commit d1f72b1edf536205fd0e3af3daa2a65a627df716 Author: bol-van Date: Sun Dec 14 18:52:10 2025 +0300 bundle diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..a23dc7c --- /dev/null +++ b/.gitattributes @@ -0,0 +1,4 @@ +* text=auto eol=lf +readme.md eol=crlf +*.cmd eol=crlf +*.bat eol=crlf diff --git a/.github/lockdown.yml b/.github/lockdown.yml new file mode 100644 index 0000000..b9a7134 --- /dev/null +++ b/.github/lockdown.yml @@ -0,0 +1,2 @@ +# Lock issues and pull requests +lock: true diff --git a/arm64/WinDivert64.sys b/arm64/WinDivert64.sys new file mode 100644 index 0000000..20fd7a1 Binary files /dev/null and b/arm64/WinDivert64.sys differ diff --git a/arm64/install_arm64.cmd b/arm64/install_arm64.cmd new file mode 100644 index 0000000..fb43b8e --- /dev/null +++ b/arm64/install_arm64.cmd @@ -0,0 +1,44 @@ +@echo off + +cd /d "%~dp0" +setlocal enabledelayedexpansion + +if [%1] == [install] goto :install + +if %PROCESSOR_ARCHITECTURE%==ARM64 ( + FOR /F "tokens=3 skip=2 USEBACKQ" %%B IN (`reg QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CurrentBuild`) do set BUILD=!BUILD!%%B + if defined BUILD ( + goto :build + ) else ( + echo could not get OS build number + ) +) else ( + echo this works only on ARM64 +) +goto :ex + +:build +echo OS build number %BUILD% +if !BUILD! GEQ 22000 ( + "%~dp0..\tools\elevator" "%~dpf0" install + goto :eof +) else ( + echo only windows 11 or higher is supported +) +goto :ex + +:install +echo stopping windivert driver +net stop windivert 2>nul +echo setting testsigning on +bcdedit /set {current} testsigning on +echo replacing WinDivert64.sys with unsigned ARM64 version +copy WinDivert64.sys ..\zapret-winws +copy WinDivert64.sys ..\blockcheck\zapret\nfq +echo copying ip2net and mdig +copy ip2net.exe ..\blockcheck\zapret\ip2net +copy mdig.exe ..\blockcheck\zapret\mdig +echo DONE. now reboot if testsigning was not enabled earlier. + +:ex +pause diff --git a/arm64/ip2net.exe b/arm64/ip2net.exe new file mode 100644 index 0000000..9f35516 Binary files /dev/null and b/arm64/ip2net.exe differ diff --git a/arm64/mdig.exe b/arm64/mdig.exe new file mode 100644 index 0000000..a8e4629 Binary files /dev/null and b/arm64/mdig.exe differ diff --git a/blockcheck/blockcheck-kyber.cmd b/blockcheck/blockcheck-kyber.cmd new file mode 100644 index 0000000..0705b9e --- /dev/null +++ b/blockcheck/blockcheck-kyber.cmd @@ -0,0 +1,8 @@ +@echo off + +cd /d "%~dp0" +FOR /F "tokens=* USEBACKQ" %%F IN (`..\cygwin\bin\cygpath -C OEM -a -m zapret\blog_kyber.sh`) DO ( +SET P='%%F' +) + +"%~dp0..\tools\elevator" ..\cygwin\bin\bash -i "%P%" diff --git a/blockcheck/blockcheck.cmd b/blockcheck/blockcheck.cmd new file mode 100644 index 0000000..44c26dd --- /dev/null +++ b/blockcheck/blockcheck.cmd @@ -0,0 +1,8 @@ +@echo off + +cd /d "%~dp0" +FOR /F "tokens=* USEBACKQ" %%F IN (`..\cygwin\bin\cygpath -C OEM -a -m zapret\blog.sh`) DO ( +SET P='%%F' +) + +"%~dp0..\tools\elevator" ..\cygwin\bin\bash -i "%P%" diff --git a/blockcheck/blockcheck2-kyber.cmd b/blockcheck/blockcheck2-kyber.cmd new file mode 100644 index 0000000..9448d74 --- /dev/null +++ b/blockcheck/blockcheck2-kyber.cmd @@ -0,0 +1,8 @@ +@echo off + +cd /d "%~dp0" +FOR /F "tokens=* USEBACKQ" %%F IN (`..\cygwin\bin\cygpath -C OEM -a -m zapret2\blog_kyber.sh`) DO ( +SET P='%%F' +) + +"%~dp0..\tools\elevator" ..\cygwin\bin\bash -i "%P%" diff --git a/blockcheck/blockcheck2.cmd b/blockcheck/blockcheck2.cmd new file mode 100644 index 0000000..96aaf4e --- /dev/null +++ b/blockcheck/blockcheck2.cmd @@ -0,0 +1,8 @@ +@echo off + +cd /d "%~dp0" +FOR /F "tokens=* USEBACKQ" %%F IN (`..\cygwin\bin\cygpath -C OEM -a -m zapret2\blog.sh`) DO ( +SET P='%%F' +) + +"%~dp0..\tools\elevator" ..\cygwin\bin\bash -i "%P%" diff --git a/blockcheck/zapret/blockcheck.sh b/blockcheck/zapret/blockcheck.sh new file mode 100644 index 0000000..bf93742 --- /dev/null +++ b/blockcheck/zapret/blockcheck.sh @@ -0,0 +1,2343 @@ +#!/bin/sh + +EXEDIR="$(dirname "$0")" +EXEDIR="$(cd "$EXEDIR"; pwd)" +ZAPRET_BASE=${ZAPRET_BASE:-"$EXEDIR"} +ZAPRET_RW=${ZAPRET_RW:-"$ZAPRET_BASE"} +ZAPRET_CONFIG=${ZAPRET_CONFIG:-"$ZAPRET_RW/config"} +ZAPRET_CONFIG_DEFAULT="$ZAPRET_BASE/config.default" + +CURL=${CURL:-curl} + +[ -f "$ZAPRET_CONFIG" ] || { + [ -f "$ZAPRET_CONFIG_DEFAULT" ] && { + ZAPRET_CONFIG_DIR="$(dirname "$ZAPRET_CONFIG")" + [ -d "$ZAPRET_CONFIG_DIR" ] || mkdir -p "$ZAPRET_CONFIG_DIR" + cp "$ZAPRET_CONFIG_DEFAULT" "$ZAPRET_CONFIG" + } +} +[ -f "$ZAPRET_CONFIG" ] && . "$ZAPRET_CONFIG" +. "$ZAPRET_BASE/common/base.sh" +. "$ZAPRET_BASE/common/dialog.sh" +. "$ZAPRET_BASE/common/elevate.sh" +. "$ZAPRET_BASE/common/fwtype.sh" +. "$ZAPRET_BASE/common/virt.sh" + +DOMAINS_DEFAULT=${DOMAINS_DEFAULT:-rutracker.org} +QNUM=${QNUM:-59780} +SOCKS_PORT=${SOCKS_PORT:-1993} +TPWS_UID=${TPWS_UID:-1} +TPWS_GID=${TPWS_GID:-3003} +NFQWS=${NFQWS:-${ZAPRET_BASE}/nfq/nfqws} +DVTWS=${DVTWS:-${ZAPRET_BASE}/nfq/dvtws} +WINWS=${WINWS:-${ZAPRET_BASE}/nfq/winws} +TPWS=${TPWS:-${ZAPRET_BASE}/tpws/tpws} +MDIG=${MDIG:-${ZAPRET_BASE}/mdig/mdig} +DESYNC_MARK=0x10000000 +IPFW_RULE_NUM=${IPFW_RULE_NUM:-1} +IPFW_DIVERT_PORT=${IPFW_DIVERT_PORT:-59780} +CURL_MAX_TIME=${CURL_MAX_TIME:-2} +CURL_MAX_TIME_QUIC=${CURL_MAX_TIME_QUIC:-$CURL_MAX_TIME} +CURL_MAX_TIME_DOH=${CURL_MAX_TIME_DOH:-2} +MIN_TTL=${MIN_TTL:-1} +MAX_TTL=${MAX_TTL:-12} +MIN_AUTOTTL_DELTA=${MIN_AUTOTTL_DELTA:-1} +MAX_AUTOTTL_DELTA=${MAX_AUTOTTL_DELTA:-5} +USER_AGENT=${USER_AGENT:-Mozilla} +HTTP_PORT=${HTTP_PORT:-80} +HTTPS_PORT=${HTTPS_PORT:-443} +QUIC_PORT=${QUIC_PORT:-443} +UNBLOCKED_DOM=${UNBLOCKED_DOM:-iana.org} +PARALLEL_OUT=/tmp/zapret_parallel +SIM_SUCCESS_RATE=${SIM_SUCCESS_RATE:-10} + +HDRTEMP=/tmp/zapret-hdr + +NFT_TABLE=blockcheck + +DNSCHECK_DNS=${DNSCHECK_DNS:-8.8.8.8 1.1.1.1 77.88.8.1} +DNSCHECK_DOM=${DNSCHECK_DOM:-pornhub.com ej.ru rutracker.org www.torproject.org bbc.com} +DOH_SERVERS=${DOH_SERVERS:-"https://cloudflare-dns.com/dns-query https://dns.google/dns-query https://dns.quad9.net/dns-query https://dns.adguard.com/dns-query https://common.dot.dns.yandex.net/dns-query"} +DNSCHECK_DIG1=/tmp/dig1.txt +DNSCHECK_DIG2=/tmp/dig2.txt +DNSCHECK_DIGS=/tmp/digs.txt + +IPSET_FILE=/tmp/blockcheck_ipset.txt + +unset PF_STATUS +PF_RULES_SAVE=/tmp/pf-zapret-save.conf + +unset ALL_PROXY + +killwait() +{ + # $1 - signal (-9, -2, ...) + # $2 - pid + kill $1 $2 + # suppress job kill message + wait $2 2>/dev/null +} + +exitp() +{ + local A + + [ "$BATCH" = 1 ] || { + echo + echo press enter to continue + read A + } + exit $1 +} + +pf_is_avail() +{ + [ -c /dev/pf ] +} +pf_status() +{ + pfctl -qsi | sed -nre "s/^Status: ([^ ]+).*$/\1/p" +} +pf_is_enabled() +{ + [ "$(pf_status)" = Enabled ] +} +pf_save() +{ + PF_STATUS=0 + pf_is_enabled && PF_STATUS=1 + [ "$UNAME" = "OpenBSD" ] && pfctl -sr >"$PF_RULES_SAVE" +} +pf_restore() +{ + [ -n "$PF_STATUS" ] || return + case "$UNAME" in + OpenBSD) + if [ -f "$PF_RULES_SAVE" ]; then + pfctl -qf "$PF_RULES_SAVE" + else + echo | pfctl -qf - + fi + ;; + Darwin) + # it's not possible to save all rules in the right order. hard to reorder. if not ordered pf will refuse to load conf. + pfctl -qf /etc/pf.conf + ;; + esac + if [ "$PF_STATUS" = 1 ]; then + pfctl -qe + else + pfctl -qd + fi +} +pf_clean() +{ + rm -f "$PF_RULES_SAVE" +} +opf_dvtws_anchor() +{ + # $1 - tcp/udp + # $2 - port + # $3 - ip list + local iplist family=inet + [ "$IPV" = 6 ] && family=inet6 + make_comma_list iplist "$3" + echo "set reassemble no" + [ "$1" = tcp ] && echo "pass in quick $family proto $1 from {$iplist} port $2 flags SA/SA divert-packet port $IPFW_DIVERT_PORT no state" + echo "pass in quick $family proto $1 from {$iplist} port $2 no state" + echo "pass out quick $family proto $1 to {$iplist} port $2 divert-packet port $IPFW_DIVERT_PORT no state" + echo "pass" +} +opf_prepare_dvtws() +{ + # $1 - tcp/udp + # $2 - port + # $3 - ip list + opf_dvtws_anchor $1 $2 "$3" | pfctl -qf - + pfctl -qe +} + +cleanup() +{ + case "$UNAME" in + OpenBSD) + pf_clean + ;; + esac +} + +IPT() +{ + $IPTABLES -C "$@" >/dev/null 2>/dev/null || $IPTABLES -I "$@" +} +IPT_DEL() +{ + $IPTABLES -C "$@" >/dev/null 2>/dev/null && $IPTABLES -D "$@" +} +IPT_ADD_DEL() +{ + on_off_function IPT IPT_DEL "$@" +} +IPFW_ADD() +{ + ipfw -qf add $IPFW_RULE_NUM "$@" +} +IPFW_DEL() +{ + ipfw -qf delete $IPFW_RULE_NUM 2>/dev/null +} +ipt6_has_raw() +{ + ip6tables -nL -t raw >/dev/null 2>/dev/null +} +ipt6_has_frag() +{ + ip6tables -A OUTPUT -m frag 2>/dev/null || return 1 + ip6tables -D OUTPUT -m frag 2>/dev/null +} +ipt_has_nfq() +{ + # cannot just check /proc/net/ip_tables_targets because of iptables-nft or modules not loaded yet + iptables -A OUTPUT -t mangle -p 255 -j NFQUEUE --queue-num $QNUM --queue-bypass 2>/dev/null || return 1 + iptables -D OUTPUT -t mangle -p 255 -j NFQUEUE --queue-num $QNUM --queue-bypass 2>/dev/null + return 0 +} +nft_has_nfq() +{ + local res=1 + nft delete table ${NFT_TABLE}_test 2>/dev/null + nft add table ${NFT_TABLE}_test 2>/dev/null && { + nft add chain ${NFT_TABLE}_test test + nft add rule ${NFT_TABLE}_test test queue num $QNUM bypass 2>/dev/null && res=0 + nft delete table ${NFT_TABLE}_test + } + return $res +} + +doh_resolve() +{ + # $1 - ip version 4/6 + # $2 - hostname + # $3 - doh server URL. use $DOH_SERVER if empty + "$MDIG" --family=$1 --dns-make-query=$2 | "$CURL" --max-time $CURL_MAX_TIME_DOH -s --data-binary @- -H "Content-Type: application/dns-message" "${3:-$DOH_SERVER}" | "$MDIG" --dns-parse-query +} +doh_find_working() +{ + local doh + + [ -n "$DOH_SERVER" ] && return 0 + echo "* searching working DoH server" + DOH_SERVER= + for doh in $DOH_SERVERS; do + echo -n "$doh : " + if doh_resolve 4 iana.org $doh >/dev/null 2>/dev/null; then + echo OK + DOH_SERVER="$doh" + return 0 + else + echo FAIL + fi + done + echo all DoH servers failed + return 1 +} + +mdig_vars() +{ + # $1 - ip version 4/6 + # $2 - hostname + + hostvar=$(echo $2 | sed -e 's/[\./?&#@%*$^:~=!()+-]/_/g') + cachevar=DNSCACHE_${hostvar}_$1 + countvar=${cachevar}_COUNT + eval count=\$${countvar} +} +mdig_cache() +{ + # $1 - ip version 4/6 + # $2 - hostname + local hostvar cachevar countvar count ip ips + mdig_vars "$@" + [ -n "$count" ] || { + # windows version of mdig outputs 0D0A line ending. remove 0D. + if [ "$SECURE_DNS" = 1 ]; then + ips="$(echo $2 | doh_resolve $1 $2 | tr -d '\r' | xargs)" + else + ips="$(echo $2 | "$MDIG" --family=$1 | tr -d '\r' | xargs)" + fi + [ -n "$ips" ] || return 1 + count=0 + for ip in $ips; do + eval ${cachevar}_$count=$ip + count=$(($count+1)) + done + eval $countvar=$count + } + return 0 +} +mdig_resolve() +{ + # $1 - ip version 4/6 + # $2 - var to receive result + # $3 - hostname, possibly with uri : rutracker.org/xxx/xxxx + local hostvar cachevar countvar count n sdom + + split_by_separator "$3" / sdom + mdig_vars "$1" "$sdom" + if [ -n "$count" ]; then + n=$(random 0 $(($count-1))) + eval $2=\$${cachevar}_$n + return 0 + else + mdig_cache "$1" "$sdom" && mdig_resolve "$1" "$2" "$sdom" + fi +} +mdig_resolve_all() +{ + # $1 - ip version 4/6 + # $2 - var to receive result + # $3 - hostname + + local hostvar cachevar countvar count ip__ ips__ n sdom + + split_by_separator "$3" / sdom + mdig_vars "$1" "$sdom" + if [ -n "$count" ]; then + n=0 + while [ "$n" -le $count ]; do + eval ip__=\$${cachevar}_$n + if [ -n "$ips__" ]; then + ips__="$ips__ $ip__" + else + ips__="$ip__" + fi + n=$(($n + 1)) + done + eval $2="\$ips__" + return 0 + else + mdig_cache "$1" "$sdom" && mdig_resolve_all "$1" "$2" "$sdom" + fi +} + +netcat_setup() +{ + [ -n "$NCAT" ] || { + if exists ncat; then + NCAT=ncat + elif exists nc; then + # busybox netcat does not support any required options + is_linked_to_busybox nc && return 1 + NCAT=nc + else + return 1 + fi + } + return 0 + +} +netcat_test() +{ + # $1 - ip + # $2 - port + local cmd + netcat_setup && { + cmd="$NCAT -z -w 2 $1 $2" + echo $cmd + $cmd 2>&1 + } +} + +tpws_can_fix_seg() +{ + # fix-seg requires kernel 4.6+ + "$TPWS" --port 1 --dry-run --fix-seg >/dev/null 2>/dev/null +} + +check_system() +{ + echo \* checking system + + UNAME=$(uname) + SUBSYS= + FIX_SEG= + local s + + # can be passed FWTYPE=iptables to override default nftables preference + case "$UNAME" in + Linux) + PKTWS="$NFQWS" + PKTWSD=nfqws + if [ -x "$TPWS" ] ; then + if tpws_can_fix_seg ; then + echo tpws supports --fix-seg on this system + FIX_SEG='--fix-seg' + else + echo tpws does not support --fix-seg on this system + fi + fi + linux_fwtype + [ "$FWTYPE" = iptables -o "$FWTYPE" = nftables ] || { + echo firewall type $FWTYPE not supported in $UNAME + exitp 5 + } + ;; + FreeBSD) + PKTWS="$DVTWS" + PKTWSD=dvtws + FWTYPE=ipfw + [ -f /etc/platform ] && read SUBSYS /dev/null + ;; + *) + echo $UNAME not supported + exitp 5 + esac + echo $UNAME${SUBSYS:+/$SUBSYS} detected + echo -n 'kernel: ' + if [ -f "/proc/version" ]; then + cat /proc/version + else + uname -a + fi + [ -f /etc/os-release ] && { + . /etc/os-release + [ -n "$PRETTY_NAME" ] && echo "distro: $PRETTY_NAME" + [ -n "$OPENWRT_RELEASE" ] && echo "openwrt release: $OPENWRT_RELEASE" + [ -n "$OPENWRT_BOARD" ] && echo "openwrt board: $OPENWRT_BOARD" + [ -n "$OPENWRT_ARCH" ] && echo "openwrt arch: $OPENWRT_ARCH" + } + echo firewall type is $FWTYPE + echo CURL=$CURL + "$CURL" --version +} + +zp_already_running() +{ + case "$UNAME" in + CYGWIN) + win_process_exists $PKTWSD || win_process_exists goodbyedpi + ;; + *) + process_exists $PKTWSD || process_exists tpws + esac +} +check_already() +{ + echo \* checking already running DPI bypass processes + if zp_already_running; then + echo "!!! WARNING. some dpi bypass processes already running !!!" + echo "!!! WARNING. blockcheck requires all DPI bypass methods disabled !!!" + echo "!!! WARNING. pls stop all dpi bypass instances that may interfere with blockcheck !!!" + fi +} + +freebsd_module_loaded() +{ + # $1 - module name + kldstat -qm "${1}" +} +freebsd_modules_loaded() +{ + # $1,$2,$3, ... - module names + while [ -n "$1" ]; do + freebsd_module_loaded $1 || return 1 + shift + done + return 0 +} + +check_prerequisites() +{ + echo \* checking prerequisites + + [ "$SKIP_PKTWS" = 1 -o "$UNAME" = Darwin -o -x "$PKTWS" ] && [ "$SKIP_TPWS" = 1 -o "$UNAME" = CYGWIN -o -x "$TPWS" ] && [ -x "$MDIG" ] || { + local target + case $UNAME in + Darwin) + target="mac" + ;; + OpenBSD) + target="bsd" + ;; + esac + echo $PKTWS or $TPWS or $MDIG is not available. run \"$ZAPRET_BASE/install_bin.sh\" or \`make -C \"$ZAPRET_BASE\" $target\` + exitp 6 + } + + local prog progs="$CURL" + [ "$SKIP_PKTWS" = 1 ] || { + case "$UNAME" in + Linux) + case "$FWTYPE" in + iptables) + ipt_has_nfq || { + echo NFQUEUE iptables or ip6tables target is missing. pls install modules. + exitp 6 + } + progs="$progs iptables ip6tables" + ;; + nftables) + nft_has_nfq || { + echo nftables queue support is not available. pls install modules. + exitp 6 + } + progs="$progs nft" + ;; + esac + ;; + FreeBSD) + freebsd_modules_loaded ipfw ipdivert || { + echo ipfw or ipdivert kernel module not loaded + exitp 6 + } + [ "$(sysctl -qn net.inet.ip.fw.enable)" = 0 -o "$(sysctl -qn net.inet6.ip6.fw.enable)" = 0 ] && { + echo ipfw is disabled. use : ipfw enable firewall + exitp 6 + } + pf_is_avail && { + pf_save + [ "$SUBSYS" = "pfSense" ] && { + # pfsense's ipfw may not work without these workarounds + sysctl net.inet.ip.pfil.outbound=ipfw,pf 2>/dev/null + sysctl net.inet.ip.pfil.inbound=ipfw,pf 2>/dev/null + sysctl net.inet6.ip6.pfil.outbound=ipfw,pf 2>/dev/null + sysctl net.inet6.ip6.pfil.inbound=ipfw,pf 2>/dev/null + pfctl -qd + pfctl -qe + pf_restore + } + } + progs="$progs ipfw" + ;; + OpenBSD|Darwin) + pf_is_avail || { + echo pf is not available + exitp 6 + } + pf_save + progs="$progs pfctl" + ;; + esac + } + + case "$UNAME" in + CYGWIN) + SKIP_TPWS=1 + ;; + esac + + for prog in $progs; do + exists $prog || { + echo $prog does not exist. please install + exitp 6 + } + done + + if exists nslookup; then + LOOKUP=nslookup + elif exists host; then + LOOKUP=host + else + echo nslookup or host does not exist. please install + exitp 6 + fi +} + + +curl_translate_code() +{ + # $1 - code + printf $1 + case $1 in + 0) printf ": ok" + ;; + 1) printf ": unsupported protocol" + ;; + 2) printf ": early initialization code failed" + ;; + 3) printf ": the URL was not properly formatted" + ;; + 4) printf ": feature not supported by libcurl" + ;; + 5) printf ": could not resolve proxy" + ;; + 6) printf ": could not resolve host" + ;; + 7) printf ": could not connect" + ;; + 8) printf ": invalid server reply" + ;; + 9) printf ": remote access denied" + ;; + 27) printf ": out of memory" + ;; + 28) printf ": operation timed out" + ;; + 35) printf ": SSL connect error" + ;; + esac +} +curl_supports_tls13() +{ + local r + "$CURL" --tlsv1.3 -Is -o /dev/null --max-time 1 http://127.0.0.1:65535 2>/dev/null + # return code 2 = init failed. likely bad command line options + [ $? = 2 ] && return 1 + # curl can have tlsv1.3 key present but ssl library without TLS 1.3 support + # this is online test because there's no other way to trigger library incompatibility case + "$CURL" --tlsv1.3 --max-time 1 -Is -o /dev/null https://iana.org 2>/dev/null + r=$? + [ $r != 4 -a $r != 35 ] +} + +curl_supports_tlsmax() +{ + # supported only in OpenSSL and LibreSSL + "$CURL" --version | grep -Fq -e OpenSSL -e LibreSSL -e BoringSSL -e GnuTLS -e quictls || return 1 + # supported since curl 7.54 + "$CURL" --tls-max 1.2 -Is -o /dev/null --max-time 1 http://127.0.0.1:65535 2>/dev/null + # return code 2 = init failed. likely bad command line options + [ $? != 2 ] +} + +curl_supports_connect_to() +{ + "$CURL" --connect-to 127.0.0.1:: -o /dev/null --max-time 1 http://127.0.0.1:65535 2>/dev/null + [ "$?" != 2 ] +} + +curl_supports_http3() +{ + # if it has http3 : curl: (3) HTTP/3 requested for non-HTTPS URL + # otherwise : curl: (2) option --http3-only: is unknown + "$CURL" --connect-to 127.0.0.1:: -o /dev/null --max-time 1 --http3-only http://127.0.0.1:65535 2>/dev/null + [ "$?" != 2 ] +} + +hdrfile_http_code() +{ + # $1 - hdr file + sed -nre '1,1 s/^HTTP\/1\.[0,1] ([0-9]+) .*$/\1/p' "$1" +} +hdrfile_location() +{ + # $1 - hdr file + + # some DPIs return CRLF line ending + tr -d '\015' <"$1" | sed -nre 's/^[Ll][Oo][Cc][Aa][Tt][Ii][Oo][Nn]:[ ]*([^ ]*)[ ]*$/\1/p' +} + +curl_with_subst_ip() +{ + # $1 - domain + # $2 - port + # $3 - ip + # $4+ - curl params + local ip="$3" + case "$ip" in + *:*) ip="[$ip]" ;; + esac + local connect_to="--connect-to $1::$ip${2:+:$2}" arg + shift ; shift ; shift; + [ "$CURL_VERBOSE" = 1 ] && arg="-v" + [ "$CURL_CMD" = 1 ] && echo $CURL ${arg:+$arg }$connect_to "$@" + ALL_PROXY="$ALL_PROXY" "$CURL" ${arg:+$arg }$connect_to "$@" +} +curl_with_dig() +{ + # $1 - ip version : 4/6 + # $2 - domain name + # $3 - port + # $4+ - curl params + local dom=$2 port=$3 + local sdom suri ip + + split_by_separator "$dom" / sdom suri + mdig_resolve $1 ip $sdom + shift ; shift ; shift + if [ -n "$ip" ]; then + curl_with_subst_ip "$sdom" "$port" "$ip" "$@" + else + return 6 + fi +} +curl_probe() +{ + # $1 - ip version : 4/6 + # $2 - domain name + # $3 - port + # $4 - subst ip + # $5+ - curl params + local ipv=$1 dom=$2 port=$3 subst=$4 + shift; shift; shift; shift + if [ -n "$subst" ]; then + curl_with_subst_ip $dom $port $subst "$@" + else + curl_with_dig $ipv $dom $port "$@" + fi +} +curl_test_http() +{ + # $1 - ip version : 4/6 + # $2 - domain name + # $3 - subst ip + # $4 - "detail" - detail info + + local code loc hdrt="${HDRTEMP}_${!:-$$}.txt" + curl_probe $1 $2 $HTTP_PORT "$3" -SsD "$hdrt" -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT "http://$2" -o /dev/null 2>&1 || { + code=$? + rm -f "$hdrt" + return $code + } + if [ "$4" = "detail" ] ; then + head -n 1 "$hdrt" + grep "^[lL]ocation:" "$hdrt" + else + code=$(hdrfile_http_code "$hdrt") + [ "$code" = 301 -o "$code" = 302 -o "$code" = 307 -o "$code" = 308 ] && { + loc=$(hdrfile_location "$hdrt") + echo "$loc" | grep -qE "^https?://.*$2(/|$)" || + echo "$loc" | grep -vqE '^https?://' || { + echo suspicious redirection $code to : $loc + rm -f "$hdrt" + return 254 + } + } + fi + rm -f "$hdrt" + [ "$code" = 400 ] && { + # this can often happen if the server receives fake packets it should not receive + echo http code $code. likely the server receives fakes. + return 254 + } + return 0 +} +curl_test_https_tls12() +{ + # $1 - ip version : 4/6 + # $2 - domain name + # $3 - subst ip + + # do not use tls 1.3 to make sure server certificate is not encrypted + curl_probe $1 $2 $HTTPS_PORT "$3" $HTTPS_HEAD -Ss -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT --tlsv1.2 $TLSMAX12 "https://$2" -o /dev/null 2>&1 +} +curl_test_https_tls13() +{ + # $1 - ip version : 4/6 + # $2 - domain name + # $3 - subst ip + + # force TLS1.3 mode + curl_probe $1 $2 $HTTPS_PORT "$3" $HTTPS_HEAD -Ss -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT --tlsv1.3 $TLSMAX13 "https://$2" -o /dev/null 2>&1 +} + +curl_test_http3() +{ + # $1 - ip version : 4/6 + # $2 - domain name + + # force QUIC only mode without tcp + curl_with_dig $1 $2 $QUIC_PORT $HTTPS_HEAD -Ss -A "$USER_AGENT" --max-time $CURL_MAX_TIME_QUIC --http3-only $CURL_OPT "https://$2" -o /dev/null 2>&1 +} + +ipt_aux_scheme() +{ + # $1 - 1 - add , 0 - del + # $2 - tcp/udp + # $3 - port + + # to avoid possible INVALID state drop + [ "$2" = tcp ] && IPT_ADD_DEL $1 INPUT -p $2 --sport $3 ! --syn -j ACCEPT + + local icmp_filter="-p icmp -m icmp --icmp-type" + [ "$IPV" = 6 ] && icmp_filter="-p icmpv6 -m icmp6 --icmpv6-type" + IPT_ADD_DEL $1 INPUT $icmp_filter time-exceeded -m connmark --mark $DESYNC_MARK/$DESYNC_MARK -j DROP + + # for strategies with incoming packets involved (autottl) + IPT_ADD_DEL $1 OUTPUT -p $2 --dport $3 -m conntrack --ctstate INVALID -j ACCEPT + if [ "$IPV" = 6 -a -n "$IP6_DEFRAG_DISABLE" ]; then + # the only way to reliable disable ipv6 defrag. works only in 4.16+ kernels + IPT_ADD_DEL $1 OUTPUT -t raw -p $2 -m frag -j CT --notrack + elif [ "$IPV" = 4 ]; then + # enable fragments + IPT_ADD_DEL $1 OUTPUT -f -j ACCEPT + fi + # enable everything generated by nfqws (works only in OUTPUT, not in FORWARD) + # raw table may not be present + IPT_ADD_DEL $1 OUTPUT -t raw -m mark --mark $DESYNC_MARK/$DESYNC_MARK -j CT --notrack +} +ipt_scheme() +{ + # $1 - tcp/udp + # $2 - port + # $3 - ip list + + local ip + + $IPTABLES -t mangle -N blockcheck_output 2>/dev/null + $IPTABLES -t mangle -F blockcheck_output + IPT OUTPUT -t mangle -j blockcheck_output + + # prevent loop + $IPTABLES -t mangle -A blockcheck_output -m mark --mark $DESYNC_MARK/$DESYNC_MARK -j RETURN + $IPTABLES -t mangle -A blockcheck_output ! -p $1 -j RETURN + $IPTABLES -t mangle -A blockcheck_output -p $1 ! --dport $2 -j RETURN + + for ip in $3; do + $IPTABLES -t mangle -A blockcheck_output -d $ip -j CONNMARK --or-mark $DESYNC_MARK + $IPTABLES -t mangle -A blockcheck_output -d $ip -j NFQUEUE --queue-num $QNUM + done + + ipt_aux_scheme 1 $1 $2 +} +nft_scheme() +{ + # $1 - tcp/udp + # $2 - port + # $3 - ip list + + local iplist ipver=$IPV + [ "$IPV" = 6 ] || ipver= + make_comma_list iplist $3 + + nft add table inet $NFT_TABLE + nft "add chain inet $NFT_TABLE postnat { type filter hook postrouting priority 102; }" + nft "add rule inet $NFT_TABLE postnat meta nfproto ipv${IPV} $1 dport $2 mark and $DESYNC_MARK == 0 ip${ipver} daddr {$iplist} ct mark set ct mark or $DESYNC_MARK queue num $QNUM" + # for strategies with incoming packets involved (autottl) + nft "add chain inet $NFT_TABLE prenat { type filter hook prerouting priority -102; }" + # enable everything generated by nfqws (works only in OUTPUT, not in FORWARD) + nft "add chain inet $NFT_TABLE predefrag { type filter hook output priority -402; }" + nft "add rule inet $NFT_TABLE predefrag meta nfproto ipv${IPV} mark and $DESYNC_MARK !=0 notrack" + [ "$IPV" = 4 ] && { + nft "add rule inet $NFT_TABLE prenat icmp type time-exceeded ct mark and $DESYNC_MARK != 0 drop" + nft "add rule inet $NFT_TABLE prenat icmp type time-exceeded ct state invalid drop" + } + [ "$IPV" = 6 ] && { + nft "add rule inet $NFT_TABLE prenat icmpv6 type time-exceeded ct mark and $DESYNC_MARK != 0 drop" + nft "add rule inet $NFT_TABLE prenat icmpv6 type time-exceeded ct state invalid drop" + } +} + +pktws_ipt_prepare() +{ + # $1 - tcp/udp + # $2 - port + # $3 - ip list + + local ip + + case "$FWTYPE" in + iptables) + ipt_scheme $1 $2 "$3" + ;; + nftables) + nft_scheme $1 $2 "$3" + ;; + ipfw) + # disable PF to avoid interferences + pf_is_avail && pfctl -qd + for ip in $3; do + IPFW_ADD divert $IPFW_DIVERT_PORT $1 from me to $ip $2 proto ip${IPV} out not diverted + done + ;; + opf) + opf_prepare_dvtws $1 $2 "$3" + ;; + windivert) + WF="--wf-l3=ipv${IPV} --wf-${1}=$2" + rm -f "$IPSET_FILE" + for ip in $3; do + echo $ip >>"$IPSET_FILE" + done + ;; + + esac +} +pktws_ipt_unprepare() +{ + # $1 - tcp/udp + # $2 - port + + case "$FWTYPE" in + iptables) + ipt_aux_scheme 0 $1 $2 + IPT_DEL OUTPUT -t mangle -j blockcheck_output + $IPTABLES -t mangle -F blockcheck_output 2>/dev/null + $IPTABLES -t mangle -X blockcheck_output 2>/dev/null + ;; + nftables) + nft delete table inet $NFT_TABLE 2>/dev/null + ;; + ipfw) + IPFW_DEL + pf_is_avail && pf_restore + ;; + opf) + pf_restore + ;; + windivert) + unset WF + rm -f "$IPSET_FILE" + ;; + esac +} + +pktws_ipt_prepare_tcp() +{ + # $1 - port + # $2 - ip list + + local ip iplist ipver + + pktws_ipt_prepare tcp $1 "$2" + + # for autottl mode + case "$FWTYPE" in + iptables) + $IPTABLES -N blockcheck_input -t mangle 2>/dev/null + $IPTABLES -F blockcheck_input -t mangle 2>/dev/null + IPT INPUT -t mangle -j blockcheck_input + $IPTABLES -t mangle -A blockcheck_input ! -p tcp -j RETURN + $IPTABLES -t mangle -A blockcheck_input -p tcp ! --sport $1 -j RETURN + $IPTABLES -t mangle -A blockcheck_input -p tcp ! --tcp-flags SYN,ACK SYN,ACK -j RETURN + for ip in $2; do + $IPTABLES -A blockcheck_input -t mangle -s $ip -j NFQUEUE --queue-num $QNUM + done + ;; + nftables) + ipver=$IPV + [ "$IPV" = 6 ] || ipver= + make_comma_list iplist $2 + nft "add rule inet $NFT_TABLE prenat meta nfproto ipv${IPV} tcp sport $1 tcp flags & (syn | ack) == (syn | ack) ip${ipver} saddr {$iplist} queue num $QNUM" + ;; + ipfw) + for ip in $2; do + IPFW_ADD divert $IPFW_DIVERT_PORT tcp from $ip $1 to me proto ip${IPV} tcpflags syn,ack in not diverted + done + ;; + esac +} +pktws_ipt_unprepare_tcp() +{ + # $1 - port + + pktws_ipt_unprepare tcp $1 + + case "$FWTYPE" in + iptables) + IPT_DEL INPUT -t mangle -j blockcheck_input + $IPTABLES -t mangle -F blockcheck_input 2>/dev/null + $IPTABLES -t mangle -X blockcheck_input 2>/dev/null + ;; + esac +} +pktws_ipt_prepare_udp() +{ + # $1 - port + # $2 - ip list + + pktws_ipt_prepare udp $1 "$2" +} +pktws_ipt_unprepare_udp() +{ + # $1 - port + + pktws_ipt_unprepare udp $1 +} + +pktws_start() +{ + case "$UNAME" in + Linux) + "$NFQWS" --uid $TPWS_UID:$TPWS_GID --dpi-desync-fwmark=$DESYNC_MARK --qnum=$QNUM "$@" >/dev/null & + ;; + FreeBSD|OpenBSD) + "$DVTWS" --port=$IPFW_DIVERT_PORT "$@" >/dev/null & + ;; + CYGWIN) + "$WINWS" $WF --ipset="$IPSET_FILE" "$@" >/dev/null & + ;; + esac + PID=$! + # give some time to initialize + minsleep +} +tpws_start() +{ + local uid + [ -n "$HAVE_ROOT" ] && uid="--uid $TPWS_UID:$TPWS_GID" + "$TPWS" $uid --socks --bind-addr=127.0.0.1 --port=$SOCKS_PORT "$@" >/dev/null & + PID=$! + # give some time to initialize + minsleep +} +ws_kill() +{ + [ -z "$PID" ] || { + killwait -9 $PID 2>/dev/null + PID= + } +} + +check_domain_port_block() +{ + # $1 - domain + # $2 - port + local ip ips + echo + echo \* port block tests ipv$IPV $1:$2 + if netcat_setup; then + mdig_resolve_all $IPV ips $1 + if [ -n "$ips" ]; then + for ip in $ips; do + if netcat_test $ip $2; then + echo $ip connects + else + echo $ip does not connect. netcat code $? + fi + done + else + echo "ipv${IPV} $1 does not resolve" + fi + else + echo suitable netcat not found. busybox nc is not supported. pls install nmap ncat or openbsd netcat. + fi +} + +curl_test() +{ + # $1 - test function + # $2 - domain + # $3 - subst ip + # $4 - param of test function + local code=0 n=0 p pids + + if [ "$PARALLEL" = 1 ]; then + rm -f "${PARALLEL_OUT}"* + for n in $(seq -s ' ' 1 $REPEATS); do + $1 "$IPV" $2 $3 "$4" >"${PARALLEL_OUT}_$n" & + pids="${pids:+$pids }$!" + done + n=1 + for p in $pids; do + [ $REPEATS -gt 1 ] && printf "[attempt $n] " + if wait $p; then + [ $REPEATS -gt 1 ] && echo 'AVAILABLE' + else + code=$? + cat "${PARALLEL_OUT}_$n" + fi + n=$(($n+1)) + done + rm -f "${PARALLEL_OUT}"* + else + while [ $n -lt $REPEATS ]; do + n=$(($n+1)) + [ $REPEATS -gt 1 ] && printf "[attempt $n] " + if $1 "$IPV" $2 $3 "$4" ; then + [ $REPEATS -gt 1 ] && echo 'AVAILABLE' + else + code=$? + [ "$SCANLEVEL" = quick ] && break + fi + done + fi + [ "$4" = detail ] || { + if [ $code = 254 ]; then + echo "UNAVAILABLE" + elif [ $code = 0 ]; then + echo '!!!!! AVAILABLE !!!!!' + else + echo "UNAVAILABLE code=$code" + fi + } + return $code +} +ws_curl_test() +{ + + # $1 - ws start function + # $2 - test function + # $3 - domain + # $4,$5,$6, ... - ws params + local code ws_start=$1 testf=$2 dom=$3 + + [ "$SIMULATE" = 1 ] && { + n=$(random 0 99) + if [ "$n" -lt "$SIM_SUCCESS_RATE" ]; then + echo "SUCCESS" + return 0 + else + echo "FAILED" + return 7 + fi + } + shift + shift + shift + $ws_start "$@" + curl_test $testf $dom + code=$? + ws_kill + return $code +} +tpws_curl_test() +{ + # $1 - test function + # $2 - domain + # $3,$4,$5, ... - tpws params + echo - $1 ipv$IPV $2 : tpws $3 $4 $5 $6 $7 $8 $9${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"} + local ALL_PROXY="socks5://127.0.0.1:$SOCKS_PORT" + ws_curl_test tpws_start "$@"${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"} + local testf=$1 dom=$2 strategy code=$? + [ "$code" = 0 ] && { + shift; shift; + strategy="$@" + strategy_append_extra_tpws + report_append "$dom" "$testf ipv${IPV}" "tpws ${WF:+$WF }$strategy" + } + return $code +} +pktws_curl_test() +{ + # $1 - test function + # $2 - domain + # $3,$4,$5, ... - nfqws/dvtws params + local testf=$1 dom=$2 strategy code + + shift; shift; + echo - $testf ipv$IPV $dom : $PKTWSD ${WF:+$WF }${PKTWS_EXTRA_PRE:+$PKTWS_EXTRA_PRE }${PKTWS_EXTRA_PRE_1:+"$PKTWS_EXTRA_PRE_1" }${PKTWS_EXTRA_PRE_2:+"$PKTWS_EXTRA_PRE_2" }${PKTWS_EXTRA_PRE_3:+"$PKTWS_EXTRA_PRE_3" }${PKTWS_EXTRA_PRE_4:+"$PKTWS_EXTRA_PRE_4" }${PKTWS_EXTRA_PRE_5:+"$PKTWS_EXTRA_PRE_5" }${PKTWS_EXTRA_PRE_6:+"$PKTWS_EXTRA_PRE_6" }${PKTWS_EXTRA_PRE_7:+"$PKTWS_EXTRA_PRE_7" }${PKTWS_EXTRA_PRE_8:+"$PKTWS_EXTRA_PRE_8" }${PKTWS_EXTRA_PRE_9:+"$PKTWS_EXTRA_PRE_9" }$@${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"} + ws_curl_test pktws_start $testf $dom ${PKTWS_EXTRA_PRE:+$PKTWS_EXTRA_PRE }${PKTWS_EXTRA_PRE_1:+"$PKTWS_EXTRA_PRE_1" }${PKTWS_EXTRA_PRE_2:+"$PKTWS_EXTRA_PRE_2" }${PKTWS_EXTRA_PRE_3:+"$PKTWS_EXTRA_PRE_3" }${PKTWS_EXTRA_PRE_4:+"$PKTWS_EXTRA_PRE_4" }${PKTWS_EXTRA_PRE_5:+"$PKTWS_EXTRA_PRE_5" }${PKTWS_EXTRA_PRE_6:+"$PKTWS_EXTRA_PRE_6" }${PKTWS_EXTRA_PRE_7:+"$PKTWS_EXTRA_PRE_7" }${PKTWS_EXTRA_PRE_8:+"$PKTWS_EXTRA_PRE_8" }${PKTWS_EXTRA_PRE_9:+"$PKTWS_EXTRA_PRE_9" }"$@"${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"} + + code=$? + [ "$code" = 0 ] && { + strategy="$@" + strategy_append_extra_pktws + report_append "$dom" "$testf ipv${IPV}" "$PKTWSD ${WF:+$WF }$strategy" + } + return $code +} + +strategy_append_extra_pktws() +{ + strategy="${strategy:+${PKTWS_EXTRA_PRE:+$PKTWS_EXTRA_PRE }${PKTWS_EXTRA_PRE_1:+"$PKTWS_EXTRA_PRE_1" }${PKTWS_EXTRA_PRE_2:+"$PKTWS_EXTRA_PRE_2" }${PKTWS_EXTRA_PRE_3:+"$PKTWS_EXTRA_PRE_3" }${PKTWS_EXTRA_PRE_4:+"$PKTWS_EXTRA_PRE_4" }${PKTWS_EXTRA_PRE_5:+"$PKTWS_EXTRA_PRE_5" }${PKTWS_EXTRA_PRE_6:+"$PKTWS_EXTRA_PRE_6" }${PKTWS_EXTRA_PRE_7:+"$PKTWS_EXTRA_PRE_7" }${PKTWS_EXTRA_PRE_8:+"$PKTWS_EXTRA_PRE_8" }${PKTWS_EXTRA_PRE_9:+"$PKTWS_EXTRA_PRE_9" }$strategy${PKTWS_EXTRA:+ $PKTWS_EXTRA}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_1"}${PKTWS_EXTRA_2:+ "$PKTWS_EXTRA_2"}${PKTWS_EXTRA_3:+ "$PKTWS_EXTRA_3"}${PKTWS_EXTRA_4:+ "$PKTWS_EXTRA_4"}${PKTWS_EXTRA_5:+ "$PKTWS_EXTRA_5"}${PKTWS_EXTRA_6:+ "$PKTWS_EXTRA_6"}${PKTWS_EXTRA_7:+ "$PKTWS_EXTRA_7"}${PKTWS_EXTRA_8:+ "$PKTWS_EXTRA_8"}${PKTWS_EXTRA_9:+ "$PKTWS_EXTRA_9"}}" +} +strategy_append_extra_tpws() +{ + strategy="${strategy:+${PKTWS_EXTRA_PRE:+$PKTWS_EXTRA_PRE }${PKTWS_EXTRA_PRE_1:+"$PKTWS_EXTRA_PRE_1" }${PKTWS_EXTRA_PRE_2:+"$PKTWS_EXTRA_PRE_2" }${PKTWS_EXTRA_PRE_3:+"$PKTWS_EXTRA_PRE_3" }${PKTWS_EXTRA_PRE_4:+"$PKTWS_EXTRA_PRE_4" }${PKTWS_EXTRA_PRE_5:+"$PKTWS_EXTRA_PRE_5" }${PKTWS_EXTRA_PRE_6:+"$PKTWS_EXTRA_PRE_6" }${PKTWS_EXTRA_PRE_7:+"$PKTWS_EXTRA_PRE_7" }${PKTWS_EXTRA_PRE_8:+"$PKTWS_EXTRA_PRE_8" }${PKTWS_EXTRA_PRE_9:+"$PKTWS_EXTRA_PRE_9" }$strategy${TPWS_EXTRA:+ $TPWS_EXTRA}${TPWS_EXTRA_1:+ "$TPWS_EXTRA_1"}${TPWS_EXTRA_2:+ "$TPWS_EXTRA_2"}${TPWS_EXTRA_3:+ "$TPWS_EXTRA_3"}${TPWS_EXTRA_4:+ "$TPWS_EXTRA_4"}${TPWS_EXTRA_5:+ "$TPWS_EXTRA_5"}${TPWS_EXTRA_6:+ "$TPWS_EXTRA_6"}${TPWS_EXTRA_7:+ "$TPWS_EXTRA_7"}${TPWS_EXTRA_8:+ "$TPWS_EXTRA_8"}${TPWS_EXTRA_9:+ "$TPWS_EXTRA_9"}}" +} + +xxxws_curl_test_update() +{ + # $1 - xxx_curl_test function + # $2 - test function + # $3 - domain + # $4,$5,$6, ... - nfqws/dvtws params + local code xxxf=$1 testf=$2 dom=$3 + shift + shift + shift + $xxxf $testf $dom "$@" + code=$? + [ $code = 0 ] && strategy="${strategy:-$@}" + return $code +} +pktws_curl_test_update() +{ + xxxws_curl_test_update pktws_curl_test "$@" +} +tpws_curl_test_update() +{ + xxxws_curl_test_update tpws_curl_test "$@" +} + +report_append() +{ + # $1 - domain + # $2 - test function + ipver + # $3 - value + local hashstr hash hashvar hashcountvar val ct + + # save resources if only one domain + [ "$DOMAINS_COUNT" -gt 1 ] && { + hashstr="$2 : $3" + hash="$(echo -n "$hashstr" | md5f)" + hashvar=RESHASH_${hash} + hashcountvar=${hashvar}_COUNTER + + NRESHASH=${NRESHASH:-0} + + eval val="\$$hashvar" + if [ -n "$val" ]; then + eval ct="\$$hashcountvar" + ct=$(($ct + 1)) + eval $hashcountvar="\$ct" + else + eval $hashvar=\"$hashstr\" + eval $hashcountvar=1 + eval RES_$NRESHASH="\$hash" + NRESHASH=$(($NRESHASH+1)) + fi + } + + NREPORT=${NREPORT:-0} + eval REPORT_${NREPORT}=\"$2 $1 : $3\" + NREPORT=$(($NREPORT+1)) +} +report_print() +{ + local n=0 s + NREPORT=${NREPORT:-0} + while [ $n -lt $NREPORT ]; do + eval s=\"\${REPORT_$n}\" + echo $s + n=$(($n+1)) + done +} +result_intersection_print() +{ + local n=0 hash hashvar hashcountvar ct val + while : ; do + eval hash=\"\$RES_$n\" + [ -n "$hash" ] || break + hashvar=RESHASH_${hash} + hashcountvar=${hashvar}_COUNTER + eval ct=\"\$$hashcountvar\" + [ "$ct" = "$DOMAINS_COUNT" ] && { + eval val=\"\$$hashvar\" + echo "$val" + } + n=$(($n + 1)) + done +} +report_strategy() +{ + # $1 - test function + # $2 - domain + # $3 - daemon + echo + if [ -n "$strategy" ]; then + # trim spaces at the end + strategy="$(echo "$strategy" | xargs)" + echo "!!!!! $1: working strategy found for ipv${IPV} $2 : $3 $strategy !!!!!" + echo + return 0 + else + echo "$1: $3 strategy for ipv${IPV} $2 not found" + echo + report_append "$2" "$1 ipv${IPV}" "$3 not working" + return 1 + fi +} +test_has_fakedsplit() +{ + contains "$1" fakedsplit || contains "$1" fakeddisorder +} +test_has_split() +{ + contains "$1" multisplit || contains "$1" multidisorder || test_has_fakedsplit "$1" +} +test_has_hostfakesplit() +{ + contains "$1" hostfakesplit +} +test_has_fake() +{ + [ "$1" = fake ] || starts_with "$1" fake, +} +warn_fool() +{ + case "$1" in + md5sig) echo 'WARNING ! although md5sig fooling worked it will not work on all sites. it typically works only on linux servers.' + [ "$2" = "fakedsplit" -o "$2" = "fakeddisorder" ] && \ + echo "WARNING ! fakedsplit/fakeddisorder with md5sig fooling and low split position causes MTU overflow with multi-segment TLS (kyber)" + ;; + datanoack) echo 'WARNING ! although datanoack fooling worked it may break NAT and may only work with external IP. Additionally it may require nftables to work correctly.' ;; + ts) echo 'WARNING ! although ts fooling worked it will not work without timestamps being enabled in the client OS. In windows timestamps are DISABLED by default.' + esac +} +pktws_curl_test_update_vary() +{ + # $1 - test function + # $2 - encrypted test : 0 = plain, 1 - encrypted with server reply risk, 2 - encrypted without server reply risk + # $3 - domain + # $4 - desync mode + # $5,$6,... - strategy + + local testf=$1 sec=$2 domain=$3 desync=$4 proto splits= pos fake ret=1 + local fake1=- fake2=- fake3=- fake4=- + + shift; shift; shift; shift + + proto=http + [ "$sec" = 0 ] || proto=tls + test_has_fake $desync && { + fake1="--dpi-desync-fake-$proto=0x00000000" + [ "$sec" = 0 ] || { + fake2='--dpi-desync-fake-tls=0x00000000 --dpi-desync-fake-tls=! --dpi-desync-fake-tls-mod=rnd,rndsni,dupsid' + # this splits actual fake to '1603' and modified standard fake from offset 2 + fake3='--dpi-desync-fake-tls=0x1603 --dpi-desync-fake-tls=!+2 --dpi-desync-fake-tls-mod=rnd,dupsid,rndsni --dpi-desync-fake-tcp-mod=seq' + fake4='--dpi-desync-fake-tls-mod=rnd,dupsid,rndsni,padencap' + } + } + if test_has_fakedsplit $desync ; then + splits="method+2 midsld" + [ "$sec" = 0 ] || splits="1 midsld" + # do not send fake first + fake1='--dpi-desync-fakedsplit-mod=altorder=1' + elif test_has_split $desync ; then + splits="method+2 midsld" + [ "$sec" = 0 ] || splits="1 midsld 1,midsld" + fi + test_has_hostfakesplit $desync && { + fake1="--dpi-desync-hostfakesplit-mod=altorder=1" + fake2="--dpi-desync-hostfakesplit-midhost=midsld" + fake3="--dpi-desync-hostfakesplit-mod=altorder=1 --dpi-desync-hostfakesplit-midhost=midsld" + } + for fake in '' "$fake1" "$fake2" "$fake3" "$fake4" ; do + [ "$fake" = "-" ] && continue + if [ -n "$splits" ]; then + for pos in $splits ; do + pktws_curl_test_update $testf $domain --dpi-desync=$desync "$@" --dpi-desync-split-pos=$pos $fake && { + [ "$SCANLEVEL" = force ] || return 0 + ret=0 + } + done + else + pktws_curl_test_update $testf $domain --dpi-desync=$desync "$@" $fake && { + [ "$SCANLEVEL" = force ] || return 0 + ret=0 + } + fi + done + + return $ret +} + +pktws_check_domain_http_bypass_() +{ + # $1 - test function + # $2 - encrypted test : 0 = plain, 1 - encrypted with server reply risk, 2 - encrypted without server reply risk + # $3 - domain + + local ok ttls attls s f f2 e desync pos fooling frag sec="$2" delta orig splits + local need_split need_disorder need_fakedsplit need_hostfakesplit need_fakeddisorder need_fake need_wssize + local splits_http='method+2 midsld method+2,midsld' + local splits_tls='2 1 sniext+1 sniext+4 host+1 midsld 1,midsld 1,sniext+1,host+1,midsld-2,midsld,midsld+2,endhost-1' + + [ "$sec" = 0 ] && { + for s in '--hostcase' '--hostspell=hoSt' '--hostnospace' '--domcase' '--methodeol'; do + pktws_curl_test_update $1 $3 $s && [ "$SCANLEVEL" = quick ] && return + done + } + + ttls=$(seq -s ' ' $MIN_TTL $MAX_TTL) + attls=$(seq -s ' ' $MIN_AUTOTTL_DELTA $MAX_AUTOTTL_DELTA) + need_wssize=1 + for e in '' '--wssize 1:6'; do + need_split= + need_disorder= + + [ -n "$e" ] && { + pktws_curl_test_update $1 $3 $e && [ "$SCANLEVEL" = quick ] && return + } + + for desync in multisplit multidisorder; do + ok=0 + splits="$splits_http" + [ "$sec" = 0 ] || splits="$splits_tls" + for pos in $splits; do + pktws_curl_test_update $1 $3 --dpi-desync=$desync --dpi-desync-split-pos=$pos $e && { + [ "$SCANLEVEL" = quick ] && return + ok=1 + need_wssize=0 + [ "$SCANLEVEL" = force ] || break + } + done + [ "$ok" = 1 -a "$SCANLEVEL" != force ] || { + case $desync in + multisplit) + need_split=1 + ;; + multidisorder) + need_disorder=1 + ;; + esac + } + done + + need_fakedsplit=1 + need_hostfakesplit=1 + need_fakeddisorder=1 + need_fake=1 + for desync in fake ${need_split:+fakedsplit fake,multisplit fake,fakedsplit hostfakesplit fake,hostfakesplit} ${need_disorder:+fakeddisorder fake,multidisorder fake,fakeddisorder}; do + [ "$need_fake" = 0 ] && test_has_fake "$desync" && continue + [ "$need_fakedsplit" = 0 ] && contains "$desync" fakedsplit && continue + [ "$need_hostfakesplit" = 0 ] && contains "$desync" hostfakesplit && continue + [ "$need_fakeddisorder" = 0 ] && contains "$desync" fakeddisorder && continue + ok=0 + for ttl in $ttls; do + # orig-ttl=1 with start/cutoff limiter drops empty ACK packet in response to SYN,ACK. it does not reach DPI or server. + # missing ACK is transmitted in the first data packet of TLS/HTTP proto + for f in '' '--orig-ttl=1 --orig-mod-start=s1 --orig-mod-cutoff=d1'; do + pktws_curl_test_update_vary $1 $2 $3 $desync --dpi-desync-ttl=$ttl $f $e && { + [ "$SCANLEVEL" = quick ] && return + ok=1 + need_wssize=0 + [ "$SCANLEVEL" = force ] || break + } + done + [ "$ok" = 1 ] && break + done + # only skip tests if TTL succeeded. do not skip if TTL failed but fooling succeeded + [ $ok = 1 -a "$SCANLEVEL" != force ] && { + [ "$desync" = fake ] && need_fake=0 + [ "$desync" = fakedsplit ] && need_fakedsplit=0 + [ "$desync" = hostfakesplit ] && need_hostfakesplit=0 + [ "$desync" = fakeddisorder ] && need_fakeddisorder=0 + } + f= + [ "$UNAME" = "OpenBSD" ] || f="badsum" + f="$f badseq datanoack ts md5sig" + [ "$IPV" = 6 ] && f="$f hopbyhop hopbyhop2" + for fooling in $f; do + ok=0 + f2= + pktws_curl_test_update_vary $1 $2 $3 $desync --dpi-desync-fooling=$fooling $e && { + warn_fool $fooling $desync + [ "$SCANLEVEL" = quick ] && return + need_wssize=0 + ok=1 + } + [ "$fooling" = badseq ] && { + [ "$ok" = 1 -a "$SCANLEVEL" != force ] && continue + # --dpi-desync-badseq-increment=0 leaves modified by default ack increment + pktws_curl_test_update_vary $1 $2 $3 $desync --dpi-desync-fooling=$fooling --dpi-desync-badseq-increment=0 $e && { + [ "$SCANLEVEL" = quick ] && return + need_wssize=0 + } + } + [ "$fooling" = md5sig ] && { + [ "$ok" = 1 -a "$SCANLEVEL" != force ] && continue + pktws_curl_test_update_vary $1 $2 $3 $desync --dpi-desync-fooling=$fooling --dup=1 --dup-cutoff=n2 --dup-fooling=md5sig $e && { + warn_fool $fooling $desync + echo "HINT ! To avoid possible 1 sec server response delay use --dup-ttl or --dup-autottl and block ICMP time exceeded" + [ "$SCANLEVEL" = quick ] && return + need_wssize=0 + } + } + done + done + + [ "$IPV" = 6 ] && { + f="hopbyhop ${need_split:+hopbyhop,multisplit} ${need_disorder:+hopbyhop,multidisorder} destopt ${need_split:+destopt,multisplit} ${need_disorder:+destopt,multidisorder}" + [ -n "$IP6_DEFRAG_DISABLE" ] && f="$f ipfrag1 ${need_split:+ ipfrag1,multisplit} ${need_disorder:+ ipfrag1,multidisorder}" + for desync in $f; do + pktws_curl_test_update_vary $1 $2 $3 $desync $e && { + [ "$SCANLEVEL" = quick ] && return + need_wssize=0 + } + done + } + + [ "$need_split" = 1 ] && { + # relative markers can be anywhere, even in subsequent packets. first packet can be MTU-full. + # make additional split pos "10" to guarantee enough space for seqovl and likely to be before midsld,sniext,... + # method is always expected in the beginning of the first packet + f="method+2 method+2,midsld" + [ "$sec" = 0 ] || f="10 10,sniext+1 10,sniext+4 10,midsld" + for pos in $f; do + pktws_curl_test_update $1 $3 --dpi-desync=multisplit --dpi-desync-split-pos=$pos --dpi-desync-split-seqovl=1 $e && { + [ "$SCANLEVEL" = quick ] && return + need_wssize=0 + } + done + [ "$sec" != 0 ] && pktws_curl_test_update $1 $3 --dpi-desync=multisplit --dpi-desync-split-pos=2 --dpi-desync-split-seqovl=336 --dpi-desync-split-seqovl-pattern="$ZAPRET_BASE/files/fake/tls_clienthello_iana_org.bin" $e && { + [ "$SCANLEVEL" = quick ] && return + need_wssize=0 + } + } + [ "$need_disorder" = 1 ] && { + if [ "$sec" = 0 ]; then + for pos in 'method+1 method+2' 'midsld-1 midsld' 'method+1 method+2,midsld'; do + f="$(extract_arg 1 $pos)" + f2="$(extract_arg 2 $pos)" + pktws_curl_test_update $1 $3 --dpi-desync=multidisorder --dpi-desync-split-pos=$f2 --dpi-desync-split-seqovl=$f $e && { + [ "$SCANLEVEL" = quick ] && return + need_wssize=0 + } + done + else + for pos in '1 2' 'sniext sniext+1' 'sniext+3 sniext+4' 'midsld-1 midsld' '1 2,midsld'; do + f=$(extract_arg 1 $pos) + f2=$(extract_arg 2 $pos) + pktws_curl_test_update $1 $3 --dpi-desync=multidisorder --dpi-desync-split-pos=$f2 --dpi-desync-split-seqovl=$f $e && { + [ "$SCANLEVEL" = quick ] && return + need_wssize=0 + } + done + fi + } + + need_fakedsplit=1 + need_fakeddisorder=1 + need_hostfakesplit=1 + need_fake=1 + for desync in fake ${need_split:+fakedsplit fake,multisplit fake,fakedsplit hostfakesplit fake,hostfakesplit} ${need_disorder:+fakeddisorder fake,multidisorder fake,fakeddisorder}; do + [ "$need_fake" = 0 ] && test_has_fake "$desync" && continue + [ "$need_fakedsplit" = 0 ] && contains "$desync" fakedsplit && continue + [ "$need_hostfakesplit" = 0 ] && contains "$desync" hostfakesplit && continue + [ "$need_fakeddisorder" = 0 ] && contains "$desync" fakeddisorder && continue + ok=0 + # orig-ttl=1 with start/cutoff limiter drops empty ACK packet in response to SYN,ACK. it does not reach DPI or server. + # missing ACK is transmitted in the first data packet of TLS/HTTP proto + for delta in $attls; do + for f in '' '--orig-ttl=1 --orig-mod-start=s1 --orig-mod-cutoff=d1'; do + pktws_curl_test_update_vary $1 $2 $3 $desync --dpi-desync-ttl=1 --dpi-desync-autottl=-$delta $f $e && ok=1 + [ "$ok" = 1 -a "$SCANLEVEL" != force ] && break + done + done + [ "$SCANLEVEL" = force ] && { + for orig in 1 2 3; do + for delta in $attls; do + pktws_curl_test_update_vary $1 $2 $3 $desync ${orig:+--orig-autottl=+$orig} --dpi-desync-ttl=1 --dpi-desync-autottl=-$delta $e && ok=1 + done + [ "$ok" = 1 -a "$SCANLEVEL" != force ] && break + done + } + [ "$ok" = 1 ] && + { + echo "WARNING ! although autottl worked it requires testing on multiple domains to find out reliable delta" + echo "WARNING ! if a reliable delta cannot be found it's a good idea not to use autottl" + [ "$SCANLEVEL" = quick ] && return + need_wssize=0 + [ "$SCANLEVEL" = force ] || { + [ "$desync" = fake ] && need_fake=0 + [ "$desync" = fakedsplit ] && need_fakedsplit=0 + [ "$desync" = hostfakesplit ] && need_hostfakesplit=0 + [ "$desync" = fakeddisorder ] && need_fakeddisorder=0 + } + } + done + + s="http_iana_org.bin" + [ "$sec" = 0 ] || s="tls_clienthello_iana_org.bin" + for desync in syndata ${need_split:+syndata,multisplit} ${need_disorder:+syndata,multidisorder} ; do + pktws_curl_test_update_vary $1 $2 $3 $desync $e && [ "$SCANLEVEL" = quick ] && return + pktws_curl_test_update_vary $1 $2 $3 $desync --dpi-desync-fake-syndata="$ZAPRET_BASE/files/fake/$s" $e && [ "$SCANLEVEL" = quick ] && return + done + + # do not do wssize test for http and TLS 1.3. it's useless + [ "$sec" = 1 ] || break + [ "$SCANLEVEL" = force -o "$need_wssize" = 1 ] || break + done +} +pktws_check_domain_http_bypass() +{ + # $1 - test function + # $2 - encrypted test : 0 = plain, 1 - encrypted with server reply risk, 2 - encrypted without server reply risk + # $3 - domain + + local strategy + pktws_check_domain_http_bypass_ "$@" + strategy_append_extra_pktws + report_strategy $1 $3 $PKTWSD +} + +pktws_check_domain_http3_bypass_() +{ + # $1 - test function + # $2 - domain + + local f desync frag tests rep fake + + for fake in '' "--dpi-desync-fake-quic=$ZAPRET_BASE/files/fake/quic_initial_www_google_com.bin"; do + for rep in '' 2 5 10 20; do + pktws_curl_test_update $1 $2 --dpi-desync=fake ${fake:+$fake }${rep:+--dpi-desync-repeats=$rep} && [ "$SCANLEVEL" != force ] && { + [ "$SCANLEVEL" = quick ] && return + break + } + done + done + + [ "$IPV" = 6 ] && { + f="hopbyhop destopt" + [ -n "$IP6_DEFRAG_DISABLE" ] && f="$f ipfrag1" + for desync in $f; do + pktws_curl_test_update $1 $2 --dpi-desync=$desync && [ "$SCANLEVEL" = quick ] && return + done + } + + # OpenBSD has checksum issues with fragmented packets + [ "$UNAME" != "OpenBSD" ] && [ "$IPV" = 4 -o -n "$IP6_DEFRAG_DISABLE" ] && { + for frag in 8 16 24 32 40 64; do + tests="ipfrag2" + [ "$IPV" = 6 ] && tests="$tests hopbyhop,ipfrag2 destopt,ipfrag2" + for desync in $tests; do + pktws_curl_test_update $1 $2 --dpi-desync=$desync --dpi-desync-ipfrag-pos-udp=$frag && [ "$SCANLEVEL" = quick ] && return + done + done + } + +} +pktws_check_domain_http3_bypass() +{ + # $1 - test function + # $2 - domain + + local strategy + pktws_check_domain_http3_bypass_ "$@" + strategy_append_extra_pktws + report_strategy $1 $2 $PKTWSD +} +warn_mss() +{ + [ -n "$1" ] && echo 'WARNING ! although mss worked it may not work on all sites and will likely cause significant slowdown. it may only be required for TLS1.2, not TLS1.3' + return 0 +} +fix_seg() +{ + # $1 - split-pos + [ -n "$FIX_SEG" ] && contains "$1" , && echo "$FIX_SEG" +} + +tpws_check_domain_http_bypass_() +{ + # $1 - test function + # $2 - encrypted test : 0 = plain, 1 - encrypted with server reply risk, 2 - encrypted without server reply risk + # $3 - domain + + local s mss s2 s3 oobdis pos sec="$2" + local splits_tls='2 1 sniext+1 sniext+4 host+1 midsld 1,midsld 1,sniext+1,host+1,midsld,endhost-1' + local splits_http='method+2 midsld method+2,midsld' + + # simulteneous oob and disorder works properly only in linux. other systems retransmit oob byte without URG tcp flag and poison tcp stream. + [ "$UNAME" = Linux ] && oobdis='--oob --disorder' + if [ "$sec" = 0 ]; then + for s in '--hostcase' '--hostspell=hoSt' '--hostdot' '--hosttab' '--hostnospace' '--domcase' ; do + tpws_curl_test_update $1 $3 $s && [ "$SCANLEVEL" = quick ] && return + done + for s in 1024 2048 4096 8192 16384 ; do + tpws_curl_test_update $1 $3 --hostpad=$s && [ "$SCANLEVEL" != force ] && { + [ "$SCANLEVEL" = quick ] && return + break + } + done + for s2 in '' '--hostcase' '--oob' '--disorder' ${oobdis:+"$oobdis"}; do + for s in $splits_http ; do + tpws_curl_test_update $1 $3 --split-pos=$s $(fix_seg $s) $s2 && [ "$SCANLEVEL" != force ] && { + [ "$SCANLEVEL" = quick ] && return + break + } + done + done + for s in '--methodspace' '--unixeol' '--methodeol'; do + tpws_curl_test_update $1 $3 $s && [ "$SCANLEVEL" = quick ] && return + done + else + local need_mss=1 + for mss in '' 88; do + s3=${mss:+--mss=$mss} + for s2 in '' '--oob' '--disorder' ${oobdis:+"$oobdis"}; do + for pos in $splits_tls; do + tpws_curl_test_update $1 $3 --split-pos=$pos $(fix_seg $pos) $s2 $s3 && warn_mss $s3 && [ "$SCANLEVEL" != force ] && { + [ "$SCANLEVEL" = quick ] && return + need_mss=0 + break + } + done + done + for s in '' '--oob' '--disorder' ${oobdis:+"$oobdis"}; do + for s2 in '--tlsrec=midsld' '--tlsrec=sniext+1 --split-pos=midsld' '--tlsrec=sniext+4 --split-pos=midsld' "--tlsrec=sniext+1 --split-pos=1,midsld $FIX_SEG" "--tlsrec=sniext+4 --split-pos=1,midsld $FIX_SEG" ; do + tpws_curl_test_update $1 $3 $s2 $s $s3 && warn_mss $s3 && [ "$SCANLEVEL" != force ] && { + [ "$SCANLEVEL" = quick ] && return + need_mss=0 + break + } + done + done + # only linux supports mss + [ "$UNAME" = Linux -a "$sec" = 1 ] || break + [ "$SCANLEVEL" = force -o "$need_mss" = 1 ] || break + done + fi +} +tpws_check_domain_http_bypass() +{ + # $1 - test function + # $2 - encrypted test : 0 = plain, 1 - encrypted with server reply risk, 2 - encrypted without server reply risk + # $3 - domain + + local strategy + tpws_check_domain_http_bypass_ "$@" + strategy_append_extra_tpws + report_strategy $1 $3 tpws +} + +check_dpi_ip_block() +{ + # $1 - test function + # $2 - domain + + local blocked_dom=$2 + local blocked_ip blocked_ips unblocked_ip + + echo + echo "- IP block tests (requires manual interpretation)" + + echo "> testing $UNBLOCKED_DOM on it's original ip" + if curl_test $1 $UNBLOCKED_DOM; then + mdig_resolve $IPV unblocked_ip $UNBLOCKED_DOM + [ -n "$unblocked_ip" ] || { + echo $UNBLOCKED_DOM does not resolve. tests not possible. + return 1 + } + + echo "> testing $blocked_dom on $unblocked_ip ($UNBLOCKED_DOM)" + curl_test $1 $blocked_dom $unblocked_ip detail + + mdig_resolve_all $IPV blocked_ips $blocked_dom + for blocked_ip in $blocked_ips; do + echo "> testing $UNBLOCKED_DOM on $blocked_ip ($blocked_dom)" + curl_test $1 $UNBLOCKED_DOM $blocked_ip detail + done + else + echo $UNBLOCKED_DOM is not available. skipping this test. + fi +} + +curl_has_reason_to_continue() +{ + # $1 - curl return code + for c in 1 2 3 4 6 27 ; do + [ $1 = $c ] && return 1 + done + return 0 +} + +check_domain_prolog() +{ + # $1 - test function + # $2 - port + # $3 - domain + + local code + + [ "$SIMULATE" = 1 ] && return 0 + + echo + echo \* $1 ipv$IPV $3 + + echo "- checking without DPI bypass" + curl_test $1 $3 && { + report_append "$3" "$1 ipv${IPV}" "working without bypass" + [ "$SCANLEVEL" = force ] || return 1 + } + code=$? + curl_has_reason_to_continue $code || { + report_append "$3" "$1 ipv${IPV}" "test aborted, no reason to continue. curl code $(curl_translate_code $code)" + return 1 + } + return 0 +} +check_domain_http_tcp() +{ + # $1 - test function + # $2 - port + # $3 - encrypted test : 0 = plain, 1 - encrypted with server reply risk, 2 - encrypted without server reply risk + # $4 - domain + + local ips + + # in case was interrupted before + pktws_ipt_unprepare_tcp $2 + ws_kill + + check_domain_prolog $1 $2 $4 || return + + [ "$SKIP_IPBLOCK" = 1 ] || check_dpi_ip_block $1 $4 + + [ "$SKIP_PKTWS" = 1 ] || { + echo + echo preparing $PKTWSD redirection + mdig_resolve_all $IPV ips $4 + pktws_ipt_prepare_tcp $2 "$ips" + + pktws_check_domain_http_bypass $1 $3 $4 + + echo clearing $PKTWSD redirection + pktws_ipt_unprepare_tcp $2 + } +} +check_domain_http_udp() +{ + # $1 - test function + # $2 - port + # $3 - domain + + local ips + + # in case was interrupted before + pktws_ipt_unprepare_udp $2 + ws_kill + + check_domain_prolog $1 $2 $3 || return + + [ "$SKIP_PKTWS" = 1 ] || { + echo + echo preparing $PKTWSD redirection + mdig_resolve_all $IPV ips $3 + pktws_ipt_prepare_udp $2 "$ips" + + pktws_check_domain_http3_bypass $1 $3 + + echo clearing $PKTWSD redirection + pktws_ipt_unprepare_udp $2 + } +} + + +check_domain_http() +{ + # $1 - domain + check_domain_http_tcp curl_test_http $HTTP_PORT 0 $1 +} +check_domain_https_tls12() +{ + # $1 - domain + check_domain_http_tcp curl_test_https_tls12 $HTTPS_PORT 1 $1 +} +check_domain_https_tls13() +{ + # $1 - domain + check_domain_http_tcp curl_test_https_tls13 $HTTPS_PORT 2 $1 +} +check_domain_http3() +{ + # $1 - domain + check_domain_http_udp curl_test_http3 $QUIC_PORT $1 +} + +configure_ip_version() +{ + if [ "$IPV" = 6 ]; then + LOCALHOST=::1 + LOCALHOST_IPT=[${LOCALHOST}] + IPVV=6 + else + IPTABLES=iptables + LOCALHOST=127.0.0.1 + LOCALHOST_IPT=$LOCALHOST + IPVV= + fi + IPTABLES=ip${IPVV}tables +} +configure_curl_opt() +{ + # wolfssl : --tlsv1.x mandates exact ssl version, tls-max not supported + # openssl : --tlsv1.x means "version equal or greater", tls-max supported + TLSMAX12= + TLSMAX13= + curl_supports_tlsmax && { + TLSMAX12="--tls-max 1.2" + TLSMAX13="--tls-max 1.3" + } + TLS13= + curl_supports_tls13 && TLS13=1 + HTTP3= + curl_supports_http3 && HTTP3=1 + + HTTPS_HEAD=-I + [ "$CURL_HTTPS_GET" = 1 ] && HTTPS_HEAD= +} + +linux_ipv6_defrag_can_be_disabled() +{ + linux_min_version 4 16 +} + +configure_defrag() +{ + IP6_DEFRAG_DISABLE= + + [ "$IPVS" = 4 ] && return + + [ "$UNAME" = "Linux" ] && { + linux_ipv6_defrag_can_be_disabled || { + echo "WARNING ! ipv6 defrag can only be effectively disabled in linux kernel 4.16+" + echo "WARNING ! ipv6 ipfrag tests are disabled" + echo + return + } + } + + case "$FWTYPE" in + iptables) + if ipt6_has_raw ; then + if ipt6_has_frag; then + IP6_DEFRAG_DISABLE=1 + else + echo "WARNING ! ip6tables does not have '-m frag' module, ipv6 ipfrag tests are disabled" + echo + fi + else + echo "WARNING ! ip6tables raw table is not available, ipv6 ipfrag tests are disabled" + echo + fi + [ -n "$IP6_DEFRAG_DISABLE" ] && { + local ipexe="$(readlink -f $(whichq ip6tables))" + if contains "$ipexe" nft; then + echo "WARNING ! ipv6 ipfrag tests may have no effect if ip6tables-nft is used. current ip6tables point to : $ipexe" + else + echo "WARNING ! ipv6 ipfrag tests may have no effect if ip6table_raw kernel module is not loaded with parameter : raw_before_defrag=1" + fi + echo + } + ;; + *) + IP6_DEFRAG_DISABLE=1 + ;; + esac +} + +ask_params() +{ + echo + echo NOTE ! this test should be run with zapret or any other bypass software disabled, without VPN + echo + + curl_supports_connect_to || { + echo "installed curl does not support --connect-to option. pls install at least curl 7.49" + echo "current curl version:" + "$CURL" --version + exitp 1 + } + + local dom + [ -n "$DOMAINS" ] || { + DOMAINS="$DOMAINS_DEFAULT" + [ "$BATCH" = 1 ] || { + echo "specify domain(s) to test. multiple domains are space separated. URIs are supported (rutracker.org/forum/index.php)" + printf "domain(s) (default: $DOMAINS) : " + read dom + [ -n "$dom" ] && DOMAINS="$dom" + } + } + DOMAINS_COUNT="$(echo "$DOMAINS" | wc -w | trim)" + + local IPVS_def=4 + [ -n "$IPVS" ] || { + # yandex public dns + pingtest 6 2a02:6b8::feed:0ff && IPVS_def=46 + [ "$BATCH" = 1 ] || { + printf "ip protocol version(s) - 4, 6 or 46 for both (default: $IPVS_def) : " + read IPVS + } + [ -n "$IPVS" ] || IPVS=$IPVS_def + [ "$IPVS" = 4 -o "$IPVS" = 6 -o "$IPVS" = 46 ] || { + echo 'invalid ip version(s). should be 4, 6 or 46.' + exitp 1 + } + } + [ "$IPVS" = 46 ] && IPVS="4 6" + + configure_curl_opt + + [ -n "$ENABLE_HTTP" ] || { + ENABLE_HTTP=1 + [ "$BATCH" = 1 ] || { + echo + ask_yes_no_var ENABLE_HTTP "check http" + } + } + + [ -n "$ENABLE_HTTPS_TLS12" ] || { + ENABLE_HTTPS_TLS12=1 + [ "$BATCH" = 1 ] || { + echo + ask_yes_no_var ENABLE_HTTPS_TLS12 "check https tls 1.2" + } + } + + [ -n "$ENABLE_HTTPS_TLS13" ] || { + ENABLE_HTTPS_TLS13=0 + if [ -n "$TLS13" ]; then + [ "$BATCH" = 1 ] || { + echo + echo "TLS 1.3 uses encrypted ServerHello. DPI cannot check domain name in server response." + echo "This can allow more bypass strategies to work." + echo "What works for TLS 1.2 will also work for TLS 1.3 but not vice versa." + echo "Most sites nowadays support TLS 1.3 but not all. If you can't find a strategy for TLS 1.2 use this test." + echo "TLS 1.3 only strategy is better than nothing." + ask_yes_no_var ENABLE_HTTPS_TLS13 "check https tls 1.3" + } + else + echo + echo "installed curl version does not support TLS 1.3 . tests disabled." + fi + } + + [ -n "$ENABLE_HTTP3" ] || { + ENABLE_HTTP3=0 + if [ -n "$HTTP3" ]; then + ENABLE_HTTP3=1 + [ "$BATCH" = 1 ] || { + echo + echo "make sure target domain(s) support QUIC or result will be negative in any case" + ask_yes_no_var ENABLE_HTTP3 "check http3 QUIC" + } + else + echo + echo "installed curl version does not support http3 QUIC. tests disabled." + fi + } + + [ -n "$REPEATS" ] || { + [ "$BATCH" = 1 ] || { + echo + echo "sometimes ISPs use multiple DPIs or load balancing. bypass strategies may work unstable." + printf "how many times to repeat each test (default: 1) : " + read REPEATS + } + REPEATS=$((0+${REPEATS:-1})) + [ "$REPEATS" = 0 ] && { + echo invalid repeat count + exitp 1 + } + } + [ -z "$PARALLEL" -a $REPEATS -gt 1 ] && { + PARALLEL=0 + [ "$BATCH" = 1 ] || { + echo + echo "parallel scan can greatly increase speed but may also trigger DDoS protection and cause false result" + ask_yes_no_var PARALLEL "enable parallel scan" + } + } + PARALLEL=${PARALLEL:-0} + + [ -n "$SCANLEVEL" ] || { + SCANLEVEL=standard + [ "$BATCH" = 1 ] || { + echo + echo quick - scan as fast as possible to reveal any working strategy + echo standard - do investigation what works on your DPI + echo force - scan maximum despite of result + ask_list SCANLEVEL "quick standard force" "$SCANLEVEL" + # disable tpws checks by default in quick mode + [ "$SCANLEVEL" = quick -a -z "$SKIP_TPWS" -a "$UNAME" != Darwin ] && SKIP_TPWS=1 + } + } + + echo + + configure_defrag +} + + + +ping_with_fix() +{ + local ret + $PING $2 $1 >/dev/null 2>/dev/null + ret=$? + # can be because of unsupported -4 option + if [ "$ret" = 2 -o "$ret" = 64 ]; then + ping $2 $1 >/dev/null + else + return $ret + fi +} + +pingtest() +{ + # $1 - ip version : 4 or 6 + # $2 - domain or ip + + # ping command can vary a lot. some implementations have -4/-6 options. others don.t + # WARNING ! macos ping6 command does not have timeout option. ping6 will fail + + local PING=ping ret + if [ "$1" = 6 ]; then + if exists ping6; then + PING=ping6 + else + PING="ping -6" + fi + else + if [ "$UNAME" = Darwin -o "$UNAME" = FreeBSD -o "$UNAME" = OpenBSD ]; then + # ping by default pings ipv4, ping6 only pings ipv6 + # in FreeBSD -4/-6 options are supported, in others not + PING=ping + else + # this can be linux or cygwin + # in linux it's not possible for sure to figure out if it supports -4/-6. only try and check for result code=2 (invalid option) + PING="ping -4" + fi + fi + case "$UNAME" in + Darwin) + $PING -c 1 -t 1 $2 >/dev/null 2>/dev/null + # WARNING ! macos ping6 command does not have timeout option. ping6 will fail. but without timeout is not an option. + ;; + OpenBSD) + $PING -c 1 -w 1 $2 >/dev/null + ;; + CYGWIN) + if starts_with "$(which ping)" /cygdrive; then + # cygwin does not have own ping by default. use windows PING. + $PING -n 1 -w 1000 $2 >/dev/null + else + ping_with_fix $2 '-c 1 -w 1' + fi + ;; + *) + ping_with_fix $2 '-c 1 -W 1' + ;; + esac +} +dnstest() +{ + # $1 - dns server. empty for system resolver + "$LOOKUP" iana.org $1 >/dev/null 2>/dev/null +} +find_working_public_dns() +{ + local dns + for dns in $DNSCHECK_DNS; do + pingtest 4 $dns && dnstest $dns && { + PUBDNS=$dns + return 0 + } + done + return 1 +} +lookup4() +{ + # $1 - domain + # $2 - DNS + case "$LOOKUP" in + nslookup) + if is_linked_to_busybox nslookup; then + nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^.*:[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p' + else + nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p' + fi + ;; + host) + host -t A $1 $2 | grep "has address" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' + ;; + esac +} +check_dns_spoof() +{ + # $1 - domain + # $2 - public DNS + + # windows version of mdig outputs 0D0A line ending. remove 0D. + echo $1 | "$MDIG" --family=4 | tr -d '\r' >"$DNSCHECK_DIG1" + lookup4 $1 $2 >"$DNSCHECK_DIG2" + # check whether system resolver returns anything other than public DNS + grep -qvFf "$DNSCHECK_DIG2" "$DNSCHECK_DIG1" +} +check_dns_cleanup() +{ + rm -f "$DNSCHECK_DIG1" "$DNSCHECK_DIG2" "$DNSCHECK_DIGS" 2>/dev/null +} +check_dns_() +{ + local C1 C2 dom + + DNS_IS_SPOOFED=0 + + [ "$SKIP_DNSCHECK" = 1 ] && return 0 + + echo \* checking DNS + + [ -f "$DNSCHECK_DIGS" ] && rm -f "$DNSCHECK_DIGS" + + dnstest || { + echo -- DNS is not working. It's either misconfigured or blocked or you don't have inet access. + return 1 + } + echo system DNS is working + + if find_working_public_dns ; then + echo comparing system resolver to public DNS : $PUBDNS + for dom in $DNSCHECK_DOM; do + if check_dns_spoof $dom $PUBDNS ; then + echo $dom : MISMATCH + echo -- system resolver : + cat "$DNSCHECK_DIG1" + echo -- $PUBDNS : + cat "$DNSCHECK_DIG2" + check_dns_cleanup + echo -- POSSIBLE DNS HIJACK DETECTED. ZAPRET WILL NOT HELP YOU IN CASE DNS IS SPOOFED !!! + echo -- DNS CHANGE OR DNSCRYPT MAY BE REQUIRED + DNS_IS_SPOOFED=1 + return 1 + else + echo $dom : OK + cat "$DNSCHECK_DIG1" >>"$DNSCHECK_DIGS" + fi + done + else + echo no working public DNS was found. looks like public DNS blocked. + for dom in $DNSCHECK_DOM; do echo $dom; done | "$MDIG" --threads=10 --family=4 >"$DNSCHECK_DIGS" + fi + + echo "checking resolved IP uniqueness for : $DNSCHECK_DOM" + echo "censor's DNS can return equal result for multiple blocked domains." + C1=$(wc -l <"$DNSCHECK_DIGS") + C2=$(sort -u "$DNSCHECK_DIGS" | wc -l) + [ "$C1" -eq 0 ] && + { + echo -- DNS is not working. It's either misconfigured or blocked or you don't have inet access. + check_dns_cleanup + return 1 + } + [ "$C1" = "$C2" ] || + { + echo system dns resolver has returned equal IPs for some domains checked above \($C1 total, $C2 unique\) + echo non-unique IPs : + sort "$DNSCHECK_DIGS" | uniq -d + echo -- POSSIBLE DNS HIJACK DETECTED. ZAPRET WILL NOT HELP YOU IN CASE DNS IS SPOOFED !!! + echo -- DNSCRYPT MAY BE REQUIRED + check_dns_cleanup + DNS_IS_SPOOFED=1 + return 1 + } + echo all resolved IPs are unique + echo -- DNS looks good + echo -- NOTE this check is Russia targeted. In your country other domains may be blocked. + check_dns_cleanup + return 0 +} + +check_dns() +{ + local r + check_dns_ + r=$? + [ "$DNS_IS_SPOOFED" = 1 ] && SECURE_DNS=${SECURE_DNS:-1} + [ "$SECURE_DNS" = 1 ] && { + doh_find_working || { + echo could not find working DoH server. exiting. + exitp 7 + } + } + return $r +} + +unprepare_all() +{ + # make sure we are not in a middle state that impacts connectivity + ws_kill + wait + [ -n "$IPV" ] && { + pktws_ipt_unprepare_tcp $HTTP_PORT + pktws_ipt_unprepare_tcp $HTTPS_PORT + pktws_ipt_unprepare_udp $QUIC_PORT + } + cleanup + rm -f "${HDRTEMP}"* "${PARALLEL_OUT}"* +} +sigint() +{ + echo + echo terminating... + unprepare_all + exitp 1 +} +sigint_cleanup() +{ + cleanup + exit 1 +} +sigsilent() +{ + # must not write anything here to stdout + unprepare_all + exit 1 +} + +fsleep_setup +fix_sbin_path +check_system +check_already +# no divert sockets in MacOS +[ "$UNAME" = "Darwin" ] && SKIP_PKTWS=1 +[ "$UNAME" != CYGWIN -a "$SKIP_PKTWS" != 1 ] && require_root +check_prerequisites +trap sigint_cleanup INT +check_dns +check_virt +ask_params +trap - INT + +PID= +NREPORT= +unset WF +trap sigint INT +trap sigsilent PIPE +trap sigsilent HUP +for dom in $DOMAINS; do + for IPV in $IPVS; do + configure_ip_version + [ "$ENABLE_HTTP" = 1 ] && { + [ "$SKIP_IPBLOCK" = 1 ] || check_domain_port_block $dom $HTTP_PORT + check_domain_http $dom + } + [ "$ENABLE_HTTPS_TLS12" = 1 -o "$ENABLE_HTTPS_TLS13" = 1 ] && [ "$SKIP_IPBLOCK" != 1 ] && check_domain_port_block $dom $HTTPS_PORT + [ "$ENABLE_HTTPS_TLS12" = 1 ] && check_domain_https_tls12 $dom + [ "$ENABLE_HTTPS_TLS13" = 1 ] && check_domain_https_tls13 $dom + [ "$ENABLE_HTTP3" = 1 ] && check_domain_http3 $dom + done +done +trap - HUP +trap - PIPE +trap - INT + +cleanup + +echo +echo \* SUMMARY +report_print +[ "$DOMAINS_COUNT" -gt 1 ] && { + echo + echo \* COMMON + result_intersection_print + echo + [ "$SCANLEVEL" = force ] || { + echo "blockcheck optimizes test sequence. To save time some strategies can be skipped if their test is considered useless." + echo "That's why COMMON intersection can miss strategies that would work for all domains." + echo "Use \"force\" scan level to test all strategies and generate trustable intersection." + echo "Current scan level was \"$SCANLEVEL\"". + } +} +echo +echo "Please note this SUMMARY does not guarantee a magic pill for you to copy/paste and be happy." +echo "Understanding how strategies work is very desirable." +echo "This knowledge allows to understand better which strategies to prefer and which to avoid if possible, how to combine strategies." +echo "Blockcheck does it's best to prioritize good strategies but it's not bullet-proof." +echo "It was designed not as magic pill maker but as a DPI bypass test tool." + +exitp 0 diff --git a/blockcheck/zapret/blog.sh b/blockcheck/zapret/blog.sh new file mode 100644 index 0000000..1bd7f84 --- /dev/null +++ b/blockcheck/zapret/blog.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +EXEDIR="$(dirname "$0")" +EXEDIR="$(cd "$EXEDIR"; pwd)" + +"$EXEDIR/blockcheck.sh" 2>&1 | tee "$EXEDIR/../blockcheck.log" +# windows 7 notepad does not view unix EOL correctly +unix2dos "$EXEDIR/../blockcheck.log" diff --git a/blockcheck/zapret/blog_kyber.sh b/blockcheck/zapret/blog_kyber.sh new file mode 100644 index 0000000..a7bd700 --- /dev/null +++ b/blockcheck/zapret/blog_kyber.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +EXEDIR="$(dirname "$0")" +EXEDIR="$(cd "$EXEDIR"; pwd)" + +CURL=curl-kyber exec "$EXEDIR/blog.sh" diff --git a/blockcheck/zapret/common/base.sh b/blockcheck/zapret/common/base.sh new file mode 100644 index 0000000..ece185e --- /dev/null +++ b/blockcheck/zapret/common/base.sh @@ -0,0 +1,456 @@ +which() +{ + # on some systems 'which' command is considered deprecated and not installed by default + # 'command -v' replacement does not work exactly the same way. it outputs shell aliases if present + # $1 - executable name + local IFS=: + [ "$1" != "${1#/}" ] && [ -x "$1" ] && { + echo "$1" + return 0 + } + for p in $PATH; do + [ -x "$p/$1" ] && { + echo "$p/$1" + return 0 + } + done + return 1 +} +exists() +{ + which "$1" >/dev/null 2>/dev/null +} +existf() +{ + type "$1" >/dev/null 2>/dev/null +} +whichq() +{ + which $1 2>/dev/null +} +exist_all() +{ + while [ -n "$1" ]; do + exists "$1" || return 1 + shift + done + return 0 +} +on_off_function() +{ + # $1 : function name on + # $2 : function name off + # $3 : 0 - off, 1 - on + local F="$1" + [ "$3" = "1" ] || F="$2" + shift + shift + shift + "$F" "$@" +} +contains() +{ + # check if substring $2 contains in $1 + [ "${1#*$2}" != "$1" ] +} +starts_with() +{ + # $1 : what + # $2 : starts with + case "$1" in + "$2"*) + return 0 + ;; + esac + return 1 +} +extract_arg() +{ + # $1 - arg number + # $2,$3,... - args + local n=$1 + while [ -n "$1" ]; do + shift + [ $n -eq 1 ] && { echo "$1"; return 0; } + n=$(($n-1)) + done + return 1 +} +find_str_in_list() +{ + # $1 - string + # $2 - space separated values + local v + [ -n "$1" ] && { + for v in $2; do + [ "$v" = "$1" ] && return 0 + done + } + return 1 +} +end_with_newline() +{ + local c="$(tail -c 1)" + [ "$c" = "" ] +} +trim() +{ + awk '{gsub(/^ +| +$/,"")}1' +} +split_by_separator() +{ + # $1 - string + # $2 - separator + # $3 - var name to get "before" part + # $4 - var name to get "after" part + local before="${1%%$2*}" + local after="${1#*$2}" + [ "$after" = "$1" ] && after= + [ -n "$3" ] && eval $3="\$before" + [ -n "$4" ] && eval $4="\$after" +} + +dir_is_not_empty() +{ + # $1 - directory + local n + [ -d "$1" ] || return 1 + n=$(ls "$1" | wc -c | xargs) + [ "$n" != 0 ] +} + +append_separator_list() +{ + # $1 - var name to receive result + # $2 - separator + # $3 - quoter + # $4,$5,... - elements + local _var="$1" sep="$2" quo="$3" i + + eval i="\$$_var" + shift; shift; shift + while [ -n "$1" ]; do + if [ -n "$i" ] ; then + i="$i$sep$quo$1$quo" + else + i="$quo$1$quo" + fi + shift + done + eval $_var="\$i" +} +make_separator_list() +{ + eval $1='' + append_separator_list "$@" +} +make_comma_list() +{ + # $1 - var name to receive result + # $2,$3,... - elements + local var="$1" + shift + make_separator_list $var , '' "$@" +} +make_quoted_comma_list() +{ + # $1 - var name to receive result + # $2,$3,... - elements + local var="$1" + shift + make_separator_list $var , '"' "$@" +} +unique() +{ + local i + for i in "$@"; do echo $i; done | sort -u | xargs +} + +is_linked_to_busybox() +{ + local IFS F P + + IFS=: + for path in $PATH; do + F=$path/$1 + P="$(readlink $F)" + if [ -z "$P" ] && [ -x $F ] && [ ! -L $F ]; then return 1; fi + [ "${P%busybox*}" != "$P" ] && return + done +} +get_dir_inode() +{ + local dir="$1" + [ -L "$dir" ] && dir=$(readlink "$dir") + ls -id "$dir" | awk '{print $1}' +} + +linux_min_version() +{ + # $1 - major ver + # $2 - minor ver + local V1=$(sed -nre 's/^Linux version ([0-9]+)\.[0-9]+.*$/\1/p' /proc/version) + local V2=$(sed -nre 's/^Linux version [0-9]+\.([0-9]+).*$/\1/p' /proc/version) + [ -n "$V1" -a -n "$V2" ] && [ "$V1" -gt "$1" -o "$V1" -eq "$1" -a "$V2" -ge "$2" ] +} +linux_get_subsys() +{ + local INIT="$(sed 's/\x0/\n/g' /proc/1/cmdline | head -n 1)" + + [ -L "$INIT" ] && INIT=$(readlink "$INIT") + INIT="$(basename "$INIT")" + if [ -f "/etc/openwrt_release" ] && [ "$INIT" = "procd" ] ; then + SUBSYS=openwrt + elif [ -x "/bin/ndm" ] ; then + SUBSYS=keenetic + else + # generic linux + SUBSYS= + fi +} +openwrt_fw3() +{ + [ ! -x /sbin/fw4 -a -x /sbin/fw3 ] +} +openwrt_fw4() +{ + [ -x /sbin/fw4 ] +} +openwrt_fw3_integration() +{ + [ "$FWTYPE" = iptables ] && openwrt_fw3 +} + +create_dev_stdin() +{ + [ -e /dev/stdin ] || ln -s /proc/self/fd/0 /dev/stdin +} + +call_for_multiple_items() +{ + # $1 - function to get an item + # $2 - variable name to put result into + # $3 - space separated parameters to function $1 + + local i item items + for i in $3; do + $1 item $i + [ -n "$item" ] && { + if [ -n "$items" ]; then + items="$items $item" + else + items="$item" + fi + } + done + eval $2=\"$items\" +} + +fix_sbin_path() +{ + local IFS=':' + printf "%s\n" $PATH | grep -Fxq '/usr/sbin' || PATH="/usr/sbin:$PATH" + printf "%s\n" $PATH | grep -Fxq '/sbin' || PATH="/sbin:$PATH" + export PATH +} + +# it can calculate floating point expr +calc() +{ + LC_ALL=C awk "BEGIN { print $*}"; +} + +fsleep_setup() +{ + [ -n "$FSLEEP" ] || { + if sleep 0.001 2>/dev/null; then + FSLEEP=1 + elif busybox usleep 1 2>/dev/null; then + FSLEEP=2 + else + local errtext="$(read -t 0.001 2>&1)" + if [ -z "$errtext" ]; then + FSLEEP=3 + # newer openwrt has ucode with system function that supports timeout in ms + elif ucode -e "system(['sleep','1'], 1)" 2>/dev/null; then + FSLEEP=4 + # older openwrt may have lua and nixio lua module + elif lua -e 'require "nixio".nanosleep(0,1)' 2>/dev/null ; then + FSLEEP=5 + else + FSLEEP=0 + fi + fi + } +} +msleep() +{ + # $1 - milliseconds + case "$FSLEEP" in + 1) + sleep $(calc $1/1000) + ;; + 2) + busybox usleep $(calc $1*1000) + ;; + 3) + read -t $(calc $1/1000) + ;; + 4) + ucode -e "system(['sleep','2147483647'], $1)" + ;; + 5) + lua -e "require 'nixio'.nanosleep($(($1/1000)),$(calc $1%1000*1000000))" + ;; + *) + sleep $((($1+999)/1000)) + esac +} +minsleep() +{ + msleep 100 +} + +replace_char() +{ + local a="$1" + local b="$2" + shift; shift + echo "$@" | tr "$a" "$b" +} + +replace_str() +{ + local a=$(echo "$1" | sed 's/\//\\\//g') + local b=$(echo "$2" | sed 's/\//\\\//g') + shift; shift + echo "$@" | sed "s/$a/$b/g" +} + +setup_md5() +{ + [ -n "$MD5" ] && return + MD5=md5sum + exists $MD5 || MD5=md5 +} + +md5f() +{ + setup_md5 + $MD5 | cut -d ' ' -f1 +} + +setup_random() +{ + [ -n "$RCUT" ] && return + RCUT="cut -c 1-17" + # some shells can operate with 32 bit signed int + [ $((0x100000000)) = 0 ] && RCUT="cut -c 1-9" +} + +random() +{ + # $1 - min, $2 - max + local r rs + setup_random + if [ -c /dev/urandom ]; then + read rs /dev/null + elif exists pidof; then + pidof $1 >/dev/null + else + return 1 + fi +} + +win_process_exists() +{ + tasklist /NH /FI "IMAGENAME eq ${1}.exe" | grep -q "^${1}.exe" +} + +alloc_num() +{ + # $1 - source var name + # $2 - target var name + # $3 - min + # $4 - max + + local v + eval v="\$$2" + # do not replace existing value + [ -n "$v" ] && return + eval v="\$$1" + [ -n "$v" ] || v=$3 + eval $2="$v" + v=$((v + 1)) + [ $v -gt $4 ] && v=$3 + eval $1="$v" +} + +std_ports() +{ + TPWS_PORTS_IPT=$(replace_char - : $TPWS_PORTS) + NFQWS_PORTS_TCP_IPT=$(replace_char - : $NFQWS_PORTS_TCP) + NFQWS_PORTS_TCP_KEEPALIVE_IPT=$(replace_char - : $NFQWS_PORTS_TCP_KEEPALIVE) + NFQWS_PORTS_UDP_IPT=$(replace_char - : $NFQWS_PORTS_UDP) + NFQWS_PORTS_UDP_KEEPALIVE_IPT=$(replace_char - : $NFQWS_PORTS_UDP_KEEPALIVE) +} + +has_bad_ws_options() +{ + # $1 - nfqws/tpws opts + + contains "$1" "--ipset" && { + echo + echo "WARNING !!! --ipset parameter is present" + echo "It's OK if you only specialize already redirected traffic and also process the rest." + echo "If you redirect port X to process several IPs from the list and do nothing with the rest - IT'S VERY INEFFECTIVE !" + echo "Kernel ipsets should be used instead. Write custom scripts and filter IPs in kernel." + echo + } + + return 1 +} +check_bad_ws_options() +{ + # $1 - 0 = stop, 1 = start + # $2 - nfqws/tpws options + if [ "$1" = 1 ] && has_bad_ws_options "$2"; then + echo "!!! REFUSING TO USE BAD OPTIONS : $2" + help_bad_ws_options + return 1 + else + return 0 + fi +} +help_bad_ws_options() +{ + echo "WARNING ! BAD options detected" +} diff --git a/blockcheck/zapret/common/dialog.sh b/blockcheck/zapret/common/dialog.sh new file mode 100644 index 0000000..0cb3890 --- /dev/null +++ b/blockcheck/zapret/common/dialog.sh @@ -0,0 +1,58 @@ +read_yes_no() +{ + # $1 - default (Y/N) + local A + read A + [ -z "$A" ] || ([ "$A" != "Y" ] && [ "$A" != "y" ] && [ "$A" != "N" ] && [ "$A" != "n" ]) && A=$1 + [ "$A" = "Y" ] || [ "$A" = "y" ] || [ "$A" = "1" ] +} +ask_yes_no() +{ + # $1 - default (Y/N or 0/1) + # $2 - text + local DEFAULT=$1 + [ "$1" = "1" ] && DEFAULT=Y + [ "$1" = "0" ] && DEFAULT=N + [ -z "$DEFAULT" ] && DEFAULT=N + printf "$2 (default : $DEFAULT) (Y/N) ? " + read_yes_no $DEFAULT +} +ask_yes_no_var() +{ + # $1 - variable name for answer : 0/1 + # $2 - text + local DEFAULT + eval DEFAULT="\$$1" + if ask_yes_no "$DEFAULT" "$2"; then + eval $1=1 + else + eval $1=0 + fi +} +ask_list() +{ + # $1 - mode var + # $2 - space separated value list + # $3 - (optional) default value + local M_DEFAULT + eval M_DEFAULT="\$$1" + local M_ALL=$M_DEFAULT + local M="" + local m + + [ -n "$3" ] && { find_str_in_list "$M_DEFAULT" "$2" || M_DEFAULT="$3" ;} + + n=1 + for m in $2; do + echo $n : $m + n=$(($n+1)) + done + printf "your choice (default : $M_DEFAULT) : " + read m + [ -n "$m" ] && M=$(echo $2 | cut -d ' ' -f$m 2>/dev/null) + [ -z "$M" ] && M="$M_DEFAULT" + echo selected : $M + eval $1="\"$M\"" + + [ "$M" != "$M_OLD" ] +} diff --git a/blockcheck/zapret/common/elevate.sh b/blockcheck/zapret/common/elevate.sh new file mode 100644 index 0000000..bc86a96 --- /dev/null +++ b/blockcheck/zapret/common/elevate.sh @@ -0,0 +1,28 @@ +require_root() +{ + local exe preserve_env + echo \* checking privileges + [ $(id -u) -ne "0" ] && { + echo root is required + exe="$EXEDIR/$(basename "$0")" + exists sudo && { + echo elevating with sudo + exec sudo -E sh "$exe" + } + exists su && { + echo elevating with su + case "$UNAME" in + Linux) + preserve_env="--preserve-environment" + ;; + FreeBSD|OpenBSD|Darwin) + preserve_env="-m" + ;; + esac + exec su $preserve_env root -c "sh \"$exe\"" + } + echo su or sudo not found + exitp 2 + } + HAVE_ROOT=1 +} diff --git a/blockcheck/zapret/common/fwtype.sh b/blockcheck/zapret/common/fwtype.sh new file mode 100644 index 0000000..61390bb --- /dev/null +++ b/blockcheck/zapret/common/fwtype.sh @@ -0,0 +1,64 @@ +linux_ipt_avail() +{ + exists iptables && exists ip6tables +} +linux_maybe_iptables_fwtype() +{ + linux_ipt_avail && FWTYPE=iptables +} +linux_nft_avail() +{ + exists nft +} +linux_fwtype() +{ + [ -n "$FWTYPE" ] && return + + FWTYPE=unsupported + + linux_get_subsys + if [ "$SUBSYS" = openwrt ] ; then + # linux kernel is new enough if fw4 is there + if [ -x /sbin/fw4 ] && linux_nft_avail ; then + FWTYPE=nftables + else + linux_maybe_iptables_fwtype + fi + else + SUBSYS= + # generic linux + # flowtable is implemented since kernel 4.16 + if linux_nft_avail && linux_min_version 4 16; then + FWTYPE=nftables + else + linux_maybe_iptables_fwtype + fi + fi + + export FWTYPE +} + +get_fwtype() +{ + [ -n "$FWTYPE" ] && return + + local UNAME="$(uname)" + + case "$UNAME" in + Linux) + linux_fwtype + ;; + FreeBSD) + if exists ipfw ; then + FWTYPE=ipfw + else + FWTYPE=unsupported + fi + ;; + *) + FWTYPE=unsupported + ;; + esac + + export FWTYPE +} diff --git a/blockcheck/zapret/common/virt.sh b/blockcheck/zapret/common/virt.sh new file mode 100644 index 0000000..6e566d6 --- /dev/null +++ b/blockcheck/zapret/common/virt.sh @@ -0,0 +1,39 @@ +get_virt() +{ + local vm s v UNAME + UNAME=$(uname) + case "$UNAME" in + Linux) + if exists systemd-detect-virt; then + vm=$(systemd-detect-virt --vm) + elif [ -f /sys/class/dmi/id/product_name ]; then + read s /dev/null +} + +exitp() +{ + local A + + [ "$BATCH" = 1 ] || { + echo + echo press enter to continue + read A + } + exit $1 +} + +pf_is_avail() +{ + [ -c /dev/pf ] +} +pf_status() +{ + pfctl -qsi | sed -nre "s/^Status: ([^ ]+).*$/\1/p" +} +pf_is_enabled() +{ + [ "$(pf_status)" = Enabled ] +} +pf_save() +{ + PF_STATUS=0 + pf_is_enabled && PF_STATUS=1 + [ "$UNAME" = "OpenBSD" ] && pfctl -sr >"$PF_RULES_SAVE" +} +pf_restore() +{ + [ -n "$PF_STATUS" ] || return + case "$UNAME" in + OpenBSD) + if [ -f "$PF_RULES_SAVE" ]; then + pfctl -qf "$PF_RULES_SAVE" + else + echo | pfctl -qf - + fi + ;; + esac + if [ "$PF_STATUS" = 1 ]; then + pfctl -qe + else + pfctl -qd + fi +} +pf_clean() +{ + rm -f "$PF_RULES_SAVE" +} +opf_dvtws_anchor() +{ + # $1 - tcp/udp + # $2 - port + # $3 - ip list + local iplist family=inet + [ "$IPV" = 6 ] && family=inet6 + make_comma_list iplist "$3" + echo "set reassemble no" + [ "$1" = tcp ] && echo "pass in quick $family proto $1 from {$iplist} port $2 flags SA/SA divert-packet port $IPFW_DIVERT_PORT no state" + echo "pass in quick $family proto $1 from {$iplist} port $2 no state" + echo "pass out quick $family proto $1 to {$iplist} port $2 divert-packet port $IPFW_DIVERT_PORT no state" + echo "pass" +} +opf_prepare_dvtws() +{ + # $1 - tcp/udp + # $2 - port + # $3 - ip list + opf_dvtws_anchor $1 $2 "$3" | pfctl -qf - + pfctl -qe +} + +cleanup() +{ + case "$UNAME" in + OpenBSD) + pf_clean + ;; + esac +} + +IPT() +{ + $IPTABLES -C "$@" >/dev/null 2>/dev/null || $IPTABLES -I "$@" +} +IPT_DEL() +{ + $IPTABLES -C "$@" >/dev/null 2>/dev/null && $IPTABLES -D "$@" +} +IPT_ADD_DEL() +{ + on_off_function IPT IPT_DEL "$@" +} +IPFW_ADD() +{ + ipfw -qf add $IPFW_RULE_NUM "$@" +} +IPFW_DEL() +{ + ipfw -qf delete $IPFW_RULE_NUM 2>/dev/null +} +ipt6_has_raw() +{ + ip6tables -nL -t raw >/dev/null 2>/dev/null +} +ipt6_has_frag() +{ + ip6tables -A OUTPUT -m frag 2>/dev/null || return 1 + ip6tables -D OUTPUT -m frag 2>/dev/null +} +ipt_has_nfq() +{ + # cannot just check /proc/net/ip_tables_targets because of iptables-nft or modules not loaded yet + iptables -A OUTPUT -t mangle -p 255 -j NFQUEUE --queue-num $QNUM --queue-bypass 2>/dev/null || return 1 + iptables -D OUTPUT -t mangle -p 255 -j NFQUEUE --queue-num $QNUM --queue-bypass 2>/dev/null + return 0 +} +nft_has_nfq() +{ + local res=1 + nft delete table ${NFT_TABLE}_test 2>/dev/null + nft add table ${NFT_TABLE}_test 2>/dev/null && { + nft add chain ${NFT_TABLE}_test test + nft add rule ${NFT_TABLE}_test test queue num $QNUM bypass 2>/dev/null && res=0 + nft delete table ${NFT_TABLE}_test + } + return $res +} + +doh_resolve() +{ + # $1 - ip version 4/6 + # $2 - hostname + # $3 - doh server URL. use $DOH_SERVER if empty + "$MDIG" --family=$1 --dns-make-query=$2 | "$CURL" --max-time $CURL_MAX_TIME_DOH -s --data-binary @- -H "Content-Type: application/dns-message" "${3:-$DOH_SERVER}" | "$MDIG" --dns-parse-query +} +doh_find_working() +{ + local doh + + [ -n "$DOH_SERVER" ] && return 0 + echo "* searching working DoH server" + DOH_SERVER= + for doh in $DOH_SERVERS; do + echo -n "$doh : " + if doh_resolve 4 iana.org $doh >/dev/null 2>/dev/null; then + echo OK + DOH_SERVER="$doh" + return 0 + else + echo FAIL + fi + done + echo all DoH servers failed + return 1 +} + +mdig_vars() +{ + # $1 - ip version 4/6 + # $2 - hostname + + hostvar=$(echo $2 | sed -e 's/[\./?&#@%*$^:~=!()+-]/_/g') + cachevar=DNSCACHE_${hostvar}_$1 + countvar=${cachevar}_COUNT + eval count=\$${countvar} +} +mdig_cache() +{ + # $1 - ip version 4/6 + # $2 - hostname + local hostvar cachevar countvar count ip ips + mdig_vars "$@" + [ -n "$count" ] || { + # windows version of mdig outputs 0D0A line ending. remove 0D. + if [ "$SECURE_DNS" = 1 ]; then + ips="$(echo $2 | doh_resolve $1 $2 | tr -d '\r' | xargs)" + else + ips="$(echo $2 | "$MDIG" --family=$1 | tr -d '\r' | xargs)" + fi + [ -n "$ips" ] || return 1 + count=0 + for ip in $ips; do + eval ${cachevar}_$count=$ip + count=$(($count+1)) + done + eval $countvar=$count + } + return 0 +} +mdig_resolve() +{ + # $1 - ip version 4/6 + # $2 - var to receive result + # $3 - hostname, possibly with uri : rutracker.org/xxx/xxxx + local hostvar cachevar countvar count n sdom + + split_by_separator "$3" / sdom + mdig_vars "$1" "$sdom" + if [ -n "$count" ]; then + n=$(random 0 $(($count-1))) + eval $2=\$${cachevar}_$n + return 0 + else + mdig_cache "$1" "$sdom" && mdig_resolve "$1" "$2" "$sdom" + fi +} +mdig_resolve_all() +{ + # $1 - ip version 4/6 + # $2 - var to receive result + # $3 - hostname + + local hostvar cachevar countvar count ip__ ips__ n sdom + + split_by_separator "$3" / sdom + mdig_vars "$1" "$sdom" + if [ -n "$count" ]; then + n=0 + while [ "$n" -le $count ]; do + eval ip__=\$${cachevar}_$n + if [ -n "$ips__" ]; then + ips__="$ips__ $ip__" + else + ips__="$ip__" + fi + n=$(($n + 1)) + done + eval $2="\$ips__" + return 0 + else + mdig_cache "$1" "$sdom" && mdig_resolve_all "$1" "$2" "$sdom" + fi +} + +netcat_setup() +{ + [ -n "$NCAT" ] || { + if exists ncat; then + NCAT=ncat + elif exists nc; then + # busybox netcat does not support any required options + is_linked_to_busybox nc && return 1 + NCAT=nc + else + return 1 + fi + } + return 0 +} +netcat_test() +{ + # $1 - ip + # $2 - port + local cmd + netcat_setup && { + cmd="$NCAT -z -w 2 $1 $2" + echo $cmd + $cmd 2>&1 + } +} + +check_system() +{ + echo \* checking system + + UNAME=$(uname) + SUBSYS= + local s + + # can be passed FWTYPE=iptables to override default nftables preference + case "$UNAME" in + Linux) + PKTWS="$NFQWS2" + PKTWSD=nfqws2 + linux_fwtype + [ "$FWTYPE" = iptables -o "$FWTYPE" = nftables ] || { + echo firewall type $FWTYPE not supported in $UNAME + exitp 5 + } + ;; + FreeBSD) + PKTWS="$DVTWS2" + PKTWSD=dvtws2 + FWTYPE=ipfw + [ -f /etc/platform ] && read SUBSYS /dev/null + ;; + *) + echo $UNAME not supported + exitp 5 + esac + echo $UNAME${SUBSYS:+/$SUBSYS} detected + echo -n 'kernel: ' + if [ -f "/proc/version" ]; then + cat /proc/version + else + uname -a + fi + [ -f /etc/os-release ] && { + . /etc/os-release + [ -n "$PRETTY_NAME" ] && echo "distro: $PRETTY_NAME" + [ -n "$OPENWRT_RELEASE" ] && echo "openwrt release: $OPENWRT_RELEASE" + [ -n "$OPENWRT_BOARD" ] && echo "openwrt board: $OPENWRT_BOARD" + [ -n "$OPENWRT_ARCH" ] && echo "openwrt arch: $OPENWRT_ARCH" + } + echo firewall type is $FWTYPE + echo CURL=$CURL + "$CURL" --version +} + +zp_already_running() +{ + case "$UNAME" in + CYGWIN) + win_process_exists $PKTWSD || win_process_exists winws || win_process_exists goodbyedpi + ;; + *) + process_exists $PKTWSD || process_exists tpws || process_exists nfqws + esac +} +check_already() +{ + echo \* checking already running DPI bypass processes + if zp_already_running; then + echo "!!! WARNING. some dpi bypass processes already running !!!" + echo "!!! WARNING. blockcheck requires all DPI bypass methods disabled !!!" + echo "!!! WARNING. pls stop all dpi bypass instances that may interfere with blockcheck !!!" + fi +} + +freebsd_module_loaded() +{ + # $1 - module name + kldstat -qm "${1}" +} +freebsd_modules_loaded() +{ + # $1,$2,$3, ... - module names + while [ -n "$1" ]; do + freebsd_module_loaded $1 || return 1 + shift + done + return 0 +} + +check_prerequisites() +{ + echo \* checking prerequisites + + [ "$SKIP_PKTWS" = 1 -o -x "$PKTWS" ] && [ -x "$MDIG" ] || { + local target + case $UNAME in + OpenBSD) + target="bsd" + echo $PKTWS or $MDIG is not available. \`gmake -C \"$ZAPRET_BASE\" bsd \` + ;; + *) + echo $PKTWS or $MDIG is not available. run \"$ZAPRET_BASE/install_bin.sh\" or \`make -C \"$ZAPRET_BASE\" $target\` + esac + exitp 6 + } + + local prog progs='curl' + [ "$SKIP_PKTWS" = 1 ] || { + case "$UNAME" in + Linux) + case "$FWTYPE" in + iptables) + ipt_has_nfq || { + echo NFQUEUE iptables or ip6tables target is missing. pls install modules. + exitp 6 + } + progs="$progs iptables ip6tables" + ;; + nftables) + nft_has_nfq || { + echo nftables queue support is not available. pls install modules. + exitp 6 + } + progs="$progs nft" + ;; + esac + ;; + FreeBSD) + freebsd_modules_loaded ipfw ipdivert || { + echo ipfw or ipdivert kernel module not loaded + exitp 6 + } + [ "$(sysctl -qn net.inet.ip.fw.enable)" = 0 -o "$(sysctl -qn net.inet6.ip6.fw.enable)" = 0 ] && { + echo ipfw is disabled. use : ipfw enable firewall + exitp 6 + } + pf_is_avail && { + pf_save + [ "$SUBSYS" = "pfSense" ] && { + # pfsense's ipfw may not work without these workarounds + sysctl net.inet.ip.pfil.outbound=ipfw,pf 2>/dev/null + sysctl net.inet.ip.pfil.inbound=ipfw,pf 2>/dev/null + sysctl net.inet6.ip6.pfil.outbound=ipfw,pf 2>/dev/null + sysctl net.inet6.ip6.pfil.inbound=ipfw,pf 2>/dev/null + pfctl -qd + pfctl -qe + pf_restore + } + } + progs="$progs ipfw" + ;; + OpenBSD) + pf_is_avail || { + echo pf is not available + exitp 6 + } + pf_save + progs="$progs pfctl" + ;; + esac + } + + for prog in $progs; do + exists $prog || { + echo $prog does not exist. please install + exitp 6 + } + done + + if exists nslookup; then + LOOKUP=nslookup + elif exists host; then + LOOKUP=host + else + echo nslookup or host does not exist. please install + exitp 6 + fi +} + + +curl_translate_code() +{ + # $1 - code + printf $1 + case $1 in + 0) printf ": ok" + ;; + 1) printf ": unsupported protocol" + ;; + 2) printf ": early initialization code failed" + ;; + 3) printf ": the URL was not properly formatted" + ;; + 4) printf ": feature not supported by libcurl" + ;; + 5) printf ": could not resolve proxy" + ;; + 6) printf ": could not resolve host" + ;; + 7) printf ": could not connect" + ;; + 8) printf ": invalid server reply" + ;; + 9) printf ": remote access denied" + ;; + 27) printf ": out of memory" + ;; + 28) printf ": operation timed out" + ;; + 35) printf ": SSL connect error" + ;; + esac +} +curl_supports_tls13() +{ + local r + "$CURL" --tlsv1.3 -Is -o /dev/null --max-time 1 http://127.0.0.1:65535 2>/dev/null + # return code 2 = init failed. likely bad command line options + [ $? = 2 ] && return 1 + # curl can have tlsv1.3 key present but ssl library without TLS 1.3 support + # this is online test because there's no other way to trigger library incompatibility case + "$CURL" --tlsv1.3 --max-time 1 -Is -o /dev/null https://iana.org 2>/dev/null + r=$? + [ $r != 4 -a $r != 35 ] +} + +curl_supports_tlsmax() +{ + # supported only in OpenSSL and LibreSSL + "$CURL" --version | grep -Fq -e OpenSSL -e LibreSSL -e BoringSSL -e GnuTLS -e quictls || return 1 + # supported since curl 7.54 + "$CURL" --tls-max 1.2 -Is -o /dev/null --max-time 1 http://127.0.0.1:65535 2>/dev/null + # return code 2 = init failed. likely bad command line options + [ $? != 2 ] +} + +curl_supports_connect_to() +{ + "$CURL" --connect-to 127.0.0.1:: -o /dev/null --max-time 1 http://127.0.0.1:65535 2>/dev/null + [ "$?" != 2 ] +} + +curl_supports_http3() +{ + # if it has http3 : curl: (3) HTTP/3 requested for non-HTTPS URL + # otherwise : curl: (2) option --http3-only: is unknown + "$CURL" --connect-to 127.0.0.1:: -o /dev/null --max-time 1 --http3-only http://127.0.0.1:65535 2>/dev/null + [ "$?" != 2 ] +} + +hdrfile_http_code() +{ + # $1 - hdr file + sed -nre '1,1 s/^HTTP\/1\.[0,1] ([0-9]+) .*$/\1/p' "$1" +} +hdrfile_location() +{ + # $1 - hdr file + + # some DPIs return CRLF line ending + tr -d '\015' <"$1" | sed -nre 's/^[Ll][Oo][Cc][Aa][Tt][Ii][Oo][Nn]:[ ]*([^ ]*)[ ]*$/\1/p' +} + +curl_with_subst_ip() +{ + # $1 - domain + # $2 - port + # $3 - ip + # $4+ - curl params + local ip="$3" + case "$ip" in + *:*) ip="[$ip]" ;; + esac + local connect_to="--connect-to $1::$ip${2:+:$2}" arg + shift ; shift ; shift; + [ "$CURL_VERBOSE" = 1 ] && arg="-v" + [ "$CURL_CMD" = 1 ] && echo $CURL ${arg:+$arg }$connect_to "$@" + ALL_PROXY="$ALL_PROXY" "$CURL" ${arg:+$arg }$connect_to "$@" +} +curl_with_dig() +{ + # $1 - ip version : 4/6 + # $2 - domain name + # $3 - port + # $4+ - curl params + local dom=$2 port=$3 + local sdom suri ip + + split_by_separator "$dom" / sdom suri + mdig_resolve $1 ip $sdom + shift ; shift ; shift + if [ -n "$ip" ]; then + curl_with_subst_ip "$sdom" "$port" "$ip" "$@" + else + return 6 + fi +} +curl_probe() +{ + # $1 - ip version : 4/6 + # $2 - domain name + # $3 - port + # $4 - subst ip + # $5+ - curl params + local ipv=$1 dom=$2 port=$3 subst=$4 + shift; shift; shift; shift + if [ -n "$subst" ]; then + curl_with_subst_ip $dom $port $subst "$@" + else + curl_with_dig $ipv $dom $port "$@" + fi +} +curl_test_http() +{ + # $1 - ip version : 4/6 + # $2 - domain name + # $3 - subst ip + # $4 - "detail" - detail info + + local code loc hdrt="${HDRTEMP}_${!:-$$}.txt" dom="$(tolower "$2")" + curl_probe $1 $2 $HTTP_PORT "$3" -SsD "$hdrt" -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT "http://$2" -o /dev/null 2>&1 || { + code=$? + rm -f "$hdrt" + return $code + } + if [ "$4" = "detail" ] ; then + head -n 1 "$hdrt" + grep "^[lL]ocation:" "$hdrt" + else + code=$(hdrfile_http_code "$hdrt") + [ "$code" = 301 -o "$code" = 302 -o "$code" = 307 -o "$code" = 308 ] && { + loc=$(hdrfile_location "$hdrt") + tolower "$loc" | grep -qE "^https?://.*$dom(/|$)" || + tolower "$loc" | grep -vqE '^https?://' || { + echo suspicious redirection $code to : $loc + rm -f "$hdrt" + return 254 + } + } + fi + rm -f "$hdrt" + [ "$code" = 400 ] && { + # this can often happen if the server receives fake packets it should not receive + echo http code $code. likely the server receives fakes. + return 254 + } + return 0 +} +curl_test_https_tls12() +{ + # $1 - ip version : 4/6 + # $2 - domain name + # $3 - subst ip + + # do not use tls 1.3 to make sure server certificate is not encrypted + curl_probe $1 $2 $HTTPS_PORT "$3" $HTTPS_HEAD -Ss -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT --tlsv1.2 $TLSMAX12 "https://$2" -o /dev/null 2>&1 +} +curl_test_https_tls13() +{ + # $1 - ip version : 4/6 + # $2 - domain name + # $3 - subst ip + + # force TLS1.3 mode + curl_probe $1 $2 $HTTPS_PORT "$3" $HTTPS_HEAD -Ss -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT --tlsv1.3 $TLSMAX13 "https://$2" -o /dev/null 2>&1 +} + +curl_test_http3() +{ + # $1 - ip version : 4/6 + # $2 - domain name + + # force QUIC only mode without tcp + curl_with_dig $1 $2 $QUIC_PORT $HTTPS_HEAD -Ss -A "$USER_AGENT" --max-time $CURL_MAX_TIME_QUIC --http3-only $CURL_OPT "https://$2" -o /dev/null 2>&1 +} + +ipt_aux_scheme() +{ + # $1 - 1 - add , 0 - del + # $2 - tcp/udp + # $3 - port + + # to avoid possible INVALID state drop + [ "$2" = tcp ] && IPT_ADD_DEL $1 INPUT -p $2 --sport $3 ! --syn -j ACCEPT + + local icmp_filter="-p icmp -m icmp --icmp-type" + [ "$IPV" = 6 ] && icmp_filter="-p icmpv6 -m icmp6 --icmpv6-type" + IPT_ADD_DEL $1 INPUT $icmp_filter time-exceeded -m connmark --mark $DESYNC_MARK/$DESYNC_MARK -j DROP + + # for strategies with incoming packets involved (autottl) + IPT_ADD_DEL $1 OUTPUT -p $2 --dport $3 -m conntrack --ctstate INVALID -j ACCEPT + if [ "$IPV" = 6 -a -n "$IP6_DEFRAG_DISABLE" ]; then + # the only way to reliable disable ipv6 defrag. works only in 4.16+ kernels + IPT_ADD_DEL $1 OUTPUT -t raw -p $2 -m frag -j CT --notrack + elif [ "$IPV" = 4 ]; then + # enable fragments + IPT_ADD_DEL $1 OUTPUT -f -j ACCEPT + fi + # enable everything generated by nfqws (works only in OUTPUT, not in FORWARD) + # raw table may not be present + IPT_ADD_DEL $1 OUTPUT -t raw -m mark --mark $DESYNC_MARK/$DESYNC_MARK -j CT --notrack +} +ipt_scheme() +{ + # $1 - tcp/udp + # $2 - port + # $3 - ip list + + local ip + + $IPTABLES -t mangle -N blockcheck_output 2>/dev/null + $IPTABLES -t mangle -F blockcheck_output + IPT OUTPUT -t mangle -j blockcheck_output + + # prevent loop + $IPTABLES -t mangle -A blockcheck_output -m mark --mark $DESYNC_MARK/$DESYNC_MARK -j RETURN + $IPTABLES -t mangle -A blockcheck_output ! -p $1 -j RETURN + $IPTABLES -t mangle -A blockcheck_output -p $1 ! --dport $2 -j RETURN + + for ip in $3; do + $IPTABLES -t mangle -A blockcheck_output -d $ip -j CONNMARK --or-mark $DESYNC_MARK + $IPTABLES -t mangle -A blockcheck_output -d $ip -j NFQUEUE --queue-num $QNUM + done + + ipt_aux_scheme 1 $1 $2 +} +nft_scheme() +{ + # $1 - tcp/udp + # $2 - port + # $3 - ip list + + local iplist ipver=$IPV + [ "$IPV" = 6 ] || ipver= + make_comma_list iplist $3 + + nft add table inet $NFT_TABLE + nft "add chain inet $NFT_TABLE postnat { type filter hook postrouting priority 102; }" + nft "add rule inet $NFT_TABLE postnat meta nfproto ipv${IPV} $1 dport $2 mark and $DESYNC_MARK == 0 ip${ipver} daddr {$iplist} ct mark set ct mark or $DESYNC_MARK queue num $QNUM" + # for strategies with incoming packets involved (autottl) + nft "add chain inet $NFT_TABLE prenat { type filter hook prerouting priority -102; }" + # enable everything generated by nfqws (works only in OUTPUT, not in FORWARD) + nft "add chain inet $NFT_TABLE predefrag { type filter hook output priority -402; }" + nft "add rule inet $NFT_TABLE predefrag meta nfproto ipv${IPV} mark and $DESYNC_MARK !=0 notrack" + [ "$IPV" = 4 ] && { + nft "add rule inet $NFT_TABLE prenat icmp type time-exceeded ct mark and $DESYNC_MARK != 0 drop" + nft "add rule inet $NFT_TABLE prenat icmp type time-exceeded ct state invalid drop" + } + [ "$IPV" = 6 ] && { + nft "add rule inet $NFT_TABLE prenat icmpv6 type time-exceeded ct mark and $DESYNC_MARK != 0 drop" + nft "add rule inet $NFT_TABLE prenat icmpv6 type time-exceeded ct state invalid drop" + } +} + +pktws_ipt_prepare() +{ + # $1 - tcp/udp + # $2 - port + # $3 - ip list + + local ip + + case "$FWTYPE" in + iptables) + ipt_scheme $1 $2 "$3" + ;; + nftables) + nft_scheme $1 $2 "$3" + ;; + ipfw) + # disable PF to avoid interferences + pf_is_avail && pfctl -qd + for ip in $3; do + IPFW_ADD divert $IPFW_DIVERT_PORT $1 from me to $ip $2 proto ip${IPV} out not diverted + done + ;; + opf) + opf_prepare_dvtws $1 $2 "$3" + ;; + windivert) + WF="--wf-l3=ipv${IPV} --wf-${1}-out=$2" + rm -f "$IPSET_FILE" + for ip in $3; do + echo $ip >>"$IPSET_FILE" + done + ;; + + esac +} +pktws_ipt_unprepare() +{ + # $1 - tcp/udp + # $2 - port + + case "$FWTYPE" in + iptables) + ipt_aux_scheme 0 $1 $2 + IPT_DEL OUTPUT -t mangle -j blockcheck_output + $IPTABLES -t mangle -F blockcheck_output 2>/dev/null + $IPTABLES -t mangle -X blockcheck_output 2>/dev/null + ;; + nftables) + nft delete table inet $NFT_TABLE 2>/dev/null + ;; + ipfw) + IPFW_DEL + pf_is_avail && pf_restore + ;; + opf) + pf_restore + ;; + windivert) + unset WF + rm -f "$IPSET_FILE" + ;; + esac +} + +pktws_ipt_prepare_tcp() +{ + # $1 - port + # $2 - ip list + + local ip iplist ipver + + pktws_ipt_prepare tcp $1 "$2" + + # for autottl mode + case "$FWTYPE" in + iptables) + $IPTABLES -N blockcheck_input -t mangle 2>/dev/null + $IPTABLES -F blockcheck_input -t mangle 2>/dev/null + IPT INPUT -t mangle -j blockcheck_input + $IPTABLES -t mangle -A blockcheck_input ! -p tcp -j RETURN + $IPTABLES -t mangle -A blockcheck_input -p tcp ! --sport $1 -j RETURN + $IPTABLES -t mangle -A blockcheck_input -p tcp ! --tcp-flags SYN,ACK SYN,ACK -j RETURN + for ip in $2; do + $IPTABLES -A blockcheck_input -t mangle -s $ip -j NFQUEUE --queue-num $QNUM + done + ;; + nftables) + ipver=$IPV + [ "$IPV" = 6 ] || ipver= + make_comma_list iplist $2 + nft "add rule inet $NFT_TABLE prenat meta nfproto ipv${IPV} tcp sport $1 tcp flags & (syn | ack) == (syn | ack) ip${ipver} saddr {$iplist} queue num $QNUM" + ;; + ipfw) + for ip in $2; do + IPFW_ADD divert $IPFW_DIVERT_PORT tcp from $ip $1 to me proto ip${IPV} tcpflags syn,ack in not diverted + done + ;; + esac +} +pktws_ipt_unprepare_tcp() +{ + # $1 - port + + pktws_ipt_unprepare tcp $1 + + case "$FWTYPE" in + iptables) + IPT_DEL INPUT -t mangle -j blockcheck_input + $IPTABLES -t mangle -F blockcheck_input 2>/dev/null + $IPTABLES -t mangle -X blockcheck_input 2>/dev/null + ;; + esac +} +pktws_ipt_prepare_udp() +{ + # $1 - port + # $2 - ip list + + pktws_ipt_prepare udp $1 "$2" +} +pktws_ipt_unprepare_udp() +{ + # $1 - port + + pktws_ipt_unprepare udp $1 +} + +pktws_start() +{ + case "$UNAME" in + Linux) + "$NFQWS2" --uid $WS_UID:$WS_GID --fwmark=$DESYNC_MARK --qnum=$QNUM --lua-init=@"$ZAPRET_BASE/lua/zapret-lib.lua" --lua-init=@"$ZAPRET_BASE/lua/zapret-antidpi.lua" "$@" >/dev/null & + ;; + FreeBSD|OpenBSD) + "$DVTWS2" --port=$IPFW_DIVERT_PORT --lua-init=@"$ZAPRET_BASE/lua/zapret-lib.lua" --lua-init=@"$ZAPRET_BASE/lua/zapret-antidpi.lua" "$@" >/dev/null & + ;; + CYGWIN) + "$WINWS2" $WF --ipset="$IPSET_FILE" --lua-init=@"$ZAPRET_BASE/lua/zapret-lib.lua" --lua-init=@"$ZAPRET_BASE/lua/zapret-antidpi.lua" "$@" >/dev/null & + ;; + esac + PID=$! + # give some time to initialize + minsleep +} +ws_kill() +{ + [ -z "$PID" ] || { + killwait -9 $PID 2>/dev/null + PID= + } +} + +check_domain_port_block() +{ + # $1 - domain + # $2 - port + local ip ips + echo + echo \* port block tests ipv$IPV $1:$2 + if netcat_setup; then + mdig_resolve_all $IPV ips $1 + if [ -n "$ips" ]; then + for ip in $ips; do + if netcat_test $ip $2; then + echo $ip connects + else + echo $ip does not connect. netcat code $? + fi + done + else + echo "ipv${IPV} $1 does not resolve" + fi + else + echo suitable netcat not found. busybox nc is not supported. pls install nmap ncat or openbsd netcat. + fi +} + +curl_test() +{ + # $1 - test function + # $2 - domain + # $3 - subst ip + # $4 - param of test function + local code=0 n=0 p pids + + if [ "$PARALLEL" = 1 ]; then + rm -f "${PARALLEL_OUT}"* + for n in $(seq -s ' ' 1 $REPEATS); do + $1 "$IPV" $2 $3 "$4" >"${PARALLEL_OUT}_$n" & + pids="${pids:+$pids }$!" + done + n=1 + for p in $pids; do + [ $REPEATS -gt 1 ] && printf "[attempt $n] " + if wait $p; then + [ $REPEATS -gt 1 ] && echo 'AVAILABLE' + else + code=$? + cat "${PARALLEL_OUT}_$n" + fi + n=$(($n+1)) + done + rm -f "${PARALLEL_OUT}"* + else + while [ $n -lt $REPEATS ]; do + n=$(($n+1)) + [ $REPEATS -gt 1 ] && printf "[attempt $n] " + if $1 "$IPV" $2 $3 "$4" ; then + [ $REPEATS -gt 1 ] && echo 'AVAILABLE' + else + code=$? + [ "$SCANLEVEL" = quick ] && break + fi + done + fi + [ "$4" = detail ] || { + if [ $code = 254 ]; then + echo "UNAVAILABLE" + elif [ $code = 0 ]; then + echo '!!!!! AVAILABLE !!!!!' + else + echo "UNAVAILABLE code=$code" + fi + } + return $code +} +ws_curl_test() +{ + # $1 - ws start function + # $2 - test function + # $3 - domain + # $4,$5,$6, ... - ws params + local code ws_start=$1 testf=$2 dom=$3 + + [ "$SIMULATE" = 1 ] && { + n=$(random 0 99) + if [ "$n" -lt "$SIM_SUCCESS_RATE" ]; then + echo "SUCCESS" + return 0 + else + echo "FAILED" + return 7 + fi + } + shift + shift + shift + $ws_start "$@" + curl_test $testf $dom + code=$? + ws_kill + return $code +} +pktws_curl_test() +{ + # $1 - test function + # $2 - domain + # $3,$4,$5, ... - nfqws/dvtws params + local testf=$1 dom=$2 strategy code + + shift; shift; + echo - $testf ipv$IPV $dom : $PKTWSD ${WF:+$WF }${PKTWS_EXTRA_PRE:+$PKTWS_EXTRA_PRE }${PKTWS_EXTRA_PRE_1:+"$PKTWS_EXTRA_PRE_1" }${PKTWS_EXTRA_PRE_2:+"$PKTWS_EXTRA_PRE_2" }${PKTWS_EXTRA_PRE_3:+"$PKTWS_EXTRA_PRE_3" }${PKTWS_EXTRA_PRE_4:+"$PKTWS_EXTRA_PRE_4" }${PKTWS_EXTRA_PRE_5:+"$PKTWS_EXTRA_PRE_5" }${PKTWS_EXTRA_PRE_6:+"$PKTWS_EXTRA_PRE_6" }${PKTWS_EXTRA_PRE_7:+"$PKTWS_EXTRA_PRE_7" }${PKTWS_EXTRA_PRE_8:+"$PKTWS_EXTRA_PRE_8" }${PKTWS_EXTRA_PRE_9:+"$PKTWS_EXTRA_PRE_9" }$@${PKTWS_EXTRA_POST:+ $PKTWS_EXTRA_POST}${PKTWS_EXTRA_POST_1:+ "$PKTWS_EXTRA_POST_1"}${PKTWS_EXTRA_POST_2:+ "$PKTWS_EXTRA_POST_2"}${PKTWS_EXTRA_POST_3:+ "$PKTWS_EXTRA_POST_3"}${PKTWS_EXTRA_POST_4:+ "$PKTWS_EXTRA_POST_4"}${PKTWS_EXTRA_POST_5:+ "$PKTWS_EXTRA_POST_5"}${PKTWS_EXTRA_POST_6:+ "$PKTWS_EXTRA_POST_6"}${PKTWS_EXTRA_POST_7:+ "$PKTWS_EXTRA_POST_7"}${PKTWS_EXTRA_POST_8:+ "$PKTWS_EXTRA_POST_8"}${PKTWS_EXTRA_POST_9:+ "$PKTWS_EXTRA_POST_9"} + ws_curl_test pktws_start $testf $dom ${PKTWS_EXTRA_PRE:+$PKTWS_EXTRA_PRE }${PKTWS_EXTRA_PRE_1:+"$PKTWS_EXTRA_PRE_1" }${PKTWS_EXTRA_PRE_2:+"$PKTWS_EXTRA_PRE_2" }${PKTWS_EXTRA_PRE_3:+"$PKTWS_EXTRA_PRE_3" }${PKTWS_EXTRA_PRE_4:+"$PKTWS_EXTRA_PRE_4" }${PKTWS_EXTRA_PRE_5:+"$PKTWS_EXTRA_PRE_5" }${PKTWS_EXTRA_PRE_6:+"$PKTWS_EXTRA_PRE_6" }${PKTWS_EXTRA_PRE_7:+"$PKTWS_EXTRA_PRE_7" }${PKTWS_EXTRA_PRE_8:+"$PKTWS_EXTRA_PRE_8" }${PKTWS_EXTRA_PRE_9:+"$PKTWS_EXTRA_PRE_9" }"$@"${PKTWS_EXTRA_POST:+ $PKTWS_EXTRA_POST}${PKTWS_EXTRA_POST_1:+ "$PKTWS_EXTRA_POST_1"}${PKTWS_EXTRA_POST_2:+ "$PKTWS_EXTRA_POST_2"}${PKTWS_EXTRA_POST_3:+ "$PKTWS_EXTRA_POST_3"}${PKTWS_EXTRA_POST_4:+ "$PKTWS_EXTRA_POST_4"}${PKTWS_EXTRA_POST_5:+ "$PKTWS_EXTRA_POST_5"}${PKTWS_EXTRA_POST_6:+ "$PKTWS_EXTRA_POST_6"}${PKTWS_EXTRA_POST_7:+ "$PKTWS_EXTRA_POST_7"}${PKTWS_EXTRA_POST_8:+ "$PKTWS_EXTRA_POST_8"}${PKTWS_EXTRA_POST_9:+ "$PKTWS_EXTRA_POST_9"} + + code=$? + [ "$code" = 0 ] && { + strategy="$@" + strategy_append_extra_pktws + report_append "$dom" "$testf ipv${IPV}" "$PKTWSD ${WF:+$WF }$strategy" + } + return $code +} +strategy_append_extra_pktws() +{ + strategy="${strategy:+${PKTWS_EXTRA_PRE:+$PKTWS_EXTRA_PRE }${PKTWS_EXTRA_PRE_1:+"$PKTWS_EXTRA_PRE_1" }${PKTWS_EXTRA_PRE_2:+"$PKTWS_EXTRA_PRE_2" }${PKTWS_EXTRA_PRE_3:+"$PKTWS_EXTRA_PRE_3" }${PKTWS_EXTRA_PRE_4:+"$PKTWS_EXTRA_PRE_4" }${PKTWS_EXTRA_PRE_5:+"$PKTWS_EXTRA_PRE_5" }${PKTWS_EXTRA_PRE_6:+"$PKTWS_EXTRA_PRE_6" }${PKTWS_EXTRA_PRE_7:+"$PKTWS_EXTRA_PRE_7" }${PKTWS_EXTRA_PRE_8:+"$PKTWS_EXTRA_PRE_8" }${PKTWS_EXTRA_PRE_9:+"$PKTWS_EXTRA_PRE_9" }$strategy${PKTWS_EXTRA_POST:+ $PKTWS_EXTRA_POST}${PKTWS_EXTRA_1:+ "$PKTWS_EXTRA_POST_1"}${PKTWS_EXTRA_POST_2:+ "$PKTWS_EXTRA_POST_2"}${PKTWS_EXTRA_POST_3:+ "$PKTWS_EXTRA_POST_3"}${PKTWS_EXTRA_POST_4:+ "$PKTWS_EXTRA_POST_4"}${PKTWS_EXTRA_POST_5:+ "$PKTWS_EXTRA_POST_5"}${PKTWS_EXTRA_POST_6:+ "$PKTWS_EXTRA_POST_6"}${PKTWS_EXTRA_POST_7:+ "$PKTWS_EXTRA_POST_7"}${PKTWS_EXTRA_POST_8:+ "$PKTWS_EXTRA_POST_8"}${PKTWS_EXTRA_POST_9:+ "$PKTWS_EXTRA_POST_9"}}" +} + + +xxxws_curl_test_update() +{ + # $1 - xxx_curl_test function + # $2 - test function + # $3 - domain + # $4,$5,$6, ... - nfqws2/dvtws2 params + local code xxxf=$1 testf=$2 dom=$3 + shift + shift + shift + $xxxf $testf $dom "$@" + code=$? + [ $code = 0 ] && strategy="${strategy:-$@}" + return $code +} +pktws_curl_test_update() +{ + xxxws_curl_test_update pktws_curl_test "$@" +} + +report_append() +{ + # $1 - domain + # $2 - test function + ipver + # $3 - value + local hashstr hash hashvar hashcountvar val ct + + # save resources if only one domain + [ "$DOMAINS_COUNT" -gt 1 ] && { + hashstr="$2 : $3" + hash="$(echo -n "$hashstr" | md5f)" + hashvar=RESHASH_${hash} + hashcountvar=${hashvar}_COUNTER + + NRESHASH=${NRESHASH:-0} + + eval val="\$$hashvar" + if [ -n "$val" ]; then + eval ct="\$$hashcountvar" + ct=$(($ct + 1)) + eval $hashcountvar="\$ct" + else + eval $hashvar=\"$hashstr\" + eval $hashcountvar=1 + eval RES_$NRESHASH="\$hash" + NRESHASH=$(($NRESHASH+1)) + fi + } + + NREPORT=${NREPORT:-0} + eval REPORT_${NREPORT}=\"$2 $1 : $3\" + NREPORT=$(($NREPORT+1)) +} +report_print() +{ + local n=0 s + NREPORT=${NREPORT:-0} + while [ $n -lt $NREPORT ]; do + eval s=\"\${REPORT_$n}\" + echo $s + n=$(($n+1)) + done +} +result_intersection_print() +{ + local n=0 hash hashvar hashcountvar ct val + while : ; do + eval hash=\"\$RES_$n\" + [ -n "$hash" ] || break + hashvar=RESHASH_${hash} + hashcountvar=${hashvar}_COUNTER + eval ct=\"\$$hashcountvar\" + [ "$ct" = "$DOMAINS_COUNT" ] && { + eval val=\"\$$hashvar\" + echo "$val" + } + n=$(($n + 1)) + done +} +report_strategy() +{ + # $1 - test function + # $2 - domain + # $3 - daemon + echo + if [ -n "$strategy" ]; then + # trim spaces at the end + strategy="$(echo "$strategy" | xargs)" + echo "!!!!! $1: working strategy found for ipv${IPV} $2 : $3 $strategy !!!!!" + echo + return 0 + else + echo "$1: $3 strategy for ipv${IPV} $2 not found" + echo + report_append "$2" "$1 ipv${IPV}" "$3 not working" + return 1 + fi +} + +test_runner() +{ + # $1 - function name + # $2+ - params + + local n script FUNC=$1 + + shift + + TESTDIR="$BLOCKCHECK2D/$TEST" + [ -d "$TESTDIR" ] && { + dir_is_not_empty "$TESTDIR" && { + for script in "$TESTDIR/"*.sh; do + [ -f "$script" ] || continue + unset -f $FUNC + . "$script" + existf $FUNC && { + echo + echo "* script : $TEST/$(basename "$script")" + $FUNC "$@" + } + done + } + } +} + +pktws_check_domain_http_bypass() +{ + # $1 - test function + # $2 - encrypted test : 0 = plain, 1 - encrypted with server reply risk, 2 - encrypted without server reply risk + # $3 - domain + + local strategy func + if [ "$2" = 0 ]; then + func=pktws_check_http + elif [ "$2" = 1 ]; then + func=pktws_check_https_tls12 + elif [ "$2" = 2 ]; then + func=pktws_check_https_tls13 + else + return 1 + fi + test_runner $func "$1" "$3" + strategy_append_extra_pktws + report_strategy $1 $3 $PKTWSD +} + +pktws_check_domain_http3_bypass() +{ + # $1 - test function + # $2 - domain + + local strategy + test_runner pktws_check_http3 "$@" + strategy_append_extra_pktws + report_strategy $1 $2 $PKTWSD +} + + +check_dpi_ip_block() +{ + # $1 - test function + # $2 - domain + + local blocked_dom=$2 + local blocked_ip blocked_ips unblocked_ip + + echo + echo "- IP block tests (requires manual interpretation)" + + echo "> testing $UNBLOCKED_DOM on it's original ip" + if curl_test $1 $UNBLOCKED_DOM; then + mdig_resolve $IPV unblocked_ip $UNBLOCKED_DOM + [ -n "$unblocked_ip" ] || { + echo $UNBLOCKED_DOM does not resolve. tests not possible. + return 1 + } + + echo "> testing $blocked_dom on $unblocked_ip ($UNBLOCKED_DOM)" + curl_test $1 $blocked_dom $unblocked_ip detail + + mdig_resolve_all $IPV blocked_ips $blocked_dom + for blocked_ip in $blocked_ips; do + echo "> testing $UNBLOCKED_DOM on $blocked_ip ($blocked_dom)" + curl_test $1 $UNBLOCKED_DOM $blocked_ip detail + done + else + echo $UNBLOCKED_DOM is not available. skipping this test. + fi +} + +curl_has_reason_to_continue() +{ + # $1 - curl return code + for c in 1 2 3 4 6 27 ; do + [ $1 = $c ] && return 1 + done + return 0 +} + +check_domain_prolog() +{ + # $1 - test function + # $2 - port + # $3 - domain + + local code + + [ "$SIMULATE" = 1 ] && return 0 + + echo + echo \* $1 ipv$IPV $3 + + echo "- checking without DPI bypass" + curl_test $1 $3 && { + report_append "$3" "$1 ipv${IPV}" "working without bypass" + [ "$SCANLEVEL" = force ] || return 1 + } + code=$? + curl_has_reason_to_continue $code || { + report_append "$3" "$1 ipv${IPV}" "test aborted, no reason to continue. curl code $(curl_translate_code $code)" + return 1 + } + return 0 +} +check_domain_http_tcp() +{ + # $1 - test function + # $2 - port + # $3 - encrypted test : 0 = plain, 1 - encrypted with server reply risk, 2 - encrypted without server reply risk + # $4 - domain + + local ips + + # in case was interrupted before + pktws_ipt_unprepare_tcp $2 + ws_kill + + check_domain_prolog $1 $2 $4 || return + + [ "$SKIP_IPBLOCK" = 1 ] || check_dpi_ip_block $1 $4 + + [ "$SKIP_PKTWS" = 1 ] || { + echo + echo preparing $PKTWSD redirection + mdig_resolve_all $IPV ips $4 + pktws_ipt_prepare_tcp $2 "$ips" + + pktws_check_domain_http_bypass $1 $3 $4 + + echo clearing $PKTWSD redirection + pktws_ipt_unprepare_tcp $2 + } +} +check_domain_http_udp() +{ + # $1 - test function + # $2 - port + # $3 - domain + + local ips + + # in case was interrupted before + pktws_ipt_unprepare_udp $2 + ws_kill + + check_domain_prolog $1 $2 $3 || return + + [ "$SKIP_PKTWS" = 1 ] || { + echo + echo preparing $PKTWSD redirection + mdig_resolve_all $IPV ips $3 + pktws_ipt_prepare_udp $2 "$ips" + + pktws_check_domain_http3_bypass $1 $3 + + echo clearing $PKTWSD redirection + pktws_ipt_unprepare_udp $2 + } +} + + +check_domain_http() +{ + # $1 - domain + check_domain_http_tcp curl_test_http $HTTP_PORT 0 $1 +} +check_domain_https_tls12() +{ + # $1 - domain + check_domain_http_tcp curl_test_https_tls12 $HTTPS_PORT 1 $1 +} +check_domain_https_tls13() +{ + # $1 - domain + check_domain_http_tcp curl_test_https_tls13 $HTTPS_PORT 2 $1 +} +check_domain_http3() +{ + # $1 - domain + check_domain_http_udp curl_test_http3 $QUIC_PORT $1 +} + +configure_ip_version() +{ + if [ "$IPV" = 6 ]; then + LOCALHOST=::1 + LOCALHOST_IPT=[${LOCALHOST}] + IPVV=6 + else + IPTABLES=iptables + LOCALHOST=127.0.0.1 + LOCALHOST_IPT=$LOCALHOST + IPVV= + fi + IPTABLES=ip${IPVV}tables +} +configure_curl_opt() +{ + # wolfssl : --tlsv1.x mandates exact ssl version, tls-max not supported + # openssl : --tlsv1.x means "version equal or greater", tls-max supported + TLSMAX12= + TLSMAX13= + curl_supports_tlsmax && { + TLSMAX12="--tls-max 1.2" + TLSMAX13="--tls-max 1.3" + } + TLS13= + curl_supports_tls13 && TLS13=1 + HTTP3= + curl_supports_http3 && HTTP3=1 + + HTTPS_HEAD=-I + [ "$CURL_HTTPS_GET" = 1 ] && HTTPS_HEAD= +} + +linux_ipv6_defrag_can_be_disabled() +{ + linux_min_version 4 16 +} + +configure_defrag() +{ + IP6_DEFRAG_DISABLE= + + [ "$IPVS" = 4 ] && return + + [ "$UNAME" = "Linux" ] && { + linux_ipv6_defrag_can_be_disabled || { + echo "WARNING ! ipv6 defrag can only be effectively disabled in linux kernel 4.16+" + echo "WARNING ! ipv6 ipfrag tests are disabled" + echo + return + } + } + + case "$FWTYPE" in + iptables) + if ipt6_has_raw ; then + if ipt6_has_frag; then + IP6_DEFRAG_DISABLE=1 + else + echo "WARNING ! ip6tables does not have '-m frag' module, ipv6 ipfrag tests are disabled" + echo + fi + else + echo "WARNING ! ip6tables raw table is not available, ipv6 ipfrag tests are disabled" + echo + fi + [ -n "$IP6_DEFRAG_DISABLE" ] && { + local ipexe="$(readlink -f $(whichq ip6tables))" + if contains "$ipexe" nft; then + echo "WARNING ! ipv6 ipfrag tests may have no effect if ip6tables-nft is used. current ip6tables point to : $ipexe" + else + echo "WARNING ! ipv6 ipfrag tests may have no effect if ip6table_raw kernel module is not loaded with parameter : raw_before_defrag=1" + fi + echo + } + ;; + *) + IP6_DEFRAG_DISABLE=1 + ;; + esac +} + +ask_params() +{ + local d dirs more_dirs= + + echo + echo NOTE ! this test should be run with zapret or any other bypass software disabled, without VPN + echo + + curl_supports_connect_to || { + echo "installed curl does not support --connect-to option. pls install at least curl 7.49" + echo "current curl version:" + "$CURL" --version + exitp 1 + } + + [ -n "$TEST" ] || { + dir_is_not_empty "$BLOCKCHECK2D" || { + echo "directory '$BLOCKCHECK2D' is absent or empty" + exitp 1 + } + TEST="$TEST_DEFAULT" + [ "$BATCH" = 1 ] || { + for d in "$BLOCKCHECK2D"/* ; do + more_dirs=${dirs:+1} + [ -d "$d" ] && dirs="${dirs:+$dirs }$(basename "$d")" + done + [ -n "$dirs" ] || { + echo "no subdirs found in '$BLOCKCHECK2D'" + exitp 1 + } + if [ -z "$more_dirs" ]; then + TEST="$dirs" + else + echo "select test :" + ask_list TEST "$dirs" "$TEST" + fi + } + } + [ -d "$BLOCKCHECK2D/$TEST" ] || { + echo "directory '$BLOCKCHECK2D/$TEST' does not exist" + exitp 1 + } + + local dom + [ -n "$DOMAINS" ] || { + DOMAINS="$DOMAINS_DEFAULT" + [ "$BATCH" = 1 ] || { + echo "specify domain(s) to test. multiple domains are space separated. URIs are supported (rutracker.org/forum/index.php)" + printf "domain(s) (default: $DOMAINS) : " + read dom + [ -n "$dom" ] && DOMAINS="$dom" + } + } + DOMAINS_COUNT="$(echo "$DOMAINS" | wc -w | trim)" + + local IPVS_def=4 + [ -n "$IPVS" ] || { + # yandex public dns + pingtest 6 2a02:6b8::feed:0ff && IPVS_def=46 + [ "$BATCH" = 1 ] || { + printf "ip protocol version(s) - 4, 6 or 46 for both (default: $IPVS_def) : " + read IPVS + } + [ -n "$IPVS" ] || IPVS=$IPVS_def + [ "$IPVS" = 4 -o "$IPVS" = 6 -o "$IPVS" = 46 ] || { + echo 'invalid ip version(s). should be 4, 6 or 46.' + exitp 1 + } + } + [ "$IPVS" = 46 ] && IPVS="4 6" + + configure_curl_opt + + [ -n "$ENABLE_HTTP" ] || { + ENABLE_HTTP=1 + [ "$BATCH" = 1 ] || { + echo + ask_yes_no_var ENABLE_HTTP "check http" + } + } + + [ -n "$ENABLE_HTTPS_TLS12" ] || { + ENABLE_HTTPS_TLS12=1 + [ "$BATCH" = 1 ] || { + echo + ask_yes_no_var ENABLE_HTTPS_TLS12 "check https tls 1.2" + } + } + + [ -n "$ENABLE_HTTPS_TLS13" ] || { + ENABLE_HTTPS_TLS13=0 + if [ -n "$TLS13" ]; then + [ "$BATCH" = 1 ] || { + echo + echo "TLS 1.3 uses encrypted ServerHello. DPI cannot check domain name in server response." + echo "This can allow more bypass strategies to work." + echo "What works for TLS 1.2 will also work for TLS 1.3 but not vice versa." + echo "Most sites nowadays support TLS 1.3 but not all. If you can't find a strategy for TLS 1.2 use this test." + echo "TLS 1.3 only strategy is better than nothing." + ask_yes_no_var ENABLE_HTTPS_TLS13 "check https tls 1.3" + } + else + echo + echo "installed curl version does not support TLS 1.3 . tests disabled." + fi + } + + [ -n "$ENABLE_HTTP3" ] || { + ENABLE_HTTP3=0 + if [ -n "$HTTP3" ]; then + ENABLE_HTTP3=1 + [ "$BATCH" = 1 ] || { + echo + echo "make sure target domain(s) support QUIC or result will be negative in any case" + ask_yes_no_var ENABLE_HTTP3 "check http3 QUIC" + } + else + echo + echo "installed curl version does not support http3 QUIC. tests disabled." + fi + } + + [ -n "$REPEATS" ] || { + [ "$BATCH" = 1 ] || { + echo + echo "sometimes ISPs use multiple DPIs or load balancing. bypass strategies may work unstable." + printf "how many times to repeat each test (default: 1) : " + read REPEATS + } + REPEATS=$((0+${REPEATS:-1})) + [ "$REPEATS" = 0 ] && { + echo invalid repeat count + exitp 1 + } + } + [ -z "$PARALLEL" -a $REPEATS -gt 1 ] && { + PARALLEL=0 + [ "$BATCH" = 1 ] || { + echo + echo "parallel scan can greatly increase speed but may also trigger DDoS protection and cause false result" + ask_yes_no_var PARALLEL "enable parallel scan" + } + } + PARALLEL=${PARALLEL:-0} + + [ -n "$SCANLEVEL" ] || { + SCANLEVEL=standard + [ "$BATCH" = 1 ] || { + echo + echo quick - in multi-attempt mode skip further attempts after first failure + echo standard - do investigation what works on your DPI + echo force - scan maximum despite of result + ask_list SCANLEVEL "quick standard force" "$SCANLEVEL" + } + } + + echo + + configure_defrag +} + + + +ping_with_fix() +{ + local ret + $PING $2 $1 >/dev/null 2>/dev/null + ret=$? + # can be because of unsupported -4 option + if [ "$ret" = 2 -o "$ret" = 64 ]; then + ping $2 $1 >/dev/null + else + return $ret + fi +} + +pingtest() +{ + # $1 - ip version : 4 or 6 + # $2 - domain or ip + + # ping command can vary a lot. some implementations have -4/-6 options. others don.t + + local PING=ping ret + if [ "$1" = 6 ]; then + if exists ping6; then + PING=ping6 + else + PING="ping -6" + fi + else + if [ "$UNAME" = FreeBSD -o "$UNAME" = OpenBSD ]; then + # ping by default pings ipv4, ping6 only pings ipv6 + # in FreeBSD -4/-6 options are supported, in others not + PING=ping + else + # this can be linux or cygwin + # in linux it's not possible for sure to figure out if it supports -4/-6. only try and check for result code=2 (invalid option) + PING="ping -4" + fi + fi + case "$UNAME" in + OpenBSD) + $PING -c 1 -w 1 $2 >/dev/null + ;; + CYGWIN) + if starts_with "$(which ping)" /cygdrive; then + # cygwin does not have own ping by default. use windows PING. + $PING -n 1 -w 1000 $2 >/dev/null + else + ping_with_fix $2 '-c 1 -w 1' + fi + ;; + *) + ping_with_fix $2 '-c 1 -W 1' + ;; + esac +} +dnstest() +{ + # $1 - dns server. empty for system resolver + "$LOOKUP" iana.org $1 >/dev/null 2>/dev/null +} +find_working_public_dns() +{ + local dns + for dns in $DNSCHECK_DNS; do + pingtest 4 $dns && dnstest $dns && { + PUBDNS=$dns + return 0 + } + done + return 1 +} +lookup4() +{ + # $1 - domain + # $2 - DNS + case "$LOOKUP" in + nslookup) + if is_linked_to_busybox nslookup; then + nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^.*:[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p' + else + nslookup $1 $2 2>/dev/null | sed -e '1,3d' -nre 's/^[^0-9]*(([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p' + fi + ;; + host) + host -t A $1 $2 | grep "has address" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' + ;; + esac +} +check_dns_spoof() +{ + # $1 - domain + # $2 - public DNS + + # windows version of mdig outputs 0D0A line ending. remove 0D. + echo $1 | "$MDIG" --family=4 | tr -d '\r' >"$DNSCHECK_DIG1" + lookup4 $1 $2 >"$DNSCHECK_DIG2" + # check whether system resolver returns anything other than public DNS + grep -qvFf "$DNSCHECK_DIG2" "$DNSCHECK_DIG1" +} +check_dns_cleanup() +{ + rm -f "$DNSCHECK_DIG1" "$DNSCHECK_DIG2" "$DNSCHECK_DIGS" 2>/dev/null +} +check_dns_() +{ + local C1 C2 dom + + DNS_IS_SPOOFED=0 + + [ "$SKIP_DNSCHECK" = 1 ] && return 0 + + echo \* checking DNS + + [ -f "$DNSCHECK_DIGS" ] && rm -f "$DNSCHECK_DIGS" + + dnstest || { + echo -- DNS is not working. It's either misconfigured or blocked or you don't have inet access. + return 1 + } + echo system DNS is working + + if find_working_public_dns ; then + echo comparing system resolver to public DNS : $PUBDNS + for dom in $DNSCHECK_DOM; do + if check_dns_spoof $dom $PUBDNS ; then + echo $dom : MISMATCH + echo -- system resolver : + cat "$DNSCHECK_DIG1" + echo -- $PUBDNS : + cat "$DNSCHECK_DIG2" + check_dns_cleanup + echo -- POSSIBLE DNS HIJACK DETECTED. ZAPRET WILL NOT HELP YOU IN CASE DNS IS SPOOFED !!! + echo -- DNS CHANGE OR DNSCRYPT MAY BE REQUIRED + DNS_IS_SPOOFED=1 + return 1 + else + echo $dom : OK + cat "$DNSCHECK_DIG1" >>"$DNSCHECK_DIGS" + fi + done + else + echo no working public DNS was found. looks like public DNS blocked. + for dom in $DNSCHECK_DOM; do echo $dom; done | "$MDIG" --threads=10 --family=4 >"$DNSCHECK_DIGS" + fi + + echo "checking resolved IP uniqueness for : $DNSCHECK_DOM" + echo "censor's DNS can return equal result for multiple blocked domains." + C1=$(wc -l <"$DNSCHECK_DIGS") + C2=$(sort -u "$DNSCHECK_DIGS" | wc -l) + [ "$C1" -eq 0 ] && + { + echo -- DNS is not working. It's either misconfigured or blocked or you don't have inet access. + check_dns_cleanup + return 1 + } + [ "$C1" = "$C2" ] || + { + echo system dns resolver has returned equal IPs for some domains checked above \($C1 total, $C2 unique\) + echo non-unique IPs : + sort "$DNSCHECK_DIGS" | uniq -d + echo -- POSSIBLE DNS HIJACK DETECTED. ZAPRET WILL NOT HELP YOU IN CASE DNS IS SPOOFED !!! + echo -- DNSCRYPT MAY BE REQUIRED + check_dns_cleanup + DNS_IS_SPOOFED=1 + return 1 + } + echo all resolved IPs are unique + echo -- DNS looks good + echo -- NOTE this check is Russia targeted. In your country other domains may be blocked. + check_dns_cleanup + return 0 +} + +check_dns() +{ + local r + check_dns_ + r=$? + [ "$DNS_IS_SPOOFED" = 1 ] && SECURE_DNS=${SECURE_DNS:-1} + [ "$SECURE_DNS" = 1 ] && { + doh_find_working || { + echo could not find working DoH server. exiting. + exitp 7 + } + } + return $r +} + +unprepare_all() +{ + # make sure we are not in a middle state that impacts connectivity + ws_kill + wait + [ -n "$IPV" ] && { + pktws_ipt_unprepare_tcp $HTTP_PORT + pktws_ipt_unprepare_tcp $HTTPS_PORT + pktws_ipt_unprepare_udp $QUIC_PORT + } + cleanup + rm -f "${HDRTEMP}"* "${PARALLEL_OUT}"* +} +sigint() +{ + echo + echo terminating... + unprepare_all + exitp 1 +} +sigint_cleanup() +{ + cleanup + exit 1 +} +sigsilent() +{ + # must not write anything here to stdout + unprepare_all + exit 1 +} + +fsleep_setup +fix_sbin_path +check_system +check_already +[ "$UNAME" != CYGWIN -a "$SKIP_PKTWS" != 1 ] && require_root +check_prerequisites +trap sigint_cleanup INT +check_dns +check_virt +ask_params +trap - INT + +PID= +NREPORT= +unset WF +trap sigint INT +trap sigsilent PIPE +trap sigsilent HUP +for dom in $DOMAINS; do + for IPV in $IPVS; do + configure_ip_version + [ "$ENABLE_HTTP" = 1 ] && { + [ "$SKIP_IPBLOCK" = 1 ] || check_domain_port_block $dom $HTTP_PORT + check_domain_http $dom + } + [ "$ENABLE_HTTPS_TLS12" = 1 -o "$ENABLE_HTTPS_TLS13" = 1 ] && [ "$SKIP_IPBLOCK" != 1 ] && check_domain_port_block $dom $HTTPS_PORT + [ "$ENABLE_HTTPS_TLS12" = 1 ] && check_domain_https_tls12 $dom + [ "$ENABLE_HTTPS_TLS13" = 1 ] && check_domain_https_tls13 $dom + [ "$ENABLE_HTTP3" = 1 ] && check_domain_http3 $dom + done +done +trap - HUP +trap - PIPE +trap - INT + +cleanup + +echo +echo \* SUMMARY +report_print +[ "$DOMAINS_COUNT" -gt 1 ] && { + echo + echo \* COMMON + result_intersection_print + echo + [ "$SCANLEVEL" = force ] || { + echo "blockcheck optimizes test sequence. To save time some strategies can be skipped if their test is considered useless." + echo "That's why COMMON intersection can miss strategies that would work for all domains." + echo "Use \"force\" scan level to test all strategies and generate trustable intersection." + echo "Current scan level was \"$SCANLEVEL\"". + } +} +echo +echo "Please note this SUMMARY does not guarantee a magic pill for you to copy/paste and be happy." +echo "Understanding how strategies work is very desirable." +echo "This knowledge allows to understand better which strategies to prefer and which to avoid if possible, how to combine strategies." +echo "Blockcheck does it's best to prioritize good strategies but it's not bullet-proof." +echo "It was designed not as magic pill maker but as a DPI bypass test tool." + +exitp 0 diff --git a/blockcheck/zapret2/blog.sh b/blockcheck/zapret2/blog.sh new file mode 100644 index 0000000..8889358 --- /dev/null +++ b/blockcheck/zapret2/blog.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +EXEDIR="$(dirname "$0")" +EXEDIR="$(cd "$EXEDIR"; pwd)" + +"$EXEDIR/blockcheck2.sh" 2>&1 | tee "$EXEDIR/../blockcheck2.log" +# windows 7 notepad does not view unix EOL correctly +unix2dos "$EXEDIR/../blockcheck2.log" diff --git a/blockcheck/zapret2/blog_kyber.sh b/blockcheck/zapret2/blog_kyber.sh new file mode 100644 index 0000000..a7bd700 --- /dev/null +++ b/blockcheck/zapret2/blog_kyber.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +EXEDIR="$(dirname "$0")" +EXEDIR="$(cd "$EXEDIR"; pwd)" + +CURL=curl-kyber exec "$EXEDIR/blog.sh" diff --git a/blockcheck/zapret2/common/base.sh b/blockcheck/zapret2/common/base.sh new file mode 100644 index 0000000..83d9d8c --- /dev/null +++ b/blockcheck/zapret2/common/base.sh @@ -0,0 +1,459 @@ +which() +{ + # on some systems 'which' command is considered deprecated and not installed by default + # 'command -v' replacement does not work exactly the same way. it outputs shell aliases if present + # $1 - executable name + local IFS=: + [ "$1" != "${1#/}" ] && [ -x "$1" ] && { + echo "$1" + return 0 + } + for p in $PATH; do + [ -x "$p/$1" ] && { + echo "$p/$1" + return 0 + } + done + return 1 +} +exists() +{ + which "$1" >/dev/null 2>/dev/null +} +existf() +{ + type "$1" >/dev/null 2>/dev/null +} +whichq() +{ + which $1 2>/dev/null +} +exist_all() +{ + while [ -n "$1" ]; do + exists "$1" || return 1 + shift + done + return 0 +} +on_off_function() +{ + # $1 : function name on + # $2 : function name off + # $3 : 0 - off, 1 - on + local F="$1" + [ "$3" = "1" ] || F="$2" + shift + shift + shift + "$F" "$@" +} +contains() +{ + # check if substring $2 contains in $1 + [ "${1#*$2}" != "$1" ] +} +starts_with() +{ + # $1 : what + # $2 : starts with + case "$1" in + "$2"*) + return 0 + ;; + esac + return 1 +} +extract_arg() +{ + # $1 - arg number + # $2,$3,... - args + local n=$1 + while [ -n "$1" ]; do + shift + [ $n -eq 1 ] && { echo "$1"; return 0; } + n=$(($n-1)) + done + return 1 +} +find_str_in_list() +{ + # $1 - string + # $2 - space separated values + local v + [ -n "$1" ] && { + for v in $2; do + [ "$v" = "$1" ] && return 0 + done + } + return 1 +} +end_with_newline() +{ + local c="$(tail -c 1)" + [ "$c" = "" ] +} +trim() +{ + awk '{gsub(/^ +| +$/,"")}1' +} +split_by_separator() +{ + # $1 - string + # $2 - separator + # $3 - var name to get "before" part + # $4 - var name to get "after" part + local before="${1%%$2*}" + local after="${1#*$2}" + [ "$after" = "$1" ] && after= + [ -n "$3" ] && eval $3="\$before" + [ -n "$4" ] && eval $4="\$after" +} +tolower() +{ + echo "$@" | tr 'A-Z' 'a-z' +} + +dir_is_not_empty() +{ + # $1 - directory + local n + [ -d "$1" ] || return 1 + n=$(ls "$1" | wc -c | xargs) + [ "$n" != 0 ] +} + +append_separator_list() +{ + # $1 - var name to receive result + # $2 - separator + # $3 - quoter + # $4,$5,... - elements + local _var="$1" sep="$2" quo="$3" i + + eval i="\$$_var" + shift; shift; shift + while [ -n "$1" ]; do + if [ -n "$i" ] ; then + i="$i$sep$quo$1$quo" + else + i="$quo$1$quo" + fi + shift + done + eval $_var="\$i" +} +make_separator_list() +{ + eval $1='' + append_separator_list "$@" +} +make_comma_list() +{ + # $1 - var name to receive result + # $2,$3,... - elements + local var="$1" + shift + make_separator_list $var , '' "$@" +} +make_quoted_comma_list() +{ + # $1 - var name to receive result + # $2,$3,... - elements + local var="$1" + shift + make_separator_list $var , '"' "$@" +} +unique() +{ + local i + for i in "$@"; do echo $i; done | sort -u | xargs +} + +is_linked_to_busybox() +{ + local IFS F P + + IFS=: + for path in $PATH; do + F=$path/$1 + P="$(readlink $F)" + if [ -z "$P" ] && [ -x $F ] && [ ! -L $F ]; then return 1; fi + [ "${P%busybox*}" != "$P" ] && return + done +} +get_dir_inode() +{ + local dir="$1" + [ -L "$dir" ] && dir=$(readlink "$dir") + ls -id "$dir" | awk '{print $1}' +} + +linux_min_version() +{ + # $1 - major ver + # $2 - minor ver + local V1=$(sed -nre 's/^Linux version ([0-9]+)\.[0-9]+.*$/\1/p' /proc/version) + local V2=$(sed -nre 's/^Linux version [0-9]+\.([0-9]+).*$/\1/p' /proc/version) + [ -n "$V1" -a -n "$V2" ] && [ "$V1" -gt "$1" -o "$V1" -eq "$1" -a "$V2" -ge "$2" ] +} +linux_get_subsys() +{ + local INIT="$(sed 's/\x0/\n/g' /proc/1/cmdline | head -n 1)" + + [ -L "$INIT" ] && INIT=$(readlink "$INIT") + INIT="$(basename "$INIT")" + if [ -f "/etc/openwrt_release" ] && [ "$INIT" = "procd" ] ; then + SUBSYS=openwrt + elif [ -x "/bin/ndm" ] ; then + SUBSYS=keenetic + else + # generic linux + SUBSYS= + fi +} +openwrt_fw3() +{ + [ ! -x /sbin/fw4 -a -x /sbin/fw3 ] +} +openwrt_fw4() +{ + [ -x /sbin/fw4 ] +} +openwrt_fw3_integration() +{ + [ "$FWTYPE" = iptables ] && openwrt_fw3 +} + +create_dev_stdin() +{ + [ -e /dev/stdin ] || ln -s /proc/self/fd/0 /dev/stdin +} + +call_for_multiple_items() +{ + # $1 - function to get an item + # $2 - variable name to put result into + # $3 - space separated parameters to function $1 + + local i item items + for i in $3; do + $1 item $i + [ -n "$item" ] && { + if [ -n "$items" ]; then + items="$items $item" + else + items="$item" + fi + } + done + eval $2=\"$items\" +} + +fix_sbin_path() +{ + local IFS=':' + printf "%s\n" $PATH | grep -Fxq '/usr/sbin' || PATH="/usr/sbin:$PATH" + printf "%s\n" $PATH | grep -Fxq '/sbin' || PATH="/sbin:$PATH" + export PATH +} + +# it can calculate floating point expr +calc() +{ + LC_ALL=C awk "BEGIN { print $*}"; +} + +fsleep_setup() +{ + [ -n "$FSLEEP" ] || { + if sleep 0.001 2>/dev/null; then + FSLEEP=1 + elif busybox usleep 1 2>/dev/null; then + FSLEEP=2 + else + local errtext="$(read -t 0.001 2>&1)" + if [ -z "$errtext" ]; then + FSLEEP=3 + # newer openwrt has ucode with system function that supports timeout in ms + elif ucode -e "system(['sleep','1'], 1)" 2>/dev/null; then + FSLEEP=4 + # older openwrt may have lua and nixio lua module + elif lua -e 'require "nixio".nanosleep(0,1)' 2>/dev/null ; then + FSLEEP=5 + else + FSLEEP=0 + fi + fi + } +} +msleep() +{ + # $1 - milliseconds + case "$FSLEEP" in + 1) + sleep $(calc $1/1000) + ;; + 2) + busybox usleep $(calc $1*1000) + ;; + 3) + read -t $(calc $1/1000) + ;; + 4) + ucode -e "system(['sleep','2147483647'], $1)" + ;; + 5) + lua -e "require 'nixio'.nanosleep($(($1/1000)),$(calc $1%1000*1000000))" + ;; + *) + sleep $((($1+999)/1000)) + esac +} +minsleep() +{ + msleep 100 +} + +replace_char() +{ + local a="$1" + local b="$2" + shift; shift + echo "$@" | tr "$a" "$b" +} + +replace_str() +{ + local a=$(echo "$1" | sed 's/\//\\\//g') + local b=$(echo "$2" | sed 's/\//\\\//g') + shift; shift + echo "$@" | sed "s/$a/$b/g" +} + +setup_md5() +{ + [ -n "$MD5" ] && return + MD5=md5sum + exists $MD5 || MD5=md5 +} + +md5f() +{ + setup_md5 + $MD5 | cut -d ' ' -f1 +} + +setup_random() +{ + [ -n "$RCUT" ] && return + RCUT="cut -c 1-17" + # some shells can operate with 32 bit signed int + [ $((0x100000000)) = 0 ] && RCUT="cut -c 1-9" +} + +random() +{ + # $1 - min, $2 - max + local r rs + setup_random + if [ -c /dev/urandom ]; then + read rs /dev/null + elif exists pidof; then + pidof $1 >/dev/null + else + return 1 + fi +} + +win_process_exists() +{ + tasklist /NH /FI "IMAGENAME eq ${1}.exe" | grep -q "^${1}.exe" +} + +alloc_num() +{ + # $1 - source var name + # $2 - target var name + # $3 - min + # $4 - max + + local v + eval v="\$$2" + # do not replace existing value + [ -n "$v" ] && return + eval v="\$$1" + [ -n "$v" ] || v=$3 + eval $2="$v" + v=$((v + 1)) + [ $v -gt $4 ] && v=$3 + eval $1="$v" +} + +std_ports() +{ + NFQWS2_PORTS_TCP_IPT=$(replace_char - : $NFQWS2_PORTS_TCP) + NFQWS2_PORTS_TCP_KEEPALIVE_IPT=$(replace_char - : $NFQWS2_PORTS_TCP_KEEPALIVE) + NFQWS2_PORTS_UDP_IPT=$(replace_char - : $NFQWS2_PORTS_UDP) + NFQWS2_PORTS_UDP_KEEPALIVE_IPT=$(replace_char - : $NFQWS2_PORTS_UDP_KEEPALIVE) +} + +has_bad_ws_options() +{ + # $1 - nfqws2 opts + + contains "$1" "--ipset" && { + echo + echo "WARNING !!! --ipset parameter is present" + echo "It's OK if you only specialize already redirected traffic and also process the rest." + echo "If you redirect port X to process several IPs from the list and do nothing with the rest - IT'S VERY INEFFECTIVE !" + echo "Kernel ipsets should be used instead. Write custom scripts and filter IPs in kernel." + echo + } + + return 1 +} +check_bad_ws_options() +{ + # $1 - 0 = stop, 1 = start + # $2 - nfqws options + if [ "$1" = 1 ] && has_bad_ws_options "$2"; then + echo "!!! REFUSING TO USE BAD OPTIONS : $2" + help_bad_ws_options + return 1 + else + return 0 + fi +} +help_bad_ws_options() +{ + echo "WARNING ! BAD options detected" +} diff --git a/blockcheck/zapret2/common/dialog.sh b/blockcheck/zapret2/common/dialog.sh new file mode 100644 index 0000000..0cb3890 --- /dev/null +++ b/blockcheck/zapret2/common/dialog.sh @@ -0,0 +1,58 @@ +read_yes_no() +{ + # $1 - default (Y/N) + local A + read A + [ -z "$A" ] || ([ "$A" != "Y" ] && [ "$A" != "y" ] && [ "$A" != "N" ] && [ "$A" != "n" ]) && A=$1 + [ "$A" = "Y" ] || [ "$A" = "y" ] || [ "$A" = "1" ] +} +ask_yes_no() +{ + # $1 - default (Y/N or 0/1) + # $2 - text + local DEFAULT=$1 + [ "$1" = "1" ] && DEFAULT=Y + [ "$1" = "0" ] && DEFAULT=N + [ -z "$DEFAULT" ] && DEFAULT=N + printf "$2 (default : $DEFAULT) (Y/N) ? " + read_yes_no $DEFAULT +} +ask_yes_no_var() +{ + # $1 - variable name for answer : 0/1 + # $2 - text + local DEFAULT + eval DEFAULT="\$$1" + if ask_yes_no "$DEFAULT" "$2"; then + eval $1=1 + else + eval $1=0 + fi +} +ask_list() +{ + # $1 - mode var + # $2 - space separated value list + # $3 - (optional) default value + local M_DEFAULT + eval M_DEFAULT="\$$1" + local M_ALL=$M_DEFAULT + local M="" + local m + + [ -n "$3" ] && { find_str_in_list "$M_DEFAULT" "$2" || M_DEFAULT="$3" ;} + + n=1 + for m in $2; do + echo $n : $m + n=$(($n+1)) + done + printf "your choice (default : $M_DEFAULT) : " + read m + [ -n "$m" ] && M=$(echo $2 | cut -d ' ' -f$m 2>/dev/null) + [ -z "$M" ] && M="$M_DEFAULT" + echo selected : $M + eval $1="\"$M\"" + + [ "$M" != "$M_OLD" ] +} diff --git a/blockcheck/zapret2/common/elevate.sh b/blockcheck/zapret2/common/elevate.sh new file mode 100644 index 0000000..bc86a96 --- /dev/null +++ b/blockcheck/zapret2/common/elevate.sh @@ -0,0 +1,28 @@ +require_root() +{ + local exe preserve_env + echo \* checking privileges + [ $(id -u) -ne "0" ] && { + echo root is required + exe="$EXEDIR/$(basename "$0")" + exists sudo && { + echo elevating with sudo + exec sudo -E sh "$exe" + } + exists su && { + echo elevating with su + case "$UNAME" in + Linux) + preserve_env="--preserve-environment" + ;; + FreeBSD|OpenBSD|Darwin) + preserve_env="-m" + ;; + esac + exec su $preserve_env root -c "sh \"$exe\"" + } + echo su or sudo not found + exitp 2 + } + HAVE_ROOT=1 +} diff --git a/blockcheck/zapret2/common/fwtype.sh b/blockcheck/zapret2/common/fwtype.sh new file mode 100644 index 0000000..61390bb --- /dev/null +++ b/blockcheck/zapret2/common/fwtype.sh @@ -0,0 +1,64 @@ +linux_ipt_avail() +{ + exists iptables && exists ip6tables +} +linux_maybe_iptables_fwtype() +{ + linux_ipt_avail && FWTYPE=iptables +} +linux_nft_avail() +{ + exists nft +} +linux_fwtype() +{ + [ -n "$FWTYPE" ] && return + + FWTYPE=unsupported + + linux_get_subsys + if [ "$SUBSYS" = openwrt ] ; then + # linux kernel is new enough if fw4 is there + if [ -x /sbin/fw4 ] && linux_nft_avail ; then + FWTYPE=nftables + else + linux_maybe_iptables_fwtype + fi + else + SUBSYS= + # generic linux + # flowtable is implemented since kernel 4.16 + if linux_nft_avail && linux_min_version 4 16; then + FWTYPE=nftables + else + linux_maybe_iptables_fwtype + fi + fi + + export FWTYPE +} + +get_fwtype() +{ + [ -n "$FWTYPE" ] && return + + local UNAME="$(uname)" + + case "$UNAME" in + Linux) + linux_fwtype + ;; + FreeBSD) + if exists ipfw ; then + FWTYPE=ipfw + else + FWTYPE=unsupported + fi + ;; + *) + FWTYPE=unsupported + ;; + esac + + export FWTYPE +} diff --git a/blockcheck/zapret2/common/virt.sh b/blockcheck/zapret2/common/virt.sh new file mode 100644 index 0000000..6e566d6 --- /dev/null +++ b/blockcheck/zapret2/common/virt.sh @@ -0,0 +1,39 @@ +get_virt() +{ + local vm s v UNAME + UNAME=$(uname) + case "$UNAME" in + Linux) + if exists systemd-detect-virt; then + vm=$(systemd-detect-virt --vm) + elif [ -f /sys/class/dmi/id/product_name ]; then + read s - set tcp flags in comma separated list +* tcp_flags_unset= - unset tcp flags in comma separated list +* tcp_ts_up - move timestamp tcp option to the top if present (workaround for badack without badseq fooling) + +* fool=fool_function - custom fooling function : fool_func(dis, fooling_options) + +standard reconstruct : + +* badsum - make L4 checksum invalid + +standard rawsend : + +* repeats - how many time send the packet +* ifout - override outbound interface (if --bind_fix4, --bind-fix6 enabled) +* fwmark - override fwmark. desync mark bit(s) will be set unconditionally + +standard payload : + +* payload - comma separarated list of allowed payload types. if not present - allow non-empty known payloads. + +standard ip_id : + +* ip_id - seq|rnd|zero|none +* ip_id_conn - in 'seq' mode save current ip_id in track.lua_state to use it between packets + +standard ipfrag : + +* ipfrag[=frag_function] - ipfrag function name. "ipfrag2" by default if empty +* ipfrag_disorder - send fragments from last to first +* ipfrag2 : ipfrag_pos_udp - udp frag position. ipv4 : starting from L4 header. ipb6: starting from fragmentable part. must be multiple of 8. default 8 +* ipfrag2 : ipfrag_pos_tcp - tcp frag position. ipv4 : starting from L4 header. ipb6: starting from fragmentable part. must be multiple of 8. default 32 +* ipfrag2 : ipfrag_next - next protocol field in ipv6 fragment extenstion header of the second fragment. same as first by default. + +]] + + +-- drop packet +-- standard args : direction, payload +function drop(ctx, desync) + direction_cutoff_opposite(ctx, desync, "any") + if direction_check(desync, "any") and payload_check(desync,"all") then + DLOG("drop") + return VERDICT_DROP + end +end + +-- nfqws1 : "--dup" +-- standard args : direction, fooling, ip_id, ipfrag, rawsend, reconstruct +function send(ctx, desync) + direction_cutoff_opposite(ctx, desync, "any") + if direction_check(desync, "any") then + DLOG("send") + local dis = deepcopy(desync.dis) + apply_fooling(desync, dis) + apply_ip_id(desync, dis, nil, "none") + -- it uses rawsend, reconstruct and ipfrag options + rawsend_dissect_ipfrag(dis, desync_opts(desync)) + end +end + +-- nfqws1 : "--orig" +-- apply modification to current packet +-- standard args : direction, fooling, ip_id +function pktmod(ctx, desync) + direction_cutoff_opposite(ctx, desync, "any") + if direction_check(desync, "any") then + -- apply to current packet + apply_fooling(desync) + apply_ip_id(desync, nil, nil, "none") + DLOG("pktmod: applied") + return VERDICT_MODIFY + end +end + +-- nfqws1 : "--domcase" +-- standard args : direction +function http_domcase(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + if desync.l7payload=="http_req" and direction_check(desync) then + local host_range = resolve_multi_pos(desync.dis.payload,desync.l7payload,"host,endhost") + if #host_range == 2 then + local host = string.sub(desync.dis.payload,host_range[1],host_range[2]-1) + local newhost="", i + for i = 1, #host do + newhost=newhost..((i%2)==0 and string.lower(string.sub(host,i,i)) or string.upper(string.sub(host,i,i))) + end + DLOG("http_domcase: "..host.." => "..newhost) + desync.dis.payload = string.sub(desync.dis.payload, 1, host_range[1]-1)..newhost..string.sub(desync.dis.payload, host_range[2]) + return VERDICT_MODIFY + else + DLOG("http_domcase: cannot find host range") + end + end +end + +-- nfqws1 : "--hostcase" +-- standard args : direction +-- arg : spell= . spelling of the "Host" header. must be exactly 4 chars long +function http_hostcase(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + if desync.l7payload=="http_req" and direction_check(desync) then + local spell = desync.arg.spell or "host" + if #spell ~= 4 then + error("http_hostcase: invalid host spelling '"..spell.."'") + else + local hdis = http_dissect_req(desync.dis.payload) + if hdis.headers.host then + DLOG("http_hostcase: 'Host:' => '"..spell.."'") + desync.dis.payload = string.sub(desync.dis.payload,1,hdis.headers.host.pos_start-1)..spell..string.sub(desync.dis.payload,hdis.headers.host.pos_header_end+1) + return VERDICT_MODIFY + else + DLOG("http_hostcase: 'Host:' header not found") + end + end + end +end + +-- nfqws1 : "--methodeol" +-- standard args : direction +function http_methodeol(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + if desync.l7payload=="http_req" and direction_check(desync) then + local hdis = http_dissect_req(desync.dis.payload) + local ua = hdis.headers["user-agent"] + if ua then + if (ua.pos_end - ua.pos_value_start) < 2 then + DLOG("http_methodeol: 'User-Agent:' header is too short") + else + DLOG("http_methodeol: applied") + desync.dis.payload="\r\n"..string.sub(desync.dis.payload,1,ua.pos_end-2)..