+rust-native-tls (0.2.11-1) UNRELEASED-FIXME-AUTOGENERATED-DEBCARGO; urgency=medium
+
+ * Team upload.
+ * Package native-tls 0.2.11 from crates.io using debcargo 2.6.0
+ * Revert a number of changes in testsuite and disable newly added tests to
+ allow the testsuite to continue to run with static test certificates.
+ * Re-encode identity.p12.base64 so it can be decoded by current openssel
+ without requring legacy options to be enabled.
+
+ -- Peter Michael Green <plugwash@debian.org> Sat, 04 Feb 2023 20:35:15 +0000
+
rust-native-tls (0.2.8-1) unstable; urgency=medium
* Team upload.
be correct information so you should review and fix this before uploading to
the archive.
-Files: ./LICENSE-MIT
+Files: LICENSE-MIT
Copyright: 2016 The rust-native-tls Developers
License: UNKNOWN-LICENSE; FIXME (overlay)
Comment:
Files: debian/*
Copyright:
- 2019-2021 Debian Rust Maintainers <pkg-rust-maintainers@alioth-lists.debian.net>
- 2019-2021 kpcyrd <git@rxv.cc>
+ 2019-2023 Debian Rust Maintainers <pkg-rust-maintainers@alioth-lists.debian.net>
+ 2019-2023 kpcyrd <git@rxv.cc>
License: MIT or Apache-2.0
License: Apache-2.0
--- /dev/null
+Disable newly added tests for pkcs8, as these tests never had any static
+test data to use.
+
+Index: native-tls/src/test.rs
+===================================================================
+--- native-tls.orig/src/test.rs
++++ native-tls/src/test.rs
+@@ -353,7 +353,7 @@ fn import_same_identity_multiple_times()
+ let _ = p!(Identity::from_pkcs8(&cert, &key));
+ }
+
+-#[test]
++/*#[test]
+ fn from_pkcs8_rejects_rsa_key() {
+ let keys = test_cert_gen::keys();
+ let cert = keys.server.cert_and_key.cert.to_pem().into_bytes();
+@@ -361,7 +361,7 @@ fn from_pkcs8_rejects_rsa_key() {
+ assert!(Identity::from_pkcs8(&cert, rsa_key.as_bytes()).is_err());
+ let pkcs8_key = rsa_to_pkcs8(&rsa_key);
+ assert!(Identity::from_pkcs8(&cert, pkcs8_key.as_bytes()).is_ok());
+-}
++}*/
+
+ #[test]
+ fn shutdown() {
+@@ -432,7 +432,7 @@ fn alpn_google_none() {
+ assert_eq!(alpn, None);
+ }
+
+-#[test]
++/*#[test]
+ fn server_pkcs8() {
+ let keys = test_cert_gen::keys();
+ let cert = keys.server.cert_and_key.cert.to_pem().into_bytes();
+@@ -477,7 +477,7 @@ fn server_pkcs8() {
+ assert_eq!(buf, b"world");
+
+ p!(j.join());
+-}
++}*/
+
+ #[test]
+ fn two_servers() {
--- /dev/null
+Revert upstream update of test-cert-gen from 0.1 to 0.7, we patch out the
+use of test-cert-gen in a later patch, but this is needed so that said patch
+has the correct baseline to work with.
+
+This patch is based on a revert of upstream commits
+7493a48efe60b05d2caa7995e865da291059f06b and
+f5e5e6d6be8b66e16da4efcb2c614f835dfd2849, adapted for use in the Debian package
+by Peter Michael Green.
+
+Index: native-tls/src/test.rs
+===================================================================
+--- native-tls.orig/src/test.rs
++++ native-tls/src/test.rs
+@@ -56,8 +56,8 @@ fn server_no_root_certs() {
+ let keys = test_cert_gen::keys();
+
+ let identity = p!(Identity::from_pkcs12(
+- &keys.server.cert_and_key_pkcs12.pkcs12.0,
+- &keys.server.cert_and_key_pkcs12.password
++ &keys.server.pkcs12,
++ &keys.server.pkcs12_password
+ ));
+ let builder = p!(TlsAcceptor::new(identity));
+
+@@ -75,7 +75,7 @@ fn server_no_root_certs() {
+ p!(socket.write_all(b"world"));
+ });
+
+- let root_ca = Certificate::from_der(keys.client.ca.get_der()).unwrap();
++ let root_ca = Certificate::from_der(&keys.client.cert_der).unwrap();
+
+ let socket = p!(TcpStream::connect(("localhost", port)));
+ let builder = p!(TlsConnector::builder()
+@@ -97,8 +97,8 @@ fn server() {
+ let keys = test_cert_gen::keys();
+
+ let identity = p!(Identity::from_pkcs12(
+- &keys.server.cert_and_key_pkcs12.pkcs12.0,
+- &keys.server.cert_and_key_pkcs12.password
++ &keys.server.pkcs12,
++ &keys.server.pkcs12_password
+ ));
+ let builder = p!(TlsAcceptor::new(identity));
+
+@@ -116,7 +116,7 @@ fn server() {
+ p!(socket.write_all(b"world"));
+ });
+
+- let root_ca = Certificate::from_der(keys.client.ca.get_der()).unwrap();
++ let root_ca = Certificate::from_der(&keys.client.cert_der).unwrap();
+
+ let socket = p!(TcpStream::connect(("localhost", port)));
+ let builder = p!(TlsConnector::builder()
+@@ -138,7 +138,7 @@ fn certificate_from_pem() {
+ let keys = test_cert_gen::keys();
+
+ let der_path = dir.path().join("cert.der");
+- fs::write(&der_path, &keys.client.ca.get_der()).unwrap();
++ fs::write(&der_path, &keys.client.cert_der).unwrap();
+ let output = Command::new("openssl")
+ .arg("x509")
+ .arg("-in")
+@@ -152,7 +152,7 @@ fn certificate_from_pem() {
+ assert!(output.status.success());
+
+ let cert = Certificate::from_pem(&output.stdout).unwrap();
+- assert_eq!(cert.to_der().unwrap(), keys.client.ca.get_der());
++ assert_eq!(cert.to_der().unwrap(), keys.client.cert_der);
+ }
+
+ #[test]
+@@ -160,8 +160,8 @@ fn peer_certificate() {
+ let keys = test_cert_gen::keys();
+
+ let identity = p!(Identity::from_pkcs12(
+- &keys.server.cert_and_key_pkcs12.pkcs12.0,
+- &keys.server.cert_and_key_pkcs12.password
++ &keys.server.pkcs12,
++ &keys.server.pkcs12_password
+ ));
+ let builder = p!(TlsAcceptor::new(identity));
+
+@@ -174,7 +174,7 @@ fn peer_certificate() {
+ assert!(socket.peer_certificate().unwrap().is_none());
+ });
+
+- let root_ca = Certificate::from_der(keys.client.ca.get_der()).unwrap();
++ let root_ca = Certificate::from_der(&keys.client.cert_der).unwrap();
+
+ let socket = p!(TcpStream::connect(("localhost", port)));
+ let builder = p!(TlsConnector::builder()
+@@ -183,10 +183,7 @@ fn peer_certificate() {
+ let socket = p!(builder.connect("localhost", socket));
+
+ let cert = socket.peer_certificate().unwrap().unwrap();
+- assert_eq!(
+- cert.to_der().unwrap(),
+- keys.server.cert_and_key.cert.get_der()
+- );
++ assert_eq!(cert.to_der().unwrap(), keys.client.cert_der);
+
+ p!(j.join());
+ }
+@@ -196,8 +193,8 @@ fn server_tls11_only() {
+ let keys = test_cert_gen::keys();
+
+ let identity = p!(Identity::from_pkcs12(
+- &keys.server.cert_and_key_pkcs12.pkcs12.0,
+- &keys.server.cert_and_key_pkcs12.password
++ &keys.server.pkcs12,
++ &keys.server.pkcs12_password
+ ));
+ let builder = p!(TlsAcceptor::builder(identity)
+ .min_protocol_version(Some(Protocol::Tlsv12))
+@@ -218,7 +215,7 @@ fn server_tls11_only() {
+ p!(socket.write_all(b"world"));
+ });
+
+- let root_ca = Certificate::from_der(keys.client.ca.get_der()).unwrap();
++ let root_ca = Certificate::from_der(&keys.client.cert_der).unwrap();
+
+ let socket = p!(TcpStream::connect(("localhost", port)));
+ let builder = p!(TlsConnector::builder()
+@@ -241,8 +238,8 @@ fn server_no_shared_protocol() {
+ let keys = test_cert_gen::keys();
+
+ let identity = p!(Identity::from_pkcs12(
+- &keys.server.cert_and_key_pkcs12.pkcs12.0,
+- &keys.server.cert_and_key_pkcs12.password
++ &keys.server.pkcs12,
++ &keys.server.pkcs12_password
+ ));
+ let builder = p!(TlsAcceptor::builder(identity)
+ .min_protocol_version(Some(Protocol::Tlsv12))
+@@ -256,7 +253,7 @@ fn server_no_shared_protocol() {
+ assert!(builder.accept(socket).is_err());
+ });
+
+- let root_ca = Certificate::from_der(keys.client.ca.get_der()).unwrap();
++ let root_ca = Certificate::from_der(&keys.client.cert_der).unwrap();
+
+ let socket = p!(TcpStream::connect(("localhost", port)));
+ let builder = p!(TlsConnector::builder()
+@@ -274,8 +271,8 @@ fn server_untrusted() {
+ let keys = test_cert_gen::keys();
+
+ let identity = p!(Identity::from_pkcs12(
+- &keys.server.cert_and_key_pkcs12.pkcs12.0,
+- &keys.server.cert_and_key_pkcs12.password
++ &keys.server.pkcs12,
++ &keys.server.pkcs12_password
+ ));
+ let builder = p!(TlsAcceptor::new(identity));
+
+@@ -301,8 +298,8 @@ fn server_untrusted_unverified() {
+ let keys = test_cert_gen::keys();
+
+ let identity = p!(Identity::from_pkcs12(
+- &keys.server.cert_and_key_pkcs12.pkcs12.0,
+- &keys.server.cert_and_key_pkcs12.password
++ &keys.server.pkcs12,
++ &keys.server.pkcs12_password
+ ));
+ let builder = p!(TlsAcceptor::new(identity));
+
+@@ -339,12 +336,12 @@ fn import_same_identity_multiple_times()
+ let keys = test_cert_gen::keys();
+
+ let _ = p!(Identity::from_pkcs12(
+- &keys.server.cert_and_key_pkcs12.pkcs12.0,
+- &keys.server.cert_and_key_pkcs12.password
++ &keys.server.pkcs12,
++ &keys.server.pkcs12_password
+ ));
+ let _ = p!(Identity::from_pkcs12(
+- &keys.server.cert_and_key_pkcs12.pkcs12.0,
+- &keys.server.cert_and_key_pkcs12.password
++ &keys.server.pkcs12,
++ &keys.server.pkcs12_password
+ ));
+
+ let p8buf = include_bytes!("../test/chain.pem");
+@@ -368,8 +365,8 @@ fn shutdown() {
+ let keys = test_cert_gen::keys();
+
+ let identity = p!(Identity::from_pkcs12(
+- &keys.server.cert_and_key_pkcs12.pkcs12.0,
+- &keys.server.cert_and_key_pkcs12.password
++ &keys.server.pkcs12,
++ &keys.server.pkcs12_password
+ ));
+ let builder = p!(TlsAcceptor::new(identity));
+
+@@ -388,7 +385,7 @@ fn shutdown() {
+ p!(socket.shutdown());
+ });
+
+- let root_ca = Certificate::from_der(keys.client.ca.get_der()).unwrap();
++ let root_ca = Certificate::from_der(&keys.client.cert_der).unwrap();
+
+ let socket = p!(TcpStream::connect(("localhost", port)));
+ let builder = p!(TlsConnector::builder()
+Index: native-tls/Cargo.toml
+===================================================================
+--- native-tls.orig/Cargo.toml
++++ native-tls/Cargo.toml
+@@ -32,7 +32,7 @@ version = "1.0"
+ version = "3.0"
+
+ [dev-dependencies.test-cert-gen]
+-version = "0.7"
++version = "0.1"
+
+ [features]
+ alpn = []
--- /dev/null
+Revert switch to test with pkcs8 keys, which relies on new test-cert-gen.
