[glib-networking] gnutls: Try to find root certificates locally if not anchored
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking] gnutls: Try to find root certificates locally if not anchored
- Date: Fri, 10 Aug 2012 21:12:29 +0000 (UTC)
commit acec8a8d9098341c58cbc73c1f8c25a01dd0b8b8
Author: Stef Walter <stefw gnome org>
Date: Wed Aug 8 06:52:12 2012 +0200
gnutls: Try to find root certificates locally if not anchored
* If a server erroneously sends us a root certificate, and it
is not anchored, then try to lookup a certificate for the same
issuer in the database.
* Add a test for this case.
https://bugzilla.gnome.org/show_bug.cgi?id=681299
tls/gnutls/gtlsdatabase-gnutls.c | 41 ++++++++++-
tls/tests/file-database.c | 105 +++++++++++++++++++++++++++
tls/tests/files/ca-verisign-sha1.pem | 48 ++++++++++++
tls/tests/files/chain-with-verisign-md2.pem | 81 +++++++++++++++++++++
4 files changed, 272 insertions(+), 3 deletions(-)
---
diff --git a/tls/gnutls/gtlsdatabase-gnutls.c b/tls/gnutls/gtlsdatabase-gnutls.c
index c06c5d0..5ea7b24 100644
--- a/tls/gnutls/gtlsdatabase-gnutls.c
+++ b/tls/gnutls/gtlsdatabase-gnutls.c
@@ -66,7 +66,9 @@ build_certificate_chain (GTlsDatabaseGnutls *self,
{
GTlsCertificateGnutls *certificate;
+ GTlsCertificateGnutls *previous;
GTlsCertificate *issuer;
+ gboolean certificate_is_from_db;
g_assert (anchor);
g_assert (chain);
@@ -81,7 +83,9 @@ build_certificate_chain (GTlsDatabaseGnutls *self,
*/
*anchor = NULL;
+ previous = NULL;
certificate = chain;
+ certificate_is_from_db = FALSE;
/* First check for pinned certificate */
if (g_tls_database_gnutls_lookup_assertion (self, certificate,
@@ -118,15 +122,45 @@ build_certificate_chain (GTlsDatabaseGnutls *self,
/* Is it self-signed? */
if (is_self_signed (certificate))
{
+ /*
+ * Since at this point we would fail with 'self-signed', can we replace
+ * this certificate with one from the database and do better?
+ */
+ if (previous && !certificate_is_from_db)
+ {
+ issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (self),
+ G_TLS_CERTIFICATE (previous),
+ interaction,
+ G_TLS_DATABASE_LOOKUP_NONE,
+ cancellable, error);
+ if (*error)
+ {
+ return STATUS_FAILURE;
+ }
+ else if (issuer)
+ {
+ /* Replaced with certificate in the db, restart step again with this certificate */
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
+ g_tls_certificate_gnutls_set_issuer (previous, G_TLS_CERTIFICATE_GNUTLS (issuer));
+ certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
+ certificate_is_from_db = TRUE;
+ continue;
+ }
+ }
+
g_tls_certificate_gnutls_set_issuer (certificate, NULL);
return STATUS_SELFSIGNED;
}
+ previous = certificate;
+
/* Bring over the next certificate in the chain */
issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (certificate));
if (issuer)
{
g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
+ certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
+ certificate_is_from_db = FALSE;
}
/* Search for the next certificate in chain */
@@ -141,13 +175,14 @@ build_certificate_chain (GTlsDatabaseGnutls *self,
return STATUS_FAILURE;
else if (!issuer)
return STATUS_INCOMPLETE;
+
+ /* Found a certificate in chain, use for next step */
g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
g_tls_certificate_gnutls_set_issuer (certificate, G_TLS_CERTIFICATE_GNUTLS (issuer));
+ certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
