From febe8a725fb75707db2f9f83527b59882ccacfa8 Mon Sep 17 00:00:00 2001 From: Peter Michael Green Date: Sat, 4 Feb 2023 22:48:51 +0000 Subject: [PATCH] native-tls - new upstream and fix tests. --- src/native-tls/debian/changelog | 11 + src/native-tls/debian/copyright.debcargo.hint | 6 +- .../patches/disable-new-pkcs-8-tests.patch | 43 +++ .../patches/revert-test-cert-gen-update.patch | 215 +++++++++++ .../patches/revert-test-with-pkcs8.patch | 92 +++++ ...rt-update-tests-to-use-test-cert-gen.patch | 360 ++++++++++++++++++ src/native-tls/debian/patches/series | 4 + .../patches/strip-security-framework.patch | 15 +- .../patches/strip-vendored-openssl.patch | 10 +- .../patches/use-static-test-certs.patch | 255 +++++-------- 10 files changed, 832 insertions(+), 179 deletions(-) create mode 100644 src/native-tls/debian/patches/disable-new-pkcs-8-tests.patch create mode 100644 src/native-tls/debian/patches/revert-test-cert-gen-update.patch create mode 100644 src/native-tls/debian/patches/revert-test-with-pkcs8.patch create mode 100644 src/native-tls/debian/patches/revert-update-tests-to-use-test-cert-gen.patch diff --git a/src/native-tls/debian/changelog b/src/native-tls/debian/changelog index 0b87d15c8..fef05d8ad 100644 --- a/src/native-tls/debian/changelog +++ b/src/native-tls/debian/changelog @@ -1,3 +1,14 @@ +rust-native-tls (0.2.11-1) UNRELEASED-FIXME-AUTOGENERATED-DEBCARGO; urgency=medium + + * Team upload. + * Package native-tls 0.2.11 from crates.io using debcargo 2.6.0 + * Revert a number of changes in testsuite and disable newly added tests to + allow the testsuite to continue to run with static test certificates. + * Re-encode identity.p12.base64 so it can be decoded by current openssel + without requring legacy options to be enabled. + + -- Peter Michael Green Sat, 04 Feb 2023 20:35:15 +0000 + rust-native-tls (0.2.8-1) unstable; urgency=medium * Team upload. diff --git a/src/native-tls/debian/copyright.debcargo.hint b/src/native-tls/debian/copyright.debcargo.hint index d26cbd3ff..5b1d7a958 100644 --- a/src/native-tls/debian/copyright.debcargo.hint +++ b/src/native-tls/debian/copyright.debcargo.hint @@ -12,7 +12,7 @@ Comment: be correct information so you should review and fix this before uploading to the archive. -Files: ./LICENSE-MIT +Files: LICENSE-MIT Copyright: 2016 The rust-native-tls Developers License: UNKNOWN-LICENSE; FIXME (overlay) Comment: @@ -21,8 +21,8 @@ Comment: Files: debian/* Copyright: - 2019-2021 Debian Rust Maintainers - 2019-2021 kpcyrd + 2019-2023 Debian Rust Maintainers + 2019-2023 kpcyrd License: MIT or Apache-2.0 License: Apache-2.0 diff --git a/src/native-tls/debian/patches/disable-new-pkcs-8-tests.patch b/src/native-tls/debian/patches/disable-new-pkcs-8-tests.patch new file mode 100644 index 000000000..9942c4847 --- /dev/null +++ b/src/native-tls/debian/patches/disable-new-pkcs-8-tests.patch @@ -0,0 +1,43 @@ +Disable newly added tests for pkcs8, as these tests never had any static +test data to use. + +Index: native-tls/src/test.rs +=================================================================== +--- native-tls.orig/src/test.rs ++++ native-tls/src/test.rs +@@ -353,7 +353,7 @@ fn import_same_identity_multiple_times() + let _ = p!(Identity::from_pkcs8(&cert, &key)); + } + +-#[test] ++/*#[test] + fn from_pkcs8_rejects_rsa_key() { + let keys = test_cert_gen::keys(); + let cert = keys.server.cert_and_key.cert.to_pem().into_bytes(); +@@ -361,7 +361,7 @@ fn from_pkcs8_rejects_rsa_key() { + assert!(Identity::from_pkcs8(&cert, rsa_key.as_bytes()).is_err()); + let pkcs8_key = rsa_to_pkcs8(&rsa_key); + assert!(Identity::from_pkcs8(&cert, pkcs8_key.as_bytes()).is_ok()); +-} ++}*/ + + #[test] + fn shutdown() { +@@ -432,7 +432,7 @@ fn alpn_google_none() { + assert_eq!(alpn, None); + } + +-#[test] ++/*#[test] + fn server_pkcs8() { + let keys = test_cert_gen::keys(); + let cert = keys.server.cert_and_key.cert.to_pem().into_bytes(); +@@ -477,7 +477,7 @@ fn server_pkcs8() { + assert_eq!(buf, b"world"); + + p!(j.join()); +-} ++}*/ + + #[test] + fn two_servers() { diff --git a/src/native-tls/debian/patches/revert-test-cert-gen-update.patch b/src/native-tls/debian/patches/revert-test-cert-gen-update.patch new file mode 100644 index 000000000..74ba98de0 --- /dev/null +++ b/src/native-tls/debian/patches/revert-test-cert-gen-update.patch @@ -0,0 +1,215 @@ +Revert upstream update of test-cert-gen from 0.1 to 0.7, we patch out the +use of test-cert-gen in a later patch, but this is needed so that said patch +has the correct baseline to work with. + +This patch is based on a revert of upstream commits +7493a48efe60b05d2caa7995e865da291059f06b and +f5e5e6d6be8b66e16da4efcb2c614f835dfd2849, adapted for use in the Debian package +by Peter Michael Green. + +Index: native-tls/src/test.rs +=================================================================== +--- native-tls.orig/src/test.rs ++++ native-tls/src/test.rs +@@ -56,8 +56,8 @@ fn server_no_root_certs() { + let keys = test_cert_gen::keys(); + + let identity = p!(Identity::from_pkcs12( +- &keys.server.cert_and_key_pkcs12.pkcs12.0, +- &keys.server.cert_and_key_pkcs12.password ++ &keys.server.pkcs12, ++ &keys.server.pkcs12_password + )); + let builder = p!(TlsAcceptor::new(identity)); + +@@ -75,7 +75,7 @@ fn server_no_root_certs() { + p!(socket.write_all(b"world")); + }); + +- let root_ca = Certificate::from_der(keys.client.ca.get_der()).unwrap(); ++ let root_ca = Certificate::from_der(&keys.client.cert_der).unwrap(); + + let socket = p!(TcpStream::connect(("localhost", port))); + let builder = p!(TlsConnector::builder() +@@ -97,8 +97,8 @@ fn server() { + let keys = test_cert_gen::keys(); + + let identity = p!(Identity::from_pkcs12( +- &keys.server.cert_and_key_pkcs12.pkcs12.0, +- &keys.server.cert_and_key_pkcs12.password ++ &keys.server.pkcs12, ++ &keys.server.pkcs12_password + )); + let builder = p!(TlsAcceptor::new(identity)); + +@@ -116,7 +116,7 @@ fn server() { + p!(socket.write_all(b"world")); + }); + +- let root_ca = Certificate::from_der(keys.client.ca.get_der()).unwrap(); ++ let root_ca = Certificate::from_der(&keys.client.cert_der).unwrap(); + + let socket = p!(TcpStream::connect(("localhost", port))); + let builder = p!(TlsConnector::builder() +@@ -138,7 +138,7 @@ fn certificate_from_pem() { + let keys = test_cert_gen::keys(); + + let der_path = dir.path().join("cert.der"); +- fs::write(&der_path, &keys.client.ca.get_der()).unwrap(); ++ fs::write(&der_path, &keys.client.cert_der).unwrap(); + let output = Command::new("openssl") + .arg("x509") + .arg("-in") +@@ -152,7 +152,7 @@ fn certificate_from_pem() { + assert!(output.status.success()); + + let cert = Certificate::from_pem(&output.stdout).unwrap(); +- assert_eq!(cert.to_der().unwrap(), keys.client.ca.get_der()); ++ assert_eq!