+This patch is based on reverting upstream commits
+2a720f6c360489c60a34e1bcfba7d50497a8ba33 and
+01337348b5edcd4ab3cc156e5186e5bdc1a5a8d2
+
+Index: native-tls/src/test.rs
+===================================================================
+--- native-tls.orig/src/test.rs
++++ native-tls/src/test.rs
+@@ -348,7 +348,7 @@ fn import_same_identity_multiple_times()
+ ));
+
+ let cert = keys.server.cert_and_key.cert.to_pem().into_bytes();
+- let key = rsa_to_pkcs8(&keys.server.cert_and_key.key.to_pem_incorrect()).into_bytes();
++ let key = key_to_pem(keys.server.cert_and_key.key.get_der()).into_bytes();
+ let _ = p!(Identity::from_pkcs8(&cert, &key));
+ let _ = p!(Identity::from_pkcs8(&cert, &key));
+ }
+@@ -357,7 +357,7 @@ fn import_same_identity_multiple_times()
+ fn from_pkcs8_rejects_rsa_key() {
+ let keys = test_cert_gen::keys();
+ let cert = keys.server.cert_and_key.cert.to_pem().into_bytes();
+- let rsa_key = keys.server.cert_and_key.key.to_pem_incorrect();
++ let rsa_key = key_to_pem(keys.server.cert_and_key.key.get_der());
+ assert!(Identity::from_pkcs8(&cert, rsa_key.as_bytes()).is_err());
+ let pkcs8_key = rsa_to_pkcs8(&rsa_key);
+ assert!(Identity::from_pkcs8(&cert, pkcs8_key.as_bytes()).is_ok());
+@@ -436,7 +436,7 @@ fn alpn_google_none() {
+ fn server_pkcs8() {
+ let keys = test_cert_gen::keys();
+ let cert = keys.server.cert_and_key.cert.to_pem().into_bytes();
+- let key = rsa_to_pkcs8(&keys.server.cert_and_key.key.to_pem_incorrect()).into_bytes();
++ let key = key_to_pem(keys.server.cert_and_key.key.get_der()).into_bytes();
+
+ let ident = Identity::from_pkcs8(&cert, &key).unwrap();
+ let ident2 = ident.clone();
+@@ -483,7 +483,7 @@ fn server_pkcs8() {
+ fn two_servers() {
+ let keys1 = test_cert_gen::gen_keys();
+ let cert = keys1.server.cert_and_key.cert.to_pem().into_bytes();
+- let key = rsa_to_pkcs8(&keys1.server.cert_and_key.key.to_pem_incorrect()).into_bytes();
++ let key = key_to_pem(keys1.server.cert_and_key.key.get_der()).into_bytes();
+ let identity = p!(Identity::from_pkcs8(&cert, &key));
+ let builder = TlsAcceptor::builder(identity);
+ let builder = p!(builder.build());
+@@ -504,7 +504,7 @@ fn two_servers() {
+
+ let keys2 = test_cert_gen::gen_keys();
+ let cert = keys2.server.cert_and_key.cert.to_pem().into_bytes();
+- let key = rsa_to_pkcs8(&keys2.server.cert_and_key.key.to_pem_incorrect()).into_bytes();
++ let key = key_to_pem(keys2.server.cert_and_key.key.get_der()).into_bytes();
+ let identity = p!(Identity::from_pkcs8(&cert, &key));
+ let builder = TlsAcceptor::builder(identity);
+ let builder = p!(builder.build());
+@@ -553,18 +553,9 @@ fn two_servers() {
+ p!(j2.join());
+ }
+
+-fn rsa_to_pkcs8(pem: &str) -> String {
+- let mut child = Command::new("openssl")
+- .arg("pkcs8")
+- .arg("-topk8")
+- .arg("-nocrypt")
+- .stdin(Stdio::piped())
+- .stdout(Stdio::piped())
+- .spawn()
+- .unwrap();
+- {
+- let child_stdin = child.stdin.as_mut().unwrap();
+- child_stdin.write_all(pem.as_bytes()).unwrap();
+- }
+- String::from_utf8(child.wait_with_output().unwrap().stdout).unwrap()
++fn key_to_pem(der: &[u8]) -> String {
++ pem::encode(&pem::Pem {
++ tag: "RSA PRIVATE KEY".to_owned(),
++ contents: der.to_owned(),
++ })
+ }
+Index: native-tls/Cargo.toml
+===================================================================
+--- native-tls.orig/Cargo.toml
++++ native-tls/Cargo.toml
+@@ -25,6 +25,9 @@ rustdoc-args = [
+ "docsrs",
+ ]
+
++[dev-dependencies.pem]
++version = "1.0"
++
+ [dev-dependencies.tempfile]
+ version = "3.0"
+
--- /dev/null
+Revert "update tests to use test_cert_gen"
+
+This patch is based on a revert of upstream commit eb7fef5b26dbb6249e52b06247b0525267e3231e
+
+Index: native-tls/src/test.rs
+===================================================================
+--- native-tls.orig/src/test.rs
++++ native-tls/src/test.rs
+@@ -347,10 +347,10 @@ fn import_same_identity_multiple_times()
+ &keys.server.cert_and_key_pkcs12.password
+ ));
+
+- let cert = keys.server.cert_and_key.cert.to_pem().into_bytes();
+- let key = key_to_pem(keys.server.cert_and_key.key.get_der()).into_bytes();
+- let _ = p!(Identity::from_pkcs8(&cert, &key));
+- let _ = p!(Identity::from_pkcs8(&cert, &key));
++ let p8buf = include_bytes!("../test/chain.pem");
++ let key = include_bytes!("../test/key.pem");
++ let _ = p!(Identity::from_pkcs8(p8buf, key));
++ let _ = p!(Identity::from_pkcs8(p8buf, key));
+ }
+
+ /*#[test]
+@@ -434,11 +434,10 @@ fn alpn_google_none() {
+
+ /*#[test]
+ fn server_pkcs8() {
+- let keys = test_cert_gen::keys();
+- let cert = keys.server.cert_and_key.cert.to_pem().into_bytes();
+- let key = key_to_pem(keys.server.cert_and_key.key.get_der()).into_bytes();
++ let key = include_bytes!("../test/key.pem");
++ let cert = include_bytes!("../test/cert.pem");
+
+- let ident = Identity::from_pkcs8(&cert, &key).unwrap();
++ let ident = Identity::from_pkcs8(cert, key).unwrap();
+ let ident2 = ident.clone();
+ let builder = p!(TlsAcceptor::new(ident));
+
+@@ -456,7 +455,8 @@ fn server_pkcs8() {
+ p!(socket.write_all(b"world"));
+ });
+
+- let root_ca = Certificate::from_der(keys.client.ca.get_der()).unwrap();
++ let root_ca = include_bytes!("../test/root-ca.der");
++ let root_ca = Certificate::from_der(root_ca).unwrap();
+
+ let socket = p!(TcpStream::connect(("localhost", port)));
+ let mut builder = TlsConnector::builder();
+@@ -469,7 +469,7 @@ fn server_pkcs8() {
+
+ builder.add_root_certificate(root_ca);
+ let builder = p!(builder.build());
+- let mut socket = p!(builder.connect("localhost", socket));
++ let mut socket = p!(builder.connect("foobar.com", socket));
+
+ p!(socket.write_all(b"hello"));
+ let mut buf = vec![];
+@@ -481,10 +481,9 @@ fn server_pkcs8() {
+
+ #[test]
+ fn two_servers() {
+- let keys1 = test_cert_gen::gen_keys();
+- let cert = keys1.server.cert_and_key.cert.to_pem().into_bytes();
+- let key = key_to_pem(keys1.server.cert_and_key.key.get_der()).into_bytes();