+ certificate_is_from_db = TRUE;
g_object_unref (issuer);
}
-
- g_assert (issuer);
- certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
}
g_assert_not_reached ();
diff --git a/tls/tests/file-database.c b/tls/tests/file-database.c
index a7ef16e..8c4b812 100644
--- a/tls/tests/file-database.c
+++ b/tls/tests/file-database.c
@@ -19,8 +19,12 @@
* Author: Stef Walter <stefw collabora co uk>
*/
+#include "config.h"
+
#include <gio/gio.h>
+#include "tls/gnutls/gtlscertificate-gnutls.h"
+
#include <sys/types.h>
#include <string.h>
@@ -210,6 +214,105 @@ test_verify_database_bad_combo (TestVerify *test,
g_object_unref (identity);
}
+static GTlsCertificate *
+load_certificate_chain (const char *filename,
+ GError **error)
+{
+ GList *certificates;
+ GTlsCertificate *chain = NULL;
+ GTlsBackend *backend;
+ GBytes *der;
+ GList *l;
+
+ certificates = g_tls_certificate_list_new_from_file (filename, error);
+ if (certificates == NULL)
+ return NULL;
+
+ backend = g_tls_backend_get_default ();
+ certificates = g_list_reverse (certificates);
+ for (l = certificates; l != NULL; l = g_list_next (l))
+ {
+ g_object_get (l->data, "certificate-bytes", &der, NULL);
+ chain = g_object_new (g_tls_backend_get_certificate_type (backend),
+ "certificate-bytes", der,
+ "issuer", chain,
+ NULL);
+ g_bytes_unref (der);
+ }
+
+ g_list_free_full (certificates, g_object_unref);
+ return chain;
+}
+
+static gboolean
+is_certificate_in_chain (GTlsCertificate *chain,
+ GTlsCertificate *cert)
+{
+ while (chain != NULL)
+ {
+ if (g_tls_certificate_is_same (chain, cert))
+ return TRUE;
+ chain = g_tls_certificate_get_issuer (chain);
+ }
+
+ return FALSE;
+}
+
+static void
+test_verify_with_incorrect_root_in_chain (void)
+{
+ GTlsCertificate *ca_verisign_sha1;
+ GTlsDatabase *database;
+ GError *error = NULL;
+ GTlsCertificate *chain;
+ GSocketConnectable *identity;
+ GTlsCertificateFlags errors;
+
+ /*
+ * This database contains a single anchor certificate of:
+ * C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
+ */
+ database = g_tls_file_database_new (TEST_FILE ("ca-verisign-sha1.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_DATABASE (database));
+
+ ca_verisign_sha1 = g_tls_certificate_new_from_file (TEST_FILE ("ca-verisign-sha1.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (ca_verisign_sha1));
+
+ /*
+ * This certificate chain contains a root certificate with that same issuer, public key:
+ * C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
+ *
+ * But it is not the same certificate in our database. However our database should
+ * verify this chain as valid, since the issuer fierds and signatures should chain up
+ * to the certificate in our database.
+ */
+ chain = load_certificate_chain (TEST_FILE ("chain-with-verisign-md2.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (chain));
+
+ g_assert (g_tls_certificate_get_issuer (chain) != NULL);
+ g_assert (g_tls_certificate_get_issuer (g_tls_certificate_get_issuer (chain)) != NULL);
+ g_assert (is_certificate_in_chain (chain, chain));
+ g_assert (!is_certificate_in_chain (chain, ca_verisign_sha1));
+
+
+ identity = g_network_address_new ("secure-test.streamline-esolutions.com", 443);
+
+ errors = g_tls_database_verify_chain (database, chain,
+ G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
+ identity, NULL, 0, NULL, &error);
