc new file mode 100644 index 0000000000..c8697d0f3f --- /dev/null +++ b/src/Syslog-binpac.cc @@ -0,0 +1,90 @@ +#include "Syslog-binpac.h" +#include "TCP_Reassembler.h" + +Syslog_Analyzer_binpac::Syslog_Analyzer_binpac(Connection* conn) +: Analyzer(AnalyzerTag::SYSLOG_BINPAC, conn) + { + interp = new binpac::Syslog::Syslog_Conn(this); + did_session_done = 0; + //ADD_ANALYZER_TIMER(&Syslog_Analyzer_binpac::ExpireTimer, + // network_time + Syslog_session_timeout, 1, TIMER_Syslog_EXPIRE); + } + +Syslog_Analyzer_binpac::~Syslog_Analyzer_binpac() + { + delete interp; + } + +void Syslog_Analyzer_binpac::Done() + { + Analyzer::Done(); + + if ( ! did_session_done ) + Event(udp_session_done); + } + +void Syslog_Analyzer_binpac::DeliverPacket(int len, const u_char* data, bool orig, int seq, const IP_Hdr* ip, int caplen) + { + Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); + interp->NewData(orig, data, data + len); + } + +//void Syslog_Analyzer_binpac::ExpireTimer(double t) +// { +// // The - 1.0 in the following is to allow 1 second for the +// // common case of a single request followed by a single reply, +// // so we don't needlessly set the timer twice in that case. +// if ( t - Conn()->LastTime() >= Syslog_session_timeout - 1.0 || terminating ) +// { +// Event(connection_timeout); +// sessions->Remove(Conn()); +// } +// else +// ADD_ANALYZER_TIMER(&Syslog_Analyzer_binpac::ExpireTimer, +// t + Syslog_session_timeout, 1, TIMER_Syslog_EXPIRE); +// } + +//Syslog_TCP_Analyzer_binpac::Syslog_TCP_Analyzer_binpac(Connection* conn) +//: TCP_ApplicationAnalyzer(AnalyzerTag::Syslog_TCP_BINPAC, conn) +// { +// interp = new binpac::Syslog_on_TCP::Syslog_TCP_Conn(this); +// } + +//Syslog_TCP_Analyzer_binpac::~Syslog_TCP_Analyzer_binpac() +// { +// delete interp; +// } + +//void Syslog_TCP_Analyzer_binpac::Done() +// { +// TCP_ApplicationAnalyzer::Done(); +// +// interp->FlowEOF(true); +// interp->FlowEOF(false); +// } + +//void Syslog_TCP_Analyzer_binpac::EndpointEOF(TCP_Reassembler* endp) +// { +// TCP_ApplicationAnalyzer::EndpointEOF(endp); +// interp->FlowEOF(endp->IsOrig()); +// } + +//void Syslog_TCP_Analyzer_binpac::DeliverStream(int len, const u_char* data, +// bool orig) +// { +// TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); +// +// assert(TCP()); +// +// if ( TCP()->IsPartial() || TCP()->HadGap(orig) ) +// // punt-on-partial or stop-on-gap. +// return; +// +// interp->NewData(orig, data, data + len); +// } + +//void Syslog_TCP_Analyzer_binpac::Undelivered(int seq, int len, bool orig) +// { +// TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); +// interp->NewGap(orig, len); +// } diff --git a/src/Syslog-binpac.h b/src/Syslog-binpac.h new file mode 100644 index 0000000000..fcd75edf0e --- /dev/null +++ b/src/Syslog-binpac.h @@ -0,0 +1,55 @@ +#ifndef Syslog_binpac_h +#define Syslog_binpac_h + +#include "UDP.h" +#include "TCP.h" + +#include "syslog_pac.h" + +class Syslog_Analyzer_binpac : public Analyzer { +public: + Syslog_Analyzer_binpac(Connection* conn); + virtual ~Syslog_Analyzer_binpac(); + + virtual void Done(); + virtual void DeliverPacket(int len, const u_char* data, bool orig, + int seq, const IP_Hdr* ip, int caplen); + + static Analyzer* InstantiateAnalyzer(Connection* conn) + { return new Syslog_Analyzer_binpac(conn); } + + static bool Available() + { return syslog_message; } + +protected: + friend class AnalyzerTimer; + void ExpireTimer(double t); + + int did_session_done; + + binpac::Syslog::Syslog_Conn* interp; +}; + +// #include "Syslog_tcp_pac.h" +// +//class Syslog_TCP_Analyzer_binpac : public TCP_ApplicationAnalyzer { +//public: +// Syslog_TCP_Analyzer_binpac(Connection* conn); +// virtual ~Syslog_TCP_Analyzer_binpac(); +// +// virtual void Done(); +// virtual void DeliverStream(int len, const u_char* data, bool orig); +// virtual void Undelivered(int seq, int len, bool orig); +// virtual void EndpointEOF(TCP_Reassembler* endp); +// +// static Analyzer* InstantiateAnalyzer(Connection* conn) +// { return new Syslog_TCP_Analyzer_binpac(conn); } +// +// static bool Available() +// { return (Syslog_request || Syslog_full_request) && FLAGS_use_binpac; } +// +//protected: +// binpac::Syslog_on_TCP::Syslog_TCP_Conn* interp; +//}; +// +#endif diff --git a/src/TCP.cc b/src/TCP.cc index 8ae28aae64..b4ea4f8037 100644 --- a/src/TCP.cc +++ b/src/TCP.cc @@ -2,6 +2,8 @@ // // See the file "COPYING" in the main distribution directory for copyright. +#include + #include "NetVar.h" #include "PIA.h" #include "File.h" diff --git a/src/TCP_Reassembler.cc b/src/TCP_Reassembler.cc index 5e32bfe474..1ebd58331e 100644 --- a/src/TCP_Reassembler.cc +++ b/src/TCP_Reassembler.cc @@ -1,5 +1,7 @@ // $Id: TCP_Reassembler.cc,v 1.1.2.8 2006/05/31 01:52:02 sommer Exp $ +#include + #include "Analyzer.h" #include "TCP_Reassembler.h" #include "TCP.h" @@ -220,11 +222,9 @@ void TCP_Reassembler::Undelivered(int up_to_seq) // handshakes, but Oh Well. if ( content_gap && - (BifConst::report_gaps_for_partial || - (endpoint->state == TCP_ENDPOINT_ESTABLISHED && - peer->state == TCP_ENDPOINT_ESTABLISHED ) - ) - ) + (BifConst::report_gaps_for_partial || + (endpoint->state == TCP_ENDPOINT_ESTABLISHED && + peer->state == TCP_ENDPOINT_ESTABLISHED ) ) ) { val_list* vl = new val_list; vl->append(dst_analyzer->BuildConnVal()); @@ -492,11 +492,9 @@ void TCP_Reassembler::AckReceived(int seq) return; bool test_active = ! skip_deliveries && ! tcp_analyzer->Skipping() && - ( BifConst::report_gaps_for_partial || - (endp->state == TCP_ENDPOINT_ESTABLISHED && - endp->peer->state == TCP_ENDPOINT_ESTABLISHED - ) - ); + ( BifConst::report_gaps_for_partial || + (endp->state == TCP_ENDPOINT_ESTABLISHED && + endp->peer->state == TCP_ENDPOINT_ESTABLISHED ) ); int num_missing = TrimToSeq(seq); diff --git a/src/Type.cc b/src/Type.cc index 458a672d41..6e87a1f83a 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -848,8 +848,8 @@ void TypeDecl::DescribeReST(ODesc* d) const } CommentedTypeDecl::CommentedTypeDecl(BroType* t, const char* i, - attr_list* attrs, std::list* cmnt_list) - : TypeDecl(t, i, attrs) + attr_list* attrs, bool in_record, std::list* cmnt_list) + : TypeDecl(t, i, attrs, in_record) { comments = cmnt_list; } @@ -1157,6 +1157,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const for ( int i = 0; i < num_fields; ++i ) { if ( i > 0 ) + { if ( func_args ) d->Add(", "); else @@ -1164,6 +1165,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const d->NL(); d->NL(); } + } FieldDecl(i)->DescribeReST(d); } diff --git a/src/Type.h b/src/Type.h index 082e950921..b8cb7e2aa5 100644 --- a/src/Type.h +++ b/src/Type.h @@ -420,7 +420,7 @@ public: class CommentedTypeDecl : public TypeDecl { public: CommentedTypeDecl(BroType* t, const char* i, attr_list* attrs = 0, - std::list* cmnt_list = 0); + bool in_record = false, std::list* cmnt_list = 0); virtual ~CommentedTypeDecl(); void DescribeReST(ODesc* d) const; diff --git a/src/UDP.cc b/src/UDP.cc index 08d6d76f4c..e6ed7db853 100644 --- a/src/UDP.cc +++ b/src/UDP.cc @@ -2,6 +2,8 @@ // // See the file "COPYING" in the main distribution directory for copyright. +#include + #include "config.h" #include "Net.h" diff --git a/src/Val.cc b/src/Val.cc index cf9ee031fd..e0ba8df9bf 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -2866,7 +2866,7 @@ RecordVal::RecordVal(RecordType* t) : MutableVal(t) else if ( tag == TYPE_TABLE ) def = new TableVal(type->AsTableType(), a); - else if ( t->Tag() == TYPE_VECTOR ) + else if ( tag == TYPE_VECTOR ) def = new VectorVal(type->AsVectorType()); } diff --git a/src/Var.cc b/src/Var.cc index f265316f17..00ac734c0a 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -242,15 +242,26 @@ void add_type(ID* id, BroType* t, attr_list* attr, int /* is_event */) // t->GetTypeID() is true. if ( generate_documentation ) { - if ( t->Tag() == TYPE_RECORD ) - { - // Only "shallow" copy record types because we want to be able - // to see additions to the original type's list of fields + switch ( t->Tag() ) { + // Only "shallow" copy types that may contain records because + // we want to be able to see additions to the original record type's + // list of fields + case TYPE_RECORD: tnew = new RecordType(t->AsRecordType()->Types()); - } - - else - { + break; + case TYPE_TABLE: + tnew = new TableType(t->AsTableType()->Indices(), + t->AsTableType()->YieldType()); + break; + case TYPE_VECTOR: + tnew = new VectorType(t->AsVectorType()->YieldType()); + break; + case TYPE_FUNC: + tnew = new FuncType(t->AsFuncType()->Args(), + t->AsFuncType()->YieldType(), + t->AsFuncType()->IsEvent()); + break; + default: SerializationFormat* form = new BinarySerializationFormat(); form->StartWrite(); CloneSerializer ss(form); @@ -267,7 +278,7 @@ void add_type(ID* id, BroType* t, attr_list* attr, int /* is_event */) tnew = t->Unserialize(&uinfo); delete [] data; - } + } tnew->SetTypeID(copy_string(id->Name())); } diff --git a/src/X509.cc b/src/X509.cc deleted file mode 100644 index 9de73d2a9d..0000000000 --- a/src/X509.cc +++ /dev/null @@ -1,265 +0,0 @@ -// $Id: X509.cc 6724 2009-06-07 09:23:03Z vern $ - -#include - -#include "X509.h" -#include "config.h" - -// ### NOTE: while d2i_X509 does not take a const u_char** pointer, -// here we assume d2i_X509 does not write to , so it is safe to -// convert data to a non-const pointer. Could some X509 guru verify -// this? - -X509* d2i_X509_(X509** px, const u_char** in, int len) - { -#ifdef OPENSSL_D2I_X509_USES_CONST_CHAR - return d2i_X509(px, in, len); -#else - return d2i_X509(px, (u_char**)in, len); -#endif - } - -X509_STORE* X509_Cert::ctx = 0; -X509_LOOKUP* X509_Cert::lookup = 0; -X509_STORE_CTX X509_Cert::csc; -bool X509_Cert::bInited = false; - -// TODO: Check if Key < 768 Bits => Weakness! -// FIXME: Merge verify and verifyChain. - -void X509_Cert::sslCertificateEvent(Contents_SSL* e, X509* pCert) - { - EventHandlerPtr event = ssl_certificate; - if ( ! event ) - return; - - char tmp[256]; - RecordVal* pX509Cert = new RecordVal(x509_type); - - X509_NAME_oneline(X509_get_issuer_name(pCert), tmp, sizeof tmp); - pX509Cert->Assign(0, new StringVal(tmp)); - X509_NAME_oneline(X509_get_subject_name(pCert), tmp, sizeof tmp); - pX509Cert->Assign(1, new StringVal(tmp)); - pX509Cert->Assign(2, new AddrVal(e->Conn()->OrigAddr())); - - val_list* vl = new val_list; - vl->append(e->BuildConnVal()); - vl->append(pX509Cert); - vl->append(new Val(e->IsOrig(), TYPE_BOOL)); - - e->Conn()->ConnectionEvent(event, e, vl); - } - -void X509_Cert::sslCertificateError(Contents_SSL* e, int error_numbe) - { - Val* err_str = new StringVal(X509_verify_cert_error_string(csc.error)); - val_list* vl = new val_list; - - vl->append(e->BuildConnVal()); - vl->append(new Val(csc.error, TYPE_INT)); - vl->append(err_str); - - e->Conn()->ConnectionEvent(ssl_X509_error, e, vl); - } - -int X509_Cert::init() - { -#if 0 - OpenSSL_add_all_algorithms(); -#endif - - ctx = X509_STORE_new(); - int flag = 0; - int ret = 0; - - if ( x509_trusted_cert_path && - x509_trusted_cert_path->AsString()->Len() > 0 ) - { // add the path(s) for the local CA's certificates - const BroString* pString = x509_trusted_cert_path->AsString(); - - lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir()); - if ( ! lookup ) - { - fprintf(stderr, "X509_Cert::init(): initing lookup failed\n"); - flag = 1; - } - - int i = X509_LOOKUP_add_dir(lookup, - (const char*) pString->Bytes(), - X509_FILETYPE_PEM); - if ( ! i ) - { - fprintf( stderr, "X509_Cert::init(): error adding lookup directory\n" ); - ret = 0; - } - } - else - { - printf("X509: Using the default trusted cert path.\n"); - X509_STORE_set_default_paths(ctx); - } - - // Add crl functionality - will only add if defined and - // X509_STORE_add_lookup was successful. - if ( ! flag && x509_crl_file && x509_crl_file->AsString()->Len() > 0 ) - { - const BroString* rString = x509_crl_file->AsString(); - - if ( X509_load_crl_file(lookup, (const char*) rString->Bytes(), - X509_FILETYPE_PEM) != 1 ) - { - fprintf(stderr, "X509_Cert::init(): error reading CRL file\n"); - ret = 1; - } - -#if 0 - // Note, openssl version must be > 0.9.7(a). - X509_STORE_set_flags(ctx, - X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); -#endif - } - - bInited = true; - return ret; - } - -int X509_Cert::verify(Contents_SSL* e, const u_char* data, uint32 len) - { - if ( ! bInited ) - init(); - - X509* pCert = d2i_X509_(NULL, &data, len); - if ( ! pCert ) - { - // 5 = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY - sslCertificateError(e, 5); - return -1; - } - - sslCertificateEvent(e, pCert); - - X509_STORE_CTX_init(&csc, ctx, pCert, 0); - X509_STORE_CTX_set_time(&csc, 0, (time_t) network_time); - int i = X509_verify_cert(&csc); - X509_STORE_CTX_cleanup(&csc); - int ret = 0; - - int ext = X509_get_ext_count(pCert); - - if ( ext > 0 ) - { - TableVal* x509ex = new TableVal(x509_extension); - val_list* vl = new val_list; - char buf[256]; - - for ( int k = 0; k < ext; ++k ) - { - X509_EXTENSION* ex = X509_get_ext(pCert, k); - ASN1_OBJECT* obj = X509_EXTENSION_get_object(ex); - i2t_ASN1_OBJECT(buf, sizeof(buf), obj); - - Val* index = new Val(k+1, TYPE_COUNT); - Val* value = new StringVal(strlen(buf), buf); - x509ex->Assign(index, value); - Unref(index); - // later we can do critical extensions like: - // X509_EXTENSION_get_critical(ex); - } - - vl->append(e->BuildConnVal()); - vl->append(x509ex); - e->Conn()->ConnectionEvent(process_X509_extensions, e, vl); - } - - if ( ! i ) - { - sslCertificateError(e, csc.error); - ret = csc.error; - } - else - ret = 0; - - delete pCert; - return ret; - } - -int X509_Cert::verifyChain(Contents_SSL* e, const u_char* data, uint32 len) - { - if ( ! bInited ) - init(); - - // Gets an ssl3x cert chain (could be one single cert, too, - // but in chain format). - - // Init the stack. - STACK_OF(X509)* untrustedCerts = sk_X509_new_null(); - if ( ! untrustedCerts ) - { - // Internal error allocating stack of untrusted certs. - // 11 = X509_V_ERR_OUT_OF_MEM - sslCertificateError(e, 11); - return -1; - } - - // NOT AGAIN!!! - // Extract certificates and put them into an OpenSSL Stack. - uint tempLength = 0; - int certCount = 0; - X509* pCert = 0; // base cert, this one is to be verified - - while ( tempLength < len ) - { - ++certCount; - uint32 certLength = - uint32((data[tempLength + 0] << 16) | - data[tempLength + 1] << 8) | - data[tempLength + 2]; - - // Points to current cert. - const u_char* pCurrentCert = &data[tempLength+3]; - - X509* pTemp = d2i_X509_(0, &pCurrentCert, certLength); - if ( ! pTemp ) - { // error is somewhat of a misnomer - // 5 = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY - sslCertificateError(e, 5); - //FIXME: free ptrs - return -1; - } - - if ( certCount == 1 ) - // The first certificate goes directly into the ctx. - pCert = pTemp; - else - // The remaining certificates (if any) are put into - // the list of untrusted certificates - sk_X509_push(untrustedCerts, pTemp); - - tempLength += certLength + 3; - } - - sslCertificateEvent(e, pCert); - - X509_STORE_CTX_init(&csc, ctx, pCert, untrustedCerts); - X509_STORE_CTX_set_time(&csc, 0, (time_t) network_time); - int i = X509_verify_cert(&csc); - X509_STORE_CTX_cleanup(&csc); - //X509_STORE_CTX_free(&csc); - int ret = 0; - - if ( ! i ) - { - sslCertificateError(e, csc.error); - ret = csc.error; - } - else - ret = 0; - - delete pCert; - // Free the stack, incuding. contents. - - // FIXME: could this break Bro's memory tracking? - sk_X509_pop_free(untrustedCerts, X509_free); - - return ret; - } diff --git a/src/X509.h b/src/X509.h deleted file mode 100644 index 284fd3512c..0000000000 --- a/src/X509.h +++ /dev/null @@ -1,33 +0,0 @@ -// $Id: X509.h 3526 2006-09-12 07:32:21Z vern $ - -#ifndef X509_H -#define X509_H - -#include -#include -#include - -#include "SSLProxy.h" - -class X509_Cert { -public: - static X509_STORE* ctx; - static X509_LOOKUP* lookup; - static X509_STORE_CTX csc; - static bool bInited; - - // Initializes the OpenSSL library, which is used for verify(). - static int init(); - - // Wrapper for X.509 error event. - static void sslCertificateError(Contents_SSL* e, int error_numbe); - - // Retrieves a DER-encoded X.509 certificate. Returns 0 on failure. - static int verify(Contents_SSL* e, const u_char* data, uint32 len); - static int verifyChain(Contents_SSL* e, const u_char* data, uint32 len); - - // Wrapper for the ssl_certificate event. - static void sslCertificateEvent(Contents_SSL* e, X509* pCert); -}; - -#endif diff --git a/src/XDR.cc b/src/XDR.cc index cd687bb18f..dcb2e24faf 100644 --- a/src/XDR.cc +++ b/src/XDR.cc @@ -2,6 +2,8 @@ // // See the file "COPYING" in the main distribution directory for copyright. +#include + #include "config.h" #include "XDR.h" @@ -33,7 +35,7 @@ uint64 extract_XDR_uint64(const u_char*& buf, int& len) if ( ! buf || len < 8 ) { buf = 0; - return 0.0; + return 0; } uint64 uhi = extract_XDR_uint32(buf, len); @@ -64,6 +66,9 @@ const u_char* extract_XDR_opaque(const u_char*& buf, int& len, int& n, int max_l if (short_buf_ok) n = std::min(n, len); + if ( short_buf_ok ) + n = std::min(n, len); + if ( n < 0 || n > len || n > max_len ) { // ### Should really flag this as a different sort of error. buf = 0; @@ -79,7 +84,6 @@ const u_char* extract_XDR_opaque(const u_char*& buf, int& len, int& n, int max_l return opaque; } - const u_char* extract_XDR_opaque_fixed(const u_char*& buf, int& len, int n) { if ( ! buf ) diff --git a/src/bro.bif b/src/bro.bif index 8a902656d2..475bd52f7d 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -486,15 +486,15 @@ function to_count%(str: string%): count %{ const char* s = str->CheckString(); char* end_s; - + uint64 u = (uint64) strtoll(s, &end_s, 10); - + if ( s[0] == '\0' || end_s[0] != '\0' ) { builtin_run_time("bad conversion to count", @ARG@[0]); u = 0; } - + return new Val(u, TYPE_COUNT); %} @@ -556,7 +556,7 @@ function to_addr%(ip: string%): addr delete [] s; return ret; %} - + function count_to_v4_addr%(ip: count%): addr %{ if ( ip > 4294967295 ) @@ -564,7 +564,7 @@ function count_to_v4_addr%(ip: count%): addr builtin_run_time("conversion of non-IPv4 count to addr", @ARG@[0]); return new AddrVal(uint32(0)); } - + return new AddrVal(htonl(uint32(ip))); %} @@ -1348,7 +1348,7 @@ function fmt_ftp_port%(a: addr, p: port%): string function decode_netbios_name%(name: string%): string %{ char buf[16]; - char result[32]; + char result[16]; const u_char* s = name->Bytes(); int i, j; @@ -1370,7 +1370,7 @@ function decode_netbios_name%(name: string%): string break; } - return new StringVal(result); + return new StringVal(i, result); %} function decode_netbios_name_type%(name: string%): count @@ -3106,7 +3106,13 @@ function lookup_location%(a: addr%) : geo_location } #else - builtin_run_time("Bro was not configured for GeoIP support"); + static int missing_geoip_reported = 0; + + if ( ! missing_geoip_reported ) + { + builtin_run_time("Bro was not configured for GeoIP support"); + missing_geoip_reported = 1; + } #endif // We can get here even if we have GeoIP support if we weren't @@ -3164,7 +3170,13 @@ function lookup_asn%(a: addr%) : count return new Val(atoi(gir+2), TYPE_COUNT); } #else - builtin_run_time("Bro was not configured for GeoIP ASN support"); + static int missing_geoip_reported = 0; + + if ( ! missing_geoip_reported ) + { + builtin_run_time("Bro was not configured for GeoIP ASN support"); + missing_geoip_reported = 1; + } #endif // We can get here even if we have GeoIP support, if we weren't @@ -3328,21 +3340,146 @@ function entropy_test_finish%(index: any%): entropy_test_result return ent_result; %} +function bro_has_ipv6%(%) : bool + %{ +#ifdef BROv6 + return new Val(1, TYPE_BOOL); +#else + return new Val(0, TYPE_BOOL); +#endif + %} + +function unique_id%(prefix: string%) : string + %{ + char tmp[20]; + uint64 uid = calculate_unique_id(); + return new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62, prefix->CheckString())); + %} + +%%{ +#include +#include +#include + +// This is the indexed map of X509 certificate stores. +static map x509_stores; + +// ### NOTE: while d2i_X509 does not take a const u_char** pointer, +// here we assume d2i_X509 does not write to , so it is safe to +// convert data to a non-const pointer. Could some X509 guru verify +// this? + +X509* d2i_X509_(X509** px, const u_char** in, int len) + { +#ifdef OPENSSL_D2I_X509_USES_CONST_CHAR + return d2i_X509(px, in, len); +#else + return d2i_X509(px, (u_char**)in, len); +#endif + } + +%%} + + +function x509_verify%(der_cert: string, cert_stack: string_vec, root_certs: table_string_of_string%): count + %{ + X509_STORE* ctx = 0; + int i = 0; + + // If this certificate store was built previously, just reuse the old one. + BroString* s = convert_index_to_string(root_certs); + if ( x509_stores.count(*s) > 0 ) + ctx = x509_stores[*s]; + + if ( ! ctx ) // lookup to see if we have this one built already! + { + ctx = X509_STORE_new(); + TableVal* root_certs2 = root_certs->AsTableVal(); + ListVal* idxs = root_certs2->ConvertToPureList(); + + // Build the validation store + for ( i = 0; i < idxs->Length(); ++i ) + { + Val* key = idxs->Index(i); + StringVal *sv = root_certs2->Lookup(key)->AsStringVal(); + const uint8* data = sv->Bytes(); + X509* x = d2i_X509_(NULL, &data, sv->Len()); + if ( ! x ) + { + builtin_run_time(fmt("Root CA error: %s", ERR_error_string(ERR_peek_last_error(),NULL))); + return new Val((uint64) ERR_get_error(), TYPE_COUNT); + } + X509_STORE_add_cert(ctx, x); + } + + // Save the newly constructed certificate store into the cacheing map. + x509_stores[*s] = ctx; + } + + STACK_OF(X509)* untrusted_certs = sk_X509_new_null(); + if ( ! untrusted_certs ) + { + builtin_run_time(fmt("Untrusted certificate stack initialization error: %s", ERR_error_string(ERR_peek_last_error(),NULL))); + return new Val((uint64) ERR_get_error(), TYPE_COUNT); + } + + VectorVal *cert_stack_vec = cert_stack->AsVectorVal(); + for ( i = 0; i < (int) cert_stack_vec->Size(); ++i ) + { + StringVal *sv = cert_stack_vec->Lookup(i)->AsStringVal(); + const uint8 *data = sv->Bytes(); + X509* x = d2i_X509_(NULL, &data, sv->Len()); + if ( ! x ) + { + builtin_run_time(fmt("Untrusted certificate stack creation error: %s", ERR_error_string(ERR_peek_last_error(),NULL))); + return new Val((uint64) ERR_get_error(), TYPE_COUNT); + } + sk_X509_push(untrusted_certs, x); + } + + const uint8 *cert_data = der_cert->Bytes(); + + X509_STORE_CTX csc; + X509* cert = d2i_X509_(NULL, &cert_data, der_cert->Len()); + if ( ! cert ) + { + builtin_run_time(fmt("Certificate error: %s", ERR_error_string(ERR_peek_last_error(),NULL))); + return new Val((uint64) ERR_get_error(), TYPE_COUNT); + } + + X509_STORE_CTX_init(&csc, ctx, cert, untrusted_certs); + X509_STORE_CTX_set_time(&csc, 0, (time_t) network_time); + + int result = X509_verify_cert(&csc); + X509_STORE_CTX_cleanup(&csc); + + if ( untrusted_certs ) + sk_X509_pop_free(untrusted_certs, X509_free); + + return new Val((uint64) csc.error, TYPE_COUNT); + %} + +function x509_err2str%(err_num: count%): string + %{ + return new StringVal(X509_verify_cert_error_string(err_num)); + %} + function NFS3::mode2string%(mode: count%): string %{ char str[12]; char *p = str; - /* usr */ if (mode & S_IRUSR) *p++ = 'r'; else *p++ = '-'; + if (mode & S_IWUSR) *p++ = 'w'; else *p++ = '-'; + switch (mode & (S_IXUSR | S_ISUID)) { case 0: *p++ = '-'; @@ -3357,6 +3494,7 @@ function NFS3::mode2string%(mode: count%): string *p++ = 's'; break; } + /* group */ if (mode & S_IRGRP) *p++ = 'r'; @@ -3366,6 +3504,7 @@ function NFS3::mode2string%(mode: count%): string *p++ = 'w'; else *p++ = '-'; + switch (mode & (S_IXGRP | S_ISGID)) { case 0: *p++ = '-'; @@ -3380,6 +3519,7 @@ function NFS3::mode2string%(mode: count%): string *p++ = 's'; break; } + /* other */ if (mode & S_IROTH) *p++ = 'r'; @@ -3389,6 +3529,7 @@ function NFS3::mode2string%(mode: count%): string *p++ = 'w'; else *p++ = '-'; + switch (mode & (S_IXOTH | S_ISVTX)) { case 0: *p++ = '-'; @@ -3403,6 +3544,7 @@ function NFS3::mode2string%(mode: count%): string *p++ = 't'; break; } + *p = '\0'; return new StringVal(str); diff --git a/src/const.bif b/src/const.bif index 0cb7c720d2..825c21e7a5 100644 --- a/src/const.bif +++ b/src/const.bif @@ -1,6 +1,6 @@ # $Id: const.bif 3929 2007-01-14 00:37:59Z vern $ -# Documentation and default values for these are located