+- let identity = p!(Identity::from_pkcs8(&cert, &key));
++ let key = include_bytes!("../test/key.pem");
++ let cert = include_bytes!("../test/cert.pem");
++ let identity = p!(Identity::from_pkcs8(cert, key));
+ let builder = TlsAcceptor::builder(identity);
+ let builder = p!(builder.build());
+
+@@ -502,10 +501,9 @@ fn two_servers() {
+ p!(socket.write_all(b"world"));
+ });
+
+- let keys2 = test_cert_gen::gen_keys();
+- let cert = keys2.server.cert_and_key.cert.to_pem().into_bytes();
+- let key = key_to_pem(keys2.server.cert_and_key.key.get_der()).into_bytes();
+- let identity = p!(Identity::from_pkcs8(&cert, &key));
++ let key = include_bytes!("../test/key2.pem");
++ let cert = include_bytes!("../test/cert2.pem");
++ let identity = p!(Identity::from_pkcs8(cert, key));
+ let builder = TlsAcceptor::builder(identity);
+ let builder = p!(builder.build());
+
+@@ -523,26 +521,28 @@ fn two_servers() {
+ p!(socket.write_all(b"world"));
+ });
+
+- let root_ca = Certificate::from_der(keys1.client.ca.get_der()).unwrap();
++ let root_ca = include_bytes!("../test/root-ca.pem");
++ let root_ca = p!(Certificate::from_pem(root_ca));
+
+ let socket = p!(TcpStream::connect(("localhost", port)));
+ let mut builder = TlsConnector::builder();
+ builder.add_root_certificate(root_ca);
+ let builder = p!(builder.build());
+- let mut socket = p!(builder.connect("localhost", socket));
++ let mut socket = p!(builder.connect("foobar.com", socket));
+
+ p!(socket.write_all(b"hello"));
+ let mut buf = vec![];
+ p!(socket.read_to_end(&mut buf));
+ assert_eq!(buf, b"world");
+
+- let root_ca = Certificate::from_der(keys2.client.ca.get_der()).unwrap();
++ let root_ca = include_bytes!("../test/cert2.pem");
++ let root_ca = p!(Certificate::from_pem(root_ca));
+
+ let socket = p!(TcpStream::connect(("localhost", port2)));
+ let mut builder = TlsConnector::builder();
+ builder.add_root_certificate(root_ca);
+ let builder = p!(builder.build());
+- let mut socket = p!(builder.connect("localhost", socket));
++ let mut socket = p!(builder.connect("foobar.com", socket));
+
+ p!(socket.write_all(b"hello"));
+ let mut buf = vec![];
+@@ -552,10 +552,3 @@ fn two_servers() {
+ p!(j.join());
+ p!(j2.join());
+ }
+-
+-fn key_to_pem(der: &[u8]) -> String {
+- pem::encode(&pem::Pem {
+- tag: "RSA PRIVATE KEY".to_owned(),
+- contents: der.to_owned(),
+- })
+-}
+Index: native-tls/test/cert.pem
+===================================================================
+--- /dev/null
++++ native-tls/test/cert.pem
+@@ -0,0 +1,20 @@
++-----BEGIN CERTIFICATE-----
++MIIDGzCCAgMCCQCHcfe97pgvpTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
++VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
++cyBQdHkgTHRkMB4XDTE2MDgxNDE3MDAwM1oXDTI2MDgxMjE3MDAwM1owWjELMAkG
++A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
++IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKZm9vYmFyLmNvbTCCASIwDQYJKoZI
++hvcNAQEBBQADggEPADCCAQoCggEBAKj0JYxEsxejUIX+I5GH0Hg2G0kX/y1H0+Ub
++3mw2/Ja5BD/yN96/7zMSumXF8uS3SkmpyiJkbyD01TSRTqjlP7/VCBlyUIChlpLQ
++mrGaijZiT/VCyPXqmcwFzXS5IOTpX1olJfW8rA41U1LCIcDUyFf6LtZ/v8rSeKr6
++TuE6SGV4WRaBm1SrjWBeHVV866CRrtSS1ieT2asFsAyOZqWhk2fakwwBDFWDhOGI
++ubfO+5aq9cBJbNRlzsgB3UZs3gC0O6GzbnZ6oT0TiJMeTsXXjABLUlaq/rrqFF4Y
++euZkkbHTFBMz288PUc3m3ZTcpN+E7+ZOUBRZXKD20K07NugqCzUCAwEAATANBgkq
++hkiG9w0BAQsFAAOCAQEASvYHuIl5C0NHBELPpVHNuLbQsDQNKVj3a54+9q1JkiMM
++6taEJYfw7K1Xjm4RoiFSHpQBh+PWZS3hToToL2Zx8JfMR5MuAirdPAy1Sia/J/qE
++wQdJccqmvuLkLTSlsGbEJ/LUUgOAgrgHOZM5lUgIhCneA0/dWJ3PsN0zvn69/faY
++oo1iiolWiIHWWBUSdr3jM2AJaVAsTmLh00cKaDNk37JB940xConBGSl98JPrNrf9
++dUAiT0iIBngDBdHnn/yTj+InVEFyZSKrNtiDSObFHxPcxGteHNrCPJdP1e+GqkHp
++HJMRZVCQpSMzvHlofHSNgzWV1MX5h1CP4SGZdBDTfA==
++-----END CERTIFICATE-----
++
+Index: native-tls/test/cert2.pem
+===================================================================
+--- /dev/null
++++ native-tls/test/cert2.pem
+@@ -0,0 +1,32 @@
++-----BEGIN CERTIFICATE-----
++MIIFijCCA3KgAwIBAgIJAOFl3cFizu8kMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
++BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
++aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCmZvb2Jhci5jb20wHhcNMTcwNjI0MTYw
++NzEwWhcNMjcwNjIyMTYwNzEwWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
++ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
++VQQDDApmb29iYXIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
++2TfYpOOpb1HigFQOHq756Hr/wE2YvTGRRmFOuI/7TEzZnG4TcYGqbS8UTNIvxaeU
++GtQdRLFV6QWtIQhArHOU22D0EWxj88MYE7O3h5csZOUKfI0s4IRA/u3VP2mfk/VT
++AbikUJH370tTpxltcpMoOgOWkxraF6LDCnSSGALU6MN23OySUjadd4jtv5BmqdQL
++t5+VDOsgEK8Gq0Kvw4noyADPAWRj/7L/OyJ2nk9Krlof/FYb+c7lK27LUqEM3yjZ
++nARO+zCFj0cWqd0uYY3Uz+My73CLLu8NeHtl0Qv9a23jtol76j7wUXjrIR5VBs0o
++hhP1/zcOfuXu2NYzHa6gbefJqnUtqMgnibimQyMZaLxoVOryJKkEHj/D/U3OgbkW
++3q4sWZ2xGp6FlVU8smgPcq5KMQ/BQzPcGciVYKbHl+H6TUgSdABga8yMxURK058t
++TZnv/GaSKEVjM8VNLuiZAlmRtzBbd5cbRMIb/8SV6m5xwK4jQ0pdDtKbY8I0poku
++YbT/B8Rs/x50LgCk/sEjWCEdoxZ/KY4nuYpGzs5B79LZn4ofmHRG1IfiQBPxuR4S
++ChW5V+HaICXsL2oKhxIhpDQjtownj9PF85ew6IODNzk/oHDZgFCJwHK23Acr+kTt
++AsI/Oht3W0eG34DHS2UPuVc1jGE5TaNK3F/AN8ICANUCAwEAAaNTMFEwHQYDVR0O
++BBYEFNlnR/6xSAyj2shdqYPPRbOpFj9AMB8GA1UdIwQYMBaAFNlnR/6xSAyj2shd
++qYPPRbOpFj9AMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAAd/
++RYi40if/HiOLjVWeu4ETpZLut6p4NnFY2ueRF7O3cNSH3ugQ0Ucc4S8rDrTGHryz
++jTVHC1p0783u7VkOiJNFKT+y5RmGVSRLnXfbWY4Vwpz5Dqz6sZtZlVO22VqhfT0K
++Cwzbu6Mgr/rhPow3tCWUDzDVoKPnJCFmDwHWcXlDCjnuU/0DdgO+q3anj1x3Zt7x
++1cXG+2O2PO8474A1ESujTYduCnQRzEOeud4beGhLeW6wcuq2tNRwbxQzBdCzb4/f
++INSDsqk6lpimpokxVh9Q8yUSbORvPyXMLb0F2I670CBfsQ27U/+xqBPU7rmz63vL
++J70fee+QQQ9KF9O1LWeIaPkRyKzU0kovwLTsTVXV6xQUeH1PLdgAkhh5KTnWReUq
++n7Iu8EGIHNRQFGp/qgo7bww+g2aWiqyCquCCe5zyt13j5Ev9naRJzROna39BocsG
++t2/NHSNMJ6ru4mPunPrP25J5V2qT7sN9RrKEPaANAV3dWuUOhvlrHQBVXKACckTJ
++K+mKXP0pXrnLhQc6RP4ep8JuDY7qlRnJwr3+WxeTb52wcjmz0RusdbiEeBhgMcnF
++ZDpZmLeTTPH/50TVvRTXgYGFmlgzVEqqGwpJsnEISuhgI/x58FqiXFCEaz9zr+xi
++QWt2BCQJnE0G1UV9msEybRE4toiCHdOpojJjHFi8
++-----END CERTIFICATE-----
