TextSweep

Check-in [7db359029c]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Hotfix for secure app update
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:7db359029c846eabbb86fe6dd4f4a41f24591a39
User & Date: kevin 2017-04-07 22:31:42
Context
2017-04-08
01:53
Hotfix for tls issues on macOS check-in: 5124af622e user: kevin tags: trunk
2017-04-07
22:31
Hotfix for secure app update check-in: 7db359029c user: kevin tags: trunk
2017-04-03
10:09
Update ssl bits check-in: 6ae661a85d user: kevin tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Show Whitespace Changes Patch

Deleted maclibs/tcltls1.7.11/pkgIndex.tcl.

     1         -if {[package vsatisfies [package present Tcl] 8.5]} {
     2         -	package ifneeded tls 1.7.11 [list apply {{dir} {
     3         -		if {{shared} eq "static"} {
     4         -			load {} Tls
     5         -		} else {
     6         -			load [file join $dir tcltls.dylib] Tls
     7         -		}
     8         -
     9         -		set tlsTclInitScript [file join $dir tls.tcl]
    10         -		if {[file exists $tlsTclInitScript]} {
    11         -			source $tlsTclInitScript
    12         -		}
    13         -	}} $dir]
    14         -} elseif {[package vsatisfies [package present Tcl] 8.4]} {
    15         -	package ifneeded tls 1.7.11 [list load [file join $dir tcltls.dylib] Tls]
    16         -}

Deleted maclibs/tcltls1.7.11/tcltls.dylib.

cannot compute difference between binary files

Added scriptlibs/softwareupdate/curl/BUILD-HOMEPAGE.url.

            1  +[InternetShortcut]
            2  +URL=https://github.com/vszakats/harbour-deps

Added scriptlibs/softwareupdate/curl/BUILD-README.txt.

            1  +Visit the project page for details about these builds and the list of changes:
            2  +
            3  +   https://github.com/vszakats/harbour-deps
            4  +
            5  +Please donate to support maintaining these builds:
            6  +
            7  +   PayPal:
            8  +      https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=2DZM6WAGRJWT6
            9  +
           10  +Thank you!

Added scriptlibs/softwareupdate/curl/CHANGES.txt.