(cert.to_der().unwrap(), keys.client.cert_der); + } + + #[test] +@@ -160,8 +160,8 @@ fn peer_certificate() { + let keys = test_cert_gen::keys(); + + let identity = p!(Identity::from_pkcs12( +- &keys.server.cert_and_key_pkcs12.pkcs12.0, +- &keys.server.cert_and_key_pkcs12.password ++ &keys.server.pkcs12, ++ &keys.server.pkcs12_password + )); + let builder = p!(TlsAcceptor::new(identity)); + +@@ -174,7 +174,7 @@ fn peer_certificate() { + assert!(socket.peer_certificate().unwrap().is_none()); + }); + +- let root_ca = Certificate::from_der(keys.client.ca.get_der()).unwrap(); ++ let root_ca = Certificate::from_der(&keys.client.cert_der).unwrap(); + + let socket = p!(TcpStream::connect(("localhost", port))); + let builder = p!(TlsConnector::builder() +@@ -183,10 +183,7 @@ fn peer_certificate() { + let socket = p!(builder.connect("localhost", socket)); + + let cert = socket.peer_certificate().unwrap().unwrap(); +- assert_eq!( +- cert.to_der().unwrap(), +- keys.server.cert_and_key.cert.get_der() +- ); ++ assert_eq!(cert.to_der().unwrap(), keys.client.cert_der); + + p!(j.join()); + } +@@ -196,8 +193,8 @@ fn server_tls11_only() { + let keys = test_cert_gen::keys(); + + let identity = p!(Identity::from_pkcs12( +- &keys.server.cert_and_key_pkcs12.pkcs12.0, +- &keys.server.cert_and_key_pkcs12.password ++ &keys.server.pkcs12, ++ &keys.server.pkcs12_password + )); + let builder = p!(TlsAcceptor::builder(identity) + .min_protocol_version(Some(Protocol::Tlsv12)) +@@ -218,7 +215,7 @@ fn server_tls11_only() { + p!(socket.write_all(b"world")); + }); + +- let root_ca = Certificate::from_der(keys.client.ca.get_der()).unwrap(); ++ let root_ca = Certificate::from_der(&keys.client.cert_der).unwrap(); + + let socket = p!(TcpStream::connect(("localhost", port))); + let builder = p!(TlsConnector::builder() +@@ -241,8 +238,8 @@ fn server_no_shared_protocol() { + let keys = test_cert_gen::keys(); + + let identity = p!(Identity::from_pkcs12( +- &keys.server.cert_and_key_pkcs12.pkcs12.0, +- &keys.server.cert_and_key_pkcs12.password ++ &keys.server.pkcs12, ++ &keys.server.pkcs12_password + )); + let builder = p!(TlsAcceptor::builder(identity) + .min_protocol_version(Some(Protocol::Tlsv12)) +@@ -256,7 +253,7 @@ fn server_no_shared_protocol() { + assert!(builder.accept(socket).is_err()); + }); + +- let root_ca = Certificate::from_der(keys.client.ca.get_der()).unwrap(); ++ let root_ca = Certificate::from_der(&keys.client.cert_der).unwrap(); + + let socket = p!(TcpStream::connect(("localhost", port))); + let builder = p!(TlsConnector::builder() +@@ -274,8 +271,8 @@ fn server_untrusted() { + let keys = test_cert_gen::keys(); + + let identity = p!(Identity::from_pkcs12( +- &keys.server.cert_and_key_pkcs12.pkcs12.0, +- &keys.server.cert_and_key_pkcs12.password ++ &keys.server.pkcs12, ++ &keys.server.pkcs12_password + )); + let builder = p!(TlsAcceptor::new(identity)); + +@@ -301,8 +298,8 @@ fn server_untrusted_unverified() { + let keys = test_cert_gen::keys(); + + let identity = p!(Identity::from_pkcs12( +- &keys.server.cert_and_key_pkcs12.pkcs12.0, +- &keys.server.cert_and_key_pkcs12.password ++ &keys.server.pkcs12, ++ &keys.server.pkcs12_password + )); + let builder = p!(TlsAcceptor::new(identity)); + +@@ -339,12 +336,12 @@ fn import_same_identity_multiple_times() + let keys = test_cert_gen::keys(); + + let _ = p!(Identity::from_pkcs12( +- &keys.server.cert_and_key_pkcs12.pkcs12.0, +- &keys.server.cert_and_key_pkcs12.password ++ &keys.server.pkcs12, ++ &keys.server.pkcs12_password + )); + let _ = p!(Identity::from_pkcs12( +- &keys.server.cert_and_key_pkcs12.pkcs12.0, +- &keys.server.cert_and_key_pkcs12.password ++ &keys.server.pkcs12, ++ &keys.server.pkcs12_password + )); + + let p8buf = include_bytes!("../test/chain.pem"); +@@ -368,8 +365,8 @@ fn shutdown() { + let keys = test_cert_gen::keys(); + + let identity = p!(Identity::from_pkcs12( +- &keys.server.cert_and_key_pkcs12.pkcs12.0, +- &keys.server.cert_and_key_pkcs12.password ++ &keys.server.pkcs12, ++ &keys.server.pkcs12_password + )); + let builder = p!(TlsAcceptor::new(identity)); + +@@ -388,7 +385,7 @@ fn shutdown() { + p!(socket.shutdown()); + }); + +- let root_ca = Certificate::from_der(keys.client.ca.get_der()).unwrap(); ++ let root_ca = Certificate::from_der(&keys.client.cert_der).unwrap(); + + let socket = p!(TcpStream::connect(("localhost", port))); + let builder = p!(TlsConnector::builder() +Index: native-tls/Cargo.toml +=================================================================== +--- native-tls.orig/Cargo.toml ++++ native-tls/Cargo.toml +@@ -32,7 +32,7 @@ version = "1.0" + version = "3.0" + + [dev-dependencies.test-cert-gen] +-version = "0.7" ++version = "0.1" + + [features] + alpn = [] diff --git a/src/native-tls/debian/patches/revert-test-with-pkcs8.patch b/src/native-tls/debian/patches/revert-test-with-pkcs8.patch new file mode 100644 index 000000000..9fc1e0c60 --- /dev/null +++ b/src/native-tls/debian/patches/revert-test-with-pkcs8.patch @@ -0,0 +1,92 @@ +Revert switch to test with pkcs8 keys, which relies on new test-cert-gen. +This patch is based on reverting upstream commits +2a720f6c360489c60a34e1bcfba7d50497a8ba33 and +01337348b5edcd4ab3cc156e5186e5bdc1a5a8d2 + +Index: native-tls/src/test.rs +=================================================================== +--- native-tls.orig/src/test.rs ++++ native-tls/src/test.rs +@@ -348,7 +348,7 @@ fn import_same_identity_multiple_times() + )); + + let cert = keys.server.cert_and_key.cert.to_pem().into_bytes(); +- let key = rsa_to_pkcs8(&keys.server.cert_and_key.key.to_pem_incorrect()).into_bytes(); ++ let key = key_to_pem(keys.server.cert_and_key.key.get_der()).into_bytes(); + let _ = p!(Identity::from_pkcs8(&cert, &key)); + let _ = p!(Identity::from_pkcs8(&cert, &key)); + } +@@ -357,7 +357,7 @@ fn import_same_identity_multiple_times() + fn from_pkcs8_rejects_rsa_key() { + let keys = test_cert_gen::keys(); + let cert = keys.server.cert_and_key.cert.to_pem().into_bytes(); +- let rsa_key = keys.server.cert_and_key.key.to_pem_incorrect(); ++ let rsa_key = key_to_pem(keys.server.cert_and_key.key.get_der()); + assert!(Identity::from_pkcs8(&cert, rsa_key.as_bytes()).is_err()); + let pkcs8_key = rsa_to_pkcs8(&rsa_key); + assert!(Identity::from_pkcs8(&cert, pkcs8_key.as_bytes()).is_ok()); +@@ -436,7 +436,7 @@ fn alpn_google_none() { + fn server_pkcs8() { + let keys = test_cert_gen::keys(); + let cert = keys.server.cert_and_key.cert.to_pem().into_bytes(); +- let key = rsa_to_pkcs8(&keys.server.cert_and_key.key.to_pem_incorrect()).into_bytes(); ++ let key = key_to_pem(keys.server.cert_and_key.key.get_der()).into_bytes(); + + let ident = Identity::from_pkcs8(&cert, &key).unwrap(); + let ident2 = ident.clone(); +@@ -483,7 +483,7 @@ fn server_pkcs8() { + fn two_servers() { + let keys1 = test_cert_gen::gen_keys(); + let cert = keys1.server.cert_and_key.cert.to_pem().into_bytes(); +- let key = rsa_to_pkcs8(&keys1.server.cert_and_key.key.to_pem_incorrect()).into_bytes(); ++ let key = key_to_pem(keys1.server.cert_and_key.key.get_der()).into_bytes(); + let identity = p!