Imported Upstream version 0.64

diff --git a/Changes b/Changes
new file mode 100644 (file)
index 0000000..386b8eb
--- /dev/null
+++ b/Changes
@@ -0,0 +1,700 @@
+Revision history for Crypt-SSLeay
+=================================
+
+0.64 2012-08-06 01:23:30
+
+- Drastically simplify Makefile.PL to resolve RT bugs #61249, #61324,
+  #63553, #68208, and #68084.
+
+- Forgot to update Changes for 0.63, so this version overrides that.
+
+
+0.61_05 2012-08-04 00:40:22 UTC
+
+- Trying to distinguish between good vs bad zero returns from underlying
+  SSL_read/SSL_write broke stuff (see RT bug #78695). Revert to previous
+  behavior.
+
+- Completely re-organize Makefile.PL. I hope these changes will help take
+  care of RT bugs #61324, #61249, #63553, and #68084 etc. This is not
+  necessarily finished, but I want to see what happens on CPAN Testers at
+  this point before making a few other minor changes.
+
+0.60 2012-07-29 21:43:47 UTC
+
+- Release 0.59_03 as 0.60 so distributions can pick up various fixes. The most
+  important one seems to be bug RT #70565. This should take care of bug RT
+  #77167
+
+- SSL_read and SSL_write now try to handle incomplete reads/writes (see bug RT
+  RT #64054). The current test suite does is not very comprehensive, so caution
+  is recommended at this point. Also, if you have good test cases, I would love
+  to incorporate them into the distribution.
+
+0.59_03 2012-03-10 00:45:28 UTC
+
+- Bump version number and upload to CPAN.
+
+
+0.59_02 2012-03-08 16:16:03 UTC
+
+- Forgot to update Changes for 0.59_01. The following is a combined list of
+  the more important fixes incorporated in both.
+
+- Bug RT #64054: Handle incomplete reads/writes better
+
+- Bug RT #73754: Add LWP::Protocol::https to PREREQ_PM
+
+- Bug RT #73755: Crypt-SSLeay does not verify hosts (yet). Don't let that
+  cause a failure during tests.
+
+- Streamline t/02-live.t using Try::Tiny and done_testing
+
+- Plus assorted related small changes.
+
+0.58_01 2010-09-08 19:11:39 UTC
+
+- L<text|scheme:...> is not supported in POD for 5.8.5 and earlier.
+- TODOs in POD should stand out
+- Add /boot/common/ssl and some other directories to unix_ssl_dirs (see bug
+  #60936).
+
+0.58 2010-08-25 14:06:30 UTC
+
+- Bump version number for Crypt::SSLeay to 0.58 and Net::SSL to 2.85 in
+  preparation for release.
+- Fix typo in POD is SSLeay.pm s/PEM0encoded/PEM encoded/ (checked
+  http://github.com/gitpan/Crypt-SSLeay/blob/9a1582ee1e4d132ae7cf9497bb83144786425d73/SSLeay.pm)
+- Update Changes and TODO. Regenerate README and META.yml. Update package
+  author. Minor POD fixes.
+
+0.57_05 2010-08-15 17:41:21 UTC
+
+- Fix for NO_PROXY support in Net::SSL (bug #57836)
+- Bump Net::SSL version number to 2.84_02 after changes
+- Fix file/dir permissions (bug #60338)
+- Review warnings when compiling SSLeay.xs against older versions of
+  OpenSSL: Warnings are due to OpenSSL.
+- Add clarification regarding $ENV{HTTPS_CA_FILE} and $ENV{HTTPS_CA_DIR} to
+  the POD.
+- Other POD related changes: 
+    * Remove historic information in README about platforms where the package
+      was successfully built.
+    * Reformat acknowledgements. TODO: Add more people.
+    * Fix link to Net-SSLeay.
+    * Add note about the --live-tests command line option
+    * Generate README from POD.
+    * Formatting fixes.
+    * Update copyright notice.
+
+0.57_04 2010-08-11 00:22:33 UTC
+
+- Reorganize Makefile.PL to break individual steps in to subroutines so as to
+  facilitate localized future modifications. Whether there was any point to
+  this remains to be seen.
+- In Makefile.PL, accommodate ActiveState+MingW configuration.
+- Pick the correct lib location for Strawberry Perl (bug #60230).
+- Apply fixes in bug reports #59312 and #33954 to Net/SSL.pm.
+- Bump version number in Net/SSL.pm to indicate development release.
+
+0.57_03 2010-08-09 20:12:30 UTC
+
+- If the last component of $inc_dir is 'openssl', set $inc_dir to its parent
+  and set $prefix to 'openssl'. Otherwise, leave $inc_dir as is and set $prefix
+  to '' (I hope this fixes bugs #28431, #28680, #32084, #43084, #54103 without
+  breaking anything).
+- Improved OpenSSL detection on Win32/Strawberry Perl (bug #49285).
+- Add MIME::Base64 as a prerequisite as Net::SSL needs it.
+- exit 0 if OpenSSL can't be found to avoid superfluous reports from CPAN
+  Testers.
+- Add \ to $opt_bench in eg/net-ssl-test (bugs #30931, #39363).
+
+0.57_02 2010-08-08 18:27:40 UTC
+
+- Refactor the version detection algorithm in Makefile.PL to handle all known
+  variations of version number encoding. Should fix bug #52408. 
+
+0.57_01 2008-02-18 14:42:32 UTC
+
+- use #include <..> rather than #include "..." in
+  crypt_ssleay_version.h.
+- add command-line switch to avoid live tests (bug #30268).
+- skip tests in t/01-connect.t if 443 is already in use (bug #30985).
+- make code gcc -Wwrite-strings compatible (bug #31926).
+
+0.57 2007-09-17 20:45:20 UTC
+
+- Honour both $ENV{NO_PROXY} and $ENV{no_proxy} in
+  Net::SSL::proxy_connect_helper. (Bug #29371 reported by Jan Dubois).
+- $@ construction used in Net::SSL::connect was messed up, which could
+  lead to sub-optimal error reporting. (Bug #29372 reported by Jan
+  Dubois).
+- Ensure no proxification is used in t/01-connect.t (which might be the
+  reason for all the spurious smoke failures). Bug #29373 reported by,
+  you guessed it, Jan Dubois).
+- Silence a dubious fopen() warning in SSLeay.xs.
+- s/Netware/NetWare/ in Net/SSL.pm platform check
+- Improvements to Makefile.PL for dealing with platforms where openssl
+  is installed with ./include and ./lib as sibling directories rather
+  than child directories. This should allow the code to configure and
+  build "out of the box" on Solaris (and probably other proprietary
+  platforms).
+- Don't carp in LICENSE key addition code in Makefile.PL
+
+0.56_01 2007-08-09 21:59:47 UTC
+
+- Various improvements to the Win32 configure code in Makefile.PL,
+  based on CPAN tickets #28431 and #28432, by Guenter Knauf,
+  notably to allow static linking and OpenSSL living in a relative
+  directory.
+- Net::SSL: alarm() is not implemented on Netware platform, so don't
+  try to set one there. (Guenter Knauf).
+- Should build on Solaris correctly (bug fix in include dir
+  specification). Based on fix suggested in CPAN bug #28680.
+
+0.56 2007-07-10 19:08:20 UTC
+
+- Purely a documentation issue raised by CPAN bug #27935. Users
+  of previous versions do not need to upgrade.
+
+0.55 2007-06-01 17:34:22 UTC
+
+- Added a blocking() method to Net::SSL (and bumped version to
+  2.81).
+
+0.54 2007-04-12 22:05:26 UTC
+
+- Rebadged 0.53_05, since no bugs appear to have surfaced.
+
+0.53_05
+
+- Fixed up incorrect LIBS key in WriteMakefile args. Thanks to
+  David Cantrell for giving me access to an OpenBSD box that
+  revealed this problem.
+- Added the list of modules that depend on Crypt::SSLeay to
+  the README, as per cpants.perl.org. (think: improvements
+  to the test suite).
+
+0.53_04 2007-03-06 09:39:01 UTC
+
+- add diag() info to determine possible reasons for failure as per
+  http://www.nntp.perl.org/group/perl.cpan.testers/2007/03/msg428964.html
+- Tweaks for Strawberry Perl detection.
+
+0.53_03 2007-03-04 18:30:06 UTC
+
+- Adjusted the typemap shims to silence the compiler warnings that
+  occur when sizeof(IV) is larger than sizeof(char *).
+- use XSLoader for faster loading if available, otherwise fall
+  back to DynaLoader.
+- Makefile.PL heavily reworked, lots of cruft removed.
+- Ask to see whether the live tests should be run.
+- renamed net_sst.t to 01-connect.t
+- added 02-live.t that performs live HTTPS requests.
+
+0.53_02 2007-01-29 10:02:34 UTC
+
+- don't proxy hosts in NO_PROXY environment variable (CPAN
+  bug #11078).
+- don't send user agent string to proxy unless
+  send_useragent_to_proxy is enabled. (CPAN bug #4759).
+- Net::SSL bumped to 2.80
+
+0.53_01 2007-01-24 22:21:09 UTC
+
+- patch for CPAN #12444 applied (Jeff Lavallee). Net::SSL bumped
+  tp 2.79.
+- example scripts moved into eg/ directory and the documentation
+  updated.
+- added a TODO to remind me of what needs to be done.
+
+0.53 2006-12-26 17:21:22 UTC
+
+- 0.52_02 deemed stable
+
+0.52_02 2006-12-20 19:29:01 UTC
+
+- improved VMS support (CPAN bug #19829).
+- add a test to see if cert file is readable in
+  Net::SSL::configure_certs (CPAN bug #8498) and Net::SSL version
+  to 2.78.
+- known working platforms list removed from documentation. Too old,
+  and CPAN Testers has the up-to-date information.
+- minor documentation improvements.
+
+0.52_01 2006-12-17
+
+- add call to SSL_library_init() in new()
+- maintenance taken over by brian d foy and David Landgren.
+
+$MODULE=Crypt::SSLeay; $VERSION = .51; $DATE="2003-06-10";
+
+- fixed build problem for OpenSSL 0.9.6 and some builds
+  of perl 5.8.x which resulted in make error:
+
+   /usr/include/openssl/des.h:193: parse error before '&' token"
+
+  Thanks to Rob Brown for submitting a similar patch to cover this problem
+
+- bug fix from Dongqiang Bai when server using proxy cannot
+  resolve host name being connected to
+
++ Added documentation for updating system OpenSSL libraries 
+  for systems such has RedHat that have shared libraries built
+  Work sponsored by Stuart Horner of Core Communications, Inc.
+
+$MODULE=Crypt::SSLeay; $VERSION = .49; $DATE="2003-01-30";
+
++ Documentation updates, including new support address
+  for LWP issues, and $ENV{HTTPS_DEBUG} flag.
+
++ Added c:/openssl in default search path on win32 machines
+  which is the recommended installation area in the openssl dist
+
++ Added patch from Pavel Hlavnicka for freeing memory leaks
+  from SSL_CTX_use_pkcs12_file() whose functionality is triggered
+  by the $ENV{HTTPS_PKCS12_*} settings
+
++ Set timeout to 15 seconds for ./net_ssl_test and lwp-ssl-test
+  sample scripts for better testing of timeout behavior
+
++ Added alarm() during Net::SSL->read() to honor socket timeout setting
+  for more robust applications.  read() will die_with_error() which
+  in consistent with previous semantics used during SSL read() failure 
+  Thanks to Pavel Hlavnicka for prompting this change.
+
++ Removed code that supported versions of SSLeay before version 0.8
+  I believe SSLeay v.8 was released back in 1998
+
++ Added patch from Devin Heitmueller so that initial random seed
+  would be taken from /dev/urandom if available via RAND_load_file API
+
+$MODULE=Crypt::SSLeay; $VERSION = .45; $DATE="2002-08-01";
+
++ PKCS12 certificate support, patch submitted by Beni Takahashi,
+  author of patch Daisuke Kuroda
+
++ Fixing compile warnings on Solaris 8/Sparc with Forte 7.0 about 
+  implicit conversions and implicit declarations.  Thanks to 
+  Marek Rouchal for bug report.
+
+$MODULE=Crypt::SSLeay; $VERSION = .43; $DATE="2002-07-29";
+
+- Removed unused dependency on URI::URL, thanks to Ric Steinberger
+  for pointing out this problem under perl 5.8.0 
+
+$MODULE=Crypt::SSLeay; $VERSION = .41; $DATE="2002-07-07";
+
+- fixed t/net_ssl.t to work on Windows NT
+
+$MODULE=Crypt::SSLeay; $VERSION = .40; $DATE="2002-07-03";
+
+ + = improvement; - = bug fix
+
+- fixed Makefile.PL use of dirname() which could error for perl 5.8.x
+  Thanks to Chip Turner of RedHat for patch.
+
+$MODULE=Crypt::SSLeay; $VERSION = .39; $DATE="2002-06-23";
+
+- Fixed a runtime error with Net::SSL->proxy for running under
+  perl warnings with no proxy defined, which t/net_ssl.t test case
+  revealed.
+
++ Added t/net_ssl.t test for initializing a Net::SSL object
+
++ Added build platform success note for ( thanks Christopher! )
+
+  Solaris 2.8    Sparc ?               5.00503  .37    2002-05-31      Christopher Biow
+
++ Added build auto-detect for 0.9.6+ and only then use OPENSSL_free 
+  instead of free() since older OpenSSL like 0.9.4 did not have it.
+
++ Added ./net_ssl_test -CAfile documentation, and root CA file from mod_ssl
+  distribution at certs/ca-bundle.crt that can be used for general root CA
+  peer certificate verification.
+
++ Added build notes for 
+
+   SunOS 4.1.4, Perl 5.004_04 - ld.so: Undefined symbol: _CRYPT_mem_ctrl
+
+  from Jeff Haferman.
+
++ When Net::SSL->connect() being called from LWP::UserAgent in proxy mode,
+  will connect to the proxy passing the $ua->agent string as
+    
+   CONNECT $peer_addr:$peer_port HTTP/1.0
+   User-Agent: $ua->agent
+
++ Integrated Richard Chen's patches for exposing the Net::SSL
+  certificate dates via an API:
+
+   Crypt::SSLeay::X509::not_before
+   Crypt::SSLeay::X509::not_after
+
+  which can be gotten to by a call like...
+
+   Net::SSL->new(...)->get_peer_certificate->not_after;
+
+  These methods return a normal timestamp like: 2002-05-22 11:15:17 GMT
+  There is an example of its use in the ./net_ssl_test script.
+
+  The Crypt::SSLeay::* modules will continue to remain undocumented
+  because such functionality lies outside the scope of what this
+  module is geared for.  Net::SSLeay provides a more general API for 
+  OpenSSL functionality.
+
+$MODULE=Crypt::SSLeay; $VERSION = .37; $DATE="2002-01-08";
+
+ + = improvement; - = bug fix
+
+- use OPENSSL_free() instead of free() to fix crashes with win32 perl 5.6.1
+  Thanks to Doug MacEachern for patch.
+
++ added Makefile.PL Candidate() path for win32 builds of OpenSSL
+  Thanks to David Morse for patch.
+
+$MODULE=Crypt::SSLeay; $VERSION = .36; $DATE="2001-12-05";
+
+- perl Makefile.PL C:/some_path should be picked up now ...
+  was doing case insensitive drive letter check before
+
+$MODULE=Crypt::SSLeay; $VERSION = .35; $DATE="2001-10-31";
+
++ Set local $SIG{PIPE} = \&die before $ssl->connect()
+  to capture the "broken pipe" error associated with connecting
+  to a computer that is not running a SSL web server,
+  when Crypt::SSLeay is built with OpenSSL 0.9.6a.  This error did 
+  not occur with OpenSSL 0.9.4 or OpenSSL 0.9.5a, but this fix should
+  be compatible with those versions too.
+
+$MODULE=Crypt::SSLeay; $VERSION = .33; $DATE="2001-10-31";
+
++ Documented differences / conflicts between LWP proxy support
+  and Crypt::SSLeay which seems to be a source of confusion for users.
+
++ Added Net::SSL::get_peer_verify call so the warning header
+  from LWP that says:
+
+    Client-SSL-Warning: Peer certificate not verified
+
+  can be suppressed when HTTPS_CA_FILE & HTTPS_CA_DIR environment
+  variables are set to invoke peer certificate verification.
+  I will submit patch for perl-libwww 5.6 for this support
+  of get_peer_verify shortly.
+
+  Modified return values of $ctx->set_verify() to return 1 when
+  peer verification is enabled to support get_peer_verify()
+
+$MODULE=Crypt::SSLeay; $VERSION = .31; $DATE="2001-09-21";
+
++ $ENV{HTTPS_DEBUG} activates Crypt::SSLeay specific debugging,
+  so one can debug from LWP:: calls without using ./net_ssl_test script
+
++ $ENV{CRYPT_SSLEAY_DEFAULT} may now be set to trigger --default
+  functionality for Makefile.PL
+
++ Added --default switch to Makefile.PL which will pick
+  up the first OpenSSL distribution detected and use that
+  for building Crypt::SSLeay. Inspired by Doug MacEachern
+
+- removed exit from Makefile.PL, bug found by Doug MacEachern
+
+$MODULE=Crypt::SSLeay; $VERSION = .29; $DATE="2001-06-29";
+
++ Streamlined *CA* patches so only in $CTX->set_verify()
+  which gets called every time now.
+
++ Throw error instead of return undef in Net::SSL->connect()
+  because we loose the errors otherwise.  Applications
+  working with Net::SSL will have to trap calls around
+  Net::SSL->connect with eval {}.  There are so many 
+  kinds of errors now, especially with certificate
+  support that we really need to throw specific error
+  messages, and not let them get lost in $!.
+
+- Turn SSL_MODE_AUTO_RETRY on so clients can survive
+  changes in SSLVerifyClient changes in the modssl connection
+
+  Comment from source:
+          /* The set mode is necessary so the SSL connection can
+           * survive a renegotiated cipher that results from 
+           * modssl VerifyClient config changing between 
+           * VirtualHost & some other config block.  At modssl
+           * this would be a [trace] ssl message:
+           *  "Changed client verification type will force renegotiation"
+  #ifdef SSL_MODE_AUTO_RETRY
+          SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+  #endif
+
+  Seems like openssl 0.9.4 didn't need this but 0.9.6 does,
+  not sure though.
+
++ Integrated patches from Gamid Isayev for CA peer
+  verification.  New settings include:
+
+  $ENV{HTTPS_CA_FILE} = "some_file";
+  $ENV{HTTPS_CA_DIR}  = "some_dir";
+
+  Also create config switches for these in ./net_ssl_test,
+  -CAfile and -CAdir
+
+$MODULE=Crypt::SSLeay; $VERSION = .27; $DATE="TBA";
+
+- Client certs weren't working correctly, setup certs
+  earlier in connection now, also create new CTX per
+  request, so cert settings don't remain sticky from
+  one request to the next.
+
+$MODULE=Crypt::SSLeay; $VERSION = .25; $DATE="2001-04-10";
+
++ update ./net_ssl_test to do smart parsing of host, where
+  host can now be of the form http://www.nodeworks.com:443/
+
++ integrated client cert patches provided by Tobias Manthey,
+  creating new config options:
+
+    $ENV{HTTPS_CERT_FILE}  -- file of client certificate
+    $ENV{HTTPS_KEY_FILE}   -- file of private key file
+
+  Also support for these options in ./net_ssl_test with these
+  options:
+ 
+  -cert  client certificate file
+  -key   private key file
+
+  like so:
+
+    ./net_ssl_test -cert=notacacert.pem -key=notacakeynopass.pem -d
+
+  To create simple test cert with openssl:
+
+     /usr/local/openssl/bin/openssl req -config /usr/local/openssl/openssl.cnf -new -days 365 -newkey rsa:1024 -x509 -keyout notacakey.pem -out notacacert.pem 
+     /usr/local/openssl/bin/openssl rsa -in notacakey.pem -out notacakeynopass.pem
+
+$MODULE=Crypt::SSLeay; $VERSION = .24; $DATE="2001-03-09";
+
+ + = improvement; - = bug fix
+
+- local $@ in Net::SSL::DESTROY so we don't kill real errors
+
+$MODULE=Crypt::SSLeay; $VERSION = .23; $DATE="2001-03-09";
+
++ added lwp-ssl-test file for showing LWP code use
+
++ added -h/-help options & docs to ./net_ssl_test script
+
++ updated alpha linux patch from Alex Rhomberg to what 
+  he originally provided, as it covered -lots case better.
+
+- return undef in Net::SSL::connect() instead of die()
+  for better LWP support & error handling.  Still set
+  $@ though, consistent with IO::Socket::INET
+
++ alarm() on Unix platforms around ssl ctx connect, which
+  can hang for process for way too long when trying to 
+  connect to dead https SSL servers.
+
+$MODULE=Crypt::SSLeay; $VERSION = .22; $DATE="2001-01-29";
+
+- remove // style comments
+
+$MODULE=Crypt::SSLeay; $VERSION = .21; $DATE="2001-01-10";
+
+- AIX build notes correction
+
++ No reverse lookup for host done for proxying, more 
+  efficient.  Reuse of cached PeerAddr name from Net::SSL->new
+
++ $ENV{HTTPS_VERSION} setting, so a SSL v3 connection can
+  be used first, instead of SSLv23.  Documented in README,pod.
+  Added support for this to the test program as:
+    
+     ./net_ssl_test -v[ersion] 3 
+
+$MODULE=Crypt::SSLeay; $VERSION = .19; $DATE="2001-01-07";
+
++ Added runtime SSL debugging support, was compile time before.
+  Trigger with Net::SSL->new(..., SSL_Debug => 1) as in 
+  the ./net_ssl_test script run with -d argument.  No
+  API for debugging from LWP requests, just for https
+  debugging with ./net_ssl_test really.
+
++ Added support for proxy via $ENV{HTTPS_PROXY} = 
+  proxy_host:proxy_port.  Thanks to Bryan Hart for the patch.
+  Also basic auth support added & documented.
+
++ alpha linux ccc support with -lots library added for compile.
+  Patch from Alex Rhomberg.
+
+$MODULE=Crypt::SSLeay; $VERSION = .18; $DATE="2000-11-25";
+
+- created perl/c destructors for the X509 cert for after its
+  fetched by Net::SSL.  Crypt::SSLeay seems to run without
+  memory leaks now under LWP and Net::SSL.
+
+- Updated Net::SSL::VERSION, bad version last release.
+
+$MODULE=Crypt::SSLeay; $VERSION = .17; $DATE="2000-09-04";
+
+- got rid of an implicit char* conversion compile warnings 
+  for SSL_get_cipher
+
++ random seeding now occurs with RAND_seed() on random data
+  from the C call stack, works more consistently than RAND_load_file
+  from Ben's patch.
+
++ integrated patches from Ben Laurie for better error messaging
+  and random seed initialization
+
++ set_cipher_list initialized from $ENV{CRYPT_SSLEAY_CIPHER}
+  where before it was initialized from $ENV{SSL_CIPHER}, patch
+  from Ben Laurie, so ENV setting not conflict with Apache-SSL
+
++ tested POST LWP requests and updated documentation indicating
+  that such use is supported  
+
++ net_ssl_test now checks https://www.nodeworks.com by default
+  which has high uptime so should be fine.
+
++ first argument to perl Makefile.pl must be an absolute path
+  for it to be used as default OpenSSL build path
+
++ define PL_sv_undef symbols for older perls that don't support
+  it, alias to sv_undef
+
+$MODULE=Crypt::SSLeay; $VERSION = .16; $DATE="2000-02-25";
+
+- changes sv_undef calls to PL_sv_undef, since sv_undef is no 
+  longer supported under the latest dev releases of perl 5.0056
+
+$MODULE=Crypt::SSLeay; $VERSION = .15; $DATE="1999-11-23";
+
++ reordered header includes for ActiveState people, likely
+  for easier compiling with perl object.
+
++ Added support for cranky SSLv3 sites.  These are sites
+  that don't acknowledge SSLv23 requests, such as:
+
+       https://www.evergreen-funds.com
+       https://ecomm.sella.it
+
+  So now, the module will try connects to SSL servers in 
+  this order: SSLv23, SSLv3, SSLv2
+
+  None of the sites that I tested required only SSLv2 connects, 
+  but it is there just in case.
+
++ using the call SSLeay_add_all_algorithms(); instead of
+  SSLeay_add_ssl_algorithms(), because the latter symbol
+  was not defined on one person's installation.
+
+$MODULE=Crypt::SSLeay; $VERSION = .14; $DATE="1999-10-03";
+
++ = improvement; - = bug fix
+
++ added support for RSAref tweaked OpenSSL
+
+$MODULE=Crypt::SSLeay; $VERSION = .12; $DATE="1999-09-13";
+
++ Converted // style comments to /* */ for build
+  support of Sun's native cc
+
+$MODULE=Crypt::SSLeay; $VERSION = .11; $DATE="1999-08-16";
+
++ New connection strategy suggested by OpenSSL list,
+  first try connecting with SSLv23.  This negotiates
+  the more secure SSL3 first, and then downgrades to
+  SSLv2 if first unsuccessful.  For buggy servers that
+  can't handle the SSLv23 negotiation, Net::SSL then 
+  tries a raw SSLv2 connection.
+
+  This method works for all servers tested, and has
+  the advantage of tranmitting data via the most secure
+  SSL3 method if available.
+
++ Connects to buggy SSLv2 sites as well as SSLv3
+  sites & normal SSLv2 sites.
+
+  Buggy SSLv2: https://banking.wellsfargo.com
+  SSLv3:       https://www.accountonline.com/CB/MainMenu.idcl
+  SSLv2:       https://www.nodeworks.com
+
+$MODULE=Crypt::SSLeay; $VERSION = .11; $DATE="1999-08-10";
+
++ Worked through __umoddi3 undef symbol error 
+  for building on Solaris x86.  See README build notes.
+
++ I try to provide backwards compatible building
+  with SSLeay (< v.0.9.2)
+
++ Will pick up ssl distributions installed at
+  /usr/local/openssl, and /usr/local/ssl ... openssl
+  headers should be at $SSL_DIR/include/openssl
+  for compilation to work, see README for installation hints.
+
+- Added SSL 3.0 support with SSLv3_client_method()
+  This method will autonegotiate SSL2 or SSL3,
+  and works for web sites that require SSL3
+
++ Added build support in Makefile.PL for WinNT, MS Visual C++
+
++ Added support for OpenSSL v.0.9.4 
+
+1998-10-13   Gisle Aas <aas@sn.no>
+
+   Release 0.07
+
+   Applied patch from Andreas Gustafsson <gson@araneus.fi> which
+   make this module compile on WinNT with ActivePerl and MS Visual C++.
+   For others that try to build on this platform, Andreas also said:
+
+      "In addition to making these source changes, I also had to
+      resort to editing the MakeMaker-generated makefile by hand to
+      fix various library paths.  Unfortunately, I am not familiar
+      enough with either MakeMaker or NT to provide a clean fix for
+      this problem."
+
+
+
+1998-01-13   Gisle Aas <aas@sn.no>
+
+   Release 0.06 and 0.05
+   
+   Fixed test script t/ssl_context.t
+   
+   SSL->connect can return 0.  Fixed bug in Net::SSL
+   
+
+
+1998-01-12   Gisle Aas <aas@sn.no>
+
+   Release 0.04
+
+   Mention depreciation in the README.  Eric's version of the SSLeay
+   glue will replace this module (as well as Sampo Kellomaki's Net::SSLeay).
+
+
+
+1998-01-11   Gisle Aas <aas@sn.no>
+
+   Release 0.03
+
+   Fixed this file
+
+
+
+1998-01-11   Gisle Aas <aas@sn.no>
+
+   Release 0.02
+
+   More text in the README
+
+   Renamed Crypt::SSLeay::Context to Crypt::SSLeay::MainContext
+
+
+
+1998-01-10   Gisle Aas <aas@sn.no>
+
+   Release 0.01
+
+   Initial release.

diff --git a/MANIFEST b/MANIFEST
new file mode 100644 (file)
index 0000000..3e3c4c0
--- /dev/null
+++ b/MANIFEST
@@ -0,0 +1,26 @@
+Changes
+MANIFEST
+MANIFEST.SKIP
+Makefile.PL
+README.md
+SSLeay.pm
+SSLeay.xs
+TODO
+typemap
+certs/ca-bundle.crt
+certs/notacacert.pem
+certs/notacakeynopass.pem
+lib/Crypt/SSLeay/CTX.pm
+lib/Crypt/SSLeay/Conn.pm
+lib/Crypt/SSLeay/Err.pm
+lib/Crypt/SSLeay/MainContext.pm
+lib/Crypt/SSLeay/X509.pm
+lib/Net/SSL.pm
+eg/lwp-ssl-test
+eg/net-ssl-test
+t/00-basic.t
+t/01-connect.t
+t/02-live.t
+META.yml                                 Module meta-data (added by MakeMaker)
+
+META.json                                Module JSON meta-data (added by MakeMaker)

diff --git a/MANIFEST.SKIP b/MANIFEST.SKIP
new file mode 100644 (file)
index 0000000..f6012bc
--- /dev/null
+++ b/MANIFEST.SKIP
@@ -0,0 +1,14 @@
+blib\/
+\B.svn\b
+\B.git\b
+pm_to_blib
+README.old
+crypt_ssleay_version.h
+Crypt-SSLeay-.*
+MANIFEST.bak
+Makefile$
+Makefile.old
+SSLeay\.(bs|c|o)$
+^\.gitignore
+^\.gitattributes
+

diff --git a/META.json b/META.json
new file mode 100644 (file)
index 0000000..963cc35
--- /dev/null
+++ b/META.json
@@ -0,0 +1,46 @@
+{
+   "abstract" : "OpenSSL support for LWP",
+   "author" : [
+      "A. Sinan Unur <nanis@cpan.org>",
+      "David Landgren",
+      "Joshua Chamas",
+      "Gisle Aas"
+   ],
+   "dynamic_config" : 1,
+   "generated_by" : "ExtUtils::MakeMaker version 6.62, CPAN::Meta::Converter version 2.120921",
+   "license" : [
+      "artistic_2"
+   ],
+   "meta-spec" : {
+      "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
+      "version" : "2"
+   },
+   "name" : "Crypt-SSLeay",
+   "no_index" : {
+      "directory" : [
+         "t",
+         "inc"
+      ]
+   },
+   "prereqs" : {
+      "build" : {
+         "requires" : {
+            "Test::More" : "0.88",
+            "Try::Tiny" : "0.09"
+         }
+      },
+      "configure" : {
+         "requires" : {
+            "ExtUtils::MakeMaker" : "0"
+         }
+      },
+      "runtime" : {
+         "requires" : {
+            "LWP::Protocol::https" : "6.02",
+            "MIME::Base64" : "0"
+         }
+      }
+   },
+   "release_status" : "stable",
+   "version" : "0.64"
+}

diff --git a/META.yml b/META.yml
new file mode 100644 (file)
index 0000000..6490e26
--- /dev/null
+++ b/META.yml
@@ -0,0 +1,27 @@
+---
+abstract: 'OpenSSL support for LWP'
+author:
+  - 'A. Sinan Unur <nanis@cpan.org>'
+  - 'David Landgren'
+  - 'Joshua Chamas'
+  - 'Gisle Aas'
+build_requires:
+  Test::More: 0.88
+  Try::Tiny: 0.09
+configure_requires:
+  ExtUtils::MakeMaker: 0
+dynamic_config: 1
+generated_by: 'ExtUtils::MakeMaker version 6.62, CPAN::Meta::Converter version 2.120921'
+license: artistic_2
+meta-spec:
+  url: http://module-build.sourceforge.net/META-spec-v1.4.html
+  version: 1.4
+name: Crypt-SSLeay
+no_index:
+  directory:
+    - t
+    - inc
+requires:
+  LWP::Protocol::https: 6.02
+  MIME::Base64: 0
+version: 0.64

diff --git a/Makefile.PL b/Makefile.PL
new file mode 100644 (file)
index 0000000..bdd4787
--- /dev/null
+++ b/Makefile.PL
@@ -0,0 +1,92 @@
+use strict;
+use warnings;
+
+use ExtUtils::MakeMaker;
+use Getopt::Long;
+
+eval "use ExtUtils::MakeMaker::Coverage";
+$@ or print "Adding testcover target\n";
+
+my @authors = reverse ( # reverse chronological order
+    'Gisle Aas',
+    'Joshua Chamas',
+    'David Landgren',
+    'A. Sinan Unur <nanis@cpan.org>',
+);
+
+my $mm_version = $ExtUtils::MakeMaker::VERSION;
+$mm_version =~ tr/_//d;
+
+my ($opt_static, $opt_live_tests);
+
+GetOptions(
+    'static',      \$opt_static,
+    'live-tests!', \$opt_live_tests,
+);
+
+$opt_live_tests ||= $ENV{CRYPT_SSLEAY_LIVE_TEST_WANTED};
+$opt_live_tests ||= is_live_test_wanted();
+
+my $test_config = 'test.config';
+
+WriteMakefile(
+    NAME => 'Crypt::SSLeay',
+
+    AUTHOR => $mm_version > 6.5701 ? \@authors : $authors[0],
+
+    ABSTRACT_FROM => 'SSLeay.pm',
+
+    VERSION_FROM => 'SSLeay.pm',
+
+    LIBS => [q{-lz -lssl -lcrypto -lssl32 -lssleay32 -leay32}],
+
+    ($opt_static ? (LINK_TYPE => 'static') : ()),
+
+    BUILD_REQUIRES => {
+        'Try::Tiny' => '0.09',
+        'Test::More' => '0.88',
+    },
+
+    PREREQ_PM => {
+        'LWP::Protocol::https' => '6.02',
+        'MIME::Base64' => 0, # for Net::SSL
+    },
+
+    clean => {
+        FILES => $test_config,
+    },
+
+    ($mm_version > 6.3 ? (LICENSE => 'artistic_2') : ()),
+);
+
+write_test_config($test_config, {network_tests => $opt_live_tests});
+
+sub is_live_test_wanted {
+    print <<EO_CHUNK;
+The test suite can attempt to connect to public servers to ensure that the
+code is working properly. If you are behind a strict firewall or have no
+network connectivity, these tests may fail (through no fault of the code).
+EO_CHUNK
+    my $wanted = prompt "Do you want to run the live tests (y/N)?", 'N';
+    $wanted =~ s/\A\s+//;
+    $wanted =~ s/\s+\z//;
+
+    return $wanted =~ /\Ay(?:es)?\z/i ? 1 : 0;
+}
+
+sub write_test_config {
+    my ($file, $config) = @_;
+
+    open my $out, '>', $file
+        or die "Cannot open '$file' for writing: $!";
+
+    for my $key (sort keys %$config) {
+        printf $out "%s\t%s\n", $key, $config->{$key};
+    }
+
+    close $out
+        or die "Cannot close '$file': $!";
+
+    return;
+}
+

diff --git a/README.md b/README.md
new file mode 100644 (file)
index 0000000..e8bf3ac
--- /dev/null
+++ b/README.md
@@ -0,0 +1,397 @@
+# Crypt::SSLeay - OpenSSL support for LWP
+
+## Synopsis
+
+    lwp-request https://www.example.com
+
+    use LWP::UserAgent;
+    my $ua  = LWP::UserAgent->new;
+    my $response = $ua->get('https://www.example.com/');
+    print $response->content, "\n";
+
+## Description
+
+this Perl module provides support for the HTTPS protocol under LWP, to allow
+an "LWP::UserAgent" object to perform GET, HEAD and POST requests.  Please
+see LWP for more information on POST requests.
+
+The "Crypt::SSLeay" package provides "Net::SSL", which is loaded by
+"LWP::Protocol::https" for https requests and provides the necessary SSL
+glue.
+
+This distribution also makes following deprecated modules available:
+
+    Crypt::SSLeay::CTX
+    Crypt::SSLeay::Conn
+    Crypt::SSLeay::X509
+
+Work on Crypt::SSLeay has been continued only to provide https support
+for the LWP (libwww-perl) libraries.
+
+## Environment Variables
+
+the following environment variables change the way "Crypt::SSLeay" and
+"Net::SSL" behave.
+
+### Proxy Support
+
+    $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';
+
+### Proxy Basic Authentication
+
+    $ENV{HTTPS_PROXY_USERNAME} = 'username';
+    $ENV{HTTPS_PROXY_PASSWORD} = 'password';
+
+### SSL Diagnostics and Debugging
+
+    $ENV{HTTPS_DEBUG} = 1;
+
+### Default SSL Version
+
+    $ENV{HTTPS_VERSION} = '3';
+
+### Client Certificate Support
+
+    $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
+    $ENV{HTTPS_KEY_FILE}  = 'certs/notacakeynopass.pem';
+
+### CA cert peer verification
+
+    $ENV{HTTPS_CA_FILE}   = 'certs/ca-bundle.crt';
+    $ENV{HTTPS_CA_DIR}    = 'certs/';
+
+### Client PKCS12 cert support
+    $ENV{HTTPS_PKCS12_FILE}     = 'certs/pkcs12.pkcs12';
+    $ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
+
+## Installation
+
+### OpenSSL
+
+You must have OpenSSL installed before compiling this module.  You can
+get the latest OpenSSL package from <http://www.openssl.org/>. We no longer
+support pre-2000 versions of OpenSSL.
+
+If you are building OpenSSL from source, please follow the directions
+included in the package.
+
+If you are going to use an OpenSSL library which you built from source or
+whose header and library files are not in a place searched by your compiler
+by default, make sure you set appropriate environment variables before
+trying to build `Crypt::SSLeay`.
+
+For example, if you are using ActiveState Perl and MinGW installed using
+ppm, and you installed OpenSSL in `C:\opt\openssl-1.0.1c`, then you would
+issue the following commands to build `Crypt::SSLeay`:
+
+    C:\temp\Crypt-SSLeay> set LIBRARY_PATH=C:\opt\openssl-1.0.1c\lib;%LIBRARY_PATH%
+    C:\temp\Crypt-SSLeay> set CPATH=C:\opt\openssl-1.0.1c\include;%CPATH%
+    C:\temp\Crypt-SSLeay> perl Makefile.PL --live-tests
+    C:\temp\Crypt-SSLeay> dmake test
+
+On Linux/BSD/Solaris/GNU etc systems, you would use `make` rather than
+`dmake`, but you would need to set the same variables if your OpenSSL
+library is in a custom location. If everything builds OK, but you get
+failures when during tests, ensure that `LD_LIBRARY_PATH` points to the
+location where the correct shared libraries are located.
+
+If you are using a Microsoft compiler (keep in mind that `perl` and OpenSSL
+need to have been built using the same compiler as well), you would use:
+
+    C:\temp\Crypt-SSLeay> set LIB=C:\opt\openssl-1.0.1c\lib;%LIB%
+    C:\temp\Crypt-SSLeay> set INCLUDE=C:\opt\openssl-1.0.1c\include;%INCLUDE%
+    C:\temp\Crypt-SSLeay> perl Makefile.PL --live-tests
+    C:\temp\Crypt-SSLeay> nmake test
+
+Depending on your OS, pre-built OpenSSL packages may be available. You may
+need to install a development version of your operating system's OpenSSL
+library package. The key is that Crypt::SSLeay makes calls to the OpenSSL
+library, and how to do so is specified in the C header files that come
+with the library. Some systems break out the header files into a separate
+package from that of the libraries. Once the program has been built, you
+don't need the headers any more.
+
+### `Crypt::SSLeay`
+
+The latest `Crypt::SSLeay` can be found at your nearest CPAN, as well as
+<http://search.cpan.org/dist/Crypt-SSLeay/>.
+
+Once you have downloaded it, `Crypt::SSLeay` installs easily using the
+standard build process:
+
+    perl Makefile.PL
+    make
+    make test
+    make install
+
+On Windows systems, both Strawberry Perl and ActiveState (as a separate
+download via ppm) projects include a MingW based compiler distribution and
+dmake which can be used to build both OpenSSL and `Crypt::SSLeay`. If you have
+such a set up, use dmake above.
+
+Makefile.PL takes two optional arguments:
+
+*   `--live-tests` : Boolean. Specifies whether we should try to connect to
+    an HTTPS URL during testing. Default is false.
+
+    To skip live tests, you can use
+
+        perl Makefile.PL --no-live-tests
+
+    and to force live tests, you can use
+
+        perl Makefile.PL --live-tests
+
+*   `--static` : Boolean. Default is false. (TODO: Does it work?)
+
+For unattended (batch) installations, to be absolutely certain that
+`Makefile.PL` does not prompt for questions on `STDIN`, set the environment
+variable `PERL_MM_USE_DEFAULT=1` as with any CPAN module built using
+`ExtUtils::MakeMaker`.
+
+### Windows
+
+`Crypt::SSLeay` builds correctly with Strawberry Perl and ActiveState Perl
+using the bundled MinGW.
+
+For ActiveState Perl users, the ActiveState company does not have a
+permit from the Canadian Federal Government to distribute cryptographic
+software. This prevents `Crypt::SSLeay` from being distributed as a PPM
+package from their repository. See <http://docs.activestate.com/activeperl/5.16/faq/ActivePerl-faq2.html#crypto_packages>
+for more information on this issue. You may be able to download a PPM for
+`Crypt::SSLeay` from an alternative repository (see `PPM::Repositories`).
+
+### VMS
+
+I do not have any experience with VMS. If OpenSSL headers and libraries are
+not in standard locations searched by your build system by default, please
+set things up so that they are. If you have generic instructions on how to
+do it, please open a ticket on RT with the information so I can add it to
+this document.
+
+## Proxy Support
+
+`LWP::UserAgent` and `Crypt::SSLeay` have their own versions of proxy
+support.  Please read these sections to see which one is appropriate.
+
+### `LWP::UserAgent` proxy support
+
+`LWP::UserAgent` has its own methods of proxying which may work for you and
+is likely to be incompatible with `Crypt::SSLeay` proxy support. To use
+`LWP::UserAgent` proxy support, try something like:
+
+    my $ua = LWP::UserAgent->new;
+    $ua->proxy([qw( https http )], "$proxy_ip:$proxy_port");
+
+At the time of this writing, libwww v5.6 seems to proxy https requests fine
+with an Apache mod_proxy server. It sends a line like:
+
+    GET https://www.example.com HTTP/1.1
+
+to the proxy server, which is not the `CONNECT` request that some proxies
+would expect, so this may not work with other proxy servers than mod_proxy.
+The `CONNECT` method is used by `Crypt::SSLeay`'s internal proxy support.
+
+### `Crypt::SSLeay` proxy support
+
+For native `Crypt::SSLeay` proxy support of https requests, you need to set
+the environment variable `HTTPS_PROXY` to your proxy server and port, as
+in:
+
+    # proxy support
+    $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';
+    $ENV{HTTPS_PROXY} = '127.0.0.1:8080';
+
+Use of the `HTTPS_PROXY` environment variable in this way is similar to
+`LWP::UserAgent->env_proxy()` usage, but calling that method will likely
+override or break the `Crypt::SSLeay` support, so do not mix the two.
+
+Basic authentication credentials to the proxy server can be provided this
+way:
+
+    # proxy_basic_auth
+    $ENV{HTTPS_PROXY_USERNAME} = 'username';
+    $ENV{HTTPS_PROXY_PASSWORD} = 'password';
+
+For an example of LWP scripting with `Crypt::SSLeay` native proxy support,
+please look at the `eg/lwp-ssl-test` script in the `Crypt::SSLeay`
+distribution.
+
+## Client Certificate Support
+
+Client certificates are supported. PEM encoded certificate and private key
+files may be used like this:
+
+    $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
+    $ENV{HTTPS_KEY_FILE}  = 'certs/notacakeynopass.pem';
+
+You may test your files with the `eg/net-ssl-test` program, bundled with the
+distribution, by issuing a command like:
+
+    perl eg/net-ssl-test -cert=certs/notacacert.pem \
+        -key=certs/notacakeynopass.pem -d GET $HOST_NAME
+
+Additionally, if you would like to tell the client where the CA file is, you
+may set these.
+
+        $ENV{HTTPS_CA_FILE} = "some_file";
+        $ENV{HTTPS_CA_DIR}  = "some_dir";
+
+Note that, if specified, `$ENV{HTTPS_CA_FILE}` must point to the actual
+certificate file. That is, `$ENV{HTTPS_CA_DIR}` is *not* the path where
+`$ENV{HTTPS_CA_FILE}` is located.
+
+For certificates in `$ENV{HTTPS_CA_DIR}` to be picked up, follow the
+instructions on <http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html>.
+
+There is no sample CA cert file at this time for testing, but you may
+configure `eg/net-ssl-test` to use your CA cert with the -CAfile option.
+(TODO: then what is the ./certs directory in the distribution?)
+
+### Creating a test certificate
+
+To create simple test certificates with OpenSSL, you may run the following
+command:
+
+    openssl req -config /usr/local/openssl/openssl.cnf \
+        -new -days 365 -newkey rsa:1024 -x509 \
+        -keyout notacakey.pem -out notacacert.pem
+
+To remove the pass phrase from the key file, run:
+
+    openssl rsa -in notacakey.pem -out notacakeynopass.pem
+
+### PKCS12 support
+
+The directives for enabling use of PKCS12 certificates is:
+
+    $ENV{HTTPS_PKCS12_FILE}     = 'certs/pkcs12.pkcs12';
+    $ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
+
+Use of this type of certificate takes precedence over previous certificate
+settings described. (TODO: unclear? Meaning "the presence of this type of
+certificate"?)
+
+## SSL versions
+
+`Crypt::SSLeay` tries very hard to connect to *any* SSL web server
+accomodating servers that are buggy, old or simply not standards-compliant.
+To this effect, this module will try SSL connections in this order:
+
+*   SSL v23 : should allow v2 and v3 servers to pick their best type
+
+*   SSL v3 :  best connection type
+
+*   SSL v2 :  old connection type
+
+Unfortunately, some servers seem not to handle a reconnect to SSL v3 after a
+failed connect of SSL v23 is tried, so you may set before using LWP or
+`Net::SSL`:
+
+    $ENV{HTTPS_VERSION} = 3;
+
+to force a version 3 SSL connection first. At this time, only a version 2 SSL
+connection will be tried after this, as the connection attempt order remains
+unchanged by this setting.
+
+## Acknowledgements
+
+many thanks to the following individuals who helped improve Crypt-SSLeay:
+
+* _Gisle Aas_ for writing this module and many others including libwww,
+for perl. The web will never be the same :)
+
+* _Ben Laurie_ deserves kudos for his excellent patches for better error
+handling, SSL information inspection, and random seeding.
+
+* _Dongqiang Bai_ for host name resolution fix when using a proxy.
+
+* _Stuart Horner_ of Core Communications, Inc. who found the need for
+building `--shared` OpenSSL libraries.
+
+* _Pavel Hlavnicka_ for a patch for freeing memory when using a pkcs12
+file, and for inspiring more robust `read()` behavior.
+
+* _James Woodyatt_ is a champ for finding a ridiculous memory leak that
+has been the bane of many a `Crypt::SSLeay` user.
+
+* _Bryan Hart_ for his patch adding proxy support, and thanks to _Tobias
+Manthey_ for submitting another approach.
+
+* _Alex Rhomberg_ for Alpha linux ccc patch.
+
+* _Tobias Manthey_ for his patches for client certificate support.
+
+* _Daisuke Kuroda_ for adding PKCS12 certificate support.
+
+* _Gamid Isayev_ for CA cert support and insights into error messaging.
+
+* _Jeff Long_ for working through a tricky CA cert SSLClientVerify issue.
+
+* _Chip Turner_ for a patch to build under perl 5.8.0.
+
+* _Joshua Chamas_ for the time he spent maintaining the module.
+
+* _Jeff Lavallee_ for help with alarms on read failures (CPAN bug #12444).
+
+* _Guenter Knauf_ for significant improvements in configuring things in
+Win32 and Netware lands and Jan Dubois for various suggestions for
+improvements.
+
+and _many others_ who provided bug reports, suggestions, fixes and
+patches.
+
+###    TODO: Update acknowledgements list.
+
+## See Also
+
+*   `Net::SSL`
+
+    If you have downloaded this distribution as of a dependency of
+    another distribution, it's probably due to this module (which is
+    included in this distribution).
+
+*   `Net::SSLeay`
+
+    Net::SSLeay provides access to the OpenSSL API directly from Perl.
+    See <http://search.cpan.org/dist/Net-SSLeay/>.
+
+*   OpenSSL binary packages for Windows, see
+    <http://www.openssl.org/related/binaries.html>.
+
+## Support
+
+*   For use of `Crypt::SSLeay` & `Net::SSL` with Perl's LWP, please send email
+    to libwww@perl.org <mailto:libwww@perl.org>.
+
+*   For OpenSSL or general SSL support, including issues associated with
+    building and installing OpenSSL on your system, please email the OpenSSL
+    users mailing list at openssl-users@openssl.org
+    <mailto:openssl-users@openssl.org>. See
+    <http://www.openssl.org/support/community.html> for other mailing lists
+    and archives.
+
+*   Please report all bugs at
+    <http://rt.cpan.org/NoAuth/Bugs.html?Dist=Crypt-SSLeay>.
+
+## Authors
+
+This module was originally written by Gisle Aas, and was subsequently
+maintained by Joshua Chamas, David Landgren, brian d foy, and A. Sinan
+Unur.
+
+## Copyright
+
+Copyright &copy; 2010-2012 A. Sinan Unur
+
+Copyright &copy; 2006-2007 David Landgren
+
+Copyright &copy; 1999-2003 Joshua Chamas
+
+Copyright &copy; 1998 Gisle Aas
+
+## License
+
+this program is free software; you can redistribute it and/or modify it
+under the terms of Artistic License 2.0. See <http://www.perlfoundation.org/artistic_license_2_0>.
+