            1  +                                  _   _ ____  _
            2  +                              ___| | | |  _ \| |
            3  +                             / __| | | | |_) | |
            4  +                            | (__| |_| |  _ <| |___
            5  +                             \___|\___/|_| \_\_____|
            6  +
            7  +                                  Changelog
            8  +
            9  +Version 7.53.1 (24 Feb 2017)
           10  +
           11  +Daniel Stenberg (24 Feb 2017)
           12  +- release: 7.53.1
           13  +
           14  +- Revert "tests: use consistent environment variables for setting charset"
           15  +  
           16  +  This reverts commit ecd1d020abdae3c3ce3643ddab3106501e62e7c0.
           17  +  
           18  +  That commit caused test failures on my Debian Linux machine for all
           19  +  changed test cases. We need to reconsider how that should get done.
           20  +
           21  +Dan Fandrich (23 Feb 2017)
           22  +- tests: use consistent environment variables for setting charset
           23  +  
           24  +  Character set in POSIX is set by the locale defined (in decreasing order
           25  +  of precedence) by the LC_ALL, LC_CTYPE and LANG environment variables (I
           26  +  believe CHARSET is only historic). LC_ALL is cleared to ensure that
           27  +  LC_CTYPE takes effect, but LC_ALL is not used to set the locale to
           28  +  ensure that other parts of the locale aren't overriden, if set.  Since
           29  +  there doesn't seem to be a cross-platform way of specifying a UTF-8
           30  +  locale, and not all systems may support UTF-8, a <precheck> is used
           31  +  (where relevant) to skip the test if UTF-8 isn't in use.  Test 1035 was
           32  +  also converted to UTF-8 for consistency, as the actual character set
           33  +  used there is irrelevant to the test.
           34  +
           35  +Jay Satiro (23 Feb 2017)
           36  +- url: Default the CA proxy bundle location to CURL_CA_BUNDLE
           37  +  
           38  +  If the compile-time CURL_CA_BUNDLE location is defined use it as the
           39  +  default value for the proxy CA bundle location, which is the same as
           40  +  what we already do for the regular CA bundle location.
           41  +  
           42  +  Ref: https://github.com/curl/curl/pull/1257
           43  +
           44  +Daniel Stenberg (23 Feb 2017)
           45  +- [Sergii Pylypenko brought this change]
           46  +
           47  +  rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header
           48  +  
           49  +  Closes #1285
           50  +
           51  +- TODO: "OPTIONS *"
           52  +  
           53  +  Closes #1280
           54  +
           55  +- RELEASE-NOTES: synced with 443e5b03a7d441
           56  +
           57  +- THANKS-filter: shachaf
           58  +
           59  +- [İsmail Dönmez brought this change]
           60  +
           61  +  tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047
           62  +  
           63  +  Closes #1283
           64  +  Fixes #1277
           65  +
           66  +- bump: 7.53.1 coming up
           67  +  
           68  +  synced with df665f4df0f7a352
           69  +
           70  +- formdata: check for EOF when reading from stdin
           71  +  
           72  +  Reported-by: shachaf@users.noreply.github.com
           73  +  
           74  +  Fixes #1281
           75  +
           76  +Jay Satiro (22 Feb 2017)
           77  +- docs: gitignore curl.1
           78  +  
           79  +  curl.1 is generated by the cmdline-opts script since 4c49b83.
           80  +
           81  +Daniel Stenberg (22 Feb 2017)
           82  +- TODO: HTTP Digest using SHA-256
           83  +
           84  +- TODO: brotli is deployed widely now
           85  +
           86  +Jay Satiro (21 Feb 2017)
           87  +- [Viktor Szakats brought this change]
           88  +
           89  +  urldata: include curl_sspi.h when Windows SSPI is enabled
           90  +  
           91  +  f77dabe broke builds in Windows using Windows SSPI but not Windows SSL.
           92  +  
           93  +  Bug: https://github.com/curl/curl/issues/1276
           94  +  Reported-by: jveazey@users.noreply.github.com
           95  +
           96  +- url: Improve CURLOPT_PROXY_CAPATH error handling
           97  +  
           98  +  - Change CURLOPT_PROXY_CAPATH to return CURLE_NOT_BUILT_IN if the option
           99  +    is not supported, which is the same as what we already do for
          100  +    CURLOPT_CAPATH.
          101  +  
          102  +  - Change the curl tool to handle CURLOPT_PROXY_CAPATH error
          103  +    CURLE_NOT_BUILT_IN as a warning instead of as an error, which is the
          104  +    same as what we already do for CURLOPT_CAPATH.
          105  +  
          106  +  - Fix CAPATH docs to show that CURLE_NOT_BUILT_IN is returned when the
          107  +    respective CAPATH option is not supported by the SSL library.
          108  +  
          109  +  Ref: https://github.com/curl/curl/pull/1257
          110  +
          111  +- cyassl: fix typo
          112  +
          113  +Version 7.53.0 (22 Feb 2017)
          114  +
          115  +Daniel Stenberg (22 Feb 2017)
          116  +- release: 7.53.0
          117  +
          118  +- cookie: fix declaration of 'dup' shadows a global declaration
          119  +
          120  +- TLS: make SSL_VERIFYSTATUS work again
          121  +  
          122  +  The CURLOPT_SSL_VERIFYSTATUS option was not properly handled by libcurl
          123  +  and thus even if the status couldn't be verified, the connection would
          124  +  be allowed and the user would not be told about the failed verification.
          125  +  
          126  +  Regression since cb4e2be7c6d42ca
          127  +  
          128  +  CVE-2017-2629
          129  +  Bug: https://curl.haxx.se/docs/adv_20170222.html
          130  +  
          131  +  Reported-by: Marcus Hoffmann
          132  +
          133  +Jay Satiro (21 Feb 2017)
          134  +- digest_sspi: Handle 'stale=TRUE' directive in HTTP digest
          135  +  
          136  +  - If the server has provided another challenge use it as the replacement
          137  +    input token if stale=TRUE. Otherwise previous credentials have failed
          138  +    so return CURLE_LOGIN_DENIED.
          139  +  
          140  +  Prior to this change the stale directive was ignored and if another
          141  +  challenge was received it would cause error CURLE_BAD_CONTENT_ENCODING.
          142  +  
          143  +  Ref: https://tools.ietf.org/html/rfc2617#page-10
          144  +  
          145  +  Bug: https://github.com/curl/curl/issues/928
          146  +  Reported-by: tarek112@users.noreply.github.com
          147  +
          148  +Daniel Stenberg (20 Feb 2017)
          149  +- smb: use getpid replacement for windows UWP builds
          150  +  
          151  +  Source: https://github.com/Microsoft/vcpkg/blob/7676b8780db1e1e591c4fc7eba4f96f73c428cb4/ports/curl/0002_fix_uwp.patch
          152  +
          153  +- TODO: CURLOPT_RESOLVE for any port number
          154  +  
          155  +  Closes #1264
          156  +
          157  +- RELEASE-NOTES: synced with af30f1152d43dcdb
          158  +
          159  +- [Jean Gressmann brought this change]
          160  +
          161  +  sftp: improved checks for create dir failures
          162  +  
          163  +  Since negative values are errors and not only -1. This makes SFTP upload
          164  +  with --create-dirs work (again).
          165  +  
          166  +  Closes #1269
          167  +
          168  +Jay Satiro (20 Feb 2017)
          169  +- [Max Khon brought this change]
          170  +
          171  +  digest_sspi: Fix nonce-count generation in HTTP digest
          172  +  
          173  +  - on the first invocation: keep security context returned by
          174  +    InitializeSecurityContext()
          175  +  
          176  +  - on subsequent invocations: use MakeSignature() instead of
          177  +    InitializeSecurityContext() to generate HTTP digest response
          178  +  
          179  +  Bug: https://github.com/curl/curl/issues/870
          180  +  Reported-by: Andreas Roth
          181  +  
          182  +  Closes https://github.com/curl/curl/pull/1251
          183  +
          184  +- examples/multi-uv: checksrc compliance
          185  +
          186  +Michael Kaufmann (19 Feb 2017)
          187  +- string formatting: fix 4 printf-style format strings
          188  +
          189  +Dan Fandrich (18 Feb 2017)
          190  +- tests: removed the obsolete name parameter
          191  +
          192  +Michael Kaufmann (18 Feb 2017)
          193  +- speed caps: update the timeouts if the speed is too low/high
          194  +  
          195  +  Follow-up to 4b86113
          196  +  
          197  +  Fixes https://github.com/curl/curl/issues/793
          198  +  Fixes https://github.com/curl/curl/issues/942
          199  +
          200  +- docs: fix timeout handling in multi-uv example
          201  +
          202  +- proxy: fix hostname resolution and IDN conversion
          203  +  
          204  +  Properly resolve, convert and log the proxy host names.
          205  +  Support the "--connect-to" feature for SOCKS proxies and for passive FTP
          206  +  data transfers.
          207  +  
          208  +  Follow-up to cb4e2be
          209  +  
          210  +  Reported-by: Jay Satiro
          211  +  Fixes https://github.com/curl/curl/issues/1248
          212  +
          213  +Jay Satiro (17 Feb 2017)
          214  +- [Isaac Boukris brought this change]
          215  +
          216  +  http: fix missing 'Content-Length: 0' while negotiating auth
          217  +  
          218  +  - While negotiating auth during PUT/POST if a user-specified
          219  +    Content-Length header is set send 'Content-Length: 0'.
          220  +  
          221  +  This is what we do already in HTTPREQ_POST_FORM and what we did in the
          222  +  HTTPREQ_POST case (regression since afd288b).
          223  +  
          224  +  Prior to this change no Content-Length header would be sent in such a
          225  +  case.
          226  +  
          227  +  Bug: https://curl.haxx.se/mail/lib-2017-02/0006.html
          228  +  Reported-by: Dominik Hölzl
          229  +  
          230  +  Closes https://github.com/curl/curl/pull/1242
          231  +
          232  +Daniel Stenberg (16 Feb 2017)
          233  +- [Simon Warta brought this change]
          234  +
          235  +  winbuild: add note on auto-detection of MACHINE in Makefile.vc
          236  +  
          237  +  Closes #1265
          238  +
          239  +- RELEASE-PROCEDURE: update the upcoming release calendar
          240  +
          241  +- TODO: consider file name from the redirected URL with -O ?
          242  +  
          243  +  It isn't easily solved, but with some thinking someone could probably
          244  +  come up with a working approach?
          245  +  
          246  +  Closes #1241
          247  +
          248  +Jay Satiro (15 Feb 2017)
          249  +- tool_urlglob: Allow a glob range with the same start and stop
          250  +  
          251  +  For example allow ranges like [1-1] and [a-a] etc.
          252  +  
          253  +  Regression since 5ca96cb.
          254  +  
          255  +  Bug: https://github.com/curl/curl/issues/1238
          256  +  Reported-by: R. Dennis Steed
          257  +
          258  +Daniel Stenberg (15 Feb 2017)
          259  +- axtls: adapt to API changes
          260  +  
          261  +  Builds with axTLS 2.1.2. This then also breaks compatibility with axTLS
          262  +  < 2.1.0 (the older API)
          263  +  
          264  +  ... and fix the session_id mixup brought in 04b4ee549
          265  +  
          266  +  Fixes #1220
          267  +
          268  +- RELEASE-NOTES: synced with 690935390c29c
          269  +
          270  +- [Nick Draffen brought this change]
          271  +
          272  +  curl: fix typo in time condition warning message
          273  +  
          274  +  The warning message had a typo. The argument long form is --time-cond
          275  +  not --timecond
          276  +  
          277  +  Closes #1263
          278  +
          279  +- smb: code indent
          280  +
          281  +Jay Satiro (14 Feb 2017)
          282  +- configure: Allow disabling pthreads, fall back on Win32 threads
          283  +  
          284  +  When the threaded resolver option is specified for configure the default
          285  +  thread library is pthreads. This change makes it possible to
          286  +  --disable-pthreads and then configure can fall back on Win32 threads for
          287  +  native Windows builds.
          288  +  
          289  +  Closes https://github.com/curl/curl/pull/1260
          290  +
          291  +Daniel Stenberg (13 Feb 2017)
          292  +- http2: fix memory-leak when denying push streams
          293  +  
          294  +  Reported-by: zelinchen@users.noreply.github.com
          295  +  Fixes #1229
          296  +
          297  +Jay Satiro (11 Feb 2017)
          298  +- tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT
          299  +  
          300  +  When CURLE_SSL_CACERT occurs the tool shows a lengthy error message to
          301  +  the user explaining possible solutions such as --cacert and --insecure.
          302  +  
          303  +  This change appends to that message similar options --proxy-cacert and
          304  +  --proxy-insecure when there's a specified HTTPS proxy.
          305  +  
          306  +  Closes https://github.com/curl/curl/issues/1258
          307  +
          308  +Daniel Stenberg (10 Feb 2017)
          309  +- cmdline-opts/page-footer: ftp.sunet.se is no longer an FTP mirror
          310  +
          311  +- URL: only accept ";options" in SMTP/POP3/IMAP URL schemes
          312  +  
          313  +  Fixes #1252
          314  +
          315  +Jay Satiro (9 Feb 2017)
          316  +- cmdline-opts/socks*: Mention --preproxy in --socks* opts
          317  +  
          318  +  - Document in --socks* opts they're still mutually exclusive of --proxy.
          319  +  
          320  +  Partial revert of 423a93c; I had misinterpreted the SOCKS proxy +
          321  +  HTTP/HTTPS proxy combination.
          322  +  
          323  +  - Document in --socks* opts that --preproxy can be used to specify a
          324  +    SOCKS proxy at the same time --proxy is used with an HTTP/HTTPS proxy.
          325  +
          326  +Daniel Stenberg (9 Feb 2017)
          327  +- CURLOPT_SSL_VERIFYPEER.3: also the https proxy version
          328  +
          329  +Kamil Dudka (9 Feb 2017)
          330  +- nss: make FTPS work with --proxytunnel
          331  +  
          332  +  If the NSS code was in the middle of a non-blocking handshake and it
          333  +  was asked to finish the handshake in blocking mode, it unexpectedly
          334  +  continued in the non-blocking mode, which caused a FTPS connection
          335  +  over CONNECT to fail with "(81) Socket not ready for send/recv".
          336  +  
          337  +  Bug: https://bugzilla.redhat.com/1420327
          338  +
          339  +Daniel Stenberg (9 Feb 2017)
          340  +- examples/multithread.c: link to our multi-thread docs
          341  +  
          342  +  ... instead of the OpenSSL mutex page.
          343  +
          344  +- http_proxy: avoid freeing static memory
          345  +  
          346  +  Follow up to 7fe81ec298e0: make sure 'host' is either NULL or malloced.
          347  +
          348  +- [Cameron MacMinn brought this change]
          349  +
          350  +  http_proxy: Fix tiny memory leak upon edge case connecting to proxy
          351  +  
          352  +  Fixes #1255
          353  +
          354  +Michael Kaufmann (8 Feb 2017)
          355  +- polarssl, mbedtls: Fix detection of pending data
          356  +  
          357  +  Reported-by: Dan Fandrich
          358  +  Bug: https://curl.haxx.se/mail/lib-2017-02/0032.html
          359  +
          360  +Dan Fandrich (7 Feb 2017)
          361  +- test1139: Added the --manual keyword since the manual is required
          362  +
          363  +Daniel Stenberg (7 Feb 2017)
          364  +- RELEASE-NOTES: synced with 102454459dd688c
          365  +
          366  +- THANKS-filter: polish some recent contributors
          367  +
          368  +- http2: reset push header counter fixes crash
          369  +  
          370  +  When removing an easy handler from a multi before it completed its
          371  +  transfer, and it had pushed streams, it would segfault due to the pushed
          372  +  counted not being cleared.
          373  +  
          374  +  Fixed-by: zelinchen@users.noreply.github.com
          375  +  Fixes #1249
          376  +
          377  +- [Markus Westerlind brought this change]
          378  +
          379  +  transfer: only retry nobody-requests for HTTP
          380  +  
          381  +  Using sftp to delete a file with CURLOPT_NOBODY set with a reused
          382  +  connection would fail as curl expected to get some data. Thus it would
          383  +  retry the command again which fails as the file has already been
          384  +  deleted.
          385  +  
          386  +  Fixes #1243
          387  +
          388  +Jay Satiro (7 Feb 2017)
          389  +- [Daniel Gustafsson brought this change]
          390  +
          391  +  telnet: Fix typos
          392  +  
          393  +  Ref: https://github.com/curl/curl/pull/1245
          394  +
          395  +- [Daniel Gustafsson brought this change]
          396  +
          397  +  test552: Fix typos
          398  +  
          399  +  Closes https://github.com/curl/curl/pull/1245
          400  +
          401  +- [Daniel Gustafsson brought this change]
          402  +
          403  +  darwinssl: Avoid parsing certificates when not in verbose mode
          404  +  
          405  +  The information extracted from the server certificates in step 3 is only
          406  +  used when in verbose mode, and there is no error handling or validation
          407  +  performed as that has already been done. Only run the certificate
          408  +  information extraction when in verbose mode and libcurl was built with
          409  +  verbose strings.
          410  +  
          411  +  Closes https://github.com/curl/curl/pull/1246
          412  +
          413  +- [JDepooter brought this change]
          414  +
          415  +  schannel: Remove incorrect SNI disabled message
          416  +  
          417  +  - Remove the SNI disabled when host verification disabled message
          418  +    since that is incorrect.
          419  +  
          420  +  - Show a message for legacy versions of Windows <= XP that connections
          421  +    may fail since those versions of WinSSL lack SNI, algorithms, etc.
          422  +  
          423  +  Bug: https://github.com/curl/curl/pull/1240
          424  +
          425  +Daniel Stenberg (7 Feb 2017)
          426  +- CHANGES: spell fix, use correct path to script
          427  +
          428  +- CHANGES.0: removed
          429  +  
          430  +  This is the previously manually edited changelog, not touched since Aug
          431  +  2015. Still present in git for those who wants it.
          432  +
          433  +Dan Fandrich (6 Feb 2017)
          434  +- cmdline-opts: Fixed build and test in out of source tree builds
          435  +
          436  +Viktor Szakats (6 Feb 2017)
          437  +- use *.sourceforge.io and misc URL updates
          438  +  
          439  +  Ref: https://sourceforge.net/blog/introducing-https-for-project-websites/
          440  +  Closes: https://github.com/curl/curl/pull/1247
          441  +
          442  +Jay Satiro (6 Feb 2017)
          443  +- docs: Add more HTTPS proxy documentation
          444  +  
          445  +  - Document HTTPS proxy type.
          446  +  
          447  +  - Document --write-out %{proxy_ssl_verify_result}.
          448  +  
          449  +  - Document SOCKS proxy + HTTP/HTTPS proxy combination.
          450  +  
          451  +  HTTPS proxy support was added in 7.52.0 for OpenSSL, GnuTLS and NSS.
          452  +  
          453  +  Ref: https://github.com/curl/curl/commit/cb4e2be
          454  +
          455  +- OS400: Fix symbols
          456  +  
          457  +  - s/CURLOPT_SOCKS_PROXY/CURLOPT_PRE_PROXY
          458  +    Follow-up to 7907a2b and 845522c.
          459  +  
          460  +  - Fix incorrect id for CURLOPT_PROXY_PINNEDPUBLICKEY.
          461  +  
          462  +  - Add id for CURLOPT_ABSTRACT_UNIX_SOCKET.
          463  +  
          464  +  Bug: https://github.com/curl/curl/issues/1237
          465  +  Reported-by: jonrumsey@users.noreply.github.com
          466  +
          467  +- [Sean Burford brought this change]
          468  +
          469  +  cmake: Support curl --xattr when built with cmake
          470  +  
          471  +  - Test for and set HAVE_FSETXATTR when support for extended file
          472  +    attributes is present.
          473  +  
          474  +  Closes https://github.com/curl/curl/pull/1176
          475  +
          476  +- [Adam Langley brought this change]
          477  +
          478  +  openssl: Don't use certificate after transferring ownership
          479  +  
          480  +  SSL_CTX_add_extra_chain_cert takes ownership of the given certificate
          481  +  while, despite the similar name, SSL_CTX_add_client_CA does not. Thus
          482  +  it's best to call SSL_CTX_add_client_CA before
          483  +  SSL_CTX_add_extra_chain_cert, while the code still has ownership of the
          484  +  argument.
          485  +  
          486  +  Closes https://github.com/curl/curl/pull/1236
          487  +
          488  +Daniel Stenberg (29 Jan 2017)
          489  +- [Antoine Aubert brought this change]
          490  +
          491  +  mbedtls: implement CTR-DRBG and HAVEGE random generators
          492  +  
          493  +  closes #1227
          494  +
          495  +- docs: we no longer ship HTML versions of man pages
          496  +  
          497  +  ... refer to the web site for the web versions.
          498  +
          499  +- [railsnewbie257 brought this change]
          500  +
          501  +  docs: proofread README.netware README.win32
          502  +  
          503  +  Closes #1231
          504  +
          505  +- RELEASE-NOTES; synced with ab08d82648
          506  +
          507  +Michael Kaufmann (28 Jan 2017)
          508  +- mbedtls: disable TLS session tickets
          509  +  
          510  +  SSL session reuse with TLS session tickets is not supported yet.
          511  +  Use SSL session IDs instead.
          512  +  
          513  +  See https://github.com/curl/curl/issues/1109
          514  +
          515  +- gnutls: disable TLS session tickets
          516  +  
          517  +  SSL session reuse with TLS session tickets is not supported yet.
          518  +  Use SSL session IDs instead.
          519  +  
          520  +  Fixes https://github.com/curl/curl/issues/1109
          521  +
          522  +- polarssl: fix hangs
          523  +  
          524  +  This bugfix is similar to commit c111178bd4.
          525  +
          526  +Daniel Stenberg (27 Jan 2017)
          527  +- cookies: do not assume a valid domain has a dot
          528  +  
          529  +  This repairs cookies for localhost.
          530  +  
          531  +  Non-PSL builds will now only accept "localhost" without dots, while PSL
          532  +  builds okeys everything not listed as PSL.
          533  +  
          534  +  Added test 1258 to verify.
          535  +  
          536  +  This was a regression brought in a76825a5efa6b4
          537  +
          538  +- TODO: remove "Support TLS v1.3"
          539  +  
          540  +  Support is trickling in already.
          541  +
          542  +- [railsnewbie257 brought this change]
          543  +
          544  +  INTERNALS.md: language improvements
          545  +  
          546  +  Closes #1226
          547  +
          548  +- telnet: fix windows compiler warnings
          549  +  
          550  +  Thumbs-up-by: Jay Satiro
          551  +  
          552  +  Closes #1225
          553  +
          554  +- VC: remove the makefile.vc6 build infra
          555  +  
          556  +  The winbuild/ build files is now the single MSVC makefile build choice.
          557  +  
          558  +  Closes #1215
          559  +
          560  +- [Jay Satiro brought this change]
          561  +
          562  +  cmdline-opts/gen.pl: Open input files in CRLF mode
          563  +  
          564  +  On Windows it's possible to have input files with CRLF line endings and
          565  +  a perl that defaults to LF line endings (eg msysgit). Currently that
          566  +  results in generator output of mixed line endings of CR, LF and CRLF.
          567  +  
          568  +  This change fixes that issue in the most succinct way by opening the
          569  +  files in :crlf text mode even when the perl being used does not default
          570  +  to that mode. (On operating systems that don't have a separate text mode
          571  +  it's essentially a no-op.) The output continues to be in the perl's
          572  +  native line ending.
          573  +
          574  +- docs/curl.1: generate from the cmdline-opts script
          575  +
          576  +- vtls: source indentation fix
          577  +
          578  +- contri*.sh: cut off parentheses from names too
          579  +
          580  +- RELEASE-NOTES: synced with 01ab7c30bba6f
          581  +
          582  +- vtls: fix PolarSSL non-blocking handling
          583  +  
          584  +  A regression brought in cb4e2be
          585  +  
          586  +  Reported-by: Michael Kaufmann
          587  +  Bug: https://github.com/curl/curl/issues/1174#issuecomment-274018791
          588  +
          589  +- [Antoine Aubert brought this change]
          590  +
          591  +  vtls: fix mbedtls multi non blocking handshake.
          592  +  
          593  +  When using multi, mbedtls handshake is in non blocking mode.  vtls must
          594  +  set wait for read/write flags for the socket.
          595  +  
          596  +  Closes #1223
          597  +
          598  +- [Richy Kim brought this change]
          599  +
          600  +  CURLOPT_BUFFERSIZE: support enlarging receive buffer
          601  +  
          602  +  Replace use of fixed macro BUFSIZE to define the size of the receive
          603  +  buffer.  Reappropriate CURLOPT_BUFFERSIZE to include enlarging receive
          604  +  buffer size.  Upon setting, resize buffer if larger than the current
          605  +  default size up to a MAX_BUFSIZE (512KB). This can benefit protocols
          606  +  like SFTP.
          607  +  
          608  +  Closes #1222
          609  +
          610  +- sws: use SOCKERRNO, not errno
          611  +  
          612  +  Reported-by: Gisle Vanem
          613  +
          614  +Michael Kaufmann (19 Jan 2017)
          615  +- KNOWN_BUGS: HTTP/2 server push enabled when no pushes can be accepted
          616  +  
          617  +  This has been implemented with commit 9ad034e.
          618  +
          619  +Viktor Szakats (19 Jan 2017)
          620  +- *.rc: escape non-ASCII/non-UTF-8 character for clarity
          621  +  
          622  +  Closes https://github.com/curl/curl/pull/1217
          623  +
          624  +Kamil Dudka (19 Jan 2017)
          625  +- docs: non-blocking SSL handshake is now supported with NSS
          626  +  
          627  +  Implemented since curl-7_36_0-130-g8868a22
          628  +  
          629  +  Reported-by: Fahim Chandurwala
          630  +
          631  +Michael Kaufmann (18 Jan 2017)
          632  +- CURLOPT_CONNECT_TO: Fix compile warnings
          633  +  
          634  +  Fix compile warnings that appeared only when curl has been configured
          635  +  with '--disable-verbose'.
          636  +
          637  +Daniel Stenberg (18 Jan 2017)
          638  +- usercertinmem.c: improve the short description
          639  +
          640  +- parseurl: move back buffer to function scope
          641  +  
          642  +  Regression since 1d4202ad, which moved the buffer into a more narrow
          643  +  scope, but the data in that buffer was used outside of that more narrow
          644  +  scope.
          645  +  
          646  +  Reported-by: Dan Fandrich
          647  +  Bug: https://curl.haxx.se/mail/lib-2017-01/0093.html
          648  +
          649  +Jay Satiro (17 Jan 2017)
          650  +- openssl: Fix random generation
          651  +  
          652  +  - Fix logic error in Curl_ossl_random.
          653  +  
          654  +  Broken a few days ago in 807698d.
          655  +
          656  +Daniel Stenberg (17 Jan 2017)
          657  +- TODO: share OpenSSL contexts
          658  +  
          659  +  By supporting this, subsequent connects would load a lot less data from
          660  +  disk.
          661  +  
          662  +  Closes #1110
          663  +
          664  +- bump: next release will be 7.53.0
          665  +
          666  +Kamil Dudka (15 Jan 2017)
          667  +- nss: use the correct lock in nss_find_slot_by_name()
          668  +
          669  +Alessandro Ghedini (15 Jan 2017)
          670  +- http2: disable server push if not requested
          671  +  
          672  +  Ref: https://github.com/curl/curl/pull/1160
          673  +
          674  +Daniel Stenberg (14 Jan 2017)
          675  +- [railsnewbie257 brought this change]
          676  +
          677  +  docs: improved language in README.md HISTORY.md CONTRIBUTE.md
          678  +  
          679  +  Closes #1211
          680  +
          681  +Alessandro Ghedini (14 Jan 2017)
          682  +- http: print correct HTTP string in verbose output when using HTTP/2
          683  +  
          684  +  Before:
          685  +  ```
          686  +   % src/curl https://sigsegv.ninja/ -v --http2
          687  +  ...
          688  +  > GET / HTTP/1.1
          689  +  > Host: sigsegv.ninja
          690  +  > User-Agent: curl/7.52.2-DEV
          691  +  > Accept: */*
          692  +  >
          693  +  ...
          694  +  ```
          695  +  
          696  +  After:
          697  +  ```
          698  +   % src/curl https://sigsegv.ninja/ -v --http2
          699  +  ...
          700  +  > GET / HTTP/2
          701  +  > Host: sigsegv.ninja
          702  +  > User-Agent: curl/7.52.2-DEV
          703  +  > Accept: */*
          704  +  >
          705  +  ```
          706  +
          707  +Daniel Stenberg (14 Jan 2017)
          708  +- TODO: send only part of --data
          709  +  
          710  +  Closes #1200
          711  +
          712  +- TODO: implemened "--fail-fast to exit on first transfer fail"
          713  +  
          714  +  Even though it is called --fail-early
          715  +
          716  +- TODO: Chunked transfer multipart formpost
          717  +  
          718  +  Closes #1139
          719  +
          720  +- TODO: Improve formpost API, not just add an easy argument
          721  +
          722  +- addrinfo: fix compiler warning on offsetof() use
          723  +  
          724  +  curl_addrinfo.c:519:20: error: conversion to ‘curl_socklen_t {aka
          725  +  unsigned int}’ from ‘long unsigned int’ may alter its value
          726  +  [-Werror=conversion]
          727  +  
          728  +  Follow-up to 1d786faee1046f
          729  +
          730  +- THANKS-filter: Jiri Malak
          731  +
          732  +- RELEASE-NOTES: synced with a7c73ae309c
          733  +
          734  +Peter Wu (13 Jan 2017)
          735  +- [Isaac Boukris brought this change]
          736  +
          737  +  unix_socket: add support for abstract unix domain socket
          738  +  
          739  +  In addition to unix domain sockets, Linux also supports an
          740  +  abstract namespace which is independent of the filesystem.
          741  +  
          742  +  In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET
          743  +  option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH
          744  +  internally, along with a flag to specify abstract socket.
          745  +  
          746  +  On non-supporting platforms, the abstract address will be
          747  +  interpreted as an empty string and fail gracefully.
          748  +  
          749  +  Also add new --abstract-unix-socket tool parameter.
          750  +  
          751  +  Signed-off-by: Isaac Boukris <iboukris@gmail.com>
          752  +  Reported-by: Chungtsun Li (typeless)
          753  +  Reviewed-by: Daniel Stenberg
          754  +  Reviewed-by: Peter Wu
          755  +  Closes #1197
          756  +  Fixes #1061
          757  +
          758  +Daniel Stenberg (13 Jan 2017)
          759  +- write-out.d: 'time_total' is not always shown with ms precision
          760  +  
          761  +  We have higher resolution since 7.52.0
          762  +
          763  +- next.d: --trace and --trace-ascii are also global
          764  +
          765  +- [Isaac Boukris brought this change]
          766  +
          767  +  curl: reset the easy handle at --next
          768  +  
          769  +  So that only "global" options (verbose mostly) survive into the next
          770  +  transfer, and the others have to be set again unless default is fine.
          771  +
          772  +- [Frank Gevaerts brought this change]
          773  +
          774  +  docs: Add note about libcurl copying strings to CURLOPT_* manpages
          775  +  
          776  +  Closes #1169
          777  +
          778  +- [Frank Gevaerts brought this change]
          779  +
          780  +  CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char*
          781  +
          782  +- IDN: Use TR46 non-transitional
          783  +  
          784  +  Assisted-by: Tim Rühsen
          785  +
          786  +- IDN: revert use of the transitional option
          787  +  
          788  +  It made the german ß get converted to ss, IDNA2003 style, and we can't
          789  +  have that for the .de TLD - a primary reason for our switch to IDNA2008.
          790  +  
          791  +  Test 165 verifies.
          792  +
          793  +- [Tim Rühsen brought this change]
          794  +
          795  +  IDN: Fix compile time detection of linidn2 TR46
          796  +  
          797  +  Follow-up to f30cbcac1
          798  +  
          799  +  Closes #1207
          800  +
          801  +- [ERAMOTO Masaya brought this change]
          802  +
          803  +  url: --noproxy option overrides NO_PROXY environment variable
          804  +  
          805  +  Under condition using http_proxy env var, noproxy list was the
          806  +  combination of --noproxy option and NO_PROXY env var previously. Since
          807  +  this commit, --noproxy option overrides NO_PROXY environment variable
          808  +  even if use http_proxy env var.
          809  +  
          810  +  Closes #1140
          811  +
          812  +- [ERAMOTO Masaya brought this change]
          813  +
          814  +  url: Refactor detect_proxy()
          815  +  
          816  +  If defined CURL_DISABLE_HTTP, detect_proxy() returned NULL. If not
          817  +  defined CURL_DISABLE_HTTP, detect_proxy() checked noproxy list.
          818  +  
          819  +  Thus refactor to set proxy to NULL instead of calling detect_proxy() if
          820  +  define CURL_DISABLE_HTTP, and refactor to call detect_proxy() if not
          821  +  define CURL_DISABLE_HTTP and the host is not in the noproxy list.
          822  +
          823  +- [ERAMOTO Masaya brought this change]
          824  +
          825  +  url: Fix NO_PROXY env var to work properly with --proxy option.
          826  +  
          827  +  The combination of --noproxy option and http_proxy env var works well
          828  +  both for proxied hosts and non-proxied hosts.
          829  +  
          830  +  However, when combining NO_PROXY env var with --proxy option,
          831  +  non-proxied hosts are not reachable while proxied host is OK.
          832  +  
          833  +  This patch allows us to access non-proxied hosts even if using NO_PROXY
          834  +  env var with --proxy option.
          835  +
          836  +- [Tim Rühsen brought this change]
          837  +
          838  +  IDN: Use TR46 'transitional' for toASCII translations
          839  +  
          840  +  References: http://unicode.org/faq/idn.html
          841  +              http://unicode.org/reports/tr46
          842  +  
          843  +  Closes #1206
          844  +
          845  +- [railsnewbie257 brought this change]
          846  +
          847  +  docs: FAQ MAIL-ETIQUETTE language fixes
          848  +  
          849  +  Closes #1194
          850  +
          851  +- [Marcus Hoffmann brought this change]
          852  +
          853  +  gnutls: check for alpn and ocsp in configure
          854  +  
          855  +  Check for presence of gnutls_alpn_* and gnutls_ocsp_* functions during
          856  +  configure instead of relying on the version number.  GnuTLS has options
          857  +  to turn these features off and we ca just work with with such builds
          858  +  like we work with older versions.
          859  +  
          860  +  Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
          861  +  
          862  +  Closes #1204
          863  +
          864  +Jay Satiro (12 Jan 2017)
          865  +- url: Fix parsing for when 'file' is the default protocol
          866  +  
          867  +  Follow-up to 3463408.
          868  +  
          869  +  Prior to 3463408 file:// hostnames were silently stripped.
          870  +  
          871  +  Prior to this commit it did not work when a schemeless url was used with
          872  +  file as the default protocol.
          873  +  
          874  +  Ref: https://curl.haxx.se/mail/lib-2016-11/0081.html
          875  +  Closes https://github.com/curl/curl/pull/1124
          876  +  
          877  +  Also fix for drive letters:
          878  +  
          879  +  - Support --proto-default file c:/foo/bar.txt
          880  +  
          881  +  - Support file://c:/foo/bar.txt
          882  +  
          883  +  - Fail when a file:// drive letter is detected and not MSDOS/Windows.
          884  +  
          885  +  Bug: https://github.com/curl/curl/issues/1187
          886  +  Reported-by: Anatol Belski
          887  +  Assisted-by: Anatol Belski
          888  +
          889  +Daniel Stenberg (12 Jan 2017)
          890  +- rand: make it work without TLS backing
          891  +  
          892  +  Regression introduced in commit f682156a4fc6c4
          893  +  
          894  +  Reported-by: John Kohl
          895  +  Bug: https://curl.haxx.se/mail/lib-2017-01/0055.html
          896  +
          897  +Jay Satiro (12 Jan 2017)
          898  +- STARTTLS: Don't print response character in denied messages
          899  +  
          900  +  Both IMAP and POP3 response characters are used internally, but when
          901  +  appended to the STARTTLS denial message likely could confuse the user.
          902  +  
          903  +  Closes https://github.com/curl/curl/pull/1203
          904  +
          905  +- smtp: Fix STARTTLS denied error message
          906  +  
          907  +  - Format the numeric denial code as an integer instead of a character.
          908  +
          909  +Daniel Stenberg (11 Jan 2017)
          910  +- http2_send: avoid unsigned integer wrap around
          911  +  
          912  +  ... when checking for a too large request.
          913  +
          914  +Jay Satiro (9 Jan 2017)
          915  +- [Jiri Malak brought this change]
          916  +
          917  +  cmake: Fix passing _WINSOCKAPI_ macro to compiler
          918  +  
          919  +  Define _WINSOCKAPI_ blank rather than to 1 in order to match the value
          920  +  used by Microsoft's winsock header files.
          921  +  
          922  +  Closes https://github.com/curl/curl/pull/1195
          923  +
          924  +Daniel Stenberg (9 Jan 2017)
          925  +- sws: retry send() on EWOULDBLOCK
          926  +  
          927  +  Fixes spurious test 1060 and 1061 failures on OpenBSD, Solaris and more.
          928  +  
          929  +  Bug: https://curl.haxx.se/mail/lib-2017-01/0009.html
          930  +  Reported-by: Christian Weisgerber
          931  +
          932  +- RELEASE-NOTES: synced with a41e8592d6b3e58
          933  +
          934  +- examples: make the C++ examples follow our code style too
          935  +  
          936  +  At least mostly, not counting // comments.
          937  +
          938  +- [Aulddays brought this change]
          939  +
          940  +  asiohiper: improved socket handling
          941  +  
          942  +  libcurl requires CURLMOPT_SOCKETFUNCTION to KEEP watching socket events
          943  +  and notify back. Modify event_cb() to continue watching events when
          944  +  fired.
          945  +  
          946  +  Fixes #1191
          947  +  Closes #1192
          948  +  Fixed-by: Mingliang Zhu
          949  +
          950  +- [Jiří Malák brought this change]
          951  +
          952  +  lib506: fix build for Open Watcom
          953  +  
          954  +  Rename symbol lock to locks to not clash with OW CRTL function name.
          955  +  
          956  +  Closes #1196
          957  +
          958  +- ROADMAP: 2017 cleanup
          959  +  
          960  +  Removed items already fixed, clarified a few others.
          961  +
          962  +- COPYING: update the generic copyright year range
          963  +
          964  +- docs/silent: mention --show-error in --silent description
          965  +  
          966  +  Reported in #1190
          967  +  Reported-by: Dan Jacobson
          968  +
          969  +- docs/page-header: mention how to disable the progress meter
          970  +  
          971  +  curl.1 is regenerated
          972  +  
          973  +  Fixes #1190
          974  +
          975  +Dan Fandrich (7 Jan 2017)
          976  +- wolfssl: display negotiated SSL version and cipher
          977  +
          978  +- wolfssl: support setting cipher list
          979  +
          980  +Patrick Monnerat (6 Jan 2017)
          981  +- CIPHERS.md: document GSKit ciphers
          982  +
          983  +Jay Satiro (5 Jan 2017)
          984  +- [peterpih brought this change]
          985  +
          986  +  TheArtOfHttpScripting: grammar
          987  +
          988  +Nick Zitzmann (3 Jan 2017)
          989  +- darwinssl: --insecure overrides --cacert if both settings are in use
          990  +  
          991  +  Fixes #1184
          992  +
          993  +Jay Satiro (2 Jan 2017)
          994  +- docs/libcurl: TCP_KEEPALIVE start and interval default to 60
          995  +  
          996  +  Since the TCP keep-alive options were added in 705f0f7 the start and
          997  +  interval default values have been 60, but that wasn't documented.
          998  +  
          999  +  Bug: https://curl.haxx.se/mail/lib-2017-01/0000.html
         1000  +  Reported-by: Praveen Pvs
         1001  +
         1002  +Daniel Stenberg (29 Dec 2016)
         1003  +- curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use
         1004  +  
         1005  +  This error code was once introduced when some library was dynamically
         1006  +  loaded and a funciton within said library couldn't be found.
         1007  +
         1008  +- content_encoding: change return code on a failure
         1009  +  
         1010  +  Failure to decompress is now a write error instead of the weird
         1011  +  "function not found".
         1012  +
         1013  +- page-footer: error 36 is protocol agnostic!
         1014  +
         1015  +Jay Satiro (28 Dec 2016)
         1016  +- tool_operate: Fix --remote-time incorrect times on Windows
         1017  +  
         1018  +  - Use Windows API SetFileTime to set the file time instead of utime.
         1019  +  
         1020  +  Avoid utime on Windows if possible because it may apply a daylight
         1021  +  saving time offset to our UTC file time.
         1022  +  
         1023  +  Bug: https://curl.haxx.se/mail/archive-2016-11/0033.html
         1024  +  Reported-by: Tim
         1025  +  
         1026  +  Closes https://github.com/curl/curl/pull/1121
         1027  +
         1028  +Daniel Stenberg (29 Dec 2016)
         1029  +- [Max Khon brought this change]
         1030  +
         1031  +  digest_sspi: copy terminating NUL as well
         1032  +  
         1033  +  Curl_auth_decode_digest_http_message(): copy terminating NUL as later
         1034  +  Curl_override_sspi_http_realm() expects a NUL-terminated string.
         1035  +  
         1036  +  Fixes #1180
         1037  +
         1038  +- curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked
         1039  +  
         1040  +  Mentioned in #1013
         1041  +
         1042  +- [Kyselgov E.N brought this change]
         1043  +
         1044  +  cmake: use crypt32.lib when building with OpenSSL on windows
         1045  +  
         1046  +  Reviewed-by: Peter Wu
         1047  +  Closes #1149
         1048  +  Fixes #1147
         1049  +
         1050  +- [Chris Araman brought this change]
         1051  +
         1052  +  darwinssl: fix CFArrayRef leak
         1053  +  
         1054  +  Reviewed-by: Nick Zitzmann
         1055  +  Closes #1173
         1056  +
         1057  +- [Chris Araman brought this change]
         1058  +
         1059  +  darwinssl: fix iOS build
         1060  +  
         1061  +  Reviewed-by: Nick Zitzmann
         1062  +  Fixes #1172
         1063  +
         1064  +- curl: remove superfluous include file
         1065  +  
         1066  +  The <netinet/tcp.h> is a leftover from the past when TCP socket options
         1067  +  were set in this file. This include causes build issues on AIX 4.3.
         1068  +  
         1069  +  Reported-by: Kim Minjoong
         1070  +  
         1071  +  Closes #1178
         1072  +
         1073  +- RELEASE-NOTES: synced with a7b38c9dc98481e
         1074  +
         1075  +- vtls: s/SSLEAY/OPENSSL
         1076  +  
         1077  +  Fixed an old leftover use of the USE_SSLEAY define which would make a
         1078  +  socket get removed from the applications sockets to monitor when the
         1079  +  multi_socket API was used, leading to timeouts.
         1080  +  
         1081  +  Bug: #1174
         1082  +
         1083  +- docs/ciphers: link to our own new page about ciphers
         1084  +  
         1085  +  ... as the former ones always go stale!
         1086  +
         1087  +- cmdline-opts/page-footer: add three more exit codes
         1088  +  
         1089  +  ... and regenerated curl.1
         1090  +
         1091  +- formdata: use NULL, not 0, when returning pointers
         1092  +
         1093  +- ftp: failure to resolve proxy should return that error code
         1094  +
         1095  +- configure: accept --with-libidn2 instead
         1096  +  
         1097  +  ... which the help text already implied since we switched to libidn2
         1098  +  from libidn in commit 9c91ec778104ae3b back in October 2016.
         1099  +  
         1100  +  Reported-by: Christian Weisgerber
         1101  +  Bug: https://curl.haxx.se/mail/lib-2016-12/0110.html
         1102  +
         1103  +- test1282: verify the ftp-gss check
         1104  +
         1105  +- ftp-gss: check for init before use
         1106  +  
         1107  +  To avoid dereferencing a NULL pointer.
         1108  +  
         1109  +  Reported-by: Daniel Romero
         1110  +
         1111  +Jay Satiro (24 Dec 2016)
         1112  +- build-wolfssl: Sync config with wolfSSL 3.10
         1113  +  
         1114  +  wolfSSL configure script relevant changes from 3.9 to 3.10:
         1115  +  
         1116  +  - DES3 no longer enabled by default
         1117  +  - Shamir no longer enabled by default
         1118  +  - Extended master secret enabled by default
         1119  +  - RSA and ECC timing protections enabled by default
         1120  +  
         1121  +  For backwards compatibility I enabled DES3 and ECC shamir config options
         1122  +  (ie no change from 3.9), and the other changes are included.
         1123  +
         1124  +- cyassl: use time_t instead of long for timeout
         1125  +
         1126  +Daniel Stenberg (23 Dec 2016)
         1127  +- bump: toward next release
         1128  +
         1129  +- http: remove "Curl_http_done: called premature" message
         1130  +  
         1131  +  ... it only confuses people.
         1132  +
         1133  +- openssl-random: check return code when asking for random
         1134  +  
         1135  +  and fail appropriately if it returns error
         1136  +
         1137  +- gnutls-random: check return code for failed random
         1138  +
         1139  +Version 7.52.1 (22 Dec 2016)
         1140  +
         1141  +Daniel Stenberg (22 Dec 2016)
         1142  +- RELEASE-NOTES: curl 7.52.1
         1143  +
         1144  +- lib557.c: use a shorter MAXIMIZE representation
         1145  +  
         1146  +  Since several compilers had problems with the previous one
         1147  +  
         1148  +  Reported-by: Ray Satiro
         1149  +  Bug: https://curl.haxx.se/mail/lib-2016-12/0098.html
         1150  +
         1151  +- runtests: remove the valgrind parser
         1152  +  
         1153  +  Old legacy parsing that 1) hid problems for us and 2) probably isn't
         1154  +  needed anymore.
         1155  +
         1156  +- [Kamil Dudka brought this change]
         1157  +
         1158  +  randit: store the value in the buffer
         1159  +
         1160  +- tests/Makefile: run checksrc on debug builds
         1161  +  
         1162  +  ... just like we already do in src/ and lib/
         1163  +
         1164  +- lib557: move the "enable LONGLINE" to allow more long lines
         1165  +  
         1166  +  This file is riddled with them...
         1167  +
         1168  +- bump: toward next release
         1169  +
         1170  +Marcel Raad (21 Dec 2016)
         1171  +- lib: fix MSVC compiler warnings
         1172  +  
         1173  +  Visual C++ complained:
         1174  +  warning C4267: '=': conversion from 'size_t' to 'long', possible loss of data
         1175  +  warning C4701: potentially uninitialized local variable 'path' used
         1176  +
         1177  +Version 7.52.0 (20 Dec 2016)
         1178  +
         1179  +Daniel Stenberg (20 Dec 2016)
         1180  +- THANKS: 13 new contributors from 7.52.0
         1181  +
         1182  +- RELEASE-NOTES: 7.52.0
         1183  +
         1184  +- ssh: inhibit coverity warning with (void)
         1185  +  
         1186  +  CID 1397391 (#1 of 1): Unchecked return value (CHECKED_RETURN)
         1187  +
         1188  +- Curl_recv_has_postponed_data: silence compiler warnings
         1189  +  
         1190  +  Follow-up to d00f2a8f2
         1191  +
         1192  +Jay Satiro (19 Dec 2016)
         1193  +- tests: checksrc compliance
         1194  +
         1195  +- http_proxy: Fix proxy CONNECT hang on pending data
         1196  +  
         1197  +  - Check for pending data before waiting on the socket.
         1198  +  
         1199  +  Bug: https://github.com/curl/curl/issues/1156
         1200  +  Reported-by: Adam Langley
         1201  +
         1202  +Daniel Stenberg (19 Dec 2016)
         1203  +- cmdline-opts/tlsv1.d: rephrased
         1204  +
         1205  +- [Dan McNulty brought this change]
         1206  +
         1207  +  schannel: fix wildcard cert name validation on Win CE
         1208  +  
         1209  +  Fixes a few issues in manual wildcard cert name validation in
         1210  +  schannel support code for Win32 CE:
         1211  +  - when comparing the wildcard name to the hostname, the wildcard
         1212  +    character was removed from the cert name and the hostname
         1213  +    was checked to see if it ended with the modified cert name.
         1214  +    This allowed cert names like *.com to match the connection
         1215  +    hostname. This violates recommendations from RFC 6125.
         1216  +  - when the wildcard name in the certificate is longer than the
         1217  +    connection hostname, a buffer overread of the connection
         1218  +    hostname buffer would occur during the comparison of the
         1219  +    certificate name and the connection hostname.
         1220  +
         1221  +- printf: fix floating point buffer overflow issues
         1222  +  
         1223  +  ... and add a bunch of floating point printf tests
         1224  +
         1225  +- config-amigaos.h: (embarrassed) made the line shorter
         1226  +
         1227  +- config-amigaos.h: fix bug report email reference
         1228  +
         1229  +- RELEASE-NOTES: synced with 4517158abfeba
         1230  +
         1231  +- CIPHERS.md: backtick the names to show underscores fine
         1232  +
         1233  +- form-string.d: fix format mistake
         1234  +  
         1235  +  and regenerated curl.1
         1236  +  
         1237  +  Reported-by: Gisle Vanem
         1238  +
         1239  +Michael Kaufmann (18 Dec 2016)
         1240  +- openssl: simplify expression in Curl_ossl_version
         1241  +
         1242  +- curl_easy_recv: Improve documentation and example program
         1243  +  
         1244  +  Follow-up to 82245ea: Fix the example program sendrecv.c (handle
         1245  +  CURLE_AGAIN, handle incomplete send). Improve the documentation
         1246  +  for curl_easy_recv() and curl_easy_send().
         1247  +  
         1248  +  Reviewed-by: Frank Meier
         1249  +  Assisted-by: Jay Satiro
         1250  +  
         1251  +  See https://github.com/curl/curl/pull/1134
         1252  +
         1253  +- [Isaac Boukris brought this change]
         1254  +
         1255  +  Curl_getconnectinfo: avoid checking if the connection is closed
         1256  +  
         1257  +  It doesn't benefit us much as the connection could get closed at
         1258  +  any time, and also by checking we lose the ability to determine
         1259  +  if the socket was closed by reading zero bytes.
         1260  +  
         1261  +  Reported-by: Michael Kaufmann
         1262  +  
         1263  +  Closes https://github.com/curl/curl/pull/1134
         1264  +
         1265  +Daniel Stenberg (18 Dec 2016)
         1266  +- CIPHERS.md: attempt to document TLS cipher names
         1267  +  
         1268  +  As the official docs seems really hard to keep track of and link to over
         1269  +  time
         1270  +
         1271  +- curl.1: generated after 6cce4dbf830
         1272  +
         1273  +- cmdline-opts/post30X.d: fix the RFC references
         1274  +
         1275  +- curl.1: regenerated
         1276  +  
         1277  +  Fixed trailing whitespace and numerous formatting glitches
         1278  +
         1279  +- cmdline-opts: formatting fixes
         1280  +
         1281  +- curl_easy_setopt.3: removed CURLOPT_SOCKS_PROXYTYPE
         1282  +
         1283  +- tool_getparam.c: make comments use the up-to-date option names
         1284  +
         1285  +- manpage-scan.pl: allow deprecated options to get removed from curl.1
         1286  +  
         1287  +  --krb4, --ftp-ssl and --ftp-ssl-reqd no longer need to be documented in the
         1288  +  man page
         1289  +
         1290  +- cmdline-opts/gen.pl: trim off trailing spaces
         1291  +
         1292  +- cmdline-opts/proxy-tlsuser.d: remove trailing .d
         1293  +
         1294  +- curl_easy_setopt.3: CURLOPT_PRE_PROXY instead of CURLOPT_SOCKS_PROXY
         1295  +
         1296  +- symbols: removed two, added one
         1297  +
         1298  +- cmdline-opts: include the man page split up files in the dist
         1299  +
         1300  +- curl.1: generated with gen.pl
         1301  +  
         1302  +  This is the first time we replace the manually edited curt.1 with the
         1303  +  generated one created by gen.pl and the individual option documentation
         1304  +  pages.
         1305  +  
         1306  +  Do not edit this file, edit the individual pages and regenerate this
         1307  +  output.
         1308  +  
         1309  +  This file will be generated by the build system soon and then removed
         1310  +  from git.
         1311  +
         1312  +- cmdline-opts: added some missing info
         1313  +
         1314  +- CURLINFO_SSL_VERIFYRESULT.3: language
         1315  +
         1316  +- HTTPS-PROXY docs: update/polish
         1317  +
         1318  +- cmdline-opts/page-header: mention it is generated
         1319  +  
         1320  +  ... to avoid people from trying to edit the pending curl.1 version that
         1321  +  gets generated by gen.pl
         1322  +
         1323  +- preproxy: renamed what was added as SOCKS_PROXY
         1324  +  
         1325  +  CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY
         1326  +  
         1327  +  Added the corresponding --preroxy command line option. Sets a SOCKS
         1328  +  proxy to connect to _before_ connecting to a HTTP(S) proxy.
         1329  +
         1330  +- curl: normal socks proxies still use CURLOPT_PROXY
         1331  +  
         1332  +  ... the newly introduced CURLOPT_SOCKS_PROXY is special and should be
         1333  +  asked for specially. (Needs new code.)
         1334  +  
         1335  +  Unified proxy type to a single variable in the config struct.
         1336  +
         1337  +- CURLOPT_SOCKS_PROXYTYPE: removed
         1338  +  
         1339  +  This was added as part of the SOCKS+HTTPS proxy merge but there's no
         1340  +  need to support this as we prefer to have the protocol specified as a
         1341  +  prefix instead.
         1342  +
         1343  +- curl_multi_socket.3: fix typo
         1344  +
         1345  +- checksrc: warn for assignments within if() expressions
         1346  +  
         1347  +  ... they're already frowned upon in our source code style guide, this
         1348  +  now enforces the rule harder.
         1349  +
         1350  +- checksrc: stricter no-space-before-paren enforcement
         1351  +  
         1352  +  In order to make the code style more uniform everywhere
         1353  +
         1354  +- ISSUE_TEMPLATE: try mentioning known bugs/todo in new issue template
         1355  +
         1356  +- RELEASE-NOTES: synced with 71a55534fa6
         1357  +
         1358  +- [Adam Langley brought this change]
         1359  +
         1360  +  openssl: don't use OpenSSL's ERR_PACK.
         1361  +  
         1362  +  ERR_PACK is an internal detail of OpenSSL. Also, when using it, a
         1363  +  function name must be specified which is overly specific: the test will
         1364  +  break whenever OpenSSL internally change things so that a different
         1365  +  function creates the error.
         1366  +  
         1367  +  Closes #1157
         1368  +
         1369  +Dan Fandrich (5 Dec 2016)
         1370  +- test2032: Mark test as flaky
         1371  +
         1372  +Jay Satiro (3 Dec 2016)
         1373  +- [Jeremy Pearson brought this change]
         1374  +
         1375  +  libcurl-multi.3: typo
         1376  +  
         1377  +  Closes https://github.com/curl/curl/pull/1153
         1378  +
         1379  +Dan Fandrich (2 Dec 2016)
         1380  +- test1281: added http as a required feature
         1381  +
         1382  +Daniel Stenberg (2 Dec 2016)
         1383  +- curl: support zero-length argument strings in config files
         1384  +  
         1385  +  ... like 'user-agent = ""'
         1386  +  
         1387  +  Adjusted test 71 to verify.
         1388  +
         1389  +- http_proxy: simplify CONNECT response reading
         1390  +  
         1391  +  Since it now reads responses one byte a time, a loop could be removed
         1392  +  and it is no longer limited to get the whole response within 16K, it is
         1393  +  now instead only limited to 16K maximum header line lengths.
         1394  +
         1395  +- tests: fix CONNECT test cases to be more strict
         1396  +  
         1397  +  ... as they broke with the cleaned up CONNECT handling
         1398  +
         1399  +- CONNECT: read responses one byte at a time
         1400  +  
         1401  +  ... so that it doesn't read data that is actually coming from the
         1402  +  remote. 2xx responses have no body from the proxy, that data is from the
         1403  +  peer.
         1404  +  
         1405  +  Fixes #1132
         1406  +
         1407  +- CONNECT: reject TE or CL in 2xx responses
         1408  +  
         1409  +  A server MUST NOT send any Transfer-Encoding or Content-Length header
         1410  +  fields in a 2xx (Successful) response to CONNECT. (RFC 7231 section
         1411  +  4.3.6)
         1412  +  
         1413  +  Also fixes the three test cases that did this.
         1414  +
         1415  +- URL parser: reject non-numerical port numbers
         1416  +  
         1417  +  Test 1281 added to verify
         1418  +
         1419  +Dan Fandrich (30 Nov 2016)
         1420  +- runtests: made Servers: output be more consistent by removing OFF
         1421  +
         1422  +- cyassl: fixed typo introduced in 4f8b1774
         1423  +
         1424  +Michael Kaufmann (30 Nov 2016)
         1425  +- CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries properly
         1426  +  
         1427  +  If a port number in a "connect-to" entry does not match, skip this
         1428  +  entry instead of connecting to port 0.
         1429  +  
         1430  +  If a port number in a "connect-to" entry matches, use this entry
         1431  +  and look no further.
         1432  +  
         1433  +  Reported-by: Jay Satiro
         1434  +  Assisted-by: Jay Satiro, Daniel Stenberg
         1435  +  
         1436  +  Closes #1148
         1437  +
         1438  +Daniel Stenberg (29 Nov 2016)
         1439  +- BUGS: describe bug handling process
         1440  +
         1441  +- RELEASE-NOTES: synced with 19613fb3
         1442  +
         1443  +Jay Satiro (28 Nov 2016)
         1444  +- http2: check nghttp2_session_set_local_window_size exists
         1445  +  
         1446  +  The function only exists since nghttp2 1.12.0.
         1447  +  
         1448  +  Bug: https://github.com/curl/curl/commit/a4d8888#commitcomment-19985676
         1449  +  Reported-by: Michael Kaufmann
         1450  +
         1451  +Daniel Stenberg (28 Nov 2016)
         1452  +- [Anders Bakken brought this change]
         1453  +
         1454  +  http2: Fix crashes when parent stream gets aborted
         1455  +  
         1456  +  Closes #1125
         1457  +
         1458  +- cmdline-docs: more options converted and fixed
         1459  +  
         1460  +  Now all options are in the new system.
         1461  +
         1462  +- gen: include footer in mainpage output
         1463  +
         1464  +Jay Satiro (28 Nov 2016)
         1465  +- lib1536: checksrc compliance
         1466  +
         1467  +Daniel Stenberg (28 Nov 2016)
         1468  +- cmdline-opts: more command line options documented
         1469  +  
         1470  +  Moved over to the new format
         1471  +
         1472  +- curl: remove --proxy-ssl* options
         1473  +  
         1474  +  There's mostly likely no need to allow setting SSLv2/3 version for HTTPS
         1475  +  proxy. Those protocols are insecure by design and deprecated.
         1476  +
         1477  +- CURLOPT_PROXY_*.3: polished some proxy option man pages
         1478  +
         1479  +Patrick Monnerat (26 Nov 2016)
         1480  +- os400: support CURLOPT_PROXY_PINNEDPUBLICKEY
         1481  +  
         1482  +  Also define it in ILE/RPG binding.
         1483  +
         1484  +Daniel Stenberg (26 Nov 2016)
         1485  +- [Okhin Vasilij brought this change]
         1486  +
         1487  +  curl_version_info: add CURL_VERSION_HTTPS_PROXY
         1488  +  
         1489  +  Closes #1142
         1490  +
         1491  +- [Frank Gevaerts brought this change]
         1492  +
         1493  +  tests: Add some testcases for recent new features.
         1494  +  
         1495  +  Add missing tests for CURLINFO_SCHEME, CURLINFO_PROTOCOL, %{scheme},
         1496  +  and %{http_version}
         1497  +  
         1498  +  closes #1143
         1499  +
         1500  +- [Frank Gevaerts brought this change]
         1501  +
         1502  +  curl_easy_reset: clear info for CULRINFO_PROTOCOL and CURLINFO_SCHEME
         1503  +
         1504  +- CURLOPT_PROXY_CAINFO.3: clarify proxy use
         1505  +
         1506  +- CURLOPT_PROXY_CRLFILE.3: clarify https proxy and availability
         1507  +
         1508  +- curl_easy_setopt.3: add CURLOPT_PROXY_PINNEDPUBLICKEY
         1509  +  
         1510  +  Follow-up to 4f8b17743d7c55a
         1511  +
         1512  +- docs: include all opts man pages in dist
         1513  +  
         1514  +  Sorted the lists too.
         1515  +  
         1516  +  ... and include the new ones in the PDF and HTML generation targets
         1517  +
         1518  +- [Thomas Glanzmann brought this change]
         1519  +
         1520  +  HTTPS Proxy: Implement CURLOPT_PROXY_PINNEDPUBLICKEY
         1521  +
         1522  +- [Thomas Glanzmann brought this change]
         1523  +
         1524  +  url: proxy: Use 443 as default port for https proxies
         1525  +
         1526  +- TODO: removed "HTTPS proxy"
         1527  +
         1528  +- [Jan-E brought this change]
         1529  +
         1530  +  winbuild: add config option ENABLE_NGHTTP2
         1531  +  
         1532  +  Closes #1141
         1533  +
         1534  +Jay Satiro (24 Nov 2016)
         1535  +- tool_urlglob: Improve sanity check in glob_range
         1536  +  
         1537  +  Prior to this change we depended on errno if strtol could not perform a
         1538  +  conversion. POSIX says EINVAL *may* be set. Some implementations like
         1539  +  Microsoft's will not set it if there's no conversion.
         1540  +  
         1541  +  Ref: https://github.com/curl/curl/commit/ee4f7660#commitcomment-19658189
         1542  +
         1543  +- tool_help: Change description for --retry-connrefused
         1544  +  
         1545  +  Ref: https://github.com/curl/curl/pull/1064#issuecomment-260052409
         1546  +
         1547  +Patrick Monnerat (25 Nov 2016)
         1548  +- os400: sync ILE/RPG binding
         1549  +
         1550  +Jay Satiro (24 Nov 2016)
         1551  +- test1135: Fix curl_easy_duphandle prototype for code style
         1552  +  
         1553  +  Follow-up to dbadaeb which changed the style.
         1554  +
         1555  +- x509asn1: Restore the parameter check in Curl_getASN1Element
         1556  +  
         1557  +  - Restore the removed parts of the parameter check.
         1558  +  
         1559  +  Follow-up to 945f60e which altered the parameter check.
         1560  +
         1561  +Daniel Stenberg (25 Nov 2016)
         1562  +- RELEASE-NOTES: update option counters
         1563  +
         1564  +- [Frank Gevaerts brought this change]
         1565  +
         1566  +  add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
         1567  +  
         1568  +  Adds access to the effectively used protocol/scheme to both libcurl and
         1569  +  curl, both in string and numeric (CURLPROTO_*) form.
         1570  +  
         1571  +  Note that the string form will be uppercase, as it is just the internal
         1572  +  string.