+ g_assert_no_error (error);
+ errors &= ~G_TLS_CERTIFICATE_EXPIRED; /* so that this test doesn't expire */
+ g_assert_cmpuint (errors, ==, 0);
+
+ g_object_unref (chain);
+ g_object_unref (ca_verisign_sha1);
+ g_object_unref (identity);
+ g_object_unref (database);
+}
+
/* -----------------------------------------------------------------------------
* FILE DATABASE
*/
@@ -426,6 +529,8 @@ main (int argc,
setup_verify, test_verify_database_bad_expired, teardown_verify);
g_test_add ("/tls/database/verify-bad-combo", TestVerify, NULL,
setup_verify, test_verify_database_bad_combo, teardown_verify);
+ g_test_add_func ("/tls/database/verify-with-incorrect-root-in-chain",
+ test_verify_with_incorrect_root_in_chain);
g_test_add_func ("/tls/file-database/anchors-property",
test_anchors_property);
diff --git a/tls/tests/files/ca-verisign-sha1.pem b/tls/tests/files/ca-verisign-sha1.pem
new file mode 100644
index 0000000..7df0e49
--- /dev/null
+++ b/tls/tests/files/ca-verisign-sha1.pem
@@ -0,0 +1,48 @@
+Certificate:
+ Data:
+ Version: 1 (0x0)
+ Serial Number:
+ 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+ Validity
+ Not Before: Jan 29 00:00:00 1996 GMT
+ Not After : Aug 2 23:59:59 2028 GMT
+ Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:c9:5c:59:9e:f2:1b:8a:01:14:b4:10:df:04:40:
+ db:e3:57:af:6a:45:40:8f:84:0c:0b:d1:33:d9:d9:
+ 11:cf:ee:02:58:1f:25:f7:2a:a8:44:05:aa:ec:03:
+ 1f:78:7f:9e:93:b9:9a:00:aa:23:7d:d6:ac:85:a2:
+ 63:45:c7:72:27:cc:f4:4c:c6:75:71:d2:39:ef:4f:
+ 42:f0:75:df:0a:90:c6:8e:20:6f:98:0f:f8:ac:23:
+ 5f:70:29:36:a4:c9:86:e7:b1:9a:20:cb:53:a5:85:
+ e7:3d:be:7d:9a:fe:24:45:33:dc:76:15:ed:0f:a2:
+ 71:64:4c:65:2e:81:68:45:a7
+ Exponent: 65537 (0x10001)
+ Signature Algorithm: sha1WithRSAEncryption
+ 10:72:52:a9:05:14:19:32:08:41:f0:c5:6b:0a:cc:7e:0f:21:
+ 19:cd:e4:67:dc:5f:a9:1b:e6:ca:e8:73:9d:22:d8:98:6e:73:
+ 03:61:91:c5:7c:b0:45:40:6e:44:9d:8d:b0:b1:96:74:61:2d:
+ 0d:a9:45:d2:a4:92:2a:d6:9a:75:97:6e:3f:53:fd:45:99:60:
+ 1d:a8:2b:4c:f9:5e:a7:09:d8:75:30:d7:d2:65:60:3d:67:d6:
+ 48:55:75:69:3f:91:f5:48:0b:47:69:22:69:82:96:be:c9:c8:
+ 38:86:4a:7a:2c:73:19:48:69:4e:6b:7c:65:bf:0f:fc:70:ce:
+ 88:90
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i
+2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ
+2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/chain-with-verisign-md2.pem b/tls/tests/files/chain-with-verisign-md2.pem
new file mode 100644
index 0000000..88cbaf8
--- /dev/null
+++ b/tls/tests/files/chain-with-verisign-md2.pem
@@ -0,0 +1,81 @@
+ 0 s:/C=GB/ST=Lothian/L=Edinburgh/O=The Royal Bank of Scotland Group Plc/OU=Business Standard/CN=secure-test.streamline-esolutions.com
+ i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
+-----BEGIN CERTIFICATE-----
+MIIFhzCCBG+gAwIBAgIQG8SaOaLKoAlziyc01IKx1TANBgkqhkiG9w0BAQUFADCB
+tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
+YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm
+VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTIwNjE1
+MDAwMDAwWhcNMTMwNjE2MjM1OTU5WjCBrjELMAkGA1UEBhMCR0IxEDAOBgNVBAgT
+B0xvdGhpYW4xEjAQBgNVBAcUCUVkaW5idXJnaDEtMCsGA1UEChQkVGhlIFJveWFs
+IEJhbmsgb2YgU2NvdGxhbmQgR3JvdXAgUGxjMRowGAYDVQQLFBFCdXNpbmVzcyBT
+dGFuZGFyZDEuMCwGA1UEAxQlc2VjdXJlLXRlc3Quc3RyZWFtbGluZS1lc29sdXRp
+b25zLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALj7qWBZQgxK
+TngnAIYCrmNWv9OPUeOhHWx/aRUwWNTQI5LnTfFq+IzrruiS296KoaMF89Veg6Li