in policy/bro.init +# Documentation and default values for these are located in policy/bro.init. const ignore_keep_alive_rexmit: bool; const skip_http_data: bool; @@ -8,7 +8,6 @@ const parse_udp_tunnels: bool; const use_conn_size_analyzer: bool; const report_gaps_for_partial: bool; -# NFS analyzer settings. See bro.init for documentation const NFS3::return_data: bool; const NFS3::return_data_max: count; const NFS3::return_data_first_only: bool; diff --git a/src/event.bif b/src/event.bif index 6e8577da40..fed999356f 100644 --- a/src/event.bif +++ b/src/event.bif @@ -52,6 +52,7 @@ event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%); event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); +event icmp_redirect%(c: connection, icmp: icmp_conn, a: addr%); event net_stats_update%(t: time, ns: net_stats%); event conn_stats%(c: connection, os: endpoint_stats, rs: endpoint_stats%); event conn_weird%(name: string, c: connection%); @@ -156,6 +157,13 @@ event mime_all_data%(c: connection, length: count, data: string%); event mime_event%(c: connection, event_type: string, detail: string%); event mime_content_hash%(c: connection, content_len: count, hash_value: string%); +# Generated for each RPC request / reply *pair* (if there is no reply, the event +# will be generated on timeout). +event rpc_dialogue%(c: connection, prog: count, ver: count, proc: count, status: rpc_status, start_time: time, call_len: count, reply_len: count%); +# Generated for each (correctly formed) RPC_CALL message received. +event rpc_call%(c: connection, xid: count, prog: count, ver: count, proc: count, call_len: count%); +# Generated for each (correctly formed) RPC_REPLY message received. +event rpc_reply%(c: connection, xid: count, status: rpc_status, reply_len: count%); # Generated for each RPC request / reply *pair* (if there is no reply, the event # will be generated on timeout). @@ -179,12 +187,12 @@ event pm_attempt_dump%(r: connection, status: rpc_status%); event pm_attempt_callit%(r: connection, status: rpc_status, call: pm_callit_request%); event pm_bad_port%(r: connection, bad_p: count%); -# Event for the NFS analyzer. An event is generated if we have received a -# Call (request) / Response pair (or in case of a time out). -# info$rpc_stat and info$nfs_stat show whether the request was successful. -# The request record is always filled out, however, the reply record(s) might not be set or -# might only be partially set. See the comments for the record types in -# bro.init to see which reply fields are set when. +# Events for the NFS analyzer. An event is generated if we have received a +# Call (request) / Response pair (or in case of a time out). info$rpc_stat and +# info$nfs_stat show whether the request was successful. The request record is +# always filled out, however, the reply record(s) might not be set or might only +# be partially set. See the comments for the record types in bro.init to see which +# reply fields are set when. event nfs_proc_null%(c: connection, info: NFS3::info_t%); event nfs_proc_not_implemented%(c: connection, info: NFS3::info_t, proc: NFS3::proc_t%); @@ -199,7 +207,7 @@ event nfs_proc_remove%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t event nfs_proc_rmdir%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t, rep: NFS3::delobj_reply_t%); event nfs_proc_readdir%(c: connection, info: NFS3::info_t, req: NFS3::readdirargs_t, rep: NFS3::readdir_reply_t%); -# Generated for each NFS reply message we receive. Just gives the status. +# Generated for each NFS reply message we receive, giving just gives the status. event nfs_reply_status%(n: connection, info: NFS3::info_t%); event ntp_message%(u: connection, msg: ntp_msg, excess: string%); @@ -287,19 +295,15 @@ event http_stats%(c: connection, stats: http_stats_rec%); event ssh_client_version%(c: connection, version: string%); event ssh_server_version%(c: connection, version: string%); -event ssl_certificate_seen%(c: connection, is_server: bool%); -event ssl_certificate%(c: connection, cert: X509, is_server: bool%); -event ssl_conn_attempt%(c: connection, version: count, ciphers: cipher_suites_list%); -event ssl_conn_server_reply%(c: connection, version: count, ciphers: cipher_suites_list%); -event ssl_conn_established%(c: connection, version: count, cipher_suite: count%); -event ssl_conn_reused%(c: connection, session_id: SSL_sessionID%); -event ssl_conn_alert%(c: connection, version: count, level: count, - description: count%); -event ssl_conn_weak%(name: string, c: connection%); +event ssl_client_hello%(c: connection, version: count, possible_ts: time, session_id: string, ciphers: count_set%); +event ssl_server_hello%(c: connection, version: count, possible_ts: time, session_id: string, cipher: count, comp_method: count%); +event ssl_extension%(c: connection, code: count, val: string%); +event ssl_established%(c: connection%); +event ssl_alert%(c: connection, level: count, desc: count%); -event ssl_session_insertion%(c: connection, id: SSL_sessionID%); -event process_X509_extensions%(c: connection, ex: X509_extension%); -event ssl_X509_error%(c: connection, err: int, err_string: string%); +event x509_certificate%(c: connection, cert: X509, is_server: bool, chain_idx: count, chain_len: count, der_cert: string%); +event x509_extension%(c: connection, data: string%); +event x509_error%(c: connection, err: count%); event stp_create_endp%(c: connection, e: int, is_orig: bool%); event stp_resume_endp%(e: int%); @@ -410,6 +414,8 @@ event irc_password_message%(c: connection, password: string%); event file_transferred%(c: connection, prefix: string, descr: string, mime_type: string%); event file_virus%(c: connection, virname: string%); +event syslog_message%(c: connection, facility: count, severity: count, msg: string%); + event signature_match%(state: signature_state, msg: string, data: string%); # Generated if a handler finds an identification of the software diff --git a/src/main.cc b/src/main.cc index 70a1d8e4e9..37acbdeaeb 100644 --- a/src/main.cc +++ b/src/main.cc @@ -740,6 +740,20 @@ int main(int argc, char** argv) } #endif + if ( generate_documentation ) + { + std::list::iterator it; + + for ( it = docs_generated.begin(); it != docs_generated.end(); ++it ) + (*it)->WriteDocFile(); + + for ( it = docs_generated.begin(); it != docs_generated.end(); ++it ) + delete *it; + + terminate_bro(); + return 0; + } + if ( nerr > 0 ) { delete dns_mgr; @@ -975,20 +989,6 @@ int main(int argc, char** argv) mgr.Drain(); - if ( generate_documentation ) - { - std::list::iterator it; - - for ( it = docs_generated.begin(); it != docs_generated.end(); ++it ) - (*it)->WriteDocFile(); - - for ( it = docs_generated.begin(); it != docs_generated.end(); ++it ) - delete *it; - - terminate_bro(); - return 0; - } - have_pending_timers = ! reading_traces && timer_mgr->Size() > 0; if ( io_sources.Size() > 0 || have_pending_timers ) diff --git a/src/parse.y b/src/parse.y index 288b6c4cfe..8b3f8d64c8 100644 --- a/src/parse.y +++ b/src/parse.y @@ -936,6 +936,7 @@ type_decl: if ( generate_documentation ) { + // TypeDecl ctor deletes the attr list, so make a copy attr_list* a = $5; attr_list* a_copy = 0; @@ -947,7 +948,7 @@ type_decl: } last_fake_type_decl = new CommentedTypeDecl( - $4, $2, a_copy, concat_opt_docs($1, $7)); + $4, $2, a_copy, (in_record > 0), concat_opt_docs($1, $7)); } $$ = new TypeDecl($4, $2, $5, (in_record > 0)); @@ -1091,8 +1092,10 @@ decl: new RecordType(fake_type_decl_list); ID* fake = create_dummy_id($3, fake_record); fake_type_decl_list = 0; - current_reST_doc->AddRedef( - new BroDocObj(fake, reST_doc_comments, true)); + BroDocObj* o = + new BroDocObj(fake, reST_doc_comments, true); + o->SetRole(true); + current_reST_doc->AddRedef(o); } else { diff --git a/src/scan.l b/src/scan.l index 3c41c6731d..8db694c53c 100644 --- a/src/scan.l +++ b/src/scan.l @@ -4,6 +4,11 @@ #include +#include +#include +#include +#include + #include "input.h" #include "util.h" #include "Scope.h" @@ -19,11 +24,6 @@ #include "Analyzer.h" #include "AnalyzerTags.h" -#include -#include -#include -#include - extern YYLTYPE yylloc; // holds start line and column of token extern int print_loaded_scripts; extern int generate_documentation; @@ -558,7 +558,7 @@ static int load_files_with_prefix(const char* orig_file) else strcpy(new_filename, file); - f = search_for_file(new_filename, "bro", &full_filename); + f = search_for_file(new_filename, "bro", &full_filename, true); delete [] new_filename; } diff --git a/src/ssl-analyzer.pac b/src/ssl-analyzer.pac index 9c899ff2b6..7e0c3199b3 100644 --- a/src/ssl-analyzer.pac +++ b/src/ssl-analyzer.pac @@ -1,5 +1,3 @@ -# $Id:$ - # Analyzer for SSL (Bro-specific part). %extern{ @@ -11,8 +9,7 @@ #include "util.h" #include -#include -#include "X509.h" +#include %} @@ -46,22 +43,20 @@ %} -function to_table_val(data : uint8[]) : TableVal +function to_string_val(data : uint8[]) : StringVal %{ - TableVal* tv = new TableVal(SSL_sessionID); - for ( unsigned int i = 0; i < data->size(); i += 4 ) - { - uint32 temp = 0; - for ( unsigned int j = 0; j < 4; ++j ) - if ( i + j < data->size() ) - temp |= (*data)[i + j] << (24 - 8 * j); + assert(data->size() <= 32); - Val* idx = new Val(i / 4, TYPE_COUNT); - tv->Assign(idx, new Val((*data)[i], TYPE_COUNT)); - Unref(idx); + char tmp[32]; + memset(tmp, 0, sizeof(tmp)); + + if ( data ) + { + for ( unsigned int i = data->size(); i > 0; --i ) + tmp[i-1] = (*data)[i-1]; } - return tv; + return new StringVal(32, tmp); %} function version_ok(vers : uint16) : bool @@ -83,7 +78,7 @@ function convert_ciphers_uint24(ciph : uint24[]) : int[] vector* newciph = new vector(); std::transform(ciph->begin(), ciph->end(), - std::back_inserter(*newciph), to_int()); + std::back_inserter(*newciph), to_int()); return newciph; %} @@ -93,7 +88,7 @@ function convert_ciphers_uint16(ciph : uint16[]) : int[] vector* newciph = new vector(); std::copy(ciph->begin(), ciph->end(), - std::back_inserter(*newciph)); + std::back_inserter(*newciph)); return newciph; %} @@ -101,23 +96,10 @@ function convert_ciphers_uint16(ciph : uint16[]) : int[] refine analyzer SSLAnalyzer += { %member{ Analyzer* bro_analyzer_; - - vector* client_session_id_; - vector* advertised_ciphers_; - int version_; - int cipher_; %} %init{ bro_analyzer_ = 0; - - client_session_id_ = 0; - advertised_ciphers_ = new vector; - version_ = -1; - cipher_ = -1; - - if ( ! X509_Cert::bInited ) - X509_Cert::init(); %} %eof{ @@ -128,11 +110,6 @@ refine analyzer SSLAnalyzer += { %} %cleanup{ - delete client_session_id_; - client_session_id_ = 0; - - delete advertised_ciphers_; - advertised_ciphers_ = 0; %} function bro_analyzer() : Analyzer @@ -145,282 +122,203 @@ refine analyzer SSLAnalyzer += { bro_analyzer_ = a; %} - function check_cipher(cipher : int) : bool - %{ - if ( ! ssl_compare_cipherspecs ) - return true; - - if ( std::find(advertised_ciphers_->begin(), - advertised_ciphers_->end(), cipher) == - advertised_ciphers_->end() ) - { - bro_analyzer()->ProtocolViolation("chosen cipher not advertised before"); - return false; - } - - return true; - %} - - function certificate_error(err_num : int) : void - %{ - StringVal* err_str = - new StringVal(X509_verify_cert_error_string(err_num)); - BifEvent::generate_ssl_X509_error(bro_analyzer_, bro_analyzer_->Conn(), - err_num, err_str); - %} - - function proc_change_cipher_spec(msg : ChangeCipherSpec) : bool + function proc_change_cipher_spec(rec: SSLRecord) : bool %{ if ( state_ == STATE_TRACK_LOST ) bro_analyzer()->ProtocolViolation(fmt("unexpected ChangeCipherSpec from %s at state %s", - orig_label(current_record_is_orig_).c_str(), + orig_label(${rec.is_orig}).c_str(), state_label(old_state_).c_str())); return true; %} - function proc_application_data(msg : ApplicationData) : bool + function proc_application_data(rec: SSLRecord) : bool %{ if ( state_ != STATE_CONN_ESTABLISHED ) bro_analyzer()->ProtocolViolation(fmt("unexpected ApplicationData from %s at state %s", - orig_label(current_record_is_orig_).c_str(), + orig_label(${rec.is_orig}).c_str(), state_label(old_state_).c_str())); return true; %} - function proc_alert(level : int, description : int) : bool + function proc_alert(rec: SSLRecord, level : int, desc : int) : bool %{ - BifEvent::generate_ssl_conn_alert(bro_analyzer_, bro_analyzer_->Conn(), - current_record_version_, level, - description); + BifEvent::generate_ssl_alert(bro_analyzer_, bro_analyzer_->Conn(), + level, desc); return true; %} - function proc_client_hello(version : uint16, session_id : uint8[], - csuits : int[]) : bool + function proc_client_hello(rec: SSLRecord, + version : uint16, ts : double, + session_id : uint8[], + cipher_suites : int[]) : bool %{ if ( state_ == STATE_TRACK_LOST ) bro_analyzer()->ProtocolViolation(fmt("unexpected client hello message from %s in state %s", - orig_label(current_record_is_orig_).c_str(), + orig_label(${rec.is_orig}).c_str(), state_label(old_state_).c_str())); if ( ! version_ok(version) ) bro_analyzer()->ProtocolViolation(fmt("unsupported client SSL version 0x%04x", version)); - delete client_session_id_; - client_session_id_ = new vector(*session_id); - - TableVal* cipher_table = new TableVal(cipher_suites_list); - for ( unsigned int i = 0; i < csuits->size(); ++i ) + if ( ssl_client_hello ) { - Val* ciph = new Val((*csuits)[i], TYPE_COUNT); - cipher_table->Assign(ciph, 0); - Unref(ciph); - } + BroType* count_t = base_type(TYPE_COUNT); + TypeList* set_index = new TypeList(count_t); + set_index->Append(count_t); + SetType* s = new SetType(set_index, 0); + TableVal* cipher_set = new TableVal(s); + for ( unsigned int i = 0; i < cipher_suites->size(); ++i ) + { + Val* ciph = new Val((*cipher_suites)[i], TYPE_COUNT); + cipher_set->Assign(ciph, 0); + Unref(ciph); + } - BifEvent::generate_ssl_conn_attempt(bro_analyzer_, bro_analyzer_->Conn(), - version, cipher_table); - - if ( ssl_compare_cipherspecs ) - { - delete advertised_ciphers_; - advertised_ciphers_ = csuits; + BifEvent::generate_ssl_client_hello(bro_analyzer_, bro_analyzer_->Conn(), + version, ts, + to_string_val(session_id), + cipher_set); } - else - delete csuits; return true; %} - function proc_server_hello(version : uint16, session_id : uint8[], - ciphers : int[], v2_sess_hit : int) : bool + function proc_server_hello(rec: SSLRecord, + version : uint16, ts : double, + session_id : uint8[], + cipher_suite : uint16, + comp_method : uint8) : bool %{ if ( state_ == STATE_TRACK_LOST ) bro_analyzer()->ProtocolViolation(fmt("unexpected server hello message from %s in state %s", - orig_label(current_record_is_orig_).c_str(), + orig_label(${rec.is_orig}).c_str(), state_label(old_state_).c_str())); if ( ! version_ok(version) ) bro_analyzer()->ProtocolViolation(fmt("unsupported server SSL version 0x%04x", version)); - version_ = version; - - TableVal* chosen_ciphers = new TableVal(cipher_suites_list); - for ( unsigned int i = 0; i < ciphers->size(); ++i ) + if ( ssl_server_hello ) { - Val* ciph = new Val((*ciphers)[i], TYPE_COUNT); - chosen_ciphers->Assign(ciph, 0); - Unref(ciph); - } - - BifEvent::generate_ssl_conn_server_reply(bro_analyzer_, - bro_analyzer_->Conn(), - version_, chosen_ciphers); - - if ( v2_sess_hit < 0 ) - { // this is SSLv3 - cipher_ = (*ciphers)[0]; - check_cipher(cipher_); - TableVal* tv = to_table_val(session_id); - if ( client_session_id_ && - *client_session_id_ == *session_id ) - BifEvent::generate_ssl_conn_reused(bro_analyzer_, - bro_analyzer_->Conn(), tv); - else - BifEvent::generate_ssl_session_insertion(bro_analyzer_, - bro_analyzer_->Conn(), tv); - - delete ciphers; - } - - else if ( v2_sess_hit > 0 ) - { // this is SSLv2 and a session hit - if ( client_session_id_ ) - { - TableVal* tv = to_table_val(client_session_id_); - BifEvent::generate_ssl_conn_reused(bro_analyzer_, - bro_analyzer_->Conn(), tv); - } - - // We don't know the chosen cipher, as there is - // no session storage. - BifEvent::generate_ssl_conn_established(bro_analyzer_, + BifEvent::generate_ssl_server_hello(bro_analyzer_, bro_analyzer_->Conn(), - version_, 0xffffffff); - delete ciphers; - } - - else - { - // This is SSLv2; we have to set advertised - // ciphers to server ciphers. - if ( ssl_compare_cipherspecs ) - { - delete advertised_ciphers_; - advertised_ciphers_ = ciphers; - } + version, ts, + to_string_val(session_id), + cipher_suite, comp_method); } bro_analyzer()->ProtocolConfirmation(); return true; %} - function proc_certificate(certificates : bytestring[]) : bool + function proc_ssl_extension(type: int, data: bytestring) : bool + %{ + if ( ssl_extension ) + BifEvent::generate_ssl_extension(bro_analyzer_, + bro_analyzer_->Conn(), type, + new StringVal(data.length(), (const char*) data.data())); + return true; + %} + + function proc_certificate(rec: SSLRecord, certificates : bytestring[]) : bool %{ if ( state_ == STATE_TRACK_LOST ) bro_analyzer()->ProtocolViolation(fmt("unexpected certificate message from %s in state %s", - orig_label(current_record_is_orig_).c_str(), + orig_label(${rec.is_orig}).c_str(), state_label(old_state_).c_str())); - if ( ! ssl_analyze_certificates ) - return true; if ( certificates->size() == 0 ) return true; - BifEvent::generate_ssl_certificate_seen(bro_analyzer_, - bro_analyzer_->Conn(), - ! current_record_is_orig_); + STACK_OF(X509)* untrusted_certs = 0; - const bytestring& cert = (*certificates)[0]; - const uint8* data = cert.data(); - - X509* pCert = d2i_X509_binpac(NULL, &data, cert.length()); - if ( ! pCert ) + if ( x509_certificate ) { - // X509_V_UNABLE_TO_DECRYPT_CERT_SIGNATURE - certificate_error(4); - return false; - } - - RecordVal* pX509Cert = new RecordVal(x509_type); - - char tmp[256]; - X509_NAME_oneline(X509_get_issuer_name(pCert), tmp, sizeof tmp); - pX509Cert->Assign(0, new StringVal(tmp)); - X509_NAME_oneline(X509_get_subject_name(pCert), tmp, sizeof tmp); - - pX509Cert->Assign(1, new StringVal(tmp)); - pX509Cert->Assign(2, new AddrVal(bro_analyzer_->Conn()->OrigAddr())); - - BifEvent::generate_ssl_certificate(bro_analyzer_, bro_analyzer_->Conn(), - pX509Cert, current_record_is_orig_); - - if ( X509_get_ext_count(pCert) > 0 ) - { - TableVal* x509ex = new TableVal(x509_extension); - - for ( int k = 0; k < X509_get_ext_count(pCert); ++k ) + X509* pCert = 0; + for ( unsigned int i = 0; i < certificates->size(); ++i ) { - X509_EXTENSION* ex = X509_get_ext(pCert, k); - ASN1_OBJECT* obj = X509_EXTENSION_get_object(ex); - - char buf[256]; - i2t_ASN1_OBJECT(buf, sizeof(buf), obj); - Val* index = new Val(k+1, TYPE_COUNT); - Val* value = new StringVal(strlen(buf), buf); - x509ex->Assign(index, value); - Unref(index); - } - - BifEvent::generate_process_X509_extensions(bro_analyzer_, - bro_analyzer_->Conn(), x509ex); - } - - if ( ssl_verify_certificates ) - { - STACK_OF(X509)* untrusted_certs = 0; - if ( certificates->size() > 1 ) - { - untrusted_certs = sk_X509_new_null(); - if ( ! untrusted_certs ) + const bytestring& cert = (*certificates)[i]; + const uint8* data = cert.data(); + X509* pTemp = d2i_X509_binpac(NULL, &data, cert.length()); + if ( ! pTemp ) { - // X509_V_ERR_OUT_OF_MEM; - certificate_error(17); + BifEvent::generate_x509_error(bro_analyzer_, bro_analyzer_->Conn(), + ERR_get_error()); return false; } - for ( unsigned int i = 1; - i < certificates->size(); ++i ) - { - const bytestring& temp = - (*certificates)[i]; - const uint8* tdata = temp.data(); - X509* pTemp = d2i_X509_binpac(NULL, - &tdata, temp.length()); - if ( ! pTemp ) - { - // X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT - certificate_error(2); - return false; - } + RecordVal* pX509Cert = new RecordVal(x509_type); + char tmp[256]; + BIO *bio = BIO_new(BIO_s_mem()); - sk_X509_push(untrusted_certs, pTemp); + pX509Cert->Assign(0, new Val((uint64) X509_get_version(pTemp), TYPE_COUNT)); + i2a_ASN1_INTEGER(bio, X509_get_serialNumber(pTemp)); + int len = BIO_read(bio, &(*tmp), sizeof tmp); + pX509Cert->Assign(1, new StringVal(len, tmp)); + + X509_NAME_print_ex(bio, X509_get_subject_name(pTemp), 0, XN_FLAG_RFC2253); + len = BIO_gets(bio, &(*tmp), sizeof tmp); + pX509Cert->Assign(2, new StringVal(len, tmp)); + X509_NAME_print_ex(bio, X509_get_issuer_name(pTemp), 0, XN_FLAG_RFC2253); + len = BIO_gets(bio, &(*tmp), sizeof tmp); + pX509Cert->Assign(3, new StringVal(len, tmp)); + BIO_free(bio); + + pX509Cert->Assign(4, new Val(get_time_from_asn1(X509_get_notBefore(pTemp)), TYPE_TIME)); + pX509Cert->Assign(5, new Val(get_time_from_asn1(X509_get_notAfter(pTemp)), TYPE_TIME)); + StringVal* der_cert = new StringVal(cert.length(), (const char*) cert.data()); + + BifEvent::generate_x509_certificate(bro_analyzer_, bro_analyzer_->Conn(), + pX509Cert, + ! ${rec.is_orig}, + i, certificates->size(), + der_cert); + + // Are there any X509 extensions? + if ( x509_extension && X509_get_ext_count(pTemp) > 0 ) + { + BroType* count_t = base_type(TYPE_COUNT); + TypeList* set_index = new TypeList(count_t); + set_index->Append(count_t); + SetType* s = new SetType(set_index, 0); + TableVal* x509ex = new TableVal(s); + int num_ext = X509_get_ext_count(pTemp); + for ( int k = 0; k < num_ext; ++k ) + { + char *pBuffer = 0; + int length = 0; + + X509_EXTENSION* ex = X509_get_ext(pTemp, k); + if (ex) + { + ASN1_STRING *pString = X509_EXTENSION_get_data(ex); + length = ASN1_STRING_to_UTF8((unsigned char**)&pBuffer, pString); + //i2t_ASN1_OBJECT(&pBuffer, length, obj) + + // -1 indicates an error. + if ( length < 0 ) + continue; + + StringVal* value = new StringVal(length, pBuffer); + BifEvent::generate_x509_extension(bro_analyzer_, + bro_analyzer_->Conn(), value); + OPENSSL_free(pBuffer); + } + } } } - - X509_STORE_CTX csc; - X509_STORE_CTX_init(&csc, X509_Cert::ctx, - pCert, untrusted_certs); - X509_STORE_CTX_set_time(&csc, 0, time_t(network_time())); - if (! X509_verify_cert(&csc)) - certificate_error(csc.error); - X509_STORE_CTX_cleanup(&csc); - - sk_X509_pop_free(untrusted_certs, X509_free); } - - X509_free(pCert); - return true; + return true; %} - function proc_v2_certificate(cert : bytestring) : bool + function proc_v2_certificate(rec: SSLRecord, cert : bytestring) : bool %{ vector* cert_list = new vector(1,cert); - bool ret = proc_certificate(cert_list); + bool ret = proc_certificate(rec, cert_list); delete cert_list; return ret; %} - function proc_v3_certificate(cl : CertificateList) : bool + function proc_v3_certificate(rec: SSLRecord, cl : CertificateList) : bool %{ vector* certs = cl->val(); vector* cert_list = new vector(); @@ -428,65 +326,61 @@ refine analyzer SSLAnalyzer += { std::transform(certs->begin(), certs->end(), std::back_inserter(*cert_list), extract_certs()); - bool ret = proc_certificate(cert_list); + bool ret = proc_certificate(rec, cert_list); delete cert_list; return ret; %} - function proc_v2_client_master_key(cipher : int) : bool + function proc_v2_client_master_key(rec: SSLRecord, cipher_kind: int) : bool %{ if ( state_ == STATE_TRACK_LOST ) bro_analyzer()->ProtocolViolation(fmt("unexpected v2 client master key message from %s in state %s", - orig_label(current_record_is_orig_).c_str(), + orig_label(${rec.is_orig}).c_str(), state_label(old_state_).c_str())); - check_cipher(cipher); - BifEvent::generate_ssl_conn_established(bro_analyzer_, - bro_analyzer_->Conn(), version_, cipher); + BifEvent::generate_ssl_established(bro_analyzer_, + bro_analyzer_->Conn()); return true; %} - function proc_unknown_handshake(msg_type : int) : bool + function proc_unknown_handshake(hs: Handshake, is_orig: bool) : bool %{ bro_analyzer()->ProtocolViolation(fmt("unknown handshake message (%d) from %s", - msg_type, orig_label(current_record_is_orig_).c_str())); + ${hs.msg_type}, orig_label(is_orig).c_str())); return true; %} - function proc_handshake(msg : Handshake) : bool + function proc_handshake(hs: Handshake, is_orig: bool) : bool %{ if ( state_ == STATE_TRACK_LOST ) bro_analyzer()->ProtocolViolation(fmt("unexpected Handshake message %s from %s in state %s", - handshake_type_label(msg->msg_type()).c_str(), - orig_label(current_record_is_orig_).c_str(), + handshake_type_label(${hs.msg_type}).c_str(), + orig_label(is_orig).c_str(), state_label(old_state_).c_str())); return true; %} - function proc_unknown_record(msg : UnknownRecord) : bool + function proc_unknown_record(rec: SSLRecord) : bool %{ bro_analyzer()->ProtocolViolation(fmt("unknown SSL record type (%d) from %s", - current_record_type_, - orig_label(current_record_is_orig_).c_str())); + ${rec.content_type}, + orig_label(${rec.is_orig}).c_str())); return true; %} - function proc_ciphertext_record(msg : CiphertextRecord) : bool + function proc_ciphertext_record(rec : SSLRecord) : bool %{ if ( state_ == STATE_TRACK_LOST ) bro_analyzer()->ProtocolViolation(fmt("unexpected ciphertext record from %s in state %s", - orig_label(current_record_is_orig_).c_str(), + orig_label(${rec.is_orig}).c_str(), state_label(old_state_).c_str())); - if ( state_ == STATE_CONN_ESTABLISHED && - old_state_ == STATE_COMM_ENCRYPTED ) - { - BifEvent::generate_ssl_conn_established(bro_analyzer_, - bro_analyzer_->Conn(), - version_, cipher_); - } + else if ( state_ == STATE_CONN_ESTABLISHED && + old_state_ == STATE_COMM_ENCRYPTED ) + BifEvent::generate_ssl_established(bro_analyzer_, + bro_analyzer_->Conn()); return true; %} @@ -494,72 +388,80 @@ refine analyzer SSLAnalyzer += { }; refine typeattr ChangeCipherSpec += &let { - proc : bool = $context.analyzer.proc_change_cipher_spec(this) + proc : bool = $context.analyzer.proc_change_cipher_spec(rec) &requires(state_changed); }; refine typeattr Alert += &let { - proc : bool = $context.analyzer.proc_alert(level, description); + proc : bool = $context.analyzer.proc_alert(rec, level, description); }; refine typeattr V2Error += &let { - proc : bool = $context.analyzer.proc_alert(-1, error_code); + proc : bool = $context.analyzer.proc_alert(rec, -1, error_code); }; refine typeattr ApplicationData += &let { - proc : bool = $context.analyzer.proc_application_data(this); + proc : bool = $context.analyzer.proc_application_data(rec); }; refine typeattr ClientHello += &let { - proc : bool = $context.analyzer.proc_client_hello(client_version, + proc : bool = $context.analyzer.proc_client_hello(rec, client_version, + gmt_unix_time, session_id, convert_ciphers_uint16(csuits)) &requires(state_changed); }; refine typeattr V2ClientHello += &let { - proc : bool = $context.analyzer.proc_client_hello(client_version, + proc : bool = $context.analyzer.proc_client_hello(rec, client_version, 0, session_id, convert_ciphers_uint24(ciphers)) &requires(state_changed); }; refine typeattr ServerHello += &let { - proc : bool = $context.analyzer.proc_server_hello(server_version, - session_id, convert_ciphers_uint16(cipher_suite), -1) + proc : bool = $context.analyzer.proc_server_hello(rec, server_version, + gmt_unix_time, session_id, cipher_suite, + compression_method) &requires(state_changed); }; refine typeattr V2ServerHello += &let { - proc : bool = $context.analyzer.proc_server_hello(server_version, 0, - convert_ciphers_uint24(ciphers), session_id_hit) + proc : bool = $context.analyzer.proc_server_hello(rec, server_version, 0, 0, + convert_ciphers_uint24(ciphers)[0], 0) &requires(state_changed); - cert : bool = $context.analyzer.proc_v2_certificate(cert_data) + cert : bool = $context.analyzer.proc_v2_certificate(rec, cert_data) &requires(proc); }; refine typeattr Certificate += &let { - proc : bool = $context.analyzer.proc_v3_certificate(certificates) + proc : bool = $context.analyzer.proc_v3_certificate(rec, certificates) &requires(state_changed); }; refine typeattr V2ClientMasterKey += &let { - proc : bool = $context.analyzer.proc_v2_client_master_key(to_int()(cipher_kind)) + proc : bool = $context.analyzer.proc_v2_client_master_key(rec, to_int()(cipher_kind)) &requires(state_changed); }; refine typeattr UnknownHandshake += &let { - proc : bool = $context.analyzer.proc_unknown_handshake(msg_type); + proc : bool = $context.analyzer.proc_unknown_handshake(hs, is_orig); }; refine typeattr Handshake += &let { - proc : bool = $context.analyzer.proc_handshake(this); + proc : bool = $context.analyzer.proc_handshake(this, rec.is_orig); }; refine typeattr UnknownRecord += &let { - proc : bool = $context.analyzer.proc_unknown_record(this); + proc : bool = $context.analyzer.proc_unknown_record(rec); }; refine typeattr CiphertextRecord += &let { - proc : bool = $context.analyzer.proc_ciphertext_record(this) - &requires(state_changed); + proc : bool = $context.analyzer.proc_ciphertext_record(rec); +} + +refine typeattr SSLExtension += &let { + proc : bool = $context.analyzer.proc_ssl_extension(type, data); }; + + + diff --git a/src/ssl-protocol.pac b/src/ssl-protocol.pac index a0121c2496..d8a8c79745 100644 --- a/src/ssl-protocol.pac +++ b/src/ssl-protocol.pac @@ -1,5 +1,3 @@ -# $Id:$ - # Analyzer for SSL messages (general part). # To be used in conjunction with an SSL record-layer analyzer. # Separation is necessary due to possible fragmentation of SSL records. @@ -26,6 +24,57 @@ type uint24 = record { extern type to_int; +type SSLRecord(is_orig: bool) = record { + head0 : uint8; + head1 : uint8; + head2 : uint8; + head3 : uint8; + head4 : uint8; + rec : RecordText(this, is_orig) &requires(content_type), &restofdata; +} &length = length+5, &byteorder=bigendian, + &let { + version : int = + $context.analyzer.determine_ssl_version(head0, head1, head2); + + content_type : int = case version of { + UNKNOWN_VERSION -> 0; + SSLv20 -> head2+300; + default -> head0; + }; + + length : int = case version of { + UNKNOWN_VERSION -> 0; + SSLv20 -> (((head0 & 0x7f) << 8) | head1) - 3; + default -> (head3 << 8) | head4; + }; +}; + +type RecordText(rec: SSLRecord, is_orig: bool) = case $context.analyzer.state() of { + STATE_ABBREV_SERVER_ENCRYPTED, STATE_CLIENT_ENCRYPTED, + STATE_COMM_ENCRYPTED, STATE_CONN_ESTABLISHED + -> ciphertext : CiphertextRecord(rec, is_orig); + default + -> plaintext : PlaintextRecord(rec, is_orig); +}; + +type PlaintextRecord(rec: SSLRecord, is_orig: bool) = case rec.content_type of { + CHANGE_CIPHER_SPEC -> ch_cipher : ChangeCipherSpec(rec); + ALERT -> alert : Alert(rec); + HANDSHAKE -> handshake : Handshake(rec)[]; + APPLICATION_DATA -> app_data : ApplicationData(rec); + V2_ERROR -> v2_error : V2Error(rec); + V2_CLIENT_HELLO -> v2_client_hello : V2ClientHello(rec); + V2_CLIENT_MASTER_KEY -> v2_client_master_key : V2ClientMasterKey(rec); + V2_SERVER_HELLO -> v2_server_hello : V2ServerHello(rec); + default -> unknown_record : UnknownRecord(rec); +}; + +type SSLExtension = record { + type: uint16; + data_len: uint16; + data: bytestring &length=data_len; +}; + ###################################################################### # state management according to Section 7.3. in spec ###################################################################### @@ -99,6 +148,104 @@ enum AnalyzerState { { return string(is_orig ? "originator" :"responder"); } + + double get_time_from_asn1(const ASN1_TIME * atime) + { + time_t lResult = 0; + + char lBuffer[24]; + char * pBuffer = lBuffer; + + size_t lTimeLength = atime->length; + char * pString = (char *) atime->data; + + if ( atime->type == V_ASN1_UTCTIME ) + { + if ( lTimeLength < 11 || lTimeLength > 17 ) + return 0; + + memcpy(pBuffer, pString, 10); + pBuffer += 10; + pString += 10; + } + else + { + if ( lTimeLength < 13 ) + return 0; + + memcpy(pBuffer, pString, 12); + pBuffer += 12; + pString += 12; + } + + if ((*pString == 'Z') || (*pString == '-') || (*pString == '+')) + { + *(pBuffer++) = '0'; + *(pBuffer++) = '0'; + } + else + { + *(pBuffer++) = *(pString++); + *(pBuffer++) = *(pString++); + + // Skip any fractional seconds... + if (*pString == '.') + { + pString++; + while ((*pString >= '0') && (*pString <= '9')) + pString++; + } + } + + *(pBuffer++) = 'Z'; + *(pBuffer++) = '\0'; + + time_t lSecondsFromUTC; + + if ( *pString == 'Z' ) + lSecondsFromUTC = 0; + + else + { + if ((*pString != '+') && (pString[5] != '-')) + return 0; + + lSecondsFromUTC = ((pString[1]-'0') * 10 + (pString[2]-'0')) * 60; + lSecondsFromUTC += (pString[3]-'0') * 10 + (pString[4]-'0'); + + if (*pString == '-') + lSecondsFromUTC = -lSecondsFromUTC; + } + + tm lTime; + lTime.tm_sec = ((lBuffer[10] - '0') * 10) + (lBuffer[11] - '0'); + lTime.tm_min = ((lBuffer[8] - '0') * 10) + (lBuffer[9] - '0'); + lTime.tm_hour = ((lBuffer[6] - '0') * 10) + (lBuffer[7] - '0'); + lTime.tm_mday = ((lBuffer[4] - '0') * 10) + (lBuffer[5] - '0'); + lTime.tm_mon = (((lBuffer[2] - '0') * 10) + (lBuffer[3] - '0')) - 1; + lTime.tm_year = ((lBuffer[0] - '0') * 10) + (lBuffer[1] - '0'); + + if ( lTime.tm_year < 50 ) + lTime.tm_year += 100; // RFC 2459 + + lTime.tm_wday = 0; + lTime.tm_yday = 0; + lTime.tm_isdst = 0; // No DST adjustment requested + + lResult = mktime(&lTime); + + if ( lResult ) + { + if ( 0 != lTime.tm_isdst ) + lResult -= 3600; // mktime may adjust for DST (OS dependent) + + lResult += lSecondsFromUTC; + } + else + lResult = 0; + + return lResult; + } %} ###################################################################### @@ -115,7 +262,9 @@ enum HandshakeType { SERVER_HELLO_DONE = 14, CERTIFICATE_VERIFY = 15, CLIENT_KEY_EXCHANGE = 16, - FINISHED = 20 + FINISHED = 20, + CERTIFICATE_URL = 21, # RFC 3546 + CERTIFICATE_STATUS = 22, # RFC 3546 }; %code{ @@ -132,6 +281,8 @@ enum HandshakeType { case CERTIFICATE_VERIFY: return string("CERTIFICATE_VERIFY"); case CLIENT_KEY_EXCHANGE: return string("CLIENT_KEY_EXCHANGE"); case FINISHED: return string("FINISHED"); + case CERTIFICATE_URL: return string("CERTIFICATE_URL"); + case CERTIFICATE_STATUS: return string("CERTIFICATE_STATUS"); default: return string(fmt("UNKNOWN (%d)", type)); } } @@ -142,23 +293,25 @@ enum HandshakeType { # V3 Change Cipher Spec Protocol (7.1.) ###################################################################### -type ChangeCipherSpec = record { +type ChangeCipherSpec(rec: SSLRecord) = record { type : uint8; } &length = 1, &let { state_changed : bool = - $context.analyzer.transition(STATE_CLIENT_FINISHED, - STATE_COMM_ENCRYPTED, false) || - $context.analyzer.transition(STATE_IN_SERVER_HELLO, - STATE_ABBREV_SERVER_ENCRYPTED, false) || - $context.analyzer.transition(STATE_CLIENT_KEY_NO_CERT, - STATE_CLIENT_ENCRYPTED, true) || - $context.analyzer.transition(STATE_CLIENT_CERT_VERIFIED, - STATE_CLIENT_ENCRYPTED, true) || - $context.analyzer.transition(STATE_CLIENT_KEY_WITH_CERT, - STATE_CLIENT_ENCRYPTED, true) || - $context.analyzer.transition(STATE_ABBREV_SERVER_FINISHED, - STATE_COMM_ENCRYPTED, true) || - $context.analyzer.lost_track(); + $context.analyzer.transition(STATE_CLIENT_FINISHED, + STATE_COMM_ENCRYPTED, rec.is_orig, false) || + $context.analyzer.transition(STATE_IN_SERVER_HELLO, + STATE_ABBREV_SERVER_ENCRYPTED, rec.is_orig, false) || + $context.analyzer.transition(STATE_CLIENT_KEY_NO_CERT, + STATE_CLIENT_ENCRYPTED, rec.is_orig, true) || + $context.analyzer.transition(STATE_CLIENT_CERT_VERIFIED, + STATE_CLIENT_ENCRYPTED, rec.is_orig, true) || + #$context.analyzer.transition(STATE_CLIENT_CERT, + # STATE_CLIENT_ENCRYPTED, rec.is_orig, true) || + $context.analyzer.transition(STATE_CLIENT_KEY_WITH_CERT, + STATE_CLIENT_ENCRYPTED, rec.is_orig, true) || + $context.analyzer.transition(STATE_ABBREV_SERVER_FINISHED, + STATE_COMM_ENCRYPTED, rec.is_orig, true) || + $context.analyzer.lost_track(); }; @@ -166,19 +319,19 @@ type ChangeCipherSpec = record { # V3 Alert Protocol (7.2.) ###################################################################### -type Alert = record { +type Alert(rec: SSLRecord) = record { level : uint8; description: uint8; -} &length = 2; +}; ###################################################################### # V2 Error Records (SSLv2 2.7.) ###################################################################### -type V2Error = record { +type V2Error(rec: SSLRecord) = record { error_code : uint16; -} &length = 2; +}; ###################################################################### @@ -187,9 +340,7 @@ type V2Error = record { # Application data should always be encrypted, so we should not # reach this point. -type ApplicationData = empty &let { - discard: bool = $context.flow.discard_data(); -}; +type ApplicationData(rec: SSLRecord) = empty; ###################################################################### # Handshake Protocol (7.4.) @@ -200,7 +351,7 @@ type ApplicationData = empty &let { ###################################################################### # Hello Request is empty -type HelloRequest = empty &let { +type HelloRequest(rec: SSLRecord) = empty &let { hr: bool = $context.analyzer.set_hello_requested(true); }; @@ -209,7 +360,7 @@ type HelloRequest = empty &let { # V3 Client Hello (7.4.1.2.) ###################################################################### -type ClientHello = record { +type ClientHello(rec: SSLRecord) = record { client_version : uint16; gmt_unix_time : uint32; random_bytes : bytestring &length = 28 &transient; @@ -219,12 +370,16 @@ type ClientHello = record { csuits : uint16[csuit_len/2]; cmeth_len : uint8 &check(cmeth_len > 0); cmeths : uint8[cmeth_len]; + # This weirdness is to deal with the possible existence or absence + # of the following fields. + ext_len: uint16[] &until($element == 0 || $element != 0); + extensions : SSLExtension[] &until($input.length() == 0); } &let { state_changed : bool = $context.analyzer.transition(STATE_INITIAL, - STATE_CLIENT_HELLO_RCVD, true) || + STATE_CLIENT_HELLO_RCVD, rec.is_orig, true) || ($context.analyzer.hello_requested() && - $context.analyzer.transition(STATE_ANY, STATE_CLIENT_HELLO_RCVD, true)) || + $context.analyzer.transition(STATE_ANY, STATE_CLIENT_HELLO_RCVD, rec.is_orig, true)) || $context.analyzer.lost_track(); }; @@ -233,7 +388,7 @@ type ClientHello = record { # V2 Client Hello (SSLv2 2.5.) ###################################################################### -type V2ClientHello = record { +type V2ClientHello(rec: SSLRecord) = record { client_version : uint16; csuit_len : uint16; session_len : uint16; @@ -244,9 +399,9 @@ type V2ClientHello = record { } &length = 8 + csuit_len + session_len + chal_len, &let { state_changed : bool = $context.analyzer.transition(STATE_INITIAL, - STATE_CLIENT_HELLO_RCVD, true) || + STATE_CLIENT_HELLO_RCVD, rec.is_orig, true) || ($context.analyzer.hello_requested() && - $context.analyzer.transition(STATE_ANY, STATE_CLIENT_HELLO_RCVD, true)) || + $context.analyzer.transition(STATE_ANY, STATE_CLIENT_HELLO_RCVD, rec.is_orig, true)) || $context.analyzer.lost_track(); }; @@ -255,18 +410,18 @@ type V2ClientHello = record { # V3 Server Hello (7.4.1.3.) ###################################################################### -type ServerHello = record { +type ServerHello(rec: SSLRecord) = record { server_version : uint16; gmt_unix_time : uint32; random_bytes : bytestring &length = 28 &transient; session_len : uint8; session_id : uint8[session_len]; - cipher_suite : uint16[1]; + cipher_suite : uint16; compression_method : uint8; } &let { state_changed : bool = $context.analyzer.transition(STATE_CLIENT_HELLO_RCVD, - STATE_IN_SERVER_HELLO, false) || + STATE_IN_SERVER_HELLO, rec.is_orig, false) || $context.analyzer.lost_track(); }; @@ -275,7 +430,7 @@ type ServerHello = record { # V2 Server Hello (SSLv2 2.6.) ###################################################################### -type V2ServerHello = record { +type V2ServerHello(rec: SSLRecord) = record { session_id_hit : uint8; cert_type : uint8; server_version : uint16; @@ -289,9 +444,9 @@ type V2ServerHello = record { state_changed : bool = (session_id_hit > 0 ? $context.analyzer.transition(STATE_CLIENT_HELLO_RCVD, - STATE_CONN_ESTABLISHED, false) : + STATE_CONN_ESTABLISHED, rec.is_orig, false) : $context.analyzer.transition(STATE_CLIENT_HELLO_RCVD, - STATE_V2_CL_MASTER_KEY_EXPECTED, false)) || + STATE_V2_CL_MASTER_KEY_EXPECTED, rec.is_orig, false)) || $context.analyzer.lost_track(); }; @@ -307,15 +462,15 @@ type X509Certificate = record { type CertificateList = X509Certificate[] &until($input.length() == 0); -type Certificate = record { +type Certificate(rec: SSLRecord) = record { length : uint24; certificates : CertificateList &length = to_int()(length); } &let { state_changed : bool = $context.analyzer.transition(STATE_IN_SERVER_HELLO, - STATE_IN_SERVER_HELLO, false) || + STATE_IN_SERVER_HELLO, rec.is_orig, false) || $context.analyzer.transition(STATE_SERVER_HELLO_DONE, - STATE_CLIENT_CERT, true) || + STATE_CLIENT_CERT, rec.is_orig, true) || $context.analyzer.lost_track(); }; @@ -325,12 +480,12 @@ type Certificate = record { ###################################################################### # For now ignore details; just eat up complete message -type ServerKeyExchange = record { - cont : bytestring &restofdata &transient; +type ServerKeyExchange(rec: SSLRecord) = record { + key : bytestring &restofdata; } &let { state_changed : bool = $context.analyzer.transition(STATE_IN_SERVER_HELLO, - STATE_IN_SERVER_HELLO, false) || + STATE_IN_SERVER_HELLO, rec.is_orig, false) || $context.analyzer.lost_track(); }; @@ -340,12 +495,12 @@ type ServerKeyExchange = record { ###################################################################### # For now, ignore Certificate Request Details; just eat up message. -type CertificateRequest = record { +type CertificateRequest(rec: SSLRecord) = record { cont : bytestring &restofdata &transient; } &let { state_changed : bool = $context.analyzer.transition(STATE_IN_SERVER_HELLO, - STATE_IN_SERVER_HELLO, false) || + STATE_IN_SERVER_HELLO, rec.is_orig, false) || $context.analyzer.lost_track(); }; @@ -355,10 +510,10 @@ type CertificateRequest = record { ###################################################################### # Server Hello Done is empty -type ServerHelloDone = empty &let { +type ServerHelloDone(rec: SSLRecord) = empty &let { state_changed : bool = $context.analyzer.transition(STATE_IN_SERVER_HELLO, - STATE_SERVER_HELLO_DONE, false) || + STATE_SERVER_HELLO_DONE, rec.is_orig, false) || $context.analyzer.lost_track(); }; @@ -377,14 +532,16 @@ type ServerHelloDone = empty &let { # For now ignore details of ClientKeyExchange (most of it is # encrypted anyway); just eat up message. -type ClientKeyExchange = record { +type ClientKeyExchange(rec: SSLRecord) = record { cont : bytestring &restofdata &transient; } &let { state_changed : bool = $context.analyzer.transition(STATE_SERVER_HELLO_DONE, - STATE_CLIENT_KEY_NO_CERT, true) || + STATE_CLIENT_KEY_NO_CERT, rec.is_orig, true) || $context.analyzer.transition(STATE_CLIENT_CERT, - STATE_CLIENT_KEY_WITH_CERT, true) || + STATE_CLIENT_KEY_WITH_CERT, rec.is_orig, true) || + $context.analyzer.transition(STATE_CLIENT_CERT, + STATE_CLIENT_KEY_WITH_CERT, rec.is_orig, true) || $context.analyzer.lost_track(); }; @@ -392,7 +549,7 @@ type ClientKeyExchange = record { # V2 Client Master Key (SSLv2 2.5.) ###################################################################### -type V2ClientMasterKey = record { +type V2ClientMasterKey(rec: SSLRecord) = record { cipher_kind : uint24; cl_key_len : uint16; en_key_len : uint16; @@ -403,7 +560,7 @@ type V2ClientMasterKey = record { } &length = 9 + cl_key_len + en_key_len + key_arg_len, &let { state_changed : bool = $context.analyzer.transition(STATE_V2_CL_MASTER_KEY_EXPECTED, - STATE_CONN_ESTABLISHED, true) || + STATE_CONN_ESTABLISHED, rec.is_orig, true) || $context.analyzer.lost_track(); }; @@ -413,12 +570,12 @@ type V2ClientMasterKey = record { ###################################################################### # For now, ignore Certificate Verify; just eat up the message. -type CertificateVerify = record { +type CertificateVerify(rec: SSLRecord) = record { cont : bytestring &restofdata &transient; } &let { state_changed : bool = $context.analyzer.transition(STATE_CLIENT_KEY_WITH_CERT, - STATE_CLIENT_CERT_VERIFIED, true) || + STATE_CLIENT_CERT_VERIFIED, rec.is_orig, true) || $context.analyzer.lost_track(); }; @@ -427,35 +584,40 @@ type CertificateVerify = record { # V3 Finished (7.4.9.) ###################################################################### -# The Finished messages are always sent after encryption is in effect, -# so we will not be able to read those message +# The finished messages are always sent after encryption is in effect, +# so we will not be able to read those message. ###################################################################### # V3 Handshake Protocol (7.) ###################################################################### -type UnknownHandshake(msg_type : uint8) = record { +type UnknownHandshake(hs: Handshake, is_orig: bool) = record { cont : bytestring &restofdata &transient; } &let { - state_changed : bool = $context.analyzer.lost_track(); + # TODO: an unknown handshake could just be an encrypted handshake + # before a server sends the change cipher spec message. + # I have no clue why this happens, but it does seem to happen. + # This should be solved in a different way eventually. + #state_changed : bool = $context.analyzer.lost_track(); }; -type Handshake = record { + +type Handshake(rec: SSLRecord) = record { msg_type : uint8; length : uint24; body : case msg_type of { - HELLO_REQUEST -> hello_request : HelloRequest; - CLIENT_HELLO -> client_hello : ClientHello; - SERVER_HELLO -> server_hello : ServerHello; - CERTIFICATE -> certificate : Certificate; - SERVER_KEY_EXCHANGE -> server_key_exchange : ServerKeyExchange; - CERTIFICATE_REQUEST -> certificate_request : CertificateRequest; - SERVER_HELLO_DONE -> server_hello_done : ServerHelloDone; - CERTIFICATE_VERIFY -> certificate_verify : CertificateVerify; - CLIENT_KEY_EXCHANGE -> client_key_exchange : ClientKeyExchange; - default -> unknown_handshake : UnknownHandshake(msg_type); + HELLO_REQUEST -> hello_request : HelloRequest(rec); + CLIENT_HELLO -> client_hello : ClientHello(rec); + SERVER_HELLO -> server_hello : ServerHello(rec); + CERTIFICATE -> certificate : Certificate(rec); + SERVER_KEY_EXCHANGE -> server_key_exchange : ServerKeyExchange(rec); + CERTIFICATE_REQUEST -> certificate_request : CertificateRequest(rec); + SERVER_HELLO_DONE -> server_hello_done : ServerHelloDone(rec); + CERTIFICATE_VERIFY -> certificate_verify : CertificateVerify(rec); + CLIENT_KEY_EXCHANGE -> client_key_exchange : ClientKeyExchange(rec); + default -> unknown_handshake : UnknownHandshake(this, rec.is_orig); }; } &length = 4 + to_int()(length); @@ -464,40 +626,26 @@ type Handshake = record { # Fragmentation (6.2.1.) ###################################################################### -type UnknownRecord = record { - cont : empty; +type UnknownRecord(rec: SSLRecord) = record { + cont : bytestring &restofdata &transient; } &let { - discard : bool = $context.flow.discard_data(); state_changed : bool = $context.analyzer.lost_track(); }; -type PlaintextRecord = case $context.analyzer.current_record_type() of { - CHANGE_CIPHER_SPEC -> ch_cipher : ChangeCipherSpec; - ALERT -> alert : Alert; - HANDSHAKE -> handshakes : Handshake; - APPLICATION_DATA -> app_data : ApplicationData; - V2_ERROR -> v2_error : V2Error; - V2_CLIENT_HELLO -> v2_client_hello : V2ClientHello; - V2_CLIENT_MASTER_KEY -> v2_client_master_key : V2ClientMasterKey; - V2_SERVER_HELLO -> v2_server_hello : V2ServerHello; - UNKNOWN_OR_V2_ENCRYPTED -> unknown_record : UnknownRecord; -}; - -type CiphertextRecord = empty &let { - discard : bool = $context.flow.discard_data(); +type CiphertextRecord(rec: SSLRecord, is_orig: bool) = empty &let { state_changed : bool = $context.analyzer.transition(STATE_ABBREV_SERVER_ENCRYPTED, - STATE_ABBREV_SERVER_FINISHED, false) || + STATE_ABBREV_SERVER_FINISHED, rec.is_orig, false) || $context.analyzer.transition(STATE_CLIENT_ENCRYPTED, - STATE_CLIENT_FINISHED, true) || + STATE_CLIENT_FINISHED, rec.is_orig, true) || $context.analyzer.transition(STATE_COMM_ENCRYPTED, - STATE_CONN_ESTABLISHED, false) || + STATE_CONN_ESTABLISHED, rec.is_orig, false) || $context.analyzer.transition(STATE_COMM_ENCRYPTED, - STATE_CONN_ESTABLISHED, true) || + STATE_CONN_ESTABLISHED, rec.is_orig, true) || $context.analyzer.transition(STATE_CONN_ESTABLISHED, - STATE_CONN_ESTABLISHED, false) || + STATE_CONN_ESTABLISHED, rec.is_orig, false) || $context.analyzer.transition(STATE_CONN_ESTABLISHED, - STATE_CONN_ESTABLISHED, true) || + STATE_CONN_ESTABLISHED, rec.is_orig, true) || $context.analyzer.lost_track(); }; @@ -506,15 +654,9 @@ type CiphertextRecord = empty &let { # initial datatype for binpac ###################################################################### -type SSLPDU = case $context.analyzer.state() of { - STATE_ABBREV_SERVER_ENCRYPTED, STATE_CLIENT_ENCRYPTED, - STATE_COMM_ENCRYPTED, STATE_CONN_ESTABLISHED - -> ciphertext : CiphertextRecord; - default - -> plaintext : PlaintextRecord; -} &byteorder = bigendian, &let { - consumed : bool = $context.flow.consume_data(); -}; +type SSLPDU(is_orig: bool) = record { + records : SSLRecord(is_orig)[] &until($element == 0); +} &byteorder = bigendian; ###################################################################### @@ -526,60 +668,48 @@ analyzer SSLAnalyzer { downflow = SSLFlow(false); %member{ - int current_record_type_; - int current_record_version_; - int current_record_length_; - bool current_record_is_orig_; int state_; int old_state_; bool hello_requested_; %} %init{ - current_record_type_ = -1; - current_record_version_ = -1; - current_record_length_ = -1; - current_record_is_orig_ = false; state_ = STATE_INITIAL; old_state_ = STATE_INITIAL; hello_requested_ = false; %} - function current_record_type() : int - %{ return current_record_type_; %} - function current_record_version() : int - %{ return current_record_version_; %} - function current_record_length() : int - %{ return current_record_length_; %} - function current_record_is_orig() : bool - %{ return current_record_is_orig_; %} - - function next_record(rec : const_bytestring, type : int, - version : int, is_orig : bool) : bool + function determine_ssl_version(head0 : uint8, head1 : uint8, + head2 : uint8) : int %{ - current_record_type_ = type; - current_record_version_ = version; - current_record_length_ = rec.length(); - current_record_is_orig_ = is_orig; + if ( head0 >= 20 && head0 <= 23 && + head1 == 0x03 && head2 < 0x03 ) + // This is most probably SSL version 3. + return (head1 << 8) | head2; - NewData(is_orig, rec.begin(), rec.end()); + else if ( head0 >= 128 && head2 < 5 && head2 != 3 ) + // Not very strong evidence, but we suspect + // this to be SSLv2. + return SSLv20; - return true; + else + return UNKNOWN_VERSION; %} function state() : int %{ return state_; %} function old_state() : int %{ return old_state_; %} function transition(olds : AnalyzerState, news : AnalyzerState, - is_orig : bool) : bool + current_record_is_orig : bool, is_orig : bool) : bool %{ if ( (olds != STATE_ANY && olds != state_) || - current_record_is_orig_ != is_orig ) + current_record_is_orig != is_orig ) return false; old_state_ = state_; state_ = news; + //printf("transitioning from %s to %s\n", state_label(old_state()).c_str(), state_label(state()).c_str()); return true; %} @@ -602,29 +732,3 @@ analyzer SSLAnalyzer { return val; %} }; - - -###################################################################### -# binpac flow for SSL -###################################################################### - -flow SSLFlow(is_orig : bool) { - flowunit = SSLPDU withcontext(connection, this); - - function discard_data() : bool - %{ - flow_buffer_->DiscardData(); - return true; - %} - - function data_available() : bool - %{ - return flow_buffer_->data_available(); - %} - - function consume_data() : bool - %{ - flow_buffer_->NewFrame(0, false); - return true; - %} -}; diff --git a/src/ssl-record-layer.pac b/src/ssl-record-layer.pac deleted file mode 100644 index ad6c4ca260..0000000000 --- a/src/ssl-record-layer.pac +++ /dev/null @@ -1,141 +0,0 @@ -# $Id:$ - -# binpac analyzer representing the SSLv3 record layer -# -# This additional layering in the analyzer hierarchy is necessary due to -# fragmentation that can be introduced in the SSL record layer. - -%include binpac.pac -%include bro.pac - -analyzer SSLRecordLayer withcontext { - analyzer : SSLRecordLayerAnalyzer; - flow : SSLRecordLayerFlow; -}; - -%include ssl-defs.pac - -%extern{ -#include "ssl_pac.h" -using binpac::SSL::SSLAnalyzer; -%} - -extern type const_bytestring; - - -type SSLPDU = record { - head0 : uint8; - head1 : uint8; - head2 : uint8; - head3 : uint8; - head4 : uint8; - fragment : bytestring &restofdata; -} &length = 5 + length, &byteorder = bigendian, &let { - version : int = - $context.analyzer.determine_ssl_version(head0, head1, head2); - - length : int = case version of { - UNKNOWN_VERSION -> 0; - SSLv20 -> (((head0 & 0x7f) << 8) | head1) - 3; - default -> (head3 << 8) | head4; - }; - - fw : bool = case version of { - UNKNOWN_VERSION -> - $context.analyzer.forward_record(const_bytestring(), - UNKNOWN_OR_V2_ENCRYPTED, UNKNOWN_VERSION, - $context.flow.is_orig) - && $context.flow.discard_data(); - - SSLv20 -> $context.analyzer.forward_v2_record(head2, head3, head4, - fragment, $context.flow.is_orig); - default -> $context.analyzer.forward_record(fragment, head0, - (head1 << 8) | head2, $context.flow.is_orig); - }; -}; - -# binpac-specific definitions - -analyzer SSLRecordLayerAnalyzer { - upflow = SSLRecordLayerFlow(true); - downflow = SSLRecordLayerFlow(false); - - %member{ - SSLAnalyzer* ssl_analyzer_; - - int ssl_version_; - int record_length_; - %} - - %init{ - ssl_analyzer_ = 0; - ssl_version_ = UNKNOWN_VERSION; - record_length_ = 0; - %} - - %eof{ - ssl_analyzer_->FlowEOF(true); - ssl_analyzer_->FlowEOF(false); - %} - - function set_ssl_analyzer(a : SSLAnalyzer) : void - %{ ssl_analyzer_ = a; %} - - function ssl_version() : int %{ return ssl_version_; %} - function record_length() : int %{ return record_length_; %} - - function determine_ssl_version(head0 : uint8, head1 : uint8, - head2 : uint8) : int - %{ - if ( head0 >= 20 && head0 <= 23 && - head1 == 0x03 && head2 < 0x03 ) - // This is most probably SSL version 3. - ssl_version_ = (head1 << 8) | head2; - - else if ( head0 >= 128 && head2 < 5 && head2 != 3 ) - // Not very strong evidence, but we suspect - // this to be SSLv2. - ssl_version_ = SSLv20; - - else - ssl_version_ = UNKNOWN_VERSION; - - return ssl_version_; - %} - - function forward_record(fragment : const_bytestring, type : int, - version : uint16, is_orig : bool) : bool - %{ - return ssl_analyzer_->next_record(fragment, type, - version, is_orig); - %} - - function forward_v2_record(b1 : uint8, b2 : uint8, b3 : uint8, - fragment : const_bytestring, - is_orig : bool) : bool - %{ - uint8* buffer = new uint8[2 + fragment.length()]; - - // Byte 1 is the record type. - buffer[0] = b2; - buffer[1] = b3; - - memcpy(buffer + 2, fragment.begin(), fragment.length()); - const_bytestring bs(buffer, 2 + fragment.length()); - - bool ret = ssl_analyzer_->next_record(bs, 300 + b1, SSLv20, - is_orig); - delete [] buffer; - return ret; - %} -}; - -flow SSLRecordLayerFlow(is_orig : bool) { - flowunit = SSLPDU withcontext(connection, this); - - function discard_data() : bool - %{ - flow_buffer_->DiscardData(); - return true; - %} -}; diff --git a/src/ssl.pac b/src/ssl.pac index f2cd92eedf..4d40493784 100644 --- a/src/ssl.pac +++ b/src/ssl.pac @@ -15,8 +15,10 @@ analyzer SSL withcontext { flow : SSLFlow; }; - -%include ssl-defs.pac - %include ssl-protocol.pac %include ssl-analyzer.pac +%include ssl-defs.pac + +flow SSLFlow(is_orig : bool) { + flowunit = SSLPDU(is_orig) withcontext(connection, this); +}; diff --git a/src/syslog-analyzer.pac b/src/syslog-analyzer.pac new file mode 100644 index 0000000000..6657a63699 --- /dev/null +++ b/src/syslog-analyzer.pac @@ -0,0 +1,27 @@ + +connection Syslog_Conn(bro_analyzer: BroAnalyzer) +{ + upflow = Syslog_Flow; + downflow = Syslog_Flow; +}; + +flow Syslog_Flow +{ + datagram = Syslog_Message withcontext(connection, this); + + function process_syslog_message(m: Syslog_Message): bool + %{ + BifEvent::generate_syslog_message(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${m.PRI.facility}, + ${m.PRI.severity}, + new StringVal(${m.msg}.length(), (const char*) ${m.msg}.begin()) + ); + return true; + %} + +}; + +refine typeattr Syslog_Message += &let { + proc_syslog_message = $context.flow.process_syslog_message(this); +}; diff --git a/src/syslog-protocol.pac b/src/syslog-protocol.pac new file mode 100644 index 0000000000..a2bf8a31da --- /dev/null +++ b/src/syslog-protocol.pac @@ -0,0 +1,15 @@ +type Syslog_Message = record { + PRI: Syslog_Priority; + msg: bytestring &restofdata; +} &byteorder = littleendian; + +type Syslog_Priority = record { + lt : uint8 &check(lt == "<"); + val : RE/[[:digit:]]+/; + gt : uint8 &check(gt == ">"); +} &let { + val_length: int = sizeof(val) - 1; + int_val: int = bytestring_to_int(val, 10); + severity: int = (int_val & 0x07); + facility: int = (int_val & 0x03f8) >> 3; +}; diff --git a/src/syslog.pac b/src/syslog.pac new file mode 100644 index 0000000000..3c0ecfb10d --- /dev/null +++ b/src/syslog.pac @@ -0,0 +1,10 @@ +%include binpac.pac +%include bro.pac + +analyzer Syslog withcontext { + connection: Syslog_Conn; + flow: Syslog_Flow; +}; + +%include syslog-protocol.pac +%include syslog-analyzer.pac diff --git a/src/types.bif b/src/types.bif index 5b1861924f..8bc5ab8510 100644 --- a/src/types.bif +++ b/src/types.bif @@ -52,33 +52,34 @@ enum rpc_status %{ %} module NFS3; -enum proc_t %{ # NFSv3 procedures - PROC_NULL = 0, # done - PROC_GETATTR = 1, # done - PROC_SETATTR = 2, - PROC_LOOKUP = 3, # done - PROC_ACCESS = 4, - PROC_READLINK = 5, # done - PROC_READ = 6, # done - PROC_WRITE = 7, # done - PROC_CREATE = 8, # partial - PROC_MKDIR = 9, # partial - PROC_SYMLINK = 10, - PROC_MKNOD = 11, - PROC_REMOVE = 12, # done - PROC_RMDIR = 13, # done - PROC_RENAME = 14, - PROC_LINK = 15, - PROC_READDIR = 16, # done - PROC_READDIRPLUS = 17, # done - PROC_FSSTAT = 18, - PROC_FSINFO = 19, - PROC_PATHCONF = 20, - PROC_COMMIT = 21, - PROC_END_OF_PROCS = 22, + +enum proc_t %{ # NFSv3 procedures + PROC_NULL = 0, # done + PROC_GETATTR = 1, # done + PROC_SETATTR = 2, # not implemented + PROC_LOOKUP = 3, # done + PROC_ACCESS = 4, # not implemented + PROC_READLINK = 5, # done + PROC_READ = 6, # done + PROC_WRITE = 7, # done + PROC_CREATE = 8, # partial + PROC_MKDIR = 9, # partial + PROC_SYMLINK = 10, # not implemented + PROC_MKNOD = 11, # not implemented + PROC_REMOVE = 12, # done + PROC_RMDIR = 13, # done + PROC_RENAME = 14, # not implemented + PROC_LINK = 15, # not implemented + PROC_READDIR = 16, # done + PROC_READDIRPLUS = 17, # done + PROC_FSSTAT = 18, # not implemented + PROC_FSINFO = 19, # not implemented + PROC_PATHCONF = 20, # not implemented + PROC_COMMIT = 21, # not implemented + PROC_END_OF_PROCS = 22, # not implemented %} -enum status_t %{ #NFSv3 return status +enum status_t %{ # NFSv3 return status NFS3ERR_OK = 0, NFS3ERR_PERM = 1, NFS3ERR_NOENT = 2, @@ -111,14 +112,13 @@ enum status_t %{ #NFSv3 return status NFS3ERR_UNKNOWN = 0xffffffff, %} - enum file_type_t %{ - FTYPE_REG = 1, - FTYPE_DIR = 2, - FTYPE_BLK = 3, - FTYPE_CHR = 4, - FTYPE_LNK = 5, - FTYPE_SOCK = 6, + FTYPE_REG = 1, + FTYPE_DIR = 2, + FTYPE_BLK = 3, + FTYPE_CHR = 4, + FTYPE_LNK = 5, + FTYPE_SOCK = 6, FTYPE_FIFO = 7, %} @@ -134,8 +134,8 @@ enum createmode_t %{ EXCLUSIVE = 2, %} -# Decleare record types that we want to access from the C++ -# These are defined in bro.init +# Decleare record types that we want to access from the even engine. These are +# defined in bro.init. type info_t: record; type fattr_t: record; type diropargs_t: record; @@ -153,7 +153,6 @@ type direntry_t: record; type direntry_vec_t: vector; type readdir_reply_t: record; - type fsstat_t: record; module Log; diff --git a/src/util.cc b/src/util.cc index 5684fe20c1..f0c38009af 100644 --- a/src/util.cc +++ b/src/util.cc @@ -344,15 +344,27 @@ template int atoi_n(int len, const char* s, const char** end, int base, template int atoi_n(int len, const char* s, const char** end, int base, int& result); template int atoi_n(int len, const char* s, const char** end, int base, int64_t& result); -char* uitoa_n(uint64 value, char* str, int n, int base) +char* uitoa_n(uint64 value, char* str, int n, int base, const char* prefix) { static char dig[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + assert(n); + int i = 0; uint64 v; char* p, *q; char c; + if ( prefix ) + { + strncpy(str, prefix, n); + str[n-1] = '\0'; + i += strlen(prefix); + } + + if ( i >= n ) + return str; + v = value; do { @@ -868,21 +880,45 @@ const char* bro_prefixes() return p; } -FILE* open_file(const char* filename, const char** full_filename) +static const char* PACKAGE_LOADER = "__load__.bro"; + +// If filename is pointing to a directory that contains a file called +// PACKAGE_LOADER, returns the files path. Otherwise returns filename itself. +// In both cases, the returned string is newly allocated. +static const char* check_for_dir(const char* filename, bool load_pkgs) { + if ( load_pkgs && is_dir(filename) ) + { + char init_filename_buf[1024]; + safe_snprintf(init_filename_buf, sizeof(init_filename_buf), + "%s/%s", filename, PACKAGE_LOADER); + + if ( access(init_filename_buf, R_OK) == 0 ) + return copy_string(init_filename_buf); + } + + return copy_string(filename); + } + +FILE* open_file(const char* filename, const char** full_filename, bool load_pkgs) + { + filename = check_for_dir(filename, load_pkgs); + if ( full_filename ) *full_filename = copy_string(filename); FILE* f = fopen(filename, "r"); + delete [] filename; + return f; } FILE* search_for_file(const char* filename, const char* ext, - const char** full_filename) + const char** full_filename, bool load_pkgs) { if ( filename[0] == '/' || filename[0] == '.' ) - return open_file(filename, full_filename); + return open_file(filename, full_filename, load_pkgs); char path[1024], full_filename_buf[1024]; safe_strncpy(path, bro_path(), sizeof(path)); @@ -905,13 +941,12 @@ FILE* search_for_file(const char* filename, const char* ext, "%s/%s.%s", dir_beginning, filename, ext); if ( access(full_filename_buf, R_OK) == 0 && ! is_dir(full_filename_buf) ) - return open_file(full_filename_buf, full_filename); + return open_file(full_filename_buf, full_filename, load_pkgs); safe_snprintf(full_filename_buf, sizeof(full_filename_buf), "%s/%s", dir_beginning, filename); - if ( access(full_filename_buf, R_OK) == 0 && - ! is_dir(full_filename_buf) ) - return open_file(full_filename_buf, full_filename); + if ( access(full_filename_buf, R_OK) == 0 ) + return open_file(full_filename_buf, full_filename, load_pkgs); dir_beginning = ++dir_ending; } @@ -1099,6 +1134,56 @@ int time_compare(struct timeval* tv_a, struct timeval* tv_b) return tv_a->tv_sec - tv_b->tv_sec; } +static uint64 uid_counter; // Counter for unique IDs. +static uint64 uid_instance; // Instance ID, computed once. + +uint64 calculate_unique_id() + { + if ( uid_instance == 0 ) + { + // This is the first time we need a UID. + + if ( ! have_random_seed() ) + { + // If we don't need deterministic output (as + // indicated by a set seed), we calculate the + // instance ID by hashing something likely to be + // globally unique. + struct { + char hostname[128]; + struct timeval time; + pid_t pid; + int rnd; + } unique; + + gethostname(unique.hostname, 128); + unique.hostname[sizeof(unique.hostname)-1] = '\0'; + gettimeofday(&unique.time, 0); + unique.pid = getpid(); + unique.rnd = bro_random(); + + uid_instance = HashKey::HashBytes(&unique, sizeof(unique)); + ++uid_instance; // Now it's larger than zero. + } + + else + // Generate determistic UIDs. + uid_instance = 1; + } + + // Now calculate the unique ID. + struct { + uint64 counter; + hash_t instance; + } key; + + key.counter = ++uid_counter; + key.instance = uid_instance; + + uint64_t h = HashKey::HashBytes(&key, sizeof(key)); + return h; + } + void out_of_memory(const char* where) { fprintf( stderr, "bro: out of memory in %s.\n", where ); diff --git a/src/util.h b/src/util.h index 2320c2965a..24edfbdbc0 100644 --- a/src/util.h +++ b/src/util.h @@ -116,7 +116,7 @@ extern char* strcasestr(const char* s, const char* find); #endif extern const char* strpbrk_n(size_t len, const char* s, const char* charset); template int atoi_n(int len, const char* s, const char** end, int base, T& result); -extern char* uitoa_n(uint64 value, char* str, int n, int base); +extern char* uitoa_n(uint64 value, char* str, int n, int base, const char* prefix=0); int strstr_n(const int big_len, const unsigned char* big, const int little_len, const unsigned char* little); extern int fputs(int len, const char* s, FILE* fp); @@ -195,7 +195,7 @@ extern int int_list_cmp(const void* v1, const void* v2); extern const char* bro_path(); extern const char* bro_prefixes(); extern FILE* search_for_file(const char* filename, const char* ext, - const char** full_filename); + const char** full_filename, bool load_pkgs); // Renames the given file to a new temporary name, and opens a new file with // the original name. Returns new file or NULL on error. Inits rotate_info if @@ -238,6 +238,10 @@ extern struct timeval double_to_timeval(double t); // Return > 0 if tv_a > tv_b, 0 if equal, < 0 if tv_a < tv_b. extern int time_compare(struct timeval* tv_a, struct timeval* tv_b); +// Returns an integer that's very likely to be unique, even across Bro +// instances. +extern uint64 calculate_unique_id(); + // For now, don't use hash_maps - they're not fully portable. #if 0 // Use for hash_map's string keys. diff --git a/testing/btest/Baseline/bifs.unique_id-rnd/count b/testing/btest/Baseline/bifs.unique_id-rnd/count new file mode 100644 index 0000000000..1e8b314962 --- /dev/null +++ b/testing/btest/Baseline/bifs.unique_id-rnd/count @@ -0,0 +1 @@ +6 diff --git a/testing/btest/Baseline/bifs.unique_id/out b/testing/btest/Baseline/bifs.unique_id/out new file mode 100644 index 0000000000..f1275a52d4 --- /dev/null +++ b/testing/btest/Baseline/bifs.unique_id/out @@ -0,0 +1,3 @@ +A-UWkUyAuUGXf +B-56gKBmhBBB6 +C-50da4BEzauh diff --git a/testing/btest/Baseline/core.conn-id/counts b/testing/btest/Baseline/core.conn-id/counts index 3c032078a4..a8fa06e1be 100644 --- a/testing/btest/Baseline/core.conn-id/counts +++ b/testing/btest/Baseline/core.conn-id/counts @@ -1 +1 @@ -18 +62 diff --git a/testing/btest/Baseline/core.conn-id/output b/testing/btest/Baseline/core.conn-id/output index ceba6ae7ac..3f7256278e 100644 --- a/testing/btest/Baseline/core.conn-id/output +++ b/testing/btest/Baseline/core.conn-id/output @@ -1,34 +1,78 @@ -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf diff --git a/testing/btest/Baseline/core.conn-id/output.cc b/testing/btest/Baseline/core.conn-id/output.cc index a980322f50..f03a74f541 100644 --- a/testing/btest/Baseline/core.conn-id/output.cc +++ b/testing/btest/Baseline/core.conn-id/output.cc @@ -1,36 +1,80 @@ -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf diff --git a/testing/btest/Baseline/core.conn-id/output.cc2 b/testing/btest/Baseline/core.conn-id/output.cc2 index ceba6ae7ac..3f7256278e 100644 --- a/testing/btest/Baseline/core.conn-id/output.cc2 +++ b/testing/btest/Baseline/core.conn-id/output.cc2 @@ -1,34 +1,78 @@ -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf diff --git a/testing/btest/Baseline/core.load-pkg/output b/testing/btest/Baseline/core.load-pkg/output new file mode 100644 index 0000000000..01c77289d2 --- /dev/null +++ b/testing/btest/Baseline/core.load-pkg/output @@ -0,0 +1,14 @@ +loading /home/robin/bro/master/policy/bro.init + loading /home/robin/bro/master/build/src/const.bif.bro + loading /home/robin/bro/master/build/src/types.bif.bro + loading /home/robin/bro/master/build/src/strings.bif.bro + loading /home/robin/bro/master/build/src/bro.bif.bro + loading /home/robin/bro/master/policy/logging.bro + loading /home/robin/bro/master/build/src/logging.bif.bro + loading /home/robin/bro/master/policy/logging-ascii.bro + loading /home/robin/bro/master/build/src/event.bif.bro + loading /home/robin/bro/master/policy/pcap.bro + loading /home/robin/bro/master/policy/server-ports.bro +loading ./foo/test.bro +loading ./foo/__load__.bro +Foo loaded diff --git a/testing/btest/Baseline/core.print-bpf-filters/conn.log b/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log similarity index 100% rename from testing/btest/Baseline/core.print-bpf-filters/conn.log rename to testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log diff --git a/testing/btest/Baseline/core.print-bpf-filters-ipv4/output b/testing/btest/Baseline/core.print-bpf-filters-ipv4/output new file mode 100644 index 0000000000..2b517e8666 --- /dev/null +++ b/testing/btest/Baseline/core.print-bpf-filters-ipv4/output @@ -0,0 +1,4 @@ +not ip6 +not ip6 +(not ip6) and (tcp[13] & 7 != 0) +port 42 diff --git a/testing/btest/Baseline/core.print-bpf-filters-ipv6/conn.log b/testing/btest/Baseline/core.print-bpf-filters-ipv6/conn.log new file mode 100644 index 0000000000..fc0008ea13 --- /dev/null +++ b/testing/btest/Baseline/core.print-bpf-filters-ipv6/conn.log @@ -0,0 +1 @@ +1128727435.450898 1.733303 141.42.64.125 125.190.109.199 http 56730 80 tcp 98 9417 SF X diff --git a/testing/btest/Baseline/core.print-bpf-filters/output b/testing/btest/Baseline/core.print-bpf-filters-ipv6/output similarity index 100% rename from testing/btest/Baseline/core.print-bpf-filters/output rename to testing/btest/Baseline/core.print-bpf-filters-ipv6/output diff --git a/testing/btest/Baseline/doc.autogen-reST-example/example.rst b/testing/btest/Baseline/doc.autogen-reST-example/example.rst index f06c23ba8b..516b7b51aa 100644 --- a/testing/btest/Baseline/doc.autogen-reST-example/example.rst +++ b/testing/btest/Baseline/doc.autogen-reST-example/example.rst @@ -279,7 +279,7 @@ Redefinitions document the "SimpleEnum" redef here -.. bro:type:: Example::SimpleRecord +:bro:type:`Example::SimpleRecord` :Type: :bro:type:`record` diff --git a/testing/btest/Baseline/doc.autogen-reST-record-add/autogen-reST-record-add.rst b/testing/btest/Baseline/doc.autogen-reST-record-add/autogen-reST-record-add.rst deleted file mode 100644 index 333600f179..0000000000 --- a/testing/btest/Baseline/doc.autogen-reST-record-add/autogen-reST-record-add.rst +++ /dev/null @@ -1,99 +0,0 @@ -.. Automatically generated. Do not edit. - -autogen-reST-record-add.bro -=========================== - -:download:`Original Source File ` - -Overview --------- - - -Summary -~~~~~~~ -State Variables -############### -===================================== = -:bro:id:`a`: :bro:type:`my_record` - -:bro:id:`b`: :bro:type:`super_record` -===================================== = - -Types -##### -============================================ = -:bro:type:`my_record`: :bro:type:`record` - -:bro:type:`super_record`: :bro:type:`record` -============================================ = - -Functions -######### -===================================== = -:bro:id:`test_func`: :bro:type:`func` -===================================== = - -Redefinitions -############# -========================================= = -:bro:type:`my_record`: :bro:type:`record` -========================================= = - -Public Interface ----------------- -State Variables -~~~~~~~~~~~~~~~ -.. bro:id:: a - - :Type: :bro:type:`my_record` - :Default: - - :: - - { - field1= - field2= - field3= - } - -.. bro:id:: b - - :Type: :bro:type:`super_record` - :Default: - - :: - - { - rec=[field1=, field2=, field3=] - } - -Types -~~~~~ -.. bro:type:: my_record - - :Type: :bro:type:`record` - - field1: :bro:type:`bool` - - field2: :bro:type:`string` - -.. bro:type:: super_record - - :Type: :bro:type:`record` - - rec: :bro:type:`my_record` - -Functions -~~~~~~~~~ -.. bro:id:: test_func - - :Type: :bro:type:`function` () : :bro:type:`void` - -Redefinitions -~~~~~~~~~~~~~ -.. bro:type:: my_record - - :Type: :bro:type:`record` - - field3: :bro:type:`count` :bro:attr:`&optional` - diff --git a/testing/btest/Baseline/istate.events-ssl/receiver.http.log b/testing/btest/Baseline/istate.events-ssl/receiver.http.log new file mode 100644 index 0000000000..b0ca7b5583 --- /dev/null +++ b/testing/btest/Baseline/istate.events-ssl/receiver.http.log @@ -0,0 +1,18 @@ +1301459542.533110 %events-rcv-1 start 141.42.64.125:56730 > 125.190.109.199:80 +1301459542.533110 %events-rcv-1 > USER-AGENT: Wget/1.10 +1301459542.533110 %events-rcv-1 > ACCEPT: */* +1301459542.533110 %events-rcv-1 > HOST: www.icir.org +1301459542.533110 %events-rcv-1 > CONNECTION: Keep-Alive +1301459542.717115 %events-rcv-1 < DATE: Fri, 07 Oct 2005 23:23:55 GMT +1301459542.717115 %events-rcv-1 < SERVER: Apache/1.3.33 (Unix) +1301459542.717115 %events-rcv-1 < LAST-MODIFIED: Fri, 07 Oct 2005 16:23:01 GMT +1301459542.717115 %events-rcv-1 < ETAG: "2c96c-23aa-4346a0e5" +1301459542.717115 %events-rcv-1 < ACCEPT-RANGES: bytes +1301459542.717115 %events-rcv-1 < CONTENT-LENGTH: 9130 +1301459542.717115 %events-rcv-1 < KEEP-ALIVE: timeout=15, max=100 +1301459542.717115 %events-rcv-1 < CONNECTION: Keep-Alive +1301459542.717115 %events-rcv-1 < CONTENT-TYPE: text/html +1301459542.901119 %events-rcv-1 <= 4096 bytes: "^J^J