diff --git a/SSLeay.pm b/SSLeay.pm
new file mode 100644 (file)
index 0000000..9544041
--- /dev/null
+++ b/SSLeay.pm
@@ -0,0 +1,476 @@
+package Crypt::SSLeay;
+
+use strict;
+use vars '$VERSION';
+$VERSION = '0.64';
+
+eval {
+    require XSLoader;
+    XSLoader::load('Crypt::SSLeay', $VERSION);
+    1;
+}
+or do {
+    require DynaLoader;
+    use vars '@ISA'; # not really locally scoped, it just looks that way
+    @ISA = qw(DynaLoader);
+    bootstrap Crypt::SSLeay $VERSION;
+};
+
+use vars qw(%CIPHERS);
+%CIPHERS = (
+   'NULL-MD5'     => "No encryption with a MD5 MAC",
+   'RC4-MD5'      => "128 bit RC4 encryption with a MD5 MAC",
+   'EXP-RC4-MD5'  => "40 bit RC4 encryption with a MD5 MAC",
+   'RC2-CBC-MD5'  => "128 bit RC2 encryption with a MD5 MAC",
+   'EXP-RC2-CBC-MD5' => "40 bit RC2 encryption with a MD5 MAC",
+   'IDEA-CBC-MD5' => "128 bit IDEA encryption with a MD5 MAC",
+   'DES-CBC-MD5'  => "56 bit DES encryption with a MD5 MAC",
+   'DES-CBC-SHA'  => "56 bit DES encryption with a SHA MAC",
+   'DES-CBC3-MD5' => "192 bit EDE3 DES encryption with a MD5 MAC",
+   'DES-CBC3-SHA' => "192 bit EDE3 DES encryption with a SHA MAC",
+   'DES-CFB-M1'   => "56 bit CFB64 DES encryption with a one byte MD5 MAC",
+);
+
+use Crypt::SSLeay::X509;
+
+# A xsupp bug made this nessesary
+sub Crypt::SSLeay::CTX::DESTROY  { shift->free; }
+sub Crypt::SSLeay::Conn::DESTROY { shift->free; }
+sub Crypt::SSLeay::X509::DESTROY { shift->free; }
+
+1;
+
+__END__
+
+=head1 NAME
+
+Crypt::SSLeay - OpenSSL support for LWP
+
+=head1 SYNOPSIS
+
+    lwp-request https://www.example.com
+
+    use LWP::UserAgent;
+    my $ua  = LWP::UserAgent->new;
+    my $response = $ua->get('https://www.example.com/');
+    print $response->content, "\n";
+
+=head1 DESCRIPTION
+
+This Perl module provides support for the HTTPS protocol under LWP,
+to allow an C<LWP::UserAgent> object to perform GET, HEAD and POST
+requests. Please see LWP for more information on POST requests.
+
+The C<Crypt::SSLeay> package provides C<Net::SSL>, which is loaded
+by C<LWP::Protocol::https> for https requests and provides the
+necessary SSL glue.
+
+This distribution also makes following deprecated modules available:
+
+    Crypt::SSLeay::CTX
+    Crypt::SSLeay::Conn
+    Crypt::SSLeay::X509
+
+Work on Crypt::SSLeay has been continued only to provide https
+support for the LWP (libwww-perl) libraries.
+
+=head1 ENVIRONMENT VARIABLES
+
+The following environment variables change the way
+C<Crypt::SSLeay> and C<Net::SSL> behave.
+
+=head2 Proxy Support
+
+    $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';
+
+=head2 Proxy Basic Authentication
+
+    $ENV{HTTPS_PROXY_USERNAME} = 'username';
+    $ENV{HTTPS_PROXY_PASSWORD} = 'password';
+
+=head2 SSL diagnostics and Debugging
+
+    $ENV{HTTPS_DEBUG} = 1;
+
+=head2 Default SSL Version
+
+    $ENV{HTTPS_VERSION} = '3';
+
+=head2 Client Certificate Support
+
+    $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
+    $ENV{HTTPS_KEY_FILE}  = 'certs/notacakeynopass.pem';
+
+=head2 CA cert Peer Verification
+
+    $ENV{HTTPS_CA_FILE}   = 'certs/ca-bundle.crt';
+    $ENV{HTTPS_CA_DIR}    = 'certs/';
+
+=head2 Client PKCS12 cert support
+
+    $ENV{HTTPS_PKCS12_FILE}     = 'certs/pkcs12.pkcs12';
+    $ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
+
+=head1 INSTALL
+
+=head2 OpenSSL
+
+You must have OpenSSL installed before compiling this module. You can get
+the latest OpenSSL package from L<http://www.openssl.org/>. We no longer
+support pre-2000 versions of OpenSSL.
+
+If you are building OpenSSL from source, please follow the directions
+included in the package.
+
+If you are going to use an OpenSSL library which you built from source or
+whose header and library files are not in a place searched by your compiler
+by default, make sure you set appropriate environment variables before
+trying to build C<Crypt::SSLeay>.
+
+For example, if you are using ActiveState Perl and MinGW installed using
+ppm, and you installed OpenSSL in C<C:\opt\openssl-1.0.1c>, then you would
+issue the following commands to build C<Crypt::SSLeay>:
+
+    C:\...\> set LIBRARY_PATH=C:\opt\openssl-1.0.1c\lib;%LIBRARY_PATH%
+    C:\...\> set CPATH=C:\opt\openssl-1.0.1c\include;%CPATH%
+    C:\...\> perl Makefile.PL --live-tests
+    C:\...\> dmake test
+
+On Linux/BSD/Solaris/GNU etc systems, you would use make rather than dmake,
+but you would need to set the same variables if your OpenSSL library is in a
+custom location. If everything builds OK, but you get failures when during
+tests, ensure that C<LD_LIBRARY_PATH> points to the location where the
+correct shared libraries are located.
+
+If you are using a Microsoft compiler (keep in mind that perl and OpenSSL
+need to have been built using the same compiler as well), you would use:
+
+    C:\...\> set LIB=C:\opt\openssl-1.0.1c\lib;%LIB%
+    C:\...\> set INCLUDE=C:\opt\openssl-1.0.1c\include;%INCLUDE%
+    C:\...\> perl Makefile.PL --live-tests
+    C:\...\> nmake test
+
+Depending on your OS, pre-built OpenSSL packages may be available. You may
+need to install a development version of your operating system's OpenSSL
+library package. The key is that C<Crypt::SSLeay> makes calls to the OpenSSL
+library, and how to do so is specified in the C header files that come
+with the library. Some systems break out the header files into a separate
+package from that of the libraries. Once the program has been built, you
+don't need the headers any more.
+
+=head2 Crypt::SSLeay
+
+The latest Crypt::SSLeay can be found at your nearest CPAN, as well as
+L<http://search.cpan.org/dist/Crypt-SSLeay/>.
+
+Once you have downloaded it, C<Crypt::SSLeay> installs easily using the
+standard build process:
+
+    perl Makefile.PL
+    make
+    make test
+    make install
+
+On Windows systems, both Strawberry Perl and ActiveState (as a separate
+download via ppm) projects include a MingW based compiler distribution and
+dmake which can be used to build both OpenSSL and C<Crypt::SSLeay>. If you
+have such a set up, use dmake above.
+
+F<Makefile.PL> takes two optional arguments:
+
+=over 4
+
+=item C<--live-tests>
+
+Boolean. Specifies whether we should try to connect to an HTTPS URL during
+testing. Default is false.
+
+To skip live tests, you can use
+
+    perl Makefile.PL --no-live-tests
+
+and to force live tests, you can use
+
+    perl Makefile.PL --live-tests
+
+=item C<--static>
+
+Boolean. Default is false. (B<TODO>: Does it work?)
+
+=back
+
+For unattended (batch) installations, to be absolutely certain that
+F<Makefile.PL> does not prompt for questions on STDIN, set the environment
+variable C<PERL_MM_USE_DEFAULT=1> as with any CPAN module built using
+L<ExtUtils::MakeMaker>.
+
+=head3 Windows
+
+C<Crypt::SSLeay> builds correctly with Strawberry Perl and ActiveState Perl
+using the bundled MinGW.
+
+For ActiveState Perl users, the ActiveState company does not have a permit
+from the Canadian Federal Government to distribute cryptographic software.
+This prevents C<Crypt::SSLeay> from being distributed as a PPM package from
+their repository.
+
+See L<http://docs.activestate.com/activeperl/5.16/faq/ActivePerl-faq2.html#crypto_packages>
+for more information on this issue. You may be able to download a PPM for
+C<Crypt::SSLeay> from an alternative repository (see L<PPM::Repositories>).
+
+=head3 VMS
+
+I do not have any experience with VMS. If OpenSSL headers and libraries are
+not in standard locations searched by your build system by default, please
+set things up so that they are. If you have generic instructions on how to
+do it, please open a ticket on RT with the information so I can add it to
+this document.
+
+=head1 PROXY SUPPORT
+
+L<LWP::UserAgent> and L<Crypt::SSLeay> have their own versions of
+proxy support. Please read these sections to see which one
+is appropriate.
+
+=head2 LWP::UserAgent proxy support
+
+C<LWP::UserAgent> has its own methods of proxying which may work for you
+and is likely to be incompatible with C<Crypt::SSLeay> proxy support.
+To use C<LWP::UserAgent> proxy support, try something like:
+
+    my $ua = LWP::UserAgent->new;
+    $ua->proxy([qw( https http )], "$proxy_ip:$proxy_port");
+
+At the time of this writing, libwww v5.6 seems to proxy https requests
+fine with an Apache F<mod_proxy> server.  It sends a line like:
+
+    GET https://www.example.com HTTP/1.1
+
+to the proxy server, which is not the C<CONNECT> request that some
+proxies would expect, so this may not work with other proxy servers than
+F<mod_proxy>. The C<CONNECT> method is used by C<Crypt::SSLeay>'s
+internal proxy support.
+
+=head2 Crypt::SSLeay proxy support
+
+For native C<Crypt::SSLeay> proxy support of https requests,
+you need to set the environment variable C<HTTPS_PROXY> to your
+proxy server and port, as in:
+
+    # proxy support
+    $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';
+    $ENV{HTTPS_PROXY} = '127.0.0.1:8080';
+
+Use of the C<HTTPS_PROXY> environment variable in this way
+is similar to C<LWP::UserAgent->env_proxy()> usage, but calling
+that method will likely override or break the C<Crypt::SSLeay>
+support, so do not mix the two.
+
+Basic auth credentials to the proxy server can be provided
+this way:
+
+    # proxy_basic_auth
+    $ENV{HTTPS_PROXY_USERNAME} = 'username';
+    $ENV{HTTPS_PROXY_PASSWORD} = 'password';
+
+For an example of LWP scripting with C<Crypt::SSLeay> native proxy
+support, please look at the F<eg/lwp-ssl-test> script in the
+C<Crypt::SSLeay> distribution.
+
+=head1 CLIENT CERTIFICATE SUPPORT
+
+Client certificates are supported. PEM encoded certificate and
+private key files may be used like this:
+
+    $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
+    $ENV{HTTPS_KEY_FILE}  = 'certs/notacakeynopass.pem';
+
+You may test your files with the F<eg/net-ssl-test> program,
+bundled with the distribution, by issuing a command like:
+
+    perl eg/net-ssl-test -cert=certs/notacacert.pem \
+        -key=certs/notacakeynopass.pem -d GET $HOST_NAME
+
+Additionally, if you would like to tell the client where
+the CA file is, you may set these.
+
+    $ENV{HTTPS_CA_FILE} = "some_file";
+    $ENV{HTTPS_CA_DIR}  = "some_dir";
+
+Note that, if specified, C<$ENV{HTTPS_CA_FILE}> must point to the actual
+certificate file. That is, C<$ENV{HTTPS_CA_DIR}> is *not* the path were
+C<$ENV{HTTPS_CA_FILE}> is located.
+
+For certificates in C<$ENV{HTTPS_CA_DIR}> to be picked up, follow the
+instructions on
+L<http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html>
+
+There is no sample CA cert file at this time for testing,
+but you may configure F<eg/net-ssl-test> to use your CA cert
+with the -CAfile option.
+
+(TODO: then what is the F<./certs> directory in the distribution?)
+
+=head2 Creating a test certificate
+
+To create simple test certificates with OpenSSL, you may
+run the following command:
+
+    openssl req -config /usr/local/openssl/openssl.cnf \
+        -new -days 365 -newkey rsa:1024 -x509 \
+        -keyout notacakey.pem -out notacacert.pem
+
+To remove the pass phrase from the key file, run:
+
+    openssl rsa -in notacakey.pem -out notacakeynopass.pem
+
+=head2 PKCS12 support
+
+The directives for enabling use of PKCS12 certificates is:
+
+    $ENV{HTTPS_PKCS12_FILE}     = 'certs/pkcs12.pkcs12';
+    $ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
+
+Use of this type of certificate takes precedence over previous
+certificate settings described.
+
+(TODO: unclear? Meaning "the presence of this type of certificate"?)
+
+=head1 SSL versions
+
+C<Crypt::SSLeay> tries very hard to connect to I<any> SSL web server
+accomodating servers that are buggy, old or simply not
+standards-compliant. To this effect, this module will try SSL
+connections in this order:
+
+=over 4
+
+=item SSL v23
+
+should allow v2 and v3 servers to pick their best type
+
+=item SSL v3
+
+best connection type
+
+=item SSL v2
+
+old connection type
+
+=back
+
+Unfortunately, some servers seem not to handle a reconnect to SSL v3 after a
+failed connect of SSL v23 is tried, so you may set before using LWP or
+Net::SSL:
+
+    $ENV{HTTPS_VERSION} = 3;
+
+to force a version 3 SSL connection first. At this time only a
+version 2 SSL connection will be tried after this, as the connection
+attempt order remains unchanged by this setting.
+
+=head1 ACKNOWLEDGEMENTS
+
+Many thanks to the following individuals who helped improve
+C<Crypt-SSLeay>:
+
+I<Gisle Aas> for writing this module and many others including libwww, for
+perl. The web will never be the same :)
+
+I<Ben Laurie> deserves kudos for his excellent patches for better error
+handling, SSL information inspection, and random seeding.
+
+I<Dongqiang Bai> for host name resolution fix when using a proxy.
+
+I<Stuart Horner> of Core Communications, Inc. who found the need for
+building C<--shared> OpenSSL libraries.
+
+I<Pavel Hlavnicka> for a patch for freeing memory when using a pkcs12
+file, and for inspiring more robust C<read()> behavior.
+
+I<James Woodyatt> is a champ for finding a ridiculous memory leak that
+has been the bane of many a Crypt::SSLeay user.
+
+I<Bryan Hart> for his patch adding proxy support, and thanks to I<Tobias
+Manthey> for submitting another approach.
+
+I<Alex Rhomberg> for Alpha linux ccc patch.
+
+I<Tobias Manthey> for his patches for client certificate support.
+
+I<Daisuke Kuroda> for adding PKCS12 certificate support.
+
+I<Gamid Isayev> for CA cert support and insights into error messaging.
+
+I<Jeff Long> for working through a tricky CA cert SSLClientVerify issue.
+
+I<Chip Turner> for a patch to build under perl 5.8.0.
+
+I<Joshua Chamas> for the time he spent maintaining the module.
+
+I<Jeff Lavallee> for help with alarms on read failures (CPAN bug #12444).
+
+I<Guenter Knauf> for significant improvements in configuring things in
+Win32 and Netware lands and Jan Dubois for various suggestions for
+improvements.
+
+and I<many others> who provided bug reports, suggestions, fixes and
+patches.
+
+=head1 SEE ALSO
+
+=over 4
+
+=item Net::SSL
+
+If you have downloaded this distribution as of a dependency of another
+distribution, it's probably due to this module (which is included in
+this distribution).
+
+=item Net::SSLeay
+
+L<Net::SSLeay> provides access to the OpenSSL API directly
+from Perl. See L<http://search.cpan.org/dist/Net-SSLeay/>.
+
+=item OpenSSL binary packages for Windows
+
+See L<http://www.openssl.org/related/binaries.html>.
+
+=back
+
+=head1 SUPPORT
+
+For use of C<Crypt::SSLeay> & C<Net::SSL> with Perl's L<LWP>, please
+send email to C<libwww@perl.org>.
+
+For OpenSSL or general SSL support, including issues associated with
+building and installing OpenSSL on your system, please email the OpenSSL
+users mailing list at C<openssl-users@openssl.org>. See
+L<http://www.openssl.org/support/community.html> for other mailing lists
+and archives.
+
+Please report all bugs using
+L<rt.cpan.org|http://rt.cpan.org/NoAuth/Bugs.html?Dist=Crypt-SSLeay>.
+
+=head1 AUTHORS
+
+This module was originally written by Gisle Aas, and was subsequently
+maintained by Joshua Chamas, David Landgren, brian d foy and Sinan Unur.
+
+=head1 COPYRIGHT
+
+Copyright (c) 2010-2012 A. Sinan Unur
+
+Copyright (c) 2006-2007 David Landgren
+
+Copyright (c) 1999-2003 Joshua Chamas
+
+Copyright (c) 1998 Gisle Aas
+
+=head1 LICENSE
+
+This program is free software; you can redistribute it and/or modify it
+under the terms of Artistic License 2.0 (see
+L<http://www.perlfoundation.org/artistic_license_2_0>).
+
+=cut

diff --git a/SSLeay.xs b/SSLeay.xs
new file mode 100644 (file)
index 0000000..5228c36
--- /dev/null
+++ b/SSLeay.xs
@@ -0,0 +1,509 @@
+/*
+ * $Id: SSLeay.xs,v 1.2 2000/05/10 16:37:25 ben Exp $
+ * Copyright 1998 Gisle Aas.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the same terms as Perl itself.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+#include "EXTERN.h"
+#include "perl.h"
+
+/* CRYPT_SSLEAY_free() will not be #defined to be free() now that we're no
+ * longer supporting pre-2000 OpenSSL.
+#define NO_XSLOCKS
+*/
+
+#include "XSUB.h"
+
+/* build problem under openssl 0.9.6 and some builds of perl 5.8.x */
+#ifndef PERL5
+#define PERL5 1
+#endif
+
+/* Makefile.PL no longer generates the following header file
+ * #include "crypt_ssleay_version.h"
+ * Among other things, Makefile.PL used to determine whether
+ * to use #include<openssl/ssl.h> or #include<ssl.h> and
+ * whether to use OPENSSL_free or free etc, but such distinctions
+ * ceased to matter pre-2000. Crypt::SSLeay no longer supports
+ * pre-2000 OpenSSL */
+
+#include <openssl/ssl.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/pkcs12.h>
+
+#define CRYPT_SSLEAY_free OPENSSL_free
+
+#undef Free /* undo namespace pollution from crypto.h */
+#ifdef __cplusplus
+}
+#endif
+
+
+#if SSLEAY_VERSION_NUMBER >= 0x0900
+#define CRYPT_SSL_CLIENT_METHOD SSLv3_client_method()
+#else
+#define CRYPT_SSL_CLIENT_METHOD SSLv2_client_method()
+#endif
+
+static void InfoCallback(const SSL *s,int where,int ret)
+    {
+    const char *str;
+    int w;
+
+    w = where & ~SSL_ST_MASK;
+
+    if(w & SSL_ST_CONNECT)
+       str="SSL_connect";
+    else if(w & SSL_ST_ACCEPT)
+       str="SSL_accept";
+    else
+       str="undefined";
+
+    if(where & SSL_CB_LOOP) {
+       fprintf(stderr,"%s:%s\n",str,SSL_state_string_long(s));
+    }
+    else if(where & SSL_CB_ALERT) {
+       str=(where & SSL_CB_READ)?"read":"write";
+       fprintf(stderr,"SSL3 alert %s:%s:%s\n",str,
+           SSL_alert_type_string_long(ret),
+           SSL_alert_desc_string_long(ret));
+       }
+    else if(where & SSL_CB_EXIT) {
+       if(ret == 0)
+         fprintf(stderr,"%s:failed in %s\n",str,SSL_state_string_long(s));
+       else if (ret < 0)
+         fprintf(stderr,"%s:error in %s\n",str,SSL_state_string_long(s));
+       }
+    }
+
+MODULE = Crypt::SSLeay                PACKAGE = Crypt::SSLeay
+
+PROTOTYPES: DISABLE
+
+MODULE = Crypt::SSLeay         PACKAGE = Crypt::SSLeay::Err PREFIX = ERR_
+
+char*
+ERR_get_error_string()
+  CODE:
+    unsigned long l;
+    char buf[1024];
+
+    if(!(l=ERR_get_error()))
+       RETVAL=NULL;
+    else {
+       ERR_error_string(l,buf);
+       RETVAL=buf;
+    }
+  OUTPUT:
+    RETVAL
+
+MODULE = Crypt::SSLeay    PACKAGE = Crypt::SSLeay::CTX    PREFIX = SSL_CTX_
+
+SSL_CTX*
+SSL_CTX_new(packname, ssl_version)
+     SV* packname
+     int ssl_version
+     CODE:
+        SSL_CTX* ctx;
+        static int bNotFirstTime;
+        char buf[1024];
+        int rand_bytes_read;
+
+        if(!bNotFirstTime) {
+            SSLeay_add_all_algorithms();
+            SSL_load_error_strings();
+            ERR_load_crypto_strings();
+            SSL_library_init();
+            bNotFirstTime = 1;
+        }
+
+        /**** Code from Devin Heitmueller, 10/3/2002 ****/
+        /**** Use /dev/urandom to seed if available  ****/
+        rand_bytes_read = RAND_load_file("/dev/urandom", 1024);
+        if (rand_bytes_read <= 0) {
+            /* Couldn't read /dev/urandom, just seed off
+             * of the stack variable (the old way)
+             */
+            RAND_seed(buf,sizeof buf);
+        }
+
+        if(ssl_version == 23) {
+            ctx = SSL_CTX_new(SSLv23_client_method());
+        }
+        else if(ssl_version == 3) {
+            ctx = SSL_CTX_new(SSLv3_client_method());
+        }
+        else {
+#ifndef OPENSSL_NO_SSL2 
+            /* v2 is the default */ 
+            ctx = SSL_CTX_new(SSLv2_client_method());
+#else 
+            /* v3 is the default */
+            ctx = SSL_CTX_new(SSLv3_client_method());
+#endif
+        }                
+
+        SSL_CTX_set_options(ctx,SSL_OP_ALL|0);
+        SSL_CTX_set_default_verify_paths(ctx);
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
+        RETVAL = ctx;
+     OUTPUT:
+        RETVAL
+
+void
+SSL_CTX_free(ctx)
+     SSL_CTX* ctx
+
+int
+SSL_CTX_set_cipher_list(ctx, ciphers)
+     SSL_CTX* ctx
+     char* ciphers
+
+int
+SSL_CTX_use_certificate_file(ctx, filename, mode)
+     SSL_CTX* ctx
+     char* filename
+     int mode
+
+int
+SSL_CTX_use_PrivateKey_file(ctx, filename ,mode)
+     SSL_CTX* ctx
+     char* filename
+     int mode
+
+int
+SSL_CTX_use_pkcs12_file(ctx, filename, password)
+     SSL_CTX* ctx
+     char* filename
+     char* password
+     PREINIT:
+        FILE *fp;
+        EVP_PKEY *pkey;
+        X509 *cert;
+        STACK_OF(X509) *ca = NULL;
+        PKCS12 *p12;
+     CODE:
+        if ((fp = fopen(filename, "rb"))) {
+            p12 = d2i_PKCS12_fp(fp, NULL);
+            fclose (fp);
+
+            if (p12) { 
+                if(PKCS12_parse(p12, password, &pkey, &cert, &ca)) {
+                    if (pkey) {
+                        RETVAL = SSL_CTX_use_PrivateKey(ctx, pkey);
+                        EVP_PKEY_free(pkey);
+                    }
+                    if (cert) {
+                        RETVAL = SSL_CTX_use_certificate(ctx, cert);
+                        X509_free(cert);
+                    }
+                }
+                PKCS12_free(p12);
+            }
+        }
+     OUTPUT:
+        RETVAL
+
+
+int
+SSL_CTX_check_private_key(ctx)
+     SSL_CTX* ctx
+
+SV*
+SSL_CTX_set_verify(ctx)
+     SSL_CTX* ctx
+     PREINIT:
+        char* CAfile;
+        char* CAdir;
+     CODE:
+        CAfile=getenv("HTTPS_CA_FILE");
+        CAdir =getenv("HTTPS_CA_DIR");
+
+        if(!CAfile && !CAdir) {
+            SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
+            RETVAL = newSViv(0);
+        }
+        else {
+            SSL_CTX_load_verify_locations(ctx,CAfile,CAdir);
+            SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
+            RETVAL = newSViv(1);
+        }
+     OUTPUT:
+       RETVAL
+
+MODULE = Crypt::SSLeay        PACKAGE = Crypt::SSLeay::Conn        PREFIX = SSL_
+
+SSL*
+SSL_new(packname, ctx, debug, ...)
+        SV* packname
+        SSL_CTX* ctx
+        SV* debug
+        PREINIT:
+        SSL* ssl;
+        CODE:
+           ssl = SSL_new(ctx);
+           SSL_set_connect_state(ssl);
+           /* The set mode is necessary so the SSL connection can
+            * survive a renegotiated cipher that results from 
+            * modssl VerifyClient config changing between 
+            * VirtualHost & some other config block.  At modssl
+            * this would be a [trace] ssl message:
+            *  "Changed client verification type will force renegotiation"
+            * -- jc 6/28/2001
+            */                      
+#ifdef SSL_MODE_AUTO_RETRY
+           SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+#endif
+           RETVAL = ssl;
+           if(SvTRUE(debug)) {
+             SSL_set_info_callback(RETVAL,InfoCallback);
+           }
+           if (items > 2) {
+               PerlIO* io = IoIFP(sv_2io(ST(3)));
+#ifdef _WIN32
+               SSL_set_fd(RETVAL, _get_osfhandle(PerlIO_fileno(io)));
+#else
+               SSL_set_fd(RETVAL, PerlIO_fileno(io));
+#endif
+           }
+        OUTPUT:
+           RETVAL
+
+void
+SSL_free(ssl)
+        SSL* ssl
+
+int
+SSL_set_fd(ssl,fd)
+        SSL* ssl
+        int  fd
+
+int
+SSL_connect(ssl)
+        SSL* ssl
+
+int
+SSL_accept(ssl)
+        SSL* ssl
+
+SV*
+SSL_write(ssl, buf, ...)
+        SSL* ssl
+        PREINIT:
+           STRLEN blen;
+           int len;
+           int offset = 0;
+           int keep_trying_to_write = 1;
+        INPUT:
+           char* buf = SvPV(ST(1), blen);
+        CODE:
+           if (items > 2) {
+               len = SvOK(ST(2)) ? SvIV(ST(2)) : blen;
+               if (items > 3) {
+                   offset = SvIV(ST(3));
+                   if (offset < 0) {
+                       if (-offset > blen)
+                           croak("Offset outside string");
+                       offset += blen;
+                   }
+                   else if (offset >= blen && blen > 0)
+                       croak("Offset outside string");
+               }
+               if (len > blen - offset)
+                   len = blen - offset;
+           }
+           else {
+               len = blen;
+           }
+
+           /* try to handle incomplete writes properly
+            * see RT bug #64054 and RT bug #78695
+            * 2012/08/02: Stop trying to distinguish between good & bad
+            * zero returns from underlying SSL_read/SSL_write
+            */
+           while (keep_trying_to_write)
+           {
+                int n = SSL_write(ssl, buf+offset, len);
+                int x = SSL_get_error(ssl, n);
+                
+                if ( n >= 0 )
+                {
+                    keep_trying_to_write = 0;
+                    RETVAL = newSViv(n);
+                }
+                else
+                {
+                    if 
+                    (
+                        (x != SSL_ERROR_WANT_READ) &&
+                        (x != SSL_ERROR_WANT_WRITE)
+                    )
+                    {
+                        keep_trying_to_write = 0;
+                        RETVAL = &PL_sv_undef;
+                    }
+                }
+           }
+        OUTPUT:
+           RETVAL
+
+SV*
+SSL_read(ssl, buf, len,...)
+        SSL* ssl
+        int len
+        PREINIT:
+           char *buf;
+           STRLEN blen;
+           int offset = 0;
+           int keep_trying_to_read = 1;
+        INPUT:
+           SV* sv = ST(1);
+        CODE:
+           buf = SvPV_force(sv, blen);
+           if (items > 3) {
+               offset = SvIV(ST(3));
+               if (offset < 0) {
+                   if (-offset > blen)
+                       croak("Offset outside string");
+                   offset += blen;
+               }
+               /* this is not a very efficient method of appending
+                * (offset - blen) NUL bytes, but it will probably
+                * seldom happen.
+                */
+               while (offset > blen) {
+                   sv_catpvn(sv, "\0", 1);
+                   blen++;
+               }
+           }
+           if (len < 0)
+               croak("Negative length");
+        
+           SvGROW(sv, offset + len + 1);
+           buf = SvPVX(sv);  /* it might have been relocated */
+
+           /* try to handle incomplete writes properly
+            * see RT bug #64054 and RT bug #78695
+            * 2012/08/02: Stop trying to distinguish between good & bad
+            * zero returns from underlying SSL_read/SSL_write
+            */
+           while (keep_trying_to_read) {
+                int n = SSL_read(ssl, buf+offset, len);
+                int x = SSL_get_error(ssl, n);
+
+                if ( n >= 0 )
+                {
+                    SvCUR_set(sv, offset + n);
+                    buf[offset + n] = '\0';
+                    keep_trying_to_read = 0;
+                    RETVAL = newSViv(n);
+                }
+                else
+                {
+                    if
+                    ( 
+                        (x != SSL_ERROR_WANT_READ) && 
+                        (x != SSL_ERROR_WANT_WRITE) 
+                    ) 
+                    {
+                        keep_trying_to_read = 0;
+                        RETVAL = &PL_sv_undef;
+                    }
+                }
+           }
+        OUTPUT:
+           RETVAL
+
+X509*
+SSL_get_peer_certificate(ssl)
+        SSL* ssl
+
+SV*
+SSL_get_verify_result(ssl)
+        SSL* ssl
+        CODE:
+           RETVAL = newSViv((SSL_get_verify_result(ssl) == X509_V_OK) ? 1 : 0);
+        OUTPUT:
+           RETVAL
+
+char*
+SSL_get_shared_ciphers(ssl)
+        SSL* ssl
+        PREINIT:
+           char buf[512];
+        CODE:
+           RETVAL = SSL_get_shared_ciphers(ssl, buf, sizeof(buf));
+        OUTPUT:
+           RETVAL
+
+char*
+SSL_get_cipher(ssl)
+        SSL* ssl
+        CODE:
+           RETVAL = (char*) SSL_get_cipher(ssl);
+        OUTPUT:
+           RETVAL        
+
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+
+void
+SSL_set_tlsext_host_name(ssl, name)
+        SSL *ssl
+        const char *name
+
+#endif
+
+MODULE = Crypt::SSLeay        PACKAGE = Crypt::SSLeay::X509        PREFIX = X509_
+
+void
+X509_free(cert)
+       X509* cert
+
+SV*
+subject_name(cert)
+        X509* cert
+        PREINIT:
+           char* str;
+        CODE:
+           str = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
+           RETVAL = newSVpv(str, 0);
+           CRYPT_SSLEAY_free(str);
+        OUTPUT:
+           RETVAL
+
+SV*
+issuer_name(cert)
+        X509* cert
+        PREINIT:
+           char* str;
+        CODE:
+           str = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
+           RETVAL = newSVpv(str, 0);
+           CRYPT_SSLEAY_free(str);
+        OUTPUT:
+           RETVAL
+
+char *
+get_notBeforeString(cert)
+         X509* cert
+         CODE:
+            RETVAL = (char *)X509_get_notBefore(cert)->data;
+         OUTPUT:
+            RETVAL
+
+char *
+get_notAfterString(cert)
+         X509* cert
+         CODE:
+            RETVAL = (char *)X509_get_notAfter(cert)->data;
+         OUTPUT:
+            RETVAL
+
+

diff --git a/TODO b/TODO
new file mode 100644 (file)
index 0000000..e5ff2de
--- /dev/null
+++ b/TODO
@@ -0,0 +1,6 @@
+TODO for Crypt::SSLeay
+
+1. Look at the modules that use Crypt::SSLeay, and see if any useful tests can
+   be created to test functionality they depend on.
+
+2. Threading support (bug #41007 and more).