+kIaR6GJ1LVNb5uWmNGo8zsXmSFeieqtREBfJHlu3G/1VcfpreqSiSi/8G6U/e6mZ
+tEuVUau5kw2cM92mzYPKV4h23aasNxc7UvhFTSr6Y3D1ImuHJcKYLcXhDGB35To5
+BqlIv9M7vURDbiStlOFOHoEe/nZ/86J073Vk0gc9TQUQ6d1yB5vgw5ZIi2kDHQ7b
+4yPYnD9j/RO6s6FimS/mM3m1c8GOLv3jtI0G/z30UIgGT4wXxqR8BY8dYULVO55M
+kn904sjk+GMCAwEAAaOCAZYwggGSMDAGA1UdEQQpMCeCJXNlY3VyZS10ZXN0LnN0
+cmVhbWxpbmUtZXNvbHV0aW9ucy5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMC
+BaAwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NWUlNlY3VyZS1HMy1jcmwudmVy
+aXNpZ24uY29tL1NWUlNlY3VyZUczLmNybDBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB
+BxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw
+HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFA1EXBZT
+RMGCfh0gqyX0AWPYvnmlMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0
+cDovL29jc3AudmVyaXNpZ24uY29tMEAGCCsGAQUFBzAChjRodHRwOi8vU1ZSU2Vj
+dXJlLUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY2VyMA0GCSqGSIb3
+DQEBBQUAA4IBAQCvnbqk/8I12vNKIU0lMQ3+1Q67cS+Tith067RjwRt29D1TYxGc
+MV8GIDIXOjFc0BVrdXLniMuMP3ZfI7W2L7Gy8AfKNMseZ9r2tuF3fIHjXf9RChUA
+lUZe3eGuwhh3H64xGA+RbbEoTM8AMgvk9wu9P9I2qHmqFZOBoYwL8UY3SYO5Rzl1
+ggCAgj02evm6zWCmRLvZHJSDO7oWRw9Ke85VgJULRsn7jvGyFmc3W1uvuLOILj5P
+JhSKbb6eWVcWSqEKE+X1lLkUMd+8aBRjwkWHi5WVZX9NDscqBdl2DtYdmiVeFIqN
+9nGMGwm846SvURK6c5ySrExIkPnxVCOYXhGz
+-----END CERTIFICATE-----
+ 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
+ i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIIEpTCCBA6gAwIBAgIQfnbFd1jfGsI+zDL79hUa1TANBgkqhkiG9w0BAQUFADBf
+MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
+LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
+HhcNMTAwOTMwMDAwMDAwWhcNMTQwMTAxMjM1OTU5WjCBtTELMAkGA1UEBhMCVVMx
+FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz
+dCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cu
+dmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xhc3Mg
+MyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rCrFbG5btljkRPTc5v7QlK
+1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8f0MmV1gzgzszChew
+0E6RJK2GfWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDKtpo9yus3nABINYYp
+UHjoRWPNGUFP9ZXse5jUxHGzUL4os4+guVOc9cosI6n9FAboGLSa6Dxugf3kzTU2
+s1HTaewSulZub5tXxYsU5w7HnO1KVGrJTcW/EbGuHGeBy0RVM5l/JJs/U0V/hhrz
+PPptf4H1uErT9YU3HLWm0AnkGHs4TvoPAgMBAAGjggGFMIIBgTASBgNVHRMBAf8E
+CDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4RQEHFwMwVjAoBggrBgEFBQcC
+ARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAqBggrBgEFBQcCAjAeGhxo
+dHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMA4GA1UdDwEB/wQEAwIBBjBtBggr
+BgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP
+5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20v
+dnNsb2dvLmdpZjAoBgNVHREEITAfpB0wGzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJ
+LTItNjAdBgNVHQ4EFgQUDURcFlNEwYJ+HSCrJfQBY9i+eaUwMQYDVR0fBCowKDAm
+oCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDQYJKoZIhvcN
+AQEFBQADgYEALCbJk3A/lLYWx3aEmMiqkWjX3h00sBOmGUDc4wqwGR4aZdQ9ih8g
+KYjzFNWfxAaVZB5dDyc6ojY4wh8OsP4GWDYZfeeaHWBoczew8mukbaVpqrE97dTQ
+hRRcY4t+sIjMaXfRJi2w8dTeYSEMce6e3XVhijp5eJm8RlWXZJE9J0M=
+-----END CERTIFICATE-----
+# Note: this next certificate has:
+# Signature Algorithm: md2WithRSAEncryption
+ 2 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+ i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+-----END CERTIFICATE-----
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