(Identity::from_pkcs8(&cert, &key)); + let builder = TlsAcceptor::builder(identity); + let builder = p!(builder.build()); +@@ -504,7 +504,7 @@ fn two_servers() { + + let keys2 = test_cert_gen::gen_keys(); + let cert = keys2.server.cert_and_key.cert.to_pem().into_bytes(); +- let key = rsa_to_pkcs8(&keys2.server.cert_and_key.key.to_pem_incorrect()).into_bytes(); ++ let key = key_to_pem(keys2.server.cert_and_key.key.get_der()).into_bytes(); + let identity = p!(Identity::from_pkcs8(&cert, &key)); + let builder = TlsAcceptor::builder(identity); + let builder = p!(builder.build()); +@@ -553,18 +553,9 @@ fn two_servers() { + p!(j2.join()); + } + +-fn rsa_to_pkcs8(pem: &str) -> String { +- let mut child = Command::new("openssl") +- .arg("pkcs8") +- .arg("-topk8") +- .arg("-nocrypt") +- .stdin(Stdio::piped()) +- .stdout(Stdio::piped()) +- .spawn() +- .unwrap(); +- { +- let child_stdin = child.stdin.as_mut().unwrap(); +- child_stdin.write_all(pem.as_bytes()).unwrap(); +- } +- String::from_utf8(child.wait_with_output().unwrap().stdout).unwrap() ++fn key_to_pem(der: &[u8]) -> String { ++ pem::encode(&pem::Pem { ++ tag: "RSA PRIVATE KEY".to_owned(), ++ contents: der.to_owned(), ++ }) + } +Index: native-tls/Cargo.toml +=================================================================== +--- native-tls.orig/Cargo.toml ++++ native-tls/Cargo.toml +@@ -25,6 +25,9 @@ rustdoc-args = [ + "docsrs", + ] + ++[dev-dependencies.pem] ++version = "1.0" ++ + [dev-dependencies.tempfile] + version = "3.0" + diff --git a/src/native-tls/debian/patches/revert-update-tests-to-use-test-cert-gen.patch b/src/native-tls/debian/patches/revert-update-tests-to-use-test-cert-gen.patch new file mode 100644 index 000000000..7bd62fde0 --- /dev/null +++ b/src/native-tls/debian/patches/revert-update-tests-to-use-test-cert-gen.patch @@ -0,0 +1,360 @@ +Revert "update tests to use test_cert_gen" + +This patch is based on a revert of upstream commit eb7fef5b26dbb6249e52b06247b0525267e3231e + +Index: native-tls/src/test.rs +=================================================================== +--- native-tls.orig/src/test.rs ++++ native-tls/src/test.rs +@@ -347,10 +347,10 @@ fn import_same_identity_multiple_times() + &keys.server.cert_and_key_pkcs12.password + )); + +- let cert = keys.server.cert_and_key.cert.to_pem().into_bytes(); +- let key = key_to_pem(keys.server.cert_and_key.key.get_der()).into_bytes(); +- let _ = p!(Identity::from_pkcs8(&cert, &key)); +- let _ = p!(Identity::from_pkcs8(&cert, &key)); ++ let p8buf = include_bytes!("../test/chain.pem"); ++ let key = include_bytes!("../test/key.pem"); ++ let _ = p!(Identity::from_pkcs8(p8buf, key)); ++ let _ = p!(Identity::from_pkcs8(p8buf, key)); + } + + /*#[test] +@@ -434,11 +434,10 @@ fn alpn_google_none() { + + /*#[test] + fn server_pkcs8() { +- let keys = test_cert_gen::keys(); +- let cert = keys.server.cert_and_key.cert.to_pem().into_bytes(); +- let key = key_to_pem(keys.server.cert_and_key.key.get_der()).into_bytes(); ++ let key = include_bytes!("../test/key.pem"); ++ let cert = include_bytes!("../test/cert.pem"); + +- let ident = Identity::from_pkcs8(&cert, &key).unwrap(); ++ let ident = Identity::from_pkcs8(cert, key).unwrap(); + let ident2 = ident.clone(); + let builder = p!(TlsAcceptor::new(ident)); + +@@ -456,7 +455,8 @@ fn server_pkcs8() { + p!(socket.write_all(b"world")); + }); + +- let root_ca = Certificate::from_der(keys.client.ca.get_der()).unwrap(); ++ let root_ca = include_bytes!("../test/root-ca.der"); ++ let root_ca = Certificate::from_der(root_ca).unwrap(); + + let socket = p!(TcpStream::connect(("localhost", port))); + let mut builder = TlsConnector::builder(); +@@ -469,7 +469,7 @@ fn server_pkcs8() { + + builder.add_root_certificate(root_ca); + let builder = p!(builder.build()); +- let mut socket = p!(builder.connect("localhost", socket)); ++ let mut socket = p!(builder.connect("foobar.com", socket)); + + p!(socket.write_all(b"hello")); + let mut buf = vec![]; +@@ -481,10 +481,9 @@ fn server_pkcs8() { + + #[test] + fn two_servers() { +- let keys1 = test_cert_gen::gen_keys(); +- let cert = keys1.server.cert_and_key.cert.to_pem().into_bytes(); +- let key = key_to_pem(keys1.server.cert_and_key.key.get_der()).into_bytes(); +- let identity = p!(Identity::from_pkcs8(&cert, &key)); ++ let key = include_bytes!("../test/key.pem"); ++ let cert = include_bytes!("../test/cert.pem"); ++ let identity = p!(Identity::from_pkcs8(cert, key)); + let builder = TlsAcceptor::builder(identity); + let builder = p!(builder.build()); + +@@ -502,10 +501,9 @@ fn two_servers() { + p!(socket.write_all(b"world")); + }); + +- let keys2 = test_cert_gen::gen_keys(); +- let cert = keys2.server.cert_and_key.cert.to_pem().into_bytes(); +- let key = key_to_pem(keys2.server.cert_and_key.key.get_der()).into_bytes(); +- let identity = p!(Identity::from_pkcs8(&cert, &key)); ++ let key = include_bytes!("../test/key2.pem"); ++ let cert = include_bytes!("../test/cert2.pem"); ++ let identity = p!(Identity::from_pkcs8(cert, key)); + let builder = TlsAcceptor::builder(identity); + let builder = p!(builder.build()); + +@@ -523,26 +521,28 @@ fn two_servers() { + p!(socket.write_all(b"world")); + }); + +- let root_ca = Certificate::from_der(keys1.client.ca.get_der()).unwrap(); ++ let root_ca = include_bytes!("../test/root-ca.pem"); ++ let root_ca = p!(Certificate::from_pem(root_ca)); + + let socket = p!(TcpStream::connect(("localhost", port))); + let mut builder = TlsConnector::builder(); + builder.add_root_certificate(root_ca); + let builder = p!(builder.build()); +- let mut socket = p!(builder.connect("localhost", socket)); ++ let mut socket = p!(builder.connect("foobar.com", socket)); + + p!(socket.write_all(b"hello")); + let mut buf = vec![]; + p!(socket.read_to_end(&mut buf)); + assert_eq!(buf, b"world"); + +- let root_ca = Certificate::from_der(keys2.client.ca.get_der()).unwrap(); ++ let root_ca = include_bytes!("../test/cert2.pem"); ++ let root_ca = p!(Certificate::from_pem(root_ca)); + + let socket = p!(TcpStream::connect(("localhost", port2))); + let mut builder = TlsConnector::builder(); + builder.add_root_certificate(root_ca); + let builder = p!(builder.build()); +- let mut socket = p!(builder.connect("localhost", socket)); ++ let mut socket = p!(builder.connect("foobar.com", socket)); + + p!(socket.write_all(b"hello")); + let mut buf = vec![]; +@@ -552,10 +552,3 @@ fn two_servers() { + p!(j.join()); + p!