diff --git a/certs/ca-bundle.crt b/certs/ca-bundle.crt
new file mode 100644 (file)
index 0000000..839857a
--- /dev/null
+++ b/certs/ca-bundle.crt
@@ -0,0 +1,4445 @@
+##
+##  ca-bundle.crt -- Bundle of CA Root Certificates
+##  Last Modified: Thu Mar  2 09:32:46 CET 2000
+##
+##  This is a bundle of X.509 certificates of public
+##  Certificate Authorities (CA). These were automatically
+##  extracted from Netscape Communicator 4.72's certificate database
+##  (the file `cert7.db'). It contains the certificates in both
+##  plain text and PEM format and therefore can be directly used
+##  with an Apache+mod_ssl webserver for SSL client authentication.
+##  Just configure this file as the SSLCACertificateFile.
+##
+##  (SKIPME)
+##
+
+ABAecom (sub., Am. Bankers Assn.) Root CA
+=========================================
+MD5 Fingerprint: 82:12:F7:89:E1:0B:91:60:A4:B6:22:9F:94:68:11:92
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIID+DCCAuCgAwIBAgIRANAeQJAAACdLAAAAAQAAAAQwDQYJKoZIhvcNAQEFBQAw
+gYwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExh
+a2UgQ2l0eTEYMBYGA1UEChMPWGNlcnQgRVogYnkgRFNUMRgwFgYDVQQDEw9YY2Vy
+dCBFWiBieSBEU1QxITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAe
+Fw05OTA3MTQxNjE0MThaFw0wOTA3MTExNjE0MThaMIGMMQswCQYDVQQGEwJVUzEN
+MAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxGDAWBgNVBAoT
+D1hjZXJ0IEVaIGJ5IERTVDEYMBYGA1UEAxMPWGNlcnQgRVogYnkgRFNUMSEwHwYJ
+KoZIhvcNAQkBFhJjYUBkaWdzaWd0cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCtVBjetL/3reh0qu2LfI/C1HUa1YS5tmL8ie/kl2GS+x24
+4VpHNJ6eBiL70+o4y7iLB/caoBd3B1owHNQpOCDXJ0DYUJNDv9IYoil2BXKqa7Zp
+mKt5Hhxl9WqL/MUWqqJy2mDtTm4ZJXoKHTDjUJtCPETrobAgHtsCfv49H7/QAIrb
+QHamGKUVp1e2UsIBF5h3j4qBxhq0airmr6nWAKzP2BVJfNsbof6B+of505DBAsD5
+0ELpkWglX8a/hznplQBgKL+DLMDnXrbXNhbnYId26OcnsiUNi3rlqh3lWc3OCw5v
+xsic4xDZhTnTt5v6xrp8dNJddVardKSiUb9SfO5xAgMBAAGjUzBRMA8GA1UdEwEB
+/wQFMAMBAf8wHwYDVR0jBBgwFoAUCCBsZuuBCmxc1bWmPEHdHJaRJ3cwHQYDVR0O
+BBYEFAggbGbrgQpsXNW1pjxB3RyWkSd3MA0GCSqGSIb3DQEBBQUAA4IBAQBah1iP
+Lat2IWtUDNnxQfZOzSue4x+boy1/2St9WMhnpCn16ezVvZY/o3P4xFs2fNBjLDQ5
+m0i4PW/2FMWeY+anNG7T6DOzxzwYbiOuQ5KZP5jFaTDxNjutuTCC1rZZFpYCCykS
+YbQRifcML5SQhZgonFNsfmPdc/QZ/0qB0bJSI/08SjTOWhvgUIrtT4GV2GDn5MQN
+u1g+WPdOaG8+Z8nLepcWJ+xCYRR2uwDF6wg9FX9LtiJdhzuQ9PPA/jez6dliDMDD
+Wa9gvR8N26E0HzDEPYutsB0Ek+1f1eS/IDAE9EjpMwHRLpAnUrOb3jocq6mXf5vr
+wo3CbezcE9NGxXl8
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            d0:1e:40:90:00:00:27:4b:00:00:00:01:00:00:00:04
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com
+        Validity
+            Not Before: Jul 14 16:14:18 1999 GMT
+            Not After : Jul 11 16:14:18 2009 GMT
+        Subject: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ad:54:18:de:b4:bf:f7:ad:e8:74:aa:ed:8b:7c:
+                    8f:c2:d4:75:1a:d5:84:b9:b6:62:fc:89:ef:e4:97:
+                    61:92:fb:1d:b8:e1:5a:47:34:9e:9e:06:22:fb:d3:
+                    ea:38:cb:b8:8b:07:f7:1a:a0:17:77:07:5a:30:1c:
+                    d4:29:38:20:d7:27:40:d8:50:93:43:bf:d2:18:a2:
+                    29:76:05:72:aa:6b:b6:69:98:ab:79:1e:1c:65:f5:
+                    6a:8b:fc:c5:16:aa:a2:72:da:60:ed:4e:6e:19:25:
+                    7a:0a:1d:30:e3:50:9b:42:3c:44:eb:a1:b0:20:1e:
+                    db:02:7e:fe:3d:1f:bf:d0:00:8a:db:40:76:a6:18:
+                    a5:15:a7:57:b6:52:c2:01:17:98:77:8f:8a:81:c6:
+                    1a:b4:6a:2a:e6:af:a9:d6:00:ac:cf:d8:15:49:7c:
+                    db:1b:a1:fe:81:fa:87:f9:d3:90:c1:02:c0:f9:d0:
+                    42:e9:91:68:25:5f:c6:bf:87:39:e9:95:00:60:28:
+                    bf:83:2c:c0:e7:5e:b6:d7:36:16:e7:60:87:76:e8:
+                    e7:27:b2:25:0d:8b:7a:e5:aa:1d:e5:59:cd:ce:0b:
+                    0e:6f:c6:c8:9c:e3:10:d9:85:39:d3:b7:9b:fa:c6:
+                    ba:7c:74:d2:5d:75:56:ab:74:a4:a2:51:bf:52:7c:
+                    ee:71
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77
+
+            X509v3 Subject Key Identifier: 
+                08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77
+    Signature Algorithm: sha1WithRSAEncryption
+        5a:87:58:8f:2d:ab:76:21:6b:54:0c:d9:f1:41:f6:4e:cd:2b:
+        9e:e3:1f:9b:a3:2d:7f:d9:2b:7d:58:c8:67:a4:29:f5:e9:ec:
+        d5:bd:96:3f:a3:73:f8:c4:5b:36:7c:d0:63:2c:34:39:9b:48:
+        b8:3d:6f:f6:14:c5:9e:63:e6:a7:34:6e:d3:e8:33:b3:c7:3c:
+        18:6e:23:ae:43:92:99:3f:98:c5:69:30:f1:36:3b:ad:b9:30:
+        82:d6:b6:59:16:96:02:0b:29:12:61:b4:11:89:f7:0c:2f:94:
+        90:85:98:28:9c:53:6c:7e:63:dd:73:f4:19:ff:4a:81:d1:b2:
+        52:23:fd:3c:4a:34:ce:5a:1b:e0:50:8a:ed:4f:81:95:d8:60:
+        e7:e4:c4:0d:bb:58:3e:58:f7:4e:68:6f:3e:67:c9:cb:7a:97:
+        16:27:ec:42:61:14:76:bb:00:c5:eb:08:3d:15:7f:4b:b6:22:
+        5d:87:3b:90:f4:f3:c0:fe:37:b3:e9:d9:62:0c:c0:c3:59:af:
+        60:bd:1f:0d:db:a1:34:1f:30:c4:3d:8b:ad:b0:1d:04:93:ed:
+        5f:d5:e4:bf:20:30:04:f4:48:e9:33:01:d1:2e:90:27:52:b3:
+        9b:de:3a:1c:ab:a9:97:7f:9b:eb:c2:8d:c2:6d:ec:dc:13:d3:
+        46:c5:79:7c
+
+ANX Network CA by DST
+=====================
+MD5 Fingerprint: A8:ED:DE:EB:93:88:66:D8:2F:C3:BD:1D:BE:45:BE:4D
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDTTCCAragAwIBAgIENm6ibzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMR0wGwYDVQQL
+ExREU1QgKEFOWCBOZXR3b3JrKSBDQTAeFw05ODEyMDkxNTQ2NDhaFw0xODEyMDkx
+NjE2NDhaMFIxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVy
+ZSBUcnVzdCBDby4xHTAbBgNVBAsTFERTVCAoQU5YIE5ldHdvcmspIENBMIGdMA0G
+CSqGSIb3DQEBAQUAA4GLADCBhwKBgQC0SBGAWKDVpZkP9jcsRLZu0XzzKmueEbaI
+IwRccSWeahJ3EW6/aDllqPay9qIYsokVoGe3eowiSGv2hDQftsr3G3LL8ltI04ce
+InYTBLSsbJZ/5w4IyTJRMC3VgOghZ7rzXggkLAdZnZAa7kbJtaQelrRBkdR/0o04
+JrBvQ24JfQIBA6OCATAwggEsMBEGCWCGSAGG+EIBAQQEAwIABzB0BgNVHR8EbTBr
+MGmgZ6BlpGMwYTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0
+dXJlIFRydXN0IENvLjEdMBsGA1UECxMURFNUIChBTlggTmV0d29yaykgQ0ExDTAL
+BgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxNTQ2NDhagQ8yMDE4MTIw
+OTE1NDY0OFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFIwWVXDMFgpTZMKlhKqz
+ZBdDP4I2MB0GA1UdDgQWBBSMFlVwzBYKU2TCpYSqs2QXQz+CNjAMBgNVHRMEBTAD
+AQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GB
+AEklyWCxDF+pORDTxTRVfc95wynr3vnCQPnoVsXwL+z02exIUbhjOF6TbhiWhbnK
+UJykuOpmJmiThW9vTHHQvnoLPDG5975pnhDX0UDorBZxq66rOOFwscqSFuBdhaYY
+gAYAnOGmGEJRp2hoWe8mlF+tMQz+KR4XAYQ3W+gSMqNd
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 913220207 (0x366ea26f)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Digital Signature Trust Co., OU=DST (ANX Network) CA
+        Validity
+            Not Before: Dec  9 15:46:48 1998 GMT
+            Not After : Dec  9 16:16:48 2018 GMT
+        Subject: C=US, O=Digital Signature Trust Co., OU=DST (ANX Network) CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b4:48:11:80:58:a0:d5:a5:99:0f:f6:37:2c:44:
+                    b6:6e:d1:7c:f3:2a:6b:9e:11:b6:88:23:04:5c:71:
+                    25:9e:6a:12:77:11:6e:bf:68:39:65:a8:f6:b2:f6:
+                    a2:18:b2:89:15:a0:67:b7:7a:8c:22:48:6b:f6:84:
+                    34:1f:b6:ca:f7:1b:72:cb:f2:5b:48:d3:87:1e:22:
+                    76:13:04:b4:ac:6c:96:7f:e7:0e:08:c9:32:51:30:
+                    2d:d5:80:e8:21:67:ba:f3:5e:08:24:2c:07:59:9d:
+                    90:1a:ee:46:c9:b5:a4:1e:96:b4:41:91:d4:7f:d2:
+                    8d:38:26:b0:6f:43:6e:09:7d
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Digital Signature Trust Co./OU=DST (ANX Network) CA/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Dec  9 15:46:48 1998 GMT, Not After: Dec  9 15:46:48 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:8C:16:55:70:CC:16:0A:53:64:C2:A5:84:AA:B3:64:17:43:3F:82:36
+
+            X509v3 Subject Key Identifier: 
+                8C:16:55:70:CC:16:0A:53:64:C2:A5:84:AA:B3:64:17:43:3F:82:36
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        49:25:c9:60:b1:0c:5f:a9:39:10:d3:c5:34:55:7d:cf:79:c3:
+        29:eb:de:f9:c2:40:f9:e8:56:c5:f0:2f:ec:f4:d9:ec:48:51:
+        b8:63:38:5e:93:6e:18:96:85:b9:ca:50:9c:a4:b8:ea:66:26:
+        68:93:85:6f:6f:4c:71:d0:be:7a:0b:3c:31:b9:f7:be:69:9e:
+        10:d7:d1:40:e8:ac:16:71:ab:ae:ab:38:e1:70:b1:ca:92:16:
+        e0:5d:85:a6:18:80:06:00:9c:e1:a6:18:42:51:a7:68:68:59:
+        ef:26:94:5f:ad:31:0c:fe:29:1e:17:01:84:37:5b:e8:12:32:
+        a3:5d
+
+American Express CA
+===================
+MD5 Fingerprint: 1C:D5:8E:82:BE:70:55:8E:39:61:DF:AD:51:DB:6B:A0
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICkDCCAfkCAgCNMA0GCSqGSIb3DQEBBAUAMIGPMQswCQYDVQQGEwJVUzEnMCUG
+A1UEChMeQW1lcmljYW4gRXhwcmVzcyBDb21wYW55LCBJbmMuMSYwJAYDVQQLEx1B
+bWVyaWNhbiBFeHByZXNzIFRlY2hub2xvZ2llczEvMC0GA1UEAxMmQW1lcmljYW4g
+RXhwcmVzcyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgwODE0MjIwMTAwWhcN
+MDYwODE0MjM1OTAwWjCBjzELMAkGA1UEBhMCVVMxJzAlBgNVBAoTHkFtZXJpY2Fu
+IEV4cHJlc3MgQ29tcGFueSwgSW5jLjEmMCQGA1UECxMdQW1lcmljYW4gRXhwcmVz
+cyBUZWNobm9sb2dpZXMxLzAtBgNVBAMTJkFtZXJpY2FuIEV4cHJlc3MgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJ8kmS
+hcr9FSm1BrZE7PyIo/KGzv8UTyQckvnCI8HOQ99dNMi4FOzVKnCRSZXXVs2U8amT
+0Ggi3E19oApyKkfqJfCFAF82VGHPC/k3Wmed6R/pZD9wlWGn0DAC3iYopGYDBOkw
++48zB/lvYYeictvzaHhjZlmpybdm4RWySDYs+QIDAQABMA0GCSqGSIb3DQEBBAUA
+A4GBAGgXYrhzi0xs60qlPqvlnS7SzYoHV/PGWZd2Fxf4Uo4nk9hY2Chs9KIEeorC
+diSxArTfKPL386infiNIYYj0EWiuJl32oUtTJWrYKhQCDuCHIG6eGVxzkAsj4jGX
+Iz/VIqLTBnvaN/XXtUFEF3pFAtmFRWbWjsfwegyZYiJpW+3S
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 141 (0x8d)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Certificate Authority
+        Validity
+            Not Before: Aug 14 22:01:00 1998 GMT
+            Not After : Aug 14 23:59:00 2006 GMT
+        Subject: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Certificate Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c9:f2:49:92:85:ca:fd:15:29:b5:06:b6:44:ec:
+                    fc:88:a3:f2:86:ce:ff:14:4f:24:1c:92:f9:c2:23:
+                    c1:ce:43:df:5d:34:c8:b8:14:ec:d5:2a:70:91:49:
+                    95:d7:56:cd:94:f1:a9:93:d0:68:22:dc:4d:7d:a0:
+                    0a:72:2a:47:ea:25:f0:85:00:5f:36:54:61:cf:0b:
+                    f9:37:5a:67:9d:e9:1f:e9:64:3f:70:95:61:a7:d0:
+                    30:02:de:26:28:a4:66:03:04:e9:30:fb:8f:33:07:
+                    f9:6f:61:87:a2:72:db:f3:68:78:63:66:59:a9:c9:
+                    b7:66:e1:15:b2:48:36:2c:f9
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        68:17:62:b8:73:8b:4c:6c:eb:4a:a5:3e:ab:e5:9d:2e:d2:cd:
+        8a:07:57:f3:c6:59:97:76:17:17:f8:52:8e:27:93:d8:58:d8:
+        28:6c:f4:a2:04:7a:8a:c2:76:24:b1:02:b4:df:28:f2:f7:f3:
+        a8:a7:7e:23:48:61:88:f4:11:68:ae:26:5d:f6:a1:4b:53:25:
+        6a:d8:2a:14:02:0e:e0:87:20:6e:9e:19:5c:73:90:0b:23:e2:
+        31:97:23:3f:d5:22:a2:d3:06:7b:da:37:f5:d7:b5:41:44:17:
+        7a:45:02:d9:85:45:66:d6:8e:c7:f0:7a:0c:99:62:22:69:5b:
+        ed:d2
+
+American Express Global CA
+==========================
+MD5 Fingerprint: 63:1B:66:93:8C:F3:66:CB:3C:79:57:DC:05:49:EA:DB
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEBDCCAuygAwIBAgICAIUwDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNVBAYTAlVT
+MScwJQYDVQQKEx5BbWVyaWNhbiBFeHByZXNzIENvbXBhbnksIEluYy4xJjAkBgNV
+BAsTHUFtZXJpY2FuIEV4cHJlc3MgVGVjaG5vbG9naWVzMTYwNAYDVQQDEy1BbWVy
+aWNhbiBFeHByZXNzIEdsb2JhbCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgw
+ODE0MTkwNjAwWhcNMTMwODE0MjM1OTAwWjCBljELMAkGA1UEBhMCVVMxJzAlBgNV
+BAoTHkFtZXJpY2FuIEV4cHJlc3MgQ29tcGFueSwgSW5jLjEmMCQGA1UECxMdQW1l
+cmljYW4gRXhwcmVzcyBUZWNobm9sb2dpZXMxNjA0BgNVBAMTLUFtZXJpY2FuIEV4
+cHJlc3MgR2xvYmFsIENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAPAkJmYu++tKc3FTiUfLJjxTkpRMysKFtQ34w1e9
+Lyofahi3V68MABb6oLaQpvcaoS5mJsdoo4qTaWa1RlYtHYLqkAwKIsKJUI0F89Sr
+c0HwzxKsKLRvFJSWWUuekHWG3+JH6+HpT0N+h8onGGaetcFAZX38YW+tm3LPqV7Y
+8/nabpEQ+ky16n4g3qk5L/WI5IpvNcYgnCuGRjMK/DFVpWusFkDpzTVZbzIEw3u1
+D3t3cPNIuypSgs6vKW3xEW9t5gcAAe+a8yYNpnkTZ6/4qxx1rJG1a75AsN6cDLFp
+hRlxkRNFyt/R/eayypaDedvFuKpbepALeFY+xteflEgR9a0CAwEAAaNaMFgwEgYD
+VR0TAQH/BAgwBgEB/wIBBTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgoq
+hkiG+Q8KAQUBMBkGA1UdDgQSBBBXRzV7NicRqAj8L0Yl6yRpMA0GCSqGSIb3DQEB
+BQUAA4IBAQDHYUWoinG5vjTpIXshzVYTmNUwY+kYqkuSFb8LHbvskmnFLsNhi+gw
+RcsQRsFzOFyLGdIr80DrfHKzLh4n43WVihybLsSVBYZy0FX0oZJSeVzb9Pjc5dcS
+sUDHPIbkMWVKyjfG3nZXGWlMRmn8Kq0WN3qTrPchSy3766lQy8HRQAjaA2mHpzde
+VcHF7cTjjgwml5tcV0ty4/IDBdACOyYDQJCevgtbSQx48dVMVSng9v1MA6lUAjLR
+V1qFrEPtWzsWX6C/NdtLnnvo/+cNPDuom0lBRvVzTv+SZSGDE1Vx60k8f4gawhIo
+JaFGS0E3l3/sjvHUoZbCILZerakcHhGg
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 133 (0x85)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Global Certificate Authority
+        Validity
+            Not Before: Aug 14 19:06:00 1998 GMT
+            Not After : Aug 14 23:59:00 2013 GMT
+        Subject: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Global Certificate Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:f0:24:26:66:2e:fb:eb:4a:73:71:53:89:47:cb:
+                    26:3c:53:92:94:4c:ca:c2:85:b5:0d:f8:c3:57:bd:
+                    2f:2a:1f:6a:18:b7:57:af:0c:00:16:fa:a0:b6:90:
+                    a6:f7:1a:a1:2e:66:26:c7:68:a3:8a:93:69:66:b5:
+                    46:56:2d:1d:82:ea:90:0c:0a:22:c2:89:50:8d:05:
+                    f3:d4:ab:73:41:f0:cf:12:ac:28:b4:6f:14:94:96:
+                    59:4b:9e:90:75:86:df:e2:47:eb:e1:e9:4f:43:7e:
+                    87:ca:27:18:66:9e:b5:c1:40:65:7d:fc:61:6f:ad:
+                    9b:72:cf:a9:5e:d8:f3:f9:da:6e:91:10:fa:4c:b5:
+                    ea:7e:20:de:a9:39:2f:f5:88:e4:8a:6f:35:c6:20:
+                    9c:2b:86:46:33:0a:fc:31:55:a5:6b:ac:16:40:e9:
+                    cd:35:59:6f:32:04:c3:7b:b5:0f:7b:77:70:f3:48:
+                    bb:2a:52:82:ce:af:29:6d:f1:11:6f:6d:e6:07:00:
+                    01:ef:9a:f3:26:0d:a6:79:13:67:af:f8:ab:1c:75:
+                    ac:91:b5:6b:be:40:b0:de:9c:0c:b1:69:85:19:71:
+                    91:13:45:ca:df:d1:fd:e6:b2:ca:96:83:79:db:c5:
+                    b8:aa:5b:7a:90:0b:78:56:3e:c6:d7:9f:94:48:11:
+                    f5:ad
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:5
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Certificate Policies: 
+                Policy: 1.2.840.113807.10.1.5.1
+
+            X509v3 Subject Key Identifier: 
+                57:47:35:7B:36:27:11:A8:08:FC:2F:46:25:EB:24:69
+    Signature Algorithm: sha1WithRSAEncryption
+        c7:61:45:a8:8a:71:b9:be:34:e9:21:7b:21:cd:56:13:98:d5:
+        30:63:e9:18:aa:4b:92:15:bf:0b:1d:bb:ec:92:69:c5:2e:c3:
+        61:8b:e8:30:45:cb:10:46:c1:73:38:5c:8b:19:d2:2b:f3:40:
+        eb:7c:72:b3:2e:1e:27:e3:75:95:8a:1c:9b:2e:c4:95:05:86:
+        72:d0:55:f4:a1:92:52:79:5c:db:f4:f8:dc:e5:d7:12:b1:40:
+        c7:3c:86:e4:31:65:4a:ca:37:c6:de:76:57:19:69:4c:46:69:
+        fc:2a:ad:16:37:7a:93:ac:f7:21:4b:2d:fb:eb:a9:50:cb:c1:
+        d1:40:08:da:03:69:87:a7:37:5e:55:c1:c5:ed:c4:e3:8e:0c:
+        26:97:9b:5c:57:4b:72:e3:f2:03:05:d0:02:3b:26:03:40:90:
+        9e:be:0b:5b:49:0c:78:f1:d5:4c:55:29:e0:f6:fd:4c:03:a9:
+        54:02:32:d1:57:5a:85:ac:43:ed:5b:3b:16:5f:a0:bf:35:db:
+        4b:9e:7b:e8:ff:e7:0d:3c:3b:a8:9b:49:41:46:f5:73:4e:ff:
+        92:65:21:83:13:55:71:eb:49:3c:7f:88:1a:c2:12:28:25:a1:
+        46:4b:41:37:97:7f:ec:8e:f1:d4:a1:96:c2:20:b6:5e:ad:a9:
+        1c:1e:11:a0
+
+BelSign Object Publishing CA
+============================
+MD5 Fingerprint: 8A:02:F8:DF:B8:E1:84:9F:5A:C2:60:24:65:D1:73:FB
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAmygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBuzELMAkGA1UEBhMCQkUx
+ETAPBgNVBAcTCEJydXNzZWxzMRMwEQYDVQQKEwpCZWxTaWduIE5WMTgwNgYDVQQL
+Ey9CZWxTaWduIE9iamVjdCBQdWJsaXNoaW5nIENlcnRpZmljYXRlIEF1dGhvcml0
+eTElMCMGA1UEAxMcQmVsU2lnbiBPYmplY3QgUHVibGlzaGluZyBDQTEjMCEGCSqG
+SIb3DQEJARYUd2VibWFzdGVyQGJlbHNpZ24uYmUwHhcNOTcwOTE5MjIwMzAwWhcN
+MDcwOTE5MjIwMzAwWjCBuzELMAkGA1UEBhMCQkUxETAPBgNVBAcTCEJydXNzZWxz
+MRMwEQYDVQQKEwpCZWxTaWduIE5WMTgwNgYDVQQLEy9CZWxTaWduIE9iamVjdCBQ
+dWJsaXNoaW5nIENlcnRpZmljYXRlIEF1dGhvcml0eTElMCMGA1UEAxMcQmVsU2ln
+biBPYmplY3QgUHVibGlzaGluZyBDQTEjMCEGCSqGSIb3DQEJARYUd2VibWFzdGVy
+QGJlbHNpZ24uYmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMQuH7a/7oJA
+3fm3LkHVngWxWtAmfGJVA5v8y2HeS+/+6Jn+h7mIz5DaDwk8dt8Xl7bLPyVF/bS8
+WAC+sFq2FIeP7mdkrR2Ig7tnn2VhAFgIgFCfgMkx9iqQHC33SmwQ9iNDXTgJYIhX
+As0WbBj8zfuSKnfQnpOjXYhk0Mj4XVRRAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQE
+AwIABzANBgkqhkiG9w0BAQQFAAOBgQBjdhd8lvBTpV0BHFPOKcJ+daxMDaIIc7Rq
+Mf0CBhSZ3FQEpL/IloafMUMyJVf2hfYluze+oXkjyVcGJXFrRU/49AJAFoIir1Tq
+Mij2De6ZuksIUQ9uhiMhTC0liIHELg7xEyw4ipUCJMM6lWPkk45IuwhHcl+u5jpa
+R9Zxxp6aUg==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Object Publishing Certificate Authority, CN=BelSign Object Publishing CA/Email=webmaster@belsign.be
+        Validity
+            Not Before: Sep 19 22:03:00 1997 GMT
+            Not After : Sep 19 22:03:00 2007 GMT
+        Subject: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Object Publishing Certificate Authority, CN=BelSign Object Publishing CA/Email=webmaster@belsign.be
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c4:2e:1f:b6:bf:ee:82:40:dd:f9:b7:2e:41:d5:
+                    9e:05:b1:5a:d0:26:7c:62:55:03:9b:fc:cb:61:de:
+                    4b:ef:fe:e8:99:fe:87:b9:88:cf:90:da:0f:09:3c:
+                    76:df:17:97:b6:cb:3f:25:45:fd:b4:bc:58:00:be:
+                    b0:5a:b6:14:87:8f:ee:67:64:ad:1d:88:83:bb:67:
+                    9f:65:61:00:58:08:80:50:9f:80:c9:31:f6:2a:90:
+                    1c:2d:f7:4a:6c:10:f6:23:43:5d:38:09:60:88:57:
+                    02:cd:16:6c:18:fc:cd:fb:92:2a:77:d0:9e:93:a3:
+                    5d:88:64:d0:c8:f8:5d:54:51
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        63:76:17:7c:96:f0:53:a5:5d:01:1c:53:ce:29:c2:7e:75:ac:
+        4c:0d:a2:08:73:b4:6a:31:fd:02:06:14:99:dc:54:04:a4:bf:
+        c8:96:86:9f:31:43:32:25:57:f6:85:f6:25:bb:37:be:a1:79:
+        23:c9:57:06:25:71:6b:45:4f:f8:f4:02:40:16:82:22:af:54:
+        ea:32:28:f6:0d:ee:99:ba:4b:08:51:0f:6e:86:23:21:4c:2d:
+        25:88:81:c4:2e:0e:f1:13:2c:38:8a:95:02:24:c3:3a:95:63:
+        e4:93:8e:48:bb:08:47:72:5f:ae:e6:3a:5a:47:d6:71:c6:9e:
+        9a:52
+
+BelSign Secure Server CA
+========================
+MD5 Fingerprint: 3D:5E:82:C6:D9:AD:D9:8B:93:6B:0C:10:B9:49:0A:B1
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIC8zCCAlygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBszELMAkGA1UEBhMCQkUx
+ETAPBgNVBAcTCEJydXNzZWxzMRMwEQYDVQQKEwpCZWxTaWduIE5WMTQwMgYDVQQL
+EytCZWxTaWduIFNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSEw
+HwYDVQQDExhCZWxTaWduIFNlY3VyZSBTZXJ2ZXIgQ0ExIzAhBgkqhkiG9w0BCQEW
+FHdlYm1hc3RlckBiZWxzaWduLmJlMB4XDTk3MDcxNjIyMDA1NFoXDTA3MDcxNjIy
+MDA1NFowgbMxCzAJBgNVBAYTAkJFMREwDwYDVQQHEwhCcnVzc2VsczETMBEGA1UE
+ChMKQmVsU2lnbiBOVjE0MDIGA1UECxMrQmVsU2lnbiBTZWN1cmUgU2VydmVyIENl
+cnRpZmljYXRlIEF1dGhvcml0eTEhMB8GA1UEAxMYQmVsU2lnbiBTZWN1cmUgU2Vy
+dmVyIENBMSMwIQYJKoZIhvcNAQkBFhR3ZWJtYXN0ZXJAYmVsc2lnbi5iZTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1gESeJL4BEJ/yccig/x8R3AwK0kLPjZA
+kCjaIXODU/LE0RZAwFP/rqbGJLMnbaWzPTl3XagG9ubpvGMRTgZlcAqdk/miQIt/
+SoQOjRax1swIZBIM4ChLyKWEkBf7EUYu1qeFGMsYrmOasFgG9ADP+MQJGjUMofnu
+Sv1t3v4mpTsCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgCgMA0GCSqGSIb3DQEB
+BAUAA4GBAGw9mcMF4h3K5S2qaIWLQDEgZhNo5lg6idCNdbLFYth9go/32TKBd/Y1
+W4UpzmeyubwrGXjP84f9RvGVdbIJVwMwwXrNckdxgMp9ncllPEcRIn36BwsoeKGT
+6AVFSOIyMko96FMcELfHc4wHUOH5yStTQfWDjeUJOUqOA2KqQGOL
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Secure Server Certificate Authority, CN=BelSign Secure Server CA/Email=webmaster@belsign.be
+        Validity
+            Not Before: Jul 16 22:00:54 1997 GMT
+            Not After : Jul 16 22:00:54 2007 GMT
+        Subject: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Secure Server Certificate Authority, CN=BelSign Secure Server CA/Email=webmaster@belsign.be
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d6:01:12:78:92:f8:04:42:7f:c9:c7:22:83:fc:
+                    7c:47:70:30:2b:49:0b:3e:36:40:90:28:da:21:73:
+                    83:53:f2:c4:d1:16:40:c0:53:ff:ae:a6:c6:24:b3:
+                    27:6d:a5:b3:3d:39:77:5d:a8:06:f6:e6:e9:bc:63:
+                    11:4e:06:65:70:0a:9d:93:f9:a2:40:8b:7f:4a:84:
+                    0e:8d:16:b1:d6:cc:08:64:12:0c:e0:28:4b:c8:a5:
+                    84:90:17:fb:11:46:2e:d6:a7:85:18:cb:18:ae:63:
+                    9a:b0:58:06:f4:00:cf:f8:c4:09:1a:35:0c:a1:f9:
+                    ee:4a:fd:6d:de:fe:26:a5:3b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL Client, S/MIME
+    Signature Algorithm: md5WithRSAEncryption
+        6c:3d:99:c3:05:e2:1d:ca:e5:2d:aa:68:85:8b:40:31:20:66:
+        13:68:e6:58:3a:89:d0:8d:75:b2:c5:62:d8:7d:82:8f:f7:d9:
+        32:81:77:f6:35:5b:85:29:ce:67:b2:b9:bc:2b:19:78:cf:f3:
+        87:fd:46:f1:95:75:b2:09:57:03:30:c1:7a:cd:72:47:71:80:
+        ca:7d:9d:c9:65:3c:47:11:22:7d:fa:07:0b:28:78:a1:93:e8:
+        05:45:48:e2:32:32:4a:3d:e8:53:1c:10:b7:c7:73:8c:07:50:
+        e1:f9:c9:2b:53:41:f5:83:8d:e5:09:39:4a:8e:03:62:aa:40:
+        63:8b
+
+Deutsche Telekom AG Root CA
+===========================
+MD5 Fingerprint: 77:DE:04:94:77:D0:0C:5F:A7:B1:F4:30:18:87:FB:55
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICjjCCAfegAwIBAgIBBjANBgkqhkiG9w0BAQQFADBtMQswCQYDVQQGEwJERTEc
+MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEdMBsGA1UECxMUVGVsZVNlYyBU
+cnVzdCBDZW50ZXIxITAfBgNVBAMTGERldXRzY2hlIFRlbGVrb20gUm9vdCBDQTAe
+Fw05ODEyMDkwOTExMDBaFw0wNDEyMDkyMzU5MDBaMG0xCzAJBgNVBAYTAkRFMRww
+GgYDVQQKExNEZXV0c2NoZSBUZWxla29tIEFHMR0wGwYDVQQLExRUZWxlU2VjIFRy
+dXN0IENlbnRlcjEhMB8GA1UEAxMYRGV1dHNjaGUgVGVsZWtvbSBSb290IENBMIGf
+MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdBSz5BbO5EtdpcffqVjAIVxRDe7sa
+nG0vV2HX4vVEa+42QZb2ZM7hwbK5pBQEmFDocPiONZp9ScFhHVmu2gYYlX2tzuyp
+vtEYD0CRdiqj5f3+iRX0V/fgVdp1rQD0LME1zLRDJlViRC4BJZyKW/DB0AA1eP41
+3pRAZHiDocw5iQIDAQABoz4wPDAPBgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQE
+AwIBBjAZBgNVHQ4EEgQQLIdZH4sTgLL5hp0+En5YljANBgkqhkiG9w0BAQQFAAOB
+gQAP/nO1B4hvoAuJ6spQH5TelCsLJ15P9RyVJtqMllStGZE3Q12ryYuzzW+YOT3t
+3TXjcbftE5OD6IblKTMTE7w1e/0oL3BZ1dO0jSgTWTvI1XT5RcIHYKq4GFT5pWj/
+1wXVj7YFMS5BSvQQH2BHGguLGU2SVyDS71AZ6M3QcLy8Ng==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, O=Deutsche Telekom AG, OU=TeleSec Trust Center, CN=Deutsche Telekom Root CA
+        Validity
+            Not Before: Dec  9 09:11:00 1998 GMT
+            Not After : Dec  9 23:59:00 2004 GMT
+        Subject: C=DE, O=Deutsche Telekom AG, OU=TeleSec Trust Center, CN=Deutsche Telekom Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:dd:05:2c:f9:05:b3:b9:12:d7:69:71:f7:ea:56:
+                    30:08:57:14:43:7b:bb:1a:9c:6d:2f:57:61:d7:e2:
+                    f5:44:6b:ee:36:41:96:f6:64:ce:e1:c1:b2:b9:a4:
+                    14:04:98:50:e8:70:f8:8e:35:9a:7d:49:c1:61:1d:
+                    59:ae:da:06:18:95:7d:ad:ce:ec:a9:be:d1:18:0f:
+                    40:91:76:2a:a3:e5:fd:fe:89:15:f4:57:f7:e0:55:
+                    da:75:ad:00:f4:2c:c1:35:cc:b4:43:26:55:62:44:
+                    2e:01:25:9c:8a:5b:f0:c1:d0:00:35:78:fe:35:de:
+                    94:40:64:78:83:a1:cc:39:89
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE, pathlen:5
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                2C:87:59:1F:8B:13:80:B2:F9:86:9D:3E:12:7E:58:96
+    Signature Algorithm: md5WithRSAEncryption
+        0f:fe:73:b5:07:88:6f:a0:0b:89:ea:ca:50:1f:94:de:94:2b:
+        0b:27:5e:4f:f5:1c:95:26:da:8c:96:54:ad:19:91:37:43:5d:
+        ab:c9:8b:b3:cd:6f:98:39:3d:ed:dd:35:e3:71:b7:ed:13:93:
+        83:e8:86:e5:29:33:13:13:bc:35:7b:fd:28:2f:70:59:d5:d3:
+        b4:8d:28:13:59:3b:c8:d5:74:f9:45:c2:07:60:aa:b8:18:54:
+        f9:a5:68:ff:d7:05:d5:8f:b6:05:31:2e:41:4a:f4:10:1f:60:
+        47:1a:0b:8b:19:4d:92:57:20:d2:ef:50:19:e8:cd:d0:70:bc:
+        bc:36
+
+Digital Signature Trust Co. Global CA 1
+=======================================
+MD5 Fingerprint: 25:7A:BA:83:2E:B6:A2:0B:DA:FE:F5:02:0F:08:D7:AD
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
+EwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQwMjNaMEYxCzAJ
+BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
+ETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCg
+bIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlREmlvMVW5SXIACH7TpWJENySZ
+j9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+LthzfNHwJmm8fOR6Hh8AMthyUQncWlV
+Sn5JTe2io74CTADKAqjuAQIxZA9SLRN0dja1erQtcQIBA6OCASQwggEgMBEGCWCG
+SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
+JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
+RFNUQ0EgRTExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEw
+MjNagQ8yMDE4MTIxMDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5
+fpFpRhgTCgJ3pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i
++DAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN
+QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomAsH3+
+gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6w4pl
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 913315222 (0x36701596)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Digital Signature Trust Co., OU=DSTCA E1
+        Validity
+            Not Before: Dec 10 18:10:23 1998 GMT
+            Not After : Dec 10 18:40:23 2018 GMT
+        Subject: C=US, O=Digital Signature Trust Co., OU=DSTCA E1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a0:6c:81:a9:cf:34:1e:24:dd:fe:86:28:cc:de:
+                    83:2f:f9:5e:d4:42:d2:e8:74:60:66:13:98:06:1c:
+                    a9:51:12:69:6f:31:55:b9:49:72:00:08:7e:d3:a5:
+                    62:44:37:24:99:8f:d9:83:48:8f:99:6d:95:13:bb:
+                    43:3b:2e:49:4e:88:37:c1:bb:58:7f:fe:e1:bd:f8:
+                    bb:61:cd:f3:47:c0:99:a6:f1:f3:91:e8:78:7c:00:
+                    cb:61:c9:44:27:71:69:55:4a:7e:49:4d:ed:a2:a3:
+                    be:02:4c:00:ca:02:a8:ee:01:02:31:64:0f:52:2d:
+                    13:74:76:36:b5:7a:b4:2d:71
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Digital Signature Trust Co./OU=DSTCA E1/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Dec 10 18:10:23 1998 GMT, Not After: Dec 10 18:10:23 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:6A:79:7E:91:69:46:18:13:0A:02:77:A5:59:5B:60:98:25:0E:A2:F8
+
+            X509v3 Subject Key Identifier: 
+                6A:79:7E:91:69:46:18:13:0A:02:77:A5:59:5B:60:98:25:0E:A2:F8
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        22:12:d8:7a:1d:dc:81:06:b6:09:65:b2:87:c8:1f:5e:b4:2f:
+        e9:c4:1e:f2:3c:c1:bb:04:90:11:4a:83:4e:7e:93:b9:4d:42:
+        c7:92:26:a0:5c:34:9a:38:72:f8:fd:6b:16:3e:20:ee:82:8b:
+        31:2a:93:36:85:23:88:8a:3c:03:68:d3:c9:09:0f:4d:fc:6c:
+        a4:da:28:72:93:0e:89:80:b0:7d:fe:80:6f:65:6d:18:33:97:
+        8b:c2:6b:89:ee:60:3d:c8:9b:ef:7f:2b:32:62:73:93:cb:3c:
+        e3:7b:e2:76:78:45:bc:a1:93:04:bb:86:9f:3a:5b:43:7a:c3:
+        8a:65
+
+Digital Signature Trust Co. Global CA 2
+=======================================
+MD5 Fingerprint: 6C:C9:A7:6E:47:F1:0C:E3:53:3B:78:4C:4D:C2:6A:C5
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsACEQDQHkCLAAACfAAAAAIAAAABMA0GCSqGSIb3DQEBBQUAMIGpMQsw
+CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE
+CxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDExITAfBgkqhkiG9w0B
+CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODEyMDExODE4NTVaFw0wODExMjgx
+ODE4NTVaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO
+U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0
+IENvLjERMA8GA1UECxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDEx
+ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANLGJrbnpT3BxGjVUG9TxW9JEwm4ryxIjRRqoxdf
+WvnTLnUv2Chi0ZMv/E3Uq4flCMeZ55I/db3rJbQVwZsZPdJEjdd0IG03Ao9pk1uK
+xBmd9LIO/BZsubEFkoPRhSxglD5FVaDZqwgh5mDoO3TymVBRaNADLbGAvqPYUrBE
+zUNKcI5YhZXhTizWLUFv1oTnyJhEykfbLCSlaSbPa7gnYsP0yXqSI+0TZ4KuRS5F
+5X5yP4WdlGIQ5jyRoa13AOAV7POEgHJ6jm5gl8ckWRA0g1vhpaRptlc1HHhZxtMv
+OnNn7pTKBBMFYgZwI7P0fO5F2WQLW0mqpEPOJsREEmy43XkCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAojeyP2n714Z5VEkxlTMr89EJFEliYIalsBHiUMIdBlc+Legz
+ZL6bqq1fG03UmZWii5rJYnK1aerZWKs17RWiQ9a2vAd5ZWRzfdd5ynvVWlHG4VME
+lo04z6MXrDlxawHDi1M8Y+nuecDkvpIyZHqzH5eUYr3qsiAVlfuX8ngvYzZAOONG
+Dx3drJXK50uQe7FLqdTF65raqtWjlBRGjS0f8zrWkzr2Pnn86Oawde3uPclwx12q
+gUtGJRzHbBXjlU4PqjI3lAoXJJIThFjSY28r9+ZbYgsTF7ANUkz+/m9c4pFuHf2k
+Ytdo+o56T9II2pPc8JIRetDccpMMc5NihWjQ9A==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            d0:1e:40:8b:00:00:02:7c:00:00:00:02:00:00:00:01
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X1, CN=DST RootCA X1/Email=ca@digsigtrust.com
+        Validity
+            Not Before: Dec  1 18:18:55 1998 GMT
+            Not After : Nov 28 18:18:55 2008 GMT
+        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X1, CN=DST RootCA X1/Email=ca@digsigtrust.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:d2:c6:26:b6:e7:a5:3d:c1:c4:68:d5:50:6f:53:
+                    c5:6f:49:13:09:b8:af:2c:48:8d:14:6a:a3:17:5f:
+                    5a:f9:d3:2e:75:2f:d8:28:62:d1:93:2f:fc:4d:d4:
+                    ab:87:e5:08:c7:99:e7:92:3f:75:bd:eb:25:b4:15:
+                    c1:9b:19:3d:d2:44:8d:d7:74:20:6d:37:02:8f:69:
+                    93:5b:8a:c4:19:9d:f4:b2:0e:fc:16:6c:b9:b1:05:
+                    92:83:d1:85:2c:60:94:3e:45:55:a0:d9:ab:08:21:
+                    e6:60:e8:3b:74:f2:99:50:51:68:d0:03:2d:b1:80:
+                    be:a3:d8:52:b0:44:cd:43:4a:70:8e:58:85:95:e1:
+                    4e:2c:d6:2d:41:6f:d6:84:e7:c8:98:44:ca:47:db:
+                    2c:24:a5:69:26:cf:6b:b8:27:62:c3:f4:c9:7a:92:
+                    23:ed:13:67:82:ae:45:2e:45:e5:7e:72:3f:85:9d:
+                    94:62:10:e6:3c:91:a1:ad:77:00:e0:15:ec:f3:84:
+                    80:72:7a:8e:6e:60:97:c7:24:59:10:34:83:5b:e1:
+                    a5:a4:69:b6:57:35:1c:78:59:c6:d3:2f:3a:73:67:
+                    ee:94:ca:04:13:05:62:06:70:23:b3:f4:7c:ee:45:
+                    d9:64:0b:5b:49:aa:a4:43:ce:26:c4:44:12:6c:b8:
+                    dd:79
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        a2:37:b2:3f:69:fb:d7:86:79:54:49:31:95:33:2b:f3:d1:09:
+        14:49:62:60:86:a5:b0:11:e2:50:c2:1d:06:57:3e:2d:e8:33:
+        64:be:9b:aa:ad:5f:1b:4d:d4:99:95:a2:8b:9a:c9:62:72:b5:
+        69:ea:d9:58:ab:35:ed:15:a2:43:d6:b6:bc:07:79:65:64:73:
+        7d:d7:79:ca:7b:d5:5a:51:c6:e1:53:04:96:8d:38:cf:a3:17:
+        ac:39:71:6b:01:c3:8b:53:3c:63:e9:ee:79:c0:e4:be:92:32:
+        64:7a:b3:1f:97:94:62:bd:ea:b2:20:15:95:fb:97:f2:78:2f:
+        63:36:40:38:e3:46:0f:1d:dd:ac:95:ca:e7:4b:90:7b:b1:4b:
+        a9:d4:c5:eb:9a:da:aa:d5:a3:94:14:46:8d:2d:1f:f3:3a:d6:
+        93:3a:f6:3e:79:fc:e8:e6:b0:75:ed:ee:3d:c9:70:c7:5d:aa:
+        81:4b:46:25:1c:c7:6c:15:e3:95:4e:0f:aa:32:37:94:0a:17:
+        24:92:13:84:58:d2:63:6f:2b:f7:e6:5b:62:0b:13:17:b0:0d:
+        52:4c:fe:fe:6f:5c:e2:91:6e:1d:fd:a4:62:d7:68:fa:8e:7a:
+        4f:d2:08:da:93:dc:f0:92:11:7a:d0:dc:72:93:0c:73:93:62:
+        85:68:d0:f4
+
+Digital Signature Trust Co. Global CA 3
+=======================================
+MD5 Fingerprint: 93:C2:8E:11:7B:D4:F3:03:19:BD:28:75:13:4A:45:4A
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
+EwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3MjZaMEYxCzAJ
+BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
+ETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/
+k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fBw18DW9Fvrn5C6mYjuGODVvso
+LeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87eZfCocfdPJmyMvMa1795JJ/9IKn3o
+TQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd55FbgM2UnQIBA6OCASQwggEgMBEGCWCG
+SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
+JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
+RFNUQ0EgRTIxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3
+MjZagQ8yMDE4MTIwOTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6C
+TShlgDzJQW6sNS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5
+WzAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR
+xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLbdHVL
+B3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlihw6ID
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 913232846 (0x366ed3ce)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Digital Signature Trust Co., OU=DSTCA E2
+        Validity
+            Not Before: Dec  9 19:17:26 1998 GMT
+            Not After : Dec  9 19:47:26 2018 GMT
+        Subject: C=US, O=Digital Signature Trust Co., OU=DSTCA E2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bf:93:8f:17:92:ef:33:13:18:eb:10:7f:4e:16:
+                    bf:ff:06:8f:2a:85:bc:5e:f9:24:a6:24:88:b6:03:
+                    b7:c1:c3:5f:03:5b:d1:6f:ae:7e:42:ea:66:23:b8:
+                    63:83:56:fb:28:2d:e1:38:8b:b4:ee:a8:01:e1:ce:
+                    1c:b6:88:2a:22:46:85:fb:9f:a7:70:a9:47:14:3f:
+                    ce:de:65:f0:a8:71:f7:4f:26:6c:8c:bc:c6:b5:ef:
+                    de:49:27:ff:48:2a:7d:e8:4d:03:cc:c7:b2:52:c6:
+                    17:31:13:3b:b5:4d:db:c8:c4:f6:c3:0f:24:2a:da:
+                    0c:9d:e7:91:5b:80:cd:94:9d
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Digital Signature Trust Co./OU=DSTCA E2/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Dec  9 19:17:26 1998 GMT, Not After: Dec  9 19:17:26 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:1E:82:4D:28:65:80:3C:C9:41:6E:AC:35:2E:5A:CB:DE:EE:F8:39:5B
+
+            X509v3 Subject Key Identifier: 
+                1E:82:4D:28:65:80:3C:C9:41:6E:AC:35:2E:5A:CB:DE:EE:F8:39:5B
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        47:8d:83:ad:62:f2:db:b0:9e:45:22:05:b9:a2:d6:03:0e:38:
+        72:e7:9e:fc:7b:e6:93:b6:9a:a5:a2:94:c8:34:1d:91:d1:c5:
+        d7:f4:0a:25:0f:3d:78:81:9e:0f:b1:67:c4:90:4c:63:dd:5e:
+        a7:e2:ba:9f:f5:f7:4d:a5:31:7b:9c:29:2d:4c:fe:64:3e:ec:
+        b6:53:fe:ea:9b:ed:82:db:74:75:4b:07:79:6e:1e:d8:19:83:
+        73:de:f5:3e:d0:b5:de:e7:4b:68:7d:43:2e:2a:20:e1:7e:a0:
+        78:44:9e:08:f5:98:f9:c7:7f:1b:1b:d6:06:20:02:58:a1:c3:
+        a2:03
+
+Digital Signature Trust Co. Global CA 4
+=======================================
+MD5 Fingerprint: CD:3B:3D:62:5B:09:B8:09:36:87:9E:12:2F:71:64:BA
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsACEQDQHkCLAAB3bQAAAAEAAAAEMA0GCSqGSIb3DQEBBQUAMIGpMQsw
+CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE
+CxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIxITAfBgkqhkiG9w0B
+CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODExMzAyMjQ2MTZaFw0wODExMjcy
+MjQ2MTZaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO
+U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0
+IENvLjERMA8GA1UECxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIx
+ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANx18IzAdZaawGIfJvfE4Zrq4FZzW5nNAUSoCLbV
+p9oaBBg5kkp4o4HC9Xd6ULRw/5qrxsfKboNPQpj7Jgva3G3WqZlVUmfpKAOS3OWw
+BZoPFflrWXJW8vo5/Kpo7g8fEIMv/J36F5bdguPmRX3AS4BEH+0s4IT9kVySVGkl
+5WJp3OXuAFK9MwutdQKFp2RQLcUZGTDAJtvJ0/0uma1ZtQtN1EGuhUhDWdy3qOKi
+3sOP17ihYqZoUFLkzzGnlIXan0YyF1bl8utmPRL/Q9uY73fPy4GNNLHGUEom0eQ+
+QVCvbK4iNC7Va26Dunm4dmVI2gkpZGMiuftHdoWMhkTLCdsCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAtTYOXeFhKFoRZcA/gwN5Tb4opgsHAlKFzfiR0BBstWogWxyQ
+2TA8xkieil5k+aFxd+8EJx8H6+Qm93N0yUQYGmbT4EOvkTvRyyzYdFQ6HE3K1GjN
+I3wdEJ5F6fYAbqbNGf9PLCmPV03Ed5K+4EwJ+11EhmYhqLkyolbV6YyDfFk/xPEL
+553snr2cGA4+wjl5KLcDDQjLxufZATdQEOzMYRZA1K8xdHv8PzGn0EdzMzkbzE5q
+10mDEQb+64JYMzJM8FasHpwvVpp7wUocpf1VNs78lk30sPDst2yC7S8xmUJMqbIN
+uBVd8d+6ybVK1GSYsyapMMj9puyrliGtf8J4tg==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            d0:1e:40:8b:00:00:77:6d:00:00:00:01:00:00:00:04
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X2, CN=DST RootCA X2/Email=ca@digsigtrust.com
+        Validity
+            Not Before: Nov 30 22:46:16 1998 GMT
+            Not After : Nov 27 22:46:16 2008 GMT
+        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X2, CN=DST RootCA X2/Email=ca@digsigtrust.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:75:f0:8c:c0:75:96:9a:c0:62:1f:26:f7:c4:
+                    e1:9a:ea:e0:56:73:5b:99:cd:01:44:a8:08:b6:d5:
+                    a7:da:1a:04:18:39:92:4a:78:a3:81:c2:f5:77:7a:
+                    50:b4:70:ff:9a:ab:c6:c7:ca:6e:83:4f:42:98:fb:
+                    26:0b:da:dc:6d:d6:a9:99:55:52:67:e9:28:03:92:
+                    dc:e5:b0:05:9a:0f:15:f9:6b:59:72:56:f2:fa:39:
+                    fc:aa:68:ee:0f:1f:10:83:2f:fc:9d:fa:17:96:dd:
+                    82:e3:e6:45:7d:c0:4b:80:44:1f:ed:2c:e0:84:fd:
+                    91:5c:92:54:69:25:e5:62:69:dc:e5:ee:00:52:bd:
+                    33:0b:ad:75:02:85:a7:64:50:2d:c5:19:19:30:c0:
+                    26:db:c9:d3:fd:2e:99:ad:59:b5:0b:4d:d4:41:ae:
+                    85:48:43:59:dc:b7:a8:e2:a2:de:c3:8f:d7:b8:a1:
+                    62:a6:68:50:52:e4:cf:31:a7:94:85:da:9f:46:32:
+                    17:56:e5:f2:eb:66:3d:12:ff:43:db:98:ef:77:cf:
+                    cb:81:8d:34:b1:c6:50:4a:26:d1:e4:3e:41:50:af:
+                    6c:ae:22:34:2e:d5:6b:6e:83:ba:79:b8:76:65:48:
+                    da:09:29:64:63:22:b9:fb:47:76:85:8c:86:44:cb:
+                    09:db
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        b5:36:0e:5d:e1:61:28:5a:11:65:c0:3f:83:03:79:4d:be:28:
+        a6:0b:07:02:52:85:cd:f8:91:d0:10:6c:b5:6a:20:5b:1c:90:
+        d9:30:3c:c6:48:9e:8a:5e:64:f9:a1:71:77:ef:04:27:1f:07:
+        eb:e4:26:f7:73:74:c9:44:18:1a:66:d3:e0:43:af:91:3b:d1:
+        cb:2c:d8:74:54:3a:1c:4d:ca:d4:68:cd:23:7c:1d:10:9e:45:
+        e9:f6:00:6e:a6:cd:19:ff:4f:2c:29:8f:57:4d:c4:77:92:be:
+        e0:4c:09:fb:5d:44:86:66:21:a8:b9:32:a2:56:d5:e9:8c:83:
+        7c:59:3f:c4:f1:0b:e7:9d:ec:9e:bd:9c:18:0e:3e:c2:39:79:
+        28:b7:03:0d:08:cb:c6:e7:d9:01:37:50:10:ec:cc:61:16:40:
+        d4:af:31:74:7b:fc:3f:31:a7:d0:47:73:33:39:1b:cc:4e:6a:
+        d7:49:83:11:06:fe:eb:82:58:33:32:4c:f0:56:ac:1e:9c:2f:
+        56:9a:7b:c1:4a:1c:a5:fd:55:36:ce:fc:96:4d:f4:b0:f0:ec:
+        b7:6c:82:ed:2f:31:99:42:4c:a9:b2:0d:b8:15:5d:f1:df:ba:
+        c9:b5:4a:d4:64:98:b3:26:a9:30:c8:fd:a6:ec:ab:96:21:ad:
+        7f:c2:78:b6
+
+Entrust Worldwide by DST
+========================
+MD5 Fingerprint: B4:65:22:0A:7C:AD:DF:41:B7:D5:44:D5:AD:FA:9A:75
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDRzCCArCgAwIBAgIENm3FGDANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRswGQYDVQQL
+ExJEU1QtRW50cnVzdCBHVEkgQ0EwHhcNOTgxMjA5MDAwMjI0WhcNMTgxMjA5MDAz
+MjI0WjBQMQswCQYDVQQGEwJVUzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUg
+VHJ1c3QgQ28uMRswGQYDVQQLExJEU1QtRW50cnVzdCBHVEkgQ0EwgZ0wDQYJKoZI
+hvcNAQEBBQADgYsAMIGHAoGBALYd90uNDxPjEvUJ/gYyDq9MQfV91Ec9KgrfgwXe
+3n3mAxb2UTrLRxpKrX7E/R20vnSKeN0Lg460hBPE+/htKa6h4Q8PQ+O1XmBp+oOU
+/Hnm3Hbt0UQrjv0Su/4XdxcMie2n71F9xO04wzujevviTaBgtfL9E2XTxuw/vjWc
+PSLvAgEDo4IBLjCCASowEQYJYIZIAYb4QgEBBAQDAgAHMHIGA1UdHwRrMGkwZ6Bl
+oGOkYTBfMQswCQYDVQQGEwJVUzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUg
+VHJ1c3QgQ28uMRswGQYDVQQLExJEU1QtRW50cnVzdCBHVEkgQ0ExDTALBgNVBAMT
+BENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkwMDAyMjRagQ8yMDE4MTIwOTAwMDIy
+NFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFJOaRMrQeFOAKUkE38evMz+ZdV+u
+MB0GA1UdDgQWBBSTmkTK0HhTgClJBN/HrzM/mXVfrjAMBgNVHRMEBTADAQH/MBkG
+CSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GBAGSJzAOn
+3AryWCDn/RegKHLNh7DNmLUkR2MzMRAQsu+KV3KuTAPgZ5+sYEOEIsGpo+Wxp94J
+1M8NeEYjW49Je/4TIpeU6nJI4SwgeJbpZkUZywllY2E/0UmYsXYQVdVjSmZLpAdr
+3nt/ueaTWxoCW4AO3Y0Y1Iqjwmjxo+AY0U5M
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 913163544 (0x366dc518)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Digital Signature Trust Co., OU=DST-Entrust GTI CA
+        Validity
+            Not Before: Dec  9 00:02:24 1998 GMT
+            Not After : Dec  9 00:32:24 2018 GMT
+        Subject: C=US, O=Digital Signature Trust Co., OU=DST-Entrust GTI CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b6:1d:f7:4b:8d:0f:13:e3:12:f5:09:fe:06:32:
+                    0e:af:4c:41:f5:7d:d4:47:3d:2a:0a:df:83:05:de:
+                    de:7d:e6:03:16:f6:51:3a:cb:47:1a:4a:ad:7e:c4:
+                    fd:1d:b4:be:74:8a:78:dd:0b:83:8e:b4:84:13:c4:
+                    fb:f8:6d:29:ae:a1:e1:0f:0f:43:e3:b5:5e:60:69:
+                    fa:83:94:fc:79:e6:dc:76:ed:d1:44:2b:8e:fd:12:
+                    bb:fe:17:77:17:0c:89:ed:a7:ef:51:7d:c4:ed:38:
+                    c3:3b:a3:7a:fb:e2:4d:a0:60:b5:f2:fd:13:65:d3:
+                    c6:ec:3f:be:35:9c:3d:22:ef
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Digital Signature Trust Co./OU=DST-Entrust GTI CA/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Dec  9 00:02:24 1998 GMT, Not After: Dec  9 00:02:24 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:93:9A:44:CA:D0:78:53:80:29:49:04:DF:C7:AF:33:3F:99:75:5F:AE
+
+            X509v3 Subject Key Identifier: 
+                93:9A:44:CA:D0:78:53:80:29:49:04:DF:C7:AF:33:3F:99:75:5F:AE
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        64:89:cc:03:a7:dc:0a:f2:58:20:e7:fd:17:a0:28:72:cd:87:
+        b0:cd:98:b5:24:47:63:33:31:10:10:b2:ef:8a:57:72:ae:4c:
+        03:e0:67:9f:ac:60:43:84:22:c1:a9:a3:e5:b1:a7:de:09:d4:
+        cf:0d:78:46:23:5b:8f:49:7b:fe:13:22:97:94:ea:72:48:e1:
+        2c:20:78:96:e9:66:45:19:cb:09:65:63:61:3f:d1:49:98:b1:
+        76:10:55:d5:63:4a:66:4b:a4:07:6b:de:7b:7f:b9:e6:93:5b:
+        1a:02:5b:80:0e:dd:8d:18:d4:8a:a3:c2:68:f1:a3:e0:18:d1:
+        4e:4c
+
+Entrust.net Premium 2048 Secure Server CA
+=========================================
+MD5 Fingerprint: BA:21:EA:20:D6:DD:DB:8F:C1:57:8B:40:AD:A1:FC:FC
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
+RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
+IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0xOTEy
+MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
+LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
+YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
+A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq
+K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe
+sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX
+MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
+XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/
+HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH
+4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB0RGA
+vtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMB0G
+CSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA
+WUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFhfGPjK50xA3B20qMo
+oPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVUKcgF7bISKo30Axv/55IQ
+h7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaohowXkCIryqptau37AUX7iH0N18
+f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2+z7pnIkPFc4YsIV4IU9rTw76NmfN
+B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy
+vUxFnmG6v4SBkgPR0ml8xQ==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 946059622 (0x3863b966)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
+        Validity
+            Not Before: Dec 24 17:50:51 1999 GMT
+            Not After : Dec 24 18:20:51 2019 GMT
+        Subject: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ad:4d:4b:a9:12:86:b2:ea:a3:20:07:15:16:64:
+                    2a:2b:4b:d1:bf:0b:4a:4d:8e:ed:80:76:a5:67:b7:
+                    78:40:c0:73:42:c8:68:c0:db:53:2b:dd:5e:b8:76:
+                    98:35:93:8b:1a:9d:7c:13:3a:0e:1f:5b:b7:1e:cf:
+                    e5:24:14:1e:b1:81:a9:8d:7d:b8:cc:6b:4b:03:f1:
+                    02:0c:dc:ab:a5:40:24:00:7f:74:94:a1:9d:08:29:
+                    b3:88:0b:f5:87:77:9d:55:cd:e4:c3:7e:d7:6a:64:
+                    ab:85:14:86:95:5b:97:32:50:6f:3d:c8:ba:66:0c:
+                    e3:fc:bd:b8:49:c1:76:89:49:19:fd:c0:a8:bd:89:
+                    a3:67:2f:c6:9f:bc:71:19:60:b8:2d:e9:2c:c9:90:
+                    76:66:7b:94:e2:af:78:d6:65:53:5d:3c:d6:9c:b2:
+                    cf:29:03:f9:2f:a4:50:b2:d4:48:ce:05:32:55:8a:
+                    fd:b2:64:4c:0e:e4:98:07:75:db:7f:df:b9:08:55:
+                    60:85:30:29:f9:7b:48:a4:69:86:e3:35:3f:1e:86:
+                    5d:7a:7a:15:bd:ef:00:8e:15:22:54:17:00:90:26:
+                    93:bc:0e:49:68:91:bf:f8:47:d3:9d:95:42:c1:0e:
+                    4d:df:6f:26:cf:c3:18:21:62:66:43:70:d6:d5:c0:
+                    07:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Authority Key Identifier: 
+                keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70
+
+            X509v3 Subject Key Identifier: 
+                55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70
+            1.2.840.113533.7.65.0: 
+                0...V5.0:4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        59:47:ac:21:84:8a:17:c9:9c:89:53:1e:ba:80:85:1a:c6:3c:
+        4e:3e:b1:9c:b6:7c:c6:92:5d:18:64:02:e3:d3:06:08:11:61:
+        7c:63:e3:2b:9d:31:03:70:76:d2:a3:28:a0:f4:bb:9a:63:73:
+        ed:6d:e5:2a:db:ed:14:a9:2b:c6:36:11:d0:2b:eb:07:8b:a5:
+        da:9e:5c:19:9d:56:12:f5:54:29:c8:05:ed:b2:12:2a:8d:f4:
+        03:1b:ff:e7:92:10:87:b0:3a:b5:c3:9d:05:37:12:a3:c7:f4:
+        15:b9:d5:a4:39:16:9b:53:3a:23:91:f1:a8:82:a2:6a:88:68:
+        c1:79:02:22:bc:aa:a6:d6:ae:df:b0:14:5f:b8:87:d0:dd:7c:
+        7f:7b:ff:af:1c:cf:e6:db:07:ad:5e:db:85:9d:d0:2b:0d:33:
+        db:04:d1:e6:49:40:13:2b:76:fb:3e:e9:9c:89:0f:15:ce:18:
+        b0:85:78:21:4f:6b:4f:0e:fa:36:67:cd:07:f2:ff:08:d0:e2:
+        de:d9:bf:2a:af:b8:87:86:21:3c:04:ca:b7:94:68:7f:cf:3c:
+        e9:98:d7:38:ff:ec:c0:d9:50:f0:2e:4b:58:ae:46:6f:d0:2e:
+        c3:60:da:72:55:72:bd:4c:45:9e:61:ba:bf:84:81:92:03:d1:
+        d2:69:7c:c5
+
+Entrust.net Secure Personal CA
+==============================
+MD5 Fingerprint: 0C:41:2F:13:5B:A0:54:F5:96:66:2D:7E:CD:0E:03:F4
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50cnVzdC5u
+ZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBsaW1pdHMgbGlh
+Yi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV
+BAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBaMIHJMQswCQYDVQQGEwJVUzEU
+MBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9D
+bGllbnRfQ0FfSW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjEl
+MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMq
+RW50cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0G
+CSqGSIb3DQEBAQUAA4GLADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo
+6oT9n3V5z8GKUZSvx1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux
+5zDeg7K6PvHViTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zm
+AqTmT173iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSC
+ARkwggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50
+cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5m
+by9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMp
+IDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQg
+Q2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCyg
+KqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9DbGllbnQxLmNybDArBgNV
+HRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkxMDEyMTkyNDMwWjALBgNVHQ8E
+BAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW/O5bs8qZdIuV6kwwHQYDVR0OBBYE
+FMT7nCl7l81MlvzuW7PKmXSLlepMMAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EA
+BAwwChsEVjQuMAMCBJAwDQYJKoZIhvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7
+pFuPeJoSSJn59DXeDDYHAmsQOokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzz
+wy5E97BnRqqS5TvaHBkUODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/a
+EkP/TOYGJqibGapEPHayXOw=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 939758062 (0x380391ee)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=Entrust.net, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Client Certification Authority
+        Validity
+            Not Before: Oct 12 19:24:30 1999 GMT
+            Not After : Oct 12 19:54:30 2019 GMT
+        Subject: C=US, O=Entrust.net, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Client Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c8:3a:99:5e:31:17:df:ac:27:6f:90:7b:e4:19:
+                    ff:45:a3:34:c2:db:c1:a8:4f:f0:68:ea:84:fd:9f:
+                    75:79:cf:c1:8a:51:94:af:c7:57:03:47:64:9e:ad:
+                    82:1b:5a:da:7f:37:78:47:bb:37:98:12:96:ce:c6:
+                    13:7d:ef:d2:0c:30:51:a9:39:9e:55:f8:fb:b1:e7:
+                    30:de:83:b2:ba:3e:f1:d5:89:3b:3b:85:ba:aa:74:
+                    2c:fe:3f:31:6e:af:91:95:6e:06:d4:07:4d:4b:2c:
+                    56:47:18:04:52:da:0e:10:93:bf:63:90:9b:e1:df:
+                    8c:e6:02:a4:e6:4f:5e:f7:8b
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Entrust.net/OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab./OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Client Certification Authority/CN=CRL1
+                URI:http://www.entrust.net/CRL/Client1.crl
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Oct 12 19:24:30 1999 GMT, Not After: Oct 12 19:24:30 2019 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:C4:FB:9C:29:7B:97:CD:4C:96:FC:EE:5B:B3:CA:99:74:8B:95:EA:4C
+
+            X509v3 Subject Key Identifier: 
+                C4:FB:9C:29:7B:97:CD:4C:96:FC:EE:5B:B3:CA:99:74:8B:95:EA:4C
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: md5WithRSAEncryption
+        3f:ae:8a:f1:d7:66:03:05:9e:3e:fa:ea:1c:46:bb:a4:5b:8f:
+        78:9a:12:48:99:f9:f4:35:de:0c:36:07:02:6b:10:3a:89:14:
+        81:9c:31:a6:7c:b2:41:b2:6a:e7:07:01:a1:4b:f9:9f:25:3b:
+        96:ca:99:c3:3e:a1:51:1c:f3:c3:2e:44:f7:b0:67:46:aa:92:
+        e5:3b:da:1c:19:14:38:30:d5:e2:a2:31:25:2e:f1:ec:45:38:
+        ed:f8:06:58:03:73:62:b0:10:31:8f:40:bf:64:e0:5c:3e:c5:
+        4f:1f:da:12:43:ff:4c:e6:06:26:a8:9b:19:aa:44:3c:76:b2:
+        5c:ec
+
+Entrust.net Secure Server CA
+============================
+MD5 Fingerprint: DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
+ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
+KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
+ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
+MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
+ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
+b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
+bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
+U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
+A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
+I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
+wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
+AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
+oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
+BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
+dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
+MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
+dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
+MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
+E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
+MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
+hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
+95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
+2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 927650371 (0x374ad243)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
+        Validity
+            Not Before: May 25 16:09:40 1999 GMT
+            Not After : May 25 16:39:40 2019 GMT
+        Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cd:28:83:34:54:1b:89:f3:0f:af:37:91:31:ff:
+                    af:31:60:c9:a8:e8:b2:10:68:ed:9f:e7:93:36:f1:
+                    0a:64:bb:47:f5:04:17:3f:23:47:4d:c5:27:19:81:
+                    26:0c:54:72:0d:88:2d:d9:1f:9a:12:9f:bc:b3:71:
+                    d3:80:19:3f:47:66:7b:8c:35:28:d2:b9:0a:df:24:
+                    da:9c:d6:50:79:81:7a:5a:d3:37:f7:c2:4a:d8:29:
+                    92:26:64:d1:e4:98:6c:3a:00:8a:f5:34:9b:65:f8:
+                    ed:e3:10:ff:fd:b8:49:58:dc:a0:de:82:39:6b:81:
+                    b1:16:19:61:b9:54:b6:e6:43
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority/CN=CRL1
+                URI:http://www.entrust.net/CRL/net1.crl
+
+            X509v3 Private Key Usage Period: 
+                Not Before: May 25 16:09:40 1999 GMT, Not After: May 25 16:09:40 2019 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
+
+            X509v3 Subject Key Identifier: 
+                F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        90:dc:30:02:fa:64:74:c2:a7:0a:a5:7c:21:8d:34:17:a8:fb:
+        47:0e:ff:25:7c:8d:13:0a:fb:e4:98:b5:ef:8c:f8:c5:10:0d:
+        f7:92:be:f1:c3:d5:d5:95:6a:04:bb:2c:ce:26:36:65:c8:31:
+        c6:e7:ee:3f:e3:57:75:84:7a:11:ef:46:4f:18:f4:d3:98:bb:
+        a8:87:32:ba:72:f6:3c:e2:3d:9f:d7:1d:d9:c3:60:43:8c:58:
+        0e:22:96:2f:62:a3:2c:1f:ba:ad:05:ef:ab:32:78:87:a0:54:
+        73:19:b5:5c:05:f9:52:3e:6d:2d:45:0b:f7:0a:93:ea:ed:06:
+        f9:b2
+
+Equifax Premium CA
+==================
+MD5 Fingerprint: A9:E9:A8:9D:0E:73:E3:B1:2F:37:0D:E8:48:3F:86:ED
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDIzCCAoygAwIBAgIENeHvHjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEuMCwGA1UECxMlRXF1aWZheCBQcmVtaXVtIENl
+cnRpZmljYXRlIEF1dGhvcml0eTAeFw05ODA4MjQyMjU0MjNaFw0xODA4MjQyMjU0
+MjNaME8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS4wLAYDVQQLEyVF
+cXVpZmF4IFByZW1pdW0gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQDOoQaOBswIC8GGqN4g1Q0O0Q3En+pq2bPCMkdAb4qI
+pAm9OCwd5svmpPM269rrvPxkswf2Lbyqzp8ZSGhK/PWiRX4JEPWPs0lcIwY56hOL
+uAvNkR12X9k3oUT7X5DyZ7PNGJlDH3YSawLylYM4Q8L2YjTKyXhdX9LYupr/vhBg
+WwIDAQABo4IBCjCCAQYwcQYDVR0fBGowaDBmoGSgYqRgMF4xCzAJBgNVBAYTAlVT
+MRAwDgYDVQQKEwdFcXVpZmF4MS4wLAYDVQQLEyVFcXVpZmF4IFByZW1pdW0gQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIw
+MTgwODI0MjI1NDIzWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUFe6yKFmrbuX4
+z4uB9CThrj91G5gwHQYDVR0OBBYEFBXusihZq27l+M+LgfQk4a4/dRuYMAwGA1Ud
+EwQFMAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEB
+BQUAA4GBAL0LnCepA9so3JipS9DRjqeoGlqR4Jzx9xh8LiKeNh/JqLXNRkpu+jUH
+G4YI65/iqPmdQS06rlxctl80BOv8KmCw+3TkhellOJbuFcfGd2MSvYpoH6tsfdrK
+XBPO6snrCVzFc+cSAdXZUwee4A+W8Iu0u0VIn4bFGVWgy5bFA/xI
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 903999262 (0x35e1ef1e)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Equifax, OU=Equifax Premium Certificate Authority
+        Validity
+            Not Before: Aug 24 22:54:23 1998 GMT
+            Not After : Aug 24 22:54:23 2018 GMT
+        Subject: C=US, O=Equifax, OU=Equifax Premium Certificate Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ce:a1:06:8e:06:cc:08:0b:c1:86:a8:de:20:d5:
+                    0d:0e:d1:0d:c4:9f:ea:6a:d9:b3:c2:32:47:40:6f:
+                    8a:88:a4:09:bd:38:2c:1d:e6:cb:e6:a4:f3:36:eb:
+                    da:eb:bc:fc:64:b3:07:f6:2d:bc:aa:ce:9f:19:48:
+                    68:4a:fc:f5:a2:45:7e:09:10:f5:8f:b3:49:5c:23:
+                    06:39:ea:13:8b:b8:0b:cd:91:1d:76:5f:d9:37:a1:
+                    44:fb:5f:90:f2:67:b3:cd:18:99:43:1f:76:12:6b:
+                    02:f2:95:83:38:43:c2:f6:62:34:ca:c9:78:5d:5f:
+                    d2:d8:ba:9a:ff:be:10:60:5b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Equifax/OU=Equifax Premium Certificate Authority/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not After: Aug 24 22:54:23 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:15:EE:B2:28:59:AB:6E:E5:F8:CF:8B:81:F4:24:E1:AE:3F:75:1B:98
+
+            X509v3 Subject Key Identifier: 
+                15:EE:B2:28:59:AB:6E:E5:F8:CF:8B:81:F4:24:E1:AE:3F:75:1B:98
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0...V3.0c....
+    Signature Algorithm: sha1WithRSAEncryption
+        bd:0b:9c:27:a9:03:db:28:dc:98:a9:4b:d0:d1:8e:a7:a8:1a:
+        5a:91:e0:9c:f1:f7:18:7c:2e:22:9e:36:1f:c9:a8:b5:cd:46:
+        4a:6e:fa:35:07:1b:86:08:eb:9f:e2:a8:f9:9d:41:2d:3a:ae:
+        5c:5c:b6:5f:34:04:eb:fc:2a:60:b0:fb:74:e4:85:e9:65:38:
+        96:ee:15:c7:c6:77:63:12:bd:8a:68:1f:ab:6c:7d:da:ca:5c:
+        13:ce:ea:c9:eb:09:5c:c5:73:e7:12:01:d5:d9:53:07:9e:e0:
+        0f:96:f0:8b:b4:bb:45:48:9f:86:c5:19:55:a0:cb:96:c5:03:
+        fc:48
+
+Equifax Secure CA
+=================
+MD5 Fingerprint: 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
+MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
+dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
+BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
+cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
+ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
+IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
+7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
+1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 903804111 (0x35def4cf)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+        Validity
+            Not Before: Aug 22 16:41:51 1998 GMT
+            Not After : Aug 22 16:41:51 2018 GMT
+        Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c1:5d:b1:58:67:08:62:ee:a0:9a:2d:1f:08:6d:
+                    91:14:68:98:0a:1e:fe:da:04:6f:13:84:62:21:c3:
+                    d1:7c:ce:9f:05:e0:b8:01:f0:4e:34:ec:e2:8a:95:
+                    04:64:ac:f1:6b:53:5f:05:b3:cb:67:80:bf:42:02:
+                    8e:fe:dd:01:09:ec:e1:00:14:4f:fc:fb:f0:0c:dd:
+                    43:ba:5b:2b:e1:1f:80:70:99:15:57:93:16:f1:0f:
+                    97:6a:b7:c2:68:23:1c:cc:4d:59:30:ac:51:1e:3b:
+                    af:2b:d6:ee:63:45:7b:c5:d9:5f:50:d2:e3:50:0f:
+                    3a:88:e7:bf:14:fd:e0:c7:b9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not After: Aug 22 16:41:51 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
+
+            X509v3 Subject Key Identifier: 
+                48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0...V3.0c....
+    Signature Algorithm: sha1WithRSAEncryption
+        58:ce:29:ea:fc:f7:de:b5:ce:02:b9:17:b5:85:d1:b9:e3:e0:
+        95:cc:25:31:0d:00:a6:92:6e:7f:b6:92:63:9e:50:95:d1:9a:
+        6f:e4:11:de:63:85:6e:98:ee:a8:ff:5a:c8:d3:55:b2:66:71:
+        57:de:c0:21:eb:3d:2a:a7:23:49:01:04:86:42:7b:fc:ee:7f:
+        a2:16:52:b5:67:67:d3:40:db:3b:26:58:b2:28:77:3d:ae:14:
+        77:61:d6:fa:2a:66:27:a0:0d:fa:a7:73:5c:ea:70:f1:94:21:
+        65:44:5f:fa:fc:ef:29:68:a9:a2:87:79:ef:79:ef:4f:ac:07:
+        77:38
+
+GTE CyberTrust Global Root
+==========================
+MD5 Fingerprint: CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
+b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
+cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
+b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
+iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
+r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
+04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
+GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
+3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
+lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 421 (0x1a5)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
+        Validity
+            Not Before: Aug 13 00:29:00 1998 GMT
+            Not After : Aug 13 23:59:00 2018 GMT
+        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:95:0f:a0:b6:f0:50:9c:e8:7a:c7:88:cd:dd:17:
+                    0e:2e:b0:94:d0:1b:3d:0e:f6:94:c0:8a:94:c7:06:
+                    c8:90:97:c8:b8:64:1a:7a:7e:6c:3c:53:e1:37:28:
+                    73:60:7f:b2:97:53:07:9f:53:f9:6d:58:94:d2:af:
+                    8d:6d:88:67:80:e6:ed:b2:95:cf:72:31:ca:a5:1c:
+                    72:ba:5c:02:e7:64:42:e7:f9:a9:2c:d6:3a:0d:ac:
+                    8d:42:aa:24:01:39:e6:9c:3f:01:85:57:0d:58:87:
+                    45:f8:d3:85:aa:93:69:26:85:70:48:80:3f:12:15:
+                    c7:79:b4:1f:05:2f:3b:62:99
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        6d:eb:1b:09:e9:5e:d9:51:db:67:22:61:a4:2a:3c:48:77:e3:
+        a0:7c:a6:de:73:a2:14:03:85:3d:fb:ab:0e:30:c5:83:16:33:
+        81:13:08:9e:7b:34:4e:df:40:c8:74:d7:b9:7d:dc:f4:76:55:
+        7d:9b:63:54:18:e9:f0:ea:f3:5c:b1:d9:8b:42:1e:b9:c0:95:
+        4e:ba:fa:d5:e2:7c:f5:68:61:bf:8e:ec:05:97:5f:5b:b0:d7:
+        a3:85:34:c4:24:a7:0d:0f:95:93:ef:cb:94:d8:9e:1f:9d:5c:
+        85:6d:c7:aa:ae:4f:1f:22:b5:cd:95:ad:ba:a7:cc:f9:ab:0b:
+        7a:7f
+
+GTE CyberTrust Japan Root CA
+============================
+MD5 Fingerprint: DE:AB:FF:43:2A:65:37:06:9B:28:B5:7A:E8:84:D3:8E
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICETCCAXoCAU4wDQYJKoZIhvcNAQEEBQAwUTELMAkGA1UEBhMCSlAxHzAdBgNV
+BAoTFkN5YmVyVHJ1c3QgSmFwYW4sIEluYy4xITAfBgNVBAMTGEN5YmVyVHJ1c3Qg
+SkFQQU4gUm9vdCBDQTAeFw05ODA4MDQwNzU3MDBaFw0wMzA4MDQyMzU5MDBaMFEx
+CzAJBgNVBAYTAkpQMR8wHQYDVQQKExZDeWJlclRydXN0IEphcGFuLCBJbmMuMSEw
+HwYDVQQDExhDeWJlclRydXN0IEpBUEFOIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEB
+BQADgY0AMIGJAoGBALet/MpHEHaJ/Wes5HMGfIFLHda1fA5Hr+ymVHWoxP1lr+fI
+sbFsNDWN97lkVygLIVredP7ceC6GRhJMfxEf3JO9X75mmIa4t+xtSdOQ2eF5AFZo
+uq1sHyw7H8ksjEOwBELqgXOmzjN1RQ2KRXIvqldV5AfDQ+J1Og+8PNCEzrrvAgMB
+AAEwDQYJKoZIhvcNAQEEBQADgYEAt6ZkowyAPBzE2O5BO+WGpJ5gXdYBMqhqZC0g
+cEC6ck5m+gdlTgOOC/1W4K07IKcy+rISHoDfHuN6GMxX2+bJNGDvdesQFtCkLnDY
+JCO4pXdzQvkHOt0BbAiTBzUmECVgKf8J5WSfabkWSfNc3SRjRpMNsFM2dbxIILsZ
+to/QIv0=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 78 (0x4e)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Root CA
+        Validity
+            Not Before: Aug  4 07:57:00 1998 GMT
+            Not After : Aug  4 23:59:00 2003 GMT
+        Subject: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b7:ad:fc:ca:47:10:76:89:fd:67:ac:e4:73:06:
+                    7c:81:4b:1d:d6:b5:7c:0e:47:af:ec:a6:54:75:a8:
+                    c4:fd:65:af:e7:c8:b1:b1:6c:34:35:8d:f7:b9:64:
+                    57:28:0b:21:5a:de:74:fe:dc:78:2e:86:46:12:4c:
+                    7f:11:1f:dc:93:bd:5f:be:66:98:86:b8:b7:ec:6d:
+                    49:d3:90:d9:e1:79:00:56:68:ba:ad:6c:1f:2c:3b:
+                    1f:c9:2c:8c:43:b0:04:42:ea:81:73:a6:ce:33:75:
+                    45:0d:8a:45:72:2f:aa:57:55:e4:07:c3:43:e2:75:
+                    3a:0f:bc:3c:d0:84:ce:ba:ef
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        b7:a6:64:a3:0c:80:3c:1c:c4:d8:ee:41:3b:e5:86:a4:9e:60:
+        5d:d6:01:32:a8:6a:64:2d:20:70:40:ba:72:4e:66:fa:07:65:
+        4e:03:8e:0b:fd:56:e0:ad:3b:20:a7:32:fa:b2:12:1e:80:df:
+        1e:e3:7a:18:cc:57:db:e6:c9:34:60:ef:75:eb:10:16:d0:a4:
+        2e:70:d8:24:23:b8:a5:77:73:42:f9:07:3a:dd:01:6c:08:93:
+        07:35:26:10:25:60:29:ff:09:e5:64:9f:69:b9:16:49:f3:5c:
+        dd:24:63:46:93:0d:b0:53:36:75:bc:48:20:bb:19:b6:8f:d0:
+        22:fd
+
+GTE CyberTrust Japan Secure Server CA
+=====================================
+MD5 Fingerprint: DD:0D:0D:B4:78:4B:7D:CE:30:0A:A6:35:C6:AB:4C:88
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICIzCCAYwCAU8wDQYJKoZIhvcNAQEEBQAwWjELMAkGA1UEBhMCSlAxHzAdBgNV
+BAoTFkN5YmVyVHJ1c3QgSmFwYW4sIEluYy4xKjAoBgNVBAMTIUN5YmVyVHJ1c3Qg
+SkFQQU4gU2VjdXJlIFNlcnZlciBDQTAeFw05ODA4MDQwODA2MzJaFw0wMzA4MDQy
+MzU5MDBaMFoxCzAJBgNVBAYTAkpQMR8wHQYDVQQKExZDeWJlclRydXN0IEphcGFu
+LCBJbmMuMSowKAYDVQQDEyFDeWJlclRydXN0IEpBUEFOIFNlY3VyZSBTZXJ2ZXIg
+Q0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKwmo6G4b2rALBL52zEFkuf9
++tSBtLjVKtWQ+vBDZfwSFcrs27lh3jNjN0+vADx/kjcbGHPlnzyI8RoTRP558sMm
+lQ8L8J4UByFsV8Jdw+JRsM2LX81fhjj4eZc57Oi/Ui6xXqqprozt7tfIty4xi7Q5
+kjt8gScHGgFEL0lzILbJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAaB17Eu5aeSkx
+ygGsi1CpJ5ksAPw4Ghz/wtXwE/4bpzn1gBTrUfrAjXuEG1musTVRbqE+1xvsoJ7f
+4KWCluOxP9io8ct5gI738ESZfhT1I6MR42hLBTZuiOOrhqo4UwNCO9O5+eC/BenT
+X8NKp7b9t12QSfiasq1mpoIAk65g/yA=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 79 (0x4f)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Secure Server CA
+        Validity
+            Not Before: Aug  4 08:06:32 1998 GMT
+            Not After : Aug  4 23:59:00 2003 GMT
+        Subject: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Secure Server CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ac:26:a3:a1:b8:6f:6a:c0:2c:12:f9:db:31:05:
+                    92:e7:fd:fa:d4:81:b4:b8:d5:2a:d5:90:fa:f0:43:
+                    65:fc:12:15:ca:ec:db:b9:61:de:33:63:37:4f:af:
+                    00:3c:7f:92:37:1b:18:73:e5:9f:3c:88:f1:1a:13:
+                    44:fe:79:f2:c3:26:95:0f:0b:f0:9e:14:07:21:6c:
+                    57:c2:5d:c3:e2:51:b0:cd:8b:5f:cd:5f:86:38:f8:
+                    79:97:39:ec:e8:bf:52:2e:b1:5e:aa:a9:ae:8c:ed:
+                    ee:d7:c8:b7:2e:31:8b:b4:39:92:3b:7c:81:27:07:
+                    1a:01:44:2f:49:73:20:b6:c9
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        68:1d:7b:12:ee:5a:79:29:31:ca:01:ac:8b:50:a9:27:99:2c:
+        00:fc:38:1a:1c:ff:c2:d5:f0:13:fe:1b:a7:39:f5:80:14:eb:
+        51:fa:c0:8d:7b:84:1b:59:ae:b1:35:51:6e:a1:3e:d7:1b:ec:
+        a0:9e:df:e0:a5:82:96:e3:b1:3f:d8:a8:f1:cb:79:80:8e:f7:
+        f0:44:99:7e:14:f5:23:a3:11:e3:68:4b:05:36:6e:88:e3:ab:
+        86:aa:38:53:03:42:3b:d3:b9:f9:e0:bf:05:e9:d3:5f:c3:4a:
+        a7:b6:fd:b7:5d:90:49:f8:9a:b2:ad:66:a6:82:00:93:ae:60:
+        ff:20
+
+GTE CyberTrust Root 2
+=====================
+MD5 Fingerprint: BA:ED:17:57:9A:4B:FF:7C:F9:C9:1F:A2:CD:1A:D6:87
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbkCAgGbMA0GCSqGSIb3DQEBBAUAMHAxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEeMBwGA1UEAxMVR1RFIEN5YmVyVHJ1c3QgUm9vdCAyMB4X
+DTk4MDgxMTExMzUwN1oXDTA4MDgxMTExMjIxNlowcDELMAkGA1UEBhMCVVMxGDAW
+BgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3Qg
+U29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290IDIw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANksTE4vaRoj41a6886EwAnAefFE
+XzMfFZF/iogouCRFzI8YzR900bWPcUzWMfZzloSUQMWpg2Akfa9vNLdLTMIJgDtF
+BJ7EPMQndXsADKFkR7UUXYJLUTpYu0RMPdPlBjjoYVyYeLuAs5zacoJioN+cX+v5
+T3fCzGAYAGs0giWzAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAo2SRbxDt526iQkCU
+eM74FAjR+kOF60bNkhTQ7y4tNjkY2brJJ4gp6UgXb/jBqshhbS39QC11QzCXOfgU
+ZL1v72OoK0LfsloNJex7N9jOkSmCFvnoYqLhdsQCfd0li5jh9g1gjPZZkEBRRNHC
++xkkHhc5a3QhFTPWVdeCHnAsJ6g=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 411 (0x19b)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 2
+        Validity
+            Not Before: Aug 11 11:35:07 1998 GMT
+            Not After : Aug 11 11:22:16 2008 GMT
+        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d9:2c:4c:4e:2f:69:1a:23:e3:56:ba:f3:ce:84:
+                    c0:09:c0:79:f1:44:5f:33:1f:15:91:7f:8a:88:28:
+                    b8:24:45:cc:8f:18:cd:1f:74:d1:b5:8f:71:4c:d6:
+                    31:f6:73:96:84:94:40:c5:a9:83:60:24:7d:af:6f:
+                    34:b7:4b:4c:c2:09:80:3b:45:04:9e:c4:3c:c4:27:
+                    75:7b:00:0c:a1:64:47:b5:14:5d:82:4b:51:3a:58:
+                    bb:44:4c:3d:d3:e5:06:38:e8:61:5c:98:78:bb:80:
+                    b3:9c:da:72:82:62:a0:df:9c:5f:eb:f9:4f:77:c2:
+                    cc:60:18:00:6b:34:82:25:b3
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        a3:64:91:6f:10:ed:e7:6e:a2:42:40:94:78:ce:f8:14:08:d1:
+        fa:43:85:eb:46:cd:92:14:d0:ef:2e:2d:36:39:18:d9:ba:c9:
+        27:88:29:e9:48:17:6f:f8:c1:aa:c8:61:6d:2d:fd:40:2d:75:
+        43:30:97:39:f8:14:64:bd:6f:ef:63:a8:2b:42:df:b2:5a:0d:
+        25:ec:7b:37:d8:ce:91:29:82:16:f9:e8:62:a2:e1:76:c4:02:
+        7d:dd:25:8b:98:e1:f6:0d:60:8c:f6:59:90:40:51:44:d1:c2:
+        fb:19:24:1e:17:39:6b:74:21:15:33:d6:55:d7:82:1e:70:2c:
+        27:a8
+
+GTE CyberTrust Root 3
+=====================
+MD5 Fingerprint: DB:81:96:57:AE:64:61:EF:77:A7:83:C4:51:24:3C:87
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbkCAgGXMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEeMBwGA1UEAxMVR1RFIEN5YmVyVHJ1c3QgUm9vdCAzMB4X
+DTk4MDgxMDE5NTkwOFoXDTA4MDgxMDE5MzYzOVowcDELMAkGA1UEBhMCVVMxGDAW
+BgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3Qg
+U29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290IDMw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHzsSsLztwU2TSXYlASVmOETFP6
+wIXP+sHdD955E39T+6oOYN3iYr/G7k6ZNKpoQzWZ+KP982O9AVRqnrI6lix7eCjG
+WrWNGhUY/eOMLqJQCVtx1g21GB8ZjgQpk5N4q18U53NC8gMMV6IbUDsLu1ngoDoD
+7icbWky5sAjKuRqJAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAheutlCAG6bKiazvy
+ZuvjS7gSJgXl9JGo3IfcmPSUwfRhvdWcbFFzlV7QvdfmRdw8z0aE1ee57ORnY24A
+KHdxXUoF6bl8hszCRLveKUja6t29F58dUQGo6BResVf3/9qPzpX+Le0yEnf/fGph
+la4xcgYI8PnzDY7i76hTXZEDg94=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 407 (0x197)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 3
+        Validity
+            Not Before: Aug 10 19:59:08 1998 GMT
+            Not After : Aug 10 19:36:39 2008 GMT
+        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e1:f3:b1:2b:0b:ce:dc:14:d9:34:97:62:50:12:
+                    56:63:84:4c:53:fa:c0:85:cf:fa:c1:dd:0f:de:79:
+                    13:7f:53:fb:aa:0e:60:dd:e2:62:bf:c6:ee:4e:99:
+                    34:aa:68:43:35:99:f8:a3:fd:f3:63:bd:01:54:6a:
+                    9e:b2:3a:96:2c:7b:78:28:c6:5a:b5:8d:1a:15:18:
+                    fd:e3:8c:2e:a2:50:09:5b:71:d6:0d:b5:18:1f:19:
+                    8e:04:29:93:93:78:ab:5f:14:e7:73:42:f2:03:0c:
+                    57:a2:1b:50:3b:0b:bb:59:e0:a0:3a:03:ee:27:1b:
+                    5a:4c:b9:b0:08:ca:b9:1a:89
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        85:eb:ad:94:20:06:e9:b2:a2:6b:3b:f2:66:eb:e3:4b:b8:12:
+        26:05:e5:f4:91:a8:dc:87:dc:98:f4:94:c1:f4:61:bd:d5:9c:
+        6c:51:73:95:5e:d0:bd:d7:e6:45:dc:3c:cf:46:84:d5:e7:b9:
+        ec:e4:67:63:6e:00:28:77:71:5d:4a:05:e9:b9:7c:86:cc:c2:
+        44:bb:de:29:48:da:ea:dd:bd:17:9f:1d:51:01:a8:e8:14:5e:
+        b1:57:f7:ff:da:8f:ce:95:fe:2d:ed:32:12:77:ff:7c:6a:61:
+        95:ae:31:72:06:08:f0:f9:f3:0d:8e:e2:ef:a8:53:5d:91:03:
+        83:de
+
+GTE CyberTrust Root 4
+=====================
+MD5 Fingerprint: 33:43:02:B1:B9:E0:73:B1:B1:20:CA:CB:C7:84:03:50
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDVTCCAj0CAgGoMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEeMBwGA1UEAxMVR1RFIEN5YmVyVHJ1c3QgUm9vdCA0MB4X
+DTk4MDgxMzEzNTEwMFoXDTEzMDgxMzIzNTkwMFowcDELMAkGA1UEBhMCVVMxGDAW
+BgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3Qg
+U29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290IDQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6nSJuf9pmPDlCsaMqb9P3
+vK6sMVrXEZBHuZ0ZLvnzGyKgw+GnusT8XgqUS5haSybkH/Tc8/6OiNxsLXx3hyZQ
+wF5OqCih6hdpT03GAQ7amg0GViYVtqRdejWvje14Uob5OKuzAdPaBZaxtlCrwKGu
+F1P6QzkgcWUj223Etu2YRYPX0vbiqWv7+XXM78WrcZY16N+OkZuoEHUft84Tjmuz
+lneXGpEvxyxpmfAPKmgAmHZEG4wo0uuO9IO0f6QlXmw72cZo1WG41F4xB7VbkDVS
+V3sXIO0tuB6OiDk+Usvf8FyxZbulErSQY79xnTLB2r9QSpW+BjrEK+vNmHZETQvl
+AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEOvHIfJSbpliTRJPOoHO0eiedSgO5Bs
+3n+oVMPoTEAyvMjsHOXZrEC6/Iw/wnOc9GTq36ntTlvIAWDuOW1DJ/N/qgjS/k5v
+FDJNfeQ0gKU1xNZGULQ7oC1lH09lfjQoLcCndn0xyQ0zFvYgGSARULsDzHBtlrfv
+TKfaNhXPu03UltyITWyY7blz/ihXoO1k+AqBKXP29pcyhzm0ge/ZTRoHNPe6QjXe
+V9xc1vfF6wonDIGmwtBoTv2SW0iD9haKjzZb7TFsP0F6cfeSPzGkCkBM84biYcE8
+SYEtpbjvupcPvCsdm4ny0o4eTYbywqv2LZnAGyoNobZP+SxYTT19Nwo=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 424 (0x1a8)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 4
+        Validity
+            Not Before: Aug 13 13:51:00 1998 GMT
+            Not After : Aug 13 23:59:00 2013 GMT
+        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 4
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ba:9d:22:6e:7f:da:66:3c:39:42:b1:a3:2a:6f:
+                    d3:f7:bc:ae:ac:31:5a:d7:11:90:47:b9:9d:19:2e:
+                    f9:f3:1b:22:a0:c3:e1:a7:ba:c4:fc:5e:0a:94:4b:
+                    98:5a:4b:26:e4:1f:f4:dc:f3:fe:8e:88:dc:6c:2d:
+                    7c:77:87:26:50:c0:5e:4e:a8:28:a1:ea:17:69:4f:
+                    4d:c6:01:0e:da:9a:0d:06:56:26:15:b6:a4:5d:7a:
+                    35:af:8d:ed:78:52:86:f9:38:ab:b3:01:d3:da:05:
+                    96:b1:b6:50:ab:c0:a1:ae:17:53:fa:43:39:20:71:
+                    65:23:db:6d:c4:b6:ed:98:45:83:d7:d2:f6:e2:a9:
+                    6b:fb:f9:75:cc:ef:c5:ab:71:96:35:e8:df:8e:91:
+                    9b:a8:10:75:1f:b7:ce:13:8e:6b:b3:96:77:97:1a:
+                    91:2f:c7:2c:69:99:f0:0f:2a:68:00:98:76:44:1b:
+                    8c:28:d2:eb:8e:f4:83:b4:7f:a4:25:5e:6c:3b:d9:
+                    c6:68:d5:61:b8:d4:5e:31:07:b5:5b:90:35:52:57:
+                    7b:17:20:ed:2d:b8:1e:8e:88:39:3e:52:cb:df:f0:
+                    5c:b1:65:bb:a5:12:b4:90:63:bf:71:9d:32:c1:da:
+                    bf:50:4a:95:be:06:3a:c4:2b:eb:cd:98:76:44:4d:
+                    0b:e5
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        43:af:1c:87:c9:49:ba:65:89:34:49:3c:ea:07:3b:47:a2:79:
+        d4:a0:3b:90:6c:de:7f:a8:54:c3:e8:4c:40:32:bc:c8:ec:1c:
+        e5:d9:ac:40:ba:fc:8c:3f:c2:73:9c:f4:64:ea:df:a9:ed:4e:
+        5b:c8:01:60:ee:39:6d:43:27:f3:7f:aa:08:d2:fe:4e:6f:14:
+        32:4d:7d:e4:34:80:a5:35:c4:d6:46:50:b4:3b:a0:2d:65:1f:
+        4f:65:7e:34:28:2d:c0:a7:76:7d:31:c9:0d:33:16:f6:20:19:
+        20:11:50:bb:03:cc:70:6d:96:b7:ef:4c:a7:da:36:15:cf:bb:
+        4d:d4:96:dc:88:4d:6c:98:ed:b9:73:fe:28:57:a0:ed:64:f8:
+        0a:81:29:73:f6:f6:97:32:87:39:b4:81:ef:d9:4d:1a:07:34:
+        f7:ba:42:35:de:57:dc:5c:d6:f7:c5:eb:0a:27:0c:81:a6:c2:
+        d0:68:4e:fd:92:5b:48:83:f6:16:8a:8f:36:5b:ed:31:6c:3f:
+        41:7a:71:f7:92:3f:31:a4:0a:40:4c:f3:86:e2:61:c1:3c:49:
+        81:2d:a5:b8:ef:ba:97:0f:bc:2b:1d:9b:89:f2:d2:8e:1e:4d:
+        86:f2:c2:ab:f6:2d:99:c0:1b:2a:0d:a1:b6:4f:f9:2c:58:4d:
+        3d:7d:37:0a
+
+GTE CyberTrust Root 5
+=====================
+MD5 Fingerprint: 7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgICAbYwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1
+c3QgU29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290
+IDUwHhcNOTgwODE0MTQ1MDAwWhcNMTMwODE0MjM1OTAwWjBwMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
+cnVzdCBTb2x1dGlvbnMsIEluYy4xHjAcBgNVBAMTFUdURSBDeWJlclRydXN0IFJv
+b3QgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALwSbj+KfHqXAewe
+uzlaAvR4RKJIG457SVJ6uHtHs6+Um2+7lvoramVcuByUc76/iQoigO5X/IwFu3Cf
+lzkE2qOHXKjlyq/AM5rVN1xLrOSA0KYjYPv9ci6UncfOwgQy73hgXe2thw9FZR48
+mgqavl0dmezn8tHGehfZrZtUln/EfGC/haoVNR1A2hG87FQhKC0joajwzy3N3fx+
+D17hZQdWywe00lboXjHMGGPEhtIthc+Tkqtt/mg5+95zvYb45EZ66p8My/QZ/mO8
+0Sx7iDM29uThnAxTgWAc2i6rlqkWiBNQmbK9Vd8VMH7o5Zj7cH5stQf8/Ea30O03
+ln4y/iECAwEAAaNaMFgwEgYDVR0TAQH/BAgwBgEB/wIBBTAOBgNVHQ8BAf8EBAMC
+AQYwFwYDVR0gBBAwDjAMBgoqhkiG+GMBAgEDMBkGA1UdDgQSBBB2CkkhOEyf3vjE
+ScdxcZGdMA0GCSqGSIb3DQEBBQUAA4IBAQBBOtQYW9q43iEc4Y4J5fFoNP/elvQH
+9ac886xKsZv6kvqb7eYyIapKdsXcTzjl39WG5NXIdn2Y17HNj021kSNsi4rr6nzv
+FJTExvAfSi0ycWMrY5EmAgm2gB3t4sy4f9uHY8jh0GwmsTUdQGYQG82VVBgzYewT
+T9oT95mvPtDPjqZyorPDBZrJJ32SzH5SjbOrcG2eiZ9N6xp1wpiq1QIW1wyKvyXk
+6y28mOlYOBl8uTf+2+KZCHMGx5eDan0QAS8yuRcFSmXmL86+XlOmgumaUwqEdC2D
+ysiUFnZflGEo8IWnObvXi9moshMdVAk0JH0ggX1mfqKQdFwQxr3sqxvC
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 438 (0x1b6)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 5
+        Validity
+            Not Before: Aug 14 14:50:00 1998 GMT
+            Not After : Aug 14 23:59:00 2013 GMT
+        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 5
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bc:12:6e:3f:8a:7c:7a:97:01:ec:1e:bb:39:5a:
+                    02:f4:78:44:a2:48:1b:8e:7b:49:52:7a:b8:7b:47:
+                    b3:af:94:9b:6f:bb:96:fa:2b:6a:65:5c:b8:1c:94:
+                    73:be:bf:89:0a:22:80:ee:57:fc:8c:05:bb:70:9f:
+                    97:39:04:da:a3:87:5c:a8:e5:ca:af:c0:33:9a:d5:
+                    37:5c:4b:ac:e4:80:d0:a6:23:60:fb:fd:72:2e:94:
+                    9d:c7:ce:c2:04:32:ef:78:60:5d:ed:ad:87:0f:45:
+                    65:1e:3c:9a:0a:9a:be:5d:1d:99:ec:e7:f2:d1:c6:
+                    7a:17:d9:ad:9b:54:96:7f:c4:7c:60:bf:85:aa:15:
+                    35:1d:40:da:11:bc:ec:54:21:28:2d:23:a1:a8:f0:
+                    cf:2d:cd:dd:fc:7e:0f:5e:e1:65:07:56:cb:07:b4:
+                    d2:56:e8:5e:31:cc:18:63:c4:86:d2:2d:85:cf:93:
+                    92:ab:6d:fe:68:39:fb:de:73:bd:86:f8:e4:46:7a:
+                    ea:9f:0c:cb:f4:19:fe:63:bc:d1:2c:7b:88:33:36:
+                    f6:e4:e1:9c:0c:53:81:60:1c:da:2e:ab:96:a9:16:
+                    88:13:50:99:b2:bd:55:df:15:30:7e:e8:e5:98:fb:
+                    70:7e:6c:b5:07:fc:fc:46:b7:d0:ed:37:96:7e:32:
+                    fe:21
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:5
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Certificate Policies: 
+                Policy: 1.2.840.113763.1.2.1.3
+
+            X509v3 Subject Key Identifier: 
+                76:0A:49:21:38:4C:9F:DE:F8:C4:49:C7:71:71:91:9D
+    Signature Algorithm: sha1WithRSAEncryption
+        41:3a:d4:18:5b:da:b8:de:21:1c:e1:8e:09:e5:f1:68:34:ff:
+        de:96:f4:07:f5:a7:3c:f3:ac:4a:b1:9b:fa:92:fa:9b:ed:e6:
+        32:21:aa:4a:76:c5:dc:4f:38:e5:df:d5:86:e4:d5:c8:76:7d:
+        98:d7:b1:cd:8f:4d:b5:91:23:6c:8b:8a:eb:ea:7c:ef:14:94:
+        c4:c6:f0:1f:4a:2d:32:71:63:2b:63:91:26:02:09:b6:80:1d:
+        ed:e2:cc:b8:7f:db:87:63:c8:e1:d0:6c:26:b1:35:1d:40:66:
+        10:1b:cd:95:54:18:33:61:ec:13:4f:da:13:f7:99:af:3e:d0:
+        cf:8e:a6:72:a2:b3:c3:05:9a:c9:27:7d:92:cc:7e:52:8d:b3:
+        ab:70:6d:9e:89:9f:4d:eb:1a:75:c2:98:aa:d5:02:16:d7:0c:
+        8a:bf:25:e4:eb:2d:bc:98:e9:58:38:19:7c:b9:37:fe:db:e2:
+        99:08:73:06:c7:97:83:6a:7d:10:01:2f:32:b9:17:05:4a:65:
+        e6:2f:ce:be:5e:53:a6:82:e9:9a:53:0a:84:74:2d:83:ca:c8:
+        94:16:76:5f:94:61:28:f0:85:a7:39:bb:d7:8b:d9:a8:b2:13:
+        1d:54:09:34:24:7d:20:81:7d:66:7e:a2:90:74:5c:10:c6:bd:
+        ec:ab:1b:c2
+
+GTE CyberTrust Root CA
+======================
+MD5 Fingerprint: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 419 (0x1a3)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, CN=GTE CyberTrust Root
+        Validity
+            Not Before: Feb 23 23:01:00 1996 GMT
+            Not After : Feb 23 23:59:00 2006 GMT
+        Subject: C=US, O=GTE Corporation, CN=GTE CyberTrust Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b8:e6:4f:ba:db:98:7c:71:7c:af:44:b7:d3:0f:
+                    46:d9:64:e5:93:c1:42:8e:c7:ba:49:8d:35:2d:7a:
+                    e7:8b:bd:e5:05:31:59:c6:b1:2f:0a:0c:fb:9f:a7:
+                    3f:a2:09:66:84:56:1e:37:29:1b:87:e9:7e:0c:ca:
+                    9a:9f:a5:7f:f5:15:94:a3:d5:a2:46:82:d8:68:4c:
+                    d1:37:15:06:68:af:bd:f8:b0:b3:f0:29:f5:95:5a:
+                    09:16:61:77:0a:22:25:d4:4f:45:aa:c7:bd:e5:96:
+                    df:f9:d4:a8:8e:42:cc:24:c0:1e:91:27:4a:b5:6d:
+                    06:80:63:39:c4:a2:5e:38:03
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        12:b3:75:c6:5f:1d:e1:61:55:80:00:d4:81:4b:7b:31:0f:23:
+        63:e7:3d:f3:03:f9:f4:36:a8:bb:d9:e3:a5:97:4d:ea:2b:29:
+        e0:d6:6a:73:81:e6:c0:89:a3:d3:f1:e0:a5:a5:22:37:9a:63:
+        c2:48:20:b4:db:72:e3:c8:f6:d9:7c:be:b1:af:53:da:14:b4:
+        21:b8:d6:d5:96:e3:fe:4e:0c:59:62:b6:9a:4a:f9:42:dd:8c:
+        6f:81:a9:71:ff:f4:0a:72:6d:6d:44:0e:9d:f3:74:74:a8:d5:
+        34:49:e9:5e:9e:e9:b4:7a:e1:e5:5a:1f:84:30:9c:d3:9f:a5:
+        25:d8
+
+GlobalSign Partners CA
+======================
+MD5 Fingerprint: 3C:75:CD:4C:BD:A9:D0:8A:79:4F:50:16:37:84:F4:2B
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgILAgAAAAAA1ni50a8wDQYJKoZIhvcNAQEEBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05OTAxMjgxMjAw
+MDBaFw0wOTAxMjgxMjAwMDBaMF8xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRQwEgYDVQQLEwtQYXJ0bmVycyBDQTEfMB0GA1UEAxMWR2xv
+YmFsU2lnbiBQYXJ0bmVycyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANIs+DKsShJ6N8gpkaWujG4eDsA0M4jlM3EWHHiEaMMYNFAuFj6xlIJPsZqf
+APjGETXGaXuYAq0ABohs50wzKACIJ0Yfh7NxdWO8MruI3mYYDlAGk7T2vBQ3MD0i
+3z3/dX7ZChrFn7P80KyzCHqJ0wHoAFznSgs9TXsmordiBovaRt2TFz8/WwJLC7aI
+IBGSAK27xy7U40Wu9YlafI2krYVkMsAnjMbyioCShiRWWY10aKKDQrOePVBBhm8g
+bvb9ztMZ4zLMj+2aXm0fKPVSrG4YXvg90ZLlumwBiEsK8i3eZTMFQqBMqjF2vv2/
+gXj5cRxGXi0VlS0wWY5MQdFiqz0CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgAGMB0G
+A1UdDgQWBBRDJI1wFQhiVZxPDEAXXYZeD6JM+zAfBgNVHSMEGDAWgBRge2YaRQ2X
+yolQL30EzTSo//z9SzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA4IB
+AQBm7bSIaRGZgiGDrKFti5uErQ8tyB6Mynt+rarUjt4H1p5Fx6W4nAc5YCVVGsBP
+GeXPFylJiRg1ZuXrKEBOV8mvs+S4IAWjO5VQkUmUKX0s5YhBpUWIXp2CJ/fS71u1
+T5++/jVlLFVkn+FR2iJhd7pYTo/GeVlZbjCAok+QbiELrdBoOZAQm+0iZW8eETjm
+f4zS8zltR9Uh6Op1OkHRrfYWnV0LIb3zH2MGJR3BHzVxLOsgGdXBsOw95W/tAgc/
+E3tmktZEwZj3X1CLelvCb22w0fjldKBAN6MlD+Q9ymQxk5BcMHu5OTGaXkzNuUFP
+UOQ9OK7IZtnHO11RR6ybq/Kt
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            02:00:00:00:00:00:d6:78:b9:d1:af
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Validity
+            Not Before: Jan 28 12:00:00 1999 GMT
+            Not After : Jan 28 12:00:00 2009 GMT
+        Subject: C=BE, O=GlobalSign nv-sa, OU=Partners CA, CN=GlobalSign Partners CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:d2:2c:f8:32:ac:4a:12:7a:37:c8:29:91:a5:ae:
+                    8c:6e:1e:0e:c0:34:33:88:e5:33:71:16:1c:78:84:
+                    68:c3:18:34:50:2e:16:3e:b1:94:82:4f:b1:9a:9f:
+                    00:f8:c6:11:35:c6:69:7b:98:02:ad:00:06:88:6c:
+                    e7:4c:33:28:00:88:27:46:1f:87:b3:71:75:63:bc:
+                    32:bb:88:de:66:18:0e:50:06:93:b4:f6:bc:14:37:
+                    30:3d:22:df:3d:ff:75:7e:d9:0a:1a:c5:9f:b3:fc:
+                    d0:ac:b3:08:7a:89:d3:01:e8:00:5c:e7:4a:0b:3d:
+                    4d:7b:26:a2:b7:62:06:8b:da:46:dd:93:17:3f:3f:
+                    5b:02:4b:0b:b6:88:20:11:92:00:ad:bb:c7:2e:d4:
+                    e3:45:ae:f5:89:5a:7c:8d:a4:ad:85:64:32:c0:27:
+                    8c:c6:f2:8a:80:92:86:24:56:59:8d:74:68:a2:83:
+                    42:b3:9e:3d:50:41:86:6f:20:6e:f6:fd:ce:d3:19:
+                    e3:32:cc:8f:ed:9a:5e:6d:1f:28:f5:52:ac:6e:18:
+                    5e:f8:3d:d1:92:e5:ba:6c:01:88:4b:0a:f2:2d:de:
+                    65:33:05:42:a0:4c:aa:31:76:be:fd:bf:81:78:f9:
+                    71:1c:46:5e:2d:15:95:2d:30:59:8e:4c:41:d1:62:
+                    ab:3d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                43:24:8D:70:15:08:62:55:9C:4F:0C:40:17:5D:86:5E:0F:A2:4C:FB
+            X509v3 Authority Key Identifier: 
+                keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        66:ed:b4:88:69:11:99:82:21:83:ac:a1:6d:8b:9b:84:ad:0f:
+        2d:c8:1e:8c:ca:7b:7e:ad:aa:d4:8e:de:07:d6:9e:45:c7:a5:
+        b8:9c:07:39:60:25:55:1a:c0:4f:19:e5:cf:17:29:49:89:18:
+        35:66:e5:eb:28:40:4e:57:c9:af:b3:e4:b8:20:05:a3:3b:95:
+        50:91:49:94:29:7d:2c:e5:88:41:a5:45:88:5e:9d:82:27:f7:
+        d2:ef:5b:b5:4f:9f:be:fe:35:65:2c:55:64:9f:e1:51:da:22:
+        61:77:ba:58:4e:8f:c6:79:59:59:6e:30:80:a2:4f:90:6e:21:
+        0b:ad:d0:68:39:90:10:9b:ed:22:65:6f:1e:11:38:e6:7f:8c:
+        d2:f3:39:6d:47:d5:21:e8:ea:75:3a:41:d1:ad:f6:16:9d:5d:
+        0b:21:bd:f3:1f:63:06:25:1d:c1:1f:35:71:2c:eb:20:19:d5:
+        c1:b0:ec:3d:e5:6f:ed:02:07:3f:13:7b:66:92:d6:44:c1:98:
+        f7:5f:50:8b:7a:5b:c2:6f:6d:b0:d1:f8:e5:74:a0:40:37:a3:
+        25:0f:e4:3d:ca:64:31:93:90:5c:30:7b:b9:39:31:9a:5e:4c:
+        cd:b9:41:4f:50:e4:3d:38:ae:c8:66:d9:c7:3b:5d:51:47:ac:
+        9b:ab:f2:ad
+
+GlobalSign Primary Class 1 CA
+=============================
+MD5 Fingerprint: 5C:AC:59:01:A4:86:53:CB:10:66:B5:D6:D6:71:FF:01
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgILAgAAAAAA1ni4N88wDQYJKoZIhvcNAQEEBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MTUxMjAw
+MDBaFw0wOTAxMjgxMjAwMDBaMG0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRswGQYDVQQLExJQcmltYXJ5IENsYXNzIDEgQ0ExJjAkBgNV
+BAMTHUdsb2JhbFNpZ24gUHJpbWFyeSBDbGFzcyAxIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAvSA1R9Eo1gijEjkjRw29cCFSDlcxlaY0V2vsfkN5
+wwZSSM28taGZvdgfMrzP125ybS53IpCCTkuPmgwBQprZcFm2nR/mY9EMrR1O+IWB
++a7vn6ZSYUR5GnVF4GFWRW1CjD1yy6akErea9dZg0GBQs46mpuy09BLNf6jO77Ph
+hTD+csTm53eznlhB1lGDiAfGtmlPNt7RC0g/vdafIXRkbycGPkv9Dqabv6RIV4yQ
+7okYCwKBGL5n/lNgiCe6o3M0S1pWtN5zBe2Yll3sSudA/EsJYuvQ4zFPhdF6q1ln
+K/uID+uqg701/WEn7GYOQlf3acIM7/xqwm5J2o9BOK5IqQIDAQABo2MwYTAOBgNV
+HQ8BAf8EBAMCAAYwHQYDVR0OBBYEFPzgZvZaNZnrQB7SuB5DvJiOH4rDMB8GA1Ud
+IwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQEEBQADggEBAJujCETO8pCdcfMyswVqterPKZjeVT6gFn0GekTWr9L6
+E1iM+BzHqx20G+9paJhcCDmP4Pf7SMwh57gz2wWqNCRsSuXpe2Deg7MfCr5BdfzM
+MEi3wSYdBDOqtnjtKsu6VpcybvcxlS5G8hTuJ8f3Yom5XFrTOIpk9Te08bM0ctXV
+IT1L13iT1zFmNR6j2EdJbxyt4YB/+JgkbHOsDsIadwKjJge3x2tdvILVKkgdY89Q
+Mqb7HBhHFQpbDFw4JJoEmKgISF98NIdjqy2NTAB3lBt2uvUWGKMVry+U9ikAdsEV
+F9PpN0121MtLKVkkrNpKoOpj3l9Usfrz0UXLxWS0cyE=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            02:00:00:00:00:00:d6:78:b8:37:cf
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Validity
+            Not Before: Sep 15 12:00:00 1998 GMT
+            Not After : Jan 28 12:00:00 2009 GMT
+        Subject: C=BE, O=GlobalSign nv-sa, OU=Primary Class 1 CA, CN=GlobalSign Primary Class 1 CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bd:20:35:47:d1:28:d6:08:a3:12:39:23:47:0d:
+                    bd:70:21:52:0e:57:31:95:a6:34:57:6b:ec:7e:43:
+                    79:c3:06:52:48:cd:bc:b5:a1:99:bd:d8:1f:32:bc:
+                    cf:d7:6e:72:6d:2e:77:22:90:82:4e:4b:8f:9a:0c:
+                    01:42:9a:d9:70:59:b6:9d:1f:e6:63:d1:0c:ad:1d:
+                    4e:f8:85:81:f9:ae:ef:9f:a6:52:61:44:79:1a:75:
+                    45:e0:61:56:45:6d:42:8c:3d:72:cb:a6:a4:12:b7:
+                    9a:f5:d6:60:d0:60:50:b3:8e:a6:a6:ec:b4:f4:12:
+                    cd:7f:a8:ce:ef:b3:e1:85:30:fe:72:c4:e6:e7:77:
+                    b3:9e:58:41:d6:51:83:88:07:c6:b6:69:4f:36:de:
+                    d1:0b:48:3f:bd:d6:9f:21:74:64:6f:27:06:3e:4b:
+                    fd:0e:a6:9b:bf:a4:48:57:8c:90:ee:89:18:0b:02:
+                    81:18:be:67:fe:53:60:88:27:ba:a3:73:34:4b:5a:
+                    56:b4:de:73:05:ed:98:96:5d:ec:4a:e7:40:fc:4b:
+                    09:62:eb:d0:e3:31:4f:85:d1:7a:ab:59:67:2b:fb:
+                    88:0f:eb:aa:83:bd:35:fd:61:27:ec:66:0e:42:57:
+                    f7:69:c2:0c:ef:fc:6a:c2:6e:49:da:8f:41:38:ae:
+                    48:a9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                FC:E0:66:F6:5A:35:99:EB:40:1E:D2:B8:1E:43:BC:98:8E:1F:8A:C3
+            X509v3 Authority Key Identifier: 
+                keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        9b:a3:08:44:ce:f2:90:9d:71:f3:32:b3:05:6a:b5:ea:cf:29:
+        98:de:55:3e:a0:16:7d:06:7a:44:d6:af:d2:fa:13:58:8c:f8:
+        1c:c7:ab:1d:b4:1b:ef:69:68:98:5c:08:39:8f:e0:f7:fb:48:
+        cc:21:e7:b8:33:db:05:aa:34:24:6c:4a:e5:e9:7b:60:de:83:
+        b3:1f:0a:be:41:75:fc:cc:30:48:b7:c1:26:1d:04:33:aa:b6:
+        78:ed:2a:cb:ba:56:97:32:6e:f7:31:95:2e:46:f2:14:ee:27:
+        c7:f7:62:89:b9:5c:5a:d3:38:8a:64:f5:37:b4:f1:b3:34:72:
+        d5:d5:21:3d:4b:d7:78:93:d7:31:66:35:1e:a3:d8:47:49:6f:
+        1c:ad:e1:80:7f:f8:98:24:6c:73:ac:0e:c2:1a:77:02:a3:26:
+        07:b7:c7:6b:5d:bc:82:d5:2a:48:1d:63:cf:50:32:a6:fb:1c:
+        18:47:15:0a:5b:0c:5c:38:24:9a:04:98:a8:08:48:5f:7c:34:
+        87:63:ab:2d:8d:4c:00:77:94:1b:76:ba:f5:16:18:a3:15:af:
+        2f:94:f6:29:00:76:c1:15:17:d3:e9:37:4d:76:d4:cb:4b:29:
+        59:24:ac:da:4a:a0:ea:63:de:5f:54:b1:fa:f3:d1:45:cb:c5:
+        64:b4:73:21
+
+GlobalSign Primary Class 2 CA
+=============================
+MD5 Fingerprint: A9:A9:42:59:7E:BE:5A:94:E4:2C:C6:8B:1C:2A:44:B6
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgILAgAAAAAA1ni4jY0wDQYJKoZIhvcNAQEEBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05OTAxMjgxMjAw
+MDBaFw0wOTAxMjgxMjAwMDBaMG0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRswGQYDVQQLExJQcmltYXJ5IENsYXNzIDIgQ0ExJjAkBgNV
+BAMTHUdsb2JhbFNpZ24gUHJpbWFyeSBDbGFzcyAyIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAkoz+7/RFjhdBbvzYvyFvqwadUsEsAJ0/joW4f0qP
+vaBjKspJJ65agvR04lWS/8LRqnmitvrVnYIET8ayxl5jpzq62O7rim+ftrsoQcAi
++05IGgaS17/Xz7nZvThPOw1EblVB/vwJ29i/844h8egStfYTpdPGTJMisAL/7h0M
+xKhrT3VoVujcKBJQ96gknS4kOfsJBd7lo2RJIdBofnEwkbFg4Dn0UPh6TZgAa3x5
+uk7OSuK6Nh23xTYVlZxkQupfxLr1QAW+4TpZvYSnGbjeTVNQzgfR0lHT7w2BbObn
+bctdfD98zOxPgycl/3BQ9oNZdYQGZlgs3omNAKZJ+aVDdwIDAQABo2MwYTAOBgNV
+HQ8BAf8EBAMCAAYwHQYDVR0OBBYEFHznsrEs3rGna+l2DOGj/U5sx7n2MB8GA1Ud
+IwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQEEBQADggEBAGPdWc6KeaqYnU7FiWQ3foqTZy8Q6m8nw413bfJcVpQZ
+GmlgMEZdj/JtRTyONZd8L7hR4uiJvYjPJxwINFyIwWgk25GF5M/7+0ON6CUBG8QO
+9wBCSIYfJAhYWoyN8mtHLGiRsWlC/Q2NySbmkoamZG6Sxc4+PH1x4yOkq8fVqKnf
+gqc76IbVw08Y40TQ4NzzxWgu/qUvBYTIfkdCU2uHSv4y/14+cIy3qBXMF8L/RuzQ
+7C20bhIoqflA6evUZpdTqWlVwKmqsi7N0Wn0vvi7fGnuVKbbnvtapj7+mu+UUUt1
+7tjU4ZrxAlYTiQ6nQouWi4UMG4W+Jq6rppm8IvFz30I=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            02:00:00:00:00:00:d6:78:b8:8d:8d
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Validity
+            Not Before: Jan 28 12:00:00 1999 GMT
+            Not After : Jan 28 12:00:00 2009 GMT
+        Subject: C=BE, O=GlobalSign nv-sa, OU=Primary Class 2 CA, CN=GlobalSign Primary Class 2 CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:92:8c:fe:ef:f4:45:8e:17:41:6e:fc:d8:bf:21:
+                    6f:ab:06:9d:52:c1:2c:00:9d:3f:8e:85:b8:7f:4a:
+                    8f:bd:a0:63:2a:ca:49:27:ae:5a:82:f4:74:e2:55:
+                    92:ff:c2:d1:aa:79:a2:b6:fa:d5:9d:82:04:4f:c6:
+                    b2:c6:5e:63:a7:3a:ba:d8:ee:eb:8a:6f:9f:b6:bb:
+                    28:41:c0:22:fb:4e:48:1a:06:92:d7:bf:d7:cf:b9:
+                    d9:bd:38:4f:3b:0d:44:6e:55:41:fe:fc:09:db:d8:
+                    bf:f3:8e:21:f1:e8:12:b5:f6:13:a5:d3:c6:4c:93:
+                    22:b0:02:ff:ee:1d:0c:c4:a8:6b:4f:75:68:56:e8:
+                    dc:28:12:50:f7:a8:24:9d:2e:24:39:fb:09:05:de:
+                    e5:a3:64:49:21:d0:68:7e:71:30:91:b1:60:e0:39:
+                    f4:50:f8:7a:4d:98:00:6b:7c:79:ba:4e:ce:4a:e2:
+                    ba:36:1d:b7:c5:36:15:95:9c:64:42:ea:5f:c4:ba:
+                    f5:40:05:be:e1:3a:59:bd:84:a7:19:b8:de:4d:53:
+                    50:ce:07:d1:d2:51:d3:ef:0d:81:6c:e6:e7:6d:cb:
+                    5d:7c:3f:7c:cc:ec:4f:83:27:25:ff:70:50:f6:83:
+                    59:75:84:06:66:58:2c:de:89:8d:00:a6:49:f9:a5:
+                    43:77
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                7C:E7:B2:B1:2C:DE:B1:A7:6B:E9:76:0C:E1:A3:FD:4E:6C:C7:B9:F6
+            X509v3 Authority Key Identifier: 
+                keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        63:dd:59:ce:8a:79:aa:98:9d:4e:c5:89:64:37:7e:8a:93:67:
+        2f:10:ea:6f:27:c3:8d:77:6d:f2:5c:56:94:19:1a:69:60:30:
+        46:5d:8f:f2:6d:45:3c:8e:35:97:7c:2f:b8:51:e2:e8:89:bd:
+        88:cf:27:1c:08:34:5c:88:c1:68:24:db:91:85:e4:cf:fb:fb:
+        43:8d:e8:25:01:1b:c4:0e:f7:00:42:48:86:1f:24:08:58:5a:
+        8c:8d:f2:6b:47:2c:68:91:b1:69:42:fd:0d:8d:c9:26:e6:92:
+        86:a6:64:6e:92:c5:ce:3e:3c:7d:71:e3:23:a4:ab:c7:d5:a8:
+        a9:df:82:a7:3b:e8:86:d5:c3:4f:18:e3:44:d0:e0:dc:f3:c5:
+        68:2e:fe:a5:2f:05:84:c8:7e:47:42:53:6b:87:4a:fe:32:ff:
+        5e:3e:70:8c:b7:a8:15:cc:17:c2:ff:46:ec:d0:ec:2d:b4:6e:
+        12:28:a9:f9:40:e9:eb:d4:66:97:53:a9:69:55:c0:a9:aa:b2:
+        2e:cd:d1:69:f4:be:f8:bb:7c:69:ee:54:a6:db:9e:fb:5a:a6:
+        3e:fe:9a:ef:94:51:4b:75:ee:d8:d4:e1:9a:f1:02:56:13:89:
+        0e:a7:42:8b:96:8b:85:0c:1b:85:be:26:ae:ab:a6:99:bc:22:
+        f1:73:df:42
+
+GlobalSign Primary Class 3 CA
+=============================
+MD5 Fingerprint: 98:12:A3:4B:95:A9:96:64:94:E7:50:8C:3E:E1:83:5A
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgILAgAAAAAA1ni41sMwDQYJKoZIhvcNAQEEBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05OTAxMjgxMjAw
+MDBaFw0wOTAxMjgxMjAwMDBaMG0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRswGQYDVQQLExJQcmltYXJ5IENsYXNzIDMgQ0ExJjAkBgNV
+BAMTHUdsb2JhbFNpZ24gUHJpbWFyeSBDbGFzcyAzIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAkV5WZdbAwAScv0fEXHt6MQH5WJaZ4xyEL9xWj631
+WYHVQ2ZdWpOMdcqp5xHBURAUYMks1HuvxneGq3onrm+VuQvKtkb7fhr0DRRt0slO
+sq7wVPZcQEw2SHToVIxlZhCnvSu3II0FSa14fdIkI1Dj8LR5mwE5/6870y3u4UmN
+jS88akFFL5vjPeES5JF1ns+gPjySgW+KLhjc4PKMjP2H2Qf0QJTJTk9D32dWb70D
+UHyZZ6S5PJFsAm6E1vxG98xvGD4X8O8LZBZX5qyG8UiqQ8HJJ3hzREXihX26/7Ph
++xsFpEs7mRIlAVAUaq9d6sgM7uTa7EuLXGgTldzDtTA61wIDAQABo2MwYTAOBgNV
+HQ8BAf8EBAMCAAYwHQYDVR0OBBYEFMw2zBe0RZEv7c87MEh3+7UUmb7jMB8GA1Ud
+IwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQEEBQADggEBAFeyVMy9lRdkYIm2U5EMRZLDPahsw8yyGPV4QXTYfaMn
+r3cNWT6UHWn6idMMvRoB9D/o4Hcagiha5mLXt+M2yQ6feuPC08xZiQzvFovwNnci
+yqS2t8FCZwFAY8znOGSHWxSWZnstFO69SW3/d9DiTlvTgMJND8q4nYGXpzRux+Oc
+SOW0qkX19mVMSPISwtKTjMIVJPMrUv/jCK64btYsEs85yxIq56l7X5g9o+HMpmOJ
+XH0xdfnV1l3y0NQ9355xqA7c5CCXeOZ/U6QNUU+OOwOuow1aTcN55zVYcELJXqFe
+tNkio0RTNaTQz3OAxc+fVph2+RRMd4eCydx+XTTVNnU=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            02:00:00:00:00:00:d6:78:b8:d6:c3
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Validity
+            Not Before: Jan 28 12:00:00 1999 GMT
+            Not After : Jan 28 12:00:00 2009 GMT
+        Subject: C=BE, O=GlobalSign nv-sa, OU=Primary Class 3 CA, CN=GlobalSign Primary Class 3 CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:91:5e:56:65:d6:c0:c0:04:9c:bf:47:c4:5c:7b:
+                    7a:31:01:f9:58:96:99:e3:1c:84:2f:dc:56:8f:ad:
+                    f5:59:81:d5:43:66:5d:5a:93:8c:75:ca:a9:e7:11:
+                    c1:51:10:14:60:c9:2c:d4:7b:af:c6:77:86:ab:7a:
+                    27:ae:6f:95:b9:0b:ca:b6:46:fb:7e:1a:f4:0d:14:
+                    6d:d2:c9:4e:b2:ae:f0:54:f6:5c:40:4c:36:48:74:
+                    e8:54:8c:65:66:10:a7:bd:2b:b7:20:8d:05:49:ad:
+                    78:7d:d2:24:23:50:e3:f0:b4:79:9b:01:39:ff:af:
+                    3b:d3:2d:ee:e1:49:8d:8d:2f:3c:6a:41:45:2f:9b:
+                    e3:3d:e1:12:e4:91:75:9e:cf:a0:3e:3c:92:81:6f:
+                    8a:2e:18:dc:e0:f2:8c:8c:fd:87:d9:07:f4:40:94:
+                    c9:4e:4f:43:df:67:56:6f:bd:03:50:7c:99:67:a4:
+                    b9:3c:91:6c:02:6e:84:d6:fc:46:f7:cc:6f:18:3e:
+                    17:f0:ef:0b:64:16:57:e6:ac:86:f1:48:aa:43:c1:
+                    c9:27:78:73:44:45:e2:85:7d:ba:ff:b3:e1:fb:1b:
+                    05:a4:4b:3b:99:12:25:01:50:14:6a:af:5d:ea:c8:
+                    0c:ee:e4:da:ec:4b:8b:5c:68:13:95:dc:c3:b5:30:
+                    3a:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                CC:36:CC:17:B4:45:91:2F:ED:CF:3B:30:48:77:FB:B5:14:99:BE:E3
+            X509v3 Authority Key Identifier: 
+                keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        57:b2:54:cc:bd:95:17:64:60:89:b6:53:91:0c:45:92:c3:3d:
+        a8:6c:c3:cc:b2:18:f5:78:41:74:d8:7d:a3:27:af:77:0d:59:
+        3e:94:1d:69:fa:89:d3:0c:bd:1a:01:f4:3f:e8:e0:77:1a:82:
+        28:5a:e6:62:d7:b7:e3:36:c9:0e:9f:7a:e3:c2:d3:cc:59:89:
+        0c:ef:16:8b:f0:36:77:22:ca:a4:b6:b7:c1:42:67:01:40:63:
+        cc:e7:38:64:87:5b:14:96:66:7b:2d:14:ee:bd:49:6d:ff:77:
+        d0:e2:4e:5b:d3:80:c2:4d:0f:ca:b8:9d:81:97:a7:34:6e:c7:
+        e3:9c:48:e5:b4:aa:45:f5:f6:65:4c:48:f2:12:c2:d2:93:8c:
+        c2:15:24:f3:2b:52:ff:e3:08:ae:b8:6e:d6:2c:12:cf:39:cb:
+        12:2a:e7:a9:7b:5f:98:3d:a3:e1:cc:a6:63:89:5c:7d:31:75:
+        f9:d5:d6:5d:f2:d0:d4:3d:df:9e:71:a8:0e:dc:e4:20:97:78:
+        e6:7f:53:a4:0d:51:4f:8e:3b:03:ae:a3:0d:5a:4d:c3:79:e7:
+        35:58:70:42:c9:5e:a1:5e:b4:d9:22:a3:44:53:35:a4:d0:cf:
+        73:80:c5:cf:9f:56:98:76:f9:14:4c:77:87:82:c9:dc:7e:5d:
+        34:d5:36:75
+
+GlobalSign Root CA
+==================
+MD5 Fingerprint: AB:BF:EA:E3:6B:29:A6:CC:A6:78:35:99:EF:AD:2B:80
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU
+YHtmGkUNl8qJUC99BM00qP/8/UswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQQFAAOCAQEArqqf/LfSyx9fOSkoGJ40yWxPbxrwZKJwSk8ThptgKJ7ogUmYfQq7
+5bCdPTbbjwVR/wkxKh/diXeeDy5slQTthsu0AD+EAk2AaioteAuubyuig0SDH81Q
+gkwkr733pbTIWg/050deSY43lv6aiAU62cDbKYfmGZZHpzqmjIs8d/5GY6dT2iHR
+rH5Jokvmw2dZL7OKDrssvamqQnw1wdh/1acxOk5jQzmvCLBhNIzTmKlDNPYPhyk7
+ncJWWJh3w/cbrPad+D6qp1RF8PX51TFl/mtYnHGzHtdS6jIX/EBgHcl5JLL2bP2o
+Zg6C3ZjL2sJETy6ge/L3ayx2EYRGinij4w==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            02:00:00:00:00:00:d6:78:b7:94:05
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Validity
+            Not Before: Sep  1 12:00:00 1998 GMT
+            Not After : Jan 28 12:00:00 2014 GMT
+        Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:da:0e:e6:99:8d:ce:a3:e3:4f:8a:7e:fb:f1:8b:
+                    83:25:6b:ea:48:1f:f1:2a:b0:b9:95:11:04:bd:f0:
+                    63:d1:e2:67:66:cf:1c:dd:cf:1b:48:2b:ee:8d:89:
+                    8e:9a:af:29:80:65:ab:e9:c7:2d:12:cb:ab:1c:4c:
+                    70:07:a1:3d:0a:30:cd:15:8d:4f:f8:dd:d4:8c:50:
+                    15:1c:ef:50:ee:c4:2e:f7:fc:e9:52:f2:91:7d:e0:
+                    6d:d5:35:30:8e:5e:43:73:f2:41:e9:d5:6a:e3:b2:
+                    89:3a:56:39:38:6f:06:3c:88:69:5b:2a:4d:c5:a7:
+                    54:b8:6c:89:cc:9b:f9:3c:ca:e5:fd:89:f5:12:3c:
+                    92:78:96:d6:dc:74:6e:93:44:61:d1:8d:c7:46:b2:
+                    75:0e:86:e8:19:8a:d5:6d:6c:d5:78:16:95:a2:e9:
+                    c8:0a:38:eb:f2:24:13:4f:73:54:93:13:85:3a:1b:
+                    bc:1e:34:b5:8b:05:8c:b9:77:8b:b1:db:1f:20:91:
+                    ab:09:53:6e:90:ce:7b:37:74:b9:70:47:91:22:51:
+                    63:16:79:ae:b1:ae:41:26:08:c8:19:2b:d1:46:aa:
+                    48:d6:64:2a:d7:83:34:ff:2c:2a:c1:6c:19:43:4a:
+                    07:85:e7:d3:7c:f6:21:68:ef:ea:f2:52:9f:7f:93:
+                    90:cf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        ae:aa:9f:fc:b7:d2:cb:1f:5f:39:29:28:18:9e:34:c9:6c:4f:
+        6f:1a:f0:64:a2:70:4a:4f:13:86:9b:60:28:9e:e8:81:49:98:
+        7d:0a:bb:e5:b0:9d:3d:36:db:8f:05:51:ff:09:31:2a:1f:dd:
+        89:77:9e:0f:2e:6c:95:04:ed:86:cb:b4:00:3f:84:02:4d:80:
+        6a:2a:2d:78:0b:ae:6f:2b:a2:83:44:83:1f:cd:50:82:4c:24:
+        af:bd:f7:a5:b4:c8:5a:0f:f4:e7:47:5e:49:8e:37:96:fe:9a:
+        88:05:3a:d9:c0:db:29:87:e6:19:96:47:a7:3a:a6:8c:8b:3c:
+        77:fe:46:63:a7:53:da:21:d1:ac:7e:49:a2:4b:e6:c3:67:59:
+        2f:b3:8a:0e:bb:2c:bd:a9:aa:42:7c:35:c1:d8:7f:d5:a7:31:
+        3a:4e:63:43:39:af:08:b0:61:34:8c:d3:98:a9:43:34:f6:0f:
+        87:29:3b:9d:c2:56:58:98:77:c3:f7:1b:ac:f6:9d:f8:3e:aa:
+        a7:54:45:f0:f5:f9:d5:31:65:fe:6b:58:9c:71:b3:1e:d7:52:
+        ea:32:17:fc:40:60:1d:c9:79:24:b2:f6:6c:fd:a8:66:0e:82:
+        dd:98:cb:da:c2:44:4f:2e:a0:7b:f2:f7:6b:2c:76:11:84:46:
+        8a:78:a3:e3
+
+National Retail Federation by DST
+=================================
+MD5 Fingerprint: AD:8E:0F:9E:01:6B:A0:C5:74:D5:0C:D3:68:65:4F:1E
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEAjCCAuoCEQDQHkCKAAACfAAAAAMAAAABMA0GCSqGSIb3DQEBBQUAMIG+MQsw
+CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEjMCEGA1UE
+CxMaTmF0aW9uYWwgUmV0YWlsIEZlZGVyYXRpb24xGTAXBgNVBAMTEERTVCAoTlJG
+KSBSb290Q0ExITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05
+ODEyMTExNjE0MTZaFw0wODEyMDgxNjE0MTZaMIG+MQswCQYDVQQGEwJ1czENMAsG
+A1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0Rp
+Z2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEjMCEGA1UECxMaTmF0aW9uYWwgUmV0
+YWlsIEZlZGVyYXRpb24xGTAXBgNVBAMTEERTVCAoTlJGKSBSb290Q0ExITAfBgkq
+hkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANmsm3f6UNPM3LlArLlyagCHI/wPliHQJq/k4rVf+tOmfSEw
+LswXgo+YdPxnpKbfiJeiQin1p9sRk/teIzDCqrwi50Eb5e0l3sg/295XRXhARoOy
+1Ro93w9FbdVjAnXYL8Zuq5WRdDcNy00JXNHUWzra3Q7Ia5nY1TnM34VVxJJTAqPh
+94DJcKPa3DPEf6JHCBw1lh+hAxwwg/TEzP+Yw7BGRKLAv63b0oH2TJgsp14k84bK
+Y9W6ffCawErQG1ju7Klnz2kCbCLAYCws0cgg6sgt+92cu8tRTNznVwQ7VJsRpTJ0
+7HQB85AVWy98LJNluWZntIGINeWekRh/gahByMsCAwEAATANBgkqhkiG9w0BAQUF
+AAOCAQEAhF4LO+ygjRyb0DwdcWnkGn9kvoFlYcWMatd8AHTgemJV7SR84GHj8t0U
+5hFugw7h6qmegK2aIL/gV37V0LWEYy3ZGOS9GzUsXq5hdqpnhTs44TGBHzF/5tf4
+W9K7Y3mGxIzF3gqu19H8AXT/trYNYoFnHLsm+CSA4Fxe2KSKOo99y/+So/18qTJp
+B1hYYUKZUgOxOD3GcW9s8uh9BqrBfFPLGi2IT8mpp6xpb/ekH9h0gfVKv7FVt9N3
+OKdvwkrI4nOJ01dy4UMvcjz2H7f4BEpuwemUF+SXF/QOE4ZvjavoXy20/2zWorQf
+7LmUaqoSTxrd9Xe1JYzyigrx/FJbWA==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            d0:1e:40:8a:00:00:02:7c:00:00:00:03:00:00:00:01
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=National Retail Federation, CN=DST (NRF) RootCA/Email=ca@digsigtrust.com
+        Validity
+            Not Before: Dec 11 16:14:16 1998 GMT
+            Not After : Dec  8 16:14:16 2008 GMT
+        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=National Retail Federation, CN=DST (NRF) RootCA/Email=ca@digsigtrust.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:d9:ac:9b:77:fa:50:d3:cc:dc:b9:40:ac:b9:72:
+                    6a:00:87:23:fc:0f:96:21:d0:26:af:e4:e2:b5:5f:
+                    fa:d3:a6:7d:21:30:2e:cc:17:82:8f:98:74:fc:67:
+                    a4:a6:df:88:97:a2:42:29:f5:a7:db:11:93:fb:5e:
+                    23:30:c2:aa:bc:22:e7:41:1b:e5:ed:25:de:c8:3f:
+                    db:de:57:45:78:40:46:83:b2:d5:1a:3d:df:0f:45:
+                    6d:d5:63:02:75:d8:2f:c6:6e:ab:95:91:74:37:0d:
+                    cb:4d:09:5c:d1:d4:5b:3a:da:dd:0e:c8:6b:99:d8:
+                    d5:39:cc:df:85:55:c4:92:53:02:a3:e1:f7:80:c9:
+                    70:a3:da:dc:33:c4:7f:a2:47:08:1c:35:96:1f:a1:
+                    03:1c:30:83:f4:c4:cc:ff:98:c3:b0:46:44:a2:c0:
+                    bf:ad:db:d2:81:f6:4c:98:2c:a7:5e:24:f3:86:ca:
+                    63:d5:ba:7d:f0:9a:c0:4a:d0:1b:58:ee:ec:a9:67:
+                    cf:69:02:6c:22:c0:60:2c:2c:d1:c8:20:ea:c8:2d:
+                    fb:dd:9c:bb:cb:51:4c:dc:e7:57:04:3b:54:9b:11:
+                    a5:32:74:ec:74:01:f3:90:15:5b:2f:7c:2c:93:65:
+                    b9:66:67:b4:81:88:35:e5:9e:91:18:7f:81:a8:41:
+                    c8:cb
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        84:5e:0b:3b:ec:a0:8d:1c:9b:d0:3c:1d:71:69:e4:1a:7f:64:
+        be:81:65:61:c5:8c:6a:d7:7c:00:74:e0:7a:62:55:ed:24:7c:
+        e0:61:e3:f2:dd:14:e6:11:6e:83:0e:e1:ea:a9:9e:80:ad:9a:
+        20:bf:e0:57:7e:d5:d0:b5:84:63:2d:d9:18:e4:bd:1b:35:2c:
+        5e:ae:61:76:aa:67:85:3b:38:e1:31:81:1f:31:7f:e6:d7:f8:
+        5b:d2:bb:63:79:86:c4:8c:c5:de:0a:ae:d7:d1:fc:01:74:ff:
+        b6:b6:0d:62:81:67:1c:bb:26:f8:24:80:e0:5c:5e:d8:a4:8a:
+        3a:8f:7d:cb:ff:92:a3:fd:7c:a9:32:69:07:58:58:61:42:99:
+        52:03:b1:38:3d:c6:71:6f:6c:f2:e8:7d:06:aa:c1:7c:53:cb:
+        1a:2d:88:4f:c9:a9:a7:ac:69:6f:f7:a4:1f:d8:74:81:f5:4a:
+        bf:b1:55:b7:d3:77:38:a7:6f:c2:4a:c8:e2:73:89:d3:57:72:
+        e1:43:2f:72:3c:f6:1f:b7:f8:04:4a:6e:c1:e9:94:17:e4:97:
+        17:f4:0e:13:86:6f:8d:ab:e8:5f:2d:b4:ff:6c:d6:a2:b4:1f:
+        ec:b9:94:6a:aa:12:4f:1a:dd:f5:77:b5:25:8c:f2:8a:0a:f1:
+        fc:52:5b:58
+
+TC TrustCenter, Germany, Class 0 CA
+===================================
+MD5 Fingerprint: 35:85:49:8E:6E:57:FE:BD:97:F1:C9:46:23:3A:B6:7D
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIENTCCA56gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
+IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
+IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDAgQ0ExKTAnBgkqhkiG9w0B
+CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTQ0OFoX
+DTA1MTIzMTEzNTQ0OFowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
+MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
+U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
+dENlbnRlciBDbGFzcyAwIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
+cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA333mvr/V
+8C9tTg7R4I0LfztU6IrisJ8oxYrGubMzJ/UnyhpMVBJrtLJGsx1Ls/QhC0sCLqHC
+NJyFoMR4EdvbaycrCSoYTkDMn3EZZ5l0onw/wdiLI8hjO4ohq1zeHvSN3LQYwwVz
+9Gq0ofoBCCsBD203W6o4hmc51+Vf+uR+zKMCAwEAAaOCAUMwggE/MEAGCWCGSAGG
++EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
+LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
+ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
+czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
+AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
+bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAw
+IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQBNB39fCTAZ
+kqoFR3qUdVQqrs/82AxC4UU4KySVssqHynnEw5eQXmIYxsk4YUxoNdNMFBHrxM2h
+qdjFnmgnMgc1RQT4XyGgYB4cAEgEWNLFy65tMm49d5WMhcflrlCddUp7/wsneepN
+pFn/7FrqJqU5g6TReM6nqX683SvKEpMDSg==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 0 CA/Email=certificate@trustcenter.de
+        Validity
+            Not Before: Mar  9 13:54:48 1998 GMT
+            Not After : Dec 31 13:54:48 2005 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 0 CA/Email=certificate@trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:df:7d:e6:be:bf:d5:f0:2f:6d:4e:0e:d1:e0:8d:
+                    0b:7f:3b:54:e8:8a:e2:b0:9f:28:c5:8a:c6:b9:b3:
+                    33:27:f5:27:ca:1a:4c:54:12:6b:b4:b2:46:b3:1d:
+                    4b:b3:f4:21:0b:4b:02:2e:a1:c2:34:9c:85:a0:c4:
+                    78:11:db:db:6b:27:2b:09:2a:18:4e:40:cc:9f:71:
+                    19:67:99:74:a2:7c:3f:c1:d8:8b:23:c8:63:3b:8a:
+                    21:ab:5c:de:1e:f4:8d:dc:b4:18:c3:05:73:f4:6a:
+                    b4:a1:fa:01:08:2b:01:0f:6d:37:5b:aa:38:86:67:
+                    39:d7:e5:5f:fa:e4:7e:cc:a3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape CA Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape Renewal Url: 
+                https://www.trustcenter.de/cgi-bin/Renew.cgi?
+            Netscape CA Policy Url: 
+                http://www.trustcenter.de/guidelines/index.html
+            Netscape Comment: 
+                TC TrustCenter Class 0 CA
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        4d:07:7f:5f:09:30:19:92:aa:05:47:7a:94:75:54:2a:ae:cf:
+        fc:d8:0c:42:e1:45:38:2b:24:95:b2:ca:87:ca:79:c4:c3:97:
+        90:5e:62:18:c6:c9:38:61:4c:68:35:d3:4c:14:11:eb:c4:cd:
+        a1:a9:d8:c5:9e:68:27:32:07:35:45:04:f8:5f:21:a0:60:1e:
+        1c:00:48:04:58:d2:c5:cb:ae:6d:32:6e:3d:77:95:8c:85:c7:
+        e5:ae:50:9d:75:4a:7b:ff:0b:27:79:ea:4d:a4:59:ff:ec:5a:
+        ea:26:a5:39:83:a4:d1:78:ce:a7:a9:7e:bc:dd:2b:ca:12:93:
+        03:4a
+
+TC TrustCenter, Germany, Class 1 CA
+===================================
+MD5 Fingerprint: 64:3F:F8:3E:52:14:4A:59:BA:93:56:04:0B:23:02:D1
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIENTCCA56gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
+IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
+IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDEgQ0ExKTAnBgkqhkiG9w0B
+CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTYzM1oX
+DTA1MTIzMTEzNTYzM1owgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
+MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
+U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
+dENlbnRlciBDbGFzcyAxIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
+cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsCnrtHaz
+rte2W7Re573jsZxJBFdboavZfxMb/bphq9jncd8tAJRdUUh9I+91YoSQPAofWRF0
+L46Apf0wAj0pUs1yGkkhnLzLUo5IoWOWyBCFMGlXdEXAWobG1T3gaFd9MWokjUWX
+PjF+aGYybiRt7DI2yUHK8DFEyKNhyhugNh8CAwEAAaOCAUMwggE/MEAGCWCGSAGG
++EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
+LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
+ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
+czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
+AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
+bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAx
+IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQAFQlImpAwn
+AUSsXCUowkRCVAi5HcU+bFlmxLNOUKf4+JZ1oZZ16BY4oM1dbvp5pxt7HR7DALlm
+vlrWYg/n8nu470zgwD9Zrjm3hAmeq/GpLmtp4q3M8up4CQUgOEJxGH7Hspfm1QIF
+BlajX/GqwsRP/vfvFg+d7KqFzz0pJPEEzQ==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 1 CA/Email=certificate@trustcenter.de
+        Validity
+            Not Before: Mar  9 13:56:33 1998 GMT
+            Not After : Dec 31 13:56:33 2005 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 1 CA/Email=certificate@trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b0:29:eb:b4:76:b3:ae:d7:b6:5b:b4:5e:e7:bd:
+                    e3:b1:9c:49:04:57:5b:a1:ab:d9:7f:13:1b:fd:ba:
+                    61:ab:d8:e7:71:df:2d:00:94:5d:51:48:7d:23:ef:
+                    75:62:84:90:3c:0a:1f:59:11:74:2f:8e:80:a5:fd:
+                    30:02:3d:29:52:cd:72:1a:49:21:9c:bc:cb:52:8e:
+                    48:a1:63:96:c8:10:85:30:69:57:74:45:c0:5a:86:
+                    c6:d5:3d:e0:68:57:7d:31:6a:24:8d:45:97:3e:31:
+                    7e:68:66:32:6e:24:6d:ec:32:36:c9:41:ca:f0:31:
+                    44:c8:a3:61:ca:1b:a0:36:1f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape CA Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape Renewal Url: 
+                https://www.trustcenter.de/cgi-bin/Renew.cgi?
+            Netscape CA Policy Url: 
+                http://www.trustcenter.de/guidelines/index.html
+            Netscape Comment: 
+                TC TrustCenter Class 1 CA
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        05:42:52:26:a4:0c:27:01:44:ac:5c:25:28:c2:44:42:54:08:
+        b9:1d:c5:3e:6c:59:66:c4:b3:4e:50:a7:f8:f8:96:75:a1:96:
+        75:e8:16:38:a0:cd:5d:6e:fa:79:a7:1b:7b:1d:1e:c3:00:b9:
+        66:be:5a:d6:62:0f:e7:f2:7b:b8:ef:4c:e0:c0:3f:59:ae:39:
+        b7:84:09:9e:ab:f1:a9:2e:6b:69:e2:ad:cc:f2:ea:78:09:05:
+        20:38:42:71:18:7e:c7:b2:97:e6:d5:02:05:06:56:a3:5f:f1:
+        aa:c2:c4:4f:fe:f7:ef:16:0f:9d:ec:aa:85:cf:3d:29:24:f1:
+        04:cd
+
+TC TrustCenter, Germany, Class 2 CA
+===================================
+MD5 Fingerprint: E1:E9:96:53:77:E1:F0:38:A0:02:AB:94:C6:95:7B:FC
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIENTCCA56gAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
+IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
+IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0ExKTAnBgkqhkiG9w0B
+CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTc0NFoX
+DTA1MTIzMTEzNTc0NFowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
+MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
+U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
+dENlbnRlciBDbGFzcyAyIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
+cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2jjo7TIA
+KXGDAQ2/jAHc2satOaSpii/Vi1xoX1DGYvVmvcqRIuyqHVHXPbNRsoNOXctJsPBM
+VeVrLceFCzAckk6C1MoC7fdvvtzg4xS4BVPymvRWi1qehZPRtIJWrk27qEtXFrz+
++Fie+CmNsHvNeMlPrItnDPGc+/xXm1dcTw0CAwEAAaOCAUMwggE/MEAGCWCGSAGG
++EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
+LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
+ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
+czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
+AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
+bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAy
+IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCJG/Tv6Tji
+bAz2zW9JzinM+6YP+Y0+lUbW/EcyibLIBmF60ucNEwKUC9mLVkf0u+fFX3v0Y0yu
+fDTqDaKpsyyF8+P+J1QQkrCPksGYQhhwSNtOLOsNJGjk0fe+Cakph7vo2tw+o4hC
+MfXR43+u2I4AWnSYsE/G/yN7XHMAeMnbTg==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/Email=certificate@trustcenter.de
+        Validity
+            Not Before: Mar  9 13:57:44 1998 GMT
+            Not After : Dec 31 13:57:44 2005 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/Email=certificate@trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:da:38:e8:ed:32:00:29:71:83:01:0d:bf:8c:01:
+                    dc:da:c6:ad:39:a4:a9:8a:2f:d5:8b:5c:68:5f:50:
+                    c6:62:f5:66:bd:ca:91:22:ec:aa:1d:51:d7:3d:b3:
+                    51:b2:83:4e:5d:cb:49:b0:f0:4c:55:e5:6b:2d:c7:
+                    85:0b:30:1c:92:4e:82:d4:ca:02:ed:f7:6f:be:dc:
+                    e0:e3:14:b8:05:53:f2:9a:f4:56:8b:5a:9e:85:93:
+                    d1:b4:82:56:ae:4d:bb:a8:4b:57:16:bc:fe:f8:58:
+                    9e:f8:29:8d:b0:7b:cd:78:c9:4f:ac:8b:67:0c:f1:
+                    9c:fb:fc:57:9b:57:5c:4f:0d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape CA Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape Renewal Url: 
+                https://www.trustcenter.de/cgi-bin/Renew.cgi?
+            Netscape CA Policy Url: 
+                http://www.trustcenter.de/guidelines/index.html
+            Netscape Comment: 
+                TC TrustCenter Class 2 CA
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        89:1b:f4:ef:e9:38:e2:6c:0c:f6:cd:6f:49:ce:29:cc:fb:a6:
+        0f:f9:8d:3e:95:46:d6:fc:47:32:89:b2:c8:06:61:7a:d2:e7:
+        0d:13:02:94:0b:d9:8b:56:47:f4:bb:e7:c5:5f:7b:f4:63:4c:
+        ae:7c:34:ea:0d:a2:a9:b3:2c:85:f3:e3:fe:27:54:10:92:b0:
+        8f:92:c1:98:42:18:70:48:db:4e:2c:eb:0d:24:68:e4:d1:f7:
+        be:09:a9:29:87:bb:e8:da:dc:3e:a3:88:42:31:f5:d1:e3:7f:
+        ae:d8:8e:00:5a:74:98:b0:4f:c6:ff:23:7b:5c:73:00:78:c9:
+        db:4e
+
+TC TrustCenter, Germany, Class 3 CA
+===================================
+MD5 Fingerprint: 62:AB:B6:15:4A:B4:B0:16:77:FF:AE:CF:16:16:2B:8C
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIENTCCA56gAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
+IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
+IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0B
+CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTg0OVoX
+DTA1MTIzMTEzNTg0OVowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
+MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
+U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
+dENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
+cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtrTBNQUu
+DY3soEBqHA4nplCSa1AbB94u53bM4Nr8hKhejGNqK03ZTgJ2EcEL8o15ygC28bAO
+1/ukFz2vq2l6lie/rzOhmipZqsS1NwjyEqUxtkP1MpZxKCirjSiG37vu4wx9MNbD
+UquPXSeca8Cj5wVrV0lEs27qZM/SjnpQd3cCAwEAAaOCAUMwggE/MEAGCWCGSAGG
++EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
+LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
+ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
+czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
+AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
+bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAz
+IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCEhlBieaAn
+4SW6CbE0DxMJ7S3Ko+aV+TCszRelzj2Xnex8jyZ/wGHKIveR3Tw2WZqbdfe85Mjt
+7AK2IqfzLPHIknhttu7FKOyAIE+5awjnL6eGHn2xCJ9UuQA3PKDYGsiWHPQyFJw5
+lbfu8ENJwl7oy3lvU7/7SYos2EvZVfIScA==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/Email=certificate@trustcenter.de
+        Validity
+            Not Before: Mar  9 13:58:49 1998 GMT
+            Not After : Dec 31 13:58:49 2005 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/Email=certificate@trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b6:b4:c1:35:05:2e:0d:8d:ec:a0:40:6a:1c:0e:
+                    27:a6:50:92:6b:50:1b:07:de:2e:e7:76:cc:e0:da:
+                    fc:84:a8:5e:8c:63:6a:2b:4d:d9:4e:02:76:11:c1:
+                    0b:f2:8d:79:ca:00:b6:f1:b0:0e:d7:fb:a4:17:3d:
+                    af:ab:69:7a:96:27:bf:af:33:a1:9a:2a:59:aa:c4:
+                    b5:37:08:f2:12:a5:31:b6:43:f5:32:96:71:28:28:
+                    ab:8d:28:86:df:bb:ee:e3:0c:7d:30:d6:c3:52:ab:
+                    8f:5d:27:9c:6b:c0:a3:e7:05:6b:57:49:44:b3:6e:
+                    ea:64:cf:d2:8e:7a:50:77:77
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape CA Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape Renewal Url: 
+                https://www.trustcenter.de/cgi-bin/Renew.cgi?
+            Netscape CA Policy Url: 
+                http://www.trustcenter.de/guidelines/index.html
+            Netscape Comment: 
+                TC TrustCenter Class 3 CA
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        84:86:50:62:79:a0:27:e1:25:ba:09:b1:34:0f:13:09:ed:2d:
+        ca:a3:e6:95:f9:30:ac:cd:17:a5:ce:3d:97:9d:ec:7c:8f:26:
+        7f:c0:61:ca:22:f7:91:dd:3c:36:59:9a:9b:75:f7:bc:e4:c8:
+        ed:ec:02:b6:22:a7:f3:2c:f1:c8:92:78:6d:b6:ee:c5:28:ec:
+        80:20:4f:b9:6b:08:e7:2f:a7:86:1e:7d:b1:08:9f:54:b9:00:
+        37:3c:a0:d8:1a:c8:96:1c:f4:32:14:9c:39:95:b7:ee:f0:43:
+        49:c2:5e:e8:cb:79:6f:53:bf:fb:49:8a:2c:d8:4b:d9:55:f2:
+        12:70
+
+TC TrustCenter, Germany, Class 4 CA
+===================================
+MD5 Fingerprint: BF:AF:EC:C4:DA:F9:30:F9:CA:35:CA:25:E4:3F:8D:89
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIENTCCA56gAwIBAgIBBTANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
+IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
+IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDQgQ0ExKTAnBgkqhkiG9w0B
+CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTE0MDAyMFoX
+DTA1MTIzMTE0MDAyMFowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
+MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
+U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
+dENlbnRlciBDbGFzcyA0IENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
+cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvy9j1jZ7
+sg3TVfVkbOYlXca0yBS6JTiD61ZipVWpZaP0I5nCS7nQzVRnpqOgo6kzK3bkva13
+su1cEnTDxbYPUppyk0OQYmYVD0Wl3eDduG9AblfBeXKjYKq6dh0SiVNa/AK+4QkT
+xUov3D2LGa3XiyRF+0z0zVw1HSlMUfPybFUCAwEAAaOCAUMwggE/MEAGCWCGSAGG
++EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
+LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
+ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
+czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
+AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
+bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyA0
+IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCUaBQbJZ4p
+mbGyI9JEs5Wf0Z5VBN3jL4IzVZZ3GZ0rnmUc+orjx48l/LEeVUYPj/9PNy+kdlmm
+ZOvVFnC93ZUzDKQNJOtkULRDEfJDvg1xmCLsAa/s98dcccN1kVgZ6N2g9LTxvBBK
+85O0Bkm7H2bSvXRH4Zr569erbR+64R0s2g==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 4 CA/Email=certificate@trustcenter.de
+        Validity
+            Not Before: Mar  9 14:00:20 1998 GMT
+            Not After : Dec 31 14:00:20 2005 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 4 CA/Email=certificate@trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bf:2f:63:d6:36:7b:b2:0d:d3:55:f5:64:6c:e6:
+                    25:5d:c6:b4:c8:14:ba:25:38:83:eb:56:62:a5:55:
+                    a9:65:a3:f4:23:99:c2:4b:b9:d0:cd:54:67:a6:a3:
+                    a0:a3:a9:33:2b:76:e4:bd:ad:77:b2:ed:5c:12:74:
+                    c3:c5:b6:0f:52:9a:72:93:43:90:62:66:15:0f:45:
+                    a5:dd:e0:dd:b8:6f:40:6e:57:c1:79:72:a3:60:aa:
+                    ba:76:1d:12:89:53:5a:fc:02:be:e1:09:13:c5:4a:
+                    2f:dc:3d:8b:19:ad:d7:8b:24:45:fb:4c:f4:cd:5c:
+                    35:1d:29:4c:51:f3:f2:6c:55
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape CA Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape Renewal Url: 
+                https://www.trustcenter.de/cgi-bin/Renew.cgi?
+            Netscape CA Policy Url: 
+                http://www.trustcenter.de/guidelines/index.html
+            Netscape Comment: 
+                TC TrustCenter Class 4 CA
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        94:68:14:1b:25:9e:29:99:b1:b2:23:d2:44:b3:95:9f:d1:9e:
+        55:04:dd:e3:2f:82:33:55:96:77:19:9d:2b:9e:65:1c:fa:8a:
+        e3:c7:8f:25:fc:b1:1e:55:46:0f:8f:ff:4f:37:2f:a4:76:59:
+        a6:64:eb:d5:16:70:bd:dd:95:33:0c:a4:0d:24:eb:64:50:b4:
+        43:11:f2:43:be:0d:71:98:22:ec:01:af:ec:f7:c7:5c:71:c3:
+        75:91:58:19:e8:dd:a0:f4:b4:f1:bc:10:4a:f3:93:b4:06:49:
+        bb:1f:66:d2:bd:74:47:e1:9a:f9:eb:d7:ab:6d:1f:ba:e1:1d:
+        2c:da
+
+Thawte Personal Basic CA
+========================
+MD5 Fingerprint: E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDITCCAoqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFBlcnNvbmFsIEJhc2lj
+IENBMSgwJgYJKoZIhvcNAQkBFhlwZXJzb25hbC1iYXNpY0B0aGF3dGUuY29tMB4X
+DTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgcsxCzAJBgNVBAYTAlpBMRUw
+EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE
+ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQZXJzb25hbCBCYXNpYyBD
+QTEoMCYGCSqGSIb3DQEJARYZcGVyc29uYWwtYmFzaWNAdGhhd3RlLmNvbTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvLyTU23AUE+CFeZIlDWmWr5vQvoPR+53
+dXLdjUmbllegeNTKP1GzaQuRdhciB5dqxFGTS+CN7zeVoQxN2jSQHReJl+A1OFdK
+wPQIcOk8RHtQfmGakOMj04gRRif1CwcOu93RfyAKiLlWCy4cgNrx454p7xS9CkT7
+G1sY0b8jkyECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQF
+AAOBgQAt4plrsD16iddZopQBHyvdEktTwq1/qqcAXJFAVyVKOKqEcLnZgA+le1z7
+c8a914phXAPjLSeoF+CEhULcXpvGt7Jtu3Sv5D/Lp7ew4F2+eIMllNLbgQ95B21P
+9DkVWlIBe94y1k049hJcBlDfBVu9FEuh3ym6O0GN92NWod8isQ==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA/Email=personal-basic@thawte.com
+        Validity
+            Not Before: Jan  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA/Email=personal-basic@thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bc:bc:93:53:6d:c0:50:4f:82:15:e6:48:94:35:
+                    a6:5a:be:6f:42:fa:0f:47:ee:77:75:72:dd:8d:49:
+                    9b:96:57:a0:78:d4:ca:3f:51:b3:69:0b:91:76:17:
+                    22:07:97:6a:c4:51:93:4b:e0:8d:ef:37:95:a1:0c:
+                    4d:da:34:90:1d:17:89:97:e0:35:38:57:4a:c0:f4:
+                    08:70:e9:3c:44:7b:50:7e:61:9a:90:e3:23:d3:88:
+                    11:46:27:f5:0b:07:0e:bb:dd:d1:7f:20:0a:88:b9:
+                    56:0b:2e:1c:80:da:f1:e3:9e:29:ef:14:bd:0a:44:
+                    fb:1b:5b:18:d1:bf:23:93:21
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        2d:e2:99:6b:b0:3d:7a:89:d7:59:a2:94:01:1f:2b:dd:12:4b:
+        53:c2:ad:7f:aa:a7:00:5c:91:40:57:25:4a:38:aa:84:70:b9:
+        d9:80:0f:a5:7b:5c:fb:73:c6:bd:d7:8a:61:5c:03:e3:2d:27:
+        a8:17:e0:84:85:42:dc:5e:9b:c6:b7:b2:6d:bb:74:af:e4:3f:
+        cb:a7:b7:b0:e0:5d:be:78:83:25:94:d2:db:81:0f:79:07:6d:
+        4f:f4:39:15:5a:52:01:7b:de:32:d6:4d:38:f6:12:5c:06:50:
+        df:05:5b:bd:14:4b:a1:df:29:ba:3b:41:8d:f7:63:56:a1:df:
+        22:b1
+
+Thawte Personal Freemail CA
+===========================
+MD5 Fingerprint: 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVt
+YWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUu
+Y29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgdExCzAJBgNVBAYT
+AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEa
+MBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBG
+cmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhh
+d3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX1LCUZFtx6UfY
+DFG26nKRsIRefS0Nj3sS34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5E
+rHzmj+hND3EfQDimAKOHePb5lIZererAXnbr2RSjXW56fAylS1V/Bhkpf56aJtVq
+uzgkCGqYx7Hao5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zAN
+BgkqhkiG9w0BAQQFAAOBgQDH7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawmu1I1XAjP
+MPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJsYHFcoqzceePnbgBHH7UNKOgCneSa
+/RP0ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1iwzdUYRr5PjRznei
+gQ==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/Email=personal-freemail@thawte.com
+        Validity
+            Not Before: Jan  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/Email=personal-freemail@thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d4:69:d7:d4:b0:94:64:5b:71:e9:47:d8:0c:51:
+                    b6:ea:72:91:b0:84:5e:7d:2d:0d:8f:7b:12:df:85:
+                    25:75:28:74:3a:42:2c:63:27:9f:95:7b:4b:ef:7e:
+                    19:87:1d:86:ea:a3:dd:b9:ce:96:64:1a:c2:14:6e:
+                    44:ac:7c:e6:8f:e8:4d:0f:71:1f:40:38:a6:00:a3:
+                    87:78:f6:f9:94:86:5e:ad:ea:c0:5e:76:eb:d9:14:
+                    a3:5d:6e:7a:7c:0c:a5:4b:55:7f:06:19:29:7f:9e:
+                    9a:26:d5:6a:bb:38:24:08:6a:98:c7:b1:da:a3:98:
+                    91:fd:79:db:e5:5a:c4:1c:b9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        c7:ec:92:7e:4e:f8:f5:96:a5:67:62:2a:a4:f0:4d:11:60:d0:
+        6f:8d:60:58:61:ac:26:bb:52:35:5c:08:cf:30:fb:a8:4a:96:
+        8a:1f:62:42:23:8c:17:0f:f4:ba:64:9c:17:ac:47:29:df:9d:
+        98:5e:d2:6c:60:71:5c:a2:ac:dc:79:e3:e7:6e:00:47:1f:b5:
+        0d:28:e8:02:9d:e4:9a:fd:13:f4:a6:d9:7c:b1:f8:dc:5f:23:
+        26:09:91:80:73:d0:14:1b:de:43:a9:83:25:f2:e6:9c:2f:15:
+        ca:fe:a6:ab:8a:07:75:8b:0c:dd:51:84:6b:e4:f8:d1:ce:77:
+        a2:81
+
+Thawte Personal Premium CA
+==========================
+MD5 Fingerprint: 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBzzELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEjMCEGA1UEAxMaVGhhd3RlIFBlcnNvbmFsIFByZW1p
+dW0gQ0ExKjAoBgkqhkiG9w0BCQEWG3BlcnNvbmFsLXByZW1pdW1AdGhhd3RlLmNv
+bTAeFw05NjAxMDEwMDAwMDBaFw0yMDEyMzEyMzU5NTlaMIHPMQswCQYDVQQGEwJa
+QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAY
+BgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u
+IFNlcnZpY2VzIERpdmlzaW9uMSMwIQYDVQQDExpUaGF3dGUgUGVyc29uYWwgUHJl
+bWl1bSBDQTEqMCgGCSqGSIb3DQEJARYbcGVyc29uYWwtcHJlbWl1bUB0aGF3dGUu
+Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJZtn4B0TPuYwu8KHvE0Vs
+Bd/eJxZRNkERbGw77f4QfRKe5ZtCmv5gMcNmt3M6SK5O0DI3lIi1DbbZ8/JE2dWI
+Et12TfIa/G8jHnrx2JhFTgcQ7xZC0EN1bUre4qrJMf8fAHB8Zs8QJQi6+u4A6UYD
+ZicRFTuqW/KY3TZCstqIdQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBBAUAA4GBAGk2ifc0KjNyL2071CKyuG+axTZmDhs8obF1Wub9NdP4qPIH
+b4Vnjt4rueIXsDqg8A6iAJrf8xQVbrvIhVqYgPn/vnQdPfP+MCXRNzRn+qVxeTBh
+KXLA4CxM+1bkOqhv5TJZUtt1KFBZDPgLGeSs2a+WjS9Q2wfD6h+rM+D1KzGJ
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/Email=personal-premium@thawte.com
+        Validity
+            Not Before: Jan  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/Email=personal-premium@thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c9:66:d9:f8:07:44:cf:b9:8c:2e:f0:a1:ef:13:
+                    45:6c:05:df:de:27:16:51:36:41:11:6c:6c:3b:ed:
+                    fe:10:7d:12:9e:e5:9b:42:9a:fe:60:31:c3:66:b7:
+                    73:3a:48:ae:4e:d0:32:37:94:88:b5:0d:b6:d9:f3:
+                    f2:44:d9:d5:88:12:dd:76:4d:f2:1a:fc:6f:23:1e:
+                    7a:f1:d8:98:45:4e:07:10:ef:16:42:d0:43:75:6d:
+                    4a:de:e2:aa:c9:31:ff:1f:00:70:7c:66:cf:10:25:
+                    08:ba:fa:ee:00:e9:46:03:66:27:11:15:3b:aa:5b:
+                    f2:98:dd:36:42:b2:da:88:75
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        69:36:89:f7:34:2a:33:72:2f:6d:3b:d4:22:b2:b8:6f:9a:c5:
+        36:66:0e:1b:3c:a1:b1:75:5a:e6:fd:35:d3:f8:a8:f2:07:6f:
+        85:67:8e:de:2b:b9:e2:17:b0:3a:a0:f0:0e:a2:00:9a:df:f3:
+        14:15:6e:bb:c8:85:5a:98:80:f9:ff:be:74:1d:3d:f3:fe:30:
+        25:d1:37:34:67:fa:a5:71:79:30:61:29:72:c0:e0:2c:4c:fb:
+        56:e4:3a:a8:6f:e5:32:59:52:db:75:28:50:59:0c:f8:0b:19:
+        e4:ac:d9:af:96:8d:2f:50:db:07:c3:ea:1f:ab:33:e0:f5:2b:
+        31:89
+
+Thawte Premium Server CA
+========================
+MD5 Fingerprint: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
+dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
+MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
+MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
+A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
+cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
+VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
+ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
+uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
+hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
+pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/Email=premium-server@thawte.com
+        Validity
+            Not Before: Aug  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/Email=premium-server@thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d2:36:36:6a:8b:d7:c2:5b:9e:da:81:41:62:8f:
+                    38:ee:49:04:55:d6:d0:ef:1c:1b:95:16:47:ef:18:
+                    48:35:3a:52:f4:2b:6a:06:8f:3b:2f:ea:56:e3:af:
+                    86:8d:9e:17:f7:9e:b4:65:75:02:4d:ef:cb:09:a2:
+                    21:51:d8:9b:d0:67:d0:ba:0d:92:06:14:73:d4:93:
+                    cb:97:2a:00:9c:5c:4e:0c:bc:fa:15:52:fc:f2:44:
+                    6e:da:11:4a:6e:08:9f:2f:2d:e3:f9:aa:3a:86:73:
+                    b6:46:53:58:c8:89:05:bd:83:11:b8:73:3f:aa:07:
+                    8d:f4:42:4d:e7:40:9d:1c:37
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        26:48:2c:16:c2:58:fa:e8:16:74:0c:aa:aa:5f:54:3f:f2:d7:
+        c9:78:60:5e:5e:6e:37:63:22:77:36:7e:b2:17:c4:34:b9:f5:
+        08:85:fc:c9:01:38:ff:4d:be:f2:16:42:43:e7:bb:5a:46:fb:
+        c1:c6:11:1f:f1:4a:b0:28:46:c9:c3:c4:42:7d:bc:fa:ab:59:
+        6e:d5:b7:51:88:11:e3:a4:85:19:6b:82:4c:a4:0c:12:ad:e9:
+        a4:ae:3f:f1:c3:49:65:9a:8c:c5:c8:3e:25:b7:94:99:bb:92:
+        32:71:07:f0:86:5e:ed:50:27:a6:0d:a6:23:f9:bb:cb:a6:07:
+        14:42
+
+Thawte Server CA
+================
+MD5 Fingerprint: C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
+MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
+MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
+DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
+dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
+cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
+DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
+yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
+L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
+EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
+7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
+QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
+qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/Email=server-certs@thawte.com
+        Validity
+            Not Before: Aug  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/Email=server-certs@thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d3:a4:50:6e:c8:ff:56:6b:e6:cf:5d:b6:ea:0c:
+                    68:75:47:a2:aa:c2:da:84:25:fc:a8:f4:47:51:da:
+                    85:b5:20:74:94:86:1e:0f:75:c9:e9:08:61:f5:06:
+                    6d:30:6e:15:19:02:e9:52:c0:62:db:4d:99:9e:e2:
+                    6a:0c:44:38:cd:fe:be:e3:64:09:70:c5:fe:b1:6b:
+                    29:b6:2f:49:c8:3b:d4:27:04:25:10:97:2f:e7:90:
+                    6d:c0:28:42:99:d7:4c:43:de:c3:f5:21:6d:54:9f:
+                    5d:c3:58:e1:c0:e4:d9:5b:b0:b8:dc:b4:7b:df:36:
+                    3a:c2:b5:66:22:12:d6:87:0d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        07:fa:4c:69:5c:fb:95:cc:46:ee:85:83:4d:21:30:8e:ca:d9:
+        a8:6f:49:1a:e6:da:51:e3:60:70:6c:84:61:11:a1:1a:c8:48:
+        3e:59:43:7d:4f:95:3d:a1:8b:b7:0b:62:98:7a:75:8a:dd:88:
+        4e:4e:9e:40:db:a8:cc:32:74:b9:6f:0d:c6:e3:b3:44:0b:d9:
+        8a:6f:9a:29:9b:99:18:28:3b:d1:e3:40:28:9a:5a:3c:d5:b5:
+        e7:20:1b:8b:ca:a4:ab:8d:e9:51:d9:e2:4c:2c:59:a9:da:b9:
+        b2:75:1b:f6:42:f2:ef:c7:f2:18:f9:89:bc:a3:ff:8a:23:2e:
+        70:47
+
+Thawte Universal CA Root
+========================
+MD5 Fingerprint: 17:AF:71:16:52:7B:73:65:22:05:29:28:84:71:9D:13
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIRIjCCCQoCAQAwDQYJKoZIhvcNAQEFBQAwVzEPMA0GA1UEChMGVGhhd3RlMSEw
+HwYDVQQLExhUaGF3dGUgVW5pdmVyc2FsIENBIFJvb3QxITAfBgNVBAMTGFRoYXd0
+ZSBVbml2ZXJzYWwgQ0EgUm9vdDAeFw05OTEyMDUxMzU2MDVaFw0zNzA0MDMxMzU2
+MDVaMFcxDzANBgNVBAoTBlRoYXd0ZTEhMB8GA1UECxMYVGhhd3RlIFVuaXZlcnNh
+bCBDQSBSb290MSEwHwYDVQQDExhUaGF3dGUgVW5pdmVyc2FsIENBIFJvb3Qwgggi
+MA0GCSqGSIb3DQEBAQUAA4IIDwAwgggKAoIIAQDiiQVtw3+tpok6/7vHzZ03seHS
+IR6bYSoV53tXT1U80Lv52T0+przstK1TmhYC6wty/Yryj0QFxevT5b22RDnm+0e/
+ap4KlRjiaOLWltYhrYj99Rf109pCpZDtKZWWdTrah6HU9dOH3gVipuNmdJLPpby7
+32j/cXVWQVk16zNaZlHy0qMKwYzOc1wRby2MlYyRsf3P5a1WlcyFkoOQVUHJwnft
++aN0QgpoCPPQ0WX9Zyw0/yR/53nIBzslV92kDJg9vuDMGWXb8lSir0LUneKuhCMl
+CTMStWoedsSL2UkAbF66H/Ib2mfKJ6qjRCMbg4LO8qsz7VSk3MmrWWXROA7BPhtn
+j9Z1AeBVIt12d+yO3fTPeSJtuVcD9ZkIpzw+NPvEF64jWM0k8yPKagIolAGBNLRs
+a66LGsOj0gk8FlT1Nl8k459KoeJkxhbDpoF6JDZHjsFeDvv5FXgE1g5Z2Z1YZmLS
+lCkyMsh4uWb2tVbhbMYUS5ZSWZECJGpVR9c/tiMaYHeXLuJAr54EV56tEcXJQ3Dv
+SLRerBxpLi6C1VuLvoK+GRRe5w0ix1Eb/x6b8TCPcTEGszQnj196ZoJPii0Tq0LP
+IVael45mNg+Wm+Ur9AKpKmqMLMTDuHAsLSkeP1B3Hm0qVORVCpE4ocW1ZqJ2Wu4P
+v7Rn4ShuD+E2oYLRv9R34cRnMpN4yOdUU/4jeeZozCaQ9hBjXSpvkS2kczJRIfK7
+Fd+qJAhIBt6hnia/uoO/fKTIoIy90v+8hGknEyQYxEUYIyZeGBTKLoiHYqNT5iG3
+uIV7moW7FSZy+Ln3anQPST+SvqkFt5knv78JF0uZTK0REHzfdDH2jyZfqoiuOFfI
+VS3T+9gbUZm+JRs6usB9G+3O0km5z/PFfYmQgdhpSCAQo/jvklEYMosRGMA/G4VW
+zlfJ8oJkxt8CCS5KES+xJ203UvDwFmHxZ43fh3Kvh9rP+1CUbtSUheuKLOoh9ZZK
+RNXgzmp0RE3QBdOHFe020KSLZlVwk+5HBsF+LqUYeWfzKIXxcPcOg6R+VJ5adjLL
+ZRu4zfvIKAPSVJHRp8WFQwgXdqXmL2cI2KGigi0M+MGvY9RQd21rRkpBhdWQX3kt
+xOzXEYdAiuFo4mT4VTL7b5Ms2nfZIcEX5TYsTn6Qf6yUKzJnvjhQdriuQbnXIcUJ
+TGDIo1HENJtXN9/LyTNXi+v7dp8ZTcVqHypFrivtL42npQDLBPolYi50SBvKKoy6
+27Z+9rsCfKnD21h4ob/w/hoQVRHO6GlOlmXGFwPWB2iMVIKuHCJVP/H0CZcowEb3
+TgslHfcH1wkdOhhXODvoMwbnj3hGHlv1BrbsuKYN8boTS9YYIN1pM0ozFa64yJiK
+JyyTvC377jO/ZuZNurabBlVgl0u8RM1+9KHYqi/AAighFmJ42whU8vz0NOPGjxxD
+V86QGkvcLjsokYk/eto1HY4s7kns9DOtyVOojJ8EUz4kHFLJEvliV6O87izrQHwg
+I3ArlflzF4rRwRxpprc4mmf3cB16WgxAz2IPhTzCAk5+tfbFKimEsx83KuGqckLE
+7Wsaj5IcXb7R8lvyq6qp0vW4pEErK5FuEkjKmNg3jcjtADC1tgROfpzahOzA+nvl
+HYikU0awlORcG6ElLA9IUneXCWzsWxgzgwLlgn7NhSEwEf0nT8/kHuw/pVds6Sow
+GSqI5cNpOKtvOXF/hOFBw+HMKokgUi6DD2w5P0stFqwt8CSsAHP0m7MGPwW4FIUf
+q55cPJ5inQ5tO4AJ/ALqopd0ysf541bhw8qlpprAkOAkElPSwovavu0CQ15n4YmY
+ee7LqsrDG9znpUalfGsWh7ZaKNfbJzxepb22Ud0fQ887Jsg6jSVhwUn0PBvJROqv
+HMIrlAEqDjDRW4srR+XD0QQDmw45LNYn1OZwWtl1zyrYyQAF5BOI7MM5+4dhMDZD
+A8ienKIGwi/F/PCAY7FUBKBMqS7G9XZ62NDk1JQR5RW1eAbcuICPmakgMz0QhUxl
+Cco+WF5gk5qqYl3AUQYcXWCgDZxLQ/anFiGkh6rywS7ukjC4nt/fEAGLhglw2Gyo
+t1AeFpa092f9NTohkCoyxwB7TQcQCbkvc9gYfmeZBE8G/FDHhZudQJ2zljf6pdyy
+ck7vTgks/ZH9Tfe7pqE+q3uiA0CmqVUn4vr5Gc6HdarxdTbz87iR+JHDi3UTjkxl
+mhY5auU06HqWWX81sAD9W2n8Qyb69Shu/ofZfiT7tKCCblSi/66/YrT0cgHCy5hH
+mOFMtReAgM6PpijuHkVq+9/xHfxaO9bq9GwdYklXO4qPhurwUwTOnBZo/7q5/IgP
+R/cCRHJAuMo7LVOd3DxWjFl7aBosjXG7bADHGs5vQJKxoy8P2UTyo3Aunu4OrjLQ
+Oz6LB+rmebNcKeJ9a6he+Vox6AiWoowDmEbxuH2QVCbtdmL+numabl7JScdcNFMp
+VNns5EbhgDt12d/7edWH8bqe6xnOTFJz5luHriVPOXnMxrj5EHvs8JtxpAWg0ynT
+Tn8f9C0oeMxVlXsekS/MVhhzi7LbvGkH5tDYT+2i/1iFo23gSlO3Z32NDFxbe3co
+AjVEegTTKEPIazAXXTK4KTW6dto7FEp2GFik+JI8nk0zb0ZrCNkxSGjd9PskVjSy
+z2lmvkjSimYizfJpzcJTE0UpQSLWXZgftqSyo8LuAi9RG9yDpOxwJajUCGEyb+Sh
+gS58Y3L6KWW8cETPXQIDAQABMA0GCSqGSIb3DQEBBQUAA4IIAQBVmjRqIgZpCUUz
+x66pXMcJTpuGvEGQ1JRS9s0jKZRLIs3ovf6dzVLyve2rh8mrq0YEtL2iPyIwR1DA
+S4x2DwP1ktKxLcR6NZzJc4frpp/eD3ON03+Z2LqPb8Tzvhqui6KUNpDi5euNBfT8
+Zd+V8cSUTRdW1588j1A853e/lYYmZPtq/8ba6YyuQrtp5TPG2OkNxlUhScEMtKP5
+m0tc3oNPQQPOKnloOH3wVEkg9bYQ/wjcM2aWm/8G3gCe185WQ5pR/HDN9vBRo7fN
+tFyFYs1xt8YrIyvdw25AQvo3/zcc9npXlIeFI9fUycdfwU0vyQ3XXOycJe6eMIKR
+lnK4dR34CWhXl7ItS+4l7HokKe5y1JwT26vcAwrYShTJCFdEXaG1U4A08hSXz1Le
+og6KEOkU79BgvmGh8SVd1RhzP5MQypbus0DS26NVz1dapQ5PdUff6veQmm31cC4d
+FBw3ZARZULDccoZvnDc9XSivc1Xv0u4kdHQT79zbMUn7P2P10wg+M6XnnQreUyxR
+jmfbm0FlQVC91KSWbIe8EuCUx9PA5MtzWACD4awnhdadU51cvQo+A0OcDJH1bXv4
+QHJ1qxF2kSvhxqofcGl2cBUJ/pPQ1i23FWqbZ1y0aZ8lpn2K+30iqXHyzk6MuCEt
+3v5BcQ3/nexzprsHT4gOWEcufqnCx3jdunqeTuAwTmNvhdQgQen6/kNF5/uverLO
+pAUdIppYht/kzkyp/tgWpW/72M5We/XWIO/kR81jJP+5vvFIo8EBcua9wK3tJg3K
+NJ/8Ai0gTwUgriE9DMIgPD/wBITcz4n9uSWRjtBD5rMgq1wt1UCeoEvY9LLMffFY
+Co6H7YisNpbkVqARivKa0LNXozS7Gas44XRrIsQxzgHVGzbjHjhMM5PfQONZV06s
+bnseWj3FHVusyBCCNQIisvx16BCRjcR9eJNHnhydrGtiAliM1hwj1q94woCcpKok
+VBS1FJjG+CsaJMtxMgrimw5pa91+jGTRLmPvDn+xPohMnVXlyW4XBLdB/72KQcsl
+MW9Edz9HsfyBiAeOBUkgtxHZaQMqA525M4Sa399640Zzo9iijFMZiFVMdLj2RIQr
+0RQtTjkukmj/afyFYhvrVU/vJYRiRZnW2E5vP1MIfR0GlYGAf09OdDaYteKHcJjc
+1/XcUhXmxtZ5ljl/j5XPq4BTrRsLRUAO1Bi9LN6Kd3b98kRHxiHQ5HTw2BgFyHww
+csff8bv8AjCp9EImWQ2TBYKhc+005ThdzVCQ/pT8E7y9/KiiiKdzxLKo0V2IxAKi
+evEEyf6MdMnvHWRBn6welmdkrKsoQced98CYG24HwmR9WoNmVig2nOf7HHcOKKDE
+92t5OQQghMdXk7wboOq860LlqBH+/KxlzP34KIj0pZrlc1HgqJsNA3dO5eCYs4ja
+febGnnwUZsEuU0qSBzegfuk9CeQVfM/9uEGl755mncReBx2H+EGt6ucv0kFjGDf5
+FONN0OX3Q/0V4/k2cwYm3wFPqcNO3iBGd5i0eiQrO3UrTliNm12kxxagvDKIP6GD
+8wDI+NhY6WNdTCu18HJB2Kt3N9ZydK62NpzIpoNJS+DJVgspvgAwy93WyEKKANns
+FdE0cfJbZIf2J9K364awkL8p2yGeNozjIC+VI1FsG8Kk1ebYAkNnoP6bUANEf7vk
+ctXR5NqPkhRk+10UEBJKlQbJZQgpyiGjJjgRySffcGcE/cpIMn9jskV0MVBPh9kg
+cNIhcLHWEJ0zXXiDkW1Vguza5GJjx4FG1xllcipDGZC41yNNTBzgRKlmZ6zucXkn
+Jnhtcg71XUsjtXx8ZekXxjoLDd1eHlHDhrjsf8cnSqVG6GotGcGHo8uZk4dkolUU
+TLdDpZPX59JOeUDKZZlGPT96gHqIaswe5WszRvRQwNUfCbjNii6hJ+tdc6foawrl
+V4IqsPziVFJW8KupEsYjlgcknOC8RqW0IATaCZNj5dQuwn7FMe21FXSGF7mz8yaK
+HQJq2ho/6LrxBG2UUVTiWrRZgx1g0C1zzAe1Joz518aIke+Az10PoWDLRdRCItGx
+cB390LcwkDrGSG1n5TLaj9vjqOMdICWiHOFMuaT2xj9cWA27xrJ3ARaRnxcGDbdA
+PsyPjpxL4J1+mx4Fq4gi+tMoG1cUZEo+JCw4TSFpAHMu0FUtdPIV6JRDPkAqxsa5
+alveoswYUFRdTiqFbPaSiykZfufqSuAiKyW892bPd5pBdPI8FA10afVQg83NLyHb
+IkaK0PdRGpVX8gWLGhntO0XoNsJufvtXIgAfBlOprpPGj3EqMUWS545t5pkiwIP8
+79xXZndPojYx+6ETjeXKo5V9AQxkcDtTQmiAx7udqAA1aZgMqGfYQ+Wqz5XgUZWk
+Fz9CnbgEztN5ecjTihYykuDXou7XN0wvrLh7vkX28RgznHs3piTZvECrAOnDN4ur
+2LbzXoFOsBRrBz4f7ML2RCKVu7Pmb9b5cGW6CoNlqg4TL4MTI1OLQBb6zi/8TQT4
+69isxTbCFVdIOOxVs7Qeuq3SQgYXDXPIV6a+lk2p8sD7eiEc9clwqYKQtfEM1HkQ
+voGm6VxhnHd5mqTDNyZXN8lSLPoI/9BfxmHA9Ha+/N5Oz6tRmXHH33701s8GVhkT
+UwttdFlIGZtTBS2dMlTT5SxTi2Q+1GR744AJFMz+FkZja3Fp+PnLJ/aIVLxFs84C
+yJTuQFv5QgLC/7DYLOsof17JJgGZpw==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: O=Thawte, OU=Thawte Universal CA Root, CN=Thawte Universal CA Root
+        Validity
+            Not Before: Dec  5 13:56:05 1999 GMT
+            Not After : Apr  3 13:56:05 2037 GMT
+        Subject: O=Thawte, OU=Thawte Universal CA Root, CN=Thawte Universal CA Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (16384 bit)
+                Modulus (16384 bit):
+                    00:e2:89:05:6d:c3:7f:ad:a6:89:3a:ff:bb:c7:cd:
+                    9d:37:b1:e1:d2:21:1e:9b:61:2a:15:e7:7b:57:4f:
+                    55:3c:d0:bb:f9:d9:3d:3e:a6:bc:ec:b4:ad:53:9a:
+                    16:02:eb:0b:72:fd:8a:f2:8f:44:05:c5:eb:d3:e5:
+                    bd:b6:44:39:e6:fb:47:bf:6a:9e:0a:95:18:e2:68:
+                    e2:d6:96:d6:21:ad:88:fd:f5:17:f5:d3:da:42:a5:
+                    90:ed:29:95:96:75:3a:da:87:a1:d4:f5:d3:87:de:
+                    05:62:a6:e3:66:74:92:cf:a5:bc:bb:df:68:ff:71:
+                    75:56:41:59:35:eb:33:5a:66:51:f2:d2:a3:0a:c1:
+                    8c:ce:73:5c:11:6f:2d:8c:95:8c:91:b1:fd:cf:e5:
+                    ad:56:95:cc:85:92:83:90:55:41:c9:c2:77:ed:f9:
+                    a3:74:42:0a:68:08:f3:d0:d1:65:fd:67:2c:34:ff:
+                    24:7f:e7:79:c8:07:3b:25:57:dd:a4:0c:98:3d:be:
+                    e0:cc:19:65:db:f2:54:a2:af:42:d4:9d:e2:ae:84:
+                    23:25:09:33:12:b5:6a:1e:76:c4:8b:d9:49:00:6c:
+                    5e:ba:1f:f2:1b:da:67:ca:27:aa:a3:44:23:1b:83:
+                    82:ce:f2:ab:33:ed:54:a4:dc:c9:ab:59:65:d1:38:
+                    0e:c1:3e:1b:67:8f:d6:75:01:e0:55:22:dd:76:77:
+                    ec:8e:dd:f4:cf:79:22:6d:b9:57:03:f5:99:08:a7:
+                    3c:3e:34:fb:c4:17:ae:23:58:cd:24:f3:23:ca:6a:
+                    02:28:94:01:81:34:b4:6c:6b:ae:8b:1a:c3:a3:d2:
+                    09:3c:16:54:f5:36:5f:24:e3:9f:4a:a1:e2:64:c6:
+                    16:c3:a6:81:7a:24:36:47:8e:c1:5e:0e:fb:f9:15:
+                    78:04:d6:0e:59:d9:9d:58:66:62:d2:94:29:32:32:
+                    c8:78:b9:66:f6:b5:56:e1:6c:c6:14:4b:96:52:59:
+                    91:02:24:6a:55:47:d7:3f:b6:23:1a:60:77:97:2e:
+                    e2:40:af:9e:04:57:9e:ad:11:c5:c9:43:70:ef:48:
+                    b4:5e:ac:1c:69:2e:2e:82:d5:5b:8b:be:82:be:19:
+                    14:5e:e7:0d:22:c7:51:1b:ff:1e:9b:f1:30:8f:71:
+                    31:06:b3:34:27:8f:5f:7a:66:82:4f:8a:2d:13:ab:
+                    42:cf:21:56:9e:97:8e:66:36:0f:96:9b:e5:2b:f4:
+                    02:a9:2a:6a:8c:2c:c4:c3:b8:70:2c:2d:29:1e:3f:
+                    50:77:1e:6d:2a:54:e4:55:0a:91:38:a1:c5:b5:66:
+                    a2:76:5a:ee:0f:bf:b4:67:e1:28:6e:0f:e1:36:a1:
+                    82:d1:bf:d4:77:e1:c4:67:32:93:78:c8:e7:54:53:
+                    fe:23:79:e6:68:cc:26:90:f6:10:63:5d:2a:6f:91:
+                    2d:a4:73:32:51:21:f2:bb:15:df:aa:24:08:48:06:
+                    de:a1:9e:26:bf:ba:83:bf:7c:a4:c8:a0:8c:bd:d2:
+                    ff:bc:84:69:27:13:24:18:c4:45:18:23:26:5e:18:
+                    14:ca:2e:88:87:62:a3:53:e6:21:b7:b8:85:7b:9a:
+                    85:bb:15:26:72:f8:b9:f7:6a:74:0f:49:3f:92:be:
+                    a9:05:b7:99:27:bf:bf:09:17:4b:99:4c:ad:11:10:
+                    7c:df:74:31:f6:8f:26:5f:aa:88:ae:38:57:c8:55:
+                    2d:d3:fb:d8:1b:51:99:be:25:1b:3a:ba:c0:7d:1b:
+                    ed:ce:d2:49:b9:cf:f3:c5:7d:89:90:81:d8:69:48:
+                    20:10:a3:f8:ef:92:51:18:32:8b:11:18:c0:3f:1b:
+                    85:56:ce:57:c9:f2:82:64:c6:df:02:09:2e:4a:11:
+                    2f:b1:27:6d:37:52:f0:f0:16:61:f1:67:8d:df:87:
+                    72:af:87:da:cf:fb:50:94:6e:d4:94:85:eb:8a:2c:
+                    ea:21:f5:96:4a:44:d5:e0:ce:6a:74:44:4d:d0:05:
+                    d3:87:15:ed:36:d0:a4:8b:66:55:70:93:ee:47:06:
+                    c1:7e:2e:a5:18:79:67:f3:28:85:f1:70:f7:0e:83:
+                    a4:7e:54:9e:5a:76:32:cb:65:1b:b8:cd:fb:c8:28:
+                    03:d2:54:91:d1:a7:c5:85:43:08:17:76:a5:e6:2f:
+                    67:08:d8:a1:a2:82:2d:0c:f8:c1:af:63:d4:50:77:
+                    6d:6b:46:4a:41:85:d5:90:5f:79:2d:c4:ec:d7:11:
+                    87:40:8a:e1:68:e2:64:f8:55:32:fb:6f:93:2c:da:
+                    77:d9:21:c1:17:e5:36:2c:4e:7e:90:7f:ac:94:2b:
+                    32:67:be:38:50:76:b8:ae:41:b9:d7:21:c5:09:4c:
+                    60:c8:a3:51:c4:34:9b:57:37:df:cb:c9:33:57:8b:
+                    eb:fb:76:9f:19:4d:c5:6a:1f:2a:45:ae:2b:ed:2f:
+                    8d:a7:a5:00:cb:04:fa:25:62:2e:74:48:1b:ca:2a:
+                    8c:ba:db:b6:7e:f6:bb:02:7c:a9:c3:db:58:78:a1:
+                    bf:f0:fe:1a:10:55:11:ce:e8:69:4e:96:65:c6:17:
+                    03:d6:07:68:8c:54:82:ae:1c:22:55:3f:f1:f4:09:
+                    97:28:c0:46:f7:4e:0b:25:1d:f7:07:d7:09:1d:3a:
+                    18:57:38:3b:e8:33:06:e7:8f:78:46:1e:5b:f5:06:
+                    b6:ec:b8:a6:0d:f1:ba:13:4b:d6:18:20:dd:69:33:
+                    4a:33:15:ae:b8:c8:98:8a:27:2c:93:bc:2d:fb:ee:
+                    33:bf:66:e6:4d:ba:b6:9b:06:55:60:97:4b:bc:44:
+                    cd:7e:f4:a1:d8:aa:2f:c0:02:28:21:16:62:78:db:
+                    08:54:f2:fc:f4:34:e3:c6:8f:1c:43:57:ce:90:1a:
+                    4b:dc:2e:3b:28:91:89:3f:7a:da:35:1d:8e:2c:ee:
+                    49:ec:f4:33:ad:c9:53:a8:8c:9f:04:53:3e:24:1c:
+                    52:c9:12:f9:62:57:a3:bc:ee:2c:eb:40:7c:20:23:
+                    70:2b:95:f9:73:17:8a:d1:c1:1c:69:a6:b7:38:9a:
+                    67:f7:70:1d:7a:5a:0c:40:cf:62:0f:85:3c:c2:02:
+                    4e:7e:b5:f6:c5:2a:29:84:b3:1f:37:2a:e1:aa:72:
+                    42:c4:ed:6b:1a:8f:92:1c:5d:be:d1:f2:5b:f2:ab:
+                    aa:a9:d2:f5:b8:a4:41:2b:2b:91:6e:12:48:ca:98:
+                    d8:37:8d:c8:ed:00:30:b5:b6:04:4e:7e:9c:da:84:
+                    ec:c0:fa:7b:e5:1d:88:a4:53:46:b0:94:e4:5c:1b:
+                    a1:25:2c:0f:48:52:77:97:09:6c:ec:5b:18:33:83:
+                    02:e5:82:7e:cd:85:21:30:11:fd:27:4f:cf:e4:1e:
+                    ec:3f:a5:57:6c:e9:2a:30:19:2a:88:e5:c3:69:38:
+                    ab:6f:39:71:7f:84:e1:41:c3:e1:cc:2a:89:20:52:
+                    2e:83:0f:6c:39:3f:4b:2d:16:ac:2d:f0:24:ac:00:
+                    73:f4:9b:b3:06:3f:05:b8:14:85:1f:ab:9e:5c:3c:
+                    9e:62:9d:0e:6d:3b:80:09:fc:02:ea:a2:97:74:ca:
+                    c7:f9:e3:56:e1:c3:ca:a5:a6:9a:c0:90:e0:24:12:
+                    53:d2:c2:8b:da:be:ed:02:43:5e:67:e1:89:98:79:
+                    ee:cb:aa:ca:c3:1b:dc:e7:a5:46:a5:7c:6b:16:87:
+                    b6:5a:28:d7:db:27:3c:5e:a5:bd:b6:51:dd:1f:43:
+                    cf:3b:26:c8:3a:8d:25:61:c1:49:f4:3c:1b:c9:44:
+                    ea:af:1c:c2:2b:94:01:2a:0e:30:d1:5b:8b:2b:47:
+                    e5:c3:d1:04:03:9b:0e:39:2c:d6:27:d4:e6:70:5a:
+                    d9:75:cf:2a:d8:c9:00:05:e4:13:88:ec:c3:39:fb:
+                    87:61:30:36:43:03:c8:9e:9c:a2:06:c2:2f:c5:fc:
+                    f0:80:63:b1:54:04:a0:4c:a9:2e:c6:f5:76:7a:d8:
+                    d0:e4:d4:94:11:e5:15:b5:78:06:dc:b8:80:8f:99:
+                    a9:20:33:3d:10:85:4c:65:09:ca:3e:58:5e:60:93:
+                    9a:aa:62:5d:c0:51:06:1c:5d:60:a0:0d:9c:4b:43:
+                    f6:a7:16:21:a4:87:aa:f2:c1:2e:ee:92:30:b8:9e:
+                    df:df:10:01:8b:86:09:70:d8:6c:a8:b7:50:1e:16:
+                    96:b4:f7:67:fd:35:3a:21:90:2a:32:c7:00:7b:4d:
+                    07:10:09:b9:2f:73:d8:18:7e:67:99:04:4f:06:fc:
+                    50:c7:85:9b:9d:40:9d:b3:96:37:fa:a5:dc:b2:72:
+                    4e:ef:4e:09:2c:fd:91:fd:4d:f7:bb:a6:a1:3e:ab:
+                    7b:a2:03:40:a6:a9:55:27:e2:fa:f9:19:ce:87:75:
+                    aa:f1:75:36:f3:f3:b8:91:f8:91:c3:8b:75:13:8e:
+                    4c:65:9a:16:39:6a:e5:34:e8:7a:96:59:7f:35:b0:
+                    00:fd:5b:69:fc:43:26:fa:f5:28:6e:fe:87:d9:7e:
+                    24:fb:b4:a0:82:6e:54:a2:ff:ae:bf:62:b4:f4:72:
+                    01:c2:cb:98:47:98:e1:4c:b5:17:80:80:ce:8f:a6:
+                    28:ee:1e:45:6a:fb:df:f1:1d:fc:5a:3b:d6:ea:f4:
+                    6c:1d:62:49:57:3b:8a:8f:86:ea:f0:53:04:ce:9c:
+                    16:68:ff:ba:b9:fc:88:0f:47:f7:02:44:72:40:b8:
+                    ca:3b:2d:53:9d:dc:3c:56:8c:59:7b:68:1a:2c:8d:
+                    71:bb:6c:00:c7:1a:ce:6f:40:92:b1:a3:2f:0f:d9:
+                    44:f2:a3:70:2e:9e:ee:0e:ae:32:d0:3b:3e:8b:07:
+                    ea:e6:79:b3:5c:29:e2:7d:6b:a8:5e:f9:5a:31:e8:
+                    08:96:a2:8c:03:98:46:f1:b8:7d:90:54:26:ed:76:
+                    62:fe:9e:e9:9a:6e:5e:c9:49:c7:5c:34:53:29:54:
+                    d9:ec:e4:46:e1:80:3b:75:d9:df:fb:79:d5:87:f1:
+                    ba:9e:eb:19:ce:4c:52:73:e6:5b:87:ae:25:4f:39:
+                    79:cc:c6:b8:f9:10:7b:ec:f0:9b:71:a4:05:a0:d3:
+                    29:d3:4e:7f:1f:f4:2d:28:78:cc:55:95:7b:1e:91:
+                    2f:cc:56:18:73:8b:b2:db:bc:69:07:e6:d0:d8:4f:
+                    ed:a2:ff:58:85:a3:6d:e0:4a:53:b7:67:7d:8d:0c:
+                    5c:5b:7b:77:28:02:35:44:7a:04:d3:28:43:c8:6b:
+                    30:17:5d:32:b8:29:35:ba:76:da:3b:14:4a:76:18:
+                    58:a4:f8:92:3c:9e:4d:33:6f:46:6b:08:d9:31:48:
+                    68:dd:f4:fb:24:56:34:b2:cf:69:66:be:48:d2:8a:
+                    66:22:cd:f2:69:cd:c2:53:13:45:29:41:22:d6:5d:
+                    98:1f:b6:a4:b2:a3:c2:ee:02:2f:51:1b:dc:83:a4:
+                    ec:70:25:a8:d4:08:61:32:6f:e4:a1:81:2e:7c:63:
+                    72:fa:29:65:bc:70:44:cf:5d
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        55:9a:34:6a:22:06:69:09:45:33:c7:ae:a9:5c:c7:09:4e:9b:
+        86:bc:41:90:d4:94:52:f6:cd:23:29:94:4b:22:cd:e8:bd:fe:
+        9d:cd:52:f2:bd:ed:ab:87:c9:ab:ab:46:04:b4:bd:a2:3f:22:
+        30:47:50:c0:4b:8c:76:0f:03:f5:92:d2:b1:2d:c4:7a:35:9c:
+        c9:73:87:eb:a6:9f:de:0f:73:8d:d3:7f:99:d8:ba:8f:6f:c4:
+        f3:be:1a:ae:8b:a2:94:36:90:e2:e5:eb:8d:05:f4:fc:65:df:
+        95:f1:c4:94:4d:17:56:d7:9f:3c:8f:50:3c:e7:77:bf:95:86:
+        26:64:fb:6a:ff:c6:da:e9:8c:ae:42:bb:69:e5:33:c6:d8:e9:
+        0d:c6:55:21:49:c1:0c:b4:a3:f9:9b:4b:5c:de:83:4f:41:03:
+        ce:2a:79:68:38:7d:f0:54:49:20:f5:b6:10:ff:08:dc:33:66:
+        96:9b:ff:06:de:00:9e:d7:ce:56:43:9a:51:fc:70:cd:f6:f0:
+        51:a3:b7:cd:b4:5c:85:62:cd:71:b7:c6:2b:23:2b:dd:c3:6e:
+        40:42:fa:37:ff:37:1c:f6:7a:57:94:87:85:23:d7:d4:c9:c7:
+        5f:c1:4d:2f:c9:0d:d7:5c:ec:9c:25:ee:9e:30:82:91:96:72:
+        b8:75:1d:f8:09:68:57:97:b2:2d:4b:ee:25:ec:7a:24:29:ee:
+        72:d4:9c:13:db:ab:dc:03:0a:d8:4a:14:c9:08:57:44:5d:a1:
+        b5:53:80:34:f2:14:97:cf:52:de:a2:0e:8a:10:e9:14:ef:d0:
+        60:be:61:a1:f1:25:5d:d5:18:73:3f:93:10:ca:96:ee:b3:40:
+        d2:db:a3:55:cf:57:5a:a5:0e:4f:75:47:df:ea:f7:90:9a:6d:
+        f5:70:2e:1d:14:1c:37:64:04:59:50:b0:dc:72:86:6f:9c:37:
+        3d:5d:28:af:73:55:ef:d2:ee:24:74:74:13:ef:dc:db:31:49:
+        fb:3f:63:f5:d3:08:3e:33:a5:e7:9d:0a:de:53:2c:51:8e:67:
+        db:9b:41:65:41:50:bd:d4:a4:96:6c:87:bc:12:e0:94:c7:d3:
+        c0:e4:cb:73:58:00:83:e1:ac:27:85:d6:9d:53:9d:5c:bd:0a:
+        3e:03:43:9c:0c:91:f5:6d:7b:f8:40:72:75:ab:11:76:91:2b:
+        e1:c6:aa:1f:70:69:76:70:15:09:fe:93:d0:d6:2d:b7:15:6a:
+        9b:67:5c:b4:69:9f:25:a6:7d:8a:fb:7d:22:a9:71:f2:ce:4e:
+        8c:b8:21:2d:de:fe:41:71:0d:ff:9d:ec:73:a6:bb:07:4f:88:
+        0e:58:47:2e:7e:a9:c2:c7:78:dd:ba:7a:9e:4e:e0:30:4e:63:
+        6f:85:d4:20:41:e9:fa:fe:43:45:e7:fb:af:7a:b2:ce:a4:05:
+        1d:22:9a:58:86:df:e4:ce:4c:a9:fe:d8:16:a5:6f:fb:d8:ce:
+        56:7b:f5:d6:20:ef:e4:47:cd:63:24:ff:b9:be:f1:48:a3:c1:
+        01:72:e6:bd:c0:ad:ed:26:0d:ca:34:9f:fc:02:2d:20:4f:05:
+        20:ae:21:3d:0c:c2:20:3c:3f:f0:04:84:dc:cf:89:fd:b9:25:
+        91:8e:d0:43:e6:b3:20:ab:5c:2d:d5:40:9e:a0:4b:d8:f4:b2:
+        cc:7d:f1:58:0a:8e:87:ed:88:ac:36:96:e4:56:a0:11:8a:f2:
+        9a:d0:b3:57:a3:34:bb:19:ab:38:e1:74:6b:22:c4:31:ce:01:
+        d5:1b:36:e3:1e:38:4c:33:93:df:40:e3:59:57:4e:ac:6e:7b:
+        1e:5a:3d:c5:1d:5b:ac:c8:10:82:35:02:22:b2:fc:75:e8:10:
+        91:8d:c4:7d:78:93:47:9e:1c:9d:ac:6b:62:02:58:8c:d6:1c:
+        23:d6:af:78:c2:80:9c:a4:aa:24:54:14:b5:14:98:c6:f8:2b:
+        1a:24:cb:71:32:0a:e2:9b:0e:69:6b:dd:7e:8c:64:d1:2e:63:
+        ef:0e:7f:b1:3e:88:4c:9d:55:e5:c9:6e:17:04:b7:41:ff:bd:
+        8a:41:cb:25:31:6f:44:77:3f:47:b1:fc:81:88:07:8e:05:49:
+        20:b7:11:d9:69:03:2a:03:9d:b9:33:84:9a:df:df:7a:e3:46:
+        73:a3:d8:a2:8c:53:19:88:55:4c:74:b8:f6:44:84:2b:d1:14:
+        2d:4e:39:2e:92:68:ff:69:fc:85:62:1b:eb:55:4f:ef:25:84:
+        62:45:99:d6:d8:4e:6f:3f:53:08:7d:1d:06:95:81:80:7f:4f:
+        4e:74:36:98:b5:e2:87:70:98:dc:d7:f5:dc:52:15:e6:c6:d6:
+        79:96:39:7f:8f:95:cf:ab:80:53:ad:1b:0b:45:40:0e:d4:18:
+        bd:2c:de:8a:77:76:fd:f2:44:47:c6:21:d0:e4:74:f0:d8:18:
+        05:c8:7c:30:72:c7:df:f1:bb:fc:02:30:a9:f4:42:26:59:0d:
+        93:05:82:a1:73:ed:34:e5:38:5d:cd:50:90:fe:94:fc:13:bc:
+        bd:fc:a8:a2:88:a7:73:c4:b2:a8:d1:5d:88:c4:02:a2:7a:f1:
+        04:c9:fe:8c:74:c9:ef:1d:64:41:9f:ac:1e:96:67:64:ac:ab:
+        28:41:c7:9d:f7:c0:98:1b:6e:07:c2:64:7d:5a:83:66:56:28:
+        36:9c:e7:fb:1c:77:0e:28:a0:c4:f7:6b:79:39:04:20:84:c7:
+        57:93:bc:1b:a0:ea:bc:eb:42:e5:a8:11:fe:fc:ac:65:cc:fd:
+        f8:28:88:f4:a5:9a:e5:73:51:e0:a8:9b:0d:03:77:4e:e5:e0:
+        98:b3:88:da:7d:e6:c6:9e:7c:14:66:c1:2e:53:4a:92:07:37:
+        a0:7e:e9:3d:09:e4:15:7c:cf:fd:b8:41:a5:ef:9e:66:9d:c4:
+        5e:07:1d:87:f8:41:ad:ea:e7:2f:d2:41:63:18:37:f9:14:e3:
+        4d:d0:e5:f7:43:fd:15:e3:f9:36:73:06:26:df:01:4f:a9:c3:
+        4e:de:20:46:77:98:b4:7a:24:2b:3b:75:2b:4e:58:8d:9b:5d:
+        a4:c7:16:a0:bc:32:88:3f:a1:83:f3:00:c8:f8:d8:58:e9:63:
+        5d:4c:2b:b5:f0:72:41:d8:ab:77:37:d6:72:74:ae:b6:36:9c:
+        c8:a6:83:49:4b:e0:c9:56:0b:29:be:00:30:cb:dd:d6:c8:42:
+        8a:00:d9:ec:15:d1:34:71:f2:5b:64:87:f6:27:d2:b7:eb:86:
+        b0:90:bf:29:db:21:9e:36:8c:e3:20:2f:95:23:51:6c:1b:c2:
+        a4:d5:e6:d8:02:43:67:a0:fe:9b:50:03:44:7f:bb:e4:72:d5:
+        d1:e4:da:8f:92:14:64:fb:5d:14:10:12:4a:95:06:c9:65:08:
+        29:ca:21:a3:26:38:11:c9:27:df:70:67:04:fd:ca:48:32:7f:
+        63:b2:45:74:31:50:4f:87:d9:20:70:d2:21:70:b1:d6:10:9d:
+        33:5d:78:83:91:6d:55:82:ec:da:e4:62:63:c7:81:46:d7:19:
+        65:72:2a:43:19:90:b8:d7:23:4d:4c:1c:e0:44:a9:66:67:ac:
+        ee:71:79:27:26:78:6d:72:0e:f5:5d:4b:23:b5:7c:7c:65:e9:
+        17:c6:3a:0b:0d:dd:5e:1e:51:c3:86:b8:ec:7f:c7:27:4a:a5:
+        46:e8:6a:2d:19:c1:87:a3:cb:99:93:87:64:a2:55:14:4c:b7:
+        43:a5:93:d7:e7:d2:4e:79:40:ca:65:99:46:3d:3f:7a:80:7a:
+        88:6a:cc:1e:e5:6b:33:46:f4:50:c0:d5:1f:09:b8:cd:8a:2e:
+        a1:27:eb:5d:73:a7:e8:6b:0a:e5:57:82:2a:b0:fc:e2:54:52:
+        56:f0:ab:a9:12:c6:23:96:07:24:9c:e0:bc:46:a5:b4:20:04:
+        da:09:93:63:e5:d4:2e:c2:7e:c5:31:ed:b5:15:74:86:17:b9:
+        b3:f3:26:8a:1d:02:6a:da:1a:3f:e8:ba:f1:04:6d:94:51:54:
+        e2:5a:b4:59:83:1d:60:d0:2d:73:cc:07:b5:26:8c:f9:d7:c6:
+        88:91:ef:80:cf:5d:0f:a1:60:cb:45:d4:42:22:d1:b1:70:1d:
+        fd:d0:b7:30:90:3a:c6:48:6d:67:e5:32:da:8f:db:e3:a8:e3:
+        1d:20:25:a2:1c:e1:4c:b9:a4:f6:c6:3f:5c:58:0d:bb:c6:b2:
+        77:01:16:91:9f:17:06:0d:b7:40:3e:cc:8f:8e:9c:4b:e0:9d:
+        7e:9b:1e:05:ab:88:22:fa:d3:28:1b:57:14:64:4a:3e:24:2c:
+        38:4d:21:69:00:73:2e:d0:55:2d:74:f2:15:e8:94:43:3e:40:
+        2a:c6:c6:b9:6a:5b:de:a2:cc:18:50:54:5d:4e:2a:85:6c:f6:
+        92:8b:29:19:7e:e7:ea:4a:e0:22:2b:25:bc:f7:66:cf:77:9a:
+        41:74:f2:3c:14:0d:74:69:f5:50:83:cd:cd:2f:21:db:22:46:
+        8a:d0:f7:51:1a:95:57:f2:05:8b:1a:19:ed:3b:45:e8:36:c2:
+        6e:7e:fb:57:22:00:1f:06:53:a9:ae:93:c6:8f:71:2a:31:45:
+        92:e7:8e:6d:e6:99:22:c0:83:fc:ef:dc:57:66:77:4f:a2:36:
+        31:fb:a1:13:8d:e5:ca:a3:95:7d:01:0c:64:70:3b:53:42:68:
+        80:c7:bb:9d:a8:00:35:69:98:0c:a8:67:d8:43:e5:aa:cf:95:
+        e0:51:95:a4:17:3f:42:9d:b8:04:ce:d3:79:79:c8:d3:8a:16:
+        32:92:e0:d7:a2:ee:d7:37:4c:2f:ac:b8:7b:be:45:f6:f1:18:
+        33:9c:7b:37:a6:24:d9:bc:40:ab:00:e9:c3:37:8b:ab:d8:b6:
+        f3:5e:81:4e:b0:14:6b:07:3e:1f:ec:c2:f6:44:22:95:bb:b3:
+        e6:6f:d6:f9:70:65:ba:0a:83:65:aa:0e:13:2f:83:13:23:53:
+        8b:40:16:fa:ce:2f:fc:4d:04:f8:eb:d8:ac:c5:36:c2:15:57:
+        48:38:ec:55:b3:b4:1e:ba:ad:d2:42:06:17:0d:73:c8:57:a6:
+        be:96:4d:a9:f2:c0:fb:7a:21:1c:f5:c9:70:a9:82:90:b5:f1:
+        0c:d4:79:10:be:81:a6:e9:5c:61:9c:77:79:9a:a4:c3:37:26:
+        57:37:c9:52:2c:fa:08:ff:d0:5f:c6:61:c0:f4:76:be:fc:de:
+        4e:cf:ab:51:99:71:c7:df:7e:f4:d6:cf:06:56:19:13:53:0b:
+        6d:74:59:48:19:9b:53:05:2d:9d:32:54:d3:e5:2c:53:8b:64:
+        3e:d4:64:7b:e3:80:09:14:cc:fe:16:46:63:6b:71:69:f8:f9:
+        cb:27:f6:88:54:bc:45:b3:ce:02:c8:94:ee:40:5b:f9:42:02:
+        c2:ff:b0:d8:2c:eb:28:7f:5e:c9:26:01:99:a7
+
+UPS Document Exchange by DST
+============================
+MD5 Fingerprint: 78:A5:FB:10:4B:E4:63:2E:D2:6B:FB:F2:B6:C2:4B:8E
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIID+DCCAuACEQDQHkCLAAACfAAAAAcAAAABMA0GCSqGSIb3DQEBBQUAMIG5MQsw
+CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEeMBwGA1UE
+CxMVVW5pdGVkIFBhcmNlbCBTZXJ2aWNlMRkwFwYDVQQDExBEU1QgKFVQUykgUm9v
+dENBMSEwHwYJKoZIhvcNAQkBFhJjYUBkaWdzaWd0cnVzdC5jb20wHhcNOTgxMjEw
+MDAyNTQ2WhcNMDgxMjA3MDAyNTQ2WjCBuTELMAkGA1UEBhMCdXMxDTALBgNVBAgT
+BFV0YWgxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MSQwIgYDVQQKExtEaWdpdGFs
+IFNpZ25hdHVyZSBUcnVzdCBDby4xHjAcBgNVBAsTFVVuaXRlZCBQYXJjZWwgU2Vy
+dmljZTEZMBcGA1UEAxMQRFNUIChVUFMpIFJvb3RDQTEhMB8GCSqGSIb3DQEJARYS
+Y2FAZGlnc2lndHJ1c3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA7xfsrynm2SsnwNt7JJ9m9ASjwq0KyrDNhCuqN/OAoWDvQo/lXXdfV0JU3Svb
+YbJxXpN7b1/rJCvnpPLr8XOzC431Wdcy36yQjk4xuiVNtgym8eWvDOHlb1IDFcHf
+vn5KpqYYRnA/76dNqNz1dNlhekA8oZQo6sKUiMs3FQUZPJViuhwt+yiM0ciekjxb
+EVQ7eNlHO5stSuY+e2vf9PYFzyj2upg2AJ48N4UKnN63pIXFY/23YhRtFx7MioCF
+QjIRsCHinXfJgBZBnuvlFIl/t8O8T8Gfh5uW7GP2+ZBWDpWjIwqMZNqbuxx3sExd
+5sjo9X15LVckP8zjPSyYzxKfFwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQC7OI4E
+IiZYDiFEVsy9WXwpaMtcD8iGVD+BeKetj8xG9xxUuHktW3IFaugh0OwdHf6kNFG+
+7u3OzJwWaOJddXMIQzGRahArEMJLafjJrZio/bjv9qvwXyHvy4VrCe0vSGa1YHLA
+6KDHmNsO9xtzjTQICnvFd2KqMCObsB6LgJhU3AWHs6liWfyLtxWarETszzUa9w8u
+XZJLAch77qA37eQdgg2ZQUMXrdTVyuP5fReiAdAwD0C53LkEgmmDtvkP+gaS96j0
+1hcc8F5/xCnI5uHi/zZoIVGu/6m6hJKtinsz2JDSwXltMzM5dKwbOHGfLAeQ6h3g
+04lfy+8UjSdUpb1G
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            d0:1e:40:8b:00:00:02:7c:00:00:00:07:00:00:00:01
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=United Parcel Service, CN=DST (UPS) RootCA/Email=ca@digsigtrust.com
+        Validity
+            Not Before: Dec 10 00:25:46 1998 GMT
+            Not After : Dec  7 00:25:46 2008 GMT
+        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=United Parcel Service, CN=DST (UPS) RootCA/Email=ca@digsigtrust.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ef:17:ec:af:29:e6:d9:2b:27:c0:db:7b:24:9f:
+                    66:f4:04:a3:c2:ad:0a:ca:b0:cd:84:2b:aa:37:f3:
+                    80:a1:60:ef:42:8f:e5:5d:77:5f:57:42:54:dd:2b:
+                    db:61:b2:71:5e:93:7b:6f:5f:eb:24:2b:e7:a4:f2:
+                    eb:f1:73:b3:0b:8d:f5:59:d7:32:df:ac:90:8e:4e:
+                    31:ba:25:4d:b6:0c:a6:f1:e5:af:0c:e1:e5:6f:52:
+                    03:15:c1:df:be:7e:4a:a6:a6:18:46:70:3f:ef:a7:
+                    4d:a8:dc:f5:74:d9:61:7a:40:3c:a1:94:28:ea:c2:
+                    94:88:cb:37:15:05:19:3c:95:62:ba:1c:2d:fb:28:
+                    8c:d1:c8:9e:92:3c:5b:11:54:3b:78:d9:47:3b:9b:
+                    2d:4a:e6:3e:7b:6b:df:f4:f6:05:cf:28:f6:ba:98:
+                    36:00:9e:3c:37:85:0a:9c:de:b7:a4:85:c5:63:fd:
+                    b7:62:14:6d:17:1e:cc:8a:80:85:42:32:11:b0:21:
+                    e2:9d:77:c9:80:16:41:9e:eb:e5:14:89:7f:b7:c3:
+                    bc:4f:c1:9f:87:9b:96:ec:63:f6:f9:90:56:0e:95:
+                    a3:23:0a:8c:64:da:9b:bb:1c:77:b0:4c:5d:e6:c8:
+                    e8:f5:7d:79:2d:57:24:3f:cc:e3:3d:2c:98:cf:12:
+                    9f:17
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        bb:38:8e:04:22:26:58:0e:21:44:56:cc:bd:59:7c:29:68:cb:
+        5c:0f:c8:86:54:3f:81:78:a7:ad:8f:cc:46:f7:1c:54:b8:79:
+        2d:5b:72:05:6a:e8:21:d0:ec:1d:1d:fe:a4:34:51:be:ee:ed:
+        ce:cc:9c:16:68:e2:5d:75:73:08:43:31:91:6a:10:2b:10:c2:
+        4b:69:f8:c9:ad:98:a8:fd:b8:ef:f6:ab:f0:5f:21:ef:cb:85:
+        6b:09:ed:2f:48:66:b5:60:72:c0:e8:a0:c7:98:db:0e:f7:1b:
+        73:8d:34:08:0a:7b:c5:77:62:aa:30:23:9b:b0:1e:8b:80:98:
+        54:dc:05:87:b3:a9:62:59:fc:8b:b7:15:9a:ac:44:ec:cf:35:
+        1a:f7:0f:2e:5d:92:4b:01:c8:7b:ee:a0:37:ed:e4:1d:82:0d:
+        99:41:43:17:ad:d4:d5:ca:e3:f9:7d:17:a2:01:d0:30:0f:40:
+        b9:dc:b9:04:82:69:83:b6:f9:0f:fa:06:92:f7:a8:f4:d6:17:
+        1c:f0:5e:7f:c4:29:c8:e6:e1:e2:ff:36:68:21:51:ae:ff:a9:
+        ba:84:92:ad:8a:7b:33:d8:90:d2:c1:79:6d:33:33:39:74:ac:
+        1b:38:71:9f:2c:07:90:ea:1d:e0:d3:89:5f:cb:ef:14:8d:27:
+        54:a5:bd:46
+
+ValiCert Class 1 VA
+===================
+MD5 Fingerprint: 65:58:AB:15:AD:57:6C:1E:A8:A7:B5:69:AC:BF:FF:EB
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIyMjM0OFoXDTE5MDYy
+NTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9Y
+LqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+
+TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8Y
+TfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0
+LBwGlN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLW
+I8sogTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw
+nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
+        Validity
+            Not Before: Jun 25 22:23:48 1999 GMT
+            Not After : Jun 25 22:23:48 2019 GMT
+        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d8:59:82:7a:89:b8:96:ba:a6:2f:68:6f:58:2e:
+                    a7:54:1c:06:6e:f4:ea:8d:48:bc:31:94:17:f0:f3:
+                    4e:bc:b2:b8:35:92:76:b0:d0:a5:a5:01:d7:00:03:
+                    12:22:19:08:f8:ff:11:23:9b:ce:07:f5:bf:69:1a:
+                    26:fe:4e:e9:d1:7f:9d:2c:40:1d:59:68:6e:a6:f8:
+                    58:b0:9d:1a:8f:d3:3f:f1:dc:19:06:81:a8:0e:e0:
+                    3a:dd:c8:53:45:09:06:e6:0f:70:c3:fa:40:a6:0e:
+                    e2:56:05:0f:18:4d:fc:20:82:d1:73:55:74:8d:76:
+                    72:a0:1d:9d:1d:c0:dd:3f:71
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        50:68:3d:49:f4:2c:1c:06:94:df:95:60:7f:96:7b:17:fe:4f:
+        71:ad:64:c8:dd:77:d2:ef:59:55:e8:3f:e8:8e:05:2a:21:f2:
+        07:d2:b5:a7:52:fe:9c:b1:b6:e2:5b:77:17:40:ea:72:d6:23:
+        cb:28:81:32:c3:00:79:18:ec:59:17:89:c9:c6:6a:1e:71:c9:
+        fd:b7:74:a5:25:45:69:c5:48:ab:19:e1:45:8a:25:6b:19:ee:
+        e5:bb:12:f5:7f:f7:a6:8d:51:c3:f0:9d:74:b7:a9:3e:a0:a5:
+        ff:b6:49:03:13:da:22:cc:ed:71:82:2b:99:cf:3a:b7:f5:2d:
+        72:c8
+
+ValiCert Class 2 VA
+===================
+MD5 Fingerprint: A9:23:75:9B:BA:49:36:6E:31:C2:DB:F2:E7:66:BA:87
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
+        Validity
+            Not Before: Jun 26 00:19:54 1999 GMT
+            Not After : Jun 26 00:19:54 2019 GMT
+        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ce:3a:71:ca:e5:ab:c8:59:92:55:d7:ab:d8:74:
+                    0e:f9:ee:d9:f6:55:47:59:65:47:0e:05:55:dc:eb:
+                    98:36:3c:5c:53:5d:d3:30:cf:38:ec:bd:41:89:ed:
+                    25:42:09:24:6b:0a:5e:b3:7c:dd:52:2d:4c:e6:d4:
+                    d6:7d:5a:59:a9:65:d4:49:13:2d:24:4d:1c:50:6f:
+                    b5:c1:85:54:3b:fe:71:e4:d3:5c:42:f9:80:e0:91:
+                    1a:0a:5b:39:36:67:f3:3f:55:7c:1b:3f:b4:5f:64:
+                    73:34:e3:b4:12:bf:87:64:f8:da:12:ff:37:27:c1:
+                    b3:43:bb:ef:7b:6e:2e:69:f7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        3b:7f:50:6f:6f:50:94:99:49:62:38:38:1f:4b:f8:a5:c8:3e:
+        a7:82:81:f6:2b:c7:e8:c5:ce:e8:3a:10:82:cb:18:00:8e:4d:
+        bd:a8:58:7f:a1:79:00:b5:bb:e9:8d:af:41:d9:0f:34:ee:21:
+        81:19:a0:32:49:28:f4:c4:8e:56:d5:52:33:fd:50:d5:7e:99:
+        6c:03:e4:c9:4c:fc:cb:6c:ab:66:b3:4a:21:8c:e5:b5:0c:32:
+        3e:10:b2:cc:6c:a1:dc:9a:98:4c:02:5b:f3:ce:b9:9e:a5:72:
+        0e:4a:b7:3f:3c:e6:16:68:f8:be:ed:74:4c:bc:5b:d5:62:1f:
+        43:dd
+
+ValiCert Class 3 VA
+===================
+MD5 Fingerprint: A2:6F:53:B7:EE:40:DB:4A:68:E7:FA:18:D9:10:4B:72
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy
+NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD
+cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs
+2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY
+JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE
+Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ
+n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
+PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
+        Validity
+            Not Before: Jun 26 00:22:33 1999 GMT
+            Not After : Jun 26 00:22:33 2019 GMT
+        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e3:98:51:96:1c:e8:d5:b1:06:81:6a:57:c3:72:
+                    75:93:ab:cf:9e:a6:fc:f3:16:52:d6:2d:4d:9f:35:
+                    44:a8:2e:04:4d:07:49:8a:38:29:f5:77:37:e7:b7:
+                    ab:5d:df:36:71:14:99:8f:dc:c2:92:f1:e7:60:92:
+                    97:ec:d8:48:dc:bf:c1:02:20:c6:24:a4:28:4c:30:
+                    5a:76:6d:b1:5c:f3:dd:de:9e:10:71:a1:88:c7:5b:
+                    9b:41:6d:ca:b0:b8:8e:15:ee:ad:33:2b:cf:47:04:
+                    5c:75:71:0a:98:24:98:29:a7:49:59:a5:dd:f8:b7:
+                    43:62:61:f3:d3:e2:d0:55:3f
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        56:bb:02:58:84:67:08:2c:df:1f:db:7b:49:33:f5:d3:67:9d:
+        f4:b4:0a:10:b3:c9:c5:2c:e2:92:6a:71:78:27:f2:70:83:42:
+        d3:3e:cf:a9:54:f4:f1:d8:92:16:8c:d1:04:cb:4b:ab:c9:9f:
+        45:ae:3c:8a:a9:b0:71:33:5d:c8:c5:57:df:af:a8:35:b3:7f:
+        89:87:e9:e8:25:92:b8:7f:85:7a:ae:d6:bc:1e:37:58:2a:67:
+        c9:91:cf:2a:81:3e:ed:c6:39:df:c0:3e:19:9c:19:cc:13:4d:
+        82:41:b5:8c:de:e0:3d:60:08:20:0f:45:7e:6b:a2:7f:a3:8c:
+        15:ee
+
+VeriSign Class 4 Primary CA
+===========================
+MD5 Fingerprint: 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
+9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
+IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
+O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
+g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
+yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:a6:00:00:01
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority
+        Validity
+            Not Before: Jan 29 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 1999 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d0:b2:75:f6:78:d0:ae:5a:50:f4:e9:50:a9:9f:
+                    8c:d7:ef:91:94:70:e8:d2:24:90:76:89:85:d6:df:
+                    ac:e6:01:17:32:80:f0:9d:93:47:bc:9a:65:9d:1f:
+                    97:ae:bf:e9:86:75:63:20:89:bd:80:58:9d:04:0c:
+                    9d:a8:c1:24:e9:0b:e5:31:78:bd:fc:2d:0c:37:6a:
+                    9e:78:80:e9:46:75:f9:ed:a3:fb:13:7b:c8:c1:4c:
+                    d2:a3:ef:f5:3c:b0:62:8f:4a:5d:3b:dd:95:67:8f:
+                    13:b9:c1:3c:d6:a7:26:9b:ec:c3:3b:7a:d9:4d:bc:
+                    6d:9b:e8:15:01:e3:f0:47:a9
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        53:dd:d3:f0:9c:24:7e:40:aa:e2:fc:00:1a:d7:da:0c:fc:32:
+        61:b8:15:0d:96:f3:fa:57:1b:7f:33:7c:af:e9:98:9a:61:c8:
+        7a:b3:b7:ff:b1:dc:99:83:dc:ac:12:fc:70:c9:1f:38:42:ed:
+        44:f6:80:2e:5b:6b:33:69:ac:9c:d3:5c:e7:5f:5a:18:c7:b1:
+        2d:79:04:96:41:91:99:41:b1:3c:0d:ba:84:39:c6:3b:97:f0:
+        26:c9:8e:ee:bd:cc:42:95:ff:1e:c7:02:3f:54:0c:78:f5:bc:
+        aa:60:7c:02:69:e8:dc:ac:e2:02:76:61:c4:3e:03:ea:d2:8a:
+        24:d1
+
+Verisign Class 1 Public Primary Certification Authority
+=======================================================
+MD5 Fingerprint: 97:60:E8:57:5F:D3:50:47:E5:43:0C:94:36:8A:B0:62
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICPTCCAaYCEQDNun9W8N/kvFT+IqyzcqpVMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0yODA4MDEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0N
+H8xlbgyw0FaEGIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR
+4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQBMP7iLxmjf7kMzDl3ppssHhE16M/+SG/Q2rdiVIjZo
+EWx8QszznC7EBz8UsA9P/5CSdvnivErpj82ggAr3xSnxgiJduLHdgSOjeyUVRjB5
+FvjqBUuUfx3CHMjjt/QQQDwTw18fU+hI5Ia0e6E1sHslurjTjqs/OJ0ANACY89Fx
+lA==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            cd:ba:7f:56:f0:df:e4:bc:54:fe:22:ac:b3:72:aa:55
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
+        Validity
+            Not Before: Jan 29 00:00:00 1996 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e5:19:bf:6d:a3:56:61:2d:99:48:71:f6:67:de:
+                    b9:8d:eb:b7:9e:86:80:0a:91:0e:fa:38:25:af:46:
+                    88:82:e5:73:a8:a0:9b:24:5d:0d:1f:cc:65:6e:0c:
+                    b0:d0:56:84:18:87:9a:06:9b:10:a1:73:df:b4:58:
+                    39:6b:6e:c1:f6:15:d5:a8:a8:3f:aa:12:06:8d:31:
+                    ac:7f:b0:34:d7:8f:34:67:88:09:cd:14:11:e2:4e:
+                    45:56:69:1f:78:02:80:da:dc:47:91:29:bb:36:c9:
+                    63:5c:c5:e0:d7:2d:87:7b:a1:b7:32:b0:7b:30:ba:
+                    2a:2f:31:aa:ee:a3:67:da:db
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        4c:3f:b8:8b:c6:68:df:ee:43:33:0e:5d:e9:a6:cb:07:84:4d:
+        7a:33:ff:92:1b:f4:36:ad:d8:95:22:36:68:11:6c:7c:42:cc:
+        f3:9c:2e:c4:07:3f:14:b0:0f:4f:ff:90:92:76:f9:e2:bc:4a:
+        e9:8f:cd:a0:80:0a:f7:c5:29:f1:82:22:5d:b8:b1:dd:81:23:
+        a3:7b:25:15:46:30:79:16:f8:ea:05:4b:94:7f:1d:c2:1c:c8:
+        e3:b7:f4:10:40:3c:13:c3:5f:1f:53:e8:48:e4:86:b4:7b:a1:
+        35:b0:7b:25:ba:b8:d3:8e:ab:3f:38:9d:00:34:00:98:f3:d1:
+        71:94
+
+Verisign Class 1 Public Primary Certification Authority - G2
+============================================================
+MD5 Fingerprint: F2:7D:E9:54:E4:A3:22:0D:76:9F:E7:0B:BB:B3:24:2B
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEDnKVIn+UCIy/jLZ2/sbhBkwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTE4MDUxODIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCq0Lq+Fi24g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYK
+VdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS65bdqlk/AVNtmU/t5eIqWpDBucSm
+Fc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U03EGI6glAvnOSPWvndQID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAIv3GhDOdlwHq4OZ3BeAbzQ5XZg+a3Is4cei
+e0ApuXiIukzFo2penm574/ICQQxmvq37rqIUzpLzojSLtLK2JPLl1eDI5WJthHvL
+vrsDi3xXyvA3qZCviu4Dvh0onNkmdqDNxJ1O8K4HFtW+r1cIatCgQkJCHvQgzKV4
+gpUmOIpH
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            39:ca:54:89:fe:50:22:32:fe:32:d9:db:fb:1b:84:19
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : May 18 23:59:59 2018 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:aa:d0:ba:be:16:2d:b8:83:d4:ca:d2:0f:bc:76:
+                    31:ca:94:d8:1d:93:8c:56:02:bc:d9:6f:1a:6f:52:
+                    36:6e:75:56:0a:55:d3:df:43:87:21:11:65:8a:7e:
+                    8f:bd:21:de:6b:32:3f:1b:84:34:95:05:9d:41:35:
+                    eb:92:eb:96:dd:aa:59:3f:01:53:6d:99:4f:ed:e5:
+                    e2:2a:5a:90:c1:b9:c4:a6:15:cf:c8:45:eb:a6:5d:
+                    8e:9c:3e:f0:64:24:76:a5:cd:ab:1a:6f:b6:d8:7b:
+                    51:61:6e:a6:7f:87:c8:e2:b7:e5:34:dc:41:88:ea:
+                    09:40:be:73:92:3d:6b:e7:75
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        8b:f7:1a:10:ce:76:5c:07:ab:83:99:dc:17:80:6f:34:39:5d:
+        98:3e:6b:72:2c:e1:c7:a2:7b:40:29:b9:78:88:ba:4c:c5:a3:
+        6a:5e:9e:6e:7b:e3:f2:02:41:0c:66:be:ad:fb:ae:a2:14:ce:
+        92:f3:a2:34:8b:b4:b2:b6:24:f2:e5:d5:e0:c8:e5:62:6d:84:
+        7b:cb:be:bb:03:8b:7c:57:ca:f0:37:a9:90:af:8a:ee:03:be:
+        1d:28:9c:d9:26:76:a0:cd:c4:9d:4e:f0:ae:07:16:d5:be:af:
+        57:08:6a:d0:a0:42:42:42:1e:f4:20:cc:a5:78:82:95:26:38:
+        8a:47
+
+Verisign Class 1 Public Primary Certification Authority - G3
+============================================================
+MD5 Fingerprint: B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4
+nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO
+8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV
+ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb
+PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2
+6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr
+n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a
+qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4
+wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3
+ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs
+pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4
+E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
+        Validity
+            Not Before: Oct  1 00:00:00 1999 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dd:84:d4:b9:b4:f9:a7:d8:f3:04:78:9c:de:3d:
+                    dc:6c:13:16:d9:7a:dd:24:51:66:c0:c7:26:59:0d:
+                    ac:06:08:c2:94:d1:33:1f:f0:83:35:1f:6e:1b:c8:
+                    de:aa:6e:15:4e:54:27:ef:c4:6d:1a:ec:0b:e3:0e:
+                    f0:44:a5:57:c7:40:58:1e:a3:47:1f:71:ec:60:f6:
+                    6d:94:c8:18:39:ed:fe:42:18:56:df:e4:4c:49:10:
+                    78:4e:01:76:35:63:12:36:dd:66:bc:01:04:36:a3:
+                    55:68:d5:a2:36:09:ac:ab:21:26:54:06:ad:3f:ca:
+                    14:e0:ac:ca:ad:06:1d:95:e2:f8:9d:f1:e0:60:ff:
+                    c2:7f:75:2b:4c:cc:da:fe:87:99:21:ea:ba:fe:3e:
+                    54:d7:d2:59:78:db:3c:6e:cf:a0:13:00:1a:b8:27:
+                    a1:e4:be:67:96:ca:a0:c5:b3:9c:dd:c9:75:9e:eb:
+                    30:9a:5f:a3:cd:d9:ae:78:19:3f:23:e9:5c:db:29:
+                    bd:ad:55:c8:1b:54:8c:63:f6:e8:a6:ea:c7:37:12:
+                    5c:a3:29:1e:02:d9:db:1f:3b:b4:d7:0f:56:47:81:
+                    15:04:4a:af:83:27:d1:c5:58:88:c1:dd:f6:aa:a7:
+                    a3:18:da:68:aa:6d:11:51:e1:bf:65:6b:9f:96:76:
+                    d1:3d
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        ab:66:8d:d7:b3:ba:c7:9a:b6:e6:55:d0:05:f1:9f:31:8d:5a:
+        aa:d9:aa:46:26:0f:71:ed:a5:ad:53:56:62:01:47:2a:44:e9:
+        fe:3f:74:0b:13:9b:b9:f4:4d:1b:b2:d1:5f:b2:b6:d2:88:5c:
+        b3:9f:cd:cb:d4:a7:d9:60:95:84:3a:f8:c1:37:1d:61:ca:e7:
+        b0:c5:e5:91:da:54:a6:ac:31:81:ae:97:de:cd:08:ac:b8:c0:
+        97:80:7f:6e:72:a4:e7:69:13:95:65:1f:c4:93:3c:fd:79:8f:
+        04:d4:3e:4f:ea:f7:9e:ce:cd:67:7c:4f:65:02:ff:91:85:54:
+        73:c7:ff:36:f7:86:2d:ec:d0:5e:4f:ff:11:9f:72:06:d6:b8:
+        1a:f1:4c:0d:26:65:e2:44:80:1e:c7:9f:e3:dd:e8:0a:da:ec:
+        a5:20:80:69:68:a1:4f:7e:e1:6b:cf:07:41:fa:83:8e:bc:38:
+        dd:b0:2e:11:b1:6b:b2:42:cc:9a:bc:f9:48:22:79:4a:19:0f:
+        b2:1c:3e:20:74:d9:6a:c3:be:f2:28:78:13:56:79:4f:6d:50:
+        ea:1b:b0:b5:57:b1:37:66:58:23:f3:dc:0f:df:0a:87:c4:ef:
+        86:05:d5:38:14:60:99:a3:4b:de:06:96:71:2c:f2:db:b6:1f:
+        a4:ef:3f:ee
+
+Verisign Class 2 Public Primary Certification Authority
+=======================================================
+MD5 Fingerprint: B3:9C:25:B1:C3:2E:32:53:80:15:30:9D:4D:02:77:3E
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEC0b/EoXjaOR6+f/9YtFvgswDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC2WoujDWojg4BrzzmH9CETMwZMJaLtVRKXxaeAufqDwSCg+i8VDXyh
+YGt+eSz6Bg86rvYbb7HS/y8oUl+DfUvEerf4Zh+AVPy3wo5ZShRXRtGak75BkQO7
+FYCTXOvnzAhsPz6zSvz/S2wj1VCCJkQZjiPDceoZJEcEnnW/yKYAHwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBAIobK/o5wXTXXtgZZKJYSi034DNHD6zt96rbHuSLBlxg
+J8pFUs4W7z8GZOeUaHxgMxURaa+dYo2jA1Rrpr7l7gUYYAS/QoD90KioHgE796Nc
+r6Pc5iaAIzy4RHT3Cq5Ji2F4zCS/iIqnDupzGUH9TQPwiNHleI2lKk/2lw0Xd8rY
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            2d:1b:fc:4a:17:8d:a3:91:eb:e7:ff:f5:8b:45:be:0b
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
+        Validity
+            Not Before: Jan 29 00:00:00 1996 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b6:5a:8b:a3:0d:6a:23:83:80:6b:cf:39:87:f4:
+                    21:13:33:06:4c:25:a2:ed:55:12:97:c5:a7:80:b9:
+                    fa:83:c1:20:a0:fa:2f:15:0d:7c:a1:60:6b:7e:79:
+                    2c:fa:06:0f:3a:ae:f6:1b:6f:b1:d2:ff:2f:28:52:
+                    5f:83:7d:4b:c4:7a:b7:f8:66:1f:80:54:fc:b7:c2:
+                    8e:59:4a:14:57:46:d1:9a:93:be:41:91:03:bb:15:
+                    80:93:5c:eb:e7:cc:08:6c:3f:3e:b3:4a:fc:ff:4b:
+                    6c:23:d5:50:82:26:44:19:8e:23:c3:71:ea:19:24:
+                    47:04:9e:75:bf:c8:a6:00:1f
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        8a:1b:2b:fa:39:c1:74:d7:5e:d8:19:64:a2:58:4a:2d:37:e0:
+        33:47:0f:ac:ed:f7:aa:db:1e:e4:8b:06:5c:60:27:ca:45:52:
+        ce:16:ef:3f:06:64:e7:94:68:7c:60:33:15:11:69:af:9d:62:
+        8d:a3:03:54:6b:a6:be:e5:ee:05:18:60:04:bf:42:80:fd:d0:
+        a8:a8:1e:01:3b:f7:a3:5c:af:a3:dc:e6:26:80:23:3c:b8:44:
+        74:f7:0a:ae:49:8b:61:78:cc:24:bf:88:8a:a7:0e:ea:73:19:
+        41:fd:4d:03:f0:88:d1:e5:78:8d:a5:2a:4f:f6:97:0d:17:77:
+        ca:d8
+
+Verisign Class 2 Public Primary Certification Authority - G2
+============================================================
+MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAmwCEQC5L2DMiJ+hekYJuFtwbIqvMA0GCSqGSIb3DQEBBQUAMIHBMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0Ns
+YXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
+MjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y
+aXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazAe
+Fw05ODA1MTgwMDAwMDBaFw0yODA4MDEyMzU5NTlaMIHBMQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0NsYXNzIDIgUHVibGlj
+IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjE6MDgGA1UECxMx
+KGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAp4gBIXQs5xoD8JjhlzwPIQjxnNuX6Zr8wgQGE75fUsjM
+HiwSViy4AWkszJkfrbCWrnkE8hM5wXuYuggs6MKEEyyqaekJ9MepAqRCwiNPStjw
+DqL7MWzJ5m+ZJwf15vRMeJ5t60aG+rmGyVTyssSv1EYcWskVMP8NbPUtDm3Of3cC
+AwEAATANBgkqhkiG9w0BAQUFAAOBgQByLvl/0fFx+8Se9sVeUYpAmLho+Jscg9ji
+nb3/7aHmZuovCfTK1+qlK5X2JGCGTUQug6XELaDTrnhpb3LabK4I8GOSN+a7xDAX
+rXfMSTWqz9iP0b63GJZHc2pUIjRkLbYWm1lbtFFZOrMLFPQS32eg9K0yZF6xRnIn
+jBJ7xUS0rg==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a7:88:01:21:74:2c:e7:1a:03:f0:98:e1:97:3c:
+                    0f:21:08:f1:9c:db:97:e9:9a:fc:c2:04:06:13:be:
+                    5f:52:c8:cc:1e:2c:12:56:2c:b8:01:69:2c:cc:99:
+                    1f:ad:b0:96:ae:79:04:f2:13:39:c1:7b:98:ba:08:
+                    2c:e8:c2:84:13:2c:aa:69:e9:09:f4:c7:a9:02:a4:
+                    42:c2:23:4f:4a:d8:f0:0e:a2:fb:31:6c:c9:e6:6f:
+                    99:27:07:f5:e6:f4:4c:78:9e:6d:eb:46:86:fa:b9:
+                    86:c9:54:f2:b2:c4:af:d4:46:1c:5a:c9:15:30:ff:
+                    0d:6c:f5:2d:0e:6d:ce:7f:77
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        72:2e:f9:7f:d1:f1:71:fb:c4:9e:f6:c5:5e:51:8a:40:98:b8:
+        68:f8:9b:1c:83:d8:e2:9d:bd:ff:ed:a1:e6:66:ea:2f:09:f4:
+        ca:d7:ea:a5:2b:95:f6:24:60:86:4d:44:2e:83:a5:c4:2d:a0:
+        d3:ae:78:69:6f:72:da:6c:ae:08:f0:63:92:37:e6:bb:c4:30:
+        17:ad:77:cc:49:35:aa:cf:d8:8f:d1:be:b7:18:96:47:73:6a:
+        54:22:34:64:2d:b6:16:9b:59:5b:b4:51:59:3a:b3:0b:14:f4:
+        12:df:67:a0:f4:ad:32:64:5e:b1:46:72:27:8c:12:7b:c5:44:
+        b4:ae
+
+Verisign Class 2 Public Primary Certification Authority - G3
+============================================================
+MD5 Fingerprint: F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy
+aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s
+IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp
+Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV
+BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp
+Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu
+Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g
+Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
+IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU
+J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO
+JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY
+wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o
+koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN
+qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E
+Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe
+xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u
+7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU
+sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI
+sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP
+cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
+        Validity
+            Not Before: Oct  1 00:00:00 1999 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:af:0a:0d:c2:d5:2c:db:67:b9:2d:e5:94:27:dd:
+                    a5:be:e0:b0:4d:8f:b3:61:56:3c:d6:7c:c3:f4:cd:
+                    3e:86:cb:a2:88:e2:e1:d8:a4:69:c5:b5:e2:bf:c1:
+                    a6:47:50:5e:46:39:8b:d5:96:ba:b5:6f:14:bf:10:
+                    ce:27:13:9e:05:47:9b:31:7a:13:d8:1f:d9:d3:02:
+                    37:8b:ad:2c:47:f0:8e:81:06:a7:0d:30:0c:eb:f7:
+                    3c:0f:20:1d:dc:72:46:ee:a5:02:c8:5b:c3:c9:56:
+                    69:4c:c5:18:c1:91:7b:0b:d5:13:00:9b:bc:ef:c3:
+                    48:3e:46:60:20:85:2a:d5:90:b6:cd:8b:a0:cc:32:
+                    dd:b7:fd:40:55:b2:50:1c:56:ae:cc:8d:77:4d:c7:
+                    20:4d:a7:31:76:ef:68:92:8a:90:1e:08:81:56:b2:
+                    ad:69:a3:52:d0:cb:1c:c4:23:3d:1f:99:fe:4c:e8:
+                    16:63:8e:c6:08:8e:f6:31:f6:d2:fa:e5:76:dd:b5:
+                    1c:92:a3:49:cd:cd:01:cd:68:cd:a9:69:ba:a3:eb:
+                    1d:0d:9c:a4:20:a6:c1:a0:c5:d1:46:4c:17:6d:d2:
+                    ac:66:3f:96:8c:e0:84:d4:36:ff:22:59:c5:f9:11:
+                    60:a8:5f:04:7d:f2:1a:f6:25:42:61:0f:c4:4a:b8:
+                    3e:89
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        34:26:15:3c:c0:8d:4d:43:49:1d:bd:e9:21:92:d7:66:9c:b7:
+        de:c5:b8:d0:e4:5d:5f:76:22:c0:26:f9:84:3a:3a:f9:8c:b5:
+        fb:ec:60:f1:e8:ce:04:b0:c8:dd:a7:03:8f:30:f3:98:df:a4:
+        e6:a4:31:df:d3:1c:0b:46:dc:72:20:3f:ae:ee:05:3c:a4:33:
+        3f:0b:39:ac:70:78:73:4b:99:2b:df:30:c2:54:b0:a8:3b:55:
+        a1:fe:16:28:cd:42:bd:74:6e:80:db:27:44:a7:ce:44:5d:d4:
+        1b:90:98:0d:1e:42:94:b1:00:2c:04:d0:74:a3:02:05:22:63:
+        63:cd:83:b5:fb:c1:6d:62:6b:69:75:fd:5d:70:41:b9:f5:bf:
+        7c:df:be:c1:32:73:22:21:8b:58:81:7b:15:91:7a:ba:e3:64:
+        48:b0:7f:fb:36:25:da:95:d0:f1:24:14:17:dd:18:80:6b:46:
+        23:39:54:f5:8e:62:09:04:1d:94:90:a6:9b:e6:25:e2:42:45:
+        aa:b8:90:ad:be:08:8f:a9:0b:42:18:94:cf:72:39:e1:b1:43:
+        e0:28:cf:b7:e7:5a:6c:13:6b:49:b3:ff:e3:18:7c:89:8b:33:
+        5d:ac:33:d7:a7:f9:da:3a:55:c9:58:10:f9:aa:ef:5a:b6:cf:
+        4b:4b:df:2a
+
+Verisign Class 3 Public Primary Certification Authority
+=======================================================
+MD5 Fingerprint: 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+        Validity
+            Not Before: Jan 29 00:00:00 1996 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c9:5c:59:9e:f2:1b:8a:01:14:b4:10:df:04:40:
+                    db:e3:57:af:6a:45:40:8f:84:0c:0b:d1:33:d9:d9:
+                    11:cf:ee:02:58:1f:25:f7:2a:a8:44:05:aa:ec:03:
+                    1f:78:7f:9e:93:b9:9a:00:aa:23:7d:d6:ac:85:a2:
+                    63:45:c7:72:27:cc:f4:4c:c6:75:71:d2:39:ef:4f:
+                    42:f0:75:df:0a:90:c6:8e:20:6f:98:0f:f8:ac:23:
+                    5f:70:29:36:a4:c9:86:e7:b1:9a:20:cb:53:a5:85:
+                    e7:3d:be:7d:9a:fe:24:45:33:dc:76:15:ed:0f:a2:
+                    71:64:4c:65:2e:81:68:45:a7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        bb:4c:12:2b:cf:2c:26:00:4f:14:13:dd:a6:fb:fc:0a:11:84:
+        8c:f3:28:1c:67:92:2f:7c:b6:c5:fa:df:f0:e8:95:bc:1d:8f:
+        6c:2c:a8:51:cc:73:d8:a4:c0:53:f0:4e:d6:26:c0:76:01:57:
+        81:92:5e:21:f1:d1:b1:ff:e7:d0:21:58:cd:69:17:e3:44:1c:
+        9c:19:44:39:89:5c:dc:9c:00:0f:56:8d:02:99:ed:a2:90:45:
+        4c:e4:bb:10:a4:3d:f0:32:03:0e:f1:ce:f8:e8:c9:51:8c:e6:
+        62:9f:e6:9f:c0:7d:b7:72:9c:c9:36:3a:6b:9f:4e:a8:ff:64:
+        0d:64
+
+Verisign Class 3 Public Primary Certification Authority - G2
+============================================================
+MD5 Fingerprint: A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4
+pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0
+13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk
+U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
+F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY
+oJ2daZH9
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cc:5e:d1:11:5d:5c:69:d0:ab:d3:b9:6a:4c:99:
+                    1f:59:98:30:8e:16:85:20:46:6d:47:3f:d4:85:20:
+                    84:e1:6d:b3:f8:a4:ed:0c:f1:17:0f:3b:f9:a7:f9:
+                    25:d7:c1:cf:84:63:f2:7c:63:cf:a2:47:f2:c6:5b:
+                    33:8e:64:40:04:68:c1:80:b9:64:1c:45:77:c7:d8:
+                    6e:f5:95:29:3c:50:e8:34:d7:78:1f:a8:ba:6d:43:
+                    91:95:8f:45:57:5e:7e:c5:fb:ca:a4:04:eb:ea:97:
+                    37:54:30:6f:bb:01:47:32:33:cd:dc:57:9b:64:69:
+                    61:f8:9b:1d:1c:89:4f:5c:67
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        51:4d:cd:be:5c:cb:98:19:9c:15:b2:01:39:78:2e:4d:0f:67:
+        70:70:99:c6:10:5a:94:a4:53:4d:54:6d:2b:af:0d:5d:40:8b:
+        64:d3:d7:ee:de:56:61:92:5f:a6:c4:1d:10:61:36:d3:2c:27:
+        3c:e8:29:09:b9:11:64:74:cc:b5:73:9f:1c:48:a9:bc:61:01:
+        ee:e2:17:a6:0c:e3:40:08:3b:0e:e7:eb:44:73:2a:9a:f1:69:
+        92:ef:71:14:c3:39:ac:71:a7:91:09:6f:e4:71:06:b3:ba:59:
+        57:26:79:00:f6:f8:0d:a2:33:30:28:d4:aa:58:a0:9d:9d:69:
+        91:fd
+
+Verisign Class 3 Public Primary Certification Authority - G3
+============================================================
+MD5 Fingerprint: CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b
+N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t
+KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu
+kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm
+CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ
+Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu
+imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te
+2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe
+DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
+/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p
+F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt
+TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
+        Validity
+            Not Before: Oct  1 00:00:00 1999 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:cb:ba:9c:52:fc:78:1f:1a:1e:6f:1b:37:73:bd:
+                    f8:c9:6b:94:12:30:4f:f0:36:47:f5:d0:91:0a:f5:
+                    17:c8:a5:61:c1:16:40:4d:fb:8a:61:90:e5:76:20:
+                    c1:11:06:7d:ab:2c:6e:a6:f5:11:41:8e:fa:2d:ad:
+                    2a:61:59:a4:67:26:4c:d0:e8:bc:52:5b:70:20:04:
+                    58:d1:7a:c9:a4:69:bc:83:17:64:ad:05:8b:bc:d0:
+                    58:ce:8d:8c:f5:eb:f0:42:49:0b:9d:97:27:67:32:
+                    6e:e1:ae:93:15:1c:70:bc:20:4d:2f:18:de:92:88:
+                    e8:6c:85:57:11:1a:e9:7e:e3:26:11:54:a2:45:96:
+                    55:83:ca:30:89:e8:dc:d8:a3:ed:2a:80:3f:7f:79:
+                    65:57:3e:15:20:66:08:2f:95:93:bf:aa:47:2f:a8:
+                    46:97:f0:12:e2:fe:c2:0a:2b:51:e6:76:e6:b7:46:
+                    b7:e2:0d:a6:cc:a8:c3:4c:59:55:89:e6:e8:53:5c:
+                    1c:ea:9d:f0:62:16:0b:a7:c9:5f:0c:f0:de:c2:76:
+                    ce:af:f7:6a:f2:fa:41:a6:a2:33:14:c9:e5:7a:63:
+                    d3:9e:62:37:d5:85:65:9e:0e:e6:53:24:74:1b:5e:
+                    1d:12:53:5b:c7:2c:e7:83:49:3b:15:ae:8a:68:b9:
+                    57:97
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        11:14:96:c1:ab:92:08:f7:3f:2f:c9:b2:fe:e4:5a:9f:64:de:
+        db:21:4f:86:99:34:76:36:57:dd:d0:15:2f:c5:ad:7f:15:1f:
+        37:62:73:3e:d4:e7:5f:ce:17:03:db:35:fa:2b:db:ae:60:09:
+        5f:1e:5f:8f:6e:bb:0b:3d:ea:5a:13:1e:0c:60:6f:b5:c0:b5:
+        23:22:2e:07:0b:cb:a9:74:cb:47:bb:1d:c1:d7:a5:6b:cc:2f:
+        d2:42:fd:49:dd:a7:89:cf:53:ba:da:00:5a:28:bf:82:df:f8:
+        ba:13:1d:50:86:82:fd:8e:30:8f:29:46:b0:1e:3d:35:da:38:
+        62:16:18:4a:ad:e6:b6:51:6c:de:af:62:eb:01:d0:1e:24:fe:
+        7a:8f:12:1a:12:68:b8:fb:66:99:14:14:45:5c:ae:e7:ae:69:
+        17:81:2b:5a:37:c9:5e:2a:f4:c6:e2:a1:5c:54:9b:a6:54:00:
+        cf:f0:f1:c1:c7:98:30:1a:3b:36:16:db:a3:6e:ea:fd:ad:b2:
+        c2:da:ef:02:47:13:8a:c0:f1:b3:31:ad:4f:1c:e1:4f:9c:af:
+        0f:0c:9d:f7:78:0d:d8:f4:35:56:80:da:b7:6d:17:8f:9d:1e:
+        81:64:e1:fe:c5:45:ba:ad:6b:b9:0a:7a:4e:4f:4b:84:ee:4b:
+        f1:7d:dd:11
+
+Verisign Class 4 Public Primary Certification Authority - G2
+============================================================
+MD5 Fingerprint: 26:6D:2C:19:98:B6:70:68:38:50:54:19:EC:90:34:60
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEDKIjprS9esTR/h/xCA3JfgwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC68OTP+cSuhVS5B1f5j8V/aBH4xBewRNzjMHPVKmIquNDM
+HO0oW369atyzkSTKQWI8/AIBvxwWMZQFl3Zuoq29YRdsTjCG8FE3KlDHqGKB3FtK
+qsGgtG7rL+VXxbErQHDbWk2hjh+9Ax/YA9SPTJlxvOKCzFjomDqG04Y48wApHwID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAIWMEsGnuVAVess+rLhDityq3RS6iYF+ATwj
+cSGIL4LcY/oCRaxFWdcqWERbt5+BO5JoPeI3JPV7bI92NZYJqFmduc4jq3TWg/0y
+cyfYaT5DdPauxYma51N86Xv2S/PBZYPejYqcPIiNOVn8qj8ijaHBZlCBckztImRP
+T8qAkbYp
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            32:88:8e:9a:d2:f5:eb:13:47:f8:7f:c4:20:37:25:f8
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ba:f0:e4:cf:f9:c4:ae:85:54:b9:07:57:f9:8f:
+                    c5:7f:68:11:f8:c4:17:b0:44:dc:e3:30:73:d5:2a:
+                    62:2a:b8:d0:cc:1c:ed:28:5b:7e:bd:6a:dc:b3:91:
+                    24:ca:41:62:3c:fc:02:01:bf:1c:16:31:94:05:97:
+                    76:6e:a2:ad:bd:61:17:6c:4e:30:86:f0:51:37:2a:
+                    50:c7:a8:62:81:dc:5b:4a:aa:c1:a0:b4:6e:eb:2f:
+                    e5:57:c5:b1:2b:40:70:db:5a:4d:a1:8e:1f:bd:03:
+                    1f:d8:03:d4:8f:4c:99:71:bc:e2:82:cc:58:e8:98:
+                    3a:86:d3:86:38:f3:00:29:1f
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        85:8c:12:c1:a7:b9:50:15:7a:cb:3e:ac:b8:43:8a:dc:aa:dd:
+        14:ba:89:81:7e:01:3c:23:71:21:88:2f:82:dc:63:fa:02:45:
+        ac:45:59:d7:2a:58:44:5b:b7:9f:81:3b:92:68:3d:e2:37:24:
+        f5:7b:6c:8f:76:35:96:09:a8:59:9d:b9:ce:23:ab:74:d6:83:
+        fd:32:73:27:d8:69:3e:43:74:f6:ae:c5:89:9a:e7:53:7c:e9:
+        7b:f6:4b:f3:c1:65:83:de:8d:8a:9c:3c:88:8d:39:59:fc:aa:
+        3f:22:8d:a1:c1:66:50:81:72:4c:ed:22:64:4f:4f:ca:80:91:
+        b6:29
+
+Verisign Class 4 Public Primary Certification Authority - G3
+============================================================
+MD5 Fingerprint: DB:C8:F2:27:2E:B1:EA:6A:29:23:5D:FE:56:3E:33:DF
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1
+GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ
++mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd
+U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm
+NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY
+ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/
+ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1
+CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq
+g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm
+fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c
+2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/
+bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
+        Validity
+            Not Before: Oct  1 00:00:00 1999 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ad:cb:a5:11:69:c6:59:ab:f1:8f:b5:19:0f:56:
+                    ce:cc:b5:1f:20:e4:9e:26:25:4b:e0:73:65:89:59:
+                    de:d0:83:e4:f5:0f:b5:bb:ad:f1:7c:e8:21:fc:e4:
+                    e8:0c:ee:7c:45:22:19:76:92:b4:13:b7:20:5b:09:
+                    fa:61:ae:a8:f2:a5:8d:85:c2:2a:d6:de:66:36:d2:
+                    9b:02:f4:a8:92:60:7c:9c:69:b4:8f:24:1e:d0:86:
+                    52:f6:32:9c:41:58:1e:22:bd:cd:45:62:95:08:6e:
+                    d0:66:dd:53:a2:cc:f0:10:dc:54:73:8b:04:a1:46:
+                    33:33:5c:17:40:b9:9e:4d:d3:f3:be:55:83:e8:b1:
+                    89:8e:5a:7c:9a:96:22:90:3b:88:25:f2:d2:53:88:
+                    02:0c:0b:78:f2:e6:37:17:4b:30:46:07:e4:80:6d:
+                    a6:d8:96:2e:e8:2c:f8:11:b3:38:0d:66:a6:9b:ea:
+                    c9:23:5b:db:8e:e2:f3:13:8e:1a:59:2d:aa:02:f0:
+                    ec:a4:87:66:dc:c1:3f:f5:d8:b9:f4:ec:82:c6:d2:
+                    3d:95:1d:e5:c0:4f:84:c9:d9:a3:44:28:06:6a:d7:
+                    45:ac:f0:6b:6a:ef:4e:5f:f8:11:82:1e:38:63:34:
+                    66:50:d4:3e:93:73:fa:30:c3:66:ad:ff:93:2d:97:
+                    ef:03
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        8f:fa:25:6b:4f:5b:e4:a4:4e:27:55:ab:22:15:59:3c:ca:b5:
+        0a:d4:4a:db:ab:dd:a1:5f:53:c5:a0:57:39:c2:ce:47:2b:be:
+        3a:c8:56:bf:c2:d9:27:10:3a:b1:05:3c:c0:77:31:bb:3a:d3:
+        05:7b:6d:9a:1c:30:8c:80:cb:93:93:2a:83:ab:05:51:82:02:
+        00:11:67:6b:f3:88:61:47:5f:03:93:d5:5b:0d:e0:f1:d4:a1:
+        32:35:85:b2:3a:db:b0:82:ab:d1:cb:0a:bc:4f:8c:5b:c5:4b:
+        00:3b:1f:2a:82:a6:7e:36:85:dc:7e:3c:67:00:b5:e4:3b:52:
+        e0:a8:eb:5d:15:f9:c6:6d:f0:ad:1d:0e:85:b7:a9:9a:73:14:
+        5a:5b:8f:41:28:c0:d5:e8:2d:4d:a4:5e:cd:aa:d9:ed:ce:dc:
+        d8:d5:3c:42:1d:17:c1:12:5d:45:38:c3:38:f3:fc:85:2e:83:
+        46:48:b2:d7:20:5f:92:36:8f:e7:79:0f:98:5e:99:e8:f0:d0:
+        a4:bb:f5:53:bd:2a:ce:59:b0:af:6e:7f:6c:bb:d2:1e:00:b0:
+        21:ed:f8:41:62:82:b9:d8:b2:c4:bb:46:50:f3:31:c5:8f:01:
+        a8:74:eb:f5:78:27:da:e7:f7:66:43:f3:9e:83:3e:20:aa:c3:
+        35:60:91:ce
+
+Verisign/RSA Commercial CA
+==========================
+MD5 Fingerprint: 5A:0B:DD:42:9E:B2:B4:62:97:32:7F:7F:0A:AA:9A:39
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:41:00:00:16
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Commercial Certification Authority
+        Validity
+            Not Before: Nov  4 18:58:34 1994 GMT
+            Not After : Nov  3 18:58:34 1999 GMT
+        Subject: C=US, O=RSA Data Security, Inc., OU=Commercial Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1000 bit)
+                Modulus (1000 bit):
+                    00:a4:fb:81:62:7b:ce:10:27:dd:e8:f7:be:6c:6e:
+                    c6:70:99:db:b8:d5:05:03:69:28:82:9c:72:7f:96:
+                    3f:8e:ec:ac:29:92:3f:8a:14:f8:42:76:be:bd:5d:
+                    03:b9:90:d4:d0:bc:06:b2:51:33:5f:c4:c2:bf:b6:
+                    8b:8f:99:b6:62:22:60:dd:db:df:20:82:b4:ca:a2:
+                    2f:2d:50:ed:94:32:de:e0:55:8d:d4:68:e2:e0:4c:
+                    d2:cd:05:16:2e:95:66:5c:61:52:38:1e:51:a8:82:
+                    a1:c4:ef:25:e9:0a:e6:8b:2b:8e:31:66:d9:f8:d9:
+                    fd:bd:3b:69:d9:eb
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        76:b5:b6:10:fe:23:f7:f7:59:62:4b:b0:5f:9c:c1:68:bc:49:
+        bb:b3:49:6f:21:47:5d:2b:9d:54:c4:00:28:3f:98:b9:f2:8a:
+        83:9b:60:7f:eb:50:c7:ab:05:10:2d:3d:ed:38:02:c1:a5:48:
+        d2:fe:65:a0:c0:bc:ea:a6:23:16:66:6c:1b:24:a9:f3:ec:79:
+        35:18:4f:26:c8:e3:af:50:4a:c7:a7:31:6b:d0:7c:18:9d:50:
+        bf:a9:26:fa:26:2b:46:9c:14:a9:bb:5b:30:98:42:28:b5:4b:
+        53:bb:43:09:92:40:ba:a8:aa:5a:a4:c6:b6:8b:57:4d:c5
+
+Verisign/RSA Secure Server CA
+=============================
+MD5 Fingerprint: 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: Nov  9 00:00:00 1994 GMT
+            Not After : Jan  7 23:59:59 2010 GMT
+        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1000 bit)
+                Modulus (1000 bit):
+                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+                    dd:2d:d6:c8:1e:7b
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50