         1573  +  
         1574  +  As these strings are declared internally as const, and all other strings
         1575  +  returned by curl_easy_getinfo() are de-facto const as well, string
         1576  +  handling in getinfo.c got const-ified.
         1577  +  
         1578  +  Closes #1137
         1579  +
         1580  +- RELEASE-NOTES: synced with 63198a4750aeb
         1581  +
         1582  +- curl.1: the new --proxy options ship in 7.52.0
         1583  +
         1584  +- checksrc: move open braces to comply with function declaration style
         1585  +
         1586  +- checksrc: detect wrongly placed open braces in func declarations
         1587  +
         1588  +- checksrc: white space edits to comply to stricter checksrc
         1589  +
         1590  +- checksrc: verify ASTERISKNOSPACE
         1591  +  
         1592  +  Detects (char*) and 'char*foo' uses.
         1593  +
         1594  +- checksrc: code style: use 'char *name' style
         1595  +
         1596  +- checksrc: add ASTERISKSPACE
         1597  +  
         1598  +  Verifies a 'char *name' style, with no space after the asterisk.
         1599  +
         1600  +- openssl: remove dead code
         1601  +  
         1602  +  Coverity CID 1394666
         1603  +
         1604  +- [Okhin Vasilij brought this change]
         1605  +
         1606  +  HTTPS-proxy: fixed mbedtls and polishing
         1607  +
         1608  +- darwinssl: adopted to the HTTPS proxy changes
         1609  +  
         1610  +  It builds and runs all test cases. No adaptations for actual HTTPS proxy
         1611  +  support has been made.
         1612  +
         1613  +- gtls: fix indent to silence compiler warning
         1614  +  
         1615  +  vtls/gtls.c: In function ‘Curl_gtls_data_pending’:
         1616  +  vtls/gtls.c:1429:3: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
         1617  +     if(conn->proxy_ssl[connindex].session &&
         1618  +        ^~
         1619  +        vtls/gtls.c:1433:5: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
         1620  +             return res;
         1621  +
         1622  +- [Thomas Glanzmann brought this change]
         1623  +
         1624  +  mbedtls: Fix compile errors
         1625  +
         1626  +- [Alex Rousskov brought this change]
         1627  +
         1628  +  proxy: Support HTTPS proxy and SOCKS+HTTP(s)
         1629  +  
         1630  +  * HTTPS proxies:
         1631  +  
         1632  +  An HTTPS proxy receives all transactions over an SSL/TLS connection.
         1633  +  Once a secure connection with the proxy is established, the user agent
         1634  +  uses the proxy as usual, including sending CONNECT requests to instruct
         1635  +  the proxy to establish a [usually secure] TCP tunnel with an origin
         1636  +  server. HTTPS proxies protect nearly all aspects of user-proxy
         1637  +  communications as opposed to HTTP proxies that receive all requests
         1638  +  (including CONNECT requests) in vulnerable clear text.
         1639  +  
         1640  +  With HTTPS proxies, it is possible to have two concurrent _nested_
         1641  +  SSL/TLS sessions: the "outer" one between the user agent and the proxy
         1642  +  and the "inner" one between the user agent and the origin server
         1643  +  (through the proxy). This change adds supports for such nested sessions
         1644  +  as well.
         1645  +  
         1646  +  A secure connection with a proxy requires its own set of the usual SSL
         1647  +  options (their actual descriptions differ and need polishing, see TODO):
         1648  +  
         1649  +    --proxy-cacert FILE        CA certificate to verify peer against
         1650  +    --proxy-capath DIR         CA directory to verify peer against
         1651  +    --proxy-cert CERT[:PASSWD] Client certificate file and password
         1652  +    --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
         1653  +    --proxy-ciphers LIST       SSL ciphers to use
         1654  +    --proxy-crlfile FILE       Get a CRL list in PEM format from the file
         1655  +    --proxy-insecure           Allow connections to proxies with bad certs
         1656  +    --proxy-key KEY            Private key file name
         1657  +    --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
         1658  +    --proxy-pass PASS          Pass phrase for the private key
         1659  +    --proxy-ssl-allow-beast    Allow security flaw to improve interop
         1660  +    --proxy-sslv2              Use SSLv2
         1661  +    --proxy-sslv3              Use SSLv3
         1662  +    --proxy-tlsv1              Use TLSv1
         1663  +    --proxy-tlsuser USER       TLS username
         1664  +    --proxy-tlspassword STRING TLS password
         1665  +    --proxy-tlsauthtype STRING TLS authentication type (default SRP)
         1666  +  
         1667  +  All --proxy-foo options are independent from their --foo counterparts,
         1668  +  except --proxy-crlfile which defaults to --crlfile and --proxy-capath
         1669  +  which defaults to --capath.
         1670  +  
         1671  +  Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
         1672  +  similar to the existing %{ssl_verify_result} variable.
         1673  +  
         1674  +  Supported backends: OpenSSL, GnuTLS, and NSS.
         1675  +  
         1676  +  * A SOCKS proxy + HTTP/HTTPS proxy combination:
         1677  +  
         1678  +  If both --socks* and --proxy options are given, Curl first connects to
         1679  +  the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
         1680  +  proxy.
         1681  +  
         1682  +  TODO: Update documentation for the new APIs and --proxy-* options.
         1683  +  Look for "Added in 7.XXX" marks.
         1684  +
         1685  +Patrick Monnerat (24 Nov 2016)
         1686  +- Declare endian read functions argument as a const pointer.
         1687  +  This is done for all functions of the form Curl_read[136][624]_[lb]e.
         1688  +
         1689  +- Limit ASN.1 structure sizes to 256K. Prevent some allocation size overflows.
         1690  +  See CRL-01-006.
         1691  +
         1692  +Jay Satiro (22 Nov 2016)
         1693  +- url: Fix conn reuse for local ports and interfaces
         1694  +  
         1695  +  - Fix connection reuse for when the proposed new conn 'needle' has a
         1696  +  specified local port but does not have a specified device interface.
         1697  +  
         1698  +  Bug: https://curl.haxx.se/mail/lib-2016-11/0137.html
         1699  +  Reported-by: bjt3[at]hotmail.com
         1700  +
         1701  +Daniel Stenberg (21 Nov 2016)
         1702  +- rand: pass in number of randoms as an unsigned argument
         1703  +
         1704  +Jay Satiro (20 Nov 2016)
         1705  +- rand: Fix potentially uninitialized result warning
         1706  +
         1707  +Marcel Raad (19 Nov 2016)
         1708  +- vtls: fix build warnings
         1709  +  
         1710  +  Fix warnings about conversions from long to time_t in openssl.c and
         1711  +  schannel.c.
         1712  +  
         1713  +  Follow-up to de4de4e3c7c
         1714  +
         1715  +Daniel Stenberg (18 Nov 2016)
         1716  +- [Marcel Raad brought this change]
         1717  +
         1718  +  lib: fix compiler warnings after de4de4e3c7c
         1719  +  
         1720  +  Visual C++ now complains about implicitly casting time_t (64-bit) to
         1721  +  long (32-bit). Fix this by changing some variables from long to time_t,
         1722  +  or explicitly casting to long where the public interface would be
         1723  +  affected.
         1724  +  
         1725  +  Closes #1131
         1726  +
         1727  +Peter Wu (17 Nov 2016)
         1728  +- [Isaac Boukris brought this change]
         1729  +
         1730  +  Don't mix unix domain sockets with regular ones
         1731  +  
         1732  +  When reusing a connection, make sure the unix domain
         1733  +  socket option matches.
         1734  +
         1735  +Jay Satiro (17 Nov 2016)
         1736  +- tests: Fix HTTP2-Settings header for huge window size
         1737  +  
         1738  +  Follow-up to a4d8888. Changing the window size in that commit resulted
         1739  +  in a different HTTP2-Settings upgrade header, causing test 1800 to fail.
         1740  +
         1741  +- http2: Use huge HTTP/2 windows
         1742  +  
         1743  +  - Improve performance by using a huge HTTP/2 window size.
         1744  +  
         1745  +  Bug: https://github.com/curl/curl/issues/1102
         1746  +  Reported-by: afrind@users.noreply.github.com
         1747  +  Assisted-by: Tatsuhiro Tsujikawa
         1748  +
         1749  +Daniel Stenberg (16 Nov 2016)
         1750  +- cmdline-docs: more conversion
         1751  +
         1752  +- gen: support 'protos'
         1753  +  
         1754  +  and warn on unrecognized lines
         1755  +
         1756  +- gen: support 'single' to make an individual page man page
         1757  +
         1758  +- cmdline-docs: more options converted over
         1759  +
         1760  +- gen: support 'redirect'
         1761  +  
         1762  +  ... and warn for too long --help lines
         1763  +
         1764  +- cmdline/gen: replace options in texts better
         1765  +
         1766  +Jay Satiro (16 Nov 2016)
         1767  +- http2: Fix address sanitizer memcpy warning
         1768  +  
         1769  +  - In Curl_http2_switched don't call memcpy when src is NULL.
         1770  +  
         1771  +  Curl_http2_switched can be called like:
         1772  +  
         1773  +  Curl_http2_switched(conn, NULL, 0);
         1774  +  
         1775  +  .. and prior to this change memcpy was then called like:
         1776  +  
         1777  +  memcpy(dest, NULL, 0)
         1778  +  
         1779  +  .. causing address sanitizer to warn:
         1780  +  
         1781  +  http2.c:2057:3: runtime error: null pointer passed as argument 2, which
         1782  +  is declared to never be null
         1783  +
         1784  +- tool_help: Clarify --dump-header only writes received headers
         1785  +
         1786  +- curl.1: Clarify --dump-header only writes received headers
         1787  +
         1788  +Daniel Stenberg (15 Nov 2016)
         1789  +- [Alex Chan brought this change]
         1790  +
         1791  +  docs: Spelling fixes
         1792  +
         1793  +Kamil Dudka (15 Nov 2016)
         1794  +- docs: the next release will be 7.52.0
         1795  +
         1796  +Daniel Stenberg (15 Nov 2016)
         1797  +- cmdline-opts: support generating the --help output
         1798  +
         1799  +- [David Schweikert brought this change]
         1800  +
         1801  +  darwinssl: fix SSL client certificate not found on MacOS Sierra
         1802  +  
         1803  +  Reviewed-by: Nick Zitzmann
         1804  +  
         1805  +  Closes #1105
         1806  +
         1807  +- curl: add --fail-early to help output
         1808  +  
         1809  +  Fixes test 1139 failures
         1810  +  
         1811  +  Follow-up to f82bbe01c8835
         1812  +
         1813  +- glob: fix [a-c] globbing regression
         1814  +  
         1815  +  Brought in ee4f76606cf
         1816  +  
         1817  +  Added test case 1280 to verify
         1818  +  
         1819  +  Reported-by: Dave Reisner
         1820  +  
         1821  +  Bug: https://github.com/curl/curl/commit/ee4f76606cfa4ee068bf28edd37c8dae7e8db317#commitcomment-19823146
         1822  +
         1823  +- curl: add --fail-early
         1824  +  
         1825  +  Exit with an error on the first transfer error instead of continuing to
         1826  +  do the rest of the URLs.
         1827  +  
         1828  +  Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html
         1829  +
         1830  +- Curl_rand: fixed and moved to rand.c
         1831  +  
         1832  +  Now Curl_rand() is made to fail if it cannot get the necessary random
         1833  +  level.
         1834  +  
         1835  +  Changed the proto of Curl_rand() slightly to provide a number of ints at
         1836  +  once.
         1837  +  
         1838  +  Moved out from vtls, since it isn't a TLS function and vtls provides
         1839  +  Curl_ssl_random() for this to use.
         1840  +  
         1841  +  Discussion: https://curl.haxx.se/mail/lib-2016-11/0119.html
         1842  +
         1843  +- cmdline-opts: first test version of a new man page generator kit
         1844  +  
         1845  +  See MANPAGE.md for the description of how this works. Each command line
         1846  +  option is now described in a separate .d file.
         1847  +
         1848  +- time_t fix: follow-up to de4de4e3c7c
         1849  +  
         1850  +  Blah, I accidentally wrote size_t instead of time_t for two variables.
         1851  +  
         1852  +  Reported-by: Dave Reisner
         1853  +
         1854  +- timeval: prefer time_t to hold seconds instead of long
         1855  +  
         1856  +  ... as long is still 32bit on modern 64bit windows machines, while
         1857  +  time_t is generally 64bit.
         1858  +
         1859  +Dan Fandrich (12 Nov 2016)
         1860  +- tests: fixed variable might be clobbered warning
         1861  +  
         1862  +  This stops the compiler from potentially making invalid assumptions
         1863  +  about the immutability of sdp and sap across the longjmp boundary.
         1864  +
         1865  +Daniel Stenberg (12 Nov 2016)
         1866  +- RELEASE-NOTES: synced with 346340808c
         1867  +
         1868  +- URL-parser: for file://[host]/ URLs, the [host] must be localhost
         1869  +  
         1870  +  Previously, the [host] part was just ignored which made libcurl accept
         1871  +  strange URLs misleading users. like "file://etc/passwd" which might've
         1872  +  looked like it refers to "/etc/passwd" but is just "/passwd" since the
         1873  +  "etc" is an ignored host name.
         1874  +  
         1875  +  Reported-by: Mike Crowe
         1876  +  Assisted-by: Kamil Dudka
         1877  +
         1878  +- test558: adapt to 0649433da
         1879  +
         1880  +- openssl: make sure to fail in the unlikely event that PRNG seeding fails
         1881  +
         1882  +- openssl: avoid unnecessary seeding if already done
         1883  +  
         1884  +  1.1.0+ does more of this by itself so we can avoid extra processing this
         1885  +  way.
         1886  +
         1887  +- openssl: RAND_status always exists in OpenSSL >= 0.9.7
         1888  +  
         1889  +  and remove RAND_screen from configure since nothing is using that
         1890  +  function
         1891  +
         1892  +- Curl_pgrsUpdate: use dedicated function for time passed
         1893  +
         1894  +- realloc: use Curl_saferealloc to avoid common mistakes
         1895  +  
         1896  +  Discussed: https://curl.haxx.se/mail/lib-2016-11/0087.html
         1897  +
         1898  +- [Daniel Hwang brought this change]
         1899  +
         1900  +  curl: Add --retry-connrefused
         1901  +  
         1902  +  to consider ECONNREFUSED as a transient error.
         1903  +  
         1904  +  Closes #1064
         1905  +
         1906  +- openssl: raise the max_version to 1.3 if asked for
         1907  +  
         1908  +  Now I've managed to negotiate TLS 1.3 with https://enabled.tls13.com/ when
         1909  +  using boringssl.
         1910  +
         1911  +Jay Satiro (9 Nov 2016)
         1912  +- vtls: Fail on unrecognized param for CURLOPT_SSLVERSION
         1913  +  
         1914  +  - Fix GnuTLS code for CURL_SSLVERSION_TLSv1_2 that broke when the
         1915  +  TLS 1.3 support was added in 6ad3add.
         1916  +  
         1917  +  - Homogenize across code for all backends the error message when TLS 1.3
         1918  +  is not available to "<backend>: TLS 1.3 is not yet supported".
         1919  +  
         1920  +  - Return an error when a user-specified ssl version is unrecognized.
         1921  +  
         1922  +  ---
         1923  +  
         1924  +  Prior to this change our code for some of the backends used the
         1925  +  'default' label in the switch statement (ie ver unrecognized) for
         1926  +  ssl.version and treated it the same as CURL_SSLVERSION_DEFAULT.
         1927  +  
         1928  +  Bug: https://curl.haxx.se/mail/lib-2016-11/0048.html
         1929  +  Reported-by: Kamil Dudka
         1930  +
         1931  +Daniel Stenberg (9 Nov 2016)
         1932  +- [Isaac Boukris brought this change]
         1933  +
         1934  +  SPNEGO: Fix memory leak when authentication fails
         1935  +  
         1936  +  If SPNEGO fails, cleanup the negotiate handle right away.
         1937  +  
         1938  +  Fixes #1115
         1939  +  
         1940  +  Signed-off-by: Isaac Boukris <iboukris@gmail.com>
         1941  +  Reported-by: ashman-p
         1942  +
         1943  +- CODE_STYLE.md: link to INTERNALS.md correctly
         1944  +
         1945  +- bump: next version will be 7.52.0
         1946  +
         1947  +- RELEASE-NOTES: synced with dfcdaaba371e9a3
         1948  +
         1949  +- examples/fileupload.c: fclose the file as well
         1950  +
         1951  +- printf: fix ".*f" handling
         1952  +  
         1953  +  It would always use precision 1 instead of reading it from the argument
         1954  +  list as intended.
         1955  +  
         1956  +  Reported-by: Ray Satiro
         1957  +  
         1958  +  Bug: #1113
         1959  +
         1960  +- curl_formadd.3: *_FILECONTENT and *_FILE need the file to be kept
         1961  +  
         1962  +  Reported-by: Frank Gevaerts
         1963  +
         1964  +Kamil Dudka (7 Nov 2016)
         1965  +- nss: silence warning 'SSL_NEXT_PROTO_EARLY_VALUE not handled in switch'
         1966  +  
         1967  +  ... with nss-3.26.0 and newer
         1968  +  
         1969  +  Reported-by: Daniel Stenberg
         1970  +
         1971  +Daniel Stenberg (7 Nov 2016)
         1972  +- openssl: initial TLS 1.3 adaptions
         1973  +  
         1974  +  BoringSSL supports TLSv1.3 already, but these changes don't seem to be anough
         1975  +  to get it working.
         1976  +
         1977  +- ssh: check md5 fingerprints case insensitively (regression)
         1978  +  
         1979  +  Revert the change from ce8d09483eea but use the new function
         1980  +  
         1981  +  Reported-by: Kamil Dudka
         1982  +  Bug: https://github.com/curl/curl/commit/ce8d09483eea2fcb1b50e323e1a8ed1f3613b2e3#commitcomment-19666146
         1983  +
         1984  +Kamil Dudka (7 Nov 2016)
         1985  +- curl: introduce the --tlsv1.3 option to force TLS 1.3
         1986  +  
         1987  +  Fully implemented with the NSS backend only for now.
         1988  +  
         1989  +  Reviewed-by: Ray Satiro
         1990  +
         1991  +- vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
         1992  +  
         1993  +  Fully implemented with the NSS backend only for now.
         1994  +  
         1995  +  Reviewed-by: Ray Satiro
         1996  +
         1997  +- nss: map CURL_SSLVERSION_DEFAULT to NSS default
         1998  +  
         1999  +  ... but make sure we use at least TLSv1.0 according to libcurl API
         2000  +  
         2001  +  Reported-by: Cure53
         2002  +  Reviewed-by: Ray Satiro
         2003  +
         2004  +Daniel Stenberg (7 Nov 2016)
         2005  +- s/cURL/curl
         2006  +  
         2007  +  We're mostly saying just "curl" in lower case these days so here's a big
         2008  +  cleanup to adapt to this reality. A few instances are left as the
         2009  +  project could still formally be considered called cURL.
         2010  +
         2011  +Jay Satiro (7 Nov 2016)
         2012  +- [Tatsuhiro Tsujikawa brought this change]
         2013  +
         2014  +  http2: Don't send header fields prohibited by HTTP/2 spec
         2015  +  
         2016  +  Previously, we just ignored "Connection" header field.  But HTTP/2
         2017  +  specification actually prohibits few more header fields.  This commit
         2018  +  ignores all of them so that we don't send these bad header fields.
         2019  +  
         2020  +  Bug: https://curl.haxx.se/mail/archive-2016-10/0033.html
         2021  +  Reported-by: Ricki Hirner
         2022  +  
         2023  +  Closes https://github.com/curl/curl/pull/1092
         2024  +
         2025  +Daniel Stenberg (7 Nov 2016)
         2026  +- curl.1: explain the SMTP data expected for -T
         2027  +  
         2028  +  Fixes #1107
         2029  +  
         2030  +  Reported-by: Adam Piggott
         2031  +
         2032  +Peter Wu (6 Nov 2016)
         2033  +- cmake: disable poll for macOS
         2034  +  
         2035  +  Mirrors the autotools behavior introduced with curl-7_50_3-83-ga34c7ce.
         2036  +  
         2037  +  Fixes #1089
         2038  +
         2039  +Jay Satiro (5 Nov 2016)
         2040  +- easy: Initialize info variables on easy init and duphandle
         2041  +  
         2042  +  - Call Curl_initinfo on init and duphandle.
         2043  +  
         2044  +  Prior to this change the statistical and informational variables were
         2045  +  simply zeroed by calloc on easy init and duphandle. While zero is the
         2046  +  correct default value for almost all info variables, there is one where
         2047  +  it isn't (filetime initializes to -1).
         2048  +  
         2049  +  Bug: https://github.com/curl/curl/issues/1103
         2050  +  Reported-by: Neal Poole
         2051  +
         2052  +Daniel Stenberg (5 Nov 2016)
         2053  +- [Mauro Rappa brought this change]
         2054  +
         2055  +  curl -w: added more decimal digits to timing counters
         2056  +  
         2057  +  Now showing microsecond resolution.
         2058  +  
         2059  +  Closes #1106
         2060  +
         2061  +Jakub Zakrzewski (4 Nov 2016)
         2062  +- dist: add CMakeLists.txt to the tarball
         2063  +
         2064  +Daniel Stenberg (4 Nov 2016)
         2065  +- mbedtls: fix build with mbedtls versions < 2.4.0
         2066  +  
         2067  +  Regression added in 62a8095e714
         2068  +  
         2069  +  Reported-by: Tony Kelman
         2070  +  
         2071  +  Discussed in #1087
         2072  +
         2073  +- configure: verify that compiler groks -Werror=partial-availability
         2074  +  
         2075  +  Reported-by: bemoody
         2076  +  
         2077  +  Fixes #1104
         2078  +
         2079  +- docs: shorten and simplify the top comment in multi-uv.c
         2080  +  
         2081  +  and change URL to use https
         2082  +
         2083  +- [Andrei Sedoi brought this change]
         2084  +
         2085  +  docs: handle CURL_POLL_INOUT in multi-uv example
         2086  +
         2087  +- [Andrei Sedoi brought this change]
         2088  +
         2089  +  docs: multi-uv: don't use CURLMsg after cleanup
         2090  +
         2091  +- [Andrei Sedoi brought this change]
         2092  +
         2093  +  docs: remove unused variables in multi-uv example
         2094  +
         2095  +- bump: start working on 7.51.1
         2096  +
         2097  +- winbuild: remove strcase.obj from curl build
         2098  +  
         2099  +  Reported-by: Bruce Stephens
         2100  +  
         2101  +  Fixes #1098
         2102  +
         2103  +Dan Fandrich (2 Nov 2016)
         2104  +- msvc: removed a straggling reference to strequal.c
         2105  +  
         2106  +  Follow-up to 502acba2
         2107  +
         2108  +Version 7.51.0 (2 Nov 2016)
         2109  +
         2110  +Daniel Stenberg (2 Nov 2016)
         2111  +- THANKS: synced with 7.51.0
         2112  +
         2113  +- RELEASE-NOTES: 7.51.0
         2114  +
         2115  +- ftp_done: don't clobber the passed in error code
         2116  +  
         2117  +  Coverity CID 1374359 pointed out the unused result value.
         2118  +
         2119  +- ftp: remove dead code in ftp_done
         2120  +  
         2121  +  Coverity CID 1374358
         2122  +
         2123  +Jay Satiro (1 Nov 2016)
         2124  +- generate.bat: Include include/curl in libcurl VS projects
         2125  +  
         2126  +  .. because including those headers helps Visual Studio's Intellisense.
         2127  +
         2128  +- generate.bat: Remove strcase.[ch] from curl tool VS projects
         2129  +  
         2130  +  ..because they're no longer needed in the tool build. strcase is still
         2131  +  built by the libcurl project and exports curl_str(n)equal which is used
         2132  +  by the curl tool.
         2133  +  
         2134  +  Bug: https://github.com/curl/curl/commit/9363f1a#all_commit_comments
         2135  +
         2136  +Daniel Stenberg (2 Nov 2016)
         2137  +- metalink: simplify the hex parsing function
         2138  +  
         2139  +  ... and now it avoids using the libcurl toupper() function
         2140  +
         2141  +Michael Kaufmann (1 Nov 2016)
         2142  +- file: fix compiler warning
         2143  +  
         2144  +  follow-up to 46133aa5
         2145  +
         2146  +Dan Fandrich (1 Nov 2016)
         2147  +- strcase: fixed Metalink builds by redefining checkprefix()
         2148  +  
         2149  +  ...to use the public function curl_strnequal(). This isn't ideal because
         2150  +  it adds extra overhead to any internal calls to checkprefix.
         2151  +  
         2152  +  follow-up to 95bd2b3e
         2153  +
         2154  +Daniel Stenberg (1 Nov 2016)
         2155  +- curl.1: typo
         2156  +
         2157  +- curl.1: expand on how multiple uses of -o looks
         2158  +  
         2159  +  Suggested-by: Dan Jacobson
         2160  +  Issue: https://github.com/curl/curl/issues/1097
         2161  +
         2162  +- tests/util: get a private strncasecompare clone
         2163  +  
         2164  +  ... since the curlx_* code no longer provides one and we don't link
         2165  +  libcurl to these test servers.
         2166  +
         2167  +- strcase: make the tool use curl_str[n]equal instead
         2168  +  
         2169  +  As they are after all part of the public API. Saves space and reduces
         2170  +  complexity. Remove the strcase defines from the curlx_ family.
         2171  +  
         2172  +  Suggested-by: Dan Fandrich
         2173  +  Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html
         2174  +
         2175  +Kamil Dudka (31 Oct 2016)
         2176  +- gskit, nss: do not include strequal.h
         2177  +  
         2178  +  follow-up to 811a693b80
         2179  +
         2180  +Dan Fandrich (31 Oct 2016)
         2181  +- strcasecompare: include curl.h in strcase.c
         2182  +  
         2183  +  This should fix the "warning: 'curl_strequal' redeclared without
         2184  +  dllimport attribute: previous dllimport ignored" message and subsequent
         2185  +  link error on Windows because of the missing CURL_EXTERN on the
         2186  +  prototype.
         2187  +
         2188  +Daniel Stenberg (31 Oct 2016)
         2189  +- strcase: fix the remaining rawstr users
         2190  +
         2191  +- msvc builds: s/rawstr/strcase
         2192  +  
         2193  +  Follow-up to 811a693b
         2194  +
         2195  +Dan Fandrich (31 Oct 2016)
         2196  +- strcasecompare: replaced remaining rawstr.h with strcase.h
         2197  +  
         2198  +  This is a followup to commit 811a693b
         2199  +
         2200  +Marcel Raad (31 Oct 2016)
         2201  +- digest_sspi: fix include
         2202  +  
         2203  +  Fix compile break from 811a693b80
         2204  +
         2205  +Dan Fandrich (31 Oct 2016)
         2206  +- libauthretry: use the external function curl_strequal
         2207  +  
         2208  +  The internal version strcasecompare isn't available outside libcurl
         2209  +
         2210  +Daniel Stenberg (31 Oct 2016)
         2211  +- RELEASE-NOTES: synced with d14538d2501ef0da
         2212  +
         2213  +- configure: raise the default minimum version for macos to 10.8
         2214  +  
         2215  +  follow-up to 4f8d0b6f02aa7043. Since the darwinssl code breaks
         2216  +  otherwise. If you build without darwinssl 10.5 works fine.
         2217  +
         2218  +- unit1301: keep testing curl_strequal
         2219  +  
         2220  +  as that is still part of the API, fix from 8fe4bd084412f30
         2221  +
         2222  +- ldap: fix include
         2223  +  
         2224  +  Fix bug from 811a693b80
         2225  +
         2226  +- url: remove unconditional idn2.h include
         2227  +  
         2228  +  Mistake brought by 9c91ec778104a
         2229  +
         2230  +- curl_strequal: part of public API/ABI, needs to be kept
         2231  +  
         2232  +  These two public functions have been mentioned as deprecated since a
         2233  +  very long time but since they are still part of the API and ABI we need
         2234  +  to keep them around.
         2235  +
         2236  +- strcase: s/strequal/strcasecompare
         2237  +  
         2238  +  some more follow-ups to 811a693b80
         2239  +
         2240  +- ldap: fix strcase use
         2241  +  
         2242  +  follow-up to 811a693b80
         2243  +
         2244  +- test165: adapted to the libidn2 use and IDNA2008 fix
         2245  +
         2246  +- cookie: replace use of fgets() with custom version
         2247  +  
         2248  +  ... that will ignore lines that are too long to fit in the buffer.
         2249  +  
         2250  +  CVE-2016-8615
         2251  +  
         2252  +  Bug: https://curl.haxx.se/docs/adv_20161102A.html
         2253  +  Reported-by: Cure53
         2254  +
         2255  +- strcasecompare: all case insensitive string compares ignore locale now
         2256  +  
         2257  +  We had some confusions on when each function was used. We should not act
         2258  +  differently on different locales anyway.
         2259  +
         2260  +- strcasecompare: is the new name for strequal()
         2261  +  
         2262  +  ... to make it less likely that we forget that the function actually
         2263  +  does case insentive compares. Also replaced several invokes of the
         2264  +  function with a plain strcmp when case sensitivity is not an issue (like
         2265  +  comparing with "-").
         2266  +
         2267  +- ftp: check for previous patch must be case sensitive!
         2268  +  
         2269  +  ... otherwise example.com/PATH and example.com/path would be assumed to
         2270  +  be the same and they usually aren't!
         2271  +
         2272  +- SSH: check md5 fingerprint case sensitively
         2273  +
         2274  +- connectionexists: use case sensitive user/password comparisons
         2275  +  
         2276  +  CVE-2016-8616
         2277  +  
         2278  +  Bug: https://curl.haxx.se/docs/adv_20161102B.html
         2279  +  Reported-by: Cure53
         2280  +
         2281  +- base64: check for integer overflow on large input
         2282  +  
         2283  +  CVE-2016-8617
         2284  +  
         2285  +  Bug: https://curl.haxx.se/docs/adv_20161102C.html
         2286  +  Reported-by: Cure53
         2287  +
         2288  +- krb5: avoid realloc(0)
         2289  +  
         2290  +  If the requested size is zero, bail out with error instead of doing a
         2291  +  realloc() that would cause a double-free: realloc(0) acts as a free()
         2292  +  and then there's a second free in the cleanup path.
         2293  +  
         2294  +  CVE-2016-8619
         2295  +  
         2296  +  Bug: https://curl.haxx.se/docs/adv_20161102E.html
         2297  +  Reported-by: Cure53
         2298  +
         2299  +- aprintf: detect wrap-around when growing allocation
         2300  +  
         2301  +  On 32bit systems we could otherwise wrap around after 2GB and allocate 0
         2302  +  bytes and crash.
         2303  +  
         2304  +  CVE-2016-8618
         2305  +  
         2306  +  Bug: https://curl.haxx.se/docs/adv_20161102D.html
         2307  +  Reported-by: Cure53
         2308  +
         2309  +- range: reject char globs with missing end like '[L-]'
         2310  +  
         2311  +  ... which previously would lead to out of boundary reads.
         2312  +  
         2313  +  Reported-by: Luật Nguyễn
         2314  +
         2315  +- glob_next_url: make sure to stay within the given output buffer
         2316  +
         2317  +- range: prevent negative end number in a glob range
         2318  +  
         2319  +  CVE-2016-8620
         2320  +  
         2321  +  Bug: https://curl.haxx.se/docs/adv_20161102F.html
         2322  +  Reported-by: Luật Nguyễn
         2323  +
         2324  +- parsedate: handle cut off numbers better
         2325  +  
         2326  +  ... and don't read outside of the given buffer!
         2327  +  
         2328  +  CVE-2016-8621
         2329  +  
         2330  +  bug: https://curl.haxx.se/docs/adv_20161102G.html
         2331  +  Reported-by: Luật Nguyễn
         2332  +
         2333  +- escape: avoid using curl_easy_unescape() internally
         2334  +  
         2335  +  Since the internal Curl_urldecode() function has a better API.
         2336  +
         2337  +- unescape: avoid integer overflow
         2338  +  
         2339  +  CVE-2016-8622
         2340  +  
         2341  +  Bug: https://curl.haxx.se/docs/adv_20161102H.html
         2342  +  Reported-by: Cure53
         2343  +
         2344  +- cookies: getlist() now holds deep copies of all cookies
         2345  +  
         2346  +  Previously it only held references to them, which was reckless as the
         2347  +  thread lock was released so the cookies could get modified by other
         2348  +  handles that share the same cookie jar over the share interface.
         2349  +  
         2350  +  CVE-2016-8623
         2351  +  
         2352  +  Bug: https://curl.haxx.se/docs/adv_20161102I.html
         2353  +  Reported-by: Cure53
         2354  +
         2355  +- TODO: remove IDNA2008
         2356  +
         2357  +- idn: switch to libidn2 use and IDNA2008 support
         2358  +  
         2359  +  CVE-2016-8625
         2360  +  
         2361  +  Bug: https://curl.haxx.se/docs/adv_20161102K.html
         2362  +  Reported-by: Christian Heimes
         2363  +
         2364  +- test1246: verify URL parsing with host name ending with '#'
         2365  +
         2366  +- urlparse: accept '#' as end of host name
         2367  +  
         2368  +  'http://example.com#@127.0.0.1/x.txt' equals a request to example.com
         2369  +  for the '/' document with the rest of the URL being a fragment.
         2370  +  
         2371  +  CVE-2016-8624
         2372  +  
         2373  +  Bug: https://curl.haxx.se/docs/adv_20161102J.html
         2374  +  Reported-by: Fernando Muñoz
         2375  +
         2376  +Jay Satiro (31 Oct 2016)
         2377  +- INTERNALS: better markdown (follow-up)
         2378  +  
         2379  +  - Wrap more words with underscores in backticks.
         2380  +  
         2381  +  Follow-up to 13f4913.
         2382  +
         2383  +Daniel Stenberg (30 Oct 2016)
         2384  +- INTERNALS: better markdown
         2385  +  
         2386  +  words with underscore need to be within `these`
         2387  +  
         2388  +  Bug: https://github.com/curl/curl-www/issues/19
         2389  +  Reported-by : Jay Satiro
         2390  +
         2391  +Jay Satiro (30 Oct 2016)
         2392  +- mk-ca-bundle.vbs: Fix UTF-8 output
         2393  +  
         2394  +  - Change initial message box to mention delay when downloading/parsing.
         2395  +  
         2396  +  Since there is no progress meter it was somewhat unexpected that after
         2397  +  choosing a filename nothing appears to happen, when actually the cert
         2398  +  data is in the process of being downloaded and parsed.
         2399  +  
         2400  +  - Warn if OpenSSL is not present.
         2401  +  
         2402  +  - Use a UTF-8 stream to make the ca-bundle data.
         2403  +  
         2404  +  - Save the UTF-8 ca-bundle stream as binary so that no BOM is added.
         2405  +  
         2406  +  ---
         2407  +  
         2408  +  This is a follow-up to d2c6d15 which switched mk-ca-bundle.vbs output to
         2409  +  ANSI due to corrupt UTF-8 output, now fixed.
         2410  +  
         2411  +  This change completes making the default certificate bundle output of
         2412  +  mk-ca-bundle.vbs as close as possible to that of mk-ca-bundle.pl, which
         2413  +  should make it easier to review any difference between their output.
         2414  +  
         2415  +  Ref: https://github.com/curl/curl/pull/1012
         2416  +
         2417  +Daniel Stenberg (28 Oct 2016)
         2418  +- BINDINGS: converted to markdown
         2419  +  
         2420  +  To make it render better on the web site, at the price of it becoming
         2421  +  slightly less readable as text.
         2422  +
         2423  +Jay Satiro (27 Oct 2016)
         2424  +- CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
         2425  +  
         2426  +  - Clarify that this option is only for HTTP/1.1 pipelining.
         2427  +  
         2428  +  Bug: https://github.com/curl/curl/issues/1059
         2429  +  Reported-by: Jeroen Ooms
         2430  +  
         2431  +  Assisted-by: Daniel Stenberg
         2432  +
         2433  +Daniel Stenberg (27 Oct 2016)
         2434  +- KNOWN_BUGS: HTTP/2 server push enabled when no pushes can be accepted
         2435  +  
         2436  +  Closes #927
         2437  +
         2438  +- KNOWN_BUGS: c-ares deviates from stock resolver on http://1346569778
         2439  +  
         2440  +  Closes #893
         2441  +
         2442  +Michael Osipov (27 Oct 2016)
         2443  +- configure.in: Fix test syntax
         2444  +  
         2445  +  Some versions of test allow == for equality, but others (such as the HP-UX
         2446  +  version) do not.  Use a single = for correctness.
         2447  +  
         2448  +  Error output:
         2449  +  checking for monotonic clock_gettime... ./configure[20445]: ==: A test command parameter is not valid.
         2450  +
         2451  +Daniel Stenberg (27 Oct 2016)
         2452  +- SECURITY: minor updates
         2453  +  
         2454  +  - we allow the security push up to 48 hours before the release
         2455  +  
         2456  +  - add a mention about possible pre-notifications
         2457  +  
         2458  +  - lower case the 'curl-security' title
         2459  +
         2460  +- [Andrei Sedoi brought this change]
         2461  +
         2462  +  docs: fix req->data in multi-uv example
         2463  +  
         2464  +  Closes #1088
         2465  +
         2466  +- mbedtls: stop using deprecated include file
         2467  +  
         2468  +  Reported-by: wyattoday
         2469  +  Fixes #1087
         2470  +
         2471  +Kamil Dudka (25 Oct 2016)
         2472  +- [Martin Frodl brought this change]
         2473  +
         2474  +  nss: fix tight loop in non-blocking TLS handhsake over proxy
         2475  +  
         2476  +  ... in case the handshake completes before entering
         2477  +  CURLM_STATE_PROTOCONNECT
         2478  +  
         2479  +  Bug: https://bugzilla.redhat.com/1388162
         2480  +
         2481  +Jay Satiro (25 Oct 2016)
         2482  +- mk-ca-bundle: Update the vbscript version
         2483  +  
         2484  +  Bring the VBScript version more in line with the perl version:
         2485  +  
         2486  +  - Change timestamp to UTC.
         2487  +  
         2488  +  - Change URL retrieval to HTTPS-only by default.
         2489  +  
         2490  +  - Comment out the options that disabled SSL cert checking by default.
         2491  +  
         2492  +  - Assume OpenSSL is present, get SHA256. And add a flag to toggle it.
         2493  +  
         2494  +  - Fix cert issuer name output.
         2495  +  
         2496  +  The cert issuer output is now ansi, converted from UTF-8. Prior to this
         2497  +  it was corrupt UTF-8. It turns out though we can work with UTF-8 the
         2498  +  FSO object that writes ca-bundle can't write UTF-8, so there will have
         2499  +  to be some alternative if UTF-8 is needed (like an ADODB.Stream).
         2500  +  
         2501  +  - Disable the certificate text info feature.
         2502  +  
         2503  +  The certificate text info doesn't work properly with any recent OpenSSL.
         2504  +
         2505  +Daniel Stenberg (24 Oct 2016)
         2506  +- TODO: indent code to make it render properly
         2507  +
         2508  +- TODO: Remove the generated include file
         2509  +
         2510  +- TODO: add "--retry should resume"
         2511  +  
         2512  +  See #1084
         2513  +
         2514  +- mk-ca-bundle.1: document -k
         2515  +  
         2516  +  Brought in 1ad2bdcf110266c. Now does HTTPS by default and needs -k to
         2517  +  fall back to plain HTTP.
         2518  +
         2519  +- [Jay Satiro brought this change]
         2520  +
         2521  +  mk-ca-bundle: Change URL retrieval to HTTPS-only by default
         2522  +  
         2523  +  - Change all predefined Mozilla URLs to HTTPS (Gregory Szorc).
         2524  +  
         2525  +  - New option -k to allow URLs other than HTTPS and enable HTTP fallback.
         2526  +  
         2527  +  Prior to this change the default URL retrieval mode was to fall back to
         2528  +  HTTP if HTTPS didn't work.
         2529  +  
         2530  +  Reported-by: Gregory Szorc
         2531  +  
         2532  +  Closes #1012
         2533  +
         2534  +- RELEASE-NOTES: synced with 50ee3aaf1a9b22d
         2535  +
         2536  +Dan Fandrich (23 Oct 2016)
         2537  +- INSTALL.md: Updated minimum file sizes for 7.50.3
         2538  +
         2539  +Daniel Stenberg (22 Oct 2016)
         2540  +- multi: force connections to get closed in close_all_connections
         2541  +  
         2542  +  Several independent reports on infinite loops hanging in the
         2543  +  close_all_connections() function when closing a multi handle, can be
         2544  +  fixed by first marking the connection to get closed before calling
         2545  +  Curl_disconnect.
         2546  +  
         2547  +  This is more fixing-the-symptom rather than the underlying problem
         2548  +  though.
         2549  +  
         2550  +  Bug: https://curl.haxx.se/mail/lib-2016-10/0011.html
         2551  +  Bug: https://curl.haxx.se/mail/lib-2016-10/0059.html
         2552  +  
         2553  +  Reported-by: Dan Fandrich, Valentin David, Miloš Ljumović
         2554  +
         2555  +- [Anders Bakken brought this change]
         2556  +
         2557  +  curl_multi_remove_handle: fix a double-free
         2558  +  
         2559  +  In short the easy handle needs to be disconnected from its connection at
         2560  +  this point since the connection still is serving other easy handles.
         2561  +  
         2562  +  In our app we can reliably reproduce a crash in our http2 stress test
         2563  +  that is fixed by this change. I can't easily reproduce the same test in
         2564  +  a small example.
         2565  +  
         2566  +  This is the gdb/asan output:
         2567  +  
         2568  +  ==11785==ERROR: AddressSanitizer: heap-use-after-free on address 0xe9f4fb80 at pc 0x09f41f19 bp 0xf27be688 sp 0xf27be67c
         2569  +  READ of size 4 at 0xe9f4fb80 thread T13 (RESOURCE_HTTP)
         2570  +      #0 0x9f41f18 in curl_multi_remove_handle /path/to/source/3rdparty/curl/lib/multi.c:666
         2571  +  
         2572  +  0xe9f4fb80 is located 0 bytes inside of 1128-byte region [0xe9f4fb80,0xe9f4ffe8)
         2573  +  freed by thread T13 (RESOURCE_HTTP) here:
         2574  +      #0 0xf7b1b5c2 in __interceptor_free /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_malloc_linux.cc:45
         2575  +      #1 0x9f7862d in conn_free /path/to/source/3rdparty/curl/lib/url.c:2808
         2576  +      #2 0x9f78c6a in Curl_disconnect /path/to/source/3rdparty/curl/lib/url.c:2876
         2577  +      #3 0x9f41b09 in multi_done /path/to/source/3rdparty/curl/lib/multi.c:615
         2578  +      #4 0x9f48017 in multi_runsingle /path/to/source/3rdparty/curl/lib/multi.c:1896
         2579  +      #5 0x9f490f1 in curl_multi_perform /path/to/source/3rdparty/curl/lib/multi.c:2123
         2580  +      #6 0x9c4443c in perform /path/to/source/src/net/resourcemanager/ResourceManagerCurlThread.cpp:854
         2581  +      #7 0x9c445e0 in ...
         2582  +      #8 0x9c4cf1d in ...
         2583  +      #9 0xa2be6b5 in ...
         2584  +      #10 0xf7aa5780 in asan_thread_start /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_interceptors.cc:226
         2585  +      #11 0xf4d3a16d in __clone (/lib/i386-linux-gnu/libc.so.6+0xe716d)
         2586  +  
         2587  +  previously allocated by thread T13 (RESOURCE_HTTP) here:
         2588  +      #0 0xf7b1ba27 in __interceptor_calloc /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_malloc_linux.cc:70
         2589  +      #1 0x9f7dfa6 in allocate_conn /path/to/source/3rdparty/curl/lib/url.c:3904
         2590  +      #2 0x9f88ca0 in create_conn /path/to/source/3rdparty/curl/lib/url.c:5797
         2591  +      #3 0x9f8c928 in Curl_connect /path/to/source/3rdparty/curl/lib/url.c:6438
         2592  +      #4 0x9f45a8c in multi_runsingle /path/to/source/3rdparty/curl/lib/multi.c:1411
         2593  +      #5 0x9f490f1 in curl_multi_perform /path/to/source/3rdparty/curl/lib/multi.c:2123
         2594  +      #6 0x9c4443c in perform /path/to/source/src/net/resourcemanager/ResourceManagerCurlThread.cpp:854
         2595  +      #7 0x9c445e0 in ...
         2596  +      #8 0x9c4cf1d in ...
         2597  +      #9 0xa2be6b5 in ...
         2598  +      #10 0xf7aa5780 in asan_thread_start /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_interceptors.cc:226
         2599  +      #11 0xf4d3a16d in __clone (/lib/i386-linux-gnu/libc.so.6+0xe716d)
         2600  +  
         2601  +  SUMMARY: AddressSanitizer: heap-use-after-free /path/to/source/3rdparty/curl/lib/multi.c:666 in curl_multi_remove_handle
         2602  +  Shadow bytes around the buggy address:
         2603  +    0x3d3e9f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
         2604  +    0x3d3e9f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
         2605  +    0x3d3e9f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
         2606  +    0x3d3e9f50: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
         2607  +    0x3d3e9f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
         2608  +  =>0x3d3e9f70:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
         2609  +    0x3d3e9f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
         2610  +    0x3d3e9f90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
         2611  +    0x3d3e9fa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
         2612  +    0x3d3e9fb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
         2613  +    0x3d3e9fc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
         2614  +  Shadow byte legend (one shadow byte represents 8 application bytes):
         2615  +    Addressable:           00
         2616  +    Partially addressable: 01 02 03 04 05 06 07
         2617  +    Heap left redzone:       fa
         2618  +    Heap right redzone:      fb
         2619  +    Freed heap region:       fd
         2620  +    Stack left redzone:      f1
         2621  +    Stack mid redzone:       f2
         2622  +    Stack right redzone:     f3
         2623  +    Stack partial redzone:   f4
         2624  +    Stack after return:      f5
         2625  +    Stack use after scope:   f8
         2626  +    Global redzone:          f9
         2627  +    Global init order:       f6
         2628  +    Poisoned by user:        f7
         2629  +    Container overflow:      fc
         2630  +    Array cookie:            ac
         2631  +    Intra object redzone:    bb
         2632  +    ASan internal:           fe
         2633  +    Left alloca redzone:     ca
         2634  +    Right alloca redzone:    cb
         2635  +  ==11785==ABORTING
         2636  +  
         2637  +  Thread 14 "RESOURCE_HTTP" received signal SIGABRT, Aborted.
         2638  +  [Switching to Thread 0xf27bfb40 (LWP 12324)]
         2639  +  0xf7fd8be9 in __kernel_vsyscall ()
         2640  +   (gdb) bt
         2641  +   #0  0xf7fd8be9 in __kernel_vsyscall ()
         2642  +   #1  0xf4c7ee89 in __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:54
         2643  +   #2  0xf4c803e7 in __GI_abort () at abort.c:89
         2644  +   #3  0xf7b2ef2e in __sanitizer::Abort () at /opt/toolchain/src/gcc-6.2.0/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cc:122
         2645  +   #4  0xf7b262fa in __sanitizer::Die () at /opt/toolchain/src/gcc-6.2.0/libsanitizer/sanitizer_common/sanitizer_common.cc:145
         2646  +   #5  0xf7b21ab3 in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0xf27be171, __in_chrg=<optimized out>) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_report.cc:689
         2647  +   #6  0xf7b214a5 in __asan::ReportGenericError (pc=166993689, bp=4068206216, sp=4068206204, addr=3925146496, is_write=false, access_size=4, exp=0, fatal=true) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_report.cc:1074
         2648  +   #7  0xf7b21fce in __asan::__asan_report_load4 (addr=3925146496) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_rtl.cc:129
         2649  +   #8  0x09f41f19 in curl_multi_remove_handle (multi=0xf3406080, data=0xde582400) at /path/to/source3rdparty/curl/lib/multi.c:666
         2650  +   #9  0x09f6b277 in Curl_close (data=0xde582400) at /path/to/source3rdparty/curl/lib/url.c:415
         2651  +   #10 0x09f3354e in curl_easy_cleanup (data=0xde582400) at /path/to/source3rdparty/curl/lib/easy.c:860
         2652  +   #11 0x09c6de3f in ...
         2653  +   #12 0x09c378c5 in ...
         2654  +   #13 0x09c48133 in ...
         2655  +   #14 0x09c4d092 in ...
         2656  +   #15 0x0a2be6b6 in ...
         2657  +   #16 0xf7aa5781 in asan_thread_start (arg=0xf2d22938) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_interceptors.cc:226
         2658  +   #17 0xf5de52b5 in start_thread (arg=0xf27bfb40) at pthread_create.c:333
         2659  +   #18 0xf4d3a16e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:114
         2660  +  
         2661  +  Fixes #1083
         2662  +
         2663  +- testcurl.1: fix the URL to the autobuild summary
         2664  +
         2665  +- testcurl.1: update URLs
         2666  +
         2667  +- INSTALL: converted to markdown => INSTALL.md
         2668  +  
         2669  +  Also heavily edited for content. Removed lots of old cruft that we added
         2670  +  like 10+ years ago that is likely incorrect by now.
         2671  +  
         2672  +  Also removed INSTALL.devcpp for same reason.
         2673  +
         2674  +- [Martin Storsjo brought this change]
         2675  +
         2676  +  configure: Check for other variants of the -m*os*-version-min flags
         2677  +  
         2678  +  In addition to -miphoneos-version-min, the same version can be set
         2679  +  using -mios-version-min. And for WatchOS and TvOS, there's
         2680  +  -mwatchos-version-min and -mtvos-version-min.
         2681  +
         2682  +- configure: set min version flags for builds on mac
         2683  +  
         2684  +  This helps building binaries that can work on multiple macOS versions.
         2685  +  
         2686  +  Help-by: Martin Storsjö
         2687  +  
         2688  +  Fixes #1069
         2689  +
         2690  +- curl_multi_add_handle: set timeouts in closure handles
         2691  +  
         2692  +  The closure handle only ever has default timeouts set. To improve the
         2693  +  state somewhat we clone the timeouts from each added handle so that the
         2694  +  closure handle always has the same timeouts as the most recently added
         2695  +  easy handle.
         2696  +  
         2697  +  Fixes #739
         2698  +
         2699  +- configure/CURL_CHECK_FUNC_POLL: disable poll completely on mac
         2700  +  
         2701  +  ... so that the same libcurl build easier can run on any version.
         2702  +  
         2703  +  Follow-up to issue #1057
         2704  +
         2705  +- RELEASE-NOTES: synced with f36f8c14551efc6772
         2706  +
         2707  +- test14xx: fixed --libcurl output tests again after 8e8afa82cbb
         2708  +
         2709  +- s/cURL/curl
         2710  +  
         2711  +  The tool was never called cURL, only the project. But even so, we have
         2712  +  more and more over time switched to just use lower case.
         2713  +
         2714  +- polarssl: indented code, removed unused variables
         2715  +
         2716  +- polarssl: reduce #ifdef madness with a macro
         2717  +
         2718  +- polarssl: fix unaligned SSL session-id lock
         2719  +
         2720  +- Curl_polarsslthreadlock_thread_setup: clear array at init
         2721  +  
         2722  +  ... since if it fails to init the entire array and then tries to clean
         2723  +  it up, it would attempt to work on an uninitialized pointer.
         2724  +
         2725  +- curl: set INTERLEAVEDATA too
         2726  +  
         2727  +  As otherwise the callback could be called with a NULL pointer when RTSP
         2728  +  data is provided.
         2729  +
         2730  +- gopher: properly return error for poll failures
         2731  +
         2732  +- select: switch to macros in uppercase
         2733  +  
         2734  +  Curl_select_ready() was the former API that was replaced with
         2735  +  Curl_select_check() a while back and the former arg setup was provided
         2736  +  with a define (in order to leave existing code unmodified).
         2737  +  
         2738  +  Now we instead offer SOCKET_READABLE and SOCKET_WRITABLE for the most
         2739  +  common shortcuts where only one socket is checked. They're also more
         2740  +  visibly macros.
         2741  +
         2742  +- select: use more proper macro-looking names
         2743  +  
         2744  +  ... so that it becomes more obvious in the code what is what. Also added
         2745  +  a typecast for one of the calculations.
         2746  +
         2747  +- Curl_socket_check: add extra check to avoid integer overflow
         2748  +
         2749  +- maketgz: make it support "only" generating version info
         2750  +  
         2751  +  ... to allow you to update the local repository with the given version
         2752  +  number data.
         2753  +
         2754  +Jay Satiro (17 Oct 2016)
         2755  +- url: skip to-be-closed connections when pipelining (follow-up)
         2756  +  
         2757  +  - Change back behavior so that pipelining is considered possible for
         2758  +  connections that have not yet reached the protocol level.
         2759  +  
         2760  +  This is a follow-up to e5f0b1a which had changed the behavior of
         2761  +  checking if pipelining is possible to ignore connections that had
         2762  +  'bits.close' set. Connections that have not yet reached the protocol
         2763  +  level also have that bit set, and we need to consider pipelining
         2764  +  possible on those connections.
         2765  +
         2766  +Daniel Stenberg (17 Oct 2016)
         2767  +- HTTP2: mention the tool's limited support
         2768  +
         2769  +- RELEASE-NOTES: synced with a1a5cd04877fd6fd
         2770  +
         2771  +- [David Woodhouse brought this change]
         2772  +
         2773  +  curl: do not set CURLOPT_SSLENGINEDEFAULT automatically
         2774  +  
         2775  +  There were bugs in the PKCS#11 engine, and fixing them triggers bugs in
         2776  +  OpenSSL. Just don't get involved; there's no need to be making the
         2777  +  engine methods the default anyway.
         2778  +  
         2779  +  https://github.com/OpenSC/libp11/pull/108
         2780  +  https://github.com/openssl/openssl/pull/1639
         2781  +  
         2782  +  Merges #1042
         2783  +
         2784  +- KNOWN_BUGS: two more existing problems
         2785  +
         2786  +Marcel Raad (16 Oct 2016)
         2787  +- win: fix Universal Windows Platform build
         2788  +  
         2789  +  This fixes a merge error in commit 7f3df80 caused by commit 332e8d6.
         2790  +  
         2791  +  Additionally, this changes Curl_verify_windows_version for Windows App
         2792  +  builds to assume to always be running on the target Windows version.
         2793  +  There seems to be no way to determine the Windows version from a
         2794  +  UWP app. Neither GetVersion(Ex), nor VerifyVersionInfo, nor the
         2795  +  Version Helper functions are supported.
         2796  +  
         2797  +  Bug: https://github.com/curl/curl/pull/820#issuecomment-250889878
         2798  +  Reported-by: Paul Joyce
         2799  +  
         2800  +  Closes https://github.com/curl/curl/pull/1048
         2801  +
         2802  +Daniel Stenberg (16 Oct 2016)
         2803  +- KNOWN_BUGS: minor formatting edit
         2804  +
         2805  +Jay Satiro (14 Oct 2016)
         2806  +- [Rider Linden brought this change]
         2807  +
         2808  +  url: skip to-be-closed connections when pipelining
         2809  +  
         2810  +  No longer attempt to use "doomed" to-be-closed connections when
         2811  +  pipelining. Prior to this change connections marked for deletion (e.g.
         2812  +  timeout) would be erroneously used, resulting in sporadic crashes.
         2813  +  
         2814  +  As originally reported and fixed by Carlo Wood (origin unknown).
         2815  +  
         2816  +  Bug: https://github.com/curl/curl/issues/627
         2817  +  Reported-by: Rider Linden
         2818  +  
         2819  +  Closes https://github.com/curl/curl/pull/1075
         2820  +  Participation-by: nopjmp@users.noreply.github.com
         2821  +
         2822  +Daniel Stenberg (13 Oct 2016)
         2823  +- vtls: only re-use session-ids using the same scheme
         2824  +  
         2825  +  To make it harder to do cross-protocol mistakes
         2826  +
         2827  +Jay Satiro (11 Oct 2016)
         2828  +- [Torben Dannhauer brought this change]
         2829  +
         2830  +  dist: add missing cmake modules to the tarball
         2831  +  
         2832  +  Closes https://github.com/curl/curl/pull/1070
         2833  +
         2834  +Daniel Stenberg (11 Oct 2016)
         2835  +- configure: detect the broken poll() in macOS 10.12
         2836  +  
         2837  +  Fixes #1057
         2838  +
         2839  +- dist: remove PDF and HTML converted docs from the releases
         2840  +
         2841  +- [Remo E brought this change]
         2842  +
         2843  +  cmake: add nghttp2 support
         2844  +  
         2845  +  Closes #922
         2846  +
         2847  +- [Andreas Streichardt brought this change]
         2848  +
         2849  +  resolve: add error message when resolving using SIGALRM
         2850  +  
         2851  +  Closes #1066
         2852  +
         2853  +- GIT-INFO: remove the Mac 10.1-specific details
         2854  +  
         2855  +  There shouldn't be many devs out there anymore using such outdated macOS
         2856  +  versions. And it removes the dead link.
         2857  +  
         2858  +  Closes #1049
         2859  +
         2860  +- RELEASE-NOTES: spellfix
         2861  +
         2862  +- RELEASE-NOTES: synced with 82720490628cb53a
         2863  +  
         2864  +  5 more fixes, 2 more contributors
         2865  +
         2866  +- [Tobias Stoeckmann brought this change]
         2867  +
         2868  +  smb: properly check incoming packet boundaries
         2869  +  
         2870  +  Not all reply messages were properly checked for their lengths, which
         2871  +  made it possible to access uninitialized memory (but this does not lead
         2872  +  to out of boundary accesses).
         2873  +  
         2874  +  Closes #1052
         2875  +
         2876  +- test557: verify printf() with 128 and 129 arguments
         2877  +
         2878  +- mprintf: return error on too many arguments
         2879  +  
         2880  +  128 arguments should be enough for everyone
         2881  +
         2882  +- ftp: fix Curl_ftpsendf()
         2883  +  
         2884  +  ... it no longer takes printf() arguments since it was only really taken
         2885  +  advantage by one user and it was not written and used in a safe
         2886  +  way. Thus the 'f' is removed from the function name and the proto is
         2887  +  changed.
         2888  +  
         2889  +  Although the current code wouldn't end up in badness, it was a risk that
         2890  +  future changes could end up springf()ing too large data or passing in a
         2891  +  format string inadvertently.
         2892  +
         2893  +- formpost: avoid silent snprintf() truncation
         2894  +  
         2895  +  The previous use of snprintf() could make libcurl silently truncate some
         2896  +  input data and not report that back on overly large input, which could
         2897  +  make data get sent over the network in a bad format.
         2898  +  
         2899  +  Example:
         2900  +  
         2901  +   $ curl --form 'a=b' -H "Content-Type: $(perl -e 'print "A"x4100')"
         2902  +
         2903  +- TODO: build: Enable PIE and RELRO by default
         2904  +
         2905  +- TODO: Support better than MD5 hostkey hash (for ssh)
         2906  +
         2907  +- [Daniel Gustafsson brought this change]
         2908  +
         2909  +  tests: Fix a small typo in the tests README (#1060)
         2910  +  
         2911  +  The subdirectory for logs in tests/ is named log/ without an 's'
         2912  +  at the end.
         2913  +
         2914  +- TODO: Introduce --fail-fast to exit on first transfer fail
         2915  +  
         2916  +  See #1054
         2917  +
         2918  +- TODO: Leave secure cookies alone
         2919  +
         2920  +- [Rainer Müller brought this change]
         2921  +
         2922  +  CURLOPT_DEBUGFUNCTION.3: unused argument warning (#1056)
         2923  +  
         2924  +  The 'userp' argument is unused in this example code.
         2925  +
         2926  +- TODO: TCP Fast Open for windows
         2927  +
         2928  +- RELEASE-NOTES: synced with 8fd2a754f0de
         2929  +
         2930  +- CURLOPT_KEEP_SENDING_ON_ERROR.3: mention when it is added
         2931  +
         2932  +- memdup: use 'void *' as return and source type
         2933  +
         2934  +- TODO: Add easy argument to formpost functions
         2935  +
         2936  +- formpost: trying to attach a directory no longer crashes
         2937  +  
         2938  +  The error path would previously add a freed entry to the linked list.
         2939  +  
         2940  +  Reported-by: Toby Peterson
         2941  +  
         2942  +  Fixes #1053
         2943  +
         2944  +- [Sergei Kuzmin brought this change]
         2945  +
         2946  +  cookies: same domain handling changed to match browser behavior
         2947  +  
         2948  +  Cokie with the same domain but different tailmatching property are now
         2949  +  considered different and do not replace each other.  If header contains
         2950  +  following lines then two cookies will be set: Set-Cookie: foo=bar;
         2951  +  domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 Set-Cookie: foo=baz;
         2952  +  domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033
         2953  +  
         2954  +  This matches Chrome, Opera, Safari, and Firefox behavior. When sending
         2955  +  stored tokens to foo.com Chrome, Opera, Firefox store send them in the
         2956  +  stored order, while Safari pre-sort the cookies.
         2957  +  
         2958  +  Closes #1050
         2959  +
         2960  +- [Stephen Brokenshire brought this change]
         2961  +
         2962  +  FAQ: Fix typos in section 5.14 (#1047)
         2963  +  
         2964  +  Type required for YourClass::func C++ function (using size_t in line
         2965  +  with the documentation for CURLOPT_WRITEFUNCTION) and missing second
         2966  +  colon when specifying the static function for CURLOPT_WRITEFUNCTION.
         2967  +
         2968  +- [Sebastian Mundry brought this change]
         2969  +
         2970  +  KNOWN_BUGS: Fix typos in section 5.8.
         2971  +  
         2972  +  Closes #1046
         2973  +
         2974  +- [mundry brought this change]
         2975  +
         2976  +  CONTRIBUTE.md: Fix typo in 'About pull requests' section. (#1045)
         2977  +
         2978  +- curl.1: --trace supports % for sending to stderr!
         2979  +
         2980  +- KNOWN_BUGS: 5.8 configure finding libs in wrong directory
         2981  +
         2982  +Dan Fandrich (24 Sep 2016)
         2983  +- configure: Fixed builds with libssh2 in a custom location
         2984  +  
         2985  +  A libssh2 library in the standard system location was being used in
         2986  +  preference to the desired one while linking.
         2987  +
         2988  +Daniel Stenberg (23 Sep 2016)
         2989  +- SECURITY: remove the top ascii logo
         2990  +
         2991  +Michael Kaufmann (22 Sep 2016)
         2992  +- New libcurl option to keep sending on error
         2993  +  
         2994  +  Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether
         2995  +  sending the request body shall be completed when the server responds
         2996  +  early with an error status code.
         2997  +  
         2998  +  This is suitable for manual NTLM authentication.
         2999  +  
         3000  +  Reviewed-by: Jay Satiro
         3001  +  
         3002  +  Closes https://github.com/curl/curl/pull/904
         3003  +
         3004  +Kamil Dudka (22 Sep 2016)
         3005  +- nss: add chacha20-poly1305 cipher suites if supported by NSS
         3006  +
         3007  +- nss: add cipher suites using SHA384 if supported by NSS
         3008  +
         3009  +- nss: fix typo in ecdhe_rsa_null cipher suite string
         3010  +  
         3011  +  As it seems to be a rarely used cipher suite (for securely established
         3012  +  but _unencrypted_ connections), I believe it is fine not to provide an
         3013  +  alias for the misspelled variant.
         3014  +
         3015  +Jay Satiro (21 Sep 2016)
         3016  +- docs: Remove that --proto is just used for initial retrieval
         3017  +  
         3018  +  .. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not
         3019  +  override protocols denied by --proto and CURLOPT_PROTOCOLS.
         3020  +  
         3021  +  - Add a test to enforce: --proto deny must override --proto-redir allow
         3022  +  
         3023  +  Closes https://github.com/curl/curl/pull/1031
         3024  +
         3025  +Daniel Stenberg (21 Sep 2016)
         3026  +- dist: add CurlSymbolHiding.cmake to the tarball
         3027  +  
         3028  +  Follow-up to 6140dfcf3e784
         3029  +  
         3030  +  Reported-by: Alexander Sinditskiy
         3031  +
         3032  +- curl_global_cleanup.3: don't unload the lib with sub threads running
         3033  +  
         3034  +  Discussed in #997
         3035  +  
         3036  +  Assisted-by: Jay Satiro
         3037  +
         3038  +- MAIL-ETIQUETTE: language
         3039  +
         3040  +Jay Satiro (20 Sep 2016)