(string.sub(desync.dis.payload,ua.pos_end+1) or ""); + return VERDICT_MODIFY + end + else + DLOG("http_methodeol: 'User-Agent:' header not found") + end + end +end + +-- nfqws1 : "--synack-split" +-- standard args : rawsend, reconstruct, ipfrag +-- arg : mode=syn|synack|acksyn . "synack" by default +function synack_split(ctx, desync) + if desync.dis.tcp then + if bitand(desync.dis.tcp.th_flags, TH_SYN + TH_ACK) == (TH_SYN + TH_ACK) then + local mode = desync.arg.mode or "synack" + local options = desync_opts(desync) + if mode=="syn" then + local dis = deepcopy(desync.dis) + dis.tcp.th_flags = bitand(desync.dis.tcp.th_flags, bitnot(TH_ACK)) + DLOG("synack_split: sending SYN") + if not rawsend_dissect_ipfrag(dis, options) then return VERDICT_PASS end + return VERDICT_DROP + elseif mode=="synack" then + local dis = deepcopy(desync.dis) + dis.tcp.th_flags = bitand(desync.dis.tcp.th_flags, bitnot(TH_ACK)) + DLOG("synack_split: sending SYN") + if not rawsend_dissect_ipfrag(dis, options) then return VERDICT_PASS end + dis.tcp.th_flags = bitand(desync.dis.tcp.th_flags, bitnot(TH_SYN)) + DLOG("synack_split: sending ACK") + if not rawsend_dissect_ipfrag(dis, options) then return VERDICT_PASS end + return VERDICT_DROP + elseif mode=="acksyn" then + local dis = deepcopy(desync.dis) + dis.tcp.th_flags = bitand(desync.dis.tcp.th_flags, bitnot(TH_SYN)) + DLOG("synack_split: sending ACK") + if not rawsend_dissect_ipfrag(dis, options) then return VERDICT_PASS end + dis.tcp.th_flags = bitand(desync.dis.tcp.th_flags, bitnot(TH_ACK)) + DLOG("synack_split: sending SYN") + if not rawsend_dissect_ipfrag(dis, options) then return VERDICT_PASS end + return VERDICT_DROP + else + error("synack_split: bad mode '"..mode.."'") + end + else + instance_cutoff_shim(ctx, desync) -- mission complete + end + else + instance_cutoff_shim(ctx, desync) + end +end + +-- nfqws1 : "--dpi-desync=synack" +-- standard args : rawsend, reconstruct, ipfrag +function synack(ctx, desync) + if desync.dis.tcp then + if bitand(desync.dis.tcp.th_flags, TH_SYN + TH_ACK)==TH_SYN then + local dis = deepcopy(desync.dis) + dis.tcp.th_flags = bitor(dis.tcp.th_flags, TH_ACK) + DLOG("synack: sending") + rawsend_dissect_ipfrag(dis, desync_opts(desync)) + else + instance_cutoff_shim(ctx, desync) -- mission complete + end + else + instance_cutoff_shim(ctx, desync) + end +end + + +-- nfqws1 : "--wsize" +-- arg : wsize=N . tcp window size +-- arg : scale=N . tcp option scale factor +function wsize(ctx, desync) + if desync.dis.tcp then + if bitand(desync.dis.tcp.th_flags, TH_SYN + TH_ACK) == (TH_SYN + TH_ACK) then + if wsize_rewrite(desync.dis, desync.arg) then + return VERDICT_MODIFY + end + else + instance_cutoff_shim(ctx, desync) -- mission complete + end + else + instance_cutoff_shim(ctx, desync) + end +end + +-- nfqws1 : "--wssize" +-- standard args : direction +-- arg : wsize=N . tcp window size +-- arg : scale=N . tcp option scale factor +-- arg : forced_cutoff= - comma separated list of payloads that trigger forced wssize cutoff. by default - any non-empty payload +function wssize(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + local verdict = VERDICT_PASS + direction_cutoff_opposite(ctx, desync) + if direction_check(desync) then + if wsize_rewrite(desync.dis, desync.arg) then + verdict = VERDICT_MODIFY + end + if #desync.dis.payload>0 and (not desync.arg.forced_cutoff or in_list(desync.arg.forced_cutoff, desync.l7payload)) then + DLOG("wssize: forced cutoff") + instance_cutoff_shim(ctx, desync) + end + end + return verdict +end + +-- nfqws1 : "--dpi-desync=syndata" +-- standard args : fooling, rawsend, reconstruct, ipfrag +-- arg : blob= - fake payload. must fit to single packet. no segmentation possible. default - 16 zero bytes. +-- arg : tls_mod= - comma separated list of tls mods : rnd,rndsni,sni=. sni=%var is supported +function syndata(ctx, desync) + if desync.dis.tcp then + if bitand(desync.dis.tcp.th_flags, TH_SYN + TH_ACK)==TH_SYN then + local dis = deepcopy(desync.dis) + dis.payload = blob(desync, desync.arg.blob, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") + apply_fooling(desync, dis) + if desync.arg.tls_mod then + dis.payload = tls_mod_shim(desync, dis.payload, desync.arg.tls_mod, nil) + end + if b_debug then DLOG("syndata: "..hexdump_dlog(dis.payload)) end + if rawsend_dissect_ipfrag(dis, desync_opts(desync)) then + return VERDICT_DROP + end + else + instance_cutoff_shim(ctx, desync) -- mission complete + end + else + instance_cutoff_shim(ctx, desync) + end +end + +-- nfqws1 : "--dpi-desync=rst" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct, ipfrag +-- arg : rstack - send RST,ACK instead of RST +function rst(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + if direction_check(desync, "any") and payload_check(desync) then + if replay_first(desync) then + local dis = deepcopy(desync.dis) + dis.payload = "" + dis.tcp.th_flags = TH_RST + (desync.arg.rstack and TH_ACK or 0) + apply_fooling(desync, dis) + apply_ip_id(desync, dis, nil, "none") + DLOG("rst") + -- it uses rawsend, reconstruct and ipfrag options + rawsend_dissect_ipfrag(dis, desync_opts(desync)) + else + DLOG("rst: not acting on further replay pieces") + end + end +end + +-- nfqws1 : "--dpi-desync=fake" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct, ipfrag +-- arg : blob= - fake payload +-- arg : tls_mod= - comma separated list of tls mods : rnd,rndsni,sni=,dupsid,padencap . sni=%var is supported +function fake(ctx, desync) + direction_cutoff_opposite(ctx, desync) + -- by default process only outgoing known payloads + if direction_check(desync) and payload_check(desync) then + if replay_first(desync) then + if not desync.arg.blob then + error("fake: 'blob' arg required") + end + local fake_payload = blob(desync, desync.arg.blob) + if desync.reasm_data and desync.arg.tls_mod then + fake_payload = tls_mod_shim(desync, fake_payload, desync.arg.tls_mod, desync.reasm_data) + end + -- check debug to save CPU + if b_debug then DLOG("fake: "..hexdump_dlog(fake_payload)) end + rawsend_payload_segmented(desync,fake_payload) + else + DLOG("fake: not acting on further replay pieces") + end + end +end + +-- nfqws1 : "--dpi-desync=multisplit" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct, ipfrag +-- arg : pos= . position marker list. for example : "1,host,midsld+1,-10" +-- arg : seqovl=N . decrease seq number of the first segment by N and fill N bytes with pattern (default - all zero) +-- arg : seqovl_pattern= . override pattern +-- arg : blob= - use this data instead of desync.dis.payload +-- arg : nodrop - do not drop current dissect +function multisplit(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + -- by default process only outgoing known payloads + local data = blob_or_def(desync, desync.arg.blob) or desync.reasm_data or desync.dis.payload + if #data>0 and direction_check(desync) and payload_check(desync) then + if replay_first(desync) then + local spos = desync.arg.pos or "2" + -- check debug to save CPU + if b_debug then DLOG("multisplit: split pos: "..spos) end + local pos = resolve_multi_pos(data, desync.l7payload, spos) + if b_debug then DLOG("multisplit: resolved split pos: "..table.concat(zero_based_pos(pos)," ")) end + delete_pos_1(pos) -- cannot split at the first byte + if #pos>0 then + for i=0,#pos do + local pos_start = pos[i] or 1 + local pos_end = i<#pos and pos[i+1]-1 or #data + local part = string.sub(data,pos_start,pos_end) + local seqovl=0 + if i==0 and desync.arg.seqovl and tonumber(desync.arg.seqovl)>0 then + seqovl = tonumber(desync.arg.seqovl) + local pat = desync.arg.seqovl_pattern and blob(desync,desync.arg.seqovl_pattern) or "\x00" + part = pattern(pat,1,seqovl)..part + end + if b_debug then DLOG("multisplit: sending part "..(i+1).." "..(pos_start-1).."-"..(pos_end-1).." len="..#part.." seqovl="..seqovl.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,pos_start-1-seqovl) then + return VERDICT_PASS + end + end + replay_drop_set(desync) + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + else + DLOG("multisplit: no valid split positions") + end + else + DLOG("multisplit: not acting on further replay pieces") + end + -- drop replayed packets if reasm was sent successfully in splitted form + if replay_drop(desync) then + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + end + end +end + +-- nfqws1 : "--dpi-desync=multidisorder" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct, ipfrag +-- arg : pos= . position marker list. example : "1,host,midsld+1,-10" +-- arg : seqovl=N . decrease seq number of the second segment in the original order by N and fill N bytes with pattern (default - all zero). N must be less than the first split pos. +-- arg : seqovl_pattern= . override pattern +-- arg : blob= - use this data instead of reasm_data +-- arg : nodrop - do not drop current dissect +function multidisorder(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + -- by default process only outgoing known payloads + local data = blob_or_def(desync, desync.arg.blob) or desync.reasm_data or desync.dis.payload + if #data>0 and direction_check(desync) and payload_check(desync) then + if replay_first(desync) then + local spos = desync.arg.pos or "2" + -- check debug to save CPU + if b_debug then DLOG("multidisorder: split pos: "..spos) end + local pos = resolve_multi_pos(data, desync.l7payload, spos) + if b_debug then DLOG("multidisorder: resolved split pos: "..table.concat(zero_based_pos(pos)," ")) end + delete_pos_1(pos) -- cannot split at the first byte + if #pos>0 then + for i=#pos,0,-1 do + local pos_start = pos[i] or 1 + local pos_end = i<#pos and pos[i+1]-1 or #data + local part = string.sub(data,pos_start,pos_end) + local seqovl=0 + if i==1 and desync.arg.seqovl then + seqovl = resolve_pos(data, desync.l7payload, desync.arg.seqovl) + if not seqovl then + DLOG("multidisorder: seqovl cancelled because could not resolve marker '"..desync.arg.seqovl.."'") + seqovl = 0 + else + seqovl = seqovl - 1 + if seqovl>=(pos[1]-1) then + DLOG("multidisorder: seqovl cancelled because seqovl "..seqovl.." is not less than the first split pos "..(pos[1]-1)) + seqovl = 0 + else + local pat = desync.arg.seqovl_pattern and blob(desync,desync.arg.seqovl_pattern) or "\x00" + part = pattern(pat,1,seqovl)..part + end + end + end + if b_debug then DLOG("multidisorder: sending part "..(i+1).." "..(pos_start-1).."-"..(pos_end-1).." len="..#part.." seqovl="..seqovl.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,pos_start-1-seqovl) then + return VERDICT_PASS + end + end + replay_drop_set(desync) + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + else + DLOG("multidisorder: no valid split positions") + end + else + DLOG("multidisorder: not acting on further replay pieces") + end + -- drop replayed packets if reasm was sent successfully in splitted form + if replay_drop(desync) then + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + end + end +end + +-- nfqws1 : "--dpi-desync=hostfakesplit" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct. FOOLING AND REPEATS APPLIED ONLY TO FAKES. +-- arg : host= - hostname template. generate hosts like "random.template". example : e8nzn.vk.com +-- arg : midhost= - additionally split segment containing host at specified posmarker. must be within host+1 .. endhost-1 or split won't happen. example : "midsld" +-- arg : nofake1, nofake2 - do not send individual fakes +-- arg : disorder_after= - send after_host part in 2 disordered segments. if posmarker is empty string use marker "-1" +-- arg : blob= - use this data instead of desync.dis.payload +-- arg : nodrop - do not drop current dissect +function hostfakesplit(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + -- by default process only outgoing known payloads + local data = blob_or_def(desync, desync.arg.blob) or desync.reasm_data or desync.dis.payload + if #data>0 and direction_check(desync) and payload_check(desync) then + if replay_first(desync) then + local pos = resolve_range(data, desync.l7payload, "host,endhost-1", true) + if pos then + if b_debug then DLOG("hostfakesplit: resolved host range: "..table.concat(zero_based_pos(pos)," ")) end + + -- do not apply fooling to original parts except tcp_ts_up but apply ip_id + local part, fakehost + local opts_orig = {rawsend = rawsend_opts_base(desync), reconstruct = {}, ipfrag = {}, ipid = desync.arg, fooling = {tcp_ts_up = desync.arg.tcp_ts_up}} + local opts_fake = {rawsend = rawsend_opts(desync), reconstruct = reconstruct_opts(desync), ipfrag = {}, ipid = desync.arg, fooling = desync.arg} + + part = string.sub(data,1,pos[1]-1) + if b_debug then DLOG("hostfakesplit: sending before_host part 0-"..(pos[1]-2).." len="..#part.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,0, opts_orig) then return VERDICT_PASS end + + fakehost = genhost(pos[2]-pos[1]+1, desync.arg.host) + + if not desync.arg.nofake1 then + if b_debug then DLOG("hostfakesplit: sending fake host part (1) "..(pos[1]-1).."-"..(pos[2]-1).." len="..#fakehost.." : "..hexdump_dlog(fakehost)) end + if not rawsend_payload_segmented(desync,fakehost,pos[1]-1, opts_fake) then return VERDICT_PASS end + end + + local midhost + if desync.arg.midhost then + midhost = resolve_pos(data,desync.l7payload,desync.arg.midhost) + if not midhost then + DLOG("hostfakesplit: cannot resolve midhost marker '"..desync.arg.midhost.."'") + end + DLOG("hosfakesplit: midhost marker resolved to "..midhost) + if midhost<=pos[1] or midhost>pos[2] then + DLOG("hostfakesplit: midhost is not inside the host range") + midhost = nil + end + end + -- if present apply ipfrag only to real host parts. fakes and parts outside of the host must be visible to DPI. + if midhost then + part = string.sub(data,pos[1],midhost-1) + if b_debug then DLOG("hostfakesplit: sending real host part 1 "..(pos[1]-1).."-"..(midhost-2).." len="..#part.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,pos[1]-1, opts_orig) then return VERDICT_PASS end + + part = string.sub(data,midhost,pos[2]) + if b_debug then DLOG("hostfakesplit: sending real host part 2 "..(midhost-1).."-"..(pos[2]-1).." len="..#part.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,midhost-1, opts_orig) then return VERDICT_PASS end + else + part = string.sub(data,pos[1],pos[2]) + if b_debug then DLOG("hostfakesplit: sending real host part "..(pos[1]-1).."-"..(pos[2]-1).." len="..#part.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,pos[1]-1, opts_orig) then return VERDICT_PASS end + end + + if not desync.arg.nofake2 then + if b_debug then DLOG("hostfakesplit: sending fake host part (2) "..(pos[1]-1).."-"..(pos[2]-1).." len="..#fakehost.." : "..hexdump_dlog(fakehost)) end + if not rawsend_payload_segmented(desync,fakehost,pos[1]-1, opts_fake) then return VERDICT_PASS end + end + + local disorder_after_pos + if desync.arg.disorder_after then + disorder_after_pos = resolve_pos(data, desync.l7payload, desync.arg.disorder_after=="" and "-1" or desync.arg.disorder_after) + if disorder_after_pos then + -- pos[2] points to the last letter of the host starting from 1 + if disorder_after_pos<=(pos[2]+1) then + DLOG("hostfakesplit: disorder_after marker '"..(disorder_after_pos-1).."' resolved to pos not after after_host pos "..pos[2]) + disorder_after_pos = nil + end + + else + DLOG("hostfakesplit: could not resolve disorder_after marker '"..desync.arg.disorder_after.."'") + end + end + if disorder_after_pos then + part = string.sub(data,disorder_after_pos) + if b_debug then DLOG("hostfakesplit: sending after_host part (2) "..(disorder_after_pos-1).."-"..(#data-1).." len="..#part.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,disorder_after_pos-1, opts_orig) then return VERDICT_PASS end + + part = string.sub(data,pos[2]+1,disorder_after_pos-1) + if b_debug then DLOG("hostfakesplit: sending after_host part (1) "..pos[2].."-"..(disorder_after_pos-2).." len="..#part.." : "..hexdump_dlog(part)) end + else + part = string.sub(data,pos[2]+1) + if b_debug then DLOG("hostfakesplit: sending after_host part "..pos[2].."-"..(#data-1).." len="..#part.." : "..hexdump_dlog(part)) end + end + if not rawsend_payload_segmented(desync,part,pos[2], opts_orig) then return VERDICT_PASS end + + replay_drop_set(desync) + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + else + DLOG("hostfakesplit: host range cannot be resolved") + end + else + DLOG("hostfakesplit: not acting on further replay pieces") + end + -- drop replayed packets if reasm was sent successfully in splitted form + if replay_drop(desync) then + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + end + end +end + +-- nfqws1 : "--dpi-desync=fakedsplit" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct. FOOLING AND REPEATS APPLIED ONLY TO FAKES. +-- arg : pos= - split position marker +-- arg : nofake1, nofake2, nofake3, nofake4 - do not send individual fakes +-- arg : pattern= . fill fake parts with this pattern +-- arg : seqovl=N . decrease seq number of the first segment by N and fill N bytes with pattern (default - all zero) +-- arg : seqovl_pattern= . override seqovl pattern +-- arg : blob= - use this data instead of reasm_data +-- arg : nodrop - do not drop current dissect +function fakedsplit(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + -- by default process only outgoing known payloads + local data = blob_or_def(desync, desync.arg.blob) or desync.reasm_data or desync.dis.payload + if #data>0 and direction_check(desync) and payload_check(desync) then + if replay_first(desync) then + local spos = desync.arg.pos or "2" + local pos = resolve_pos(data, desync.l7payload, spos) + if pos then + if pos == 1 then + DLOG("multidisorder: split pos resolved to 0. cannot split.") + else + if b_debug then DLOG("fakedsplit: resolved split pos: "..tostring(pos-1)) end + + -- do not apply fooling to original parts except tcp_ts_up but apply ip_id + local fake, fakepat, part, pat + local opts_orig = {rawsend = rawsend_opts_base(desync), reconstruct = {}, ipfrag = {}, ipid = desync.arg, fooling = {tcp_ts_up = desync.arg.tcp_ts_up}} + local opts_fake = {rawsend = rawsend_opts(desync), reconstruct = reconstruct_opts(desync), ipfrag = {}, ipid = desync.arg, fooling = desync.arg} + + fakepat = desync.arg.pattern and blob(desync,desync.arg.pattern) or "\x00" + + -- first fake + fake = pattern(fakepat,1,pos-1) + + if not desync.arg.nofake1 then + if b_debug then DLOG("fakedsplit: sending fake part 1 (1) : 0-"..(pos-2).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,0, opts_fake) then return VERDICT_PASS end + end + + -- first real + part = string.sub(data,1,pos-1) + local seqovl=0 + if desync.arg.seqovl and tonumber(desync.arg.seqovl)>0 then + seqovl = tonumber(desync.arg.seqovl) + pat = desync.arg.seqovl_pattern and blob(desync,desync.arg.seqovl_pattern) or "\x00" + part = pattern(pat,1,seqovl)..part + end + if b_debug then DLOG("fakedsplit: sending real part 1 : 0-"..(pos-2).." len="..#part.." seqovl="..seqovl.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,-seqovl, opts_orig) then return VERDICT_PASS end + + -- first fake again + if not desync.arg.nofake2 then + if b_debug then DLOG("fakedsplit: sending fake part 1 (2) : 0-"..(pos-2).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,0, opts_fake) then return VERDICT_PASS end + end + + -- second fake + fake = pattern(fakepat,pos,#data-pos+1) + if not desync.arg.nofake3 then + if b_debug then DLOG("fakedsplit: sending fake part 2 (1) : "..(pos-1).."-"..(#data-1).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,pos-1, opts_fake) then return VERDICT_PASS end + end + + -- second real + part = string.sub(data,pos) + if b_debug then DLOG("fakedsplit: sending real part 2 : "..(pos-1).."-"..(#data-1).." len="..#part.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,pos-1, opts_orig) then return VERDICT_PASS end + + -- second fake again + if not desync.arg.nofake4 then + if b_debug then DLOG("fakedsplit: sending fake part 2 (2) : "..(pos-1).."-"..(#data-1).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,pos-1, opts_fake) then return VERDICT_PASS end + end + + replay_drop_set(desync) + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + end + else + DLOG("fakedsplit: cannot resolve pos '"..desync.arg.pos.."'") + end + else + DLOG("fakedsplit: not acting on further replay pieces") + end + -- drop replayed packets if reasm was sent successfully in splitted form + if replay_drop(desync) then + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + end + end +end + +-- nfqws1 : "--dpi-desync=fakeddisorder" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct. FOOLING AND REPEATS APPLIED ONLY TO FAKES. +-- arg : pos= - split position marker +-- arg : nofake1, nofake2, nofake3, nofake4 - do not send individual fakes +-- arg : pattern= . fill fake parts with this pattern +-- arg : seqovl=N . decrease seq number of the second segment by N and fill N bytes with pattern (default - all zero). N must be less than the split pos. +-- arg : seqovl_pattern= . override seqovl pattern +-- arg : blob= - use this data instead of desync.dis.payload +-- arg : nodrop - do not drop current dissect +function fakeddisorder(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + -- by default process only outgoing known payloads + local data = blob_or_def(desync, desync.arg.blob) or desync.reasm_data or desync.dis.payload + if #data>0 and direction_check(desync) and payload_check(desync) then + if replay_first(desync) then + local spos = desync.arg.pos or "2" + local pos = resolve_pos(data, desync.l7payload, spos) + if pos then + if pos == 1 then + DLOG("multidisorder: split pos resolved to 0. cannot split.") + else + if b_debug then DLOG("fakeddisorder: resolved split pos: "..tostring(pos-1)) end + + -- do not apply fooling to original parts except tcp_ts_up but apply ip_id + local fake, part, pat + local opts_orig = {rawsend = rawsend_opts_base(desync), reconstruct = {}, ipfrag = {}, ipid = desync.arg, fooling = {tcp_ts_up = desync.arg.tcp_ts_up}} + local opts_fake = {rawsend = rawsend_opts(desync), reconstruct = reconstruct_opts(desync), ipfrag = {}, ipid = desync.arg, fooling = desync.arg} + + fakepat = desync.arg.pattern and blob(desync,desync.arg.pattern) or "\x00" + + -- second fake + fake = pattern(fakepat,pos,#data-pos+1) + if not desync.arg.nofake1 then + if b_debug then DLOG("fakeddisorder: sending fake part 2 (1) : "..(pos-1).."-"..(#data-1).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,pos-1, opts_fake) then return VERDICT_PASS end + end + + -- second real + part = string.sub(data,pos) + local seqovl = 0 + if desync.arg.seqovl then + seqovl = resolve_pos(data, desync.l7payload, desync.arg.seqovl) + if seqovl then + seqovl = seqovl - 1 + if seqovl>=(pos-1) then + DLOG("fakeddisorder: seqovl cancelled because seqovl "..seqovl.." is not less than the split pos "..(pos-1)) + seqovl = 0 + else + local pat = desync.arg.seqovl_pattern and blob(desync,desync.arg.seqovl_pattern) or "\x00" + part = pattern(pat,1,seqovl)..part + end + else + DLOG("fakeddisorder: seqovl cancelled because could not resolve marker '"..desync.arg.seqovl.."'") + seqovl = 0 + end + end + if b_debug then DLOG("fakeddisorder: sending real part 2 : "..(pos-1).."-"..(#data-1).." len="..#part.." seqovl="..seqovl.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,pos-1-seqovl, opts_orig) then return VERDICT_PASS end + + -- second fake again + if not desync.arg.nofake2 then + if b_debug then DLOG("fakeddisorder: sending fake part 2 (2) : "..(pos-1).."-"..(#data-1).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,pos-1, opts_fake) then return VERDICT_PASS end + end + + -- first fake + fake = pattern(fakepat,1,pos-1) + if not desync.arg.nofake3 then + if b_debug then DLOG("fakeddisorder: sending fake part 1 (1) : 0-"..(pos-2).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,0, opts_fake) then return VERDICT_PASS end + end + + -- first real + part = string.sub(data,1,pos-1) + if b_debug then DLOG("fakeddisorder: sending real part 1 : 0-"..(pos-2).." len="..#part.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,0, opts_orig) then return VERDICT_PASS end + + -- first fake again + if not desync.arg.nofake4 then + if b_debug then DLOG("fakeddisorder: sending fake part 1 (2) : 0-"..(pos-2).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,0, opts_fake) then return VERDICT_PASS end + end + + replay_drop_set(desync) + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + end + else + DLOG("fakeddisorder: cannot resolve pos '"..desync.arg.pos.."'") + end + else + DLOG("fakeddisorder: not acting on further replay pieces") + end + -- drop replayed packets if reasm was sent successfully in splitted form + if replay_drop(desync) then + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + end + end +end + +-- nfqws1 : not available +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct, ipfrag +-- arg : pos= . position marker list. 2 pos required, only 2 first pos used. example : "host,endhost" +-- arg : seqovl=N . decrease seq number of the first segment by N and fill N bytes with pattern (default - all zero) +-- arg : seqovl_pattern= . override pattern +-- arg : blob= - use this data instead of desync.dis.payload +function tcpseg(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + if not desync.arg.pos then + error("tcpseg: no pos specified") + end + -- by default process only outgoing known payloads + local data = blob_or_def(desync, desync.arg.blob) or desync.reasm_data or desync.dis.payload + if #data>0 and direction_check(desync) and payload_check(desync) then + if replay_first(desync) then + if b_debug then DLOG("tcpseg: pos: "..desync.arg.pos) end + -- always returns 2 positions or nil or causes error + local pos = resolve_range(data, desync.l7payload, desync.arg.pos) + if pos then + -- check debug to save CPU + if b_debug then DLOG("tcpseg: resolved range: "..table.concat(zero_based_pos(pos)," ")) end + local part = string.sub(data,pos[1],pos[2]) + local seqovl=0 + if desync.arg.seqovl and tonumber(desync.arg.seqovl)>0 then + seqovl = tonumber(desync.arg.seqovl) + local pat = desync.arg.seqovl_pattern and blob(desync,desync.arg.seqovl_pattern) or "\x00" + part = pattern(pat,1,seqovl)..part + end + if b_debug then DLOG("tcpseg: sending "..(pos[1]-1).."-"..(pos[2]-1).." len="..#part.." seqovl="..seqovl.." : "..hexdump_dlog(part)) end + rawsend_payload_segmented(desync,part,pos[1]-1-seqovl) + else + DLOG("tcpseg: range cannot be resolved") + end + else + DLOG("tcpseg: not acting on further replay pieces") + end + end +end + +-- nfqws1 : "--dpi-desync=udplen" +-- standard args : direction, payload +-- arg : min=N . do not act on payloads smaller than N bytes +-- arg : max=N . do not act on payloads larger than N bytes +-- arg : increment=N . 2 by default. negative increment shrinks the packet, positive grows it. +-- arg : pattern= . used to fill extra bytes when length increases +-- arg : pattern_offset=N . offset in the pattern. 0 by default +function udplen(ctx, desync) + if not desync.dis.udp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + if direction_check(desync) and payload_check(desync) then + local len = #desync.dis.payload + if (desync.arg.min and #desync.dis.payload < tonumber(desync.arg.min)) then + DLOG("udplen: payload size "..len.." is less than the minimum size "..desync.arg.min) + elseif (desync.arg.max and #desync.dis.payload > tonumber(desync.arg.max)) then + DLOG("udplen: payload size "..len.." is more than the maximum size "..desync.arg.max) + else + local inc = desync.arg.increment and tonumber(desync.arg.increment) or 2 + if inc>0 then + local pat = desync.arg.pattern and blob(desync,desync.arg.pattern) or "\x00" + local pat_offset = desync.arg.pattern_offset and (tonumber(desync.arg.pattern_offset)+1) or 1 + desync.dis.payload = desync.dis.payload .. pattern(pat, pat_offset, inc) + DLOG("udplen: "..len.." => "..#desync.dis.payload) + return VERDICT_MODIFY + elseif inc<0 then + if (len+inc)<1 then + DLOG("udplen: will not shrink to zero length") + else + desync.dis.payload = string.sub(desync.dis.payload,1,len+inc) + DLOG("udplen: "..len.." => "..#desync.dis.payload) + end + return VERDICT_MODIFY + end + end + end +end + +-- nfqws1 : "--dpi-desync=tamper" for dht proto +-- standard args : direction +-- arg : dn=N - message starts from "dN". 2 by default +function dht_dn(ctx, desync) + if not desync.dis.udp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + if desync.l7payload=="dht" and direction_check(desync) then + local N = tonumber(desync.arg.dn) or 2 + -- remove "d1" from the start not breaking bencode + local prefix = "d"..tostring(N)..":"..string.rep("0",N).."1:x" + desync.dis.payload = prefix..string.sub(desync.dis.payload,2) + DLOG("dht_dn: tampered dht to start with '"..prefix.."' instead of 'd1:'") + return VERDICT_MODIFY + end +end diff --git a/blockcheck/zapret2/lua/zapret-auto.lua b/blockcheck/zapret2/lua/zapret-auto.lua new file mode 100644 index 0000000..216a06e --- /dev/null +++ b/blockcheck/zapret2/lua/zapret-auto.lua @@ -0,0 +1,429 @@ +-- standard automation/orchestration code +-- this is related to making dynamic strategy decisions without rewriting or altering strategy function code +-- orchestrators can decide which instances to call or not to call or pass them dynamic arguments +-- failure and success detectors test potential block conditions for orchestrators + +-- standard host key generator for per-host storage +-- arg: reqhost - require hostname, do not work with ip +-- arg: nld=N - cut hostname to N level domain. NLD=2 static.intranet.microsoft.com => microsoft.com +function standard_hostkey(desync) + local hostkey = desync.track and desync.track.hostname + if hostkey then + if desync.arg.nld and tonumber(desync.arg.nld)>0 then + -- dissect_nld returns nil if domain is invalid or does not have this NLD + -- fall back to original hostkey if it fails + local hktemp = dissect_nld(hostkey, tonumber(desync.arg.nld)) + if hktemp then + hostkey = hktemp + end + end + elseif not desync.arg.reqhost then + hostkey = host_ip(desync) + end + return hostkey +end + +-- per-host storage +-- arg: key - a string - table name inside autostate table. to allow multiple orchestrator instances to use single host storage +-- arg: hostkey - hostkey generator function name +function automate_host_record(desync) + local hostkey, hkf, askey + + if desync.arg.hostkey then + if type(_G[desync.arg.hostkey])~="function" then + error("automate: invalid hostkey function '"..desync.arg.hostkey.."'") + end + hkf = _G[desync.arg.hostkey] + else + hkf = standard_hostkey + end + hostkey = hkf(desync) + if not hostkey then + DLOG("automate: host record key unavailable") + return nil + end + + askey = (desync.arg.key and #desync.arg.key>0) and desync.arg.key or desync.func_instance + DLOG("automate: host record key 'autostate."..askey.."."..hostkey.."'") + if not autostate then + autostate = {} + end + if not autostate[askey] then + autostate[askey] = {} + end + if not autostate[askey][hostkey] then + autostate[askey][hostkey] = {} + end + return autostate[askey][hostkey] +end +-- per-connection storage +function automate_conn_record(desync) + if not desync.track.lua_state.automate then + desync.track.lua_state.automate = {} + end + return desync.track.lua_state.automate +end + +-- counts failure, optionally (if crec is given) prevents dup failure counts in a single connection +-- if 'maxtime' between failures is exceeded then failure count is reset +-- return true if threshold ('fails') is reached +-- hres is host record. host or ip bound table +-- cres is connection record. connection bound table +function automate_failure_counter(hrec, crec, fails, maxtime) + if crec and crec.failure then + DLOG("automate: duplicate failure in the same connection. not counted") + else + if crec then crec.failure = true end + local tnow=os.time() + if not hrec.failure_time_last then + hrec.failure_time_last = tnow + end + if not hrec.failure_counter then + hrec.failure_counter = 0 + elseif tnow>(hrec.failure_time_last + maxtime) then + DLOG("automate: failure counter reset because last failure was "..(tnow - hrec.failure_time_last).." seconds ago") + hrec.failure_counter = 0 + end + hrec.failure_counter = hrec.failure_counter + 1 + hrec.failure_time_last = tnow + if b_debug then DLOG("automate: failure counter "..hrec.failure_counter..(fails and ('/'..fails) or '')) end + if fails and hrec.failure_counter>=fails then + hrec.failure_counter = nil -- reset counter + return true + end + end + return false +end +-- resets failure counter if it has started counting +function automate_failure_counter_reset(hrec) + if hrec.failure_counter then + DLOG("automate: failure counter reset") + hrec.failure_counter = nil + end +end + +-- location is url compatible with Location: header +-- hostname is original hostname +function is_dpi_redirect(hostname, location) + local ds = dissect_url(location) + if ds.domain then + local sld1 = dissect_nld(hostname,2) + local sld2 = dissect_nld(ds.domain,2) + return sld2 and sld1~=sld2 + end + return false +end + +function standard_detector_defaults(arg) + return { + inseq = tonumber(arg.inseq) or 4096, + retrans = tonumber(arg.retrans) or 3, + maxseq = tonumber(arg.maxseq) or 32768, + udp_in = tonumber(arg.udp_in) or 1, + udp_out = tonumber(arg.udp_out) or 4, + no_http_redirect = arg.no_http_redirect, + no_rst = arg.no_rst + } +end + +-- standard failure detector +-- works with tcp and udp +-- detected failures: +-- incoming RST +-- incoming http redirection +-- outgoing retransmissions +-- udp too much out with too few in +-- arg: maxseq= - tcp: test retransmissions only within this relative sequence. default is 32K +-- arg: retrans=N - tcp: retrans count threshold. default is 3 +-- arg: inseq= - tcp: maximum relative sequence number to treat incoming RST as DPI reset. default is 4K +-- arg: no_http_redirect - tcp: disable http_reply dpi redirect trigger +-- arg: no_rst - tcp: disable incoming RST trigger +-- arg: udp_out - udp: >= outgoing udp packets. default is 4 +-- arg: udp_in - udp: with <= incoming udp packets. default is 1 +function standard_failure_detector(desync, crec) + local arg = standard_detector_defaults(desync.arg) + local trigger = false + if desync.dis.tcp then + local seq = pos_get(desync,'s') + if desync.outgoing then + if #desync.dis.payload>0 and arg.retrans and arg.maxseq>0 and seq<=arg.maxseq and (crec.retrans or 0)=arg.retrans + end + end + else + if not arg.no_rst and arg.inseq>0 and bitand(desync.dis.tcp.th_flags, TH_RST)~=0 and seq>=1 then + trigger = seq<=arg.inseq + if b_debug then + if trigger then + DLOG("standard_failure_detector: incoming RST s"..seq.." in range s"..arg.inseq) + else + DLOG("standard_failure_detector: not counting incoming RST s"..seq.." beyond s"..arg.inseq) + end + end + elseif not arg.no_http_redirect and desync.l7payload=="http_reply" and desync.track.hostname then + local hdis = http_dissect_reply(desync.dis.payload) + if hdis and (hdis.code==302 or hdis.code==307) and hdis.headers.location and hdis.headers.location then + trigger = is_dpi_redirect(desync.track.hostname, hdis.headers.location.value) + if b_debug then + if trigger then + DLOG("standard_failure_detector: http redirect "..hdis.code.." to '"..hdis.headers.location.value.."'. looks like DPI redirect.") + else + DLOG("standard_failure_detector: http redirect "..hdis.code.." to '"..hdis.headers.location.value.."'. NOT a DPI redirect.") + end + end + end + end + end + elseif desync.dis.udp then + if desync.outgoing then + if arg.udp_out>0 then + local pos_out = pos_get(desync,'n',false) + local pos_in = pos_get(desync,'n',true) + trigger = pos_out>=arg.udp_out and pos_in<=arg.udp_in + if trigger then + if b_debug then + DLOG("standard_failure_detector: arg.udp_out "..pos_out..">="..arg.udp_out.." arg.udp_in "..pos_in.."<="..arg.udp_in) + end + end + end + end + end + return trigger +end + +-- standard success detector +-- success means previous failures were temporary and counter should be reset +-- detected successes: +-- tcp: outgoing seq is beyond 'maxseq' and maxseq>0 +-- tcp: incoming seq is beyond 'inseq' and inseq>0 +-- udp: incoming packets count > `udp_in` and `udp_out`>0 +-- arg: maxseq= - tcp: success if outgoing relative sequence is beyond this value. default is 32K +-- arg: inseq= - tcp: success if incoming relative sequence is beyond this value. default is 4K +-- arg: udp_out - udp : must be nil or >0 to test udp_in +-- arg: udp_in - udp: if number if incoming packets > udp_in it means success +function standard_success_detector(desync, crec) + local arg = standard_detector_defaults(desync.arg) + if desync.dis.tcp then + local seq = pos_get(desync,'s') + if desync.outgoing then + if arg.maxseq>0 and seq>arg.maxseq then + DLOG("standard_success_detector: outgoing s"..seq.." is beyond s"..arg.maxseq..". treating connection as successful") + return true + end + else + if arg.inseq>0 and seq>arg.inseq then + DLOG("standard_success_detector: incoming s"..seq.." is beyond s"..arg.inseq..". treating connection as successful") + return true + end + end + elseif desync.dis.udp then + if not desync.outgoing then + local pos = pos_get(desync,'n') + if arg.udp_out>0 and pos>arg.udp_in then + if b_debug then + DLOG("standard_success_detector: arg.udp_in "..pos..">"..arg.udp_in) + end + return true + end + end + end + + return false +end + +-- calls success and failure detectors +-- resets counter if success is detected +-- increases counter if failure is detected +-- returns true if failure counter exceeds threshold +function automate_failure_check(desync, hrec, crec) + if crec.nocheck then return false end + + local failure_detector, success_detector + if desync.arg.failure_detector then + if type(_G[desync.arg.failure_detector])~="function" then + error("automate: invalid failure detector function '"..desync.arg.failure_detector.."'") + end + failure_detector = _G[desync.arg.failure_detector] + else + failure_detector = standard_failure_detector + end + if desync.arg.success_detector then + if type(_G[desync.arg.success_detector])~="function" then + error("automate: invalid success detector function '"..desync.arg.success_detector.."'") + end + success_detector = _G[desync.arg.success_detector] + else + success_detector = standard_success_detector + end + + if success_detector(desync, crec) then + crec.nocheck = true + DLOG("automate: success detected") + automate_failure_counter_reset(hrec) + return false + end + if failure_detector(desync, crec) then + crec.nocheck = true + DLOG("automate: failure detected") + local fails = tonumber(desync.arg.fails) or 3 + local maxtime = tonumber(desync.arg.time) or 60 + return automate_failure_counter(hrec, crec, fails, maxtime) + end + + return false +end + + +-- circularily change strategy numbers when failure count reaches threshold ('fails') +-- this orchestrator requires redirection of incoming traffic to cache RST and http replies ! +-- each orchestrated instance must have strategy=N arg, where N starts from 1 and increment without gaps +-- if 'final' arg is present in an orchestrated instance it stops rotation +-- arg: fails=N - failture count threshold. default is 3 +-- arg: time= - if last failure happened earlier than `maxtime` seconds ago - reset failure counter. default is 60. +-- arg: success_detector - success detector function name +-- arg: failure_detector - failure detector function name +-- arg: hostkey - hostkey generator function name +-- args for failure detector - see standard_failure_detector or your own detector +-- args for success detector - see standard_success_detector or your own detector +-- args for hostkey generator - see standard_hostkey or your own generator +-- test case: nfqws2 --qnum 200 --debug --lua-init=@zapret-lib.lua --lua-init=@zapret-auto.lua --in-range=-s34228 --lua-desync=circular --lua-desync=argdebug:strategy=1 --lua-desync=argdebug:strategy=2 +function circular(ctx, desync) + local function count_strategies(hrec) + if not hrec.ctstrategy then + local uniq={} + local n=0 + for i,instance in pairs(desync.plan) do + if instance.arg.strategy then + n = tonumber(instance.arg.strategy) + if not n or n<1 then + error("circular: strategy number '"..tostring(instance.arg.strategy).."' is invalid") + end + uniq[tonumber(instance.arg.strategy)] = true + if instance.arg.final then + hrec.final = n + end + end + end + n=0 + for i,v in pairs(uniq) do + n=n+1 + end + if n~=#uniq then + error("circular: strategies numbers must start from 1 and increment. gaps are not allowed.") + end + hrec.ctstrategy = n + end + end + + -- take over execution. prevent further instance execution in case of error + orchestrate(ctx, desync) + + if not desync.track then + DLOG_ERR("circular: conntrack is missing but required") + return + end + + local hrec = automate_host_record(desync) + if not hrec then + DLOG("circular: passing with no tampering") + return + end + + count_strategies(hrec) + if hrec.ctstrategy==0 then + error("circular: add strategy=N tag argument to each following instance ! N must start from 1 and increment") + end + if not hrec.nstrategy then + DLOG("circular: start from strategy 1") + hrec.nstrategy = 1 + end + + local verdict = VERDICT_PASS + if hrec.final~=hrec.nstrategy then + local crec = automate_conn_record(desync) + if automate_failure_check(desync, hrec, crec) then + hrec.nstrategy = (hrec.nstrategy % hrec.ctstrategy) + 1 + DLOG("circular: rotate strategy to "..hrec.nstrategy) + if hrec.nstrategy == hrec.final then + DLOG("circular: final strategy "..hrec.final.." reached. will rotate no more.") + end + end + end + + DLOG("circular: current strategy "..hrec.nstrategy) + while true do + local instance = plan_instance_pop(desync) + if not instance then break end + if instance.arg.strategy and tonumber(instance.arg.strategy)==hrec.nstrategy then + verdict = plan_instance_execute(desync, verdict, instance) + end + end + + return verdict +end + +-- test iff functions +function cond_true(desync) + return true +end +function cond_false(desync) + return false +end +-- arg: percent - of true . 50 by default +function cond_random(desync) + return math.random(0,99)<(tonumber(desync.arg.percent) or 50) +end +-- this iif function detects packets having 'arg.pattern' string in their payload +-- test case : nfqws2 --qnum 200 --debug --lua-init=@zapret-lib.lua --lua-init=@zapret-auto.lua --lua-desync=condition:iff=cond_payload_str:pattern=1234 --lua-desync=argdebug:testarg=1 --lua-desync=argdebug:testarg=2:morearg=xyz +-- test case (true) : echo aaz1234zzz | ncat -4u 1.1.1.1 443 +-- test case (false) : echo aaze124zzz | ncat -4u 1.1.1.1 443 +function cond_payload_str(desync) + if not desync.arg.pattern then + error("cond_payload_str: missing 'pattern'") + end + return string.find(desync.dis.payload,desync.arg.pattern,1,true) +end +-- check iff function available. error if not +function require_iff(desync, name) + if not desync.arg.iff then + error(name..": missing 'iff' function") + end + if type(_G[desync.arg.iff])~="function" then + error(name..": invalid 'iff' function '"..desync.arg.iff.."'") + end +end +-- execute further desync instances only if user-provided 'iff' function returns true +-- for example, this can be used by custom protocol detectors +-- arg: iff - condition function. takes desync as arg and returns bool. (cant use 'if' because of reserved word) +-- arg: neg - invert condition function result +-- test case : nfqws2 --qnum 200 --debug --lua-init=@zapret-lib.lua --lua-init=@zapret-auto.lua --lua-desync=condition:iff=cond_random --lua-desync=argdebug:testarg=1 --lua-desync=argdebug:testarg=2:morearg=xyz +function condition(ctx, desync) + require_iff(desync, "condition") + orchestrate(ctx, desync) + if logical_xor(_G[desync.arg.iff](desync), desync.arg.neg) then + DLOG("condition: true") + return replay_execution_plan(desync) + else + DLOG("condition: false") + plan_clear(desync) + end +end +-- clear execution plan if user provided 'iff' functions returns true +-- can be used with other orchestrators to stop execution conditionally +-- arg: iff - condition function. takes desync as arg and returns bool. (cant use 'if' because of reserved word) +-- arg: neg - invert condition function result +-- test case : nfqws2 --qnum 200 --debug --lua-init=@zapret-lib.lua --lua-init=@zapret-auto.lua --in-range=-s1 --lua-desync=circular --lua-desync=stopif:iff=cond_random:strategy=1 --lua-desync=argdebug:strategy=1 --lua-desync=argdebug:strategy=2 +function stopif(ctx, desync) + require_iff(desync, "stopif") + orchestrate(ctx, desync) + if logical_xor(_G[desync.arg.iff](desync), desync.arg.neg) then + DLOG("stopif: true") + plan_clear(desync) + else + -- do not do anything. allow other orchestrator to finish the plan + DLOG("stopif: false") + end +end diff --git a/blockcheck/zapret2/lua/zapret-lib.lua b/blockcheck/zapret2/lua/zapret-lib.lua new file mode 100644 index 0000000..2b4a578 --- /dev/null +++ b/blockcheck/zapret2/lua/zapret-lib.lua @@ -0,0 +1,1398 @@ +HEXDUMP_DLOG_MAX = HEXDUMP_DLOG_MAX or 32 +NOT3=bitnot(3) +NOT7=bitnot(7) +-- xor pid,tid,sec,nsec +math.randomseed(bitxor(getpid(),gettid(),clock_gettime())) + +-- basic desync function +-- execute given lua code. "desync" is temporary set as global var to be accessible to the code +-- useful for simple fast actions without writing a func +-- arg: code= +function luaexec(ctx, desync) + if not desync.arg.code then + error("luaexec: no 'code' parameter") + end + local fname = desync.func_instance.."_luaexec_code" + if not _G[fname] then + _G[fname] = load(desync.arg.code, fname) + end + -- allow dynamic code to access desync + _G.desync = desync + _G[fname]() + _G.desync = nil +end + +-- basic desync function +-- does nothing just acknowledges when it's called +-- no args +function pass(ctx, desync) + DLOG("pass") +end + +-- basic desync function +-- prints desync to DLOG +function pktdebug(ctx, desync) + DLOG("desync:") + var_debug(desync) +end +-- basic desync function +-- prints function args +function argdebug(ctx, desync) + var_debug(desync.arg) +end + +-- basic desync function +-- prints conntrack positions to DLOG +function posdebug(ctx, desync) + if not desync.track then + DLOG("posdebug: no track") + return + end + local s="posdebug: "..(desync.outgoing and "out" or "in").." time +"..desync.track.pos.dt.."s direct" + for i,pos in pairs({'n','d','b','s','p'}) do + s=s.." "..pos..pos_get(desync, pos, false) + end + s=s.." reverse" + for i,pos in pairs({'n','d','b','s','p'}) do + s=s.." "..pos..pos_get(desync, pos, true) + end + s=s.." payload "..#desync.dis.payload + if desync.reasm_data then + s=s.." reasm "..#desync.reasm_data + end + if desync.decrypt_data then + s=s.." decrypt "..#desync.decrypt_data + end + if desync.replay_piece_count then + s=s.." replay "..desync.replay_piece.."/"..desync.replay_piece_count + end + DLOG(s) +end + +-- basic desync function +-- set l7payload to 'arg.payload' if reasm.data or desync.dis.payload contains 'arg.pattern' substring +-- NOTE : this does not set payload on C code side ! +-- NOTE : C code will not see payload change. --payload args take only payloads known to C code and cause error if unknown. +-- arg: pattern - substring for search inside reasm_data or desync.dis.payload +-- arg: payload - set desync.l7payload to this if detected +-- arg: undetected - set desync.l7payload to this if not detected +-- test case : nfqws2 --qnum 200 --debug --lua-init=@zapret-lib.lua --lua-init=@zapret-antidpi.lua --lua-init=@zapret-auto.lua --lua-desync=detect_payload_str:pattern=1234:payload=my --lua-desync=fake:blob=0x1234:payload=my +function detect_payload_str(ctx, desync) + if not desync.arg.pattern then + error("detect_payload_str: missing 'pattern'") + end + local data = desync.reasm_data or desync.dis.payload + local b = string.find(data,desync.arg.pattern,1,true) + if b then + DLOG("detect_payload_str: detected '"..desync.arg.payload.."'") + if desync.arg.payload then desync.l7payload = desync.arg.payload end + else + DLOG("detect_payload_str: not detected '"..desync.arg.payload.."'") + if desync.arg.undetected then desync.l7payload = desync.arg.undetected end + end +end + + +-- this shim is needed then function is orchestrated. ctx services not available +-- have to emulate cutoff in LUA using connection persistent table track.lua_state +function instance_cutoff_shim(ctx, desync, dir) + if ctx then + instance_cutoff(ctx, dir) + elseif not desync.track then + DLOG("instance_cutoff_shim: cannot cutoff '"..desync.func_instance.."' because conntrack is absent") + else + if not desync.track.lua_state.cutoff_shim then + desync.track.lua_state.cutoff_shim = {} + end + if not desync.track.lua_state.cutoff_shim[desync.func_instance] then + desync.track.lua_state.cutoff_shim[desync.func_instance] = {} + end + if type(dir)=="nil" then + -- cutoff both directions by default + desync.track.lua_state.cutoff_shim[desync.func_instance][true] = true + desync.track.lua_state.cutoff_shim[desync.func_instance][false] = true + else + desync.track.lua_state.cutoff_shim[desync.func_instance][dir] = true + end + if b_debug then DLOG("instance_cutoff_shim: cutoff '"..desync.func_instance.."' in="..tostring(type(dir)=="nil" and true or not dir).." out="..tostring(type(dir)=="nil" or dir)) end + end +end +function cutoff_shim_check(desync) + if not desync.track then + DLOG("cutoff_shim_check: cannot check '"..desync.func_instance.."' cutoff because conntrack is absent") + return false + else + local b=desync.track.lua_state.cutoff_shim and + desync.track.lua_state.cutoff_shim[desync.func_instance] and + desync.track.lua_state.cutoff_shim[desync.func_instance][desync.outgoing] + if b and b_debug then + DLOG("cutoff_shim_check: '"..desync.func_instance.."' "..(desync.outgoing and "out" or "in").." cutoff") + end + return b + end +end + + +-- applies # and $ prefixes. #var means var length, %var means var value +function apply_arg_prefix(desync) + for a,v in pairs(desync.arg) do + local c = string.sub(v,1,1) + if c=='#' then + local blb = blob(desync,string.sub(v,2)) + desync.arg[a] = (type(blb)=='string' or type(blb)=='table') and #blb or 0 + elseif c=='%' then + desync.arg[a] = blob(desync,string.sub(v,2)) + elseif c=='\\' then + c = string.sub(v,2,2); + if c=='#' or c=='%' then + desync.arg[a] = string.sub(v,2) + end + end + end +end +-- copy instance identification and args from execution plan to desync table +-- NOTE : to not lose VERDICT_MODIFY dissect changes pass original desync table +-- NOTE : if a copy was passed and VERDICT_MODIFY returned you must copy modified dissect back to desync table or resend it and return VERDICT_DROP +-- NOTE : args and some fields are substituted. if you need them - make a copy before calling this. +function apply_execution_plan(desync, instance) + desync.func = instance.func + desync.func_n = instance.func_n + desync.func_instance = instance.func_instance + desync.arg = deepcopy(instance.arg) + apply_arg_prefix(desync) +end +-- produce resulting verdict from 2 verdicts +function verdict_aggregate(v1, v2) + local v + v1 = v1 or VERDICT_PASS + v2 = v2 or VERDICT_PASS + if v1==VERDICT_DROP or v2==VERDICT_DROP then + v=VERDICT_DROP + elseif v1==VERDICT_MODIFY or v2==VERDICT_MODIFY then + v=VERDICT_MODIFY + else + v=VERDICT_PASS + end + return v +end +function plan_instance_execute(desync, verdict, instance) + apply_execution_plan(desync, instance) + if cutoff_shim_check(desync) then + DLOG("plan_instance_execute: not calling '"..desync.func_instance.."' because of voluntary cutoff") + elseif not payload_match_filter(desync.l7payload, instance.payload_filter) then + DLOG("plan_instance_execute: not calling '"..desync.func_instance.."' because payload '"..desync.l7payload.."' does not match filter '"..instance.payload_filter.."'") + elseif not pos_check_range(desync, instance.range) then + DLOG("plan_instance_execute: not calling '"..desync.func_instance.."' because pos "..pos_str(desync,instance.range.from).." "..pos_str(desync,instance.range.to).." is out of range '"..pos_range_str(instance.range).."'") + else + DLOG("plan_instance_execute: calling '"..desync.func_instance.."'") + verdict = verdict_aggregate(verdict,_G[instance.func](nil, desync)) + end + return verdict +end +function plan_instance_pop(desync) + return (desync.plan and #desync.plan>0) and table.remove(desync.plan, 1) +end +function plan_clear(desync) + while table.remove(desync.plan) do end +end +-- this approach allows nested orchestrators +function orchestrate(ctx, desync) + if not desync.plan then + execution_plan_cancel(ctx) + desync.plan = execution_plan(ctx) + end +end +-- copy desync preserving lua_state +function desync_copy(desync) + local dcopy = deepcopy(desync) + if desync.track then + -- preserve lua state + dcopy.track.lua_state = desync.track.lua_state + end + if desync.plan then + -- preserve execution plan + dcopy.plan = desync.plan + end + return dcopy +end +-- redo what whould be done without orchestration +function replay_execution_plan(desync) + local verdict = VERDICT_PASS + while true do + local instance = plan_instance_pop(desync) + if not instance then break end + verdict = plan_instance_execute(desync, verdict, instance) + end + return verdict +end +-- this function demonstrates how to stop execution of upcoming desync instances and take over their job +-- this can be used, for example, for orchestrating conditional processing without modifying of desync functions code +-- test case : nfqws2 --qnum 200 --debug --lua-init=@zapret-lib.lua --lua-desync=desync_orchestrator_example --lua-desync=pass --lua-desync=pass +function desync_orchestrator_example(ctx, desync) + DLOG("orchestrator: taking over upcoming desync instances") + orchestrate(ctx, desync) + return replay_execution_plan(desync) +end + +-- these functions duplicate range check logic from C code +-- mode must be n,d,b,s,x,a +-- pos is {mode,pos} +-- range is {from={mode,pos}, to={mode,pos}, upper_cutoff} +-- upper_cutoff = true means non-inclusive upper boundary +function pos_get_pos(track_pos, mode) + if track_pos then + if mode=='n' then + return track_pos.pcounter + elseif mode=='d' then + return track_pos.pdcounter + elseif mode=='b' then + return track_pos.pbcounter + elseif track_pos.tcp then + if mode=='s' then + return track_pos.tcp.rseq + elseif mode=='p' then + return track_pos.tcp.pos + end + end + end + return 0 +end +function pos_get(desync, mode, reverse) + if desync.track then + local track_pos = reverse and desync.track.pos.reverse or desync.track.pos.direct + return pos_get_pos(track_pos,mode) + end + return 0 +end +function pos_check_from(desync, range) + if range.from.mode == 'x' then return false end + if range.from.mode ~= 'a' then + if desync.track then + return pos_get(desync, range.from.mode) >= range.from.pos + else + return false + end + end + return true; +end +function pos_check_to(desync, range) + local ps + if range.to.mode == 'x' then return false end + if range.to.mode ~= 'a' then + if desync.track then + ps = pos_get(desync, range.to.mode) + return (ps < range.to.pos) or not range.upper_cutoff and (ps == range.to.pos) + else + return false + end + end + return true; +end +function pos_check_range(desync, range) + return pos_check_from(desync,range) and pos_check_to(desync,range) +end +function pos_range_str(range) + return range.from.mode..range.from.pos..(range.upper_cutoff and '<' or '-')..range.to.mode..range.to.pos +end +function pos_str(desync, pos) + return pos.mode..pos_get(desync, pos.mode) +end +function is_retransmission(desync) + return desync.track and desync.track.pos.direct.tcp and 0==bitand(u32add(desync.track.pos.direct.tcp.uppos_prev, -desync.track.pos.direct.tcp.pos), 0x80000000) +end + +-- prepare standard rawsend options from desync +-- repeats - how many time send the packet +-- ifout - override outbound interface (if --bind_fix4, --bind-fix6 enabled) +-- fwmark - override fwmark. desync mark bit(s) will be set unconditionally +function rawsend_opts(desync) + return { + repeats = desync.arg.repeats, + ifout = desync.arg.ifout or desync.ifout, + fwmark = desync.arg.fwmark or desync.fwmark + } +end +-- only basic options. no repeats +function rawsend_opts_base(desync) + return { + ifout = desync.arg.ifout or desync.ifout, + fwmark = desync.arg.fwmark or desync.fwmark + } +end + +-- prepare standard reconstruct options from desync +-- badsum - make L4 checksum invalid +-- ip6_preserve_next - use next protocol fields from dissect, do not auto fill values. can be set from code only, not from args +-- ip6_last_proto - last ipv6 "next" protocol. used only by "reconstruct_ip6hdr". can be set from code only, not from args +function reconstruct_opts(desync) + return { + badsum = desync.arg.badsum + } +end + +-- combined desync opts +function desync_opts(desync) + return { + rawsend = rawsend_opts(desync), + reconstruct = reconstruct_opts(desync), + ipfrag = desync.arg, + ipid = desync.arg, + fooling = desync.arg + } +end + + +-- convert binary string to hex data +function string2hex(s) + local ss = "" + for i = 1, #s do + if i>1 then + ss = ss .. " " + end + ss = ss .. string.format("%02X", string.byte(s, i)) + end + return ss +end +function has_nonprintable(s) + return s:match("[^ -\\r\\n\\t]") +end +function make_readable(v) + if type(v)=="string" then + return string.gsub(v,"[^ -]","."); + else + return tostring(v) + end +end +-- return hex dump of a binary string if it has nonprintable characters or string itself otherwise +function str_or_hex(s) + if has_nonprintable(s) then + return string2hex(s) + else + return s + end +end +function logical_xor(a,b) + return a and not b or not a and b +end +-- print to DLOG any variable. tables are expanded in the tree form, unprintables strings are hex dumped +function var_debug(v) + local function dbg(v,level) + if type(v)=="table" then + for key, value in pairs(v) do + DLOG(string.rep(" ",2*level).."."..tostring(key)) + dbg(v[key],level+1) + end + elseif type(v)=="string" then + DLOG(string.rep(" ",2*level)..type(v).." "..str_or_hex(v)) + else + DLOG(string.rep(" ",2*level)..type(v).." "..make_readable(v)) + end + end + dbg(v,0) +end + +-- make hex dump +function hexdump(s,max) + local l = max<#s and max or #s + local ss = string.sub(s,1,l) + return string2hex(ss)..(#s>max and " ... " or " " )..make_readable(ss)..(#s>max and " ... " or "" ) +end +-- make hex dump limited by HEXDUMP_DLOG_MAX chars +function hexdump_dlog(s) + return hexdump(s,HEXDUMP_DLOG_MAX) +end + +-- make copy of an array recursively +function deepcopy(orig, copies) + copies = copies or {} + local orig_type = type(orig) + local copy + if orig_type == 'table' then + if copies[orig] then + copy = copies[orig] + else + copy = {} + copies[orig] = copy + for orig_key, orig_value in next, orig, nil do + copy[deepcopy(orig_key, copies)] = deepcopy(orig_value, copies) + end + setmetatable(copy, deepcopy(getmetatable(orig), copies)) + end + else -- number, string, boolean, etc + copy = orig + end + return copy +end + +-- check if string 'v' in comma separated list 's' +function in_list(s, v) + if s then + for elem in string.gmatch(s, "[^,]+") do + if elem==v then + return true + end + end + end + return false +end + +-- blobs can be 0xHEX, field name in desync or global var +-- if name is nil - return def +function blob(desync, name, def) + if not name or #name==0 then + if def then + return def + else + error("empty blob name") + end + end + local blob + if string.sub(name,1,2)=="0x" then + blob = parse_hex(string.sub(name,3)) + if not blob then + error("invalid hex string : "..name) + end + else + blob = desync[name] + if not blob then + -- use global var if no field in dissect table + blob = _G[name] + if not blob then + error("blob '"..name.."' unavailable") + end + end + end + return blob +end +function blob_or_def(desync, name, def) + return name and blob(desync,name,def) or def +end + +-- repeat pattern as needed to extract part of it with any length +-- pat="12345" len=10 offset=4 => "4512345123" +function pattern(pat, offset, len) + if not pat or #pat==0 then + error("pattern: bad or empty pattern") + end + local off = (offset-1) % #pat + local pats = divint((len + #pat - 1), #pat) + (off==0 and 0 or 1) + return string.sub(string.rep(pat,pats),off+1,off+len) +end + +-- decrease by 1 all number values in the array +function zero_based_pos(a) + if not a then return nil end + local b={} + for i,v in ipairs(a) do + b[i] = type(a[i])=="number" and a[i] - 1 or a[i] + end + return b +end + +-- delete elements with number value 1 +function delete_pos_1(a) + local i=1 + while i<=#a do + if type(a[i])=="number" and a[i] == 1 then + table.remove(a,i) + else + i = i+1 + end + end + return a +end + +-- find pos of the next eol and pos of the next non-eol character after eol +function find_next_line(s, pos) + local p1, p2 + p1 = string.find(s,"[\r\n]",pos) + if p1 then + p2 = p1 + p1 = p1-1 + if string.sub(s,p2,p2)=='\r' then p2=p2+1 end + if string.sub(s,p2,p2)=='\n' then p2=p2+1 end + if p2>#s then p2=nil end + else + p1 = #s + end + return p1,p2 +end + +function http_dissect_header(header) + local p1,p2 + p1,p2 = string.find(header,":") + if p1 then + p2=string.find(header,"[^ \t]",p2+1) + return string.sub(header,1,p1-1), p2 and string.sub(header,p2) or "", p1-1, p2 or #header + end + return nil +end +-- make table with structured http header representation +function http_dissect_headers(http, pos) + local eol,pnext,header,value,idx,headers,pos_endheader,pos_startvalue + headers={} + while pos do + eol,pnext = find_next_line(http,pos) + header = string.sub(http,pos,eol) + if #header == 0 then break end + header,value,pos_endheader,pos_startvalue = http_dissect_header(header) + if header then + headers[string.lower(header)] = { header = header, value = value, pos_start = pos, pos_end = eol, pos_header_end = pos+pos_endheader-1, pos_value_start = pos+pos_startvalue-1 } + end + pos=pnext + end + return headers +end +-- make table with structured http request representation +function http_dissect_req(http) + if not http then return nil; end + local eol,pnext,req,hdrpos + local pos=1 + -- skip methodeol empty line(s) + while pos do + eol,pnext = find_next_line(http,pos) + req = string.sub(http,pos,eol) + pos=pnext + if #req>0 then break end + end + hdrpos = pos + if not req or #req==0 then return nil end + pos = string.find(req,"[ \t]") + if not pos then return nil end + local method = string.sub(req,1,pos-1); + pos = string.find(req,"[^ \t]",pos+1) + if not pos then return nil end + pnext = string.find(req,"[ \t]",pos+1) + if not pnext then pnext = #http + 1 end + local uri = string.sub(req,pos,pnext-1) + return { method = method, uri = uri, headers = http_dissect_headers(http,hdrpos) } +end +function http_dissect_reply(http) + if not http then return nil; end + local s, pos, code + s = string.sub(http,1,8) + if s~="HTTP/1.1" and s~="HTTP/1.0" then return nil end + pos = string.find(http,"[ \t\r\n]",10) + code = tonumber(string.sub(http,10,pos-1)) + if not code then return nil end + pos = find_next_line(http,pos) + return { code = code, headers = http_dissect_headers(http,pos) } +end +function dissect_url(url) + local p1,pb,pstart,pend + local proto, creds, domain, port, uri + p1 = string.find(url,"[^ \t]") + if not p1 then return nil end + pb = p1 + pstart,pend = string.find(url,"[a-z]+://",p1) + if pend then + proto = string.sub(url,pstart,pend-3) + p1 = pend+1 + end + pstart,pend = string.find(url,"[@/]",p1) + if pend and string.sub(url,pstart,pend)=='@' then + creds = string.sub(url,p1,pend-1) + p1 = pend+1 + end + pstart,pend = string.find(url,"/",p1,true) + if pend then + if pend==pb then + uri = string.sub(url,pb) + else + uri = string.sub(url,pend) + domain = string.sub(url,p1,pend-1) + end + else + if proto then + domain = string.sub(url,p1) + else + uri = string.sub(url,p1) + end + end + if domain then + pstart,pend = string.find(domain,':',1,true) + if pend then + port = string.sub(domain, pend+1) + domain = string.sub(domain, 1, pstart-1) + end + end + return { proto = proto, creds = creds, domain = domain, port = port, uri=uri } +end +function dissect_nld(domain, level) + if domain then + local n=1 + for pos=#domain,1,-1 do + if string.sub(domain,pos,pos)=='.' then + if n==level then + return string.sub(domain, pos+1) + end + n=n+1 + end + end + if n==level then + return domain + end + end + return nil +end + +-- support sni=%var +function tls_mod_shim(desync, blob, modlist, payload) + local p1,p2 = string.find(modlist,"sni=%%[^,]+") + if p1 then + local var = string.sub(modlist,p1+5,p2) + local val = desync[var] or _G[var] + if not val then + error("tls_mod_shim: non-existent var '"..var.."'") + end + modlist = string.sub(modlist,1,p1+3)..val..string.sub(modlist,p2+1) + end + return tls_mod(blob,modlist,payload) +end + +-- convert comma separated list of tcp flags to tcp.th_flags bit field +function parse_tcp_flags(s) + local flags={FIN=TH_FIN, SYN=TH_SYN, RST=TH_RST, PSH=TH_PUSH, PUSH=TH_PUSH, ACK=TH_ACK, URG=TH_URG, ECE=TH_ECE, CWR=TH_CWR} + local f=0 + local s_upper = string.upper(s) + for flag in string.gmatch(s_upper, "[^,]+") do + if flags[flag] then + f = bitor(f,flags[flag]) + else + error("tcp flag '"..flag.."' is invalid") + end + end + return f +end + +-- find first tcp options of specified kind in dissect.tcp.options +function find_tcp_option(options, kind) + if options then + for i, opt in pairs(options) do + if opt.kind==kind then return i end + end + end + return nil +end + +-- find first ipv6 extension header of specified protocol in dissect.ip6.exthdr +function find_ip6_exthdr(exthdr, proto) + if exthdr then + for i, hdr in pairs(exthdr) do + if hdr.type==proto then return i end + end + end + return nil +end + +-- insert ipv6 extension header at specified index. fix next proto chain +function insert_ip6_exthdr(ip6, idx, header_type, data) + local prev + if not ip6.exthdr then ip6.exthdr={} end + if not idx then + -- insert to the end + idx = #ip6.exthdr+1 + elseif idx<0 or idx>(#ip6.exthdr+1) then + error("insert_ip6_exthdr: invalid index "..idx) + end + if idx==1 then + prev = ip6.ip6_nxt + ip6.ip6_nxt = header_type + else + prev = ip6.exthdr[idx-1].next + ip6.exthdr[idx-1].next = header_type + end + table.insert(ip6.exthdr, idx, {type = header_type, data = data, next = prev}) +end +-- delete ipv6 extension header at specified index. fix next proto chain +function del_ip6_exthdr(ip6, idx) + if idx<=0 or idx>#ip6.exthdr then + error("delete_ip6_exthdr: nonexistent index "..idx) + end + local nxt = ip6.exthdr[idx].next + if idx==1 then + ip6.ip6_nxt = nxt + else + ip6.exthdr[idx-1].next = nxt + end + table.remove(ip6.exthdr, idx) +end +-- fills next proto fields in ipv6 header and extension headers +function fix_ip6_next(ip6, last_proto) + if ip6.exthdr and #ip6.exthdr>0 then + for i=1,#ip6.exthdr do + if i==1 then + -- first header + ip6.ip6_nxt = ip6.exthdr[i].type + end + ip6.exthdr[i].next = i==#ip6.exthdr and (last_proto or IPPROTO_NONE) or ip6.exthdr[i+1].type + end + else + -- no headers + ip6.ip6_nxt = last_proto or IPPROTO_NONE + end +end + + +-- parse autottl : delta,min-max +function parse_autottl(s) + if s then + local delta,min,max = string.match(s,"([-+]?%d+),(%d+)-(%d+)") + min = tonumber(min) + max = tonumber(max) + delta = tonumber(delta) + if not delta or min>max then + error("parse_autottl: invalid value '"..s.."'") + end + return {delta=delta,min=min,max=max} + else + return nil + end +end + +-- calculate ttl value based on incoming_ttl and parsed attl definition (delta,min-max) +function autottl(incoming_ttl, attl) + local function hop_count_guess(incoming_ttl) + -- 18.65.168.125 ( cloudfront ) 255 + -- 157.254.246.178 128 + -- 1.1.1.1 64 + -- guess original ttl. consider path lengths less than 32 hops + + local orig + + if incoming_ttl>223 then + orig=255 + elseif incoming_ttl<128 and incoming_ttl>96 then + orig=128 + elseif incoming_ttl<64 and incoming_ttl>32 then + orig=64 + else + return nil + end + + return orig-incoming_ttl + end + -- return guessed fake ttl value. 0 means unsuccessfull, should not perform autottl fooling + local function autottl_eval(hop_count, attl) + local d,fake + + d = hop_count + attl.delta + + if dattl.max then fake=attl.max + else fake=d + end + + if attl.delta<0 and fake>=hop_count or attl.delta>=0 and fake - set tcp flags in comma separated list +-- tcp_flags_unset= - unset tcp flags in comma separated list +-- tcp_ts_up - move timestamp tcp option to the top if it's present. this allows linux not to accept badack segments without badseq. this is very strange discovery but it works. + +-- fool - custom fooling function : fool_func(dis, fooling_options) +function apply_fooling(desync, dis, fooling_options) + local function prepare_bin(hex,def) + local bin = parse_hex(hex) + if not bin then error("apply_fooling: invalid hex string '"..hex.."'") end + return #bin>0 and bin or def + end + local function ttl_discover(arg_ttl,arg_autottl) + local ttl + if arg_autottl and desync.track then + if desync.track.incoming_ttl then + -- use lua_cache to store discovered autottl + if type(desync.track.lua_state.autottl_cache)~="table" then desync.track.lua_state.autottl_cache={} end + if type(desync.track.lua_state.autottl_cache[desync.func_instance])~="table" then desync.track.lua_state.autottl_cache[desync.func_instance]={} end + if not desync.track.lua_state.autottl_cache[desync.func_instance].autottl_found then + desync.track.lua_state.autottl_cache[desync.func_instance].autottl = autottl(desync.track.incoming_ttl,parse_autottl(arg_autottl)) + if desync.track.lua_state.autottl_cache[desync.func_instance].autottl then + desync.track.lua_state.autottl_cache[desync.func_instance].autottl_found = true + DLOG("apply_fooling: discovered autottl "..desync.track.lua_state.autottl_cache[desync.func_instance].autottl) + else + DLOG("apply_fooling: could not discover autottl") + end + elseif desync.track.lua_state.autottl_cache[desync.func_instance].autottl then + DLOG("apply_fooling: using cached autottl "..desync.track.lua_state.autottl_cache[desync.func_instance].autottl) + end + ttl=desync.track.lua_state.autottl_cache[desync.func_instance].autottl + else + DLOG("apply_fooling: cannot apply autottl because incoming ttl unknown") + end + end + if not ttl and tonumber(arg_ttl) then + ttl = tonumber(arg_ttl) + end + --io.stderr:write("TTL "..tostring(ttl).."\n") + return ttl + end + local function move_ts_top() + local tsidx = find_tcp_option(dis.tcp.options, TCP_KIND_TS) + if tsidx and tsidx>1 then + table.insert(dis.tcp.options, 1, dis.tcp.options[tsidx]) + table.remove(dis.tcp.options, tsidx + 1) + end + end + -- take default fooling from desync.arg + if not fooling_options then fooling_options = desync.arg end + -- use current packet if dissect not given + if not dis then dis = desync.dis end + if dis.tcp then + if tonumber(fooling_options.tcp_seq) then + dis.tcp.th_seq = u32add(dis.tcp.th_seq, fooling_options.tcp_seq) + end + if tonumber(fooling_options.tcp_ack) then + dis.tcp.th_ack = u32add(dis.tcp.th_ack, fooling_options.tcp_ack) + end + if fooling_options.tcp_flags_unset then + dis.tcp.th_flags = bitand(dis.tcp.th_flags, bitnot(parse_tcp_flags(fooling_options.tcp_flags_unset))) + end + if fooling_options.tcp_flags_set then + dis.tcp.th_flags = bitor(dis.tcp.th_flags, parse_tcp_flags(fooling_options.tcp_flags_set)) + end + if tonumber(fooling_options.tcp_ts) then + local idx = find_tcp_option(dis.tcp.options,TCP_KIND_TS) + if idx and (dis.tcp.options[idx].data and #dis.tcp.options[idx].data or 0)==8 then + dis.tcp.options[idx].data = bu32(u32add(u32(dis.tcp.options[idx].data),fooling_options.tcp_ts))..string.sub(dis.tcp.options[idx].data,5) + else + DLOG("apply_fooling: timestamp tcp option not present or invalid") + end + end + if fooling_options.tcp_md5 then + if find_tcp_option(dis.tcp.options,TCP_KIND_MD5) then + DLOG("apply_fooling: md5 option already present") + else + table.insert(dis.tcp.options,{kind=TCP_KIND_MD5, data=prepare_bin(fooling_options.tcp_md5,brandom(16))}) + end + end + if fooling_options.tcp_ts_up then + move_ts_top(dis.tcp.options) + end + end + if dis.ip6 then + local bin + if fooling_options.ip6_hopbyhop then + bin = prepare_bin(fooling_options.ip6_hopbyhop,"\x00\x00\x00\x00\x00\x00") + insert_ip6_exthdr(dis.ip6,nil,IPPROTO_HOPOPTS,bin) + end + if fooling_options.ip6_hopbyhop2 then + bin = prepare_bin(fooling_options.ip6_hopbyhop2,"\x00\x00\x00\x00\x00\x00") + insert_ip6_exthdr(dis.ip6,nil,IPPROTO_HOPOPTS,bin) + end + -- for possible unfragmentable part + if fooling_options.ip6_destopt then + bin = prepare_bin(fooling_options.ip6_destopt,"\x00\x00\x00\x00\x00\x00") + insert_ip6_exthdr(dis.ip6,nil,IPPROTO_DSTOPTS,bin) + end + if fooling_options.ip6_routing then + bin = prepare_bin(fooling_options.ip6_routing,"\x00\x00\x00\x00\x00\x00") + insert_ip6_exthdr(dis.ip6,nil,IPPROTO_ROUTING,bin) + end + -- for possible fragmentable part + if fooling_options.ip6_destopt2 then + bin = prepare_bin(fooling_options.ip6_destopt2,"\x00\x00\x00\x00\x00\x00") + insert_ip6_exthdr(dis.ip6,nil,IPPROTO_DSTOPTS,bin) + end + if fooling_options.ip6_ah then + -- by default truncated authentication header - only 6 bytes + bin = prepare_bin(fooling_options.ip6_ah,"\x00\x00"..brandom(4)) + insert_ip6_exthdr(dis.ip6,nil,IPPROTO_AH,bin) + end + end + if dis.ip then + local ttl = ttl_discover(fooling_options.ip_ttl,fooling_options.ip_autottl) + if ttl then dis.ip.ip_ttl = ttl end + end + if dis.ip6 then + local ttl = ttl_discover(fooling_options.ip6_ttl,fooling_options.ip6_autottl) + if ttl then dis.ip6.ip6_hlim = ttl end + end + + if fooling_options.fool and #fooling_options.fool>0 then + if type(_G[fooling_options.fool])=="function" then + DLOG("apply_fooling: calling '"..fooling_options.fool.."'") + _G[fooling_options.fool](dis, fooling_options) + else + error("apply_fooling: fool function '"..tostring(fooling_options.fool).."' does not exist") + end + end +end + + +-- assign dis.ip.ip_id value according to policy in ipid_options or desync.arg. apply def or "seq" policy if no ip_id options +-- ip_id=seq|rnd|zero|none +-- ip_id_conn - in 'seq' mode save current ip_id in track.lua_state to use it between packets +-- remember ip_id in desync +function apply_ip_id(desync, dis, ipid_options, def) + -- use current packet if dissect not given + if not dis then dis = desync.dis end + if dis.ip then -- ip_id is ipv4 only, ipv6 doesn't have it + -- take default ipid options from desync.arg + if not ipid_options then ipid_options = desync.arg end + local mode = ipid_options.ip_id or def or "seq" + if mode == "seq" then + if desync.track and ipid_options.ip_id_conn then + dis.ip.ip_id = desync.track.lua_state.ip_id or dis.ip.ip_id + desync.track.lua_state.ip_id = dis.ip.ip_id + 1 + else + dis.ip.ip_id = desync.ip_id or dis.ip.ip_id + desync.ip_id = dis.ip.ip_id + 1 + end + elseif mode == "zero" then + dis.ip.ip_id = 0 + elseif mode == "rnd" then + dis.ip.ip_id = math.random(1,0xFFFF) + end + end +end + + +-- return length of ipv4 or ipv6 header without options and extension headers. should be 20 for ipv4 and 40 for ipv6. +function l3_base_len(dis) + if dis.ip then + return IP_BASE_LEN + elseif dis.ip6 then + return IP6_BASE_LEN + else + return 0 + end +end +-- return length of ipv4 options or summary length of all ipv6 extension headers +-- ip6_exthdr_last_idx - count lengths for headers up to this index +function l3_extra_len(dis, ip6_exthdr_last_idx) + local l=0 + if dis.ip then + if dis.ip.options then + l = bitand(#dis.ip.options+3,NOT3) + end + elseif dis.ip6 and dis.ip6.exthdr then + local ct + if ip6_exthdr_last_idx and ip6_exthdr_last_idx<=#dis.ip6.exthdr then + ct = ip6_exthdr_last_idx + else + ct = #dis.ip6.exthdr + end + for i=1, ct do + if dis.ip6.exthdr[i].type == IPPROTO_AH then + -- length in 32-bit words + l = l + bitand(3+2+#dis.ip6.exthdr[i].data,NOT3) + else + -- length in 64-bit words + l = l + bitand(7+2+#dis.ip6.exthdr[i].data,NOT7) + end + end + end + return l +end +-- return length of ipv4/ipv6 header with options/extension headers +function l3_len(dis) + return l3_base_len(dis)+l3_extra_len(dis) +end +-- return length of tcp/udp headers without options. should be 20 for tcp and 8 for udp. +function l4_base_len(dis) + if dis.tcp then + return TCP_BASE_LEN + elseif dis.udp then + return UDP_BASE_LEN + else + return 0 + end +end +-- return length of tcp options or 0 if not tcp +function l4_extra_len(dis) + local l=0 + if dis.tcp and dis.tcp.options then + for i=1, #dis.tcp.options do + l = l + 1 + if dis.tcp.options[i].kind~=TCP_KIND_NOOP and dis.tcp.options[i].kind~=TCP_KIND_END then + l = l + 1 + if dis.tcp.options[i].data then l = l + #dis.tcp.options[i].data end + end + end + -- 4 byte aligned + l = bitand(3+l,NOT3) + end + return l +end +-- return length of tcp header with options or base length of udp header - 8 bytes +function l4_len(dis) + return l4_base_len(dis)+l4_extra_len(dis) +end +-- return summary extra length of ipv4/ipv6 and tcp headers. 0 if no options, no ext headers +function l3l4_extra_len(dis) + return l3_extra_len(dis)+l4_extra_len(dis) +end +-- return summary length of ipv4/ipv6 and tcp/udp headers +function l3l4_len(dis) + return l3_len(dis)+l4_len(dis) +end +-- return summary length of ipv4/ipv6 , tcp/udp headers and payload +function packet_len(dis) + return l3l4_len(dis) + #dis.payload +end + +-- option : ipfrag.ipfrag_disorder - send fragments from last to first +function rawsend_dissect_ipfrag(dis, options) + if options and options.ipfrag and options.ipfrag.ipfrag then + local frag_func = options.ipfrag.ipfrag=="" and "ipfrag2" or options.ipfrag.ipfrag + if type(_G[frag_func]) ~= "function" then + error("rawsend_dissect_ipfrag: ipfrag function '"..tostring(frag_func).."' does not exist") + end + local fragments = _G[frag_func](dis, options.ipfrag) + + -- allow ipfrag function to do extheader magic with non-standard "next protocol" + -- NOTE : dis.ip6 must have valid next protocol fields !!!!! + local reconstruct_frag = options.reconstruct and deepcopy(options.reconstruct) or {} + reconstruct_frag.ip6_preserve_next = true + + if fragments then + if options.ipfrag.ipfrag_disorder then + for i=#fragments,1,-1 do + DLOG("sending ip fragment "..i) + -- C function + if not rawsend_dissect(fragments[i], options.rawsend, reconstruct_frag) then return false end + end + else + for i, d in pairs(fragments) do + DLOG("sending ip fragment "..i) + -- C function + if not rawsend_dissect(d, options.rawsend, reconstruct_frag) then return false end + end + end + return true + end + -- ipfrag failed. send unfragmented + end + -- C function + return rawsend_dissect(dis, options and options.rawsend, options and options.reconstruct) +end + +-- send dissect with tcp segmentation based on mss value. appply specified rawsend options. +function rawsend_dissect_segmented(desync, dis, mss, options) + local discopy = deepcopy(dis) + apply_fooling(desync, discopy, options and options.fooling) + + if dis.tcp then + local extra_len = l3l4_extra_len(discopy) + if extra_len >= mss then return false end + local max_data = mss - extra_len + if #discopy.payload > max_data then + local pos=1 + local len + local payload=discopy.payload + + while pos <= #payload do + len = #payload - pos + 1 + if len > max_data then len = max_data end + discopy.payload = string.sub(payload,pos,pos+len-1) + apply_ip_id(desync, discopy, options and options.ipid) + if not rawsend_dissect_ipfrag(discopy, options) then + -- stop if failed + return false + end + discopy.tcp.th_seq = discopy.tcp.th_seq + len + pos = pos + len + end + return true + end + end + apply_ip_id(desync, discopy, options and options.ipid) + -- no reason to segment + return rawsend_dissect_ipfrag(discopy, options) +end + +-- send specified payload based on existing L3/L4 headers in the dissect. add seq to tcp.th_seq. +function rawsend_payload_segmented(desync, payload, seq, options) + options = options or desync_opts(desync) + local dis = deepcopy(desync.dis) + if payload then dis.payload = payload end + if dis.tcp and seq then + dis.tcp.th_seq = dis.tcp.th_seq + seq + end + return rawsend_dissect_segmented(desync, dis, desync.tcp_mss, options) +end + + +-- check if desync.outgoing comply with arg.dir or def if it's not present or "out" of they are not present both. dir can be "in","out","any" +function direction_check(desync, def) + local dir = desync.arg.dir or def or "out" + return desync.outgoing and desync.arg.dir~="in" or not desync.outgoing and dir~="out" +end +-- if dir "in" or "out" cutoff current desync function from opposite direction +function direction_cutoff_opposite(ctx, desync, def) + local dir = desync.arg.dir or def or "out" + if dir=="out" then + -- cutoff in + instance_cutoff_shim(ctx, desync, false) + elseif dir=="in" then + -- cutoff out + instance_cutoff_shim(ctx, desync, true) + end +end + +-- return true if l7payload matches filter l7payload_filter - comma separated list of payload types +function payload_match_filter(l7payload, l7payload_filter, def) + local argpl = l7payload_filter or def or "known" + local neg = string.sub(argpl,1,1)=="~" + local pl = neg and string.sub(argpl,2) or argpl + return neg ~= (in_list(pl, "all") or in_list(pl, l7payload) or in_list(pl, "known") and l7payload~="unknown" and l7payload~="empty") +end +-- check if desync payload type comply with payload type list in arg.payload +-- if arg.payload is not present - check for known payload - not empty and not unknown (nfqws1 behavior without "--desync-any-protocol" option) +-- if arg.payload is prefixed with '~' - it means negation +function payload_check(desync, def) + local b = payload_match_filter(desync.l7payload, desync.arg.payload, def) + if not b and b_debug then + local argpl = desync.arg.payload or def or "known" + DLOG("payload_check: payload '"..desync.l7payload.."' does not pass '"..argpl.."' filter") + end + return b +end + +-- return name of replay drop field in track.lua_state for the current desync function instance +function replay_drop_key(desync) + return desync.func_instance .. "_replay_drop" +end +-- set/unset replay drop flag in track.lua_state for the current desync function instance +function replay_drop_set(desync, v) + if desync.track then + if v == nil then v=true end + local rdk = replay_drop_key(desync) + if v then + if desync.replay then desync.track.lua_state[replay_drop_key] = true end + else + desync.track.lua_state[replay_drop_key] = nil + end + end +end +-- auto unset replay drop flag if desync is not replay or it's the last replay piece +-- return true if the caller should return VERDICT_DROP +function replay_drop(desync) + if desync.track then + local drop = desync.replay and desync.track.lua_state[replay_drop_key] + if not desync.replay or desync.replay_piece_last then + -- replay stopped or last piece of reasm + replay_drop_set(desync, false) + end + if drop then + DLOG("dropping replay packet because reasm was already sent") + return true + end + end + return false +end +-- true if desync is not replay or it's the first replay piece +function replay_first(desync) + return not desync.replay or desync.replay_piece==1 +end + +-- generate random host +-- template "google.com", len=16 : h82aj.google.com +-- template "google.com", len=11 : .google.com +-- template "google.com", len=10 : google.com +-- template "google.com", len=7 : gle.com +-- no template, len=6 : b8c54a +-- no template, len=7 : u9a.edu +-- no template, len=10 : jgha7c.com +function genhost(len, template) + if template and #template>0 then + if len <= #template then + return string.sub(template,#template-len+1) + elseif len==(#template+1) then + return "."..template + else + return brandom_az(1)..brandom_az09(len-#template-2).."."..template + end + else + if len>=7 then + local tlds = {"com","org","net","edu","gov","biz"} + local tld = tlds[math.random(#tlds)] + return brandom_az(1)..brandom_az09(len-#tld-1-1).."."..tld + else + return brandom_az(1)..brandom_az09(len-1) + end + end +end + +-- return ip addr of target host in text form +function host_ip(desync) + return desync.target.ip and ntop(desync.target.ip) or desync.target.ip6 and ntop(desync.target.ip6) +end +-- return hostname of target host if present or ip address in text form otherwise +function host_or_ip(desync) + if desync.track and desync.track.hostname then + return desync.track.hostname + end + return host_ip(desync) +end + +function is_absolute_path(path) + if string.sub(path,1,1)=='/' then return true end + local un = uname() + return string.sub(un.sysname,1,6)=="CYGWIN" and string.sub(path,2,2)==':' +end +function append_path(path,file) + return string.sub(path,#path,#path)=='/' and path..file or path.."/"..file +end +function writeable_file_name(filename) + if is_absolute_path(filename) then return filename end + local writedir = os.getenv("WRITEABLE") + if not writedir then return filename end + return append_path(writedir, filename) +end + +-- arg : wsize=N . tcp window size +-- arg : scale=N . tcp option scale factor +-- return : true of changed anything +function wsize_rewrite(dis, arg) + local b = false + if arg.wsize then + local wsize = tonumber(arg.wsize) + DLOG("window size "..dis.tcp.th_win.." => "..wsize) + dis.tcp.th_win = tonumber(arg.wsize) + b = true + end + if arg.scale then + local scale = tonumber(arg.scale) + local i = find_tcp_option(dis.tcp.options, TCP_KIND_SCALE) + if i then + local oldscale = u8(dis.tcp.options[i].data) + if scale>oldscale then + DLOG("not increasing scale factor") + elseif scale "..scale) + dis.tcp.options[i].data = bu8(scale) + b = true + end + end + end + return b +end + +-- standard fragmentation to 2 ip fragments +-- function returns 2 dissects with fragments +-- option : ipfrag_pos_udp - udp frag position. ipv4 : starting from L4 header. ipb6: starting from fragmentable part. must be multiple of 8. default 8 +-- option : ipfrag_pos_tcp - tcp frag position. ipv4 : starting from L4 header. ipb6: starting from fragmentable part. must be multiple of 8. default 32 +-- option : ipfrag_next - next protocol field in ipv6 fragment extenstion header of the second fragment. same as first by default. +function ipfrag2(dis, ipfrag_options) + local function frag_idx(exthdr) + -- fragment header after hopbyhop, destopt, routing + -- allow second destopt header to be in fragmentable part + -- test case : --lua-desync=send:ipfrag:ipfrag_pos_tcp=40:ip6_hopbyhop:ip6_destopt:ip6_destopt2 + -- WINDOWS may not send second ipv6 fragment with next protocol 60 (destopt) + -- test case windows : --lua-desync=send:ipfrag:ipfrag_pos_tcp=40:ip6_hopbyhop:ip6_destopt:ip6_destopt2:ipfrag_next=255 + if exthdr then + local first_destopts + for i=1,#exthdr do + if exthdr[i].type==IPPROTO_DSTOPTS then + first_destopts = i + break + end + end + for i=#exthdr,1,-1 do + if exthdr[i].type==IPPROTO_HOPOPTS or exthdr[i].type==IPPROTO_ROUTING or (exthdr[i].type==IPPROTO_DSTOPTS and i==first_destopts) then + return i+1 + end + end + end + return 1 + end + + local pos + local dis1, dis2 + local l3 + + if dis.tcp then + pos = ipfrag_options.ipfrag_pos_tcp or 32 + elseif dis.udp then + pos = ipfrag_options.ipfrag_pos_udp or 8 + else + pos = ipfrag_options.ipfrag_pos or 32 + end + + DLOG("ipfrag2") + + if not pos then + error("ipfrag2: no frag position") + end + l3 = l3_len(dis) + if bitand(pos,7)~=0 then + error("ipfrag2: frag position must be multiple of 8") + end + if (pos+l3)>0xFFFF then + error("ipfrag2: too high frag offset") + end + local plen = l3 + l4_len(dis) + #dis.payload + if (pos+l3)>=plen then + DLOG("ipfrag2: ip frag pos exceeds packet length. ipfrag cancelled.") + return nil + end + + if dis.ip then + -- ipv4 frag is done by both lua and C part + -- lua code must correctly set ip_len, IP_MF and ip_off and provide full unfragmented payload + -- ip_len must be set to valid value as it would appear in the fragmented packet + -- ip_off must be set to fragment offset and IP_MF bit must be set if it's not the last fragment + -- C code constructs unfragmented packet then moves everything after ip header according to ip_off and ip_len + + -- ip_id must not be zero or fragment will be dropped + local ip_id = dis.ip.ip_id==0 and math.random(1,0xFFFF) or dis.ip.ip_id + dis1 = deepcopy(dis) + -- ip_len holds the whole packet length starting from the ip header. it includes ip, transport headers and payload + dis1.ip.ip_len = l3 + pos -- ip header + first part up to frag pos + dis1.ip.ip_off = IP_MF -- offset 0, IP_MF - more fragments + dis1.ip.ip_id = ip_id + dis2 = deepcopy(dis) + dis2.ip.ip_off = bitrshift(pos,3) -- offset = frag pos, IP_MF - not set + dis2.ip.ip_len = plen - pos -- unfragmented packet length - frag pos + dis2.ip.ip_id = ip_id + end + + if dis.ip6 then + -- ipv6 frag is done by both lua and C part + -- lua code must insert fragmentation extension header at any desirable position, fill fragment offset, more fragments flag and ident + -- lua must set up ip6_plen as it would appear in the fragmented packet + -- C code constructs unfragmented packet then moves fragmentable part as needed + + local idxfrag = frag_idx(dis.ip6.exthdr) + local l3extra = l3_extra_len(dis, idxfrag-1) + 8 -- all ext headers before frag + 8 bytes for frag header + local ident = math.random(1,0xFFFFFFFF) + + dis1 = deepcopy(dis) + insert_ip6_exthdr(dis1.ip6, idxfrag, IPPROTO_FRAGMENT, bu16(IP6F_MORE_FRAG)..bu32(ident)) + dis1.ip6.ip6_plen = l3extra + pos + dis2 = deepcopy(dis) + insert_ip6_exthdr(dis2.ip6, idxfrag, IPPROTO_FRAGMENT, bu16(pos)..bu32(ident)) + -- only next proto of the first fragment is considered by standard + -- fragments with non-zero offset can have different "next protocol" field + -- this can be used to evade protection systems + if ipfrag_options.ipfrag_next then + dis2.ip6.exthdr[idxfrag].next = tonumber(ipfrag_options.ipfrag_next) + end + dis2.ip6.ip6_plen = plen - IP6_BASE_LEN + 8 - pos -- packet len without frag + 8 byte frag header - ipv6 base header + end + + return {dis1,dis2} +end diff --git a/blockcheck/zapret2/lua/zapret-pcap.lua b/blockcheck/zapret2/lua/zapret-pcap.lua new file mode 100644 index 0000000..d0f86c3 --- /dev/null +++ b/blockcheck/zapret2/lua/zapret-pcap.lua @@ -0,0 +1,39 @@ +function pcap_write_header(file) + -- big endian, nanoseconds in timestamps, ver 2.4, max packet size - 0x4000 (16384), 0x65 - l3 packets without l2 + file:write("\xA1\xB2\x3C\x4D\x00\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x65") +end +function pcap_write_packet(file, raw) + local sec, nsec = clock_gettime(); + file:write(bu32(sec)..bu32(nsec)..bu32(#raw)..bu32(#raw)) + file:write(raw) + file:close() +end +function pcap_write(file, raw) + local pos = file:seek() + if (pos==0) then + pcap_write_header(file) + end + pcap_write_packet(file, raw) +end + +-- test case : nfqws2 --qnum 200 --debug --lua-init=@zapret-lib.lua --lua-init=@zapret-pcap.lua --writeable=zdir --in-range=a --lua-desync=pcap:file=test.pcap +-- arg : file= - file for storing pcap data. if --writeable is specified and filename is relative - append filename to writeable path +-- arg : keep - do not overwrite file, append packets to existing +function pcap(ctx, desync) + if not desync.arg.file or #desync.arg.file==0 then + error("pcap requires 'file' parameter") + end + local fn_cache_name = desync.func_instance.."_fn" + if not _G[fn_cache_name] then + _G[fn_cache_name] = writeable_file_name(desync.arg.file) + if not desync.arg.keep then + -- overwrite file + os.remove(_G[fn_cache_name]) + end + end + local f = io.open(_G[fn_cache_name], "a") + if not f then + error("pcap: could not write to '".._G[fn_cache_name].."'") + end + pcap_write(f, raw_packet(ctx)) +end diff --git a/blockcheck/zapret2/lua/zapret-tests.lua b/blockcheck/zapret2/lua/zapret-tests.lua new file mode 100644 index 0000000..e38a002 --- /dev/null +++ b/blockcheck/zapret2/lua/zapret-tests.lua @@ -0,0 +1,704 @@ +-- nfqws2 C functions tests +-- to run : --lua-init=@zapret-lib.lua --lua-init=@zapret-tests.lua --lua-init="test_all()" + +function test_assert(b) + assert(b, "test failed") +end + +function test_run(tests,...) + for k,f in pairs(tests) do + f(...) + end +end + + +function test_all(...) + test_run({test_crypto, test_bin, test_ipstr, test_dissect, test_csum, test_resolve, test_rawsend},...) +end + + +function test_crypto(...) + test_run({test_random, test_aes, test_aes_gcm, test_aes_ctr, test_hkdf, test_hash},...) +end + +function test_random() + local rnds={} + for i=1,20 do + local rnd = bcryptorandom(math.random(10,20)) + print("random: "..string2hex(rnd)) + test_assert(not rnds[rnd]) -- should not be repeats + rnds[rnd] = true + end +end + +function test_hash() + local hashes={} + for i=1,5 do + local rnd = brandom(math.random(5,64)) + print("data: "..string2hex(rnd)) + for k,sha in pairs({"sha256","sha224"}) do + local hsh = hash(sha, rnd) + print(sha..": "..string2hex(hsh)) + local hsh2 = hash(sha, rnd) + test_assert(hsh==hsh2) + test_assert(not hashes[hsh]) + hashes[hsh] = true + end + end +end + +function test_hkdf() + local nblob = 2 + local okms = {} + for nsalt=1,nblob do + local salt = brandom(math.random(10,20)) + for nikm=1,nblob do + local ikm = brandom(math.random(5,10)) + for ninfo=1,nblob do + local info = brandom(math.random(5,10)) + local okm_prev + for k,sha in pairs({"sha256","sha224"}) do + for k,okml in pairs({8, 16, 50}) do + local okm_prev + local okm + print("* hkdf "..sha) + print("salt: "..string2hex(salt)) + print("ikm : "..string2hex(ikm)) + print("info: "..string2hex(info)) + print("okml: "..tostring(okml)) + okm = hkdf(sha, salt, ikm, info, okml) + test_assert(okm) + print("okm: "..string2hex(okm)) + if okms[okm] then + print("duplicate okm !") + end + okms[okm] = true + + test_assert(not okm_prev or okm_prev==string.sub(okm, 1, #okm_prev)) + okm_prev = okm + end + end + end + end + end +end + +function test_aes() + local clear_text="test "..brandom_az09(11) + local iv, key, encrypted, decrypted + + for key_size=16,32,8 do + local key = brandom(key_size) + + print() + print("* aes test key_size "..tostring(key_size)) + + print("clear text: "..clear_text); + + print("* encrypting") + encrypted = aes(true, key, clear_text) + print("encrypted: "..str_or_hex(encrypted)) + + print("* decrypting everything good") + decrypted = aes(false, key, encrypted) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted==clear_text) + + print("* decrypting bad payload with good key") + decrypted = aes(false, key, brandom(16)) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted~=clear_text) + + print("* decrypting good payload with bad key") + decrypted = aes(false, brandom(key_size), encrypted) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted~=clear_text) + + end +end + +function test_aes_gcm() + local authenticated_data = "authenticated message "..brandom_az09(math.random(10,50)) + local clear_text="test message "..brandom_az09(math.random(10,50)) + local iv, key, encrypted, atag, decrypted, atag2 + + for key_size=16,32,8 do + iv = brandom(12) + key = brandom(key_size) + + print() + print("* aes_gcm test key_size "..tostring(key_size)) + + print("clear text: "..clear_text); + print("authenticated data: "..authenticated_data); + + print("* encrypting") + encrypted, atag = aes_gcm(true, key, iv, clear_text, authenticated_data) + print("encrypted: "..str_or_hex(encrypted)) + print("auth tag: "..string2hex(atag)) + + print("* decrypting everything good") + decrypted, atag2 = aes_gcm(false, key, iv, encrypted, authenticated_data) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted==clear_text) + print("auth tag: "..string2hex(atag2)) + print( atag==atag2 and "TAG OK" or "TAG ERROR" ) + test_assert(atag==atag2) + + print("* decrypting bad payload with good key/iv and correct authentication data") + decrypted, atag2 = aes_gcm(false, key, iv, brandom(#encrypted), authenticated_data) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted~=clear_text) + print("auth tag: "..string2hex(atag2)) + print( atag==atag2 and "TAG OK" or "TAG ERROR" ) + test_assert(atag~=atag2) + + print("* decrypting good payload with good key/iv and incorrect authentication data") + decrypted, atag2 = aes_gcm(false, key, iv, encrypted, authenticated_data.."x") + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted==clear_text) + print("auth tag: "..string2hex(atag2)) + print( atag==atag2 and "TAG OK" or "TAG ERROR" ) + test_assert(atag~=atag2) + + print("* decrypting good payload with bad key, good iv and correct authentication data") + decrypted, atag2 = aes_gcm(false, brandom(key_size), iv, encrypted, authenticated_data) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted~=clear_text) + print("auth tag: "..string2hex(atag2)) + print( atag==atag2 and "TAG OK" or "TAG ERROR" ) + test_assert(atag~=atag2) + + print("* decrypting good payload with good key, bad iv and correct authentication data") + decrypted, atag2 = aes_gcm(false, key, brandom(12), encrypted, authenticated_data) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted~=clear_text) + print("auth tag: "..string2hex(atag2)) + print( atag==atag2 and "TAG OK" or "TAG ERROR" ) + test_assert(atag~=atag2) + end +end + +function test_aes_ctr() + local clear_text="test message "..brandom_az09(math.random(10,50)) + local iv, key, encrypted, decrypted + + for key_size=16,32,8 do + iv = brandom(16) + key = brandom(key_size) + + print() + print("* aes_ctr test key_size "..tostring(key_size)) + + print("clear text: "..clear_text); + + print("* encrypting") + encrypted = aes_ctr(key, iv, clear_text) + print("encrypted: "..str_or_hex(encrypted)) + + print("* decrypting") + decrypted = aes_ctr(key, iv, encrypted) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted==clear_text) + + print("* decrypting with bad key") + decrypted = aes_ctr(bu8(bitand(u8(string.sub(key,1,1))+1,0xFF))..string.sub(key,2), iv, encrypted) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted~=clear_text) + + print("* decrypting with bad iv") + decrypted = aes_ctr(key, bu8(bitand(u8(string.sub(iv,1,1))+1,0xFF))..string.sub(iv,2), encrypted) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted~=clear_text) + end + + -- openssl enc -aes-256-ctr -d -in rnd.bin -out rnd_decrypted.bin -K c39383634d87eb3b6e56edf2c8c0ba99cc8cadf000fb2cd737e37947eecde5fd -iv d745164b233f10b93945526ffe94b87f + print("* aes_ctr const tests") + + local data="\x9d\x9c\xa0\x78\x2e\x17\x84\xfc\x87\xc7\xf5\xdf\x5b\xb5\x71\xfd\xb9\xcb\xd2\x4d\xae\x2f\xf0\x19\xf3\xad\x79\xa8\x9a\xb4\xed\x28\x88\x3c\xe1\x78\x91\x23\x27\xd4\x8d\x94\xb3\xd0\x81\x88\xd2\x55\x95\x8a\x88\x70\x67\x99\x75\xb2\xee\x30\x0f\xe7\xc6\x32\x10" + local iv="\xd7\x45\x16\x4b\x23\x3f\x10\xb9\x39\x45\x52\x6f\xfe\x94\xb8\x7f" + local tests = { + { + key="\xc3\x93\x83\x63\x4d\x87\xeb\x3b\x6e\x56\xed\xf2\xc8\xc0\xba\x99\xcc\x8c\xad\xf0\x00\xfb\x2c\xd7\x37\xe3\x79\x47\xee\xcd\xe5\xfd", + result="\x8C\x2C\x15\x99\x83\x37\x33\xEE\xA1\x70\xA7\x4A\x44\x2E\x6F\x56\x22\x41\xE1\xFC\xC5\x84\x21\x1C\x16\xC6\xE9\x75\x22\x57\x55\x4A\x02\x04\xCE\xAD\xE9\x0A\x45\xAB\x4E\x38\xB8\xB2\x6F\x95\xDA\x46\x4F\x9E\xB1\xFF\xF4\x40\x8A\x57\x25\xD2\xF6\xB6\x93\x65\x75" + }, + { + key="\xc3\x93\x83\x63\x4d\x87\xeb\x3b\x6e\x56\xed\xf2\xc8\xc0\xba\x99\xcc\x8c\xad\xf0\x00\xfb\x2c\xd7", + result="\xB0\x4C\xC9\xDB\x0C\xE5\x67\x51\x1D\x24\x3C\x15\x87\x1B\xF9\x62\x84\x8C\xD0\x57\x33\x93\xE0\x71\x91\x3A\x11\x26\xCA\x77\xA7\x54\xBD\xC6\x5E\x96\x60\x2C\x94\x0F\xBA\x3E\x79\xDC\x48\xA0\x22\x97\xA7\x77\x55\xC8\x14\xEA\xC2\xF5\xA0\x88\x6F\xE2\x44\x32\x68" + }, + { + key="\xc3\x93\x83\x63\x4d\x87\xeb\x3b\x6e\x56\xed\xf2\xc8\xc0\xba\x99", + result="\xD9\xAC\xC7\x7D\xC8\xC9\xF1\x59\x9A\xDF\x15\xF3\x58\x61\xFD\x2B\x1D\x01\x9A\x5F\x04\x53\xA2\xA8\xFD\x52\xDC\x8A\xE9\x3B\x2E\x5E\x0D\x13\xCB\xBD\x16\xED\xC1\xF2\x0D\x68\x62\xB7\xD5\x0F\x8D\xD4\xEB\xA1\xC5\x75\xF2\x0B\x26\x75\x1D\x7E\x5A\x37\xA6\x8A\xCD" + } + } + for k,t in pairs(tests) do + local decrypted = aes_ctr(t.key, iv, data) + io.write("KEY SIZE "..(#t.key*8).." ") + print( decrypted==t.result and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted==t.result) + end +end + +function test_ub() + for k,f in pairs({{u8,bu8,0xFF,8}, {u16,bu16,0xFFFF,16}, {u24,bu24,0xFFFFFF,24}, {u32,bu32,0xFFFFFFFF,32}}) do + local v = math.random(0,f[3]) + local pos = math.random(1,20) + local s = brandom(pos-1)..f[2](v)..brandom(20) + local v2 = f[1](s,pos) + print("u"..tostring(f[4]).." pos="..tostring(pos).." "..tostring(v).." "..tostring(v2)) + test_assert(v==v2) + end +end + +function test_bit() + local v, v2, v3, v4, b1, b2, pow + + v = math.random(0,0xFFFFFFFF) + b1 = math.random(1,16) + + v2 = bitrshift(v, b1) + pow = 2^b1 + v3 = divint(v, pow) + print(string.format("rshift(0x%X,%u) = 0x%X 0x%X/%u = 0x%X", v,b1,v2, v,pow,v3)) + test_assert(v2==v3) + + v2 = bitlshift(v, b1) + pow = 2^b1 + v3 = (v * pow) % 0x100000000 + print(string.format("lshift(0x%X,%u) = 0x%X 0x%X*%u %% 0x10000000 = 0x%X", v,b1,v2, v,pow,v3)) + test_assert(v2==v3) + + v2 = math.random(0,0xFFFFFFFF) + v3 = bitxor(v, v2) + v4 = bitor(v, v2) - bitand(v, v2) + print(string.format("xor(0x%X,0x%X) = %X or/and/minus = %X", v, v2, v3, v4)) + test_assert(v3==v4) + + b2 = b1 + math.random(1,15) + v2 = bitget(v, b1, b2) + pow = 2^(b2-b1+1) - 1 + v3 = bitand(bitrshift(v,b1), pow) + print(string.format("bitget(0x%X,%u,%u) = 0x%X bitand/bitrshift/pow = 0x%X", v, b1, b2, v2, v3)) + test_assert(v2==v3) + + v4 = math.random(0,pow) + v2 = bitset(v, b1, b2, v4) + v3 = bitor(bitlshift(v4, b1), bitand(v, bitnot(bitlshift(pow, b1)))) + print(string.format("bitset(0x%X,%u,%u,0x%X) = 0x%X bitand/bitnot/bitlshift/pow = 0x%X", v, b1, b2, v4, v2, v3)) + test_assert(v2==v3) +end + +function test_ux() + local v1, v2, v3, usum, sum + for k,test in pairs({ + { add=u8add, fname="u8add", max = 0xFF }, + { add=u16add, fname="u16add", max = 0xFFFF }, + { add=u24add, fname="u24add", max = 0xFFFFFF }, + { add=u32add, fname="u32add", max = 0xFFFFFFFF } + }) do + io.write(test.fname.." : ") + for i=1,1000 do + v1=math.random(-test.max,test.max) + v2=math.random(-test.max,test.max) + v3=math.random(-test.max,test.max) + usum = test.add(v1,v2,v3) + sum = bitand((v1+v2+v3)%(test.max+1),test.max) + if sum~=usum then + print("FAIL") + end + test_assert(sum==usum) + end + print("OK") + end +end + +function test_bin(...) + test_run({test_ub, test_bit, test_ux},...) +end + + +function test_ipstr() + local s_ip, ip, s_ip2 + + s_ip = string.format("%u.%u.%u.%u", math.random(0,255), math.random(0,255), math.random(0,255), math.random(0,255)); + ip = pton(s_ip) + s_ip2 = ntop(ip) + print("IP: "..s_ip) + print("IPBIN: "..string2hex(ip)) + print("IP2: "..s_ip2) + test_assert(s_ip==s_ip2) + + s_ip = string.format("%x:%x:%x:%x:%x:%x:%x:%x", math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF)); + ip = pton(s_ip) + s_ip2 = ntop(ip) + print("IP: "..s_ip) + print("IPBIN: "..string2hex(ip)) + print("IP2: "..s_ip2) + test_assert(s_ip==s_ip2) +end + + +function test_dissect() + local dis, raw1, raw2 + + for i=1,20 do + print("* dissect test "..tostring(i)) + + local ip_tcp = { + ip = { + ip_tos = math.random(0,255), + ip_id = math.random(0,0xFFFF), + ip_off = 0, + ip_ttl = math.random(0,255), + ip_p = IPPROTO_TCP, + ip_src = brandom(4), + ip_dst = brandom(4), + options = brandom(math.random(0,40)) + }, + tcp = { + th_sport = math.random(0,0xFFFF), + th_dport = math.random(0,0xFFFF), + th_seq = math.random(0,0xFFFFFFFF), + th_ack = math.random(0,0xFFFFFFFF), + th_x2 = math.random(0,0xF), + th_flags = math.random(0,0xFF), + th_win = math.random(0,0xFFFF), + th_urp = math.random(0,0xFFFF), + options = { + { kind = 1 }, + { kind = 0xE0, data = brandom(math.random(1,10)) }, + { kind = 1 }, + { kind = 0xE1, data = brandom(math.random(1,10)) }, + { kind = 0 } + } + }, + payload = brandom(math.random(0, 20)) + } + raw1 = reconstruct_dissect(ip_tcp) + print("IP+TCP : "..string2hex(raw1)) + dis1 = dissect(raw1); + raw2 = reconstruct_dissect(dis1) + dis2 = dissect(raw2); + print("IP+TCP2: "..string2hex(raw2)) + print( raw1==raw2 and "DISSECT OK" or "DISSECT FAILED" ) + test_assert(raw1==raw2) + + local ip6_udp = { + ip6 = { + ip6_flow = 0x60000000 + math.random(0,0xFFFFFFF), + ip6_hlim = math.random(1,0xFF), + ip6_src = brandom(16), + ip6_dst = brandom(16), + exthdr = { + { type = IPPROTO_HOPOPTS, data = brandom(6+8*math.random(0,2)) }, + { type = IPPROTO_AH, data = brandom(6+4*math.random(0,4)) } + } + }, + udp = { + uh_sport = math.random(0,0xFFFF), + uh_dport = math.random(0,0xFFFF) + }, + payload = brandom(math.random(0, 20)) + } + + raw1 = reconstruct_dissect(ip6_udp) + print("IP6+UDP : "..string2hex(raw1)) + dis1 = dissect(raw1); + raw2 = reconstruct_dissect(dis1) + dis2 = dissect(raw2); + print("IP6+UDP2: "..string2hex(raw2)) + print( raw1==raw2 and "DISSECT OK" or "DISSECT FAILED" ) + test_assert(raw1==raw2) + end +end + +function test_csum() + local payload = brandom(math.random(10,20)) + local ip4b, ip6b, raw, tcpb, udpb, dis1, dis2 + local ip = { + ip_tos = math.random(0,255), + ip_id = math.random(0,0xFFFF), + ip_len = math.random(0,0xFFFF), + ip_off = 0, + ip_ttl = math.random(0,255), + ip_p = IPPROTO_TCP, + ip_src = brandom(4), + ip_dst = brandom(4), + options = brandom(4*math.random(0,10)) + } + ip4b = reconstruct_iphdr(ip) + raw = bu8(0x40 + 5 + #ip.options/4) .. + bu8(ip.ip_tos) .. + bu16(ip.ip_len) .. + bu16(ip.ip_id) .. + bu16(ip.ip_off) .. + bu8(ip.ip_ttl) .. + bu8(ip.ip_p) .. + bu16(0) .. + ip.ip_src .. ip.ip_dst .. + ip.options + raw = csum_ip4_fix(raw) + print( raw==ip4b and "IP4 RECONSTRUCT+CSUM OK" or "IP4 RECONSTRUCT+CSUM FAILED" ) + test_assert(raw==ip4b) + + + local tcp = { + th_sport = math.random(0,0xFFFF), + th_dport = math.random(0,0xFFFF), + th_seq = math.random(0,0xFFFFFFFF), + th_ack = math.random(0,0xFFFFFFFF), + th_x2 = math.random(0,0xF), + th_flags = math.random(0,0xFF), + th_win = math.random(0,0xFFFF), + th_urp = math.random(0,0xFFFF), + options = { + { kind = 1 }, + { kind = 0xE0, data = brandom(math.random(1,10)) }, + { kind = 1 }, + { kind = 0xE1, data = brandom(math.random(1,10)) }, + { kind = 0 } + } + } + tcpb = reconstruct_tcphdr(tcp) + raw = bu16(tcp.th_sport) .. + bu16(tcp.th_dport) .. + bu32(tcp.th_seq) .. + bu32(tcp.th_ack) .. + bu8(l4_len({tcp = tcp}) * 4 + tcp.th_x2) .. + bu8(tcp.th_flags) .. + bu16(tcp.th_win) .. + bu16(0) .. + bu16(tcp.th_urp) .. + bu8(tcp.options[1].kind).. + bu8(tcp.options[2].kind)..bu8(2 + #tcp.options[2].data)..tcp.options[2].data .. + bu8(tcp.options[3].kind).. + bu8(tcp.options[4].kind)..bu8(2 + #tcp.options[4].data)..tcp.options[4].data .. + bu8(tcp.options[5].kind) + raw = raw .. string.rep(bu8(TCP_KIND_NOOP), bitand(4-bitand(#raw,3),3)) + print( raw==tcpb and "TCP RECONSTRUCT OK" or "TCP RECONSTRUCT FAILED" ) + test_assert(raw==tcpb) + + raw = reconstruct_dissect({ip=ip, tcp=tcp, payload=payload}) + dis1 = dissect(raw) + tcpb = csum_tcp_fix(ip4b,tcpb,payload) + dis2 = dissect(ip4b..tcpb..payload) + print( dis1.tcp.th_sum==dis2.tcp.th_sum and "TCP+IP4 CSUM OK" or "TCP+IP4 CSUM FAILED" ) + test_assert(dis1.tcp.th_sum==dis2.tcp.th_sum) + + + local ip6 = { + ip6_flow = 0x60000000 + math.random(0,0xFFFFFFF), + ip6_hlim = math.random(1,0xFF), + ip6_src = brandom(16), + ip6_dst = brandom(16), + exthdr = { + { type = IPPROTO_HOPOPTS, data = brandom(6+8*math.random(0,2)) } + } + } + ip6.ip6_plen = packet_len({ip6=ip6,tcp=tcp,payload=payload}) - IP6_BASE_LEN + ip6b = reconstruct_ip6hdr(ip6, {ip6_last_proto=IPPROTO_TCP}) + raw = bu32(ip6.ip6_flow) .. + bu16(ip6.ip6_plen) .. + bu8(ip6.exthdr[1].type) .. + bu8(ip6.ip6_hlim) .. + ip6.ip6_src .. ip6.ip6_dst .. + bu8(IPPROTO_TCP) .. + bu8((#ip6.exthdr[1].data+2)/8 - 1) .. + ip6.exthdr[1].data + print( raw==ip6b and "IP6 RECONSTRUCT OK" or "IP6 RECONSTRUCT FAILED" ) + test_assert(raw==ip6b) + + raw = reconstruct_dissect({ip6=ip6, tcp=tcp, payload=payload}) + dis1 = dissect(raw) + tcpb = csum_tcp_fix(ip6b,tcpb,payload) + dis2 = dissect(ip6b..tcpb..payload) + print( dis1.tcp.th_sum==dis2.tcp.th_sum and "TCP+IP6 CSUM OK" or "TCP+IP6 CSUM FAILED" ) + test_assert(dis1.tcp.th_sum==dis2.tcp.th_sum) + + + ip.ip_p = IPPROTO_UDP + ip4b = reconstruct_iphdr(ip) + ip6.ip6_plen = packet_len({ip6=ip6,udp=udp,payload=payload}) - IP6_BASE_LEN + ip6b = reconstruct_ip6hdr(ip6, {ip6_last_proto=IPPROTO_UDP}) + + local udp = { + uh_sport = math.random(0,0xFFFF), + uh_dport = math.random(0,0xFFFF), + uh_ulen = UDP_BASE_LEN + #payload + } + + udpb = reconstruct_udphdr(udp) + raw = bu16(udp.uh_sport) .. + bu16(udp.uh_dport) .. + bu16(udp.uh_ulen) .. + bu16(0) + print( raw==udpb and "UDP RECONSTRUCT OK" or "UDP RECONSTRUCT FAILED" ) + test_assert(raw==udpb) + + raw = reconstruct_dissect({ip=ip, udp=udp, payload=payload}) + dis1 = dissect(raw) + udpb = csum_udp_fix(ip4b,udpb,payload) + dis2 = dissect(ip4b..udpb..payload) + print( dis1.udp.uh_sum==dis2.udp.uh_sum and "UDP+IP4 CSUM OK" or "UDP+IP4 CSUM FAILED" ) + test_assert(dis1.udp.uh_sum==dis2.udp.uh_sum) + + raw = reconstruct_dissect({ip6=ip6, udp=udp, payload=payload}) + dis1 = dissect(raw) + udpb = csum_udp_fix(ip6b,udpb,payload) + dis2 = dissect(ip6b..udpb..payload) + print( dis1.udp.uh_sum==dis2.udp.uh_sum and "UDP+IP6 CSUM OK" or "UDP+IP6 CSUM FAILED" ) + test_assert(dis1.udp.uh_sum==dis2.udp.uh_sum) +end + +function test_resolve() + local pos + + pos = zero_based_pos(resolve_multi_pos(fake_default_tls,"tls_client_hello","1,extlen,sniext,host,sld,midsld,endsld,endhost,-5")) + test_assert(pos) + print("resolve_multi_pos tls : "..table.concat(pos," ")) + pos = zero_based_pos(resolve_range(fake_default_tls,"tls_client_hello","host,endhost")) + test_assert(pos) + print("resolve_range tls : "..table.concat(pos," ")) + pos = resolve_pos(fake_default_tls,"tls_client_hello","midsld") + test_assert(pos) + print("resolve_pos tls : "..pos - 1) + pos = resolve_pos(fake_default_tls,"tls_client_hello","method") + test_assert(not pos) + print("resolve_pos tls non-existent : "..tostring(pos)) + + pos = zero_based_pos(resolve_multi_pos(fake_default_http,"http_req","method,host,sld,midsld,endsld,endhost,-5")) + test_assert(pos) + print("resolve_multi_pos http : "..table.concat(pos," ")) + pos = resolve_pos(fake_default_http,"http_req","sniext") + test_assert(not pos) + print("resolve_pos http non-existent : "..tostring(pos)) +end + +function test_rawsend(opts) + local ifout = (opts and opts.ifout) and opts.ifout + local function rawsend_fail_warning() + if not opts or not opts.ifout or #opts.ifout==0 then + local un = uname() + if string.sub(un.sysname,1,6)=="CYGWIN" then + print("windivert requires interface name in the form '.'. take it from winws2 output with '--debug' option and call test_rawsend({ifout=interface_name})") + end + end + end + local function rawsend_dissect_print(dis, options) + if options then + options.ifout = ifout + else + options = { ifout = ifout } + end + local b = rawsend_dissect(dis, options) + if not b then + print("rawsend_dissect failed") + rawsend_fail_warning() + end + return b + end + local function rawsend_print(raw, options) + if options then + options.ifout = ifout + else + options = { ifout = ifout } + end + print("rawsend: "..string2hex(raw)) + local b = rawsend(raw, options) + if not b then + print("rawsend failed") + rawsend_fail_warning() + end + return b + end + local ip, ip6, udp, dis, ddis, raw_ip, raw_udp, raw + local payload = brandom(math.random(100,1200)) + local b + + ip = { + ip_tos = 0, + ip_id = math.random(0,0xFFFF), + ip_off = 0, + ip_ttl = 1, + ip_p = IPPROTO_UDP, + ip_src = pton("192.168.1.1"), + ip_dst = pton("192.168.1.2") + } + udp = { + uh_sport = math.random(0,0xFFFF), + uh_dport = math.random(0,0xFFFF) + } + dis = {ip = ip, udp = udp, payload = payload} + print("send ipv4 udp") + test_assert(rawsend_dissect_print(dis, {repeats=3})) + ddis = ipfrag2(dis, {ipfrag_pos_udp = 80}) + for k,d in pairs(ddis) do + print("send ipv4 udp frag "..k) + test_assert(rawsend_dissect_print(d)) + end + + local ip2=ip + ip2.ip_len = IP_BASE_LEN + UDP_BASE_LEN + #payload + raw_ip = reconstruct_iphdr(ip2) + raw_udp = reconstruct_udphdr({uh_sport = udp.uh_sport, uh_dport = udp.uh_dport, uh_ulen = UDP_BASE_LEN + #payload}) + raw_udp = csum_udp_fix(raw_ip,raw_udp,payload) + raw = raw_ip .. raw_udp .. payload + print("send ipv4 udp using pure rawsend without dissect") + test_assert(rawsend_print(raw, {repeats=5})) + + ip6 = { + ip6_flow = 0x60000000, + ip6_hlim = 1, + ip6_src = pton("fdce:3124:164a:5318::1"), + ip6_dst = pton("fdce:3124:164a:5318::2") + } + dis = {ip6 = ip6, udp = udp, payload = payload} + print("send ipv6 udp") + test_assert(rawsend_dissect_print(dis, {repeats=3})) + + ddis = ipfrag2(dis, {ipfrag_pos_udp = 80}) + for k,d in pairs(ddis) do + print("send ipv6 udp frag "..k) + test_assert(rawsend_dissect_print(d)) + end + + ip6.exthdr={{ type = IPPROTO_HOPOPTS, data = "\x00\x00\x00\x00\x00\x00" }} + print("send ipv6 udp with hopbyhop ext header") + test_assert(rawsend_dissect_print(dis, {repeats=3})) + + ddis = ipfrag2(dis, {ipfrag_pos_udp = 80}) + for k,d in pairs(ddis) do + print("send ipv6 udp frag "..k.." with hopbyhop ext header") + test_assert(rawsend_dissect_print(d)) + end + + table.insert(ip6.exthdr, { type = IPPROTO_DSTOPTS, data = "\x00\x00\x00\x00\x00\x00" }) + table.insert(ip6.exthdr, { type = IPPROTO_DSTOPTS, data = "\x00\x00\x00\x00\x00\x00" }) + ip6.ip6_flow = 0x60001234; + ddis = ipfrag2(dis, {ipfrag_pos_udp = 80}) + for k,d in pairs(ddis) do + print("send ipv6 udp frag "..k.." with hopbyhop, destopt ext headers in unfragmentable part and another destopt ext header in fragmentable part") + test_assert(rawsend_dissect_print(d, {fwmark = 0x50EA})) + end + + fix_ip6_next(ip6) -- required to forge next proto in the second fragment + ip6.ip6_flow = 0x6000AE38; + ddis = ipfrag2(dis, {ipfrag_pos_udp = 80, ipfrag_next = IPPROTO_TCP}) + for k,d in pairs(ddis) do + print("send ipv6 udp frag "..k.." with hopbyhop, destopt ext headers in unfragmentable part and another destopt ext header in fragmentable part. forge next proto in fragment header of the second fragment to TCP") + -- reconstruct dissect using next proto fields in the dissect. do not auto fix next proto chain. + -- by default reconstruct fixes next proto chain + test_assert(rawsend_dissect_print(d, {fwmark = 0x409A, repeats=2}, {ip6_preserve_next = true})) + end +end diff --git a/blockcheck/zapret2/lua/zapret-wgobfs.lua b/blockcheck/zapret2/lua/zapret-wgobfs.lua new file mode 100644 index 0000000..e76ef29 --- /dev/null +++ b/blockcheck/zapret2/lua/zapret-wgobfs.lua @@ -0,0 +1,79 @@ +-- test case : nfqws2 --qnum 200 --debug --lua-init=@zapret-wgobfs.lua --in-range=a --out-range=a --lua-desync=wgobfs:secret=mycoolpassword +-- encrypt standard wireguard messages - initiation, response, cookie - and change udp packet size +-- do not encrypt data messages and keepalives +-- wgobfs adds maximum of 30+padmax bytes to udp size +-- reduce MTU of wireguard interface to avoid ip fragmentation ! +-- without knowing the secret encrypted packets should be crypto strong white noise with no signature +-- arg : secret - shared secret. any string. must be the same on both peers +-- arg : padmin - min random garbage bytes. 0 by default +-- arg : padmax - max random garbage bytes. 16 by default +function wgobfs(ctx, desync) + local padmin = desync.arg.padmin and tonumber(desync.arg.padmin) or 0 + local padmax = desync.arg.padmax and tonumber(desync.arg.padmax) or 16 + local function genkey() + -- cache key in a global var bound to instance name + local key_cache_name = desync.func_instance.."_key" + key = _G[key_cache_name] + if not key then + key = hkdf("sha256", "wgobfs_salt", desync.arg.secret, nil, 16) + _G[key_cache_name] = key + end + return key + end + local function maybe_encrypted_payload(payload) + for k,plsize in pairs({2+12+16+148, 2+12+16+92, 2+12+16+64}) do + if #payload>=(plsize+padmin) and #payload<=(plsize+padmax) then + return true + end + end + return false + end + local function wg_payload_from_size(payload) + if #payload==148 then return "wireguard_initiation" + elseif #payload==92 then return "wireguard_response" + elseif #payload==64 then return "wireguard_cookie" + else return nil + end + end + + if not desync.dis.udp then + instance_cutoff(ctx) + return + end + if not desync.arg.secret or #desync.arg.secret==0 then + error("wgobfs requires secret") + end + if padmin>padmax then + error("wgobfs: padmin>padmax") + end + if desync.l7payload=="wireguard_initiation" or desync.l7payload=="wireguard_response" or desync.l7payload=="wireguard_cookie" and #desync.dis.payload<65506 then + DLOG("wgobfs: encrypting '"..desync.l7payload.."'. size "..#desync.dis.payload) + local key = genkey() + -- in aes-gcm every message require it's own crypto secure random iv + -- encrypting more than one message with the same iv is considered catastrophic failure + -- iv must be sent with encrypted message + local iv = bcryptorandom(12) + local encrypted, atag = aes_gcm(true, key, iv, bu16(#desync.dis.payload)..desync.dis.payload..brandom(math.random(padmin,padmax)), nil) + desync.dis.payload = iv..atag..encrypted + return VERDICT_MODIFY + end + + if desync.l7payload=="unknown" and maybe_encrypted_payload(desync.dis.payload) then + local key = genkey() + local iv = string.sub(desync.dis.payload,1,12) + local atag = string.sub(desync.dis.payload,13,28) + local decrypted, atag2 = aes_gcm(false, key, iv, string.sub(desync.dis.payload,29)) + if atag==atag2 then + local plen = u16(decrypted) + if plen>(#decrypted-2) then + DLOG("wgobfs: bad decrypted payload data") + else + desync.dis.payload = string.sub(decrypted, 3, 3+plen-1) + if b_debug then DLOG("wgobfs: decrypted '"..(wg_payload_from_size(desync.dis.payload) or "unknown").."' message. size "..plen) end + return VERDICT_MODIFY + end + else + DLOG("wgobfs: decrypt auth tag mismatch") + end + end +end diff --git a/blockcheck/zapret2/mdig/mdig.exe b/blockcheck/zapret2/mdig/mdig.exe new file mode 100644 index 0000000..56fc2d2 Binary files /dev/null and b/blockcheck/zapret2/mdig/mdig.exe differ diff --git a/blockcheck/zapret2/nfq2/WinDivert.dll b/blockcheck/zapret2/nfq2/WinDivert.dll new file mode 100644 index 0000000..50ca874 Binary files /dev/null and b/blockcheck/zapret2/nfq2/WinDivert.dll differ diff --git a/blockcheck/zapret2/nfq2/WinDivert64.sys b/blockcheck/zapret2/nfq2/WinDivert64.sys new file mode 100644 index 0000000..218ccaf Binary files /dev/null and b/blockcheck/zapret2/nfq2/WinDivert64.sys differ diff --git a/blockcheck/zapret2/nfq2/winws2.exe b/blockcheck/zapret2/nfq2/winws2.exe new file mode 100644 index 0000000..5708218 Binary files /dev/null and b/blockcheck/zapret2/nfq2/winws2.exe differ diff --git a/cygwin/bin/[.exe b/cygwin/bin/[.exe new file mode 100644 index 0000000..d1edbff Binary files /dev/null and b/cygwin/bin/[.exe differ diff --git a/cygwin/bin/arch.exe b/cygwin/bin/arch.exe new file mode 100644 index 0000000..59d5cad Binary files /dev/null and b/cygwin/bin/arch.exe differ diff --git a/cygwin/bin/awk b/cygwin/bin/awk new file mode 100644 index 0000000..bbce4c0 --- /dev/null +++ b/cygwin/bin/awk @@ -0,0 +1,3 @@ +#!/bin/sh + +exec gawk "$@" \ No newline at end of file diff --git a/cygwin/bin/basename.exe b/cygwin/bin/basename.exe new file mode 100644 index 0000000..2e6df3f Binary files /dev/null and b/cygwin/bin/basename.exe differ diff --git a/cygwin/bin/bash.exe b/cygwin/bin/bash.exe new file mode 100644 index 0000000..59452ea Binary files /dev/null and b/cygwin/bin/bash.exe differ diff --git a/cygwin/bin/bunzip2.exe b/cygwin/bin/bunzip2.exe new file mode 100644 index 0000000..0d5a2fa Binary files /dev/null and b/cygwin/bin/bunzip2.exe differ diff --git a/cygwin/bin/bzcat.exe b/cygwin/bin/bzcat.exe new file mode 100644 index 0000000..993b657 Binary files /dev/null and b/cygwin/bin/bzcat.exe differ diff --git a/cygwin/bin/bzgrep b/cygwin/bin/bzgrep new file mode 100644 index 0000000..0314ca6 --- /dev/null +++ b/cygwin/bin/bzgrep @@ -0,0 +1,85 @@ +#!/bin/sh + +# Bzgrep wrapped for bzip2, +# adapted from zgrep by Philippe Troin for Debian GNU/Linux. +## zgrep notice: +## zgrep -- a wrapper around a grep program that decompresses files as needed +## Adapted from a version sent by Charles Levert + +PATH="/usr/bin:$PATH"; export PATH + +prog=`echo $0 | sed 's|.*/||'` +case "$prog" in + *egrep) grep=${EGREP-egrep} ;; + *fgrep) grep=${FGREP-fgrep} ;; + *) grep=${GREP-grep} ;; +esac +pat="" +while test $# -ne 0; do + case "$1" in + -e | -f) opt="$opt $1"; shift; pat="$1" + if test "$grep" = grep; then # grep is buggy with -e on SVR4 + grep=egrep + fi;; + -A | -B) opt="$opt $1 $2"; shift;; + -*) opt="$opt $1";; + *) if test -z "$pat"; then + pat="$1" + else + break; + fi;; + esac + shift +done + +if test -z "$pat"; then + echo "grep through bzip2 files" + echo "usage: $prog [grep_options] pattern [files]" + exit 1 +fi + +list=0 +silent=0 +op=`echo "$opt" | sed -e 's/ //g' -e 's/-//g'` +case "$op" in + *l*) list=1 +esac +case "$op" in + *h*) silent=1 +esac + +if test $# -eq 0; then + bzip2 -cdfq | $grep $opt "$pat" + exit $? +fi + +res=0 +for i do + if test -f "$i"; then :; else if test -f "$i.bz2"; then i="$i.bz2"; fi; fi + if test $list -eq 1; then + bzip2 -cdfq "$i" | $grep $opt "$pat" 2>&1 > /dev/null && echo $i + r=$? + elif test $# -eq 1 -o $silent -eq 1; then + bzip2 -cdfq "$i" | $grep $opt "$pat" + r=$? + else + j=$(echo "$i" | sed 's/\\/&&/g;s/|/\\&/g;s/&/\\&/g') + j=`printf "%s" "$j" | tr '\n' ' '` + # A trick adapted from + # https://groups.google.com/forum/#!original/comp.unix.shell/x1345iu10eg/Nn1n-1r1uU0J + # that has the same effect as the following bash code: + # bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|" + # r=${PIPESTATUS[1]} + exec 3>&1 + eval ` + exec 4>&1 >&3 3>&- + { + bzip2 -cdfq "$i" 4>&- + } | { + $grep $opt "$pat" 4>&-; echo "r=$?;" >&4 + } | sed "s|^|${j}:|" + ` + fi + test "$r" -ne 0 && res="$r" +done +exit $res diff --git a/cygwin/bin/bzip2.exe b/cygwin/bin/bzip2.exe new file mode 100644 index 0000000..c9de952 Binary files /dev/null and b/cygwin/bin/bzip2.exe differ diff --git a/cygwin/bin/cat.exe b/cygwin/bin/cat.exe new file mode 100644 index 0000000..4920fad Binary files /dev/null and b/cygwin/bin/cat.exe differ diff --git a/cygwin/bin/chattr.exe b/cygwin/bin/chattr.exe new file mode 100644 index 0000000..daabe3a Binary files /dev/null and b/cygwin/bin/chattr.exe differ diff --git a/cygwin/bin/chgrp.exe b/cygwin/bin/chgrp.exe new file mode 100644 index 0000000..78b3309 Binary files /dev/null and b/cygwin/bin/chgrp.exe differ diff --git a/cygwin/bin/chmod.exe b/cygwin/bin/chmod.exe new file mode 100644 index 0000000..f5327b3 Binary files /dev/null and b/cygwin/bin/chmod.exe differ diff --git a/cygwin/bin/chown.exe b/cygwin/bin/chown.exe new file mode 100644 index 0000000..bb79709 Binary files /dev/null and b/cygwin/bin/chown.exe differ diff --git a/cygwin/bin/chrt.exe b/cygwin/bin/chrt.exe new file mode 100644 index 0000000..d53d185 Binary files /dev/null and b/cygwin/bin/chrt.exe differ diff --git a/cygwin/bin/clear.exe b/cygwin/bin/clear.exe new file mode 100644 index 0000000..ae84576 Binary files /dev/null and b/cygwin/bin/clear.exe differ diff --git a/cygwin/bin/cmp.exe b/cygwin/bin/cmp.exe new file mode 100644 index 0000000..0acdd72 Binary files /dev/null and b/cygwin/bin/cmp.exe differ diff --git a/cygwin/bin/cp.exe b/cygwin/bin/cp.exe new file mode 100644 index 0000000..60387e2 Binary files /dev/null and b/cygwin/bin/cp.exe differ diff --git a/cygwin/bin/cut.exe b/cygwin/bin/cut.exe new file mode 100644 index 0000000..e3f7602 Binary files /dev/null and b/cygwin/bin/cut.exe differ diff --git a/cygwin/bin/cygattr-1.dll b/cygwin/bin/cygattr-1.dll new file mode 100644 index 0000000..6dff0e6 Binary files /dev/null and b/cygwin/bin/cygattr-1.dll differ diff --git a/cygwin/bin/cygbsd-0.dll b/cygwin/bin/cygbsd-0.dll new file mode 100644 index 0000000..15eec09 Binary files /dev/null and b/cygwin/bin/cygbsd-0.dll differ diff --git a/cygwin/bin/cygbz2-1.dll b/cygwin/bin/cygbz2-1.dll new file mode 100644 index 0000000..2ff65d9 Binary files /dev/null and b/cygwin/bin/cygbz2-1.dll differ diff --git a/cygwin/bin/cygcrypto-1.1.dll b/cygwin/bin/cygcrypto-1.1.dll new file mode 100644 index 0000000..41736e6 Binary files /dev/null and b/cygwin/bin/cygcrypto-1.1.dll differ diff --git a/cygwin/bin/cyggcc_s-seh-1.dll b/cygwin/bin/cyggcc_s-seh-1.dll new file mode 100644 index 0000000..67291be Binary files /dev/null and b/cygwin/bin/cyggcc_s-seh-1.dll differ diff --git a/cygwin/bin/cyggmp-10.dll b/cygwin/bin/cyggmp-10.dll new file mode 100644 index 0000000..97a86dc Binary files /dev/null and b/cygwin/bin/cyggmp-10.dll differ diff --git a/cygwin/bin/cygiconv-2.dll b/cygwin/bin/cygiconv-2.dll new file mode 100644 index 0000000..ddcb603 Binary files /dev/null and b/cygwin/bin/cygiconv-2.dll differ diff --git a/cygwin/bin/cygintl-8.dll b/cygwin/bin/cygintl-8.dll new file mode 100644 index 0000000..4422cf3 Binary files /dev/null and b/cygwin/bin/cygintl-8.dll differ diff --git a/cygwin/bin/cyglzma-5.dll b/cygwin/bin/cyglzma-5.dll new file mode 100644 index 0000000..a3ac911 Binary files /dev/null and b/cygwin/bin/cyglzma-5.dll differ diff --git a/cygwin/bin/cygmagic-1.dll b/cygwin/bin/cygmagic-1.dll new file mode 100644 index 0000000..c008fdb Binary files /dev/null and b/cygwin/bin/cygmagic-1.dll differ diff --git a/cygwin/bin/cygmd-0.dll b/cygwin/bin/cygmd-0.dll new file mode 100644 index 0000000..96f1de8 Binary files /dev/null and b/cygwin/bin/cygmd-0.dll differ diff --git a/cygwin/bin/cygmpfr-6.dll b/cygwin/bin/cygmpfr-6.dll new file mode 100644 index 0000000..81fb502 Binary files /dev/null and b/cygwin/bin/cygmpfr-6.dll differ diff --git a/cygwin/bin/cygncursesw-10.dll b/cygwin/bin/cygncursesw-10.dll new file mode 100644 index 0000000..583a20e Binary files /dev/null and b/cygwin/bin/cygncursesw-10.dll differ diff --git a/cygwin/bin/cygpath.exe b/cygwin/bin/cygpath.exe new file mode 100644 index 0000000..28c06d1 Binary files /dev/null and b/cygwin/bin/cygpath.exe differ diff --git a/cygwin/bin/cygpcre-1.dll b/cygwin/bin/cygpcre-1.dll new file mode 100644 index 0000000..3bd8217 Binary files /dev/null and b/cygwin/bin/cygpcre-1.dll differ diff --git a/cygwin/bin/cygpcre2-8-0.dll b/cygwin/bin/cygpcre2-8-0.dll new file mode 100644 index 0000000..7aa1ef4 Binary files /dev/null and b/cygwin/bin/cygpcre2-8-0.dll differ diff --git a/cygwin/bin/cygpopt-0.dll b/cygwin/bin/cygpopt-0.dll new file mode 100644 index 0000000..3b28802 Binary files /dev/null and b/cygwin/bin/cygpopt-0.dll differ diff --git a/cygwin/bin/cygproc2-0.dll b/cygwin/bin/cygproc2-0.dll new file mode 100644 index 0000000..e3d15af Binary files /dev/null and b/cygwin/bin/cygproc2-0.dll differ diff --git a/cygwin/bin/cygreadline7.dll b/cygwin/bin/cygreadline7.dll new file mode 100644 index 0000000..52f9a24 Binary files /dev/null and b/cygwin/bin/cygreadline7.dll differ diff --git a/cygwin/bin/cygssl-1.1.dll b/cygwin/bin/cygssl-1.1.dll new file mode 100644 index 0000000..4213dfb Binary files /dev/null and b/cygwin/bin/cygssl-1.1.dll differ diff --git a/cygwin/bin/cygstart.exe b/cygwin/bin/cygstart.exe new file mode 100644 index 0000000..078ba71 Binary files /dev/null and b/cygwin/bin/cygstart.exe differ diff --git a/cygwin/bin/cygtls-26.dll b/cygwin/bin/cygtls-26.dll new file mode 100644 index 0000000..1a913cc Binary files /dev/null and b/cygwin/bin/cygtls-26.dll differ diff --git a/cygwin/bin/cygwin-console-helper.exe b/cygwin/bin/cygwin-console-helper.exe new file mode 100644 index 0000000..de16dc9 Binary files /dev/null and b/cygwin/bin/cygwin-console-helper.exe differ diff --git a/cygwin/bin/cygwin1.dll b/cygwin/bin/cygwin1.dll new file mode 100644 index 0000000..1bb2e05 Binary files /dev/null and b/cygwin/bin/cygwin1.dll differ diff --git a/cygwin/bin/cygz.dll b/cygwin/bin/cygz.dll new file mode 100644 index 0000000..f685d85 Binary files /dev/null and b/cygwin/bin/cygz.dll differ diff --git a/cygwin/bin/cygzstd-1.dll b/cygwin/bin/cygzstd-1.dll new file mode 100644 index 0000000..3da6620 Binary files /dev/null and b/cygwin/bin/cygzstd-1.dll differ diff --git a/cygwin/bin/date.exe b/cygwin/bin/date.exe new file mode 100644 index 0000000..305e72b Binary files /dev/null and b/cygwin/bin/date.exe differ diff --git a/cygwin/bin/dircolors.exe b/cygwin/bin/dircolors.exe new file mode 100644 index 0000000..e11a2ab Binary files /dev/null and b/cygwin/bin/dircolors.exe differ diff --git a/cygwin/bin/dirname.exe b/cygwin/bin/dirname.exe new file mode 100644 index 0000000..10f3e9c Binary files /dev/null and b/cygwin/bin/dirname.exe differ diff --git a/cygwin/bin/dos2unix.exe b/cygwin/bin/dos2unix.exe new file mode 100644 index 0000000..aba00ca Binary files /dev/null and b/cygwin/bin/dos2unix.exe differ diff --git a/cygwin/bin/echo.exe b/cygwin/bin/echo.exe new file mode 100644 index 0000000..dbf6d7c Binary files /dev/null and b/cygwin/bin/echo.exe differ diff --git a/cygwin/bin/egrep b/cygwin/bin/egrep new file mode 100644 index 0000000..513835a --- /dev/null +++ b/cygwin/bin/egrep @@ -0,0 +1,4 @@ +#!/bin/sh +#cmd=${0##*/} +#echo "$cmd: warning: $cmd is obsolescent; using grep -E" >&2 +exec grep -E "$@" diff --git a/cygwin/bin/env.exe b/cygwin/bin/env.exe new file mode 100644 index 0000000..7214015 Binary files /dev/null and b/cygwin/bin/env.exe differ diff --git a/cygwin/bin/expr.exe b/cygwin/bin/expr.exe new file mode 100644 index 0000000..e9dc0fd Binary files /dev/null and b/cygwin/bin/expr.exe differ diff --git a/cygwin/bin/false.exe b/cygwin/bin/false.exe new file mode 100644 index 0000000..efb05d6 Binary files /dev/null and b/cygwin/bin/false.exe differ diff --git a/cygwin/bin/fgrep b/cygwin/bin/fgrep new file mode 100644 index 0000000..e8c4df9 --- /dev/null +++ b/cygwin/bin/fgrep @@ -0,0 +1,4 @@ +#!/bin/sh +#cmd=${0##*/} +#echo "$cmd: warning: $cmd is obsolescent; using grep -F" >&2 +exec grep -F "$@" diff --git a/cygwin/bin/find.exe b/cygwin/bin/find.exe new file mode 100644 index 0000000..0c9ec08 Binary files /dev/null and b/cygwin/bin/find.exe differ diff --git a/cygwin/bin/fmt.exe b/cygwin/bin/fmt.exe new file mode 100644 index 0000000..d2badf5 Binary files /dev/null and b/cygwin/bin/fmt.exe differ diff --git a/cygwin/bin/fold.exe b/cygwin/bin/fold.exe new file mode 100644 index 0000000..68cd5e0 Binary files /dev/null and b/cygwin/bin/fold.exe differ diff --git a/cygwin/bin/gawk.exe b/cygwin/bin/gawk.exe new file mode 100644 index 0000000..3322df4 Binary files /dev/null and b/cygwin/bin/gawk.exe differ diff --git a/cygwin/bin/getconf.exe b/cygwin/bin/getconf.exe new file mode 100644 index 0000000..684fa06 Binary files /dev/null and b/cygwin/bin/getconf.exe differ diff --git a/cygwin/bin/getopt.exe b/cygwin/bin/getopt.exe new file mode 100644 index 0000000..67ab98f Binary files /dev/null and b/cygwin/bin/getopt.exe differ diff --git a/cygwin/bin/grep.exe b/cygwin/bin/grep.exe new file mode 100644 index 0000000..1c7a6ea Binary files /dev/null and b/cygwin/bin/grep.exe differ diff --git a/cygwin/bin/gunzip b/cygwin/bin/gunzip new file mode 100644 index 0000000..132327b --- /dev/null +++ b/cygwin/bin/gunzip @@ -0,0 +1,57 @@ +#!/bin/sh +# Uncompress files. This is the inverse of gzip. + +# Copyright (C) 2007, 2010-2023 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +version="gunzip (gzip) 1.13 +Copyright (C) 2023 Free Software Foundation, Inc. +This is free software. You may redistribute copies of it under the terms of +the GNU General Public License . +There is NO WARRANTY, to the extent permitted by law. + +Written by Paul Eggert." + +usage="Usage: $0 [OPTION]... [FILE]... +Uncompress FILEs (by default, in-place). + +Mandatory arguments to long options are mandatory for short options too. + + -c, --stdout write on standard output, keep original files unchanged + -f, --force force overwrite of output file and compress links + -k, --keep keep (don't delete) input files + -l, --list list compressed file contents + -n, --no-name do not save or restore the original name and timestamp + -N, --name save or restore the original name and timestamp + -q, --quiet suppress all warnings + -r, --recursive operate recursively on directories + -S, --suffix=SUF use suffix SUF on compressed files + --synchronous synchronous output (safer if system crashes, but slower) + -t, --test test compressed file integrity + -v, --verbose verbose mode + --help display this help and exit + --version display version information and exit + +With no FILE, or when FILE is -, read standard input. + +Report bugs to ." + +case $1 in +--help) printf '%s\n' "$usage" || exit 1; exit;; +--version) printf '%s\n' "$version" || exit 1; exit;; +esac + +exec gzip -d "$@" diff --git a/cygwin/bin/gzip.exe b/cygwin/bin/gzip.exe new file mode 100644 index 0000000..d2f53f9 Binary files /dev/null and b/cygwin/bin/gzip.exe differ diff --git a/cygwin/bin/head.exe b/cygwin/bin/head.exe new file mode 100644 index 0000000..f7e0fc5 Binary files /dev/null and b/cygwin/bin/head.exe differ diff --git a/cygwin/bin/hostname.exe b/cygwin/bin/hostname.exe new file mode 100644 index 0000000..c6e8d86 Binary files /dev/null and b/cygwin/bin/hostname.exe differ diff --git a/cygwin/bin/id.exe b/cygwin/bin/id.exe new file mode 100644 index 0000000..11a47e9 Binary files /dev/null and b/cygwin/bin/id.exe differ diff --git a/cygwin/bin/install.exe b/cygwin/bin/install.exe new file mode 100644 index 0000000..7ec26ea Binary files /dev/null and b/cygwin/bin/install.exe differ diff --git a/cygwin/bin/kill.exe b/cygwin/bin/kill.exe new file mode 100644 index 0000000..5c389ff Binary files /dev/null and b/cygwin/bin/kill.exe differ diff --git a/cygwin/bin/killall.exe b/cygwin/bin/killall.exe new file mode 100644 index 0000000..644f21b Binary files /dev/null and b/cygwin/bin/killall.exe differ diff --git a/cygwin/bin/ldd.exe b/cygwin/bin/ldd.exe new file mode 100644 index 0000000..eb9e359 Binary files /dev/null and b/cygwin/bin/ldd.exe differ diff --git a/cygwin/bin/ldh.exe b/cygwin/bin/ldh.exe new file mode 100644 index 0000000..63e310d Binary files /dev/null and b/cygwin/bin/ldh.exe differ diff --git a/cygwin/bin/link.exe b/cygwin/bin/link.exe new file mode 100644 index 0000000..4de8b3f Binary files /dev/null and b/cygwin/bin/link.exe differ diff --git a/cygwin/bin/ln.exe b/cygwin/bin/ln.exe new file mode 100644 index 0000000..e95e31b Binary files /dev/null and b/cygwin/bin/ln.exe differ diff --git a/cygwin/bin/look.exe b/cygwin/bin/look.exe new file mode 100644 index 0000000..44dd11c Binary files /dev/null and b/cygwin/bin/look.exe differ diff --git a/cygwin/bin/ls.exe b/cygwin/bin/ls.exe new file mode 100644 index 0000000..f6df870 Binary files /dev/null and b/cygwin/bin/ls.exe differ diff --git a/cygwin/bin/md5sum.exe b/cygwin/bin/md5sum.exe new file mode 100644 index 0000000..0288534 Binary files /dev/null and b/cygwin/bin/md5sum.exe differ diff --git a/cygwin/bin/mkdir.exe b/cygwin/bin/mkdir.exe new file mode 100644 index 0000000..eacdf3d Binary files /dev/null and b/cygwin/bin/mkdir.exe differ diff --git a/cygwin/bin/more.exe b/cygwin/bin/more.exe new file mode 100644 index 0000000..a6ce4ee Binary files /dev/null and b/cygwin/bin/more.exe differ diff --git a/cygwin/bin/mount.exe b/cygwin/bin/mount.exe new file mode 100644 index 0000000..6a4cd65 Binary files /dev/null and b/cygwin/bin/mount.exe differ diff --git a/cygwin/bin/mv.exe b/cygwin/bin/mv.exe new file mode 100644 index 0000000..afa0878 Binary files /dev/null and b/cygwin/bin/mv.exe differ diff --git a/cygwin/bin/nano.exe b/cygwin/bin/nano.exe new file mode 100644 index 0000000..5a8312f Binary files /dev/null and b/cygwin/bin/nano.exe differ diff --git a/cygwin/bin/nc.exe b/cygwin/bin/nc.exe new file mode 100644 index 0000000..5642dde Binary files /dev/null and b/cygwin/bin/nc.exe differ diff --git a/cygwin/bin/nice.exe b/cygwin/bin/nice.exe new file mode 100644 index 0000000..d06e0e1 Binary files /dev/null and b/cygwin/bin/nice.exe differ diff --git a/cygwin/bin/nl.exe b/cygwin/bin/nl.exe new file mode 100644 index 0000000..cd47632 Binary files /dev/null and b/cygwin/bin/nl.exe differ diff --git a/cygwin/bin/pgrep.exe b/cygwin/bin/pgrep.exe new file mode 100644 index 0000000..65e0b6e Binary files /dev/null and b/cygwin/bin/pgrep.exe differ diff --git a/cygwin/bin/pidof.exe b/cygwin/bin/pidof.exe new file mode 100644 index 0000000..bb58289 Binary files /dev/null and b/cygwin/bin/pidof.exe differ diff --git a/cygwin/bin/pkill.exe b/cygwin/bin/pkill.exe new file mode 100644 index 0000000..590bf0e Binary files /dev/null and b/cygwin/bin/pkill.exe differ diff --git a/cygwin/bin/printenv.exe b/cygwin/bin/printenv.exe new file mode 100644 index 0000000..c915246 Binary files /dev/null and b/cygwin/bin/printenv.exe differ diff --git a/cygwin/bin/printf.exe b/cygwin/bin/printf.exe new file mode 100644 index 0000000..bd9ade8 Binary files /dev/null and b/cygwin/bin/printf.exe differ diff --git a/cygwin/bin/ps.exe b/cygwin/bin/ps.exe new file mode 100644 index 0000000..bc0f6de Binary files /dev/null and b/cygwin/bin/ps.exe differ diff --git a/cygwin/bin/pwd.exe b/cygwin/bin/pwd.exe new file mode 100644 index 0000000..b3cab91 Binary files /dev/null and b/cygwin/bin/pwd.exe differ diff --git a/cygwin/bin/readlink.exe b/cygwin/bin/readlink.exe new file mode 100644 index 0000000..ff50244 Binary files /dev/null and b/cygwin/bin/readlink.exe differ diff --git a/cygwin/bin/realpath.exe b/cygwin/bin/realpath.exe new file mode 100644 index 0000000..c22726b Binary files /dev/null and b/cygwin/bin/realpath.exe differ diff --git a/cygwin/bin/renice.exe b/cygwin/bin/renice.exe new file mode 100644 index 0000000..f3be0fe Binary files /dev/null and b/cygwin/bin/renice.exe differ diff --git a/cygwin/bin/rm.exe b/cygwin/bin/rm.exe new file mode 100644 index 0000000..a169e4e Binary files /dev/null and b/cygwin/bin/rm.exe differ diff --git a/cygwin/bin/rmdir.exe b/cygwin/bin/rmdir.exe new file mode 100644 index 0000000..34723eb Binary files /dev/null and b/cygwin/bin/rmdir.exe differ diff --git a/cygwin/bin/sed.exe b/cygwin/bin/sed.exe new file mode 100644 index 0000000..bd4dd3c Binary files /dev/null and b/cygwin/bin/sed.exe differ diff --git a/cygwin/bin/seq.exe b/cygwin/bin/seq.exe new file mode 100644 index 0000000..8c07655 Binary files /dev/null and b/cygwin/bin/seq.exe differ diff --git a/cygwin/bin/sh.exe b/cygwin/bin/sh.exe new file mode 100644 index 0000000..e2b4728 Binary files /dev/null and b/cygwin/bin/sh.exe differ diff --git a/cygwin/bin/sha1sum.exe b/cygwin/bin/sha1sum.exe new file mode 100644 index 0000000..6d298df Binary files /dev/null and b/cygwin/bin/sha1sum.exe differ diff --git a/cygwin/bin/sha224sum.exe b/cygwin/bin/sha224sum.exe new file mode 100644 index 0000000..2de7dc5 Binary files /dev/null and b/cygwin/bin/sha224sum.exe differ diff --git a/cygwin/bin/sha256sum.exe b/cygwin/bin/sha256sum.exe new file mode 100644 index 0000000..6c0d8af Binary files /dev/null and b/cygwin/bin/sha256sum.exe differ diff --git a/cygwin/bin/sha384sum.exe b/cygwin/bin/sha384sum.exe new file mode 100644 index 0000000..d62c027 Binary files /dev/null and b/cygwin/bin/sha384sum.exe differ diff --git a/cygwin/bin/sha512sum.exe b/cygwin/bin/sha512sum.exe new file mode 100644 index 0000000..f4952bf Binary files /dev/null and b/cygwin/bin/sha512sum.exe differ diff --git a/cygwin/bin/sleep.exe b/cygwin/bin/sleep.exe new file mode 100644 index 0000000..c89368b Binary files /dev/null and b/cygwin/bin/sleep.exe differ diff --git a/cygwin/bin/sort.exe b/cygwin/bin/sort.exe new file mode 100644 index 0000000..2ebc6dd Binary files /dev/null and b/cygwin/bin/sort.exe differ diff --git a/cygwin/bin/stat.exe b/cygwin/bin/stat.exe new file mode 100644 index 0000000..ad5910b Binary files /dev/null and b/cygwin/bin/stat.exe differ diff --git a/cygwin/bin/sync.exe b/cygwin/bin/sync.exe new file mode 100644 index 0000000..6f557a4 Binary files /dev/null and b/cygwin/bin/sync.exe differ diff --git a/cygwin/bin/tac.exe b/cygwin/bin/tac.exe new file mode 100644 index 0000000..36e9135 Binary files /dev/null and b/cygwin/bin/tac.exe differ diff --git a/cygwin/bin/tail.exe b/cygwin/bin/tail.exe new file mode 100644 index 0000000..5fc42d4 Binary files /dev/null and b/cygwin/bin/tail.exe differ diff --git a/cygwin/bin/tar.exe b/cygwin/bin/tar.exe new file mode 100644 index 0000000..8e2fe65 Binary files /dev/null and b/cygwin/bin/tar.exe differ diff --git a/cygwin/bin/tee.exe b/cygwin/bin/tee.exe new file mode 100644 index 0000000..bee9e0a Binary files /dev/null and b/cygwin/bin/tee.exe differ diff --git a/cygwin/bin/test.exe b/cygwin/bin/test.exe new file mode 100644 index 0000000..2e36145 Binary files /dev/null and b/cygwin/bin/test.exe differ diff --git a/cygwin/bin/timeout.exe b/cygwin/bin/timeout.exe new file mode 100644 index 0000000..2d3b76f Binary files /dev/null and b/cygwin/bin/timeout.exe differ diff --git a/cygwin/bin/touch.exe b/cygwin/bin/touch.exe new file mode 100644 index 0000000..888a1dd Binary files /dev/null and b/cygwin/bin/touch.exe differ diff --git a/cygwin/bin/tr.exe b/cygwin/bin/tr.exe new file mode 100644 index 0000000..203bea7 Binary files /dev/null and b/cygwin/bin/tr.exe differ diff --git a/cygwin/bin/true.exe b/cygwin/bin/true.exe new file mode 100644 index 0000000..e5641e2 Binary files /dev/null and b/cygwin/bin/true.exe differ diff --git a/cygwin/bin/truncate.exe b/cygwin/bin/truncate.exe new file mode 100644 index 0000000..77ee592 Binary files /dev/null and b/cygwin/bin/truncate.exe differ diff --git a/cygwin/bin/tset.exe b/cygwin/bin/tset.exe new file mode 100644 index 0000000..a72f3a3 Binary files /dev/null and b/cygwin/bin/tset.exe differ diff --git a/cygwin/bin/tty.exe b/cygwin/bin/tty.exe new file mode 100644 index 0000000..4af995e Binary files /dev/null and b/cygwin/bin/tty.exe differ diff --git a/cygwin/bin/ul.exe b/cygwin/bin/ul.exe new file mode 100644 index 0000000..91088e8 Binary files /dev/null and b/cygwin/bin/ul.exe differ diff --git a/cygwin/bin/umount.exe b/cygwin/bin/umount.exe new file mode 100644 index 0000000..b961045 Binary files /dev/null and b/cygwin/bin/umount.exe differ diff --git a/cygwin/bin/uname.exe b/cygwin/bin/uname.exe new file mode 100644 index 0000000..1994977 Binary files /dev/null and b/cygwin/bin/uname.exe differ diff --git a/cygwin/bin/uniq.exe b/cygwin/bin/uniq.exe new file mode 100644 index 0000000..fdccf8b Binary files /dev/null and b/cygwin/bin/uniq.exe differ diff --git a/cygwin/bin/unix2dos.exe b/cygwin/bin/unix2dos.exe new file mode 100644 index 0000000..4289ce0 Binary files /dev/null and b/cygwin/bin/unix2dos.exe differ diff --git a/cygwin/bin/unzip.exe b/cygwin/bin/unzip.exe new file mode 100644 index 0000000..5722a49 Binary files /dev/null and b/cygwin/bin/unzip.exe differ diff --git a/cygwin/bin/wc.exe b/cygwin/bin/wc.exe new file mode 100644 index 0000000..38c2160 Binary files /dev/null and b/cygwin/bin/wc.exe differ diff --git a/cygwin/bin/which.exe b/cygwin/bin/which.exe new file mode 100644 index 0000000..f644127 Binary files /dev/null and b/cygwin/bin/which.exe differ diff --git a/cygwin/bin/xargs.exe b/cygwin/bin/xargs.exe new file mode 100644 index 0000000..ebf52d4 Binary files /dev/null and b/cygwin/bin/xargs.exe differ diff --git a/cygwin/bin/yes.exe b/cygwin/bin/yes.exe new file mode 100644 index 0000000..999261f Binary files /dev/null and b/cygwin/bin/yes.exe differ diff --git a/cygwin/bin/zcat b/cygwin/bin/zcat new file mode 100644 index 0000000..336343e --- /dev/null +++ b/cygwin/bin/zcat @@ -0,0 +1,51 @@ +#!/bin/sh +# Uncompress files to standard output. + +# Copyright (C) 2007, 2010-2023 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +version="zcat (gzip) 1.13 +Copyright (C) 2023 Free Software Foundation, Inc. +This is free software. You may redistribute copies of it under the terms of +the GNU General Public License . +There is NO WARRANTY, to the extent permitted by law. + +Written by Paul Eggert." + +usage="Usage: $0 [OPTION]... [FILE]... +Uncompress FILEs to standard output. + + -f, --force force; read compressed data even from a terminal + -l, --list list compressed file contents + -q, --quiet suppress all warnings + -r, --recursive operate recursively on directories + -S, --suffix=SUF use suffix SUF on compressed files + --synchronous synchronous output (safer if system crashes, but slower) + -t, --test test compressed file integrity + -v, --verbose verbose mode + --help display this help and exit + --version display version information and exit + +With no FILE, or when FILE is -, read standard input. + +Report bugs to ." + +case $1 in +--help) printf '%s\n' "$usage" || exit 1; exit;; +--version) printf '%s\n' "$version" || exit 1; exit;; +esac + +exec gzip -cd "$@" diff --git a/cygwin/bin/zgrep b/cygwin/bin/zgrep new file mode 100644 index 0000000..2f8f8ca --- /dev/null +++ b/cygwin/bin/zgrep @@ -0,0 +1,285 @@ +#!/bin/sh + +# zgrep -- a wrapper around a grep program that decompresses files as needed +# Adapted from a version sent by Charles Levert + +# Copyright (C) 1998, 2001-2002, 2006-2007, 2009-2023 Free Software Foundation, +# Inc. + +# Copyright (C) 1993 Jean-loup Gailly + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +grep='${GREP-'\''/usr/bin/grep'\''}' +args= + +version='zgrep (gzip) 1.13 +Copyright (C) 2023 Free Software Foundation, Inc. +This is free software. You may redistribute copies of it under the terms of +the GNU General Public License . +There is NO WARRANTY, to the extent permitted by law. + +Written by Jean-loup Gailly.' + +usage="Usage: $0 [OPTION]... [-e] PATTERN [FILE]... +Look for instances of PATTERN in the input FILEs, using their +uncompressed contents if they are compressed. + +OPTIONs are the same as for 'grep', except that the following 'grep' +options are not supported: --dereference-recursive (-R), --directories (-d), +--exclude, --exclude-from, --exclude-dir, --include, --null (-Z), +--null-data (-z), and --recursive (-r). + +Report bugs to ." + +# sed script to escape all ' for the shell, and then (to handle trailing +# newlines correctly) append ' to the last line. +escape=' + s/'\''/'\''\\'\'''\''/g + $s/$/'\''/ +' +operands= +have_pat=0 +files_with_matches=0 +files_without_matches=0 +no_filename=0 +with_filename=0 +pattmp= + +while test $# -ne 0; do + option=$1 + shift + optarg= + + case $option in + (-[0123456789EFGHIKLPRTUVZabchilnoqrsuvwxyz]*[!0123456789]*) + arg2=-\'$(LC_ALL=C expr "X$option" : 'X-.[0-9]*\(.*\)' | + LC_ALL=C sed "$escape") + eval "set -- $arg2 "'${1+"$@"}' + option=$(LC_ALL=C expr "X$option" : 'X\(-.[0-9]*\)');; + (--binary-*=* | --[lm]a*=* | --reg*=*) + ;; + (-[ABCDXdefm] | --binary-* | --file | --[lm]a* | --reg*) + case ${1?"$option option requires an argument"} in + (*\'*) + optarg=" '"$(printf '%s\n' "$1" | LC_ALL=C sed "$escape");; + (*) + optarg=" '$1'";; + esac + shift;; + (-f?*\'*) + optarg=" '"$(LC_ALL=C expr "X$option" : 'X-f\(.*\)' | + LC_ALL=C sed "$escape") + option=-f;; + (-f?*) + optarg=" '"$(LC_ALL=C expr "X$option" : 'X-f\(.*\)')\' + option=-f;; + (--file=*\'*) + optarg=" '"$(LC_ALL=C expr "X$option" : 'X--file=\(.*\)' | + LC_ALL=C sed "$escape") + option=--file;; + (--file=*) + optarg=" '"$(LC_ALL=C expr "X$option" : 'X--file=\(.*\)')\' + option=--file;; + (--) + break;; + (-?