+Index: native-tls/test/chain.pem
+===================================================================
+--- /dev/null
++++ native-tls/test/chain.pem
+@@ -0,0 +1,48 @@
++Bag Attributes
++ friendlyName: foobar.com
++ localKeyID: 59 17 2D 93 13 E8 44 59 BC FF 27 F9 67 E7 9E 6E 92 17 E5 84
++subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=foobar.com
++issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
++-----BEGIN CERTIFICATE-----
++MIIDGzCCAgMCCQCHcfe97pgvpTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
++VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
++cyBQdHkgTHRkMB4XDTE2MDgxNDE3MDAwM1oXDTI2MDgxMjE3MDAwM1owWjELMAkG
++A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
++IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKZm9vYmFyLmNvbTCCASIwDQYJKoZI
++hvcNAQEBBQADggEPADCCAQoCggEBAKj0JYxEsxejUIX+I5GH0Hg2G0kX/y1H0+Ub
++3mw2/Ja5BD/yN96/7zMSumXF8uS3SkmpyiJkbyD01TSRTqjlP7/VCBlyUIChlpLQ
++mrGaijZiT/VCyPXqmcwFzXS5IOTpX1olJfW8rA41U1LCIcDUyFf6LtZ/v8rSeKr6
++TuE6SGV4WRaBm1SrjWBeHVV866CRrtSS1ieT2asFsAyOZqWhk2fakwwBDFWDhOGI
++ubfO+5aq9cBJbNRlzsgB3UZs3gC0O6GzbnZ6oT0TiJMeTsXXjABLUlaq/rrqFF4Y
++euZkkbHTFBMz288PUc3m3ZTcpN+E7+ZOUBRZXKD20K07NugqCzUCAwEAATANBgkq
++hkiG9w0BAQsFAAOCAQEASvYHuIl5C0NHBELPpVHNuLbQsDQNKVj3a54+9q1JkiMM
++6taEJYfw7K1Xjm4RoiFSHpQBh+PWZS3hToToL2Zx8JfMR5MuAirdPAy1Sia/J/qE
++wQdJccqmvuLkLTSlsGbEJ/LUUgOAgrgHOZM5lUgIhCneA0/dWJ3PsN0zvn69/faY
++oo1iiolWiIHWWBUSdr3jM2AJaVAsTmLh00cKaDNk37JB940xConBGSl98JPrNrf9
++dUAiT0iIBngDBdHnn/yTj+InVEFyZSKrNtiDSObFHxPcxGteHNrCPJdP1e+GqkHp
++HJMRZVCQpSMzvHlofHSNgzWV1MX5h1CP4SGZdBDTfA==
++-----END CERTIFICATE-----
++Bag Attributes: <No Attributes>
++subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
++issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
++-----BEGIN CERTIFICATE-----
++MIIDXTCCAkWgAwIBAgIJAOIvDiVb18eVMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
++BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
++aWRnaXRzIFB0eSBMdGQwHhcNMTYwODE0MTY1NjExWhcNMjYwODEyMTY1NjExWjBF
++MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
++ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
++CgKCAQEArVHWFn52Lbl1l59exduZntVSZyDYpzDND+S2LUcO6fRBWhV/1Kzox+2G
++ZptbuMGmfI3iAnb0CFT4uC3kBkQQlXonGATSVyaFTFR+jq/lc0SP+9Bd7SBXieIV
++eIXlY1TvlwIvj3Ntw9zX+scTA4SXxH6M0rKv9gTOub2vCMSHeF16X8DQr4XsZuQr
++7Cp7j1I4aqOJyap5JTl5ijmG8cnu0n+8UcRlBzy99dLWJG0AfI3VRJdWpGTNVZ92
++aFff3RpK3F/WI2gp3qV1ynRAKuvmncGC3LDvYfcc2dgsc1N6Ffq8GIrkgRob6eBc
++klDHp1d023Lwre+VaVDSo1//Y72UFwIDAQABo1AwTjAdBgNVHQ4EFgQUbNOlA6sN
++XyzJjYqciKeId7g3/ZowHwYDVR0jBBgwFoAUbNOlA6sNXyzJjYqciKeId7g3/Zow
++DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAVVaR5QWLZIRR4Dw6TSBn
++BQiLpBSXN6oAxdDw6n4PtwW6CzydaA+creiK6LfwEsiifUfQe9f+T+TBSpdIYtMv
++Z2H2tjlFX8VrjUFvPrvn5c28CuLI0foBgY8XGSkR2YMYzWw2jPEq3Th/KM5Catn3
++AFm3bGKWMtGPR4v+90chEN0jzaAmJYRrVUh9vea27bOCn31Nse6XXQPmSI6Gyncy
++OAPUsvPClF3IjeL1tmBotWqSGn1cYxLo+Lwjk22A9h6vjcNQRyZF2VLVvtwYrNU3
++mwJ6GCLsLHpwW/yjyvn8iEltnJvByM/eeRnfXV6WDObyiZsE/n6DxIRJodQzFqy9
++GA==
++-----END CERTIFICATE-----
+Index: native-tls/test/key.pem
+===================================================================
+--- /dev/null
++++ native-tls/test/key.pem
+@@ -0,0 +1,28 @@
++-----BEGIN PRIVATE KEY-----
++MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCo9CWMRLMXo1CF
++/iORh9B4NhtJF/8tR9PlG95sNvyWuQQ/8jfev+8zErplxfLkt0pJqcoiZG8g9NU0
++kU6o5T+/1QgZclCAoZaS0Jqxmoo2Yk/1Qsj16pnMBc10uSDk6V9aJSX1vKwONVNS
++wiHA1MhX+i7Wf7/K0niq+k7hOkhleFkWgZtUq41gXh1VfOugka7UktYnk9mrBbAM
++jmaloZNn2pMMAQxVg4ThiLm3zvuWqvXASWzUZc7IAd1GbN4AtDuhs252eqE9E4iT
++Hk7F14wAS1JWqv666hReGHrmZJGx0xQTM9vPD1HN5t2U3KTfhO/mTlAUWVyg9tCt
++OzboKgs1AgMBAAECggEBAKLj6IOJBKXolczpzb8UkyAjAkGBektcseV07gelJ/fk
++3z0LuWPv5p12E/HlXB24vU2x/ikUbbP3eMsawRzDEahQqmNmPEkYAYUAy/Qpi9GN
++DYvn3LqDec4jVgeQKS+p9H2DzUpTogp8zR2//yzbuWBg2+F//xh7vU0S0RQCziPM
++x7RSBgbhxSfChfEJbS2sDnzfh0jRQmoY95iFv7puet1FJtzdZ4fgCd1RqmC2lFM5
++H0eZtN/Cz19lieVs0b996DErdEBqClVZO00eYbRozCDaBzRU3ybB/dMrGJxhkkXm
++wb3kWMtziH9qOYsostuHIFu8eKFLloKxFnq2R4DGxOECgYEA2KUIZISOeGJSBcLJ
++JAUK2gvgXPNo4HHWIwOA9xeN3ZJlsnPlffXQNnm6t1st1V2gfMm9I2n0m/F0y2B/
++n/XGSa8bghfPA9l0c2h58lkL3JQJR/paa8ycTz+YZPrznEyN7Qa0RrJXUvZv9lQL
++Hc3+FHcSHgMqDV2f2bHAEu9YGi0CgYEAx6VEIPNvrHFgjo/jk1RTuk+m0xEWQsZL
++Cs+izQMr2TaeJn8LG+93AvFuYn0J0nT3WuStLPrUg8i4IhSS6lf1tId5ivIZPm4r
++YwMyblBJXhnHbk7Uqodjfw/3s6V2HAu++B7hTdyVr9DFuST9uv4m8bkPV8rfX1jE
++I2rAPVWvgikCgYB+wNAQP547wQrMZBLbCDg5KwmyWJfb+b6X7czexOEz6humNTjo
++YZHYzY/5B1fhpk3ntQD8X1nGg5caBvOk21+QbOtjShrM3cXMYCw5JvBRtitX+Zo9
++yBEMLOE0877ki8XeEDYZxu5gk98d+D4oygUGZEQtWxyXhVepPt5qNa8OYQKBgQDH
++RVgZI6KFlqzv3wMh3PutbS9wYQ+9GrtwUQuIYe/0YSW9+vSVr5E0qNKrD28sV39F
++hBauXLady0yvB6YUrjMbPFW+sCMuQzyfGWPO4+g3OrfqjFiM1ZIkE0YEU9Tt7XNx
++qTDtTI1D7bhNMnTnniI1B6ge0und+3XafAThs5L48QKBgQCTTpfqMt8kU3tcI9sf
++0MK03y7kA76d5uw0pZbWFy7KI4qnzWutCzb+FMPWWsoFtLJLPZy//u/ZCUVFVa4d
++0Y/ASNQIESVPXFLAltlLo4MSmsg1vCBsbviEEaPeEjvMrgki93pYtd/aOSgkYC1T
++mEq154s5rmqh+h+XRIf7Au0SLw==
++-----END PRIVATE KEY-----
+Index: native-tls/test/key2.pem
+===================================================================
+--- /dev/null
++++ native-tls/test/key2.pem
+@@ -0,0 +1,52 @@
++-----BEGIN PRIVATE KEY-----
++MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDZN9ik46lvUeKA
++VA4ervnoev/ATZi9MZFGYU64j/tMTNmcbhNxgaptLxRM0i/Fp5Qa1B1EsVXpBa0h
++CECsc5TbYPQRbGPzwxgTs7eHlyxk5Qp8jSzghED+7dU/aZ+T9VMBuKRQkffvS1On
++GW1ykyg6A5aTGtoXosMKdJIYAtTow3bc7JJSNp13iO2/kGap1Au3n5UM6yAQrwar
++Qq/DiejIAM8BZGP/sv87InaeT0quWh/8Vhv5zuUrbstSoQzfKNmcBE77MIWPRxap
++3S5hjdTP4zLvcIsu7w14e2XRC/1rbeO2iXvqPvBReOshHlUGzSiGE/X/Nw5+5e7Y
++1jMdrqBt58mqdS2oyCeJuKZDIxlovGhU6vIkqQQeP8P9Tc6BuRberixZnbEanoWV
++VTyyaA9yrkoxD8FDM9wZyJVgpseX4fpNSBJ0AGBrzIzFRErTny1Nme/8ZpIoRWMz
++xU0u6JkCWZG3MFt3lxtEwhv/xJXqbnHAriNDSl0O0ptjwjSmiS5htP8HxGz/HnQu
++AKT+wSNYIR2jFn8pjie5ikbOzkHv0tmfih+YdEbUh+JAE/G5HhIKFblX4dogJewv
++agqHEiGkNCO2jCeP08Xzl7Dog4M3OT+gcNmAUInAcrbcByv6RO0Cwj86G3dbR4bf
++gMdLZQ+5VzWMYTlNo0rcX8A3wgIA1QIDAQABAoICADqm+biMQJPuaFp+V9GxLYm4