^JPublications^J

^J
    ^J 125.190.109.199:80 +1301459542.463895 %events-send-1 > USER-AGENT: Wget/1.10 +1301459542.463895 %events-send-1 > ACCEPT: */* +1301459542.463895 %events-send-1 > HOST: www.icir.org +1301459542.463895 %events-send-1 > CONNECTION: Keep-Alive +1301459542.647935 %events-send-1 < DATE: Fri, 07 Oct 2005 23:23:55 GMT +1301459542.647935 %events-send-1 < SERVER: Apache/1.3.33 (Unix) +1301459542.647935 %events-send-1 < LAST-MODIFIED: Fri, 07 Oct 2005 16:23:01 GMT +1301459542.647935 %events-send-1 < ETAG: "2c96c-23aa-4346a0e5" +1301459542.647935 %events-send-1 < ACCEPT-RANGES: bytes +1301459542.647935 %events-send-1 < CONTENT-LENGTH: 9130 +1301459542.647935 %events-send-1 < KEEP-ALIVE: timeout=15, max=100 +1301459542.647935 %events-send-1 < CONNECTION: Keep-Alive +1301459542.647935 %events-send-1 < CONTENT-TYPE: text/html +1301459542.832424 %events-send-1 <= 4096 bytes: "^J^J

    ^JPublications^J

    ^J
      ^J, k=]: 3 +Set: 3 +String 'Hello': 5 +Subnet 192.168.0.0/24: 256.000000 +Table 2 +Vector [Hello, , , , World]: 5 diff --git a/testing/btest/Baseline/language.smith-waterman-test/output b/testing/btest/Baseline/language.smith-waterman-test/output new file mode 100644 index 0000000000..b0d0d33526 --- /dev/null +++ b/testing/btest/Baseline/language.smith-waterman-test/output @@ -0,0 +1,32 @@ +abcdefgh - ijklmnop: +AAAabcefghij - lmnopAAAqrst: +tok 1: AAA (0/5, T) +abcAAAefghij - lmnopAAAqrst: +tok 1: AAA (3/5, T) +abcefghijAAA - lmnopAAAqrst: +tok 1: AAA (9/5, T) +xxxAAAyyy - AAAaAAAbAAA: +tok 1: AAA (3/0, T) +tok 2: AAA (3/4, T) +tok 3: AAA (3/8, T) +AAAaAAAbAAA - xxxAAAyyy: +tok 1: AAA (0/3, T) +tok 2: AAA (4/3, T) +tok 3: AAA (8/3, T) +xxCDyABzCDyABzz - ABCD: +tok 1: CD (2/2, T) +tok 2: AB (5/0, T) +tok 3: CD (8/2, F) +tok 4: AB (11/0, T) +ABCD - xxCDyABzCDyABzz: +tok 1: CD (2/2, T) +tok 2: AB (0/5, T) +tok 3: CD (2/8, F) +tok 4: AB (0/11, T) +Cache-control: no-cache^M^JAccept: - Accept-: deflate^M^JAccept-: Accept-: +tok 1: Accept (27/0, T) +tok 2: e^M^JAccept (22/15, T) +tok 3: Accept (27/29, T) +xxAAxxAAxx - yyyyyAAyyyyy: +tok 1: AA (2/5, T) +tok 2: AA (6/5, T) diff --git a/testing/btest/Baseline/language.strings/output b/testing/btest/Baseline/language.strings/output new file mode 100644 index 0000000000..525ce64916 --- /dev/null +++ b/testing/btest/Baseline/language.strings/output @@ -0,0 +1,25 @@ +Input string: broisaveryneatids + +String splitting +---------------- +Splitting 'broisaveryneatids' at 6 points... +bro +is +a +very +neat +ids + +Substrings +---------- +3@0: bro +5@2: roisa +7@4: isavery +10@10: yneatids + +Finding strings +--------------- +isa: 4 +very: 7 +ids: 15 +nono: 0 diff --git a/testing/btest/Baseline/language.wrong-delete-field/output b/testing/btest/Baseline/language.wrong-delete-field/output index c51fb6a37e..8d965362f1 100644 --- a/testing/btest/Baseline/language.wrong-delete-field/output +++ b/testing/btest/Baseline/language.wrong-delete-field/output @@ -1 +1 @@ -/da/home/robin/bro/master/testing/btest/.tmp/language.wrong-delete-field/wrong-delete-field.bro, line 11 (delete x$a): error, illegal delete statement +/da/home/robin/bro/master/testing/btest/.tmp/language.wrong-delete-field/wrong-delete-field.bro, line 10 (delete x$a): error, illegal delete statement diff --git a/testing/btest/Baseline/logging.ascii-binary/ssh.log b/testing/btest/Baseline/logging.ascii-binary/ssh.log new file mode 100644 index 0000000000..84a2cc609e Binary files /dev/null and b/testing/btest/Baseline/logging.ascii-binary/ssh.log differ diff --git a/testing/btest/Baseline/logging.ascii-escape/ssh.log b/testing/btest/Baseline/logging.ascii-escape/ssh.log index 6797e1e302..aa08625281 100644 Binary files a/testing/btest/Baseline/logging.ascii-escape/ssh.log and b/testing/btest/Baseline/logging.ascii-escape/ssh.log differ diff --git a/testing/btest/Baseline/logging.rotate-custom/out b/testing/btest/Baseline/logging.rotate-custom/out index f0d9185aa3..c87445cff5 100644 --- a/testing/btest/Baseline/logging.rotate-custom/out +++ b/testing/btest/Baseline/logging.rotate-custom/out @@ -28,107 +28,56 @@ 2nd test2-11-03-07_12.00.05.log test2.log 11-03-07_12.00.05 11-03-07_12.59.55 0 1st test-11-03-07_12.00.05.log test.log 11-03-07_12.00.05 11-03-07_12.59.55 1 2nd test2-11-03-07_12.59.55.log test2.log 11-03-07_12.59.55 11-03-07_12.59.55 1 +# t id.orig_h id.orig_p id.resp_h id.resp_p +1299466805.0 10.0.0.1 20 10.0.0.2 1024 +1299470395.0 10.0.0.2 20 10.0.0.3 0 +1299470405.0 10.0.0.1 20 10.0.0.2 1025 +1299473995.0 10.0.0.2 20 10.0.0.3 1 +1299474005.0 10.0.0.1 20 10.0.0.2 1026 +1299477595.0 10.0.0.2 20 10.0.0.3 2 +1299477605.0 10.0.0.1 20 10.0.0.2 1027 +1299481195.0 10.0.0.2 20 10.0.0.3 3 +1299481205.0 10.0.0.1 20 10.0.0.2 1028 +1299484795.0 10.0.0.2 20 10.0.0.3 4 +1299484805.0 10.0.0.1 20 10.0.0.2 1029 +1299488395.0 10.0.0.2 20 10.0.0.3 5 +1299488405.0 10.0.0.1 20 10.0.0.2 1030 +1299491995.0 10.0.0.2 20 10.0.0.3 6 +1299492005.0 10.0.0.1 20 10.0.0.2 1031 +1299495595.0 10.0.0.2 20 10.0.0.3 7 +1299495605.0 10.0.0.1 20 10.0.0.2 1032 +1299499195.0 10.0.0.2 20 10.0.0.3 8 +1299499205.0 10.0.0.1 20 10.0.0.2 1033 +1299502795.0 10.0.0.2 20 10.0.0.3 9 > test-11-03-07_03.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299466805.0 10.0.0.1 20 10.0.0.2 1024 -1299470395.0 10.0.0.2 20 10.0.0.3 0 > test-11-03-07_04.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299470405.0 10.0.0.1 20 10.0.0.2 1025 -1299473995.0 10.0.0.2 20 10.0.0.3 1 > test-11-03-07_05.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299474005.0 10.0.0.1 20 10.0.0.2 1026 -1299477595.0 10.0.0.2 20 10.0.0.3 2 > test-11-03-07_06.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299477605.0 10.0.0.1 20 10.0.0.2 1027 -1299481195.0 10.0.0.2 20 10.0.0.3 3 > test-11-03-07_07.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299481205.0 10.0.0.1 20 10.0.0.2 1028 -1299484795.0 10.0.0.2 20 10.0.0.3 4 > test-11-03-07_08.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299484805.0 10.0.0.1 20 10.0.0.2 1029 -1299488395.0 10.0.0.2 20 10.0.0.3 5 > test-11-03-07_09.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299488405.0 10.0.0.1 20 10.0.0.2 1030 -1299491995.0 10.0.0.2 20 10.0.0.3 6 > test-11-03-07_10.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299492005.0 10.0.0.1 20 10.0.0.2 1031 -1299495595.0 10.0.0.2 20 10.0.0.3 7 > test-11-03-07_11.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299495605.0 10.0.0.1 20 10.0.0.2 1032 -1299499195.0 10.0.0.2 20 10.0.0.3 8 > test-11-03-07_12.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299499205.0 10.0.0.1 20 10.0.0.2 1033 -1299502795.0 10.0.0.2 20 10.0.0.3 9 -> test2-11-03-07_03.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299466805.0 10.0.0.1 20 10.0.0.2 1024 -> test2-11-03-07_03.59.55.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299470395.0 10.0.0.2 20 10.0.0.3 0 -> test2-11-03-07_04.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299470405.0 10.0.0.1 20 10.0.0.2 1025 -> test2-11-03-07_04.59.55.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299473995.0 10.0.0.2 20 10.0.0.3 1 -> test2-11-03-07_05.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299474005.0 10.0.0.1 20 10.0.0.2 1026 -> test2-11-03-07_05.59.55.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299477595.0 10.0.0.2 20 10.0.0.3 2 -> test2-11-03-07_06.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299477605.0 10.0.0.1 20 10.0.0.2 1027 -> test2-11-03-07_06.59.55.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299481195.0 10.0.0.2 20 10.0.0.3 3 -> test2-11-03-07_07.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299481205.0 10.0.0.1 20 10.0.0.2 1028 -> test2-11-03-07_07.59.55.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299484795.0 10.0.0.2 20 10.0.0.3 4 -> test2-11-03-07_08.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299484805.0 10.0.0.1 20 10.0.0.2 1029 -> test2-11-03-07_08.59.55.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299488395.0 10.0.0.2 20 10.0.0.3 5 -> test2-11-03-07_09.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299488405.0 10.0.0.1 20 10.0.0.2 1030 -> test2-11-03-07_09.59.55.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299491995.0 10.0.0.2 20 10.0.0.3 6 -> test2-11-03-07_10.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299492005.0 10.0.0.1 20 10.0.0.2 1031 -> test2-11-03-07_10.59.55.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299495595.0 10.0.0.2 20 10.0.0.3 7 -> test2-11-03-07_11.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299495605.0 10.0.0.1 20 10.0.0.2 1032 -> test2-11-03-07_11.59.55.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299499195.0 10.0.0.2 20 10.0.0.3 8 -> test2-11-03-07_12.00.05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299499205.0 10.0.0.1 20 10.0.0.2 1033 -> test2-11-03-07_12.59.55.log -# t id.orig_h id.orig_p id.resp_h id.resp_p -1299502795.0 10.0.0.2 20 10.0.0.3 9 -> test2.log -# t id.orig_h id.orig_p id.resp_h id.resp_p > test.log -# t id.orig_h id.orig_p id.resp_h id.resp_p +> test2-11-03-07_03.00.05.log +> test2-11-03-07_03.59.55.log +> test2-11-03-07_04.00.05.log +> test2-11-03-07_04.59.55.log +> test2-11-03-07_05.00.05.log +> test2-11-03-07_05.59.55.log +> test2-11-03-07_06.00.05.log +> test2-11-03-07_06.59.55.log +> test2-11-03-07_07.00.05.log +> test2-11-03-07_07.59.55.log +> test2-11-03-07_08.00.05.log +> test2-11-03-07_08.59.55.log +> test2-11-03-07_09.00.05.log +> test2-11-03-07_09.59.55.log +> test2-11-03-07_10.00.05.log +> test2-11-03-07_10.59.55.log +> test2-11-03-07_11.00.05.log +> test2-11-03-07_11.59.55.log +> test2-11-03-07_12.00.05.log +> test2-11-03-07_12.59.55.log +> test2.log diff --git a/testing/btest/Baseline/logging.unset-record/testing.log b/testing/btest/Baseline/logging.unset-record/testing.log new file mode 100644 index 0000000000..34f20a588b --- /dev/null +++ b/testing/btest/Baseline/logging.unset-record/testing.log @@ -0,0 +1,3 @@ +# a.val1 a.val2 b +- - 6 +1 2 3 diff --git a/testing/btest/Makefile b/testing/btest/Makefile new file mode 100644 index 0000000000..ed042722b8 --- /dev/null +++ b/testing/btest/Makefile @@ -0,0 +1,14 @@ + +all: + # Showing all tests. + @btest + +brief: + # Brief output showing only failed tests. + @btest -b + +brief-debug: + # Verbose output for failed tests, also recorded in test.log. + @rm -f test.log + @btest -b -d -f test.log + @echo Output in test.log diff --git a/testing/btest/Scripts/diff-remove-abspath b/testing/btest/Scripts/diff-remove-abspath new file mode 100755 index 0000000000..361ad3fa6d --- /dev/null +++ b/testing/btest/Scripts/diff-remove-abspath @@ -0,0 +1,5 @@ +#! /usr/bin/env bash +# +# Replace absolute paths with the basename. + +sed 's#/\([^/]\{1,\}/\)\{1,\}\([^/]\{1,\}\)#<...>/\2#g' diff --git a/testing/btest/bifs/unique_id-rnd.bro b/testing/btest/bifs/unique_id-rnd.bro new file mode 100644 index 0000000000..1b24c662e2 --- /dev/null +++ b/testing/btest/bifs/unique_id-rnd.bro @@ -0,0 +1,9 @@ +# +# @TEST-EXEC: BRO_SEED_FILE= bro %INPUT 2>/dev/null >out +# @TEST-EXEC: BRO_SEED_FILE= bro %INPUT 2>/dev/null >>out +# @TEST-EXEC: cat out | sort | uniq | wc -l | sed 's/ //g' >count +# @TEST-EXEC: btest-diff count + +print unique_id("A-"); +print unique_id("B-"); +print unique_id("C-"); diff --git a/testing/btest/bifs/unique_id.bro b/testing/btest/bifs/unique_id.bro new file mode 100644 index 0000000000..d421803aa0 --- /dev/null +++ b/testing/btest/bifs/unique_id.bro @@ -0,0 +1,7 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +print unique_id("A-"); +print unique_id("B-"); +print unique_id("C-"); diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg index cd81e70716..159e5a19e2 100644 --- a/testing/btest/btest.cfg +++ b/testing/btest/btest.cfg @@ -9,7 +9,7 @@ IgnoreFiles = *.tmp *.swp #* *.trace BROPATH=`bash -c %(testbase)s/../../build/bro-path-dev` BRO_SEED_FILE=%(testbase)s/random.seed TZ=UTC -LOCALE=C +LC_ALL=C PATH=%(testbase)s/../../build/src:%(testbase)s/../../aux/btest:%(default_path)s TEST_DIFF_CANONIFIER=%(testbase)s/Scripts/diff-canonifier TRACES=%(testbase)s/Traces diff --git a/testing/btest/core/conn-id.bro b/testing/btest/core/conn-id.bro index 97bb064c31..51711559d9 100644 --- a/testing/btest/core/conn-id.bro +++ b/testing/btest/core/conn-id.bro @@ -1,13 +1,13 @@ # # In "normal" test mode, connection uids should be determistic. # -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT tcp >output +# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT conn >output # @TEST-EXEC: btest-diff output # # Without a seed, they should differ each time: # # @TEST-EXEC: unset BRO_SEED_FILE && bro -C -r $TRACES/wikipedia.trace %INPUT tcp >output2 -# @TEST-EXEC: cat output output2 | sort | uniq -c | wc -l >counts +# @TEST-EXEC: cat output output2 | sort | uniq -c | wc -l | sed 's/ //g' >counts # @TEST-EXEC: btest-diff counts # # Make sure it works without the connection compressor as well. diff --git a/testing/btest/core/load-pkg.bro b/testing/btest/core/load-pkg.bro new file mode 100644 index 0000000000..c7aa27fd86 --- /dev/null +++ b/testing/btest/core/load-pkg.bro @@ -0,0 +1,7 @@ +# @TEST-EXEC: mkdir foo +# @TEST-EXEC: echo "@load foo/test.bro" >foo/__load__.bro +# @TEST-EXEC: cp %INPUT foo/test.bro +# @TEST-EXEC: bro -l foo >output 2>&1 +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output + +print "Foo loaded"; diff --git a/testing/btest/core/print-bpf-filters.bro b/testing/btest/core/print-bpf-filters-ipv4.bro similarity index 84% rename from testing/btest/core/print-bpf-filters.bro rename to testing/btest/core/print-bpf-filters-ipv4.bro index 274eed2961..5848972166 100644 --- a/testing/btest/core/print-bpf-filters.bro +++ b/testing/btest/core/print-bpf-filters-ipv4.bro @@ -1,3 +1,5 @@ +# @TEST-REQUIRES: bro -e 'print bro_has_ipv6()' | grep -q F +# # @TEST-EXEC: bro print-filter >output 2>&1 # @TEST-EXEC: bro tcp print-filter >>output # @TEST-EXEC: bro tcp print-filter all_packets=F >>output diff --git a/testing/btest/core/print-bpf-filters-ipv6.bro b/testing/btest/core/print-bpf-filters-ipv6.bro new file mode 100644 index 0000000000..98bbc2db33 --- /dev/null +++ b/testing/btest/core/print-bpf-filters-ipv6.bro @@ -0,0 +1,9 @@ +# @TEST-REQUIRES: bro -e 'print bro_has_ipv6()' | grep -q T +# +# @TEST-EXEC: bro print-filter >output 2>&1 +# @TEST-EXEC: bro tcp print-filter >>output +# @TEST-EXEC: bro tcp print-filter all_packets=F >>output +# @TEST-EXEC: bro -f "port 42" print-filter >>output +# @TEST-EXEC: bro -C -f "port 50343" -r $TRACES/mixed-vlan-mpls.trace tcp +# @TEST-EXEC: btest-diff output +# @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/doc/autogen-reST-record-add.bro b/testing/btest/doc/record-add.bro similarity index 70% rename from testing/btest/doc/autogen-reST-record-add.bro rename to testing/btest/doc/record-add.bro index 4ad33e68ae..a326314093 100644 --- a/testing/btest/doc/autogen-reST-record-add.bro +++ b/testing/btest/doc/record-add.bro @@ -1,12 +1,11 @@ # @TEST-EXEC: bro --doc-scripts %INPUT -# @TEST-EXEC: btest-diff autogen-reST-record-add.rst # When in doc mode, bro will clone declared types (see add_type() in Var.cc) # in order to keep track of the identifier name associated with the new type. # This test makes sure that the cloning is done in a way that's compatible # with adding fields to a record type -- we want to be sure that cloning -# a record that contains other record fields will correctly see field -# additions to those contained-records. +# a type that contains record types will correctly see field additions to +# those contained-records. type my_record: record { field1: bool; @@ -16,17 +15,22 @@ type my_record: record { type super_record: record { rec: my_record; }; +type my_table: table[count] of my_record; +type my_vector: vector of my_record; redef record my_record += { field3: count &optional; }; global a: my_record; - global b: super_record; +global c: my_table; +global d: my_vector; function test_func() -{ + { a?$field3; b$rec?$field3; -} + c[0]$field3; + d[0]$field3; + } diff --git a/testing/btest/doc/record-attr-check.bro b/testing/btest/doc/record-attr-check.bro new file mode 100644 index 0000000000..33ada44bfd --- /dev/null +++ b/testing/btest/doc/record-attr-check.bro @@ -0,0 +1,9 @@ +# @TEST-EXEC: bro --doc-scripts %INPUT + +type Tag: enum { + SOMETHING +}; + +type R: record { + field1: set[Tag] &default=set(); +}; diff --git a/testing/btest/istate/events-ssl.bro b/testing/btest/istate/events-ssl.bro index de5709854c..2ea15af8c9 100644 --- a/testing/btest/istate/events-ssl.bro +++ b/testing/btest/istate/events-ssl.bro @@ -73,55 +73,52 @@ event remote_connection_closed(p: event_peer) @TEST-START-FILE bro.pem -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDzkuad+VHAhymnpRqkcBTU6Z3OsgUNLnsqpaxPO1LdTuxiDY9N -GuQJkFDMB/Dxu7slNepseRNu4yDDWVjcdL1TsPdSnNlnbFO3GBt0jQbYjEGLKhkt -4dUFwjBAUfEVlklYtSWuzNAz+yVUIIyDOdpCXjj4DcuBSNh4ixA+fqmQ0QIDAQAB -AoGAJWdZosi2lSosa2IfRUEw8cEuSp9rxypsH5BxdXlWsEV+Z1BNwTlv60gOIEbX -6Uc65evxo9az9UNLtLPzwWbr67F90wyPXTpG7oE2eaKqbaOFuZ4/0rc8pASSZHcO -bIVQOJbUMF+Zc3YnsNx6Ca682zQMRJrgh0745AutRkSARAECQQD9VmTAvzCqwDKG -ylWmpTTTzN+ecqDMcZh9JmUZ8W/f3m4/i2wtwfrBTNn8ovATtCs5EWVG493tgXNM -Ezgkmf65AkEA9iI89a6Ep2w5EPyYxBcm0ztbRC+vF3CSRoDgRPLwgS8kEsjhqPsE -U5wQNyvCIyIssWC9VGiZmgMaSyom3cLW2QJAHR6KFDGluWrAJAgr0izZJqM87OyG -GRnRikkYg+PhlRzvFTTEaXoLhZ58y/I6oDksYrHiL0TP5JXll8/5uxNMWQJBAJ2M -oPSqNyNr9MNYzPiH0URYtDzbQPqCBj+28tdvol8uq6qSh0/BDa3vMbn++o++qlkI -EWjcY6Xf4o7GdoZw11ECQQCyfgT2EY5HhzieGpA3MzrhATVnJlIuj8cvxFKjBriv -OCc4cxVTrCW9FPxDOuLLgh7kxalvnkuKjjCmDeTGz5Fc +MIICXgIBAAKBgQD17FE8UVaO224Y8UL2bH1okCYxr5dVytTQ93uE5J9caGADzPZe +qYPuvtPt9ivhBtf2L9odK7unQU60v6RsO3bb9bQktQbEdh0FEjnso2UHe/nLreYn +VyLCEp9Sh1OFQnMhJNYuzNwVzWOqH/TYNy3ODueZTS4YBsRyEkpEfgeoaQIDAQAB +AoGAJ/S1Xi94+Mz+Hl9UmeUWmx6QlhIJbI7/9NPA5d6fZcwvjW6HuOmh3fBzTn5o +sq8B96Xesk6gtpQNzaA1fsBKlzDSpGRDVg2odN9vIT3jd0Dub2F47JHdFCqtMUIV +rCsO+fpGtavv1zJ/rzlJz7rx4cRP+/Gwd5YlH0q5cFuHhAECQQD9q328Ye4A7o2e +cLOhzuWUZszqdIY7ZTgDtk06F57VrjLVERrZjrtAwbs77m+ybw4pDKKU7H5inhQQ +03PU40ARAkEA+C6cCM6E4hRwuR+QyIqpNC4CzgPaKlF+VONZLYYvHEwFvx2/EPtX +zOZdE4HdJwnXBYx7+AGFeq8uHhrN2Tq62QJBAMory2JAinejqKsGF6R2SPMlm1ug +0vqziRksShBqkuSqmUjHASczYnoR7S+usMb9S8PblhgrA++FHWjrnf2lwIECQQCj ++/AfpY2J8GWW/HNm/q/UiX5S75qskZI+tsXK3bmtIdI+OIJxzxFxktj3NbyRud+4 +i92xvhebO7rmK2HOYg7pAkEA2wrwY1E237twoYXuUInv9F9kShKLQs19nup/dfmF +xfoVqYjJwidzPfgngowJZij7SoTaIBKv/fKp5Tq6xW3AEg== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIICPTCCASWgAwIBAgIBATANBgkqhkiG9w0BAQUFADArMSkwJwYDVQQDEyBCcm8g -Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAyMDgwNDIxMjhaFw0x -MzAyMDcwNDIxMjhaMA4xDDAKBgNVBAMTA0JybzCBnzANBgkqhkiG9w0BAQEFAAOB -jQAwgYkCgYEA85LmnflRwIcpp6UapHAU1OmdzrIFDS57KqWsTztS3U7sYg2PTRrk -CZBQzAfw8bu7JTXqbHkTbuMgw1lY3HS9U7D3UpzZZ2xTtxgbdI0G2IxBiyoZLeHV -BcIwQFHxFZZJWLUlrszQM/slVCCMgznaQl44+A3LgUjYeIsQPn6pkNECAwEAAaMN -MAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAnG+PiWgxp7cOBkgKgnxz -JFK7J9f9fXn9vCOkzq//AitwP0A+SrBmccMtqOjjSLu7RCbmBQ9pbMwYPB4/py5f -d8SfO1ngI8cY5uXCFUylNCWJ5P+uHBNwure7hRrQwswL7+8Elour8CnVfr2Ve/qO -h2JL1fmoFcQ8KCKrNe01DsMCRq5jZ5AZI84ASiqNmzm4PwbSWiYLqZU+cemzW0xt -tYMDlN4loJTQJX7o/6izOGWY0IEggoibI80T4dIGnnZqnhpMbASTtSyN6fTNMIWQ -UQXfNM59GN1Q54UZ0HgXAgxb9jncF95rqPt9yHOUv5OUzLCdRsUWn4cEg9/rsHiu -ZA== +MIICZDCCAc2gAwIBAgIJAKoxR9yFGsk8MA0GCSqGSIb3DQEBBQUAMCsxKTAnBgNV +BAMTIEJybyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTExMDYxNTIx +MjgxNVoYDzIxMTEwNTIyMjEyODE1WjArMSkwJwYDVQQDEyBCcm8gUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +9exRPFFWjttuGPFC9mx9aJAmMa+XVcrU0Pd7hOSfXGhgA8z2XqmD7r7T7fYr4QbX +9i/aHSu7p0FOtL+kbDt22/W0JLUGxHYdBRI57KNlB3v5y63mJ1ciwhKfUodThUJz +ISTWLszcFc1jqh/02Dctzg7nmU0uGAbEchJKRH4HqGkCAwEAAaOBjTCBijAdBgNV +HQ4EFgQU2vIsKYuGhHP8c7GeJLfWAjbKCFgwWwYDVR0jBFQwUoAU2vIsKYuGhHP8 +c7GeJLfWAjbKCFihL6QtMCsxKTAnBgNVBAMTIEJybyBSb290IENlcnRpZmljYXRp +b24gQXV0aG9yaXR5ggkAqjFH3IUayTwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B +AQUFAAOBgQAF2oceL61dA7WxA9lxcxsA/Fccr7+J6sO+pLXoZtx5tpknEuIUebkm +UfMGAiyYIenHi8u0Sia8KrIfuCDc2dG3DYmfX7/faCEbtSx8KtNQFIs3aXr1zhsw +3sX9fLS0gp/qHoPMuhbhlvTlMFSE/Mih3KDsZEGcifzI6ooLF0YP5A== -----END CERTIFICATE----- @TEST-END-FILE @TEST-START-FILE ca_cert.pem -----BEGIN CERTIFICATE----- -MIIC6TCCAdGgAwIBAgIJAKb0Por6917kMA0GCSqGSIb3DQEBBQUAMCsxKTAnBgNV -BAMTIEJybyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTExMDIwODA0 -MTMyM1oXDTExMDMxMDA0MTMyM1owKzEpMCcGA1UEAxMgQnJvIFJvb3QgQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQDfGHPVBuKZa3Dp/V/ntkaNvHrgK/XH02mn5mLnt7eaeCEQKClL1bvQ/iGUrMEi -CfQBe1zk6B8LnHgwkbOeAO2Kv7+K9rzn25nidAg/GU5o0gxfyqP1Sipfkr+/UrCH -3fLnjSzZIwT5ypkXZS9UNgRzK/Xk+yAJs6tB5lU+wJofPJdmiH/Ros4ZZ5P/mNf3 -MhoM4Z5i3R3uEDtMCk5IT1zfXGq3FVOMA7jVYakrBccCbWhtyHdQH0i6U9wkfVEj -o6l6PBPJxhWq0ySVnGdd+i4RCiwRBfeizl2gq0UlZ7/pXjJUZZICqYNPyZdntfMy -2LUwvKA0y1RSpUrB4ZCkciZ7AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQEFBQADggEBAIDoYd7ZQpLhm7ajvhqkYdrisxQfoQoCVt+oYm5jaLvzc/1V -7sxeIatwk3kaowPcxUHHX7JfEPsf4xMGBCFp4Ce/vLXeeA2HBhBVww5sMKoAAtH6 -Y2sTNt2uTE/JUxQl6N+mqmv4y+g1X7uq2N/Eg8zYbgXF6En5L3XuEBdZbSf/AgBg -d3m6m/N/dHLozZSjfwIQo0eygGEPW+kP7QFkve2L8g4l3k72mcAlCStlfcWDzKrh -qPrFFujvGMD7MNUSuNbYtGVngDuYOYeHTEggq/kUDS1srMwmv/vQjxQfS9oeU4bG -4sfSOkNotN+rwX7WQkVUq4IUOJ0q9fEPTosmsbc= +MIICZDCCAc2gAwIBAgIJAKoxR9yFGsk8MA0GCSqGSIb3DQEBBQUAMCsxKTAnBgNV +BAMTIEJybyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTExMDYxNTIx +MjgxNVoYDzIxMTEwNTIyMjEyODE1WjArMSkwJwYDVQQDEyBCcm8gUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +9exRPFFWjttuGPFC9mx9aJAmMa+XVcrU0Pd7hOSfXGhgA8z2XqmD7r7T7fYr4QbX +9i/aHSu7p0FOtL+kbDt22/W0JLUGxHYdBRI57KNlB3v5y63mJ1ciwhKfUodThUJz +ISTWLszcFc1jqh/02Dctzg7nmU0uGAbEchJKRH4HqGkCAwEAAaOBjTCBijAdBgNV +HQ4EFgQU2vIsKYuGhHP8c7GeJLfWAjbKCFgwWwYDVR0jBFQwUoAU2vIsKYuGhHP8 +c7GeJLfWAjbKCFihL6QtMCsxKTAnBgNVBAMTIEJybyBSb290IENlcnRpZmljYXRp +b24gQXV0aG9yaXR5ggkAqjFH3IUayTwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B +AQUFAAOBgQAF2oceL61dA7WxA9lxcxsA/Fccr7+J6sO+pLXoZtx5tpknEuIUebkm +UfMGAiyYIenHi8u0Sia8KrIfuCDc2dG3DYmfX7/faCEbtSx8KtNQFIs3aXr1zhsw +3sX9fLS0gp/qHoPMuhbhlvTlMFSE/Mih3KDsZEGcifzI6ooLF0YP5A== -----END CERTIFICATE----- @TEST-END-FILE diff --git a/testing/btest/language/cross-product-init.bro b/testing/btest/language/cross-product-init.bro new file mode 100644 index 0000000000..c12f9eb0bd --- /dev/null +++ b/testing/btest/language/cross-product-init.bro @@ -0,0 +1,10 @@ +# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: btest-diff output + +global my_subs = { 1.2.3.4/19, 5.6.7.8/21 }; + +global x: set[string, subnet] &redef; + +redef x += { [["foo", "bar"], my_subs] }; + +print x; diff --git a/testing/btest/language/delete-field-set.bro b/testing/btest/language/delete-field-set.bro index 9469dbb2f0..ad7cf6e9fb 100644 --- a/testing/btest/language/delete-field-set.bro +++ b/testing/btest/language/delete-field-set.bro @@ -1,4 +1,3 @@ - # @TEST-EXEC: bro %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/language/delete-field.bro b/testing/btest/language/delete-field.bro index 0aad10d55f..477466b76a 100644 --- a/testing/btest/language/delete-field.bro +++ b/testing/btest/language/delete-field.bro @@ -1,4 +1,3 @@ - # @TEST-EXEC: bro %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/language/enum-scope.bro b/testing/btest/language/enum-scope.bro new file mode 100644 index 0000000000..c8667bfada --- /dev/null +++ b/testing/btest/language/enum-scope.bro @@ -0,0 +1,10 @@ +# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: btest-diff output + +type foo: enum { a, b } &redef; + +module test; + +redef enum foo += { c }; + +print c; diff --git a/testing/btest/language/match-test.bro b/testing/btest/language/match-test.bro new file mode 100644 index 0000000000..9352d0f39f --- /dev/null +++ b/testing/btest/language/match-test.bro @@ -0,0 +1,20 @@ +# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: btest-diff output + +global match_stuff = { + [$pred(a: count) = { return a > 5; }, + $result = "it's big", + $priority = 2], + + [$pred(a: count) = { return a > 15; }, + $result = "it's really big", + $priority = 3], + + [$pred(a: count) = { return T; }, + $result = "default", + $priority = 0], +}; + +print match 0 using match_stuff; +print match 10 using match_stuff; +print match 20 using match_stuff; diff --git a/testing/btest/language/match-test2.bro b/testing/btest/language/match-test2.bro new file mode 100644 index 0000000000..f1c120adf2 --- /dev/null +++ b/testing/btest/language/match-test2.bro @@ -0,0 +1,51 @@ +# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: btest-diff output + +type fakealert : record { + alert: string; +}; + + +type match_rec : record { + result : count; + pred : function(rec : fakealert) : bool; + priority: count; +}; + + +#global test_set : set[int] = +#{ +#1, 2, 3 +#}; + +global match_set : set[match_rec] = +{ + [$result = 1, $pred(a: fakealert) = { return T; }, $priority = 8 ], + [$result = 2, $pred(a: fakealert) = { return T; }, $priority = 9 ] +}; + +global al : fakealert; + +#global testset : set[fakealert] = +#{ +# [$alert="hithere"] +#}; + + +type nonalert: record { + alert : string; + pred : function(a : int) : int; +}; + +#global na : nonalert; +#na$alert = "5"; + +#al$alert = "hithere2"; +#if (al in testset) +# print 1; +#else +# print 0; + + +al$alert = "hi"; +print (match al using match_set); diff --git a/testing/btest/language/next-test.bro b/testing/btest/language/next-test.bro new file mode 100644 index 0000000000..7e9626a62c --- /dev/null +++ b/testing/btest/language/next-test.bro @@ -0,0 +1,36 @@ +# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: btest-diff output + +# This script tests "next" being called during the last iteration of a +# for loop + +event bro_done() + { + + local number_set: set[count]; + local i: count; + + add number_set[0]; + add number_set[1]; + + + for ( i in number_set ) + { + print fmt ("%d", i); + if ( i == 0 ) + next; + print fmt ("%d", i); + } + print fmt ("MIDDLE"); + + + for ( i in number_set ) + { + print fmt ("%d", i); + if ( i == 1 ) + next; + print fmt ("%d", i); + } + print fmt ("THE END"); + + } diff --git a/testing/btest/language/rare-events.bro b/testing/btest/language/rare-events.bro new file mode 100644 index 0000000000..ae7674d406 --- /dev/null +++ b/testing/btest/language/rare-events.bro @@ -0,0 +1,37 @@ +# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: btest-diff output + +# This is a test script whose job is to generate rarely-seen events +# (i.e., events that test traces might not include) to ensure that they're +# handled properly. + +# This is needed or else the output fails on the warning that +# Drop::restore_dropped_address is never defined. +redef check_for_unused_event_handlers = F; + +@load netstats + +function test_net_stats_update() + { + local t = current_time(); + + local s: net_stats; + s$pkts_recvd = 1234; + s$pkts_dropped = 123; + s$pkts_link = 9999; + + event net_stats_update(t, s); + + local s2: net_stats; + s2$pkts_recvd = 2341; + s2$pkts_dropped = 125; + s2$pkts_link = 19999; + + event net_stats_update(t + 33 sec, s2); + } + +event bro_init() + { + test_net_stats_update(); + } + diff --git a/testing/btest/language/rec-comp-init.bro b/testing/btest/language/rec-comp-init.bro new file mode 100644 index 0000000000..598c0cf3bd --- /dev/null +++ b/testing/btest/language/rec-comp-init.bro @@ -0,0 +1,14 @@ +# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: btest-diff output + +# Make sure composit types in records are initialized. + +type Foo: record { + a: set[count]; + b: table[count] of string; + c: vector of string; +}; + +global f: Foo; + +print f; diff --git a/testing/btest/language/rec-nested-opt.bro b/testing/btest/language/rec-nested-opt.bro index eb7375541b..ab1a64dffd 100644 --- a/testing/btest/language/rec-nested-opt.bro +++ b/testing/btest/language/rec-nested-opt.bro @@ -1,4 +1,3 @@ - # @TEST-EXEC: bro %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/language/rec-of-tbl.bro b/testing/btest/language/rec-of-tbl.bro new file mode 100644 index 0000000000..59d770bb30 --- /dev/null +++ b/testing/btest/language/rec-of-tbl.bro @@ -0,0 +1,16 @@ +# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: btest-diff output + +type x: record { + a: table[int] of count; +}; + +global y: x; + +global yy: table[int] of count; + +y$a = yy; + +y$a[+5] = 3; + +print y; diff --git a/testing/btest/language/rec-table-default.bro b/testing/btest/language/rec-table-default.bro index 1473933e6a..ee4a0e25ee 100644 --- a/testing/btest/language/rec-table-default.bro +++ b/testing/btest/language/rec-table-default.bro @@ -1,4 +1,3 @@ - # @TEST-EXEC: bro %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/language/sizeof.bro b/testing/btest/language/sizeof.bro new file mode 100644 index 0000000000..7db78212ad --- /dev/null +++ b/testing/btest/language/sizeof.bro @@ -0,0 +1,119 @@ +# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: btest-diff output + +# Demo policy for the sizeof operator "|x|". +# ------------------------------------------ +# +# This script creates various types and values and shows the result of the +# sizeof operator on these values. +# +# For any types not covered in this script, the sizeof operator's semantics +# are not defined and its application returns a count of 0. At the moment +# the only type where this should happen is string patterns. + +type example_enum: enum { ENUM1, ENUM2, ENUM3 }; + +type example_record: record { + i: int &optional; + j: int &optional; + k: int &optional; +}; + +global a: addr = 1.2.3.4; +global b: bool = T; +global c: count = 10; +global d: double = -1.23; +global f: file = open_log_file("sizeof_demo"); +global i: int = -10; +global iv: interval = -5sec; +global n: net = 192.168.; +global p: port = 80/tcp; +global r: example_record [ $i = 10 ]; +global si: set[int]; +global s: string = "Hello"; +global sn: subnet = 192.168.0.0/24; +global t: table[string] of string; +global ti: time = current_time(); +global v: vector of string; + +# Additional initialization +# +print f, "12345678901234567890"; + +add si[1]; +add si[10]; +add si[100]; + +t["foo"] = "Hello"; +t["bar"] = "World"; + +v[0] = "Hello"; +v[4] = "World"; + +# Print out the sizes of the various vals: +#----------------------------------------- + +# Size of addr: returns integer representation for IPv4, 0 for IPv6. +print fmt("Address %s: %d", a, |a|); + +# Size of boolean: returns 1 or 0. +print fmt("Boolean %s: %d", b, |b|); + +# Size of count: identity. +print fmt("Count %s: %d", c, |c|); + +# Size of double: returns absolute value. +print fmt("Double %s: %f", d, |d|); + +# Size of enum: returns numeric value of enum constant. +print fmt("Enum %s: %d", ENUM3, |ENUM3|); + +# Size of file: returns current file size. +# Note that this is a double so that file sizes >> 4GB +# can be expressed. +print fmt("File %f", |f|); + +# Size of function: returns number of arguments. +print fmt("Function add_interface: %d", |add_interface|); + +# Size of integer: returns absolute value. +print fmt("Integer %s: %d", i, |i|); + +# Size of interval: returns double representation of the interval +print fmt("Interval %s: %f", iv, |iv|); + +# Size of net: returns size of class N network as a double +# (so that 2^32 can be expressed too). +print fmt("Net %s: %f", n, |n|); + +# Size of port: returns port number as a count. +print fmt("Port %s: %d", p, |p|); + +# Size of record: returns number of fields (assigned + unassigned) +print fmt("Record %s: %d", r, |r|); + +# Size of set: returns number of elements in set. +# Don't print the set, as its order depends on the seeding of the hash +# fnction, and it's not worth the trouble to normalize it. +print fmt("Set: %d", |si|); + +# Size of string: returns string length. +print fmt("String '%s': %d", s, |s|); + +# Size of subnet: returns size of net as a double +# (so that 2^32 can be expressed too). +print fmt("Subnet %s: %f", sn, |sn|); + +# Size of table: returns number of elements in table +print fmt("Table %d", |t|); + +# Size of time: returns double representation of the time +# print fmt("Time %s: %f", ti, |ti|); + +# Size of vector: returns largest assigned index. +# Note that this is not the number of assigned values. +# The following prints "5": +# +print fmt("Vector %s: %d", v, |v|); + +close(f); diff --git a/testing/btest/language/smith-waterman-test.bro b/testing/btest/language/smith-waterman-test.bro new file mode 100644 index 0000000000..50f5c1dae1 --- /dev/null +++ b/testing/btest/language/smith-waterman-test.bro @@ -0,0 +1,88 @@ +# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: btest-diff output + +global params: sw_params = [ $min_strlen = 2, $sw_variant = 0 ]; + +global min: vector of count; +global mode: vector of count; +global c: count = 0; + +# Alignment pairs: +global s1: string_vec; +global s2: string_vec; + +# Single alignment, no matches: +s1[++c] = "abcdefgh"; +s2[c] = "ijklmnop"; +min[c] = 2;; +mode[c] = 0; + +# Simple single match, beginning: +s1[++c] = "AAAabcefghij"; +s2[c] = "lmnopAAAqrst"; +min[c] = 2;; +mode[c] = 0; + +# Simple single match, middle: +s1[++c] = "abcAAAefghij"; +s2[c] = "lmnopAAAqrst"; +min[c] = 2;; +mode[c] = 0; + +# Simple single match, end: +s1[++c] = "abcefghijAAA"; +s2[c] = "lmnopAAAqrst"; +min[c] = 2;; +mode[c] = 0; + +# Repeated alignment: +s1[++c] = "xxxAAAyyy"; +s2[c] = "AAAaAAAbAAA"; +min[c] = 2;; +mode[c] = 1; + +# Repeated alignment, swapped input: +s1[++c] = "AAAaAAAbAAA"; +s2[c] = "xxxAAAyyy"; +min[c] = 2;; +mode[c] = 1; + +# Repeated alignment, split: +s1[++c] = "xxCDyABzCDyABzz"; +s2[c] = "ABCD"; +min[c] = 2;; +mode[c] = 1; + +# Repeated alignment, split, swapped: +s1[++c] = "ABCD"; +s2[c] = "xxCDyABzCDyABzz"; +min[c] = 2;; +mode[c] = 1; + +# Used to cause problems +s1[++c] = "Cache-control: no-cache^M^JAccept:"; +s2[c] = "Accept-: deflate^M^JAccept-: Accept-"; +min[c] = 6; +mode[c] = 1; + +# Repeated occurrences in shorter string +s1[++c] = "xxAAxxAAxx"; +s2[c] = "yyyyyAAyyyyy"; +min[c] = 2; +mode[c] = 1; + +for ( i in s1 ) + { + local ss: sw_substring_vec; + + params$min_strlen = min[i]; + params$sw_variant = mode[i]; + ss = str_smith_waterman(s1[i], s2[i], params); + + print fmt("%s - %s:", s1[i], s2[i]); + + for ( j in ss ) + print fmt("tok %d: %s (%d/%d, %s)", + j, ss[j]$str, ss[j]$aligns[1]$index, + ss[j]$aligns[2]$index, ss[j]$new); + } diff --git a/testing/btest/language/strings.bro b/testing/btest/language/strings.bro new file mode 100644 index 0000000000..8e9eef43bf --- /dev/null +++ b/testing/btest/language/strings.bro @@ -0,0 +1,48 @@ +# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: btest-diff output + +# Demo policy for string functions +# + +event bro_init() +{ + local s1: string = "broisaveryneatids"; + + print fmt("Input string: %s", s1); + print fmt(); + print fmt("String splitting"); + print fmt("----------------"); + + local idx1: index_vec; + + idx1[0] = 0; # We really need initializers for vectors ... + idx1[1] = 3; + idx1[2] = 5; + idx1[3] = 6; + idx1[4] = 10; + idx1[5] = 14; + + print fmt("Splitting '%s' at %d points...", s1, |idx1|); + local res_split: string_vec = str_split(s1, idx1); + + for ( i in res_split ) + print res_split[i]; + + print fmt(); + print fmt("Substrings"); + print fmt("----------"); + print fmt("3@0: %s", sub_bytes(s1, 0, 3)); + print fmt("5@2: %s", sub_bytes(s1, 2, 5)); + print fmt("7@4: %s", sub_bytes(s1, 4, 7)); + print fmt("10@10: %s", sub_bytes(s1, 10, 10)); + print fmt(); + + + print fmt("Finding strings"); + print fmt("---------------"); + print fmt("isa: %d", strstr(s1, "isa")); + print fmt("very: %d", strstr(s1, "very")); + print fmt("ids: %d", strstr(s1, "ids")); + print fmt("nono: %d", strstr(s1, "nono")); +} + diff --git a/testing/btest/language/wrong-delete-field.bro b/testing/btest/language/wrong-delete-field.bro index deffe379f4..e0d0093258 100644 --- a/testing/btest/language/wrong-delete-field.bro +++ b/testing/btest/language/wrong-delete-field.bro @@ -1,6 +1,5 @@ - # @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 -# @TEST-EXEC: btest-diff output +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { a: count; diff --git a/testing/btest/logging/ascii-binary.bro b/testing/btest/logging/ascii-binary.bro new file mode 100644 index 0000000000..6f095db0c7 --- /dev/null +++ b/testing/btest/logging/ascii-binary.bro @@ -0,0 +1,25 @@ +# +# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: btest-diff ssh.log + +module SSH; + +export { + redef enum Log::ID += { SSH }; + + type Log: record { + data: string; + data2: string; + } &log; +} + +redef LogAscii::separator = "|"; + +event bro_init() +{ + Log::create_stream(SSH, [$columns=Log]); + Log::write(SSH, [$data="abc\n\xffdef", $data2="DATA2"]); + Log::write(SSH, [$data="abc|\xffdef", $data2="DATA2"]); + Log::write(SSH, [$data="abc\xff|def", $data2="DATA2"]); +} + diff --git a/testing/btest/logging/rotate-custom.bro b/testing/btest/logging/rotate-custom.bro index 66e90de8c3..59ad1330cd 100644 --- a/testing/btest/logging/rotate-custom.bro +++ b/testing/btest/logging/rotate-custom.bro @@ -1,6 +1,6 @@ # # @TEST-EXEC: bro -r %DIR/rotation.trace %INPUT >out -# @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done >>out +# @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done | sort | uniq >>out # @TEST-EXEC: btest-diff out module Test; diff --git a/testing/btest/logging/unset-record.log b/testing/btest/logging/unset-record.log new file mode 100644 index 0000000000..e4c05aec0f --- /dev/null +++ b/testing/btest/logging/unset-record.log @@ -0,0 +1,28 @@ +# +# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: btest-diff testing.log + +redef enum Log::ID += { TESTING }; + +type Foo: record { + val1: count; + val2: count; +} &log; + +type Bar: record { + a: Foo &log &optional; + b: count &log; +}; + +event bro_init() +{ + Log::create_stream(TESTING, [$columns=Bar]); + + local x: Bar; + + x = [$b=6]; + Log::write(TESTING, x); + + x = [$a=[$val1=1,$val2=2], $b=3]; + Log::write(TESTING, x); +} diff --git a/testing/istate/README b/testing/istate/README deleted file mode 100644 index 78e855074f..0000000000 --- a/testing/istate/README +++ /dev/null @@ -1,11 +0,0 @@ -To run these tests, invoke: - - ./istate.py - -To see differences leading to test failures, invoke: - - ./istate.py -s - -Build a new test baseline using: - - ./istate.py -b diff --git a/testing/istate/base/bro-ping/remote.log b/testing/istate/base/bro-ping/remote.log deleted file mode 100644 index 4f86bd62d6..0000000000 --- a/testing/istate/base/bro-ping/remote.log +++ /dev/null @@ -1,17 +0,0 @@ -xxxxxxxxxx.xxxxxx [info] [parent] pipe's socket buffer size is 8192, setting to 1048576 -xxxxxxxxxx.xxxxxx [info] [parent] communication started, parent -xxxxxxxxxx.xxxxxx [info] [child] listening on 0.0.0.0:47758 (clear) -xxxxxxxxxx.xxxxxx [info] [child] [#10000/] accepted clear connection -xxxxxxxxxx.xxxxxx [info] [parent] [#10000/] added peer -xxxxxxxxxx.xxxxxx [info] [parent] [#10000/] peer connected -xxxxxxxxxx.xxxxxx [info] [parent] [#10000/] phase: version -xxxxxxxxxx.xxxxxx [info] [script] [#10000/] connection established -xxxxxxxxxx.xxxxxx [info] [script] [#10000/] requesting events matching /^?(ping)$?/ -xxxxxxxxxx.xxxxxx [info] [script] [#10000/] accepting state -xxxxxxxxxx.xxxxxx [info] [script] [#10000/] requesting synchronized state -xxxxxxxxxx.xxxxxx [info] [parent] [#10000/] phase: handshake -xxxxxxxxxx.xxxxxx [info] [parent] [#10000/] registered for event pong -xxxxxxxxxx.xxxxxx [info] [parent] [#10000/] peer does not support 64bit PIDs; using compatibility mode -xxxxxxxxxx.xxxxxx [info] [parent] [#10000/] phase: sync (receiver) -xxxxxxxxxx.xxxxxx [info] [parent] [#10000/] phase: running -xxxxxxxxxx.xxxxxx [info] [parent] [#10000/] closing connection diff --git a/testing/istate/base/bro-ping/stderr.log b/testing/istate/base/bro-ping/stderr.log deleted file mode 100644 index bb611b7eb0..0000000000 --- a/testing/istate/base/bro-ping/stderr.log +++ /dev/null @@ -1,3 +0,0 @@ -xxxxxxxxxx.xxxxxx processing suspended -xxxxxxxxxx.xxxxxx processing continued -xxxxxxxxxx.xxxxxx received termination signal diff --git a/testing/istate/base/bro-ping/stdout.log b/testing/istate/base/bro-ping/stdout.log deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/testing/istate/base/broccoli-ping/stderr.log b/testing/istate/base/broccoli-ping/stderr.log deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/testing/istate/base/broccoli-ping/stdout.log b/testing/istate/base/broccoli-ping/stdout.log deleted file mode 100644 index 6174e6cce8..0000000000 --- a/testing/istate/base/broccoli-ping/stdout.log +++ /dev/null @@ -1,5 +0,0 @@ -pong event from 127.0.0.1: seq=0, -pong event from 127.0.0.1: seq=1, -pong event from 127.0.0.1: seq=2, -pong event from 127.0.0.1: seq=3, -pong event from 127.0.0.1: seq=4, diff --git a/testing/istate/base/events-display/stdout.log b/testing/istate/base/events-display/stdout.log deleted file mode 100644 index a68f969a3c..0000000000 --- a/testing/istate/base/events-display/stdout.log +++ /dev/null @@ -1,36 +0,0 @@ -Event [xxxxxxxxxx.xxxxxx] bro_done() -Event [xxxxxxxxxx.xxxxxx] connection_established([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=0, state=4], resp=[size=0, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.182510137557983, service={}, addl="", hot=0, history="Sh"]) -Event [xxxxxxxxxx.xxxxxx] connection_finished([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=5], resp=[size=9417, state=5], start_time=xxxxxxxxxx.xxxxxx, duration=1.73330307006836, service={}, addl="%events-send-1", hot=0, history="ShADdFaf"]) -Event [xxxxxxxxxx.xxxxxx] connection_pending([id=[orig_h=141.42.64.125, orig_p=56729/tcp, resp_h=125.190.109.199, resp_p=12345/tcp], orig=[size=0, state=1], resp=[size=0, state=6], start_time=xxxxxxxxxx.xxxxxx, duration=0.182432889938354, service={}, addl="", hot=0, history="Sr"]) -Event [xxxxxxxxxx.xxxxxx] connection_state_remove([id=[orig_h=141.42.64.125, orig_p=56729/tcp, resp_h=125.190.109.199, resp_p=12345/tcp], orig=[size=0, state=1], resp=[size=0, state=6], start_time=xxxxxxxxxx.xxxxxx, duration=0.182432889938354, service={}, addl="", hot=0, history="Sr"]) -Event [xxxxxxxxxx.xxxxxx] connection_state_remove([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=5], resp=[size=9417, state=5], start_time=xxxxxxxxxx.xxxxxx, duration=1.73330307006836, service={}, addl="%events-send-1", hot=0, history="ShADdFaf"]) -Event [xxxxxxxxxx.xxxxxx] http_begin_entity([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=0, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.183290958404541, service={}, addl="%events-send-1", hot=0, history="ShAD"]T) -Event [xxxxxxxxxx.xxxxxx] http_begin_entity([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=1448, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.367331027984619, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShADd"]F) -Event [xxxxxxxxxx.xxxxxx] http_content_type([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=0, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.183290958404541, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShAD"]T"TEXT""PLAIN") -Event [xxxxxxxxxx.xxxxxx] http_content_type([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=1448, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.367331027984619, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShADd"]F"TEXT""HTML") -Event [xxxxxxxxxx.xxxxxx] http_end_entity([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=0, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.183290958404541, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShAD"]T) -Event [xxxxxxxxxx.xxxxxx] http_end_entity([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=9417, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.73563814163208, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShADd"]F) -Event [xxxxxxxxxx.xxxxxx] http_entity_data([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=5792, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.551820039749146, service={}, addl="%events-send-1", hot=0, history="ShADd"]F4096"^JICIR^J^JICIR
      ^J