*) + ;; + (*) + case $option in + (*\'*) + operands="$operands '"$(printf '%s\n' "$option" | LC_ALL=C sed "$escape") + ;; + (*) + operands="$operands '$option'";; + esac + ${POSIXLY_CORRECT+break} + continue;; + esac + + case $option in + (-[drRzZ] | --di* | --exc* | --inc* | --rec* | --nu*) + printf >&2 '%s: %s: option not supported\n' "$0" "$option" + exit 2;; + (-e* | --reg*) + have_pat=1;; + (-f | --file) + # The pattern is coming from a file rather than the command-line. + # If the file is actually stdin then we need to do a little + # magic, since we use stdin to pass the gzip output to grep. + # Similarly if it is not a regular file, since it might be read repeatedly. + # In either of these two cases, copy the pattern into a temporary file, + # and use that file instead. The pattern might contain null bytes, + # so we cannot simply switch to -e here. + if case $optarg in + (" '-'" | " '/dev/stdin'" | " '/dev/fd/0'") + :;; + (*) + eval "test ! -f$optarg";; + esac + then + if test -n "$pattmp"; then + eval "cat --$optarg" >>"$pattmp" || exit 2 + continue + fi + trap ' + test -n "$pattmp" && rm -f "$pattmp" + (exit 2); exit 2 + ' HUP INT PIPE TERM 0 + case $TMPDIR in + / | /*/) ;; + /*) TMPDIR=$TMPDIR/;; + *) TMPDIR=/tmp/;; + esac + if type mktemp >/dev/null 2>&1; then + pattmp=$(mktemp "${TMPDIR}zgrepXXXXXXXXX") || exit 2 + else + set -C + pattmp=${TMPDIR}zgrep$$ + fi + eval "cat --$optarg" >"$pattmp" || exit 2 + optarg=' "$pattmp"' + fi + have_pat=1;; + (--h | --he | --hel | --help) + printf '%s\n' "$usage" || exit 2 + exit;; + (-H | --wi | --wit | --with | --with- | --with-f | --with-fi \ + | --with-fil | --with-file | --with-filen | --with-filena | --with-filenam \ + | --with-filename) + with_filename=1 + continue;; + (-l | --files-with-*) + files_with_matches=1;; + (-L | --files-witho*) + files_without_matches=1;; + (-h | --no-f*) + no_filename=1;; + (-V | --v | --ve | --ver | --vers | --versi | --versio | --version) + printf '%s\n' "$version" || exit 2 + exit;; + esac + + case $option in + (*\'?*) + option=\'$(printf '%s\n' "$option" | LC_ALL=C sed "$escape");; + (*) + option="'$option'";; + esac + + args="$args $option$optarg" +done + +eval "set -- $operands "'${1+"$@"}' + +if test $have_pat -eq 0; then + case ${1?"missing pattern; try \`$0 --help' for help"} in + (*\'*) + args="$args -- '"$(printf '%s\n' "$1" | LC_ALL=C sed "$escape");; + (*) + args="$args -- '$1'";; + esac + shift +fi + +if test $# -eq 0; then + set -- - +elif test 1 -lt $# && test $no_filename -eq 0; then + with_filename=1 +fi + +l_e=$(eval "(echo e | $grep -H --label=l e) 2>/dev/null") && test "$l_e" = l:e +gnuish_grep="test $? -eq 0" +if $gnuish_grep && test $with_filename -eq 1; then + grep="$grep -H" +fi + +exec 3>&1 +res=1 + +for i +do + # Fail if gzip or grep (or sed) fails. + gzip_status=$( + exec 5>&1 + (gzip -cdfq -- "$i" 5>&-; echo $? >&5) 3>&- | + if test $files_with_matches -eq 1; then + eval "$grep$args" >/dev/null && { printf '%s\n' "$i" || exit 2; } + elif test $files_without_matches -eq 1; then + eval "$grep$args" >/dev/null || { + r=$? + if test $r -eq 1; then + printf '%s\n' "$i" || r=2 + fi + test 256 -le $r && r=$(expr 128 + $r % 128) + exit $r + } + elif $gnuish_grep && test "$i" != -; then + eval "$grep --label \"\$i\"$args" + elif $gnuish_grep || test $with_filename -eq 0; then + eval "$grep$args" + else + case $i in + (*' +'* | *'&'* | *'\'* | *'|'*) + icolon=$(printf '%s\n' "$i:" | + LC_ALL=C sed -e 's/[&\|]/\\&/g' -e '$!s/$/\\/') || + icolon='(unknown filename):';; + (*) icolon="$i:";; + esac + sed_script="s|^|$icolon|" + + # Fail if grep or sed fails. + r=$( + exec 4>&1 + (eval "$grep$args" 4>&-; echo $? >&4) 3>&- | + LC_ALL=C sed "$sed_script" >&3 4>&- + ) || { r=$?; test $r -lt 2 && r=2; } + test 256 -le $r && r=$(expr 128 + $r % 128) + exit $r + fi >&3 5>&- + ) + r=$? + + # Ignore gzip status 2 or 141, as it is just a warning or broken pipe. + # gzip status 1 is an error, like grep status 2. + { test $gzip_status -eq 2 || test $gzip_status -eq 141; } && gzip_status=0 + test $gzip_status -eq 1 && gzip_status=2 + + # Use the more serious of the grep and gzip statuses. + test $r -lt $gzip_status && r=$gzip_status + + # Accumulate the greatest status, except consider 0 to be greater than 1. + if test $r -le 1 && test $res -le 1; then + test $r -lt $res + else + test $res -lt $r + fi && res=$r + + # Exit immediately on a serious error. + test 126 -le $res && break +done + +if test -n "$pattmp"; then + rm -f "$pattmp" || { + r=$? + test $r -lt 2 && r=2 + test $res -lt $r && res=$r + } + trap - HUP INT PIPE TERM 0 +fi + +test 128 -le $res && kill -$(expr $res % 128) $$ +exit $res diff --git a/cygwin/bin/zip.exe b/cygwin/bin/zip.exe new file mode 100644 index 0000000..9665c63 Binary files /dev/null and b/cygwin/bin/zip.exe differ diff --git a/cygwin/cygwin-admin.cmd b/cygwin/cygwin-admin.cmd new file mode 100644 index 0000000..b93c3cf --- /dev/null +++ b/cygwin/cygwin-admin.cmd @@ -0,0 +1,3 @@ +@echo off +set TERM= +cd /d "%~dp0bin" && "%~dp0..\tools\elevator" .\bash --login -i diff --git a/cygwin/cygwin.cmd b/cygwin/cygwin.cmd new file mode 100644 index 0000000..c1b00ea --- /dev/null +++ b/cygwin/cygwin.cmd @@ -0,0 +1,3 @@ +@echo off +set TERM= +cd /d "%~dp0bin" && .\bash --login -i diff --git a/cygwin/dev/mqueue/.gitkeep b/cygwin/dev/mqueue/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/dev/shm/.gitkeep b/cygwin/dev/shm/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/etc/DIR_COLORS b/cygwin/etc/DIR_COLORS new file mode 100644 index 0000000..ba91ac4 --- /dev/null +++ b/cygwin/etc/DIR_COLORS @@ -0,0 +1,223 @@ +# Coreutils version coreutils-9.0 +# If you do not modify this file, it will be updated when you upgrade +# coreutils, using the contents of /etc/defaults/etc/DIR_COLORS. Feel +# free to modify this file, at which point coreutils will leave it alone. +# +# For this file to be useful, you will need a line like this in your +# shell configuration file, such as ~/.bashrc: +# +# alias ls='ls --color=auto' +# +# If you want to use a variant of this file in your home directory, +# then you can add something like this to your ~/.bashrc: +# +# eval "`dircolors -b /path/to/DIR_COLORS`" +# +# Configuration file for dircolors, a utility to help you set the +# LS_COLORS environment variable used by GNU ls with the --color option. + +# Copyright (C) 1996-2021 Free Software Foundation, Inc. +# Copying and distribution of this file, with or without modification, +# are permitted provided the copyright notice and this notice are preserved. + +# The keywords COLOR, OPTIONS, and EIGHTBIT (honored by the +# slackware version of dircolors) are recognized but ignored. + +# Below are TERM entries, which can be a glob patterns, to match +# against the TERM environment variable to determine if it is colorizable. +TERM Eterm +TERM ansi +TERM *color* +TERM con[0-9]*x[0-9]* +TERM cons25 +TERM console +TERM cygwin +TERM *direct* +TERM dtterm +TERM gnome +TERM hurd +TERM jfbterm +TERM konsole +TERM kterm +TERM linux +TERM linux-c +TERM mlterm +TERM putty +TERM rxvt* +TERM screen* +TERM st +TERM terminator +TERM tmux* +TERM vt100 +TERM xterm* + +# Below are the color init strings for the basic file types. +# One can use codes for 256 or more colors supported by modern terminals. +# The default color codes use the capabilities of an 8 color terminal +# with some additional attributes as per the following codes: +# Attribute codes: +# 00=none 01=bold 04=underscore 05=blink 07=reverse 08=concealed +# Text color codes: +# 30=black 31=red 32=green 33=yellow 34=blue 35=magenta 36=cyan 37=white +# Background color codes: +# 40=black 41=red 42=green 43=yellow 44=blue 45=magenta 46=cyan 47=white +#NORMAL 00 # no color code at all +#FILE 00 # regular file: use no color at all +RESET 0 # reset to "normal" color +DIR 01;34 # directory +LINK 01;36 # symbolic link. (If you set this to 'target' instead of a + # numerical value, the color is as for the file pointed to.) +MULTIHARDLINK 00 # regular file with more than one link +FIFO 40;33 # pipe +SOCK 01;35 # socket +DOOR 01;35 # door +BLK 40;33;01 # block device driver +CHR 40;33;01 # character device driver +ORPHAN 40;31;01 # symlink to nonexistent file, or non-stat'able file ... +MISSING 00 # ... and the files they point to +SETUID 37;41 # file that is setuid (u+s) +SETGID 30;43 # file that is setgid (g+s) +CAPABILITY 30;41 # file with capability +STICKY_OTHER_WRITABLE 30;42 # dir that is sticky and other-writable (+t,o+w) +OTHER_WRITABLE 34;42 # dir that is other-writable (o+w) and not sticky +STICKY 37;44 # dir with the sticky bit set (+t) and not other-writable + +# This is for files with execute permission: +EXEC 01;32 + +# List any file extensions like '.gz' or '.tar' that you would like ls +# to colorize below. Put the extension, a space, and the color init string. +# (and any comments you want to add after a '#') + +# If you use DOS-style suffixes, you may want to uncomment the following: +#.cmd 01;32 # executables (bright green) +#.exe 01;32 +#.com 01;32 +#.btm 01;32 +#.bat 01;32 +# Or if you want to colorize scripts even if they do not have the +# executable bit actually set. +#.sh 01;32 +#.csh 01;32 + + # archives or compressed (bright red) +.tar 01;31 +.tgz 01;31 +.arc 01;31 +.arj 01;31 +.taz 01;31 +.lha 01;31 +.lz4 01;31 +.lzh 01;31 +.lzma 01;31 +.tlz 01;31 +.txz 01;31 +.tzo 01;31 +.t7z 01;31 +.zip 01;31 +.z 01;31 +.dz 01;31 +.gz 01;31 +.lrz 01;31 +.lz 01;31 +.lzo 01;31 +.xz 01;31 +.zst 01;31 +.tzst 01;31 +.bz2 01;31 +.bz 01;31 +.tbz 01;31 +.tbz2 01;31 +.tz 01;31 +.deb 01;31 +.rpm 01;31 +.jar 01;31 +.war 01;31 +.ear 01;31 +.sar 01;31 +.rar 01;31 +.alz 01;31 +.ace 01;31 +.zoo 01;31 +.cpio 01;31 +.7z 01;31 +.rz 01;31 +.cab 01;31 +.wim 01;31 +.swm 01;31 +.dwm 01;31 +.esd 01;31 + +# image formats +.jpg 01;35 +.jpeg 01;35 +.mjpg 01;35 +.mjpeg 01;35 +.gif 01;35 +.bmp 01;35 +.pbm 01;35 +.pgm 01;35 +.ppm 01;35 +.tga 01;35 +.xbm 01;35 +.xpm 01;35 +.tif 01;35 +.tiff 01;35 +.png 01;35 +.svg 01;35 +.svgz 01;35 +.mng 01;35 +.pcx 01;35 +.mov 01;35 +.mpg 01;35 +.mpeg 01;35 +.m2v 01;35 +.mkv 01;35 +.webm 01;35 +.webp 01;35 +.ogm 01;35 +.mp4 01;35 +.m4v 01;35 +.mp4v 01;35 +.vob 01;35 +.qt 01;35 +.nuv 01;35 +.wmv 01;35 +.asf 01;35 +.rm 01;35 +.rmvb 01;35 +.flc 01;35 +.avi 01;35 +.fli 01;35 +.flv 01;35 +.gl 01;35 +.dl 01;35 +.xcf 01;35 +.xwd 01;35 +.yuv 01;35 +.cgm 01;35 +.emf 01;35 + +# https://wiki.xiph.org/MIME_Types_and_File_Extensions +.ogv 01;35 +.ogx 01;35 + +# audio formats +.aac 00;36 +.au 00;36 +.flac 00;36 +.m4a 00;36 +.mid 00;36 +.midi 00;36 +.mka 00;36 +.mp3 00;36 +.mpc 00;36 +.ogg 00;36 +.ra 00;36 +.wav 00;36 + +# https://wiki.xiph.org/MIME_Types_and_File_Extensions +.oga 00;36 +.opus 00;36 +.spx 00;36 +.xspf 00;36 diff --git a/cygwin/etc/bash.bash_logout b/cygwin/etc/bash.bash_logout new file mode 100644 index 0000000..c4b5f9a --- /dev/null +++ b/cygwin/etc/bash.bash_logout @@ -0,0 +1,23 @@ +# To the extent possible under law, the author(s) have dedicated all +# copyright and related and neighboring rights to this software to the +# public domain worldwide. This software is distributed without any warranty. +# You should have received a copy of the CC0 Public Domain Dedication along +# with this software. +# If not, see . + +# base-files version 4.3-3 + +# /etc/bash.bash_logout: executed by bash(1) when login shell exits. + +# The latest version as installed by the Cygwin Setup program can +# always be found at /etc/defaults/etc/bash.bash_logout + +# Modifying /etc/bash.bash_logout directly will prevent +# setup from updating it. + +# System-wide bashrc file + +# when leaving the console clear the screen to increase privacy +if [ "$SHLVL" = 1 ]; then + [ -x /usr/bin/clear ] && /usr/bin/clear +fi diff --git a/cygwin/etc/bash.bashrc b/cygwin/etc/bash.bashrc new file mode 100644 index 0000000..c6eacb7 --- /dev/null +++ b/cygwin/etc/bash.bashrc @@ -0,0 +1,63 @@ +# To the extent possible under law, the author(s) have dedicated all +# copyright and related and neighboring rights to this software to the +# public domain worldwide. This software is distributed without any warranty. +# You should have received a copy of the CC0 Public Domain Dedication along +# with this software. +# If not, see . + +# base-files version 4.3-3 + +# /etc/bash.bashrc: executed by bash(1) for interactive shells. + +# The latest version as installed by the Cygwin Setup program can +# always be found at /etc/defaults/etc/bash.bashrc + +# Modifying /etc/bash.bashrc directly will prevent +# setup from updating it. + +# System-wide bashrc file + +# Check that we haven't already been sourced. +[[ -z ${CYG_SYS_BASHRC} ]] && CYG_SYS_BASHRC="1" || return + +fix_path() +{ + local IFS=':' + for p in $PATH; do + [ "$p" = /usr/local/bin ] && return + done + export PATH="/usr/local/bin:/usr/bin:$PATH" +} + +fix_path + +# If not running interactively, don't do anything +[[ "$-" != *i* ]] && return + +# Exclude *dlls from TAB expansion +export EXECIGNORE="*.dll" + +# Set a default prompt of: user@host and current_directory +PS1='\[\e]0;\w\a\]\n\[\e[32m\]\u@\h \[\e[33m\]\w\[\e[0m\]\n\$ ' + +# Uncomment to use the terminal colours set in DIR_COLORS +# eval "$(dircolors -b /etc/DIR_COLORS)" + +export LANG=en_US.UTF-8 +HISTSIZE=1000 +HISTFILESIZE=0 +alias ls='ls --color=auto' +alias ll="ls -la" + +CYGROOT="$(cygpath -am /)" +BUNDLE_ROOT="$(cygpath -am "$CYGROOT/..")" +alias winws="'$BUNDLE_ROOT/blockcheck/zapret/nfq/winws'" +alias winws2="'$BUNDLE_ROOT/blockcheck/zapret2/nfq2/winws2'" +alias winws2-antidpi="'$BUNDLE_ROOT/blockcheck/zapret2/nfq2/winws2' --lua-init='@$BUNDLE_ROOT/blockcheck/zapret2/lua/zapret-lib.lua' --lua-init='@$BUNDLE_ROOT/blockcheck/zapret2/lua/zapret-antidpi.lua' --lua-init='@$BUNDLE_ROOT/blockcheck/zapret2/lua/zapret-auto.lua'" +alias mdig="'$BUNDLE_ROOT/blockcheck/zapret/mdig/mdig'" +alias ip2net="'$BUNDLE_ROOT/blockcheck/zapret/ip2net/ip2net'" +alias blockcheck="'$BUNDLE_ROOT/blockcheck/zapret/blockcheck.sh'" +alias blockcheck-kyber="CURL=curl-kyber '$BUNDLE_ROOT/blockcheck/zapret/blockcheck.sh'" +alias blockcheck2="'$BUNDLE_ROOT/blockcheck/zapret2/blockcheck2.sh'" +alias blockcheck2-kyber="CURL=curl-kyber '$BUNDLE_ROOT/blockcheck/zapret2/blockcheck2.sh'" +alias diff --git a/cygwin/etc/defaults/etc/DIR_COLORS b/cygwin/etc/defaults/etc/DIR_COLORS new file mode 100644 index 0000000..ba91ac4 --- /dev/null +++ b/cygwin/etc/defaults/etc/DIR_COLORS @@ -0,0 +1,223 @@ +# Coreutils version coreutils-9.0 +# If you do not modify this file, it will be updated when you upgrade +# coreutils, using the contents of /etc/defaults/etc/DIR_COLORS. Feel +# free to modify this file, at which point coreutils will leave it alone. +# +# For this file to be useful, you will need a line like this in your +# shell configuration file, such as ~/.bashrc: +# +# alias ls='ls --color=auto' +# +# If you want to use a variant of this file in your home directory, +# then you can add something like this to your ~/.bashrc: +# +# eval "`dircolors -b /path/to/DIR_COLORS`" +# +# Configuration file for dircolors, a utility to help you set the +# LS_COLORS environment variable used by GNU ls with the --color option. + +# Copyright (C) 1996-2021 Free Software Foundation, Inc. +# Copying and distribution of this file, with or without modification, +# are permitted provided the copyright notice and this notice are preserved. + +# The keywords COLOR, OPTIONS, and EIGHTBIT (honored by the +# slackware version of dircolors) are recognized but ignored. + +# Below are TERM entries, which can be a glob patterns, to match +# against the TERM environment variable to determine if it is colorizable. +TERM Eterm +TERM ansi +TERM *color* +TERM con[0-9]*x[0-9]* +TERM cons25 +TERM console +TERM cygwin +TERM *direct* +TERM dtterm +TERM gnome +TERM hurd +TERM jfbterm +TERM konsole +TERM kterm +TERM linux +TERM linux-c +TERM mlterm +TERM putty +TERM rxvt* +TERM screen* +TERM st +TERM terminator +TERM tmux* +TERM vt100 +TERM xterm* + +# Below are the color init strings for the basic file types. +# One can use codes for 256 or more colors supported by modern terminals. +# The default color codes use the capabilities of an 8 color terminal +# with some additional attributes as per the following codes: +# Attribute codes: +# 00=none 01=bold 04=underscore 05=blink 07=reverse 08=concealed +# Text color codes: +# 30=black 31=red 32=green 33=yellow 34=blue 35=magenta 36=cyan 37=white +# Background color codes: +# 40=black 41=red 42=green 43=yellow 44=blue 45=magenta 46=cyan 47=white +#NORMAL 00 # no color code at all +#FILE 00 # regular file: use no color at all +RESET 0 # reset to "normal" color +DIR 01;34 # directory +LINK 01;36 # symbolic link. (If you set this to 'target' instead of a + # numerical value, the color is as for the file pointed to.) +MULTIHARDLINK 00 # regular file with more than one link +FIFO 40;33 # pipe +SOCK 01;35 # socket +DOOR 01;35 # door +BLK 40;33;01 # block device driver +CHR 40;33;01 # character device driver +ORPHAN 40;31;01 # symlink to nonexistent file, or non-stat'able file ... +MISSING 00 # ... and the files they point to +SETUID 37;41 # file that is setuid (u+s) +SETGID 30;43 # file that is setgid (g+s) +CAPABILITY 30;41 # file with capability +STICKY_OTHER_WRITABLE 30;42 # dir that is sticky and other-writable (+t,o+w) +OTHER_WRITABLE 34;42 # dir that is other-writable (o+w) and not sticky +STICKY 37;44 # dir with the sticky bit set (+t) and not other-writable + +# This is for files with execute permission: +EXEC 01;32 + +# List any file extensions like '.gz' or '.tar' that you would like ls +# to colorize below. Put the extension, a space, and the color init string. +# (and any comments you want to add after a '#') + +# If you use DOS-style suffixes, you may want to uncomment the following: +#.cmd 01;32 # executables (bright green) +#.exe 01;32 +#.com 01;32 +#.btm 01;32 +#.bat 01;32 +# Or if you want to colorize scripts even if they do not have the +# executable bit actually set. +#.sh 01;32 +#.csh 01;32 + + # archives or compressed (bright red) +.tar 01;31 +.tgz 01;31 +.arc 01;31 +.arj 01;31 +.taz 01;31 +.lha 01;31 +.lz4 01;31 +.lzh 01;31 +.lzma 01;31 +.tlz 01;31 +.txz 01;31 +.tzo 01;31 +.t7z 01;31 +.zip 01;31 +.z 01;31 +.dz 01;31 +.gz 01;31 +.lrz 01;31 +.lz 01;31 +.lzo 01;31 +.xz 01;31 +.zst 01;31 +.tzst 01;31 +.bz2 01;31 +.bz 01;31 +.tbz 01;31 +.tbz2 01;31 +.tz 01;31 +.deb 01;31 +.rpm 01;31 +.jar 01;31 +.war 01;31 +.ear 01;31 +.sar 01;31 +.rar 01;31 +.alz 01;31 +.ace 01;31 +.zoo 01;31 +.cpio 01;31 +.7z 01;31 +.rz 01;31 +.cab 01;31 +.wim 01;31 +.swm 01;31 +.dwm 01;31 +.esd 01;31 + +# image formats +.jpg 01;35 +.jpeg 01;35 +.mjpg 01;35 +.mjpeg 01;35 +.gif 01;35 +.bmp 01;35 +.pbm 01;35 +.pgm 01;35 +.ppm 01;35 +.tga 01;35 +.xbm 01;35 +.xpm 01;35 +.tif 01;35 +.tiff 01;35 +.png 01;35 +.svg 01;35 +.svgz 01;35 +.mng 01;35 +.pcx 01;35 +.mov 01;35 +.mpg 01;35 +.mpeg 01;35 +.m2v 01;35 +.mkv 01;35 +.webm 01;35 +.webp 01;35 +.ogm 01;35 +.mp4 01;35 +.m4v 01;35 +.mp4v 01;35 +.vob 01;35 +.qt 01;35 +.nuv 01;35 +.wmv 01;35 +.asf 01;35 +.rm 01;35 +.rmvb 01;35 +.flc 01;35 +.avi 01;35 +.fli 01;35 +.flv 01;35 +.gl 01;35 +.dl 01;35 +.xcf 01;35 +.xwd 01;35 +.yuv 01;35 +.cgm 01;35 +.emf 01;35 + +# https://wiki.xiph.org/MIME_Types_and_File_Extensions +.ogv 01;35 +.ogx 01;35 + +# audio formats +.aac 00;36 +.au 00;36 +.flac 00;36 +.m4a 00;36 +.mid 00;36 +.midi 00;36 +.mka 00;36 +.mp3 00;36 +.mpc 00;36 +.ogg 00;36 +.ra 00;36 +.wav 00;36 + +# https://wiki.xiph.org/MIME_Types_and_File_Extensions +.oga 00;36 +.opus 00;36 +.spx 00;36 +.xspf 00;36 diff --git a/cygwin/etc/defaults/etc/bash.bash_logout b/cygwin/etc/defaults/etc/bash.bash_logout new file mode 100644 index 0000000..c4b5f9a --- /dev/null +++ b/cygwin/etc/defaults/etc/bash.bash_logout @@ -0,0 +1,23 @@ +# To the extent possible under law, the author(s) have dedicated all +# copyright and related and neighboring rights to this software to the +# public domain worldwide. This software is distributed without any warranty. +# You should have received a copy of the CC0 Public Domain Dedication along +# with this software. +# If not, see . + +# base-files version 4.3-3 + +# /etc/bash.bash_logout: executed by bash(1) when login shell exits. + +# The latest version as installed by the Cygwin Setup program can +# always be found at /etc/defaults/etc/bash.bash_logout + +# Modifying /etc/bash.bash_logout directly will prevent +# setup from updating it. + +# System-wide bashrc file + +# when leaving the console clear the screen to increase privacy +if [ "$SHLVL" = 1 ]; then + [ -x /usr/bin/clear ] && /usr/bin/clear +fi diff --git a/cygwin/etc/defaults/etc/bash.bashrc b/cygwin/etc/defaults/etc/bash.bashrc new file mode 100644 index 0000000..9b100f9 --- /dev/null +++ b/cygwin/etc/defaults/etc/bash.bashrc @@ -0,0 +1,33 @@ +# To the extent possible under law, the author(s) have dedicated all +# copyright and related and neighboring rights to this software to the +# public domain worldwide. This software is distributed without any warranty. +# You should have received a copy of the CC0 Public Domain Dedication along +# with this software. +# If not, see . + +# base-files version 4.3-3 + +# /etc/bash.bashrc: executed by bash(1) for interactive shells. + +# The latest version as installed by the Cygwin Setup program can +# always be found at /etc/defaults/etc/bash.bashrc + +# Modifying /etc/bash.bashrc directly will prevent +# setup from updating it. + +# System-wide bashrc file + +# Check that we haven't already been sourced. +[[ -z ${CYG_SYS_BASHRC} ]] && CYG_SYS_BASHRC="1" || return + +# If not running interactively, don't do anything +[[ "$-" != *i* ]] && return + +# Exclude *dlls from TAB expansion +export EXECIGNORE="*.dll" + +# Set a default prompt of: user@host and current_directory +PS1='\[\e]0;\w\a\]\n\[\e[32m\]\u@\h \[\e[33m\]\w\[\e[0m\]\n\$ ' + +# Uncomment to use the terminal colours set in DIR_COLORS +# eval "$(dircolors -b /etc/DIR_COLORS)" diff --git a/cygwin/etc/defaults/etc/cygserver.conf b/cygwin/etc/defaults/etc/cygserver.conf new file mode 100644 index 0000000..51cb58c --- /dev/null +++ b/cygwin/etc/defaults/etc/cygserver.conf @@ -0,0 +1,147 @@ +# cygserver.conf +# +# Contains configurable parameters for the cygserver. +# +# The format of this file is easy. Lines beginning with a hash `#' are +# comments and ignored. Lines consisting of only whitespaces are ignored. +# Any other line is a setting for cygserver. +# A setting consists of a name/value pair, separated by whitespace. +# Each line must only consist of one name/value pair. +# Lines must not be longer than 1023 characters. +# +# Some settings can be overridden by a command line switch. If so, it's +# mentioned below. +# +# Settings which are commented out will use the default values. These are +# mentioned below, too. + +# kern.srv.cleanup_threads: No. of cygserver threads used for cleanup tasks. +# Default: 2, Min: 1, Max: 16, command line option -c, --cleanup-threads +#kern.srv.cleanup_threads 2 + +# kern.srv.request_threads: No. of cygserver threads used to serve +# application requests. +# Default: 10, Min: 1, Max: 310, command line option -r, --request-threads +#kern.srv.request_threads 10 + +# kern.srv.process_cache_size: No. of concurrent processes which can be handled +# by Cygserver concurrently. +# Default: 62, Min: 1, Max: 310, command line option -p, --process-cache +#kern.srv.process_cache_size 62 + +# kern.srv.msgqueues: Determines whether XSI Message Queue support should be +# started, "yes" (or "true", "y", "t", "1") or "no" (or "false", "n", "f", "0"). +# These values are valid for all binary type options. +# Default is "yes". Command line option -q, --no-msgqueues +#kern.srv.msgqueues yes + +# kern.srv.semaphores: Determines whether XSI Semaphore support should be +# started. Default is "yes". Command line option -s, --no-semaphores +#kern.srv.semaphores yes + +# kern.srv.sharedmem: Determines whether XSI Shared Memory support should be +# started. Default is "yes". Command line option -m, --no-sharedmem +#kern.srv.sharedmem yes + +# LOGGING + +# kern.log.syslog: Determines whether logging should go to the syslog, +# Default is "yes", if stderr is no tty, "no" otherwise. +# Command line option -y, --syslog or -Y, --no-syslog. +#kern.log.syslog no + +# kern.log.stderr: Determines whether logging should go to stderr, +# Default is "yes", if stderr is a tty, "no" otherwise. +# Command line option -e, --stderr or -E, --no-stderr. +#kern.log.stderr no + +# kern.log.level: Logging level. Valid values are 1 to 7 with a bigger +# value emitting more logging output. Default level is 6. +# Command line option -l, --log-level. +#kern.log.level 6 + +# kern.log.debug: Determines whether debug output should be printed to stderr. +# Default is "no". Command line option -d, --debug +#kern.log.debug no + +# XSI message queue parameters. +# +# Each message is broken up and stored in segments that are msgssz bytes +# long. For efficiency reasons, this should be a power of two. Also, +# it doesn't make sense if it is less than 8 or greater than about 256. + +# kern.ipc.msgseg: Maximum no. of message queue segments hold concurrently. +# Default: 2048, Min: 256, Max: 65535 +#kern.ipc.msgseg 2048 + +# kern.ipc.msgssz: Size of segment in bytes. Must be a power of 2 value. +# Default: 8, Min: 8, Max: 1024 +#kern.ipc.msgssz 8 + +# kern.ipc.msgmnb: Maximum no. of bytes in a single message queue. +# Default: 2048, Min: 1, Max: 65535 +#kern.ipc.msgmnb 2048 + +# kern.ipc.msgmni: Maximum no. of message queue identifiers hold concurrently. +# Default: 40, Min: 1, Max: 1024 +#kern.ipc.msgmni 40 + +# kern.ipc.msgtql: Maximum no. of messages hold concurrently. +# Default: 40, Min: 1, Max: 1024 +#kern.ipc.msgtql 40 + +# XSI semaphore parameters + +# kern.ipc.semmni: Maximum no. of semaphore identifiers hold concurrently. +# Default: 10, Min: 1, Max: 1024 +#kern.ipc.semmni 10 + +# kern.ipc.semmns: Maximum no. of semaphores hold concurrently. +# Default: 60, Min: 1, Max: 1024 +#kern.ipc.semmns 60 + +# kern.ipc.semmnu: Total no. of undo structures hold by server. +# Default: 30, Min: 1, Max: 1024 +#kern.ipc.semmnu 30 + +# kern.ipc.semmsl: Maximum no. of semaphores per semaphore id. +# Default: 60, Min: 1, Max: 1024 +#kern.ipc.semmsl 60 + +# kern.ipc.semopm: Maximum no. of operations per semop call. +# Default: 100, Min: 1, Max: 1024 +#kern.ipc.semopm 100 + +# kern.ipc.semume: Maximum no. of undo entries per process. +# Default: 10, Min: 1, Max: 1024 +#kern.ipc.semume 10 + +# kern.ipc.semvmx: Maximum value of a semaphore. +# Default: 32767, Min: 1, Max: 32767 +#kern.ipc.semvmx 32767 + +# kern.ipc.semaem: Maximum value to adjust on process exit. +# Default: 16384, Min: 1, Max: 32767 +#kern.ipc.semaem 16384 + +# XSI shared memory parameters + +# kern.ipc.shmmaxpgs: Maximum pages available for XSI shared memory. +# Changing shmmaxpgs immediately affects setting SHMMAX. The relation +# between shmmaxpgs and SHMMAX is: SHMMAX = shmmaxpgs * getpagesize(). +# Default: 8192, Min: 1, Max: 32767 +#kern.ipc.shmmaxpgs 8192 + +# kern.ipc.shmmni: Maximum number of shared memory segments, system wide. +# Default: 192, Min: 1, Max: 32767 +#kern.ipc.shmmni 192 + +# kern.ipc.shmseg: Maximum number of shared memory segments per process. +# Default: 128, Min: 1, Max: 32767 +#kern.ipc.shmseg 128 + +# kern.ipc.shm_allow_removed: Determines whether a process is allowed to +# attach to a shared memory segment (using the shmat call) after a successful +# call to shmctl(IPC_RMID). This is a Linux-specific, and therefore +# non-portable feature. Use with care. Default is "no". +#kern.ipc.shm_allow_removed no diff --git a/cygwin/etc/defaults/etc/man_db.conf b/cygwin/etc/defaults/etc/man_db.conf new file mode 100644 index 0000000..e5a2302 --- /dev/null +++ b/cygwin/etc/defaults/etc/man_db.conf @@ -0,0 +1,132 @@ +# man_db.conf +# +# This file is used by the man-db package to configure the man and cat paths. +# It is also used to provide a manpath for those without one by examining +# their PATH environment variable. For details see the manpath(5) man page. +# +# Lines beginning with `#' are comments and are ignored. Any combination of +# tabs or spaces may be used as `whitespace' separators. +# +# There are three mappings allowed in this file: +# -------------------------------------------------------- +# MANDATORY_MANPATH manpath_element +# MANPATH_MAP path_element manpath_element +# MANDB_MAP global_manpath [relative_catpath] +#--------------------------------------------------------- +# every automatically generated MANPATH includes these fields +# +#MANDATORY_MANPATH /usr/src/pvm3/man +# +MANDATORY_MANPATH /usr/man +MANDATORY_MANPATH /usr/share/man +MANDATORY_MANPATH /usr/local/share/man +#--------------------------------------------------------- +# set up PATH to MANPATH mapping +# ie. what man tree holds man pages for what binary directory. +# +# *PATH* -> *MANPATH* +# +MANPATH_MAP /bin /usr/share/man +MANPATH_MAP /usr/bin /usr/share/man +MANPATH_MAP /sbin /usr/share/man +MANPATH_MAP /usr/sbin /usr/share/man +MANPATH_MAP /usr/local/bin /usr/local/man +MANPATH_MAP /usr/local/bin /usr/local/share/man +MANPATH_MAP /usr/local/sbin /usr/local/man +MANPATH_MAP /usr/local/sbin /usr/local/share/man +MANPATH_MAP /usr/X11R6/bin /usr/X11R6/man +MANPATH_MAP /usr/bin/X11 /usr/X11R6/man +MANPATH_MAP /usr/games /usr/share/man +MANPATH_MAP /opt/bin /opt/man +MANPATH_MAP /opt/sbin /opt/man +#--------------------------------------------------------- +# For a manpath element to be treated as a system manpath (as most of those +# above should normally be), it must be mentioned below. Each line may have +# an optional extra string indicating the catpath associated with the +# manpath. If no catpath string is used, the catpath will default to the +# given manpath. +# +# You *must* provide all system manpaths, including manpaths for alternate +# operating systems, locale specific manpaths, and combinations of both, if +# they exist, otherwise the permissions of the user running man/mandb will +# be used to manipulate the manual pages. Also, mandb will not initialise +# the database cache for any manpaths not mentioned below unless explicitly +# requested to do so. +# +# In a per-user configuration file, this directive only controls the +# location of catpaths and the creation of database caches; it has no effect +# on privileges. +# +# Any manpaths that are subdirectories of other manpaths must be mentioned +# *before* the containing manpath. E.g. /usr/man/preformat must be listed +# before /usr/man. +# +# *MANPATH* -> *CATPATH* +# +MANDB_MAP /usr/man /var/cache/man/fsstnd +MANDB_MAP /usr/share/man /var/cache/man +MANDB_MAP /usr/local/man /var/cache/man/oldlocal +MANDB_MAP /usr/local/share/man /var/cache/man/local +MANDB_MAP /usr/X11R6/man /var/cache/man/X11R6 +MANDB_MAP /opt/man /var/cache/man/opt +MANDB_MAP /snap/man /var/cache/man/snap +# +#--------------------------------------------------------- +# Program definitions. These are commented out by default as the value +# of the definition is already the default. To change: uncomment a +# definition and modify it. +# +#DEFINE pager less +#DEFINE cat cat +#DEFINE tr tr '\255\267\264\327' '\055\157\047\170' +#DEFINE grep grep +#DEFINE troff groff -mandoc +#DEFINE nroff nroff -mandoc +#DEFINE eqn eqn +#DEFINE neqn neqn +#DEFINE tbl tbl +#DEFINE col col +#DEFINE vgrind +#DEFINE refer refer +#DEFINE grap +#DEFINE pic pic -S +# +#DEFINE compressor gzip -c7 +#--------------------------------------------------------- +# Misc definitions: same as program definitions above. +# +#DEFINE whatis_grep_flags -i +#DEFINE apropos_grep_flags -iEw +#DEFINE apropos_regex_grep_flags -iE +#--------------------------------------------------------- +# Section names. Manual sections will be searched in the order listed here; +# the default is 1, n, l, 8, 3, 0, 2, 3type, 5, 4, 9, 6, 7. Multiple SECTION +# directives may be given for clarity, and will be concatenated together in +# the expected way. +# If a particular extension is not in this list (say, 1mh), it will be +# displayed with the rest of the section it belongs to. The effect of this +# is that you only need to explicitly list extensions if you want to force a +# particular order. Sections with extensions should usually be adjacent to +# their main section (e.g. "1 1mh 8 ..."). +# +SECTION 1 1p 8 2 3 3p 4 5 6 7 9 0p n +# +#--------------------------------------------------------- +# Range of terminal widths permitted when displaying cat pages. If the +# terminal falls outside this range, cat pages will not be created (if +# missing) or displayed. +# +#MINCATWIDTH 80 +#MAXCATWIDTH 80 +# +# If CATWIDTH is set to a non-zero number, cat pages will always be +# formatted for a terminal of the given width, regardless of the width of +# the terminal actually being used. This should generally be within the +# range set by MINCATWIDTH and MAXCATWIDTH. +# +#CATWIDTH 0 +# +#--------------------------------------------------------- +# Flags. +# NOCACHE keeps man from creating cat pages. +#NOCACHE diff --git a/cygwin/etc/defaults/etc/pki/ca-trust/ca-legacy.conf b/cygwin/etc/defaults/etc/pki/ca-trust/ca-legacy.conf new file mode 100644 index 0000000..56f028f --- /dev/null +++ b/cygwin/etc/defaults/etc/pki/ca-trust/ca-legacy.conf @@ -0,0 +1,24 @@ +# The upstream Mozilla.org project tests all changes to the root CA +# list with the NSS (Network Security Services) library. +# +# Occassionally, changes might cause compatibility issues with +# other cryptographic libraries, such as openssl or gnutls. +# +# The package maintainers of the CA certificates package might decide +# to temporarily keep certain (legacy) root CA certificates trusted, +# until incompatibility issues can be resolved. +# +# Using this configuration file it is possible to opt-out of the +# compatibility choices made by the package maintainer. +# +# legacy=default : +# This configuration uses the choices made by the package maintainer. +# It may keep root CA certificate as trusted, which the upstream +# Mozilla.org project has already marked as no longer trusted. +# The set of CA certificates that are being kept enabled may change +# between package versions. +# +# legacy=disable : +# Follow all removal decisions made by Mozilla.org +# +legacy=default diff --git a/cygwin/etc/defaults/etc/pki/tls/ct_log_list.cnf b/cygwin/etc/defaults/etc/pki/tls/ct_log_list.cnf new file mode 100644 index 0000000..e643cfd --- /dev/null +++ b/cygwin/etc/defaults/etc/pki/tls/ct_log_list.cnf @@ -0,0 +1,9 @@ +# This file specifies the Certificate Transparency logs +# that are to be trusted. + +# Google's list of logs can be found here: +# www.certificate-transparency.org/known-logs +# A Python program to convert the log list to OpenSSL's format can be +# found here: +# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py +# Use the "--openssl_output" flag. diff --git a/cygwin/etc/defaults/etc/pki/tls/openssl.cnf b/cygwin/etc/defaults/etc/pki/tls/openssl.cnf new file mode 100644 index 0000000..5d119a0 --- /dev/null +++ b/cygwin/etc/defaults/etc/pki/tls/openssl.cnf @@ -0,0 +1,368 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# Note that you can include other files from the main configuration +# file using the .include directive. +#.include filename + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +# Load default TLS policy configuration + +openssl_conf = default_modules + +[ default_modules ] + +ssl_conf = ssl_module + +[ ssl_module ] + +system_default = crypto_policy + +[ crypto_policy ] + +.include = /etc/crypto-policies/back-ends/opensslcnf.config + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = /etc/pki/CA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key + +x509_extensions = usr_cert # The extensions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha256 # use SHA-256 by default +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_md = sha256 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = XX +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +#stateOrProvinceName_default = Default Province + +localityName = Locality Name (eg, city) +localityName_default = Default City + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Default Company Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, your name or your server\'s hostname) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +basicConstraints = critical,CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = /etc/pki/CA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) +ess_cert_id_alg = sha256 # algorithm to compute certificate + # identifier (optional, default: sha1) diff --git a/cygwin/etc/defaults/etc/profile b/cygwin/etc/defaults/etc/profile new file mode 100644 index 0000000..483fa10 --- /dev/null +++ b/cygwin/etc/defaults/etc/profile @@ -0,0 +1,163 @@ +# -*- mode:sh sh-shell:sh -*- +# To the extent possible under law, the author(s) have dedicated all +# copyright and related and neighboring rights to this software to the +# public domain worldwide. This software is distributed without any warranty. +# You should have received a copy of the CC0 Public Domain Dedication along +# with this software. +# If not, see . + +# base-files version 4.3-3 + +# /etc/profile: executed by the command interpreter for login shells. + +# The latest version as installed by the Cygwin Setup program can +# always be found at /etc/defaults/etc/profile + +# Modifying /etc/profile directly will prevent +# setup from updating it. + +# System-wide profile file + +# Some resources... +# Customizing Your Shell: http://www.dsl.org/cookbook/cookbook_5.html#SEC69 +# Consistent BackSpace and Delete Configuration: +# http://www.ibb.net/~anne/keyboard.html +# The Linux Documentation Project: http://www.tldp.org/ +# The Linux Cookbook: http://www.tldp.org/LDP/linuxcookbook/html/ +# Greg's Wiki http://mywiki.wooledge.org/ + +if [ -z "${PROFILEREAD+true}" ] ; then + + # Setup some default paths. Note that this order will allow user installed + # software to override 'system' software. + # Modifying these default path settings can be done in different ways. + # To learn more about startup files, refer to your shell's man page. + + : ${ORIGINAL_PATH=${PATH}} + # setting CYGWIN_USEWINPATH non-empty in the system variables + # assumes that you've already set up PATH so that Cygwin works + # correctly -- no further alteration is done + if [ ${CYGWIN_USEWINPATH-pathprepend} = "pathprepend" ] ; then + # setting CYGWIN_NOWINPATH non-empty in the system variables + # prevents use of the existing PATH and a clean PATH just for + # Cygwin is set up -- you need to add any extra path components + # you need in your personal startup files + if [ ${CYGWIN_NOWINPATH-addwinpath} = "addwinpath" ] ; then + PATH="/usr/local/bin:/usr/bin${PATH:+:${PATH}}" + else + PATH="/usr/local/bin:/usr/bin" + fi + fi + +# see https://cygwin.com/ml/cygwin/2014-05/msg00352.html +# MANPATH="/usr/local/man:/usr/share/man:/usr/man${MANPATH:+:${MANPATH}}" + INFOPATH="/usr/local/info:/usr/share/info:/usr/info${INFOPATH:+:${INFOPATH}}" + + # Set the user id + USER="$(/usr/bin/id -un)" + + # TMP and TEMP as defined in the Windows environment + # can have unexpected consequences for cygwin apps, so we define + # our own to match GNU/Linux behaviour. + unset TMP TEMP + TMP="/tmp" + TEMP="/tmp" + + # Define default printer + p='/proc/registry/HKEY_CURRENT_USER/Software/Microsoft/Windows NT/CurrentVersion/Windows/Device' + if [ -e "${p}" ] ; then + read -r PRINTER < "${p}" + PRINTER=${PRINTER%%,*} + fi + unset p + + # Default to removing the write permission for group and other + # (files normally created with mode 777 become 755; files created with + # mode 666 become 644) + umask 022 + + # Here is how HOME is set, in order of priority, when starting from Windows + # 1) From existing HOME in the Windows environment, translated to a Posix path + # 2) from /etc/passwd, if there is an entry with a non empty directory field + # 3) from HOMEDRIVE/HOMEPATH + # 4) / (root) + # If the home directory doesn't exist, create it. + if [ ! -d "${HOME}" ]; then + if mkdir -p "${HOME}"; then + echo "Copying skeleton files." + echo "These files are for the users to personalise their cygwin experience." + echo + echo "They will never be overwritten nor automatically updated." + echo + if ! cd /etc/skel; then + echo "WARNING: Failed attempt to cd into /etc/skel!" + else + /usr/bin/find . -type f | + while read f; do + fDest=${f#.} + if [ ! -e "${HOME}${fDest}" -a ! -L "${HOME}${fDest}" ]; then + /usr/bin/install -D -p -v "${f}" "${HOME}/${fDest}" + fi + done + unset fDest + fi + else + echo "${HOME} could not be created." + { [ -d "${TEMP}" ] && HOME="${TEMP}"; } || + { [ -d "${TMP}" ] && HOME="${TMP}"; } || + { [ -d /tmp ] && HOME=/tmp; } || + HOME=/ + echo "Setting HOME to ${HOME}." + fi + fi + + readonly PROFILEREAD=true +fi + +# Make sure we start in home unless invoked by CHERE +if [ ! -z "${CHERE_INVOKING}" ]; then + unset CHERE_INVOKING +else + cd "${HOME}" || echo "WARNING: Failed attempt to cd into ${HOME}!" +fi + +# Shell dependent settings +profile_d () +{ + _LC_ALL_SET_="${LC_ALL+set}" + _LC_SAVE_="${LC_ALL-null}" + LC_ALL=C + if [ "${_LC_SAVE_}" = "null" ]; then + for file in /etc/profile.d/*.$1; do + [ -e "${file}" ] && . "${file}" + done + unset LC_ALL + else + for file in /etc/profile.d/*.$1; do + [ -e "${file}" ] && LC_ALL="${_LC_SAVE_}" . "${file}" + done + LC_ALL="${_LC_SAVE_}" + fi + unset file + unset _LC_ALL_SET_ + unset _LC_SAVE_ +} + +HOSTNAME="$(/usr/bin/hostname)" +profile_d sh +if [ ! "x${BASH_VERSION}" = "x" ]; then + [ -f "/etc/bash.bashrc" ] && . "/etc/bash.bashrc" +elif [ ! "x${KSH_VERSION}" = "x" ]; then + typeset -l HOSTNAME + [ "${PS1-null}" = "null" ] || PS1=$(print '\033]0;${PWD}\n\033[32m${USER}@${HOSTNAME} \033[33m${PWD/${HOME}/~}\033[0m\n$ ') +elif [ ! "x${ZSH_VERSION}" = "x" ]; then + # zsh is in shell compatibility mode here, so we probably shouldn't do this + profile_d zsh +elif [ ! "x${POSH_VERSION}" = "x" ]; then + : # [ "${PS1-null}" = "null" ] || PS1="$ " +else + : # [ "${PS1-null}" = "null" ] || PS1="$ " +fi + +# export PROFILEREAD PATH ORIGINAL_PATH MANPATH INFOPATH USER TMP TEMP PRINTER HOSTNAME PS1 SHELL tmp temp +export PROFILEREAD PATH ORIGINAL_PATH INFOPATH USER TMP TEMP PRINTER HOSTNAME PS1 SHELL diff --git a/cygwin/etc/defaults/etc/shells b/cygwin/etc/defaults/etc/shells new file mode 100644 index 0000000..012b492 --- /dev/null +++ b/cygwin/etc/defaults/etc/shells @@ -0,0 +1,18 @@ +/bin/sh +/bin/ash +/bin/bash +/bin/dash +/bin/mksh +/bin/pdksh +/bin/posh +/bin/tcsh +/bin/zsh +/usr/bin/sh +/usr/bin/ash +/usr/bin/bash +/usr/bin/dash +/usr/bin/mksh +/usr/bin/pdksh +/usr/bin/posh +/usr/bin/tcsh +/usr/bin/zsh diff --git a/cygwin/etc/defaults/etc/skel/.bash_profile b/cygwin/etc/defaults/etc/skel/.bash_profile new file mode 100644 index 0000000..84701e7 --- /dev/null +++ b/cygwin/etc/defaults/etc/skel/.bash_profile @@ -0,0 +1,44 @@ +# To the extent possible under law, the author(s) have dedicated all +# copyright and related and neighboring rights to this software to the +# public domain worldwide. This software is distributed without any warranty. +# You should have received a copy of the CC0 Public Domain Dedication along +# with this software. +# If not, see . + +# base-files version 4.3-3 + +# ~/.bash_profile: executed by bash(1) for login shells. + +# The latest version as installed by the Cygwin Setup program can +# always be found at /etc/defaults/etc/skel/.bash_profile + +# Modifying /etc/skel/.bash_profile directly will prevent +# setup from updating it. + +# The copy in your home directory (~/.bash_profile) is yours, please +# feel free to customise it to create a shell +# environment to your liking. If you feel a change +# would be benifitial to all, please feel free to send +# a patch to the cygwin mailing list. + +# User dependent .bash_profile file + +# source the users bashrc if it exists +if [ -f "${HOME}/.bashrc" ] ; then + source "${HOME}/.bashrc" +fi + +# Set PATH so it includes user's private bin if it exists +# if [ -d "${HOME}/bin" ] ; then +# PATH="${HOME}/bin:${PATH}" +# fi + +# Set MANPATH so it includes users' private man if it exists +# if [ -d "${HOME}/man" ]; then +# MANPATH="${HOME}/man:${MANPATH}" +# fi + +# Set INFOPATH so it includes users' private info if it exists +# if [ -d "${HOME}/info" ]; then +# INFOPATH="${HOME}/info:${INFOPATH}" +# fi diff --git a/cygwin/etc/defaults/etc/skel/.bashrc b/cygwin/etc/defaults/etc/skel/.bashrc new file mode 100644 index 0000000..3a4f59a --- /dev/null +++ b/cygwin/etc/defaults/etc/skel/.bashrc @@ -0,0 +1,186 @@ +# To the extent possible under law, the author(s) have dedicated all +# copyright and related and neighboring rights to this software to the +# public domain worldwide. This software is distributed without any warranty. +# You should have received a copy of the CC0 Public Domain Dedication along +# with this software. +# If not, see . + +# base-files version 4.3-3 + +# ~/.bashrc: executed by bash(1) for interactive shells. + +# The latest version as installed by the Cygwin Setup program can +# always be found at /etc/defaults/etc/skel/.bashrc + +# Modifying /etc/skel/.bashrc directly will prevent +# setup from updating it. + +# The copy in your home directory (~/.bashrc) is yours, please +# feel free to customise it to create a shell +# environment to your liking. If you feel a change +# would be benifitial to all, please feel free to send +# a patch to the cygwin mailing list. + +# User dependent .bashrc file + +# If not running interactively, don't do anything +[[ "$-" != *i* ]] && return + +# Shell Options +# +# See man bash for more options... +# +# Don't wait for job termination notification +# set -o notify +# +# Don't use ^D to exit +# set -o ignoreeof +# +# Use case-insensitive filename globbing +# shopt -s nocaseglob +# +# Make bash append rather than overwrite the history on disk +# shopt -s histappend +# +# When changing directory small typos can be ignored by bash +# for example, cd /vr/lgo/apaache would find /var/log/apache +# shopt -s cdspell + +# Programmable completion enhancements are enabled via +# /etc/profile.d/bash_completion.sh when the package bash_completetion +# is installed. Any completions you add in ~/.bash_completion are +# sourced last. + +# History Options +# +# Don't put duplicate lines in the history. +# export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups +# +# Ignore some controlling instructions +# HISTIGNORE is a colon-delimited list of patterns which should be excluded. +# The '&' is a special pattern which suppresses duplicate entries. +# export HISTIGNORE=$'[ \t]*:&:[fb]g:exit' +# export HISTIGNORE=$'[ \t]*:&:[fb]g:exit:ls' # Ignore the ls command as well +# +# Whenever displaying the prompt, write the previous line to disk +# export PROMPT_COMMAND="history -a" + +# Aliases +# +# Some people use a different file for aliases +# if [ -f "${HOME}/.bash_aliases" ]; then +# source "${HOME}/.bash_aliases" +# fi +# +# Some example alias instructions +# If these are enabled they will be used instead of any instructions +# they may mask. For example, alias rm='rm -i' will mask the rm +# application. To override the alias instruction use a \ before, ie +# \rm will call the real rm not the alias. +# +# Interactive operation... +# alias rm='rm -i' +# alias cp='cp -i' +# alias mv='mv -i' +# +# Default to human readable figures +# alias df='df -h' +# alias du='du -h' +# +# Misc :) +# alias less='less -r' # raw control characters +# alias whence='type -a' # where, of a sort +# alias grep='grep --color' # show differences in colour +# alias egrep='egrep --color=auto' # show differences in colour +# alias fgrep='fgrep --color=auto' # show differences in colour +# +# Some shortcuts for different directory listings +# alias ls='ls -hF --color=tty' # classify files in colour +# alias dir='ls --color=auto --format=vertical' +# alias vdir='ls --color=auto --format=long' +# alias ll='ls -l' # long list +# alias la='ls -A' # all but . and .. +# alias l='ls -CF' # + +# Umask +# +# /etc/profile sets 022, removing write perms to group + others. +# Set a more restrictive umask: i.e. no exec perms for others: +# umask 027 +# Paranoid: neither group nor others have any perms: +# umask 077 + +# Functions +# +# Some people use a different file for functions +# if [ -f "${HOME}/.bash_functions" ]; then +# source "${HOME}/.bash_functions" +# fi +# +# Some example functions: +# +# a) function settitle +# settitle () +# { +# echo -ne "\e]2;$@\a\e]1;$@\a"; +# } +# +# b) function cd_func +# This function defines a 'cd' replacement function capable of keeping, +# displaying and accessing history of visited directories, up to 10 entries. +# To use it, uncomment it, source this file and try 'cd --'. +# acd_func 1.0.5, 10-nov-2004 +# Petar Marinov, http:/geocities.com/h2428, this is public domain +# cd_func () +# { +# local x2 the_new_dir adir index +# local -i cnt +# +# if [[ $1 == "--" ]]; then +# dirs -v +# return 0 +# fi +# +# the_new_dir=$1 +# [[ -z $1 ]] && the_new_dir=$HOME +# +# if [[ ${the_new_dir:0:1} == '-' ]]; then +# # +# # Extract dir N from dirs +# index=${the_new_dir:1} +# [[ -z $index ]] && index=1 +# adir=$(dirs +$index) +# [[ -z $adir ]] && return 1 +# the_new_dir=$adir +# fi +# +# # +# # '~' has to be substituted by ${HOME} +# [[ ${the_new_dir:0:1} == '~' ]] && the_new_dir="${HOME}${the_new_dir:1}" +# +# # +# # Now change to the new dir and add to the top of the stack +# pushd "${the_new_dir}" > /dev/null +# [[ $? -ne 0 ]] && return 1 +# the_new_dir=$(pwd) +# +# # +# # Trim down everything beyond 11th entry +# popd -n +11 2>/dev/null 1>/dev/null +# +# # +# # Remove any other occurence of this dir, skipping the top of the stack +# for ((cnt=1; cnt <= 10; cnt++)); do +# x2=$(dirs +${cnt} 2>/dev/null) +# [[ $? -ne 0 ]] && return 0 +# [[ ${x2:0:1} == '~' ]] && x2="${HOME}${x2:1}" +# if [[ "${x2}" == "${the_new_dir}" ]]; then +# popd -n +$cnt 2>/dev/null 1>/dev/null +# cnt=cnt-1 +# fi +# done +# +# return 0 +# } +# +# alias cd=cd_func diff --git a/cygwin/etc/defaults/etc/skel/.inputrc b/cygwin/etc/defaults/etc/skel/.inputrc new file mode 100644 index 0000000..efc1050 --- /dev/null +++ b/cygwin/etc/defaults/etc/skel/.inputrc @@ -0,0 +1,74 @@ +# To the extent possible under law, the author(s) have dedicated all +# copyright and related and neighboring rights to this software to the +# public domain worldwide. This software is distributed without any warranty. +# You should have received a copy of the CC0 Public Domain Dedication along +# with this software. +# If not, see . + +# base-files version 4.3-3 + +# ~/.inputrc: readline initialization file. + +# The latest version as installed by the Cygwin Setup program can +# always be found at /etc/defaults/etc/skel/.inputrc + +# Modifying /etc/skel/.inputrc directly will prevent +# setup from updating it. + +# The copy in your home directory (~/.inputrc) is yours, please +# feel free to customise it to create a shell +# environment to your liking. If you feel a change +# would be benifitial to all, please feel free to send +# a patch to the cygwin mailing list. + +# the following line is actually +# equivalent to "\C-?": delete-char +"\e[3~": delete-char + +# VT +"\e[1~": beginning-of-line +"\e[4~": end-of-line + +# kvt +"\e[H": beginning-of-line +"\e[F": end-of-line + +# rxvt and konsole (i.e. the KDE-app...) +"\e[7~": beginning-of-line +"\e[8~": end-of-line + +# VT220 +"\eOH": beginning-of-line +"\eOF": end-of-line + +# Allow 8-bit input/output +#set meta-flag on +#set convert-meta off +#set input-meta on +#set output-meta on +#$if Bash + # Don't ring bell on completion + #set bell-style none + + # or, don't beep at me - show me + #set bell-style visible + + # Filename completion/expansion + #set completion-ignore-case on + #set show-all-if-ambiguous on + + # Expand homedir name + #set expand-tilde on + + # Append "/" to all dirnames + #set mark-directories on + #set mark-symlinked-directories on + + # Match all files + #set match-hidden-files on + + # 'Magic Space' + # Insert a space character then performs + # a history expansion in the line + #Space: magic-space +#$endif diff --git a/cygwin/etc/defaults/etc/skel/.profile b/cygwin/etc/defaults/etc/skel/.profile new file mode 100644 index 0000000..02bb0d9 --- /dev/null +++ b/cygwin/etc/defaults/etc/skel/.profile @@ -0,0 +1,37 @@ +# To the extent possible under law, the author(s) have dedicated all +# copyright and related and neighboring rights to this software to the +# public domain worldwide. This software is distributed without any warranty. +# You should have received a copy of the CC0 Public Domain Dedication along +# with this software. +# If not, see . + +# base-files version 4.3-3 + +# ~/.profile: executed by the command interpreter for login shells. + +# The latest version as installed by the Cygwin Setup program can +# always be found at /etc/defaults/etc/skel/.profile + +# Modifying /etc/skel/.profile directly will prevent +# setup from updating it. + +# The copy in your home directory (~/.profile) is yours, please +# feel free to customise it to create a shell +# environment to your liking. If you feel a change +# would be benificial to all, please feel free to send +# a patch to the cygwin mailing list. + +# User dependent .profile file + +# Set user-defined locale +export LANG=$(locale -uU) + +# This file is not read by bash(1) if ~/.bash_profile or ~/.bash_login +# exists. +# +# if running bash +if [ -n "${BASH_VERSION}" ]; then + if [ -f "${HOME}/.bashrc" ]; then + source "${HOME}/.bashrc" + fi +fi diff --git a/cygwin/etc/fstab b/cygwin/etc/fstab new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/etc/pki/tls/certs/ca-bundle.crt b/cygwin/etc/pki/tls/certs/ca-bundle.crt new file mode 100644 index 0000000..cf330ba --- /dev/null +++ b/cygwin/etc/pki/tls/certs/ca-bundle.crt @@ -0,0 +1,10918 @@ +# A-Trust-Qual-02 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDyzCCArOgAwIBAgIDFE3kMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1 +YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0xNDA3MDExMTIzMzNa +Fw0yNDA3MDEwOTIzMzNaMIGLMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz +dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy +a2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1YWwtMDIxGDAWBgNVBAMMD0Et +VHJ1c3QtUXVhbC0wMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJaR +q9eOsFm4Ab20Hq2Z/aH86gyWa48uSUjY6eQkguHYuszr3gdcSMYZggFHQgnhfLmf +ro/27l5rqKhWiDhWs+b+yZ1PNDhRPJy+86ycHMg9XJqErveULBSyZDdgjhSwOyrN +ibUir/fkf+4sKzP5jjytTKJXD/uCxY4fAd9TjMEVpN3umpIS0ijpYhclYDHvzzGU +833z5Dwhq5D8bc9jp8YSAHFJ1xzIoO1jmn3jjyjdYPnY5harJtHQL73nDQnfbtTs +5ThT9GQLulrMgLU4WeyAWWWEMWpfVZFMJOUkmoOEer6A8e5fIAeqdxdsC+JVqpZ4 +CAKel/Arrlj1gFA//jsCAwEAAaM2MDQwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E +CgQIQj0rJKbBRc4wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBh +MfOINQm4XpzF6DmkOmb/ArSXHf5LObqFmIMooNr2TkyzrUTK/NE+mdrm15Rfdts7 +kZVq/ICfQSFeaPvWaAVq4plH/26OjvMTVv7DfgfPBUxDWqlCuDnDnPAVQ+yo/o5i +BA5uUlMbp5znbDtlxwF/5gWqcn/hKxSUCP1uiOPIlKfeVvsRmBcJAdoixTM/Ic10 +pavJMGOI20onArvQZAUEbXQLA8cs8naxfF6Bo36U9nk6wn7q8VPXhViekByd17F6 +9A+ah0Iqw4SPf9BqNRIe1YxxjDhCmjWt3aoyE3ZFBuGjW+r2ipb/vGU1+2oyy2Fd +2dMmiMQ7gGhWX9X6gWLdMB0wCgYIKwYBBQUHAwMMD0EtVHJ1c3QtUXVhbC0wMg== +-----END TRUSTED CERTIFICATE----- + +# A-Trust-Qual-03 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDyzCCArOgAwIBAgIDA+aUMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1 +YWwtMDMxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMzAeFw0wODA0MjQyMjAwMDBa +Fw0xODA0MjQyMjAwMDBaMIGLMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz +dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy +a2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1YWwtMDMxGDAWBgNVBAMMD0Et +VHJ1c3QtUXVhbC0wMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALOe +JIgc0s9AA0hqqqWgK72W9XwKn5+rUJDbQc5WgHkqwP2TU3qcW/NZYSSIY6PVGO6b +hHSEnOyMPdrBhnpvNi4m6349yT6t565LdHcoKyQg/youwpVkEPZ+e8O32hF9nqvt +L4wZohydjMwzcHUJB/5e+0CkJYwv/bVRZzqoK0yf1midYJukxWOw7nDNKD9KdOpZ ++XXFAAZuH7BjwSqqE138y9JlGzkxIlrCeSJdGfFLwr7OHIgBdPEmQXcyOcaMUGjP +U4VDig+gj+6OC5KjAEC+wKJZXiyhRLj+HyLTDLrQ6O8p5HI3Sov4FuwiMgcqIyzz +o9fNyqmnT3K/vBGOqBsCAwEAAaM2MDQwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E +CgQIRgbfN/LCNxAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBx +CNQmRL6A4mtCtSpQ/V3ojGDznLaSgXI4sm+pPoHywzQkU6FRUsilidO83NsSudup +sFjvwAhmMmLj4fOjWKN3bu7kobtXEWh3Mwj0zVm46l0bCcaszI0Lus3f1pq+q3YA +rX0WS2Rc35g+a21eLHw5FVlCNyA8n8Pcf/VTNrfix6QijHq+cb1Ns2jIuKmJ/3Ew +i8+RbfKFLqVKIn5y3tSuse0M7/xFfS3cJK3teQflrU+y6VJ0SbiMUvq9EuQZw/xR +jRbja2huOZrfKTmlu7GhF8EX43Vq/H2xcjzfwerloxzUnVkbGnQfaSqDVCQY0+7l +4INXvhvi0B+tbDW+jbpfMB0wCgYIKwYBBQUHAwMMD0EtVHJ1c3QtUXVhbC0wMw== +-----END TRUSTED CERTIFICATE----- + +# A-Trust-Root-05 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFyTCCA7GgAwIBAgIDD820MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVJv +b3QtMDUxGDAWBgNVBAMMD0EtVHJ1c3QtUm9vdC0wNTAeFw0xMzA5MjMxMzI0MTFa +Fw0yMzA5MjAxMTI0MTFaMIGLMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz +dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy +a2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVJvb3QtMDUxGDAWBgNVBAMMD0Et +VHJ1c3QtUm9vdC0wNTCCAiAwDQYJKoZIhvcNAQEBBQADggINADCCAggCggIBAOT7 +jFImpWeBhGjdgsnNqHIBWSI/JOkSpJKXxVDO8kU/a0QFGLp7ca/mjbtt9uTz5dy8 +5HgTI7IKRJ23vTdA1iVEUInOaNLDYqdEoSNFr18GcXZG4Wn/4iHgP88yleqIJqcg +rMJxXTDJDOxELc7FZXzXB3419g0YFk17q/OqD33e6IyULpPQt25IOMQCIhrfIKWC +Y79T1UQVBjukO3rctu6Qi0ACtJ/A9nEzWaYi07BoIz/9hMiWsPlwSy80hv0lVZnR +zXcnOMRtXBnq634ThgGgEEAmRx++FL5fpbg/YKFu4SGOEyV4Lqd6zVivflusP84P +s/JXfNV7bcnT/K2VrRu/h5hPJ+YLqWg75Cws9RRH16ldgvbim7cg4eUaayx4CI1s +dYzqN5aJnVnpdDIvGDAYOgQlSwbtxmdnJoBqX4F3MB6e0XSPX4zAVGrspBhhmXod ++Z356Pnx73K+zi8ZknzjKK/RuLhv0GC+eFikLjc6sieJEVGiXom8HcxXZUtJTBMQ +Aq5Xvkwh8SKqHqCS1FQsuJt8M2gnECodS/8GCgKTgIcZr7+ogxIQjn0QpSuQ6A7g +FIZF9tflVnOWH4+ePCqjGl4skGaFbwF2vbPwKcgniqmpI7DV8vDK1b22MnDMLxxZ +v+rDBqRg36uJbkcU74WQa2gjlk4G07EnowPDudm9AgEDozYwNDAPBgNVHRMBAf8E +BTADAQH/MBEGA1UdDgQKBAhA+blnvgPSCDAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI +hvcNAQELBQADggIBAOIqZcZrWivIqDTLlxEdJh+jss64PCshn5j0Fx8NtnuuyxBt +g/JjwYiu6cBSQq43nwuZV1LoRX6YlOkpR5/xB8FCCPNzPKprNbNsFSuRMRvkfpLn +w8WmITjfG77Rn5YNULb1e5SjLaqvt43SOy18ghDUakrJYaOmj6eyoNlUw5d/0YnM +Y/jZ3zhYlboBUMwK84tJPH8/PajzaMzHmNPZNTD3DoJe+BBhrrxO8Cs0eqKa9tuN +r+sDTCfD3q5s3VUUrz8d64+atnhJ7rz5HndgAiTc3t7ppfuRphx6skng978dB66G +y7vZANfLARjv6MOPDAcwcFjB8mPqjP22rePoBzw9WwWHdMs15e8Jt7ughGm8QXFj +2zKcQeFfftp2bZOjroX65YzJUqwny2CzNixJqQTeuCcrCTHEkpPpjNGkS/2+VlGw +2LfOnUXDG0gv0bMw935cqVsxP+UFm+F2qdf1KYZzVxy9L9vXGRb0JTTxgxa0MlgL +sVlO44vQoyuLG0DC9+NSqE5K7nXp7WOZGwb7MI38HleZ7M4UKOOgjS3r7wceDAKO +jEjMiNqmrXmUtKzpDDC2/wY7FHGVhfuwesuLSFly21AA8reNeSvNBJWSdUkCllSi +HVSFu2CvfX2qs735cDxZesGB/KxQABgS5LXcXdilWF4dXydpjszb76pXGquEMB0w +CgYIKwYBBQUHAwMMD0EtVHJ1c3QtUm9vdC0wNQ== +-----END TRUSTED CERTIFICATE----- + +# A-Trust-nQual-03 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDzzCCAregAwIBAgIDFLT5MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTE0MDcyMzEwMzgy +OVoXDTI1MDcyMzA4MzgyOVowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM +EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj +lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ +znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH +2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1 +k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs +2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD +VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC +AQEAEoykPeAA/6iKm6YnfxsSHFe+Dtian2yAH8L2TqMdcHeSB/7L1x73uuDeYku1 +hbKQAXnfXntf8R+VgjQBTww0aDb5164netYcFbK0g8uVWVCqOl8wf3JbAUxHS9br +cFKks+CJKPr6qQ6H+sb1o9127c9IQSZYP3S/gMAaGw0cSTlsnosE0P5Ur5vHsapm +FV3V+VOjYNs2GLSu4XQCYvSIpsfDJp8VsJ/BMYS9GqGvQ/9qGa0fwEbEMadb5mcJ +tw/EKg4gJthMgxOfO5eVuCQ3PAEWOe5lrOrTdvTIlhphUuns5hoIdlyLuNqewK3s +FJ6N46sU7LjJLqSKYEB8usoIizAeMAoGCCsGAQUFBwMDDBBBLVRydXN0LW5RdWFs +LTAz +-----END TRUSTED CERTIFICATE----- + +# AC1 RAIZ MTIN +-----BEGIN TRUSTED CERTIFICATE----- +MIIJSTCCBzGgAwIBAgIGBQtBXoJ7MA0GCSqGSIb3DQEBBQUAMIHiMRYwFAYDVQQD +Ew1BQzEgUkFJWiBNVElOMRIwEAYDVQQFEwlTMjgxOTAwMUUxNTAzBgNVBAsTLFBS +RVNUQURPUiBERSBTRVJWSUNJT1MgREUgQ0VSVElGSUNBQ0lPTiBNVElOMTEwLwYD +VQQLEyhTVUJESVJFQ0NJT04gR0VORVJBTCBERSBQUk9DRVNPIERFIERBVE9TMSww +KgYDVQQKEyNNSU5JU1RFUklPIERFIFRSQUJBSk8gRSBJTk1JR1JBQ0lPTjEPMA0G +A1UEBxMGTUFEUklEMQswCQYDVQQGEwJFUzAeFw0wOTExMDUxNjE3NDVaFw0xOTEx +MDMxNjE3NDVaMIHiMRYwFAYDVQQDEw1BQzEgUkFJWiBNVElOMRIwEAYDVQQFEwlT +MjgxOTAwMUUxNTAzBgNVBAsTLFBSRVNUQURPUiBERSBTRVJWSUNJT1MgREUgQ0VS +VElGSUNBQ0lPTiBNVElOMTEwLwYDVQQLEyhTVUJESVJFQ0NJT04gR0VORVJBTCBE +RSBQUk9DRVNPIERFIERBVE9TMSwwKgYDVQQKEyNNSU5JU1RFUklPIERFIFRSQUJB +Sk8gRSBJTk1JR1JBQ0lPTjEPMA0GA1UEBxMGTUFEUklEMQswCQYDVQQGEwJFUzCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANzNzbG/3iX1/xwzc5k8G6Ft +9aDEfZs4Zo0J3wNsVzW0E0H+41/mIgRYGLlOaTMEP5XH2U7/MzSnMkAyk1f+ga8l +Q1wd/XtXC2IIZ2ditOPlWCWA5qqGYkDnTxBhKUkmq018oatbYTGBBmpklE0n+Ese +0dVD4texbfb2/7RwVfYImbd0AeDznrV85ASICFBZeB8alNvvyMmJ0ze48z2G0RnL +g1oQBwhPmXQCB/AyUcj75tA8JnZ9cn6sdjfBinUgXEDchD/QSXxNZ6457+TOgOHK +neYtqy7mEpXa+fvf4+KMPYf7RW5Eq/Z4kicUoV1rT3B7V3Pv+V2oD3Wf7xFgGYSw +ZEDu2KmG+qXXRfQRb/GGyDRbiEjOut3Nm92I4wE26Kxq6BILsOB7kB6FC0mJAfb/ +gt9YZSKDSNYH0Bxm/GYoOsTD5fiZZSdSWPNr8W8CRIR10KTjaFNhcu/2L6mzrPX0 +9tBc3GlMzHnSpBvIcwY0dLTxasopKMc0hFsj2LoAjMwJwcdvXQSrt08md6k1zyDW +s/8xadA0+yXsaJYKot2DH8o8j3Q2JVTv9Rh7wiQx0fuCBK4Egtb1Ailx4ZJxdI7b +qnEdxDvGYiZshjwjVesp0R+ryh5j57NztKe4Kjr2H/uHZYj885/+v+vVHbaoA+ll +gxmM4BjtF9gcDT2cilh/AgMBAAGjggMBMIIC/TA3BggrBgEFBQcBAQQrMCkwJwYI +KwYBBQUHMAGGG2h0dHA6Ly9jYS5tdGluLmVzL210aW4vb2NzcDAOBgNVHQ8BAf8E +BAMCAQYwGwYDVR0RBBQwEoEQYWRtaW5fY2FAbXRpbi5lczAbBgNVHRIEFDASgRBh +ZG1pbl9jYUBtdGluLmVzMA8GA1UdEwEB/wQFMAMBAf8wcgYDVR0fBGswaTAyoDCg +LoYsaHR0cDovL2NhLm10aW4uZXMvbXRpbi9jcmwvTVRJTkF1dG9yaWRhZFJhaXow +M6AxoC+GLWh0dHA6Ly9jYTIubXRpbi5lcy9tdGluL2NybC9NVElOQXV0b3JpZGFk +UmFpejCBuQYDVR0gBIGxMIGuMIGrBgsrBgEEAYHZBQIEATCBmzAwBggrBgEFBQcC +ARYkaHR0cDovL2NhLm10aW4uZXMvbXRpbi9EUEN5UG9saXRpY2FzMGcGCCsGAQUF +BwICMFsaWUNlcnRpZmljYWRvIHJh7XouIENvbnN1bHRlIGxhcyBjb25kaWNpb25l +cyBkZSB1c28gZW4gaHR0cDovL2NhLm10aW4uZXMvbXRpbi9EUEN5UG9saXRpY2Fz +MB0GA1UdDgQWBBQzQxizxEsdyx/58E7830rkFWDIgzCCARYGA1UdIwSCAQ0wggEJ +gBQzQxizxEsdyx/58E7830rkFWDIg6GB6KSB5TCB4jEWMBQGA1UEAxMNQUMxIFJB +SVogTVRJTjESMBAGA1UEBRMJUzI4MTkwMDFFMTUwMwYDVQQLEyxQUkVTVEFET1Ig +REUgU0VSVklDSU9TIERFIENFUlRJRklDQUNJT04gTVRJTjExMC8GA1UECxMoU1VC +RElSRUNDSU9OIEdFTkVSQUwgREUgUFJPQ0VTTyBERSBEQVRPUzEsMCoGA1UEChMj +TUlOSVNURVJJTyBERSBUUkFCQUpPIEUgSU5NSUdSQUNJT04xDzANBgNVBAcTBk1B +RFJJRDELMAkGA1UEBhMCRVOCBgULQV6CezANBgkqhkiG9w0BAQUFAAOCAgEAmeOq +DpHTkqnq/0Rn06AtIGfzEA8aN3ddUkbmarj3iPOCwyr0YQ0sny+GLWHpYFm9t0+v +kwkc+TN3QJyhfGXcXpCVqfS+gvT8gh0exT3gXK7eLdVjdqvx7CSnIPge6M9xggPd +jnZiKrUpiBMkrVz0oEq46hOKVo1qL2g5coZYxKSrdXxE5xqEDI0R3Bm5HDbu8/9R +m7NDyCV+5w5Io+RPBi0VHqCmR5BXO/gvLdsjuusjk7C4UhtgHNQZsG14j0udpwso +Z0rdeEi9sT6Y1LsV/rNfbR11yB7PD65KGl2HLAZ0bAqFUyReesmgfHGbkl1vSH+2 +WHGyTKYaCSM0UHEVa0fb+74abcKMlC8HZyAiZ2O3q8YZnJYNYuoIpBpw76m5707F +QLzih1fzA8oomRrAVWB1e2O+ZD+WTkuP/S2mdMDfSTrsVX5m07r975OxY/JbP+12 +odnTDP4ubwqmU0vv0fNHrbke7EwfvtCDU8ObFUX/LgfR2mqSReZsV1skLlFpyTDP +1/ukATVazafrFG+0t2AiCMVxyJPiviVf9Qz6WFE9e8gvN/mTHCoJ4Gf9lolCyus2 +sNYbplAPWp12/6RPxuwNxOHQ51g+1nnAd00M1bPkmE3dRi5SsOIPDUI2pRAkUii+ +YjVCOcl6lh/u5ktZPyRzi78iS2by2w818TedoCQwGzAKBggrBgEFBQcDAwwNQUMx +IFJBSVogTVRJTg== +-----END TRUSTED CERTIFICATE----- + +# ACA ROOT +-----BEGIN TRUSTED CERTIFICATE----- +MIIFyDCCA7CgAwIBAgIQR0ORJD/Oww1XSChr7oBdqzANBgkqhkiG9w0BAQsFADBd +MQswCQYDVQQGEwJFUzESMBAGA1UEBRMJUTI4NjMwMDZJMScwJQYDVQQKDB5DT05T +RUpPIEdFTkVSQUwgREUgTEEgQUJPR0FDSUExETAPBgNVBAMMCEFDQSBST09UMB4X +DTE2MDUyNzEwNTg1MVoXDTQxMDUyNzEwNTg1MVowXTELMAkGA1UEBhMCRVMxEjAQ +BgNVBAUTCVEyODYzMDA2STEnMCUGA1UECgweQ09OU0VKTyBHRU5FUkFMIERFIExB +IEFCT0dBQ0lBMREwDwYDVQQDDAhBQ0EgUk9PVDCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBALkrXvU+uokenfXRE8+7o1666d85cmSYUodppbbe4b+URb7F ++KRTZxVQ3FJPKnYsLo0gaozmXbnZaL6RG7ppAxitGE42oqxGqyD4A2qqrXnV3x3B +7kVvIXT5TbGxPZA7PDKA7f8Vz1HK16SHLqrlDrbRelrHufhRu9mU3T7Ghk4K/juJ +8vhuJM6RA1gFEkrdUKtBes7tqR8RUx6lE9th8PWqgN50eR2k4ynW++D8l9qiuKsi +PmWwIcTlxRBEh7Lj4CqCLn3m9LikEyXzd2BfY1OuLrGdimt2ezpxvZKBNrCcgvH3 +xYkoXf+8QgazCGpPYc2kLZDTObh3/8jHo3m7A7mRAwE0Etgwi7aMAsrkSOw4KjJM +bcp2KFqGCrrUII6voF8gLWKciPnxFW1bvbEDUMA/NteuP1HRyuNYZkTmo5t3LjH6 +2X8ixAVM63QbXGN6pgKTfkMOdhQPTW8ylYiAklKXFPU8/JQH02wpBZVGD+Rx4X/4 +bRQSgpK181M+mRGXR3ZKCXLu1MOWCaza//FLS7bXJc8eTJcmCzS7tpTxLGRxX4ny +FTs3pwLkDU9IiTOjjGh4MVFnChnbtOJ0Lz1683cAn3ESY/9zKmRpVOysOq7a8lhj +NH74PF7AQjql27Oo1FrBTli4abasgmLb0fsaQyEi/B31nE9OO+WN/3ZaI15bAgMB +AAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O +BBYEFBpV5BUx4jGbEdSIcXoAPXAoBb/NMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkG +CCsGAQUFBwIBFh1odHRwOi8vd3d3LmFjYWJvZ2FjaWEub3JnL2RvYzANBgkqhkiG +9w0BAQsFAAOCAgEAezDKVYbTr+4a17iVmOz5O92QE6OckkWgkolpoXGRvHGFh6At +MAnkwlM99Km3aC1Nmc2kz547kJ2aCikNKkLBPVtrQILFixOxQWePvqR34MB25PO2 +KVYs73FPwmTx2rQLytA5X1OygwH7sn3Zg3R6NdDBXY+b917nUt/uqjeTq9k9fR7x +vRzb6HXduFtM4xaj9nWIDo88wwts22BZ5AWrKEb3Zmkld97KSjPYWF57j5rPUo49 +bf3Rsr0+eVeGHkQcB030whCqeMvzURcNdj2NbmhJ6e8HSdG4Fsl5ncyuCwVHev2Y +rDGhkFqHYvn4q2Ja4CF20GhC6By+coHwxmd9fnQ81VVvj6VolhHxytMwF71GtjGv +cOmkhDdXugk8LtkLE1YHPpXEtXAvk8Kur4FdRhQw+67F85r3QXqx3ksW2UV1RwJ8 +FB7VsTugLEG1m0t7o4PwuczOHpS3Xi4jBpWRHDhHHO3EeA6kD/wbfNbya9CKW+qW +8zHUXmrElLgwn5XhB4m4iNInhaRhdOWoRDF6IHXo+Njrs0+q/1M/lu3qu/xRQKYr +7CSh+/lEjSPnppcAD8ukar9QoMpxomyub9/Zg4Jm3FNdr/pU94P/qz+Jlae0bfMP +Cg1IMy+BKcdLBcTGV3SEw5g2/++FMqtinBPRIoexvpjbdJqP6sLWk3lFIMMwFjAK +BggrBgEFBQcDAwwIQUNBIFJPT1Q= +-----END TRUSTED CERTIFICATE----- + +# ACCVRAIZ1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE +AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw +CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ +BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND +VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb +qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY +HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo +G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA +lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr +IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/ +0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH +k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47 +4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO +m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa +cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl +uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI +KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls +ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG +AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT +VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG +CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA +cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA +QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA +7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA +cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA +QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA +czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu +aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt +aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud +DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF +BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp +D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU +JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m +AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD +vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms +tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH +7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA +h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF +d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H +pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7MCswHgYIKwYB +BQUHAwQGCCsGAQUFBwMBBggrBgEFBQcDAwwJQUNDVlJBSVox +-----END TRUSTED CERTIFICATE----- + +# ACEDICOM Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQGA1UE +AwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00x +CzAJBgNVBAYTAkVTMB4XDTA4MDQxODE2MjQyMloXDTI4MDQxMzE2MjQyMlowRDEW +MBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZF +RElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7w2rbYgIB8hiGtXxaOLHkWLn7 +09gtn70yN78sFW2+tfQh0hOR2QetAQXW8713zl9CgQr5auODAKgrLlUTY4HKRxx7 +XBZXehuDYAQ6PmXDzQHe3qTWDLqO3tkE7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5P +Grjm6gSSrj0RuVFCPYewMYWveVqc/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAK +t0SdE3QrwqXrIhWYENiLxQSfHY9g5QYbm8+5eaA9oiM/Qj9r+hwDezCNzmzAv+Yb +X79nuIQZ1RXve8uQNjFiybwCq0Zfm/4aaJQ0PZCOrfbkHQl/Sog4P75n/TSW9R28 +MHTLOO7VbKvU/PQAtwBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTTxKJxqvQU +fecyuB+81fFOvW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI +2Sf23EgbsCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyH +K9caUPgn6C9D4zq92Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEae +ZAwUswdbxcJzbPEHXEUkFDWug/FqTYl6+rPYLWbwNof1K1MCAwEAAaOBqjCBpzAP +BgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz4SsrSbbXc6GqlPUB53NlTKxQ +MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU9QHnc2VMrFAw +RAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly9hY2VkaWNv +bS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEBBQUAA4ICAQDOLAtSUWIm +fQwng4/F9tqgaHtPkl7qpHMyEVNEskTLnewPeUKzEKbHDZ3Ltvo/Onzqv4hTGzz3 +gvoFNTPhNahXwOf9jU8/kzJPeGYDdwdY6ZXIfj7QeQCM8htRM5u8lOk6e25SLTKe +I6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH1PwkzQSulgUV1qzOMPPKC8W64iLgpq0i +5ALudBF/TP94HTXa5gI06xgSYXcGCRZj6hitoocf8seACQl1ThCojz2GuHURwCRi +ipZ7SkXp7FnFvmuD5uHorLUwHv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oIKiMn +MCArz+2UW6yyetLHKKGKC5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZ +o5NjEFIqnxQWWOLcpfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6 +zqylfDJKZ0DcMDQj3dcEI2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacN +GHk0vFQYXlPKNFHtRQrmjseCNj6nOGOpMCwXEGCSn1WHElkQwg9naRHMTh5+Spqt +r0CodaxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3otkYNbn5XOmeUwssfnHdK +Z05phkOTOPu220+DkdRgfks+KzgHVZhepDAbMAoGCCsGAQUFBwMDDA1BQ0VESUNP +TSBSb290 +-----END TRUSTED CERTIFICATE----- + +# ACNLB +-----BEGIN TRUSTED CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIEPsOGjjANBgkqhkiG9w0BAQUFADAdMQswCQYDVQQGEwJT +STEOMAwGA1UEChMFQUNOTEIwHhcNMDMwNTE1MTE1MjQ1WhcNMjMwNTE1MTIyMjQ1 +WjAdMQswCQYDVQQGEwJTSTEOMAwGA1UEChMFQUNOTEIwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC/dnU9DHxAOmZfTYz73Twu/n2UZO1K1ElIoe6RcbJ5 +yI4rH6rwMrQosqPCdU+k6aYa9qJmYSMnYSxuF5AL+t4ecVICKQSZeazAsMBmmJgR +N2QQz5y8O0IcKVxVkPZ6Ik5Wrzdov3Q6bDzGmMxgIb/iCCfk2Su844SV19QkYPx+ +LS+dIeudkca7pNHryRKto+jItX9VS+uZAlTEgRwMrjnkanoF2E5woPoDd7Ou2LgU +kvtBdxM1areiyohLrS1RvHaabLtAveckTCKm5v1OCHudCxDWEtKmxqFkMvQBc5aB +4kiwwShjPTvnZ6xuxRT1FxOinB8rV/AVJ3Vd3bE01pMRAgMBAAGjgf4wgfswEQYJ +YIZIAYb4QgEBBAQDAgAHMD8GA1UdHwQ4MDYwNKAyoDCkLjAsMQswCQYDVQQGEwJT +STEOMAwGA1UEChMFQUNOTEIxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMjAw +MzA1MTUxMTUyNDVagQ8yMDIzMDUxNTEyMjI0NVowCwYDVR0PBAQDAgEGMB8GA1Ud +IwQYMBaAFMy7u4bWb/i+tEcid7O2rdcBWZZNMB0GA1UdDgQWBBTMu7uG1m/4vrRH +Ineztq3XAVmWTTAMBgNVHRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY2LjA6 +NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEAEWfLy5prICHdb2mD1T8NupMVl05w +diZc6J4k5zf+PFD01PkqLwwToV0EvNCw6cIDF4UFYT3Ap6p2TMO4OoOphs8D+XcO +K7I9dhtl0WpxYHHbu7h6jvL5IYP4V0yox91lxu7vb7O2mbu0w9CrX7Kgft10ISzD +WuuNocrY8MgX7Xa6hGNuW7m1ym3X/DQ5gC+6T9+N2PwYxDyKNS93gpatIJIYsuc2 +9K4ydLhH0dgP2CzLasIAdfks+EIOy/5zk6mP4ceuITfzyrkMtOeJfnEcVjQgw/E0 +uVVL01NS8QctKz5bGUCfEO3TKTPFrw8QVofaO8ix7TjZGftL8FAtpM3UWDATMAoG +CCsGAQUFBwMDDAVBQ05MQg== +-----END TRUSTED CERTIFICATE----- + +# AC RAIZ DNIE +-----BEGIN TRUSTED CERTIFICATE----- +MIIFvzCCA6egAwIBAgIQANKFcP2up9ZfEYQVxjG1yzANBgkqhkiG9w0BAQUFADBd +MQswCQYDVQQGEwJFUzEoMCYGA1UECgwfRElSRUNDSU9OIEdFTkVSQUwgREUgTEEg +UE9MSUNJQTENMAsGA1UECwwERE5JRTEVMBMGA1UEAwwMQUMgUkFJWiBETklFMB4X +DTA2MDIxNjEwMzcyNVoXDTM2MDIwODIyNTk1OVowXTELMAkGA1UEBhMCRVMxKDAm +BgNVBAoMH0RJUkVDQ0lPTiBHRU5FUkFMIERFIExBIFBPTElDSUExDTALBgNVBAsM +BEROSUUxFTATBgNVBAMMDEFDIFJBSVogRE5JRTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAIAArQzDoyAHo2P/9zSgze5qVAgXXbEBFafmuV+Kcf8Mwh3q +N/Pek3/WBU2EstXXHAz0xJFwQA5ayJikgOgNM8AH87f1rKE4esBmVCT8UswwKvLD +xKEsdr/BwL+C8ZvwaHoTQMiXvBwlBwgKt5bvzClU4OZlLeqyLrEJaRJOMNXY+LwA +gC9Nkw/NLlcbM7ufME7Epct5p/viNBi2IJ4bn12nyTqtRWSzGM4REpxtHlVFKISc +V2dN+cvii49YCdQ5/8g20jjiDGV/FQ59wQfdqSLfkQDEbHE0dNw56upPRGl/WNtY +ClJxK+ypHVB0M/kpavr+mfTnzEVFbcpaJaIS487XOAU58BoJ9XZZzmJvejQNLNG8 +BBLsPVPI+tACy849IbXF4DkzZc85U8mbRvmdM/NZgAhBvm9LoPpKzqR2HIXir68U +nWWs93+X5DNJpq++zis38S7BcwWcnGBMnTANl1SegWK75+Av9xQHFKl3kenckZWO +04iQM0dvccMUafqmLQEeG+rTLuJ/C9zP5yLw8UGjAZLlgNO+qWKoVYgLNDTs3CEV +qu/WIl6J9VGSEypvgBbZsQ3ZLvgQuML+UkUznB04fNwVaTRzv6AsuxF7lM34Ny1v +Pe+DWsYem3RJj9nCjb4WdlDIWtElFvb2zIycWjCeZb7QmkiT1/poDXUxh/n3AgMB +AAGjezB5MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQW +BBSORfSfc8X/LxsF2wFHYBsDioG3ujA3BgNVHSAEMDAuMCwGBFUdIAAwJDAiBggr +BgEFBQcCARYWaHR0cDovL3d3dy5kbmllLmVzL2RwYzANBgkqhkiG9w0BAQUFAAOC +AgEAdeVzyVFRL4sZoIfp/642Nqb8QR/jHtdxYBnGb5oCML1ica1z/pEtTuQmQESp +rngmIzFp3Jpzlh5JUQvg78G4Q+9xnO5Bt8VQHzKEniKG8fcfj9mtK07alyiXu5aa +Gvix2XoE81SZEhmWFYBnOf8CX3r8VUJQWua5ov+4qGIeFM3ZP76jZUjFO9c3zg36 +KJDav/njUUclfUrTZ02HqmK8Xux6gER8958KvWVXlMryEWbWUn/kOnB1BM07l9Q2 +cvdRVr809dJB4bTaqEP+axJJErRdzyJClowIIyaMshBOXapT7gEvdeW5ohEzxNdq +/fgOym6C2ee7WSNOtfkRHS9rI/V7ESDqQRKQMkbbMTupwVtzaDpGG4z+l7dWuWGZ +zE7wg/o38d4cnRxxiwOTw8Rzgi6omB1kopqM91QITc/qgcv1WwmZY691jJb4eTXV +3OtBgXk4hF5v8W9idtuRzlqFYDkdW+IqL0Ml28J6JNMVsKLxjKB9a0gJE/+iTGaK +7HBSCVOMMMy41bok3DCZPqFet9+BrOw3vk6bJ1jefqGbVH8Gti/kMlD95xC7qM3a +GBvUY2Y96lFxOfScPt9a9NrHTCbti7UhujR5AnNhENqYMahgy34Hp9C3BUOJW82F +JtmwUa/3jFKqEqdY35KbZ/Kd8ub0aTH0Fufed1se3ZoFAa0wGjAKBggrBgEFBQcD +AwwMQUMgUkFJWiBETklF +-----END TRUSTED CERTIFICATE----- + +# AC RAIZ FNMT-RCM +-----BEGIN TRUSTED CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx +CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ +WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ +BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG +Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/ +yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf +BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz +WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF +tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z +374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC +IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL +mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7 +wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS +MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2 +ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet +UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H +YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3 +LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1 +RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM +LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf +77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N +JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm +fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp +6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp +1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B +9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok +RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv +uu8wd+RU4riEmViAqhOLUTpPSPaLtrMwKDAUBggrBgEFBQcDAQYIKwYBBQUHAwMM +EEFDIFJBSVogRk5NVC1SQ00= +-----END TRUSTED CERTIFICATE----- + +# AC RAIZ FNMT-RCM SERVIDORES SEGUROS +-----BEGIN TRUSTED CERTIFICATE----- +MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQsw +CQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgw +FgYDVQRhDA9WQVRFUy1RMjgyNjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1S +Q00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4MTIyMDA5MzczM1oXDTQzMTIyMDA5 +MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQtUkNNMQ4wDAYDVQQL +DAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNBQyBS +QUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LH +sbI6GA60XYyzZl2hNPk2LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oK +Um8BA06Oi6NCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD +VR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqGSM49BAMDA2kAMGYCMQCu +SuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoDzBOQn5IC +MQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJy +v+cwMTAKBggrBgEFBQcDAQwjQUMgUkFJWiBGTk1ULVJDTSBTRVJWSURPUkVTIFNF +R1VST1M= +-----END TRUSTED CERTIFICATE----- + +# AC Raíz Certicámara S.A. +-----BEGIN TRUSTED CERTIFICATE----- +MIIGZjCCBE6gAwIBAgIPB35Sk3vgFeNX8GmMy+wMMA0GCSqGSIb3DQEBBQUAMHsx +CzAJBgNVBAYTAkNPMUcwRQYDVQQKDD5Tb2NpZWRhZCBDYW1lcmFsIGRlIENlcnRp +ZmljYWNpw7NuIERpZ2l0YWwgLSBDZXJ0aWPDoW1hcmEgUy5BLjEjMCEGA1UEAwwa +QUMgUmHDrXogQ2VydGljw6FtYXJhIFMuQS4wHhcNMDYxMTI3MjA0NjI5WhcNMzAw +NDAyMjE0MjAyWjB7MQswCQYDVQQGEwJDTzFHMEUGA1UECgw+U29jaWVkYWQgQ2Ft +ZXJhbCBkZSBDZXJ0aWZpY2FjacOzbiBEaWdpdGFsIC0gQ2VydGljw6FtYXJhIFMu +QS4xIzAhBgNVBAMMGkFDIFJhw616IENlcnRpY8OhbWFyYSBTLkEuMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq2uJo1PMSCMI+8PPUZYILrgIem08kBeG +qentLhM0R7LQcNzJPNCNyu5LF6vQhbCnIwTLqKL85XXbQMpiiY9QngE9JlsYhBzL +fDe3fezTf3MZsGqy2IiKLUV0qPezuMDU2s0iiXRNWhU5cxh0T7XrmafBHoi0wpOQ +Y5fzp6cSsgkiBzPZkc0OnB8OIMfuuzONj8LSWKdf/WU34ojC2I+GdV75LaeHM/J4 +Ny+LvB2GNzmxlPLYvEqcgxhaBvzz1NS6jBUJJfD5to0EfhcSM2tXSExP2yYe68yQ +54v5aHxwD6Mq0Do43zeX4lvegGHTgNiRg0JaTASJaBE8rF9ogEHMYELODVoqDA+b +MMCm8Ibbq0nXl21Ii/kDwFJnmxL3wvIumGVC2daa49AZMQyth9VXAnow6IYm+48j +ilSH5L887uvDdUhfHjlvgWJsxS3EF1QZtzeNnDeRyPYL1epjb4OsOMLzP96a++Ej +YfDIJss2yKHzMI+ko6Kh3VOz3vCaMh+DkXkwwakfU5tTohVTP92dsxA7SH2JD/zt +A/X7JWR1DhcZDY8AFmd5ekD8LVkH2ZD6mq093ICK5lw1omdMEWux+IBkAC1vImHF +rEsm5VoQgpukg3s0956JkSCXjrdCx2bD0Omk1vUgjcTDlaxECp1bczwmPS9KvqfJ +pxAe+59QafMCAwEAAaOB5jCB4zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjAdBgNVHQ4EFgQU0QnQ6dfOeXRU+Tows/RtLAMDG2gwgaAGA1UdIASBmDCB +lTCBkgYEVR0gADCBiTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5jZXJ0aWNhbWFy +YS5jb20vZHBjLzBaBggrBgEFBQcCAjBOGkxMaW1pdGFjaW9uZXMgZGUgZ2FyYW50 +7WFzIGRlIGVzdGUgY2VydGlmaWNhZG8gc2UgcHVlZGVuIGVuY29udHJhciBlbiBs +YSBEUEMuMA0GCSqGSIb3DQEBBQUAA4ICAQBclLW4RZFNjmEfAygPU3zmpFmps4p6 +xbD/CHwso3EcIRNnoZUSQDWDg4902zNc8El2CoFS3UnUmjIz75uny3XlesuXEpBc +unvFm9+7OSPI/5jOCk0iAUgHforA1SBClETvv3eiiWdIG0ADBaGJ7M9i4z0ldma/ +Jre7Ir5v/zlXdLp6yQGVwZVR6Kss+LGGIOk/yzVb0hfpKv6DExdA7ohiZVvVO2Dp +ezy4ydV/NgIlqmjCMRW3MGXrfx1IebHPOeJCgBbT9ZMj/EyXyVo3bHwi2ErN0o42 +gzmRkBDI8ck1fj+404HGIGQatlDCIaR43NAvO2STdPCWkPHv+wlaNECW8DYSwaN0 +jJN+Qd53i+yG2dIPPy3RzECiiWZIHiCznCNZc6lEc7wkeZBWN7PGKX6jD/EpOe9+ +XCgycDWs2rjIdWb8m0w5R44bb5tNAlQiM+9hup4phO9OSzNHdpdqy35f/RWmnkJD +W2ZaiogN9xa5P1FlK2Zqi9E4UqLWRhH6/JocdJ6PlwsCT2TG9WjTSy3/pDceiz+/ +RL5hRqGEPQgnTIEgd4kI6mdAXmwIUV80WoyWaM3X94nCHNMyAK9Sy9NgWyo6R35r +MDOhYil/SrnhLecUIw4OGEfhefwVVdCx/CVxY3UzHCMrr1zZ7Ud3YA47Dx7SwNxk +BYn8eNZcLCZDqTAoMAoGCCsGAQUFBwMDDBpBQyBSYcOteiBDZXJ0aWPDoW1hcmEg +Uy5BLg== +-----END TRUSTED CERTIFICATE----- + +# ADOCA02 +-----BEGIN TRUSTED CERTIFICATE----- +MIID2TCCAsGgAwIBAgICBxUwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQVUx +DDAKBgNVBAoTA0dPVjEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxDDAKBgNV +BAsTA0NBczEQMA4GA1UEAxMHQURPQ0EwMjAeFw0xMTA5MDEwNDI2MDdaFw0xOTAx +MjcwMjMxMjRaMFcxCzAJBgNVBAYTAkFVMQwwCgYDVQQKEwNHT1YxDDAKBgNVBAsT +A0RvRDEMMAoGA1UECxMDUEtJMQwwCgYDVQQLEwNDQXMxEDAOBgNVBAMTB0FET0NB +MDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkUIVId4++/0nRu3Wu +hyAKlkElK7xGB93LBIaVLEkuvUYMDvdYoGAWhdpdO+N1XkJ9ZGyPwV0pZEGyhbcb +Rr2F2tc6HbK08Uo9/h7ayO6GnaNqUQvkRZiv2BtIvDwUIu0rnzt/bzM81n2s4HlP +v2WTyxcqb7x6D+lbX+EMKvtAUjZKXWU4y1nBSLOkkYUWXXh9ws8tM+5ZSsjmYbOG +H4TIuBpsntFgtII1670jqC+TVFDOJF4xrtNqNCxhhzdGHkOJxoDLIgPTyYUuH5ux +rDlLTWDyimEb/4OxLHOPiELALbHKnsCVZ3R7luRqeo5BRaA088645+KP81BVZG+5 +ICuTAgMBAAGjga4wgaswDAYDVR0TBAUwAwEB/zBLBgNVHSAERDBCMDgGCSokAYJO +AQEBATArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3LmRlZmVuY2UuZ292LmF1L3Br +aTAGBgRVHSAAMA4GA1UdDwEB/wQEAwIBxjAfBgNVHSMEGDAWgBTp553rNb24sitJ +WPS8kn2LcYoRWjAdBgNVHQ4EFgQU6eed6zW9uLIrSVj0vJJ9i3GKEVowDQYJKoZI +hvcNAQEFBQADggEBAFbQqMhsybSs8TuBdSsRxPZWtFeuwpIZXJZzCu0uQ5xkKll4 +E7VQjE5qkFTzGT4WGM9DE8kyc/hV4MrQkhk+ZaPegBIcUaUYLMBp3beGMq/wrc/g +wyPE5fy2PwsF15Y6ZF53jITO8dzNBArcl/EhHMd9MCVd1yA1lcOHHbY/21PiKqT4 +GRc6DBXuswU4Me5Fcd2X+3hxhgL0nzQZc0kQK6B/8cn6oPJYIzEW+BBQgrtd0urv +ad1ndlU4x6gOA4A4TwAga98rZZPbCK9gbDQgqK1IPxB+psOUAZXhgSyg7YyuVE46 +S8PSws9+AnzvKiy77NrexQGvlEntD8K/DpBpLWswFTAKBggrBgEFBQcDAwwHQURP +Q0EwMg== +-----END TRUSTED CERTIFICATE----- + +# ANCERT Certificados CGN +-----BEGIN TRUSTED CERTIFICATE----- +MIIFKjCCBBKgAwIBAgIPRHTsyGxyHljduCx+9PyVMA0GCSqGSIb3DQEBBQUAMHwx +CzAJBgNVBAYTAkVTMUswSQYDVQQKE0JBZ2VuY2lhIE5vdGFyaWFsIGRlIENlcnRp +ZmljYWNpb24gUy5MLiBVbmlwZXJzb25hbCAtIENJRiBCODMzOTU5ODgxIDAeBgNV +BAMTF0FOQ0VSVCBDZXJ0aWZpY2Fkb3MgQ0dOMB4XDTA0MDIxMTE3MjcxMloXDTI0 +MDIxMTE3MjcxMlowfDELMAkGA1UEBhMCRVMxSzBJBgNVBAoTQkFnZW5jaWEgTm90 +YXJpYWwgZGUgQ2VydGlmaWNhY2lvbiBTLkwuIFVuaXBlcnNvbmFsIC0gQ0lGIEI4 +MzM5NTk4ODEgMB4GA1UEAxMXQU5DRVJUIENlcnRpZmljYWRvcyBDR04wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQdT8/DKzK1HzESKcYuzq7obvVe9+L +GeSCRPtl7LYSYT5pIhliNSS21RAGqUVqJCr1J4x4PMi58wVsxQID0k6AZOyGq3iU +IgIAtWib1OVVX+DIgDDnC79r1wSOTnmYcEwcJrmzqOrwEaK5ilMCJnUSieH7iE5Z +egDRgtgWruW2vJUlYEB3JRue743k/fBPMzElv+56ClTwkDhnEnulYNoMAYmadocu +9RtDe+XnJkr7FWKrRRt71QqlTWxNq58oSIThg3W4GHBVU9vQ3ymQrznGF5XBlMVe +2WVfXf9uFpWYIZ9eTfDNMTkhAxcNkR+hVZlB7FXJuz2ZXJvFf9EcXupTAgMBAAGj +ggGnMIIBozAPBgNVHRMBAf8EBTADAQH/MIIBIAYDVR0gBIIBFzCCARMwggEPBgkr +BgEEAYGTaAQwggEAMCUGCCsGAQUFBwIBFhlodHRwOi8vd3d3LmFuY2VydC5jb20v +Y3BzMIHWBggrBgEFBQcCAjCByTANFgZBTkNFUlQwAwIBARqBt0FnZW5jaWEgTm90 +YXJpYWwgZGUgQ2VydGlmaWNhY2lvbi4gTGEgZGVjbGFyYWNpb24gZGUgcHJhY3Rp +Y2FzIGRlIGNlcnRpZmlhY2lvbiBxdWUgcmlnZSBlbCBmdW5jaW9uYW1pZW50byBk +ZSBsYSBwcmVzZW50ZSBhdXRvcmlkYWQgc2UgZW5jdWVudHJhIGRpc3BvbmlibGUg +ZW4gaHR0cDovL3d3dy5hbmNlcnQuY29tL2NwczAOBgNVHQ8BAf8EBAMCAYYwHAYD +VR0RBBUwE4ERYW5jZXJ0QGFuY2VydC5jb20wHwYDVR0jBBgwFoAU7FefyHYib8w6 +rlvwLaFiWNGNAswwHQYDVR0OBBYEFOxXn8h2Im/MOq5b8C2hYljRjQLMMA0GCSqG +SIb3DQEBBQUAA4IBAQCLPd/cNix/J5z8tVhTcQoSXRBkUXG1Slb0XkRnHu8dsvGk +UTxnbCxllnqhEqOvCwg3DpnWbiiHC2KrTnhOcoGb3xFPiWDIUaYbBglxc3w3txw4 +N5r5h+Hvoe5/18DqORT6fG8L+YbK5sV3aaCfjSmjd27FzNr23QZ602lmPmA74zLf +rvAbniqdzITfGhBH7aVWlkI3tS1yDUESk7oyiETIrgnEvYDt/WAPcrK2ZPZjIDJw +d4cuMy6fNchfqJJWt/8kOixd8iYFaBnyUWfP31IJ6YIEemuCp3/l0ql0axgmyLrU +1R6lSzsmwZ0i4fsSvdViRtXXXdLdw/xhDTAFTwWLMCUwCgYIKwYBBQUHAwMMF0FO +Q0VSVCBDZXJ0aWZpY2Fkb3MgQ0dO +-----END TRUSTED CERTIFICATE----- + +# ANCERT Certificados CGN V2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIHBDCCBOygAwIBAgIQDziMcP6mlV3pXZyHr3kEmTANBgkqhkiG9w0BAQsFADB1 +MQswCQYDVQQGEwJFUzFBMD8GA1UEChM4QWdlbmNpYSBOb3RhcmlhbCBkZSBDZXJ0 +aWZpY2FjaW9uIFMuTC5VLiAtIENJRiBCODMzOTU5ODgxIzAhBgNVBAMTGkFOQ0VS +VCBDZXJ0aWZpY2Fkb3MgQ0dOIFYyMB4XDTEwMDUyNTE2MzEyMloXDTMwMDUyNTE2 +MzEyM1owdTELMAkGA1UEBhMCRVMxQTA/BgNVBAoTOEFnZW5jaWEgTm90YXJpYWwg +ZGUgQ2VydGlmaWNhY2lvbiBTLkwuVS4gLSBDSUYgQjgzMzk1OTg4MSMwIQYDVQQD +ExpBTkNFUlQgQ2VydGlmaWNhZG9zIENHTiBWMjCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAJ1ScOknGIPK6sSZ2KbhLhSvbh4OZMqBN1UnHBd3WGcfjMn5 +wopiZSh0m+LRvlUHdnbufG1OY1seSiV14Aeh0NKCp84PM+u6FMBlskou5WW8ItKv +Gg7Ky/NkZSssmaOXi4t1MP5m+sFPSzdQjD/z3pl6ToecIEZyl/5WG2ZOoIJTo1zY +KEYMBRdvONZcnw4lIsGG41waVNuunWV9AJLfqCEhxVsQJnThsXNXZHx9FwMM6vcU +lw/5xe5ddbDFxgoLtD5J4xnGm0ST/FoVZAqyg/+AXogJ0Mogo1v7283hGncjGHAa +i+1EP9YaqDY44Z0vp3fEerPAcrJyzR4/EF4aiHSN8BLF969J3JWvK020kMr57u8M +478WNyNT4yn69HRpaD1XbRRgimRpKGRN+jZH/bgSzsOGqlzcZjkHTzvj48Vors7g +OVwggz8SCjizAMFcE5ciXjpLNZn4xB7e+YgRjoTJizLy0te/Igc/YHgudRyiuiMS +0/BPUDnsyXcnx1oqjtO5tXQEmRUvLoZfjwbByuriqB9NfTOEkaSSw9CmSF1mGneE +IFCc6gQLDCOWz7Gc/Lm6H5eo06sDZS99rlTHeeIcNt1t0gaYAf3O/D9Lw9Ku/4nY +OTED2LFkdwPG+KON/Cp55xC9uW2RHD6dy7xVfyL+YYT42NSnIXo5XnIy60x1AgMB +AAGjggGOMIIBijAPBgNVHRMBAf8EBTADAQH/MIIBJQYDVR0gBIIBHDCCARgwggEU +BgkrBgEEAYGTaAQwggEFMCUGCCsGAQUFBwIBFhlodHRwOi8vd3d3LmFuY2VydC5j +b20vY3BzMIHbBggrBgEFBQcCAjCBzjANFgZBTkNFUlQwAwIBAR6BvABBAGcAZQBu +AGMAaQBhACAATgBvAHQAYQByAGkAYQBsACAAZABlACAAQwBlAHIAdABpAGYAaQBj +AGEAYwBpAG8AbgAuACAAUABhAHMAZQBvACAAZABlAGwAoABHAGUAbgBlAHIAYQBs +ACAATQBhAHIAdABpAG4AZQB6ACAAQwBhAG0AcABvAHMAIAA0ADYAIAA2AGEAIABw +AGwAYQBuAHQAYQAgADIAOAAwADEAMAAgAE0AYQBkAHIAaQBkMA4GA1UdDwEB/wQE +AwIBhjAdBgNVHQ4EFgQUBW7hoZruB6/O9bTTZT0EUOLQm0QwHwYDVR0jBBgwFoAU +BW7hoZruB6/O9bTTZT0EUOLQm0QwDQYJKoZIhvcNAQELBQADggIBAH9UQBkkykwT +9hP5XGKVMNW44JOAbNQVRtQnPpJSqtyBY4ZA29Ulr5+TbAr1TaH+VJZdh68Rkw+L +8uPwH0qf/KnRyVB3X5gICC16i4EQzDsCVFjlxqf098ro9jcGfucR12yFY/eoow7i +JWIEpPJiU5xHtKdku4Hl1l5WEb5FEWHCZun0DXSoq/lbv4KykaZQ+4d+b7vI6wWi +uRDXG0IHVc+J5r/7ufBqOVdTcIy9S6Npvx+LplxNZYq5AAnoaL8JJwdNXtpSCYzl +cZOKzIWO0jdeU9yCbQtWSoR5CvQQJUT1b10aZrXN1RBLh1pO1H/kcazuaJ+8+i5Y +wcSef6RZheBSDvLHR3UVLSx2jA9FBTVg+Hs7dzJ/KIAJ2jG8cX3hrJHNYAp5IOxu +O7eE4HLzqUrQL+Rb49Ia1Eq89Xb5fyoZSOvdDs+ZVkW4fdYJjg7Os4RoSYRUNUvk +mRuv86gU81SYCoB+T7zyZi0m/zCNp/a925qP5eHfu7cyDvmSb2nj5HbTADbxLV7H +E1/V2Wot6NEba3bLGG4OBRD1WvJJG1m0herKGXTMu1LiN4zCagIlwtJxpJLbjsnW +qW7QhShtXG0IeAKweQxXbwtaAeOEhAL2z/KrY+sCarnLShjVOSI8VkqqlYjmMAAf +jSEhyVfuubdEKYhPtiunFO6O7m++FtATMCgwCgYIKwYBBQUHAwMMGkFOQ0VSVCBD +ZXJ0aWZpY2Fkb3MgQ0dOIFYy +-----END TRUSTED CERTIFICATE----- + +# ANCERT Certificados Notariales +-----BEGIN TRUSTED CERTIFICATE----- +MIIFPDCCBCSgAwIBAgIRAPTPierdpMY+ka1IDi0iNoQwDQYJKoZIhvcNAQEFBQAw +gYMxCzAJBgNVBAYTAkVTMUswSQYDVQQKE0JBZ2VuY2lhIE5vdGFyaWFsIGRlIENl +cnRpZmljYWNpb24gUy5MLiBVbmlwZXJzb25hbCAtIENJRiBCODMzOTU5ODgxJzAl +BgNVBAMTHkFOQ0VSVCBDZXJ0aWZpY2Fkb3MgTm90YXJpYWxlczAeFw0wNDAyMTEx +NTU4MzBaFw0yNDAyMTExNTU4MjZaMIGDMQswCQYDVQQGEwJFUzFLMEkGA1UEChNC +QWdlbmNpYSBOb3RhcmlhbCBkZSBDZXJ0aWZpY2FjaW9uIFMuTC4gVW5pcGVyc29u +YWwgLSBDSUYgQjgzMzk1OTg4MScwJQYDVQQDEx5BTkNFUlQgQ2VydGlmaWNhZG9z +IE5vdGFyaWFsZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwkQ/Q +Zy0psmNNHzV59mVrufPztViTJ2RPp9VbggVym38drgjSjNDRyWCwmRk11hnGADlp +fSLvdCKDtH7qEIs+Mxzh3WQ2KfNSSm5Bw75RDB9juL+NqT8xMTu78TZEPCdlFHl1 +5hCkPFgby1NiEvWHWkaieaNg4xao3oSm+uXMxBAy9kLaR00YPeZ6DysOY/9nfUPV +dBaQNLQPziZzIcFK2mTkT+Mjtdn2q7dKf5bhy0f9BkPRlDRpCv496GaqJgzVYzkG +cJOtfLPkR8E7R45plwyRoEwHj8mATK5wk2iPocMiwvF1myh9kpJVOqhZGewSMRzv +nRfcuUAJW/QtEyZzAgMBAAGjggGnMIIBozAcBgNVHREEFTATgRFhbmNlcnRAYW5j +ZXJ0LmNvbTAfBgNVHSMEGDAWgBSE9/pyXohkZh0ojLB3vQxqn0xNYjAPBgNVHRMB +Af8EBTADAQH/MIIBIAYDVR0gBIIBFzCCARMwggEPBgkrBgEEAYGTaAEwggEAMCUG +CCsGAQUFBwIBFhlodHRwOi8vd3d3LmFuY2VydC5jb20vY3BzMIHWBggrBgEFBQcC +AjCByTANFgZBTkNFUlQwAwIBARqBt0FnZW5jaWEgTm90YXJpYWwgZGUgQ2VydGlm +aWNhY2lvbi4gTGEgZGVjbGFyYWNpb24gZGUgcHJhY3RpY2FzIGRlIGNlcnRpZmlh +Y2lvbiBxdWUgcmlnZSBlbCBmdW5jaW9uYW1pZW50byBkZSBsYSBwcmVzZW50ZSBh +dXRvcmlkYWQgc2UgZW5jdWVudHJhIGRpc3BvbmlibGUgZW4gaHR0cDovL3d3dy5h +bmNlcnQuY29tL2NwczAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIT3+nJeiGRm +HSiMsHe9DGqfTE1iMA0GCSqGSIb3DQEBBQUAA4IBAQAv+OXYM6XClG5ewPHuoUwK +rYYPwDPdntLZm+7FK4UpdqylElOTHaoH7Ok5ZAto8HUk6dGGjJxTausVoQm3GQe5 +nY8CshtJcMJjdN0Lqv4HxjdWxoP+wE8czDiq/e5VmIlcwlOtIIe6FmRSYezBn7vU +YtEqyF3wK/jaEs4jy7HMwdIKvfzAgE5VSfqJ2GSjSsrui9fl7ZL7YOLiKs8tKD6m +/4CcZcwSnqUcdFmQpYd/ZxWAEMCh0agw7KECkYpa0yMXk1pHIXnqM3oPfzg1mspW +uL9kuqewtVEdFp6OiX04OsuETQeY2OXhjAVqpTcM1nkpPvFCxLb36hmgYeACTr8S +MCwwCgYIKwYBBQUHAwMMHkFOQ0VSVCBDZXJ0aWZpY2Fkb3MgTm90YXJpYWxlcw== +-----END TRUSTED CERTIFICATE----- + +# ANCERT Certificados Notariales V2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIHEjCCBPqgAwIBAgIQCb1WBSoTFvRoT3QOqX0cSDANBgkqhkiG9w0BAQsFADB8 +MQswCQYDVQQGEwJFUzFBMD8GA1UEChM4QWdlbmNpYSBOb3RhcmlhbCBkZSBDZXJ0 +aWZpY2FjaW9uIFMuTC5VLiAtIENJRiBCODMzOTU5ODgxKjAoBgNVBAMTIUFOQ0VS +VCBDZXJ0aWZpY2Fkb3MgTm90YXJpYWxlcyBWMjAeFw0xMDA1MjUxNjU2MTRaFw0z +MDA1MjUxNjU2MTRaMHwxCzAJBgNVBAYTAkVTMUEwPwYDVQQKEzhBZ2VuY2lhIE5v +dGFyaWFsIGRlIENlcnRpZmljYWNpb24gUy5MLlUuIC0gQ0lGIEI4MzM5NTk4ODEq +MCgGA1UEAxMhQU5DRVJUIENlcnRpZmljYWRvcyBOb3RhcmlhbGVzIFYyMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsua5xh1qKi1Jxfz81GRA0OAULveg +wv+S80GmtD/avhkUkZR20xXMXn94UHrb2sVFqsscI3lzkKi7ZwFzjs5A+Rqpqofk +k5IPXGhcXvAGYCtY3DxtPMd6MGsFqpKGcyrS8hqIxNvlWmaOdclCP5uIKEAe9alc +HvrIQaEwqwuc7haiwS2lhfrtoAzof5ZKe72PmqIYdtKv3bc9EKtSEIiuHeu4MnSW +9LeqJ/elBw3jlFdqVCB3zR28eS3knLTeUYj+VtY9i6HP+lIejAVzd9YFz2MAUYdh +41C+mZfh/B4ReWtOas+chQoclirAIDYUxQkXYjv0rerV1/3QOSp409Ciz8hzMAlH +xU4Z/bgw1A+AmIiGwUxBeiPFQ/1eErg+D7G3gWIMfm/je5rCwkcRIR/PntEwzoPB +EE1Ad9e1wksyQEL6m7Csz+sh2BnrZMVr3VUtgIdEfEw8qw3YEr80goyxqsS4a+gO +RnfSiwYdQvusvcnnM7Mib37VLgPFXwUWhnzt457RFncaRtjJ0IzkXFwhBZHxZOSs +xTeutb1nE64p5bNCxHAJo11M6zcg4/D1czM7wvyOUYU2KsuB2w6JI9ni4Wi6LER3 +PhxAuvBnjhiH8D3X6T9HWzVCzacEzkhyKQUatNGi5w15ipZtZ1ItOyPm+YKc1rN5 +XhTeZUgz/B1C6C0CAwEAAaOCAY4wggGKMA8GA1UdEwEB/wQFMAMBAf8wggElBgNV +HSAEggEcMIIBGDCCARQGCSsGAQQBgZNoATCCAQUwJQYIKwYBBQUHAgEWGWh0dHA6 +Ly93d3cuYW5jZXJ0LmNvbS9jcHMwgdsGCCsGAQUFBwICMIHOMA0WBkFOQ0VSVDAD +AgEBHoG8AEEAZwBlAG4AYwBpAGEAIABOAG8AdABhAHIAaQBhAGwAIABkAGUAIABD +AGUAcgB0AGkAZgBpAGMAYQBjAGkAbwBuAC4AIABQAGEAcwBlAG8AIABkAGUAbACg +AEcAZQBuAGUAcgBhAGwAIABNAGEAcgB0AGkAbgBlAHoAIABDAGEAbQBwAG8AcwAg +ADQANgAgADYAYQAgAHAAbABhAG4AdABhACAAMgA4ADAAMQAwACAATQBhAGQAcgBp +AGQwDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBT2Ejqre1jBjUNvdoHS8rjT7xfq +CzAfBgNVHSMEGDAWgBT2Ejqre1jBjUNvdoHS8rjT7xfqCzANBgkqhkiG9w0BAQsF +AAOCAgEAVDXTomXJ2TbFU9G0jXI0ibqnCJ/pNRC5uAwG+WSqlZYoqMijgNxWwL9y +TVa/f10E1a0oW02988MPFbBx2laNQFVXpn1ioq0TaVGqlFC6vQAwUPXdpE4JepQx +a9tzA73z2hoPjC+yyTe8VNULIzf15Fs3ZolPtMcFpGXcWTCmEyt+Fe3sEBeJUsmd +36JM7fYPHqZJsA1RszGxUZnLtNEjeNJLqLQdFqag0D4HfmU/Jc5kThsuS02ChRpl +2+7iA/BZJAWPme95gt/uKjdow2pQAVlfn2jcLFFgK13gUjw7cLgA0zeoPlsedgha +1Lt2MK75yPKOpI8KdX0amOG/0DaULzzBUtNp6hpgN4yA201txppdjaBhUbs9DeYS +oJ9vWVZ0MmcK/DcGwTrkK46EH9ohDEmIQ9Ol9YINdobDLMyQu7O4q8bLrsAXUZ7T +gPck2hzszhKDzk42MDl1+HR2kIKePkBMDBS5Gh5IarAx6oh/gEFAU3s4S4eQYHpL +zmdGaHV3jgBdILDkkzdtA99YOeiaxaTr7GEzCIUka08G6a2QpTZibOPdfQkfM7+3 +u/fJdQX3W6v6h1mvGmcQfoTcjHDWROkQwdibLtHGQGrq5loPEH1s+1WHuk21cQOe +F4942lU9V14iCmqY8I0Izd2WQlobzbpvJ7h0J6g/5aDWc8deLyEwLzAKBggrBgEF +BQcDAwwhQU5DRVJUIENlcnRpZmljYWRvcyBOb3RhcmlhbGVzIFYy +-----END TRUSTED CERTIFICATE----- + +# ANCERT Corporaciones de Derecho Publico +-----BEGIN TRUSTED CERTIFICATE----- +MIIFTTCCBDWgAwIBAgIQP7Ll8tF8ixhkVmKpOYF/pzANBgkqhkiG9w0BAQUFADCB +jDELMAkGA1UEBhMCRVMxSzBJBgNVBAoTQkFnZW5jaWEgTm90YXJpYWwgZGUgQ2Vy +dGlmaWNhY2lvbiBTLkwuIFVuaXBlcnNvbmFsIC0gQ0lGIEI4MzM5NTk4ODEwMC4G +A1UEAxMnQU5DRVJUIENvcnBvcmFjaW9uZXMgZGUgRGVyZWNobyBQdWJsaWNvMB4X +DTA0MDIxMTE3MjI0NVoXDTI0MDIxMTE3MjI0NVowgYwxCzAJBgNVBAYTAkVTMUsw +SQYDVQQKE0JBZ2VuY2lhIE5vdGFyaWFsIGRlIENlcnRpZmljYWNpb24gUy5MLiBV +bmlwZXJzb25hbCAtIENJRiBCODMzOTU5ODgxMDAuBgNVBAMTJ0FOQ0VSVCBDb3Jw +b3JhY2lvbmVzIGRlIERlcmVjaG8gUHVibGljbzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAKIhlYfciuvWepCoaDX9F/x0OlQQkjWTQnUu2D7LqZShvmo3 +P1K6pHvahJkWeU4AaNQfE+lGOzxKnYM62CHvwvJAReEPYEUE7fyKGC75PeSkETIg +jjq37pZAFRqZ6SGdcqzNH4muqtmhQLCoZ778eg5HsV68+DBqjjefBULsLMOmG4ur +xFA9+uRz9SGwuFVfh+CiRzgvQF9PbKuUJFbjTI9+kOkngiibmLqa1rWbV29rFRz5 +u3ApfTz3E6jRcfGw/ohFcamldGXLw/n1Aw8Qw4YwAG7BwCaiiP4hxzI9u8Z7G7eb +irP6sXxx2QGnQpCqL5iQhKrexq3sPFFKBR0BUZsCAwEAAaOCAacwggGjMA8GA1Ud +EwEB/wQFMAMBAf8wggEgBgNVHSAEggEXMIIBEzCCAQ8GCSsGAQQBgZNoAzCCAQAw +JQYIKwYBBQUHAgEWGWh0dHA6Ly93d3cuYW5jZXJ0LmNvbS9jcHMwgdYGCCsGAQUF +BwICMIHJMA0WBkFOQ0VSVDADAgEBGoG3QWdlbmNpYSBOb3RhcmlhbCBkZSBDZXJ0 +aWZpY2FjaW9uLiBMYSBkZWNsYXJhY2lvbiBkZSBwcmFjdGljYXMgZGUgY2VydGlm +aWFjaW9uIHF1ZSByaWdlIGVsIGZ1bmNpb25hbWllbnRvIGRlIGxhIHByZXNlbnRl +IGF1dG9yaWRhZCBzZSBlbmN1ZW50cmEgZGlzcG9uaWJsZSBlbiBodHRwOi8vd3d3 +LmFuY2VydC5jb20vY3BzMA4GA1UdDwEB/wQEAwIBhjAcBgNVHREEFTATgRFhbmNl +cnRAYW5jZXJ0LmNvbTAfBgNVHSMEGDAWgBSMTB43DLGf0qxECzq+As/0jS1mlTAd +BgNVHQ4EFgQUjEweNwyxn9KsRAs6vgLP9I0tZpUwDQYJKoZIhvcNAQEFBQADggEB +AEd0wJSR4qX7mFJEk2zEwB3gedtpZC1hrqR3kTW1t8qXqsCxhvUbaGuqWLJ8P+cD +J/hBcbym0iCpgJWiR61tRnSthJvYb6n1uS9tm8DdmYftWbJ1gaWJhSrM0IWBTfOv +d96MwSiaQqwFhww0nHGH/ewBFB++wy7w3/okpl0fPPGiC1GIAa4Sh6S1XXGy3+8N +fCDjfxMLTabAd8w/1g9xx3FMLh76GQZlya1WbHeNRj+9MIMe4C5VuHgjdDxYCmM6 +TYF7bzVwrrYl2fYk/iPG2hqIr6gUk3PgwFuwMWka9ilfVrcaCsL5C+oCwTMRYmp8 +Q+jqGquQAIXgRQ99jrpQ1cYwNTAKBggrBgEFBQcDAwwnQU5DRVJUIENvcnBvcmFj +aW9uZXMgZGUgRGVyZWNobyBQdWJsaWNv +-----END TRUSTED CERTIFICATE----- + +# ANF Secure Server Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNV +BAUTCUc2MzI4NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlk +YWQgZGUgQ2VydGlmaWNhY2lvbjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNV +BAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3QgQ0EwHhcNMTkwOTA0MTAwMDM4WhcN +MzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEwMQswCQYDVQQGEwJF +UzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQwEgYD +VQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9v +dCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCj +cqQZAZ2cC4Ffc0m6p6zzBE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9q +yGFOtibBTI3/TO80sh9l2Ll49a2pcbnvT1gdpd50IJeh7WhM3pIXS7yr/2WanvtH +2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcvB2VSAKduyK9o7PQUlrZX +H1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXsezx76W0OL +zc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyR +p1RMVwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQz +W7i1o0TJrH93PB0j7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/ +SiOL9V8BY9KHcyi1Swr1+KuCLH5zJTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJn +LNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe8TZBAQIvfXOn3kLMTOmJDVb3 +n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVOHj1tyRRM4y5B +u8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj +o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AgEATh65isagmD9uw2nAalxJUqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L +9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzxj6ptBZNscsdW699QIyjlRRA96Gej +rw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDtdD+4E5UGUcjohybK +pFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM5gf0 +vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjq +OknkJjCb5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ +/zo1PqVUSlJZS2Db7v54EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ9 +2zg/LFis6ELhDtjTO0wugumDLmsx2d1Hhk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI ++PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGyg77FGr8H6lnco4g175x2 +MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3r5+qPeoo +tt7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjawwJzAKBggrBgEFBQcD +AQwZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# ANF Server CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIGnTCCBYWgAwIBAgIDATRLMA0GCSqGSIb3DQEBBQUAMIHZMQswCQYDVQQGEwJF +UzESMBAGA1UECAwJQmFyY2Vsb25hMUcwRQYDVQQHDD5CYXJjZWxvbmEgKHNlZSBj +dXJyZW50IGFkZHJlc3MgYXQgaHR0cHM6Ly93d3cuYW5mLmVzL2FkZHJlc3MvKTEo +MCYGA1UECgwfQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjacOzbjEXMBUGA1UE +CwwOQU5GIENsYXNlIDEgQ0ExEjAQBgNVBAUTCUc2MzI4NzUxMDEWMBQGA1UEAwwN +QU5GIFNlcnZlciBDQTAeFw0wOTExMzAyMzAwMDBaFw0yMTExMzAyMzAwMDBaMIHZ +MQswCQYDVQQGEwJFUzESMBAGA1UECAwJQmFyY2Vsb25hMUcwRQYDVQQHDD5CYXJj +ZWxvbmEgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgaHR0cHM6Ly93d3cuYW5mLmVz +L2FkZHJlc3MvKTEoMCYGA1UECgwfQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2Fj +acOzbjEXMBUGA1UECwwOQU5GIENsYXNlIDEgQ0ExEjAQBgNVBAUTCUc2MzI4NzUx +MDEWMBQGA1UEAwwNQU5GIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL/qSKeaiDlrLEhABwSTfPe4LX6lN+Jh1iH8kDfLaT5eizffW287 +2LbDiECQ9J0MXBBSsbPlX5EQ5v2ogBRf04u9XL0PI5IJN+Ny0maUC1x0lC9e8k7Y +A8azzlalHNl7/U8HTNS32l8pTXXyH1XPMiMcRgknHUXs8Yw0id57FqdDXoor6ZRD +Htc+k21viT287rHIt//JfeNfDW93ePUqLo3Ei5iXMLFGWgtjcNR4x4azf/8nQqqf +im5toZTK7IcCHNZUS/28iZumYzhmjBaJiZfDUOj2QgGnd30QGZID6F1FyBXFhxsN +kfLGOZx788AKmfjug29+QncRjsMfHHIvPRsCAwEAAaOCAmowggJmMB0GA1UdDgQW +BBS+O/a0MbdzJEg5xVcTlHWqn4E/LDCCAQkGA1UdIwSCAQAwgf2AFL479rQxt3Mk +SDnFVxOUdaqfgT8soYHfpIHcMIHZMQswCQYDVQQGEwJFUzESMBAGA1UECAwJQmFy +Y2Vsb25hMUcwRQYDVQQHDD5CYXJjZWxvbmEgKHNlZSBjdXJyZW50IGFkZHJlc3Mg +YXQgaHR0cHM6Ly93d3cuYW5mLmVzL2FkZHJlc3MvKTEoMCYGA1UECgwfQU5GIEF1 +dG9yaWRhZCBkZSBDZXJ0aWZpY2FjacOzbjEXMBUGA1UECwwOQU5GIENsYXNlIDEg +Q0ExEjAQBgNVBAUTCUc2MzI4NzUxMDEWMBQGA1UEAwwNQU5GIFNlcnZlciBDQYID +ATRLMAwGA1UdEwQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMDEGCisGAQQBgY8cKgYE +IxshaHR0cHM6Ly93d3cuYW5mLmVzL0FDL0FDVEFTLzc4OTIzMBgGCisGAQQBgY8c +EwEEChsIODAxLTM0MDAwOAYIKwYBBQUHAQEELDAqMCgGCCsGAQUFBzABhhxodHRw +Oi8vd3d3LmFuZi5lcy9BQy9SQy9vY3NwMGMGA1UdHwRcMFowK6ApoCeGJWh0dHBz +Oi8vd3d3LmFuZi5lcy9BQy9BTkZTZXJ2ZXJDQS5jcmwwK6ApoCeGJWh0dHBzOi8v +Y3JsLmFuZi5lcy9BQy9BTkZTZXJ2ZXJDQS5jcmwwFgYDVR0SBA8wDYELaW5mb0Bh +bmYuZXMwFgYDVR0RBA8wDYELaW5mb0BhbmYuZXMwDQYJKoZIhvcNAQEFBQADggEB +ALXGx7xG+kJcE8GUdTNWvy+nB3PsN+NDdOr5Zk9ejX/w5nnDTfXZOKXMykP0U4CG +v7zQEV2QxMJAR+vFh5PBtnhemq6H9WIQWUxMbQa+mRMVs7P6HHJ+4CIhAVg1OGii +5Pjh8PA2UJHgtHfcY4QzkmC4yxby0mM7TFw1OuesAlPFHIEBd8ccER9UMO9UjyX6 +iSeUNKMPFE9v6XPZGGLn7gjoyYN7yDObfESafBqQtdJxid899BxPTlHgyWu2qgse +2TAP02PV7XD0wYPtBkWaqOq0iTf9WjdH75F5pzX/8Nww7Q0UZ9t8WuCPbTP+PJ4V +M8PDLQ5dqnwNjjGWTYv/BdUwGzAKBggrBgEFBQcDAwwNQU5GIFNlcnZlciBDQQ== +-----END TRUSTED CERTIFICATE----- + +# ATHEX Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDNzCCAh+gAwIBAgICJxwwDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCR1Ix +HTAbBgNVBAoTFEF0aGVucyBFeGNoYW5nZSBTLkEuMRYwFAYDVQQDEw1BVEhFWCBS +b290IENBMB4XDTEwMTAxODE1NTYwM1oXDTMwMTAxNzIxMDAwMFowRDELMAkGA1UE +BhMCR1IxHTAbBgNVBAoTFEF0aGVucyBFeGNoYW5nZSBTLkEuMRYwFAYDVQQDEw1B +VEhFWCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRo9 +MLWzOLK/eruuodbXhfAiOqSJacThYgTJcNM8MxLi5jjld6QkRGQNt65MWt3hGAY+ +7ZtaBfXh3hLtNircR9mRUZntsb9qc6EKCCSoio0cC1nTv3AjVUSgjDDFzm1PsOy+ +84wx3wpa3NNXXAWgM5U7l49UC7j1a33Hxay1eY4GOPGoKVU9mjbQJ180ahJ4FyjZ +mEns2VpS2iY6+u5MpiaOqD5VH7If4bWb+To19u2RHP0LECT9H/nT4wAlsQslwLd9 +mjwHOoAL1qj+kUXowdLFIm/T5XEftiw2tFig7c1KaORqV/ShdezXAJnV9plc607J +u9cao0VZAA+MO9t0NQIDAQABozMwMTAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQK +BAhD4oDou9K3wTALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAD8BY3UH +Mitfdf92jtOpuG/MUD2EV08og+h8o26ivPfCuq46q07QD5IouN1bLNvl1h86k+GR +DteqXwFhLD5hT96VFU3MPeoy4qP++Bap8rwp/CmefXKlXaFrAtVfSPSgO8sYRvA9 +F1WD0ClhkbuaQUnRE75BlPI+wySrn8drQpBCeX5aUfs8XgshH8vZSBMVsWp/A8TR +ulHScImqCEqHHPZ6mLHUUQVVxpAXb8PgBMB69C8YolZCcy62spvROb4JwgJKJBf5 +96y9cQe/leKX5aGECI2y4kSh3IkwO6gMBXpddgBPHm9xfys52kVCOTHSqTJA1Dhj +E5Y3mkld2cf9uEwwGzAKBggrBgEFBQcDAwwNQVRIRVggUm9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Actalis Authentication CA G1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDlDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJJVDEP +MA0GA1UEBwwGTWlsYW5vMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUy +MDk2NzElMCMGA1UEAwwcQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBDQSBHMTAeFw0w +OTA2MjMxNDA2MDBaFw0yMjA2MjUxNDA2MDBaMGoxCzAJBgNVBAYTAklUMQ8wDQYD +VQQHDAZNaWxhbm8xIzAhBgNVBAoMGkFjdGFsaXMgUy5wLkEuLzAzMzU4NTIwOTY3 +MSUwIwYDVQQDDBxBY3RhbGlzIEF1dGhlbnRpY2F0aW9uIENBIEcxMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxyGND8nUkJguitg0CErydfpQHU6bFgP +IzvPhj7UZKtu2urIKtiVRd/JHNIlkp4QmFqLcWnAlen2a2jc97bEDf5u9XA7waSo +TyCiJwuf8RJ1fM+uf17LeAJYKNcvqtugrnQ9fqv26XKhKs/WkGDf4KA1ysDbBMQH +VvxmdYyOehOhPAZrGuZ/OZyI5IRvouJ/a5/sAarSxMuy7Jo9uBcYrB9gmTPm6wXd +zPJpZ7AOvigkQ8stuUeEGfnq5PH1aPSfx3tQUa+i/G93iDG/ktt/nMW1rKEImOdq +M/7RuwDhtwUIr/OmVog2PeOKSuINnYCGZp/UwqNQuhwS14eKMUq4FQIDAQABo0Uw +QzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU +AbvWm1a0fubFWN0smPTKcvZfM4YwDQYJKoZIhvcNAQEFBQADggEBAKEg1suiNG08 +buFV0krQ2bqyN1GIdyfuAkiTRUHidVHyGZQJoPO4fboDgCOgJe8BGbXZGnot40KK +sYYxD5bsZoTyziMSRpZrMV4Guq+jUqpCIKjRrqqb38QXnlNwAbSpGtpoyGMPtlpz +U9FpEQYTUudrqAUxt7D8h0bFdYiB8V94AuefrZy7VO1fmWo31etVsyrAQ2BR3LRx +kiajD8x6PdzAQokXKQhnVGTF+ahEvIRxWJY9Z1d/u6yQs3Eivz66rGYmRRCz8B86 +OmilUDXKtBeRBgEs9w2wcLJbVnW5d5nA2ZWFAi1zZgfJT5kR7lsrqONoIwWo8wQP +BrsfCY7GWx0wKjAKBggrBgEFBQcDAwwcQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBD +QSBHMQ== +-----END TRUSTED CERTIFICATE----- + +# Actalis Authentication Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE +BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w +MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC +SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 +ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv +UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX +4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 +KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ +gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb +rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ +51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F +be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe +KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F +v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn +fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 +jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz +ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL +e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 +jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz +WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V +SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j +pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX +X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok +fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R +K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU +ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU +LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT +LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhljBAMB4GCCsGAQUFBwMEBggr +BgEFBQcDAQYIKwYBBQUHAwMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBD +QQ== +-----END TRUSTED CERTIFICATE----- + +# AddTrust External CA Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQwJzAKBggrBgEFBQcDAwwZQWRkVHJ1 +c3QgRXh0ZXJuYWwgQ0EgUm9vdA== +-----END TRUSTED CERTIFICATE----- + +# Admin-Root-CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIFVTCCBD2gAwIBAgIEO/OB0DANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJj +aDEOMAwGA1UEChMFYWRtaW4xETAPBgNVBAsTCFNlcnZpY2VzMSIwIAYDVQQLExlD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRYwFAYDVQQDEw1BZG1pbi1Sb290LUNB +MB4XDTAxMTExNTA4NTEwN1oXDTIxMTExMDA3NTEwN1owbDELMAkGA1UEBhMCY2gx +DjAMBgNVBAoTBWFkbWluMREwDwYDVQQLEwhTZXJ2aWNlczEiMCAGA1UECxMZQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdGllczEWMBQGA1UEAxMNQWRtaW4tUm9vdC1DQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvgr0QUIv5qF0nyXZ3PXAJi +C4C5Wr+oVTN7oxIkXkxvO0GJToM9n7OVJjSmzBL0zJ2HXj0MDRcvhSY+KiZZc6Go +vDvr5Ua481l7ILFeQAFtumeza+vvxeL5Nd0Maga2miiacLNAKXbAcUYRa0Ov5VZB +++YcOYNNt/aisWbJqA2y8He+NsEgJzK5zNdayvYXQTZN+7tVgWOck16Da3+4FXdy +fH1NCWtZlebtMKtERtkVAaVbiWW24CjZKAiVfggjsiLo3yVMPGj3budLx5D9hEEm +vlyDOtcjebca+AcZglppWMX/iHIrx7740y0zd6cWEqiLIcZCrnpkr/KzwO135GkC +AwEAAaOCAf0wggH5MA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIASBkTCBjjCBiwYI +YIV0AREDAQAwfzArBggrBgEFBQcCAjAfGh1UaGlzIGlzIHRoZSBBZG1pbi1Sb290 +LUNBIENQUzBQBggrBgEFBQcCARZEaHR0cDovL3d3dy5pbmZvcm1hdGlrLmFkbWlu +LmNoL1BLSS9saW5rcy9DUFNfMl8xNl83NTZfMV8xN18zXzFfMC5wZGYwfwYDVR0f +BHgwdjB0oHKgcKRuMGwxFjAUBgNVBAMTDUFkbWluLVJvb3QtQ0ExIjAgBgNVBAsT +GUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxETAPBgNVBAsTCFNlcnZpY2VzMQ4w +DAYDVQQKEwVhZG1pbjELMAkGA1UEBhMCY2gwHQYDVR0OBBYEFIKf+iNzIPGXi7JM +Tb5CxX9mzWToMIGZBgNVHSMEgZEwgY6AFIKf+iNzIPGXi7JMTb5CxX9mzWTooXCk +bjBsMQswCQYDVQQGEwJjaDEOMAwGA1UEChMFYWRtaW4xETAPBgNVBAsTCFNlcnZp +Y2VzMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRYwFAYDVQQD +Ew1BZG1pbi1Sb290LUNBggQ784HQMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B +AQUFAAOCAQEAeE96XCYRpy6umkPKXDWCRn7INo96ZrWpMggcDORuofHIwdTkgOeM +vWOxDN/yuT7CC3FAaUajbPRbDw0hRMcqKz0aC8CgwcyIyhw/rFK29mfNTG3EviP9 +QSsEbnelFnjpm1wjz4EaBiFjatwpUbI6+Zv3XbEt9QQXBn+c6DeFLe4xvC4B+MTr +a440xTk59pSYux8OHhEvqIwHCkiijGqZhTS3KmGFeBopaR+dJVBRBMoXwzk4B3Hn +0Zib1dEYFZa84vPJZyvxCbLOnPRDJgH6V2uQqbG+6DXVaf/wORVOvF/wzzv0viM/ +RWbEtJZdvo8N3sdtCULzifnxP/V0T9+4ZTAbMAoGCCsGAQUFBwMDDA1BZG1pbi1S +b290LUNB +-----END TRUSTED CERTIFICATE----- + +# AdminCA-CD-T01 +-----BEGIN TRUSTED CERTIFICATE----- +MIIETTCCAzWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJDSDEO +MAwGA1UEChMFYWRtaW4xETAPBgNVBAsTCFNlcnZpY2VzMSIwIAYDVQQLExlDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0aWVzMRcwFQYDVQQDEw5BZG1pbkNBLUNELVQwMTAe +Fw0wNjAxMjUxMzM2MTlaFw0xNjAxMjUxMjM2MTlaMG0xCzAJBgNVBAYTAkNIMQ4w +DAYDVQQKEwVhZG1pbjERMA8GA1UECxMIU2VydmljZXMxIjAgBgNVBAsTGUNlcnRp +ZmljYXRpb24gQXV0aG9yaXRpZXMxFzAVBgNVBAMTDkFkbWluQ0EtQ0QtVDAxMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jQlMZmpLDhV+GNR9TAoSNle +JgQB4xAXJELQf5/ySMfoFA4MmjKqYXQkB6MGPuQKwR9XRRSPf61vqb8YPsdjRmgp +byHBcUd5t0N8RX6wRZUnPMW+bCCo2VqAU4XFbnlc2gHKaam0wdTtbBTXEkv0ieIH +fxCfFxXqSsSr60IkF/2/xbrAgV/QD5yHk6Ie8feAVWwi5UtaFqtu4LiFEh2QMyxs +Oyz1OcvKzkM2g873tyiE7jzMgZP+Ww3tibk2F9+e6ZeiB37TLOmVtvgpmrws4fiI +rFNXEYSWBVrUTbn81U47yWzOgf5fEHP07bRV5QOCzCm99qNimsbL6CG7nT78CQID +AQABo4H3MIH0MBIGA1UdEwEB/wQIMAYBAf8CAQAwga4GA1UdIASBpjCBozCBoAYI +YIV0AREDFQEwgZMwSAYIKwYBBQUHAgIwPBo6VGhpcyBpcyB0aGUgQWRtaW5DQS1D +RC1UMDEgQ2VydGlmaWNhdGUgUHJhY3RpY2UgU3RhdGVtZW50LjBHBggrBgEFBQcC +ARY7aHR0cDovL3d3dy5wa2kuYWRtaW4uY2gvcG9saWN5L0NQU18yXzE2Xzc1Nl8x +XzE3XzNfMjFfMS5wZGYwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQqxGkKocZV +xgNucM6GgbOkD6oZ2zANBgkqhkiG9w0BAQUFAAOCAQEAn356bbusjI5glGXRQ1DR +v21qQf0S4s3GHyZm7cqdOkFleM70ArBT+kOP5Nm7rlSAFyVgEkmBdOg7s9tlXClU +yeZFnp6UEYRUcijPN8D1VaNRK6PIUObpDBQT0C+kAfxG9z4v29T0SxT4sgAdC/xQ +Fyv58Fp9bPn7owuKwKcyCH1XSyi/Bp4XFELlLOaigBZO/w+dPBz4FcJSdZjU+BaJ +0E3nKAjHlShO5ouBSZnaJz3p+nkw2Wyo36s6GxCK0XbkSP45iniIG4FmwwZkonYF +ypQntHbx2oL7tUQQY0PDo8bGBMcPy/G2j+dciqZRlsnfgMy10SCzQ9MUx92xUG2V +ejAcMAoGCCsGAQUFBwMDDA5BZG1pbkNBLUNELVQwMQ== +-----END TRUSTED CERTIFICATE----- + +# AffirmTrust Commercial +-----BEGIN TRUSTED CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP +Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr +ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL +MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 +yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr +VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ +nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG +XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj +vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt +Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g +N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC +nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8wLjAUBggrBgEFBQcDAQYI +KwYBBQUHAwMMFkFmZmlybVRydXN0IENvbW1lcmNpYWw= +-----END TRUSTED CERTIFICATE----- + +# AffirmTrust Networking +-----BEGIN TRUSTED CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y +YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua +kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL +QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp +6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG +yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i +QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO +tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu +QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ +Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u +olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 +x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9swLjAUBggrBgEFBQcDAQYI +KwYBBQUHAwMMFkFmZmlybVRydXN0IE5ldHdvcmtpbmc= +-----END TRUSTED CERTIFICATE----- + +# AffirmTrust Premium +-----BEGIN TRUSTED CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz +dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG +A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U +cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf +qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ +JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ ++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS +s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 +HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 +70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG +V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S +qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S +5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia +C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX +OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE +FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 +KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B +8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ +MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc +0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ +u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF +u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH +YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 +GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO +RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e +KeC2uAloGRwYQzArMBQGCCsGAQUFBwMBBggrBgEFBQcDAwwTQWZmaXJtVHJ1c3Qg +UHJlbWl1bQ== +-----END TRUSTED CERTIFICATE----- + +# AffirmTrust Premium ECC +-----BEGIN TRUSTED CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC +VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ +cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ +BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt +VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D +0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 +ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G +A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs +aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I +flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeTAvMBQGCCsGAQUFBwMB +BggrBgEFBQcDAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0M= +-----END TRUSTED CERTIFICATE----- + +# Amazon Root CA 1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj +ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM +9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw +IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 +VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L +93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm +jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA +A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI +U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs +N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv +o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU +5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy +rqXRfboQnoZsG4q5WTP468SQvvG5MCgwFAYIKwYBBQUHAwQGCCsGAQUFBwMBDBBB +bWF6b24gUm9vdCBDQSAx +-----END TRUSTED CERTIFICATE----- + +# Amazon Root CA 2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK +gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ +W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg +1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K +8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r +2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me +z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR +8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj +mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz +7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 ++XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI +0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm +UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 +LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS +k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl +7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm +btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl +urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ +fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 +n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE +76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H +9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT +4PsJYGwwMjAeBggrBgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMDDBBBbWF6b24g +Um9vdCBDQSAy +-----END TRUSTED CERTIFICATE----- + +# Amazon Root CA 3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl +ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr +ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr +BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM +YyRIHN8wfdVoOzAoMBQGCCsGAQUFBwMEBggrBgEFBQcDAQwQQW1hem9uIFJvb3Qg +Q0EgMw== +-----END TRUSTED CERTIFICATE----- + +# Amazon Root CA 4 +-----BEGIN TRUSTED CERTIFICATE----- +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi +9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk +M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB +MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw +CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW +1KyLa2tJElMzrdfkviT8tQp21KW8EDAyMB4GCCsGAQUFBwMEBggrBgEFBQcDAQYI +KwYBBQUHAwMMEEFtYXpvbiBSb290IENBIDQ= +-----END TRUSTED CERTIFICATE----- + +# America Online Root Certification Authority 1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc +MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP +bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2 +MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft +ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk +hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym +1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW +OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb +2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko +O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU +AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF +Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb +LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir +oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C +MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds +sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7MDswCgYIKwYBBQUHAwMMLUFtZXJpY2Eg +T25saW5lIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMQ== +-----END TRUSTED CERTIFICATE----- + +# ApplicationCA2 Root +-----BEGIN TRUSTED CERTIFICATE----- +MIID9zCCAt+gAwIBAgILMTI1MzcyODI4MjgwDQYJKoZIhvcNAQELBQAwWDELMAkG +A1UEBhMCSlAxHDAaBgNVBAoTE0phcGFuZXNlIEdvdmVybm1lbnQxDTALBgNVBAsT +BEdQS0kxHDAaBgNVBAMTE0FwcGxpY2F0aW9uQ0EyIFJvb3QwHhcNMTMwMzEyMTUw +MDAwWhcNMzMwMzEyMTUwMDAwWjBYMQswCQYDVQQGEwJKUDEcMBoGA1UEChMTSmFw +YW5lc2UgR292ZXJubWVudDENMAsGA1UECxMER1BLSTEcMBoGA1UEAxMTQXBwbGlj +YXRpb25DQTIgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKaq +rSVl1gAR1uh6dqr05rRL88zDUrSNrKZPtZJxb0a11a2LEiIXJc5F6BR6hZrkIxCo ++rFnUOVtR+BqiRPjrq418fRCxQX3TZd+PCj8sCaRHoweOBqW3FhEl2LjMsjRFUFN +dZh4vqtoqV7tR76kuo6hApfek3SZbWe0BSXulMjtqqS6MmxCEeu+yxcGkOGThchk +KM4fR8fAXWDudjbcMztR63vPctgPeKgZggiQPhqYjY60zxU2pm7dt+JNQCBT2XYq +0HisifBPizJtROouurCp64ndt295D6uBbrjmiykLWa+2SQ1RLKn9nShjZrhwlXOa +2Po7M7xCQhsyrLEy+z0CAwEAAaOBwTCBvjAdBgNVHQ4EFgQUVqesqgIdsqw9kA6g +by5Bxnbne9owDgYDVR0PAQH/BAQDAgEGMHwGA1UdEQR1MHOkcTBvMQswCQYDVQQG +EwJKUDEYMBYGA1UECgwP5pel5pys5Zu95pS/5bqcMRswGQYDVQQLDBLmlL/lupzo +qo3oqLzln7rnm6QxKTAnBgNVBAMMIOOCouODl+ODquOCseODvOOCt+ODp+ODs0NB +MiBSb290MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAH+aCXWs +B9FydC53VzDCBJzUgKaD56WgG5/+q/OAvdVKo6GPtkxgEefK4WCB10jBIFmlYTKL +nZ6X02aD2mUuWD7b5S+lzYxzplG+WCigeVxpL0PfY7KJR8q73rk0EWOgDiUX5Yf0 +HbCwpc9BqHTG6FPVQvSCLVMJEWgmcZR1E02qdog8dLHW40xPYsNJTE5t8XB+w3+m +Bcx4m+mB26jIx1ye/JKSLaaX8ji1bnOVDMA/zqaUMLX6BbfeniCq/BNkyYq6ZO/i +Y+TYmK5rtT6mVbgzPixy+ywRAPtbFi+E0hOe+gXFwctyTiLdhMpLvNIthhoEdlkf +SUJiOxMfFui61/0wITAKBggrBgEFBQcDAwwTQXBwbGljYXRpb25DQTIgUm9vdA== +-----END TRUSTED CERTIFICATE----- + +# Application CA G3 Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBMTANBgkqhkiG9w0BAQsFADA+MQswCQYDVQQGEwJKUDEO +MAwGA1UEChMFTEdQS0kxHzAdBgNVBAMTFkFwcGxpY2F0aW9uIENBIEczIFJvb3Qw +HhcNMTQwNjAzMTUwMDAwWhcNMzQwNjAzMTQ1OTU5WjA+MQswCQYDVQQGEwJKUDEO +MAwGA1UEChMFTEdQS0kxHzAdBgNVBAMTFkFwcGxpY2F0aW9uIENBIEczIFJvb3Qw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNRT730ZYiXJEvPgoAA8y2 +92xU/Cg31AQY7K2Yya/Tpbnn2b9O5qOZPJluoSAeRhvidVW80uz2iBrsNEVLg53T +subdB4nBCNn4O4uSZHJdmjvMrTeJx9xgeQjgcKz3K+2fA0kfjj6DqG7iklxU0Xnf +7Bg6fbhtj9ajJU2tH0CmX9SqTrFwGFmZ8gtUaT55KESI93GXzX8F3MrcdkqQTGtg +6PomMdi1+Of8bYskarbvQtcjVMUaY4o7x/yqbTyPy2zaILDyvGUcAUwilQ0cIx+s +1fnOdVvqML1MASQfddRhScMbmWWOCFw5OM0pwzhFzWR5t5tNR+pYMvqm9pLwwbdf +AgMBAAGjYzBhMB0GA1UdDgQWBBSpNSpIviw37YbbfFWHACa+GC1cLjAOBgNVHQ8B +Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSpNSpIviw37Ybb +fFWHACa+GC1cLjANBgkqhkiG9w0BAQsFAAOCAQEAtoK9xUbQcYulkT1+LVr5nIR9 +ByeVHedNyHzs5pPoVhp6MEg7DPpO9Qmyr4itlOz9sq0v5gV0IRuEizgqw+3vRmi1 +3VL6cMJ1T/+jQS48F5RMCSK0jsF/xKas7YNoz2Ve7Hq9xWbu0KN/8lexCMJ5cOty +f0FZCXl18byxIf6Ds0Q9iaO+sXrYncMf5sRU4Y3l2FDc5FY3e74oAPMsd9ojf2CY +PQUW8nhprZnDOnRsPpqylO2PqvZTa+fIt+g8jPvHfE8ZXaRmFel/h6DQ1a0gpEYJ +RazlyGWHuwbf/NdoVkNzogCZMpLCDqAcDpG9lVi8k5+EwqVm52XNKeJi8gWSYDAk +MAoGCCsGAQUFBwMDDBZBcHBsaWNhdGlvbiBDQSBHMyBSb290 +-----END TRUSTED CERTIFICATE----- + +# Application CA G4 Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIDZDCCAkygAwIBAgILMaXzypDqI6zSnr0wDQYJKoZIhvcNAQELBQAwPjELMAkG +A1UEBhMCSlAxDjAMBgNVBAoTBUxHUEtJMR8wHQYDVQQDExZBcHBsaWNhdGlvbiBD +QSBHNCBSb290MB4XDTE3MDIxNTE1MDAwMFoXDTM3MDIxNTE0NTk1OVowPjELMAkG +A1UEBhMCSlAxDjAMBgNVBAoTBUxHUEtJMR8wHQYDVQQDExZBcHBsaWNhdGlvbiBD +QSBHNCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6vH5Yym +WJ4v1gXJkXcwvt4a1A5jYtHMLbHRhjiNHYVmU5+qQWXgWNLlKb6UqJWTPF9qxZuf +NOhtwcbTp+VDoBIwwDk0YAyL9Gj1SN/pjhyuSKe7qj14t+JJu8EjBFobkAHFfatK +AaHCk2rShbO253bra2846yBSMJUI9fks7sjAdbkB7cE3VjBcnX9kwspAILmVhbyl +B30Mvi6h3cYm6SopbJ8omClR6HYTG+8uCzdaM57AJWeqDy2o1JImOAGn0GIYLiI4 +OHgLulKZoXwmArHixeLezooCRISio+mLiGMxyS84AOnEAk0eIycSSNwRsfDS4g4w +Ga8DoQezNZQipQIDAQABo2MwYTAdBgNVHQ4EFgQUbtwKNR8gwuih030FTk9MYOWk +xGcwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU +btwKNR8gwuih030FTk9MYOWkxGcwDQYJKoZIhvcNAQELBQADggEBAFUz1UC3Gn5P +3HSDDkS6P71SlciTliPyAbkU68oSdM1hiDSvTV70WYqrHtjjWcEe+DC1QMa7uK/R +7T9sqnOYguSYNK6SQQ5ZNhq6UBwW9Bc6LBvil2+yr9Ha3hRS34A8x089h566lb14 +vFU8ifYuJtUV5dBAEsWzcT9sZh+j/Eu1TuJu3IAHw/koFHv3XhZqQ6eukQEfT2Wp +SLPObhoGIaTTMYiIpUkRgmvruZ1g/p/+xff4f6s37q/nWEa6CeRdOadLBNgDAslg +Kl5VaRELYHiBevRx9Y9Gro8EqJccgIkjY9v+66YXDlm2LrmG619ebN2B56swgSOQ +J7H3K5A5C7gwJDAKBggrBgEFBQcDAwwWQXBwbGljYXRpb24gQ0EgRzQgUm9vdA== +-----END TRUSTED CERTIFICATE----- + +# Atos TrustedRoot 2011 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE +AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG +EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM +FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC +REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp +Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM +VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ +SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ +4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L +cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi +eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG +A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 +DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j +vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP +DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc +maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D +lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv +KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6edMDcwHgYIKwYBBQUHAwQGCCsGAQUF +BwMBBggrBgEFBQcDAwwVQXRvcyBUcnVzdGVkUm9vdCAyMDEx +-----END TRUSTED CERTIFICATE----- + +# Atos TrustedRoot Root CA ECC G2 2020 +-----BEGIN TRUSTED CERTIFICATE----- +MIICMTCCAbagAwIBAgIMC3MoERh0MBzvbwiEMAoGCCqGSM49BAMDMEsxCzAJBgNV +BAYTAkRFMQ0wCwYDVQQKDARBdG9zMS0wKwYDVQQDDCRBdG9zIFRydXN0ZWRSb290 +IFJvb3QgQ0EgRUNDIEcyIDIwMjAwHhcNMjAxMjE1MDgzOTEwWhcNNDAxMjEwMDgz +OTA5WjBLMQswCQYDVQQGEwJERTENMAsGA1UECgwEQXRvczEtMCsGA1UEAwwkQXRv +cyBUcnVzdGVkUm9vdCBSb290IENBIEVDQyBHMiAyMDIwMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAEyFyAyk7CKB9XvzjmYSP80KlblhYWwwxeFaWQCf84KLR6HgrWUyrB +u5BAdDfpgeiNL2gBNXxSLtj0WLMRHFvZhxiTkS3sndpsnm2ESPzCiQXrmBMCAWxT +Hg5JY1hHsa/Co2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFFsfxHFs +shufvlwfjP2ztvuzDgmHMB0GA1UdDgQWBBRbH8RxbLIbn75cH4z9s7b7sw4JhzAO +BgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaQAwZgIxAOzgmf3d5FTByx/oPijX +FVlKgspTMOzrNqW5yM6TR1bIYabhbZJTlY/241VT8N165wIxALCH1RuzYPyRjYDK +ohtRSzhUy6oee9flRJUWLzxEeC4luuqQ5OxS7lfsA4TzXtsWDTAyMAoGCCsGAQUF +BwMEDCRBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIEcyIDIwMjA= +-----END TRUSTED CERTIFICATE----- + +# Atos TrustedRoot Root CA ECC TLS 2021 +-----BEGIN TRUSTED CERTIFICATE----- +MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4w +LAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0w +CwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0 +MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBF +Q0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6KDP/X +tXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4 +AjJn8ZQSb+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2 +KCXWfeBmmnoJsmo7jjPXNtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMD +aAAwZQIwW5kp85wxtolrbNa9d+F851F+uDrNozZffPc8dz7kUK2o59JZDCaOMDtu +CCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGYa3cpetskz2VAv9LcjBHo +9H1/IISpQuQoMDMwCgYIKwYBBQUHAwEMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBD +QSBFQ0MgVExTIDIwMjE= +-----END TRUSTED CERTIFICATE----- + +# Atos TrustedRoot Root CA RSA G2 2020 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFfzCCA2egAwIBAgIMR7opRlU+FpKXsKtAMA0GCSqGSIb3DQEBDAUAMEsxCzAJ +BgNVBAYTAkRFMQ0wCwYDVQQKDARBdG9zMS0wKwYDVQQDDCRBdG9zIFRydXN0ZWRS +b290IFJvb3QgQ0EgUlNBIEcyIDIwMjAwHhcNMjAxMjE1MDg0MTIzWhcNNDAxMjEw +MDg0MTIyWjBLMQswCQYDVQQGEwJERTENMAsGA1UECgwEQXRvczEtMCsGA1UEAwwk +QXRvcyBUcnVzdGVkUm9vdCBSb290IENBIFJTQSBHMiAyMDIwMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAljGFSqoPMv554UOHnPsjt45/DVS9x2KTd+Qc +NQR2owOLIu7EhN2lk25uso4JA+tRFjEXqmkVGA5ndCNe6pp9tTk+PYKpa+H+qRyw +rVpNTHiDQYvP8h1impgEnGPpq2X+SB0kZQdHPrmRLumdm38aNak0sLflcDPvSnJR +tge/YD8qn51U3/PXlElRA1pAqWjdEVlc+HamvFBSEO2s7JXg1INrSdoKT5mD3jKD +SINnlbJ+54GFPc2C98oC7W2IXQiNuDW/KmkwmbtL0UHbRaCTmVGBkDYIqoq26I+z +y+7lRg1ydfVJbOGify+87YSmN+7ewk85Tvae8MnRmzCdSW3h2v8SEIzW5Zl7BbZ9 +sAnHpPiyHDmVOTP0Nc4lYnuwXyDzy234bFIUZESP08ipdgflr3GZLS0EJUh2r8Pn +zEPyB7xKJCQ33fpulAlvTF4BtP5U7COWpV7dhv/pRirx6NzspT2vb6oOD7R1+j4I +uSZFT2aGTLwZuOHVNe6ChMjTqxLnzXMzYnf0F8u9NHYqBc6V5Xh5S56wjfk8WDiR +6l6HOMC3Qv2qTIcjrQQgsX52Qtq7tha6V8iOE/p11QhMrziRqu+P+p9JLlR8Clax +evrETi/Uo/oWitCV5Zem/8P8fA5HWPN/B3sS3Fc/LeOhTVtSTDOHmagJe2x+DvLP +VkKe6wUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBQgJfMH +/adv8ZbukRBpzJrvfchoeDAdBgNVHQ4EFgQUICXzB/2nb/GW7pEQacya733IaHgw +DgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBDAUAA4ICAQAkK06Y8h0X7dl2JrYw +M+hpRaFRS1LYejowtuQS6r+fTOAEpPY1xv6hMPdThZKtVAVXX5LlKt42J557E0fJ +anWv/PM35wz1PQFztWlR+L1Z0boL+Lq6ZCdDs3yDlYrnnhOW129KlkFJiw4grRbG +96aHW4gSiYuJyhLSVq8iASFG6auYP6eI3uTLKpp1Gfo5XgkF1wMyGrgXUQjHAEB9 +9L74DFn0aXZu06RYW14mc+RCVQZeeEAP0zif7yZRcHSR8XdiAejZy+uh3zkyHbtr +/XH+68+l5hT9AIATxpoASLCZBemugEj7CT9RFLW552BNTcovgSHuUgxletz1iUlM +MJI0WIAyWbEN/yRhD+cKQtB7vPiOJ0c/cJ0n2bYGPaW7y16Prg5Tx5xqbztMD6NA +cKiaB87UblsHotLiVLa9bzNyY61RmOGPdvFqBzgl/vZizl/bY8Jume8G3LneGRro +VD190nZ12V4+MkinjPKecgz4uFi4FyOlFId1WHoAgQciOWpMlKC1otunLMGw8aOb +wEz3bXDqMZ/xrn0+cyjZod/6k/CbsPDizSUgde/ifTIFyZt27su9MR75lJhLJFhW +SMDeBky9pjRd7RZhY3P7GeL6W9iXddRtnmA5XpSLAizrmc5gKm4bjKdLvP025pgf +ZfJ/8eOPTIBGNli2oWXLzhxEdTAyMAoGCCsGAQUFBwMEDCRBdG9zIFRydXN0ZWRS +b290IFJvb3QgQ0EgUlNBIEcyIDIwMjA= +-----END TRUSTED CERTIFICATE----- + +# Atos TrustedRoot Root CA RSA TLS 2021 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBM +MS4wLAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIx +MQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00 +MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBD +QSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BBl01Z +4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYv +Ye+W/CBGvevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZ +kmGbzSoXfduP9LVq6hdKZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDs +GY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt0xU6kGpn8bRrZtkh68rZYnxGEFzedUln +nkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVKPNe0OwANwI8f4UDErmwh +3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMYsluMWuPD +0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzy +geBYBr3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8 +ANSbhqRAvNncTFd+rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezB +c6eUWsuSZIKmAMFwoW4sKeFYV+xafJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lI +pw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +dEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +DAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS +4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPs +o0UvFJ/1TCplQ3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJ +qM7F78PRreBrAwA0JrRUITWXAdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuyw +xfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9GslA9hGCZcbUztVdF5kJHdWoOsAgM +rr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2VktafcxBPTy+av5EzH4 +AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9qTFsR +0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuY +o7Ey7Nmj1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5 +dDTedk+SKlOxJTnbPP/lPqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcE +oji2jbDwN/zIIX8/syQbPYtuzE2wFg2WHYMfRsCbvUOZ58SWLs5fyTAzMAoGCCsG +AQUFBwMBDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIx +-----END TRUSTED CERTIFICATE----- + +# Australian Defence Public Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIEIjCCAwqgAwIBAgIUKeuSM0ZPMkH/gxkAqa3E2fjj4n8wDQYJKoZIhvcNAQEL +BQAwcTELMAkGA1UEBhMCQVUxDDAKBgNVBAoTA0dPVjEMMAoGA1UECxMDRG9EMQww +CgYDVQQLEwNQS0kxDDAKBgNVBAsTA0NBczEqMCgGA1UEAxMhQXVzdHJhbGlhbiBE +ZWZlbmNlIFB1YmxpYyBSb290IENBMB4XDTE2MTEyODIyMjUyOFoXDTM2MTEyODIy +MTM0OFowcTELMAkGA1UEBhMCQVUxDDAKBgNVBAoTA0dPVjEMMAoGA1UECxMDRG9E +MQwwCgYDVQQLEwNQS0kxDDAKBgNVBAsTA0NBczEqMCgGA1UEAxMhQXVzdHJhbGlh +biBEZWZlbmNlIFB1YmxpYyBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEA005UBBvQ9JuduCOH4CDHnpixcXoGkC7irUj+kwVs7Ia/KECFs0x5 +70dTmBAeVO59eLgYEwxEUv3QgaqTCCM5vl8Pa90ll/MBQt/UgQDEUL56iS0Zr3NK +P8w6wL+iqMUV9z58QXSCay53ZuJqpZGIbgYxp68L5lrgrn1ary9H0PL7hHOcRqEe +hERRxF8u2pACX4HfEQ7S+7s6F3Oj8o1jqk//cnplYoNaKjzyzSwjjc/rIR+/1ANX +9TcWDF7lVxHCqPr/bDnyPVLmtXnAW+Ky6mMgDA6lKl4S4eavX4t8oK05NTWYX/Gv +ONAm0029Ynd1Pa9rFIZ7WvYhj9bq4qcOrQIDAQABo4GxMIGuMA8GA1UdEwEB/wQF +MAMBAf8wSwYDVR0gBEQwQjAGBgRVHSAAMDgGCSokAYJOAQEBBzArMCkGCCsGAQUF +BwIBFh1odHRwOi8vY3JsLmRlZmVuY2UuZ292LmF1L3BraTAOBgNVHQ8BAf8EBAMC +AcYwHwYDVR0jBBgwFoAUrJnhAi/oXEtBtzS4HumbgzYNlLQwHQYDVR0OBBYEFKyZ +4QIv6FxLQbc0uB7pm4M2DZS0MA0GCSqGSIb3DQEBCwUAA4IBAQB4vIFK2DpXu70m +v+oqKPCIivJQTJBn2kv1uBQIutt/cqiaWbzxHImo9DoDEFQTel3G2ro+D4jVatMb +ly1iYTpv+QCvcgZz7BDAYR7MXE8ZMkY4wd0/0jcapY6GoPAJzDXWGQJ8zTn89/kf +55R5Tj23+JdOO0RqzZSwufd+4uP5mX/F06ZQtEn7Fn5OQSzPPsd5QLqBGCYI+cWd +49jxbxxoP2pbdxdSowbeGcJLbqKV/NUIvyy1aTVR4+PfTxopbYN4PTgkygI/VBDh +s2Th1Zre8zf2MxC1drOr18kfUzqtVUEcSMk2nof/ddxp0K/ZelfGyrFD/DmB/Nx6 +o5qlmFBUMC8wCgYIKwYBBQUHAwMMIUF1c3RyYWxpYW4gRGVmZW5jZSBQdWJsaWMg +Um9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Autoridad Certificadora Raiz de la Secretaria de Economia +-----BEGIN TRUSTED CERTIFICATE----- +MIIFlDCCBHygAwIBAgIBATANBgkqhkiG9w0BAQUFADCCATExFzAVBgNVBAcTDkFs +dmFybyBPYnJlZ29uMRkwFwYDVQQIExBEaXN0cml0byBGZWRlcmFsMQswCQYDVQQG +EwJNWDEOMAwGA1UEERMFMDEwMzAxHTAbBgNVBAkTFEluc3VyZ2VudGVzIFN1ciAx +OTQwMUIwQAYDVQQDEzlBdXRvcmlkYWQgQ2VydGlmaWNhZG9yYSBSYWl6IGRlIGxh +IFNlY3JldGFyaWEgZGUgRWNvbm9taWExNDAyBgNVBAsTK0RpcmVjY2lvbiBHZW5l +cmFsIGRlIE5vcm1hdGl2aWRhZCBNZXJjYW50aWwxHzAdBgNVBAoTFlNlY3JldGFy +aWEgZGUgRWNvbm9taWExJDAiBgkqhkiG9w0BCQEWFWFjcnNlQGVjb25vbWlhLmdv +Yi5teDAeFw0wNTA1MDgwMDAwMDBaFw0yNTA1MDgwMDAwMDBaMIIBMTEXMBUGA1UE +BxMOQWx2YXJvIE9icmVnb24xGTAXBgNVBAgTEERpc3RyaXRvIEZlZGVyYWwxCzAJ +BgNVBAYTAk1YMQ4wDAYDVQQREwUwMTAzMDEdMBsGA1UECRMUSW5zdXJnZW50ZXMg +U3VyIDE5NDAxQjBABgNVBAMTOUF1dG9yaWRhZCBDZXJ0aWZpY2Fkb3JhIFJhaXog +ZGUgbGEgU2VjcmV0YXJpYSBkZSBFY29ub21pYTE0MDIGA1UECxMrRGlyZWNjaW9u +IEdlbmVyYWwgZGUgTm9ybWF0aXZpZGFkIE1lcmNhbnRpbDEfMB0GA1UEChMWU2Vj +cmV0YXJpYSBkZSBFY29ub21pYTEkMCIGCSqGSIb3DQEJARYVYWNyc2VAZWNvbm9t +aWEuZ29iLm14MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWSg9OdS +cLLqkxP0NTof6jocxRuLWOGW1gJBXo6FQP9BZkBT/Ji10TIyl2dAgJ3uID8OVPtC +B/t3GpnYhvQcKogl8+lEo07+B76xyO88jYfgHspJEDso7yRRofyIF0rnHMhUZ2Po +ajHmQ2z2QBGGxFbuvckdpkY8HkbCgo0uqejudgpD4HJNjPTFBvosAQAzYM44cDRr +FxrremRhp5OkZWrXI8d2epRRC+yeqM87olAyHEK9Y+GHy7mFSA7A1Vi29s5L8gfP +4wTVH8LWo26ju7a3bsTxoh8WvLYtsO/0Wpspjbzh/AdbHgkzgnjMQG1xs2MTL9NM +Nqw5T8bBsLb1hQIDAQABo4GyMIGvMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9h +Yy5lY29ub21pYS5nb2IubXgvbGFzdC5jcmwwRwYDVR0gBEAwPjA8Bghgg2RlCoI8 +ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vYWMuZWNvbm9taWEuZ29iLm14L2Nwcy5o +dG1sMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQE +AwIABzANBgkqhkiG9w0BAQUFAAOCAQEATCp4UwSWc2CrNazAxOPnyHClKS+HGOWo +gt4H1Qj0z549nvxKLBZ8n6KdZRDMwRubamfasrMd/81kejhjrUj983Lh+p+7V92/ +zMJU2JU8ZtdrBrqvqeBtCO+ktpA9DG4gF6eWp3xoSpyYxAdvwQJikTibneOKeVOd +nyR2JfatKFYGqu8HrLr2bOQlMX2IgDp4Rvh54TjgE+dhKUfzyxQA09ri3e1z30vy +Y+Qm2HXQTUMUkBaURwH/oVlL5HabWQPe1hf2e9dc+Onjb8hO4EcmseKcfEox5WQR +4LBf2pE2SB/6CYplaPUOwp/vuGrPd/4S7TbaETatGWrC1I5S12jvMTBHMAoGCCsG +AQUFBwMDDDlBdXRvcmlkYWQgQ2VydGlmaWNhZG9yYSBSYWl6IGRlIGxhIFNlY3Jl +dGFyaWEgZGUgRWNvbm9taWE= +-----END TRUSTED CERTIFICATE----- + +# Autoridad Certificadora Raíz Nacional de Uruguay +-----BEGIN TRUSTED CERTIFICATE----- +MIIGnTCCBIWgAwIBAgISAu4Am2bYah1n/tqKJW8hWnUbMA0GCSqGSIb3DQEBCwUA +MFoxOjA4BgNVBAMMMUF1dG9yaWRhZCBDZXJ0aWZpY2Fkb3JhIFJhw616IE5hY2lv +bmFsIGRlIFVydWd1YXkxDzANBgNVBAoTBkFHRVNJQzELMAkGA1UEBhMCVVkwHhcN +MTExMTAzMTUwMjQ5WhcNMzExMDI5MTUwMjQ5WjBaMTowOAYDVQQDDDFBdXRvcmlk +YWQgQ2VydGlmaWNhZG9yYSBSYcOteiBOYWNpb25hbCBkZSBVcnVndWF5MQ8wDQYD +VQQKEwZBR0VTSUMxCzAJBgNVBAYTAlVZMIICIDANBgkqhkiG9w0BAQEFAAOCAg0A +MIICCAKCAgEAl8QfKkShgUtIkXXd69qPyhuL8rQ8LMbl9MEe0bgwE29cn+VRln8a +pBb+0tQdJfbQ5jdgXwCjGansJ79QLQWgXF6T6+No/Zs9uRQ2LeclFRCQGpLJEbEp +l5NWVWKtR6x/1Qx3ltKTaGox3VTvk/IKT6BfAlrvtkQ+55myjkXeoPfA6EiwR+ze +QhTbNXugafwewAEpFtozoSGhMjIQdn2ox8Auc4Nk/Fr3mzaMae0gVSN5zfPzbGtg +XHiN/D2FLLyp93DopcpN2HyY74Z2GITVQCkQJzLn7wNEC0/JKvG2tCug1QOUhCHT +dPMpbXjwBWquAQ9hH8al8MeCFdk7+92LdGnu5MfH9BHcFFHBhBolVhNrW85fLP2L +Gy0PyMBVqhhPmJzPoncItDWV2LmLnEkOtBAL/PxHTdSaV/mfer3pV7u0D18VkNho +bNWFJYMthgxHYpezeU25ZQh3Um9K426AwKyj1bzqSeJl4kxZaoLeK/WqPv5l6FFw +TTeEBgQ/koPUVijjJdVUyoXuVsAuzvlwEBJfXZ7GvEsQHVZtynLBUwkqEz3Ytfkc +O0XGhxTQOH6eIV/8dh3/CylC26HEeTnhTdWGUOPy4LPXWZvePx4aA/PUaYZLRxwy +fzwHCRMQp5sHMHczvGkR0TQ9fBAquB6OvUfe+bJ5VWYhAgf7OSwKF6ECAQOjggFd +MIIBWTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBiBgNVHR8EWzBZ +MCygKqAohiZodHRwOi8vd3d3LmFnZXNpYy5ndWIudXkvYWNybi9hY3JuLmNybDAp +oCegJYYjaHR0cDovL3d3dy51Y2UuZ3ViLnV5L2Fjcm4vYWNybi5jcmwwgbIGA1Ud +IASBqjCBpzBcBgtghlqE4q4dhIgFADBNMEsGCCsGAQUFBwIBFj9odHRwOi8vd3d3 +LnVjZS5ndWIudXkvaW5mb3JtYWNpb24tdGVjbmljYS9wb2xpdGljYXMvY3BfYWNy +bi5wZGYwRwYLYIZahOKuHYSIBQEwODA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5h +Z2VzaWMuZ3ViLnV5L2Fjcm4vY3BzX2Fjcm4ucGRmMB0GA1UdDgQWBBSSnpG4VSg9 +d0IsM6WYX9DJrI21ozANBgkqhkiG9w0BAQsFAAOCAgEAXeerWepJ3L9GQ/2Uu5hw +lBT6zgNd8X0xE5JOhSQwFGts0+fO5nnV205VThcr15NF3xMMJ2cdx0KQVDDG8ahp +KLROpm2lNaZQlmhJo+4vC6v8AwJQaPGVKT5xLNza5S3Zdi7uVjN+F6EnAuGhJygh +ir8B52LHu7IlBNobpiOMfJO6yYvrCvk3t5Q5/U2PfqLcgW8brRQPWyADeEFzZ57S +lxeQKopUS6d5fyQSkZ87LMc3pAxccmoTnjIJJ+tDMnVf10fDKkVTFVZ2T7sJ6IRg +Ee9z1edQbmko/evGy8pOE2MNDjcsMR/bp1igsv0NF4ezkq4bKIAftpJ+hhHh9kyY +f2aLHxNJA0L8+5ic7oaWqS4FfnAcwXfI6V2CuA7OW2QFY+4/Bi02DOkfclserN0m +9Rw4bv2MPU2G6yfLygONQPMq0YrYNA7CrbWI7YeaioWih+/puTjnaJajAc+CPRxL +KJ0n9fmZlntI/azQ8DL3OATdTZmuDpKCw/o8GxPHaLdd4JNGuLi4pAzEG8a6Rpbd +nlUPR532gaWsZVnY3a4GbOBDgsZn2HACNfU2BONKOal1Ah7mP0bPnCwehIgXqiap +pkOA4MBbo2SDm5rtawFltsE9GOyTGWaUqNMRUJl6iH2vPn+UkDsKw2q3jV/Sp1HR +Mh+58jJ9d5NtQ+xBaavPyWEwPzAKBggrBgEFBQcDAwwxQXV0b3JpZGFkIENlcnRp +ZmljYWRvcmEgUmHDrXogTmFjaW9uYWwgZGUgVXJ1Z3VheQ== +-----END TRUSTED CERTIFICATE----- + +# Autoridad de Certificacion Firmaprofesional CIF A62634068 +-----BEGIN TRUSTED CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE +BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h +cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy +MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg +Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 +thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM +cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG +L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i +NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h +X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b +m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy +Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja +EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T +KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF +6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh +OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD +VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv +ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl +AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF +661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 +am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 +ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 +PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS +3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k +SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF +3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM +ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g +StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz +Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB +jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2VMFswHgYIKwYBBQUHAwQGCCsGAQUFBwMB +BggrBgEFBQcDAww5QXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24gRmlybWFwcm9m +ZXNpb25hbCBDSUYgQTYyNjM0MDY4 +-----END TRUSTED CERTIFICATE----- + +# Autoridad de Certificacion Firmaprofesional CIF A62634068 1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UE +BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h +cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1 +MDUxNTIyMDdaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg +Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 +thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM +cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG +L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i +NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h +X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b +m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy +Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja +EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T +KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF +6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh +OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMB0GA1UdDgQWBBRlzeurNR4APn7VdMAc +tHNHDhpkLzASBgNVHRMBAf8ECDAGAQH/AgEBMIGmBgNVHSAEgZ4wgZswgZgGBFUd +IAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9mZXNpb25hbC5j +b20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEAIABC +AG8AbgBhAG4AbwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAw +ADEANzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAHSHKAIrdx9m +iWTtj3QuRhy7qPj4Cx2Dtjqn6EWKB7fgPiDL4QjbEwj4KKE1soCzC1HA01aajTNF +Sa9J8OA9B3pFE1r/yJfY0xgsfZb43aJlQ3CTkBW6kN/oGbDbLIpgD7dvlAceHabJ +hfa9NPhAeGIQcDq+fUs5gakQ1JZBu/hfHAsdCPKxsIl68veg4MSPi3i1O1ilI45P +Vf42O+AMt8oqMEEgtIDNrvx2ZnOorm7hfNoD6JQg5iKj0B+QXSBTFCZX2lSX3xZE +EAEeiGaPcjiT3SC3NL7X8e5jjkd5KAb881lFJWAiMxujX6i6KtoaPc1A6ozuBRWV +1aUsIC+nmCjuRfzxuIgALI9C2lHVnOUTaHFFQ4ueCyE8S1wF3BqfmI7avSKecs2t +CsvMo2ebKHTEm9caPARYpoKdrcd7b/+Alun4jWq9GJAd/0kakFI3ky88Al2CdgtR +5xbHV/g4+afNmyJU72OwFW1TZQNKXkqgsqeOSQBZONXH9IBk9W6VULgRfhVwOEqw +f9DEMnDAGf/JOC0ULGb0QkTmVXYbgBVX/8Cnp6o5qtjTcNAuuuuUavpfNIbnYrX9 +ivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNK +GbqEZycPvEJdvSRUDewdcAZfpLz6IHxVMF0wHgYIKwYBBQUHAwQGCCsGAQUFBwMB +BggrBgEFBQcDAww7QXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24gRmlybWFwcm9m +ZXNpb25hbCBDSUYgQTYyNjM0MDY4IDE= +-----END TRUSTED CERTIFICATE----- + +# Autoridad de Certificacion Raiz del Estado Venezolano +-----BEGIN TRUSTED CERTIFICATE----- +MIIJmDCCB4CgAwIBAgIBCjANBgkqhkiG9w0BAQwFADCCAR4xPjA8BgNVBAMTNUF1 +dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9s +YW5vMQswCQYDVQQGEwJWRTEQMA4GA1UEBxMHQ2FyYWNhczEZMBcGA1UECBMQRGlz +dHJpdG8gQ2FwaXRhbDE2MDQGA1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0 +aWZpY2FjaW9uIEVsZWN0cm9uaWNhMUMwQQYDVQQLEzpTdXBlcmludGVuZGVuY2lh +IGRlIFNlcnZpY2lvcyBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMSUwIwYJ +KoZIhvcNAQkBFhZhY3JhaXpAc3VzY2VydGUuZ29iLnZlMB4XDTEwMTIyODE2NDEz +NloXDTMwMTIyMzIzNTk1OVowggEeMT4wPAYDVQQDEzVBdXRvcmlkYWQgZGUgQ2Vy +dGlmaWNhY2lvbiBSYWl6IGRlbCBFc3RhZG8gVmVuZXpvbGFubzELMAkGA1UEBhMC +VkUxEDAOBgNVBAcTB0NhcmFjYXMxGTAXBgNVBAgTEERpc3RyaXRvIENhcGl0YWwx +NjA0BgNVBAoTLVNpc3RlbWEgTmFjaW9uYWwgZGUgQ2VydGlmaWNhY2lvbiBFbGVj +dHJvbmljYTFDMEEGA1UECxM6U3VwZXJpbnRlbmRlbmNpYSBkZSBTZXJ2aWNpb3Mg +ZGUgQ2VydGlmaWNhY2lvbiBFbGVjdHJvbmljYTElMCMGCSqGSIb3DQEJARYWYWNy +YWl6QHN1c2NlcnRlLmdvYi52ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAME77xNS8ZlW47RsBeEaaRZhJoZ4rw785UAFCuPZOAVMqNS1wMYqzy95q6Gk +UO81ER/ugiQX/KMcq/4HBn83fwdYWxPZfwBfK7BP2p/JsFgzYeFP0BXOLmvoJIzl +Jb6FW+1MPwGBjuaZGFImWZsSmGUclb51mRYMZETh9/J5CLThR1exStxHQptwSzra +zNFpkQY/zmj7+YZNA9yDoroVFv6sybYOZ7OxNDo7zkSLo45I7gMwtxqWZ8VkJZkC +8+p0dX6mkhUT0QAV64Zc9HsZiH/oLhEkXjhrgZ28cF73MXIqLx1fyM4kPH1yOJi/ +R72nMwL7D+Sd6mZgI035TxuHXc2/uOwXfKrrTjaJDz8Jp6DdessOkxIgkKXRjP+F +K3ze3n4NUIRGhGRtyvEjK95/2g02t6PeYiYVGur6ruS49n0RAaSS0/LJb6XzaAAe +0mmO2evnEqxIKwy2mZRNPfAVW1l3wCnWiUwryBU6OsbFcFFrQm+00wOicXvOTHBM +aiCVAVZTb9RSLyi+LJ1llzJZO3pq3IRiiBj38Nooo+2ZNbMEciSgmig7YXaUcmud +SVQvLSL+Yw+SqawyezwZuASbp7d/0rutQ59d81zlbMt3J7yB567rT2IqIydQ8qBW +k+fmXzghX+/FidYsh/aK+zZ7Wy68kKHuzEw1Vqkat5DGs+VzAgMBAAGjggLbMIIC +1zASBgNVHRMBAf8ECDAGAQH/AgECMDcGA1UdEgQwMC6CD3N1c2NlcnRlLmdvYi52 +ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAzNi0wMB0GA1UdDgQWBBStuyIdxuDS +Aaj9dlBSk+2YwU2u0zCCAVAGA1UdIwSCAUcwggFDgBStuyIdxuDSAaj9dlBSk+2Y +wU2u06GCASakggEiMIIBHjE+MDwGA1UEAxM1QXV0b3JpZGFkIGRlIENlcnRpZmlj +YWNpb24gUmFpeiBkZWwgRXN0YWRvIFZlbmV6b2xhbm8xCzAJBgNVBAYTAlZFMRAw +DgYDVQQHEwdDYXJhY2FzMRkwFwYDVQQIExBEaXN0cml0byBDYXBpdGFsMTYwNAYD +VQQKEy1TaXN0ZW1hIE5hY2lvbmFsIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25p +Y2ExQzBBBgNVBAsTOlN1cGVyaW50ZW5kZW5jaWEgZGUgU2VydmljaW9zIGRlIENl +cnRpZmljYWNpb24gRWxlY3Ryb25pY2ExJTAjBgkqhkiG9w0BCQEWFmFjcmFpekBz +dXNjZXJ0ZS5nb2IudmWCAQowCwYDVR0PBAQDAgEGMDcGA1UdEQQwMC6CD3N1c2Nl +cnRlLmdvYi52ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAzNi0wMFQGA1UdHwRN +MEswJKAioCCGHmh0dHA6Ly93d3cuc3VzY2VydGUuZ29iLnZlL2xjcjAjoCGgH4Yd +bGRhcDovL2FjcmFpei5zdXNjZXJ0ZS5nb2IudmUwNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzABhhtodHRwOi8vb2NzcC5zdXNjZXJ0ZS5nb2IudmUwQAYDVR0gBDkw +NzA1BgVghl4BAjAsMCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3LnN1c2NlcnRlLmdv +Yi52ZS9kcGMwDQYJKoZIhvcNAQEMBQADggIBABxZEOVepFHBR7tlsgtV4i+poye8 +4TyKx2wDVqOpKaKbipXYH/e2EmAWvnr0/QOBT/2BgapPgXAeLu/AkhJ7uw+FiMT5 +HUG1uiQqwygmE8r5APvXw1z5aOkbwRgiyaJsZMP4OcNOId3Wwt7ltizJXDjw3l5q +5Cf0uDPEy2GSM1OozPydzVP7KAvv7X+wj3QitjVXgKiuBa4pCjuypP0949TBkPY/ +zrzkRP7RwX4oL/0AJDIgiMRvGHuRDkiQvJZiYIFtFAAaUbq1XWmNYUccLKxORSCp +SEWjh0mjeJDdNkJ/2HZv/W2DAcb5f5ggf5YuImCroifAsDUk0Mm/M5kiUw5uH2JM +JvwkM8rBA8ypF2FjMyTMaEDvr6LihcOIMNNFG+5W6lYKDwpHmzBZ2EnRMJAMJyom +CChcMh8n160LSeUXUWPP5g07YFEavUMJUOaRtWPmZJeqC5cTAQaGXKUflb5Qjguy +0mR/26tM5kPG5IWNav6N/ruUVR6RUycI07pnPTqhycHFFLr5Q1zFjiGMgqL9KjIl +1RaMFVbAmPwuso4ZpBZxw0vdcf5x7CId8MGMmIGHtL8CuMQwMUfCwLCvezNjCt2s +RZvBzICH9NmYXpyG/poE/2ZK/HthVL5XYwUHxqcBdVnkbjk7APSqnfOfiL/P0SUr +339z7RaGqZBlD3ApMEMwCgYIKwYBBQUHAwMMNUF1dG9yaWRhZCBkZSBDZXJ0aWZp +Y2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9sYW5v +-----END TRUSTED CERTIFICATE----- + +# Autoridad de Certificacion de la Abogacia +-----BEGIN TRUSTED CERTIFICATE----- +MIIEvDCCA6SgAwIBAgIQAJCLMk/BkBrOtMM4Cc3P5DANBgkqhkiG9w0BAQUFADB5 +MQswCQYDVQQGEwJFUzE2MDQGA1UEChMtQ29uc2VqbyBHZW5lcmFsIGRlIGxhIEFi +b2dhY2lhIE5JRjpRLTI4NjMwMDZJMTIwMAYDVQQDEylBdXRvcmlkYWQgZGUgQ2Vy +dGlmaWNhY2lvbiBkZSBsYSBBYm9nYWNpYTAeFw0wNTA2MTMyMjAwMDBaFw0zMDA2 +MTMyMjAwMDBaMHkxCzAJBgNVBAYTAkVTMTYwNAYDVQQKEy1Db25zZWpvIEdlbmVy +YWwgZGUgbGEgQWJvZ2FjaWEgTklGOlEtMjg2MzAwNkkxMjAwBgNVBAMTKUF1dG9y +aWRhZCBkZSBDZXJ0aWZpY2FjaW9uIGRlIGxhIEFib2dhY2lhMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLJX7oXwI+gN+7KAhPEQZ6uy+UnfXN5b5I8p +GVPJ1egcUGthAoyH8I88wUWSC6yZocYahdY9rX4mph24PbKzPorFCjLTS5HvSXV+ +Vvf+oAhiRivO6vJRn2DeMsjtGqfPdVzrPcC9mkilhpTOWFAU6mrhmvSMZZXhYBUl +lRL2uniLssDt5myXJFod5HRDyjjENZRYjvWKsGg8KCxElgm/CVtyCudnPJC5VDh0 +VLttLWpDyLzvCawfI+hSVl41F18ru17NZVKlFHw7sqrp3Se1NyM7Bg0se4262m9m +F4anttceB10ebBmXyOUjc3jRrvkeuqGuSSLtZXEff/dadESNQwIDAQABo4IBPjCC +ATowNwYDVR0RBDAwLoERYWNAYWNhYm9nYWNpYS5vcmeGGWh0dHA6Ly93d3cuYWNh +Ym9nYWNpYS5vcmcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwEQYJ +YIZIAYb4QgEBBAQDAgAHMB0GA1UdDgQWBBT8iEyObQShIJDT+Byas2cEX3mAxjCB +qwYDVR0gBIGjMIGgMIGdBgsrBgEEAYGBFQoBATCBjTApBggrBgEFBQcCARYdaHR0 +cDovL3d3dy5hY2Fib2dhY2lhLm9yZy9kb2MwYAYIKwYBBQUHAgIwVBpSQ29uc3Vs +dGUgbGEgZGVjbGFyYWNpb24gZGUgcHJhY3RpY2FzIGRlIGNlcnRpZmljYWNpb24g +ZW4gaHR0cDovL3d3dy5hY2Fib2dhY2lhLm9yZzANBgkqhkiG9w0BAQUFAAOCAQEA +mKf6ObVzESZ/vIk/tGslMzEKhjhryR4VlxTg0kwthfQ8dJuNKBH7zA4muYCDFtH5 +Rpi2RgeOZoVtcMC6TIDzpPDVN1Qrr2aEcnP5SC8JzuGFAcqP4IfeoJfQlLQNtU0O +ZyzIYMQylMBBgQeNur+p6AxAmkJ4BV2B62Ic5E8UCj0LPh/p9M197kW7vN5d85iX +JnvGEyn4K38a1Or6sm4gntoX6qGSvTfpDru7kdUl9mBdhSFQW/9UXfVLO7TDKRFY +AvYl5OGCgruijeeRJF5AkZ5HB4wzV9RiMVF2dYVDbwmrEaUlKbnY/1+l9z/rZTsd +74blFiLVHsoyaX1+BdcwJzA3MAoGCCsGAQUFBwMDDClBdXRvcmlkYWQgZGUgQ2Vy +dGlmaWNhY2lvbiBkZSBsYSBBYm9nYWNpYQ== +-----END TRUSTED CERTIFICATE----- + +# Autoridade Certificadora Raiz Brasileira v1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIEgDCCA2igAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UEBhMCQlIx +EzARBgNVBAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25h +bCBkZSBUZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxNDAyBgNVBAMTK0F1 +dG9yaWRhZGUgQ2VydGlmaWNhZG9yYSBSYWl6IEJyYXNpbGVpcmEgdjEwHhcNMDgw +NzI5MTkxNzEwWhcNMjEwNzI5MTkxNzEwWjCBlzELMAkGA1UEBhMCQlIxEzARBgNV +BAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25hbCBkZSBU +ZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxNDAyBgNVBAMTK0F1dG9yaWRh +ZGUgQ2VydGlmaWNhZG9yYSBSYWl6IEJyYXNpbGVpcmEgdjEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDOHOi+kzTOybHkVO4J9uykCIWgP8aKxnAwp4CM +7T4BVAeMGSM7n7vHtIsgseL3QRYtXodmurAH3W/RPzzayFkznRWwn5LIVlRYijon +ojQem3i1t83lm+nALhKecHgH+o7yTMD45XJ8HqmpYANXJkfbg3bDzsgSu9H/766z +Yn2aoOS8bn0BLjRg3IfgX38FcFwwFSzCdaM/UANmI2Ys53R3eNtmF9/5Hw2CaI91 +h/fpMXpTT89YYrtAojTPwHCEUJcV2iBL6ftMQq0raI6j2a0FYv4IdMTowcyFE86t +KDBQ3d7AgcFJsF4uJjjpYwQzd7WAds0qf/I8rF2TQjn0onNFAgMBAAGjgdQwgdEw +TgYDVR0gBEcwRTBDBgVgTAEBADA6MDgGCCsGAQUFBwIBFixodHRwOi8vYWNyYWl6 +LmljcGJyYXNpbC5nb3YuYnIvRFBDYWNyYWl6LnBkZjA/BgNVHR8EODA2MDSgMqAw +hi5odHRwOi8vYWNyYWl6LmljcGJyYXNpbC5nb3YuYnIvTENSYWNyYWl6djEuY3Js +MB0GA1UdDgQWBBRCsixcdAEHvpv/VTM77im7XZG/BjAPBgNVHRMBAf8EBTADAQH/ +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWWyKdukZcVeD/qf0 +eg+egdDPBxwMI+kkDVHLM+gqCcN6/w6jgIZgwXCX4MAKVd2kZUyPp0ewV7fzq8TD +GeOY7A2wG1GRydkJ1ulqs+cMsLKSh/uOTRXsEhQZeAxi6hQ5GArFVdtThdx7KPoV +caPKdCWCD2cnNNeuUhMC+8XvmoAlpVKeOQ7tOvR4B1/VKHoKSvXQw2f3jFgXbwoA +oyYQtGAiOkpIpdrgqYTeQ9ufQ6c/KARHki/352R1IdJPgc6qPmQO4w6tVZp+lJs0 +wdCuaU4eo9mzh1facMJafYfN+b833u1WNfe3Ig5Pkrg/CN+cnphe8m+5+pss+M1F +2HKyIDA5MAoGCCsGAQUFBwMDDCtBdXRvcmlkYWRlIENlcnRpZmljYWRvcmEgUmFp +eiBCcmFzaWxlaXJhIHYx +-----END TRUSTED CERTIFICATE----- + +# Autoridade Certificadora Raiz Brasileira v2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIGoTCCBImgAwIBAgIBATANBgkqhkiG9w0BAQ0FADCBlzELMAkGA1UEBhMCQlIx +EzARBgNVBAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25h +bCBkZSBUZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxNDAyBgNVBAMTK0F1 +dG9yaWRhZGUgQ2VydGlmaWNhZG9yYSBSYWl6IEJyYXNpbGVpcmEgdjIwHhcNMTAw +NjIxMTkwNDU3WhcNMjMwNjIxMTkwNDU3WjCBlzELMAkGA1UEBhMCQlIxEzARBgNV +BAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25hbCBkZSBU +ZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxNDAyBgNVBAMTK0F1dG9yaWRh +ZGUgQ2VydGlmaWNhZG9yYSBSYWl6IEJyYXNpbGVpcmEgdjIwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQC6RqQO3edA8rWgfFKVV0X8bYTzhgHJhQOtmKvS +8l4Fmcm7b2Jn/XdEuQMHPNIbAGLUcCxCg3lmq5lWroG8akm983QPYrfrWwdmlEIk +nUasmkIYMPAkqFFB6quV8agrAnhptSknXpwuc8b+I6Xjps79bBtrAFTrAK1POkw8 +5wqIW9pemgtW5LVUOB3yCpNkTsNBklMgKs/8dG7U2zM4YuT+jkxYHPePKk3/xZLZ +CVK9z3AAnWmaM2qIh0UhmRZRDTTfgr20aah8fNTd0/IVXEvFWBDqhRnLNiJYKnIM +mpbeys8IUWG/tAUpBiuGkP7pTcMEBUfLz3bZf3Gmh3sVQOQzgHgHHaTyjptAO8ly +UN9pvvAslh+QtdWudONltIwa6Wob+3JcxYJU6uBTB8TMEun33tcv1EgvRz8mYQSx +Epoza7WGSxMr0IadR+1p+/yEEmb4VuUOimx2xGsaesKgWhLRI4lYAXwIWNoVjhXZ +fn03tqRF9QOFzEf6i3lFuGZiM9MmSt4c6dR/5m0muTx9zQ8oCikPm91jq7mmRxqE +14WkA2UGBEtSjYM0Qn8xjhEu5rNnlUB+l3pAAPkRbIM4WK0DM1umxMHFsKwNqQbw +pmkBNLbp+JRITz6mdQnsSsU74MlesDL/n2lZzzwwbw3OJ1fsWhto/+xPb3gyPnnF +tF2VfwIDAQABo4H1MIHyME4GA1UdIARHMEUwQwYFYEwBAQAwOjA4BggrBgEFBQcC +ARYsaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0RQQ2FjcmFpei5wZGYw +PwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJy +L0xDUmFjcmFpenYyLmNybDAfBgNVHSMEGDAWgBQMOSA6twEfy9cofUGgx/pKrTIk +vjAdBgNVHQ4EFgQUDDkgOrcBH8vXKH1BoMf6Sq0yJL4wDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBAFmaFGkYbX0pQ3B9 +dpth33eOGnbkqdbLdqQWDEyUEsaQ0YEDxa0G2S1EvLIJdgmAOWcAGDRtBgrmtRBZ +SLp1YPw/jh0YVXArnkuVrImrCncke2HEx5EmjkYTUTe2jCcK0w3wmisig4OzvYM1 +rZs8vHiDKTVhNvgRcTMgVGNTRQHYE1qEO9dmEyS3xEbFIthzJO4cExeWyCXoGx7P +34VQbTzq91CeG5fep2vb1nPSz3xQwLCM5VMSeoY5rDVbZ8fq1PvRwl3qDpdzmK4p +v+Q68wQ2UCzt3h7bhegdhAnu86aDM1tvR3lPSLX8uCYTq6qz9GER+0Vn8x0+bv4q +SyZEGp+xouA82uDkBTp4rPuooU2/XSx3KZDNEx3vBijYtxTzW8jJnqd+MRKKeGLE +0QW8BgJjBCsNid3kXFsygETUQuwq8/JAhzHVPuIKMgwUjdVybQvm/Y3kqPMFjXUX +d5sKufqQkplliDJnQwWOLQsVuzXxYejZZ3ftFuXoAS1rND+Og7P36g9KHj41hJ2M +gDQ/qZXow63EzZ7KFBYsGZ7kNou5uaNCJQc+w+XVaE+gZhyms7ZzHJAaP0C5GlZC +cIf/by0PEf0e//eFMBUO4xcx7ieVzMnpmR6Xx21bB7UFaj3yRd+6gnkkcC6bgh9m +qaVtJ8z2KqLRX4Vv4EadqtKlTlUOMDkwCgYIKwYBBQUHAwMMK0F1dG9yaWRhZGUg +Q2VydGlmaWNhZG9yYSBSYWl6IEJyYXNpbGVpcmEgdjI= +-----END TRUSTED CERTIFICATE----- + +# BJCA Global Root CA1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBU +MQswCQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRI +T1JJVFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAz +MTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJF +SUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2Jh +bCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFmCL3Z +xRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZ +spDyRhySsTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O5 +58dnJCNPYwpj9mZ9S1WnP3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgR +at7GGPZHOiJBhyL8xIkoVNiMpTAK+BcWyqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll +5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRjeulumijWML3mG90Vr4Tq +nMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNnMoH1V6XK +V0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/ +pj+bOT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZO +z2nxbkRs1CTqjSShGL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXn +jSXWgXSHRtQpdaJCbPdzied9v3pKH9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+ +WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMBAAGjQjBAMB0GA1UdDgQWBBTF +7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4 +YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3Kli +awLwQ8hOnThJdMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u ++2D2/VnGKhs/I0qUJDAnyIm860Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88 +X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuhTaRjAv04l5U/BXCga99igUOLtFkN +SoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW4AB+dAb/OMRyHdOo +P2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmpGQrI ++pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRz +znfSxqxx4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9 +eVzYH6Eze9mCUAyTF6ps3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2 +YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4SSPfSKcOYKMryMguTjClPPGAyzQWWYezy +r/6zcCwupvIwLDAUBggrBgEFBQcDBAYIKwYBBQUHAwEMFEJKQ0EgR2xvYmFsIFJv +b3QgQ0Ex +-----END TRUSTED CERTIFICATE----- + +# BJCA Global Root CA2 +-----BEGIN TRUSTED CERTIFICATE----- +MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQsw +CQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJ +VFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgy +MVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJ +TkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2JhbCBS +b290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jlSR9B +IgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK+ ++kpRuDCK/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJK +sVF/BvDRgh9Obl+rg/xI1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA +94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8gUXOQwKhbYdDFUDn9hf7B +43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9zAsMBQGCCsGAQUFBwMEBggrBgEFBQcD +AQwUQkpDQSBHbG9iYWwgUm9vdCBDQTI= +-----END TRUSTED CERTIFICATE----- + +# BYTE Root Certification Authority 001 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFmTCCA4GgAwIBAgIIcYwvOXxAdEAwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE +BhMCR1IxGzAZBgNVBAoMEkJZVEUgQ29tcHV0ZXIgUy5BLjEuMCwGA1UEAwwlQllU +RSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDAwMTAeFw0xNDA5MTAyMjAx +NTRaFw0zOTA5MTAyMjAxNTRaMFoxCzAJBgNVBAYTAkdSMRswGQYDVQQKDBJCWVRF +IENvbXB1dGVyIFMuQS4xLjAsBgNVBAMMJUJZVEUgUm9vdCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eSAwMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDt +Ei4Xc55v9POZ6J4IVwk0JBFAH4whfhuvOMPRx+YU5fobul5m9SVp9+3NboJwr7pC +8LEZXCv8RYQYLHoXT2GFRhl8zsGNn1SedyVmD+D2+JLKKc4nVxUqbII4bSfmvk1z +DnOv43E9vAlCD9UNoe19a673wfBszcKXoVj9NRWWF0yfv/XxOUtwt+dKbBw/wXBb +z9aL6+9vMOhfyEZ3IWIWXsZURTn1dLpnJGilcVs+wfsJk+simfjS9XsCbI9Y4qvv +3XQh5CRplEDWwQQYDthC8P3XigXAXxuK6y7ADQcGcwGFjh/BwIqhWKZRuViRQg9u +4bwK6LsogxV15Q3+STApKULCwjb/pDx9Lvfa8qIvFrxhqJlYGKRJxmoHEusbfLTO +5/shgCtwpsjOrVUeHx2E0P1UakxWY8jdfqD5OdvvfFr3jDWlbipW+v7jX5NUcg5o +40krk001IpcUlWZPp3c6LiVM9gmLEhtxxXKnm7m86xygpclUg2HcV1WttebaeCt2 +p/742/6MM6SKo0ZcrbIKEg6K5FCe8LjLmVNMZCFrijgq4IiGANQXrGay574tOynl ++KeU24xY+NJLMJ/yxGJlUEdygM+kcEC2vUT+2b8oKy43x7NRDoIptbFvrX4sk8Cp +f5H6xx818LuXyU9hKJCEQeh9IUDFyYY87ZqthZyiUwIDAQABo2MwYTAdBgNVHQ4E +FgQUtE1mt9OzyJl8ATLQkTr31qgSMd4wDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME +GDAWgBS0TWa307PImXwBMtCROvfWqBIx3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI +hvcNAQELBQADggIBABwa6wauVb07PzYsYZ7qx1P8cKoyb+RCquu9hewbilrylZYp +oQQGks4kV/9AI3hOyfgwTUJVRE43on1rjmj+Dv5/37CfY1Hz4cWllJ+KIyhI80GL +0v547dnQCA9tfdWdlazV/hJmGuS+dVTz0U2cThPUnnA0bai6CjOIja0FN/5LeX99 +A0F5Ew2fPfc4nDVaRE8+PKLlgcV/X3ZPGztub5ptt+0PyzIfiLRFDJwR0vgEWhM3 +WZiBzkz05ZQoBMS1U8lUjXA/aAHbzBMK5CWjbJntELN6IKlJvAX0+Bto1rogHYJn +ZuCwn1zKNdJFrtWIGdt6BpuMoDeHUSO+Rdpcs39rz8aoHDOKex2R+p687H07RRVP +G6c7NbR581uCUOCcp+0WddtjgGKh2hgCaoDegqpETUQ4KKpu+hhjOWD3QylJWrok +wL+zCpcdZ0laIrJnBJxYqfgMNFxAlrSHtUVhGeWO7wbekRXAuIrKlMkKdX1xO1iB +M8j3B0FVmClDtcuaQ+ly+s/wizG85++5auNBnSE+DRWohb0bToeOR7IQ/jcYaoTl +iRwUY+i5g6m1u+hjmnoZjMt09/gXCPGLGdi07B5uSXM/XCDdNSqWd+lGbxY7y6nv +mwohEcjDpMkjRW0/YpWd0yjHnQ+z/jeNHUiyUOYluU4zYTbWFhzKMjcgdhwsMDMw +CgYIKwYBBQUHAwMMJUJZVEUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAw +MDE= +-----END TRUSTED CERTIFICATE----- + +# Baltimore CyberTrust Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ +RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD +VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX +DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y +ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy +VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr +mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr +IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK +mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu +XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy +dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye +jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 +BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 +DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 +9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx +jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 +Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz +ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS +R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmpMDswHgYIKwYBBQUHAwQGCCsGAQUF +BwMBBggrBgEFBQcDAwwZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdA== +-----END TRUSTED CERTIFICATE----- + +# Buypass Class 2 Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr +6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV +L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 +1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx +MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ +QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB +arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr +Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi +FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS +P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN +9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz +uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h +9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t +OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo ++fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 +KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 +DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us +H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ +I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 +5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h +3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz +Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqAwJTAKBggrBgEFBQcDAQwXQnV5 +cGFzcyBDbGFzcyAyIFJvb3QgQ0E= +-----END TRUSTED CERTIFICATE----- + +# Buypass Class 3 Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y +ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E +N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 +tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX +0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c +/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X +KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY +zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS +O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D +34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP +K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv +Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj +QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS +IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 +HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa +O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv +033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u +dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE +kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 +3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD +u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq +4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZcwJTAKBggrBgEFBQcDAQwXQnV5 +cGFzcyBDbGFzcyAzIFJvb3QgQ0E= +-----END TRUSTED CERTIFICATE----- + +# CAEDICOM Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIFUTCCAzmgAwIBAgIIAPtxJlitmeUwDQYJKoZIhvcNAQELBQAwNjEWMBQGA1UE +AwwNQ0FFRElDT00gUm9vdDEPMA0GA1UECgwGRURJQ09NMQswCQYDVQQGEwJFUzAe +Fw0xNDA1MjExMTA2MzVaFw0zNDA1MjExMDIwMDBaMDYxFjAUBgNVBAMMDUNBRURJ +Q09NIFJvb3QxDzANBgNVBAoMBkVESUNPTTELMAkGA1UEBhMCRVMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQDbgMroSXTH0zgu8cUjYvw2jC8efjkL6Qb0 +VZulmCmU7YZHMoPzxZJ6BdcpAj4Wwyh/NWQpenm7oeIeYRSN5wDQ3KJUZYrfablx +R384OBZGp2kxETVM4Sp//21PlT3jXUhNGVMIWmsh1RIwaZeQry3B9X9BX0k2j024 +HhqVX9oPb1wVNcQRvF+Fm72tO1Veu9/Ou69cmWDdH2kaSUgh+QkKz3Kn8PLe5XgZ +vhLdzYd5Qc4vRdcLkRARBB4SnfI4A18Waa6gCtrA+eugDRgPeV6RneQfFJw0ExkC +RLpRw+55smAUo6+8SC0oOGgBQ2TKDoaDYtCKGaYn8St7SykhW5rMaEIQyEtPDyOy +iHzEXG4XcMV3r5XAJaQiCtN8+dhyyNAtvafo0i2LTKFuCvy0QDO7mmv8pOrJ/uA0 +iEPMxrw/ddKlqa/6l7k+t85UoE3AXS7BKNhjVHK4rFr1OvsgYQY69KArOKvMgwxJ +1G4+bQ8+cy825vNPs8AA0UVJW4z2o5gdhH+ZCsPqCjzD0yR4SGf1GzsOHQ5DsQR1 +waA5dov22QKlHeGeWwe7NldKIU35iWm0bA/Xr6AVJJnn+NdTlOwSv6Sl1+3ujjV3 +d9ymfyBUktZj1nKeTSq2j3PzGaHEsB/mNKMLAD6XSSdhqqoEQTM4tVBRzDYV2x// +vcpIg0inswIDAQABo2MwYTAdBgNVHQ4EFgQUFM0qWXhjq2EZ6Lg9oeBawHXn+csw +DwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBQUzSpZeGOrYRnouD2h4FrAdef5 +yzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAD0JGQC2kQJs7A73 +4eJisL8zDf1VEvQImvcrLa73nEfYHwYBE7WO57KCCz2EWUPUB9grXBB6JCzKjejV +ozmcMczr4Drh1b/Px4d7YP9HOdejRNYIJlvPWlTsiNOOD3k8yKNPpsKOJ/DeEq5e +Ga3nIlaKWDLg+QbQqSq0NZsMhiZRAJRHUPylxCVh+VjwRXAuSXZ/EdZvtfkpBeEN +w05YH68d7DfQSvkGBoHT26CWuA6RMHnmUN+IuAupXNQH9MmozH2Pk2MJZAAFKmhm +Q7uiu/6VrvnEpQqIYkh4JXwqPxFkptMiIEedMtby48ikYXTngsJEuqDRXV+88UQO +g08cUIXE6eds/Oa4VeGiGoC3kESnhCKXRyLeqzg3z7XyHD5CcLt1tmUoa8t/gjWq +9vMgeChzB5YwcKUqcVyheaQWuUY9XrQASYWJ0w7fga5YjVjW4cVEeC4cILuiR5e/ +dhQ7qSiPnwt10qE87SvHjpCheqKZMGL8hR01czvztVkiG80IsQyddWrbhTsOh58y +T5IAAQFMSWiCgEFs+f1xvYv0eApgo56xUh3AiuOexb8rGWqYp7HeFVCfqpQlj6mA +gqdyuklkCSdhK268IygzXZ5u8Lm9IDKM3aALmbu0hAQkdSmW96elF7hRBet0rVF5 +lvy7+98JLQiSRM7A0rMYxxQivyHxMBswCgYIKwYBBQUHAwMMDUNBRURJQ09NIFJv +b3Q= +-----END TRUSTED CERTIFICATE----- + +# CA Disig +-----BEGIN TRUSTED CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJTSzET +MBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjERMA8GA1UE +AxMIQ0EgRGlzaWcwHhcNMDYwMzIyMDEzOTM0WhcNMTYwMzIyMDEzOTM0WjBKMQsw +CQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcg +YS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCS9jHBfYj9mQGp2HvycXXxMcbzdWb6UShGhJd4NLxs/LxFWYgmGErE +Nx+hSkS943EE9UQX4j/8SFhvXJ56CbpRNyIjZkMhsDxkovhqFQ4/61HhVKndBpnX +mjxUizkDPw/Fzsbrg3ICqB9x8y34dQjbYkzo+s7552oftms1grrijxaSfQUMbEYD +XcDtab86wYqg6I7ZuUUohwjstMoVvoLdtUSLLa2GDGhibYVW8qwUYzrG0ZmsNHhW +S8+2rT+MitcE5eN4TPWGqvWP+j1scaMtymfraHtuM6kMgiioTGohQBUgDCZbg8Kp +FhXAJIJdKxatymP2dACw30PEEGBWZ2NFAgMBAAGjgf8wgfwwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUjbJJaJ1yCCW5wCf1UJNWSEZx+Y8wDgYDVR0PAQH/BAQD +AgEGMDYGA1UdEQQvMC2BE2Nhb3BlcmF0b3JAZGlzaWcuc2uGFmh0dHA6Ly93d3cu +ZGlzaWcuc2svY2EwZgYDVR0fBF8wXTAtoCugKYYnaHR0cDovL3d3dy5kaXNpZy5z +ay9jYS9jcmwvY2FfZGlzaWcuY3JsMCygKqAohiZodHRwOi8vY2EuZGlzaWcuc2sv +Y2EvY3JsL2NhX2Rpc2lnLmNybDAaBgNVHSAEEzARMA8GDSuBHpGT5goAAAABAQEw +DQYJKoZIhvcNAQEFBQADggEBAF00dGFMrzvY/59tWDYcPQuBDRIrRhCA/ec8J9B6 +yKm2fnQwM6M6int0wHl5QpNt/7EpFIKrIYwvF/k/Ji/1WcbvgAa3mkkp7M5+cTxq +EEHA9tOasnxakZzArFvITV734VP/Q3f8nktnbNfzg9Gg4H8l37iYC5oyOGwwoPP/ +CBUz91BKez6jPiCp3C9WgArtQVCwyfTssuMmRAAOb54GvCKWU3BlxFAKRmukLyeB +EicTXxChds6KezfqwzlhA5WYOudsiCUI/HloDYd9Yvi0X/vF2Ey9WLw/Q1vUHgFN +PGO+I++MzVpQuGhU+QqZMxEA4Z7CRneC9VkGjCFMhwnN5agwFjAKBggrBgEFBQcD +AwwIQ0EgRGlzaWc= +-----END TRUSTED CERTIFICATE----- + +# CA Disig Root R1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNV +BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu +MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQy +MDcxOTA5MDY1NlowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx +EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjEw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqw3j33Jijp1pedxiy3QRk +D2P9m5YJgNXoqqXinCaUOuiZc4yd39ffg/N4T0Dhf9Kn0uXKE5Pn7cZ3Xza1lK/o +OI7bm+V8u8yN63Vz4STN5qctGS7Y1oprFOsIYgrY3LMATcMjfF9DCCMyEtztDK3A +fQ+lekLZWnDZv6fXARz2m6uOt0qGeKAeVjGu74IKgEH3G8muqzIm1Cxr7X1r5OJe +IgpFy4QxTaz+29FHuvlglzmxZcfe+5nkCiKxLU3lSCZpq+Kq8/v8kiky6bM+TR8n +oc2OuRf7JT7JbvN32g0S9l3HuzYQ1VTW8+DiR0jm3hTaYVKvJrT1cU/J19IG32PK +/yHoWQbgCNWEFVP3Q+V8xaCJmGtzxmjOZd69fwX3se72V6FglcXM6pM6vpmumwKj +rckWtc7dXpl4fho5frLABaTAgqWjR56M6ly2vGfb5ipN0gTco65F97yLnByn1tUD +3AjLLhbKXEAz6GfDLuemROoRRRw1ZS0eRWEkG4IupZ0zXWX4Qfkuy5Q/H6MMMSRE +7cderVC6xkGbrPAXZcD4XW9boAo0PO7X6oifmPmvTiT6l7Jkdtqr9O3jw2Dv1fkC +yC2fg69naQanMVXVz0tv/wQFx1isXxYb5dKj6zHbHzMVTdDypVP1y+E9Tmgt2BLd +qvLmTZtJ5cUoobqwWsagtQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBBjAdBgNVHQ4EFgQUiQq0OJMa5qvum5EY+fU8PjXQ04IwDQYJKoZI +hvcNAQEFBQADggIBADKL9p1Kyb4U5YysOMo6CdQbzoaz3evUuii+Eq5FLAR0rBNR +xVgYZk2C2tXck8An4b58n1KeElb21Zyp9HWc+jcSjxyT7Ff+Bw+r1RL3D65hXlaA +SfX8MPWbTx9BLxyE04nH4toCdu0Jz2zBuByDHBb6lM19oMgY0sidbvW9adRtPTXo +HqJPYNcHKfyyo6SdbhWSVhlMCrDpfNIZTUJG7L399ldb3Zh+pE3McgODWF3vkzpB +emOqfDqo9ayk0d2iLbYq/J8BjuIQscTK5GfbVSUZP/3oNn6z4eGBrxEWi1CXYBmC +AMBrTXO40RMHPuq2MU/wQppt4hF05ZSsjYSVPCGvxdpHyN85YmLLW1AL14FABZyb +7bq2ix4Eb5YgOe2kfSnbSM6C3NQCjR0EMVrHS/BsYVLXtFHCgWzN4funodKSds+x +DzdYpPJScWc/DIh4gInByLUfkmO+p3qKViwaqKactV2zY9ATIKHrkWzQjX2v3wvk +F7mGnjixlAxYjOBVqjtjbZqJYLhkKpLGN/R+Q0O3c+gB53+XD9fyexn9GtePyfqF +a3qdnom2piiZk4hA9z7NUaPK6u95RyG1/jLix8NRb76AdPCkwzryT+lf3xkK8jsT +Q6wxpLPn6/wY1gGp8yqPNg7rtLG8t0zJa7+h89n07eLw4+1knj0vllJPgFOLMB4w +CgYIKwYBBQUHAwMMEENBIERpc2lnIFJvb3QgUjE= +-----END TRUSTED CERTIFICATE----- + +# CA Disig Root R2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV +BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu +MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy +MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx +EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe +NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH +PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I +x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe +QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR +yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO +QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912 +H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ +QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD +i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs +nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1 +rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI +hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf +GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb +lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka ++elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal +TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i +nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3 +gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr +G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os +zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x +L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcLMDIw +HgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEFBQcDAwwQQ0EgRGlzaWcgUm9vdCBS +Mg== +-----END TRUSTED CERTIFICATE----- + +# CA WoSign ECC Root +-----BEGIN TRUSTED CERTIFICATE----- +MIICCTCCAY+gAwIBAgIQaEpYcIBr8I8C+vbe6LCQkDAKBggqhkjOPQQDAzBGMQsw +CQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxGzAZBgNVBAMT +EkNBIFdvU2lnbiBFQ0MgUm9vdDAeFw0xNDExMDgwMDU4NThaFw00NDExMDgwMDU4 +NThaMEYxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEb +MBkGA1UEAxMSQ0EgV29TaWduIEVDQyBSb290MHYwEAYHKoZIzj0CAQYFK4EEACID +YgAE4f2OuEMkq5Z7hcK6C62N4DrjJLnSsb6IOsq/Srj57ywvr1FQPEd1bPiUt5v8 +KB7FVMxjnRZLU8HnIKvNrCXSf4/CwVqCXjCLelTOA7WRf6qU0NGKSMyCBSah1VES +1ns2o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQUqv3VWqP2h4syhf3RMluARZPzA7gwCgYIKoZIzj0EAwMDaAAwZQIxAOSkhLCB +1T2wdKyUpOgOPQB0TKGXa/kNUTyh2Tv0Daupn75OcsqF1NnstTJFGG+rrQIwfcf3 +aWMvoeGY7xMQ0Xk/0f7qO3/eVvSQsRUR2LIiFdAvwyYua/GRspBl9JrmkO5KMCAw +CgYIKwYBBQUHAwMMEkNBIFdvU2lnbiBFQ0MgUm9vdA== +-----END TRUSTED CERTIFICATE----- + +# CA 沃通根证书 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFWDCCA0CgAwIBAgIQUHBrzdgT/BtOOzNy0hFIjTANBgkqhkiG9w0BAQsFADBG +MQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxGzAZBgNV +BAMMEkNBIOayg+mAmuagueivgeS5pjAeFw0wOTA4MDgwMTAwMDFaFw0zOTA4MDgw +MTAwMDFaMEYxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRl +ZDEbMBkGA1UEAwwSQ0Eg5rKD6YCa5qC56K+B5LmmMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA0EkhHiX8h8EqwqzbdoYGTufQdDTc7WU1/FDWiD+k8H/r +D195L4mx/bxjWDeTmzj4t1up+thxx7S8gJeNbEvxUNUqKaqoGXqW5pWOdO2XCld1 +9AXbbQs5uQF/qvbW2mzmBeCkTVL829B0txGMe41P/4eDrv8FAxNXUDf+jJZSEExf +v5RxadmWPgxDT74wwJ85dE8GRV2j1lY5aAfMh09Qd5Nx2UQIsYo06Yms25tO4dnk +UkWMLhQfkWsZHWgpLFbE4h4TV2TwYeO5Ed+w4VegG63XX9Gv2ystP9Bojg/qnw+L +NVgbExz03jWhCl3W6t8Sb8D7aQdGctyB9gQjF+BNdeFyb7Ao65vh4YOhn0pdr8yb ++gIgthhid5E7o9Vlrdx8kHccREGkSovrlXLp9glk3Kgtn3R46MGiCWOc76DbT52V +qyBPt7D3h1ymoOQ3OMdc4zUPLK2jgKLsLl3Az+2LBcLmc272idX10kaO6m1jGx6K +yX2m+Jzr5dVjhU1zZmkR/sgO9MHHZklTfuQZa/HpelmjbX7FF+Ynxu8b22/8DU0G +AbQOXDBGVWCvOGU6yke6rCzMRh+yRpY/8+0mBe53oWprfi1tWFxK1I5nuPHa1UaK +J/kR8slC/k7e3x9cxKSGhxYzoacXGKUN5AXlK8IrC6KVkLn9YDxOiT7nnO4fuwEC +AwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFOBNv9ybQV0T6GTwp+kVpOGBwboxMA0GCSqGSIb3DQEBCwUAA4ICAQBqinA4 +WbbaixjIvirTthnVZil6Xc1bL3McJk6jfW+rtylNpumlEYOnOXOvEESS5iVdT2H6 +yAa+Tkvv/vMx/sZ8cApBWNromUuWyXi8mHwCKe0JgOYKOoICKuLJL8hWGSbueBwj +/feTZU7n85iYr83d2Z5AiDEoOqsuC7CsDCT6eiaY8xJhEPRdF/d+4niXVOKM6Cm6 +jBAyvd0zaziGfjk9DgNyp115j0WKWa5bIW4xRtVZjc8VX90xJc/bYNaBRHIpAlf2 +ltTW/+op2znFuCyKGo3Oy+dCMYYFaA6eFN0AkLppRQjbbpCBhqcqBT/mhDn4t/lX +X0ykeVoQDF7Va/81XwVRHmyjdanPUIPTfPRm94KNPQx96N97qA4bLJyuQHCH2u2n +FoJavjVsIE4iYdm8UXrNemHcSxH5/mc0zy4EZmFcV5cjjPOGG0jfKq+nwf/Yjj4D +u9gqsPoUJbJRa4ZDhS4HIxaAjUz7tGM7zMN07RujHv41D198HRaG9Q7DlfEvr10l +O1Hm13ZBONFLAzkopR6RctR9q5czxNM+4Gm2KHmgCY0c0f9BckgG/Jou5yD5m6Le +ie2uPAmvylezkolwQOQvT8Jwg0DXJCxr5wkf09XHwQj02w47HAcLQxGEIYbpgNR1 +2KvxAmLBsX5VYc8T1yaw15zLKYs4SgsOkI26oTAgMAoGCCsGAQUFBwMDDBJDQSDm +soPpgJrmoLnor4HkuaY= +-----END TRUSTED CERTIFICATE----- + +# CCA India 2011 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDIzCCAgugAwIBAgICJ44wDQYJKoZIhvcNAQELBQAwOjELMAkGA1UEBhMCSU4x +EjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMTEwHhcN +MTEwMzExMDY0ODUyWhcNMTYwMzExMDY0ODUyWjA6MQswCQYDVQQGEwJJTjESMBAG +A1UEChMJSW5kaWEgUEtJMRcwFQYDVQQDEw5DQ0EgSW5kaWEgMjAxMTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAIcKHg65oKggmBq4ehX2R/G/0sYn5BJq +lgRndc2MxuP03crVxBw17k3p5CLUlzjXrGNpSMB8eWK/xyJJW0bB8RgUThgdLKVa +kriFFa8XVhOOnxYOIpaBhHkjQuxP3q/2v4lPAF7m1wjSlZSaEywEEYPvkY8IVax6 +VkSbxfTUF+vkd02U4UFYEemiqgmGLSYhIPXAzMMVzEwJu93c9VIDeWCPPHk6JTQj +h0h18kFwTRowCIZ1zlgZqNcVfiPy50m+//5XUnhC8yZ33Xr3YuXLXZYzlJO7xBoW +rwhX65zl9yN0jekdC7GKlHOZEZHFaKDxig2BrbRRaG5JhgAGUk4pQ+cCAwEAAaMz +MDEwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQITQeoY/LbHN8wCwYDVR0PBAQD +AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBuFNog8khrZP8qdM1WtcU5D35hHzVZGx0o +bSN0nXi/q62JALlwhfXoFD7k7J+WZFzSsSIgowic6AxLaCiOVQW/PuBO2tic0G4g +7P56O8I2R5fYKwizrsLR5gg/Sug6P1b14OU/8mm2eRLg8Dm3GOzS6YQOGDgWikk7 +b1fVOTu/E/DAp83yPR5skad3Y7yr2VY4D0q5GcArjPuXH8an7IbO043j0ft10fH3 +pmPEz+ixpJJFaPLojLGtfi0g+7ilVO3KDY8yHWimMW6wyJ7V+r8Gm28pfXoDSb8r +e1mTFMXqy/FMKYIOKe6KVHw8zVWCJXIOcU4leE3TTllAys7zmdGiMBwwCgYIKwYB +BQUHAwMMDkNDQSBJbmRpYSAyMDEx +-----END TRUSTED CERTIFICATE----- + +# CCA India 2015 SPL +-----BEGIN TRUSTED CERTIFICATE----- +MIIDKzCCAhOgAwIBAgICJ7UwDQYJKoZIhvcNAQELBQAwPjELMAkGA1UEBhMCSU4x +EjAQBgNVBAoTCUluZGlhIFBLSTEbMBkGA1UEAxMSQ0NBIEluZGlhIDIwMTUgU1BM +MB4XDTE1MDEyOTExMzY0M1oXDTI1MDEyOTExMzY0M1owPjELMAkGA1UEBhMCSU4x +EjAQBgNVBAoTCUluZGlhIFBLSTEbMBkGA1UEAxMSQ0NBIEluZGlhIDIwMTUgU1BM +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9c2iT03QQ6RP2sgX/w6 +fjtaXS/DDIdTPBiiyGFzDQgOVh7SbmClV2Xc/s9Qhg9aTqtiiwTKVu/h0Z6udK2q ++j9BWNFVcHA+RckbgHP8CIjki3KoCrUpV7CtCpFBGpxfUH2sFxolWyHwlSvn3zes +NPMHsPEdwRPvey46xalhkLJ4X1RQPLNaVWO2yxCjb/sN9Lbv5gjeohC/dpd/6tmW +0dTDcwJxtKmwrKwfFyClR0bWRAI4mb7LFHj+5l/Ef91v6apHFJAR2B2AwBXUjKCZ +4xkOCg/MGgic1FMHAOAfSb+CgkzPm9hu09QRABJsD31gZ0qMUNvyL+C5eYeDw1zC +OQIDAQABozMwMTAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhMEXCqj90fBzAL +BgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAC28jBXKNO1MKCK74VMlSzqX +qe0moqSrTfsKEm7nNeZnDhiBYjalzMLfGuVoAYFOs5nURxUSnXbpoaYTHbD/fbtX +4+9Zm8g7UGnGYzqsoMHlkOhkKVxIQWk3rDu73eNVxteSDZWDsChXwqOplqfK3kwe +mv8+pS4nXttmZyeF76uKXHN8iM1HZvCdg8yEj+Ip9B9Bb7f1IQ31lFZR4/z/E1i3 +nwPuKZ/SAbBinpS9GYZaQ/pqiYGw6lwYh8qAlfvtAb8RGt+VFK4u4q/NkZC6syfD +bxDY2Q60pXRsgbdfGcz+J06zRZhYGJxXxJJyEs+ngjnV4RCXCoYwRYVjqGtNmvww +IDAKBggrBgEFBQcDAwwSQ0NBIEluZGlhIDIwMTUgU1BM +-----END TRUSTED CERTIFICATE----- + +# CFCA EV ROOT +-----BEGIN TRUSTED CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD +TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx +MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j +aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP +T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 +sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL +TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 +/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp +7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz +EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt +hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP +a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot +aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg +TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV +PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv +cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL +tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd +BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT +ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL +jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS +ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy +P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 +xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d +Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN +5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe +/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z +AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ +5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63suMCQwFAYIKwYBBQUHAwEG +CCsGAQUFBwMDDAxDRkNBIEVWIFJPT1Q= +-----END TRUSTED CERTIFICATE----- + +# CFCA GT CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDHzCCAgegAwIBAgIEGZk8PzANBgkqhkiG9w0BAQUFADAiMQswCQYDVQQGEwJD +TjETMBEGA1UEChMKQ0ZDQSBHVCBDQTAeFw0xMTA2MTMwODE1MDlaFw0yNjA2MDkw +ODE1MDlaMCIxCzAJBgNVBAYTAkNOMRMwEQYDVQQKEwpDRkNBIEdUIENBMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3PGWiuMePZYt/zSF5ClK3TsgSyT +zVLMbuQqyyShMeStMG7jmCIx1yGbn9UPNy9auziit3kmZ9YNxRcqnLlUBOENdYZu +2MzFgGcbyIwtACaGPHp5Prapwk4gsDeXxoV2EoIK51S7i/49ruPsa1hD9qU361ii +vZDE5fvKa8owbLd7ifYx0oz/T8KWJUOpcTUlCxjhrMijJLZxk4zxXfycEAV7/8Bb +4LGXrR/Y/kX1wB+dW0c5HAb622aF2yQj6nvSOSD46yqyGlHzlFooAk6nXEduz/zZ +6OZhWhYnxxUNmNno0wM1kCnfsi+NEHcjyLh60xFhavP/gZKl7EJLaE6A1wIDAQAB +o10wWzAfBgNVHSMEGDAWgBSMdlDOJdN5Kzz0bZ2a4Z4FT+g9JTAMBgNVHRMEBTAD +AQH/MAsGA1UdDwQEAwIBxjAdBgNVHQ4EFgQUjHZQziXTeSs89G2dmuGeBU/oPSUw +DQYJKoZIhvcNAQEFBQADggEBAL67lljU3YmJDyzN+mNFdg05gJqN+qhFYT0hVejO +aMcZ6cKxB8KLOy/PYYWQp1IXMjqvCgUVyMbO3Y6UJgb40GDus27UDbpa3augfFBy +ptWQk1bXWTnb6H+zlXhTgVJSX/SSgQLB+yK50QNXp37L+8BGvBN0TCgrdpJpH8FQ +kRHFTN4LlIwXg4yvN4e06mtvolo1QWGFL5wXwPu5DqJhBkd2vJAJmHQN0ggvveQN +cvGmX8N8wH3qvNOrIJHLXAWMnag1+jZWuwnzhF3W8eIsntl+8YKg4bcvfu35e6AA +uLLeHXnhgfNSWZoUXefCEfOawzp4I75OZt6kOWnymDosCgAwGDAKBggrBgEFBQcD +AwwKQ0ZDQSBHVCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# CHAMBERS OF COMMERCE ROOT - 2016 +-----BEGIN TRUSTED CERTIFICATE----- +MIIG4DCCBMigAwIBAgIINJotoYIGsrMwDQYJKoZIhvcNAQELBQAwggEMMQswCQYD +VQQGEwJFUzEPMA0GA1UECAwGTUFEUklEMQ8wDQYDVQQHDAZNQURSSUQxOjA4BgNV +BAsMMXNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2Fk +ZHJlc3MxKTAnBgNVBAsMIENIQU1CRVJTIE9GIENPTU1FUkNFIFJPT1QgLSAyMDE2 +MRIwEAYDVQQFEwlBODI3NDMyODcxGDAWBgNVBGEMD1ZBVEVTLUE4Mjc0MzI4NzEb +MBkGA1UECgwSQUMgQ0FNRVJGSVJNQSBTLkEuMSkwJwYDVQQDDCBDSEFNQkVSUyBP +RiBDT01NRVJDRSBST09UIC0gMjAxNjAeFw0xNjA0MTQwNzM1NDhaFw00MDA0MDgw +NzM1NDhaMIIBDDELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1BRFJJRDEPMA0GA1UE +BwwGTUFEUklEMTowOAYDVQQLDDFzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5j +YW1lcmZpcm1hLmNvbS9hZGRyZXNzMSkwJwYDVQQLDCBDSEFNQkVSUyBPRiBDT01N +RVJDRSBST09UIC0gMjAxNjESMBAGA1UEBRMJQTgyNzQzMjg3MRgwFgYDVQRhDA9W +QVRFUy1BODI3NDMyODcxGzAZBgNVBAoMEkFDIENBTUVSRklSTUEgUy5BLjEpMCcG +A1UEAwwgQ0hBTUJFUlMgT0YgQ09NTUVSQ0UgUk9PVCAtIDIwMTYwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQDqxqSh1K2Zlsmf9bxQAPQsz/J46PIsAifW +g4wEq9MOe1cgydSvZfSH3TAI185Bo3YK24pG5Kb97QjOcD/6EGB5TGuBVIBV5Od6 +IbZ1mtxe9g6Z/PjC30GOL6vHW20cUFnA7eisgkL+ua8vDEFRnL0AbmRRsjvlNquV +kRL7McdzrBzYZXY7zhtMTrAfIAb7ULT7m6F5jhaV45/rGEuEqzmTzTeD0Ol8CyeP +7UII6YZGMqyaJmlwYS0YvT9Q8J72aFBOaZVwwe2TqZdOKaK63cKfbkkIK6P6I/Ep +XrB9MVmb7YzNpm74+PfYGOjaVulI8kB0fp7NIK8UJFnudzWFv0qZSql13bMm4wbO +fW9LZKN2NBk+FG+FVDjiiy1AtWRmH1czHHDNw7QoWhQjXPy4vbP+OxJf9rmMHciU +Clbbcn7vJwcNALS/fZk/TUWzm/cdGdBPBPrHc5SIfYsUKpng6ZmSCcbWAWu38NtD +V2Ibx0RS4pdjus/qzmDmCuUYaC0zgHWgMAdo9tX3Eyw6sJ7oWFVujFZETUMXQQLM +d9xfRQVZz81g07/S9uL01dyHcTMHGvVvtH89l/tfZPRODgBECenr7D5xGQQXOUhg +uEv/XshlmSumMvJbhqid6CN0EHjvyyedMbpgi04GUOJQHQdgwkGMFbRbNxwK5QkZ +cgSKPOMB2wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSeLmVP +Plf1q32WxovfszVtSuieizAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQAD +ggIBAAVpKoWXJlC6QjkckyzST1vRXUQm2m9pK7V7ntD0Si5Ix+x/n8pZerlE9z69 +91BrUZ90/5AaQNCTeZIPiiNei6+BC9CLrWbgKtyaKb012GxAFElCPYkvupsrOLwa +owu3iNetxhQM7nxJrK7s8j0YT4xtFF0Oqrffd6s7j2JOiwxlxhmOzcAMoXeqtN16 +pxMF5jkYx5VkfgO2i5DB5V8AI5jmc9oR0hD/HlMiJ8fTAckvxTsybvDDOMoSZ7y6 +Iym7xJVJWgbd1FqQ1BNt59XCfOJYBMDsxL2iPH7GI4F1fKtwXzSElfez1UeWT3HK +eDIIILRCpEJr1SWcsifrwQ5HRAnhKw/QIzZuHLm6TqzM8AyUzkEPa90P1cjgF4ve +Ol1Svul1JR26BQfaVhk8jdHX8VE22ZLvonhRBVi9UswKXm+v2tDlDNtswSPvOTF3 +FwcAjPa6D3D5vL7h5H3hzER6pCHsRz+o1hWl7AGpyHDomGcdvVlUfqFXFTUHxXLJ +Prcpho2f2jJ5MtzbqOUJ/+9WKv6TsY4qE+2toitrLwTezS+SktY+YLV4AZUHCKls +4xza++WbI1YgW+nQXMZKJDu847YiFiqEkv+o/pe/o53bYV7uGSos1+sNdlY4dX5J +AJNXyfwjWvz08d8qnbCMafQQo1WdcDwi/wfWK7aZwJfQ9CqgMC4wCgYIKwYBBQUH +AwMMIENIQU1CRVJTIE9GIENPTU1FUkNFIFJPT1QgLSAyMDE2 +-----END TRUSTED CERTIFICATE----- + +# CISRCA1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFojCCA4qgAwIBAgIGC4LclDN2MA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYT +AkNBMSswKQYDVQQKEyJDYXJpbGxvbiBJbmZvcm1hdGlvbiBTZWN1cml0eSBJbmMu +MSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRAwDgYDVQQDEwdD +SVNSQ0ExMB4XDTEyMTAxNjE4MjgzM1oXDTMyMTAxNjE4MjgzM1owcDELMAkGA1UE +BhMCQ0ExKzApBgNVBAoTIkNhcmlsbG9uIEluZm9ybWF0aW9uIFNlY3VyaXR5IElu +Yy4xIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxEDAOBgNVBAMT +B0NJU1JDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEdvFial/N +Kc0ENn9uYX5z9J1m3yJamoNEgWb9ThGwPqzoiLJTOf/jur7U/9OF2L1br2hPM6y4 +FH0SW3qVa8c2/iuP9IhgiTqqWThMwV1VgaXf2B8xetOjTvBRy8Mxh64L3speG6F0 +OPCSd3E8yxN+oMEKmL3YuPhUNJhOZxaaV0smhl8bZnKqwfJogp1YQXxxIuLPATH+ +4uBWqWjgrTOvNTkunG4GTPMjdi9pJugFOWm39Uga99/ZOTcyVREnBIEfnTyLjINS +d8GuLM0rKkrlLfEZabqHXoud4HHIdNLN7m44N2pdGQDSdt2i6247qh31NgZPX15s +whDz3W+12nla/tVGRDRIr4YANHwkhN1FkPkWgqyokdTpRjNvfrpHH+Hvr+VQ1sb5 +p+1sl6orKU5dxfge9nTJqyT4DVPHaBW+/FyrPXIL0nAEtxbjaanxZ7rGAEx7gDQ1 +Ll7tH6Al96WCahB/v49Zb8NGpspCTkIjhQY5NYy18dfBI0JF/S8lcfjzB9MHaL7b +mGwq9qVH97BlYK2ufOYRHSdUCGWw2ILAYWvpfo8i1nEda0EgZdhXmh98DlpU4JSw +bXXvKDI1PFXDbWf4JL37QPNanTbZNUy74mvZsTYP5G8gGsVvesOROa+vzPP2vSCG +utMkITwfNynmn/wav5jfPLogIRKpwjoqkwIDAQABo0IwQDAdBgNVHQ4EFgQU6pUV +2lw5AOKa28S6LWf6ofd1NO0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AcYwDQYJKoZIhvcNAQELBQADggIBADXQ2Lie8gn48J+ybkiy1+qhmyiJOc3+Fmod +6ZyCX1FHOvWe0byuH5/iXErI7O1GQvF8QwcV326X9u2G/J/FCF6CDqMuqAouvI4b +MRIo9nkowSK20ZVpQOhZCSeikWR26tATjXD8ZcNvEZ8qSMqnYvWDFOUaFseRi7QJ +xc574+QdbZei6csmHmu03D6Ddi9eTahoiVT9TtJGqED22Mp4zzYaPVlljJv1Kx9M +gt94eE0mSkdprW8zHwMeIk7ZBlmeRvxQNV/GhRvkG/gAyeDTOqsmQ81H+lr4hQvH +Mtq1DS0wKTp5sxTppQ9wJdGNCVCU7U2SnjA3QNtaeEmPDzkvvS7XqwiUySmK992M +vYJ8MFti6DVGVjhdkfYOb4zulZ/9dJ3t7RCrzouPt61/TWlJ8McRVZuagvei+jPy +RBH6FUtGqZtrl0LWtLcJERR5U6bnfy0nOgo0JETOVYx6gHVzAkvi+kaUfTMUDUJW +uaDmL4VIkZ9EuqEoqbEfiXomClNchbl8hJiMKGCltnqNPaAAPdx/qkjpqC6sX96H +LVykaxbqveiVtc54CfhxNuWQaNIHlrq8AIsOmG1NcFPAw8wbE5xImpk9EsAnjmGS +TGhSb40DHIn104bA/3FJTyBr/dFvkST18UcjTVnf0L1JQv1AOD7i8QVcJegQ5FoC +A+O7fCUqMBUwCgYIKwYBBQUHAwMMB0NJU1JDQTE= +-----END TRUSTED CERTIFICATE----- + +# CNNIC ROOT +-----BEGIN TRUSTED CERTIFICATE----- +MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJD +TjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2 +MDcwOTE0WhcNMjcwNDE2MDcwOTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMF +Q05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzDo+/hn7E7SIX1mlwh +IhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tizVHa6 +dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZO +V/kbZKKTVrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrC +GHn2emU1z5DrvTOTn1OrczvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gN +v7Sg2Ca+I19zN38m5pIEo3/PIKe38zrKy5nLAgMBAAGjczBxMBEGCWCGSAGG+EIB +AQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscCwQ7vptU7ETAPBgNVHRMB +Af8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991SlgrHAsEO +76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnK +OOK5Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvH +ugDnuL8BV8F3RTIMO/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7Hgvi +yJA/qIYM/PmLXoXLT1tLYhFHxUV8BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fL +buXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2G8kS1sHNzYDzAgE8yGnLRUhj +2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5mmxEwGDAKBggr +BgEFBQcDAwwKQ05OSUMgUk9PVA== +-----END TRUSTED CERTIFICATE----- + +# COMODO Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw +MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW +/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g +PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY +SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv +IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 +zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd +BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB +ZTBAMB4GCCsGAQUFBwMEBggrBgEFBQcDAQYIKwYBBQUHAwMMHkNPTU9ETyBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eQ== +-----END TRUSTED CERTIFICATE----- + +# COMODO ECC Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT +IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw +MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy +ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N +T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR +FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J +cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW +BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm +fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv +GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdYwRDAeBggrBgEFBQcDBAYIKwYB +BQUHAwEGCCsGAQUFBwMDDCJDT01PRE8gRUNDIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5 +-----END TRUSTED CERTIFICATE----- + +# COMODO RSA Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB +hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV +BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT +EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR +6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X +pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC +9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV +/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf +Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z ++pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w +qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah +SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC +u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf +Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq +crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl +wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM +4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV +2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna +FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ +CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK +boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke +jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL +S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb +QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl +0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB +NVOFBkpdn627G190MEQwHgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEFBQcDAwwi +Q09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ== +-----END TRUSTED CERTIFICATE----- + +# Certainly Root E1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQsw +CQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlu +bHkgUm9vdCBFMTAeFw0yMTA0MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJ +BgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0YWlubHkxGjAYBgNVBAMTEUNlcnRhaW5s +eSBSb290IEUxMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3m/4fxzf7flHh4axpMCK ++IKXgOqPyEpeKn2IaKcBYhSRJHpcnqMXfYqGITQYUBsQ3tA3SybHGWCA6TS9YBk2 +QNYphwk8kXr2vBMj3VlOBF7PyAIcGFPBMdjaIOlEjeR2o0IwQDAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ygYy2R17ikq6+2uI1g4 +hevIIgcwCgYIKoZIzj0EAwMDaAAwZQIxALGOWiDDshliTd6wT99u0nCK8Z9+aozm +ut6Dacpps6kFtZaSF4fC0urQe87YQVt8rgIwRt7qy12a7DLCZRawTDBcMPPaTnOG +BtjOiQRINzf43TNRnXCve1XYAS59BWQOhriRMB8wCgYIKwYBBQUHAwEMEUNlcnRh +aW5seSBSb290IEUx +-----END TRUSTED CERTIFICATE----- + +# Certainly Root R1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAw +PTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2Vy +dGFpbmx5IFJvb3QgUjEwHhcNMjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9 +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0 +YWlubHkgUm9vdCBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANA2 +1B/q3avk0bbm+yLA3RMNansiExyXPGhjZjKcA7WNpIGD2ngwEc/csiu+kr+O5MQT +vqRoTNoCaBZ0vrLdBORrKt03H2As2/X3oXyVtwxwhi7xOu9S98zTm/mLvg7fMbed +aFySpvXl8wo0tf97ouSHocavFwDvA5HtqRxOcT3Si2yJ9HiG5mpJoM610rCrm/b0 +1C7jcvk2xusVtyWMOvwlDbMicyF0yEqWYZL1LwsYpfSt4u5BvQF5+paMjRcCMLT5 +r3gajLQ2EBAHBXDQ9DGQilHFhiZ5shGIXsXwClTNSaa/ApzSRKft43jvRl5tcdF5 +cBxGX1HpyTfcX35pe0HfNEXgO4T0oYoKNp43zGJS4YkNKPl6I7ENPT2a/Z2B7yyQ +wHtETrtJ4A5KVpK8y7XdeReJkd5hiXSSqOMyhb5OhaRLWcsrxXiOcVTQAjeZjOVJ +6uBUcqQRBi8LjMFbvrWhsFNunLhgkR9Za/kt9JQKl7XsxXYDVBtlUrpMklZRNaBA +2CnbrlJ2Oy0wQJuK0EJWtLeIAaSHO1OWzaMWj/Nmqhexx2DgwUMFDO6bW2BvBlyH +Wyf5QBGenDPBt+U1VwV/J84XIIwc/PH72jEpSe31C4SnT8H2TsIonPru4K8H+zMR +eiFPCyEQtkA6qyI6BJyLm4SGcprSp6XEtHWRqSsjAgMBAAGjQjBAMA4GA1UdDwEB +/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTgqj8ljZ9EXME66C6u +d0yEPmcM9DANBgkqhkiG9w0BAQsFAAOCAgEAuVevuBLaV4OPaAszHQNTVfSVcOQr +PbA56/qJYv331hgELyE03fFo8NWWWt7CgKPBjcZq91l3rhVkz1t5BXdm6ozTaw3d +8VkswTOlMIAVRQdFGjEitpIAq5lNOo93r6kiyi9jyhXWx8bwPWz8HA2YEGGeEaIi +1wrykXprOQ4vMMM2SZ/g6Q8CRFA3lFV96p/2O7qUpUzpvD5RtOjKkjZUbVwlKNrd +rRT90+7iIgXr0PK3aBLXWopBGsaSpVo7Y0VPv+E6dyIvXL9G+VoDhRNCX8reU9di +taY1BMJH/5n9hN9czulegChB8n3nHpDYT3Y+gjwN/KUD+nsa2UUeYNrEjvn8K8l7 +lcUq/6qJ34IxD3L/DCfXCh5WAFAeDJDBlrXYFIW7pw0WwfgHJBu6haEaBQmAupVj +yTrsJZ9/nbqkRxWbRHDxakvWOF5D8xh+UG7pWijmZeZ3Gzr9Hb4DJqPb1OG7fpYn +Kx3upPvaJVQTA945xsMfTZDsjxtK0hzthZU4UHlG1sGQUDGpXJpuHfUzVounmdLy +yCwzk5Iwx06MZTMQZBf9JBeW0Y3COmor6xOLRPIh80oat3df1+2IpHLlOR+Vnb5n +wXARPbv0+Em34yaXOp/SX3z7wJl8OSngex2/DaeP0ik0biQVy96QXr8axGbqwua6 +OV+KmalBWQewLK8wHzAKBggrBgEFBQcDAQwRQ2VydGFpbmx5IFJvb3QgUjE= +-----END TRUSTED CERTIFICATE----- + +# Certification Authority of WoSign +-----BEGIN TRUSTED CERTIFICATE----- +MIIFdjCCA16gAwIBAgIQXmjWEXGUY1BWAGjzPsnFkTANBgkqhkiG9w0BAQUFADBV +MQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxKjAoBgNV +BAMTIUNlcnRpZmljYXRpb24gQXV0aG9yaXR5IG9mIFdvU2lnbjAeFw0wOTA4MDgw +MTAwMDFaFw0zOTA4MDgwMTAwMDFaMFUxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFX +b1NpZ24gQ0EgTGltaXRlZDEqMCgGA1UEAxMhQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgb2YgV29TaWduMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvcqN +rLiRFVaXe2tcesLea9mhsMMQI/qnobLMMfo+2aYpbxY94Gv4uEBf2zmoAHqLoE1U +fcIiePyOCbiohdfMlZdLdNiefvAA5A6JrkkoRBoQmTIPJYhTpA2zDxIIFgsDcScc +f+Hb0v1naMQFXQoOXXDX2JegvFNBmpGN9J42Znp+VsGQX+axaCA2pIwkLCxHC1l2 +ZjC1vt7tj/id07sBMOby8w7gLJKA84X5KIq0VC6a7fd2/BVoFutKbOsuEo/Uz/4M +x1wdC34FMr5esAkqQtXJTpCzWQ27en7N1QhatH/YHGkR+ScPewavVIMYe+HdVHpR +aG53/Ma/UkpmRqGyZxq7o093oL5d//xWC0Nyd5DKnvnyOfUNqfTq1+ezEC8wQjch +zDBwyYaYD8xYTYO7feUapTeNtqwylwA6Y3EkHp43xP901DfA4v6IRmAR3Qg/UDar +uHqklWJqbrDKaiFaafPz+x1wOZXzp26mgYmhiMU7ccqjUu6Du/2gd/Tkb+dC221K +mYo0SLwX3OSACCK28jHAPwQ+658geda4BmRkAjHXqc1S+4RFaQkAKtxVi8QGRkvA +Sh0JWzko/amrzgD5LkhLJuYwTKVYyrREgk/nkR4zw7CT/xH8gdLKH3Ep3XZPkiWv +HYG3Dy+MwwbMLyejSuQOmbp8HkUff6oZRZb9/D0CAwEAAaNCMEAwDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOFmzw7R8bNLtwYgFP6H +EtX2/vs+MA0GCSqGSIb3DQEBBQUAA4ICAQCoy3JAsnbBfnv8rWTjMnvMPLZdRtP1 +LOJwXcgu2AZ9mNELIaCJWSQBnfmvCX0KI4I01fx8cpm5o9dU9OpScA7F9dY74ToJ +MuYhOZO9sxXqT2r09Ys/L3yNWC7F4TmgPsc9SnOeQHrAK2GpZ8nzJLmzbVUsWh2e +JXLOC62qx1ViC777Y7NhRCOjy+EaDveaBk3e1CNOIZZbOVtXHS9dCF4Jef98l7VN +g64N1uajeeAz0JmWAjCnPv/So0M/BVoG6kQC2nz4SNAzqfkHx5Xh9T71XXG68pWp +dIhhWeO/yloTunK0jF02h+mmxTwTv97QRCbut+wucPrXnbes5cVAWubXbHssw1ab +R80LzvobtCHXt2a49CUwi1wNuepnsvRtrtWhnk/Yn+knArAdBtaP4/tIEp9/EaEQ +PkxROpaw0RPxx9gmrjrKkcRpnd8BKWRRb2jaFOwIQZeQjdCygPLPwj2/kWjFgGce +xGATVdVhmVd8upUPYUk6ynW8yQqTP2cOEvIo4jEbwFcW3wh8GcF+Dx+FHgo2fFt+ +J7x6v+Db9NpSvd4MVHAxkUOVyLzwPt0JfjBkUO1/AaQzZ01oT74V77D2AhGiGxMl +OtzCWfHjXEa7ZywCRuoeSKbmW9m1vFGikpbbqsY3Iqb+zCB0oy2pLmvLwIIRIbWT +ee5Ehr7XHuQe+zAvMAoGCCsGAQUFBwMDDCFDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSBvZiBXb1NpZ24= +-----END TRUSTED CERTIFICATE----- + +# Certification Authority of WoSign G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIQayXaioidfLwPBbOxemFFRDANBgkqhkiG9w0BAQsFADBY +MQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxLTArBgNV +BAMTJENlcnRpZmljYXRpb24gQXV0aG9yaXR5IG9mIFdvU2lnbiBHMjAeFw0xNDEx +MDgwMDU4NThaFw00NDExMDgwMDU4NThaMFgxCzAJBgNVBAYTAkNOMRowGAYDVQQK +ExFXb1NpZ24gQ0EgTGltaXRlZDEtMCsGA1UEAxMkQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkgb2YgV29TaWduIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAvsXEoCKASU+/2YcRxlPhuw+9YH+v9oIOH9ywjj2X4FA8jzrvZjtFB5sg+OPX +JYY1kBaiXW8wGQiHC38Gsp1ij96vkqVg1CuAmlI/9ZqD6TRay9nVYlzmDuDfBpgO +gHzKtB0TiGsOqCR3A9DuW/PKaZE1OVbFbeP3PU9ekzgkyhjpJMuSA93MHD0JcOQg +5PGurLtzaaNjOg9FD6FKmsLRY6zLEPg95k4ot+vElbGs/V6r+kHLXZ1L3PR8du9n +fwB6jdKgGlxNIuG12t12s9R23164i5jIFFTMaxeSt+BKv0mUYQs4kI9dJGwlezt5 +2eJ+na2fmKEG/HgUYFf47oB3sQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+mCp62XF3RYUCE4MD42b4Pdkr2cwDQYJ +KoZIhvcNAQELBQADggEBAFfDejaCnI2Y4qtAqkePx6db7XznPWZaOzG73/MWM5H8 +fHulwqZm46qwtyeYP0nXYGdnPzZPSsvxFPpahygc7Y9BMsaV+X3avXtbwrAh449G +3CE4Q3RM+zD4F3LBMvzIkRfEzFg3TgvMWvchNSiDbGAtROtSjFA9tWwS1/oJu2yy +SrHFieT801LYYRf+epSEj3m2M1m6D8QL4nCgS3gu+sif/a+RZQp4OBXllxcU3fng +LDT4ONCEIgDAFFEYKwLcMFrw6AF8NTojrwjkr6qOKEJJLvD1mTS+7Q9LGOHSJDy7 +XUe3IfKN0QqZjuNuPq1w4I+5ysxugTH2e5x6eeRncRgwMjAKBggrBgEFBQcDAwwk +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduIEcy +-----END TRUSTED CERTIFICATE----- + +# Certigna +-----BEGIN TRUSTED CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV +BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X +DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ +BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 +QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny +gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw +zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q +130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 +JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw +ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT +AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj +AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG +9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h +bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc +fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu +HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w +t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLjAqMB4GCCsGAQUFBwMEBggrBgEF +BQcDAQYIKwYBBQUHAwMMCENlcnRpZ25h +-----END TRUSTED CERTIFICATE----- + +# Certigna Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAw +WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw +MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x +MzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjdaMFoxCzAJBgNVBAYTAkZSMRIwEAYD +VQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxGTAX +BgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sO +ty3tRQgXstmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9M +CiBtnyN6tMbaLOQdLNyzKNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPu +I9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8JXrJhFwLrN1CTivngqIkicuQstDuI7pm +TLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16XdG+RCYyKfHx9WzMfgIh +C59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq4NYKpkDf +ePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3Yz +IoejwpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWT +Co/1VTp2lc5ZmIoJlXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1k +JWumIWmbat10TWuXekG9qxf5kBdIjzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5 +hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp//TBt2dzhauH8XwIDAQABo4IB +GjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of +1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczov +L3d3d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilo +dHRwOi8vY3JsLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYr +aHR0cDovL2NybC5kaGlteW90aXMuY29tL2NlcnRpZ25hcm9vdGNhLmNybDANBgkq +hkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOItOoldaDgvUSILSo3L +6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxPTGRG +HVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH6 +0BGM+RFq7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncB +lA2c5uk5jR+mUYyZDDl34bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdi +o2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1 +gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS6Cvu5zHbugRqh5jnxV/v +faci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaYtlu3zM63 +Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayh +jWZSaX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw +3kAP+HwV96LOPNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0w +MjAeBggrBgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMDDBBDZXJ0aWduYSBSb290 +IENB +-----END TRUSTED CERTIFICATE----- + +# Certinomis - Autorité Racine +-----BEGIN TRUSTED CERTIFICATE----- +MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjET +MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAk +BgNVBAMMHUNlcnRpbm9taXMgLSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4 +Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNl +cnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYwJAYDVQQDDB1DZXJ0 +aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jY +F1AMnmHawE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N +8y4oH3DfVS9O7cdxbwlyLu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWe +rP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K +/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92NjMD2AR5vpTESOH2VwnHu +7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9qc1pkIuVC +28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6 +lSTClrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1E +nn1So2+WLhl+HPNbxxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB +0iSVL1N6aaLwD4ZFjliCK0wi1F6g530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql09 +5gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna4NH4+ej9Uji29YnfAgMBAAGj +WzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQN +jLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ +KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9s +ov3/4gbIOZ/xWqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZM +OH8oMDX/nyNTt7buFHAAQCvaR6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q +619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40nJ+U8/aGH88bc62UeYdocMMzpXDn +2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1BCxMjidPJC+iKunqj +o3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjvJL1v +nxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG +5ERQL1TEqkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWq +pdEdnV1j6CTmNhTih60bWfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZb +dsLLO7XSAPCjDuGtbkD326C00EauFddEwk01+dIL8hf2rGbVJLJP0RyZwG71fet0 +BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/vgt2Fl43N+bYdJeimUV5 +MCswCgYIKwYBBQUHAwMMHUNlcnRpbm9taXMgLSBBdXRvcml0w6kgUmFjaW5l +-----END TRUSTED CERTIFICATE----- + +# Certipost E-Trust Primary Normalised CA +-----BEGIN TRUSTED CERTIFICATE----- +MIID4DCCAsigAwIBAgILBAAAAAABBVJkx2EwDQYJKoZIhvcNAQEFBQAwXTELMAkG +A1UEBhMCQkUxHDAaBgNVBAoTE0NlcnRpcG9zdCBzLmEuL24udi4xMDAuBgNVBAMT +J0NlcnRpcG9zdCBFLVRydXN0IFByaW1hcnkgTm9ybWFsaXNlZCBDQTAeFw0wNTA3 +MjYxMDAwMDBaFw0yMDA3MjYxMDAwMDBaMF0xCzAJBgNVBAYTAkJFMRwwGgYDVQQK +ExNDZXJ0aXBvc3Qgcy5hLi9uLnYuMTAwLgYDVQQDEydDZXJ0aXBvc3QgRS1UcnVz +dCBQcmltYXJ5IE5vcm1hbGlzZWQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDVs6pShHoXkyIPuAQYysnygiqsFQunUHG2TCVr9/8Bqldad05eExQN +VfIe8YXNhdeCHAzaCSu9/bye/m2JTaICJOZR6jd/MUZae5p2sy6gXV/k+JkKB77u +kiYSyXvnXWzQg0cOwIyn0XlXwAsZnJueQ8VOkSXOiCttedl5itZmTiLDGkVO78iw +YiZOJlRQnwxvs2vMfJ9/3g8NtY/Da9Thwvu7VlCqjD2PAIs8/EgXatJa83VtZYG9 +Rl2fomJTrs7zqeSRK1omw3lm0aZTZjUcBnGx7pkOxPtYEqwiRi3iIpLb4Ty/u/6G +55M0c894adPL3vkMsmjayYoKYFTE81ZjAgMBAAGjgaAwgZ0wDgYDVR0PAQH/BAQD +AgEGMA8GA1UdEwEB/wQFMAMBAf8wSAYDVR0gBEEwPzA9BgkDkA4HAQABAgAwMDAu +BggrBgEFBQcCARYiaHR0cDovL3d3dy5lLXRydXN0LmJlL0NQUy9RTmNlcnRzIDAd +BgNVHQ4EFgQUEfILltIzOIFXWBP9QKQRb06Z+mcwEQYJYIZIAYb4QgEBBAQDAgAH +MA0GCSqGSIb3DQEBBQUAA4IBAQA1a0/enfMDth3IvI3nXmqeqentoiuX6q/R4UbT +Akl9xFKF67r20785Yhidk0m9eAO/014V3e8nHOG7RQEigQBNOuCFyloyA8wgj6/v +wduo+vPc17KxDwOBCSngcXyL+n/LNm4b6BTO8EsmoTIpT8y09YdIDBP8x52vq9ST +9SpNf0iCWD4X/8OAKqs/V1W4OSxmEGQmbYxr1t2ggxpaVhGWRr2ucCjWOFdbkdU/ +Temss8MkSpZlXDTQHtS/CKWXXfdG23bwzT51YwArr62uht5fpplUDYUjpfy67RtS ++kkYd4VbqnKbJwg1RTcn25fJ+os9yNCd3lrvXaMWtph5ynzLMDUwCgYIKwYBBQUH +AwMMJ0NlcnRpcG9zdCBFLVRydXN0IFByaW1hcnkgTm9ybWFsaXNlZCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Certipost E-Trust Primary Qualified CA +-----BEGIN TRUSTED CERTIFICATE----- +MIID3jCCAsagAwIBAgILBAAAAAABBVJkxCUwDQYJKoZIhvcNAQEFBQAwXDELMAkG +A1UEBhMCQkUxHDAaBgNVBAoTE0NlcnRpcG9zdCBzLmEuL24udi4xLzAtBgNVBAMT +JkNlcnRpcG9zdCBFLVRydXN0IFByaW1hcnkgUXVhbGlmaWVkIENBMB4XDTA1MDcy +NjEwMDAwMFoXDTIwMDcyNjEwMDAwMFowXDELMAkGA1UEBhMCQkUxHDAaBgNVBAoT +E0NlcnRpcG9zdCBzLmEuL24udi4xLzAtBgNVBAMTJkNlcnRpcG9zdCBFLVRydXN0 +IFByaW1hcnkgUXVhbGlmaWVkIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAriDSeNuaoHKcBFIlLG1S2NcniTOg4bLV+zB1ay1/HGeODucfEt8XeRi7 +tBtv+D11G55nN/Dx+g917YadAwShKHAtPLJroHNR4zWpdKUIPpSFJzYqqnJk/Hfu +dpQccuu/Msd3A2olggkFr19gPH+sG7yS6Dx0Wc7xfFQtOK6W8KxvoTMMIVoBuiMg +W6CGAtVT3EkfqDKzrztGO7bvnzmzOAvneor2KPmnb1ApyHlYi0nSpdiFflbxaRV4 +RBE116VUPqtmJdLb4xjxLivicSMJN2RDQnQylnfel6LploacJUQJ1AGdUX4ztwlE +5YCXDWRbdxiXpUupnhCdh/pWp88KfQIDAQABo4GgMIGdMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTwePkHdxC73B6hrnn7MBDbxjT4 +FzBIBgNVHSAEQTA/MD0GCQOQDgcBAAECADAwMC4GCCsGAQUFBwIBFiJodHRwOi8v +d3d3LmUtdHJ1c3QuYmUvQ1BTL1FOY2VydHMgMBEGCWCGSAGG+EIBAQQEAwIABzAN +BgkqhkiG9w0BAQUFAAOCAQEAbOHYX3RY6XBJ1soNLFjaymS2UU/DBmQB6YpzHZ7P +Rni/O4WG4j1KGJQqgXdvgvhv9O4i/J0YIXJguxiAgpX7+feVJIFmwbXDtdK2dos7 +gVy4oQ4rARSLgAlA7vhgTBnkF80nAbNjEgWkCMm0v55QTrXeD5IzZnXQPecjfOol +cXz+Pi42eaHlKVAjNQWVeLufeWTcV0gnLOJcM83Cu35od6cvo0kXcuEAhGt9eq85 +CyzV2FdkMmyECmp2OtOszZ2x5zfc7AwvxVdg34j1Q7EBZCa0J4IQsqNQ75fmf7+R +h7PbkKkq4no0bHNJ9OiNLmuK3aGKf2PQv1ger8w/klAt0TA0MAoGCCsGAQUFBwMD +DCZDZXJ0aXBvc3QgRS1UcnVzdCBQcmltYXJ5IFF1YWxpZmllZCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Certipost E-Trust TOP Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDzDCCArSgAwIBAgILBAAAAAABBVJkwZUwDQYJKoZIhvcNAQEFBQAwUzELMAkG +A1UEBhMCQkUxHDAaBgNVBAoTE0NlcnRpcG9zdCBzLmEuL24udi4xJjAkBgNVBAMT +HUNlcnRpcG9zdCBFLVRydXN0IFRPUCBSb290IENBMB4XDTA1MDcyNjEwMDAwMFoX +DTI1MDcyNjEwMDAwMFowUzELMAkGA1UEBhMCQkUxHDAaBgNVBAoTE0NlcnRpcG9z +dCBzLmEuL24udi4xJjAkBgNVBAMTHUNlcnRpcG9zdCBFLVRydXN0IFRPUCBSb290 +IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdRLQNb78TUYO6Kw +Q+TJVaHAB7sIvjoZtSPDHp2zCEr0Q0vpwRlgkN+E11jGOt0KLJUsvZd//qJ12gbj +q5ts0bjPRIbBUmC33D47sPLpxFE8SrmDuU5hagObHFKAOlC0ILLb07LGVH/LYJvI +JJ6vCcdlDSj22poiwjNu8vMl1KT5lvVvqjxr3EEw5eZvykgfMHgdeX2n0b+uxV5D ++cYvg3abNEqkKFgrqIiFRGor8lZCdpmQM6ru+SHP8j35d4TL3SmExNSKKqQ5XD75 +HCVoTfXnm12xGjReygJz+QjEDG1e3RIq5XvFNnhSnTLBxSilIKjlmA25b8+5gJ7l +vrmb/QIDAQABo4GgMIGdMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MB0GA1UdDgQWBBRL3r4FMS7zNcjYyqdWxZQNtFplxTBIBgNVHSAEQTA/MD0GCQOQ +DgcBAAECADAwMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LmUtdHJ1c3QuYmUvQ1BT +L1FOY2VydHMgMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA +iWPMos74VGp8WTR4qwG0li0qIW5ALV/QliKZgwUc5STN4vU1BL8AlgfssqQ6aisj +PskPyhMduCSWCSbYPCqBzuGByMlzPvW7DwgekOCwkrnSOpdQ4AaO5IIwPGAgt6Tu +q4kG4fwlu5HU+bdfaGOooGiGa6fskssi+lBbE1gnritDC7YXxjByBDNEJkpEBx9z +oINBKeCSBrzVAer+vK9x6yAfCl0NoClezuRBUVWWwx+0MaWj81Pq/8KchnLPNkxW +WgYyfl6rSqHOp+ufpIwquSSLuLXzBk2myn2Z+/ZV6q5Iee4mWdMfDFMV92JR+YQN +lmxesQjmWQgrJikKwYNAczArMAoGCCsGAQUFBwMDDB1DZXJ0aXBvc3QgRS1UcnVz +dCBUT1AgUm9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Certplus Root CA G1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUA +MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy +dHBsdXMgUm9vdCBDQSBHMTAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBa +MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy +dHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +ANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHNr49a +iZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt +6kuJPKNxQv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP +0FG7Yn2ksYyy/yARujVjBYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f +6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTvLRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDE +EW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2z4QTd28n6v+WZxcIbekN +1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc4nBvCGrc +h2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCT +mehd4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV +4EJQeIQEQWGw9CEjjy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPO +WftwenMGE9nTdDckQQoRb5fc5+R+ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1Ud +DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSowcCbkahDFXxd +Bie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHYlwuBsTANBgkq +hkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh +66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7 +/SMNkPX0XtPGYX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BS +S7CTKtQ+FjPlnsZlFT5kOwQ/2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j +2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F6ALEUz65noe8zDUa3qHpimOHZR4R +Kttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilXCNQ314cnrUlZp5Gr +RHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWetUNy +6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEV +V/xuZDDCVRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5 +g4VCXA9DO2pJNdWY9BW/+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl +++O/QmueD6i9a5jc2NvLi6Td11n0bt3+qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvow +ITAKBggrBgEFBQcDAwwTQ2VydHBsdXMgUm9vdCBDQSBHMQ== +-----END TRUSTED CERTIFICATE----- + +# Certplus Root CA G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4x +CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs +dXMgUm9vdCBDQSBHMjAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4x +CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs +dXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABM0PW1aC3/BFGtat +93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uNAm8x +Ik0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0P +AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwj +FNiPwyCrKGBZMB8GA1UdIwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqG +SM49BAMDA2gAMGUCMHD+sAvZ94OX7PNVHdTcswYO/jOYnYs5kGuUIe22113WTNch +p+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjlvPl5adytRSv3tjFzzAal +U5ORGpOucGpnutee5WEaXzAhMAoGCCsGAQUFBwMDDBNDZXJ0cGx1cyBSb290IENB +IEcy +-----END TRUSTED CERTIFICATE----- + +# Certum EC-384 CA +-----BEGIN TRUSTED CERTIFICATE----- +MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQsw +CQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScw +JQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMT +EENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2MDcyNDU0WhcNNDMwMzI2MDcyNDU0 +WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBT +LkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAX +BgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATE +KI6rGFtqvm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7Tm +Fy8as10CW4kjPMIRBSqniBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68Kj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI0GZnQkdjrzife81r1HfS+8 +EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjADVS2m5hjEfO/J +UG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0QoSZ/6vn +nvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8kwMjAeBggr +BgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMDDBBDZXJ0dW0gRUMtMzg0IENB +-----END TRUSTED CERTIFICATE----- + +# Certum Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E +jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo +ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI +ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu +Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg +AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7 +HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA +uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa +TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg +xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q +CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x +O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs +6GAqm4VKQPNriiTsBhYsczAmMBQGCCsGAQUFBwMEBggrBgEFBQcDAwwOQ2VydHVt +IFJvb3QgQ0E= +-----END TRUSTED CERTIFICATE----- + +# Certum Trusted Network CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM +MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D +ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU +cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 +WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg +Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw +IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH +UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM +TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU +BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM +kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x +AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y +sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL +I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 +J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY +VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyww +OzAeBggrBgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMDDBlDZXJ0dW0gVHJ1c3Rl +ZCBOZXR3b3JrIENB +-----END TRUSTED CERTIFICATE----- + +# Certum Trusted Network CA 2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB +gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu +QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG +A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz +OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ +VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3 +b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA +DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn +0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB +OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE +fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E +Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m +o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i +sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW +OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez +Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS +adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n +3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ +F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf +CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29 +XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm +djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/ +WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb +AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq +P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko +b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj +XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P +5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi +DrW5viSPMD0wHgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEFBQcDAwwbQ2VydHVt +IFRydXN0ZWQgTmV0d29yayBDQSAy +-----END TRUSTED CERTIFICATE----- + +# Certum Trusted Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6 +MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEu +MScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNV +BAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwHhcNMTgwMzE2MTIxMDEzWhcNNDMw +MzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEg +U3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZ +n0EGze2jusDbCSzBfN8pfktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/q +p1x4EaTByIVcJdPTsuclzxFUl6s1wB52HO8AU5853BSlLCIls3Jy/I2z5T4IHhQq +NwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2fJmItdUDmj0VDT06qKhF +8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGtg/BKEiJ3 +HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGa +mqi4NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi +7VdNIuJGmj8PkTQkfVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSF +ytKAQd8FqKPVhJBPC/PgP5sZ0jeJP/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0P +qafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSYnjYJdmZm/Bo/6khUHL4wvYBQ +v3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHKHRzQ+8S1h9E6 +Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1 +vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQAD +ggIBAEii1QALLtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4 +WxmB82M+w85bj/UvXgF2Ez8sALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvo +zMrnadyHncI013nR03e4qllY/p0m+jiGPp2Kh2RX5Rc64vmNueMzeMGQ2Ljdt4NR +5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8CYyqOhNf6DR5UMEQ +GfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA4kZf +5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq +0Uc9NneoWWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7D +P78v3DSk+yshzWePS/Tj6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTM +qJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmTOPQD8rv7gmsHINFSH5pkAnuYZttcTVoP +0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZckbxJF0WddCajJFdr60qZf +E2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjbMDgwHgYIKwYBBQUH +AwQGCCsGAQUFBwMBBggrBgEFBQcDAwwWQ2VydHVtIFRydXN0ZWQgUm9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Chambers of Commerce Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg +b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa +MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB +ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw +IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B +AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb +unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d +BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq +7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 +0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX +roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG +A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j +aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p +26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA +BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud +EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN +BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz +aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB +AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd +p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi +1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc +XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 +eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu +tGWaIZDgqtCYvDi1czyL+NwwJzAKBggrBgEFBQcDAwwZQ2hhbWJlcnMgb2YgQ29t +bWVyY2UgUm9vdA== +-----END TRUSTED CERTIFICATE----- + +# Chambers of Commerce Root - 2008 +-----BEGIN TRUSTED CERTIFICATE----- +MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz +IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz +MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj +dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw +EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp +MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 +28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq +VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q +DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR +5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL +ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a +Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl +UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s ++12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 +Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj +ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx +hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV +HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 ++HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN +YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t +L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy +ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt +IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV +HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w +DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW +PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF +5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 +glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH +FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 +pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD +xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG +tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq +jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De +fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg +OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ +d0jQMDgwFAYIKwYBBQUHAwQGCCsGAQUFBwMDDCBDaGFtYmVycyBvZiBDb21tZXJj +ZSBSb290IC0gMjAwOA== +-----END TRUSTED CERTIFICATE----- + +# China Internet Network Information Center EV Certificates Root +-----BEGIN TRUSTED CERTIFICATE----- +MIID9zCCAt+gAwIBAgIESJ8AATANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMC +Q04xMjAwBgNVBAoMKUNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24g +Q2VudGVyMUcwRQYDVQQDDD5DaGluYSBJbnRlcm5ldCBOZXR3b3JrIEluZm9ybWF0 +aW9uIENlbnRlciBFViBDZXJ0aWZpY2F0ZXMgUm9vdDAeFw0xMDA4MzEwNzExMjVa +Fw0zMDA4MzEwNzExMjVaMIGKMQswCQYDVQQGEwJDTjEyMDAGA1UECgwpQ2hpbmEg +SW50ZXJuZXQgTmV0d29yayBJbmZvcm1hdGlvbiBDZW50ZXIxRzBFBgNVBAMMPkNo +aW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyIEVWIENlcnRp +ZmljYXRlcyBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm35z +7r07eKpkQ0H1UN+U8i6yjUqORlTSIRLIOTJCBumD1Z9S7eVnAztUwYyZmczpwA// +DdmEEbK40ctb3B75aDFk4Zv6dOtouSCV98YPjUesWgbdYavi7NifFy2cyjw1l1Vx +zUOFsUcW9SxTgHbP0wBkvUCZ3czY28Sf1hNfQYOL+Q2HklY0bBoQCxfVWhyXWIQ8 +hBouXJE0bhlffxdpxWXvayHG1VA6v2G5BY3vbzQ6sm8UY78WO5upKv23KzhmBsUs +4qpnHkWnjQRmQvaPK++IIGmPMowUc9orhpFjIpryp9vOiYurXccUwVswah+xt54u +gQEC7c+WXmPbqOY4twIDAQABo2MwYTAfBgNVHSMEGDAWgBR8cks5x8DbYqVPm6oY +NJKiyoOCWTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E +FgQUfHJLOcfA22KlT5uqGDSSosqDglkwDQYJKoZIhvcNAQEFBQADggEBACrDx0M3 +j92tpLIM7twUbY8opJhJywyA6vPtI2Z1fcXTIWd50XPFtQO3WKwMVC/GVhMPMdoG +52U7HW8228gd+f2ABsqjPWYWqJ1MFn3AlUa1UeTiH9fqBk1jjZaM7+czV0I664zB +echNdn3e9rG3geCg+aF4RhcaVpjwTj2rHO3sOdwHSPdj/gauwqRcalsyiMXHM4Ws +ZkJHwlgkmeHlPuV1LI5D1l08eB6olYIpUNHRFrrvwb562bTYzB5MRuF3sTGrvSrI +zo9uoV1/A3U05K2JRVRevq4opbs/eHnrc7MKDf2+yfdWrPa37S+bISnHOLaVxATy +wy39FCqQmbkHzJ8wTDAKBggrBgEFBQcDAww+Q2hpbmEgSW50ZXJuZXQgTmV0d29y +ayBJbmZvcm1hdGlvbiBDZW50ZXIgRVYgQ2VydGlmaWNhdGVzIFJvb3Q= +-----END TRUSTED CERTIFICATE----- + +# Cisco Root CA 2048 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDQzCCAiugAwIBAgIQX/h7KCtU3I1CoxW1aMmt/zANBgkqhkiG9w0BAQUFADA1 +MRYwFAYDVQQKEw1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENB +IDIwNDgwHhcNMDQwNTE0MjAxNzEyWhcNMjkwNTE0MjAyNTQyWjA1MRYwFAYDVQQK +Ew1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwNDgwggEg +MA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCwmrmrp68Kd6ficba0ZmKUeIhH +xmJVhEAyv8CrLqUccda8bnuoqrpu0hWISEWdovyD0My5jOAmaHBKeN8hF570YQXJ +FcjPFto1YYmUQ6iEqDGYeJu5Tm8sUxJszR2tKyS7McQr/4NEb7Y9JHcJ6r8qqB9q +VvYgDxFUl4F1pyXOWWqCZe+36ufijXWLbvLdT6ZeYpzPEApk0E5tzivMW/VgpSdH +jWn0f84bcN5wGyDWbs2mAag8EtKpP6BrXruOIIt6keO1aO6g58QBdKhTCytKmg9l +Eg6CTY5j/e/rmxrbU6YTYK/CfdfHbBcl1HP7R2RQgYCUTOG/rksc35LtLgXfAgED +o1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJ/PI +FR5umgIJFq0roIlgX9p7L6owEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEF +BQADggEBAJ2dhISjQal8dwy3U8pORFBi71R803UXHOjgxkhLtv5MOhmBVrBW7hmW +Yqpao2TB9k5UM8Z3/sUcuuVdJcr18JOagxEu5sv4dEX+5wW4q+ffy0vhN4TauYuX +cB7w4ovXsNgOnbFp1iqRe6lJT37mjpXYgyc81WhJDtSd9i7rp77rMKSsH0T8lasz +Bvt9YAretIpjsJyp8qS5UwGH0GikJ3+r/+n6yUA4iGe0OcaEb1fJU9u6ju7AQ7L4 +CYNu/2bPPu8Xs1gYJQk0XuPL1hS27PKSb3TkL4Eq1ZKR4OCXPDJoBYVL0fdX4lId +kxpUnwVwwEpxYB5DC2Ae/qPOgRnhCzUwIDAKBggrBgEFBQcDAwwSQ2lzY28gUm9v +dCBDQSAyMDQ4 +-----END TRUSTED CERTIFICATE----- + +# Class 1 Primary CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDkjCCAnqgAwIBAgIRAIb+HV/DgfhH1zMsc5R1ezcwDQYJKoZIhvcNAQEFBQAw +PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz +cyAxIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwMTAwWhcNMjAwNzA2MjM1OTU5WjA9 +MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz +IDEgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMNr +Kcgux658UgXpk4lWClp5yczcJe+Hii0F2IEXBBs6Rfh5Dg1J1IFByKtF+3XIFfLi +0LzZYWyEpBMZp9n58kncTA/GfVe0E9weCXEpNp2AWPQb2IkU69PSk0sq8XfnamW9 +GeWq/QxKY+HCmbQPBLZaGzY8Nzy/xeVe8V9XDh/H/Szn5G9qm2KWORGbZvAstlLc +4Sf/223+66tjFB1jiGPiFgz5IFQPm90VanaDT70ni1OmN9KH8kdQUjtm6dF4Ghuy +O2nwWTw4W9EqTDNeDspWpe0tW4KDTdY4TopWtmovJGsSMKYq3q8Mu6pEEhwTxWUP +4/3YGjFL5D8MfEXoFjMCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud +DwQEAwIBBjAdBgNVHQ4EFgQUIy7f6YG00IT9jrup3fkMo+PzSVMwEQYJYIZIAYb4 +QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu +Y29tL0NSTC9jbGFzczEuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC+JlPWXp+QPwGU +AuwIwYia0Kf6UA3a/JQdqNRQI9CfHIthsbKqRA+s2BMN1dah6DF40O8eg0Ca5f1B +6ZL97qOVkPPAuG9+9zSlod88895WssffhyZEx+KDuRNvMEVxKSIVq8TbP0/zd/mZ +GDT1c5J9N2ZnSW4zmk0plIu9UDljZQ8Q53sQatFH+Z4lDCcpwtsIiOeqiTpFqp9J +sn3qaIpA/pHBwkn/IdFnDhoSHUouHPuU+W07eTL5HimRCkKWRfHvylgPcp0MqYO8 +Mt2YBNFZ4WQXvcyBowNelmDlfxY4CmvR+rOEnSrKPvtC+E/op1soGRit4KZmHrAp +IfK4mY//MCAwCgYIKwYBBQUHAwMMEkNsYXNzIDEgUHJpbWFyeSBDQQ== +-----END TRUSTED CERTIFICATE----- + +# ComSign Advanced Security CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIGGzCCBAOgAwIBAgIQel3pM9AEnrNKGhd0yxabbTANBgkqhkiG9w0BAQUFADAn +MSUwIwYDVQQDExxDb21TaWduIEFkdmFuY2VkIFNlY3VyaXR5IENBMB4XDTA0MDMy +NDIxNTIwNFoXDTI5MDMyNDIxNTU1NVowJzElMCMGA1UEAxMcQ29tU2lnbiBBZHZh +bmNlZCBTZWN1cml0eSBDQTCCAiAwDQYJKoZIhvcNAQEBBQADggINADCCAggCggIB +AJ2cXDsBhFda9Cv+bRSybLftkNf7V0Ogz2AbWS9NUWA9HEmiakFjq7jtZr5ARo2q +kls9LivBYZhUbLxMq2n6jUVFgSoabfiz+A9jy4587VQpoxQY/OHJsdhUupzKKhvQ +rMKJGBZK/koE0tKbtYeGwcl7HzYWRbnwuobCd4ozMUKizgxyPRLlkTj0J2dhTMzi +9U0sEvDNs4TBCXWfAE/4d9PzMm+Bjxd+O5tr8x7n+pNPDC6X3XBYE33zkYONoj0x +2mPjOXZ2M+bUZg2UjhWUnDh73HEf2rXg15dagnTeOwba78Ur8WjdJ1P4ueyMD1Mi +5DmC5PmuYfwYKH7Haelo9H7g0bzgbcjW0atEMWG07Hg1LEbe6PO2PJizqRwHSpjN +RyaC8NSR7xCT52jmUmqXfrkglxf6GTKUI57Hc7JI6Ji193VWoEudd6gaKXQ4WODI +zbEzGy/+mJN4BQF0q65CxRsdL3xBfKXTYKpQwfPIiEFY9rWSGP2uZo6c5zua0bfb +2sdMyyIbSj9g3zn22uquzIeVuFKbWp1RRQx27ylBpQq5+F7EvSxMNEhH1YvIzM/R +O1jlesb9Iex3Ka/zWlQOqaRkfPdc0aET5TvUW0sAlMnLDd0ET9tosrdnI/ZhpawP +OT6awy+pZMMShZqkolLUefy6I6sJGu09mZ3Z5yj4D1BPAgEDo4IBQzCCAT8wCwYD +VR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOn6J+XtSyFwZNZx +qnzlghww0g16ME0GA1UdHwRGMEQwQqBAoD6GPGh0dHA6Ly9mZWRpci5jb21zaWdu +LmNvLmlsL2NybC9Db21TaWduQWR2YW5jZWRTZWN1cml0eUNBLmNybDAQBgkrBgEE +AYI3FQEEAwIBADBCBgNVHSAEOzA5MDcGCSoDBAUGBwgJCjAqMCgGCCsGAQUFBwIB +FhxodHRwOi8vd3d3LmNvbXNpZ24uY28uaWwvY3BzMFsGCCsGAQUFBwEBBE8wTTBL +BggrBgEFBQcwAoY/aHR0cDovL2ZlZGlyLmNvbXNpZ24uY28uaWwvY2FjZXJ0L0Nv +bVNpZ25BZHZhbmNlZFNlY3VyaXR5Q0EuY3J0MA0GCSqGSIb3DQEBBQUAA4ICAQCc +jV2aBhGhbhYYT8uyAjuSjx0mpcvrSO5VHaoQ4GlOwf4yAN4Pzg20Y7zgYhrg9/Wp +5clUFItA+K3zbQLsjnvcpXmSAbX/oVljORG1vlKudNrZIaMS2MeV+NtvVlW/lRK9 +MiPHyWxlAe/7dI67JIZPfd3wWo87hIx5dSn0hrbTwQxZFcIDV6s9SNcsRZRA3OCp +S1/MENeWv6mcAypk8rx++KWnmZEnBf5Jp9itCoY2PA49puF8aoERe0W7aI01Mf0m +U0E+PG5rHtirLYmBmcYfl/Na9R9hvf4VWZMK3vpR+kbfRvT8YmxYowzeyRkewBxb +ODtBjwUxDq7tLF23D9w5xF8is6WyWDAkv/kJrfCWGzdvQGb+tyqJ1cbjfgNYsH04 +5oqrP/WB8wpBdwJz7adU3QcxXLa1dpJ0d7lvpgm6Dt0M53bES77LO9VFwInjK3d6 +YpjDW/x9V16O7t0bUCFtkb8ZXI+XeSrBi2Fvql5S9elPNJgwvRwHw7fEfIHZo0My +ZsYtvDlbqV2J6wQrRJVH+VL0TwXuoypjEQ0eusT4SltQQFF3LvTk3/EDFOZ5adpY +RIJYFIORNAPXem1q0TIiKZEbGuQLvTIVJyC/Gm9SgtP5L0kPkGwBgEmuGO4yLM4R +x/6gBJholPD8i8Usb4f92cLEHOktzA6sn/Xx/JI4jTAqMAoGCCsGAQUFBwMDDBxD +b21TaWduIEFkdmFuY2VkIFNlY3VyaXR5IENB +-----END TRUSTED CERTIFICATE----- + +# ComSign CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDkzCCAnugAwIBAgIQFBOWgxRVjOp7Y+X8NId3RDANBgkqhkiG9w0BAQUFADA0 +MRMwEQYDVQQDEwpDb21TaWduIENBMRAwDgYDVQQKEwdDb21TaWduMQswCQYDVQQG +EwJJTDAeFw0wNDAzMjQxMTMyMThaFw0yOTAzMTkxNTAyMThaMDQxEzARBgNVBAMT +CkNvbVNpZ24gQ0ExEDAOBgNVBAoTB0NvbVNpZ24xCzAJBgNVBAYTAklMMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ORUaSvTx49qROR+WCf4C9DklBKK +8Rs4OC8fMZwG1Cyn3gsqrhqg455qv588x26i+YtkbDqthVVRVKU4VbirgwTyP2Q2 +98CNQ0NqZtH3FyrV7zb6MBBC11PN+fozc0yz6YQgitZBJzXkOPqUm7h65HkfM/sb +2CEJKHxNGGleZIp6GZPKfuzzcuc3B1hZKKxC+cX/zT/npfo4sdAMx9lSGlPWgcxC +ejVb7Us6eva1jsz/D3zkYDaHL63woSV9/9JLEYhwVKZBqGdTUkJe5DSe5L6j7Kpi +Xd3DTKaCQeQzC6zJMw9kglcq/QytNuEMrkvF7zuZ2SOzW120V+x0cAwqTwIDAQAB +o4GgMIGdMAwGA1UdEwQFMAMBAf8wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2Zl +ZGlyLmNvbXNpZ24uY28uaWwvY3JsL0NvbVNpZ25DQS5jcmwwDgYDVR0PAQH/BAQD +AgGGMB8GA1UdIwQYMBaAFEsBmz5WGmU2dst7l6qSBe4y5ygxMB0GA1UdDgQWBBRL +AZs+VhplNnbLe5eqkgXuMucoMTANBgkqhkiG9w0BAQUFAAOCAQEA0Nmlfv4pYEWd +foPPbrxHbvUanlR2QnG0PFg/LUAlQvaBnPGJEMgOqnhPOAlXsDzACPw1jvFIUY0M +cXS6hMTXcpuEfDhOZAYnKuGntewImbQKDdSFc8gS4TXt8QUxHXOZDOuWyt3T5oWq +8Ir7dcHyCTxlZWTzTNity4hp8+SDtwy9F1qWF8pb/627HOkthIDYIb6FUtnUdLlp +hbpN7Sgy6/lhSuTENh4Z3G+EER+V9YMoGKgzkkMn3V0TBEVPh9VGzT2ouvDzuFYk +Res3x+F2T3I5GN9+dHLHcy056mDmrRGiVod7w2ia/viMcKjfZTL0pECMocJEAw6U +AGegcQCCSDAYMAoGCCsGAQUFBwMDDApDb21TaWduIENB +-----END TRUSTED CERTIFICATE----- + +# ComSign Secured CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDqzCCApOgAwIBAgIRAMcoRwmzuGxFjB36JPU2TukwDQYJKoZIhvcNAQEFBQAw +PDEbMBkGA1UEAxMSQ29tU2lnbiBTZWN1cmVkIENBMRAwDgYDVQQKEwdDb21TaWdu +MQswCQYDVQQGEwJJTDAeFw0wNDAzMjQxMTM3MjBaFw0yOTAzMTYxNTA0NTZaMDwx +GzAZBgNVBAMTEkNvbVNpZ24gU2VjdXJlZCBDQTEQMA4GA1UEChMHQ29tU2lnbjEL +MAkGA1UEBhMCSUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGtWhf +HZQVw6QIVS3joFd67+l0Kru5fFdJGhFeTymHDEjWaueP1H5XJLkGieQcPOqs49oh +gHMhCu95mGwfCP+hUH3ymBvJVG8+pSjsIQQPRbsHPaHA+iqYHU4Gk/v1iDurX8sW +v+bznkqH7Rnqwp9D5PGBpX8QTz7RSmKtUxvLg/8HZaWSLWapW7ha9B20IZFKF3ue +Mv5WJDmyVIRD9YTC2LxBkMyd1mja6YJQqTtoz7VdApRgFrFD2UNd3V2Hbuq7s8lr +9gOUCXDeFhF6K+h2j0kQmHe5Y1yLM5d19guMsqtb3nQgJT/j8xH5h2iGNXHDHYwt +6+UarA9z1YJZQIDTAgMBAAGjgacwgaQwDAYDVR0TBAUwAwEB/zBEBgNVHR8EPTA7 +MDmgN6A1hjNodHRwOi8vZmVkaXIuY29tc2lnbi5jby5pbC9jcmwvQ29tU2lnblNl +Y3VyZWRDQS5jcmwwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFMFL7XC29z58 +ADsAj8c+DkWfHl3sMB0GA1UdDgQWBBTBS+1wtvc+fAA7AI/HPg5Fnx5d7DANBgkq +hkiG9w0BAQUFAAOCAQEAFs/ukhNQq3sUnjO2QiBq1BW9Cav8cujvR3qQrFHBZE7p +iL1DRYHjZiM/EoZNGeQFsOY3wo3aBijJD4mkU6l1P7CW+6tMM1X5eCZGbxs2mPtC +dsGCuY7e+0X5YxtiOzkGynd6qDwJz2w2PQ8KRUtpFhpFfTMDZflScZAmlaxMDPWL +kz/MdXSFmLr/YnpNH4n+rr2UAJm/EaXc4HnFFgt9AmEd6oX5AhVP51qJThRv4zdL +hfXBPGHg/QVBspJ/wx2g0K5SZGBrGMYmnNj1ZOQ2GmKfig8+/21OGVZOIJFsnzQz +OjRXUDpvgV4GxvU+fE6OK85lBi5d0ipTdF7TbieejzAgMAoGCCsGAQUFBwMDDBJD +b21TaWduIFNlY3VyZWQgQ0E= +-----END TRUSTED CERTIFICATE----- + +# Common Policy +-----BEGIN TRUSTED CERTIFICATE----- +MIIDoTCCAomgAwIBAgIQKTZHquOKrIZKI1byyrdhrzANBgkqhkiG9w0BAQUFADBO +MQswCQYDVQQGEwJ1czEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQ0wCwYDVQQL +EwRGQkNBMRYwFAYDVQQDEw1Db21tb24gUG9saWN5MB4XDTA3MTAxNTE1NTgwMFoX +DTI3MTAxNTE2MDgwMFowTjELMAkGA1UEBhMCdXMxGDAWBgNVBAoTD1UuUy4gR292 +ZXJubWVudDENMAsGA1UECxMERkJDQTEWMBQGA1UEAxMNQ29tbW9uIFBvbGljeTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJeNvTMn5K1b+3i9L0dHbsd4 +6ZOcpN7JHP0vGzk4rEcXwH53KQA7Ax9oD81Npe53uCxiazH2+nIJfTApBnznfKM9 +hBiKHa4skqgf6F5PjY7rPxr4nApnnbBnTfAu0DDew5SwoM8uCjR/VAnTNr2kSVdS +c+md/uRIeUYbW40y5KVIZPMiDZKdCBW/YDyD90ciJSKtKXG3d+8XyaK2lF7IMJCk +FEhcVlcLQUwF1CpMP64Sm1kRdXAHImktLNMxzJJ+zM2kfpRHqpwJCPZLr1LoakCR +xVW9QLHIbVeGlRfmH3O+Ry4+i0wXubklHKVSFzYIWcBCvgortFZRPBtVyYyQd+sC +AwEAAaN7MHkwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFC9Yl9ipBZilVh/72at17wI8NjTHMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJ +KwYBBAGCNxUCBBYEFHa3YJbdFFYprHWF03BjwbxHhhyLMA0GCSqGSIb3DQEBBQUA +A4IBAQBgrvNIFkBypgiIybxHLCRLXaCRc+1leJDwZ5B6pb8KrbYq+Zln34PFdx80 +CTj5fp5B4Ehg/uKqXYeI6oj9XEWyyWrafaStsU+/HA2fHprA1RRzOCuKeEBuMPdi +4c2Z/FFpZ2wR3bgQo2jeJqVW/TZsN5hs++58PGxrcD/3SDcJjwtCga1GRrgLgwb0 +Gzigf0/NC++DiYeXHIowZ9z9VKEDfgHLhUyxCynDvux84T8PCVI8L6eaSP436REG +WOE2QYrEtr+O3c5Ks7wawM36GpnScZv6z7zyxFSjiDV2zBssRm8MtNHDYXaSdBHq +S4CNHIkRi+xb/xfJSPzn4AYR4oReMBswCgYIKwYBBQUHAwMMDUNvbW1vbiBQb2xp +Y3k= +-----END TRUSTED CERTIFICATE----- + +# Comodo AAA Services root +-----BEGIN TRUSTED CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbjA6MB4GCCsGAQUFBwMEBggrBgEFBQcDAQYI +KwYBBQUHAwMMGENvbW9kbyBBQUEgU2VydmljZXMgcm9vdA== +-----END TRUSTED CERTIFICATE----- + +# Configuration +-----BEGIN TRUSTED CERTIFICATE----- +MIIHHzCCBgegAwIBAgIESPx+9TANBgkqhkiG9w0BAQUFADCBrjESMBAGCgmSJomT +8ixkARkWAnJzMRUwEwYKCZImiZPyLGQBGRYFcG9zdGExEjAQBgoJkiaJk/IsZAEZ +FgJjYTEWMBQGA1UEAxMNQ29uZmlndXJhdGlvbjERMA8GA1UEAxMIU2VydmljZXMx +HDAaBgNVBAMTE1B1YmxpYyBLZXkgU2VydmljZXMxDDAKBgNVBAMTA0FJQTEWMBQG +A1UEAxMNUG9zdGEgQ0EgUm9vdDAeFw0wODEwMjAxMjIyMDhaFw0yODEwMjAxMjUy +MDhaMIGuMRIwEAYKCZImiZPyLGQBGRYCcnMxFTATBgoJkiaJk/IsZAEZFgVwb3N0 +YTESMBAGCgmSJomT8ixkARkWAmNhMRYwFAYDVQQDEw1Db25maWd1cmF0aW9uMREw +DwYDVQQDEwhTZXJ2aWNlczEcMBoGA1UEAxMTUHVibGljIEtleSBTZXJ2aWNlczEM +MAoGA1UEAxMDQUlBMRYwFAYDVQQDEw1Qb3N0YSBDQSBSb290MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPK9iL7Ar0S+m0qiYxzWVqsdKbIcqhUeRdGs +naBh1TX55FqDNmND3jhXFfzwlGL0B4BXg1eosxW8+00jeF/a9seBFr6r3+fcg1Nz +K7bdY4iNRfMN3X2/6IiwZsFDXTfSbaGcmkbDsz/QwqCKlC6DpjzDYL0szB6LY4J2 +QSjkFWtcDGE5VThByshm6Me4l1IQJnC3B7cJHqYTXq6ZWiZvZD3sxNOluVx2ZK1j +fYiD4kvMDd7UxtMIQvVbF/Vx4ZEtA5+eHNyLcqToR2QQh2Qwc9jytPFXJpNXy7bH +DYiLHc8FMF0E1nY36CAyV78PnDPGCIz2tMKpBrBbMKEeLRK6PwIDAQABo4IDQTCC +Az0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgboGA1UdIASBsjCB +rzCBrAYLKwYBBAH6OAoKAQEwgZwwMAYIKwYBBQUHAgEWJGh0dHA6Ly93d3cuY2Eu +cG9zdGEucnMvZG9rdW1lbnRhY2lqYTBoBggrBgEFBQcCAjBcGlpPdm8gamUgZWxl +a3Ryb25za2kgc2VydGlmaWthdCBST09UIENBIHNlcnZlcmEgU2VydGlmaWthY2lv +bm9nIHRlbGEgUG9zdGU6ICJQb3N0YSBDQSBSb290Ii4wEQYJYIZIAYb4QgEBBAQD +AgAHMIIBvAYDVR0fBIIBszCCAa8wgcmggcaggcOkgcAwgb0xEjAQBgoJkiaJk/Is +ZAEZFgJyczEVMBMGCgmSJomT8ixkARkWBXBvc3RhMRIwEAYKCZImiZPyLGQBGRYC +Y2ExFjAUBgNVBAMTDUNvbmZpZ3VyYXRpb24xETAPBgNVBAMTCFNlcnZpY2VzMRww +GgYDVQQDExNQdWJsaWMgS2V5IFNlcnZpY2VzMQwwCgYDVQQDEwNBSUExFjAUBgNV +BAMTDVBvc3RhIENBIFJvb3QxDTALBgNVBAMTBENSTDEwgeCggd2ggdqGgaNsZGFw +Oi8vbGRhcC5jYS5wb3N0YS5ycy9jbj1Qb3N0YSUyMENBJTIwUm9vdCxjbj1BSUEs +Y249UHVibGljJTIwS2V5JTIwU2VydmljZXMsY249U2VydmljZXMsY249Q29uZmln +dXJhdGlvbixkYz1jYSxkYz1wb3N0YSxkYz1ycz9jZXJ0aWZpY2F0ZVJldm9jYXRp +b25MaXN0JTNCYmluYXJ5hjJodHRwOi8vc2VydGlmaWthdGkuY2EucG9zdGEucnMv +Y3JsL1Bvc3RhQ0FSb290LmNybDArBgNVHRAEJDAigA8yMDA4MTAyMDEyMjIwOFqB +DzIwMjgxMDIwMTI1MjA4WjAfBgNVHSMEGDAWgBTyy43iNe8QQ8Tae8r664kDoSKv +uDAdBgNVHQ4EFgQU8suN4jXvEEPE2nvK+uuJA6Eir7gwHQYJKoZIhvZ9B0EABBAw +DhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQBwRqHI5BcFZg+d4kMx +SB2SkBnEhQGFFm74ks57rlIWxJeNCih91cts49XlDjJPyGgtNAg9c6iTQikzRgxE +Z/HQmpxpAeWR8Q3JaTwzS04Zk2MzBSkhodj/PlSrnvahegLX3P+lPlR4+dPByhKV ++YmeFOLyoUSyy+ktdTXMllW7OAuIJtrWrO/TUqILSzpT2ksiU8zKKiSaYqrEMpp+ +3MzBsmzNj9m0wM/1AsCMK4RbG0C8ENBQ4WHWZlaaBJGl49W9oC4igbHZONrkqIdf +PEYElt7Jmju/rXhsHUlJtGm5cA8Fkla2/a+u+CAtRyPPthzNxJuATvm/McBUvrsx +f/M+MBswCgYIKwYBBQUHAwMMDUNvbmZpZ3VyYXRpb24= +-----END TRUSTED CERTIFICATE----- + +# Correo Uruguayo - Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIGGjCCBAKgAwIBAgIQAMoieQgjKvD1griF02Pd8TANBgkqhkiG9w0BAQUFADB/ +MQswCQYDVQQGEwJVWTErMCkGA1UECgwiQURNSU5JU1RSQUNJT04gTkFDSU9OQUwg +REUgQ09SUkVPUzEfMB0GA1UECwwWU0VSVklDSU9TIEVMRUNUUk9OSUNPUzEiMCAG +A1UEAwwZQ29ycmVvIFVydWd1YXlvIC0gUm9vdCBDQTAeFw0wODA3MTQxNjUyMTVa +Fw0zMDEyMzEwMjU5NTlaMH8xCzAJBgNVBAYTAlVZMSswKQYDVQQKDCJBRE1JTklT +VFJBQ0lPTiBOQUNJT05BTCBERSBDT1JSRU9TMR8wHQYDVQQLDBZTRVJWSUNJT1Mg +RUxFQ1RST05JQ09TMSIwIAYDVQQDDBlDb3JyZW8gVXJ1Z3VheW8gLSBSb290IENB +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsT3SpyVwl4N4DtcyyWYO +eCPkKhvsw+9ThYO7ys9+6lOZbSdVyNE4IUBuSU3DPfYJKwYZQ6mYyQFO9KqAMAdV +8/W3fZm3c4XVHGVWbA0ymwgONGEqQAmEN8Nm7Q1MnAx4QDrs7avMpITydTGVQKiq +u5O1d5hs8sjgIVoj5EKnk8ioHTjOpBpAQL88k5CbX9aUwSJbRtfFABXVj8b33guv +bosFj1uAlQ6jvZPMkPJ940h+ss0HPRvtFJB08900H3zkA1nxLc3go6A7IS5crqwI +BlAVMTXuX/kfDTSlgG5ick/jIbo4QF1f22gqXDTGCDv2fC6ojcS3pq3Zm78ZQQ5I +OQlmbg00AcW7BxEjpNr+YJYoR9yPZ5sTr315DnjNwIwvuyEs/HQWHt7AMp36eDqG +uj7JeAoA0eTgyRLiW9zru4CaMjWr8DDDDkiEL40ICvYsjE0ygEVVCNvNDai/CHq4 +52hdmpSJlbz8mo64fzrYbNX0GKxp4qTBC7Mfo4Kf84o8hUA4CfrCBT7hnIn6wwVs +CI9dUfR/u8TzbAG9PU/EGYs52crM6XmIBFWrbbjaFkVlORUFGPsLLHMB7ZRS5X0M +ATsJoE3xPQiBZjQ2F0TwZ/Nb8gW2IZhY2fShN9lv5u9WxPu/VmICrDAwtgLW0hb8 +TuqHQ5poXYijkUYoK785FRUCAwEAAaOBkTCBjjAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUfbtp64hh4UDPRyNkAIaiZmvchJUwTAYD +VR0gBEUwQzBBBgRVHSAAMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly93d3cuY29ycmVv +LmNvbS51eS9jb3JyZW9jZXJ0L2Nwcy5wZGYwDQYJKoZIhvcNAQEFBQADggIBAFbf +E4m+YrcOgSFzpNQ3yu23L5V014n4S0eB7mftuCnfIaD8VGdnyFcsW6EKdXghIcqg +qN9rnNk2Ao24AcFvjntsyaSyxUapykwCgfqje509SObKQGbSRJ124FW5ppyn0UPY +9aC0nfj35aamQvMCMllGcisU7F5l1VGBeM6qL42WiXlq+w/IW8+0rpC2X+N8Ymy3 +pv+QgbWYkXMSMK/H6IECaHMpu1h1PbfWQ9WuTfJCufDf2jEAE9rhs7YGi1v9yZi4 +ohPRuo/BihqeD/+CvgSC5SuTPh61ogwbxhqwc4l2g7yOO7sXbRTDi759FSa1qZwX +elB6LevpmZSumBC97ipdXdaONFusHodga5jHh4/TnLJoBUkH+akxZpz+v6dZ6Czw +NtTyqBmCwJ6nOfmxmDSjH/rNyRkteN63/WLwk6P+AFvWCuTzfnyXKOEF7AU0RRP/ +KRNhiidP27jSkiEntYh3Z6h+zyQ8hwgEM3OPC7aG+M/vsqYkHguRkQBQFjIS2Akl +2mNO3dst1+cEa+NjH6n+qQFjxMpMFGiDvAWsWRb7bqEHb7tLvm2YSHYle0oRllQI +rKnzN6uDw9HNgZjA5UA1uJ+R52/mSyAWilN7rDrRmDVU0NS/rn6aSx7pdaMlsDvn +Zb9PlfQdvcS6yU2BUcI/WtkS9CEb1pXqPZD+qZPiMCcwCgYIKwYBBQUHAwMMGUNv +cnJlbyBVcnVndWF5byAtIFJvb3QgQ0E= +-----END TRUSTED CERTIFICATE----- + +# Cybertrust Global Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG +A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh +bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE +ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS +b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5 +7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS +J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y +HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP +t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz +FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY +XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw +hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js +MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA +A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj +Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx +XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o +omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc +A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW +WL1WMRJOEcgh4LMRkWXbtKaIOM5VMCQwCgYIKwYBBQUHAwMMFkN5YmVydHJ1c3Qg +R2xvYmFsIFJvb3Q= +-----END TRUSTED CERTIFICATE----- + +# D-TRUST BR Root CA 1 2020 +-----BEGIN TRUSTED CERTIFICATE----- +MIIC2zCCAmCgAwIBAgIQfMmPK4TX3+oPyWWa00tNljAKBggqhkjOPQQDAzBIMQsw +CQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRS +VVNUIEJSIFJvb3QgQ0EgMSAyMDIwMB4XDTIwMDIxMTA5NDUwMFoXDTM1MDIxMTA5 +NDQ1OVowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAG +A1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDEgMjAyMDB2MBAGByqGSM49AgEGBSuB +BAAiA2IABMbLxyjR+4T1mu9CFCDhQ2tuda38KwOE1HaTJddZO0Flax7mNCq7dPYS +zuht56vkPE4/RAiLzRZxy7+SmfSk1zxQVFKQhYN4lGdnoxwJGT11NIXe7WB9xwy0 +QVK5buXuQqOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHOREKv/ +VbNafAkl1bK6CKBrqx9tMA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6g +PKA6hjhodHRwOi8vY3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X2JyX3Jvb3Rf +Y2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5l +dC9DTj1ELVRSVVNUJTIwQlIlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxPPUQtVHJ1 +c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjO +PQQDAwNpADBmAjEAlJAtE/rhY/hhY+ithXhUkZy4kzg+GkHaQBZTQgjKL47xPoFW +wKrY7RjEsK70PvomAjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHV +dWNbFJWcHwHP2NVypw87MCcwCgYIKwYBBQUHAwEMGUQtVFJVU1QgQlIgUm9vdCBD +QSAxIDIwMjA= +-----END TRUSTED CERTIFICATE----- + +# D-TRUST EV Root CA 1 2020 +-----BEGIN TRUSTED CERTIFICATE----- +MIIC2zCCAmCgAwIBAgIQXwJB13qHfEwDo6yWjfv/0DAKBggqhkjOPQQDAzBIMQsw +CQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRS +VVNUIEVWIFJvb3QgQ0EgMSAyMDIwMB4XDTIwMDIxMTEwMDAwMFoXDTM1MDIxMTA5 +NTk1OVowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAG +A1UEAxMZRC1UUlVTVCBFViBSb290IENBIDEgMjAyMDB2MBAGByqGSM49AgEGBSuB +BAAiA2IABPEL3YZDIBnfl4XoIkqbz52Yv7QFJsnL46bSj8WeeHsxiamJrSc8ZRCC +/N/DnU7wMyPE0jL1HLDfMxddxfCxivnvubcUyilKwg+pf3VlSSowZ/Rk99Yad9rD +wpdhQntJraOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFH8QARY3 +OqQo5FD4pPfsazK2/umLMA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6g +PKA6hjhodHRwOi8vY3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X2V2X3Jvb3Rf +Y2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5l +dC9DTj1ELVRSVVNUJTIwRVYlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxPPUQtVHJ1 +c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjO +PQQDAwNpADBmAjEAyjzGKnXCXnViOTYAYFqLwZOZzNnbQTs7h5kXO9XMT8oi96CA +y/m0sRtW9XLS/BnRAjEAkfcwkz8QRitxpNA7RJvAKQIFskF3UfN5Wp6OFKBOQtJb +gfM0agPnIjhQW+0ZT0MWMCcwCgYIKwYBBQUHAwEMGUQtVFJVU1QgRVYgUm9vdCBD +QSAxIDIwMjA= +-----END TRUSTED CERTIFICATE----- + +# D-TRUST Root CA 3 2013 +-----BEGIN TRUSTED CERTIFICATE----- +MIIEDjCCAvagAwIBAgIDD92sMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxHzAdBgNVBAMMFkQtVFJVU1QgUm9vdCBD +QSAzIDIwMTMwHhcNMTMwOTIwMDgyNTUxWhcNMjgwOTIwMDgyNTUxWjBFMQswCQYD +VQQGEwJERTEVMBMGA1UECgwMRC1UcnVzdCBHbWJIMR8wHQYDVQQDDBZELVRSVVNU +IFJvb3QgQ0EgMyAyMDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +xHtCkoIf7O1UmI4SwMoJ35NuOpNcG+QQd55OaYhs9uFp8vabomGxvQcgdJhl8Ywm +CM2oNcqANtFjbehEeoLDbF7eu+g20sRoNoyfMr2EIuDcwu4QRjltr5M5rofmw7wJ +ySxrZ1vZm3Z1TAvgu8XXvD558l++0ZBX+a72Zl8xv9Ntj6e6SvMjZbu376Ml1wrq +WLbviPr6ebJSWNXwrIyhUXQplapRO5AyA58ccnSQ3j3tYdLl4/1kR+W5t0qp9x+u +loYErC/jpIF3t1oW/9gPP/a3eMykr/pbPBJbqFKJcu+I89VEgYaVI5973bzZNO98 +lDyqwEHC451QGsDkGSL8swIDAQABo4IBBTCCAQEwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUP5DIfccVb/Mkj6nDL0uiDyGyL+cwDgYDVR0PAQH/BAQDAgEGMIG+ +BgNVHR8EgbYwgbMwdKByoHCGbmxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQv +Q049RC1UUlVTVCUyMFJvb3QlMjBDQSUyMDMlMjAyMDEzLE89RC1UcnVzdCUyMEdt +YkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MDugOaA3hjVodHRwOi8v +Y3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2FfM18yMDEzLmNybDAN +BgkqhkiG9w0BAQsFAAOCAQEADlkOWOR0SCNEzzQhtZwUGq2aS7eziG1cqRdw8Cqf +jXv5e4X6xznoEAiwNStfzwLS05zICx7uBVSuN5MECX1sj8J0vPgclL4xAUAt8yQg +t4RVLFzI9XRKEBmLo8ftNdYJSNMOwLo5qLBGArDbxohZwr78e7Erz35ih1WWzAFv +m2chlTWL+BD8cRu3SzdppjvW7IvuwbDzJcmPkn2h6sPKRL8mpXSSnON065102ctN +h9j8tGlsi6BDB2B4l+nZk3zCRrybN1Kj7Yo8E6l7U0tJmhEFLAtuVqwfLoJs4Gln +tQ5tLdnkwBXxP/oYcuEVbSdbLTAoK59ImmQrme/ydUlfXDAkMAoGCCsGAQUFBwME +DBZELVRSVVNUIFJvb3QgQ0EgMyAyMDEz +-----END TRUSTED CERTIFICATE----- + +# D-TRUST Root Class 2 CA 2007 +-----BEGIN TRUSTED CERTIFICATE----- +MIIElTCCA32gAwIBAgIDAw6VMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJTAjBgNVBAMMHEQtVFJVU1QgUm9vdCBD +bGFzcyAyIENBIDIwMDcwHhcNMDcwNTE2MDUyMDQ3WhcNMjIwNTE2MDUyMDQ3WjBL +MQswCQYDVQQGEwJERTEVMBMGA1UECgwMRC1UcnVzdCBHbWJIMSUwIwYDVQQDDBxE +LVRSVVNUIFJvb3QgQ2xhc3MgMiBDQSAyMDA3MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAs83khBVJ+OTWzoSzmq32MHWQDYTr7tqzenUq4juk6jAs6z13 +jYGEaEqmpGjckHNhNGUHHSOlDOa/090zXdoy7aYNU6Z0alwZWaZMtS95AV6ef0r6 +usknftT/zQBZIOsGzLNEz9aF6e07DGzB6oxc4LmpAvATACeTnFD+zRNPbRtqqt0P +/0YlGdzhXlCsGn8Oy9ruIPzD9JxKeDVu7jHHRRZyhdKCINtSRXw8v1lX+Yd0Vphb +HVCOzC+zsz+L7uw3SQGI79ghDJPT9m6JT7oXy0SBt3unI7t0CtPY6jdFJ//c8J5D +47p7ihuafemGoP4v0db2h1eq8imUh3MV+mpOrQIDAQABo4IBgDCCAXwwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQUkTCr9vPGRLfr3Si8DxSfUl1ifwIwOQYIKwYB +BQUHAQEELTArMCkGCCsGAQUFBzABhh1odHRwOi8vdXNlcnMub2NzcC5kLXRydXN0 +Lm5ldDAzBgNVHREELDAqgRBpbmZvQGQtdHJ1c3QubmV0hhZodHRwOi8vd3d3LmQt +dHJ1c3QubmV0MA4GA1UdDwEB/wQEAwIBBjCByQYDVR0fBIHBMIG+MIG7oIG4oIG1 +hnZsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290 +JTIwQ2xhc3MlMjAyJTIwQ0ElMjAyMDA3LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9j +ZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0hjtodHRwOi8vd3d3LmQtdHJ1c3QubmV0 +L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfMl9jYV8yMDA3LmNybDANBgkqhkiG9w0B +AQUFAAOCAQEAW4vyQ+MFLmQf1ZKpUWtk/A5GzAeZ4rf8kykg3PwvYOSsfSUy7RDh +D2/b8rxO7kHJs9QHSHoKr6S2/1Ew7cvSnOt/UO5L4mKnNMIg9vP29TbAy5EQ6+0u +jfQHGiEMNXf0fC2NSaXXC0Ro1dLi5Qx4OBPKsUxSqirl1a9cBTmdLa2+I1bVL1Xz +3p2rgjagTbdZkUfu3oOl6jteJwWAC20sUPQBN9Wjdxfs/t2E9MX4UJLQS8Yuo4tA +5MM3o3e9zixV4qzfXWQAur6najEG/JlrUBUlnal2mqdNKpoCY+tw5/4RJtAYxaYf +CkOT8hjZ9Tl5uAddjB/mP/PFyyFmMXt7zzAqMAoGCCsGAQUFBwMDDBxELVRSVVNU +IFJvb3QgQ2xhc3MgMiBDQSAyMDA3 +-----END TRUSTED CERTIFICATE----- + +# D-TRUST Root Class 3 CA 2007 +-----BEGIN TRUSTED CERTIFICATE----- +MIIElTCCA32gAwIBAgIDAw6WMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJTAjBgNVBAMMHEQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIwMDcwHhcNMDcwNTE2MDUyMDQ3WhcNMjIwNTE2MDUyMDQ3WjBL +MQswCQYDVQQGEwJERTEVMBMGA1UECgwMRC1UcnVzdCBHbWJIMSUwIwYDVQQDDBxE +LVRSVVNUIFJvb3QgQ2xhc3MgMyBDQSAyMDA3MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuo3NNVMy7qa9SJCa8uroWA9HZqjMbgkS5KHLW9+TuPbpOTn4 +xtjpzxqGvKauD4yvCEXj8o4rwlxZK/qMNrNwHchQPKVWvuqu6Uf250kPr3+UJtQC +Gge4ujlVzp+7Ijkp2DXFmQMh2Kc4Y/HkNN9Hrp838WygmcIisG1y3CLJMTnoVteg +jzohW4aaTyj5HHb3zE8/+U53iyqciqp5QYrVHNk5b5jJXkWXHQmUGdlQUYVyc7+s +S510NHGHIRYPfu7SSX7KSdP5kipHSE8PXVqhy9Uo7PCSxXJDRuuzA6bzVyVKCmGE +CibW76a42BSNeLnTtyXRTuNaFqrsnwfuIxB9tQIDAQABo4IBgDCCAXwwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQUgi82I0l4IELXsFJYoNZ0VBV4v6owOQYIKwYB +BQUHAQEELTArMCkGCCsGAQUFBzABhh1odHRwOi8vdXNlcnMub2NzcC5kLXRydXN0 +Lm5ldDAzBgNVHREELDAqgRBpbmZvQGQtdHJ1c3QubmV0hhZodHRwOi8vd3d3LmQt +dHJ1c3QubmV0MA4GA1UdDwEB/wQEAwIBBjCByQYDVR0fBIHBMIG+MIG7oIG4oIG1 +hnZsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290 +JTIwQ2xhc3MlMjAzJTIwQ0ElMjAyMDA3LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9j +ZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0hjtodHRwOi8vd3d3LmQtdHJ1c3QubmV0 +L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yMDA3LmNybDANBgkqhkiG9w0B +AQUFAAOCAQEAVQ5oCo3c2aiGYAJpeY196ZDC2R0dtQ67c5JkYxRGTNBqu6N1XYYZ +OGGGHbiKIjSjtDUVs6lgTFQXn7HeWzLifmveTyLwLR0iBJ62Sk+rLFad493ssSZO +KtdVwj69gte+VbtFyClbhjydP2hEREQ2DWi/rgGiGbVMl//yljxnskLeD+Ggl07K +5zRlrpWCYWcmcy3de+eVSw4hqpKuTPzGs6nlmYMyOfBgwkxRqMFHFDWJpU02D58b +AnFBjUJKJPivbp0NcIaNqmITHgOLJPnDVJNJhRt1dmJ/Iv9JvXZzDD+YrSqy+ufF +33T1/2kxVQo6wBliNcRJuSsZHfRwme7Y3DAqMAoGCCsGAQUFBwMDDBxELVRSVVNU +IFJvb3QgQ2xhc3MgMyBDQSAyMDA3 +-----END TRUSTED CERTIFICATE----- + +# D-TRUST Root Class 3 CA 2 2009 +-----BEGIN TRUSTED CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha +ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM +HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 +UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 +tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R +ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM +lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp +/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G +A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy +MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl +cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js +L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL +BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni +acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K +zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 +PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y +Johw1+qRzT65ysCQblrGXnRl11z+o+IwNjAUBggrBgEFBQcDAQYIKwYBBQUHAwMM +HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOQ== +-----END TRUSTED CERTIFICATE----- + +# D-TRUST Root Class 3 CA 2 EV 2009 +-----BEGIN TRUSTED CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw +NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV +BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn +ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 +3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z +qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR +p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 +HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw +ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea +HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw +Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh +c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E +RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt +dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku +Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp +3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF +CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na +xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX +KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1MDkwFAYIKwYB +BQUHAwEGCCsGAQUFBwMDDCFELVRSVVNUIFJvb3QgQ2xhc3MgMyBDQSAyIEVWIDIw +MDk= +-----END TRUSTED CERTIFICATE----- + +# DIGITALSIGN GLOBAL ROOT ECDSA CA +-----BEGIN TRUSTED CERTIFICATE----- +MIICajCCAfCgAwIBAgIUNi2PcoiiKCfkAP8kxi3k6/qdtuEwCgYIKoZIzj0EAwMw +ZDELMAkGA1UEBhMCUFQxKjAoBgNVBAoMIURpZ2l0YWxTaWduIENlcnRpZmljYWRv +cmEgRGlnaXRhbDEpMCcGA1UEAwwgRElHSVRBTFNJR04gR0xPQkFMIFJPT1QgRUNE +U0EgQ0EwHhcNMjEwMTIxMTEwNzUwWhcNNDYwMTE1MTEwNzUwWjBkMQswCQYDVQQG +EwJQVDEqMCgGA1UECgwhRGlnaXRhbFNpZ24gQ2VydGlmaWNhZG9yYSBEaWdpdGFs +MSkwJwYDVQQDDCBESUdJVEFMU0lHTiBHTE9CQUwgUk9PVCBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABG4Lo6szTRzqSuj8BI0UoH3wCCxfg6uT0dJ7utdJ +fY/sElBf1LnL5fD5M2MfyVfsQNgRC5foUhbMKY70BoYeONw9V8Tuqr3IVAQmWicT +UUc9Hx8ajqiVpDPQzEfMbbj8SKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME +GDAWgBTOr0qLGnXi8TjnAvAWrV7qZNV7tDAdBgNVHQ4EFgQUzq9Kixp14vE45wLw +Fq1e6mTVe7QwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMAqIxHGc +RANNjbTHvKiu2TAnNWprFmPX/OdZ4aeJG0wxmiNVRObzQyHVRydvbVcBqgIxAPuy +6uKXf1G1n0jrvG81iahkcKtXds3AxhRgyn/iggBz98w16o4km+UIWccEjHN4/jAu +MAoGCCsGAQUFBwMEDCBESUdJVEFMU0lHTiBHTE9CQUwgUk9PVCBFQ0RTQSBDQQ== +-----END TRUSTED CERTIFICATE----- + +# DIGITALSIGN GLOBAL ROOT RSA CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIFtTCCA52gAwIBAgIUXVnIyqsJV/XmtdoplARq/8XUlYcwDQYJKoZIhvcNAQEN +BQAwYjELMAkGA1UEBhMCUFQxKjAoBgNVBAoMIURpZ2l0YWxTaWduIENlcnRpZmlj +YWRvcmEgRGlnaXRhbDEnMCUGA1UEAwweRElHSVRBTFNJR04gR0xPQkFMIFJPT1Qg +UlNBIENBMB4XDTIxMDEyMTEwNTAzNFoXDTQ2MDExNTEwNTAzNFowYjELMAkGA1UE +BhMCUFQxKjAoBgNVBAoMIURpZ2l0YWxTaWduIENlcnRpZmljYWRvcmEgRGlnaXRh +bDEnMCUGA1UEAwweRElHSVRBTFNJR04gR0xPQkFMIFJPT1QgUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyIe2ONMc8N4S+IPHxIriibi0Inp4 ++AxmUWh2NwrVT8JaCLgWXPdyAQk3hIEqVGvXktBs+qinQxI06w7bNw8p/ooxUULo +S5yQqMgsEdP9oCl+zt6U9oLgWLRORSXxIvI90w97VBrcMrbWUU5+QbRXuCzGuQ4u +ylfx1cjTWOel6UIRrtMgJZRp14/Kog3D058HaD8V0mcuU/12gpsLc6kpDZ4RkxQI +mOyeVBJKVqIGFexrbC6SYC6GDa6CH1FN47IH1xAZVyL2qWlEhPPZPaAGv8yIfn/1 +zlulwipqdELqb6b/+Wix0F+9kdJVbzNXTB6d5OKLwYVloOBqnAAAiJLdWAgW8nAx +qBzh3r1OcenWvn61oVrDTfe/m72UpP31qlOTRskmAQRwxKBxus4lZvuRflVw7kkK +TWJ/wlCacvIYZ53pRag0hOj4gfbRWiIeB087s3/dEaVz3L6pGTppqW0bMuKJqqUn +C1p+dOIPZDldfly5wRf8x41eyewk7dLyP3qERTcCvj5rWcTmWxZtwKqeqrVZLixw +VZzMmZaYJFTRjtrKtBG0t3BDH2+QCyCgqHYTZdvbI1p1S6ELMXcK7n1oYRoTjOpR +flxWo1dMXaHrE2W/VBTM8+7c1+w8l/J4Vrjfclxw/M4G3Z/SBzHv51KRns2618AY +RAcxZUkyaRNK648CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAW +gBS1Nrw8jBqrLPZZGS2DFNqTJRXWhjAdBgNVHQ4EFgQUtTa8PIwaqyz2WRktgxTa +kyUV1oYwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDQUAA4ICAQAU+zElODH4 +ygiyI3Y4rfjTWfXMtFcl4US+fvwW7K76Jp9PZxZKVvD97ccZATSOkFot1oBc7HHS +gSWCHgBx35rR1R0iu9Gl82IPtOvcJHP+plbNmhTFBDUWMaIH66UA4rb4X3L9P2FJ +jt5+TTjXeh50N2xR3L4ABLg4FPMgwe2bpyP9DUKEHX/yc8PQeGPxn+zXW+nxvmyg +SwOejWnhFNqIEIEjU//aVCsLxrmWlQQYRvN7qJfYW2ik5DgcDkXlmNMJrppe7LN5 +DTly8vSUnQ6eYCLmqPZMhc0HgjpoOc09X+M49LavO2tKn2BRRaJAAuWqDOM+0XjU +onScJroFmihwSj6mC9AdSfC6+K5BEH6kBxK9qM8pPVe7x/FDRwA+rnAYWiB7Ccs6 +OnCA5UxgmMEVwR1K98jwm+FyreddaFgLBLGMvJ+3+26LWwRV++sjVdd4UNoly74n +NrskGnkcUdH+E7v/eCzcpL4v9sVLU8+nTJlecKxZiASuZAS/e6Z6TdPod72hflAV +8+9JMIVNIVeq2yx1l62BAYeisXCdHgZaA2CxP6ZtgizUFLGBpeg9iB20cixYN4qO +OJS4c92p4Lj2d6KzfFjermk6tYulGrvy2HQGnP1icyAhdrF+cJ4Z1OsXYhk4mc02 +K0f+McvfueSsCNPYpuvUnn5LZKRVXSsXyTAsMAoGCCsGAQUFBwMEDB5ESUdJVEFM +U0lHTiBHTE9CQUwgUk9PVCBSU0EgQ0E= +-----END TRUSTED CERTIFICATE----- + +# DigiCert Assured ID Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c +JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP +mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ +wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 +VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ +AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB +AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun +pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC +dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf +fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm +NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx +H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8jA9MB4G +CCsGAQUFBwMEBggrBgEFBQcDAQYIKwYBBQUHAwMMG0RpZ2lDZXJ0IEFzc3VyZWQg +SUQgUm9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# DigiCert Assured ID Root G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA +n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc +biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp +EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA +bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu +YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW +BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI +QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I +0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni +lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 +B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv +ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5zA9MB4GCCsGAQUFBwMEBggrBgEFBQcDAQYIKwYBBQUHAwMMG0Rp +Z2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBHMg== +-----END TRUSTED CERTIFICATE----- + +# DigiCert Assured ID Root G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg +RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf +Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q +RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD +AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY +JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv +6pZjamVFkpUBtDA9MB4GCCsGAQUFBwMEBggrBgEFBQcDAQYIKwYBBQUHAwMMG0Rp +Z2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBHMw== +-----END TRUSTED CERTIFICATE----- + +# DigiCert CS ECC P384 Root G5 +-----BEGIN TRUSTED CERTIFICATE----- +MIICFjCCAZ2gAwIBAgIQA2mP5xLVGfPO0P23sWQwETAKBggqhkjOPQQDAzBNMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERp +Z2lDZXJ0IENTIEVDQyBQMzg0IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcNNDYw +MTE0MjM1OTU5WjBNMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIElu +Yy4xJTAjBgNVBAMTHERpZ2lDZXJ0IENTIEVDQyBQMzg0IFJvb3QgRzUwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAR/FK2Ftpf9AiE1TWDoOJOTmz0FEG2v0/7v+rv7c5nz +7DISjcdouIveiaKIVHeNuyF+M5VWlgno1YyhBLibbhkAYuhCKKZYN4QZVSZ7Mzdn +8ppyraGurgBCPBx+uHqeIZyjQjBAMB0GA1UdDgQWBBTwjJhxOThlwjobphdmHcjt +Zd6SNjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD +AwNnADBkAjAjb+EAGSZQ5EYgZYs3p8/rBuHMMskqoewyDXOiHgIcNWEqTmmrOXft +l4jAfWvqid0CMEPx0VijdT6Gm7ZVEYsX9z3+CmnFf07GdRtalMvqERHGCCKI3tB6 +oqV56OMhp80TszAqMAoGCCsGAQUFBwMDDBxEaWdpQ2VydCBDUyBFQ0MgUDM4NCBS +b290IEc1 +-----END TRUSTED CERTIFICATE----- + +# DigiCert CS RSA4096 Root G5 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIQBs7hMb5tVcgH98DH+0TmIDANBgkqhkiG9w0BAQwFADBM +MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJDAiBgNVBAMT +G0RpZ2lDZXJ0IENTIFJTQTQwOTYgUm9vdCBHNTAeFw0yMTAxMTUwMDAwMDBaFw00 +NjAxMTQyMzU5NTlaMEwxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwg +SW5jLjEkMCIGA1UEAxMbRGlnaUNlcnQgQ1MgUlNBNDA5NiBSb290IEc1MIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtjNzgNhiA3AULBEcOV58rnyDhh3+ +Ji9MJK2L6oNfqbw9W/wLmEwCRzDs4v7s6DRbZl6/O9cspiX/jFmz3+rafCnZRlBy +CB1u0RsK3R/NmYn6Dw9zxOGcHXUyzW+X2ipqlbJsyQnQ6gt7fRcGSZnv1t7gyFPU +rsZ38Ya7Ixy4wN9Z94590e+C5iaLWji1/3XVstlPCfM3iFDaEaSKFBTRUwQAffNq +RBj+UHAyBxyomg46HcUKH24LJmm3PKJXcCyG+kxulalYQ7msEtb/P+3XQxdrTM6e +xJCr//oQUJqjkFfW54wQrp8WGs81HX/Xdu2KnDWnKLinXSH8MDfd3ggZTxXG56ba +kEeO95RTTI5TAr79meXqhtCvAwLTm6qT8asojiAB/0z7zLcpQPWHpBITBR9DbtdR +UJ84tCDtFwkSj8y5Ga+fzb5pEdOvVRBtF4Z5llLGsgCd5a84sDX0iGuPDgQ9fO6v +zdNqEErGzYbKIj2hSlz7Dv+I31xip8C5HtmsbH44N/53kyXChYpPtTcGWgaBFPHO +lJ2ZkeoyWs5nPW4EZq0MTy2jLvee9Xid9wr9fo/jQopVlrzxnzct/J5flf6MGBv8 +jv1LkK/XA2gSY6zik6eiywTlT2TOA/rGFJ/Zi+jM1GKMa+QALBmfGgbGMYFU+1Mk +mq9Vmbqdda64wt0CAwEAAaNCMEAwHQYDVR0OBBYEFGgBk7HSSkBCaZRGLBxaiKkl +tEdPMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +DAUAA4ICAQCS/O64AnkXAlF9IcVJZ6ek8agkOOsMaOpaQmuc9HPBaUotszcFUEKY +kp4GeSwuBpn2798roM2zkgGDtaDLJ7U8IxqYSaLsLZmlWUOs0rGT1lfXHLyT1sZA +4bNvGVW3E9flQzOktavL2sExZA101iztw41u67uvGUdhYS3A9AW5b3jcOvdCQGVT +kb2ZDZOSVKapN1krm8uZxrw99wSE8JQzHQ+CWjnLLkXDKBmjspuYyPwxa2CP9umG +KLzgPH10XRaJW2kkxxCLxEu7Nk/UWT/DsKSRmfgu0UoBnfWIEu+/WhFqWU9Za1pn +84+0Ew/A2C89KHKqGX8RfWpbn5XnX7eUT/E+oVr/Lcyd3yd3jzJzHGcKdvP6XLG/ +vB29DCibsscXZwszD8O9Ntz7ukILq+2Ew2LWhBapsQdrqW7uxs/msEQpwvCzYYAq +i2/SFFwlh1Rk86RMwaH4p2vq/uo6/HnbDo/cxvPJ1Gze6YOhjh0i7Mk6sgB73Dun +Qhp/3IupET2Op8Agb10JXUNE5o9mzKlbB/Hvm3oOs1ThlP0OLMaT11X9cZg1uAlK +/8YpKCz2Ui3bFBiSJ+IWfozK1GG+goeR65g3P79fXXc/NKwbOEOraHKZMh46Ghml +ozhMI9ej58zVKpIXkAtaS70WvfuGauKJmezkoFUYyaMIHxPgMghy0DApMAoGCCsG +AQUFBwMDDBtEaWdpQ2VydCBDUyBSU0E0MDk2IFJvb3QgRzU= +-----END TRUSTED CERTIFICATE----- + +# DigiCert ECC P384 Root G5 +-----BEGIN TRUSTED CERTIFICATE----- +MIICETCCAZegAwIBAgIQDfPZN2WjecWVZuqS4iRPNDAKBggqhkjOPQQDAzBKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xIjAgBgNVBAMTGURp +Z2lDZXJ0IEVDQyBQMzg0IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcNNDYwMTE0 +MjM1OTU5WjBKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4x +IjAgBgNVBAMTGURpZ2lDZXJ0IEVDQyBQMzg0IFJvb3QgRzUwdjAQBgcqhkjOPQIB +BgUrgQQAIgNiAAT8WR/OmWx/mw62KWNvxoXzCtPWm65XFUwO7V3jCX5tKqOGqrp4 +oKdxvUT6CMBKBtZv3SxKOHTl0L3/ev/lOU69vRceH0Ot1bwn2Eu/dowwMqT7+VPl +2Ko4U12ooDegZwqjQjBAMB0GA1UdDgQWBBSSlvfmutURuvkiLnt+WtnwJeUFGzAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBl +AjEA/cBN8aSn26cMJhH0Sb0HOGMrRGIGeQjHw9TPmz6rOieqkMf9WaK4MlLbyo4X +CwqQAjBdGuxRidRk3PnlHji9Wy7j5UTkOxh61/CVQI/y68/0+dBlokHysOZ8wTYs +j1453TcwJzAKBggrBgEFBQcDAwwZRGlnaUNlcnQgRUNDIFAzODQgUm9vdCBHNQ== +-----END TRUSTED CERTIFICATE----- + +# DigiCert Global Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB +CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 +nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt +43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P +T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 +gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR +TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw +DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr +hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg +06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF +PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls +YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4wOTAeBggrBgEFBQcD +BAYIKwYBBQUHAwEGCCsGAQUFBwMDDBdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# DigiCert Global Root G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI +2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx +1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ +q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz +tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ +vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV +5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY +1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 +NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG +Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 +8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe +pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrYwOTAeBggrBgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMDDBdEaWdpQ2VydCBH +bG9iYWwgUm9vdCBHMg== +-----END TRUSTED CERTIFICATE----- + +# DigiCert Global Root G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe +Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw +EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x +IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG +fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO +Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd +BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx +AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ +oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 +sycXMDkwHgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEFBQcDAwwXRGlnaUNlcnQg +R2xvYmFsIFJvb3QgRzM= +-----END TRUSTED CERTIFICATE----- + +# DigiCert High Assurance EV Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9KMEQwHgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEFBQcDAwwiRGln +aUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# DigiCert RSA4096 Root G5 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFXjCCA0agAwIBAgIQCL+ib5o/M2WirPCmOMQBcDANBgkqhkiG9w0BAQwFADBJ +MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xITAfBgNVBAMT +GERpZ2lDZXJ0IFJTQTQwOTYgUm9vdCBHNTAeFw0yMTAxMTUwMDAwMDBaFw00NjAx +MTQyMzU5NTlaMEkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5j +LjEhMB8GA1UEAxMYRGlnaUNlcnQgUlNBNDA5NiBSb290IEc1MIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAqr4NsgZ9JvlH6uQb50JpuJnCue4ksUaQy1kk +UlQ1piTCX5EZyLZC1vNHZZVk54VlZ6mufABP4HgDUK3zf464EeeBYrGL3/JJJgne +Dxa82iibociXL5OQ2iAq44TU/6mesC2/tADemx/IoGNTaIVvTYXGqmP5jbI1dmJ0 +A9yTmGgFns2QZd3SejGrJC1tQC6QP2NsLOv6HoBUjXkCkBSztU9O9YgEQ4DDSLMm +L6xRlTJVJS9BlrBWoQg73JgfcoUsd8qYzDj7jnLJbewF7O1NtzxbFFCF3Zf7WfeQ +EvQTv4NNgLIVZRGXYOXWXOYEtVDmcTO2IJOpaAA4zknbtFw7ctdFXFS/zTwBIx58 +1vhpLKUACmwySLTecC06ExfBf2TL8zDtoT2WZ/GUtWBsW2lo9YIzCaK22fOFsm6g +lPDCxH2hLMpz9a7gUpyiZuYDzurf7RjUuWOL9+j/+7Nbj0PFr7d0lFA1Za7WL/GF +j1OhcPSNMl28lsMewgQEnAQPs11+iSDKXicNiUoSI7T2xN3YH/hoszb4HrzG94S2 +6IpOiDA4wCbYcAoJOjQOa4ISlhwv5p6t2HE1gbGMBm70bmb/S0quvfD+11xfU7sy +PM1i0RSgKR8Q3qlyT7GtZOWDKo+L6oSV7pglmJqzcTzBp1DyrEJiMcKhkMbu4reK +qLW2GzsCAwEAAaNCMEAwHQYDVR0OBBYEFGJtt5FPxOqjYmCPoNC+tY8GfGgAMA4G +A1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4IC +AQBh6PsnbdbiuLMJr6rwsYJM/j0XiU0tFZ377tC7hOyEddtDE96Mn8cp74d0yxNw +gVYAdPyu9Nk63iIIUaWgXIJmtntMqdqPq6wcQZZm1p3eVua/TrGyXl/Aw27UwoSQ +9X2xuhbRKYrInenP0McZOz/P7vfhM65CyJjACJ7zWvPf1Cs7jqgoVhnHTnc8JVTc +uEhI0fknaj7sE6+yBYn9VV/zfY4NnAldLIp+hc744b8RPTKMWtd+PfQzWM+iBZij +s/vOib/9whbdbtyISQ0LoAP/50XpBMHp/aqddfi4H4eD2es501qny5isE4kA/G+V +TuF9EUZt9jhGoxOgLAH1Ys+/HFCRJ3Rdt+xHfNDRdct77tFNIwrDYKV3LYDaZw+O +a3YH8KYP6oSuHnm/CIraCfP07rU289R6Q7qUNeH6wTsblpmkV2PrtaiC9634d9d2 +hvN2U1Zb/CZChM6fg5GRr/S+cBWApdjoabHYkVS4GbJi+aL6Ve0Ev7lEhuTP8ZsA +vxEPvrV0JFH/dzRj7EgjDugR63dt2sqCkb6khJNM2qH+zAaE6CHoVLrm0x1jPcJa +/ObJg55yZKmGWQCMwvcTg7bQpDHGrJGOe6QiVhPGdccjvItb/EY9/l1SKa+v6MnD +dkvoq0cC8poN0yyIgAeGwGMPAkyOBFN2uVhCb3wpcF2/JzAmMAoGCCsGAQUFBwMD +DBhEaWdpQ2VydCBSU0E0MDk2IFJvb3QgRzU= +-----END TRUSTED CERTIFICATE----- + +# DigiCert SMIME ECC P384 Root G5 +-----BEGIN TRUSTED CERTIFICATE----- +MIICHDCCAaOgAwIBAgIQBT9uoAYBcn3tP8OjtqPW7zAKBggqhkjOPQQDAzBQMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xKDAmBgNVBAMTH0Rp +Z2lDZXJ0IFNNSU1FIEVDQyBQMzg0IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN +NDYwMTE0MjM1OTU5WjBQMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQs +IEluYy4xKDAmBgNVBAMTH0RpZ2lDZXJ0IFNNSU1FIEVDQyBQMzg0IFJvb3QgRzUw +djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQWnVXlttT7+2drGtShqtJ3lT6I5QeftnBm +ICikiOxwNa+zMv83E0qevAED3oTBuMbmZUeJ8hNVv82lHghgf61/6GGSKc8JR14L +HMAfpL/yW7yY75lMzHBrtrrQKB2/vgSjQjBAMB0GA1UdDgQWBBRzemuW20IHi1Jm +wmQyF/7gZ5AurTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggq +hkjOPQQDAwNnADBkAjA3RPUygONx6/Rtz3zMkZrDbnHY0iNdkk2CQm1cYZX2kfWn +CPZql+mclC2YcP0ztgkCMAc8L7lYgl4Po2Kok2fwIMNpvwMsO1CnO69BOMlSSJHW +Dvu8YDB8ZD8SHkV/UT70pjAtMAoGCCsGAQUFBwMEDB9EaWdpQ2VydCBTTUlNRSBF +Q0MgUDM4NCBSb290IEc1 +-----END TRUSTED CERTIFICATE----- + +# DigiCert SMIME RSA4096 Root G5 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFajCCA1KgAwIBAgIQBfa6BCODRst9XOa5W7ocVTANBgkqhkiG9w0BAQwFADBP +MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJzAlBgNVBAMT +HkRpZ2lDZXJ0IFNNSU1FIFJTQTQwOTYgUm9vdCBHNTAeFw0yMTAxMTUwMDAwMDBa +Fw00NjAxMTQyMzU5NTlaME8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2Vy +dCwgSW5jLjEnMCUGA1UEAxMeRGlnaUNlcnQgU01JTUUgUlNBNDA5NiBSb290IEc1 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4Gpb2fj5fey1e+9f3Vw0 +2Npd0ctldashfFsA1IJvRYVBiqkSAnIy8BT1A3W7Y5dJD0CZCxoeVqfS0OGr3eUE +G+MfFBICiPWggAn2J5pQ8LrjouCsahSRtWs4EHqiMeGRG7e58CtbyHcJdrdRxDYK +mVNURCW3CTWGFwVWkz1BtwLXYh+KkhGH6hFt6ggR3LF4SEmS9rRRgHgj2P7hVho6 +kBNWNInV4pWLX96yzPs/OLeF9+qevy6hLi9NfWoRLjag/xEIBJVV4Bs7Z5OplFXq +Mu0GOn/Cf+OtEyfRNEGzMMO/tIj4A4Kk3z6reHegWZNx593rAAR7zEg5KOAeoxVp +yDayoQuX31XW75GcpPYW91EK7gMjkdwE/+DdOPYiAwDCB3EaEsnXRiqUG83Wuxvu +v75NUFiwC80wdin1z+W2ai92sLBpatBtZRg1fpO8chfBVULNL8Ilu/T9HaFkIlRd +4p5yQYRucZbqRQe2XnpKhp1zZHc4A9IPU6VVIMRN/2hvVanq3XHkT9mFo3xOKQKe +CwnyGlPMAKbd0TT2DcEwsZwCZKw17aWwKbHSlTMP0iAzvewjS/IZ+dqYZOQsMR8u +4Y0cBJUoTYxYzUvlc4KGjOyo1nlc+2S73AxMKPYXr+Jo1haGmNv8AdwxuvicDvko +Rkrh/ZYGRXkRaBdlXIsmh1sCAwEAAaNCMEAwHQYDVR0OBBYEFNGj1FcdT1XbdUxc +Qp5jFs60xjsfMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBDAUAA4ICAQAHpwreU7ua63C/sjaQzeSnuPEM5F1aHXhl/Mm4HiMRV3xp +NW0B/1NQvwcOuscBP1gqlHUDqxwLI9wbih43PR1Yj3PZsypv3xCgWwynyrB/uSSi +ATUy5V5GQevYf3PnQumkUSZ3gQqo6w8KUJ1+iiBn/AuOOhHTxYxgGNlLsfzU8bRJ +Tq6H4dH7dqFf8wbPl5YM6Z51gVxTDSL8NuZJbnTbAIWNfCKgjvsQTNRiE1vvS3Im +i/xOio/+lxBTxXiLQmQbX+CJ/bsJf1DgVIUmEWodZflJKdx8Nt/7PffSrO4yjW6m +fTmcRcTKDfU7tHlTpS9Wx1HFikxkXZBDI45rTBd4zOi/9TvkqEjPrZsM3zJK09kS +jiN4DS2vn6+ePAnClwDtOmkccT8539OPxGb17zaUD/PdkraWX5Cm3XOqpiCUlCVq +CQxy5BMjYEyjyhcue2cA29DN6nofOSZXiTB3y07llUVPX/s2XD35ILU6ECVPkzJa +7sGW6OlWBLBJYU3seKidGMH/2OovVu+VK3sEXmfjVUDtOQT5C3n1aoxcD4makMfN +i97bJjWhbs2zQvKiDzsMjpP/FM/895P35EEIbhlSEQ9TGXN4DM/YhYH4rVXIsJ5G +Y6+cUu5cv/DAWzceCSDSPiPGoRVKDjZ+MMV5arwiiNkMUkAf3U4PZyYW0q0XHDAs +MAoGCCsGAQUFBwMEDB5EaWdpQ2VydCBTTUlNRSBSU0E0MDk2IFJvb3QgRzU= +-----END TRUSTED CERTIFICATE----- + +# DigiCert TLS ECC P384 Root G5 +-----BEGIN TRUSTED CERTIFICATE----- +MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURp +Z2lDZXJ0IFRMUyBFQ0MgUDM4NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2 +MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ +bmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQgUm9vdCBHNTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1TzvdlHJS +7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp +0zVozptjn4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICIS +B4CIfBFqMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49 +BAMDA2gAMGUCMQCJao1H5+z8blUD2WdsJk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQ +LgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIxAJSdYsiJvRmEFOml+wG4 +DXZDjC5Ty3zfDBeWUDArMAoGCCsGAQUFBwMBDB1EaWdpQ2VydCBUTFMgRUNDIFAz +ODQgUm9vdCBHNQ== +-----END TRUSTED CERTIFICATE----- + +# DigiCert TLS RSA4096 Root G5 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBN +MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMT +HERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN +NDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQs +IEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS87IE+ +ajWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG0 +2C+JFvuUAT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgp +wgscONyfMXdcvyej/Cestyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZM +pG2T6T867jp8nVid9E6P/DsjyG244gXazOvswzH016cpVIDPRFtMbzCe88zdH5RD +nU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnVDdXifBBiqmvwPXbzP6Po +sMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9qTXeXAaDx +Zre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cd +Lvvyz6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvX +KyY//SovcfXWJL5/MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNe +XoVPzthwiHvOAbWWl9fNff2C+MIkwcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPL +tgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4EFgQUUTMc7TZArxfTJc1paPKv +TiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw +GXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7H +PNtQOa27PShNlnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLF +O4uJ+DQtpBflF+aZfTCIITfNMBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQ +REtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/u4cnYiWB39yhL/btp/96j1EuMPik +AdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9GOUrYU9DzLjtxpdRv +/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh47a+ +p6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilw +MUc/dNAUFvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WF +qUITVuwhd4GTWgzqltlJyqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCK +ovfepEWFJqgejF0pW8hL2JpqA15w8oVPbEtoL8pU9ozaMv7Da4M/OMZ+MCowCgYI +KwYBBQUHAwEMHERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzU= +-----END TRUSTED CERTIFICATE----- + +# DigiCert Trusted Root G4 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg +RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y +ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If +xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV +ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO +DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ +jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ +CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi +EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM +fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY +uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK +chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t +9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 +SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd ++SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc +fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa +sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N +cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N +0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie +4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI +r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 +/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm +gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+MDowHgYIKwYBBQUH +AwQGCCsGAQUFBwMBBggrBgEFBQcDAwwYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0 +-----END TRUSTED CERTIFICATE----- + +# Digidentity L3 Root CA - G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFoTCCA4mgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTDEZ +MBcGA1UEChMQRGlnaWRlbnRpdHkgQi5WLjEkMCIGA1UEAxMbRGlnaWRlbnRpdHkg +TDMgUm9vdCBDQSAtIEcyMB4XDTExMDQyOTEwNDQxOVoXDTMxMTExMDEwNDQxOVow +TjELMAkGA1UEBhMCTkwxGTAXBgNVBAoTEERpZ2lkZW50aXR5IEIuVi4xJDAiBgNV +BAMTG0RpZ2lkZW50aXR5IEwzIFJvb3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBALgRo0XeAUdWDWK4jrpYZlz6MsZrgG64f/hT337fYqjB +V0+aRSXISkUtUzgksyCsT+qt/5oQr3/iDsq0DiQlkc52jhCpL5lTp5BLBItterlB +G9MBeYyfQWu5kNeBEhoHltAJr+nkaiFTgLiGnmJoQ62zahX69m0DMmo1sVATSMd6 +tSETnASc2pP5aivBpxj99sB+Wfb75w4Rtdwj6hzvZwVXzhfp8Xux0TIkjM9l59S8 +NhlwfKInIdaA0i0VT0q14FWQlVGTIYDznEQf/x1VVeTiEBGUFlPQ/q/z75e6RuJ3 +W8vWolkRiKbnVUHDkmUdIxRiFH8lciD2pIcpbwf8/uDQGNKX+RSONsboDBiX8XYc +9CTa40r5t0wSGWfz8OFT+13kwHRjXyWRCtk+9DOs5At1X87mmLxUDZ2iMcUVVF0i +HIs6VKYN0dcjOqw+qkoXZHYtDftU5euCPDlBQ53hrnlgz2bux3GDewxrCdueok1O +RpNot/pn4dq/35GA2qOiia1ebMxLd3Vkb40k44iIC+M/6b+n5VZiDYN/vWphyJCJ +eFsMrxIq4pOtZOfZRS72sMirRe5wOG+7NT4W/quew2Yv874JYNVvgL1N26+N/gxg +M2sP6J1rxDB3nyxQONCYaew36J4P5GLq+v8RRFTZ782TdZFM4YllppS5U/n5SWPF +AgMBAAGjgYkwgYYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD +VR0OBBYEFCsjIGC9LYqIR6ytK74CObqY1OyYMEQGA1UdIAQ9MDswOQYEVR0gADAx +MC8GCCsGAQUFBwIBFiNodHRwOi8vcGtpLmRpZ2lkZW50aXR5LmV1L3ZhbGlkYXRp +ZTANBgkqhkiG9w0BAQsFAAOCAgEAqf3vuo8bfjISZx1BDS2mi8/y9K1WeH4KmNib +qNG0SywmrOTSf2c3vQmN5blzETpuCcdXZAchNPgOXSrYkXzxVFG8nPAMakL0PAFO +k0VBPazzmEsecR4zWTL/fDDwXOThvi0uterdYiEOPbQNlfzJuNm6oPdip+3DA64I +LEHV70NxOLcUcq4/9BR0R9jejFF5zu+xVKxwR5Z+LS7dm+6hAS4Z775YYHEtrZdb +WmAwyzKCYk5W5WdqtNIxVHI/AtC8MDmPt0MJKh8mOwzHfB2bgGCEDuku0vkVu1vg +iqQA6eMp+yhbvTZFYCFDMf9woV9cg1uXfA23U1nsmLVO4imx1HxG4+jjQ+o6ljUf +U/EEFiXjLPNooaaR3xX7vZ/mTp7CVGt+IlfjpJxcIiUfga+ZyN8RFUhD+LMzqSN/ +DjOPvEYdQ7Q7YPWXhRmiFrBV3BpwKWXa2X4JFzTribrpYZLY3jRjPEpVar/ahu3O +M967U2/PHNqUT3ZUrGVVEFOayLhr3AbmuuVR1UF/H8TAQaFgkTTzE4LRoXfT90zk +Gf/XRJqwtbzcyl6P3M7xoGk24ESSLpn6vK+zx3g6VWbHa6XkaSbpNB0fKpcK6Xep +d1tzSDKBv//R7IPFcINpnpgbw1ffkZUcgPyN6JaDBdOfeoh7+uhX8cGEKL3N1hzM +peJJCnMwKTAKBggrBgEFBQcDAwwbRGlnaWRlbnRpdHkgTDMgUm9vdCBDQSAtIEcy +-----END TRUSTED CERTIFICATE----- + +# E-ME SSI (RCA) +-----BEGIN TRUSTED CERTIFICATE----- +MIIF4DCCA8igAwIBAgIQLu/b+9iJPY9JHJNy/kXf7TANBgkqhkiG9w0BAQUFADBQ +MQswCQYDVQQGEwJMVjEoMCYGA1UECxMfU2VydGlmaWthY2lqYXMgcGFrYWxwb2p1 +bXUgZGFsYTEXMBUGA1UEAxMORS1NRSBTU0kgKFJDQSkwHhcNMDkwNTE5MDg0NTU2 +WhcNMjcwNTE5MDg0ODE1WjBQMQswCQYDVQQGEwJMVjEoMCYGA1UECxMfU2VydGlm +aWthY2lqYXMgcGFrYWxwb2p1bXUgZGFsYTEXMBUGA1UEAxMORS1NRSBTU0kgKFJD +QSkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEBGsAw7DgLjvoUwUF +CL7IhCdV1h2KEuIXIlps/7PdtpnDysHq+dgltd86nZ0/UsXp8qy/iXSKVK5Oz27y +Xq7avRIHmZXPZKv+mZFkWYzJvkRqMZuY6rrq0SEOKAs5m+PWiqb3Aro/PdlZ9HmZ +3tMkm4twGyqE1uUJDyYmJFiPJV7zxZ10iaU2xeVSsuvohpNHbqcph6R+3LSjyzJW +90WA2lzHL6Cn1+/1/LWozYSVYvipKyM7bdO3ksjqwbwUTehrnBZ60+wH+wclEE8U +h3uSNs5WgmVLEyYG2KOjpt/Cevt7NQWiEz0+drwcV4MDUcc03lr1PL02JZwWD03O +6A0ay11DohRvunxg1AKFdsVrKrhFsVx3RxGtoCWpZpGMURdtYVUKGT+bAv/E9dbS +s+klU+EEPY8i0KJl5a6ntOAdkWrChpL3Ol0Tp3pMQt9as0qIRCzvR7qpr9bPYnOK +BiIWLMLsHwao00dQWTIS5bmdYjWeyl4KtJ0jiMLTTywsyZPofrgJ7KbZ3WPhyahq +aNyEUaxaEuc7prUHCrGqTrO0olffN2wWTquZMnrwnCMli8qaqIzgOCG0zvdsYcji +DBJZBoEmNloPNXPUFkX93pXe1ktcn3PZvhm957/kVWrIa0T3x7gziHkZDQZk6K8L +oXUMUmW6CiOVcfdj/H7ljI/M0QIDAQABo4G1MIGyMA4GA1UdDwEB/wQEAwIBBjAY +BggrBgEFBQcBAwQMMAowCAYGBACORgEBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFDsmA7rP41lGQlCtFJy/Azvv1j4xMBAGCSsGAQQBgjcVAQQDAgEAMEQGA1Ud +IAQ9MDswOQYLKwYBBAGB+j0BAQEwKjAoBggrBgEFBQcCARYcaHR0cDovL3d3dy5l +bWUubHYvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUFAAOCAgEAheamlOTZRl+dv5O7 ++Wt2ZCiuvzxFKoqTeWzTS4iGIGsiJjg9HBOq62GXbC4+V5xsQ6LebUDEMfJtukYW +sy3Gu6bc5S+x2MHVkR4Rf/tfodwdYfhtm2Hw4j8rcdUNy97fZT+gb5WbesvbNTcp +XV6duVSxrGAS5WPZza9SGwWWE3zaJHUBrdSepcvBEkVPV68jvym86o6tePiHI+hI +y0Covl0z1uzGBkPCZyro44UuYJ5ELytPMbEHnZUh1SqSr4CR08cpvc3xFQyfAe74 +LTukB3BJeSTtvKHTllGCn8LIvN4jmsdQK5q2eFKqzpX2YDuimfkmZvRHLEElvEH6 +1ot/vV+CfNNFhbRM2OyzF+9EOvUoZe/1nnHMId7o1lEcEPtA/EnlXIQXr6oZXqLt +Th6i+8pHHBxkPhSRojkZNIh/kcs7nRlw6ij7/FAPzL09XgIDa3k1REF27rYtdITh +gnHTJbDTw5lEqz/iDKXuvab8pBEA7py9N9HWYsQwFC0QCpeKiPUlPJa+RkAaisCF +dsSgSeBJpecZtQnzzE3tFl6a1NPIadDYijeFa07kqgeSXNRxcYFI03j1VmD+zALU +AJMfTJJAl75yU3kuJlK+pqN0sZTZFGM6blvRPJInUpAyWpLSD05bCwY6YuXWJwwB +9iUCuIsQKUKp92nK3OsKkksoMYYwHDAKBggrBgEFBQcDAwwORS1NRSBTU0kgKFJD +QSk= +-----END TRUSTED CERTIFICATE----- + +# E-Tugra Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV +BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC +aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV +BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 +Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz +MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ +BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp +em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN +ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY +B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH +D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF +Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo +q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D +k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH +fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut +dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM +ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 +zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn +rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX +U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 +Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 +XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF +Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR +HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY +GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c +77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 ++GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK +vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 +FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl +yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P +AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD +y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d +NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJDAtMAoGCCsGAQUFBwMDDB9F +LVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +-----END TRUSTED CERTIFICATE----- + +# E-Tugra Global Root CA ECC v3 +-----BEGIN TRUSTED CERTIFICATE----- +MIICpTCCAiqgAwIBAgIUJkYZdzHhT28oNt45UYbm1JeIIsEwCgYIKoZIzj0EAwMw +gYAxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUtVHVn +cmEgRUJHIEEuUy4xHTAbBgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYwJAYD +VQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENBIEVDQyB2MzAeFw0yMDAzMTgwOTQ2 +NThaFw00NTAzMTIwOTQ2NThaMIGAMQswCQYDVQQGEwJUUjEPMA0GA1UEBxMGQW5r +YXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1Z3Jh +IFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBF +Q0MgdjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASOmCm/xxAeJ9urA8woLNheSBkQ +KczLWYHMjLiSF4mDKpL2w6QdTGLVn9agRtwcvHbB40fQWxPa56WzZkjnIZpKT4YK +fWzqTTKACrJ6CZtpS5iB4i7sAnCWH/31Rs7K3IKjYzBhMA8GA1UdEwEB/wQFMAMB +Af8wHwYDVR0jBBgwFoAU/4Ixcj75xGZsrTie0bBRiKWQzPUwHQYDVR0OBBYEFP+C +MXI++cRmbK04ntGwUYilkMz1MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNp +ADBmAjEA5gVYaWHlLcoNy/EZCL3W/VGSGn5jVASQkZo1kTmZ+gepZpO6yGjUij/6 +7W4WAie3AjEA3VoXK3YdZUKWpqxdinlW2Iob35reX8dQj7FbcQwm32pAAOwzkSFx +vmjkI6TZraE3MCswCgYIKwYBBQUHAwMMHUUtVHVncmEgR2xvYmFsIFJvb3QgQ0Eg +RUNDIHYz +-----END TRUSTED CERTIFICATE----- + +# E-Tugra Global Root CA RSA v3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIF8zCCA9ugAwIBAgIUDU3FzRYilZYIfrgLfxUGNPt5EDQwDQYJKoZIhvcNAQEL +BQAwgYAxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUt +VHVncmEgRUJHIEEuUy4xHTAbBgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYw +JAYDVQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENBIFJTQSB2MzAeFw0yMDAzMTgw +OTA3MTdaFw00NTAzMTIwOTA3MTdaMIGAMQswCQYDVQQGEwJUUjEPMA0GA1UEBxMG +QW5rYXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1 +Z3JhIFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBD +QSBSU0EgdjMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCiZvCJt3J7 +7gnJY9LTQ91ew6aEOErxjYG7FL1H6EAX8z3DeEVypi6Q3po61CBxyryfHUuXCscx +uj7X/iWpKo429NEvx7epXTPcMHD4QGxLsqYxYdE0PD0xesevxKenhOGXpOhL9hd8 +7jwH7eKKV9y2+/hDJVDqJ4GohryPUkqWOmAalrv9c/SF/YP9f4RtNGx/ardLAQO/ +rWm31zLZ9Vdq6YaCPqVmMbMWPcLzJmAy01IesGykNz709a/r4d+ABs8qQedmCeFL +l+d3vSFtKbZnwy1+7dZ5ZdHPOrbRsV5WYVB6Ws5OUDGAA5hH5+QYfERaxqSzO8bG +wzrwbMOLyKSRBfP12baqBqG3q+Sx6iEUXIOk/P+2UNOMEiaZdnDpwA+mdPy70Bt4 +znKS4iicvObpCdg604nmvi533wEKb5b25Y08TVJ2Glbhc34XrD2tbKNSEhhw5oBO +M/J+JjKsBY04pOZ2PJ8QaQ5tndLBeSBrW88zjdGUdjXnXVXHt6woq0bM5zshtQoK +5EpZ3IE1S0SVEgpnpaH/WwAH0sDM+T/8nzPyAPiMbIedBi3x7+PmBvrFZhNb/FAH +nnGGstpvdDDPk1Po3CLW3iAfYY2jLqN4MpBs3KwytQXk9TwzDdbgh3cXTJ2w2Amo +DVf3RIXwyAS+XF1a4xeOVGNpf0l0ZAWMowIDAQABo2MwYTAPBgNVHRMBAf8EBTAD +AQH/MB8GA1UdIwQYMBaAFLK0ruYt9ybVqnUtdkvAG1Mh0EjvMB0GA1UdDgQWBBSy +tK7mLfcm1ap1LXZLwBtTIdBI7zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEL +BQADggIBAImocn+M684uGMQQgC0QDP/7FM0E4BQ8Tpr7nym/Ip5XuYJzEmMmtcyQ +6dIqKe6cLcwsmb5FJ+Sxce3kOJUxQfJ9emN438o2Fi+CiJ+8EUdPdk3ILY7r3y18 +Tjvarvbj2l0Upq7ohUSdBm6O++96SmotKygY/r+QLHUWnw/qln0F7psTpURs+APQ +3SPh/QMSEgj0GDSz4DcLdxEBSL9htLX4GdnLTeqjjO/98Aa1bZL0SmFQhO3sSdPk +vmjmLuMxC1QLGpLWgti2omU8ZgT5Vdps+9u1FGZNlIM7zR6mK7L+d0CGq+ffCsn9 +9t2HVhjYsCxVYJb6CH5SkPVLpi6HfMsg2wY+oF0Dd32iPBMbKaITVaA9FCKvb7jQ +mhty3QUBjYZgv6Rn7rWlDdF/5horYmbDB7rnoEgcOMPpRfunf/ztAmgayncSd6YA +VSgU7NbHEqIbZULpkejLPoeJVF3Zr52XnGnnCv8PWniLYypMfUeUP95L6VPQMPHF +9p5J3zugkaOj/s1YzOrfr28oO6Bpm4/srK4rVJ2bBLFHIK+WEj5jlB0E5y67hscM +moi/dkfv97ALl2bSRM9gUgfh1SxKOidhd8rXj+eHDjD/DLsE4mHDosiXYY60MGo8 +bcIHX0pzLz/5FooBZu+6kcpSV3uu1OYP3Qt6f4ueJiDPO++BcYNZMCswCgYIKwYB +BQUHAwMMHUUtVHVncmEgR2xvYmFsIFJvb3QgQ0EgUlNBIHYz +-----END TRUSTED CERTIFICATE----- + +# EBG Elektronik Sertifika Hizmet Sağlayıcısı +-----BEGIN TRUSTED CERTIFICATE----- +MIIF5zCCA8+gAwIBAgIITK9zQhyOdAIwDQYJKoZIhvcNAQEFBQAwgYAxODA2BgNV +BAMML0VCRyBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx +c8SxMTcwNQYDVQQKDC5FQkcgQmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXpt +ZXRsZXJpIEEuxZ4uMQswCQYDVQQGEwJUUjAeFw0wNjA4MTcwMDIxMDlaFw0xNjA4 +MTQwMDMxMDlaMIGAMTgwNgYDVQQDDC9FQkcgRWxla3Ryb25payBTZXJ0aWZpa2Eg +SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTE3MDUGA1UECgwuRUJHIEJpbGnFn2ltIFRl +a25vbG9qaWxlcmkgdmUgSGl6bWV0bGVyaSBBLsWeLjELMAkGA1UEBhMCVFIwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDuoIRh0DpqZhAy2DE4f6en5f2h +4fuXd7hxlugTlkaDT7byX3JWbhNgpQGR4lvFzVcfd2NR/y8927k/qqk153nQ9dAk +tiHq6yOU/im/+4mRDGSaBUorzAzu8T2bgmmkTPiab+ci2hC6X5L8GCcKqKpE+i4s +tPtGmggDg3KriORqcsnlZR9uKg+ds+g75AxuetpX/dfreYteIAbTdgtsApWjluTL +dlHRKJ2hGvxEok3MenaoDT2/F08iiFD9rrbskFBKW5+VQarKD7JK/oCZTqNGFav4 +c0JqwmZ2sQomFd2TkuzbqV9UIlKRcF0T6kjsbgNs2d1s/OsNA/+mgxKb8amTD8Um +TDGyY5lhcucqZJnSuOl14nypqZoaqsNW2xCaPINStnuWt6yHd6i58mcLlEOzrz5z ++kI2sSXFCjEmN1ZnuqMLfdb3ic1nobc6HmZP9qBVFCVMLDMNpkGMvQQxahByCp0O +Lna9XvNRiYuoP1Vzv9s6xiQFlpJIqkuNKgPlV5EQ9GooFW5Hd4RcUXSfGenmHmMW +OeMRFeNYGkS9y8RsZteEBt8w9DeiQyJ50hBs37vmExH8nYQKE3vwO9D8owrXieqW +fo1IhR5kX9tUoqzVegJ5a9KK8GfaZXINFHDk6Y54jzJ0fFfy1tb0Nokb+Clsi7n2 +l9GkLqq+CxnCRelwXQIDAJ3Zo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB +/wQEAwIBBjAdBgNVHQ4EFgQU587GT/wWZ5b6SqMHwQSny2re2kcwHwYDVR0jBBgw +FoAU587GT/wWZ5b6SqMHwQSny2re2kcwDQYJKoZIhvcNAQEFBQADggIBAJuYml2+ +8ygjdsZs93/mQJ7ANtyVDR2tFcU22NU57/IeIl6zgrRdu0waypIN30ckHrMk2pGI +6YNw3ZPX6bqz3xZaPt7gyPvT/Wwp+BVGoGgmzJNSroIBk5DKd8pNSe/iWtkqvTDO +TLKBtjDOWU/aWR1qeqRFsIImgYZ29fUQALjuswnoT4cCB64kXPBfrAowzIpAoHME +wfuJJPaaHFy3PApnNgUIMbOv2AFoKuB4j3TeuFGkjGwgPaL7s9QJ/XvCgKqTbCmY +Iai7FvOpEl90tYeY8pUm3zTvilORiF0alKM/fCL414i6poyWqD1SNGKfAB5UVUJn +xk1Gj7sURT0KlhaOEKGXmdXTMIXM3rRyt7yKPBgpaP3ccQfuJDlq+u2lrDgv+R4Q +DgZxGhBM/nV+/x5XOULK1+EVoVZVWRvRo68R2E7DpSvvkL/A7IITW43WciyTTo9q +Kd+FPNMN4KIYEsxVL0e3p5sC/kH2iExt2qkBR4NkJ2IQgtYSe14DHzSpyZH+r11t +hie3I6p1GMog57AP14kOpmciY/SDQSsGS7tY1dHXt7kQY9iJSrSq3RZj9W6+YKH4 +7ejWkE8axsWgKdOnIaj1Wjz3x0miIZpKlVIglnKaZsv30oZDfCK+lvm9AahH3eU7 +QPl1K5srRmSGjR70j/sHd9DqSaIcjVIUpgqTMD0wCgYIKwYBBQUHAwMML0VCRyBF +bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8Sx +-----END TRUSTED CERTIFICATE----- + +# EC-ACC +-----BEGIN TRUSTED CERTIFICATE----- +MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB +8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy +dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1 +YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3 +dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh +IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD +LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG +EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g +KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD +ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu +bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg +ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R +85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm +4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV +HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd +QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t +lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB +o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4 +opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo +dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW +ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN +AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y +/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k +SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy +Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS +Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl +nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EIwFDAKBggrBgEFBQcDAwwGRUMtQUND +-----END TRUSTED CERTIFICATE----- + +# ECRaizEstado +-----BEGIN TRUSTED CERTIFICATE----- +MIIFbjCCA1agAwIBAgIPQupbClERJnzYJ3S3339xMA0GCSqGSIb3DQEBBQUAMDMx +CzAJBgNVBAYTAlBUMQ0wCwYDVQQKDARTQ0VFMRUwEwYDVQQDDAxFQ1JhaXpFc3Rh +ZG8wHhcNMDYwNjIzMTM0MTI3WhcNMzAwNjIzMTM0MTI3WjAzMQswCQYDVQQGEwJQ +VDENMAsGA1UECgwEU0NFRTEVMBMGA1UEAwwMRUNSYWl6RXN0YWRvMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2++iQ27Iqf1u19+sopKEochZoAyaU/7v +rswZDXKKpMIzI+/nBnLqbUs6QVIPyUgOLee6ZO6iOkxjXGYpi9+piMW96PH3jkv8 +ATxEEjkqcKLA28Wi31/HS8ao3D1hfEpYwUQyk95wmaEjJlY/o+HqXzBG2Hj1MKOW +CYmwPfGGkwW2EmoYjfClZDsrh2RePReOC27mmMyXODggjHBaaSu9ZY3NN1lcbNFy +dFkGTsi3Add3v/BIhqizGl1B1DcXERBfSm6NdcUDQH0hrgDw2/yfbDpmpN/3yt+A +ZlrZ2H8UoiYZ9K4LIeDKPgXdFth+WdqhsGnDnTQT+mVJOYfudi+NvTwnGQNOrQ4L +KyzGLnETNSlX6XDcG1HqzZfxlY2yhvomBi+AGpXxmDvu9uWGpc4bAeX06TPKD1VE +X2iKLMdbZijdlkuDnV4dfhjV/rJg+5pRaMOWjB9oS1BSCzbmMSfk1ykMG9obL+EE +U7jUeUmwO4FeCIgid+IpwK5yqqu0clK9bLv1unjZnLggbzCNSp0y+fQB5mJ5mEJA +BXpvHCo/tfvfzRhAjuUQxDlbVvE8VwWr0jlNP/iLI8druUCx4v7/sxwKaR+bjA+0 +H+AK3kj9jV+PmfUBdgU2XY7cM45RbhHiQf3Mt40qXz6S5fKx4KQj4qK3xo0YmylK +0UZ/9GQgGN0CAwEAAaN/MH0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFHF/Nd71d3FtHRKc4ZCkuvCpg4+AMDsGA1UdIAQ0MDIwMAYE +VR0gADAoMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVjZWUuZ292LnB0L2RwYzAN +BgkqhkiG9w0BAQUFAAOCAgEAjK2ccqW1Z3ZnOIfpOoz+nVk1vpDxAwCgWNiY0b/8 +/PNQ3LRl1dq68IwufA3mCZFfTaP2XXicWF1qcJSjr9svAMkDQGvfUQMWGYwrvJk2 +9sCtkhgTjKftHdLfA5AF7LCTmJv3TVoT+Oeb9zZ23nwm+BE4T0lOs3MfXydb4Z4y +HvbAmBvZICxclo2GyQtF15Ktir3qV6KjVrYgPOyyxzl+sID+vVErKrTDcmnD+Ucu +bv+ch+3cdcsQiOC0zi4OUx0L6G4eQkzQvjl4dckU3ieRc6rsaoDw8BeWYk++BMvi +p+VdD5NFy1lIJhPe3bH1CtoWsagdj35YG7fVCd6Ia86EPqi+UmLK0qGhx8s8FuB2 +VjA/5g9rBnf+ZJ1aanN87t4h6ZpJlze2hH+ikT5F+9daBsWHNdy6SEyGAQhHNrY4 +UJURmXPRN0kK+kJPLxBU00GQ+sjcuxHcDcx9fJvcDpFxhk248hWaKzgXEaHynqhs +nOPOruLmS4vyigY7B3cCEe6D6p1mhsrwYqnVV4OkFfFFFP4adX+lD9xSdFl1Cvj7 +VUGpXI0xRN3NlE4z0RtBqtvXoTzwxUhtRUE1tXmD5vlN8VY4179AIvsggOMcwllG +B2MCYQA7m1C7Q8Ow6QqauHb0R2FVZHBPN9mcEaMTsuHdQEK7mNegBovmaFdLDjho +f7owGjAKBggrBgEFBQcDAwwMRUNSYWl6RXN0YWRv +-----END TRUSTED CERTIFICATE----- + +# EE Certification Centre Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1 +MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 +czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG +CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy +MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl +ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS +b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy +euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO +bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw +WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d +MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE +1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/ +zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB +BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF +BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV +v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG +E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u +uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW +iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v +GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0wLTAKBggrBgEFBQcDAwwfRUUgQ2VydGlm +aWNhdGlvbiBDZW50cmUgUm9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Entrust.net Premium 2048 Secure Server CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML +RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp +bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 +IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 +MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 +LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp +YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG +A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq +K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe +sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX +MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT +XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ +HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH +4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub +j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo +U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b +u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ +bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er +fF6adulZkMV8gzURZVEwSzAeBggrBgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMD +DClFbnRydXN0Lm5ldCBQcmVtaXVtIDIwNDggU2VjdXJlIFNlcnZlciBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Entrust Code Signing Root Certification Authority - CSBR1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFojCCA4qgAwIBAgIUf/Go+fQ66IduLcb/XkM9su4wpkMwDQYJKoZIhvcNAQEN +BQAwaTELMAkGA1UEBhMCVVMxFjAUBgNVBAoMDUVudHJ1c3QsIEluYy4xQjBABgNV +BAMMOUVudHJ1c3QgQ29kZSBTaWduaW5nIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkgLSBDU0JSMTAeFw0yMTA1MDcxMzI2MzZaFw00MDEyMzAxMzI2MzZaMGkx +CzAJBgNVBAYTAlVTMRYwFAYDVQQKDA1FbnRydXN0LCBJbmMuMUIwQAYDVQQDDDlF +bnRydXN0IENvZGUgU2lnbmluZyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gQ1NCUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCngY/3FEW2 +YkPy2K7TJV5IT1G/xX2fUBw10dZ+YSqUGW0nRqSmGl33VFFqgCLGqGZ1TVSDyV5o +G6v2W2Swra0gvVTvRmttAudFrnX2joq5Mi6LuHccUk15iF+lOhjJUCyXJy2/2gB9 +Y3/vMuxGh2Pbmp/DWiE2e/mb1cqgbnIs/OHxnnBNCFYVb5Cr+0i6udfBgniFZS5/ +tcnA4hS3NxFBBuKK4Kj25X62eAUBw2DtTwdBLgoTSeOQm3/dvfqsv2RR0VybtPVc +51z/O5uloBrXfQmywrf/bhy8yH3m6Sv8crMU6UpVEoScRCV1HfYq8E+lID1oJeth +l3wP5bY9867DwRG8G47M4EcwXkIAhnHjWKwGymUfe5SmS1dnDH5erXhnW1XjXuvH +2OxMbobL89z4n4eqclgSD32m+PhCOTs8LOQyTUmM4OEAwjignPqEPkHcblauxhpb +9GdoBQHNG7+uh7ydU/Yu6LZr5JnexU+HWKjSZR7IH9Vybu5ZHFc7CXKd18q3kMbN +e0WSkUIDTH0/yvKquMIOhvMQn0YupGaGaFpoGHApOBGAYGuKQ6NzbOOzazf/5p1n +AZKG3y9I0ftQYNVc/iHTAUJj/u9wtBfAj6ju08FLXxLq/f0uDodEYOOp9MIYo+P9 +zgyEIg3zp3jak/PbOM+5LzPG/wc8Xr5F0wIDAQABo0IwQDAdBgNVHQ4EFgQUgrrW +PZfOn89x6JI3r/2ztWk1V88wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwDQYJKoZIhvcNAQENBQADggIBABLvOKGI4aGj1mXcR5zzvNzPrEuMPBq+K/T3 +0GcXaIZNcKjyzdAxAld9qQyKO1c5nvBu9yQiBWfRwZbBvtHw+FZnC96614ibjddr +CHb1WJHZtcNAUxqk8YXNPwBOP06TO3i50gdSZAyGaW3oVGVWF+gAU4SK89v7s84L +VWKPzUxJBjh/UsPzHNc99zPKMq3Bqa9v6xHL7qxRv7AmmnpOI7RK9mm0QmnWoI22 +jEdKOyA3t0EH7y8g2GYcaZeobDB8d0Nea74mmIMPOtbHcCoWRi0lVIZjZVdC9yNB +6VBqB0POTrXpH2jY2NYJSqjosvyQZ5LkkCbzR/rWIPuJgOJEczn3ioYzC/iqqedN +7Nxv1c8xTauOH5BA1nxcgg+uF1Jx6aznTTjtKth2eYetF6NMq7dCV78GrOXQTTDp +VU/jRcrz4GohNI3HnxyjY0iS0pYHvqVHPsIqmTinjtohfFFt3Ms9B+mpvUnUXTVf +W4wEUeqaWJC6G69oeLEWD5QpO4+bKo/JIPBxQkxcTasxjKvpfyZoaaClFg2BxNEF +DMOHZuUHY6obTv+yB0FPpSJGUKxmAIdSbDyyO5yXoUa0W97PwmpZVQeMo6TRdzVn +RgQv2Ti5Rq+6jhtyJgIvdlTvg8IvLHdwzHcQkqoDrcrM4E/pg0blszwZb3p5h7Y4 +mr1CzqRiMEcwCgYIKwYBBQUHAwMMOUVudHJ1c3QgQ29kZSBTaWduaW5nIFJvb3Qg +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBDU0JSMQ== +-----END TRUSTED CERTIFICATE----- + +# Entrust Root Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 +Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW +KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw +NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw +NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy +ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV +BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo +Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 +4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 +KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI +rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi +94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB +sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi +gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo +kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE +vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t +O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua +AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP +9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ +eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m +0vdXcDazv/wor3ElhVsT/h5/WrQ8MDwwFAYIKwYBBQUHAwEGCCsGAQUFBwMDDCRF +bnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHk= +-----END TRUSTED CERTIFICATE----- + +# Entrust Root Certification Authority - EC1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG +A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 +d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu +dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq +RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy +MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD +VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 +L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g +Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt +ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH +Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC +R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX +hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4GMEww +HgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEFBQcDAwwqRW50cnVzdCBSb290IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMx +-----END TRUSTED CERTIFICATE----- + +# Entrust Root Certification Authority - G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 +cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs +IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz +dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy +NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu +dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt +dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 +aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T +RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN +cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW +wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 +U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 +jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN +BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ +jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ +Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v +1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R +nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH +VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9jBLMB4GCCsGAQUFBwME +BggrBgEFBQcDAQYIKwYBBQUHAwMMKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eSAtIEcy +-----END TRUSTED CERTIFICATE----- + +# Entrust Root Certification Authority - G4 +-----BEGIN TRUSTED CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAw +gb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL +Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg +MjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw +BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0 +MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1 +c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJ +bmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3Qg +Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3DumSXbcr3DbVZwbPLqGgZ +2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV3imz/f3E +T+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j +5pds8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAM +C1rlLAHGVK/XqsEQe9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73T +DtTUXm6Hnmo9RR3RXRv06QqsYJn7ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNX +wbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5XxNMhIWNlUpEbsZmOeX7m640A +2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV7rtNOzK+mndm +nqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8 +dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwl +N4y6mACXi0mWHv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNj +c0kCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD +VR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9nMA0GCSqGSIb3DQEBCwUAA4ICAQAS +5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4QjbRaZIxowLByQzTS +Gwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht7LGr +hFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/ +B7NTeLUKYvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uI +AeV8KEsD+UmDfLJ/fOPtjqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbw +H5Lk6rWS02FREAutp9lfx1/cH6NcjKF+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+ +b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKWRGhXxNUzzxkvFMSUHHuk +2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjAJOgc47Ol +IQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk +5F6G+TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuY +n/PIjhs4ViFqUZPTkcpG2om3PVODLAgfi49T3f+sHzBLMB4GCCsGAQUFBwMEBggr +BgEFBQcDAQYIKwYBBQUHAwMMKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eSAtIEc0 +-----END TRUSTED CERTIFICATE----- + +# Equifax +-----BEGIN TRUSTED CERTIFICATE----- +MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy +dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1 +MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx +dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f +BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A +cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC +AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm +aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw +ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj +IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF +MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA +A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y +7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh +1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4MBUwCgYIKwYBBQUH +AwMMB0VxdWlmYXg= +-----END TRUSTED CERTIFICATE----- + +# Equifax Secure Global eBusiness CA-1 +-----BEGIN TRUSTED CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJVUzEc +MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1aWZheCBT +ZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIw +MDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2Vj +dXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l +c3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuucXkAJlsTRVPEnC +UdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQytd4zjTov2/KaelpzmKNc6fuKcxtc +58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORROhI8bIpaVIRw28HFkM9yRcuoWcDNM50/ +o5brhTMhHD4ePmBudpxnhcXIw2ECAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAH +MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1dr +aGwwHQYDVR0OBBYEFL6ooHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUA +A4GBADDiAVGqx+pf2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkA +Z70Br83gcfxaz2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv +8qIYNMR1pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlVMDIwCgYIKwYBBQUH +AwMMJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5lc3MgQ0EtMQ== +-----END TRUSTED CERTIFICATE----- + +# Explicitly Distrust DigiNotar Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIFijCCA3KgAwIBAgIQD////////////////////zANBgkqhkiG9w0BAQUFADBf +MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp +Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww +HhcNMDcwNzI3MTcxOTM3WhcNMjUwMzMxMTgxOTIyWjBfMQswCQYDVQQGEwJOTDES +MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg +MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B +8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY +tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl +HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj +zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU +JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM +ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv +a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p +K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi +puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT +yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO +owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC +jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy +fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo +Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo +M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM +Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed +2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH +/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl +nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE +O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU +9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9 +j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+EwbfrMIGXoG4GCCsGAQUFBwMEBggr +BgEFBQcDAQYIKwYBBQUHAwMGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG +CCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcD +CAwlRXhwbGljaXRseSBEaXN0cnVzdCBEaWdpTm90YXIgUm9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# GDCA TrustAUTH R5 ROOT +-----BEGIN TRUSTED CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE +BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 +MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV +BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w +HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj +Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj +TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u +KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj +qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm +MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 +ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP +zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk +L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC +jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA +HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC +AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm +DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 +COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry +L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf +JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg +IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io +2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV +09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ +XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq +T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe +MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0jAuMBQGCCsGAQUFBwMBBggrBgEF +BQcDAwwWR0RDQSBUcnVzdEFVVEggUjUgUk9PVA== +-----END TRUSTED CERTIFICATE----- + +# GLOBALTRUST +-----BEGIN TRUSTED CERTIFICATE----- +MIIH/jCCBeagAwIBAgIBADANBgkqhkiG9w0BAQUFADCB1DELMAkGA1UEBhMCQVQx +DzANBgNVBAcTBlZpZW5uYTEQMA4GA1UECBMHQXVzdHJpYTE6MDgGA1UEChMxQVJH +RSBEQVRFTiAtIEF1c3RyaWFuIFNvY2lldHkgZm9yIERhdGEgUHJvdGVjdGlvbjEq +MCgGA1UECxMhR0xPQkFMVFJVU1QgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRQwEgYD +VQQDEwtHTE9CQUxUUlVTVDEkMCIGCSqGSIb3DQEJARYVaW5mb0BnbG9iYWx0cnVz +dC5pbmZvMB4XDTA2MDgwNzE0MTIzNVoXDTM2MDkxODE0MTIzNVowgdQxCzAJBgNV +BAYTAkFUMQ8wDQYDVQQHEwZWaWVubmExEDAOBgNVBAgTB0F1c3RyaWExOjA4BgNV +BAoTMUFSR0UgREFURU4gLSBBdXN0cmlhbiBTb2NpZXR5IGZvciBEYXRhIFByb3Rl +Y3Rpb24xKjAoBgNVBAsTIUdMT0JBTFRSVVNUIENlcnRpZmljYXRpb24gU2Vydmlj +ZTEUMBIGA1UEAxMLR0xPQkFMVFJVU1QxJDAiBgkqhkiG9w0BCQEWFWluZm9AZ2xv +YmFsdHJ1c3QuaW5mbzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANIS +R+xfmOgNhhVJxN3snvFszVG2+5VPi8SQPVMzsdMTxUjipb/19AOED5x4cfaSl/Fb +WXUYPycLUS9caMeh6wDz9pU9acN+wqzECjZyelum0PcBeyjHKscyYO5ZuNcLJ92z +RQUre2Snc1zokwKXaOz8hNue1NWBR8acwKyXyxnqh6UKo7h1JOdQJw2rFvlWXbGB +ARZ98+nhJPMIIbm6rF2ex0h5f2rK3zl3BG0bbjrNf85cSKwSPFnyas+ASOH2AGd4 +IOD9tWR7F5ez5SfdRWubYZkGvvLnnqRtiztrDIHutG+hvhoSQUuerQ75RrRa0QMA +lBbAwPOs+3y8lsAp2PkzFomjDh2V2QPUIQzdVghJZciNqyEfVLuZvPFEW3sAGP0q +GVjSBcnZKTYl/nfua1lUTwgUopkJRVetB94i/IccoO+ged0KfcB/NegMZk3jtWoW +WXFb85CwUl6RAseoucIEb55PtAAt7AjsrkBu8CknIjm2zaCGELoLNex7Wg22ecP6 +x63B++vtK4QN6t7565pZM2zBKxKMuD7FNiM4GtZ3k5DWd3VqWBkXoRWObnYOo3Ph +XJVJ28EPlBTF1WIbmas41Wdu0qkZ4Vo6h2pIP5GW48bFJ2tXdDGY9j5xce1+3rBN +LPPuj9t7aNcQRCmt7KtQWVKabGpyFE0WFFH3134fAgMBAAGjggHXMIIB0zAdBgNV +HQ4EFgQUwAHV4HgfL3Q64+vAIVKmBO4my6QwggEBBgNVHSMEgfkwgfaAFMAB1eB4 +Hy90OuPrwCFSpgTuJsukoYHapIHXMIHUMQswCQYDVQQGEwJBVDEPMA0GA1UEBxMG +Vmllbm5hMRAwDgYDVQQIEwdBdXN0cmlhMTowOAYDVQQKEzFBUkdFIERBVEVOIC0g +QXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0aW9uMSowKAYDVQQLEyFH +TE9CQUxUUlVTVCBDZXJ0aWZpY2F0aW9uIFNlcnZpY2UxFDASBgNVBAMTC0dMT0JB +TFRSVVNUMSQwIgYJKoZIhvcNAQkBFhVpbmZvQGdsb2JhbHRydXN0LmluZm+CAQAw +DwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAcYwEQYDVR0gBAowCDAGBgRVHSAA +MD0GA1UdEQQ2MDSBFWluZm9AZ2xvYmFsdHJ1c3QuaW5mb4YbaHR0cDovL3d3dy5n +bG9iYWx0cnVzdC5pbmZvMD0GA1UdEgQ2MDSBFWluZm9AZ2xvYmFsdHJ1c3QuaW5m +b4YbaHR0cDovL3d3dy5nbG9iYWx0cnVzdC5pbmZvMA0GCSqGSIb3DQEBBQUAA4IC +AQAVO4iDXg7ePvA+XdwtoUr6KKXWB6UkSM6eeeh5mlwkjlhyFEGFx0XuPChpOEmu +Io27jAVtrmW7h7l+djsoY2rWbzMwiH5VBbq5FQOYHWLSzsAPbhyaNO7krx9i0ey0 +ec/PaZKKWP3Bx3YLXM1SNEhr5Qt/yTIS35gKFtkzVhaP30M/170/xR7FrSGshyya +5BwfhQOsi8e3M2JJwfiqK05dhz52Uq5ZfjHhfLpSi1iQ14BGCzQ23u8RyVwiRsI8 +p39iBG/fPkiO6gs+CKwYGlLW8fbUYi8DuZrWPFN/VSbGNSshdLCJkFTkAYhcnIUq +mmVeS1fygBzsZzSaRtwCdv5yN3IJsfAjj1izAn3ueA65PXMSLVWfF2Ovrtiuc7bH +UGqFwdt9+5RZcMbDB2xWxbAH/E59kx25J8CwldXnfAW89w8Ks/RuFVdJG7UUAKQw +K1r0Vli/djSiPf4BJvDduG3wpOe8IPZRCPbjN4lXNvb3L/7NuGS96tem0P94737h +HB5Ufg80GYEQc9LjeAYXttJR+zV4dtp3gzdBPi1GqH6G3lb0ypCetK2wHkUYPDSI +Aofo8DaR6/LntdIEuS64XY0dmi4LFhnNdqSr+9Hio6LchH176lDq9bIEO4lSOrLD +GU+5JrG8vCyy4YGms2G19EVgLyx1xcgtiEsmu3DuO38BLTAZMAoGCCsGAQUFBwMD +DAtHTE9CQUxUUlVTVA== +-----END TRUSTED CERTIFICATE----- + +# GLOBALTRUST 2015 +-----BEGIN TRUSTED CERTIFICATE----- +MIIGDDCCA/SgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCQVQx +DTALBgNVBAgTBFdpZW4xDTALBgNVBAcTBFdpZW4xIzAhBgNVBAoTGmUtY29tbWVy +Y2UgbW9uaXRvcmluZyBHbWJIMSowKAYDVQQLEyFHTE9CQUxUUlVTVCBDZXJ0aWZp +Y2F0aW9uIFNlcnZpY2UxGTAXBgNVBAMTEEdMT0JBTFRSVVNUIDIwMTUwHhcNMTUw +NjExMDAwMDAwWhcNNDAwNjEwMDAwMDAwWjCBlzELMAkGA1UEBhMCQVQxDTALBgNV +BAgTBFdpZW4xDTALBgNVBAcTBFdpZW4xIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9u +aXRvcmluZyBHbWJIMSowKAYDVQQLEyFHTE9CQUxUUlVTVCBDZXJ0aWZpY2F0aW9u +IFNlcnZpY2UxGTAXBgNVBAMTEEdMT0JBTFRSVVNUIDIwMTUwggIgMA0GCSqGSIb3 +DQEBAQUAA4ICDQAwggIIAoICAQDUppeo8vSQEUOttIJGQfEvkW9jos0NINy9DDiK +ZUoKKzqodKl3oYuO8i+B94QYza3rYraSfeBB5U5UODeC78vg7c+7ysyjS/db/rh8 +pwhty0PETCIUZuOdA7l3IatEayFHI8gg+irLkXYddWz4m+kPJulDL5ogBWgYx46Z +hS1BB6ZkjljhjZWApE1f9QLYgXnb1effoiL9FKdnFuzZWEzKqd3qGo6pCGRPUSG2 +cqJO/1BxvTtl5L1/UxGu3xA5e132R3AX90ORA3phJV8s/PiJETzsOVQWScQhmnHg +eYt2HXY9B1m4B7GM3MfNTuH7rUNNP0DvIWIvMUROacdvIsurVEvowvoRaKzIbg7e +bMUnlglRAk0Btle/MijVCUOW98SItflU/ho6arcstSRk+0p4csP82U/ITiO5KdgN +oUhBkwJtvxKFm8bFYC3wkfyZ/SCUnnFjq9VJq5DshzmFf42FzAvo20s7DvzCdn1G +5zkmnt9V3x6E+UE2JmwCWSuO+7zpHyckYgRnhOE/2J0YTpagJe7KKANPAlHP9zU3 +aaS01tbVHhlDJxYfR1HuSglMEVq2Wz1h6DsQvtZG5vQc/bhFvXz6dVrs4VIjDY4f +hpdTkVybmyjWjuVuJ60gjKfBQamXN4ss6m4YBZf2zgNS8b15NJtAxyOSdPNv7aPp +WfBVSwIBA6NjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD +VR0OBBYEFMuw3T2MPN9iLCtmPJ486RVtcbTXMB8GA1UdIwQYMBaAFMuw3T2MPN9i +LCtmPJ486RVtcbTXMA0GCSqGSIb3DQEBCwUAA4ICAQCifVUEZu4WFLyCgYclGTli +9P47H+HAcwBxynWp4nPxxQ1Bo12OwS3ZZVvZieLwjsWgfb3LzEZTH1/tILYCKtYT +8p19UUpAVXGtnux26kUgjqr6ekOacGd+E96Y6MuN3R+sNNKhte3+uOcWz/jRODCN +NInSzn2B0h7/URhTNpPcCcsIFrgI11owkIoK+S+1z8TNVHIqxr0B51gLbgZAtAnO +tI6zmumJkZSselTh++OELIOgT/7r6MH067Ym0zjELa2sRYA0bSE9XYU64nv+VLfd +6IVUy6TxqylQeNcktaMvnq8RZq4YuP1dKM9A11XgLOtSMWhDZgWXkrvF8SEs/RJk +MZlDb4udS2D+FF5SsyOo4Zh67hTJoeLMP3YhYv1rDdm0SpXmblt6JMPTxtYfous3 +a06j32Lr6w5KCL/rGIj7RxqtwlHD1Xz3HyuzyEpQDmlYIGIBSlvKY5YmIq726ZxA +rGcDnZ1pFcLA+F2nJLEnPL8F4quiysmwLX6jwTEgRiFlkt3K3t+TG7xtL1+pFqRX +hyxymlqCZ9FE4j0JCoGMHhD9xjRo7P93YXZ/Jvfb/BJGEqrA0fh5haICzIuqpK1s +FMC9/GiuRH0i+QpFXewE5vrjpMXm+bIZw9mMqJN7OoppO1ITPB0zAk6WQJ+5lf2T +FzPByQv2/b1pEPWtKfvj2jAeMAoGCCsGAQUFBwMDDBBHTE9CQUxUUlVTVCAyMDE1 +-----END TRUSTED CERTIFICATE----- + +# GLOBALTRUST 2020 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkG +A1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkw +FwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYx +MDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9u +aXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWiD59b +RatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9Z +YybNpyrOVPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3 +QWPKzv9pj2gOlTblzLmMCcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPw +yJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCmfecqQjuCgGOlYx8ZzHyyZqjC0203b+J+ +BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKAA1GqtH6qRNdDYfOiaxaJ +SaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9ORJitHHmkH +r96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj0 +4KlGDfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9Me +dKZssCz3AwyIDMvUclOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIw +q7ejMZdnrY8XD2zHc+0klGvIg5rQmjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2 +nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1UdIwQYMBaAFNwu +H9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA +VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJC +XtzoRlgHNQIw4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd +6IwPS3BD0IL/qMy/pJTAvoe9iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf ++I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS8cE54+X1+NZK3TTN+2/BT+MAi1bi +kvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2HcqtbepBEX4tdJP7 +wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxSvTOB +TI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6C +MUO+1918oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn +4rnvyOL2NSl6dPrFf4IFYqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+I +aFvowdlxfv1k7/9nR4hYJS8+hge9+6jlgqispdNpQ80xiEmEU5LAsTkbOYMBMMTy +qfrQA71yN2BWHzZ8vTmR9W0Nv3vXkjAyMB4GCCsGAQUFBwMEBggrBgEFBQcDAQYI +KwYBBQUHAwMMEEdMT0JBTFRSVVNUIDIwMjA= +-----END TRUSTED CERTIFICATE----- + +# GTE CyberTrust Global Root +-----BEGIN TRUSTED CERTIFICATE----- +MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD +VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv +bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv +b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV +UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU +cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds +b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH +iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS +r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4 +04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r +GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9 +3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P +lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/MCgwCgYIKwYBBQUHAwMMGkdU +RSBDeWJlclRydXN0IEdsb2JhbCBSb290 +-----END TRUSTED CERTIFICATE----- + +# GTS Root R1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw +MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp +Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf/vo +27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7w +Cl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjw +TcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0Pfybl +qAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaH +szVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4Zor8 +Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUspzBmk +MiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92 +wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70p +aDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrN +VjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQID +AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBAJ+qQibb +C5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe +QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuy +h6f88/qBVRRiClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM4 +7HLwEXWdyzRSjeZ2axfG34arJ45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8J +ZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYciNuaCp+0KueIHoI17eko8cdLiA6Ef +MgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5meLMFrUKTX5hgUvYU/ +Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJFfbdT +6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ +0E6yove+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm +2tIMPNuzjsmhDYAPexZ3FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bb +bP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3gm3cMCMwFAYIKwYBBQUHAwQGCCsGAQUF +BwMBDAtHVFMgUm9vdCBSMQ== +-----END TRUSTED CERTIFICATE----- + +# GTS Root R2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw +MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp +Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3LvCvpt +nfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY +6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAu +MC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7k +RXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXuPuWg +f9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1mKPV ++3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K8Yzo +dDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RW +Ir9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKa +G73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCq +gc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwID +AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBAB/Kzt3H +vqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8 +0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyC +B19m3H0Q/gxhswWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2u +NmSRXbBoGOqKYcl3qJfEycel/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMg +yALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVnjWQye+mew4K6Ki3pHrTgSAai/Gev +HyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y59PYjJbigapordwj6 +xLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M7YNR +TOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924Sg +JPFI/2R80L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV +7LXTWtiBmelDGDfrs7vRWGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl +6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjWHYbLMCMwFAYIKwYBBQUHAwQGCCsGAQUF +BwMBDAtHVFMgUm9vdCBSMg== +-----END TRUSTED CERTIFICATE----- + +# GTS Root R3 +-----BEGIN TRUSTED CERTIFICATE----- +MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYD +VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG +A1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw +WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz +IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout736G +jOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL2 +4CejQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA9uEglRR7 +VKOQFhG/hMjqb2sXnh5GmCCbn9MN2azTL818+FsuVbu/3ZL3pAzcMeGiAjEA/Jdm +ZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV11RZt+cRLInUue4XMCMw +FAYIKwYBBQUHAwQGCCsGAQUFBwMBDAtHVFMgUm9vdCBSMw== +-----END TRUSTED CERTIFICATE----- + +# GTS Root R4 +-----BEGIN TRUSTED CERTIFICATE----- +MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYD +VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG +A1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw +WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz +IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzuhXyi +QHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvR +HYqjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D +9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/Cr8deVl5c1RxYIigL9zC2L7F8AjEA8GE8 +p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlDMCMw +FAYIKwYBBQUHAwQGCCsGAQUFBwMBDAtHVFMgUm9vdCBSNA== +-----END TRUSTED CERTIFICATE----- + +# GeoTrust Global CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg +R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 +9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq +fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv +iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU +1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ +bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW +MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA +ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l +uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn +Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS +tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF +PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un +hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV +5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMzAgMAoGCCsG +AQUFBwMDDBJHZW9UcnVzdCBHbG9iYWwgQ0E= +-----END TRUSTED CERTIFICATE----- + +# GeoTrust Global CA 2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFs +IENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg +R2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvPE1A +PRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/NTL8 +Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hL +TytCOb1kLUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL +5mkWRxHCJ1kDs6ZgwiFAVvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7 +S4wMcoKK+xfNAGw6EzywhIdLFnopsk/bHdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe +2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNHK266ZUap +EBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6td +EPx7srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv +/NgdRN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN +A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0 +abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa4qjJqhIF +I8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqFH4z1Ir+rzoPz +4iIprn2DQKi6bDAiMAoGCCsGAQUFBwMDDBRHZW9UcnVzdCBHbG9iYWwgQ0EgMg== +-----END TRUSTED CERTIFICATE----- + +# GeoTrust Primary Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo +R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx +MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK +Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 +AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA +ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 +7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W +kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI +mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ +KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 +6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl +4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K +oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj +UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU +AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6VkwNjAKBggrBgEFBQcDAwwo +R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ== +-----END TRUSTED CERTIFICATE----- + +# GeoTrust Primary Certification Authority - G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL +MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj +KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 +MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw +NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV +BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH +MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL +So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal +tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG +CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT +qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz +rD6ogRLQy7rQkgu2npaqBA+KMDswCgYIKwYBBQUHAwMMLUdlb1RydXN0IFByaW1h +cnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMg== +-----END TRUSTED CERTIFICATE----- + +# GeoTrust Primary Certification Authority - G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB +mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT +MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ +BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg +MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 +BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz ++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm +hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn +5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W +JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL +DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC +huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB +AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB +zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN +kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD +AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH +SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G +spki4cErx5z481+oghLrGREtMDswCgYIKwYBBQUHAwMMLUdlb1RydXN0IFByaW1h +cnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMw== +-----END TRUSTED CERTIFICATE----- + +# GeoTrust Universal CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy +c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE +BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0 +IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV +VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8 +cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT +QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh +F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v +c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w +mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd +VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX +teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ +f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe +Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+ +nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB +/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY +MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG +9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc +aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX +IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn +ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z +uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN +Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja +QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW +koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9 +ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt +DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm +bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iwwIzAK +BggrBgEFBQcDAwwVR2VvVHJ1c3QgVW5pdmVyc2FsIENB +-----END TRUSTED CERTIFICATE----- + +# GeoTrust Universal CA 2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy +c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD +VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1 +c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81 +WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG +FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq +XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL +se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb +KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd +IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73 +y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt +hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc +QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4 +Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV +HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ +KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z +dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ +L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr +Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo +ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY +T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz +GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m +1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV +OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH +6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX +QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS +MCUwCgYIKwYBBQUHAwMMF0dlb1RydXN0IFVuaXZlcnNhbCBDQSAy +-----END TRUSTED CERTIFICATE----- + +# GlobalSign +-----BEGIN TRUSTED CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLjAY +MAoGCCsGAQUFBwMDDApHbG9iYWxTaWdu +-----END TRUSTED CERTIFICATE----- + +# GlobalSign Code Signing Root E45 +-----BEGIN TRUSTED CERTIFICATE----- +MIICIjCCAamgAwIBAgIQdlP+rhgmQ29p9RzCdxbyXjAKBggqhkjOPQQDAzBTMQsw +CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEpMCcGA1UEAxMg +R2xvYmFsU2lnbiBDb2RlIFNpZ25pbmcgUm9vdCBFNDUwHhcNMjAwMzE4MDAwMDAw +WhcNNDUwMzE4MDAwMDAwWjBTMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFs +U2lnbiBudi1zYTEpMCcGA1UEAxMgR2xvYmFsU2lnbiBDb2RlIFNpZ25pbmcgUm9v +dCBFNDUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR2GW0DtfWEI6syai5h3YQlL+/o +eSeJg8ODdfO2eGoIbaKtISoCkAbsmkCceoaRuViFyCiaLgv34nap37K9qcPpKRl5 +CLJQ0MLFnQphDONdNwZKXP6EvcCAhPpLVSPg4j6jQjBAMA4GA1UdDwEB/wQEAwIB +hjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSnn93TVM3b+Gy/JmwO5Ndbb4DM +QjAKBggqhkjOPQQDAwNnADBkAjBsjFa2xTeuLZAreO2xHkYI0sNKKO94GQiOJDRG +T4dxYV+pEUpvMqsc0VJ7qjrq5ZoCMFUrdy/O+D+baEra16hLRQ1+smv2bNqxFeK8 +SBl3i1fBXRTXQQDMJlLQILgZT5bnmjAuMAoGCCsGAQUFBwMDDCBHbG9iYWxTaWdu +IENvZGUgU2lnbmluZyBSb290IEU0NQ== +-----END TRUSTED CERTIFICATE----- + +# GlobalSign Code Signing Root R45 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFcjCCA1qgAwIBAgIQdlP+rHVGSJP15ddKSDpO+DANBgkqhkiG9w0BAQwFADBT +MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEpMCcGA1UE +AxMgR2xvYmFsU2lnbiBDb2RlIFNpZ25pbmcgUm9vdCBSNDUwHhcNMjAwMzE4MDAw +MDAwWhcNNDUwMzE4MDAwMDAwWjBTMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xv +YmFsU2lnbiBudi1zYTEpMCcGA1UEAxMgR2xvYmFsU2lnbiBDb2RlIFNpZ25pbmcg +Um9vdCBSNDUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2LcUw3Xro +q5A9A3KwOkuZFmGy5f+lZx03HOV+7JODqoT1o0ObmEWKuGNXXZsAiAQl6fhokkuC +2EvJSgPzqH9qj4phJ72hRND99T8iwqNPkY2zBbIogpFd+1mIBQuXBsKY+CynMyTu +UDpBzPCgsHsdTdKoWDiW6d/5G5G7ixAs0sdDHaIJdKGAr3vmMwoMWWuOvPSrWpd7 +f65V+4TwgP6ETNfiur3EdaFvvWEQdESymAfidKv/aNxsJj7pH+XgBIetMNMMjQN8 +VbgWcFwkeCAl62dniKu6TjSYa3AR3jjK1L6hwJzh3x4CAdg74WdDhLbP/HS3L4Sj +v7oJNz1nbLFFXBlhq0GD9awd63cNRkdzzr+9lZXtnSuIEP76WOinV+Gzz6ha6Qcl +mxLEnoByPZPcjJTfO0TmJoD80sMD8IwM0kXWLuePmJ7mBO5Cbmd+QhZxYucE+WDG +ZKG2nIEhTivGbWiUhsaZdHNnMXqR8tSMeW58prt+Rm9NxYUSK8+aIkQIqIU3zgdh +VwYXEiTAxDFzoZg1V0d+EDpF2S2kUZCYqaAHN8RlGqocaxZ396eX7D8ZMJlvMfvq +QLLn0sT6ydDwUHZ0WfqNbRcyvvjpfgP054d1mtRKkSyFAxMCK0KA8olqNs/ITKDO +nvjLja0Wp9Pe1ZsYp8aSOvGCY/EuDiRk3wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC +AYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUHwC/RoAK/Hg5t6W0Q9lWULvO +ljswDQYJKoZIhvcNAQEMBQADggIBAF4runSXNERfdkgoQIST7gFu6aGz1oAl5nvk +vAmRPQ/8dq3X1DAgu49g0JHWHPKc73gaK5QyAsEkllJSAtDz0fzymzlumeEfjkNB +fZoeW8ldmoT8JuaH83RyJq2kG9k9O2pSoDwJHi8ee7MztEXH96yxr5NgrXauuLIV +eOuDauv/20arJOXuAvqQH1nAL13Wt12kXBC3clP4QU7M+ngaJUrK/oViQ2HDtDeq +gdL01joPvY1ZfjBH3itr5yFQM1/UZ5vUuGefPCeZA/+FQ45zEsogzehh1bFm3BfW +OW0P288jN6GCiU4caz/WoM2qB50+Qiaq1wzu+ke/GlJ+0XWB08mKYhdtT4igIaAm +Pq9t2WIwH+mYKK5ujdWOTHJmk4CNKuNVx2BnkEJWXCJRD7PcTjnuTd3ZHXgQVDtu +0JdvA7UesiNzxhKymmTQ/JWFJKj/36Gw3JFArt8JM6u53ZK38cyRdDtp62eXG5C/ +58egb3G7V7+3j1rtekBqFs2AhC0v4QLUJJRDsxX8DCsb/XFv/Mu8dRc6XoPSybMv +G9WcjX9U/n5+5Fajh6ed4VlSlEGPbVu+hpWa/xp23UDSUUpwtB8zYyN3P+wnHlnk +CIftNIJKDz/+oB3B9WdzRYZ49Kop6SeHxhnbxhMUwzlJh02gl+BlE/Wdd1bp2rNY +xzrywM2CMC4wCgYIKwYBBQUHAwMMIEdsb2JhbFNpZ24gQ29kZSBTaWduaW5nIFJv +b3QgUjQ1 +-----END TRUSTED CERTIFICATE----- + +# GlobalSign ECC Root CA - R4 +-----BEGIN TRUSTED CERTIFICATE----- +MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYD +VQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2Jh +bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgw +MTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0g +UjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wWTAT +BgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkWymOx +uYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNV +HQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/ ++wpu+74zyTyjhNUwCgYIKoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147 +bmF0774BxL4YSFlhgjICICadVGNA3jdgUM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm +MD0wHgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEFBQcDAwwbR2xvYmFsU2lnbiBF +Q0MgUm9vdCBDQSAtIFI0 +-----END TRUSTED CERTIFICATE----- + +# GlobalSign ECC Root CA - R5 +-----BEGIN TRUSTED CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc +8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke +hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI +KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg +515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO +xwy8p2Fp8fc74SrL+SvzZpA3MD0wHgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEF +BQcDAwwbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1 +-----END TRUSTED CERTIFICATE----- + +# GlobalSign Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4DA0MB4GCCsGAQUFBwMEBggrBgEFBQcD +AQYIKwYBBQUHAwMMEkdsb2JhbFNpZ24gUm9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# GlobalSign Root CA - R3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 +MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 +RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT +gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm +KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd +QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ +XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o +LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU +RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp +jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK +6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX +mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs +Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH +WD9fMDkwHgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEFBQcDAwwXR2xvYmFsU2ln +biBSb290IENBIC0gUjM= +-----END TRUSTED CERTIFICATE----- + +# GlobalSign Root CA - R6 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg +MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh +bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx +MjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjET +MBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQssgrRI +xutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1k +ZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxD +aNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJw +LnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9CgYXfIWHSw +1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJDa38O+2HBNX +k7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05OWgtH8wY2 +SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/h +bguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4n +WUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpY +rZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZcIN5kZeR1Bonvzce +MgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNVHSMEGDAWgBSu +bAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN +nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGt +Ixg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr61 +55wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLj +vUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944Hn+Xds+qkxV/ZoVqW/hpvvf +cDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr3TsTjxKM4kEaSHpz +oHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB10jZp +nOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfs +pA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+v +JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R +8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDfLRVpOoERIyNiwmcUVhAn21klJwGW4 +5hpxbqCo8YLoRT5s1gLXCmeDBVrJpBAwOTAeBggrBgEFBQcDBAYIKwYBBQUHAwEG +CCsGAQUFBwMDDBdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNg== +-----END TRUSTED CERTIFICATE----- + +# GlobalSign Root E46 +-----BEGIN TRUSTED CERTIFICATE----- +MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYx +CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQD +ExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAw +MDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex +HDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkBjtjq +R+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGdd +yXqBPCCjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ +7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZkvLtoURMMA/cVi4RguYv/Uo7njLwcAjA8 ++RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAezNIm8BZ/3Hobui3Aw +ITAKBggrBgEFBQcDAQwTR2xvYmFsU2lnbiBSb290IEU0Ng== +-----END TRUSTED CERTIFICATE----- + +# GlobalSign Root R46 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUA +MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD +VQQDExNHbG9iYWxTaWduIFJvb3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMy +MDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt +c2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08EsCVeJ +OaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQG +vGIFAha/r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud +316HCkD7rRlr+/fKYIje2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo +0q3v84RLHIf8E6M6cqJaESvWJ3En7YEtbWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSE +y132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvjK8Cd+RTyG/FWaha/LIWF +zXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD412lPFzYE ++cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCN +I/onccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzs +x2sZy/N78CsHpdlseVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqa +ByFrgY/bxFn63iLABJzjqls2k+g9vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC +4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEMBQADggIBAHx4 +7PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg +JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti +2kM3S+LGteWygxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIk +pnnpHs6i58FZFZ8d4kuaPp92CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRF +FRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZmOUdkLG5NrmJ7v2B0GbhWrJKsFjLt +rWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qqJZ4d16GLuc1CLgSk +ZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwyeqiv5 +u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP +4vkYxboznxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6 +N3ec592kD3ZDZopD8p/7DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3 +vouXsXgxT7PntgMTzlSdriVZzH81Xwj3QEUxeCp6MCEwCgYIKwYBBQUHAwEME0ds +b2JhbFNpZ24gUm9vdCBSNDY= +-----END TRUSTED CERTIFICATE----- + +# GlobalSign Secure Mail Root E45 +-----BEGIN TRUSTED CERTIFICATE----- +MIICITCCAaegAwIBAgIQdlP+qicdlUZd1vGe5biQCjAKBggqhkjOPQQDAzBSMQsw +CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEoMCYGA1UEAxMf +R2xvYmFsU2lnbiBTZWN1cmUgTWFpbCBSb290IEU0NTAeFw0yMDAzMTgwMDAwMDBa +Fw00NTAzMTgwMDAwMDBaMFIxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT +aWduIG52LXNhMSgwJgYDVQQDEx9HbG9iYWxTaWduIFNlY3VyZSBNYWlsIFJvb3Qg +RTQ1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE+XmLgUc3iZY/RUlQfxomC5Myfi7A +wKcImsNuj5s+CyLsN1O3b4qwvCc3S22pRjvZH/+loUS7LXO/nkEHXFObUQg6Wrtv +OMcWkXjCShNpHYLfWi8AiJaiLhx0+Z1+ZjeKo0IwQDAOBgNVHQ8BAf8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU3xNei1/CQAL9VreUTLYe1aaxFJYw +CgYIKoZIzj0EAwMDaAAwZQIwE7C+13EgPuSrnM42En1fTB8qtWlFM1/TLVqy5IjH +3go2QjJ5naZruuH5RCp7isMSAjEAoGYcToedh8ntmUwbCu4tYMM3xx3NtXKw2cbv +vPL/P/BS3QjnqmR5w+RpV5EvpMt8MC0wCgYIKwYBBQUHAwQMH0dsb2JhbFNpZ24g +U2VjdXJlIE1haWwgUm9vdCBFNDU= +-----END TRUSTED CERTIFICATE----- + +# GlobalSign Secure Mail Root R45 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFcDCCA1igAwIBAgIQdlP+qExQq5+NMrUdA49X3DANBgkqhkiG9w0BAQwFADBS +MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEoMCYGA1UE +AxMfR2xvYmFsU2lnbiBTZWN1cmUgTWFpbCBSb290IFI0NTAeFw0yMDAzMTgwMDAw +MDBaFw00NTAzMTgwMDAwMDBaMFIxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMSgwJgYDVQQDEx9HbG9iYWxTaWduIFNlY3VyZSBNYWlsIFJv +b3QgUjQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3HnMbQb5bbvg +VgRsf+B1zC0FSehL3FTsW3eVcr9/Yp2FqYokUF9T5dt0b6QpWxMqCa2axS/C93Y7 +oUVGqkPmJP4rsG8ycBlGWnkmL/w9fV9ky1fMYWGo2ZVu45Wgbn9HEhjW7wPJ+4r6 +mr2CFalVd0sRT1nga8Nx8wzYVNWBaD4TuRUuh4o8RCc2YiRu+CwFcjBhvUKRI8Sd +JafZVJoUozGtgHkMp2NsmKOsV0czH2WW4dDSNdr5cfehpiW1QV3fPmDY0fafpfK4 +zBOqj/mybuGDLZPdPoUa3eixXCYBy0mF/PzS1H+FYoZ0+cvsNSKiDDCPO6t561by ++kLz7fkfRYlAKa3qknTqUv1WtCvaou11wm6rzlKQS/be8EmPmkjUiBltRebMjLnd +ZGBgAkD4uc+8WOs9hbnGCtOcB2aPxxg5I0bhPB6jL1Bhkgs9K2zxo0c4V5GrDY/G +nU0E0iZSXOWl/SotFioBaeepfeE2t7Eqxdmxjb25i87Mi6E+C0jNUJU0xNgIWdhr +JvS+9dQiFwBXya6bBDAznwv731aiyW5Udtqxl2InWQ8RiiIbZJY/qPG3JEqNPFN8 +bYN2PbImSHP1RBYBLQkqjhaWUNBzBl27IkiCTApGWj+A/1zy8pqsLAjg1urwEjiB +T6YQ7UarzBacC89kppkChURnRq39TecCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgGG +MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKCTFShu7o8IsjXGnmJ5dKexDit7 +MA0GCSqGSIb3DQEBDAUAA4ICAQBFCvjRXKxigdAE17b/V1GJCwzL3iRlN/urnu1m +9OoMGWmJuBmxMFa02fb3vsaul8tF9hGMOjBkTMGfWcBGQggGR2QXeOCVBwbWjKKs +qdk/03tWT/zEhyjftisWI8CfH1vj1kReIk8jBIw1FrV5B4ZcL5fi9ghkptzbqIrj +pHt3DdEpkyggtFOjS05f3sH2dSP8Hzx4T3AxeC+iNVRxBKzIxG3D9pGx/s3uRG6B +9kDFPioBv6tMsQM/DRHkD9Ik4yKIm59fRz1RSeAJN34XITF2t2dxSChLJdcQ6J9h +WRbFPjJOHwzOo8wP5McRByIvOAjdW5frQmxZmpruetCd38XbCUMuCqoZPWvoajB6 +V+a/s2o5qY/j8U9laLa9nyiPoRZaCVA6Mi4dL0QRQqYA5jGY/y2hD+akYFbPedey +Ttew+m4MVyPHzh+lsUxtGUmeDn9wj3E/WCifdd1h4Dq3Obbul9Q1UfuLSWDIPGau +l+6NJllXu3jwelAwCbBgqp9O3Mk+HjrcYpMzsDpUdG8sMUXRaxEyamh29j32ahNe +JJjn6h2az3iCB2D3TRDTgZpFjZ6vm9yAx0OylWikww7oCkcVv1Qz3AHn1aYec9h6 +sr8vreNVMJ7fDkG84BH1oQyoIuHjAKNOcHyS4wTRekKKdZBZ45vRTKJkvXN5m2/y +s8H2PDAtMAoGCCsGAQUFBwMEDB9HbG9iYWxTaWduIFNlY3VyZSBNYWlsIFJvb3Qg +UjQ1 +-----END TRUSTED CERTIFICATE----- + +# Global Chambersign Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo +YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 +MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy +NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G +A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA +A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 +Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s +QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV +eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 +B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh +z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T +AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i +ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w +TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH +MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD +VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE +VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh +bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B +AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM +bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi +ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG +VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c +ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ +AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8DAlMAoGCCsGAQUFBwMDDBdHbG9iYWwg +Q2hhbWJlcnNpZ24gUm9vdA== +-----END TRUSTED CERTIFICATE----- + +# Global Chambersign Root - 2008 +-----BEGIN TRUSTED CERTIFICATE----- +MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD +aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx +MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy +cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG +A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl +BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed +KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 +G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 +zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 +ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG +HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 +Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V +yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e +beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r +6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh +wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog +zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW +BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr +ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp +ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk +cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt +YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC +CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow +KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI +hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ +UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz +X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x +fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz +a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd +Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd +SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O +AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso +M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge +v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z +09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/BMDYw +FAYIKwYBBQUHAwQGCCsGAQUFBwMDDB5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAt +IDIwMDg= +-----END TRUSTED CERTIFICATE----- + +# Go Daddy Class 2 CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh +MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE +YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 +MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo +ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg +MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN +ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA +PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w +wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi +EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY +avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ +YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE +sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h +/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 +IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy +OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P +TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER +dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf +ReYNnyicsbkqWletNw+vHX/bvZ8wNTAeBggrBgEFBQcDBAYIKwYBBQUHAwEGCCsG +AQUFBwMDDBNHbyBEYWRkeSBDbGFzcyAyIENB +-----END TRUSTED CERTIFICATE----- + +# Go Daddy Root Certificate Authority - G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT +EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp +ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz +NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH +EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE +AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD +E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH +/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy +DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh +GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR +tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX +WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu +9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr +gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo +2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI +4uJEvlz36hz1MEAwFAYIKwYBBQUHAwEGCCsGAQUFBwMDDChHbyBEYWRkeSBSb290 +IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcy +-----END TRUSTED CERTIFICATE----- + +# Government Root Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIFSzCCAzOgAwIBAgIRALZLiAfiI+7IXBKtpg4GofIwDQYJKoZIhvcNAQELBQAw +PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTAeFw0xMjA5MjgwODU4NTFaFw0zNzEyMzExNTU5NTla +MD8xCzAJBgNVBAYTAlRXMTAwLgYDVQQKDCdHb3Zlcm5tZW50IFJvb3QgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC2/5c8gb4BWCQnr44BK9ZykjAyG1+bfNTUf+ihYHMwVxAA+lCWJP5Q5ow6ldFX +eYTVZ1MMKoI+GFy4MCYa1l7GLbIEUQ7v3wxjR+vEEghRK5lxXtVpe+FdyXcdIOxW +juVhYC386RyA3/pqg7sFtR4jEpyCygrzFB0g5AaPQySZn7YKk1pzGxY5vgW28Yyl +ZJKPBeRcdvc5w88tvQ7Yy6gOMZvJRg9nU0MEj8iyyIOAX7ryD6uBNaIgIZfOD4k0 +eA/PH07p+4woPN405+2f0mb1xcoxeNLOUNFggmOd4Ez3B66DNJ1JSUPUfr0t4urH +cWWACOQ2nnlwCjyHKenkkpTqBpIpJ3jmrdc96QoLXvTg1oadLXLLi2RW5vSueKWg +OTNYPNyoj420ai39iHPplVBzBN8RiD5C1gJ0+yzEb7xs1uCAb9GGpTJXA9ZN9E4K +mSJ2fkpAgvjJ5E7LUy3Hsbbi08J1J265DnGyNPy/HE7CPfg26QrMWJqhGIZO4uGq +s3NZbl6dtMIIr69c/aQCb/+4DbvVq9dunxpPkUDwH0ZVbaCSw4nNt7H/HLPLo5wK +4/7NqrwB7N1UypHdTxOHpPaY7/1J1lcqPKZc9mA3v9g+fk5oKiMyOr5u5CI9ByTP +isubXVGzMNJxbc5Gim18SjNE2hIvNkvy6fFRCW3bapcOFwIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBTVZx3gnHosnMvFmOcdByYqhux0zTAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAJA75cJTQijq9TFOjj2Rnk0J +89ixUuZPrAwxIbvx6pnMg/y2KOTshAcOD06Xu29oRo8OURWV+Do7H1+CDgxxDryR +T64zLiNB9CZrTxOH+nj2LsIPkQWXqmrBap+8hJ4IKifd2ocXhuGzyl3tOKkpboTe +Rmv8JxlQpRJ6jH1i/NrnzLyfSa8GuCcn8on3Fj0Y5r3e9YwSkZ/jBI3+BxQaWqw5 +ghvxOBnhY+OvbLamURfr+kvriyL2l/4QOl+UoEtTcT9a4RD4co+WgN2NApgAYT2N +vC2xR8zaXeEgp4wxXPHj2rkKhkfIoT0Hozymc26Uke1uJDr5yTDRB6iBfSZ9fYTf +hsmL5a4NHr6JSFEVg5iWL0rrczTXdM3Jb9DCuiv2mv6Z3WAUjhv5nDk8f0OJU+jl +wqu+Iq0nOJt3KLejY2OngeepaUXrjnhWzAWEx/uttjB8YwWfLYwkf0uLkvw4Hp+g +pVezbp3YZLhwmmBScMip0P/GnO0QYV7Ngw5u6E0CQUridgR51lQ/ipgyFKDdLZzn +uoJxo4ZVKZnSKdt1OvfbQ/+2W/u3fjWAjg1srnm3Ni2XUqGwB5wH5Ss2zQOXlL0t +DjQG/MAWifw3VOTWzz0TBPKR2ck2Lj7FWtClTILD/y58Jnb38/1FoqVuVa4uzM8s +iTTa9g3nkagQ6hed8vbsMDUwCgYIKwYBBQUHAwMMJ0dvdmVybm1lbnQgUm9vdCBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ== +-----END TRUSTED CERTIFICATE----- + +# HARICA Client ECC Root CA 2021 +-----BEGIN TRUSTED CERTIFICATE----- +MIICWjCCAeGgAwIBAgIQMWjZ2OFiVx7SGUSI5hB98DAKBggqhkjOPQQDAzBvMQsw +CQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh +cmNoIEluc3RpdHV0aW9ucyBDQTEnMCUGA1UEAwweSEFSSUNBIENsaWVudCBFQ0Mg +Um9vdCBDQSAyMDIxMB4XDTIxMDIxOTExMDMzNFoXDTQ1MDIxMzExMDMzM1owbzEL +MAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl +YXJjaCBJbnN0aXR1dGlvbnMgQ0ExJzAlBgNVBAMMHkhBUklDQSBDbGllbnQgRUND +IFJvb3QgQ0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABAcYrZWWlNBcD4L3 +KkD6AsnJPTamowRqwW2VAYhgElRsXKIrbhM6iJUMHCaGNkqJGbcY3jvoqFAfyt9b +v0mAFdvjMOEdWscqigEH/m0sNO8oKJe8wflXhpWLNc+eWtFolaNCMEAwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQUUgjSvjKBJf31GpfsTl8au1PNkK0wDgYDVR0P +AQH/BAQDAgGGMAoGCCqGSM49BAMDA2cAMGQCMEwxRUZPqOa+w3eyGhhLLYh7WOar +lGtEA7AX/9+Cc0RRLP2THQZ7FNKJ7EAM7yEBLgIwL8kuWmwsHdmV4J6wuVxSfPb4 +OMou8dQd8qJJopX4wVheT/5zCu8xsKsjWBOMi947MCwwCgYIKwYBBQUHAwQMHkhB +UklDQSBDbGllbnQgRUNDIFJvb3QgQ0EgMjAyMQ== +-----END TRUSTED CERTIFICATE----- + +# HARICA Client RSA Root CA 2021 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFqjCCA5KgAwIBAgIQVVL4HtsbJCyeu5YYzQIoPjANBgkqhkiG9w0BAQsFADBv +MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEnMCUGA1UEAwweSEFSSUNBIENsaWVudCBS +U0EgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTg0NloXDTQ1MDIxMzEwNTg0NVow +bzELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBS +ZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJzAlBgNVBAMMHkhBUklDQSBDbGllbnQg +UlNBIFJvb3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AIHbV0KQLHQ19Pi4dBlNqwlad0WBc2KwNZ/40LczAIcTtparDlQSMAe8m7dI19EZ +g66O2KnxqQCEsIxenugMj1Rpv/bUCE8mcP4YQWMaszKLQPgHq1cx8MYWdmeatN0v +8tFrxdCShJFxbg8uY+kfU6TdUhPMCYMpgQzFU3VEsQ5nUxjQwx+IS5+UJLQpvLvo +Tv1v0hUdSdyNcPIRGiBRVRG6iG/E91B51qox4oQ9XjLIdypQceULL+m26u+rCjM5 +Dv2PpWdDgo6YaQkJG0DNOGdH6snsl3ES3iT1cjzR90NMJveQsonpRUtVPTEFekHi +lbpDwBfFtoU9GY1kcPNbrM2f0yl1h0uVZ2qm+NHdvJCGiUMpqTdb9V2wJlpTQnaQ +K8+eVmwrVM9cmmXfW4tIYDh8+8ULz3YEYwIzKn31g2fn+sZD/SsP1CYvd6QywSTq +ZJ2/szhxMUTyR7iiZkGh+5t7vMdGanW/WqKM6GpEwbiWtcAyCC17dDVzssrG/q8R +chj258jCz6Uq6nvWWeh8oLJqQAlpDqWW29EAufGIbjbwiLKd8VLyw3y/MIk8Cmn5 +IqRl4ZvgdMaxhZeWLK6Uj1CmORIfvkfygXjTdTaefVogl+JSrpmfxnybZvP+2M/u +vZcGHS2F3D42U5Z7ILroyOGtlmI+EXyzAISep0xxq0o3AgMBAAGjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFKDWBz1eJPd7oEQuJFINGaorBJGnMA4GA1Ud +DwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEADUf5CWYxUux57sKo8mg+7ZZF +yzqmmGM/6itNTgPQHILhy9Pl1qtbZyi8nf4MmQqAVafOGyNhDbBX8P7gyr7mkNuD +LL6DjvR5tv7QDUKnWB9p6oH1BaX+RmjrbHjJ4Orn5t4xxdLVLIJjKJ1dqBp+iObn +K/Es1dAFntwtvTdm1ASip62/OsKoO63/jZ0z4LmahKGHH3b0gnTXDvkwSD5biD6q +XGvWLwzojnPCGJGDObZmWtAfYCddTeP2Og1mUJx4e6vzExCuDy+r6GSzGCCdRjVk +JXPqmxBcWDWJsUZIp/Ss1B2eW8yppRoTTyRQqtkbbbFA+53dWHTEwm8UcuzbNZ+4 +VHVFw6bIGig1Oq5l8qmYzq9byTiMMTt/zNyW/eJb1tBZ9Ha6C8tPgxDHQNAdYOkq +5UhYdwxFab4ZcQQk4uMkH0rIwT6Z9ZaYOEgloRWwG9fihBhb9nE1mmh7QMwYXAwk +ndSV9ZmqRuqurL/0FBkk6Izs4/W8BmiKKgwFXwqXdafcfsD913oY3zDROEsfsJhw +v8x8c/BuxDGlpJcdrL/ObCFKvicjZ/MGVoEKkY624QMFMyzaNAhNTlAjrR+lxdR6 +/uoJ7KcoYItGfLXqm91P+edrFcaIz0Pb5SfcBFZub0YV8VYt6FwMc8MjgTggy8kM +ac8sqzuEYDMZUv1pFDMwLDAKBggrBgEFBQcDBAweSEFSSUNBIENsaWVudCBSU0Eg +Um9vdCBDQSAyMDIx +-----END TRUSTED CERTIFICATE----- + +# HARICA Code Signing ECC Root CA 2021 +-----BEGIN TRUSTED CERTIFICATE----- +MIICZjCCAe2gAwIBAgIQTIpjHaljjwWi+3YU/1uizTAKBggqhkjOPQQDAzB1MQsw +CQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh +cmNoIEluc3RpdHV0aW9ucyBDQTEtMCsGA1UEAwwkSEFSSUNBIENvZGUgU2lnbmlu +ZyBFQ0MgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTExMDQzNloXDTQ1MDIxMzExMDQz +NVowdTELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFu +ZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExLTArBgNVBAMMJEhBUklDQSBDb2Rl +IFNpZ25pbmcgRUNDIFJvb3QgQ0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BEOfvFxCakPhrEu4Dl+ABuMFd4t/C3nXYaCQv/JTKKNYupTAZmocWdqAWIEATLzJ +eZgQDMcdC+OT3IU5aNm/p0PSMcyCgie6iNHSLVY39zrabjnccRBl7jgLh3oDujBf +ZKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUanHBc2qTQqaXcl67kF+C +kg8r1uswDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2cAMGQCMB6l1QtElRDk +Z3xOhV65RUkCc7CyHLOnItEAYUAPs4c3Fo0A7baLVSUGlJDc1+d1nwIwf3Rr8Urf +8PeEe/LFeTADSPIeICJXZFRXNIB3tz8jT7T1gJjCwVZboOfWoY/1DG8dMDIwCgYI +KwYBBQUHAwMMJEhBUklDQSBDb2RlIFNpZ25pbmcgRUNDIFJvb3QgQ0EgMjAyMQ== +-----END TRUSTED CERTIFICATE----- + +# HARICA Code Signing RSA Root CA 2021 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFtjCCA56gAwIBAgIQFcKuKk2ZmmOM07oTGXYI9TANBgkqhkiG9w0BAQsFADB1 +MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEtMCsGA1UEAwwkSEFSSUNBIENvZGUgU2ln +bmluZyBSU0EgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTk1NFoXDTQ1MDIxMzEw +NTk1M1owdTELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWlj +IGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExLTArBgNVBAMMJEhBUklDQSBD +b2RlIFNpZ25pbmcgUlNBIFJvb3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAIpq7qoKI1UMiwZC45VbVHhfxY4GLHw8Mb6vDamh7EogWAWd +4miyu+tffyozufJVnG+qpB7tEL6DKRE25p4/+m17UeHVd6W9y2kOOyIglAwxZUAN +Ca8QNXqb6nkIRKSLZ6krTcHn0Nen9rU6jdmjqXm4pGVcvPM+95+Z9rjDZWgtq4Mu +3YWZBKn10VzVUUIBuZ9BtUsisgD0y2cQ72nEEK36lAZ2UBJXgq7FFK08fbud8XPh +fPCucd5b9xLd94Dx3D7xYLrJGZdvdXSFTP05Q8NkbjSsE8EcZbZSQvFG6y/6XabP +Dkmd93R8eA0GOiwS++JLJuRviyGBM0I5E+hCq1tV1Bu7N7YSkffzfbzS/+yxw9Wg +zLIrx49dfkxSQkj7j/1akHMQ1alyVI1J2zhSqkZIDi/6ACzMcww2SyTOE2ympKSj +1nyb6TgLxiTbTaxnIUlbQTdk5mBrH+0qL2AZMB7YPJwZQ4ffwAr05MpgiHrWo7nk +JS554v7Byzy3989OWEz7w62rfarKiPsOOA0fnlw567gHxFAiTfiFf27sjPq2cU3e +fZZpxN0+Ht4mkAosTRWVqaI+3D0Od3yNQShPuINRvj63j5A6cDGJWvqTU/xgyY11 +kO5aLx2EnwCp5sOGI6Ie3RLjoUZgG2e/UBUiknxKtIyPbpyVwizcOzogtryLAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRkFkjo/FpLMymJ65lA +uSC09mEaMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAK6xZi+Y5 +RNz7rUqI4GT/q8Py0s5wLwPlb7LE9TbWU2uHqx2LmQfIMI5Hcv2huHXWF6EWvWRz +kTBXrX39BUCGk9FJlrIL1HxkE4vTIUk4u/vozD4x8a57TCrfggajjgWEnH9wzsC7 +RRffXWUM5FBIB0SLpC9W2sZ69mCNpDjxnYcWMLLwX3pCVSBxz8zuALESR79CueSz +tR0ZhLmYbeBptBVBteJQSMcf6pq3eZHd1dVTGfyuGGxp261ZKJtkmKc8x1WO0TAA +z9QynmKxwyruNSLGu/B8u4O4AIn13BqX2TiaKVNhGaan9DtH/d1nlQ+OpGYsgpq3 +LXHm3674+GjBuw/qUKBFl7calRJvyLO2BWjaah4ONYWErHQMirT0dZ8ir7BUu7ae +IvnZ69WKDcfc+JgxX576xpf0QRB104G2MV963YiFCK9wRwI3e+JK7F3y3SkSRMiK +qt3SVXgXda9xaQ13cEqwH39C28dx3FjWGL1QxblyBMdne3xTYMpJGBW8QHOuK6gr +rG8RRDnsgkh+Ecr71j+2wLm4BpN1vZMndxcNXKWe6sFbAC0MqDVgx+JvNRs9drXn +rd10I0+GskfvyC/QhXw5ljehKykCvT6Hz6j2HXUyzzjjc7HuEIG1KrGIBlEeWjpI +UfM2WWLfQmZZULdYvvV2QJoSFuYOqtdsoNUwMjAKBggrBgEFBQcDAwwkSEFSSUNB +IENvZGUgU2lnbmluZyBSU0EgUm9vdCBDQSAyMDIx +-----END TRUSTED CERTIFICATE----- + +# HARICA TLS ECC Root CA 2021 +-----BEGIN TRUSTED CERTIFICATE----- +MIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQsw +CQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh +cmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9v +dCBDQSAyMDIxMB4XDTIxMDIxOTExMDExMFoXDTQ1MDIxMzExMDEwOVowbDELMAkG +A1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj +aCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgRUNDIFJvb3Qg +Q0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDgI/rGgltJ6rK9JOtDA4MM7 +KKrxcm1lAEeIhPyaJmuqS7psBAqIXhfyVYf8MLA04jRYVxqEU+kw2anylnTDUR9Y +STHMmE5gEYd103KUkE+bECUqqHgtvpBBWJAVcqeht6NCMEAwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUyRtTgRL+BNUW0aq8mm+3oJUZbsowDgYDVR0PAQH/BAQD +AgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAircJRQO9gcS3ujwLEXQNw +SaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/QwCZ61IygN +nxS2PFOiTAZpffpskcYqSUXm7LcT4TpsMCkwCgYIKwYBBQUHAwEMG0hBUklDQSBU +TFMgRUNDIFJvb3QgQ0EgMjAyMQ== +-----END TRUSTED CERTIFICATE----- + +# HARICA TLS RSA Root CA 2021 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBs +MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0Eg +Um9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTUzOFoXDTQ1MDIxMzEwNTUzN1owbDEL +MAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl +YXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgUlNBIFJv +b3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvC569l +mwVnlskNJLnQDmT8zuIkGCyEf3dRywQRNrhe7Wlxp57kJQmXZ8FHws+RFjZiPTgE +4VGC/6zStGndLuwRo0Xua2s7TL+MjaQenRG56Tj5eg4MmOIjHdFOY9TnuEFE+2uv +a9of08WRiFukiZLRgeaMOVig1mlDqa2YUlhu2wr7a89o+uOkXjpFc5gH6l8Cct4M +pbOfrqkdtx2z/IpZ525yZa31MJQjB/OCFks1mJxTuy/K5FrZx40d/JiZ+yykgmvw +Kh+OC19xXFyuQnspiYHLA6OZyoieC0AJQTPb5lh6/a6ZcMBaD9YThnEvdmn8kN3b +LW7R8pv1GmuebxWMevBLKKAiOIAkbDakO/IwkfN4E8/BPzWr8R0RI7VDIp4BkrcY +AuUR0YLbFQDMYTfBKnya4dC6s1BG7oKsnTH4+yPiAwBIcKMJJnkVU2DzOFytOOqB +AGMUuTNe3QvboEUHGjMJ+E20pwKmafTCWQWIZYVWrkvL4N48fS0ayOn7H6NhStYq +E613TBoYm5EPWNgGVMWX+Ko/IIqmhaZ39qb8HOLubpQzKoNQhArlT4b4UEV4AIHr +W2jjJo3Me1xR9BQsQL4aYB16cmEdH2MtiKrOokWQCPxrvrNQKlr9qEgYRtaQQJKQ +CoReaDH46+0N0x3GfZkYVVYnZS6NRcUk7M7jAgMBAAGjQjBAMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFApII6ZgpJIKM+qTW8VX6iVNvRLuMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPpBIqm5iFSVmewzVjIuJndftTgfvnNAU +X15QvWiWkKQUEapobQk1OUAJ2vQJLDSle1mESSmXdMgHHkdt8s4cUCbjnj1AUz/3 +f5Z2EMVGpdAgS1D0NTsY9FVqQRtHBmg8uwkIYtlfVUKqrFOFrJVWNlar5AWMxaja +H6NpvVMPxP/cyuN+8kyIhkdGGvMA9YCRotxDQpSbIPDRzbLrLFPCU3hKTwSUQZqP +JzLB5UkZv/HywouoCjkxKLR9YjYsTewfM7Z+d21+UPCfDtcRj88YxeMn/ibvBZ3P +zzfF0HvaO7AWhAw6k9a+F9sPPg4ZeAnHqQJyIkv3N3a6dcSFA1pj1bF1BcK5vZSt +jBWZp5N99sXzqnTPBIWUmAD04vnKJGW/4GKvyMX6ssmeVkjaef2WdhW+o45WxLM0 +/L5H9MG0qPzVMIho7suuyWPEdr6sOBjhXlzPrjoiUevRi7PzKzMHVIf6tLITe7pT +BGIBnfHAT+7hOtSLIBD6Alfm78ELt5BGnBkpjNxvoEppaZS3JGWg/6w/zgH7IS79 +aPib8qXPMThcFarmlwDB31qlpzmq6YR/PFGoOtmUW4y/Twhx5duoXNTSpv4Ao8YW +xw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnnkf3/W9b3raYvAwtt41dU +63ZTGI0RmLowKTAKBggrBgEFBQcDAQwbSEFSSUNBIFRMUyBSU0EgUm9vdCBDQSAy +MDIx +-----END TRUSTED CERTIFICATE----- + +# Halcom CA FO +-----BEGIN TRUSTED CERTIFICATE----- +MIIDGjCCAgKgAwIBAgIDAbplMA0GCSqGSIb3DQEBBQUAMDUxCzAJBgNVBAYTAlNJ +MQ8wDQYDVQQKEwZIYWxjb20xFTATBgNVBAMTDEhhbGNvbSBDQSBGTzAeFw0wNTA2 +MDUxMDMzMzFaFw0yMDA2MDUxMDMzMzFaMDUxCzAJBgNVBAYTAlNJMQ8wDQYDVQQK +EwZIYWxjb20xFTATBgNVBAMTDEhhbGNvbSBDQSBGTzCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALyjJgGW5Z2sGgICOXys3AZMN0quB0h16CccpDH9Cqcj +XXw/DvrwjJFvVTSEA3TMAzV4zXHBRxu76iFuuAfeIZKqrLneN6If9JocG8juEIPW +U0PI3enzkEY5cgpO/BIpSYFYJjpxEwx7U4/fZnI8F9ze4XlKn+lgPm015E1R0RzA +GjBcBj9zQ8jNNvQewoeMT0if2nVXKkyvjVQ8RF+YPFDa0BgGfGBu0oT/Z4WQPV7G +69h6o7VtDL51uKnaVnE2Wu7rSVM+4hl2fEKroZDx9y+4ukpBtCukLmE259baf/Wf +jbhLW4Q1UMW9Baqqwgx0QWNXGY7/4UbmewUk/pndMb0CAwEAAaMzMDEwDwYDVR0T +AQH/BAUwAwEB/zARBgNVHQ4ECgQISCAcYg1YUiUwCwYDVR0PBAQDAgEGMA0GCSqG +SIb3DQEBBQUAA4IBAQBbdfXmMEZYivcP0U8LAVgEuWTkMA0+dtlrE60cbslM8Gzm +QhH964PvUNi7VJ20kYpatYQPjEbNPIKopR4gnND1QQbKASuYsOopUB/idHtZgsoK +5W5OrrA37T7MujLZPwtoLLLTPNw4xRHWGzPuuaJqRJMbUOphG3lXUVaeMtAzeLTP +Ryr7983x523gumT7FZu+yrHyRwF/4Ey3pUGsHtkabJHh0KhKw154K3qAwE/NJV9Q +J8a8WHWcHbWaXZVz84Rm081tHc3gWs4gOO+Sc3heAtaN+XTUt4nYjPt71Ytx1RkX +JtgkSTxVvIKH2mO7OdeOkc80cFxzT9BQR1r75VpRMBowCgYIKwYBBQUHAwMMDEhh +bGNvbSBDQSBGTw== +-----END TRUSTED CERTIFICATE----- + +# Halcom CA PO 2 +-----BEGIN TRUSTED CERTIFICATE----- +MIICGTCCAYKgAwIBAgIDATTiMA0GCSqGSIb3DQEBBQUAMDcxCzAJBgNVBAYTAlNJ +MQ8wDQYDVQQKEwZIYWxjb20xFzAVBgNVBAMTDkhhbGNvbSBDQSBQTyAyMB4XDTA0 +MDIwNzE4MzMzMVoXDTE5MDIwNzE4MzMzMVowNzELMAkGA1UEBhMCU0kxDzANBgNV +BAoTBkhhbGNvbTEXMBUGA1UEAxMOSGFsY29tIENBIFBPIDIwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAJQX8kk3MDIJCDy+9Te3dGwQO8sicQcGucbs2kjznydt +ZI1V3nlHUPtoznkBvqcb9mGtfTELUyCtMfFbziP6/8wSAloAnPzNaxJS6KzUMztz +JhBxkEC/A4jfvF8hDYzWipMf564VVMZM5JlhkuD3jXLH3GITM6M+SSn7hL9wOpEh +AgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEivV2a/0sACMAsG +A1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQCQFld2uHnO/MTRNwCizf84BxFz +EwVJ7d/Bxc7GQNj3ApYNt28RhDhm+3H3EAFnfF19JNr2ZDsIgEimTr1E4rAHMo98 +hjdGb8CDA5O19PMSfKPoy+I6I3j6aG/+WMoMp1dRLWKQ+eSo3PXK3w6HUW43dSYO +1354igOilRm2XpEBVjAcMAoGCCsGAQUFBwMDDA5IYWxjb20gQ0EgUE8gMg== +-----END TRUSTED CERTIFICATE----- + +# Halcom Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDHjCCAgagAwIBAgIDB7HTMA0GCSqGSIb3DQEBDQUAMDcxCzAJBgNVBAYTAlNJ +MQ8wDQYDVQQKEwZIYWxjb20xFzAVBgNVBAMTDkhhbGNvbSBSb290IENBMB4XDTEy +MDIwODA5NTU0MVoXDTMyMDIwODA5NTU0MVowNzELMAkGA1UEBhMCU0kxDzANBgNV +BAoTBkhhbGNvbTEXMBUGA1UEAxMOSGFsY29tIFJvb3QgQ0EwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCJuYXK/vR1fX/snUI3urqNvOw9FwP92UVl1s3J +Tl+MSFyXCFcUiy2cPJBJmc9pr0mN2xwBsG7p9OqRZ13Ks2lP2MzBDT3uqgN24Mlw +op/+65vQtsmW0/D7W9DwB6tMXk2k4kdeBWh0po4iR+5+02eEVDeSRw7zo+wVGvNt +e78ZNSGPgkusVJwJzW62wVe90Ek9b59zjrFsfr3+1rs9A+jmTBq07q+0g04ykFT2 +ThvhL86lNBqOoyD52T4ia29u4/rZM1wIoPcVAD2cEJJKVc2Asgaq/dePt1qSJyQP +MzwouvEfaLV3KV6uwtqNNnDiejIbI6bexWENmqUSILXzllm1AgMBAAGjMzAxMA8G +A1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECE6U2Ipjws95MAsGA1UdDwQEAwIBBjAN +BgkqhkiG9w0BAQ0FAAOCAQEAKb7nseT6A6IPr3ZZnfhOU008BIOfoeKM9pTZtK5o +KlZrMlMogwdyTLBOqB2BgyFnAzfRjMbBToTpNDvT9fUnto0jBVK4TDLyLtrRKn0+ +gwMq0rHjmumKg0LwLAqhUw/AK+KPGk6VuUW8S2c6vTLzraWPj8Mu6vb0e2LQbm7F +YTETZuZnSZk7L4BPenxzigMNX/WzMigKisDh+bijJu7cG1fPdhpPU772SotXFysv +mYaq3ozatqhs32g21mGLbsBzTrc5RfR9zknE8x35qXds7++SFRMnmUbon6mKG58p +L6IdPtYrx+RVEDoY97N7Ty7HACLt5DHQ57jkVE/BgEUlbjAcMAoGCCsGAQUFBwMD +DA5IYWxjb20gUm9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Halcom Root Certificate Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIDgDCCAmigAwIBAgIDDN+bMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYTAlNJ +MRQwEgYDVQQKEwtIYWxjb20gZC5kLjEXMBUGA1UEYRMOVkFUU0ktNDMzNTMxMjYx +KjAoBgNVBAMTIUhhbGNvbSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0x +NjA2MTAwNzA3NTBaFw0zNjA2MTAwNzA3NTBaMGgxCzAJBgNVBAYTAlNJMRQwEgYD +VQQKEwtIYWxjb20gZC5kLjEXMBUGA1UEYRMOVkFUU0ktNDMzNTMxMjYxKjAoBgNV +BAMTIUhhbGNvbSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAOlSpsYa72O7rYH0kLJajw3VFjO0HBj7y4kq +MLtlgcTh+wKplAd25dcV5HpkEIDqPNCzoq2uHB/qu4FhmNT5jWmVxEUuAwnKhvpc +WhEXQDA+8MZjCcnxjUGlVg0FZGlLWKwqKZa7QDMWNEtnbNfxtEal6lmoQ2gPjDgq +qjz2RAOG+IrbRSErKR4St/qlZUHeBghYcJU+9EzZ6w8pqZGKnq3KEvXlleY42Rqm +i5xPpkgTEKV5RL1qOyn1FndAy36bXN++i+vnoBlvnxU/J54psfUN/F9HojzdLgsC ++/SN6uwMsfm0Baz5j6k9biwdOZ/QTp9OyGqegANh3M/4bZTLD88CAwEAAaMzMDEw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIQq6mQ8eYKLAwCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4IBAQBSuXnQ22P+GYH7DPnB5VBZyp2y+1wz0Dioq7Ua +TlMldSLTSb/Kgc/T4XujkUZ1yhrr2fVdvHuGNf2Bl5yE1yaYIvyxNdCplbZ8/+SX +tEB+SV1oyOLUOXUnTwORsjFXv4bXbcpxACI30DtYJFCgnIyaiY71KEZs5xbtsIGr +9EYmr6boGkV3cBaSsntxcdz330lnwDMIDi5TwXerx0qRTBLv5w4J5XUxIK5u/FqK +gJwQsNuoSszzK9w2NKb3qQtnnZDLPSafdc1MyR0GCnWLUsCB8NEmrMySphScXDwW +QvuTzAKoE/PargrDuBX0sNDU4BYgT6xQmHgmlB5o65Ry/veLMC8wCgYIKwYBBQUH +AwMMIUhhbGNvbSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eQ== +-----END TRUSTED CERTIFICATE----- + +# Hellenic Academic and Research Institutions ECC RootCA 2015 +-----BEGIN TRUSTED CERTIFICATE----- +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN +BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl +bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv +b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ +BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj +YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5 +MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0 +dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg +QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa +jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi +C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep +lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof +TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKRMF0wHgYIKwYB +BQUHAwQGCCsGAQUFBwMBBggrBgEFBQcDAww7SGVsbGVuaWMgQWNhZGVtaWMgYW5k +IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBFQ0MgUm9vdENBIDIwMTU= +-----END TRUSTED CERTIFICATE----- + +# Hellenic Academic and Research Institutions RootCA 2011 +-----BEGIN TRUSTED CERTIFICATE----- +MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix +RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p +YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw +NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK +EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl +cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz +dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ +fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns +bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD +75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP +FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV +HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp +5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu +b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA +A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p +6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 +TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 +dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys +Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI +l7WdmplNsDz4SgCbZN2fOUvRJ9e4MEUwCgYIKwYBBQUHAwMMN0hlbGxlbmljIEFj +YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTE= +-----END TRUSTED CERTIFICATE----- + +# Hellenic Academic and Research Institutions RootCA 2015 +-----BEGIN TRUSTED CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix +DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k +IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT +N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v +dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG +A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh +ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx +QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA +4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0 +AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10 +4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C +ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV +9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD +gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6 +Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq +NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko +LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd +ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I +XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI +M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot +9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V +Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea +j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh +X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ +l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf +bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4 +pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK +e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0 +vm9qp/UsQu0yrbYhnr68MFkwHgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEFBQcD +Aww3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBS +b290Q0EgMjAxNQ== +-----END TRUSTED CERTIFICATE----- + +# HiPKI Root CA - G1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFajCCA1KgAwIBAgIQLd2szmKXlKFD6LDNdmpeYDANBgkqhkiG9w0BAQsFADBP +MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 +ZC4xGzAZBgNVBAMMEkhpUEtJIFJvb3QgQ0EgLSBHMTAeFw0xOTAyMjIwOTQ2MDRa +Fw0zNzEyMzExNTU5NTlaME8xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3 +YSBUZWxlY29tIENvLiwgTHRkLjEbMBkGA1UEAwwSSGlQS0kgUm9vdCBDQSAtIEcx +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9B5/UnMyDHPkvRN0o9Qw +qNCuS9i233VHZvR85zkEHmpwINJaR3JnVfSl6J3VHiGh8Ge6zCFovkRTv4354twv +Vcg3Px+kwJyz5HdcoEb+d/oaoDjq7Zpy3iu9lFc6uux55199QmQ5eiY29yTw1S+6 +lZgRZq2XNdZ1AYDgr/SEYYwNHl98h5ZeQa/rh+r4XfEuiAU+TCK72h8q3VJGZDnz +Qs7ZngyzsHeXZJzA9KMuH5UHsBffMNsAGJZMoYFL3QRtU6M9/Aes1MU3guvklQgZ +KILSQjqj2FPseYlgSGDIcpJQ3AOPgz+yQlda22rpEZfdhSi8MEyr48KxRURHH+CK +FgeW0iEPU8DtqX7UTuybCeyvQqww1r/REEXgphaypcXTT3OUM3ECoWqj1jOXTyFj +HluP2cFeRXF3D4FdXyGarYPM+l7WjSNfGz1BryB1ZlpK9p/7qxj3ccC2HTHsOyDr +y+K49a6SsvfhhEvyovKTmiKe0xRvNlS9H15ZFblzqMF8b3ti6RZsR1pl8w4Rm0bZ +/W3c1pzAtH2lsN0/Vm+h+fbkEkj9Bn8SV7apI09bA8PgcSojt/ewsTu8mL3WmKgM +a/aOEmem8rJY5AIJEzypuxC00jBF8ez3ABHfZfjcK0NVvxaXxA/VLGGEqnKG/uY6 +fsI/fe78LxQ+5oXdUG+3Se0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQU8ncX+l6o/vY9cdVouslGDDjYr7AwDgYDVR0PAQH/BAQDAgGGMA0GCSqG +SIb3DQEBCwUAA4ICAQBQUfB13HAE4/+qddRxosuej6ip0691x1TPOhwEmSKsxBHi +7zNKpiMdDg1H2DfHb680f0+BazVP6XKlMeJ45/dOlBhbQH3PayFUhuaVevvGyuqc +SE5XCV0vrPSltJczWNWseanMX/mF+lLFjfiRFOs6DRfQUsJ748JzjkZ4Bjgs6Fza +ZsT0pPBWGTMpWmWSBUdGSquEwx4noR8RkpkndZMPvDY7l1ePJlsMu5wP1G4wB9Tc +XzZoZjmDlicmisjEOf6aIW/Vcobpf2Lll07QJNBAsNB1CI69aO4I1258EHBGG3zg +iLKecoaZAeO/n0kZtCW+VmWuF2PlHt/o/0elv+EmBYTksMCv5wiZqAxeJoBF1Pho +L5aPruJKHJwWDBNvOIf2u8g0X5IDUXlwpt/L9ZlNec1OvFefQ05rLisY+GpzjLrF +Ne85akEez3GoorKGB1s6yeHvP2UEgEcyRHCVTjFnanRbEEV16rCf0OY1/k6fi8wr +kkVbbiVghUbN0aqwdmaTd5a+g744tiROJgvM7XpWGuDpWsZkrUx6AEhEL7lAuxM+ +vhV4nYWBSipX3tUZQ9rbyltHhoMLP7YNdnhzeSJesYAfz77RP1YQmCuVh6EfnWQU +YDksswBVLuT1sw5XxJFBAJw/6KXf6vb/yPCtbVKoF6ubYfwSUTXkJf2vqmqGOTAg +MAoGCCsGAQUFBwMBDBJIaVBLSSBSb290IENBIC0gRzE= +-----END TRUSTED CERTIFICATE----- + +# Hongkong Post Root CA 3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQEL +BQAwbzELMAkGA1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJ +SG9uZyBLb25nMRYwFAYDVQQKEw1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25n +a29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2MDMwMjI5NDZaFw00MjA2MDMwMjI5 +NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtvbmcxEjAQBgNVBAcT +CUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMXSG9u +Z2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCziNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFO +dem1p+/l6TWZ5Mwc50tfjTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mI +VoBc+L0sPOFMV4i707mV78vH9toxdCim5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV +9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOesL4jpNrcyCse2m5FHomY +2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj0mRiikKY +vLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+Tt +bNe/JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZb +x39ri1UbSsUgYT2uy1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+ +l2oBlKN8W4UdKjk60FSh0Tlxnf0h+bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YK +TE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsGxVd7GYYKecsAyVKvQv83j+Gj +Hno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwIDAQABo2MwYTAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e +i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEw +DQYJKoZIhvcNAQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG +7BJ8dNVI0lkUmcDrudHr9EgwW62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCk +MpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWldy8joRTnU+kLBEUx3XZL7av9YROXr +gZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov+BS5gLNdTaqX4fnk +GMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDceqFS +3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJm +Ozj/2ZQw9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+ +l6mc1X5VTMbeRRAc6uk7nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6c +JfTzPV4e0hz5sy229zdcxsshTrD3mUcYhcErulWuBurQB7Lcq9CClnXO0lD+mefP +L5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB60PZ2Pierc+xYw5F9KBa +LJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fqdBb9HxEG +mpv0MCUwCgYIKwYBBQUHAwEMF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAz +-----END TRUSTED CERTIFICATE----- + +# I.CA - Qualified Certification Authority, 09/2009 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFHjCCBAagAwIBAgIEAKA3oDANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMC +Q1oxOjA4BgNVBAMMMUkuQ0EgLSBRdWFsaWZpZWQgQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHksIDA5LzIwMDkxLTArBgNVBAoMJFBydm7DrSBjZXJ0aWZpa2HEjW7DrSBh +dXRvcml0YSwgYS5zLjE9MDsGA1UECww0SS5DQSAtIEFjY3JlZGl0ZWQgUHJvdmlk +ZXIgb2YgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlczAeFw0wOTA5MDEwMDAwMDBaFw0x +OTA5MDEwMDAwMDBaMIG3MQswCQYDVQQGEwJDWjE6MDgGA1UEAwwxSS5DQSAtIFF1 +YWxpZmllZCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSwgMDkvMjAwOTEtMCsGA1UE +CgwkUHJ2bsOtIGNlcnRpZmlrYcSNbsOtIGF1dG9yaXRhLCBhLnMuMT0wOwYDVQQL +DDRJLkNBIC0gQWNjcmVkaXRlZCBQcm92aWRlciBvZiBDZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTaEy0KC8M9l +4lSaWHMs4+sVV1LwzyJYiIQNeCrv1HHm/YpGIdY/Z640ceankjQvIX7m23BK4OSC +6KO8kZYA3zopOz6GFCOKV2PvLukbc+c2imF6kLHEv6qNA8WxhPbR3xKwlHDwB2yh +Wzo7V3QVgDRG83sugqQntKYC3LnlTGbJpNP+Az72gpO9AHUn/IBhFk4ksc8lYS2L +9GCy9CsmdKSBP78p9w8Lx7vDLqkDgt1/zBrcUWmSSb7AE/BPEeMryQV1IdI6nlGn +BhWkXOYf6GSdayJw86btuxC7viDKNrbp44HjQRaSxnp6O3eto1x4DfiYdw/YbJFe +7EjkxSQBywIDAQABo4IBLjCCASowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAQYwgecGA1UdIASB3zCB3DCB2QYEVR0gADCB0DCBzQYIKwYBBQUHAgIwgcAa +gb1UZW50byBjZXJ0aWZpa2F0IGplIHZ5ZGFuIGpha28ga3ZhbGlmaWtvdmFueSBz +eXN0ZW1vdnkgY2VydGlmaWthdCBwb2RsZSB6YWtvbmEgYy4gMjI3LzIwMDAgU2Iu +IHYgcGxhdG5lbSB6bmVuaS9UaGlzIGlzIHF1YWxpZmllZCBzeXN0ZW0gY2VydGlm +aWNhdGUgYWNjb3JkaW5nIHRvIEN6ZWNoIEFjdCBOby4gMjI3LzIwMDAgQ29sbC4w +HQYDVR0OBBYEFHnL0CPpOmdwkXRP01Hi4CD94Sj7MA0GCSqGSIb3DQEBCwUAA4IB +AQB9laU214hYaBHPZftbDS/2dIGLWdmdSbj1OZbJ8LIPBMxYjPoEMqzAR74tw96T +i6aWRa5WdOWaS6I/qibEKFZhJAVXX5mkx2ewGFLJ+0Go+eTxnjLOnhVF2V2s+57b +m8c8j6/bS6Ij6DspcHEYpfjjh64hE2r0aSpZDjGzKFM6YpqsCJN8qYe2X1qmGMLQ +wvNdjG+nPzCJOOuUEypIWt555ZDLXqS5F7ZjBjlfyDZjEfS2Es9Idok8alf563Mi +9/o+Ba46wMYOkk3P1IlU0RqCajdbliioACKDztAqubONU1guZVzV8tuMASVzbJeL +/GAB7ECTwe1RuKrLYtglMKI9MD8wCgYIKwYBBQUHAwMMMUkuQ0EgLSBRdWFsaWZp +ZWQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHksIDA5LzIwMDk= +-----END TRUSTED CERTIFICATE----- + +# I.CA - Qualified root certificate +-----BEGIN TRUSTED CERTIFICATE----- +MIIEOTCCAyGgAwIBAgIEAJ0qYDANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJD +WjEqMCgGA1UEAwwhSS5DQSAtIFF1YWxpZmllZCByb290IGNlcnRpZmljYXRlMS0w +KwYDVQQKDCRQcnZuw60gY2VydGlmaWthxI1uw60gYXV0b3JpdGEsIGEucy4wHhcN +MDgwNDAxMDAwMDAwWhcNMTgwNDAxMDAwMDAwWjBoMQswCQYDVQQGEwJDWjEqMCgG +A1UEAwwhSS5DQSAtIFF1YWxpZmllZCByb290IGNlcnRpZmljYXRlMS0wKwYDVQQK +DCRQcnZuw60gY2VydGlmaWthxI1uw60gYXV0b3JpdGEsIGEucy4wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrCIik8HTyn/jb1neNMBk+psXHisW93eYC +ro49UHW4r302q/717QhntACKmMEDY4hR8hs2iXRaLcjEgsQ/uYj9bP06HRUFRJWA +GqaGyyF1kIVcsHAAhzSo0R9J/Ww4bWqsuEWfvBTXZtQh4ycKjXXgWi8KS7TnfnOj +Kr1w8ZGGCI+/kIQch6n1mSUllMHjbgfBSwdbVPw0y0Y3nMWhIM6mrIepgzw4T8BA +8+n/m9c5duQTI3W1/6FCrlyGT8VOQ7aZC1JTIKizwkzTACwV0llsCp8htXMWeR6G +Je4a+5OerWPxTOJ2MV437/zQqTbk+RHpevxQ50EjAzS4fboOz91TAgMBAAGjgeow +gecwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgaQGA1UdIASBnDCB +mTCBlgYMKwYBBAGBuEgBBAABMIGFMIGCBggrBgEFBQcCAjB2GnRUZW50byBjZXJ0 +aWZpa2F0IGplIHZ5ZGFuIGpha28ga3ZhbGlmaWtvdmFueSBzeXN0ZW1vdnkgY2Vy +dGlmaWthdCB2IHNvdWxhZHUgc2UgemFrb25lbSAyMjcvMjAwMCBTYi4gdiBwbGF0 +bmVtIHpuZW5pLjAdBgNVHQ4EFgQUaJ1+1sQlOfs7oDfWT9yM0XrwVlkwDQYJKoZI +hvcNAQEFBQADggEBAHL1vAaN0iyW8oLbWHtH8EBk5S4b7/rg+tPxckgBRPKI9N6Y +gVOE531OR+cxN1aus8Ewb8arSIP1mFNSaSoowUBl62XntDAL8KsOpRIlv/RQXb+j +fuXRdPgKKK5CnLAUUsSgYF33RRdCukItm5L7bpSzcEcgCJ1T8LCtvamEWt0HKgzN +K21hKN87kijsUYF/UXyOLn+d6bzBND2LrYGt8R50ZkM8QU24LjNPsToe2xLfNo5x +/1djsdaPtD2GEmrPQjC0kxbqmeoCW/4I7rJPcL8zAOd6Sjih8kiRph7LI7I4nfAu +SaLJiFZlZY46Z0WMjAviqrFLB/+xH7oUz3L6p3gwLzAKBggrBgEFBQcDAwwhSS5D +QSAtIFF1YWxpZmllZCByb290IGNlcnRpZmljYXRl +-----END TRUSTED CERTIFICATE----- + +# I.CA - Standard Certification Authority, 09/2009 +-----BEGIN TRUSTED CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIDFuNgMA0GCSqGSIb3DQEBCwUAMIGrMQswCQYDVQQGEwJD +WjE5MDcGA1UEAwwwSS5DQSAtIFN0YW5kYXJkIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5LCAwOS8yMDA5MS0wKwYDVQQKDCRQcnZuw60gY2VydGlmaWthxI1uw60gYXV0 +b3JpdGEsIGEucy4xMjAwBgNVBAsMKUkuQ0EgLSBQcm92aWRlciBvZiBDZXJ0aWZp +Y2F0aW9uIFNlcnZpY2VzMB4XDTA5MDkwMTAwMDAwMFoXDTE5MDkwMTAwMDAwMFow +gasxCzAJBgNVBAYTAkNaMTkwNwYDVQQDDDBJLkNBIC0gU3RhbmRhcmQgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHksIDA5LzIwMDkxLTArBgNVBAoMJFBydm7DrSBjZXJ0 +aWZpa2HEjW7DrSBhdXRvcml0YSwgYS5zLjEyMDAGA1UECwwpSS5DQSAtIFByb3Zp +ZGVyIG9mIENlcnRpZmljYXRpb24gU2VydmljZXMwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCoCFYSP/uUg6lgdr1Fg36WNDzPSU7Wz/wg4eGxAhRtrcp+ +UHIpqf2cdyY4ZPdDQT8UggSiQZAC55n3g2J4RIXonQVw1P54oXQ0x6w7hQLd7lFb +RjtTM9Zn7OwULuPE5bN0gwDMxpbmHIPa3BhQafrdQ9GOQP0WpLeMZYfgvqyXH7Bx +6wBlVxbObIevl4jwXfeHTToRCqLCRBTAFvJP9duVQq8psymgg1Fu/jxRV5MwJSa6 +O2qGyPYL0XE/nLc6yM5nCYz6QBt6bN7IHKDGXLthGIg/LlkdVvx6RZym2TjZxWDM +uUFVt8q8Te60p8T2oA68icUBlbFc30/wzMLNQrtfAgMBAAGjVTBTMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMBEGA1UdIAQKMAgwBgYEVR0gADAdBgNV +HQ4EFgQUwUw4lNWAhkjZIpAs0+4ZENtnR4cwDQYJKoZIhvcNAQELBQADggEBAKPL +0X10+zV4B5Lo7mjp5FJe8NhjkZSfaPu+W7qp4WN3q1B2xulWR1RQmbQli+jBGXI2 +Wgm+59b6wrYyPUfDUE6ZbpM2xYpRd2PgSTOrPB+K6TvZhrUox8J1cVtmao1YDvN1 +kLWtLIEYzZzYw81P8ftpIJfASM8TRRK1HPY+g+JOXt1ZxmtK4EjO2SqdZTq9L/Dw +TLwJess3AKQ/Owwj3eP7xkKitLbm0nKFTN+z3hanfh3n1M+tq7NQ5HCM37BwkMmG +nu58hItkHGvhaBV+yaV04E73WurdEjGrkUCFcQvOKSj5bjgUXB3+7BG/TUN+nl84 +v9fqnpMv0B10tQUJ0yIwPjAKBggrBgEFBQcDAwwwSS5DQSAtIFN0YW5kYXJkIENl +cnRpZmljYXRpb24gQXV0aG9yaXR5LCAwOS8yMDA5 +-----END TRUSTED CERTIFICATE----- + +# I.CA - Standard root certificate +-----BEGIN TRUSTED CERTIFICATE----- +MIIELjCCAxagAwIBAgIDE9YgMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNVBAYTAkNa +MSkwJwYDVQQDEyBJLkNBIC0gU3RhbmRhcmQgcm9vdCBjZXJ0aWZpY2F0ZTEpMCcG +A1UEChMgUHJ2bmkgY2VydGlmaWthY25pIGF1dG9yaXRhIGEucy4wHhcNMDgwNDAx +MDAwMDAwWhcNMTgwNDAxMDAwMDAwWjBjMQswCQYDVQQGEwJDWjEpMCcGA1UEAxMg +SS5DQSAtIFN0YW5kYXJkIHJvb3QgY2VydGlmaWNhdGUxKTAnBgNVBAoTIFBydm5p +IGNlcnRpZmlrYWNuaSBhdXRvcml0YSBhLnMuMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA0S0VxDlMaqHE5fMrtP2pFum4UY83kdmn05eQtnBph/WvWdJi +QVjV85WNAhX6ZpzBIRTYH636Kmx0VqFi4fGwrbj+0qPgkaG1rlOtjaQND1lglyr8 +oy5zNSNzzKimoRRtv4nDhDjzZFnMMfPg+SdgCjxBBW9aUvCPblJu7F6Ib+BAjCFH +VyLpOG7m+vMktK6vL3M/gNUyj4zZhBnYYM7baY0+rwKvrt6vUPXP5rNhGMTg3fBO +SmYNenMgt+TUk4ZHYdhPyjqOq8I/xiIXo12dIMbFDiRpyKZ9ZgbNRuYz4UN0k/WD +YtKwRSIBpHa961GTWGz6GqGfdYDa2ADi8YhNPwIDAQABo4HqMIHnMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTrN6S+uW9gF/vT/y1g +4QQer8/G0zCBpAYDVR0gBIGcMIGZMIGWBgwrBgEEAYG4SAEBAAEwgYUwgYIGCCsG +AQUFBwICMHYadFRlbnRvIGNlcnRpZmlrYXQgamUgdnlkYW4gamFrbyBrdmFsaWZp +a292YW55IHN5c3RlbW92eSBjZXJ0aWZpa2F0IHYgc291bGFkdSBzZSB6YWtvbmVt +IDIyNy8yMDAwIFNiLiB2IHBsYXRuZW0gem5lbmkuMA0GCSqGSIb3DQEBBQUAA4IB +AQAXIliqLxhVAqFMNkk3S5tzuq5jNg6LK4RFN8z64Gf3oHNqZ2hWvGGoNJooumYs +YZuLHPgEcIyG40HvlHkN3TSHBO61njFrOfR+WOXysARNqVclSeAL1eTsfQ4+OwHg +jPxSkJPm8rCr9TF3zNHJQ4KrDy60+ZiuPuNE9KQDaVXaXI7bwbms5JjVdhVGoS5a +DCJgoMLrcH9xA7Bo0zFkzerLS1WJgj5cZssaCJhHwt7ZLjhMBf0tjPrjIiW5kv3W +si3KojSc30nv1YQBLJL/BUEKZ8ZCa57L2J+QvA0PEH3HZr3qcwfgGOpRgbRFQDwP +oSI3FQGFqS58Dl9dzmqTvtm+MC4wCgYIKwYBBQUHAwMMIEkuQ0EgLSBTdGFuZGFy +ZCByb290IGNlcnRpZmljYXRl +-----END TRUSTED CERTIFICATE----- + +# I.CA Root CA/RSA +-----BEGIN TRUSTED CERTIFICATE----- +MIIGfjCCBGagAwIBAgIEBfXhADANBgkqhkiG9w0BAQ0FADBwMQswCQYDVQQGEwJD +WjEtMCsGA1UECgwkUHJ2bsOtIGNlcnRpZmlrYcSNbsOtIGF1dG9yaXRhLCBhLnMu +MRkwFwYDVQQDDBBJLkNBIFJvb3QgQ0EvUlNBMRcwFQYDVQQFEw5OVFJDWi0yNjQz +OTM5NTAeFw0xNTA1MjcxMjIwMDBaFw00MDA1MjcxMjIwMDBaMHAxCzAJBgNVBAYT +AkNaMS0wKwYDVQQKDCRQcnZuw60gY2VydGlmaWthxI1uw60gYXV0b3JpdGEsIGEu +cy4xGTAXBgNVBAMMEEkuQ0EgUm9vdCBDQS9SU0ExFzAVBgNVBAUTDk5UUkNaLTI2 +NDM5Mzk1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqj9VtYmvdhQG +KmQmlDgPX/bcBG8xRfUK/Tt/m3Jv+EB8/l39NJkFOJRJurHwvfiZXMBR+qoN++Zx +FYVjESp3BpGSBoiz/BThmUa0KYKuhIPutSaHbviLVUSdQNj/Klqq6H/SZeEUR8J8 +Mf11YQobjIBKnrTiLhRHMe68BVGupn7PEbjFSL0FVMKE5Kdoa/i4+n4oybnP5CFP +ZcmIaKA42XWlETtMHG5LHtSGbMGtBUfTLJQNzIctGi3D1szehP7sa8DhIxOh05wY +fuBy11xVvEyzQDEbnEDNmuuADnGu12JuWhZPH/ZlRdGfeoVBGcJ6Os4hkuSUcEy7 +qEHGxLs1zfU6nmOpjaBq0SBEqiq2SKVyw86e5FhIRwl/AkHzDRxtCXjw1xTRoFX8 +EdZaGgB55TvmCMtSnqQJq2vnbJwqLyJ9+7lQst5Q0y8McrnWs7ezCObre6z0tMX2 +wTIfpxkh9dxeN6rHH1ObQz7mnp/aDddWog9TaS1Vv+uGeBG/ptdaTfMOk3Pq/w7Q +54/xyLPw2BhzbKVyiPFwTEdUtpta0bwmN40Y35trLtsLJbOKsuOtBlxtu30XAwcB +ijCXiXRtSpR3Luvuz7Aetep29LUUOJXX1dkvP7KkJsxNo1yNCfNeDIUyzlZsAgjx +S6Orv8hUoAWFdOR1HXq8nDtgPWr9GZECAwEAAaOCAR4wggEaMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2uQNI+9UYoaE3oO3MaIJM +UjQ2DTCB1wYDVR0gBIHPMIHMMIHJBgRVHSAAMIHAMIG9BggrBgEFBQcCAjCBsBqB +rVRlbnRvIGt2YWxpZmlrb3Zhbnkgc3lzdGVtb3Z5IGNlcnRpZmlrYXQgYnlsIHZ5 +ZGFuIHBvZGxlIHpha29uYSAyMjcvMjAwMCBTYi4gdiBwbGF0bmVtIHpuZW5pL1Ro +aXMgcXVhbGlmaWVkIHN5c3RlbSBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29y +ZGluZyB0byBBY3QgTm8uIDIyNy8yMDAwIENvbGwuMA0GCSqGSIb3DQEBDQUAA4IC +AQAZVAIlg9silosdlZ6Z2zTOk9AfLntcYCRqDNeFRHgfHEnyFPiDVBmmnTJmuCOm +O4Yqnzb8F/xQD2DGN/0kqPd5p46/2AcVVF5SDL74ptjIQUTx9hPcgxlbr91k9zMW +hw8VWvFkvNTnVT8yOIma88xIxWwxcZKaJhfCfEcCbTUnn/Ma4aodDXQRqZN8Qahv +u46cxQHkc/a6UC7mENS8bxOaOLlpRqUG1vJMbDerPPjbGsZV8Mj4HSFuLwBqseJt +WgQtfd0JT/bvFC/AEuoJGSsayqBxm7E6Mrz/QxjzfS/1LojpUbbxSZBM/ybHw1nd +dF/BUF04XJ1oVWlqtEB3yV8yKUhUk8GzISN2oVUwaSM/MUnEoc07dlmVWoK0rXG1 +vqaRzIAVSi/OlK4YVUl1IES48wGbwXgsjhBMp2StrTrrTB1WLn+U1B7QCtXJVIEO +Hv73lPlhOj817tNgyftIsm7C2b56bpgFcACj0RfHxjSvbPVNj11SDN2Am3pt55jj +OYVcP4vMRKJANjKTElaQAp4+WWgCH1aIHq/B/g97VY2X2bumk0e6fPhHtjnXjPJA +bIecDP4t3dxx/A6RCKRDPYpX3d0H66eXUdC6hJmti3n+yQSQgxMr6ZcNZYnyES03 +jku4u9J6OSrF3NBdDd0EJ5ifWP2OhrsFf/DtN5KQ3Zy9/DAeMAoGCCsGAQUFBwMD +DBBJLkNBIFJvb3QgQ0EvUlNB +-----END TRUSTED CERTIFICATE----- + +# IGC/A +-----BEGIN TRUSTED CERTIFICATE----- +MIIEAjCCAuqgAwIBAgIFORFFEJQwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYT +AkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQ +TS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG +9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMB4XDTAyMTIxMzE0MjkyM1oXDTIw +MTAxNzE0MjkyMlowgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAM +BgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEO +MAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2 +LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh/R0GLFMzvABIaI +s9z4iPf930Pfeo2aSVz2TqrMHLmh6yeJ8kbpO0px1R2OLc/mratjUMdUC24SyZA2 +xtgv2pGqaMVy/hcKshd+ebUyiHDKcMCWSo7kVc0dJ5S/znIq7Fz5cyD+vfcuiWe4 +u0dzEvfRNWk68gq5rv9GQkaiv6GFGvm/5P9JhfejcIYyHF2fYPepraX/z9E0+X1b +F8bc1g4oa8Ld8fUzaJ1O/Id8NhLWo4DoQw1VYZTqZDdH6nfK0LJYBcNdfrGoRpAx +Vs5wKpayMLh35nnAvSk7/ZR3TL0gzUEl4C7HG7vupARB0l2tEmqKm0f7yd1GQOGd +PDPQtQIDAQABo3cwdTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBRjAVBgNV +HSAEDjAMMAoGCCqBegF5AQEBMB0GA1UdDgQWBBSjBS8YYFDCiQrdKyFP/45OqDAx +NjAfBgNVHSMEGDAWgBSjBS8YYFDCiQrdKyFP/45OqDAxNjANBgkqhkiG9w0BAQUF +AAOCAQEABdwm2Pp3FURo/C9mOnTgXeQp/wYHE4RKq89toB9RlPhJy3Q2FLwV3duJ +L92PoF189RLrn544pEfMs5bZvpwlqwN+Mw+VgQ39FuCIvjfwbF3QMZsyK10XZZOY +YLxuj7GoPB7ZHPOpJkL5ZB3C55L29B5aqhlSXa/oovdgoPaN8In1buAKBQGVyYsg +Crpa/JosPL3Dt8ldeCUFP1YUmwza+zpI/pdpXsoQhvdOlgQITeywvl3cO45Pwf2a +NjSaTFR+FwNIlQgRHAdvhQh+XU3Endv7rs6y0bO4g2wdsrN58dhwmX7wEwLOXt1R +0982gaEbeC9xs/FZTEYYKKuF0mBWWjATMAoGCCsGAQUFBwMDDAVJR0MvQQ== +-----END TRUSTED CERTIFICATE----- + +# IGC/A AC racine Etat francais +-----BEGIN TRUSTED CERTIFICATE----- +MIIFwzCCA6ugAwIBAgISESGFDLOcajL6vmcbgT+khhWPMA0GCSqGSIb3DQEBCwUA +MF4xCzAJBgNVBAYTAkZSMQ4wDAYDVQQKEwVBTlNTSTEXMBUGA1UECxMOMDAwMiAx +MzAwMDc2NjkxJjAkBgNVBAMTHUlHQy9BIEFDIHJhY2luZSBFdGF0IGZyYW5jYWlz +MB4XDTExMDcwODA5MDAwMFoXDTI4MDQxNTA5MDAwMFowXjELMAkGA1UEBhMCRlIx +DjAMBgNVBAoTBUFOU1NJMRcwFQYDVQQLEw4wMDAyIDEzMDAwNzY2OTEmMCQGA1UE +AxMdSUdDL0EgQUMgcmFjaW5lIEV0YXQgZnJhbmNhaXMwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCqfCifETCYzW9uLIUSJjsIBspB/VJPQ73AJidxdhpZ +ltgJ6weqJk5PPkuh45eHhWaBccm5FXZvd1AYkxAtN4hNF7fzRb0iLrcnmFvHBf29 +M+2i9VMdKCNlv0A1bs5qC8Op9SUMqyLwuMDEfTcMo2J87rTbPSE5p5yJ45uiEPiK +tkovLphpK2qghtrxCOW+TGcWLSVh89UNCxdERwnURgWdD8CITWHkJMTHaAmvrNKv +uZUmb4AE/HasqscjtuQGkVVE7GTbmYEc0lZ0/dYyKLvLyTcN+2lsb7qjawaMakAu +Fzo56tAM31ocum+kMrC4zD53G9OLH4b6/z4+b1yIRufjD/qrHfN9S/hUbk7M3DJa +Y3iiMq8zeOpD4Ux6TdeUBi3mT6VCkq8oik/DFeypa6nf4N0TArzMff8t5gepvnWW +6kJeWxreojOzY72rBfmL5r1N0W1WmuuJPJ/AeOS+JXAGxRFzoMjKFMs61PKcKjza +Xxcz2XYUN6pJh2XZ9NkuGV/5oM2ouUEybXGmpMv3YyLQKeS6gRpqKR2apaRcRlQk +RdTI7Xp5heyEd25nTWQPQ956g6Sn2Nu1U0z+YsgTw2I2pSgxMpu0lofimcYfVr9G +o6lkMeXVsUuoZsxbof8W/Ao4KmiPdyUmrZF0hWjIfxrlWhS4fQ63IzHAZLcFL0FY +VQIDAQABo3sweTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNV +HSAEDzANMAsGCSqBegGBXwEBAjAdBgNVHQ4EFgQUn6rTKZbfAOVD4PFjrN4SjsIn +ePowHwYDVR0jBBgwFoAUn6rTKZbfAOVD4PFjrN4SjsInePowDQYJKoZIhvcNAQEL +BQADggIBAHW1ddGONmacSPeFDU4Fu02anLQOKKIEvFAwu/SUTJiQhavgUmRP0tIu +YpOQsIUNiFT7xlRsnuuVeYBeopcWH/JndEGcVfS3aptKFoa9BR9mgHB+ydH1LSFx +UDmlrYimJhyL1yUcOtbj9MIMn1fBZMhXUSMWI40PI2pWS//6xp81k8YiwGXxr96p +bBi+V2VZzfQjVWQh2O2VYWkzcmpR9p/llW2O3mtzJxOUXn6XSMAyFr49N+3W3I68 +XC38YqjP9pD3sYsJ6zokYw3IlkXUL3dIQvUtYucnC+ARhhndpxD3YwaRMGladfSs ++aGNl8ag7zofkyVIVjoaiCEZk8OVIEkIVUlNolOcmZxzaS6n9cq3DiXvNyNfkNhD +fu6EF2onXn/SLT+sPq8wp42RxPSPCR3z95EO4xi63ETJfQVTA7duoPN519EaT9C4 +bIh2wYCYVYVTYc9EV0zeTg0WUfE9iYGufQutirXuVsTGzBELGNT8/Xn7/gQRnCPv +dnLHjb65Hnh28pocrWNCx9jtbWGQwiEqDwgULSBDJXwYtbegpH25pQwZ/smrPedb +3q/6VxknhecjDvTNDRkwPorkxhEe8LR9aWObDpaGkOD7A29bWT4dIfVXZ1Ym8ocZ +B4S6LJA6wyikBVogzalblXU5fyJQCk5/F/ezrNMHpr4tUgowTHgQMCswCgYIKwYB +BQUHAwMMHUlHQy9BIEFDIHJhY2luZSBFdGF0IGZyYW5jYWlz +-----END TRUSTED CERTIFICATE----- + +# ISRG Root X1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 +WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu +ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc +h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ +0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U +A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW +T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH +B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC +B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv +KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn +OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn +jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw +qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI +rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq +hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ +3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK +NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 +ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur +TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC +jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc +oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq +4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA +mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d +emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCcw +GjAKBggrBgEFBQcDAQwMSVNSRyBSb290IFgx +-----END TRUSTED CERTIFICATE----- + +# ISRG Root X2 +-----BEGIN TRUSTED CERTIFICATE----- +MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw +CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg +R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00 +MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT +ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw +EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW ++1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9 +ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI +zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW +tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1 +/q4AaOeMSQ+2b1tbFfLnMBowCgYIKwYBBQUHAwEMDElTUkcgUm9vdCBYMg== +-----END TRUSTED CERTIFICATE----- + +# IdenTrust Commercial Root CA 1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu +VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw +MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw +JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT +3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU ++ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp +S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 +bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi +T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL +vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK +Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK +dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT +c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv +l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N +iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD +ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH +6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt +LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 +nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 ++wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK +W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT +AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq +l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG +4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ +mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A +7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6HMEAwHgYIKwYBBQUH +AwQGCCsGAQUFBwMBBggrBgEFBQcDAwweSWRlblRydXN0IENvbW1lcmNpYWwgUm9v +dCBDQSAx +-----END TRUSTED CERTIFICATE----- + +# IdenTrust Public Sector Root CA 1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN +MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 +MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 +ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy +RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS +bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF +/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R +3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw +EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy +9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V +GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ +2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV +WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD +W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN +AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj +t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV +DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 +TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G +lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW +mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df +WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 ++bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ +tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA +GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv +8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+cMDkwFAYI +KwYBBQUHAwQGCCsGAQUFBwMBDCFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290 +IENBIDE= +-----END TRUSTED CERTIFICATE----- + +# Izenpe.com +-----BEGIN TRUSTED CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 +ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD +VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j +b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq +scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO +xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H +LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX +uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD +yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ +JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q +rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN +BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L +hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB +QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ +HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu +Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg +QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB +BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA +A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb +laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 +awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo +JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw +LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT +VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk +LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb +UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ +QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ +naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls +QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxzAiMBQGCCsGAQUF +BwMBBggrBgEFBQcDAwwKSXplbnBlLmNvbQ== +-----END TRUSTED CERTIFICATE----- + +# Japanese Government +-----BEGIN TRUSTED CERTIFICATE----- +MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJKUDEc +MBoGA1UEChMTSmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBwbGljYXRp +b25DQTAeFw0wNzEyMTIxNTAwMDBaFw0xNzEyMTIxNTAwMDBaMEMxCzAJBgNVBAYT +AkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zlcm5tZW50MRYwFAYDVQQLEw1BcHBs +aWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp23gdE6H +j6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdhjYq+xpqcBrSGUeQ3DnR4fl+K +f5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWuREhzNgaeZCw7NCPbXCbkcXmP1G55 +IrmTwcrNwVbtiGrXoDkhBFcsovW8R0FPXjQilbUfKW1eSvNNcr5BViCH/OlQR9cw +FO5cjFW6WY2H/CPek9AEjP3vbb3QesmlOmpyM8ZKDQUXKi17safY1vC+9D/qDiht +QWEjdnjDuGWk81quzMKq2edY3rZ+nYVunyoKb58DKTCXKB28t89UKU5RMfkntigm +/qJj5kEW8DOYRwIDAQABo4GeMIGbMB0GA1UdDgQWBBRUWssmP3HMlEYNllPqa0jQ +k/5CdTAOBgNVHQ8BAf8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNVBAYTAkpQ +MRgwFgYDVQQKDA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOC +seODvOOCt+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBADlqRHZ3ODrso2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJ +hyzjVOGjprIIC8CFqMjSnHH2HZ9g/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2VdMV+ +eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYDio+nEhEMy/0/ecGc/WLuo89U +DNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmWdupwX3kSa+Sj +B1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhfAx2o45CsJOAPQKdL +rosot4LKGAfmt1t06SAZf7IbiVQwITAKBggrBgEFBQcDAwwTSmFwYW5lc2UgR292 +ZXJubWVudA== +-----END TRUSTED CERTIFICATE----- + +# Juur-SK +-----BEGIN TRUSTED CERTIFICATE----- +MIIE5jCCA86gAwIBAgIEO45L/DANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZIhvcN +AQkBFglwa2lAc2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZp +dHNlZXJpbWlza2Vza3VzMRAwDgYDVQQDEwdKdXVyLVNLMB4XDTAxMDgzMDE0MjMw +MVoXDTE2MDgyNjE0MjMwMVowXTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMQsw +CQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEQ +MA4GA1UEAxMHSnV1ci1TSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AIFxNj4zB9bjMI0TfncyRsvPGbJgMUaXhvSYRqTCZUXP00B841oiqBB4M8yIsdOB +SvZiF3tfTQou0M+LI+5PAk676w7KvRhj6IAcjeEcjT3g/1tf6mTll+g/mX8MCgkz +ABpTpyHhOEvWgxutr2TC+Rx6jGZITWYfGAriPrsfB2WThbkasLnE+w0R9vXW+RvH +LCu3GFH+4Hv2qEivbDtPL+/40UceJlfwUR0zlv/vWT3aTdEVNMfqPxZIe5EcgEMP +PbgFPtGzlc3Yyg/CQ2fbt5PgIoIuvvVoKIO5wTtpeyDaTpxt4brNj3pssAki14sL +2xzVWiZbDcDq5WDQn/413z8CAwEAAaOCAawwggGoMA8GA1UdEwEB/wQFMAMBAf8w +ggEWBgNVHSAEggENMIIBCTCCAQUGCisGAQQBzh8BAQEwgfYwgdAGCCsGAQUFBwIC +MIHDHoHAAFMAZQBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0ACAAbwBuACAAdgDk +AGwAagBhAHMAdABhAHQAdQBkACAAQQBTAC0AaQBzACAAUwBlAHIAdABpAGYAaQB0 +AHMAZQBlAHIAaQBtAGkAcwBrAGUAcwBrAHUAcwAgAGEAbABhAG0ALQBTAEsAIABz +AGUAcgB0AGkAZgBpAGsAYQBhAHQAaQBkAGUAIABrAGkAbgBuAGkAdABhAG0AaQBz +AGUAawBzMCEGCCsGAQUFBwIBFhVodHRwOi8vd3d3LnNrLmVlL2Nwcy8wKwYDVR0f +BCQwIjAgoB6gHIYaaHR0cDovL3d3dy5zay5lZS9qdXVyL2NybC8wHQYDVR0OBBYE +FASqekej5ImvGs8KQKcYP2/v6X2+MB8GA1UdIwQYMBaAFASqekej5ImvGs8KQKcY +P2/v6X2+MA4GA1UdDwEB/wQEAwIB5jANBgkqhkiG9w0BAQUFAAOCAQEAe8EYlFOi +CfP+JmeaUOTDBS8rNXiRTHyoERF5TElZrMj3hWVcRrs7EKACr81Ptcw2Kuxd/u+g +kcm2k298gFTsxwhwDY77guwqYHhpNjbRxZyLabVAyJRld/JXIWY7zoVAtjNjGr95 +HvxcHdMdkxuLDF2FvZkwMhgJkVLpfKG6/2SSmuz+Ne6ML678IIbsSt4beDI3poHS +na9aEhbKmVv8b20OxaAehsmR0FyYgl9jDIpaq9iVpszLita/ZEuOyoqysOkhMp6q +qIWYNIE5ITuoOlIyPfZrN4YGWhWY3PARZv40ILcD9EEQfTmEeZZyY7aWAuVrua0Z +TbvGRNs2yyqcjjAVMAoGCCsGAQUFBwMDDAdKdXVyLVNL +-----END TRUSTED CERTIFICATE----- + +# KEYNECTIS ROOT CA +-----BEGIN TRUSTED CERTIFICATE----- +MIID5TCCAs2gAwIBAgISESG8J2xVR69YTu/UztYpsqKFMA0GCSqGSIb3DQEBCwUA +MEwxCzAJBgNVBAYTAkZSMRIwEAYDVQQKEwlLRVlORUNUSVMxDTALBgNVBAsTBFJP +T1QxGjAYBgNVBAMTEUtFWU5FQ1RJUyBST09UIENBMB4XDTA5MDUyNjAwMDAwMFoX +DTIwMDUyNjAwMDAwMFowTDELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUtFWU5FQ1RJ +UzENMAsGA1UECxMEUk9PVDEaMBgGA1UEAxMRS0VZTkVDVElTIFJPT1QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG/bMXhaGtJhuVaTUhPaSI+t7b +YDZAF2nCFGP7uNnCdBU3LpzQIM1pjYQyooVMFLSb8iWzVCqDPy2+D/M7ZNH/oFDv +d087TuE/C2SFmrpYftLDYtNkJaLUspc8d11jKjOS/M2CDZtUlYf1teuMzVvRyjAv +yYhGtc0NEbQYj+7RoT5dFegoz9/DkJtszNEMRXezOuuKkB3pr2RqiXupPUN0+uRn +IqH73E3E9WLJyiW0yYBgM6nde6ACv5YlCl7JXyl7tBeBi22BGdDZg1wFj0FpGmlD +gJ+or+DpjJGLJyuiJmDND/KkowKDjhiBwheKQxX5bfMdEKRanERhIyF62PvRAgMB +AAGjgcAwgb0wEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAQYwVwYD +VR0fBFAwTjBMoEqgSIZGaHR0cDovL3RydXN0Y2VudGVyLWNybC5jZXJ0aWZpY2F0 +Mi5jb20vS2V5bmVjdGlzL0tFWU5FQ1RJU19ST09UX0NBLmNybDAdBgNVHQ4EFgQU +77cjl9CokX+mz6YhwDSfzHdB4dAwHwYDVR0jBBgwFoAU77cjl9CokX+mz6YhwDSf +zHdB4dAwDQYJKoZIhvcNAQELBQADggEBABoxaZlCwuVAhaKfksNj1I8hOagZIf56 +/MNNQPMr6EusW0xZk8bcfguvfF+VhWu9x2+6wb74xjpnS5PGBWk+JC3wG5HGPj/s +QhiTbAMkim75IGcrfG2rNMkqIjMN132P7tI2ZELINZpuGWHLjWfwaKfQJAXmwxe6 +Ra58Q7WAeANNIHMF/EMQnTVpQnWUJYIrpjuQGN7Bqa/zLZW/lafPGJfhWeKirxoW +YQ33E3FTkzf9PK8AHWyLFK9Gloy2UnzMLU7N4elLCu6a/nqY5ym6G9ocutxrzQQO +JkCp63M8/lCoESdVvduOS+9PGO0V/72GmGbumiVxNGxQ8bJRy2adTSkwHzAKBggr +BgEFBQcDAwwRS0VZTkVDVElTIFJPT1QgQ0E= +-----END TRUSTED CERTIFICATE----- + +# KISA RootCA 1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDczCCAlugAwIBAgIBBDANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJLUjEN +MAsGA1UECgwES0lTQTEuMCwGA1UECwwlS29yZWEgQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkgQ2VudHJhbDEWMBQGA1UEAwwNS0lTQSBSb290Q0EgMTAeFw0wNTA4MjQw +ODA1NDZaFw0yNTA4MjQwODA1NDZaMGQxCzAJBgNVBAYTAktSMQ0wCwYDVQQKDARL +SVNBMS4wLAYDVQQLDCVLb3JlYSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBDZW50 +cmFsMRYwFAYDVQQDDA1LSVNBIFJvb3RDQSAxMIIBIDANBgkqhkiG9w0BAQEFAAOC +AQ0AMIIBCAKCAQEAvATk+hM58DSWIGtsaLv623f/J/es7C/n/fB/bW+MKs0lCVsk +9KFo/CjsySXirO3eyDOE9bClCTqnsUdIxcxPjHmc+QZXfd3uOPbPFLKc6tPAXXdi +8EcNuRpAU1xkcK8IWsD3z3X5bI1kKB4g/rcbGdNaZoNy4rCbvdMlFQ0yb2Q3lIVG +yHK+d9VuHygvx2nt54OJM1jT3qC/QOhDUO7cTWu8peqmyGGO9cNkrwYV3CmLP3WM +vHFE2/yttRcdbYmDz8Yzvb9Fov4Kn6MRXw+5H5wawkbMnChmn3AmPC7fqoD+jMUE +CSVPzZNHPDfqAmeS/vwiJFys0izgXAEzisEZ2wIBA6MyMDAwHQYDVR0OBBYEFL+2 +J9gDWnZlTGEBQVYx5Yt7OtnMMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF +BQADggEBABOvUQveimpb5poKyLGQSk6hAp3MiNKrZr097LuxQpVqslxa/6FjZJap +aBV/JV6K+KRzwYCKhQoOUugy50X4TmWAkZl0Q+VFnUkq8JSV3enhMNITbslOsXfl +BM+tWh6UCVrXPAgcrnrpFDLBRa3SJkhyrKhB2vAhhzle3/xk/2F0KpzZm4tfwjeT +2KM3LzuTa7IbB6d/CVDv0zq+IWuKkDsnSlFOa56ch534eJAx7REnxqhZvvwYC/uO +fi5C4e3nCSG9uRPFVmf0JqZCQ5BEVLRxm3bkGhKsGigA35vB1fjbXKP4krG9tNT5 +UNkAAk/bg9ART6RCVmE6fhMy04QfybowGzAKBggrBgEFBQcDAwwNS0lTQSBSb290 +Q0EgMQ== +-----END TRUSTED CERTIFICATE----- + +# LAWtrust Root CA2 (4096) +-----BEGIN TRUSTED CERTIFICATE----- +MIIFmDCCA4CgAwIBAgIEVRpusTANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJa +QTERMA8GA1UEChMITEFXdHJ1c3QxITAfBgNVBAMTGExBV3RydXN0IFJvb3QgQ0Ey +ICg0MDk2KTAgFw0yMzAyMTQwOTE5MzhaGA8yMDUzMDIxNDA5NDkzOFowQzELMAkG +A1UEBhMCWkExETAPBgNVBAoTCExBV3RydXN0MSEwHwYDVQQDExhMQVd0cnVzdCBS +b290IENBMiAoNDA5NikwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM +F8srQ7ps+cmTimUNEkzsJxS3E3ng1NUtGFbx+eoqEBZObETHamVG85qJNdGH+DOJ +L4gJGpIQkZDBa58Obn8mihNdGKxoAQ0QeGVw2I6PhFqXMBjQEQ5KjVIQpYErUSj1 +Y8S27ECzAeWtd73lOO+8jbPdGaB7DY2022r7JTNa+pGvxHFFMPiIKXvLv9W6JwSO +3bIA98pcmTUU6v11BhUIu8pXaPs/+7Q0c2PR1ePIOFppfWp6RAwNik7tkh0Qjzsi +LLbf7cXG8Il5VGVeXxu9j33fubft6+TFB9FnPJU7kf5CelJAgATSOVdL9JJ9/5vv +5Z3JCbKREjimKQg7ruvKzO1N504hAQf8bzLOaYyEUsZ36icwCt6lrzAraB+s1Owh +rSJJds4PwvIHKvlqEoOaOwSuGXr+oYYk+kFeJXxArCe24yk2bzXiV9AZWN//ZPbD +AUl22yu+vLlPFArVG1gh9hwuAHz4lLXLNxoU5DK5FtRg7AWqXzL6aiMSrNQQu9Ki +grRLDotwJ6rWB8FniPqEwwjJioTI0jdygQ+NFkrk1zVRpTgPjIRLlTbA9ded4F2P +q5HuAAi5nVIf7PiZu3lWsUna0uXYYYtbr/CrN8V7Go6Gvn7FexUeYWjoC4eLc0mh +F3N+KXiOyuBBL3VzdKKXOn/3LnQJuExgi0Y2GRAtnQIDAQABo4GRMIGOMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMCsGA1UdEAQkMCKADzIwMjMwMjE0 +MDkxOTM4WoEPMjA1MzAyMTQwOTQ5MzhaMB8GA1UdIwQYMBaAFNfWVmJcPxeB5nNE +KfVRBe8LYDesMB0GA1UdDgQWBBTX1lZiXD8XgeZzRCn1UQXvC2A3rDANBgkqhkiG +9w0BAQsFAAOCAgEASZwp/j3snkV/qz48/iNvNz53p1P/eJ/8SUSAV2acbtp5/81F +rUyTv7VZxukQt+X4jPuHxR6L2LM/ApYKu4qO79e0wIMgOJdZRWT89ncT8gnXocg4 +dAjq+UhM+h8EnLT/7G5WNnKTbJU+LF/eDwurycwVPhaPZvyyELih0bTewGMZzO9T +qnU2IoslH7+byNfBX+ymNwmqe2K89iIt8dZY3Yy7UvQLp3apensajdytmoFiLoYF +kHJHL6HJZ4SwDWywuJsWt9CZFC+cEpsjqI2mQx7p5S3leKcfZJRktneyqFz7Casp +6x5tddH20MWlwx2fHvMaLbLIH+UoCm7zX/3a5iOhdpBcS5gBgizuRy0CGl9/NMVp +tXKtPvPPnm34KegRJyvgWQsbYetKymmlpNXNURuUjnnN3/audF2xLBuGU/7RMAZB +NAdigkz0fseHdA6wIR4JIIDBsxU9Rm3T8QaSP++glYocbncxtut4KQx77oKlT36k +KV6eqi34jsDz/A0GhZtO3PfiCXzQFFEeerMjr/rRYSpltQHZuOMHyiR20vBKvu+G +BIBCFXARaH7Xx7v+506bnJWlHEqkydAJjKrOSNIekpfXEentZsw33PXXG3SbpupC +rF0y4Fj0gUf/0hLifhzcSXaWwx2fS8pcKjdbPYrROJsh2uO/RUPT4Fh3HygwJjAK +BggrBgEFBQcDBAwYTEFXdHJ1c3QgUm9vdCBDQTIgKDQwOTYp +-----END TRUSTED CERTIFICATE----- + +# LGPKI +-----BEGIN TRUSTED CERTIFICATE----- +MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJKUDEO +MAwGA1UEChMFTEdQS0kxGjAYBgNVBAsTEUFwcGxpY2F0aW9uIENBIEcyMB4XDTA2 +MDMzMTE1MDAwMFoXDTE2MDMzMTE0NTk1OVowOTELMAkGA1UEBhMCSlAxDjAMBgNV +BAoTBUxHUEtJMRowGAYDVQQLExFBcHBsaWNhdGlvbiBDQSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALk1xhD422jbB8RATLAdHjbcw0H2z1UVbQh/ +XMZoVeXnV/GWUebhTXgPbkAVcDtl/hHf59PWWDU74Z8C/JRSRi6znmCbAp7JgtL2 +464JT4REtmKbAFFouDqt7GTRMkvplESDtA7OIYlrsDbAmMZLnMI+W2AqCTErLatM +3rGg/VhWwoMdILzEhAmHe6iVl8YljoPgPpMN0cd9c6mo/BkAQC4iuHozQfV4/Vpx +54LZSIhc7KiFhy1tgIlnGmm+EMBaju2IfT5vLDhrN85H2KIxMN5+U2Vsi4ZTQSBs +vUilfq8AWlYSWIHR3IlZ+bXu+E2a2EQpi3mn9yKq6nxctBaIIA0CAwEAAaOBsjCB +rzAdBgNVHQ4EFgQUf7hdjsQYa8Z9zC7prs405xdd4KEwDgYDVR0PAQH/BAQDAgEG +MEwGA1UdHwRFMEMwQaA/oD2kOzA5MQswCQYDVQQGEwJKUDEOMAwGA1UEChMFTEdQ +S0kxGjAYBgNVBAsTEUFwcGxpY2F0aW9uIENBIEcyMA8GA1UdEwEB/wQFMAMBAf8w +HwYDVR0jBBgwFoAUf7hdjsQYa8Z9zC7prs405xdd4KEwDQYJKoZIhvcNAQEFBQAD +ggEBADzYczZABkhKVBn1J0g5JaVuQue2zRvLOTS3m+xPKr535MqE/B3rmyJA1fT7 +aIdy/Eddag5SSuO1XUjGIpbmM21tq/bN18skWoyoRZ4+YYJ9lNUF8Bo1X3EvLlS1 +QQXvhg1S75yYG/EsTDrR84bTjD56L4ZFjoMyJlu/U8oOUVbcmsJaMBkNp57Vqpsg +OWl4IfSXbdEOEUwu0xtasPmXeFwqj1Jl7kxCJcI3MA5tKzWUgwbor0U7BGanMLv5 +4CE7Y259RF06alPvERck/VSyWmxzViHJbC2XpEKzJ2EFIWNt6ii8TxpvQtyYq1XT +HhvAkj+bweY7F1bixJhDJe62ywAwEzAKBggrBgEFBQcDAwwFTEdQS0k= +-----END TRUSTED CERTIFICATE----- + +# LuxTrust Global Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIDZDCCAkygAwIBAgICC7gwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCTFUx +FjAUBgNVBAoTDUx1eFRydXN0IHMuYS4xHTAbBgNVBAMTFEx1eFRydXN0IEdsb2Jh +bCBSb290MB4XDTExMDMxNzA5NTEzN1oXDTIxMDMxNzA5NTEzN1owRDELMAkGA1UE +BhMCTFUxFjAUBgNVBAoTDUx1eFRydXN0IHMuYS4xHTAbBgNVBAMTFEx1eFRydXN0 +IEdsb2JhbCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsn+n +QPAiygz267Hxyw6VV0B1r6A/Ps7sqjJX5hmxZ0OYWmt8s7j6eJyqpoSyYBuAQc5j +zR8XCJmk9e8+EsdMsFeaXHhAePxFjdqRZ9w6Ubltc+a3OY52OrQfBfVpVfmTz3iI +Sr6qm9d7R1tGBEyCFqY19vx039a0r9jitScRdFmiwmYsaArhmIiIPIoFdRTjuK7z +CISbasE/MRivJ6VLm6T9eTHemD0OYcqHmMH4ijCc+j4z1aXEAwfh95Z0GAAnOCfR +K6qq4UFFi2/xJcLcopeVx0IUM115hCNq52XAV6DYXaljAeew5Ivo+MVjuOVsdJA9 +x3f8K7p56aTGEnin/wIDAQABo2AwXjAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjAfBgNVHSMEGDAWgBQXFYWJCS8kh28/HRvk8pZ5g0gTzjAdBgNVHQ4EFgQU +FxWFiQkvJIdvPx0b5PKWeYNIE84wDQYJKoZIhvcNAQELBQADggEBAFrwHNDUUM9B +fua4nX3DcNBeNv9ujnov3kgR1TQuPLdFwlQlp+HBHjeDtpSutkVIA+qVvuucarQ3 +XB8u02uCgUNbCj8RVWOs+nwIAjegPDkEM/6XMshS5dklTbDG7mgfcKpzzlcD3H0K +DTPy0lrfCmw7zBFRlxqkIaKFNQLXgCLShLL4wKpov9XrqsMLq6F8K/f1O4fhVFfs +BSTveUJO84ton+Ruy4KZycwq3FPCH3CDqyEPVrRI/98HIrOM+R2mBN8tAza53W/+ +MYhm/2xtRDSvCHc+JtJy9LtHVpM8mGPhM7uZI5K1g3noHZ9nrWLWidb2/CfeMifL +hNp3hSGhEiEwIjAKBggrBgEFBQcDAwwUTHV4VHJ1c3QgR2xvYmFsIFJvb3Q= +-----END TRUSTED CERTIFICATE----- + +# LuxTrust Global Root 2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQEL +BQAwRjELMAkGA1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNV +BAMMFkx1eFRydXN0IEdsb2JhbCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUw +MzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEWMBQGA1UECgwNTHV4VHJ1c3QgUy5B +LjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wmKb3F +ibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTem +hfY7RBi2xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1 +EMShduxq3sVs35a0VkBCwGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsn +Xpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4 +zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkmFRseTJIpgp7VkoGSQXAZ +96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niFwpN6cj5m +j5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4g +DEa/a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+ +8kPREd8vZS9kzl8UubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2j +X5t/Lax5Gw5CMZdjpPuKadUiDTSQMC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmH +hFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB/zBCBgNVHSAEOzA5MDcGByuB +KwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5Lmx1eHRydXN0 +Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT ++Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQEL +BQADggIBAGoZFO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9 +BzZAcg4atmpZ1gDlaCDdLnINH2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTO +jFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW7MM3LGVYvlcAGvI1+ut7MV3CwRI9 +loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIuZY+kt9J/Z93I055c +qqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWAVWe+ +2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/ +JEAdemrRTxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKre +zrnK+T+Tb/mjuuqlPpmt/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQf +LSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+ +x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31IiyBMz2TWuJdGsE7RKlY6 +oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrrMCQwCgYIKwYB +BQUHAwMMFkx1eFRydXN0IEdsb2JhbCBSb290IDI= +-----END TRUSTED CERTIFICATE----- + +# MULTICERT Root Certification Authority 01 +-----BEGIN TRUSTED CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIIVE2lvEA1VlowDQYJKoZIhvcNAQELBQAwgYUxCzAJBgNV +BAYTAlBUMUIwQAYDVQQKDDlNVUxUSUNFUlQgLSBTZXJ2acOnb3MgZGUgQ2VydGlm +aWNhw6fDo28gRWxlY3Ryw7NuaWNhIFMuQS4xMjAwBgNVBAMMKU1VTFRJQ0VSVCBS +b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDAxMB4XDTE0MDQwNDA4NTk0N1oX +DTM5MDQwNDA4NTk0N1owgYUxCzAJBgNVBAYTAlBUMUIwQAYDVQQKDDlNVUxUSUNF +UlQgLSBTZXJ2acOnb3MgZGUgQ2VydGlmaWNhw6fDo28gRWxlY3Ryw7NuaWNhIFMu +QS4xMjAwBgNVBAMMKU1VTFRJQ0VSVCBSb290IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IDAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAztw/9BluuxVp +hvTkzec6cDvHmos7gwCBW/sgFlq+v1gAXynmV29+iiwVB1waY4xCXxbd2omERVcX +lqCcoXUiQRo6/cUXkRP2vmIKvG4lLVvAjBBm9+LW+9xIMaMaqOVNSMmiHHP+j2ZA +Y3dZBzw9FJ/U94WR0MNC9Rths3eAgCptEgKWi1HZwW8nCxoHNAD/0llMKejXGWPY +kbQ//I4OJfKhEgdlyjXeq/4WowiMr39+EvRZFgUf6K10eTL3eAK2tMyr2x44YQQZ +ekFA2loRZHUC/WTR1pRCDyLnZc2vkA4MWzEBmVHvRYx9pTjannxL5Kbos6SC1gM0 +Lk+3Uat3OAn1Bv7cZhsPP/p974xVvuANhpWh3L3EwwjRRR7yvb5w8eYmxrsIsSil +wqXtiNahwPsj8Sc5zOGEBxm8fvbMOP9uELtG6SOJJIH/AOJRANxSUH0TUH0WPUCN +07/5imXYYhIpd8K6wkk0T4p5aclLFfM03s+vhuLlyKlWYUwGVFrFbBnq88hEzSQa +dtFxAFlr2XWbzv0Q/rGDoqW3koZ2m0r3HdyMhaZYrYqmaGkXyW0bps8nSyks3XFC +GokQ5dWbEl9Ji4S82Ahc+884Qq++0W57kapmQMUFfivQZrbH31L+9EVtI5IhnhIB +kHOD4qUJDdfA+IWVHmPRPzXalNE32fUCAwEAAaNjMGEwHQYDVR0OBBYEFNU5HJxb +bwSqopVM7yDdKXSkxUVxMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1Tkc +nFtvBKqilUzvIN0pdKTFRXEwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUA +A4ICAQA/51/zIhbeg54g5ILn5Z53yfsrsHQN3xt0Ig9zEKGwF+xMDNQocGpmckRp +EJN2Nc8v+I88qxl8cZKVcRs3FcIbKHrvbng43/uPmwEg3K/21o0JZtrERqn8lapE +IxLfR8CwFey1sZ5sD5GqpjrlwQ1gbFBAcFxcyM6zzOvtqogZVqWkyAx65XZAZzO0 +PZbcd8sjePlTW8+N3rGnjlp6ojJjo4jXJWFaXUk6cubPqpSGbG73guCOZ5MoxagN +Te84rXlKZo2EAQgEefNSxkHnmmIGs/USHuzZAEPT65Z3dOF5+RSUhG26VIIFjN8B +8jCIgax6L4tDLHY0zjXnh45OCwqlGlexU1q/a9i+AH7G+e5mMQix35QzhJx3T3tk +L++OD1koIsvwXD4r/TXWlf8D7GVSfr7yGfh71VIsUneakWZBcI3VSecLSH+Krt5F +Pd3+5tLkksN7zjCgSW43rajTLLY9niHbBlfi8K4G+9nFETehe9sdEXxodiA+9byl +2Wa1Ia1FJsZdHgKjQcTUfYEZyxeXBg/m7HQARsR13T3wQzSvprz89oL7z8X6sw8l +pT9mENaegqXbOhN53o2p16aNhtIv2WkN4nV4fklfIquGcChRs3q2oHn61OWDp7B3 +ytsBgu/ivk0v08BN0ONpbnwmm+um+0XvsQSKL6ohBvbm1LxBIzA3MAoGCCsGAQUF +BwMDDClNVUxUSUNFUlQgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAwMQ== +-----END TRUSTED CERTIFICATE----- + +# Macao Post eSignTrust Root Certification Authority (G02) +-----BEGIN TRUSTED CERTIFICATE----- +MIIFljCCA36gAwIBAgIQUqy+BxFJl7sfv4cbJRe/pDANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJNTzETMBEGA1UEChMKTWFjYW8gUG9zdDFBMD8GA1UEAxM4TWFj +YW8gUG9zdCBlU2lnblRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +KEcwMikwHhcNMTAwMTA2MDAwMDAwWhcNMjAwMTA1MjM1OTU5WjBlMQswCQYDVQQG +EwJNTzETMBEGA1UEChMKTWFjYW8gUG9zdDFBMD8GA1UEAxM4TWFjYW8gUG9zdCBl +U2lnblRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKEcwMikwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2+IendMxdI16uq5bc1yQoHaQU +ZtegaIxenUXU1CnTswvrrRbqnVIRyaThcOXdvg4cEXfrn6NweBePuT4XU2mp6/VV ++ZWX6d85dp4fUhe0GwAS0M0846pJ0Z5BNzb1Yc0jD1ex9k3T2w1CUwKI9PCphotX +z3IK1ZRLWto35T1HWWe+045W1Vc50Cfbn0lPqBZUv3hfzxydXqELjIMDswwUyVqp +u//GrlnP9WUfI4kBU4rVWxedm/+YUQ9DSfeqLO3l6YY6M1Bz3FKla2OE6ROifMd3 +GvOqqQ0LTk4dRMNyO5lZ50EiOyxUXhIxlmhBGdXtdae5V1sR9pqkSS9i8wuYURuz +M0LSzNRhGcPT3Jv7k7JizTb7jOkabhqxOSSOXdk+O4Z8iOa3JwP4lVGwv1A3/vhO +EwEbJy2bktByV9ejmlboa6P3Vd5AXeIIH1y7UaaetN0OphpZYmeGcxCVnZXNur/Y +nCoOi3aZk9RLsOhUPw3YivmAz0H9AXpFfH3WPU75Yk9BJXyqbVhWGwe0c6ofER88 +ulMj4O1KzZaJ3EjQTWLLkwf2oK5TF3xfXAccBUyrTGqqwg+gGWt5ecJ8s6n9PfvM +fHHFu74lbSGn+9a+YPO1qalsdBg/qJ5CYEHyOS0dwg1z8uCxtkoaGL13aRnX0nqx +3JY1mtgmhYO2EynC4wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB +/wQEAwIBBjAdBgNVHQ4EFgQUAoG3tmb4kkVtwnHSn+wv07ofuf8wDQYJKoZIhvcN +AQEFBQADggIBAFhTi77PQbJPttXeSmjNZc/GQIqsS5pbY2298T9ZUELQ35rjX1aR +s1ub2UUGQ++TG/0zdx0GVDhI8VSMOlNrO3E1CXZl6VcPQ/aRmt4Qu7pokioly2dE +CWu/nZdmy6lFtr43mR11Jb49PGNsv6kTR8dyjMvDz/T2hwWZiReoNCDx36EnZ9On +I++rWYM9GtgqzcKtSjAMBjogi6T42kY3Qy60iR2Ec4pgvmQxJ0LA63JhbczefHMr +6L85Ql55keyAG6o2dk4h6IYElwkoy0fnQNQsXhpeSPqux+kE6kckm77xR57V1XrR +XtSF8gsjBJjUK5pWckZMQZoz8JK0v0HUvZuws/H1E9avW9Ty0UHwR116vHpZ8X1g +aJQOSk+BkiKqH8Q8vhw6OkzwcKF/u5/c0sWk8SZu4fMmqXD78YmWYhVcWaC1I/qW +arIakj0NJEoruAj+b9/cwu6W/86/e7j5hO9BO+RNuYeRusZfyO3wy4vTD5H2IN6R +mMbnSGTRzlMS7sQVbdyAUBsTYE95W/wanP6in6ARM5HJS206ZpYt0zj42ZmBtEQm +f7HnnnBtHW31IgnkrBk2+ycF2Hqb2byeG9oZN9jx3RWYZBuPU/AonawUul9pz5Yj +7lasmc06j9VeGeZiEzpf64tfFsA74dGTj1ZhNwXQeRv9qLwPedKz5tNmMEYwCgYI +KwYBBQUHAwMMOE1hY2FvIFBvc3QgZVNpZ25UcnVzdCBSb290IENlcnRpZmljYXRp +b24gQXV0aG9yaXR5IChHMDIp +-----END TRUSTED CERTIFICATE----- + +# Microsec e-Szigno Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIHqDCCBpCgAwIBAgIRAMy4579OKRr9otxmpRwsDxEwDQYJKoZIhvcNAQEFBQAw +cjELMAkGA1UEBhMCSFUxETAPBgNVBAcTCEJ1ZGFwZXN0MRYwFAYDVQQKEw1NaWNy +b3NlYyBMdGQuMRQwEgYDVQQLEwtlLVN6aWdubyBDQTEiMCAGA1UEAxMZTWljcm9z +ZWMgZS1Temlnbm8gUm9vdCBDQTAeFw0wNTA0MDYxMjI4NDRaFw0xNzA0MDYxMjI4 +NDRaMHIxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEWMBQGA1UEChMN +TWljcm9zZWMgTHRkLjEUMBIGA1UECxMLZS1Temlnbm8gQ0ExIjAgBgNVBAMTGU1p +Y3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDtyADVgXvNOABHzNuEwSFpLHSQDCHZU4ftPkNEU6+r+ICbPHiN1I2u +uO/TEdyB5s87lozWbxXGd36hL+BfkrYn13aaHUM86tnsL+4582pnS4uCzyL4ZVX+ +LMsvfUh6PXX5qqAnu3jCBspRwn5mS6/NoqdNAoI/gqyFxuEPkEeZlApxcpMqyabA +vjxWTHOSJ/FrtfX9/DAFYJLG65Z+AZHCabEeHXtTRbjcQR/Ji3HWVBTji1R4P770 +Yjtb9aPs1ZJ04nQw7wHb4dSrmZsqa/i9phyGI0Jf7Enemotb9HI6QMVJPqW+jqpx +62z69Rrkav17fVVA71hu5tnVvCSrwe+3AgMBAAGjggQ3MIIEMzBnBggrBgEFBQcB +AQRbMFkwKAYIKwYBBQUHMAGGHGh0dHBzOi8vcmNhLmUtc3ppZ25vLmh1L29jc3Aw +LQYIKwYBBQUHMAKGIWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNydDAP +BgNVHRMBAf8EBTADAQH/MIIBcwYDVR0gBIIBajCCAWYwggFiBgwrBgEEAYGoGAIB +AQEwggFQMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3LmUtc3ppZ25vLmh1L1NaU1ov +MIIBIgYIKwYBBQUHAgIwggEUHoIBEABBACAAdABhAG4A+gBzAO0AdAB2AOEAbgB5 +ACAA6QByAHQAZQBsAG0AZQB6AOkAcwDpAGgAZQB6ACAA6QBzACAAZQBsAGYAbwBn +AGEAZADhAHMA4QBoAG8AegAgAGEAIABTAHoAbwBsAGcA4QBsAHQAYQB0APMAIABT +AHoAbwBsAGcA4QBsAHQAYQB0AOEAcwBpACAAUwB6AGEAYgDhAGwAeQB6AGEAdABh +ACAAcwB6AGUAcgBpAG4AdAAgAGsAZQBsAGwAIABlAGwAagDhAHIAbgBpADoAIABo +AHQAdABwADoALwAvAHcAdwB3AC4AZQAtAHMAegBpAGcAbgBvAC4AaAB1AC8AUwBa +AFMAWgAvMIHIBgNVHR8EgcAwgb0wgbqggbeggbSGIWh0dHA6Ly93d3cuZS1zemln +bm8uaHUvUm9vdENBLmNybIaBjmxkYXA6Ly9sZGFwLmUtc3ppZ25vLmh1L0NOPU1p +Y3Jvc2VjJTIwZS1Temlnbm8lMjBSb290JTIwQ0EsT1U9ZS1Temlnbm8lMjBDQSxP +PU1pY3Jvc2VjJTIwTHRkLixMPUJ1ZGFwZXN0LEM9SFU/Y2VydGlmaWNhdGVSZXZv +Y2F0aW9uTGlzdDtiaW5hcnkwDgYDVR0PAQH/BAQDAgEGMIGWBgNVHREEgY4wgYuB +EGluZm9AZS1zemlnbm8uaHWkdzB1MSMwIQYDVQQDDBpNaWNyb3NlYyBlLVN6aWdu +w7MgUm9vdCBDQTEWMBQGA1UECwwNZS1TemlnbsOzIEhTWjEWMBQGA1UEChMNTWlj +cm9zZWMgS2Z0LjERMA8GA1UEBxMIQnVkYXBlc3QxCzAJBgNVBAYTAkhVMIGsBgNV +HSMEgaQwgaGAFMegSXUWYYTbMUuE0vE3QJDvTtz3oXakdDByMQswCQYDVQQGEwJI +VTERMA8GA1UEBxMIQnVkYXBlc3QxFjAUBgNVBAoTDU1pY3Jvc2VjIEx0ZC4xFDAS +BgNVBAsTC2UtU3ppZ25vIENBMSIwIAYDVQQDExlNaWNyb3NlYyBlLVN6aWdubyBS +b290IENBghEAzLjnv04pGv2i3GalHCwPETAdBgNVHQ4EFgQUx6BJdRZhhNsxS4TS +8TdAkO9O3PcwDQYJKoZIhvcNAQEFBQADggEBANMTnGZjWS7KXHAM/IO8VbH0jgds +ZifOwTsgqRy7RlRw7lrMoHfqaEQn6/Ip3Xep1fvj1KcExJW4C+FEaGAHQzAxQmHl +7tnlJNUb3+FKG6qfx1/4ehHqE5MAyopYse7tDk2016g2JnzgOsHVV4Lxdbb9iV/a +86g4nzUGCM4ilb7N1fy+W955a9x6qWVmvrElWl/tftOsRm1M9DKHtCAE4Gx4sHfR +hUZLphK3dehKyVZs15KrnfVJONJPU+NVkBHbmJbGSfI+9J8b4PeI3CVimUTYc78/ +MPMMNz7UwiiAc7EBt51alhQBS6kRnSlqLtBdgcDPsiBDxwPgN05dCtxZICUwJzAK +BggrBgEFBQcDAwwZTWljcm9zZWMgZS1Temlnbm8gUm9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Microsec e-Szigno Root CA 2009 +-----BEGIN TRUSTED CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 +ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G +CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y +OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx +FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp +Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP +kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc +cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U +fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 +N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC +xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 ++rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM +Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG +SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h +mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk +ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c +2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t +HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCWMEAwHgYIKwYBBQUHAwQGCCsG +AQUFBwMBBggrBgEFBQcDAwweTWljcm9zZWMgZS1Temlnbm8gUm9vdCBDQSAyMDA5 +-----END TRUSTED CERTIFICATE----- + +# Microsoft ECC Product Root Certificate Authority 2018 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDIzCCAqigAwIBAgIQFJgmZtx8zY9AU2d7uZnshTAKBggqhkjOPQQDAzCBlDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v +bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE+MDwGA1UEAxM1TWlj +cm9zb2Z0IEVDQyBQcm9kdWN0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw +MTgwHhcNMTgwMjI3MjA0MjA4WhcNNDMwMjI3MjA1MDQ2WjCBlDELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV +BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE+MDwGA1UEAxM1TWljcm9zb2Z0IEVD +QyBQcm9kdWN0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTgwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATHERYqdh1Wjr65YmXUw8608MMw7I9t1245vMhJq6u4 +40N41YEGXe/HfZ/O1rOQdd4MsJDeI7rI0T5n4BmpG4YxHl80Le4X/RX7fieKMqHq +yY/JfhjLLzssSHp9pvQBB6yjgbwwgbkwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB +/wQFMAMBAf8wHQYDVR0OBBYEFEPvcIe4nb/siBncxsRrdQ11NDMIMBAGCSsGAQQB +gjcVAQQDAgEAMGUGA1UdIAReMFwwBgYEVR0gADBSBgwrBgEEAYI3TIN9AQEwQjBA +BggrBgEFBQcCARY0aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2Nz +L1JlcG9zaXRvcnkuaHRtADAKBggqhkjOPQQDAwNpADBmAjEAocBJRF0yVSfMPpBu +JSKdJFubUTXHkUlJKqP5b08czd2c4bVXyZ7CIkWbBhVwHEW/AjEAxdMo63LHPrCs +Jwl/Yj1geeWS8UUquaUC5GC7/nornGCntZkU8rC+8LsFllZWj8FoMEMwCgYIKwYB +BQUHAwMMNU1pY3Jvc29mdCBFQ0MgUHJvZHVjdCBSb290IENlcnRpZmljYXRlIEF1 +dGhvcml0eSAyMDE4 +-----END TRUSTED CERTIFICATE----- + +# Microsoft ECC Root Certificate Authority 2017 +-----BEGIN TRUSTED CERTIFICATE----- +MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYD +VQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw +MTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4MjMxNjA0WjBlMQswCQYDVQQGEwJV +UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNy +b3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZR +ogPZnZH6thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYb +hGBKia/teQ87zvH2RPUBeMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBTIy5lycFIM+Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3 +FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlfXu5gKcs68tvWMoQZP3zV +L8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaReNtUjGUB +iudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3MwOzAKBggrBgEFBQcDAQwtTWlj +cm9zb2Z0IEVDQyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3 +-----END TRUSTED CERTIFICATE----- + +# Microsoft ECC TS Root Certificate Authority 2018 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDFzCCAp6gAwIBAgIQFTh14WR+0bBHtO+vQRKCRTAKBggqhkjOPQQDAzCBjzEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v +bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE5MDcGA1UEAxMwTWlj +cm9zb2Z0IEVDQyBUUyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE4MB4X +DTE4MDIyNzIwNTEzNFoXDTQzMDIyNzIxMDAxMlowgY8xCzAJBgNVBAYTAlVTMRMw +EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN +aWNyb3NvZnQgQ29ycG9yYXRpb24xOTA3BgNVBAMTME1pY3Jvc29mdCBFQ0MgVFMg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxODB2MBAGByqGSM49AgEGBSuB +BAAiA2IABN7Nu3Ag8SUgtJTo17Q7D26H3ausz01AL4Eza1kJGNaHDSYjnLSNlZ12 +n6W5BkLmrTayxLOuejwI1cudOl5FIWwL4yD1m8LdRDPjQrnq8ihCkqr+DAfKihOZ +O2IA7drzNaOBvDCBuTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQU6EfIQpqwna5vCyg7mBWP47HogLIwEAYJKwYBBAGCNxUBBAMCAQAw +ZQYDVR0gBF4wXDAGBgRVHSAAMFIGDCsGAQQBgjdMg30BATBCMEAGCCsGAQUFBwIB +FjRodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9y +eS5odG0AMAoGCCqGSM49BAMDA2cAMGQCMBSGUMAmGuvqoRR3OlvfYzmlM8dQQNVr +NWsPtN99VrnhpZ14GYKhQ24a11ijVQNC2wIwGJS0HjqNZPoMJxuHE0rStzoAlMby +5WO/r+P63JPV50aaa4FpPgLfUQ2PKHFBiZEvMD4wCgYIKwYBBQUHAwMMME1pY3Jv +c29mdCBFQ0MgVFMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxOA== +-----END TRUSTED CERTIFICATE----- + +# Microsoft Identity Verification Root Certificate Authority 2020 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFzDCCA7SgAwIBAgIQVJjS0dRbGZVIE3nIEcCHmTANBgkqhkiG9w0BAQwFADB3 +MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMUgw +RgYDVQQDEz9NaWNyb3NvZnQgSWRlbnRpdHkgVmVyaWZpY2F0aW9uIFJvb3QgQ2Vy +dGlmaWNhdGUgQXV0aG9yaXR5IDIwMjAwHhcNMjAwNDE2MTgzNjE2WhcNNDUwNDE2 +MTg0NDQwWjB3MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv +cmF0aW9uMUgwRgYDVQQDEz9NaWNyb3NvZnQgSWRlbnRpdHkgVmVyaWZpY2F0aW9u +IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMjAwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCzkSoHgwZn/Z6d4MfAt6TmQgR/D6bbX/vVWtdFoPt3 +C/CA86ZtWk15U9ighoRXRSDHolT7x6K/isduNfOiFcQvTuNKhZZJDf++mdgU9rwn +B+5Cmyv1C5IG5P1pE2WokXLymITrgz0O5NdxEkghyw3t9kdJt5v5yccXtoRP/7is +mtdzZ0mF44a9N0DQJYbU3rXCbWJq1al4vC1vSfnlbBQU/RTH02UWN97LbrxeKY39 +YpsVLNYF5rmJMjOjYsfX1lJnCMQu9FYrnguHzOyntKaq6wXNGVelOgsEJxyRZ54t +Yi0vHr7awCDLBBnKM/uJvpjicqByNb554ZyDb+RtF2+Q8z0AhnU4jtDgSZq729P4 +MMrVV4hoTXLTv21/cdj9vQ2ukmRIt1tveSa1zZuVIYTR7w8yPXtXjPNFB0x84F4Y +DjV2i22eyzZ0qwX44HNdMlaUZ5clCsY1PZSX58FEi4D9wfj0dBnlMPYG+yFXPgYc +i2sVhidJe4KTylnodUfoPzj0x1N5oLa04lxR771fOMET5ngMlVouxUBZKMwPJMDs +ugl3I5k4prYc2se6ILbXN9h/N68I4ztx225zG32ZcrDkhjNZdLUWAHtQbcaGE9r9 +xDmCPSQAmmDaupTABVEsNKxQmROHu7MFgLJNMAJcuCaDXbRjc++uI5VPYCi+N9Vb +pQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUyH7SaoUqG8oZmAQHJ89QEE9oqKIwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ +KoZIhvcNAQEMBQADggIBAK9q3eYZ5y2UQxlOy+lQlWSlA5ECi+I2gDsVolLCFhm2 +alpddEMw9Jv/YHQJsSEekBZtxSSPXGaIY/RPzH3yEkxAEIsBn9qpyK7ylRvPnQXr +ST50oGhb5VYsZRyCflPaVtlGF3mSRcQQNghSKRfLL6byftRpJIoej7BzDcwcSquy +qu2nkWMBZCKoMrh+MiizZ3MtkbTcMQEL90cKpvHXSu1WYMQsCKN7QLC8dCdSh9a+ +iN03ioluZ4gd9cldoP62qzqA1xqXPBc2IkEerE3Vg+Y8OL1PMOlUqdO2BMMydmG7 +sBjFKxizwIDVt5WwXlFNIvzsWKro2JS0pS7tkt7nGHwhV91VY/e/bc0f0qZ3KHDH +4ls6WwjSW07IAJaz4YM2r4YKZVx09ursemp0oPBL7u+Uo6xQ8oft1zowg8n7fVe+ +5eP4QcrlZK6zo+xY7IWazO+56vNWGLlcc5qvxXcXg1nbNxoYclSlQdK2I3WjQ5rl +d3yWebdBjb/s3ICgn9F3dVhfNRPgJRpnC33OJfoHCuRhIdjUHOUHxjaZ9JbQxhX+ +Ts3Xroud2xb9BMaSvdSI5qmjqrv3ZDg7X8wM0DW+dBkDpsWqTKJhNoI+HfMrvJdd +20t4Oy31O+9gI+j17AsjNpWvmGa/U9N7uGlKKpZmacSUxvRfbqyYeIiABlyisu2i +ME0wCgYIKwYBBQUHAwMMP01pY3Jvc29mdCBJZGVudGl0eSBWZXJpZmljYXRpb24g +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAyMA== +-----END TRUSTED CERTIFICATE----- + +# Microsoft RSA Root Certificate Authority 2017 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBl +MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw +NAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 +IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIwNzE4MjMwMDIzWjBlMQswCQYDVQQG +EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1N +aWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZ +Nt9GkMml7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0 +ZdDMbRnMlfl7rEqUrQ7eS0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1 +HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw71VdyvD/IybLeS2v4I2wDwAW9lcfNcztm +gGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+dkC0zVJhUXAoP8XFWvLJ +jEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49FyGcohJUc +aDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaG +YaRSMLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6 +W6IYZVcSn2i51BVrlMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4K +UGsTuqwPN1q3ErWQgR5WrlcihtnJ0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH ++FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJClTUFLkqqNfs+avNJVgyeY+Q +W5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZC +LgLNFgVZJ8og6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OC +gMNPOsduET/m4xaRhPtthH80dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6 +tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk+ONVFT24bcMKpBLBaYVu32TxU5nh +SnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex/2kskZGT4d9Mozd2 +TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDyAmH3 +pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGR +xpl/j8nWZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiApp +GWSZI1b7rCoucL5mxAyE7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9 +dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKTc0QWbej09+CVgI+WXTik9KveCjCHk9hN +AHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D5KbvtwEwXlGjefVwaaZB +RA+GsCyRxj3qrg+EMDswCgYIKwYBBQUHAwEMLU1pY3Jvc29mdCBSU0EgUm9vdCBD +ZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNw== +-----END TRUSTED CERTIFICATE----- + +# Microsoft Root Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAx +KzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAc +BgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0 +IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFow +cDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEe +MBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3Nv +ZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR5 +7qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbB +RucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55Er +GOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgko +IQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJc +PMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw +72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBN +aWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEh +MB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs +30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4F +kYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+ +Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH +/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdS +VLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQc +BOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qAwJjAKBggrBgEF +BQcDAwwYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5 +-----END TRUSTED CERTIFICATE----- + +# Microsoft Root Certificate Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIFmTCCA4GgAwIBAgIQea0WoUqgpa1Mc1j0BxMuZTANBgkqhkiG9w0BAQUFADBf +MRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0 +MS0wKwYDVQQDEyRNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw +HhcNMDEwNTA5MjMxOTIyWhcNMjEwNTA5MjMyODEzWjBfMRMwEQYKCZImiZPyLGQB +GRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0MS0wKwYDVQQDEyRNaWNy +b3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDzXfqAZ9Rap6kMLJAg0DUIPHWEzbcHiZyJ2t7Ow2D6 +kWhanpRxKRh2fMLgyCV2lA5Y+gQ0Nubfr/eAuulYCyuT5Z0F43cikfc0ZDwikR1e +4QmQvBT+/HVYGeF5tweSo66IWQjYnwfKA1j8aCltMtfSqMtL/OELSDJP5uu4rU/k +XG8TlJnbldV126gat5SRtHdb9UgMj2p5fRRwBH1tr5D12nDYR7e/my9s5wW34RFg +rHmRFHzF1qbk4X7Vw37lktI8ALU2gt554W3ztW74nzPJy1J9c5g224uha6KVl5uj +3sJNJv8GlmclBsjnrOTuEjOVMZnINQhONMp5U9W1vmMyWUA2wKVOBE0921sHM+RY +v+8/U2TYQlk1V/0PRXwkBE2e1jh0EZcikM5oRHSSb9VLb7CG48c2QqDQ/MHAWvmj +YbkwR3GWChawkcBCle8Qfyhq4yofseTNAz93cQTHIPxJDx1FiKTXy36IrY4t7EXb +xFEEySr87IaemhGXW97OU4jm4rf9rJXCKEDb7wSQ34EzOdmyRaUjhwalVYkxuwYt +YA5BGH0fLrWXyxHrFdUkpZTvFRSJ/Utz+jJb/NEzAPlZYnAHMuouq0Ate8rdIWcb +MJmPFqojqEHRsG4RmzbE3kB0nOFYZcFgHnpbOMiPuwQmfNQWQOW2a2yqhv0Av87B +NQIDAQABo1EwTzALBgNVHQ8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQUDqyCYEBWJ5flJRP8KuEKU5VZ5KQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI +hvcNAQEFBQADggIBAMURTQM6YN1dUhF3j7K7NsiyBb+0t6jYIJ1cEwO2HCL6BhM1 +tshj1JpHbyZX0lXxBLEmX9apUGigvNK4bszD6azfGc14rFl0rGY0NsQbPmw4TDMO +MBINoyb+UVMA/69aToQNDx/kbQUuToVLjWwzb1TSZKu/UK99ejmgN+1jAw/8EwbO +FjbUVDuVG1FiOuVNF9QFOZKaJ6hbqr3su77jIIlgcWxWs6UT0G0OI36VA+1oPfLY +Y7hrTbboMLXhypRL96KqXZkwsj2nwlFsKCABJCcrSwC3nRFrcL6yEIK8DJto0I07 +JIeqmShynTNfWZC99d6TnjpiWjQ54ohVHbkGsMGJay3XacMZEjaE0Mmg2v8vaXiy +5Xra69cMwPe9Yxe4ORM4ojZbe/KFVmodZGLBOOKqv1FmopT1EpxmIhBr8rcwki3y +KfA9OxRDaKLxnCk3y844ICVtfGfzfiQSJAMIgUfspZ6X9RjXz7vV73aW7/3O21ad +laBC+ZdY4dcxItNfWeY+biIA6kOEtiXb2fMIVmjAZGsdfOy2k6JiV24u2OdYj8Qx +SSbd3ik1h/UwcXBbFDxpvYkSfesuo/7Yf56CWlIKK8FDK9kwiJ/IEPuJjeahhXUz +fmye23MTZGJppS99ypZtn/gETTCSPW4hFCHJPeDD/YprnUr90aGdmUN3P7DaMDIw +CgYIKwYBBQUHAwMMJE1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 +eQ== +-----END TRUSTED CERTIFICATE----- + +# Microsoft Root Certificate Authority 2010 +-----BEGIN TRUSTED CERTIFICATE----- +MIIF7TCCA9WgAwIBAgIQKMw6Jb+6RKxEmptYa0M5qjANBgkqhkiG9w0BAQsFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl +ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMp +TWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMTAw +NjIzMjE1NzI0WhcNMzUwNjIzMjIwNDAxWjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv +c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm +aWNhdGUgQXV0aG9yaXR5IDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQC5CJ4o5OTsBk5QaLNBxXvrrraOr4G6IkQfZTRpTL5wQBfyFnvief2G7Q05 +9BuorZKQHss9do9a2bWREC48BY2KbSRU5x/tVq2DtFCcFaUXdIhZIPwIxYR202jU +byh4zly481CQRP/jY1++oZoslhUE1gf+HoQh4EIxEcQoNpTPUKRinsnWq3EAslsM +5pbUCiSW9f/G1bcb18u3IWKvEtyhXTfjGvsaRpjAm8DnYx8qCJMCfh5qjvKfGInk +IoWisYRXQP/1DthvnO3iRTEBzRfpf7CBReOqIUAmoXKqp088AQV+7oNYsV4GY5li +kXiCtw2TDCRqtBvbJ+xflQQ/k0ow9ZcYs6f5GaeTMx0ByNsiUlzXJclG+aL7h1lD +vptisY0thkQaRqx4YX4wCfquicRBKiJmA5E5RZzHiwyoyg0v+1LqDPdjMyOd/rAf +rWfWp1ADxgRwY7UssYZaQ7f7rvluKW4hIUEmBozJw+6wwoWTobmF2eYybEtMP9Zd +o+W1nXfDnMBVt3QA47g4q4OXUOGaQiQdxsCjMNEaWshSNPdz8ccYHzOteuzLQWDz +I5QgwkhFrFxRxi6AwuJ3Fb2Fh+02nZaR7gC1o3Dsn+ONgGiDdrqvXXBSIhbiZvu6 +s8XC9z4vd6bK3sGmxkhMwzdRI9Mn17hOcJbwoUR2r3jPmuFmEwIDAQABo1EwTzAL +BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU1fZWy4/oolxi +aNE9lJBb186aGMQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQELBQADggIB +AKylloy/u66m9tdxh0MxVoj9HDJxWzW31PCR8q834hTx8wImBT4WFH8UurhP+4my +sufUCcxtuVs7ZGVwZrfysVrfGgLz9VG4Z215879We+SEuSsem0CcJjT5RxiYadgc +17bRv49hwmfEte9gQ44QGzZJ5CDKrafBsSdlCfjN9Vsq0IQz8+8f8vWcC1iTN6B1 +oN5y3mx1KmYi9YwGMFafQLkwqkB3FYLXi+zA07K9g8V3DB6urxlToE15cZ8PrzDO +Z/nWLMwiQXoH8pdCGM5ZeRBV3m8Q5Ljag2ZAFgloI1uXLiaaArtXjMW4umliMoCJ +nqH9wJJ8eyszGYQqY8UAaGL6n0eNmXpFOqfp7e5pQrXzgZtHVhB7/HA2hBhz6u/5 +l02eMyPdJgu6Krc/RNyDJ/+9YVkrEbfKT9vFiwwcMa4y+Pi5Qvd/3GGadrFaBOER +PWZFtxhxvskkhdbz1LpBNF0SLSW5jaYTSG1LsAd9mZMJYYF0VyaKq2nj5NnHiMwk +2OxSJFwevJEU4pbe6wrant1fs1vb1ILsxiBQhyVAOvvH7s3+M+Vuw4QJVQMlOcDp +NV1lMaj2v6AJzSnHszYyLtyV84PBWs+LjfbqsyH4pO0eMQ62TBGrYAukEiMiF6M2 +ZIKRBBLgq28ey1AFYbRA/1mGcdHVM2l8qXOKONdkDPFpMDcwCgYIKwYBBQUHAwMM +KU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEw +-----END TRUSTED CERTIFICATE----- + +# Microsoft Root Certificate Authority 2011 +-----BEGIN TRUSTED CERTIFICATE----- +MIIF7TCCA9WgAwIBAgIQP4vItfyfspZDtWnWbELhRDANBgkqhkiG9w0BAQsFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl +ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMp +TWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEw +MzIyMjIwNTI4WhcNMzYwMzIyMjIxMzA0WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv +c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm +aWNhdGUgQXV0aG9yaXR5IDIwMTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCygEGqNThNE3IyaCJNuLLx/9VSvGzH9dJKjDbu0cJcfoyKrq8TKG/Ac+M6 +ztAlqFo6be+ouFmrEyNozQwph9FvgFyPRH9dkAFSWKxRxV8qh9zc2AodwQO5e7BW +6KPeZGHCnvjzfLnsDbVU/ky2ZU+I8JxImQxCCwl8MVkXeQZ4KI2JOkwDJb5xalwL +54RgpJki49KvhKSn+9GY7Qyp3pSJ4Q6g3MDOmT3qCFK7VnnkH4S6Hri0xElcTzFL +h93dBWcmmYDgcRGjuKVB4qRTufcyKYMME782XgSzS0NHL2vikR7TmE/dQgfI6B0S +/Jmpaz6SfsjWaTr8ZL22CZ3K/QwLopt3YEsDlKQwaRLWQi3BQUzK3Kr9j1uDRprZ +/LHR47PJf0h6zSTwQY9cdNCssBAgBkm3xy0hyFfj0IbzA2j70M5xwYmZSmQBbP3s +MJHPQTySx+W6hh1hhMdfgzlirrSSL0fzC/hV66AfWdC7dJse0Hbm8ukG1xDo+mTe +acY1logC8Ea4PyeZb8txiSk190gWAjWP1Xl8TQLPX+uKg09FcYj5qQ1OcunCnAfP +SRtOBA5jUYxe2ADBVSy2xuDCZU7JNDn1nLPEfuhhbhNfFcRf2X7tHc7uROzLLoax +7Dj2cO2rXBPB2Q8Nx4CyVe0096yb5MPa50c8prWPMd/FS6/r8QIDAQABo1EwTzAL +BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUci06AjGQQ7kU +BU7h6qfHMdEjiTQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQELBQADggIB +AH9yzw+3xRXbm8BJyiZb/p4T5tPw0tuXX/JLP02zrhmu7deXoKzvqTqjwkGw5biR +nhOBJAPmCf0/V0A5ISRW0RAvS0CpNoZLtFNXmvvxfomPEf4YbFGq6O0JlbXlccmh +6Yd1phV/yX43VF50k8XDZ8wNT2uoFwxtCJJ+i92Bqi1wIcM9BhS7vyRep4TXPw8h +Ir1LAAbblxzYXtTFC1yHblCk6MM4pPvLLMWSZpuFXst6bJN8gClYW1e1QGm6CHmm +ZGIVnYeWRbVmIyADixxzoNOieTPgUFmG2y/lAiXqcyqfABTINseSO+lOAOzYVgm5 +M0kS0lQLAausR7aRKX1MtHWAUgHoyoL2n8ysnI8X6i8msKtyrAv+nlEex0NVZ09R +s1fWtuzuUrc66U7h14GIvE+OdbtLqPA1qibUZ2dJsnBMO5PcHd94kIZysjik0dyS +TclY6ysSXNQ7roxrsIPlAT/4CTL2kzU0Iq/dNw13CYArzUgA8YyZGUcFAenRv9FO +0OYoQzeZpApKCNmacXPSqs0xE2N2oTdvkjgefRI8ZjLny23h/FKJ3crWZgWalmG+ +oijHHKOnNlA8OqTfSm7mhzvO6/DggTedEzxSjr25HTTGHdUKaj2YKXCMiSrRq4IQ +SB/c9O+lxbtVGjhjhE63bK2VVOxlIhBJF7jAHscPrFRHMDcwCgYIKwYBBQUHAwMM +KU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEx +-----END TRUSTED CERTIFICATE----- + +# NAVER Global Root Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEM +BQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRG +T1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4NDJaFw0zNzA4MTgyMzU5NTlaMGkx +CzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVTUyBQTEFURk9STSBD +b3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVA +iQqrDZBbUGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH +38dq6SZeWYp34+hInDEW+j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lE +HoSTGEq0n+USZGnQJoViAbbJAh2+g1G7XNr4rRVqmfeSVPc0W+m/6imBEtRTkZaz +kVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2aacp+yPOiNgSnABIqKYP +szuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4Yb8Obtoq +vC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHf +nZ3zVHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaG +YQ5fG8Ir4ozVu53BA0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo +0es+nPxdGoMuK8u180SdOqcXYZaicdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3a +CJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejyYhbLgGvtPe31HzClrkvJE+2K +AQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNVHQ4EFgQU0p+I +36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoN +qo0hV4/GPnrK21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatj +cu3cvuzHV+YwIHHW1xDBE1UBjCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm ++LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bxhYTeodoS76TiEJd6eN4MUZeoIUCL +hr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTgE34h5prCy8VCZLQe +lHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTHD8z7 +p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8 +piKCk5XQA76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLR +LBT/DShycpWbXgnbiUSYqqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX +5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF4+KO +dh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul +9XXeifdyMDcwCgYIKwYBBQUHAwEMKU5BVkVSIEdsb2JhbCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5 +-----END TRUSTED CERTIFICATE----- + +# NetLock Arany (Class Gold) Főtanúsítvány +-----BEGIN TRUSTED CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG +EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 +MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR +dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB +pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM +b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz +IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT +lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz +AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 +VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG +ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 +BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG +AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M +U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh +bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C ++C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F +uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 +XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7EwTjAeBggr +BgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMDDCxOZXRMb2NrIEFyYW55IChDbGFz +cyBHb2xkKSBGxZF0YW7DunPDrXR2w6FueQ== +-----END TRUSTED CERTIFICATE----- + +# NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado +-----BEGIN TRUSTED CERTIFICATE----- +MIIG0TCCBbmgAwIBAgIBezANBgkqhkiG9w0BAQUFADCByTELMAkGA1UEBhMCSFUx +ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0 +b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMUIwQAYDVQQD +EzlOZXRMb2NrIE1pbm9zaXRldHQgS296amVneXpvaSAoQ2xhc3MgUUEpIFRhbnVz +aXR2YW55a2lhZG8xHjAcBgkqhkiG9w0BCQEWD2luZm9AbmV0bG9jay5odTAeFw0w +MzAzMzAwMTQ3MTFaFw0yMjEyMTUwMTQ3MTFaMIHJMQswCQYDVQQGEwJIVTERMA8G +A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh +Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxQjBABgNVBAMTOU5l +dExvY2sgTWlub3NpdGV0dCBLb3pqZWd5em9pIChDbGFzcyBRQSkgVGFudXNpdHZh +bnlraWFkbzEeMBwGCSqGSIb3DQEJARYPaW5mb0BuZXRsb2NrLmh1MIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1Ilstg91IRVCacbvWy5FPSKAtt2/Goq +eKvld/Bu4IwjZ9ulZJm53QE+b+8tmjwi8F3JV6BVQX/yQ15YglMxZc4e8ia6AFQe +r7C8HORSjKAyr7c3sVNnaHRnUPYtLmTeriZ539+Zhqurf4XsoPuAzPS4DB6TRWO5 +3Lhbm+1bOdRfYrCnjnxmOCyqsQhjF2d9zL2z8cM/z1A57dEZgxXbhxInlrfa6uWd +vLrqOU+L73Sa58XQ0uqGURzk/mQIKAR5BevKxXEOC++r6uwSEaEYBTJp0QwsGj0l +mT+1fMptsK6ZmfoIYOcZwvK9UdPM0wKswREMgM6r3JSda6M5UzrWhQIDAMV9o4IC +wDCCArwwEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAQYwggJ1Bglg +hkgBhvhCAQ0EggJmFoICYkZJR1lFTEVNISBFemVuIHRhbnVzaXR2YW55IGEgTmV0 +TG9jayBLZnQuIE1pbm9zaXRldHQgU3pvbGdhbHRhdGFzaSBTemFiYWx5emF0YWJh +biBsZWlydCBlbGphcmFzb2sgYWxhcGphbiBrZXN6dWx0LiBBIG1pbm9zaXRldHQg +ZWxla3Ryb25pa3VzIGFsYWlyYXMgam9naGF0YXMgZXJ2ZW55ZXN1bGVzZW5laywg +dmFsYW1pbnQgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYSBNaW5vc2l0ZXR0IFN6 +b2xnYWx0YXRhc2kgU3phYmFseXphdGJhbiwgYXogQWx0YWxhbm9zIFN6ZXJ6b2Rl +c2kgRmVsdGV0ZWxla2JlbiBlbG9pcnQgZWxsZW5vcnplc2kgZWxqYXJhcyBtZWd0 +ZXRlbGUuIEEgZG9rdW1lbnR1bW9rIG1lZ3RhbGFsaGF0b2sgYSBodHRwczovL3d3 +dy5uZXRsb2NrLmh1L2RvY3MvIGNpbWVuIHZhZ3kga2VyaGV0b2sgYXogaW5mb0Bu +ZXRsb2NrLm5ldCBlLW1haWwgY2ltZW4uIFdBUk5JTkchIFRoZSBpc3N1YW5jZSBh +bmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGFyZSBzdWJqZWN0IHRvIHRo +ZSBOZXRMb2NrIFF1YWxpZmllZCBDUFMgYXZhaWxhYmxlIGF0IGh0dHBzOi8vd3d3 +Lm5ldGxvY2suaHUvZG9jcy8gb3IgYnkgZS1tYWlsIGF0IGluZm9AbmV0bG9jay5u +ZXQwHQYDVR0OBBYEFAlqYhaSsFq7VQ7LdTI6MuWyIckoMA0GCSqGSIb3DQEBBQUA +A4IBAQCRalCc23iBmz+LQuM7/KbD7kPgz/PigDVJRXYC4uMvBcXxKufAQTPGtpvQ +MznNwNuhrWw3AkxYQTvyl5LGSKjN5Yo5iWH5Upfpvfb5lHTocQ68d4bDBsxafEp+ +NFAwLvt/MpqNPfMgW/hqyobzMUwsWYACff44yTB1HLdV47yfuqhthCgFdbOLDcCR +VCHnpgu0mfVRQdzNo0ci2ccBgcTcR08m6h/t280NmPSjnLRzMkqWmf68f8glWPhY +83ZmiVSkpj7EUFy6iRiCdUgh0k8T6GB+B3bbELVR5qq5aKrN9p2QdRLqOBrKROi3 +macqaJVmlaut74nLYKkGEsaUR+koMEcwCgYIKwYBBQUHAwMMOU5ldExvY2sgTWlu +b3NpdGV0dCBLb3pqZWd5em9pIChDbGFzcyBRQSkgVGFudXNpdHZhbnlraWFkbw== +-----END TRUSTED CERTIFICATE----- + +# NetLock Platina (Class Platinum) Főtanúsítvány +-----BEGIN TRUSTED CERTIFICATE----- +MIIGITCCBAmgAwIBAgIGSUEt7AAQMA0GCSqGSIb3DQEBCwUAMIGtMQswCQYDVQQG +EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 +MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzKTE7MDkGA1UEAwwyTmV0TG9jayBQbGF0aW5hIChDbGFzcyBQbGF0aW51 +bSkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUxMjQ0WhcNMjgxMjA2MTUx +MjQ0WjCBrTELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQK +DAxOZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAo +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcykxOzA5BgNVBAMMMk5ldExvY2sgUGxhdGlu +YSAoQ2xhc3MgUGxhdGludW0pIEbFkXRhbsO6c8OtdHbDoW55MIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAzfLuxBp663QpTLa95NYKF2xl4mY9xNG8DLZa +1itwXy3MIdFZEOSxE732zCKV1mxGTpEys+v1rMsEAU923VM+eJ/5Xry1ghNGyhDj +HS1pK5QyEHMhq6k4xeNuE2TVY6ntCWbsim+JjRGG0PW/MpYLdXD1KFhCXqxptPX8 +kTkuopFA0TxUQYcjZFBIeWhLaJNLcuuAabNKHJC+skGjpc0XwNEaaX8CGEq1Yocm +Vy1sqCwhOfWXXpuapvjnTHnEeztW3Hr4tFjOdgquIlXrj8eEZHu9a8qVT9i+MRO/ +jaEKK9V5t/V2rdpRXIFHYqiq/89T4DRxzw0lU6meY0evhZH4zxkR5U75z+3jNQUB +IgPPmnzqHVFay/1zPTkLMevEO8qFKhEUAKAbgaIJiEjzfKJkoexntFiH8BTqqb6l +IkFN7L2kDug9h/cvqs41hk8wV5KNNq541v0Y/NclHs96/Bn9oD9yFzYIQT+XNpUM +iZVxRfqE1tQgYLNFCvK3lT0L5aTDuBLykWzpbWCD9kURBbrmR4PZkeJu4btGa0gb +vMb7z37eLLuQhO62JznnjaIxD9+BtyxsAOKx2CoXXBseR4lLF1EUQEBPxDkYMsKA +YDblekdn9qgFVMFdlqAftohSDAK+jVV+FEvDogHunIpBXflflpEJjrTktcUE39Y2 +rVm0stcCAwDzkaNFMEMwEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFOahE4P+l0vy2P8xoad0M4nOXn+kMA0GCSqGSIb3DQEBCwUA +A4ICAQBphELA414TYZcgSfH0FoWln6QRCCXEY4aP8Euvsyn1B1caYscbRW6vXRa3 +wdBkgzuX9UO2RZDxZiqDJCr/iOl6C/nCW3qvY/cJeIZIWTRem2oQTvFulYk2SmjQ +b5vgfk+3NQ/jebEFryd8qokKQ976DO/ZVy8occ1pa1JCyYowRVmhzPpZSo/31t1E +pbMuWxEY4rK15xFTOP6CTNNzvmWSGjqo0tKqvNS+bTZS/2vU0rUbN/MXQvEup9WQ +bHSddPX6XyIb09x1qLX/8hrRvCsAXDzFuIYIVEminCP776aNcPRCUk0bIACB+KC4 +9HQjnL70uQ7sHmrYZUoVdfF3W27YseYPtJa4HfqGyJJui+l936IO1fHxfK5K42a/ +Xfxb70iynmnHfZCgVbaUcIG5Cr2JdVPshKkDpd9RmQjQdAwC1nNyBnuLu12qTvxn +Z9iOEAMZLTc61HepOhydwHl7bCl3Mk1KizCIwuc2zmijmpiG+YkVnr+qUX3xUEZU +DwIuXJ/j3lczFf4YkmGo0ikFXWVEHpvj7/vcBd8Vq6bYC6Rzskw64J7Us2rlOg4K +8E7PeIEfvqmYb7FHUX1CMzazpqkCUgV0fips1KqSVrA+OyNYsY01pxOPZx5xFaaz +tQOGuCBmwEhvuazUSgNVsjffBN0iDFOGKkoqocE4PjzlPN91lzBAMAoGCCsGAQUF +BwMDDDJOZXRMb2NrIFBsYXRpbmEgKENsYXNzIFBsYXRpbnVtKSBGxZF0YW7DunPD +rXR2w6FueQ== +-----END TRUSTED CERTIFICATE----- + +# Network Solutions Certificate Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIDkDCCAnigAwIBAgIQHKAtwVI7am2LXB+VSu2sMDANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkwHhcNMTEwMTAxMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV +UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO +ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz +c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP +OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl +mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF +BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 +qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjQjBA +MB0GA1UdDgQWBBQhMMn7ANdOmNqHqirQpy6xQDGnTDAOBgNVHQ8BAf8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAwomEoOiMZv3/EwUb +wzqOmEmK+KoAXCb9cmqjfhIblK5U+CGPp5NP9xbvubmzMsAlITFmNywJsP4ysDfs +PLjOjwiqCJAHXHXV4U4sywIk6aJe6fV4NSIGHPIfiLHhXMyWVPpvScyN8VYD7c8s +nyfe5cqDRL5GQPlXLtJ/MS3Og9z+cGuE0KOf/5fQqNcC7LEs8O9zOD2ZrMRPAb/V +aurGLjIpFwrL5mme0Uq19t+OGfiV6UWpDs1tQVkgnnPGbHEcnNRNMKhzCaAV86BF +JsNb/bu52C3XH/UFMBn2rg+OYo/fyE+G2R1hFrPJ8Lv7x/WvASJH7NjazxzzU2a6 +UwkB+TA1MAoGCCsGAQUFBwMDDCdOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0 +ZSBBdXRob3JpdHk= +-----END TRUSTED CERTIFICATE----- + +# Network Solutions ECC Certificate Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIClDCCAhmgAwIBAgIQeThLtBkajXQizP+FMvLkujAKBggqhkjOPQQDAzCBijEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkZMMRUwEwYDVQQHEwxKYWNrc29udmlsbGUx +ITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5DLjE0MDIGA1UEAxMrTmV0 +d29yayBTb2x1dGlvbnMgRUNDIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNTEx +MTgwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGKMQswCQYDVQQGEwJVUzELMAkGA1UE +CBMCRkwxFTATBgNVBAcTDEphY2tzb252aWxsZTEhMB8GA1UEChMYTmV0d29yayBT +b2x1dGlvbnMgTC5MLkMuMTQwMgYDVQQDEytOZXR3b3JrIFNvbHV0aW9ucyBFQ0Mg +Q2VydGlmaWNhdGUgQXV0aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEFOED +C2VvrVnWHu7Jv7RMxcZcLzDHn1LbaGHAaRDiknoaw7+SqIk5ivvnoLtxpKDD33fW +lDcTX35TXVC640wIx2XiQbDmWfKc+MCyd8EKkSZ38mm2u9BBPCqIGpSRFsY+o0Iw +QDAdBgNVHQ4EFgQUm3vryP+D8lKYRzAKVvg4vuPrAM4wDgYDVR0PAQH/BAQDAgGG +MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaQAwZgIxAKlkWPecuRNmIkl/ +stEC6RP8HPukNJLkygcNt7FSeCg0y/IhVpGGhsiKC68yhFRliQIxAOx5DZ2J8AwY +6ntXUq0L5tR5W8ub4gZFdRi90Pyn3cfhxyK240EkXSPmqJ8AalAyJTA5MAoGCCsG +AQUFBwMDDCtOZXR3b3JrIFNvbHV0aW9ucyBFQ0MgQ2VydGlmaWNhdGUgQXV0aG9y +aXR5 +-----END TRUSTED CERTIFICATE----- + +# Network Solutions RSA Certificate Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIF4jCCA8qgAwIBAgIQTANLrGcYTH+vRAhNgpbHsjANBgkqhkiG9w0BAQwFADCB +ijELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkZMMRUwEwYDVQQHEwxKYWNrc29udmls +bGUxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5DLjE0MDIGA1UEAxMr +TmV0d29yayBTb2x1dGlvbnMgUlNBIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0x +NTExMTgwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGKMQswCQYDVQQGEwJVUzELMAkG +A1UECBMCRkwxFTATBgNVBAcTDEphY2tzb252aWxsZTEhMB8GA1UEChMYTmV0d29y +ayBTb2x1dGlvbnMgTC5MLkMuMTQwMgYDVQQDEytOZXR3b3JrIFNvbHV0aW9ucyBS +U0EgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAhN+opqOMC3geyE0Zld0pkJIgNZAqlI2CMy1wElilCIqewQjzk9Zo +wC8Uvnmk/H3M1bw+j+2cSgJhWT2qw290ANL4GjTUVJ5qdEeaL+DS9w/3w90/pb/B ++n1CaWAAgOw85ruBN6QeBhQ9V4+QpDVKNHOHthrDXZDvBk1wdjY8gontz2QZgyVD +Thzi8WpShv5R5H443xWNTGxgQUpPsEBVRjl1yYE5AHOKYuoPZbePT5dAzs/uwWoo +oHGpmSfRPck1c3qAmfh9hrmdeTrt0yr6fqa4/1cqc7Kmv9qJugYb2mWg5r5glIj2 +32bhJ2ob/tBeqY0giwrEH36IQS+ywdDztmjtyDvx76oH3n7XIuCB9qXqexb0QlSd +ln72YhZTzf0Kq7JCoU4qiEJ1g72M5U165x3jTLje46tgOC1nKf7kX67CqOi/rmz5 +67NS8X/p7MIv2Z3KF55C+jtYwT6IYk9fk8GXbWaPHCLzmsH07blrGn42hMgxuPBe +K36V5HnPdUzC2AS/OI4os91btthPI26S6DeVroOu1vw5KkYGH/GEdSHWuE6mKpdY +ZfWaGAHX9cN/KckQ7nNKQ3Z70aYwUf/WKx0eYoS++b5pl5nHDed8JFB1F/2kIOc1 +aANglKfZDcYaLOXiTtXMDsB6MFbvYJK+2S71x/DoRc/ahq7v2HepEicCAwEAAaNC +MEAwHQYDVR0OBBYEFA/xSkp1dAURDB3YW5nrv/6qfV7XMA4GA1UdDwEB/wQEAwIB +hjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQA9y9JGePX2Ohfo +w3tk0cW7kHiN9U+5xC2X+wvmxbjxturoWEs0rXd5LDUfcn0CPu610BaKBjeWte9D +0AkQLJdmx4EfHuYnxYKRWF7zyFtBaICDkbmcgfgn+kXf7nnyXG1wAlTuwFPYQ+sF +esz0Ud2p1CJ9ajvy/ojUUkk6hZJkU/hqU2CIj/Jb1K4rUuDq/1R+oeTvhhungwsG +Zl4wgIxVoEcz/2seREhLYaoePuhMZMfYbX0Orjw8Qj3KJBpw8WEUnDoY1fAGKZEi +sjo6oRZUYxr5M5VEnySjIWQECOKb1d4IUhxiHFMWRzVCJsenDP3zWxN3Aoxc4hbw +GB/ZffXfAiSIevNe/xcOs2JnoauxF449Okaw9UaMq4TY9Q6hIOvC8Jl0PY6zA9gk +xWzrawxTv2Bp3YwoxW/Pu9KBdyvGfLHESmwVEDcpXa74sREFxBSN7BOjRP1Ni2i4 +wf+d1TcuSPgofNz5c1PZtgF1Qnq/C99RULhTsuHudJDLvKrQcYOiq07JELY9HO9A +109DkDO5AZZUXSrVBluShrgGEIEGyJHbKSCyU73zS1tM22kfiW5UP9eJXee1zQy+ +P314OAHStmemz1hIlBpF/ZBzScq1Q6AhYo1JBCaq+B8uP/IuofKr9AYesC3EwXBC +Pf3DUUmIAA7Kgg2beQLiwC6T3+Ty8TA5MAoGCCsGAQUFBwMDDCtOZXR3b3JrIFNv +bHV0aW9ucyBSU0EgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 +-----END TRUSTED CERTIFICATE----- + +# OISTE WISeKey Global Root GA CA +-----BEGIN TRUSTED CERTIFICATE----- +MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB +ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly +aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl +ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w +NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G +A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD +VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX +SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR +VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2 +w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF +mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg +4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9 +4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw +EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx +SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2 +ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8 +vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa +hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi +Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ +/L7fCg0wNzAUBggrBgEFBQcDBAYIKwYBBQUHAwMMH09JU1RFIFdJU2VLZXkgR2xv +YmFsIFJvb3QgR0EgQ0E= +-----END TRUSTED CERTIFICATE----- + +# OISTE WISeKey Global Root GB CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt +MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg +Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i +YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x +CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG +b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh +bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3 +HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx +WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX +1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk +u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P +99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r +M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB +BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh +cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5 +gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO +ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf +aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic +Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBMwQTAeBggr +BgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMDDB9PSVNURSBXSVNlS2V5IEdsb2Jh +bCBSb290IEdCIENB +-----END TRUSTED CERTIFICATE----- + +# OISTE WISeKey Global Root GC CA +-----BEGIN TRUSTED CERTIFICATE----- +MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQsw +CQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91 +bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwg +Um9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRaFw00MjA1MDkwOTU4MzNaMG0xCzAJ +BgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBGb3Vu +ZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2JhbCBS +b290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4ni +eUqjFqdrVCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4W +p2OQ0jnUsYd4XxiWD1AbNTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7T +rYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0EAwMDaAAwZQIwJsdpW9zV +57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtkAjEA2zQg +Mgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9MEEw +HgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEFBQcDAwwfT0lTVEUgV0lTZUtleSBH +bG9iYWwgUm9vdCBHQyBDQQ== +-----END TRUSTED CERTIFICATE----- + +# OpenTrust Root CA G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUA +MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w +ZW5UcnVzdCBSb290IENBIEcyMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAw +MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU +T3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+Ntmh +/LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78e +CbY2albz4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/6 +1UWY0jUJ9gNDlP7ZvyCVeYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fE +FY8ElggGQgT4hNYdvJGmQr5J1WqIP7wtUdGejeBSzFfdNTVY27SPJIjki9/ca1TS +gSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz3GIZ38i1MH/1PCZ1Eb3X +G7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj3CzMpSZy +YhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaH +vGOz9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4 +t/bQWVyJ98LVtZR00dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/ +gh7PU3+06yzbXfZqfUAkBXKJOAGTy3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUajn6QiL3 +5okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59M4PLuG53hq8w +DQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz +Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0 +nXGEL8pZ0keImUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qT +RmTFAHneIWv2V6CG1wZy7HBGS4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpT +wm+bREx50B1ws9efAvSyB7DH5fitIw6mVskpEndI2S9G/Tvw/HRwkqWOOAgfZDC2 +t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ6e18CL13zSdkzJTa +TkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97krgCf2 +o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU +3jg9CcCoSmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eA +iN1nE28daCSLT7d0geX0YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14f +WKGVyasvc0rQLW6aWQ9VGHgtPFGml4vmu7JwqkwR3v98KzfUetF3NI/n+UL3PIEM +S1IKMCIwCgYIKwYBBQUHAwMMFE9wZW5UcnVzdCBSb290IENBIEcy +-----END TRUSTED CERTIFICATE----- + +# OpenTrust Root CA G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAx +CzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5U +cnVzdCBSb290IENBIEczMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFow +QDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwUT3Bl +blRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARK7liuTcpm +3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5Bta1d +oYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5 +DMlv4VBN0BBY3JWIbTAfBgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAK +BggqhkjOPQQDAwNpADBmAjEAj6jcnboMBBf6Fek9LykBl7+BFjNAk2z8+e2AcG+q +j9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta3U1fJAuwACEl74+nBCZx +4nxp5V2a+EEfOzmTk51V6s2N8fvBMCIwCgYIKwYBBQUHAwMMFE9wZW5UcnVzdCBS +b290IENBIEcz +-----END TRUSTED CERTIFICATE----- + +# PersonalID Trustworthy RootCA 2011 +-----BEGIN TRUSTED CERTIFICATE----- +MIIGMjCCBBqgAwIBAgIQWMv5ZJZxdJVA9K0IrGTk4zANBgkqhkiG9w0BAQsFADBz +MQswCQYDVQQGEwJJTDEYMBYGA1UECgwPUGVyc29uYWxJRCBMdGQuMR0wGwYDVQQL +DBRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczErMCkGA1UEAwwiUGVyc29uYWxJRCBUcnVz +dHdvcnRoeSBSb290Q0EgMjAxMTAeFw0xMTA5MDEwODM1MjFaFw00MTA5MDEwODQ1 +MTZaMHMxCzAJBgNVBAYTAklMMRgwFgYDVQQKDA9QZXJzb25hbElEIEx0ZC4xHTAb +BgNVBAsMFENlcnRpZmljYXRlIFNlcnZpY2VzMSswKQYDVQQDDCJQZXJzb25hbElE +IFRydXN0d29ydGh5IFJvb3RDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAsJWMYP4FDmoz7feL4/LV8nzTVkJU9yvyiKX157dshwErab4FSUTY +2yF6KteKMaEhEJ7T4m5jgoVUhE0oJhviE/dR+y/rEtU9OYxkn6QTh8PYyfopI44J +j0lGxNTJV1hpnxfPc3Sl7soYucfBMM1POjUIU/jsGvtvMO32nwnw8NDEjjt5Ti6F +IlzUfXDR/5K6H9RVU2e6KFgt9xOM/KULnDimRhwO6Kp4K/UKMNM7YIbIf6WbomMB +L9DTEiWFfpbNMbHkm47qLJOkYqg31faP3yGa0z4d4VARcFSbBBedTathzo8qLO95 +5ndFWdZo1bZLmquRSw5hF7lYwp5moY+JwUMgQrB/gJxKKrd6IEHGTcSSb3p+XVu5 +o8lOyuVQZbwAAHlH8EUEsCL7DpiqYR1PYGNyj7WwBJR/EKwZPydiadYcV905Tzjq +AJr9KJ1AJsBAncSgSchBtWc9oEuUKRKpWCdZBH+P0Yx+DLMIFzSsj7lcvelwoX7C +pWVh6bYQUI/c5HRh8V9ye39cLy18q9ZDMRAcWXfKSEoYomQLAFlnx9TKw5saCFIV +vtfFxrcv5mKcpsfY3vAV+645VS1vUHUu/aAHtF96fgSL9pmide3JO9U9z2dSPT7v +H3CaGDynIAZJDLFlrDO71H9HaYj2ioHundS0xy8D6K4ayVYFZ2moyIECAwEAAaOB +wTCBvjALBgNVHQ8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQU +x38LyC9Xjiny9gGL6yelVo79pB4wEAYJKwYBBAGCNxUBBAMCAQAwagYDVR0gBGMw +YTBfBggrBgEEAeEYATBTMFEGCCsGAQUFBwIBFkVodHRwOi8vd3d3LmljYS5jby5p +bC9yZXBvc2l0b3J5L2Nwcy9QZXJzb25hbElEX1ByYWN0aWNlX1N0YXRlbWVudC5w +ZGYwDQYJKoZIhvcNAQELBQADggIBAEJliyT6khU0Ghz6yM5Nei9739ADQRzUpOH7 +6MytCd0dpAjZqCB9l58MSfGlwubVd0aXfqSQonnpvRpeNIJmCVL8UNGP0Kscov// +Pe7+I/i/I7PNvuH3z+TYEuOUyE7M13uwN5t36u1cgcjMj8454+RlXd6C2I8jaeFR +r1+3T5BppJllU7rm/a94Z5RKyMN/jAJPSuaHmPY4t0j4bSh/98ZsJVT9Ltbq2gbi +sf0HaPCvgIy0wul0FaQav7nKQ1sS54VHXlID8JHg6VBx1CECLHuGkXA2xpy2dPkq +Vfch+2+gBl3XMBLyUfHJODaPyGZhQdnHS4JoUqP1iQwVvE4qlawxaacb4tTXSPSR +9QN8eRY+LA1p4Yo3Hp98GFVBL1/npHKbVfPjAbACpYQSakCmq+ShrOsD2bxfJFYn +rSDgZjVFPUcJ8AWxb3F+QLDQFV4rrFKBqPuD9SxXRIY05BRq4899mnfYbEhcy5rh +pvu/EaIG5R9xvTS1z73EQhbFKfjUwEyKst7FlIKGm8zgqQZEMSQkTfrt4UIlZqLB +14AX73qVZUM+ZtMF8QHkQlZEAHhrnTYg+2X/QFzoaDUf4SagggN2A8twRhEkrt8v +YP3xJwADvUsn27yclzdRK+V4tME2kBCM/z0A1LpIn0jKhzGa7cSaU9LdcxQ/CYKh +XWVOTSbiMDAwCgYIKwYBBQUHAwMMIlBlcnNvbmFsSUQgVHJ1c3R3b3J0aHkgUm9v +dENBIDIwMTE= +-----END TRUSTED CERTIFICATE----- + +# QuoVadis Root CA 1 G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 +MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV +wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe +rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 +68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh +4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp +UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o +abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc +3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G +KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt +hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO +Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt +zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD +ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC +MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 +cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN +qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 +YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv +b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 +8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k +NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj +ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp +q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt +nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXDMDcwHgYIKwYBBQUH +AwQGCCsGAQUFBwMBBggrBgEFBQcDAwwVUXVvVmFkaXMgUm9vdCBDQSAxIEcz +-----END TRUSTED CERTIFICATE----- + +# QuoVadis Root CA 2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa +GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg +Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J +WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB +rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp ++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 +ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i +Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz +PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og +/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH +oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI +yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud +EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 +A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL +MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f +BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn +g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl +fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K +WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha +B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc +hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR +TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD +mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z +ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y +4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza +8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0uMDQwHgYIKwYBBQUHAwQGCCsGAQUF +BwMBBggrBgEFBQcDAwwSUXVvVmFkaXMgUm9vdCBDQSAy +-----END TRUSTED CERTIFICATE----- + +# QuoVadis Root CA 2 G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 +MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf +qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW +n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym +c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ +O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 +o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j +IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq +IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz +8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh +vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l +7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG +cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD +ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 +AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC +roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga +W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n +lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE ++V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV +csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd +dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg +KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM +HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 +WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+MMC0wFAYIKwYBBQUH +AwEGCCsGAQUFBwMDDBVRdW9WYWRpcyBSb290IENBIDIgRzM= +-----END TRUSTED CERTIFICATE----- + +# QuoVadis Root CA 3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM +V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB +4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr +H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd +8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv +vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT +mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe +btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc +T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt +WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ +c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A +4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD +VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG +CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 +aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu +dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw +czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G +A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg +Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 +7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem +d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd ++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B +4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN +t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x +DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 +k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s +zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j +Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT +mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK +4SVhM7JZG+Ju1zdXtg2pEtowNDAeBggrBgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUF +BwMDDBJRdW9WYWRpcyBSb290IENBIDM= +-----END TRUSTED CERTIFICATE----- + +# QuoVadis Root CA 3 G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 +MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR +/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu +FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR +U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c +ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR +FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k +A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw +eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl +sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp +VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q +A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ +ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD +ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px +KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI +FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv +oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg +u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP +0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf +3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl +8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ +DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN +PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ +ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0MDcwHgYIKwYBBQUH +AwQGCCsGAQUFBwMBBggrBgEFBQcDAwwVUXVvVmFkaXMgUm9vdCBDQSAzIEcz +-----END TRUSTED CERTIFICATE----- + +# QuoVadis Root Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz +MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw +IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR +dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp +li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D +rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ +WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug +F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU +xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC +Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv +dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw +ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl +IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh +c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy +ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh +Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI +KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T +KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq +y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p +dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD +VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk +fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 +7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R +cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y +mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW +xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK +SnQ2+TAzMAoGCCsGAQUFBwMDDCVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24g +QXV0aG9yaXR5 +-----END TRUSTED CERTIFICATE----- + +# Root CA Generalitat Valenciana +-----BEGIN TRUSTED CERTIFICATE----- +MIIGizCCBXOgAwIBAgIEO0XlaDANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJF +UzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJ +R1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwHhcN +MDEwNzA2MTYyMjQ3WhcNMjEwNzAxMTUyMjQ3WjBoMQswCQYDVQQGEwJFUzEfMB0G +A1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJR1ZBMScw +JQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGKqtXETcvIorKA3Qdyu0togu8M1JAJke+ +WmmmO3I2F0zo37i7L3bhQEZ0ZQKQUgi0/6iMweDHiVYQOTPvaLRfX9ptI6GJXiKj +SgbwJ/BXufjpTjJ3Cj9BZPPrZe52/lSqfR0grvPXdMIKX/UIKFIIzFVd0g/bmoGl +u6GzwZTNVOAydTGRGmKy3nXiz0+J2ZGQD0EbtFpKd71ng+CT516nDOeB0/RSrFOy +A8dEJvt55cs0YFAQexvba9dHq198aMpunUEDEO5rmXteJajCq+TA81yc477OMUxk +Hl6AovWDfgzWyoxVjr7gvkkHD6MkQXpYHYTqWBLI4bft75PelAgxAgMBAAGjggM7 +MIIDNzAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnBr +aS5ndmEuZXMwEgYDVR0TAQH/BAgwBgEB/wIBAjCCAjQGA1UdIASCAiswggInMIIC +IwYKKwYBBAG/VQIBADCCAhMwggHoBggrBgEFBQcCAjCCAdoeggHWAEEAdQB0AG8A +cgBpAGQAYQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEAYwBpAPMAbgAgAFIA +YQDtAHoAIABkAGUAIABsAGEAIABHAGUAbgBlAHIAYQBsAGkAdABhAHQAIABWAGEA +bABlAG4AYwBpAGEAbgBhAC4ADQAKAEwAYQAgAEQAZQBjAGwAYQByAGEAYwBpAPMA +bgAgAGQAZQAgAFAAcgDhAGMAdABpAGMAYQBzACAAZABlACAAQwBlAHIAdABpAGYA +aQBjAGEAYwBpAPMAbgAgAHEAdQBlACAAcgBpAGcAZQAgAGUAbAAgAGYAdQBuAGMA +aQBvAG4AYQBtAGkAZQBuAHQAbwAgAGQAZQAgAGwAYQAgAHAAcgBlAHMAZQBuAHQA +ZQAgAEEAdQB0AG8AcgBpAGQAYQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEA +YwBpAPMAbgAgAHMAZQAgAGUAbgBjAHUAZQBuAHQAcgBhACAAZQBuACAAbABhACAA +ZABpAHIAZQBjAGMAaQDzAG4AIAB3AGUAYgAgAGgAdAB0AHAAOgAvAC8AdwB3AHcA +LgBwAGsAaQAuAGcAdgBhAC4AZQBzAC8AYwBwAHMwJQYIKwYBBQUHAgEWGWh0dHA6 +Ly93d3cucGtpLmd2YS5lcy9jcHMwHQYDVR0OBBYEFHs100DSHHgZZu90ECjcPk+y +eAT8MIGVBgNVHSMEgY0wgYqAFHs100DSHHgZZu90ECjcPk+yeAT8oWykajBoMQsw +CQYDVQQGEwJFUzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0G +A1UECxMGUEtJR1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVu +Y2lhbmGCBDtF5WgwDQYJKoZIhvcNAQEFBQADggEBACRhTvW1yEICKrNcda3Fbcrn +lD+laJWIwVTAEGmiEi8YPyVQqHxK6sYJ2fR1xkDar1CdPaUWu20xxsdzCkj+IHLt +b8zog2EWRpABlUt9jppSCS/2bxzkoXHPjCpaF3ODR00PNvsETUlR4hTJZGH71BTg +9J63NI8KJr2XXPR5OkowGcytT6CYirQxlyric21+eLj4iIlPsSKRZEv1UN4D2+XF +ducTZnV+ZfsBn5OHiJ35Rld8TWCvmHMTI6QgkYH60GFmuH3Rr9ZvHmw96RH9qfmC +IoaZM3Fa6hlXPZHNqcCjbgcTpsnt+GijnsNacgmHKNHEc8RzGF9QdRYxn7fofMMw +LDAKBggrBgEFBQcDAwweUm9vdCBDQSBHZW5lcmFsaXRhdCBWYWxlbmNpYW5h +-----END TRUSTED CERTIFICATE----- + +# S-TRUST Authentication and Encryption Root CA 2005:PN +-----BEGIN TRUSTED CERTIFICATE----- +MIIEezCCA2OgAwIBAgIQNxkY5lNUfBq1uMtZWts1tzANBgkqhkiG9w0BAQUFADCB +rjELMAkGA1UEBhMCREUxIDAeBgNVBAgTF0JhZGVuLVd1ZXJ0dGVtYmVyZyAoQlcp +MRIwEAYDVQQHEwlTdHV0dGdhcnQxKTAnBgNVBAoTIERldXRzY2hlciBTcGFya2Fz +c2VuIFZlcmxhZyBHbWJIMT4wPAYDVQQDEzVTLVRSVVNUIEF1dGhlbnRpY2F0aW9u +IGFuZCBFbmNyeXB0aW9uIFJvb3QgQ0EgMjAwNTpQTjAeFw0wNTA2MjIwMDAwMDBa +Fw0zMDA2MjEyMzU5NTlaMIGuMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4t +V3VlcnR0ZW1iZXJnIChCVykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMg +RGV1dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxPjA8BgNVBAMTNVMtVFJV +U1QgQXV0aGVudGljYXRpb24gYW5kIEVuY3J5cHRpb24gUm9vdCBDQSAyMDA1OlBO +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bVKwdMz6tNGs9HiTNL1 +toPQb9UY6ZOvJ44TzbUlNlA0EmQpoVXhOmCTnijJ4/Ob4QSwI7+Vio5bG0F/WsPo +TUzVJBY+h0jUJ67m91MduwwA7z5hca2/OnpYH5Q9XIHV1W/fuJvS9eXLg3KSwlOy +ggLrra1fFi2SU3bxibYs9cEv4KdKb6AwajLrmnQDaHgTncovmwsdvs91DSaXm8f1 +XgqfeN+zvOyauu9VjxuapgdjKRdZYgkqeQd3peDRF2npW932kKvimAoA0SVtnteF +hy+S8dF2g08LOlk3KC8zpxdQ1iALCvQm+Z845y2kuJuJja2tyWp9iRe79n+Ag3rm +7QIDAQABo4GSMIGPMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEG +MCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTVFJvbmxpbmUxLTIwNDgtNTAdBgNV +HQ4EFgQUD8oeXHngovMpttKFswtKtWXsa1IwHwYDVR0jBBgwFoAUD8oeXHngovMp +ttKFswtKtWXsa1IwDQYJKoZIhvcNAQEFBQADggEBAK8B8O0ZPCjoTVy7pWMciDMD +pwCHpB8gq9Yc4wYfl35UvbfRssnV2oDsF9eK9XvCAPbpEW+EoFolMeKJ+aQAPzFo +LtU96G7m1R08P7K9n3frndOMusDXtk3sU5wPBG7qNWdX4wple5A64U8+wwCSersF +iXOMy6ZNwPv2AtawB6MDwidAnwzkhYItr5pCHdDHjfhA7p0GVxzZotiAFP7hYy0y +h9WUUpY6RsZxlj33mA6ykaqP2vROJAA5VeitF7nTNCtKqUDMFypVZUF0Qn71wK/I +k63yGFs9iQzbRzkk+OBM8h+wPQrKBU6JIRrjKpms/H+h8Q8bHz2eBIPdltkdOpQw +QzAKBggrBgEFBQcDAww1Uy1UUlVTVCBBdXRoZW50aWNhdGlvbiBhbmQgRW5jcnlw +dGlvbiBSb290IENBIDIwMDU6UE4= +-----END TRUSTED CERTIFICATE----- + +# SAPO Class 2 Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIEWDCCA0CgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBzjELMAkGA1UEBhMCWkEx +FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEWMBQGA1UEBxMNU29tZXJzZXQgV2VzdDEq +MCgGA1UEChMhU291dGggQWZyaWNhbiBQb3N0IE9mZmljZSBMaW1pdGVkMRowGAYD +VQQLExFTQVBPIFRydXN0IENlbnRyZTEdMBsGA1UEAxMUU0FQTyBDbGFzcyAyIFJv +b3QgQ0ExKTAnBgkqhkiG9w0BCQEWGnBraWFkbWluQHRydXN0Y2VudHJlLmNvLnph +MB4XDTEwMDkxNTAwMDAwMFoXDTMwMDkxNDAwMDAwMFowgc4xCzAJBgNVBAYTAlpB +MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFjAUBgNVBAcTDVNvbWVyc2V0IFdlc3Qx +KjAoBgNVBAoTIVNvdXRoIEFmcmljYW4gUG9zdCBPZmZpY2UgTGltaXRlZDEaMBgG +A1UECxMRU0FQTyBUcnVzdCBDZW50cmUxHTAbBgNVBAMTFFNBUE8gQ2xhc3MgMiBS +b290IENBMSkwJwYJKoZIhvcNAQkBFhpwa2lhZG1pbkB0cnVzdGNlbnRyZS5jby56 +YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALd8aXxg9Wwm9KocF39d +1BFL5/Pa53On+qRCSWg/2qVAXAZoX07Mvb6BOCQtzCagRG0DyyPgu96FU0uUX197 +qsgal/7XI5PtsGq92PwAPrOSBOBLvk87mKed7c1j8IHnbJjUbGBVAOW5POY0lV3g +/XGH6f+B7uV3bxj/88l8pZXdgtwU2aLhvs0nc7tFWz90sWJ4ZhAiLPVo8xeIFjua +Gx37FK4NuvKQVaLVMNYrlTLHOW57ZdJ3OM5uVqXZI6s4sjtRhcAdG7cRLwVpR9gC +ypKo4TPehQib7ZDV2CGZcb+29XPvZwiYZNLyKnpLIRbhH1hh3pFHHyGfH/6MI4aD +GCcCAwEAAaM/MD0wDgYDVR0PAQH/BAQDAgEGMAwGA1UdEwQFMAMBAf8wHQYDVR0O +BBYEFKudI5P9HzNKMi2qJFryLWSpAZpBMA0GCSqGSIb3DQEBBQUAA4IBAQBWUlG5 +DwLh9i6csTFapvjOvO4ChBUJ8ShSX+fhLL3beQp6v+tintWGRynudDDsTHW1HuOq +M++t4WpMvzcBvlWDTKlS2DeYUG9o3UdBtywwyG5MByzG00m5tVzSy8zUNsYHDRhP +P2MAxOy2iPsBZGOt0fd3fGRUKxI9NBWF8KC6eSlfmJtC6q7BqJ8TiYpt6bg4yWHt +YOz3KlgFm6FgeIMX4X5f6P144GtWKoZ2rlvCXutF5DC4Me1ksV0uwD2ADccnE9N2 +4ob73NuACoHh/Qj5C8QxtGNb54wz5Qa2Umqz1+lr4zJ4MmaUTt2Nd23TJChbVGF3 +Amd1lEtXS+ZsxTlvMCIwCgYIKwYBBQUHAwMMFFNBUE8gQ2xhc3MgMiBSb290IENB +-----END TRUSTED CERTIFICATE----- + +# SAPO Class 3 Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIGWDCCBECgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBzjELMAkGA1UEBhMCWkEx +FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEWMBQGA1UEBxMNU29tZXJzZXQgV2VzdDEq +MCgGA1UEChMhU291dGggQWZyaWNhbiBQb3N0IE9mZmljZSBMaW1pdGVkMRowGAYD +VQQLExFTQVBPIFRydXN0IENlbnRyZTEdMBsGA1UEAxMUU0FQTyBDbGFzcyAzIFJv +b3QgQ0ExKTAnBgkqhkiG9w0BCQEWGnBraWFkbWluQHRydXN0Y2VudHJlLmNvLnph +MB4XDTEwMDkxNTAwMDAwMFoXDTMwMDkxNDAwMDAwMFowgc4xCzAJBgNVBAYTAlpB +MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFjAUBgNVBAcTDVNvbWVyc2V0IFdlc3Qx +KjAoBgNVBAoTIVNvdXRoIEFmcmljYW4gUG9zdCBPZmZpY2UgTGltaXRlZDEaMBgG +A1UECxMRU0FQTyBUcnVzdCBDZW50cmUxHTAbBgNVBAMTFFNBUE8gQ2xhc3MgMyBS +b290IENBMSkwJwYJKoZIhvcNAQkBFhpwa2lhZG1pbkB0cnVzdGNlbnRyZS5jby56 +YTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMp4Gge89vu0t4m80BlW +OCpZnQfqGvn4+GhnXo/vyvf1aonmo5V/qdspJBw10DiWbD5WJP9eYlGQLofonMfa +vDPxnqFvC44KJPT4TZCmss1eEdPCl0z1X0AdJiRNjQkQC/+7IBuTJhkMQz/pjrwx +NxBukcpIglZGx7y5Op5GgWbP2ehcEM85nmXDnsVa9EvMRJlmhvRyG6NTSequR80y +DXDmoKB2B53/WO/kPJHAteTcuAEM0/6zQqA7YQLUN1vXTEWV0nVd9W4wX1dRi7L/ +fsiLnKqjQTcMEJGopoVcucePBVGy0HjS4ktJ6dQapzusqjPmmioDQJhvdFITMZTR +EsG0yzD5/0S4kltS1jDZM9F14xmlFhW3VFfxVlDOTr4DOy/stjDuFGBeX3o19E5k +BxHqpQdmG26T4rBPXtbgROCz3K7vuP2os+zs5TmIRLShuxRgZI/WkpPL88xQ3ekH +yGdn+fCHhJGyAGLpv0oVdMW/BEwFRl0Ky+XqYQDhb0GxNI6mAKJ8pqWm+mxMQ+Wo +Jpo0mB6HmOdMeNGPnwVVXYpLyc+gC30GkJwYkrLEstfjRdlrc8OXOb8pHgYJVUC6 +vNpIdUPt/kR+PSzmYpED/T2J7370XSSPpQsrsz56KSi8uz+/63eFBCaLlLKQ9euN +T6JEIlConCpESAB4GaudCJYVAgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIBBjAMBgNV +HRMEBTADAQH/MB0GA1UdDgQWBBRhs3lSnUqVklGOgiRw045AyMVm0DANBgkqhkiG +9w0BAQUFAAOCAgEAf8azJIRQN/nEsMUwPBbpUA16urQ70iPl6Yl4auXjGwUekRzO +BpeNZhYHRO+BuQh+o8c5NLi/mm2NsMEgQi4N9wsGA09uy7y3sC8ZcY2OrwpNWDGL +RJkqKGaFx4AmZrBHwjmy+k8+Vb3ciSdLczME/ntHkMkFwC0z+LcIgilBQ/0mU+b6 +HzdWjU8Xutj9OoRw2D7wM67EBUhUobnVIT/qPsepMUf3m65KYpjRZyBl3nnhsTIe +a9/7gGtHXDnHDgiqx6PuKek04pv5dbgm64idtDkRLnD9UQQyuw95hFAhRXwv5Nn/ +JTgGI6tOsQ7cOzEKrdpLAGlrLuLDDMkFAUVm4aWJYRxkmY0LmJCzfmY7C9ir6HUO +2X+abn3JgyfJvOg0OMJahzJyBwz+1ZTR8MB48oCoRvVrmuzi2RaOivqE9tFSyZyy +IVZgQ6YQ939Jv74H01BkbQK6KlUsz9nCbq98C0jQ8eGnwq10j4bk7ar6XIN9Quh9 +Bx0HVcwraTK5d4JoxnfyImmmyQpdh5nlcZ59LxMe0vT9CXknWCsKh4Eq+2ojLUsk +hXQWRxgPCcX+qUgk46zQaT1fU5gyvezgUcFTSrH2O/A0SPWa3tzR4OO9JbNE6Dpz +yXnQrNHt4gAKX6EdZllKc2jUBXIzOKdrr5HbDceMQOiekIjJ+/4k14Gs894wIjAK +BggrBgEFBQcDAwwUU0FQTyBDbGFzcyAzIFJvb3QgQ0E= +-----END TRUSTED CERTIFICATE----- + +# SAPO Class 4 Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIGWDCCBECgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBzjELMAkGA1UEBhMCWkEx +FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEWMBQGA1UEBxMNU29tZXJzZXQgV2VzdDEq +MCgGA1UEChMhU291dGggQWZyaWNhbiBQb3N0IE9mZmljZSBMaW1pdGVkMRowGAYD +VQQLExFTQVBPIFRydXN0IENlbnRyZTEdMBsGA1UEAxMUU0FQTyBDbGFzcyA0IFJv +b3QgQ0ExKTAnBgkqhkiG9w0BCQEWGnBraWFkbWluQHRydXN0Y2VudHJlLmNvLnph +MB4XDTEwMDkxNTAwMDAwMFoXDTMwMDkxNDAwMDAwMFowgc4xCzAJBgNVBAYTAlpB +MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFjAUBgNVBAcTDVNvbWVyc2V0IFdlc3Qx +KjAoBgNVBAoTIVNvdXRoIEFmcmljYW4gUG9zdCBPZmZpY2UgTGltaXRlZDEaMBgG +A1UECxMRU0FQTyBUcnVzdCBDZW50cmUxHTAbBgNVBAMTFFNBUE8gQ2xhc3MgNCBS +b290IENBMSkwJwYJKoZIhvcNAQkBFhpwa2lhZG1pbkB0cnVzdGNlbnRyZS5jby56 +YTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvc7UiaoKOf4BGO2ciS +dTpVwVEiygt6pDUNxeZXLYPwKm8iODcxbXyFJKIGL0OCPUUwQCUc7lhHQebwngAe ++PQvEbuSsphFLdMfgMl2FBPDzEDmres5YPzPyN8q/YwSUe/PDGTGV+gjUV3nZlLq +Zr2Tf516KPEZcG6EnzBHt7A5axMs60tNLq8/v/0CE0o55z4zxRCRUb4PR51NUvws +8+MTogCC4RQMzdKes/Lggdq+mZJT432Zd0Ph4UgpgZ7WBVc6cdw+mK1YcG9Gu34y +A+KDm1lX9/izzVQW7LatoRwaktHUKZ6PzbPofVDxwoKsur20dVag9UVdGH0sjPF7 +QcyGsZqESwoqXZuW4c36qxYnQeeVNabLiqeW86XMUfktfR5D+9xttbk4vQX7WPou +0+xeZC2vWAFKfCJG00HLPeSWXklDOLuJ6/ScaTkSA1yEu+WMHurgZrvAv4z+ngpN +PWg/QHbWMqnqRbhqB1KOzVHxXShjDNNZOPzJ/YLJRSC85ujMogzLe2Q5SUZF9XMc +apcg6yFC97QgUrdK/XW8yw8MZxFXH/cw8auQzF08lgVi08pVAUtGxYCHHHLQc1Qh +6tejnNOuf9RT2Sj8V97lP1JKu8gmJEdTHHO6z8a0MM1eccdWvEk4JebFEAl42dQd +XM1u7duRXKFTFFaqjSeppo4bAgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIBBjAMBgNV +HRMEBTADAQH/MB0GA1UdDgQWBBQWhC37G+e0HmiY00IgGm5+T5FXAjANBgkqhkiG +9w0BAQUFAAOCAgEAe+MNYzpkIG3M/Cy46dar29erJilHogxW7XXMlZlSNssg+xE0 +F0JOdQWw2OS4sIQvmBm5+9A5bHIGGMlcinp0CDdIaf0ioV3F13gT8ChCQcPJwzkJ +B9Sh+DciaeTfMlVvwny5k/GyN3XMrtIzlow29wHt42TpC2hbEKoBNpl8z5qUXf0a +WWGiZRV9nhdk1J9TmAH9cVfQXUARFj8/RNKvyfwIMn12+NVD6Nw2aAfDTsOWl1fG +fTZe23Ct/q7UiJ21pGDWo2K+fPk0Hvy79EpyxYMeRmjDDpeDGD3TDgoRNXxplcWr +KvXIORBNDIkwKYlJG0SXkfTqZSEbPwpDcoIcbRFd4CJFX2FMoqb636NGuuGBYGwy +tPzk3DYF5DP36493SaqNCu9IiuZBl347q0OH8ghgC2/XWWb9K7svzjNPcuC217NT +V4nwO7xu4hC/cz5ij6UI6VNnwU7BLkJDp7Kk+RaLQu7cNH9Is5DbJOLI5FM1U5zq +N4XPv5gGNUcm165t3YSpY1gmQfV1Mi5hnk+TUlL2WiPrwaBzJiUiQpGRkYBP/4jO +XnPnlsLtCRL3dpapeWKQSYGDnwwyMuJbyt1INKyHjnGVrkzkfHgdp1HDvRH6AtGV +iXMIRiKJaQDPT4DBTVuUxMqZUZgvDb19VGTUCtonWac3u1YM0AaicrkSuVswIjAK +BggrBgEFBQcDAwwUU0FQTyBDbGFzcyA0IFJvb3QgQ0E= +-----END TRUSTED CERTIFICATE----- + +# SECOM Trust Systems CO.,LTD. +-----BEGIN TRUSTED CERTIFICATE----- +MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEl +MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMh +U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIz +MloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09N +IFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNlY3VyaXR5IENvbW11 +bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSE +RMqm4miO/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gO +zXppFodEtZDkBp2uoQSXWHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5 +bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4zZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDF +MxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4bepJz11sS6/vmsJWXMY1 +VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK9U2vP9eC +OKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HW +tWS3irO4G8za+6xmiEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZ +q51ihPZRwSzJIxXYKLerJRO1RuGGAv8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDb +EJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnWmHyojf6GPgcWkuF75x3sM3Z+ +Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEWT1MKZPlO9L9O +VL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490MCowCgYIKwYBBQUHAwMM +HFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4= +-----END TRUSTED CERTIFICATE----- + +# SI-TRUST Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIEijCCAvKgAwIBAgINAJCud3YAAAAAVx3QbzANBgkqhkiG9w0BAQsFADBcMQsw +CQYDVQQGEwJTSTEcMBoGA1UEChMTUmVwdWJsaWthIFNsb3ZlbmlqYTEXMBUGA1UE +YRMOVkFUU0ktMTc2NTk5NTcxFjAUBgNVBAMTDVNJLVRSVVNUIFJvb3QwHhcNMTYw +NDI1MDczODE3WhcNMzcxMjI1MDgwODE3WjBcMQswCQYDVQQGEwJTSTEcMBoGA1UE +ChMTUmVwdWJsaWthIFNsb3ZlbmlqYTEXMBUGA1UEYRMOVkFUU0ktMTc2NTk5NTcx +FjAUBgNVBAMTDVNJLVRSVVNUIFJvb3QwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw +ggGKAoIBgQDTy5wtwuAwQ2UxJP9LsDjZqVPXNdHbt0uTtHKN8cuV0lMrdJsymqQv +PgIG3a9wFaGqzxGHimZ7y8wdcERcj6zK5sNbJ7SNo44Qv25UdAhwiiPoysd0xGaR +IN1L6KWEdaWYlYKLG+EgJAdGqwxlNkBni3XuqdmRKRvtby1FwtbiYAGx8045Kztv +P4W+CPZTK3uiyUWhRIGAZppgOhvEvgzMMBB/ETY4SuaboZZTnJTMEcYETKJVS/+A +4a+MHDX8uZM33/ldPdzrDSdsRMlZZitWb/8EG/f1acNdwxj+vafZZC+in2DZcmw9 +PHXyJSeYLjq4yd1Ndb2rsCJhWAE3KKYgnS5gXPuQvEZDuP5t2MBmIiRrNHgi5bni +WOlIOO5MvQF7bj5A6tHCCkKTZ8MmLz8HW8+v4x3oOuJl4YSRP/VmAP2qM0ZC7BY+ +0hNlLw4JU/bkKnUUnBkzFppF4dtXz8841Kf37VhD5A6YXMTgMT+UpG9LSqLVSo0m +qR1kJQg1DecCAwEAAaNLMEkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwEwYDVR0jBAwwCoAITKPDaF4IAmMwEQYDVR0OBAoECEyjw2heCAJjMA0GCSqG +SIb3DQEBCwUAA4IBgQAmI4W7XUEZbpKDiu4BiwQ1GX+rj9zWM8H5eZZeI/Xwzt3q +22E7Wq/dWOlCiUDv+dlnEX9N8e3pEXuxQQ/tpNIWtu/B/Yv2ESss7/wHBkYMzwIL +7Tvejwm5M6smgFREQmXX56/NUA7KyIihEpwqlTs+VDxIc/Z8eNSb/5P3ReQphGP8 ++n4a51zgclewL3gdMMYT/YhfsWWI2l6XE4F7/h7Pe79XMMFwkkOmmfBVn5jFI0K9 +dBwxjhKl2UVqKlrIWM291t0+NQsZfwMczgcPh0WTFaFrvTQc4N711LjlkRxLBbUn +JrzP0QmYFsbh8VVLOntt3sZntsE3LZ+ojlnHt6bF798W4u3esrfzojakKDI6CpTL +P17+blntujayk9bGwxn+9Zl460dH5a1Ceuy8e8kuQU5NDwQOikszh9zxdnxaGIyc +ChLXorPChYeubTFQYjIhoGgWX5Q1dFUp0nGBCErh112qVAGzG3xZrr6sDMq4QGRn +W53qBgYR1tAwcx7jvCswGzAKBggrBgEFBQcDAwwNU0ktVFJVU1QgUm9vdA== +-----END TRUSTED CERTIFICATE----- + +# SITHS CA v3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDYTCCAkmgAwIBAgIQG9QO1DTR2hWmADAVAk2kbDANBgkqhkiG9w0BAQUFADA2 +MQswCQYDVQQGEwJTRTERMA8GA1UECgwIQ2FyZWxpbmsxFDASBgNVBAMMC1NJVEhT +IENBIHYzMB4XDTA1MTEyODEwMjc1MFoXDTE1MTEyODA2MDIzOFowNjELMAkGA1UE +BhMCU0UxETAPBgNVBAoMCENhcmVsaW5rMRQwEgYDVQQDDAtTSVRIUyBDQSB2MzCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMXZW9HUK39AZ+6hW13R2mq5 +GTHy8CZJAWX8QVTxlpHsKu4ERCQeQJznF1A/6hx87rg3OfzH06+bbl3fPr4F/OrK +2flFVuGVnLHQWo/+yCqm12ps4G1d7Fx2/uGZR5qpe6fq5m9UAidNUU4oPawGOoGC +phy9S6TtUhLciirrJ/TBIkoQhFp1tYAiVmXrzIDypeFkvnzeD70nB0wpW6qx77R7 +/4c06KOTQss9YLt308IvXhT4c2+kf6CcAdXVqbsMV4/MwDuReJ6SOXkyTER/xwt9 +3vrMftrM3g3UZrZipjO/bPnV3UdScJTLZeBFtw3Xr5VI10GjOyBQDTwUVZPM6g0C +AwEAAaNrMGkwEgYDVR0TAQH/BAgwBgEB/wIBADARBglghkgBhvhCAQEEBAMCAgQw +FAYDVR0gBA0wCzAJBgcqhXBKAQEDMAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUfC45 +IzJE6A9OZvINKP5AvsK24qAwDQYJKoZIhvcNAQEFBQADggEBAAhTWogpDfVU2Kux +g7knaVqqXytYSdS532/rxwbr/Yeav8oS33qeASIlY1KFb6cvDpd0YIzgSIBz3UKN +Ie0Pcn90Bm5QVjsth+yBWIs2x8oA+6QEti84WI538QbELSwnLRiCC4pfIpQUFWM4 +xqWxuuCsvj4mP5G7HIP8DsrJN7431/B784zYvJAL9AC/VLxqSljnylsMGVNCB5VX +NbhPllOaqJjdTn1VtJzjusA2ubfcApj49uUwvix3svPJ4gKj5vdEfNZqf9B4vjlz ++AvCH1IADk17xgruYssJ1Q8KMIeCk7zKEaQfCfr6N1DsO+I8JKCAKMz7pt3vN5qp +Md3f6lEwGTAKBggrBgEFBQcDAwwLU0lUSFMgQ0EgdjM= +-----END TRUSTED CERTIFICATE----- + +# SITHS Root CA v1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFkzCCA3ugAwIBAgIRAJBmYahiPWVEdwQ/cZrDlwwwDQYJKoZIhvcNAQEFBQAw +OzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEluZXJhIEFCMRkwFwYDVQQDDBBTSVRI +UyBSb290IENBIHYxMB4XDTEyMDMyOTA3NTQ0OVoXDTMyMDMyOTA3NTQ0OVowOzEL +MAkGA1UEBhMCU0UxETAPBgNVBAoMCEluZXJhIEFCMRkwFwYDVQQDDBBTSVRIUyBS +b290IENBIHYxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwO3mnqis +qP/YNbn8+/CVTz89RyPRksnJ+PDiH4atiD/gAM9PEZVhPaXWIBnRiNLCVglFIKEq +6iLD6rrMQmmeuIWfcMBsp75vo1zdQ4gHzcop32l6Hy2fVmobYiAhYcZQS2V1SUa/ +XNcpHsIehULhDjhNwzZxQkRROtFYzMm0qmxAx4PxxwmfSvNr8wcWNfSCjl6LhNxx +ebn7bldFt8VwOv9CAtE0v4VwbU+P5x8ZIffVNLzuWeYuIvNxgmIZnwVkfDsicRil +LcF4WJnRr96UQAYZdhNQhyPLR1eubMUT6pqFUsPKVyYf3hZtrXF+8thh/eY2TnEa +ndMgNa0SIVh1NouJFqQ3KM+ggzpAo8oR77TlkBvjZZJnmG8OKeVnGNeI+o22x3ql +oH+RHqu2+XSYdlJgL1o3majb0T7WhGpvUtO02hrHuLLRlBEfxYiJ6Vupo5Tmon1N +pzKJod4ma83Vo/IyG9o1E4kRSU2/RjG76S0T+A4Apf4D9VZGPI8TK+Dlxx4D34rq +RoVFhtntXgu4ZJP00FguKY1FV02JdZBlzGo7wZyAubSANQOO324qk76mvgoBRG9A +c6oqghyEdn9p3bG7kljoQFFyXPc+OUT6pZmgf42LsEFYd60ixaDAuv0xmTVq2ckg +Gl7zvbwIf91JLS+dkRANW6g/z7RXcztb4GcCAwEAAaOBkTCBjjAPBgNVHRMBAf8E +BTADAQH/MEwGA1UdIARFMEMwQQYJKoVwSggBAgEBMDQwMgYIKwYBBQUHAgEWJmh0 +dHA6Ly9jcHMuc2l0aHMuc2Uvc2l0aHNyb290Y2F2MS5odG1sMA4GA1UdDwEB/wQE +AwIBBjAdBgNVHQ4EFgQUMvmdT2npmI2g1ox9+R3Oozy6dhUwDQYJKoZIhvcNAQEF +BQADggIBAB8/43hYyArKNCIJ2LIFi9FlnOHX130KwByYpSRSODPaZCIjgK7+PYC+ +T4/dg/YNTDNa1aM7UIpSWiYUc1GU5FKXY9u3Bqjvj63i7d6jvyDRRtsteOgsJ0Sc +POy3F/yJl/Ojol7CWVPgz+S1ATtjUyjTr2ZLNDmvYQ4+m+6zidaToDsBxLMjVBA8 +TdeqsNrZbMowRC3dsihiikFg8kATbLB8PkHgi6Y08eeuUYcDjpl/2Wii9pwNeYKy +n98kyGZg6LZIRCfIa1a3RIXOArfTinFcV1FXIYzqwlEPUD+AqwRNyVLd5KXyLh9t +dbqHHZAL7hiEgHO7i5WEimENTl1in+NmDPs2DifTSPgGiAalX+5+XN2tCh09HKpA +eZh5uFCMNo0LCjYL1T7nXYHdbNxtsW8NdJ4sL8IF8kQRsjP6gcVKbT5F1izia18u +5EOVURuZMQXfJRtz0XucxHNJ+2Jg2Wlj3dE+ZW1H+mRMA1hQ2aa+5Spo6z+LEPHm +uyIGKJqgpJhpbza01A0ODH3AKTG7LAMn4WenvdGLLraHxArgCQuCoeZPWJ372Phh +4cqXxLi3UDnMMU79LRwa9kfjbOwbBeh/FzUQhNoz5zTmtaTrxCIHSvabWNgPnED7 +sYtfov2Z6qJ7WWLRXq7RSnIYK0s2OXIHmlrwYzrPG/nP3UhzWXDkMB4wCgYIKwYB +BQUHAwMMEFNJVEhTIFJvb3QgQ0EgdjE= +-----END TRUSTED CERTIFICATE----- + +# SSC GDL CA Root A +-----BEGIN TRUSTED CERTIFICATE----- +MIIFrjCCA5agAwIBAgIQUJZucr0Q1oxPa8diP5xwODANBgkqhkiG9w0BAQsFADBx +MQswCQYDVQQGEwJMVDErMCkGA1UEChMiU2thaXRtZW5pbmlvIHNlcnRpZmlrYXZp +bW8gY2VudHJhczEZMBcGA1UECxMQQ0EgUk9PVCBTZXJ2aWNlczEaMBgGA1UEAxMR +U1NDIEdETCBDQSBSb290IEEwHhcNMTMwNjA0MTMwMDQ3WhcNMzMwNjA0MTMwMDQ3 +WjBxMQswCQYDVQQGEwJMVDErMCkGA1UEChMiU2thaXRtZW5pbmlvIHNlcnRpZmlr +YXZpbW8gY2VudHJhczEZMBcGA1UECxMQQ0EgUk9PVCBTZXJ2aWNlczEaMBgGA1UE +AxMRU1NDIEdETCBDQSBSb290IEEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCfXEr8HGu3GZfZATc+CukYhtMF6qLa3wmCV+5tK42aFj1VPonXyb7hAaOA +NaNG7OER7ag8leU6UoHKTpgIKg+E3LvppPl5tknCFZ6glegPSPdQ1/mmQ9QHCzBB +yTYSYrdseAsGPy6znuow/UFjT4QsN84Hpjlke3EVWysB8td9mA0YPtuFmuABUCEk +uBujY0PTgVtNDIFOOGvOYMXqB+In4uv2w1SayMmz0SsyNwK8bXuekHcjjZMTJjuH +V6NlTyZYFGpjJZrlYfocV/0NLGkPxgrwJjkXAqPWc4FCw0Ixg4vg+ktOWGExKJI8 +xskQCMkMW0SsY8LXYhnyce4gt0mDGZ5H2lbFHKykOWgXXxEabKqlko+9G8vF4AKA +VdNwU+WLKv5C6r07XONSAH14PybMEa400TIM+Hug0X0944q8vh4ekj84sl8yXjXE +fsKSDZ22y1nV6xJq3XIhURGwc+Uy6dbMDt2zOVoi7+T16QZphip8c68YInMsNiXc +ValSMbOKjhV9sk4Qe1CKAEy6h+JFU3d+TWUCa4yTtmt17e+Wt0iOqOC6uYKyUm0h +/5K60T6wXLGrGQ4Zc0Yr01JIZTTaBDXSeD7PYzWkU+ZL41CDvfObh7Ih2kihekvs +suLx1CUFlFMWTCtmJBDI4NecEqSUwgEjk6EApuBuuzni9XpoqQIDAQABo0IwQDAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoBF+H+SU +ZFE7Ejl6bN1Jk/n9wFwwDQYJKoZIhvcNAQELBQADggIBAAzxS4zhTxYW0upikrat +1FKOCxlkSznwmDlzSlLqTs2OZEewMI88Dy3aImXzGVgyPH+DjwoM5VTmqb64rpdW +5rcNGXy9lyxqKqVWc4LeTpiLPRzE0Csru8UM+E7+La6/qWd/V7Nv7f+L01YM7zCM +wV6m6VmKPC7cR8/MlF6DrBR2+n68DKMOXBuI7CsbNWiIsfV7xfOzxRq8+++1Xt/w +OR51aO1EwksicD5ca5TJEKzw/cgvfiPigacbzgy6RTInUEU5rOD+ALQqdQcMZxu7 +ccCC45dWl9Dkd1m5/3xnXIRluwg2qEtOkcJp/h3smhMfdTMsKcbpsGiQI/8jX3/G +O6coELgfoojNZBYlT+OAt8BKgFfwkNs6sgIyINVryNgUQMnZOBlUOOvoZTtvXNVF +eq/b2diVnranlc0cCR0CHgHpBJVdhZc4Fb2ox5ne00RCXYaDQSR8UYmqQwknNOjx +CrWWS7TzoP7yAI1qO3S5Q7lmuc/q6zfO/5vpI/hs0yP96Ongbvj7DVJAiqyAayAQ +XdCo/ao9ORErL/9SkTqg3IrHdjYRWYW7MIqkSDCcYUOr1K927cC/F5R4NdtINwjU +jmoA6SLdyvDTEjg8mJ9gTG0/Qv3vjJq3HnF6GknUYMnrj/Tpxr9wVIjSx1c7Vs3X +btztDXR+5XVBkVeTNH2p9b2HMB8wCgYIKwYBBQUHAwMMEVNTQyBHREwgQ0EgUm9v +dCBB +-----END TRUSTED CERTIFICATE----- + +# SSC GDL CA Root B +-----BEGIN TRUSTED CERTIFICATE----- +MIIFrjCCA5agAwIBAgIQPoxPvOQpg4JNhFWO1TWAzzANBgkqhkiG9w0BAQsFADBx +MQswCQYDVQQGEwJMVDErMCkGA1UEChMiU2thaXRtZW5pbmlvIHNlcnRpZmlrYXZp +bW8gY2VudHJhczEZMBcGA1UECxMQQ0EgUk9PVCBTZXJ2aWNlczEaMBgGA1UEAxMR +U1NDIEdETCBDQSBSb290IEIwHhcNMTMwNjA0MTQyMDE1WhcNMzMwNjA0MTQyMTU1 +WjBxMQswCQYDVQQGEwJMVDErMCkGA1UEChMiU2thaXRtZW5pbmlvIHNlcnRpZmlr +YXZpbW8gY2VudHJhczEZMBcGA1UECxMQQ0EgUk9PVCBTZXJ2aWNlczEaMBgGA1UE +AxMRU1NDIEdETCBDQSBSb290IEIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCPlenS68FzJcc4Z/CDjlO8tsvOunPbTyf2IpA/Qr8h1t5igrRvBAVJCTt3 +AddLX1LS2RnHbXwMqToJYuQqGGmMoN3rrBO2DjkRgGlOY1/cPA362YxivmSFMjJZ +l1CTid/7/9TYZXHHRlWiG5lhH9xQAMgXeehQsAxe5v52pgFOCchwbPqQs17cPQfN +SaNOVl4ST2RBf34MFcOg3rOjKQZJRKFfbz+BoERN8HsKOCjtEu5jl8N7XYxPcd2V +OtouqAFGCvNs6LXxHwgA8UCSGyYAMXU5RkkmuaTUcXcRpE8zzAnb2dEhS5JErM54 +YoIX+/oStH3V8obt9H6WFOaNA1KvzRei1Ryl/oGmmu195NkOMmYQj9vZMzGBfilX +78yyoWDuilu5Zdt/G5osjycxiYoota+xVtQDIu4lT9iavdJsV7yDpkgfLFUHCTQr +uXksAqWgX3x2nyQyPC2S3+tIV4eh9v4j+jSrifVoG44fqm4OpdIh0u+50bFJVzVa +hNMe4gJtUhB/4oxNIdsyMhx9zJYiAy1qpwZCbW6Qh/ocXLBP0ANBE/oLU+bBEAJI +C3dj9KWcUXuYZtfFdjLlb10UYX0Mu22VQNqpJsf3qcvS/ifBK/axaIb+42JSmVCO +K95BIQcbh/VAHXCtz/3CQ6g1VhFCxcteZqHIqGj3/kxXYTZSgQIDAQABo0IwQDAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUcgNGh2H2 +HbPUlWO5UHduDauY/i8wDQYJKoZIhvcNAQELBQADggIBAAjbijKBdDNxFuwhhVNI +Cm8fcuPjBPgutz/zJJVPnO0T4YiCAvZm97exLYAnra64bf4jBxEIq3RhjCgS+fYQ +NPDPtnyjdS0S1JTfdO6xmKux7iJiS1kff/4aZa1N4qQRPxMhtNg1i3ZApl+9MxHf +mOMhXh2ju3g2AjvY/WSE2jfNWe38DNB0pGtxPDYSRJ5+bk8KIRxlH0sSbL+Octbd +PgBwmAFFK+yVkOPTaTjnK51+ZVlb4duFymP+q7/k0P3kUroa5v7GkLp7zvGkYsVH +viTHoHrlIeHGCOAMiYOPgGn97qDfekw600gqFr+uppW13Wgf+w61BYzRskR8YDBW +dhe1NU+o1QrrwrVuAu6cXw6jsQGo5VNvfoNBHxXY/+HCthrxRpxkoBrgSsq4prSJ +JO57lZli1OJAu86jmn0dcvMbgUF3AF7sPKIwBTzNfEg2E8gysGtvnzgoOGlce+bi +rYO7bRPRLrfRdm9dMF65UEVI1kiAk1HJFqkQXWfGy35nfQVP9CDvJCVe7WdDxvtu +efuy8sjJzkF8BeCti80KRS7iYp+XkfT5Y+zywmCK3Bv/Iaj/I4eMc42wOswfjzFy +Cv2Wod8aU9M2trB3Rt4D9sKALm+XI+ERzFGYP+5A//Q9m4h/jLvhWYa9CTQnXJ4K +kzI7VSqpXgsND6mmUQTimyoRMB8wCgYIKwYBBQUHAwMMEVNTQyBHREwgQ0EgUm9v +dCBC +-----END TRUSTED CERTIFICATE----- + +# SSC Root CA A +-----BEGIN TRUSTED CERTIFICATE----- +MIIGKjCCBBKgAwIBAgIQZgej0p0pVhgO4V5ZmLGEVTANBgkqhkiG9w0BAQUFADB0 +MQswCQYDVQQGEwJMVDErMCkGA1UEChMiU2thaXRtZW5pbmlvIHNlcnRpZmlrYXZp +bW8gY2VudHJhczEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAU +BgNVBAMTDVNTQyBSb290IENBIEEwHhcNMDYxMjI3MTIxODUyWhcNMjYxMjI4MTIw +NTA0WjB0MQswCQYDVQQGEwJMVDErMCkGA1UEChMiU2thaXRtZW5pbmlvIHNlcnRp +ZmlrYXZpbW8gY2VudHJhczEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkxFjAUBgNVBAMTDVNTQyBSb290IENBIEEwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQC66k++hMAZJIohqUyZffcM1aVRkqhl44mjC2bnQvh50g+DI3u3 +psEk1jXW2OUBynCxFtZHbr4QbH7pUG529+Xkgw941aBz9Y3RmR+URCOWxu5yWvna +XTyRr2zol+iGXfeei/rErGZP5HI/O92eTjXSEx99u0RL9FOs1hTXQDm6wD/8hSDT +xADQ59hHmQR5h4ZAsqxeyXUgwwkUrwSOpqKtKleIZaHMKL42yR8lD8NrIoQ5d046 +A8Bq2z66tome5NcumrdDAT/52qyprOR3M4ftCzndx8GtDVmDMNE2BFi0ZE7m/wjo +QrGAq/iY//MphhYRJE4Joc8wf7xesApqoXFr9ZoSayVtdwKiRl75aS/7OxiVX45c +l5RgXh1xqEG0Xc9aemfj1Eo1HzfgdhYDO/RRnJgUKUmIDELQLW2pp0AmOnkAMDvA +u0SYrSTO0ZbciXiB9lpbQrx04YfTZchH5jayzMFvwMfcgCVSPDGQ3cnIUKh6u3bg +7xOUzgR+arZOd/mD0G/4OtAKQ8q6ELb/PB2UYJSEbfWlyX1MCn4vj2/93S17Sunv +NNu7fv8Mbzf6+cPMyS/R6Sw9KqxsJjvQCV7EgCeL3WHw55VRQ8QN5jHQeNbBxsJm +AdHjzMfTHhUFNtuUmuxSw5HHL7H0A/cHrNNLkatWPNCu/V9tLdMAEc+TvQIDAQAB +o4G3MIG0MA8GA1UdEwEB/wQFMAMBAf8wPQYDVR0gBDYwNDAyBgsrBgEEAYGvZQEC +ADAjMCEGCCsGAQUFBwIBFhVodHRwOi8vd3d3LnNzYy5sdC9jcHMwMwYDVR0fBCww +KjAooCagJIYiaHR0cDovL2NybC5zc2MubHQvcm9vdC1hL2NhY3JsLmNybDAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMy/3qeQd2JqHXhpLgo4m3dRUwPwMA0GCSqG +SIb3DQEBBQUAA4ICAQA+r8ioxzNP8G6aQ+HysFdS4ZyeBl9C1vH9yotRP+HHZWlP +dBlQis8Yk0mNoBywOz2OSJPZ6AV+xAmxD1KKa5dv1448gADQQXOtPcNEB3Fqj2J+ +BdhTYHKxAekAYqoN2NhJwrR9DVuzlyk2mbmn0UuYa0S8shKOdmR1TA3Nwi6zWPx6 +T1WzWX9d4C8wM8+IG2npTYqQnpC5MTrzogW8/vndUI0OlBmdfo2qFX4PUpMl5IEO +li0cAxwwgxGWQqmYpJ1fyalcO0lowoRtmdr2/qLy3DdejXrlpVfKI0uTXZIqVYSz +lrMemJRJfGw83J4dtqvDrAnFnd4311TEnK0/sNZpAeUQhn25gYNunGZOlQWSkDGH +JrLakXS9hORxaOR2AOB2czRHhpVluluQom0FKXhg64b5Ek3oCFakzIyiVkrOgPQU +YSLlqx06QTuE14J4BS+sHSNoq3J5hc1G5nqngloo0BU9HduMmFDO+69YO9OproA7 +FgB2J9Vw6QmNNpQJf+PvYBBRysZVcGarUW/zUU8SVq7719kN4PqrEN5qgayFdy2s +emN7RuE32ldurWX8IQSZhQHPIzoyxe1am9WhggR3EUWOpER9wsvLpw/oErrybrqP +MzAb3Sn48EKjbkKlbvpWpalQg9EFZhaLLfvmktHmbAvVWiltK89519naT/BotjAb +MAoGCCsGAQUFBwMDDA1TU0MgUm9vdCBDQSBB +-----END TRUSTED CERTIFICATE----- + +# SSC Root CA B +-----BEGIN TRUSTED CERTIFICATE----- +MIIGKzCCBBOgAwIBAgIRAL6SgxjzVYp4o2dZHGkkCT8wDQYJKoZIhvcNAQEFBQAw +dDELMAkGA1UEBhMCTFQxKzApBgNVBAoTIlNrYWl0bWVuaW5pbyBzZXJ0aWZpa2F2 +aW1vIGNlbnRyYXMxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYw +FAYDVQQDEw1TU0MgUm9vdCBDQSBCMB4XDTA2MTIyNzEyMjI1MFoXDTI2MTIyNTEy +MDgyNlowdDELMAkGA1UEBhMCTFQxKzApBgNVBAoTIlNrYWl0bWVuaW5pbyBzZXJ0 +aWZpa2F2aW1vIGNlbnRyYXMxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9y +aXR5MRYwFAYDVQQDEw1TU0MgUm9vdCBDQSBCMIICIjANBgkqhkiG9w0BAQEFAAOC +Ag8AMIICCgKCAgEAwfNV9UdRTlUXZY2wskEooUrRn0v2c/8+0slNWT/kt8efBl3Y +PKOIhOBzXf0F6seO16QEauufvUP9FJJGuMW6qu1g7OzKkI0KcqlBm9SdvLBsohEf +ZMvnHdRFZw4Ja+V47PE/BFTzmpnHWdHSeaekGrB8Sfwch1ReeAbV3R3MhaBCeNXQ +sIrq6PGhnlbv08F9h6zn2mhPGdZv4JOtSVxzFMFGap33WEDZV1hObDf0ciME+NtK +sN7xQZYSQKEVi2e4XnhWy3/kvsBJaJG4RwiTgcG1GzEG04B70UWhzww9YfOS+PGw +FQ74LjBbAKNJ923+7ty/iM/wfVc+r8DRiut80m0xVfqEjXNq2nCAxPTCz5COMJrh +xjVyAQjmP+ZmAKPy+JIdvFLsj/bc9wrvvBCH+YQYjF4fA7j/NS8BauXwW2J847N/ +M6qU105RgbXoV3iPIpapDIlUPrbu2XNfZPRE4fFqGP9SlsQcv4mXpMOnyn4Ybhbc +E4y71bUlCYav9i9FlCowwRSUNfZdyiWVnLFYibi1YIXJxr4UGaM++VaFq8ps1pl5 +okoUb8M62OdmUQrpHP7MaeY0bPSB232iEfhMxIcFFj3rl3Q/buycubYnjCTfLbOv +3RNhdo//8kzgCBkwMiQyXDaAF+6Gyd8vUeJWroOS8LO92Ic6LJ7E3GmZ+csCAwEA +AaOBtzCBtDAPBgNVHRMBAf8EBTADAQH/MD0GA1UdIAQ2MDQwMgYLKwYBBAGBr2UB +AgAwIzAhBggrBgEFBQcCARYVaHR0cDovL3d3dy5zc2MubHQvY3BzMDMGA1UdHwQs +MCowKKAmoCSGImh0dHA6Ly9jcmwuc3NjLmx0L3Jvb3QtYi9jYWNybC5jcmwwDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBScA/Co0phyaK7y7eBP4oUOsiVOzzANBgkq +hkiG9w0BAQUFAAOCAgEArFy8L/yuASSmED6sqOGnJ5mNyojBHT2R9qJ+pfGYQf+q +YfgJvs0aJWF0tMOvQloJD5EBvkiV9Mp3XguDzoSdz0D9gCy942Y1Crix+mDa5dhU +tUuXuqIawyBpjbRGc1yqv717/xowNFhA+StgC3lE+feilgtrUnvwK0s70ouga5M9 +yVdjimvMUBOPd6hRvhpMLUxdDJBbjvPvUCBtgeZRSavE59ddCCtR/D1GEufRpXbF +UyQFyarTjljF84p0kjLt8C/dq63p0jWPdCPjmQDiizDkw0Ku8Lvp4ggbSnAtffjS +mieRQnB1egh+vi8cfzc9qIvcRnL16G82aPpujSCd1PUHcb+9J0K5cyjW7Em0BYVP +aEj2q5TfDqNGFGDCMSA76y5b3tWhLG3lUvqBX5eIyWO9AezjzWsKNcLJOOMO81gb +fdqQbbf1yFhWna4B35GdrVWCAwwRdASRhsd8k4zzJ/vFJFdui9kbmJ2IMfCvd7gN +tMzP9gpvEpvsCStTiexE4KFpi6h0hnQYUuDSv6ChZSG5CIN686T1+F43JUeZpl3X +Ilrbk2cX2xDjjNESkUeKlaVHoQP4Sy4hxZBisH8no9sVfzh/bH9OBcUDtC3fRV91 +LB3xX6a19hc5Qen4ZcIeWBHKfI7itbqSD2e3j+uZ1DH7cntamF+SlMcE6jD2uxow +GzAKBggrBgEFBQcDAwwNU1NDIFJvb3QgQ0EgQg== +-----END TRUSTED CERTIFICATE----- + +# SSC Root CA C +-----BEGIN TRUSTED CERTIFICATE----- +MIIGKjCCBBKgAwIBAgIQNLkSn6zHklVCXN5X/+PABTANBgkqhkiG9w0BAQUFADB0 +MQswCQYDVQQGEwJMVDErMCkGA1UEChMiU2thaXRtZW5pbmlvIHNlcnRpZmlrYXZp +bW8gY2VudHJhczEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAU +BgNVBAMTDVNTQyBSb290IENBIEMwHhcNMDYxMjI3MTIyNjMwWhcNMjYxMjIyMTIx +MTMwWjB0MQswCQYDVQQGEwJMVDErMCkGA1UEChMiU2thaXRtZW5pbmlvIHNlcnRp +ZmlrYXZpbW8gY2VudHJhczEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkxFjAUBgNVBAMTDVNTQyBSb290IENBIEMwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQChRSL6jMypbwSz9GgyFmkRT3nfQ71RYHAamN14eJaYYvdwS4Go +4B0EifSP627p8P+B2C59rxcg8SLv8D9FR0C0y7K4ID8+SmhQ/5oG15fFt4oWLnHS +R3NdGGUv7zkz6LZVryatAoDpY9chcAc+zL5ficD4zh0lbsP8f1Y5YdGOwiZ653gC +ClndVSOw+DWn4qvzqy/XtYsKKnJUK215vPLZ6UP5z/GOZhL3l1kq2deU3PiUs0Wj +rxYts4DKPc7opscKlHT8N5rpPww3FiBDyUdwu4yF/JiJKcuHGX4ZUxCJgHWuE/G/ +pF0wBSl8qPe2XgcwFYiuTRWgys3X/6ujBlcPp+OJaRzWGtHUJ9+Wxjhcr3f+FatE +QX3TmLuoIBivi23UWsLYlo1I9QcxfmH0YZtSgUCOSicEsgfTAhCU8/vdsXtwuLTI +gfUAB6aNiAVNxI+WztS2wMFmjCqsaErJRtwN5i6oeSh9d0NwFn4cGjqmeU8TQImx +MrsJRhENdLwn5djtLfpQKdwlypcQ56miYS46iaZEYb5PXpIJ7dwupu9Tu2El2Cel +FEYphSYA2Pn5BdV7FjFCQwUXkZxKYEAkbbVtenn7nJpjw5hp5XdiIypRiQ9ssv3D +ytj0GkOU0H0L4Vg+Gsh0hJv3rIKuUUWS0gZZ4bPB3qUfkyJ52M3EeWAjlQIDAQAB +o4G3MIG0MA8GA1UdEwEB/wQFMAMBAf8wPQYDVR0gBDYwNDAyBgsrBgEEAYGvZQEC +ADAjMCEGCCsGAQUFBwIBFhVodHRwOi8vd3d3LnNzYy5sdC9jcHMwMwYDVR0fBCww +KjAooCagJIYiaHR0cDovL2NybC5zc2MubHQvcm9vdC1jL2NhY3JsLmNybDAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIgHc/bxvFIaWh09kWLtXaydC+W3MA0GCSqG +SIb3DQEBBQUAA4ICAQAfkHFQmNXZNNKWhBjCrEYCIBzLObG3rwWk11jzkVF9joEn +nOiSseccnzqLEFJzTMLHQh3Q694qyiJRfYx0ehr8vKTzc8hmI8QuQxBH4IppV+4v +8gBSsDCSqtbUFcVXy2B69A6N/h4JY3SP4P6+UNkBOVa6UEz240Wau1J23n6d+43C +VDE+x7E8Pt/jT/3dmyRpfO3ocbZCBscfxV/7IHXbwf3pbKIqkNSG/c0N/+AFilhh +PZ/EmS/t23zEDZiYVZx0ohde26oR5DcMJP8gZ9El25qJoGWIMZEEcV8glFgzNh0y +3m/XZwipoDv926RQJZYeqV+JF6WXmVGVadvE8Y/0bzArWfOsdYczfQbd4cFr1sTJ +XnBEemrHnHc7Fv7+db6fLNHAA+4ReXXsqVsceoW1KFAgqRod5nuMMxj/we3IdmUf +HfBMO6fb6s1W2JRXP+BIqX+MM0u99AxlFICC9DV32AQQcM4PbMFZy5mtge7ePUjQ +eogvQJPXnLp5hBiAdd/QWt9Rdz5YiWl1RzHkahZwVATsvVx5U2PS4l69TSXaEbYP +quksrvXRqY0CVsv8sCTqjLpw/zLQt8YEKmPVykaR1ZlyCQdeKAOrEhwls2w6WWW0 +dG0tLRlyb/3nmBGHHnMjvzXxm7bD2cw7UHxy6M9ewJjMLgP9Hy/KdFyxHNHsaTAb +MAoGCCsGAQUFBwMDDA1TU0MgUm9vdCBDQSBD +-----END TRUSTED CERTIFICATE----- + +# SSL.com Client ECC Root CA 2022 +-----BEGIN TRUSTED CERTIFICATE----- +MIICQDCCAcagAwIBAgIQdvhIHq7wPHAf4D8lVAGD1TAKBggqhkjOPQQDAzBRMQsw +CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSgwJgYDVQQDDB9T +U0wuY29tIENsaWVudCBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzAzMloX +DTQ2MDgxOTE2MzAzMVowUTELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw +b3JhdGlvbjEoMCYGA1UEAwwfU1NMLmNvbSBDbGllbnQgRUNDIFJvb3QgQ0EgMjAy +MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABC1Tfp+LPrM2ulDizOvcuiaK04wGP2cP +7/UX5dSumkYqQQEHaedncfHCAzbG8CtSjs8UkmikPnBREmmNeKKCyikUwOSUIrJE +kmBvyASkZ9Wi0PPQ1+qOPA+60kBHkDTufaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAf +BgNVHSMEGDAWgBS3/i1ixYFTzVIaL11goMNd+7IcHDAdBgNVHQ4EFgQUt/4tYsWB +U81SGi9dYKDDXfuyHBwwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUC +ME0HES0R+7kmwyHdcuEX/MHPFOpJznGHjtZT3BHNXVSKr9kt9IxR6rxmR+J/lYNg +ZQIxAIwhTE+75bBQ35BiSebMkdv4P11xkQiOT5LJf6Zc6hN+7W3E6MMqb1wR4aXz +alqaTTAtMAoGCCsGAQUFBwMEDB9TU0wuY29tIENsaWVudCBFQ0MgUm9vdCBDQSAy +MDIy +-----END TRUSTED CERTIFICATE----- + +# SSL.com Client RSA Root CA 2022 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFjzCCA3egAwIBAgIQdq/uiJMVRbZQU5uAnKTfmjANBgkqhkiG9w0BAQsFADBR +MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSgwJgYDVQQD +DB9TU0wuY29tIENsaWVudCBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzEw +N1oXDTQ2MDgxOTE2MzEwNlowUTELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBD +b3Jwb3JhdGlvbjEoMCYGA1UEAwwfU1NMLmNvbSBDbGllbnQgUlNBIFJvb3QgQ0Eg +MjAyMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALhY20Yw+8k/48jw +ATM04tpIqBjpIG6a1wHh1SmPMLQjauTLYrC+4p8gvT5UoDlox4Y3ZnQGBu90K9rc +n4SpUi+Q0u5+fPulIq1vcEZnlj0p1KO7VnsUBFnBIWNEHrIfElyQh2UNiPYeiCLi +Y1S78zb41n/c2v8pNanGbg5pWz/YvoKHFXBdsMdcEg9jpjjNz3O5ww6JJjcbP2Ic +MmnRm9n/VZAx3rFj3c/FdHf874ghU78AMRomLAAwpV9s4+T2AIrKmIecdAN6i2bs +fv2jjzUlXHils6T7PW2pivBsiIKL/UrQb+TXo7SONEk4vs5F5dIcyl7CNxSLzWZW +Mzed5WvsQ5JkoELadW/AFez5ab00uYp7+hb7Vf5SIOgEBFZWZfU3RJjIikbpt6y4 +6L5ijlQ2W/c7cL9d7i26X95CGYbwf4vrCMvYvuoOQkKgNnNXF+0y6tCN6Acbm5no +xJpiBA5I9zwSuvdYwZqM6cewIzZWNB3LbNq6B4Qd/dGsn+bCie/DuWwYs2mHV1+1 +DDhbpyEkKjunNJGetFTqKE/TwaOL5OYr1fKdv5thACLd1ktEHz9dVv7enHjMmVuq +5L2620NLrUwmTKNNNIpsdDYT22L8m7IFgf+uPwzN9hui9DnnyvVMXPtUdzWAWsAS +oRMBM2c9nYGhqfWFJFiIeOf042hVAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8w +HwYDVR0jBBgwFoAU8DhClDSpPAB/Uu45pfdLDbxqfSMwHQYDVR0OBBYEFPA4QpQ0 +qTwAf1LuOaX3Sw28an0jMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOC +AgEAmU/b8OrWEfoq/cirbeQOc2LSQp8V/nxwUj9kh4IxP0VALuEinwZmKfyW0y2N +tjjH2fMnwVkpoIz2cyQPKCLXTmHdE93bnzJSk/tPzOo4PJhqA6sWryHRQq59RSvq +xM+KWZ+CcHY6+GImyRCXWEAkpC25LymAJ+GJa3LKSQhxN1MF8YDO00IC0vzC0ZQG +7gfi9oPif5/nu1bDW7/dlZMJHiTBzybNraSuwrRp56q17TeU6d3RY4VrmnpKVnbc +GYUo1OTGpNi4lkF30LRZ8UYFh4cCH2m5ghjQQ9km2hpnqNZ1durybQ5C/4gmom6E +/n5iG/DGPe3AHGrHkda4ADdJm7mEBaHNbjHWROpTi7pTmB2hkIrphfgb8pNYw8jc +miZPPiDPT0PzEIx/EGF6NsqqC33Mn0dEWa6llcaZU+MHaz1JELAY/10OhUMUS+dr +00q1smBh3GlJAiNd6JJxw5yfRWd5HtwyhrqqVTxkbzK1EEAV3nJAeOBucLtu6wno +OdmsupJ13UPKugGVrRqBKzrw48UvDBhNEMauwO3+BVJ/GQXLqa81CAw4IuT+VuVT +Pr/k1rPZCMM91TMygSTFqeFlEbgyMzBxGEkdGkXGmhSKWDkobvPLUblJJmR4A8eR +EYOpuZA0tm+qBZ6FKFeZvn8nBkliTaH8CeErRglMFJtWj0UwLTAKBggrBgEFBQcD +BAwfU1NMLmNvbSBDbGllbnQgUlNBIFJvb3QgQ0EgMjAyMg== +-----END TRUSTED CERTIFICATE----- + +# SSL.com EV Root Certification Authority ECC +-----BEGIN TRUSTED CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx +NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv +bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA +VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku +WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP +MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX +5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ +ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg +h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSjBDMBQGCCsG +AQUFBwMBBggrBgEFBQcDAwwrU1NMLmNvbSBFViBSb290IENlcnRpZmljYXRpb24g +QXV0aG9yaXR5IEVDQw== +-----END TRUSTED CERTIFICATE----- + +# SSL.com EV Root Certification Authority RSA +-----BEGIN TRUSTED CERTIFICATE----- +MIIF4zCCA8ugAwIBAgIIHWwR62/aOZ0wDQYJKoZIhvcNAQELBQAwfzELMAkGA1UE +BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK +DA9TU0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTc1MDQ4WhcNNDEwMjEy +MTc1MDQ4WjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcM +B0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM +LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAMY3fBNvzw/ZUM/m16poL1xR1L/NTKbV +NzFAEDRBev3LlI1if7iQzc5pljrE/9nXY+bQhCWAEb/R7TDohAbhoJe4VZAdrfOk +mhtOnBH39dnWj2AqPjf4deyAo1Wg9CdBwqo55FLfEPn1ZTk/jJ3MeyfPBhR3Tj1S +54SBMWwSMqyEWhdqxMFcgDHC2kd7dg9C6OciFNONxFuPi2VYKSyPDo5J1NTYClrT +JtMJjthDspRP0sAc3XRiEWm8VCLoOh7QVVZFj3BwjS/vwl29XlTdLnvpGIuKSdlP +jRDzpVfha6sYS46uLvHyuvVdQfc52KPCXd6fWrEvRJM+P/EiOZRAbSfGzA14DAu9 +KlYmrSlXuHHkf+sTssh99Wtd8/IAMDP6W8sSanpBb28JTLdpDQ95IyMaZo1ZNmOW +gHsYImseIhgt5KV1ChBZ+6N+JhBTxsgZLh4nGPswBT2RBHqucMbMD6A00yQWGAEF +Z2nlRdFWqJu/r/qsVQgMAn5Ld6w3wdjtmTSgQbM1OusxNMk738Q9KUU1VLh/ls8I +D+mxnlXKZ4SgJ2Cr+lAxOdV7yraa7ZGMeB757uDiWUHUH0KAefX0g1AIrfNHQV9Q +o5+J87QnKlS5GllrCZxRwChrW7go0m81ftWTA250JWXqFgWRAfEHY0+rhMVy2c1o +m00sfgQ48OpHAgMBAAGjYzBhMB0GA1UdDgQWBBTZWir/pc6doZF9/4ddq2o1EtnJ +TDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNlaKv+lzp2hkX3/h12rajUS +2clMMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAvIzPI/q9M1eW +H9CC8BKuNETq8bwh1/WJxjQeeKbiUd/deIDV6m3Gqm8JAoyn5svIiVqUekqzVu/d +3VMyY/Bp791AuZCiLgN3lrUpAFLu+w6nlGjFPAMt6Wuqne6n2GeS4hFaON+YZqOg +jssMQjZMxVZbn3XwQNHoOyoIm1LDHF+QNFf7xvkdcfwlfM96fR5pxrv0FP4dHeeX +ooab8t9XkgZSZJMpWQovoRfcu+6tO7MAZTjZqJyBrc01nIvp4vSEjw7PjXFtAIA5 +b7MENaA4YanyL/Q1jdjf3qRpMPqgJnxaInnwaP7LzbzvlYwn5YT5/YRCxrr9ucnG +WnEwdjYCH9B8qRMO4SDZUgysHoh3oCmGOohmU6/DpcnbVLGk6O5Mbj+5ezCjQugC +pr2EbSp8/fTtRbcw+mxcI1ZaPGEqx5vmxfJEtwe/dp1C5Fzw7rk+EPPPUtLNzlIY +f2D2LpVMNQBMRtYQ7DTLWHtqDeRjVcxY2U9jZzHCUqF5DyrPyU7MEsuNGlqqRjET +Ow3pV2haC4QENi+fEbw8eq1av0bjtyCJHdwHfNx66+l2yQANcLeflxpi7xjmZL4I +p6SZu3+MaJqYyYZi9qGYNjmj85ZXpAJj+VU+sIyfv6l6SzzZua4PivS6HCWrVVmh +VsIzuTrEQM+LGvcDDr0bYGN9JdSpvuUwOTAKBggrBgEFBQcDAwwrU1NMLmNvbSBF +ViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQQ== +-----END TRUSTED CERTIFICATE----- + +# SSL.com EV Root Certification Authority RSA R2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV +BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE +CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy +MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G +A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD +DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq +M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf +OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa +4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9 +HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR +aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA +b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ +Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV +PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO +pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu +UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY +MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4 +9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW +s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5 +Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg +cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM +79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz +/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt +ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm +Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK +QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ +w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi +S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07 +mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+zBGMBQGCCsGAQUFBwMBBggr +BgEFBQcDAwwuU1NMLmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IFJTQSBSMg== +-----END TRUSTED CERTIFICATE----- + +# SSL.com Root Certification Authority ECC +-----BEGIN TRUSTED CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz +WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0 +b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS +b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI +7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg +CemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud +EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD +VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T +kdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+ +gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5WplMEowHgYIKwYBBQUHAwQG +CCsGAQUFBwMBBggrBgEFBQcDAwwoU1NMLmNvbSBSb290IENlcnRpZmljYXRpb24g +QXV0aG9yaXR5IEVDQw== +-----END TRUSTED CERTIFICATE----- + +# SSL.com Root Certification Authority RSA +-----BEGIN TRUSTED CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK +DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz +OTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R +xFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX +qhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC +C52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3 +6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh +/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF +YD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E +JNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc +US4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8 +ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm ++Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi +M+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G +A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV +cpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc +Hadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs +PgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/ +q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0 +cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr +a6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I +H37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y +K9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu +nLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf +oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY +Ic2wBlX7Jz9TkHCpBB5XJ7kwSjAeBggrBgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUF +BwMDDChTU0wuY29tIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNB +-----END TRUSTED CERTIFICATE----- + +# SSL.com TLS ECC Root CA 2022 +-----BEGIN TRUSTED CERTIFICATE----- +MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw +CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT +U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2 +MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3Jh +dGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3QgQ0EgMjAyMjB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWyJGYm +acCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFN +SeR7T5v15wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME +GDAWgBSJjy+j6CugFFR781a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NW +uCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp +15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w7deedWo1dlJF4AIxAMeN +b0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6jAq +MAoGCCsGAQUFBwMBDBxTU0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIy +-----END TRUSTED CERTIFICATE----- + +# SSL.com TLS RSA Root CA 2022 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO +MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD +DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX +DTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw +b3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMjCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u9nTP +L3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OY +t6/wNr/y7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0ins +S657Lb85/bRi3pZ7QcacoOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3 +PnxEX4MN8/HdIGkWCVDi1FW24IBydm5MR7d1VVm0U3TZlMZBrViKMWYPHqIbKUBO +L9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDGD6C1vBdOSHtRwvzpXGk3 +R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEWTO6Af77w +dr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS ++YCk8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYS +d66UNHsef8JmAOSqg+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoG +AtUjHBPW6dvbxrB6y3snm/vg1UYk7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2f +gTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j +BBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsuN+7jhHonLs0Z +NbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt +hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsM +QtfhWsSWTVTNj8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvf +R4iyrT7gJ4eLSYwfqUdYe5byiB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJ +DPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjUo3KUQyxi4U5cMj29TH0ZR6LDSeeW +P4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqoENjwuSfr98t67wVy +lrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7EgkaibMOlq +bLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2w +AgDHbICivRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3q +r5nsLFR+jM4uElZI7xc7P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sji +Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU +98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmAwKjAKBggrBgEFBQcDAQwcU1NM +LmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMg== +-----END TRUSTED CERTIFICATE----- + +# SZAFIR ROOT CA2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL +BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6 +ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw +NzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L +cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIg +Uk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvN +QLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT +3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw +3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr6 +3fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHMyAHs6A6KCpbns6aH5db5 +BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRnvDF5YTy7ykHN +XGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsF +AAOCAQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw +8PRBEew/R40/cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOG +nXkZ7/e7DDWQw4rtTw/1zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCP +oky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGy +d05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg +LvWpCz/UXeHPhJ/iGcJfitYgHuNztzAnMBQGCCsGAQUFBwMEBggrBgEFBQcDAQwP +U1pBRklSIFJPT1QgQ0Ey +-----END TRUSTED CERTIFICATE----- + +# Sectigo Public Email Protection Root E46 +-----BEGIN TRUSTED CERTIFICATE----- +MIICMTCCAbegAwIBAgIQbvXTp0GOoFlApzBr0kBlVjAKBggqhkjOPQQDAzBaMQsw +CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTEwLwYDVQQDEyhT +ZWN0aWdvIFB1YmxpYyBFbWFpbCBQcm90ZWN0aW9uIFJvb3QgRTQ2MB4XDTIxMDMy +MjAwMDAwMFoXDTQ2MDMyMTIzNTk1OVowWjELMAkGA1UEBhMCR0IxGDAWBgNVBAoT +D1NlY3RpZ28gTGltaXRlZDExMC8GA1UEAxMoU2VjdGlnbyBQdWJsaWMgRW1haWwg +UHJvdGVjdGlvbiBSb290IEU0NjB2MBAGByqGSM49AgEGBSuBBAAiA2IABLinUpT1 +PgWwG/YfsdN+ueQFZlSAzmylaH3kU1LbgvrEht9DePfIrRa8P3gyy2vTSdZE5bN+ +n3umxizy4rbTibCaPEvOiUvGxss6SWAPRrxtTnqcyZuFewq2sEfCiOPU0aNCMEAw +HQYDVR0OBBYEFC1OjKfCI7JXqQZrPmsrifPDXkfOMA4GA1UdDwEB/wQEAwIBhjAP +BgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQCSnRpZY0VYjhsW5H16 +bDZIMB8rcueQMzT9JKLGBoxvOzJXWvj+xkkSU5rZELKZUXICMAUlKjMh/JPmIqLM +cFUoNVaiB8QhhCMaTEyZUJmSFMtK3Fb79dOPaiz1cTr4izsDnjA2MAoGCCsGAQUF +BwMEDChTZWN0aWdvIFB1YmxpYyBFbWFpbCBQcm90ZWN0aW9uIFJvb3QgRTQ2 +-----END TRUSTED CERTIFICATE----- + +# Sectigo Public Email Protection Root R46 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFgDCCA2igAwIBAgIQHUSeuQ2DkXSu3fLriLemozANBgkqhkiG9w0BAQwFADBa +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTEwLwYDVQQD +EyhTZWN0aWdvIFB1YmxpYyBFbWFpbCBQcm90ZWN0aW9uIFJvb3QgUjQ2MB4XDTIx +MDMyMjAwMDAwMFoXDTQ2MDMyMTIzNTk1OVowWjELMAkGA1UEBhMCR0IxGDAWBgNV +BAoTD1NlY3RpZ28gTGltaXRlZDExMC8GA1UEAxMoU2VjdGlnbyBQdWJsaWMgRW1h +aWwgUHJvdGVjdGlvbiBSb290IFI0NjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBAJHlG/qqbTcrdccuXxSl2yyXtixGj2nZ7JYt8x1avtMdI+ZoCf9KEXMa +rmefdprS5+y42V8r+SZWUa92nan8F+8yCtAjPLosT0eD7J0FaEJeBuDV6CtoSJey ++vOkcTV9NJsXi39NDdvcTwVMlGK/NfovyKccZtlxX+XmWlXKq/S4dxlFUEVOSqvb +nmbBGbc3QshWpUAS+TPoOEU6xoSjAo4vJLDDQYUHSZzP3NHyJm/tMxwzZypFN9mF +ZSIasbUQUglrA8YfcD2RxH2QPe1m+JD/JeDtkqKLMSmtnBJmeGOdV+z7C96O3IvL +Oql39Lrl7DiMi+YTZqdpWMOCGhrN8Z/YU5JOSX2pRefxQyFatz5AzWOJz9m/x1AL +4bzniJatntQX2l3P4JH9phDUuQOBm2ms+4SogTXrG+tobHxgPsPfybSudB1Ird1u +EYbhKmo2Fq7IzrzbWPxAk0DYjlOXwqwiOOWIMbMuoe/s4EIN6v+TVkoGpJtMAmhk +j1ZQwYEF/cvbxdcV8mu1dsOj+TLOyrVKqRt9Gdx/x2p+ley2uI39lUqcoytti/Fw +5UcrAFzkuZ7U+NlYKdDL4ChibK6cYuLMvDaTQfXv/kZilbBXSnQsR1Ipnd2ioU9C +wpLOLVBSXowKoffYncX4/TaHTlf9aKFfmYMc8LXd6JLTZUBVypaFAgMBAAGjQjBA +MB0GA1UdDgQWBBSn15V360rDJ82TvjdMJoQhFH1dmDAOBgNVHQ8BAf8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQwFAAOCAgEANNLxFfOTAdRyi/Cr +CB8TPHO0sKvoeNlsupqvJuwQgOUNUzHd4/qMUSIkMze4GH46+ljoNOWM4KEfCUHS +Nz/Mywk1Qojp/BHXz0KqpHC2ccFTvcV0r8QiJGPPYoJ9yctRwYiQbVtcvvuZqLq2 +hrDpZgvlG2uv6iuGp9+oI0yWP09XQhgVg0Pxhia3KgPOC53opWgejG+9heMbUY/n +Fy8r0NZ4wi3dcojUZZ76mdR+55cKkgGapamEOgwqdD0zGMiH9+ik9YZCOf1rdSn8 +AAasoqUaVI7pUEkXZq9LBC2blIClVKuMVxdEnw/WaGRytEseAcfZm5TZg5mvEgUR +o5gi0vJXyiT5ujgVEki6Yzv8i5V41nIHVszN/J0c0MVkO2M0zwSZircweXq28sbV +2VR6hwt+TveE7BTziBYS8dWuChoJ7oat5av9rsMpeXTDAV8Rm991mcZK95uPbEns +IS+0AlmzLdBykLoLFHR4S8/BX1VyjlQrE876WAzTuyzZqZFh+PjxtnvevKnMkgTM +S2tfc4C2Ie1QT9d2h27O39K3vWKhfVhiaEVStj/eEtvtBGmedoiqAW3ahsdgG8NS +rDfsUHGAciohRQpTRzwZ643SWQTeJbDrHzVvYH3Xtca7CyeN4E1U5c8dJgFuOzXI +IBKJg/DS7Vg7NJ27MfUy/THzVhowNjAKBggrBgEFBQcDBAwoU2VjdGlnbyBQdWJs +aWMgRW1haWwgUHJvdGVjdGlvbiBSb290IFI0Ng== +-----END TRUSTED CERTIFICATE----- + +# Sectigo Public Server Authentication Root E46 +-----BEGIN TRUSTED CERTIFICATE----- +MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQsw +CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T +ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcN +MjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYG +A1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT +ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccC +WvkEN/U0NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+ +6xnOQ6OjQjBAMB0GA1UdDgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8B +Af8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjAn7qRa +qCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RHlAFWovgzJQxC36oCMB3q +4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21USAGKczA7 +MAoGCCsGAQUFBwMBDC1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRp +b24gUm9vdCBFNDY= +-----END TRUSTED CERTIFICATE----- + +# Sectigo Public Server Authentication Root R46 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBf +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD +Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw +HhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEY +MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1Ymxp +YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDa +ef0rty2k1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnz +SDBh+oF8HqcIStw+KxwfGExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xf +iOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMPFF1bFOdLvt30yNoDN9HWOaEhUTCDsG3X +ME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vuZDCQOc2TZYEhMbUjUDM3 +IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5QazYw6A3OAS +VYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgE +SJ/AwSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu ++Zd4KKTIRJLpfSYFplhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt +8uaZFURww3y8nDnAtOFr94MlI1fZEoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+L +HaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW6aWWrL3DkJiy4Pmi1KZHQ3xt +zwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWIIUkwDgYDVR0P +AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c +mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQ +YKlJfp/imTYpE0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52 +gDY9hAaLMyZlbcp+nv4fjFg4exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZA +Fv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M0ejf5lG5Nkc/kLnHvALcWxxPDkjB +JYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI84HxZmduTILA7rpX +DhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9mpFui +TdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5 +dHn5HrwdVw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65 +LvKRRFHQV80MNNVIIb/bE/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp +0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmmJ1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAY +QqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGLMDswCgYIKwYBBQUHAwEMLVNl +Y3RpZ28gUHVibGljIFNlcnZlciBBdXRoZW50aWNhdGlvbiBSb290IFI0Ng== +-----END TRUSTED CERTIFICATE----- + +# SecureSign RootCA11 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr +MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG +A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0 +MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp +Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD +QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz +i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8 +h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV +MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9 +UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni +8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC +h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB +AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm +KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ +X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr +QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5 +pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN +QSdJQO7e5iNEOdyhIta6A/IwKzAUBggrBgEFBQcDAQYIKwYBBQUHAwMME1NlY3Vy +ZVNpZ24gUm9vdENBMTE= +-----END TRUSTED CERTIFICATE----- + +# SecureTrust CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz +MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv +cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz +Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO +0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao +wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj +7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS +8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT +BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg +JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 +6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ +3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm +D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS +CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jEwJjAU +BggrBgEFBQcDAQYIKwYBBQUHAwMMDlNlY3VyZVRydXN0IENB +-----END TRUSTED CERTIFICATE----- + +# Secure Global CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx +MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg +Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ +iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa +/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ +jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI +HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 +sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w +gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw +KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG +AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L +URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO +H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm +I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY +iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +MDIwHgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEFBQcDAwwQU2VjdXJlIEdsb2Jh +bCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Security Communication ECC RootCA1 +-----BEGIN TRUSTED CERTIFICATE----- +MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYT +AkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYD +VQQDEyJTZWN1cml0eSBDb21tdW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYx +NjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTELMAkGA1UEBhMCSlAxJTAjBgNVBAoT +HFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNVBAMTIlNlY3VyaXR5 +IENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+Cnnfdl +dB9sELLo5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpK +ULGjQjBAMB0GA1UdDgQWBBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu +9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3LsnNdo4gIxwwCMQDAqy0O +be0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70eN9kwRDAe +BggrBgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMDDCJTZWN1cml0eSBDb21tdW5p +Y2F0aW9uIEVDQyBSb290Q0Ex +-----END TRUSTED CERTIFICATE----- + +# Security Communication RootCA2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl +MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe +U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX +DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy +dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj +YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV +OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr +zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM +VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ +hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO +ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw +awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs +OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF +coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc +okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 +t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy +1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ +SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03MEAwHgYIKwYBBQUHAwQGCCsGAQUF +BwMBBggrBgEFBQcDAwweU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0Ey +-----END TRUSTED CERTIFICATE----- + +# Security Communication RootCA3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFfzCCA2egAwIBAgIJAOF8N0D9G/5nMA0GCSqGSIb3DQEBDAUAMF0xCzAJBgNV +BAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScw +JQYDVQQDEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTMwHhcNMTYwNjE2 +MDYxNzE2WhcNMzgwMTE4MDYxNzE2WjBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc +U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UEAxMeU2VjdXJpdHkg +Q29tbXVuaWNhdGlvbiBSb290Q0EzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEA48lySfcw3gl8qUCBWNO0Ot26YQ+TUG5pPDXC7ltzkBtnTCHsXzW7OT4r +CmDvu20rhvtxosis5FaU+cmvsXLUIKx00rgVrVH+hXShuRD+BYD5UpOzQD11EKzA +lrenfna84xtSGc4RHwsENPXY9Wk8d/Nk9A2qhd7gCVAEF5aEt8iKvE1y/By7z/MG +TfmfZPd+pmaGNXHIEYBMwXFAWB6+oHP2/D5Q4eAvJj1+XCO1eXDe+uDRpdYMQXF7 +9+qMHIjH7Iv10S9VlkZ8WjtYO/u62C21Jdp6Ts9EriGmnpjKIG58u4iFW/vAEGK7 +8vknR+/RiTlDxN/e4UG/VHMgly1s2vPUB6PmudhvrvyMGS7TZ2crldtYXLVqAvO4 +g160a75BflcJdURQVc1aEWEhCmHCqYj9E7wtiS/NYeCVvsq1e+F7NGcLH7YMx3we +GVPKp7FKFSBWFHA9K4IsD50VHUeAR/94mQ4xr28+j+2GaR57GIgUssL8gjMunEst ++3A7caoreyYn8xrC3PsXuKHqy6C0rtOUfnrQq8PsOC0RLoi/1D+tEjtCrI8Cbn3M +0V9hvqG8OmpI6iZVIhZdXw3/JzOfGAN0iltSIEdrRU0id4xVJ/CvHozJgyJUt5rQ +T9nO/NkuHJYosQLTA70lUhw0Zk8jq/R3gpYd0VcwCBEF/VfR2ccCAwEAAaNCMEAw +HQYDVR0OBBYEFGQUfPxYchamCik0FW8qy7z8r6irMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQDcAiMI4u8hOscNtybS +YpOnpSNyByCCYN8Y11StaSWSntkUz5m5UoHPrmyKO1o5yGwBQ8IibQLwYs1OY0PA +FNr0Y/Dq9HHuTofjcan0yVflLl8cebsjqodEV+m9NU1Bu0soo5iyG9kLFwfl9+qd +9XbXv8S2gVj/yP9kaWJ5rW4OH3/uHWnlt3Jxs/6lATWUVCvAUm2PVcTJ0rjLyjQI +UYWg9by0F1jqClx6vWPGOi//lkkZhOpn2ASxYfQAW0q3nHE3GYV5v4GwxxMOdnE+ +OoAGrgYWp421wsTL/0ClXI2lyTrtcoHKXJg80jQDdwj98ClZXSEIx2C/pHF7uNke +gr4Jr2VvKKu/S7XuPghHJ6APbw+LP6yVGPO5DtxnVW5inkYO0QR4ynKudtml+LLf +iAlhi+8kTtFZP1rUPcmTPCtk9YENFpb3ksP+MW/oKjJ0DvRMmEoYDjBU1cXrvMUV +nuiZIesnKwkK2/HmcBhWuwzkvvnoEKQTkrgc4NtnHVMDpCKn3F2SEDzq//wbEBrD +2NCcnWXL0CsnMQMeNuE9dnUM/0Umud1RvCPHX9jYhxBAEg09ODfnRDwYwFMJZI// +1ZqmfHAuc1Uh6N//g7kdPjIe1qZ9LPFm6Vwdp6POXiUyK+OVrCoHzrQoeIY8Laad +TdJ0MN1kURXbg4NR16/9M51NZjBAMB4GCCsGAQUFBwMEBggrBgEFBQcDAQYIKwYB +BQUHAwMMHlNlY3VyaXR5IENvbW11bmljYXRpb24gUm9vdENBMw== +-----END TRUSTED CERTIFICATE----- + +# Security Communication Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY +MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t +dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 +WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD +VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 +9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ +DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 +Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N +QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ +xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G +A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG +kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr +Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 +Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU +JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot +RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAzBA +MB4GCCsGAQUFBwMEBggrBgEFBQcDAQYIKwYBBQUHAwMMHlNlY3VyaXR5IENvbW11 +bmljYXRpb24gUm9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Sonera Class2 CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP +MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx +MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV +BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o +Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt +5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s +3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej +vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu +8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil +zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ +3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD +FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 +Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 +ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9MMB4wCgYIKwYBBQUH +AwMMEFNvbmVyYSBDbGFzczIgQ0E= +-----END TRUSTED CERTIFICATE----- + +# Staat der Nederlanden Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJO +TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQTAeFw0wMjEyMTcwOTIzNDlaFw0xNTEy +MTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4wHAYDVQQKExVTdGFhdCBkZXIgTmVk +ZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRlcmxhbmRlbiBSb290IENB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNK1URF6gaYUmHFtvszn +ExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rFDBKeNVU+LCeIQGv33N0iYfXCxw71 +9tV2U02PjLwYdjeFnejKScfST5gTCaI+Ioicf9byEGW07l8Y1Rfj+MX94p2i71MO +hXeiD+EwR+4A5zN9RGcaC1Hoi6CeUJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+U +tFE5A3+y3qcym7RHjm+0Sq7lr7HcsBthvJly3uSJt3omXdozSVtSnA71iq3DuD3o +BmrC1SoLbHuEvVYFy4ZlkuxEK7COudxwC0barbxjiDn622r+I/q85Ej0ZytqERAh +SQIDAQABo4GRMIGOMAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRVHSAAMDww +OgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMv +cm9vdC1wb2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA +7Jbg0zTBLL9s+DANBgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k +/rvuFbQvBgwp8qiSpGEN/KtcCFtREytNwiphyPgJWPwtArI5fZlmgb9uXJVFIGzm +eafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbwMVcoEoJz6TMvplW0C5GUR5z6 +u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3ynGQI0DvDKcWy +7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBpIzlWYGeQiy52OfsR +iJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYVwSR8MnwDHTuhWEUykzAr +MAoGCCsGAQUFBwMDDB1TdGFhdCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Staat der Nederlanden Root CA - G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX +DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291 +qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp +uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU +Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE +pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp +5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M +UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN +GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy +5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv +6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK +eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6 +B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/ +BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov +L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG +SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS +CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen +5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897 +IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK +gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL ++63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL +vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm +bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk +N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC +Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z +ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KATAw +MAoGCCsGAQUFBwMDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcy +-----END TRUSTED CERTIFICATE----- + +# Staat der Nederlanden Root CA - G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloX +DTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4yolQP +cPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WW +IkYFsO2tx1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqX +xz8ecAgwoNzFs21v0IJyEavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFy +KJLZWyNtZrVtB0LrpjPOktvA9mxjeM3KTj215VKb8b475lRgsGYeCasH/lSJEULR +9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUurmkVLoR9BvUhTFXFkC4az +5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU51nus6+N8 +6U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7 +Ngzp07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHP +bMk7ccHViLVlvMDoFxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXt +BznaqB16nzaeErAMZRKQFWDZJkBE41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTt +XUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMBAAGjQjBAMA8GA1UdEwEB/wQF +MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleuyjWcLhL75Lpd +INyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD +U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwp +LiniyMMB8jPqKqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8 +Ipf3YF3qKS9Ysr1YvY2WTxB1v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixp +gZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA8KCWAg8zxXHzniN9lLf9OtMJgwYh +/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b8KKaa8MFSu1BYBQw +0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0rmj1A +fsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq +4BZ+Extq1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR +1VmiiXTTn74eS9fGbbeIJG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/ +QFH1T/U67cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM +94B7IWcnMFkwMDAKBggrBgEFBQcDBAwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMw== +-----END TRUSTED CERTIFICATE----- + +# Starfield Class 2 CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw +NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp +ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 +DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf +8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN ++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 +X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa +K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA +1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G +A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR +zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 +YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD +bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 +L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D +eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp +VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY +WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5QwNjAeBggrBgEFBQcD +BAYIKwYBBQUHAwEGCCsGAQUFBwMDDBRTdGFyZmllbGQgQ2xhc3MgMiBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Starfield Root Certificate Authority - G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs +ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw +MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj +aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp +Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg +nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 +HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N +Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN +dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 +HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G +CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU +sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 +4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg +8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 +mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0MEEwFAYIKwYBBQUHAwEG +CCsGAQUFBwMDDClTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkg +LSBHMg== +-----END TRUSTED CERTIFICATE----- + +# Starfield Services Root Certificate Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIEfjCCA2agAwIBAgIBADANBgkqhkiG9w0BAQUFADCBzzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOjA4BgNVBAsTMWh0dHA6Ly9j +ZXJ0aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8xNjA0BgNV +BAMTLVN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 +eTAeFw0wODA2MDIwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIHPMQswCQYDVQQGEwJV +UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE6MDgGA1UECxMxaHR0cDov +L2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5LzE2MDQG +A1UEAxMtU3RhcmZpZWxkIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9y +aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8sxWKk3mFjdal+pt +NTjREJvbuNypBAmVMy4JxQB7GnhCj8j0BY7+0miDHk6ZzRfbRz5Q84nS59yY+wX4 +qtZj9FRNwXEDsB8bdrMaNDBz8SgyYIP9tJzXttIiN3wZqjveExBpblwG02+j8mZa +dkJIr4DRVFk91LnU2+25qzmZ9O5iq+F4cnvYOI1AtszcEgBwQ4Vp2Bjjyldyn7Tf +P/wiqEJS9XdbmfBWLSZwFjYSwieeV6Z80CPxedyjk1goOD2frTZD7jf7+PlDrchW +8pQSXkLrc7gTDcum1Ya5qihqVAOhPw8p6wkA6D9eon8XPaEr+L7QdR2khOOrF2UG +UgCvsQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd +BgNVHQ4EFgQUtMZ/GkPMm3VdL8RL8ouYEOnxURAwHwYDVR0jBBgwFoAUtMZ/GkPM +m3VdL8RL8ouYEOnxURAwDQYJKoZIhvcNAQEFBQADggEBAKyAu8QlBQtYpOR+KX6v +vDvsLcBELvmR4NI7MieQLfaACVzCq2Uk2jgQRsRJ0v2aqyhId4jG6W/RR5HVNU8U +CahbQAcdfHFWy4lC1L9hwCL3Lt+r83JDi0DolOuwJtrRE9Or0DYtLjqVs3cuFTkY +DGm6qoDt8VNOM5toBOKgMC7X0V3UpmadhObnuzyJuzad/BepPVUrivubxEyE/9/S +vmkbdLCo9uqwnLIpdIFMaDqaf3MlOfUT4GaRadRXS7furUXgLMOI076USYkf/3DV +W205E7Ady5jmZ2MNY/b7w9dhcoOIP3B+U8meiVTWT399cbmu8WCLd2Ds+L/6aqOc +ASIwOzAKBggrBgEFBQcDAwwtU3RhcmZpZWxkIFNlcnZpY2VzIFJvb3QgQ2VydGlm +aWNhdGUgQXV0aG9yaXR5 +-----END TRUSTED CERTIFICATE----- + +# Starfield Services Root Certificate Authority - G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs +ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy +ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy +dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p +OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 +8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K +Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe +hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk +6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q +AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI +bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB +ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z +qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn +0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN +sSi6MEowFAYIKwYBBQUHAwEGCCsGAQUFBwMDDDJTdGFyZmllbGQgU2VydmljZXMg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMg== +-----END TRUSTED CERTIFICATE----- + +# StartCom Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW +MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg +Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9 +MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi +U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh +cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk +pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf +OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C +Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT +Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi +HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM +Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w ++2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ +Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 +Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B +26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID +AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE +FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j +ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js +LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM +BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0 +Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy +dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh +cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh +YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg +dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp +bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ +YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT +TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ +9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8 +jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW +FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz +ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1 +ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L +EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu +L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq +yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC +O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V +um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh +NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14wLjAKBggrBgEFBQcDAwwgU3Rh +cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHk= +-----END TRUSTED CERTIFICATE----- + +# StartCom Certification Authority G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEW +MBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkgRzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1 +OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoG +A1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRzIwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8Oo1XJ +JZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsD +vfOpL9HG4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnoo +D/Uefyf3lLE3PbfHkffiAez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/ +Q0kGi4xDuFby2X8hQxfqp0iVAXV16iulQ5XqFYSdCI0mblWbq9zSOdIxHWDirMxW +RST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbsO+wmETRIjfaAKxojAuuK +HDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8HvKTlXcxN +nw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM +0D4LnMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/i +UUjXuG+v+E5+M5iSFGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9 +Ha90OrInwMEePnWjFqmveiJdnxMaz6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHg +TuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJKoZIhvcNAQEL +BQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K +2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfX +UfEpY9Z1zRbkJ4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl +6/2o1PXWT6RbdejF0mCy2wl+JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK +9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG/+gyRr61M3Z3qAFdlsHB1b6uJcDJ +HgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTcnIhT76IxW1hPkWLI +wpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/XldblhY +XzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5l +IxKVCCIcl85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoo +hdVddLHRDiBYmxOlsGOm7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulr +so8uBtjRkcfGEvRM/TAXw8HaOFvjqermobp573PYtlNXLfbQ4ddIMDEwCgYIKwYB +BQUHAwMMI1N0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEcy +-----END TRUSTED CERTIFICATE----- + +# Swedish Government Root Authority v2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIQVBIVn6uKdZNElMp3QFYu7zANBgkqhkiG9w0BAQsFADBm +MQswCQYDVQQGEwJTRTEoMCYGA1UEChMfU3dlZGlzaCBTb2NpYWwgSW5zdXJhbmNl +IEFnZW5jeTEtMCsGA1UEAxMkU3dlZGlzaCBHb3Zlcm5tZW50IFJvb3QgQXV0aG9y +aXR5IHYyMB4XDTE1MDUwNTExMTUyM1oXDTQwMDUwNTExMjQxOVowZjELMAkGA1UE +BhMCU0UxKDAmBgNVBAoTH1N3ZWRpc2ggU29jaWFsIEluc3VyYW5jZSBBZ2VuY3kx +LTArBgNVBAMTJFN3ZWRpc2ggR292ZXJubWVudCBSb290IEF1dGhvcml0eSB2MjCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMiutUO8QkVLNWM/AkvF/9s2 +1yfFwq5FZqNxhxZNiU9hlOBWRrjQRBPmc5DwYXhBiuAafjesAim+6P8CJsYafAqx +j2QpotoHitUkhWgZkjLfnylgWG0qhYARNsm2wtOehAy6URHMVOmrBjASjyB3BcDG +jZqbWci2hehwBwKxHv/Xac8WRothL0LNUqbYDnovhy3GLzwiQ7GTfsMWdtnM14vs +ERvQyXEUwolJfvGkEKo1PKgbu//sMkDlvSrzpgETyIyXGZDOY/mwa333+YrObuCF +59uU1XogJaA18Kn3r1ooWgzI83Q5izE7IsxJJclvuFx6LiyW4y+jPsp5d2mRWvjw +xVM3TlNtSSdWYsrl+XNgqRc7W6Ilry17ybfbzxkROjNxOVlaA+nnLAz/bZxyY2OA +BVhThtwodRbC5fATWaGB/wUMmai2PGwuxQ4AmIHpg3dmQztajoVFTLLPuT3knDaT +QHpTFSnUEZC6oWCKnav0Skpq3Yeqwe0F2p5bVuGITyprlSiGZlCh79pKspAKNjdJ +hZdCeAdn5psgoQxsyc/P/neVhFp6Oxew70z3LZGqzxlvxvkSKOceCqaWzSGwA2JQ +gwYg5uje30MWFrmBoPCBNFvLwYn28+giuM64Uj5RHrEFuLcDKwusdHVTJOF2uE8l +dl3v0Zrzbkq4fEv4isAZAgMBAAGjgbQwgbEwDgYDVR0PAQH/BAQDAgEGMBIGA1Ud +EwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFGNrQmBTVxG7yCSJJQJmRHShDSVuMBAG +CSsGAQQBgjcVAQQDAgEAMBEGA1UdIAQKMAgwBgYEVR0gADBHBgNVHSUEQDA+Bggr +BgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEBgorBgEEAYI3CgMMBggrBgEFBQcD +AwYIKwYBBQUHAwgwDQYJKoZIhvcNAQELBQADggIBACMuqoWXS6RcEK/a+D29k1gv +ePsZdwM5FkdJclXMh+i9pH/SqySs59RQ7p3Yg8aZIPsWL4jGFzfKix6r0OJsB1i4 +ZJGhEKFpN3Ve/tpzFOaKa77CYCEvwPmjBEg2Wze+2mz96ZaOnvFTfI9lRKdVfQuU +TlT2/zK9L32cpV5CxEwp4xBkL+bPWjs0VShh0ScSu25Um4FYrNVenVcDoE3R/zd0 +po3z+ZX9Kol1enk3/SZ5Lydzf6kZIOXQX5jolgWPmHnpeRBBKQFD9Wk3zFAQaLXY +RE4O8pnjJyxqjl+7fbtrcUsGit0q2Ao/W8hyLlhhCg+BaB5Hx+ktuu+N3A6jI8Oy +LbVHsYu0PidI59wIYgxU/kPXlUq/By9KQH4GpVGHJokF3TzKT/4cJ+nbiB7Asv7j +7x9+sehZlaBPqwqJAOBzsuccwRdQgIdM0kMZWZXSWxRbClvAfIlxerUKwIpFL+7E +wP5ULeeVJHcFLu50xqCQsXPcQtagdclYWQWi3hG/WekNpybCbsBGisYe0/XqD309 +cs0ZlUy64GiXjVjAau9597JoarhyNsMkDOgy7b3xn8jv3nXS23aplCc49AFhv2Y4 +j2o93ABbs/xE3wNL+fF2JTX/Uh8IHdClFOmLBit4gyxxXE+Rh2PWDA4FiDyUoLFa +VBbf3VHDqDYuLIJ8uZqwMDIwCgYIKwYBBQUHAwMMJFN3ZWRpc2ggR292ZXJubWVu +dCBSb290IEF1dGhvcml0eSB2Mg== +-----END TRUSTED CERTIFICATE----- + +# Swedish Government Root Authority v3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFqjCCA5KgAwIBAgIQMmmiv0BrjbRHg2Q8iw3JQzANBgkqhkiG9w0BAQsFADBm +MQswCQYDVQQGEwJTRTEoMCYGA1UEChMfU3dlZGlzaCBTb2NpYWwgSW5zdXJhbmNl +IEFnZW5jeTEtMCsGA1UEAxMkU3dlZGlzaCBHb3Zlcm5tZW50IFJvb3QgQXV0aG9y +aXR5IHYzMB4XDTE1MDkyOTExMzIzMloXDTQwMDkyOTExNDIwOVowZjELMAkGA1UE +BhMCU0UxKDAmBgNVBAoTH1N3ZWRpc2ggU29jaWFsIEluc3VyYW5jZSBBZ2VuY3kx +LTArBgNVBAMTJFN3ZWRpc2ggR292ZXJubWVudCBSb290IEF1dGhvcml0eSB2MzCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALoeomkbaE9cj7r0I8deZgV4 +hTZYo6J/Z++iDBaSpEqL4KCSh1U3C8TRxNBAQ5cyUE/slUe3P69DBeWElwnvVlTn +QzNH/a3xOpuYpOHkUaO5rIwL7iUGCfLTujVnYYzCvSbL12PM14Mz2Uzi7/kbn6jL +DXYBLXLJIrtokd6QDzs9tEK9GX2fhFw8fkI3hrFgwkiHUk5cV/7Okq7KPla3s56V +mpT4L6HQoi7CVFpszMzWrUtH0C6HgjOoe1A5pyossVsnCp+t9RTr/I1TsnMrVCP0 +jJeZl/s13My1+jMUJo11pySm6BQuLaaAKIOaP7jKO8f1GOD97I55+6pCbEpLFn7z +ggNuuucRBqWfhCvSYG3pRu5BWpa5FP0cP4YS8VQmJv1ngC/lqC0oLkO3ZMLv5Ld+ +ltyEiyfZdj2YgVMU3EJFoVRn+doYZpAKtEeQPAHlK6Nm72/7MoPxM30yIWylRRU/ +L/NVkUiTnyXPLTw5O1INGq/H36tvgNiQy55xcmpCaZPqkgA9SQTZo1y6RfsCEP+t +aXRSpThjmmaIBLIRuhOqOdWDX+1lW1PInVyyhaB4cDVNXCQQpPYxKpJVQdnzF2yZ +E1j63SjQbBO9W4eNk4OtWClWFbRYJ0qbEWygpmdFOs7Q2M7/kDPsWjFND1IS+632 +YV/kL28NZjDloE/Pz/1fAgMBAAGjVDBSMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB +Af8EBTADAQH/MB0GA1UdDgQWBBScvAHnq2Q19TGbjbX7F5mIAsub8jAQBgkrBgEE +AYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAh6tq5OdrJFI99iKDT1MERTKc +YVoWXJxEtaPRltBA/s9mFV5+QAAgFf2nqmTap2FmaMLdUnEloGq53cDNzoYI1Dw1 +ES999G/S2gyXA2WXg7Q+OssJdI3rBcp66YCwt1EtIpPjmhnu7ZcIIYOtxwqRX8TK +216vuOeMujpJ0lUDNRkZUErihqe7eD2V/bEfRvJPZvL7v4VktgojGJIJnklFMbbW +FFee/IlFdH85zMBqaMjPR9DhHsfTLy35LCQ7/Gq6lBPezHLyoh3LH5/Vg3cmXn6b +oK9pn3jbpcFucVxIQk4r2Hi41Q+lP2zLj5DNR9iQGUmF1mz84quqQr/LE5e/aUR1 +YzUt2qDH/WH3ykE9VJz0NsDkbiFIn11xYoHT8iXmWYxZQSZIp+PrZ2rT7DS3mPfM +yqM2BpXnyDBZ9//JodHkebzfEx8u2bN10QS3IwkhzB0hHCecDiv6wYcYyfr5SYOM +Ehb7xRLOOw9C+vAFZX6ox+tSSvmYXnGjrBLHKHEaWnXPh8ofNygcFJ2QUG/Gv0rM +xyXPMd1bkU52qBHVdmbZv4BzYrDsw/5EvM1ZEwsMLdihzKpiTVRFXqRSo4xXPBQx +k1TOpRZUXi1Cs+5lqbadP2zOYdlWy97qoFbebYYD+reBaozS2PPXtsCsKYRZIw6b +l2rmoM7VKlQY71CYeSAwMjAKBggrBgEFBQcDAwwkU3dlZGlzaCBHb3Zlcm5tZW50 +IFJvb3QgQXV0aG9yaXR5IHYz +-----END TRUSTED CERTIFICATE----- + +# SwissSign Gold CA - G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln +biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF +MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT +d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 +76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ +bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c +6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE +emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd +MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt +MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y +MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y +FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi +aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM +gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB +qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 +lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn +8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 +45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO +UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 +O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC +bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv +GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a +77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC +hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 +92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp +Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w +ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt +Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJMDgwHgYIKwYBBQUHAwQGCCsG +AQUFBwMBBggrBgEFBQcDAwwWU3dpc3NTaWduIEdvbGQgQ0EgLSBHMg== +-----END TRUSTED CERTIFICATE----- + +# SwissSign Gold Root CA - G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFejCCA2KgAwIBAgIJAN7E8kTzHab8MA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV +BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxJDAiBgNVBAMTG1N3aXNzU2ln +biBHb2xkIFJvb3QgQ0EgLSBHMzAeFw0wOTA4MDQxMzMxNDdaFw0zNzA4MDQxMzMx +NDdaMEoxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxJDAiBgNV +BAMTG1N3aXNzU2lnbiBHb2xkIFJvb3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAMPon8hlWp1nG8FFl7S0h0NbYWCAnvJ/XvlnRN1E+qu1 +q3f/KhlMzm/Ej0Gf4OLNcuDR1FJhQQkKvwpw++CDaWEpytsimlul5t0XlbBvhI46 +PmRaQfsbWPz9Kz6ypOasyYK8zvaV+Jd37Sb2WK6eJ+IPg+zFNljIe8/Vh6GphxoT +Z2EBbaZpnOKQ8StoZfPosHz8gj3erdgKAAlEeROc8P5udXvCvLNZAQt8xdUt8L// +bVfSSYHrtLNQrFv5CxUVjGn/ozkB7fzc3CeXjnuL1Wqm1uAdX80Bkeb1Ipi6LgkY +OG8TqIHS+yE35y20YueBkLDGeVm3Z3X+vo87+jbsr63ST3Q2AeVXqyMEzEpel89+ +xu+MzJUjaY3LOMcZ9taKABQeND1v2gwLw7qX/BFLUmE+vzNnUxC/eBsJwke6Hq9Y +9XWBf71W8etW19lpDAfpNzGwEhwy71bZvnorfL3TPbxqM006PFAQhyfHegpnU9t/ +gJvoniP6+Qg6i6GONFpIM19k05eGBxl9iJTOKnzFat+vvKmfzTqmurtU+X+P388O +WsStmryzOndzg0yTPJBotXxQlRHIgl6UcdBBGPvJxmXszom2ziKzEVs/4J0+Gxho +DaoDoWdZv2udvPjyZS+aQTpF2F7QNmxvOx5jtI6YTBPbIQ6fe+3qoKpxw+ujoNIl +AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBRclwZGNKvfMMV8xQ1VcWYwtWCPnjAfBgNVHSMEGDAWgBRclwZGNKvfMMV8 +xQ1VcWYwtWCPnjANBgkqhkiG9w0BAQsFAAOCAgEAd0tN3uqFSqssJ9ZFx/FfIMFb +YO0Hy6Iz3DbPx5TxBsfV2s/NrYQ+/xJIf0HopWZXMMQd5KcaLy1Cwe9Gc7LV9Vr9 +Dnpr0sgxow1IlldlY1UYwPzkisyYhlurDIonN/ojaFlcJtehwcK5Tiz/KV7mlAu+ +zXJPleiP9ve4Pl7Oz54RyawDKUiKqbamNLmsQP/EtnM3scd/qVHbSypHX0AkB4gG +tySz+3/3sIsz+r8jdaNc/qplGsK+8X2BdwOBsY3XlQ16PEKYt4+pfVDh31IGmqBS +VHiDB2FSCTdeipynxlHRXGPRhNzC29L6Wxg2fWa81CiXL3WWHIQHrIuOUxG+JCGq +Z/LBrYic07B4Z3j101gDIApdIPG152XMDiDj1d/mLxkrhWjBBCbPj+0FU6HdBw7r +QSbHtKksW+NpPWbAYhvAqobAN8MxBIZwOb5rXyFAQaB/5dkPOEtwX0n4hbgrLqof +k0FD+PuydDwfS1dbt9RRoZJKzr4Qou7YFCJ7uUG9jemIqdGPAxpg/z+HiaCZJyJm +sD5onnKIUTidEz5FbQXlRrVz7UOGsRQKHrzaDb8eJFxmjw6+of3G62m8Q3nXA3b5 +3IeZuJjEzX9tEPkQvixC/pwpTYNrCr21jsRIiv0hB6aAfR+b6au9gmFECnEnX22b +kJ6u/zYks2gD1pWMa3MwKTAKBggrBgEFBQcDAwwbU3dpc3NTaWduIEdvbGQgUm9v +dCBDQSAtIEcz +-----END TRUSTED CERTIFICATE----- + +# SwissSign Platinum CA - G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu +IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw +WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD +ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y +IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn +IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+ +6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob +jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw +izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl ++zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY +zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP +pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF +KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW +ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB +AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0 +ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW +IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA +A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0 +uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+ +FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7 +jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/ +u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D +YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1 +puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa +icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG +DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x +kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z +Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0jAoMAoGCCsGAQUF +BwMDDBpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMg== +-----END TRUSTED CERTIFICATE----- + +# SwissSign Platinum Root CA - G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFgTCCA2mgAwIBAgIIIj+pFyDegZQwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEoMCYGA1UEAxMfU3dpc3NTaWdu +IFBsYXRpbnVtIFJvb3QgQ0EgLSBHMzAeFw0wOTA4MDQxMzM0MDRaFw0zNzA4MDQx +MzM0MDRaME4xCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxKDAm +BgNVBAMTH1N3aXNzU2lnbiBQbGF0aW51bSBSb290IENBIC0gRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCUoO8TG59EIBvNxaoiu9nyUj56Wlh35o2h +K8ncpPPksxOUAGKbHPJDUEOBfq8wNkmsGIkMGEW4PsdUbePYmllriholqba1Dbd9 +I/BffagHqfc+hi7IAU3c5jbtHeU3B2kSS+OD0QQcJPAfcHHnGe1zSG6VKxW2VuYC +31bpm/rqpu7gwsO64MzGyHvXbzqVmzqPvlss0qmgOD7WiOGxYhOO3KswZ82oaqZj +K4Kwy8c9Tu1y9n2rMk5lAusPmXT4HBoojA5FAJMsFJ9txxue9orce3jjtJRHHU0F +bYR6kFSynot1woDfhzk/n/tIVAeNoCn1+WBfWnLou5ugQuAIADSjFTwT49YaawKy +lCGjnUG8KmtOMzumlDj8PccrM7MuKwZ0rJsQb8VORfddoVYDLA1fer0e3h13kGva +pS2KTOnfQfTnS+x9lUKfTKkJD0OIPz2T5yv0ekjaaMTdEoAxGl0kVCamJCGzTK3a +Fwg2AlfGnIZwyXXJnnxh2HjmuegUafkcECgSXUt1ULo80GdwVVVWS/s9HNjbeU2X +37ie2xcs1TUHuFCp9473Vv96Z0NPINnKZtY4YEvulDHWDaJIm/80aZTGNfWWiO+q +ZsyBputMU/8ydKe2nZhXtLomqfEzM2J+OrADEVf/3G8RI60+xgrQzFS3LcKTHeXC +pozH2O9T9wIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUVio/kFj0F1oUstcIG4VbVGpUGigwHwYDVR0jBBgwFoAUVio/ +kFj0F1oUstcIG4VbVGpUGigwDQYJKoZIhvcNAQELBQADggIBAGztiudDqHknm7jP +hz5kOBiMEUKShjfgWMMb7gQu94TsgxBoDH94LZzCl442ThbYDuprSK1Pnl0NzA2p +PhiFfsxomTk11tifhsEy+01lsyIUS8iFZtoX/3GRrJxWV95xLFZCv/jNDvCi0//S +IhX70HgKfuGwWs6ON9upnueVz2PyLA3S+m/zyNX7ALf3NWcQ03tS7BAy+L/dXsmm +gqTxsL8dLt0l5L1N8DWpkQFH+BAClFvrPusNutUdYyylLqvn4x6j7kuqX7FmAbSC +WvlGS8fx+N8svv113ZY4mjc6bqXmMhVus5DAOYp0pZWgvg0uiXnNKVaOw15XUcQF +bwRVj4HpTL1ZRssqvE3JHfLGTwXkyAQN925P2sM6nNLC9enGJHoUPhxCMKgCRTGp +/FCp3NyGOA9bkz9/CE5qDSc6EHlWwxW4PgaG9tlwZ691eoviWMzGdU8yVcVsFAko +O/KV5GreLCgHraB9Byjd1Fqj6aZ8E4yZC1J429nR3z5aQ3Z/RmBTws3ndkd8Vc20 +OWQQW5VLNV1EgyTV4C4kDMGAbmkAgAZ3CmaCEAxRbzeJV9vzTOW4ue4jZpdgt1Ld +2Zb7uoo7oE3OXvBETJDMIU8bOphrjjGD+YMIUssZwTVr7qEVW4g/bazyNJJTpjAq +E9fmhqhd2ULSx52peovL3+6iMcLlMC0wCgYIKwYBBQUHAwMMH1N3aXNzU2lnbiBQ +bGF0aW51bSBSb290IENBIC0gRzM= +-----END TRUSTED CERTIFICATE----- + +# SwissSign Silver CA - G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu +IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow +RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY +U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv +Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br +YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF +nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH +6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt +eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ +c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ +MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH +HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf +jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 +5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB +rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c +wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB +AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp +WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 +xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ +2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ +IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 +aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X +em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR +dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ +OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ +hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy +tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5uMDowHgYIKwYBBQUHAwQG +CCsGAQUFBwMBBggrBgEFBQcDAwwYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcy +-----END TRUSTED CERTIFICATE----- + +# SwissSign Silver Root CA - G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFfjCCA2agAwIBAgIJAKqIsFoLsXabMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNV +BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxJjAkBgNVBAMTHVN3aXNzU2ln +biBTaWx2ZXIgUm9vdCBDQSAtIEczMB4XDTA5MDgwNDEzMTkxNFoXDTM3MDgwNDEz +MTkxNFowTDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEmMCQG +A1UEAxMdU3dpc3NTaWduIFNpbHZlciBSb290IENBIC0gRzMwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQC+h5sF5nF8Um9t7Dep6bPczF9/01DqIZsE8D2/ +vo7JpRQWMhDPmfzscK1INmckDBcy1inlSjmxN+umeAxsbxnKTvdR2hro+iE4bJWc +L9aLzDsCm78mmxFFtrg0Wh2mVEhSyJ14cc5ISsyneIPcaKtmHncH0zYYCNfUbWD4 +8HnTMzYJkmO3BJr1p5baRa90GvyC46hbDjo/UleYfrycjMHAslrfxH7+DKZUdoN+ +ut3nKvRKNk+HZS6lujmNWWEp89OOJHCMU5sRpUcHsnUFXA2E2UTZzckmRFduAn2V +AdSrJIbuPXD7V/qwKRTQnfLFl8sJyvHyPefYS5bpiC+eR1GKVGWYSNIS5FR3DAfm +vluc8d0Dfo2E/L7JYtX8yTroibVfwgVSYfCcPuwuTYxykY7IQ8GiKF71gCTc4i+H +O1MA5cvwsnyNeRmgiM14+MWKWnflBqzdSt7mcG6+r771sasOCLDboD+Uxb4Subx7 +J3m1MildrsUgI5IDe1Q5sIkiVG0S48N46jpA/aSTrOktiDzbpkdmTN/YF+0W3hrW +10Fmvx2A8aTgZBEpXgwnBWLr5cQEYtHEnwxqVdZYOJxmD537q1SAmZzsSdaCn9pF +1j9TBgO3/R/shn104KS06DK2qgcj+O8kQZ5jMHj0VN2O8Fo4jhJ/eMdvAlYhM864 +uK1pVQIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUoYxFkwoSYwunV18ySn3hIee3PmYwHwYDVR0jBBgwFoAUoYxFkwoS +YwunV18ySn3hIee3PmYwDQYJKoZIhvcNAQELBQADggIBAIeuYW1IOCrGHNxKLoR4 +ScAjKkW4NU3RBfq5BTPEZL3brVQWKrA+DVoo2qYagHMMxEFvr7g0tnfUW44dC4tG +kES1s+5JGInBSzSzhzV0op5FZ+1FcWa2uaElc9fCrIj70h2na9rAWubYWWQ0l2Ug +MTMDT86tCZ6u6cI+GHW0MyUSuwXsULpxQOK93ohGBSGEi6MrHuswMIm/EfVcRPiR +i0tZRQswDcoMT29jvgT+we3gh/7IzVa/5dyOetTWKU6A26ubP45lByL3RM2WHy3H +9Qm2mHD/ONxQFRGEO3+p8NgkVMgXjCsTSdaZf0XRD46/aXI3Uwf05q79Wz55uQbN +uIF4tE2g0DW65K7/00m8Ne1jxrP846thWgW2C+T/qSq+31ROwktcaNqjMqLJTVcY +UzRZPGaZ1zwCeKdMcdC/2/HEPOcB5gTyRPZIJjAzybEBGesC8cwh+joCMBedyF+A +P90lrAKb4xfevcqSFNJSgVPm6vwwZzKpYvaTFxUHMV4PG2n19Km3fC2z7YREMkco +BzuGaUWpxzaWkHJ02BKmcyPRTrm2ejrEKaFQBhG52fQmbmIIEiAW8AFXF9QFNmeX +61H5/zMkDAUPVr/vPRxSjoreaQ9aH/DVAzFEs5LG6nWorrvHYAOImP/HBIRSkIbh +tJOpUC/o69I2rDBgp9ADE7UKMCswCgYIKwYBBQUHAwMMHVN3aXNzU2lnbiBTaWx2 +ZXIgUm9vdCBDQSAtIEcz +-----END TRUSTED CERTIFICATE----- + +# Swiss Government Root CA I +-----BEGIN TRUSTED CERTIFICATE----- +MIIINDCCBhygAwIBAgIRAP11BI16YIaTaUyqADxl0z0wDQYJKoZIhvcNAQELBQAw +gaYxCzAJBgNVBAYTAkNIMTswOQYDVQQKEzJUaGUgRmVkZXJhbCBBdXRob3JpdGll +cyBvZiB0aGUgU3dpc3MgQ29uZmVkZXJhdGlvbjERMA8GA1UECxMIU2VydmljZXMx +IjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxIzAhBgNVBAMTGlN3 +aXNzIEdvdmVybm1lbnQgUm9vdCBDQSBJMB4XDTExMDIxNTA5MDAwMFoXDTM1MDIx +NTA4NTk1OVowgaYxCzAJBgNVBAYTAkNIMTswOQYDVQQKEzJUaGUgRmVkZXJhbCBB +dXRob3JpdGllcyBvZiB0aGUgU3dpc3MgQ29uZmVkZXJhdGlvbjERMA8GA1UECxMI +U2VydmljZXMxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxIzAh +BgNVBAMTGlN3aXNzIEdvdmVybm1lbnQgUm9vdCBDQSBJMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAyA5y9AEvhnsLwmOwjWjtHz3euYObXKFdug82JxEE +rQZUILceoObOvvCZaXIZNWRmMY0svY5CCp/GyqmQLNq8hTAD2TKWlvC+oCINJGzU +xn9aTFEkLVRyCHwz6cwox2ZlI2lrlbTrvuOH52PX5PsHrRKS6+fkCkOyqd/HkLwm +W5H5o7eHnJS5EI2IxVhcMrwW7A5XT/6nk3iP4MU5uweIYMFUZeuHvp8xl3E8+ovI +g2xSluCswO/LaQiVW+Dgu68npMIX8VGfhHZh2CTi/mFtZDVJ6jnEIWK9zOIC/0hr +OK9px7mSLYIRjb0LiYUq6re0ss1L69H6qvDgTAk8Td/2MR2GMKhBiFdwLCdR3s+L +Tj8C8lClF+BnG3IMQTEfAaKWPjzbAradlOYCTvPwGYKyCCMT65HNUdOqRsJzmJg/ +usPumvz6za9yCjcTj/mgULPq+z8svPpjVTX00ry4cdKR6+nKylzsUWaonlkFIi+j +GttP4EViIzxdVfswlSs0os+ntEvAM8k0UZ3TsyvfxeosLMffRB+2jbn+81zNNy+w +bJxKCL3o9db6cOVpMjdcXwvLP+SIAszKs3gvfb9IsyGwH4h5m1qKcdghhCkPSgQx +Kr0NIUTOdJ0m00kd+Iao5RJ3xcBzDFCDapBrocr40JXZNYbHEaM7FMfLhlhWDfuD +9wECAwEAAaOCAlkwggJVMA8GA1UdEwEB/wQFMAMBAf8wgZsGA1UdIASBkzCBkDCB +jQYIYIV0AREDAQAwgYAwQwYIKwYBBQUHAgEWN2h0dHA6Ly93d3cucGtpLmFkbWlu +LmNoL2Nwcy9DUFNfMl8xNl83NTZfMV8xN18zXzFfMC5wZGYwOQYIKwYBBQUHAgIw +LRorVGhpcyBpcyB0aGUgU3dpc3MgR292ZXJubWVudCBSb290IENBIEkgQ1BTLjCB +jgYDVR0fBIGGMIGDMIGAoH6gfIZ6bGRhcDovL2FkbWluZGlyLmFkbWluLmNoOjM4 +OS9jbj1Td2lzcyUyMEdvdmVybm1lbnQlMjBSb290JTIwQ0ElMjBJLG91PUNlcnRp +ZmljYXRpb24lMjBBdXRob3JpdGllcyxvdT1TZXJ2aWNlcyxvPUFkbWluLGM9Q0gw +HQYDVR0OBBYEFLUbg7s7T7LS++UDjtRhXdEajrCiMA4GA1UdDwEB/wQEAwIBBjCB +4wYDVR0jBIHbMIHYgBS1G4O7O0+y0vvlA47UYV3RGo6woqGBrKSBqTCBpjELMAkG +A1UEBhMCQ0gxOzA5BgNVBAoTMlRoZSBGZWRlcmFsIEF1dGhvcml0aWVzIG9mIHRo +ZSBTd2lzcyBDb25mZWRlcmF0aW9uMREwDwYDVQQLEwhTZXJ2aWNlczEiMCAGA1UE +CxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEjMCEGA1UEAxMaU3dpc3MgR292 +ZXJubWVudCBSb290IENBIEmCEQD9dQSNemCGk2lMqgA8ZdM9MA0GCSqGSIb3DQEB +CwUAA4ICAQAl2t94sCbcn5nrM5zJRbpcY1KNbgNzqnRIxQ0L0hcMLAvSxiWD1FTN +B4FUL2d2Jafp13+WR3ekHZtF//HY9p5HDnSME8TyvtYHKBg8mHXB2+uSiCbmBmSO ++dL94pk1gdHYdRe1c+rd6BgilRYZClkqItyGWkNPJWg2qdiTAI9excNhhvDSFAmV +UcR+2FLusI2KiHGl1yin9NwGWCVexFUYCJV0fLgB507Y1vZ8IENIDaPg3lTEqF8A +SUPTRTuCZW7ui6MBIlaa8c4p5QzEa+3nTvixVYGtcf+E+whX5kfKrYf4Rvj68DWE +7bTYiJcid6SPFsg8Z9HhbgSse482zd6lCKwqjfWnHZ/Hw5EhQqOGgbkq2LHpOB1U +CJg5ChHKMg4zzfRM6qhKBukYPkHGz6D24CtrII6nIALrMEGBsOjkrqQYiSvfFPAS +KW14+k1E+7I05a/zjjX3w84sCxi00HmPE78Di2a4tWHUrA79eD0JrbXSLE9WQZmI +RAx+Z+Nkn/paKlh3UWmxzSyapzQQBXT6bkVjy4tSrUeRohLIoiYExdAiHgOzspI3 +VFf9iYN1A20tO7PxpKIQfJyTjaNQhDmLlVlB9gJ2Boq8DpDn2TrrrSZeV1PRb8h1 +4KuRe2uhf/kbUKjc/k0G4RWKpBDrHgbPVEgVlii2Ix8a43ylj/o3VzAoMAoGCCsG +AQUFBwMDDBpTd2lzcyBHb3Zlcm5tZW50IFJvb3QgQ0EgSQ== +-----END TRUSTED CERTIFICATE----- + +# Swiss Government Root CA II +-----BEGIN TRUSTED CERTIFICATE----- +MIIIODCCBiCgAwIBAgIQDp8XmaWxPZzL7Abro/AOaTANBgkqhkiG9w0BAQsFADCB +pzELMAkGA1UEBhMCQ0gxOzA5BgNVBAoTMlRoZSBGZWRlcmFsIEF1dGhvcml0aWVz +IG9mIHRoZSBTd2lzcyBDb25mZWRlcmF0aW9uMREwDwYDVQQLEwhTZXJ2aWNlczEi +MCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEkMCIGA1UEAxMbU3dp +c3MgR292ZXJubWVudCBSb290IENBIElJMB4XDTExMDIxNjA5MDAwMFoXDTM1MDIx +NjA4NTk1OVowgacxCzAJBgNVBAYTAkNIMTswOQYDVQQKEzJUaGUgRmVkZXJhbCBB +dXRob3JpdGllcyBvZiB0aGUgU3dpc3MgQ29uZmVkZXJhdGlvbjERMA8GA1UECxMI +U2VydmljZXMxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxJDAi +BgNVBAMTG1N3aXNzIEdvdmVybm1lbnQgUm9vdCBDQSBJSTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKksEu2/wCLphugcN4KDm2gFbxbjiKgBD8txnn9H +kEvMJXfI8NdpLpFoVyGysgchM+5MpDclmEy0RjJO1vlri1GK7yw38pjV9dS0t+cA +yu/BE16Uq267nL36a4+r+B42Vmk4ZjrQ9DMNADkCqMUcCyG3XCAMYdCtrs6OXtk6 +6d7/R3x4Vw4ccfRgHN3bmhgpr9mAo5+FhGMzke+9dO7dA3rI+uCE5tm9Tn76bk92 +0V0+qOiHRZB5862u9cJdEU0p94gTydWTcwGr3e39r3f7aU7vj1Icz/UsWmzs/oKb +23w5q3UjfjiQT5SOLWJYnvfncvyUW3JWxZ2jrqu1tsDXdlAAPD9HiJJaYNS/Mhum +lEANdnnpPM7ksx3HjPXohjG52CtQSoASidcsUIDmZy+2k5ytrAVSIlMgmQ69l8bh +2nOpHYnyxFnmh+ZWKw6VAhqHxnn+mWrpdOzwEvkUKCCVljovXVe1b/+TvLYoaiyk +KHhGYa9BJKTz+gSO8YoZopFz4nePtKf5nP9uUey9H5YT6GORXodob+vYfC4QT1AY +kMe3dO8zwIHfM+MakytVBCx80iu3Ywz+rXu9tjqXuT0DI3RzA6YsWQBs1dXo7K9C +zNN/cItgYOeyoLaKUkz+CpbLzzqwWAjuHELJhndCbj+0rJAAWEIcQMRuuEXIvDM2 +370nAgMBAAGjggJcMIICWDAPBgNVHRMBAf8EBTADAQH/MIGdBgNVHSAEgZUwgZIw +gY8GCGCFdAERAxUBMIGCMEQGCCsGAQUFBwIBFjhodHRwOi8vd3d3LnBraS5hZG1p +bi5jaC9jcHMvQ1BTXzJfMTZfNzU2XzFfMTdfM18yMV8xLnBkZjA6BggrBgEFBQcC +AjAuGixUaGlzIGlzIHRoZSBTd2lzcyBHb3Zlcm5tZW50IFJvb3QgQ0EgSUkgQ1BT +LjCBjwYDVR0fBIGHMIGEMIGBoH+gfYZ7bGRhcDovL2FkbWluZGlyLmFkbWluLmNo +OjM4OS9jbj1Td2lzcyUyMEdvdmVybm1lbnQlMjBSb290JTIwQ0ElMjBJSSxvdT1D +ZXJ0aWZpY2F0aW9uJTIwQXV0aG9yaXRpZXMsb3U9U2VydmljZXMsbz1BZG1pbixj +PUNIMB0GA1UdDgQWBBTlhG+JaT12ABd/wau9rl/BfbrhYjAOBgNVHQ8BAf8EBAMC +AQYwgeMGA1UdIwSB2zCB2IAU5YRviWk9dgAXf8Grva5fwX264WKhga2kgaowgacx +CzAJBgNVBAYTAkNIMTswOQYDVQQKEzJUaGUgRmVkZXJhbCBBdXRob3JpdGllcyBv +ZiB0aGUgU3dpc3MgQ29uZmVkZXJhdGlvbjERMA8GA1UECxMIU2VydmljZXMxIjAg +BgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxJDAiBgNVBAMTG1N3aXNz +IEdvdmVybm1lbnQgUm9vdCBDQSBJSYIQDp8XmaWxPZzL7Abro/AOaTANBgkqhkiG +9w0BAQsFAAOCAgEAgzdXdck4UL9BBpZwwtnH17BaAM2jQE/T0vmKh5GyictdpLxv +Tz5U9so8s8RMi8c+9NnEYt3HVZ7R+dJE5x5Pz+juKxyoAfAzB/vhOxTTz1CRXtjq +QsZ5WIWq+9zbcMqV+fQOYgJwaUQtaE/RcOooUma3cd4l6KGnb7ChJsfXyiBk3MBz +PBCiFB70rcE+FJA5NmOIbyjgYKWR92Lkms/StXGeXTv2mSztkToInLSEhUnj4bqm +tmiztrZPS1xTCldsoQeS9mKeqPqK1vNrpw+yK2a9r0JHCE/o13yfhg/6WoO+LW8A +BLV2hxav3U86lrQ0V7fi/0H/3kIcZsWF68JyH7gcTu4X8mLvCgSsm6uh8u7uokAk +HEfeQosYtKlXs088YjIcrWxErbzVHGM4Pckzpvu8KDdERuN6YvqASDXinhuIGUyz +Qf3ud+BZgBphHjWkQXqzwY1E6cUhWems00TKdoU2FEYKHhY0psQ0d8OCOEghAv4S +bNrX6rDs9s0szPObCmOA0/ULfQQthA3C2Uwrl/HVVPePswrivVg8mfKvORuQ+Tvn +t0XnWmp9wZ8UbzBXmBmgB0Pr7tEIhtdJnBIKADsPp0GxSquQs9S9CeeID54kDiv7 +YT1VmdNY5LjHffQVTWUOGHlBybvpmsFZGEQ0YtXoOHvKhRiYhnnNfbpH25UwKTAK +BggrBgEFBQcDAwwbU3dpc3MgR292ZXJubWVudCBSb290IENBIElJ +-----END TRUSTED CERTIFICATE----- + +# Swiss Government Root CA III +-----BEGIN TRUSTED CERTIFICATE----- +MIIGVjCCBD6gAwIBAgIRAPsfC0IrqEE+V9HuKm5aT7swDQYJKoZIhvcNAQELBQAw +bjELMAkGA1UEBhMCQ0gxHTAbBgNVBAoTFFN3aXNzIEdvdmVybm1lbnQgUEtJMRkw +FwYDVQQLExB3d3cucGtpLmFkbWluLmNoMSUwIwYDVQQDExxTd2lzcyBHb3Zlcm5t +ZW50IFJvb3QgQ0EgSUlJMB4XDTE2MDQxNTA3MDAwMFoXDTQxMDQxNTA2NTk1OVow +bjELMAkGA1UEBhMCQ0gxHTAbBgNVBAoTFFN3aXNzIEdvdmVybm1lbnQgUEtJMRkw +FwYDVQQLExB3d3cucGtpLmFkbWluLmNoMSUwIwYDVQQDExxTd2lzcyBHb3Zlcm5t +ZW50IFJvb3QgQ0EgSUlJMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +4UOGjk8YlLrTwjlwbV1pUYRZvLvIfy/9F6N4nL3YkuPYeCE+u5pf+7JlUHK2p+yl +58HFAATjzLMCSvkA229tu5MXRPkjwlY6MB+Beftkv/VUhb87K2+VBAZdaArDj7gr +ZhK+othalAV9r8ETBqaROj8ZC4WDwJZd84HIE4r1EEugdTpbo0AHvaFmGGWEVHmR +mtNyhGbVDeY7Wur626FU/QAjWehX6py39I9BC2mxR7CaL2LamhmtoJUwzS6tZ7tt ++TZDt5R5yZAJAGlfl6bTbyXo72KHd9em2U4cX2Fm0LFw1eBiIDbYlkD4XjHeQZlp +ENag7j2tEy7SlEqNgB3cjEYhVotJW96h2APKzthltLAFPSZpSm2ljHkvpI8SeBDp +sgkIQ8PGBLszPkc1pVwgIAriNvhjhuQN9D4Ueb5FB7SLCZP19iomob1Ex/NQDQ1h +mzsR36iD6iIslUQNOUFjTagrbWilS59Ah2o8RQq+cqeIvvA5KlvvWaQg77Tcw9pB +20GluiJfl6PIY6EkLU4loMMXKMWIQZOWZGY3QwWbFXy2vp77G8hmGLoU77kYz4Rp +m5+9ggcSbRsZvzB+8ZIOwEwW/9E+b/irsmGaaEPiClTHAaNXjvNEBiLDcKa7pbPM +ghjYQI696nBBb5RXDL4HdG6Ok3oZj8Zo/BulRbO5hakCAwEAAaOB7jCB6zAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQH646qccsnpbvHMWC+7R/PoDPE5jCBqAYD +VR0jBIGgMIGdgBQH646qccsnpbvHMWC+7R/PoDPE5qFypHAwbjELMAkGA1UEBhMC +Q0gxHTAbBgNVBAoTFFN3aXNzIEdvdmVybm1lbnQgUEtJMRkwFwYDVQQLExB3d3cu +cGtpLmFkbWluLmNoMSUwIwYDVQQDExxTd2lzcyBHb3Zlcm5tZW50IFJvb3QgQ0Eg +SUlJghEA+x8LQiuoQT5X0e4qblpPuzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcN +AQELBQADggIBALNPZrze6Yxl/LdTEC78/N2JGhFAcJQxiZV2xtYqzD2no8G4zhJr +NFDBdSov52Em70s/3o0jnw2YPh871mrOPPHf0Ut3jKhP8lDlKKnBaupWb0e0gium +J7Il8N0jCj/pPYwl7MO1Tzf6UwrpOJhrKexTNdeGkJr6Y7p2VONQT8rW58Bx0NLn +6mhUrZPkMvx6cUCHBSi46rjCPI0AXsFOKFblw2y19aqN72cWB9COxfJaGTu7wYuz +RJ8MpcfL3tNEYKe9G2naDpr/l0WGbfqxZIof7N9RWFJN1uq6BvZTcVve6VX1LBNy +BkxTlvrKW/Q/HKffUv3LTn2fEECUp6FVunM+dHQw+KPgn6pfH13A30HPAYEh26iu +szOtRhN3mzswtKTgF4LAirU0FBwFi67gPdrFfKsmCEy9SmDpcOyoWIh1Z/EYl3YN +bAt9GS0CtYKZd89i+p0SASvZ9bRXsTrr1SnwjNNCpzVIjGKDPgo+Yd2x8wehx3Ow +ifC2WXujI9g3AzWIq0V3Y0z/cOuOagfRIuAykcsVcVorxYQ+kc3dtJlnjbSqjGUX +pqycXlaYp/TiQBLVQZe1M/HtF6GlAhDhZLVA2h6t0aburB7HEdsXcXrZmh7GTpv0 +qLOUnwmKf0yb/ggLLKtQ0DeySTUatx4pIXbhm/ChqlhnJAPhGaTRE2rxMCowCgYI +KwYBBQUHAwMMHFN3aXNzIEdvdmVybm1lbnQgUm9vdCBDQSBJSUk= +-----END TRUSTED CERTIFICATE----- + +# Swisscom Root CA 1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBk +MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 +YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg +Q0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBaMGQxCzAJBgNVBAYT +AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp +Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9 +m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdih +FvkcxC7mlSpnzNApbjyFNDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/ +TilftKaNXXsLmREDA/7n29uj/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3F +EzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbco +kdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBu +HYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNF +vJbNcA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo +19AOeCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC +L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJW +bjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p/r+D5kNX +JLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw +FDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j +BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzc +K6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzf +ky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7Ik +Vh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQMbFamIp1TpBcahQq4FJHgmDmHtqB +sfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e +3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsR +ls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ip +mXeascClOS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HH +b6D0jqTsNFFbjCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksf +rK/7DZBaZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmms +hFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y +zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E0F/6 +MBr1mmz0DlP5OlvRHDAgMAoGCCsGAQUFBwMDDBJTd2lzc2NvbSBSb290IENBIDE= +-----END TRUSTED CERTIFICATE----- + +# Swisscom Root CA 2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBk +MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 +YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg +Q0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2MjUwNzM4MTRaMGQxCzAJBgNVBAYT +AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp +Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvEr +jw0DzpPMLgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r +0rk0X2s682Q2zsKwzxNoysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f +2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJwDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVP +ACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpHWrumnf2U5NGKpV+GY3aF +y6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1aSgJA/MTA +tukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL +6yxSNLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0 +uPoTXGiTOmekl9AbmbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrAL +acywlKinh/LTSlDcX3KwFnUey7QYYpqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velh +k6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3qPyZ7iVNTA6z00yPhOgpD/0Q +VAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw +FDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O +BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqh +b97iEoHF8TwuMA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4R +fbgZPnm3qKhyN2abGu2sEzsOv2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv +/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ82YqZh6NM4OKb3xuqFp1mrjX2lhI +REeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLzo9v/tdhZsnPdTSpx +srpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcsa0vv +aGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciAT +woCqISxxOQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99n +Bjx8Oto0QuFmtEYE3saWmA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5W +t6NlUe07qxS/TFED6F+KBZvuim6c779o+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N +8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TCrvJcwhbtkj6EPnNgiLx2 +9CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX5OfNeOI5 +wSsSnqaeG8XmDtkx2TAgMAoGCCsGAQUFBwMDDBJTd2lzc2NvbSBSb290IENBIDI= +-----END TRUSTED CERTIFICATE----- + +# Swisscom Root EV CA 2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIF4DCCA8igAwIBAgIRAPL6ZOJ0Y9ON/RAdBB92ylgwDQYJKoZIhvcNAQELBQAw +ZzELMAkGA1UEBhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdp +dGFsIENlcnRpZmljYXRlIFNlcnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290 +IEVWIENBIDIwHhcNMTEwNjI0MDk0NTA4WhcNMzEwNjI1MDg0NTA4WjBnMQswCQYD +VQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2Vy +dGlmaWNhdGUgU2VydmljZXMxHjAcBgNVBAMTFVN3aXNzY29tIFJvb3QgRVYgQ0Eg +MjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMT3HS9X6lds93BdY7Bx +UglgRCgzo3pOCvrY6myLURYaVa5UJsTMRQdBTxB5f3HSek4/OE6zAMaVylvNwSqD +1ycfMQ4jFrclyxy0uYAyXhqdk/HoPGAsp15XGVhRXrwsVgu42O+LgrQ8uMIkqBPH +oCE2G3pXKSinLr9xJZDzRINpUKTk4RtiGZQJo/PDvO/0vezbE53PnUgJUmfANykR +HvvSEaeFGHR55E+FFOtSN+KxRdjMDUN/rhPSays/p8LiqG12W0OfvrSdsyaGOx9/ +5fLoZigWJdBLlzin5M8J0TbDC77aO0RYjb7xnglrPvMyxyuHxuxenPaHZa0zKcQv +idm5y8kDnftslFGXEBuGCxobP/YCfnvUxVFkKJ3106yDgYjTdLRZncHrYTNaRdHL +OdAGalNgHa/2+2m8atwBz735j9m9W8E6X47aD0upm50qKGsaCnw8qyIL5XctcfaC +NYGu+HuB5ur+rPQam3Rc6I8k9l2dRsQs0h4rIWqDJ2dVSqTjyDKXZpBy2uPUZC5f +46Fq9mDU5zXNysRojddxyNMkM3OxbPlq4SjbX8Y96L5V5jcb7STZDxmPX2MYWFCB +UWVv8p9+agTnNCRxunZLWB4ZvRVgRaoMEkABnRDixzgHcgplwLa7JSnaFp6LNYth +7eVxV4O1PHGf40+/fh6Bn0GXAgMBAAGjgYYwgYMwDgYDVR0PAQH/BAQDAgGGMB0G +A1UdIQQWMBQwEgYHYIV0AVMCAgYHYIV0AVMCAjASBgNVHRMBAf8ECDAGAQH/AgED +MB0GA1UdDgQWBBRF2aWBbj2ITY1x0kbBbkUe88SAnTAfBgNVHSMEGDAWgBRF2aWB +bj2ITY1x0kbBbkUe88SAnTANBgkqhkiG9w0BAQsFAAOCAgEAlDpzBp9SSzBc1P6x +XCX5145v9Ydkn+0UjrgEjihLj6p7jjm02Vj2e6E1CqGdivdj5eu9OYLU43otb98T +PLr+flaYC/NUn81ETm484T4VvwYmneTwkLbUwp4wLh/vx3rEUMfqe9pQy3omywC0 +Wqu1kx+AiYQElY2NfwmTv9SoqORjbdlk5LgpWgi/UOGED1V7XwgiG/W9mR4U9s70 +WBCCswo9GcG/W6uqmdjyMb3lOGbcWAXH7WMaLgqXfIeTK7KK4/HsGOV1timH59yL +Gn602MnTihdsfSlEvoqq9X46Lmgxk7lq2prg2+kupYTNHAq4Sgj5nPFhJpiTt3tm +7JFe3VE/23MPrQRYCd0EApUKPtN236YQHoA96M2kZNEzx5LH4k5E4wnJTsJdhw4S +nr8PyQUQ3nqjsTzyP6WqJ3mtMX0f/fwZacXduT98zca0wjAefm6S139hdlqP65VN +vBFuIXxZN5nQBrz5Bm0yFqXZaajh3DyAHmBR3NdUIR7KYndP+tiPsys6DXhyyWhB +WkdKwqPrGtcKqzwyVcgKEZzfdNbwQBUdyLmPtTbFr/giuMod89a2GQ+fYWVq6nTI +fI/DT11lgh/ZDYnadXL77/FHZxOzyNEZiCcmmpl5fx7kLD977vHeTYuWl8PVP3wb +I+2ksx0WckNLIOFZfsLorSa/ovcwIzAKBggrBgEFBQcDAwwVU3dpc3Njb20gUm9v +dCBFViBDQSAy +-----END TRUSTED CERTIFICATE----- + +# Symantec Class 1 Public Primary Certification Authority - G6 +-----BEGIN TRUSTED CERTIFICATE----- +MIID9jCCAt6gAwIBAgIQJDJ18h0v0gkz97RqytDzmDANBgkqhkiG9w0BAQsFADCB +lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w +HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl +YyBDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE +BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT +eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAx +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHOddJZKmZgiJM6kXZBxbje/SD +6Jlz+muxNuCad6BAwoGNAcfMjL2Pffd543pMA03Z+/2HOCgs3ZqLVAjbZ/sbjP4o +ki++t7JIp4Gh2F6Iw8w5QEFa0dzl2hCfL9oBTf0uRnz5LicKaTfukaMbasxEvxvH +w9QRslBglwm9LiL1QYRmn81ApqkAgMEflZKf3vNI79sdd2H8f9/ulqRy0LY+/3gn +r8uSFWkI22MQ4uaXrG7crPaizh5HmbmJtxLmodTNWRFnw2+F2EJOKL5ZVVkElauP +N4C/DfD8HzpkMViBeNfiNfYgPym4jxZuPkjctUwH4fIa6n4KedaovetdhitNAgMB +AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBQzQejIORIVk0jyljIuWvXalF9TYDANBgkqhkiG9w0BAQsFAAOCAQEAFeNzV7EX +tl9JaUSm9l56Z6zS3nVJq/4lVcc6yUQVEG6/MWvL2QeTfxyFYwDjMhLgzMv7OWyP +4lPiPEAz2aSMR+atWPuJr+PehilWNCxFuBL6RIluLRQlKCQBZdbqUqwFblYSCT3Q +dPTXvQbKqDqNVkL6jXI+dPEDct+HG14OelWWLDi3mIXNTTNEyZSPWjEwN0ujOhKz +5zbRIWhLLTjmU64cJVYIVgNnhJ3Gw84kYsdMNs+wBkS39V8C3dlU6S+QTnrIToNA +DJqXPDe/v+z28LSFdyjBC8hnghAXOKK3Buqbvzr46SMHv3TgmDgVVXjucgBcGaP0 +0jPg/73RVDkpDzBKMAoGCCsGAQUFBwMEDDxTeW1hbnRlYyBDbGFzcyAxIFB1Ymxp +YyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzY= +-----END TRUSTED CERTIFICATE----- + +# Symantec Class 2 Public Primary Certification Authority - G6 +-----BEGIN TRUSTED CERTIFICATE----- +MIID9jCCAt6gAwIBAgIQZIKe/DcedF38l/+XyLH/QTANBgkqhkiG9w0BAQsFADCB +lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w +HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl +YyBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE +BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT +eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAy +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNzOkFyGOFyz9AYxe9GPo15gRn +V2WYKaRPyVyPDzTS+NqoE2KquB5QZ3iwFkygOakVeq7t0qLA8JA3KRgmXOgNPLZs +ST/B4NzZS7YUGQum05bh1gnjGSYc+R9lS/kaQxwAg9bQqkmi1NvmYji6UBRDbfkx ++FYW2TgCkc/rbN27OU6Z4TBnRfHU8I3D3/7yOAchfQBeVkSz5GC9kSucq1sEcg+y +KNlyqwUgQiWpWwNqIBDMMfAr2jUs0Pual07wgksr2F82owstr2MNHSV/oW5cYqGN +KD6h/Bwg+AEvulWaEbAZ0shQeWsOagXXqgQ2sqPy4V93p3ec5R7c6d9qwWVdAgMB +AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBSHjCCVyJhK0daABkqQNETfHE2/sDANBgkqhkiG9w0BAQsFAAOCAQEAgY6ypWaW +tyGltu9vI1pf24HFQqV4wWn99DzX+VxrcHIa/FqXTQCAiIiCisNxDY7FiZss7Y0L +0nJU9X3UXENX6fOupQIR9nYrgVfdfdp0MP1UR/bgFm6mtApI5ud1Bw8pGTnOefS2 +bMVfmdUfS/rfbSw8DVSAcPCIC4DPxmiiuB1w2XaM/O6lyc+tHc+ZJVdaYkXLFmu9 +Sc2lo4xpeSWuuExsi0BmSxY/zwIa3eFsawdhanYVKZl/G92IgMG/tY9zxaaWI4Sm +KIYkM2oBLldzJbZev4/mHWGoQClnHYebHX+bn5nNMdZUvmK7OaxoEkiRIKXLsd3+ +b/xa5IJVWa8xqTBKMAoGCCsGAQUFBwMEDDxTeW1hbnRlYyBDbGFzcyAyIFB1Ymxp +YyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzY= +-----END TRUSTED CERTIFICATE----- + +# Symantec Class 3 Public Primary Certification Authority - G4 +-----BEGIN TRUSTED CERTIFICATE----- +MIICpzCCAi2gAwIBAgIQTHm1miicdjFk9YlE0JEC3jAKBggqhkjOPQQDAzCBlDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD +bGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g +RzQwHhcNMTIxMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UEBhMC +VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h +bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAzIFB1 +YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAARXz+qzOU0/oSHgbi84csaHl/OFC0fnD1HI0fSZm8pZ +Zf9M+eoLtyXV0vbsMS0yYhLXdoan+jjJZdT+c+KEOfhMSWIT3brViKBfPchPsD+P +oVAR5JNGrcNfy/GkapVW6MCjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBQknbzScfcdwiW+IvGJpSwVOzQeXjAKBggqhkjOPQQD +AwNoADBlAjEAuWZoZdsF0Dh9DvPIdWG40CjEsUozUVj78jwQyK5HeHbKZiQXhj5Q +Vm6lLZmIuL0kAjAD6qfnqDzqnWLGX1TamPR3vU+PGJyRXEdrQE0QHbPhicoLIsga +xcX+i93B3294n5EwSjAKBggrBgEFBQcDAww8U3ltYW50ZWMgQ2xhc3MgMyBQdWJs +aWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0 +-----END TRUSTED CERTIFICATE----- + +# Symantec Class 3 Public Primary Certification Authority - G6 +-----BEGIN TRUSTED CERTIFICATE----- +MIIF9jCCA96gAwIBAgIQZWNxhdNvRcaPfzH5CYeSgjANBgkqhkiG9w0BAQwFADCB +lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w +HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl +YyBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzYwHhcNMTIxMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE +BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT +eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAz +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3DrL6TbyachX7d1vb/UMPywv3 +YC6zK34Mu1PyzE5l8xm7/zUd99Opu0Attd141Kb5N+qFBXttt+YTSwZ8+3ZjjyAd +LTgrBIXy6LDRX01KIclq2JTqHgJQpqqQB6BHIepm+QSg5oPwxPVeluInTWHDs8GM +IrZmoQDRVin77cF/JMo9+lqUsITDx7pDHP1kDvEo+0dZ8ibhMblE+avd+76+LDfj +rAsY0/wBovGkCjWCR0yrvYpe3xOF/CDMSFmvr0FvyyPNypOn3dVfyGQ7/wEDoApP +LW49hL6vyDKyUymQFfewBZoKPPa5BpDJpeFdoDuw/qi2v/WJKFckOiGGceTciotB +VeweMCRZ0cBZuHivqlp03iWAMJjtMERvIXAc2xJTDtamKGaTLB/MTzwbgcW59nhv +0DI6CHLbaw5GF4WU87zvvPekXo7p6bVk5bdLRRIsTDe3YEMKTXEGAJQmNXQfu3o5 +XE475rgD4seTi4QsJUlF3X8jlGAfy+nN9quX92Hn+39igcjcCjBcGHzmzu/Hbh6H +fLPpysh7avRo/IOlDFa0urKNSgrHl5fFiDAVPRAIVBVycmczM/R8t84AJ1NlziTx +WmTnNi/yLgLCl99y6AIeoPc9tftoYAP6M6nmEm0G4amoXU48/tnnAGWsthlNe4N/ +NEfq4RhtsYsceavnnQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUOXEIAD7eyIbnkP/k/SEPziQZFvYwDQYJKoZIhvcN +AQEMBQADggIBAFBriE1gSM5a4yLOZ3yEp80c/ekMA4w2rwqHDmquV64B0Da78v25 +c8FftaiuTKL6ScsHRhY2vePIVzh+OOS/JTNgxtw3nGO7XpgeGrKC8K6mdxGAREeh +KcXwszrOmPC47NMOgAZ3IzBM/3lkYyJbd5NDS3Wz2ztuO0rd8ciutTeKlYg6EGhw +OLlbcH7VQ8n8X0/l5ns27vAg7UdXEyYQXhQGDXt2B8LGLRb0rqdsD7yID08sAraj +1yLmmUc12I2lT4ESOhF9s8wLdfMecKMbA+r6mujmLjY5zJnOOj8Mt674Q5mwk25v +qtkPajGRu5zTtCj7g0x6c4JQZ9IOrO1gxbJdNZjPh34eWR0kvFa62qRa2MzmvB4Q +jxuMjvPB27e+1LBbZY8WaPNWxSoZFk0PuGWHbSSDuGLc4EdhGoh7zk5//dzGDVqa +pPO1TPbdMaboHREhMzAEYX0c4D5PjT+1ixIAWn2poQDUg+twuxj4pNIcgS23CBHI +Jnu21OUPA0Zy1CVAHr5JXW2T8VyyO3VUaTqg7kwiuqya4gitRWMFSlI1dsQ09V4H +Mq3cfCbRW4+t5OaqG3Wf61206MCpFXxOSgdy30bJ1JGSdVaw4e43NmUoxRXIK3bM +bW8Zg/T92hXiQeczeUaDV/nxpbZt07zXU+fucW14qZen7iCcGRVyFT0EMEowCgYI +KwYBBQUHAwMMPFN5bWFudGVjIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkgLSBHNg== +-----END TRUSTED CERTIFICATE----- + +# Symantec Enterprise Mobile Root for Microsoft +-----BEGIN TRUSTED CERTIFICATE----- +MIIDvTCCAqWgAwIBAgIQD2tVL56/kHsPZimpvfTYzjANBgkqhkiG9w0BAQsFADBk +MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xNjA0 +BgNVBAMTLVN5bWFudGVjIEVudGVycHJpc2UgTW9iaWxlIFJvb3QgZm9yIE1pY3Jv +c29mdDAeFw0xMjAzMTUwMDAwMDBaFw0zMjAzMTQyMzU5NTlaMGQxCzAJBgNVBAYT +AlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjE2MDQGA1UEAxMtU3lt +YW50ZWMgRW50ZXJwcmlzZSBNb2JpbGUgUm9vdCBmb3IgTWljcm9zb2Z0MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtT2wcu6R6aVpnBFNevmz+j3ylJsj +t6YD7GIY/IUSIv7BcX1Uk7mRfWL2yqg4FWX4dz3lgiA61LXRbo0GSb3fgg4khefv +eC0Y8uALaEY+JBDIV+4ObXGm07FWHNcp1bLqVAUKqDyhuCVSBwWg3+fc7lw7QbWr +XDMy0s7r6Zb4QPQKujMd+FYDCYL1ZwfEwDTBXfxFu+o8mtV0cW3VhtPC/IW8VOuj +1fJP1UWvV7zwIsCPokXIdTR33qFtN3Kzc40Ma1O6WeGoPoBX0l9Z7mh1z4Gco8pF +jDfbBXI0HDIC+NX5LA3aWJ7EF7SbyZDEiFk/cZGQRBi+Iot5ki5CsIuXWwIDAQAB +o2swaTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAnBgNVHREEIDAe +pBwwGjEYMBYGA1UEAxMPTVBLSS0yMDQ4LTEtMTExMB0GA1UdDgQWBBRN7N8mBtwk +EMC2mfTXOcdvGfgmKDANBgkqhkiG9w0BAQsFAAOCAQEAqVdZ0AFUFEavx3lUDGoq +W9g6HYHkiKMxtPHzNfFGc1xDyf68omoZwL0vX8s4o21u6BRe8nh+RXrhu/Qum0Xr +4B1QHDRbf5iKhg+H2uRkJnf8Cd8jQU8On/oO+kSF8CmXpJTi9EAtkRx29Khg3nGm +sAXiT2nZGQuJOuD6qyv68bMy7fx8cGVe0HsRe53oWxpKdqR7UTmsfakMdDjou1Xf +xM7ApyFauBufAcWnEP59+WoImQHR9jVQOOT2Q+QY2IBM7McE4mGMfUntz7Sl8fKQ +kgkINXOgIzLK6ZyeHL4LByx3XhdM2pyC4YAbpfPa94i/vzkn+CT+sUvIl+3kEhQl +iDA7MAoGCCsGAQUFBwMDDC1TeW1hbnRlYyBFbnRlcnByaXNlIE1vYmlsZSBSb290 +IGZvciBNaWNyb3NvZnQ= +-----END TRUSTED CERTIFICATE----- + +# T-TeleSec GlobalRoot Class 2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd +AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC +FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi +1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq +jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ +wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ +WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy +NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC +uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw +IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 +g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP +BSeOE6FuwjA0MBQGCCsGAQUFBwMEBggrBgEFBQcDAQwcVC1UZWxlU2VjIEdsb2Jh +bFJvb3QgQ2xhc3MgMg== +-----END TRUSTED CERTIFICATE----- + +# T-TeleSec GlobalRoot Class 3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN +8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ +RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 +hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 +ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM +EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 +A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy +WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ +1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 +6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT +91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p +TpPDpFQUWzAqMAoGCCsGAQUFBwMBDBxULVRlbGVTZWMgR2xvYmFsUm9vdCBDbGFz +cyAz +-----END TRUSTED CERTIFICATE----- + +# TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx +GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp +bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w +KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0 +BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy +dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG +EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll +IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU +QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT +TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg +LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7 +a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr +LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr +N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X +YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/ +iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f +AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH +V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf +IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4 +lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c +8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf +lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeMwOzAKBggrBgEFBQcDAQwtVFVCSVRBSyBL +YW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kgLSBTdXJ1bSAx +-----END TRUSTED CERTIFICATE----- + +# TWCA Global Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx +EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT +VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 +NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT +B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF +10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz +0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh +MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH +zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc +46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2 +yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi +laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP +oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA +BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE +qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm +4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL +1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF +H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo +RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+ +nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh +15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW +6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW +nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j +wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz +aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy +KwbQBM0wNTAeBggrBgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMDDBNUV0NBIEds +b2JhbCBSb290IENB +-----END TRUSTED CERTIFICATE----- + +# TWCA Root Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES +MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU +V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz +WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO +LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE +AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH +K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX +RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z +rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx +3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq +hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC +MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls +XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D +lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn +aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ +YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8HrzBDMB4GCCsGAQUFBwMEBggr +BgEFBQcDAQYIKwYBBQUHAwMMIVRXQ0EgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eQ== +-----END TRUSTED CERTIFICATE----- + +# TeliaSonera Root CA v1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw +NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv +b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD +VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F +VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 +7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X +Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ +/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs +81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm +dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe +Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu +sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 +pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs +slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ +arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD +VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG +9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl +dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj +TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed +Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 +Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI +OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 +vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW +t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn +HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx +SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVYwODAe +BggrBgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMDDBZUZWxpYVNvbmVyYSBSb290 +IENBIHYx +-----END TRUSTED CERTIFICATE----- + +# Telia Root CA v2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQx +CzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UE +AwwQVGVsaWEgUm9vdCBDQSB2MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1 +NTRaMEQxCzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZ +MBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2MjCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBALLQPwe84nvQa5n44ndp586dpAO8gm2h/oFlH0wnrI4AuhZ76zBq +AMCzdGh+sq/H1WKzej9Qyow2RCRj0jbpDIX2Q3bVTKFgcmfiKDOlyzG4OiIjNLh9 +vVYiQJ3q9HsDrWj8soFPmNB06o3lfc1jw6P23pLCWBnglrvFxKk9pXSW/q/5iaq9 +lRdU2HhE8Qx3FZLgmEKnpNaqIJLNwaCzlrI6hEKNfdWV5Nbb6WLEWLN5xYzTNTOD +n3WhUidhOPFZPY5Q4L15POdslv5e2QJltI5c0BE0312/UqeBAMN/mUWZFdUXyApT +7GPzmX3MaRKGwhfwAZ6/hLzRUssbkmbOpFPlob/E2wnW5olWK8jjfN7j/4nlNW4o +6GwLI1GpJQXrSPjdscr6bAhR77cYbETKJuFzxokGgeWKrLDiKca5JLNrRBH0pUPC +TEPlcDaMtjNXepUugqD0XBCzYYP2AgWGLnwtbNwDRm41k9V6lS/eINhbfpSQBGq6 +WT0EBXWdN6IOLj3rwaRSg/7Qa9RmjtzG6RJOHSpXqhC8fF6CfaamyfItufUXJ63R +DolUK5X6wK0dmBR4M0KGCqlztft0DbcbMBnEWg4cJ7faGND/isgFuvGqHKI3t+ZI +pEYslOqodmJHixBTB0hXbOKSTbauBcvcwUpej6w9GU7C7WB1K9vBykLVAgMBAAGj +YzBhMB8GA1UdIwQYMBaAFHKs5DN5qkWH9v2sHZ7Wxy+G2CQ5MB0GA1UdDgQWBBRy +rOQzeapFh/b9rB2e1scvhtgkOTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw +AwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAoDtZpwmUPjaE0n4vOaWWl/oRrfxn83EJ +8rKJhGdEr7nv7ZbsnGTbMjBvZ5qsfl+yqwE2foH65IRe0qw24GtixX1LDoJt0nZi +0f6X+J8wfBj5tFJ3gh1229MdqfDBmgC9bXXYfef6xzijnHDoRnkDry5023X4blMM +A8iZGok1GTzTyVR8qPAs5m4HeW9q4ebqkYJpCh3DflminmtGFZhb069GHWLIzoBS +SRE/yQQSwxN8PzuKlts8oB4KtItUsiRnDe+Cy748fdHif64W1lZYudogsYMVoe+K +TTJvQS8TUoKU1xrBeKJR3Stwbbca+few4GeXVtt8YVMJAygCQMez2P2ccGrGKMOF +6eLtGpOg3kuYooQ+BXcBlj37tCAPnHICehIv1aO6UXivKitEZU61/Qrowc15h2Er +3oBXRb9n8ZuRXqWk7FlIEA04x7D6w0RtBPV4UBySllva9bguulvP5fBqnUsvWHMt +Ty3EHD70sz+rFQ47GUGKpMFXEmZxTPpT41frYpUJnlTd0cI8Vzy9OK2YZLe4A5pT +VmBds9hCG1xLEooc6+t9xnppxyd/pPiL8uSUZodL6ZQHCRJ5irLrdATczvREWeAW +ysUsWNc8e89ihmpQfTU2Zqf7N+cox9jQraVplI/owd8k+BsHMYeB2F326CjYSlKA +rBPuUBQemMcwKDAUBggrBgEFBQcDBAYIKwYBBQUHAwEMEFRlbGlhIFJvb3QgQ0Eg +djI= +-----END TRUSTED CERTIFICATE----- + +# Thailand National Root Certification Authority - G1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIGgTCCBGmgAwIBAgIEUVLFjDANBgkqhkiG9w0BAQ0FADCBzzELMAkGA1UEBhMC +VEgxSTBHBgNVBAoMQEVsZWN0cm9uaWMgVHJhbnNhY3Rpb25zIERldmVsb3BtZW50 +IEFnZW5jeSAoUHVibGljIE9yZ2FuaXphdGlvbikxNzA1BgNVBAsMLlRoYWlsYW5k +IE5hdGlvbmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxPDA6BgNVBAMM +M1RoYWlsYW5kIE5hdGlvbmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMTAeFw0xMzAzMjcwOTQwMjJaFw0zNjAzMjcxMDEwMjJaMIHPMQswCQYDVQQG +EwJUSDFJMEcGA1UECgxARWxlY3Ryb25pYyBUcmFuc2FjdGlvbnMgRGV2ZWxvcG1l +bnQgQWdlbmN5IChQdWJsaWMgT3JnYW5pemF0aW9uKTE3MDUGA1UECwwuVGhhaWxh +bmQgTmF0aW9uYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE8MDoGA1UE +AwwzVGhhaWxhbmQgTmF0aW9uYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEcxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1rpK5Izxmi6J +F8JA84IAMf4TAnplygjYqyKxAppxNEpkWYLlQkbrI/aLWiKxzzbnc20UbfdJlF7v +5zRZZ/aoz1ZZI4RV4vsaEcqj+YqrZx6CE9CLOZq/D8IPPNZh2OqbzxUOvtTwzD9z +nAT0onFzfYCwnTHxBvmwE+WISTD2Fn2IVyk6LKKMkJjOERbOTVEP/MeyzPJmGCGA +BYitudDFC3gB/k7SCIs28VbPbrpzJgvW96VGamlOlranBlbM5i4xn26L7ZwAVUf0 +e6Z6tt8BHUgEC6tCwnBKlL38rFHyqz/W62DfCP/1ErKJKnq5RZklfXzvzxXQSCwQ +1tS8CCe1hinU49PEKpAS9qIq+YuvFv8C83puz6LLarTgcgv7PoV/4ofgL0Mj+IXJ +merWQN6g++fedv+PgDnrZxITpvvlo/wmgFlj8tIj6x/GSHNRnbezoFuraoj5v/tx +UdxutnbvsFvyy4gwugbbG0HTVbSttOogIfzUd7Y9W6EMLSUhUiNS1zRTbRYEUmb4 +1erxLFjyO7HxfkO13IK4XuOH4aOkX+eJDryc6Sk6JafYT2qH1JZElxgWh8JxUoXO +eoytHme+ui2/oyEnxecw6QaZG7AM475SZZNNYUvyOOaPGPECUpgupg4dBc8m7AEj +Bzb24BM3qUeIA4dHy92yAR9fZBsEm8UCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgwFoAUfyN2t4Mqcfcs0YgP3UxfMgpo +u38wHQYDVR0OBBYEFH8jdreDKnH3LNGID91MXzIKaLt/MA0GCSqGSIb3DQEBDQUA +A4ICAQANZRxaB6merEzJX0/dMWzZ4lMdP5GNWrOMvTSeLk3KWNOvWWJJNnOwYXYR +vos2x5Sq+DZpByDfXC8L9o4CFu9SBjjd7TRgqodeF844bVBN5d/lUb4dBJb03Orl +2eqO3p90y4KUU4Fs+14s1aF1lk37MFzNYaCeocyCuVJyC4djYXthNHS2Lt3i4Ye1 +SRRhFUdKSz53uQjSNk9YZ0KJgHhaEiPtRTvdvyAmVPxbP2ABGEHjZ3UTtyoVcMzL +edIU+PPC4CoQ9/lC2NzaCtMBBdtXmMm26wyZCsqMfe87FijA91/hR1HT+AZFB/AL +usKcmOzSf01+/Qb8c8LCVRJi0CNE3yLk+HnnpRBOPsmOqoPpNuqrecYFhM2WaHx0 +rD8y/67JQOyPUL9QqLdO1a02atcnM/rn2C3ZN5iFG6YM6nsQE3AenojF3D6OuQ1V +3wHO0El2UdsQYnhBrWljpZUJtxgGb/0EZ9QQD07bO18MY3zrZL1uSwCogfqSMoYw +jAm/fVg/ZQ2pN9FF42ZpxGj0YqmoHjfZLplJoLAGjEB/hbH18UxLOKAIzCrZlsDs +wA08LkVXw++V2rbL7ltlqCsyr8kn+RVTN3VYH0vql6IiXGdW4qDMNcSswzFAuZwD +er3JSA7qahXanLx4b8kV52QD2UkTZkVLLfSEmbPqpxKV5ZMu/DBBMAoGCCsGAQUF +BwMDDDNUaGFpbGFuZCBOYXRpb25hbCBSb290IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzE= +-----END TRUSTED CERTIFICATE----- + +# Thawte Premium Server CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx +FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD +VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv +biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy +dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t +MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB +MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG +A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp +b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl +cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv +bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE +VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ +ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR +uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI +hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM +pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQjAmMAoG +CCsGAQUFBwMDDBhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIgQ0E= +-----END TRUSTED CERTIFICATE----- + +# Thawte Server CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx +FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD +VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv +biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm +MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx +MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT +DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3 +dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl +cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3 +DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91 +yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX +L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj +EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG +7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e +QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ +qdq5snUb9kLy78fyGPmJvKP/iiMucEcwHjAKBggrBgEFBQcDAwwQVGhhd3RlIFNl +cnZlciBDQQ== +-----END TRUSTED CERTIFICATE----- + +# TrustCor ECA-1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDlRydXN0Q29y +IEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3MjgwN1owgZwxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3Ig +RUNBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb +3w9U73NjKYKtR8aja+3+XzP4Q1HpGjORMRegdMTUpwHmspI+ap3tDvl0mEDTPwOA +BoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23xFUfJ3zSCNV2HykVh0A5 +3ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmcp0yJF4Ou +owReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/ +wZ0+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZF +ZtS6mFjBAgMBAAGjYzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAf +BgNVHSMEGDAWgBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/ +MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABT41XBVwm8nHc2Fv +civUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u/ukZMjgDfxT2 +AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F +hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50 +soIipX1TH0XsJ5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BI +WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi +tJ/X5jAmMBQGCCsGAQUFBwMEBggrBgEFBQcDAQwOVHJ1c3RDb3IgRUNBLTE= +-----END TRUSTED CERTIFICATE----- + +# TrustCor RootCert CA-1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29y +IFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkxMjMxMTcyMzE2WjCB +pDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFuYW1h +IENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUG +A1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZU +cnVzdENvciBSb290Q2VydCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAv463leLCJhJrMxnHQFgKq1mqjQCj/IDHUHuO1CAmujIS2CNUSSUQIpid +RtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4pQa81QBeCQryJ3pS/C3V +seq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0JEsq1pme +9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CV +EY4hgLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorW +hnAbJN7+KIor0Gqw/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/ +DeOxCbeKyKsZn3MzUOcwHwYDVR0jBBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD +ggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5mDo4Nvu7Zp5I +/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf +ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZ +yonnMlo2HD6CqFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djts +L1Ac59v2Z3kf9YKVmgenFK+P3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdN +zl/HHk484IkzlQsPpTLWPFp5LBkwLjAUBggrBgEFBQcDBAYIKwYBBQUHAwEMFlRy +dXN0Q29yIFJvb3RDZXJ0IENBLTE= +-----END TRUSTED CERTIFICATE----- + +# TrustCor RootCert CA-2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3Ig +Um9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzExNzI2MzlaMIGk +MQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEg +Q2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYD +VQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRy +dXN0Q29yIFJvb3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCnIG7CKqJiJJWQdsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+ +QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq +1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1oYxOdqHp +2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nK +DOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hape +az6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF +3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88 +oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNM +g9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3 +mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh +8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAd +BgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6U +nrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYw +DQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWyOrsGS2h60COX +dKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89NiqpX+ +MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL +/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RX +CI/hOWB3S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYa +ZH9bDTMJBzN7Bj8RpFxwPIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW +2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7 +N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYURpFHmygk71dSTlxCnKr3 +Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArB +As8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp +5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu +1uwJMC4wFAYIKwYBBQUHAwQGCCsGAQUFBwMBDBZUcnVzdENvciBSb290Q2VydCBD +QS0y +-----END TRUSTED CERTIFICATE----- + +# Trustwave Global Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQsw +CQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28x +ITAfBgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1 +c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMx +OTM0MTJaFw00MjA4MjMxOTM0MTJaMIGIMQswCQYDVQQGEwJVUzERMA8GA1UECAwI +SWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2ZSBI +b2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +ALldUShLPDeS0YLOvR29zd24q88KPuFd5dyqCblXAj7mY2Hf8g+CY66j96xz0Xzn +swuvCAAJWX/NKSqIk4cXGIDtiLK0thAfLdZfVaITXdHG6wZWiYj+rDKd/VzDBcdu +7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4BqstTnoApTAbqOl5F2brz8 +1Ws25kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9oWN0EACyW +80OzfpgZdNmcc9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotP +JqX+OsIgbrv4Fo7NDKm0G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1l +RtzuzWniTY+HKE40Cz7PFNm73bZQmq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfw +hI0Vcnyh78zyiGG69Gm7DIwLdVcEuE4qFC49DxweMqZiNu5m4iK4BUBjECLzMx10 +coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm+9jaJXLE9gCxInm943xZYkqc +BW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqjifLJS3tBEW1n +twiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1Ud +DwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W +0OhUKDtkLSGm+J1WE2pIPU/HPinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfe +uyk3QAUHw5RSn8pk3fEbK9xGChACMf1KaA0HZJDmHvUqoai7PF35owgLEQzxPy0Q +lG/+4jSHg9bP5Rs1bdID4bANqKCqRieCNqcVtgimQlRXtpla4gt5kNdXElE1GYhB +aCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtKYdkNy1GTKv0WBpanI5ojSP5RvbbE +sLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90lZvkWx3SD92YHJtZuSPT +MaCm/zjdzyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrql5gR0IRiR2Qe +qu5AvzSxnI9O4fKSTx+O856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDFQdxh +VicGaeVyQYHTtgGJoC86cnn+OjC/QezHYj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8 +h6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu3R3y4G5OBVixwJAWKqQ9 +EEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP29FpHOTK +yeC2nOnOcXHebD8WpHkwSjAeBggrBgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMD +DChUcnVzdHdhdmUgR2xvYmFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +-----END TRUSTED CERTIFICATE----- + +# Trustwave Global ECC P256 Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD +VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf +BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 +YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x +NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G +A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 +d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF +Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN +FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w +DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw +CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh +DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7MFMwHgYIKwYBBQUH +AwQGCCsGAQUFBwMBBggrBgEFBQcDAwwxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1 +NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ== +-----END TRUSTED CERTIFICATE----- + +# Trustwave Global ECC P384 Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYD +VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf +BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 +YXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x +NzA4MjMxOTM2NDNaFw00MjA4MjMxOTM2NDNaMIGRMQswCQYDVQQGEwJVUzERMA8G +A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 +d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF +Q0MgUDM4NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqGSM49AgEGBSuB +BAAiA2IABGvaDXU1CDFHBa5FmVXxERMuSvgQMSOjfoPTfygIOiYaOs+Xgh+AtycJ +j9GOMMQKmw6sWASr9zZ9lCOkmwqKi6vr/TklZvFe/oyujUF5nQlgziip04pt89ZF +1PKYhDhloKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0G +A1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNnADBkAjA3 +AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsC +MGclCrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVu +SzBTMB4GCCsGAQUFBwMEBggrBgEFBQcDAQYIKwYBBQUHAwMMMVRydXN0d2F2ZSBH +bG9iYWwgRUNDIFAzODQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHk= +-----END TRUSTED CERTIFICATE----- + +# TunTrust Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQEL +BQAwYTELMAkGA1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUg +Q2VydGlmaWNhdGlvbiBFbGVjdHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJv +b3QgQ0EwHhcNMTkwNDI2MDg1NzU2WhcNNDQwNDI2MDg1NzU2WjBhMQswCQYDVQQG +EwJUTjE3MDUGA1UECgwuQWdlbmNlIE5hdGlvbmFsZSBkZSBDZXJ0aWZpY2F0aW9u +IEVsZWN0cm9uaXF1ZTEZMBcGA1UEAwwQVHVuVHJ1c3QgUm9vdCBDQTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPN0/y9BFPdDCA61YguBUtB9YOCfvdZ +n56eY+hz2vYGqU8ftPkLHzmMmiDQfgbU7DTZhrx1W4eI8NLZ1KMKsmwb60ksPqxd +2JQDoOw05TDENX37Jk0bbjBU2PWARZw5rZzJJQRNmpA+TkBuimvNKWfGzC3gdOgF +VwpIUPp6Q9p+7FuaDmJ2/uqdHYVy7BG7NegfJ7/Boce7SBbdVtfMTqDhuazb1YMZ +GoXRlJfXyqNlC/M4+QKu3fZnz8k/9YosRxqZbwUN/dAdgjH8KcwAWJeRTIAAHDOF +li/LQcKLEITDCSSJH7UP2dl3RxiSlGBcx5kDPP73lad9UKGAwqmDrViWVSHbhlnU +r8a83YFuB9tgYv7sEG7aaAH0gxupPqJbI9dkxt/con3YS7qC0lH4Zr8GRuR5KiY2 +eY8fTpkdso8MDhz/yV3A/ZAQprE38806JG60hZC/gLkMjNWb1sjxVj8agIl6qeIb +MlEsPvLfe/ZdeikZjuXIvTZxi11Mwh0/rViizz1wTaZQmCXcI/m4WEEIcb9PuISg +jwBUFfyRbVinljvrS5YnzWuioYasDXxU5mZMZl+QviGaAkYt5IPCgLnPSz7ofzwB +7I9ezX/SKEIBlYrilz0QIX32nRzFNKHsLA4KUiwSVXAkPcvCFDVDXSdOvsC9qnyW +5/yeYa1E0wCXAgMBAAGjYzBhMB0GA1UdDgQWBBQGmpsfU33x9aTI04Y+oXNZtPdE +ITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFAaamx9TffH1pMjThj6hc1m0 +90QhMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAqgVutt0Vyb+z +xiD2BkewhpMl0425yAA/l/VSJ4hxyXT968pk21vvHl26v9Hr7lxpuhbI87mP0zYu +QEkHDVneixCwSQXi/5E/S7fdAo74gShczNxtr18UnH1YeA32gAm56Q6XKRm4t+v4 +FstVEuTGfbvE7Pi1HE4+Z7/FXxttbUcoqgRYYdZ2vyJ/0Adqp2RT8JeNnYA/u8EH +22Wv5psymsNUk8QcCMNE+3tjEUPRahphanltkE8pjkcFwRJpadbGNjHh/PqAulxP +xOu3Mqz4dWEX1xAZufHSCe96Qp1bWgvUxpVOKs7/B9dPfhgGiPEZtdmYu65xxBzn +dFlY7wyJz4sfdZMaBBSSSFCp61cpABbjNhzI+L/wM9VBD8TMPN3pM0MBkRArHtG5 +Xc0yGYuPjCB31yLEQtyEFpslbei0VXF/sHyz03FJuc9SpAQ/3D2gu68zngowYI7b +nV2UqL1g52KAdoGDDIzMMEZJ4gzSqK/rYXHv5yJiqfdcZGyfFoxnNidF9Ql7v/YQ +CvGwjVRDjAS6oz/v4jXH+XTgbzRB0L9zZVcg+ZtnemZoJE6AZb0QmQZZ8mWvuMZH +u/2QeItBcy6vVR/cO5JyboTT0GFMDcx2V+IthSIVNg3rAZ3r2OvEhJn7wAzMMujj +d9qDRIueVSjAi1jTkD5OGwDxFa2DK5owHjAKBggrBgEFBQcDAQwQVHVuVHJ1c3Qg +Um9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# Tunisian Root Certificate Authority - TunRootCA2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFvDCCA6SgAwIBAgIQIWYVBQUnBQW8irAdrwq+xDANBgkqhkiG9w0BAQsFADB4 +MQswCQYDVQQGEwJUTjE5MDcGA1UEAxMwVHVuaXNpYW4gUm9vdCBDZXJ0aWZpY2F0 +ZSBBdXRob3JpdHkgLSBUdW5Sb290Q0EyMS4wLAYDVQQKEyVOYXRpb25hbCBEaWdp +dGFsIENlcnRpZmljYXRpb24gQWdlbmN5MB4XDTE1MDUwNTA4NTcwMVoXDTI3MDUw +NTA4NTcwMVoweDELMAkGA1UEBhMCVE4xOTA3BgNVBAMTMFR1bmlzaWFuIFJvb3Qg +Q2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gVHVuUm9vdENBMjEuMCwGA1UEChMlTmF0 +aW9uYWwgRGlnaXRhbCBDZXJ0aWZpY2F0aW9uIEFnZW5jeTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBALAH52L70A1Vzme3V41uDKknVB7rqSSrZ4+PnGEP +2ygyLzv4LGWSLa66M5LAK57yH15tI12zWB+NocBtdYUKsBNOW1ZGizm9C4K7OkOb +CLpG7vkX683I1+N1E96uUUgKziCVRp8C7FWMdKpa/PzqCTM1bqNHBsfdfoRoDscS +ypTD7eZsAm3eAok1swTLRfh8R6TTH9/lXCPi8yJ7uUui/Rc1XUjpv/WzJWOL53jr +/HUnvYhcpoU/Qd+VfN16Ro/+Htqxq9jTjs0GjMnYUkIRUqKDj1yDe+Qnto8foF49 +0nV9eVOTBpfjA8eWLNoBPHnFO1DosNOhpOLTg31E+BDPoBoq8mWAvXfBmGV2rhIh +Yso6vr61mcNbxNG/m8AKylgeFabXIV6xTQrlcHiaaOZ0ZjIUKh4Rvoj3BvZVo8Mf +bheQVdGKQIlWQ9VP5qLJiGQABVE/V7Q8tr5qkXFA8aJc8dftnLZX9lnUKhHl1OW/ +ux7RyNdfRAWbu4k6radDd34VYHyIXZvspVzSRq0Mi1RF1JRRVUVSqlzYEaz4ViJs +2dIU6bdOQoVURvgBxj0mBnfosjUb8J1CyX/+gCcBUMt/xaxU+mttloxBpKHS57WR +SG93HIvCK3T+PFzEXZTOq/EglmvBDFpf+eU1uWyjEGfvkapIDu9It3ZYYtm+nkKz +pL01AgMBAAGjQjBAMB0GA1UdDgQWBBTMc8Wjaikxl6eNoNhUwQp1tiM/pjAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEA +LvKHSO2Znp8BDDzJCnhTfBg13rblbPQAgOGbi9n6+6r7ZbfSyfXXp8t+ybGicVht +WTfW4DMQyrXZcttOJTeqpt0dGL31yYqceojuHwLELZJUfVfiXBkYIwJ6XEmVtpjn +wmBBZUC77Fq3cZxQ8nN2+18N7zXPtGmNhehMkBcDC8mzLiA3YxFipk/jNOD7eVXn +xsKuQv6wNGxJIw5yB3tmBVVI+xIPoMD6TtH7Pcz+/RZLVlDNESynm/exCs+m6+/d +jriuQgh8pIyU6obHQ+P3PIrfR9IwQMgtU/VvEUnMIYyWQ08QoEehVo0fHFvYVlvr +NHbhNTpx1MwhL541KPJa3p7k7kdqEOg4vUq0fQR/Ba5ICrQDvy6zChufy63dTdCH +IbdHdoKDLcdXvpoVoxswGGyjOnFvZEcoktsRYSCad2Ut+axWE2xLo1//m6To7+dY +6HueO39qp745ChOUyUhOZmTYU0zsQWv9/DYu1w7fYQt7tUCs3UJJbZ6Av2CV8OnA +P3u7GOk4tVZOp36KYu+YHvh4QKm72OnltLT542ec7FPPuEK0L5OBNaBs9rogimg9 +923/f9NM93qUaAN3Qzs1UapTEj5HExQ5rNZlj6hG/zwh9NK/0EikfqdRm5cS9Zk0 +FyNWhBNjyzTKH8q6qAcp80MkCkl//Q7UkPCrQyFinI8wPjAKBggrBgEFBQcDAwww +VHVuaXNpYW4gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBUdW5Sb290Q0Ey +-----END TRUSTED CERTIFICATE----- + +# TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRS +MRgwFgYDVQQHDA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJp +bGltc2VsIHZlIFRla25vbG9qaWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSw +VEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ryb25payB2ZSBLcmlwdG9sb2ppIEFy +YcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNVBAsMGkthbXUgU2Vy +dGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUgS8O2 +ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAe +Fw0wNzA4MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIx +GDAWBgNVBAcMD0dlYnplIC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmls +aW1zZWwgdmUgVGVrbm9sb2ppayBBcmHFn3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBU +QUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZlIEtyaXB0b2xvamkgQXJh +xZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2FtdSBTZXJ0 +aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7Zr +IFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4h +gb46ezzb8R1Sf1n68yJMlaCQvEhOEav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yK +O7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1xnnRFDDtG1hba+818qEhTsXO +fJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR6Oqeyjh1jmKw +lZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL +hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQID +AQABo0IwQDAdBgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmP +NOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4N5EY3ATIZJkrGG2AA1nJrvhY0D7t +wyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLTy9LQQfMmNkqblWwM +7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYhLBOh +gLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5n +oN+J1q2MdqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUs +yZyQ2uypQjyttgIwTzAKBggrBgEFBQcDAwxBVMOcQsSwVEFLIFVFS0FFIEvDtmsg +U2VydGlmaWthIEhpem1ldCBTYcSfbGF5xLFjxLFzxLEgLSBTw7xyw7xtIDM= +-----END TRUSTED CERTIFICATE----- + +# UCA Extended Validation Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBH +MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBF +eHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMx +MDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNV +BAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrsiWog +D4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvS +sPGP2KxFRv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aop +O2z6+I9tTcg1367r3CTueUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dk +sHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR59mzLC52LqGj3n5qiAno8geK+LLNEOfi +c0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH0mK1lTnj8/FtDw5lhIpj +VMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KRel7sFsLz +KuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/ +TuDvB0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41G +sx2VYVdWf6/wFlthWG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs +1+lvK9JKBZP8nm9rZ/+I8U6laUpSNwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQD +fwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS3H5aBZ8eNJr34RQwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBADaN +l8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR +ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQ +VBcZEhrxH9cMaVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5 +c6sq1WnIeJEmMX3ixzDx/BR4dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp +4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb+7lsq+KePRXBOy5nAliRn+/4Qh8s +t2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOWF3sGPjLtx7dCvHaj +2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwiGpWO +vpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2C +xR9GUeOcGMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmx +cmtpzyKEC2IPrNkZAJSidjzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbM +fjKaiJUINlK73nZfdklJrX+9ZSCyycErdhh2n1axMDQwFAYIKwYBBQUHAwEGCCsG +AQUFBwMDDBxVQ0EgRXh0ZW5kZWQgVmFsaWRhdGlvbiBSb290 +-----END TRUSTED CERTIFICATE----- + +# UCA Global G2 Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9 +MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBH +bG9iYWwgRzIgUm9vdDAeFw0xNjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0x +CzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEbMBkGA1UEAwwSVUNBIEds +b2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxeYr +b3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmToni9 +kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzm +VHqUwCoV8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/R +VogvGjqNO7uCEeBHANBSh6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDc +C/Vkw85DvG1xudLeJ1uK6NjGruFZfc8oLTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIj +tm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/R+zvWr9LesGtOxdQXGLY +D0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBeKW4bHAyv +j5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6Dl +NaBa4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6 +iIis7nCs+dwp4wwcOxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznP +O6Q0ibd5Ei9Hxeepl2n8pndntd978XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIHEjMz15DD/pQwIX4wV +ZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo5sOASD0Ee/oj +L3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5 +1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl +1qnN3e92mI0ADs0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oU +b3n09tDh05S60FdRvScFDcH9yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LV +PtateJLbXDzz2K36uGt/xDYotgIVilQsnLAXc47QN6MUPJiVAAwpBVueSUmxX8fj +y88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHojhJi6IjMtX9Gl8Cb +EGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZkbxqg +DMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI ++Vg7RE+xygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGy +YiGqhkCyLmTTX8jjfhFnRR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bX +UB+K+wb1whnw0DA0MB4GCCsGAQUFBwMEBggrBgEFBQcDAQYIKwYBBQUHAwMMElVD +QSBHbG9iYWwgRzIgUm9vdA== +-----END TRUSTED CERTIFICATE----- + +# UCA Global Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIFkjCCA3qgAwIBAgIBCDANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJDTjER +MA8GA1UEChMIVW5pVHJ1c3QxGDAWBgNVBAMTD1VDQSBHbG9iYWwgUm9vdDAeFw0w +ODAxMDEwMDAwMDBaFw0zNzEyMzEwMDAwMDBaMDoxCzAJBgNVBAYTAkNOMREwDwYD +VQQKEwhVbmlUcnVzdDEYMBYGA1UEAxMPVUNBIEdsb2JhbCBSb290MIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2rPlBlA/9nP3xDK/RqUlYjOHsGj+p9+I +A2N9Apb964fJ7uIIu527u+RBj8cwiQ9tJMAEbBSUgU2gDXRm8/CFr/hkGd656YGT +0CiFmUdCSiw8OCdKzP/5bBnXtfPvm65bNAbXj6ITBpyKhELVs6OQaG2BkO5NhOxM +cE4t3iQ5zhkAQ5N4+QiGHUPR9HK8BcBn+sBR0smFBySuOR56zUHSNqth6iur8CBV +mTxtLRwuLnWW2HKX4AzKaXPudSsVCeCObbvaE/9GqOgADKwHLx25urnRoPeZnnRc +GQVmMc8+KlL+b5/zub35wYH1N9ouTIElXfbZlJrTNYsgKDdfUet9Ysepk9H50DTL +qScmLCiQkjtVY7cXDlRzq6987DqrcDOsIfsiJrOGrCOp139tywgg8q9A9f9ER3Hd +J90TKKHqdjn5EKCgTUCkJ7JZFStsLSS3JGN490MYeg9NEePorIdCjedYcaSrbqLA +l3y74xNLytu7awj5abQEctXDRrl36v+6++nwOgw19o8PrgaEFt2UVdTvyie3AzzF +HCYq9TyopZWbhvGKiWf4xwxmse1Bv4KmAGg6IjTuHuvlb4l0T2qqaqhXZ1LUIGHB +zlPL/SR/XybfoQhplqCe/klD4tPq2sTxiDEhbhzhzfN1DiBEFsx9c3Q1RSw7gdQg +7LYJjD5IskkCAwEAAaOBojCBnzALBgNVHQ8EBAMCAQYwDAYDVR0TBAUwAwEB/zBj +BgNVHSUEXDBaBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcD +BAYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsGAQUF +BwMJMB0GA1UdDgQWBBTZw9P4gJJnzF3SOqLXcaK0xDiALTANBgkqhkiG9w0BAQUF +AAOCAgEA0Ih5ygiq9ws0oE4Jwul+NUiJcIQjL1HDKy9e21NrW3UIKlS6Mg7VxnGF +sZdJgPaE0PC6t3GUyHlrpsVE6EKirSUtVy/m1jEp+hmJVCl+t35HNmktbjK81HXa +QnO4TuWDQHOyXd/URHOmYgvbqm4FjMh/Rk85hZCdvBtUKayl1/7lWFZXbSyZoUkh +1WHGjGHhdSTBAd0tGzbDLxLMC9Z4i3WA6UG5iLHKPKkWxk4V43I29tSgQYWvimVw +TbVEEFDs7d9t5tnGwBLxSzovc+k8qe4bqi81pZufTcU0hF8mFGmzI7GJchT46U1R +IgP/SobEHOh7eQrbRyWBfvw0hKxZuFhD5D1DCVR0wtD92e9uWfdyYJl2b/Unp7uD +pEqB7CmB9HdL4UISVdSGKhK28FWbAS7d9qjjGcPORy/AeGEYWsdl/J1GW1fcfA67 +loMQfFUYCQSu0feLKj6g5lDWMDbX54s4U+xJRODPpN/xU3uLWrb2EZBL1nXz/gLz +Ka/wI3J9FO2pXd96gZ6bkiL8HvgBRUGXx2sBYb4zaPKgZYRmvOAqpGjTcezHCN6j +w8k2SjTxF+KAryAhk5Qe5hXTVGLxtTgv48y5ZwSpuuXu+RBuyy5+E6+SFP7zJ3N7 +OPxzbbm5iPZujAv1/P8JDrMtXnt145Ik4ubhWD5LKAN1axibRwwwHTAKBggrBgEF +BQcDAwwPVUNBIEdsb2JhbCBSb290 +-----END TRUSTED CERTIFICATE----- + +# UCA Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIDhDCCAmygAwIBAgIBCTANBgkqhkiG9w0BAQUFADAzMQswCQYDVQQGEwJDTjER +MA8GA1UEChMIVW5pVHJ1c3QxETAPBgNVBAMTCFVDQSBSb290MB4XDTA0MDEwMTAw +MDAwMFoXDTI5MTIzMTAwMDAwMFowMzELMAkGA1UEBhMCQ04xETAPBgNVBAoTCFVu +aVRydXN0MREwDwYDVQQDEwhVQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALNdB8qGJn1r4vs4CQ7MgsJqGgCiFV/W6dQBt1YDAVmP9ThpJHbC +XivF9iu/r/tB/Q9a/KvXg3BNMJjRnrJ2u5LWu+kQKGkoNkTo8SzXWHwk1n8COvCB +a2FgP/Qz3m3l6ihST/ypHWN8C7rqrsRoRuTej8GnsrZYWm0dLNmMOreIy4XU9+gD +Xv2yTVDo1h//rgI/i0+WITyb1yXJHT/7mLFZ5PCpO6+zzYUs4mBGzG+OoOvwNMXx +QhhgrhLtRnUc5dipllq+3lrWeGeWW5N3UPJuG96WUUqm1ktDdSFmjXfsAoR2XEQQ +th1hbOSjIH23jboPkXXHjd+8AmCoKai9PUMCAwEAAaOBojCBnzALBgNVHQ8EBAMC +AQYwDAYDVR0TBAUwAwEB/zBjBgNVHSUEXDBaBggrBgEFBQcDAQYIKwYBBQUHAwIG +CCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcD +BwYIKwYBBQUHAwgGCCsGAQUFBwMJMB0GA1UdDgQWBBTbHzXza0z/QjFkm827Wh4d +SBC37jANBgkqhkiG9w0BAQUFAAOCAQEAOGy3iPGt+lg3dNHocN6cJ1nL5BXXoMNg +14iABMUwTD3UGusGXllH5rxmy+AI/Og17GJ9ysDawXiv5UZv+4mCI4/211NmVaDe +JRI7cTYWVRJ2+z34VFsxugAG+H1V5ad2g6pcSpemKijfvcZsCyOVjjN/Hl5AHxNU +LJzltQ7dFyiuawHTUin1Ih+QOfTcYmjwPIZH7LgFRbu3DJaUxmfLI3HQjnQi1kHr +A6i26r7EARK1s11AdgYg1GS4KUYGis4fk5oQ7vuqWrTcL9Ury/bXBYSYBZELhPc9 ++tb5evosFeo2gkO3t7jj83EB7UNDogVFwygFBzXjAaU4HoDU18PZ3jAWMAoGCCsG +AQUFBwMDDAhVQ0EgUm9vdA== +-----END TRUSTED CERTIFICATE----- + +# USERTrust ECC Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl +eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT +JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg +VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo +I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng +o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G +A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB +zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW +RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1XahgwRzAeBggrBgEFBQcD +BAYIKwYBBQUHAwEGCCsGAQUFBwMDDCVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRp +b24gQXV0aG9yaXR5 +-----END TRUSTED CERTIFICATE----- + +# USERTrust RSA Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw +MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B +3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY +tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ +Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 +VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT +79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 +c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT +Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l +c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee +UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE +Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF +Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO +VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 +ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs +8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR +iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze +Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ +XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ +qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB +VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB +L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG +jjxDah2nGN59PRbxYvnKkKj9MEcwHgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEF +BQcDAwwlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ== +-----END TRUSTED CERTIFICATE----- + +# UTN-USERFirst-Object +-----BEGIN TRUSTED CERTIFICATE----- +MIIEZjCCA06gAwIBAgIQRL4Mi1AAJLQR0zYt4LNfGzANBgkqhkiG9w0BAQUFADCB +lTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho +dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3Qt +T2JqZWN0MB4XDTk5MDcwOTE4MzEyMFoXDTE5MDcwOTE4NDAzNlowgZUxCzAJBgNV +BAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAc +BgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3 +dy51c2VydHJ1c3QuY29tMR0wGwYDVQQDExRVVE4tVVNFUkZpcnN0LU9iamVjdDCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6qgT+jo2F4qjEAVZURnicP +HxzfOpuCaDDASmEd8S8O+r5596Uj71VRloTN2+O5bj4x2AogZ8f02b+U60cEPgLO +KqJdhwQJ9jCdGIqXsqoc/EHSoTbL+z2RuufZcDX65OeQw5ujm9M89RKZd7G3CeBo +5hy485RjiGpq/gt2yb70IuRnuasaXnfBhQfdDWy/7gbHd2pBnqcP1/vulBe3/IW+ +pKvEHDHd17bR5PDv3xaPslKT16HUiaEHLr/hARJCHhrh2JU022R5KP+6LhHC5ehb +kkj7RwvCbNqtMoNB86XlQXD9ZZBt+vpRxPm9lisZBCzTbafc8H9vg2XiaquHhnUC +AwEAAaOBrzCBrDALBgNVHQ8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQU2u1kdBScFDyr3ZmpvVsoTYs8ydgwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDov +L2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtT2JqZWN0LmNybDApBgNV +HSUEIjAgBggrBgEFBQcDAwYIKwYBBQUHAwgGCisGAQQBgjcKAwQwDQYJKoZIhvcN +AQEFBQADggEBAAgfUrE3RHjb/c652pWWmKpVZIC1WkDdIaXFwfNfLEzIR1pp6ujw +NTX00CXzyKakh0q9G7FzCL3Uw8q2NbtZhncxzaeAFK4T7/yxSPlrJSUtUbYsbUXB +mMiKVl0+7kNOPmsnjtA6S4ULX9Ptaqd1y9Fahy85dRNacrACgZ++8A+EVCBibGnU +4U3GDZlDAQ0Slox4nb9QorFEqmrPF3rPbw/U+CRVX/A0FklmPlBGyWNxODFiuGK5 +81OtbLUrohKqGU8J2l7nk8aOFAj+8DCAGKCGhU3IfdeLA/5u1fedFqySLKAj5ZyR +Uh+U3xeUc8OzwcFxBSAAeL0TUh2oPs0AH8gwIjAKBggrBgEFBQcDAwwUVVROLVVT +RVJGaXJzdC1PYmplY3Q= +-----END TRUSTED CERTIFICATE----- + +# VAS Latvijas Pasts SSI(RCA) +-----BEGIN TRUSTED CERTIFICATE----- +MIIHqTCCBZGgAwIBAgIQYwaGp8U3ZaVDkKhqWMzUMjANBgkqhkiG9w0BAQUFADCB +jzELMAkGA1UEBhMCTFYxNTAzBgNVBAoTLFZBUyBMYXR2aWphcyBQYXN0cyAtIFZp +ZW4ucmVnLk5yLjQwMDAzMDUyNzkwMSMwIQYDVQQLExpTZXJ0aWZpa2FjaWphcyBw +YWthbHBvanVtaTEkMCIGA1UEAxMbVkFTIExhdHZpamFzIFBhc3RzIFNTSShSQ0Ep +MB4XDTA2MDkxMzA5MjIxMFoXDTI0MDkxMzA5Mjc1N1owgY8xCzAJBgNVBAYTAkxW +MTUwMwYDVQQKEyxWQVMgTGF0dmlqYXMgUGFzdHMgLSBWaWVuLnJlZy5Oci40MDAw +MzA1Mjc5MDEjMCEGA1UECxMaU2VydGlmaWthY2lqYXMgcGFrYWxwb2p1bWkxJDAi +BgNVBAMTG1ZBUyBMYXR2aWphcyBQYXN0cyBTU0koUkNBKTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAJu4+f1hVS9PpKUUtS6OuSSPrPuxVD9A/0/F5YZo +e1OT+zWCNahQLpRSoNuDPnXaFXCsCc/ugkmtNkm5tHGLtAChQgbKCApjl7YI/O60 +3Jh4GYLJ+H9kPqrJ/rGN67Bk9bzzxD46kOpOjj8bGbxqg8ORPGxV+wpSwOjhXXeF +M8VJ3+xqv79sN/6OSaIVGM6LjmseOKMwb4iBfnJWRBrEejkP9sSPltSy6wBOXN67 +5zu35iQFk2tN5pFEv+6YG8eFGxFBeyI2p74+6Ho33BjekJ2PzbLXmj/iF39bDOHv +P2Y9biTksM7DDIhslNo4JXxSOeNzFLMARWOaDEJAXgTG93JkzsluM7Pk020klTeT +fvIAXRmLH/NDc6ifRdIGqey0Qrv67gzHTz9RH9Gv0KwYf4eBIv6p3QeWbXz4TtlN +OlBp1UF+xdp02I5z5X6D4cMZgbe9v0COvi6aogyqTgIuuyrhCF0xA8msJ7Cv3NXI +FH1AnVWJIfmQzNTJYEFzq+jN2DpVOQqCmf6b9fU8HJHLwPpGVK4h/CqsXHveepdx +/WxrzUiapNuBfBg3L5B9YZS9F8lctlQWd8oJSqrpvE+UdQFaVryS0o+515feVnQB +9xZxSbH1GEaZQe5i4bMsZXVpKXJDA/ibH/o49J7sQBCOrJfVsDO+nxjcLfdBeFRK +YkTnAgMBAAGjggH9MIIB+TAOBgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAK +MAgGBgQAjkYBATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTMw/Vm/3OsOFqW +GyGJuIFMH8teJTAQBgkrBgEEAYI3FQEEAwIBADCCAYkGA1UdIASCAYAwggF8MIIB +eAYLKwYBBAGBxFkBAQIwggFnMIIBOAYIKwYBBQUHAgIwggEqHoIBJgBTAGkAcwAg +AGkAcgAgAHMAZQByAHQAaQBmAGkAawBhAHQAcwAsACAAawBvACAAaQB6AGQAZQB2 +AGkAcwAgAFYAQQBTACAATABhAHQAdgBpAGoAYQBzACAAUABhAHMAdABzACwAIABu +AG8AZAByAG8AcwBpAG4AbwB0ACAAYQB0AGIAaQBsAHMAdABpAGIAdQAgAEUAbABl +AGsAdAByAG8AbgBpAHMAawBvACAAZABvAGsAdQBtAGUAbgB0AHUAIABsAGkAawB1 +AG0AYQBtACAAdQBuACAARQBpAHIAbwBwAGEAcwAgAFAAYQByAGwAYQBtAGUAbgB0 +AGEAIABkAGkAcgBlAGsAdABpAHYAYQBpACAAMQA5ADkAOQAvADkAMwAvAEUASzAp +BggrBgEFBQcCARYdaHR0cDovL3d3dy5lLW1lLmx2L3JlcG9zaXRvcnkwDQYJKoZI +hvcNAQEFBQADggIBAB8oSjWQIWNoCi94r6MegiaXoz8nGdJLo0J6BhNlW8EEy+t9 +fO+U8vGJ9bffUgIhadLqljTloM+XuJxVDhCFoxReLAX4tTp28/l6uN62DCdp8suU +kQsdudWOb5kvzfIZVjk6SFbwAf+Cdbay/dHU9fJjV0xNoX7MELoEae/0FPyzlx9F +7m9KKH/Rxie8x6Opa3vtghNvq94P+3HrXBEaqSzQMJ/8NjdW75XpurcTtq6fAmGt +nuxrBG82nw+Z98LJyEwouSjUIdeeVNXAzvSO5FWUe48kxjj8q3qkVnc9qEXvZJKk +0Ep+u3OL9A1Sc7g6SF5DgNOpcHdi/8coHHMeQ+YnJFtJueY2pI79xS0veqV5EnrX +IbIlbcgPosNhS+VI4le6n/KKId3bZPDaGd/OwJuAOcJ3d2MVU3KE+qSPBzeGIX1Q ++j1qN9uRDjez/c4Lynth0Jx0nH04aG3pex3W8Sq07ztgUncF5gLCX4xbvPB9t3PH +kWuyKrNjozTVq60lcUf/Gj56to2VdsPups0DCWzuRWeYz5lIdsHOinSaaFIBNCLI +7eIUC4S9bhCMsXKbvugI11fVf+q0AT1O5OLoZ+eMfunnQhHvlUbIkda+JxeAGTSY +58bfHvwhX56GPbx+8Jy9cp70R4JbcWfz+txUTKhc2FnH0AcOEzMnvPRp8GshMCkw +CgYIKwYBBQUHAwMMG1ZBUyBMYXR2aWphcyBQYXN0cyBTU0koUkNBKQ== +-----END TRUSTED CERTIFICATE----- + +# VI Registru Centras RCSC (RootCA) +-----BEGIN TRUSTED CERTIFICATE----- +MIIGijCCBHKgAwIBAgIQA6OkV7Xw84ZKEWPomP8WnDANBgkqhkiG9w0BAQUFADCB +mDELMAkGA1UEBhMCTFQxLTArBgNVBAoTJFZJIFJlZ2lzdHJ1IENlbnRyYXMgLSBJ +LmsuIDEyNDExMDI0NjEuMCwGA1UECxMlUmVnaXN0cnUgQ2VudHJvIFNlcnRpZmlr +YXZpbW8gQ2VudHJhczEqMCgGA1UEAxMhVkkgUmVnaXN0cnUgQ2VudHJhcyBSQ1ND +IChSb290Q0EpMB4XDTA4MDcyMTExNDc0NloXDTI0MDcyMTExNDc0NlowgZgxCzAJ +BgNVBAYTAkxUMS0wKwYDVQQKEyRWSSBSZWdpc3RydSBDZW50cmFzIC0gSS5rLiAx +MjQxMTAyNDYxLjAsBgNVBAsTJVJlZ2lzdHJ1IENlbnRybyBTZXJ0aWZpa2F2aW1v +IENlbnRyYXMxKjAoBgNVBAMTIVZJIFJlZ2lzdHJ1IENlbnRyYXMgUkNTQyAoUm9v +dENBKTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMiZ8iLHs4cVLqfL +TUarZ5fPD3N3A/dkfHZIMiD0o9hZnRSpH6AekQ4NrfX+Z5KREyAhTQpVbnH6rBfL +AP0OUAIz26nYvWEa/eAQV7FVeWAZtFR5nvuAMOLIQslSAgjYrC/DcUFUAvWBihLj +aQKlh6FwfQW+pWK/BbAIlkdvf5OKreCs00LeveaPFOVzKKADm0H65T73OXQuZPSf +S8D1eJlUa+UVIPzpMnJAq2V1vDxGNNL4EGHHDHjHfMARUdEFNvv4nP8tuOVxLUnw +V0izk46c+zrJS20x11LVVumELpHUAh2ygAWBxYDKKcE0Z7mvBDBD9q9CR978AS7o +Qpy+sgsU5DTc3a1ThHrYA1bRwgzUlyn4TPK1HN+dg65fWiVLorAo5b9aC9CcqJxw +Km0OLuEnv60LbxHT+EYt9JdES8qwyOY2byK6juRSlRbsRGrUUB6YKPlopLrenjDt +oslSock1ikDhjZub/fFGi6THT3BgUY3ykqnOuowvSVISZ9D1qwQlQHQD4titoXRY +Ybe1DvN/JSwRY6/xEsP0pHOaZKzupgaP8rycrCipXBXTM63QNsghcGu8Kh/Vq7gB +WHb8OxFN+/IcSCQR/U2PGSmua+htXrKhDXjO0mODdLTNKUy/m3CITxINRee+D2XE +1jgk5EoVi9Fq6rs2oaGQpVPIpdZlAgMBAAGjgc0wgcowDgYDVR0PAQH/BAQDAgEG +MC8GCCsGAQUFBwEDBCMwITAIBgYEAI5GAQEwCwYGBACORgEDAgEKMAgGBgQAjkYB +BDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS8cz4vnJEMu4/Nd5k+zIXkzFho +ETAQBgkrBgEEAYI3FQEEAwIBADBFBgNVHSAEPjA8MDoGCysGAQQBgfE3AQEBMCsw +KQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucmNzYy5sdC9yZXBvc2l0b3J5MA0GCSqG +SIb3DQEBBQUAA4ICAQAZeCxRE1+8mU5cpwH83rb+qR2GMRF7epmKs4iSpWDSBGM5 +vK+O2PErRXIyKTwt4tnYPXT6RzWH3BAANkE97ap+sszEGukxtPWR0YRK5/Xcz0Zn +ApmvuHf6fu0hb5YjFHE/0Fi+qttDLDegHQZpNPBPj3Xus9IBu+wc6Y+pie/41BtB +Apm+8F+6jizCIXDeUYHY97y4wzODw5fKCXPE6XfIcvRcrQ8Niurt0goBzutXnRXw +KRXvWZyvrJKCcAyY2CKdL5g1qdGKibzVnVXCLp4HJUb2kk1Q+j2J8t+Tv5OU0Nmv +V6PzZuaO8eigGxgGk1osiQ02xPogs9wo9WrujzGbWTjYTmqgIyHkhqvl+2Cj0c1a +LEJJpg5VJCU1/dI6r2tYppFGX2nLvX4mm94IvR7snqb4nHWkQDaVSyJPxrZ9clG8 +48Jozc3li77Awk+bbmXOFrcIiMeH3v8yjMvrQkGs+9fPAUP4b8DWC/D3kunLRV1k +sffKPLuJCJbJ2g7hcSoP7KRCLeNqD0dHsFOm1oVQlzDXjC5fRiLQrM48XpwecoP9 +DKf4FzK7Yd7jTy8YjoK1hxt0BTBKv2oeSDxUKLFdnZJfmxDjLiKKr902ZH8TdkeD +NZUalI/1xFNtOb3Vi/XKzxhDBQGTpDbeMNIU87BktcrOlfe6dOyKcz5S015TADAv +MAoGCCsGAQUFBwMDDCFWSSBSZWdpc3RydSBDZW50cmFzIFJDU0MgKFJvb3RDQSk= +-----END TRUSTED CERTIFICATE----- + +# VeriSign Class 3 Public Primary Certification Authority - G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b +N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t +KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu +kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm +CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ +Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu +imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te +2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe +DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC +/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p +F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt +TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dETBK +MAoGCCsGAQUFBwMDDDxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzM= +-----END TRUSTED CERTIFICATE----- + +# VeriSign Class 3 Public Primary Certification Authority - G4 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp +U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg +SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln +biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm +GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve +fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ +aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj +aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW +kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC +4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga +FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEDBKMAoGCCsG +AQUFBwMDDDxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5IC0gRzQ= +-----END TRUSTED CERTIFICATE----- + +# VeriSign Class 3 Public Primary Certification Authority - G5 +-----BEGIN TRUSTED CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 +nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex +t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz +SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG +BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ +rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ +NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH +BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv +MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE +p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y +5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK +WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ +4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N +hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNqMEowCgYIKwYB +BQUHAwMMPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkgLSBHNQ== +-----END TRUSTED CERTIFICATE----- + +# VeriSign Universal Root Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB +vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W +ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX +MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 +IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y +IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh +bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF +9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH +H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H +LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN +/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT +rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw +WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs +exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud +DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 +sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ +seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz +4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ +BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR +lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 +7M2CYfE45k+XmCpajTA9MAoGCCsGAQUFBwMDDC9WZXJpU2lnbiBVbml2ZXJzYWwg +Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ== +-----END TRUSTED CERTIFICATE----- + +# VeriSign, Inc. +-----BEGIN TRUSTED CERTIFICATE----- +MIICQDCCAakCEAPHjzfbkijfPLsarYL6ZxAwDQYJKoZIhvcNAQECBQAwYTERMA8G +A1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTMwMQYDVQQL +EypWZXJpU2lnbiBDb21tZXJjaWFsIFNvZnR3YXJlIFB1Ymxpc2hlcnMgQ0EwHhcN +OTYwNDA5MDAwMDAwWhcNMDQwMTA3MjM1OTU5WjBhMREwDwYDVQQHEwhJbnRlcm5l +dDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIENv +bW1lcmNpYWwgU29mdHdhcmUgUHVibGlzaGVycyBDQTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAw9NpZVIBlFSrKMZiGLNUVcVEh0VKO8J+2NPXyICGjdgM8Rac +zGupKbKPdnOSyMVipjztHgV18BMAbBRN1JiQB75pc4G4Yk4xHtH8yQzrfZC/rrRH +UexvzmQ1AtZ9ZwV34o/ZUdf7lxm8Ptd3gcZD3fLd38qjg4vLQcE9IkhIphkCAwEA +ATANBgkqhkiG9w0BAQIFAAOBgQC1vLB1aomihr1keMOnMnVyEaomAhdgMEzjSDQZ +uVJKURiA/lMte9UxjMVlmUFBL/KuY3roc5kVkBofeotB0I460M04NETQdfjqccSB +GTgXNUquxT4y5iG4BcCT4cc4XNj3kzhkkO1UzsrT09Bf7wSb3gKC3YgpscNPpc1x +ZDE8PDAcMAoGCCsGAQUFBwMDDA5WZXJpU2lnbiwgSW5jLg== +-----END TRUSTED CERTIFICATE----- + +# Verisign Class 1 Public Primary Certification Authority - G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4 +nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO +8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV +ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb +PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2 +6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr +n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a +qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4 +wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3 +ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs +pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4 +E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7jBK +MAoGCCsGAQUFBwMEDDxWZXJpc2lnbiBDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzM= +-----END TRUSTED CERTIFICATE----- + +# Verisign Class 2 Public Primary Certification Authority - G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy +aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s +IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp +Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV +BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp +Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu +Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g +Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt +IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU +J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO +JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY +wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o +koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN +qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E +Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe +xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u +7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU +sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI +sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP +cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98qMFQw +FAYIKwYBBQUHAwQGCCsGAQUFBwMDDDxWZXJpc2lnbiBDbGFzcyAyIFB1YmxpYyBQ +cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzM= +-----END TRUSTED CERTIFICATE----- + +# Verizon Global Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDdTCCAl2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJVUzEZ +MBcGA1UECgwQVmVyaXpvbiBCdXNpbmVzczERMA8GA1UECwwIT21uaVJvb3QxHzAd +BgNVBAMMFlZlcml6b24gR2xvYmFsIFJvb3QgQ0EwHhcNMDkwNzMwMTQyNzA0WhcN +MzQwNzMwMTQyNzA0WjBcMQswCQYDVQQGEwJVUzEZMBcGA1UECgwQVmVyaXpvbiBC +dXNpbmVzczERMA8GA1UECwwIT21uaVJvb3QxHzAdBgNVBAMMFlZlcml6b24gR2xv +YmFsIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKAAxw +Hb/rNIbDmUU1Hn9D96tvJC3NGcIQu7DKKVupIKurcizE4gI5bYK4xRHq+PuznmL4 +Mx6wH8nj9jfbBMg7Y0824oWkJR3HaR8EvWhFE5YHH5RQ9T7FJ1SewElXRI4HY9Sm +ru0imcxNlmkEE252iZ90FpT5HVS9ornSgwEiDE1EgKr+NYknJaeGicbVGpLjj8WV +oBRymuhWxQJVHJf5IC7Q9TwTGVr24fkLA4Jpp4y31m+cVj6d6CoJYG1L5vuLmRT3 +NE9lWYCNuVfIojUh2IhxVl3uglctJpAYn5qcnI/v1MVjp1R9R5GHfRoSqBsYb6lv +sSe65AR0zjcef2bFAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgEGMB0GA1UdDgQWBBRMOBG4mABbWitwPqp45NVnZ2enfjANBgkqhkiG9w0B +AQsFAAOCAQEAAV+gsQYB9HnXZRhgPs95oLrCI08j34eWX4EOOBUuXMgCaCkg/Ivu +pYoYgWRcmDV+OTCCpIKKULW6w+ha1qie4sMX29vE67AKIA3pnuP/YFRH8Tud1Cg8 +oq6j+6qLgiIqNYeQuBxZR5DVnS76SeNlqDbrx+QcaNyzMWyrTs4kgBXIEFkQEXJN +epyYnMT8YeCzsp1OoMbCWasY1qJVRewpqiU31k5KPQtAweST5PzNkQv45qvMs3bE +Yr8Z7Ya2ecMpVFS8mX1GV8+mz/RUKpoDZUcBoUIqyyVHbnxeAEuR2fkbEAZw+UIV +pl+q10Ae/clInZeB6lxowqDniaFTTb/H4zAkMAoGCCsGAQUFBwMDDBZWZXJpem9u +IEdsb2JhbCBSb290IENB +-----END TRUSTED CERTIFICATE----- + +# XRamp Global CA Root +-----BEGIN TRUSTED CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB +gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk +MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY +UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx +NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 +dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy +dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 +38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP +KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q +DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 +qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa +JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi +PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P +BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs +jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 +eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD +ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR +vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa +IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy +i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ +O+7ETPTsJ3xCwnR8gooJybQDJbwwNjAeBggrBgEFBQcDBAYIKwYBBQUHAwEGCCsG +AQUFBwMDDBRYUmFtcCBHbG9iYWwgQ0EgUm9vdA== +-----END TRUSTED CERTIFICATE----- + +# certSIGN ROOT CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT +AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD +QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP +MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do +0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ +UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d +RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ +OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv +JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C +AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O +BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ +LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY +MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ +44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I +Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw +i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN +9u6wWk5JRFRYX0KDMDIwHgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEFBQcDAwwQ +Y2VydFNJR04gUk9PVCBDQQ== +-----END TRUSTED CERTIFICATE----- + +# certSIGN Root CA G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +BAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04g +Uk9PVCBDQSBHMjAeFw0xNzAyMDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJ +BgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJ +R04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDF +dRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05N0Iw +vlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZ +uIt4ImfkabBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhp +n+Sc8CnTXPnGFiWeI8MgwT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKs +cpc/I1mbySKEwQdPzH/iV8oScLumZfNpdWO9lfsbl83kqK/20U6o2YpxJM02PbyW +xPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91QqhngLjYl/rNUssuHLoPj1P +rCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732jcZZroiF +DsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fx +DTvf95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgy +LcsUDFDYg2WD7rlcz8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6C +eWRgKRM+o/1Pcmqr4tTluCRVLERLiohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSCIS1mxteg4BXrzkwJ +d8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOBywaK8SJJ6ejq +kX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC +b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQl +qiCA2ClV9+BB/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0 +OJD7uNGzcgbJceaBxXntC6Z58hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+c +NywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5BiKDUyUM/FHE5r7iOZULJK2v0ZXk +ltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklWatKcsWMy5WHgUyIO +pwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tUSxfj +03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZk +PuXaTH4MNMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE +1LlSVHJ7liXMvGnjSG4N0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MX +QRBdJ3NghVdJIgcwITAKBggrBgEFBQcDAQwTY2VydFNJR04gUm9vdCBDQSBHMg== +-----END TRUSTED CERTIFICATE----- + +# e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi +-----BEGIN TRUSTED CERTIFICATE----- +MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUFADB1 +MQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxp +Z2kgQS5TLjE8MDoGA1UEAxMzZS1HdXZlbiBLb2sgRWxla3Ryb25payBTZXJ0aWZp +a2EgSGl6bWV0IFNhZ2xheWljaXNpMB4XDTA3MDEwNDExMzI0OFoXDTE3MDEwNDEx +MzI0OFowdTELMAkGA1UEBhMCVFIxKDAmBgNVBAoTH0VsZWt0cm9uaWsgQmlsZ2kg +R3V2ZW5saWdpIEEuUy4xPDA6BgNVBAMTM2UtR3V2ZW4gS29rIEVsZWt0cm9uaWsg +U2VydGlmaWthIEhpem1ldCBTYWdsYXlpY2lzaTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMMSIJ6wXgBljU5Gu4Bc6SwGl9XzcslwuedLZYDBS75+PNdU +MZTe1RK6UxYC6lhj71vY8+0qGqpxSKPcEC1fX+tcS5yWCEIlKBHMilpiAVDV6wlT +L/jDj/6z/P2douNffb7tC+Bg62nsM+3YjfsSSYMAyYuXjDtzKjKzEve5TfL0TW3H +5tYmNwjy2f1rXKPlSFxYvEK+A1qBuhw1DADT9SN+cTAIJjjcJRFHLfO6IxClv7wC +90Nex/6wN1CZew+TzuZDLMN+DfIcQ2Zgy2ExR4ejT669VmxMvLz4Bcpk9Ok0oSy1 +c+HCPujIyTQlCFzz7abHlJ+tiEMl1+E5YP6sOVkCAwEAAaNCMEAwDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ/uRLOU1fqRTy7ZVZoE +VtstxNulMA0GCSqGSIb3DQEBBQUAA4IBAQB/X7lTW2M9dTLn+sR0GstG30ZpHFLP +qk/CaOv/gKlR6D1id4k9CnU58W5dF4dvaAXBlGzZXd/aslnLpRCKysw5zZ/rTt5S +/wzw9JKp8mxTq5vSR6AfdPebmvEvFZ96ZDAYBzwqD2fK/A+JYZ1lpTzlvBNbCNvj +/+27BrtqBrF6T2XGgv0enIu1De5Iu7i9qgi0+6N8y5/NkHZchpZ4Vwpm+Vganf2X +KWDeEaaQHBkc7gGWIjQ0LpH5t8Qn0Xvmv/uARFoW5evg1Ao4vOSR49XrXMGs3xtq +fJ7lddK2l4fbzIcrQzqECK+rPNv3PGYxhrCdU3nt+CPeQuMtgvEP5fqXMEEwCgYI +KwYBBQUHAwMMM2UtR3V2ZW4gS29rIEVsZWt0cm9uaWsgU2VydGlmaWthIEhpem1l +dCBTYWdsYXlpY2lzaQ== +-----END TRUSTED CERTIFICATE----- + +# e-Szigno Root CA 2017 +-----BEGIN TRUSTED CERTIFICATE----- +MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNV +BAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRk +LjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJv +b3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZaFw00MjA4MjIxMjA3MDZaMHExCzAJ +BgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMg +THRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25v +IFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtv +xie+RJCxs1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+H +Wyx7xf58etqjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBSHERUI0arBeAyxr87GyZDvvzAEwDAfBgNVHSMEGDAWgBSHERUI0arB +eAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEAtVfd14pVCzbhhkT61Nlo +jbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxOsvxyqltZ ++efcMTA3MB4GCCsGAQUFBwMEBggrBgEFBQcDAQYIKwYBBQUHAwMMFWUtU3ppZ25v +IFJvb3QgQ0EgMjAxNw== +-----END TRUSTED CERTIFICATE----- + +# ePKI Root Certification Authority +-----BEGIN TRUSTED CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe +MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 +ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw +IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL +SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH +SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh +ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X +DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 +TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ +fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA +sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU +WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS +nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH +dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip +NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC +AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF +MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB +uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl +PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP +JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ +gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 +j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 +5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB +o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS +/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z +Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE +W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D +hNQ+IIX3Sj0rnP0qCglN6oH4EZwwQzAeBggrBgEFBQcDBAYIKwYBBQUHAwEGCCsG +AQUFBwMDDCFlUEtJIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHk= +-----END TRUSTED CERTIFICATE----- + +# ePKI Root Certification Authority - G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFkzCCA3ugAwIBAgIRANaWLsEKFZMSr49jvNREyVswDQYJKoZIhvcNAQELBQAw +YzELMAkGA1UEBhMCVFcxIzAhBgNVBAoMGkNodW5naHdhIFRlbGVjb20gQ28uLCBM +dGQuMS8wLQYDVQQDDCZlUEtJIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMjAeFw0xNTExMTcwODIzNDJaFw0zNzEyMzExNTU5NTlaMGMxCzAJBgNVBAYT +AlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEvMC0GA1UE +AwwmZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCkWR+gL9++4Pvp3LWJ/lqXA8k6d6eO +XK/y4xg59ardD0bSaA9XnKdjYNNYzjXCp/aIwk9/Gyjp0KcAxBdNbeIPxQ4mIyCr +9zoookwKC8yOzuYAmlpADdRQGpvRDZyU+dvuXNDxigfNmitALEmkXWJfp2vf7lYI +UPNCGGwxsF7lnHOSvA7SDH3FOFe8u1jbJhkC7eNDhIpOVmvbraEx2cwiZ5Z4/3ed +zGTFMiBq704w1SQl/Yh5r3Ea/tVLGxWIvBhwqr2tOApmMEbliYXVdiSpqbPmWWAP +tKlTwjqdRRrWruN3XsRiNjMvMMS/lfEtOKV16NFqky5Fh0tKot+/WCeaymIZql7U +sYBJlt0r7F+Pm+Cdl4j1hAOjr7Olcy1BuuUHt29rcff3yVqvaZmzL8hPQutsa3Fn +eN8KrE/XSoUARhrVzbif6pWdD3zRxgWF5gjeiBeB9tW1buqhHNdhquNZQomcWX6x +fGQ03WEjKjm1EKv8hqlTGsXrauKATlmRwDiJ/rNd1vuR6dewfdl4CMz1K8wr4aHW +lHPB/lH0jH0KtZqKufXa4Mmz2I+qgoONaVMt/QAEGEqg2lTheYyJ63/1gueguXdN +rvm6AjuIdut8XbNaE9t8KRZrmdEd5Eghog1eAYjovvGYTT7HFlccX+EIbxxMWENW +94BljHEOogRnTwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRy +W7qqcjjuJZAktZQi+gmIyosK+zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEL +BQADggIBAAaj8bZzVcZnZiHlnVvWlC5KImDyVAGQof21v8CVvxhfLPZrNQ78Mcjt +RA6Sl9yv3VbPtR+6cpwwyJuxkcB2d9QPGpUa6U0UiKHPawKmautkRU1kjd7862zy +UwmhhVEV0E+eYvoRuc7IJA5yZIh1NCMwKj+8PDnMzN0LNru9BoKPEgHFcQXRJKGZ +bMrk96rtitenCq2v8OCAu6GyP1qHZHCGM3sNHtcAhoNDl3X1O8FI/bYOQ6gCbrg+ +f49O4l20fZ4wNC+o8esnh2gNWgpNAdvJFFiV8ppNFqpz2/QliBc4t69ZCQm0Hy0P +q/W4J1XuRTAzuO0bjryIbK/4Wipr4KyxBSShCfyjD/OwLXuWuraUBxVFjincWA6p +Bdg7OqB7zYrHZoKXz9Yz4Gf8pttALwXlxYt6KnrwsDabDBj2N+lBof2xKPlva73r +H0xjcXtQ3Sny/+73x0Vf6DYK6GxbIsPowOcm3OOolYDluToT2wBLGv2uM0d+eJTj +sV0rtVa1QoufgcX8k0wQtboKvH434/pUbfUExXCzqQTSUdeFzX1vQ49ZaOUxVhFx ++WQpCRP+0B+8iwA4stDKNFZ2EDlWc2bD0UnZvldPPxZ9ani3qIK4W86uhYoKQgwD +0RfEGPfYV4jGgrgHuT79pOku3G+6kJLuZbBQNNMH2gGXD7znc4J7MDQwCgYIKwYB +BQUHAwMMJmVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy +-----END TRUSTED CERTIFICATE----- + +# emSign ECC Root CA - C3 +-----BEGIN TRUSTED CERTIFICATE----- +MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQG +EwJVUzETMBEGA1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMx +IDAeBgNVBAMTF2VtU2lnbiBFQ0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAw +MFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln +biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQDExdlbVNpZ24gRUND +IFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd6bci +MK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4Ojavti +sIGJAnB9SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0O +BBYEFPtaSNCAIEDyqOkAB2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB +Af8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQC02C8Cif22TGK6Q04ThHK1rt0c +3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwUZOR8loMRnLDRWmFLpg9J +0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUTA5MB4GCCsGAQUFBwMEBggr +BgEFBQcDAQYIKwYBBQUHAwMMF2VtU2lnbiBFQ0MgUm9vdCBDQSAtIEMz +-----END TRUSTED CERTIFICATE----- + +# emSign ECC Root CA - G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQG +EwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNo +bm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g +RzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBrMQswCQYDVQQGEwJJ +TjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9s +b2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMw +djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0 +WXTsuwYc58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xyS +fvalY8L1X44uT6EYGQIrMgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuB +zhccLikenEhjQjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggq +hkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+DCBeQyh+KTOgNG3qxrdWB +CUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7jHvrZQnD ++JbNR6iC8hZVdyR+EhCVBCyjMDkwHgYIKwYBBQUHAwQGCCsGAQUFBwMBBggrBgEF +BQcDAwwXZW1TaWduIEVDQyBSb290IENBIC0gRzM= +-----END TRUSTED CERTIFICATE----- + +# emSign Root CA - C1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkG +A1UEBhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEg +SW5jMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAw +MFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln +biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNpZ24gUm9v +dCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+upufGZ +BczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZ +HdPIWoU/Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH +3DspVpNqs8FqOp099cGXOFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvH +GPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4VI5b2P/AgNBbeCsbEBEV5f6f9vtKppa+c +xSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleoomslMuoaJuvimUnzYnu3Yy1 +aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+XJGFehiq +TbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87 +/kOXSTKZEhVb3xEp/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4 +kqNPEjE2NuLe/gDEo2APJ62gsIq1NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrG +YQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9wC68AivTxEDkigcxHpvOJpkT ++xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQBmIMMMAVSKeo +WXzhriKi4gp6D/piq1JM4fHfyr6DDUIwKzAUBggrBgEFBQcDBAYIKwYBBQUHAwEM +E2VtU2lnbiBSb290IENBIC0gQzE= +-----END TRUSTED CERTIFICATE----- + +# emSign Root CA - C2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFcjCCA1qgAwIBAgIKLwq3aw3LSq8nWDANBgkqhkiG9w0BAQwFADBWMQswCQYD +VQQGEwJVUzETMBEGA1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJ +bmMxHDAaBgNVBAMTE2VtU2lnbiBSb290IENBIC0gQzIwHhcNMTgwMjE4MTgzMDAw +WhcNNDMwMjE4MTgzMDAwWjBWMQswCQYDVQQGEwJVUzETMBEGA1UECxMKZW1TaWdu +IFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxHDAaBgNVBAMTE2VtU2lnbiBSb290 +IENBIC0gQzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCMfX1lA+Tb +mh9YInmRgOW97IVx4LUJf2DRZfs837Jrml+py64aVnYgWO4t6C78fgjfS7jX+c4T +inIzEquWcI+zi0fd4Sc8NDf7JONp27VWX0qwUYqzLDRCt+s7zpLcfx1ky0zVIJj6 +L06uPyK3kIr9+YAsrVj+39utm6e2MBQsRNstSI3fCQYAGvoQTQ8fULauTqNWaYAk +NYFe6HUHHQPp2u1Ua00odMXiD5oRFxLcDnGAcE1I/9E9mLCdkggXijYUmico7+Xw +ZeFoPhva6eIJ5p03Lt3Du5W3EcHR0cJmmY1pyeA36JaXKWRNM9IRjYMVNCcp4jhB +2tIYiZ+LVk8bwQ9/1c23txmv3u97taZlV22NF4ttS1qq3J+MOp0oGULBzpKfRx0q +GVqbPukQNGAjOLIN8KDNQNzbR1iAl2d8H+MSoicBo4Aid8TjLWcNv48oCWL53ZrF +BMTDjaIA6frG1t4IpbnHadA7qCJJe2qpJN6n2eQKAUn6UiQDHPsSqNBlcUhQ4Y/0 +Y0mU5rghm2OB9rXQS1Fb1JRCfJMNnJIm5AUB2+2RWzq5Tgz7SbSho8NsZk0UbQnF +xciqQ9uoVTAsK14Sk9oG8Q3zfsM08cdPoRb0WlIZklR6mKD7L8nH/zfGu8PIJv94 +GGB9RZ9U4A69r3ePmy8MvrzfNxHKtH6svwIDAQABo0IwQDAdBgNVHQ4EFgQUs/eK +pNYPiABZ6FEXT9V+7IYigZ0wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEMBQADggIBADQlpiWM0cv2nZ0H5jVsBq0x2q62Q0LwqATs +CFvyub7gxNCytRuoA8stmPOEu/lg8Igxj4FIjoyhIrWUVxyiLU7No4P+WjEUOwUT +xIpkEOtvGUQ9fiOlcGHtIZDNBlZq7WpktXAxeV55RPPsor26p2FNAMRFfZQh0sLX +hKgk8iulSSggqx8ezgPye63FaiYEi4c/dzRj3HOCnsZiwZZU02df5YpNFjxSwZvE +41cjGpsrpWMfQFI2s53RbeXp47lSAxYE4NzjBFMe+EwFuEveBCJBEAH5rvYu3pi2 +orsJ424TqWEQV1tCsCkQz+Yq/Okal7yHAkKDeOXcP7oN4A+TdXc2pdqxuVCnBO0R +mWz2JpGSSeJjiTk/OPwRsPNWtwG/KXL04o2ta3jiPpJuICVtWDAc9R3auBEgJl5r +ShRmBdszG0LmzsHuZPCFSYC15RBDCOBsa8bDRJ8pBFU2Wi/CVXCACEuavgoveA4F +a5bt38o0PWxsBP+MpocCdVtDMqzQhxy9IohKuXWAGresoIvKDg3xFk6rBOrjfVwJ +elwi/xAisojHPJVQv9W1zVIoHp+EQg/4MQC21NbIX2RoioB+V3hK439b/w7deU8x +2M8cl1OG0nPfbnARl5GPM7vJgi470jto4SeMg6HMAW3Egb56tQcNLwI9U8mZnNvR +gUMrkAgLMCEwCgYIKwYBBQUHAwMME2VtU2lnbiBSb290IENBIC0gQzI= +-----END TRUSTED CERTIFICATE----- + +# emSign Root CA - G1 +-----BEGIN TRUSTED CERTIFICATE----- +MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYD +VQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBU +ZWNobm9sb2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBH +MTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgxODMwMDBaMGcxCzAJBgNVBAYTAklO +MRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVkaHJhIFRlY2hub2xv +Z2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQz +f2N4aLTNLnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO +8oG0x5ZOrRkVUkr+PHB1cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aq +d7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHWDV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhM +tTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ6DqS0hdW5TUaQBw+jSzt +Od9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrHhQIDAQAB +o0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQD +AgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31x +PaOfG1vR2vjTnGs2vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjM +wiI/aTvFthUvozXGaCocV685743QNcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6d +GNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q+Mri/Tm3R7nrft8EI6/6nAYH +6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeihU80Bv2noWgby +RQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx +iN66zB+AfkowKzAUBggrBgEFBQcDBAYIKwYBBQUHAwEME2VtU2lnbiBSb290IENB +IC0gRzE= +-----END TRUSTED CERTIFICATE----- + +# emSign Root CA - G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIIFlTCCA32gAwIBAgILAIZNvw/jXtd9jtgwDQYJKoZIhvcNAQEMBQAwZzELMAkG +A1UEBhMCSU4xEzARBgNVBAsTCmVtU2lnbiBQS0kxJTAjBgNVBAoTHGVNdWRocmEg +VGVjaG5vbG9naWVzIExpbWl0ZWQxHDAaBgNVBAMTE2VtU2lnbiBSb290IENBIC0g +RzIwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBnMQswCQYDVQQGEwJJ +TjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9s +b2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMjCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMNwGIWW2kHfHK+sXTNwxF07K+IV +ySTuyFM2r1v002wUfcdT+zs5OM5QbMYFFnedXQI6gCFLsjKrcaej48Zt37OyEb3i +aPs7CsP4kAyTwzKH9aZe6gXYHrJq40/ZVMNcQVI2PcIp40B/SAN2gUZ+ZaUtIOvV +jEx26/ebNaXRIsthlkOG/caB+QRwDw1tl7338Zlv0M2oTBUy4B3e7dGP5pgXH71M +jqHPCoNo+xv9f0NTBT+hUDa8h8wUtcGQq9CDeJTpjWcD2bP2AMdVG6oVpMAUeUzo +cCyglvtFdUMjggxBbw4qhau1HXPG8Ot9hwL7ZMi8tkTzrvUIxxb8G9LF/7kKeCE7 +tGZaVzDTnXuifl3msR4ErHsQ4P7lVu2AIjIAhrAXoedDidb7pMcf7TABdrYUT1Jo +G/AiK+J9jO6GTjeADD4LMDSBZhHMuBK/PJ/g0kGBt+/C1L+/HURzQhJkMlRnM6Rv +XoCtfKopSlns5trZmTi971Wjbn88QXP61lGpBCUPwCjs7rpOYvSUJtI+lcbF+37q +kIqOXYkVT3cupDSpw+H89kFtj5GKY+Xny4LxY+3IvDIRiyd6ky1DPj713DI0yqve +EpsIr3A0PdwuyUI7CS1jg0NnGFT6Xxyr0xB+VDt83FJYW8v16k2pbaQ4kVxA3aXd +X9dZYyVR1S59KM75AgMBAAGjQjBAMB0GA1UdDgQWBBTt7E1FYRgo57MjKBEcTaUn +DV7s9DAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B +AQwFAAOCAgEACFC/ilQg8KTCVBxFJW/sazomkS0kNYbEIZg4B3obqwsJ7SX98z8Z +gfzBpz0nYClwwJjWbFN1R2zY8pCEot6/dgmA8Vbq0GxhwPM5YN/SZquNyRIxO3cU +dlAcwf+vSezdVCf9wOzvSAF3q0a5ljvbdbNJNpfScQVp7UUd5sBsZk8jXO1KQ/go +/Vf/GDPnrIFmxpAIGE3sgnO8lAv9FzUaAeuv7HWe47xN9J7+bQzF93yHuIXACPTL +pQHhg2zMv5C7BAbuDHfbj1Cu294Z832yhSfBcziWGskOvl3es2EcHytbS9c9P+0z +Mpka7zGC1FHrvLb/FoduH86TeZt0QjZ6pcplNzoaxDnDvzTJ6CC2Eny+qH/APFCu +VUv5/wjwF+HPm8Pup2ARj9cEp92+0qcerfHacNq5hMeGZdbA/dzdUR/5z5zXdxAk +nl8mcfGb0eMNSTXQmmB/i4AecNnr72uYjzlaXUGYN7Nrb6XouG0pnh0/BBtWWp0U +ShIPpWEAqs7RJBj6+1ZUYXZ4ObrCw962DxhN2p19Hxw9LtuUUcLqqTPrFXYvwO4t +ouj7KJnAkaTUfXGdEaFVtFig1EA30WzJY2X1vAQ7hVnniCjgaXAGqjsU6sklNM9n +xDx5rFCCCEtj9Kh8UHjGK2QqgP5kwgttjOApQMaCoezMfK4KD7WpOXUwITAKBggr +BgEFBQcDAwwTZW1TaWduIFJvb3QgQ0EgLSBHMg== +-----END TRUSTED CERTIFICATE----- + +# state-institutions +-----BEGIN TRUSTED CERTIFICATE----- +MIIEGTCCAwGgAwIBAgIEOzz5yTANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJz +aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMREwDwYDVQQLEwhzaWdlbi1j +YTAeFw0wMTA2MjkyMTI3NDZaFw0yMTA2MjkyMTU3NDZaMD0xCzAJBgNVBAYTAnNp +MRswGQYDVQQKExJzdGF0ZS1pbnN0aXR1dGlvbnMxETAPBgNVBAsTCHNpZ2VuLWNh +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOVlssCsZJbyiBuz7Z7k +AsZPK4jOLopRgHWvEFvyyzhmm6IObTRHlqWSEa/2NUeidyIMzhaIYqrTSW4YvC5E +2L7GnsIaGaxBjvwwBwLyxmrUWyMA70E02KRzY98ikjOEAaWN84Nc+rjUejXf7Pht +D+BM7a2cOn2G1qUIlL59ehEf/oU/VFqIY4ecpbGnTs23RHOvz4pJax/jzddJTVor +F+ZcdrO7crlvJ9KbiRWI3xBfdiEBascVMQrRnFj4KBYFbdlO2aHXByDLSyaJTZKy +p7qW6ONYjyKcAZZaxPcxTQtJteF4YeJUGAa7nlQ0fgw+6+61gB/dFoQdaDhmZ3P4 +kQIDAQABo4IBHzCCARswEQYJYIZIAYb4QgEBBAQDAgAHMF8GA1UdHwRYMFYwVKBS +oFCkTjBMMQswCQYDVQQGEwJzaTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25z +MREwDwYDVQQLEwhzaWdlbi1jYTENMAsGA1UEAxMEQ1JMMTArBgNVHRAEJDAigA8y +MDAxMDYyOTIxMjc0NlqBDzIwMjEwNjI5MjE1NzQ2WjALBgNVHQ8EBAMCAQYwHwYD +VR0jBBgwFoAUcXuKBh8xBVWrYBJ3RyAeA4gY7IkwHQYDVR0OBBYEFHF7igYfMQVV +q2ASd0cgHgOIGOyJMAwGA1UdEwQFMAMBAf8wHQYJKoZIhvZ9B0EABBAwDhsIVjUu +MDo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQAAumM08xgY7q5+jZLHNfXCE9TW +AKohMhbW0Fv6KbCN+hd3kvmltvb5hz8GDyDuYj0096kvx6k70CeITKzdyanlWliF +1xI1Pdywglty9Ltzt/v+OCGYBICyiGIPHqw6Fqnmswr2FRBFA6OX4s2sENz5AB6/ +c2xD7HciFgYvloOJe7C4U0RBCNyAHwXbGQl2h741nU4hS7STwWg6nV82/qGuMCxL +3ngkOljWFkPvnZk4iyqY/jDRwurWryXVpXYLue9AOS72698yXh19h7VEzAI50iaV +cthvhUOojw6jRs7Xzui5Vqn4iRcSH0NJBnoy5z++b3m+1jPXTDwo/BLxdnYYMCAw +CgYIKwYBBQUHAwMMEnN0YXRlLWluc3RpdHV0aW9ucw== +-----END TRUSTED CERTIFICATE----- + +# thawte Primary Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB +qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV +BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw +NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j +LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG +A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl +IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs +W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta +3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk +6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 +Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J +NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP +r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU +DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz +YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX +xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 +/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ +LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 +jVaMaDAkMAoGCCsGAQUFBwMDDBZ0aGF3dGUgUHJpbWFyeSBSb290IENB +-----END TRUSTED CERTIFICATE----- + +# thawte Primary Root CA - G2 +-----BEGIN TRUSTED CERTIFICATE----- +MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp +IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi +BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw +MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh +d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig +YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v +dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/ +BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6 +papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K +DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3 +KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox +XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULjApMAoGCCsGAQUFBwMDDBt0aGF3 +dGUgUHJpbWFyeSBSb290IENBIC0gRzI= +-----END TRUSTED CERTIFICATE----- + +# thawte Primary Root CA - G3 +-----BEGIN TRUSTED CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB +rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV +BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa +Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl +LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u +MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm +gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 +YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf +b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 +9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S +zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk +OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA +2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW +oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu +t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c +KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM +m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu +MdRAGmI0Nj81Aa6sY6AwKTAKBggrBgEFBQcDAwwbdGhhd3RlIFByaW1hcnkgUm9v +dCBDQSAtIEcz +-----END TRUSTED CERTIFICATE----- + +# vTrus ECC Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIICDzCCAZWgAwIBAgIUbmq8WapTvpg5Z6LSa6Q75m0c1towCgYIKoZIzj0EAwMw +RzELMAkGA1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAY +BgNVBAMTEXZUcnVzIEVDQyBSb290IENBMB4XDTE4MDczMTA3MjY0NFoXDTQzMDcz +MTA3MjY0NFowRzELMAkGA1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28u +LEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBSb290IENBMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAEZVBKrox5lkqqHAjDo6LN/llWQXf9JpRCux3NCNtzslt188+cToL0 +v/hhJoVs1oVbcnDS/dtitN9Ti72xRFhiQgnH+n9bEOf+QP3A2MMrMudwpremIFUd +e4BdS49nTPEQo0IwQDAdBgNVHQ4EFgQUmDnNvtiyjPeyq+GtJK97fKHbH88wDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIw +V53dVvHH4+m4SVBrm2nDb+zDfSXkV5UTQJtS0zvzQBm8JsctBp61ezaf9SXUY2sA +AjEA6dPGnlaaKsyh2j/IZivTWJwghfqrkYpwcBE4YGQLYgmRWAD5Tfs0aNoJrSEG +GJTOMB8wCgYIKwYBBQUHAwEMEXZUcnVzIEVDQyBSb290IENB +-----END TRUSTED CERTIFICATE----- + +# vTrus Root CA +-----BEGIN TRUSTED CERTIFICATE----- +MIIFVjCCAz6gAwIBAgIUQ+NxE9izWRRdt86M/TX9b7wFjUUwDQYJKoZIhvcNAQEL +BQAwQzELMAkGA1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4x +FjAUBgNVBAMTDXZUcnVzIFJvb3QgQ0EwHhcNMTgwNzMxMDcyNDA1WhcNNDMwNzMx +MDcyNDA1WjBDMQswCQYDVQQGEwJDTjEcMBoGA1UEChMTaVRydXNDaGluYSBDby4s +THRkLjEWMBQGA1UEAxMNdlRydXMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAL1VfGHTuB0EYgWgrmy3cLRB6ksDXhA/kFocizuwZotsSKYc +IrrVQJLuM7IjWcmOvFjai57QGfIvWcaMY1q6n6MLsLOaXLoRuBLpDLvPbmyAhykU +AyyNJJrIZIO1aqwTLDPxn9wsYTwaP3BVm60AUn/PBLn+NvqcwBauYv6WTEN+VRS+ +GrPSbcKvdmaVayqwlHeFXgQPYh1jdfdr58tbmnDsPmcF8P4HCIDPKNsFxhQnL4Z9 +8Cfe/+Z+M0jnCx5Y0ScrUw5XSmXX+6KAYPxMvDVTAWqXcoKv8R1w6Jz1717CbMdH +flqUhSZNO7rrTOiwCcJlwp2dCZtOtZcFrPUGoPc2BX70kLJrxLT5ZOrpGgrIDajt +J8nU57O5q4IikCc9Kuh8kO+8T/3iCiSn3mUkpF3qwHYw03dQ+A0Em5Q2AXPKBlim +0zvc+gRGE1WKyURHuFE5Gi7oNOJ5y1lKCn+8pu8fA2dqWSslYpPZUxlmPCdiKYZN +pGvu/9ROutW04o5IWgAZCfEF2c6Rsffr6TlP9m8EQ5pV9T4FFL2/s1m02I4zhKOQ +UqqzApVg+QxMaPnu1RcN+HFXtSXkKe5lXa/R7jwXC1pDxaWG6iSe4gUH3DRCEpHW +OXSuTEGC2/KmSNGzm/MzqvOmwMVO9fSddmPmAsYiS8GVP1BkLFTltvA8Kc9XAgMB +AAGjQjBAMB0GA1UdDgQWBBRUYnBj8XWEQ1iO0RYgscasGrz2iTAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAKbqSSaet +8PFww+SX8J+pJdVrnjT+5hpk9jprUrIQeBqfTNqK2uwcN1LgQkv7bHbKJAs5EhWd +nxEt/Hlk3ODg9d3gV8mlsnZwUKT+twpw1aA08XXXTUm6EdGz2OyC/+sOxL9kLX1j +bhd47F18iMjrjld22VkE+rxSH0Ws8HqA7Oxvdq6R2xCOBNyS36D25q5J08FsEhvM +Kar5CKXiNxTKsbhm7xqC5PD48acWabfbqWE8n/Uxy+QARsIvdLGx14HuqCaVvIiv +TDUHKgLKeBRtRytAVunLKmChZwOgzoy8sHJnxDHO2zTlJQNgJXtxmOTAGytfdELS +S8VZCAeHvsXDf+eW2eHcKJfWjwXj9ZtOyh1QRwVTsMo554WgicEFOwE30z9J4nfr +I8iIZjs9OXYhRvHsXyO466JmdXTBQPfYaJqT4i2pLr0cox7IdMakLXogqzu4sEb9 +b91fUlV1YvCXoHzXOP0l382gmxDPi7g4Xl7FtKYCNqEeXxzP4padKar9mK5S4fNB +UvupLnKWnyfjqnN9+BojZns7q2WwMgFLFT49ok8MKzWixtlnEjUwzXYuFrOZnk1P +Ti07NEPhmg4NpGaXutIcSkwsKouLgU9xGqndXHt7CMUADTdA43x7VF8vhV929ven +sBxXVsFy6K2ir40zSbofitzmdHxghm+Hl3swGzAKBggrBgEFBQcDAQwNdlRydXMg +Um9vdCBDQQ== +-----END TRUSTED CERTIFICATE----- diff --git a/cygwin/etc/pki/tls/openssl.cnf b/cygwin/etc/pki/tls/openssl.cnf new file mode 100644 index 0000000..5d119a0 --- /dev/null +++ b/cygwin/etc/pki/tls/openssl.cnf @@ -0,0 +1,368 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# Note that you can include other files from the main configuration +# file using the .include directive. +#.include filename + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +# Load default TLS policy configuration + +openssl_conf = default_modules + +[ default_modules ] + +ssl_conf = ssl_module + +[ ssl_module ] + +system_default = crypto_policy + +[ crypto_policy ] + +.include = /etc/crypto-policies/back-ends/opensslcnf.config + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = /etc/pki/CA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key + +x509_extensions = usr_cert # The extensions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha256 # use SHA-256 by default +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_md = sha256 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = XX +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +#stateOrProvinceName_default = Default Province + +localityName = Locality Name (eg, city) +localityName_default = Default City + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Default Company Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, your name or your server\'s hostname) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +basicConstraints = critical,CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = /etc/pki/CA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) +ess_cert_id_alg = sha256 # algorithm to compute certificate + # identifier (optional, default: sha1) diff --git a/cygwin/etc/profile b/cygwin/etc/profile new file mode 100644 index 0000000..483fa10 --- /dev/null +++ b/cygwin/etc/profile @@ -0,0 +1,163 @@ +# -*- mode:sh sh-shell:sh -*- +# To the extent possible under law, the author(s) have dedicated all +# copyright and related and neighboring rights to this software to the +# public domain worldwide. This software is distributed without any warranty. +# You should have received a copy of the CC0 Public Domain Dedication along +# with this software. +# If not, see . + +# base-files version 4.3-3 + +# /etc/profile: executed by the command interpreter for login shells. + +# The latest version as installed by the Cygwin Setup program can +# always be found at /etc/defaults/etc/profile + +# Modifying /etc/profile directly will prevent +# setup from updating it. + +# System-wide profile file + +# Some resources... +# Customizing Your Shell: http://www.dsl.org/cookbook/cookbook_5.html#SEC69 +# Consistent BackSpace and Delete Configuration: +# http://www.ibb.net/~anne/keyboard.html +# The Linux Documentation Project: http://www.tldp.org/ +# The Linux Cookbook: http://www.tldp.org/LDP/linuxcookbook/html/ +# Greg's Wiki http://mywiki.wooledge.org/ + +if [ -z "${PROFILEREAD+true}" ] ; then + + # Setup some default paths. Note that this order will allow user installed + # software to override 'system' software. + # Modifying these default path settings can be done in different ways. + # To learn more about startup files, refer to your shell's man page. + + : ${ORIGINAL_PATH=${PATH}} + # setting CYGWIN_USEWINPATH non-empty in the system variables + # assumes that you've already set up PATH so that Cygwin works + # correctly -- no further alteration is done + if [ ${CYGWIN_USEWINPATH-pathprepend} = "pathprepend" ] ; then + # setting CYGWIN_NOWINPATH non-empty in the system variables + # prevents use of the existing PATH and a clean PATH just for + # Cygwin is set up -- you need to add any extra path components + # you need in your personal startup files + if [ ${CYGWIN_NOWINPATH-addwinpath} = "addwinpath" ] ; then + PATH="/usr/local/bin:/usr/bin${PATH:+:${PATH}}" + else + PATH="/usr/local/bin:/usr/bin" + fi + fi + +# see https://cygwin.com/ml/cygwin/2014-05/msg00352.html +# MANPATH="/usr/local/man:/usr/share/man:/usr/man${MANPATH:+:${MANPATH}}" + INFOPATH="/usr/local/info:/usr/share/info:/usr/info${INFOPATH:+:${INFOPATH}}" + + # Set the user id + USER="$(/usr/bin/id -un)" + + # TMP and TEMP as defined in the Windows environment + # can have unexpected consequences for cygwin apps, so we define + # our own to match GNU/Linux behaviour. + unset TMP TEMP + TMP="/tmp" + TEMP="/tmp" + + # Define default printer + p='/proc/registry/HKEY_CURRENT_USER/Software/Microsoft/Windows NT/CurrentVersion/Windows/Device' + if [ -e "${p}" ] ; then + read -r PRINTER < "${p}" + PRINTER=${PRINTER%%,*} + fi + unset p + + # Default to removing the write permission for group and other + # (files normally created with mode 777 become 755; files created with + # mode 666 become 644) + umask 022 + + # Here is how HOME is set, in order of priority, when starting from Windows + # 1) From existing HOME in the Windows environment, translated to a Posix path + # 2) from /etc/passwd, if there is an entry with a non empty directory field + # 3) from HOMEDRIVE/HOMEPATH + # 4) / (root) + # If the home directory doesn't exist, create it. + if [ ! -d "${HOME}" ]; then + if mkdir -p "${HOME}"; then + echo "Copying skeleton files." + echo "These files are for the users to personalise their cygwin experience." + echo + echo "They will never be overwritten nor automatically updated." + echo + if ! cd /etc/skel; then + echo "WARNING: Failed attempt to cd into /etc/skel!" + else + /usr/bin/find . -type f | + while read f; do + fDest=${f#.} + if [ ! -e "${HOME}${fDest}" -a ! -L "${HOME}${fDest}" ]; then + /usr/bin/install -D -p -v "${f}" "${HOME}/${fDest}" + fi + done + unset fDest + fi + else + echo "${HOME} could not be created." + { [ -d "${TEMP}" ] && HOME="${TEMP}"; } || + { [ -d "${TMP}" ] && HOME="${TMP}"; } || + { [ -d /tmp ] && HOME=/tmp; } || + HOME=/ + echo "Setting HOME to ${HOME}." + fi + fi + + readonly PROFILEREAD=true +fi + +# Make sure we start in home unless invoked by CHERE +if [ ! -z "${CHERE_INVOKING}" ]; then + unset CHERE_INVOKING +else + cd "${HOME}" || echo "WARNING: Failed attempt to cd into ${HOME}!" +fi + +# Shell dependent settings +profile_d () +{ + _LC_ALL_SET_="${LC_ALL+set}" + _LC_SAVE_="${LC_ALL-null}" + LC_ALL=C + if [ "${_LC_SAVE_}" = "null" ]; then + for file in /etc/profile.d/*.$1; do + [ -e "${file}" ] && . "${file}" + done + unset LC_ALL + else + for file in /etc/profile.d/*.$1; do + [ -e "${file}" ] && LC_ALL="${_LC_SAVE_}" . "${file}" + done + LC_ALL="${_LC_SAVE_}" + fi + unset file + unset _LC_ALL_SET_ + unset _LC_SAVE_ +} + +HOSTNAME="$(/usr/bin/hostname)" +profile_d sh +if [ ! "x${BASH_VERSION}" = "x" ]; then + [ -f "/etc/bash.bashrc" ] && . "/etc/bash.bashrc" +elif [ ! "x${KSH_VERSION}" = "x" ]; then + typeset -l HOSTNAME + [ "${PS1-null}" = "null" ] || PS1=$(print '\033]0;${PWD}\n\033[32m${USER}@${HOSTNAME} \033[33m${PWD/${HOME}/~}\033[0m\n$ ') +elif [ ! "x${ZSH_VERSION}" = "x" ]; then + # zsh is in shell compatibility mode here, so we probably shouldn't do this + profile_d zsh +elif [ ! "x${POSH_VERSION}" = "x" ]; then + : # [ "${PS1-null}" = "null" ] || PS1="$ " +else + : # [ "${PS1-null}" = "null" ] || PS1="$ " +fi + +# export PROFILEREAD PATH ORIGINAL_PATH MANPATH INFOPATH USER TMP TEMP PRINTER HOSTNAME PS1 SHELL tmp temp +export PROFILEREAD PATH ORIGINAL_PATH INFOPATH USER TMP TEMP PRINTER HOSTNAME PS1 SHELL diff --git a/cygwin/etc/profile.d/gawk.csh b/cygwin/etc/profile.d/gawk.csh new file mode 100644 index 0000000..583d5bc --- /dev/null +++ b/cygwin/etc/profile.d/gawk.csh @@ -0,0 +1,11 @@ +alias gawkpath_default 'unsetenv AWKPATH; setenv AWKPATH `gawk -v x=AWKPATH "BEGIN {print ENVIRON[x]}"`' + +alias gawkpath_prepend 'if (! $?AWKPATH) setenv AWKPATH ""; if ($AWKPATH == "") then; unsetenv AWKPATH; setenv AWKPATH `gawk -v x=AWKPATH "BEGIN {print ENVIRON[x]}"`; endif; setenv AWKPATH "\!*"":$AWKPATH"' + +alias gawkpath_append 'if (! $?AWKPATH) setenv AWKPATH ""; if ($AWKPATH == "") then; unsetenv AWKPATH; setenv AWKPATH `gawk -v x=AWKPATH "BEGIN {print ENVIRON[x]}"`; endif; setenv AWKPATH "$AWKPATH"":\!*"' + +alias gawklibpath_default 'unsetenv AWKLIBPATH; setenv AWKLIBPATH `gawk -v x=AWKLIBPATH "BEGIN {print ENVIRON[x]}"`' + +alias gawklibpath_prepend 'if (! $?AWKLIBPATH) setenv AWKLIBPATH ""; if ($AWKLIBPATH == "") then; unsetenv AWKLIBPATH; setenv AWKLIBPATH `gawk -v x=AWKLIBPATH "BEGIN {print ENVIRON[x]}"`; endif; setenv AWKLIBPATH "\!*"":$AWKLIBPATH"' + +alias gawklibpath_append 'if (! $?AWKLIBPATH) setenv AWKLIBPATH ""; if ($AWKLIBPATH == "") then; unsetenv AWKLIBPATH; setenv AWKLIBPATH `gawk -v x=AWKLIBPATH "BEGIN {print ENVIRON[x]}"`; endif; setenv AWKLIBPATH "$AWKLIBPATH"":\!*"' diff --git a/cygwin/etc/profile.d/gawk.sh b/cygwin/etc/profile.d/gawk.sh new file mode 100644 index 0000000..c35471f --- /dev/null +++ b/cygwin/etc/profile.d/gawk.sh @@ -0,0 +1,31 @@ +gawkpath_default () { + unset AWKPATH + export AWKPATH=`gawk 'BEGIN {print ENVIRON["AWKPATH"]}'` +} + +gawkpath_prepend () { + [ -z "$AWKPATH" ] && AWKPATH=`gawk 'BEGIN {print ENVIRON["AWKPATH"]}'` + export AWKPATH="$*:$AWKPATH" +} + +gawkpath_append () { + [ -z "$AWKPATH" ] && AWKPATH=`gawk 'BEGIN {print ENVIRON["AWKPATH"]}'` + export AWKPATH="$AWKPATH:$*" +} + +gawklibpath_default () { + unset AWKLIBPATH + export AWKLIBPATH=`gawk 'BEGIN {print ENVIRON["AWKLIBPATH"]}'` +} + +gawklibpath_prepend () { + [ -z "$AWKLIBPATH" ] && \ + AWKLIBPATH=`gawk 'BEGIN {print ENVIRON["AWKLIBPATH"]}'` + export AWKLIBPATH="$*:$AWKLIBPATH" +} + +gawklibpath_append () { + [ -z "$AWKLIBPATH" ] && \ + AWKLIBPATH=`gawk 'BEGIN {print ENVIRON["AWKLIBPATH"]}'` + export AWKLIBPATH="$AWKLIBPATH:$*" +} diff --git a/cygwin/etc/shells b/cygwin/etc/shells new file mode 100644 index 0000000..012b492 --- /dev/null +++ b/cygwin/etc/shells @@ -0,0 +1,18 @@ +/bin/sh +/bin/ash +/bin/bash +/bin/dash +/bin/mksh +/bin/pdksh +/bin/posh +/bin/tcsh +/bin/zsh +/usr/bin/sh +/usr/bin/ash +/usr/bin/bash +/usr/bin/dash +/usr/bin/mksh +/usr/bin/pdksh +/usr/bin/posh +/usr/bin/tcsh +/usr/bin/zsh diff --git a/cygwin/etc/skel/.bash_profile b/cygwin/etc/skel/.bash_profile new file mode 100644 index 0000000..84701e7 --- /dev/null +++ b/cygwin/etc/skel/.bash_profile @@ -0,0 +1,44 @@ +# To the extent possible under law, the author(s) have dedicated all +# copyright and related and neighboring rights to this software to the +# public domain worldwide. This software is distributed without any warranty. +# You should have received a copy of the CC0 Public Domain Dedication along +# with this software. +# If not, see . + +# base-files version 4.3-3 + +# ~/.bash_profile: executed by bash(1) for login shells. + +# The latest version as installed by the Cygwin Setup program can +# always be found at /etc/defaults/etc/skel/.bash_profile + +# Modifying /etc/skel/.bash_profile directly will prevent +# setup from updating it. + +# The copy in your home directory (~/.bash_profile) is yours, please +# feel free to customise it to create a shell +# environment to your liking. If you feel a change +# would be benifitial to all, please feel free to send +# a patch to the cygwin mailing list. + +# User dependent .bash_profile file + +# source the users bashrc if it exists +if [ -f "${HOME}/.bashrc" ] ; then + source "${HOME}/.bashrc" +fi + +# Set PATH so it includes user's private bin if it exists +# if [ -d "${HOME}/bin" ] ; then +# PATH="${HOME}/bin:${PATH}" +# fi + +# Set MANPATH so it includes users' private man if it exists +# if [ -d "${HOME}/man" ]; then +# MANPATH="${HOME}/man:${MANPATH}" +# fi + +# Set INFOPATH so it includes users' private info if it exists +# if [ -d "${HOME}/info" ]; then +# INFOPATH="${HOME}/info:${INFOPATH}" +# fi diff --git a/cygwin/etc/skel/.bashrc b/cygwin/etc/skel/.bashrc new file mode 100644 index 0000000..3a4f59a --- /dev/null +++ b/cygwin/etc/skel/.bashrc @@ -0,0 +1,186 @@ +# To the extent possible under law, the author(s) have dedicated all +# copyright and related and neighboring rights to this software to the +# public domain worldwide. This software is distributed without any warranty. +# You should have received a copy of the CC0 Public Domain Dedication along +# with this software. +# If not, see . + +# base-files version 4.3-3 + +# ~/.bashrc: executed by bash(1) for interactive shells. + +# The latest version as installed by the Cygwin Setup program can +# always be found at /etc/defaults/etc/skel/.bashrc + +# Modifying /etc/skel/.bashrc directly will prevent +# setup from updating it. + +# The copy in your home directory (~/.bashrc) is yours, please +# feel free to customise it to create a shell +# environment to your liking. If you feel a change +# would be benifitial to all, please feel free to send +# a patch to the cygwin mailing list. + +# User dependent .bashrc file + +# If not running interactively, don't do anything +[[ "$-" != *i* ]] && return + +# Shell Options +# +# See man bash for more options... +# +# Don't wait for job termination notification +# set -o notify +# +# Don't use ^D to exit +# set -o ignoreeof +# +# Use case-insensitive filename globbing +# shopt -s nocaseglob +# +# Make bash append rather than overwrite the history on disk +# shopt -s histappend +# +# When changing directory small typos can be ignored by bash +# for example, cd /vr/lgo/apaache would find /var/log/apache +# shopt -s cdspell + +# Programmable completion enhancements are enabled via +# /etc/profile.d/bash_completion.sh when the package bash_completetion +# is installed. Any completions you add in ~/.bash_completion are +# sourced last. + +# History Options +# +# Don't put duplicate lines in the history. +# export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups +# +# Ignore some controlling instructions +# HISTIGNORE is a colon-delimited list of patterns which should be excluded. +# The '&' is a special pattern which suppresses duplicate entries. +# export HISTIGNORE=$'[ \t]*:&:[fb]g:exit' +# export HISTIGNORE=$'[ \t]*:&:[fb]g:exit:ls' # Ignore the ls command as well +# +# Whenever displaying the prompt, write the previous line to disk +# export PROMPT_COMMAND="history -a" + +# Aliases +# +# Some people use a different file for aliases +# if [ -f "${HOME}/.bash_aliases" ]; then +# source "${HOME}/.bash_aliases" +# fi +# +# Some example alias instructions +# If these are enabled they will be used instead of any instructions +# they may mask. For example, alias rm='rm -i' will mask the rm +# application. To override the alias instruction use a \ before, ie +# \rm will call the real rm not the alias. +# +# Interactive operation... +# alias rm='rm -i' +# alias cp='cp -i' +# alias mv='mv -i' +# +# Default to human readable figures +# alias df='df -h' +# alias du='du -h' +# +# Misc :) +# alias less='less -r' # raw control characters +# alias whence='type -a' # where, of a sort +# alias grep='grep --color' # show differences in colour +# alias egrep='egrep --color=auto' # show differences in colour +# alias fgrep='fgrep --color=auto' # show differences in colour +# +# Some shortcuts for different directory listings +# alias ls='ls -hF --color=tty' # classify files in colour +# alias dir='ls --color=auto --format=vertical' +# alias vdir='ls --color=auto --format=long' +# alias ll='ls -l' # long list +# alias la='ls -A' # all but . and .. +# alias l='ls -CF' # + +# Umask +# +# /etc/profile sets 022, removing write perms to group + others. +# Set a more restrictive umask: i.e. no exec perms for others: +# umask 027 +# Paranoid: neither group nor others have any perms: +# umask 077 + +# Functions +# +# Some people use a different file for functions +# if [ -f "${HOME}/.bash_functions" ]; then +# source "${HOME}/.bash_functions" +# fi +# +# Some example functions: +# +# a) function settitle +# settitle () +# { +# echo -ne "\e]2;$@\a\e]1;$@\a"; +# } +# +# b) function cd_func +# This function defines a 'cd' replacement function capable of keeping, +# displaying and accessing history of visited directories, up to 10 entries. +# To use it, uncomment it, source this file and try 'cd --'. +# acd_func 1.0.5, 10-nov-2004 +# Petar Marinov, http:/geocities.com/h2428, this is public domain +# cd_func () +# { +# local x2 the_new_dir adir index +# local -i cnt +# +# if [[ $1 == "--" ]]; then +# dirs -v +# return 0 +# fi +# +# the_new_dir=$1 +# [[ -z $1 ]] && the_new_dir=$HOME +# +# if [[ ${the_new_dir:0:1} == '-' ]]; then +# # +# # Extract dir N from dirs +# index=${the_new_dir:1} +# [[ -z $index ]] && index=1 +# adir=$(dirs +$index) +# [[ -z $adir ]] && return 1 +# the_new_dir=$adir +# fi +# +# # +# # '~' has to be substituted by ${HOME} +# [[ ${the_new_dir:0:1} == '~' ]] && the_new_dir="${HOME}${the_new_dir:1}" +# +# # +# # Now change to the new dir and add to the top of the stack +# pushd "${the_new_dir}" > /dev/null +# [[ $? -ne 0 ]] && return 1 +# the_new_dir=$(pwd) +# +# # +# # Trim down everything beyond 11th entry +# popd -n +11 2>/dev/null 1>/dev/null +# +# # +# # Remove any other occurence of this dir, skipping the top of the stack +# for ((cnt=1; cnt <= 10; cnt++)); do +# x2=$(dirs +${cnt} 2>/dev/null) +# [[ $? -ne 0 ]] && return 0 +# [[ ${x2:0:1} == '~' ]] && x2="${HOME}${x2:1}" +# if [[ "${x2}" == "${the_new_dir}" ]]; then +# popd -n +$cnt 2>/dev/null 1>/dev/null +# cnt=cnt-1 +# fi +# done +# +# return 0 +# } +# +# alias cd=cd_func diff --git a/cygwin/etc/skel/.inputrc b/cygwin/etc/skel/.inputrc new file mode 100644 index 0000000..efc1050 --- /dev/null +++ b/cygwin/etc/skel/.inputrc @@ -0,0 +1,74 @@ +# To the extent possible under law, the author(s) have dedicated all +# copyright and related and neighboring rights to this software to the +# public domain worldwide. This software is distributed without any warranty. +# You should have received a copy of the CC0 Public Domain Dedication along +# with this software. +# If not, see . + +# base-files version 4.3-3 + +# ~/.inputrc: readline initialization file. + +# The latest version as installed by the Cygwin Setup program can +# always be found at /etc/defaults/etc/skel/.inputrc + +# Modifying /etc/skel/.inputrc directly will prevent +# setup from updating it. + +# The copy in your home directory (~/.inputrc) is yours, please +# feel free to customise it to create a shell +# environment to your liking. If you feel a change +# would be benifitial to all, please feel free to send +# a patch to the cygwin mailing list. + +# the following line is actually +# equivalent to "\C-?": delete-char +"\e[3~": delete-char + +# VT +"\e[1~": beginning-of-line +"\e[4~": end-of-line + +# kvt +"\e[H": beginning-of-line +"\e[F": end-of-line + +# rxvt and konsole (i.e. the KDE-app...) +"\e[7~": beginning-of-line +"\e[8~": end-of-line + +# VT220 +"\eOH": beginning-of-line +"\eOF": end-of-line + +# Allow 8-bit input/output +#set meta-flag on +#set convert-meta off +#set input-meta on +#set output-meta on +#$if Bash + # Don't ring bell on completion + #set bell-style none + + # or, don't beep at me - show me + #set bell-style visible + + # Filename completion/expansion + #set completion-ignore-case on + #set show-all-if-ambiguous on + + # Expand homedir name + #set expand-tilde on + + # Append "/" to all dirnames + #set mark-directories on + #set mark-symlinked-directories on + + # Match all files + #set match-hidden-files on + + # 'Magic Space' + # Insert a space character then performs + # a history expansion in the line + #Space: magic-space +#$endif diff --git a/cygwin/etc/skel/.profile b/cygwin/etc/skel/.profile new file mode 100644 index 0000000..02bb0d9 --- /dev/null +++ b/cygwin/etc/skel/.profile @@ -0,0 +1,37 @@ +# To the extent possible under law, the author(s) have dedicated all +# copyright and related and neighboring rights to this software to the +# public domain worldwide. This software is distributed without any warranty. +# You should have received a copy of the CC0 Public Domain Dedication along +# with this software. +# If not, see . + +# base-files version 4.3-3 + +# ~/.profile: executed by the command interpreter for login shells. + +# The latest version as installed by the Cygwin Setup program can +# always be found at /etc/defaults/etc/skel/.profile + +# Modifying /etc/skel/.profile directly will prevent +# setup from updating it. + +# The copy in your home directory (~/.profile) is yours, please +# feel free to customise it to create a shell +# environment to your liking. If you feel a change +# would be benificial to all, please feel free to send +# a patch to the cygwin mailing list. + +# User dependent .profile file + +# Set user-defined locale +export LANG=$(locale -uU) + +# This file is not read by bash(1) if ~/.bash_profile or ~/.bash_login +# exists. +# +# if running bash +if [ -n "${BASH_VERSION}" ]; then + if [ -f "${HOME}/.bashrc" ]; then + source "${HOME}/.bashrc" + fi +fi diff --git a/cygwin/home/.gitkeep b/cygwin/home/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/lib/charset.alias b/cygwin/lib/charset.alias new file mode 100644 index 0000000..04ba87d --- /dev/null +++ b/cygwin/lib/charset.alias @@ -0,0 +1,4 @@ +# This file contains a table of character encoding aliases, +# suitable for operating system 'Walter'. +# It was automatically generated from config.charset. +# Packages using this file: groff diff --git a/cygwin/lib/gawk/.gitkeep b/cygwin/lib/gawk/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/sbin/.gitkeep b/cygwin/sbin/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/tmp/.gitkeep b/cygwin/tmp/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/usr/libexec/awk/grcat.exe b/cygwin/usr/libexec/awk/grcat.exe new file mode 100644 index 0000000..3cf972b Binary files /dev/null and b/cygwin/usr/libexec/awk/grcat.exe differ diff --git a/cygwin/usr/libexec/awk/pwcat.exe b/cygwin/usr/libexec/awk/pwcat.exe new file mode 100644 index 0000000..c0abb51 Binary files /dev/null and b/cygwin/usr/libexec/awk/pwcat.exe differ diff --git a/cygwin/usr/libexec/coreutils/libstdbuf.so b/cygwin/usr/libexec/coreutils/libstdbuf.so new file mode 100644 index 0000000..a2f8f81 Binary files /dev/null and b/cygwin/usr/libexec/coreutils/libstdbuf.so differ diff --git a/cygwin/usr/local/bin/curl-kyber.exe b/cygwin/usr/local/bin/curl-kyber.exe new file mode 100644 index 0000000..a9ddce1 Binary files /dev/null and b/cygwin/usr/local/bin/curl-kyber.exe differ diff --git a/cygwin/usr/local/bin/curl.exe b/cygwin/usr/local/bin/curl.exe new file mode 100644 index 0000000..c46c813 Binary files /dev/null and b/cygwin/usr/local/bin/curl.exe differ diff --git a/cygwin/usr/local/bin/cygcrypto-3.dll b/cygwin/usr/local/bin/cygcrypto-3.dll new file mode 100644 index 0000000..5049b81 Binary files /dev/null and b/cygwin/usr/local/bin/cygcrypto-3.dll differ diff --git a/cygwin/usr/local/bin/cygcurl-4.dll b/cygwin/usr/local/bin/cygcurl-4.dll new file mode 100644 index 0000000..40346d1 Binary files /dev/null and b/cygwin/usr/local/bin/cygcurl-4.dll differ diff --git a/cygwin/usr/local/bin/cygidn2-0.dll b/cygwin/usr/local/bin/cygidn2-0.dll new file mode 100644 index 0000000..01c8550 Binary files /dev/null and b/cygwin/usr/local/bin/cygidn2-0.dll differ diff --git a/cygwin/usr/local/bin/cygnghttp2-14.dll b/cygwin/usr/local/bin/cygnghttp2-14.dll new file mode 100644 index 0000000..ea5947e Binary files /dev/null and b/cygwin/usr/local/bin/cygnghttp2-14.dll differ diff --git a/cygwin/usr/local/bin/cygnghttp3-9.dll b/cygwin/usr/local/bin/cygnghttp3-9.dll new file mode 100644 index 0000000..495b617 Binary files /dev/null and b/cygwin/usr/local/bin/cygnghttp3-9.dll differ diff --git a/cygwin/usr/local/bin/cygssl-3.dll b/cygwin/usr/local/bin/cygssl-3.dll new file mode 100644 index 0000000..cc5e7d3 Binary files /dev/null and b/cygwin/usr/local/bin/cygssl-3.dll differ diff --git a/cygwin/usr/local/bin/idn2.exe b/cygwin/usr/local/bin/idn2.exe new file mode 100644 index 0000000..b0a6656 Binary files /dev/null and b/cygwin/usr/local/bin/idn2.exe differ diff --git a/cygwin/usr/local/etc/.gitkeep b/cygwin/usr/local/etc/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/usr/local/lib/.gitkeep b/cygwin/usr/local/lib/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/usr/sbin/.gitkeep b/cygwin/usr/sbin/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/usr/share/awk/.gitkeep b/cygwin/usr/share/awk/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/usr/share/bash-completion/completions/getopt b/cygwin/usr/share/bash-completion/completions/getopt new file mode 100644 index 0000000..5e3fca6 --- /dev/null +++ b/cygwin/usr/share/bash-completion/completions/getopt @@ -0,0 +1,37 @@ +_getopt_module() +{ + local cur prev OPTS + COMPREPLY=() + cur="${COMP_WORDS[COMP_CWORD]}" + prev="${COMP_WORDS[COMP_CWORD-1]}" + case $prev in + '-l'|'--longoptions') + COMPREPLY=( $(compgen -W "longopts" -- $cur) ) + return 0 + ;; + '-n'|'--name') + COMPREPLY=( $(compgen -W "name" -- $cur) ) + return 0 + ;; + '-o'|'--options') + COMPREPLY=( $(compgen -W "optstring" -- $cur) ) + return 0 + ;; + '-s'|'--shell') + COMPREPLY=( $(compgen -W "sh bash csh tcsh" -- $cur) ) + return 0 + ;; + '-h'|'--help'|'-V'|'--version') + return 0 + ;; + esac + case $cur in + -*) + OPTS="--alternative --help --longoptions --name --options --quiet --quiet-output --shell --test --unquoted --version" + COMPREPLY=( $(compgen -W "${OPTS[*]}" -- $cur) ) + return 0 + ;; + esac + return 0 +} +complete -F _getopt_module getopt diff --git a/cygwin/usr/share/bash-completion/completions/more b/cygwin/usr/share/bash-completion/completions/more new file mode 100644 index 0000000..809cea2 --- /dev/null +++ b/cygwin/usr/share/bash-completion/completions/more @@ -0,0 +1,30 @@ +_more_module() +{ + local cur prev OPTS + COMPREPLY=() + cur="${COMP_WORDS[COMP_CWORD]}" + prev="${COMP_WORDS[COMP_CWORD-1]}" + case $prev in + '-V') + return 0 + ;; + esac + case $cur in + -*) + OPTS="-d -f -l -p -c -u -s -number -V" + COMPREPLY=( $(compgen -W "${OPTS[*]}" -- $cur) ) + return 0 + ;; + +*) + OPTS="+number +/string" + COMPREPLY=( $(compgen -W "${OPTS[*]}" -- $cur) ) + return 0 + ;; + esac + + local IFS=$'\n' + compopt -o filenames + COMPREPLY=( $(compgen -f -- $cur) ) + return 0 +} +complete -F _more_module more diff --git a/cygwin/usr/share/bash-completion/completions/renice b/cygwin/usr/share/bash-completion/completions/renice new file mode 100644 index 0000000..2495f37 --- /dev/null +++ b/cygwin/usr/share/bash-completion/completions/renice @@ -0,0 +1,41 @@ +_renice_module() +{ + local cur prev OPTS + COMPREPLY=() + cur="${COMP_WORDS[COMP_CWORD]}" + prev="${COMP_WORDS[COMP_CWORD-1]}" + case $prev in + '-g'|'--pgrp') + local PGRP + PGRP=$(ps -ax -opgrp | sed '1d') + COMPREPLY=( $(compgen -W "$PGRP" -- $cur) ) + return 0 + ;; + '-n'|'--priority') + COMPREPLY=( $(compgen -W "{-20..20}" -- $cur) ) + return 0 + ;; + '-p'|'--pid') + local PIDS + PIDS=$(cd /proc && echo [0-9]*) + COMPREPLY=( $(compgen -W "$PIDS" -- $cur) ) + return 0 + ;; + '-u'|'--user') + COMPREPLY=( $(compgen -u -- $cur) ) + return 0 + ;; + '-h'|'--help'|'-V'|'--version') + return 0 + ;; + esac + OPTS="--pgrp + --priority + --pid + --user + --help + --version" + COMPREPLY=( $(compgen -W "${OPTS[*]}" -- $cur) ) + return 0 +} +complete -F _renice_module renice diff --git a/cygwin/usr/share/bash-completion/completions/ul b/cygwin/usr/share/bash-completion/completions/ul new file mode 100644 index 0000000..449cbe0 --- /dev/null +++ b/cygwin/usr/share/bash-completion/completions/ul @@ -0,0 +1,33 @@ +_ul_module() +{ + local cur prev OPTS + COMPREPLY=() + cur="${COMP_WORDS[COMP_CWORD]}" + prev="${COMP_WORDS[COMP_CWORD-1]}" + case $prev in + '-t'|'--terminal') + local TERM_LIST I + TERM_LIST='' + for I in /usr/share/terminfo/?/*; do + TERM_LIST+="${I##*/} " + done + COMPREPLY=( $(compgen -W "$TERM_LIST" -- $cur) ) + return 0 + ;; + '-h'|'--help'|'-V'|'--version') + return 0 + ;; + esac + case $cur in + -*) + OPTS="--terminal --indicated --version --help" + COMPREPLY=( $(compgen -W "${OPTS[*]}" -- $cur) ) + return 0 + ;; + esac + local IFS=$'\n' + compopt -o filenames + COMPREPLY=( $(compgen -f -- $cur) ) + return 0 +} +complete -F _ul_module ul diff --git a/cygwin/usr/share/cygwin/cygwin.ldif b/cygwin/usr/share/cygwin/cygwin.ldif new file mode 100644 index 0000000..166a581 --- /dev/null +++ b/cygwin/usr/share/cygwin/cygwin.ldif @@ -0,0 +1,253 @@ +# ========================================================================= +# +# Schema Extension for Cygwin User and Group auxiliary classes +# +# Extend your Active Directory using +# +# ldifde -i -f \.ldif -b \ +# -k -c "CN=schema,CN=Configuration,DC=X" #schemaNamingContext +# +# Remember: +# - you have to be schema admin for your active directory +# - you have to run the above command directly from your schema master +# +# For further information read +# http://technet.microsoft.com/en-us/magazine/2008.05.schema.aspx +# +# ---------------------------------------------------------------------- +# +# Explanation for the OIDs: +# +# Value Meaning Description +# 1 ISO Identifies the root authority. +# 3 IANA Group designation assigned by ISO. +# 6.1.4.1.2312 Red Hat Organization assigned by IANA. +# 15 Cygwin Assigned by Organization. +# Y Object Type Number defining the different object type +# (category) such as classSchema or +# attributeSchema. For example, 5 defines +# object class. +# Z Object Number identifying a particular object +# within the category. For example, the user +# class has the number 9 assigned to it. +# +# ---------------------------------------------------------------------- + +# Attribute definition for cygwinHome + +dn: CN=cygwin-Home,CN=Schema,CN=Configuration,DC=X +changetype: ntdsschemaadd +objectClass: top +objectClass: attributeSchema +cn: cygwin-Home +attributeID: 1.3.6.1.4.1.2312.15.2.1 +# attributeSyntax 2.5.5.12 is String(Unicode) with oMSyntax == 64 +# see http://technet.microsoft.com/en-us/library/cc961740.aspx +attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +adminDisplayName: cygwin-Home +adminDescription: cygwin-Home +oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: cygwinHome +systemOnly: FALSE + +dn: +changetype: modify +add: schemaUpdateNow +schemaUpdateNow: 1 +- + +# Attribute definition for cygwinShell + +dn: CN=cygwin-Shell,CN=Schema,CN=Configuration,DC=X +changetype: ntdsschemaadd +objectClass: top +objectClass: attributeSchema +cn: cygwin-Shell +attributeID: 1.3.6.1.4.1.2312.15.2.2 +attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +adminDisplayName: cygwin-Shell +adminDescription: cygwin-Shell +oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: cygwinShell +systemOnly: FALSE + +dn: +changetype: modify +add: schemaUpdateNow +schemaUpdateNow: 1 +- + +# Attribute definition for cygwinGecos + +dn: CN=cygwin-Gecos,CN=Schema,CN=Configuration,DC=X +changetype: ntdsschemaadd +objectClass: top +objectClass: attributeSchema +cn: cygwin-Gecos +attributeID: 1.3.6.1.4.1.2312.15.2.3 +attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +adminDisplayName: cygwin-Gecos +adminDescription: cygwin-Gecos +oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: cygwinGecos +systemOnly: FALSE + +dn: +changetype: modify +add: schemaUpdateNow +schemaUpdateNow: 1 +- + +# Attribute definition for cygwinFstab + +dn: CN=cygwin-Fstab,CN=Schema,CN=Configuration,DC=X +changetype: ntdsschemaadd +objectClass: top +objectClass: attributeSchema +cn: cygwin-Fstab +attributeID: 1.3.6.1.4.1.2312.15.2.4 +attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +adminDisplayName: cygwin-Fstab +adminDescription: cygwin-Fstab +oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: cygwinFstab +systemOnly: FALSE + +dn: +changetype: modify +add: schemaUpdateNow +schemaUpdateNow: 1 +- + +# Attribute definition for cygwinUnixUid + +dn: CN=cygwin-UnixUid,CN=Schema,CN=Configuration,DC=X +changetype: ntdsschemaadd +objectClass: top +objectClass: attributeSchema +cn: cygwin-UnixUid +attributeID: 1.3.6.1.4.1.2312.15.2.5 +# attributeSyntax 2.5.5.9 is Integer with oMSyntax == 2 +attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +adminDisplayName: cygwin-UnixUid +adminDescription: cygwin-UnixUid +oMSyntax: 2 +searchFlags: 1 +lDAPDisplayName: cygwinUnixUid +systemOnly: FALSE + +dn: +changetype: modify +add: schemaUpdateNow +schemaUpdateNow: 1 +- + +# Attribute definition for cygwinUnixGid + +dn: CN=cygwin-UnixGid,CN=Schema,CN=Configuration,DC=X +changetype: ntdsschemaadd +objectClass: top +objectClass: attributeSchema +cn: cygwin-UnixGid +attributeID: 1.3.6.1.4.1.2312.15.2.6 +attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +adminDisplayName: cygwin-UnixGid +adminDescription: cygwin-UnixGid +oMSyntax: 2 +searchFlags: 1 +lDAPDisplayName: cygwinUnixGid +systemOnly: FALSE + +dn: +changetype: modify +add: schemaUpdateNow +schemaUpdateNow: 1 +- + +# cygwin-User auxiliary class + +dn: CN=cygwin-User,CN=Schema,CN=Configuration,DC=X +changetype: ntdsschemaadd +objectClass: top +objectClass: classSchema +cn: cygwin-User +governsID: 1.3.6.1.4.1.2312.15.1.1 +mayContain: cygwinHome +mayContain: cygwinShell +mayContain: cygwinGecos +mayContain: cygwinFstab +mayContain: cygwinUnixUid +rDNAttID: cn +adminDisplayName: cygwin-User +adminDescription: cygwin-User +objectClassCategory: 3 +lDAPDisplayName: cygwinUser +name: cygwin-User +systemOnly: FALSE + +dn: +changetype: modify +add: schemaUpdateNow +schemaUpdateNow: 1 +- + +# cygwin-Group auxiliary class + +dn: CN=cygwin-Group,CN=Schema,CN=Configuration,DC=X +changetype: ntdsschemaadd +objectClass: top +objectClass: classSchema +cn: cygwin-Group +governsID: 1.3.6.1.4.1.2312.15.1.2 +mayContain: cygwinUnixGid +rDNAttID: cn +adminDisplayName: cygwin-Group +adminDescription: cygwin-Group +objectClassCategory: 3 +lDAPDisplayName: cygwinGroup +name: cygwin-Group +systemOnly: FALSE + +dn: +changetype: modify +add: schemaUpdateNow +schemaUpdateNow: 1 +- + +# Attach cygwin-User to User + +dn: CN=User,CN=Schema,CN=Configuration,DC=X +changetype: ntdsschemamodify +add: auxiliaryClass +auxiliaryClass: cygwinUser +- + +dn: +changetype: modify +add: schemaUpdateNow +schemaUpdateNow: 1 +- + +# Attach cygwin-Group to Group + +dn: CN=Group,CN=Schema,CN=Configuration,DC=X +changetype: ntdsschemamodify +add: auxiliaryClass +auxiliaryClass: cygwinGroup +- + +dn: +changetype: modify +add: schemaUpdateNow +schemaUpdateNow: 1 +- diff --git a/cygwin/usr/share/locale/.gitkeep b/cygwin/usr/share/locale/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/usr/share/tabset/std b/cygwin/usr/share/tabset/std new file mode 100644 index 0000000..e93f737 --- /dev/null +++ b/cygwin/usr/share/tabset/std @@ -0,0 +1 @@ + 3 1 1 1 1 1 1 1 1 1 1 1 1 1 diff --git a/cygwin/usr/share/tabset/stdcrt b/cygwin/usr/share/tabset/stdcrt new file mode 100644 index 0000000..66ba12f --- /dev/null +++ b/cygwin/usr/share/tabset/stdcrt @@ -0,0 +1 @@ + 3 1 1 1 1 1 1 1 1 1 \ No newline at end of file diff --git a/cygwin/usr/share/tabset/vt100 b/cygwin/usr/share/tabset/vt100 new file mode 100644 index 0000000..8828d19 --- /dev/null +++ b/cygwin/usr/share/tabset/vt100 @@ -0,0 +1,3 @@ + + +H H H H H H H H H H H H H H H H diff --git a/cygwin/usr/share/tabset/vt300 b/cygwin/usr/share/tabset/vt300 new file mode 100644 index 0000000..b1f9ce1 --- /dev/null +++ b/cygwin/usr/share/tabset/vt300 @@ -0,0 +1,3 @@ + + +P2$t9/17/25/33/41/49/57/65/73/81/89/97/105/113/121/129\ diff --git a/cygwin/usr/share/terminfo/45/Eterm b/cygwin/usr/share/terminfo/45/Eterm new file mode 100644 index 0000000..a08d16a Binary files /dev/null and b/cygwin/usr/share/terminfo/45/Eterm differ diff --git a/cygwin/usr/share/terminfo/45/Eterm-256color b/cygwin/usr/share/terminfo/45/Eterm-256color new file mode 100644 index 0000000..03d6af0 Binary files /dev/null and b/cygwin/usr/share/terminfo/45/Eterm-256color differ diff --git a/cygwin/usr/share/terminfo/45/Eterm-88color b/cygwin/usr/share/terminfo/45/Eterm-88color new file mode 100644 index 0000000..6882651 Binary files /dev/null and b/cygwin/usr/share/terminfo/45/Eterm-88color differ diff --git a/cygwin/usr/share/terminfo/45/Eterm-color b/cygwin/usr/share/terminfo/45/Eterm-color new file mode 100644 index 0000000..7cbcdba Binary files /dev/null and b/cygwin/usr/share/terminfo/45/Eterm-color differ diff --git a/cygwin/usr/share/terminfo/61/ansi b/cygwin/usr/share/terminfo/61/ansi new file mode 100644 index 0000000..6de7978 Binary files /dev/null and b/cygwin/usr/share/terminfo/61/ansi differ diff --git a/cygwin/usr/share/terminfo/61/aterm b/cygwin/usr/share/terminfo/61/aterm new file mode 100644 index 0000000..c1fb405 Binary files /dev/null and b/cygwin/usr/share/terminfo/61/aterm differ diff --git a/cygwin/usr/share/terminfo/62/bracketed+paste b/cygwin/usr/share/terminfo/62/bracketed+paste new file mode 100644 index 0000000..7432c7a Binary files /dev/null and b/cygwin/usr/share/terminfo/62/bracketed+paste differ diff --git a/cygwin/usr/share/terminfo/62/bterm b/cygwin/usr/share/terminfo/62/bterm new file mode 100644 index 0000000..134f63e Binary files /dev/null and b/cygwin/usr/share/terminfo/62/bterm differ diff --git a/cygwin/usr/share/terminfo/63/cons25 b/cygwin/usr/share/terminfo/63/cons25 new file mode 100644 index 0000000..4043099 Binary files /dev/null and b/cygwin/usr/share/terminfo/63/cons25 differ diff --git a/cygwin/usr/share/terminfo/63/cygwin b/cygwin/usr/share/terminfo/63/cygwin new file mode 100644 index 0000000..8219fa6 Binary files /dev/null and b/cygwin/usr/share/terminfo/63/cygwin differ diff --git a/cygwin/usr/share/terminfo/63/cygwinB19 b/cygwin/usr/share/terminfo/63/cygwinB19 new file mode 100644 index 0000000..4831774 Binary files /dev/null and b/cygwin/usr/share/terminfo/63/cygwinB19 differ diff --git a/cygwin/usr/share/terminfo/63/cygwinDBG b/cygwin/usr/share/terminfo/63/cygwinDBG new file mode 100644 index 0000000..5cf2f22 Binary files /dev/null and b/cygwin/usr/share/terminfo/63/cygwinDBG differ diff --git a/cygwin/usr/share/terminfo/64/dumb b/cygwin/usr/share/terminfo/64/dumb new file mode 100644 index 0000000..fd4091a Binary files /dev/null and b/cygwin/usr/share/terminfo/64/dumb differ diff --git a/cygwin/usr/share/terminfo/64/dumb-emacs-ansi b/cygwin/usr/share/terminfo/64/dumb-emacs-ansi new file mode 100644 index 0000000..b6df432 Binary files /dev/null and b/cygwin/usr/share/terminfo/64/dumb-emacs-ansi differ diff --git a/cygwin/usr/share/terminfo/65/eterm b/cygwin/usr/share/terminfo/65/eterm new file mode 100644 index 0000000..e4d36d3 Binary files /dev/null and b/cygwin/usr/share/terminfo/65/eterm differ diff --git a/cygwin/usr/share/terminfo/65/eterm-color b/cygwin/usr/share/terminfo/65/eterm-color new file mode 100644 index 0000000..c64651a Binary files /dev/null and b/cygwin/usr/share/terminfo/65/eterm-color differ diff --git a/cygwin/usr/share/terminfo/67/gnome b/cygwin/usr/share/terminfo/67/gnome new file mode 100644 index 0000000..6266c34 Binary files /dev/null and b/cygwin/usr/share/terminfo/67/gnome differ diff --git a/cygwin/usr/share/terminfo/67/gnome-256color b/cygwin/usr/share/terminfo/67/gnome-256color new file mode 100644 index 0000000..72e96ac Binary files /dev/null and b/cygwin/usr/share/terminfo/67/gnome-256color differ diff --git a/cygwin/usr/share/terminfo/68/hurd b/cygwin/usr/share/terminfo/68/hurd new file mode 100644 index 0000000..4624d7c Binary files /dev/null and b/cygwin/usr/share/terminfo/68/hurd differ diff --git a/cygwin/usr/share/terminfo/6a/jfbterm b/cygwin/usr/share/terminfo/6a/jfbterm new file mode 100644 index 0000000..a0f2bbe Binary files /dev/null and b/cygwin/usr/share/terminfo/6a/jfbterm differ diff --git a/cygwin/usr/share/terminfo/6b/konsole b/cygwin/usr/share/terminfo/6b/konsole new file mode 100644 index 0000000..237f9c6 Binary files /dev/null and b/cygwin/usr/share/terminfo/6b/konsole differ diff --git a/cygwin/usr/share/terminfo/6b/konsole-16color b/cygwin/usr/share/terminfo/6b/konsole-16color new file mode 100644 index 0000000..0232ad7 Binary files /dev/null and b/cygwin/usr/share/terminfo/6b/konsole-16color differ diff --git a/cygwin/usr/share/terminfo/6b/konsole-256color b/cygwin/usr/share/terminfo/6b/konsole-256color new file mode 100644 index 0000000..8f385ad Binary files /dev/null and b/cygwin/usr/share/terminfo/6b/konsole-256color differ diff --git a/cygwin/usr/share/terminfo/6c/linux b/cygwin/usr/share/terminfo/6c/linux new file mode 100644 index 0000000..4ee980c Binary files /dev/null and b/cygwin/usr/share/terminfo/6c/linux differ diff --git a/cygwin/usr/share/terminfo/6d/mach b/cygwin/usr/share/terminfo/6d/mach new file mode 100644 index 0000000..32c3b53 Binary files /dev/null and b/cygwin/usr/share/terminfo/6d/mach differ diff --git a/cygwin/usr/share/terminfo/6d/mach-bold b/cygwin/usr/share/terminfo/6d/mach-bold new file mode 100644 index 0000000..a563057 Binary files /dev/null and b/cygwin/usr/share/terminfo/6d/mach-bold differ diff --git a/cygwin/usr/share/terminfo/6d/mach-color b/cygwin/usr/share/terminfo/6d/mach-color new file mode 100644 index 0000000..aa795f0 Binary files /dev/null and b/cygwin/usr/share/terminfo/6d/mach-color differ diff --git a/cygwin/usr/share/terminfo/6d/mach-gnu b/cygwin/usr/share/terminfo/6d/mach-gnu new file mode 100644 index 0000000..4ac04f7 Binary files /dev/null and b/cygwin/usr/share/terminfo/6d/mach-gnu differ diff --git a/cygwin/usr/share/terminfo/6d/mach-gnu-color b/cygwin/usr/share/terminfo/6d/mach-gnu-color new file mode 100644 index 0000000..b4a0389 Binary files /dev/null and b/cygwin/usr/share/terminfo/6d/mach-gnu-color differ diff --git a/cygwin/usr/share/terminfo/6d/mintty b/cygwin/usr/share/terminfo/6d/mintty new file mode 100644 index 0000000..819d670 Binary files /dev/null and b/cygwin/usr/share/terminfo/6d/mintty differ diff --git a/cygwin/usr/share/terminfo/6d/mintty+common b/cygwin/usr/share/terminfo/6d/mintty+common new file mode 100644 index 0000000..c9d5b07 Binary files /dev/null and b/cygwin/usr/share/terminfo/6d/mintty+common differ diff --git a/cygwin/usr/share/terminfo/6d/mintty-direct b/cygwin/usr/share/terminfo/6d/mintty-direct new file mode 100644 index 0000000..fba4de2 Binary files /dev/null and b/cygwin/usr/share/terminfo/6d/mintty-direct differ diff --git a/cygwin/usr/share/terminfo/6d/mlterm b/cygwin/usr/share/terminfo/6d/mlterm new file mode 100644 index 0000000..7ff42b8 Binary files /dev/null and b/cygwin/usr/share/terminfo/6d/mlterm differ diff --git a/cygwin/usr/share/terminfo/6d/mrxvt b/cygwin/usr/share/terminfo/6d/mrxvt new file mode 100644 index 0000000..52b7a42 Binary files /dev/null and b/cygwin/usr/share/terminfo/6d/mrxvt differ diff --git a/cygwin/usr/share/terminfo/6d/mrxvt-256color b/cygwin/usr/share/terminfo/6d/mrxvt-256color new file mode 100644 index 0000000..1e9c739 Binary files /dev/null and b/cygwin/usr/share/terminfo/6d/mrxvt-256color differ diff --git a/cygwin/usr/share/terminfo/6e/nsterm b/cygwin/usr/share/terminfo/6e/nsterm new file mode 100644 index 0000000..f10555a Binary files /dev/null and b/cygwin/usr/share/terminfo/6e/nsterm differ diff --git a/cygwin/usr/share/terminfo/70/pcansi b/cygwin/usr/share/terminfo/70/pcansi new file mode 100644 index 0000000..2e24b9a Binary files /dev/null and b/cygwin/usr/share/terminfo/70/pcansi differ diff --git a/cygwin/usr/share/terminfo/70/putty b/cygwin/usr/share/terminfo/70/putty new file mode 100644 index 0000000..9d51b75 Binary files /dev/null and b/cygwin/usr/share/terminfo/70/putty differ diff --git a/cygwin/usr/share/terminfo/70/putty-256color b/cygwin/usr/share/terminfo/70/putty-256color new file mode 100644 index 0000000..eab7654 Binary files /dev/null and b/cygwin/usr/share/terminfo/70/putty-256color differ diff --git a/cygwin/usr/share/terminfo/70/putty-m1 b/cygwin/usr/share/terminfo/70/putty-m1 new file mode 100644 index 0000000..6db7ff6 Binary files /dev/null and b/cygwin/usr/share/terminfo/70/putty-m1 differ diff --git a/cygwin/usr/share/terminfo/70/putty-m1b b/cygwin/usr/share/terminfo/70/putty-m1b new file mode 100644 index 0000000..148e727 Binary files /dev/null and b/cygwin/usr/share/terminfo/70/putty-m1b differ diff --git a/cygwin/usr/share/terminfo/70/putty-m2 b/cygwin/usr/share/terminfo/70/putty-m2 new file mode 100644 index 0000000..6d07493 Binary files /dev/null and b/cygwin/usr/share/terminfo/70/putty-m2 differ diff --git a/cygwin/usr/share/terminfo/70/putty-noapp b/cygwin/usr/share/terminfo/70/putty-noapp new file mode 100644 index 0000000..6905ce6 Binary files /dev/null and b/cygwin/usr/share/terminfo/70/putty-noapp differ diff --git a/cygwin/usr/share/terminfo/70/putty-sco b/cygwin/usr/share/terminfo/70/putty-sco new file mode 100644 index 0000000..0d31a76 Binary files /dev/null and b/cygwin/usr/share/terminfo/70/putty-sco differ diff --git a/cygwin/usr/share/terminfo/70/putty-screen b/cygwin/usr/share/terminfo/70/putty-screen new file mode 100644 index 0000000..4fbce72 Binary files /dev/null and b/cygwin/usr/share/terminfo/70/putty-screen differ diff --git a/cygwin/usr/share/terminfo/70/putty-vt100 b/cygwin/usr/share/terminfo/70/putty-vt100 new file mode 100644 index 0000000..f9d59a8 Binary files /dev/null and b/cygwin/usr/share/terminfo/70/putty-vt100 differ diff --git a/cygwin/usr/share/terminfo/72/rxvt b/cygwin/usr/share/terminfo/72/rxvt new file mode 100644 index 0000000..fac9de1 Binary files /dev/null and b/cygwin/usr/share/terminfo/72/rxvt differ diff --git a/cygwin/usr/share/terminfo/72/rxvt+pcfkeys b/cygwin/usr/share/terminfo/72/rxvt+pcfkeys new file mode 100644 index 0000000..cb43d1a Binary files /dev/null and b/cygwin/usr/share/terminfo/72/rxvt+pcfkeys differ diff --git a/cygwin/usr/share/terminfo/72/rxvt-16color b/cygwin/usr/share/terminfo/72/rxvt-16color new file mode 100644 index 0000000..6fcc3e8 Binary files /dev/null and b/cygwin/usr/share/terminfo/72/rxvt-16color differ diff --git a/cygwin/usr/share/terminfo/72/rxvt-256color b/cygwin/usr/share/terminfo/72/rxvt-256color new file mode 100644 index 0000000..849454a Binary files /dev/null and b/cygwin/usr/share/terminfo/72/rxvt-256color differ diff --git a/cygwin/usr/share/terminfo/72/rxvt-88color b/cygwin/usr/share/terminfo/72/rxvt-88color new file mode 100644 index 0000000..14312a4 Binary files /dev/null and b/cygwin/usr/share/terminfo/72/rxvt-88color differ diff --git a/cygwin/usr/share/terminfo/72/rxvt-basic b/cygwin/usr/share/terminfo/72/rxvt-basic new file mode 100644 index 0000000..6e95c85 Binary files /dev/null and b/cygwin/usr/share/terminfo/72/rxvt-basic differ diff --git a/cygwin/usr/share/terminfo/72/rxvt-color b/cygwin/usr/share/terminfo/72/rxvt-color new file mode 100644 index 0000000..d593a63 Binary files /dev/null and b/cygwin/usr/share/terminfo/72/rxvt-color differ diff --git a/cygwin/usr/share/terminfo/72/rxvt-cygwin b/cygwin/usr/share/terminfo/72/rxvt-cygwin new file mode 100644 index 0000000..8e54800 Binary files /dev/null and b/cygwin/usr/share/terminfo/72/rxvt-cygwin differ diff --git a/cygwin/usr/share/terminfo/72/rxvt-cygwin-native b/cygwin/usr/share/terminfo/72/rxvt-cygwin-native new file mode 100644 index 0000000..6985041 Binary files /dev/null and b/cygwin/usr/share/terminfo/72/rxvt-cygwin-native differ diff --git a/cygwin/usr/share/terminfo/72/rxvt-unicode b/cygwin/usr/share/terminfo/72/rxvt-unicode new file mode 100644 index 0000000..aae451c Binary files /dev/null and b/cygwin/usr/share/terminfo/72/rxvt-unicode differ diff --git a/cygwin/usr/share/terminfo/72/rxvt-unicode-256color b/cygwin/usr/share/terminfo/72/rxvt-unicode-256color new file mode 100644 index 0000000..28e1dff Binary files /dev/null and b/cygwin/usr/share/terminfo/72/rxvt-unicode-256color differ diff --git a/cygwin/usr/share/terminfo/72/rxvt-xpm b/cygwin/usr/share/terminfo/72/rxvt-xpm new file mode 100644 index 0000000..4a86de3 Binary files /dev/null and b/cygwin/usr/share/terminfo/72/rxvt-xpm differ diff --git a/cygwin/usr/share/terminfo/73/screen b/cygwin/usr/share/terminfo/73/screen new file mode 100644 index 0000000..940fb2c Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen differ diff --git a/cygwin/usr/share/terminfo/73/screen-16color b/cygwin/usr/share/terminfo/73/screen-16color new file mode 100644 index 0000000..cbe8647 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen-16color differ diff --git a/cygwin/usr/share/terminfo/73/screen-256color b/cygwin/usr/share/terminfo/73/screen-256color new file mode 100644 index 0000000..6cca951 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen-256color differ diff --git a/cygwin/usr/share/terminfo/73/screen.Eterm b/cygwin/usr/share/terminfo/73/screen.Eterm new file mode 100644 index 0000000..8ed159d Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.Eterm differ diff --git a/cygwin/usr/share/terminfo/73/screen.gnome b/cygwin/usr/share/terminfo/73/screen.gnome new file mode 100644 index 0000000..b701f72 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.gnome differ diff --git a/cygwin/usr/share/terminfo/73/screen.konsole b/cygwin/usr/share/terminfo/73/screen.konsole new file mode 100644 index 0000000..6bb1b1f Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.konsole differ diff --git a/cygwin/usr/share/terminfo/73/screen.konsole-256color b/cygwin/usr/share/terminfo/73/screen.konsole-256color new file mode 100644 index 0000000..f217ff5 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.konsole-256color differ diff --git a/cygwin/usr/share/terminfo/73/screen.linux b/cygwin/usr/share/terminfo/73/screen.linux new file mode 100644 index 0000000..2a508d1 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.linux differ diff --git a/cygwin/usr/share/terminfo/73/screen.linux-m1 b/cygwin/usr/share/terminfo/73/screen.linux-m1 new file mode 100644 index 0000000..b0c2157 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.linux-m1 differ diff --git a/cygwin/usr/share/terminfo/73/screen.linux-m1b b/cygwin/usr/share/terminfo/73/screen.linux-m1b new file mode 100644 index 0000000..a464292 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.linux-m1b differ diff --git a/cygwin/usr/share/terminfo/73/screen.linux-m2 b/cygwin/usr/share/terminfo/73/screen.linux-m2 new file mode 100644 index 0000000..1aeb07d Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.linux-m2 differ diff --git a/cygwin/usr/share/terminfo/73/screen.linux-s b/cygwin/usr/share/terminfo/73/screen.linux-s new file mode 100644 index 0000000..769addb Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.linux-s differ diff --git a/cygwin/usr/share/terminfo/73/screen.minitel1 b/cygwin/usr/share/terminfo/73/screen.minitel1 new file mode 100644 index 0000000..d68fd85 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.minitel1 differ diff --git a/cygwin/usr/share/terminfo/73/screen.minitel1-nb b/cygwin/usr/share/terminfo/73/screen.minitel1-nb new file mode 100644 index 0000000..0aa29e0 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.minitel1-nb differ diff --git a/cygwin/usr/share/terminfo/73/screen.minitel12-80 b/cygwin/usr/share/terminfo/73/screen.minitel12-80 new file mode 100644 index 0000000..2d5b0fa Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.minitel12-80 differ diff --git a/cygwin/usr/share/terminfo/73/screen.minitel1b b/cygwin/usr/share/terminfo/73/screen.minitel1b new file mode 100644 index 0000000..29dc296 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.minitel1b differ diff --git a/cygwin/usr/share/terminfo/73/screen.minitel1b-80 b/cygwin/usr/share/terminfo/73/screen.minitel1b-80 new file mode 100644 index 0000000..32d38b3 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.minitel1b-80 differ diff --git a/cygwin/usr/share/terminfo/73/screen.minitel1b-nb b/cygwin/usr/share/terminfo/73/screen.minitel1b-nb new file mode 100644 index 0000000..4c53f1f Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.minitel1b-nb differ diff --git a/cygwin/usr/share/terminfo/73/screen.minitel2-80 b/cygwin/usr/share/terminfo/73/screen.minitel2-80 new file mode 100644 index 0000000..2d5b0fa Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.minitel2-80 differ diff --git a/cygwin/usr/share/terminfo/73/screen.mlterm b/cygwin/usr/share/terminfo/73/screen.mlterm new file mode 100644 index 0000000..402a07c Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.mlterm differ diff --git a/cygwin/usr/share/terminfo/73/screen.mlterm-256color b/cygwin/usr/share/terminfo/73/screen.mlterm-256color new file mode 100644 index 0000000..12d850b Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.mlterm-256color differ diff --git a/cygwin/usr/share/terminfo/73/screen.mrxvt b/cygwin/usr/share/terminfo/73/screen.mrxvt new file mode 100644 index 0000000..7ce35ef Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.mrxvt differ diff --git a/cygwin/usr/share/terminfo/73/screen.putty b/cygwin/usr/share/terminfo/73/screen.putty new file mode 100644 index 0000000..99cd51f Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.putty differ diff --git a/cygwin/usr/share/terminfo/73/screen.putty-256color b/cygwin/usr/share/terminfo/73/screen.putty-256color new file mode 100644 index 0000000..af6777f Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.putty-256color differ diff --git a/cygwin/usr/share/terminfo/73/screen.putty-m1 b/cygwin/usr/share/terminfo/73/screen.putty-m1 new file mode 100644 index 0000000..67912a1 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.putty-m1 differ diff --git a/cygwin/usr/share/terminfo/73/screen.putty-m1b b/cygwin/usr/share/terminfo/73/screen.putty-m1b new file mode 100644 index 0000000..caa7148 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.putty-m1b differ diff --git a/cygwin/usr/share/terminfo/73/screen.putty-m2 b/cygwin/usr/share/terminfo/73/screen.putty-m2 new file mode 100644 index 0000000..040b4ed Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.putty-m2 differ diff --git a/cygwin/usr/share/terminfo/73/screen.rxvt b/cygwin/usr/share/terminfo/73/screen.rxvt new file mode 100644 index 0000000..a08f450 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.rxvt differ diff --git a/cygwin/usr/share/terminfo/73/screen.teraterm b/cygwin/usr/share/terminfo/73/screen.teraterm new file mode 100644 index 0000000..77eec89 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.teraterm differ diff --git a/cygwin/usr/share/terminfo/73/screen.vte b/cygwin/usr/share/terminfo/73/screen.vte new file mode 100644 index 0000000..ac73e87 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.vte differ diff --git a/cygwin/usr/share/terminfo/73/screen.vte-256color b/cygwin/usr/share/terminfo/73/screen.vte-256color new file mode 100644 index 0000000..f8b969c Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.vte-256color differ diff --git a/cygwin/usr/share/terminfo/73/screen.xterm-256color b/cygwin/usr/share/terminfo/73/screen.xterm-256color new file mode 100644 index 0000000..3dd14d4 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.xterm-256color differ diff --git a/cygwin/usr/share/terminfo/73/screen.xterm-new b/cygwin/usr/share/terminfo/73/screen.xterm-new new file mode 100644 index 0000000..41d6cb2 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.xterm-new differ diff --git a/cygwin/usr/share/terminfo/73/screen.xterm-r6 b/cygwin/usr/share/terminfo/73/screen.xterm-r6 new file mode 100644 index 0000000..5a56141 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.xterm-r6 differ diff --git a/cygwin/usr/share/terminfo/73/screen.xterm-xfree86 b/cygwin/usr/share/terminfo/73/screen.xterm-xfree86 new file mode 100644 index 0000000..00736f3 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/screen.xterm-xfree86 differ diff --git a/cygwin/usr/share/terminfo/73/st b/cygwin/usr/share/terminfo/73/st new file mode 100644 index 0000000..4e03fc9 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/st differ diff --git a/cygwin/usr/share/terminfo/73/st-0.6 b/cygwin/usr/share/terminfo/73/st-0.6 new file mode 100644 index 0000000..3d2d719 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/st-0.6 differ diff --git a/cygwin/usr/share/terminfo/73/st-0.7 b/cygwin/usr/share/terminfo/73/st-0.7 new file mode 100644 index 0000000..0052581 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/st-0.7 differ diff --git a/cygwin/usr/share/terminfo/73/st-0.8 b/cygwin/usr/share/terminfo/73/st-0.8 new file mode 100644 index 0000000..a16520e Binary files /dev/null and b/cygwin/usr/share/terminfo/73/st-0.8 differ diff --git a/cygwin/usr/share/terminfo/73/st-16color b/cygwin/usr/share/terminfo/73/st-16color new file mode 100644 index 0000000..a5bb49b Binary files /dev/null and b/cygwin/usr/share/terminfo/73/st-16color differ diff --git a/cygwin/usr/share/terminfo/73/st-256color b/cygwin/usr/share/terminfo/73/st-256color new file mode 100644 index 0000000..7d682fc Binary files /dev/null and b/cygwin/usr/share/terminfo/73/st-256color differ diff --git a/cygwin/usr/share/terminfo/73/st-direct b/cygwin/usr/share/terminfo/73/st-direct new file mode 100644 index 0000000..f22449c Binary files /dev/null and b/cygwin/usr/share/terminfo/73/st-direct differ diff --git a/cygwin/usr/share/terminfo/73/sun b/cygwin/usr/share/terminfo/73/sun new file mode 100644 index 0000000..52a2731 Binary files /dev/null and b/cygwin/usr/share/terminfo/73/sun differ diff --git a/cygwin/usr/share/terminfo/74/tek4014 b/cygwin/usr/share/terminfo/74/tek4014 new file mode 100644 index 0000000..e43d86b Binary files /dev/null and b/cygwin/usr/share/terminfo/74/tek4014 differ diff --git a/cygwin/usr/share/terminfo/74/tek4014-sm b/cygwin/usr/share/terminfo/74/tek4014-sm new file mode 100644 index 0000000..5b50712 Binary files /dev/null and b/cygwin/usr/share/terminfo/74/tek4014-sm differ diff --git a/cygwin/usr/share/terminfo/74/teraterm b/cygwin/usr/share/terminfo/74/teraterm new file mode 100644 index 0000000..e46b88f Binary files /dev/null and b/cygwin/usr/share/terminfo/74/teraterm differ diff --git a/cygwin/usr/share/terminfo/74/teraterm-256color b/cygwin/usr/share/terminfo/74/teraterm-256color new file mode 100644 index 0000000..9201a42 Binary files /dev/null and b/cygwin/usr/share/terminfo/74/teraterm-256color differ diff --git a/cygwin/usr/share/terminfo/74/teraterm2.3 b/cygwin/usr/share/terminfo/74/teraterm2.3 new file mode 100644 index 0000000..6f0d9d7 Binary files /dev/null and b/cygwin/usr/share/terminfo/74/teraterm2.3 differ diff --git a/cygwin/usr/share/terminfo/74/teraterm4.59 b/cygwin/usr/share/terminfo/74/teraterm4.59 new file mode 100644 index 0000000..5c9d70d Binary files /dev/null and b/cygwin/usr/share/terminfo/74/teraterm4.59 differ diff --git a/cygwin/usr/share/terminfo/74/teraterm4.97 b/cygwin/usr/share/terminfo/74/teraterm4.97 new file mode 100644 index 0000000..ead7a28 Binary files /dev/null and b/cygwin/usr/share/terminfo/74/teraterm4.97 differ diff --git a/cygwin/usr/share/terminfo/74/tmux b/cygwin/usr/share/terminfo/74/tmux new file mode 100644 index 0000000..cb376de Binary files /dev/null and b/cygwin/usr/share/terminfo/74/tmux differ diff --git a/cygwin/usr/share/terminfo/74/tmux-256color b/cygwin/usr/share/terminfo/74/tmux-256color new file mode 100644 index 0000000..6f348b2 Binary files /dev/null and b/cygwin/usr/share/terminfo/74/tmux-256color differ diff --git a/cygwin/usr/share/terminfo/74/tmux-direct b/cygwin/usr/share/terminfo/74/tmux-direct new file mode 100644 index 0000000..85967d2 Binary files /dev/null and b/cygwin/usr/share/terminfo/74/tmux-direct differ diff --git a/cygwin/usr/share/terminfo/76/vt100 b/cygwin/usr/share/terminfo/76/vt100 new file mode 100644 index 0000000..b4ee9b0 Binary files /dev/null and b/cygwin/usr/share/terminfo/76/vt100 differ diff --git a/cygwin/usr/share/terminfo/76/vt100-nav b/cygwin/usr/share/terminfo/76/vt100-nav new file mode 100644 index 0000000..4a37659 Binary files /dev/null and b/cygwin/usr/share/terminfo/76/vt100-nav differ diff --git a/cygwin/usr/share/terminfo/76/vt102 b/cygwin/usr/share/terminfo/76/vt102 new file mode 100644 index 0000000..8b6f13c Binary files /dev/null and b/cygwin/usr/share/terminfo/76/vt102 differ diff --git a/cygwin/usr/share/terminfo/76/vt220 b/cygwin/usr/share/terminfo/76/vt220 new file mode 100644 index 0000000..dc815fa Binary files /dev/null and b/cygwin/usr/share/terminfo/76/vt220 differ diff --git a/cygwin/usr/share/terminfo/76/vt320 b/cygwin/usr/share/terminfo/76/vt320 new file mode 100644 index 0000000..55e7f36 Binary files /dev/null and b/cygwin/usr/share/terminfo/76/vt320 differ diff --git a/cygwin/usr/share/terminfo/76/vt420 b/cygwin/usr/share/terminfo/76/vt420 new file mode 100644 index 0000000..b62b28d Binary files /dev/null and b/cygwin/usr/share/terminfo/76/vt420 differ diff --git a/cygwin/usr/share/terminfo/76/vt52 b/cygwin/usr/share/terminfo/76/vt52 new file mode 100644 index 0000000..83f3797 Binary files /dev/null and b/cygwin/usr/share/terminfo/76/vt52 differ diff --git a/cygwin/usr/share/terminfo/76/vt520 b/cygwin/usr/share/terminfo/76/vt520 new file mode 100644 index 0000000..2fdf64a Binary files /dev/null and b/cygwin/usr/share/terminfo/76/vt520 differ diff --git a/cygwin/usr/share/terminfo/76/vte b/cygwin/usr/share/terminfo/76/vte new file mode 100644 index 0000000..8110fc4 Binary files /dev/null and b/cygwin/usr/share/terminfo/76/vte differ diff --git a/cygwin/usr/share/terminfo/76/vte-256color b/cygwin/usr/share/terminfo/76/vte-256color new file mode 100644 index 0000000..9bdbb9f Binary files /dev/null and b/cygwin/usr/share/terminfo/76/vte-256color differ diff --git a/cygwin/usr/share/terminfo/76/vwmterm b/cygwin/usr/share/terminfo/76/vwmterm new file mode 100644 index 0000000..1800896 Binary files /dev/null and b/cygwin/usr/share/terminfo/76/vwmterm differ diff --git a/cygwin/usr/share/terminfo/77/wsvt25 b/cygwin/usr/share/terminfo/77/wsvt25 new file mode 100644 index 0000000..0ce5b56 Binary files /dev/null and b/cygwin/usr/share/terminfo/77/wsvt25 differ diff --git a/cygwin/usr/share/terminfo/77/wsvt25m b/cygwin/usr/share/terminfo/77/wsvt25m new file mode 100644 index 0000000..b016cd0 Binary files /dev/null and b/cygwin/usr/share/terminfo/77/wsvt25m differ diff --git a/cygwin/usr/share/terminfo/78/xfce b/cygwin/usr/share/terminfo/78/xfce new file mode 100644 index 0000000..4adf6d4 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xfce differ diff --git a/cygwin/usr/share/terminfo/78/xterm b/cygwin/usr/share/terminfo/78/xterm new file mode 100644 index 0000000..b51a85c Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm differ diff --git a/cygwin/usr/share/terminfo/78/xterm-1002 b/cygwin/usr/share/terminfo/78/xterm-1002 new file mode 100644 index 0000000..1f33eef Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-1002 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-1003 b/cygwin/usr/share/terminfo/78/xterm-1003 new file mode 100644 index 0000000..08ca1e5 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-1003 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-1005 b/cygwin/usr/share/terminfo/78/xterm-1005 new file mode 100644 index 0000000..9d7c954 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-1005 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-1006 b/cygwin/usr/share/terminfo/78/xterm-1006 new file mode 100644 index 0000000..89661fc Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-1006 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-16color b/cygwin/usr/share/terminfo/78/xterm-16color new file mode 100644 index 0000000..7c176e3 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-16color differ diff --git a/cygwin/usr/share/terminfo/78/xterm-24 b/cygwin/usr/share/terminfo/78/xterm-24 new file mode 100644 index 0000000..879072b Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-24 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-256color b/cygwin/usr/share/terminfo/78/xterm-256color new file mode 100644 index 0000000..97d44cc Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-256color differ diff --git a/cygwin/usr/share/terminfo/78/xterm-88color b/cygwin/usr/share/terminfo/78/xterm-88color new file mode 100644 index 0000000..7a6a0e9 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-88color differ diff --git a/cygwin/usr/share/terminfo/78/xterm-8bit b/cygwin/usr/share/terminfo/78/xterm-8bit new file mode 100644 index 0000000..5835108 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-8bit differ diff --git a/cygwin/usr/share/terminfo/78/xterm-basic b/cygwin/usr/share/terminfo/78/xterm-basic new file mode 100644 index 0000000..5184d01 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-basic differ diff --git a/cygwin/usr/share/terminfo/78/xterm-bold b/cygwin/usr/share/terminfo/78/xterm-bold new file mode 100644 index 0000000..5c29490 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-bold differ diff --git a/cygwin/usr/share/terminfo/78/xterm-color b/cygwin/usr/share/terminfo/78/xterm-color new file mode 100644 index 0000000..10bf2e1 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-color differ diff --git a/cygwin/usr/share/terminfo/78/xterm-direct b/cygwin/usr/share/terminfo/78/xterm-direct new file mode 100644 index 0000000..5494cbd Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-direct differ diff --git a/cygwin/usr/share/terminfo/78/xterm-direct16 b/cygwin/usr/share/terminfo/78/xterm-direct16 new file mode 100644 index 0000000..08185b1 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-direct16 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-direct2 b/cygwin/usr/share/terminfo/78/xterm-direct2 new file mode 100644 index 0000000..b094ef1 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-direct2 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-direct256 b/cygwin/usr/share/terminfo/78/xterm-direct256 new file mode 100644 index 0000000..ff14315 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-direct256 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-hp b/cygwin/usr/share/terminfo/78/xterm-hp new file mode 100644 index 0000000..bec3fcb Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-hp differ diff --git a/cygwin/usr/share/terminfo/78/xterm-mono b/cygwin/usr/share/terminfo/78/xterm-mono new file mode 100644 index 0000000..df66b3e Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-mono differ diff --git a/cygwin/usr/share/terminfo/78/xterm-new b/cygwin/usr/share/terminfo/78/xterm-new new file mode 100644 index 0000000..f217f64 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-new differ diff --git a/cygwin/usr/share/terminfo/78/xterm-nic b/cygwin/usr/share/terminfo/78/xterm-nic new file mode 100644 index 0000000..bd6d47a Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-nic differ diff --git a/cygwin/usr/share/terminfo/78/xterm-noapp b/cygwin/usr/share/terminfo/78/xterm-noapp new file mode 100644 index 0000000..081f9c6 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-noapp differ diff --git a/cygwin/usr/share/terminfo/78/xterm-old b/cygwin/usr/share/terminfo/78/xterm-old new file mode 100644 index 0000000..64473e4 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-old differ diff --git a/cygwin/usr/share/terminfo/78/xterm-p370 b/cygwin/usr/share/terminfo/78/xterm-p370 new file mode 100644 index 0000000..e0c541c Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-p370 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-p371 b/cygwin/usr/share/terminfo/78/xterm-p371 new file mode 100644 index 0000000..48dc003 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-p371 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-pcolor b/cygwin/usr/share/terminfo/78/xterm-pcolor new file mode 100644 index 0000000..af19a92 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-pcolor differ diff --git a/cygwin/usr/share/terminfo/78/xterm-r5 b/cygwin/usr/share/terminfo/78/xterm-r5 new file mode 100644 index 0000000..64449b8 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-r5 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-r6 b/cygwin/usr/share/terminfo/78/xterm-r6 new file mode 100644 index 0000000..16fd56e Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-r6 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-sco b/cygwin/usr/share/terminfo/78/xterm-sco new file mode 100644 index 0000000..93ca43f Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-sco differ diff --git a/cygwin/usr/share/terminfo/78/xterm-sun b/cygwin/usr/share/terminfo/78/xterm-sun new file mode 100644 index 0000000..4d6f0f1 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-sun differ diff --git a/cygwin/usr/share/terminfo/78/xterm-utf8 b/cygwin/usr/share/terminfo/78/xterm-utf8 new file mode 100644 index 0000000..f1dce09 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-utf8 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-vt220 b/cygwin/usr/share/terminfo/78/xterm-vt220 new file mode 100644 index 0000000..f5853fd Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-vt220 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-vt52 b/cygwin/usr/share/terminfo/78/xterm-vt52 new file mode 100644 index 0000000..25633cf Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-vt52 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-x10mouse b/cygwin/usr/share/terminfo/78/xterm-x10mouse new file mode 100644 index 0000000..03d8d3f Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-x10mouse differ diff --git a/cygwin/usr/share/terminfo/78/xterm-x11hilite b/cygwin/usr/share/terminfo/78/xterm-x11hilite new file mode 100644 index 0000000..1ff85c6 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-x11hilite differ diff --git a/cygwin/usr/share/terminfo/78/xterm-x11mouse b/cygwin/usr/share/terminfo/78/xterm-x11mouse new file mode 100644 index 0000000..1ac7b44 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-x11mouse differ diff --git a/cygwin/usr/share/terminfo/78/xterm-xf86-v32 b/cygwin/usr/share/terminfo/78/xterm-xf86-v32 new file mode 100644 index 0000000..0ae81a8 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-xf86-v32 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-xf86-v33 b/cygwin/usr/share/terminfo/78/xterm-xf86-v33 new file mode 100644 index 0000000..cd63624 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-xf86-v33 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-xf86-v333 b/cygwin/usr/share/terminfo/78/xterm-xf86-v333 new file mode 100644 index 0000000..1178372 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-xf86-v333 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-xf86-v40 b/cygwin/usr/share/terminfo/78/xterm-xf86-v40 new file mode 100644 index 0000000..8b02203 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-xf86-v40 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-xf86-v43 b/cygwin/usr/share/terminfo/78/xterm-xf86-v43 new file mode 100644 index 0000000..416ebe9 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-xf86-v43 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-xf86-v44 b/cygwin/usr/share/terminfo/78/xterm-xf86-v44 new file mode 100644 index 0000000..d607c25 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-xf86-v44 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-xfree86 b/cygwin/usr/share/terminfo/78/xterm-xfree86 new file mode 100644 index 0000000..38ff566 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-xfree86 differ diff --git a/cygwin/usr/share/terminfo/78/xterm-xi b/cygwin/usr/share/terminfo/78/xterm-xi new file mode 100644 index 0000000..81c2f78 Binary files /dev/null and b/cygwin/usr/share/terminfo/78/xterm-xi differ diff --git a/cygwin/var/cache/.gitkeep b/cygwin/var/cache/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/var/lib/.gitkeep b/cygwin/var/lib/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/var/log/.gitkeep b/cygwin/var/log/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/var/run/.gitkeep b/cygwin/var/run/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cygwin/var/tmp/.gitkeep b/cygwin/var/tmp/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..a8b2db6 --- /dev/null +++ b/readme.md @@ -0,0 +1,111 @@ +# zapret winws bundle for windows + +[main repository](https://github.com/bol-van/zapret) + +requirements : +* Windows 7 x64, Windows server 2008 R2 (os updates may be required) +* Windows 8+ x64, Windows server 2012+ (may require to disable secure boot) +* Windows 11+ ARM64, Windows server 2025+ (requires testsigning mode) + +[ENGLISH](#quick-start) + +### Краткое описание файлов + +* `_CMD_ADMIN.cmd` : открыть командную строку под администратором +* `winws.exe` : главный компонент zapret, средство обхода DPI, версия nfqws для windows +* `winws.exe` : главный компонент zapret2, средство обхода DPI, версия nfqws2 для windows +* `preset_example.cmd` : интерактивный запуск стратегии-примера (не является готовым лекарством) +* `preset2_example.cmd` : интерактивный запуск стратегии-примера на базе winws2 (не является готовым лекарством) +* `preset_wireguard.cmd` : интерактивный запуск обхода блокировки wireguard протокола на любых портах +* `service_*.cmd` : установка и управление службой windows (режим неинтерактивного автозапуска). НЕ ЗАПУСКАТЬ БЕЗ РЕДАКТИРОВАНИЯ ! +* `task_*.cmd` : установка и управление запланированными задачами windows (режим неинтерактивного автозапуска). НЕ ЗАПУСКАТЬ БЕЗ РЕДАКТИРОВАНИЯ ! +* `enable_tcp_timestamps.cmd` : включить таймштампы tcp. по умолчанию отключены. требуются для ts fooling. +* `windivert_delete.cmd` : остановить и удалить драйвер windivert +* `killall.exe` : программа из cygwin для посылки unix сигналов winws +* `elevator.exe` : запускает программы от имени администратора +* `cygwin\cygwin.cmd` : запуск командной строки cygwin под текущим пользователем +* `cygwin\cygwin-admin.cmd` : запуск командной строки cygwin под администратором +* `blockcheck\blockcheck.cmd` : анализатор способов обхода DPI. Запускать только с остановленным zapret и другими средствами обхода DPI ! +* `blockcheck\blockcheck-kyber.cmd` : то же самое, но используется CURL с многопакетным TLS Client Hello +* `blockcheck\blockcheck2.cmd` : анализатор способов обхода DPI на базе winws2. Запускать только с остановленным zapret и другими средствами обхода DPI ! +* `blockcheck\blockcheck2-kyber.cmd` : то же самое, но используется CURL с многопакетным TLS Client Hello + +### быстрый старт + +1) отключите все средства обхода блокировок, включая сам zapret +2) запустите `blockcheck/blockcheck.cmd` для поиска стратегий обхода DPI +3) если провайдер подменяет DNS - поменяйте DNS. если перехватывает DNS - используйте шифрованный DNS. +4) откройте `blockcheck.log` и найдите там рабочие стратегии (аргументы командной строки winws) +5) если можете - обьедините стратегии для http, https и quic. это требует знаний как работает обход DPI. +6) запустите winws с найденными параметрами из zapret-winws от имени администратора +7) `zapret-winws/task_*.cmd` управляют запланированными задачами для автозапуска вместе с windows. + `zapret-winws/service_*.cmd` управляет службами windows для автозапуска вместе с windows. + выберите один из вариантов, внесите туда параметры winws, при необходимости дублируйте код для поддержки нескольких экземпляров winws. + создайте и запустите запланированные задачи. запускать cmd от имени администратора. + +Подробности читайте в основном репозитории в `docs/windows.txt`, `docs/quick_start_windows.txt` + +### ARM64 подготовка +1) запустите `arm64/install_arm64.cmd` +2) перезагрузите систему, если режим testsigning не был включен ранее. надпись "тестовый режим" должна быть на рабочем столе справа внизу. + +### WIN7 подготовка +Если windivert не работает как есть запустите `win7/install_win7.cmd`. Или накатите обновления ESU. + +### АНТИВИРУСЫ +windivert может вызвать реакцию антивируса. +windivert - это инструмент для перехвата и фильтрации трафика, необходимый для работы zapret. +Замена iptables и NFQUEUE в Linux, которых нет под Windows. +Он может использоваться как хорошими, так и плохими программами, но сам по себе не является вирусом. +Драйвер windivert64.sys подписан для возможности загрузки в 64-битное ядро windows. +Но антивирусы склонны относить подобное к классам повышенного риска или хакерским инструментам. +В случае проблем используйте исключения или выключайте антивирус совсем. + +--- +### quick start + +1) disable all DPI bypass software including any VPN and zapret itself +2) run `blockcheck/blockcheck.cmd` to discover DPI bypass strategies +3) if your ISP fakes DNS - change DNS. if your ISP redirects DNS - use encrypted DNS. +4) open `blockcheck.log` and find working winws strategies (command line options) +5) if you can combine found strategies for http, https, quic. need knowledge how DPI bypass works. +6) run winws instances as admin from zapret-winws +7) `zapret-winws/task_*.cmd` manage scheduled task(s) to auto start winws. + `zapret-winws/service_*`.cmd manages windows service(s) to auto start winws. + choose one of them. edit .cmd files, add there your command line options. if required - clone the code to support multiple instances. + create and run scheduled task as admin + +### brief files description + +* `_CMD_ADMIN.cmd` : open command prompt as administrator +* `winws.exe` : main zapret component, DPI bypass tool, nfqws version for windows +* `winws2.exe` : main zapret2 component, DPI bypass tool, nfqws2 version for windows +* `preset_example.cmd` : run interactively example strategy +* `preset2_example.cmd` : run interactively example strategy using winws2 +* `preset_wireguard.cmd` : run interactively wireguard protocol bypass +* `service_*.cmd` : windows service setup and control (non-interactive autostart mode) +* `task_*.cmd` : scheduled tasks setup and control (non-interactive autostart mode) +* `enable_tcp_timestamps.cmd` : enable tcp timestamps. they are disabled by default and required for ts fooling. +* `windivert_delete.cmd` : stop and delete windivert driver +* `killall.exe` : cygwin tool used in reload_lists.cmd. allows to send signals to winws. +* `elevator.exe` : simple tool to run a program as admin +* `cygwin\cygwin.cmd` : run cygwin prompt with current user privileges +* `cygwin\cygwin-admin.cmd` : run cygwin prompts with administrator privileges +* `blockcheck\blockcheck.cmd` : DPI bypass analyzer tool. Run only with zapret and other DPI bypass software stopped ! +* `blockcheck\blockcheck-kyber.cmd` : use CURL with multi-segment TLS Client Hello +* `blockcheck\blockcheck2.cmd` : DPI bypass analyzer tool, winws2 based. Run only with zapret and other DPI bypass software stopped ! +* `blockcheck\blockcheck2-kyber.cmd` : use CURL with multi-segment TLS Client Hello + +For full description refer to `docs/windows.txt` in the main repository. + +### ARM64 preparation +1) run `arm64/install_arm64.cmd` +2) reboot if testsigning mode is not already enabled. "test mode" text should be present in the right bottom corner of the screen. + +### WIN7 preparation +If windivert cannot start as is run `win7/install_win7.cmd`. Or install ESU updates. + +### ANTIVIRUS WARNING +windivert may cause antivirus reaction. It's not a virus, your antivirus is insane. +It can treat windivert as potential risk or hacker instrument. +Use exceptions or disable AV completely if you are affected. diff --git a/tools/elevator.exe b/tools/elevator.exe new file mode 100644 index 0000000..9e76819 Binary files /dev/null and b/tools/elevator.exe differ diff --git a/win7/WinDivert.dll b/win7/WinDivert.dll new file mode 100644 index 0000000..a6ef7c7 Binary files /dev/null and b/win7/WinDivert.dll differ diff --git a/win7/WinDivert64.sys b/win7/WinDivert64.sys new file mode 100644 index 0000000..f50eb18 Binary files /dev/null and b/win7/WinDivert64.sys differ diff --git a/win7/install_win7.cmd b/win7/install_win7.cmd new file mode 100644 index 0000000..28918ad --- /dev/null +++ b/win7/install_win7.cmd @@ -0,0 +1,41 @@ +@echo off + +cd /d "%~dp0" +setlocal enabledelayedexpansion + +if [%1] == [install] goto :install + +if %PROCESSOR_ARCHITECTURE%==AMD64 ( + FOR /F "tokens=1 skip=1 USEBACKQ" %%B IN (`wmic os get BuildNumber`) do set BUILD=!BUILD!