diff --git a/certs/notacacert.pem b/certs/notacacert.pem
new file mode 100644 (file)
index 0000000..84eb7fb
--- /dev/null
+++ b/certs/notacacert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEAzCCA2ygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBuDELMAkGA1UEBhMCQVUx
+EzARBgNVBAgTClNvbWUtU3RhdGUxEDAOBgNVBAcTB05vIENpdHkxITAfBgNVBAoT
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEYMBYGA1UECxMPTm8gT3JnYW5pemF0
+aW9uMRcwFQYDVQQDEw5ObyBDb21tb24gTmFtZTEsMCoGCSqGSIb3DQEJARYdbm9l
+bWFpbEBhbnl3aGVyZS5pbi50aGUud29ybGQwHhcNMDEwNDA2MjM1MjM4WhcNMDIw
+NDA2MjM1MjM4WjCBuDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+EDAOBgNVBAcTB05vIENpdHkxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDEYMBYGA1UECxMPTm8gT3JnYW5pemF0aW9uMRcwFQYDVQQDEw5ObyBDb21t
+b24gTmFtZTEsMCoGCSqGSIb3DQEJARYdbm9lbWFpbEBhbnl3aGVyZS5pbi50aGUu
+d29ybGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMwRs1pgsJgI0vHwNm2P
+2DZice+BC/EYJ2sKA0tZp0HIudIYXUO2HR3nXfjVpeMzPpRlydTWptsl23PEOJAs
+UUeoLW4wnkFTEujjFigIK33wp5wpeheK7pw0MNesCUPykbeoxRWqsx41Mkpi4epV
+4w5FumtuOI//ZxBrlv8AMEHzAgMBAAGjggEZMIIBFTAdBgNVHQ4EFgQUtbzB4LJw
+YSpwmcIHxMq7VxSGWzswgeUGA1UdIwSB3TCB2oAUtbzB4LJwYSpwmcIHxMq7VxSG
+Wzuhgb6kgbswgbgxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRAw
+DgYDVQQHEwdObyBDaXR5MSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBM
+dGQxGDAWBgNVBAsTD05vIE9yZ2FuaXphdGlvbjEXMBUGA1UEAxMOTm8gQ29tbW9u
+IE5hbWUxLDAqBgkqhkiG9w0BCQEWHW5vZW1haWxAYW55d2hlcmUuaW4udGhlLndv
+cmxkggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAGeAQFJ1QS4Qf
+2j6VENMOdVjL8699TYrEUu2OJIvdBnUSGZS/97Fz5uD7fBoQvCnDAjfK0dtYneAN
+HPj0gO7i57lxH8dj8PB4c+0JeB0MPNqjSssVamzchUZxfhCGf4iRaZ4AO7Fhxxe1
+SO2qT6Kcwza/39MLNz1+TJiSHQtF4ZI=
+-----END CERTIFICATE-----