++rJYgXb24RKHcZIUxW4metqOmlVlwybPxommb14pnVXZpD/4cZDYncjgZIl1uWCNk
++aoLJ4bNQWo/3VvclurcDoXFALX3yOBqd3ZbhzlUFSQSN9tBKmcfjbxMPqp3lXldL
++4LyX44u+RyvrjgctvI+dN9svhdLtLFe6gXfYZeA1gXRzgquaUW4v1H0p5IvIETLw
++BPU7RkUk8AXnqF/WyTOK4lggaC1r0DWKFRyan/8h6KBYCXuJ/oZRi60SLBPrWCtK
++DdbZbLufkOOXbkakFimL4pDHTs5RcFKPc+3dYtgTTX3mpeXj1+Yr7/Jc5DB/lpGX
++OYQniIpYEODJgQoycX8vlrPHQkboplil8sIoJK7Ea0YUjuo88BzBvxfIzYSfVxAh
++xvtmtPWMTmgh2+9yxcXw99p2W+PY+32ag/kEdfDKYySEnoCODb+XcMmpLnega3QL
++BsvvReZWwqXZ9PQgKCMjzY6bu8oeueUpFNLZlpZt0dC3YqQlqAMmJc6CSGl9+JCd
++7VzxDpTzvpZkOFVzDNG/w4cN6ucds47BvY6k2H1bo62lhQxQ9tcxoH4KQY48oGZ4
++Sf7S3miF3RsS0SRxygv6l2wyZ54J4R4Pi/GAZXNN1TQ+d9KGJ2EV65ir+8QPmVyt
++RljpyM5XryPhRyS30a2BAoIBAQDzytl/xzzCGu9VFrKYi1P1Loa+aVmB7cIhAIYY
++xgW3IzrhoTWBbAdeB9yiEjIHGIoYNpdxMPx7IRl2rDCwj3ENKKjdnfAsF21Bz0NB
++1jxvKkG61hcwOa0JnPcfVO+P7D+cRJIcb+o9aFdqq4p4BMEmsIwG4J3oEI3x1c58
++urv+ZxqkpfZLShzJeM4izu/luvRpkQVSAz4tPSBBqPTWf25HPQhMjluwcaZ75O2o
++xB7bAQcuzb7AsozWX9affpONq7qeRDwlOZuEaF3PC9Fxp1OMZMpW6Dsm6b9ZW/08
++iS35Wzkg2Uf+GxIaqy5FTn1EB08kZQCW1HYebdq/Pk5mOgYHAoIBAQDkGFgeasrq
++V7N35zx4GaF+Oq65aKV/UKuQ8S2s1TsQ2gbeS0YyG/c3wWccLJ81gvPM1K63UzlH
++QWsFd/twIC9MSWAo29UAvGZh+st+Tdwox5NlxRq6/91MqnH48q477bzb7emA6dnI
++NYWxySMOICilBmD1ztQ4HTp4PJ1lSCaov+RTp9S1mqfMScYOkznRMY2EqADbdr2D
++0P2y4JrYP211FVEV9WOGzZe/5BYz/IAL9n1x/dt5EMYcSIhRQ9fEmJZdKElgfRDz
++KUKwZVUPVawOe9ZsDqjm+bKfdbR8iCBE9yOd+7BocXnSZ0kx6uqqj2mjucXi54B7
++LZ7JFfZV5utDAoIBAQDdc1bMjiOvwh3C8gI7NNyH68Jz9mha8KkVp08n88C/UZ4r
++1G8w5/ttO8D764FMFstiITzBkhjWlAN4XANCbpnntRZncQ74TjNtwyK6DCwLYpwg
++Zlbb9JgtEkscR9/woU5K2bLLaBGjxEMb30TBrrfxOA+KM8DcSyVVFr0hadJYzjlS
++dHrcey7ZCAZfchBSYtefiR8HF3EEUPEbE6mLqmd3CIagW/QHu8TZ5+LGGZhZoX5v
++0m7Cxa3PEXF4odbQqryzBRKJUeHljZQg/gA7uB3Zerid5wfMWin5tui6c3Wye13S
++a+zMcrSoSvSV+i0pfWYzjhfR6p59F5bLf4Jhs7VDAoIBAQDGVKiiYidoVrO1iXoZ
++z+eNE8eDbguhRWq40AzwIESIpZudRISX45s1ftSCOgaBiAknTLNSsmm2nJpLGgWm
++fEXEJnUXcfam+ipn/aNdgqPxTX/L2PQiL4KkO/x4A8QeVdyGuzrzHeOA45EJgqQZ
++jzroK0C524rJ9Bg4HjSZsX/z8U6+sssQ0ZYf2vH9EGUQke7ErzR3n6qv6FQAaq4Z
++ZCVvzgZAeqt8tl3Bu7jWoTJRtJVlPd/NSBmK1EK7rqr5xdfQzsvmuzi2xmS3bpTk
++jZDa0zEhqimRFQMNBlLWiaLNdLsijovYdPsBSU/quKIthh/L/iej4bnk4UkU/iTA
++ktZzAoIBADmNIcYnYLdihOjpPowJqdEfGMh9NgE8YK0x4jS6BqFmQSBJgp/DW0Z+
++E/fjrkpqTukqHdlvpTrOoFPE8m67A0o6h9MpOVvfytp+My7SlRDWDc4DW4swbvbS
++W4SteXuhI+qCKK4IL7TPRHgVNPXFcT1YST7gataVdr93d0uYhXnU7Mqf+q5LKGvK
++kOwXsx9E7/j3o2CfAVNX+Oa5edwBPXIzHA+YDelzbRKQ2vwvrX7vPctTGGTChxAw
++loVdJnip3V5YJ8rZo6pTRTViFqhnhVki9FOd4YBkF+R9RL7aRjZ3brzNpaja2wEf
++QYXuzBi7LlSFYIOmdDy+5XZ6N4hTXtE=
++-----END PRIVATE KEY-----
+Index: native-tls/test/root-ca.pem
+===================================================================
+--- /dev/null
++++ native-tls/test/root-ca.pem
+@@ -0,0 +1,21 @@
++-----BEGIN CERTIFICATE-----
++MIIDXTCCAkWgAwIBAgIJAOIvDiVb18eVMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
++BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
++aWRnaXRzIFB0eSBMdGQwHhcNMTYwODE0MTY1NjExWhcNMjYwODEyMTY1NjExWjBF
++MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
++ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
++CgKCAQEArVHWFn52Lbl1l59exduZntVSZyDYpzDND+S2LUcO6fRBWhV/1Kzox+2G
++ZptbuMGmfI3iAnb0CFT4uC3kBkQQlXonGATSVyaFTFR+jq/lc0SP+9Bd7SBXieIV
++eIXlY1TvlwIvj3Ntw9zX+scTA4SXxH6M0rKv9gTOub2vCMSHeF16X8DQr4XsZuQr
++7Cp7j1I4aqOJyap5JTl5ijmG8cnu0n+8UcRlBzy99dLWJG0AfI3VRJdWpGTNVZ92
++aFff3RpK3F/WI2gp3qV1ynRAKuvmncGC3LDvYfcc2dgsc1N6Ffq8GIrkgRob6eBc
++klDHp1d023Lwre+VaVDSo1//Y72UFwIDAQABo1AwTjAdBgNVHQ4EFgQUbNOlA6sN
++XyzJjYqciKeId7g3/ZowHwYDVR0jBBgwFoAUbNOlA6sNXyzJjYqciKeId7g3/Zow
++DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAVVaR5QWLZIRR4Dw6TSBn
++BQiLpBSXN6oAxdDw6n4PtwW6CzydaA+creiK6LfwEsiifUfQe9f+T+TBSpdIYtMv
++Z2H2tjlFX8VrjUFvPrvn5c28CuLI0foBgY8XGSkR2YMYzWw2jPEq3Th/KM5Catn3
++AFm3bGKWMtGPR4v+90chEN0jzaAmJYRrVUh9vea27bOCn31Nse6XXQPmSI6Gyncy
++OAPUsvPClF3IjeL1tmBotWqSGn1cYxLo+Lwjk22A9h6vjcNQRyZF2VLVvtwYrNU3
++mwJ6GCLsLHpwW/yjyvn8iEltnJvByM/eeRnfXV6WDObyiZsE/n6DxIRJodQzFqy9
++GA==
++-----END CERTIFICATE-----
disable-tests-that-access-network.patch
strip-vendored-openssl.patch
+disable-new-pkcs-8-tests.patch
+revert-test-with-pkcs8.patch
+revert-update-tests-to-use-test-cert-gen.patch
+revert-test-cert-gen-update.patch
use-static-test-certs.patch
-only in patch2:
-Index: native-tls/Cargo.toml
-===================================================================
--- native-tls.orig/Cargo.toml
+++ native-tls/Cargo.toml
-@@ -28,7 +28,7 @@ version = "3.0"
- version = "0.1"
-
+@@ -30,3 +30,3 @@
[features]
-alpn = ["security-framework/alpn"]
+alpn = []
vendored = ["openssl/vendored"]
- [target."cfg(any(target_os = \"macos\", target_os = \"ios\"))".dependencies.lazy_static]
- version = "1.4.0"
-@@ -36,12 +36,6 @@ version = "1.4.0"
- [target."cfg(any(target_os = \"macos\", target_os = \"ios\"))".dependencies.libc]
- version = "0.2"
+@@ -38,8 +38,2 @@
-[target."cfg(any(target_os = \"macos\", target_os = \"ios\"))".dependencies.security-framework]
-version = "2.0.0"
-version = "2.0.0"
-
[target."cfg(any(target_os = \"macos\", target_os = \"ios\"))".dependencies.tempfile]
- version = "3.1.0"
- [target."cfg(not(any(target_os = \"windows\", target_os = \"macos\", target_os = \"ios\")))".dependencies.log]
-Index: native-tls/Cargo.toml
-===================================================================
--- native-tls.orig/Cargo.toml
+++ native-tls/Cargo.toml
-@@ -29,7 +29,6 @@ version = "0.1"
-
- [features]
- alpn = []
+@@ -32 +31,0 @@
-vendored = ["openssl/vendored"]
- [target."cfg(any(target_os = \"macos\", target_os = \"ios\"))".dependencies.lazy_static]
- version = "1.4.0"
-
d808f9a203219d123e900ef4993adf9c210ec8fd but with some adjustments
for use in the Debian package.
-only in patch2:
+Adjustments include.
+
+1. Changing files from binary to base64, so they can be included in a
+ patch.
+2. Re-encrypting the p12 file with more modern cryptography so it will
+ work with the version of openssl in bookworm.