         3041  +- easy: Reset all statistical session info in curl_easy_reset
         3042  +  
         3043  +  Bug: https://github.com/curl/curl/issues/1017
         3044  +  Reported-by: Jeroen Ooms
         3045  +
         3046  +Daniel Stenberg (19 Sep 2016)
         3047  +- RELEASE-NOTES: synced with 79607eec51055
         3048  +
         3049  +Jay Satiro (19 Sep 2016)
         3050  +- [Daniel Gustafsson brought this change]
         3051  +
         3052  +  darwinssl: Fix typo in comment
         3053  +  
         3054  +  Closes https://github.com/curl/curl/pull/1028
         3055  +
         3056  +Daniel Stenberg (19 Sep 2016)
         3057  +- [Bernard Spil brought this change]
         3058  +
         3059  +  libressl: fix version output
         3060  +  
         3061  +  LibreSSL defines `OPENSSL_VERSION_NUMBER` as `0x20000000L` for all
         3062  +  versions returning `LibreSSL/2.0.0` for any LibreSSL version.
         3063  +  
         3064  +  This change provides a local OpenSSL_version_num function replacement
         3065  +  returning LIBRESSL_VERSION_NUMBER instead.
         3066  +  
         3067  +  Closes #1029
         3068  +
         3069  +- [rugk brought this change]
         3070  +
         3071  +  TODO: Add PINNEDPUBLICKEY - HPKP compatibility, HSTS & HPKP
         3072  +  
         3073  +  Closes #1025
         3074  +  Closes #1026
         3075  +  Closes #1027
         3076  +
         3077  +- openssl: don't call ERR_remote_thread_state on >= 1.1.0
         3078  +  
         3079  +  Follow-up fix to d9321562
         3080  +
         3081  +- openssl: don’t call CRYTPO_cleanup_all_ex_data
         3082  +  
         3083  +  The OpenSSL function CRYTPO_cleanup_all_ex_data() cannot be called
         3084  +  multiple times without crashing - and other libs might call it! We
         3085  +  basically cannot call it without risking a crash. The function is a
         3086  +  no-op since OpenSSL 1.1.0.
         3087  +  
         3088  +  Not calling this function only risks a small memory leak with OpenSSL <
         3089  +  1.1.0.
         3090  +  
         3091  +  Bug: https://curl.haxx.se/mail/lib-2016-09/0045.html
         3092  +  Reported-by: Todd Short
         3093  +
         3094  +- TODO: Support SSLKEYLOGFILE
         3095  +
         3096  +Jay Satiro (18 Sep 2016)
         3097  +- CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
         3098  +
         3099  +Nick Zitzmann (18 Sep 2016)
         3100  +- darwinssl: disable RC4 cipher-suite support
         3101  +  
         3102  +  RC4 was a nice alternative to CBC back in the days of BEAST, but it's insecure and obsolete now.
         3103  +
         3104  +- configure: change "iOS/Mac OS X native" to "Apple OS native"
         3105  +  
         3106  +  Since I first wrote that text, Apple introduced tvOS and watchOS, and renamed "Mac OS X" to "macOS." Let's make the text a little more inclusive, since curl can be built for all four operating systems.
         3107  +
         3108  +Jay Satiro (18 Sep 2016)
         3109  +- test2048: fix url
         3110  +
         3111  +- examples/imap-append: Set size of data to be uploaded
         3112  +  
         3113  +  Prior to this commit this example failed with error
         3114  +  'Cannot APPEND with unknown input file size'.
         3115  +  
         3116  +  Bug: https://github.com/curl/curl/issues/1008
         3117  +  Reported-by: lukaszgn@users.noreply.github.com
         3118  +  
         3119  +  Closes https://github.com/curl/curl/pull/1011
         3120  +
         3121  +Daniel Stenberg (16 Sep 2016)
         3122  +- [Tony Kelman brought this change]
         3123  +
         3124  +  LICENSE-MIXING.md: update with mbedTLS dual licensing
         3125  +  
         3126  +  Recent versions of mbedTLS are available under either Apache 2.0 or GPL
         3127  +  2.0, see https://tls.mbed.org/how-to-get
         3128  +  
         3129  +  Closes #1019
         3130  +
         3131  +- KNOWN_BUGS: chunked-encoded requests with HTTP/2 is fixed
         3132  +
         3133  +- http2: debug ouput sent HTTP/2 request headers
         3134  +
         3135  +- http: accept "Transfer-Encoding: chunked" for HTTP/2 as well
         3136  +  
         3137  +  ... but don't send the actual header over the wire as it isn't accepted.
         3138  +  Chunked uploading is still triggered using this method.
         3139  +  
         3140  +  Fixes #1013
         3141  +  Fixes #662
         3142  +
         3143  +- openssl: fix per-thread memory leak usiong 1.0.1 or 1.0.2
         3144  +  
         3145  +  OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread
         3146  +  so we need to clean it when easy handles are freed, in case the thread
         3147  +  will be killed in which the easy handle was used. All OpenSSL code in
         3148  +  libcurl should extract the error in association with the error already
         3149  +  so clearing this queue here should be harmless at worst.
         3150  +  
         3151  +  Fixes #964
         3152  +
         3153  +- RELEASE-NOTES: reset and go toward 7.51.0 (again)
         3154  +
         3155  +Version 7.50.3 (14 Sep 2016)
         3156  +
         3157  +Daniel Stenberg (14 Sep 2016)
         3158  +- THANKS: updated with curl 7.50.3 contributors
         3159  +
         3160  +- RELEASE-NOTES: curl 7.50.3
         3161  +
         3162  +- test1605: verify negative input lengths to (un)escape functions
         3163  +
         3164  +- curl_easy_unescape: deny negative string lengths as input
         3165  +  
         3166  +  CVE-2016-7167
         3167  +  
         3168  +  Bug: https://curl.haxx.se/docs/adv_20160914.html
         3169  +
         3170  +- curl_easy_escape: deny negative string lengths as input
         3171  +  
         3172  +  CVE-2016-7167
         3173  +  
         3174  +  Bug: https://curl.haxx.se/docs/adv_20160914.html
         3175  +
         3176  +- curl: make --create-dirs on windows grok both forward and backward slashes
         3177  +  
         3178  +  Reported-by: Ryan Scott
         3179  +  
         3180  +  Fixes #1007
         3181  +
         3182  +- RELEASE-NOTES: synced with 665694979b6
         3183  +
         3184  +- [Tony Kelman brought this change]
         3185  +
         3186  +  mbedtls: switch off NTLM in build if md4 isn't available
         3187  +  
         3188  +  NTLM support with mbedTLS was added in 497e7c9 but requires that mbedTLS
         3189  +  is built with the MD4 functions available, which it isn't in default
         3190  +  builds. This now adapts if the funtion isn't there and builds libcurl
         3191  +  without NTLM support if so.
         3192  +  
         3193  +  Fixes #1004
         3194  +
         3195  +Jay Satiro (12 Sep 2016)
         3196  +- CODE_STYLE: fix long-line guideline
         3197  +  
         3198  +  - Change maximum allowed line length from 80 to 79.
         3199  +
         3200  +- CODE_STYLE: add column alignment section
         3201  +  
         3202  +  Note that since the added examples are for column alignment I had to
         3203  +  encapsulate with ~~~c markdown to preserve their alignment.
         3204  +
         3205  +Peter Wu (11 Sep 2016)
         3206  +- cmake: fix curl-config --static-libs
         3207  +  
         3208  +  The `curl-config --static-libs` command should not output paths like
         3209  +  -l/usr/lib/libssl.so, instead print the absolute path without `-l`.
         3210  +  
         3211  +  This also removes the confusing message "Static linking is broken" which
         3212  +  was printed because curl-config --static-libs was disfunctional even
         3213  +  though the static libcurl.a library works properly.
         3214  +  
         3215  +  Fixes https://github.com/curl/curl/issues/841
         3216  +
         3217  +Daniel Stenberg (11 Sep 2016)
         3218  +- http: refuse to pass on response body with NO_NODY was set
         3219  +  
         3220  +  ... like when a HTTP/0.9 response comes back without any headers at all
         3221  +  and just a body this now prevents that body from being sent to the
         3222  +  callback etc.
         3223  +  
         3224  +  Adapted test 1144 to verify.
         3225  +  
         3226  +  Fixes #973
         3227  +  
         3228  +  Assisted-by: Ray Satiro
         3229  +
         3230  +- RELEASE-NOTES: synced with 257bf3ac67eb6
         3231  +
         3232  +Jakub Zakrzewski (10 Sep 2016)
         3233  +- CMake: Don't build unit tests if private symbols are hidden
         3234  +  
         3235  +  This only excludes building unit tests from default build ( 'all' Make
         3236  +  target or "Build Solution" in VisualStudio). The projects and Make
         3237  +  targets will still be generated and shown in supporting IDEs.
         3238  +  
         3239  +  Fixes https://github.com/curl/curl/issues/981
         3240  +  Reported-by: Randy Armstrong
         3241  +  
         3242  +  Closes https://github.com/curl/curl/pull/990
         3243  +
         3244  +- CMake: Try to (un-)hide private library symbols
         3245  +  
         3246  +  Detect support for compiler symbol visibility flags and apply those
         3247  +  according to CURL_HIDDEN_SYMBOLS option.
         3248  +  It should work true to the autotools build except it tries to unhide
         3249  +  symbols on Windows when requested and prints warning if it fails.
         3250  +  
         3251  +  Ref: https://github.com/curl/curl/issues/981#issuecomment-242665951
         3252  +  Reported-by: Daniel Stenberg
         3253  +
         3254  +Daniel Stenberg (9 Sep 2016)
         3255  +- openssl: fix bad memory free (regression)
         3256  +  
         3257  +  ... by partially reverting f975f06033b1. The allocation could be made by
         3258  +  OpenSSL so the free must be made with OPENSSL_free() to avoid problems.
         3259  +  
         3260  +  Reported-by: Harold Stuart
         3261  +  Fixes #1005
         3262  +
         3263  +- http2: support > 64bit sized uploads
         3264  +  
         3265  +  ... by making sure we don't count down the "upload left" counter when the
         3266  +  uploaded size is unknown and then it can be allowed to continue forever.
         3267  +  
         3268  +  Fixes #996
         3269  +
         3270  +Jay Satiro (7 Sep 2016)
         3271  +- errors: new alias CURLE_WEIRD_SERVER_REPLY (8)
         3272  +  
         3273  +  Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as
         3274  +  more of a generic "failed to parse" introduce an alias without FTP in
         3275  +  the name.
         3276  +  
         3277  +  Closes https://github.com/curl/curl/pull/975
         3278  +
         3279  +Daniel Stenberg (7 Sep 2016)
         3280  +- bump: toward 7.51.0
         3281  +
         3282  +- HISTORY: remove ascii logo to render nicer on web
         3283  +
         3284  +- curl: whitelist use of strtok() in non-threaded context
         3285  +
         3286  +- checksrc: detect strtok() use
         3287  +  
         3288  +  ... as that function slipped through once before.
         3289  +
         3290  +GitHub (7 Sep 2016)
         3291  +- [Viktor Szakats brought this change]
         3292  +
         3293  +  mk-ca-bundle.pl: use SHA256 instead of SHA1
         3294  +  
         3295  +  This hash is used to verify the original downloaded certificate bundle
         3296  +  and also included in the generated bundle's comment header. Also
         3297  +  rename related internal symbols to algorithm-agnostic names.
         3298  +
         3299  +Version 7.50.2 (7 Sep 2016)
         3300  +
         3301  +Daniel Stenberg (7 Sep 2016)
         3302  +- RELEASE-NOTES: curl 7.50.2 release
         3303  +
         3304  +- THANKS: updated for 7.50.2
         3305  +
         3306  +Jay Satiro (6 Sep 2016)
         3307  +- [Gaurav Malhotra brought this change]
         3308  +
         3309  +  openssl: fix CURLINFO_SSL_VERIFYRESULT
         3310  +  
         3311  +  CURLINFO_SSL_VERIFYRESULT does not get the certificate verification
         3312  +  result when SSL_connect fails because of a certificate verification
         3313  +  error.
         3314  +  
         3315  +  This fix saves the result of SSL_get_verify_result so that it is
         3316  +  returned by CURLINFO_SSL_VERIFYRESULT.
         3317  +  
         3318  +  Closes https://github.com/curl/curl/pull/995
         3319  +
         3320  +Daniel Stenberg (6 Sep 2016)
         3321  +- [Daniel Gustafsson brought this change]
         3322  +
         3323  +  darwinssl: test for errSecSuccess in PKCS12 import rather than noErr (#993)
         3324  +  
         3325  +  While noErr and errSecSuccess are defined as the same value, the API
         3326  +  documentation states that SecPKCS12Import() returns errSecSuccess if
         3327  +  there were no errors in importing. Ensure that a future change of the
         3328  +  defined value doesn't break (however unlikely) and be consistent with
         3329  +  the API docs.
         3330  +
         3331  +- [Daniel Gustafsson brought this change]
         3332  +
         3333  +  docs: Fix link to CONTRIBUTE in Github contribution guidelines (#994)
         3334  +
         3335  +- [Marcel Raad brought this change]
         3336  +
         3337  +  openssl: Fix compilation with OPENSSL_API_COMPAT=0x10100000L
         3338  +  
         3339  +  With OPENSSL_API_COMPAT=0x10100000L (OpenSSL 1.1 API), the cleanup
         3340  +  functions are unavailable (they're no-ops anyway in OpenSSL 1.1). The
         3341  +  replacements for SSL_load_error_strings, SSLeay_add_ssl_algorithms, and
         3342  +  OpenSSL_add_all_algorithms are called automatically [1][2]. SSLeay() is
         3343  +  now called OpenSSL_version_num().
         3344  +  
         3345  +  [1]: https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html
         3346  +  [2]: https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html
         3347  +  
         3348  +  Closes #992
         3349  +
         3350  +- RELEASE-NOTES: synced with 3d4c0c8b9bc1d
         3351  +
         3352  +- http2: return EOF when done uploading without known size
         3353  +  
         3354  +  Fixes #982
         3355  +
         3356  +- http2: skip the content-length parsing, detect unknown size
         3357  +
         3358  +- http2: minor white space edit
         3359  +
         3360  +- http2: use named define instead of magic constant in read callback
         3361  +
         3362  +- [Craig Davison brought this change]
         3363  +
         3364  +  configure: make the cpp -P detection not clobber CPPFLAGS
         3365  +  
         3366  +  CPPPFLAGS is now CPPPFLAG. Fixes CURL_CHECK_DEF.
         3367  +  
         3368  +  Fixes #958
         3369  +
         3370  +- [Olivier Brunel brought this change]
         3371  +
         3372  +  speed caps: not based on average speeds anymore
         3373  +  
         3374  +  Speed limits (from CURLOPT_MAX_RECV_SPEED_LARGE &
         3375  +  CURLOPT_MAX_SEND_SPEED_LARGE) were applied simply by comparing limits
         3376  +  with the cumulative average speed of the entire transfer; While this
         3377  +  might work at times with good/constant connections, in other cases it
         3378  +  can result to the limits simply being "ignored" for more than "short
         3379  +  bursts" (as told in man page).
         3380  +  
         3381  +  Consider a download that goes on much slower than the limit for some
         3382  +  time (because bandwidth is used elsewhere, server is slow, whatever the
         3383  +  reason), then once things get better, curl would simply ignore the limit
         3384  +  up until the average speed (since the beginning of the transfer) reached
         3385  +  the limit.  This could prove the limit useless to effectively avoid
         3386  +  using the entire bandwidth (at least for quite some time).
         3387  +  
         3388  +  So instead, we now use a "moving starting point" as reference, and every
         3389  +  time at least as much as the limit as been transferred, we can reset
         3390  +  this starting point to the current position. This gets a good limiting
         3391  +  effect that applies to the "current speed" with instant reactivity (in
         3392  +  case of sudden speed burst).
         3393  +  
         3394  +  Closes #971
         3395  +
         3396  +- HISTORY.md: the multi socket was put in the wrong year!
         3397  +
         3398  +- [Mark Hamilton brought this change]
         3399  +
         3400  +  tool_helpers.c: fix comment typo (#989)
         3401  +
         3402  +- [Mark Hamilton brought this change]
         3403  +
         3404  +  libtest/test.h: fix typo (#988)
         3405  +
         3406  +- CURLMOPT_PIPELINING.3: language
         3407  +
         3408  +- CURLMOPT_PIPELINING.3: extended and clarified
         3409  +  
         3410  +  Especially in regards to the multiplexing part.
         3411  +
         3412  +Steve Holme (31 Aug 2016)
         3413  +- curl_sspi.c: Updated function description comments
         3414  +  
         3415  +  * Added description to Curl_sspi_free_identity()
         3416  +  * Added parameter and return explanations to Curl_sspi_global_init()
         3417  +  * Added parameter explaination to Curl_sspi_global_cleanup()
         3418  +
         3419  +- README: Corrected the supported Visual Studio versions
         3420  +  
         3421  +  Missed from commit 8356022d17.
         3422  +
         3423  +- KNOWN_BUGS: Move the Visual Studio project shortcomings from local README
         3424  +
         3425  +- KNOWN_BUGS: Expand 6.4 to include Kerberos V5
         3426  +  
         3427  +  ...and discuss a possible solution.
         3428  +
         3429  +Daniel Stenberg (30 Aug 2016)
         3430  +- connect: fix #ifdefs for debug versions of conn/streamclose() macros
         3431  +  
         3432  +  CURLDEBUG is for the memory debugging
         3433  +  
         3434  +  DEBUGBUILD is for the extra debug stuff
         3435  +  
         3436  +  Pointed-out-by: Steve Holme
         3437  +
         3438  +- KNOWN_BUGS: mention some cmake "support gaps"
         3439  +
         3440  +Nick Zitzmann (28 Aug 2016)
         3441  +- darwinssl: add documentation stating that the --cainfo option is intended for backward compatibility only
         3442  +  
         3443  +  In other news, I changed one other reference to "Mac OS X" in the documentation (that I previously wrote) to say "macOS" instead.
         3444  +
         3445  +Daniel Stenberg (28 Aug 2016)
         3446  +- http2: return CURLE_HTTP2_STREAM for unexpected stream close
         3447  +  
         3448  +  Follow-up to c3e906e9cd0f, seems like a more appropriate error code
         3449  +  
         3450  +  Suggested-by: Jay Satiro
         3451  +
         3452  +- [Tatsuhiro Tsujikawa brought this change]
         3453  +
         3454  +  http2: handle closed streams when uploading
         3455  +  
         3456  +  Fixes #986
         3457  +
         3458  +- http2: make sure stream errors don't needlessly close the connection
         3459  +  
         3460  +  With HTTP/2 each transfer is made in an indivial logical stream over the
         3461  +  connection, making most previous errors that caused the connection to get
         3462  +  forced-closed now instead just kill the stream and not the connection.
         3463  +  
         3464  +  Fixes #941
         3465  +
         3466  +- Curl_verify_windows_version: minor edit to avoid compiler warnings
         3467  +  
         3468  +  ... instead of if() before the switch(), add a default to the switch so
         3469  +  that the compilers don't warn on "warning: enumeration value
         3470  +  'PLATFORM_DONT_CARE' not handled in switch" anymore.
         3471  +
         3472  +Steve Holme (27 Aug 2016)
         3473  +- RELEASE-NOTES: Added missing fix from commit 15592143f
         3474  +
         3475  +Jay Satiro (26 Aug 2016)
         3476  +- schannel: Disable ALPN for Wine since it is causing problems
         3477  +  
         3478  +  - Disable ALPN on Wine.
         3479  +  
         3480  +  - Don't pass input secbuffer when ALPN is disabled.
         3481  +  
         3482  +  When ALPN support was added a change was made to pass an input secbuffer
         3483  +  to initialize the context. When ALPN is enabled the buffer contains the
         3484  +  ALPN information, and when it's disabled the buffer is empty. In either
         3485  +  case this input buffer caused problems with Wine and connections would
         3486  +  not complete.
         3487  +  
         3488  +  Bug: https://github.com/curl/curl/issues/983
         3489  +  Reported-by: Christian Fillion
         3490  +
         3491  +Kamil Dudka (26 Aug 2016)
         3492  +- [Peter Wang brought this change]
         3493  +
         3494  +  nss: work around race condition in PK11_FindSlotByName()
         3495  +  
         3496  +  Serialise the call to PK11_FindSlotByName() to avoid spurious errors in
         3497  +  a multi-threaded environment. The underlying cause is a race condition
         3498  +  in nssSlot_IsTokenPresent().
         3499  +  
         3500  +  Bug: https://bugzilla.mozilla.org/1297397
         3501  +  
         3502  +  Closes #985
         3503  +
         3504  +- nss: refuse previously loaded certificate from file
         3505  +  
         3506  +  ... when we are not asked to use a certificate from file
         3507  +
         3508  +Daniel Stenberg (26 Aug 2016)
         3509  +- ftp_done: remove dead code
         3510  +
         3511  +- TLS: random file/egd doesn't have to match for conn reuse
         3512  +
         3513  +- test161: add comment for the exit code
         3514  +
         3515  +Dan Fandrich (26 Aug 2016)
         3516  +- test219: Add http as a required feature
         3517  +
         3518  +Daniel Stenberg (25 Aug 2016)
         3519  +- [Michael Kaufmann brought this change]
         3520  +
         3521  +  HTTP: stop parsing headers when switching to unknown protocols
         3522  +  
         3523  +  - unknown protocols probably won't send more headers (e.g. WebSocket)
         3524  +  - improved comments and moved them to the correct case statements
         3525  +  
         3526  +  Closes #899
         3527  +
         3528  +- openssl: make build with 1.1.0 again
         3529  +  
         3530  +  synced with OpenSSL git master commit cc06906707
         3531  +
         3532  +- INTERNALS: fix title
         3533  +
         3534  +- configure: detect zlib with our pkg-config macros
         3535  +  
         3536  +  ... instead of relying on the pkg-config autoconf macros to be present.
         3537  +  
         3538  +  Fixes #972 (again...)
         3539  +
         3540  +Jay Satiro (25 Aug 2016)
         3541  +- http2: Remove incorrect comments
         3542  +  
         3543  +  .. also remove same from scp
         3544  +
         3545  +Daniel Stenberg (23 Aug 2016)
         3546  +- [Ales Novak brought this change]
         3547  +
         3548  +  ftp: fix wrong poll on the secondary socket
         3549  +  
         3550  +  When we're uploading using FTP and the server issues a tiny pause
         3551  +  between opening the connection to the client's secondary socket, the
         3552  +  client's initial poll() times out, which leads to second poll() which
         3553  +  does not wait for POLLIN on the secondary socket. So that poll() also
         3554  +  has to time out, creating a long (200ms) pause.
         3555  +  
         3556  +  This patch adds the correct flag to the secondary socket, making the
         3557  +  second poll() correctly wait for the connection there too.
         3558  +  
         3559  +  Signed-off-by: Ales Novak <alnovak@suse.cz>
         3560  +  
         3561  +  Closes #978
         3562  +
         3563  +- RELEASE-NOTES: synced with 95ded2c56
         3564  +
         3565  +- configure: make it work without PKG_CHECK_MODULES
         3566  +  
         3567  +  With commit c2f9b78 we added a new dependency on pkg-config for
         3568  +  developers which may be unwanted. This change make the configure script
         3569  +  still work as before if pkg-config isn't installed, it'll just use the
         3570  +  old zlib detection logic without pkg-config.
         3571  +  
         3572  +  Reported-by: Marc Hörsken
         3573  +  
         3574  +  Fixes #972
         3575  +
         3576  +Marc Hoersken (21 Aug 2016)
         3577  +- Revert "KNOWN_BUGS: SOCKS proxy not working via IPv6"
         3578  +  
         3579  +  This reverts commit 9cb1059f92286a6eb5d28c477fdd3f26aed1d554.
         3580  +  
         3581  +  As discussed in #835 SOCKS5 supports IPv6 proxies and destinations.
         3582  +
         3583  +Daniel Stenberg (21 Aug 2016)
         3584  +- [Marco Deckel brought this change]
         3585  +
         3586  +  win: Basic support for Universal Windows Platform apps
         3587  +  
         3588  +  Closes #820
         3589  +
         3590  +Steve Holme (21 Aug 2016)
         3591  +- sasl: Don't use GSSAPI authentication when domain name not specified
         3592  +  
         3593  +  Only choose the GSSAPI authentication mechanism when the user name
         3594  +  contains a Windows domain name or the user is a valid UPN.
         3595  +  
         3596  +  Fixes #718
         3597  +
         3598  +- vauth: Added check for supported SSPI based authentication mechanisms
         3599  +  
         3600  +  Completing commit 00417fd66c and 2708d4259b.
         3601  +
         3602  +- http.c: Remove duplicate (authp->avail & CURLAUTH_DIGEST) check
         3603  +  
         3604  +  From commit 2708d4259b.
         3605  +
         3606  +Marc Hoersken (20 Aug 2016)
         3607  +- socks.c: display the hostname returned by the SOCKS5 proxy server
         3608  +  
         3609  +  Instead of displaying the requested hostname the one returned
         3610  +  by the SOCKS5 proxy server is used in case of connection error.
         3611  +  The requested hostname is displayed earlier in the connection sequence.
         3612  +  
         3613  +  The upper-value of the port is moved to a temporary variable and
         3614  +  replaced with a 0-byte to make sure the hostname is 0-terminated.
         3615  +
         3616  +Steve Holme (20 Aug 2016)
         3617  +- urldata.h: Corrected comment for httpcode which is also populated by SMTP
         3618  +  
         3619  +  As of 7.25.0 and commit 5430007222.
         3620  +
         3621  +Marc Hoersken (20 Aug 2016)
         3622  +- socks.c: use Curl_printable_address in SOCKS5 connection sequence
         3623  +  
         3624  +  Replace custom string formatting with Curl_printable_address.
         3625  +  Add additional debug and error output in case of failures.
         3626  +
         3627  +- socks.c: align SOCKS4 connection sequence with SOCKS5
         3628  +  
         3629  +  Calling sscanf is not required since the raw IPv4 address is
         3630  +  available and the protocol can be detected using ai_family.
         3631  +
         3632  +Steve Holme (20 Aug 2016)
         3633  +- http.c: Corrected indentation change from commit 2708d4259b
         3634  +  
         3635  +  Made by Visual Studio's auto-correct feature and missed by me in my own
         3636  +  code reviews!
         3637  +
         3638  +- http: Added calls to Curl_auth_is_<mechansism>_supported()
         3639  +  
         3640  +  Hooked up the HTTP authentication layer to query the new 'is mechanism
         3641  +  supported' functions when deciding what mechanism to use.
         3642  +  
         3643  +  As per commit 00417fd66c existing functionality is maintained for now.
         3644  +
         3645  +Marc Hoersken (20 Aug 2016)
         3646  +- socks.c: improve verbose output of SOCKS5 connection sequence
         3647  +
         3648  +- configure.ac: add missing quotes to PKG_CHECK_MODULES
         3649  +
         3650  +Steve Holme (20 Aug 2016)
         3651  +- sasl: Added calls to Curl_auth_is_<mechansism>_supported()
         3652  +  
         3653  +  Hooked up the SASL authentication layer to query the new 'is mechanism
         3654  +  supported' functions when deciding what mechanism to use.
         3655  +  
         3656  +  For now existing functionality is maintained.
         3657  +
         3658  +Daniel Stenberg (19 Aug 2016)
         3659  +- [Miroslav Franc brought this change]
         3660  +
         3661  +  spnego_sspi: fix memory leak in case *outlen is zero (#970)
         3662  +
         3663  +- CURLMOPT_MAX_TOTAL_CONNECTIONS.3: mention it can also multiplex
         3664  +
         3665  +Steve Holme (18 Aug 2016)
         3666  +- vauth: Introduced Curl_auth_is_<mechansism>_supported() functions
         3667  +  
         3668  +  As Windows SSPI authentication calls fail when a particular mechanism
         3669  +  isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5
         3670  +  and Negotiate to allow both HTTP and SASL authentication the opportunity
         3671  +  to query support for a supported mechanism before selecting it.
         3672  +  
         3673  +  For now each function returns TRUE to maintain compatability with the
         3674  +  existing code when called.
         3675  +
         3676  +Daniel Stenberg (18 Aug 2016)
         3677  +- test1144: verify HEAD with body-only response
         3678  +
         3679  +Steve Holme (17 Aug 2016)
         3680  +- RELEASE-PROCEDURE: Added some more future release dates
         3681  +  
         3682  +  ...and removed some old ones
         3683  +
         3684  +Daniel Stenberg (17 Aug 2016)
         3685  +- [David Woodhouse brought this change]
         3686  +
         3687  +  curl: allow "pkcs11:" prefix for client certificates
         3688  +  
         3689  +  RFC7512 provides a standard method to reference certificates in PKCS#11
         3690  +  tokens, by means of a URI starting 'pkcs11:'.
         3691  +  
         3692  +  We're working on fixing various applications so that whenever they would
         3693  +  have been able to use certificates from a file, users can simply insert
         3694  +  a PKCS#11 URI instead and expect it to work. This expectation is now a
         3695  +  part of the Fedora packaging guidelines, for example.
         3696  +  
         3697  +  This doesn't work with cURL because of the way that the colon is used
         3698  +  to separate the certificate argument from the passphrase. So instead of
         3699  +  
         3700  +     curl -E 'pkcs11:manufacturer=piv_II;id=%01' …
         3701  +  
         3702  +  I instead need to invoke cURL with the colon escaped, like this:
         3703  +  
         3704  +     curl -E 'pkcs11\:manufacturer=piv_II;id=%01' …
         3705  +  
         3706  +  This is suboptimal because we want *consistency* — the URI should be
         3707  +  usable in place of a filename anywhere, without having strange
         3708  +  differences for different applications.
         3709  +  
         3710  +  This patch therefore disables the processing in parse_cert_parameter()
         3711  +  when the string starts with 'pkcs11:'. It means you can't pass a
         3712  +  passphrase with an unescaped PKCS#11 URI, but there's no need to do so
         3713  +  because RFC7512 allows a PIN to be given as a 'pin-value' attribute in
         3714  +  the URI itself.
         3715  +  
         3716  +  Also, if users are already using RFC7512 URIs with the colon escaped as
         3717  +  in the above example — even providing a passphrase for cURL to handling
         3718  +  instead of using a pin-value attribute, that will continue to work
         3719  +  because their string will start 'pkcs11\:' and won't match the check.
         3720  +  
         3721  +  What *does* break with this patch is the extremely unlikely case that a
         3722  +  user has a file which is in the local directory and literally named
         3723  +  just "pkcs11", and they have a passphrase on it. If that ever happened,
         3724  +  the user would need to refer to it as './pkcs11:<passphrase>' instead.
         3725  +
         3726  +- nss: make the global variables static
         3727  +
         3728  +- openssl: use regular malloc instead of OPENSSL_malloc
         3729  +  
         3730  +  This allows for better memmory debugging and torture tests.
         3731  +
         3732  +- proxy: fix tests as follow-up to 93b0d907d5
         3733  +  
         3734  +  This fixes tests that were added after 113f04e664b as the tests would
         3735  +  fail otherwise.
         3736  +  
         3737  +  We bring back "Proxy-Connection: Keep-Alive" now unconditionally to fix
         3738  +  regressions with old and stupid proxies, but we could possibly switch to
         3739  +  using it only for CONNECT or only for NTLM in a future if we want to
         3740  +  gradually reduce it.
         3741  +  
         3742  +  Fixes #954
         3743  +  
         3744  +  Reported-by: János Fekete
         3745  +
         3746  +- Revert "Proxy-Connection: stop sending this header by default"
         3747  +  
         3748  +  This reverts commit 113f04e664b16b944e64498a73a4dab990fe9a68.
         3749  +
         3750  +- CURLOPT_PROXY.3: unsupported schemes cause errors now
         3751  +  
         3752  +  Follow-up to a96319ebb9 (document the new behavior)
         3753  +
         3754  +- tests/README: mention nghttpx for HTTP/2 tests
         3755  +
         3756  +- README.md: add our CII Best Practices badge
         3757  +
         3758  +- proxy: polished the error message for unsupported schemes
         3759  +  
         3760  +  Follow up to a96319ebb93
         3761  +
         3762  +- test219: verify unsupported scheme for proxies get rejected
         3763  +
         3764  +- proxy: reject attempts to use unsupported proxy schemes
         3765  +  
         3766  +  I discovered some people have been using "https://example.com" style
         3767  +  strings as proxy and it "works" (curl doesn't complain) because curl
         3768  +  ignores unknown schemes and then assumes plain HTTP instead.
         3769  +  
         3770  +  I think this misleads users into believing curl uses HTTPS to proxies
         3771  +  when it doesn't. Now curl rejects proxy strings using unsupported
         3772  +  schemes instead of just ignoring and defaulting to HTTP.
         3773  +
         3774  +- RELEASE-NOTES: synced with b7ee5316c2fd5b
         3775  +
         3776  +Marc Hoersken (14 Aug 2016)
         3777  +- socks.c: Correctly calculate position of port in response packet
         3778  +  
         3779  +  Third commit to fix issue #944 regarding SOCKS5 error handling.
         3780  +  
         3781  +  Reported-by: David Kalnischkies
         3782  +
         3783  +- socks.c: Do not modify and invalidate calculated response length
         3784  +  
         3785  +  Second commit to fix issue #944 regarding SOCKS5 error handling.
         3786  +  
         3787  +  Reported-by: David Kalnischkies
         3788  +
         3789  +- socks.c: Move error output after reading the whole response packet
         3790  +  
         3791  +  First commit to fix issue #944 regarding SOCKS5 error handling.
         3792  +  
         3793  +  Reported-by: David Kalnischkies
         3794  +
         3795  +Daniel Stenberg (13 Aug 2016)
         3796  +- [Ronnie Mose brought this change]
         3797  +
         3798  +  MANUAL: Remove invalid link to LDAP documentation (#962)
         3799  +  
         3800  +  The server developer.netscape.com does not resolve into any
         3801  +  ip address and can be removed.
         3802  +
         3803  +Jay Satiro (13 Aug 2016)
         3804  +- openssl: accept subjectAltName iPAddress if no dNSName match
         3805  +  
         3806  +  Undo change introduced in d4643d6 which caused iPAddress match to be
         3807  +  ignored if dNSName was present but did not match.
         3808  +  
         3809  +  Also, if iPAddress is present but does not match, and dNSName is not
         3810  +  present, fail as no-match. Prior to this change in such a case the CN
         3811  +  would be checked for a match.
         3812  +  
         3813  +  Bug: https://github.com/curl/curl/issues/959
         3814  +  Reported-by: wmsch@users.noreply.github.com
         3815  +
         3816  +Daniel Stenberg (12 Aug 2016)
         3817  +- [Dambaev Alexander brought this change]
         3818  +
         3819  +  configure.ac: add zlib search with pkg-config
         3820  +  
         3821  +  Closes #956
         3822  +
         3823  +- rtsp: ignore whitespace in session id
         3824  +  
         3825  +  Follow-up to e577c43bb to fix test case 569 brekage: stop the parser at
         3826  +  whitespace as well.
         3827  +  
         3828  +  Help-by: Erik Janssen
         3829  +
         3830  +- HTTP: retry failed HEAD requests too
         3831  +  
         3832  +  Mark's new document about HTTP Retries
         3833  +  (https://mnot.github.io/I-D/httpbis-retry/) made me check our code and I
         3834  +  spotted that we don't retry failed HEAD requests which seems totally
         3835  +  inconsistent and I can't see any reason for that separate treatment.
         3836  +  
         3837  +  So, no separate treatment for HEAD starting now. A HTTP request sent
         3838  +  over a reused connection that gets cut off before a single byte is
         3839  +  received will be retried on a fresh connection.
         3840  +  
         3841  +  Made-aware-by: Mark Nottingham
         3842  +
         3843  +- mk-ca-bundle.1: document -m, added in 1.26
         3844  +
         3845  +- RELEASE-NOTES: synced with e577c43bb5
         3846  +
         3847  +- [Erik Janssen brought this change]
         3848  +
         3849  +  rtsp: accept any RTSP session id
         3850  +  
         3851  +  Makes libcurl work in communication with gstreamer-based RTSP
         3852  +  servers. The original code validates the session id to be in accordance
         3853  +  with the RFC. I think it is better not to do that:
         3854  +  
         3855  +  - For curl the actual content is a don't care.
         3856  +  
         3857  +  - The clarity of the RFC is debatable, is $ allowed or only as \$, that
         3858  +    is imho not clear
         3859  +  
         3860  +  - Gstreamer seems to url-encode the session id but % is not allowed by
         3861  +  the RFC
         3862  +  
         3863  +  - less code
         3864  +  
         3865  +  With this patch curl will correctly handle real-life lines like:
         3866  +  Session: biTN4Kc.8%2B1w-AF.; timeout=60
         3867  +  
         3868  +  Bug: https://curl.haxx.se/mail/lib-2016-08/0076.html
         3869  +
         3870  +- symbols-in-versions: add CURL_STRICTER
         3871  +  
         3872  +  Added in 5fce88aa8c12564
         3873  +
         3874  +- [Simon Warta brought this change]
         3875  +
         3876  +  winbuild: Allow changing C compiler via environment variable CC (#952)
         3877  +  
         3878  +  This makes it possible to use specific compilers or a cache.
         3879  +  
         3880  +  Sample use for clcache:
         3881  +  set CC=clcache.bat
         3882  +  nmake /f Makefile.vc DEBUG=no MODE=static VC=14 GEN_PDB=no
         3883  +
         3884  +- LICENSE-MIXING.md: switched to markdown
         3885  +
         3886  +- docs-make: have markdown files use .md
         3887  +
         3888  +- curl.h: make CURL_NO_OLDIES define CURL_STRICTER
         3889  +
         3890  +- HISTORY.md: use markdown extension
         3891  +
         3892  +- SSLCERTS.md: renamed to markdown extension
         3893  +
         3894  +- INTERNALS.md: use markdown extension for markdown content
         3895  +
         3896  +- CONTRIBUTE.md: markdown extension
         3897  +
         3898  +- CONTRIBUTE: changed to markdown
         3899  +
         3900  +- CONTRIBUTE: refreshed
         3901  +
         3902  +- TODO: added an SSH section and two SFTP things to do
         3903  +
         3904  +- TODO: remove the 1.22 duplicated item
         3905  +
         3906  +- TODO: move "CURLOPT_MAIL_CLIENT" to SMTP section
         3907  +
         3908  +- TODO: API for URL parsing/splitting
         3909  +
         3910  +- TODO: move QUIC to the HTTP section
         3911  +
         3912  +- [Simon Warta brought this change]
         3913  +
         3914  +  winbuild: Free name $(CC) in Makefile (#950)
         3915  +  
         3916  +  In the old line number 290, CC and CURL_CC had the same value. After
         3917  +  that, /DCURL_STATICLIB was added to CC but not CURL_CC (intended?).
         3918  +  
         3919  +  This gets rid of the CC variable entirely. It is a first step to make it
         3920  +  possible to manualyl set a CC variable in order to be able to change the
         3921  +  compiler.
         3922  +
         3923  +- TODO: Use huge HTTP/2 windows
         3924  +
         3925  +- [Simon Warta brought this change]
         3926  +
         3927  +  winbuild: Avoid setting redundant CFLAGS to compile commands (#949)
         3928  +  
         3929  +  $(CURL_CC) is always used with $(CURL_CFLAGS) appended, so before this,
         3930  +  all arguments in CURL_CFLAGS have been added twice.
         3931  +
         3932  +Jay Satiro (8 Aug 2016)
         3933  +- cmake: Enable win32 threaded resolver by default
         3934  +  
         3935  +  - Turn on USE_THREADS_WIN32 in Windows if ares isn't on
         3936  +  
         3937  +  This change is similar to what we already do in the autotools build.
         3938  +
         3939  +- cmake: Enable win32 large file support by default
         3940  +  
         3941  +  All compilers used by cmake in Windows should support large files.
         3942  +  
         3943  +  - Add test SIZEOF_OFF_T
         3944  +  - Remove outdated test SIZEOF_CURL_OFF_T
         3945  +  - Turn on USE_WIN32_LARGE_FILES in Windows
         3946  +  - Check for 'Largefile' during the features output
         3947  +
         3948  +Daniel Stenberg (7 Aug 2016)
         3949  +- TODO: added several ideas, removed SPDY
         3950  +
         3951  +- http2: always wait for readable socket
         3952  +  
         3953  +  Since the server can at any time send a HTTP/2 frame to us, we need to
         3954  +  wait for the socket to be readable during all transfers so that we can
         3955  +  act on incoming frames even when uploading etc.
         3956  +  
         3957  +  Reminded-by: Tatsuhiro Tsujikawa
         3958  +
         3959  +- RELEASE-NOTES: synced with 7b4bf37a44791
         3960  +
         3961  +- [Thomas Glanzmann brought this change]
         3962  +
         3963  +  mbedtls: set debug threshold to 4 (verbose) when MBEDTLS_DEBUG is defined
         3964  +  
         3965  +  In order to make MBEDTLS_DEBUG work, the debug threshold must be unequal
         3966  +  to 0.  This patch also adds a comment how mbedtls must be compiled in
         3967  +  order to make debugging work, and explains the possible debug levels.
         3968  +
         3969  +- CURLOPT_TCP_NODELAY: now enabled by default
         3970  +  
         3971  +  After a few wasted hours hunting down the reason for slowness during a
         3972  +  TLS handshake that turned out to be because of TCP_NODELAY not being
         3973  +  set, I think we have enough motivation to toggle the default for this
         3974  +  option. We now enable TCP_NODELAY by default and allow applications to
         3975  +  switch it off.
         3976  +  
         3977  +  This also makes --tcp-nodelay unnecessary, but --no-tcp-nodelay can be
         3978  +  used to disable it.
         3979  +  
         3980  +  Thanks-to: Tim Rühsen
         3981  +  Bug: https://curl.haxx.se/mail/lib-2016-06/0143.html
         3982  +
         3983  +- [Serj Kalichev brought this change]
         3984  +
         3985  +  TFTP: Fix upload problem with piped input
         3986  +  
         3987  +  When input stream for curl is stdin and input stream is not a file but
         3988  +  generated by a script then curl can truncate data transfer to arbitrary
         3989  +  size since a partial packet is treated as end of transfer by TFTP.
         3990  +  
         3991  +  Fixes #857
         3992  +
         3993  +- mk-ca-bundle.pl: -m keeps ca cert meta data in output
         3994  +  
         3995  +  Makes the script pass on comments holding meta data to the output
         3996  +  file. Like fingerprinters, issuer, date ranges etc.
         3997  +  
         3998  +  Closes #937
         3999  +
         4000  +- multi: make Curl_expire() work with 0 ms timeouts
         4001  +  
         4002  +  Previously, passing a timeout of zero to Curl_expire() was a magic code
         4003  +  for clearing all timeouts for the handle. That is now instead made with
         4004  +  the new Curl_expire_clear() function and thus a 0 timeout is fine to set
         4005  +  and will trigger a timeout ASAP.
         4006  +  
         4007  +  This will help removing short delays, in particular notable when doing
         4008  +  HTTP/2.
         4009  +
         4010  +- transfer: return without select when the read loop reached maxcount
         4011  +  
         4012  +  Regression added in 790d6de48515. The was then added to avoid one
         4013  +  particular transfer to starve out others. But when aborting due to
         4014  +  reading the maxcount, the connection must be marked to be read from
         4015  +  again without first doing a select as for some protocols (like SFTP/SCP)
         4016  +  the data may already have been read off the socket.
         4017  +  
         4018  +  Reported-by: Dan Donahue
         4019  +  Bug: https://curl.haxx.se/mail/lib-2016-07/0057.html
         4020  +
         4021  +Steve Holme (3 Aug 2016)
         4022  +- [Bill Nagel brought this change]
         4023  +
         4024  +  mbedtls: Added support for NTLM
         4025  +
         4026  +Daniel Stenberg (3 Aug 2016)
         4027  +- [Sergei Nikulov brought this change]
         4028  +
         4029  +  travis: removed option to rebuild autotool from source
         4030  +  
         4031  +  Fixes #943
         4032  +
         4033  +- bump: start working toward 7.50.2
         4034  +
         4035  +Version 7.50.1 (3 Aug 2016)
         4036  +
         4037  +Daniel Stenberg (3 Aug 2016)
         4038  +- THANKS: 7 new contributors from the 7.50.1 release
         4039  +
         4040  +- RELEASE-NOTES: 7.50.1
         4041  +
         4042  +- TLS: only reuse connections with the same client cert
         4043  +  
         4044  +  CVE-2016-5420
         4045  +  Bug: https://curl.haxx.se/docs/adv_20160803B.html
         4046  +
         4047  +- TLS: switch off SSL session id when client cert is used
         4048  +  
         4049  +  CVE-2016-5419
         4050  +  Bug: https://curl.haxx.se/docs/adv_20160803A.html
         4051  +  Reported-by: Bru Rom
         4052  +  Contributions-by: Eric Rescorla and Ray Satiro
         4053  +
         4054  +- curl_multi_cleanup: clear connection pointer for easy handles
         4055  +  
         4056  +  CVE-2016-5421
         4057  +  Bug: https://curl.haxx.se/docs/adv_20160803C.html
         4058  +  Reported-by: Marcelo Echeverria and Fernando Muñoz
         4059  +
         4060  +- KNOWN_BUGS: SOCKS proxy not working via IPv6
         4061  +  
         4062  +  Closes #835
         4063  +
         4064  +- KNOWN_BUGS: CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM
         4065  +  
         4066  +  Closes #768
         4067  +
         4068  +- KNOWN_BUGS: transfer-encoding: chunked in HTTP/2
         4069  +  
         4070  +  Closes #662
         4071  +
         4072  +- TODO: Provide cmake config-file
         4073  +  
         4074  +  Closes #885
         4075  +
         4076  +Patrick Monnerat (2 Aug 2016)
         4077  +- os400: define BUILDING_LIBCURL in make script.
         4078  +
         4079  +Daniel Stenberg (1 Aug 2016)
         4080  +- RELEASE-NOTES: synced with aa9f536a18b
         4081  +
         4082  +Jay Satiro (1 Aug 2016)
         4083  +- [Thomas Glanzmann brought this change]
         4084  +
         4085  +  mbedtls: Fix debug function name
         4086  +  
         4087  +  This patch is necessary so that curl compiles if MBEDTLS_DEBUG is
         4088  +  defined.
         4089  +  
         4090  +  Bug: https://curl.haxx.se/mail/lib-2016-08/0001.html
         4091  +
         4092  +Daniel Stenberg (1 Aug 2016)
         4093  +- [Sergei Nikulov brought this change]
         4094  +
         4095  +  travis: fix OSX build by re-installing libtool
         4096  +  
         4097  +  Apparently due to a broken homebrew install
         4098  +  
         4099  +  fixes #934
         4100  +  Closes #939
         4101  +
         4102  +- [Martin Vejnár brought this change]
         4103  +
         4104  +  win32: fix a potential memory leak in Curl_load_library
         4105  +  
         4106  +  If a call to GetSystemDirectory fails, the `path` pointer that was
         4107  +  previously allocated would be leaked. This makes sure that `path` is
         4108  +  always freed.
         4109  +  
         4110  +  Closes #938
         4111  +
         4112  +- include: revert 9adf3c4 and make public types void * again
         4113  +  
         4114  +  Many applications assume the actual contents of the public types and use
         4115  +  that do for example forward declarations (saving them from including our
         4116  +  public header) which then breaks when we switch from void * to a struct
         4117  +  *.
         4118  +  
         4119  +  I'm not convinced we were wrong, but since this practise seems
         4120  +  widespread enough I'm willing to (partly) step down.
         4121  +  
         4122  +  Now libcurl uses the struct itself when it is built and it allows
         4123  +  applications to use the struct type if CURL_STRICTER is defined at the
         4124  +  time of the #include.
         4125  +  
         4126  +  Reported-by: Peter Frühberger
         4127  +  Fixes #926
         4128  +
         4129  +Jay Satiro (28 Jul 2016)
         4130  +- [Yonggang Luo brought this change]
         4131  +
         4132  +  cmake: Fix for schannel support
         4133  +  
         4134  +  The check_library_exists_concat do not check crypt32 library properly.
         4135  +  So include it directly.
         4136  +  
         4137  +  Bug: https://github.com/curl/curl/pull/917
         4138  +  Reported-by: Yonggang Luo
         4139  +  
         4140  +  Bug: https://github.com/curl/curl/issues/935
         4141  +  Reported-by: Alain Danteny
         4142  +
         4143  +- Revert "travis: Install libtool for OS X builds"
         4144  +  
         4145  +  Didn't work.
         4146  +  
         4147  +  This reverts commit 50723585ed380744358de054e2a55dccee65dfd7.
         4148  +
         4149  +- travis: Install libtool for OS X builds
         4150  +  
         4151  +  CI is failing due to missing libtoolize, so I'm trying this.
         4152  +
         4153  +Daniel Stenberg (26 Jul 2016)
         4154  +- [Viktor Szakats brought this change]
         4155  +
         4156  +  TODO: minor typo in last commit
         4157  +  
         4158  +  merged #931
         4159  +
         4160  +- TODO: Timeout idle connections from the pool
         4161  +
         4162  +Patrick Monnerat (25 Jul 2016)
         4163  +- os400: minimum supported OS version: V6R1M0.
         4164  +  Do not log compilation informational messages.
         4165  +
         4166  +Jay Satiro (24 Jul 2016)
         4167  +- tests: Fix for http/2 feature
         4168  +  
         4169  +  Bug: https://curl.haxx.se/mail/lib-2016-07/0070.html
         4170  +  Reported-by: Paul Howarth
         4171  +
         4172  +Steve Holme (23 Jul 2016)
         4173  +- README: Mention wolfSSL in the 'Dependencies' section
         4174  +
         4175  +- vauth.h: No need to query HAVE_GSSAPI || USE_WINDOWS_SSPI for SPNEGO
         4176  +  
         4177  +  As SPNEGO is only defined when these pre-processor variables are defined
         4178  +  there is no need to query them explicitly.
         4179  +
         4180  +- spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
         4181  +  
         4182  +  Typo introduced in commit ad5e9bfd5d.
         4183  +
         4184  +Daniel Stenberg (22 Jul 2016)
         4185  +- SECURITY: mention how to get windows-specific CVEs
         4186  +  
         4187  +  ... and make the distros link a proper link
         4188  +
         4189  +Dan Fandrich (21 Jul 2016)
         4190  +- test558: fix test by stripping file paths from FD lines
         4191  +
         4192  +Kamil Dudka (21 Jul 2016)
         4193  +- tests: distribute the http2-server.pl script, too
         4194  +
         4195  +- docs: distribute the CURLINFO_HTTP_VERSION(3) man page, too
         4196  +
         4197  +Daniel Stenberg (21 Jul 2016)
         4198  +- bump: start working on 7.50.1
         4199  +
         4200  +Version 7.50.0 (21 Jul 2016)
         4201  +
         4202  +Daniel Stenberg (21 Jul 2016)
         4203  +- RELEASE-NOTES: version 7.50.0 ready
         4204  +
         4205  +- THANKS: 13 new contributors from the 7.50.0 release
         4206  +
         4207  +Jay Satiro (21 Jul 2016)
         4208  +- winbuild: fix embedded manifest option
         4209  +  
         4210  +  Embedded manifest option didn't work due to typo.
         4211  +  
         4212  +  Reported-by: Stefan Kanthak
         4213  +
         4214  +- vauth: Fix memleak by freeing credentials if out of memory
         4215  +  
         4216  +  This is a follow up to the parent commit dcdd4be which fixes one leak
         4217  +  but creates another by failing to free the credentials handle if out of
         4218  +  memory. Also there's a second location a few lines down where we fail to
         4219  +  do same. This commit fixes both of those issues.
         4220  +
         4221  +Daniel Stenberg (20 Jul 2016)
         4222  +- [Saurav Babu brought this change]
         4223  +
         4224  +  vauth: Fixed memory leak due to function returning without free
         4225  +  
         4226  +  This patch allocates memory to "output_token" only when it is required
         4227  +  so that memory is not leaked if function returns.
         4228  +
         4229  +- test558: updated after ipv6-check move
         4230  +  
         4231  +  Follow-up commit to c50980807c5 to make this test pass.
         4232  +
         4233  +Jay Satiro (20 Jul 2016)
         4234  +- connect: disable TFO on Linux when using SSL
         4235  +  
         4236  +  - Linux TFO + TLS is not implemented yet.
         4237  +  
         4238  +  Bug: https://github.com/curl/curl/issues/907
         4239  +
         4240  +Daniel Stenberg (19 Jul 2016)
         4241  +- ROADMAP: QUIC and TLS 1.3
         4242  +
         4243  +- RELEASE-NOTES: synced with c50980807c5
         4244  +
         4245  +Jay Satiro (18 Jul 2016)
         4246  +- [Brian Prodoehl brought this change]
         4247  +
         4248  +  curl_global_init: Check if IPv6 works
         4249  +  
         4250  +  - Curl_ipv6works() is not thread-safe until after the first call, so
         4251  +  call it once during global init to avoid a possible race condition.
         4252  +  
         4253  +  Bug: https://github.com/curl/curl/issues/915
         4254  +  PR: https://github.com/curl/curl/pull/918
         4255  +
         4256  +- [Timothy Polich brought this change]
         4257  +
         4258  +  CURLMOPT_SOCKETFUNCTION.3: fix typo
         4259  +  
         4260  +  Closes https://github.com/curl/curl/pull/914
         4261  +
         4262  +- [Miroslav Franc brought this change]
         4263  +
         4264  +  library: Fix memory leaks found during static analysis
         4265  +  
         4266  +  Closes https://github.com/curl/curl/pull/913
         4267  +
         4268  +- [Viktor Szakats brought this change]
         4269  +
         4270  +  cookie.c: Fix misleading indentation
         4271  +  
         4272  +  Closes https://github.com/curl/curl/pull/911
         4273  +
         4274  +- FAQ: Update FTP directory listing section for MLSD command
         4275  +  
         4276  +  Explain how some FTP servers support the machine readable listing
         4277  +  format MLSD from RFC 3659 and compare it to LIST.
         4278  +  
         4279  +  Ref: https://github.com/curl/curl/issues/906
         4280  +
         4281  +Daniel Stenberg (1 Jul 2016)
         4282  +- [Sergei Nikulov brought this change]
         4283  +
         4284  +  Appveyor: Updates for options - CURL_STATICLIB/BUILD_TESTING
         4285  +  
         4286  +  Closes #892
         4287  +
         4288  +- TODO: 17.4 also brings more HTTP/2 support
         4289  +
         4290  +- TODO: try next proxy if one doesn't work
         4291  +  
         4292  +  Closes #896
         4293  +
         4294  +- conn: don't free easy handle data in handler->disconnect
         4295  +  
         4296  +  Reported-by: Gou Lingfeng
         4297  +  Bug: https://curl.haxx.se/mail/lib-2016-06/0139.html
         4298  +
         4299  +- test1244: test different proxy ports same URL
         4300  +
         4301  +- curl_global_init.3: improved formatting of the flags
         4302  +
         4303  +- curl_global_init.3: expand on the SSL and WIN32 bits purpose
         4304  +  
         4305  +  Reported-by: Richard Gray
         4306  +  Bug: https://curl.haxx.se/mail/lib-2016-06/0136.html
         4307  +
         4308  +- [Michael Kaufmann brought this change]
         4309  +
         4310  +  cleanup: minor code cleanup in Curl_http_readwrite_headers()
         4311  +  
         4312  +  - the expression of an 'if' was always true
         4313  +  - a 'while' contained a condition that was always true
         4314  +  - use 'if(k->exp100 > EXP100_SEND_DATA)' instead of 'if(k->exp100)'
         4315  +  - fixed a typo
         4316  +  
         4317  +  Closes #889
         4318  +
         4319  +- SFTP: set a generic error when no SFTP one exists...
         4320  +  
         4321  +  ... as otherwise we could get a 0 which would count as no error and we'd
         4322  +  wrongly continue and could end up segfaulting.
         4323  +  
         4324  +  Bug: https://curl.haxx.se/mail/lib-2016-06/0052.html
         4325  +  Reported-by: 暖和的和暖
         4326  +
         4327  +- ROADMAP: http2 tests are merged, mention http2 perf
         4328  +
         4329  +- docs/README.md: to render nicer pages on github
         4330  +  
         4331  +  ... as previously the README.cmake would be picked and put at the bottom
         4332  +  of the docs page there and it wasn't very representative!
         4333  +
         4334  +- README.md: change host name for the svg logo
         4335  +  
         4336  +  rawgit.com asks to use the domain cdn.rawgit.com for production
         4337  +  
         4338  +  See #900
         4339  +
         4340  +- [Viktor Szakats brought this change]
         4341  +
         4342  +  README.md: use the SVG logo
         4343  +
         4344  +- README.md: logo on top!
         4345  +
         4346  +- KNOWN_BUGS: 3.4 POP3 expects "CRLF.CRLF" eob for some
         4347  +  
         4348  +  Closes #740
         4349  +
         4350  +- RELEASE-NOTES: synced with d61c80515aa8
         4351  +
         4352  +- [Michael Osipov brought this change]
         4353  +
         4354  +  acinclude.m4: improve autodetection of CA bundle on FreeBSD
         4355  +  
         4356  +  The FreeBSD Port security/ca_root_nss installs the Mozilla NSS CA bundle
         4357  +  to /usr/local/share/certs/ca-root-nss.crt. Use this bundle in the
         4358  +  discovery process.
         4359  +  
         4360  +  This change also removes the former FreeBSD path that has been obsolete
         4361  +  for 8 years since this FreeBSD ports commit:
         4362  +  https://svnweb.freebsd.org/ports/head/security/?view=revision&revision=215953
         4363  +  
         4364  +  Closes #894
         4365  +
         4366  +- configure: don't specify .lib for libs on windows
         4367  +  
         4368  +  Another follow up for crypt32.lib linking with winssl
         4369  +
         4370  +- configure: fix winssl LIBS change typo
         4371  +  
         4372  +  follow-up from 120bf29e
         4373  +
         4374  +- TODO: "TCP Fast Open" is done, add monitor pool connections
         4375  +
         4376  +- configure: add crypt32.lib for winssl builds
         4377  +  
         4378  +  Necessary since 6cabd78531f
         4379  +
         4380  +- Makefile.vc: link with crypt32.lib for winssl builds
         4381  +  
         4382  +  Necessary since 6cabd78531f
         4383  +  
         4384  +  Fixes #853
         4385  +
         4386  +- [Joel Depooter brought this change]
         4387  +
         4388  +  VC: Add crypt32.lib to Visual Sudio project template files
         4389  +  
         4390  +  Closes #854
         4391  +
         4392  +- vc: fix the build for schannel certinfo support
         4393  +  
         4394  +  Broken since 6cabd785, which adds use of the Curl_extract_certinfo
         4395  +  function from the x509asn1.c file.
         4396  +
         4397  +- typedefs: use the full structs in internal code...
         4398  +  
         4399  +  ... and save the typedef'ed names for headers and external APIs.
         4400  +
         4401  +- internals: rename the SessionHandle struct to Curl_easy
         4402  +
         4403  +- headers: forward declare CURL, CURLM and CURLSH as structs
         4404  +  
         4405  +  Instead of typedef'ing to void, typedef to their corresponding actual
         4406  +  struct names to allow compilers to type-check.
         4407  +  
         4408  +  Assisted-by: Reinhard Max
         4409  +
         4410  +Jay Satiro (22 Jun 2016)
         4411  +- vtls: Only call add/getsession if session id is enabled
         4412  +  
         4413  +  Prior to this change we called Curl_ssl_getsessionid and
         4414  +  Curl_ssl_addsessionid regardless of whether session ID reusing was
         4415  +  enabled. According to comments that is in case session ID reuse was
         4416  +  disabled but then later enabled.
         4417  +  
         4418  +  The old way was not intuitive and probably not something users expected.
         4419  +  When a user disables session ID caching I'd guess they don't expect the
         4420  +  session ID to be cached anyway in case the caching is later enabled.
         4421  +
         4422  +Daniel Stenberg (22 Jun 2016)
         4423  +- curl.1: the used progress meter suffix is k in lower case
         4424  +  
         4425  +  Closes #883
         4426  +
         4427  +- [Sergei Nikulov brought this change]
         4428  +
         4429  +  cmake: now using BUILD_TESTING=ON/OFF
         4430  +  
         4431  +  CMake build now using BUILD_TESTING=ON/OFF (default is OFF) to build
         4432  +  tests and enabling CTest integration. Options BUILD_CURL_TESTS and
         4433  +  BUILD_DASHBOARD_REPORTS was removed.
         4434  +  
         4435  +  Closes #882
         4436  +  
         4437  +  Reviewed-by: Brad King
         4438  +
         4439  +- [Michael Kaufmann brought this change]
         4440  +
         4441  +  cleanup: fix method names in code comments
         4442  +  
         4443  +  Closes #887
         4444  +
         4445  +Kamil Dudka (21 Jun 2016)
         4446  +- curl-compilers.m4: improve detection of GCC's -fvisibility= flag
         4447  +  
         4448  +  Some builds of GCC produce output on both stdout and stderr when --help
         4449  +  --verbose is used.  The 2>&1 redirection caused them to be arbitrarily
         4450  +  interleaved with each other because of stream buffering.  Consequently,
         4451  +  grep failed to match the fvisibility= string in the mixed output, even
         4452  +  though the string was present in GCC's standard output.
         4453  +  
         4454  +  This led to silently disabling symbol hiding in some builds of curl.
         4455  +
         4456  +Daniel Stenberg (19 Jun 2016)
         4457  +- tests: fix the HTTP/2 tests
         4458  +  
         4459  +  The HTTP/2 tests brought with commit bf05606ef1f were using the internal
         4460  +  name 'http2' for the HTTP/2 server, while in fact that name was already
         4461  +  used for the second instance of the HTTP server. This made tests using
         4462  +  the second instance (like test 2050) fail after a HTTP/2 test had run.
         4463  +  
         4464  +  The server is now known as HTTP/2 internally and within the <server>
         4465  +  section in test cases. 1700, 1701 and 1702 were updated accordingly.
         4466  +
         4467  +- openssl: use more 'const' to fix build warnings with 1.1.0 branch
         4468  +
         4469  +- curl.1: missed 'T' in the progress unit suffixes
         4470  +
         4471  +- curl.1: mention the unix for the progress meter
         4472  +
         4473  +Patrick Monnerat (16 Jun 2016)
         4474  +- os400: add new definitions to ILE/RPG binding.
         4475  +
         4476  +Daniel Stenberg (16 Jun 2016)
         4477  +- openssl: fix cert check with non-DNS name fields present
         4478  +  
         4479  +  Regression introduced in 5f5b62635 (released in 7.48.0)
         4480  +  
         4481  +  Reported-by: Fabian Ruff
         4482  +  Fixes #875
         4483  +
         4484  +Dan Fandrich (16 Jun 2016)
         4485  +- axtls: Use Curl_wait_ms instead of the less-portable usleep
         4486  +
         4487  +- axtls: Fixed compile after compile 31c521b0
         4488  +
         4489  +- tests: Added HTTP proxy keywords to tests 1141 & 1142
         4490  +
         4491  +Jay Satiro (15 Jun 2016)
         4492  +- [Sergei Nikulov brought this change]
         4493  +
         4494  +  cmake: Fix build with winldap
         4495  +  
         4496  +  Bug: https://github.com/curl/curl/pull/874
         4497  +  Reported-by: Sergei Nikulov
         4498  +
         4499  +- CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
         4500  +  
         4501  +  When CURLOPT_POSTFIELDS is set to an empty string libcurl will send a
         4502  +  zero-byte POST. Prior to this change it was documented as sending data
         4503  +  from the read callback.
         4504  +  
         4505  +  This also changes the wording of what happens when empty or NULL so that
         4506  +  it's hopefully easier to understand for people whose primary language
         4507  +  isn't English.
         4508  +  
         4509  +  Bug: https://github.com/curl/curl/issues/862
         4510  +  Reported-by: Askar Safin
         4511  +
         4512  +- [Michael Wallner brought this change]
         4513  +
         4514  +  curl_multi_socket_action.3: Fix rewording
         4515  +  
         4516  +  - Remove some erroneous text.
         4517  +  
         4518  +  Closes https://github.com/curl/curl/pull/865
         4519  +
         4520  +- [Luo Jinghua brought this change]
         4521  +
         4522  +  resolve: enable protocol family logic for synthesized IPv6
         4523  +  