diff --git a/certs/notacakeynopass.pem b/certs/notacakeynopass.pem
new file mode 100644 (file)
index 0000000..6840117
--- /dev/null
+++ b/certs/notacakeynopass.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDMEbNaYLCYCNLx8DZtj9g2YnHvgQvxGCdrCgNLWadByLnSGF1D
+th0d51341aXjMz6UZcnU1qbbJdtzxDiQLFFHqC1uMJ5BUxLo4xYoCCt98KecKXoX
+iu6cNDDXrAlD8pG3qMUVqrMeNTJKYuHqVeMORbprbjiP/2cQa5b/ADBB8wIDAQAB
+AoGAMYQB/uYDM4DAno/oxQDoN5n/h1vKp/9yYRiW4Auq991aqU3cI3fm7MCdHqnI
+jK58esmQBaLn7bjr3NU53FHEjq2GNckFIMmUZHFeEADuANdHXljWNgDVijoI0Ugm
+9B+iz8czm79338i5WO3LWmLmMDy4kv2ZH7YYemSSOsxmrLECQQDvuQ83HH9iEj5W
+ExRYLpmjiZcfj3wwoNv9bnXBzSb/TciN6jXq6YqwBl0FIU/movmD3kSCTwQz5QX2
+sqTDimqtAkEA2ezlcUxH941FZB0JuPiERL4cN6jg+n3/U8jM/L6SXS3bLLO9N2f3
+YuVCiqm1SHGEiAVOAZRETCo7L7CvpVyTHwJBAKPe3YfO80UXM4WjhUTClkQ0yhnI
+/BxB2iBkYhsZIo9jnLVmZXUwMJ4ju3LGUthWkDqUtkBdw4G2DV2WwQrqlAECQA3X
+yX9X7B5if+zrF0oDp0tClEJI3PmsdUKaN8M6S8vVdN2zESrq1MEYdRCf1R8j7tpB
+FAJvq6L278mIvK+RYNsCQBeRpXI8kjKGR9daePjRCBK1N8FE92R+1jWJ4WuZpUgX
+ZuZSETDrVuOncOP1HLdKvU+djvnROg98CvOmiTK+kGI=
+-----END RSA PRIVATE KEY-----