+
Index: native-tls/src/lib.rs
===================================================================
--- native-tls.orig/src/lib.rs
+++ native-tls/src/lib.rs
-@@ -101,6 +101,11 @@
+@@ -102,6 +102,11 @@
#[cfg(any(target_os = "macos", target_os = "ios"))]
extern crate lazy_static;
-fn certificate_from_pem() {
- let dir = tempfile::tempdir().unwrap();
- let keys = test_cert_gen::keys();
--
-- let der_path = dir.path().join("cert.der");
-- fs::write(&der_path, &keys.client.cert_der).unwrap();
-- let output = Command::new("openssl")
-- .arg("x509")
-- .arg("-in")
-- .arg(der_path)
-- .arg("-inform")
-- .arg("der")
-- .stderr(Stdio::piped())
-- .output()
-- .unwrap();
+#[cfg(not(target_os = "ios"))]
+fn server_pem() {
+ let buf = &base64::decode(include_str!("../test/identity.p12.base64").split('\n').collect::<String>()).unwrap();
+ let j = thread::spawn(move || {
+ let socket = p!(listener.accept()).0;
+ let mut socket = p!(builder.accept(socket));
-
-- assert!(output.status.success());
++
+ let mut buf = [0; 5];
+ p!(socket.read_exact(&mut buf));
+ assert_eq!(&buf, b"hello");
-- let cert = Certificate::from_pem(&output.stdout).unwrap();
-- assert_eq!(cert.to_der().unwrap(), keys.client.cert_der);
+- let der_path = dir.path().join("cert.der");
+- fs::write(&der_path, &keys.client.cert_der).unwrap();
+- let output = Command::new("openssl")
+- .arg("x509")
+- .arg("-in")
+- .arg(der_path)
+- .arg("-inform")
+- .arg("der")
+- .stderr(Stdio::piped())
+- .output()
+- .unwrap();
+ p!(socket.write_all(b"world"));
+ });
-+
+
+- assert!(output.status.success());
+ let root_ca = include_bytes!("../test/root-ca.pem");
+ let root_ca = Certificate::from_pem(root_ca).unwrap();
-+
+
+- let cert = Certificate::from_pem(&output.stdout).unwrap();
+- assert_eq!(cert.to_der().unwrap(), keys.client.cert_der);
+ let socket = p!(TcpStream::connect(("localhost", port)));
+ let builder = p!(TlsConnector::builder()
+ .add_root_certificate(root_ca)
+ let buf = &base64::decode(include_str!("../test/identity.p12.base64").split('\n').collect::<String>()).unwrap();
+ let identity = p!(Identity::from_pkcs12(buf, "mypass"));
let builder = p!(TlsAcceptor::builder(identity)
- .min_protocol_version(Some(Protocol::Tlsv11))
- .max_protocol_version(Some(Protocol::Tlsv11))
+ .min_protocol_version(Some(Protocol::Tlsv12))
+ .max_protocol_version(Some(Protocol::Tlsv12))
@@ -215,7 +219,8 @@ fn server_tls11_only() {
p!(socket.write_all(b"world"));
});
let socket = p!(TcpStream::connect(("localhost", port)));
let builder = p!(TlsConnector::builder()
@@ -223,7 +228,7 @@ fn server_tls11_only() {
- .min_protocol_version(Some(Protocol::Tlsv11))
- .max_protocol_version(Some(Protocol::Tlsv11))
+ .min_protocol_version(Some(Protocol::Tlsv12))
+ .max_protocol_version(Some(Protocol::Tlsv12))
.build());
- let mut socket = p!(builder.connect("localhost", socket));
+ let mut socket = p!(builder.connect("foobar.com", socket));
p!(socket.write_all(b"hello"));
let mut buf = vec![];
-@@ -333,26 +327,15 @@ fn server_untrusted_unverified() {
+@@ -333,16 +327,9 @@ fn server_untrusted_unverified() {
#[test]
fn import_same_identity_multiple_times() {
+ let buf = &base64::decode(include_str!("../test/identity.p12.base64").split('\n').collect::<String>()).unwrap();
+ let _ = p!(Identity::from_pkcs12(buf, "mypass"));
+ let _ = p!(Identity::from_pkcs12(buf, "mypass"));
- }
+
+ let p8buf = include_bytes!("../test/chain.pem");
+ let key = include_bytes!("../test/key.pem");
+@@ -362,12 +349,8 @@ fn from_pkcs8_rejects_rsa_key() {
#[test]
fn shutdown() {
let builder = p!(TlsAcceptor::new(identity));
let listener = p!(TcpListener::bind("0.0.0.0:0"));
-@@ -370,19 +353,66 @@ fn shutdown() {
+@@ -385,19 +368,66 @@ fn shutdown() {
p!(socket.shutdown());
});
#[test]
#[cfg(feature = "alpn")]
-Index: native-tls/test/cert.pem
-===================================================================
---- /dev/null
-+++ native-tls/test/cert.pem
-@@ -0,0 +1,20 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDGzCCAgMCCQCHcfe97pgvpTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
-+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-+cyBQdHkgTHRkMB4XDTE2MDgxNDE3MDAwM1oXDTI2MDgxMjE3MDAwM1owWjELMAkG
-+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
-+IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKZm9vYmFyLmNvbTCCASIwDQYJKoZI
-+hvcNAQEBBQADggEPADCCAQoCggEBAKj0JYxEsxejUIX+I5GH0Hg2G0kX/y1H0+Ub
-+3mw2/Ja5BD/yN96/7zMSumXF8uS3SkmpyiJkbyD01TSRTqjlP7/VCBlyUIChlpLQ
-+mrGaijZiT/VCyPXqmcwFzXS5IOTpX1olJfW8rA41U1LCIcDUyFf6LtZ/v8rSeKr6
-+TuE6SGV4WRaBm1SrjWBeHVV866CRrtSS1ieT2asFsAyOZqWhk2fakwwBDFWDhOGI
-+ubfO+5aq9cBJbNRlzsgB3UZs3gC0O6GzbnZ6oT0TiJMeTsXXjABLUlaq/rrqFF4Y
-+euZkkbHTFBMz288PUc3m3ZTcpN+E7+ZOUBRZXKD20K07NugqCzUCAwEAATANBgkq
-+hkiG9w0BAQsFAAOCAQEASvYHuIl5C0NHBELPpVHNuLbQsDQNKVj3a54+9q1JkiMM
-+6taEJYfw7K1Xjm4RoiFSHpQBh+PWZS3hToToL2Zx8JfMR5MuAirdPAy1Sia/J/qE
-+wQdJccqmvuLkLTSlsGbEJ/LUUgOAgrgHOZM5lUgIhCneA0/dWJ3PsN0zvn69/faY
-+oo1iiolWiIHWWBUSdr3jM2AJaVAsTmLh00cKaDNk37JB940xConBGSl98JPrNrf9
-+dUAiT0iIBngDBdHnn/yTj+InVEFyZSKrNtiDSObFHxPcxGteHNrCPJdP1e+GqkHp
-+HJMRZVCQpSMzvHlofHSNgzWV1MX5h1CP4SGZdBDTfA==
-+-----END CERTIFICATE-----
-+
-Index: native-tls/test/root-ca.pem
-===================================================================
---- /dev/null
-+++ native-tls/test/root-ca.pem
-@@ -0,0 +1,21 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDXTCCAkWgAwIBAgIJAOIvDiVb18eVMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
-+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
-+aWRnaXRzIFB0eSBMdGQwHhcNMTYwODE0MTY1NjExWhcNMjYwODEyMTY1NjExWjBF
-+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