         4524  +  - Enable protocol family logic for IPv6 resolves even when support
         4525  +  for synthesized addresses is enabled.
         4526  +  
         4527  +  This is a follow up to the parent commit that added support for
         4528  +  synthesized IPv6 addresses from IPv4 on iOS/OS X. The protocol family
         4529  +  logic needed for IPv6 was inadvertently excluded if support for
         4530  +  synthesized addresses was enabled.
         4531  +  
         4532  +  Bug: https://github.com/curl/curl/issues/863
         4533  +  Ref: https://github.com/curl/curl/pull/866
         4534  +  Ref: https://github.com/curl/curl/pull/867
         4535  +
         4536  +Daniel Stenberg (7 Jun 2016)
         4537  +- [Luo Jinghua brought this change]
         4538  +
         4539  +  resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
         4540  +  
         4541  +  Use getaddrinfo() to resolve the IPv4 address literal on iOS/Mac OS X.
         4542  +  If the current network interface doesn’t support IPv4, but supports
         4543  +  IPv6, NAT64, and DNS64.
         4544  +  
         4545  +  Closes #866
         4546  +  Fixes #863
         4547  +
         4548  +- tests: two more HTTP/2 tests
         4549  +  
         4550  +  1701 and 1702
         4551  +
         4552  +- runtests: don't display logs when http2 server fails to start
         4553  +
         4554  +- runtests: make stripfile work on stdout as well
         4555  +  
         4556  +  ... and have test 1700 use that to strip out the nghttpx server: headers
         4557  +
         4558  +- http2-tests: test1700 is the first real HTTP/2 test
         4559  +  
         4560  +  It requires that 'nghttpx' is in the PATH, and it will run the tests
         4561  +  using nghttpx as a front-end proxy in front of the standard HTTP/1 test
         4562  +  server. This uses HTTP/2 over plain TCP.
         4563  +  
         4564  +  If you like me have nghttpx installed in a custom path, you can run test 1700
         4565  +  like this:
         4566  +  
         4567  +  $ PATH=$PATH:$HOME/build-nghttp2/bin/ ./runtests.pl 1700
         4568  +
         4569  +- RELEASE-NOTES: synced with 34855feeb4c299
         4570  +
         4571  +Steve Holme (6 Jun 2016)
         4572  +- schannel: Disable ALPN on Windows < 8.1
         4573  +  
         4574  +  Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL
         4575  +  fails on Windows < 8.1 so we need to disable ALPN on these OS versions.
         4576  +  
         4577  +  Inspiration provide by: Daniel Seither
         4578  +  
         4579  +  Closes #848
         4580  +  Fixes #840
         4581  +
         4582  +Jay Satiro (5 Jun 2016)
         4583  +- checksrc: Add LoadLibrary to the banned functions list
         4584  +  
         4585  +  LoadLibrary was supplanted by Curl_load_library for security
         4586  +  reasons in 6df916d.
         4587  +
         4588  +- http: Fix HTTP/2 connection reuse
         4589  +  
         4590  +  - Change the parser to not require a minor version for HTTP/2.
         4591  +  
         4592  +  HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2
         4593  +  in 8243a95 because the parser still expected a minor version.
         4594  +  
         4595  +  Bug: https://github.com/curl/curl/issues/855
         4596  +  Reported-by: Andrew Robbins, Frank Gevaerts
         4597  +
         4598  +Steve Holme (4 Jun 2016)
         4599  +- connect.c: Fixed compilation warning from commit 332e8d6164
         4600  +  
         4601  +  connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else'
         4602  +
         4603  +- win32: Used centralised verify windows version function
         4604  +  
         4605  +  Closes #845
         4606  +
         4607  +- win32: Added verify windows version functionality
         4608  +
         4609  +- win32: Introduced centralised verify windows version function
         4610  +
         4611  +Kamil Dudka (3 Jun 2016)
         4612  +- tool_urlglob: fix off-by-one error in glob_parse()
         4613  +  
         4614  +  ... causing SIGSEGV while parsing URL with too many globs.
         4615  +  Minimal example:
         4616  +  
         4617  +  $ curl $(for i in $(seq 101); do printf '{a}'; done)
         4618  +  
         4619  +  Reported-by: Romain Coltel
         4620  +  Bug: https://bugzilla.redhat.com/1340757
         4621  +
         4622  +Daniel Stenberg (1 Jun 2016)
         4623  +- [Benjamin Kircher brought this change]
         4624  +
         4625  +  libcurl-multi.3: fix small typo
         4626  +  
         4627  +  Closes #850
         4628  +
         4629  +- [Viktor Szakats brought this change]
         4630  +
         4631  +  makefile.m32: add crypt32 for winssl builds
         4632  +  
         4633  +  Dependency added by 6cabd78
         4634  +  
         4635  +  Closes #849
         4636  +
         4637  +- [Ivan Avdeev brought this change]
         4638  +
         4639  +  vtls: fix ssl session cache race condition
         4640  +  
         4641  +  Sessionid cache management is inseparable from managing individual
         4642  +  session lifetimes. E.g. for reference-counted sessions (like those in
         4643  +  SChannel and OpenSSL engines) every session addition and removal
         4644  +  should be accompanied with refcount increment and decrement
         4645  +  respectively. Failing to do so synchronously leads to a race condition
         4646  +  that causes symptoms like use-after-free and memory corruption.
         4647  +  This commit:
         4648  +   - makes existing session cache locking explicit, thus allowing
         4649  +     individual engines to manage lock's scope.
         4650  +   - fixes OpenSSL and SChannel engines by putting refcount management
         4651  +     inside this lock's scope in relevant places.
         4652  +   - adds these explicit locking calls to other engines that use
         4653  +     sessionid cache to accommodate for this change. Note, however,
         4654  +     that it is unknown whether any of these engines could also have
         4655  +     this race.
         4656  +  
         4657  +  Bug: https://github.com/curl/curl/issues/815
         4658  +  Fixes #815
         4659  +  Closes #847
         4660  +
         4661  +- [Andrew Kurushin brought this change]
         4662  +
         4663  +  schannel: add CURLOPT_CERTINFO support
         4664  +  
         4665  +  Closes #822
         4666  +
         4667  +- RELEASE-NOTES: synced with 142ee9fa15002315
         4668  +
         4669  +- openssl: rename the private SSL_strerror
         4670  +  
         4671  +  ... to make it not look like an OpenSSL function
         4672  +
         4673  +- [Michael Kaufmann brought this change]
         4674  +
         4675  +  openssl: Use correct buffer sizes for error messages
         4676  +  
         4677  +  Closes #844
         4678  +
         4679  +- curl: fix -q [regression]
         4680  +  
         4681  +  This broke in 7.49.0 with commit e200034425a7625
         4682  +  
         4683  +  Fixes #842
         4684  +
         4685  +- URL parser: allow URLs to use one, two or three slashes
         4686  +  
         4687  +  Mostly in order to support broken web sites that redirect to broken URLs
         4688  +  that are accepted by browsers.
         4689  +  
         4690  +  Browsers are typically even more leniant than this as the WHATWG URL
         4691  +  spec they should allow an _infinite_ amount. I tested 8000 slashes with
         4692  +  Firefox and it just worked.
         4693  +  
         4694  +  Added test case 1141, 1142 and 1143 to verify the new parser.
         4695  +  
         4696  +  Closes #791
         4697  +
         4698  +- [Renaud Lehoux brought this change]
         4699  +
         4700  +  cmake: Added missing mbedTLS support
         4701  +  
         4702  +  Closes #837
         4703  +
         4704  +- [Renaud Lehoux brought this change]
         4705  +
         4706  +  mbedtls: removed unused variables
         4707  +  
         4708  +  Closes #838
         4709  +
         4710  +- [Frank Gevaerts brought this change]
         4711  +
         4712  +  http: add CURLINFO_HTTP_VERSION and %{http_version}
         4713  +  
         4714  +  Adds access to the effectively used http version to both libcurl and
         4715  +  curl.
         4716  +  
         4717  +  Closes #799
         4718  +
         4719  +- bump: start the journey toward 7.50.0
         4720  +
         4721  +- [Marcel Raad brought this change]
         4722  +
         4723  +  openssl: fix build with OPENSSL_NO_COMP
         4724  +  
         4725  +  With OPENSSL_NO_COMP defined, there is no function
         4726  +  SSL_COMP_free_compression_methods
         4727  +  
         4728  +  Closes #836
         4729  +
         4730  +- [Gisle Vanem brought this change]
         4731  +
         4732  +  memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC
         4733  +  
         4734  +  Fixes #828
         4735  +
         4736  +- [Jonathan brought this change]
         4737  +
         4738  +  README.md: polish
         4739  +  
         4740  +  Closes #834
         4741  +
         4742  +- RELEASE-NOTES: fix vuln link
         4743  +
         4744  +Version 7.49.1 (30 May 2016)
         4745  +
         4746  +Daniel Stenberg (30 May 2016)
         4747  +- RELEASE-NOTES: 7.49.1
         4748  +
         4749  +- [Steve Holme brought this change]
         4750  +
         4751  +  loadlibrary: Only load system DLLs from the system directory
         4752  +  
         4753  +  Inspiration provided by: Daniel Stenberg and Ray Satiro
         4754  +  
         4755  +  Bug: https://curl.haxx.se/docs/adv_20160530.html
         4756  +  
         4757  +  Ref: Windows DLL hijacking with curl, CVE-2016-4802
         4758  +
         4759  +- ssh: fix version number check typo
         4760  +
         4761  +Jay Satiro (29 May 2016)
         4762  +- curl_share_setopt.3: Add min ver needed for ssl session lock
         4763  +  
         4764  +  Bug: https://github.com/curl/curl/issues/826
         4765  +  Reported-by: Michael Wallner
         4766  +
         4767  +Daniel Stenberg (29 May 2016)
         4768  +- ssh: fix build for libssh2 before 1.2.6
         4769  +  
         4770  +  The statvfs functionality was added to libssh2 in that version, so we
         4771  +  switch off that functionality when built with older libraries.
         4772  +  
         4773  +  Fixes #831
         4774  +
         4775  +- mbedtls: fix includes so snprintf() works
         4776  +  
         4777  +  Regression from the previous *printf() rearrangements, this file missed to
         4778  +  include the correct header to make sure snprintf() works universally.
         4779  +  
         4780  +  Reported-by: Moti Avrahami
         4781  +  Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html
         4782  +
         4783  +Steve Holme (23 May 2016)
         4784  +- checksrc.pl: Added variants of strcat() & strncat() to banned function list
         4785  +  
         4786  +  Added support for checking the tchar, unicode and mbcs variants of
         4787  +  strcat() and strncat() in the banned function list.
         4788  +
         4789  +Daniel Stenberg (23 May 2016)
         4790  +- smtp: minor ident (white space) fixes
         4791  +
         4792  +- THANKS: updated after script fixes
         4793  +  
         4794  +  Now giving credit properly to github user names, fixed some UTF-8 issues
         4795  +  and added names discovered when contrithanks was improved.
         4796  +
         4797  +- THANKS-filter: more name cleanups
         4798  +
         4799  +- contrithanks.sh: exclude existing names case insensitively
         4800  +
         4801  +- contrithanks.sh: use same grep pattern and -a flag as contributors.sh
         4802  +
         4803  +- contributors.sh: better grep pattern, use grep -a
         4804  +
         4805  +- THANKS-filter: fix more names
         4806  +
         4807  +- contrithanks.sh: do the same github fix as contributors.sh
         4808  +  
         4809  +  from 1577bfa35ba
         4810  +
         4811  +Jay Satiro (23 May 2016)
         4812  +- contributors: Show GitHub username if real name unknown
         4813  +  
         4814  +  Prior to this change if a GitHub contributor's real name was unknown
         4815  +  they would be omitted from the list.
         4816  +  
         4817  +  Bug: https://github.com/curl/curl/issues/824
         4818  +
         4819  +Daniel Stenberg (21 May 2016)
         4820  +- RELEASE-NOTES: synced with 3caaeffbe8ded4
         4821  +
         4822  +Jay Satiro (20 May 2016)
         4823  +- openssl: cleanup must free compression methods
         4824  +  
         4825  +  - Free compression methods if OpenSSL 1.0.2 to avoid a memory leak.
         4826  +  
         4827  +  Bug: https://github.com/curl/curl/issues/817
         4828  +  Reported-by: jveazey@users.noreply.github.com
         4829  +
         4830  +Daniel Stenberg (20 May 2016)
         4831  +- [Gisle Vanem brought this change]
         4832  +
         4833  +  curl_multibyte: fix compiler error
         4834  +  
         4835  +  While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was
         4836  +  getting:
         4837  +  
         4838  +  f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '('
         4839  +  to follow 'CURL_EXTERN'
         4840  +  
         4841  +  f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085:
         4842  +  'curl_domalloc': not in formal parameter list
         4843  +
         4844  +- THANKS-filter: make Jan-E get proper credit
         4845  +
         4846  +- [Jan-E brought this change]
         4847  +
         4848  +  winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity
         4849  +  
         4850  +  Closes #818
         4851  +
         4852  +- [Alexander Traud brought this change]
         4853  +
         4854  +  libcurl.m4: Avoid obsolete warning
         4855  +  
         4856  +  Closes #821
         4857  +
         4858  +Jay Satiro (20 May 2016)
         4859  +- [Michael Kaufmann brought this change]
         4860  +
         4861  +  CURLOPT_CONNECT_TO.3: user must not free the list prematurely
         4862  +  
         4863  +  The connect-to list isn't copied so as long as the handle may be used
         4864  +  for a transfer the list must be valid.
         4865  +  
         4866  +  Bug: https://github.com/curl/curl/pull/819
         4867  +  Reported-by: Michael Kaufmann
         4868  +
         4869  +Daniel Stenberg (19 May 2016)
         4870  +- RELEASE-NOTES: synced with 48114a8634242c
         4871  +
         4872  +- openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0
         4873  +  
         4874  +  See OpenSSL commit 21e001747d4a
         4875  +
         4876  +- http2: use HTTP/2 in the HTTP/1.1-alike header
         4877  +  
         4878  +  ... when generating them, not "2.0" as the protocol is called just
         4879  +  HTTP/2 and nothing else.
         4880  +
         4881  +Jay Satiro (19 May 2016)
         4882  +- dist: include curl_multi_socket_all.3
         4883  +  
         4884  +  Closes https://github.com/curl/curl/pull/816
         4885  +
         4886  +Steve Holme (18 May 2016)
         4887  +- bump: Start work on 7.49.1
         4888  +
         4889  +Daniel Stenberg (18 May 2016)
         4890  +- curlbuild.h.dist: check __LP64__ as well to fix MIPS build
         4891  +  
         4892  +  The preprocessor check that sets up the 32bit defines for non-configure
         4893  +  builds didn't work properly for MIPS systems as __mips__ is defined for
         4894  +  both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit.
         4895  +  
         4896  +  Reported-by: Tomas Jakobsson
         4897  +  Fixes #813
         4898  +
         4899  +- [Marcel Raad brought this change]
         4900  +
         4901  +  schannel: fix compile break with MSVC XP toolset
         4902  +  
         4903  +  For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK
         4904  +  7.1 is used. In this case, _USING_V110_SDK71_ is defined.
         4905  +  
         4906  +  Closes #812
         4907  +
         4908  +- dist: include CHECKSRC.md
         4909  +  
         4910  +  Reported-by: Paul Howarth
         4911  +  Bug: https://curl.haxx.se/mail/lib-2016-05/0116.html
         4912  +
         4913  +- test/Makefile.am: include manpage-scan.pl and nroff-scan.pl in dist
         4914  +  
         4915  +  Reported-by: Ray Satiro
         4916  +  Bug: https://curl.haxx.se/mail/lib-2016-05/0113.html
         4917  +
         4918  +Version 7.49.0 (17 May 2016)
         4919  +
         4920  +Daniel Stenberg (17 May 2016)
         4921  +- THANKS: 24 new names from 7.49.0 release notes
         4922  +
         4923  +- RELEASE-NOTES: 7.49.0
         4924  +
         4925  +- mbedtls/polarssl: set "hostname" unconditionally
         4926  +  
         4927  +  ...as otherwise the TLS libs will skip the CN/SAN check and just allow
         4928  +  connection to any server. curl previously skipped this function when SNI
         4929  +  wasn't used or when connecting to an IP address specified host.
         4930  +  
         4931  +  CVE-2016-3739
         4932  +  
         4933  +  Bug: https://curl.haxx.se/docs/adv_20160518A.html
         4934  +  Reported-by: Moti Avrahami
         4935  +
         4936  +- [Frank Gevaerts brought this change]
         4937  +
         4938  +  CURLOPT_RESOLVE.3: fix typo
         4939  +  
         4940  +  Closes #811
         4941  +
         4942  +- docs: CURLOPT_RESOLVE overrides CURLOPT_IPRESOLVE
         4943  +
         4944  +- KNOWN_BUGS: GnuTLS backend skips really long certificate fields
         4945  +  
         4946  +  Closes #762
         4947  +
         4948  +- CURLOPT_HTTPPOST.3: the data needs to be around while in use
         4949  +
         4950  +- openssl: get_cert_chain: fix NULL dereference
         4951  +  
         4952  +  CID 1361815: Explicit null dereferenced (FORWARD_NULL)
         4953  +
         4954  +- openssl: get_cert_chain: avoid NULL dereference
         4955  +  
         4956  +  CID 1361811: Explicit null dereferenced (FORWARD_NULL)
         4957  +
         4958  +- dprintf_formatf: fix (false?) Coverity warning
         4959  +  
         4960  +  CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when
         4961  +  we run over 'workend' but the condition says <= workend and for all I
         4962  +  can see it should be safe. Compensating for the warning by adding a byte
         4963  +  margin in the buffer.
         4964  +  
         4965  +  Also, removed the extra brace level indentation in the code and made it
         4966  +  so that 'workend' is only assigned once within the function.
         4967  +
         4968  +- RELEASE-NOTES: synced with 2dcb5adc72d6
         4969  +
         4970  +- THANKS-filter: fixed Jonathan Cardoso
         4971  +
         4972  +Jay Satiro (15 May 2016)
         4973  +- ftp: fix incorrect out-of-memory code in Curl_pretransfer
         4974  +  
         4975  +  - Return value type must match function type.
         4976  +  
         4977  +  s/CURLM_OUT_OF_MEMORY/CURLE_OUT_OF_MEMORY/
         4978  +  
         4979  +  Caught by Travis CI
         4980  +
         4981  +Daniel Stenberg (15 May 2016)
         4982  +- ftp wildcard: segfault due to init only in multi_perform
         4983  +  
         4984  +  The proper FTP wildcard init is now more properly done in Curl_pretransfer()
         4985  +  and the corresponding cleanup in Curl_close().
         4986  +  
         4987  +  The previous place of init/cleanup code made the internal pointer to be NULL
         4988  +  when this feature was used with the multi_socket() API, as it was made within
         4989  +  the curl_multi_perform() function.
         4990  +  
         4991  +  Reported-by: Jonathan Cardoso Machado
         4992  +  Fixes #800
         4993  +
         4994  +Jay Satiro (13 May 2016)
         4995  +- libcurl-tlibcurl-thread: Update OpenSSL links
         4996  +  
         4997  +  Because the old OpenSSL link now redirects to their master documentation
         4998  +  (currently 1.1.0), which does not document the required actions for
         4999  +  OpenSSL <= 1.0.2.
         5000  +
         5001  +Daniel Stenberg (13 May 2016)
         5002  +- [Viktor Szakats brought this change]
         5003  +
         5004  +  darwinssl.c: fix OS X codename typo in comment
         5005  +
         5006  +- RELEASE-NOTES: synced with 68701e51c1f7
         5007  +  
         5008  +  Added 8 bug fixes and 5 more contrbutors
         5009  +
         5010  +- [Jay Satiro brought this change]
         5011  +
         5012  +  mprintf: Fix processing of width and prec args
         5013  +  
         5014  +  Prior to this change a width arg could be erroneously output, and also
         5015  +  width and precision args could not be used together without crashing.
         5016  +  
         5017  +  "%0*d%s", 2, 9, "foo"
         5018  +  
         5019  +  Before: "092"
         5020  +  After: "09foo"
         5021  +  
         5022  +  "%*.*s", 5, 2, "foo"
         5023  +  
         5024  +  Before: crash
         5025  +  After: "   fo"
         5026  +  
         5027  +  Test 557 is updated to verify this and more
         5028  +
         5029  +- [Michael Kaufmann brought this change]
         5030  +
         5031  +  ConnectionExists: follow-up fix for proxy re-use
         5032  +  
         5033  +  Follow-up commit to 5823179
         5034  +  
         5035  +  Closes #648
         5036  +
         5037  +- [Per Malmberg brought this change]
         5038  +
         5039  +  darwinssl: fix certificate verification disable on OS X 10.8
         5040  +  
         5041  +  The new way of disabling certificate verification doesn't work on
         5042  +  Mountain Lion (OS X 10.8) so we need to use the old way in that version
         5043  +  too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2
         5044  +  and 10.11.
         5045  +  
         5046  +  Closes #802
         5047  +
         5048  +- [Cory Benfield brought this change]
         5049  +
         5050  +  http2: Add space between colon and header value
         5051  +  
         5052  +  curl's representation of HTTP/2 responses involves transforming the
         5053  +  response to a format that is similar to HTTP/1.1. Prior to this change,
         5054  +  curl would do this by separating header names and values with only a
         5055  +  colon, without introducing a space after the colon.
         5056  +  
         5057  +  While this is technically a valid way to represent a HTTP/1.1 header
         5058  +  block, it is much more common to see a space following the colon. This
         5059  +  change introduces that space, to ensure that incautious tools are safely
         5060  +  able to parse the header block.
         5061  +  
         5062  +  This also ensures that the difference between the HTTP/1.1 and HTTP/2
         5063  +  response layout is as minimal as possible.
         5064  +  
         5065  +  Bug: https://github.com/curl/curl/issues/797
         5066  +  
         5067  +  Closes #798
         5068  +  Fixes #797
         5069  +
         5070  +Kamil Dudka (12 May 2016)
         5071  +- openssl: fix compile-time warning in Curl_ossl_check_cxn()
         5072  +  
         5073  +  ... introduced in curl-7_48_0-293-g2968c83:
         5074  +  
         5075  +  Error: COMPILER_WARNING:
         5076  +  lib/vtls/openssl.c: scope_hint: In function ‘Curl_ossl_check_cxn’
         5077  +  lib/vtls/openssl.c:767:15: warning: conversion to ‘int’ from ‘ssize_t’
         5078  +  may alter its value [-Wconversion]
         5079  +
         5080  +Jay Satiro (11 May 2016)
         5081  +- openssl: stricter connection check function
         5082  +  
         5083  +  - In the case of recv error, limit returning 'connection still in place'
         5084  +  to EINPROGRESS, EAGAIN and EWOULDBLOCK.
         5085  +  
         5086  +  This is an improvement on the parent commit which changed the openssl
         5087  +  connection check to use recv MSG_PEEK instead of SSL_peek.
         5088  +  
         5089  +  Ref: https://github.com/curl/curl/commit/856baf5#comments
         5090  +
         5091  +Daniel Stenberg (11 May 2016)
         5092  +- [Anders Bakken brought this change]
         5093  +
         5094  +  TLS: SSL_peek is not a const operation
         5095  +  
         5096  +  Calling SSL_peek can cause bytes to be read from the raw socket which in
         5097  +  turn can upset the select machinery that determines whether there's data
         5098  +  available on the socket.
         5099  +  
         5100  +  Since Curl_ossl_check_cxn only tries to determine whether the socket is
         5101  +  alive and doesn't actually need to see the bytes SSL_peek seems like
         5102  +  the wrong function to call.
         5103  +  
         5104  +  We're able to occasionally reproduce a connect timeout due to this
         5105  +  bug. What happens is that Curl doesn't know to call SSL_connect again
         5106  +  after the peek happens since data is buffered in the SSL buffer and thus
         5107  +  select won't fire for this socket.
         5108  +  
         5109  +  Closes #795
         5110  +
         5111  +Jay Satiro (9 May 2016)
         5112  +- [Daniel Stenberg brought this change]
         5113  +
         5114  +  TLS: move the ALPN/NPN enable bits to the connection
         5115  +  
         5116  +  Only protocols that actually have a protocol registered for ALPN and NPN
         5117  +  should try to get that negotiated in the TLS handshake. That is only
         5118  +  HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN
         5119  +  would wrongly be used in all handshakes if libcurl was built with it
         5120  +  enabled.
         5121  +  
         5122  +  Reported-by: Jay Satiro
         5123  +  
         5124  +  Fixes #789
         5125  +
         5126  +Daniel Stenberg (8 May 2016)
         5127  +- libcurl-thread.3: openssl 1.1.0 is safe, and so is boringssl
         5128  +
         5129  +- [Antonio Larrosa brought this change]
         5130  +
         5131  +  connect: fix invalid "Network is unreachable" errors
         5132  +  
         5133  +  Sometimes, in systems with both ipv4 and ipv6 addresses but where the
         5134  +  network doesn't support ipv6, Curl_is_connected returns an error
         5135  +  (intermittently) even if the ipv4 socket connects successfully.
         5136  +  
         5137  +  This happens because there's a for-loop that iterates on the sockets but
         5138  +  the error variable is not resetted when the ipv4 is checked and is ok.
         5139  +  
         5140  +  This patch fixes this problem by setting error to 0 when checking the
         5141  +  second socket and not having a result yet.
         5142  +  
         5143  +  Fixes #794
         5144  +
         5145  +Jay Satiro (5 May 2016)
         5146  +- FAQ: refer to thread safety guidelines
         5147  +
         5148  +Daniel Stenberg (3 May 2016)
         5149  +- connections: non-HTTP proxies on different ports aren't reused either
         5150  +  
         5151  +  Reported-by: Oleg Pudeyev and fuchaoqun
         5152  +  
         5153  +  Fixes #648
         5154  +
         5155  +- http: make sure a blank header overrides accept_decoding
         5156  +  
         5157  +  Reported-by: rcanavan
         5158  +  Assisted-by: Isaac Boukris
         5159  +  Closes #785
         5160  +
         5161  +- CHECKSRC.md: clarified, explained the whitelist file
         5162  +
         5163  +- nroff-scan.pl: verify that references are made with \fI
         5164  +
         5165  +- docs: unified man page references to use \fI
         5166  +
         5167  +- TODO: 17.14 --fail without --location should treat 3xx as a failure
         5168  +  
         5169  +  Closes #727
         5170  +
         5171  +- RELEASE-NOTES: synced with 7987f5cb14d
         5172  +
         5173  +- [Isaac Boukris brought this change]
         5174  +
         5175  +  CURLOPT_ACCEPT_ENCODING.3: Follow-up clarification
         5176  +  
         5177  +  Mention possible content-length mismatch with sum of bytes reported
         5178  +  by write callbacks when auto decoding is enabled.
         5179  +  
         5180  +  See #785
         5181  +
         5182  +- test1140: run nroff-scan to verify man pages
         5183  +
         5184  +- nroff-scan.pl: verify the .BR references as well
         5185  +
         5186  +- CURLOPT_CONV_TO_NETWORK_FUNCTION.3: fix bad man page reference
         5187  +
         5188  +- CURLOPT_BUFFERSIZE.3: fix reference to CURLOPT_MAX_RECV_SPEED_LARGE
         5189  +
         5190  +- curl_easy_pause.3: fix man page reference
         5191  +
         5192  +Jay Satiro (1 May 2016)
         5193  +- tool_cb_hdr: Fix --remote-header-name with schemeless URL
         5194  +  
         5195  +  - Move the existing scheme check from tool_operate.
         5196  +  
         5197  +  In the case of --remote-header-name we want to parse Content-disposition
         5198  +  for a filename, but only if the scheme is http or https. A recent
         5199  +  adjustment 0dc4d8e was made to account for schemeless URLs however it's
         5200  +  not 100% accurate. To remedy that I've moved the scheme check to the
         5201  +  header callback, since at that point the library has already determined
         5202  +  the scheme.
         5203  +  
         5204  +  Bug: https://github.com/curl/curl/issues/760
         5205  +  Reported-by: Kai Noda
         5206  +
         5207  +Daniel Stenberg (1 May 2016)
         5208  +- tls: make setting pinnedkey option fail if not supported
         5209  +  
         5210  +  to make it obvious to users trying to use the feature with TLS backends
         5211  +  not supporting it.
         5212  +  
         5213  +  Discussed in #781
         5214  +  Reported-by: Travis Burtrum
         5215  +
         5216  +- nroff-scan.pl: verifies nroff pages
         5217  +  
         5218  +  ... not used by any test yet but can be used stand-alone.
         5219  +
         5220  +- opts: fix broken/bad references
         5221  +
         5222  +- [Michael Kaufmann brought this change]
         5223  +
         5224  +  docs: fix bugs in CURLOPT_HTTP_VERSION.3 and CURLOPT_PIPEWAIT.3
         5225  +  
         5226  +  Closes #786
         5227  +
         5228  +- CURLOPT_ACCEPT_ENCODING.3: clarified
         5229  +  
         5230  +  As discussed in #785
         5231  +
         5232  +- curl.1: --mail-rcpt can be used multiple times
         5233  +  
         5234  +  Reported-by: mgendre
         5235  +  Closes #784
         5236  +
         5237  +- [Karlson2k brought this change]
         5238  +
         5239  +  tests: Use 'pathhelp' for paths conversions in secureserver.pl
         5240  +  
         5241  +  Closes #675
         5242  +
         5243  +- [Karlson2k brought this change]
         5244  +
         5245  +  tests: Use 'pathhelp' for paths conversions in sshserver.pl
         5246  +
         5247  +- [Karlson2k brought this change]
         5248  +
         5249  +  tests: Use 'pathhelp' for current path in runtests.pl
         5250  +
         5251  +- [Karlson2k brought this change]
         5252  +
         5253  +  tests: pathhelp.pm to process paths on Msys/Cygwin
         5254  +
         5255  +- lib: include curl_printf.h as one of the last headers
         5256  +  
         5257  +  curl_printf.h defines printf to curl_mprintf, etc. This can cause
         5258  +  problems with external headers which may use
         5259  +  __attribute__((format(printf, ...))) markers etc.
         5260  +  
         5261  +  To avoid that they cause problems with system includes, we include
         5262  +  curl_printf.h after any system headers. That makes the three last
         5263  +  headers to always be, and we keep them in this order:
         5264  +  
         5265  +   curl_printf.h
         5266  +   curl_memory.h
         5267  +   memdebug.h
         5268  +  
         5269  +  None of them include system headers, they all do funny #defines.
         5270  +  
         5271  +  Reported-by: David Benjamin
         5272  +  
         5273  +  Fixes #743
         5274  +
         5275  +- memdebug.h: remove inclusion of other headers
         5276  +  
         5277  +  Mostly because they're not needed, because memdebug.h is always included
         5278  +  last of all headers so the others already included the correct ones.
         5279  +  
         5280  +  But also, starting now we don't want this to accidentally include any
         5281  +  system headers, as the header included _before_ this header may add
         5282  +  defines and other fun stuff that we won't want used in system includes.
         5283  +
         5284  +- [Jay Satiro brought this change]
         5285  +
         5286  +  curl -J: make it work even without http:// scheme on URL
         5287  +  
         5288  +  It does open up a miniscule risk that one of the other protocols that
         5289  +  libcurl could use would send back a Content-Disposition header and then
         5290  +  curl would act on it even if not HTTP.
         5291  +  
         5292  +  A future mitigation for this risk would be to allow the callback to ask
         5293  +  libcurl which protocol is being used.
         5294  +  
         5295  +  Verified with test 1312
         5296  +  
         5297  +  Closes #760
         5298  +
         5299  +- manpage-scan.pl: also verify the command line option docs
         5300  +  
         5301  +  This script now also scans src/tool_getparam.c, docs/curl.1 and
         5302  +  src/tool_help.c and will warn if any of them lists a command line option
         5303  +  not mentioned in one of the other places.
         5304  +
         5305  +- curl: show the long option version of -q in the -h list
         5306  +
         5307  +- curl: remove "--socks" as "--socks5" turned 8
         5308  +  
         5309  +  In commit 2e42b0a2524 (Jan 2008) we made the option "--socks" deprecated
         5310  +  and it has not been documented since. The more explicit socks options
         5311  +  (like --socks4 or --socks5) should be used.
         5312  +
         5313  +- curl.1: document the deprecated --ftp-ssl option
         5314  +
         5315  +- curl: remove --http-request
         5316  +  
         5317  +  It was mentioned as deprecated already in commit ae1912cb0d4 from
         5318  +  1999. It has not been documented in this millennium.
         5319  +
         5320  +- curl: mention --ntlm-wb in -h list
         5321  +
         5322  +- curl: -h output lacked --proxy-header
         5323  +
         5324  +- curl.1: document --ntlm-wb
         5325  +
         5326  +- curl.1: document the long format of -q: --disable
         5327  +
         5328  +- curl.1: mention the deprecated --krb4 option
         5329  +
         5330  +- curl.1: document --ftp-ssl-reqd
         5331  +  
         5332  +  Even if deprecated, document it so that people will find it as old
         5333  +  scripts may still use it.
         5334  +
         5335  +- curl: use --telnet-option as documented
         5336  +  
         5337  +  The code said "telnet-options" but no documentation ever said so. It
         5338  +  worked fine since the code is fine with a unique match of the first
         5339  +  part.
         5340  +
         5341  +- getparam: remove support for --ftpport
         5342  +  
         5343  +  It has been deprecated and undocumented since commit ad5ead8bed7 (Dec
         5344  +  2003). --ftp-port is the proper long option name.
         5345  +
         5346  +- curl: make --disable work as long form of -q
         5347  +  
         5348  +  To make the aliases list reflect reality.
         5349  +
         5350  +- aliases: remove trailing space from capath string
         5351  +
         5352  +- cmdline parse: only single letter options have single-letter strings
         5353  +  
         5354  +  ... moved around options so that parsing the code to find all
         5355  +  single-letter options easier.
         5356  +
         5357  +Jay Satiro (28 Apr 2016)
         5358  +- CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availability
         5359  +  
         5360  +  Bug: https://curl.haxx.se/mail/lib-2016-04/0126.html
         5361  +  Reported-by: Bru Rom
         5362  +
         5363  +Daniel Stenberg (28 Apr 2016)
         5364  +- curl_easy_getinfo.3: remove superfluous blank lines
         5365  +
         5366  +- test1139: verifies libcurl option man page presence
         5367  +  
         5368  +  - checks that each option has its own man page present
         5369  +  
         5370  +  - checks that each option is mentioned in its corresponding index man
         5371  +    page
         5372  +
         5373  +- curl_easy_getinfo.3: added missing mention of CURLINFO_TLS_SESSION
         5374  +  
         5375  +  ... although it is deprecated.
         5376  +
         5377  +Jay Satiro (28 Apr 2016)
         5378  +- mbedtls: Fix session resume
         5379  +  
         5380  +  This also fixes PolarSSL session resume.
         5381  +  
         5382  +  Prior to this change the TLS session information wasn't properly
         5383  +  saved and restored for PolarSSL and mbedTLS.
         5384  +  
         5385  +  Bug: https://curl.haxx.se/mail/lib-2016-01/0070.html
         5386  +  Reported-by: Thomas Glanzmann
         5387  +  
         5388  +  Bug: https://curl.haxx.se/mail/lib-2016-04/0095.html
         5389  +  Reported-by: Moti Avrahami
         5390  +
         5391  +Daniel Stenberg (27 Apr 2016)
         5392  +- RELEASE-NOTES: synced with f4298fcc6d2
         5393  +
         5394  +- [Michael Kaufmann brought this change]
         5395  +
         5396  +  opts: Fix some syntax errors in example code fragments
         5397  +  
         5398  +  Fixes #779
         5399  +
         5400  +- openssl: avoid BN_print a NULL bignum
         5401  +  
         5402  +  OpenSSL 1.1.0-pre seems to return NULL(?) for a whole lot of those
         5403  +  numbers so make sure the function handles this.
         5404  +  
         5405  +  Reported-by: Linus Nordberg
         5406  +
         5407  +- [Marcel Raad brought this change]
         5408  +
         5409  +  CONNECT_ONLY: don't close connection on GSS 401/407 reponses
         5410  +  
         5411  +  Previously, connections were closed immediately before the user had a
         5412  +  chance to extract the socket when the proxy required Negotiate
         5413  +  authentication.
         5414  +  
         5415  +  This regression was brought in with the security fix in commit
         5416  +  79b9d5f1a42578f
         5417  +  
         5418  +  Closes #655
         5419  +
         5420  +- CURLINFO_TLS_SESSION.3: clarify TLS library support before 7.48.0
         5421  +
         5422  +- mbedtls.c: silly spellfix of a comment
         5423  +
         5424  +- KNOWN_BUGS: 1.10 Strips trailing dot from host name
         5425  +  
         5426  +  Closes #716
         5427  +
         5428  +- test1322: verify stripping of trailing dot from host name
         5429  +  
         5430  +  While being debated (in #716) and a violation of RFC 7230 section 5.4,
         5431  +  this test verifies that the existing functionality works as intended. It
         5432  +  strips the dot from the host name and uses the host without dot
         5433  +  throughout the internals.
         5434  +
         5435  +- multi: accidentally used resolved host name instead of proxy
         5436  +  
         5437  +  Regression introduced in 09b5a998
         5438  +  
         5439  +  Bug: https://curl.haxx.se/mail/lib-2016-04/0084.html
         5440  +  Reported-by: BoBo
         5441  +
         5442  +- symbols-in-versions: added new CURLSSLBACKEND_ symbols
         5443  +
         5444  +- test148: fixed after the --ftp-create-dirs retry change
         5445  +  
         5446  +  follow-up commit to 3c1e84f569 as it made curl try a little harder
         5447  +
         5448  +- curl.h: clarify curl_sslbackend for openssl clones and renames
         5449  +
         5450  +- [Karlson2k brought this change]
         5451  +
         5452  +  url.c: fixed DEBUGASSERT() for WinSock workaround
         5453  +  
         5454  +  If buffer is allocated, but nothing is received during prereceive
         5455  +  stage, than number of processed bytes must be zero.
         5456  +  
         5457  +  Closes #778
         5458  +
         5459  +- KNOWN_BUGS: --interface for ipv6 binds to unusable IP address
         5460  +  
         5461  +  Closes #686 for now.
         5462  +
         5463  +- TODO: 1.17 Add support for IRIs
         5464  +  
         5465  +  Adding support for IRIs is a mouthful, but is probably interesting at
         5466  +  least for areas and countries where the use of such "URLs" are growing
         5467  +  popularity.
         5468  +  
         5469  +  Closes #776
         5470  +
         5471  +- THANKS-filter: Travis Burtrum
         5472  +
         5473  +- lib1517: checksrc compliance
         5474  +
         5475  +- [moparisthebest brought this change]
         5476  +
         5477  +  PolarSSL: Implement public key pinning
         5478  +
         5479  +Patrick Monnerat (22 Apr 2016)
         5480  +- os400: upgrade ILE/RPG binding
         5481  +
         5482  +- curl.h: CURLOPT_CONNECT_TO sets a struct slist *, not a string
         5483  +
         5484  +Daniel Stenberg (22 Apr 2016)
         5485  +- contributors.sh: make --releasenotes implied
         5486  +  
         5487  +  It got too annoying to type =)
         5488  +
         5489  +- RELEASE-NOTES: synced with 3c1e84f5693d8093
         5490  +
         5491  +- curl: make --ftp-create-dirs retry on failure
         5492  +  
         5493  +  The underlying libcurl option used for this feature is
         5494  +  CURLOPT_FTP_CREATE_MISSING_DIRS which has the ability to retry the dir
         5495  +  creation, but it was never set to do that by the command line tool.
         5496  +  
         5497  +  Now it does.
         5498  +  
         5499  +  Bug: https://curl.haxx.se/mail/archive-2016-04/0021.html
         5500  +  Reported-by: John Wanghui
         5501  +  Help-by: Leif W
         5502  +
         5503  +- [Henrik Gaßmann brought this change]
         5504  +
         5505  +  winbuild: add mbedtls support
         5506  +  
         5507  +  Add WITH_MBEDTLS option. Make WITH_SSL, WITH_MBEDTLS and ENABLE_WINSSL
         5508  +  options mutual exclusive.
         5509  +  
         5510  +  Closes #606
         5511  +
         5512  +- KNOWN_BUGS: fixed "5.6 Improper use of Autoconf cache variables"
         5513  +  
         5514  +  As of commit d9f3b365a3
         5515  +
         5516  +- [Irfan Adilovic brought this change]
         5517  +
         5518  +  configure: ac_cv_ -> curl_cv_ for write-only vars
         5519  +  
         5520  +  These configure vars are modified in a curl-specific way but never
         5521  +  evaluated or loaded from cache, even though they are designated as
         5522  +  _cv_. We could either implement proper AC_CACHE_CHECKs for them, or
         5523  +  remove them completely.
         5524  +  
         5525  +  Fixes #603 as ac_cv_func_gethostbyname is no longer clobbered, and
         5526  +  AC_CHECK_FUNC(gethostbyname...) will no longer spuriously succeed after
         5527  +  the first configure run with caching.
         5528  +  
         5529  +  `ac_cv_func_strcasecmp` is curious, see #770.
         5530  +  
         5531  +  `eval "ac_cv_func_$func=yes"` can still cause problems as it works in
         5532  +  tandem with AC_CHECK_FUNCS and then potentially modifies its result. It
         5533  +  would be best to rewrite this test to use a new CURL_CHECK_FUNCS macro,
         5534  +  which works the same as AC_CHECK_FUNCS but relies on caching the values
         5535  +  of curl_cv_func_* variables, without modifiying ac_cv_func_*.
         5536  +
         5537  +- [Irfan Adilovic brought this change]
         5538  +
         5539  +  configure: ac_cv_ -> curl_cv_ for r/w vars
         5540  +  
         5541  +  These configure vars are modified in a curl-specific way and modified by
         5542  +  the configure process, but are never loaded from cache, even though they
         5543  +  are designated as _cv_. We should implement proper AC_CACHE_CHECKs for
         5544  +  them eventually.
         5545  +
         5546  +- [Irfan Adilovic brought this change]
         5547  +
         5548  +  configure: ac_cv_func_clock_gettime -> curl_...
         5549  +  
         5550  +  This variable must not be cached in its current form, as any cached
         5551  +  information will prevent the next configure run from determining the
         5552  +  correct LIBS needed for the function. Thus, rename prefix `ac_cv_` to
         5553  +  just `curl_`.
         5554  +
         5555  +- [Irfan Adilovic brought this change]
         5556  +
         5557  +  configure: ac_cv_ -> curl_cv_ for all cached vars
         5558  +  
         5559  +  This was automated by:
         5560  +  
         5561  +  sed -b -i -f <(ack -A1 AC_CACHE_CHECK | \
         5562  +                 ack -o 'ac_cv_.*?\b' | \
         5563  +                 sort -u | xargs -n1 bash -c \
         5564  +                      'echo "s/$0/curl_cv_${0#ac_cv_}/g"') \
         5565  +      $(git ls-files)
         5566  +  
         5567  +  This only changed the prefix for 16 variables actually checked with
         5568  +  AC_CACHE_CHECK.
         5569  +
         5570  +- openssl: builds with OpenSSL 1.1.0-pre5
         5571  +  
         5572  +  The RSA, DSA and DH structs are now opaque and require use of new APIs
         5573  +  
         5574  +  Fixes #763
         5575  +
         5576  +Steve Holme (20 Apr 2016)
         5577  +- url.c: Prefer we don't use explicit NULLs in conditions
         5578  +  
         5579  +  Fixed commit fa5fa65a30 to not use NULLs in if condition.
         5580  +
         5581  +Daniel Stenberg (20 Apr 2016)
         5582  +- [Isaac Boukris brought this change]
         5583  +
         5584  +  NTLM: check for NULL pointer before deferencing
         5585  +  
         5586  +  At ConnectionExists, both check->proxyuser and check->proxypasswd
         5587  +  could be NULL, so make sure to check first.
         5588  +  
         5589  +  Fixes #765
         5590  +
         5591  +- [Karlson2k brought this change]
         5592  +
         5593  +  tests: added test1517
         5594  +  
         5595  +  ... for checking ability to receive full HTTP response when POST request
         5596  +  is used with slow read callback function.
         5597  +  
         5598  +  This test checks for bug #657 and verifies the work-around from
         5599  +  72d5e144fbc6.
         5600  +  
         5601  +  Closes #720
         5602  +
         5603  +- [Karlson2k brought this change]
         5604  +
         5605  +  sendf.c: added ability to call recv() before send() as workaround
         5606  +  
         5607  +  WinSock destroys recv() buffer if send() is failed. As result - server
         5608  +  response may be lost if server sent it while curl is still sending
         5609  +  request. This behavior noticeable on HTTP server short replies if
         5610  +  libcurl use several send() for request (usually for POST request).
         5611  +  To workaround this problem, libcurl use recv() before every send() and
         5612  +  keeps received data in intermediate buffer for further processing.
         5613  +  
         5614  +  Fixes: #657
         5615  +  Closes: #668
         5616  +
         5617  +Kamil Dudka (19 Apr 2016)
         5618  +- connect: make sure that rc is initialized in singleipconnect()
         5619  +  
         5620  +  This commit fixes a Clang warning introduced in curl-7_48_0-190-g8f72b13:
         5621  +  
         5622  +  Error: CLANG_WARNING:
         5623  +  lib/connect.c:1120:11: warning: The right operand of '==' is a garbage value
         5624  +  1118|       }
         5625  +  1119|
         5626  +  1120|->     if(-1 == rc)
         5627  +  1121|         error = SOCKERRNO;
         5628  +  1122|     }
         5629  +
         5630  +Daniel Stenberg (19 Apr 2016)
         5631  +- make/checksrc: use $srcdir, not $top_srcdir
         5632  +
         5633  +- src/checksrc.whitelist: removed
         5634  +
         5635  +- tool_operate: switch to inline checksrc ignore
         5636  +
         5637  +- lib/checksrc.whitelist: not needed anymore
         5638  +  
         5639  +  ... as checksrc now skips comments
         5640  +
         5641  +- vtls.h: remove a space before semicolon
         5642  +  
         5643  +  ... that the new checksrc detected
         5644  +
         5645  +- darwinssl: removed commented out code
         5646  +
         5647  +- http_chunks: removed checksrc disable
         5648  +  
         5649  +  ... since checksrc now skips comments
         5650  +
         5651  +- imap: inlined checksrc disable instead of whitelist edit
         5652  +
         5653  +- checksrc: taught to skip comments
         5654  +  
         5655  +  ... but output non-stripped version of the line, even if that then can
         5656  +  make the script identify the wrong position in the line at
         5657  +  times. Showing the line stripped (ie without comments) is just too
         5658  +  surprising.
         5659  +
         5660  +- opts/Makefile.am: list all docs file one by one
         5661  +  
         5662  +  ... to make it easier to add lines in patches that won't just break all
         5663  +  other patches trying to add lines too.
         5664  +
         5665  +- curl_easy_setopt.3: mention CURLOPT_TCP_FASTOPEN
         5666  +
         5667  +- RELEASE-NOTES: synced with 03de4e4b219
         5668  +  
         5669  +  (since we just merged two major features)
         5670  +
         5671  +- [Alessandro Ghedini brought this change]
         5672  +
         5673  +  connect: implement TCP Fast Open for Linux
         5674  +  
         5675  +  Closes #660
         5676  +
         5677  +- [Alessandro Ghedini brought this change]
         5678  +
         5679  +  tool: add --tcp-fastopen option
         5680  +
         5681  +- [Alessandro Ghedini brought this change]
         5682  +
         5683  +  connect: implement TCP Fast Open for OS X
         5684  +
         5685  +- [Alessandro Ghedini brought this change]
         5686  +
         5687  +  url: add CURLOPT_TCP_FASTOPEN option
         5688  +
         5689  +- checksrc: pass on -D so the whitelists are found correctly
         5690  +
         5691  +- configure: remove check for libresolve
         5692  +  
         5693  +  'strncasecmp' was once provided by libresolv (no trailing e) for SunOS,
         5694  +  but this check is broken and most likely adds nothing useful. Removing
         5695  +  now.
         5696  +  
         5697  +  Reported-by: Irfan Adilovic
         5698  +  
         5699  +  Discussed in #770
         5700  +
         5701  +- scripts/make: use $(EXEEXT) for executables
         5702  +  
         5703  +  Reported-by: bodop
         5704  +  
         5705  +  Fixes #771
         5706  +
         5707  +- includes: avoid duplicate memory callback typdefs even harder
         5708  +
         5709  +- checksrc/makefile.am: use $top_srcdir to find source files
         5710  +  
         5711  +  ... to properly support out of source tree builds.
         5712  +
         5713  +- RELEASE-NOTES: synced with 26ec93dd6aeba8dfb5
         5714  +
         5715  +- opts: fix option references missing (section)
         5716  +
         5717  +- [Michael Kaufmann brought this change]
         5718  +
         5719  +  news: CURLOPT_CONNECT_TO and --connect-to
         5720  +  
         5721  +  Makes curl connect to the given host+port instead of the host+port found
         5722  +  in the URL.
         5723  +
         5724  +- makefile.vc6: use d suffix on debug object
         5725  +  
         5726  +  To allow both release and debug builds in parallel.
         5727  +  
         5728  +  Reported-by: Rod Widdowson
         5729  +  
         5730  +  Fixes #769
         5731  +
         5732  +Jay Satiro (12 Apr 2016)
         5733  +- http2: Use size_t type for data drain count
         5734  +  
         5735  +  Ref: https://github.com/curl/curl/issues/659
         5736  +  Ref: https://github.com/curl/curl/pull/663
         5737  +
         5738  +- http2: Improve header parsing
         5739  +  
         5740  +  - Error if a header line is larger than supported.
         5741  +  
         5742  +  - Warn if cumulative header line length may be larger than supported.
         5743  +  
         5744  +  - Allow spaces when parsing the path component.
         5745  +  
         5746  +  - Make sure each header line ends in \r\n. This fixes an out of bounds.
         5747  +  
         5748  +  - Disallow header continuation lines until we decide what to do.
         5749  +  
         5750  +  Ref: https://github.com/curl/curl/issues/659
         5751  +  Ref: https://github.com/curl/curl/pull/663
         5752  +
         5753  +- http2: Add Curl_http2_strerror for HTTP/2 error codes
         5754  +  
         5755  +  Ref: https://github.com/curl/curl/issues/659
         5756  +  Ref: https://github.com/curl/curl/pull/663
         5757  +
         5758  +- [Tatsuhiro Tsujikawa brought this change]
         5759  +
         5760  +  http2: Don't increment drain when one header field is received
         5761  +  
         5762  +  Sicne we write header field in temporary location, not in the memory
         5763  +  that upper layer provides, incrementing drain should not happen.
         5764  +  
         5765  +  Ref: https://github.com/curl/curl/issues/659
         5766  +  Ref: https://github.com/curl/curl/pull/663
         5767  +
         5768  +- [Tatsuhiro Tsujikawa brought this change]
         5769  +
         5770  +  http2: Ensure that http2_handle_stream_close is called
         5771  +  
         5772  +  This commit ensures that streams which was closed in on_stream_close
         5773  +  callback gets passed to http2_handle_stream_close.  Previously, this
         5774  +  might not happen.  To achieve this, we increment drain property to
         5775  +  forcibly call recv function for that stream.
         5776  +  
         5777  +  To more accurately check that we have no pending event before shutting
         5778  +  down HTTP/2 session, we sum up drain property into
         5779  +  http_conn.drain_total.  We only shutdown session if that value is 0.
         5780  +  
         5781  +  With this commit, when stream was closed before reading response
         5782  +  header fields, error code CURLE_HTTP2_STREAM is returned even if
         5783  +  HTTP/2 level error is NO_ERROR.  This signals the upper layer that
         5784  +  stream was closed by error just like TCP connection close in HTTP/1.
         5785  +  
         5786  +  Ref: https://github.com/curl/curl/issues/659
         5787  +  Ref: https://github.com/curl/curl/pull/663
         5788  +
         5789  +- [Tatsuhiro Tsujikawa brought this change]
         5790  +
         5791  +  http2: Process paused data first before tear down http2 session
         5792  +  
         5793  +  This commit ensures that data from network are processed before HTTP/2
         5794  +  session is terminated.  This is achieved by pausing nghttp2 whenever
         5795  +  different stream than current easy handle receives data.
         5796  +  
         5797  +  This commit also fixes the bug that sometimes processing hangs when
         5798  +  multiple HTTP/2 streams are multiplexed.
         5799  +  
         5800  +  Ref: https://github.com/curl/curl/issues/659
         5801  +  Ref: https://github.com/curl/curl/pull/663
         5802  +
         5803  +- [Tatsuhiro Tsujikawa brought this change]
         5804  +
         5805  +  http2: Check session closure early in http2_recv
         5806  +  
         5807  +  Ref: https://github.com/curl/curl/issues/659
         5808  +  Ref: https://github.com/curl/curl/pull/663
         5809  +
         5810  +- [Tatsuhiro Tsujikawa brought this change]
         5811  +
         5812  +  http2: Add handling stream level error
         5813  +  
         5814  +  Previously, when a stream was closed with other than NGHTTP2_NO_ERROR
         5815  +  by RST_STREAM, underlying TCP connection was dropped.  This is
         5816  +  undesirable since there may be other streams multiplexed and they are
         5817  +  very much fine.  This change introduce new error code
         5818  +  CURLE_HTTP2_STREAM, which indicates stream error that only affects the
         5819  +  relevant stream, and connection should be kept open.  The existing
         5820  +  CURLE_HTTP2 means connection error in general.
         5821  +  
         5822  +  Ref: https://github.com/curl/curl/issues/659
         5823  +  Ref: https://github.com/curl/curl/pull/663
         5824  +
         5825  +Daniel Stenberg (11 Apr 2016)
         5826  +- http2: drain the socket better...
         5827  +  
         5828  +  ... but ignore EAGAIN if the stream has ended so that we don't end up in
         5829  +  a loop. This is a follow-up to c8ab613 in order to avoid the problem
         5830  +  d261652 was made to fix.
         5831  +  
         5832  +  Reported-by: Jay Satiro
         5833  +  Clues-provided-by: Tatsuhiro Tsujikawa
         5834  +  
         5835  +  Discussed in #750
         5836  +
         5837  +- KNOWN_BUGS: added info for "Hangs with PolarSSL"
         5838  +
         5839  +- KNOWN_BUGS: 1.9 HTTP/2 frames while in the connection pool kill reuse
         5840  +  
         5841  +  Closes #750
         5842  +
         5843  +- build: include scripts/ in the dist
         5844  +
         5845  +Steve Holme (9 Apr 2016)
         5846  +- CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
         5847  +  
         5848  +  As these two options provide identical functionality, the former for
         5849  +  SOCK5 proxies and the latter for HTTP proxies, merged the two options
         5850  +  together.
         5851  +  
         5852  +  As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of
         5853  +  7.49.0.
         5854  +
         5855  +- urldata: Use bool for socks5_gssapi_nec as it is a flag
         5856  +  
         5857  +  This value is set to TRUE or FALSE so should be a bool and not a long.
         5858  +
         5859  +- url: Ternary operator code style changes
         5860  +
         5861  +- CODE_STYLE: Added ternary operator example to 'Space around operators'
         5862  +  
         5863  +  Following conversation on the libcurl mailing list.
         5864  +
         5865  +- sasl: Fixed compilation errors from commit 9d89a0387
         5866  +  
         5867  +  ...when GSS-API or Windows SSPI are not used.
         5868  +
         5869  +- url: Corrected comments following 9d89a0387
         5870  +
         5871  +- docs: Added clarification following commit 9d89a0387
         5872  +
         5873  +- Makefile: Fixed echo of checksrc check
         5874  +
         5875  +- checksrc: Fix issue with the autobuilds not picking up the whitelist
         5876  +
         5877  +- checksrc: Added missing vauth and vtls directories
         5878  +
         5879  +- ftp/imap/pop3/smtp: Allow the service name to be overridden
         5880  +  
         5881  +  Allow the service name to be overridden for DIGIST-MD5 and Kerberos 5
         5882  +  authentication in FTP, IMAP, POP3 and SMTP.
         5883  +
         5884  +- http_negotiate: Calculate service name and proxy service name locally
         5885  +  
         5886  +  Calculate the service name and proxy service names locally, rather than
         5887  +  in url.c which will allow for us to support overriding the service name
         5888  +  for other protocols such as FTP, IMAP, POP3 and SMTP.
         5889  +
         5890  +- ROADMAP: Updated following the move of the authentication code
         5891  +
         5892  +Patrick Monnerat (8 Apr 2016)
         5893  +- KNOWN_BUGS: openldap hangs. TODO: binary SASL.
         5894  +
         5895  +Daniel Stenberg (8 Apr 2016)
         5896  +- KNOWN_BUGS: 5.6 Improper use of Autoconf cache variables
         5897  +  
         5898  +  Closes #603
         5899  +
         5900  +- KNOWN_BUGS: 11.2 error buffer not set...
         5901  +  
         5902  +  Closes #544
         5903  +
         5904  +- KNOWN_BUGS: 11.1 Curl leaks .onion hostnames in DNS
         5905  +  
         5906  +  Closes #543
         5907  +
         5908  +- KNOWN_BUGS: 1.8 DNS timing is wrong for HTTP redirects
         5909  +  
         5910  +  Closes #522
         5911  +
         5912  +- TODO: HTTP/2 "prior knowledge" is implemented!
         5913  +
         5914  +- [Damien Vielpeau brought this change]
         5915  +
         5916  +  mbedtls: fix MBEDTLS_DEBUG builds
         5917  +
         5918  +- mbedtls: implement and provide *_data_pending()
         5919  +  
         5920  +  ... as otherwise we might get stuck thinking there's no more data to
         5921  +  handle.
         5922  +  
         5923  +  Reported-by: Damien Vielpeau
         5924  +  
         5925  +  Fixes #737
         5926  +
         5927  +- mbedtls: follow-up for the previous commit
         5928  +
         5929  +- mbedtls.c: name space pollution fix, Use 'Curl_'
         5930  +
         5931  +- mbedtls.c: changed private prefix to mbed_
         5932  +  
         5933  +  mbedtls_ is the prefix used by the mbedTLS library itself so we should
         5934  +  avoid using that for our private functions.
         5935  +
         5936  +- mbedtls.h: fix compiler warnings
         5937  +
         5938  +- Revert "winbuild: trying to set some files eol=crlf for git"
         5939  +  
         5940  +  This reverts commit 9c08b4f1e7eced5a4d3782a3e0daa484c9d77d21.
         5941  +  
         5942  +  Didn't help. Caused problems.
         5943  +  
         5944  +  Fixes #756
         5945  +
         5946  +- curl.1: use example.com more
         5947  +  
         5948  +  Make (most) example snippets use the example.com domain instead of the
         5949  +  random ones picked and used before. Some of those were probably
         5950  +  legitimate sites and some not. example.com is designed for this purpose.
         5951  +
         5952  +- [Michael Kaufmann brought this change]
         5953  +
         5954  +  HTTP2: Add a space character after the status code
         5955  +  
         5956  +  The space character after the status code is mandatory, even if the
         5957  +  reason phrase is empty (see RFC 7230 section 3.1.2)
         5958  +  
         5959  +  Closes #755
         5960  +
         5961  +- [Viktor Szakats brought this change]
         5962  +
         5963  +  URLs: change http to https in many places
         5964  +  
         5965  +  Closes #754
         5966  +
         5967  +- winbuild: trying to set some files eol=crlf for git
         5968  +  
         5969  +  Thinking it might help to apply patches etc with git.
         5970  +
         5971  +- [Theodore Dubois brought this change]
         5972  +
         5973  +  curl.1: change example for -F
         5974  +  
         5975  +  It's a bad idea to send your passwords anywhere, especially over HTTP.
         5976  +  Modified example to send a picture instead.
         5977  +  
         5978  +  Fixes #752
         5979  +
         5980  +- KNOWN_BUGS: reorganized and cleaned up
         5981  +  
         5982  +  Now sorted into categories and organized in the same style we do the
         5983  +  TODO document. It will make each issue linked properly on the
         5984  +  https://curl.haxx.se/docs/knownbugs.html web page.
         5985  +  
         5986  +  The sections should make it easier to find issues and issues related to
         5987  +  areas of the reader's specific interest.
         5988  +
         5989  +Jay Satiro (6 Apr 2016)
         5990  +- KNOWN_BUGS: #95 curl in Windows can't handle Unicode arguments
         5991  +
         5992  +Steve Holme (6 Apr 2016)
         5993  +- KNOWN_BUGS: Use https://curl.haxx.se URL for github based issues
         5994  +
         5995  +- CHECKSRC.md: Corrected some typos
         5996  +
         5997  +- RELEASE-NOTES: Corrected last updated
         5998  +  
         5999  +  Included a summary of the checksrc.bat updates and combined two krb5
         6000  +  changes as they should have been implemented at the same time.
         6001  +
         6002  +- vauth: Corrected a number of typos in comments
         6003  +  
         6004  +  Reported-by: Michael Osipov
         6005  +
         6006  +Jay Satiro (5 Apr 2016)
         6007  +- KNOWN_BUGS: #94 IMAP custom requests use the LIST handler
         6008  +  
         6009  +  Bug: https://github.com/curl/curl/issues/536
         6010  +  Reported-by: eXeC64@users.noreply.github.com
         6011  +
         6012  +Daniel Stenberg (5 Apr 2016)
         6013  +- KNOWN_BUGS: remove 68, 70 and 72.
         6014  +  
         6015  +  Due to their age (we don't fully know if they actually remain) and lack
         6016  +  of detail - very few people will bother to find out what they're about
         6017  +  or work on them. If people truly still suffer from any of these, I
         6018  +  assume they will be reported again and then we'll deal with them.
         6019  +  
         6020  +  72. "Pausing pipeline problems."
         6021  +    https://curl.haxx.se/mail/lib-2009-07/0214.html
         6022  +  
         6023  +  70. Problem re-using easy handle after call to curl_multi_remove_handle
         6024  +    https://curl.haxx.se/mail/lib-2009-07/0249.html
         6025  +  
         6026  +  68. "More questions about ares behavior".
         6027  +    https://curl.haxx.se/mail/lib-2009-08/0012.html
         6028  +
         6029  +- KNOWN_BUGS: remove 92 and 88, fixed
         6030  +
         6031  +- http2: fix connection reuse when PING comes after last DATA
         6032  +  
         6033  +  It turns out the google GFE HTTP/2 servers send a PING frame immediately
         6034  +  after a stream ends and its last DATA has been received by curl. So if
         6035  +  we don't drain that from the socket, it makes the socket readable in
         6036  +  subsequent checks and libcurl then (wrongly) assumes the connection is
         6037  +  dead when trying to reuse the connection.
         6038  +  
         6039  +  Reported-by: Joonas Kuorilehto
         6040  +  
         6041  +  Discussed in #750
         6042  +
         6043  +- multi: remove trailing space in debug output
         6044  +
         6045  +- RELEASE-NOTES: synced with 86e97b642fb
         6046  +
         6047  +- CHECKSRC.md: mention cmdline options, fix the bullet list
         6048  +
         6049  +- docs/CHECKSRC.md: initial version
         6050  +
         6051  +Steve Holme (3 Apr 2016)
         6052  +- checksrc.bat: Added support for the examples
         6053  +
         6054  +Daniel Stenberg (3 Apr 2016)
         6055  +- lib/src: fix the checksrc invoke
         6056  +  
         6057  +  ... now works correctly when invoke from the root makefile