diff --git a/eg/lwp-ssl-test b/eg/lwp-ssl-test
new file mode 100755 (executable)
index 0000000..e7d0a18
--- /dev/null
+++ b/eg/lwp-ssl-test
@@ -0,0 +1,40 @@
+#!/usr/bin/perl
+
+use lib qw(lib);
+use LWP::UserAgent;
+use Getopt::Long;
+use strict;
+use vars qw($opt_proxy $opt_debug $opt_cert $opt_key $opt_cafile $opt_cadir);
+use Data::Dumper qw(Dumper);
+
+GetOptions(
+          'd' => \$opt_debug,
+          'p:s' => \$opt_proxy,
+          'proxy:s' => \$opt_proxy,
+          'cert:s' => \$opt_cert,
+          'key:s' => \$opt_key,
+          'CAfile:s' => \$opt_cafile,
+          'CAdir:s' => \$opt_cadir,
+          );
+
+if($opt_debug) {
+    eval "use LWP::Debug qw(+);";
+}
+
+# PROXY SUPPORT
+$ENV{HTTPS_PROXY} = $opt_proxy;
+$ENV{HTTPS_DEBUG} = $opt_debug;
+
+$ENV{HTTPS_CERT_FILE} = $opt_cert;
+$ENV{HTTPS_KEY_FILE} = $opt_key;
+
+$opt_cafile && ( $ENV{HTTPS_CA_FILE} = $opt_cafile );
+$opt_cadir  && ( $ENV{HTTPS_CA_DIR} = $opt_cadir   );
+        
+my $url = shift || 'https://www.nodeworks.com';
+my $ua = new LWP::UserAgent;
+$ua->timeout(15);
+my $req = new HTTP::Request('HEAD', $url);
+my $res = $ua->request($req);
+
+print Dumper($res);