-+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-+CgKCAQEArVHWFn52Lbl1l59exduZntVSZyDYpzDND+S2LUcO6fRBWhV/1Kzox+2G
-+ZptbuMGmfI3iAnb0CFT4uC3kBkQQlXonGATSVyaFTFR+jq/lc0SP+9Bd7SBXieIV
-+eIXlY1TvlwIvj3Ntw9zX+scTA4SXxH6M0rKv9gTOub2vCMSHeF16X8DQr4XsZuQr
-+7Cp7j1I4aqOJyap5JTl5ijmG8cnu0n+8UcRlBzy99dLWJG0AfI3VRJdWpGTNVZ92
-+aFff3RpK3F/WI2gp3qV1ynRAKuvmncGC3LDvYfcc2dgsc1N6Ffq8GIrkgRob6eBc
-+klDHp1d023Lwre+VaVDSo1//Y72UFwIDAQABo1AwTjAdBgNVHQ4EFgQUbNOlA6sN
-+XyzJjYqciKeId7g3/ZowHwYDVR0jBBgwFoAUbNOlA6sNXyzJjYqciKeId7g3/Zow
-+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAVVaR5QWLZIRR4Dw6TSBn
-+BQiLpBSXN6oAxdDw6n4PtwW6CzydaA+creiK6LfwEsiifUfQe9f+T+TBSpdIYtMv
-+Z2H2tjlFX8VrjUFvPrvn5c28CuLI0foBgY8XGSkR2YMYzWw2jPEq3Th/KM5Catn3
-+AFm3bGKWMtGPR4v+90chEN0jzaAmJYRrVUh9vea27bOCn31Nse6XXQPmSI6Gyncy
-+OAPUsvPClF3IjeL1tmBotWqSGn1cYxLo+Lwjk22A9h6vjcNQRyZF2VLVvtwYrNU3
-+mwJ6GCLsLHpwW/yjyvn8iEltnJvByM/eeRnfXV6WDObyiZsE/n6DxIRJodQzFqy9
-+GA==
-+-----END CERTIFICATE-----
Index: native-tls/Cargo.toml
===================================================================
--- native-tls.orig/Cargo.toml
+++ native-tls/Cargo.toml
-@@ -21,11 +21,11 @@ repository = "https://github.com/sfackle
- [package.metadata.docs.rs]
- features = ["alpn"]
- rustdoc-args = ["--cfg", "docsrs"]
+@@ -28,11 +28,11 @@ rustdoc-args = [
+ [dev-dependencies.pem]
+ version = "1.0"
+
-[dev-dependencies.tempfile]
-version = "3.0"
+[dev-dependencies.hex]
===================================================================
--- /dev/null
+++ native-tls/test/identity.p12.base64
-@@ -0,0 +1,71 @@
-+MIINNgIBAzCCDPwGCSqGSIb3DQEHAaCCDO0EggzpMIIM5TCCB3cGCSqGSIb3DQEH
-+BqCCB2gwggdkAgEAMIIHXQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIj3Ug
-+V5I3/9QCAggAgIIHMIZslck8zwG6Ni0LGqf2jcxJXD/TswJd+qo6xVfkaL8MYVhJ
-+M8H3LiIh50RjM4a9pyxbFRFMGvDTqRWL80IE8wQnOlNskuDyWnVTGdiBIQkJJPg5
-+QrDj2gDDYib1mL5BSP4BEPUeDlVGQ2WDFNN3IT3x3sUb+UCIMv4KePGYm6wGn0fq
-+IoobuDJH9GBEUnjnn7GYUg/+/tthj7/M6Nh9UHqztKA2HNSkKX1goFmOJ9rO5RCk
-+g5FCvdCCKS3Ja/hIzJ424YcuSzeKLpgQaBrNnoOca7qO52fuObv0fL1Qj/VjdEeR
-+8diZt8APs05jER+ft2hrC7td/B4bE5S+06K8GcmbotgUgL7xxK62VInXOpPL4eA5
-+7VwKPeWD/qARBTACi4JSVHv7EAcRTzCrJzL27dvBMy5SIA8WmQUnDBYGew2HSk9W
-+EeVEi8v2i2M1hORWuC0OMxAWqJlFCYseX2mKXk8UsroqC7UFgimJvyf0W4/kk6w9
-+xsH9r2QkDaiW/MsldpFolOpZ88d5PLCrNFGNXALkvAYxBlMIKPaNsnxB7mQpkpUU
-+HzX/FTm3afqoFsqF/FoYgq98T1J2lKOmoeDzTsB5T6hL5ekn9A1I4N1BI6NCv/iA
-+JM3Zu/c4Tq5KQrKrCrD8X0Z9kBUNmFTvL2ajDyUuTMJ+1f9a5uUvxce5yhobnF/b
-+C9ehXZcXurccsb3cGcewEGJmQFoJZjRU3HLoh9VCIcOmuhqQmfMbtPiBhbuSVZWc
-+1Oy9hkIvSZ/p7dTeJDc560nQx7O/6PkMnuS+LlGI217yrCT9QEwq/JBmqFm1vYxs
-+gNH3eC5PSZiG5pYbjDv6jOqUmxYlUhzbYZfakBvjnKVctAasWoFjeXgRn6P/f3xL
-+fD6U+/EiCFze1bFXMuD0Z/QCX57iPyowU+NRsJ9RG9hshgUeq7XnDUbP8Iu+L3Nu
-++bO/Z/euj14XJNUziau95PDErIsAqmgDgAYn6NvvMP5w8Q+ql+HQfC4ygDIqYw/N
-+DKtLoH4iYh61wxhn4A7rFlkqVG7MpMZ623q+UvsBuYDWOXIoN23g4KuYGXptzxAK
-+f7GNV80XmQPQvZPkM6ctnVB9//wQf+hIG9SKQMMcol9/epXqNEQRadupgLH2crVw
-+Z80kwFQCDh2ZAiPwRSRM5xD+Cgg9L7CbTdI0GRwMccpgxxSVx9CYUs6PJt33N8Gz
-+awInoCp+8gGM3Y9n/7zS9K/8BJN6iGPYmrDzFflxQPm1zoYp4hRVtdH4rQbLcgOX
-+bpAFAadYrdTOp1cs2S5NPff56Tlz+/3DSf6NT/RYT5qQgAu0pyPkk0nNipKD5OCx
-+Dci40p2Z1FyvhjoyU+8x2OzYjwa+0V+gkmo6tVDv83Xbf3KPmxURFWTIK/oEgziZ
-+j7twPaj9Eiwy3x1a0GQEU5lN/kvXUIFmzx6ro6R8I6acLtkrkCLikR87DhUY16Ai
-+6LUkykscX6pcoz4PJV20bw0gGUzyQoyaRwvANddVrnQhs7F1+R3Ib1DqH2ZkNv2K
-+C8kMCVq1kLNJWvpl+R8BEcXb9lhmGU9eCK7gS+WsDieWaHDnwbL/qdDQSVk9iK8e
-+vKTaDMTqDvsXMFWYGi11aDHDHgZHeO581kPMW/SNF5z93yLxlnk2Bl39Q+7RXCCC
-+zE7WugvpF4dP6hFWAzo2i2JHEFXByraoK509LBMuEnsEwZ76Kuwyj+6c5p0Vm4rQ
-+nSSYNu9BWJVLUzI+vPu1OVKkTJkAt3fa/5aTijbThYMObn6n+3gYizcqji1imnRK
-+AdabLXLEd6NuHwgLbgp1/ansx/IFMTMrgPckKXXVN8XeDP5YzEQvZ1ri8O0oRKNZ
-+OogG/pMLCEnRHltOJ4yGoJLSaOO+r+McMzjjSO8MgcUOfHYYHzAP8mWKlDQM5bn0
-+o82Nm0ApTVp3C2/7eQHIPZStyk9ydbHtNwGk6aY9lM/qReiwNV9CspAVz4Ou6+Cf
-+qM/tUlmRvPKHUCB7nKNoFiVzLtRvGoVZnBzJ6uqZNP/x1u1nG2HJoFio3hitc4T5
-+wcApW8U+VRkPZNGwvt30mAx/BTFDxjbgcRjntR5K173vwW4DRc20s5HlMBVr5A5W
-+ucPpu+Tu6UVHy+Q+vrW8LIRRHPIEWEEqWq1GNLtHWGR1gs78D8ieB4N2upaGdVtK
-+yBERZIwbB8qYvI7hYhrfIsJNSHX9qxKlZuRRUFhm658HPQbmx8Q3u2jaEDN0776t
-+SPH/7HKw/ezlJv0y1wMp9lTZVNx0IrFeAh89oa8E8kDTlSjCkO8Y0cdH8i+kkL7A
-+FTt64+ORLdslMxvWWMTTYsSznmvuwSZunFLUUCCWqjjPg6Z6sOR/SFiPNM7AR5ec
-+/0P02IHKpd9N9XNo1YlSL6D/dciuwQ3rXaidZCi8DB9O+84dmwsEjlUQunw1+nVb
-+xT9EU91ir8ekp5W8VuHNRcT3DQXvOUe//TRnHp4wggVmBgkqhkiG9w0BBwGgggVX
-+BIIFUzCCBU8wggVLBgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMw
-+DgQIaUsCW0txPcQCAggABIIEyDelX968NVVlDAllVEqy+qAXFf9juCx2zkDjsOFE
-+98v/niSltOVDT0jdcMiuqHgRkY9NFruEmQQeH54TgD+44vjNkmmx9EANZypWqoQD
-+gP5A5IY26D6ij3CBjRfgNeBl7q22C09I3aJmgtRPZ/k81GCiAZT3k1Hmtgm2hLSw
-+Ej1TO6aL0l1aaFCvHE9A9Ag9Euo6gLJszgFwWQXAxKVlCW2yA0WzuDScwG8R9h7w
-+kp7yE4IaZb9E5+AKHJDXY02ErvHferC20ueSsD2RCbvsqYlxBOiGlEQRIiVhBabF
-+WkcSN2uxcYR2fLD0c2Mip22xd0/FgAYChiX1+sqxine40zP3VsSjnz8u+vLDWn+l
-+W2T1y8z+axI7ZzJNHLbxpTWGpLxPqtH7DjZyqsdkBbnW9xKq2VlOY+H5qDvCLts1
-+5DmKspx/5jrI2/w3prpfSUhSClUCaTkHIriy1r5J4gSLvOaAK7nF+qZ7YYOfjnp3
-+fUVkpHydt3x51KiJWrE0ByOAgS6/psZsJIkybKSsO6q57UQWPbn6m/8XhTtKivXW
-+SMfGI8e6lH/zxDEAztT8PqVa1g8N6X3qeTobhRKC5ILWlAyTO4gyt8TxUeUfCkLq
-+gs1pfIVLVkG+EfARClOrQwGnWtd/kAqWXjGUynNeFVprIw2N5d6mvyuzu7qMET6G
-+oS9ed+/Mf4zDOxUsXf31FNkAf7KKrpk9XqUArIbEae7/mmYMLIGZWMecQI/s98AD
-+Z2sfveSOVwZ0lJQhpfAbG3HQjml1FTS12eFi3VlXzAHzJlkiQwAZwGLwGbb2+g07
-+XKsHj4hSkAhWiLettO3mfykJzUtrQ3D+G0CqGaCJyeNRUYvoi4dak8uh5QcC2b86
-+Ht8aNHrJ5Rhbxzy3t7WGBwqHsOolfdjtdrucNj1Pxzb3lZEgqjz623gPdXZBu6zH
-+LUXzmGKb1jszIMiZikzVKD6Ac2EREOvc3xzP4AhCdriKg7qsj66Q+rHIhPHL5Jfv
-+Oepb0JoAosvgohcRo1GofgGiCShWj5EALdJx8fWAz5LvOg/wRx1u0L3SoSJNmIw1