Added scriptlibs/softwareupdate/curl/COPYING-libssh2.txt.

            1  +/* Copyright (c) 2004-2007 Sara Golemon <sarag@libssh2.org>
            2  + * Copyright (c) 2005,2006 Mikhail Gusarov <dottedmag@dottedmag.net>
            3  + * Copyright (c) 2006-2007 The Written Word, Inc.
            4  + * Copyright (c) 2007 Eli Fant <elifantu@mail.ru>
            5  + * Copyright (c) 2009-2014 Daniel Stenberg
            6  + * Copyright (C) 2008, 2009 Simon Josefsson
            7  + * All rights reserved.
            8  + *
            9  + * Redistribution and use in source and binary forms,
           10  + * with or without modification, are permitted provided
           11  + * that the following conditions are met:
           12  + *
           13  + *   Redistributions of source code must retain the above
           14  + *   copyright notice, this list of conditions and the
           15  + *   following disclaimer.
           16  + *
           17  + *   Redistributions in binary form must reproduce the above
           18  + *   copyright notice, this list of conditions and the following
           19  + *   disclaimer in the documentation and/or other materials
           20  + *   provided with the distribution.
           21  + *
           22  + *   Neither the name of the copyright holder nor the names
           23  + *   of any other contributors may be used to endorse or
           24  + *   promote products derived from this software without
           25  + *   specific prior written permission.
           26  + *
           27  + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
           28  + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
           29  + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
           30  + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
           31  + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
           32  + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
           33  + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
           34  + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
           35  + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
           36  + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
           37  + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
           38  + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
           39  + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
           40  + * OF SUCH DAMAGE.
           41  + */
           42  +