      ^JICIR (The ICSI Center for Internet Research)^Jis a ^Jnon-profit^Jresearch institute at^JICSI^Jin ^JBerkeley, ^JCalifornia.
      ^JFor the three years from 1999 to 2001 we were named^JACIRI, the AT&T Center for Internet Research at ICSI, ^Jand were funded by AT&T.
      ^J^JThe goals of ICIR are to:^J

        ^J
      • Pursue research on the Internet architecture and related networking issues,^J
      • ^JParticipate actively in the research (SIGCOMM and IRTF) and^Jstandards (IETF) communities,^J
      • Bridge the gap between the Internet research community and commercial ^Jinterests by providing a neutral forum where topics of mutual technical ^Jinterest can be addressed.^J
      ^J

      ^J^J

      ^J^J
      ^J^J^J^J^J^J^J^J^J^J^J
      ^J^J

      ^JPeople^J

      ^J^J^J      		^J^J

      ^JPublications^J

      ^J^J^J

      ^JProjects ^J

      ^J^J^J^J      		^J ^J

      Research

      ^J   Transport and Congestion^J
        ^J
      • ^JDCCP^J(Datagram Congestion Control Protocol).^J
      • ^JECN^J(Explicit Congestion Notification).^J
      • ^J^JIntegrated services.^J
      • ^JRED ^Jqueue management, and^JRED-PD.^J
      • ^JHighSpeed TCP.^J
      • ^J^JTCP Implementation.^J
      • ^JReordering-Robust TCP ^J(RR-TCP).^J
      • TCP^JSACK ^J(Selective Acknowledgment).^J
      • ^JTFRC ^J(TCP-Friendly Rate Control).^J
      ^J^J   Traffic and Topology^J
        ^J
      • ^JIDMaps ^J(Internet Distance Mapping).^J
      • The ^JInternet Traffic Archive.^J
      • ^JMINC^J(Multicast-based Inference of Network-internal Characteristics).^J
      • ^JNIMI^J(N") -Event [xxxxxxxxxx.xxxxxx] http_entity_data([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=9417, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.73563814163208, service={}, addl="%events-send-1", hot=0, history="ShADd"]F938"ational Internet Measurement Infrastructure).^J
      ^J^J

      ^J^JCollaborators^J

      ^J^J^J^J
      ^J
      ^J^J
      ^J

      Information for visitors and local users.

      ^J
      ^JLast modified: June 2004. Copyright notice.^J^JOlder versions of this web page, in its ACIRI incarnation..^J
      ^JFor more information about this server, mail www@aciri.org. ^J
      ^JTo report unusual activity by any of our hosts, mail abuse@aciri.org.^J^J") -Event [xxxxxxxxxx.xxxxxx] http_header([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=0, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.183290958404541, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShAD"]T"ACCEPT""*/*") -Event [xxxxxxxxxx.xxxxxx] http_header([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=0, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.183290958404541, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShAD"]T"CONNECTION""Keep-Alive") -Event [xxxxxxxxxx.xxxxxx] http_header([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=0, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.183290958404541, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShAD"]T"HOST""www.icir.org") -Event [xxxxxxxxxx.xxxxxx] http_header([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=0, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.183290958404541, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShAD"]T"USER-AGENT""Wget/1.10") -Event [xxxxxxxxxx.xxxxxx] http_header([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=1448, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.367331027984619, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShADd"]F"ACCEPT-RANGES""bytes") -Event [xxxxxxxxxx.xxxxxx] http_header([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=1448, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.367331027984619, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShADd"]F"CONNECTION""Keep-Alive") -Event [xxxxxxxxxx.xxxxxx] http_header([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=1448, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.367331027984619, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShADd"]F"CONTENT-LENGTH""9130") -Event [xxxxxxxxxx.xxxxxx] http_header([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=1448, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.367331027984619, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShADd"]F"CONTENT-TYPE""text/html") -Event [xxxxxxxxxx.xxxxxx] http_header([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=1448, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.367331027984619, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShADd"]F"DATE""Fri, 07 Oct 2005 23:23:55 GMT") -Event [xxxxxxxxxx.xxxxxx] http_header([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=1448, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.367331027984619, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShADd"]F"ETAG"""2c96c-23aa-4346a0e5"") -Event [xxxxxxxxxx.xxxxxx] http_header([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=1448, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.367331027984619, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShADd"]F"KEEP-ALIVE""timeout=15, max=100") -Event [xxxxxxxxxx.xxxxxx] http_header([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=1448, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.367331027984619, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShADd"]F"LAST-MODIFIED""Fri, 07 Oct 2005 16:23:01 GMT") -Event [xxxxxxxxxx.xxxxxx] http_header([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=1448, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.367331027984619, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShADd"]F"SERVER""Apache/1.3.33 (Unix)") -Event [xxxxxxxxxx.xxxxxx] http_message_done([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=0, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.183290958404541, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShAD"]T[start=xxxxxxxxxx.xxxxxx, interrupted=F, finish_msg="message ends normally", body_length=0, content_gap_length=0, header_length=86]) -Event [xxxxxxxxxx.xxxxxx] http_message_done([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=9417, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.73563814163208, service={}, addl="%events-send-1 %events-rcv-1", hot=0, history="ShADd"]F[start=xxxxxxxxxx.xxxxxx, interrupted=F, finish_msg="message ends normally", body_length=9130, content_gap_length=0, header_length=265]) -Event [xxxxxxxxxx.xxxxxx] http_reply([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=1448, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.367331027984619, service={}, addl="%events-send-1", hot=0, history="ShADd"]"1.1"200"OK") -Event [xxxxxxxxxx.xxxxxx] http_request([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=0, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.183290958404541, service={}, addl="", hot=0, history="ShAD"]"GET""/""/""1.0") -Event [xxxxxxxxxx.xxxxxx] net_done(xxxxxxxxxx.xxxxxx) -Event [xxxxxxxxxx.xxxxxx] new_connection([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=0, state=0], resp=[size=0, state=0], start_time=xxxxxxxxxx.xxxxxx, duration=0.0, service={}, addl="", hot=0, history=""]) -Event [xxxxxxxxxx.xxxxxx] new_connection([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=0, state=1], resp=[size=0, state=0], start_time=xxxxxxxxxx.xxxxxx, duration=0.0, service={}, addl="cc=1", hot=0, history=""]) -Event [xxxxxxxxxx.xxxxxx] protocol_confirmation([id=[orig_h=141.42.64.125, orig_p=56730/tcp, resp_h=125.190.109.199, resp_p=80/tcp], orig=[size=98, state=4], resp=[size=0, state=4], start_time=xxxxxxxxxx.xxxxxx, duration=0.183290958404541, service={}, addl="", hot=0, history="ShAD"]165) diff --git a/testing/istate/base/events-rcv/conn.log b/testing/istate/base/events-rcv/conn.log deleted file mode 100644 index b38c0a2e70..0000000000 --- a/testing/istate/base/events-rcv/conn.log +++ /dev/null @@ -1,2 +0,0 @@ -xxxxxxxxxx.xxxxxx 0.182433 141.42.64.125 125.190.109.199 other 56729 12345 tcp ? ? REJ X -xxxxxxxxxx.xxxxxx 1.733303 141.42.64.125 125.190.109.199 http 56730 80 tcp 98 9417 SF X %events-send-1 diff --git a/testing/istate/base/events-rcv/http.log b/testing/istate/base/events-rcv/http.log deleted file mode 100644 index db049772d8..0000000000 --- a/testing/istate/base/events-rcv/http.log +++ /dev/null @@ -1,18 +0,0 @@ -xxxxxxxxxx.xxxxxx %events-rcv-1 start 141.42.64.125:56730 > 125.190.109.199:80 -xxxxxxxxxx.xxxxxx %events-rcv-1 > USER-AGENT: Wget/1.10 -xxxxxxxxxx.xxxxxx %events-rcv-1 > ACCEPT: */* -xxxxxxxxxx.xxxxxx %events-rcv-1 > HOST: www.icir.org -xxxxxxxxxx.xxxxxx %events-rcv-1 > CONNECTION: Keep-Alive -xxxxxxxxxx.xxxxxx %events-rcv-1 < DATE: Fri, 07 Oct 2005 23:23:55 GMT -xxxxxxxxxx.xxxxxx %events-rcv-1 < SERVER: Apache/1.3.33 (Unix) -xxxxxxxxxx.xxxxxx %events-rcv-1 < LAST-MODIFIED: Fri, 07 Oct 2005 16:23:01 GMT -xxxxxxxxxx.xxxxxx %events-rcv-1 < ETAG: "2c96c-23aa-4346a0e5" -xxxxxxxxxx.xxxxxx %events-rcv-1 < ACCEPT-RANGES: bytes -xxxxxxxxxx.xxxxxx %events-rcv-1 < CONTENT-LENGTH: 9130 -xxxxxxxxxx.xxxxxx %events-rcv-1 < KEEP-ALIVE: timeout=15, max=100 -xxxxxxxxxx.xxxxxx %events-rcv-1 < CONNECTION: Keep-Alive -xxxxxxxxxx.xxxxxx %events-rcv-1 < CONTENT-TYPE: text/html -xxxxxxxxxx.xxxxxx %events-rcv-1 <= 4096 bytes: "^J^J

      ^JPublications^J

      ^J
        ^J 125.190.109.199:80 -xxxxxxxxxx.xxxxxx %events-send-1 > USER-AGENT: Wget/1.10 -xxxxxxxxxx.xxxxxx %events-send-1 > ACCEPT: */* -xxxxxxxxxx.xxxxxx %events-send-1 > HOST: www.icir.org -xxxxxxxxxx.xxxxxx %events-send-1 > CONNECTION: Keep-Alive -xxxxxxxxxx.xxxxxx %events-send-1 < DATE: Fri, 07 Oct 2005 23:23:55 GMT -xxxxxxxxxx.xxxxxx %events-send-1 < SERVER: Apache/1.3.33 (Unix) -xxxxxxxxxx.xxxxxx %events-send-1 < LAST-MODIFIED: Fri, 07 Oct 2005 16:23:01 GMT -xxxxxxxxxx.xxxxxx %events-send-1 < ETAG: "2c96c-23aa-4346a0e5" -xxxxxxxxxx.xxxxxx %events-send-1 < ACCEPT-RANGES: bytes -xxxxxxxxxx.xxxxxx %events-send-1 < CONTENT-LENGTH: 9130 -xxxxxxxxxx.xxxxxx %events-send-1 < KEEP-ALIVE: timeout=15, max=100 -xxxxxxxxxx.xxxxxx %events-send-1 < CONNECTION: Keep-Alive -xxxxxxxxxx.xxxxxx %events-send-1 < CONTENT-TYPE: text/html -xxxxxxxxxx.xxxxxx %events-send-1 <= 4096 bytes: "^J^J