diff --git a/eg/net-ssl-test b/eg/net-ssl-test
new file mode 100755 (executable)
index 0000000..71736f8
--- /dev/null
+++ b/eg/net-ssl-test
@@ -0,0 +1,163 @@
+#!/usr/bin/perl
+
+use strict;
+use vars qw($opt_p $opt_n $opt_bench $opt_debug $opt_version
+           $opt_v $opt_help
+           $opt_cert $opt_key $opt_cafile $opt_cadir
+           );
+use lib qw(lib);
+use Net::SSL;
+use File::Basename;
+use Benchmark;
+
+use Getopt::Long;
+&GetOptions ('p:s' => \$opt_p,
+            'proxy:s' => \$opt_p,
+            'bench:n' => \$opt_bench,
+            'd' => \$opt_debug,
+            'version:i' => \$opt_version,
+            'v:i' => \$opt_version,
+            'h' => \$opt_help,
+            'help' => \$opt_help,
+            'cert:s' => \$opt_cert,
+            'key:s' => \$opt_key,
+            'CAfile:s' => \$opt_cafile,
+            'CAdir:s' => \$opt_cadir,
+            );
+
+my $basename = &File::Basename::basename($0);
+
+# define sub first, in case you are reading the source :)
+sub help {
+
+    print <<HELP;
+Usage: $basename [-d] [-b=NNN] [-h] [-p proxy_name:port] [-CAfile=FILE] [GET|HEAD] [ssl_server_name] [port]
+
+  -d  Debug mode
+  -b  Benchmark NNN times, good test for memory leaks
+  -h  This help message
+  -p  Proxy server, via CONNECT method, localhost:80 format
+
+  -cert  client certificate file
+  -key   private key file
+
+  -CAfile CA certificates file, use certs/ca-bundle.crt for primary root certs
+
+ method          defaults to HEAD
+ ssl_server_name defaults to www.nodeworks.com
+ port            defaults to 443
+
+These are equivalent:
+
+  ./net_ssl_test
+  ./net_ssl_test HEAD www.nodeworks.com 443
+
+This might be how you debug your proxy:
+
+  ./net_ssl_test -d -p http://proxy_name:80 www.nodeworks.com
+
+Note http:// on proxy hostname is stripped off, and is
+meaningless to Crypt::SSLeay.
+
+HELP
+;
+    exit;
+}
+
+if($opt_help) {
+    &help;
+};
+
+if($opt_debug) {
+    eval "use LWP::Debug qw(+)";
+}
+
+my $method = (@ARGV && $ARGV[0] =~ /^[A-Z]+$/) ? shift : "HEAD";
+my($host, $port, $path);
+if($opt_bench) {
+    $host = shift || die("need host, run like ./$basename HEAD yourhost.com.foo");
+} else {
+    $host = shift || "www.nodeworks.com";
+}
+if($host =~ m|^(https://)?([^/:]+)(:(\d+))?(/.*)?$|) {
+    ($host, $port, $path) = ($2, $4, $5);
+}
+
+$port ||= shift || 443;
+$path ||= '/';
+
+if($opt_n) {
+    $ENV{NO_PROXY} = $opt_n;
+}
+
+$ENV{HTTPS_PROXY} = $opt_p;
+$ENV{HTTPS_CERT_FILE} = $opt_cert;
+$ENV{HTTPS_KEY_FILE} = $opt_key;
+
+$opt_cafile && ( $ENV{HTTPS_CA_FILE} = $opt_cafile );
+$opt_cadir  && ( $ENV{HTTPS_CA_DIR} = $opt_cadir   );
+
+if($opt_version) {
+    grep($opt_version eq $_, '2', '3', '23')
+       || die("$opt_version must be one of 2, 3, or 23");
+    $ENV{HTTPS_VERSION} = $opt_version;
+}
+
+unless(eval { &ssl_connect() }) {
+    print <<OUT;
+== FAILED TO CONNECT ==
+Error: $@
+
+If you need to use a proxy, please pass it in as an argument like
+
+  ./net_ssl_test -p 127.0.0.1:8080
+
+which sets \$ENV{HTTPS_PROXY} for you.
+
+OUT
+    ;
+}
+
+if($opt_bench) {
+    timethis($opt_bench, sub { &ssl_connect() });
+}
+
+
+sub ssl_connect {
+    my $sock = Net::SSL->new(
+                            PeerAddr => $host,
+                            PeerPort => $port,
+                            SSL_Debug => $opt_debug,
+                            Timeout => 15,
+                            );
+    $sock || ($@ ||= "no Net::SSL connection established");
+    my $error = $@;
+    $error && die("Can't connect to $host:$port; $error; $!");
+
+    my $out;
+    $out .= "WEB SITE       : $host:$port\n";
+    $out .= "CIPHER         : ".$sock->get_cipher."\n";
+    my $cert = $sock->get_peer_certificate;
+
+    $out .= "CERT SUBJECT   : ".$cert->subject_name."\n";
+    $out .= "CERTIFIED BY   : ".$cert->issuer_name."\n";
+    $out .= "CERT NOT BEFORE: ".$cert->not_before."\n";
+    $out .= "CERT NOT AFTER : ".$cert->not_after."\n";
+
+    $out .= "\n";
+    $sock->print("$method $path HTTP/1.0\n\n");
+    print $out;
+    $out = '';
+
+    my $buf = '';
+    while ($sock->read($buf, 1024)) {
+       $out .= $buf;
+    }
+
+    unless($opt_bench) {
+       print $out;
+    }
+
+    1;
+}
+