(j2.join()); + } +- +-fn key_to_pem(der: &[u8]) -> String { +- pem::encode(&pem::Pem { +- tag: "RSA PRIVATE KEY".to_owned(), +- contents: der.to_owned(), +- }) +-} +Index: native-tls/test/cert.pem +=================================================================== +--- /dev/null ++++ native-tls/test/cert.pem +@@ -0,0 +1,20 @@ ++-----BEGIN CERTIFICATE----- ++MIIDGzCCAgMCCQCHcfe97pgvpTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB ++VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 ++cyBQdHkgTHRkMB4XDTE2MDgxNDE3MDAwM1oXDTI2MDgxMjE3MDAwM1owWjELMAkG ++A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0 ++IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKZm9vYmFyLmNvbTCCASIwDQYJKoZI ++hvcNAQEBBQADggEPADCCAQoCggEBAKj0JYxEsxejUIX+I5GH0Hg2G0kX/y1H0+Ub ++3mw2/Ja5BD/yN96/7zMSumXF8uS3SkmpyiJkbyD01TSRTqjlP7/VCBlyUIChlpLQ ++mrGaijZiT/VCyPXqmcwFzXS5IOTpX1olJfW8rA41U1LCIcDUyFf6LtZ/v8rSeKr6 ++TuE6SGV4WRaBm1SrjWBeHVV866CRrtSS1ieT2asFsAyOZqWhk2fakwwBDFWDhOGI ++ubfO+5aq9cBJbNRlzsgB3UZs3gC0O6GzbnZ6oT0TiJMeTsXXjABLUlaq/rrqFF4Y ++euZkkbHTFBMz288PUc3m3ZTcpN+E7+ZOUBRZXKD20K07NugqCzUCAwEAATANBgkq ++hkiG9w0BAQsFAAOCAQEASvYHuIl5C0NHBELPpVHNuLbQsDQNKVj3a54+9q1JkiMM ++6taEJYfw7K1Xjm4RoiFSHpQBh+PWZS3hToToL2Zx8JfMR5MuAirdPAy1Sia/J/qE ++wQdJccqmvuLkLTSlsGbEJ/LUUgOAgrgHOZM5lUgIhCneA0/dWJ3PsN0zvn69/faY ++oo1iiolWiIHWWBUSdr3jM2AJaVAsTmLh00cKaDNk37JB940xConBGSl98JPrNrf9 ++dUAiT0iIBngDBdHnn/yTj+InVEFyZSKrNtiDSObFHxPcxGteHNrCPJdP1e+GqkHp ++HJMRZVCQpSMzvHlofHSNgzWV1MX5h1CP4SGZdBDTfA== ++-----END CERTIFICATE----- ++ +Index: native-tls/test/cert2.pem +=================================================================== +--- /dev/null ++++ native-tls/test/cert2.pem +@@ -0,0 +1,32 @@ ++-----BEGIN CERTIFICATE----- ++MIIFijCCA3KgAwIBAgIJAOFl3cFizu8kMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV ++BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX ++aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCmZvb2Jhci5jb20wHhcNMTcwNjI0MTYw ++NzEwWhcNMjcwNjIyMTYwNzEwWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t ++ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD ++VQQDDApmb29iYXIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA ++2TfYpOOpb1HigFQOHq756Hr/wE2YvTGRRmFOuI/7TEzZnG4TcYGqbS8UTNIvxaeU ++GtQdRLFV6QWtIQhArHOU22D0EWxj88MYE7O3h5csZOUKfI0s4IRA/u3VP2mfk/VT ++AbikUJH370tTpxltcpMoOgOWkxraF6LDCnSSGALU6MN23OySUjadd4jtv5BmqdQL ++t5+VDOsgEK8Gq0Kvw4noyADPAWRj/7L/OyJ2nk9Krlof/FYb+c7lK27LUqEM3yjZ ++nARO+zCFj0cWqd0uYY3Uz+My73CLLu8NeHtl0Qv9a23jtol76j7wUXjrIR5VBs0o ++hhP1/zcOfuXu2NYzHa6gbefJqnUtqMgnibimQyMZaLxoVOryJKkEHj/D/U3OgbkW ++3q4sWZ2xGp6FlVU8smgPcq5KMQ/BQzPcGciVYKbHl+H6TUgSdABga8yMxURK058t ++TZnv/GaSKEVjM8VNLuiZAlmRtzBbd5cbRMIb/8SV6m5xwK4jQ0pdDtKbY8I0poku ++YbT/B8Rs/x50LgCk/sEjWCEdoxZ/KY4nuYpGzs5B79LZn4ofmHRG1IfiQBPxuR4S ++ChW5V+HaICXsL2oKhxIhpDQjtownj9PF85ew6IODNzk/oHDZgFCJwHK23Acr+kTt ++AsI/Oht3W0eG34DHS2UPuVc1jGE5TaNK3F/AN8ICANUCAwEAAaNTMFEwHQYDVR0O ++BBYEFNlnR/6xSAyj2shdqYPPRbOpFj9AMB8GA1UdIwQYMBaAFNlnR/6xSAyj2shd ++qYPPRbOpFj9AMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAAd/ ++RYi40if/HiOLjVWeu4ETpZLut6p4NnFY2ueRF7O3cNSH3ugQ0Ucc4S8rDrTGHryz ++jTVHC1p0783u7VkOiJNFKT+y5RmGVSRLnXfbWY4Vwpz5Dqz6sZtZlVO22VqhfT0K ++Cwzbu6Mgr/rhPow3tCWUDzDVoKPnJCFmDwHWcXlDCjnuU/0DdgO+q3anj1x3Zt7x ++1cXG+2O2PO8474A1ESujTYduCnQRzEOeud4beGhLeW6wcuq2tNRwbxQzBdCzb4/f ++INSDsqk6lpimpokxVh9Q8yUSbORvPyXMLb0F2I670CBfsQ27U/+xqBPU7rmz63vL ++J70fee+QQQ9KF9O1LWeIaPkRyKzU0kovwLTsTVXV6xQUeH1PLdgAkhh5KTnWReUq ++n7Iu8EGIHNRQFGp/qgo7bww+g2aWiqyCquCCe5zyt13j5Ev9naRJzROna39BocsG ++t2/NHSNMJ6ru4mPunPrP25J5V2qT7sN9RrKEPaANAV3dWuUOhvlrHQBVXKACckTJ ++K+mKXP0pXrnLhQc6RP4ep8JuDY7qlRnJwr3+WxeTb52wcjmz0RusdbiEeBhgMcnF ++ZDpZmLeTTPH/50TVvRTXgYGFmlgzVEqqGwpJsnEISuhgI/x58FqiXFCEaz9zr+xi ++QWt2BCQJnE0G1UV9msEybRE4toiCHdOpojJjHFi8 ++-----END CERTIFICATE----- +Index: native-tls/test/chain.pem +=================================================================== +--- /dev/null ++++ native-tls/test/chain.pem +@@ -0,0 +1,48 @@ ++Bag Attributes ++ friendlyName: foobar.com ++ localKeyID: 59 17 2D 93 13 E8 44 59 BC FF 27 F9 67 E7 9E 6E 92 17 E5 84 ++subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=foobar.com ++issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd ++-----BEGIN CERTIFICATE----- ++MIIDGzCCAgMCCQCHcfe97pgvpTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB ++VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 ++cyBQdHkgTHRkMB4XDTE2MDgxNDE3MDAwM1oXDTI2MDgxMjE3MDAwM1owWjELMAkG ++A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0 ++IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKZm9vYmFyLmNvbTCCASIwDQYJKoZI ++hvcNAQEBBQADggEPADCCAQoCggEBAKj0JYxEsxejUIX+I5GH0Hg2G0kX/y1H0+Ub ++3mw2/Ja5BD/yN96/7zMSumXF8uS3SkmpyiJkbyD01TSRTqjlP7/VCBlyUIChlpLQ ++mrGaijZiT/VCyPXqmcwFzXS5IOTpX1olJfW8rA41U1LCIcDUyFf6LtZ/v8rSeKr6 ++TuE6SGV4WRaBm1SrjWBeHVV866CRrtSS1ieT2asFsAyOZqWhk2fakwwBDFWDhOGI ++ubfO+5aq9cBJbNRlzsgB3UZs3gC0O6GzbnZ6oT0TiJMeTsXXjABLUlaq/rrqFF4Y ++euZkkbHTFBMz288PUc3m3ZTcpN+E7+ZOUBRZXKD20K07NugqCzUCAwEAATANBgkq ++hkiG9w0BAQsFAAOCAQEASvYHuIl5C0NHBELPpVHNuLbQsDQNKVj3a54+9q1JkiMM ++6taEJYfw7K1Xjm4RoiFSHpQBh+PWZS3hToToL2Zx8JfMR5MuAirdPAy1Sia/J/qE ++wQdJccqmvuLkLTSlsGbEJ/LUUgOAgrgHOZM5lUgIhCneA0/dWJ3PsN0zvn69/faY ++oo1iiolWiIHWWBUSdr3jM2AJaVAsTmLh00cKaDNk37JB940xConBGSl98JPrNrf9 ++dUAiT0iIBngDBdHnn/yTj+InVEFyZSKrNtiDSObFHxPcxGteHNrCPJdP1e+GqkHp ++HJMRZVCQpSMzvHlofHSNgzWV1MX5h1CP4SGZdBDTfA== ++-----END CERTIFICATE----- ++Bag Attributes: ++subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd ++issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd ++-----BEGIN CERTIFICATE----- ++MIIDXTCCAkWgAwIBAgIJAOIvDiVb18eVMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV ++BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX ++aWRnaXRzIFB0eSBMdGQwHhcNMTYwODE0MTY1NjExWhcNMjYwODEyMTY1NjExWjBF ++MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 ++ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB ++CgKCAQEArVHWFn52Lbl1l59exduZntVSZyDYpzDND+S2LUcO6fRBWhV/1Kzox+2G ++ZptbuMGmfI3iAnb0CFT4uC3kBkQQlXonGATSVyaFTFR+jq/lc0SP+9Bd7SBXieIV ++eIXlY1TvlwIvj3Ntw9zX+scTA4SXxH6M0rKv9gTOub2vCMSHeF16X8DQr4XsZuQr ++7Cp7j1I4aqOJyap5JTl5ijmG8cnu0n+8UcRlBzy99dLWJG0AfI3VRJdWpGTNVZ92 ++aFff3RpK3F/WI2gp3qV1ynRAKuvmncGC3LDvYfcc2dgsc1N6Ffq8GIrkgRob6eBc ++klDHp1d023Lwre+VaVDSo1//Y72UFwIDAQABo1AwTjAdBgNVHQ4EFgQUbNOlA6sN ++XyzJjYqciKeId7g3/ZowHwYDVR0jBBgwFoAUbNOlA6sNXyzJjYqciKeId7g3/Zow ++DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAVVaR5QWLZIRR4Dw6TSBn ++BQiLpBSXN6oAxdDw6n4PtwW6CzydaA+creiK6LfwEsiifUfQe9f+T+TBSpdIYtMv ++Z2H2tjlFX8VrjUFvPrvn5c28CuLI0foBgY8XGSkR2YMYzWw2jPEq3Th/KM5Catn3 ++AFm3bGKWMtGPR4v+90chEN0jzaAmJYRrVUh9vea27bOCn31Nse6XXQPmSI6Gyncy ++OAPUsvPClF3IjeL1tmBotWqSGn1cYxLo+Lwjk22A9h6vjcNQRyZF2VLVvtwYrNU3 ++mwJ6GCLsLHpwW/yjyvn8iEltnJvByM/eeRnfXV6WDObyiZsE/n6DxIRJodQzFqy9 ++GA== ++-----END CERTIFICATE----- +Index: native-tls/test/key.pem +=================================================================== +--- /dev/null ++++ native-tls/test/key.pem +@@ -0,0 +1,28 @@ ++-----BEGIN PRIVATE KEY----- ++MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCo9CWMRLMXo1CF ++/iORh9B4NhtJF/8tR9PlG95sNvyWuQQ/8jfev+8zErplxfLkt0pJqcoiZG8g9NU0 ++kU6o5T+/1QgZclCAoZaS0Jqxmoo2Yk/1Qsj16pnMBc10uSDk6V9aJSX1vKwONVNS ++wiHA1MhX+i7Wf7/K0niq+k7hOkhleFkWgZtUq41gXh1VfOugka7UktYnk9mrBbAM ++jmaloZNn2pMMAQxVg4ThiLm3zvuWqvXASWzUZc7IAd1GbN4AtDuhs252eqE9E4iT ++Hk7F14wAS1JWqv666hReGHrmZJGx0xQTM9vPD1HN5t2U3KTfhO/mTlAUWVyg9tCt ++OzboKgs1AgMBAAECggEBAKLj6IOJBKXolczpzb8UkyAjAkGBektcseV07gelJ/fk ++3z0LuWPv5p12E/HlXB24vU2x/ikUbbP3eMsawRzDEahQqmNmPEkYAYUAy/Qpi9GN ++DYvn3LqDec4jVgeQKS+p9H2DzUpTogp8zR2//yzbuWBg2+F//xh7vU0S0RQCziPM ++x7RSBgbhxSfChfEJbS2sDnzfh0jRQmoY95iFv7puet1FJtzdZ4fgCd1RqmC2lFM5 ++H0eZtN/Cz19lieVs0b996DErdEBqClVZO00eYbRozCDaBzRU3ybB/dMrGJxhkkXm ++wb3kWMtziH9qOYsostuHIFu8eKFLloKxFnq2R4DGxOECgYEA2KUIZISOeGJSBcLJ ++JAUK2gvgXPNo4HHWIwOA9xeN3ZJlsnPlffXQNnm6t1st1V2gfMm9I2n0m/F0y2B/ ++n/XGSa8bghfPA9l0c2h58lkL3JQJR/paa8ycTz+YZPrznEyN7Qa0RrJXUvZv9lQL ++Hc3+FHcSHgMqDV2f2bHAEu9YGi0CgYEAx6VEIPNvrHFgjo/jk1RTuk+m0xEWQsZL ++Cs+izQMr2TaeJn8LG+93AvFuYn0J0nT3WuStLPrUg8i4IhSS6lf1tId5ivIZPm4r ++YwMyblBJXhnHbk7Uqodjfw/3s6V2HAu++B7hTdyVr9DFuST9uv4m8bkPV8rfX1jE ++I2rAPVWvgikCgYB+wNAQP547wQrMZBLbCDg5KwmyWJfb+b6X7czexOEz6humNTjo ++YZHYzY/5B1fhpk3ntQD8X1nGg5caBvOk21+QbOtjShrM3cXMYCw5JvBRtitX+Zo9 ++yBEMLOE0877ki8XeEDYZxu5gk98d+D4oygUGZEQtWxyXhVepPt5qNa8OYQKBgQDH ++RVgZI6KFlqzv3wMh3PutbS9wYQ+9GrtwUQuIYe/0YSW9+vSVr5E0qNKrD28sV39F ++hBauXLady0yvB6YUrjMbPFW+sCMuQzyfGWPO4+g3OrfqjFiM1ZIkE0YEU9Tt7XNx ++qTDtTI1D7bhNMnTnniI1B6ge0und+3XafAThs5L48QKBgQCTTpfqMt8kU3tcI9sf ++0MK03y7kA76d5uw0pZbWFy7KI4qnzWutCzb+FMPWWsoFtLJLPZy//u/ZCUVFVa4d ++0Y/ASNQIESVPXFLAltlLo4MSmsg1vCBsbviEEaPeEjvMrgki93pYtd/aOSgkYC1T ++mEq154s5rmqh+h+XRIf7Au0SLw== ++-----END PRIVATE KEY----- +Index: native-tls/test/key2.pem +=================================================================== +--- /dev/null ++++ native-tls/test/key2.pem +@@ -0,0 +1,52 @@ ++-----BEGIN PRIVATE KEY----- ++MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDZN9ik46lvUeKA ++VA4ervnoev/ATZi9MZFGYU64j/tMTNmcbhNxgaptLxRM0i/Fp5Qa1B1EsVXpBa0h ++CECsc5TbYPQRbGPzwxgTs7eHlyxk5Qp8jSzghED+7dU/aZ+T9VMBuKRQkffvS1On ++GW1ykyg6A5aTGtoXosMKdJIYAtTow3bc7JJSNp13iO2/kGap1Au3n5UM6yAQrwar ++Qq/DiejIAM8BZGP/sv87InaeT0quWh/8Vhv5zuUrbstSoQzfKNmcBE77MIWPRxap ++3S5hjdTP4zLvcIsu7w14e2XRC/1rbeO2iXvqPvBReOshHlUGzSiGE/X/Nw5+5e7Y ++1jMdrqBt58mqdS2oyCeJuKZDIxlovGhU6vIkqQQeP8P9Tc6BuRberixZnbEanoWV ++VTyyaA9yrkoxD8FDM9wZyJVgpseX4fpNSBJ0AGBrzIzFRErTny1Nme/8ZpIoRWMz ++xU0u6JkCWZG3MFt3lxtEwhv/xJXqbnHAriNDSl0O0ptjwjSmiS5htP8HxGz/HnQu ++AKT+wSNYIR2jFn8pjie5ikbOzkHv0tmfih+YdEbUh+JAE/G5HhIKFblX4dogJewv ++agqHEiGkNCO2jCeP08Xzl7Dog4M3OT+gcNmAUInAcrbcByv6RO0Cwj86G3dbR4bf ++gMdLZQ+5VzWMYTlNo0rcX8A3wgIA1QIDAQABAoICADqm+biMQJPuaFp+V9GxLYm4 ++rJYgXb24RKHcZIUxW4metqOmlVlwybPxommb14pnVXZpD/4cZDYncjgZIl1uWCNk ++aoLJ4bNQWo/3VvclurcDoXFALX3yOBqd3ZbhzlUFSQSN9tBKmcfjbxMPqp3lXldL ++4LyX44u+RyvrjgctvI+dN9svhdLtLFe6gXfYZeA1gXRzgquaUW4v1H0p5IvIETLw ++BPU7RkUk8AXnqF/WyTOK4lggaC1r0DWKFRyan/8h6KBYCXuJ/oZRi60SLBPrWCtK ++DdbZbLufkOOXbkakFimL4pDHTs5RcFKPc+3dYtgTTX3mpeXj1+Yr7/Jc5DB/lpGX ++OYQniIpYEODJgQoycX8vlrPHQkboplil8sIoJK7Ea0YUjuo88BzBvxfIzYSfVxAh ++xvtmtPWMTmgh2+9yxcXw99p2W+PY+32ag/kEdfDKYySEnoCODb+XcMmpLnega3QL ++BsvvReZWwqXZ9PQgKCMjzY6bu8oeueUpFNLZlpZt0dC3YqQlqAMmJc6CSGl9+JCd ++7VzxDpTzvpZkOFVzDNG/w4cN6ucds47BvY6k2H1bo62lhQxQ9tcxoH4KQY48oGZ4 ++Sf7S3miF3RsS0SRxygv6l2wyZ54J4R4Pi/GAZXNN1TQ+d9KGJ2EV65ir+8QPmVyt ++RljpyM5XryPhRyS30a2BAoIBAQDzytl/xzzCGu9VFrKYi1P1Loa+aVmB7cIhAIYY ++xgW3IzrhoTWBbAdeB9yiEjIHGIoYNpdxMPx7IRl2rDCwj3ENKKjdnfAsF21Bz0NB ++1jxvKkG61hcwOa0JnPcfVO+P7D+cRJIcb+o9aFdqq4p4BMEmsIwG4J3oEI3x1c58 ++urv+ZxqkpfZLShzJeM4izu/luvRpkQVSAz4tPSBBqPTWf25HPQhMjluwcaZ75O2o ++xB7bAQcuzb7AsozWX9affpONq7qeRDwlOZuEaF3PC9Fxp1OMZMpW6Dsm6b9ZW/08 ++iS35Wzkg2Uf+GxIaqy5FTn1EB08kZQCW1HYebdq/Pk5mOgYHAoIBAQDkGFgeasrq ++V7N35zx4GaF+Oq65aKV/UKuQ8S2s1TsQ2gbeS0YyG/c3wWccLJ81gvPM1K63UzlH ++QWsFd/twIC9MSWAo29UAvGZh+st+Tdwox5NlxRq6/91MqnH48q477bzb7emA6dnI ++NYWxySMOICilBmD1ztQ4HTp4PJ1lSCaov+RTp9S1mqfMScYOkznRMY2EqADbdr2D ++0P2y4JrYP211FVEV9WOGzZe/5BYz/IAL9n1x/dt5EMYcSIhRQ9fEmJZdKElgfRDz ++KUKwZVUPVawOe9ZsDqjm+bKfdbR8iCBE9yOd+7BocXnSZ0kx6uqqj2mjucXi54B7 ++LZ7JFfZV5utDAoIBAQDdc1bMjiOvwh3C8gI7NNyH68Jz9mha8KkVp08n88C/UZ4r ++1G8w5/ttO8D764FMFstiITzBkhjWlAN4XANCbpnntRZncQ74TjNtwyK6DCwLYpwg ++Zlbb9JgtEkscR9/woU5K2bLLaBGjxEMb30TBrrfxOA+KM8DcSyVVFr0hadJYzjlS ++dHrcey7ZCAZfchBSYtefiR8HF3EEUPEbE6mLqmd3CIagW/QHu8TZ5+LGGZhZoX5v ++0m7Cxa3PEXF4odbQqryzBRKJUeHljZQg/gA7uB3Zerid5wfMWin5tui6c3Wye13S ++a+zMcrSoSvSV+i0pfWYzjhfR6p59F5bLf4Jhs7VDAoIBAQDGVKiiYidoVrO1iXoZ ++z+eNE8eDbguhRWq40AzwIESIpZudRISX45s1ftSCOgaBiAknTLNSsmm2nJpLGgWm ++fEXEJnUXcfam+ipn/aNdgqPxTX/L2PQiL4KkO/x4A8QeVdyGuzrzHeOA45EJgqQZ ++jzroK0C524rJ9Bg4HjSZsX/z8U6+sssQ0ZYf2vH9EGUQke7ErzR3n6qv6FQAaq4Z ++ZCVvzgZAeqt8tl3Bu7jWoTJRtJVlPd/NSBmK1EK7rqr5xdfQzsvmuzi2xmS3bpTk ++jZDa0zEhqimRFQMNBlLWiaLNdLsijovYdPsBSU/quKIthh/L/iej4bnk4UkU/iTA ++ktZzAoIBADmNIcYnYLdihOjpPowJqdEfGMh9NgE8YK0x4jS6BqFmQSBJgp/DW0Z+ ++E/fjrkpqTukqHdlvpTrOoFPE8m67A0o6h9MpOVvfytp+My7SlRDWDc4DW4swbvbS ++W4SteXuhI+qCKK4IL7TPRHgVNPXFcT1YST7gataVdr93d0uYhXnU7Mqf+q5LKGvK ++kOwXsx9E7/j3o2CfAVNX+Oa5edwBPXIzHA+YDelzbRKQ2vwvrX7vPctTGGTChxAw ++loVdJnip3V5YJ8rZo6pTRTViFqhnhVki9FOd4YBkF+R9RL7aRjZ3brzNpaja2wEf ++QYXuzBi7LlSFYIOmdDy+5XZ6N4hTXtE= ++-----END PRIVATE KEY----- +Index: native-tls/test/root-ca.pem +=================================================================== +--- /dev/null ++++ native-tls/test/root-ca.pem +@@ -0,0 +1,21 @@ ++-----BEGIN CERTIFICATE----- ++MIIDXTCCAkWgAwIBAgIJAOIvDiVb18eVMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV ++BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX ++aWRnaXRzIFB0eSBMdGQwHhcNMTYwODE0MTY1NjExWhcNMjYwODEyMTY1NjExWjBF ++MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 ++ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB ++CgKCAQEArVHWFn52Lbl1l59exduZntVSZyDYpzDND+S2LUcO6fRBWhV/1Kzox+2G ++ZptbuMGmfI3iAnb0CFT4uC3kBkQQlXonGATSVyaFTFR+jq/lc0SP+9Bd7SBXieIV ++eIXlY1TvlwIvj3Ntw9zX+scTA4SXxH6M0rKv9gTOub2vCMSHeF16X8DQr4XsZuQr ++7Cp7j1I4aqOJyap5JTl5ijmG8cnu0n+8UcRlBzy99dLWJG0AfI3VRJdWpGTNVZ92 ++aFff3RpK3F/WI2gp3qV1ynRAKuvmncGC3LDvYfcc2dgsc1N6Ffq8GIrkgRob6eBc ++klDHp1d023Lwre+VaVDSo1//Y72UFwIDAQABo1AwTjAdBgNVHQ4EFgQUbNOlA6sN ++XyzJjYqciKeId7g3/ZowHwYDVR0jBBgwFoAUbNOlA6sNXyzJjYqciKeId7g3/Zow ++DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAVVaR5QWLZIRR4Dw6TSBn ++BQiLpBSXN6oAxdDw6n4PtwW6CzydaA+creiK6LfwEsiifUfQe9f+T+TBSpdIYtMv ++Z2H2tjlFX8VrjUFvPrvn5c28CuLI0foBgY8XGSkR2YMYzWw2jPEq3Th/KM5Catn3 ++AFm3bGKWMtGPR4v+90chEN0jzaAmJYRrVUh9vea27bOCn31Nse6XXQPmSI6Gyncy ++OAPUsvPClF3IjeL1tmBotWqSGn1cYxLo+Lwjk22A9h6vjcNQRyZF2VLVvtwYrNU3 ++mwJ6GCLsLHpwW/yjyvn8iEltnJvByM/eeRnfXV6WDObyiZsE/n6DxIRJodQzFqy9 ++GA== ++-----END CERTIFICATE----- diff --git a/src/native-tls/debian/patches/series