-+vQUhL1phYAw8SK9cJgFdP02P5LkAYLpWdhUTKzNj+cV5il8PVOBQJ4PeoOQhPX4A
-+/h7CThPMZ072M2skCEYj16Tc1zevpd6p4KhAFz1dS4sAIU2bE91EhajFjnKZLmIb
-+bTZE5ql/rSfRbY8vXGHIvwrmSIt+whhfEgKAmQTVgS8fdMz2HHM4TjOxoThDvVMX
-+FctIpri/5JDzpvZGdAGLKlSFa5VUKtGFcpB0EEetg+BUDxqEZYKjmO/zgMR0yz4L
-+Dc8FPSa4wJ6MfdwaU//F03xtCgHtq0JgmQWykrq6lKAt1Eg2qb21fj0kJCFrg5vA
-+W6u5ngQmcFGBeOtThq9oGh0HdNxuFiu/9WhXOmYzH/E+c/qEDqUy8avw8zZhAfeP
-+S+GWMx59T5lWqCJw0G9ZiNTHdXO97NH/ugQh47+shqLNEGE14Qwec0k7Du30BwEm
-+rBBe8Q7H3a0iZwCp/zLSyECtPF1+DwvHOSzqmAPZZph5gCEjplDsDpzvUSPem3UF
-+FJi2EGdznhdPodcFZRH13GDXI9PewM8UqPXRQ/VjPRI+2oiV8QGDGeXi+zFKMCMG
-+CSqGSIb3DQEJFDEWHhQAZgBvAG8AYgBhAHIALgBjAG8AbTAjBgkqhkiG9w0BCRUx
-+FgQUWRctkxPoRFm8/yf5Z+eebpIX5YQwMTAhMAkGBSsOAwIaBQAEFPRkKZyOSclJ
-+1AtaiynBj4rxwVojBAhG1bOCIgVvyAICCAA=
+@@ -0,0 +1,61 @@
++MIINfwIBAzCCDTUGCSqGSIb3DQEHAaCCDSYEgg0iMIINHjCCB5IGCSqGSIb3DQEHBqCCB4Mwggd/
++AgEAMIIHeAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjEz1GbOlzd
++2AICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEENKf9rJ8NNAIm+QM3nMcJOyAggcQfPlN
++ikIUJso+4ai2hGoQvfPsaS4P25gjW/vO+TOAV7PaJsNw1S4vQPuvrXFV9xJgEAbBBsko+Zuo9IS9
++SMb8Xx7vBoRHyOqcQ0k2y1lhGtMdt9vywnQ4J5zhN+wTmlHDjSiA8V+ICY5+ZEQpJh+UCgEoSU7X
++uMtX7gZ9BvVNNmK615pd63Hz1DKLS4xAOmfPwrUbqxhRyjpCXair5o0ASpnPAVxbba5uslnR4ah/
++u5vLZX8XcTaVxfS8D0lmZkpc9WmVDy7TcCK4UEObqbptBW26YvIhr/hj+VJQvGGmT6P5LYWwnjlA
++OgJWn6sILqAZXT683yOeswI2CG20956RgOXoSksNGE/ue0j6czXS2vxqt/dOpewYGnzfQoBkQqrM
++e6xNp+fzEPUrRA54fbIaQtbsG10dO8ExQ6rcrvTXuOISv7x/ZRtCvt0MTlrSIZU6KKTYiNpdsPok
++DZ1vLC7CfnXcZMQ9BjO3qy/pkkavOmlFCHJYPAuAmYKbZBGtOM5U0S4DpK6QGdkFzLpFsgxvSbH0
++OXko4XiniglwtFKQ34+yMmCk6mHwpKO8XOQUKvl39IsqGRwfcNqWOd4vOsAN95UNyhAi+qhBgnO3
++oH/I5NXjTy1HSrFs2sPMAoYzhCWYwrOnXZFp6JjR4uCteSx0DshVOklV8AkFGQNjU86x+/ud9w7m
++jt0fDR9R7BBaaa8ET5gK0+wMgxXJONBtjRWuOzndWPHKFZYyffBcsZalaEFVcf/v1W81MBSrjrCa
++A+en7BDIDhaPI1CbAFJntQB1ka7lwIIbCGj3qYKGCr8IpXa9aHdIxz1BBSYmYZT+Kn0BGN2BW4dG
++uypgXBu3LhPCBq21HFqiNxDekGCmKQwxQSiOrxy4TDELjB9LXsxzSgH1GCy1Q++BxhTEfslxuxDt
++jIQG21DyvAy5nk1nHP9cgBREG1WbGD8EQxxJn12/guXLV5ZcmqshFKeqRm/03a+SNxvW6mt7biPd
++HUB6BYQmo7QxJdafuWKbZihhCicgSqQDk1UB2e//MpZNHa6uy6TJiD4++DlJXCc5j2dTvDYxTeCw
++3pyjglDkqnan1MJ3jjqDqNDzXehhueI8uCUGpKp42PrTAhO9qi/RCL96UPI/i/0p6UvZb2hU4gYz
++lD4MuVLbb90pNADcMk+bZOpG0Q1cx5oHL3IMS9ydCnpYdoDV4YoiJttcC6IYolovv/XqoGDA32Wh
++rxkWo8vNXINIKc1nXpSwHhGiw2m7FoS5dN35u/MaOZXmmBqpUXKftYKI8ZwUQNd/rJCdcarh153B
++orexMyFfLNrIjs6lLaQ1YbnhiB6jAeY3aWxkivYK53ZeVQ+5bi/+BypBAg5yrg/xP1tefdU2f4BZ
++rblay47wnfFLR06A37LmJaFoKwJT7bj+6qiSpq+m60Ejqm57B9d6+KBNwyhiQSyR34DmiGTUNnlX
++fr8Bhv/6HuIHKy0AeGagNM8sgk7GzbacM3jlJLha8/LGqg6EL+29M+cbddUyifcagqsiQljbL0+R
++o5slZJE1V2oypjusu5b7pbHRnrVxVdxTvQtd9XN7CPAzCJxjzQNPnffJ+K7GfWBI7ybyQ7I7qp5i
++20bZtbqu9vu7yb8tMwQIfTap5vr8FqvPchXLo7DYpz1I8R4wPXJUa5C2C/+WyRskkLnlI/uRMD5h
++NFs8PiLNzV+bfecOS+0cith6qM3EPCJav+CufwlgVzFpeiInhatKqM+klX4MnTEQKBZP0xwT8Di1
++rhCPXzhZZdBIKMMbN5tQdjWopJ4iPDOetA7BpYZUtA1Em37A10emel/401PBJSeDm45olI4zmjyq
++HfSmWUoUSJ+RKy6tzglazdALSkmZqnmPLC1lIC2jj0sczI7h5gOj6f7VIVJdehqgFTPJ1IYWi6rA
++5adbqBw3N/977Tk29G74FLifAdmZ5T9fNDoEhH2xyyi7N+bVGkwlg1LDqsiPoOMoAMa1iYhF6gK6
++jqDOzzHI2R8OnYilPWu5R6u1ynUhGJlU0nVwyO48x+D9eIatYXcWpe1TFBSYOfMsuvsq9ixJO8SF
++CKSATwHQzeTSzldKd5YRZAnnvQ0swYVPjPnyHOgv3TomoC3jhTwMpvemHObZxunzWtjBQKCiJ21L
++suODJ0M5kRwOjuvwCLk3PHiTK2K/qw9Fwp5SzDO+1zKs/L8k/owrboxjrGs2xrxADNaIPsY2u3tk
++NiEvi2lcHZhFUfCW8F4uXvjFG8LTieHNNTpC6/wyrQa3CGYD+vqLEIVOlWYrVV9xgsuuLPPQ90yc
++7eM82PRtQGAABA87D6OPkJUlQFHW6TD9/mcEEFWCxeDK2z9Mh88ekV4OkhQimnfpDJSbL4UXB4KX
++FpGExny46wUTo21HtSzJB8NwL8ZATYxt/lyqyUMJmRt6DBmjX4owggWEBgkqhkiG9w0BBwGgggV1
++BIIFcTCCBW0wggVpBgsqhkiG9w0BDAoBAqCCBTEwggUtMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3
++DQEFDDAcBAhkis8dVNcntAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEEuBXM0twriT
++SJGQQCzvsGUEggTQOcmXUvTJgG1gECrJoc/TZkHc47iv4D7N609gkUXU3O+1lSx5PZghJee8VxeA
++kTjbuAtmNjnhqt8LF8w0maDKZjJkn7ewZpMhG6ED1muKWLJxkhV6Z01DotWki3Jp2FSWY8YwGcH6
++swKmB8l8KgO1IHmMTubmFk67MvNVFUQFCQ6AhODkC9XwTgSPD6KbP4nESkOC/9XakTOAQ9Kui2QY
++/azg2HivSCO4O1vpbHLcnSadoRniICUdtpdZpGAR1/LplgDvyw948RETrugTmJwVi+2Izm7p0dVW
++vYFTM1o/sekiRxTFFNse5mR3pZTX+YDUzTB4cxFZ8drwCSTfHjnEPMPJJonhoP2db/sKl/mHMu/p
++4jfQ1lT3L5fVa0igKzyq2TdeYBOeii+t72+rq7WBbzQtyWj95M3Bax/LgPEFnIuNfOmUuyhP0dRT
++u/g5vvWvbptnBVnlRK0z++yjMICVIlVmMucgTzV028KoKUMRhIbj7g6GBS0nyCZfj82Im2QZaZ1N
++/7F5ESjwwbCSYSA6AX7uJURY419rzPrCvZwpowCao9CjOApvzCyirE/13NffIrFnIfOgdk5tWzyb
++94PqFcPGk/UrHNafkBrlwGpJdlkbUUVthBEl1mNBQ2O0BPATM+HRu9oXhsnGeDqHS3xallqo98rn
++8dZePIjOHbqfRwdDhqRWPXnWFWBZwTR62kErqcFxeEMhN1sevTdgxeX/Nc6uZG3nNyO6+bkOKzn6
++WUL77kGUGSz53two+vE+4/zevK1V7T5pLEFldIU/w8eDQq2MlDzdoCaOV9nmxAdnmofFbXo/Zs81
++iLdx9R/z7bm6NHGn0iO+8ZLI4K7o3XdOIAPB+pqufi3nHchNFBTOMC5YOW/ckx8o2gvt33wmy9b0
++gV4hHvVlRY6n79uXiEAi5QB5xJg4SBC4fqLw1Diy6/W6Hwce9lZhnYz1XYJZi3TRADhDykOFRGuI
++J99Jfb1itYy+VP0OGfei34Zwx+WG+sLeU6IOi07WVMQz8fC+REl03nszWjgxkBOPI99tEWKALXqX
++2whr8x6/050KkguJxPBpO7DanJWL3lXc4Z+qBsi+5ZaXhvX0oaLGP8XSyXpy3CaQKMLKtMC5lVLz
++pOdrIQyakPmLwj6KGCZA/IOrn/MBAuokgF5hg/yD7TmQa4PT1mKyV9ofBAbMMRiWZaCVZhm9Ba9/
++KkSGDbdLd1cWnLxLYBv6MFiVuZ3DrE8a/3dCXjwcU8eOEMRsb98yhb4IKMnkeKCpyIIqIg5X2hBq
++nlDWJyCxmpF7Lrg2aF1fvad02x7dTi6+QzsU1DiROgDbzwt7dVEeQB+veCjv7NbQSg85xXuP/4Bu
++gEvFYAEgrtMHYTCLHlZpPwuGouYgpY3QPz94rr80TiCW57ZRAVN5Ofg2fC0z8Tjge8qUYWGcwkHJ
++j1RABVO0brwm53a4NSo3kSmrbO1i4kZw1vb0EaD5RRcKpBhKFA/D+W9ZUS/n5UsUbL7Tmz2MvoVk
++b1Uw6gZBt5QPYipilc/pPzkGGOjZPyg/em0aPZjVO7IgfcmlKD1jzFN59dkzstKisEytjVENSkQw
++7XFfDlZQym3ZGFg8xQUiwjHPsFqpwqbt5a5JeQzeVhUyoIUuxaAkN38fOnlYeK8xJTAjBgkqhkiG
++9w0BCRUxFgQUWRctkxPoRFm8/yf5Z+eebpIX5YQwQTAxMA0GCWCGSAFlAwQCAQUABCDED13XxVNx
++Pu/q9xAgfQdlv2+oTXCWKK6IIg3x1VgHmgQI0KiAhfVFdAcCAggA