        ^JPublications^J

        ^J
          ^J 2 - xxxxxxxxxx.xxxxxx - 120.0 -False False -1.5 1.5 -'Servus' Servus - 5555/tcp - 6.7.6.5 - X.X.X - 192.168.0.0/16 -==== record 1 ==== - -42 42 -'6.6.7.7' 6.6.7.7 -==== record 2 ==== - -99 99 -'3.4.5.1' 3.4.5.1 diff --git a/testing/istate/base/sync-rcv/remote.log b/testing/istate/base/sync-rcv/remote.log deleted file mode 100644 index 01c0aa34cc..0000000000 --- a/testing/istate/base/sync-rcv/remote.log +++ /dev/null @@ -1,21 +0,0 @@ -xxxxxxxxxx.xxxxxx [info] [parent] raised pipe's socket buffer size from 126K to 1024K -xxxxxxxxxx.xxxxxx [info] [parent] communication started, parent -xxxxxxxxxx.xxxxxx [info] [parent] [#1/127.0.0.1:47757] added peer -xxxxxxxxxx.xxxxxx [info] [child] [#1/127.0.0.1:47757] connected -xxxxxxxxxx.xxxxxx [info] [parent] [#1/127.0.0.1:47757] peer connected -xxxxxxxxxx.xxxxxx [info] [parent] [#1/127.0.0.1:47757] phase: version -xxxxxxxxxx.xxxxxx [info] [script] [#1/127.0.0.1:47757] connection established -xxxxxxxxxx.xxxxxx [info] [script] [#1/127.0.0.1:47757] requesting events matching /^?(.*)$?/ -xxxxxxxxxx.xxxxxx [info] [script] [#1/127.0.0.1:47757] accepting state -xxxxxxxxxx.xxxxxx [info] [script] [#1/127.0.0.1:47757] requesting synchronized state -xxxxxxxxxx.xxxxxx [info] [parent] [#1/127.0.0.1:47757] phase: handshake -xxxxxxxxxx.xxxxxx [info] [parent] [#1/127.0.0.1:47757] peer_description is not set -xxxxxxxxxx.xxxxxx [info] [parent] [#1/127.0.0.1:47757] peer supports keep-in-cache; using that -xxxxxxxxxx.xxxxxx [info] [parent] [#1/127.0.0.1:47757] phase: sync (sender) -xxxxxxxxxx.xxxxxx [info] [parent] [#1/127.0.0.1:47757] starting to send full state -xxxxxxxxxx.xxxxxx [info] [parent] [#1/127.0.0.1:47757] done sending full state -xxxxxxxxxx.xxxxxx [info] [parent] [#1/127.0.0.1:47757] phase: running -xxxxxxxxxx.xxxxxx [info] [script] [#1/127.0.0.1:47757] connection closed -xxxxxxxxxx.xxxxxx [info] [parent] [#1/127.0.0.1:47757] peer disconnected -xxxxxxxxxx.xxxxxx [info] [child] [#1/127.0.0.1:47757] connection closed -xxxxxxxxxx.xxxxxx [info] [parent] [#1/127.0.0.1:47757] closing connection diff --git a/testing/istate/base/sync-rcv/stderr.log b/testing/istate/base/sync-rcv/stderr.log deleted file mode 100644 index 788f8009fe..0000000000 --- a/testing/istate/base/sync-rcv/stderr.log +++ /dev/null @@ -1 +0,0 @@ -xxxxxxxxxx.xxxxxx received termination signal diff --git a/testing/istate/base/sync-rcv/stdout.log b/testing/istate/base/sync-rcv/stdout.log deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/testing/istate/base/sync-rcv/vars.log b/testing/istate/base/sync-rcv/vars.log deleted file mode 100644 index a86d2a82da..0000000000 --- a/testing/istate/base/sync-rcv/vars.log +++ /dev/null @@ -1,34 +0,0 @@ -421 -1234567 -Jodel -4.3.2.1 -4.0.0.0/8 -21.0 -192.150.186 -42.0 secs -{ -[3] = asdfg1, -[1] = asdfg2 -} -file "test2" of string -/^?(abbcdefgh)$?/ -{ -3, -5, -6, -4, -2 -} -{ -[4, JKL] = 104, -[2, DEF] = 103, -[3, GHI] = 103 -} -{ -[12345] = /^?(12345)$?/, -[6767] = /^?(QWERTZ)$?/, -[12346] = /^?(12345)$?/ -} -6667/tcp -[2, 20, 3, 4] -[a=zxzxzx, b=[a=pop, b=43, c=9.999], c=[a=IOIOI, b=201, c=612.2], d=6.6666] diff --git a/testing/istate/base/sync-send/stderr.log b/testing/istate/base/sync-send/stderr.log deleted file mode 100644 index 4f2df4e549..0000000000 --- a/testing/istate/base/sync-send/stderr.log +++ /dev/null @@ -1,2 +0,0 @@ -xxxxxxxxxx.xxxxxx processing suspended -xxxxxxxxxx.xxxxxx processing continued diff --git a/testing/istate/base/sync-send/stdout.log b/testing/istate/base/sync-send/stdout.log deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/testing/istate/base/sync-send/vars.log b/testing/istate/base/sync-send/vars.log deleted file mode 100644 index a86d2a82da..0000000000 --- a/testing/istate/base/sync-send/vars.log +++ /dev/null @@ -1,34 +0,0 @@ -421 -1234567 -Jodel -4.3.2.1 -4.0.0.0/8 -21.0 -192.150.186 -42.0 secs -{ -[3] = asdfg1, -[1] = asdfg2 -} -file "test2" of string -/^?(abbcdefgh)$?/ -{ -3, -5, -6, -4, -2 -} -{ -[4, JKL] = 104, -[2, DEF] = 103, -[3, GHI] = 103 -} -{ -[12345] = /^?(12345)$?/, -[6767] = /^?(QWERTZ)$?/, -[12346] = /^?(12345)$?/ -} -6667/tcp -[2, 20, 3, 4] -[a=zxzxzx, b=[a=pop, b=43, c=9.999], c=[a=IOIOI, b=201, c=612.2], d=6.6666] diff --git a/testing/istate/istate.py b/testing/istate/istate.py deleted file mode 100755 index 72b3eb4288..0000000000 --- a/testing/istate/istate.py +++ /dev/null @@ -1,174 +0,0 @@ -#! /usr/bin/env python -# -# Tests persistence. -# -# $Id: istate.py,v 1.1.2.4 2005/10/11 22:31:42 sommer Exp $ - -import time -import os -import os.path -import optparse -import sys -import subprocess - -import tests - -optparser = optparse.OptionParser( usage = "%prog [options]", version = "0.1" ) -optparser.add_option( "-s", "--show-diff", action = "store_true", dest = "showdiff", - default = False, help = "show diffs of mismatches" ) -optparser.add_option( "-b", "--new-base", action = "store_true", dest = "newbase", - default = False, help = "create new baseline" ) -optparser.add_option( "-d", "--debug", action = "store_true", dest = "debug", - default = False, help = "enable debug output" ) -optparser.add_option( "-t", "--set", action = "store", type = "string", dest = "set", - default = None, help = "only do given test set" ) - - -( tests.Options, args ) = optparser.parse_args() - -if len(args) != 0: - optparser.error( "Wrong number of arguments" ) - -########################################## -# Write persistent data and read it back. -########################################## - -if tests.testSet("persistence"): - - tests.spawnBro("persistence-write", - ["-r", os.path.join(tests.Traces, "empty.trace"), - os.path.join(tests.Scripts, "vars-init.bro"), - os.path.join(tests.Scripts, "vars-print.bro")]) - tests.waitProc("persistence-write") - tests.finishTest("persistence-write", ["stdout.log", "stderr.log", "vars.log"]) - - tests.spawnBro("persistence-read", - [os.path.join(tests.Scripts, "vars-declare.bro"), - os.path.join(tests.Scripts, "vars-print.bro")], - copy=[os.path.join(tests.workDir("persistence-write"), ".state")]) - tests.waitProc("persistence-read") - tests.finishTest("persistence-read", ["stdout.log", "stderr.log", "vars.log"]) - - tests.compareFiles("persistence-write", "persistence-read", ["vars.log"]) - -########################################## -# Exchange events (clear-text). -# -# The used trace contains two connections separated by a silence of a -# couple of seconds. We start the processes so that the events for the -# *second* one (which is a full HTTP connection) are exchanged. -########################################## - -if tests.testSet("events"): - - tests.spawnBro("events-send", - ["-r", os.path.join(tests.Scripts, os.path.join(tests.Traces, "web.trace")), - "--pseudo-realtime", - "-C", - os.path.join(tests.Scripts, "events-send.bro")]) - time.sleep(2) - tests.spawnBro("events-rcv", - [os.path.join(tests.Scripts, "events-rcv.bro")]) - tests.waitProc("events-send") - tests.killProc("events-rcv") - tests.finishTest("events-send", ["stdout.log", "stderr.log", "http.log", "conn.log"], ignoreTime=True) - tests.finishTest("events-rcv", ["stdout.log", "stderr.log", "http.log", "conn.log"], ignoreTime=True) - - tests.spawnBro("events-display", - ["-x", os.path.join(tests.workDir("events-rcv"), "events.bst")]) - tests.waitProc("events-display") - tests.finishTest("events-display", ["stdout.log"], ignoreTime=True, sort=True, delete=['127.0.0.1:[0-9]*',"Event.*remote_.*"]) - - tests.compareFiles("events-send", "events-rcv", ["http.log"], ignoreTime=True, ignoreSessionID=True) - -########################################## -# Exchange synchronized state -########################################## - -if tests.testSet("sync"): - - tests.spawnBro("sync-send", - [os.path.join(tests.Scripts, "vars-sync-send.bro")]) - tests.spawnBro("sync-rcv", - [os.path.join(tests.Scripts, "vars-sync-rcv.bro")]) - tests.waitProc("sync-send") - time.sleep(1) - tests.killProc("sync-rcv") - tests.finishTest("sync-send", ["stdout.log", "stderr.log", "vars.log"], ignoreTime=True) - tests.finishTest("sync-rcv", ["stdout.log", "stderr.log", "vars.log", "remote.log"], ignoreTime=True, delete=["pid.*pid.*", "temporarily unavailable \\[..\\]"]) - - tests.compareFiles("sync-send", "sync-rcv", ["vars.log"], ignoreTime=True) - -# Old version -# tests.spawnBro("sync-send", -# ["-r", os.path.join(tests.Scripts, os.path.join(tests.Traces, "web.trace")), -# "--pseudo-realtime", -# "-C", -# os.path.join(tests.Scripts, "vars-sync-send.bro")]) - -########################################## -# Test Broccoli with bro-ping -########################################## - - -if tests.testSet("broccoli"): - - broctest = os.path.join(tests.BroBase, "aux/broccoli/test") - broclib = os.path.join(tests.BroBase, "build/aux/broccoli/src/") - broping = os.path.join(tests.BroBase, "build/aux/broccoli/test/broping") - - brocpy = os.path.join(tests.BroBase, "build/aux/broccoli/bindings/broccoli-python") - - broccoli = True - - # Test if Broccoli was compiled. - if not os.path.exists(broping): - print " Broccoli was not compiled, skipping tests." - broccoli = False - - # Test if this is a IPv6 Bro. - if broccoli: - v6 = subprocess.call(["grep", "-q", "#define BROv6", os.path.join(tests.BroBase, "build/config.h")]) - if v6 == 0: - print " Bro built with IPv6 support not compatible with Broccoli, skipping tests." - broccoli = False - - if broccoli: - tests.spawnBro("bro-ping", [os.path.join(broctest, "broping-record.bro")]) - time.sleep(1) - tests.spawnProc("broccoli-ping", - [broping, - "-r", - "-c", "5", - "127.0.0.1"]) - tests.waitProc("broccoli-ping") - tests.killProc("bro-ping") - - tests.finishTest("bro-ping", ["stdout.log", "stderr.log", "remote.log"], - ignoreTime=True, delete=["127.0.0.1:[0-9]*", "pid.*pid.*", - ".*Resource temporarily unavailable.*", ".*connection closed.*", - ".*peer disconnected.*"]) - tests.finishTest("broccoli-ping", ["stdout.log", "stderr.log"], - delete=["time=.* s$"]) - - # Test if Python binding are installed. - sopath = subprocess.Popen(["find", brocpy, "-name", "_broccoli_intern.so"], stdout=subprocess.PIPE).communicate()[0] - if sopath != "": - - os.environ["LD_LIBRARY_PATH"] = broclib - os.environ["DYLD_LIBRARY_PATH"] = broclib - os.environ["PYTHONPATH"] = os.path.dirname(sopath) - - tests.spawnBro("python-bro", [os.path.join(brocpy, "tests/test.bro")]) - time.sleep(1) - tests.spawnProc("python-script", [os.path.join(brocpy, "tests/test.py")]) - tests.waitProc("python-script") - tests.killProc("python-bro") - tests.finishTest("python-bro", ["stdout.log"], ignoreTime=True) - tests.finishTest("python-script", ["stdout.log"], ignoreTime=True, delete=["0x[^>]*", ".[0-9]{2}"]) - else: - print " Python bindings not built, skipping test." - print " (To build: cd %s && python setup.py build)" % brocpy - - - diff --git a/testing/istate/rndseed.dat b/testing/istate/rndseed.dat deleted file mode 100644 index 3bc70c899b..0000000000 --- a/testing/istate/rndseed.dat +++ /dev/null @@ -1,17 +0,0 @@ -1971283154 -1128552575 -26676 -875311974 -790730425 -1553617948 -3593004090 -2070230499 -1420669195 -754343139 -2906181924 -542878596 -2459738795 -924396623 -743111462 -3363354015 -198575356 diff --git a/testing/istate/scripts/events-rcv.bro b/testing/istate/scripts/events-rcv.bro deleted file mode 100644 index a345e3fa49..0000000000 --- a/testing/istate/scripts/events-rcv.bro +++ /dev/null @@ -1,18 +0,0 @@ -# $Id: events-rcv.bro,v 1.1.2.1 2005/10/07 01:59:12 sommer Exp $ - -@load tcp -@load http-request -@load http-reply -@load http-header -@load http-body -@load http-abstract - -@load capture-events -@load remote - -redef peer_description = "events-rcv"; - -redef Remote::destinations += { - ["foo"] = [$host = 127.0.0.1, $events = /.*/, $connect=T] -}; - diff --git a/testing/istate/scripts/events-send.bro b/testing/istate/scripts/events-send.bro deleted file mode 100644 index 00975fd723..0000000000 --- a/testing/istate/scripts/events-send.bro +++ /dev/null @@ -1,21 +0,0 @@ -# $Id: events-send.bro,v 1.1.2.1 2005/10/07 01:59:12 sommer Exp $ - -@load tcp -@load http-request -@load http-reply -@load http-header -@load http-body -@load http-abstract -@load listen-clear - -@load capture-events - -redef peer_description = "events-send"; - -# Make sure the HTTP connection really gets out. -# (We still miss one final connection event because we shutdown before -# it gets propagated but that's ok.) -redef tcp_close_delay = 0secs; - - - diff --git a/testing/istate/scripts/vars-declare.bro b/testing/istate/scripts/vars-declare.bro deleted file mode 100644 index 871e518109..0000000000 --- a/testing/istate/scripts/vars-declare.bro +++ /dev/null @@ -1,36 +0,0 @@ -# $Id: vars-declare.bro,v 1.1.2.2 2005/10/11 21:15:05 sommer Exp $ -# -# Declares variables. - -global foo1: count &persistent &synchronized; -global foo2: int &persistent &synchronized; -global foo3: string &persistent &synchronized; -global foo4: addr &persistent &synchronized; -global foo5: subnet &persistent &synchronized; -global foo6: double &persistent &synchronized; -global foo7: net &persistent &synchronized; -global foo8: interval &persistent &synchronized; -global foo9: table[count] of string &persistent &synchronized; -global foo10: file &persistent &synchronized; -global foo11: pattern &persistent &synchronized; -global foo12: set[count] &persistent &synchronized; -global foo13: table[count, string] of count &persistent &synchronized; -global foo14: table[count] of pattern &persistent &synchronized; -global foo15: port &persistent &synchronized; -global foo16: vector of count &persistent &synchronized; - -type type1: record { - a: string; - b: count &default=42; - c: double &optional; - }; - -type type2: record { - a: string; - b: type1; - c: type1; - d: double; - }; - -global foo17: type2 &persistent &synchronized; - diff --git a/testing/istate/scripts/vars-init.bro b/testing/istate/scripts/vars-init.bro deleted file mode 100644 index 79b1345f31..0000000000 --- a/testing/istate/scripts/vars-init.bro +++ /dev/null @@ -1,42 +0,0 @@ -# $Id: vars-init.bro,v 1.1.2.2 2005/10/11 21:15:05 sommer Exp $ -# -# Instantiates variables. - -global foo1 = 42 &persistent &synchronized; -global foo2 = -42 &persistent &synchronized; -global foo3 = "Hallihallo" &persistent &synchronized; -global foo4 = 1.2.3.4 &persistent &synchronized; -global foo5 = 1.2.0.0/16 &persistent &synchronized; -global foo6 = 3.14 &persistent &synchronized; -global foo7 = 131.159. &persistent &synchronized; -global foo8 = 42 secs &persistent &synchronized; -global foo9 = { [1] = "qwerty", [2] = "uiop" } &persistent &synchronized; -global foo10 = open("test") &persistent &synchronized; -global foo11 = /12345/ &persistent &synchronized; -global foo12 = { 1,2,3,4,5 } &persistent &synchronized; -global foo13 = { [1,"ABC"] = 101, [2,"DEF"] = 102, [3,"GHI"] = 103 } &persistent &synchronized; -global foo14 = { [12345] = foo11, [12346] = foo11 } &persistent &synchronized; -global foo15 = 42/udp &persistent &synchronized; -global foo16: vector of count = [1,2,3] &persistent &synchronized; - -type type1: record { - a: string; - b: count &default=42; - c: double &optional; - }; - -type type2: record { - a: string; - b: type1; - c: type1; - d: double; - }; - -global foo17: type2 = [ - $a = "yuyuyu", - $b = [$a="rec1", $b=100, $c=1.24], - $c = [$a="rec2", $b=200, $c=2.24], - $d = 7.77 - ] &persistent &synchronized; - - diff --git a/testing/istate/scripts/vars-modify.bro b/testing/istate/scripts/vars-modify.bro deleted file mode 100644 index 51f723f90d..0000000000 --- a/testing/istate/scripts/vars-modify.bro +++ /dev/null @@ -1,61 +0,0 @@ -# $Id: vars-modify.bro,v 1.1.2.2 2005/10/11 21:15:05 sommer Exp $ -# -# Performs modifications on variables. - -function modify() - { - foo1 = 420; - ++foo1; - - --foo2; - - foo3 = "Jodel"; - - foo4 = 4.3.2.1; - - foo5 = 4.0.0.0/8; - - foo6 = 21; - - foo7 = 192.150.186; - - foo9[3] = "asdfg1"; - foo9[1] = "asdfg2"; - delete foo9[2]; - - foo10 = open("test2"); - - foo11 = /abbcdefgh/; - - add foo12[6]; - delete foo12[1]; - - foo13[4,"JKL"] = 104; - delete foo13[1,"ABC"]; - ++foo13[2,"DEF"]; - - foo14[6767] = /QWERTZ/; - - foo15 = 6667/tcp; - - foo16[4] = 4; - foo16[2] = 20; - ++foo16[1]; - - local x: type1; - x$a = "pop"; - ++x$b; - x$c = 9.999; - foo17$a = "zxzxzx"; - foo17$b = x; - foo17$c$a = "IOIOI"; - ++foo17$c$b; - foo17$c$c = 612.2; - foo17$d = 6.6666; - - foo2 = 1234567; - } - - - - diff --git a/testing/istate/scripts/vars-print.bro b/testing/istate/scripts/vars-print.bro deleted file mode 100644 index 26d846c9cc..0000000000 --- a/testing/istate/scripts/vars-print.bro +++ /dev/null @@ -1,29 +0,0 @@ -# $Id: vars-print.bro,v 1.1.2.2 2005/10/11 21:15:05 sommer Exp $ -# -# Print variables. - -event bro_done() - { - local out = open("vars.log"); - print out, foo1; - print out, foo2; - print out, foo3; - print out, foo4; - print out, foo5; - print out, foo6; - print out, foo7; - print out, foo8; - print out, foo9; - print out, foo10; - print out, foo11; - print out, foo12; - print out, foo13; - print out, foo14; - print out, foo15; - print out, foo16; - print out, foo17; - } - - - - diff --git a/testing/istate/scripts/vars-sync-rcv.bro b/testing/istate/scripts/vars-sync-rcv.bro deleted file mode 100644 index 145afd6ff6..0000000000 --- a/testing/istate/scripts/vars-sync-rcv.bro +++ /dev/null @@ -1,13 +0,0 @@ -# $Id: vars-sync-rcv.bro,v 1.1.2.1 2005/10/11 21:15:05 sommer Exp $ - -@load vars-init -@load vars-print - -@load capture-events -@load remote - - -redef Remote::destinations += { - ["foo"] = [$host = 127.0.0.1, $events = /.*/, $connect=T, $sync=T] -}; - diff --git a/testing/istate/scripts/vars-sync-send.bro b/testing/istate/scripts/vars-sync-send.bro deleted file mode 100644 index 655c8a36ea..0000000000 --- a/testing/istate/scripts/vars-sync-send.bro +++ /dev/null @@ -1,20 +0,0 @@ -# $Id: vars-sync-send.bro,v 1.1.2.1 2005/10/11 21:15:05 sommer Exp $ -# - -@load vars-init -@load vars-print -@load vars-modify - -@load listen-clear - -event remote_connection_handshake_done(p: event_peer) - { - modify(); - terminate_communication(); - } - -redef Remote::destinations += { - ["foo"] = [$host = 127.0.0.1, $sync=T] -}; - - diff --git a/testing/istate/tests.py b/testing/istate/tests.py deleted file mode 100644 index 0673108563..0000000000 --- a/testing/istate/tests.py +++ /dev/null @@ -1,300 +0,0 @@ -# $Id: tests.py,v 1.1.2.5 2005/10/11 22:31:42 sommer Exp $ -# -# Various helper functions. - -import sys -import os -import copy -import errno -import signal -import subprocess - -# Path to our files. -Testing = os.path.abspath(".") - -# Path to top-level Bro directory. -if os.path.exists("../../build/src/bro"): - BroBase = os.path.abspath("../..") -else: - error("cannot find build directory") - -# Path where tmp files are created. -Tmp = os.path.join(Testing, "tmp") - -# Path to seed file. -BroSeed = os.path.join(Testing, "rndseed.dat") - -# Path to our test scripts. -Scripts = os.path.join(Testing, "scripts") - -# Path to our test traces. -Traces = os.path.join(Testing, "traces") - -# Where the base files to compare against are stored. -Base = os.path.join(os.getcwd(), "./base") - -# Process ID of all processes we've spawned, indexed by textual tag *and* pid. -Running = {} - -# Set to true when at least one check failed. -Failed = False - -# getopt options -Options = None - -def error(str): - print >>sys.stderr, "Error:", str - sys.exit(1) - -def debug(str): - if Options.debug: - print >>sys.stderr, "Debug:", str - -def log(str): - print >>sys.stderr, str - -# Returns full path of given process' working directory. -def workDir(tag): - return os.path.join(Tmp, tag) - -# Intializes work dir for given process. -def initWorkDir(tag): - - try: - os.mkdir(Tmp) - except OSError, e: - if e.errno != errno.EEXIST: - raise - - os.system("rm -rf " + workDir(tag)) - os.mkdir(workDir(tag)) - -# Spawns process identified by the given tag. Enters process into RunningBro. -def spawnProc(tag, cmdline, copy=[]): - initWorkDir(tag) - os.chdir(workDir(tag)) - - for i in copy: - debug("Copying %s into workdir of %s" % (i, tag)) - os.system("cp -r %s %s" % (i, workDir(tag))) - - debug("Spawning '%s' as %s" % (" ".join(cmdline), tag)) - - saved_stdin = os.dup(0) - saved_stdout = os.dup(1) - saved_stderr = os.dup(2) - child_stdin = open("/dev/null", "r") - child_stdout = open("stdout.log", "w") - child_stderr = open("stderr.log", "w") - os.dup2(child_stdin.fileno(), 0) - os.dup2(child_stdout.fileno(), 1) - os.dup2(child_stderr.fileno(), 2) - pid = os.spawnvp(os.P_NOWAIT, cmdline[0], cmdline) - os.dup2(saved_stdin, 0) - os.dup2(saved_stdout, 1) - os.dup2(saved_stderr, 2) - - Running[tag] = pid - Running[pid] = tag - -# Spaws a Bro process. -def spawnBro(tag, args, copy=[]): - bropath = os.path.join(BroBase, "policy") - bropath += ":" + os.path.join(BroBase, "build/src") - - os.putenv("BROPATH", bropath + ":" + Scripts) - os.unsetenv("BRO_LOG_SUFFIX") - args += ["--load-seeds", BroSeed, "-B", "state,comm"] - spawnProc(tag, [os.path.join(BroBase, "build/src/bro")] + args, copy=copy) - -# Examines a process' exit code. -def parseExitCode(tag, result): - if os.WCOREDUMP(result): - error("process %s core dumped." % tag) - - if os.WIFSIGNALED(result): - error("process %s got signal %d." % (tag, os.WTERMSIG(result))) - - if not os.WIFEXITED(result): - error("process %s exited abnormally (%d)." % (tag, result)) - - result = os.WEXITSTATUS(result) - debug("process %s exited with %d" % (tag, result)) - - return result - -# Waits for process to finish. -def waitProc(tag): - (pid, result) = os.waitpid(Running[tag], 0) - result = parseExitCode(tag, result) - if result != 0: - error("Execution of %s failed." % tag) - - del Running[pid] - del Running[tag] - -# Waits for all of our processes to terminte. -def waitProcs(): - while Running: - (pid, result) = os.waitpid(0, 0) - parseExitCode(Running[pid], result) - del Running[Running[pid]] - del Running[pid] - -# Kills the process and waits for its termination. -def killProc(tag): - pid = Running[tag] - debug("Killing %s..." % tag) - os.kill(pid, signal.SIGTERM) - (pid, result) = os.waitpid(pid, 0) - parseExitCode(tag, result) - del Running[pid] - del Running[tag] - -# Cleans up temporary stuff -def cleanup(): - os.system("rm -rf " + Tmp) - -# Canonicalizes file content for diffing. -def canonicalizeFile(file, ignoreTime, ignoreSessionID, sort, delete): - - cmd = [] - - if delete: - for i in delete: - cmd += ["sed 's/%s//g' | grep -v '^$'" % i] - - if ignoreTime: - cmd += ["sed 's/[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\.[0-9][0-9]\{0,6\}/xxxxxxxxxx.xxxxxx/g'"] - - if ignoreSessionID: - # A session is either "%1" or "%my-peer-description-1" - cmd += ["sed 's/%\([^ ]*-\)\{0,1\}[0-9][0-9]*/%XXX/g'"] - - if sort: - cmd += ["LC_ALL=c sort"] - - if not cmd: - return - - tmp = file + ".tmp" - cmd = "cat %s | %s >%s" % (file, " | ".join(cmd), tmp) - - debug("Canonicalizing '%s'" % cmd) - os.system(cmd) - os.system("mv %s %s" % (tmp, file)) - -# Diffs the two files, If mismatch, prints "FAILED" and returns true. -def diff(file1, file2): - - quiet = ">/dev/null" - if Options.showdiff: - quiet = "" - - for f in (file1, file2): - if not os.path.exists(f): - print "FAILED (%s does not exist)" % f - return False - - diff = "diff -u %s %s %s" % (file1, file2, quiet) - - debug("Executing '%s'" % diff) - result = os.system(diff) - - if os.WEXITSTATUS(result) != 0: - print "FAILED" - return False - - return True - -# Compares files of process against base version. Returns false if mismatch found. -def checkFiles(tag, files, ignoreTime, sort, delete): - base = os.path.join(Base, tag) - work = workDir(tag) - - print " Checking %s..." % tag, - - failed = False - - for file in files: - oldfile = os.path.join(base, file) - newfile = os.path.join(work, file) - - canonicalizeFile(newfile, ignoreTime, False, sort, delete) - - if not diff(oldfile, newfile): - failed = True - break - - if not failed: - print "ok" - else: - Failed = failed - -# Compares files of two processes. Return false if mismatch found. -def compareFiles(tag1, tag2, files, ignoreTime=False, ignoreSessionID=False, sort=False, delete=None): - work1 = workDir(tag1) - work2 = workDir(tag2) - - print " Comparing %s with %s..." % (tag1, tag2), - - failed = False - - for file in files: - file1 = os.path.join(work1, file) - file2 = os.path.join(work2, file) - - canonicalizeFile(file1, ignoreTime, ignoreSessionID, sort, delete) - canonicalizeFile(file2, ignoreTime, ignoreSessionID, sort, delete) - - if not diff(file1, file2): - failed = True - break - - if not failed: - print "ok" - else: - Failed = failed - -# Make the result of process new baseline. -def makeNewBase(tag, files, ignoreTime, sort, delete): - - try: - os.mkdir(Base) - except OSError, e: - if e.errno != errno.EEXIST: - raise - - base = os.path.join(Base, tag) - work = workDir(tag) - - print " Copying files for %s..." % tag - - try: - os.mkdir(base) - except OSError, e: - if e.errno != errno.EEXIST: - raise - - # Delete all files but those belonging to CVS. - os.system("find %s -type f -not -path '*/CVS/*' -not -path '*/.svn/*' -exec rm '{}' ';'" % base) - - for file in files: - oldfile = os.path.join(work, file) - newfile = os.path.join(base, file) - os.system("cp %s %s" % (oldfile, newfile)) - canonicalizeFile(newfile, ignoreTime, False, sort, delete) - -def testSet(set): - if Options.set and set != Options.set: - return False - - print "Running set '%s' ..." % set - return True - -# Either check given files or make it new baseline, depending on options. -def finishTest(tag, files, ignoreTime=False, sort=False, delete=None): - if Options.newbase: - makeNewBase(tag, files, ignoreTime, sort, delete) - else: - checkFiles(tag, files, ignoreTime, sort, delete) diff --git a/testing/istate/traces/empty.trace b/testing/istate/traces/empty.trace deleted file mode 100644 index 3ee1117122..0000000000 Binary files a/testing/istate/traces/empty.trace and /dev/null differ diff --git a/testing/istate/traces/web.trace b/testing/istate/traces/web.trace deleted file mode 100644 index 1651085190..0000000000 Binary files a/testing/istate/traces/web.trace and /dev/null differ