b/src/native-tls/debian/patches/series index c38ceb91d..b582757c2 100644 --- a/src/native-tls/debian/patches/series +++ b/src/native-tls/debian/patches/series @@ -2,4 +2,8 @@ strip-security-framework.patch disable-tests-that-access-network.patch strip-vendored-openssl.patch +disable-new-pkcs-8-tests.patch +revert-test-with-pkcs8.patch +revert-update-tests-to-use-test-cert-gen.patch +revert-test-cert-gen-update.patch use-static-test-certs.patch diff --git a/src/native-tls/debian/patches/strip-security-framework.patch b/src/native-tls/debian/patches/strip-security-framework.patch index 94c4ffae3..86f25e169 100644 --- a/src/native-tls/debian/patches/strip-security-framework.patch +++ b/src/native-tls/debian/patches/strip-security-framework.patch @@ -1,20 +1,11 @@ -only in patch2: -Index: native-tls/Cargo.toml -=================================================================== --- native-tls.orig/Cargo.toml +++ native-tls/Cargo.toml -@@ -28,7 +28,7 @@ version = "3.0" - version = "0.1" - +@@ -30,3 +30,3 @@ [features] -alpn = ["security-framework/alpn"] +alpn = [] vendored = ["openssl/vendored"] - [target."cfg(any(target_os = \"macos\", target_os = \"ios\"))".dependencies.lazy_static] - version = "1.4.0" -@@ -36,12 +36,6 @@ version = "1.4.0" - [target."cfg(any(target_os = \"macos\", target_os = \"ios\"))".dependencies.libc] - version = "0.2" +@@ -38,8 +38,2 @@ -[target."cfg(any(target_os = \"macos\", target_os = \"ios\"))".dependencies.security-framework] -version = "2.0.0" @@ -23,5 +14,3 @@ Index: native-tls/Cargo.toml -version = "2.0.0" - [target."cfg(any(target_os = \"macos\", target_os = \"ios\"))".dependencies.tempfile] - version = "3.1.0" - [target."cfg(not(any(target_os = \"windows\", target_os = \"macos\", target_os = \"ios\")))".dependencies.log] diff --git a/src/native-tls/debian/patches/strip-vendored-openssl.patch b/src/native-tls/debian/patches/strip-vendored-openssl.patch index 930613b89..8081946bf 100644 --- a/src/native-tls/debian/patches/strip-vendored-openssl.patch +++ b/src/native-tls/debian/patches/strip-vendored-openssl.patch @@ -1,12 +1,4 @@ -Index: native-tls/Cargo.toml -=================================================================== --- native-tls.orig/Cargo.toml +++ native-tls/Cargo.toml -@@ -29,7 +29,6 @@ version = "0.1" - - [features] - alpn = [] +@@ -32 +31,0 @@ -vendored = ["openssl/vendored"] - [target."cfg(any(target_os = \"macos\", target_os = \"ios\"))".dependencies.lazy_static] - version = "1.4.0" - diff --git a/src/native-tls/debian/patches/use-static-test-certs.patch b/src/native-tls/debian/patches/use-static-test-certs.patch index 4884d44fa..becd01491 100644 --- a/src/native-tls/debian/patches/use-static-test-certs.patch +++ b/src/native-tls/debian/patches/use-static-test-certs.patch @@ -4,12 +4,18 @@ static test certs, it is mostly a revert of upstream commit d808f9a203219d123e900ef4993adf9c210ec8fd but with some adjustments for use in the Debian package. -only in patch2: +Adjustments include. + +1. Changing files from binary to base64, so they can be included in a + patch. +2. Re-encrypting the p12 file with more modern cryptography so it will + work with the version of openssl in bookworm. + Index: native-tls/src/lib.rs =================================================================== --- native-tls.orig/src/lib.rs +++ native-tls/src/lib.rs -@@ -101,6 +101,11 @@ +@@ -102,6 +102,11 @@ #[cfg(any(target_os = "macos", target_os = "ios"))] extern crate lazy_static; @@ -108,18 +114,6 @@ Index: native-tls/src/test.rs -fn certificate_from_pem() { - let dir = tempfile::tempdir().unwrap(); - let keys = test_cert_gen::keys(); -- -- let der_path = dir.path().join("cert.der"); -- fs::write(&der_path, &keys.client.cert_der).unwrap(); -- let output = Command::new("openssl") -- .arg("x509") -- .arg("-in") -- .arg(der_path) -- .arg("-inform") -- .arg("der") -- .stderr(Stdio::piped()) -- .output() -- .unwrap(); +#[cfg(not(target_os = "ios"))] +fn server_pem() { + let buf = &base64::decode(include_str!("../test/identity.p12.base64").split('\n').collect::()).unwrap(); @@ -132,20 +126,31 @@ Index: native-tls/src/test.rs + let j = thread::spawn(move || { + let socket = p!(listener.accept()).0; + let mut socket = p!(builder.accept(socket)); - -- assert!(output.status.success()); ++ + let mut buf = [0; 5]; + p!(socket.read_exact(&mut buf)); + assert_eq!(&buf, b"hello"); -- let cert = Certificate::from_pem(&output.stdout).unwrap(); -- assert_eq!(cert.to_der().unwrap(), keys.client.cert_der); +- let der_path = dir.path().join("cert.der"); +- fs::write(&der_path, &keys.client.cert_der).unwrap(); +- let output = Command::new("openssl") +- .arg("x509") +- .arg("-in") +- .arg(der_path) +- .arg("-inform") +- .arg("der") +- .stderr(Stdio::piped()) +- .output() +- .unwrap(); + p!(socket.write_all(b"world")); + }); -+ + +- assert!(output.status.success()); + let root_ca = include_bytes!("../test/root-ca.pem"); + let root_ca = Certificate::from_pem(root_ca).unwrap(); -+ + +- let cert = Certificate::from_pem(&output.stdout).unwrap(); +- assert_eq!(cert.to_der().unwrap(), keys.client.cert_der); + let socket = p!(TcpStream::connect(("localhost", port))); + let builder = p!(TlsConnector::builder() + .add_root_certificate(root_ca) @@ -207,8 +212,8 @@ Index: native-tls/src/test.rs + let buf = &base64::decode(include_str!("../test/identity.p12.base64").split('\n').collect::()).unwrap(); + let identity = p!(Identity::from_pkcs12(buf, "mypass")); let builder = p!(TlsAcceptor::builder(identity) - .min_protocol_version(Some(Protocol::Tlsv11)) - .max_protocol_version(Some(Protocol::Tlsv11)) + .min_protocol_version(Some(Protocol::Tlsv12)) + .max_protocol_version(Some(Protocol::Tlsv12)) @@ -215,7 +219,8 @@ fn server_tls11_only() { p!(socket.write_all(b"world")); }); @@ -220,8 +225,8 @@ Index: native-tls/src/test.rs let socket = p!(TcpStream::connect(("localhost", port))); let builder = p!(TlsConnector::builder() @@ -223,7 +228,7 @@ fn server_tls11_only() { - .min_protocol_version(Some(Protocol::Tlsv11)) - .max_protocol_version(Some(Protocol::Tlsv11)) + .min_protocol_version(Some(Protocol::Tlsv12)) + .max_protocol_version(Some(Protocol::Tlsv12)) .build()); - let mut socket = p!(builder.connect("localhost", socket)); + let mut socket = p!(builder.connect("foobar.com", socket)); @@ -308,7 +313,7 @@ Index: native-tls/src/test.rs p!(socket.write_all(b"hello")); let mut buf = vec![]; -@@ -333,26 +327,15 @@ fn server_untrusted_unverified() { +@@ -333,16 +327,9 @@ fn server_untrusted_unverified() { #[test] fn import_same_identity_multiple_times() { @@ -325,7 +330,10 @@ Index: native-tls/src/test.rs + let buf = &base64::decode(include_str!("../test/identity.p12.base64").split('\n').collect::()).unwrap(); + let _ = p!(Identity::from_pkcs12(buf, "mypass")); + let _ = p!