diff --git a/lib/Crypt/SSLeay/CTX.pm b/lib/Crypt/SSLeay/CTX.pm
new file mode 100644 (file)
index 0000000..8712ba8
--- /dev/null
+++ b/lib/Crypt/SSLeay/CTX.pm
@@ -0,0 +1,4 @@
+package Crypt::SSLeay::CTX;
+require Crypt::SSLeay;
+use strict;
+1;

diff --git a/lib/Crypt/SSLeay/Conn.pm b/lib/Crypt/SSLeay/Conn.pm
new file mode 100644 (file)
index 0000000..80abd4f
--- /dev/null
+++ b/lib/Crypt/SSLeay/Conn.pm
@@ -0,0 +1,4 @@
+package Crypt::SSLeay::Conn;
+require Crypt::SSLeay;
+use strict;
+1;

diff --git a/lib/Crypt/SSLeay/Err.pm b/lib/Crypt/SSLeay/Err.pm
new file mode 100644 (file)
index 0000000..013e4a6
--- /dev/null
+++ b/lib/Crypt/SSLeay/Err.pm
@@ -0,0 +1,4 @@
+package Crypt::SSLeay::Err;
+require Crypt::SSLeay;
+use strict;
+1;

diff --git a/lib/Crypt/SSLeay/MainContext.pm b/lib/Crypt/SSLeay/MainContext.pm
new file mode 100644 (file)
index 0000000..fd01936
--- /dev/null
+++ b/lib/Crypt/SSLeay/MainContext.pm
@@ -0,0 +1,42 @@
+package Crypt::SSLeay::MainContext;
+
+# maintains a single instance of the Crypt::SSLeay::CTX class
+
+use strict;
+use Carp ();
+
+require Crypt::SSLeay::CTX;
+
+my $ctx = &main_ctx();
+
+sub main_ctx { 
+    my $ssl_version = shift || 23;
+
+    my $ctx = Crypt::SSLeay::CTX->new($ssl_version);
+    $ctx->set_cipher_list($ENV{CRYPT_SSLEAY_CIPHER})
+      if $ENV{CRYPT_SSLEAY_CIPHER};    
+
+    $ctx;
+}
+
+my %sub_cache = ('main_ctx' => \&main_ctx );
+
+sub import {
+    my $pkg = shift;
+    my $callpkg = caller();
+    my @func = @_;
+    for (@func) {
+        s/^&//;
+        Carp::croak("Can't export $_ from $pkg") if /\W/;;
+        my $sub = $sub_cache{$_};
+        unless ($sub) {
+            my $method = $_;
+            $method =~ s/^main_ctx_//;  # optional prefix
+            $sub = $sub_cache{$_} = sub { $ctx->$method(@_) };
+        }
+        no strict 'refs';
+        *{"${callpkg}::$_"} = $sub;
+    }
+}
+
+1;

diff --git a/lib/Crypt/SSLeay/X509.pm b/lib/Crypt/SSLeay/X509.pm
new file mode 100644 (file)
index 0000000..5fd50ca
--- /dev/null
+++ b/lib/Crypt/SSLeay/X509.pm
@@ -0,0 +1,26 @@
+package Crypt::SSLeay::X509;
+
+use strict;
+
+sub not_before {
+    my $cert = shift;
+    not_string2time($cert->get_notBeforeString);
+}
+
+sub not_after {
+    my $cert = shift;
+    not_string2time($cert->get_notAfterString);
+}
+
+sub not_string2time {
+    my $string = shift;
+    # $string has the form 021019235959Z
+    my($year, $month, $day, $hour, $minute, $second, $GMT)=
+        $string=~m/(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(Z)?/;
+    $year += 2000;
+    my $time="$year-$month-$day $hour:$minute:$second";
+    $time .= " GMT" if $GMT;
+    $time;
+}
+
+1;

diff --git a/lib/Net/SSL.pm b/lib/Net/SSL.pm
new file mode 100755 (executable)
index 0000000..1b9695a
--- /dev/null
+++ b/lib/Net/SSL.pm
@@ -0,0 +1,649 @@
+package Net::SSL;
+
+use strict;
+use MIME::Base64;
+use Socket;
+use Carp;
+
+use vars qw(@ISA $VERSION $NEW_ARGS);
+$VERSION = '2.85';
+
+require IO::Socket;
+@ISA=qw(IO::Socket::INET);
+
+my %REAL; # private to this package only
+my $DEFAULT_VERSION = '23';
+my $CRLF = "\015\012";
+my $SEND_USERAGENT_TO_PROXY = 0;
+
+require Crypt::SSLeay;
+
+sub _default_context {
+    require Crypt::SSLeay::MainContext;
+    Crypt::SSLeay::MainContext::main_ctx(@_);
+}
+
+sub _alarm_set {
+    return if $^O eq 'MSWin32' or $^O eq 'NetWare';
+    alarm(shift);
+}
+
+sub new {
+    my($class, %arg) = @_;
+    local $NEW_ARGS = \%arg;
+    $class->SUPER::new(%arg);
+}
+
+sub DESTROY {
+    my $self = shift;
+    delete $REAL{$self};
+    local $@;
+    eval { $self->SUPER::DESTROY; };
+}
+
+sub configure {
+    my($self, $arg) = @_;
+    my $ssl_version = delete $arg->{SSL_Version} ||
+      $ENV{HTTPS_VERSION} || $DEFAULT_VERSION;
+    my $ssl_debug = delete $arg->{SSL_Debug} || $ENV{HTTPS_DEBUG} || 0;
+
+    my $ctx = delete $arg->{SSL_Context} || _default_context($ssl_version);
+
+    *$self->{ssl_ctx} = $ctx;
+    *$self->{ssl_version} = $ssl_version;
+    *$self->{ssl_debug} = $ssl_debug;
+    *$self->{ssl_arg} = $arg;
+    *$self->{ssl_peer_addr} = $arg->{PeerAddr};
+    *$self->{ssl_peer_port} = $arg->{PeerPort};
+    *$self->{ssl_new_arg} = $NEW_ARGS;
+    *$self->{ssl_peer_verify} = 0;
+
+    ## Crypt::SSLeay must also aware the SSL Proxy before calling
+    ## $socket->configure($args). Because the $sock->configure() will
+    ## die when failed to resolve the destination server IP address,
+    ## whether the SSL proxy is used or not!
+    ## - dqbai, 2003-05-10
+    if (my $proxy = $self->proxy) {
+        ($arg->{PeerAddr}, $arg->{PeerPort}) = split(':',$proxy);
+        $arg->{PeerPort} || croak("no port given for proxy server $proxy");
+    }
+
+    $self->SUPER::configure($arg);
+}
+
+# override to make sure there is really a timeout
+sub timeout {
+    shift->SUPER::timeout || 60;
+}
+
+sub blocking {
+    my $self = shift;
+    $self->SUPER::blocking(@_);
+}
+
+sub connect {
+    my $self = shift;
+
+    # configure certs on connect() time, so we can throw an undef
+    # and have LWP understand the error
+    eval { $self->configure_certs() };
+    if($@) {
+        $@ = "configure certs failed: $@; $!";
+        $self->die_with_error($@);
+    }
+
+    # finished, update set_verify status
+    if(my $rv = *$self->{ssl_ctx}->set_verify()) {
+        *$self->{ssl_peer_verify} = $rv;
+    }
+
+    if ($self->proxy) {
+        # don't die() in connect, just return undef and set $@
+        my $proxy_connect = eval { $self->proxy_connect_helper(@_) };
+        if(! $proxy_connect || $@) {
+            $@ = "proxy connect failed: $@; $!";
+            croak($@);
+        }
+    }
+    else {
+        *$self->{io_socket_peername}=@_ == 1 ? $_[0] : IO::Socket::sockaddr_in(@_);
+        if(!$self->SUPER::connect(@_)) {
+            # better to die than return here
+            $@ = "Connect failed: $@; $!";
+            croak($@);
+        }
+    }
+
+    my $debug = *$self->{ssl_debug} || 0;
+    my $ssl = Crypt::SSLeay::Conn->new(*$self->{ssl_ctx}, $debug, $self);
+    my $arg = *$self->{ssl_arg};
+    my $new_arg = *$self->{ssl_new_arg};
+    $arg->{SSL_Debug} = $debug;
+
+    # setup SNI if available
+    $ssl->can("set_tlsext_host_name") and
+        $ssl->set_tlsext_host_name(*$self->{ssl_peer_addr});
+
+    eval {
+        local $SIG{ALRM} = sub { $self->die_with_error("SSL connect timeout") };
+        # timeout / 2 because we have 3 possible connects here
+        _alarm_set($self->timeout / 2);
+
+        my $rv;
+        {
+            local $SIG{PIPE} = \¨
+            $rv = eval { $ssl->connect; };
+        }
+        if (not defined $rv or $rv <= 0) {
+            _alarm_set(0);
+            $ssl = undef;
+            # See RT #59312
+            my %args = (%$arg, %$new_arg);
+            if(*$self->{ssl_version} == 23) {
+                $args{SSL_Version} = 3;
+                # the new connect might itself be overridden with a REAL SSL
+                my $new_ssl = Net::SSL->new(%args);
+                $REAL{$self} = $REAL{$new_ssl} || $new_ssl;
+                return $REAL{$self};
+            }
+            elsif(*$self->{ssl_version} == 3) {
+                # $self->die_with_error("SSL negotiation failed");
+                $args{SSL_Version} = 2;
+                my $new_ssl = Net::SSL->new(%args);
+                $REAL{$self} = $new_ssl;
+                return $new_ssl;
+            }
+                       else {
+                # don't die, but do set $@, and return undef
+                eval { $self->die_with_error("SSL negotiation failed") };
+                croak($@);
+            }
+        }
+        _alarm_set(0);
+    };
+
+    # odd error in eval {} block, maybe alarm outside the evals
+    if($@) {
+        $@ = "$@; $!";
+        croak($@);
+    }
+
+    # successful SSL connection gets stored
+    *$self->{ssl_ssl} = $ssl;
+    $self;
+}
+
+# Delegate these calls to the Crypt::SSLeay::Conn object
+sub get_peer_certificate {
+    my $self = shift;
+    $self = $REAL{$self} || $self;
+    *$self->{ssl_ssl}->get_peer_certificate(@_);
+}
+
+sub get_peer_verify {
+    my $self = shift;
+    $self = $REAL{$self} || $self;
+    *$self->{ssl_peer_verify};
+}
+
+sub get_shared_ciphers {
+    my $self = shift;
+    $self = $REAL{$self} || $self;
+    *$self->{ssl_ssl}->get_shared_ciphers(@_);
+}
+
+sub get_cipher {
+    my $self = shift;
+    $self = $REAL{$self} || $self;
+    *$self->{ssl_ssl}->get_cipher(@_);
+}
+
+sub ssl_context {
+    my $self = shift;
+    $self = $REAL{$self} || $self;
+    *$self->{ssl_ctx};
+}
+
+sub die_with_error {
+    my $self=shift;
+    my $reason=shift;
+
+    my @err;
+    while(my $err=Crypt::SSLeay::Err::get_error_string()) {
+       push @err, $err;
+    }
+    croak("$reason: " . join( ' | ', @err ));
+}
+
+sub read {
+    my $self = shift;
+    $self = $REAL{$self} || $self;
+
+    local $SIG{__DIE__} = \&Carp::confess;
+    local $SIG{ALRM} = sub { $self->die_with_error("SSL read timeout") };
+
+    _alarm_set($self->timeout);
+    my $n = *$self->{ssl_ssl}->read(@_);
+    _alarm_set(0);
+    $self->die_with_error("read failed") if !defined $n;
+
+    $n;
+}
+
+sub write {
+    my $self = shift;
+    $self = $REAL{$self} || $self;
+    my $n = *$self->{ssl_ssl}->write(@_);
+    $self->die_with_error("write failed") if !defined $n;
+    $n;
+}
+
+*sysread  = \&read;
+*syswrite = \&write;
+
+sub print {
+    my $self = shift;
+    $self = $REAL{$self} || $self;
+    # should we care about $, and $\??
+    # I think it is too expensive...
+    $self->write(join("", @_));
+}
+
+sub printf {
+    my $self = shift;
+    $self = $REAL{$self} || $self;
+    my $fmt = shift;
+    $self->write(sprintf($fmt, @_));
+}
+
+sub getchunk {
+    my $self = shift;
+    $self = $REAL{$self} || $self;
+    my $buf = '';  # warnings
+    my $n = $self->read($buf, 32768);
+    return unless defined $n;
+    $buf;
+}
+
+# This is really inefficient, but we only use it for reading the proxy response
+# so that does not really matter.
+sub getline {
+    my $self = shift;
+    $self = $REAL{$self} || $self;
+    my $val="";
+    my $buf;
+    do {
+        $self->SUPER::recv($buf, 1);
+        $val .= $buf;
+    } until ($buf eq "\n");
+
+    $val;
+}
+
+# XXX: no way to disable <$sock>??  (tied handle perhaps?)
+
+sub get_lwp_object {
+    my $self = shift;
+
+    my $lwp_object;
+    my $i = 0;
+    while(1) {
+        package DB;
+        my @stack = caller($i++);
+        last unless @stack;
+        my @stack_args = @DB::args;
+        my $stack_object = $stack_args[0] || next;
+        return $stack_object
+            if ref($stack_object)
+                and $stack_object->isa('LWP::UserAgent');
+    }
+    return undef;
+}
+
+sub send_useragent_to_proxy {
+    if (my $val = shift) {
+        $SEND_USERAGENT_TO_PROXY = $val;
+    }
+    return $SEND_USERAGENT_TO_PROXY;
+}
+
+sub proxy_connect_helper {
+    my $self = shift;
+
+    my $proxy = $self->proxy;
+    my ($proxy_host, $proxy_port) = split(':',$proxy);
+    $proxy_port || croak("no port given for proxy server $proxy");
+
+    my $proxy_addr = gethostbyname($proxy_host);
+    $proxy_addr || croak("can't resolve proxy server name: $proxy_host, $!");
+
+    my($peer_port, $peer_addr) = (*$self->{ssl_peer_port}, *$self->{ssl_peer_addr});
+    $peer_addr || croak("no peer addr given");
+    $peer_port || croak("no peer port given");
+
+    # see if the proxy should be bypassed
+    my @no_proxy = split( /\s*,\s*/, $ENV{NO_PROXY} || $ENV{no_proxy} || '');
+    my $is_proxied = 1;
+    my $domain;
+    for $domain (@no_proxy) {
+        if ($peer_addr =~ /\Q$domain\E$/) {
+            $is_proxied = 0;
+            last;
+        }
+    }
+
+    if ($is_proxied) {
+        $self->SUPER::connect($proxy_port, $proxy_addr)
+          || croak("proxy connect to $proxy_host:$proxy_port failed: $!");
+    }
+    else {
+        # see RT #57836
+        my $peer_addr_packed = gethostbyname($peer_addr);
+        $self->SUPER::connect($peer_port, $peer_addr_packed)
+          || croak("proxy bypass to $peer_addr:$peer_addr failed: $!");
+    }
+
+    my $connect_string;
+    if ($ENV{"HTTPS_PROXY_USERNAME"} || $ENV{"HTTPS_PROXY_PASSWORD"}) {
+        my $user = $ENV{"HTTPS_PROXY_USERNAME"};
+        my $pass = $ENV{"HTTPS_PROXY_PASSWORD"};
+
+        my $credentials = encode_base64("$user:$pass", "");
+        $connect_string = join($CRLF,
+            "CONNECT $peer_addr:$peer_port HTTP/1.0",
+            "Proxy-authorization: Basic $credentials"
+        );
+    }
+    else {
+        $connect_string = "CONNECT $peer_addr:$peer_port HTTP/1.0";
+    }
+    $connect_string .= $CRLF;
+
+    if (send_useragent_to_proxy()) {
+        my $lwp_object = $self->get_lwp_object;
+        if($lwp_object && $lwp_object->agent) {
+            $connect_string .= "User-Agent: ".$lwp_object->agent.$CRLF;
+        }
+    }
+
+    $connect_string .= $CRLF;
+    $self->SUPER::send($connect_string);
+
+    my $timeout;
+    my $header = '';
+
+    # See RT #33954
+    # See also RT #64054
+    # Handling incomplete reads and writes better (for some values of
+    # better) may actually make this problem go away, but either way,
+    # there is no good reason to use \d when checking for 0-9
+
+    while ($header !~ m{HTTP/[0-9][.][0-9]\s+200\s+.*$CRLF$CRLF}) {
+        $timeout = $self->timeout(5) unless length $header;
+        my $n = $self->SUPER::sysread($header, 8192, length $header);
+        last if $n <= 0;
+    }
+
+    $self->timeout($timeout) if defined $timeout;
+    my $conn_ok = ($header =~ m{HTTP/[0-9]+[.][0-9]+\s+200\s+}is) ? 1 : 0;
+
+    if (not $conn_ok) {
+        croak("PROXY ERROR HEADER, could be non-SSL URL:\n$header");
+    }
+
+    $conn_ok;
+}
+
+# code adapted from LWP::UserAgent, with $ua->env_proxy API
+# see also RT #57836
+sub proxy {
+    my $self = shift;
+    my $proxy_server = $ENV{HTTPS_PROXY} || $ENV{https_proxy};
+    return unless $proxy_server;
+
+    my($peer_port, $peer_addr) = (
+        *$self->{ssl_peer_port},
+        *$self->{ssl_peer_addr}
+    );
+    $peer_addr || croak("no peer addr given");
+    $peer_port || croak("no peer port given");
+
+    # see if the proxy should be bypassed
+    my @no_proxy = split( /\s*,\s*/,
+        $ENV{NO_PROXY} || $ENV{no_proxy} || ''
+    );
+    my $is_proxied = 1;
+    for my $domain (@no_proxy) {
+        if ($peer_addr =~ /\Q$domain\E\z/) {
+            return;
+        }
+    }
+
+    $proxy_server =~ s|\Ahttps?://||i;
+    $proxy_server;
+}
+
+sub configure_certs {
+    my $self = shift;
+    my $ctx = *$self->{ssl_ctx};
+
+    my $count = 0;
+    for (qw(HTTPS_PKCS12_FILE HTTPS_CERT_FILE HTTPS_KEY_FILE)) {
+        my $file = $ENV{$_};
+        if ($file) {
+            (-e $file) or croak("$file file does not exist: $!");
+            (-r $file) or croak("$file file is not readable");
+            $count++;
+            if (/PKCS12/) {
+                $count++;
+                $ctx->use_pkcs12_file($file ,$ENV{'HTTPS_PKCS12_PASSWORD'}) || croak("failed to load $file: $!");
+                last;
+            }
+            elsif (/CERT/) {
+                $ctx->use_certificate_file($file ,1) || croak("failed to load $file: $!");
+            }
+            elsif (/KEY/) {
+                $ctx->use_PrivateKey_file($file, 1) || croak("failed to load $file: $!");
+            }
+            else {
+                croak("setting $_ not supported");
+            }
+        }
+    }
+
+    # if both configs are set, then verify them
+    if ($count == 2) {
+        if (! $ctx->check_private_key) {
+            croak("Private key and certificate do not match");
+        }
+    }
+
+    $count; # number of successful cert loads/checks
+}
+
+sub accept   { shift->_unimpl("accept") }
+sub getc     { shift->_unimpl("getc")   }
+sub ungetc   { shift->_unimpl("ungetc") }
+sub getlines { shift->_unimpl("getlines"); }
+
+sub _unimpl {
+    my($self, $meth) = @_;
+    croak("$meth not implemented for Net::SSL sockets");
+}
+
+1;
+
+__END__
+
+=head1 NAME
+
+Net::SSL - support for Secure Sockets Layer
+
+=head1 METHODS
+
+=over 4
+
+=item new
+
+Creates a new C<Net::SSL> object.
+
+=item configure
+
+Configures a C<Net::SSL> socket for operation.
+
+=item configure_certs
+
+Sets up a certificate file to use for communicating with on
+the socket.
+
+=item connect
+
+=item die_with_error
+
+=item get_cipher
+
+=item get_lwp_object
+
+Walks up the caller stack and looks for something blessed into
+the C<LWP::UserAgent> namespace and returns it. Vaguely deprecated.
+
+=item get_peer_certificate
+
+Gets the peer certificate from the underlying C<Crypt::SSLeay::Conn>
+object.
+
+=item get_peer_verify
+
+=item get_shared_ciphers
+
+=item getchunk
+
+Attempts to read up to 32KiB of data from the socket. Returns
+C<undef> if nothing was read, otherwise returns the data as
+a scalar.
+
+=item getline
+
+Reads one character at a time until a newline is encountered,
+and returns the line, including the newline. Grossly
+inefficient.
+
+=item print
+
+Concatenates the input parameters and writes them to the socket.
+Does not honour C<$,> nor C<$/>. Returns the number of bytes written.
+
+=item printf
+
+Performs a C<sprintf> of the input parameters (thus, the first
+parameter must be the format), and writes the result to the socket.
+Returns the number of bytes written.
+
+=item proxy
+
+Returns the hostname of an https proxy server, as specified by the
+C<HTTPS_PROXY> environment variable.
+
+=item proxy_connect_helper
+
+Helps set up a connection through a proxy.
+
+=item read
+
+Performs a read on the socket and returns the result.
+
+=item ssl_context
+
+=item sysread
+
+Is an alias of C<read>.
+
+=item timeout
+
+Returns the timeout value of the socket as defined by the implementing
+class or 60 seconds by default.
+
+=item blocking
+
+Returns a boolean indicating whether the underlying socket is in
+blocking mode. By default, Net::SSL sockets are in blocking mode.
+
+    $sock->blocking(0); # set to non-blocking mode
+
+This method simply calls the underlying C<blocking> method of the
+IO::Socket object.
+
+=item write
+
+Writes the parameters passed in (thus, a list) to the socket. Returns
+the number of bytes written.
+
+=item syswrite
+
+Is an alias of C<write>.
+
+=item accept
+
+Not yet implemented. Will die if called.
+
+=item getc
+
+Not yet implemented. Will die if called.
+
+=item getlines
+
+Not yet implemented. Will die if called.
+
+=item ungetc
+
+Not yet implemented. Will die if called.
+
+=item send_useragent_to_proxy
+
+By default (as of version 2.80 of C<Net::SSL> in the 0.54 distribution
+of Crypt::SSLeay), the user agent string is no longer sent to the
+proxy (but will continue to be sent to the remote host).
+
+The previous behaviour was of marginal benefit, and could cause
+fatal errors in certain scenarios (see CPAN bug #4759) and so no
+longer happens by default.
+
+To reinstate the old behaviour, call C<Net::SSL::send_useragent_to_proxy>
+with a true value (usually 1).
+
+=back
+
+=head1 DIAGNOSTICS
+
+  "no port given for proxy server <proxy>"
+
+A proxy was specified for configuring a socket, but no port number
+was given. Ensure that the proxy is specified as a host:port pair,
+such as C<proxy.example.com:8086>.
+
+  "configure certs failed: <contents of $@>; <contents of $!>"
+
+  "proxy connect failed: <contents of $@>; <contents of $!>"
+
+  "Connect failed: <contents of $@>; <contents of $!>"
+
+During connect().
+
+=head2 SEE ALSO
+
+=over 4
+
+=item IO::Socket::INET
+
+C<Net::SSL> is implemented by subclassing C<IO::Socket::INET>, hence
+methods not specifically overridden are defined by that package.
+
+=item Net::SSLeay
+
+A package that provides a Perl-level interface to the C<openssl>
+secure sockets layer library.
+
+=back
+
+=cut
+

diff --git a/t/00-basic.t b/t/00-basic.t
new file mode 100644 (file)
index 0000000..13bdc31
--- /dev/null
+++ b/t/00-basic.t
@@ -0,0 +1,37 @@
+# 00-basic.t
+
+use Test::More tests => 12;
+
+BEGIN {
+    use_ok( 'Crypt::SSLeay' );
+    use_ok( 'Crypt::SSLeay::CTX' );
+    use_ok( 'Crypt::SSLeay::Conn' );
+    use_ok( 'Crypt::SSLeay::Err' );
+    use_ok( 'Crypt::SSLeay::MainContext', 'main_ctx' );
+    use_ok( 'Crypt::SSLeay::X509' );
+    use_ok( 'Net::SSL' );
+}
+
+SKIP: {
+    skip( 'Test::Pod not installed on this system', 2 )
+        unless do {
+            eval "use Test::Pod";
+            $@ ? 0 : 1;
+        };
+
+    pod_file_ok( 'SSLeay.pm' );
+    pod_file_ok( 'lib/Net/SSL.pm' );
+}
+
+SKIP: {
+    skip( 'Test::Pod::Coverage not installed on this system', 2 )
+        unless do {
+            eval "use Test::Pod::Coverage";
+            $@ ? 0 : 1;
+        };
+    pod_coverage_ok( 'Crypt::SSLeay', 'Crypt-SSLeay POD coverage is go!' );
+    pod_coverage_ok( 'Net::SSL', 'Net::SSL POD coverage is go!' );
+}
+
+my $ctx = main_ctx();
+is(ref($ctx), 'Crypt::SSLeay::CTX', 'we have a context');

diff --git a/t/01-connect.t b/t/01-connect.t
new file mode 100644 (file)
index 0000000..cf6b335
--- /dev/null
+++ b/t/01-connect.t
@@ -0,0 +1,65 @@
+use strict;
+use Test::More tests => 8;
+
+use Net::SSL;
+
+# ensure no proxification takes place
+$ENV{NO_PROXY} = '127.0.0.1';
+
+my $sock;
+eval {
+    $sock = Net::SSL->new(
+        PeerAddr => '127.0.0.1',
+        PeerPort => 443,
+        Timeout  => 3,
+    );
+};
+
+my $test_name = 'Net::SSL->new';
+if ($@) {
+    my $fail = $@;
+    if ($fail =~ /\AConnect failed: connect: \b/i) {
+        pass( "$test_name - expected failure" );
+    }
+    elsif ($fail =~ /\ASSL negotiation failed:/i) {
+        pass( "$test_name - expected failure (443 in use)" );
+    }
+    else {
+        fail( "$test_name" );
+        diag( $fail );
+    }
+}
+else {
+    ok( defined $sock, $test_name );
+}
+
+SKIP: {
+    skip( "nothing listening on localhost:443", 7 )
+        unless defined $sock;
+
+    is( ref($sock), 'Net::SSL', 'blessed socket' );
+
+    eval { $sock->accept };
+    like ($@, qr(\Aaccept not implemented for Net::SSL sockets),
+        'accept() not implemented'
+    );
+
+    eval { $sock->getc };
+    like ($@, qr(\Agetc not implemented for Net::SSL sockets),
+        'getc() not implemented'
+    );
+
+    eval { $sock->ungetc };
+    like ($@, qr(\Aungetc not implemented for Net::SSL sockets),
+        'ungetc() not implemented'
+    );
+
+    eval { $sock->getlines };
+    like ($@, qr(\Agetlines not implemented for Net::SSL sockets),
+        'getlines() not implemented'
+    );
+
+    is( $sock->blocking, 1, 'socket is blocking' );
+    $sock->blocking(0);
+    is( $sock->blocking, 0, 'socket is now non-blocking' );
+}

diff --git a/t/02-live.t b/t/02-live.t
new file mode 100644 (file)
index 0000000..677b691
--- /dev/null
+++ b/t/02-live.t
@@ -0,0 +1,150 @@
+use strict;
+use warnings;
+use Test::More;
+use Try::Tiny;
+
+# Bail out early if network tests are not requested
+
+BEGIN {
+    my ($filename) = 'test.config';
+    diag("Reading configuration from '$filename' on $^O");
+
+    open my $config, '<', $filename
+        or fail("Cannot open '$filename': $!");
+
+    my $network_tests;
+
+    while (my $entry = <$config>) {
+
+        $entry =~ s/^\s+//;
+        $entry =~ s/\s+\z//;
+
+        my ($key, $val) = split /[ \t]+/, $entry, 2;
+        diag("$key : $val");
+
+        if ($key eq 'network_tests') {
+            $network_tests = $val;
+        }
+    }
+
+    unless ($network_tests) {
+        plan skip_all => "Network tests disabled";
+    }
+}
+
+# Make sure prerequisites are there
+
+BEGIN {
+    use_ok('Net::SSL');
+    use_ok('LWP::UserAgent');
+    use_ok('LWP::Protocol::https');
+    use_ok('HTTP::Request');
+}
+
+use constant METHOD => 'HEAD';
+use constant URL => 'https://rt.cpan.org/';
+use constant PROXY_ADDR_PORT => 'localhost:3128';
+
+test_connect_through_proxy(PROXY_ADDR_PORT);
+
+test_connect(METHOD, URL);
+
+done_testing;
+
+sub test_connect_through_proxy {
+    my ($proxy) = @_;
+
+    my $test_name = 'connect through proxy';
+    Net::SSL::send_useragent_to_proxy(0);
+
+    my $no_proxy;
+
+    try {
+        live_connect({ chobb => 'schoenmaker'});
+    }
+    catch {
+        if (/^proxy connect failed: proxy connect to $proxy failed: /) {
+            pass("$test_name - no proxy available");
+        }
+        else {
+            fail("$test_name - untrapped error");
+            diag($_);
+        }
+        $no_proxy = 1;
+    };
+
+    pass($test_name);
+
+    SKIP: {
+        if ($no_proxy) {
+            skip(sprintf('no proxy found at %s', PROXY_ADDR_PORT), 1);
+        }
+
+        Net::SSL::send_useragent_to_proxy(1);
+
+        try {
+            live_connect( {chobb => 'schoenmaker'} );
+        }
+        catch {
+            TODO: {
+                local $TODO = "caller stack walk broken (CPAN bug #4759)";
+                is($_, '', "can forward useragent string to proxy");
+            }
+        };
+    }
+
+    return;
+}
+
+sub test_connect {
+    my ($method, $url) = @_;
+
+    diag('[RT #73755] Cheat by disabling LWP::UserAgent host verification');
+
+    my $ua  = LWP::UserAgent->new(
+        agent => "Crypt-SSLeay $Crypt::SSLeay::VERSION tester",
+        ssl_opts => { verify_hostname => 0 },
+    );
+
+    my $req = HTTP::Request->new;
+
+    $req->method($method);
+    $req->uri($url);
+
+    my $test_name = "$method $url";
+    my $res;
+
+    try {
+        $res = $ua->request($req);
+    }
+    catch {
+        fail($test_name);
+        diag("Error: '$_'");
+    };
+
+    if ($res->is_success) {
+        pass($test_name);
+    }
+    else {
+        fail($test_name);
+        diag("HTTP status = ", $res->status_line);
+        diag("This may not be the fault of the module, $url may be down");
+    }
+
+    return;
+}
+
+sub live_connect {
+    my $hr = shift;
+
+    local $ENV{HTTPS_PROXY} = PROXY_ADDR_PORT;
+
+    my $socket = Net::SSL->new(
+        PeerAddr => 'rt.cpan.org',
+        PeerPort => 443,
+        Timeout  => 10,
+    );
+
+    return defined $socket;
+}
+

diff --git a/typemap b/typemap
new file mode 100644 (file)
index 0000000..9bc590a
--- /dev/null
+++ b/typemap
@@ -0,0 +1,38 @@
+SSL_CTX*       T_CTXOBJ
+SSL*          T_SSLOBJ
+X509*         T_X509OBJ
+
+INPUT
+T_CTXOBJ
+        if (sv_derived_from($arg, \"Crypt::SSLeay::CTX\")) {
+            IV stack_top = SvIV((SV*)SvRV($arg));
+            $var = INT2PTR($type, stack_top);
+        }
+        else
+            croak(\"$var is not an Crypt::SSLeay::CTX\")
+
+T_SSLOBJ
+        if (sv_derived_from($arg, \"Crypt::SSLeay::Conn\")) {
+            IV stack_top = SvIV((SV*)SvRV($arg));
+            $var = INT2PTR($type, stack_top);
+        }
+        else
+            croak(\"$var is not an Crypt::SSLeay::Conn\")
+
+T_X509OBJ
+        if (sv_derived_from($arg, \"Crypt::SSLeay::X509\")) {
+            IV stack_top = SvIV((SV*)SvRV($arg));
+            $var = INT2PTR($type, stack_top);
+        }
+        else
+            croak(\"$var is not an Crypt::SSLeay::X509\")
+
+OUTPUT
+T_CTXOBJ
+        sv_setref_pv($arg, \"Crypt::SSLeay::CTX\", (void*)$var);
+
+T_SSLOBJ
+        sv_setref_pv($arg, \"Crypt::SSLeay::Conn\", (void*)$var);
+
+T_X509OBJ
+        sv_setref_pv($arg, \"Crypt::SSLeay::X509\", (void*)$var);