Added scriptlibs/softwareupdate/curl/COPYING-nghttp2.txt.

            1  +The MIT License
            2  +
            3  +Copyright (c) 2012, 2014, 2015, 2016 Tatsuhiro Tsujikawa
            4  +Copyright (c) 2012, 2014, 2015, 2016 nghttp2 contributors
            5  +
            6  +Permission is hereby granted, free of charge, to any person obtaining
            7  +a copy of this software and associated documentation files (the
            8  +"Software"), to deal in the Software without restriction, including
            9  +without limitation the rights to use, copy, modify, merge, publish,
           10  +distribute, sublicense, and/or sell copies of the Software, and to
           11  +permit persons to whom the Software is furnished to do so, subject to
           12  +the following conditions:
           13  +
           14  +The above copyright notice and this permission notice shall be
           15  +included in all copies or substantial portions of the Software.
           16  +
           17  +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
           18  +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
           19  +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
           20  +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
           21  +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
           22  +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
           23  +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Added scriptlibs/softwareupdate/curl/COPYING-zlib.txt.

            1  +ZLIB DATA COMPRESSION LIBRARY
            2  +
            3  +zlib 1.2.11 is a general purpose data compression library.  All the code is
            4  +thread safe.  The data format used by the zlib library is described by RFCs
            5  +(Request for Comments) 1950 to 1952 in the files
            6  +http://tools.ietf.org/html/rfc1950 (zlib format), rfc1951 (deflate format) and
            7  +rfc1952 (gzip format).
            8  +
            9  +All functions of the compression library are documented in the file zlib.h
           10  +(volunteer to write man pages welcome, contact zlib@gzip.org).  A usage example
           11  +of the library is given in the file test/example.c which also tests that
           12  +the library is working correctly.  Another example is given in the file
           13  +test/minigzip.c.  The compression library itself is composed of all source
           14  +files in the root directory.
           15  +
           16  +To compile all files and run the test program, follow the instructions given at
           17  +the top of Makefile.in.  In short "./configure; make test", and if that goes
           18  +well, "make install" should work for most flavors of Unix.  For Windows, use
           19  +one of the special makefiles in win32/ or contrib/vstudio/ .  For VMS, use
           20  +make_vms.com.
           21  +
           22  +Questions about zlib should be sent to <zlib@gzip.org>, or to Gilles Vollant
           23  +<info@winimage.com> for the Windows DLL version.  The zlib home page is
           24  +http://zlib.net/ .  Before reporting a problem, please check this site to
           25  +verify that you have the latest version of zlib; otherwise get the latest
           26  +version and check whether the problem still exists or not.
           27  +
           28  +PLEASE read the zlib FAQ http://zlib.net/zlib_faq.html before asking for help.
           29  +
           30  +Mark Nelson <markn@ieee.org> wrote an article about zlib for the Jan.  1997
           31  +issue of Dr.  Dobb's Journal; a copy of the article is available at
           32  +http://marknelson.us/1997/01/01/zlib-engine/ .
           33  +
           34  +The changes made in version 1.2.11 are documented in the file ChangeLog.
           35  +
           36  +Unsupported third party contributions are provided in directory contrib/ .
           37  +
           38  +zlib is available in Java using the java.util.zip package, documented at
           39  +http://java.sun.com/developer/technicalArticles/Programming/compression/ .
           40  +
           41  +A Perl interface to zlib written by Paul Marquess <pmqs@cpan.org> is available
           42  +at CPAN (Comprehensive Perl Archive Network) sites, including
           43  +http://search.cpan.org/~pmqs/IO-Compress-Zlib/ .
           44  +
           45  +A Python interface to zlib written by A.M. Kuchling <amk@amk.ca> is
           46  +available in Python 1.5 and later versions, see
           47  +http://docs.python.org/library/zlib.html .
           48  +
           49  +zlib is built into tcl: http://wiki.tcl.tk/4610 .
           50  +
           51  +An experimental package to read and write files in .zip format, written on top
           52  +of zlib by Gilles Vollant <info@winimage.com>, is available in the
           53  +contrib/minizip directory of zlib.
           54  +
           55  +
           56  +Notes for some targets:
           57  +
           58  +- For Windows DLL versions, please see win32/DLL_FAQ.txt
           59  +
           60  +- For 64-bit Irix, deflate.c must be compiled without any optimization. With
           61  +  -O, one libpng test fails. The test works in 32 bit mode (with the -n32
           62  +  compiler flag). The compiler bug has been reported to SGI.
           63  +
           64  +- zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1 it works
           65  +  when compiled with cc.
           66  +
           67  +- On Digital Unix 4.0D (formely OSF/1) on AlphaServer, the cc option -std1 is
           68  +  necessary to get gzprintf working correctly. This is done by configure.
           69  +
           70  +- zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works with
           71  +  other compilers. Use "make test" to check your compiler.
           72  +
           73  +- gzdopen is not supported on RISCOS or BEOS.
           74  +
           75  +- For PalmOs, see http://palmzlib.sourceforge.net/
           76  +
           77  +
           78  +Acknowledgments:
           79  +
           80  +  The deflate format used by zlib was defined by Phil Katz.  The deflate and
           81  +  zlib specifications were written by L.  Peter Deutsch.  Thanks to all the
           82  +  people who reported problems and suggested various improvements in zlib; they
           83  +  are too numerous to cite here.
           84  +
           85  +Copyright notice:
           86  +
           87  + (C) 1995-2017 Jean-loup Gailly and Mark Adler
           88  +
           89  +  This software is provided 'as-is', without any express or implied
           90  +  warranty.  In no event will the authors be held liable for any damages
           91  +  arising from the use of this software.
           92  +
           93  +  Permission is granted to anyone to use this software for any purpose,
           94  +  including commercial applications, and to alter it and redistribute it
           95  +  freely, subject to the following restrictions:
           96  +
           97  +  1. The origin of this software must not be misrepresented; you must not
           98  +     claim that you wrote the original software. If you use this software
           99  +     in a product, an acknowledgment in the product documentation would be
          100  +     appreciated but is not required.
          101  +  2. Altered source versions must be plainly marked as such, and must not be
          102  +     misrepresented as being the original software.
          103  +  3. This notice may not be removed or altered from any source distribution.
          104  +
          105  +  Jean-loup Gailly        Mark Adler
          106  +  jloup@gzip.org          madler@alumni.caltech.edu
          107  +
          108  +If you use the zlib library in a product, we would appreciate *not* receiving
          109  +lengthy legal documents to sign.  The sources are provided for free but without
          110  +warranty of any kind.  The library has been entirely written by Jean-loup
          111  +Gailly and Mark Adler; it does not include third-party code.
          112  +
          113  +If you redistribute modified sources, we would appreciate that you include in
          114  +the file ChangeLog history information documenting your changes.  Please read
          115  +the FAQ for more information on the distribution of modified source versions.

Added scriptlibs/softwareupdate/curl/COPYING.txt.

            1  +COPYRIGHT AND PERMISSION NOTICE
            2  +
            3  +Copyright (c) 1996 - 2017, Daniel Stenberg, <daniel@haxx.se>, and many
            4  +contributors, see the THANKS file.
            5  +
            6  +All rights reserved.
            7  +
            8  +Permission to use, copy, modify, and distribute this software for any purpose
            9  +with or without fee is hereby granted, provided that the above copyright
           10  +notice and this permission notice appear in all copies.
           11  +
           12  +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
           13  +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
           14  +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN
           15  +NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
           16  +DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
           17  +OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
           18  +OR OTHER DEALINGS IN THE SOFTWARE.
           19  +
           20  +Except as contained in this notice, the name of a copyright holder shall not
           21  +be used in advertising or otherwise to promote the sale, use or other dealings
           22  +in this Software without prior written authorization of the copyright holder.

Added scriptlibs/softwareupdate/curl/LICENSE-openssl.txt.

            1  +
            2  +  LICENSE ISSUES
            3  +  ==============
            4  +
            5  +  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
            6  +  the OpenSSL License and the original SSLeay license apply to the toolkit.
            7  +  See below for the actual license texts.
            8  +
            9  +  OpenSSL License
           10  +  ---------------
           11  +
           12  +/* ====================================================================
           13  + * Copyright (c) 1998-2016 The OpenSSL Project.  All rights reserved.
           14  + *
           15  + * Redistribution and use in source and binary forms, with or without
           16  + * modification, are permitted provided that the following conditions
           17  + * are met:
           18  + *
           19  + * 1. Redistributions of source code must retain the above copyright
           20  + *    notice, this list of conditions and the following disclaimer. 
           21  + *
           22  + * 2. Redistributions in binary form must reproduce the above copyright
           23  + *    notice, this list of conditions and the following disclaimer in
           24  + *    the documentation and/or other materials provided with the
           25  + *    distribution.
           26  + *
           27  + * 3. All advertising materials mentioning features or use of this
           28  + *    software must display the following acknowledgment:
           29  + *    "This product includes software developed by the OpenSSL Project
           30  + *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
           31  + *
           32  + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
           33  + *    endorse or promote products derived from this software without
           34  + *    prior written permission. For written permission, please contact
           35  + *    openssl-core@openssl.org.
           36  + *
           37  + * 5. Products derived from this software may not be called "OpenSSL"
           38  + *    nor may "OpenSSL" appear in their names without prior written
           39  + *    permission of the OpenSSL Project.
           40  + *
           41  + * 6. Redistributions of any form whatsoever must retain the following
           42  + *    acknowledgment:
           43  + *    "This product includes software developed by the OpenSSL Project
           44  + *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
           45  + *
           46  + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
           47  + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
           48  + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
           49  + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
           50  + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
           51  + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
           52  + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
           53  + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
           54  + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
           55  + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
           56  + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
           57  + * OF THE POSSIBILITY OF SUCH DAMAGE.
           58  + * ====================================================================
           59  + *
           60  + * This product includes cryptographic software written by Eric Young
           61  + * (eay@cryptsoft.com).  This product includes software written by Tim
           62  + * Hudson (tjh@cryptsoft.com).
           63  + *
           64  + */
           65  +
           66  + Original SSLeay License
           67  + -----------------------
           68  +
           69  +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
           70  + * All rights reserved.
           71  + *
           72  + * This package is an SSL implementation written
           73  + * by Eric Young (eay@cryptsoft.com).
           74  + * The implementation was written so as to conform with Netscapes SSL.
           75  + * 
           76  + * This library is free for commercial and non-commercial use as long as
           77  + * the following conditions are aheared to.  The following conditions
           78  + * apply to all code found in this distribution, be it the RC4, RSA,
           79  + * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
           80  + * included with this distribution is covered by the same copyright terms
           81  + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
           82  + * 
           83  + * Copyright remains Eric Young's, and as such any Copyright notices in
           84  + * the code are not to be removed.
           85  + * If this package is used in a product, Eric Young should be given attribution
           86  + * as the author of the parts of the library used.
           87  + * This can be in the form of a textual message at program startup or
           88  + * in documentation (online or textual) provided with the package.
           89  + * 
           90  + * Redistribution and use in source and binary forms, with or without
           91  + * modification, are permitted provided that the following conditions
           92  + * are met:
           93  + * 1. Redistributions of source code must retain the copyright
           94  + *    notice, this list of conditions and the following disclaimer.
           95  + * 2. Redistributions in binary form must reproduce the above copyright
           96  + *    notice, this list of conditions and the following disclaimer in the
           97  + *    documentation and/or other materials provided with the distribution.
           98  + * 3. All advertising materials mentioning features or use of this software
           99  + *    must display the following acknowledgement:
          100  + *    "This product includes cryptographic software written by
          101  + *     Eric Young (eay@cryptsoft.com)"
          102  + *    The word 'cryptographic' can be left out if the rouines from the library
          103  + *    being used are not cryptographic related :-).
          104  + * 4. If you include any Windows specific code (or a derivative thereof) from 
          105  + *    the apps directory (application code) you must include an acknowledgement:
          106  + *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
          107  + * 
          108  + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
          109  + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
          110  + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
          111  + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
          112  + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
          113  + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
          114  + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
          115  + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
          116  + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
          117  + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
          118  + * SUCH DAMAGE.
          119  + * 
          120  + * The licence and distribution terms for any publically available version or
          121  + * derivative of this code cannot be changed.  i.e. this code cannot simply be
          122  + * copied and put under another distribution licence
          123  + * [including the GNU Public Licence.]
          124  + */
          125  +

Added scriptlibs/softwareupdate/curl/README.txt.

            1  +                                  _   _ ____  _
            2  +                              ___| | | |  _ \| |
            3  +                             / __| | | | |_) | |
            4  +                            | (__| |_| |  _ <| |___
            5  +                             \___|\___/|_| \_\_____|
            6  +
            7  +README
            8  +
            9  +  Curl is a command line tool for transferring data specified with URL
           10  +  syntax. Find out how to use curl by reading the curl.1 man page or the
           11  +  MANUAL document. Find out how to install Curl by reading the INSTALL
           12  +  document.
           13  +
           14  +  libcurl is the library curl is using to do its job. It is readily
           15  +  available to be used by your software. Read the libcurl.3 man page to
           16  +  learn how!
           17  +
           18  +  You find answers to the most frequent questions we get in the FAQ document.
           19  +
           20  +  Study the COPYING file for distribution terms and similar. If you distribute
           21  +  curl binaries or other binaries that involve libcurl, you might enjoy the
           22  +  LICENSE-MIXING document.
           23  +
           24  +CONTACT
           25  +
           26  +  If you have problems, questions, ideas or suggestions, please contact us
           27  +  by posting to a suitable mailing list. See https://curl.haxx.se/mail/
           28  +
           29  +  All contributors to the project are listed in the THANKS document.
           30  +
           31  +WEB SITE
           32  +
           33  +  Visit the curl web site for the latest news and downloads:
           34  +
           35  +        https://curl.haxx.se/
           36  +
           37  +GIT
           38  +
           39  +  To download the very latest source off the GIT server do this:
           40  +
           41  +    git clone https://github.com/curl/curl.git
           42  +
           43  +  (you'll get a directory named curl created, filled with the source code)
           44  +
           45  +NOTICE
           46  +
           47  +  Curl contains pieces of source code that is Copyright (c) 1998, 1999
           48  +  Kungliga Tekniska Högskolan. This notice is included here to comply with the
           49  +  distribution terms.

Added scriptlibs/softwareupdate/curl/RELEASE-NOTES.txt.

            1  +Curl and libcurl 7.53.1
            2  +
            3  + Public curl releases:         164
            4  + Command line options:         205
            5  + curl_easy_setopt() options:   244
            6  + Public functions in libcurl:  61
            7  + Contributors:                 1507
            8  +
            9  +This release includes the following bugfixes:
           10  +
           11  + o cyassl: fix typo
           12  + o url: Improve CURLOPT_PROXY_CAPATH error handling [1]
           13  + o urldata: include curl_sspi.h when Windows SSPI is enabled [2]
           14  + o formdata: check for EOF when reading from stdin [3]
           15  + o tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047 [4]
           16  + o url: Default the proxy CA bundle location to CURL_CA_BUNDLE [5]
           17  + o rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header [6]
           18  +
           19  +This release includes the following known bugs:
           20  +
           21  + o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
           22  +
           23  +This release would not have looked like this without help, code, reports and
           24  +advice from friends like these:
           25  +
           26  +  Dan Fandrich, Daniel Stenberg, İsmail Dönmez, jveazey on github, Ray Satiro,
           27  +  Sergii Pylypenko, Shachaf Ben-Kiki, Viktor Szakáts,
           28  +  (8 contributors)
           29  +
           30  +        Thanks! (and sorry if I forgot to mention someone)
           31  +
           32  +References to bug reports and discussions on issues:
           33  +
           34  + [1] = https://curl.haxx.se/bug/?i=1257
           35  + [2] = https://curl.haxx.se/bug/?i=1276
           36  + [3] = https://curl.haxx.se/bug/?i=1281
           37  + [4] = https://curl.haxx.se/bug/?i=1277
           38  + [5] = https://curl.haxx.se/bug/?i=1257
           39  + [6] = https://curl.haxx.se/bug/?i=1285

Added scriptlibs/softwareupdate/curl/bin/curl-ca-bundle.crt.