%%B + if defined BUILD ( + goto :build + ) else ( + echo could not get OS build number + ) +) else ( + echo this works only on x64 +) +goto :ex + +:build +echo OS build number %BUILD% +if NOT %BUILD%==7601 if NOT %BUILD%==7600 goto dont +"%~dp0..\tools\elevator" "%~dpf0" install +goto :eof + +:dont +echo only windows 7 is supported +goto ex + +:install +echo copying windows 7 compatible windivert 2.2.0-C +copy WinDivert64.sys ..\zapret-winws +copy WinDivert.dll ..\zapret-winws +copy WinDivert64.sys ..\blockcheck\zapret\nfq +copy WinDivert.dll ..\blockcheck\zapret\nfq +copy WinDivert64.sys ..\blockcheck\zapret2\nfq2 +copy WinDivert.dll ..\blockcheck\zapret2\nfq2 +echo DONE + +:ex +pause diff --git a/windivert-hide/Monkey64.sys b/windivert-hide/Monkey64.sys new file mode 100644 index 0000000..218ccaf Binary files /dev/null and b/windivert-hide/Monkey64.sys differ diff --git a/windivert-hide/README.txt b/windivert-hide/README.txt new file mode 100644 index 0000000..f8402c8 --- /dev/null +++ b/windivert-hide/README.txt @@ -0,0 +1,19 @@ +Это попытка скрыть windivert от некоторых программ (игры, античит), которые его не любят. +Может сработать, если проверка идет только по наличию драйвера с именем службы "windivert" или именем файла драйвера "WinDivert64.sys". +Имя службы драйвера переименовано в "Monkey", а файл драйвера - в "Monkey64.sys". +Однако, если проверка идет по имени устройства, создаваемого драйвером, или иным способом, +не связанным с именем службы и именем файла драйвера, то такую проверку обмануть не выйдет. +Monkey64.sys является точной копией WinDivert64.sys. WinDivert.dll был пересобран с небольшим патчингом кода. + +Для использования переписать файлы WinDivert.dll и Monkey64.sys туда, где находится файл winws.exe. +Предварительно не забыть снять все программы, использующие windivert, и остановить оригинальную службу драйвера "WinDivert" +("sc stop windivert" от администратора или "zapret-winws/windivert_delete.cmd") + +Для удаления измененной версии драйвера запустить "monkey_delete.cmd". + + +This is to hide windivert from software that check for presence of "WinDivert" service. +It does not help in case software checks for device created by driver. +It still has original name because changing it would require to recompile and resign driver. + +To use : copy WinDivert.dll and Monkey64.sys to winws.exe folder. diff --git a/windivert-hide/WinDivert.dll b/windivert-hide/WinDivert.dll new file mode 100644 index 0000000..41b0982 Binary files /dev/null and b/windivert-hide/WinDivert.dll differ diff --git a/windivert-hide/monkey_delete.cmd b/windivert-hide/monkey_delete.cmd new file mode 100644 index 0000000..b3d6373 --- /dev/null +++ b/windivert-hide/monkey_delete.cmd @@ -0,0 +1,21 @@ +@echo off + +if "%1%" == "del" ( + echo DELETE MONKEY DRIVER + sc delete monkey + sc stop monkey + goto :end +) + +sc qc monkey +if errorlevel 1 goto :end + +echo. +choice /C YN /M "Do you want to stop and delete monkey" +if ERRORLEVEL 2 goto :eof + +"%~dp0..\tools\elevator" %0 del +goto :eof + +:end +pause diff --git a/zapret-winws/WinDivert.dll b/zapret-winws/WinDivert.dll new file mode 100644 index 0000000..50ca874 Binary files /dev/null and b/zapret-winws/WinDivert.dll differ diff --git a/zapret-winws/WinDivert64.sys b/zapret-winws/WinDivert64.sys new file mode 100644 index 0000000..218ccaf Binary files /dev/null and b/zapret-winws/WinDivert64.sys differ diff --git a/zapret-winws/_CMD_ADMIN.cmd b/zapret-winws/_CMD_ADMIN.cmd new file mode 100644 index 0000000..a67e6c8 --- /dev/null +++ b/zapret-winws/_CMD_ADMIN.cmd @@ -0,0 +1,3 @@ +@echo off + +"%~dp0elevator" cmd /k cd /d "%~dp0" diff --git a/zapret-winws/cygwin1.dll b/zapret-winws/cygwin1.dll new file mode 100644 index 0000000..1bb2e05 Binary files /dev/null and b/zapret-winws/cygwin1.dll differ diff --git a/zapret-winws/elevator.exe b/zapret-winws/elevator.exe new file mode 100644 index 0000000..9e76819 Binary files /dev/null and b/zapret-winws/elevator.exe differ diff --git a/zapret-winws/enable_timestamps.cmd b/zapret-winws/enable_timestamps.cmd new file mode 100644 index 0000000..c1c8306 --- /dev/null +++ b/zapret-winws/enable_timestamps.cmd @@ -0,0 +1,14 @@ +@echo off + +if "%1%" == "doit" ( + echo enable tcp timestamps + netsh interface tcp set global timestamps=enabled + goto :end +) + +"%~dp0elevator" %0 doit +goto :eof + +:end +pause + diff --git a/zapret-winws/files/list-youtube.txt b/zapret-winws/files/list-youtube.txt new file mode 100644 index 0000000..04e53a7 --- /dev/null +++ b/zapret-winws/files/list-youtube.txt @@ -0,0 +1,14 @@ +googlevideo.com +youtubei.googleapis.com +ytimg.com +yt3.ggpht.com +yt4.ggpht.com +youtube.com +youtubeembeddedplayer.googleapis.com +ytimg.l.google.com +jnn-pa.googleapis.com +youtube-nocookie.com +youtube-ui.l.google.com +yt-video-upload.l.google.com +wide-youtube.l.google.com +youtu.be diff --git a/zapret-winws/files/quic_initial_www_google_com.bin b/zapret-winws/files/quic_initial_www_google_com.bin new file mode 100644 index 0000000..80a07cc Binary files /dev/null and b/zapret-winws/files/quic_initial_www_google_com.bin differ diff --git a/zapret-winws/killall.exe b/zapret-winws/killall.exe new file mode 100644 index 0000000..bcb4cde Binary files /dev/null and b/zapret-winws/killall.exe differ diff --git a/zapret-winws/lua/zapret-antidpi.lua b/zapret-winws/lua/zapret-antidpi.lua new file mode 100644 index 0000000..0978695 --- /dev/null +++ b/zapret-winws/lua/zapret-antidpi.lua @@ -0,0 +1,892 @@ +--[[ + +NFQWS2 ANTIDPI LIBRARY + +--lua-init=@zapret-lib.lua --lua-init=@zapret-antidpi.lua +--lua-desync=func1:arg1[=val1]:arg2[=val2] --lua-desync=func2:arg1[=val1]:arg2[=val2] .... --lua-desync=funcN:arg1[=val1]:arg2[=val2] + +BLOBS + +blobs can be 0xHEX, field name in desync or global var +standard way to bring binary data to lua code is using the "--blob" parameter of nfqws2 +dynamic blobs can be inside desync table. one function can prepare data for next functions. + +STANDARD FUNCTION ARGS + +standard direction : + +* dir = in|out|any + +standard fooling : + +* ip_ttl=N - set ipv.ip_ttl to N +* ip6_ttl=N - set ip6.ip6_hlim to N +* ip_autottl=delta,min-max - set ip.ip_ttl to auto discovered ttl +* ip6_autottl=delta,min-max - set ip.ip_ttl to auto discovered ttl + +* ip6_hopbyhop[=hex] - add hopbyhop ipv6 header with optional data. data size must be 6+N*8. all zero by default. +* ip6_hopbyhop2[=hex] - add second hopbyhop ipv6 header with optional data. data size must be 6+N*8. all zero by default. +* ip6_destopt[=hex] - add destopt ipv6 header with optional data. data size must be 6+N*8. all zero by default. +* ip6_destopt2[=hex] - add second destopt ipv6 header with optional data. data size must be 6+N*8. all zero by default. +* ip6_routing[=hex] - add routing ipv6 header with optional data. data size must be 6+N*8. all zero by default. +* ip6_ah[=hex] - add authentication ipv6 header with optional data. data size must be 6+N*4. 0000 + 4 random bytes by default. + +* tcp_seq=N - add N to tcp.th_seq +* tcp_ack=N - add N to tcp.th_ack +* tcp_ts=N - add N to timestamp value +* tcp_md5[=hex] - add MD5 header with optional 16-byte data. all zero by default. +* tcp_flags_set= - set tcp flags in comma separated list +* tcp_flags_unset= - unset tcp flags in comma separated list +* tcp_ts_up - move timestamp tcp option to the top if present (workaround for badack without badseq fooling) + +* fool=fool_function - custom fooling function : fool_func(dis, fooling_options) + +standard reconstruct : + +* badsum - make L4 checksum invalid + +standard rawsend : + +* repeats - how many time send the packet +* ifout - override outbound interface (if --bind_fix4, --bind-fix6 enabled) +* fwmark - override fwmark. desync mark bit(s) will be set unconditionally + +standard payload : + +* payload - comma separarated list of allowed payload types. if not present - allow non-empty known payloads. + +standard ip_id : + +* ip_id - seq|rnd|zero|none +* ip_id_conn - in 'seq' mode save current ip_id in track.lua_state to use it between packets + +standard ipfrag : + +* ipfrag[=frag_function] - ipfrag function name. "ipfrag2" by default if empty +* ipfrag_disorder - send fragments from last to first +* ipfrag2 : ipfrag_pos_udp - udp frag position. ipv4 : starting from L4 header. ipb6: starting from fragmentable part. must be multiple of 8. default 8 +* ipfrag2 : ipfrag_pos_tcp - tcp frag position. ipv4 : starting from L4 header. ipb6: starting from fragmentable part. must be multiple of 8. default 32 +* ipfrag2 : ipfrag_next - next protocol field in ipv6 fragment extenstion header of the second fragment. same as first by default. + +]] + + +-- drop packet +-- standard args : direction, payload +function drop(ctx, desync) + direction_cutoff_opposite(ctx, desync, "any") + if direction_check(desync, "any") and payload_check(desync,"all") then + DLOG("drop") + return VERDICT_DROP + end +end + +-- nfqws1 : "--dup" +-- standard args : direction, fooling, ip_id, ipfrag, rawsend, reconstruct +function send(ctx, desync) + direction_cutoff_opposite(ctx, desync, "any") + if direction_check(desync, "any") then + DLOG("send") + local dis = deepcopy(desync.dis) + apply_fooling(desync, dis) + apply_ip_id(desync, dis, nil, "none") + -- it uses rawsend, reconstruct and ipfrag options + rawsend_dissect_ipfrag(dis, desync_opts(desync)) + end +end + +-- nfqws1 : "--orig" +-- apply modification to current packet +-- standard args : direction, fooling, ip_id +function pktmod(ctx, desync) + direction_cutoff_opposite(ctx, desync, "any") + if direction_check(desync, "any") then + -- apply to current packet + apply_fooling(desync) + apply_ip_id(desync, nil, nil, "none") + DLOG("pktmod: applied") + return VERDICT_MODIFY + end +end + +-- nfqws1 : "--domcase" +-- standard args : direction +function http_domcase(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + if desync.l7payload=="http_req" and direction_check(desync) then + local host_range = resolve_multi_pos(desync.dis.payload,desync.l7payload,"host,endhost") + if #host_range == 2 then + local host = string.sub(desync.dis.payload,host_range[1],host_range[2]-1) + local newhost="", i + for i = 1, #host do + newhost=newhost..((i%2)==0 and string.lower(string.sub(host,i,i)) or string.upper(string.sub(host,i,i))) + end + DLOG("http_domcase: "..host.." => "..newhost) + desync.dis.payload = string.sub(desync.dis.payload, 1, host_range[1]-1)..newhost..string.sub(desync.dis.payload, host_range[2]) + return VERDICT_MODIFY + else + DLOG("http_domcase: cannot find host range") + end + end +end + +-- nfqws1 : "--hostcase" +-- standard args : direction +-- arg : spell= . spelling of the "Host" header. must be exactly 4 chars long +function http_hostcase(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + if desync.l7payload=="http_req" and direction_check(desync) then + local spell = desync.arg.spell or "host" + if #spell ~= 4 then + error("http_hostcase: invalid host spelling '"..spell.."'") + else + local hdis = http_dissect_req(desync.dis.payload) + if hdis.headers.host then + DLOG("http_hostcase: 'Host:' => '"..spell.."'") + desync.dis.payload = string.sub(desync.dis.payload,1,hdis.headers.host.pos_start-1)..spell..string.sub(desync.dis.payload,hdis.headers.host.pos_header_end+1) + return VERDICT_MODIFY + else + DLOG("http_hostcase: 'Host:' header not found") + end + end + end +end + +-- nfqws1 : "--methodeol" +-- standard args : direction +function http_methodeol(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + if desync.l7payload=="http_req" and direction_check(desync) then + local hdis = http_dissect_req(desync.dis.payload) + local ua = hdis.headers["user-agent"] + if ua then + if (ua.pos_end - ua.pos_value_start) < 2 then + DLOG("http_methodeol: 'User-Agent:' header is too short") + else + DLOG("http_methodeol: applied") + desync.dis.payload="\r\n"..string.sub(desync.dis.payload,1,ua.pos_end-2)..(string.sub(desync.dis.payload,ua.pos_end+1) or ""); + return VERDICT_MODIFY + end + else + DLOG("http_methodeol: 'User-Agent:' header not found") + end + end +end + +-- nfqws1 : "--synack-split" +-- standard args : rawsend, reconstruct, ipfrag +-- arg : mode=syn|synack|acksyn . "synack" by default +function synack_split(ctx, desync) + if desync.dis.tcp then + if bitand(desync.dis.tcp.th_flags, TH_SYN + TH_ACK) == (TH_SYN + TH_ACK) then + local mode = desync.arg.mode or "synack" + local options = desync_opts(desync) + if mode=="syn" then + local dis = deepcopy(desync.dis) + dis.tcp.th_flags = bitand(desync.dis.tcp.th_flags, bitnot(TH_ACK)) + DLOG("synack_split: sending SYN") + if not rawsend_dissect_ipfrag(dis, options) then return VERDICT_PASS end + return VERDICT_DROP + elseif mode=="synack" then + local dis = deepcopy(desync.dis) + dis.tcp.th_flags = bitand(desync.dis.tcp.th_flags, bitnot(TH_ACK)) + DLOG("synack_split: sending SYN") + if not rawsend_dissect_ipfrag(dis, options) then return VERDICT_PASS end + dis.tcp.th_flags = bitand(desync.dis.tcp.th_flags, bitnot(TH_SYN)) + DLOG("synack_split: sending ACK") + if not rawsend_dissect_ipfrag(dis, options) then return VERDICT_PASS end + return VERDICT_DROP + elseif mode=="acksyn" then + local dis = deepcopy(desync.dis) + dis.tcp.th_flags = bitand(desync.dis.tcp.th_flags, bitnot(TH_SYN)) + DLOG("synack_split: sending ACK") + if not rawsend_dissect_ipfrag(dis, options) then return VERDICT_PASS end + dis.tcp.th_flags = bitand(desync.dis.tcp.th_flags, bitnot(TH_ACK)) + DLOG("synack_split: sending SYN") + if not rawsend_dissect_ipfrag(dis, options) then return VERDICT_PASS end + return VERDICT_DROP + else + error("synack_split: bad mode '"..mode.."'") + end + else + instance_cutoff_shim(ctx, desync) -- mission complete + end + else + instance_cutoff_shim(ctx, desync) + end +end + +-- nfqws1 : "--dpi-desync=synack" +-- standard args : rawsend, reconstruct, ipfrag +function synack(ctx, desync) + if desync.dis.tcp then + if bitand(desync.dis.tcp.th_flags, TH_SYN + TH_ACK)==TH_SYN then + local dis = deepcopy(desync.dis) + dis.tcp.th_flags = bitor(dis.tcp.th_flags, TH_ACK) + DLOG("synack: sending") + rawsend_dissect_ipfrag(dis, desync_opts(desync)) + else + instance_cutoff_shim(ctx, desync) -- mission complete + end + else + instance_cutoff_shim(ctx, desync) + end +end + + +-- nfqws1 : "--wsize" +-- arg : wsize=N . tcp window size +-- arg : scale=N . tcp option scale factor +function wsize(ctx, desync) + if desync.dis.tcp then + if bitand(desync.dis.tcp.th_flags, TH_SYN + TH_ACK) == (TH_SYN + TH_ACK) then + if wsize_rewrite(desync.dis, desync.arg) then + return VERDICT_MODIFY + end + else + instance_cutoff_shim(ctx, desync) -- mission complete + end + else + instance_cutoff_shim(ctx, desync) + end +end + +-- nfqws1 : "--wssize" +-- standard args : direction +-- arg : wsize=N . tcp window size +-- arg : scale=N . tcp option scale factor +-- arg : forced_cutoff= - comma separated list of payloads that trigger forced wssize cutoff. by default - any non-empty payload +function wssize(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + local verdict = VERDICT_PASS + direction_cutoff_opposite(ctx, desync) + if direction_check(desync) then + if wsize_rewrite(desync.dis, desync.arg) then + verdict = VERDICT_MODIFY + end + if #desync.dis.payload>0 and (not desync.arg.forced_cutoff or in_list(desync.arg.forced_cutoff, desync.l7payload)) then + DLOG("wssize: forced cutoff") + instance_cutoff_shim(ctx, desync) + end + end + return verdict +end + +-- nfqws1 : "--dpi-desync=syndata" +-- standard args : fooling, rawsend, reconstruct, ipfrag +-- arg : blob= - fake payload. must fit to single packet. no segmentation possible. default - 16 zero bytes. +-- arg : tls_mod= - comma separated list of tls mods : rnd,rndsni,sni=. sni=%var is supported +function syndata(ctx, desync) + if desync.dis.tcp then + if bitand(desync.dis.tcp.th_flags, TH_SYN + TH_ACK)==TH_SYN then + local dis = deepcopy(desync.dis) + dis.payload = blob(desync, desync.arg.blob, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") + apply_fooling(desync, dis) + if desync.arg.tls_mod then + dis.payload = tls_mod_shim(desync, dis.payload, desync.arg.tls_mod, nil) + end + if b_debug then DLOG("syndata: "..hexdump_dlog(dis.payload)) end + if rawsend_dissect_ipfrag(dis, desync_opts(desync)) then + return VERDICT_DROP + end + else + instance_cutoff_shim(ctx, desync) -- mission complete + end + else + instance_cutoff_shim(ctx, desync) + end +end + +-- nfqws1 : "--dpi-desync=rst" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct, ipfrag +-- arg : rstack - send RST,ACK instead of RST +function rst(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + if direction_check(desync, "any") and payload_check(desync) then + if replay_first(desync) then + local dis = deepcopy(desync.dis) + dis.payload = "" + dis.tcp.th_flags = TH_RST + (desync.arg.rstack and TH_ACK or 0) + apply_fooling(desync, dis) + apply_ip_id(desync, dis, nil, "none") + DLOG("rst") + -- it uses rawsend, reconstruct and ipfrag options + rawsend_dissect_ipfrag(dis, desync_opts(desync)) + else + DLOG("rst: not acting on further replay pieces") + end + end +end + +-- nfqws1 : "--dpi-desync=fake" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct, ipfrag +-- arg : blob= - fake payload +-- arg : tls_mod= - comma separated list of tls mods : rnd,rndsni,sni=,dupsid,padencap . sni=%var is supported +function fake(ctx, desync) + direction_cutoff_opposite(ctx, desync) + -- by default process only outgoing known payloads + if direction_check(desync) and payload_check(desync) then + if replay_first(desync) then + if not desync.arg.blob then + error("fake: 'blob' arg required") + end + local fake_payload = blob(desync, desync.arg.blob) + if desync.reasm_data and desync.arg.tls_mod then + fake_payload = tls_mod_shim(desync, fake_payload, desync.arg.tls_mod, desync.reasm_data) + end + -- check debug to save CPU + if b_debug then DLOG("fake: "..hexdump_dlog(fake_payload)) end + rawsend_payload_segmented(desync,fake_payload) + else + DLOG("fake: not acting on further replay pieces") + end + end +end + +-- nfqws1 : "--dpi-desync=multisplit" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct, ipfrag +-- arg : pos= . position marker list. for example : "1,host,midsld+1,-10" +-- arg : seqovl=N . decrease seq number of the first segment by N and fill N bytes with pattern (default - all zero) +-- arg : seqovl_pattern= . override pattern +-- arg : blob= - use this data instead of desync.dis.payload +-- arg : nodrop - do not drop current dissect +function multisplit(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + -- by default process only outgoing known payloads + local data = blob_or_def(desync, desync.arg.blob) or desync.reasm_data or desync.dis.payload + if #data>0 and direction_check(desync) and payload_check(desync) then + if replay_first(desync) then + local spos = desync.arg.pos or "2" + -- check debug to save CPU + if b_debug then DLOG("multisplit: split pos: "..spos) end + local pos = resolve_multi_pos(data, desync.l7payload, spos) + if b_debug then DLOG("multisplit: resolved split pos: "..table.concat(zero_based_pos(pos)," ")) end + delete_pos_1(pos) -- cannot split at the first byte + if #pos>0 then + for i=0,#pos do + local pos_start = pos[i] or 1 + local pos_end = i<#pos and pos[i+1]-1 or #data + local part = string.sub(data,pos_start,pos_end) + local seqovl=0 + if i==0 and desync.arg.seqovl and tonumber(desync.arg.seqovl)>0 then + seqovl = tonumber(desync.arg.seqovl) + local pat = desync.arg.seqovl_pattern and blob(desync,desync.arg.seqovl_pattern) or "\x00" + part = pattern(pat,1,seqovl)..part + end + if b_debug then DLOG("multisplit: sending part "..(i+1).." "..(pos_start-1).."-"..(pos_end-1).." len="..#part.." seqovl="..seqovl.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,pos_start-1-seqovl) then + return VERDICT_PASS + end + end + replay_drop_set(desync) + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + else + DLOG("multisplit: no valid split positions") + end + else + DLOG("multisplit: not acting on further replay pieces") + end + -- drop replayed packets if reasm was sent successfully in splitted form + if replay_drop(desync) then + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + end + end +end + +-- nfqws1 : "--dpi-desync=multidisorder" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct, ipfrag +-- arg : pos= . position marker list. example : "1,host,midsld+1,-10" +-- arg : seqovl=N . decrease seq number of the second segment in the original order by N and fill N bytes with pattern (default - all zero). N must be less than the first split pos. +-- arg : seqovl_pattern= . override pattern +-- arg : blob= - use this data instead of reasm_data +-- arg : nodrop - do not drop current dissect +function multidisorder(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + -- by default process only outgoing known payloads + local data = blob_or_def(desync, desync.arg.blob) or desync.reasm_data or desync.dis.payload + if #data>0 and direction_check(desync) and payload_check(desync) then + if replay_first(desync) then + local spos = desync.arg.pos or "2" + -- check debug to save CPU + if b_debug then DLOG("multidisorder: split pos: "..spos) end + local pos = resolve_multi_pos(data, desync.l7payload, spos) + if b_debug then DLOG("multidisorder: resolved split pos: "..table.concat(zero_based_pos(pos)," ")) end + delete_pos_1(pos) -- cannot split at the first byte + if #pos>0 then + for i=#pos,0,-1 do + local pos_start = pos[i] or 1 + local pos_end = i<#pos and pos[i+1]-1 or #data + local part = string.sub(data,pos_start,pos_end) + local seqovl=0 + if i==1 and desync.arg.seqovl then + seqovl = resolve_pos(data, desync.l7payload, desync.arg.seqovl) + if not seqovl then + DLOG("multidisorder: seqovl cancelled because could not resolve marker '"..desync.arg.seqovl.."'") + seqovl = 0 + else + seqovl = seqovl - 1 + if seqovl>=(pos[1]-1) then + DLOG("multidisorder: seqovl cancelled because seqovl "..seqovl.." is not less than the first split pos "..(pos[1]-1)) + seqovl = 0 + else + local pat = desync.arg.seqovl_pattern and blob(desync,desync.arg.seqovl_pattern) or "\x00" + part = pattern(pat,1,seqovl)..part + end + end + end + if b_debug then DLOG("multidisorder: sending part "..(i+1).." "..(pos_start-1).."-"..(pos_end-1).." len="..#part.." seqovl="..seqovl.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,pos_start-1-seqovl) then + return VERDICT_PASS + end + end + replay_drop_set(desync) + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + else + DLOG("multidisorder: no valid split positions") + end + else + DLOG("multidisorder: not acting on further replay pieces") + end + -- drop replayed packets if reasm was sent successfully in splitted form + if replay_drop(desync) then + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + end + end +end + +-- nfqws1 : "--dpi-desync=hostfakesplit" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct. FOOLING AND REPEATS APPLIED ONLY TO FAKES. +-- arg : host= - hostname template. generate hosts like "random.template". example : e8nzn.vk.com +-- arg : midhost= - additionally split segment containing host at specified posmarker. must be within host+1 .. endhost-1 or split won't happen. example : "midsld" +-- arg : nofake1, nofake2 - do not send individual fakes +-- arg : disorder_after= - send after_host part in 2 disordered segments. if posmarker is empty string use marker "-1" +-- arg : blob= - use this data instead of desync.dis.payload +-- arg : nodrop - do not drop current dissect +function hostfakesplit(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + -- by default process only outgoing known payloads + local data = blob_or_def(desync, desync.arg.blob) or desync.reasm_data or desync.dis.payload + if #data>0 and direction_check(desync) and payload_check(desync) then + if replay_first(desync) then + local pos = resolve_range(data, desync.l7payload, "host,endhost-1", true) + if pos then + if b_debug then DLOG("hostfakesplit: resolved host range: "..table.concat(zero_based_pos(pos)," ")) end + + -- do not apply fooling to original parts except tcp_ts_up but apply ip_id + local part, fakehost + local opts_orig = {rawsend = rawsend_opts_base(desync), reconstruct = {}, ipfrag = {}, ipid = desync.arg, fooling = {tcp_ts_up = desync.arg.tcp_ts_up}} + local opts_fake = {rawsend = rawsend_opts(desync), reconstruct = reconstruct_opts(desync), ipfrag = {}, ipid = desync.arg, fooling = desync.arg} + + part = string.sub(data,1,pos[1]-1) + if b_debug then DLOG("hostfakesplit: sending before_host part 0-"..(pos[1]-2).." len="..#part.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,0, opts_orig) then return VERDICT_PASS end + + fakehost = genhost(pos[2]-pos[1]+1, desync.arg.host) + + if not desync.arg.nofake1 then + if b_debug then DLOG("hostfakesplit: sending fake host part (1) "..(pos[1]-1).."-"..(pos[2]-1).." len="..#fakehost.." : "..hexdump_dlog(fakehost)) end + if not rawsend_payload_segmented(desync,fakehost,pos[1]-1, opts_fake) then return VERDICT_PASS end + end + + local midhost + if desync.arg.midhost then + midhost = resolve_pos(data,desync.l7payload,desync.arg.midhost) + if not midhost then + DLOG("hostfakesplit: cannot resolve midhost marker '"..desync.arg.midhost.."'") + end + DLOG("hosfakesplit: midhost marker resolved to "..midhost) + if midhost<=pos[1] or midhost>pos[2] then + DLOG("hostfakesplit: midhost is not inside the host range") + midhost = nil + end + end + -- if present apply ipfrag only to real host parts. fakes and parts outside of the host must be visible to DPI. + if midhost then + part = string.sub(data,pos[1],midhost-1) + if b_debug then DLOG("hostfakesplit: sending real host part 1 "..(pos[1]-1).."-"..(midhost-2).." len="..#part.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,pos[1]-1, opts_orig) then return VERDICT_PASS end + + part = string.sub(data,midhost,pos[2]) + if b_debug then DLOG("hostfakesplit: sending real host part 2 "..(midhost-1).."-"..(pos[2]-1).." len="..#part.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,midhost-1, opts_orig) then return VERDICT_PASS end + else + part = string.sub(data,pos[1],pos[2]) + if b_debug then DLOG("hostfakesplit: sending real host part "..(pos[1]-1).."-"..(pos[2]-1).." len="..#part.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,pos[1]-1, opts_orig) then return VERDICT_PASS end + end + + if not desync.arg.nofake2 then + if b_debug then DLOG("hostfakesplit: sending fake host part (2) "..(pos[1]-1).."-"..(pos[2]-1).." len="..#fakehost.." : "..hexdump_dlog(fakehost)) end + if not rawsend_payload_segmented(desync,fakehost,pos[1]-1, opts_fake) then return VERDICT_PASS end + end + + local disorder_after_pos + if desync.arg.disorder_after then + disorder_after_pos = resolve_pos(data, desync.l7payload, desync.arg.disorder_after=="" and "-1" or desync.arg.disorder_after) + if disorder_after_pos then + -- pos[2] points to the last letter of the host starting from 1 + if disorder_after_pos<=(pos[2]+1) then + DLOG("hostfakesplit: disorder_after marker '"..(disorder_after_pos-1).."' resolved to pos not after after_host pos "..pos[2]) + disorder_after_pos = nil + end + + else + DLOG("hostfakesplit: could not resolve disorder_after marker '"..desync.arg.disorder_after.."'") + end + end + if disorder_after_pos then + part = string.sub(data,disorder_after_pos) + if b_debug then DLOG("hostfakesplit: sending after_host part (2) "..(disorder_after_pos-1).."-"..(#data-1).." len="..#part.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,disorder_after_pos-1, opts_orig) then return VERDICT_PASS end + + part = string.sub(data,pos[2]+1,disorder_after_pos-1) + if b_debug then DLOG("hostfakesplit: sending after_host part (1) "..pos[2].."-"..(disorder_after_pos-2).." len="..#part.." : "..hexdump_dlog(part)) end + else + part = string.sub(data,pos[2]+1) + if b_debug then DLOG("hostfakesplit: sending after_host part "..pos[2].."-"..(#data-1).." len="..#part.." : "..hexdump_dlog(part)) end + end + if not rawsend_payload_segmented(desync,part,pos[2], opts_orig) then return VERDICT_PASS end + + replay_drop_set(desync) + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + else + DLOG("hostfakesplit: host range cannot be resolved") + end + else + DLOG("hostfakesplit: not acting on further replay pieces") + end + -- drop replayed packets if reasm was sent successfully in splitted form + if replay_drop(desync) then + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + end + end +end + +-- nfqws1 : "--dpi-desync=fakedsplit" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct. FOOLING AND REPEATS APPLIED ONLY TO FAKES. +-- arg : pos= - split position marker +-- arg : nofake1, nofake2, nofake3, nofake4 - do not send individual fakes +-- arg : pattern= . fill fake parts with this pattern +-- arg : seqovl=N . decrease seq number of the first segment by N and fill N bytes with pattern (default - all zero) +-- arg : seqovl_pattern= . override seqovl pattern +-- arg : blob= - use this data instead of reasm_data +-- arg : nodrop - do not drop current dissect +function fakedsplit(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + -- by default process only outgoing known payloads + local data = blob_or_def(desync, desync.arg.blob) or desync.reasm_data or desync.dis.payload + if #data>0 and direction_check(desync) and payload_check(desync) then + if replay_first(desync) then + local spos = desync.arg.pos or "2" + local pos = resolve_pos(data, desync.l7payload, spos) + if pos then + if pos == 1 then + DLOG("multidisorder: split pos resolved to 0. cannot split.") + else + if b_debug then DLOG("fakedsplit: resolved split pos: "..tostring(pos-1)) end + + -- do not apply fooling to original parts except tcp_ts_up but apply ip_id + local fake, fakepat, part, pat + local opts_orig = {rawsend = rawsend_opts_base(desync), reconstruct = {}, ipfrag = {}, ipid = desync.arg, fooling = {tcp_ts_up = desync.arg.tcp_ts_up}} + local opts_fake = {rawsend = rawsend_opts(desync), reconstruct = reconstruct_opts(desync), ipfrag = {}, ipid = desync.arg, fooling = desync.arg} + + fakepat = desync.arg.pattern and blob(desync,desync.arg.pattern) or "\x00" + + -- first fake + fake = pattern(fakepat,1,pos-1) + + if not desync.arg.nofake1 then + if b_debug then DLOG("fakedsplit: sending fake part 1 (1) : 0-"..(pos-2).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,0, opts_fake) then return VERDICT_PASS end + end + + -- first real + part = string.sub(data,1,pos-1) + local seqovl=0 + if desync.arg.seqovl and tonumber(desync.arg.seqovl)>0 then + seqovl = tonumber(desync.arg.seqovl) + pat = desync.arg.seqovl_pattern and blob(desync,desync.arg.seqovl_pattern) or "\x00" + part = pattern(pat,1,seqovl)..part + end + if b_debug then DLOG("fakedsplit: sending real part 1 : 0-"..(pos-2).." len="..#part.." seqovl="..seqovl.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,-seqovl, opts_orig) then return VERDICT_PASS end + + -- first fake again + if not desync.arg.nofake2 then + if b_debug then DLOG("fakedsplit: sending fake part 1 (2) : 0-"..(pos-2).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,0, opts_fake) then return VERDICT_PASS end + end + + -- second fake + fake = pattern(fakepat,pos,#data-pos+1) + if not desync.arg.nofake3 then + if b_debug then DLOG("fakedsplit: sending fake part 2 (1) : "..(pos-1).."-"..(#data-1).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,pos-1, opts_fake) then return VERDICT_PASS end + end + + -- second real + part = string.sub(data,pos) + if b_debug then DLOG("fakedsplit: sending real part 2 : "..(pos-1).."-"..(#data-1).." len="..#part.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,pos-1, opts_orig) then return VERDICT_PASS end + + -- second fake again + if not desync.arg.nofake4 then + if b_debug then DLOG("fakedsplit: sending fake part 2 (2) : "..(pos-1).."-"..(#data-1).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,pos-1, opts_fake) then return VERDICT_PASS end + end + + replay_drop_set(desync) + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + end + else + DLOG("fakedsplit: cannot resolve pos '"..desync.arg.pos.."'") + end + else + DLOG("fakedsplit: not acting on further replay pieces") + end + -- drop replayed packets if reasm was sent successfully in splitted form + if replay_drop(desync) then + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + end + end +end + +-- nfqws1 : "--dpi-desync=fakeddisorder" +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct. FOOLING AND REPEATS APPLIED ONLY TO FAKES. +-- arg : pos= - split position marker +-- arg : nofake1, nofake2, nofake3, nofake4 - do not send individual fakes +-- arg : pattern= . fill fake parts with this pattern +-- arg : seqovl=N . decrease seq number of the second segment by N and fill N bytes with pattern (default - all zero). N must be less than the split pos. +-- arg : seqovl_pattern= . override seqovl pattern +-- arg : blob= - use this data instead of desync.dis.payload +-- arg : nodrop - do not drop current dissect +function fakeddisorder(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + -- by default process only outgoing known payloads + local data = blob_or_def(desync, desync.arg.blob) or desync.reasm_data or desync.dis.payload + if #data>0 and direction_check(desync) and payload_check(desync) then + if replay_first(desync) then + local spos = desync.arg.pos or "2" + local pos = resolve_pos(data, desync.l7payload, spos) + if pos then + if pos == 1 then + DLOG("multidisorder: split pos resolved to 0. cannot split.") + else + if b_debug then DLOG("fakeddisorder: resolved split pos: "..tostring(pos-1)) end + + -- do not apply fooling to original parts except tcp_ts_up but apply ip_id + local fake, part, pat + local opts_orig = {rawsend = rawsend_opts_base(desync), reconstruct = {}, ipfrag = {}, ipid = desync.arg, fooling = {tcp_ts_up = desync.arg.tcp_ts_up}} + local opts_fake = {rawsend = rawsend_opts(desync), reconstruct = reconstruct_opts(desync), ipfrag = {}, ipid = desync.arg, fooling = desync.arg} + + fakepat = desync.arg.pattern and blob(desync,desync.arg.pattern) or "\x00" + + -- second fake + fake = pattern(fakepat,pos,#data-pos+1) + if not desync.arg.nofake1 then + if b_debug then DLOG("fakeddisorder: sending fake part 2 (1) : "..(pos-1).."-"..(#data-1).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,pos-1, opts_fake) then return VERDICT_PASS end + end + + -- second real + part = string.sub(data,pos) + local seqovl = 0 + if desync.arg.seqovl then + seqovl = resolve_pos(data, desync.l7payload, desync.arg.seqovl) + if seqovl then + seqovl = seqovl - 1 + if seqovl>=(pos-1) then + DLOG("fakeddisorder: seqovl cancelled because seqovl "..seqovl.." is not less than the split pos "..(pos-1)) + seqovl = 0 + else + local pat = desync.arg.seqovl_pattern and blob(desync,desync.arg.seqovl_pattern) or "\x00" + part = pattern(pat,1,seqovl)..part + end + else + DLOG("fakeddisorder: seqovl cancelled because could not resolve marker '"..desync.arg.seqovl.."'") + seqovl = 0 + end + end + if b_debug then DLOG("fakeddisorder: sending real part 2 : "..(pos-1).."-"..(#data-1).." len="..#part.." seqovl="..seqovl.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,pos-1-seqovl, opts_orig) then return VERDICT_PASS end + + -- second fake again + if not desync.arg.nofake2 then + if b_debug then DLOG("fakeddisorder: sending fake part 2 (2) : "..(pos-1).."-"..(#data-1).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,pos-1, opts_fake) then return VERDICT_PASS end + end + + -- first fake + fake = pattern(fakepat,1,pos-1) + if not desync.arg.nofake3 then + if b_debug then DLOG("fakeddisorder: sending fake part 1 (1) : 0-"..(pos-2).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,0, opts_fake) then return VERDICT_PASS end + end + + -- first real + part = string.sub(data,1,pos-1) + if b_debug then DLOG("fakeddisorder: sending real part 1 : 0-"..(pos-2).." len="..#part.." : "..hexdump_dlog(part)) end + if not rawsend_payload_segmented(desync,part,0, opts_orig) then return VERDICT_PASS end + + -- first fake again + if not desync.arg.nofake4 then + if b_debug then DLOG("fakeddisorder: sending fake part 1 (2) : 0-"..(pos-2).." len="..#fake.." : "..hexdump_dlog(fake)) end + if not rawsend_payload_segmented(desync,fake,0, opts_fake) then return VERDICT_PASS end + end + + replay_drop_set(desync) + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + end + else + DLOG("fakeddisorder: cannot resolve pos '"..desync.arg.pos.."'") + end + else + DLOG("fakeddisorder: not acting on further replay pieces") + end + -- drop replayed packets if reasm was sent successfully in splitted form + if replay_drop(desync) then + return desync.arg.nodrop and VERDICT_PASS or VERDICT_DROP + end + end +end + +-- nfqws1 : not available +-- standard args : direction, payload, fooling, ip_id, rawsend, reconstruct, ipfrag +-- arg : pos= . position marker list. 2 pos required, only 2 first pos used. example : "host,endhost" +-- arg : seqovl=N . decrease seq number of the first segment by N and fill N bytes with pattern (default - all zero) +-- arg : seqovl_pattern= . override pattern +-- arg : blob= - use this data instead of desync.dis.payload +function tcpseg(ctx, desync) + if not desync.dis.tcp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + if not desync.arg.pos then + error("tcpseg: no pos specified") + end + -- by default process only outgoing known payloads + local data = blob_or_def(desync, desync.arg.blob) or desync.reasm_data or desync.dis.payload + if #data>0 and direction_check(desync) and payload_check(desync) then + if replay_first(desync) then + if b_debug then DLOG("tcpseg: pos: "..desync.arg.pos) end + -- always returns 2 positions or nil or causes error + local pos = resolve_range(data, desync.l7payload, desync.arg.pos) + if pos then + -- check debug to save CPU + if b_debug then DLOG("tcpseg: resolved range: "..table.concat(zero_based_pos(pos)," ")) end + local part = string.sub(data,pos[1],pos[2]) + local seqovl=0 + if desync.arg.seqovl and tonumber(desync.arg.seqovl)>0 then + seqovl = tonumber(desync.arg.seqovl) + local pat = desync.arg.seqovl_pattern and blob(desync,desync.arg.seqovl_pattern) or "\x00" + part = pattern(pat,1,seqovl)..part + end + if b_debug then DLOG("tcpseg: sending "..(pos[1]-1).."-"..(pos[2]-1).." len="..#part.." seqovl="..seqovl.." : "..hexdump_dlog(part)) end + rawsend_payload_segmented(desync,part,pos[1]-1-seqovl) + else + DLOG("tcpseg: range cannot be resolved") + end + else + DLOG("tcpseg: not acting on further replay pieces") + end + end +end + +-- nfqws1 : "--dpi-desync=udplen" +-- standard args : direction, payload +-- arg : min=N . do not act on payloads smaller than N bytes +-- arg : max=N . do not act on payloads larger than N bytes +-- arg : increment=N . 2 by default. negative increment shrinks the packet, positive grows it. +-- arg : pattern= . used to fill extra bytes when length increases +-- arg : pattern_offset=N . offset in the pattern. 0 by default +function udplen(ctx, desync) + if not desync.dis.udp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + if direction_check(desync) and payload_check(desync) then + local len = #desync.dis.payload + if (desync.arg.min and #desync.dis.payload < tonumber(desync.arg.min)) then + DLOG("udplen: payload size "..len.." is less than the minimum size "..desync.arg.min) + elseif (desync.arg.max and #desync.dis.payload > tonumber(desync.arg.max)) then + DLOG("udplen: payload size "..len.." is more than the maximum size "..desync.arg.max) + else + local inc = desync.arg.increment and tonumber(desync.arg.increment) or 2 + if inc>0 then + local pat = desync.arg.pattern and blob(desync,desync.arg.pattern) or "\x00" + local pat_offset = desync.arg.pattern_offset and (tonumber(desync.arg.pattern_offset)+1) or 1 + desync.dis.payload = desync.dis.payload .. pattern(pat, pat_offset, inc) + DLOG("udplen: "..len.." => "..#desync.dis.payload) + return VERDICT_MODIFY + elseif inc<0 then + if (len+inc)<1 then + DLOG("udplen: will not shrink to zero length") + else + desync.dis.payload = string.sub(desync.dis.payload,1,len+inc) + DLOG("udplen: "..len.." => "..#desync.dis.payload) + end + return VERDICT_MODIFY + end + end + end +end + +-- nfqws1 : "--dpi-desync=tamper" for dht proto +-- standard args : direction +-- arg : dn=N - message starts from "dN". 2 by default +function dht_dn(ctx, desync) + if not desync.dis.udp then + instance_cutoff_shim(ctx, desync) + return + end + direction_cutoff_opposite(ctx, desync) + if desync.l7payload=="dht" and direction_check(desync) then + local N = tonumber(desync.arg.dn) or 2 + -- remove "d1" from the start not breaking bencode + local prefix = "d"..tostring(N)..":"..string.rep("0",N).."1:x" + desync.dis.payload = prefix..string.sub(desync.dis.payload,2) + DLOG("dht_dn: tampered dht to start with '"..prefix.."' instead of 'd1:'") + return VERDICT_MODIFY + end +end diff --git a/zapret-winws/lua/zapret-auto.lua b/zapret-winws/lua/zapret-auto.lua new file mode 100644 index 0000000..216a06e --- /dev/null +++ b/zapret-winws/lua/zapret-auto.lua @@ -0,0 +1,429 @@ +-- standard automation/orchestration code +-- this is related to making dynamic strategy decisions without rewriting or altering strategy function code +-- orchestrators can decide which instances to call or not to call or pass them dynamic arguments +-- failure and success detectors test potential block conditions for orchestrators + +-- standard host key generator for per-host storage +-- arg: reqhost - require hostname, do not work with ip +-- arg: nld=N - cut hostname to N level domain. NLD=2 static.intranet.microsoft.com => microsoft.com +function standard_hostkey(desync) + local hostkey = desync.track and desync.track.hostname + if hostkey then + if desync.arg.nld and tonumber(desync.arg.nld)>0 then + -- dissect_nld returns nil if domain is invalid or does not have this NLD + -- fall back to original hostkey if it fails + local hktemp = dissect_nld(hostkey, tonumber(desync.arg.nld)) + if hktemp then + hostkey = hktemp + end + end + elseif not desync.arg.reqhost then + hostkey = host_ip(desync) + end + return hostkey +end + +-- per-host storage +-- arg: key - a string - table name inside autostate table. to allow multiple orchestrator instances to use single host storage +-- arg: hostkey - hostkey generator function name +function automate_host_record(desync) + local hostkey, hkf, askey + + if desync.arg.hostkey then + if type(_G[desync.arg.hostkey])~="function" then + error("automate: invalid hostkey function '"..desync.arg.hostkey.."'") + end + hkf = _G[desync.arg.hostkey] + else + hkf = standard_hostkey + end + hostkey = hkf(desync) + if not hostkey then + DLOG("automate: host record key unavailable") + return nil + end + + askey = (desync.arg.key and #desync.arg.key>0) and desync.arg.key or desync.func_instance + DLOG("automate: host record key 'autostate."..askey.."."..hostkey.."'") + if not autostate then + autostate = {} + end + if not autostate[askey] then + autostate[askey] = {} + end + if not autostate[askey][hostkey] then + autostate[askey][hostkey] = {} + end + return autostate[askey][hostkey] +end +-- per-connection storage +function automate_conn_record(desync) + if not desync.track.lua_state.automate then + desync.track.lua_state.automate = {} + end + return desync.track.lua_state.automate +end + +-- counts failure, optionally (if crec is given) prevents dup failure counts in a single connection +-- if 'maxtime' between failures is exceeded then failure count is reset +-- return true if threshold ('fails') is reached +-- hres is host record. host or ip bound table +-- cres is connection record. connection bound table +function automate_failure_counter(hrec, crec, fails, maxtime) + if crec and crec.failure then + DLOG("automate: duplicate failure in the same connection. not counted") + else + if crec then crec.failure = true end + local tnow=os.time() + if not hrec.failure_time_last then + hrec.failure_time_last = tnow + end + if not hrec.failure_counter then + hrec.failure_counter = 0 + elseif tnow>(hrec.failure_time_last + maxtime) then + DLOG("automate: failure counter reset because last failure was "..(tnow - hrec.failure_time_last).." seconds ago") + hrec.failure_counter = 0 + end + hrec.failure_counter = hrec.failure_counter + 1 + hrec.failure_time_last = tnow + if b_debug then DLOG("automate: failure counter "..hrec.failure_counter..(fails and ('/'..fails) or '')) end + if fails and hrec.failure_counter>=fails then + hrec.failure_counter = nil -- reset counter + return true + end + end + return false +end +-- resets failure counter if it has started counting +function automate_failure_counter_reset(hrec) + if hrec.failure_counter then + DLOG("automate: failure counter reset") + hrec.failure_counter = nil + end +end + +-- location is url compatible with Location: header +-- hostname is original hostname +function is_dpi_redirect(hostname, location) + local ds = dissect_url(location) + if ds.domain then + local sld1 = dissect_nld(hostname,2) + local sld2 = dissect_nld(ds.domain,2) + return sld2 and sld1~=sld2 + end + return false +end + +function standard_detector_defaults(arg) + return { + inseq = tonumber(arg.inseq) or 4096, + retrans = tonumber(arg.retrans) or 3, + maxseq = tonumber(arg.maxseq) or 32768, + udp_in = tonumber(arg.udp_in) or 1, + udp_out = tonumber(arg.udp_out) or 4, + no_http_redirect = arg.no_http_redirect, + no_rst = arg.no_rst + } +end + +-- standard failure detector +-- works with tcp and udp +-- detected failures: +-- incoming RST +-- incoming http redirection +-- outgoing retransmissions +-- udp too much out with too few in +-- arg: maxseq= - tcp: test retransmissions only within this relative sequence. default is 32K +-- arg: retrans=N - tcp: retrans count threshold. default is 3 +-- arg: inseq= - tcp: maximum relative sequence number to treat incoming RST as DPI reset. default is 4K +-- arg: no_http_redirect - tcp: disable http_reply dpi redirect trigger +-- arg: no_rst - tcp: disable incoming RST trigger +-- arg: udp_out - udp: >= outgoing udp packets. default is 4 +-- arg: udp_in - udp: with <= incoming udp packets. default is 1 +function standard_failure_detector(desync, crec) + local arg = standard_detector_defaults(desync.arg) + local trigger = false + if desync.dis.tcp then + local seq = pos_get(desync,'s') + if desync.outgoing then + if #desync.dis.payload>0 and arg.retrans and arg.maxseq>0 and seq<=arg.maxseq and (crec.retrans or 0)=arg.retrans + end + end + else + if not arg.no_rst and arg.inseq>0 and bitand(desync.dis.tcp.th_flags, TH_RST)~=0 and seq>=1 then + trigger = seq<=arg.inseq + if b_debug then + if trigger then + DLOG("standard_failure_detector: incoming RST s"..seq.." in range s"..arg.inseq) + else + DLOG("standard_failure_detector: not counting incoming RST s"..seq.." beyond s"..arg.inseq) + end + end + elseif not arg.no_http_redirect and desync.l7payload=="http_reply" and desync.track.hostname then + local hdis = http_dissect_reply(desync.dis.payload) + if hdis and (hdis.code==302 or hdis.code==307) and hdis.headers.location and hdis.headers.location then + trigger = is_dpi_redirect(desync.track.hostname, hdis.headers.location.value) + if b_debug then + if trigger then + DLOG("standard_failure_detector: http redirect "..hdis.code.." to '"..hdis.headers.location.value.."'. looks like DPI redirect.") + else + DLOG("standard_failure_detector: http redirect "..hdis.code.." to '"..hdis.headers.location.value.."'. NOT a DPI redirect.") + end + end + end + end + end + elseif desync.dis.udp then + if desync.outgoing then + if arg.udp_out>0 then + local pos_out = pos_get(desync,'n',false) + local pos_in = pos_get(desync,'n',true) + trigger = pos_out>=arg.udp_out and pos_in<=arg.udp_in + if trigger then + if b_debug then + DLOG("standard_failure_detector: arg.udp_out "..pos_out..">="..arg.udp_out.." arg.udp_in "..pos_in.."<="..arg.udp_in) + end + end + end + end + end + return trigger +end + +-- standard success detector +-- success means previous failures were temporary and counter should be reset +-- detected successes: +-- tcp: outgoing seq is beyond 'maxseq' and maxseq>0 +-- tcp: incoming seq is beyond 'inseq' and inseq>0 +-- udp: incoming packets count > `udp_in` and `udp_out`>0 +-- arg: maxseq= - tcp: success if outgoing relative sequence is beyond this value. default is 32K +-- arg: inseq= - tcp: success if incoming relative sequence is beyond this value. default is 4K +-- arg: udp_out - udp : must be nil or >0 to test udp_in +-- arg: udp_in - udp: if number if incoming packets > udp_in it means success +function standard_success_detector(desync, crec) + local arg = standard_detector_defaults(desync.arg) + if desync.dis.tcp then + local seq = pos_get(desync,'s') + if desync.outgoing then + if arg.maxseq>0 and seq>arg.maxseq then + DLOG("standard_success_detector: outgoing s"..seq.." is beyond s"..arg.maxseq..". treating connection as successful") + return true + end + else + if arg.inseq>0 and seq>arg.inseq then + DLOG("standard_success_detector: incoming s"..seq.." is beyond s"..arg.inseq..". treating connection as successful") + return true + end + end + elseif desync.dis.udp then + if not desync.outgoing then + local pos = pos_get(desync,'n') + if arg.udp_out>0 and pos>arg.udp_in then + if b_debug then + DLOG("standard_success_detector: arg.udp_in "..pos..">"..arg.udp_in) + end + return true + end + end + end + + return false +end + +-- calls success and failure detectors +-- resets counter if success is detected +-- increases counter if failure is detected +-- returns true if failure counter exceeds threshold +function automate_failure_check(desync, hrec, crec) + if crec.nocheck then return false end + + local failure_detector, success_detector + if desync.arg.failure_detector then + if type(_G[desync.arg.failure_detector])~="function" then + error("automate: invalid failure detector function '"..desync.arg.failure_detector.."'") + end + failure_detector = _G[desync.arg.failure_detector] + else + failure_detector = standard_failure_detector + end + if desync.arg.success_detector then + if type(_G[desync.arg.success_detector])~="function" then + error("automate: invalid success detector function '"..desync.arg.success_detector.."'") + end + success_detector = _G[desync.arg.success_detector] + else + success_detector = standard_success_detector + end + + if success_detector(desync, crec) then + crec.nocheck = true + DLOG("automate: success detected") + automate_failure_counter_reset(hrec) + return false + end + if failure_detector(desync, crec) then + crec.nocheck = true + DLOG("automate: failure detected") + local fails = tonumber(desync.arg.fails) or 3 + local maxtime = tonumber(desync.arg.time) or 60 + return automate_failure_counter(hrec, crec, fails, maxtime) + end + + return false +end + + +-- circularily change strategy numbers when failure count reaches threshold ('fails') +-- this orchestrator requires redirection of incoming traffic to cache RST and http replies ! +-- each orchestrated instance must have strategy=N arg, where N starts from 1 and increment without gaps +-- if 'final' arg is present in an orchestrated instance it stops rotation +-- arg: fails=N - failture count threshold. default is 3 +-- arg: time= - if last failure happened earlier than `maxtime` seconds ago - reset failure counter. default is 60. +-- arg: success_detector - success detector function name +-- arg: failure_detector - failure detector function name +-- arg: hostkey - hostkey generator function name +-- args for failure detector - see standard_failure_detector or your own detector +-- args for success detector - see standard_success_detector or your own detector +-- args for hostkey generator - see standard_hostkey or your own generator +-- test case: nfqws2 --qnum 200 --debug --lua-init=@zapret-lib.lua --lua-init=@zapret-auto.lua --in-range=-s34228 --lua-desync=circular --lua-desync=argdebug:strategy=1 --lua-desync=argdebug:strategy=2 +function circular(ctx, desync) + local function count_strategies(hrec) + if not hrec.ctstrategy then + local uniq={} + local n=0 + for i,instance in pairs(desync.plan) do + if instance.arg.strategy then + n = tonumber(instance.arg.strategy) + if not n or n<1 then + error("circular: strategy number '"..tostring(instance.arg.strategy).."' is invalid") + end + uniq[tonumber(instance.arg.strategy)] = true + if instance.arg.final then + hrec.final = n + end + end + end + n=0 + for i,v in pairs(uniq) do + n=n+1 + end + if n~=#uniq then + error("circular: strategies numbers must start from 1 and increment. gaps are not allowed.") + end + hrec.ctstrategy = n + end + end + + -- take over execution. prevent further instance execution in case of error + orchestrate(ctx, desync) + + if not desync.track then + DLOG_ERR("circular: conntrack is missing but required") + return + end + + local hrec = automate_host_record(desync) + if not hrec then + DLOG("circular: passing with no tampering") + return + end + + count_strategies(hrec) + if hrec.ctstrategy==0 then + error("circular: add strategy=N tag argument to each following instance ! N must start from 1 and increment") + end + if not hrec.nstrategy then + DLOG("circular: start from strategy 1") + hrec.nstrategy = 1 + end + + local verdict = VERDICT_PASS + if hrec.final~=hrec.nstrategy then + local crec = automate_conn_record(desync) + if automate_failure_check(desync, hrec, crec) then + hrec.nstrategy = (hrec.nstrategy % hrec.ctstrategy) + 1 + DLOG("circular: rotate strategy to "..hrec.nstrategy) + if hrec.nstrategy == hrec.final then + DLOG("circular: final strategy "..hrec.final.." reached. will rotate no more.") + end + end + end + + DLOG("circular: current strategy "..hrec.nstrategy) + while true do + local instance = plan_instance_pop(desync) + if not instance then break end + if instance.arg.strategy and tonumber(instance.arg.strategy)==hrec.nstrategy then + verdict = plan_instance_execute(desync, verdict, instance) + end + end + + return verdict +end + +-- test iff functions +function cond_true(desync) + return true +end +function cond_false(desync) + return false +end +-- arg: percent - of true . 50 by default +function cond_random(desync) + return math.random(0,99)<(tonumber(desync.arg.percent) or 50) +end +-- this iif function detects packets having 'arg.pattern' string in their payload +-- test case : nfqws2 --qnum 200 --debug --lua-init=@zapret-lib.lua --lua-init=@zapret-auto.lua --lua-desync=condition:iff=cond_payload_str:pattern=1234 --lua-desync=argdebug:testarg=1 --lua-desync=argdebug:testarg=2:morearg=xyz +-- test case (true) : echo aaz1234zzz | ncat -4u 1.1.1.1 443 +-- test case (false) : echo aaze124zzz | ncat -4u 1.1.1.1 443 +function cond_payload_str(desync) + if not desync.arg.pattern then + error("cond_payload_str: missing 'pattern'") + end + return string.find(desync.dis.payload,desync.arg.pattern,1,true) +end +-- check iff function available. error if not +function require_iff(desync, name) + if not desync.arg.iff then + error(name..": missing 'iff' function") + end + if type(_G[desync.arg.iff])~="function" then + error(name..": invalid 'iff' function '"..desync.arg.iff.."'") + end +end +-- execute further desync instances only if user-provided 'iff' function returns true +-- for example, this can be used by custom protocol detectors +-- arg: iff - condition function. takes desync as arg and returns bool. (cant use 'if' because of reserved word) +-- arg: neg - invert condition function result +-- test case : nfqws2 --qnum 200 --debug --lua-init=@zapret-lib.lua --lua-init=@zapret-auto.lua --lua-desync=condition:iff=cond_random --lua-desync=argdebug:testarg=1 --lua-desync=argdebug:testarg=2:morearg=xyz +function condition(ctx, desync) + require_iff(desync, "condition") + orchestrate(ctx, desync) + if logical_xor(_G[desync.arg.iff](desync), desync.arg.neg) then + DLOG("condition: true") + return replay_execution_plan(desync) + else + DLOG("condition: false") + plan_clear(desync) + end +end +-- clear execution plan if user provided 'iff' functions returns true +-- can be used with other orchestrators to stop execution conditionally +-- arg: iff - condition function. takes desync as arg and returns bool. (cant use 'if' because of reserved word) +-- arg: neg - invert condition function result +-- test case : nfqws2 --qnum 200 --debug --lua-init=@zapret-lib.lua --lua-init=@zapret-auto.lua --in-range=-s1 --lua-desync=circular --lua-desync=stopif:iff=cond_random:strategy=1 --lua-desync=argdebug:strategy=1 --lua-desync=argdebug:strategy=2 +function stopif(ctx, desync) + require_iff(desync, "stopif") + orchestrate(ctx, desync) + if logical_xor(_G[desync.arg.iff](desync), desync.arg.neg) then + DLOG("stopif: true") + plan_clear(desync) + else + -- do not do anything. allow other orchestrator to finish the plan + DLOG("stopif: false") + end +end diff --git a/zapret-winws/lua/zapret-lib.lua b/zapret-winws/lua/zapret-lib.lua new file mode 100644 index 0000000..2b4a578 --- /dev/null +++ b/zapret-winws/lua/zapret-lib.lua @@ -0,0 +1,1398 @@ +HEXDUMP_DLOG_MAX = HEXDUMP_DLOG_MAX or 32 +NOT3=bitnot(3) +NOT7=bitnot(7) +-- xor pid,tid,sec,nsec +math.randomseed(bitxor(getpid(),gettid(),clock_gettime())) + +-- basic desync function +-- execute given lua code. "desync" is temporary set as global var to be accessible to the code +-- useful for simple fast actions without writing a func +-- arg: code= +function luaexec(ctx, desync) + if not desync.arg.code then + error("luaexec: no 'code' parameter") + end + local fname = desync.func_instance.."_luaexec_code" + if not _G[fname] then + _G[fname] = load(desync.arg.code, fname) + end + -- allow dynamic code to access desync + _G.desync = desync + _G[fname]() + _G.desync = nil +end + +-- basic desync function +-- does nothing just acknowledges when it's called +-- no args +function pass(ctx, desync) + DLOG("pass") +end + +-- basic desync function +-- prints desync to DLOG +function pktdebug(ctx, desync) + DLOG("desync:") + var_debug(desync) +end +-- basic desync function +-- prints function args +function argdebug(ctx, desync) + var_debug(desync.arg) +end + +-- basic desync function +-- prints conntrack positions to DLOG +function posdebug(ctx, desync) + if not desync.track then + DLOG("posdebug: no track") + return + end + local s="posdebug: "..(desync.outgoing and "out" or "in").." time +"..desync.track.pos.dt.."s direct" + for i,pos in pairs({'n','d','b','s','p'}) do + s=s.." "..pos..pos_get(desync, pos, false) + end + s=s.." reverse" + for i,pos in pairs({'n','d','b','s','p'}) do + s=s.." "..pos..pos_get(desync, pos, true) + end + s=s.." payload "..#desync.dis.payload + if desync.reasm_data then + s=s.." reasm "..#desync.reasm_data + end + if desync.decrypt_data then + s=s.." decrypt "..#desync.decrypt_data + end + if desync.replay_piece_count then + s=s.." replay "..desync.replay_piece.."/"..desync.replay_piece_count + end + DLOG(s) +end + +-- basic desync function +-- set l7payload to 'arg.payload' if reasm.data or desync.dis.payload contains 'arg.pattern' substring +-- NOTE : this does not set payload on C code side ! +-- NOTE : C code will not see payload change. --payload args take only payloads known to C code and cause error if unknown. +-- arg: pattern - substring for search inside reasm_data or desync.dis.payload +-- arg: payload - set desync.l7payload to this if detected +-- arg: undetected - set desync.l7payload to this if not detected +-- test case : nfqws2 --qnum 200 --debug --lua-init=@zapret-lib.lua --lua-init=@zapret-antidpi.lua --lua-init=@zapret-auto.lua --lua-desync=detect_payload_str:pattern=1234:payload=my --lua-desync=fake:blob=0x1234:payload=my +function detect_payload_str(ctx, desync) + if not desync.arg.pattern then + error("detect_payload_str: missing 'pattern'") + end + local data = desync.reasm_data or desync.dis.payload + local b = string.find(data,desync.arg.pattern,1,true) + if b then + DLOG("detect_payload_str: detected '"..desync.arg.payload.."'") + if desync.arg.payload then desync.l7payload = desync.arg.payload end + else + DLOG("detect_payload_str: not detected '"..desync.arg.payload.."'") + if desync.arg.undetected then desync.l7payload = desync.arg.undetected end + end +end + + +-- this shim is needed then function is orchestrated. ctx services not available +-- have to emulate cutoff in LUA using connection persistent table track.lua_state +function instance_cutoff_shim(ctx, desync, dir) + if ctx then + instance_cutoff(ctx, dir) + elseif not desync.track then + DLOG("instance_cutoff_shim: cannot cutoff '"..desync.func_instance.."' because conntrack is absent") + else + if not desync.track.lua_state.cutoff_shim then + desync.track.lua_state.cutoff_shim = {} + end + if not desync.track.lua_state.cutoff_shim[desync.func_instance] then + desync.track.lua_state.cutoff_shim[desync.func_instance] = {} + end + if type(dir)=="nil" then + -- cutoff both directions by default + desync.track.lua_state.cutoff_shim[desync.func_instance][true] = true + desync.track.lua_state.cutoff_shim[desync.func_instance][false] = true + else + desync.track.lua_state.cutoff_shim[desync.func_instance][dir] = true + end + if b_debug then DLOG("instance_cutoff_shim: cutoff '"..desync.func_instance.."' in="..tostring(type(dir)=="nil" and true or not dir).." out="..tostring(type(dir)=="nil" or dir)) end + end +end +function cutoff_shim_check(desync) + if not desync.track then + DLOG("cutoff_shim_check: cannot check '"..desync.func_instance.."' cutoff because conntrack is absent") + return false + else + local b=desync.track.lua_state.cutoff_shim and + desync.track.lua_state.cutoff_shim[desync.func_instance] and + desync.track.lua_state.cutoff_shim[desync.func_instance][desync.outgoing] + if b and b_debug then + DLOG("cutoff_shim_check: '"..desync.func_instance.."' "..(desync.outgoing and "out" or "in").." cutoff") + end + return b + end +end + + +-- applies # and $ prefixes. #var means var length, %var means var value +function apply_arg_prefix(desync) + for a,v in pairs(desync.arg) do + local c = string.sub(v,1,1) + if c=='#' then + local blb = blob(desync,string.sub(v,2)) + desync.arg[a] = (type(blb)=='string' or type(blb)=='table') and #blb or 0 + elseif c=='%' then + desync.arg[a] = blob(desync,string.sub(v,2)) + elseif c=='\\' then + c = string.sub(v,2,2); + if c=='#' or c=='%' then + desync.arg[a] = string.sub(v,2) + end + end + end +end +-- copy instance identification and args from execution plan to desync table +-- NOTE : to not lose VERDICT_MODIFY dissect changes pass original desync table +-- NOTE : if a copy was passed and VERDICT_MODIFY returned you must copy modified dissect back to desync table or resend it and return VERDICT_DROP +-- NOTE : args and some fields are substituted. if you need them - make a copy before calling this. +function apply_execution_plan(desync, instance) + desync.func = instance.func + desync.func_n = instance.func_n + desync.func_instance = instance.func_instance + desync.arg = deepcopy(instance.arg) + apply_arg_prefix(desync) +end +-- produce resulting verdict from 2 verdicts +function verdict_aggregate(v1, v2) + local v + v1 = v1 or VERDICT_PASS + v2 = v2 or VERDICT_PASS + if v1==VERDICT_DROP or v2==VERDICT_DROP then + v=VERDICT_DROP + elseif v1==VERDICT_MODIFY or v2==VERDICT_MODIFY then + v=VERDICT_MODIFY + else + v=VERDICT_PASS + end + return v +end +function plan_instance_execute(desync, verdict, instance) + apply_execution_plan(desync, instance) + if cutoff_shim_check(desync) then + DLOG("plan_instance_execute: not calling '"..desync.func_instance.."' because of voluntary cutoff") + elseif not payload_match_filter(desync.l7payload, instance.payload_filter) then + DLOG("plan_instance_execute: not calling '"..desync.func_instance.."' because payload '"..desync.l7payload.."' does not match filter '"..instance.payload_filter.."'") + elseif not pos_check_range(desync, instance.range) then + DLOG("plan_instance_execute: not calling '"..desync.func_instance.."' because pos "..pos_str(desync,instance.range.from).." "..pos_str(desync,instance.range.to).." is out of range '"..pos_range_str(instance.range).."'") + else + DLOG("plan_instance_execute: calling '"..desync.func_instance.."'") + verdict = verdict_aggregate(verdict,_G[instance.func](nil, desync)) + end + return verdict +end +function plan_instance_pop(desync) + return (desync.plan and #desync.plan>0) and table.remove(desync.plan, 1) +end +function plan_clear(desync) + while table.remove(desync.plan) do end +end +-- this approach allows nested orchestrators +function orchestrate(ctx, desync) + if not desync.plan then + execution_plan_cancel(ctx) + desync.plan = execution_plan(ctx) + end +end +-- copy desync preserving lua_state +function desync_copy(desync) + local dcopy = deepcopy(desync) + if desync.track then + -- preserve lua state + dcopy.track.lua_state = desync.track.lua_state + end + if desync.plan then + -- preserve execution plan + dcopy.plan = desync.plan + end + return dcopy +end +-- redo what whould be done without orchestration +function replay_execution_plan(desync) + local verdict = VERDICT_PASS + while true do + local instance = plan_instance_pop(desync) + if not instance then break end + verdict = plan_instance_execute(desync, verdict, instance) + end + return verdict +end +-- this function demonstrates how to stop execution of upcoming desync instances and take over their job +-- this can be used, for example, for orchestrating conditional processing without modifying of desync functions code +-- test case : nfqws2 --qnum 200 --debug --lua-init=@zapret-lib.lua --lua-desync=desync_orchestrator_example --lua-desync=pass --lua-desync=pass +function desync_orchestrator_example(ctx, desync) + DLOG("orchestrator: taking over upcoming desync instances") + orchestrate(ctx, desync) + return replay_execution_plan(desync) +end + +-- these functions duplicate range check logic from C code +-- mode must be n,d,b,s,x,a +-- pos is {mode,pos} +-- range is {from={mode,pos}, to={mode,pos}, upper_cutoff} +-- upper_cutoff = true means non-inclusive upper boundary +function pos_get_pos(track_pos, mode) + if track_pos then + if mode=='n' then + return track_pos.pcounter + elseif mode=='d' then + return track_pos.pdcounter + elseif mode=='b' then + return track_pos.pbcounter + elseif track_pos.tcp then + if mode=='s' then + return track_pos.tcp.rseq + elseif mode=='p' then + return track_pos.tcp.pos + end + end + end + return 0 +end +function pos_get(desync, mode, reverse) + if desync.track then + local track_pos = reverse and desync.track.pos.reverse or desync.track.pos.direct + return pos_get_pos(track_pos,mode) + end + return 0 +end +function pos_check_from(desync, range) + if range.from.mode == 'x' then return false end + if range.from.mode ~= 'a' then + if desync.track then + return pos_get(desync, range.from.mode) >= range.from.pos + else + return false + end + end + return true; +end +function pos_check_to(desync, range) + local ps + if range.to.mode == 'x' then return false end + if range.to.mode ~= 'a' then + if desync.track then + ps = pos_get(desync, range.to.mode) + return (ps < range.to.pos) or not range.upper_cutoff and (ps == range.to.pos) + else + return false + end + end + return true; +end +function pos_check_range(desync, range) + return pos_check_from(desync,range) and pos_check_to(desync,range) +end +function pos_range_str(range) + return range.from.mode..range.from.pos..(range.upper_cutoff and '<' or '-')..range.to.mode..range.to.pos +end +function pos_str(desync, pos) + return pos.mode..pos_get(desync, pos.mode) +end +function is_retransmission(desync) + return desync.track and desync.track.pos.direct.tcp and 0==bitand(u32add(desync.track.pos.direct.tcp.uppos_prev, -desync.track.pos.direct.tcp.pos), 0x80000000) +end + +-- prepare standard rawsend options from desync +-- repeats - how many time send the packet +-- ifout - override outbound interface (if --bind_fix4, --bind-fix6 enabled) +-- fwmark - override fwmark. desync mark bit(s) will be set unconditionally +function rawsend_opts(desync) + return { + repeats = desync.arg.repeats, + ifout = desync.arg.ifout or desync.ifout, + fwmark = desync.arg.fwmark or desync.fwmark + } +end +-- only basic options. no repeats +function rawsend_opts_base(desync) + return { + ifout = desync.arg.ifout or desync.ifout, + fwmark = desync.arg.fwmark or desync.fwmark + } +end + +-- prepare standard reconstruct options from desync +-- badsum - make L4 checksum invalid +-- ip6_preserve_next - use next protocol fields from dissect, do not auto fill values. can be set from code only, not from args +-- ip6_last_proto - last ipv6 "next" protocol. used only by "reconstruct_ip6hdr". can be set from code only, not from args +function reconstruct_opts(desync) + return { + badsum = desync.arg.badsum + } +end + +-- combined desync opts +function desync_opts(desync) + return { + rawsend = rawsend_opts(desync), + reconstruct = reconstruct_opts(desync), + ipfrag = desync.arg, + ipid = desync.arg, + fooling = desync.arg + } +end + + +-- convert binary string to hex data +function string2hex(s) + local ss = "" + for i = 1, #s do + if i>1 then + ss = ss .. " " + end + ss = ss .. string.format("%02X", string.byte(s, i)) + end + return ss +end +function has_nonprintable(s) + return s:match("[^ -\\r\\n\\t]") +end +function make_readable(v) + if type(v)=="string" then + return string.gsub(v,"[^ -]","."); + else + return tostring(v) + end +end +-- return hex dump of a binary string if it has nonprintable characters or string itself otherwise +function str_or_hex(s) + if has_nonprintable(s) then + return string2hex(s) + else + return s + end +end +function logical_xor(a,b) + return a and not b or not a and b +end +-- print to DLOG any variable. tables are expanded in the tree form, unprintables strings are hex dumped +function var_debug(v) + local function dbg(v,level) + if type(v)=="table" then + for key, value in pairs(v) do + DLOG(string.rep(" ",2*level).."."..tostring(key)) + dbg(v[key],level+1) + end + elseif type(v)=="string" then + DLOG(string.rep(" ",2*level)..type(v).." "..str_or_hex(v)) + else + DLOG(string.rep(" ",2*level)..type(v).." "..make_readable(v)) + end + end + dbg(v,0) +end + +-- make hex dump +function hexdump(s,max) + local l = max<#s and max or #s + local ss = string.sub(s,1,l) + return string2hex(ss)..(#s>max and " ... " or " " )..make_readable(ss)..(#s>max and " ... " or "" ) +end +-- make hex dump limited by HEXDUMP_DLOG_MAX chars +function hexdump_dlog(s) + return hexdump(s,HEXDUMP_DLOG_MAX) +end + +-- make copy of an array recursively +function deepcopy(orig, copies) + copies = copies or {} + local orig_type = type(orig) + local copy + if orig_type == 'table' then + if copies[orig] then + copy = copies[orig] + else + copy = {} + copies[orig] = copy + for orig_key, orig_value in next, orig, nil do + copy[deepcopy(orig_key, copies)] = deepcopy(orig_value, copies) + end + setmetatable(copy, deepcopy(getmetatable(orig), copies)) + end + else -- number, string, boolean, etc + copy = orig + end + return copy +end + +-- check if string 'v' in comma separated list 's' +function in_list(s, v) + if s then + for elem in string.gmatch(s, "[^,]+") do + if elem==v then + return true + end + end + end + return false +end + +-- blobs can be 0xHEX, field name in desync or global var +-- if name is nil - return def +function blob(desync, name, def) + if not name or #name==0 then + if def then + return def + else + error("empty blob name") + end + end + local blob + if string.sub(name,1,2)=="0x" then + blob = parse_hex(string.sub(name,3)) + if not blob then + error("invalid hex string : "..name) + end + else + blob = desync[name] + if not blob then + -- use global var if no field in dissect table + blob = _G[name] + if not blob then + error("blob '"..name.."' unavailable") + end + end + end + return blob +end +function blob_or_def(desync, name, def) + return name and blob(desync,name,def) or def +end + +-- repeat pattern as needed to extract part of it with any length +-- pat="12345" len=10 offset=4 => "4512345123" +function pattern(pat, offset, len) + if not pat or #pat==0 then + error("pattern: bad or empty pattern") + end + local off = (offset-1) % #pat + local pats = divint((len + #pat - 1), #pat) + (off==0 and 0 or 1) + return string.sub(string.rep(pat,pats),off+1,off+len) +end + +-- decrease by 1 all number values in the array +function zero_based_pos(a) + if not a then return nil end + local b={} + for i,v in ipairs(a) do + b[i] = type(a[i])=="number" and a[i] - 1 or a[i] + end + return b +end + +-- delete elements with number value 1 +function delete_pos_1(a) + local i=1 + while i<=#a do + if type(a[i])=="number" and a[i] == 1 then + table.remove(a,i) + else + i = i+1 + end + end + return a +end + +-- find pos of the next eol and pos of the next non-eol character after eol +function find_next_line(s, pos) + local p1, p2 + p1 = string.find(s,"[\r\n]",pos) + if p1 then + p2 = p1 + p1 = p1-1 + if string.sub(s,p2,p2)=='\r' then p2=p2+1 end + if string.sub(s,p2,p2)=='\n' then p2=p2+1 end + if p2>#s then p2=nil end + else + p1 = #s + end + return p1,p2 +end + +function http_dissect_header(header) + local p1,p2 + p1,p2 = string.find(header,":") + if p1 then + p2=string.find(header,"[^ \t]",p2+1) + return string.sub(header,1,p1-1), p2 and string.sub(header,p2) or "", p1-1, p2 or #header + end + return nil +end +-- make table with structured http header representation +function http_dissect_headers(http, pos) + local eol,pnext,header,value,idx,headers,pos_endheader,pos_startvalue + headers={} + while pos do + eol,pnext = find_next_line(http,pos) + header = string.sub(http,pos,eol) + if #header == 0 then break end + header,value,pos_endheader,pos_startvalue = http_dissect_header(header) + if header then + headers[string.lower(header)] = { header = header, value = value, pos_start = pos, pos_end = eol, pos_header_end = pos+pos_endheader-1, pos_value_start = pos+pos_startvalue-1 } + end + pos=pnext + end + return headers +end +-- make table with structured http request representation +function http_dissect_req(http) + if not http then return nil; end + local eol,pnext,req,hdrpos + local pos=1 + -- skip methodeol empty line(s) + while pos do + eol,pnext = find_next_line(http,pos) + req = string.sub(http,pos,eol) + pos=pnext + if #req>0 then break end + end + hdrpos = pos + if not req or #req==0 then return nil end + pos = string.find(req,"[ \t]") + if not pos then return nil end + local method = string.sub(req,1,pos-1); + pos = string.find(req,"[^ \t]",pos+1) + if not pos then return nil end + pnext = string.find(req,"[ \t]",pos+1) + if not pnext then pnext = #http + 1 end + local uri = string.sub(req,pos,pnext-1) + return { method = method, uri = uri, headers = http_dissect_headers(http,hdrpos) } +end +function http_dissect_reply(http) + if not http then return nil; end + local s, pos, code + s = string.sub(http,1,8) + if s~="HTTP/1.1" and s~="HTTP/1.0" then return nil end + pos = string.find(http,"[ \t\r\n]",10) + code = tonumber(string.sub(http,10,pos-1)) + if not code then return nil end + pos = find_next_line(http,pos) + return { code = code, headers = http_dissect_headers(http,pos) } +end +function dissect_url(url) + local p1,pb,pstart,pend + local proto, creds, domain, port, uri + p1 = string.find(url,"[^ \t]") + if not p1 then return nil end + pb = p1 + pstart,pend = string.find(url,"[a-z]+://",p1) + if pend then + proto = string.sub(url,pstart,pend-3) + p1 = pend+1 + end + pstart,pend = string.find(url,"[@/]",p1) + if pend and string.sub(url,pstart,pend)=='@' then + creds = string.sub(url,p1,pend-1) + p1 = pend+1 + end + pstart,pend = string.find(url,"/",p1,true) + if pend then + if pend==pb then + uri = string.sub(url,pb) + else + uri = string.sub(url,pend) + domain = string.sub(url,p1,pend-1) + end + else + if proto then + domain = string.sub(url,p1) + else + uri = string.sub(url,p1) + end + end + if domain then + pstart,pend = string.find(domain,':',1,true) + if pend then + port = string.sub(domain, pend+1) + domain = string.sub(domain, 1, pstart-1) + end + end + return { proto = proto, creds = creds, domain = domain, port = port, uri=uri } +end +function dissect_nld(domain, level) + if domain then + local n=1 + for pos=#domain,1,-1 do + if string.sub(domain,pos,pos)=='.' then + if n==level then + return string.sub(domain, pos+1) + end + n=n+1 + end + end + if n==level then + return domain + end + end + return nil +end + +-- support sni=%var +function tls_mod_shim(desync, blob, modlist, payload) + local p1,p2 = string.find(modlist,"sni=%%[^,]+") + if p1 then + local var = string.sub(modlist,p1+5,p2) + local val = desync[var] or _G[var] + if not val then + error("tls_mod_shim: non-existent var '"..var.."'") + end + modlist = string.sub(modlist,1,p1+3)..val..string.sub(modlist,p2+1) + end + return tls_mod(blob,modlist,payload) +end + +-- convert comma separated list of tcp flags to tcp.th_flags bit field +function parse_tcp_flags(s) + local flags={FIN=TH_FIN, SYN=TH_SYN, RST=TH_RST, PSH=TH_PUSH, PUSH=TH_PUSH, ACK=TH_ACK, URG=TH_URG, ECE=TH_ECE, CWR=TH_CWR} + local f=0 + local s_upper = string.upper(s) + for flag in string.gmatch(s_upper, "[^,]+") do + if flags[flag] then + f = bitor(f,flags[flag]) + else + error("tcp flag '"..flag.."' is invalid") + end + end + return f +end + +-- find first tcp options of specified kind in dissect.tcp.options +function find_tcp_option(options, kind) + if options then + for i, opt in pairs(options) do + if opt.kind==kind then return i end + end + end + return nil +end + +-- find first ipv6 extension header of specified protocol in dissect.ip6.exthdr +function find_ip6_exthdr(exthdr, proto) + if exthdr then + for i, hdr in pairs(exthdr) do + if hdr.type==proto then return i end + end + end + return nil +end + +-- insert ipv6 extension header at specified index. fix next proto chain +function insert_ip6_exthdr(ip6, idx, header_type, data) + local prev + if not ip6.exthdr then ip6.exthdr={} end + if not idx then + -- insert to the end + idx = #ip6.exthdr+1 + elseif idx<0 or idx>(#ip6.exthdr+1) then + error("insert_ip6_exthdr: invalid index "..idx) + end + if idx==1 then + prev = ip6.ip6_nxt + ip6.ip6_nxt = header_type + else + prev = ip6.exthdr[idx-1].next + ip6.exthdr[idx-1].next = header_type + end + table.insert(ip6.exthdr, idx, {type = header_type, data = data, next = prev}) +end +-- delete ipv6 extension header at specified index. fix next proto chain +function del_ip6_exthdr(ip6, idx) + if idx<=0 or idx>#ip6.exthdr then + error("delete_ip6_exthdr: nonexistent index "..idx) + end + local nxt = ip6.exthdr[idx].next + if idx==1 then + ip6.ip6_nxt = nxt + else + ip6.exthdr[idx-1].next = nxt + end + table.remove(ip6.exthdr, idx) +end +-- fills next proto fields in ipv6 header and extension headers +function fix_ip6_next(ip6, last_proto) + if ip6.exthdr and #ip6.exthdr>0 then + for i=1,#ip6.exthdr do + if i==1 then + -- first header + ip6.ip6_nxt = ip6.exthdr[i].type + end + ip6.exthdr[i].next = i==#ip6.exthdr and (last_proto or IPPROTO_NONE) or ip6.exthdr[i+1].type + end + else + -- no headers + ip6.ip6_nxt = last_proto or IPPROTO_NONE + end +end + + +-- parse autottl : delta,min-max +function parse_autottl(s) + if s then + local delta,min,max = string.match(s,"([-+]?%d+),(%d+)-(%d+)") + min = tonumber(min) + max = tonumber(max) + delta = tonumber(delta) + if not delta or min>max then + error("parse_autottl: invalid value '"..s.."'") + end + return {delta=delta,min=min,max=max} + else + return nil + end +end + +-- calculate ttl value based on incoming_ttl and parsed attl definition (delta,min-max) +function autottl(incoming_ttl, attl) + local function hop_count_guess(incoming_ttl) + -- 18.65.168.125 ( cloudfront ) 255 + -- 157.254.246.178 128 + -- 1.1.1.1 64 + -- guess original ttl. consider path lengths less than 32 hops + + local orig + + if incoming_ttl>223 then + orig=255 + elseif incoming_ttl<128 and incoming_ttl>96 then + orig=128 + elseif incoming_ttl<64 and incoming_ttl>32 then + orig=64 + else + return nil + end + + return orig-incoming_ttl + end + -- return guessed fake ttl value. 0 means unsuccessfull, should not perform autottl fooling + local function autottl_eval(hop_count, attl) + local d,fake + + d = hop_count + attl.delta + + if dattl.max then fake=attl.max + else fake=d + end + + if attl.delta<0 and fake>=hop_count or attl.delta>=0 and fake - set tcp flags in comma separated list +-- tcp_flags_unset= - unset tcp flags in comma separated list +-- tcp_ts_up - move timestamp tcp option to the top if it's present. this allows linux not to accept badack segments without badseq. this is very strange discovery but it works. + +-- fool - custom fooling function : fool_func(dis, fooling_options) +function apply_fooling(desync, dis, fooling_options) + local function prepare_bin(hex,def) + local bin = parse_hex(hex) + if not bin then error("apply_fooling: invalid hex string '"..hex.."'") end + return #bin>0 and bin or def + end + local function ttl_discover(arg_ttl,arg_autottl) + local ttl + if arg_autottl and desync.track then + if desync.track.incoming_ttl then + -- use lua_cache to store discovered autottl + if type(desync.track.lua_state.autottl_cache)~="table" then desync.track.lua_state.autottl_cache={} end + if type(desync.track.lua_state.autottl_cache[desync.func_instance])~="table" then desync.track.lua_state.autottl_cache[desync.func_instance]={} end + if not desync.track.lua_state.autottl_cache[desync.func_instance].autottl_found then + desync.track.lua_state.autottl_cache[desync.func_instance].autottl = autottl(desync.track.incoming_ttl,parse_autottl(arg_autottl)) + if desync.track.lua_state.autottl_cache[desync.func_instance].autottl then + desync.track.lua_state.autottl_cache[desync.func_instance].autottl_found = true + DLOG("apply_fooling: discovered autottl "..desync.track.lua_state.autottl_cache[desync.func_instance].autottl) + else + DLOG("apply_fooling: could not discover autottl") + end + elseif desync.track.lua_state.autottl_cache[desync.func_instance].autottl then + DLOG("apply_fooling: using cached autottl "..desync.track.lua_state.autottl_cache[desync.func_instance].autottl) + end + ttl=desync.track.lua_state.autottl_cache[desync.func_instance].autottl + else + DLOG("apply_fooling: cannot apply autottl because incoming ttl unknown") + end + end + if not ttl and tonumber(arg_ttl) then + ttl = tonumber(arg_ttl) + end + --io.stderr:write("TTL "..tostring(ttl).."\n") + return ttl + end + local function move_ts_top() + local tsidx = find_tcp_option(dis.tcp.options, TCP_KIND_TS) + if tsidx and tsidx>1 then + table.insert(dis.tcp.options, 1, dis.tcp.options[tsidx]) + table.remove(dis.tcp.options, tsidx + 1) + end + end + -- take default fooling from desync.arg + if not fooling_options then fooling_options = desync.arg end + -- use current packet if dissect not given + if not dis then dis = desync.dis end + if dis.tcp then + if tonumber(fooling_options.tcp_seq) then + dis.tcp.th_seq = u32add(dis.tcp.th_seq, fooling_options.tcp_seq) + end + if tonumber(fooling_options.tcp_ack) then + dis.tcp.th_ack = u32add(dis.tcp.th_ack, fooling_options.tcp_ack) + end + if fooling_options.tcp_flags_unset then + dis.tcp.th_flags = bitand(dis.tcp.th_flags, bitnot(parse_tcp_flags(fooling_options.tcp_flags_unset))) + end + if fooling_options.tcp_flags_set then + dis.tcp.th_flags = bitor(dis.tcp.th_flags, parse_tcp_flags(fooling_options.tcp_flags_set)) + end + if tonumber(fooling_options.tcp_ts) then + local idx = find_tcp_option(dis.tcp.options,TCP_KIND_TS) + if idx and (dis.tcp.options[idx].data and #dis.tcp.options[idx].data or 0)==8 then + dis.tcp.options[idx].data = bu32(u32add(u32(dis.tcp.options[idx].data),fooling_options.tcp_ts))..string.sub(dis.tcp.options[idx].data,5) + else + DLOG("apply_fooling: timestamp tcp option not present or invalid") + end + end + if fooling_options.tcp_md5 then + if find_tcp_option(dis.tcp.options,TCP_KIND_MD5) then + DLOG("apply_fooling: md5 option already present") + else + table.insert(dis.tcp.options,{kind=TCP_KIND_MD5, data=prepare_bin(fooling_options.tcp_md5,brandom(16))}) + end + end + if fooling_options.tcp_ts_up then + move_ts_top(dis.tcp.options) + end + end + if dis.ip6 then + local bin + if fooling_options.ip6_hopbyhop then + bin = prepare_bin(fooling_options.ip6_hopbyhop,"\x00\x00\x00\x00\x00\x00") + insert_ip6_exthdr(dis.ip6,nil,IPPROTO_HOPOPTS,bin) + end + if fooling_options.ip6_hopbyhop2 then + bin = prepare_bin(fooling_options.ip6_hopbyhop2,"\x00\x00\x00\x00\x00\x00") + insert_ip6_exthdr(dis.ip6,nil,IPPROTO_HOPOPTS,bin) + end + -- for possible unfragmentable part + if fooling_options.ip6_destopt then + bin = prepare_bin(fooling_options.ip6_destopt,"\x00\x00\x00\x00\x00\x00") + insert_ip6_exthdr(dis.ip6,nil,IPPROTO_DSTOPTS,bin) + end + if fooling_options.ip6_routing then + bin = prepare_bin(fooling_options.ip6_routing,"\x00\x00\x00\x00\x00\x00") + insert_ip6_exthdr(dis.ip6,nil,IPPROTO_ROUTING,bin) + end + -- for possible fragmentable part + if fooling_options.ip6_destopt2 then + bin = prepare_bin(fooling_options.ip6_destopt2,"\x00\x00\x00\x00\x00\x00") + insert_ip6_exthdr(dis.ip6,nil,IPPROTO_DSTOPTS,bin) + end + if fooling_options.ip6_ah then + -- by default truncated authentication header - only 6 bytes + bin = prepare_bin(fooling_options.ip6_ah,"\x00\x00"..brandom(4)) + insert_ip6_exthdr(dis.ip6,nil,IPPROTO_AH,bin) + end + end + if dis.ip then + local ttl = ttl_discover(fooling_options.ip_ttl,fooling_options.ip_autottl) + if ttl then dis.ip.ip_ttl = ttl end + end + if dis.ip6 then + local ttl = ttl_discover(fooling_options.ip6_ttl,fooling_options.ip6_autottl) + if ttl then dis.ip6.ip6_hlim = ttl end + end + + if fooling_options.fool and #fooling_options.fool>0 then + if type(_G[fooling_options.fool])=="function" then + DLOG("apply_fooling: calling '"..fooling_options.fool.."'") + _G[fooling_options.fool](dis, fooling_options) + else + error("apply_fooling: fool function '"..tostring(fooling_options.fool).."' does not exist") + end + end +end + + +-- assign dis.ip.ip_id value according to policy in ipid_options or desync.arg. apply def or "seq" policy if no ip_id options +-- ip_id=seq|rnd|zero|none +-- ip_id_conn - in 'seq' mode save current ip_id in track.lua_state to use it between packets +-- remember ip_id in desync +function apply_ip_id(desync, dis, ipid_options, def) + -- use current packet if dissect not given + if not dis then dis = desync.dis end + if dis.ip then -- ip_id is ipv4 only, ipv6 doesn't have it + -- take default ipid options from desync.arg + if not ipid_options then ipid_options = desync.arg end + local mode = ipid_options.ip_id or def or "seq" + if mode == "seq" then + if desync.track and ipid_options.ip_id_conn then + dis.ip.ip_id = desync.track.lua_state.ip_id or dis.ip.ip_id + desync.track.lua_state.ip_id = dis.ip.ip_id + 1 + else + dis.ip.ip_id = desync.ip_id or dis.ip.ip_id + desync.ip_id = dis.ip.ip_id + 1 + end + elseif mode == "zero" then + dis.ip.ip_id = 0 + elseif mode == "rnd" then + dis.ip.ip_id = math.random(1,0xFFFF) + end + end +end + + +-- return length of ipv4 or ipv6 header without options and extension headers. should be 20 for ipv4 and 40 for ipv6. +function l3_base_len(dis) + if dis.ip then + return IP_BASE_LEN + elseif dis.ip6 then + return IP6_BASE_LEN + else + return 0 + end +end +-- return length of ipv4 options or summary length of all ipv6 extension headers +-- ip6_exthdr_last_idx - count lengths for headers up to this index +function l3_extra_len(dis, ip6_exthdr_last_idx) + local l=0 + if dis.ip then + if dis.ip.options then + l = bitand(#dis.ip.options+3,NOT3) + end + elseif dis.ip6 and dis.ip6.exthdr then + local ct + if ip6_exthdr_last_idx and ip6_exthdr_last_idx<=#dis.ip6.exthdr then + ct = ip6_exthdr_last_idx + else + ct = #dis.ip6.exthdr + end + for i=1, ct do + if dis.ip6.exthdr[i].type == IPPROTO_AH then + -- length in 32-bit words + l = l + bitand(3+2+#dis.ip6.exthdr[i].data,NOT3) + else + -- length in 64-bit words + l = l + bitand(7+2+#dis.ip6.exthdr[i].data,NOT7) + end + end + end + return l +end +-- return length of ipv4/ipv6 header with options/extension headers +function l3_len(dis) + return l3_base_len(dis)+l3_extra_len(dis) +end +-- return length of tcp/udp headers without options. should be 20 for tcp and 8 for udp. +function l4_base_len(dis) + if dis.tcp then + return TCP_BASE_LEN + elseif dis.udp then + return UDP_BASE_LEN + else + return 0 + end +end +-- return length of tcp options or 0 if not tcp +function l4_extra_len(dis) + local l=0 + if dis.tcp and dis.tcp.options then + for i=1, #dis.tcp.options do + l = l + 1 + if dis.tcp.options[i].kind~=TCP_KIND_NOOP and dis.tcp.options[i].kind~=TCP_KIND_END then + l = l + 1 + if dis.tcp.options[i].data then l = l + #dis.tcp.options[i].data end + end + end + -- 4 byte aligned + l = bitand(3+l,NOT3) + end + return l +end +-- return length of tcp header with options or base length of udp header - 8 bytes +function l4_len(dis) + return l4_base_len(dis)+l4_extra_len(dis) +end +-- return summary extra length of ipv4/ipv6 and tcp headers. 0 if no options, no ext headers +function l3l4_extra_len(dis) + return l3_extra_len(dis)+l4_extra_len(dis) +end +-- return summary length of ipv4/ipv6 and tcp/udp headers +function l3l4_len(dis) + return l3_len(dis)+l4_len(dis) +end +-- return summary length of ipv4/ipv6 , tcp/udp headers and payload +function packet_len(dis) + return l3l4_len(dis) + #dis.payload +end + +-- option : ipfrag.ipfrag_disorder - send fragments from last to first +function rawsend_dissect_ipfrag(dis, options) + if options and options.ipfrag and options.ipfrag.ipfrag then + local frag_func = options.ipfrag.ipfrag=="" and "ipfrag2" or options.ipfrag.ipfrag + if type(_G[frag_func]) ~= "function" then + error("rawsend_dissect_ipfrag: ipfrag function '"..tostring(frag_func).."' does not exist") + end + local fragments = _G[frag_func](dis, options.ipfrag) + + -- allow ipfrag function to do extheader magic with non-standard "next protocol" + -- NOTE : dis.ip6 must have valid next protocol fields !!!!! + local reconstruct_frag = options.reconstruct and deepcopy(options.reconstruct) or {} + reconstruct_frag.ip6_preserve_next = true + + if fragments then + if options.ipfrag.ipfrag_disorder then + for i=#fragments,1,-1 do + DLOG("sending ip fragment "..i) + -- C function + if not rawsend_dissect(fragments[i], options.rawsend, reconstruct_frag) then return false end + end + else + for i, d in pairs(fragments) do + DLOG("sending ip fragment "..i) + -- C function + if not rawsend_dissect(d, options.rawsend, reconstruct_frag) then return false end + end + end + return true + end + -- ipfrag failed. send unfragmented + end + -- C function + return rawsend_dissect(dis, options and options.rawsend, options and options.reconstruct) +end + +-- send dissect with tcp segmentation based on mss value. appply specified rawsend options. +function rawsend_dissect_segmented(desync, dis, mss, options) + local discopy = deepcopy(dis) + apply_fooling(desync, discopy, options and options.fooling) + + if dis.tcp then + local extra_len = l3l4_extra_len(discopy) + if extra_len >= mss then return false end + local max_data = mss - extra_len + if #discopy.payload > max_data then + local pos=1 + local len + local payload=discopy.payload + + while pos <= #payload do + len = #payload - pos + 1 + if len > max_data then len = max_data end + discopy.payload = string.sub(payload,pos,pos+len-1) + apply_ip_id(desync, discopy, options and options.ipid) + if not rawsend_dissect_ipfrag(discopy, options) then + -- stop if failed + return false + end + discopy.tcp.th_seq = discopy.tcp.th_seq + len + pos = pos + len + end + return true + end + end + apply_ip_id(desync, discopy, options and options.ipid) + -- no reason to segment + return rawsend_dissect_ipfrag(discopy, options) +end + +-- send specified payload based on existing L3/L4 headers in the dissect. add seq to tcp.th_seq. +function rawsend_payload_segmented(desync, payload, seq, options) + options = options or desync_opts(desync) + local dis = deepcopy(desync.dis) + if payload then dis.payload = payload end + if dis.tcp and seq then + dis.tcp.th_seq = dis.tcp.th_seq + seq + end + return rawsend_dissect_segmented(desync, dis, desync.tcp_mss, options) +end + + +-- check if desync.outgoing comply with arg.dir or def if it's not present or "out" of they are not present both. dir can be "in","out","any" +function direction_check(desync, def) + local dir = desync.arg.dir or def or "out" + return desync.outgoing and desync.arg.dir~="in" or not desync.outgoing and dir~="out" +end +-- if dir "in" or "out" cutoff current desync function from opposite direction +function direction_cutoff_opposite(ctx, desync, def) + local dir = desync.arg.dir or def or "out" + if dir=="out" then + -- cutoff in + instance_cutoff_shim(ctx, desync, false) + elseif dir=="in" then + -- cutoff out + instance_cutoff_shim(ctx, desync, true) + end +end + +-- return true if l7payload matches filter l7payload_filter - comma separated list of payload types +function payload_match_filter(l7payload, l7payload_filter, def) + local argpl = l7payload_filter or def or "known" + local neg = string.sub(argpl,1,1)=="~" + local pl = neg and string.sub(argpl,2) or argpl + return neg ~= (in_list(pl, "all") or in_list(pl, l7payload) or in_list(pl, "known") and l7payload~="unknown" and l7payload~="empty") +end +-- check if desync payload type comply with payload type list in arg.payload +-- if arg.payload is not present - check for known payload - not empty and not unknown (nfqws1 behavior without "--desync-any-protocol" option) +-- if arg.payload is prefixed with '~' - it means negation +function payload_check(desync, def) + local b = payload_match_filter(desync.l7payload, desync.arg.payload, def) + if not b and b_debug then + local argpl = desync.arg.payload or def or "known" + DLOG("payload_check: payload '"..desync.l7payload.."' does not pass '"..argpl.."' filter") + end + return b +end + +-- return name of replay drop field in track.lua_state for the current desync function instance +function replay_drop_key(desync) + return desync.func_instance .. "_replay_drop" +end +-- set/unset replay drop flag in track.lua_state for the current desync function instance +function replay_drop_set(desync, v) + if desync.track then + if v == nil then v=true end + local rdk = replay_drop_key(desync) + if v then + if desync.replay then desync.track.lua_state[replay_drop_key] = true end + else + desync.track.lua_state[replay_drop_key] = nil + end + end +end +-- auto unset replay drop flag if desync is not replay or it's the last replay piece +-- return true if the caller should return VERDICT_DROP +function replay_drop(desync) + if desync.track then + local drop = desync.replay and desync.track.lua_state[replay_drop_key] + if not desync.replay or desync.replay_piece_last then + -- replay stopped or last piece of reasm + replay_drop_set(desync, false) + end + if drop then + DLOG("dropping replay packet because reasm was already sent") + return true + end + end + return false +end +-- true if desync is not replay or it's the first replay piece +function replay_first(desync) + return not desync.replay or desync.replay_piece==1 +end + +-- generate random host +-- template "google.com", len=16 : h82aj.google.com +-- template "google.com", len=11 : .google.com +-- template "google.com", len=10 : google.com +-- template "google.com", len=7 : gle.com +-- no template, len=6 : b8c54a +-- no template, len=7 : u9a.edu +-- no template, len=10 : jgha7c.com +function genhost(len, template) + if template and #template>0 then + if len <= #template then + return string.sub(template,#template-len+1) + elseif len==(#template+1) then + return "."..template + else + return brandom_az(1)..brandom_az09(len-#template-2).."."..template + end + else + if len>=7 then + local tlds = {"com","org","net","edu","gov","biz"} + local tld = tlds[math.random(#tlds)] + return brandom_az(1)..brandom_az09(len-#tld-1-1).."."..tld + else + return brandom_az(1)..brandom_az09(len-1) + end + end +end + +-- return ip addr of target host in text form +function host_ip(desync) + return desync.target.ip and ntop(desync.target.ip) or desync.target.ip6 and ntop(desync.target.ip6) +end +-- return hostname of target host if present or ip address in text form otherwise +function host_or_ip(desync) + if desync.track and desync.track.hostname then + return desync.track.hostname + end + return host_ip(desync) +end + +function is_absolute_path(path) + if string.sub(path,1,1)=='/' then return true end + local un = uname() + return string.sub(un.sysname,1,6)=="CYGWIN" and string.sub(path,2,2)==':' +end +function append_path(path,file) + return string.sub(path,#path,#path)=='/' and path..file or path.."/"..file +end +function writeable_file_name(filename) + if is_absolute_path(filename) then return filename end + local writedir = os.getenv("WRITEABLE") + if not writedir then return filename end + return append_path(writedir, filename) +end + +-- arg : wsize=N . tcp window size +-- arg : scale=N . tcp option scale factor +-- return : true of changed anything +function wsize_rewrite(dis, arg) + local b = false + if arg.wsize then + local wsize = tonumber(arg.wsize) + DLOG("window size "..dis.tcp.th_win.." => "..wsize) + dis.tcp.th_win = tonumber(arg.wsize) + b = true + end + if arg.scale then + local scale = tonumber(arg.scale) + local i = find_tcp_option(dis.tcp.options, TCP_KIND_SCALE) + if i then + local oldscale = u8(dis.tcp.options[i].data) + if scale>oldscale then + DLOG("not increasing scale factor") + elseif scale "..scale) + dis.tcp.options[i].data = bu8(scale) + b = true + end + end + end + return b +end + +-- standard fragmentation to 2 ip fragments +-- function returns 2 dissects with fragments +-- option : ipfrag_pos_udp - udp frag position. ipv4 : starting from L4 header. ipb6: starting from fragmentable part. must be multiple of 8. default 8 +-- option : ipfrag_pos_tcp - tcp frag position. ipv4 : starting from L4 header. ipb6: starting from fragmentable part. must be multiple of 8. default 32 +-- option : ipfrag_next - next protocol field in ipv6 fragment extenstion header of the second fragment. same as first by default. +function ipfrag2(dis, ipfrag_options) + local function frag_idx(exthdr) + -- fragment header after hopbyhop, destopt, routing + -- allow second destopt header to be in fragmentable part + -- test case : --lua-desync=send:ipfrag:ipfrag_pos_tcp=40:ip6_hopbyhop:ip6_destopt:ip6_destopt2 + -- WINDOWS may not send second ipv6 fragment with next protocol 60 (destopt) + -- test case windows : --lua-desync=send:ipfrag:ipfrag_pos_tcp=40:ip6_hopbyhop:ip6_destopt:ip6_destopt2:ipfrag_next=255 + if exthdr then + local first_destopts + for i=1,#exthdr do + if exthdr[i].type==IPPROTO_DSTOPTS then + first_destopts = i + break + end + end + for i=#exthdr,1,-1 do + if exthdr[i].type==IPPROTO_HOPOPTS or exthdr[i].type==IPPROTO_ROUTING or (exthdr[i].type==IPPROTO_DSTOPTS and i==first_destopts) then + return i+1 + end + end + end + return 1 + end + + local pos + local dis1, dis2 + local l3 + + if dis.tcp then + pos = ipfrag_options.ipfrag_pos_tcp or 32 + elseif dis.udp then + pos = ipfrag_options.ipfrag_pos_udp or 8 + else + pos = ipfrag_options.ipfrag_pos or 32 + end + + DLOG("ipfrag2") + + if not pos then + error("ipfrag2: no frag position") + end + l3 = l3_len(dis) + if bitand(pos,7)~=0 then + error("ipfrag2: frag position must be multiple of 8") + end + if (pos+l3)>0xFFFF then + error("ipfrag2: too high frag offset") + end + local plen = l3 + l4_len(dis) + #dis.payload + if (pos+l3)>=plen then + DLOG("ipfrag2: ip frag pos exceeds packet length. ipfrag cancelled.") + return nil + end + + if dis.ip then + -- ipv4 frag is done by both lua and C part + -- lua code must correctly set ip_len, IP_MF and ip_off and provide full unfragmented payload + -- ip_len must be set to valid value as it would appear in the fragmented packet + -- ip_off must be set to fragment offset and IP_MF bit must be set if it's not the last fragment + -- C code constructs unfragmented packet then moves everything after ip header according to ip_off and ip_len + + -- ip_id must not be zero or fragment will be dropped + local ip_id = dis.ip.ip_id==0 and math.random(1,0xFFFF) or dis.ip.ip_id + dis1 = deepcopy(dis) + -- ip_len holds the whole packet length starting from the ip header. it includes ip, transport headers and payload + dis1.ip.ip_len = l3 + pos -- ip header + first part up to frag pos + dis1.ip.ip_off = IP_MF -- offset 0, IP_MF - more fragments + dis1.ip.ip_id = ip_id + dis2 = deepcopy(dis) + dis2.ip.ip_off = bitrshift(pos,3) -- offset = frag pos, IP_MF - not set + dis2.ip.ip_len = plen - pos -- unfragmented packet length - frag pos + dis2.ip.ip_id = ip_id + end + + if dis.ip6 then + -- ipv6 frag is done by both lua and C part + -- lua code must insert fragmentation extension header at any desirable position, fill fragment offset, more fragments flag and ident + -- lua must set up ip6_plen as it would appear in the fragmented packet + -- C code constructs unfragmented packet then moves fragmentable part as needed + + local idxfrag = frag_idx(dis.ip6.exthdr) + local l3extra = l3_extra_len(dis, idxfrag-1) + 8 -- all ext headers before frag + 8 bytes for frag header + local ident = math.random(1,0xFFFFFFFF) + + dis1 = deepcopy(dis) + insert_ip6_exthdr(dis1.ip6, idxfrag, IPPROTO_FRAGMENT, bu16(IP6F_MORE_FRAG)..bu32(ident)) + dis1.ip6.ip6_plen = l3extra + pos + dis2 = deepcopy(dis) + insert_ip6_exthdr(dis2.ip6, idxfrag, IPPROTO_FRAGMENT, bu16(pos)..bu32(ident)) + -- only next proto of the first fragment is considered by standard + -- fragments with non-zero offset can have different "next protocol" field + -- this can be used to evade protection systems + if ipfrag_options.ipfrag_next then + dis2.ip6.exthdr[idxfrag].next = tonumber(ipfrag_options.ipfrag_next) + end + dis2.ip6.ip6_plen = plen - IP6_BASE_LEN + 8 - pos -- packet len without frag + 8 byte frag header - ipv6 base header + end + + return {dis1,dis2} +end diff --git a/zapret-winws/lua/zapret-pcap.lua b/zapret-winws/lua/zapret-pcap.lua new file mode 100644 index 0000000..d0f86c3 --- /dev/null +++ b/zapret-winws/lua/zapret-pcap.lua @@ -0,0 +1,39 @@ +function pcap_write_header(file) + -- big endian, nanoseconds in timestamps, ver 2.4, max packet size - 0x4000 (16384), 0x65 - l3 packets without l2 + file:write("\xA1\xB2\x3C\x4D\x00\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x65") +end +function pcap_write_packet(file, raw) + local sec, nsec = clock_gettime(); + file:write(bu32(sec)..bu32(nsec)..bu32(#raw)..bu32(#raw)) + file:write(raw) + file:close() +end +function pcap_write(file, raw) + local pos = file:seek() + if (pos==0) then + pcap_write_header(file) + end + pcap_write_packet(file, raw) +end + +-- test case : nfqws2 --qnum 200 --debug --lua-init=@zapret-lib.lua --lua-init=@zapret-pcap.lua --writeable=zdir --in-range=a --lua-desync=pcap:file=test.pcap +-- arg : file= - file for storing pcap data. if --writeable is specified and filename is relative - append filename to writeable path +-- arg : keep - do not overwrite file, append packets to existing +function pcap(ctx, desync) + if not desync.arg.file or #desync.arg.file==0 then + error("pcap requires 'file' parameter") + end + local fn_cache_name = desync.func_instance.."_fn" + if not _G[fn_cache_name] then + _G[fn_cache_name] = writeable_file_name(desync.arg.file) + if not desync.arg.keep then + -- overwrite file + os.remove(_G[fn_cache_name]) + end + end + local f = io.open(_G[fn_cache_name], "a") + if not f then + error("pcap: could not write to '".._G[fn_cache_name].."'") + end + pcap_write(f, raw_packet(ctx)) +end diff --git a/zapret-winws/lua/zapret-tests.lua b/zapret-winws/lua/zapret-tests.lua new file mode 100644 index 0000000..e38a002 --- /dev/null +++ b/zapret-winws/lua/zapret-tests.lua @@ -0,0 +1,704 @@ +-- nfqws2 C functions tests +-- to run : --lua-init=@zapret-lib.lua --lua-init=@zapret-tests.lua --lua-init="test_all()" + +function test_assert(b) + assert(b, "test failed") +end + +function test_run(tests,...) + for k,f in pairs(tests) do + f(...) + end +end + + +function test_all(...) + test_run({test_crypto, test_bin, test_ipstr, test_dissect, test_csum, test_resolve, test_rawsend},...) +end + + +function test_crypto(...) + test_run({test_random, test_aes, test_aes_gcm, test_aes_ctr, test_hkdf, test_hash},...) +end + +function test_random() + local rnds={} + for i=1,20 do + local rnd = bcryptorandom(math.random(10,20)) + print("random: "..string2hex(rnd)) + test_assert(not rnds[rnd]) -- should not be repeats + rnds[rnd] = true + end +end + +function test_hash() + local hashes={} + for i=1,5 do + local rnd = brandom(math.random(5,64)) + print("data: "..string2hex(rnd)) + for k,sha in pairs({"sha256","sha224"}) do + local hsh = hash(sha, rnd) + print(sha..": "..string2hex(hsh)) + local hsh2 = hash(sha, rnd) + test_assert(hsh==hsh2) + test_assert(not hashes[hsh]) + hashes[hsh] = true + end + end +end + +function test_hkdf() + local nblob = 2 + local okms = {} + for nsalt=1,nblob do + local salt = brandom(math.random(10,20)) + for nikm=1,nblob do + local ikm = brandom(math.random(5,10)) + for ninfo=1,nblob do + local info = brandom(math.random(5,10)) + local okm_prev + for k,sha in pairs({"sha256","sha224"}) do + for k,okml in pairs({8, 16, 50}) do + local okm_prev + local okm + print("* hkdf "..sha) + print("salt: "..string2hex(salt)) + print("ikm : "..string2hex(ikm)) + print("info: "..string2hex(info)) + print("okml: "..tostring(okml)) + okm = hkdf(sha, salt, ikm, info, okml) + test_assert(okm) + print("okm: "..string2hex(okm)) + if okms[okm] then + print("duplicate okm !") + end + okms[okm] = true + + test_assert(not okm_prev or okm_prev==string.sub(okm, 1, #okm_prev)) + okm_prev = okm + end + end + end + end + end +end + +function test_aes() + local clear_text="test "..brandom_az09(11) + local iv, key, encrypted, decrypted + + for key_size=16,32,8 do + local key = brandom(key_size) + + print() + print("* aes test key_size "..tostring(key_size)) + + print("clear text: "..clear_text); + + print("* encrypting") + encrypted = aes(true, key, clear_text) + print("encrypted: "..str_or_hex(encrypted)) + + print("* decrypting everything good") + decrypted = aes(false, key, encrypted) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted==clear_text) + + print("* decrypting bad payload with good key") + decrypted = aes(false, key, brandom(16)) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted~=clear_text) + + print("* decrypting good payload with bad key") + decrypted = aes(false, brandom(key_size), encrypted) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted~=clear_text) + + end +end + +function test_aes_gcm() + local authenticated_data = "authenticated message "..brandom_az09(math.random(10,50)) + local clear_text="test message "..brandom_az09(math.random(10,50)) + local iv, key, encrypted, atag, decrypted, atag2 + + for key_size=16,32,8 do + iv = brandom(12) + key = brandom(key_size) + + print() + print("* aes_gcm test key_size "..tostring(key_size)) + + print("clear text: "..clear_text); + print("authenticated data: "..authenticated_data); + + print("* encrypting") + encrypted, atag = aes_gcm(true, key, iv, clear_text, authenticated_data) + print("encrypted: "..str_or_hex(encrypted)) + print("auth tag: "..string2hex(atag)) + + print("* decrypting everything good") + decrypted, atag2 = aes_gcm(false, key, iv, encrypted, authenticated_data) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted==clear_text) + print("auth tag: "..string2hex(atag2)) + print( atag==atag2 and "TAG OK" or "TAG ERROR" ) + test_assert(atag==atag2) + + print("* decrypting bad payload with good key/iv and correct authentication data") + decrypted, atag2 = aes_gcm(false, key, iv, brandom(#encrypted), authenticated_data) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted~=clear_text) + print("auth tag: "..string2hex(atag2)) + print( atag==atag2 and "TAG OK" or "TAG ERROR" ) + test_assert(atag~=atag2) + + print("* decrypting good payload with good key/iv and incorrect authentication data") + decrypted, atag2 = aes_gcm(false, key, iv, encrypted, authenticated_data.."x") + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted==clear_text) + print("auth tag: "..string2hex(atag2)) + print( atag==atag2 and "TAG OK" or "TAG ERROR" ) + test_assert(atag~=atag2) + + print("* decrypting good payload with bad key, good iv and correct authentication data") + decrypted, atag2 = aes_gcm(false, brandom(key_size), iv, encrypted, authenticated_data) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted~=clear_text) + print("auth tag: "..string2hex(atag2)) + print( atag==atag2 and "TAG OK" or "TAG ERROR" ) + test_assert(atag~=atag2) + + print("* decrypting good payload with good key, bad iv and correct authentication data") + decrypted, atag2 = aes_gcm(false, key, brandom(12), encrypted, authenticated_data) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted~=clear_text) + print("auth tag: "..string2hex(atag2)) + print( atag==atag2 and "TAG OK" or "TAG ERROR" ) + test_assert(atag~=atag2) + end +end + +function test_aes_ctr() + local clear_text="test message "..brandom_az09(math.random(10,50)) + local iv, key, encrypted, decrypted + + for key_size=16,32,8 do + iv = brandom(16) + key = brandom(key_size) + + print() + print("* aes_ctr test key_size "..tostring(key_size)) + + print("clear text: "..clear_text); + + print("* encrypting") + encrypted = aes_ctr(key, iv, clear_text) + print("encrypted: "..str_or_hex(encrypted)) + + print("* decrypting") + decrypted = aes_ctr(key, iv, encrypted) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted==clear_text) + + print("* decrypting with bad key") + decrypted = aes_ctr(bu8(bitand(u8(string.sub(key,1,1))+1,0xFF))..string.sub(key,2), iv, encrypted) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted~=clear_text) + + print("* decrypting with bad iv") + decrypted = aes_ctr(key, bu8(bitand(u8(string.sub(iv,1,1))+1,0xFF))..string.sub(iv,2), encrypted) + print("decrypted: "..str_or_hex(decrypted)) + print( decrypted==clear_text and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted~=clear_text) + end + + -- openssl enc -aes-256-ctr -d -in rnd.bin -out rnd_decrypted.bin -K c39383634d87eb3b6e56edf2c8c0ba99cc8cadf000fb2cd737e37947eecde5fd -iv d745164b233f10b93945526ffe94b87f + print("* aes_ctr const tests") + + local data="\x9d\x9c\xa0\x78\x2e\x17\x84\xfc\x87\xc7\xf5\xdf\x5b\xb5\x71\xfd\xb9\xcb\xd2\x4d\xae\x2f\xf0\x19\xf3\xad\x79\xa8\x9a\xb4\xed\x28\x88\x3c\xe1\x78\x91\x23\x27\xd4\x8d\x94\xb3\xd0\x81\x88\xd2\x55\x95\x8a\x88\x70\x67\x99\x75\xb2\xee\x30\x0f\xe7\xc6\x32\x10" + local iv="\xd7\x45\x16\x4b\x23\x3f\x10\xb9\x39\x45\x52\x6f\xfe\x94\xb8\x7f" + local tests = { + { + key="\xc3\x93\x83\x63\x4d\x87\xeb\x3b\x6e\x56\xed\xf2\xc8\xc0\xba\x99\xcc\x8c\xad\xf0\x00\xfb\x2c\xd7\x37\xe3\x79\x47\xee\xcd\xe5\xfd", + result="\x8C\x2C\x15\x99\x83\x37\x33\xEE\xA1\x70\xA7\x4A\x44\x2E\x6F\x56\x22\x41\xE1\xFC\xC5\x84\x21\x1C\x16\xC6\xE9\x75\x22\x57\x55\x4A\x02\x04\xCE\xAD\xE9\x0A\x45\xAB\x4E\x38\xB8\xB2\x6F\x95\xDA\x46\x4F\x9E\xB1\xFF\xF4\x40\x8A\x57\x25\xD2\xF6\xB6\x93\x65\x75" + }, + { + key="\xc3\x93\x83\x63\x4d\x87\xeb\x3b\x6e\x56\xed\xf2\xc8\xc0\xba\x99\xcc\x8c\xad\xf0\x00\xfb\x2c\xd7", + result="\xB0\x4C\xC9\xDB\x0C\xE5\x67\x51\x1D\x24\x3C\x15\x87\x1B\xF9\x62\x84\x8C\xD0\x57\x33\x93\xE0\x71\x91\x3A\x11\x26\xCA\x77\xA7\x54\xBD\xC6\x5E\x96\x60\x2C\x94\x0F\xBA\x3E\x79\xDC\x48\xA0\x22\x97\xA7\x77\x55\xC8\x14\xEA\xC2\xF5\xA0\x88\x6F\xE2\x44\x32\x68" + }, + { + key="\xc3\x93\x83\x63\x4d\x87\xeb\x3b\x6e\x56\xed\xf2\xc8\xc0\xba\x99", + result="\xD9\xAC\xC7\x7D\xC8\xC9\xF1\x59\x9A\xDF\x15\xF3\x58\x61\xFD\x2B\x1D\x01\x9A\x5F\x04\x53\xA2\xA8\xFD\x52\xDC\x8A\xE9\x3B\x2E\x5E\x0D\x13\xCB\xBD\x16\xED\xC1\xF2\x0D\x68\x62\xB7\xD5\x0F\x8D\xD4\xEB\xA1\xC5\x75\xF2\x0B\x26\x75\x1D\x7E\x5A\x37\xA6\x8A\xCD" + } + } + for k,t in pairs(tests) do + local decrypted = aes_ctr(t.key, iv, data) + io.write("KEY SIZE "..(#t.key*8).." ") + print( decrypted==t.result and "DECRYPT OK" or "DECRYPT ERROR" ) + test_assert(decrypted==t.result) + end +end + +function test_ub() + for k,f in pairs({{u8,bu8,0xFF,8}, {u16,bu16,0xFFFF,16}, {u24,bu24,0xFFFFFF,24}, {u32,bu32,0xFFFFFFFF,32}}) do + local v = math.random(0,f[3]) + local pos = math.random(1,20) + local s = brandom(pos-1)..f[2](v)..brandom(20) + local v2 = f[1](s,pos) + print("u"..tostring(f[4]).." pos="..tostring(pos).." "..tostring(v).." "..tostring(v2)) + test_assert(v==v2) + end +end + +function test_bit() + local v, v2, v3, v4, b1, b2, pow + + v = math.random(0,0xFFFFFFFF) + b1 = math.random(1,16) + + v2 = bitrshift(v, b1) + pow = 2^b1 + v3 = divint(v, pow) + print(string.format("rshift(0x%X,%u) = 0x%X 0x%X/%u = 0x%X", v,b1,v2, v,pow,v3)) + test_assert(v2==v3) + + v2 = bitlshift(v, b1) + pow = 2^b1 + v3 = (v * pow) % 0x100000000 + print(string.format("lshift(0x%X,%u) = 0x%X 0x%X*%u %% 0x10000000 = 0x%X", v,b1,v2, v,pow,v3)) + test_assert(v2==v3) + + v2 = math.random(0,0xFFFFFFFF) + v3 = bitxor(v, v2) + v4 = bitor(v, v2) - bitand(v, v2) + print(string.format("xor(0x%X,0x%X) = %X or/and/minus = %X", v, v2, v3, v4)) + test_assert(v3==v4) + + b2 = b1 + math.random(1,15) + v2 = bitget(v, b1, b2) + pow = 2^(b2-b1+1) - 1 + v3 = bitand(bitrshift(v,b1), pow) + print(string.format("bitget(0x%X,%u,%u) = 0x%X bitand/bitrshift/pow = 0x%X", v, b1, b2, v2, v3)) + test_assert(v2==v3) + + v4 = math.random(0,pow) + v2 = bitset(v, b1, b2, v4) + v3 = bitor(bitlshift(v4, b1), bitand(v, bitnot(bitlshift(pow, b1)))) + print(string.format("bitset(0x%X,%u,%u,0x%X) = 0x%X bitand/bitnot/bitlshift/pow = 0x%X", v, b1, b2, v4, v2, v3)) + test_assert(v2==v3) +end + +function test_ux() + local v1, v2, v3, usum, sum + for k,test in pairs({ + { add=u8add, fname="u8add", max = 0xFF }, + { add=u16add, fname="u16add", max = 0xFFFF }, + { add=u24add, fname="u24add", max = 0xFFFFFF }, + { add=u32add, fname="u32add", max = 0xFFFFFFFF } + }) do + io.write(test.fname.." : ") + for i=1,1000 do + v1=math.random(-test.max,test.max) + v2=math.random(-test.max,test.max) + v3=math.random(-test.max,test.max) + usum = test.add(v1,v2,v3) + sum = bitand((v1+v2+v3)%(test.max+1),test.max) + if sum~=usum then + print("FAIL") + end + test_assert(sum==usum) + end + print("OK") + end +end + +function test_bin(...) + test_run({test_ub, test_bit, test_ux},...) +end + + +function test_ipstr() + local s_ip, ip, s_ip2 + + s_ip = string.format("%u.%u.%u.%u", math.random(0,255), math.random(0,255), math.random(0,255), math.random(0,255)); + ip = pton(s_ip) + s_ip2 = ntop(ip) + print("IP: "..s_ip) + print("IPBIN: "..string2hex(ip)) + print("IP2: "..s_ip2) + test_assert(s_ip==s_ip2) + + s_ip = string.format("%x:%x:%x:%x:%x:%x:%x:%x", math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF), math.random(1,0xFFFF)); + ip = pton(s_ip) + s_ip2 = ntop(ip) + print("IP: "..s_ip) + print("IPBIN: "..string2hex(ip)) + print("IP2: "..s_ip2) + test_assert(s_ip==s_ip2) +end + + +function test_dissect() + local dis, raw1, raw2 + + for i=1,20 do + print("* dissect test "..tostring(i)) + + local ip_tcp = { + ip = { + ip_tos = math.random(0,255), + ip_id = math.random(0,0xFFFF), + ip_off = 0, + ip_ttl = math.random(0,255), + ip_p = IPPROTO_TCP, + ip_src = brandom(4), + ip_dst = brandom(4), + options = brandom(math.random(0,40)) + }, + tcp = { + th_sport = math.random(0,0xFFFF), + th_dport = math.random(0,0xFFFF), + th_seq = math.random(0,0xFFFFFFFF), + th_ack = math.random(0,0xFFFFFFFF), + th_x2 = math.random(0,0xF), + th_flags = math.random(0,0xFF), + th_win = math.random(0,0xFFFF), + th_urp = math.random(0,0xFFFF), + options = { + { kind = 1 }, + { kind = 0xE0, data = brandom(math.random(1,10)) }, + { kind = 1 }, + { kind = 0xE1, data = brandom(math.random(1,10)) }, + { kind = 0 } + } + }, + payload = brandom(math.random(0, 20)) + } + raw1 = reconstruct_dissect(ip_tcp) + print("IP+TCP : "..string2hex(raw1)) + dis1 = dissect(raw1); + raw2 = reconstruct_dissect(dis1) + dis2 = dissect(raw2); + print("IP+TCP2: "..string2hex(raw2)) + print( raw1==raw2 and "DISSECT OK" or "DISSECT FAILED" ) + test_assert(raw1==raw2) + + local ip6_udp = { + ip6 = { + ip6_flow = 0x60000000 + math.random(0,0xFFFFFFF), + ip6_hlim = math.random(1,0xFF), + ip6_src = brandom(16), + ip6_dst = brandom(16), + exthdr = { + { type = IPPROTO_HOPOPTS, data = brandom(6+8*math.random(0,2)) }, + { type = IPPROTO_AH, data = brandom(6+4*math.random(0,4)) } + } + }, + udp = { + uh_sport = math.random(0,0xFFFF), + uh_dport = math.random(0,0xFFFF) + }, + payload = brandom(math.random(0, 20)) + } + + raw1 = reconstruct_dissect(ip6_udp) + print("IP6+UDP : "..string2hex(raw1)) + dis1 = dissect(raw1); + raw2 = reconstruct_dissect(dis1) + dis2 = dissect(raw2); + print("IP6+UDP2: "..string2hex(raw2)) + print( raw1==raw2 and "DISSECT OK" or "DISSECT FAILED" ) + test_assert(raw1==raw2) + end +end + +function test_csum() + local payload = brandom(math.random(10,20)) + local ip4b, ip6b, raw, tcpb, udpb, dis1, dis2 + local ip = { + ip_tos = math.random(0,255), + ip_id = math.random(0,0xFFFF), + ip_len = math.random(0,0xFFFF), + ip_off = 0, + ip_ttl = math.random(0,255), + ip_p = IPPROTO_TCP, + ip_src = brandom(4), + ip_dst = brandom(4), + options = brandom(4*math.random(0,10)) + } + ip4b = reconstruct_iphdr(ip) + raw = bu8(0x40 + 5 + #ip.options/4) .. + bu8(ip.ip_tos) .. + bu16(ip.ip_len) .. + bu16(ip.ip_id) .. + bu16(ip.ip_off) .. + bu8(ip.ip_ttl) .. + bu8(ip.ip_p) .. + bu16(0) .. + ip.ip_src .. ip.ip_dst .. + ip.options + raw = csum_ip4_fix(raw) + print( raw==ip4b and "IP4 RECONSTRUCT+CSUM OK" or "IP4 RECONSTRUCT+CSUM FAILED" ) + test_assert(raw==ip4b) + + + local tcp = { + th_sport = math.random(0,0xFFFF), + th_dport = math.random(0,0xFFFF), + th_seq = math.random(0,0xFFFFFFFF), + th_ack = math.random(0,0xFFFFFFFF), + th_x2 = math.random(0,0xF), + th_flags = math.random(0,0xFF), + th_win = math.random(0,0xFFFF), + th_urp = math.random(0,0xFFFF), + options = { + { kind = 1 }, + { kind = 0xE0, data = brandom(math.random(1,10)) }, + { kind = 1 }, + { kind = 0xE1, data = brandom(math.random(1,10)) }, + { kind = 0 } + } + } + tcpb = reconstruct_tcphdr(tcp) + raw = bu16(tcp.th_sport) .. + bu16(tcp.th_dport) .. + bu32(tcp.th_seq) .. + bu32(tcp.th_ack) .. + bu8(l4_len({tcp = tcp}) * 4 + tcp.th_x2) .. + bu8(tcp.th_flags) .. + bu16(tcp.th_win) .. + bu16(0) .. + bu16(tcp.th_urp) .. + bu8(tcp.options[1].kind).. + bu8(tcp.options[2].kind)..bu8(2 + #tcp.options[2].data)..tcp.options[2].data .. + bu8(tcp.options[3].kind).. + bu8(tcp.options[4].kind)..bu8(2 + #tcp.options[4].data)..tcp.options[4].data .. + bu8(tcp.options[5].kind) + raw = raw .. string.rep(bu8(TCP_KIND_NOOP), bitand(4-bitand(#raw,3),3)) + print( raw==tcpb and "TCP RECONSTRUCT OK" or "TCP RECONSTRUCT FAILED" ) + test_assert(raw==tcpb) + + raw = reconstruct_dissect({ip=ip, tcp=tcp, payload=payload}) + dis1 = dissect(raw) + tcpb = csum_tcp_fix(ip4b,tcpb,payload) + dis2 = dissect(ip4b..tcpb..payload) + print( dis1.tcp.th_sum==dis2.tcp.th_sum and "TCP+IP4 CSUM OK" or "TCP+IP4 CSUM FAILED" ) + test_assert(dis1.tcp.th_sum==dis2.tcp.th_sum) + + + local ip6 = { + ip6_flow = 0x60000000 + math.random(0,0xFFFFFFF), + ip6_hlim = math.random(1,0xFF), + ip6_src = brandom(16), + ip6_dst = brandom(16), + exthdr = { + { type = IPPROTO_HOPOPTS, data = brandom(6+8*math.random(0,2)) } + } + } + ip6.ip6_plen = packet_len({ip6=ip6,tcp=tcp,payload=payload}) - IP6_BASE_LEN + ip6b = reconstruct_ip6hdr(ip6, {ip6_last_proto=IPPROTO_TCP}) + raw = bu32(ip6.ip6_flow) .. + bu16(ip6.ip6_plen) .. + bu8(ip6.exthdr[1].type) .. + bu8(ip6.ip6_hlim) .. + ip6.ip6_src .. ip6.ip6_dst .. + bu8(IPPROTO_TCP) .. + bu8((#ip6.exthdr[1].data+2)/8 - 1) .. + ip6.exthdr[1].data + print( raw==ip6b and "IP6 RECONSTRUCT OK" or "IP6 RECONSTRUCT FAILED" ) + test_assert(raw==ip6b) + + raw = reconstruct_dissect({ip6=ip6, tcp=tcp, payload=payload}) + dis1 = dissect(raw) + tcpb = csum_tcp_fix(ip6b,tcpb,payload) + dis2 = dissect(ip6b..tcpb..payload) + print( dis1.tcp.th_sum==dis2.tcp.th_sum and "TCP+IP6 CSUM OK" or "TCP+IP6 CSUM FAILED" ) + test_assert(dis1.tcp.th_sum==dis2.tcp.th_sum) + + + ip.ip_p = IPPROTO_UDP + ip4b = reconstruct_iphdr(ip) + ip6.ip6_plen = packet_len({ip6=ip6,udp=udp,payload=payload}) - IP6_BASE_LEN + ip6b = reconstruct_ip6hdr(ip6, {ip6_last_proto=IPPROTO_UDP}) + + local udp = { + uh_sport = math.random(0,0xFFFF), + uh_dport = math.random(0,0xFFFF), + uh_ulen = UDP_BASE_LEN + #payload + } + + udpb = reconstruct_udphdr(udp) + raw = bu16(udp.uh_sport) .. + bu16(udp.uh_dport) .. + bu16(udp.uh_ulen) .. + bu16(0) + print( raw==udpb and "UDP RECONSTRUCT OK" or "UDP RECONSTRUCT FAILED" ) + test_assert(raw==udpb) + + raw = reconstruct_dissect({ip=ip, udp=udp, payload=payload}) + dis1 = dissect(raw) + udpb = csum_udp_fix(ip4b,udpb,payload) + dis2 = dissect(ip4b..udpb..payload) + print( dis1.udp.uh_sum==dis2.udp.uh_sum and "UDP+IP4 CSUM OK" or "UDP+IP4 CSUM FAILED" ) + test_assert(dis1.udp.uh_sum==dis2.udp.uh_sum) + + raw = reconstruct_dissect({ip6=ip6, udp=udp, payload=payload}) + dis1 = dissect(raw) + udpb = csum_udp_fix(ip6b,udpb,payload) + dis2 = dissect(ip6b..udpb..payload) + print( dis1.udp.uh_sum==dis2.udp.uh_sum and "UDP+IP6 CSUM OK" or "UDP+IP6 CSUM FAILED" ) + test_assert(dis1.udp.uh_sum==dis2.udp.uh_sum) +end + +function test_resolve() + local pos + + pos = zero_based_pos(resolve_multi_pos(fake_default_tls,"tls_client_hello","1,extlen,sniext,host,sld,midsld,endsld,endhost,-5")) + test_assert(pos) + print("resolve_multi_pos tls : "..table.concat(pos," ")) + pos = zero_based_pos(resolve_range(fake_default_tls,"tls_client_hello","host,endhost")) + test_assert(pos) + print("resolve_range tls : "..table.concat(pos," ")) + pos = resolve_pos(fake_default_tls,"tls_client_hello","midsld") + test_assert(pos) + print("resolve_pos tls : "..pos - 1) + pos = resolve_pos(fake_default_tls,"tls_client_hello","method") + test_assert(not pos) + print("resolve_pos tls non-existent : "..tostring(pos)) + + pos = zero_based_pos(resolve_multi_pos(fake_default_http,"http_req","method,host,sld,midsld,endsld,endhost,-5")) + test_assert(pos) + print("resolve_multi_pos http : "..table.concat(pos," ")) + pos = resolve_pos(fake_default_http,"http_req","sniext") + test_assert(not pos) + print("resolve_pos http non-existent : "..tostring(pos)) +end + +function test_rawsend(opts) + local ifout = (opts and opts.ifout) and opts.ifout + local function rawsend_fail_warning() + if not opts or not opts.ifout or #opts.ifout==0 then + local un = uname() + if string.sub(un.sysname,1,6)=="CYGWIN" then + print("windivert requires interface name in the form '.'. take it from winws2 output with '--debug' option and call test_rawsend({ifout=interface_name})") + end + end + end + local function rawsend_dissect_print(dis, options) + if options then + options.ifout = ifout + else + options = { ifout = ifout } + end + local b = rawsend_dissect(dis, options) + if not b then + print("rawsend_dissect failed") + rawsend_fail_warning() + end + return b + end + local function rawsend_print(raw, options) + if options then + options.ifout = ifout + else + options = { ifout = ifout } + end + print("rawsend: "..string2hex(raw)) + local b = rawsend(raw, options) + if not b then + print("rawsend failed") + rawsend_fail_warning() + end + return b + end + local ip, ip6, udp, dis, ddis, raw_ip, raw_udp, raw + local payload = brandom(math.random(100,1200)) + local b + + ip = { + ip_tos = 0, + ip_id = math.random(0,0xFFFF), + ip_off = 0, + ip_ttl = 1, + ip_p = IPPROTO_UDP, + ip_src = pton("192.168.1.1"), + ip_dst = pton("192.168.1.2") + } + udp = { + uh_sport = math.random(0,0xFFFF), + uh_dport = math.random(0,0xFFFF) + } + dis = {ip = ip, udp = udp, payload = payload} + print("send ipv4 udp") + test_assert(rawsend_dissect_print(dis, {repeats=3})) + ddis = ipfrag2(dis, {ipfrag_pos_udp = 80}) + for k,d in pairs(ddis) do + print("send ipv4 udp frag "..k) + test_assert(rawsend_dissect_print(d)) + end + + local ip2=ip + ip2.ip_len = IP_BASE_LEN + UDP_BASE_LEN + #payload + raw_ip = reconstruct_iphdr(ip2) + raw_udp = reconstruct_udphdr({uh_sport = udp.uh_sport, uh_dport = udp.uh_dport, uh_ulen = UDP_BASE_LEN + #payload}) + raw_udp = csum_udp_fix(raw_ip,raw_udp,payload) + raw = raw_ip .. raw_udp .. payload + print("send ipv4 udp using pure rawsend without dissect") + test_assert(rawsend_print(raw, {repeats=5})) + + ip6 = { + ip6_flow = 0x60000000, + ip6_hlim = 1, + ip6_src = pton("fdce:3124:164a:5318::1"), + ip6_dst = pton("fdce:3124:164a:5318::2") + } + dis = {ip6 = ip6, udp = udp, payload = payload} + print("send ipv6 udp") + test_assert(rawsend_dissect_print(dis, {repeats=3})) + + ddis = ipfrag2(dis, {ipfrag_pos_udp = 80}) + for k,d in pairs(ddis) do + print("send ipv6 udp frag "..k) + test_assert(rawsend_dissect_print(d)) + end + + ip6.exthdr={{ type = IPPROTO_HOPOPTS, data = "\x00\x00\x00\x00\x00\x00" }} + print("send ipv6 udp with hopbyhop ext header") + test_assert(rawsend_dissect_print(dis, {repeats=3})) + + ddis = ipfrag2(dis, {ipfrag_pos_udp = 80}) + for k,d in pairs(ddis) do + print("send ipv6 udp frag "..k.." with hopbyhop ext header") + test_assert(rawsend_dissect_print(d)) + end + + table.insert(ip6.exthdr, { type = IPPROTO_DSTOPTS, data = "\x00\x00\x00\x00\x00\x00" }) + table.insert(ip6.exthdr, { type = IPPROTO_DSTOPTS, data = "\x00\x00\x00\x00\x00\x00" }) + ip6.ip6_flow = 0x60001234; + ddis = ipfrag2(dis, {ipfrag_pos_udp = 80}) + for k,d in pairs(ddis) do + print("send ipv6 udp frag "..k.." with hopbyhop, destopt ext headers in unfragmentable part and another destopt ext header in fragmentable part") + test_assert(rawsend_dissect_print(d, {fwmark = 0x50EA})) + end + + fix_ip6_next(ip6) -- required to forge next proto in the second fragment + ip6.ip6_flow = 0x6000AE38; + ddis = ipfrag2(dis, {ipfrag_pos_udp = 80, ipfrag_next = IPPROTO_TCP}) + for k,d in pairs(ddis) do + print("send ipv6 udp frag "..k.." with hopbyhop, destopt ext headers in unfragmentable part and another destopt ext header in fragmentable part. forge next proto in fragment header of the second fragment to TCP") + -- reconstruct dissect using next proto fields in the dissect. do not auto fix next proto chain. + -- by default reconstruct fixes next proto chain + test_assert(rawsend_dissect_print(d, {fwmark = 0x409A, repeats=2}, {ip6_preserve_next = true})) + end +end diff --git a/zapret-winws/lua/zapret-wgobfs.lua b/zapret-winws/lua/zapret-wgobfs.lua new file mode 100644 index 0000000..e76ef29 --- /dev/null +++ b/zapret-winws/lua/zapret-wgobfs.lua @@ -0,0 +1,79 @@ +-- test case : nfqws2 --qnum 200 --debug --lua-init=@zapret-wgobfs.lua --in-range=a --out-range=a --lua-desync=wgobfs:secret=mycoolpassword +-- encrypt standard wireguard messages - initiation, response, cookie - and change udp packet size +-- do not encrypt data messages and keepalives +-- wgobfs adds maximum of 30+padmax bytes to udp size +-- reduce MTU of wireguard interface to avoid ip fragmentation ! +-- without knowing the secret encrypted packets should be crypto strong white noise with no signature +-- arg : secret - shared secret. any string. must be the same on both peers +-- arg : padmin - min random garbage bytes. 0 by default +-- arg : padmax - max random garbage bytes. 16 by default +function wgobfs(ctx, desync) + local padmin = desync.arg.padmin and tonumber(desync.arg.padmin) or 0 + local padmax = desync.arg.padmax and tonumber(desync.arg.padmax) or 16 + local function genkey() + -- cache key in a global var bound to instance name + local key_cache_name = desync.func_instance.."_key" + key = _G[key_cache_name] + if not key then + key = hkdf("sha256", "wgobfs_salt", desync.arg.secret, nil, 16) + _G[key_cache_name] = key + end + return key + end + local function maybe_encrypted_payload(payload) + for k,plsize in pairs({2+12+16+148, 2+12+16+92, 2+12+16+64}) do + if #payload>=(plsize+padmin) and #payload<=(plsize+padmax) then + return true + end + end + return false + end + local function wg_payload_from_size(payload) + if #payload==148 then return "wireguard_initiation" + elseif #payload==92 then return "wireguard_response" + elseif #payload==64 then return "wireguard_cookie" + else return nil + end + end + + if not desync.dis.udp then + instance_cutoff(ctx) + return + end + if not desync.arg.secret or #desync.arg.secret==0 then + error("wgobfs requires secret") + end + if padmin>padmax then + error("wgobfs: padmin>padmax") + end + if desync.l7payload=="wireguard_initiation" or desync.l7payload=="wireguard_response" or desync.l7payload=="wireguard_cookie" and #desync.dis.payload<65506 then + DLOG("wgobfs: encrypting '"..desync.l7payload.."'. size "..#desync.dis.payload) + local key = genkey() + -- in aes-gcm every message require it's own crypto secure random iv + -- encrypting more than one message with the same iv is considered catastrophic failure + -- iv must be sent with encrypted message + local iv = bcryptorandom(12) + local encrypted, atag = aes_gcm(true, key, iv, bu16(#desync.dis.payload)..desync.dis.payload..brandom(math.random(padmin,padmax)), nil) + desync.dis.payload = iv..atag..encrypted + return VERDICT_MODIFY + end + + if desync.l7payload=="unknown" and maybe_encrypted_payload(desync.dis.payload) then + local key = genkey() + local iv = string.sub(desync.dis.payload,1,12) + local atag = string.sub(desync.dis.payload,13,28) + local decrypted, atag2 = aes_gcm(false, key, iv, string.sub(desync.dis.payload,29)) + if atag==atag2 then + local plen = u16(decrypted) + if plen>(#decrypted-2) then + DLOG("wgobfs: bad decrypted payload data") + else + desync.dis.payload = string.sub(decrypted, 3, 3+plen-1) + if b_debug then DLOG("wgobfs: decrypted '"..(wg_payload_from_size(desync.dis.payload) or "unknown").."' message. size "..plen) end + return VERDICT_MODIFY + end + else + DLOG("wgobfs: decrypt auth tag mismatch") + end + end +end diff --git a/zapret-winws/preset2_example.cmd b/zapret-winws/preset2_example.cmd new file mode 100644 index 0000000..526bbfe --- /dev/null +++ b/zapret-winws/preset2_example.cmd @@ -0,0 +1,41 @@ +start "zapret: http,https,quic" /min "%~dp0winws2.exe" ^ +--wf-tcp-out=80,443 ^ +--lua-init=@"%~dp0lua\zapret-lib.lua" --lua-init=@"%~dp0lua\zapret-antidpi.lua" ^ +--lua-init="fake_default_tls = tls_mod(fake_default_tls,'rnd,rndsni')" ^ +--blob=quic_google:@"%~dp0files\quic_initial_www_google_com.bin" ^ +--wf-raw-part=@"%~dp0windivert.filter\windivert_part.discord_media.txt" ^ +--wf-raw-part=@"%~dp0windivert.filter\windivert_part.stun.txt" ^ +--wf-raw-part=@"%~dp0windivert.filter\windivert_part.wireguard.txt" ^ +--wf-raw-part=@"%~dp0windivert.filter\windivert_part.quic_initial_ietf.txt" ^ +--filter-tcp=80 --filter-l7=http ^ + --out-range=-d10 ^ + --payload=http_req ^ + --lua-desync=fake:blob=fake_default_http:ip_autottl=-2,3-20:ip6_autottl=-2,3-20:tcp_md5 ^ + --lua-desync=fakedsplit:ip_autottl=-2,3-20:ip6_autottl=-2,3-20:tcp_md5 ^ + --new ^ +--filter-tcp=443 --filter-l7=tls --hostlist="%~dp0files\list-youtube.txt" ^ + --out-range=-d10 ^ + --payload=tls_client_hello ^ + --lua-desync=fake:blob=fake_default_tls:tcp_md5:repeats=11:tls_mod=rnd,dupsid,sni=www.google.com ^ + --lua-desync=multidisorder:pos=1,midsld ^ + --new ^ +--filter-tcp=443 --filter-l7=tls ^ + --out-range=-d10 ^ + --payload=tls_client_hello ^ + --lua-desync=fake:blob=fake_default_tls:tcp_md5:tcp_seq=-10000:repeats=6 ^ + --lua-desync=multidisorder:pos=midsld ^ + --new ^ +--filter-udp=443 --filter-l7=quic --hostlist="%~dp0files\list-youtube.txt" ^ + --out-range=-d10 ^ + --payload=quic_initial ^ + --lua-desync=fake:blob=quic_google:repeats=11 ^ + --new ^ +--filter-udp=443 --filter-l7=quic ^ + --out-range=-d10 ^ + --payload=quic_initial ^ + --lua-desync=fake:blob=fake_default_quic:repeats=11 ^ + --new ^ +--filter-l7=wireguard,stun,discord ^ + --out-range=-d10 ^ + --payload=wireguard_initiation,wireguard_cookie,stun,discord_ip_discovery ^ + --lua-desync=fake:blob=0x00000000000000000000000000000000:repeats=2 diff --git a/zapret-winws/preset_example.cmd b/zapret-winws/preset_example.cmd new file mode 100644 index 0000000..11d015e --- /dev/null +++ b/zapret-winws/preset_example.cmd @@ -0,0 +1,11 @@ +start "zapret: http,https,quic" /min "%~dp0winws.exe" ^ +--wf-tcp=80,443 ^ +--wf-raw-part=@"%~dp0windivert.filter\windivert_part.discord_media.txt" ^ +--wf-raw-part=@"%~dp0windivert.filter\windivert_part.stun.txt" ^ +--wf-raw-part=@"%~dp0windivert.filter\windivert_part.wireguard.txt" ^ +--wf-raw-part=@"%~dp0windivert.filter\windivert_part.quic_initial_ietf.txt" ^ +--filter-tcp=80 --dpi-desync=fake,fakedsplit --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --new ^ +--filter-tcp=443 --hostlist="%~dp0files\list-youtube.txt" --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-repeats=11 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new ^ +--filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=midsld --dpi-desync-repeats=6 --dpi-desync-fooling=badseq,md5sig --new ^ +--filter-l7=quic --hostlist="%~dp0files\list-youtube.txt" --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic="%~dp0files\quic_initial_www_google_com.bin" --new ^ +--filter-l7=quic --dpi-desync=fake --dpi-desync-repeats=11 diff --git a/zapret-winws/preset_wireguard.cmd b/zapret-winws/preset_wireguard.cmd new file mode 100644 index 0000000..9375b9f --- /dev/null +++ b/zapret-winws/preset_wireguard.cmd @@ -0,0 +1,3 @@ +start "zapret: wireguard" /min "%~dp0winws.exe" ^ +--wf-raw-part=@"%~dp0windivert.filter\windivert_part.wireguard.txt" ^ +--filter-l7=wireguard --dpi-desync=fake --dpi-desync-repeats=2 diff --git a/zapret-winws/service_create.cmd b/zapret-winws/service_create.cmd new file mode 100644 index 0000000..65617b5 --- /dev/null +++ b/zapret-winws/service_create.cmd @@ -0,0 +1,30 @@ +@rem THIS BATCH FILE REQUIRES MANUAL EDIT +@rem SERVICE INSTALL IS COMMENTED TO PREVENT SCRIPT KIDDIES FROM DAMAGING THEIR SYSTEMS WITHOUT KNOWING HOW TO RECOVER +@rem ЭТОТ ФАЙЛ ТРЕБУЕТ РЕДАКТИРОВАНИЯ +@rem УСТАНОВКА СЛУЖБЫ ЗАКОММЕНТИРОВАНА, ЧТОБЫ ОГРАДИТЬ НИЧЕГО НЕ ПОНИМАЮЩИХ НАЖИМАТЕЛЕЙ НА ВСЕ ПОДРЯД ОТ ПРОБЛЕМ, КОТОРЫЕ ОНИ НЕ В СОСТОЯНИИ РЕШИТЬ +@rem ЕСЛИ НИЧЕГО НЕ ПОНИМАЕТЕ - НЕ ТРОГАЙТЕ ЭТОТ ФАЙЛ, ОТКАЖИТЕСЬ ОТ ИСПОЛЬЗОВАНИЯ СЛУЖБЫ. ИНАЧЕ БУДЕТЕ ПИСАТЬ ПОТОМ ВОПРОСЫ "У МЕНЯ ПРОПАЛ ИНТЕРНЕТ , КАК ВОССТАНОВИТЬ" + +set ARGS=^ +--wf-tcp=80,443 ^ +--wf-raw-part=@\"%~dp0windivert.filter\windivert_part.discord_media.txt\" ^ +--wf-raw-part=@\"%~dp0windivert.filter\windivert_part.stun.txt\" ^ +--wf-raw-part=@\"%~dp0windivert.filter\windivert_part.wireguard.txt\" ^ +--wf-raw-part=@\"%~dp0windivert.filter\windivert_part.quic_initial_ietf.txt\" ^ +--filter-tcp=80 --dpi-desync=fake,fakedsplit --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --new ^ +--filter-tcp=443 --hostlist=\"%~dp0files\list-youtube.txt\" --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-repeats=11 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new ^ +--filter-tcp=443 --dpi-desync=fake,multidisorder --dpi-desync-split-pos=midsld --dpi-desync-repeats=6 --dpi-desync-fooling=badseq,md5sig --new ^ +--filter-l7=quic --hostlist=\"%~dp0files\list-youtube.txt\" --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=\"%~dp0files\quic_initial_www_google_com.bin\" --new ^ +--filter-l7=quic --dpi-desync=fake --dpi-desync-repeats=11 + +rem call :srvinst winws1 +set ARGS=--wf-raw-part=@\"%~dp0windivert.filter\windivert_part.wireguard.txt\" ^ +--filter-l7=discord,stun --dpi-desync=fake +rem call :srvinst winws2 +goto :eof + +:srvinst +net stop %1 +sc delete %1 +sc create %1 binPath= "\"%~dp0winws.exe\" %ARGS%" DisplayName= "zapret DPI bypass : %1" start= auto +sc description %1 "zapret DPI bypass software" +sc start %1 diff --git a/zapret-winws/service_del.cmd b/zapret-winws/service_del.cmd new file mode 100644 index 0000000..3adeb31 --- /dev/null +++ b/zapret-winws/service_del.cmd @@ -0,0 +1,7 @@ +call :srvdel winws1 +call :srvdel winws2 +goto :eof + +:srvdel +net stop %1 +sc delete %1 diff --git a/zapret-winws/service_start.cmd b/zapret-winws/service_start.cmd new file mode 100644 index 0000000..d90d241 --- /dev/null +++ b/zapret-winws/service_start.cmd @@ -0,0 +1,2 @@ +sc start winws1 +sc start winws2 diff --git a/zapret-winws/service_stop.cmd b/zapret-winws/service_stop.cmd new file mode 100644 index 0000000..97b4f8a --- /dev/null +++ b/zapret-winws/service_stop.cmd @@ -0,0 +1,2 @@ +net stop winws1 +net stop winws2 diff --git a/zapret-winws/task_create.cmd b/zapret-winws/task_create.cmd new file mode 100644 index 0000000..1c95018 --- /dev/null +++ b/zapret-winws/task_create.cmd @@ -0,0 +1,10 @@ +@rem THIS BATCH FILE REQUIRES MANUAL EDIT +@rem SERVICE INSTALL IS COMMENTED TO PREVENT SCRIPT KIDDIES FROM DAMAGING THEIR SYSTEMS WITHOUT KNOWING HOW TO RECOVER +@rem ЭТОТ ФАЙЛ ТРЕБУЕТ РЕДАКТИРОВАНИЯ +@rem УСТАНОВКА СЛУЖБЫ ЗАКОММЕНТИРОВАНА, ЧТОБЫ ОГРАДИТЬ НИЧЕГО НЕ ПОНИМАЮЩИХ НАЖИМАТЕЛЕЙ НА ВСЕ ПОДРЯД ОТ ПРОБЛЕМ, КОТОРЫЕ ОНИ НЕ В СОСТОЯНИИ РЕШИТЬ +@rem ЕСЛИ НИЧЕГО НЕ ПОНИМАЕТЕ - НЕ ТРОГАЙТЕ ЭТОТ ФАЙЛ, ОТКАЖИТЕСЬ ОТ ИСПОЛЬЗОВАНИЯ СЛУЖБЫ. ИНАЧЕ БУДЕТЕ ПИСАТЬ ПОТОМ ВОПРОСЫ "У МЕНЯ ПРОПАЛ ИНТЕРНЕТ , КАК ВОССТАНОВИТЬ" + +set WINWS1=--wf-l3=ipv4,ipv6 --wf-tcp=80,443 --dpi-desync=fake,fakedsplit --dpi-desync-ttl=7 --dpi-desync-fooling=md5sig +rem schtasks /Create /F /TN winws1 /NP /RU "" /SC onstart /TR "\"%~dp0winws.exe\" %WINWS1%" +rem set WINWS2=--wf-l3=ipv4,ipv6 --wf-udp=443 --dpi-desync=fake +rem schtasks /Create /F /TN winws2 /NP /RU "" /SC onstart /TR "\"%~dp0winws.exe\" %WINWS2%" diff --git a/zapret-winws/task_remove.cmd b/zapret-winws/task_remove.cmd new file mode 100644 index 0000000..b677904 --- /dev/null +++ b/zapret-winws/task_remove.cmd @@ -0,0 +1,4 @@ +schtasks /End /TN winws1 +schtasks /Delete /TN winws1 /F +rem schtasks /End /TN winws2 +rem schtasks /Delete /TN winws2 /F diff --git a/zapret-winws/task_start.cmd b/zapret-winws/task_start.cmd new file mode 100644 index 0000000..bf151be --- /dev/null +++ b/zapret-winws/task_start.cmd @@ -0,0 +1,2 @@ +schtasks /Run /TN winws1 +rem schtasks /Run /TN winws2 diff --git a/zapret-winws/task_stop.cmd b/zapret-winws/task_stop.cmd new file mode 100644 index 0000000..a267cb9 --- /dev/null +++ b/zapret-winws/task_stop.cmd @@ -0,0 +1,2 @@ +schtasks /End /TN winws1 +rem schtasks /End /TN winws2 diff --git a/zapret-winws/windivert.filter/README.txt b/zapret-winws/windivert.filter/README.txt new file mode 100644 index 0000000..decde50 --- /dev/null +++ b/zapret-winws/windivert.filter/README.txt @@ -0,0 +1,14 @@ +Цель этих фильтров - отсекать полезную нагрузку в режиме ядра, не насилуя процессор перенаправлением целого потока на winws. +Задействуются через `winws --wf-raw-part=@filename`. Может быть несколько частичных фильтров. Они могут сочетаться с --wf-tcp и --wf-udp. +Однако, язык фильтров windivert не содержит операций с битовыми полями, сдвигов и побитовой логики. +Поэтому фильтры получились более слабыми, способными передавать неправильную нагрузку. +Дофильтрация производится силами winws. + +Описание языка фильтров : https://reqrypt.org/windivert-doc.html#filter_language +Пример инстанса для пробития медиапотоков в discord : `winws --wf-raw-part=@windivert_part.discord_media.txt --wf-raw-part=@windivert_part.stun.txt --filter-l7=stun,discord --dpi-desync=fake` + + +These filters are invoked using `winws --wf-raw-part=@filename`. Multiple filter parts are supported. They can be combined with --wf-tcp and --wf-udp. +Filters are kernel mode and save great amount of CPU. +However windivert cannot filter by bit fields, lacks shift and bitwise logic operations. +Filters are relaxed and can pass wrong payloads. Finer filtering is done by winws. diff --git a/zapret-winws/windivert.filter/windivert_part.discord_media.txt b/zapret-winws/windivert.filter/windivert_part.discord_media.txt new file mode 100644 index 0000000..26c2014 --- /dev/null +++ b/zapret-winws/windivert.filter/windivert_part.discord_media.txt @@ -0,0 +1,20 @@ + outbound and ip and + udp.DstPort>=50000 and udp.DstPort<=50099 and + udp.PayloadLength=74 and + udp.Payload32[0]=0x00010046 and + udp.Payload32[2]=0 and + udp.Payload32[3]=0 and + udp.Payload32[4]=0 and + udp.Payload32[5]=0 and + udp.Payload32[6]=0 and + udp.Payload32[7]=0 and + udp.Payload32[8]=0 and + udp.Payload32[9]=0 and + udp.Payload32[10]=0 and + udp.Payload32[11]=0 and + udp.Payload32[12]=0 and + udp.Payload32[13]=0 and + udp.Payload32[14]=0 and + udp.Payload32[15]=0 and + udp.Payload32[16]=0 and + udp.Payload32[17]=0 \ No newline at end of file diff --git a/zapret-winws/windivert.filter/windivert_part.quic_initial_ietf.txt b/zapret-winws/windivert.filter/windivert_part.quic_initial_ietf.txt new file mode 100644 index 0000000..6e01bef --- /dev/null +++ b/zapret-winws/windivert.filter/windivert_part.quic_initial_ietf.txt @@ -0,0 +1,4 @@ + outbound and + udp.PayloadLength>=256 and + udp.Payload[0]>=0xC0 and udp.Payload[0]<0xD0 and + udp.Payload[1]=0 and udp.Payload16[1]=0 and udp.Payload[4]=1 diff --git a/zapret-winws/windivert.filter/windivert_part.stun.txt b/zapret-winws/windivert.filter/windivert_part.stun.txt new file mode 100644 index 0000000..a761690 --- /dev/null +++ b/zapret-winws/windivert.filter/windivert_part.stun.txt @@ -0,0 +1,3 @@ + outbound and + udp.PayloadLength>=20 and + udp.Payload32[1]=0x2112A442 and udp.Payload[0]<0x40 \ No newline at end of file diff --git a/zapret-winws/windivert.filter/windivert_part.wireguard.txt b/zapret-winws/windivert.filter/windivert_part.wireguard.txt new file mode 100644 index 0000000..9b07c08 --- /dev/null +++ b/zapret-winws/windivert.filter/windivert_part.wireguard.txt @@ -0,0 +1,3 @@ + outbound and + udp.PayloadLength=148 and + udp.Payload[0]=0x01 \ No newline at end of file diff --git a/zapret-winws/windivert_delete.cmd b/zapret-winws/windivert_delete.cmd new file mode 100644 index 0000000..862ec02 --- /dev/null +++ b/zapret-winws/windivert_delete.cmd @@ -0,0 +1,21 @@ +@echo off + +if "%1%" == "del" ( + echo DELETE WINDIVERT DRIVER + sc delete windivert + sc stop windivert + goto :end +) + +sc qc windivert +if errorlevel 1 goto :end + +echo. +choice /C YN /M "Do you want to stop and delete windivert" +if ERRORLEVEL 2 goto :eof + +"%~dp0elevator" %0 del +goto :eof + +:end +pause diff --git a/zapret-winws/winws.exe b/zapret-winws/winws.exe new file mode 100644 index 0000000..43bbbb4 Binary files /dev/null and b/zapret-winws/winws.exe differ diff --git a/zapret-winws/winws2.exe b/zapret-winws/winws2.exe new file mode 100644 index 0000000..5708218 Binary files /dev/null and b/zapret-winws/winws2.exe differ