(Identity::from_pkcs12(buf, "mypass")); - } + + let p8buf = include_bytes!("../test/chain.pem"); + let key = include_bytes!("../test/key.pem"); +@@ -362,12 +349,8 @@ fn from_pkcs8_rejects_rsa_key() { #[test] fn shutdown() { @@ -340,7 +348,7 @@ Index: native-tls/src/test.rs let builder = p!(TlsAcceptor::new(identity)); let listener = p!(TcpListener::bind("0.0.0.0:0")); -@@ -370,19 +353,66 @@ fn shutdown() { +@@ -385,19 +368,66 @@ fn shutdown() { p!(socket.shutdown()); }); @@ -409,65 +417,14 @@ Index: native-tls/src/test.rs #[test] #[cfg(feature = "alpn")] -Index: native-tls/test/cert.pem -=================================================================== ---- /dev/null -+++ native-tls/test/cert.pem -@@ -0,0 +1,20 @@ -+-----BEGIN CERTIFICATE----- -+MIIDGzCCAgMCCQCHcfe97pgvpTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB -+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 -+cyBQdHkgTHRkMB4XDTE2MDgxNDE3MDAwM1oXDTI2MDgxMjE3MDAwM1owWjELMAkG -+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0 -+IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKZm9vYmFyLmNvbTCCASIwDQYJKoZI -+hvcNAQEBBQADggEPADCCAQoCggEBAKj0JYxEsxejUIX+I5GH0Hg2G0kX/y1H0+Ub -+3mw2/Ja5BD/yN96/7zMSumXF8uS3SkmpyiJkbyD01TSRTqjlP7/VCBlyUIChlpLQ -+mrGaijZiT/VCyPXqmcwFzXS5IOTpX1olJfW8rA41U1LCIcDUyFf6LtZ/v8rSeKr6 -+TuE6SGV4WRaBm1SrjWBeHVV866CRrtSS1ieT2asFsAyOZqWhk2fakwwBDFWDhOGI -+ubfO+5aq9cBJbNRlzsgB3UZs3gC0O6GzbnZ6oT0TiJMeTsXXjABLUlaq/rrqFF4Y -+euZkkbHTFBMz288PUc3m3ZTcpN+E7+ZOUBRZXKD20K07NugqCzUCAwEAATANBgkq -+hkiG9w0BAQsFAAOCAQEASvYHuIl5C0NHBELPpVHNuLbQsDQNKVj3a54+9q1JkiMM -+6taEJYfw7K1Xjm4RoiFSHpQBh+PWZS3hToToL2Zx8JfMR5MuAirdPAy1Sia/J/qE -+wQdJccqmvuLkLTSlsGbEJ/LUUgOAgrgHOZM5lUgIhCneA0/dWJ3PsN0zvn69/faY -+oo1iiolWiIHWWBUSdr3jM2AJaVAsTmLh00cKaDNk37JB940xConBGSl98JPrNrf9 -+dUAiT0iIBngDBdHnn/yTj+InVEFyZSKrNtiDSObFHxPcxGteHNrCPJdP1e+GqkHp -+HJMRZVCQpSMzvHlofHSNgzWV1MX5h1CP4SGZdBDTfA== -+-----END CERTIFICATE----- -+ -Index: native-tls/test/root-ca.pem -=================================================================== ---- /dev/null -+++ native-tls/test/root-ca.pem -@@ -0,0 +1,21 @@ -+-----BEGIN CERTIFICATE----- -+MIIDXTCCAkWgAwIBAgIJAOIvDiVb18eVMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV -+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -+aWRnaXRzIFB0eSBMdGQwHhcNMTYwODE0MTY1NjExWhcNMjYwODEyMTY1NjExWjBF -+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 -+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -+CgKCAQEArVHWFn52Lbl1l59exduZntVSZyDYpzDND+S2LUcO6fRBWhV/1Kzox+2G -+ZptbuMGmfI3iAnb0CFT4uC3kBkQQlXonGATSVyaFTFR+jq/lc0SP+9Bd7SBXieIV -+eIXlY1TvlwIvj3Ntw9zX+scTA4SXxH6M0rKv9gTOub2vCMSHeF16X8DQr4XsZuQr -+7Cp7j1I4aqOJyap5JTl5ijmG8cnu0n+8UcRlBzy99dLWJG0AfI3VRJdWpGTNVZ92 -+aFff3RpK3F/WI2gp3qV1ynRAKuvmncGC3LDvYfcc2dgsc1N6Ffq8GIrkgRob6eBc -+klDHp1d023Lwre+VaVDSo1//Y72UFwIDAQABo1AwTjAdBgNVHQ4EFgQUbNOlA6sN -+XyzJjYqciKeId7g3/ZowHwYDVR0jBBgwFoAUbNOlA6sNXyzJjYqciKeId7g3/Zow -+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAVVaR5QWLZIRR4Dw6TSBn -+BQiLpBSXN6oAxdDw6n4PtwW6CzydaA+creiK6LfwEsiifUfQe9f+T+TBSpdIYtMv -+Z2H2tjlFX8VrjUFvPrvn5c28CuLI0foBgY8XGSkR2YMYzWw2jPEq3Th/KM5Catn3 -+AFm3bGKWMtGPR4v+90chEN0jzaAmJYRrVUh9vea27bOCn31Nse6XXQPmSI6Gyncy -+OAPUsvPClF3IjeL1tmBotWqSGn1cYxLo+Lwjk22A9h6vjcNQRyZF2VLVvtwYrNU3 -+mwJ6GCLsLHpwW/yjyvn8iEltnJvByM/eeRnfXV6WDObyiZsE/n6DxIRJodQzFqy9 -+GA== -+-----END CERTIFICATE----- Index: native-tls/Cargo.toml =================================================================== --- native-tls.orig/Cargo.toml +++ native-tls/Cargo.toml -@@ -21,11 +21,11 @@ repository = "https://github.com/sfackle - [package.metadata.docs.rs] - features = ["alpn"] - rustdoc-args = ["--cfg", "docsrs"] +@@ -28,11 +28,11 @@ rustdoc-args = [ + [dev-dependencies.pem] + version = "1.0" + -[dev-dependencies.tempfile] -version = "3.0" +[dev-dependencies.hex] @@ -484,75 +441,65 @@ Index: native-tls/test/identity.p12.base64 =================================================================== --- /dev/null +++ native-tls/test/identity.p12.base64 -@@ -0,0 +1,71 @@ -+MIINNgIBAzCCDPwGCSqGSIb3DQEHAaCCDO0EggzpMIIM5TCCB3cGCSqGSIb3DQEH -+BqCCB2gwggdkAgEAMIIHXQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIj3Ug -+V5I3/9QCAggAgIIHMIZslck8zwG6Ni0LGqf2jcxJXD/TswJd+qo6xVfkaL8MYVhJ -+M8H3LiIh50RjM4a9pyxbFRFMGvDTqRWL80IE8wQnOlNskuDyWnVTGdiBIQkJJPg5 -+QrDj2gDDYib1mL5BSP4BEPUeDlVGQ2WDFNN3IT3x3sUb+UCIMv4KePGYm6wGn0fq -+IoobuDJH9GBEUnjnn7GYUg/+/tthj7/M6Nh9UHqztKA2HNSkKX1goFmOJ9rO5RCk -+g5FCvdCCKS3Ja/hIzJ424YcuSzeKLpgQaBrNnoOca7qO52fuObv0fL1Qj/VjdEeR -+8diZt8APs05jER+ft2hrC7td/B4bE5S+06K8GcmbotgUgL7xxK62VInXOpPL4eA5 -+7VwKPeWD/qARBTACi4JSVHv7EAcRTzCrJzL27dvBMy5SIA8WmQUnDBYGew2HSk9W -+EeVEi8v2i2M1hORWuC0OMxAWqJlFCYseX2mKXk8UsroqC7UFgimJvyf0W4/kk6w9 -+xsH9r2QkDaiW/MsldpFolOpZ88d5PLCrNFGNXALkvAYxBlMIKPaNsnxB7mQpkpUU -+HzX/FTm3afqoFsqF/FoYgq98T1J2lKOmoeDzTsB5T6hL5ekn9A1I4N1BI6NCv/iA -+JM3Zu/c4Tq5KQrKrCrD8X0Z9kBUNmFTvL2ajDyUuTMJ+1f9a5uUvxce5yhobnF/b -+C9ehXZcXurccsb3cGcewEGJmQFoJZjRU3HLoh9VCIcOmuhqQmfMbtPiBhbuSVZWc -+1Oy9hkIvSZ/p7dTeJDc560nQx7O/6PkMnuS+LlGI217yrCT9QEwq/JBmqFm1vYxs -+gNH3eC5PSZiG5pYbjDv6jOqUmxYlUhzbYZfakBvjnKVctAasWoFjeXgRn6P/f3xL -+fD6U+/EiCFze1bFXMuD0Z/QCX57iPyowU+NRsJ9RG9hshgUeq7XnDUbP8Iu+L3Nu -++bO/Z/euj14XJNUziau95PDErIsAqmgDgAYn6NvvMP5w8Q+ql+HQfC4ygDIqYw/N -+DKtLoH4iYh61wxhn4A7rFlkqVG7MpMZ623q+UvsBuYDWOXIoN23g4KuYGXptzxAK -+f7GNV80XmQPQvZPkM6ctnVB9//wQf+hIG9SKQMMcol9/epXqNEQRadupgLH2crVw -+Z80kwFQCDh2ZAiPwRSRM5xD+Cgg9L7CbTdI0GRwMccpgxxSVx9CYUs6PJt33N8Gz -+awInoCp+8gGM3Y9n/7zS9K/8BJN6iGPYmrDzFflxQPm1zoYp4hRVtdH4rQbLcgOX -+bpAFAadYrdTOp1cs2S5NPff56Tlz+/3DSf6NT/RYT5qQgAu0pyPkk0nNipKD5OCx -+Dci40p2Z1FyvhjoyU+8x2OzYjwa+0V+gkmo6tVDv83Xbf3KPmxURFWTIK/oEgziZ -+j7twPaj9Eiwy3x1a0GQEU5lN/kvXUIFmzx6ro6R8I6acLtkrkCLikR87DhUY16Ai -+6LUkykscX6pcoz4PJV20bw0gGUzyQoyaRwvANddVrnQhs7F1+R3Ib1DqH2ZkNv2K -+C8kMCVq1kLNJWvpl+R8BEcXb9lhmGU9eCK7gS+WsDieWaHDnwbL/qdDQSVk9iK8e -+vKTaDMTqDvsXMFWYGi11aDHDHgZHeO581kPMW/SNF5z93yLxlnk2Bl39Q+7RXCCC -+zE7WugvpF4dP6hFWAzo2i2JHEFXByraoK509LBMuEnsEwZ76Kuwyj+6c5p0Vm4rQ -+nSSYNu9BWJVLUzI+vPu1OVKkTJkAt3fa/5aTijbThYMObn6n+3gYizcqji1imnRK -+AdabLXLEd6NuHwgLbgp1/ansx/IFMTMrgPckKXXVN8XeDP5YzEQvZ1ri8O0oRKNZ -+OogG/pMLCEnRHltOJ4yGoJLSaOO+r+McMzjjSO8MgcUOfHYYHzAP8mWKlDQM5bn0 -+o82Nm0ApTVp3C2/7eQHIPZStyk9ydbHtNwGk6aY9lM/qReiwNV9CspAVz4Ou6+Cf -+qM/tUlmRvPKHUCB7nKNoFiVzLtRvGoVZnBzJ6uqZNP/x1u1nG2HJoFio3hitc4T5 -+wcApW8U+VRkPZNGwvt30mAx/BTFDxjbgcRjntR5K173vwW4DRc20s5HlMBVr5A5W -+ucPpu+Tu6UVHy+Q+vrW8LIRRHPIEWEEqWq1GNLtHWGR1gs78D8ieB4N2upaGdVtK -+yBERZIwbB8qYvI7hYhrfIsJNSHX9qxKlZuRRUFhm658HPQbmx8Q3u2jaEDN0776t -+SPH/7HKw/ezlJv0y1wMp9lTZVNx0IrFeAh89oa8E8kDTlSjCkO8Y0cdH8i+kkL7A -+FTt64+ORLdslMxvWWMTTYsSznmvuwSZunFLUUCCWqjjPg6Z6sOR/SFiPNM7AR5ec -+/0P02IHKpd9N9XNo1YlSL6D/dciuwQ3rXaidZCi8DB9O+84dmwsEjlUQunw1+nVb -+xT9EU91ir8ekp5W8VuHNRcT3DQXvOUe//TRnHp4wggVmBgkqhkiG9w0BBwGgggVX -+BIIFUzCCBU8wggVLBgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMw -+DgQIaUsCW0txPcQCAggABIIEyDelX968NVVlDAllVEqy+qAXFf9juCx2zkDjsOFE -+98v/niSltOVDT0jdcMiuqHgRkY9NFruEmQQeH54TgD+44vjNkmmx9EANZypWqoQD -+gP5A5IY26D6ij3CBjRfgNeBl7q22C09I3aJmgtRPZ/k81GCiAZT3k1Hmtgm2hLSw -+Ej1TO6aL0l1aaFCvHE9A9Ag9Euo6gLJszgFwWQXAxKVlCW2yA0WzuDScwG8R9h7w -+kp7yE4IaZb9E5+AKHJDXY02ErvHferC20ueSsD2RCbvsqYlxBOiGlEQRIiVhBabF -+WkcSN2uxcYR2fLD0c2Mip22xd0/FgAYChiX1+sqxine40zP3VsSjnz8u+vLDWn+l -+W2T1y8z+axI7ZzJNHLbxpTWGpLxPqtH7DjZyqsdkBbnW9xKq2VlOY+H5qDvCLts1 -+5DmKspx/5jrI2/w3prpfSUhSClUCaTkHIriy1r5J4gSLvOaAK7nF+qZ7YYOfjnp3 -+fUVkpHydt3x51KiJWrE0ByOAgS6/psZsJIkybKSsO6q57UQWPbn6m/8XhTtKivXW -+SMfGI8e6lH/zxDEAztT8PqVa1g8N6X3qeTobhRKC5ILWlAyTO4gyt8TxUeUfCkLq -+gs1pfIVLVkG+EfARClOrQwGnWtd/kAqWXjGUynNeFVprIw2N5d6mvyuzu7qMET6G -+oS9ed+/Mf4zDOxUsXf31FNkAf7KKrpk9XqUArIbEae7/mmYMLIGZWMecQI/s98AD -+Z2sfveSOVwZ0lJQhpfAbG3HQjml1FTS12eFi3VlXzAHzJlkiQwAZwGLwGbb2+g07 -+XKsHj4hSkAhWiLettO3mfykJzUtrQ3D+G0CqGaCJyeNRUYvoi4dak8uh5QcC2b86 -+Ht8aNHrJ5Rhbxzy3t7WGBwqHsOolfdjtdrucNj1Pxzb3lZEgqjz623gPdXZBu6zH -+LUXzmGKb1jszIMiZikzVKD6Ac2EREOvc3xzP4AhCdriKg7qsj66Q+rHIhPHL5Jfv -+Oepb0JoAosvgohcRo1GofgGiCShWj5EALdJx8fWAz5LvOg/wRx1u0L3SoSJNmIw1 -+vQUhL1phYAw8SK9cJgFdP02P5LkAYLpWdhUTKzNj+cV5il8PVOBQJ4PeoOQhPX4A -+/h7CThPMZ072M2skCEYj16Tc1zevpd6p4KhAFz1dS4sAIU2bE91EhajFjnKZLmIb -+bTZE5ql/rSfRbY8vXGHIvwrmSIt+whhfEgKAmQTVgS8fdMz2HHM4TjOxoThDvVMX -+FctIpri/5JDzpvZGdAGLKlSFa5VUKtGFcpB0EEetg+BUDxqEZYKjmO/zgMR0yz4L -+Dc8FPSa4wJ6MfdwaU//F03xtCgHtq0JgmQWykrq6lKAt1Eg2qb21fj0kJCFrg5vA -+W6u5ngQmcFGBeOtThq9oGh0HdNxuFiu/9WhXOmYzH/E+c/qEDqUy8avw8zZhAfeP -+S+GWMx59T5lWqCJw0G9ZiNTHdXO97NH/ugQh47+shqLNEGE14Qwec0k7Du30BwEm -+rBBe8Q7H3a0iZwCp/zLSyECtPF1+DwvHOSzqmAPZZph5gCEjplDsDpzvUSPem3UF -+FJi2EGdznhdPodcFZRH13GDXI9PewM8UqPXRQ/VjPRI+2oiV8QGDGeXi+zFKMCMG -+CSqGSIb3DQEJFDEWHhQAZgBvAG8AYgBhAHIALgBjAG8AbTAjBgkqhkiG9w0BCRUx -+FgQUWRctkxPoRFm8/yf5Z+eebpIX5YQwMTAhMAkGBSsOAwIaBQAEFPRkKZyOSclJ -+1AtaiynBj4rxwVojBAhG1bOCIgVvyAICCAA= +@@ -0,0 +1,61 @@ ++MIINfwIBAzCCDTUGCSqGSIb3DQEHAaCCDSYEgg0iMIINHjCCB5IGCSqGSIb3DQEHBqCCB4Mwggd/ ++AgEAMIIHeAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjEz1GbOlzd ++2AICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEENKf9rJ8NNAIm+QM3nMcJOyAggcQfPlN ++ikIUJso+4ai2hGoQvfPsaS4P25gjW/vO+TOAV7PaJsNw1S4vQPuvrXFV9xJgEAbBBsko+Zuo9IS9 ++SMb8Xx7vBoRHyOqcQ0k2y1lhGtMdt9vywnQ4J5zhN+wTmlHDjSiA8V+ICY5+ZEQpJh+UCgEoSU7X ++uMtX7gZ9BvVNNmK615pd63Hz1DKLS4xAOmfPwrUbqxhRyjpCXair5o0ASpnPAVxbba5uslnR4ah/ ++u5vLZX8XcTaVxfS8D0lmZkpc9WmVDy7TcCK4UEObqbptBW26YvIhr/hj+VJQvGGmT6P5LYWwnjlA ++OgJWn6sILqAZXT683yOeswI2CG20956RgOXoSksNGE/ue0j6czXS2vxqt/dOpewYGnzfQoBkQqrM ++e6xNp+fzEPUrRA54fbIaQtbsG10dO8ExQ6rcrvTXuOISv7x/ZRtCvt0MTlrSIZU6KKTYiNpdsPok ++DZ1vLC7CfnXcZMQ9BjO3qy/pkkavOmlFCHJYPAuAmYKbZBGtOM5U0S4DpK6QGdkFzLpFsgxvSbH0 ++OXko4XiniglwtFKQ34+yMmCk6mHwpKO8XOQUKvl39IsqGRwfcNqWOd4vOsAN95UNyhAi+qhBgnO3 ++oH/I5NXjTy1HSrFs2sPMAoYzhCWYwrOnXZFp6JjR4uCteSx0DshVOklV8AkFGQNjU86x+/ud9w7m ++jt0fDR9R7BBaaa8ET5gK0+wMgxXJONBtjRWuOzndWPHKFZYyffBcsZalaEFVcf/v1W81MBSrjrCa ++A+en7BDIDhaPI1CbAFJntQB1ka7lwIIbCGj3qYKGCr8IpXa9aHdIxz1BBSYmYZT+Kn0BGN2BW4dG ++uypgXBu3LhPCBq21HFqiNxDekGCmKQwxQSiOrxy4TDELjB9LXsxzSgH1GCy1Q++BxhTEfslxuxDt ++jIQG21DyvAy5nk1nHP9cgBREG1WbGD8EQxxJn12/guXLV5ZcmqshFKeqRm/03a+SNxvW6mt7biPd ++HUB6BYQmo7QxJdafuWKbZihhCicgSqQDk1UB2e//MpZNHa6uy6TJiD4++DlJXCc5j2dTvDYxTeCw ++3pyjglDkqnan1MJ3jjqDqNDzXehhueI8uCUGpKp42PrTAhO9qi/RCL96UPI/i/0p6UvZb2hU4gYz ++lD4MuVLbb90pNADcMk+bZOpG0Q1cx5oHL3IMS9ydCnpYdoDV4YoiJttcC6IYolovv/XqoGDA32Wh ++rxkWo8vNXINIKc1nXpSwHhGiw2m7FoS5dN35u/MaOZXmmBqpUXKftYKI8ZwUQNd/rJCdcarh153B ++orexMyFfLNrIjs6lLaQ1YbnhiB6jAeY3aWxkivYK53ZeVQ+5bi/+BypBAg5yrg/xP1tefdU2f4BZ ++rblay47wnfFLR06A37LmJaFoKwJT7bj+6qiSpq+m60Ejqm57B9d6+KBNwyhiQSyR34DmiGTUNnlX ++fr8Bhv/6HuIHKy0AeGagNM8sgk7GzbacM3jlJLha8/LGqg6EL+29M+cbddUyifcagqsiQljbL0+R ++o5slZJE1V2oypjusu5b7pbHRnrVxVdxTvQtd9XN7CPAzCJxjzQNPnffJ+K7GfWBI7ybyQ7I7qp5i ++20bZtbqu9vu7yb8tMwQIfTap5vr8FqvPchXLo7DYpz1I8R4wPXJUa5C2C/+WyRskkLnlI/uRMD5h ++NFs8PiLNzV+bfecOS+0cith6qM3EPCJav+CufwlgVzFpeiInhatKqM+klX4MnTEQKBZP0xwT8Di1 ++rhCPXzhZZdBIKMMbN5tQdjWopJ4iPDOetA7BpYZUtA1Em37A10emel/401PBJSeDm45olI4zmjyq ++HfSmWUoUSJ+RKy6tzglazdALSkmZqnmPLC1lIC2jj0sczI7h5gOj6f7VIVJdehqgFTPJ1IYWi6rA ++5adbqBw3N/977Tk29G74FLifAdmZ5T9fNDoEhH2xyyi7N+bVGkwlg1LDqsiPoOMoAMa1iYhF6gK6 ++jqDOzzHI2R8OnYilPWu5R6u1ynUhGJlU0nVwyO48x+D9eIatYXcWpe1TFBSYOfMsuvsq9ixJO8SF ++CKSATwHQzeTSzldKd5YRZAnnvQ0swYVPjPnyHOgv3TomoC3jhTwMpvemHObZxunzWtjBQKCiJ21L ++suODJ0M5kRwOjuvwCLk3PHiTK2K/qw9Fwp5SzDO+1zKs/L8k/owrboxjrGs2xrxADNaIPsY2u3tk ++NiEvi2lcHZhFUfCW8F4uXvjFG8LTieHNNTpC6/wyrQa3CGYD+vqLEIVOlWYrVV9xgsuuLPPQ90yc ++7eM82PRtQGAABA87D6OPkJUlQFHW6TD9/mcEEFWCxeDK2z9Mh88ekV4OkhQimnfpDJSbL4UXB4KX ++FpGExny46wUTo21HtSzJB8NwL8ZATYxt/lyqyUMJmRt6DBmjX4owggWEBgkqhkiG9w0BBwGgggV1 ++BIIFcTCCBW0wggVpBgsqhkiG9w0BDAoBAqCCBTEwggUtMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3 ++DQEFDDAcBAhkis8dVNcntAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEEuBXM0twriT ++SJGQQCzvsGUEggTQOcmXUvTJgG1gECrJoc/TZkHc47iv4D7N609gkUXU3O+1lSx5PZghJee8VxeA ++kTjbuAtmNjnhqt8LF8w0maDKZjJkn7ewZpMhG6ED1muKWLJxkhV6Z01DotWki3Jp2FSWY8YwGcH6 ++swKmB8l8KgO1IHmMTubmFk67MvNVFUQFCQ6AhODkC9XwTgSPD6KbP4nESkOC/9XakTOAQ9Kui2QY ++/azg2HivSCO4O1vpbHLcnSadoRniICUdtpdZpGAR1/LplgDvyw948RETrugTmJwVi+2Izm7p0dVW ++vYFTM1o/sekiRxTFFNse5mR3pZTX+YDUzTB4cxFZ8drwCSTfHjnEPMPJJonhoP2db/sKl/mHMu/p ++4jfQ1lT3L5fVa0igKzyq2TdeYBOeii+t72+rq7WBbzQtyWj95M3Bax/LgPEFnIuNfOmUuyhP0dRT ++u/g5vvWvbptnBVnlRK0z++yjMICVIlVmMucgTzV028KoKUMRhIbj7g6GBS0nyCZfj82Im2QZaZ1N ++/7F5ESjwwbCSYSA6AX7uJURY419rzPrCvZwpowCao9CjOApvzCyirE/13NffIrFnIfOgdk5tWzyb ++94PqFcPGk/UrHNafkBrlwGpJdlkbUUVthBEl1mNBQ2O0BPATM+HRu9oXhsnGeDqHS3xallqo98rn ++8dZePIjOHbqfRwdDhqRWPXnWFWBZwTR62kErqcFxeEMhN1sevTdgxeX/Nc6uZG3nNyO6+bkOKzn6 ++WUL77kGUGSz53two+vE+4/zevK1V7T5pLEFldIU/w8eDQq2MlDzdoCaOV9nmxAdnmofFbXo/Zs81 ++iLdx9R/z7bm6NHGn0iO+8ZLI4K7o3XdOIAPB+pqufi3nHchNFBTOMC5YOW/ckx8o2gvt33wmy9b0 ++gV4hHvVlRY6n79uXiEAi5QB5xJg4SBC4fqLw1Diy6/W6Hwce9lZhnYz1XYJZi3TRADhDykOFRGuI ++J99Jfb1itYy+VP0OGfei34Zwx+WG+sLeU6IOi07WVMQz8fC+REl03nszWjgxkBOPI99tEWKALXqX ++2whr8x6/050KkguJxPBpO7DanJWL3lXc4Z+qBsi+5ZaXhvX0oaLGP8XSyXpy3CaQKMLKtMC5lVLz ++pOdrIQyakPmLwj6KGCZA/IOrn/MBAuokgF5hg/yD7TmQa4PT1mKyV9ofBAbMMRiWZaCVZhm9Ba9/ ++KkSGDbdLd1cWnLxLYBv6MFiVuZ3DrE8a/3dCXjwcU8eOEMRsb98yhb4IKMnkeKCpyIIqIg5X2hBq ++nlDWJyCxmpF7Lrg2aF1fvad02x7dTi6+QzsU1DiROgDbzwt7dVEeQB+veCjv7NbQSg85xXuP/4Bu ++gEvFYAEgrtMHYTCLHlZpPwuGouYgpY3QPz94rr80TiCW57ZRAVN5Ofg2fC0z8Tjge8qUYWGcwkHJ ++j1RABVO0brwm53a4NSo3kSmrbO1i4kZw1vb0EaD5RRcKpBhKFA/D+W9ZUS/n5UsUbL7Tmz2MvoVk ++b1Uw6gZBt5QPYipilc/pPzkGGOjZPyg/em0aPZjVO7IgfcmlKD1jzFN59dkzstKisEytjVENSkQw ++7XFfDlZQym3ZGFg8xQUiwjHPsFqpwqbt5a5JeQzeVhUyoIUuxaAkN38fOnlYeK8xJTAjBgkqhkiG ++9w0BCRUxFgQUWRctkxPoRFm8/yf5Z+eebpIX5YQwQTAxMA0GCWCGSAFlAwQCAQUABCDED13XxVNx ++Pu/q9xAgfQdlv2+oTXCWKK6IIg3x1VgHmgQI0KiAhfVFdAcCAggA -- 2.39.5