            1  +##
            2  +## Bundle of CA Root Certificates
            3  +##
            4  +## Certificate data from Mozilla as of: Wed Jan 18 04:12:05 2017 GMT
            5  +##
            6  +## This is a bundle of X.509 certificates of public Certificate Authorities
            7  +## (CA). These were automatically extracted from Mozilla's root certificates
            8  +## file (certdata.txt).  This file can be found in the mozilla source tree:
            9  +## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
           10  +##
           11  +## It contains the certificates in PEM format and therefore
           12  +## can be directly used with curl / libcurl / php_curl, or with
           13  +## an Apache+mod_ssl webserver for SSL client authentication.
           14  +## Just configure this file as the SSLCACertificateFile.
           15  +##
           16  +## Conversion done with mk-ca-bundle.pl version 1.27.
           17  +## SHA256: dffa79e6aa993f558e82884abf7bb54bf440ab66ee91d82a27a627f6f2a4ace4
           18  +##
           19  +
           20  +
           21  +GlobalSign Root CA
           22  +==================
           23  +-----BEGIN CERTIFICATE-----
           24  +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx
           25  +GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds
           26  +b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV
           27  +BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD
           28  +VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa
           29  +DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc
           30  +THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb
           31  +Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP
           32  +c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX
           33  +gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
           34  +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF
           35  +AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj
           36  +Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG
           37  +j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH
           38  +hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC
           39  +X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
           40  +-----END CERTIFICATE-----
           41  +
           42  +GlobalSign Root CA - R2
           43  +=======================
           44  +-----BEGIN CERTIFICATE-----
           45  +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4GA1UECxMXR2xv
           46  +YmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh
           47  +bFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT
           48  +aWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln
           49  +bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6
           50  +ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozp
           51  +s6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjN
           52  +S7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo4KD0L5CL
           53  +TfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pazq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6C
           54  +ygPCm48CAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
           55  +FgQUm+IHV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9i
           56  +YWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjAN
           57  +BgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4GsJ0/WwbgcQ3izDJr86iw8bmEbTUsp
           58  +9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu
           59  +01yiPqFbQfXf5WRDLenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7
           60  +9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
           61  +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
           62  +-----END CERTIFICATE-----
           63  +
           64  +Verisign Class 3 Public Primary Certification Authority - G3
           65  +============================================================
           66  +-----BEGIN CERTIFICATE-----
           67  +MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV
           68  +UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
           69  +cmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
           70  +IG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNh
           71  +dGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQsw
           72  +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
           73  +dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhv
           74  +cml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkg
           75  +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
           76  +ggEBAMu6nFL8eB8aHm8bN3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1
           77  +EUGO+i2tKmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGukxUc
           78  +cLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBmCC+Vk7+qRy+oRpfw
           79  +EuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJXwzw3sJ2zq/3avL6QaaiMxTJ5Xpj
           80  +055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWuimi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
           81  +ERSWwauSCPc/L8my/uRan2Te2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5f
           82  +j267Cz3qWhMeDGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
           83  +/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565pF4ErWjfJXir0
           84  +xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGtTxzhT5yvDwyd93gN2PQ1VoDa
           85  +t20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
           86  +-----END CERTIFICATE-----
           87  +
           88  +Entrust.net Premium 2048 Secure Server CA
           89  +=========================================
           90  +-----BEGIN CERTIFICATE-----
           91  +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5u
           92  +ZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxp
           93  +bWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV
           94  +BAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQx
           95  +NzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3
           96  +d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl
           97  +MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5u
           98  +ZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
           99  +MIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL
          100  +Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr
          101  +hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzW
          102  +nLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUi
          103  +VBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8E
          104  +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJ
          105  +KoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPy
          106  +T/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
          107  +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKT
          108  +J1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e
          109  +nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE=
          110  +-----END CERTIFICATE-----
          111  +
          112  +Baltimore CyberTrust Root
          113  +=========================
          114  +-----BEGIN CERTIFICATE-----
          115  +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UE
          116  +ChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3li
          117  +ZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMC
          118  +SUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFs
          119  +dGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKME
          120  +uyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsB
          121  +UnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/C
          122  +G9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9
          123  +XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjpr
          124  +l3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoI
          125  +VDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB
          126  +BQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRh
          127  +cL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5
          128  +hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsa
          129  +Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H
          130  +RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
          131  +-----END CERTIFICATE-----
          132  +
          133  +AddTrust Low-Value Services Root
          134  +================================
          135  +-----BEGIN CERTIFICATE-----
          136  +MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
          137  +QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRU
          138  +cnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMwMTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQsw
          139  +CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBO
          140  +ZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEB
          141  +AQUAA4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ulCDtbKRY6
          142  +54eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6ntGO0/7Gcrjyvd7ZWxbWr
          143  +oulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyldI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1
          144  +Zmne3yzxbrww2ywkEtvrNTVokMsAsJchPXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJui
          145  +GMx1I4S+6+JNM3GOGvDC+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8w
          146  +HQYDVR0OBBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTAD
          147  +AQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBlMQswCQYDVQQGEwJT
          148  +RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEw
          149  +HwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxt
          150  +ZBsfzQ3duQH6lmM0MkhHma6X7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0Ph
          151  +iVYrqW9yTkkz43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY
          152  +eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJlpz/+0WatC7xr
          153  +mYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOAWiFeIc9TVPC6b4nbqKqVz4vj
          154  +ccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk=
          155  +-----END CERTIFICATE-----
          156  +
          157  +AddTrust External Root
          158  +======================
          159  +-----BEGIN CERTIFICATE-----
          160  +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
          161  +QWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYD
          162  +VQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEw
          163  +NDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRU
          164  +cnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0Eg
          165  +Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvtH7xsD821
          166  ++iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfw
          167  +Tz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmo
          168  +aSYYkKtMsE8jqzpPhNjfzp/haW+710LXa0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy
          169  +2xSoRcRdKn23tNbE7qzNE0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv7
          170  +7+ldU9U0WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0P
          171  +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6xCZU7wO94CTL
          172  +VBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRk
          173  +VHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENB
          174  +IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZl
          175  +j7DYd7usQWxHYINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
          176  +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvCNr4TDea9Y355
          177  +e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0cQ+azcgOno4u
          178  +G+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
          179  +-----END CERTIFICATE-----
          180  +
          181  +AddTrust Public Services Root
          182  +=============================
          183  +-----BEGIN CERTIFICATE-----
          184  +MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
          185  +QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSAwHgYDVQQDExdBZGRU
          186  +cnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAxMDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJ
          187  +BgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5l
          188  +dHdvcmsxIDAeBgNVBAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEF
          189  +AAOCAQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV6tsfSlbu
          190  +nyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nXGCwwfQ56HmIexkvA/X1i
          191  +d9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnPdzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSG
          192  +Aa2Il+tmzV7R/9x98oTaunet3IAIx6eH1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAw
          193  +HM+A+WD+eeSI8t0A65RF62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0G
          194  +A1UdDgQWBBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
          195  +/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDELMAkGA1UEBhMCU0Ux
          196  +FDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRUcnVzdCBUVFAgTmV0d29yazEgMB4G
          197  +A1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4
          198  +JNojVhaTdt02KLmuG7jD8WS6IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL
          199  ++YPoRNWyQSW/iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao
          200  +GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh4SINhwBk/ox9
          201  +Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQmXiLsks3/QppEIW1cxeMiHV9H
          202  +EufOX1362KqxMy3ZdvJOOjMMK7MtkAY=
          203  +-----END CERTIFICATE-----
          204  +
          205  +AddTrust Qualified Certificates Root
          206  +====================================
          207  +-----BEGIN CERTIFICATE-----
          208  +MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
          209  +QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSMwIQYDVQQDExpBZGRU
          210  +cnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcx
          211  +CzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQ
          212  +IE5ldHdvcmsxIzAhBgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG
          213  +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwqxBb/4Oxx
          214  +64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G87B4pfYOQnrjfxvM0PC3
          215  +KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i2O+tCBGaKZnhqkRFmhJePp1tUvznoD1o
          216  +L/BLcHwTOK28FSXx1s6rosAx1i+f4P8UWfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GR
          217  +wVY18BTcZTYJbqukB8c10cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HU
          218  +MIHRMB0GA1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/
          219  +BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6FrpGkwZzELMAkGA1UE
          220  +BhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRUcnVzdCBUVFAgTmV0d29y
          221  +azEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlmaWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQAD
          222  +ggEBABmrder4i2VhlRO6aQTvhsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxG
          223  +GuoYQ992zPlmhpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X
          224  +dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3P6CxB9bpT9ze
          225  +RXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9YiQBCYz95OdBEsIJuQRno3eDB
          226  +iFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5noxqE=
          227  +-----END CERTIFICATE-----
          228  +
          229  +Entrust Root Certification Authority
          230  +====================================
          231  +-----BEGIN CERTIFICATE-----
          232  +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV
          233  +BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw
          234  +b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG
          235  +A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0
          236  +MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu
          237  +MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu
          238  +Y2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v
          239  +dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
          240  +ALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYsz
          241  +A9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOww
          242  +Cj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68
          243  +j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94DkZfs0Nw4pgHBN
          244  +rziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCAQYw
          245  +DwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1
          246  +MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH
          247  +hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
          248  +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISM
          249  +Y/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTa
          250  +v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTS
          251  +W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0
          252  +tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8
          253  +-----END CERTIFICATE-----
          254  +
          255  +GeoTrust Global CA
          256  +==================
          257  +-----BEGIN CERTIFICATE-----
          258  +MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
          259  +Ew1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMDIwNTIxMDQw
          260  +MDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j
          261  +LjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
          262  +CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjo
          263  +BbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet
          264  +8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+Vc
          265  +T4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagU
          266  +vTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTAD
          267  +AQH/MB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVk
          268  +DBF9qn1luMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57Q
          269  +zxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWVYrmm3ok9Nns4
          270  +d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2
          271  +mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6p
          272  +XE0zX5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm
          273  +Mw==
          274  +-----END CERTIFICATE-----
          275  +
          276  +GeoTrust Global CA 2
          277  +====================
          278  +-----BEGIN CERTIFICATE-----
          279  +MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN
          280  +R2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFsIENBIDIwHhcNMDQwMzA0MDUw
          281  +MDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j
          282  +LjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
          283  +ggEKAoIBAQDvPE1APRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/
          284  +NTL8Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hLTytCOb1k
          285  +LUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL5mkWRxHCJ1kDs6ZgwiFA
          286  +Vvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7S4wMcoKK+xfNAGw6EzywhIdLFnopsk/b
          287  +HdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQF
          288  +MAMBAf8wHQYDVR0OBBYEFHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNH
          289  +K266ZUapEBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6tdEPx7
          290  +srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv/NgdRN3ggX+d6Yvh
          291  +ZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywNA0ZF66D0f0hExghAzN4bcLUprbqL
          292  +OzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkC
          293  +x1YAzUm5s2x7UwQa4qjJqhIFI8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqF
          294  +H4z1Ir+rzoPz4iIprn2DQKi6bA==
          295  +-----END CERTIFICATE-----
          296  +
          297  +GeoTrust Universal CA
          298  +=====================
          299  +-----BEGIN CERTIFICATE-----
          300  +MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN
          301  +R2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVyc2FsIENBMB4XDTA0MDMwNDA1
          302  +MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IElu
          303  +Yy4xHjAcBgNVBAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
          304  +ADCCAgoCggIBAKYVVaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9t
          305  +JPi8cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTTQjOgNB0e
          306  +RXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFhF7em6fgemdtzbvQKoiFs
          307  +7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2vc7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d
          308  +8Lsrlh/eezJS/R27tQahsiFepdaVaH/wmZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7V
          309  +qnJNk22CDtucvc+081xdVHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3Cga
          310  +Rr0BHdCXteGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZf9hB
          311  +Z3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfReBi9Fi1jUIxaS5BZu
          312  +KGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+nhutxx9z3SxPGWX9f5NAEC7S8O08
          313  +ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0
          314  +XG0D08DYj3rWMB8GA1UdIwQYMBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIB
          315  +hjANBgkqhkiG9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc
          316  +aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fXIwjhmF7DWgh2
          317  +qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzynANXH/KttgCJwpQzgXQQpAvvL
          318  +oJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0zuzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsK
          319  +xr2EoyNB3tZ3b4XUhRxQ4K5RirqNPnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxF
          320  +KyDuSN/n3QmOGKjaQI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2
          321  +DFKWkoRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9ER/frslK
          322  +xfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQtDF4JbAiXfKM9fJP/P6EU
          323  +p8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/SfuvmbJxPgWp6ZKy7PtXny3YuxadIwVyQD8vI
          324  +P/rmMuGNG2+k5o7Y+SlIis5z/iw=
          325  +-----END CERTIFICATE-----
          326  +
          327  +GeoTrust Universal CA 2
          328  +=======================
          329  +-----BEGIN CERTIFICATE-----
          330  +MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN
          331  +R2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwHhcNMDQwMzA0
          332  +MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3Qg
          333  +SW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUA
          334  +A4ICDwAwggIKAoICAQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0
          335  +DE81WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUGFF+3Qs17
          336  +j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdqXbboW0W63MOhBW9Wjo8Q
          337  +JqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxLse4YuU6W3Nx2/zu+z18DwPw76L5GG//a
          338  +QMJS9/7jOvdqdzXQ2o3rXhhqMcceujwbKNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2
          339  +WP0+GfPtDCapkzj4T8FdIgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP
          340  +20gaXT73y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRthAAn
          341  +ZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgocQIgfksILAAX/8sgC
          342  +SqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4Lt1ZrtmhN79UNdxzMk+MBB4zsslG
          343  +8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2
          344  ++/CfXGJx7Tz0RzgQKzAfBgNVHSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8E
          345  +BAMCAYYwDQYJKoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z
          346  +dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQL1EuxBRa3ugZ
          347  +4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgrFg5fNuH8KrUwJM/gYwx7WBr+
          348  +mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSoag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpq
          349  +A1Ihn0CoZ1Dy81of398j9tx4TuaYT1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpg
          350  +Y+RdM4kX2TGq2tbzGDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiP
          351  +pm8m1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJVOCiNUW7d
          352  +FGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH6aLcr34YEoP9VhdBLtUp
          353  +gn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwXQMAJKOSLakhT2+zNVVXxxvjpoixMptEm
          354  +X36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
          355  +-----END CERTIFICATE-----
          356  +
          357  +Visa eCommerce Root
          358  +===================
          359  +-----BEGIN CERTIFICATE-----
          360  +MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQG
          361  +EwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2Ug
          362  +QXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2
          363  +WhcNMjIwNjI0MDAxNjEyWjBrMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMm
          364  +VmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv
          365  +bW1lcmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h2mCxlCfL
          366  +F9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4ElpF7sDPwsRROEW+1QK8b
          367  +RaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdVZqW1LS7YgFmypw23RuwhY/81q6UCzyr0
          368  +TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI
          369  +/k4+oKsGGelT84ATB+0tvz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzs
          370  +GHxBvfaLdXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
          371  +MB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUFAAOCAQEAX/FBfXxc
          372  +CLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcRzCSs00Rsca4BIGsDoo8Ytyk6feUW
          373  +YFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pz
          374  +zkWKsKZJ/0x9nXGIxHYdkFsd7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBu
          375  +YQa7FkKMcPcw++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt
          376  +398znM/jra6O1I7mT1GvFpLgXPYHDw==
          377  +-----END CERTIFICATE-----
          378  +
          379  +Certum Root CA
          380  +==============
          381  +-----BEGIN CERTIFICATE-----
          382  +MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQK
          383  +ExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBDQTAeFw0wMjA2MTExMDQ2Mzla
          384  +Fw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8u
          385  +by4xEjAQBgNVBAMTCUNlcnR1bSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6x
          386  +wS7TT3zNJc4YPk/EjG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdL
          387  +kKWoePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GIULdtlkIJ
          388  +89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapuOb7kky/ZR6By6/qmW6/K
          389  +Uz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUgAKpoC6EahQGcxEZjgoi2IrHu/qpGWX7P
          390  +NSzVttpd90gzFFS269lvzs2I1qsb2pY7HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkq
          391  +hkiG9w0BAQUFAAOCAQEAuI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+
          392  +GXYkHAQaTOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTgxSvg
          393  +GrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1qCjqTE5s7FCMTY5w/
          394  +0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5xO/fIR/RpbxXyEV6DHpx8Uq79AtoS
          395  +qFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs6GAqm4VKQPNriiTsBhYscw==
          396  +-----END CERTIFICATE-----
          397  +
          398  +Comodo AAA Services root
          399  +========================
          400  +-----BEGIN CERTIFICATE-----
          401  +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS
          402  +R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg
          403  +TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw
          404  +MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl
          405  +c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
          406  +BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
          407  +ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG
          408  +C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs
          409  +i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW
          410  +Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH
          411  +Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK
          412  +Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f
          413  +BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl
          414  +cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz
          415  +LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm
          416  +7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
          417  +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z
          418  +8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C
          419  +12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
          420  +-----END CERTIFICATE-----
          421  +
          422  +Comodo Secure Services root
          423  +===========================
          424  +-----BEGIN CERTIFICATE-----
          425  +MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS
          426  +R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg
          427  +TGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAw
          428  +MDAwMFoXDTI4MTIzMTIzNTk1OVowfjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFu
          429  +Y2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAi
          430  +BgNVBAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
          431  +ADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPMcm3ye5drswfxdySRXyWP
          432  +9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3SHpR7LZQdqnXXs5jLrLxkU0C8j6ysNstc
          433  +rbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rC
          434  +oznl2yY4rYsK7hljxxwk3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3V
          435  +p6ea5EQz6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNVHQ4E
          436  +FgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
          437  +gYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL1NlY3VyZUNlcnRpZmlj
          438  +YXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRwOi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlm
          439  +aWNhdGVTZXJ2aWNlcy5jcmwwDQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm
          440  +4J4oqF7Tt/Q05qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj
          441  +Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtIgKvcnDe4IRRL
          442  +DXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJaD61JlfutuC23bkpgHl9j6Pw
          443  +pCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDlizeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1H
          444  +RR3B7Hzs/Sk=
          445  +-----END CERTIFICATE-----
          446  +
          447  +Comodo Trusted Services root
          448  +============================
          449  +-----BEGIN CERTIFICATE-----
          450  +MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS
          451  +R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg
          452  +TGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEw
          453  +MDAwMDBaFw0yODEyMzEyMzU5NTlaMH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1h
          454  +bmNoZXN0ZXIxEDAOBgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUw
          455  +IwYDVQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0BAQEFAAOC
          456  +AQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWWfnJSoBVC21ndZHoa0Lh7
          457  +3TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMtTGo87IvDktJTdyR0nAducPy9C1t2ul/y
          458  +/9c3S0pgePfw+spwtOpZqqPOSC+pw7ILfhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6
          459  +juljatEPmsbS9Is6FARW1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsS
          460  +ivnkBbA7kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0GA1Ud
          461  +DgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
          462  +/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21vZG9jYS5jb20vVHJ1c3RlZENlcnRp
          463  +ZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRodHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENl
          464  +cnRpZmljYXRlU2VydmljZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8Ntw
          465  +uleGFTQQuS9/HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32
          466  +pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxISjBc/lDb+XbDA
          467  +BHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+xqFx7D+gIIxmOom0jtTYsU0l
          468  +R+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/AtyjcndBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O
          469  +9y5Xt5hwXsjEeLBi
          470  +-----END CERTIFICATE-----
          471  +
          472  +QuoVadis Root CA
          473  +================
          474  +-----BEGIN CERTIFICATE-----
          475  +MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJCTTEZMBcGA1UE
          476  +ChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
          477  +eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAz
          478  +MTkxODMzMzNaFw0yMTAzMTcxODMzMzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp
          479  +cyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQD
          480  +EyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF
          481  +AAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMuk
          482  +J0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj182d6UajtL
          483  +F8HVj71lODqV0D1VNk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeL
          484  +YzcS19Dsw3sgQUSj7cugF+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWen
          485  +AScOospUxbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4w
          486  +PQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFkaXNvZmZzaG9y
          487  +ZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREwggENMIIBCQYJKwYBBAG+WAABMIH7
          488  +MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmlj
          489  +YXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJs
          490  +ZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh
          491  +Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYIKwYBBQUHAgEW
          492  +Fmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3TKbkGGew5Oanwl4Rqy+/fMIGu
          493  +BgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkw
          494  +FwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0
          495  +aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6
          496  +tlCLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lo
          497  +fFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10buYWnuul
          498  +LsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1RcHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2x
          499  +gI4JVrmcGmD+XcHXetwReNDWXcG31a0ymQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi
          500  +5upZIof4l/UO/erMkqQWxFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi
          501  +5nrQNiOKSnQ2+Q==
          502  +-----END CERTIFICATE-----
          503  +
          504  +QuoVadis Root CA 2
          505  +==================
          506  +-----BEGIN CERTIFICATE-----
          507  +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT
          508  +EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx
          509  +ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
          510  +aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC
          511  +DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6
          512  +XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk
          513  +lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB
          514  +lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy
          515  +lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt
          516  +66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn
          517  +wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh
          518  +D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy
          519  +BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie
          520  +J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud
          521  +DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU
          522  +a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT
          523  +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv
          524  +Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3
          525  +UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm
          526  +VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK
          527  ++JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW
          528  +IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1
          529  +WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X
          530  +f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II
          531  +4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8
          532  +VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
          533  +-----END CERTIFICATE-----
          534  +
          535  +QuoVadis Root CA 3
          536  +==================
          537  +-----BEGIN CERTIFICATE-----
          538  +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT
          539  +EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx
          540  +OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
          541  +aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
          542  +DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg
          543  +DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij
          544  +KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K
          545  +DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv
          546  +BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp
          547  +p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8
          548  +nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX
          549  +MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM
          550  +Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz
          551  +uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT
          552  +BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj
          553  +YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0
          554  +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB
          555  +BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD
          556  +VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4
          557  +ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE
          558  +AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV
          559  +qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s
          560  +hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z
          561  +POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2
          562  +Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp
          563  +8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC
          564  +bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu
          565  +g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p
          566  +vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr
          567  +qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto=
          568  +-----END CERTIFICATE-----
          569  +
          570  +Security Communication Root CA
          571  +==============================
          572  +-----BEGIN CERTIFICATE-----
          573  +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP
          574  +U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw
          575  +HhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP
          576  +U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw
          577  +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw
          578  +8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uM
          579  +DPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX
          580  +5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819uZKAnDfd
          581  +DJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2
          582  +JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYw
          583  +DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g
          584  +0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94nK9NrvjVT8+a
          585  +mCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5Bw+SUEmK3TGXX8npN6o7WWWXlDLJ
          586  +s58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ
          587  +6rBK+1YWc26sTfcioU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi
          588  +FL39vmwLAw==
          589  +-----END CERTIFICATE-----
          590  +
          591  +Sonera Class 2 Root CA
          592  +======================
          593  +-----BEGIN CERTIFICATE-----
          594  +MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEPMA0GA1UEChMG
          595  +U29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAxMDQwNjA3Mjk0MFoXDTIxMDQw
          596  +NjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJh
          597  +IENsYXNzMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3
          598  +/Ei9vX+ALTU74W+oZ6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybT
          599  +dXnt5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s3TmVToMG
          600  +f+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2EjvOr7nQKV0ba5cTppCD8P
          601  +tOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu8nYybieDwnPz3BjotJPqdURrBGAgcVeH
          602  +nfO+oJAjPYok4doh28MCAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITT
          603  +XjwwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt
          604  +0jSv9zilzqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/3DEI
          605  +cbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvDFNr450kkkdAdavph
          606  +Oe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6Tk6ezAyNlNzZRZxe7EJQY670XcSx
          607  +EtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLH
          608  +llpwrN9M
          609  +-----END CERTIFICATE-----
          610  +
          611  +UTN USERFirst Hardware Root CA
          612  +==============================
          613  +-----BEGIN CERTIFICATE-----
          614  +MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UE
          615  +BhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhl
          616  +IFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAd
          617  +BgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgx
          618  +OTIyWjCBlzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0
          619  +eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVz
          620  +ZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdhcmUwggEiMA0GCSqGSIb3
          621  +DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlI
          622  +wrthdBKWHTxqctU8EGc6Oe0rE81m65UJM6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFd
          623  +tqdt++BxF2uiiPsA3/4aMXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8
          624  +i4fDidNdoI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqIDsjf
          625  +Pe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9KsyoUhbAgMBAAGjgbkw
          626  +gbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKFyXyYbKJhDlV0HN9WF
          627  +lp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNF
          628  +UkZpcnN0LUhhcmR3YXJlLmNybDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUF
          629  +BwMGBggrBgEFBQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM
          630  +//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28GpgoiskliCE7/yMgUsogW
          631  +XecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gECJChicsZUN/KHAG8HQQZexB2
          632  +lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kn
          633  +iCrVWFCVH/A7HFe7fRQ5YiuayZSSKqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67
          634  +nfhmqA==
          635  +-----END CERTIFICATE-----
          636  +
          637  +Camerfirma Chambers of Commerce Root
          638  +====================================
          639  +-----BEGIN CERTIFICATE-----
          640  +MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe
          641  +QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i
          642  +ZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAx
          643  +NjEzNDNaFw0zNzA5MzAxNjEzNDRaMH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZp
          644  +cm1hIFNBIENJRiBBODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3Jn
          645  +MSIwIAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0BAQEFAAOC
          646  +AQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtbunXF/KGIJPov7coISjlU
          647  +xFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0dBmpAPrMMhe5cG3nCYsS4No41XQEMIwRH
          648  +NaqbYE6gZj3LJgqcQKH0XZi/caulAGgq7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jW
          649  +DA+wWFjbw2Y3npuRVDM30pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFV
          650  +d9oKDMyXroDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIGA1Ud
          651  +EwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5jaGFtYmVyc2lnbi5v
          652  +cmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p26EpW1eLTXYGduHRooowDgYDVR0P
          653  +AQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hh
          654  +bWJlcnNpZ24ub3JnMCcGA1UdEgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYD
          655  +VR0gBFEwTzBNBgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz
          656  +aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEBAAxBl8IahsAi
          657  +fJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZdp0AJPaxJRUXcLo0waLIJuvvD
          658  +L8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wN
          659  +UPf6s+xCX6ndbcj0dc97wXImsQEcXCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/n
          660  +ADydb47kMgkdTXg0eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1
          661  +erfutGWaIZDgqtCYvDi1czyL+Nw=
          662  +-----END CERTIFICATE-----
          663  +
          664  +Camerfirma Global Chambersign Root
          665  +==================================
          666  +-----BEGIN CERTIFICATE-----
          667  +MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe
          668  +QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i
          669  +ZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYx
          670  +NDE4WhcNMzcwOTMwMTYxNDE4WjB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJt
          671  +YSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEg
          672  +MB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAw
          673  +ggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0Mi+ITaFgCPS3CU6gSS9J
          674  +1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/sQJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8O
          675  +by4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpVeAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl
          676  +6DJWk0aJqCWKZQbua795B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c
          677  +8lCrEqWhz0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0TAQH/
          678  +BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1iZXJzaWduLm9yZy9j
          679  +aGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4wTcbOX60Qq+UDpfqpFDAOBgNVHQ8B
          680  +Af8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBj
          681  +aGFtYmVyc2lnbi5vcmcwKgYDVR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9y
          682  +ZzBbBgNVHSAEVDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh
          683  +bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0BAQUFAAOCAQEA
          684  +PDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUMbKGKfKX0j//U2K0X1S0E0T9Y
          685  +gOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXiryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJ
          686  +PJ7oKXqJ1/6v/2j1pReQvayZzKWGVwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4
          687  +IBHNfTIzSJRUTN3cecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREes
          688  +t2d/AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A==
          689  +-----END CERTIFICATE-----
          690  +
          691  +XRamp Global CA Root
          692  +====================
          693  +-----BEGIN CERTIFICATE-----
          694  +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE
          695  +BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj
          696  +dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
          697  +dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx
          698  +HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg
          699  +U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
          700  +dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu
          701  +IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx
          702  +foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE
          703  +zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs
          704  +AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry
          705  +xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
          706  +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap
          707  +oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC
          708  +AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc
          709  +/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
          710  +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n
          711  +nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz
          712  +8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw=
          713  +-----END CERTIFICATE-----
          714  +
          715  +Go Daddy Class 2 CA
          716  +===================
          717  +-----BEGIN CERTIFICATE-----
          718  +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY
          719  +VGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRp
          720  +ZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkG
          721  +A1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
          722  +RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQAD
          723  +ggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv
          724  +2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32
          725  +qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6j
          726  +YGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmY
          727  +vLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0O
          728  +BBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2o
          729  +atTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMu
          730  +MTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG
          731  +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wim
          732  +PQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt
          733  +I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
          734  +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VI
          735  +Ls9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b
          736  +vZ8=
          737  +-----END CERTIFICATE-----
          738  +
          739  +Starfield Class 2 CA
          740  +====================
          741  +-----BEGIN CERTIFICATE-----
          742  +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc
          743  +U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg
          744  +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo
          745  +MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG
          746  +A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG
          747  +SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY
          748  +bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ
          749  +JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm
          750  +epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN
          751  +F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF
          752  +MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f
          753  +hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo
          754  +bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g
          755  +QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs
          756  +afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM
          757  +PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
          758  +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD
          759  +KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3
          760  +QBFGmh95DmK/D5fs4C8fF5Q=
          761  +-----END CERTIFICATE-----
          762  +
          763  +StartCom Certification Authority
          764  +================================
          765  +-----BEGIN CERTIFICATE-----
          766  +MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN
          767  +U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu
          768  +ZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0
          769  +NjM2WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
          770  +LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMg
          771  +U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
          772  +ggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1y
          773  +o4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/
          774  +Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/d
          775  +eMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt
          776  +2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z
          777  +6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJ
          778  +osmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/
          779  +untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVc
          780  +UjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT
          781  +37uMdBNSSwIDAQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE
          782  +FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0
          783  +Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0Y29tLm9yZy9zZnNj
          784  +YS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFMBgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUH
          785  +AgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRw
          786  +Oi8vY2VydC5zdGFydGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYg
          787  +U3RhcnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlhYmlsaXR5
          788  +LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENl
          789  +cnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFibGUgYXQgaHR0cDovL2NlcnQuc3Rh
          790  +cnRjb20ub3JnL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilT
          791  +dGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC
          792  +AgEAFmyZ9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8jhvh
          793  +3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUWFjgKXlf2Ysd6AgXm
          794  +vB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJzewT4F+irsfMuXGRuczE6Eri8sxHk
          795  +fY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3
          796  +fsNrarnDy0RLrHiQi+fHLB5LEUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZ
          797  +EoalHmdkrQYuL6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq
          798  +yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuCO3NJo2pXh5Tl
          799  +1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6Vum0ABj6y6koQOdjQK/W/7HW/
          800  +lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkyShNOsF/5oirpt9P/FlUQqmMGqz9IgcgA38coro
          801  +g14=
          802  +-----END CERTIFICATE-----
          803  +
          804  +Taiwan GRCA
          805  +===========
          806  +-----BEGIN CERTIFICATE-----
          807  +MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQG
          808  +EwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
          809  +DTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1owPzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dv
          810  +dmVybm1lbnQgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQAD
          811  +ggIPADCCAgoCggIBAJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qN
          812  +w8XRIePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1qgQdW8or5
          813  +BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKyyhwOeYHWtXBiCAEuTk8O
          814  +1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAtsF/tnyMKtsc2AtJfcdgEWFelq16TheEfO
          815  +htX7MfP6Mb40qij7cEwdScevLJ1tZqa2jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wov
          816  +J5pGfaENda1UhhXcSTvxls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7
          817  +Q3hub/FCVGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHKYS1t
          818  +B6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoHEgKXTiCQ8P8NHuJB
          819  +O9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThNXo+EHWbNxWCWtFJaBYmOlXqYwZE8
          820  +lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1UdDgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNV
          821  +HRMEBTADAQH/MDkGBGcqBwAEMTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg2
          822  +09yewDL7MTqKUWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ
          823  +TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyfqzvS/3WXy6Tj
          824  +Zwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaKZEk9GhiHkASfQlK3T8v+R0F2
          825  +Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFEJPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlU
          826  +D7gsL0u8qV1bYH+Mh6XgUmMqvtg7hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6Qz
          827  +DxARvBMB1uUO07+1EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+Hbk
          828  +Z6MmnD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WXudpVBrkk
          829  +7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44VbnzssQwmSNOXfJIoRIM3BKQ
          830  +CZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDeLMDDav7v3Aun+kbfYNucpllQdSNpc5Oy
          831  ++fwC00fmcc4QAu4njIT/rEUNE1yDMuAlpYYsfPQS
          832  +-----END CERTIFICATE-----
          833  +
          834  +Swisscom Root CA 1
          835  +==================
          836  +-----BEGIN CERTIFICATE-----
          837  +MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQG
          838  +EwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy
          839  +dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4
          840  +MTgyMjA2MjBaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGln
          841  +aXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIIC
          842  +IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9m2BtRsiM
          843  +MW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdihFvkcxC7mlSpnzNApbjyF
          844  +NDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/TilftKaNXXsLmREDA/7n29uj/x2lzZAe
          845  +AR81sH8A25Bvxn570e56eqeqDFdvpG3FEzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkC
          846  +b6dJtDZd0KTeByy2dbcokdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn
          847  +7uHbHaBuHYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNFvJbN
          848  +cA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo19AOeCMgkckkKmUp
          849  +WyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjCL3UcPX7ape8eYIVpQtPM+GP+HkM5
          850  +haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJWbjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNY
          851  +MUJDLXT5xp6mig/p/r+D5kNXJLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYw
          852  +HQYDVR0hBBYwFDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j
          853  +BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzcK6FptWfUjNP9
          854  +MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzfky9NfEBWMXrrpA9gzXrzvsMn
          855  +jgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7IkVh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQ
          856  +MbFamIp1TpBcahQq4FJHgmDmHtqBsfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4H
          857  +VtA4oJVwIHaM190e3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtl
          858  +vrsRls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ipmXeascCl
          859  +OS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HHb6D0jqTsNFFbjCYDcKF3
          860  +1QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksfrK/7DZBaZmBwXarNeNQk7shBoJMBkpxq
          861  +nvy5JMWzFYJ+vq6VK+uxwNrjAWALXmmshFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCy
          862  +x/yP2FS1k2Kdzs9Z+z0YzirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMW
          863  +NY6E0F/6MBr1mmz0DlP5OlvRHA==
          864  +-----END CERTIFICATE-----
          865  +
          866  +DigiCert Assured ID Root CA
          867  +===========================
          868  +-----BEGIN CERTIFICATE-----
          869  +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG
          870  +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw
          871  +IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx
          872  +MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL
          873  +ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew
          874  +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO
          875  +9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy
          876  +UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW
          877  +/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy
          878  +oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf
          879  +GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF
          880  +66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq
          881  +hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc
          882  +EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn
          883  +SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i
          884  +8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
          885  ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
          886  +-----END CERTIFICATE-----
          887  +
          888  +DigiCert Global Root CA
          889  +=======================
          890  +-----BEGIN CERTIFICATE-----
          891  +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG
          892  +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw
          893  +HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw
          894  +MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3
          895  +dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq
          896  +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn
          897  +TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5
          898  +BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H
          899  +4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y
          900  +7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB
          901  +o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm
          902  +8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF
          903  +BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr
          904  +EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt
          905  +tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886
          906  +UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
          907  +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
          908  +-----END CERTIFICATE-----
          909  +
          910  +DigiCert High Assurance EV Root CA
          911  +==================================
          912  +-----BEGIN CERTIFICATE-----
          913  +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG
          914  +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw
          915  +KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw
          916  +MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
          917  +MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu
          918  +Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t
          919  +Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS
          920  +OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3
          921  +MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ
          922  +NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe
          923  +h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB
          924  +Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY
          925  +JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ
          926  +V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp
          927  +myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK
          928  +mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
          929  +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K
          930  +-----END CERTIFICATE-----
          931  +
          932  +Certplus Class 2 Primary CA
          933  +===========================
          934  +-----BEGIN CERTIFICATE-----
          935  +MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAwPTELMAkGA1UE
          936  +BhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFzcyAyIFByaW1hcnkgQ0EwHhcN
          937  +OTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2Vy
          938  +dHBsdXMxGzAZBgNVBAMTEkNsYXNzIDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
          939  +ADCCAQoCggEBANxQltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR
          940  +5aiRVhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyLkcAbmXuZ
          941  +Vg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCdEgETjdyAYveVqUSISnFO
          942  +YFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yasH7WLO7dDWWuwJKZtkIvEcupdM5i3y95e
          943  +e++U8Rs+yskhwcWYAqqi9lt3m/V+llU0HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRME
          944  +CDAGAQH/AgEKMAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJ
          945  +YIZIAYb4QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMuY29t
          946  +L0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/AN9WM2K191EBkOvD
          947  +P9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8yfFC82x/xXp8HVGIutIKPidd3i1R
          948  +TtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMRFcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+
          949  +7UCmnYR0ObncHoUW2ikbhiMAybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW
          950  +//1IMwrh3KWBkJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7
          951  +l7+ijrRU
          952  +-----END CERTIFICATE-----
          953  +
          954  +DST Root CA X3
          955  +==============
          956  +-----BEGIN CERTIFICATE-----
          957  +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK
          958  +ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X
          959  +DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1
          960  +cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD
          961  +ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT
          962  +rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9
          963  +UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy
          964  +xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d
          965  +utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T
          966  +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ
          967  +MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug
          968  +dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE
          969  +GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw
          970  +RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS
          971  +fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
          972  +-----END CERTIFICATE-----
          973  +
          974  +DST ACES CA X6
          975  +==============
          976  +-----BEGIN CERTIFICATE-----
          977  +MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQG
          978  +EwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QxETAPBgNVBAsTCERTVCBBQ0VT
          979  +MRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0wMzExMjAyMTE5NThaFw0xNzExMjAyMTE5NTha
          980  +MFsxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UE
          981  +CxMIRFNUIEFDRVMxFzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOC
          982  +AQ8AMIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPuktKe1jzI
          983  +DZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7gLFViYsx+tC3dr5BPTCa
          984  +pCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZHfAjIgrrep4c9oW24MFbCswKBXy314pow
          985  +GCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4aahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPy
          986  +MjwmR/onJALJfh1biEITajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1Ud
          987  +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rkc3Qu
          988  +Y29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjtodHRwOi8vd3d3LnRy
          989  +dXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMtaW5kZXguaHRtbDAdBgNVHQ4EFgQU
          990  +CXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZIhvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V2
          991  +5FYrnJmQ6AgwbN99Pe7lv7UkQIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6t
          992  +Fr8hlxCBPeP/h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq
          993  +nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpRrscL9yuwNwXs
          994  +vFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf29w4LTJxoeHtxMcfrHuBnQfO3
          995  +oKfN5XozNmr6mis=
          996  +-----END CERTIFICATE-----
          997  +
          998  +SwissSign Gold CA - G2
          999  +======================
         1000  +-----BEGIN CERTIFICATE-----
         1001  +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw
         1002  +EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN
         1003  +MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp
         1004  +c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B
         1005  +AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq
         1006  +t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C
         1007  +jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg
         1008  +vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF
         1009  +ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR
         1010  +AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend
         1011  +jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO
         1012  +peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR
         1013  +7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi
         1014  +GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw
         1015  +AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64
         1016  +OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov
         1017  +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm
         1018  +5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr
         1019  +44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf
         1020  +Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m
         1021  +Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp
         1022  +mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk
         1023  +vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf
         1024  +KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br
         1025  +NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj
         1026  +viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
         1027  +-----END CERTIFICATE-----
         1028  +
         1029  +SwissSign Silver CA - G2
         1030  +========================
         1031  +-----BEGIN CERTIFICATE-----
         1032  +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCQ0gxFTAT
         1033  +BgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMB4X
         1034  +DTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3
         1035  +aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG
         1036  +9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644
         1037  +N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm
         1038  ++/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH
         1039  +6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2kUpCe2Uu
         1040  +MGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5h
         1041  +qAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5
         1042  +FZGkECwJMoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBs
         1043  +ROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFusB3hB48IHpmc
         1044  +celM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb65i/4z3GcRm25xBWNOHkDRUjvxF3X
         1045  +CO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
         1046  +BAUwAwEB/zAdBgNVHQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB
         1047  +tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
         1048  +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAHPGgeAn0i0P
         1049  +4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39F
         1050  +kWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L
         1051  +3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx
         1052  +/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFa
         1053  +DGi8aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqP
         1054  +e97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNVV4n+Ssuu
         1055  +WxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJ
         1056  +DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub
         1057  +DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
         1058  +-----END CERTIFICATE-----
         1059  +
         1060  +GeoTrust Primary Certification Authority
         1061  +========================================
         1062  +-----BEGIN CERTIFICATE-----
         1063  +MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQG
         1064  +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMoR2VvVHJ1c3QgUHJpbWFyeSBD
         1065  +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgx
         1066  +CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQ
         1067  +cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
         1068  +CgKCAQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9AWbK7hWN
         1069  +b6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjAZIVcFU2Ix7e64HXprQU9
         1070  +nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE07e9GceBrAqg1cmuXm2bgyxx5X9gaBGge
         1071  +RwLmnWDiNpcB3841kt++Z8dtd1k7j53WkBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGt
         1072  +tm/81w7a4DSwDRp35+MImO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
         1073  +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJKoZI
         1074  +hvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ16CePbJC/kRYkRj5K
         1075  +Ts4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl4b7UVXGYNTq+k+qurUKykG/g/CFN
         1076  +NWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6KoKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHa
         1077  +Floxt/m0cYASSJlyc1pZU8FjUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG
         1078  +1riR/aYNKxoUAT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
         1079  +-----END CERTIFICATE-----
         1080  +
         1081  +thawte Primary Root CA
         1082  +======================
         1083  +-----BEGIN CERTIFICATE-----
         1084  +MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UE
         1085  +BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
         1086  +aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv
         1087  +cml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3
         1088  +MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwg
         1089  +SW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMv
         1090  +KGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMT
         1091  +FnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs
         1092  +oPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ
         1093  +1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGc
         1094  +q/gcfomk6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/K
         1095  +aAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR32HuHUETVPm4p
         1096  +afs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD
         1097  +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUF
         1098  +AAOCAQEAeRHAS7ORtvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE
         1099  +uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
         1100  +xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2/qxAeeWsEG89
         1101  +jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVH
         1102  +z7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==
         1103  +-----END CERTIFICATE-----
         1104  +
         1105  +VeriSign Class 3 Public Primary Certification Authority - G5
         1106  +============================================================
         1107  +-----BEGIN CERTIFICATE-----
         1108  +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
         1109  +BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
         1110  +ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
         1111  +IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRp
         1112  +ZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCB
         1113  +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
         1114  +biBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBh
         1115  +dXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmlt
         1116  +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
         1117  +ggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKz
         1118  +j/i5Vbext0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhD
         1119  +Y2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/
         1120  +Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNHiDxpg8v+R70r
         1121  +fk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/
         1122  +BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv
         1123  +Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
         1124  +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG
         1125  +SIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzEp6B4Eq1iDkVwZMXnl2YtmAl+
         1126  +X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKE
         1127  +KQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiC
         1128  +Km0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vE
         1129  +ZV8NhnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
         1130  +-----END CERTIFICATE-----
         1131  +
         1132  +SecureTrust CA
         1133  +==============
         1134  +-----BEGIN CERTIFICATE-----
         1135  +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG
         1136  +EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy
         1137  +dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe
         1138  +BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC
         1139  +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX
         1140  +OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t
         1141  +DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH
         1142  +GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b
         1143  +01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH
         1144  +ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/
         1145  +BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj
         1146  +aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ
         1147  +KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu
         1148  +SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf
         1149  +mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ
         1150  +nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
         1151  +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=
         1152  +-----END CERTIFICATE-----
         1153  +
         1154  +Secure Global CA
         1155  +================
         1156  +-----BEGIN CERTIFICATE-----
         1157  +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG
         1158  +EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH
         1159  +bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg
         1160  +MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg
         1161  +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx
         1162  +YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ
         1163  +bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g
         1164  +8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV
         1165  +HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi
         1166  +0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
         1167  +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn
         1168  +oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA
         1169  +MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+
         1170  +OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn
         1171  +CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5
         1172  +3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
         1173  +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
         1174  +-----END CERTIFICATE-----
         1175  +
         1176  +COMODO Certification Authority
         1177  +==============================
         1178  +-----BEGIN CERTIFICATE-----
         1179  +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE
         1180  +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
         1181  +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1
         1182  +dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb
         1183  +MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD
         1184  +T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
         1185  +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH
         1186  ++7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww
         1187  +xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV
         1188  +4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA
         1189  +1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI
         1190  +rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E
         1191  +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k
         1192  +b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC
         1193  +AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP
         1194  +OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
         1195  +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc
         1196  +IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN
         1197  ++8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ==
         1198  +-----END CERTIFICATE-----
         1199  +
         1200  +Network Solutions Certificate Authority
         1201  +=======================================
         1202  +-----BEGIN CERTIFICATE-----
         1203  +MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQG
         1204  +EwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydOZXR3b3Jr
         1205  +IFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMx
         1206  +MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu
         1207  +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G
         1208  +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwzc7MEL7xx
         1209  +jOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPPOCwGJgl6cvf6UDL4wpPT
         1210  +aaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rlmGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXT
         1211  +crA/vGp97Eh/jcOrqnErU2lBUzS1sLnFBgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc
         1212  +/Qzpf14Dl847ABSHJ3A4qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMB
         1213  +AAGjgZcwgZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIBBjAP
         1214  +BgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwubmV0c29sc3NsLmNv
         1215  +bS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3JpdHkuY3JsMA0GCSqGSIb3DQEBBQUA
         1216  +A4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc86fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q
         1217  +4LqILPxFzBiwmZVRDuwduIj/h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/
         1218  +GGUsyfJj4akH/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv
         1219  +wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHNpGxlaKFJdlxD
         1220  +ydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey
         1221  +-----END CERTIFICATE-----
         1222  +
         1223  +WellsSecure Public Root Certificate Authority
         1224  +=============================================
         1225  +-----BEGIN CERTIFICATE-----
         1226  +MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoM
         1227  +F1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYw
         1228  +NAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcN
         1229  +MDcxMjEzMTcwNzU0WhcNMjIxMjE0MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dl
         1230  +bGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYD
         1231  +VQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G
         1232  +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+rWxxTkqxtnt3CxC5FlAM1
         1233  +iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjUDk/41itMpBb570OYj7OeUt9tkTmPOL13
         1234  +i0Nj67eT/DBMHAGTthP796EfvyXhdDcsHqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8
         1235  +bJVhHlfXBIEyg1J55oNjz7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiB
         1236  +K0HmOFafSZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/SlwxlAgMB
         1237  +AAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwu
         1238  +cGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBQm
         1239  +lRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0jBIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGB
         1240  +i6SBiDCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRww
         1241  +GgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg
         1242  +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEBALkVsUSRzCPI
         1243  +K0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd/ZDJPHV3V3p9+N701NX3leZ0
         1244  +bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pBA4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSlj
         1245  +qHyita04pO2t/caaH/+Xc/77szWnk4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+es
         1246  +E2fDbbFwRnzVlhE9iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJ
         1247  +tylv2G0xffX8oRAHh84vWdw+WNs=
         1248  +-----END CERTIFICATE-----
         1249  +
         1250  +COMODO ECC Certification Authority
         1251  +==================================
         1252  +-----BEGIN CERTIFICATE-----
         1253  +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC
         1254  +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
         1255  +ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB
         1256  +dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix
         1257  +GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
         1258  +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo
         1259  +b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X
         1260  +4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni
         1261  +wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E
         1262  +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG
         1263  +FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA
         1264  +U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
         1265  +-----END CERTIFICATE-----
         1266  +
         1267  +Security Communication EV RootCA1
         1268  +=================================
         1269  +-----BEGIN CERTIFICATE-----
         1270  +MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDElMCMGA1UEChMc
         1271  +U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMhU2VjdXJpdHkgQ29tbXVuaWNh
         1272  +dGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIzMloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UE
         1273  +BhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNl
         1274  +Y3VyaXR5IENvbW11bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
         1275  +AQoCggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSERMqm4miO
         1276  +/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gOzXppFodEtZDkBp2uoQSX
         1277  +WHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4z
         1278  +ZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDFMxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4
         1279  +bepJz11sS6/vmsJWXMY1VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK
         1280  +9U2vP9eCOKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
         1281  +SIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HWtWS3irO4G8za+6xm
         1282  +iEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZq51ihPZRwSzJIxXYKLerJRO1RuGG
         1283  +Av8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDbEJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnW
         1284  +mHyojf6GPgcWkuF75x3sM3Z+Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEW
         1285  +T1MKZPlO9L9OVL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490
         1286  +-----END CERTIFICATE-----
         1287  +
         1288  +OISTE WISeKey Global Root GA CA
         1289  +===============================
         1290  +-----BEGIN CERTIFICATE-----
         1291  +MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UE
         1292  +BhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHlyaWdodCAoYykgMjAwNTEiMCAG
         1293  +A1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBH
         1294  +bG9iYWwgUm9vdCBHQSBDQTAeFw0wNTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYD
         1295  +VQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIw
         1296  +IAYDVQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5
         1297  +IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0+zAJs9
         1298  +Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxRVVuuk+g3/ytr6dTqvirdqFEr12bDYVxg
         1299  +Asj1znJ7O7jyTmUIms2kahnBAbtzptf2w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbD
         1300  +d50kc3vkDIzh2TbhmYsFmQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ
         1301  +/yxViJGg4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t94B3R
         1302  +LoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw
         1303  +AwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ
         1304  +KoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOxSPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vIm
         1305  +MMkQyh2I+3QZH4VFvbBsUfk2ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4
         1306  ++vg1YFkCExh8vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa
         1307  +hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZiFj4A4xylNoEY
         1308  +okxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ/L7fCg0=
         1309  +-----END CERTIFICATE-----
         1310  +
         1311  +Microsec e-Szigno Root CA
         1312  +=========================
         1313  +-----BEGIN CERTIFICATE-----
         1314  +MIIHqDCCBpCgAwIBAgIRAMy4579OKRr9otxmpRwsDxEwDQYJKoZIhvcNAQEFBQAwcjELMAkGA1UE
         1315  +BhMCSFUxETAPBgNVBAcTCEJ1ZGFwZXN0MRYwFAYDVQQKEw1NaWNyb3NlYyBMdGQuMRQwEgYDVQQL
         1316  +EwtlLVN6aWdubyBDQTEiMCAGA1UEAxMZTWljcm9zZWMgZS1Temlnbm8gUm9vdCBDQTAeFw0wNTA0
         1317  +MDYxMjI4NDRaFw0xNzA0MDYxMjI4NDRaMHIxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVz
         1318  +dDEWMBQGA1UEChMNTWljcm9zZWMgTHRkLjEUMBIGA1UECxMLZS1Temlnbm8gQ0ExIjAgBgNVBAMT
         1319  +GU1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
         1320  +AQDtyADVgXvNOABHzNuEwSFpLHSQDCHZU4ftPkNEU6+r+ICbPHiN1I2uuO/TEdyB5s87lozWbxXG
         1321  +d36hL+BfkrYn13aaHUM86tnsL+4582pnS4uCzyL4ZVX+LMsvfUh6PXX5qqAnu3jCBspRwn5mS6/N
         1322  +oqdNAoI/gqyFxuEPkEeZlApxcpMqyabAvjxWTHOSJ/FrtfX9/DAFYJLG65Z+AZHCabEeHXtTRbjc
         1323  +QR/Ji3HWVBTji1R4P770Yjtb9aPs1ZJ04nQw7wHb4dSrmZsqa/i9phyGI0Jf7Enemotb9HI6QMVJ
         1324  +PqW+jqpx62z69Rrkav17fVVA71hu5tnVvCSrwe+3AgMBAAGjggQ3MIIEMzBnBggrBgEFBQcBAQRb
         1325  +MFkwKAYIKwYBBQUHMAGGHGh0dHBzOi8vcmNhLmUtc3ppZ25vLmh1L29jc3AwLQYIKwYBBQUHMAKG
         1326  +IWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNydDAPBgNVHRMBAf8EBTADAQH/MIIBcwYD
         1327  +VR0gBIIBajCCAWYwggFiBgwrBgEEAYGoGAIBAQEwggFQMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3
         1328  +LmUtc3ppZ25vLmh1L1NaU1ovMIIBIgYIKwYBBQUHAgIwggEUHoIBEABBACAAdABhAG4A+gBzAO0A
         1329  +dAB2AOEAbgB5ACAA6QByAHQAZQBsAG0AZQB6AOkAcwDpAGgAZQB6ACAA6QBzACAAZQBsAGYAbwBn
         1330  +AGEAZADhAHMA4QBoAG8AegAgAGEAIABTAHoAbwBsAGcA4QBsAHQAYQB0APMAIABTAHoAbwBsAGcA
         1331  +4QBsAHQAYQB0AOEAcwBpACAAUwB6AGEAYgDhAGwAeQB6AGEAdABhACAAcwB6AGUAcgBpAG4AdAAg
         1332  +AGsAZQBsAGwAIABlAGwAagDhAHIAbgBpADoAIABoAHQAdABwADoALwAvAHcAdwB3AC4AZQAtAHMA
         1333  +egBpAGcAbgBvAC4AaAB1AC8AUwBaAFMAWgAvMIHIBgNVHR8EgcAwgb0wgbqggbeggbSGIWh0dHA6
         1334  +Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNybIaBjmxkYXA6Ly9sZGFwLmUtc3ppZ25vLmh1L0NO
         1335  +PU1pY3Jvc2VjJTIwZS1Temlnbm8lMjBSb290JTIwQ0EsT1U9ZS1Temlnbm8lMjBDQSxPPU1pY3Jv
         1336  +c2VjJTIwTHRkLixMPUJ1ZGFwZXN0LEM9SFU/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5h
         1337  +cnkwDgYDVR0PAQH/BAQDAgEGMIGWBgNVHREEgY4wgYuBEGluZm9AZS1zemlnbm8uaHWkdzB1MSMw
         1338  +IQYDVQQDDBpNaWNyb3NlYyBlLVN6aWduw7MgUm9vdCBDQTEWMBQGA1UECwwNZS1TemlnbsOzIEhT
         1339  +WjEWMBQGA1UEChMNTWljcm9zZWMgS2Z0LjERMA8GA1UEBxMIQnVkYXBlc3QxCzAJBgNVBAYTAkhV
         1340  +MIGsBgNVHSMEgaQwgaGAFMegSXUWYYTbMUuE0vE3QJDvTtz3oXakdDByMQswCQYDVQQGEwJIVTER
         1341  +MA8GA1UEBxMIQnVkYXBlc3QxFjAUBgNVBAoTDU1pY3Jvc2VjIEx0ZC4xFDASBgNVBAsTC2UtU3pp
         1342  +Z25vIENBMSIwIAYDVQQDExlNaWNyb3NlYyBlLVN6aWdubyBSb290IENBghEAzLjnv04pGv2i3Gal
         1343  +HCwPETAdBgNVHQ4EFgQUx6BJdRZhhNsxS4TS8TdAkO9O3PcwDQYJKoZIhvcNAQEFBQADggEBANMT
         1344  +nGZjWS7KXHAM/IO8VbH0jgdsZifOwTsgqRy7RlRw7lrMoHfqaEQn6/Ip3Xep1fvj1KcExJW4C+FE
         1345  +aGAHQzAxQmHl7tnlJNUb3+FKG6qfx1/4ehHqE5MAyopYse7tDk2016g2JnzgOsHVV4Lxdbb9iV/a
         1346  +86g4nzUGCM4ilb7N1fy+W955a9x6qWVmvrElWl/tftOsRm1M9DKHtCAE4Gx4sHfRhUZLphK3dehK
         1347  +yVZs15KrnfVJONJPU+NVkBHbmJbGSfI+9J8b4PeI3CVimUTYc78/MPMMNz7UwiiAc7EBt51alhQB
         1348  +S6kRnSlqLtBdgcDPsiBDxwPgN05dCtxZICU=
         1349  +-----END CERTIFICATE-----
         1350  +
         1351  +Certigna
         1352  +========
         1353  +-----BEGIN CERTIFICATE-----
         1354  +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw
         1355  +EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3
         1356  +MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI
         1357  +Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q
         1358  +XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH
         1359  +GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p
         1360  +ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg
         1361  +DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf
         1362  +Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ
         1363  +tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ
         1364  +BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J
         1365  +SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA
         1366  +hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+
         1367  +ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu
         1368  +PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY
         1369  +1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw
         1370  +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
         1371  +-----END CERTIFICATE-----
         1372  +
         1373  +Deutsche Telekom Root CA 2
         1374  +==========================
         1375  +-----BEGIN CERTIFICATE-----
         1376  +MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEcMBoGA1UEChMT
         1377  +RGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEG
         1378  +A1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENBIDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5
         1379  +MjM1OTAwWjBxMQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0G
         1380  +A1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBS
         1381  +b290IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEUha88EOQ5
         1382  +bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhCQN/Po7qCWWqSG6wcmtoI
         1383  +KyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1MjwrrFDa1sPeg5TKqAyZMg4ISFZbavva4VhY
         1384  +AUlfckE8FQYBjl2tqriTtM2e66foai1SNNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aK
         1385  +Se5TBY8ZTNXeWHmb0mocQqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTV
         1386  +jlsB9WoHtxa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAPBgNV
         1387  +HRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAlGRZrTlk5ynr
         1388  +E/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756AbrsptJh6sTtU6zkXR34ajgv8HzFZMQSy
         1389  +zhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpaIzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8
         1390  +rZ7/gFnkm0W09juwzTkZmDLl6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4G
         1391  +dyd1Lx+4ivn+xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU
         1392  +Cm26OWMohpLzGITY+9HPBVZkVw==
         1393  +-----END CERTIFICATE-----
         1394  +
         1395  +Cybertrust Global Root
         1396  +======================
         1397  +-----BEGIN CERTIFICATE-----
         1398  +MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYGA1UEChMPQ3li
         1399  +ZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBSb290MB4XDTA2MTIxNTA4
         1400  +MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQD
         1401  +ExZDeWJlcnRydXN0IEdsb2JhbCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
         1402  ++Mi8vRRQZhP/8NN57CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW
         1403  +0ozSJ8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2yHLtgwEZL
         1404  +AfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iPt3sMpTjr3kfb1V05/Iin
         1405  +89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNzFtApD0mpSPCzqrdsxacwOUBdrsTiXSZT
         1406  +8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAYXSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAP
         1407  +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2
         1408  +MDSgMqAwhi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3JsMB8G
         1409  +A1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUAA4IBAQBW7wojoFRO
         1410  +lZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMjWqd8BfP9IjsO0QbE2zZMcwSO5bAi
         1411  +5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUxXOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2
         1412  +hO0j9n0Hq0V+09+zv+mKts2oomcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+T
         1413  +X3EJIrduPuocA06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW
         1414  +WL1WMRJOEcgh4LMRkWXbtKaIOM5V
         1415  +-----END CERTIFICATE-----
         1416  +
         1417  +ePKI Root Certification Authority
         1418  +=================================
         1419  +-----BEGIN CERTIFICATE-----
         1420  +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG
         1421  +EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg
         1422  +Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx
         1423  +MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq
         1424  +MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B
         1425  +AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs
         1426  +IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi
         1427  +lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv
         1428  +qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX
         1429  +12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O
         1430  +WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+
         1431  +ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao
         1432  +lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/
         1433  +vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi
         1434  +Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi
         1435  +MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH
         1436  +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0
         1437  +1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq
         1438  +KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV
         1439  +xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP
         1440  +NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r
         1441  +GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE
         1442  +xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx
         1443  +gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy
         1444  +sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD
         1445  +BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw=
         1446  +-----END CERTIFICATE-----
         1447  +
         1448  +T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3
         1449  +=============================================================================================================================
         1450  +-----BEGIN CERTIFICATE-----
         1451  +MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRSMRgwFgYDVQQH
         1452  +DA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJpbGltc2VsIHZlIFRla25vbG9q
         1453  +aWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSwVEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ry
         1454  +b25payB2ZSBLcmlwdG9sb2ppIEFyYcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNV
         1455  +BAsMGkthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUg
         1456  +S8O2ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAeFw0wNzA4
         1457  +MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIxGDAWBgNVBAcMD0dlYnpl
         1458  +IC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmlsaW1zZWwgdmUgVGVrbm9sb2ppayBBcmHF
         1459  +n3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBUQUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZl
         1460  +IEtyaXB0b2xvamkgQXJhxZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2Ft
         1461  +dSBTZXJ0aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7ZrIFNl
         1462  +cnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIBIjANBgkqhkiG9w0B
         1463  +AQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4hgb46ezzb8R1Sf1n68yJMlaCQvEhO
         1464  +Eav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yKO7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1
         1465  +xnnRFDDtG1hba+818qEhTsXOfJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR
         1466  +6Oqeyjh1jmKwlZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL
         1467  +hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQIDAQABo0IwQDAd
         1468  +BgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
         1469  +MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmPNOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4
         1470  +N5EY3ATIZJkrGG2AA1nJrvhY0D7twyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLT
         1471  +y9LQQfMmNkqblWwM7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYh
         1472  +LBOhgLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5noN+J1q2M
         1473  +dqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUsyZyQ2uypQjyttgI=
         1474  +-----END CERTIFICATE-----
         1475  +
         1476  +certSIGN ROOT CA
         1477  +================
         1478  +-----BEGIN CERTIFICATE-----
         1479  +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD
         1480  +VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa
         1481  +Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE
         1482  +CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I
         1483  +JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH
         1484  +rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2
         1485  +ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD
         1486  +0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943
         1487  +AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
         1488  +Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB
         1489  +AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8
         1490  +SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0
         1491  +x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt
         1492  +vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz
         1493  +TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD
         1494  +-----END CERTIFICATE-----
         1495  +
         1496  +CNNIC ROOT
         1497  +==========
         1498  +-----BEGIN CERTIFICATE-----
         1499  +MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJDTjEOMAwGA1UE
         1500  +ChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2MDcwOTE0WhcNMjcwNDE2MDcw
         1501  +OTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1Qw
         1502  +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzD
         1503  +o+/hn7E7SIX1mlwhIhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tiz
         1504  +VHa6dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZOV/kbZKKT
         1505  +VrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrCGHn2emU1z5DrvTOTn1Or
         1506  +czvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gNv7Sg2Ca+I19zN38m5pIEo3/PIKe38zrK
         1507  +y5nLAgMBAAGjczBxMBEGCWCGSAGG+EIBAQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscC
         1508  +wQ7vptU7ETAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991S
         1509  +lgrHAsEO76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnKOOK5
         1510  +Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvHugDnuL8BV8F3RTIM
         1511  +O/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7HgviyJA/qIYM/PmLXoXLT1tLYhFHxUV8
         1512  +BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fLbuXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2
         1513  +G8kS1sHNzYDzAgE8yGnLRUhj2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5m
         1514  +mxE=
         1515  +-----END CERTIFICATE-----
         1516  +
         1517  +ApplicationCA - Japanese Government
         1518  +===================================
         1519  +-----BEGIN CERTIFICATE-----
         1520  +MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJKUDEcMBoGA1UEChMT
         1521  +SmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBwbGljYXRpb25DQTAeFw0wNzEyMTIxNTAw
         1522  +MDBaFw0xNzEyMTIxNTAwMDBaMEMxCzAJBgNVBAYTAkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zl
         1523  +cm5tZW50MRYwFAYDVQQLEw1BcHBsaWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
         1524  +CgKCAQEAp23gdE6Hj6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdhjYq+xpqcBrSGUeQ3DnR4
         1525  +fl+Kf5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWuREhzNgaeZCw7NCPbXCbkcXmP1G55IrmTwcrN
         1526  +wVbtiGrXoDkhBFcsovW8R0FPXjQilbUfKW1eSvNNcr5BViCH/OlQR9cwFO5cjFW6WY2H/CPek9AE
         1527  +jP3vbb3QesmlOmpyM8ZKDQUXKi17safY1vC+9D/qDihtQWEjdnjDuGWk81quzMKq2edY3rZ+nYVu
         1528  +nyoKb58DKTCXKB28t89UKU5RMfkntigm/qJj5kEW8DOYRwIDAQABo4GeMIGbMB0GA1UdDgQWBBRU
         1529  +WssmP3HMlEYNllPqa0jQk/5CdTAOBgNVHQ8BAf8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNV
         1530  +BAYTAkpQMRgwFgYDVQQKDA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOCseOD
         1531  +vOOCt+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADlqRHZ3ODrs
         1532  +o2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJhyzjVOGjprIIC8CFqMjSnHH2HZ9g
         1533  +/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2VdMV+eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYD
         1534  +io+nEhEMy/0/ecGc/WLuo89UDNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmW
         1535  +dupwX3kSa+SjB1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhfAx2o45CsJOAPQKdL
         1536  +rosot4LKGAfmt1t06SAZf7IbiVQ=
         1537  +-----END CERTIFICATE-----
         1538  +
         1539  +GeoTrust Primary Certification Authority - G3
         1540  +=============================================
         1541  +-----BEGIN CERTIFICATE-----
         1542  +MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UE
         1543  +BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA4IEdlb1RydXN0
         1544  +IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFy
         1545  +eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIz
         1546  +NTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAo
         1547  +YykgMjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT
         1548  +LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI
         1549  +hvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5j
         1550  +K/BGvESyiaHAKAxJcCGVn2TAppMSAmUmhsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdE
         1551  +c5IiaacDiGydY8hS2pgn5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3C
         1552  +IShwiP/WJmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exALDmKu
         1553  +dlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZChuOl1UcCAwEAAaNC
         1554  +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMR5yo6hTgMdHNxr
         1555  +2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IBAQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9
         1556  +cr5HqQ6XErhK8WTTOd8lNNTBzU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbE
         1557  +Ap7aDHdlDkQNkv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
         1558  +AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUHSJsMC8tJP33s
         1559  +t/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2Gspki4cErx5z481+oghLrGREt
         1560  +-----END CERTIFICATE-----
         1561  +
         1562  +thawte Primary Root CA - G2
         1563  +===========================
         1564  +-----BEGIN CERTIFICATE-----
         1565  +MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDELMAkGA1UEBhMC
         1566  +VVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMpIDIwMDcgdGhhd3RlLCBJbmMu
         1567  +IC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3Qg
         1568  +Q0EgLSBHMjAeFw0wNzExMDUwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEV
         1569  +MBMGA1UEChMMdGhhd3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBG
         1570  +b3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAt
         1571  +IEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/BebfowJPDQfGAFG6DAJS
         1572  +LSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6papu+7qzcMBniKI11KOasf2twu8x+qi5
         1573  +8/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU
         1574  +mtgAMADna3+FGO6Lts6KDPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUN
         1575  +G4k8VIZ3KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41oxXZ3K
         1576  +rr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg==
         1577  +-----END CERTIFICATE-----
         1578  +
         1579  +thawte Primary Root CA - G3
         1580  +===========================
         1581  +-----BEGIN CERTIFICATE-----
         1582  +MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UE
         1583  +BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
         1584  +aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv
         1585  +cml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0w
         1586  +ODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh
         1587  +d3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYD
         1588  +VQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIG
         1589  +A1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
         1590  +MIIBCgKCAQEAsr8nLPvb2FvdeHsbnndmgcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2At
         1591  +P0LMqmsywCPLLEHd5N/8YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC
         1592  ++BsUa0Lfb1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS99irY
         1593  +7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2SzhkGcuYMXDhpxwTW
         1594  +vGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUkOQIDAQABo0IwQDAPBgNVHRMBAf8E
         1595  +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJ
         1596  +KoZIhvcNAQELBQADggEBABpA2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweK
         1597  +A3rD6z8KLFIWoCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu
         1598  +t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7cKUGRIjxpp7sC
         1599  +8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fMm7v/OeZWYdMKp8RcTGB7BXcm
         1600  +er/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZuMdRAGmI0Nj81Aa6sY6A=
         1601  +-----END CERTIFICATE-----
         1602  +
         1603  +GeoTrust Primary Certification Authority - G2
         1604  +=============================================
         1605  +-----BEGIN CERTIFICATE-----
         1606  +MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMC
         1607  +VVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IElu
         1608  +Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBD
         1609  +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1
         1610  +OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
         1611  +MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdl
         1612  +b1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqGSM49AgEG
         1613  +BSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8lL33KSLjHUGMc
         1614  +KiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYD
         1615  +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+
         1616  +EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGTqQ7m
         1617  +ndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBuczrD6ogRLQy7rQkgu2
         1618  +npaqBA+K
         1619  +-----END CERTIFICATE-----
         1620  +
         1621  +VeriSign Universal Root Certification Authority
         1622  +===============================================
         1623  +-----BEGIN CERTIFICATE-----
         1624  +MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCBvTELMAkGA1UE
         1625  +BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
         1626  +ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
         1627  +IHVzZSBvbmx5MTgwNgYDVQQDEy9WZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9u
         1628  +IEF1dGhvcml0eTAeFw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJV
         1629  +UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
         1630  +cmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
         1631  +IG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0
         1632  +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj
         1633  +1mCOkdeQmIN65lgZOIzF9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGP
         1634  +MiJhgsWHH26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+HLL72
         1635  +9fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN/BMReYTtXlT2NJ8I
         1636  +AfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPTrJ9VAMf2CGqUuV/c4DPxhGD5WycR
         1637  +tPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0G
         1638  +CCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2O
         1639  +a8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud
         1640  +DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4sAPmLGd75JR3
         1641  +Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+seQxIcaBlVZaDrHC1LGmWazx
         1642  +Y8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTx
         1643  +P/jgdFcrGJ2BtMQo2pSXpXDrrB2+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+P
         1644  +wGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4
         1645  +mJO37M2CYfE45k+XmCpajQ==
         1646  +-----END CERTIFICATE-----
         1647  +
         1648  +VeriSign Class 3 Public Primary Certification Authority - G4
         1649  +============================================================
         1650  +-----BEGIN CERTIFICATE-----
         1651  +MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjELMAkGA1UEBhMC
         1652  +VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3
         1653  +b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVz
         1654  +ZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
         1655  +YXRpb24gQXV0aG9yaXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjEL
         1656  +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU
         1657  +cnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRo
         1658  +b3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5
         1659  +IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8
         1660  +Utpkmw4tXNherJI9/gHmGUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGz
         1661  +rl0Bp3vefLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUwAwEB
         1662  +/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEw
         1663  +HzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24u
         1664  +Y29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMD
         1665  +A2gAMGUCMGYhDBgmYFo4e1ZC4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIx
         1666  +AJw9SDkjOVgaFRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==
         1667  +-----END CERTIFICATE-----
         1668  +
         1669  +NetLock Arany (Class Gold) Főtanúsítvány
         1670  +========================================
         1671  +-----BEGIN CERTIFICATE-----
         1672  +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G
         1673  +A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610
         1674  +dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB
         1675  +cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx
         1676  +MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO
         1677  +ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv
         1678  +biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6
         1679  +c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu
         1680  +0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw
         1681  +/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk
         1682  +H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw
         1683  +fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1
         1684  +neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB
         1685  +BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW
         1686  +qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta
         1687  +YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC
         1688  +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna
         1689  +NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu
         1690  +dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
         1691  +-----END CERTIFICATE-----
         1692  +
         1693  +Staat der Nederlanden Root CA - G2
         1694  +==================================
         1695  +-----BEGIN CERTIFICATE-----
         1696  +MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE
         1697  +CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
         1698  +Um9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oXDTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMC
         1699  +TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l
         1700  +ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ
         1701  +5291qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8SpuOUfiUtn
         1702  +vWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPUZ5uW6M7XxgpT0GtJlvOj
         1703  +CwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvEpMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiil
         1704  +e7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCR
         1705  +OME4HYYEhLoaJXhena/MUGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpI
         1706  +CT0ugpTNGmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy5V65
         1707  +48r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv6q012iDTiIJh8BIi
         1708  +trzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEKeN5KzlW/HdXZt1bv8Hb/C3m1r737
         1709  +qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMB
         1710  +AAGjgZcwgZQwDwYDVR0TAQH/BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcC
         1711  +ARYxaHR0cDovL3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV
         1712  +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqGSIb3DQEBCwUA
         1713  +A4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLySCZa59sCrI2AGeYwRTlHSeYAz
         1714  ++51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwj
         1715  +f/ST7ZwaUb7dRUG/kSS0H4zpX897IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaN
         1716  +kqbG9AclVMwWVxJKgnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfk
         1717  +CpYL+63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxLvJxxcypF
         1718  +URmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkmbEgeqmiSBeGCc1qb3Adb
         1719  +CG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvkN1trSt8sV4pAWja63XVECDdCcAz+3F4h
         1720  +oKOKwJCcaNpQ5kUQR3i2TtJlycM33+FCY7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoV
         1721  +IPVVYpbtbZNQvOSqeK3Zywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm
         1722  +66+KAQ==
         1723  +-----END CERTIFICATE-----
         1724  +
         1725  +Hongkong Post Root CA 1
         1726  +=======================
         1727  +-----BEGIN CERTIFICATE-----
         1728  +MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoT
         1729  +DUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUx
         1730  +NTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25n
         1731  +IFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEF
         1732  +AAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1
         1733  +ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqr
         1734  +auh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqh
         1735  +qZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMY
         1736  +V18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNV
         1737  +HRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7i
         1738  +h9legYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio
         1739  +l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5Lmei
         1740  +IAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZvRZ+K88ps
         1741  +T/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilT
         1742  +c4afU9hDDl3WY4JxHYB0yvbiAmvZWg==
         1743  +-----END CERTIFICATE-----
         1744  +
         1745  +SecureSign RootCA11
         1746  +===================
         1747  +-----BEGIN CERTIFICATE-----
         1748  +MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDErMCkGA1UEChMi
         1749  +SmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBS
         1750  +b290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSsw
         1751  +KQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1
         1752  +cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvL
         1753  +TJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGO
         1754  +wvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMq
         1755  +g6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rP
         1756  +O7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitA
         1757  +bpSACW22s293bzUIUPsCh8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZX
         1758  +t94wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKCh
         1759  +OBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbabfSVSSUOrTC4r
         1760  +bnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQX5Ucv+2rIrVls4W6ng+4reV6G4pQ
         1761  +Oh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01
         1762  +y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061
         1763  +lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I=
         1764  +-----END CERTIFICATE-----
         1765  +
         1766  +ACEDICOM Root
         1767  +=============
         1768  +-----BEGIN CERTIFICATE-----
         1769  +MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQGA1UEAwwNQUNFRElD
         1770  +T00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMB4XDTA4
         1771  +MDQxODE2MjQyMloXDTI4MDQxMzE2MjQyMlowRDEWMBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoG
         1772  +A1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0BAQEF
         1773  +AAOCAg8AMIICCgKCAgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7w2rbYgIB8hiGtXxaOLHk
         1774  +WLn709gtn70yN78sFW2+tfQh0hOR2QetAQXW8713zl9CgQr5auODAKgrLlUTY4HKRxx7XBZXehuD
         1775  +YAQ6PmXDzQHe3qTWDLqO3tkE7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5PGrjm6gSSrj0RuVFCPYew
         1776  +MYWveVqc/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAKt0SdE3QrwqXrIhWYENiLxQSfHY9g5QYb
         1777  +m8+5eaA9oiM/Qj9r+hwDezCNzmzAv+YbX79nuIQZ1RXve8uQNjFiybwCq0Zfm/4aaJQ0PZCOrfbk
         1778  +HQl/Sog4P75n/TSW9R28MHTLOO7VbKvU/PQAtwBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTT
         1779  +xKJxqvQUfecyuB+81fFOvW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI2Sf2
         1780  +3EgbsCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyHK9caUPgn6C9D4zq9
         1781  +2Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEaeZAwUswdbxcJzbPEHXEUkFDWug/Fq
         1782  +TYl6+rPYLWbwNof1K1MCAwEAAaOBqjCBpzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz
         1783  +4SsrSbbXc6GqlPUB53NlTKxQMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU
         1784  +9QHnc2VMrFAwRAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly9hY2VkaWNv
         1785  +bS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEBBQUAA4ICAQDOLAtSUWImfQwng4/F9tqg
         1786  +aHtPkl7qpHMyEVNEskTLnewPeUKzEKbHDZ3Ltvo/Onzqv4hTGzz3gvoFNTPhNahXwOf9jU8/kzJP
         1787  +eGYDdwdY6ZXIfj7QeQCM8htRM5u8lOk6e25SLTKeI6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH1Pwk
         1788  +zQSulgUV1qzOMPPKC8W64iLgpq0i5ALudBF/TP94HTXa5gI06xgSYXcGCRZj6hitoocf8seACQl1
         1789  +ThCojz2GuHURwCRiipZ7SkXp7FnFvmuD5uHorLUwHv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oI
         1790  +KiMnMCArz+2UW6yyetLHKKGKC5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZo5NjEFIq
         1791  +nxQWWOLcpfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6zqylfDJKZ0DcMDQj3dcE
         1792  +I2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacNGHk0vFQYXlPKNFHtRQrmjseCNj6nOGOp
         1793  +MCwXEGCSn1WHElkQwg9naRHMTh5+Spqtr0CodaxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3o
         1794  +tkYNbn5XOmeUwssfnHdKZ05phkOTOPu220+DkdRgfks+KzgHVZhepA==
         1795  +-----END CERTIFICATE-----
         1796  +
         1797  +Microsec e-Szigno Root CA 2009
         1798  +==============================
         1799  +-----BEGIN CERTIFICATE-----
         1800  +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER
         1801  +MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv
         1802  +c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o
         1803  +dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE
         1804  +BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt
         1805  +U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw
         1806  +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA
         1807  +fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG
         1808  +0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA
         1809  +pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm
         1810  +1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC
         1811  +AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf
         1812  +QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE
         1813  +FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o
         1814  +lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX
         1815  +I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775
         1816  +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02
         1817  +yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi
         1818  +LXpUq3DDfSJlgnCW
         1819  +-----END CERTIFICATE-----
         1820  +
         1821  +GlobalSign Root CA - R3
         1822  +=======================
         1823  +-----BEGIN CERTIFICATE-----
         1824  +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv
         1825  +YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh
         1826  +bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT
         1827  +aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln
         1828  +bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt
         1829  +iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ
         1830  +0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3
         1831  +rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl
         1832  +OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2
         1833  +xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
         1834  +FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7
         1835  +lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8
         1836  +EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E
         1837  +bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18
         1838  +YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r
         1839  +kpeDMdmztcpHWD9f
         1840  +-----END CERTIFICATE-----
         1841  +
         1842  +Autoridad de Certificacion Firmaprofesional CIF A62634068
         1843  +=========================================================
         1844  +-----BEGIN CERTIFICATE-----
         1845  +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UEBhMCRVMxQjBA
         1846  +BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
         1847  +MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIw
         1848  +QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB
         1849  +NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD
         1850  +Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P
         1851  +B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY
         1852  +7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH
         1853  +ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI
         1854  +plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX
         1855  +MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX
         1856  +LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK
         1857  +bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU
         1858  +vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1Ud
         1859  +EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH
         1860  +DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp
         1861  +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBvACAAZABlACAA
         1862  +bABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAx
         1863  +ADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx
         1864  +51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qk
         1865  +R71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaP
         1866  +T481PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4f
         1867  +Jl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzAKh3ntLFl
         1868  +osS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2gHN99ZwExEWN57kci57q13XR
         1869  +crHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoR
         1870  +saS8I8nkvof/uZS2+F0gStRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTD
         1871  +KCOM/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQBjLMi
         1872  +6Et8Vcad+qMUu2WFbm5PEn4KPJ2V
         1873  +-----END CERTIFICATE-----
         1874  +
         1875  +Izenpe.com
         1876  +==========
         1877  +-----BEGIN CERTIFICATE-----
         1878  +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG
         1879  +EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz
         1880  +MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu
         1881  +QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ
         1882  +03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK
         1883  +ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU
         1884  ++zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC
         1885  +PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT
         1886  +OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK
         1887  +F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK
         1888  +0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+
         1889  +0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB
         1890  +leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID
         1891  +AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+
         1892  +SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG
         1893  +NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx
         1894  +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
         1895  +BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l
         1896  +Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga
         1897  +kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q
         1898  +hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs
         1899  +g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5
         1900  +aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5
         1901  +nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC
         1902  +ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo
         1903  +Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z
         1904  +WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
         1905  +-----END CERTIFICATE-----
         1906  +
         1907  +Chambers of Commerce Root - 2008
         1908  +================================
         1909  +-----BEGIN CERTIFICATE-----
         1910  +MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJFVTFD
         1911  +MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv
         1912  +bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu
         1913  +QS4xKTAnBgNVBAMTIENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEy
         1914  +Mjk1MFoXDTM4MDczMTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNl
         1915  +ZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQF
         1916  +EwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJl
         1917  +cnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
         1918  +AQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW928sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKA
         1919  +XuFixrYp4YFs8r/lfTJqVKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorj
         1920  +h40G072QDuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR5gN/
         1921  +ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfLZEFHcpOrUMPrCXZk
         1922  +NNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05aSd+pZgvMPMZ4fKecHePOjlO+Bd5g
         1923  +D2vlGts/4+EhySnB8esHnFIbAURRPHsl18TlUlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331
         1924  +lubKgdaX8ZSD6e2wsWsSaR6s+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ
         1925  +0wlf2eOKNcx5Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj
         1926  +ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAxhduub+84Mxh2
         1927  +EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQU+SSsD7K1+HnA+mCI
         1928  +G8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJ
         1929  +BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNh
         1930  +bWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENh
         1931  +bWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDiC
         1932  +CQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUH
         1933  +AgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAJASryI1
         1934  +wqM58C7e6bXpeHxIvj99RZJe6dqxGfwWPJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH
         1935  +3qLPaYRgM+gQDROpI9CF5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbU
         1936  +RWpGqOt1glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaHFoI6
         1937  +M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2pSB7+R5KBWIBpih1
         1938  +YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MDxvbxrN8y8NmBGuScvfaAFPDRLLmF
         1939  +9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QGtjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcK
         1940  +zBIKinmwPQN/aUv0NCB9szTqjktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvG
         1941  +nrDQWzilm1DefhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg
         1942  +OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ
         1943  +-----END CERTIFICATE-----
         1944  +
         1945  +Global Chambersign Root - 2008
         1946  +==============================
         1947  +-----BEGIN CERTIFICATE-----
         1948  +MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYDVQQGEwJFVTFD
         1949  +MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv
         1950  +bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu
         1951  +QS4xJzAlBgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMx
         1952  +NDBaFw0zODA3MzExMjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUg
         1953  +Y3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ
         1954  +QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD
         1955  +aGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDf
         1956  +VtPkOpt2RbQT2//BthmLN0EYlVJH6xedKYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXf
         1957  +XjaOcNFccUMd2drvXNL7G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0
         1958  +ZJJ0YPP2zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4ddPB
         1959  +/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyGHoiMvvKRhI9lNNgA
         1960  +TH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2Id3UwD2ln58fQ1DJu7xsepeY7s2M
         1961  +H/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3VyJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfe
         1962  +Ox2YItaswTXbo6Al/3K1dh3ebeksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSF
         1963  +HTynyQbehP9r6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh
         1964  +wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsogzCtLkykPAgMB
         1965  +AAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBS5CcqcHtvTbDprru1U8VuT
         1966  +BjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDprru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UE
         1967  +BhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm
         1968  +aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm
         1969  +aXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiCCQDJzdPp
         1970  +1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0
         1971  +dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAICIf3DekijZBZRG
         1972  +/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZUohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6
         1973  +ReAJ3spED8IXDneRRXozX1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/s
         1974  +dZ7LoR/xfxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVza2Mg
         1975  +9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yydYhz2rXzdpjEetrHH
         1976  +foUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMdSqlapskD7+3056huirRXhOukP9Du
         1977  +qqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9OAP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETr
         1978  +P3iZ8ntxPjzxmKfFGBI/5rsoM0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVq
         1979  +c5iJWzouE4gev8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z
         1980  +09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B
         1981  +-----END CERTIFICATE-----
         1982  +
         1983  +Go Daddy Root Certificate Authority - G2
         1984  +========================================
         1985  +-----BEGIN CERTIFICATE-----
         1986  +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
         1987  +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu
         1988  +MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
         1989  +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
         1990  +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G
         1991  +A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
         1992  +hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq
         1993  +9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD
         1994  ++qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd
         1995  +fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl
         1996  +NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC
         1997  +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9
         1998  +BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac
         1999  +vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r
         2000  +5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV
         2001  +N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
         2002  +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1
         2003  +-----END CERTIFICATE-----
         2004  +
         2005  +Starfield Root Certificate Authority - G2
         2006  +=========================================
         2007  +-----BEGIN CERTIFICATE-----
         2008  +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
         2009  +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
         2010  +b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0
         2011  +eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw
         2012  +DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg
         2013  +VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB
         2014  +dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv
         2015  +W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs
         2016  +bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk
         2017  +N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf
         2018  +ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU
         2019  +JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
         2020  +AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol
         2021  +TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx
         2022  +4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw
         2023  +F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
         2024  +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ
         2025  +c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
         2026  +-----END CERTIFICATE-----
         2027  +
         2028  +Starfield Services Root Certificate Authority - G2
         2029  +==================================================
         2030  +-----BEGIN CERTIFICATE-----
         2031  +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
         2032  +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
         2033  +b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl
         2034  +IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV
         2035  +BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT
         2036  +dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg
         2037  +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
         2038  +AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2
         2039  +h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa
         2040  +hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP
         2041  +LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB
         2042  +rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
         2043  +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG
         2044  +SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP
         2045  +E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy
         2046  +xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
         2047  +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza
         2048  +YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6
         2049  +-----END CERTIFICATE-----
         2050  +
         2051  +AffirmTrust Commercial
         2052  +======================
         2053  +-----BEGIN CERTIFICATE-----
         2054  +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS
         2055  +BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw
         2056  +MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly
         2057  +bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF
         2058  +AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb
         2059  +DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV
         2060  +C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6
         2061  +BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww
         2062  +MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV
         2063  +HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
         2064  +AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG
         2065  +hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi
         2066  +qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv
         2067  +0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh
         2068  +sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=
         2069  +-----END CERTIFICATE-----
         2070  +
         2071  +AffirmTrust Networking
         2072  +======================
         2073  +-----BEGIN CERTIFICATE-----
         2074  +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS
         2075  +BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw
         2076  +MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly
         2077  +bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF
         2078  +AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE
         2079  +Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI
         2080  +dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24
         2081  +/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb
         2082  +h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV
         2083  +HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
         2084  +AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu
         2085  +UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6
         2086  +12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23
         2087  +WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9
         2088  +/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=
         2089  +-----END CERTIFICATE-----
         2090  +
         2091  +AffirmTrust Premium
         2092  +===================
         2093  +-----BEGIN CERTIFICATE-----
         2094  +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS
         2095  +BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy
         2096  +OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy
         2097  +dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
         2098  +MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn
         2099  +BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV
         2100  +5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs
         2101  ++7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd
         2102  +GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R
         2103  +p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI
         2104  +S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04
         2105  +6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5
         2106  +/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo
         2107  ++Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB
         2108  +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv
         2109  +MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg
         2110  +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC
         2111  +6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S
         2112  +L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK
         2113  ++4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV
         2114  +BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg
         2115  +IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60
         2116  +g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb
         2117  +zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw==
         2118  +-----END CERTIFICATE-----
         2119  +
         2120  +AffirmTrust Premium ECC
         2121  +=======================
         2122  +-----BEGIN CERTIFICATE-----
         2123  +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV
         2124  +BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx
         2125  +MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U
         2126  +cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA
         2127  +IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ
         2128  +N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW
         2129  +BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK
         2130  +BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X
         2131  +57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM
         2132  +eQ==
         2133  +-----END CERTIFICATE-----
         2134  +
         2135  +Certum Trusted Network CA
         2136  +=========================
         2137  +-----BEGIN CERTIFICATE-----
         2138  +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK
         2139  +ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv
         2140  +biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy
         2141  +MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU
         2142  +ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
         2143  +MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
         2144  +AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC
         2145  +l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J
         2146  +J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4
         2147  +fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0
         2148  +cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB
         2149  +Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw
         2150  +DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj
         2151  +jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1
         2152  +mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj
         2153  +Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
         2154  +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
         2155  +-----END CERTIFICATE-----
         2156  +
         2157  +Certinomis - Autorité Racine
         2158  +============================
         2159  +-----BEGIN CERTIFICATE-----
         2160  +MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjETMBEGA1UEChMK
         2161  +Q2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAkBgNVBAMMHUNlcnRpbm9taXMg
         2162  +LSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkG
         2163  +A1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYw
         2164  +JAYDVQQDDB1DZXJ0aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQAD
         2165  +ggIPADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jYF1AMnmHa
         2166  +wE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N8y4oH3DfVS9O7cdxbwly
         2167  +Lu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWerP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw
         2168  +2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92N
         2169  +jMD2AR5vpTESOH2VwnHu7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9q
         2170  +c1pkIuVC28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6lSTC
         2171  +lrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1Enn1So2+WLhl+HPNb
         2172  +xxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB0iSVL1N6aaLwD4ZFjliCK0wi1F6g
         2173  +530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql095gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna
         2174  +4NH4+ej9Uji29YnfAgMBAAGjWzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
         2175  +A1UdDgQWBBQNjLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ
         2176  +KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9sov3/4gbIOZ/x
         2177  +WqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZMOH8oMDX/nyNTt7buFHAAQCva
         2178  +R6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40
         2179  +nJ+U8/aGH88bc62UeYdocMMzpXDn2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1B
         2180  +CxMjidPJC+iKunqjo3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjv
         2181  +JL1vnxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG5ERQL1TE
         2182  +qkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWqpdEdnV1j6CTmNhTih60b
         2183  +WfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZbdsLLO7XSAPCjDuGtbkD326C00EauFddE
         2184  +wk01+dIL8hf2rGbVJLJP0RyZwG71fet0BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/
         2185  +vgt2Fl43N+bYdJeimUV5
         2186  +-----END CERTIFICATE-----
         2187  +
         2188  +TWCA Root Certification Authority
         2189  +=================================
         2190  +-----BEGIN CERTIFICATE-----
         2191  +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ
         2192  +VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh
         2193  +dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG
         2194  +EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB
         2195  +IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
         2196  +AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx
         2197  +QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC
         2198  +oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP
         2199  +4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r
         2200  +y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB
         2201  +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG
         2202  +9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC
         2203  +mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW
         2204  +QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY
         2205  +T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny
         2206  +Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw==
         2207  +-----END CERTIFICATE-----
         2208  +
         2209  +Security Communication RootCA2
         2210  +==============================
         2211  +-----BEGIN CERTIFICATE-----
         2212  +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc
         2213  +U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh
         2214  +dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC
         2215  +SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy
         2216  +aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
         2217  +ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++
         2218  ++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R
         2219  +3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV
         2220  +spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K
         2221  +EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8
         2222  +QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
         2223  +CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj
         2224  +u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk
         2225  +3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q
         2226  +tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29
         2227  +mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
         2228  +-----END CERTIFICATE-----
         2229  +
         2230  +EC-ACC
         2231  +======
         2232  +-----BEGIN CERTIFICATE-----
         2233  +MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB8zELMAkGA1UE
         2234  +BhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0w
         2235  +ODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYD
         2236  +VQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UE
         2237  +CxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMT
         2238  +BkVDLUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQGEwJFUzE7
         2239  +MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8gKE5JRiBRLTA4MDExNzYt
         2240  +SSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBDZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZl
         2241  +Z2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQubmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJh
         2242  +cnF1aWEgRW50aXRhdHMgZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUND
         2243  +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R85iK
         2244  +w5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm4CgPukLjbo73FCeT
         2245  +ae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaVHMf5NLWUhdWZXqBIoH7nF2W4onW4
         2246  +HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNdQlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0a
         2247  +E9jD2z3Il3rucO2n5nzbcc8tlGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw
         2248  +0JDnJwIDAQABo4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E
         2249  +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4opvpXY0wfwYD
         2250  +VR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBodHRwczovL3d3dy5jYXRjZXJ0
         2251  +Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5l
         2252  +dC92ZXJhcnJlbCAwDQYJKoZIhvcNAQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJ
         2253  +lF7W2u++AVtd0x7Y/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNa
         2254  +Al6kSBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhyRp/7SNVe
         2255  +l+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOSAgu+TGbrIP65y7WZf+a2
         2256  +E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xlnJ2lYJU6Un/10asIbvPuW/mIPX64b24D
         2257  +5EI=
         2258  +-----END CERTIFICATE-----
         2259  +
         2260  +Hellenic Academic and Research Institutions RootCA 2011
         2261  +=======================================================
         2262  +-----BEGIN CERTIFICATE-----
         2263  +MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1IxRDBCBgNVBAoT
         2264  +O0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9y
         2265  +aXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z
         2266  +IFJvb3RDQSAyMDExMB4XDTExMTIwNjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYT
         2267  +AkdSMUQwQgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z
         2268  +IENlcnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNo
         2269  +IEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
         2270  +AKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPzdYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI
         2271  +1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJfel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa
         2272  +71HFK9+WXesyHgLacEnsbgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u
         2273  +8yBRQlqD75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSPFEDH
         2274  +3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNVHRMBAf8EBTADAQH/
         2275  +MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp5dgTBCPuQSUwRwYDVR0eBEAwPqA8
         2276  +MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQub3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQu
         2277  +b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVt
         2278  +XdMiKahsog2p6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8
         2279  +TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7dIsXRSZMFpGD
         2280  +/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8AcysNnq/onN694/BtZqhFLKPM58N
         2281  +7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXIl7WdmplNsDz4SgCbZN2fOUvRJ9e4
         2282  +-----END CERTIFICATE-----
         2283  +
         2284  +Actalis Authentication Root CA
         2285  +==============================
         2286  +-----BEGIN CERTIFICATE-----
         2287  +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM
         2288  +BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE
         2289  +AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky
         2290  +MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz
         2291  +IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290
         2292  +IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ
         2293  +wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa
         2294  +by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6
         2295  +zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f
         2296  +YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2
         2297  +oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l
         2298  +EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7
         2299  +hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8
         2300  +EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5
         2301  +jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY
         2302  +iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt
         2303  +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI
         2304  +WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0
         2305  +JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx
         2306  +K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+
         2307  +Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC
         2308  +4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo
         2309  +2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz
         2310  +lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem
         2311  +OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9
         2312  +vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg==
         2313  +-----END CERTIFICATE-----
         2314  +
         2315  +Trustis FPS Root CA
         2316  +===================
         2317  +-----BEGIN CERTIFICATE-----
         2318  +MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQG
         2319  +EwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQLExNUcnVzdGlzIEZQUyBSb290
         2320  +IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTExMzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNV
         2321  +BAoTD1RydXN0aXMgTGltaXRlZDEcMBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJ
         2322  +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQ
         2323  +RUN+AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihHiTHcDnlk
         2324  +H5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjjvSkCqPoc4Vu5g6hBSLwa
         2325  +cY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zt
         2326  +o3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlBOrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEA
         2327  +AaNTMFEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAd
         2328  +BgNVHQ4EFgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01GX2c
         2329  +GE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmWzaD+vkAMXBJV+JOC
         2330  +yinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP41BIy+Q7DsdwyhEQsb8tGD+pmQQ9P
         2331  +8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZEf1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHV
         2332  +l/9D7S3B2l0pKoU/rGXuhg8FjZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYl
         2333  +iB6XzCGcKQENZetX2fNXlrtIzYE=
         2334  +-----END CERTIFICATE-----
         2335  +
         2336  +StartCom Certification Authority
         2337  +================================
         2338  +-----BEGIN CERTIFICATE-----
         2339  +MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN
         2340  +U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu
         2341  +ZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0
         2342  +NjM3WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
         2343  +LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMg
         2344  +U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
         2345  +ggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1y
         2346  +o4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/
         2347  +Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/d
         2348  +eMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt
         2349  +2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z
         2350  +6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJ
         2351  +osmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/
         2352  +untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVc
         2353  +UjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT
         2354  +37uMdBNSSwIDAQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
         2355  +VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQ
         2356  +Qa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCCATgwLgYIKwYBBQUHAgEWImh0
         2357  +dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu
         2358  +c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENv
         2359  +bW1lcmNpYWwgKFN0YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0
         2360  +aGUgc2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0
         2361  +aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t
         2362  +L3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBG
         2363  +cmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5
         2364  +fPGFf59Jb2vKXfuM/gTFwWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWm
         2365  +N3PH/UvSTa0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst0OcN
         2366  +Org+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNcpRJvkrKTlMeIFw6T
         2367  +tn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKlCcWw0bdT82AUuoVpaiF8H3VhFyAX
         2368  +e2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVFP0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA
         2369  +2MFrLH9ZXF2RsXAiV+uKa0hK1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBs
         2370  +HvUwyKMQ5bLmKhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE
         2371  +JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ8dCAWZvLMdib
         2372  +D4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnmfyWl8kgAwKQB2j8=
         2373  +-----END CERTIFICATE-----
         2374  +
         2375  +StartCom Certification Authority G2
         2376  +===================================
         2377  +-----BEGIN CERTIFICATE-----
         2378  +MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMN
         2379  +U3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
         2380  +RzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UE
         2381  +ChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3Jp
         2382  +dHkgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8O
         2383  +o1XJJZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsDvfOpL9HG
         2384  +4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnooD/Uefyf3lLE3PbfHkffi
         2385  +Aez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/Q0kGi4xDuFby2X8hQxfqp0iVAXV16iul
         2386  +Q5XqFYSdCI0mblWbq9zSOdIxHWDirMxWRST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbs
         2387  +O+wmETRIjfaAKxojAuuKHDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8H
         2388  +vKTlXcxNnw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM0D4L
         2389  +nMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/iUUjXuG+v+E5+M5iS
         2390  +FGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9Ha90OrInwMEePnWjFqmveiJdnxMa
         2391  +z6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHgTuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8E
         2392  +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJ
         2393  +KoZIhvcNAQELBQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K
         2394  +2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfXUfEpY9Z1zRbk
         2395  +J4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl6/2o1PXWT6RbdejF0mCy2wl+
         2396  +JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG
         2397  +/+gyRr61M3Z3qAFdlsHB1b6uJcDJHgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTc
         2398  +nIhT76IxW1hPkWLIwpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/Xld
         2399  +blhYXzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5lIxKVCCIc
         2400  +l85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoohdVddLHRDiBYmxOlsGOm
         2401  +7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulrso8uBtjRkcfGEvRM/TAXw8HaOFvjqerm
         2402  +obp573PYtlNXLfbQ4ddI
         2403  +-----END CERTIFICATE-----
         2404  +
         2405  +Buypass Class 2 Root CA
         2406  +=======================
         2407  +-----BEGIN CERTIFICATE-----
         2408  +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU
         2409  +QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X
         2410  +DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1
         2411  +eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw
         2412  +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1
         2413  +g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn
         2414  +9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b
         2415  +/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU
         2416  +CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff
         2417  +awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI
         2418  +zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn
         2419  +Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX
         2420  +Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs
         2421  +M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
         2422  +VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF
         2423  +AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s
         2424  +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI
         2425  +osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S
         2426  +aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd
         2427  +DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD
         2428  +LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0
         2429  +oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC
         2430  +wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS
         2431  +CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN
         2432  +rJgWVqA=
         2433  +-----END CERTIFICATE-----
         2434  +
         2435  +Buypass Class 3 Root CA
         2436  +=======================
         2437  +-----BEGIN CERTIFICATE-----
         2438  +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU
         2439  +QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X
         2440  +DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1
         2441  +eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw
         2442  +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH
         2443  +sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR
         2444  +5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh
         2445  +7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ
         2446  +ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH
         2447  +2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV
         2448  +/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ
         2449  +RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA
         2450  +Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq
         2451  +j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
         2452  +VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF
         2453  +AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV
         2454  +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G
         2455  +uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG
         2456  +Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8
         2457  +ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2
         2458  +KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz
         2459  +6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug
         2460  +UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe
         2461  +eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi
         2462  +Cp/HuZc=
         2463  +-----END CERTIFICATE-----
         2464  +
         2465  +T-TeleSec GlobalRoot Class 3
         2466  +============================
         2467  +-----BEGIN CERTIFICATE-----
         2468  +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
         2469  +IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU
         2470  +cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx
         2471  +MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
         2472  +dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
         2473  +ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3
         2474  +DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK
         2475  +9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU
         2476  +NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF
         2477  +iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W
         2478  +0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA
         2479  +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr
         2480  +AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb
         2481  +fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT
         2482  +ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h
         2483  +P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml
         2484  +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw==
         2485  +-----END CERTIFICATE-----
         2486  +
         2487  +EE Certification Centre Root CA
         2488  +===============================
         2489  +-----BEGIN CERTIFICATE-----
         2490  +MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQG
         2491  +EwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2Vy
         2492  +dGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIw
         2493  +MTAxMDMwMTAxMDMwWhgPMjAzMDEyMTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlB
         2494  +UyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRy
         2495  +ZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
         2496  +DwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUyeuuOF0+W2Ap7kaJjbMeM
         2497  +TC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvObntl8jixwKIy72KyaOBhU8E2lf/slLo2
         2498  +rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIwWFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw
         2499  +93X2PaRka9ZP585ArQ/dMtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtN
         2500  +P2MbRMNE1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYDVR0T
         2501  +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/zQas8fElyalL1BSZ
         2502  +MEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEF
         2503  +BQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+Rj
         2504  +xY6hUFaTlrg4wCQiZrxTFGGVv9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqM
         2505  +lIpPnTX/dqQGE5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u
         2506  +uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIWiAYLtqZLICjU
         2507  +3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/vGVCJYMzpJJUPwssd8m92kMfM
         2508  +dcGWxZ0=
         2509  +-----END CERTIFICATE-----
         2510  +
         2511  +TURKTRUST Certificate Services Provider Root 2007
         2512  +=================================================
         2513  +-----BEGIN CERTIFICATE-----
         2514  +MIIEPTCCAyWgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvzE/MD0GA1UEAww2VMOcUktUUlVTVCBF
         2515  +bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEP
         2516  +MA0GA1UEBwwGQW5rYXJhMV4wXAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUg
         2517  +QmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgQXJhbMSxayAyMDA3MB4X
         2518  +DTA3MTIyNTE4MzcxOVoXDTE3MTIyMjE4MzcxOVowgb8xPzA9BgNVBAMMNlTDnFJLVFJVU1QgRWxl
         2519  +a3Ryb25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTELMAkGA1UEBhMCVFIxDzAN
         2520  +BgNVBAcMBkFua2FyYTFeMFwGA1UECgxVVMOcUktUUlVTVCBCaWxnaSDEsGxldGnFn2ltIHZlIEJp
         2521  +bGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkgQS7Fni4gKGMpIEFyYWzEsWsgMjAwNzCCASIw
         2522  +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKu3PgqMyKVYFeaK7yc9SrToJdPNM8Ig3BnuiD9N
         2523  +YvDdE3ePYakqtdTyuTFYKTsvP2qcb3N2Je40IIDu6rfwxArNK4aUyeNgsURSsloptJGXg9i3phQv
         2524  +KUmi8wUG+7RP2qFsmmaf8EMJyupyj+sA1zU511YXRxcw9L6/P8JorzZAwan0qafoEGsIiveGHtya
         2525  +KhUG9qPw9ODHFNRRf8+0222vR5YXm3dx2KdxnSQM9pQ/hTEST7ruToK4uT6PIzdezKKqdfcYbwnT
         2526  +rqdUKDT74eA7YH2gvnmJhsifLfkKS8RQouf9eRbHegsYz85M733WB2+Y8a+xwXrXgTW4qhe04MsC
         2527  +AwEAAaNCMEAwHQYDVR0OBBYEFCnFkKslrxHkYb+j/4hhkeYO/pyBMA4GA1UdDwEB/wQEAwIBBjAP
         2528  +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAQDdr4Ouwo0RSVgrESLFF6QSU2TJ/s
         2529  +Px+EnWVUXKgWAkD6bho3hO9ynYYKVZ1WKKxmLNA6VpM0ByWtCLCPyA8JWcqdmBzlVPi5RX9ql2+I
         2530  +aE1KBiY3iAIOtsbWcpnOa3faYjGkVh+uX4132l32iPwa2Z61gfAyuOOI0JzzaqC5mxRZNTZPz/OO
         2531  +Xl0XrRWV2N2y1RVuAE6zS89mlOTgzbUF2mNXi+WzqtvALhyQRNsaXRik7r4EW5nVcV9VZWRi1aKb
         2532  +BFmGyGJ353yCRWo9F7/snXUMrqNvWtMvmDb08PUZqxFdyKbjKlhqQgnDvZImZjINXQhVdP+MmNAK
         2533  +poRq0Tl9
         2534  +-----END CERTIFICATE-----
         2535  +
         2536  +D-TRUST Root Class 3 CA 2 2009
         2537  +==============================
         2538  +-----BEGIN CERTIFICATE-----
         2539  +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK
         2540  +DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe
         2541  +Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE
         2542  +LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw
         2543  +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD
         2544  +ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA
         2545  +BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv
         2546  +KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z
         2547  +p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC
         2548  +AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ
         2549  +4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y
         2550  +eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw
         2551  +MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G
         2552  +PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw
         2553  +OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm
         2554  +2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0
         2555  +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV
         2556  +dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph
         2557  +X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I=
         2558  +-----END CERTIFICATE-----
         2559  +
         2560  +D-TRUST Root Class 3 CA 2 EV 2009
         2561  +=================================
         2562  +-----BEGIN CERTIFICATE-----
         2563  +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK
         2564  +DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw
         2565  +OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK
         2566  +DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw
         2567  +OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS
         2568  +egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh
         2569  +zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T
         2570  +7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60
         2571  +sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35
         2572  +11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv
         2573  +cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v
         2574  +ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El
         2575  +MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp
         2576  +b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh
         2577  +c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+
         2578  +PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05
         2579  +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX
         2580  +ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA
         2581  +NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv
         2582  +w9y4AyHqnxbxLFS1
         2583  +-----END CERTIFICATE-----
         2584  +
         2585  +PSCProcert
         2586  +==========
         2587  +-----BEGIN CERTIFICATE-----
         2588  +MIIJhjCCB26gAwIBAgIBCzANBgkqhkiG9w0BAQsFADCCAR4xPjA8BgNVBAMTNUF1dG9yaWRhZCBk
         2589  +ZSBDZXJ0aWZpY2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9sYW5vMQswCQYDVQQGEwJWRTEQ
         2590  +MA4GA1UEBxMHQ2FyYWNhczEZMBcGA1UECBMQRGlzdHJpdG8gQ2FwaXRhbDE2MDQGA1UEChMtU2lz
         2591  +dGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMUMwQQYDVQQLEzpTdXBl
         2592  +cmludGVuZGVuY2lhIGRlIFNlcnZpY2lvcyBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMSUw
         2593  +IwYJKoZIhvcNAQkBFhZhY3JhaXpAc3VzY2VydGUuZ29iLnZlMB4XDTEwMTIyODE2NTEwMFoXDTIw
         2594  +MTIyNTIzNTk1OVowgdExJjAkBgkqhkiG9w0BCQEWF2NvbnRhY3RvQHByb2NlcnQubmV0LnZlMQ8w
         2595  +DQYDVQQHEwZDaGFjYW8xEDAOBgNVBAgTB01pcmFuZGExKjAoBgNVBAsTIVByb3ZlZWRvciBkZSBD
         2596  +ZXJ0aWZpY2Fkb3MgUFJPQ0VSVDE2MDQGA1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZp
         2597  +Y2FjaW9uIEVsZWN0cm9uaWNhMQswCQYDVQQGEwJWRTETMBEGA1UEAxMKUFNDUHJvY2VydDCCAiIw
         2598  +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANW39KOUM6FGqVVhSQ2oh3NekS1wwQYalNo97BVC
         2599  +wfWMrmoX8Yqt/ICV6oNEolt6Vc5Pp6XVurgfoCfAUFM+jbnADrgV3NZs+J74BCXfgI8Qhd19L3uA
         2600  +3VcAZCP4bsm+lU/hdezgfl6VzbHvvnpC2Mks0+saGiKLt38GieU89RLAu9MLmV+QfI4tL3czkkoh
         2601  +RqipCKzx9hEC2ZUWno0vluYC3XXCFCpa1sl9JcLB/KpnheLsvtF8PPqv1W7/U0HU9TI4seJfxPmO
         2602  +EO8GqQKJ/+MMbpfg353bIdD0PghpbNjU5Db4g7ayNo+c7zo3Fn2/omnXO1ty0K+qP1xmk6wKImG2
         2603  +0qCZyFSTXai20b1dCl53lKItwIKOvMoDKjSuc/HUtQy9vmebVOvh+qBa7Dh+PsHMosdEMXXqP+UH
         2604  +0quhJZb25uSgXTcYOWEAM11G1ADEtMo88aKjPvM6/2kwLkDd9p+cJsmWN63nOaK/6mnbVSKVUyqU
         2605  +td+tFjiBdWbjxywbk5yqjKPK2Ww8F22c3HxT4CAnQzb5EuE8XL1mv6JpIzi4mWCZDlZTOpx+FIyw
         2606  +Bm/xhnaQr/2v/pDGj59/i5IjnOcVdo/Vi5QTcmn7K2FjiO/mpF7moxdqWEfLcU8UC17IAggmosvp
         2607  +r2uKGcfLFFb14dq12fy/czja+eevbqQ34gcnAgMBAAGjggMXMIIDEzASBgNVHRMBAf8ECDAGAQH/
         2608  +AgEBMDcGA1UdEgQwMC6CD3N1c2NlcnRlLmdvYi52ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAz
         2609  +Ni0wMB0GA1UdDgQWBBRBDxk4qpl/Qguk1yeYVKIXTC1RVDCCAVAGA1UdIwSCAUcwggFDgBStuyId
         2610  +xuDSAaj9dlBSk+2YwU2u06GCASakggEiMIIBHjE+MDwGA1UEAxM1QXV0b3JpZGFkIGRlIENlcnRp
         2611  +ZmljYWNpb24gUmFpeiBkZWwgRXN0YWRvIFZlbmV6b2xhbm8xCzAJBgNVBAYTAlZFMRAwDgYDVQQH
         2612  +EwdDYXJhY2FzMRkwFwYDVQQIExBEaXN0cml0byBDYXBpdGFsMTYwNAYDVQQKEy1TaXN0ZW1hIE5h
         2613  +Y2lvbmFsIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExQzBBBgNVBAsTOlN1cGVyaW50ZW5k
         2614  +ZW5jaWEgZGUgU2VydmljaW9zIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExJTAjBgkqhkiG
         2615  +9w0BCQEWFmFjcmFpekBzdXNjZXJ0ZS5nb2IudmWCAQowDgYDVR0PAQH/BAQDAgEGME0GA1UdEQRG
         2616  +MESCDnByb2NlcnQubmV0LnZloBUGBWCGXgIBoAwMClBTQy0wMDAwMDKgGwYFYIZeAgKgEgwQUklG
         2617  +LUotMzE2MzUzNzMtNzB2BgNVHR8EbzBtMEagRKBChkBodHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52
         2618  +ZS9sY3IvQ0VSVElGSUNBRE8tUkFJWi1TSEEzODRDUkxERVIuY3JsMCOgIaAfhh1sZGFwOi8vYWNy
         2619  +YWl6LnN1c2NlcnRlLmdvYi52ZTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9v
         2620  +Y3NwLnN1c2NlcnRlLmdvYi52ZTBBBgNVHSAEOjA4MDYGBmCGXgMBAjAsMCoGCCsGAQUFBwIBFh5o
         2621  +dHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52ZS9kcGMwDQYJKoZIhvcNAQELBQADggIBACtZ6yKZu4Sq
         2622  +T96QxtGGcSOeSwORR3C7wJJg7ODU523G0+1ng3dS1fLld6c2suNUvtm7CpsR72H0xpkzmfWvADmN
         2623  +g7+mvTV+LFwxNG9s2/NkAZiqlCxB3RWGymspThbASfzXg0gTB1GEMVKIu4YXx2sviiCtxQuPcD4q
         2624  +uxtxj7mkoP3YldmvWb8lK5jpY5MvYB7Eqvh39YtsL+1+LrVPQA3uvFd359m21D+VJzog1eWuq2w1
         2625  +n8GhHVnchIHuTQfiSLaeS5UtQbHh6N5+LwUeaO6/u5BlOsju6rEYNxxik6SgMexxbJHmpHmJWhSn
         2626  +FFAFTKQAVzAswbVhltw+HoSvOULP5dAssSS830DD7X9jSr3hTxJkhpXzsOfIt+FTvZLm8wyWuevo
         2627  +5pLtp4EJFAv8lXrPj9Y0TzYS3F7RNHXGRoAvlQSMx4bEqCaJqD8Zm4G7UaRKhqsLEQ+xrmNTbSjq
         2628  +3TNWOByyrYDT13K9mmyZY+gAu0F2BbdbmRiKw7gSXFbPVgx96OLP7bx0R/vu0xdOIk9W/1DzLuY5
         2629  +poLWccret9W6aAjtmcz9opLLabid+Qqkpj5PkygqYWwHJgD/ll9ohri4zspV4KuxPX+Y1zMOWj3Y
         2630  +eMLEYC/HYvBhkdI4sPaeVdtAgAUSM84dkpvRabP/v/GSCmE1P93+hvS84Bpxs2Km
         2631  +-----END CERTIFICATE-----
         2632  +
         2633  +China Internet Network Information Center EV Certificates Root
         2634  +==============================================================
         2635  +-----BEGIN CERTIFICATE-----
         2636  +MIID9zCCAt+gAwIBAgIESJ8AATANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCQ04xMjAwBgNV
         2637  +BAoMKUNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyMUcwRQYDVQQDDD5D
         2638  +aGluYSBJbnRlcm5ldCBOZXR3b3JrIEluZm9ybWF0aW9uIENlbnRlciBFViBDZXJ0aWZpY2F0ZXMg
         2639  +Um9vdDAeFw0xMDA4MzEwNzExMjVaFw0zMDA4MzEwNzExMjVaMIGKMQswCQYDVQQGEwJDTjEyMDAG
         2640  +A1UECgwpQ2hpbmEgSW50ZXJuZXQgTmV0d29yayBJbmZvcm1hdGlvbiBDZW50ZXIxRzBFBgNVBAMM
         2641  +PkNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyIEVWIENlcnRpZmljYXRl
         2642  +cyBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm35z7r07eKpkQ0H1UN+U8i6y
         2643  +jUqORlTSIRLIOTJCBumD1Z9S7eVnAztUwYyZmczpwA//DdmEEbK40ctb3B75aDFk4Zv6dOtouSCV
         2644  +98YPjUesWgbdYavi7NifFy2cyjw1l1VxzUOFsUcW9SxTgHbP0wBkvUCZ3czY28Sf1hNfQYOL+Q2H
         2645  +klY0bBoQCxfVWhyXWIQ8hBouXJE0bhlffxdpxWXvayHG1VA6v2G5BY3vbzQ6sm8UY78WO5upKv23
         2646  +KzhmBsUs4qpnHkWnjQRmQvaPK++IIGmPMowUc9orhpFjIpryp9vOiYurXccUwVswah+xt54ugQEC
         2647  +7c+WXmPbqOY4twIDAQABo2MwYTAfBgNVHSMEGDAWgBR8cks5x8DbYqVPm6oYNJKiyoOCWTAPBgNV
         2648  +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUfHJLOcfA22KlT5uqGDSSosqD
         2649  +glkwDQYJKoZIhvcNAQEFBQADggEBACrDx0M3j92tpLIM7twUbY8opJhJywyA6vPtI2Z1fcXTIWd5